blob: bd25d9e4eadc7aa94b9f506b7d2a637c23cd7b05 (plain)

ofs	hex dump	ascii
0000	de 12 04 95 00 00 00 00 41 11 00 00 1c 00 00 00 24 8a 00 00 09 17 00 00 2c 14 01 00 00 00 00 00	........A.......$.......,.......
0020	50 70 01 00 43 00 00 00 51 70 01 00 52 00 00 00 95 70 01 00 42 00 00 00 e8 70 01 00 3b 00 00 00	Pp..C...Qp..R....p..B....p..;...
0040	2b 71 01 00 42 00 00 00 67 71 01 00 3a 00 00 00 aa 71 01 00 24 00 00 00 e5 71 01 00 1a 00 00 00	+q..B...gq..:....q..$....q......
0060	0a 72 01 00 6f 00 00 00 25 72 01 00 5d 01 00 00 95 72 01 00 48 00 00 00 f3 73 01 00 46 00 00 00	.r..o...%r..]....r..H....s..F...
0080	3c 74 01 00 31 00 00 00 83 74 01 00 31 00 00 00 b5 74 01 00 3e 00 00 00 e7 74 01 00 23 00 00 00	<t..1....t..1....t..>....t..#...
00a0	26 75 01 00 18 00 00 00 4a 75 01 00 23 00 00 00 63 75 01 00 20 00 00 00 87 75 01 00 21 00 00 00	&u......Ju..#...cu.......u..!...
00c0	a8 75 01 00 21 00 00 00 ca 75 01 00 3f 00 00 00 ec 75 01 00 15 00 00 00 2c 76 01 00 2d 00 00 00	.u..!....u..?....u......,v..-...
00e0	42 76 01 00 27 00 00 00 70 76 01 00 1d 00 00 00 98 76 01 00 1c 00 00 00 b6 76 01 00 0c 00 00 00	Bv..'...pv.......v.......v......
0100	d3 76 01 00 21 00 00 00 e0 76 01 00 3e 00 00 00 02 77 01 00 0c 00 00 00 41 77 01 00 12 00 00 00	.v..!....v..>....w......Aw......
0120	4e 77 01 00 11 00 00 00 61 77 01 00 12 00 00 00 73 77 01 00 8b 00 00 00 86 77 01 00 8c 00 00 00	Nw......aw......sw.......w......
0140	12 78 01 00 30 01 00 00 9f 78 01 00 d5 00 00 00 d0 79 01 00 94 00 00 00 a6 7a 01 00 2c 01 00 00	.x..0....x.......y.......z..,...
0160	3b 7b 01 00 f6 01 00 00 68 7c 01 00 67 00 00 00 5f 7e 01 00 12 00 00 00 c7 7e 01 00 18 00 00 00	;{......h|..g..._~.......~......
0180	da 7e 01 00 18 00 00 00 f3 7e 01 00 1b 00 00 00 0c 7f 01 00 1a 00 00 00 28 7f 01 00 15 00 00 00	.~.......~..............(.......
01a0	43 7f 01 00 0d 00 00 00 59 7f 01 00 14 00 00 00 67 7f 01 00 0a 00 00 00 7c 7f 01 00 0b 00 00 00	C.......Y.......g.......|.......
01c0	87 7f 01 00 0a 00 00 00 93 7f 01 00 0b 00 00 00 9e 7f 01 00 0a 00 00 00 aa 7f 01 00 0a 00 00 00	................................
01e0	b5 7f 01 00 4d 00 00 00 c0 7f 01 00 7e 03 00 00 0e 80 01 00 10 00 00 00 8d 83 01 00 10 00 00 00	....M.......~...................
0200	9e 83 01 00 10 00 00 00 af 83 01 00 16 00 00 00 c0 83 01 00 0b 00 00 00 d7 83 01 00 2e 00 00 00	................................
0220	e3 83 01 00 2d 00 00 00 12 84 01 00 37 00 00 00 40 84 01 00 33 00 00 00 78 84 01 00 29 00 00 00	....-.......7...@...3...x...)...
0240	ac 84 01 00 3b 00 00 00 d6 84 01 00 1e 00 00 00 12 85 01 00 3b 00 00 00 31 85 01 00 2e 00 00 00	....;...............;...1.......
0260	6d 85 01 00 4e 00 00 00 9c 85 01 00 11 00 00 00 eb 85 01 00 06 00 00 00 fd 85 01 00 11 00 00 00	m...N...........................
0280	04 86 01 00 06 00 00 00 16 86 01 00 2d 00 00 00 1d 86 01 00 25 00 00 00 4b 86 01 00 0c 00 00 00	............-.......%...K.......
02a0	71 86 01 00 0c 00 00 00 7e 86 01 00 0c 00 00 00 8b 86 01 00 13 00 00 00 98 86 01 00 30 00 00 00	q.......~...................0...
02c0	ac 86 01 00 31 00 00 00 dd 86 01 00 07 00 00 00 0f 87 01 00 07 00 00 00 17 87 01 00 0d 00 00 00	....1...........................
02e0	1f 87 01 00 14 00 00 00 2d 87 01 00 1d 00 00 00 42 87 01 00 19 00 00 00 60 87 01 00 0a 00 00 00	........-.......B.......`.......
0300	7a 87 01 00 24 00 00 00 85 87 01 00 27 00 00 00 aa 87 01 00 0b 00 00 00 d2 87 01 00 10 00 00 00	z...$.......'...................
0320	de 87 01 00 10 00 00 00 ef 87 01 00 70 00 00 00 00 88 01 00 57 00 00 00 71 88 01 00 37 00 00 00	............p.......W...q...7...
0340	c9 88 01 00 5a 00 00 00 01 89 01 00 a3 00 00 00 5c 89 01 00 74 00 00 00 00 8a 01 00 35 01 00 00	....Z...........\...t.......5...
0360	75 8a 01 00 16 01 00 00 ab 8b 01 00 7e 00 00 00 c2 8c 01 00 2f 02 00 00 41 8d 01 00 6f 00 00 00	u...........~......./...A...o...
0380	71 8f 01 00 39 01 00 00 e1 8f 01 00 dd 00 00 00 1b 91 01 00 14 00 00 00 f9 91 01 00 90 00 00 00	q...9...........................
03a0	0e 92 01 00 52 00 00 00 9f 92 01 00 58 00 00 00 f2 92 01 00 58 00 00 00 4b 93 01 00 e4 00 00 00	....R.......X.......X...K.......
03c0	a4 93 01 00 68 00 00 00 89 94 01 00 5d 00 00 00 f2 94 01 00 6c 00 00 00 50 95 01 00 5a 00 00 00	....h.......].......l...P...Z...
03e0	bd 95 01 00 a4 00 00 00 18 96 01 00 6d 00 00 00 bd 96 01 00 c7 00 00 00 2b 97 01 00 f1 00 00 00	............m...........+.......
0400	f3 97 01 00 08 00 00 00 e5 98 01 00 35 00 00 00 ee 98 01 00 32 00 00 00 24 99 01 00 4c 00 00 00	............5.......2...$...L...
0420	57 99 01 00 30 00 00 00 a4 99 01 00 38 00 00 00 d5 99 01 00 36 00 00 00 0e 9a 01 00 19 00 00 00	W...0.......8.......6...........
0440	45 9a 01 00 3a 00 00 00 5f 9a 01 00 7b 01 00 00 9a 9a 01 00 36 00 00 00 16 9c 01 00 47 00 00 00	E...:..._...{.......6.......G...
0460	4d 9c 01 00 55 00 00 00 95 9c 01 00 35 00 00 00 eb 9c 01 00 29 00 00 00 21 9d 01 00 af 00 00 00	M...U.......5.......)...!.......
0480	4b 9d 01 00 6c 00 00 00 fb 9d 01 00 a7 00 00 00 68 9e 01 00 3a 00 00 00 10 9f 01 00 5a 01 00 00	K...l...........h...:.......Z...
04a0	4b 9f 01 00 9f 01 00 00 a6 a0 01 00 b5 00 00 00 46 a2 01 00 51 00 00 00 fc a2 01 00 1a 00 00 00	K...............F...Q...........
04c0	4e a3 01 00 80 00 00 00 69 a3 01 00 40 00 00 00 ea a3 01 00 09 00 00 00 2b a4 01 00 3c 00 00 00	N.......i...@...........+...<...
04e0	35 a4 01 00 b1 00 00 00 72 a4 01 00 54 00 00 00 24 a5 01 00 2c 00 00 00 79 a5 01 00 47 00 00 00	5.......r...T...$...,...y...G...
0500	a6 a5 01 00 bc 00 00 00 ee a5 01 00 bf 00 00 00 ab a6 01 00 37 00 00 00 6b a7 01 00 9a 00 00 00	....................7...k.......
0520	a3 a7 01 00 01 00 00 00 3e a8 01 00 2c 00 00 00 40 a8 01 00 11 00 00 00 6d a8 01 00 06 00 00 00	........>...,...@.......m.......
0540	7f a8 01 00 06 00 00 00 86 a8 01 00 06 00 00 00 8d a8 01 00 06 00 00 00 94 a8 01 00 06 00 00 00	................................
0560	9b a8 01 00 06 00 00 00 a2 a8 01 00 06 00 00 00 a9 a8 01 00 06 00 00 00 b0 a8 01 00 06 00 00 00	................................
0580	b7 a8 01 00 06 00 00 00 be a8 01 00 0e 00 00 00 c5 a8 01 00 01 00 00 00 d4 a8 01 00 11 00 00 00	................................
05a0	d6 a8 01 00 0a 00 00 00 e8 a8 01 00 1a 00 00 00 f3 a8 01 00 02 00 00 00 0e a9 01 00 0e 00 00 00	................................
05c0	11 a9 01 00 2d 00 00 00 20 a9 01 00 10 00 00 00 4e a9 01 00 0f 00 00 00 5f a9 01 00 11 00 00 00	....-...........N......._.......
05e0	6f a9 01 00 13 00 00 00 81 a9 01 00 06 00 00 00 95 a9 01 00 06 00 00 00 9c a9 01 00 06 00 00 00	o...............................
0600	a3 a9 01 00 06 00 00 00 aa a9 01 00 02 00 00 00 b1 a9 01 00 03 00 00 00 b4 a9 01 00 02 00 00 00	................................
0620	b8 a9 01 00 08 00 00 00 bb a9 01 00 02 00 00 00 c4 a9 01 00 02 00 00 00 c7 a9 01 00 02 00 00 00	................................
0640	ca a9 01 00 02 00 00 00 cd a9 01 00 02 00 00 00 d0 a9 01 00 32 00 00 00 d3 a9 01 00 02 00 00 00	....................2...........
0660	06 aa 01 00 02 00 00 00 09 aa 01 00 35 00 00 00 0c aa 01 00 17 00 00 00 42 aa 01 00 01 00 00 00	............5...........B.......
0680	5a aa 01 00 1a 00 00 00 5c aa 01 00 02 00 00 00 77 aa 01 00 02 00 00 00 7a aa 01 00 02 00 00 00	Z.......\.......w.......z.......
06a0	7d aa 01 00 02 00 00 00 80 aa 01 00 11 00 00 00 83 aa 01 00 11 00 00 00 95 aa 01 00 03 00 00 00	}...............................
06c0	a7 aa 01 00 02 00 00 00 ab aa 01 00 02 00 00 00 ae aa 01 00 63 00 00 00 b1 aa 01 00 0f 00 00 00	....................c...........
06e0	15 ab 01 00 01 00 00 00 25 ab 01 00 20 00 00 00 27 ab 01 00 02 00 00 00 48 ab 01 00 02 00 00 00	........%.......'.......H.......
0700	4b ab 01 00 02 00 00 00 4e ab 01 00 02 00 00 00 51 ab 01 00 01 00 00 00 54 ab 01 00 1a 00 00 00	K.......N.......Q.......T.......
0720	56 ab 01 00 e6 00 00 00 71 ab 01 00 11 00 00 00 58 ac 01 00 02 00 00 00 6a ac 01 00 02 00 00 00	V.......q.......X.......j.......
0740	6d ac 01 00 02 00 00 00 70 ac 01 00 01 00 00 00 73 ac 01 00 11 00 00 00 75 ac 01 00 0f 00 00 00	m.......p.......s.......u.......
0760	87 ac 01 00 11 00 00 00 97 ac 01 00 02 00 00 00 a9 ac 01 00 01 00 00 00 ac ac 01 00 02 00 00 00	................................
0780	ae ac 01 00 3b 00 00 00 b1 ac 01 00 02 00 00 00 ed ac 01 00 02 00 00 00 f0 ac 01 00 0a 00 00 00	....;...........................
07a0	f3 ac 01 00 6b 02 00 00 fe ac 01 00 01 00 00 00 6a af 01 00 02 00 00 00 6c af 01 00 01 00 00 00	....k...........j.......l.......
07c0	6f af 01 00 6c 00 00 00 71 af 01 00 01 00 00 00 de af 01 00 76 00 00 00 e0 af 01 00 61 01 00 00	o...l...q...........v.......a...
07e0	57 b0 01 00 8b 00 00 00 b9 b1 01 00 10 01 00 00 45 b2 01 00 36 00 00 00 56 b3 01 00 22 01 00 00	W...............E...6...V..."...
0800	8d b3 01 00 26 02 00 00 b0 b4 01 00 ec 00 00 00 d7 b6 01 00 8b 00 00 00 c4 b7 01 00 8c 01 00 00	....&...........................
0820	50 b8 01 00 bd 00 00 00 dd b9 01 00 08 02 00 00 9b ba 01 00 53 01 00 00 a4 bc 01 00 dc 00 00 00	P...................S...........
0840	f8 bd 01 00 4f 00 00 00 d5 be 01 00 aa 03 00 00 25 bf 01 00 8b 01 00 00 d0 c2 01 00 80 01 00 00	....O...........%...............
0860	5c c4 01 00 b5 01 00 00 dd c5 01 00 61 00 00 00 93 c7 01 00 8f 05 00 00 f5 c7 01 00 32 02 00 00	\...........a...............2...
0880	85 cd 01 00 0b 01 00 00 b8 cf 01 00 7e 00 00 00 c4 d0 01 00 37 00 00 00 43 d1 01 00 8f 01 00 00	............~.......7...C.......
08a0	7b d1 01 00 01 01 00 00 0b d3 01 00 da 01 00 00 0d d4 01 00 8e 02 00 00 e8 d5 01 00 a6 00 00 00	{...............................
08c0	77 d8 01 00 e3 01 00 00 1e d9 01 00 af 01 00 00 02 db 01 00 f6 01 00 00 b2 dc 01 00 17 02 00 00	w...............................
08e0	a9 de 01 00 d9 01 00 00 c1 e0 01 00 57 01 00 00 9b e2 01 00 82 00 00 00 f3 e3 01 00 fb 00 00 00	............W...................
0900	76 e4 01 00 b4 01 00 00 72 e5 01 00 d6 01 00 00 27 e7 01 00 59 01 00 00 fe e8 01 00 50 01 00 00	v.......r.......'...Y.......P...
0920	58 ea 01 00 be 01 00 00 a9 eb 01 00 68 01 00 00 68 ed 01 00 04 02 00 00 d1 ee 01 00 84 00 00 00	X...........h...h...............
0940	d6 f0 01 00 f9 00 00 00 5b f1 01 00 a4 00 00 00 55 f2 01 00 43 00 00 00 fa f2 01 00 5c 00 00 00	........[.......U...C.......\...
0960	3e f3 01 00 52 00 00 00 9b f3 01 00 46 00 00 00 ee f3 01 00 50 00 00 00 35 f4 01 00 48 00 00 00	>...R.......F.......P...5...H...
0980	86 f4 01 00 4c 00 00 00 cf f4 01 00 47 00 00 00 1c f5 01 00 48 00 00 00 64 f5 01 00 41 00 00 00	....L.......G.......H...d...A...
09a0	ad f5 01 00 44 00 00 00 ef f5 01 00 19 00 00 00 34 f6 01 00 29 00 00 00 4e f6 01 00 12 00 00 00	....D...........4...)...N.......
09c0	78 f6 01 00 3d 00 00 00 8b f6 01 00 13 00 00 00 c9 f6 01 00 3f 00 00 00 dd f6 01 00 13 00 00 00	x...=...............?...........
09e0	1d f7 01 00 3f 00 00 00 31 f7 01 00 15 00 00 00 71 f7 01 00 43 00 00 00 87 f7 01 00 15 00 00 00	....?...1.......q...C...........
0a00	cb f7 01 00 43 00 00 00 e1 f7 01 00 31 01 00 00 25 f8 01 00 11 00 00 00 57 f9 01 00 80 01 00 00	....C.......1...%.......W.......
0a20	69 f9 01 00 41 01 00 00 ea fa 01 00 19 00 00 00 2c fc 01 00 37 00 00 00 46 fc 01 00 2a 00 00 00	i...A...........,...7...F...*...
0a40	7e fc 01 00 39 00 00 00 a9 fc 01 00 29 00 00 00 e3 fc 01 00 07 00 00 00 0d fd 01 00 4d 00 00 00	~...9.......)...............M...
0a60	15 fd 01 00 b6 00 00 00 63 fd 01 00 40 00 00 00 1a fe 01 00 2f 00 00 00 5b fe 01 00 32 00 00 00	........c...@......./...[...2...
0a80	8b fe 01 00 35 00 00 00 be fe 01 00 1d 00 00 00 f4 fe 01 00 27 00 00 00 12 ff 01 00 1f 00 00 00	....5...............'...........
0aa0	3a ff 01 00 36 00 00 00 5a ff 01 00 39 00 00 00 91 ff 01 00 18 01 00 00 cb ff 01 00 1e 00 00 00	:...6...Z...9...................
0ac0	e4 00 02 00 5c 00 00 00 03 01 02 00 37 01 00 00 60 01 02 00 cb 01 00 00 98 02 02 00 59 01 00 00	....\.......7...`...........Y...
0ae0	64 04 02 00 3a 01 00 00 be 05 02 00 2d 00 00 00 f9 06 02 00 3a 00 00 00 27 07 02 00 6d 00 00 00	d...:.......-.......:...'...m...
0b00	62 07 02 00 77 00 00 00 d0 07 02 00 8b 00 00 00 48 08 02 00 cc 01 00 00 d4 08 02 00 ba 00 00 00	b...w...........H...............
0b20	a1 0a 02 00 16 00 00 00 5c 0b 02 00 28 00 00 00 73 0b 02 00 77 01 00 00 9c 0b 02 00 51 00 00 00	........\...(...s...w.......Q...
0b40	14 0d 02 00 26 00 00 00 66 0d 02 00 85 00 00 00 8d 0d 02 00 8b 00 00 00 13 0e 02 00 cf 00 00 00	....&...f.......................
0b60	9f 0e 02 00 34 01 00 00 6f 0f 02 00 2f 00 00 00 a4 10 02 00 72 00 00 00 d4 10 02 00 65 00 00 00	....4...o.../.......r.......e...
0b80	47 11 02 00 31 00 00 00 ad 11 02 00 01 01 00 00 df 11 02 00 33 00 00 00 e1 12 02 00 3c 00 00 00	G...1...............3.......<...
0ba0	15 13 02 00 93 01 00 00 52 13 02 00 e4 01 00 00 e6 14 02 00 63 00 00 00 cb 16 02 00 d4 00 00 00	........R...........c...........
0bc0	2f 17 02 00 ed 00 00 00 04 18 02 00 78 00 00 00 f2 18 02 00 90 00 00 00 6b 19 02 00 a2 00 00 00	/...........x...........k.......
0be0	fc 19 02 00 88 00 00 00 9f 1a 02 00 4e 00 00 00 28 1b 02 00 58 00 00 00 77 1b 02 00 08 01 00 00	............N...(...X...w.......
0c00	d0 1b 02 00 65 00 00 00 d9 1c 02 00 7e 00 00 00 3f 1d 02 00 48 01 00 00 be 1d 02 00 35 01 00 00	....e.......~...?...H.......5...
0c20	07 1f 02 00 90 00 00 00 3d 20 02 00 a3 00 00 00 ce 20 02 00 02 01 00 00 72 21 02 00 3f 00 00 00	........=...............r!..?...
0c40	75 22 02 00 24 00 00 00 b5 22 02 00 22 01 00 00 da 22 02 00 1c 00 00 00 fd 23 02 00 2c 00 00 00	u"..$....".."....".......#..,...
0c60	1a 24 02 00 43 00 00 00 47 24 02 00 b1 01 00 00 8b 24 02 00 4f 00 00 00 3d 26 02 00 37 00 00 00	.$..C...G$.......$..O...=&..7...
0c80	8d 26 02 00 26 00 00 00 c5 26 02 00 0a 02 00 00 ec 26 02 00 62 00 00 00 f7 28 02 00 41 00 00 00	.&..&....&.......&..b....(..A...
0ca0	5a 29 02 00 3d 00 00 00 9c 29 02 00 35 00 00 00 da 29 02 00 77 00 00 00 10 2a 02 00 03 00 00 00	Z)..=....)..5....)..w....*......
0cc0	88 2a 02 00 5c 00 00 00 8c 2a 02 00 0c 00 00 00 e9 2a 02 00 a8 00 00 00 f6 2a 02 00 70 00 00 00	.*..\....*.......*.......*..p...
0ce0	9f 2b 02 00 12 00 00 00 10 2c 02 00 0c 00 00 00 23 2c 02 00 79 00 00 00 30 2c 02 00 45 00 00 00	.+.......,......#,..y...0,..E...
0d00	aa 2c 02 00 07 00 00 00 f0 2c 02 00 10 00 00 00 f8 2c 02 00 22 00 00 00 09 2d 02 00 68 00 00 00	.,.......,.......,.."....-..h...
0d20	2c 2d 02 00 41 00 00 00 95 2d 02 00 40 00 00 00 d7 2d 02 00 23 00 00 00 18 2e 02 00 c5 00 00 00	,-..A....-..@....-..#...........
0d40	3c 2e 02 00 9f 00 00 00 02 2f 02 00 3c 00 00 00 a2 2f 02 00 35 00 00 00 df 2f 02 00 4e 00 00 00	<......../..<..../..5..../..N...
0d60	15 30 02 00 86 00 00 00 64 30 02 00 68 00 00 00 eb 30 02 00 63 00 00 00 54 31 02 00 2f 00 00 00	.0......d0..h....0..c...T1../...
0d80	b8 31 02 00 48 00 00 00 e8 31 02 00 a3 00 00 00 31 32 02 00 81 00 00 00 d5 32 02 00 46 00 00 00	.1..H....1......12.......2..F...
0da0	57 33 02 00 1c 00 00 00 9e 33 02 00 7d 00 00 00 bb 33 02 00 60 00 00 00 39 34 02 00 ee 00 00 00	W3.......3..}....3..`...94......
0dc0	9a 34 02 00 09 01 00 00 89 35 02 00 68 00 00 00 93 36 02 00 07 00 00 00 fc 36 02 00 12 00 00 00	.4.......5..h....6.......6......
0de0	04 37 02 00 10 00 00 00 17 37 02 00 0e 00 00 00 28 37 02 00 42 00 00 00 37 37 02 00 0d 00 00 00	.7.......7......(7..B...77......
0e00	7a 37 02 00 24 00 00 00 88 37 02 00 ba 00 00 00 ad 37 02 00 17 00 00 00 68 38 02 00 c7 00 00 00	z7..$....7.......7......h8......
0e20	80 38 02 00 1a 00 00 00 48 39 02 00 3c 00 00 00 63 39 02 00 14 00 00 00 a0 39 02 00 7e 00 00 00	.8......H9..<...c9.......9..~...
0e40	b5 39 02 00 74 00 00 00 34 3a 02 00 74 00 00 00 a9 3a 02 00 2e 00 00 00 1e 3b 02 00 05 00 00 00	.9..t...4:..t....:.......;......
0e60	4d 3b 02 00 09 00 00 00 53 3b 02 00 07 00 00 00 5d 3b 02 00 66 00 00 00 65 3b 02 00 4f 00 00 00	M;......S;......];..f...e;..O...
0e80	cc 3b 02 00 9a 00 00 00 1c 3c 02 00 b1 00 00 00 b7 3c 02 00 0e 00 00 00 69 3d 02 00 67 00 00 00	.;.......<.......<......i=..g...
0ea0	78 3d 02 00 ae 00 00 00 e0 3d 02 00 89 00 00 00 8f 3e 02 00 28 00 00 00 19 3f 02 00 ac 00 00 00	x=.......=.......>..(....?......
0ec0	42 3f 02 00 74 00 00 00 ef 3f 02 00 97 00 00 00 64 40 02 00 3a 00 00 00 fc 40 02 00 40 00 00 00	B?..t....?......d@..:....@..@...
0ee0	37 41 02 00 27 00 00 00 78 41 02 00 29 00 00 00 a0 41 02 00 21 00 00 00 ca 41 02 00 08 01 00 00	7A..'...xA..)....A..!....A......
0f00	ec 41 02 00 61 01 00 00 f5 42 02 00 2e 00 00 00 57 44 02 00 80 00 00 00 86 44 02 00 30 00 00 00	.A..a....B......WD.......D..0...
0f20	07 45 02 00 c8 00 00 00 38 45 02 00 9c 00 00 00 01 46 02 00 40 00 00 00 9e 46 02 00 b7 00 00 00	.E......8E.......F..@....F......
0f40	df 46 02 00 b7 00 00 00 97 47 02 00 5a 00 00 00 4f 48 02 00 c4 00 00 00 aa 48 02 00 6e 00 00 00	.F.......G..Z...OH.......H..n...
0f60	6f 49 02 00 a5 00 00 00 de 49 02 00 c3 00 00 00 84 4a 02 00 18 00 00 00 48 4b 02 00 54 00 00 00	oI.......I.......J......HK..T...
0f80	61 4b 02 00 89 00 00 00 b6 4b 02 00 6b 00 00 00 40 4c 02 00 3d 00 00 00 ac 4c 02 00 91 00 00 00	aK.......K..k...@L..=....L......
0fa0	ea 4c 02 00 81 00 00 00 7c 4d 02 00 39 00 00 00 fe 4d 02 00 3e 01 00 00 38 4e 02 00 58 00 00 00	.L......|M..9....M..>...8N..X...
0fc0	77 4f 02 00 c2 00 00 00 d0 4f 02 00 6a 00 00 00 93 50 02 00 85 02 00 00 fe 50 02 00 cb 00 00 00	wO.......O..j....P.......P......
0fe0	84 53 02 00 40 00 00 00 50 54 02 00 9e 01 00 00 91 54 02 00 84 01 00 00 30 56 02 00 bb 00 00 00	.S..@...PT.......T......0V......
1000	b5 57 02 00 56 00 00 00 71 58 02 00 39 00 00 00 c8 58 02 00 1d 00 00 00 02 59 02 00 4b 00 00 00	.W..V...qX..9....X.......Y..K...
1020	20 59 02 00 0b 00 00 00 6c 59 02 00 02 01 00 00 78 59 02 00 0d 00 00 00 7b 5a 02 00 34 00 00 00	.Y......lY......xY......{Z..4...
1040	89 5a 02 00 2c 00 00 00 be 5a 02 00 c8 00 00 00 eb 5a 02 00 43 01 00 00 b4 5b 02 00 3e 00 00 00	.Z..,....Z.......Z..C....[..>...
1060	f8 5c 02 00 ad 00 00 00 37 5d 02 00 aa 00 00 00 e5 5d 02 00 44 00 00 00 90 5e 02 00 1d 00 00 00	.\......7].......]..D....^......
1080	d5 5e 02 00 23 00 00 00 f3 5e 02 00 19 00 00 00 17 5f 02 00 12 00 00 00 31 5f 02 00 43 00 00 00	.^..#....^......._......1_..C...
10a0	44 5f 02 00 31 00 00 00 88 5f 02 00 0a 00 00 00 ba 5f 02 00 08 00 00 00 c5 5f 02 00 28 01 00 00	D_..1...._......._......._..(...
10c0	ce 5f 02 00 81 00 00 00 f7 60 02 00 aa 00 00 00 79 61 02 00 d5 00 00 00 24 62 02 00 71 00 00 00	._.......`......ya......$b..q...
10e0	fa 62 02 00 78 00 00 00 6c 63 02 00 99 00 00 00 e5 63 02 00 1d 01 00 00 7f 64 02 00 1a 01 00 00	.b..x...lc.......c.......d......
1100	9d 65 02 00 39 01 00 00 b8 66 02 00 32 01 00 00 f2 67 02 00 a2 00 00 00 25 69 02 00 93 00 00 00	.e..9....f..2....g......%i......
1120	c8 69 02 00 47 00 00 00 5c 6a 02 00 83 00 00 00 a4 6a 02 00 6e 00 00 00 28 6b 02 00 91 00 00 00	.i..G...\j.......j..n...(k......
1140	97 6b 02 00 59 00 00 00 29 6c 02 00 96 00 00 00 83 6c 02 00 8e 00 00 00 1a 6d 02 00 c1 00 00 00	.k..Y...)l.......l.......m......
1160	a9 6d 02 00 59 01 00 00 6b 6e 02 00 23 00 00 00 c5 6f 02 00 43 00 00 00 e9 6f 02 00 27 00 00 00	.m..Y...kn..#....o..C....o..'...
1180	2d 70 02 00 2d 00 00 00 55 70 02 00 3b 00 00 00 83 70 02 00 6e 00 00 00 bf 70 02 00 82 00 00 00	-p..-...Up..;....p..n....p......
11a0	2e 71 02 00 68 00 00 00 b1 71 02 00 19 00 00 00 1a 72 02 00 19 00 00 00 34 72 02 00 19 00 00 00	.q..h....q.......r......4r......
11c0	4e 72 02 00 19 00 00 00 68 72 02 00 19 00 00 00 82 72 02 00 19 00 00 00 9c 72 02 00 19 00 00 00	Nr......hr.......r.......r......
11e0	b6 72 02 00 19 00 00 00 d0 72 02 00 19 00 00 00 ea 72 02 00 19 00 00 00 04 73 02 00 19 00 00 00	.r.......r.......r.......s......
1200	1e 73 02 00 19 00 00 00 38 73 02 00 7b 00 00 00 52 73 02 00 c2 00 00 00 ce 73 02 00 41 00 00 00	.s......8s..{...Rs.......s..A...
1220	91 74 02 00 c0 00 00 00 d3 74 02 00 68 00 00 00 94 75 02 00 0e 00 00 00 fd 75 02 00 16 00 00 00	.t.......t..h....u.......u......
1240	0c 76 02 00 25 00 00 00 23 76 02 00 29 00 00 00 49 76 02 00 24 00 00 00 73 76 02 00 e6 00 00 00	.v..%...#v..)...Iv..$...sv......
1260	98 76 02 00 20 00 00 00 7f 77 02 00 14 00 00 00 a0 77 02 00 45 00 00 00 b5 77 02 00 13 00 00 00	.v.......w.......w..E....w......
1280	fb 77 02 00 17 00 00 00 0f 78 02 00 17 00 00 00 27 78 02 00 3d 00 00 00 3f 78 02 00 12 00 00 00	.w.......x......'x..=...?x......
12a0	7d 78 02 00 14 00 00 00 90 78 02 00 13 00 00 00 a5 78 02 00 03 00 00 00 b9 78 02 00 1b 00 00 00	}x.......x.......x.......x......
12c0	bd 78 02 00 59 00 00 00 d9 78 02 00 03 00 00 00 33 79 02 00 14 00 00 00 37 79 02 00 14 00 00 00	.x..Y....x......3y......7y......
12e0	4c 79 02 00 1d 00 00 00 61 79 02 00 1a 00 00 00 7f 79 02 00 0b 00 00 00 9a 79 02 00 18 00 00 00	Ly......ay.......y.......y......
1300	a6 79 02 00 19 00 00 00 bf 79 02 00 44 00 00 00 d9 79 02 00 1a 00 00 00 1e 7a 02 00 1f 00 00 00	.y.......y..D....y.......z......
1320	39 7a 02 00 1c 00 00 00 59 7a 02 00 20 00 00 00 76 7a 02 00 65 01 00 00 97 7a 02 00 54 01 00 00	9z......Yz......vz..e....z..T...
1340	fd 7b 02 00 c3 02 00 00 52 7d 02 00 05 00 00 00 16 80 02 00 67 00 00 00 1c 80 02 00 81 01 00 00	.{......R}..........g...........
1360	84 80 02 00 07 00 00 00 06 82 02 00 13 00 00 00 0e 82 02 00 0f 00 00 00 22 82 02 00 1e 00 00 00	........................".......
1380	32 82 02 00 11 00 00 00 51 82 02 00 21 00 00 00 63 82 02 00 4c 00 00 00 85 82 02 00 50 00 00 00	2.......Q...!...c...L.......P...
13a0	d2 82 02 00 69 00 00 00 23 83 02 00 17 00 00 00 8d 83 02 00 0e 00 00 00 a5 83 02 00 0e 00 00 00	....i...#.......................
13c0	b4 83 02 00 3f 00 00 00 c3 83 02 00 36 00 00 00 03 84 02 00 0b 00 00 00 3a 84 02 00 d1 00 00 00	....?.......6...........:.......
13e0	46 84 02 00 19 00 00 00 18 85 02 00 87 00 00 00 32 85 02 00 89 00 00 00 ba 85 02 00 db 00 00 00	F...............2...............
1400	44 86 02 00 55 00 00 00 20 87 02 00 75 00 00 00 76 87 02 00 27 00 00 00 ec 87 02 00 1c 00 00 00	D...U.......u...v...'...........
1420	14 88 02 00 7d 01 00 00 31 88 02 00 11 00 00 00 af 89 02 00 0c 00 00 00 c1 89 02 00 3f 00 00 00	....}...1...................?...
1440	ce 89 02 00 63 00 00 00 0e 8a 02 00 09 00 00 00 72 8a 02 00 5d 00 00 00 7c 8a 02 00 58 00 00 00	....c...........r...]...|...X...
1460	da 8a 02 00 59 00 00 00 33 8b 02 00 34 00 00 00 8d 8b 02 00 17 00 00 00 c2 8b 02 00 0c 00 00 00	....Y...3...4...................
1480	da 8b 02 00 25 00 00 00 e7 8b 02 00 13 00 00 00 0d 8c 02 00 29 00 00 00 21 8c 02 00 83 00 00 00	....%...............)...!.......
14a0	4b 8c 02 00 6e 00 00 00 cf 8c 02 00 31 00 00 00 3e 8d 02 00 06 00 00 00 70 8d 02 00 0e 00 00 00	K...n.......1...>.......p.......
14c0	77 8d 02 00 3f 00 00 00 86 8d 02 00 37 00 00 00 c6 8d 02 00 07 00 00 00 fe 8d 02 00 0e 00 00 00	w...?.......7...................
14e0	06 8e 02 00 d0 00 00 00 15 8e 02 00 9c 00 00 00 e6 8e 02 00 51 00 00 00 83 8f 02 00 9c 00 00 00	....................Q...........
1500	d5 8f 02 00 ef 00 00 00 72 90 02 00 8d 01 00 00 62 91 02 00 37 01 00 00 f0 92 02 00 38 01 00 00	........r.......b...7.......8...
1520	28 94 02 00 ce 00 00 00 61 95 02 00 d9 00 00 00 30 96 02 00 3b 00 00 00 0a 97 02 00 78 00 00 00	(.......a.......0...;.......x...
1540	46 97 02 00 9d 00 00 00 bf 97 02 00 97 00 00 00 5d 98 02 00 25 00 00 00 f5 98 02 00 a1 00 00 00	F...............]...%...........
1560	1b 99 02 00 3a 01 00 00 bd 99 02 00 16 00 00 00 f8 9a 02 00 1a 00 00 00 0f 9b 02 00 0a 00 00 00	....:...........................
1580	2a 9b 02 00 27 00 00 00 35 9b 02 00 16 00 00 00 5d 9b 02 00 c8 00 00 00 74 9b 02 00 1a 00 00 00	*...'...5.......].......t.......
15a0	3d 9c 02 00 2a 00 00 00 58 9c 02 00 0c 00 00 00 83 9c 02 00 30 00 00 00 90 9c 02 00 2c 00 00 00	=...*...X...........0.......,...
15c0	c1 9c 02 00 0b 01 00 00 ee 9c 02 00 76 00 00 00 fa 9d 02 00 bc 00 00 00 71 9e 02 00 91 00 00 00	............v...........q.......
15e0	2e 9f 02 00 3e 00 00 00 c0 9f 02 00 0c 00 00 00 ff 9f 02 00 46 00 00 00 0c a0 02 00 14 00 00 00	....>...............F...........
1600	53 a0 02 00 9f 00 00 00 68 a0 02 00 0e 00 00 00 08 a1 02 00 2d 00 00 00 17 a1 02 00 1b 00 00 00	S.......h...........-...........
1620	45 a1 02 00 0f 00 00 00 61 a1 02 00 07 00 00 00 71 a1 02 00 16 00 00 00 79 a1 02 00 1d 00 00 00	E.......a.......q.......y.......
1640	90 a1 02 00 06 00 00 00 ae a1 02 00 14 00 00 00 b5 a1 02 00 15 00 00 00 ca a1 02 00 3d 00 00 00	............................=...
1660	e0 a1 02 00 0b 00 00 00 1e a2 02 00 14 00 00 00 2a a2 02 00 12 00 00 00 3f a2 02 00 14 00 00 00	................*.......?.......
1680	52 a2 02 00 6c 00 00 00 67 a2 02 00 07 00 00 00 d4 a2 02 00 6a 00 00 00 dc a2 02 00 98 00 00 00	R...l...g...........j...........
16a0	47 a3 02 00 0c 00 00 00 e0 a3 02 00 96 00 00 00 ed a3 02 00 3e 00 00 00 84 a4 02 00 77 00 00 00	G...................>.......w...
16c0	c3 a4 02 00 38 00 00 00 3b a5 02 00 40 00 00 00 74 a5 02 00 1e 00 00 00 b5 a5 02 00 11 00 00 00	....8...;...@...t...............
16e0	d4 a5 02 00 1b 00 00 00 e6 a5 02 00 58 00 00 00 02 a6 02 00 0d 00 00 00 5b a6 02 00 15 00 00 00	............X...........[.......
1700	69 a6 02 00 16 00 00 00 7f a6 02 00 13 00 00 00 96 a6 02 00 15 00 00 00 aa a6 02 00 0b 01 00 00	i...............................
1720	c0 a6 02 00 af 00 00 00 cc a7 02 00 59 00 00 00 7c a8 02 00 26 00 00 00 d6 a8 02 00 25 00 00 00	............Y...|...&.......%...
1740	fd a8 02 00 a5 00 00 00 23 a9 02 00 09 00 00 00 c9 a9 02 00 94 00 00 00 d3 a9 02 00 0d 00 00 00	........#.......................
1760	68 aa 02 00 51 00 00 00 76 aa 02 00 25 00 00 00 c8 aa 02 00 37 00 00 00 ee aa 02 00 c0 00 00 00	h...Q...v...%.......7...........
1780	26 ab 02 00 71 00 00 00 e7 ab 02 00 52 00 00 00 59 ac 02 00 4e 00 00 00 ac ac 02 00 68 00 00 00	&...q.......R...Y...N.......h...
17a0	fb ac 02 00 55 00 00 00 64 ad 02 00 4c 00 00 00 ba ad 02 00 57 00 00 00 07 ae 02 00 70 00 00 00	....U...d...L.......W.......p...
17c0	5f ae 02 00 a4 00 00 00 d0 ae 02 00 fc 00 00 00 75 af 02 00 bb 00 00 00 72 b0 02 00 7a 00 00 00	_...............u.......r...z...
17e0	2e b1 02 00 77 00 00 00 a9 b1 02 00 71 00 00 00 21 b2 02 00 aa 00 00 00 93 b2 02 00 3a 00 00 00	....w.......q...!...........:...
1800	3e b3 02 00 2b 00 00 00 79 b3 02 00 3a 00 00 00 a5 b3 02 00 60 00 00 00 e0 b3 02 00 62 00 00 00	>...+...y...:.......`.......b...
1820	41 b4 02 00 2b 00 00 00 a4 b4 02 00 5b 00 00 00 d0 b4 02 00 61 00 00 00 2c b5 02 00 2e 00 00 00	A...+.......[.......a...,.......
1840	8e b5 02 00 47 00 00 00 bd b5 02 00 9a 00 00 00 05 b6 02 00 41 00 00 00 a0 b6 02 00 84 00 00 00	....G...............A...........
1860	e2 b6 02 00 5f 00 00 00 67 b7 02 00 5f 00 00 00 c7 b7 02 00 3c 00 00 00 27 b8 02 00 39 00 00 00	...._...g..._.......<...'...9...
1880	64 b8 02 00 89 00 00 00 9e b8 02 00 58 00 00 00 28 b9 02 00 2c 00 00 00 81 b9 02 00 2b 00 00 00	d...........X...(...,.......+...
18a0	ae b9 02 00 64 00 00 00 da b9 02 00 65 00 00 00 3f ba 02 00 2f 00 00 00 a5 ba 02 00 5f 00 00 00	....d.......e...?.../......._...
18c0	d5 ba 02 00 42 00 00 00 35 bb 02 00 2a 00 00 00 78 bb 02 00 3b 00 00 00 a3 bb 02 00 2b 00 00 00	....B...5...*...x...;.......+...
18e0	df bb 02 00 34 00 00 00 0b bc 02 00 42 00 00 00 40 bc 02 00 99 00 00 00 83 bc 02 00 50 00 00 00	....4.......B...@...........P...
1900	1d bd 02 00 b2 00 00 00 6e bd 02 00 5d 00 00 00 21 be 02 00 49 00 00 00 7f be 02 00 49 00 00 00	........n...]...!...I.......I...
1920	c9 be 02 00 3c 00 00 00 13 bf 02 00 59 00 00 00 50 bf 02 00 38 00 00 00 aa bf 02 00 10 00 00 00	....<.......Y...P...8...........
1940	e3 bf 02 00 92 00 00 00 f4 bf 02 00 1d 00 00 00 87 c0 02 00 42 00 00 00 a5 c0 02 00 12 00 00 00	....................B...........
1960	e8 c0 02 00 b7 00 00 00 fb c0 02 00 44 01 00 00 b3 c1 02 00 09 00 00 00 f8 c2 02 00 0e 00 00 00	............D...................
1980	02 c3 02 00 16 00 00 00 11 c3 02 00 07 00 00 00 28 c3 02 00 0e 00 00 00 30 c3 02 00 30 00 00 00	................(.......0...0...
19a0	3f c3 02 00 09 00 00 00 70 c3 02 00 49 00 00 00 7a c3 02 00 49 00 00 00 c4 c3 02 00 c9 00 00 00	?.......p...I...z...I...........
19c0	0e c4 02 00 b3 00 00 00 d8 c4 02 00 36 00 00 00 8c c5 02 00 39 00 00 00 c3 c5 02 00 81 00 00 00	............6.......9...........
19e0	fd c5 02 00 82 00 00 00 7f c6 02 00 92 00 00 00 02 c7 02 00 64 00 00 00 95 c7 02 00 15 00 00 00	....................d...........
1a00	fa c7 02 00 5f 00 00 00 10 c8 02 00 44 00 00 00 70 c8 02 00 69 00 00 00 b5 c8 02 00 75 00 00 00	...._.......D...p...i.......u...
1a20	1f c9 02 00 66 00 00 00 95 c9 02 00 4e 00 00 00 fc c9 02 00 8c 00 00 00 4b ca 02 00 56 00 00 00	....f.......N...........K...V...
1a40	d8 ca 02 00 76 00 00 00 2f cb 02 00 73 00 00 00 a6 cb 02 00 c3 00 00 00 1a cc 02 00 c0 00 00 00	....v.../...s...................
1a60	de cc 02 00 6b 00 00 00 9f cd 02 00 30 00 00 00 0b ce 02 00 3d 00 00 00 3c ce 02 00 d9 00 00 00	....k.......0.......=...<.......
1a80	7a ce 02 00 a0 00 00 00 54 cf 02 00 68 00 00 00 f5 cf 02 00 54 00 00 00 5e d0 02 00 2b 00 00 00	z.......T...h.......T...^...+...
1aa0	b3 d0 02 00 21 00 00 00 df d0 02 00 70 00 00 00 01 d1 02 00 4a 00 00 00 72 d1 02 00 19 00 00 00	....!.......p.......J...r.......
1ac0	bd d1 02 00 08 00 00 00 d7 d1 02 00 2d 00 00 00 e0 d1 02 00 14 00 00 00 0e d2 02 00 14 00 00 00	............-...................
1ae0	23 d2 02 00 14 00 00 00 38 d2 02 00 14 00 00 00 4d d2 02 00 0d 00 00 00 62 d2 02 00 39 00 00 00	#.......8.......M.......b...9...
1b00	70 d2 02 00 43 00 00 00 aa d2 02 00 0b 00 00 00 ee d2 02 00 f3 00 00 00 fa d2 02 00 43 00 00 00	p...C.......................C...
1b20	ee d3 02 00 3d 00 00 00 32 d4 02 00 00 01 00 00 70 d4 02 00 b3 00 00 00 71 d5 02 00 0b 00 00 00	....=...2.......p.......q.......
1b40	25 d6 02 00 0a 00 00 00 31 d6 02 00 0b 00 00 00 3c d6 02 00 18 00 00 00 48 d6 02 00 10 00 00 00	%.......1.......<.......H.......
1b60	61 d6 02 00 3a 00 00 00 72 d6 02 00 12 00 00 00 ad d6 02 00 3c 00 00 00 c0 d6 02 00 84 00 00 00	a...:...r...........<...........
1b80	fd d6 02 00 14 00 00 00 82 d7 02 00 4c 00 00 00 97 d7 02 00 05 00 00 00 e4 d7 02 00 15 00 00 00	............L...................
1ba0	ea d7 02 00 0d 00 00 00 00 d8 02 00 b6 00 00 00 0e d8 02 00 04 00 00 00 c5 d8 02 00 bf 00 00 00	................................
1bc0	ca d8 02 00 52 00 00 00 8a d9 02 00 06 00 00 00 dd d9 02 00 0e 00 00 00 e4 d9 02 00 10 00 00 00	....R...........................
1be0	f3 d9 02 00 1c 00 00 00 04 da 02 00 17 00 00 00 21 da 02 00 2b 00 00 00 39 da 02 00 05 00 00 00	................!...+...9.......
1c00	65 da 02 00 2f 00 00 00 6b da 02 00 34 00 00 00 9b da 02 00 01 01 00 00 d0 da 02 00 05 00 00 00	e.../...k...4...................
1c20	d2 db 02 00 67 00 00 00 d8 db 02 00 07 00 00 00 40 dc 02 00 0a 00 00 00 48 dc 02 00 15 00 00 00	....g...........@.......H.......
1c40	53 dc 02 00 19 00 00 00 69 dc 02 00 a4 00 00 00 83 dc 02 00 32 00 00 00 28 dd 02 00 31 00 00 00	S.......i...........2...(...1...
1c60	5b dd 02 00 1d 00 00 00 8d dd 02 00 14 00 00 00 ab dd 02 00 32 00 00 00 c0 dd 02 00 15 00 00 00	[...................2...........
1c80	f3 dd 02 00 0a 00 00 00 09 de 02 00 11 00 00 00 14 de 02 00 17 00 00 00 26 de 02 00 13 00 00 00	........................&.......
1ca0	3e de 02 00 19 00 00 00 52 de 02 00 98 00 00 00 6c de 02 00 24 00 00 00 05 df 02 00 25 00 00 00	>.......R.......l...$.......%...
1cc0	2a df 02 00 0d 00 00 00 50 df 02 00 42 00 00 00 5e df 02 00 16 00 00 00 a1 df 02 00 13 00 00 00	*.......P...B...^...............
1ce0	b8 df 02 00 55 00 00 00 cc df 02 00 95 00 00 00 22 e0 02 00 35 00 00 00 b8 e0 02 00 8e 00 00 00	....U..........."...5...........
1d00	ee e0 02 00 68 00 00 00 7d e1 02 00 77 00 00 00 e6 e1 02 00 81 00 00 00 5e e2 02 00 7e 00 00 00	....h...}...w...........^...~...
1d20	e0 e2 02 00 4b 00 00 00 5f e3 02 00 38 00 00 00 ab e3 02 00 95 00 00 00 e4 e3 02 00 32 00 00 00	....K..._...8...............2...
1d40	7a e4 02 00 69 00 00 00 ad e4 02 00 62 00 00 00 17 e5 02 00 4b 01 00 00 7a e5 02 00 a6 00 00 00	z...i.......b.......K...z.......
1d60	c6 e6 02 00 89 00 00 00 6d e7 02 00 88 00 00 00 f7 e7 02 00 2d 00 00 00 80 e8 02 00 7a 00 00 00	........m...........-.......z...
1d80	ae e8 02 00 6b 00 00 00 29 e9 02 00 0e 00 00 00 95 e9 02 00 4b 00 00 00 a4 e9 02 00 33 00 00 00	....k...)...........K.......3...
1da0	f0 e9 02 00 39 00 00 00 24 ea 02 00 0b 00 00 00 5e ea 02 00 1a 00 00 00 6a ea 02 00 20 00 00 00	....9...$.......^.......j.......
1dc0	85 ea 02 00 25 00 00 00 a6 ea 02 00 4d 00 00 00 cc ea 02 00 4e 00 00 00 1a eb 02 00 0b 00 00 00	....%.......M.......N...........
1de0	69 eb 02 00 f6 00 00 00 75 eb 02 00 2e 00 00 00 6c ec 02 00 13 00 00 00 9b ec 02 00 0f 00 00 00	i.......u.......l...............
1e00	af ec 02 00 12 00 00 00 bf ec 02 00 71 01 00 00 d2 ec 02 00 fe 00 00 00 44 ee 02 00 4e 00 00 00	............q...........D...N...
1e20	43 ef 02 00 c9 00 00 00 92 ef 02 00 13 00 00 00 5c f0 02 00 19 00 00 00 70 f0 02 00 2f 00 00 00	C...............\.......p.../...
1e40	8a f0 02 00 19 00 00 00 ba f0 02 00 12 00 00 00 d4 f0 02 00 14 00 00 00 e7 f0 02 00 1b 00 00 00	................................
1e60	fc f0 02 00 1d 00 00 00 18 f1 02 00 58 00 00 00 36 f1 02 00 43 00 00 00 8f f1 02 00 56 00 00 00	............X...6...C.......V...
1e80	d3 f1 02 00 75 00 00 00 2a f2 02 00 1e 00 00 00 a0 f2 02 00 25 00 00 00 bf f2 02 00 25 00 00 00	....u...*...........%.......%...
1ea0	e5 f2 02 00 15 00 00 00 0b f3 02 00 86 00 00 00 21 f3 02 00 2e 00 00 00 a8 f3 02 00 95 00 00 00	................!...............
1ec0	d7 f3 02 00 2b 00 00 00 6d f4 02 00 2b 00 00 00 99 f4 02 00 37 01 00 00 c5 f4 02 00 38 00 00 00	....+...m...+.......7.......8...
1ee0	fd f5 02 00 3b 00 00 00 36 f6 02 00 18 00 00 00 72 f6 02 00 16 00 00 00 8b f6 02 00 7a 00 00 00	....;...6.......r...........z...
1f00	a2 f6 02 00 12 00 00 00 1d f7 02 00 67 00 00 00 30 f7 02 00 3a 00 00 00 98 f7 02 00 3a 00 00 00	............g...0...:.......:...
1f20	d3 f7 02 00 0c 00 00 00 0e f8 02 00 18 00 00 00 1b f8 02 00 39 00 00 00 34 f8 02 00 47 00 00 00	....................9...4...G...
1f40	6e f8 02 00 42 00 00 00 b6 f8 02 00 4c 00 00 00 f9 f8 02 00 3f 00 00 00 46 f9 02 00 3b 00 00 00	n...B.......L.......?...F...;...
1f60	86 f9 02 00 41 00 00 00 c2 f9 02 00 11 01 00 00 04 fa 02 00 3d 00 00 00 16 fb 02 00 31 00 00 00	....A...............=.......1...
1f80	54 fb 02 00 26 01 00 00 86 fb 02 00 e2 00 00 00 ad fc 02 00 3a 00 00 00 90 fd 02 00 f8 00 00 00	T...&...............:...........
1fa0	cb fd 02 00 88 00 00 00 c4 fe 02 00 31 00 00 00 4d ff 02 00 06 00 00 00 7f ff 02 00 0d 00 00 00	............1...M...............
1fc0	86 ff 02 00 0b 00 00 00 94 ff 02 00 2e 00 00 00 a0 ff 02 00 67 00 00 00 cf ff 02 00 13 00 00 00	....................g...........
1fe0	37 00 03 00 ab 00 00 00 4b 00 03 00 b5 00 00 00 f7 00 03 00 b5 00 00 00 ad 01 03 00 90 00 00 00	7.......K.......................
2000	63 02 03 00 30 00 00 00 f4 02 03 00 22 00 00 00 25 03 03 00 22 00 00 00 48 03 03 00 24 00 00 00	c...0......."...%..."...H...$...
2020	6b 03 03 00 09 00 00 00 90 03 03 00 09 00 00 00 9a 03 03 00 92 00 00 00 a4 03 03 00 38 00 00 00	k...........................8...
2040	37 04 03 00 05 00 00 00 70 04 03 00 0f 00 00 00 76 04 03 00 88 00 00 00 86 04 03 00 bd 00 00 00	7.......p.......v...............
2060	0f 05 03 00 0b 00 00 00 cd 05 03 00 12 00 00 00 d9 05 03 00 6a 00 00 00 ec 05 03 00 2f 00 00 00	....................j......./...
2080	57 06 03 00 0a 00 00 00 87 06 03 00 f4 00 00 00 92 06 03 00 d2 01 00 00 87 07 03 00 ad 01 00 00	W...............................
20a0	5a 09 03 00 dd 00 00 00 08 0b 03 00 91 01 00 00 e6 0b 03 00 7f 00 00 00 78 0d 03 00 af 00 00 00	Z.......................x.......
20c0	f8 0d 03 00 2a 03 00 00 a8 0e 03 00 6b 00 00 00 d3 11 03 00 a3 00 00 00 3f 12 03 00 9a 00 00 00	....*.......k...........?.......
20e0	e3 12 03 00 50 00 00 00 7e 13 03 00 81 00 00 00 cf 13 03 00 2c 00 00 00 51 14 03 00 7a 00 00 00	....P...~...........,...Q...z...
2100	7e 14 03 00 2b 00 00 00 f9 14 03 00 25 00 00 00 25 15 03 00 09 00 00 00 4b 15 03 00 23 00 00 00	~...+.......%...%.......K...#...
2120	55 15 03 00 23 00 00 00 79 15 03 00 25 00 00 00 9d 15 03 00 11 00 00 00 c3 15 03 00 12 00 00 00	U...#...y...%...................
2140	d5 15 03 00 12 00 00 00 e8 15 03 00 1e 00 00 00 fb 15 03 00 23 00 00 00 1a 16 03 00 39 00 00 00	....................#.......9...
2160	3e 16 03 00 2c 00 00 00 78 16 03 00 1c 00 00 00 a5 16 03 00 1d 00 00 00 c2 16 03 00 1e 00 00 00	>...,...x.......................
2180	e0 16 03 00 0c 00 00 00 ff 16 03 00 28 00 00 00 0c 17 03 00 3a 00 00 00 35 17 03 00 30 00 00 00	............(.......:...5...0...
21a0	70 17 03 00 27 00 00 00 a1 17 03 00 38 00 00 00 c9 17 03 00 1d 00 00 00 02 18 03 00 13 00 00 00	p...'.......8...................
21c0	20 18 03 00 0b 00 00 00 34 18 03 00 28 00 00 00 40 18 03 00 30 00 00 00 69 18 03 00 4c 00 00 00	........4...(...@...0...i...L...
21e0	9a 18 03 00 74 00 00 00 e7 18 03 00 55 00 00 00 5c 19 03 00 28 00 00 00 b2 19 03 00 0a 00 00 00	....t.......U...\...(...........
2200	db 19 03 00 56 00 00 00 e6 19 03 00 1f 00 00 00 3d 1a 03 00 18 00 00 00 5d 1a 03 00 23 00 00 00	....V...........=.......]...#...
2220	76 1a 03 00 3f 00 00 00 9a 1a 03 00 4d 00 00 00 da 1a 03 00 20 00 00 00 28 1b 03 00 61 00 00 00	v...?.......M...........(...a...
2240	49 1b 03 00 63 00 00 00 ab 1b 03 00 31 00 00 00 0f 1c 03 00 34 00 00 00 41 1c 03 00 1b 01 00 00	I...c.......1.......4...A.......
2260	76 1c 03 00 3a 00 00 00 92 1d 03 00 4a 00 00 00 cd 1d 03 00 38 00 00 00 18 1e 03 00 40 01 00 00	v...:.......J.......8.......@...
2280	51 1e 03 00 3a 00 00 00 92 1f 03 00 4f 00 00 00 cd 1f 03 00 2e 00 00 00 1d 20 03 00 86 00 00 00	Q...:.......O...................
22a0	4c 20 03 00 bb 01 00 00 d3 20 03 00 06 01 00 00 8f 22 03 00 bf 00 00 00 96 23 03 00 25 00 00 00	L................".......#..%...
22c0	56 24 03 00 4b 00 00 00 7c 24 03 00 22 00 00 00 c8 24 03 00 16 00 00 00 eb 24 03 00 14 00 00 00	V$..K...|$.."....$.......$......
22e0	02 25 03 00 79 00 00 00 17 25 03 00 42 00 00 00 91 25 03 00 1c 00 00 00 d4 25 03 00 33 00 00 00	.%..y....%..B....%.......%..3...
2300	f1 25 03 00 a7 00 00 00 25 26 03 00 c1 00 00 00 cd 26 03 00 32 00 00 00 8f 27 03 00 05 00 00 00	.%......%&.......&..2....'......
2320	c2 27 03 00 10 00 00 00 c8 27 03 00 5e 00 00 00 d9 27 03 00 08 00 00 00 38 28 03 00 dc 00 00 00	.'.......'..^....'......8(......
2340	41 28 03 00 10 00 00 00 1e 29 03 00 0d 00 00 00 2f 29 03 00 21 00 00 00 3d 29 03 00 21 00 00 00	A(.......)....../)..!...=)..!...
2360	5f 29 03 00 d4 00 00 00 81 29 03 00 14 00 00 00 56 2a 03 00 38 00 00 00 6b 2a 03 00 a3 00 00 00	_).......)......V*..8...k*......
2380	a4 2a 03 00 a7 00 00 00 48 2b 03 00 23 00 00 00 f0 2b 03 00 91 00 00 00 14 2c 03 00 59 00 00 00	.*......H+..#....+.......,..Y...
23a0	a6 2c 03 00 a6 01 00 00 00 2d 03 00 ca 00 00 00 a7 2e 03 00 07 00 00 00 72 2f 03 00 15 00 00 00	.,.......-..............r/......
23c0	7a 2f 03 00 12 00 00 00 90 2f 03 00 0f 00 00 00 a3 2f 03 00 16 00 00 00 b3 2f 03 00 2f 00 00 00	z/......./......./......./../...
23e0	ca 2f 03 00 2f 00 00 00 fa 2f 03 00 77 00 00 00 2a 30 03 00 17 00 00 00 a2 30 03 00 51 00 00 00	./../..../..w...*0.......0..Q...
2400	ba 30 03 00 08 00 00 00 0c 31 03 00 bf 00 00 00 15 31 03 00 58 00 00 00 d5 31 03 00 e0 00 00 00	.0.......1.......1..X....1......
2420	2e 32 03 00 3d 00 00 00 0f 33 03 00 3b 00 00 00 4d 33 03 00 3c 00 00 00 89 33 03 00 3e 00 00 00	.2..=....3..;...M3..<....3..>...
2440	c6 33 03 00 3c 00 00 00 05 34 03 00 3d 00 00 00 42 34 03 00 34 00 00 00 80 34 03 00 36 00 00 00	.3..<....4..=...B4..4....4..6...
2460	b5 34 03 00 33 00 00 00 ec 34 03 00 a3 00 00 00 20 35 03 00 08 00 00 00 c4 35 03 00 1b 00 00 00	.4..3....4.......5.......5......
2480	cd 35 03 00 09 00 00 00 e9 35 03 00 c5 00 00 00 f3 35 03 00 0f 00 00 00 b9 36 03 00 0f 00 00 00	.5.......5.......5.......6......
24a0	c9 36 03 00 31 00 00 00 d9 36 03 00 2a 00 00 00 0b 37 03 00 19 00 00 00 36 37 03 00 40 00 00 00	.6..1....6..*....7......67..@...
24c0	50 37 03 00 28 00 00 00 91 37 03 00 1c 00 00 00 ba 37 03 00 08 00 00 00 d7 37 03 00 c1 00 00 00	P7..(....7.......7.......7......
24e0	e0 37 03 00 9a 00 00 00 a2 38 03 00 dc 00 00 00 3d 39 03 00 a5 01 00 00 1a 3a 03 00 98 00 00 00	.7.......8......=9.......:......
2500	c0 3b 03 00 46 01 00 00 59 3c 03 00 0a 00 00 00 a0 3d 03 00 0a 00 00 00 ab 3d 03 00 39 00 00 00	.;..F...Y<.......=.......=..9...
2520	b6 3d 03 00 0d 00 00 00 f0 3d 03 00 08 00 00 00 fe 3d 03 00 0f 00 00 00 07 3e 03 00 2d 00 00 00	.=.......=.......=.......>..-...
2540	17 3e 03 00 e5 00 00 00 45 3e 03 00 0a 00 00 00 2b 3f 03 00 57 01 00 00 36 3f 03 00 31 01 00 00	.>......E>......+?..W...6?..1...
2560	8e 40 03 00 26 00 00 00 c0 41 03 00 05 00 00 00 e7 41 03 00 5c 00 00 00 ed 41 03 00 90 00 00 00	.@..&....A.......A..\....A......
2580	4a 42 03 00 33 00 00 00 db 42 03 00 51 00 00 00 0f 43 03 00 95 00 00 00 61 43 03 00 09 00 00 00	JB..3....B..Q....C......aC......
25a0	f7 43 03 00 c1 00 00 00 01 44 03 00 53 00 00 00 c3 44 03 00 08 00 00 00 17 45 03 00 14 00 00 00	.C.......D..S....D.......E......
25c0	20 45 03 00 13 00 00 00 35 45 03 00 0d 00 00 00 49 45 03 00 0e 00 00 00 57 45 03 00 4f 01 00 00	.E......5E......IE......WE..O...
25e0	66 45 03 00 20 01 00 00 b6 46 03 00 4d 00 00 00 d7 47 03 00 95 00 00 00 25 48 03 00 89 00 00 00	fE.......F..M....G......%H......
2600	bb 48 03 00 0f 00 00 00 45 49 03 00 0f 00 00 00 55 49 03 00 28 00 00 00 65 49 03 00 78 01 00 00	.H......EI......UI..(...eI..x...
2620	8e 49 03 00 1d 01 00 00 07 4b 03 00 0b 00 00 00 25 4c 03 00 53 00 00 00 31 4c 03 00 ca 00 00 00	.I.......K......%L..S...1L......
2640	85 4c 03 00 f4 00 00 00 50 4d 03 00 98 00 00 00 45 4e 03 00 98 00 00 00 de 4e 03 00 00 01 00 00	.L......PM......EN.......N......
2660	77 4f 03 00 05 00 00 00 78 50 03 00 0e 00 00 00 7e 50 03 00 0f 00 00 00 8d 50 03 00 0b 00 00 00	wO......xP......~P.......P......
2680	9d 50 03 00 1f 00 00 00 a9 50 03 00 b1 00 00 00 c9 50 03 00 90 00 00 00 7b 51 03 00 44 00 00 00	.P.......P.......P......{Q..D...
26a0	0c 52 03 00 48 00 00 00 51 52 03 00 6e 00 00 00 9a 52 03 00 90 00 00 00 09 53 03 00 cf 00 00 00	.R..H...QR..n....R.......S......
26c0	9a 53 03 00 0f 00 00 00 6a 54 03 00 0c 00 00 00 7a 54 03 00 69 01 00 00 87 54 03 00 93 00 00 00	.S......jT......zT..i....T......
26e0	f1 55 03 00 0f 00 00 00 85 56 03 00 10 00 00 00 95 56 03 00 3e 00 00 00 a6 56 03 00 81 00 00 00	.U.......V.......V..>....V......
2700	e5 56 03 00 8b 00 00 00 67 57 03 00 bd 00 00 00 f3 57 03 00 30 01 00 00 b1 58 03 00 96 00 00 00	.V......gW.......W..0....X......
2720	e2 59 03 00 69 01 00 00 79 5a 03 00 0c 00 00 00 e3 5b 03 00 5a 00 00 00 f0 5b 03 00 3c 01 00 00	.Y..i...yZ.......[..Z....[..<...
2740	4b 5c 03 00 db 00 00 00 88 5d 03 00 52 00 00 00 64 5e 03 00 2f 00 00 00 b7 5e 03 00 ac 00 00 00	K\.......]..R...d^../....^......
2760	e7 5e 03 00 09 00 00 00 94 5f 03 00 d8 00 00 00 9e 5f 03 00 5c 00 00 00 77 60 03 00 22 01 00 00	.^......._......._..\...w`.."...
2780	d4 60 03 00 af 00 00 00 f7 61 03 00 30 00 00 00 a7 62 03 00 66 00 00 00 d8 62 03 00 52 00 00 00	.`.......a..0....b..f....b..R...
27a0	3f 63 03 00 49 00 00 00 92 63 03 00 1b 01 00 00 dc 63 03 00 bb 00 00 00 f8 64 03 00 60 00 00 00	?c..I....c.......c.......d..`...
27c0	b4 65 03 00 62 00 00 00 15 66 03 00 52 01 00 00 78 66 03 00 f3 00 00 00 cb 67 03 00 bc 00 00 00	.e..b....f..R...xf.......g......
27e0	bf 68 03 00 77 00 00 00 7c 69 03 00 76 00 00 00 f4 69 03 00 97 00 00 00 6b 6a 03 00 d3 00 00 00	.h..w...|i..v....i......kj......
2800	03 6b 03 00 62 00 00 00 d7 6b 03 00 0e 00 00 00 3a 6c 03 00 cc 00 00 00 49 6c 03 00 32 00 00 00	.k..b....k......:l......Il..2...
2820	16 6d 03 00 11 00 00 00 49 6d 03 00 14 01 00 00 5b 6d 03 00 06 00 00 00 70 6e 03 00 06 00 00 00	.m......Im......[m......pn......
2840	77 6e 03 00 5d 02 00 00 7e 6e 03 00 0e 00 00 00 dc 70 03 00 80 01 00 00 eb 70 03 00 23 01 00 00	wn..]...~n.......p.......p..#...
2860	6c 72 03 00 0c 01 00 00 90 73 03 00 8b 00 00 00 9d 74 03 00 06 00 00 00 29 75 03 00 59 00 00 00	lr.......s.......t......)u..Y...
2880	30 75 03 00 07 00 00 00 8a 75 03 00 15 00 00 00 92 75 03 00 4d 00 00 00 a8 75 03 00 3d 00 00 00	0u.......u.......u..M....u..=...
28a0	f6 75 03 00 10 00 00 00 34 76 03 00 45 00 00 00 45 76 03 00 59 00 00 00 8b 76 03 00 7c 00 00 00	.u......4v..E...Ev..Y....v..|...
28c0	e5 76 03 00 ac 00 00 00 62 77 03 00 89 00 00 00 0f 78 03 00 23 00 00 00 99 78 03 00 0e 00 00 00	.v......bw.......x..#....x......
28e0	bd 78 03 00 26 00 00 00 cc 78 03 00 2d 00 00 00 f3 78 03 00 2e 00 00 00 21 79 03 00 0f 00 00 00	.x..&....x..-....x......!y......
2900	50 79 03 00 1d 01 00 00 60 79 03 00 19 01 00 00 7e 7a 03 00 07 00 00 00 98 7b 03 00 0e 00 00 00	Py......`y......~z.......{......
2920	a0 7b 03 00 0e 00 00 00 af 7b 03 00 11 00 00 00 be 7b 03 00 0f 00 00 00 d0 7b 03 00 10 00 00 00	.{.......{.......{.......{......
2940	e0 7b 03 00 0e 00 00 00 f1 7b 03 00 06 00 00 00 00 7c 03 00 d0 00 00 00 07 7c 03 00 57 00 00 00	.{.......{.......|.......|..W...
2960	d8 7c 03 00 2b 00 00 00 30 7d 03 00 13 00 00 00 5c 7d 03 00 22 00 00 00 70 7d 03 00 0b 00 00 00	.|..+...0}......\}.."...p}......
2980	93 7d 03 00 08 00 00 00 9f 7d 03 00 1a 00 00 00 a8 7d 03 00 6d 00 00 00 c3 7d 03 00 17 00 00 00	.}.......}.......}..m....}......
29a0	31 7e 03 00 47 01 00 00 49 7e 03 00 14 00 00 00 91 7f 03 00 0d 00 00 00 a6 7f 03 00 0c 00 00 00	1~..G...I~......................
29c0	b4 7f 03 00 3e 00 00 00 c1 7f 03 00 78 00 00 00 00 80 03 00 3c 00 00 00 79 80 03 00 df 00 00 00	....>.......x.......<...y.......
29e0	b6 80 03 00 4d 00 00 00 96 81 03 00 3e 00 00 00 e4 81 03 00 64 00 00 00 23 82 03 00 db 00 00 00	....M.......>.......d...#.......
2a00	88 82 03 00 3b 00 00 00 64 83 03 00 18 00 00 00 a0 83 03 00 12 00 00 00 b9 83 03 00 3f 00 00 00	....;...d...................?...
2a20	cc 83 03 00 04 00 00 00 0c 84 03 00 11 00 00 00 11 84 03 00 0a 00 00 00 23 84 03 00 2a 00 00 00	........................#...*...
2a40	2e 84 03 00 10 00 00 00 59 84 03 00 09 00 00 00 6a 84 03 00 30 00 00 00 74 84 03 00 08 00 00 00	........Y.......j...0...t.......
2a60	a5 84 03 00 05 01 00 00 ae 84 03 00 1e 00 00 00 b4 85 03 00 13 00 00 00 d3 85 03 00 c5 00 00 00	................................
2a80	e7 85 03 00 c0 00 00 00 ad 86 03 00 25 00 00 00 6e 87 03 00 25 00 00 00 94 87 03 00 03 00 00 00	............%...n...%...........
2aa0	ba 87 03 00 d3 00 00 00 be 87 03 00 a8 00 00 00 92 88 03 00 90 01 00 00 3b 89 03 00 d4 01 00 00	........................;.......
2ac0	cc 8a 03 00 23 01 00 00 a1 8c 03 00 0a 00 00 00 c5 8d 03 00 26 00 00 00 d0 8d 03 00 0a 00 00 00	....#...............&...........
2ae0	f7 8d 03 00 96 01 00 00 02 8e 03 00 05 00 00 00 99 8f 03 00 05 00 00 00 9f 8f 03 00 02 00 00 00	................................
2b00	a5 8f 03 00 0a 00 00 00 a8 8f 03 00 53 00 00 00 b3 8f 03 00 1d 00 00 00 07 90 03 00 25 00 00 00	............S...............%...
2b20	25 90 03 00 18 00 00 00 4b 90 03 00 19 00 00 00 64 90 03 00 19 00 00 00 7e 90 03 00 33 00 00 00	%.......K.......d.......~...3...
2b40	98 90 03 00 33 00 00 00 cc 90 03 00 ea 00 00 00 00 91 03 00 2b 00 00 00 eb 91 03 00 4d 00 00 00	....3...............+.......M...
2b60	17 92 03 00 15 00 00 00 65 92 03 00 14 02 00 00 7b 92 03 00 34 00 00 00 90 94 03 00 33 00 00 00	........e.......{...4.......3...
2b80	c5 94 03 00 36 00 00 00 f9 94 03 00 34 00 00 00 30 95 03 00 2d 00 00 00 65 95 03 00 27 00 00 00	....6.......4...0...-...e...'...
2ba0	93 95 03 00 1b 00 00 00 bb 95 03 00 38 00 00 00 d7 95 03 00 38 00 00 00 10 96 03 00 06 00 00 00	............8.......8...........
2bc0	49 96 03 00 04 00 00 00 50 96 03 00 05 00 00 00 55 96 03 00 11 00 00 00 5b 96 03 00 19 00 00 00	I.......P.......U.......[.......
2be0	6d 96 03 00 19 00 00 00 87 96 03 00 41 00 00 00 a1 96 03 00 11 00 00 00 e3 96 03 00 12 00 00 00	m...........A...................
2c00	f5 96 03 00 06 00 00 00 08 97 03 00 0b 00 00 00 0f 97 03 00 f7 00 00 00 1b 97 03 00 24 01 00 00	............................$...
2c20	13 98 03 00 39 00 00 00 38 99 03 00 05 00 00 00 72 99 03 00 19 00 00 00 78 99 03 00 04 00 00 00	....9...8.......r.......x.......
2c40	92 99 03 00 25 00 00 00 97 99 03 00 2d 00 00 00 bd 99 03 00 2e 00 00 00 eb 99 03 00 0c 00 00 00	....%.......-...................
2c60	1a 9a 03 00 0a 00 00 00 27 9a 03 00 7a 00 00 00 32 9a 03 00 50 00 00 00 ad 9a 03 00 0b 00 00 00	........'...z...2...P...........
2c80	fe 9a 03 00 76 00 00 00 0a 9b 03 00 04 00 00 00 81 9b 03 00 10 00 00 00 86 9b 03 00 16 00 00 00	....v...........................
2ca0	97 9b 03 00 20 00 00 00 ae 9b 03 00 0e 00 00 00 cf 9b 03 00 16 00 00 00 de 9b 03 00 11 00 00 00	................................
2cc0	f5 9b 03 00 14 00 00 00 07 9c 03 00 87 00 00 00 1c 9c 03 00 39 00 00 00 a4 9c 03 00 3a 00 00 00	....................9.......:...
2ce0	de 9c 03 00 3a 00 00 00 19 9d 03 00 ec 00 00 00 54 9d 03 00 1f 00 00 00 41 9e 03 00 0c 00 00 00	....:...........T.......A.......
2d00	61 9e 03 00 3e 00 00 00 6e 9e 03 00 0c 00 00 00 ad 9e 03 00 0a 00 00 00 ba 9e 03 00 54 00 00 00	a...>...n...................T...
2d20	c5 9e 03 00 0b 00 00 00 1a 9f 03 00 0c 00 00 00 26 9f 03 00 05 00 00 00 33 9f 03 00 1a 00 00 00	................&.......3.......
2d40	39 9f 03 00 16 00 00 00 54 9f 03 00 14 00 00 00 6b 9f 03 00 1c 00 00 00 80 9f 03 00 75 00 00 00	9.......T.......k...........u...
2d60	9d 9f 03 00 07 01 00 00 13 a0 03 00 78 01 00 00 1b a1 03 00 45 00 00 00 94 a2 03 00 39 00 00 00	............x.......E.......9...
2d80	da a2 03 00 4a 00 00 00 14 a3 03 00 69 00 00 00 5f a3 03 00 d2 00 00 00 c9 a3 03 00 c2 00 00 00	....J.......i..._...............
2da0	9c a4 03 00 b8 00 00 00 5f a5 03 00 98 00 00 00 18 a6 03 00 b5 00 00 00 b1 a6 03 00 ff 00 00 00	........_.......................
2dc0	67 a7 03 00 7f 00 00 00 67 a8 03 00 5a 00 00 00 e7 a8 03 00 69 00 00 00 42 a9 03 00 0d 02 00 00	g.......g...Z.......i...B.......
2de0	ac a9 03 00 b8 00 00 00 ba ab 03 00 a4 00 00 00 73 ac 03 00 b1 01 00 00 18 ad 03 00 89 00 00 00	................s...............
2e00	ca ae 03 00 ae 00 00 00 54 af 03 00 38 01 00 00 03 b0 03 00 46 01 00 00 3c b1 03 00 5f 01 00 00	........T...8.......F...<..._...
2e20	83 b2 03 00 f0 00 00 00 e3 b3 03 00 57 00 00 00 d4 b4 03 00 83 00 00 00 2c b5 03 00 32 00 00 00	............W...........,...2...
2e40	b0 b5 03 00 25 01 00 00 e3 b5 03 00 6a 01 00 00 09 b7 03 00 9b 00 00 00 74 b8 03 00 2a 00 00 00	....%.......j...........t...*...
2e60	10 b9 03 00 78 00 00 00 3b b9 03 00 a3 00 00 00 b4 b9 03 00 94 00 00 00 58 ba 03 00 93 00 00 00	....x...;...............X.......
2e80	ed ba 03 00 51 00 00 00 81 bb 03 00 92 00 00 00 d3 bb 03 00 b2 00 00 00 66 bc 03 00 55 00 00 00	....Q...................f...U...
2ea0	19 bd 03 00 6e 00 00 00 6f bd 03 00 a6 00 00 00 de bd 03 00 68 00 00 00 85 be 03 00 42 01 00 00	....n...o...........h.......B...
2ec0	ee be 03 00 d4 00 00 00 31 c0 03 00 d1 00 00 00 06 c1 03 00 b3 00 00 00 d8 c1 03 00 38 00 00 00	........1...................8...
2ee0	8c c2 03 00 87 00 00 00 c5 c2 03 00 8f 00 00 00 4d c3 03 00 79 00 00 00 dd c3 03 00 8a 00 00 00	................M...y...........
2f00	57 c4 03 00 60 00 00 00 e2 c4 03 00 66 00 00 00 43 c5 03 00 ab 00 00 00 aa c5 03 00 45 00 00 00	W...`.......f...C...........E...
2f20	56 c6 03 00 d3 00 00 00 9c c6 03 00 d3 00 00 00 70 c7 03 00 8e 00 00 00 44 c8 03 00 61 00 00 00	V...............p.......D...a...
2f40	d3 c8 03 00 7f 00 00 00 35 c9 03 00 69 01 00 00 b5 c9 03 00 9d 01 00 00 1f cb 03 00 b6 00 00 00	........5...i...................
2f60	bd cc 03 00 cd 00 00 00 74 cd 03 00 a8 00 00 00 42 ce 03 00 5f 00 00 00 eb ce 03 00 e5 00 00 00	........t.......B..._...........
2f80	4b cf 03 00 55 00 00 00 31 d0 03 00 57 01 00 00 87 d0 03 00 8a 00 00 00 df d1 03 00 9b 00 00 00	K...U...1...W...................
2fa0	6a d2 03 00 8d 00 00 00 06 d3 03 00 74 00 00 00 94 d3 03 00 5c 00 00 00 09 d4 03 00 8e 00 00 00	j...........t.......\...........
2fc0	66 d4 03 00 92 00 00 00 f5 d4 03 00 74 01 00 00 88 d5 03 00 87 00 00 00 fd d6 03 00 3e 00 00 00	f...........t...............>...
2fe0	85 d7 03 00 d5 00 00 00 c4 d7 03 00 91 00 00 00 9a d8 03 00 bf 00 00 00 2c d9 03 00 55 00 00 00	........................,...U...
3000	ec d9 03 00 2c 00 00 00 42 da 03 00 21 00 00 00 6f da 03 00 9d 00 00 00 91 da 03 00 1e 00 00 00	....,...B...!...o...............
3020	2f db 03 00 09 00 00 00 4e db 03 00 38 00 00 00 58 db 03 00 2c 00 00 00 91 db 03 00 9f 00 00 00	/.......N...8...X...,...........
3040	be db 03 00 7e 00 00 00 5e dc 03 00 a3 00 00 00 dd dc 03 00 55 00 00 00 81 dd 03 00 70 00 00 00	....~...^...........U.......p...
3060	d7 dd 03 00 70 00 00 00 48 de 03 00 4e 00 00 00 b9 de 03 00 3b 00 00 00 08 df 03 00 6b 01 00 00	....p...H...N.......;.......k...
3080	44 df 03 00 4a 00 00 00 b0 e0 03 00 b5 00 00 00 fb e0 03 00 71 00 00 00 b1 e1 03 00 c2 00 00 00	D...J...............q...........
30a0	23 e2 03 00 70 00 00 00 e6 e2 03 00 dd 00 00 00 57 e3 03 00 4a 00 00 00 35 e4 03 00 4d 00 00 00	#...p...........W...J...5...M...
30c0	80 e4 03 00 6f 00 00 00 ce e4 03 00 68 00 00 00 3e e5 03 00 e3 00 00 00 a7 e5 03 00 01 03 00 00	....o.......h...>...............
30e0	8b e6 03 00 bc 01 00 00 8d e9 03 00 da 00 00 00 4a eb 03 00 8e 00 00 00 25 ec 03 00 d0 00 00 00	................J.......%.......
3100	b4 ec 03 00 81 00 00 00 85 ed 03 00 b0 01 00 00 07 ee 03 00 94 00 00 00 b8 ef 03 00 f7 00 00 00	................................
3120	4d f0 03 00 49 00 00 00 45 f1 03 00 56 02 00 00 8f f1 03 00 85 00 00 00 e6 f3 03 00 1d 02 00 00	M...I...E...V...................
3140	6c f4 03 00 5b 00 00 00 8a f6 03 00 5b 00 00 00 e6 f6 03 00 b4 00 00 00 42 f7 03 00 60 00 00 00	l...[.......[...........B...`...
3160	f7 f7 03 00 fe 00 00 00 58 f8 03 00 61 00 00 00 57 f9 03 00 9d 00 00 00 b9 f9 03 00 9c 00 00 00	........X...a...W...............
3180	57 fa 03 00 13 01 00 00 f4 fa 03 00 bb 00 00 00 08 fc 03 00 3d 00 00 00 c4 fc 03 00 c2 00 00 00	W...................=...........
31a0	02 fd 03 00 db 00 00 00 c5 fd 03 00 d2 00 00 00 a1 fe 03 00 77 00 00 00 74 ff 03 00 08 01 00 00	....................w...t.......
31c0	ec ff 03 00 2e 01 00 00 f5 00 04 00 68 00 00 00 24 02 04 00 3c 00 00 00 8d 02 04 00 45 01 00 00	............h...$...<.......E...
31e0	ca 02 04 00 c1 01 00 00 10 04 04 00 4e 00 00 00 d2 05 04 00 62 00 00 00 21 06 04 00 ae 00 00 00	............N.......b...!.......
3200	84 06 04 00 dd 00 00 00 33 07 04 00 77 00 00 00 11 08 04 00 b7 00 00 00 89 08 04 00 bb 00 00 00	........3...w...................
3220	41 09 04 00 5c 00 00 00 fd 09 04 00 6a 01 00 00 5a 0a 04 00 62 00 00 00 c5 0b 04 00 c3 00 00 00	A...\.......j...Z...b...........
3240	28 0c 04 00 11 00 00 00 ec 0c 04 00 d2 00 00 00 fe 0c 04 00 1d 01 00 00 d1 0d 04 00 9b 01 00 00	(...............................
3260	ef 0e 04 00 9b 01 00 00 8b 10 04 00 6b 00 00 00 27 12 04 00 98 00 00 00 93 12 04 00 4a 00 00 00	............k...'...........J...
3280	2c 13 04 00 0a 00 00 00 77 13 04 00 18 00 00 00 82 13 04 00 3e 00 00 00 9b 13 04 00 67 01 00 00	,.......w...........>.......g...
32a0	da 13 04 00 0d 00 00 00 42 15 04 00 16 00 00 00 50 15 04 00 23 00 00 00 67 15 04 00 58 00 00 00	........B.......P...#...g...X...
32c0	8b 15 04 00 67 00 00 00 e4 15 04 00 ef 00 00 00 4c 16 04 00 6e 00 00 00 3c 17 04 00 98 00 00 00	....g...........L...n...<.......
32e0	ab 17 04 00 0b 00 00 00 44 18 04 00 0b 00 00 00 50 18 04 00 4c 00 00 00 5c 18 04 00 17 00 00 00	........D.......P...L...\.......
3300	a9 18 04 00 10 00 00 00 c1 18 04 00 10 00 00 00 d2 18 04 00 90 00 00 00 e3 18 04 00 17 00 00 00	................................
3320	74 19 04 00 37 00 00 00 8c 19 04 00 36 00 00 00 c4 19 04 00 2f 00 00 00 fb 19 04 00 97 00 00 00	t...7.......6......./...........
3340	2b 1a 04 00 10 00 00 00 c3 1a 04 00 0a 00 00 00 d4 1a 04 00 18 00 00 00 df 1a 04 00 72 01 00 00	+...........................r...
3360	f8 1a 04 00 40 00 00 00 6b 1c 04 00 7f 01 00 00 ac 1c 04 00 48 01 00 00 2c 1e 04 00 14 00 00 00	....@...k...........H...,.......
3380	75 1f 04 00 08 00 00 00 8a 1f 04 00 18 00 00 00 93 1f 04 00 31 00 00 00 ac 1f 04 00 8f 01 00 00	u...................1...........
33a0	de 1f 04 00 f7 00 00 00 6e 21 04 00 e9 00 00 00 66 22 04 00 89 00 00 00 50 23 04 00 38 00 00 00	........n!......f"......P#..8...
33c0	da 23 04 00 8f 00 00 00 13 24 04 00 37 00 00 00 a3 24 04 00 1b 00 00 00 db 24 04 00 25 01 00 00	.#.......$..7....$.......$..%...
33e0	f7 24 04 00 cb 00 00 00 1d 26 04 00 db 00 00 00 e9 26 04 00 a5 00 00 00 c5 27 04 00 93 00 00 00	.$.......&.......&.......'......
3400	6b 28 04 00 e3 00 00 00 ff 28 04 00 02 02 00 00 e3 29 04 00 c4 00 00 00 e6 2b 04 00 e6 00 00 00	k(.......(.......).......+......
3420	ab 2c 04 00 4f 00 00 00 92 2d 04 00 a4 00 00 00 e2 2d 04 00 28 01 00 00 87 2e 04 00 9d 00 00 00	.,..O....-.......-..(...........
3440	b0 2f 04 00 3b 00 00 00 4e 30 04 00 4a 00 00 00 8a 30 04 00 81 00 00 00 d5 30 04 00 49 00 00 00	./..;...N0..J....0.......0..I...
3460	57 31 04 00 36 00 00 00 a1 31 04 00 11 00 00 00 d8 31 04 00 0f 00 00 00 ea 31 04 00 18 00 00 00	W1..6....1.......1.......1......
3480	fa 31 04 00 0e 00 00 00 13 32 04 00 0e 00 00 00 22 32 04 00 0f 00 00 00 31 32 04 00 0b 00 00 00	.1.......2......"2......12......
34a0	41 32 04 00 0f 00 00 00 4d 32 04 00 0f 00 00 00 5d 32 04 00 08 00 00 00 6d 32 04 00 07 00 00 00	A2......M2......]2......m2......
34c0	76 32 04 00 04 00 00 00 7e 32 04 00 0f 00 00 00 83 32 04 00 06 00 00 00 93 32 04 00 ff 00 00 00	v2......~2.......2.......2......
34e0	9a 32 04 00 23 00 00 00 9a 33 04 00 23 00 00 00 be 33 04 00 0e 00 00 00 e2 33 04 00 07 00 00 00	.2..#....3..#....3.......3......
3500	f1 33 04 00 0a 00 00 00 f9 33 04 00 04 00 00 00 04 34 04 00 36 00 00 00 09 34 04 00 b5 00 00 00	.3.......3.......4..6....4......
3520	40 34 04 00 04 00 00 00 f6 34 04 00 f5 00 00 00 fb 34 04 00 19 00 00 00 f1 35 04 00 42 00 00 00	@4.......4.......4.......5..B...
3540	0b 36 04 00 1b 00 00 00 4e 36 04 00 34 01 00 00 6a 36 04 00 3e 00 00 00 9f 37 04 00 29 00 00 00	.6......N6..4...j6..>....7..)...
3560	de 37 04 00 33 00 00 00 08 38 04 00 14 02 00 00 3c 38 04 00 40 00 00 00 51 3a 04 00 3d 00 00 00	.7..3....8......<8..@...Q:..=...
3580	92 3a 04 00 07 01 00 00 d0 3a 04 00 23 00 00 00 d8 3b 04 00 11 00 00 00 fc 3b 04 00 3f 00 00 00	.:.......:..#....;.......;..?...
35a0	0e 3c 04 00 20 00 00 00 4e 3c 04 00 6f 00 00 00 6f 3c 04 00 3d 00 00 00 df 3c 04 00 68 00 00 00	.<......N<..o...o<..=....<..h...
35c0	1d 3d 04 00 6b 00 00 00 86 3d 04 00 23 00 00 00 f2 3d 04 00 07 00 00 00 16 3e 04 00 7d 00 00 00	.=..k....=..#....=.......>..}...
35e0	1e 3e 04 00 06 00 00 00 9c 3e 04 00 16 00 00 00 a3 3e 04 00 35 00 00 00 ba 3e 04 00 10 00 00 00	.>.......>.......>..5....>......
3600	f0 3e 04 00 69 02 00 00 01 3f 04 00 1b 00 00 00 6b 41 04 00 52 01 00 00 87 41 04 00 4a 00 00 00	.>..i....?......kA..R....A..J...
3620	da 42 04 00 e8 01 00 00 25 43 04 00 9d 01 00 00 0e 45 04 00 d7 00 00 00 ac 46 04 00 1e 00 00 00	.B......%C.......E.......F......
3640	84 47 04 00 2f 00 00 00 a3 47 04 00 21 00 00 00 d3 47 04 00 0c 00 00 00 f5 47 04 00 0e 00 00 00	.G../....G..!....G.......G......
3660	02 48 04 00 24 00 00 00 11 48 04 00 0e 00 00 00 36 48 04 00 59 00 00 00 45 48 04 00 22 00 00 00	.H..$....H......6H..Y...EH.."...
3680	9f 48 04 00 05 00 00 00 c2 48 04 00 20 00 00 00 c8 48 04 00 14 00 00 00 e9 48 04 00 42 00 00 00	.H.......H.......H.......H..B...
36a0	fe 48 04 00 1f 00 00 00 41 49 04 00 2e 00 00 00 61 49 04 00 10 00 00 00 90 49 04 00 10 00 00 00	.H......AI......aI.......I......
36c0	a1 49 04 00 12 00 00 00 b2 49 04 00 12 00 00 00 c5 49 04 00 2e 00 00 00 d8 49 04 00 3c 00 00 00	.I.......I.......I.......I..<...
36e0	07 4a 04 00 3b 00 00 00 44 4a 04 00 0b 00 00 00 80 4a 04 00 38 00 00 00 8c 4a 04 00 2c 00 00 00	.J..;...DJ.......J..8....J..,...
3700	c5 4a 04 00 09 00 00 00 f2 4a 04 00 09 00 00 00 fc 4a 04 00 0e 00 00 00 06 4b 04 00 63 00 00 00	.J.......J.......J.......K..c...
3720	15 4b 04 00 9c 00 00 00 79 4b 04 00 ab 00 00 00 16 4c 04 00 eb 00 00 00 c2 4c 04 00 30 00 00 00	.K......yK.......L.......L..0...
3740	ae 4d 04 00 07 00 00 00 df 4d 04 00 63 00 00 00 e7 4d 04 00 0c 01 00 00 4b 4e 04 00 0c 00 00 00	.M.......M..c....M......KN......
3760	58 4f 04 00 0c 00 00 00 65 4f 04 00 15 00 00 00 72 4f 04 00 08 00 00 00 88 4f 04 00 8c 00 00 00	XO......eO......rO.......O......
3780	91 4f 04 00 03 00 00 00 1e 50 04 00 0a 00 00 00 22 50 04 00 35 00 00 00 2d 50 04 00 13 00 00 00	.O.......P......"P..5...-P......
37a0	63 50 04 00 19 00 00 00 77 50 04 00 06 00 00 00 91 50 04 00 3b 02 00 00 98 50 04 00 85 00 00 00	cP......wP.......P..;....P......
37c0	d4 52 04 00 0e 00 00 00 5a 53 04 00 09 00 00 00 69 53 04 00 35 00 00 00 73 53 04 00 04 00 00 00	.R......ZS......iS..5...sS......
37e0	a9 53 04 00 e8 01 00 00 ae 53 04 00 5f 00 00 00 97 55 04 00 61 00 00 00 f7 55 04 00 03 00 00 00	.S.......S.._....U..a....U......
3800	59 56 04 00 0b 00 00 00 5d 56 04 00 1d 00 00 00 69 56 04 00 10 00 00 00 87 56 04 00 4d 00 00 00	YV......]V......iV.......V..M...
3820	98 56 04 00 0f 00 00 00 e6 56 04 00 3b 00 00 00 f6 56 04 00 12 00 00 00 32 57 04 00 1d 00 00 00	.V.......V..;....V......2W......
3840	45 57 04 00 51 00 00 00 63 57 04 00 41 00 00 00 b5 57 04 00 6a 00 00 00 f7 57 04 00 66 00 00 00	EW..Q...cW..A....W..j....W..f...
3860	62 58 04 00 1c 00 00 00 c9 58 04 00 8d 00 00 00 e6 58 04 00 d1 00 00 00 74 59 04 00 1d 00 00 00	bX.......X.......X......tY......
3880	46 5a 04 00 e3 00 00 00 64 5a 04 00 e4 00 00 00 48 5b 04 00 24 00 00 00 2d 5c 04 00 5a 00 00 00	FZ......dZ......H[..$...-\..Z...
38a0	52 5c 04 00 1a 00 00 00 ad 5c 04 00 21 00 00 00 c8 5c 04 00 29 00 00 00 ea 5c 04 00 77 00 00 00	R\.......\..!....\..)....\..w...
38c0	14 5d 04 00 73 00 00 00 8c 5d 04 00 53 00 00 00 00 5e 04 00 5c 00 00 00 54 5e 04 00 1e 00 00 00	.]..s....]..S....^..\...T^......
38e0	b1 5e 04 00 54 00 00 00 d0 5e 04 00 60 00 00 00 25 5f 04 00 24 00 00 00 86 5f 04 00 61 00 00 00	.^..T....^..`...%_..$...._..a...
3900	ab 5f 04 00 48 00 00 00 0d 60 04 00 25 00 00 00 56 60 04 00 28 00 00 00 7c 60 04 00 2e 00 00 00	._..H....`..%...V`..(...|`......
3920	a5 60 04 00 9e 00 00 00 d4 60 04 00 11 00 00 00 73 61 04 00 7a 00 00 00 85 61 04 00 17 00 00 00	.`.......`......sa..z....a......
3940	00 62 04 00 13 00 00 00 18 62 04 00 7d 00 00 00 2c 62 04 00 83 00 00 00 aa 62 04 00 11 00 00 00	.b.......b..}...,b.......b......
3960	2e 63 04 00 10 00 00 00 40 63 04 00 33 00 00 00 51 63 04 00 6a 00 00 00 85 63 04 00 22 00 00 00	.c......@c..3...Qc..j....c.."...
3980	f0 63 04 00 1e 01 00 00 13 64 04 00 dd 00 00 00 32 65 04 00 49 00 00 00 10 66 04 00 06 00 00 00	.c.......d......2e..I....f......
39a0	5a 66 04 00 11 00 00 00 61 66 04 00 38 00 00 00 73 66 04 00 28 00 00 00 ac 66 04 00 24 00 00 00	Zf......af..8...sf..(....f..$...
39c0	d5 66 04 00 37 00 00 00 fa 66 04 00 43 00 00 00 32 67 04 00 0a 00 00 00 76 67 04 00 b3 00 00 00	.f..7....f..C...2g......vg......
39e0	81 67 04 00 8c 00 00 00 35 68 04 00 21 00 00 00 c2 68 04 00 05 00 00 00 e4 68 04 00 89 01 00 00	.g......5h..!....h.......h......
3a00	ea 68 04 00 ae 01 00 00 74 6a 04 00 27 00 00 00 23 6c 04 00 09 00 00 00 4b 6c 04 00 fc 00 00 00	.h......tj..'...#l......Kl......
3a20	55 6c 04 00 0f 00 00 00 52 6d 04 00 6c 00 00 00 62 6d 04 00 35 00 00 00 cf 6d 04 00 d4 00 00 00	Ul......Rm..l...bm..5....m......
3a40	05 6e 04 00 d4 00 00 00 da 6e 04 00 f4 00 00 00 af 6f 04 00 24 00 00 00 a4 70 04 00 6f 00 00 00	.n.......n.......o..$....p..o...
3a60	c9 70 04 00 10 00 00 00 39 71 04 00 c6 00 00 00 4a 71 04 00 30 00 00 00 11 72 04 00 a3 00 00 00	.p......9q......Jq..0....r......
3a80	42 72 04 00 a4 00 00 00 e6 72 04 00 25 00 00 00 8b 73 04 00 38 00 00 00 b1 73 04 00 22 00 00 00	Br.......r..%....s..8....s.."...
3aa0	ea 73 04 00 65 00 00 00 0d 74 04 00 80 00 00 00 73 74 04 00 74 00 00 00 f4 74 04 00 6a 00 00 00	.s..e....t......st..t....t..j...
3ac0	69 75 04 00 a9 00 00 00 d4 75 04 00 01 00 00 00 7e 76 04 00 03 00 00 00 80 76 04 00 1f 00 00 00	iu.......u......~v.......v......
3ae0	84 76 04 00 11 00 00 00 a4 76 04 00 10 00 00 00 b6 76 04 00 37 01 00 00 c7 76 04 00 0b 00 00 00	.v.......v.......v..7....v......
3b00	ff 77 04 00 0e 00 00 00 0b 78 04 00 17 00 00 00 1a 78 04 00 22 00 00 00 32 78 04 00 05 00 00 00	.w.......x.......x.."...2x......
3b20	55 78 04 00 0c 00 00 00 5b 78 04 00 eb 00 00 00 68 78 04 00 03 00 00 00 54 79 04 00 41 02 00 00	Ux......[x......hx......Ty..A...
3b40	58 79 04 00 ad 00 00 00 9a 7b 04 00 0d 00 00 00 48 7c 04 00 91 00 00 00 56 7c 04 00 0b 00 00 00	Xy.......{......H|......V|......
3b60	e8 7c 04 00 16 00 00 00 f4 7c 04 00 40 00 00 00 0b 7d 04 00 23 00 00 00 4c 7d 04 00 1f 00 00 00	.|.......|..@....}..#...L}......
3b80	70 7d 04 00 07 00 00 00 90 7d 04 00 0f 00 00 00 98 7d 04 00 4b 00 00 00 a8 7d 04 00 ab 01 00 00	p}.......}.......}..K....}......
3ba0	f4 7d 04 00 a3 00 00 00 a0 7f 04 00 13 00 00 00 44 80 04 00 1c 00 00 00 58 80 04 00 18 00 00 00	.}..............D.......X.......
3bc0	75 80 04 00 23 00 00 00 8e 80 04 00 0f 00 00 00 b2 80 04 00 10 00 00 00 c2 80 04 00 0e 00 00 00	u...#...........................
3be0	d3 80 04 00 25 00 00 00 e2 80 04 00 1a 00 00 00 08 81 04 00 18 00 00 00 23 81 04 00 45 00 00 00	....%...................#...E...
3c00	3c 81 04 00 16 00 00 00 82 81 04 00 25 00 00 00 99 81 04 00 38 00 00 00 bf 81 04 00 36 00 00 00	<...........%.......8.......6...
3c20	f8 81 04 00 20 00 00 00 2f 82 04 00 13 00 00 00 50 82 04 00 1e 00 00 00 64 82 04 00 15 00 00 00	......../.......P.......d.......
3c40	83 82 04 00 ba 00 00 00 99 82 04 00 25 00 00 00 54 83 04 00 89 00 00 00 7a 83 04 00 13 00 00 00	............%...T.......z.......
3c60	04 84 04 00 1a 00 00 00 18 84 04 00 3a 00 00 00 33 84 04 00 81 01 00 00 6e 84 04 00 47 00 00 00	............:...3.......n...G...
3c80	f0 85 04 00 74 00 00 00 38 86 04 00 9d 00 00 00 ad 86 04 00 7b 01 00 00 4b 87 04 00 61 00 00 00	....t...8...........{...K...a...
3ca0	c7 88 04 00 06 00 00 00 29 89 04 00 47 00 00 00 30 89 04 00 44 00 00 00 78 89 04 00 37 00 00 00	........)...G...0...D...x...7...
3cc0	bd 89 04 00 07 01 00 00 f5 89 04 00 57 00 00 00 fd 8a 04 00 31 00 00 00 55 8b 04 00 5b 00 00 00	............W.......1...U...[...
3ce0	87 8b 04 00 1f 00 00 00 e3 8b 04 00 2b 00 00 00 03 8c 04 00 04 00 00 00 2f 8c 04 00 16 00 00 00	............+.........../.......
3d00	34 8c 04 00 37 00 00 00 4b 8c 04 00 38 01 00 00 83 8c 04 00 0d 00 00 00 bc 8d 04 00 0d 00 00 00	4...7...K...8...................
3d20	ca 8d 04 00 12 00 00 00 d8 8d 04 00 0a 00 00 00 eb 8d 04 00 4e 00 00 00 f6 8d 04 00 08 01 00 00	....................N...........
3d40	45 8e 04 00 24 01 00 00 4e 8f 04 00 15 00 00 00 73 90 04 00 5c 00 00 00 89 90 04 00 a4 00 00 00	E...$...N.......s...\...........
3d60	e6 90 04 00 16 00 00 00 8b 91 04 00 8a 02 00 00 a2 91 04 00 1d 00 00 00 2d 94 04 00 0c 00 00 00	........................-.......
3d80	4b 94 04 00 1f 00 00 00 58 94 04 00 43 00 00 00 78 94 04 00 0d 00 00 00 bc 94 04 00 c1 00 00 00	K.......X...C...x...............
3da0	ca 94 04 00 77 00 00 00 8c 95 04 00 69 00 00 00 04 96 04 00 76 00 00 00 6e 96 04 00 0e 01 00 00	....w.......i.......v...n.......
3dc0	e5 96 04 00 cb 00 00 00 f4 97 04 00 19 01 00 00 c0 98 04 00 43 00 00 00 da 99 04 00 ab 00 00 00	....................C...........
3de0	1e 9a 04 00 9a 00 00 00 ca 9a 04 00 17 01 00 00 65 9b 04 00 6f 00 00 00 7d 9c 04 00 7b 00 00 00	................e...o...}...{...
3e00	ed 9c 04 00 12 01 00 00 69 9d 04 00 e6 00 00 00 7c 9e 04 00 b6 00 00 00 63 9f 04 00 b1 00 00 00	........i.......|.......c.......
3e20	1a a0 04 00 fb 00 00 00 cc a0 04 00 20 00 00 00 c8 a1 04 00 a0 01 00 00 e9 a1 04 00 53 00 00 00	............................S...
3e40	8a a3 04 00 39 00 00 00 de a3 04 00 28 00 00 00 18 a4 04 00 3b 00 00 00 41 a4 04 00 34 00 00 00	....9.......(.......;...A...4...
3e60	7d a4 04 00 52 00 00 00 b2 a4 04 00 53 00 00 00 05 a5 04 00 52 00 00 00 59 a5 04 00 80 01 00 00	}...R.......S.......R...Y.......
3e80	ac a5 04 00 23 00 00 00 2d a7 04 00 0b 00 00 00 51 a7 04 00 ad 00 00 00 5d a7 04 00 91 00 00 00	....#...-.......Q.......].......
3ea0	0b a8 04 00 1b 02 00 00 9d a8 04 00 e8 01 00 00 b9 aa 04 00 07 00 00 00 a2 ac 04 00 df 00 00 00	................................
3ec0	aa ac 04 00 45 01 00 00 8a ad 04 00 22 00 00 00 d0 ae 04 00 79 01 00 00 f3 ae 04 00 a6 00 00 00	....E.......".......y...........
3ee0	6d b0 04 00 83 00 00 00 14 b1 04 00 19 00 00 00 98 b1 04 00 0f 00 00 00 b2 b1 04 00 09 00 00 00	m...............................
3f00	c2 b1 04 00 12 00 00 00 cc b1 04 00 0e 00 00 00 df b1 04 00 21 00 00 00 ee b1 04 00 17 00 00 00	....................!...........
3f20	10 b2 04 00 14 00 00 00 28 b2 04 00 19 00 00 00 3d b2 04 00 14 00 00 00 57 b2 04 00 06 00 00 00	........(.......=.......W.......
3f40	6c b2 04 00 13 00 00 00 73 b2 04 00 12 00 00 00 87 b2 04 00 0d 00 00 00 9a b2 04 00 6a 00 00 00	l.......s...................j...
3f60	a8 b2 04 00 17 00 00 00 13 b3 04 00 2e 00 00 00 2b b3 04 00 2d 00 00 00 5a b3 04 00 08 00 00 00	................+...-...Z.......
3f80	88 b3 04 00 16 00 00 00 91 b3 04 00 59 00 00 00 a8 b3 04 00 19 00 00 00 02 b4 04 00 7e 00 00 00	............Y...............~...
3fa0	1c b4 04 00 07 00 00 00 9b b4 04 00 2a 00 00 00 a3 b4 04 00 4f 00 00 00 ce b4 04 00 17 00 00 00	............*.......O...........
3fc0	1e b5 04 00 3b 00 00 00 36 b5 04 00 87 01 00 00 72 b5 04 00 6e 00 00 00 fa b6 04 00 24 00 00 00	....;...6.......r...n.......$...
3fe0	69 b7 04 00 54 00 00 00 8e b7 04 00 a4 01 00 00 e3 b7 04 00 8f 01 00 00 88 b9 04 00 24 00 00 00	i...T.......................$...
4000	18 bb 04 00 1f 00 00 00 3d bb 04 00 07 00 00 00 5d bb 04 00 1b 00 00 00 65 bb 04 00 08 00 00 00	........=.......].......e.......
4020	81 bb 04 00 5c 00 00 00 8a bb 04 00 08 00 00 00 e7 bb 04 00 1b 00 00 00 f0 bb 04 00 57 00 00 00	....\.......................W...
4040	0c bc 04 00 14 00 00 00 64 bc 04 00 3f 00 00 00 79 bc 04 00 3a 00 00 00 b9 bc 04 00 75 00 00 00	........d...?...y...:.......u...
4060	f4 bc 04 00 69 00 00 00 6a bd 04 00 32 01 00 00 d4 bd 04 00 36 01 00 00 07 bf 04 00 0c 00 00 00	....i...j...2.......6...........
4080	3e c0 04 00 41 01 00 00 4b c0 04 00 03 00 00 00 8d c1 04 00 04 00 00 00 91 c1 04 00 0c 00 00 00	>...A...K.......................
40a0	96 c1 04 00 05 00 00 00 a3 c1 04 00 0c 00 00 00 a9 c1 04 00 0d 00 00 00 b6 c1 04 00 0b 00 00 00	................................
40c0	c4 c1 04 00 ae 00 00 00 d0 c1 04 00 31 01 00 00 7f c2 04 00 ca 00 00 00 b1 c3 04 00 43 00 00 00	............1...............C...
40e0	7c c4 04 00 46 00 00 00 c0 c4 04 00 0b 00 00 00 07 c5 04 00 0b 00 00 00 13 c5 04 00 19 00 00 00	|...F...........................
4100	1f c5 04 00 0f 00 00 00 39 c5 04 00 ba 01 00 00 49 c5 04 00 6a 00 00 00 04 c7 04 00 13 00 00 00	........9.......I...j...........
4120	6f c7 04 00 e4 00 00 00 83 c7 04 00 46 00 00 00 68 c8 04 00 88 01 00 00 af c8 04 00 89 01 00 00	o...........F...h...............
4140	38 ca 04 00 0b 00 00 00 c2 cb 04 00 ce 00 00 00 ce cb 04 00 6c 00 00 00 9d cc 04 00 10 01 00 00	8...................l...........
4160	0a cd 04 00 6e 00 00 00 1b ce 04 00 26 00 00 00 8a ce 04 00 40 00 00 00 b1 ce 04 00 a0 00 00 00	....n.......&.......@...........
4180	f2 ce 04 00 b9 00 00 00 93 cf 04 00 58 00 00 00 4d d0 04 00 64 00 00 00 a6 d0 04 00 39 00 00 00	............X...M...d.......9...
41a0	0b d1 04 00 45 00 00 00 45 d1 04 00 4a 00 00 00 8b d1 04 00 4b 00 00 00 d6 d1 04 00 96 00 00 00	....E...E...J.......K...........
41c0	22 d2 04 00 37 00 00 00 b9 d2 04 00 8f 00 00 00 f1 d2 04 00 06 00 00 00 81 d3 04 00 0f 00 00 00	"...7...........................
41e0	88 d3 04 00 1b 00 00 00 98 d3 04 00 33 00 00 00 b4 d3 04 00 56 00 00 00 e8 d3 04 00 0b 00 00 00	............3.......V...........
4200	3f d4 04 00 12 00 00 00 4b d4 04 00 38 00 00 00 5e d4 04 00 19 00 00 00 97 d4 04 00 33 00 00 00	?.......K...8...^...........3...
4220	b1 d4 04 00 1f 00 00 00 e5 d4 04 00 2e 00 00 00 05 d5 04 00 93 01 00 00 34 d5 04 00 0a 00 00 00	........................4.......
4240	c8 d6 04 00 0a 00 00 00 d3 d6 04 00 63 00 00 00 de d6 04 00 2f 00 00 00 42 d7 04 00 32 00 00 00	............c......./...B...2...
4260	72 d7 04 00 4c 00 00 00 a5 d7 04 00 23 00 00 00 f2 d7 04 00 64 00 00 00 16 d8 04 00 65 00 00 00	r...L.......#.......d.......e...
4280	7b d8 04 00 6e 00 00 00 e1 d8 04 00 29 00 00 00 50 d9 04 00 dd 00 00 00 7a d9 04 00 2d 00 00 00	{...n.......)...P.......z...-...
42a0	58 da 04 00 11 00 00 00 86 da 04 00 11 00 00 00 98 da 04 00 12 00 00 00 aa da 04 00 0c 00 00 00	X...............................
42c0	bd da 04 00 30 00 00 00 ca da 04 00 3f 00 00 00 fb da 04 00 40 00 00 00 3b db 04 00 04 01 00 00	....0.......?.......@...;.......
42e0	7c db 04 00 a9 00 00 00 81 dc 04 00 18 00 00 00 2b dd 04 00 08 00 00 00 44 dd 04 00 46 00 00 00	|...............+.......D...F...
4300	4d dd 04 00 4d 00 00 00 94 dd 04 00 1f 00 00 00 e2 dd 04 00 4f 00 00 00 02 de 04 00 3d 00 00 00	M...M...............O.......=...
4320	52 de 04 00 08 00 00 00 90 de 04 00 0e 00 00 00 99 de 04 00 84 01 00 00 a8 de 04 00 8c 00 00 00	R...............................
4340	2d e0 04 00 11 00 00 00 ba e0 04 00 0e 01 00 00 cc e0 04 00 3a 00 00 00 db e1 04 00 09 00 00 00	-...................:...........
4360	16 e2 04 00 38 00 00 00 20 e2 04 00 bd 00 00 00 59 e2 04 00 30 00 00 00 17 e3 04 00 31 00 00 00	....8...........Y...0.......1...
4380	48 e3 04 00 24 00 00 00 7a e3 04 00 23 00 00 00 9f e3 04 00 20 00 00 00 c3 e3 04 00 21 00 00 00	H...$...z...#...............!...
43a0	e4 e3 04 00 3a 00 00 00 06 e4 04 00 1f 00 00 00 41 e4 04 00 32 00 00 00 61 e4 04 00 26 00 00 00	....:...........A...2...a...&...
43c0	94 e4 04 00 13 00 00 00 bb e4 04 00 41 00 00 00 cf e4 04 00 a0 00 00 00 11 e5 04 00 3e 00 00 00	............A...............>...
43e0	b2 e5 04 00 1f 00 00 00 f1 e5 04 00 ce 00 00 00 11 e6 04 00 4c 01 00 00 e0 e6 04 00 36 01 00 00	....................L.......6...
4400	2d e8 04 00 21 00 00 00 64 e9 04 00 1e 00 00 00 86 e9 04 00 0e 00 00 00 a5 e9 04 00 03 00 00 00	-...!...d.......................
4420	b4 e9 04 00 39 00 00 00 b8 e9 04 00 2f 00 00 00 f2 e9 04 00 b8 00 00 00 22 ea 04 00 24 00 00 00	....9......./..........."...$...
4440	db ea 04 00 49 00 00 00 00 eb 04 00 03 00 00 00 4a eb 04 00 24 00 00 00 4e eb 04 00 03 00 00 00	....I...........J...$...N.......
4460	73 eb 04 00 06 00 00 00 77 eb 04 00 0c 00 00 00 7e eb 04 00 18 00 00 00 8b eb 04 00 15 00 00 00	s.......w.......~...............
4480	a4 eb 04 00 22 00 00 00 ba eb 04 00 4c 00 00 00 dd eb 04 00 45 00 00 00 2a ec 04 00 98 00 00 00	....".......L.......E...*.......
44a0	70 ec 04 00 15 00 00 00 09 ed 04 00 53 01 00 00 1f ed 04 00 20 00 00 00 73 ee 04 00 03 00 00 00	p...........S...........s.......
44c0	94 ee 04 00 21 00 00 00 98 ee 04 00 21 00 00 00 ba ee 04 00 04 00 00 00 dc ee 04 00 15 00 00 00	....!.......!...................
44e0	e1 ee 04 00 e1 00 00 00 f7 ee 04 00 08 00 00 00 d9 ef 04 00 0d 00 00 00 e2 ef 04 00 c3 00 00 00	................................
4500	f0 ef 04 00 20 00 00 00 b4 f0 04 00 21 00 00 00 d5 f0 04 00 0c 00 00 00 f7 f0 04 00 0a 00 00 00	............!...................
4520	04 f1 04 00 72 00 00 00 0f f1 04 00 dc 00 00 00 82 f1 04 00 0e 00 00 00 5f f2 04 00 4f 00 00 00	....r..................._...O...
4540	6e f2 04 00 6a 00 00 00 be f2 04 00 50 00 00 00 29 f3 04 00 0e 00 00 00 7a f3 04 00 0b 00 00 00	n...j.......P...).......z.......
4560	89 f3 04 00 1f 00 00 00 95 f3 04 00 41 00 00 00 b5 f3 04 00 13 04 00 00 f7 f3 04 00 87 00 00 00	............A...................
4580	0b f8 04 00 25 00 00 00 93 f8 04 00 16 00 00 00 b9 f8 04 00 2f 01 00 00 d0 f8 04 00 96 00 00 00	....%.............../...........
45a0	00 fa 04 00 1e 00 00 00 97 fa 04 00 1c 00 00 00 b6 fa 04 00 ad 01 00 00 d3 fa 04 00 45 00 00 00	............................E...
45c0	81 fc 04 00 16 00 00 00 c7 fc 04 00 35 00 00 00 de fc 04 00 3b 00 00 00 14 fd 04 00 4a 00 00 00	............5.......;.......J...
45e0	50 fd 04 00 54 00 00 00 9b fd 04 00 73 00 00 00 f0 fd 04 00 4c 00 00 00 64 fe 04 00 0d 00 00 00	P...T.......s.......L...d.......
4600	b1 fe 04 00 23 00 00 00 bf fe 04 00 23 00 00 00 e3 fe 04 00 21 00 00 00 07 ff 04 00 15 00 00 00	....#.......#.......!...........
4620	29 ff 04 00 0b 00 00 00 3f ff 04 00 0a 00 00 00 4b ff 04 00 1e 00 00 00 56 ff 04 00 0b 00 00 00	).......?.......K.......V.......
4640	75 ff 04 00 1f 00 00 00 81 ff 04 00 15 00 00 00 a1 ff 04 00 4e 00 00 00 b7 ff 04 00 0b 00 00 00	u...................N...........
4660	06 00 05 00 3d 00 00 00 12 00 05 00 25 00 00 00 50 00 05 00 11 00 00 00 76 00 05 00 76 00 00 00	....=.......%...P.......v...v...
4680	88 00 05 00 43 00 00 00 ff 00 05 00 6b 00 00 00 43 01 05 00 0c 00 00 00 af 01 05 00 0d 00 00 00	....C.......k...C...............
46a0	bc 01 05 00 05 00 00 00 ca 01 05 00 0d 00 00 00 d0 01 05 00 0e 00 00 00 de 01 05 00 81 00 00 00	................................
46c0	ed 01 05 00 07 00 00 00 6f 02 05 00 1a 00 00 00 77 02 05 00 27 00 00 00 92 02 05 00 19 00 00 00	........o.......w...'...........
46e0	ba 02 05 00 17 00 00 00 d4 02 05 00 1f 00 00 00 ec 02 05 00 6d 00 00 00 0c 03 05 00 58 00 00 00	....................m.......X...
4700	7a 03 05 00 0c 00 00 00 d3 03 05 00 0b 00 00 00 e0 03 05 00 10 00 00 00 ec 03 05 00 3d 00 00 00	z...........................=...
4720	fd 03 05 00 39 00 00 00 3b 04 05 00 40 00 00 00 75 04 05 00 0d 00 00 00 b6 04 05 00 0b 00 00 00	....9...;...@...u...............
4740	c4 04 05 00 1f 00 00 00 d0 04 05 00 0f 00 00 00 f0 04 05 00 0f 00 00 00 00 05 05 00 1d 00 00 00	................................
4760	10 05 05 00 09 00 00 00 2e 05 05 00 10 00 00 00 38 05 05 00 14 00 00 00 49 05 05 00 1d 00 00 00	................8.......I.......
4780	5e 05 05 00 0f 00 00 00 7c 05 05 00 1d 00 00 00 8c 05 05 00 17 00 00 00 aa 05 05 00 d0 01 00 00	^.......|.......................
47a0	c2 05 05 00 2e 00 00 00 93 07 05 00 7d 00 00 00 c2 07 05 00 c1 00 00 00 40 08 05 00 0c 00 00 00	............}...........@.......
47c0	02 09 05 00 13 00 00 00 0f 09 05 00 15 00 00 00 23 09 05 00 0f 00 00 00 39 09 05 00 67 00 00 00	................#.......9...g...
47e0	49 09 05 00 56 00 00 00 b1 09 05 00 11 00 00 00 08 0a 05 00 c1 00 00 00 1a 0a 05 00 59 00 00 00	I...V.......................Y...
4800	dc 0a 05 00 c6 00 00 00 36 0b 05 00 07 00 00 00 fd 0b 05 00 07 00 00 00 05 0c 05 00 35 00 00 00	........6...................5...
4820	0d 0c 05 00 69 00 00 00 43 0c 05 00 6c 00 00 00 ad 0c 05 00 7c 00 00 00 1a 0d 05 00 69 00 00 00	....i...C...l.......|.......i...
4840	97 0d 05 00 0b 00 00 00 01 0e 05 00 09 00 00 00 0d 0e 05 00 11 00 00 00 17 0e 05 00 05 00 00 00	................................
4860	29 0e 05 00 ad 00 00 00 2f 0e 05 00 4c 00 00 00 dd 0e 05 00 12 00 00 00 2a 0f 05 00 04 00 00 00	)......./...L...........*.......
4880	3d 0f 05 00 06 00 00 00 42 0f 05 00 04 00 00 00 49 0f 05 00 0f 00 00 00 4e 0f 05 00 16 00 00 00	=.......B.......I.......N.......
48a0	5e 0f 05 00 d7 00 00 00 75 0f 05 00 fd 00 00 00 4d 10 05 00 65 01 00 00 4b 11 05 00 06 00 00 00	^.......u.......M...e...K.......
48c0	b1 12 05 00 f4 00 00 00 b8 12 05 00 00 01 00 00 ad 13 05 00 06 00 00 00 ae 14 05 00 0b 02 00 00	................................
48e0	b5 14 05 00 e2 01 00 00 c1 16 05 00 03 00 00 00 a4 18 05 00 27 00 00 00 a8 18 05 00 18 00 00 00	....................'...........
4900	d0 18 05 00 0a 00 00 00 e9 18 05 00 7b 01 00 00 f4 18 05 00 40 00 00 00 70 1a 05 00 a9 01 00 00	............{.......@...p.......
4920	b1 1a 05 00 30 00 00 00 5b 1c 05 00 10 00 00 00 8c 1c 05 00 1b 00 00 00 9d 1c 05 00 2e 00 00 00	....0...[.......................
4940	b9 1c 05 00 0b 00 00 00 e8 1c 05 00 13 00 00 00 f4 1c 05 00 0b 00 00 00 08 1d 05 00 2e 00 00 00	................................
4960	14 1d 05 00 46 00 00 00 43 1d 05 00 0d 00 00 00 8a 1d 05 00 0b 00 00 00 98 1d 05 00 58 01 00 00	....F...C...................X...
4980	a4 1d 05 00 88 00 00 00 fd 1e 05 00 45 00 00 00 86 1f 05 00 29 00 00 00 cc 1f 05 00 96 00 00 00	............E.......)...........
49a0	f6 1f 05 00 10 00 00 00 8d 20 05 00 09 00 00 00 9e 20 05 00 a8 00 00 00 a8 20 05 00 3a 00 00 00	............................:...
49c0	51 21 05 00 08 00 00 00 8c 21 05 00 20 00 00 00 95 21 05 00 4b 00 00 00 b6 21 05 00 0f 00 00 00	Q!.......!.......!..K....!......
49e0	02 22 05 00 26 01 00 00 12 22 05 00 5b 01 00 00 39 23 05 00 87 00 00 00 95 24 05 00 86 00 00 00	."..&...."..[...9#.......$......
4a00	1d 25 05 00 ce 01 00 00 a4 25 05 00 51 00 00 00 73 27 05 00 f2 00 00 00 c5 27 05 00 0e 00 00 00	.%.......%..Q...s'.......'......
4a20	b8 28 05 00 34 00 00 00 c7 28 05 00 36 00 00 00 fc 28 05 00 bd 00 00 00 33 29 05 00 7e 00 00 00	.(..4....(..6....(......3)..~...
4a40	f1 29 05 00 0e 00 00 00 70 2a 05 00 dd 00 00 00 7f 2a 05 00 06 00 00 00 5d 2b 05 00 12 00 00 00	.)......p*.......*......]+......
4a60	64 2b 05 00 14 00 00 00 77 2b 05 00 0b 00 00 00 8c 2b 05 00 14 00 00 00 98 2b 05 00 42 00 00 00	d+......w+.......+.......+..B...
4a80	ad 2b 05 00 07 00 00 00 f0 2b 05 00 07 00 00 00 f8 2b 05 00 c7 00 00 00 00 2c 05 00 29 00 00 00	.+.......+.......+.......,..)...
4aa0	c8 2c 05 00 28 00 00 00 f2 2c 05 00 23 00 00 00 1b 2d 05 00 14 00 00 00 3f 2d 05 00 20 00 00 00	.,..(....,..#....-......?-......
4ac0	54 2d 05 00 18 00 00 00 75 2d 05 00 28 00 00 00 8e 2d 05 00 1d 00 00 00 b7 2d 05 00 29 00 00 00	T-......u-..(....-.......-..)...
4ae0	d5 2d 05 00 1e 00 00 00 ff 2d 05 00 30 00 00 00 1e 2e 05 00 4b 00 00 00 4f 2e 05 00 6e 00 00 00	.-.......-..0.......K...O...n...
4b00	9b 2e 05 00 2d 00 00 00 0a 2f 05 00 16 00 00 00 38 2f 05 00 1c 00 00 00 4f 2f 05 00 1b 00 00 00	....-..../......8/......O/......
4b20	6c 2f 05 00 35 00 00 00 88 2f 05 00 97 00 00 00 be 2f 05 00 4e 00 00 00 56 30 05 00 1d 00 00 00	l/..5..../......./..N...V0......
4b40	a5 30 05 00 4c 00 00 00 c3 30 05 00 17 00 00 00 10 31 05 00 1f 00 00 00 28 31 05 00 1b 00 00 00	.0..L....0.......1......(1......
4b60	48 31 05 00 24 00 00 00 64 31 05 00 31 00 00 00 89 31 05 00 4a 00 00 00 bb 31 05 00 5a 00 00 00	H1..$...d1..1....1..J....1..Z...
4b80	06 32 05 00 2a 00 00 00 61 32 05 00 3f 00 00 00 8c 32 05 00 47 00 00 00 cc 32 05 00 28 00 00 00	.2..*...a2..?....2..G....2..(...
4ba0	14 33 05 00 2a 00 00 00 3d 33 05 00 2d 00 00 00 68 33 05 00 30 00 00 00 96 33 05 00 2d 00 00 00	.3..*...=3..-...h3..0....3..-...
4bc0	c7 33 05 00 2c 00 00 00 f5 33 05 00 19 00 00 00 22 34 05 00 29 00 00 00 3c 34 05 00 30 00 00 00	.3..,....3......"4..)...<4..0...
4be0	66 34 05 00 24 00 00 00 97 34 05 00 2b 00 00 00 bc 34 05 00 29 00 00 00 e8 34 05 00 35 00 00 00	f4..$....4..+....4..)....4..5...
4c00	12 35 05 00 2a 00 00 00 48 35 05 00 2b 00 00 00 73 35 05 00 55 00 00 00 9f 35 05 00 3c 00 00 00	.5..*...H5..+...s5..U....5..<...
4c20	f5 35 05 00 90 00 00 00 32 36 05 00 1a 00 00 00 c3 36 05 00 4c 00 00 00 de 36 05 00 1f 00 00 00	.5......26.......6..L....6......
4c40	2b 37 05 00 71 00 00 00 4b 37 05 00 6b 00 00 00 bd 37 05 00 5b 00 00 00 29 38 05 00 2c 00 00 00	+7..q...K7..k....7..[...)8..,...
4c60	85 38 05 00 4e 00 00 00 b2 38 05 00 2a 00 00 00 01 39 05 00 a0 00 00 00 2c 39 05 00 65 00 00 00	.8..N....8..*....9......,9..e...
4c80	cd 39 05 00 27 01 00 00 33 3a 05 00 d0 00 00 00 5b 3b 05 00 d8 00 00 00 2c 3c 05 00 3f 00 00 00	.9..'...3:......[;......,<..?...
4ca0	05 3d 05 00 38 00 00 00 45 3d 05 00 46 00 00 00 7e 3d 05 00 53 00 00 00 c5 3d 05 00 45 00 00 00	.=..8...E=..F...~=..S....=..E...
4cc0	19 3e 05 00 26 01 00 00 5f 3e 05 00 f1 00 00 00 86 3f 05 00 48 00 00 00 78 40 05 00 49 00 00 00	.>..&..._>.......?..H...x@..I...
4ce0	c1 40 05 00 d0 00 00 00 0b 41 05 00 16 00 00 00 dc 41 05 00 60 00 00 00 f3 41 05 00 50 00 00 00	.@.......A.......A..`....A..P...
4d00	54 42 05 00 27 00 00 00 a5 42 05 00 18 00 00 00 cd 42 05 00 49 00 00 00 e6 42 05 00 52 00 00 00	TB..'....B.......B..I....B..R...
4d20	30 43 05 00 58 00 00 00 83 43 05 00 3d 00 00 00 dc 43 05 00 25 00 00 00 1a 44 05 00 26 00 00 00	0C..X....C..=....C..%....D..&...
4d40	40 44 05 00 2a 00 00 00 67 44 05 00 23 00 00 00 92 44 05 00 47 00 00 00 b6 44 05 00 f4 00 00 00	@D..*...gD..#....D..G....D......
4d60	fe 44 05 00 44 00 00 00 f3 45 05 00 61 00 00 00 38 46 05 00 54 00 00 00 9a 46 05 00 3c 00 00 00	.D..D....E..a...8F..T....F..<...
4d80	ef 46 05 00 6d 00 00 00 2c 47 05 00 6a 00 00 00 9a 47 05 00 43 00 00 00 05 48 05 00 5c 00 00 00	.F..m...,G..j....G..C....H..\...
4da0	49 48 05 00 a4 00 00 00 a6 48 05 00 a8 00 00 00 4b 49 05 00 e8 00 00 00 f4 49 05 00 ec 00 00 00	IH.......H......KI.......I......
4dc0	dd 4a 05 00 34 00 00 00 ca 4b 05 00 23 00 00 00 ff 4b 05 00 55 00 00 00 23 4c 05 00 66 00 00 00	.J..4....K..#....K..U...#L..f...
4de0	79 4c 05 00 7b 00 00 00 e0 4c 05 00 41 00 00 00 5c 4d 05 00 42 00 00 00 9e 4d 05 00 41 00 00 00	yL..{....L..A...\M..B....M..A...
4e00	e1 4d 05 00 56 00 00 00 23 4e 05 00 35 00 00 00 7a 4e 05 00 2b 00 00 00 b0 4e 05 00 2f 00 00 00	.M..V...#N..5...zN..+....N../...
4e20	dc 4e 05 00 63 00 00 00 0c 4f 05 00 56 00 00 00 70 4f 05 00 4d 00 00 00 c7 4f 05 00 34 00 00 00	.N..c....O..V...pO..M....O..4...
4e40	15 50 05 00 79 01 00 00 4a 50 05 00 df 00 00 00 c4 51 05 00 f0 00 00 00 a4 52 05 00 54 00 00 00	.P..y...JP.......Q.......R..T...
4e60	95 53 05 00 32 00 00 00 ea 53 05 00 0c 01 00 00 1d 54 05 00 26 01 00 00 2a 55 05 00 4a 00 00 00	.S..2....S.......T..&...*U..J...
4e80	51 56 05 00 1a 00 00 00 9c 56 05 00 2f 00 00 00 b7 56 05 00 a4 00 00 00 e7 56 05 00 2a 00 00 00	QV.......V../....V.......V..*...
4ea0	8c 57 05 00 2d 00 00 00 b7 57 05 00 af 00 00 00 e5 57 05 00 ce 00 00 00 95 58 05 00 53 00 00 00	.W..-....W.......W.......X..S...
4ec0	64 59 05 00 45 00 00 00 b8 59 05 00 34 00 00 00 fe 59 05 00 7a 00 00 00 33 5a 05 00 27 00 00 00	dY..E....Y..4....Y..z...3Z..'...
4ee0	ae 5a 05 00 27 00 00 00 d6 5a 05 00 5b 00 00 00 fe 5a 05 00 78 00 00 00 5a 5b 05 00 5f 00 00 00	.Z..'....Z..[....Z..x...Z[.._...
4f00	d3 5b 05 00 1b 00 00 00 33 5c 05 00 0c 00 00 00 4f 5c 05 00 b4 01 00 00 5c 5c 05 00 2c 00 00 00	.[......3\......O\......\\..,...
4f20	11 5e 05 00 75 00 00 00 3e 5e 05 00 41 00 00 00 b4 5e 05 00 41 00 00 00 f6 5e 05 00 a1 00 00 00	.^..u...>^..A....^..A....^......
4f40	38 5f 05 00 7f 00 00 00 da 5f 05 00 77 00 00 00 5a 60 05 00 08 00 00 00 d2 60 05 00 0e 00 00 00	8_......._..w...Z`.......`......
4f60	db 60 05 00 06 00 00 00 ea 60 05 00 15 00 00 00 f1 60 05 00 27 00 00 00 07 61 05 00 ee 00 00 00	.`.......`.......`..'....a......
4f80	2f 61 05 00 eb 00 00 00 1e 62 05 00 04 00 00 00 0a 63 05 00 20 00 00 00 0f 63 05 00 22 00 00 00	/a.......b.......c.......c.."...
4fa0	30 63 05 00 11 00 00 00 53 63 05 00 3a 00 00 00 65 63 05 00 88 00 00 00 a0 63 05 00 16 00 00 00	0c......Sc..:...ec.......c......
4fc0	29 64 05 00 16 00 00 00 40 64 05 00 18 00 00 00 57 64 05 00 26 00 00 00 70 64 05 00 1a 00 00 00	)d......@d......Wd..&...pd......
4fe0	97 64 05 00 27 00 00 00 b2 64 05 00 23 00 00 00 da 64 05 00 17 00 00 00 fe 64 05 00 21 00 00 00	.d..'....d..#....d.......d..!...
5000	16 65 05 00 28 00 00 00 38 65 05 00 49 00 00 00 61 65 05 00 44 00 00 00 ab 65 05 00 25 00 00 00	.e..(...8e..I...ae..D....e..%...
5020	f0 65 05 00 12 00 00 00 16 66 05 00 3a 00 00 00 29 66 05 00 32 00 00 00 64 66 05 00 3f 00 00 00	.e.......f..:...)f..2...df..?...
5040	97 66 05 00 a2 00 00 00 d7 66 05 00 21 00 00 00 7a 67 05 00 0d 00 00 00 9c 67 05 00 4a 00 00 00	.f.......f..!...zg.......g..J...
5060	aa 67 05 00 2e 00 00 00 f5 67 05 00 2e 00 00 00 24 68 05 00 2e 00 00 00 53 68 05 00 1f 00 00 00	.g.......g......$h......Sh......
5080	82 68 05 00 41 00 00 00 a2 68 05 00 3c 00 00 00 e4 68 05 00 5b 00 00 00 21 69 05 00 30 00 00 00	.h..A....h..<....h..[...!i..0...
50a0	7d 69 05 00 3f 00 00 00 ae 69 05 00 38 00 00 00 ee 69 05 00 52 00 00 00 27 6a 05 00 39 00 00 00	}i..?....i..8....i..R...'j..9...
50c0	7a 6a 05 00 3b 00 00 00 b4 6a 05 00 4a 00 00 00 f0 6a 05 00 2d 00 00 00 3b 6b 05 00 20 00 00 00	zj..;....j..J....j..-...;k......
50e0	69 6b 05 00 29 00 00 00 8a 6b 05 00 2b 00 00 00 b4 6b 05 00 38 00 00 00 e0 6b 05 00 3a 00 00 00	ik..)....k..+....k..8....k..:...
5100	19 6c 05 00 3a 00 00 00 54 6c 05 00 30 00 00 00 8f 6c 05 00 27 00 00 00 c0 6c 05 00 8d 00 00 00	.l..:...Tl..0....l..'....l......
5120	e8 6c 05 00 8d 00 00 00 76 6d 05 00 2f 00 00 00 04 6e 05 00 2a 00 00 00 34 6e 05 00 19 00 00 00	.l......vm../....n..*...4n......
5140	5f 6e 05 00 23 00 00 00 79 6e 05 00 37 00 00 00 9d 6e 05 00 20 00 00 00 d5 6e 05 00 1c 00 00 00	_n..#...yn..7....n.......n......
5160	f6 6e 05 00 30 00 00 00 13 6f 05 00 27 00 00 00 44 6f 05 00 20 00 00 00 6c 6f 05 00 25 00 00 00	.n..0....o..'...Do......lo..%...
5180	8d 6f 05 00 0e 00 00 00 b3 6f 05 00 40 00 00 00 c2 6f 05 00 23 00 00 00 03 70 05 00 24 00 00 00	.o.......o..@....o..#....p..$...
51a0	27 70 05 00 07 00 00 00 4c 70 05 00 07 00 00 00 54 70 05 00 33 00 00 00 5c 70 05 00 33 00 00 00	'p......Lp......Tp..3...\p..3...
51c0	90 70 05 00 33 00 00 00 c4 70 05 00 33 00 00 00 f8 70 05 00 40 00 00 00 2c 71 05 00 51 00 00 00	.p..3....p..3....p..@...,q..Q...
51e0	6d 71 05 00 4f 00 00 00 bf 71 05 00 3d 00 00 00 0f 72 05 00 64 00 00 00 4d 72 05 00 6f 00 00 00	mq..O....q..=....r..d...Mr..o...
5200	b2 72 05 00 cd 00 00 00 22 73 05 00 82 00 00 00 f0 73 05 00 c3 00 00 00 73 74 05 00 19 00 00 00	.r......"s.......s......st......
5220	37 75 05 00 10 00 00 00 51 75 05 00 0c 00 00 00 62 75 05 00 ac 00 00 00 6f 75 05 00 e2 00 00 00	7u......Qu......bu......ou......
5240	1c 76 05 00 c3 00 00 00 ff 76 05 00 95 00 00 00 c3 77 05 00 0a 00 00 00 59 78 05 00 21 01 00 00	.v.......v.......w......Yx..!...
5260	64 78 05 00 d8 00 00 00 86 79 05 00 8c 00 00 00 5f 7a 05 00 f8 00 00 00 ec 7a 05 00 49 00 00 00	dx.......y......_z.......z..I...
5280	e5 7b 05 00 93 00 00 00 2f 7c 05 00 80 00 00 00 c3 7c 05 00 79 00 00 00 44 7d 05 00 79 00 00 00	.{....../|.......|..y...D}..y...
52a0	be 7d 05 00 53 01 00 00 38 7e 05 00 7f 00 00 00 8c 7f 05 00 a9 00 00 00 0c 80 05 00 b6 00 00 00	.}..S...8~......................
52c0	b6 80 05 00 83 00 00 00 6d 81 05 00 86 00 00 00 f1 81 05 00 0e 00 00 00 78 82 05 00 5d 00 00 00	........m...............x...]...
52e0	87 82 05 00 36 00 00 00 e5 82 05 00 10 00 00 00 1c 83 05 00 0d 00 00 00 2d 83 05 00 45 00 00 00	....6...................-...E...
5300	3b 83 05 00 45 00 00 00 81 83 05 00 19 00 00 00 c7 83 05 00 1c 00 00 00 e1 83 05 00 45 00 00 00	;...E.......................E...
5320	fe 83 05 00 50 00 00 00 44 84 05 00 65 00 00 00 95 84 05 00 2f 00 00 00 fb 84 05 00 60 00 00 00	....P...D...e......./.......`...
5340	2b 85 05 00 55 00 00 00 8c 85 05 00 48 00 00 00 e2 85 05 00 75 00 00 00 2b 86 05 00 77 00 00 00	+...U.......H.......u...+...w...
5360	a1 86 05 00 e2 00 00 00 19 87 05 00 53 00 00 00 fc 87 05 00 8b 00 00 00 50 88 05 00 56 00 00 00	............S...........P...V...
5380	dc 88 05 00 d2 00 00 00 33 89 05 00 36 00 00 00 06 8a 05 00 ce 00 00 00 3d 8a 05 00 c1 00 00 00	........3...6...........=.......
53a0	0c 8b 05 00 38 00 00 00 ce 8b 05 00 57 00 00 00 07 8c 05 00 bd 00 00 00 5f 8c 05 00 85 00 00 00	....8.......W..........._.......
53c0	1d 8d 05 00 4f 00 00 00 a3 8d 05 00 ba 01 00 00 f3 8d 05 00 b6 00 00 00 ae 8f 05 00 63 00 00 00	....O.......................c...
53e0	65 90 05 00 4c 00 00 00 c9 90 05 00 d5 00 00 00 16 91 05 00 66 00 00 00 ec 91 05 00 45 01 00 00	e...L...............f.......E...
5400	53 92 05 00 57 00 00 00 99 93 05 00 a4 00 00 00 f1 93 05 00 65 00 00 00 96 94 05 00 c0 01 00 00	S...W...............e...........
5420	fc 94 05 00 72 00 00 00 bd 96 05 00 52 00 00 00 30 97 05 00 81 00 00 00 83 97 05 00 75 00 00 00	....r.......R...0...........u...
5440	05 98 05 00 30 00 00 00 7b 98 05 00 31 00 00 00 ac 98 05 00 50 00 00 00 de 98 05 00 36 00 00 00	....0...{...1.......P.......6...
5460	2f 99 05 00 50 01 00 00 66 99 05 00 69 00 00 00 b7 9a 05 00 4a 00 00 00 21 9b 05 00 57 00 00 00	/...P...f...i.......J...!...W...
5480	6c 9b 05 00 6d 00 00 00 c4 9b 05 00 64 00 00 00 32 9c 05 00 64 00 00 00 97 9c 05 00 99 00 00 00	l...m.......d...2...d...........
54a0	fc 9c 05 00 26 00 00 00 96 9d 05 00 ad 00 00 00 bd 9d 05 00 81 00 00 00 6b 9e 05 00 33 00 00 00	....&...................k...3...
54c0	ed 9e 05 00 c0 00 00 00 21 9f 05 00 90 00 00 00 e2 9f 05 00 a2 00 00 00 73 a0 05 00 83 00 00 00	........!...............s.......
54e0	16 a1 05 00 41 00 00 00 9a a1 05 00 3a 00 00 00 dc a1 05 00 65 00 00 00 17 a2 05 00 06 00 00 00	....A.......:.......e...........
5500	7d a2 05 00 05 00 00 00 84 a2 05 00 e3 01 00 00 8a a2 05 00 3d 00 00 00 6e a4 05 00 a8 00 00 00	}...................=...n.......
5520	ac a4 05 00 bf 00 00 00 55 a5 05 00 b2 00 00 00 15 a6 05 00 06 00 00 00 c8 a6 05 00 4b 01 00 00	........U...................K...
5540	cf a6 05 00 4c 01 00 00 1b a8 05 00 17 00 00 00 68 a9 05 00 0b 00 00 00 80 a9 05 00 0d 00 00 00	....L...........h...............
5560	8c a9 05 00 55 00 00 00 9a a9 05 00 0f 00 00 00 f0 a9 05 00 0f 00 00 00 00 aa 05 00 5c 00 00 00	....U.......................\...
5580	10 aa 05 00 ff 02 00 00 6d aa 05 00 b1 00 00 00 6d ad 05 00 37 00 00 00 1f ae 05 00 06 00 00 00	........m.......m...7...........
55a0	57 ae 05 00 12 00 00 00 5e ae 05 00 9a 00 00 00 71 ae 05 00 08 00 00 00 0c af 05 00 38 00 00 00	W.......^.......q...........8...
55c0	15 af 05 00 11 00 00 00 4e af 05 00 1c 00 00 00 60 af 05 00 1a 00 00 00 7d af 05 00 49 00 00 00	........N.......`.......}...I...
55e0	98 af 05 00 1e 00 00 00 e2 af 05 00 2f 00 00 00 01 b0 05 00 73 00 00 00 31 b0 05 00 ae 00 00 00	............/.......s...1.......
5600	a5 b0 05 00 af 00 00 00 54 b1 05 00 d0 00 00 00 04 b2 05 00 0b 00 00 00 d5 b2 05 00 60 00 00 00	........T...................`...
5620	e1 b2 05 00 06 00 00 00 42 b3 05 00 06 00 00 00 49 b3 05 00 da 00 00 00 50 b3 05 00 98 00 00 00	........B.......I.......P.......
5640	2b b4 05 00 bc 00 00 00 c4 b4 05 00 06 00 00 00 81 b5 05 00 0a 00 00 00 88 b5 05 00 14 00 00 00	+...............................
5660	93 b5 05 00 1b 00 00 00 a8 b5 05 00 0c 00 00 00 c4 b5 05 00 2e 00 00 00 d1 b5 05 00 1d 00 00 00	................................
5680	00 b6 05 00 0e 00 00 00 1e b6 05 00 ff 01 00 00 2d b6 05 00 26 00 00 00 2d b8 05 00 0e 00 00 00	................-...&...-.......
56a0	54 b8 05 00 21 00 00 00 63 b8 05 00 98 00 00 00 85 b8 05 00 07 00 00 00 1e b9 05 00 03 00 00 00	T...!...c.......................
56c0	26 b9 05 00 91 00 00 00 2a b9 05 00 0b 00 00 00 bc b9 05 00 6a 00 00 00 c8 b9 05 00 0e 00 00 00	&.......*...........j...........
56e0	33 ba 05 00 08 00 00 00 42 ba 05 00 2b 00 00 00 4b ba 05 00 29 00 00 00 77 ba 05 00 35 00 00 00	3.......B...+...K...)...w...5...
5700	a1 ba 05 00 7b 00 00 00 d7 ba 05 00 56 00 00 00 53 bb 05 00 25 00 00 00 aa bb 05 00 3a 00 00 00	....{.......V...S...%.......:...
5720	d0 bb 05 00 3a 00 00 00 0b bc 05 00 0d 00 00 00 46 bc 05 00 64 00 00 00 54 bc 05 00 64 00 00 00	....:...........F...d...T...d...
5740	b9 bc 05 00 67 00 00 00 1e bd 05 00 67 00 00 00 86 bd 05 00 0c 00 00 00 ee bd 05 00 16 00 00 00	....g.......g...................
5760	fb bd 05 00 44 01 00 00 12 be 05 00 41 00 00 00 57 bf 05 00 47 00 00 00 99 bf 05 00 d3 00 00 00	....D.......A...W...G...........
5780	e1 bf 05 00 3a 02 00 00 b5 c0 05 00 d7 00 00 00 f0 c2 05 00 93 00 00 00 c8 c3 05 00 4e 01 00 00	....:.......................N...
57a0	5c c4 05 00 30 00 00 00 ab c5 05 00 c8 00 00 00 dc c5 05 00 ab 00 00 00 a5 c6 05 00 31 00 00 00	\...0.......................1...
57c0	51 c7 05 00 68 01 00 00 83 c7 05 00 39 00 00 00 ec c8 05 00 3b 01 00 00 26 c9 05 00 b2 00 00 00	Q...h.......9.......;...&.......
57e0	62 ca 05 00 27 00 00 00 15 cb 05 00 44 00 00 00 3d cb 05 00 d2 00 00 00 82 cb 05 00 73 00 00 00	b...'.......D...=...........s...
5800	55 cc 05 00 d7 00 00 00 c9 cc 05 00 9f 00 00 00 a1 cd 05 00 af 00 00 00 41 ce 05 00 cc 00 00 00	U.......................A.......
5820	f1 ce 05 00 4f 00 00 00 be cf 05 00 3f 01 00 00 0e d0 05 00 c1 00 00 00 4e d1 05 00 59 00 00 00	....O.......?...........N...Y...
5840	10 d2 05 00 21 01 00 00 6a d2 05 00 29 01 00 00 8c d3 05 00 6f 00 00 00 b6 d4 05 00 8f 00 00 00	....!...j...).......o...........
5860	26 d5 05 00 8d 00 00 00 b6 d5 05 00 6c 00 00 00 44 d6 05 00 3a 00 00 00 b1 d6 05 00 95 00 00 00	&...........l...D...:...........
5880	ec d6 05 00 68 00 00 00 82 d7 05 00 58 00 00 00 eb d7 05 00 15 01 00 00 44 d8 05 00 52 00 00 00	....h.......X...........D...R...
58a0	5a d9 05 00 94 00 00 00 ad d9 05 00 9e 00 00 00 42 da 05 00 79 00 00 00 e1 da 05 00 50 00 00 00	Z...............B...y.......P...
58c0	5b db 05 00 9e 00 00 00 ac db 05 00 13 00 00 00 4b dc 05 00 98 01 00 00 5f dc 05 00 2d 00 00 00	[...............K......._...-...
58e0	f8 dd 05 00 39 00 00 00 26 de 05 00 e0 00 00 00 60 de 05 00 26 00 00 00 41 df 05 00 b5 00 00 00	....9...&.......`...&...A.......
5900	68 df 05 00 70 01 00 00 1e e0 05 00 1b 00 00 00 8f e1 05 00 bb 00 00 00 ab e1 05 00 fd 00 00 00	h...p...........................
5920	67 e2 05 00 85 00 00 00 65 e3 05 00 b5 00 00 00 eb e3 05 00 5b 00 00 00 a1 e4 05 00 83 00 00 00	g.......e...........[...........
5940	fd e4 05 00 4b 00 00 00 81 e5 05 00 59 01 00 00 cd e5 05 00 27 00 00 00 27 e7 05 00 f8 00 00 00	....K.......Y.......'...'.......
5960	4f e7 05 00 28 02 00 00 48 e8 05 00 ff 00 00 00 71 ea 05 00 61 00 00 00 71 eb 05 00 5a 00 00 00	O...(...H.......q...a...q...Z...
5980	d3 eb 05 00 a9 00 00 00 2e ec 05 00 b6 00 00 00 d8 ec 05 00 5e 00 00 00 8f ed 05 00 d3 00 00 00	....................^...........
59a0	ee ed 05 00 24 00 00 00 c2 ee 05 00 bc 00 00 00 e7 ee 05 00 68 00 00 00 a4 ef 05 00 24 00 00 00	....$...............h.......$...
59c0	0d f0 05 00 bd 00 00 00 32 f0 05 00 21 00 00 00 f0 f0 05 00 40 00 00 00 12 f1 05 00 1a 00 00 00	........2...!.......@...........
59e0	53 f1 05 00 45 00 00 00 6e f1 05 00 17 01 00 00 b4 f1 05 00 d2 01 00 00 cc f2 05 00 a2 00 00 00	S...E...n.......................
5a00	9f f4 05 00 d1 00 00 00 42 f5 05 00 e4 00 00 00 14 f6 05 00 bf 00 00 00 f9 f6 05 00 dc 00 00 00	........B.......................
5a20	b9 f7 05 00 4e 01 00 00 96 f8 05 00 45 00 00 00 e5 f9 05 00 b4 00 00 00 2b fa 05 00 f9 00 00 00	....N.......E...........+.......
5a40	e0 fa 05 00 c5 00 00 00 da fb 05 00 27 00 00 00 a0 fc 05 00 b7 00 00 00 c8 fc 05 00 ae 00 00 00	............'...................
5a60	80 fd 05 00 52 00 00 00 2f fe 05 00 ab 00 00 00 82 fe 05 00 c8 00 00 00 2e ff 05 00 5b 00 00 00	....R.../...................[...
5a80	f7 ff 05 00 ab 00 00 00 53 00 06 00 30 00 00 00 ff 00 06 00 68 00 00 00 30 01 06 00 33 00 00 00	........S...0.......h...0...3...
5aa0	99 01 06 00 2d 00 00 00 cd 01 06 00 4e 00 00 00 fb 01 06 00 70 00 00 00 4a 02 06 00 6c 00 00 00	....-.......N.......p...J...l...
5ac0	bb 02 06 00 c5 00 00 00 28 03 06 00 b7 00 00 00 ee 03 06 00 38 00 00 00 a6 04 06 00 dd 00 00 00	........(...........8...........
5ae0	df 04 06 00 5f 01 00 00 bd 05 06 00 dc 00 00 00 1d 07 06 00 c8 00 00 00 fa 07 06 00 36 00 00 00	...._.......................6...
5b00	c3 08 06 00 6e 00 00 00 fa 08 06 00 60 00 00 00 69 09 06 00 b0 00 00 00 ca 09 06 00 6e 00 00 00	....n.......`...i...........n...
5b20	7b 0a 06 00 6b 00 00 00 ea 0a 06 00 35 00 00 00 56 0b 06 00 33 00 00 00 8c 0b 06 00 f1 00 00 00	{...k.......5...V...3...........
5b40	c0 0b 06 00 2b 00 00 00 b2 0c 06 00 38 00 00 00 de 0c 06 00 3a 01 00 00 17 0d 06 00 4b 00 00 00	....+.......8.......:.......K...
5b60	52 0e 06 00 53 01 00 00 9e 0e 06 00 92 01 00 00 f2 0f 06 00 a1 00 00 00 85 11 06 00 28 00 00 00	R...S.......................(...
5b80	27 12 06 00 35 01 00 00 50 12 06 00 9a 00 00 00 86 13 06 00 10 01 00 00 21 14 06 00 2b 00 00 00	'...5...P...............!...+...
5ba0	32 15 06 00 a6 00 00 00 5e 15 06 00 2e 00 00 00 05 16 06 00 3f 00 00 00 34 16 06 00 ec 00 00 00	2.......^...........?...4.......
5bc0	74 16 06 00 ee 00 00 00 61 17 06 00 9a 01 00 00 50 18 06 00 42 00 00 00 eb 19 06 00 82 00 00 00	t.......a.......P...B...........
5be0	2e 1a 06 00 9b 00 00 00 b1 1a 06 00 31 00 00 00 4d 1b 06 00 b4 00 00 00 7f 1b 06 00 5e 00 00 00	............1...M...........^...
5c00	34 1c 06 00 25 01 00 00 93 1c 06 00 42 00 00 00 b9 1d 06 00 5c 00 00 00 fc 1d 06 00 56 00 00 00	4...%.......B.......\.......V...
5c20	59 1e 06 00 fe 00 00 00 b0 1e 06 00 79 00 00 00 af 1f 06 00 55 00 00 00 29 20 06 00 cd 01 00 00	Y...........y.......U...).......
5c40	7f 20 06 00 3d 00 00 00 4d 22 06 00 e8 01 00 00 8b 22 06 00 40 00 00 00 74 24 06 00 7f 00 00 00	....=...M"......."..@...t$......
5c60	b5 24 06 00 6c 00 00 00 35 25 06 00 6e 00 00 00 a2 25 06 00 a5 00 00 00 11 26 06 00 6b 00 00 00	.$..l...5%..n....%.......&..k...
5c80	b7 26 06 00 69 01 00 00 23 27 06 00 34 00 00 00 8d 28 06 00 79 00 00 00 c2 28 06 00 3d 00 00 00	.&..i...#'..4....(..y....(..=...
5ca0	3c 29 06 00 54 00 00 00 7a 29 06 00 4c 00 00 00 cf 29 06 00 bc 00 00 00 1c 2a 06 00 6d 00 00 00	<)..T...z)..L....).......*..m...
5cc0	d9 2a 06 00 e6 00 00 00 47 2b 06 00 36 00 00 00 2e 2c 06 00 5b 00 00 00 65 2c 06 00 6a 00 00 00	.*......G+..6....,..[...e,..j...
5ce0	c1 2c 06 00 82 00 00 00 2c 2d 06 00 73 00 00 00 af 2d 06 00 49 00 00 00 23 2e 06 00 29 00 00 00	.,......,-..s....-..I...#...)...
5d00	6d 2e 06 00 2a 01 00 00 97 2e 06 00 47 00 00 00 c2 2f 06 00 46 00 00 00 0a 30 06 00 49 00 00 00	m...*.......G..../..F....0..I...
5d20	51 30 06 00 49 00 00 00 9b 30 06 00 22 00 00 00 e5 30 06 00 54 00 00 00 08 31 06 00 65 00 00 00	Q0..I....0.."....0..T....1..e...
5d40	5d 31 06 00 32 00 00 00 c3 31 06 00 9d 00 00 00 f6 31 06 00 2c 00 00 00 94 32 06 00 42 00 00 00	]1..2....1.......1..,....2..B...
5d60	c1 32 06 00 2b 00 00 00 04 33 06 00 86 01 00 00 30 33 06 00 c4 00 00 00 b7 34 06 00 c6 00 00 00	.2..+....3......03.......4......
5d80	7c 35 06 00 80 00 00 00 43 36 06 00 49 01 00 00 c4 36 06 00 90 00 00 00 0e 38 06 00 38 00 00 00	|5......C6..I....6.......8..8...
5da0	9f 38 06 00 9f 00 00 00 d8 38 06 00 1c 01 00 00 78 39 06 00 d5 00 00 00 95 3a 06 00 38 00 00 00	.8.......8......x9.......:..8...
5dc0	6b 3b 06 00 28 00 00 00 a4 3b 06 00 5c 00 00 00 cd 3b 06 00 29 00 00 00 2a 3c 06 00 71 00 00 00	k;..(....;..\....;..)...*<..q...
5de0	54 3c 06 00 41 00 00 00 c6 3c 06 00 0f 01 00 00 08 3d 06 00 fc 00 00 00 18 3e 06 00 89 00 00 00	T<..A....<.......=.......>......
5e00	15 3f 06 00 25 00 00 00 9f 3f 06 00 5f 00 00 00 c5 3f 06 00 ec 00 00 00 25 40 06 00 4e 00 00 00	.?..%....?.._....?......%@..N...
5e20	12 41 06 00 84 00 00 00 61 41 06 00 55 00 00 00 e6 41 06 00 12 01 00 00 3c 42 06 00 75 00 00 00	.A......aA..U....A......<B..u...
5e40	4f 43 06 00 65 00 00 00 c5 43 06 00 e2 00 00 00 2b 44 06 00 29 00 00 00 0e 45 06 00 a0 01 00 00	OC..e....C......+D..)....E......
5e60	38 45 06 00 ff 00 00 00 d9 46 06 00 db 00 00 00 d9 47 06 00 40 00 00 00 b5 48 06 00 4d 00 00 00	8E.......F.......G..@....H..M...
5e80	f6 48 06 00 92 00 00 00 44 49 06 00 43 00 00 00 d7 49 06 00 af 00 00 00 1b 4a 06 00 65 00 00 00	.H......DI..C....I.......J..e...
5ea0	cb 4a 06 00 a8 00 00 00 31 4b 06 00 38 00 00 00 da 4b 06 00 3e 01 00 00 13 4c 06 00 3c 00 00 00	.J......1K..8....K..>....L..<...
5ec0	52 4d 06 00 90 00 00 00 8f 4d 06 00 58 00 00 00 20 4e 06 00 95 00 00 00 79 4e 06 00 50 00 00 00	RM.......M..X....N......yN..P...
5ee0	0f 4f 06 00 64 00 00 00 60 4f 06 00 50 00 00 00 c5 4f 06 00 6d 00 00 00 16 50 06 00 3a 00 00 00	.O..d...`O..P....O..m....P..:...
5f00	84 50 06 00 29 00 00 00 bf 50 06 00 6d 00 00 00 e9 50 06 00 c0 00 00 00 57 51 06 00 b8 01 00 00	.P..)....P..m....P......WQ......
5f20	18 52 06 00 51 00 00 00 d1 53 06 00 21 00 00 00 23 54 06 00 71 00 00 00 45 54 06 00 24 00 00 00	.R..Q....S..!...#T..q...ET..$...
5f40	b7 54 06 00 bc 01 00 00 dc 54 06 00 55 00 00 00 99 56 06 00 a9 00 00 00 ef 56 06 00 4c 00 00 00	.T.......T..U....V.......V..L...
5f60	99 57 06 00 43 00 00 00 e6 57 06 00 39 00 00 00 2a 58 06 00 a9 00 00 00 64 58 06 00 50 00 00 00	.W..C....W..9...*X......dX..P...
5f80	0e 59 06 00 53 01 00 00 5f 59 06 00 46 00 00 00 b3 5a 06 00 44 00 00 00 fa 5a 06 00 43 00 00 00	.Y..S..._Y..F....Z..D....Z..C...
5fa0	3f 5b 06 00 de 00 00 00 83 5b 06 00 83 00 00 00 62 5c 06 00 83 00 00 00 e6 5c 06 00 39 01 00 00	?[.......[......b\.......\..9...
5fc0	6a 5d 06 00 a0 00 00 00 a4 5e 06 00 d1 00 00 00 45 5f 06 00 61 00 00 00 17 60 06 00 b4 00 00 00	j].......^......E_..a....`......
5fe0	79 60 06 00 b7 00 00 00 2e 61 06 00 b6 00 00 00 e6 61 06 00 bb 00 00 00 9d 62 06 00 a1 00 00 00	y`.......a.......a.......b......
6000	59 63 06 00 5c 00 00 00 fb 63 06 00 58 00 00 00 58 64 06 00 5c 00 00 00 b1 64 06 00 58 00 00 00	Yc..\....c..X...Xd..\....d..X...
6020	0e 65 06 00 71 00 00 00 67 65 06 00 5e 00 00 00 d9 65 06 00 21 01 00 00 38 66 06 00 13 01 00 00	.e..q...ge..^....e..!...8f......
6040	5a 67 06 00 12 01 00 00 6e 68 06 00 09 01 00 00 81 69 06 00 40 00 00 00 8b 6a 06 00 a3 00 00 00	Zg......nh.......i..@....j......
6060	cc 6a 06 00 a3 00 00 00 70 6b 06 00 9f 00 00 00 14 6c 06 00 9f 00 00 00 b4 6c 06 00 bb 00 00 00	.j......pk.......l.......l......
6080	54 6d 06 00 b4 00 00 00 10 6e 06 00 54 00 00 00 c5 6e 06 00 bc 00 00 00 1a 6f 06 00 56 00 00 00	Tm.......n..T....n.......o..V...
60a0	d7 6f 06 00 be 00 00 00 2e 70 06 00 4e 00 00 00 ed 70 06 00 cf 01 00 00 3c 71 06 00 29 01 00 00	.o.......p..N....p......<q..)...
60c0	0c 73 06 00 46 00 00 00 36 74 06 00 7e 00 00 00 7d 74 06 00 3c 00 00 00 fc 74 06 00 db 00 00 00	.s..F...6t..~...}t..<....t......
60e0	39 75 06 00 42 00 00 00 15 76 06 00 4e 00 00 00 58 76 06 00 4e 00 00 00 a7 76 06 00 49 00 00 00	9u..B....v..N...Xv..N....v..I...
6100	f6 76 06 00 49 00 00 00 40 77 06 00 43 00 00 00 8a 77 06 00 4b 00 00 00 ce 77 06 00 64 00 00 00	.v..I...@w..C....w..K....w..d...
6120	1a 78 06 00 46 00 00 00 7f 78 06 00 84 00 00 00 c6 78 06 00 7c 00 00 00 4b 79 06 00 86 00 00 00	.x..F....x.......x..|...Ky......
6140	c8 79 06 00 2f 00 00 00 4f 7a 06 00 79 00 00 00 7f 7a 06 00 76 00 00 00 f9 7a 06 00 81 00 00 00	.y../...Oz..y....z..v....z......
6160	70 7b 06 00 46 01 00 00 f2 7b 06 00 71 00 00 00 39 7d 06 00 66 00 00 00 ab 7d 06 00 3f 00 00 00	p{..F....{..q...9}..f....}..?...
6180	12 7e 06 00 88 00 00 00 52 7e 06 00 da 00 00 00 db 7e 06 00 19 00 00 00 b6 7f 06 00 90 01 00 00	.~......R~.......~..............
61a0	d0 7f 06 00 a5 00 00 00 61 81 06 00 2a 00 00 00 07 82 06 00 4c 00 00 00 32 82 06 00 3a 00 00 00	........a...*.......L...2...:...
61c0	7f 82 06 00 4e 00 00 00 ba 82 06 00 b0 00 00 00 09 83 06 00 2a 00 00 00 ba 83 06 00 21 00 00 00	....N...............*.......!...
61e0	e5 83 06 00 51 00 00 00 07 84 06 00 45 00 00 00 59 84 06 00 5f 00 00 00 9f 84 06 00 37 00 00 00	....Q.......E...Y..._.......7...
6200	ff 84 06 00 41 00 00 00 37 85 06 00 44 00 00 00 79 85 06 00 6a 00 00 00 be 85 06 00 3c 00 00 00	....A...7...D...y...j.......<...
6220	29 86 06 00 56 00 00 00 66 86 06 00 4a 00 00 00 bd 86 06 00 ee 00 00 00 08 87 06 00 47 00 00 00	)...V...f...J...............G...
6240	f7 87 06 00 7a 00 00 00 3f 88 06 00 d2 00 00 00 ba 88 06 00 5f 00 00 00 8d 89 06 00 d5 00 00 00	....z...?..........._...........
6260	ed 89 06 00 39 00 00 00 c3 8a 06 00 70 00 00 00 fd 8a 06 00 5d 00 00 00 6e 8b 06 00 55 00 00 00	....9.......p.......]...n...U...
6280	cc 8b 06 00 2b 00 00 00 22 8c 06 00 38 00 00 00 4e 8c 06 00 46 00 00 00 87 8c 06 00 4c 00 00 00	....+..."...8...N...F.......L...
62a0	ce 8c 06 00 62 00 00 00 1b 8d 06 00 55 01 00 00 7e 8d 06 00 b6 00 00 00 d4 8e 06 00 8d 00 00 00	....b.......U...~...............
62c0	8b 8f 06 00 d5 00 00 00 19 90 06 00 7e 00 00 00 ef 90 06 00 a4 00 00 00 6e 91 06 00 a6 00 00 00	............~...........n.......
62e0	13 92 06 00 c7 01 00 00 ba 92 06 00 32 01 00 00 82 94 06 00 a8 00 00 00 b5 95 06 00 79 00 00 00	............2...............y...
6300	5e 96 06 00 33 00 00 00 d8 96 06 00 90 00 00 00 0c 97 06 00 b0 00 00 00 9d 97 06 00 63 00 00 00	^...3.......................c...
6320	4e 98 06 00 b3 00 00 00 b2 98 06 00 d6 00 00 00 66 99 06 00 2c 00 00 00 3d 9a 06 00 52 00 00 00	N...............f...,...=...R...
6340	6a 9a 06 00 4d 01 00 00 bd 9a 06 00 3b 00 00 00 0b 9c 06 00 ad 00 00 00 47 9c 06 00 7b 02 00 00	j...M.......;...........G...{...
6360	f5 9c 06 00 54 01 00 00 71 9f 06 00 53 00 00 00 c6 a0 06 00 4b 00 00 00 1a a1 06 00 04 01 00 00	....T...q...S.......K...........
6380	66 a1 06 00 eb 00 00 00 6b a2 06 00 c8 00 00 00 57 a3 06 00 c8 00 00 00 20 a4 06 00 b6 00 00 00	f.......k.......W...............
63a0	e9 a4 06 00 bb 00 00 00 a0 a5 06 00 60 00 00 00 5c a6 06 00 b5 00 00 00 bd a6 06 00 b9 00 00 00	............`...\...............
63c0	73 a7 06 00 9b 00 00 00 2d a8 06 00 0a 01 00 00 c9 a8 06 00 01 01 00 00 d4 a9 06 00 38 00 00 00	s.......-...................8...
63e0	d6 aa 06 00 3b 00 00 00 0f ab 06 00 45 00 00 00 4b ab 06 00 2c 00 00 00 91 ab 06 00 70 00 00 00	....;.......E...K...,.......p...
6400	be ab 06 00 4e 00 00 00 2f ac 06 00 7c 01 00 00 7e ac 06 00 71 01 00 00 fb ad 06 00 90 00 00 00	....N.../...|...~...q...........
6420	6d af 06 00 4b 00 00 00 fe af 06 00 11 01 00 00 4a b0 06 00 7b 00 00 00 5c b1 06 00 58 00 00 00	m...K...........J...{...\...X...
6440	d8 b1 06 00 a9 00 00 00 31 b2 06 00 72 00 00 00 db b2 06 00 6c 00 00 00 4e b3 06 00 60 00 00 00	........1...r.......l...N...`...
6460	bb b3 06 00 17 01 00 00 1c b4 06 00 ff 00 00 00 34 b5 06 00 44 00 00 00 34 b6 06 00 87 00 00 00	................4...D...4.......
6480	79 b6 06 00 70 00 00 00 01 b7 06 00 87 00 00 00 72 b7 06 00 65 00 00 00 fa b7 06 00 6e 00 00 00	y...p...........r...e.......n...
64a0	60 b8 06 00 64 00 00 00 cf b8 06 00 59 02 00 00 34 b9 06 00 88 00 00 00 8e bb 06 00 25 00 00 00	`...d.......Y...4...........%...
64c0	17 bc 06 00 88 00 00 00 3d bc 06 00 a5 00 00 00 c6 bc 06 00 57 01 00 00 6c bd 06 00 32 01 00 00	........=...........W...l...2...
64e0	c4 be 06 00 49 01 00 00 f7 bf 06 00 51 01 00 00 41 c1 06 00 fb 00 00 00 93 c2 06 00 28 00 00 00	....I.......Q...A...........(...
6500	8f c3 06 00 95 00 00 00 b8 c3 06 00 af 00 00 00 4e c4 06 00 af 00 00 00 fe c4 06 00 76 00 00 00	................N...........v...
6520	ae c5 06 00 a6 00 00 00 25 c6 06 00 84 01 00 00 cc c6 06 00 6a 00 00 00 51 c8 06 00 b9 00 00 00	........%...........j...Q.......
6540	bc c8 06 00 0f 01 00 00 76 c9 06 00 36 00 00 00 86 ca 06 00 a5 00 00 00 bd ca 06 00 a7 00 00 00	........v...6...................
6560	63 cb 06 00 7b 00 00 00 0b cc 06 00 67 00 00 00 87 cc 06 00 32 00 00 00 ef cc 06 00 fe 00 00 00	c...{.......g.......2...........
6580	22 cd 06 00 9d 00 00 00 21 ce 06 00 bb 00 00 00 bf ce 06 00 77 00 00 00 7b cf 06 00 bf 00 00 00	".......!...........w...{.......
65a0	f3 cf 06 00 c7 00 00 00 b3 d0 06 00 cc 00 00 00 7b d1 06 00 d1 00 00 00 48 d2 06 00 2d 04 00 00	................{.......H...-...
65c0	1a d3 06 00 5d 00 00 00 48 d7 06 00 e3 00 00 00 a6 d7 06 00 cf 00 00 00 8a d8 06 00 07 01 00 00	....]...H.......................
65e0	5a d9 06 00 10 01 00 00 62 da 06 00 9c 00 00 00 73 db 06 00 8a 00 00 00 10 dc 06 00 97 00 00 00	Z.......b.......s...............
6600	9b dc 06 00 40 00 00 00 33 dd 06 00 f0 00 00 00 74 dd 06 00 0b 01 00 00 65 de 06 00 37 01 00 00	....@...3.......t.......e...7...
6620	71 df 06 00 75 01 00 00 a9 e0 06 00 97 01 00 00 1f e2 06 00 f0 00 00 00 b7 e3 06 00 01 01 00 00	q...u...........................
6640	a8 e4 06 00 aa 00 00 00 aa e5 06 00 69 00 00 00 55 e6 06 00 6b 00 00 00 bf e6 06 00 df 00 00 00	............i...U...k...........
6660	2b e7 06 00 44 00 00 00 0b e8 06 00 ec 00 00 00 50 e8 06 00 86 00 00 00 3d e9 06 00 d5 00 00 00	+...D...........P.......=.......
6680	c4 e9 06 00 b9 00 00 00 9a ea 06 00 a6 00 00 00 54 eb 06 00 c8 00 00 00 fb eb 06 00 71 00 00 00	................T...........q...
66a0	c4 ec 06 00 2c 01 00 00 36 ed 06 00 84 00 00 00 63 ee 06 00 00 01 00 00 e8 ee 06 00 e5 00 00 00	....,...6.......c...............
66c0	e9 ef 06 00 2d 01 00 00 cf f0 06 00 12 01 00 00 fd f1 06 00 f2 00 00 00 10 f3 06 00 a4 00 00 00	....-...........................
66e0	03 f4 06 00 90 01 00 00 a8 f4 06 00 a2 00 00 00 39 f6 06 00 b3 01 00 00 dc f6 06 00 53 00 00 00	................9...........S...
6700	90 f8 06 00 5f 00 00 00 e4 f8 06 00 80 00 00 00 44 f9 06 00 81 00 00 00 c5 f9 06 00 8f 00 00 00	...._...........D...............
6720	47 fa 06 00 7b 00 00 00 d7 fa 06 00 f3 00 00 00 53 fb 06 00 f2 00 00 00 47 fc 06 00 3a 00 00 00	G...{...........S.......G...:...
6740	3a fd 06 00 3a 00 00 00 75 fd 06 00 41 00 00 00 b0 fd 06 00 42 00 00 00 f2 fd 06 00 38 00 00 00	:...:...u...A.......B.......8...
6760	35 fe 06 00 5c 00 00 00 6e fe 06 00 e1 01 00 00 cb fe 06 00 bb 00 00 00 ad 00 07 00 e7 00 00 00	5...\...n.......................
6780	69 01 07 00 4d 00 00 00 51 02 07 00 96 00 00 00 9f 02 07 00 e5 00 00 00 36 03 07 00 66 00 00 00	i...M...Q...............6...f...
67a0	1c 04 07 00 ad 00 00 00 83 04 07 00 17 00 00 00 31 05 07 00 16 00 00 00 49 05 07 00 16 00 00 00	................1.......I.......
67c0	60 05 07 00 1c 00 00 00 77 05 07 00 1d 00 00 00 94 05 07 00 14 00 00 00 b2 05 07 00 13 00 00 00	`.......w.......................
67e0	c7 05 07 00 14 00 00 00 db 05 07 00 16 00 00 00 f0 05 07 00 52 00 00 00 07 06 07 00 89 00 00 00	....................R...........
6800	5a 06 07 00 4b 00 00 00 e4 06 07 00 0d 01 00 00 30 07 07 00 41 00 00 00 3e 08 07 00 6d 00 00 00	Z...K...........0...A...>...m...
6820	80 08 07 00 6a 00 00 00 ee 08 07 00 8e 00 00 00 59 09 07 00 40 00 00 00 e8 09 07 00 6c 00 00 00	....j...........Y...@.......l...
6840	29 0a 07 00 4c 00 00 00 96 0a 07 00 3f 00 00 00 e3 0a 07 00 00 01 00 00 23 0b 07 00 1c 01 00 00	)...L.......?...........#.......
6860	24 0c 07 00 a2 00 00 00 41 0d 07 00 97 00 00 00 e4 0d 07 00 59 00 00 00 7c 0e 07 00 62 00 00 00	$.......A...........Y...|...b...
6880	d6 0e 07 00 1c 00 00 00 39 0f 07 00 bb 00 00 00 56 0f 07 00 32 00 00 00 12 10 07 00 73 00 00 00	........9.......V...2.......s...
68a0	45 10 07 00 61 00 00 00 b9 10 07 00 76 00 00 00 1b 11 07 00 47 00 00 00 92 11 07 00 43 01 00 00	E...a.......v.......G.......C...
68c0	da 11 07 00 7d 00 00 00 1e 13 07 00 e5 00 00 00 9c 13 07 00 11 00 00 00 82 14 07 00 63 00 00 00	....}.......................c...
68e0	94 14 07 00 c6 00 00 00 f8 14 07 00 8e 00 00 00 bf 15 07 00 2a 00 00 00 4e 16 07 00 98 00 00 00	....................*...N.......
6900	79 16 07 00 44 00 00 00 12 17 07 00 a0 00 00 00 57 17 07 00 ca 00 00 00 f8 17 07 00 41 00 00 00	y...D...........W...........A...
6920	c3 18 07 00 76 00 00 00 05 19 07 00 c7 00 00 00 7c 19 07 00 58 00 00 00 44 1a 07 00 23 00 00 00	....v...........|...X...D...#...
6940	9d 1a 07 00 76 00 00 00 c1 1a 07 00 36 00 00 00 38 1b 07 00 97 00 00 00 6f 1b 07 00 2c 00 00 00	....v.......6...8.......o...,...
6960	07 1c 07 00 2b 00 00 00 34 1c 07 00 2e 00 00 00 60 1c 07 00 33 00 00 00 8f 1c 07 00 31 00 00 00	....+...4.......`...3.......1...
6980	c3 1c 07 00 26 00 00 00 f5 1c 07 00 60 00 00 00 1c 1d 07 00 89 00 00 00 7d 1d 07 00 be 00 00 00	....&.......`...........}.......
69a0	07 1e 07 00 60 01 00 00 c6 1e 07 00 80 00 00 00 27 20 07 00 78 00 00 00 a8 20 07 00 7b 00 00 00	....`...........'...x.......{...
69c0	21 21 07 00 29 00 00 00 9d 21 07 00 e9 00 00 00 c7 21 07 00 3d 00 00 00 b1 22 07 00 6f 00 00 00	!!..)....!.......!..=...."..o...
69e0	ef 22 07 00 3b 00 00 00 5f 23 07 00 a5 00 00 00 9b 23 07 00 2d 01 00 00 41 24 07 00 dd 00 00 00	."..;..._#.......#..-...A$......
6a00	6f 25 07 00 64 00 00 00 4d 26 07 00 40 00 00 00 b2 26 07 00 77 00 00 00 f3 26 07 00 76 00 00 00	o%..d...M&..@....&..w....&..v...
6a20	6b 27 07 00 6f 00 00 00 e2 27 07 00 d3 00 00 00 52 28 07 00 23 01 00 00 26 29 07 00 9d 01 00 00	k'..o....'......R(..#...&)......
6a40	4a 2a 07 00 48 00 00 00 e8 2b 07 00 2c 00 00 00 31 2c 07 00 bb 00 00 00 5e 2c 07 00 23 00 00 00	J*..H....+..,...1,......^,..#...
6a60	1a 2d 07 00 5b 00 00 00 3e 2d 07 00 6b 00 00 00 9a 2d 07 00 30 00 00 00 06 2e 07 00 3d 00 00 00	.-..[...>-..k....-..0.......=...
6a80	37 2e 07 00 2c 00 00 00 75 2e 07 00 3c 00 00 00 a2 2e 07 00 44 00 00 00 df 2e 07 00 34 00 00 00	7...,...u...<.......D.......4...
6aa0	24 2f 07 00 32 01 00 00 59 2f 07 00 30 00 00 00 8c 30 07 00 dd 00 00 00 bd 30 07 00 09 00 00 00	$/..2...Y/..0....0.......0......
6ac0	9b 31 07 00 d6 00 00 00 a5 31 07 00 49 00 00 00 7c 32 07 00 47 00 00 00 c6 32 07 00 44 00 00 00	.1.......1..I...|2..G....2..D...
6ae0	0e 33 07 00 26 00 00 00 53 33 07 00 1f 00 00 00 7a 33 07 00 74 00 00 00 9a 33 07 00 30 00 00 00	.3..&...S3......z3..t....3..0...
6b00	0f 34 07 00 45 00 00 00 40 34 07 00 2e 00 00 00 86 34 07 00 06 00 00 00 b5 34 07 00 65 00 00 00	.4..E...@4.......4.......4..e...
6b20	bc 34 07 00 4e 00 00 00 22 35 07 00 91 00 00 00 71 35 07 00 ae 00 00 00 03 36 07 00 22 00 00 00	.4..N..."5......q5.......6.."...
6b40	b2 36 07 00 aa 00 00 00 d5 36 07 00 5c 00 00 00 80 37 07 00 74 00 00 00 dd 37 07 00 54 00 00 00	.6.......6..\....7..t....7..T...
6b60	52 38 07 00 4c 00 00 00 a7 38 07 00 51 00 00 00 f4 38 07 00 d7 00 00 00 46 39 07 00 3c 00 00 00	R8..L....8..Q....8......F9..<...
6b80	1e 3a 07 00 77 00 00 00 5b 3a 07 00 40 00 00 00 d3 3a 07 00 d7 00 00 00 14 3b 07 00 b3 00 00 00	.:..w...[:..@....:.......;......
6ba0	ec 3b 07 00 66 00 00 00 a0 3c 07 00 37 00 00 00 07 3d 07 00 6a 00 00 00 3f 3d 07 00 42 00 00 00	.;..f....<..7....=..j...?=..B...
6bc0	aa 3d 07 00 3d 00 00 00 ed 3d 07 00 38 00 00 00 2b 3e 07 00 3d 00 00 00 64 3e 07 00 40 00 00 00	.=..=....=..8...+>..=...d>..@...
6be0	a2 3e 07 00 4a 01 00 00 e3 3e 07 00 52 00 00 00 2e 40 07 00 51 00 00 00 81 40 07 00 c9 00 00 00	.>..J....>..R....@..Q....@......
6c00	d3 40 07 00 67 00 00 00 9d 41 07 00 8d 00 00 00 05 42 07 00 a0 01 00 00 93 42 07 00 87 00 00 00	.@..g....A.......B.......B......
6c20	34 44 07 00 5f 00 00 00 bc 44 07 00 fa 00 00 00 1c 45 07 00 54 00 00 00 17 46 07 00 49 00 00 00	4D.._....D.......E..T....F..I...
6c40	6c 46 07 00 92 00 00 00 b6 46 07 00 54 00 00 00 49 47 07 00 96 00 00 00 9e 47 07 00 2a 00 00 00	lF.......F..T...IG.......G..*...
6c60	35 48 07 00 1c 00 00 00 60 48 07 00 1f 00 00 00 7d 48 07 00 32 00 00 00 9d 48 07 00 12 01 00 00	5H......`H......}H..2....H......
6c80	d0 48 07 00 71 00 00 00 e3 49 07 00 5f 00 00 00 55 4a 07 00 69 00 00 00 b5 4a 07 00 a5 00 00 00	.H..q....I.._...UJ..i....J......
6ca0	1f 4b 07 00 45 00 00 00 c5 4b 07 00 09 00 00 00 0b 4c 07 00 2c 00 00 00 15 4c 07 00 05 00 00 00	.K..E....K.......L..,....L......
6cc0	42 4c 07 00 83 00 00 00 48 4c 07 00 44 02 00 00 cc 4c 07 00 8a 01 00 00 11 4f 07 00 0f 00 00 00	BL......HL..D....L.......O......
6ce0	9c 50 07 00 93 00 00 00 ac 50 07 00 0e 00 00 00 40 51 07 00 5e 00 00 00 4f 51 07 00 9e 00 00 00	.P.......P......@Q..^...OQ......
6d00	ae 51 07 00 97 00 00 00 4d 52 07 00 12 00 00 00 e5 52 07 00 60 01 00 00 f8 52 07 00 11 00 00 00	.Q......MR.......R..`....R......
6d20	59 54 07 00 0f 00 00 00 6b 54 07 00 0f 00 00 00 7b 54 07 00 06 00 00 00 8b 54 07 00 0b 00 00 00	YT......kT......{T.......T......
6d40	92 54 07 00 28 00 00 00 9e 54 07 00 60 00 00 00 c7 54 07 00 3f 00 00 00 28 55 07 00 5f 00 00 00	.T..(....T..`....T..?...(U.._...
6d60	68 55 07 00 7c 00 00 00 c8 55 07 00 13 00 00 00 45 56 07 00 1f 00 00 00 59 56 07 00 17 00 00 00	hU..|....U......EV......YV......
6d80	79 56 07 00 15 00 00 00 91 56 07 00 12 00 00 00 a7 56 07 00 29 00 00 00 ba 56 07 00 0d 00 00 00	yV.......V.......V..)....V......
6da0	e4 56 07 00 38 00 00 00 f2 56 07 00 af 00 00 00 2b 57 07 00 0e 00 00 00 db 57 07 00 07 00 00 00	.V..8....V......+W.......W......
6dc0	ea 57 07 00 0c 00 00 00 f2 57 07 00 0d 00 00 00 ff 57 07 00 1b 00 00 00 0d 58 07 00 05 00 00 00	.W.......W.......W.......X......
6de0	29 58 07 00 9b 01 00 00 2f 58 07 00 06 00 00 00 cb 59 07 00 16 00 00 00 d2 59 07 00 15 00 00 00	)X....../X.......Y.......Y......
6e00	e9 59 07 00 9c 00 00 00 ff 59 07 00 2e 00 00 00 9c 5a 07 00 e2 00 00 00 cb 5a 07 00 58 00 00 00	.Y.......Y.......Z.......Z..X...
6e20	ae 5b 07 00 14 00 00 00 07 5c 07 00 26 00 00 00 1c 5c 07 00 20 00 00 00 43 5c 07 00 13 00 00 00	.[.......\..&....\......C\......
6e40	64 5c 07 00 39 00 00 00 78 5c 07 00 59 00 00 00 b2 5c 07 00 3e 00 00 00 0c 5d 07 00 00 01 00 00	d\..9...x\..Y....\..>....]......
6e60	4b 5d 07 00 55 00 00 00 4c 5e 07 00 54 00 00 00 a2 5e 07 00 51 00 00 00 f7 5e 07 00 55 00 00 00	K]..U...L^..T....^..Q....^..U...
6e80	49 5f 07 00 52 00 00 00 9f 5f 07 00 44 00 00 00 f2 5f 07 00 36 00 00 00 37 60 07 00 46 00 00 00	I_..R...._..D...._..6...7`..F...
6ea0	6e 60 07 00 2c 00 00 00 b5 60 07 00 88 00 00 00 e2 60 07 00 43 00 00 00 6b 61 07 00 18 00 00 00	n`..,....`.......`..C...ka......
6ec0	af 61 07 00 28 00 00 00 c8 61 07 00 2f 00 00 00 f1 61 07 00 68 00 00 00 21 62 07 00 8c 00 00 00	.a..(....a../....a..h...!b......
6ee0	8a 62 07 00 8a 00 00 00 17 63 07 00 78 00 00 00 a2 63 07 00 59 00 00 00 1b 64 07 00 19 01 00 00	.b.......c..x....c..Y....d......
6f00	75 64 07 00 24 01 00 00 8f 65 07 00 22 01 00 00 b4 66 07 00 08 01 00 00 d7 67 07 00 f8 00 00 00	ud..$....e.."....f.......g......
6f20	e0 68 07 00 f7 00 00 00 d9 69 07 00 c4 00 00 00 d1 6a 07 00 a1 00 00 00 96 6b 07 00 73 00 00 00	.h.......i.......j.......k..s...
6f40	38 6c 07 00 f8 00 00 00 ac 6c 07 00 4e 00 00 00 a5 6d 07 00 99 00 00 00 f4 6d 07 00 4b 00 00 00	8l.......l..N....m.......m..K...
6f60	8e 6e 07 00 5b 00 00 00 da 6e 07 00 4a 00 00 00 36 6f 07 00 4a 00 00 00 81 6f 07 00 50 00 00 00	.n..[....n..J...6o..J....o..P...
6f80	cc 6f 07 00 47 00 00 00 1d 70 07 00 44 01 00 00 65 70 07 00 3c 01 00 00 aa 71 07 00 a0 00 00 00	.o..G....p..D...ep..<....q......
6fa0	e7 72 07 00 30 01 00 00 88 73 07 00 50 01 00 00 b9 74 07 00 d1 00 00 00 0a 76 07 00 23 01 00 00	.r..0....s..P....t.......v..#...
6fc0	dc 76 07 00 08 01 00 00 00 78 07 00 29 01 00 00 09 79 07 00 2f 01 00 00 33 7a 07 00 da 00 00 00	.v.......x..)....y../...3z......
6fe0	63 7b 07 00 34 01 00 00 3e 7c 07 00 89 00 00 00 73 7d 07 00 66 00 00 00 fd 7d 07 00 88 00 00 00	c{..4...>|......s}..f....}......
7000	64 7e 07 00 a5 00 00 00 ed 7e 07 00 70 00 00 00 93 7f 07 00 6f 00 00 00 04 80 07 00 8e 00 00 00	d~.......~..p.......o...........
7020	74 80 07 00 b0 00 00 00 03 81 07 00 0f 01 00 00 b4 81 07 00 c3 00 00 00 c4 82 07 00 84 00 00 00	t...............................
7040	88 83 07 00 be 00 00 00 0d 84 07 00 db 00 00 00 cc 84 07 00 85 00 00 00 a8 85 07 00 7d 00 00 00	............................}...
7060	2e 86 07 00 9a 00 00 00 ac 86 07 00 92 00 00 00 47 87 07 00 91 00 00 00 da 87 07 00 d5 00 00 00	................G...............
7080	6c 88 07 00 93 00 00 00 42 89 07 00 8e 00 00 00 d6 89 07 00 fa 00 00 00 65 8a 07 00 bd 00 00 00	l.......B...............e.......
70a0	60 8b 07 00 f5 00 00 00 1e 8c 07 00 a6 00 00 00 14 8d 07 00 a1 00 00 00 bb 8d 07 00 7b 00 00 00	`...........................{...
70c0	5d 8e 07 00 19 01 00 00 d9 8e 07 00 9d 00 00 00 f3 8f 07 00 be 01 00 00 91 90 07 00 b1 00 00 00	]...............................
70e0	50 92 07 00 5b 00 00 00 02 93 07 00 63 00 00 00 5e 93 07 00 33 01 00 00 c2 93 07 00 3b 00 00 00	P...[.......c...^...3.......;...
7100	f6 94 07 00 98 00 00 00 32 95 07 00 54 00 00 00 cb 95 07 00 59 00 00 00 20 96 07 00 de 00 00 00	........2...T.......Y...........
7120	7a 96 07 00 9a 00 00 00 59 97 07 00 c0 00 00 00 f4 97 07 00 c5 00 00 00 b5 98 07 00 87 00 00 00	z.......Y.......................
7140	7b 99 07 00 74 00 00 00 03 9a 07 00 84 00 00 00 78 9a 07 00 5f 00 00 00 fd 9a 07 00 83 00 00 00	{...t...........x..._...........
7160	5d 9b 07 00 bd 00 00 00 e1 9b 07 00 79 00 00 00 9f 9c 07 00 7e 00 00 00 19 9d 07 00 78 00 00 00	]...........y.......~.......x...
7180	98 9d 07 00 85 00 00 00 11 9e 07 00 51 00 00 00 97 9e 07 00 3e 00 00 00 e9 9e 07 00 3e 00 00 00	............Q.......>.......>...
71a0	28 9f 07 00 75 00 00 00 67 9f 07 00 53 00 00 00 dd 9f 07 00 df 00 00 00 31 a0 07 00 a1 00 00 00	(...u...g...S...........1.......
71c0	11 a1 07 00 ac 00 00 00 b3 a1 07 00 3b 00 00 00 60 a2 07 00 47 00 00 00 9c a2 07 00 67 00 00 00	............;...`...G.......g...
71e0	e4 a2 07 00 d8 00 00 00 4c a3 07 00 5a 00 00 00 25 a4 07 00 38 00 00 00 80 a4 07 00 88 01 00 00	........L...Z...%...8...........
7200	b9 a4 07 00 c5 00 00 00 42 a6 07 00 a1 00 00 00 08 a7 07 00 6d 00 00 00 aa a7 07 00 4e 00 00 00	........B...........m.......N...
7220	18 a8 07 00 3d 00 00 00 67 a8 07 00 8a 00 00 00 a5 a8 07 00 6f 00 00 00 30 a9 07 00 2e 00 00 00	....=...g...........o...0.......
7240	a0 a9 07 00 31 00 00 00 cf a9 07 00 3c 00 00 00 01 aa 07 00 17 01 00 00 3e aa 07 00 db 00 00 00	....1.......<...........>.......
7260	56 ab 07 00 4a 00 00 00 32 ac 07 00 0b 01 00 00 7d ac 07 00 51 00 00 00 89 ad 07 00 96 00 00 00	V...J...2.......}...Q...........
7280	db ad 07 00 5d 00 00 00 72 ae 07 00 49 00 00 00 d0 ae 07 00 46 00 00 00 1a af 07 00 37 00 00 00	....]...r...I.......F.......7...
72a0	61 af 07 00 38 01 00 00 99 af 07 00 31 00 00 00 d2 b0 07 00 30 00 00 00 04 b1 07 00 39 00 00 00	a...8.......1.......0.......9...
72c0	35 b1 07 00 33 00 00 00 6f b1 07 00 33 00 00 00 a3 b1 07 00 49 00 00 00 d7 b1 07 00 d9 00 00 00	5...3...o...3.......I...........
72e0	21 b2 07 00 78 00 00 00 fb b2 07 00 79 00 00 00 74 b3 07 00 8c 00 00 00 ee b3 07 00 47 00 00 00	!...x.......y...t...........G...
7300	7b b4 07 00 fb 00 00 00 c3 b4 07 00 b7 00 00 00 bf b5 07 00 5b 00 00 00 77 b6 07 00 b7 00 00 00	{...................[...w.......
7320	d3 b6 07 00 42 00 00 00 8b b7 07 00 46 00 00 00 ce b7 07 00 30 00 00 00 15 b8 07 00 39 00 00 00	....B.......F.......0.......9...
7340	46 b8 07 00 25 00 00 00 80 b8 07 00 2e 00 00 00 a6 b8 07 00 2e 00 00 00 d5 b8 07 00 39 00 00 00	F...%.......................9...
7360	04 b9 07 00 c1 00 00 00 3e b9 07 00 8c 00 00 00 00 ba 07 00 b5 00 00 00 8d ba 07 00 42 00 00 00	........>...................B...
7380	43 bb 07 00 a5 00 00 00 86 bb 07 00 b9 00 00 00 2c bc 07 00 3e 00 00 00 e6 bc 07 00 74 00 00 00	C...............,...>.......t...
73a0	25 bd 07 00 6c 00 00 00 9a bd 07 00 81 00 00 00 07 be 07 00 19 00 00 00 89 be 07 00 23 00 00 00	%...l.......................#...
73c0	a3 be 07 00 b7 00 00 00 c7 be 07 00 13 00 00 00 7f bf 07 00 54 00 00 00 93 bf 07 00 5f 01 00 00	....................T......._...
73e0	e8 bf 07 00 17 00 00 00 48 c1 07 00 1a 00 00 00 60 c1 07 00 17 00 00 00 7b c1 07 00 3b 00 00 00	........H.......`.......{...;...
7400	93 c1 07 00 dd 00 00 00 cf c1 07 00 1d 01 00 00 ad c2 07 00 32 00 00 00 cb c3 07 00 20 00 00 00	....................2...........
7420	fe c3 07 00 5d 00 00 00 1f c4 07 00 54 00 00 00 7d c4 07 00 04 00 00 00 d2 c4 07 00 30 00 00 00	....].......T...}...........0...
7440	d7 c4 07 00 0c 00 00 00 08 c5 07 00 0c 00 00 00 15 c5 07 00 09 00 00 00 22 c5 07 00 33 01 00 00	........................"...3...
7460	2c c5 07 00 70 00 00 00 60 c6 07 00 03 00 00 00 d1 c6 07 00 62 00 00 00 d5 c6 07 00 03 00 00 00	,...p...`...........b...........
7480	38 c7 07 00 11 00 00 00 3c c7 07 00 16 00 00 00 4e c7 07 00 19 00 00 00 65 c7 07 00 15 00 00 00	8.......<.......N.......e.......
74a0	7f c7 07 00 11 00 00 00 95 c7 07 00 14 00 00 00 a7 c7 07 00 6a 02 00 00 bc c7 07 00 3d 01 00 00	....................j.......=...
74c0	27 ca 07 00 85 01 00 00 65 cb 07 00 95 00 00 00 eb cc 07 00 d5 01 00 00 81 cd 07 00 32 00 00 00	'.......e...................2...
74e0	57 cf 07 00 1e 00 00 00 8a cf 07 00 05 00 00 00 a9 cf 07 00 45 01 00 00 af cf 07 00 16 00 00 00	W...................E...........
7500	f5 d0 07 00 3b 00 00 00 0c d1 07 00 18 00 00 00 48 d1 07 00 05 00 00 00 61 d1 07 00 8e 00 00 00	....;...........H.......a.......
7520	67 d1 07 00 60 00 00 00 f6 d1 07 00 0c 00 00 00 57 d2 07 00 07 00 00 00 64 d2 07 00 10 00 00 00	g...`...........W.......d.......
7540	6c d2 07 00 6c 00 00 00 7d d2 07 00 0e 00 00 00 ea d2 07 00 4b 00 00 00 f9 d2 07 00 47 00 00 00	l...l...}...........K.......G...
7560	45 d3 07 00 65 00 00 00 8d d3 07 00 a1 00 00 00 f3 d3 07 00 3f 00 00 00 95 d4 07 00 4a 01 00 00	E...e...............?.......J...
7580	d5 d4 07 00 44 01 00 00 20 d6 07 00 15 00 00 00 65 d7 07 00 24 00 00 00 7b d7 07 00 0a 00 00 00	....D...........e...$...{.......
75a0	a0 d7 07 00 24 00 00 00 ab d7 07 00 09 00 00 00 d0 d7 07 00 1b 00 00 00 da d7 07 00 c9 00 00 00	....$...........................
75c0	f6 d7 07 00 0b 00 00 00 c0 d8 07 00 85 00 00 00 cc d8 07 00 26 00 00 00 52 d9 07 00 3d 00 00 00	....................&...R...=...
75e0	79 d9 07 00 52 00 00 00 b7 d9 07 00 26 00 00 00 0a da 07 00 b0 00 00 00 31 da 07 00 df 00 00 00	y...R.......&...........1.......
7600	e2 da 07 00 1c 00 00 00 c2 db 07 00 8f 00 00 00 df db 07 00 8c 00 00 00 6f dc 07 00 90 00 00 00	........................o.......
7620	fc dc 07 00 5d 00 00 00 8d dd 07 00 44 00 00 00 eb dd 07 00 b0 00 00 00 30 de 07 00 50 00 00 00	....].......D...........0...P...
7640	e1 de 07 00 a6 00 00 00 32 df 07 00 ec 00 00 00 d9 df 07 00 64 00 00 00 c6 e0 07 00 53 00 00 00	........2...........d.......S...
7660	2b e1 07 00 df 00 00 00 7f e1 07 00 86 00 00 00 5f e2 07 00 63 00 00 00 e6 e2 07 00 68 00 00 00	+..............._...c.......h...
7680	4a e3 07 00 d1 00 00 00 b3 e3 07 00 78 00 00 00 85 e4 07 00 7a 00 00 00 fe e4 07 00 7d 00 00 00	J...........x.......z.......}...
76a0	79 e5 07 00 80 00 00 00 f7 e5 07 00 33 00 00 00 78 e6 07 00 71 00 00 00 ac e6 07 00 a5 00 00 00	y...........3...x...q...........
76c0	1e e7 07 00 59 00 00 00 c4 e7 07 00 58 00 00 00 1e e8 07 00 9b 00 00 00 77 e8 07 00 9c 00 00 00	....Y.......X...........w.......
76e0	13 e9 07 00 e3 00 00 00 b0 e9 07 00 9e 00 00 00 94 ea 07 00 44 00 00 00 33 eb 07 00 3c 00 00 00	....................D...3...<...
7700	78 eb 07 00 bd 00 00 00 b5 eb 07 00 bf 00 00 00 73 ec 07 00 88 00 00 00 33 ed 07 00 85 00 00 00	x...............s.......3.......
7720	bc ed 07 00 6f 00 00 00 42 ee 07 00 cf 00 00 00 b2 ee 07 00 17 00 00 00 82 ef 07 00 12 00 00 00	....o...B.......................
7740	9a ef 07 00 18 00 00 00 ad ef 07 00 39 00 00 00 c6 ef 07 00 1b 00 00 00 00 f0 07 00 21 00 00 00	............9...............!...
7760	1c f0 07 00 07 00 00 00 3e f0 07 00 12 00 00 00 46 f0 07 00 79 00 00 00 59 f0 07 00 e5 00 00 00	........>.......F...y...Y.......
7780	d3 f0 07 00 ac 00 00 00 b9 f1 07 00 84 00 00 00 66 f2 07 00 5a 00 00 00 eb f2 07 00 c4 00 00 00	................f...Z...........
77a0	46 f3 07 00 4b 00 00 00 0b f4 07 00 17 00 00 00 57 f4 07 00 e8 00 00 00 6f f4 07 00 48 00 00 00	F...K...........W.......o...H...
77c0	58 f5 07 00 41 00 00 00 a1 f5 07 00 2e 00 00 00 e3 f5 07 00 47 00 00 00 12 f6 07 00 3f 00 00 00	X...A...............G.......?...
77e0	5a f6 07 00 1b 01 00 00 9a f6 07 00 22 00 00 00 b6 f7 07 00 08 00 00 00 d9 f7 07 00 ae 00 00 00	Z..........."...................
7800	e2 f7 07 00 79 00 00 00 91 f8 07 00 73 00 00 00 0b f9 07 00 bf 00 00 00 7f f9 07 00 7b 01 00 00	....y.......s...............{...
7820	3f fa 07 00 90 01 00 00 bb fb 07 00 13 01 00 00 4c fd 07 00 36 01 00 00 60 fe 07 00 04 02 00 00	?...............L...6...`.......
7840	97 ff 07 00 ad 00 00 00 9c 01 08 00 67 00 00 00 4a 02 08 00 71 00 00 00 b2 02 08 00 fe 00 00 00	............g...J...q...........
7860	24 03 08 00 7d 00 00 00 23 04 08 00 6d 01 00 00 a1 04 08 00 7a 00 00 00 0f 06 08 00 e2 00 00 00	$...}...#...m.......z...........
7880	8a 06 08 00 1e 01 00 00 6d 07 08 00 16 01 00 00 8c 08 08 00 06 01 00 00 a3 09 08 00 b1 00 00 00	........m.......................
78a0	aa 0a 08 00 58 00 00 00 5c 0b 08 00 80 00 00 00 b5 0b 08 00 98 00 00 00 36 0c 08 00 b5 00 00 00	....X...\...............6.......
78c0	cf 0c 08 00 a2 00 00 00 85 0d 08 00 37 00 00 00 28 0e 08 00 42 00 00 00 60 0e 08 00 cf 00 00 00	............7...(...B...`.......
78e0	a3 0e 08 00 fd 00 00 00 73 0f 08 00 3c 01 00 00 71 10 08 00 fb 00 00 00 ae 11 08 00 bf 00 00 00	........s...<...q...............
7900	aa 12 08 00 a4 00 00 00 6a 13 08 00 fb 00 00 00 0f 14 08 00 18 01 00 00 0b 15 08 00 20 01 00 00	........j.......................
7920	24 16 08 00 5d 00 00 00 45 17 08 00 97 00 00 00 a3 17 08 00 57 00 00 00 3b 18 08 00 b0 00 00 00	$...]...E...........W...;.......
7940	93 18 08 00 f1 00 00 00 44 19 08 00 5d 00 00 00 36 1a 08 00 4a 00 00 00 94 1a 08 00 34 00 00 00	........D...]...6...J.......4...
7960	df 1a 08 00 2c 00 00 00 14 1b 08 00 24 00 00 00 41 1b 08 00 41 00 00 00 66 1b 08 00 d6 00 00 00	....,.......$...A...A...f.......
7980	a8 1b 08 00 ae 00 00 00 7f 1c 08 00 cf 00 00 00 2e 1d 08 00 59 00 00 00 fe 1d 08 00 c3 00 00 00	....................Y...........
79a0	58 1e 08 00 48 00 00 00 1c 1f 08 00 62 00 00 00 65 1f 08 00 86 00 00 00 c8 1f 08 00 09 00 00 00	X...H.......b...e...............
79c0	4f 20 08 00 18 00 00 00 59 20 08 00 33 00 00 00 72 20 08 00 99 00 00 00 a6 20 08 00 9a 00 00 00	O.......Y...3...r...............
79e0	40 21 08 00 16 00 00 00 db 21 08 00 27 00 00 00 f2 21 08 00 30 00 00 00 1a 22 08 00 10 00 00 00	@!.......!..'....!..0...."......
7a00	4b 22 08 00 21 00 00 00 5c 22 08 00 1c 00 00 00 7e 22 08 00 82 00 00 00 9b 22 08 00 ac 00 00 00	K"..!...\"......~"......."......
7a20	1e 23 08 00 fe 00 00 00 cb 23 08 00 60 00 00 00 ca 24 08 00 01 00 00 00 2b 25 08 00 76 00 00 00	.#.......#..`....$......+%..v...
7a40	2d 25 08 00 6b 00 00 00 a4 25 08 00 60 00 00 00 10 26 08 00 a9 00 00 00 71 26 08 00 c9 00 00 00	-%..k....%..`....&......q&......
7a60	1b 27 08 00 9b 00 00 00 e5 27 08 00 3c 00 00 00 81 28 08 00 38 00 00 00 be 28 08 00 95 00 00 00	.'.......'..<....(..8....(......
7a80	f7 28 08 00 2e 00 00 00 8d 29 08 00 57 00 00 00 bc 29 08 00 61 00 00 00 14 2a 08 00 69 00 00 00	.(.......)..W....)..a....*..i...
7aa0	76 2a 08 00 4b 00 00 00 e0 2a 08 00 a4 00 00 00 2c 2b 08 00 52 00 00 00 d1 2b 08 00 53 00 00 00	v*..K....*......,+..R....+..S...
7ac0	24 2c 08 00 65 00 00 00 78 2c 08 00 35 00 00 00 de 2c 08 00 51 00 00 00 14 2d 08 00 a7 00 00 00	$,..e...x,..5....,..Q....-......
7ae0	66 2d 08 00 8a 00 00 00 0e 2e 08 00 96 00 00 00 99 2e 08 00 81 00 00 00 30 2f 08 00 7f 00 00 00	f-......................0/......
7b00	b2 2f 08 00 88 00 00 00 32 30 08 00 e3 00 00 00 bb 30 08 00 c3 00 00 00 9f 31 08 00 3a 00 00 00	./......20.......0.......1..:...
7b20	63 32 08 00 5a 00 00 00 9e 32 08 00 65 00 00 00 f9 32 08 00 c3 00 00 00 5f 33 08 00 50 00 00 00	c2..Z....2..e....2......_3..P...
7b40	23 34 08 00 1d 01 00 00 74 34 08 00 f2 00 00 00 92 35 08 00 48 00 00 00 85 36 08 00 b0 00 00 00	#4......t4.......5..H....6......
7b60	ce 36 08 00 9f 00 00 00 7f 37 08 00 1f 00 00 00 1f 38 08 00 71 00 00 00 3f 38 08 00 75 00 00 00	.6.......7.......8..q...?8..u...
7b80	b1 38 08 00 dc 00 00 00 27 39 08 00 3f 00 00 00 04 3a 08 00 da 00 00 00 44 3a 08 00 1c 00 00 00	.8......'9..?....:......D:......
7ba0	1f 3b 08 00 13 00 00 00 3c 3b 08 00 14 00 00 00 50 3b 08 00 03 01 00 00 65 3b 08 00 1d 00 00 00	.;......<;......P;......e;......
7bc0	69 3c 08 00 1d 00 00 00 87 3c 08 00 23 00 00 00 a5 3c 08 00 1d 00 00 00 c9 3c 08 00 29 00 00 00	i<.......<..#....<.......<..)...
7be0	e7 3c 08 00 31 00 00 00 11 3d 08 00 31 00 00 00 43 3d 08 00 33 00 00 00 75 3d 08 00 33 00 00 00	.<..1....=..1...C=..3...u=..3...
7c00	a9 3d 08 00 10 00 00 00 dd 3d 08 00 0c 00 00 00 ee 3d 08 00 2d 00 00 00 fb 3d 08 00 2c 00 00 00	.=.......=.......=..-....=..,...
7c20	29 3e 08 00 12 00 00 00 56 3e 08 00 2c 00 00 00 69 3e 08 00 25 00 00 00 96 3e 08 00 3c 00 00 00	)>......V>..,...i>..%....>..<...
7c40	bc 3e 08 00 12 00 00 00 f9 3e 08 00 35 00 00 00 0c 3f 08 00 13 00 00 00 42 3f 08 00 34 00 00 00	.>.......>..5....?......B?..4...
7c60	56 3f 08 00 16 00 00 00 8b 3f 08 00 1c 00 00 00 a2 3f 08 00 12 00 00 00 bf 3f 08 00 34 00 00 00	V?.......?.......?.......?..4...
7c80	d2 3f 08 00 13 00 00 00 07 40 08 00 1d 00 00 00 1b 40 08 00 30 00 00 00 39 40 08 00 1f 00 00 00	.?.......@.......@..0...9@......
7ca0	6a 40 08 00 13 00 00 00 8a 40 08 00 16 00 00 00 9e 40 08 00 d3 00 00 00 b5 40 08 00 13 00 00 00	j@.......@.......@.......@......
7cc0	89 41 08 00 38 00 00 00 9d 41 08 00 16 00 00 00 d6 41 08 00 41 00 00 00 ed 41 08 00 38 00 00 00	.A..8....A.......A..A....A..8...
7ce0	2f 42 08 00 1e 00 00 00 68 42 08 00 22 00 00 00 87 42 08 00 5d 00 00 00 aa 42 08 00 55 00 00 00	/B......hB.."....B..]....B..U...
7d00	08 43 08 00 1e 00 00 00 5e 43 08 00 44 00 00 00 7d 43 08 00 25 00 00 00 c2 43 08 00 08 01 00 00	.C......^C..D...}C..%....C......
7d20	e8 43 08 00 fd 01 00 00 f1 44 08 00 87 00 00 00 ef 46 08 00 54 00 00 00 77 47 08 00 5b 00 00 00	.C.......D.......F..T...wG..[...
7d40	cc 47 08 00 87 02 00 00 28 48 08 00 59 00 00 00 b0 4a 08 00 1e 00 00 00 0a 4b 08 00 2a 00 00 00	.G......(H..Y....J.......K..*...
7d60	29 4b 08 00 2f 00 00 00 54 4b 08 00 27 00 00 00 84 4b 08 00 37 00 00 00 ac 4b 08 00 54 00 00 00	)K../...TK..'....K..7....K..T...
7d80	e4 4b 08 00 4f 00 00 00 39 4c 08 00 59 00 00 00 89 4c 08 00 4d 00 00 00 e3 4c 08 00 33 00 00 00	.K..O...9L..Y....L..M....L..3...
7da0	31 4d 08 00 64 00 00 00 65 4d 08 00 1e 00 00 00 ca 4d 08 00 f3 00 00 00 e9 4d 08 00 5e 00 00 00	1M..d...eM.......M.......M..^...
7dc0	dd 4e 08 00 79 00 00 00 3c 4f 08 00 54 00 00 00 b6 4f 08 00 43 00 00 00 0b 50 08 00 4f 00 00 00	.N..y...<O..T....O..C....P..O...
7de0	4f 50 08 00 82 00 00 00 9f 50 08 00 22 00 00 00 22 51 08 00 47 02 00 00 45 51 08 00 fc 00 00 00	OP.......P.."..."Q..G...EQ......
7e00	8d 53 08 00 9c 00 00 00 8a 54 08 00 2c 00 00 00 27 55 08 00 16 00 00 00 54 55 08 00 53 00 00 00	.S.......T..,...'U......TU..S...
7e20	6b 55 08 00 7d 00 00 00 bf 55 08 00 66 00 00 00 3d 56 08 00 b4 00 00 00 a4 56 08 00 55 00 00 00	kU..}....U..f...=V.......V..U...
7e40	59 57 08 00 22 00 00 00 af 57 08 00 18 00 00 00 d2 57 08 00 31 00 00 00 eb 57 08 00 1b 00 00 00	YW.."....W.......W..1....W......
7e60	1d 58 08 00 1a 00 00 00 39 58 08 00 17 00 00 00 54 58 08 00 17 00 00 00 6c 58 08 00 17 00 00 00	.X......9X......TX......lX......
7e80	84 58 08 00 35 00 00 00 9c 58 08 00 41 00 00 00 d2 58 08 00 25 00 00 00 14 59 08 00 2d 00 00 00	.X..5....X..A....X..%....Y..-...
7ea0	3a 59 08 00 3e 00 00 00 68 59 08 00 24 00 00 00 a7 59 08 00 28 00 00 00 cc 59 08 00 4d 00 00 00	:Y..>...hY..$....Y..(....Y..M...
7ec0	f5 59 08 00 50 00 00 00 43 5a 08 00 33 00 00 00 94 5a 08 00 35 00 00 00 c8 5a 08 00 20 00 00 00	.Y..P...CZ..3....Z..5....Z......
7ee0	fe 5a 08 00 73 02 00 00 1f 5b 08 00 c9 00 00 00 93 5d 08 00 28 00 00 00 5d 5e 08 00 5c 00 00 00	.Z..s....[.......]..(...]^..\...
7f00	86 5e 08 00 23 00 00 00 e3 5e 08 00 27 00 00 00 07 5f 08 00 18 00 00 00 2f 5f 08 00 25 00 00 00	.^..#....^..'...._....../_..%...
7f20	48 5f 08 00 1c 00 00 00 6e 5f 08 00 53 00 00 00 8b 5f 08 00 53 00 00 00 df 5f 08 00 16 00 00 00	H_......n_..S...._..S...._......
7f40	33 60 08 00 7e 00 00 00 4a 60 08 00 33 00 00 00 c9 60 08 00 25 00 00 00 fd 60 08 00 af 00 00 00	3`..~...J`..3....`..%....`......
7f60	23 61 08 00 d0 00 00 00 d3 61 08 00 7e 00 00 00 a4 62 08 00 25 00 00 00 23 63 08 00 3d 00 00 00	#a.......a..~....b..%...#c..=...
7f80	49 63 08 00 04 01 00 00 87 63 08 00 bd 00 00 00 8c 64 08 00 78 00 00 00 4a 65 08 00 41 00 00 00	Ic.......c.......d..x...Je..A...
7fa0	c3 65 08 00 43 00 00 00 05 66 08 00 3d 00 00 00 49 66 08 00 27 00 00 00 87 66 08 00 1a 00 00 00	.e..C....f..=...If..'....f......
7fc0	af 66 08 00 d2 00 00 00 ca 66 08 00 5b 00 00 00 9d 67 08 00 ab 00 00 00 f9 67 08 00 5a 00 00 00	.f.......f..[....g.......g..Z...
7fe0	a5 68 08 00 77 00 00 00 00 69 08 00 7d 00 00 00 78 69 08 00 dd 00 00 00 f6 69 08 00 3f 00 00 00	.h..w....i..}...xi.......i..?...
8000	d4 6a 08 00 40 00 00 00 14 6b 08 00 55 00 00 00 55 6b 08 00 af 00 00 00 ab 6b 08 00 5e 00 00 00	.j..@....k..U...Uk.......k..^...
8020	5b 6c 08 00 72 00 00 00 ba 6c 08 00 65 00 00 00 2d 6d 08 00 37 00 00 00 93 6d 08 00 25 00 00 00	[l..r....l..e...-m..7....m..%...
8040	cb 6d 08 00 51 00 00 00 f1 6d 08 00 55 00 00 00 43 6e 08 00 38 00 00 00 99 6e 08 00 45 00 00 00	.m..Q....m..U...Cn..8....n..E...
8060	d2 6e 08 00 40 00 00 00 18 6f 08 00 26 00 00 00 59 6f 08 00 24 00 00 00 80 6f 08 00 44 00 00 00	.n..@....o..&...Yo..$....o..D...
8080	a5 6f 08 00 4b 00 00 00 ea 6f 08 00 4b 00 00 00 36 70 08 00 1f 00 00 00 82 70 08 00 96 00 00 00	.o..K....o..K...6p.......p......
80a0	a2 70 08 00 26 00 00 00 39 71 08 00 29 00 00 00 60 71 08 00 22 00 00 00 8a 71 08 00 1f 00 00 00	.p..&...9q..)...`q.."....q......
80c0	ad 71 08 00 24 00 00 00 cd 71 08 00 28 00 00 00 f2 71 08 00 18 00 00 00 1b 72 08 00 1b 00 00 00	.q..$....q..(....q.......r......
80e0	34 72 08 00 26 00 00 00 50 72 08 00 29 00 00 00 77 72 08 00 57 00 00 00 a1 72 08 00 54 00 00 00	4r..&...Pr..)...wr..W....r..T...
8100	f9 72 08 00 52 00 00 00 4e 73 08 00 51 00 00 00 a1 73 08 00 40 00 00 00 f3 73 08 00 28 00 00 00	.r..R...Ns..Q....s..@....s..(...
8120	34 74 08 00 70 00 00 00 5d 74 08 00 26 00 00 00 ce 74 08 00 79 00 00 00 f5 74 08 00 56 00 00 00	4t..p...]t..&....t..y....t..V...
8140	6f 75 08 00 0b 00 00 00 c6 75 08 00 2c 00 00 00 d2 75 08 00 35 00 00 00 ff 75 08 00 3f 00 00 00	ou.......u..,....u..5....u..?...
8160	35 76 08 00 31 00 00 00 75 76 08 00 69 00 00 00 a7 76 08 00 9c 00 00 00 11 77 08 00 89 00 00 00	5v..1...uv..i....v.......w......
8180	ae 77 08 00 56 00 00 00 38 78 08 00 4c 00 00 00 8f 78 08 00 3c 00 00 00 dc 78 08 00 9e 00 00 00	.w..V...8x..L....x..<....x......
81a0	19 79 08 00 26 00 00 00 b8 79 08 00 27 00 00 00 df 79 08 00 1f 00 00 00 07 7a 08 00 36 00 00 00	.y..&....y..'....y.......z..6...
81c0	27 7a 08 00 38 00 00 00 5e 7a 08 00 66 00 00 00 97 7a 08 00 24 00 00 00 fe 7a 08 00 27 00 00 00	'z..8...^z..f....z..$....z..'...
81e0	23 7b 08 00 27 00 00 00 4b 7b 08 00 1e 00 00 00 73 7b 08 00 24 01 00 00 92 7b 08 00 a1 00 00 00	#{..'...K{......s{..$....{......
8200	b7 7c 08 00 6e 00 00 00 59 7d 08 00 3e 00 00 00 c8 7d 08 00 55 00 00 00 07 7e 08 00 27 01 00 00	.|..n...Y}..>....}..U....~..'...
8220	5d 7e 08 00 22 00 00 00 85 7f 08 00 5a 00 00 00 a8 7f 08 00 2c 00 00 00 03 80 08 00 47 00 00 00	]~..".......Z.......,.......G...
8240	30 80 08 00 7b 00 00 00 78 80 08 00 77 00 00 00 f4 80 08 00 65 00 00 00 6c 81 08 00 65 00 00 00	0...{...x...w.......e...l...e...
8260	d2 81 08 00 5a 00 00 00 38 82 08 00 5a 00 00 00 93 82 08 00 72 00 00 00 ee 82 08 00 61 00 00 00	....Z...8...Z.......r.......a...
8280	61 83 08 00 55 00 00 00 c3 83 08 00 4c 00 00 00 19 84 08 00 4c 00 00 00 66 84 08 00 38 00 00 00	a...U.......L.......L...f...8...
82a0	b3 84 08 00 54 00 00 00 ec 84 08 00 0b 00 00 00 41 85 08 00 0f 00 00 00 4d 85 08 00 49 00 00 00	....T...........A.......M...I...
82c0	5d 85 08 00 0b 00 00 00 a7 85 08 00 43 00 00 00 b3 85 08 00 43 00 00 00 f7 85 08 00 29 00 00 00	]...........C.......C.......)...
82e0	3b 86 08 00 2e 00 00 00 65 86 08 00 77 00 00 00 94 86 08 00 28 00 00 00 0c 87 08 00 3e 00 00 00	;.......e...w.......(.......>...
8300	35 87 08 00 28 00 00 00 74 87 08 00 3e 00 00 00 9d 87 08 00 29 00 00 00 dc 87 08 00 5d 00 00 00	5...(...t...>.......).......]...
8320	06 88 08 00 c9 00 00 00 64 88 08 00 3f 00 00 00 2e 89 08 00 dd 00 00 00 6e 89 08 00 4c 00 00 00	........d...?...........n...L...
8340	4c 8a 08 00 7f 00 00 00 99 8a 08 00 1d 00 00 00 19 8b 08 00 d7 00 00 00 37 8b 08 00 1e 00 00 00	L.......................7.......
8360	0f 8c 08 00 24 00 00 00 2e 8c 08 00 5c 00 00 00 53 8c 08 00 21 00 00 00 b0 8c 08 00 52 00 00 00	....$.......\...S...!.......R...
8380	d2 8c 08 00 5c 00 00 00 25 8d 08 00 44 01 00 00 82 8d 08 00 27 00 00 00 c7 8e 08 00 88 01 00 00	....\...%...D.......'...........
83a0	ef 8e 08 00 30 00 00 00 78 90 08 00 3e 00 00 00 a9 90 08 00 33 01 00 00 e8 90 08 00 41 00 00 00	....0...x...>.......3.......A...
83c0	1c 92 08 00 49 00 00 00 5e 92 08 00 1f 00 00 00 a8 92 08 00 30 00 00 00 c8 92 08 00 33 00 00 00	....I...^...........0.......3...
83e0	f9 92 08 00 11 00 00 00 2d 93 08 00 05 00 00 00 3f 93 08 00 03 00 00 00 45 93 08 00 0e 00 00 00	........-.......?.......E.......
8400	49 93 08 00 1b 00 00 00 58 93 08 00 1d 00 00 00 74 93 08 00 1f 00 00 00 92 93 08 00 04 00 00 00	I.......X.......t...............
8420	b2 93 08 00 0d 00 00 00 b7 93 08 00 32 00 00 00 c5 93 08 00 29 00 00 00 f8 93 08 00 07 00 00 00	............2.......)...........
8440	22 94 08 00 09 00 00 00 2a 94 08 00 0d 00 00 00 34 94 08 00 17 00 00 00 42 94 08 00 0f 00 00 00	".......*.......4.......B.......
8460	5a 94 08 00 0d 00 00 00 6a 94 08 00 06 00 00 00 78 94 08 00 19 00 00 00 7f 94 08 00 14 00 00 00	Z.......j.......x...............
8480	99 94 08 00 05 00 00 00 ae 94 08 00 15 00 00 00 b4 94 08 00 04 00 00 00 ca 94 08 00 04 00 00 00	................................
84a0	cf 94 08 00 06 00 00 00 d4 94 08 00 51 00 00 00 db 94 08 00 4a 01 00 00 2d 95 08 00 4d 00 00 00	............Q.......J...-...M...
84c0	78 96 08 00 05 00 00 00 c6 96 08 00 12 00 00 00 cc 96 08 00 15 00 00 00 df 96 08 00 22 00 00 00	x..........................."...
84e0	f5 96 08 00 10 00 00 00 18 97 08 00 12 00 00 00 29 97 08 00 0e 00 00 00 3c 97 08 00 10 00 00 00	................).......<.......
8500	4b 97 08 00 13 00 00 00 5c 97 08 00 16 00 00 00 70 97 08 00 06 00 00 00 87 97 08 00 09 00 00 00	K.......\.......p...............
8520	8e 97 08 00 1d 00 00 00 98 97 08 00 05 00 00 00 b6 97 08 00 0b 00 00 00 bc 97 08 00 13 00 00 00	................................
8540	c8 97 08 00 0d 00 00 00 dc 97 08 00 05 00 00 00 ea 97 08 00 68 00 00 00 f0 97 08 00 67 00 00 00	....................h.......g...
8560	59 98 08 00 79 00 00 00 c1 98 08 00 66 00 00 00 3b 99 08 00 03 00 00 00 a2 99 08 00 08 00 00 00	Y...y.......f...;...............
8580	a6 99 08 00 31 00 00 00 af 99 08 00 07 00 00 00 e1 99 08 00 08 00 00 00 e9 99 08 00 38 00 00 00	....1.......................8...
85a0	f2 99 08 00 10 00 00 00 2b 9a 08 00 0b 00 00 00 3c 9a 08 00 03 00 00 00 48 9a 08 00 1d 00 00 00	........+.......<.......H.......
85c0	4c 9a 08 00 1d 00 00 00 6a 9a 08 00 09 00 00 00 88 9a 08 00 26 00 00 00 92 9a 08 00 6d 00 00 00	L.......j...........&.......m...
85e0	b9 9a 08 00 46 00 00 00 27 9b 08 00 32 00 00 00 6e 9b 08 00 46 00 00 00 a1 9b 08 00 04 00 00 00	....F...'...2...n...F...........
8600	e8 9b 08 00 08 00 00 00 ed 9b 08 00 07 00 00 00 f6 9b 08 00 46 00 00 00 fe 9b 08 00 0d 00 00 00	....................F...........
8620	45 9c 08 00 1c 00 00 00 53 9c 08 00 73 00 00 00 70 9c 08 00 04 00 00 00 e4 9c 08 00 06 00 00 00	E.......S...s...p...............
8640	e9 9c 08 00 05 00 00 00 f0 9c 08 00 10 00 00 00 f6 9c 08 00 3c 00 00 00 07 9d 08 00 32 00 00 00	....................<.......2...
8660	44 9d 08 00 1c 00 00 00 77 9d 08 00 6d 00 00 00 94 9d 08 00 08 00 00 00 02 9e 08 00 14 00 00 00	D.......w...m...................
8680	0b 9e 08 00 14 00 00 00 20 9e 08 00 14 00 00 00 35 9e 08 00 14 00 00 00 4a 9e 08 00 14 00 00 00	................5.......J.......
86a0	5f 9e 08 00 14 00 00 00 74 9e 08 00 14 00 00 00 89 9e 08 00 06 00 00 00 9e 9e 08 00 06 00 00 00	_.......t.......................
86c0	a5 9e 08 00 06 00 00 00 ac 9e 08 00 06 00 00 00 b3 9e 08 00 06 00 00 00 ba 9e 08 00 06 00 00 00	................................
86e0	c1 9e 08 00 06 00 00 00 c8 9e 08 00 06 00 00 00 cf 9e 08 00 1f 00 00 00 d6 9e 08 00 08 00 00 00	................................
8700	f6 9e 08 00 08 00 00 00 ff 9e 08 00 a4 00 00 00 08 9f 08 00 03 00 00 00 ad 9f 08 00 0d 00 00 00	................................
8720	b1 9f 08 00 4c 00 00 00 bf 9f 08 00 04 00 00 00 0c a0 08 00 0c 00 00 00 11 a0 08 00 3f 00 00 00	....L.......................?...
8740	1e a0 08 00 29 00 00 00 5e a0 08 00 37 00 00 00 88 a0 08 00 2c 00 00 00 c0 a0 08 00 0e 00 00 00	....)...^...7.......,...........
8760	ed a0 08 00 33 00 00 00 fc a0 08 00 33 00 00 00 30 a1 08 00 0b 00 00 00 64 a1 08 00 14 00 00 00	....3.......3...0.......d.......
8780	70 a1 08 00 71 00 00 00 85 a1 08 00 46 00 00 00 f7 a1 08 00 04 00 00 00 3e a2 08 00 0b 00 00 00	p...q.......F...........>.......
87a0	43 a2 08 00 12 00 00 00 4f a2 08 00 0f 00 00 00 62 a2 08 00 08 00 00 00 72 a2 08 00 06 00 00 00	C.......O.......b.......r.......
87c0	7b a2 08 00 03 00 00 00 82 a2 08 00 0a 00 00 00 86 a2 08 00 0b 00 00 00 91 a2 08 00 40 00 00 00	{...........................@...
87e0	9d a2 08 00 07 00 00 00 de a2 08 00 9b 00 00 00 e6 a2 08 00 11 00 00 00 82 a3 08 00 0d 00 00 00	................................
8800	94 a3 08 00 13 00 00 00 a2 a3 08 00 15 00 00 00 b6 a3 08 00 18 00 00 00 cc a3 08 00 1b 00 00 00	................................
8820	e5 a3 08 00 0a 00 00 00 01 a4 08 00 12 00 00 00 0c a4 08 00 1c 00 00 00 1f a4 08 00 0f 00 00 00	................................
8840	3c a4 08 00 05 00 00 00 4c a4 08 00 0e 00 00 00 52 a4 08 00 0e 00 00 00 61 a4 08 00 0d 00 00 00	<.......L.......R.......a.......
8860	70 a4 08 00 2a 00 00 00 7e a4 08 00 15 00 00 00 a9 a4 08 00 31 00 00 00 bf a4 08 00 39 00 00 00	p...*...~...........1.......9...
8880	f1 a4 08 00 34 00 00 00 2b a5 08 00 0b 00 00 00 60 a5 08 00 09 00 00 00 6c a5 08 00 07 00 00 00	....4...+.......`.......l.......
88a0	76 a5 08 00 05 00 00 00 7e a5 08 00 72 00 00 00 84 a5 08 00 08 00 00 00 f7 a5 08 00 0e 00 00 00	v.......~...r...................
88c0	00 a6 08 00 11 00 00 00 0f a6 08 00 38 00 00 00 21 a6 08 00 0d 00 00 00 5a a6 08 00 0d 00 00 00	............8...!.......Z.......
88e0	68 a6 08 00 06 00 00 00 76 a6 08 00 3a 00 00 00 7d a6 08 00 0b 00 00 00 b8 a6 08 00 40 00 00 00	h.......v...:...}...........@...
8900	c4 a6 08 00 0e 00 00 00 05 a7 08 00 0f 00 00 00 14 a7 08 00 07 00 00 00 24 a7 08 00 0e 00 00 00	........................$.......
8920	2c a7 08 00 0c 00 00 00 3b a7 08 00 ad 00 00 00 48 a7 08 00 0b 00 00 00 f6 a7 08 00 06 00 00 00	,.......;.......H...............
8940	02 a8 08 00 04 00 00 00 09 a8 08 00 d7 00 00 00 0e a8 08 00 10 00 00 00 e6 a8 08 00 ed 01 00 00	................................
8960	f7 a8 08 00 0b 00 00 00 e5 aa 08 00 0b 00 00 00 f1 aa 08 00 0c 00 00 00 fd aa 08 00 06 00 00 00	................................
8980	0a ab 08 00 0e 00 00 00 11 ab 08 00 58 00 00 00 20 ab 08 00 04 00 00 00 79 ab 08 00 04 00 00 00	............X...........y.......
89a0	7e ab 08 00 05 00 00 00 83 ab 08 00 0e 00 00 00 89 ab 08 00 47 00 00 00 98 ab 08 00 05 00 00 00	~...................G...........
89c0	e0 ab 08 00 07 00 00 00 e6 ab 08 00 68 00 00 00 ee ab 08 00 19 00 00 00 57 ac 08 00 14 00 00 00	............h...........W.......
89e0	71 ac 08 00 2c 00 00 00 86 ac 08 00 0b 00 00 00 b3 ac 08 00 09 00 00 00 bf ac 08 00 08 00 00 00	q...,...........................
8a00	c9 ac 08 00 53 00 00 00 d2 ac 08 00 08 00 00 00 26 ad 08 00 22 00 00 00 2f ad 08 00 04 00 00 00	....S...........&...".../.......
8a20	52 ad 08 00 da 00 00 00 57 ad 08 00 43 00 00 00 32 ae 08 00 52 00 00 00 76 ae 08 00 42 00 00 00	R.......W...C...2...R...v...B...
8a40	c9 ae 08 00 3b 00 00 00 0c af 08 00 42 00 00 00 48 af 08 00 3a 00 00 00 8b af 08 00 24 00 00 00	....;.......B...H...:.......$...
8a60	c6 af 08 00 1a 00 00 00 eb af 08 00 6f 00 00 00 06 b0 08 00 5d 01 00 00 76 b0 08 00 48 00 00 00	............o.......]...v...H...
8a80	d4 b1 08 00 46 00 00 00 1d b2 08 00 31 00 00 00 64 b2 08 00 31 00 00 00 96 b2 08 00 3e 00 00 00	....F.......1...d...1.......>...
8aa0	c8 b2 08 00 23 00 00 00 07 b3 08 00 18 00 00 00 2b b3 08 00 23 00 00 00 44 b3 08 00 20 00 00 00	....#...........+...#...D.......
8ac0	68 b3 08 00 21 00 00 00 89 b3 08 00 21 00 00 00 ab b3 08 00 3f 00 00 00 cd b3 08 00 15 00 00 00	h...!.......!.......?...........
8ae0	0d b4 08 00 2d 00 00 00 23 b4 08 00 27 00 00 00 51 b4 08 00 1d 00 00 00 79 b4 08 00 1c 00 00 00	....-...#...'...Q.......y.......
8b00	97 b4 08 00 0c 00 00 00 b4 b4 08 00 21 00 00 00 c1 b4 08 00 3e 00 00 00 e3 b4 08 00 0c 00 00 00	............!.......>...........
8b20	22 b5 08 00 12 00 00 00 2f b5 08 00 11 00 00 00 42 b5 08 00 12 00 00 00 54 b5 08 00 8b 00 00 00	"......./.......B.......T.......
8b40	67 b5 08 00 8c 00 00 00 f3 b5 08 00 30 01 00 00 80 b6 08 00 d5 00 00 00 b1 b7 08 00 94 00 00 00	g...........0...................
8b60	87 b8 08 00 2c 01 00 00 1c b9 08 00 f6 01 00 00 49 ba 08 00 67 00 00 00 40 bc 08 00 12 00 00 00	....,...........I...g...@.......
8b80	a8 bc 08 00 18 00 00 00 bb bc 08 00 18 00 00 00 d4 bc 08 00 1b 00 00 00 ed bc 08 00 1a 00 00 00	................................
8ba0	09 bd 08 00 15 00 00 00 24 bd 08 00 0d 00 00 00 3a bd 08 00 14 00 00 00 48 bd 08 00 0a 00 00 00	........$.......:.......H.......
8bc0	5d bd 08 00 0b 00 00 00 68 bd 08 00 0a 00 00 00 74 bd 08 00 0b 00 00 00 7f bd 08 00 0a 00 00 00	].......h.......t...............
8be0	8b bd 08 00 0a 00 00 00 96 bd 08 00 4d 00 00 00 a1 bd 08 00 7e 03 00 00 ef bd 08 00 10 00 00 00	............M.......~...........
8c00	6e c1 08 00 10 00 00 00 7f c1 08 00 10 00 00 00 90 c1 08 00 16 00 00 00 a1 c1 08 00 0b 00 00 00	n...............................
8c20	b8 c1 08 00 2e 00 00 00 c4 c1 08 00 2d 00 00 00 f3 c1 08 00 37 00 00 00 21 c2 08 00 33 00 00 00	............-.......7...!...3...
8c40	59 c2 08 00 29 00 00 00 8d c2 08 00 3b 00 00 00 b7 c2 08 00 1e 00 00 00 f3 c2 08 00 3b 00 00 00	Y...).......;...............;...
8c60	12 c3 08 00 2e 00 00 00 4e c3 08 00 4e 00 00 00 7d c3 08 00 11 00 00 00 cc c3 08 00 06 00 00 00	........N...N...}...............
8c80	de c3 08 00 11 00 00 00 e5 c3 08 00 06 00 00 00 f7 c3 08 00 2d 00 00 00 fe c3 08 00 25 00 00 00	....................-.......%...
8ca0	2c c4 08 00 0c 00 00 00 52 c4 08 00 0c 00 00 00 5f c4 08 00 0c 00 00 00 6c c4 08 00 13 00 00 00	,.......R......._.......l.......
8cc0	79 c4 08 00 30 00 00 00 8d c4 08 00 31 00 00 00 be c4 08 00 07 00 00 00 f0 c4 08 00 07 00 00 00	y...0.......1...................
8ce0	f8 c4 08 00 0d 00 00 00 00 c5 08 00 14 00 00 00 0e c5 08 00 1d 00 00 00 23 c5 08 00 19 00 00 00	........................#.......
8d00	41 c5 08 00 0a 00 00 00 5b c5 08 00 24 00 00 00 66 c5 08 00 27 00 00 00 8b c5 08 00 0b 00 00 00	A.......[...$...f...'...........
8d20	b3 c5 08 00 10 00 00 00 bf c5 08 00 10 00 00 00 d0 c5 08 00 70 00 00 00 e1 c5 08 00 57 00 00 00	....................p.......W...
8d40	52 c6 08 00 37 00 00 00 aa c6 08 00 5a 00 00 00 e2 c6 08 00 a3 00 00 00 3d c7 08 00 74 00 00 00	R...7.......Z...........=...t...
8d60	e1 c7 08 00 35 01 00 00 56 c8 08 00 16 01 00 00 8c c9 08 00 7e 00 00 00 a3 ca 08 00 2f 02 00 00	....5...V...........~......./...
8d80	22 cb 08 00 6f 00 00 00 52 cd 08 00 39 01 00 00 c2 cd 08 00 dd 00 00 00 fc ce 08 00 14 00 00 00	"...o...R...9...................
8da0	da cf 08 00 90 00 00 00 ef cf 08 00 52 00 00 00 80 d0 08 00 58 00 00 00 d3 d0 08 00 58 00 00 00	............R.......X.......X...
8dc0	2c d1 08 00 e4 00 00 00 85 d1 08 00 68 00 00 00 6a d2 08 00 5d 00 00 00 d3 d2 08 00 6c 00 00 00	,...........h...j...].......l...
8de0	31 d3 08 00 5a 00 00 00 9e d3 08 00 a4 00 00 00 f9 d3 08 00 6d 00 00 00 9e d4 08 00 c7 00 00 00	1...Z...............m...........
8e00	0c d5 08 00 f1 00 00 00 d4 d5 08 00 08 00 00 00 c6 d6 08 00 35 00 00 00 cf d6 08 00 32 00 00 00	....................5.......2...
8e20	05 d7 08 00 4c 00 00 00 38 d7 08 00 30 00 00 00 85 d7 08 00 38 00 00 00 b6 d7 08 00 36 00 00 00	....L...8...0.......8.......6...
8e40	ef d7 08 00 19 00 00 00 26 d8 08 00 3a 00 00 00 40 d8 08 00 7b 01 00 00 7b d8 08 00 36 00 00 00	........&...:...@...{...{...6...
8e60	f7 d9 08 00 47 00 00 00 2e da 08 00 55 00 00 00 76 da 08 00 35 00 00 00 cc da 08 00 29 00 00 00	....G.......U...v...5.......)...
8e80	02 db 08 00 af 00 00 00 2c db 08 00 6c 00 00 00 dc db 08 00 a7 00 00 00 49 dc 08 00 3a 00 00 00	........,...l...........I...:...
8ea0	f1 dc 08 00 5a 01 00 00 2c dd 08 00 9f 01 00 00 87 de 08 00 b5 00 00 00 27 e0 08 00 51 00 00 00	....Z...,...............'...Q...
8ec0	dd e0 08 00 1a 00 00 00 2f e1 08 00 80 00 00 00 4a e1 08 00 40 00 00 00 cb e1 08 00 09 00 00 00	......../.......J...@...........
8ee0	0c e2 08 00 3c 00 00 00 16 e2 08 00 b1 00 00 00 53 e2 08 00 54 00 00 00 05 e3 08 00 2c 00 00 00	....<...........S...T.......,...
8f00	5a e3 08 00 47 00 00 00 87 e3 08 00 bc 00 00 00 cf e3 08 00 bf 00 00 00 8c e4 08 00 37 00 00 00	Z...G.......................7...
8f20	4c e5 08 00 9a 00 00 00 84 e5 08 00 01 00 00 00 1f e6 08 00 2c 00 00 00 21 e6 08 00 11 00 00 00	L...................,...!.......
8f40	4e e6 08 00 06 00 00 00 60 e6 08 00 06 00 00 00 67 e6 08 00 06 00 00 00 6e e6 08 00 06 00 00 00	N.......`.......g.......n.......
8f60	75 e6 08 00 06 00 00 00 7c e6 08 00 06 00 00 00 83 e6 08 00 06 00 00 00 8a e6 08 00 06 00 00 00	u.......|.......................
8f80	91 e6 08 00 06 00 00 00 98 e6 08 00 06 00 00 00 9f e6 08 00 0e 00 00 00 a6 e6 08 00 01 00 00 00	................................
8fa0	b5 e6 08 00 11 00 00 00 b7 e6 08 00 0a 00 00 00 c9 e6 08 00 1a 00 00 00 d4 e6 08 00 02 00 00 00	................................
8fc0	ef e6 08 00 0e 00 00 00 f2 e6 08 00 2d 00 00 00 01 e7 08 00 10 00 00 00 2f e7 08 00 0f 00 00 00	............-.........../.......
8fe0	40 e7 08 00 11 00 00 00 50 e7 08 00 13 00 00 00 62 e7 08 00 06 00 00 00 76 e7 08 00 06 00 00 00	@.......P.......b.......v.......
9000	7d e7 08 00 06 00 00 00 84 e7 08 00 06 00 00 00 8b e7 08 00 02 00 00 00 92 e7 08 00 03 00 00 00	}...............................
9020	95 e7 08 00 02 00 00 00 99 e7 08 00 08 00 00 00 9c e7 08 00 02 00 00 00 a5 e7 08 00 02 00 00 00	................................
9040	a8 e7 08 00 02 00 00 00 ab e7 08 00 02 00 00 00 ae e7 08 00 02 00 00 00 b1 e7 08 00 32 00 00 00	............................2...
9060	b4 e7 08 00 02 00 00 00 e7 e7 08 00 02 00 00 00 ea e7 08 00 35 00 00 00 ed e7 08 00 17 00 00 00	....................5...........
9080	23 e8 08 00 01 00 00 00 3b e8 08 00 1a 00 00 00 3d e8 08 00 02 00 00 00 58 e8 08 00 02 00 00 00	#.......;.......=.......X.......
90a0	5b e8 08 00 02 00 00 00 5e e8 08 00 02 00 00 00 61 e8 08 00 11 00 00 00 64 e8 08 00 11 00 00 00	[.......^.......a.......d.......
90c0	76 e8 08 00 03 00 00 00 88 e8 08 00 02 00 00 00 8c e8 08 00 02 00 00 00 8f e8 08 00 63 00 00 00	v...........................c...
90e0	92 e8 08 00 0f 00 00 00 f6 e8 08 00 01 00 00 00 06 e9 08 00 20 00 00 00 08 e9 08 00 02 00 00 00	................................
9100	29 e9 08 00 02 00 00 00 2c e9 08 00 02 00 00 00 2f e9 08 00 02 00 00 00 32 e9 08 00 01 00 00 00	).......,......./.......2.......
9120	35 e9 08 00 1a 00 00 00 37 e9 08 00 e6 00 00 00 52 e9 08 00 11 00 00 00 39 ea 08 00 02 00 00 00	5.......7.......R.......9.......
9140	4b ea 08 00 02 00 00 00 4e ea 08 00 02 00 00 00 51 ea 08 00 01 00 00 00 54 ea 08 00 11 00 00 00	K.......N.......Q.......T.......
9160	56 ea 08 00 0f 00 00 00 68 ea 08 00 11 00 00 00 78 ea 08 00 02 00 00 00 8a ea 08 00 01 00 00 00	V.......h.......x...............
9180	8d ea 08 00 02 00 00 00 8f ea 08 00 3b 00 00 00 92 ea 08 00 02 00 00 00 ce ea 08 00 02 00 00 00	............;...................
91a0	d1 ea 08 00 0a 00 00 00 d4 ea 08 00 6b 02 00 00 df ea 08 00 01 00 00 00 4b ed 08 00 02 00 00 00	............k...........K.......
91c0	4d ed 08 00 01 00 00 00 50 ed 08 00 6c 00 00 00 52 ed 08 00 01 00 00 00 bf ed 08 00 76 00 00 00	M.......P...l...R...........v...
91e0	c1 ed 08 00 61 01 00 00 38 ee 08 00 8b 00 00 00 9a ef 08 00 10 01 00 00 26 f0 08 00 36 00 00 00	....a...8...............&...6...
9200	37 f1 08 00 22 01 00 00 6e f1 08 00 26 02 00 00 91 f2 08 00 ec 00 00 00 b8 f4 08 00 8b 00 00 00	7..."...n...&...................
9220	a5 f5 08 00 8c 01 00 00 31 f6 08 00 bd 00 00 00 be f7 08 00 08 02 00 00 7c f8 08 00 53 01 00 00	........1...............|...S...
9240	85 fa 08 00 dc 00 00 00 d9 fb 08 00 4f 00 00 00 b6 fc 08 00 aa 03 00 00 06 fd 08 00 8b 01 00 00	............O...................
9260	b1 00 09 00 80 01 00 00 3d 02 09 00 b5 01 00 00 be 03 09 00 61 00 00 00 74 05 09 00 8f 05 00 00	........=...........a...t.......
9280	d6 05 09 00 32 02 00 00 66 0b 09 00 0b 01 00 00 99 0d 09 00 7e 00 00 00 a5 0e 09 00 37 00 00 00	....2...f...........~.......7...
92a0	24 0f 09 00 8f 01 00 00 5c 0f 09 00 01 01 00 00 ec 10 09 00 da 01 00 00 ee 11 09 00 8e 02 00 00	$.......\.......................
92c0	c9 13 09 00 a6 00 00 00 58 16 09 00 e3 01 00 00 ff 16 09 00 af 01 00 00 e3 18 09 00 f6 01 00 00	........X.......................
92e0	93 1a 09 00 17 02 00 00 8a 1c 09 00 d9 01 00 00 a2 1e 09 00 57 01 00 00 7c 20 09 00 82 00 00 00	....................W...|.......
9300	d4 21 09 00 fb 00 00 00 57 22 09 00 b4 01 00 00 53 23 09 00 d6 01 00 00 08 25 09 00 59 01 00 00	.!......W"......S#.......%..Y...
9320	df 26 09 00 50 01 00 00 39 28 09 00 be 01 00 00 8a 29 09 00 68 01 00 00 49 2b 09 00 04 02 00 00	.&..P...9(.......)..h...I+......
9340	b2 2c 09 00 84 00 00 00 b7 2e 09 00 f9 00 00 00 3c 2f 09 00 a4 00 00 00 36 30 09 00 43 00 00 00	.,..............</......60..C...
9360	db 30 09 00 5c 00 00 00 1f 31 09 00 52 00 00 00 7c 31 09 00 46 00 00 00 cf 31 09 00 50 00 00 00	.0..\....1..R...|1..F....1..P...
9380	16 32 09 00 48 00 00 00 67 32 09 00 4c 00 00 00 b0 32 09 00 47 00 00 00 fd 32 09 00 48 00 00 00	.2..H...g2..L....2..G....2..H...
93a0	45 33 09 00 41 00 00 00 8e 33 09 00 44 00 00 00 d0 33 09 00 19 00 00 00 15 34 09 00 29 00 00 00	E3..A....3..D....3.......4..)...
93c0	2f 34 09 00 12 00 00 00 59 34 09 00 3d 00 00 00 6c 34 09 00 13 00 00 00 aa 34 09 00 3f 00 00 00	/4......Y4..=...l4.......4..?...
93e0	be 34 09 00 13 00 00 00 fe 34 09 00 3f 00 00 00 12 35 09 00 15 00 00 00 52 35 09 00 43 00 00 00	.4.......4..?....5......R5..C...
9400	68 35 09 00 15 00 00 00 ac 35 09 00 43 00 00 00 c2 35 09 00 31 01 00 00 06 36 09 00 11 00 00 00	h5.......5..C....5..1....6......
9420	38 37 09 00 80 01 00 00 4a 37 09 00 41 01 00 00 cb 38 09 00 19 00 00 00 0d 3a 09 00 37 00 00 00	87......J7..A....8.......:..7...
9440	27 3a 09 00 2a 00 00 00 5f 3a 09 00 39 00 00 00 8a 3a 09 00 29 00 00 00 c4 3a 09 00 07 00 00 00	':..*..._:..9....:..)....:......
9460	ee 3a 09 00 4d 00 00 00 f6 3a 09 00 b6 00 00 00 44 3b 09 00 40 00 00 00 fb 3b 09 00 2f 00 00 00	.:..M....:......D;..@....;../...
9480	3c 3c 09 00 32 00 00 00 6c 3c 09 00 35 00 00 00 9f 3c 09 00 1d 00 00 00 d5 3c 09 00 27 00 00 00	<<..2...l<..5....<.......<..'...
94a0	f3 3c 09 00 1f 00 00 00 1b 3d 09 00 36 00 00 00 3b 3d 09 00 39 00 00 00 72 3d 09 00 18 01 00 00	.<.......=..6...;=..9...r=......
94c0	ac 3d 09 00 1e 00 00 00 c5 3e 09 00 5c 00 00 00 e4 3e 09 00 37 01 00 00 41 3f 09 00 cb 01 00 00	.=.......>..\....>..7...A?......
94e0	79 40 09 00 59 01 00 00 45 42 09 00 3a 01 00 00 9f 43 09 00 2d 00 00 00 da 44 09 00 3a 00 00 00	y@..Y...EB..:....C..-....D..:...
9500	08 45 09 00 6d 00 00 00 43 45 09 00 77 00 00 00 b1 45 09 00 8b 00 00 00 29 46 09 00 cc 01 00 00	.E..m...CE..w....E......)F......
9520	b5 46 09 00 ba 00 00 00 82 48 09 00 16 00 00 00 3d 49 09 00 28 00 00 00 54 49 09 00 77 01 00 00	.F.......H......=I..(...TI..w...
9540	7d 49 09 00 51 00 00 00 f5 4a 09 00 26 00 00 00 47 4b 09 00 85 00 00 00 6e 4b 09 00 8b 00 00 00	}I..Q....J..&...GK......nK......
9560	f4 4b 09 00 cf 00 00 00 80 4c 09 00 34 01 00 00 50 4d 09 00 2f 00 00 00 85 4e 09 00 72 00 00 00	.K.......L..4...PM../....N..r...
9580	b5 4e 09 00 65 00 00 00 28 4f 09 00 31 00 00 00 8e 4f 09 00 01 01 00 00 c0 4f 09 00 33 00 00 00	.N..e...(O..1....O.......O..3...
95a0	c2 50 09 00 3c 00 00 00 f6 50 09 00 93 01 00 00 33 51 09 00 e4 01 00 00 c7 52 09 00 63 00 00 00	.P..<....P......3Q.......R..c...
95c0	ac 54 09 00 d4 00 00 00 10 55 09 00 ed 00 00 00 e5 55 09 00 78 00 00 00 d3 56 09 00 90 00 00 00	.T.......U.......U..x....V......
95e0	4c 57 09 00 a2 00 00 00 dd 57 09 00 88 00 00 00 80 58 09 00 4e 00 00 00 09 59 09 00 58 00 00 00	LW.......W.......X..N....Y..X...
9600	58 59 09 00 08 01 00 00 b1 59 09 00 65 00 00 00 ba 5a 09 00 7e 00 00 00 20 5b 09 00 48 01 00 00	XY.......Y..e....Z..~....[..H...
9620	9f 5b 09 00 35 01 00 00 e8 5c 09 00 90 00 00 00 1e 5e 09 00 a3 00 00 00 af 5e 09 00 02 01 00 00	.[..5....\.......^.......^......
9640	53 5f 09 00 3f 00 00 00 56 60 09 00 24 00 00 00 96 60 09 00 22 01 00 00 bb 60 09 00 1c 00 00 00	S_..?...V`..$....`.."....`......
9660	de 61 09 00 2c 00 00 00 fb 61 09 00 43 00 00 00 28 62 09 00 b1 01 00 00 6c 62 09 00 4f 00 00 00	.a..,....a..C...(b......lb..O...
9680	1e 64 09 00 37 00 00 00 6e 64 09 00 26 00 00 00 a6 64 09 00 0a 02 00 00 cd 64 09 00 62 00 00 00	.d..7...nd..&....d.......d..b...
96a0	d8 66 09 00 41 00 00 00 3b 67 09 00 3d 00 00 00 7d 67 09 00 35 00 00 00 bb 67 09 00 77 00 00 00	.f..A...;g..=...}g..5....g..w...
96c0	f1 67 09 00 03 00 00 00 69 68 09 00 5c 00 00 00 6d 68 09 00 0c 00 00 00 ca 68 09 00 a8 00 00 00	.g......ih..\...mh.......h......
96e0	d7 68 09 00 70 00 00 00 80 69 09 00 12 00 00 00 f1 69 09 00 0c 00 00 00 04 6a 09 00 79 00 00 00	.h..p....i.......i.......j..y...
9700	11 6a 09 00 45 00 00 00 8b 6a 09 00 07 00 00 00 d1 6a 09 00 10 00 00 00 d9 6a 09 00 22 00 00 00	.j..E....j.......j.......j.."...
9720	ea 6a 09 00 68 00 00 00 0d 6b 09 00 41 00 00 00 76 6b 09 00 40 00 00 00 b8 6b 09 00 23 00 00 00	.j..h....k..A...vk..@....k..#...
9740	f9 6b 09 00 c5 00 00 00 1d 6c 09 00 9f 00 00 00 e3 6c 09 00 3c 00 00 00 83 6d 09 00 35 00 00 00	.k.......l.......l..<....m..5...
9760	c0 6d 09 00 4e 00 00 00 f6 6d 09 00 86 00 00 00 45 6e 09 00 68 00 00 00 cc 6e 09 00 63 00 00 00	.m..N....m......En..h....n..c...
9780	35 6f 09 00 2f 00 00 00 99 6f 09 00 48 00 00 00 c9 6f 09 00 a3 00 00 00 12 70 09 00 81 00 00 00	5o../....o..H....o.......p......
97a0	b6 70 09 00 46 00 00 00 38 71 09 00 1c 00 00 00 7f 71 09 00 7d 00 00 00 9c 71 09 00 60 00 00 00	.p..F...8q.......q..}....q..`...
97c0	1a 72 09 00 ee 00 00 00 7b 72 09 00 09 01 00 00 6a 73 09 00 68 00 00 00 74 74 09 00 07 00 00 00	.r......{r......js..h...tt......
97e0	dd 74 09 00 12 00 00 00 e5 74 09 00 10 00 00 00 f8 74 09 00 0e 00 00 00 09 75 09 00 42 00 00 00	.t.......t.......t.......u..B...
9800	18 75 09 00 0d 00 00 00 5b 75 09 00 24 00 00 00 69 75 09 00 ba 00 00 00 8e 75 09 00 17 00 00 00	.u......[u..$...iu.......u......
9820	49 76 09 00 c7 00 00 00 61 76 09 00 1a 00 00 00 29 77 09 00 3c 00 00 00 44 77 09 00 14 00 00 00	Iv......av......)w..<...Dw......
9840	81 77 09 00 7e 00 00 00 96 77 09 00 74 00 00 00 15 78 09 00 74 00 00 00 8a 78 09 00 2e 00 00 00	.w..~....w..t....x..t....x......
9860	ff 78 09 00 05 00 00 00 2e 79 09 00 09 00 00 00 34 79 09 00 07 00 00 00 3e 79 09 00 66 00 00 00	.x.......y......4y......>y..f...
9880	46 79 09 00 4f 00 00 00 ad 79 09 00 9a 00 00 00 fd 79 09 00 b1 00 00 00 98 7a 09 00 0e 00 00 00	Fy..O....y.......y.......z......
98a0	4a 7b 09 00 67 00 00 00 59 7b 09 00 ae 00 00 00 c1 7b 09 00 89 00 00 00 70 7c 09 00 28 00 00 00	J{..g...Y{.......{......p|..(...
98c0	fa 7c 09 00 ac 00 00 00 23 7d 09 00 74 00 00 00 d0 7d 09 00 97 00 00 00 45 7e 09 00 3a 00 00 00	.|......#}..t....}......E~..:...
98e0	dd 7e 09 00 40 00 00 00 18 7f 09 00 27 00 00 00 59 7f 09 00 29 00 00 00 81 7f 09 00 21 00 00 00	.~..@.......'...Y...).......!...
9900	ab 7f 09 00 08 01 00 00 cd 7f 09 00 61 01 00 00 d6 80 09 00 2e 00 00 00 38 82 09 00 80 00 00 00	............a...........8.......
9920	67 82 09 00 30 00 00 00 e8 82 09 00 c8 00 00 00 19 83 09 00 9c 00 00 00 e2 83 09 00 40 00 00 00	g...0.......................@...
9940	7f 84 09 00 b7 00 00 00 c0 84 09 00 b7 00 00 00 78 85 09 00 5a 00 00 00 30 86 09 00 c4 00 00 00	................x...Z...0.......
9960	8b 86 09 00 6e 00 00 00 50 87 09 00 a5 00 00 00 bf 87 09 00 c3 00 00 00 65 88 09 00 18 00 00 00	....n...P...............e.......
9980	29 89 09 00 54 00 00 00 42 89 09 00 89 00 00 00 97 89 09 00 6b 00 00 00 21 8a 09 00 3d 00 00 00	)...T...B...........k...!...=...
99a0	8d 8a 09 00 91 00 00 00 cb 8a 09 00 81 00 00 00 5d 8b 09 00 39 00 00 00 df 8b 09 00 3e 01 00 00	................]...9.......>...
99c0	19 8c 09 00 58 00 00 00 58 8d 09 00 c2 00 00 00 b1 8d 09 00 6a 00 00 00 74 8e 09 00 85 02 00 00	....X...X...........j...t.......
99e0	df 8e 09 00 cb 00 00 00 65 91 09 00 40 00 00 00 31 92 09 00 9e 01 00 00 72 92 09 00 84 01 00 00	........e...@...1.......r.......
9a00	11 94 09 00 bb 00 00 00 96 95 09 00 56 00 00 00 52 96 09 00 39 00 00 00 a9 96 09 00 1d 00 00 00	............V...R...9...........
9a20	e3 96 09 00 4b 00 00 00 01 97 09 00 0b 00 00 00 4d 97 09 00 02 01 00 00 59 97 09 00 0d 00 00 00	....K...........M.......Y.......
9a40	5c 98 09 00 34 00 00 00 6a 98 09 00 2c 00 00 00 9f 98 09 00 c8 00 00 00 cc 98 09 00 43 01 00 00	\...4...j...,...............C...
9a60	95 99 09 00 3e 00 00 00 d9 9a 09 00 ad 00 00 00 18 9b 09 00 aa 00 00 00 c6 9b 09 00 44 00 00 00	....>.......................D...
9a80	71 9c 09 00 1d 00 00 00 b6 9c 09 00 23 00 00 00 d4 9c 09 00 19 00 00 00 f8 9c 09 00 12 00 00 00	q...........#...................
9aa0	12 9d 09 00 43 00 00 00 25 9d 09 00 31 00 00 00 69 9d 09 00 0a 00 00 00 9b 9d 09 00 08 00 00 00	....C...%...1...i...............
9ac0	a6 9d 09 00 28 01 00 00 af 9d 09 00 81 00 00 00 d8 9e 09 00 aa 00 00 00 5a 9f 09 00 d5 00 00 00	....(...................Z.......
9ae0	05 a0 09 00 71 00 00 00 db a0 09 00 78 00 00 00 4d a1 09 00 99 00 00 00 c6 a1 09 00 1d 01 00 00	....q.......x...M...............
9b00	60 a2 09 00 1a 01 00 00 7e a3 09 00 39 01 00 00 99 a4 09 00 32 01 00 00 d3 a5 09 00 a2 00 00 00	`.......~...9.......2...........
9b20	06 a7 09 00 93 00 00 00 a9 a7 09 00 47 00 00 00 3d a8 09 00 83 00 00 00 85 a8 09 00 6e 00 00 00	............G...=...........n...
9b40	09 a9 09 00 91 00 00 00 78 a9 09 00 59 00 00 00 0a aa 09 00 96 00 00 00 64 aa 09 00 8e 00 00 00	........x...Y...........d.......
9b60	fb aa 09 00 c1 00 00 00 8a ab 09 00 59 01 00 00 4c ac 09 00 23 00 00 00 a6 ad 09 00 43 00 00 00	............Y...L...#.......C...
9b80	ca ad 09 00 27 00 00 00 0e ae 09 00 2d 00 00 00 36 ae 09 00 3b 00 00 00 64 ae 09 00 6e 00 00 00	....'.......-...6...;...d...n...
9ba0	a0 ae 09 00 82 00 00 00 0f af 09 00 68 00 00 00 92 af 09 00 19 00 00 00 fb af 09 00 19 00 00 00	............h...................
9bc0	15 b0 09 00 19 00 00 00 2f b0 09 00 19 00 00 00 49 b0 09 00 19 00 00 00 63 b0 09 00 19 00 00 00	......../.......I.......c.......
9be0	7d b0 09 00 19 00 00 00 97 b0 09 00 19 00 00 00 b1 b0 09 00 19 00 00 00 cb b0 09 00 19 00 00 00	}...............................
9c00	e5 b0 09 00 19 00 00 00 ff b0 09 00 19 00 00 00 19 b1 09 00 7b 00 00 00 33 b1 09 00 c2 00 00 00	....................{...3.......
9c20	af b1 09 00 41 00 00 00 72 b2 09 00 c0 00 00 00 b4 b2 09 00 68 00 00 00 75 b3 09 00 0e 00 00 00	....A...r...........h...u.......
9c40	de b3 09 00 16 00 00 00 ed b3 09 00 25 00 00 00 04 b4 09 00 29 00 00 00 2a b4 09 00 24 00 00 00	............%.......)...*...$...
9c60	54 b4 09 00 e6 00 00 00 79 b4 09 00 20 00 00 00 60 b5 09 00 14 00 00 00 81 b5 09 00 45 00 00 00	T.......y.......`...........E...
9c80	96 b5 09 00 13 00 00 00 dc b5 09 00 17 00 00 00 f0 b5 09 00 17 00 00 00 08 b6 09 00 3d 00 00 00	............................=...
9ca0	20 b6 09 00 12 00 00 00 5e b6 09 00 14 00 00 00 71 b6 09 00 13 00 00 00 86 b6 09 00 03 00 00 00	........^.......q...............
9cc0	9a b6 09 00 1b 00 00 00 9e b6 09 00 59 00 00 00 ba b6 09 00 03 00 00 00 14 b7 09 00 14 00 00 00	............Y...................
9ce0	18 b7 09 00 14 00 00 00 2d b7 09 00 1d 00 00 00 42 b7 09 00 1a 00 00 00 60 b7 09 00 0b 00 00 00	........-.......B.......`.......
9d00	7b b7 09 00 18 00 00 00 87 b7 09 00 19 00 00 00 a0 b7 09 00 44 00 00 00 ba b7 09 00 1a 00 00 00	{...................D...........
9d20	ff b7 09 00 1f 00 00 00 1a b8 09 00 1c 00 00 00 3a b8 09 00 20 00 00 00 57 b8 09 00 65 01 00 00	................:.......W...e...
9d40	78 b8 09 00 54 01 00 00 de b9 09 00 c3 02 00 00 33 bb 09 00 05 00 00 00 f7 bd 09 00 67 00 00 00	x...T...........3...........g...
9d60	fd bd 09 00 81 01 00 00 65 be 09 00 07 00 00 00 e7 bf 09 00 13 00 00 00 ef bf 09 00 0f 00 00 00	........e.......................
9d80	03 c0 09 00 1e 00 00 00 13 c0 09 00 11 00 00 00 32 c0 09 00 21 00 00 00 44 c0 09 00 4c 00 00 00	................2...!...D...L...
9da0	66 c0 09 00 50 00 00 00 b3 c0 09 00 69 00 00 00 04 c1 09 00 17 00 00 00 6e c1 09 00 0e 00 00 00	f...P.......i...........n.......
9dc0	86 c1 09 00 0e 00 00 00 95 c1 09 00 3f 00 00 00 a4 c1 09 00 36 00 00 00 e4 c1 09 00 0b 00 00 00	............?.......6...........
9de0	1b c2 09 00 d1 00 00 00 27 c2 09 00 19 00 00 00 f9 c2 09 00 87 00 00 00 13 c3 09 00 89 00 00 00	........'.......................
9e00	9b c3 09 00 db 00 00 00 25 c4 09 00 55 00 00 00 01 c5 09 00 75 00 00 00 57 c5 09 00 27 00 00 00	........%...U.......u...W...'...
9e20	cd c5 09 00 1c 00 00 00 f5 c5 09 00 7d 01 00 00 12 c6 09 00 11 00 00 00 90 c7 09 00 0c 00 00 00	............}...................
9e40	a2 c7 09 00 3f 00 00 00 af c7 09 00 63 00 00 00 ef c7 09 00 09 00 00 00 53 c8 09 00 5d 00 00 00	....?.......c...........S...]...
9e60	5d c8 09 00 58 00 00 00 bb c8 09 00 59 00 00 00 14 c9 09 00 34 00 00 00 6e c9 09 00 17 00 00 00	]...X.......Y.......4...n.......
9e80	a3 c9 09 00 0c 00 00 00 bb c9 09 00 25 00 00 00 c8 c9 09 00 13 00 00 00 ee c9 09 00 29 00 00 00	............%...............)...
9ea0	02 ca 09 00 83 00 00 00 2c ca 09 00 6e 00 00 00 b0 ca 09 00 31 00 00 00 1f cb 09 00 06 00 00 00	........,...n.......1...........
9ec0	51 cb 09 00 0e 00 00 00 58 cb 09 00 3f 00 00 00 67 cb 09 00 37 00 00 00 a7 cb 09 00 07 00 00 00	Q.......X...?...g...7...........
9ee0	df cb 09 00 0e 00 00 00 e7 cb 09 00 d0 00 00 00 f6 cb 09 00 9c 00 00 00 c7 cc 09 00 51 00 00 00	............................Q...
9f00	64 cd 09 00 9c 00 00 00 b6 cd 09 00 ef 00 00 00 53 ce 09 00 8d 01 00 00 43 cf 09 00 37 01 00 00	d...............S.......C...7...
9f20	d1 d0 09 00 38 01 00 00 09 d2 09 00 ce 00 00 00 42 d3 09 00 d9 00 00 00 11 d4 09 00 3b 00 00 00	....8...........B...........;...
9f40	eb d4 09 00 78 00 00 00 27 d5 09 00 9d 00 00 00 a0 d5 09 00 97 00 00 00 3e d6 09 00 25 00 00 00	....x...'...............>...%...
9f60	d6 d6 09 00 a1 00 00 00 fc d6 09 00 3a 01 00 00 9e d7 09 00 16 00 00 00 d9 d8 09 00 1a 00 00 00	............:...................
9f80	f0 d8 09 00 0a 00 00 00 0b d9 09 00 27 00 00 00 16 d9 09 00 16 00 00 00 3e d9 09 00 c8 00 00 00	............'...........>.......
9fa0	55 d9 09 00 1a 00 00 00 1e da 09 00 2a 00 00 00 39 da 09 00 0c 00 00 00 64 da 09 00 30 00 00 00	U...........*...9.......d...0...
9fc0	71 da 09 00 2c 00 00 00 a2 da 09 00 0b 01 00 00 cf da 09 00 76 00 00 00 db db 09 00 bc 00 00 00	q...,...............v...........
9fe0	52 dc 09 00 91 00 00 00 0f dd 09 00 3e 00 00 00 a1 dd 09 00 0c 00 00 00 e0 dd 09 00 46 00 00 00	R...........>...............F...
a000	ed dd 09 00 14 00 00 00 34 de 09 00 9f 00 00 00 49 de 09 00 0e 00 00 00 e9 de 09 00 2d 00 00 00	........4.......I...........-...
a020	f8 de 09 00 1b 00 00 00 26 df 09 00 0f 00 00 00 42 df 09 00 07 00 00 00 52 df 09 00 16 00 00 00	........&.......B.......R.......
a040	5a df 09 00 1d 00 00 00 71 df 09 00 06 00 00 00 8f df 09 00 14 00 00 00 96 df 09 00 15 00 00 00	Z.......q.......................
a060	ab df 09 00 3d 00 00 00 c1 df 09 00 0b 00 00 00 ff df 09 00 14 00 00 00 0b e0 09 00 12 00 00 00	....=...........................
a080	20 e0 09 00 14 00 00 00 33 e0 09 00 6c 00 00 00 48 e0 09 00 07 00 00 00 b5 e0 09 00 6a 00 00 00	........3...l...H...........j...
a0a0	bd e0 09 00 98 00 00 00 28 e1 09 00 0c 00 00 00 c1 e1 09 00 96 00 00 00 ce e1 09 00 3e 00 00 00	........(...................>...
a0c0	65 e2 09 00 77 00 00 00 a4 e2 09 00 38 00 00 00 1c e3 09 00 40 00 00 00 55 e3 09 00 1e 00 00 00	e...w.......8.......@...U.......
a0e0	96 e3 09 00 11 00 00 00 b5 e3 09 00 1b 00 00 00 c7 e3 09 00 58 00 00 00 e3 e3 09 00 0d 00 00 00	....................X...........
a100	3c e4 09 00 15 00 00 00 4a e4 09 00 16 00 00 00 60 e4 09 00 13 00 00 00 77 e4 09 00 15 00 00 00	<.......J.......`.......w.......
a120	8b e4 09 00 0b 01 00 00 a1 e4 09 00 af 00 00 00 ad e5 09 00 59 00 00 00 5d e6 09 00 26 00 00 00	....................Y...]...&...
a140	b7 e6 09 00 25 00 00 00 de e6 09 00 a5 00 00 00 04 e7 09 00 09 00 00 00 aa e7 09 00 94 00 00 00	....%...........................
a160	b4 e7 09 00 0d 00 00 00 49 e8 09 00 51 00 00 00 57 e8 09 00 25 00 00 00 a9 e8 09 00 37 00 00 00	........I...Q...W...%.......7...
a180	cf e8 09 00 c0 00 00 00 07 e9 09 00 71 00 00 00 c8 e9 09 00 52 00 00 00 3a ea 09 00 4e 00 00 00	............q.......R...:...N...
a1a0	8d ea 09 00 68 00 00 00 dc ea 09 00 55 00 00 00 45 eb 09 00 4c 00 00 00 9b eb 09 00 57 00 00 00	....h.......U...E...L.......W...
a1c0	e8 eb 09 00 70 00 00 00 40 ec 09 00 a4 00 00 00 b1 ec 09 00 fc 00 00 00 56 ed 09 00 bb 00 00 00	....p...@...............V.......
a1e0	53 ee 09 00 7a 00 00 00 0f ef 09 00 77 00 00 00 8a ef 09 00 71 00 00 00 02 f0 09 00 aa 00 00 00	S...z.......w.......q...........
a200	74 f0 09 00 3a 00 00 00 1f f1 09 00 2b 00 00 00 5a f1 09 00 3a 00 00 00 86 f1 09 00 60 00 00 00	t...:.......+...Z...:.......`...
a220	c1 f1 09 00 62 00 00 00 22 f2 09 00 2b 00 00 00 85 f2 09 00 5b 00 00 00 b1 f2 09 00 61 00 00 00	....b..."...+.......[.......a...
a240	0d f3 09 00 2e 00 00 00 6f f3 09 00 47 00 00 00 9e f3 09 00 9a 00 00 00 e6 f3 09 00 41 00 00 00	........o...G...............A...
a260	81 f4 09 00 84 00 00 00 c3 f4 09 00 5f 00 00 00 48 f5 09 00 5f 00 00 00 a8 f5 09 00 3c 00 00 00	............_...H..._.......<...
a280	08 f6 09 00 39 00 00 00 45 f6 09 00 89 00 00 00 7f f6 09 00 58 00 00 00 09 f7 09 00 2c 00 00 00	....9...E...........X.......,...
a2a0	62 f7 09 00 2b 00 00 00 8f f7 09 00 64 00 00 00 bb f7 09 00 65 00 00 00 20 f8 09 00 2f 00 00 00	b...+.......d.......e......./...
a2c0	86 f8 09 00 5f 00 00 00 b6 f8 09 00 42 00 00 00 16 f9 09 00 2a 00 00 00 59 f9 09 00 3b 00 00 00	...._.......B.......*...Y...;...
a2e0	84 f9 09 00 2b 00 00 00 c0 f9 09 00 34 00 00 00 ec f9 09 00 42 00 00 00 21 fa 09 00 99 00 00 00	....+.......4.......B...!.......
a300	64 fa 09 00 50 00 00 00 fe fa 09 00 b2 00 00 00 4f fb 09 00 5d 00 00 00 02 fc 09 00 49 00 00 00	d...P...........O...].......I...
a320	60 fc 09 00 49 00 00 00 aa fc 09 00 3c 00 00 00 f4 fc 09 00 59 00 00 00 31 fd 09 00 38 00 00 00	`...I.......<.......Y...1...8...
a340	8b fd 09 00 10 00 00 00 c4 fd 09 00 92 00 00 00 d5 fd 09 00 1d 00 00 00 68 fe 09 00 42 00 00 00	........................h...B...
a360	86 fe 09 00 12 00 00 00 c9 fe 09 00 b7 00 00 00 dc fe 09 00 44 01 00 00 94 ff 09 00 09 00 00 00	....................D...........
a380	d9 00 0a 00 0e 00 00 00 e3 00 0a 00 16 00 00 00 f2 00 0a 00 07 00 00 00 09 01 0a 00 0e 00 00 00	................................
a3a0	11 01 0a 00 30 00 00 00 20 01 0a 00 09 00 00 00 51 01 0a 00 49 00 00 00 5b 01 0a 00 49 00 00 00	....0...........Q...I...[...I...
a3c0	a5 01 0a 00 c9 00 00 00 ef 01 0a 00 b3 00 00 00 b9 02 0a 00 36 00 00 00 6d 03 0a 00 39 00 00 00	....................6...m...9...
a3e0	a4 03 0a 00 81 00 00 00 de 03 0a 00 82 00 00 00 60 04 0a 00 92 00 00 00 e3 04 0a 00 64 00 00 00	................`...........d...
a400	76 05 0a 00 15 00 00 00 db 05 0a 00 5f 00 00 00 f1 05 0a 00 44 00 00 00 51 06 0a 00 69 00 00 00	v..........._.......D...Q...i...
a420	96 06 0a 00 75 00 00 00 00 07 0a 00 66 00 00 00 76 07 0a 00 4e 00 00 00 dd 07 0a 00 8c 00 00 00	....u.......f...v...N...........
a440	2c 08 0a 00 56 00 00 00 b9 08 0a 00 76 00 00 00 10 09 0a 00 73 00 00 00 87 09 0a 00 c3 00 00 00	,...V.......v.......s...........
a460	fb 09 0a 00 c0 00 00 00 bf 0a 0a 00 6b 00 00 00 80 0b 0a 00 30 00 00 00 ec 0b 0a 00 3d 00 00 00	............k.......0.......=...
a480	1d 0c 0a 00 d9 00 00 00 5b 0c 0a 00 a0 00 00 00 35 0d 0a 00 68 00 00 00 d6 0d 0a 00 54 00 00 00	........[.......5...h.......T...
a4a0	3f 0e 0a 00 2b 00 00 00 94 0e 0a 00 21 00 00 00 c0 0e 0a 00 70 00 00 00 e2 0e 0a 00 4a 00 00 00	?...+.......!.......p.......J...
a4c0	53 0f 0a 00 19 00 00 00 9e 0f 0a 00 08 00 00 00 b8 0f 0a 00 2d 00 00 00 c1 0f 0a 00 14 00 00 00	S...................-...........
a4e0	ef 0f 0a 00 14 00 00 00 04 10 0a 00 14 00 00 00 19 10 0a 00 14 00 00 00 2e 10 0a 00 0d 00 00 00	................................
a500	43 10 0a 00 39 00 00 00 51 10 0a 00 43 00 00 00 8b 10 0a 00 0b 00 00 00 cf 10 0a 00 f3 00 00 00	C...9...Q...C...................
a520	db 10 0a 00 43 00 00 00 cf 11 0a 00 3d 00 00 00 13 12 0a 00 00 01 00 00 51 12 0a 00 b3 00 00 00	....C.......=...........Q.......
a540	52 13 0a 00 0b 00 00 00 06 14 0a 00 0a 00 00 00 12 14 0a 00 0b 00 00 00 1d 14 0a 00 18 00 00 00	R...............................
a560	29 14 0a 00 10 00 00 00 42 14 0a 00 3a 00 00 00 53 14 0a 00 12 00 00 00 8e 14 0a 00 3c 00 00 00	).......B...:...S...........<...
a580	a1 14 0a 00 84 00 00 00 de 14 0a 00 14 00 00 00 63 15 0a 00 4c 00 00 00 78 15 0a 00 05 00 00 00	................c...L...x.......
a5a0	c5 15 0a 00 15 00 00 00 cb 15 0a 00 0d 00 00 00 e1 15 0a 00 b6 00 00 00 ef 15 0a 00 04 00 00 00	................................
a5c0	a6 16 0a 00 bf 00 00 00 ab 16 0a 00 52 00 00 00 6b 17 0a 00 06 00 00 00 be 17 0a 00 0e 00 00 00	............R...k...............
a5e0	c5 17 0a 00 10 00 00 00 d4 17 0a 00 1c 00 00 00 e5 17 0a 00 17 00 00 00 02 18 0a 00 2b 00 00 00	............................+...
a600	1a 18 0a 00 05 00 00 00 46 18 0a 00 2f 00 00 00 4c 18 0a 00 34 00 00 00 7c 18 0a 00 01 01 00 00	........F.../...L...4...|.......
a620	b1 18 0a 00 05 00 00 00 b3 19 0a 00 67 00 00 00 b9 19 0a 00 07 00 00 00 21 1a 0a 00 0a 00 00 00	............g...........!.......
a640	29 1a 0a 00 15 00 00 00 34 1a 0a 00 19 00 00 00 4a 1a 0a 00 a4 00 00 00 64 1a 0a 00 32 00 00 00	).......4.......J.......d...2...
a660	09 1b 0a 00 31 00 00 00 3c 1b 0a 00 1d 00 00 00 6e 1b 0a 00 14 00 00 00 8c 1b 0a 00 32 00 00 00	....1...<.......n...........2...
a680	a1 1b 0a 00 15 00 00 00 d4 1b 0a 00 0a 00 00 00 ea 1b 0a 00 11 00 00 00 f5 1b 0a 00 17 00 00 00	................................
a6a0	07 1c 0a 00 13 00 00 00 1f 1c 0a 00 19 00 00 00 33 1c 0a 00 98 00 00 00 4d 1c 0a 00 24 00 00 00	................3.......M...$...
a6c0	e6 1c 0a 00 25 00 00 00 0b 1d 0a 00 0d 00 00 00 31 1d 0a 00 42 00 00 00 3f 1d 0a 00 16 00 00 00	....%...........1...B...?.......
a6e0	82 1d 0a 00 13 00 00 00 99 1d 0a 00 55 00 00 00 ad 1d 0a 00 95 00 00 00 03 1e 0a 00 35 00 00 00	............U...............5...
a700	99 1e 0a 00 8e 00 00 00 cf 1e 0a 00 68 00 00 00 5e 1f 0a 00 77 00 00 00 c7 1f 0a 00 81 00 00 00	............h...^...w...........
a720	3f 20 0a 00 7e 00 00 00 c1 20 0a 00 4b 00 00 00 40 21 0a 00 38 00 00 00 8c 21 0a 00 95 00 00 00	?...~.......K...@!..8....!......
a740	c5 21 0a 00 32 00 00 00 5b 22 0a 00 69 00 00 00 8e 22 0a 00 62 00 00 00 f8 22 0a 00 4b 01 00 00	.!..2...["..i...."..b...."..K...
a760	5b 23 0a 00 a6 00 00 00 a7 24 0a 00 89 00 00 00 4e 25 0a 00 88 00 00 00 d8 25 0a 00 2d 00 00 00	[#.......$......N%.......%..-...
a780	61 26 0a 00 7a 00 00 00 8f 26 0a 00 6b 00 00 00 0a 27 0a 00 0e 00 00 00 76 27 0a 00 4b 00 00 00	a&..z....&..k....'......v'..K...
a7a0	85 27 0a 00 33 00 00 00 d1 27 0a 00 39 00 00 00 05 28 0a 00 0b 00 00 00 3f 28 0a 00 1a 00 00 00	.'..3....'..9....(......?(......
a7c0	4b 28 0a 00 20 00 00 00 66 28 0a 00 25 00 00 00 87 28 0a 00 4d 00 00 00 ad 28 0a 00 4e 00 00 00	K(......f(..%....(..M....(..N...
a7e0	fb 28 0a 00 0b 00 00 00 4a 29 0a 00 f6 00 00 00 56 29 0a 00 2e 00 00 00 4d 2a 0a 00 13 00 00 00	.(......J)......V)......M*......
a800	7c 2a 0a 00 0f 00 00 00 90 2a 0a 00 12 00 00 00 a0 2a 0a 00 71 01 00 00 b3 2a 0a 00 fe 00 00 00	|*.......*.......*..q....*......
a820	25 2c 0a 00 4e 00 00 00 24 2d 0a 00 c9 00 00 00 73 2d 0a 00 13 00 00 00 3d 2e 0a 00 19 00 00 00	%,..N...$-......s-......=.......
a840	51 2e 0a 00 2f 00 00 00 6b 2e 0a 00 19 00 00 00 9b 2e 0a 00 12 00 00 00 b5 2e 0a 00 14 00 00 00	Q.../...k.......................
a860	c8 2e 0a 00 1b 00 00 00 dd 2e 0a 00 1d 00 00 00 f9 2e 0a 00 58 00 00 00 17 2f 0a 00 43 00 00 00	....................X..../..C...
a880	70 2f 0a 00 56 00 00 00 b4 2f 0a 00 75 00 00 00 0b 30 0a 00 1e 00 00 00 81 30 0a 00 25 00 00 00	p/..V..../..u....0.......0..%...
a8a0	a0 30 0a 00 25 00 00 00 c6 30 0a 00 15 00 00 00 ec 30 0a 00 86 00 00 00 02 31 0a 00 2e 00 00 00	.0..%....0.......0.......1......
a8c0	89 31 0a 00 95 00 00 00 b8 31 0a 00 2b 00 00 00 4e 32 0a 00 2b 00 00 00 7a 32 0a 00 37 01 00 00	.1.......1..+...N2..+...z2..7...
a8e0	a6 32 0a 00 38 00 00 00 de 33 0a 00 3b 00 00 00 17 34 0a 00 18 00 00 00 53 34 0a 00 16 00 00 00	.2..8....3..;....4......S4......
a900	6c 34 0a 00 7a 00 00 00 83 34 0a 00 12 00 00 00 fe 34 0a 00 67 00 00 00 11 35 0a 00 3a 00 00 00	l4..z....4.......4..g....5..:...
a920	79 35 0a 00 3a 00 00 00 b4 35 0a 00 0c 00 00 00 ef 35 0a 00 18 00 00 00 fc 35 0a 00 39 00 00 00	y5..:....5.......5.......5..9...
a940	15 36 0a 00 47 00 00 00 4f 36 0a 00 42 00 00 00 97 36 0a 00 4c 00 00 00 da 36 0a 00 3f 00 00 00	.6..G...O6..B....6..L....6..?...
a960	27 37 0a 00 3b 00 00 00 67 37 0a 00 41 00 00 00 a3 37 0a 00 11 01 00 00 e5 37 0a 00 3d 00 00 00	'7..;...g7..A....7.......7..=...
a980	f7 38 0a 00 31 00 00 00 35 39 0a 00 26 01 00 00 67 39 0a 00 e2 00 00 00 8e 3a 0a 00 3a 00 00 00	.8..1...59..&...g9.......:..:...
a9a0	71 3b 0a 00 f8 00 00 00 ac 3b 0a 00 88 00 00 00 a5 3c 0a 00 31 00 00 00 2e 3d 0a 00 06 00 00 00	q;.......;.......<..1....=......
a9c0	60 3d 0a 00 0d 00 00 00 67 3d 0a 00 0b 00 00 00 75 3d 0a 00 2e 00 00 00 81 3d 0a 00 67 00 00 00	`=......g=......u=.......=..g...
a9e0	b0 3d 0a 00 13 00 00 00 18 3e 0a 00 ab 00 00 00 2c 3e 0a 00 b5 00 00 00 d8 3e 0a 00 b5 00 00 00	.=.......>......,>.......>......
aa00	8e 3f 0a 00 90 00 00 00 44 40 0a 00 30 00 00 00 d5 40 0a 00 22 00 00 00 06 41 0a 00 22 00 00 00	.?......D@..0....@.."....A.."...
aa20	29 41 0a 00 24 00 00 00 4c 41 0a 00 09 00 00 00 71 41 0a 00 09 00 00 00 7b 41 0a 00 92 00 00 00	)A..$...LA......qA......{A......
aa40	85 41 0a 00 38 00 00 00 18 42 0a 00 05 00 00 00 51 42 0a 00 0f 00 00 00 57 42 0a 00 88 00 00 00	.A..8....B......QB......WB......
aa60	67 42 0a 00 bd 00 00 00 f0 42 0a 00 0b 00 00 00 ae 43 0a 00 12 00 00 00 ba 43 0a 00 6a 00 00 00	gB.......B.......C.......C..j...
aa80	cd 43 0a 00 2f 00 00 00 38 44 0a 00 0a 00 00 00 68 44 0a 00 f4 00 00 00 73 44 0a 00 d2 01 00 00	.C../...8D......hD......sD......
aaa0	68 45 0a 00 ad 01 00 00 3b 47 0a 00 dd 00 00 00 e9 48 0a 00 91 01 00 00 c7 49 0a 00 7f 00 00 00	hE......;G.......H.......I......
aac0	59 4b 0a 00 af 00 00 00 d9 4b 0a 00 2a 03 00 00 89 4c 0a 00 6b 00 00 00 b4 4f 0a 00 a3 00 00 00	YK.......K..*....L..k....O......
aae0	20 50 0a 00 9a 00 00 00 c4 50 0a 00 50 00 00 00 5f 51 0a 00 81 00 00 00 b0 51 0a 00 2c 00 00 00	.P.......P..P..._Q.......Q..,...
ab00	32 52 0a 00 7a 00 00 00 5f 52 0a 00 2b 00 00 00 da 52 0a 00 25 00 00 00 06 53 0a 00 09 00 00 00	2R..z..._R..+....R..%....S......
ab20	2c 53 0a 00 23 00 00 00 36 53 0a 00 23 00 00 00 5a 53 0a 00 25 00 00 00 7e 53 0a 00 11 00 00 00	,S..#...6S..#...ZS..%...~S......
ab40	a4 53 0a 00 12 00 00 00 b6 53 0a 00 12 00 00 00 c9 53 0a 00 1e 00 00 00 dc 53 0a 00 23 00 00 00	.S.......S.......S.......S..#...
ab60	fb 53 0a 00 39 00 00 00 1f 54 0a 00 2c 00 00 00 59 54 0a 00 1c 00 00 00 86 54 0a 00 1d 00 00 00	.S..9....T..,...YT.......T......
ab80	a3 54 0a 00 1e 00 00 00 c1 54 0a 00 0c 00 00 00 e0 54 0a 00 28 00 00 00 ed 54 0a 00 3a 00 00 00	.T.......T.......T..(....T..:...
aba0	16 55 0a 00 30 00 00 00 51 55 0a 00 27 00 00 00 82 55 0a 00 38 00 00 00 aa 55 0a 00 1d 00 00 00	.U..0...QU..'....U..8....U......
abc0	e3 55 0a 00 13 00 00 00 01 56 0a 00 0b 00 00 00 15 56 0a 00 28 00 00 00 21 56 0a 00 30 00 00 00	.U.......V.......V..(...!V..0...
abe0	4a 56 0a 00 4c 00 00 00 7b 56 0a 00 74 00 00 00 c8 56 0a 00 55 00 00 00 3d 57 0a 00 28 00 00 00	JV..L...{V..t....V..U...=W..(...
ac00	93 57 0a 00 0a 00 00 00 bc 57 0a 00 56 00 00 00 c7 57 0a 00 1f 00 00 00 1e 58 0a 00 18 00 00 00	.W.......W..V....W.......X......
ac20	3e 58 0a 00 23 00 00 00 57 58 0a 00 3f 00 00 00 7b 58 0a 00 4d 00 00 00 bb 58 0a 00 20 00 00 00	>X..#...WX..?...{X..M....X......
ac40	09 59 0a 00 61 00 00 00 2a 59 0a 00 63 00 00 00 8c 59 0a 00 31 00 00 00 f0 59 0a 00 34 00 00 00	.Y..a...*Y..c....Y..1....Y..4...
ac60	22 5a 0a 00 1b 01 00 00 57 5a 0a 00 3a 00 00 00 73 5b 0a 00 4a 00 00 00 ae 5b 0a 00 38 00 00 00	"Z......WZ..:...s[..J....[..8...
ac80	f9 5b 0a 00 40 01 00 00 32 5c 0a 00 3a 00 00 00 73 5d 0a 00 4f 00 00 00 ae 5d 0a 00 2e 00 00 00	.[..@...2\..:...s]..O....]......
aca0	fe 5d 0a 00 86 00 00 00 2d 5e 0a 00 bb 01 00 00 b4 5e 0a 00 06 01 00 00 70 60 0a 00 bf 00 00 00	.]......-^.......^......p`......
acc0	77 61 0a 00 25 00 00 00 37 62 0a 00 4b 00 00 00 5d 62 0a 00 22 00 00 00 a9 62 0a 00 16 00 00 00	wa..%...7b..K...]b.."....b......
ace0	cc 62 0a 00 14 00 00 00 e3 62 0a 00 79 00 00 00 f8 62 0a 00 42 00 00 00 72 63 0a 00 1c 00 00 00	.b.......b..y....b..B...rc......
ad00	b5 63 0a 00 33 00 00 00 d2 63 0a 00 a7 00 00 00 06 64 0a 00 c1 00 00 00 ae 64 0a 00 32 00 00 00	.c..3....c.......d.......d..2...
ad20	70 65 0a 00 05 00 00 00 a3 65 0a 00 10 00 00 00 a9 65 0a 00 5e 00 00 00 ba 65 0a 00 08 00 00 00	pe.......e.......e..^....e......
ad40	19 66 0a 00 dc 00 00 00 22 66 0a 00 10 00 00 00 ff 66 0a 00 0d 00 00 00 10 67 0a 00 21 00 00 00	.f......"f.......f.......g..!...
ad60	1e 67 0a 00 21 00 00 00 40 67 0a 00 d4 00 00 00 62 67 0a 00 14 00 00 00 37 68 0a 00 38 00 00 00	.g..!...@g......bg......7h..8...
ad80	4c 68 0a 00 a3 00 00 00 85 68 0a 00 a7 00 00 00 29 69 0a 00 23 00 00 00 d1 69 0a 00 91 00 00 00	Lh.......h......)i..#....i......
ada0	f5 69 0a 00 59 00 00 00 87 6a 0a 00 a6 01 00 00 e1 6a 0a 00 ca 00 00 00 88 6c 0a 00 07 00 00 00	.i..Y....j.......j.......l......
adc0	53 6d 0a 00 15 00 00 00 5b 6d 0a 00 12 00 00 00 71 6d 0a 00 0f 00 00 00 84 6d 0a 00 16 00 00 00	Sm......[m......qm.......m......
ade0	94 6d 0a 00 2f 00 00 00 ab 6d 0a 00 2f 00 00 00 db 6d 0a 00 77 00 00 00 0b 6e 0a 00 17 00 00 00	.m../....m../....m..w....n......
ae00	83 6e 0a 00 51 00 00 00 9b 6e 0a 00 08 00 00 00 ed 6e 0a 00 bf 00 00 00 f6 6e 0a 00 58 00 00 00	.n..Q....n.......n.......n..X...
ae20	b6 6f 0a 00 e0 00 00 00 0f 70 0a 00 3d 00 00 00 f0 70 0a 00 3b 00 00 00 2e 71 0a 00 3c 00 00 00	.o.......p..=....p..;....q..<...
ae40	6a 71 0a 00 3e 00 00 00 a7 71 0a 00 3c 00 00 00 e6 71 0a 00 3d 00 00 00 23 72 0a 00 34 00 00 00	jq..>....q..<....q..=...#r..4...
ae60	61 72 0a 00 36 00 00 00 96 72 0a 00 33 00 00 00 cd 72 0a 00 a3 00 00 00 01 73 0a 00 08 00 00 00	ar..6....r..3....r.......s......
ae80	a5 73 0a 00 1b 00 00 00 ae 73 0a 00 09 00 00 00 ca 73 0a 00 c5 00 00 00 d4 73 0a 00 0f 00 00 00	.s.......s.......s.......s......
aea0	9a 74 0a 00 0f 00 00 00 aa 74 0a 00 31 00 00 00 ba 74 0a 00 2a 00 00 00 ec 74 0a 00 19 00 00 00	.t.......t..1....t..*....t......
aec0	17 75 0a 00 40 00 00 00 31 75 0a 00 28 00 00 00 72 75 0a 00 1c 00 00 00 9b 75 0a 00 08 00 00 00	.u..@...1u..(...ru.......u......
aee0	b8 75 0a 00 c1 00 00 00 c1 75 0a 00 9a 00 00 00 83 76 0a 00 dc 00 00 00 1e 77 0a 00 a5 01 00 00	.u.......u.......v.......w......
af00	fb 77 0a 00 98 00 00 00 a1 79 0a 00 46 01 00 00 3a 7a 0a 00 0a 00 00 00 81 7b 0a 00 0a 00 00 00	.w.......y..F...:z.......{......
af20	8c 7b 0a 00 39 00 00 00 97 7b 0a 00 0d 00 00 00 d1 7b 0a 00 08 00 00 00 df 7b 0a 00 0f 00 00 00	.{..9....{.......{.......{......
af40	e8 7b 0a 00 2d 00 00 00 f8 7b 0a 00 e5 00 00 00 26 7c 0a 00 0a 00 00 00 0c 7d 0a 00 57 01 00 00	.{..-....{......&|.......}..W...
af60	17 7d 0a 00 31 01 00 00 6f 7e 0a 00 26 00 00 00 a1 7f 0a 00 05 00 00 00 c8 7f 0a 00 5c 00 00 00	.}..1...o~..&...............\...
af80	ce 7f 0a 00 90 00 00 00 2b 80 0a 00 33 00 00 00 bc 80 0a 00 51 00 00 00 f0 80 0a 00 95 00 00 00	........+...3.......Q...........
afa0	42 81 0a 00 09 00 00 00 d8 81 0a 00 c1 00 00 00 e2 81 0a 00 53 00 00 00 a4 82 0a 00 08 00 00 00	B...................S...........
afc0	f8 82 0a 00 14 00 00 00 01 83 0a 00 13 00 00 00 16 83 0a 00 0d 00 00 00 2a 83 0a 00 0e 00 00 00	........................*.......
afe0	38 83 0a 00 4f 01 00 00 47 83 0a 00 20 01 00 00 97 84 0a 00 4d 00 00 00 b8 85 0a 00 95 00 00 00	8...O...G...........M...........
b000	06 86 0a 00 89 00 00 00 9c 86 0a 00 0f 00 00 00 26 87 0a 00 0f 00 00 00 36 87 0a 00 28 00 00 00	................&.......6...(...
b020	46 87 0a 00 78 01 00 00 6f 87 0a 00 1d 01 00 00 e8 88 0a 00 0b 00 00 00 06 8a 0a 00 53 00 00 00	F...x...o...................S...
b040	12 8a 0a 00 ca 00 00 00 66 8a 0a 00 f4 00 00 00 31 8b 0a 00 98 00 00 00 26 8c 0a 00 98 00 00 00	........f.......1.......&.......
b060	bf 8c 0a 00 00 01 00 00 58 8d 0a 00 05 00 00 00 59 8e 0a 00 0e 00 00 00 5f 8e 0a 00 0f 00 00 00	........X.......Y......._.......
b080	6e 8e 0a 00 0b 00 00 00 7e 8e 0a 00 1f 00 00 00 8a 8e 0a 00 b1 00 00 00 aa 8e 0a 00 90 00 00 00	n.......~.......................
b0a0	5c 8f 0a 00 44 00 00 00 ed 8f 0a 00 48 00 00 00 32 90 0a 00 6e 00 00 00 7b 90 0a 00 90 00 00 00	\...D.......H...2...n...{.......
b0c0	ea 90 0a 00 cf 00 00 00 7b 91 0a 00 0f 00 00 00 4b 92 0a 00 0c 00 00 00 5b 92 0a 00 69 01 00 00	........{.......K.......[...i...
b0e0	68 92 0a 00 93 00 00 00 d2 93 0a 00 0f 00 00 00 66 94 0a 00 10 00 00 00 76 94 0a 00 3e 00 00 00	h...............f.......v...>...
b100	87 94 0a 00 81 00 00 00 c6 94 0a 00 8b 00 00 00 48 95 0a 00 bd 00 00 00 d4 95 0a 00 30 01 00 00	................H...........0...
b120	92 96 0a 00 96 00 00 00 c3 97 0a 00 69 01 00 00 5a 98 0a 00 0c 00 00 00 c4 99 0a 00 5a 00 00 00	............i...Z...........Z...
b140	d1 99 0a 00 3c 01 00 00 2c 9a 0a 00 db 00 00 00 69 9b 0a 00 52 00 00 00 45 9c 0a 00 2f 00 00 00	....<...,.......i...R...E.../...
b160	98 9c 0a 00 ac 00 00 00 c8 9c 0a 00 09 00 00 00 75 9d 0a 00 d8 00 00 00 7f 9d 0a 00 5c 00 00 00	................u...........\...
b180	58 9e 0a 00 22 01 00 00 b5 9e 0a 00 af 00 00 00 d8 9f 0a 00 30 00 00 00 88 a0 0a 00 66 00 00 00	X..."...............0.......f...
b1a0	b9 a0 0a 00 52 00 00 00 20 a1 0a 00 49 00 00 00 73 a1 0a 00 1b 01 00 00 bd a1 0a 00 bb 00 00 00	....R.......I...s...............
b1c0	d9 a2 0a 00 60 00 00 00 95 a3 0a 00 62 00 00 00 f6 a3 0a 00 52 01 00 00 59 a4 0a 00 f3 00 00 00	....`.......b.......R...Y.......
b1e0	ac a5 0a 00 bc 00 00 00 a0 a6 0a 00 77 00 00 00 5d a7 0a 00 76 00 00 00 d5 a7 0a 00 97 00 00 00	............w...]...v...........
b200	4c a8 0a 00 d3 00 00 00 e4 a8 0a 00 62 00 00 00 b8 a9 0a 00 0e 00 00 00 1b aa 0a 00 cc 00 00 00	L...........b...................
b220	2a aa 0a 00 32 00 00 00 f7 aa 0a 00 11 00 00 00 2a ab 0a 00 14 01 00 00 3c ab 0a 00 06 00 00 00	*...2...........*.......<.......
b240	51 ac 0a 00 06 00 00 00 58 ac 0a 00 5d 02 00 00 5f ac 0a 00 0e 00 00 00 bd ae 0a 00 80 01 00 00	Q.......X...]..._...............
b260	cc ae 0a 00 23 01 00 00 4d b0 0a 00 0c 01 00 00 71 b1 0a 00 8b 00 00 00 7e b2 0a 00 06 00 00 00	....#...M.......q.......~.......
b280	0a b3 0a 00 59 00 00 00 11 b3 0a 00 07 00 00 00 6b b3 0a 00 15 00 00 00 73 b3 0a 00 4d 00 00 00	....Y...........k.......s...M...
b2a0	89 b3 0a 00 3d 00 00 00 d7 b3 0a 00 10 00 00 00 15 b4 0a 00 45 00 00 00 26 b4 0a 00 59 00 00 00	....=...............E...&...Y...
b2c0	6c b4 0a 00 7c 00 00 00 c6 b4 0a 00 ac 00 00 00 43 b5 0a 00 89 00 00 00 f0 b5 0a 00 23 00 00 00	l...|...........C...........#...
b2e0	7a b6 0a 00 0e 00 00 00 9e b6 0a 00 26 00 00 00 ad b6 0a 00 2d 00 00 00 d4 b6 0a 00 2e 00 00 00	z...........&.......-...........
b300	02 b7 0a 00 0f 00 00 00 31 b7 0a 00 1d 01 00 00 41 b7 0a 00 19 01 00 00 5f b8 0a 00 07 00 00 00	........1.......A......._.......
b320	79 b9 0a 00 0e 00 00 00 81 b9 0a 00 0e 00 00 00 90 b9 0a 00 11 00 00 00 9f b9 0a 00 0f 00 00 00	y...............................
b340	b1 b9 0a 00 10 00 00 00 c1 b9 0a 00 0e 00 00 00 d2 b9 0a 00 06 00 00 00 e1 b9 0a 00 d0 00 00 00	................................
b360	e8 b9 0a 00 57 00 00 00 b9 ba 0a 00 2b 00 00 00 11 bb 0a 00 13 00 00 00 3d bb 0a 00 22 00 00 00	....W.......+...........=..."...
b380	51 bb 0a 00 0b 00 00 00 74 bb 0a 00 08 00 00 00 80 bb 0a 00 1a 00 00 00 89 bb 0a 00 6d 00 00 00	Q.......t...................m...
b3a0	a4 bb 0a 00 17 00 00 00 12 bc 0a 00 47 01 00 00 2a bc 0a 00 14 00 00 00 72 bd 0a 00 0d 00 00 00	............G...*.......r.......
b3c0	87 bd 0a 00 0c 00 00 00 95 bd 0a 00 3e 00 00 00 a2 bd 0a 00 78 00 00 00 e1 bd 0a 00 3c 00 00 00	............>.......x.......<...
b3e0	5a be 0a 00 df 00 00 00 97 be 0a 00 4d 00 00 00 77 bf 0a 00 3e 00 00 00 c5 bf 0a 00 64 00 00 00	Z...........M...w...>.......d...
b400	04 c0 0a 00 db 00 00 00 69 c0 0a 00 3b 00 00 00 45 c1 0a 00 18 00 00 00 81 c1 0a 00 12 00 00 00	........i...;...E...............
b420	9a c1 0a 00 3f 00 00 00 ad c1 0a 00 04 00 00 00 ed c1 0a 00 11 00 00 00 f2 c1 0a 00 0a 00 00 00	....?...........................
b440	04 c2 0a 00 2a 00 00 00 0f c2 0a 00 10 00 00 00 3a c2 0a 00 09 00 00 00 4b c2 0a 00 30 00 00 00	....*...........:.......K...0...
b460	55 c2 0a 00 08 00 00 00 86 c2 0a 00 05 01 00 00 8f c2 0a 00 1e 00 00 00 95 c3 0a 00 13 00 00 00	U...............................
b480	b4 c3 0a 00 c5 00 00 00 c8 c3 0a 00 c0 00 00 00 8e c4 0a 00 25 00 00 00 4f c5 0a 00 25 00 00 00	....................%...O...%...
b4a0	75 c5 0a 00 03 00 00 00 9b c5 0a 00 d3 00 00 00 9f c5 0a 00 a8 00 00 00 73 c6 0a 00 90 01 00 00	u.......................s.......
b4c0	1c c7 0a 00 d4 01 00 00 ad c8 0a 00 23 01 00 00 82 ca 0a 00 0a 00 00 00 a6 cb 0a 00 26 00 00 00	............#...............&...
b4e0	b1 cb 0a 00 0a 00 00 00 d8 cb 0a 00 96 01 00 00 e3 cb 0a 00 05 00 00 00 7a cd 0a 00 05 00 00 00	........................z.......
b500	80 cd 0a 00 02 00 00 00 86 cd 0a 00 0a 00 00 00 89 cd 0a 00 53 00 00 00 94 cd 0a 00 1d 00 00 00	....................S...........
b520	e8 cd 0a 00 25 00 00 00 06 ce 0a 00 18 00 00 00 2c ce 0a 00 19 00 00 00 45 ce 0a 00 19 00 00 00	....%...........,.......E.......
b540	5f ce 0a 00 33 00 00 00 79 ce 0a 00 33 00 00 00 ad ce 0a 00 ea 00 00 00 e1 ce 0a 00 2b 00 00 00	_...3...y...3...............+...
b560	cc cf 0a 00 4d 00 00 00 f8 cf 0a 00 15 00 00 00 46 d0 0a 00 14 02 00 00 5c d0 0a 00 34 00 00 00	....M...........F.......\...4...
b580	71 d2 0a 00 33 00 00 00 a6 d2 0a 00 36 00 00 00 da d2 0a 00 34 00 00 00 11 d3 0a 00 2d 00 00 00	q...3.......6.......4.......-...
b5a0	46 d3 0a 00 27 00 00 00 74 d3 0a 00 1b 00 00 00 9c d3 0a 00 38 00 00 00 b8 d3 0a 00 38 00 00 00	F...'...t...........8.......8...
b5c0	f1 d3 0a 00 06 00 00 00 2a d4 0a 00 04 00 00 00 31 d4 0a 00 05 00 00 00 36 d4 0a 00 11 00 00 00	........*.......1.......6.......
b5e0	3c d4 0a 00 19 00 00 00 4e d4 0a 00 19 00 00 00 68 d4 0a 00 41 00 00 00 82 d4 0a 00 11 00 00 00	<.......N.......h...A...........
b600	c4 d4 0a 00 12 00 00 00 d6 d4 0a 00 06 00 00 00 e9 d4 0a 00 0b 00 00 00 f0 d4 0a 00 f7 00 00 00	................................
b620	fc d4 0a 00 24 01 00 00 f4 d5 0a 00 39 00 00 00 19 d7 0a 00 05 00 00 00 53 d7 0a 00 19 00 00 00	....$.......9...........S.......
b640	59 d7 0a 00 04 00 00 00 73 d7 0a 00 25 00 00 00 78 d7 0a 00 2d 00 00 00 9e d7 0a 00 2e 00 00 00	Y.......s...%...x...-...........
b660	cc d7 0a 00 0c 00 00 00 fb d7 0a 00 0a 00 00 00 08 d8 0a 00 7a 00 00 00 13 d8 0a 00 50 00 00 00	....................z.......P...
b680	8e d8 0a 00 0b 00 00 00 df d8 0a 00 76 00 00 00 eb d8 0a 00 04 00 00 00 62 d9 0a 00 10 00 00 00	............v...........b.......
b6a0	67 d9 0a 00 16 00 00 00 78 d9 0a 00 20 00 00 00 8f d9 0a 00 0e 00 00 00 b0 d9 0a 00 16 00 00 00	g.......x.......................
b6c0	bf d9 0a 00 11 00 00 00 d6 d9 0a 00 14 00 00 00 e8 d9 0a 00 87 00 00 00 fd d9 0a 00 39 00 00 00	............................9...
b6e0	85 da 0a 00 3a 00 00 00 bf da 0a 00 3a 00 00 00 fa da 0a 00 ec 00 00 00 35 db 0a 00 1f 00 00 00	....:.......:...........5.......
b700	22 dc 0a 00 0c 00 00 00 42 dc 0a 00 3e 00 00 00 4f dc 0a 00 0c 00 00 00 8e dc 0a 00 0a 00 00 00	".......B...>...O...............
b720	9b dc 0a 00 54 00 00 00 a6 dc 0a 00 0b 00 00 00 fb dc 0a 00 0c 00 00 00 07 dd 0a 00 05 00 00 00	....T...........................
b740	14 dd 0a 00 1a 00 00 00 1a dd 0a 00 16 00 00 00 35 dd 0a 00 14 00 00 00 4c dd 0a 00 1c 00 00 00	................5.......L.......
b760	61 dd 0a 00 75 00 00 00 7e dd 0a 00 07 01 00 00 f4 dd 0a 00 78 01 00 00 fc de 0a 00 45 00 00 00	a...u...~...........x.......E...
b780	75 e0 0a 00 39 00 00 00 bb e0 0a 00 4a 00 00 00 f5 e0 0a 00 69 00 00 00 40 e1 0a 00 d2 00 00 00	u...9.......J.......i...@.......
b7a0	aa e1 0a 00 c2 00 00 00 7d e2 0a 00 b8 00 00 00 40 e3 0a 00 98 00 00 00 f9 e3 0a 00 b5 00 00 00	........}.......@...............
b7c0	92 e4 0a 00 ff 00 00 00 48 e5 0a 00 7f 00 00 00 48 e6 0a 00 5a 00 00 00 c8 e6 0a 00 69 00 00 00	........H.......H...Z.......i...
b7e0	23 e7 0a 00 0d 02 00 00 8d e7 0a 00 b8 00 00 00 9b e9 0a 00 a4 00 00 00 54 ea 0a 00 b1 01 00 00	#.......................T.......
b800	f9 ea 0a 00 89 00 00 00 ab ec 0a 00 ae 00 00 00 35 ed 0a 00 38 01 00 00 e4 ed 0a 00 46 01 00 00	................5...8.......F...
b820	1d ef 0a 00 5f 01 00 00 64 f0 0a 00 f0 00 00 00 c4 f1 0a 00 57 00 00 00 b5 f2 0a 00 83 00 00 00	...._...d...........W...........
b840	0d f3 0a 00 32 00 00 00 91 f3 0a 00 25 01 00 00 c4 f3 0a 00 6a 01 00 00 ea f4 0a 00 9b 00 00 00	....2.......%.......j...........
b860	55 f6 0a 00 2a 00 00 00 f1 f6 0a 00 78 00 00 00 1c f7 0a 00 a3 00 00 00 95 f7 0a 00 94 00 00 00	U...*.......x...................
b880	39 f8 0a 00 93 00 00 00 ce f8 0a 00 51 00 00 00 62 f9 0a 00 92 00 00 00 b4 f9 0a 00 b2 00 00 00	9...........Q...b...............
b8a0	47 fa 0a 00 55 00 00 00 fa fa 0a 00 6e 00 00 00 50 fb 0a 00 a6 00 00 00 bf fb 0a 00 68 00 00 00	G...U.......n...P...........h...
b8c0	66 fc 0a 00 42 01 00 00 cf fc 0a 00 d4 00 00 00 12 fe 0a 00 d1 00 00 00 e7 fe 0a 00 b3 00 00 00	f...B...........................
b8e0	b9 ff 0a 00 38 00 00 00 6d 00 0b 00 87 00 00 00 a6 00 0b 00 8f 00 00 00 2e 01 0b 00 79 00 00 00	....8...m...................y...
b900	be 01 0b 00 8a 00 00 00 38 02 0b 00 60 00 00 00 c3 02 0b 00 66 00 00 00 24 03 0b 00 ab 00 00 00	........8...`.......f...$.......
b920	8b 03 0b 00 45 00 00 00 37 04 0b 00 d3 00 00 00 7d 04 0b 00 d3 00 00 00 51 05 0b 00 8e 00 00 00	....E...7.......}.......Q.......
b940	25 06 0b 00 61 00 00 00 b4 06 0b 00 7f 00 00 00 16 07 0b 00 69 01 00 00 96 07 0b 00 9d 01 00 00	%...a...............i...........
b960	00 09 0b 00 b6 00 00 00 9e 0a 0b 00 cd 00 00 00 55 0b 0b 00 a8 00 00 00 23 0c 0b 00 5f 00 00 00	................U.......#..._...
b980	cc 0c 0b 00 e5 00 00 00 2c 0d 0b 00 55 00 00 00 12 0e 0b 00 57 01 00 00 68 0e 0b 00 8a 00 00 00	........,...U.......W...h.......
b9a0	c0 0f 0b 00 9b 00 00 00 4b 10 0b 00 8d 00 00 00 e7 10 0b 00 74 00 00 00 75 11 0b 00 5c 00 00 00	........K...........t...u...\...
b9c0	ea 11 0b 00 8e 00 00 00 47 12 0b 00 92 00 00 00 d6 12 0b 00 74 01 00 00 69 13 0b 00 87 00 00 00	........G...........t...i.......
b9e0	de 14 0b 00 3e 00 00 00 66 15 0b 00 d5 00 00 00 a5 15 0b 00 91 00 00 00 7b 16 0b 00 bf 00 00 00	....>...f...............{.......
ba00	0d 17 0b 00 55 00 00 00 cd 17 0b 00 2c 00 00 00 23 18 0b 00 21 00 00 00 50 18 0b 00 9d 00 00 00	....U.......,...#...!...P.......
ba20	72 18 0b 00 1e 00 00 00 10 19 0b 00 09 00 00 00 2f 19 0b 00 38 00 00 00 39 19 0b 00 2c 00 00 00	r.............../...8...9...,...
ba40	72 19 0b 00 9f 00 00 00 9f 19 0b 00 7e 00 00 00 3f 1a 0b 00 a3 00 00 00 be 1a 0b 00 55 00 00 00	r...........~...?...........U...
ba60	62 1b 0b 00 70 00 00 00 b8 1b 0b 00 70 00 00 00 29 1c 0b 00 4e 00 00 00 9a 1c 0b 00 3b 00 00 00	b...p.......p...)...N.......;...
ba80	e9 1c 0b 00 6b 01 00 00 25 1d 0b 00 4a 00 00 00 91 1e 0b 00 b5 00 00 00 dc 1e 0b 00 71 00 00 00	....k...%...J...............q...
baa0	92 1f 0b 00 c2 00 00 00 04 20 0b 00 70 00 00 00 c7 20 0b 00 dd 00 00 00 38 21 0b 00 4a 00 00 00	............p...........8!..J...
bac0	16 22 0b 00 4d 00 00 00 61 22 0b 00 6f 00 00 00 af 22 0b 00 68 00 00 00 1f 23 0b 00 e3 00 00 00	."..M...a"..o...."..h....#......
bae0	88 23 0b 00 01 03 00 00 6c 24 0b 00 bc 01 00 00 6e 27 0b 00 da 00 00 00 2b 29 0b 00 8e 00 00 00	.#......l$......n'......+)......
bb00	06 2a 0b 00 d0 00 00 00 95 2a 0b 00 81 00 00 00 66 2b 0b 00 b0 01 00 00 e8 2b 0b 00 94 00 00 00	.*.......*......f+.......+......
bb20	99 2d 0b 00 f7 00 00 00 2e 2e 0b 00 49 00 00 00 26 2f 0b 00 56 02 00 00 70 2f 0b 00 85 00 00 00	.-..........I...&/..V...p/......
bb40	c7 31 0b 00 1d 02 00 00 4d 32 0b 00 5b 00 00 00 6b 34 0b 00 5b 00 00 00 c7 34 0b 00 b4 00 00 00	.1......M2..[...k4..[....4......
bb60	23 35 0b 00 60 00 00 00 d8 35 0b 00 fe 00 00 00 39 36 0b 00 61 00 00 00 38 37 0b 00 9d 00 00 00	#5..`....5......96..a...87......
bb80	9a 37 0b 00 9c 00 00 00 38 38 0b 00 13 01 00 00 d5 38 0b 00 bb 00 00 00 e9 39 0b 00 3d 00 00 00	.7......88.......8.......9..=...
bba0	a5 3a 0b 00 c2 00 00 00 e3 3a 0b 00 db 00 00 00 a6 3b 0b 00 d2 00 00 00 82 3c 0b 00 77 00 00 00	.:.......:.......;.......<..w...
bbc0	55 3d 0b 00 08 01 00 00 cd 3d 0b 00 2e 01 00 00 d6 3e 0b 00 68 00 00 00 05 40 0b 00 3c 00 00 00	U=.......=.......>..h....@..<...
bbe0	6e 40 0b 00 45 01 00 00 ab 40 0b 00 c1 01 00 00 f1 41 0b 00 4e 00 00 00 b3 43 0b 00 62 00 00 00	n@..E....@.......A..N....C..b...
bc00	02 44 0b 00 ae 00 00 00 65 44 0b 00 dd 00 00 00 14 45 0b 00 77 00 00 00 f2 45 0b 00 b7 00 00 00	.D......eD.......E..w....E......
bc20	6a 46 0b 00 bb 00 00 00 22 47 0b 00 5c 00 00 00 de 47 0b 00 6a 01 00 00 3b 48 0b 00 62 00 00 00	jF......"G..\....G..j...;H..b...
bc40	a6 49 0b 00 c3 00 00 00 09 4a 0b 00 11 00 00 00 cd 4a 0b 00 d2 00 00 00 df 4a 0b 00 1d 01 00 00	.I.......J.......J.......J......
bc60	b2 4b 0b 00 9b 01 00 00 d0 4c 0b 00 9b 01 00 00 6c 4e 0b 00 6b 00 00 00 08 50 0b 00 98 00 00 00	.K.......L......lN..k....P......
bc80	74 50 0b 00 4a 00 00 00 0d 51 0b 00 0a 00 00 00 58 51 0b 00 18 00 00 00 63 51 0b 00 3e 00 00 00	tP..J....Q......XQ......cQ..>...
bca0	7c 51 0b 00 67 01 00 00 bb 51 0b 00 0d 00 00 00 23 53 0b 00 16 00 00 00 31 53 0b 00 23 00 00 00	|Q..g....Q......#S......1S..#...
bcc0	48 53 0b 00 58 00 00 00 6c 53 0b 00 67 00 00 00 c5 53 0b 00 ef 00 00 00 2d 54 0b 00 6e 00 00 00	HS..X...lS..g....S......-T..n...
bce0	1d 55 0b 00 98 00 00 00 8c 55 0b 00 0b 00 00 00 25 56 0b 00 0b 00 00 00 31 56 0b 00 4c 00 00 00	.U.......U......%V......1V..L...
bd00	3d 56 0b 00 17 00 00 00 8a 56 0b 00 10 00 00 00 a2 56 0b 00 10 00 00 00 b3 56 0b 00 90 00 00 00	=V.......V.......V.......V......
bd20	c4 56 0b 00 17 00 00 00 55 57 0b 00 37 00 00 00 6d 57 0b 00 36 00 00 00 a5 57 0b 00 2f 00 00 00	.V......UW..7...mW..6....W../...
bd40	dc 57 0b 00 97 00 00 00 0c 58 0b 00 10 00 00 00 a4 58 0b 00 0a 00 00 00 b5 58 0b 00 18 00 00 00	.W.......X.......X.......X......
bd60	c0 58 0b 00 72 01 00 00 d9 58 0b 00 40 00 00 00 4c 5a 0b 00 7f 01 00 00 8d 5a 0b 00 48 01 00 00	.X..r....X..@...LZ.......Z..H...
bd80	0d 5c 0b 00 14 00 00 00 56 5d 0b 00 08 00 00 00 6b 5d 0b 00 18 00 00 00 74 5d 0b 00 31 00 00 00	.\......V]......k]......t]..1...
bda0	8d 5d 0b 00 8f 01 00 00 bf 5d 0b 00 f7 00 00 00 4f 5f 0b 00 e9 00 00 00 47 60 0b 00 89 00 00 00	.].......]......O_......G`......
bdc0	31 61 0b 00 38 00 00 00 bb 61 0b 00 8f 00 00 00 f4 61 0b 00 37 00 00 00 84 62 0b 00 1b 00 00 00	1a..8....a.......a..7....b......
bde0	bc 62 0b 00 25 01 00 00 d8 62 0b 00 cb 00 00 00 fe 63 0b 00 db 00 00 00 ca 64 0b 00 a5 00 00 00	.b..%....b.......c.......d......
be00	a6 65 0b 00 93 00 00 00 4c 66 0b 00 e3 00 00 00 e0 66 0b 00 02 02 00 00 c4 67 0b 00 c4 00 00 00	.e......Lf.......f.......g......
be20	c7 69 0b 00 e6 00 00 00 8c 6a 0b 00 4f 00 00 00 73 6b 0b 00 a4 00 00 00 c3 6b 0b 00 28 01 00 00	.i.......j..O...sk.......k..(...
be40	68 6c 0b 00 9d 00 00 00 91 6d 0b 00 3b 00 00 00 2f 6e 0b 00 4a 00 00 00 6b 6e 0b 00 81 00 00 00	hl.......m..;.../n..J...kn......
be60	b6 6e 0b 00 49 00 00 00 38 6f 0b 00 36 00 00 00 82 6f 0b 00 11 00 00 00 b9 6f 0b 00 0f 00 00 00	.n..I...8o..6....o.......o......
be80	cb 6f 0b 00 18 00 00 00 db 6f 0b 00 0e 00 00 00 f4 6f 0b 00 0e 00 00 00 03 70 0b 00 0f 00 00 00	.o.......o.......o.......p......
bea0	12 70 0b 00 0b 00 00 00 22 70 0b 00 0f 00 00 00 2e 70 0b 00 0f 00 00 00 3e 70 0b 00 08 00 00 00	.p......"p.......p......>p......
bec0	4e 70 0b 00 07 00 00 00 57 70 0b 00 04 00 00 00 5f 70 0b 00 0f 00 00 00 64 70 0b 00 06 00 00 00	Np......Wp......_p......dp......
bee0	74 70 0b 00 ff 00 00 00 7b 70 0b 00 23 00 00 00 7b 71 0b 00 23 00 00 00 9f 71 0b 00 0e 00 00 00	tp......{p..#...{q..#....q......
bf00	c3 71 0b 00 07 00 00 00 d2 71 0b 00 0a 00 00 00 da 71 0b 00 04 00 00 00 e5 71 0b 00 36 00 00 00	.q.......q.......q.......q..6...
bf20	ea 71 0b 00 b5 00 00 00 21 72 0b 00 04 00 00 00 d7 72 0b 00 f5 00 00 00 dc 72 0b 00 19 00 00 00	.q......!r.......r.......r......
bf40	d2 73 0b 00 42 00 00 00 ec 73 0b 00 1b 00 00 00 2f 74 0b 00 34 01 00 00 4b 74 0b 00 3e 00 00 00	.s..B....s....../t..4...Kt..>...
bf60	80 75 0b 00 29 00 00 00 bf 75 0b 00 33 00 00 00 e9 75 0b 00 14 02 00 00 1d 76 0b 00 40 00 00 00	.u..)....u..3....u.......v..@...
bf80	32 78 0b 00 3d 00 00 00 73 78 0b 00 07 01 00 00 b1 78 0b 00 23 00 00 00 b9 79 0b 00 11 00 00 00	2x..=...sx.......x..#....y......
bfa0	dd 79 0b 00 3f 00 00 00 ef 79 0b 00 20 00 00 00 2f 7a 0b 00 6f 00 00 00 50 7a 0b 00 3d 00 00 00	.y..?....y....../z..o...Pz..=...
bfc0	c0 7a 0b 00 68 00 00 00 fe 7a 0b 00 6b 00 00 00 67 7b 0b 00 23 00 00 00 d3 7b 0b 00 07 00 00 00	.z..h....z..k...g{..#....{......
bfe0	f7 7b 0b 00 7d 00 00 00 ff 7b 0b 00 06 00 00 00 7d 7c 0b 00 16 00 00 00 84 7c 0b 00 35 00 00 00	.{..}....{......}|.......|..5...
c000	9b 7c 0b 00 10 00 00 00 d1 7c 0b 00 69 02 00 00 e2 7c 0b 00 1b 00 00 00 4c 7f 0b 00 52 01 00 00	.|.......|..i....|......L...R...
c020	68 7f 0b 00 4a 00 00 00 bb 80 0b 00 e8 01 00 00 06 81 0b 00 9d 01 00 00 ef 82 0b 00 d7 00 00 00	h...J...........................
c040	8d 84 0b 00 1e 00 00 00 65 85 0b 00 2f 00 00 00 84 85 0b 00 21 00 00 00 b4 85 0b 00 0c 00 00 00	........e.../.......!...........
c060	d6 85 0b 00 0e 00 00 00 e3 85 0b 00 24 00 00 00 f2 85 0b 00 0e 00 00 00 17 86 0b 00 59 00 00 00	............$...............Y...
c080	26 86 0b 00 22 00 00 00 80 86 0b 00 05 00 00 00 a3 86 0b 00 20 00 00 00 a9 86 0b 00 14 00 00 00	&..."...........................
c0a0	ca 86 0b 00 42 00 00 00 df 86 0b 00 1f 00 00 00 22 87 0b 00 2e 00 00 00 42 87 0b 00 10 00 00 00	....B...........".......B.......
c0c0	71 87 0b 00 10 00 00 00 82 87 0b 00 12 00 00 00 93 87 0b 00 12 00 00 00 a6 87 0b 00 2e 00 00 00	q...............................
c0e0	b9 87 0b 00 3c 00 00 00 e8 87 0b 00 3b 00 00 00 25 88 0b 00 0b 00 00 00 61 88 0b 00 38 00 00 00	....<.......;...%.......a...8...
c100	6d 88 0b 00 2c 00 00 00 a6 88 0b 00 09 00 00 00 d3 88 0b 00 09 00 00 00 dd 88 0b 00 0e 00 00 00	m...,...........................
c120	e7 88 0b 00 63 00 00 00 f6 88 0b 00 9c 00 00 00 5a 89 0b 00 ab 00 00 00 f7 89 0b 00 eb 00 00 00	....c...........Z...............
c140	a3 8a 0b 00 30 00 00 00 8f 8b 0b 00 07 00 00 00 c0 8b 0b 00 63 00 00 00 c8 8b 0b 00 0c 01 00 00	....0...............c...........
c160	2c 8c 0b 00 0c 00 00 00 39 8d 0b 00 0c 00 00 00 46 8d 0b 00 15 00 00 00 53 8d 0b 00 08 00 00 00	,.......9.......F.......S.......
c180	69 8d 0b 00 8c 00 00 00 72 8d 0b 00 03 00 00 00 ff 8d 0b 00 0a 00 00 00 03 8e 0b 00 35 00 00 00	i.......r...................5...
c1a0	0e 8e 0b 00 13 00 00 00 44 8e 0b 00 19 00 00 00 58 8e 0b 00 06 00 00 00 72 8e 0b 00 3b 02 00 00	........D.......X.......r...;...
c1c0	79 8e 0b 00 85 00 00 00 b5 90 0b 00 0e 00 00 00 3b 91 0b 00 09 00 00 00 4a 91 0b 00 35 00 00 00	y...............;.......J...5...
c1e0	54 91 0b 00 04 00 00 00 8a 91 0b 00 e8 01 00 00 8f 91 0b 00 5f 00 00 00 78 93 0b 00 61 00 00 00	T..................._...x...a...
c200	d8 93 0b 00 03 00 00 00 3a 94 0b 00 0b 00 00 00 3e 94 0b 00 1d 00 00 00 4a 94 0b 00 10 00 00 00	........:.......>.......J.......
c220	68 94 0b 00 4d 00 00 00 79 94 0b 00 0f 00 00 00 c7 94 0b 00 3b 00 00 00 d7 94 0b 00 12 00 00 00	h...M...y...........;...........
c240	13 95 0b 00 1d 00 00 00 26 95 0b 00 51 00 00 00 44 95 0b 00 41 00 00 00 96 95 0b 00 6a 00 00 00	........&...Q...D...A.......j...
c260	d8 95 0b 00 66 00 00 00 43 96 0b 00 1c 00 00 00 aa 96 0b 00 8d 00 00 00 c7 96 0b 00 d1 00 00 00	....f...C.......................
c280	55 97 0b 00 1d 00 00 00 27 98 0b 00 e3 00 00 00 45 98 0b 00 e4 00 00 00 29 99 0b 00 24 00 00 00	U.......'.......E.......)...$...
c2a0	0e 9a 0b 00 5a 00 00 00 33 9a 0b 00 1a 00 00 00 8e 9a 0b 00 21 00 00 00 a9 9a 0b 00 29 00 00 00	....Z...3...........!.......)...
c2c0	cb 9a 0b 00 77 00 00 00 f5 9a 0b 00 73 00 00 00 6d 9b 0b 00 53 00 00 00 e1 9b 0b 00 5c 00 00 00	....w.......s...m...S.......\...
c2e0	35 9c 0b 00 1e 00 00 00 92 9c 0b 00 54 00 00 00 b1 9c 0b 00 60 00 00 00 06 9d 0b 00 24 00 00 00	5...........T.......`.......$...
c300	67 9d 0b 00 61 00 00 00 8c 9d 0b 00 48 00 00 00 ee 9d 0b 00 25 00 00 00 37 9e 0b 00 28 00 00 00	g...a.......H.......%...7...(...
c320	5d 9e 0b 00 2e 00 00 00 86 9e 0b 00 9e 00 00 00 b5 9e 0b 00 11 00 00 00 54 9f 0b 00 7a 00 00 00	].......................T...z...
c340	66 9f 0b 00 17 00 00 00 e1 9f 0b 00 13 00 00 00 f9 9f 0b 00 7d 00 00 00 0d a0 0b 00 83 00 00 00	f...................}...........
c360	8b a0 0b 00 11 00 00 00 0f a1 0b 00 10 00 00 00 21 a1 0b 00 33 00 00 00 32 a1 0b 00 6a 00 00 00	................!...3...2...j...
c380	66 a1 0b 00 22 00 00 00 d1 a1 0b 00 1e 01 00 00 f4 a1 0b 00 dd 00 00 00 13 a3 0b 00 49 00 00 00	f...".......................I...
c3a0	f1 a3 0b 00 06 00 00 00 3b a4 0b 00 11 00 00 00 42 a4 0b 00 38 00 00 00 54 a4 0b 00 28 00 00 00	........;.......B...8...T...(...
c3c0	8d a4 0b 00 24 00 00 00 b6 a4 0b 00 37 00 00 00 db a4 0b 00 43 00 00 00 13 a5 0b 00 0a 00 00 00	....$.......7.......C...........
c3e0	57 a5 0b 00 b3 00 00 00 62 a5 0b 00 8c 00 00 00 16 a6 0b 00 21 00 00 00 a3 a6 0b 00 05 00 00 00	W.......b...........!...........
c400	c5 a6 0b 00 89 01 00 00 cb a6 0b 00 ae 01 00 00 55 a8 0b 00 27 00 00 00 04 aa 0b 00 09 00 00 00	................U...'...........
c420	2c aa 0b 00 fc 00 00 00 36 aa 0b 00 0f 00 00 00 33 ab 0b 00 6c 00 00 00 43 ab 0b 00 35 00 00 00	,.......6.......3...l...C...5...
c440	b0 ab 0b 00 d4 00 00 00 e6 ab 0b 00 d4 00 00 00 bb ac 0b 00 f4 00 00 00 90 ad 0b 00 24 00 00 00	............................$...
c460	85 ae 0b 00 6f 00 00 00 aa ae 0b 00 10 00 00 00 1a af 0b 00 c6 00 00 00 2b af 0b 00 30 00 00 00	....o...................+...0...
c480	f2 af 0b 00 a3 00 00 00 23 b0 0b 00 a4 00 00 00 c7 b0 0b 00 25 00 00 00 6c b1 0b 00 38 00 00 00	........#...........%...l...8...
c4a0	92 b1 0b 00 22 00 00 00 cb b1 0b 00 65 00 00 00 ee b1 0b 00 80 00 00 00 54 b2 0b 00 74 00 00 00	....".......e...........T...t...
c4c0	d5 b2 0b 00 6a 00 00 00 4a b3 0b 00 a9 00 00 00 b5 b3 0b 00 01 00 00 00 5f b4 0b 00 03 00 00 00	....j...J..............._.......
c4e0	61 b4 0b 00 1f 00 00 00 65 b4 0b 00 11 00 00 00 85 b4 0b 00 10 00 00 00 97 b4 0b 00 37 01 00 00	a.......e...................7...
c500	a8 b4 0b 00 0b 00 00 00 e0 b5 0b 00 0e 00 00 00 ec b5 0b 00 17 00 00 00 fb b5 0b 00 22 00 00 00	............................"...
c520	13 b6 0b 00 05 00 00 00 36 b6 0b 00 0c 00 00 00 3c b6 0b 00 eb 00 00 00 49 b6 0b 00 03 00 00 00	........6.......<.......I.......
c540	35 b7 0b 00 41 02 00 00 39 b7 0b 00 ad 00 00 00 7b b9 0b 00 0d 00 00 00 29 ba 0b 00 91 00 00 00	5...A...9.......{.......).......
c560	37 ba 0b 00 0b 00 00 00 c9 ba 0b 00 16 00 00 00 d5 ba 0b 00 40 00 00 00 ec ba 0b 00 23 00 00 00	7...................@.......#...
c580	2d bb 0b 00 1f 00 00 00 51 bb 0b 00 07 00 00 00 71 bb 0b 00 0f 00 00 00 79 bb 0b 00 4b 00 00 00	-.......Q.......q.......y...K...
c5a0	89 bb 0b 00 ab 01 00 00 d5 bb 0b 00 a3 00 00 00 81 bd 0b 00 13 00 00 00 25 be 0b 00 1c 00 00 00	........................%.......
c5c0	39 be 0b 00 18 00 00 00 56 be 0b 00 23 00 00 00 6f be 0b 00 0f 00 00 00 93 be 0b 00 10 00 00 00	9.......V...#...o...............
c5e0	a3 be 0b 00 0e 00 00 00 b4 be 0b 00 25 00 00 00 c3 be 0b 00 1a 00 00 00 e9 be 0b 00 18 00 00 00	............%...................
c600	04 bf 0b 00 45 00 00 00 1d bf 0b 00 16 00 00 00 63 bf 0b 00 25 00 00 00 7a bf 0b 00 38 00 00 00	....E...........c...%...z...8...
c620	a0 bf 0b 00 36 00 00 00 d9 bf 0b 00 20 00 00 00 10 c0 0b 00 13 00 00 00 31 c0 0b 00 1e 00 00 00	....6...................1.......
c640	45 c0 0b 00 15 00 00 00 64 c0 0b 00 ba 00 00 00 7a c0 0b 00 25 00 00 00 35 c1 0b 00 89 00 00 00	E.......d.......z...%...5.......
c660	5b c1 0b 00 13 00 00 00 e5 c1 0b 00 1a 00 00 00 f9 c1 0b 00 3a 00 00 00 14 c2 0b 00 81 01 00 00	[...................:...........
c680	4f c2 0b 00 47 00 00 00 d1 c3 0b 00 74 00 00 00 19 c4 0b 00 9d 00 00 00 8e c4 0b 00 7b 01 00 00	O...G.......t...............{...
c6a0	2c c5 0b 00 61 00 00 00 a8 c6 0b 00 06 00 00 00 0a c7 0b 00 47 00 00 00 11 c7 0b 00 44 00 00 00	,...a...............G.......D...
c6c0	59 c7 0b 00 37 00 00 00 9e c7 0b 00 07 01 00 00 d6 c7 0b 00 57 00 00 00 de c8 0b 00 31 00 00 00	Y...7...............W.......1...
c6e0	36 c9 0b 00 5b 00 00 00 68 c9 0b 00 1f 00 00 00 c4 c9 0b 00 2b 00 00 00 e4 c9 0b 00 04 00 00 00	6...[...h...........+...........
c700	10 ca 0b 00 16 00 00 00 15 ca 0b 00 37 00 00 00 2c ca 0b 00 38 01 00 00 64 ca 0b 00 0d 00 00 00	............7...,...8...d.......
c720	9d cb 0b 00 0d 00 00 00 ab cb 0b 00 12 00 00 00 b9 cb 0b 00 0a 00 00 00 cc cb 0b 00 4e 00 00 00	............................N...
c740	d7 cb 0b 00 08 01 00 00 26 cc 0b 00 24 01 00 00 2f cd 0b 00 15 00 00 00 54 ce 0b 00 5c 00 00 00	........&...$.../.......T...\...
c760	6a ce 0b 00 a4 00 00 00 c7 ce 0b 00 16 00 00 00 6c cf 0b 00 8a 02 00 00 83 cf 0b 00 1d 00 00 00	j...............l...............
c780	0e d2 0b 00 0c 00 00 00 2c d2 0b 00 1f 00 00 00 39 d2 0b 00 43 00 00 00 59 d2 0b 00 0d 00 00 00	........,.......9...C...Y.......
c7a0	9d d2 0b 00 c1 00 00 00 ab d2 0b 00 77 00 00 00 6d d3 0b 00 69 00 00 00 e5 d3 0b 00 76 00 00 00	............w...m...i.......v...
c7c0	4f d4 0b 00 0e 01 00 00 c6 d4 0b 00 cb 00 00 00 d5 d5 0b 00 19 01 00 00 a1 d6 0b 00 43 00 00 00	O...........................C...
c7e0	bb d7 0b 00 ab 00 00 00 ff d7 0b 00 9a 00 00 00 ab d8 0b 00 17 01 00 00 46 d9 0b 00 6f 00 00 00	........................F...o...
c800	5e da 0b 00 7b 00 00 00 ce da 0b 00 12 01 00 00 4a db 0b 00 e6 00 00 00 5d dc 0b 00 b6 00 00 00	^...{...........J.......].......
c820	44 dd 0b 00 b1 00 00 00 fb dd 0b 00 fb 00 00 00 ad de 0b 00 20 00 00 00 a9 df 0b 00 a0 01 00 00	D...............................
c840	ca df 0b 00 53 00 00 00 6b e1 0b 00 39 00 00 00 bf e1 0b 00 28 00 00 00 f9 e1 0b 00 3b 00 00 00	....S...k...9.......(.......;...
c860	22 e2 0b 00 34 00 00 00 5e e2 0b 00 52 00 00 00 93 e2 0b 00 53 00 00 00 e6 e2 0b 00 52 00 00 00	"...4...^...R.......S.......R...
c880	3a e3 0b 00 80 01 00 00 8d e3 0b 00 23 00 00 00 0e e5 0b 00 0b 00 00 00 32 e5 0b 00 ad 00 00 00	:...........#...........2.......
c8a0	3e e5 0b 00 91 00 00 00 ec e5 0b 00 1b 02 00 00 7e e6 0b 00 e8 01 00 00 9a e8 0b 00 07 00 00 00	>...............~...............
c8c0	83 ea 0b 00 df 00 00 00 8b ea 0b 00 45 01 00 00 6b eb 0b 00 22 00 00 00 b1 ec 0b 00 79 01 00 00	............E...k...".......y...
c8e0	d4 ec 0b 00 a6 00 00 00 4e ee 0b 00 83 00 00 00 f5 ee 0b 00 19 00 00 00 79 ef 0b 00 0f 00 00 00	........N...............y.......
c900	93 ef 0b 00 09 00 00 00 a3 ef 0b 00 12 00 00 00 ad ef 0b 00 0e 00 00 00 c0 ef 0b 00 21 00 00 00	............................!...
c920	cf ef 0b 00 17 00 00 00 f1 ef 0b 00 14 00 00 00 09 f0 0b 00 19 00 00 00 1e f0 0b 00 14 00 00 00	................................
c940	38 f0 0b 00 06 00 00 00 4d f0 0b 00 13 00 00 00 54 f0 0b 00 12 00 00 00 68 f0 0b 00 0d 00 00 00	8.......M.......T.......h.......
c960	7b f0 0b 00 6a 00 00 00 89 f0 0b 00 17 00 00 00 f4 f0 0b 00 2e 00 00 00 0c f1 0b 00 2d 00 00 00	{...j.......................-...
c980	3b f1 0b 00 08 00 00 00 69 f1 0b 00 16 00 00 00 72 f1 0b 00 59 00 00 00 89 f1 0b 00 19 00 00 00	;.......i.......r...Y...........
c9a0	e3 f1 0b 00 7e 00 00 00 fd f1 0b 00 07 00 00 00 7c f2 0b 00 2a 00 00 00 84 f2 0b 00 4f 00 00 00	....~...........|...*.......O...
c9c0	af f2 0b 00 17 00 00 00 ff f2 0b 00 3b 00 00 00 17 f3 0b 00 87 01 00 00 53 f3 0b 00 6e 00 00 00	............;...........S...n...
c9e0	db f4 0b 00 24 00 00 00 4a f5 0b 00 54 00 00 00 6f f5 0b 00 a4 01 00 00 c4 f5 0b 00 8f 01 00 00	....$...J...T...o...............
ca00	69 f7 0b 00 24 00 00 00 f9 f8 0b 00 1f 00 00 00 1e f9 0b 00 07 00 00 00 3e f9 0b 00 1b 00 00 00	i...$...................>.......
ca20	46 f9 0b 00 08 00 00 00 62 f9 0b 00 5c 00 00 00 6b f9 0b 00 08 00 00 00 c8 f9 0b 00 1b 00 00 00	F.......b...\...k...............
ca40	d1 f9 0b 00 57 00 00 00 ed f9 0b 00 14 00 00 00 45 fa 0b 00 3f 00 00 00 5a fa 0b 00 3a 00 00 00	....W...........E...?...Z...:...
ca60	9a fa 0b 00 75 00 00 00 d5 fa 0b 00 69 00 00 00 4b fb 0b 00 32 01 00 00 b5 fb 0b 00 36 01 00 00	....u.......i...K...2.......6...
ca80	e8 fc 0b 00 0c 00 00 00 1f fe 0b 00 41 01 00 00 2c fe 0b 00 03 00 00 00 6e ff 0b 00 04 00 00 00	............A...,.......n.......
caa0	72 ff 0b 00 0c 00 00 00 77 ff 0b 00 05 00 00 00 84 ff 0b 00 0c 00 00 00 8a ff 0b 00 0d 00 00 00	r.......w.......................
cac0	97 ff 0b 00 0b 00 00 00 a5 ff 0b 00 ae 00 00 00 b1 ff 0b 00 31 01 00 00 60 00 0c 00 ca 00 00 00	....................1...`.......
cae0	92 01 0c 00 43 00 00 00 5d 02 0c 00 46 00 00 00 a1 02 0c 00 0b 00 00 00 e8 02 0c 00 0b 00 00 00	....C...]...F...................
cb00	f4 02 0c 00 19 00 00 00 00 03 0c 00 0f 00 00 00 1a 03 0c 00 ba 01 00 00 2a 03 0c 00 6a 00 00 00	........................*...j...
cb20	e5 04 0c 00 13 00 00 00 50 05 0c 00 e4 00 00 00 64 05 0c 00 46 00 00 00 49 06 0c 00 88 01 00 00	........P.......d...F...I.......
cb40	90 06 0c 00 89 01 00 00 19 08 0c 00 0b 00 00 00 a3 09 0c 00 ce 00 00 00 af 09 0c 00 6c 00 00 00	............................l...
cb60	7e 0a 0c 00 10 01 00 00 eb 0a 0c 00 6e 00 00 00 fc 0b 0c 00 26 00 00 00 6b 0c 0c 00 40 00 00 00	~...........n.......&...k...@...
cb80	92 0c 0c 00 a0 00 00 00 d3 0c 0c 00 b9 00 00 00 74 0d 0c 00 58 00 00 00 2e 0e 0c 00 64 00 00 00	................t...X.......d...
cba0	87 0e 0c 00 39 00 00 00 ec 0e 0c 00 45 00 00 00 26 0f 0c 00 4a 00 00 00 6c 0f 0c 00 4b 00 00 00	....9.......E...&...J...l...K...
cbc0	b7 0f 0c 00 96 00 00 00 03 10 0c 00 37 00 00 00 9a 10 0c 00 8f 00 00 00 d2 10 0c 00 06 00 00 00	............7...................
cbe0	62 11 0c 00 0f 00 00 00 69 11 0c 00 1b 00 00 00 79 11 0c 00 33 00 00 00 95 11 0c 00 56 00 00 00	b.......i.......y...3.......V...
cc00	c9 11 0c 00 0b 00 00 00 20 12 0c 00 12 00 00 00 2c 12 0c 00 38 00 00 00 3f 12 0c 00 19 00 00 00	................,...8...?.......
cc20	78 12 0c 00 33 00 00 00 92 12 0c 00 1f 00 00 00 c6 12 0c 00 2e 00 00 00 e6 12 0c 00 93 01 00 00	x...3...........................
cc40	15 13 0c 00 0a 00 00 00 a9 14 0c 00 0a 00 00 00 b4 14 0c 00 63 00 00 00 bf 14 0c 00 2f 00 00 00	....................c......./...
cc60	23 15 0c 00 32 00 00 00 53 15 0c 00 4c 00 00 00 86 15 0c 00 23 00 00 00 d3 15 0c 00 64 00 00 00	#...2...S...L.......#.......d...
cc80	f7 15 0c 00 65 00 00 00 5c 16 0c 00 6e 00 00 00 c2 16 0c 00 29 00 00 00 31 17 0c 00 dd 00 00 00	....e...\...n.......)...1.......
cca0	5b 17 0c 00 2d 00 00 00 39 18 0c 00 11 00 00 00 67 18 0c 00 11 00 00 00 79 18 0c 00 12 00 00 00	[...-...9.......g.......y.......
ccc0	8b 18 0c 00 0c 00 00 00 9e 18 0c 00 30 00 00 00 ab 18 0c 00 3f 00 00 00 dc 18 0c 00 40 00 00 00	............0.......?.......@...
cce0	1c 19 0c 00 04 01 00 00 5d 19 0c 00 a9 00 00 00 62 1a 0c 00 18 00 00 00 0c 1b 0c 00 08 00 00 00	........].......b...............
cd00	25 1b 0c 00 46 00 00 00 2e 1b 0c 00 4d 00 00 00 75 1b 0c 00 1f 00 00 00 c3 1b 0c 00 4f 00 00 00	%...F.......M...u...........O...
cd20	e3 1b 0c 00 3d 00 00 00 33 1c 0c 00 08 00 00 00 71 1c 0c 00 0e 00 00 00 7a 1c 0c 00 84 01 00 00	....=...3.......q.......z.......
cd40	89 1c 0c 00 8c 00 00 00 0e 1e 0c 00 11 00 00 00 9b 1e 0c 00 0e 01 00 00 ad 1e 0c 00 3a 00 00 00	............................:...
cd60	bc 1f 0c 00 09 00 00 00 f7 1f 0c 00 38 00 00 00 01 20 0c 00 bd 00 00 00 3a 20 0c 00 30 00 00 00	............8...........:...0...
cd80	f8 20 0c 00 31 00 00 00 29 21 0c 00 24 00 00 00 5b 21 0c 00 23 00 00 00 80 21 0c 00 20 00 00 00	....1...)!..$...[!..#....!......
cda0	a4 21 0c 00 21 00 00 00 c5 21 0c 00 3a 00 00 00 e7 21 0c 00 1f 00 00 00 22 22 0c 00 32 00 00 00	.!..!....!..:....!......""..2...
cdc0	42 22 0c 00 26 00 00 00 75 22 0c 00 13 00 00 00 9c 22 0c 00 41 00 00 00 b0 22 0c 00 a0 00 00 00	B"..&...u"......."..A...."......
cde0	f2 22 0c 00 3e 00 00 00 93 23 0c 00 1f 00 00 00 d2 23 0c 00 ce 00 00 00 f2 23 0c 00 4c 01 00 00	."..>....#.......#.......#..L...
ce00	c1 24 0c 00 36 01 00 00 0e 26 0c 00 21 00 00 00 45 27 0c 00 1e 00 00 00 67 27 0c 00 0e 00 00 00	.$..6....&..!...E'......g'......
ce20	86 27 0c 00 03 00 00 00 95 27 0c 00 39 00 00 00 99 27 0c 00 2f 00 00 00 d3 27 0c 00 b8 00 00 00	.'.......'..9....'../....'......
ce40	03 28 0c 00 24 00 00 00 bc 28 0c 00 49 00 00 00 e1 28 0c 00 03 00 00 00 2b 29 0c 00 24 00 00 00	.(..$....(..I....(......+)..$...
ce60	2f 29 0c 00 03 00 00 00 54 29 0c 00 06 00 00 00 58 29 0c 00 0c 00 00 00 5f 29 0c 00 18 00 00 00	/)......T)......X)......_)......
ce80	6c 29 0c 00 15 00 00 00 85 29 0c 00 22 00 00 00 9b 29 0c 00 4c 00 00 00 be 29 0c 00 45 00 00 00	l).......).."....)..L....)..E...
cea0	0b 2a 0c 00 98 00 00 00 51 2a 0c 00 15 00 00 00 ea 2a 0c 00 53 01 00 00 00 2b 0c 00 20 00 00 00	.*......Q*.......*..S....+......
cec0	54 2c 0c 00 03 00 00 00 75 2c 0c 00 21 00 00 00 79 2c 0c 00 21 00 00 00 9b 2c 0c 00 04 00 00 00	T,......u,..!...y,..!....,......
cee0	bd 2c 0c 00 15 00 00 00 c2 2c 0c 00 e1 00 00 00 d8 2c 0c 00 08 00 00 00 ba 2d 0c 00 0d 00 00 00	.,.......,.......,.......-......
cf00	c3 2d 0c 00 c3 00 00 00 d1 2d 0c 00 20 00 00 00 95 2e 0c 00 21 00 00 00 b6 2e 0c 00 0c 00 00 00	.-.......-..........!...........
cf20	d8 2e 0c 00 0a 00 00 00 e5 2e 0c 00 72 00 00 00 f0 2e 0c 00 dc 00 00 00 63 2f 0c 00 0e 00 00 00	............r...........c/......
cf40	40 30 0c 00 4f 00 00 00 4f 30 0c 00 6a 00 00 00 9f 30 0c 00 50 00 00 00 0a 31 0c 00 0e 00 00 00	@0..O...O0..j....0..P....1......
cf60	5b 31 0c 00 0b 00 00 00 6a 31 0c 00 1f 00 00 00 76 31 0c 00 41 00 00 00 96 31 0c 00 13 04 00 00	[1......j1......v1..A....1......
cf80	d8 31 0c 00 87 00 00 00 ec 35 0c 00 25 00 00 00 74 36 0c 00 16 00 00 00 9a 36 0c 00 2f 01 00 00	.1.......5..%...t6.......6../...
cfa0	b1 36 0c 00 96 00 00 00 e1 37 0c 00 1e 00 00 00 78 38 0c 00 1c 00 00 00 97 38 0c 00 ad 01 00 00	.6.......7......x8.......8......
cfc0	b4 38 0c 00 45 00 00 00 62 3a 0c 00 16 00 00 00 a8 3a 0c 00 35 00 00 00 bf 3a 0c 00 3b 00 00 00	.8..E...b:.......:..5....:..;...
cfe0	f5 3a 0c 00 4a 00 00 00 31 3b 0c 00 54 00 00 00 7c 3b 0c 00 73 00 00 00 d1 3b 0c 00 4c 00 00 00	.:..J...1;..T...|;..s....;..L...
d000	45 3c 0c 00 0d 00 00 00 92 3c 0c 00 23 00 00 00 a0 3c 0c 00 23 00 00 00 c4 3c 0c 00 21 00 00 00	E<.......<..#....<..#....<..!...
d020	e8 3c 0c 00 15 00 00 00 0a 3d 0c 00 0b 00 00 00 20 3d 0c 00 0a 00 00 00 2c 3d 0c 00 1e 00 00 00	.<.......=.......=......,=......
d040	37 3d 0c 00 0b 00 00 00 56 3d 0c 00 1f 00 00 00 62 3d 0c 00 15 00 00 00 82 3d 0c 00 4e 00 00 00	7=......V=......b=.......=..N...
d060	98 3d 0c 00 0b 00 00 00 e7 3d 0c 00 3d 00 00 00 f3 3d 0c 00 25 00 00 00 31 3e 0c 00 11 00 00 00	.=.......=..=....=..%...1>......
d080	57 3e 0c 00 76 00 00 00 69 3e 0c 00 43 00 00 00 e0 3e 0c 00 6b 00 00 00 24 3f 0c 00 0c 00 00 00	W>..v...i>..C....>..k...$?......
d0a0	90 3f 0c 00 0d 00 00 00 9d 3f 0c 00 05 00 00 00 ab 3f 0c 00 0d 00 00 00 b1 3f 0c 00 0e 00 00 00	.?.......?.......?.......?......
d0c0	bf 3f 0c 00 81 00 00 00 ce 3f 0c 00 07 00 00 00 50 40 0c 00 1a 00 00 00 58 40 0c 00 27 00 00 00	.?.......?......P@......X@..'...
d0e0	73 40 0c 00 19 00 00 00 9b 40 0c 00 17 00 00 00 b5 40 0c 00 1f 00 00 00 cd 40 0c 00 6d 00 00 00	s@.......@.......@.......@..m...
d100	ed 40 0c 00 58 00 00 00 5b 41 0c 00 0c 00 00 00 b4 41 0c 00 0b 00 00 00 c1 41 0c 00 10 00 00 00	.@..X...[A.......A.......A......
d120	cd 41 0c 00 3d 00 00 00 de 41 0c 00 39 00 00 00 1c 42 0c 00 40 00 00 00 56 42 0c 00 0d 00 00 00	.A..=....A..9....B..@...VB......
d140	97 42 0c 00 0b 00 00 00 a5 42 0c 00 1f 00 00 00 b1 42 0c 00 0f 00 00 00 d1 42 0c 00 0f 00 00 00	.B.......B.......B.......B......
d160	e1 42 0c 00 1d 00 00 00 f1 42 0c 00 09 00 00 00 0f 43 0c 00 10 00 00 00 19 43 0c 00 14 00 00 00	.B.......B.......C.......C......
d180	2a 43 0c 00 1d 00 00 00 3f 43 0c 00 0f 00 00 00 5d 43 0c 00 1d 00 00 00 6d 43 0c 00 17 00 00 00	*C......?C......]C......mC......
d1a0	8b 43 0c 00 d0 01 00 00 a3 43 0c 00 2e 00 00 00 74 45 0c 00 7d 00 00 00 a3 45 0c 00 c1 00 00 00	.C.......C......tE..}....E......
d1c0	21 46 0c 00 0c 00 00 00 e3 46 0c 00 13 00 00 00 f0 46 0c 00 15 00 00 00 04 47 0c 00 0f 00 00 00	!F.......F.......F.......G......
d1e0	1a 47 0c 00 67 00 00 00 2a 47 0c 00 56 00 00 00 92 47 0c 00 11 00 00 00 e9 47 0c 00 c1 00 00 00	.G..g...*G..V....G.......G......
d200	fb 47 0c 00 59 00 00 00 bd 48 0c 00 c6 00 00 00 17 49 0c 00 07 00 00 00 de 49 0c 00 07 00 00 00	.G..Y....H.......I.......I......
d220	e6 49 0c 00 35 00 00 00 ee 49 0c 00 69 00 00 00 24 4a 0c 00 6c 00 00 00 8e 4a 0c 00 7c 00 00 00	.I..5....I..i...$J..l....J..|...
d240	fb 4a 0c 00 69 00 00 00 78 4b 0c 00 0b 00 00 00 e2 4b 0c 00 09 00 00 00 ee 4b 0c 00 11 00 00 00	.J..i...xK.......K.......K......
d260	f8 4b 0c 00 05 00 00 00 0a 4c 0c 00 ad 00 00 00 10 4c 0c 00 4c 00 00 00 be 4c 0c 00 12 00 00 00	.K.......L.......L..L....L......
d280	0b 4d 0c 00 04 00 00 00 1e 4d 0c 00 06 00 00 00 23 4d 0c 00 04 00 00 00 2a 4d 0c 00 0f 00 00 00	.M.......M......#M......*M......
d2a0	2f 4d 0c 00 16 00 00 00 3f 4d 0c 00 d7 00 00 00 56 4d 0c 00 fd 00 00 00 2e 4e 0c 00 65 01 00 00	/M......?M......VM.......N..e...
d2c0	2c 4f 0c 00 06 00 00 00 92 50 0c 00 f4 00 00 00 99 50 0c 00 00 01 00 00 8e 51 0c 00 06 00 00 00	,O.......P.......P.......Q......
d2e0	8f 52 0c 00 0b 02 00 00 96 52 0c 00 e2 01 00 00 a2 54 0c 00 03 00 00 00 85 56 0c 00 27 00 00 00	.R.......R.......T.......V..'...
d300	89 56 0c 00 18 00 00 00 b1 56 0c 00 0a 00 00 00 ca 56 0c 00 7b 01 00 00 d5 56 0c 00 40 00 00 00	.V.......V.......V..{....V..@...
d320	51 58 0c 00 a9 01 00 00 92 58 0c 00 30 00 00 00 3c 5a 0c 00 10 00 00 00 6d 5a 0c 00 1b 00 00 00	QX.......X..0...<Z......mZ......
d340	7e 5a 0c 00 2e 00 00 00 9a 5a 0c 00 0b 00 00 00 c9 5a 0c 00 13 00 00 00 d5 5a 0c 00 0b 00 00 00	~Z.......Z.......Z.......Z......
d360	e9 5a 0c 00 2e 00 00 00 f5 5a 0c 00 46 00 00 00 24 5b 0c 00 0d 00 00 00 6b 5b 0c 00 0b 00 00 00	.Z.......Z..F...$[......k[......
d380	79 5b 0c 00 58 01 00 00 85 5b 0c 00 88 00 00 00 de 5c 0c 00 45 00 00 00 67 5d 0c 00 29 00 00 00	y[..X....[.......\..E...g]..)...
d3a0	ad 5d 0c 00 96 00 00 00 d7 5d 0c 00 10 00 00 00 6e 5e 0c 00 09 00 00 00 7f 5e 0c 00 a8 00 00 00	.].......]......n^.......^......
d3c0	89 5e 0c 00 3a 00 00 00 32 5f 0c 00 08 00 00 00 6d 5f 0c 00 20 00 00 00 76 5f 0c 00 4b 00 00 00	.^..:...2_......m_......v_..K...
d3e0	97 5f 0c 00 0f 00 00 00 e3 5f 0c 00 26 01 00 00 f3 5f 0c 00 5b 01 00 00 1a 61 0c 00 87 00 00 00	._......._..&...._..[....a......
d400	76 62 0c 00 86 00 00 00 fe 62 0c 00 ce 01 00 00 85 63 0c 00 51 00 00 00 54 65 0c 00 f2 00 00 00	vb.......b.......c..Q...Te......
d420	a6 65 0c 00 0e 00 00 00 99 66 0c 00 34 00 00 00 a8 66 0c 00 36 00 00 00 dd 66 0c 00 bd 00 00 00	.e.......f..4....f..6....f......
d440	14 67 0c 00 7e 00 00 00 d2 67 0c 00 0e 00 00 00 51 68 0c 00 dd 00 00 00 60 68 0c 00 06 00 00 00	.g..~....g......Qh......`h......
d460	3e 69 0c 00 12 00 00 00 45 69 0c 00 14 00 00 00 58 69 0c 00 0b 00 00 00 6d 69 0c 00 14 00 00 00	>i......Ei......Xi......mi......
d480	79 69 0c 00 42 00 00 00 8e 69 0c 00 07 00 00 00 d1 69 0c 00 07 00 00 00 d9 69 0c 00 c7 00 00 00	yi..B....i.......i.......i......
d4a0	e1 69 0c 00 29 00 00 00 a9 6a 0c 00 28 00 00 00 d3 6a 0c 00 23 00 00 00 fc 6a 0c 00 14 00 00 00	.i..)....j..(....j..#....j......
d4c0	20 6b 0c 00 20 00 00 00 35 6b 0c 00 18 00 00 00 56 6b 0c 00 28 00 00 00 6f 6b 0c 00 1d 00 00 00	.k......5k......Vk..(...ok......
d4e0	98 6b 0c 00 29 00 00 00 b6 6b 0c 00 1e 00 00 00 e0 6b 0c 00 30 00 00 00 ff 6b 0c 00 4b 00 00 00	.k..)....k.......k..0....k..K...
d500	30 6c 0c 00 6e 00 00 00 7c 6c 0c 00 2d 00 00 00 eb 6c 0c 00 16 00 00 00 19 6d 0c 00 1c 00 00 00	0l..n...|l..-....l.......m......
d520	30 6d 0c 00 1b 00 00 00 4d 6d 0c 00 35 00 00 00 69 6d 0c 00 97 00 00 00 9f 6d 0c 00 4e 00 00 00	0m......Mm..5...im.......m..N...
d540	37 6e 0c 00 1d 00 00 00 86 6e 0c 00 4c 00 00 00 a4 6e 0c 00 17 00 00 00 f1 6e 0c 00 1f 00 00 00	7n.......n..L....n.......n......
d560	09 6f 0c 00 1b 00 00 00 29 6f 0c 00 24 00 00 00 45 6f 0c 00 31 00 00 00 6a 6f 0c 00 4a 00 00 00	.o......)o..$...Eo..1...jo..J...
d580	9c 6f 0c 00 5a 00 00 00 e7 6f 0c 00 2a 00 00 00 42 70 0c 00 3f 00 00 00 6d 70 0c 00 47 00 00 00	.o..Z....o..*...Bp..?...mp..G...
d5a0	ad 70 0c 00 28 00 00 00 f5 70 0c 00 2a 00 00 00 1e 71 0c 00 2d 00 00 00 49 71 0c 00 30 00 00 00	.p..(....p..*....q..-...Iq..0...
d5c0	77 71 0c 00 2d 00 00 00 a8 71 0c 00 2c 00 00 00 d6 71 0c 00 19 00 00 00 03 72 0c 00 29 00 00 00	wq..-....q..,....q.......r..)...
d5e0	1d 72 0c 00 30 00 00 00 47 72 0c 00 24 00 00 00 78 72 0c 00 2b 00 00 00 9d 72 0c 00 29 00 00 00	.r..0...Gr..$...xr..+....r..)...
d600	c9 72 0c 00 35 00 00 00 f3 72 0c 00 2a 00 00 00 29 73 0c 00 2b 00 00 00 54 73 0c 00 55 00 00 00	.r..5....r..*...)s..+...Ts..U...
d620	80 73 0c 00 3c 00 00 00 d6 73 0c 00 90 00 00 00 13 74 0c 00 1a 00 00 00 a4 74 0c 00 4c 00 00 00	.s..<....s.......t.......t..L...
d640	bf 74 0c 00 1f 00 00 00 0c 75 0c 00 71 00 00 00 2c 75 0c 00 6b 00 00 00 9e 75 0c 00 5b 00 00 00	.t.......u..q...,u..k....u..[...
d660	0a 76 0c 00 2c 00 00 00 66 76 0c 00 4e 00 00 00 93 76 0c 00 2a 00 00 00 e2 76 0c 00 a0 00 00 00	.v..,...fv..N....v..*....v......
d680	0d 77 0c 00 65 00 00 00 ae 77 0c 00 27 01 00 00 14 78 0c 00 d0 00 00 00 3c 79 0c 00 d8 00 00 00	.w..e....w..'....x......<y......
d6a0	0d 7a 0c 00 3f 00 00 00 e6 7a 0c 00 38 00 00 00 26 7b 0c 00 46 00 00 00 5f 7b 0c 00 53 00 00 00	.z..?....z..8...&{..F..._{..S...
d6c0	a6 7b 0c 00 45 00 00 00 fa 7b 0c 00 26 01 00 00 40 7c 0c 00 f1 00 00 00 67 7d 0c 00 48 00 00 00	.{..E....{..&...@|......g}..H...
d6e0	59 7e 0c 00 49 00 00 00 a2 7e 0c 00 d0 00 00 00 ec 7e 0c 00 16 00 00 00 bd 7f 0c 00 60 00 00 00	Y~..I....~.......~..........`...
d700	d4 7f 0c 00 50 00 00 00 35 80 0c 00 27 00 00 00 86 80 0c 00 18 00 00 00 ae 80 0c 00 49 00 00 00	....P...5...'...............I...
d720	c7 80 0c 00 52 00 00 00 11 81 0c 00 58 00 00 00 64 81 0c 00 3d 00 00 00 bd 81 0c 00 25 00 00 00	....R.......X...d...=.......%...
d740	fb 81 0c 00 26 00 00 00 21 82 0c 00 2a 00 00 00 48 82 0c 00 23 00 00 00 73 82 0c 00 47 00 00 00	....&...!...*...H...#...s...G...
d760	97 82 0c 00 f4 00 00 00 df 82 0c 00 44 00 00 00 d4 83 0c 00 61 00 00 00 19 84 0c 00 54 00 00 00	............D.......a.......T...
d780	7b 84 0c 00 3c 00 00 00 d0 84 0c 00 6d 00 00 00 0d 85 0c 00 6a 00 00 00 7b 85 0c 00 43 00 00 00	{...<.......m.......j...{...C...
d7a0	e6 85 0c 00 5c 00 00 00 2a 86 0c 00 a4 00 00 00 87 86 0c 00 a8 00 00 00 2c 87 0c 00 e8 00 00 00	....\...*...............,.......
d7c0	d5 87 0c 00 ec 00 00 00 be 88 0c 00 34 00 00 00 ab 89 0c 00 23 00 00 00 e0 89 0c 00 55 00 00 00	............4.......#.......U...
d7e0	04 8a 0c 00 66 00 00 00 5a 8a 0c 00 7b 00 00 00 c1 8a 0c 00 41 00 00 00 3d 8b 0c 00 42 00 00 00	....f...Z...{.......A...=...B...
d800	7f 8b 0c 00 41 00 00 00 c2 8b 0c 00 56 00 00 00 04 8c 0c 00 35 00 00 00 5b 8c 0c 00 2b 00 00 00	....A.......V.......5...[...+...
d820	91 8c 0c 00 2f 00 00 00 bd 8c 0c 00 63 00 00 00 ed 8c 0c 00 56 00 00 00 51 8d 0c 00 4d 00 00 00	..../.......c.......V...Q...M...
d840	a8 8d 0c 00 34 00 00 00 f6 8d 0c 00 79 01 00 00 2b 8e 0c 00 df 00 00 00 a5 8f 0c 00 f0 00 00 00	....4.......y...+...............
d860	85 90 0c 00 54 00 00 00 76 91 0c 00 32 00 00 00 cb 91 0c 00 0c 01 00 00 fe 91 0c 00 26 01 00 00	....T...v...2...............&...
d880	0b 93 0c 00 4a 00 00 00 32 94 0c 00 1a 00 00 00 7d 94 0c 00 2f 00 00 00 98 94 0c 00 a4 00 00 00	....J...2.......}.../...........
d8a0	c8 94 0c 00 2a 00 00 00 6d 95 0c 00 2d 00 00 00 98 95 0c 00 af 00 00 00 c6 95 0c 00 ce 00 00 00	....*...m...-...................
d8c0	76 96 0c 00 53 00 00 00 45 97 0c 00 45 00 00 00 99 97 0c 00 34 00 00 00 df 97 0c 00 7a 00 00 00	v...S...E...E.......4.......z...
d8e0	14 98 0c 00 27 00 00 00 8f 98 0c 00 27 00 00 00 b7 98 0c 00 5b 00 00 00 df 98 0c 00 78 00 00 00	....'.......'.......[.......x...
d900	3b 99 0c 00 5f 00 00 00 b4 99 0c 00 1b 00 00 00 14 9a 0c 00 0c 00 00 00 30 9a 0c 00 b4 01 00 00	;..._...................0.......
d920	3d 9a 0c 00 2c 00 00 00 f2 9b 0c 00 75 00 00 00 1f 9c 0c 00 41 00 00 00 95 9c 0c 00 41 00 00 00	=...,.......u.......A.......A...
d940	d7 9c 0c 00 a1 00 00 00 19 9d 0c 00 7f 00 00 00 bb 9d 0c 00 77 00 00 00 3b 9e 0c 00 08 00 00 00	....................w...;.......
d960	b3 9e 0c 00 0e 00 00 00 bc 9e 0c 00 06 00 00 00 cb 9e 0c 00 15 00 00 00 d2 9e 0c 00 27 00 00 00	............................'...
d980	e8 9e 0c 00 ee 00 00 00 10 9f 0c 00 eb 00 00 00 ff 9f 0c 00 04 00 00 00 eb a0 0c 00 20 00 00 00	................................
d9a0	f0 a0 0c 00 22 00 00 00 11 a1 0c 00 11 00 00 00 34 a1 0c 00 3a 00 00 00 46 a1 0c 00 88 00 00 00	...."...........4...:...F.......
d9c0	81 a1 0c 00 16 00 00 00 0a a2 0c 00 16 00 00 00 21 a2 0c 00 18 00 00 00 38 a2 0c 00 26 00 00 00	................!.......8...&...
d9e0	51 a2 0c 00 1a 00 00 00 78 a2 0c 00 27 00 00 00 93 a2 0c 00 23 00 00 00 bb a2 0c 00 17 00 00 00	Q.......x...'.......#...........
da00	df a2 0c 00 21 00 00 00 f7 a2 0c 00 28 00 00 00 19 a3 0c 00 49 00 00 00 42 a3 0c 00 44 00 00 00	....!.......(.......I...B...D...
da20	8c a3 0c 00 25 00 00 00 d1 a3 0c 00 12 00 00 00 f7 a3 0c 00 3a 00 00 00 0a a4 0c 00 32 00 00 00	....%...............:.......2...
da40	45 a4 0c 00 3f 00 00 00 78 a4 0c 00 a2 00 00 00 b8 a4 0c 00 21 00 00 00 5b a5 0c 00 0d 00 00 00	E...?...x...........!...[.......
da60	7d a5 0c 00 4a 00 00 00 8b a5 0c 00 2e 00 00 00 d6 a5 0c 00 2e 00 00 00 05 a6 0c 00 2e 00 00 00	}...J...........................
da80	34 a6 0c 00 1f 00 00 00 63 a6 0c 00 41 00 00 00 83 a6 0c 00 3c 00 00 00 c5 a6 0c 00 5b 00 00 00	4.......c...A.......<.......[...
daa0	02 a7 0c 00 30 00 00 00 5e a7 0c 00 3f 00 00 00 8f a7 0c 00 38 00 00 00 cf a7 0c 00 52 00 00 00	....0...^...?.......8.......R...
dac0	08 a8 0c 00 39 00 00 00 5b a8 0c 00 3b 00 00 00 95 a8 0c 00 4a 00 00 00 d1 a8 0c 00 2d 00 00 00	....9...[...;.......J.......-...
dae0	1c a9 0c 00 20 00 00 00 4a a9 0c 00 29 00 00 00 6b a9 0c 00 2b 00 00 00 95 a9 0c 00 38 00 00 00	........J...)...k...+.......8...
db00	c1 a9 0c 00 3a 00 00 00 fa a9 0c 00 3a 00 00 00 35 aa 0c 00 30 00 00 00 70 aa 0c 00 27 00 00 00	....:.......:...5...0...p...'...
db20	a1 aa 0c 00 8d 00 00 00 c9 aa 0c 00 8d 00 00 00 57 ab 0c 00 2f 00 00 00 e5 ab 0c 00 2a 00 00 00	................W.../.......*...
db40	15 ac 0c 00 19 00 00 00 40 ac 0c 00 23 00 00 00 5a ac 0c 00 37 00 00 00 7e ac 0c 00 20 00 00 00	........@...#...Z...7...~.......
db60	b6 ac 0c 00 1c 00 00 00 d7 ac 0c 00 30 00 00 00 f4 ac 0c 00 27 00 00 00 25 ad 0c 00 20 00 00 00	............0.......'...%.......
db80	4d ad 0c 00 25 00 00 00 6e ad 0c 00 0e 00 00 00 94 ad 0c 00 40 00 00 00 a3 ad 0c 00 23 00 00 00	M...%...n...........@.......#...
dba0	e4 ad 0c 00 24 00 00 00 08 ae 0c 00 07 00 00 00 2d ae 0c 00 07 00 00 00 35 ae 0c 00 33 00 00 00	....$...........-.......5...3...
dbc0	3d ae 0c 00 33 00 00 00 71 ae 0c 00 33 00 00 00 a5 ae 0c 00 33 00 00 00 d9 ae 0c 00 40 00 00 00	=...3...q...3.......3.......@...
dbe0	0d af 0c 00 51 00 00 00 4e af 0c 00 4f 00 00 00 a0 af 0c 00 3d 00 00 00 f0 af 0c 00 64 00 00 00	....Q...N...O.......=.......d...
dc00	2e b0 0c 00 6f 00 00 00 93 b0 0c 00 cd 00 00 00 03 b1 0c 00 82 00 00 00 d1 b1 0c 00 c3 00 00 00	....o...........................
dc20	54 b2 0c 00 19 00 00 00 18 b3 0c 00 10 00 00 00 32 b3 0c 00 0c 00 00 00 43 b3 0c 00 ac 00 00 00	T...............2.......C.......
dc40	50 b3 0c 00 e2 00 00 00 fd b3 0c 00 c3 00 00 00 e0 b4 0c 00 95 00 00 00 a4 b5 0c 00 0a 00 00 00	P...............................
dc60	3a b6 0c 00 21 01 00 00 45 b6 0c 00 d8 00 00 00 67 b7 0c 00 8c 00 00 00 40 b8 0c 00 f8 00 00 00	:...!...E.......g.......@.......
dc80	cd b8 0c 00 49 00 00 00 c6 b9 0c 00 93 00 00 00 10 ba 0c 00 80 00 00 00 a4 ba 0c 00 79 00 00 00	....I.......................y...
dca0	25 bb 0c 00 79 00 00 00 9f bb 0c 00 53 01 00 00 19 bc 0c 00 7f 00 00 00 6d bd 0c 00 a9 00 00 00	%...y.......S...........m.......
dcc0	ed bd 0c 00 b6 00 00 00 97 be 0c 00 83 00 00 00 4e bf 0c 00 86 00 00 00 d2 bf 0c 00 0e 00 00 00	................N...............
dce0	59 c0 0c 00 5d 00 00 00 68 c0 0c 00 36 00 00 00 c6 c0 0c 00 10 00 00 00 fd c0 0c 00 0d 00 00 00	Y...]...h...6...................
dd00	0e c1 0c 00 45 00 00 00 1c c1 0c 00 45 00 00 00 62 c1 0c 00 19 00 00 00 a8 c1 0c 00 1c 00 00 00	....E.......E...b...............
dd20	c2 c1 0c 00 45 00 00 00 df c1 0c 00 50 00 00 00 25 c2 0c 00 65 00 00 00 76 c2 0c 00 2f 00 00 00	....E.......P...%...e...v.../...
dd40	dc c2 0c 00 60 00 00 00 0c c3 0c 00 55 00 00 00 6d c3 0c 00 48 00 00 00 c3 c3 0c 00 75 00 00 00	....`.......U...m...H.......u...
dd60	0c c4 0c 00 77 00 00 00 82 c4 0c 00 e2 00 00 00 fa c4 0c 00 53 00 00 00 dd c5 0c 00 8b 00 00 00	....w...............S...........
dd80	31 c6 0c 00 56 00 00 00 bd c6 0c 00 d2 00 00 00 14 c7 0c 00 36 00 00 00 e7 c7 0c 00 ce 00 00 00	1...V...............6...........
dda0	1e c8 0c 00 c1 00 00 00 ed c8 0c 00 38 00 00 00 af c9 0c 00 57 00 00 00 e8 c9 0c 00 bd 00 00 00	............8.......W...........
ddc0	40 ca 0c 00 85 00 00 00 fe ca 0c 00 4f 00 00 00 84 cb 0c 00 ba 01 00 00 d4 cb 0c 00 b6 00 00 00	@...........O...................
dde0	8f cd 0c 00 63 00 00 00 46 ce 0c 00 4c 00 00 00 aa ce 0c 00 d5 00 00 00 f7 ce 0c 00 66 00 00 00	....c...F...L...............f...
de00	cd cf 0c 00 45 01 00 00 34 d0 0c 00 57 00 00 00 7a d1 0c 00 a4 00 00 00 d2 d1 0c 00 65 00 00 00	....E...4...W...z...........e...
de20	77 d2 0c 00 c0 01 00 00 dd d2 0c 00 72 00 00 00 9e d4 0c 00 52 00 00 00 11 d5 0c 00 81 00 00 00	w...........r.......R...........
de40	64 d5 0c 00 75 00 00 00 e6 d5 0c 00 30 00 00 00 5c d6 0c 00 31 00 00 00 8d d6 0c 00 50 00 00 00	d...u.......0...\...1.......P...
de60	bf d6 0c 00 36 00 00 00 10 d7 0c 00 50 01 00 00 47 d7 0c 00 69 00 00 00 98 d8 0c 00 4a 00 00 00	....6.......P...G...i.......J...
de80	02 d9 0c 00 57 00 00 00 4d d9 0c 00 6d 00 00 00 a5 d9 0c 00 64 00 00 00 13 da 0c 00 64 00 00 00	....W...M...m.......d.......d...
dea0	78 da 0c 00 99 00 00 00 dd da 0c 00 26 00 00 00 77 db 0c 00 ad 00 00 00 9e db 0c 00 81 00 00 00	x...........&...w...............
dec0	4c dc 0c 00 33 00 00 00 ce dc 0c 00 c0 00 00 00 02 dd 0c 00 90 00 00 00 c3 dd 0c 00 a2 00 00 00	L...3...........................
dee0	54 de 0c 00 83 00 00 00 f7 de 0c 00 41 00 00 00 7b df 0c 00 3a 00 00 00 bd df 0c 00 65 00 00 00	T...........A...{...:.......e...
df00	f8 df 0c 00 06 00 00 00 5e e0 0c 00 05 00 00 00 65 e0 0c 00 e3 01 00 00 6b e0 0c 00 3d 00 00 00	........^.......e.......k...=...
df20	4f e2 0c 00 a8 00 00 00 8d e2 0c 00 bf 00 00 00 36 e3 0c 00 b2 00 00 00 f6 e3 0c 00 06 00 00 00	O...............6...............
df40	a9 e4 0c 00 4b 01 00 00 b0 e4 0c 00 4c 01 00 00 fc e5 0c 00 17 00 00 00 49 e7 0c 00 0b 00 00 00	....K.......L...........I.......
df60	61 e7 0c 00 0d 00 00 00 6d e7 0c 00 55 00 00 00 7b e7 0c 00 0f 00 00 00 d1 e7 0c 00 0f 00 00 00	a.......m...U...{...............
df80	e1 e7 0c 00 5c 00 00 00 f1 e7 0c 00 ff 02 00 00 4e e8 0c 00 b1 00 00 00 4e eb 0c 00 37 00 00 00	....\...........N.......N...7...
dfa0	00 ec 0c 00 06 00 00 00 38 ec 0c 00 12 00 00 00 3f ec 0c 00 9a 00 00 00 52 ec 0c 00 08 00 00 00	........8.......?.......R.......
dfc0	ed ec 0c 00 38 00 00 00 f6 ec 0c 00 11 00 00 00 2f ed 0c 00 1c 00 00 00 41 ed 0c 00 1a 00 00 00	....8.........../.......A.......
dfe0	5e ed 0c 00 49 00 00 00 79 ed 0c 00 1e 00 00 00 c3 ed 0c 00 2f 00 00 00 e2 ed 0c 00 73 00 00 00	^...I...y.........../.......s...
e000	12 ee 0c 00 ae 00 00 00 86 ee 0c 00 af 00 00 00 35 ef 0c 00 d0 00 00 00 e5 ef 0c 00 0b 00 00 00	................5...............
e020	b6 f0 0c 00 60 00 00 00 c2 f0 0c 00 06 00 00 00 23 f1 0c 00 06 00 00 00 2a f1 0c 00 da 00 00 00	....`...........#.......*.......
e040	31 f1 0c 00 98 00 00 00 0c f2 0c 00 bc 00 00 00 a5 f2 0c 00 06 00 00 00 62 f3 0c 00 0a 00 00 00	1.......................b.......
e060	69 f3 0c 00 14 00 00 00 74 f3 0c 00 1b 00 00 00 89 f3 0c 00 0c 00 00 00 a5 f3 0c 00 2e 00 00 00	i.......t.......................
e080	b2 f3 0c 00 1d 00 00 00 e1 f3 0c 00 0e 00 00 00 ff f3 0c 00 ff 01 00 00 0e f4 0c 00 26 00 00 00	............................&...
e0a0	0e f6 0c 00 0e 00 00 00 35 f6 0c 00 21 00 00 00 44 f6 0c 00 98 00 00 00 66 f6 0c 00 07 00 00 00	........5...!...D.......f.......
e0c0	ff f6 0c 00 03 00 00 00 07 f7 0c 00 91 00 00 00 0b f7 0c 00 0b 00 00 00 9d f7 0c 00 6a 00 00 00	............................j...
e0e0	a9 f7 0c 00 0e 00 00 00 14 f8 0c 00 08 00 00 00 23 f8 0c 00 2b 00 00 00 2c f8 0c 00 29 00 00 00	................#...+...,...)...
e100	58 f8 0c 00 35 00 00 00 82 f8 0c 00 7b 00 00 00 b8 f8 0c 00 56 00 00 00 34 f9 0c 00 25 00 00 00	X...5.......{.......V...4...%...
e120	8b f9 0c 00 3a 00 00 00 b1 f9 0c 00 3a 00 00 00 ec f9 0c 00 0d 00 00 00 27 fa 0c 00 64 00 00 00	....:.......:...........'...d...
e140	35 fa 0c 00 64 00 00 00 9a fa 0c 00 67 00 00 00 ff fa 0c 00 67 00 00 00 67 fb 0c 00 0c 00 00 00	5...d.......g.......g...g.......
e160	cf fb 0c 00 16 00 00 00 dc fb 0c 00 44 01 00 00 f3 fb 0c 00 41 00 00 00 38 fd 0c 00 47 00 00 00	............D.......A...8...G...
e180	7a fd 0c 00 d3 00 00 00 c2 fd 0c 00 3a 02 00 00 96 fe 0c 00 d7 00 00 00 d1 00 0d 00 93 00 00 00	z...........:...................
e1a0	a9 01 0d 00 4e 01 00 00 3d 02 0d 00 30 00 00 00 8c 03 0d 00 c8 00 00 00 bd 03 0d 00 ab 00 00 00	....N...=...0...................
e1c0	86 04 0d 00 31 00 00 00 32 05 0d 00 68 01 00 00 64 05 0d 00 39 00 00 00 cd 06 0d 00 3b 01 00 00	....1...2...h...d...9.......;...
e1e0	07 07 0d 00 b2 00 00 00 43 08 0d 00 27 00 00 00 f6 08 0d 00 44 00 00 00 1e 09 0d 00 d2 00 00 00	........C...'.......D...........
e200	63 09 0d 00 73 00 00 00 36 0a 0d 00 d7 00 00 00 aa 0a 0d 00 9f 00 00 00 82 0b 0d 00 af 00 00 00	c...s...6.......................
e220	22 0c 0d 00 cc 00 00 00 d2 0c 0d 00 4f 00 00 00 9f 0d 0d 00 3f 01 00 00 ef 0d 0d 00 c1 00 00 00	"...........O.......?...........
e240	2f 0f 0d 00 59 00 00 00 f1 0f 0d 00 21 01 00 00 4b 10 0d 00 29 01 00 00 6d 11 0d 00 6f 00 00 00	/...Y.......!...K...)...m...o...
e260	97 12 0d 00 8f 00 00 00 07 13 0d 00 8d 00 00 00 97 13 0d 00 6c 00 00 00 25 14 0d 00 3a 00 00 00	....................l...%...:...
e280	92 14 0d 00 95 00 00 00 cd 14 0d 00 68 00 00 00 63 15 0d 00 58 00 00 00 cc 15 0d 00 15 01 00 00	............h...c...X...........
e2a0	25 16 0d 00 52 00 00 00 3b 17 0d 00 94 00 00 00 8e 17 0d 00 9e 00 00 00 23 18 0d 00 79 00 00 00	%...R...;...............#...y...
e2c0	c2 18 0d 00 50 00 00 00 3c 19 0d 00 9e 00 00 00 8d 19 0d 00 13 00 00 00 2c 1a 0d 00 98 01 00 00	....P...<...............,.......
e2e0	40 1a 0d 00 2d 00 00 00 d9 1b 0d 00 39 00 00 00 07 1c 0d 00 e0 00 00 00 41 1c 0d 00 26 00 00 00	@...-.......9...........A...&...
e300	22 1d 0d 00 b5 00 00 00 49 1d 0d 00 70 01 00 00 ff 1d 0d 00 1b 00 00 00 70 1f 0d 00 bb 00 00 00	".......I...p...........p.......
e320	8c 1f 0d 00 fd 00 00 00 48 20 0d 00 85 00 00 00 46 21 0d 00 b5 00 00 00 cc 21 0d 00 5b 00 00 00	........H.......F!.......!..[...
e340	82 22 0d 00 83 00 00 00 de 22 0d 00 4b 00 00 00 62 23 0d 00 59 01 00 00 ae 23 0d 00 27 00 00 00	."......."..K...b#..Y....#..'...
e360	08 25 0d 00 f8 00 00 00 30 25 0d 00 28 02 00 00 29 26 0d 00 ff 00 00 00 52 28 0d 00 61 00 00 00	.%......0%..(...)&......R(..a...
e380	52 29 0d 00 5a 00 00 00 b4 29 0d 00 a9 00 00 00 0f 2a 0d 00 b6 00 00 00 b9 2a 0d 00 5e 00 00 00	R)..Z....).......*.......*..^...
e3a0	70 2b 0d 00 d3 00 00 00 cf 2b 0d 00 24 00 00 00 a3 2c 0d 00 bc 00 00 00 c8 2c 0d 00 68 00 00 00	p+.......+..$....,.......,..h...
e3c0	85 2d 0d 00 24 00 00 00 ee 2d 0d 00 bd 00 00 00 13 2e 0d 00 21 00 00 00 d1 2e 0d 00 40 00 00 00	.-..$....-..........!.......@...
e3e0	f3 2e 0d 00 1a 00 00 00 34 2f 0d 00 45 00 00 00 4f 2f 0d 00 17 01 00 00 95 2f 0d 00 d2 01 00 00	........4/..E...O/......./......
e400	ad 30 0d 00 a2 00 00 00 80 32 0d 00 d1 00 00 00 23 33 0d 00 e4 00 00 00 f5 33 0d 00 bf 00 00 00	.0.......2......#3.......3......
e420	da 34 0d 00 dc 00 00 00 9a 35 0d 00 4e 01 00 00 77 36 0d 00 45 00 00 00 c6 37 0d 00 b4 00 00 00	.4.......5..N...w6..E....7......
e440	0c 38 0d 00 f9 00 00 00 c1 38 0d 00 c5 00 00 00 bb 39 0d 00 27 00 00 00 81 3a 0d 00 b7 00 00 00	.8.......8.......9..'....:......
e460	a9 3a 0d 00 ae 00 00 00 61 3b 0d 00 52 00 00 00 10 3c 0d 00 ab 00 00 00 63 3c 0d 00 c8 00 00 00	.:......a;..R....<......c<......
e480	0f 3d 0d 00 5b 00 00 00 d8 3d 0d 00 ab 00 00 00 34 3e 0d 00 30 00 00 00 e0 3e 0d 00 68 00 00 00	.=..[....=......4>..0....>..h...
e4a0	11 3f 0d 00 33 00 00 00 7a 3f 0d 00 2d 00 00 00 ae 3f 0d 00 4e 00 00 00 dc 3f 0d 00 70 00 00 00	.?..3...z?..-....?..N....?..p...
e4c0	2b 40 0d 00 6c 00 00 00 9c 40 0d 00 c5 00 00 00 09 41 0d 00 b7 00 00 00 cf 41 0d 00 38 00 00 00	+@..l....@.......A.......A..8...
e4e0	87 42 0d 00 dd 00 00 00 c0 42 0d 00 5f 01 00 00 9e 43 0d 00 dc 00 00 00 fe 44 0d 00 c8 00 00 00	.B.......B.._....C.......D......
e500	db 45 0d 00 36 00 00 00 a4 46 0d 00 6e 00 00 00 db 46 0d 00 60 00 00 00 4a 47 0d 00 b0 00 00 00	.E..6....F..n....F..`...JG......
e520	ab 47 0d 00 6e 00 00 00 5c 48 0d 00 6b 00 00 00 cb 48 0d 00 35 00 00 00 37 49 0d 00 33 00 00 00	.G..n...\H..k....H..5...7I..3...
e540	6d 49 0d 00 f1 00 00 00 a1 49 0d 00 2b 00 00 00 93 4a 0d 00 38 00 00 00 bf 4a 0d 00 3a 01 00 00	mI.......I..+....J..8....J..:...
e560	f8 4a 0d 00 4b 00 00 00 33 4c 0d 00 53 01 00 00 7f 4c 0d 00 92 01 00 00 d3 4d 0d 00 a1 00 00 00	.J..K...3L..S....L.......M......
e580	66 4f 0d 00 28 00 00 00 08 50 0d 00 35 01 00 00 31 50 0d 00 9a 00 00 00 67 51 0d 00 10 01 00 00	fO..(....P..5...1P......gQ......
e5a0	02 52 0d 00 2b 00 00 00 13 53 0d 00 a6 00 00 00 3f 53 0d 00 2e 00 00 00 e6 53 0d 00 3f 00 00 00	.R..+....S......?S.......S..?...
e5c0	15 54 0d 00 ec 00 00 00 55 54 0d 00 ee 00 00 00 42 55 0d 00 9a 01 00 00 31 56 0d 00 42 00 00 00	.T......UT......BU......1V..B...
e5e0	cc 57 0d 00 82 00 00 00 0f 58 0d 00 9b 00 00 00 92 58 0d 00 31 00 00 00 2e 59 0d 00 b4 00 00 00	.W.......X.......X..1....Y......
e600	60 59 0d 00 5e 00 00 00 15 5a 0d 00 25 01 00 00 74 5a 0d 00 42 00 00 00 9a 5b 0d 00 5c 00 00 00	`Y..^....Z..%...tZ..B....[..\...
e620	dd 5b 0d 00 56 00 00 00 3a 5c 0d 00 fe 00 00 00 91 5c 0d 00 79 00 00 00 90 5d 0d 00 55 00 00 00	.[..V...:\.......\..y....]..U...
e640	0a 5e 0d 00 cd 01 00 00 60 5e 0d 00 3d 00 00 00 2e 60 0d 00 e8 01 00 00 6c 60 0d 00 40 00 00 00	.^......`^..=....`......l`..@...
e660	55 62 0d 00 7f 00 00 00 96 62 0d 00 6c 00 00 00 16 63 0d 00 6e 00 00 00 83 63 0d 00 a5 00 00 00	Ub.......b..l....c..n....c......
e680	f2 63 0d 00 6b 00 00 00 98 64 0d 00 69 01 00 00 04 65 0d 00 34 00 00 00 6e 66 0d 00 79 00 00 00	.c..k....d..i....e..4...nf..y...
e6a0	a3 66 0d 00 3d 00 00 00 1d 67 0d 00 54 00 00 00 5b 67 0d 00 4c 00 00 00 b0 67 0d 00 bc 00 00 00	.f..=....g..T...[g..L....g......
e6c0	fd 67 0d 00 6d 00 00 00 ba 68 0d 00 e6 00 00 00 28 69 0d 00 36 00 00 00 0f 6a 0d 00 5b 00 00 00	.g..m....h......(i..6....j..[...
e6e0	46 6a 0d 00 6a 00 00 00 a2 6a 0d 00 82 00 00 00 0d 6b 0d 00 73 00 00 00 90 6b 0d 00 49 00 00 00	Fj..j....j.......k..s....k..I...
e700	04 6c 0d 00 29 00 00 00 4e 6c 0d 00 2a 01 00 00 78 6c 0d 00 47 00 00 00 a3 6d 0d 00 46 00 00 00	.l..)...Nl..*...xl..G....m..F...
e720	eb 6d 0d 00 49 00 00 00 32 6e 0d 00 49 00 00 00 7c 6e 0d 00 22 00 00 00 c6 6e 0d 00 54 00 00 00	.m..I...2n..I...|n.."....n..T...
e740	e9 6e 0d 00 65 00 00 00 3e 6f 0d 00 32 00 00 00 a4 6f 0d 00 9d 00 00 00 d7 6f 0d 00 2c 00 00 00	.n..e...>o..2....o.......o..,...
e760	75 70 0d 00 42 00 00 00 a2 70 0d 00 2b 00 00 00 e5 70 0d 00 86 01 00 00 11 71 0d 00 c4 00 00 00	up..B....p..+....p.......q......
e780	98 72 0d 00 c6 00 00 00 5d 73 0d 00 80 00 00 00 24 74 0d 00 49 01 00 00 a5 74 0d 00 90 00 00 00	.r......]s......$t..I....t......
e7a0	ef 75 0d 00 38 00 00 00 80 76 0d 00 9f 00 00 00 b9 76 0d 00 1c 01 00 00 59 77 0d 00 d5 00 00 00	.u..8....v.......v......Yw......
e7c0	76 78 0d 00 38 00 00 00 4c 79 0d 00 28 00 00 00 85 79 0d 00 5c 00 00 00 ae 79 0d 00 29 00 00 00	vx..8...Ly..(....y..\....y..)...
e7e0	0b 7a 0d 00 71 00 00 00 35 7a 0d 00 41 00 00 00 a7 7a 0d 00 0f 01 00 00 e9 7a 0d 00 fc 00 00 00	.z..q...5z..A....z.......z......
e800	f9 7b 0d 00 89 00 00 00 f6 7c 0d 00 25 00 00 00 80 7d 0d 00 5f 00 00 00 a6 7d 0d 00 ec 00 00 00	.{.......|..%....}.._....}......
e820	06 7e 0d 00 4e 00 00 00 f3 7e 0d 00 84 00 00 00 42 7f 0d 00 55 00 00 00 c7 7f 0d 00 12 01 00 00	.~..N....~......B...U...........
e840	1d 80 0d 00 75 00 00 00 30 81 0d 00 65 00 00 00 a6 81 0d 00 e2 00 00 00 0c 82 0d 00 29 00 00 00	....u...0...e...............)...
e860	ef 82 0d 00 a0 01 00 00 19 83 0d 00 ff 00 00 00 ba 84 0d 00 db 00 00 00 ba 85 0d 00 40 00 00 00	............................@...
e880	96 86 0d 00 4d 00 00 00 d7 86 0d 00 92 00 00 00 25 87 0d 00 43 00 00 00 b8 87 0d 00 af 00 00 00	....M...........%...C...........
e8a0	fc 87 0d 00 65 00 00 00 ac 88 0d 00 a8 00 00 00 12 89 0d 00 38 00 00 00 bb 89 0d 00 3e 01 00 00	....e...............8.......>...
e8c0	f4 89 0d 00 3c 00 00 00 33 8b 0d 00 90 00 00 00 70 8b 0d 00 58 00 00 00 01 8c 0d 00 95 00 00 00	....<...3.......p...X...........
e8e0	5a 8c 0d 00 50 00 00 00 f0 8c 0d 00 64 00 00 00 41 8d 0d 00 50 00 00 00 a6 8d 0d 00 6d 00 00 00	Z...P.......d...A...P.......m...
e900	f7 8d 0d 00 3a 00 00 00 65 8e 0d 00 29 00 00 00 a0 8e 0d 00 6d 00 00 00 ca 8e 0d 00 c0 00 00 00	....:...e...).......m...........
e920	38 8f 0d 00 b8 01 00 00 f9 8f 0d 00 51 00 00 00 b2 91 0d 00 21 00 00 00 04 92 0d 00 71 00 00 00	8...........Q.......!.......q...
e940	26 92 0d 00 24 00 00 00 98 92 0d 00 bc 01 00 00 bd 92 0d 00 55 00 00 00 7a 94 0d 00 a9 00 00 00	&...$...............U...z.......
e960	d0 94 0d 00 4c 00 00 00 7a 95 0d 00 43 00 00 00 c7 95 0d 00 39 00 00 00 0b 96 0d 00 a9 00 00 00	....L...z...C.......9...........
e980	45 96 0d 00 50 00 00 00 ef 96 0d 00 53 01 00 00 40 97 0d 00 46 00 00 00 94 98 0d 00 44 00 00 00	E...P.......S...@...F.......D...
e9a0	db 98 0d 00 43 00 00 00 20 99 0d 00 de 00 00 00 64 99 0d 00 83 00 00 00 43 9a 0d 00 83 00 00 00	....C...........d.......C.......
e9c0	c7 9a 0d 00 39 01 00 00 4b 9b 0d 00 a0 00 00 00 85 9c 0d 00 d1 00 00 00 26 9d 0d 00 61 00 00 00	....9...K...............&...a...
e9e0	f8 9d 0d 00 b4 00 00 00 5a 9e 0d 00 b7 00 00 00 0f 9f 0d 00 b6 00 00 00 c7 9f 0d 00 bb 00 00 00	........Z.......................
ea00	7e a0 0d 00 a1 00 00 00 3a a1 0d 00 5c 00 00 00 dc a1 0d 00 58 00 00 00 39 a2 0d 00 5c 00 00 00	~.......:...\.......X...9...\...
ea20	92 a2 0d 00 58 00 00 00 ef a2 0d 00 71 00 00 00 48 a3 0d 00 5e 00 00 00 ba a3 0d 00 21 01 00 00	....X.......q...H...^.......!...
ea40	19 a4 0d 00 13 01 00 00 3b a5 0d 00 12 01 00 00 4f a6 0d 00 09 01 00 00 62 a7 0d 00 40 00 00 00	........;.......O.......b...@...
ea60	6c a8 0d 00 a3 00 00 00 ad a8 0d 00 a3 00 00 00 51 a9 0d 00 9f 00 00 00 f5 a9 0d 00 9f 00 00 00	l...............Q...............
ea80	95 aa 0d 00 bb 00 00 00 35 ab 0d 00 b4 00 00 00 f1 ab 0d 00 54 00 00 00 a6 ac 0d 00 bc 00 00 00	........5...........T...........
eaa0	fb ac 0d 00 56 00 00 00 b8 ad 0d 00 be 00 00 00 0f ae 0d 00 4e 00 00 00 ce ae 0d 00 cf 01 00 00	....V...............N...........
eac0	1d af 0d 00 29 01 00 00 ed b0 0d 00 46 00 00 00 17 b2 0d 00 7e 00 00 00 5e b2 0d 00 3c 00 00 00	....).......F.......~...^...<...
eae0	dd b2 0d 00 db 00 00 00 1a b3 0d 00 42 00 00 00 f6 b3 0d 00 4e 00 00 00 39 b4 0d 00 4e 00 00 00	............B.......N...9...N...
eb00	88 b4 0d 00 49 00 00 00 d7 b4 0d 00 49 00 00 00 21 b5 0d 00 43 00 00 00 6b b5 0d 00 4b 00 00 00	....I.......I...!...C...k...K...
eb20	af b5 0d 00 64 00 00 00 fb b5 0d 00 46 00 00 00 60 b6 0d 00 84 00 00 00 a7 b6 0d 00 7c 00 00 00	....d.......F...`...........|...
eb40	2c b7 0d 00 86 00 00 00 a9 b7 0d 00 2f 00 00 00 30 b8 0d 00 79 00 00 00 60 b8 0d 00 76 00 00 00	,.........../...0...y...`...v...
eb60	da b8 0d 00 81 00 00 00 51 b9 0d 00 46 01 00 00 d3 b9 0d 00 71 00 00 00 1a bb 0d 00 66 00 00 00	........Q...F.......q.......f...
eb80	8c bb 0d 00 3f 00 00 00 f3 bb 0d 00 88 00 00 00 33 bc 0d 00 da 00 00 00 bc bc 0d 00 19 00 00 00	....?...........3...............
eba0	97 bd 0d 00 90 01 00 00 b1 bd 0d 00 a5 00 00 00 42 bf 0d 00 2a 00 00 00 e8 bf 0d 00 4c 00 00 00	................B...*.......L...
ebc0	13 c0 0d 00 3a 00 00 00 60 c0 0d 00 4e 00 00 00 9b c0 0d 00 b0 00 00 00 ea c0 0d 00 2a 00 00 00	....:...`...N...............*...
ebe0	9b c1 0d 00 21 00 00 00 c6 c1 0d 00 51 00 00 00 e8 c1 0d 00 45 00 00 00 3a c2 0d 00 5f 00 00 00	....!.......Q.......E...:..._...
ec00	80 c2 0d 00 37 00 00 00 e0 c2 0d 00 41 00 00 00 18 c3 0d 00 44 00 00 00 5a c3 0d 00 6a 00 00 00	....7.......A.......D...Z...j...
ec20	9f c3 0d 00 3c 00 00 00 0a c4 0d 00 56 00 00 00 47 c4 0d 00 4a 00 00 00 9e c4 0d 00 ee 00 00 00	....<.......V...G...J...........
ec40	e9 c4 0d 00 47 00 00 00 d8 c5 0d 00 7a 00 00 00 20 c6 0d 00 d2 00 00 00 9b c6 0d 00 5f 00 00 00	....G.......z..............._...
ec60	6e c7 0d 00 d5 00 00 00 ce c7 0d 00 39 00 00 00 a4 c8 0d 00 70 00 00 00 de c8 0d 00 5d 00 00 00	n...........9.......p.......]...
ec80	4f c9 0d 00 55 00 00 00 ad c9 0d 00 2b 00 00 00 03 ca 0d 00 38 00 00 00 2f ca 0d 00 46 00 00 00	O...U.......+.......8.../...F...
eca0	68 ca 0d 00 4c 00 00 00 af ca 0d 00 62 00 00 00 fc ca 0d 00 55 01 00 00 5f cb 0d 00 b6 00 00 00	h...L.......b.......U..._.......
ecc0	b5 cc 0d 00 8d 00 00 00 6c cd 0d 00 d5 00 00 00 fa cd 0d 00 7e 00 00 00 d0 ce 0d 00 a4 00 00 00	........l...........~...........
ece0	4f cf 0d 00 a6 00 00 00 f4 cf 0d 00 c7 01 00 00 9b d0 0d 00 32 01 00 00 63 d2 0d 00 a8 00 00 00	O...................2...c.......
ed00	96 d3 0d 00 79 00 00 00 3f d4 0d 00 33 00 00 00 b9 d4 0d 00 90 00 00 00 ed d4 0d 00 b0 00 00 00	....y...?...3...................
ed20	7e d5 0d 00 63 00 00 00 2f d6 0d 00 b3 00 00 00 93 d6 0d 00 d6 00 00 00 47 d7 0d 00 2c 00 00 00	~...c.../...............G...,...
ed40	1e d8 0d 00 52 00 00 00 4b d8 0d 00 4d 01 00 00 9e d8 0d 00 3b 00 00 00 ec d9 0d 00 ad 00 00 00	....R...K...M.......;...........
ed60	28 da 0d 00 7b 02 00 00 d6 da 0d 00 54 01 00 00 52 dd 0d 00 53 00 00 00 a7 de 0d 00 4b 00 00 00	(...{.......T...R...S.......K...
ed80	fb de 0d 00 04 01 00 00 47 df 0d 00 eb 00 00 00 4c e0 0d 00 c8 00 00 00 38 e1 0d 00 c8 00 00 00	........G.......L.......8.......
eda0	01 e2 0d 00 b6 00 00 00 ca e2 0d 00 bb 00 00 00 81 e3 0d 00 60 00 00 00 3d e4 0d 00 b5 00 00 00	....................`...=.......
edc0	9e e4 0d 00 b9 00 00 00 54 e5 0d 00 9b 00 00 00 0e e6 0d 00 0a 01 00 00 aa e6 0d 00 01 01 00 00	........T.......................
ede0	b5 e7 0d 00 38 00 00 00 b7 e8 0d 00 3b 00 00 00 f0 e8 0d 00 45 00 00 00 2c e9 0d 00 2c 00 00 00	....8.......;.......E...,...,...
ee00	72 e9 0d 00 70 00 00 00 9f e9 0d 00 4e 00 00 00 10 ea 0d 00 7c 01 00 00 5f ea 0d 00 71 01 00 00	r...p.......N.......|..._...q...
ee20	dc eb 0d 00 90 00 00 00 4e ed 0d 00 4b 00 00 00 df ed 0d 00 11 01 00 00 2b ee 0d 00 7b 00 00 00	........N...K...........+...{...
ee40	3d ef 0d 00 58 00 00 00 b9 ef 0d 00 a9 00 00 00 12 f0 0d 00 72 00 00 00 bc f0 0d 00 6c 00 00 00	=...X...............r.......l...
ee60	2f f1 0d 00 60 00 00 00 9c f1 0d 00 17 01 00 00 fd f1 0d 00 ff 00 00 00 15 f3 0d 00 44 00 00 00	/...`.......................D...
ee80	15 f4 0d 00 87 00 00 00 5a f4 0d 00 70 00 00 00 e2 f4 0d 00 87 00 00 00 53 f5 0d 00 65 00 00 00	........Z...p...........S...e...
eea0	db f5 0d 00 6e 00 00 00 41 f6 0d 00 64 00 00 00 b0 f6 0d 00 59 02 00 00 15 f7 0d 00 88 00 00 00	....n...A...d.......Y...........
eec0	6f f9 0d 00 25 00 00 00 f8 f9 0d 00 88 00 00 00 1e fa 0d 00 a5 00 00 00 a7 fa 0d 00 57 01 00 00	o...%.......................W...
eee0	4d fb 0d 00 32 01 00 00 a5 fc 0d 00 49 01 00 00 d8 fd 0d 00 51 01 00 00 22 ff 0d 00 fb 00 00 00	M...2.......I.......Q...".......
ef00	74 00 0e 00 28 00 00 00 70 01 0e 00 95 00 00 00 99 01 0e 00 af 00 00 00 2f 02 0e 00 af 00 00 00	t...(...p.............../.......
ef20	df 02 0e 00 76 00 00 00 8f 03 0e 00 a6 00 00 00 06 04 0e 00 84 01 00 00 ad 04 0e 00 6a 00 00 00	....v.......................j...
ef40	32 06 0e 00 b9 00 00 00 9d 06 0e 00 0f 01 00 00 57 07 0e 00 36 00 00 00 67 08 0e 00 a5 00 00 00	2...............W...6...g.......
ef60	9e 08 0e 00 a7 00 00 00 44 09 0e 00 7b 00 00 00 ec 09 0e 00 67 00 00 00 68 0a 0e 00 32 00 00 00	........D...{.......g...h...2...
ef80	d0 0a 0e 00 fe 00 00 00 03 0b 0e 00 9d 00 00 00 02 0c 0e 00 bb 00 00 00 a0 0c 0e 00 77 00 00 00	............................w...
efa0	5c 0d 0e 00 bf 00 00 00 d4 0d 0e 00 c7 00 00 00 94 0e 0e 00 cc 00 00 00 5c 0f 0e 00 d1 00 00 00	\.......................\.......
efc0	29 10 0e 00 2d 04 00 00 fb 10 0e 00 5d 00 00 00 29 15 0e 00 e3 00 00 00 87 15 0e 00 cf 00 00 00	)...-.......]...)...............
efe0	6b 16 0e 00 07 01 00 00 3b 17 0e 00 10 01 00 00 43 18 0e 00 9c 00 00 00 54 19 0e 00 8a 00 00 00	k.......;.......C.......T.......
f000	f1 19 0e 00 97 00 00 00 7c 1a 0e 00 40 00 00 00 14 1b 0e 00 f0 00 00 00 55 1b 0e 00 0b 01 00 00	........|...@...........U.......
f020	46 1c 0e 00 37 01 00 00 52 1d 0e 00 75 01 00 00 8a 1e 0e 00 97 01 00 00 00 20 0e 00 f0 00 00 00	F...7...R...u...................
f040	98 21 0e 00 01 01 00 00 89 22 0e 00 aa 00 00 00 8b 23 0e 00 69 00 00 00 36 24 0e 00 6b 00 00 00	.!.......".......#..i...6$..k...
f060	a0 24 0e 00 df 00 00 00 0c 25 0e 00 44 00 00 00 ec 25 0e 00 ec 00 00 00 31 26 0e 00 86 00 00 00	.$.......%..D....%......1&......
f080	1e 27 0e 00 d5 00 00 00 a5 27 0e 00 b9 00 00 00 7b 28 0e 00 a6 00 00 00 35 29 0e 00 c8 00 00 00	.'.......'......{(......5)......
f0a0	dc 29 0e 00 71 00 00 00 a5 2a 0e 00 2c 01 00 00 17 2b 0e 00 84 00 00 00 44 2c 0e 00 00 01 00 00	.)..q....*..,....+......D,......
f0c0	c9 2c 0e 00 e5 00 00 00 ca 2d 0e 00 2d 01 00 00 b0 2e 0e 00 12 01 00 00 de 2f 0e 00 f2 00 00 00	.,.......-..-............/......
f0e0	f1 30 0e 00 a4 00 00 00 e4 31 0e 00 90 01 00 00 89 32 0e 00 a2 00 00 00 1a 34 0e 00 b3 01 00 00	.0.......1.......2.......4......
f100	bd 34 0e 00 53 00 00 00 71 36 0e 00 5f 00 00 00 c5 36 0e 00 80 00 00 00 25 37 0e 00 81 00 00 00	.4..S...q6.._....6......%7......
f120	a6 37 0e 00 8f 00 00 00 28 38 0e 00 7b 00 00 00 b8 38 0e 00 f3 00 00 00 34 39 0e 00 f2 00 00 00	.7......(8..{....8......49......
f140	28 3a 0e 00 3a 00 00 00 1b 3b 0e 00 3a 00 00 00 56 3b 0e 00 41 00 00 00 91 3b 0e 00 42 00 00 00	(:..:....;..:...V;..A....;..B...
f160	d3 3b 0e 00 38 00 00 00 16 3c 0e 00 5c 00 00 00 4f 3c 0e 00 e1 01 00 00 ac 3c 0e 00 bb 00 00 00	.;..8....<..\...O<.......<......
f180	8e 3e 0e 00 e7 00 00 00 4a 3f 0e 00 4d 00 00 00 32 40 0e 00 96 00 00 00 80 40 0e 00 e5 00 00 00	.>......J?..M...2@.......@......
f1a0	17 41 0e 00 66 00 00 00 fd 41 0e 00 ad 00 00 00 64 42 0e 00 17 00 00 00 12 43 0e 00 16 00 00 00	.A..f....A......dB.......C......
f1c0	2a 43 0e 00 16 00 00 00 41 43 0e 00 1c 00 00 00 58 43 0e 00 1d 00 00 00 75 43 0e 00 14 00 00 00	*C......AC......XC......uC......
f1e0	93 43 0e 00 13 00 00 00 a8 43 0e 00 14 00 00 00 bc 43 0e 00 16 00 00 00 d1 43 0e 00 52 00 00 00	.C.......C.......C.......C..R...
f200	e8 43 0e 00 89 00 00 00 3b 44 0e 00 4b 00 00 00 c5 44 0e 00 0d 01 00 00 11 45 0e 00 41 00 00 00	.C......;D..K....D.......E..A...
f220	1f 46 0e 00 6d 00 00 00 61 46 0e 00 6a 00 00 00 cf 46 0e 00 8e 00 00 00 3a 47 0e 00 40 00 00 00	.F..m...aF..j....F......:G..@...
f240	c9 47 0e 00 6c 00 00 00 0a 48 0e 00 4c 00 00 00 77 48 0e 00 3f 00 00 00 c4 48 0e 00 00 01 00 00	.G..l....H..L...wH..?....H......
f260	04 49 0e 00 1c 01 00 00 05 4a 0e 00 a2 00 00 00 22 4b 0e 00 97 00 00 00 c5 4b 0e 00 59 00 00 00	.I.......J......"K.......K..Y...
f280	5d 4c 0e 00 62 00 00 00 b7 4c 0e 00 1c 00 00 00 1a 4d 0e 00 bb 00 00 00 37 4d 0e 00 32 00 00 00	]L..b....L.......M......7M..2...
f2a0	f3 4d 0e 00 73 00 00 00 26 4e 0e 00 61 00 00 00 9a 4e 0e 00 76 00 00 00 fc 4e 0e 00 47 00 00 00	.M..s...&N..a....N..v....N..G...
f2c0	73 4f 0e 00 43 01 00 00 bb 4f 0e 00 7d 00 00 00 ff 50 0e 00 e5 00 00 00 7d 51 0e 00 11 00 00 00	sO..C....O..}....P......}Q......
f2e0	63 52 0e 00 63 00 00 00 75 52 0e 00 c6 00 00 00 d9 52 0e 00 8e 00 00 00 a0 53 0e 00 2a 00 00 00	cR..c...uR.......R.......S..*...
f300	2f 54 0e 00 98 00 00 00 5a 54 0e 00 44 00 00 00 f3 54 0e 00 a0 00 00 00 38 55 0e 00 ca 00 00 00	/T......ZT..D....T......8U......
f320	d9 55 0e 00 41 00 00 00 a4 56 0e 00 76 00 00 00 e6 56 0e 00 c7 00 00 00 5d 57 0e 00 58 00 00 00	.U..A....V..v....V......]W..X...
f340	25 58 0e 00 23 00 00 00 7e 58 0e 00 76 00 00 00 a2 58 0e 00 36 00 00 00 19 59 0e 00 97 00 00 00	%X..#...~X..v....X..6....Y......
f360	50 59 0e 00 2c 00 00 00 e8 59 0e 00 2b 00 00 00 15 5a 0e 00 2e 00 00 00 41 5a 0e 00 33 00 00 00	PY..,....Y..+....Z......AZ..3...
f380	70 5a 0e 00 31 00 00 00 a4 5a 0e 00 26 00 00 00 d6 5a 0e 00 60 00 00 00 fd 5a 0e 00 89 00 00 00	pZ..1....Z..&....Z..`....Z......
f3a0	5e 5b 0e 00 be 00 00 00 e8 5b 0e 00 60 01 00 00 a7 5c 0e 00 80 00 00 00 08 5e 0e 00 78 00 00 00	^[.......[..`....\.......^..x...
f3c0	89 5e 0e 00 7b 00 00 00 02 5f 0e 00 29 00 00 00 7e 5f 0e 00 e9 00 00 00 a8 5f 0e 00 3d 00 00 00	.^..{...._..)...~_......._..=...
f3e0	92 60 0e 00 6f 00 00 00 d0 60 0e 00 3b 00 00 00 40 61 0e 00 a5 00 00 00 7c 61 0e 00 2d 01 00 00	.`..o....`..;...@a......|a..-...
f400	22 62 0e 00 dd 00 00 00 50 63 0e 00 64 00 00 00 2e 64 0e 00 40 00 00 00 93 64 0e 00 77 00 00 00	"b......Pc..d....d..@....d..w...
f420	d4 64 0e 00 76 00 00 00 4c 65 0e 00 6f 00 00 00 c3 65 0e 00 d3 00 00 00 33 66 0e 00 23 01 00 00	.d..v...Le..o....e......3f..#...
f440	07 67 0e 00 9d 01 00 00 2b 68 0e 00 48 00 00 00 c9 69 0e 00 2c 00 00 00 12 6a 0e 00 bb 00 00 00	.g......+h..H....i..,....j......
f460	3f 6a 0e 00 23 00 00 00 fb 6a 0e 00 5b 00 00 00 1f 6b 0e 00 6b 00 00 00 7b 6b 0e 00 30 00 00 00	?j..#....j..[....k..k...{k..0...
f480	e7 6b 0e 00 3d 00 00 00 18 6c 0e 00 2c 00 00 00 56 6c 0e 00 3c 00 00 00 83 6c 0e 00 44 00 00 00	.k..=....l..,...Vl..<....l..D...
f4a0	c0 6c 0e 00 34 00 00 00 05 6d 0e 00 32 01 00 00 3a 6d 0e 00 30 00 00 00 6d 6e 0e 00 dd 00 00 00	.l..4....m..2...:m..0...mn......
f4c0	9e 6e 0e 00 09 00 00 00 7c 6f 0e 00 d6 00 00 00 86 6f 0e 00 49 00 00 00 5d 70 0e 00 47 00 00 00	.n......|o.......o..I...]p..G...
f4e0	a7 70 0e 00 44 00 00 00 ef 70 0e 00 26 00 00 00 34 71 0e 00 1f 00 00 00 5b 71 0e 00 74 00 00 00	.p..D....p..&...4q......[q..t...
f500	7b 71 0e 00 30 00 00 00 f0 71 0e 00 45 00 00 00 21 72 0e 00 2e 00 00 00 67 72 0e 00 06 00 00 00	{q..0....q..E...!r......gr......
f520	96 72 0e 00 65 00 00 00 9d 72 0e 00 4e 00 00 00 03 73 0e 00 91 00 00 00 52 73 0e 00 ae 00 00 00	.r..e....r..N....s......Rs......
f540	e4 73 0e 00 22 00 00 00 93 74 0e 00 aa 00 00 00 b6 74 0e 00 5c 00 00 00 61 75 0e 00 74 00 00 00	.s.."....t.......t..\...au..t...
f560	be 75 0e 00 54 00 00 00 33 76 0e 00 4c 00 00 00 88 76 0e 00 51 00 00 00 d5 76 0e 00 d7 00 00 00	.u..T...3v..L....v..Q....v......
f580	27 77 0e 00 3c 00 00 00 ff 77 0e 00 77 00 00 00 3c 78 0e 00 40 00 00 00 b4 78 0e 00 d7 00 00 00	'w..<....w..w...<x..@....x......
f5a0	f5 78 0e 00 b3 00 00 00 cd 79 0e 00 66 00 00 00 81 7a 0e 00 37 00 00 00 e8 7a 0e 00 6a 00 00 00	.x.......y..f....z..7....z..j...
f5c0	20 7b 0e 00 42 00 00 00 8b 7b 0e 00 3d 00 00 00 ce 7b 0e 00 38 00 00 00 0c 7c 0e 00 3d 00 00 00	.{..B....{..=....{..8....|..=...
f5e0	45 7c 0e 00 40 00 00 00 83 7c 0e 00 4a 01 00 00 c4 7c 0e 00 52 00 00 00 0f 7e 0e 00 51 00 00 00	E|..@....|..J....|..R....~..Q...
f600	62 7e 0e 00 c9 00 00 00 b4 7e 0e 00 67 00 00 00 7e 7f 0e 00 8d 00 00 00 e6 7f 0e 00 a0 01 00 00	b~.......~..g...~...............
f620	74 80 0e 00 87 00 00 00 15 82 0e 00 5f 00 00 00 9d 82 0e 00 fa 00 00 00 fd 82 0e 00 54 00 00 00	t..........._...............T...
f640	f8 83 0e 00 49 00 00 00 4d 84 0e 00 92 00 00 00 97 84 0e 00 54 00 00 00 2a 85 0e 00 96 00 00 00	....I...M...........T...*.......
f660	7f 85 0e 00 2a 00 00 00 16 86 0e 00 1c 00 00 00 41 86 0e 00 1f 00 00 00 5e 86 0e 00 32 00 00 00	....*...........A.......^...2...
f680	7e 86 0e 00 12 01 00 00 b1 86 0e 00 71 00 00 00 c4 87 0e 00 5f 00 00 00 36 88 0e 00 69 00 00 00	~...........q......._...6...i...
f6a0	96 88 0e 00 a5 00 00 00 00 89 0e 00 45 00 00 00 a6 89 0e 00 09 00 00 00 ec 89 0e 00 2c 00 00 00	............E...............,...
f6c0	f6 89 0e 00 05 00 00 00 23 8a 0e 00 83 00 00 00 29 8a 0e 00 44 02 00 00 ad 8a 0e 00 8a 01 00 00	........#.......)...D...........
f6e0	f2 8c 0e 00 0f 00 00 00 7d 8e 0e 00 93 00 00 00 8d 8e 0e 00 0e 00 00 00 21 8f 0e 00 5e 00 00 00	........}...............!...^...
f700	30 8f 0e 00 9e 00 00 00 8f 8f 0e 00 97 00 00 00 2e 90 0e 00 12 00 00 00 c6 90 0e 00 60 01 00 00	0...........................`...
f720	d9 90 0e 00 11 00 00 00 3a 92 0e 00 0f 00 00 00 4c 92 0e 00 0f 00 00 00 5c 92 0e 00 06 00 00 00	........:.......L.......\.......
f740	6c 92 0e 00 0b 00 00 00 73 92 0e 00 28 00 00 00 7f 92 0e 00 60 00 00 00 a8 92 0e 00 3f 00 00 00	l.......s...(.......`.......?...
f760	09 93 0e 00 5f 00 00 00 49 93 0e 00 7c 00 00 00 a9 93 0e 00 13 00 00 00 26 94 0e 00 1f 00 00 00	...._...I...|...........&.......
f780	3a 94 0e 00 17 00 00 00 5a 94 0e 00 15 00 00 00 72 94 0e 00 12 00 00 00 88 94 0e 00 29 00 00 00	:.......Z.......r...........)...
f7a0	9b 94 0e 00 0d 00 00 00 c5 94 0e 00 38 00 00 00 d3 94 0e 00 af 00 00 00 0c 95 0e 00 0e 00 00 00	............8...................
f7c0	bc 95 0e 00 07 00 00 00 cb 95 0e 00 0c 00 00 00 d3 95 0e 00 0d 00 00 00 e0 95 0e 00 1b 00 00 00	................................
f7e0	ee 95 0e 00 05 00 00 00 0a 96 0e 00 9b 01 00 00 10 96 0e 00 06 00 00 00 ac 97 0e 00 16 00 00 00	................................
f800	b3 97 0e 00 15 00 00 00 ca 97 0e 00 9c 00 00 00 e0 97 0e 00 2e 00 00 00 7d 98 0e 00 e2 00 00 00	........................}.......
f820	ac 98 0e 00 58 00 00 00 8f 99 0e 00 14 00 00 00 e8 99 0e 00 26 00 00 00 fd 99 0e 00 20 00 00 00	....X...............&...........
f840	24 9a 0e 00 13 00 00 00 45 9a 0e 00 39 00 00 00 59 9a 0e 00 59 00 00 00 93 9a 0e 00 3e 00 00 00	$.......E...9...Y...Y.......>...
f860	ed 9a 0e 00 00 01 00 00 2c 9b 0e 00 55 00 00 00 2d 9c 0e 00 54 00 00 00 83 9c 0e 00 51 00 00 00	........,...U...-...T.......Q...
f880	d8 9c 0e 00 55 00 00 00 2a 9d 0e 00 52 00 00 00 80 9d 0e 00 44 00 00 00 d3 9d 0e 00 36 00 00 00	....U...*...R.......D.......6...
f8a0	18 9e 0e 00 46 00 00 00 4f 9e 0e 00 2c 00 00 00 96 9e 0e 00 88 00 00 00 c3 9e 0e 00 43 00 00 00	....F...O...,...............C...
f8c0	4c 9f 0e 00 18 00 00 00 90 9f 0e 00 28 00 00 00 a9 9f 0e 00 2f 00 00 00 d2 9f 0e 00 68 00 00 00	L...........(......./.......h...
f8e0	02 a0 0e 00 8c 00 00 00 6b a0 0e 00 8a 00 00 00 f8 a0 0e 00 78 00 00 00 83 a1 0e 00 59 00 00 00	........k...........x.......Y...
f900	fc a1 0e 00 19 01 00 00 56 a2 0e 00 24 01 00 00 70 a3 0e 00 22 01 00 00 95 a4 0e 00 08 01 00 00	........V...$...p..."...........
f920	b8 a5 0e 00 f8 00 00 00 c1 a6 0e 00 f7 00 00 00 ba a7 0e 00 c4 00 00 00 b2 a8 0e 00 a1 00 00 00	................................
f940	77 a9 0e 00 73 00 00 00 19 aa 0e 00 f8 00 00 00 8d aa 0e 00 4e 00 00 00 86 ab 0e 00 99 00 00 00	w...s...............N...........
f960	d5 ab 0e 00 4b 00 00 00 6f ac 0e 00 5b 00 00 00 bb ac 0e 00 4a 00 00 00 17 ad 0e 00 4a 00 00 00	....K...o...[.......J.......J...
f980	62 ad 0e 00 50 00 00 00 ad ad 0e 00 47 00 00 00 fe ad 0e 00 44 01 00 00 46 ae 0e 00 3c 01 00 00	b...P.......G.......D...F...<...
f9a0	8b af 0e 00 a0 00 00 00 c8 b0 0e 00 30 01 00 00 69 b1 0e 00 50 01 00 00 9a b2 0e 00 d1 00 00 00	............0...i...P...........
f9c0	eb b3 0e 00 23 01 00 00 bd b4 0e 00 08 01 00 00 e1 b5 0e 00 29 01 00 00 ea b6 0e 00 2f 01 00 00	....#...............)......./...
f9e0	14 b8 0e 00 da 00 00 00 44 b9 0e 00 34 01 00 00 1f ba 0e 00 89 00 00 00 54 bb 0e 00 66 00 00 00	........D...4...........T...f...
fa00	de bb 0e 00 88 00 00 00 45 bc 0e 00 a5 00 00 00 ce bc 0e 00 70 00 00 00 74 bd 0e 00 6f 00 00 00	........E...........p...t...o...
fa20	e5 bd 0e 00 8e 00 00 00 55 be 0e 00 b0 00 00 00 e4 be 0e 00 0f 01 00 00 95 bf 0e 00 c3 00 00 00	........U.......................
fa40	a5 c0 0e 00 84 00 00 00 69 c1 0e 00 be 00 00 00 ee c1 0e 00 db 00 00 00 ad c2 0e 00 85 00 00 00	........i.......................
fa60	89 c3 0e 00 7d 00 00 00 0f c4 0e 00 9a 00 00 00 8d c4 0e 00 92 00 00 00 28 c5 0e 00 91 00 00 00	....}...................(.......
fa80	bb c5 0e 00 d5 00 00 00 4d c6 0e 00 93 00 00 00 23 c7 0e 00 8e 00 00 00 b7 c7 0e 00 fa 00 00 00	........M.......#...............
faa0	46 c8 0e 00 bd 00 00 00 41 c9 0e 00 f5 00 00 00 ff c9 0e 00 a6 00 00 00 f5 ca 0e 00 a1 00 00 00	F.......A.......................
fac0	9c cb 0e 00 7b 00 00 00 3e cc 0e 00 19 01 00 00 ba cc 0e 00 9d 00 00 00 d4 cd 0e 00 be 01 00 00	....{...>.......................
fae0	72 ce 0e 00 b1 00 00 00 31 d0 0e 00 5b 00 00 00 e3 d0 0e 00 63 00 00 00 3f d1 0e 00 33 01 00 00	r.......1...[.......c...?...3...
fb00	a3 d1 0e 00 3b 00 00 00 d7 d2 0e 00 98 00 00 00 13 d3 0e 00 54 00 00 00 ac d3 0e 00 59 00 00 00	....;...............T.......Y...
fb20	01 d4 0e 00 de 00 00 00 5b d4 0e 00 9a 00 00 00 3a d5 0e 00 c0 00 00 00 d5 d5 0e 00 c5 00 00 00	........[.......:...............
fb40	96 d6 0e 00 87 00 00 00 5c d7 0e 00 74 00 00 00 e4 d7 0e 00 84 00 00 00 59 d8 0e 00 5f 00 00 00	........\...t...........Y..._...
fb60	de d8 0e 00 83 00 00 00 3e d9 0e 00 bd 00 00 00 c2 d9 0e 00 79 00 00 00 80 da 0e 00 7e 00 00 00	........>...........y.......~...
fb80	fa da 0e 00 78 00 00 00 79 db 0e 00 85 00 00 00 f2 db 0e 00 51 00 00 00 78 dc 0e 00 3e 00 00 00	....x...y...........Q...x...>...
fba0	ca dc 0e 00 3e 00 00 00 09 dd 0e 00 75 00 00 00 48 dd 0e 00 53 00 00 00 be dd 0e 00 df 00 00 00	....>.......u...H...S...........
fbc0	12 de 0e 00 a1 00 00 00 f2 de 0e 00 ac 00 00 00 94 df 0e 00 3b 00 00 00 41 e0 0e 00 47 00 00 00	....................;...A...G...
fbe0	7d e0 0e 00 67 00 00 00 c5 e0 0e 00 d8 00 00 00 2d e1 0e 00 5a 00 00 00 06 e2 0e 00 38 00 00 00	}...g...........-...Z.......8...
fc00	61 e2 0e 00 88 01 00 00 9a e2 0e 00 c5 00 00 00 23 e4 0e 00 a1 00 00 00 e9 e4 0e 00 6d 00 00 00	a...............#...........m...
fc20	8b e5 0e 00 4e 00 00 00 f9 e5 0e 00 3d 00 00 00 48 e6 0e 00 8a 00 00 00 86 e6 0e 00 6f 00 00 00	....N.......=...H...........o...
fc40	11 e7 0e 00 2e 00 00 00 81 e7 0e 00 31 00 00 00 b0 e7 0e 00 3c 00 00 00 e2 e7 0e 00 17 01 00 00	............1.......<...........
fc60	1f e8 0e 00 db 00 00 00 37 e9 0e 00 4a 00 00 00 13 ea 0e 00 0b 01 00 00 5e ea 0e 00 51 00 00 00	........7...J...........^...Q...
fc80	6a eb 0e 00 96 00 00 00 bc eb 0e 00 5d 00 00 00 53 ec 0e 00 49 00 00 00 b1 ec 0e 00 46 00 00 00	j...........]...S...I.......F...
fca0	fb ec 0e 00 37 00 00 00 42 ed 0e 00 38 01 00 00 7a ed 0e 00 31 00 00 00 b3 ee 0e 00 30 00 00 00	....7...B...8...z...1.......0...
fcc0	e5 ee 0e 00 39 00 00 00 16 ef 0e 00 33 00 00 00 50 ef 0e 00 33 00 00 00 84 ef 0e 00 49 00 00 00	....9.......3...P...3.......I...
fce0	b8 ef 0e 00 d9 00 00 00 02 f0 0e 00 78 00 00 00 dc f0 0e 00 79 00 00 00 55 f1 0e 00 8c 00 00 00	............x.......y...U.......
fd00	cf f1 0e 00 47 00 00 00 5c f2 0e 00 fb 00 00 00 a4 f2 0e 00 b7 00 00 00 a0 f3 0e 00 5b 00 00 00	....G...\...................[...
fd20	58 f4 0e 00 b7 00 00 00 b4 f4 0e 00 42 00 00 00 6c f5 0e 00 46 00 00 00 af f5 0e 00 30 00 00 00	X...........B...l...F.......0...
fd40	f6 f5 0e 00 39 00 00 00 27 f6 0e 00 25 00 00 00 61 f6 0e 00 2e 00 00 00 87 f6 0e 00 2e 00 00 00	....9...'...%...a...............
fd60	b6 f6 0e 00 39 00 00 00 e5 f6 0e 00 c1 00 00 00 1f f7 0e 00 8c 00 00 00 e1 f7 0e 00 b5 00 00 00	....9...........................
fd80	6e f8 0e 00 42 00 00 00 24 f9 0e 00 a5 00 00 00 67 f9 0e 00 b9 00 00 00 0d fa 0e 00 3e 00 00 00	n...B...$.......g...........>...
fda0	c7 fa 0e 00 74 00 00 00 06 fb 0e 00 6c 00 00 00 7b fb 0e 00 81 00 00 00 e8 fb 0e 00 19 00 00 00	....t.......l...{...............
fdc0	6a fc 0e 00 23 00 00 00 84 fc 0e 00 b7 00 00 00 a8 fc 0e 00 13 00 00 00 60 fd 0e 00 54 00 00 00	j...#...................`...T...
fde0	74 fd 0e 00 5f 01 00 00 c9 fd 0e 00 17 00 00 00 29 ff 0e 00 1a 00 00 00 41 ff 0e 00 17 00 00 00	t..._...........).......A.......
fe00	5c ff 0e 00 3b 00 00 00 74 ff 0e 00 dd 00 00 00 b0 ff 0e 00 1d 01 00 00 8e 00 0f 00 32 00 00 00	\...;...t...................2...
fe20	ac 01 0f 00 20 00 00 00 df 01 0f 00 5d 00 00 00 00 02 0f 00 54 00 00 00 5e 02 0f 00 04 00 00 00	............].......T...^.......
fe40	b3 02 0f 00 30 00 00 00 b8 02 0f 00 0c 00 00 00 e9 02 0f 00 0c 00 00 00 f6 02 0f 00 09 00 00 00	....0...........................
fe60	03 03 0f 00 33 01 00 00 0d 03 0f 00 70 00 00 00 41 04 0f 00 03 00 00 00 b2 04 0f 00 62 00 00 00	....3.......p...A...........b...
fe80	b6 04 0f 00 03 00 00 00 19 05 0f 00 11 00 00 00 1d 05 0f 00 16 00 00 00 2f 05 0f 00 19 00 00 00	......................../.......
fea0	46 05 0f 00 15 00 00 00 60 05 0f 00 11 00 00 00 76 05 0f 00 14 00 00 00 88 05 0f 00 6a 02 00 00	F.......`.......v...........j...
fec0	9d 05 0f 00 3d 01 00 00 08 08 0f 00 85 01 00 00 46 09 0f 00 95 00 00 00 cc 0a 0f 00 d5 01 00 00	....=...........F...............
fee0	62 0b 0f 00 32 00 00 00 38 0d 0f 00 1e 00 00 00 6b 0d 0f 00 05 00 00 00 8a 0d 0f 00 45 01 00 00	b...2...8.......k...........E...
ff00	90 0d 0f 00 16 00 00 00 d6 0e 0f 00 3b 00 00 00 ed 0e 0f 00 18 00 00 00 29 0f 0f 00 05 00 00 00	............;...........).......
ff20	42 0f 0f 00 8e 00 00 00 48 0f 0f 00 60 00 00 00 d7 0f 0f 00 0c 00 00 00 38 10 0f 00 07 00 00 00	B.......H...`...........8.......
ff40	45 10 0f 00 10 00 00 00 4d 10 0f 00 6c 00 00 00 5e 10 0f 00 0e 00 00 00 cb 10 0f 00 4b 00 00 00	E.......M...l...^...........K...
ff60	da 10 0f 00 47 00 00 00 26 11 0f 00 65 00 00 00 6e 11 0f 00 a1 00 00 00 d4 11 0f 00 3f 00 00 00	....G...&...e...n...........?...
ff80	76 12 0f 00 4a 01 00 00 b6 12 0f 00 44 01 00 00 01 14 0f 00 15 00 00 00 46 15 0f 00 24 00 00 00	v...J.......D...........F...$...
ffa0	5c 15 0f 00 0a 00 00 00 81 15 0f 00 24 00 00 00 8c 15 0f 00 09 00 00 00 b1 15 0f 00 1b 00 00 00	\...........$...................
ffc0	bb 15 0f 00 c9 00 00 00 d7 15 0f 00 0b 00 00 00 a1 16 0f 00 85 00 00 00 ad 16 0f 00 26 00 00 00	............................&...
ffe0	33 17 0f 00 3d 00 00 00 5a 17 0f 00 52 00 00 00 98 17 0f 00 26 00 00 00 eb 17 0f 00 b0 00 00 00	3...=...Z...R.......&...........
10000	12 18 0f 00 df 00 00 00 c3 18 0f 00 1c 00 00 00 a3 19 0f 00 8f 00 00 00 c0 19 0f 00 8c 00 00 00	................................
10020	50 1a 0f 00 90 00 00 00 dd 1a 0f 00 5d 00 00 00 6e 1b 0f 00 44 00 00 00 cc 1b 0f 00 b0 00 00 00	P...........]...n...D...........
10040	11 1c 0f 00 50 00 00 00 c2 1c 0f 00 a6 00 00 00 13 1d 0f 00 ec 00 00 00 ba 1d 0f 00 64 00 00 00	....P.......................d...
10060	a7 1e 0f 00 53 00 00 00 0c 1f 0f 00 df 00 00 00 60 1f 0f 00 86 00 00 00 40 20 0f 00 63 00 00 00	....S...........`.......@...c...
10080	c7 20 0f 00 68 00 00 00 2b 21 0f 00 d1 00 00 00 94 21 0f 00 78 00 00 00 66 22 0f 00 7a 00 00 00	....h...+!.......!..x...f"..z...
100a0	df 22 0f 00 7d 00 00 00 5a 23 0f 00 80 00 00 00 d8 23 0f 00 33 00 00 00 59 24 0f 00 71 00 00 00	."..}...Z#.......#..3...Y$..q...
100c0	8d 24 0f 00 a5 00 00 00 ff 24 0f 00 59 00 00 00 a5 25 0f 00 58 00 00 00 ff 25 0f 00 9b 00 00 00	.$.......$..Y....%..X....%......
100e0	58 26 0f 00 9c 00 00 00 f4 26 0f 00 e3 00 00 00 91 27 0f 00 9e 00 00 00 75 28 0f 00 44 00 00 00	X&.......&.......'......u(..D...
10100	14 29 0f 00 3c 00 00 00 59 29 0f 00 bd 00 00 00 96 29 0f 00 bf 00 00 00 54 2a 0f 00 88 00 00 00	.)..<...Y).......)......T*......
10120	14 2b 0f 00 85 00 00 00 9d 2b 0f 00 6f 00 00 00 23 2c 0f 00 cf 00 00 00 93 2c 0f 00 17 00 00 00	.+.......+..o...#,.......,......
10140	63 2d 0f 00 12 00 00 00 7b 2d 0f 00 18 00 00 00 8e 2d 0f 00 39 00 00 00 a7 2d 0f 00 1b 00 00 00	c-......{-.......-..9....-......
10160	e1 2d 0f 00 21 00 00 00 fd 2d 0f 00 07 00 00 00 1f 2e 0f 00 12 00 00 00 27 2e 0f 00 79 00 00 00	.-..!....-..............'...y...
10180	3a 2e 0f 00 e5 00 00 00 b4 2e 0f 00 ac 00 00 00 9a 2f 0f 00 84 00 00 00 47 30 0f 00 5a 00 00 00	:................/......G0..Z...
101a0	cc 30 0f 00 c4 00 00 00 27 31 0f 00 4b 00 00 00 ec 31 0f 00 17 00 00 00 38 32 0f 00 e8 00 00 00	.0......'1..K....1......82......
101c0	50 32 0f 00 48 00 00 00 39 33 0f 00 41 00 00 00 82 33 0f 00 2e 00 00 00 c4 33 0f 00 47 00 00 00	P2..H...93..A....3.......3..G...
101e0	f3 33 0f 00 3f 00 00 00 3b 34 0f 00 1b 01 00 00 7b 34 0f 00 22 00 00 00 97 35 0f 00 08 00 00 00	.3..?...;4......{4.."....5......
10200	ba 35 0f 00 ae 00 00 00 c3 35 0f 00 79 00 00 00 72 36 0f 00 73 00 00 00 ec 36 0f 00 bf 00 00 00	.5.......5..y...r6..s....6......
10220	60 37 0f 00 7b 01 00 00 20 38 0f 00 90 01 00 00 9c 39 0f 00 13 01 00 00 2d 3b 0f 00 36 01 00 00	`7..{....8.......9......-;..6...
10240	41 3c 0f 00 04 02 00 00 78 3d 0f 00 ad 00 00 00 7d 3f 0f 00 67 00 00 00 2b 40 0f 00 71 00 00 00	A<......x=......}?..g...+@..q...
10260	93 40 0f 00 fe 00 00 00 05 41 0f 00 7d 00 00 00 04 42 0f 00 6d 01 00 00 82 42 0f 00 7a 00 00 00	.@.......A..}....B..m....B..z...
10280	f0 43 0f 00 e2 00 00 00 6b 44 0f 00 1e 01 00 00 4e 45 0f 00 16 01 00 00 6d 46 0f 00 06 01 00 00	.C......kD......NE......mF......
102a0	84 47 0f 00 b1 00 00 00 8b 48 0f 00 58 00 00 00 3d 49 0f 00 80 00 00 00 96 49 0f 00 98 00 00 00	.G.......H..X...=I.......I......
102c0	17 4a 0f 00 b5 00 00 00 b0 4a 0f 00 a2 00 00 00 66 4b 0f 00 37 00 00 00 09 4c 0f 00 42 00 00 00	.J.......J......fK..7....L..B...
102e0	41 4c 0f 00 cf 00 00 00 84 4c 0f 00 fd 00 00 00 54 4d 0f 00 3c 01 00 00 52 4e 0f 00 fb 00 00 00	AL.......L......TM..<...RN......
10300	8f 4f 0f 00 bf 00 00 00 8b 50 0f 00 a4 00 00 00 4b 51 0f 00 fb 00 00 00 f0 51 0f 00 18 01 00 00	.O.......P......KQ.......Q......
10320	ec 52 0f 00 20 01 00 00 05 54 0f 00 5d 00 00 00 26 55 0f 00 97 00 00 00 84 55 0f 00 57 00 00 00	.R.......T..]...&U.......U..W...
10340	1c 56 0f 00 b0 00 00 00 74 56 0f 00 f1 00 00 00 25 57 0f 00 5d 00 00 00 17 58 0f 00 4a 00 00 00	.V......tV......%W..]....X..J...
10360	75 58 0f 00 34 00 00 00 c0 58 0f 00 2c 00 00 00 f5 58 0f 00 24 00 00 00 22 59 0f 00 41 00 00 00	uX..4....X..,....X..$..."Y..A...
10380	47 59 0f 00 d6 00 00 00 89 59 0f 00 ae 00 00 00 60 5a 0f 00 cf 00 00 00 0f 5b 0f 00 59 00 00 00	GY.......Y......`Z.......[..Y...
103a0	df 5b 0f 00 c3 00 00 00 39 5c 0f 00 48 00 00 00 fd 5c 0f 00 62 00 00 00 46 5d 0f 00 86 00 00 00	.[......9\..H....\..b...F]......
103c0	a9 5d 0f 00 09 00 00 00 30 5e 0f 00 18 00 00 00 3a 5e 0f 00 33 00 00 00 53 5e 0f 00 99 00 00 00	.]......0^......:^..3...S^......
103e0	87 5e 0f 00 9a 00 00 00 21 5f 0f 00 16 00 00 00 bc 5f 0f 00 27 00 00 00 d3 5f 0f 00 30 00 00 00	.^......!_......._..'...._..0...
10400	fb 5f 0f 00 10 00 00 00 2c 60 0f 00 21 00 00 00 3d 60 0f 00 1c 00 00 00 5f 60 0f 00 82 00 00 00	._......,`..!...=`......_`......
10420	7c 60 0f 00 ac 00 00 00 ff 60 0f 00 fe 00 00 00 ac 61 0f 00 60 00 00 00 ab 62 0f 00 01 00 00 00	|`.......`.......a..`....b......
10440	0c 63 0f 00 76 00 00 00 0e 63 0f 00 6b 00 00 00 85 63 0f 00 60 00 00 00 f1 63 0f 00 a9 00 00 00	.c..v....c..k....c..`....c......
10460	52 64 0f 00 c9 00 00 00 fc 64 0f 00 9b 00 00 00 c6 65 0f 00 3c 00 00 00 62 66 0f 00 38 00 00 00	Rd.......d.......e..<...bf..8...
10480	9f 66 0f 00 95 00 00 00 d8 66 0f 00 2e 00 00 00 6e 67 0f 00 57 00 00 00 9d 67 0f 00 61 00 00 00	.f.......f......ng..W....g..a...
104a0	f5 67 0f 00 69 00 00 00 57 68 0f 00 4b 00 00 00 c1 68 0f 00 a4 00 00 00 0d 69 0f 00 52 00 00 00	.g..i...Wh..K....h.......i..R...
104c0	b2 69 0f 00 53 00 00 00 05 6a 0f 00 65 00 00 00 59 6a 0f 00 35 00 00 00 bf 6a 0f 00 51 00 00 00	.i..S....j..e...Yj..5....j..Q...
104e0	f5 6a 0f 00 a7 00 00 00 47 6b 0f 00 8a 00 00 00 ef 6b 0f 00 96 00 00 00 7a 6c 0f 00 81 00 00 00	.j......Gk.......k......zl......
10500	11 6d 0f 00 7f 00 00 00 93 6d 0f 00 88 00 00 00 13 6e 0f 00 e3 00 00 00 9c 6e 0f 00 c3 00 00 00	.m.......m.......n.......n......
10520	80 6f 0f 00 3a 00 00 00 44 70 0f 00 5a 00 00 00 7f 70 0f 00 65 00 00 00 da 70 0f 00 c3 00 00 00	.o..:...Dp..Z....p..e....p......
10540	40 71 0f 00 50 00 00 00 04 72 0f 00 1d 01 00 00 55 72 0f 00 f2 00 00 00 73 73 0f 00 48 00 00 00	@q..P....r......Ur......ss..H...
10560	66 74 0f 00 b0 00 00 00 af 74 0f 00 9f 00 00 00 60 75 0f 00 1f 00 00 00 00 76 0f 00 71 00 00 00	ft.......t......`u.......v..q...
10580	20 76 0f 00 75 00 00 00 92 76 0f 00 dc 00 00 00 08 77 0f 00 3f 00 00 00 e5 77 0f 00 da 00 00 00	.v..u....v.......w..?....w......
105a0	25 78 0f 00 1c 00 00 00 00 79 0f 00 13 00 00 00 1d 79 0f 00 14 00 00 00 31 79 0f 00 03 01 00 00	%x.......y.......y......1y......
105c0	46 79 0f 00 1d 00 00 00 4a 7a 0f 00 1d 00 00 00 68 7a 0f 00 23 00 00 00 86 7a 0f 00 1d 00 00 00	Fy......Jz......hz..#....z......
105e0	aa 7a 0f 00 29 00 00 00 c8 7a 0f 00 31 00 00 00 f2 7a 0f 00 31 00 00 00 24 7b 0f 00 33 00 00 00	.z..)....z..1....z..1...${..3...
10600	56 7b 0f 00 33 00 00 00 8a 7b 0f 00 10 00 00 00 be 7b 0f 00 0c 00 00 00 cf 7b 0f 00 2d 00 00 00	V{..3....{.......{.......{..-...
10620	dc 7b 0f 00 2c 00 00 00 0a 7c 0f 00 12 00 00 00 37 7c 0f 00 2c 00 00 00 4a 7c 0f 00 25 00 00 00	.{..,....|......7|..,...J|..%...
10640	77 7c 0f 00 3c 00 00 00 9d 7c 0f 00 12 00 00 00 da 7c 0f 00 35 00 00 00 ed 7c 0f 00 13 00 00 00	w|..<....|.......|..5....|......
10660	23 7d 0f 00 34 00 00 00 37 7d 0f 00 16 00 00 00 6c 7d 0f 00 1c 00 00 00 83 7d 0f 00 12 00 00 00	#}..4...7}......l}.......}......
10680	a0 7d 0f 00 34 00 00 00 b3 7d 0f 00 13 00 00 00 e8 7d 0f 00 1d 00 00 00 fc 7d 0f 00 30 00 00 00	.}..4....}.......}.......}..0...
106a0	1a 7e 0f 00 1f 00 00 00 4b 7e 0f 00 13 00 00 00 6b 7e 0f 00 16 00 00 00 7f 7e 0f 00 d3 00 00 00	.~......K~......k~.......~......
106c0	96 7e 0f 00 13 00 00 00 6a 7f 0f 00 38 00 00 00 7e 7f 0f 00 16 00 00 00 b7 7f 0f 00 41 00 00 00	.~......j...8...~...........A...
106e0	ce 7f 0f 00 38 00 00 00 10 80 0f 00 1e 00 00 00 49 80 0f 00 22 00 00 00 68 80 0f 00 5d 00 00 00	....8...........I..."...h...]...
10700	8b 80 0f 00 55 00 00 00 e9 80 0f 00 1e 00 00 00 3f 81 0f 00 44 00 00 00 5e 81 0f 00 25 00 00 00	....U...........?...D...^...%...
10720	a3 81 0f 00 08 01 00 00 c9 81 0f 00 fd 01 00 00 d2 82 0f 00 87 00 00 00 d0 84 0f 00 54 00 00 00	............................T...
10740	58 85 0f 00 5b 00 00 00 ad 85 0f 00 87 02 00 00 09 86 0f 00 59 00 00 00 91 88 0f 00 1e 00 00 00	X...[...............Y...........
10760	eb 88 0f 00 2a 00 00 00 0a 89 0f 00 2f 00 00 00 35 89 0f 00 27 00 00 00 65 89 0f 00 37 00 00 00	....*......./...5...'...e...7...
10780	8d 89 0f 00 54 00 00 00 c5 89 0f 00 4f 00 00 00 1a 8a 0f 00 59 00 00 00 6a 8a 0f 00 4d 00 00 00	....T.......O.......Y...j...M...
107a0	c4 8a 0f 00 33 00 00 00 12 8b 0f 00 64 00 00 00 46 8b 0f 00 1e 00 00 00 ab 8b 0f 00 f3 00 00 00	....3.......d...F...............
107c0	ca 8b 0f 00 5e 00 00 00 be 8c 0f 00 79 00 00 00 1d 8d 0f 00 54 00 00 00 97 8d 0f 00 43 00 00 00	....^.......y.......T.......C...
107e0	ec 8d 0f 00 4f 00 00 00 30 8e 0f 00 82 00 00 00 80 8e 0f 00 22 00 00 00 03 8f 0f 00 47 02 00 00	....O...0...........".......G...
10800	26 8f 0f 00 fc 00 00 00 6e 91 0f 00 9c 00 00 00 6b 92 0f 00 2c 00 00 00 08 93 0f 00 16 00 00 00	&.......n.......k...,...........
10820	35 93 0f 00 53 00 00 00 4c 93 0f 00 7d 00 00 00 a0 93 0f 00 66 00 00 00 1e 94 0f 00 b4 00 00 00	5...S...L...}.......f...........
10840	85 94 0f 00 55 00 00 00 3a 95 0f 00 22 00 00 00 90 95 0f 00 18 00 00 00 b3 95 0f 00 31 00 00 00	....U...:..."...............1...
10860	cc 95 0f 00 1b 00 00 00 fe 95 0f 00 1a 00 00 00 1a 96 0f 00 17 00 00 00 35 96 0f 00 17 00 00 00	........................5.......
10880	4d 96 0f 00 17 00 00 00 65 96 0f 00 35 00 00 00 7d 96 0f 00 41 00 00 00 b3 96 0f 00 25 00 00 00	M.......e...5...}...A.......%...
108a0	f5 96 0f 00 2d 00 00 00 1b 97 0f 00 3e 00 00 00 49 97 0f 00 24 00 00 00 88 97 0f 00 28 00 00 00	....-.......>...I...$.......(...
108c0	ad 97 0f 00 4d 00 00 00 d6 97 0f 00 50 00 00 00 24 98 0f 00 33 00 00 00 75 98 0f 00 35 00 00 00	....M.......P...$...3...u...5...
108e0	a9 98 0f 00 20 00 00 00 df 98 0f 00 73 02 00 00 00 99 0f 00 c9 00 00 00 74 9b 0f 00 28 00 00 00	............s...........t...(...
10900	3e 9c 0f 00 5c 00 00 00 67 9c 0f 00 23 00 00 00 c4 9c 0f 00 27 00 00 00 e8 9c 0f 00 18 00 00 00	>...\...g...#.......'...........
10920	10 9d 0f 00 25 00 00 00 29 9d 0f 00 1c 00 00 00 4f 9d 0f 00 53 00 00 00 6c 9d 0f 00 53 00 00 00	....%...).......O...S...l...S...
10940	c0 9d 0f 00 16 00 00 00 14 9e 0f 00 7e 00 00 00 2b 9e 0f 00 33 00 00 00 aa 9e 0f 00 25 00 00 00	............~...+...3.......%...
10960	de 9e 0f 00 af 00 00 00 04 9f 0f 00 d0 00 00 00 b4 9f 0f 00 7e 00 00 00 85 a0 0f 00 25 00 00 00	....................~.......%...
10980	04 a1 0f 00 3d 00 00 00 2a a1 0f 00 04 01 00 00 68 a1 0f 00 bd 00 00 00 6d a2 0f 00 78 00 00 00	....=...*.......h.......m...x...
109a0	2b a3 0f 00 41 00 00 00 a4 a3 0f 00 43 00 00 00 e6 a3 0f 00 3d 00 00 00 2a a4 0f 00 27 00 00 00	+...A.......C.......=...*...'...
109c0	68 a4 0f 00 1a 00 00 00 90 a4 0f 00 d2 00 00 00 ab a4 0f 00 5b 00 00 00 7e a5 0f 00 ab 00 00 00	h...................[...~.......
109e0	da a5 0f 00 5a 00 00 00 86 a6 0f 00 77 00 00 00 e1 a6 0f 00 7d 00 00 00 59 a7 0f 00 dd 00 00 00	....Z.......w.......}...Y.......
10a00	d7 a7 0f 00 3f 00 00 00 b5 a8 0f 00 40 00 00 00 f5 a8 0f 00 55 00 00 00 36 a9 0f 00 af 00 00 00	....?.......@.......U...6.......
10a20	8c a9 0f 00 5e 00 00 00 3c aa 0f 00 72 00 00 00 9b aa 0f 00 65 00 00 00 0e ab 0f 00 37 00 00 00	....^...<...r.......e.......7...
10a40	74 ab 0f 00 25 00 00 00 ac ab 0f 00 51 00 00 00 d2 ab 0f 00 55 00 00 00 24 ac 0f 00 38 00 00 00	t...%.......Q.......U...$...8...
10a60	7a ac 0f 00 45 00 00 00 b3 ac 0f 00 40 00 00 00 f9 ac 0f 00 26 00 00 00 3a ad 0f 00 24 00 00 00	z...E.......@.......&...:...$...
10a80	61 ad 0f 00 44 00 00 00 86 ad 0f 00 4b 00 00 00 cb ad 0f 00 4b 00 00 00 17 ae 0f 00 1f 00 00 00	a...D.......K.......K...........
10aa0	63 ae 0f 00 96 00 00 00 83 ae 0f 00 26 00 00 00 1a af 0f 00 29 00 00 00 41 af 0f 00 22 00 00 00	c...........&.......)...A..."...
10ac0	6b af 0f 00 1f 00 00 00 8e af 0f 00 24 00 00 00 ae af 0f 00 28 00 00 00 d3 af 0f 00 18 00 00 00	k...........$.......(...........
10ae0	fc af 0f 00 1b 00 00 00 15 b0 0f 00 26 00 00 00 31 b0 0f 00 29 00 00 00 58 b0 0f 00 57 00 00 00	............&...1...)...X...W...
10b00	82 b0 0f 00 54 00 00 00 da b0 0f 00 52 00 00 00 2f b1 0f 00 51 00 00 00 82 b1 0f 00 40 00 00 00	....T.......R.../...Q.......@...
10b20	d4 b1 0f 00 28 00 00 00 15 b2 0f 00 70 00 00 00 3e b2 0f 00 26 00 00 00 af b2 0f 00 79 00 00 00	....(.......p...>...&.......y...
10b40	d6 b2 0f 00 56 00 00 00 50 b3 0f 00 0b 00 00 00 a7 b3 0f 00 2c 00 00 00 b3 b3 0f 00 35 00 00 00	....V...P...........,.......5...
10b60	e0 b3 0f 00 3f 00 00 00 16 b4 0f 00 31 00 00 00 56 b4 0f 00 69 00 00 00 88 b4 0f 00 9c 00 00 00	....?.......1...V...i...........
10b80	f2 b4 0f 00 89 00 00 00 8f b5 0f 00 56 00 00 00 19 b6 0f 00 4c 00 00 00 70 b6 0f 00 3c 00 00 00	............V.......L...p...<...
10ba0	bd b6 0f 00 9e 00 00 00 fa b6 0f 00 26 00 00 00 99 b7 0f 00 27 00 00 00 c0 b7 0f 00 1f 00 00 00	............&.......'...........
10bc0	e8 b7 0f 00 36 00 00 00 08 b8 0f 00 38 00 00 00 3f b8 0f 00 66 00 00 00 78 b8 0f 00 24 00 00 00	....6.......8...?...f...x...$...
10be0	df b8 0f 00 27 00 00 00 04 b9 0f 00 27 00 00 00 2c b9 0f 00 1e 00 00 00 54 b9 0f 00 24 01 00 00	....'.......'...,.......T...$...
10c00	73 b9 0f 00 a1 00 00 00 98 ba 0f 00 6e 00 00 00 3a bb 0f 00 3e 00 00 00 a9 bb 0f 00 55 00 00 00	s...........n...:...>.......U...
10c20	e8 bb 0f 00 27 01 00 00 3e bc 0f 00 22 00 00 00 66 bd 0f 00 5a 00 00 00 89 bd 0f 00 2c 00 00 00	....'...>..."...f...Z.......,...
10c40	e4 bd 0f 00 47 00 00 00 11 be 0f 00 7b 00 00 00 59 be 0f 00 77 00 00 00 d5 be 0f 00 65 00 00 00	....G.......{...Y...w.......e...
10c60	4d bf 0f 00 65 00 00 00 b3 bf 0f 00 5a 00 00 00 19 c0 0f 00 5a 00 00 00 74 c0 0f 00 72 00 00 00	M...e.......Z.......Z...t...r...
10c80	cf c0 0f 00 61 00 00 00 42 c1 0f 00 55 00 00 00 a4 c1 0f 00 4c 00 00 00 fa c1 0f 00 4c 00 00 00	....a...B...U.......L.......L...
10ca0	47 c2 0f 00 38 00 00 00 94 c2 0f 00 54 00 00 00 cd c2 0f 00 0b 00 00 00 22 c3 0f 00 0f 00 00 00	G...8.......T...........".......
10cc0	2e c3 0f 00 49 00 00 00 3e c3 0f 00 0b 00 00 00 88 c3 0f 00 43 00 00 00 94 c3 0f 00 43 00 00 00	....I...>...........C.......C...
10ce0	d8 c3 0f 00 29 00 00 00 1c c4 0f 00 2e 00 00 00 46 c4 0f 00 77 00 00 00 75 c4 0f 00 28 00 00 00	....)...........F...w...u...(...
10d00	ed c4 0f 00 3e 00 00 00 16 c5 0f 00 28 00 00 00 55 c5 0f 00 3e 00 00 00 7e c5 0f 00 29 00 00 00	....>.......(...U...>...~...)...
10d20	bd c5 0f 00 5d 00 00 00 e7 c5 0f 00 c9 00 00 00 45 c6 0f 00 3f 00 00 00 0f c7 0f 00 dd 00 00 00	....]...........E...?...........
10d40	4f c7 0f 00 4c 00 00 00 2d c8 0f 00 7f 00 00 00 7a c8 0f 00 1d 00 00 00 fa c8 0f 00 d7 00 00 00	O...L...-.......z...............
10d60	18 c9 0f 00 1e 00 00 00 f0 c9 0f 00 24 00 00 00 0f ca 0f 00 5c 00 00 00 34 ca 0f 00 21 00 00 00	............$.......\...4...!...
10d80	91 ca 0f 00 52 00 00 00 b3 ca 0f 00 5c 00 00 00 06 cb 0f 00 44 01 00 00 63 cb 0f 00 27 00 00 00	....R.......\.......D...c...'...
10da0	a8 cc 0f 00 88 01 00 00 d0 cc 0f 00 30 00 00 00 59 ce 0f 00 3e 00 00 00 8a ce 0f 00 33 01 00 00	............0...Y...>.......3...
10dc0	c9 ce 0f 00 41 00 00 00 fd cf 0f 00 49 00 00 00 3f d0 0f 00 1f 00 00 00 89 d0 0f 00 30 00 00 00	....A.......I...?...........0...
10de0	a9 d0 0f 00 33 00 00 00 da d0 0f 00 11 00 00 00 0e d1 0f 00 05 00 00 00 20 d1 0f 00 03 00 00 00	....3...........................
10e00	26 d1 0f 00 0e 00 00 00 2a d1 0f 00 1b 00 00 00 39 d1 0f 00 1d 00 00 00 55 d1 0f 00 1f 00 00 00	&.......*.......9.......U.......
10e20	73 d1 0f 00 04 00 00 00 93 d1 0f 00 0d 00 00 00 98 d1 0f 00 32 00 00 00 a6 d1 0f 00 29 00 00 00	s...................2.......)...
10e40	d9 d1 0f 00 07 00 00 00 03 d2 0f 00 09 00 00 00 0b d2 0f 00 0d 00 00 00 15 d2 0f 00 17 00 00 00	................................
10e60	23 d2 0f 00 0f 00 00 00 3b d2 0f 00 0d 00 00 00 4b d2 0f 00 06 00 00 00 59 d2 0f 00 19 00 00 00	#.......;.......K.......Y.......
10e80	60 d2 0f 00 14 00 00 00 7a d2 0f 00 05 00 00 00 8f d2 0f 00 15 00 00 00 95 d2 0f 00 04 00 00 00	`.......z.......................
10ea0	ab d2 0f 00 04 00 00 00 b0 d2 0f 00 06 00 00 00 b5 d2 0f 00 51 00 00 00 bc d2 0f 00 4a 01 00 00	....................Q.......J...
10ec0	0e d3 0f 00 4d 00 00 00 59 d4 0f 00 05 00 00 00 a7 d4 0f 00 12 00 00 00 ad d4 0f 00 15 00 00 00	....M...Y.......................
10ee0	c0 d4 0f 00 22 00 00 00 d6 d4 0f 00 10 00 00 00 f9 d4 0f 00 12 00 00 00 0a d5 0f 00 0e 00 00 00	...."...........................
10f00	1d d5 0f 00 10 00 00 00 2c d5 0f 00 13 00 00 00 3d d5 0f 00 16 00 00 00 51 d5 0f 00 06 00 00 00	........,.......=.......Q.......
10f20	68 d5 0f 00 09 00 00 00 6f d5 0f 00 1d 00 00 00 79 d5 0f 00 05 00 00 00 97 d5 0f 00 0b 00 00 00	h.......o.......y...............
10f40	9d d5 0f 00 13 00 00 00 a9 d5 0f 00 0d 00 00 00 bd d5 0f 00 05 00 00 00 cb d5 0f 00 68 00 00 00	............................h...
10f60	d1 d5 0f 00 67 00 00 00 3a d6 0f 00 79 00 00 00 a2 d6 0f 00 66 00 00 00 1c d7 0f 00 03 00 00 00	....g...:...y.......f...........
10f80	83 d7 0f 00 08 00 00 00 87 d7 0f 00 31 00 00 00 90 d7 0f 00 07 00 00 00 c2 d7 0f 00 08 00 00 00	............1...................
10fa0	ca d7 0f 00 38 00 00 00 d3 d7 0f 00 10 00 00 00 0c d8 0f 00 0b 00 00 00 1d d8 0f 00 03 00 00 00	....8...........................
10fc0	29 d8 0f 00 1d 00 00 00 2d d8 0f 00 1d 00 00 00 4b d8 0f 00 09 00 00 00 69 d8 0f 00 26 00 00 00	).......-.......K.......i...&...
10fe0	73 d8 0f 00 6d 00 00 00 9a d8 0f 00 46 00 00 00 08 d9 0f 00 32 00 00 00 4f d9 0f 00 46 00 00 00	s...m.......F.......2...O...F...
11000	82 d9 0f 00 04 00 00 00 c9 d9 0f 00 08 00 00 00 ce d9 0f 00 07 00 00 00 d7 d9 0f 00 46 00 00 00	............................F...
11020	df d9 0f 00 0d 00 00 00 26 da 0f 00 1c 00 00 00 34 da 0f 00 73 00 00 00 51 da 0f 00 04 00 00 00	........&.......4...s...Q.......
11040	c5 da 0f 00 06 00 00 00 ca da 0f 00 05 00 00 00 d1 da 0f 00 10 00 00 00 d7 da 0f 00 3c 00 00 00	............................<...
11060	e8 da 0f 00 32 00 00 00 25 db 0f 00 1c 00 00 00 58 db 0f 00 6d 00 00 00 75 db 0f 00 08 00 00 00	....2...%.......X...m...u.......
11080	e3 db 0f 00 14 00 00 00 ec db 0f 00 14 00 00 00 01 dc 0f 00 14 00 00 00 16 dc 0f 00 14 00 00 00	................................
110a0	2b dc 0f 00 14 00 00 00 40 dc 0f 00 14 00 00 00 55 dc 0f 00 14 00 00 00 6a dc 0f 00 06 00 00 00	+.......@.......U.......j.......
110c0	7f dc 0f 00 06 00 00 00 86 dc 0f 00 06 00 00 00 8d dc 0f 00 06 00 00 00 94 dc 0f 00 06 00 00 00	................................
110e0	9b dc 0f 00 06 00 00 00 a2 dc 0f 00 06 00 00 00 a9 dc 0f 00 06 00 00 00 b0 dc 0f 00 1f 00 00 00	................................
11100	b7 dc 0f 00 08 00 00 00 d7 dc 0f 00 08 00 00 00 e0 dc 0f 00 a4 00 00 00 e9 dc 0f 00 03 00 00 00	................................
11120	8e dd 0f 00 0d 00 00 00 92 dd 0f 00 4c 00 00 00 a0 dd 0f 00 04 00 00 00 ed dd 0f 00 0c 00 00 00	............L...................
11140	f2 dd 0f 00 3f 00 00 00 ff dd 0f 00 29 00 00 00 3f de 0f 00 37 00 00 00 69 de 0f 00 2c 00 00 00	....?.......)...?...7...i...,...
11160	a1 de 0f 00 0e 00 00 00 ce de 0f 00 33 00 00 00 dd de 0f 00 33 00 00 00 11 df 0f 00 0b 00 00 00	............3.......3...........
11180	45 df 0f 00 14 00 00 00 51 df 0f 00 71 00 00 00 66 df 0f 00 46 00 00 00 d8 df 0f 00 04 00 00 00	E.......Q...q...f...F...........
111a0	1f e0 0f 00 0b 00 00 00 24 e0 0f 00 12 00 00 00 30 e0 0f 00 0f 00 00 00 43 e0 0f 00 08 00 00 00	........$.......0.......C.......
111c0	53 e0 0f 00 06 00 00 00 5c e0 0f 00 03 00 00 00 63 e0 0f 00 0a 00 00 00 67 e0 0f 00 0b 00 00 00	S.......\.......c.......g.......
111e0	72 e0 0f 00 40 00 00 00 7e e0 0f 00 07 00 00 00 bf e0 0f 00 9b 00 00 00 c7 e0 0f 00 11 00 00 00	r...@...~.......................
11200	63 e1 0f 00 0d 00 00 00 75 e1 0f 00 13 00 00 00 83 e1 0f 00 15 00 00 00 97 e1 0f 00 18 00 00 00	c.......u.......................
11220	ad e1 0f 00 1b 00 00 00 c6 e1 0f 00 0a 00 00 00 e2 e1 0f 00 12 00 00 00 ed e1 0f 00 1c 00 00 00	................................
11240	00 e2 0f 00 0f 00 00 00 1d e2 0f 00 05 00 00 00 2d e2 0f 00 0e 00 00 00 33 e2 0f 00 0e 00 00 00	................-.......3.......
11260	42 e2 0f 00 0d 00 00 00 51 e2 0f 00 2a 00 00 00 5f e2 0f 00 15 00 00 00 8a e2 0f 00 31 00 00 00	B.......Q...*..._...........1...
11280	a0 e2 0f 00 39 00 00 00 d2 e2 0f 00 34 00 00 00 0c e3 0f 00 0b 00 00 00 41 e3 0f 00 09 00 00 00	....9.......4...........A.......
112a0	4d e3 0f 00 07 00 00 00 57 e3 0f 00 05 00 00 00 5f e3 0f 00 72 00 00 00 65 e3 0f 00 08 00 00 00	M.......W......._...r...e.......
112c0	d8 e3 0f 00 0e 00 00 00 e1 e3 0f 00 11 00 00 00 f0 e3 0f 00 38 00 00 00 02 e4 0f 00 0d 00 00 00	....................8...........
112e0	3b e4 0f 00 0d 00 00 00 49 e4 0f 00 06 00 00 00 57 e4 0f 00 3a 00 00 00 5e e4 0f 00 0b 00 00 00	;.......I.......W...:...^.......
11300	99 e4 0f 00 40 00 00 00 a5 e4 0f 00 0e 00 00 00 e6 e4 0f 00 0f 00 00 00 f5 e4 0f 00 07 00 00 00	....@...........................
11320	05 e5 0f 00 0e 00 00 00 0d e5 0f 00 0c 00 00 00 1c e5 0f 00 ad 00 00 00 29 e5 0f 00 0b 00 00 00	........................).......
11340	d7 e5 0f 00 06 00 00 00 e3 e5 0f 00 04 00 00 00 ea e5 0f 00 d7 00 00 00 ef e5 0f 00 10 00 00 00	................................
11360	c7 e6 0f 00 ed 01 00 00 d8 e6 0f 00 0b 00 00 00 c6 e8 0f 00 0b 00 00 00 d2 e8 0f 00 0c 00 00 00	................................
11380	de e8 0f 00 06 00 00 00 eb e8 0f 00 0e 00 00 00 f2 e8 0f 00 58 00 00 00 01 e9 0f 00 04 00 00 00	....................X...........
113a0	5a e9 0f 00 04 00 00 00 5f e9 0f 00 05 00 00 00 64 e9 0f 00 0e 00 00 00 6a e9 0f 00 47 00 00 00	Z......._.......d.......j...G...
113c0	79 e9 0f 00 05 00 00 00 c1 e9 0f 00 07 00 00 00 c7 e9 0f 00 68 00 00 00 cf e9 0f 00 19 00 00 00	y...................h...........
113e0	38 ea 0f 00 14 00 00 00 52 ea 0f 00 2c 00 00 00 67 ea 0f 00 0b 00 00 00 94 ea 0f 00 09 00 00 00	8.......R...,...g...............
11400	a0 ea 0f 00 08 00 00 00 aa ea 0f 00 53 00 00 00 b3 ea 0f 00 08 00 00 00 07 eb 0f 00 22 00 00 00	............S..............."...
11420	10 eb 0f 00 04 00 00 00 33 eb 0f 00 01 00 00 00 c9 05 00 00 20 10 00 00 a7 06 00 00 00 00 00 00	........3.......................
11440	be 05 00 00 61 0b 00 00 00 00 00 00 4f 07 00 00 00 06 00 00 07 11 00 00 dd 03 00 00 ad 0e 00 00	....a.......O...................
11460	71 07 00 00 d1 04 00 00 d8 05 00 00 85 0c 00 00 9e 0b 00 00 0f 0b 00 00 4c 0b 00 00 1e 0c 00 00	q.......................L.......
11480	2a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e6 01 00 00 8b 07 00 00 fe 05 00 00	*...............................
114a0	27 01 00 00 00 00 00 00 ba 0c 00 00 03 0e 00 00 fb 05 00 00 6c 07 00 00 73 0c 00 00 cc 02 00 00	'...................l...s.......
114c0	5b 0a 00 00 00 00 00 00 f1 0a 00 00 0c 10 00 00 4f 08 00 00 00 00 00 00 00 00 00 00 7f 00 00 00	[...............O...............
114e0	ed 06 00 00 62 0e 00 00 71 02 00 00 a2 00 00 00 b0 00 00 00 cd 00 00 00 da 00 00 00 e0 00 00 00	....b...q.......................
11500	e7 00 00 00 ec 00 00 00 f3 00 00 00 f5 00 00 00 f7 00 00 00 00 00 00 00 81 06 00 00 00 00 00 00	................................
11520	00 00 00 00 00 00 00 00 00 00 00 00 61 09 00 00 d3 10 00 00 a4 00 00 00 77 00 00 00 00 00 00 00	............a...........w.......
11540	6b 0d 00 00 26 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a9 04 00 00 00 00 00 00 46 06 00 00	k...&.......................F...
11560	18 07 00 00 57 07 00 00 51 0c 00 00 00 00 00 00 c6 0e 00 00 13 0e 00 00 59 05 00 00 b6 05 00 00	....W...Q...............Y.......
11580	9f 0f 00 00 5c 08 00 00 00 00 00 00 36 03 00 00 ef 05 00 00 c0 0e 00 00 00 00 00 00 00 00 00 00	....\.......6...................
115a0	88 0f 00 00 00 00 00 00 00 00 00 00 ef 0e 00 00 af 09 00 00 50 10 00 00 1f 00 00 00 2d 10 00 00	....................P.......-...
115c0	00 00 00 00 19 0f 00 00 c1 03 00 00 b6 03 00 00 0f 0d 00 00 52 0e 00 00 4f 0c 00 00 b8 0c 00 00	....................R...O.......
115e0	7b 0b 00 00 c7 02 00 00 a5 0a 00 00 c2 03 00 00 b9 07 00 00 f1 03 00 00 5e 00 00 00 7e 07 00 00	{.......................^...~...
11600	00 00 00 00 7d 0c 00 00 a7 0c 00 00 df 0d 00 00 00 00 00 00 09 07 00 00 b2 0a 00 00 b0 0e 00 00	....}...........................
11620	99 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b6 0a 00 00 59 03 00 00 0e 06 00 00 5a 03 00 00	....................Y.......Z...
11640	88 08 00 00 5b 03 00 00 00 00 00 00 78 0d 00 00 54 01 00 00 df 0f 00 00 3c 07 00 00 75 09 00 00	....[.......x...T.......<...u...
11660	fa 06 00 00 93 0c 00 00 42 0d 00 00 87 00 00 00 97 05 00 00 67 0d 00 00 e3 0e 00 00 00 00 00 00	........B...........g...........
11680	e0 10 00 00 4e 06 00 00 89 10 00 00 00 00 00 00 00 00 00 00 91 0e 00 00 e7 0f 00 00 e2 0f 00 00	....N...........................
116a0	d7 04 00 00 a3 10 00 00 14 03 00 00 6c 0c 00 00 00 00 00 00 72 06 00 00 ac 0f 00 00 1c 07 00 00	............l.......r...........
116c0	fa 0b 00 00 96 10 00 00 00 00 00 00 4d 01 00 00 cb 10 00 00 0f 01 00 00 6e 07 00 00 00 00 00 00	............M...........n.......
116e0	a2 03 00 00 00 00 00 00 8d 00 00 00 bf 03 00 00 53 05 00 00 00 00 00 00 c5 03 00 00 4f 03 00 00	................S...........O...
11700	6f 0d 00 00 0d 01 00 00 63 04 00 00 df 01 00 00 08 02 00 00 00 00 00 00 17 02 00 00 00 00 00 00	o.......c.......................
11720	04 09 00 00 00 00 00 00 bd 10 00 00 d4 06 00 00 00 00 00 00 e0 05 00 00 c3 0a 00 00 91 10 00 00	................................
11740	f8 06 00 00 d1 0e 00 00 c4 10 00 00 e6 0e 00 00 93 08 00 00 00 00 00 00 79 09 00 00 00 00 00 00	........................y.......
11760	9a 00 00 00 00 00 00 00 00 00 00 00 90 08 00 00 28 0c 00 00 00 00 00 00 a9 0c 00 00 2b 03 00 00	................(...........+...
11780	c3 10 00 00 78 03 00 00 00 00 00 00 00 00 00 00 91 01 00 00 ca 0f 00 00 00 00 00 00 a3 0a 00 00	....x...........................
117a0	00 00 00 00 e5 0c 00 00 00 00 00 00 90 03 00 00 78 04 00 00 93 0a 00 00 7c 06 00 00 00 00 00 00	................x.......|.......
117c0	00 00 00 00 00 00 00 00 e3 0c 00 00 d7 0b 00 00 a1 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
117e0	49 07 00 00 b8 06 00 00 bf 0b 00 00 00 00 00 00 2f 00 00 00 57 08 00 00 fd 0b 00 00 2a 0c 00 00	I.............../...W.......*...
11800	42 0e 00 00 46 10 00 00 34 0b 00 00 9f 03 00 00 00 00 00 00 86 0d 00 00 fc 03 00 00 11 11 00 00	B...F...4.......................
11820	00 00 00 00 8a 00 00 00 00 00 00 00 ab 09 00 00 54 0a 00 00 4e 09 00 00 e4 0c 00 00 de 09 00 00	................T...N...........
11840	92 0d 00 00 e4 0b 00 00 00 0b 00 00 66 09 00 00 00 00 00 00 8d 0c 00 00 92 00 00 00 c9 04 00 00	............f...................
11860	44 0f 00 00 47 08 00 00 7b 01 00 00 7c 10 00 00 dd 02 00 00 00 00 00 00 24 05 00 00 06 08 00 00	D...G...{...|...........$.......
11880	4f 10 00 00 00 00 00 00 08 0b 00 00 ed 09 00 00 00 00 00 00 58 05 00 00 bf 04 00 00 f1 00 00 00	O...................X...........
118a0	1b 02 00 00 a3 07 00 00 1e 02 00 00 2b 02 00 00 22 05 00 00 88 00 00 00 00 00 00 00 00 00 00 00	............+..."...............
118c0	5f 01 00 00 f5 02 00 00 9c 06 00 00 ab 0f 00 00 00 00 00 00 00 00 00 00 41 0f 00 00 00 00 00 00	_.......................A.......
118e0	fb 08 00 00 4c 09 00 00 ce 0c 00 00 ae 01 00 00 00 00 00 00 b7 00 00 00 00 00 00 00 5e 02 00 00	....L.......................^...
11900	35 0f 00 00 51 08 00 00 ec 0d 00 00 2d 03 00 00 5f 0f 00 00 3f 0b 00 00 de 0d 00 00 5f 03 00 00	5...Q.......-..._...?......._...
11920	72 0e 00 00 54 00 00 00 d1 0c 00 00 59 09 00 00 21 05 00 00 6f 02 00 00 1d 0d 00 00 6f 05 00 00	r...T.......Y...!...o.......o...
11940	90 0a 00 00 00 00 00 00 52 07 00 00 a1 03 00 00 2a 10 00 00 7c 09 00 00 a0 0b 00 00 00 00 00 00	........R.......*...|...........
11960	00 00 00 00 00 00 00 00 42 0a 00 00 47 0b 00 00 c0 10 00 00 92 08 00 00 00 00 00 00 8c 09 00 00	........B...G...................
11980	95 01 00 00 00 00 00 00 1a 0d 00 00 26 0f 00 00 32 04 00 00 00 00 00 00 29 02 00 00 94 03 00 00	............&...2.......).......
119a0	00 00 00 00 de 03 00 00 58 02 00 00 2f 04 00 00 5d 07 00 00 ba 0d 00 00 00 00 00 00 00 00 00 00	........X.../...]...............
119c0	00 00 00 00 85 03 00 00 dc 10 00 00 37 0a 00 00 90 10 00 00 17 06 00 00 00 00 00 00 a1 10 00 00	............7...................
119e0	c2 0b 00 00 1a 06 00 00 f1 0c 00 00 cf 05 00 00 00 00 00 00 85 0f 00 00 00 00 00 00 70 02 00 00	............................p...
11a00	00 00 00 00 00 00 00 00 15 0c 00 00 88 01 00 00 75 00 00 00 00 00 00 00 63 03 00 00 b4 0c 00 00	................u.......c.......
11a20	2e 11 00 00 00 00 00 00 e2 04 00 00 d0 0e 00 00 f8 07 00 00 1f 10 00 00 00 00 00 00 00 00 00 00	................................
11a40	09 0d 00 00 1c 0b 00 00 b4 05 00 00 21 11 00 00 54 02 00 00 6d 0c 00 00 cf 09 00 00 ad 00 00 00	............!...T...m...........
11a60	72 0c 00 00 f9 0f 00 00 2d 05 00 00 b8 0d 00 00 9d 0c 00 00 00 00 00 00 05 0f 00 00 e1 06 00 00	r.......-.......................
11a80	6d 08 00 00 83 09 00 00 00 00 00 00 22 0f 00 00 00 00 00 00 b7 0f 00 00 82 0c 00 00 8f 04 00 00	m..........."...................
11aa0	2a 11 00 00 c8 0e 00 00 fe 0c 00 00 1e 0d 00 00 d9 08 00 00 de 0f 00 00 f7 07 00 00 36 0b 00 00	*...........................6...
11ac0	57 02 00 00 00 00 00 00 e9 03 00 00 f4 0f 00 00 00 00 00 00 02 08 00 00 d4 01 00 00 af 05 00 00	W...............................
11ae0	b1 02 00 00 00 00 00 00 35 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 49 0d 00 00 5e 0d 00 00	........5...............I...^...
11b00	d4 07 00 00 ac 04 00 00 a2 05 00 00 00 00 00 00 27 0f 00 00 9b 04 00 00 be 07 00 00 ee 03 00 00	................'...............
11b20	de 0b 00 00 31 02 00 00 2d 11 00 00 00 00 00 00 b2 00 00 00 00 00 00 00 00 00 00 00 86 0e 00 00	....1...-.......................
11b40	82 10 00 00 00 00 00 00 a4 0e 00 00 f2 02 00 00 00 00 00 00 00 00 00 00 fb 07 00 00 00 00 00 00	................................
11b60	00 00 00 00 a5 0c 00 00 a9 09 00 00 14 06 00 00 14 05 00 00 00 00 00 00 00 00 00 00 2f 08 00 00	............................/...
11b80	8d 08 00 00 69 01 00 00 00 00 00 00 c8 0a 00 00 38 07 00 00 62 04 00 00 91 04 00 00 00 00 00 00	....i...........8...b...........
11ba0	b1 0b 00 00 e0 0b 00 00 b5 01 00 00 00 00 00 00 be 03 00 00 3a 05 00 00 00 00 00 00 4e 0a 00 00	....................:.......N...
11bc0	00 00 00 00 08 10 00 00 8c 03 00 00 66 0d 00 00 49 01 00 00 f0 09 00 00 00 00 00 00 38 11 00 00	............f...I...........8...
11be0	b2 0c 00 00 00 00 00 00 a5 01 00 00 48 02 00 00 7d 0e 00 00 32 0c 00 00 19 0c 00 00 5b 0f 00 00	............H...}...2.......[...
11c00	12 09 00 00 00 00 00 00 b1 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ba 0b 00 00 00 00 00 00	................................
11c20	00 00 00 00 00 00 00 00 cd 04 00 00 00 00 00 00 00 00 00 00 83 02 00 00 00 00 00 00 e0 06 00 00	................................
11c40	de 0a 00 00 4f 06 00 00 ff 02 00 00 83 0c 00 00 07 05 00 00 76 01 00 00 00 00 00 00 00 00 00 00	....O...............v...........
11c60	b1 05 00 00 00 00 00 00 93 09 00 00 00 00 00 00 d3 08 00 00 a9 0a 00 00 73 01 00 00 67 09 00 00	........................s...g...
11c80	00 00 00 00 4e 01 00 00 8d 05 00 00 f2 00 00 00 00 00 00 00 9f 0d 00 00 07 03 00 00 c1 01 00 00	....N...........................
11ca0	15 05 00 00 00 00 00 00 c2 02 00 00 ab 0c 00 00 f4 0a 00 00 bf 08 00 00 6d 03 00 00 54 03 00 00	........................m...T...
11cc0	9d 03 00 00 81 0d 00 00 1f 05 00 00 76 03 00 00 26 05 00 00 44 02 00 00 46 0b 00 00 3a 00 00 00	............v...&...D...F...:...
11ce0	b6 0e 00 00 67 04 00 00 63 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ad 0b 00 00 db 05 00 00	....g...c.......................
11d00	e8 07 00 00 46 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	....F...........................
11d20	b3 0d 00 00 13 00 00 00 32 0f 00 00 00 00 00 00 78 0a 00 00 d5 04 00 00 39 10 00 00 a4 05 00 00	........2.......x.......9.......
11d40	a0 02 00 00 00 00 00 00 d5 10 00 00 a8 06 00 00 7c 0c 00 00 00 00 00 00 a9 0e 00 00 0e 0c 00 00	................|...............
11d60	d2 03 00 00 00 00 00 00 10 05 00 00 3f 06 00 00 83 04 00 00 38 0d 00 00 96 0f 00 00 fd 0e 00 00	............?.......8...........
11d80	00 00 00 00 68 09 00 00 eb 05 00 00 00 00 00 00 b5 0f 00 00 4a 02 00 00 00 00 00 00 d8 10 00 00	....h...............J...........
11da0	26 08 00 00 7d 07 00 00 86 07 00 00 b9 09 00 00 00 00 00 00 c9 01 00 00 00 00 00 00 98 0f 00 00	&...}...........................
11dc0	00 00 00 00 c1 08 00 00 00 00 00 00 5d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 95 07 00 00	............]...................
11de0	b0 03 00 00 ac 0a 00 00 e1 10 00 00 d9 06 00 00 3d 06 00 00 00 00 00 00 00 00 00 00 85 0a 00 00	................=...............
11e00	a8 09 00 00 75 0c 00 00 0e 02 00 00 14 10 00 00 2f 03 00 00 2c 08 00 00 51 0e 00 00 24 0e 00 00	....u.........../...,...Q...$...
11e20	00 00 00 00 14 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6b 0b 00 00 fa 05 00 00	........................k.......
11e40	00 00 00 00 00 00 00 00 00 00 00 00 01 04 00 00 00 00 00 00 2c 02 00 00 09 0f 00 00 00 00 00 00	....................,...........
11e60	06 0c 00 00 a0 08 00 00 3d 07 00 00 8c 05 00 00 d7 01 00 00 00 00 00 00 96 01 00 00 00 00 00 00	........=.......................
11e80	eb 07 00 00 00 00 00 00 00 00 00 00 53 0a 00 00 d6 04 00 00 2c 0a 00 00 b5 0d 00 00 b9 10 00 00	............S.......,...........
11ea0	11 07 00 00 ba 10 00 00 7b 10 00 00 8c 10 00 00 00 00 00 00 a7 0b 00 00 94 09 00 00 4a 10 00 00	........{...................J...
11ec0	00 00 00 00 9c 02 00 00 63 0f 00 00 40 10 00 00 00 00 00 00 f0 06 00 00 a2 0e 00 00 00 04 00 00	........c...@...................
11ee0	2b 09 00 00 7f 0b 00 00 d4 0a 00 00 72 0f 00 00 00 00 00 00 58 10 00 00 8e 10 00 00 1d 07 00 00	+...........r.......X...........
11f00	00 00 00 00 8a 02 00 00 71 05 00 00 b1 04 00 00 00 00 00 00 af 0a 00 00 0c 00 00 00 fa 0a 00 00	........q.......................
11f20	00 00 00 00 d2 10 00 00 4a 0d 00 00 fc 00 00 00 c4 07 00 00 35 01 00 00 94 07 00 00 42 07 00 00	........J...........5.......B...
11f40	00 00 00 00 00 00 00 00 0a 11 00 00 d5 07 00 00 3a 08 00 00 00 00 00 00 1b 01 00 00 6c 09 00 00	................:...........l...
11f60	17 01 00 00 b7 05 00 00 00 00 00 00 00 00 00 00 8a 0e 00 00 ce 0f 00 00 ff 06 00 00 05 05 00 00	................................
11f80	c5 0d 00 00 7c 05 00 00 68 01 00 00 34 0a 00 00 fc 0b 00 00 00 00 00 00 7a 0a 00 00 00 00 00 00	....|...h...4...........z.......
11fa0	4f 0f 00 00 7a 10 00 00 00 00 00 00 b1 08 00 00 2a 04 00 00 5a 0c 00 00 00 00 00 00 93 05 00 00	O...z...........*...Z...........
11fc0	c1 0d 00 00 10 0c 00 00 ba 0f 00 00 68 0c 00 00 4c 0f 00 00 a8 0e 00 00 00 00 00 00 6d 04 00 00	............h...L...........m...
11fe0	f6 05 00 00 00 00 00 00 9f 0c 00 00 00 00 00 00 50 00 00 00 15 04 00 00 13 01 00 00 8f 09 00 00	................P...............
12000	00 00 00 00 7e 00 00 00 b4 04 00 00 32 03 00 00 00 00 00 00 a6 0f 00 00 35 07 00 00 ef 01 00 00	....~.......2...........5.......
12020	00 00 00 00 fd 0f 00 00 48 07 00 00 3b 0c 00 00 9d 10 00 00 e9 0c 00 00 0a 00 00 00 42 04 00 00	........H...;...............B...
12040	d8 02 00 00 55 0e 00 00 22 0d 00 00 00 00 00 00 e7 0e 00 00 0d 0f 00 00 83 05 00 00 be 04 00 00	....U...".......................
12060	dd 09 00 00 29 00 00 00 9e 08 00 00 5d 0e 00 00 39 03 00 00 04 0c 00 00 00 00 00 00 a4 0c 00 00	....).......]...9...............
12080	59 01 00 00 6f 00 00 00 fc 0f 00 00 30 02 00 00 00 00 00 00 00 00 00 00 10 0b 00 00 ce 08 00 00	Y...o.......0...................
120a0	45 02 00 00 00 00 00 00 7b 02 00 00 a5 00 00 00 5e 0c 00 00 cb 0d 00 00 3e 07 00 00 00 00 00 00	E.......{.......^.......>.......
120c0	00 00 00 00 97 0e 00 00 a8 08 00 00 00 00 00 00 f2 01 00 00 7a 07 00 00 01 0a 00 00 52 0b 00 00	....................z.......R...
120e0	00 00 00 00 31 0c 00 00 9d 02 00 00 00 00 00 00 f9 04 00 00 00 00 00 00 00 00 00 00 68 0f 00 00	....1.......................h...
12100	8a 10 00 00 00 00 00 00 78 01 00 00 21 02 00 00 00 00 00 00 44 01 00 00 bd 0a 00 00 40 0c 00 00	........x...!.......D.......@...
12120	00 00 00 00 a5 08 00 00 08 0c 00 00 b4 00 00 00 bf 00 00 00 c1 00 00 00 c3 00 00 00 c4 00 00 00	................................
12140	c5 00 00 00 c6 00 00 00 67 00 00 00 c9 00 00 00 ca 00 00 00 37 0b 00 00 00 00 00 00 6e 0d 00 00	........g...........7.......n...
12160	b7 0d 00 00 9a 0b 00 00 00 00 00 00 cf 00 00 00 d0 00 00 00 d1 00 00 00 d2 00 00 00 5e 09 00 00	............................^...
12180	80 0f 00 00 d6 00 00 00 9c 09 00 00 d7 00 00 00 00 00 00 00 6b 04 00 00 00 00 00 00 24 0f 00 00	....................k.......$...
121a0	7a 0f 00 00 e8 03 00 00 0f 0a 00 00 dc 00 00 00 00 00 00 00 27 08 00 00 bd 02 00 00 dd 00 00 00	z...................'...........
121c0	00 00 00 00 de 00 00 00 05 06 00 00 df 00 00 00 83 08 00 00 4a 01 00 00 11 02 00 00 8e 05 00 00	....................J...........
121e0	00 00 00 00 8f 02 00 00 c1 05 00 00 71 10 00 00 e2 09 00 00 e4 00 00 00 ea 03 00 00 e5 00 00 00	............q...................
12200	2f 06 00 00 e6 00 00 00 43 02 00 00 98 02 00 00 17 09 00 00 00 00 00 00 20 01 00 00 5b 07 00 00	/.......C...................[...
12220	cf 0c 00 00 30 06 00 00 00 00 00 00 79 0c 00 00 a6 05 00 00 89 03 00 00 a5 03 00 00 eb 00 00 00	....0.......y...................
12240	d2 01 00 00 d2 0c 00 00 04 0b 00 00 00 00 00 00 ed 0e 00 00 25 08 00 00 00 00 00 00 00 00 00 00	....................%...........
12260	03 04 00 00 3b 10 00 00 00 00 00 00 16 05 00 00 6d 0e 00 00 5e 01 00 00 9e 00 00 00 ab 0d 00 00	....;...........m...^...........
12280	39 0a 00 00 ed 00 00 00 ef 00 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 cc 10 00 00 00 00 00 00	9...............................
122a0	00 00 00 00 7e 01 00 00 98 09 00 00 f4 00 00 00 68 0e 00 00 00 00 00 00 00 00 00 00 5e 03 00 00	....~...........h...........^...
122c0	00 00 00 00 00 00 00 00 9f 0a 00 00 89 0f 00 00 00 00 00 00 53 0e 00 00 1a 03 00 00 00 00 00 00	....................S...........
122e0	40 0d 00 00 17 0f 00 00 c6 0b 00 00 a6 10 00 00 ab 02 00 00 1d 0b 00 00 00 00 00 00 54 10 00 00	@...........................T...
12300	d6 05 00 00 b1 0e 00 00 82 04 00 00 04 0d 00 00 70 03 00 00 61 08 00 00 ff 10 00 00 a0 0e 00 00	................p...a...........
12320	89 07 00 00 e5 02 00 00 7c 03 00 00 75 0f 00 00 37 03 00 00 64 0f 00 00 00 00 00 00 24 10 00 00	........|...u...7...d.......$...
12340	00 00 00 00 88 09 00 00 3d 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5d 09 00 00 9c 04 00 00	........=...............].......
12360	c1 07 00 00 00 00 00 00 44 09 00 00 00 00 00 00 a7 07 00 00 4c 07 00 00 84 08 00 00 00 00 00 00	........D...........L...........
12380	95 05 00 00 04 08 00 00 00 00 00 00 3b 05 00 00 ae 05 00 00 00 0e 00 00 00 00 00 00 80 05 00 00	............;...................
123a0	00 00 00 00 10 0f 00 00 a7 10 00 00 b5 07 00 00 57 0c 00 00 bb 0c 00 00 e1 07 00 00 cd 01 00 00	................W...............
123c0	f0 0b 00 00 33 0f 00 00 00 00 00 00 8a 0a 00 00 ae 0e 00 00 75 0e 00 00 00 00 00 00 00 00 00 00	....3...............u...........
123e0	00 00 00 00 13 11 00 00 20 06 00 00 00 00 00 00 5b 06 00 00 39 0f 00 00 00 00 00 00 27 09 00 00	................[...9.......'...
12400	79 10 00 00 71 06 00 00 3d 09 00 00 24 01 00 00 f8 00 00 00 4b 0d 00 00 e7 10 00 00 e3 0f 00 00	y...q...=...$.......K...........
12420	00 00 00 00 23 03 00 00 49 02 00 00 00 00 00 00 79 0a 00 00 00 00 00 00 50 0c 00 00 45 0a 00 00	....#...I.......y.......P...E...
12440	c4 0d 00 00 34 09 00 00 52 05 00 00 a8 03 00 00 42 08 00 00 4d 0c 00 00 5a 0d 00 00 3a 0d 00 00	....4...R.......B...M...Z...:...
12460	00 00 00 00 43 0a 00 00 00 00 00 00 00 00 00 00 33 10 00 00 3f 03 00 00 1d 01 00 00 ec 06 00 00	....C...........3...?...........
12480	00 00 00 00 a9 03 00 00 3e 0a 00 00 9b 00 00 00 4b 04 00 00 5c 10 00 00 6b 03 00 00 00 00 00 00	........>.......K...\...k.......
124a0	9f 10 00 00 32 0b 00 00 f1 06 00 00 00 00 00 00 00 00 00 00 d0 04 00 00 9b 01 00 00 c2 07 00 00	....2...........................
124c0	09 10 00 00 00 00 00 00 00 00 00 00 6b 00 00 00 5e 06 00 00 bb 06 00 00 69 0f 00 00 6d 0a 00 00	............k...^.......i...m...
124e0	a2 10 00 00 aa 0c 00 00 f5 0d 00 00 00 00 00 00 0a 0f 00 00 e2 0c 00 00 52 03 00 00 d0 0b 00 00	........................R.......
12500	58 09 00 00 af 08 00 00 d2 09 00 00 1a 05 00 00 00 00 00 00 6e 03 00 00 00 00 00 00 00 00 00 00	X...................n...........
12520	00 00 00 00 5b 08 00 00 00 00 00 00 02 0a 00 00 1f 0a 00 00 86 09 00 00 00 00 00 00 ad 0d 00 00	....[...........................
12540	be 06 00 00 71 0b 00 00 82 07 00 00 14 0d 00 00 84 0b 00 00 00 00 00 00 c7 10 00 00 58 0d 00 00	....q.......................X...
12560	00 00 00 00 c9 02 00 00 00 00 00 00 2e 06 00 00 7e 0f 00 00 00 00 00 00 19 09 00 00 d9 00 00 00	................~...............
12580	00 00 00 00 25 0d 00 00 00 00 00 00 00 00 00 00 2f 0f 00 00 00 00 00 00 29 0d 00 00 00 00 00 00	....%.........../.......).......
125a0	00 00 00 00 72 0a 00 00 1d 10 00 00 00 00 00 00 7c 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 00	....r...........|...............
125c0	d7 05 00 00 21 0d 00 00 45 01 00 00 39 06 00 00 cc 01 00 00 63 02 00 00 00 00 00 00 00 00 00 00	....!...E...9.......c...........
125e0	3c 08 00 00 50 03 00 00 72 07 00 00 3e 0d 00 00 86 10 00 00 8b 05 00 00 0c 01 00 00 1d 02 00 00	<...P...r...>...................
12600	1c 0a 00 00 d5 09 00 00 eb 10 00 00 00 03 00 00 fa 04 00 00 62 02 00 00 00 00 00 00 99 0b 00 00	....................b...........
12620	49 04 00 00 06 02 00 00 00 00 00 00 3c 11 00 00 37 0e 00 00 00 00 00 00 90 02 00 00 a3 04 00 00	I...........<...7...............
12640	74 00 00 00 34 01 00 00 4c 04 00 00 e9 06 00 00 e5 03 00 00 e8 01 00 00 6b 06 00 00 f3 10 00 00	t...4...L...............k.......
12660	00 00 00 00 f9 05 00 00 56 0f 00 00 00 00 00 00 4d 0d 00 00 00 00 00 00 9b 07 00 00 00 00 00 00	........V.......M...............
12680	00 00 00 00 85 08 00 00 99 08 00 00 e2 01 00 00 00 00 00 00 36 0d 00 00 00 00 00 00 fd 00 00 00	....................6...........
126a0	85 04 00 00 00 00 00 00 00 00 00 00 bb 02 00 00 96 06 00 00 ce 00 00 00 34 0f 00 00 61 0d 00 00	........................4...a...
126c0	ec 05 00 00 57 06 00 00 32 10 00 00 00 00 00 00 26 11 00 00 ca 02 00 00 00 00 00 00 99 02 00 00	....W...2.......&...............
126e0	cc 0e 00 00 9b 02 00 00 3c 0b 00 00 51 04 00 00 00 00 00 00 8c 0b 00 00 00 00 00 00 00 00 00 00	........<...Q...................
12700	9b 0f 00 00 00 00 00 00 ce 05 00 00 b2 05 00 00 00 00 00 00 01 07 00 00 03 10 00 00 54 08 00 00	............................T...
12720	4f 09 00 00 ea 0a 00 00 70 0f 00 00 4c 00 00 00 00 00 00 00 bf 09 00 00 f9 08 00 00 fc 04 00 00	O.......p...L...................
12740	4b 00 00 00 66 0f 00 00 00 00 00 00 a3 06 00 00 21 01 00 00 00 00 00 00 00 00 00 00 ad 0a 00 00	K...f...........!...............
12760	b8 0b 00 00 13 08 00 00 31 07 00 00 60 10 00 00 79 0b 00 00 0e 00 00 00 36 05 00 00 b1 10 00 00	........1...`...y.......6.......
12780	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2c 00 00 00 f4 04 00 00 3e 0e 00 00	....................,.......>...
127a0	48 03 00 00 00 00 00 00 00 00 00 00 5d 05 00 00 bb 08 00 00 38 00 00 00 73 10 00 00 87 0f 00 00	H...........].......8...s.......
127c0	9a 0e 00 00 67 0e 00 00 77 0d 00 00 00 00 00 00 b4 07 00 00 25 01 00 00 00 00 00 00 00 00 00 00	....g...w...........%...........
127e0	0f 0c 00 00 25 04 00 00 00 00 00 00 7f 06 00 00 2b 07 00 00 7c 08 00 00 c2 09 00 00 70 0d 00 00	....%...........+...|.......p...
12800	90 0f 00 00 00 00 00 00 da 08 00 00 00 00 00 00 6b 05 00 00 53 02 00 00 8e 02 00 00 57 04 00 00	................k...S.......W...
12820	00 00 00 00 00 00 00 00 00 00 00 00 e7 04 00 00 bd 07 00 00 38 0b 00 00 c4 08 00 00 ce 0a 00 00	....................8...........
12840	c5 0c 00 00 00 00 00 00 2f 0d 00 00 28 0a 00 00 5b 09 00 00 1c 00 00 00 00 00 00 00 00 00 00 00	......../...(...[...............
12860	3b 01 00 00 c8 0b 00 00 07 06 00 00 00 00 00 00 8f 07 00 00 fb 03 00 00 ae 0b 00 00 00 00 00 00	;...............................
12880	1e 10 00 00 00 00 00 00 34 0e 00 00 00 00 00 00 5c 0c 00 00 bf 0a 00 00 36 11 00 00 00 00 00 00	........4.......\.......6.......
128a0	0b 07 00 00 00 00 00 00 d4 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 39 08 00 00 e4 07 00 00	........................9.......
128c0	37 05 00 00 ba 05 00 00 84 0e 00 00 61 0f 00 00 00 00 00 00 4b 0e 00 00 d8 07 00 00 f1 0b 00 00	7...........a.......K...........
128e0	24 11 00 00 5f 02 00 00 00 00 00 00 ce 09 00 00 18 01 00 00 00 00 00 00 71 0d 00 00 00 00 00 00	$..._...................q.......
12900	4d 00 00 00 28 00 00 00 8d 06 00 00 1b 11 00 00 9c 08 00 00 37 0d 00 00 33 00 00 00 00 00 00 00	M...(...............7...3.......
12920	d9 0c 00 00 00 00 00 00 7d 06 00 00 13 0d 00 00 ac 08 00 00 00 00 00 00 be 09 00 00 00 00 00 00	........}.......................
12940	b8 08 00 00 00 00 00 00 bf 0c 00 00 6a 0c 00 00 5a 01 00 00 bf 0d 00 00 00 00 00 00 00 00 00 00	............j...Z...............
12960	00 00 00 00 00 00 00 00 77 03 00 00 00 00 00 00 a8 0d 00 00 00 00 00 00 aa 05 00 00 00 00 00 00	........w.......................
12980	00 00 00 00 b9 0e 00 00 6b 02 00 00 56 00 00 00 d8 03 00 00 1d 04 00 00 de 08 00 00 3b 06 00 00	........k...V...............;...
129a0	27 00 00 00 00 00 00 00 68 04 00 00 07 09 00 00 8c 00 00 00 6a 04 00 00 9a 05 00 00 f1 05 00 00	'.......h...........j...........
129c0	1c 01 00 00 bb 07 00 00 a0 0a 00 00 90 09 00 00 d5 0d 00 00 00 00 00 00 00 00 00 00 94 06 00 00	................................
129e0	00 00 00 00 46 0f 00 00 f7 06 00 00 44 0b 00 00 7c 0b 00 00 00 00 00 00 e5 05 00 00 93 00 00 00	....F.......D...|...............
12a00	49 08 00 00 00 00 00 00 74 0d 00 00 48 08 00 00 0c 11 00 00 21 0a 00 00 d8 0f 00 00 2e 00 00 00	I.......t...H.......!...........
12a20	5c 0d 00 00 dc 06 00 00 00 00 00 00 5f 0d 00 00 85 09 00 00 36 04 00 00 47 0a 00 00 00 00 00 00	\..........._.......6...G.......
12a40	91 05 00 00 9a 08 00 00 c3 03 00 00 dd 08 00 00 31 08 00 00 14 04 00 00 00 00 00 00 c8 06 00 00	................1...............
12a60	00 00 00 00 00 00 00 00 00 00 00 00 3c 09 00 00 9d 0a 00 00 00 00 00 00 c9 09 00 00 b5 02 00 00	............<...................
12a80	2e 02 00 00 3e 0f 00 00 04 00 00 00 d0 03 00 00 00 00 00 00 22 07 00 00 86 04 00 00 7b 03 00 00	....>...............".......{...
12aa0	2f 0b 00 00 bc 08 00 00 00 00 00 00 77 05 00 00 82 01 00 00 1b 07 00 00 00 00 00 00 4e 0b 00 00	/...........w...............N...
12ac0	7f 0d 00 00 00 00 00 00 55 06 00 00 ac 0b 00 00 80 03 00 00 73 03 00 00 00 00 00 00 db 08 00 00	........U...........s...........
12ae0	7a 06 00 00 96 02 00 00 92 0b 00 00 83 0b 00 00 e5 0e 00 00 00 00 00 00 00 00 00 00 2e 04 00 00	z...............................
12b00	ed 0f 00 00 78 0b 00 00 0e 01 00 00 2f 0a 00 00 f4 03 00 00 bd 06 00 00 00 00 00 00 19 08 00 00	....x......./...................
12b20	cb 0a 00 00 09 01 00 00 71 03 00 00 4e 00 00 00 00 00 00 00 00 00 00 00 14 0e 00 00 49 0c 00 00	........q...N...............I...
12b40	00 00 00 00 7f 07 00 00 3a 0b 00 00 7a 04 00 00 7b 0e 00 00 00 00 00 00 e4 02 00 00 3a 01 00 00	........:...z...{...........:...
12b60	a9 00 00 00 00 00 00 00 86 0f 00 00 00 00 00 00 12 05 00 00 00 00 00 00 28 0f 00 00 00 00 00 00	........................(.......
12b80	4b 07 00 00 00 00 00 00 00 00 00 00 da 0b 00 00 eb 04 00 00 65 0e 00 00 00 00 00 00 1f 0d 00 00	K...................e...........
12ba0	00 00 00 00 95 09 00 00 87 0a 00 00 00 00 00 00 00 00 00 00 4e 05 00 00 00 00 00 00 00 00 00 00	....................N...........
12bc0	df 02 00 00 00 00 00 00 af 0c 00 00 38 05 00 00 56 0a 00 00 00 10 00 00 1e 0e 00 00 a1 04 00 00	............8...V...............
12be0	f6 07 00 00 64 06 00 00 6e 00 00 00 ee 09 00 00 00 00 00 00 df 08 00 00 00 00 00 00 5c 0a 00 00	....d...n...................\...
12c00	5d 03 00 00 ec 0e 00 00 00 00 00 00 00 00 00 00 8f 0d 00 00 3d 10 00 00 0f 09 00 00 4b 02 00 00	]...................=.......K...
12c20	a0 09 00 00 00 00 00 00 60 0e 00 00 35 00 00 00 22 06 00 00 91 06 00 00 4d 03 00 00 00 00 00 00	........`...5...".......M.......
12c40	00 00 00 00 00 00 00 00 0f 06 00 00 08 08 00 00 cb 06 00 00 8c 0e 00 00 28 05 00 00 00 00 00 00	........................(.......
12c60	2b 10 00 00 fe 0d 00 00 5e 0b 00 00 5c 03 00 00 e2 0a 00 00 00 00 00 00 41 0d 00 00 05 11 00 00	+.......^...\...........A.......
12c80	7b 08 00 00 0b 08 00 00 1f 0f 00 00 ce 07 00 00 00 00 00 00 92 09 00 00 da 0c 00 00 c5 01 00 00	{...............................
12ca0	00 00 00 00 25 0a 00 00 8f 0a 00 00 70 08 00 00 b3 06 00 00 02 02 00 00 aa 10 00 00 00 00 00 00	....%.......p...................
12cc0	00 00 00 00 0c 0e 00 00 00 00 00 00 78 06 00 00 00 00 00 00 1c 05 00 00 65 02 00 00 00 00 00 00	............x...........e.......
12ce0	00 00 00 00 00 00 00 00 00 00 00 00 70 0a 00 00 1d 0f 00 00 00 00 00 00 e2 06 00 00 00 00 00 00	............p...................
12d00	07 04 00 00 31 09 00 00 c0 00 00 00 62 10 00 00 6b 10 00 00 00 00 00 00 2a 0a 00 00 00 00 00 00	....1.......b...k.......*.......
12d20	10 06 00 00 60 04 00 00 e5 0f 00 00 00 00 00 00 00 00 00 00 7b 07 00 00 9b 0d 00 00 65 0d 00 00	....`...............{.......e...
12d40	31 0e 00 00 fd 05 00 00 00 00 00 00 11 09 00 00 00 00 00 00 ae 0c 00 00 85 07 00 00 00 00 00 00	1...............................
12d60	00 00 00 00 97 0f 00 00 b5 10 00 00 af 0d 00 00 b8 09 00 00 0f 0e 00 00 c0 04 00 00 61 00 00 00	............................a...
12d80	19 10 00 00 ae 07 00 00 72 05 00 00 00 00 00 00 7b 0f 00 00 d6 09 00 00 00 00 00 00 88 0c 00 00	........r.......{...............
12da0	49 0f 00 00 12 01 00 00 06 01 00 00 00 00 00 00 63 10 00 00 0d 0c 00 00 e8 02 00 00 00 00 00 00	I...............c...............
12dc0	00 00 00 00 39 07 00 00 00 00 00 00 09 03 00 00 66 02 00 00 a6 0a 00 00 f7 0f 00 00 68 0d 00 00	....9...........f...........h...
12de0	00 00 00 00 00 00 00 00 00 05 00 00 33 03 00 00 00 00 00 00 b7 07 00 00 52 04 00 00 00 00 00 00	............3...........R.......
12e00	00 00 00 00 c2 0a 00 00 61 04 00 00 86 00 00 00 91 0a 00 00 00 00 00 00 e4 10 00 00 78 10 00 00	........a...................x...
12e20	00 00 00 00 99 07 00 00 2e 0b 00 00 00 00 00 00 50 0b 00 00 00 00 00 00 ce 02 00 00 3b 07 00 00	................P...........;...
12e40	dc 02 00 00 d7 0f 00 00 00 00 00 00 00 00 00 00 89 0b 00 00 16 0f 00 00 50 0e 00 00 11 08 00 00	........................P.......
12e60	ae 02 00 00 8a 09 00 00 c7 00 00 00 a8 10 00 00 e0 0c 00 00 00 00 00 00 6c 0b 00 00 fb 0a 00 00	........................l.......
12e80	fa 02 00 00 03 01 00 00 0f 02 00 00 a2 06 00 00 cd 10 00 00 e8 0a 00 00 97 04 00 00 28 07 00 00	............................(...
12ea0	cc 0a 00 00 24 02 00 00 7d 0d 00 00 f6 02 00 00 4d 08 00 00 07 07 00 00 00 00 00 00 00 00 00 00	....$...}.......M...............
12ec0	00 00 00 00 a4 10 00 00 00 00 00 00 1f 04 00 00 7f 0f 00 00 00 00 00 00 0d 11 00 00 02 09 00 00	................................
12ee0	11 0d 00 00 21 00 00 00 cd 08 00 00 16 08 00 00 16 07 00 00 00 00 00 00 ec 0a 00 00 8e 03 00 00	....!...........................
12f00	00 0d 00 00 00 00 00 00 77 0e 00 00 1e 07 00 00 00 00 00 00 65 01 00 00 ec 08 00 00 79 07 00 00	........w...........e.......y...
12f20	aa 00 00 00 00 00 00 00 8d 0d 00 00 00 00 00 00 75 02 00 00 ad 0f 00 00 00 00 00 00 40 09 00 00	................u...........@...
12f40	8c 0d 00 00 dd 06 00 00 6a 10 00 00 00 00 00 00 00 00 00 00 76 08 00 00 cd 0c 00 00 00 00 00 00	........j...........v...........
12f60	ab 00 00 00 1e 0b 00 00 28 10 00 00 c5 05 00 00 f8 0a 00 00 9a 0c 00 00 00 00 00 00 c8 09 00 00	........(.......................
12f80	cf 07 00 00 3b 0a 00 00 2d 0c 00 00 ef 03 00 00 00 00 00 00 50 08 00 00 11 0c 00 00 ab 10 00 00	....;...-...........P...........
12fa0	0b 0e 00 00 d8 09 00 00 e7 03 00 00 3e 0c 00 00 9d 0e 00 00 00 00 00 00 c8 0d 00 00 df 0b 00 00	............>...................
12fc0	9a 06 00 00 1d 0a 00 00 00 00 00 00 44 04 00 00 77 08 00 00 20 03 00 00 00 00 00 00 c9 07 00 00	............D...w...............
12fe0	b0 10 00 00 ce 06 00 00 c6 04 00 00 00 00 00 00 00 00 00 00 b3 03 00 00 00 00 00 00 d2 05 00 00	................................
13000	a1 06 00 00 d4 0f 00 00 b6 0f 00 00 43 07 00 00 00 00 00 00 77 04 00 00 00 00 00 00 61 0a 00 00	............C.......w.......a...
13020	94 02 00 00 7d 04 00 00 b3 0f 00 00 00 00 00 00 a2 01 00 00 db 10 00 00 60 07 00 00 1c 06 00 00	....}...................`.......
13040	fd 10 00 00 00 00 00 00 87 0c 00 00 00 00 00 00 62 0c 00 00 00 00 00 00 ed 0c 00 00 64 0b 00 00	................b...........d...
13060	00 00 00 00 00 00 00 00 8f 08 00 00 27 0c 00 00 a0 0f 00 00 02 0f 00 00 5b 00 00 00 3c 0e 00 00	............'...........[...<...
13080	69 03 00 00 76 0c 00 00 05 02 00 00 00 00 00 00 4e 0d 00 00 30 05 00 00 00 00 00 00 00 00 00 00	i...v...........N...0...........
130a0	00 00 00 00 93 04 00 00 10 03 00 00 23 04 00 00 f1 0e 00 00 00 00 00 00 00 00 00 00 e2 07 00 00	............#...................
130c0	08 09 00 00 4b 10 00 00 b5 0a 00 00 00 00 00 00 00 00 00 00 98 08 00 00 00 00 00 00 39 11 00 00	....K.......................9...
130e0	c8 02 00 00 0a 08 00 00 7d 0b 00 00 ba 09 00 00 f0 03 00 00 58 08 00 00 00 00 00 00 00 00 00 00	........}...........X...........
13100	1c 02 00 00 d5 01 00 00 41 05 00 00 00 00 00 00 5c 0f 00 00 68 08 00 00 7f 08 00 00 b4 0f 00 00	........A.......\...h...........
13120	00 00 00 00 71 01 00 00 00 00 00 00 43 01 00 00 70 09 00 00 20 07 00 00 67 0a 00 00 96 0b 00 00	....q.......C...p.......g.......
13140	06 03 00 00 a2 08 00 00 00 00 00 00 00 00 00 00 a6 04 00 00 03 06 00 00 95 08 00 00 00 00 00 00	................................
13160	37 0c 00 00 00 00 00 00 0c 0d 00 00 88 0e 00 00 07 0d 00 00 ea 08 00 00 00 00 00 00 f1 04 00 00	7...............................
13180	82 0f 00 00 8b 04 00 00 21 03 00 00 00 00 00 00 00 00 00 00 3a 06 00 00 b7 04 00 00 c3 07 00 00	........!...........:...........
131a0	cf 02 00 00 85 01 00 00 f2 03 00 00 dd 05 00 00 00 00 00 00 2b 05 00 00 00 00 00 00 54 05 00 00	....................+.......T...
131c0	b8 00 00 00 4b 06 00 00 00 00 00 00 5d 0b 00 00 00 00 00 00 00 00 00 00 a7 01 00 00 00 00 00 00	....K.......]...................
131e0	c3 02 00 00 ff 07 00 00 23 10 00 00 d5 00 00 00 6c 0f 00 00 34 08 00 00 57 0b 00 00 00 00 00 00	........#.......l...4...W.......
13200	60 06 00 00 9e 01 00 00 0d 0d 00 00 6c 0d 00 00 26 00 00 00 f3 0b 00 00 56 07 00 00 d5 05 00 00	`...........l...&.......V.......
13220	e1 09 00 00 d2 0b 00 00 12 11 00 00 03 09 00 00 89 06 00 00 e3 01 00 00 e4 08 00 00 3b 0e 00 00	............................;...
13240	14 00 00 00 e1 0d 00 00 b6 02 00 00 14 0b 00 00 5d 01 00 00 09 05 00 00 a8 0b 00 00 84 10 00 00	................]...............
13260	c6 0c 00 00 00 00 00 00 24 04 00 00 75 0a 00 00 6a 0a 00 00 ff 03 00 00 00 00 00 00 00 00 00 00	........$...u...j...............
13280	00 00 00 00 81 02 00 00 a1 09 00 00 83 01 00 00 74 0c 00 00 00 00 00 00 02 0b 00 00 d3 07 00 00	................t...............
132a0	1d 09 00 00 b4 0e 00 00 f6 10 00 00 00 00 00 00 00 00 00 00 7a 00 00 00 1a 09 00 00 62 01 00 00	....................z.......b...
132c0	00 00 00 00 da 05 00 00 45 00 00 00 50 06 00 00 cf 0d 00 00 51 07 00 00 f1 07 00 00 00 00 00 00	........E...P.......Q...........
132e0	00 00 00 00 ad 08 00 00 0e 0a 00 00 af 00 00 00 a5 0d 00 00 00 00 00 00 f6 00 00 00 92 05 00 00	................................
13300	6a 0b 00 00 47 10 00 00 00 00 00 00 b2 0d 00 00 3c 01 00 00 00 00 00 00 00 00 00 00 8a 0b 00 00	j...G...........<...............
13320	96 0e 00 00 26 0b 00 00 92 07 00 00 9e 0a 00 00 4a 07 00 00 d6 0a 00 00 0b 0c 00 00 00 00 00 00	....&...........J...............
13340	00 00 00 00 f2 05 00 00 41 06 00 00 00 00 00 00 4e 02 00 00 00 00 00 00 2e 0d 00 00 00 00 00 00	........A.......N...............
13360	00 00 00 00 1d 08 00 00 f0 04 00 00 3b 04 00 00 c1 0b 00 00 00 00 00 00 d8 06 00 00 7c 0a 00 00	............;...............|...
13380	a3 01 00 00 64 0a 00 00 fc 0e 00 00 00 00 00 00 05 08 00 00 00 00 00 00 3f 0f 00 00 00 00 00 00	....d...................?.......
133a0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 74 0e 00 00 00 00 00 00 6c 05 00 00	....................t.......l...
133c0	eb 02 00 00 00 00 00 00 42 02 00 00 00 00 00 00 00 00 00 00 e5 08 00 00 b2 04 00 00 a8 05 00 00	........B.......................
133e0	00 00 00 00 b0 0c 00 00 00 00 00 00 6d 10 00 00 01 03 00 00 4e 08 00 00 30 01 00 00 00 00 00 00	............m.......N...0.......
13400	31 05 00 00 c0 0c 00 00 67 08 00 00 1d 0e 00 00 00 00 00 00 d1 10 00 00 a5 07 00 00 5e 0a 00 00	1.......g...................^...
13420	00 00 00 00 11 0f 00 00 00 00 00 00 c4 05 00 00 99 0c 00 00 6f 09 00 00 7b 0a 00 00 24 03 00 00	....................o...{...$...
13440	00 00 00 00 b9 05 00 00 00 00 00 00 72 00 00 00 d7 09 00 00 00 00 00 00 69 0a 00 00 94 04 00 00	............r...........i.......
13460	6d 0f 00 00 4d 04 00 00 bc 0b 00 00 3d 0c 00 00 00 00 00 00 15 03 00 00 3b 09 00 00 00 00 00 00	m...M.......=...........;.......
13480	0b 04 00 00 00 00 00 00 87 09 00 00 00 00 00 00 e8 00 00 00 e0 08 00 00 bb 0b 00 00 00 00 00 00	................................
134a0	bd 04 00 00 c3 0b 00 00 ed 05 00 00 70 01 00 00 44 00 00 00 00 00 00 00 14 02 00 00 18 00 00 00	............p...D...............
134c0	e8 0e 00 00 00 00 00 00 37 07 00 00 fd 01 00 00 73 05 00 00 0e 10 00 00 2a 0b 00 00 1f 0e 00 00	........7.......s.......*.......
134e0	00 00 00 00 2c 0f 00 00 00 00 00 00 00 00 00 00 65 03 00 00 72 0d 00 00 6d 0b 00 00 0a 0d 00 00	....,...........e...r...m.......
13500	04 03 00 00 9c 0c 00 00 aa 09 00 00 00 00 00 00 ff 0e 00 00 00 00 00 00 81 0e 00 00 1f 0b 00 00	................................
13520	00 00 00 00 32 07 00 00 b3 01 00 00 aa 0d 00 00 00 00 00 00 ee 00 00 00 56 01 00 00 c7 0e 00 00	....2...................V.......
13540	8d 0a 00 00 b9 01 00 00 00 00 00 00 fe 0a 00 00 8e 00 00 00 15 01 00 00 3e 03 00 00 c4 0e 00 00	........................>.......
13560	b5 09 00 00 5d 02 00 00 dc 08 00 00 2d 02 00 00 00 00 00 00 18 08 00 00 77 0a 00 00 73 0f 00 00	....].......-...........w...s...
13580	00 00 00 00 00 00 00 00 b1 06 00 00 77 09 00 00 3c 00 00 00 00 00 00 00 e2 00 00 00 00 00 00 00	............w...<...............
135a0	ac 0d 00 00 34 07 00 00 00 00 00 00 56 0b 00 00 00 00 00 00 06 06 00 00 12 04 00 00 27 05 00 00	....4.......V...............'...
135c0	6f 07 00 00 59 0f 00 00 59 07 00 00 a3 09 00 00 21 0c 00 00 6c 00 00 00 0d 05 00 00 00 00 00 00	o...Y...Y.......!...l...........
135e0	00 00 00 00 5a 02 00 00 00 00 00 00 51 03 00 00 b4 09 00 00 00 00 00 00 fa 0e 00 00 00 00 00 00	....Z.......Q...................
13600	90 04 00 00 00 00 00 00 c4 06 00 00 1d 06 00 00 00 00 00 00 00 00 00 00 2f 10 00 00 00 00 00 00	......................../.......
13620	eb 0f 00 00 00 00 00 00 7e 0e 00 00 d6 10 00 00 00 00 00 00 9b 0e 00 00 00 00 00 00 7a 02 00 00	........~...................z...
13640	dc 0d 00 00 00 00 00 00 3c 0f 00 00 00 00 00 00 f8 0d 00 00 c8 0c 00 00 50 04 00 00 b3 05 00 00	........<...............P.......
13660	10 07 00 00 20 05 00 00 cb 0e 00 00 00 00 00 00 ac 03 00 00 ab 0e 00 00 6f 0b 00 00 0a 06 00 00	........................o.......
13680	16 10 00 00 18 0e 00 00 97 06 00 00 cc 04 00 00 b3 08 00 00 8d 02 00 00 00 00 00 00 a8 0c 00 00	................................
136a0	00 00 00 00 66 07 00 00 ed 01 00 00 00 00 00 00 eb 03 00 00 00 00 00 00 85 10 00 00 00 00 00 00	....f...........................
136c0	cf 04 00 00 85 0b 00 00 00 00 00 00 c9 0a 00 00 03 07 00 00 c0 07 00 00 00 00 00 00 bd 09 00 00	................................
136e0	94 0c 00 00 ec 09 00 00 35 0a 00 00 66 06 00 00 00 00 00 00 8b 06 00 00 24 08 00 00 c3 01 00 00	........5...f...........$.......
13700	3d 0d 00 00 b4 02 00 00 a7 0d 00 00 3e 02 00 00 bc 09 00 00 ce 01 00 00 c1 0a 00 00 71 00 00 00	=...........>...............q...
13720	28 06 00 00 29 10 00 00 30 0c 00 00 ac 09 00 00 30 10 00 00 ac 05 00 00 4c 06 00 00 e7 07 00 00	(...)...0.......0.......L.......
13740	4f 0d 00 00 00 00 00 00 7b 09 00 00 00 00 00 00 75 10 00 00 04 07 00 00 00 00 00 00 48 0e 00 00	O.......{.......u...........H...
13760	1f 11 00 00 4a 0c 00 00 00 00 00 00 9d 00 00 00 ce 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00	....J...........................
13780	d9 09 00 00 00 02 00 00 78 07 00 00 00 00 00 00 84 09 00 00 ff 0b 00 00 00 00 00 00 00 00 00 00	........x.......................
137a0	00 00 00 00 22 0b 00 00 8d 04 00 00 aa 06 00 00 d7 06 00 00 47 0c 00 00 2d 0f 00 00 0a 0a 00 00	...."...............G...-.......
137c0	00 00 00 00 69 0c 00 00 8e 01 00 00 c5 06 00 00 00 00 00 00 14 09 00 00 00 00 00 00 00 00 00 00	....i...........................
137e0	6e 02 00 00 39 0d 00 00 ba 0e 00 00 21 0e 00 00 25 02 00 00 db 02 00 00 8b 10 00 00 59 0b 00 00	n...9.......!...%...........Y...
13800	6e 06 00 00 92 03 00 00 a3 03 00 00 2b 11 00 00 3a 0a 00 00 76 05 00 00 63 00 00 00 6c 03 00 00	n...........+...:...v...c...l...
13820	54 06 00 00 90 01 00 00 00 00 00 00 00 00 00 00 f4 06 00 00 15 10 00 00 00 00 00 00 39 09 00 00	T...........................9...
13840	e5 06 00 00 95 0f 00 00 a5 06 00 00 66 0e 00 00 00 00 00 00 b4 0b 00 00 00 00 00 00 00 00 00 00	............f...................
13860	00 00 00 00 d6 0d 00 00 94 0d 00 00 03 11 00 00 23 0f 00 00 ba 02 00 00 00 00 00 00 00 00 00 00	................#...............
13880	47 01 00 00 00 00 00 00 08 04 00 00 27 10 00 00 45 0b 00 00 00 00 00 00 c7 05 00 00 d6 0f 00 00	G...........'...E...............
138a0	2a 03 00 00 c2 05 00 00 61 02 00 00 48 0c 00 00 00 00 00 00 00 00 00 00 97 0c 00 00 00 00 00 00	*.......a...H...................
138c0	80 0b 00 00 00 00 00 00 6a 02 00 00 aa 01 00 00 a0 00 00 00 17 04 00 00 63 0c 00 00 00 00 00 00	........j...............c.......
138e0	b6 07 00 00 28 09 00 00 c6 0d 00 00 00 00 00 00 0d 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00	....(...........................
13900	74 01 00 00 a4 02 00 00 29 04 00 00 00 00 00 00 88 03 00 00 2c 10 00 00 82 0a 00 00 1f 01 00 00	t.......)...........,...........
13920	31 10 00 00 fa 00 00 00 1f 09 00 00 00 00 00 00 46 0d 00 00 00 00 00 00 4f 0e 00 00 8a 01 00 00	1...............F.......O.......
13940	25 0f 00 00 64 0d 00 00 00 00 00 00 35 09 00 00 e6 04 00 00 2b 06 00 00 a2 02 00 00 00 00 00 00	%...d.......5.......+...........
13960	00 00 00 00 7f 01 00 00 21 0b 00 00 c5 02 00 00 96 00 00 00 b7 06 00 00 00 00 00 00 cb 07 00 00	........!.......................
13980	23 02 00 00 45 03 00 00 51 09 00 00 00 00 00 00 3b 0f 00 00 00 00 00 00 a9 08 00 00 97 0d 00 00	#...E...Q.......;...............
139a0	e6 06 00 00 3a 0f 00 00 ff 00 00 00 00 00 00 00 0b 05 00 00 00 00 00 00 92 06 00 00 dd 0e 00 00	....:...........................
139c0	ca 01 00 00 00 00 00 00 00 00 00 00 88 0a 00 00 06 00 00 00 00 00 00 00 c6 09 00 00 00 00 00 00	................................
139e0	60 0d 00 00 73 00 00 00 67 02 00 00 81 10 00 00 ec 07 00 00 d3 0e 00 00 00 09 00 00 53 10 00 00	`...s...g...................S...
13a00	70 10 00 00 d7 0a 00 00 fa 01 00 00 19 0b 00 00 00 00 00 00 49 03 00 00 fb 06 00 00 89 08 00 00	p...................I...........
13a20	46 03 00 00 e9 08 00 00 cc 00 00 00 ae 0f 00 00 ee 0b 00 00 8c 06 00 00 72 03 00 00 00 00 00 00	F.......................r.......
13a40	4e 0f 00 00 d4 02 00 00 ba 08 00 00 80 00 00 00 e4 0a 00 00 1f 08 00 00 85 02 00 00 7a 01 00 00	N...........................z...
13a60	a3 0e 00 00 c1 0e 00 00 f9 00 00 00 f3 03 00 00 40 11 00 00 d5 0f 00 00 46 08 00 00 00 00 00 00	................@.......F.......
13a80	00 00 00 00 00 00 00 00 e7 0b 00 00 00 00 00 00 e6 0f 00 00 07 0f 00 00 77 0c 00 00 27 06 00 00	........................w...'...
13aa0	dd 0d 00 00 00 00 00 00 8a 0c 00 00 19 04 00 00 47 0d 00 00 33 0d 00 00 32 11 00 00 00 00 00 00	................G...3...2.......
13ac0	a7 03 00 00 7d 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bf 0f 00 00 00 00 00 00	....}...........................
13ae0	5d 00 00 00 00 00 00 00 7c 0d 00 00 00 00 00 00 00 00 00 00 b9 06 00 00 00 00 00 00 c7 07 00 00	].......|.......................
13b00	c4 03 00 00 00 00 00 00 00 00 00 00 5f 08 00 00 f3 04 00 00 ae 06 00 00 00 00 00 00 c4 04 00 00	............_...................
13b20	23 0c 00 00 2d 00 00 00 00 00 00 00 f7 04 00 00 dc 0a 00 00 29 07 00 00 c5 0e 00 00 00 00 00 00	#...-...............)...........
13b40	10 0e 00 00 e9 01 00 00 00 00 00 00 4d 0e 00 00 4f 02 00 00 26 04 00 00 dc 04 00 00 35 10 00 00	............M...O...&.......5...
13b60	c6 08 00 00 da 06 00 00 13 03 00 00 ab 04 00 00 b1 01 00 00 a6 0d 00 00 92 0f 00 00 00 00 00 00	................................
13b80	8d 0f 00 00 e8 0d 00 00 2e 07 00 00 77 0f 00 00 f5 08 00 00 82 0e 00 00 00 00 00 00 43 0d 00 00	............w...............C...
13ba0	be 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 12 08 00 00 8a 07 00 00 00 00 00 00 9c 07 00 00	................................
13bc0	ef 06 00 00 00 00 00 00 88 0d 00 00 4a 0b 00 00 00 00 00 00 00 00 00 00 38 10 00 00 00 00 00 00	............J...........8.......
13be0	a0 04 00 00 c9 0f 00 00 6e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5c 04 00 00 e9 0d 00 00	........n...............\.......
13c00	00 00 00 00 96 09 00 00 00 00 00 00 00 00 00 00 1e 0f 00 00 db 01 00 00 00 00 00 00 23 05 00 00	............................#...
13c20	00 00 00 00 00 00 00 00 3f 08 00 00 3b 0b 00 00 57 01 00 00 05 0a 00 00 03 02 00 00 4f 00 00 00	........?...;...W...........O...
13c40	00 00 00 00 24 06 00 00 46 00 00 00 00 00 00 00 54 04 00 00 21 0f 00 00 00 00 00 00 40 0a 00 00	....$...F.......T...!.......@...
13c60	bf 05 00 00 00 00 00 00 03 05 00 00 ef 02 00 00 83 06 00 00 d4 00 00 00 6d 0d 00 00 43 0b 00 00	........................m...C...
13c80	c1 0c 00 00 4b 09 00 00 c8 08 00 00 45 09 00 00 00 00 00 00 84 01 00 00 79 00 00 00 8e 0d 00 00	....K.......E...........y.......
13ca0	00 00 00 00 9e 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e6 05 00 00 1a 00 00 00 c1 10 00 00	................................
13cc0	00 00 00 00 52 06 00 00 74 06 00 00 00 00 00 00 00 00 00 00 b0 0d 00 00 0c 04 00 00 29 0a 00 00	....R...t...................)...
13ce0	b5 0e 00 00 c5 08 00 00 97 09 00 00 30 04 00 00 7f 05 00 00 39 0c 00 00 b6 09 00 00 00 00 00 00	............0.......9...........
13d00	30 0e 00 00 75 07 00 00 95 10 00 00 00 00 00 00 ef 0d 00 00 1f 0c 00 00 43 0e 00 00 b0 08 00 00	0...u...................C.......
13d20	00 00 00 00 00 00 00 00 97 0b 00 00 38 04 00 00 32 08 00 00 f4 0e 00 00 cc 05 00 00 00 00 00 00	............8...2...............
13d40	48 04 00 00 b2 08 00 00 05 0b 00 00 30 03 00 00 69 0e 00 00 64 04 00 00 00 00 00 00 31 04 00 00	H...........0...i...d.......1...
13d60	6c 04 00 00 00 00 00 00 6a 05 00 00 f1 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	l.......j.......................
13d80	00 00 00 00 f3 05 00 00 15 06 00 00 b7 0a 00 00 e2 03 00 00 cc 0c 00 00 26 0e 00 00 00 00 00 00	........................&.......
13da0	84 0d 00 00 b3 09 00 00 00 00 00 00 00 00 00 00 9e 0f 00 00 d0 07 00 00 00 00 00 00 f0 10 00 00	................................
13dc0	ad 03 00 00 16 09 00 00 0a 0c 00 00 b4 08 00 00 c1 02 00 00 64 0e 00 00 8f 06 00 00 5b 01 00 00	....................d.......[...
13de0	2d 01 00 00 bc 0a 00 00 67 06 00 00 1a 07 00 00 1c 0d 00 00 fa 0f 00 00 9a 0a 00 00 74 02 00 00	-.......g...................t...
13e00	4d 07 00 00 98 0d 00 00 00 00 00 00 81 04 00 00 9b 0c 00 00 00 00 00 00 d0 0d 00 00 e4 0d 00 00	M...............................
13e20	dd 0c 00 00 00 00 00 00 f0 0f 00 00 da 07 00 00 1c 09 00 00 75 06 00 00 31 0f 00 00 36 09 00 00	....................u...1...6...
13e40	74 0b 00 00 ae 08 00 00 28 0b 00 00 86 0c 00 00 81 03 00 00 5e 0f 00 00 10 04 00 00 0e 09 00 00	t.......(...........^...........
13e60	f5 04 00 00 43 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bf 10 00 00 ca 0e 00 00 00 00 00 00	....C...........................
13e80	d2 02 00 00 b7 10 00 00 51 05 00 00 2d 0b 00 00 9d 05 00 00 36 10 00 00 b1 03 00 00 9f 07 00 00	........Q...-.......6...........
13ea0	d0 0c 00 00 1e 01 00 00 a9 01 00 00 20 00 00 00 90 00 00 00 82 0d 00 00 9a 10 00 00 28 0e 00 00	............................(...
13ec0	da 0f 00 00 3d 00 00 00 00 00 00 00 1b 0f 00 00 d3 03 00 00 bc 02 00 00 69 04 00 00 00 00 00 00	....=...................i.......
13ee0	b6 00 00 00 30 11 00 00 91 0d 00 00 00 00 00 00 87 04 00 00 00 00 00 00 88 07 00 00 bd 01 00 00	....0...........................
13f00	00 00 00 00 6f 04 00 00 00 00 00 00 8b 0c 00 00 48 00 00 00 17 0a 00 00 41 04 00 00 f4 02 00 00	....o...........H.......A.......
13f20	55 00 00 00 00 00 00 00 23 00 00 00 c7 03 00 00 4f 01 00 00 ba 06 00 00 e5 10 00 00 51 10 00 00	U.......#.......O...........Q...
13f40	00 00 00 00 6b 0e 00 00 69 0d 00 00 0e 08 00 00 00 00 00 00 a4 07 00 00 c0 06 00 00 17 03 00 00	....k...i.......................
13f60	ca 06 00 00 44 06 00 00 29 03 00 00 00 00 00 00 fb 04 00 00 00 00 00 00 91 00 00 00 76 0b 00 00	....D...)...................v...
13f80	4d 0b 00 00 f2 07 00 00 ad 0c 00 00 18 0b 00 00 cb 00 00 00 24 09 00 00 00 00 00 00 55 0a 00 00	M...................$.......U...
13fa0	2a 08 00 00 80 01 00 00 fc 09 00 00 47 07 00 00 3a 03 00 00 ad 02 00 00 9b 0b 00 00 a5 0f 00 00	*...........G...:...............
13fc0	00 00 00 00 08 0e 00 00 dd 01 00 00 00 00 00 00 2c 05 00 00 b3 0c 00 00 e0 02 00 00 1b 04 00 00	................,...............
13fe0	00 00 00 00 87 06 00 00 e6 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 63 0e 00 00 f6 0a 00 00	........................c.......
14000	f8 01 00 00 cd 07 00 00 ac 0c 00 00 e3 0d 00 00 0d 09 00 00 c3 0f 00 00 ea 07 00 00 f3 08 00 00	................................
14020	36 07 00 00 00 00 00 00 00 00 00 00 6b 08 00 00 00 00 00 00 69 06 00 00 00 00 00 00 ec 01 00 00	6...........k.......i...........
14040	61 06 00 00 2c 03 00 00 b0 0a 00 00 86 06 00 00 00 00 00 00 00 00 00 00 3d 0e 00 00 89 0a 00 00	a...,...................=.......
14060	2e 0a 00 00 00 00 00 00 4c 05 00 00 4f 0b 00 00 ed 07 00 00 00 00 00 00 4a 00 00 00 40 0e 00 00	........L...O...........J...@...
14080	90 0c 00 00 15 08 00 00 77 06 00 00 0e 05 00 00 d4 0e 00 00 00 00 00 00 ff 0c 00 00 00 00 00 00	........w.......................
140a0	f3 0d 00 00 cf 0e 00 00 00 00 00 00 2b 04 00 00 bf 02 00 00 cb 09 00 00 da 02 00 00 e3 10 00 00	............+...................
140c0	44 03 00 00 47 03 00 00 05 00 00 00 00 00 00 00 00 00 00 00 68 07 00 00 0f 07 00 00 00 00 00 00	D...G...............h...........
140e0	7e 0a 00 00 00 00 00 00 55 03 00 00 75 05 00 00 00 00 00 00 00 00 00 00 c2 06 00 00 e1 0b 00 00	~.......U...u...................
14100	f5 0e 00 00 a3 00 00 00 00 00 00 00 00 00 00 00 ef 09 00 00 df 04 00 00 af 07 00 00 66 01 00 00	............................f...
14120	f2 0f 00 00 76 07 00 00 42 0b 00 00 00 00 00 00 0a 04 00 00 03 0c 00 00 5a 06 00 00 e4 03 00 00	....v...B...............Z.......
14140	4b 0f 00 00 00 00 00 00 00 00 00 00 7f 0e 00 00 fc 0d 00 00 00 00 00 00 2f 11 00 00 6a 0d 00 00	K......................./...j...
14160	5c 0e 00 00 00 00 00 00 60 0c 00 00 08 00 00 00 8c 08 00 00 50 0a 00 00 87 10 00 00 62 0f 00 00	\.......`...........P.......b...
14180	ad 04 00 00 12 00 00 00 1e 04 00 00 92 04 00 00 bc 0c 00 00 de 07 00 00 00 00 00 00 75 08 00 00	............................u...
141a0	31 03 00 00 dc 03 00 00 84 07 00 00 4b 08 00 00 00 00 00 00 8e 0e 00 00 62 00 00 00 1e 05 00 00	1...........K...........b.......
141c0	aa 07 00 00 b5 06 00 00 00 00 00 00 00 00 00 00 69 0b 00 00 00 00 00 00 d1 07 00 00 f3 0f 00 00	................i...............
141e0	41 0a 00 00 06 0e 00 00 25 0c 00 00 ee 0f 00 00 00 00 00 00 78 09 00 00 00 00 00 00 e5 09 00 00	A.......%...........x...........
14200	f2 0e 00 00 df 10 00 00 ca 04 00 00 b2 09 00 00 87 07 00 00 c5 04 00 00 10 08 00 00 00 00 00 00	................................
14220	d3 0a 00 00 50 05 00 00 77 01 00 00 7f 0c 00 00 a1 0c 00 00 38 06 00 00 a2 0a 00 00 00 00 00 00	....P...w...........8...........
14240	00 00 00 00 a6 0e 00 00 59 0e 00 00 bf 0e 00 00 4c 01 00 00 00 00 00 00 00 00 00 00 30 0a 00 00	........Y.......L...........0...
14260	a4 03 00 00 75 03 00 00 00 00 00 00 b3 02 00 00 1a 0b 00 00 f5 0c 00 00 1e 00 00 00 e1 01 00 00	....u...........................
14280	c6 02 00 00 00 00 00 00 1a 10 00 00 ea 05 00 00 87 05 00 00 00 00 00 00 c9 06 00 00 00 00 00 00	................................
142a0	b0 0f 00 00 00 00 00 00 e1 0c 00 00 82 02 00 00 79 03 00 00 32 05 00 00 00 00 00 00 4a 08 00 00	................y...2.......J...
142c0	e3 06 00 00 00 00 00 00 08 0f 00 00 68 02 00 00 00 00 00 00 33 06 00 00 84 0f 00 00 b6 08 00 00	............h.......3...........
142e0	76 09 00 00 85 05 00 00 e6 0a 00 00 8f 05 00 00 53 09 00 00 ff 09 00 00 a0 10 00 00 39 04 00 00	v...............S...........9...
14300	00 00 00 00 82 00 00 00 c5 0a 00 00 00 00 00 00 80 0c 00 00 ba 01 00 00 1b 0b 00 00 6f 03 00 00	............................o...
14320	2d 07 00 00 1b 0e 00 00 fd 0d 00 00 00 00 00 00 f4 0d 00 00 39 0e 00 00 00 00 00 00 ac 0e 00 00	-...................9...........
14340	00 00 00 00 87 01 00 00 9d 04 00 00 17 11 00 00 30 00 00 00 5e 08 00 00 d0 0f 00 00 41 10 00 00	................0...^.......A...
14360	51 06 00 00 38 0e 00 00 f5 05 00 00 f4 09 00 00 7e 08 00 00 c5 09 00 00 58 0f 00 00 b9 02 00 00	Q...8...........~.......X.......
14380	52 0d 00 00 46 0c 00 00 58 0a 00 00 00 00 00 00 d9 01 00 00 00 00 00 00 91 0b 00 00 00 00 00 00	R...F...X.......................
143a0	e0 03 00 00 e3 03 00 00 e0 0d 00 00 cf 06 00 00 00 00 00 00 47 05 00 00 6a 01 00 00 ee 05 00 00	....................G...j.......
143c0	15 0a 00 00 80 0d 00 00 02 00 00 00 b2 06 00 00 00 00 00 00 55 0f 00 00 00 00 00 00 04 0f 00 00	....................U...........
143e0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 46 0e 00 00 f0 0d 00 00 13 0f 00 00 76 00 00 00	................F...........v...
14400	81 0a 00 00 0c 02 00 00 7f 04 00 00 d3 0b 00 00 53 03 00 00 16 11 00 00 c1 04 00 00 00 00 00 00	................S...............
14420	ad 07 00 00 78 0e 00 00 04 10 00 00 00 00 00 00 86 0b 00 00 d3 01 00 00 75 04 00 00 64 09 00 00	....x...................u...d...
14440	7e 0b 00 00 29 05 00 00 00 00 00 00 c2 04 00 00 f2 0d 00 00 00 00 00 00 00 00 00 00 85 06 00 00	~...)...........................
14460	00 00 00 00 00 00 00 00 09 11 00 00 b4 06 00 00 5b 0e 00 00 86 08 00 00 00 00 00 00 91 09 00 00	................[...............
14480	57 05 00 00 00 00 00 00 87 0b 00 00 b4 10 00 00 01 09 00 00 74 08 00 00 00 00 00 00 00 00 00 00	W...................t...........
144a0	b1 0c 00 00 c0 08 00 00 d8 0d 00 00 c9 08 00 00 48 05 00 00 00 00 00 00 6f 10 00 00 5a 07 00 00	................H.......o...Z...
144c0	76 0a 00 00 ec 02 00 00 b9 0f 00 00 7a 08 00 00 00 00 00 00 24 00 00 00 65 09 00 00 b4 01 00 00	v...........z.......$...e.......
144e0	e2 10 00 00 90 0b 00 00 00 00 00 00 db 06 00 00 16 00 00 00 00 00 00 00 a0 03 00 00 02 05 00 00	................................
14500	41 07 00 00 30 0f 00 00 d5 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a4 0a 00 00 d4 05 00 00	A...0...........................
14520	00 00 00 00 99 0d 00 00 75 0d 00 00 00 00 00 00 3f 10 00 00 00 00 00 00 00 00 00 00 21 10 00 00	........u.......?...........!...
14540	7d 00 00 00 00 00 00 00 04 06 00 00 00 00 00 00 b2 0e 00 00 62 05 00 00 66 05 00 00 66 00 00 00	}...................b...f...f...
14560	42 03 00 00 00 00 00 00 7e 09 00 00 fd 07 00 00 00 00 00 00 83 0f 00 00 00 00 00 00 95 02 00 00	B.......~.......................
14580	9f 00 00 00 24 0c 00 00 00 00 00 00 00 00 00 00 5a 00 00 00 16 02 00 00 4e 03 00 00 9c 10 00 00	....$...........Z.......N.......
145a0	04 02 00 00 20 0c 00 00 69 10 00 00 06 05 00 00 d9 0e 00 00 a2 0d 00 00 a5 02 00 00 23 0d 00 00	........i...................#...
145c0	56 03 00 00 c2 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 0e 00 00 a6 0c 00 00 05 09 00 00	V...............................
145e0	20 0b 00 00 4e 10 00 00 19 11 00 00 97 07 00 00 b6 0c 00 00 00 00 00 00 01 0e 00 00 3c 0d 00 00	....N.......................<...
14600	29 0b 00 00 4c 02 00 00 7e 06 00 00 00 00 00 00 1c 04 00 00 77 07 00 00 82 05 00 00 0e 07 00 00	)...L...~...........w...........
14620	00 00 00 00 7b 04 00 00 cb 0c 00 00 8e 0b 00 00 fc 06 00 00 2f 0c 00 00 93 10 00 00 14 11 00 00	....{.............../...........
14640	00 00 00 00 91 0c 00 00 00 00 00 00 1d 03 00 00 f6 0e 00 00 63 06 00 00 3d 05 00 00 00 00 00 00	....................c...=.......
14660	f8 0c 00 00 ee 01 00 00 bb 10 00 00 00 00 00 00 c4 09 00 00 3e 0b 00 00 dc 0c 00 00 10 00 00 00	....................>...........
14680	fd 08 00 00 7d 05 00 00 f1 0f 00 00 c9 0d 00 00 89 05 00 00 b7 0c 00 00 08 07 00 00 e6 03 00 00	....}...........................
146a0	63 0d 00 00 a9 10 00 00 12 0f 00 00 00 00 00 00 2a 07 00 00 9c 0e 00 00 9e 0e 00 00 00 00 00 00	c...............*...............
146c0	63 08 00 00 77 0b 00 00 d1 09 00 00 f2 09 00 00 34 10 00 00 12 0d 00 00 88 05 00 00 dc 0e 00 00	c...w...........4...............
146e0	a1 0f 00 00 11 06 00 00 00 00 00 00 4d 02 00 00 f8 10 00 00 00 00 00 00 64 08 00 00 bb 04 00 00	............M...........d.......
14700	8f 0f 00 00 09 09 00 00 56 04 00 00 ca 03 00 00 84 00 00 00 d2 0a 00 00 00 00 00 00 4a 09 00 00	........V...................J...
14720	66 04 00 00 00 00 00 00 f6 08 00 00 00 00 00 00 00 00 00 00 7b 0d 00 00 49 10 00 00 58 0b 00 00	f...................{...I...X...
14740	e5 07 00 00 dd 0b 00 00 0e 03 00 00 32 02 00 00 c3 0d 00 00 00 00 00 00 38 0a 00 00 00 00 00 00	............2...........8.......
14760	00 00 00 00 01 02 00 00 1d 00 00 00 aa 03 00 00 c9 0b 00 00 00 00 00 00 8a 0d 00 00 7b 00 00 00	............................{...
14780	3e 01 00 00 fe 07 00 00 e2 0b 00 00 64 10 00 00 7e 0d 00 00 e4 06 00 00 65 00 00 00 6f 08 00 00	>...........d...~.......e...o...
147a0	cb 05 00 00 ee 08 00 00 71 0a 00 00 00 00 00 00 eb 0a 00 00 00 00 00 00 3f 09 00 00 00 00 00 00	........q...............?.......
147c0	61 0e 00 00 49 0b 00 00 53 01 00 00 00 00 00 00 ea 04 00 00 00 00 00 00 00 00 00 00 02 06 00 00	a...I...S.......................
147e0	45 06 00 00 1e 06 00 00 00 00 00 00 91 0f 00 00 5f 07 00 00 51 0d 00 00 5f 0b 00 00 89 02 00 00	E..............._...Q..._.......
14800	00 00 00 00 00 00 00 00 02 0d 00 00 00 00 00 00 99 01 00 00 7a 0c 00 00 00 00 00 00 00 00 00 00	....................z...........
14820	65 04 00 00 73 0d 00 00 00 00 00 00 59 02 00 00 e6 0b 00 00 a7 0f 00 00 00 00 00 00 00 00 00 00	e...s.......Y...................
14840	00 00 00 00 01 01 00 00 a5 10 00 00 02 11 00 00 37 00 00 00 33 01 00 00 03 08 00 00 b3 10 00 00	................7...3...........
14860	7a 0d 00 00 1c 0f 00 00 00 00 00 00 12 03 00 00 a7 09 00 00 96 04 00 00 0b 0f 00 00 29 06 00 00	z...........................)...
14880	18 02 00 00 ff 0f 00 00 30 0b 00 00 bb 0d 00 00 4d 06 00 00 a2 0b 00 00 b7 09 00 00 f9 06 00 00	........0.......M...............
148a0	fb 0b 00 00 00 00 00 00 73 04 00 00 8b 0f 00 00 0e 0e 00 00 00 00 00 00 33 07 00 00 00 00 00 00	........s...............3.......
148c0	18 0d 00 00 b8 10 00 00 00 00 00 00 3f 07 00 00 49 09 00 00 ae 0d 00 00 8b 0a 00 00 11 10 00 00	............?...I...............
148e0	ed 0b 00 00 ae 03 00 00 ac 10 00 00 ea 0e 00 00 46 04 00 00 f7 0a 00 00 9b 10 00 00 00 00 00 00	................F...............
14900	e1 00 00 00 76 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 62 03 00 00 cd 03 00 00 7f 02 00 00	....v...............b...........
14920	f7 03 00 00 00 00 00 00 00 0c 00 00 6f 0f 00 00 00 00 00 00 fc 0c 00 00 00 00 00 00 df 09 00 00	............o...................
14940	14 0c 00 00 71 0e 00 00 00 00 00 00 be 0d 00 00 58 07 00 00 00 00 00 00 a6 03 00 00 00 00 00 00	....q...........X...............
14960	00 00 00 00 0b 0a 00 00 d9 03 00 00 ca 09 00 00 00 00 00 00 35 06 00 00 ea 0f 00 00 00 00 00 00	....................5...........
14980	c7 01 00 00 47 0e 00 00 fd 0c 00 00 e9 09 00 00 00 00 00 00 00 00 00 00 ed 0d 00 00 0a 0b 00 00	....G...........................
149a0	0f 03 00 00 00 00 00 00 3e 06 00 00 5b 0d 00 00 d8 08 00 00 00 00 00 00 70 00 00 00 00 00 00 00	........>...[...........p.......
149c0	fc 05 00 00 00 00 00 00 b6 0d 00 00 00 00 00 00 de 05 00 00 9e 02 00 00 1d 11 00 00 00 00 00 00	................................
149e0	00 00 00 00 d0 10 00 00 00 00 00 00 d6 08 00 00 b1 07 00 00 1b 10 00 00 53 08 00 00 67 0b 00 00	........................S...g...
14a00	95 00 00 00 b6 04 00 00 1f 03 00 00 6a 00 00 00 7f 09 00 00 fd 06 00 00 d6 03 00 00 90 0e 00 00	............j...................
14a20	00 00 00 00 00 00 00 00 00 00 00 00 e8 10 00 00 8e 04 00 00 98 03 00 00 88 06 00 00 98 04 00 00	................................
14a40	98 00 00 00 e0 0f 00 00 0a 0e 00 00 00 00 00 00 40 04 00 00 a6 02 00 00 1f 07 00 00 bc 10 00 00	................@...............
14a60	ba 0a 00 00 66 0c 00 00 7e 10 00 00 00 00 00 00 b8 0f 00 00 c0 02 00 00 5d 10 00 00 f7 0d 00 00	....f...~...............].......
14a80	3b 00 00 00 9a 0f 00 00 12 0c 00 00 c6 01 00 00 d3 0f 00 00 e9 0b 00 00 04 04 00 00 3e 08 00 00	;...........................>...
14aa0	99 10 00 00 9c 05 00 00 27 02 00 00 f6 01 00 00 7c 00 00 00 7d 0a 00 00 00 00 00 00 00 00 00 00	........'.......|...}...........
14ac0	96 0a 00 00 6c 01 00 00 2a 01 00 00 25 03 00 00 17 08 00 00 00 00 00 00 a9 02 00 00 37 09 00 00	....l...*...%...............7...
14ae0	89 01 00 00 be 08 00 00 3d 0b 00 00 00 00 00 00 37 08 00 00 e3 0a 00 00 c9 03 00 00 19 06 00 00	........=.......7...............
14b00	ef 0b 00 00 00 00 00 00 cc 08 00 00 a7 08 00 00 ca 0d 00 00 5f 0a 00 00 00 00 00 00 03 0d 00 00	...................._...........
14b20	09 04 00 00 13 0b 00 00 51 02 00 00 b2 0f 00 00 00 00 00 00 ee 07 00 00 04 0a 00 00 26 07 00 00	........Q...................&...
14b40	1e 11 00 00 d0 01 00 00 00 00 00 00 c1 09 00 00 02 03 00 00 cf 08 00 00 92 0e 00 00 b2 02 00 00	................................
14b60	be 0e 00 00 b4 03 00 00 f6 0d 00 00 f9 0d 00 00 00 00 00 00 43 06 00 00 15 0f 00 00 00 00 00 00	....................C...........
14b80	c2 00 00 00 4e 07 00 00 e2 08 00 00 00 00 00 00 d2 04 00 00 30 09 00 00 00 00 00 00 0d 02 00 00	....N...............0...........
14ba0	b1 0a 00 00 9a 02 00 00 18 10 00 00 00 00 00 00 00 00 00 00 9c 0b 00 00 2a 0e 00 00 e5 0b 00 00	........................*.......
14bc0	d1 0d 00 00 00 00 00 00 42 09 00 00 1e 08 00 00 00 00 00 00 89 04 00 00 00 00 00 00 7c 04 00 00	........B...................|...
14be0	07 0e 00 00 46 01 00 00 ea 0c 00 00 00 00 00 00 7f 0a 00 00 72 0b 00 00 43 05 00 00 00 00 00 00	....F...............r...C.......
14c00	00 00 00 00 0a 07 00 00 00 00 00 00 2c 0e 00 00 35 08 00 00 ed 04 00 00 7a 03 00 00 00 00 00 00	............,...5.......z.......
14c20	00 00 00 00 48 0f 00 00 64 0c 00 00 9c 0a 00 00 1c 10 00 00 68 0a 00 00 5c 09 00 00 71 04 00 00	....H...d...........h...\...q...
14c40	0d 10 00 00 ae 10 00 00 32 0e 00 00 34 11 00 00 9b 09 00 00 3e 09 00 00 d4 03 00 00 0e 0d 00 00	........2...4.......>...........
14c60	9a 0d 00 00 e1 04 00 00 33 0a 00 00 00 00 00 00 00 00 00 00 a3 0c 00 00 9e 0d 00 00 b3 0e 00 00	........3.......................
14c80	e2 0e 00 00 00 00 00 00 00 00 00 00 d1 08 00 00 63 09 00 00 9f 0e 00 00 93 07 00 00 83 0e 00 00	................c...............
14ca0	db 03 00 00 dc 01 00 00 e8 09 00 00 19 00 00 00 bc 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
14cc0	04 11 00 00 a1 0a 00 00 78 00 00 00 0a 09 00 00 e4 01 00 00 16 01 00 00 3e 10 00 00 94 10 00 00	........x...............>.......
14ce0	06 0f 00 00 44 10 00 00 eb 01 00 00 00 00 00 00 15 00 00 00 53 04 00 00 8e 0f 00 00 3b 11 00 00	....D...............S.......;...
14d00	3a 0e 00 00 a0 07 00 00 93 0b 00 00 00 00 00 00 1b 06 00 00 8b 03 00 00 c1 06 00 00 09 02 00 00	:...............................
14d20	e0 07 00 00 9d 0b 00 00 11 0a 00 00 00 00 00 00 00 00 00 00 88 0b 00 00 ef 10 00 00 ca 0a 00 00	................................
14d40	00 00 00 00 a1 07 00 00 ee 0d 00 00 db 00 00 00 1b 00 00 00 00 00 00 00 c8 04 00 00 ee 06 00 00	................................
14d60	ae 04 00 00 00 00 00 00 c2 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f2 04 00 00 cd 0f 00 00	................................
14d80	c0 0f 00 00 00 00 00 00 49 0a 00 00 00 00 00 00 52 00 00 00 fe 06 00 00 64 05 00 00 53 0b 00 00	........I.......R.......d...S...
14da0	22 0e 00 00 5a 05 00 00 6e 0b 00 00 b8 0a 00 00 5c 06 00 00 da 03 00 00 90 05 00 00 39 05 00 00	"...Z...n.......\...........9...
14dc0	9c 03 00 00 1d 05 00 00 16 04 00 00 87 0e 00 00 9d 06 00 00 ce 0d 00 00 97 03 00 00 00 00 00 00	................................
14de0	00 00 00 00 d8 0c 00 00 00 00 00 00 39 01 00 00 00 00 00 00 cd 05 00 00 70 0c 00 00 00 00 00 00	............9...........p.......
14e00	64 07 00 00 93 01 00 00 bd 0e 00 00 bc 01 00 00 43 04 00 00 00 00 00 00 d1 01 00 00 a8 0f 00 00	d...............C...............
14e20	ed 10 00 00 00 00 00 00 81 09 00 00 80 07 00 00 00 00 00 00 2c 04 00 00 d9 0d 00 00 00 00 00 00	....................,...........
14e40	00 00 00 00 41 0e 00 00 29 11 00 00 00 00 00 00 be 01 00 00 e6 08 00 00 66 08 00 00 81 01 00 00	....A...)...............f.......
14e60	63 07 00 00 00 00 00 00 10 09 00 00 ab 06 00 00 33 05 00 00 00 00 00 00 8d 03 00 00 00 0a 00 00	c...............3...............
14e80	b9 03 00 00 e7 05 00 00 41 08 00 00 f5 0b 00 00 d4 0b 00 00 6d 07 00 00 12 0a 00 00 b6 10 00 00	........A...........m...........
14ea0	ca 07 00 00 0b 0d 00 00 f3 0e 00 00 19 01 00 00 8f 0e 00 00 54 0b 00 00 00 00 00 00 00 00 00 00	....................T...........
14ec0	00 00 00 00 c3 0c 00 00 76 0d 00 00 fb 10 00 00 00 00 00 00 34 06 00 00 c8 10 00 00 d4 10 00 00	........v...........4...........
14ee0	4c 03 00 00 00 00 00 00 9b 03 00 00 1c 0c 00 00 4d 10 00 00 3e 04 00 00 00 00 00 00 51 0b 00 00	L...............M...>.......Q...
14f00	11 0b 00 00 22 09 00 00 f9 01 00 00 d6 01 00 00 00 00 00 00 34 0d 00 00 00 00 00 00 70 0b 00 00	...."...............4.......p...
14f20	00 00 00 00 00 00 00 00 8e 0a 00 00 49 05 00 00 c9 10 00 00 41 11 00 00 d7 0d 00 00 00 00 00 00	............I.......A...........
14f40	a7 05 00 00 00 00 00 00 00 00 00 00 23 07 00 00 f9 03 00 00 fb 02 00 00 cb 01 00 00 00 00 00 00	............#...................
14f60	36 06 00 00 62 09 00 00 48 0a 00 00 8d 10 00 00 00 00 00 00 be 0c 00 00 00 00 00 00 54 07 00 00	6...b...H...................T...
14f80	41 00 00 00 b5 0b 00 00 56 08 00 00 00 00 00 00 00 00 00 00 d3 0d 00 00 41 03 00 00 78 02 00 00	A.......V...............A...x...
14fa0	be 02 00 00 9e 0c 00 00 00 00 00 00 e1 0a 00 00 00 00 00 00 f4 01 00 00 cf 03 00 00 85 0d 00 00	................................
14fc0	00 00 00 00 45 08 00 00 2c 0c 00 00 e8 05 00 00 92 0c 00 00 bf 01 00 00 89 0d 00 00 ff 0a 00 00	....E...,.......................
14fe0	7f 03 00 00 00 00 00 00 99 06 00 00 70 0e 00 00 27 07 00 00 2c 11 00 00 00 00 00 00 5a 10 00 00	............p...'...,.......Z...
15000	95 04 00 00 e1 03 00 00 d4 0c 00 00 d9 07 00 00 e3 02 00 00 eb 0c 00 00 6e 0c 00 00 92 0a 00 00	........................n.......
15020	28 08 00 00 00 00 00 00 51 0a 00 00 80 09 00 00 90 07 00 00 68 10 00 00 00 00 00 00 ad 01 00 00	(.......Q...........h...........
15040	b3 00 00 00 a9 0b 00 00 ef 0a 00 00 00 00 00 00 0f 00 00 00 34 04 00 00 ac 06 00 00 73 0a 00 00	....................4.......s...
15060	00 00 00 00 db 0f 00 00 74 10 00 00 bd 08 00 00 ef 0c 00 00 55 07 00 00 e8 08 00 00 00 00 00 00	........t...........U...........
15080	6a 06 00 00 3b 0d 00 00 00 00 00 00 ed 0a 00 00 00 00 00 00 e3 0b 00 00 00 00 00 00 ff 08 00 00	j...;...........................
150a0	7e 03 00 00 95 0d 00 00 f9 0a 00 00 c4 01 00 00 3f 11 00 00 00 00 00 00 20 0e 00 00 13 04 00 00	~...............?...............
150c0	00 00 00 00 b6 0b 00 00 00 00 00 00 00 00 00 00 ea 0b 00 00 9e 07 00 00 81 0b 00 00 10 0d 00 00	................................
150e0	00 00 00 00 00 00 00 00 00 00 00 00 bd 05 00 00 08 03 00 00 00 00 00 00 8c 01 00 00 bb 05 00 00	................................
15100	24 07 00 00 95 06 00 00 06 04 00 00 00 00 00 00 62 0d 00 00 e9 0f 00 00 00 00 00 00 3f 0d 00 00	$...............b...........?...
15120	00 00 00 00 00 00 00 00 13 05 00 00 00 00 00 00 7f 10 00 00 00 00 00 00 1a 11 00 00 27 03 00 00	............................'...
15140	d2 06 00 00 31 0a 00 00 93 02 00 00 32 00 00 00 00 00 00 00 f7 01 00 00 d2 0f 00 00 6d 01 00 00	....1.......2...............m...
15160	00 00 00 00 33 0e 00 00 00 00 00 00 94 01 00 00 00 00 00 00 00 00 00 00 dd 04 00 00 e1 0f 00 00	....3...........................
15180	e4 05 00 00 cf 0b 00 00 37 01 00 00 2e 0f 00 00 53 00 00 00 00 00 00 00 37 06 00 00 84 06 00 00	........7.......S.......7.......
151a0	98 07 00 00 6e 0f 00 00 00 00 00 00 c8 03 00 00 65 0c 00 00 0b 03 00 00 b7 03 00 00 42 10 00 00	....n...........e...........B...
151c0	ce 0b 00 00 70 04 00 00 38 08 00 00 d3 0c 00 00 1e 09 00 00 00 00 00 00 c0 03 00 00 74 09 00 00	....p...8...................t...
151e0	07 0c 00 00 00 00 00 00 7d 09 00 00 e3 00 00 00 35 0e 00 00 76 06 00 00 00 00 00 00 00 00 00 00	........}.......5...v...........
15200	88 02 00 00 ab 0a 00 00 c9 0e 00 00 00 00 00 00 6e 04 00 00 fe 03 00 00 a0 0d 00 00 cd 06 00 00	................n...............
15220	20 0d 00 00 f3 09 00 00 00 00 00 00 00 00 00 00 ed 02 00 00 52 02 00 00 2b 00 00 00 fc 0a 00 00	....................R...+.......
15240	48 10 00 00 a7 04 00 00 c0 05 00 00 84 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	H...............................
15260	00 00 00 00 00 00 00 00 d5 0b 00 00 99 05 00 00 a1 01 00 00 8d 07 00 00 7e 0c 00 00 10 02 00 00	........................~.......
15280	63 0b 00 00 2c 09 00 00 ee 0a 00 00 d1 03 00 00 00 00 00 00 00 00 00 00 21 04 00 00 bb 09 00 00	c...,...................!.......
152a0	c2 0c 00 00 00 00 00 00 06 10 00 00 41 01 00 00 ac 01 00 00 00 00 00 00 42 0c 00 00 d5 08 00 00	............A...........B.......
152c0	96 0c 00 00 c5 10 00 00 f0 0c 00 00 ef 04 00 00 37 0f 00 00 2e 08 00 00 5c 02 00 00 3d 0f 00 00	................7.......\...=...
152e0	00 00 00 00 e4 04 00 00 cb 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5f 0e 00 00 4b 01 00 00	........................_...K...
15300	32 09 00 00 01 06 00 00 00 00 00 00 24 0b 00 00 00 00 00 00 4f 04 00 00 ce 0e 00 00 38 0f 00 00	2...........$.......O.......8...
15320	60 08 00 00 cf 0f 00 00 3f 01 00 00 f4 07 00 00 00 00 00 00 15 0b 00 00 00 00 00 00 1a 04 00 00	`.......?.......................
15340	00 00 00 00 97 0a 00 00 00 00 00 00 00 00 00 00 88 04 00 00 ff 01 00 00 8c 0c 00 00 06 0b 00 00	................................
15360	50 01 00 00 00 00 00 00 df 05 00 00 00 00 00 00 00 00 00 00 1c 03 00 00 b7 01 00 00 00 00 00 00	P...............................
15380	3c 03 00 00 00 00 00 00 2b 0b 00 00 45 0d 00 00 00 00 00 00 72 01 00 00 6e 0e 00 00 2b 0e 00 00	<.......+...E.......r...n...+...
153a0	00 00 00 00 0f 08 00 00 2b 0a 00 00 c4 0f 00 00 95 03 00 00 54 0f 00 00 a7 02 00 00 74 0a 00 00	........+...........T.......t...
153c0	ee 02 00 00 fb 09 00 00 00 00 00 00 4b 0b 00 00 f3 07 00 00 fc 01 00 00 81 07 00 00 40 02 00 00	............K...............@...
153e0	00 00 00 00 be 00 00 00 7a 09 00 00 cf 10 00 00 00 00 00 00 aa 0b 00 00 45 07 00 00 00 00 00 00	........z...............E.......
15400	d1 0f 00 00 e2 05 00 00 75 01 00 00 38 01 00 00 fd 09 00 00 41 0b 00 00 c3 04 00 00 ca 05 00 00	........u...8.......A...........
15420	8c 04 00 00 d0 09 00 00 3c 04 00 00 f6 0b 00 00 00 00 00 00 25 05 00 00 af 02 00 00 a4 01 00 00	........<...........%...........
15440	7c 07 00 00 2e 0c 00 00 00 00 00 00 b9 04 00 00 12 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00	|...............................
15460	f0 0a 00 00 52 10 00 00 34 05 00 00 c5 07 00 00 25 00 00 00 a8 02 00 00 43 03 00 00 00 00 00 00	....R...4.......%.......C.......
15480	00 00 00 00 f5 07 00 00 df 07 00 00 00 00 00 00 00 00 00 00 6b 01 00 00 ec 0f 00 00 00 00 00 00	....................k...........
154a0	00 00 00 00 0e 04 00 00 5b 05 00 00 5c 05 00 00 00 00 00 00 7a 0e 00 00 59 10 00 00 10 10 00 00	........[...\.......z...Y.......
154c0	fd 04 00 00 ed 03 00 00 00 00 00 00 d1 0a 00 00 00 00 00 00 00 00 00 00 99 00 00 00 a5 0b 00 00	................................
154e0	00 00 00 00 00 00 00 00 87 08 00 00 00 00 00 00 6b 09 00 00 00 00 00 00 ad 10 00 00 c6 10 00 00	................k...............
15500	44 0a 00 00 00 00 00 00 47 06 00 00 93 03 00 00 0b 02 00 00 fb 01 00 00 b0 04 00 00 de 01 00 00	D.......G.......................
15520	00 00 00 00 93 06 00 00 33 04 00 00 19 05 00 00 7e 02 00 00 40 0b 00 00 00 00 00 00 7e 04 00 00	........3.......~...@.......~...
15540	45 05 00 00 e9 07 00 00 00 00 00 00 a9 06 00 00 00 00 00 00 f6 0c 00 00 db 07 00 00 95 0e 00 00	E...............................
15560	58 06 00 00 af 06 00 00 0f 10 00 00 00 00 00 00 f7 05 00 00 7d 02 00 00 65 0a 00 00 94 0a 00 00	X...................}...e.......
15580	33 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 06 00 00	3...............................
155a0	2e 10 00 00 08 11 00 00 2a 05 00 00 6c 0e 00 00 00 00 00 00 00 00 00 00 22 0c 00 00 31 06 00 00	........*...l..........."...1...
155c0	8a 05 00 00 15 07 00 00 e0 0e 00 00 00 00 00 00 0a 01 00 00 27 0d 00 00 f6 03 00 00 40 06 00 00	....................'.......@...
155e0	00 00 00 00 ef 0f 00 00 aa 04 00 00 00 00 00 00 66 10 00 00 da 0a 00 00 42 00 00 00 00 00 00 00	................f.......B.......
15600	00 00 00 00 96 05 00 00 8e 06 00 00 ba 03 00 00 d0 08 00 00 00 00 00 00 00 00 00 00 4b 05 00 00	............................K...
15620	48 09 00 00 5a 0f 00 00 11 0e 00 00 00 00 00 00 02 04 00 00 00 00 00 00 c3 05 00 00 56 02 00 00	H...Z.......................V...
15640	6e 09 00 00 60 05 00 00 61 10 00 00 f5 10 00 00 00 00 00 00 0d 08 00 00 70 07 00 00 69 09 00 00	n...`...a...............p...i...
15660	00 00 00 00 00 00 00 00 f7 08 00 00 8e 09 00 00 55 0d 00 00 00 00 00 00 d5 03 00 00 10 0a 00 00	................U...............
15680	b8 03 00 00 5c 0b 00 00 20 11 00 00 00 00 00 00 17 05 00 00 35 11 00 00 57 0f 00 00 cd 09 00 00	....\...............5...W.......
156a0	00 00 00 00 7d 08 00 00 c6 0a 00 00 1e 0a 00 00 0c 0b 00 00 79 08 00 00 00 00 00 00 25 06 00 00	....}...............y.......%...
156c0	da 0d 00 00 2b 0d 00 00 00 00 00 00 9d 07 00 00 1b 0d 00 00 3a 0c 00 00 ad 06 00 00 fd 0a 00 00	....+...............:...........
156e0	aa 02 00 00 61 0c 00 00 01 11 00 00 a4 0b 00 00 12 06 00 00 6d 09 00 00 00 08 00 00 00 00 00 00	....a...............m...........
15700	c9 0c 00 00 af 03 00 00 00 00 00 00 92 10 00 00 54 0c 00 00 00 00 00 00 9e 09 00 00 00 00 00 00	................T...............
15720	60 09 00 00 67 0c 00 00 00 00 00 00 22 04 00 00 00 00 00 00 83 0d 00 00 38 0c 00 00 00 00 00 00	`...g......."...........8.......
15740	60 01 00 00 de 06 00 00 0c 09 00 00 72 10 00 00 9a 03 00 00 fb 0f 00 00 3a 10 00 00 9e 06 00 00	`...........r...........:.......
15760	8d 01 00 00 5f 00 00 00 2c 07 00 00 e9 0a 00 00 42 0f 00 00 00 00 00 00 00 00 00 00 25 0b 00 00	...._...,.......B...........%...
15780	2b 0c 00 00 bb 0f 00 00 96 0d 00 00 00 00 00 00 00 00 00 00 6a 0f 00 00 f8 0b 00 00 00 00 00 00	+...................j...........
157a0	73 02 00 00 d7 0e 00 00 37 04 00 00 00 00 00 00 a2 0f 00 00 18 05 00 00 91 02 00 00 00 00 00 00	s.......7.......................
157c0	d8 04 00 00 00 00 00 00 7d 03 00 00 ff 05 00 00 4c 08 00 00 00 00 00 00 dc 05 00 00 bc 05 00 00	........}.......L...............
157e0	64 01 00 00 13 09 00 00 7a 0b 00 00 8b 0d 00 00 79 02 00 00 ba 04 00 00 a3 02 00 00 00 00 00 00	d.......z.......y...............
15800	00 00 00 00 95 0b 00 00 e3 09 00 00 4b 0a 00 00 46 05 00 00 e9 05 00 00 67 05 00 00 e5 0d 00 00	............K...F.......g.......
15820	99 0a 00 00 65 08 00 00 2b 0f 00 00 71 08 00 00 00 00 00 00 ea 0d 00 00 b7 02 00 00 00 00 00 00	....e...+...q...................
15840	c8 0f 00 00 00 00 00 00 40 0f 00 00 78 0c 00 00 0e 0b 00 00 22 00 00 00 00 00 00 00 94 0b 00 00	........@...x......."...........
15860	40 08 00 00 cc 0b 00 00 b7 0e 00 00 4f 05 00 00 c7 0f 00 00 fc 10 00 00 00 00 00 00 f0 08 00 00	@...........O...................
15880	00 00 00 00 ca 10 00 00 b7 08 00 00 5f 0c 00 00 43 00 00 00 d2 08 00 00 1a 08 00 00 05 01 00 00	............_...C...............
158a0	86 01 00 00 d6 02 00 00 b3 07 00 00 33 0b 00 00 00 00 00 00 44 07 00 00 6c 08 00 00 ba 07 00 00	............3.......D...l.......
158c0	fc 07 00 00 01 05 00 00 86 0a 00 00 00 00 00 00 dc 09 00 00 cf 0a 00 00 1c 11 00 00 00 00 00 00	................................
158e0	cc 0f 00 00 44 08 00 00 97 00 00 00 b5 08 00 00 00 00 00 00 db 09 00 00 50 07 00 00 17 0b 00 00	....D...................P.......
15900	00 00 00 00 36 0a 00 00 01 0f 00 00 21 07 00 00 f7 0c 00 00 e8 04 00 00 84 0a 00 00 00 00 00 00	....6.......!...................
15920	26 03 00 00 00 00 00 00 56 0c 00 00 00 00 00 00 1b 0a 00 00 55 01 00 00 00 00 00 00 bb 0e 00 00	&.......V...........U...........
15940	6c 10 00 00 00 00 00 00 29 09 00 00 00 00 00 00 41 09 00 00 74 0f 00 00 cd 0e 00 00 37 10 00 00	l.......).......A...t.......7...
15960	00 00 00 00 07 01 00 00 5d 0f 00 00 f8 04 00 00 c2 0e 00 00 a9 05 00 00 00 00 00 00 64 00 00 00	........]...................d...
15980	fe 04 00 00 b2 01 00 00 57 0a 00 00 00 00 00 00 51 00 00 00 a4 0d 00 00 43 0f 00 00 18 03 00 00	........W.......Q.......C.......
159a0	5d 0c 00 00 00 00 00 00 1a 0f 00 00 0c 0a 00 00 00 00 00 00 80 08 00 00 00 00 00 00 bc 07 00 00	]...............................
159c0	bb 03 00 00 00 00 00 00 31 0d 00 00 b2 03 00 00 30 08 00 00 21 09 00 00 32 06 00 00 98 0c 00 00	........1.......0...!...2.......
159e0	00 00 00 00 79 06 00 00 00 00 00 00 aa 0a 00 00 c3 06 00 00 f9 07 00 00 29 08 00 00 65 0b 00 00	....y...................)...e...
15a00	9e 05 00 00 2a 0d 00 00 af 0f 00 00 ab 0b 00 00 12 0b 00 00 00 00 00 00 d8 01 00 00 00 00 00 00	....*...........................
15a20	d6 0b 00 00 84 03 00 00 00 00 00 00 a0 06 00 00 c7 0a 00 00 00 00 00 00 de 02 00 00 00 00 00 00	................................
15a40	db 0e 00 00 aa 0e 00 00 00 00 00 00 00 00 00 00 13 02 00 00 3d 02 00 00 57 00 00 00 e0 04 00 00	....................=...W.......
15a60	68 00 00 00 e8 0c 00 00 98 0e 00 00 94 0e 00 00 00 00 00 00 00 00 00 00 25 07 00 00 6a 0e 00 00	h.......................%...j...
15a80	23 01 00 00 9c 0d 00 00 08 01 00 00 55 04 00 00 39 02 00 00 3a 02 00 00 3b 02 00 00 00 00 00 00	#...........U...9...:...;.......
15aa0	00 00 00 00 00 00 00 00 31 01 00 00 0e 0f 00 00 f6 0f 00 00 85 00 00 00 00 00 00 00 f0 05 00 00	........1.......................
15ac0	67 10 00 00 7b 0c 00 00 5b 0b 00 00 f9 0c 00 00 36 02 00 00 37 02 00 00 38 02 00 00 be 0f 00 00	g...{...[.......6...7...8.......
15ae0	b2 10 00 00 3f 0e 00 00 b6 01 00 00 1f 02 00 00 f1 02 00 00 00 00 00 00 56 10 00 00 00 00 00 00	....?...................V.......
15b00	87 02 00 00 c0 0d 00 00 25 0e 00 00 00 00 00 00 33 02 00 00 34 02 00 00 35 02 00 00 00 00 00 00	........%.......3...4...5.......
15b20	71 0c 00 00 58 0c 00 00 00 00 00 00 3f 00 00 00 00 00 00 00 00 00 00 00 f6 09 00 00 73 09 00 00	q...X.......?...............s...
15b40	b0 06 00 00 d9 0f 00 00 cb 0b 00 00 98 06 00 00 df 0c 00 00 e6 10 00 00 19 0a 00 00 6b 07 00 00	............................k...
15b60	f4 0b 00 00 89 0e 00 00 b5 03 00 00 00 00 00 00 d9 10 00 00 c4 0b 00 00 da 10 00 00 00 00 00 00	................................
15b80	43 08 00 00 00 00 00 00 00 00 00 00 3b 08 00 00 01 0b 00 00 f5 03 00 00 93 0d 00 00 84 0c 00 00	C...........;...................
15ba0	c0 09 00 00 9c 00 00 00 00 00 00 00 0f 04 00 00 00 00 00 00 23 0e 00 00 83 0a 00 00 00 00 00 00	....................#...........
15bc0	a8 07 00 00 63 01 00 00 00 00 00 00 a7 0a 00 00 2d 0e 00 00 5f 05 00 00 00 00 00 00 36 01 00 00	....c...........-..._.......6...
15be0	82 03 00 00 52 09 00 00 00 00 00 00 05 03 00 00 00 00 00 00 d9 0a 00 00 00 00 00 00 00 00 00 00	....R...........................
15c00	97 10 00 00 00 00 00 00 bc 0d 00 00 03 0b 00 00 00 00 00 00 79 0e 00 00 f9 02 00 00 00 00 00 00	....................y...........
15c20	20 02 00 00 60 00 00 00 00 00 00 00 53 0f 00 00 00 00 00 00 23 08 00 00 c4 0c 00 00 00 00 00 00	....`.......S.......#...........
15c40	00 00 00 00 ec 03 00 00 f0 02 00 00 aa 08 00 00 43 09 00 00 c3 09 00 00 00 00 00 00 00 00 00 00	................C...............
15c60	df 0e 00 00 00 00 00 00 00 00 00 00 b5 05 00 00 e7 0c 00 00 fe 0f 00 00 00 00 00 00 ff 0d 00 00	................................
15c80	00 00 00 00 32 0a 00 00 76 10 00 00 53 0d 00 00 22 02 00 00 99 0f 00 00 58 01 00 00 00 00 00 00	....2...v...S...".......X.......
15ca0	94 0f 00 00 4d 05 00 00 a6 07 00 00 a4 08 00 00 23 0a 00 00 28 01 00 00 18 11 00 00 4e 0c 00 00	....M...........#...(.......N...
15cc0	00 00 00 00 79 04 00 00 25 09 00 00 83 10 00 00 00 00 00 00 40 03 00 00 b0 05 00 00 eb 08 00 00	....y...%...........@...........
15ce0	00 00 00 00 00 00 00 00 8b 0b 00 00 2d 06 00 00 00 00 00 00 de 04 00 00 2e 09 00 00 55 0b 00 00	............-...............U...
15d00	a5 05 00 00 00 00 00 00 3a 04 00 00 58 0e 00 00 00 00 00 00 df 06 00 00 00 00 00 00 00 00 00 00	........:...X...................
15d20	db 0b 00 00 c4 0a 00 00 f8 08 00 00 15 09 00 00 18 09 00 00 00 00 00 00 69 05 00 00 00 00 00 00	........................i.......
15d40	17 0d 00 00 2c 0b 00 00 00 00 00 00 03 0a 00 00 1a 01 00 00 f2 0b 00 00 00 01 00 00 00 00 00 00	....,...........................
15d60	9b 0a 00 00 f8 02 00 00 2c 01 00 00 8e 0c 00 00 c8 01 00 00 bc 06 00 00 73 0e 00 00 35 03 00 00	........,...............s...5...
15d80	27 0b 00 00 f3 0a 00 00 00 00 00 00 d1 02 00 00 00 00 00 00 01 10 00 00 a0 05 00 00 39 0b 00 00	'...........................9...
15da0	0b 09 00 00 2c 06 00 00 00 00 00 00 d1 05 00 00 30 0d 00 00 53 07 00 00 47 09 00 00 83 00 00 00	....,...........0...S...G.......
15dc0	a3 0f 00 00 00 00 00 00 74 07 00 00 00 00 00 00 9a 01 00 00 0c 0f 00 00 00 00 00 00 00 00 00 00	........t.......................
15de0	d4 09 00 00 a4 06 00 00 fa 10 00 00 e7 08 00 00 00 00 00 00 09 0a 00 00 c4 02 00 00 ef 07 00 00	................................
15e00	40 01 00 00 00 00 00 00 b0 0b 00 00 81 0c 00 00 31 0b 00 00 87 03 00 00 d5 0c 00 00 b0 02 00 00	@...............1...............
15e20	00 00 00 00 00 00 00 00 25 11 00 00 dd 07 00 00 00 00 00 00 e8 0b 00 00 10 01 00 00 91 07 00 00	........%.......................
15e40	00 00 00 00 5f 06 00 00 8f 0c 00 00 00 00 00 00 5e 07 00 00 c6 07 00 00 58 00 00 00 00 00 00 00	...._...........^.......X.......
15e60	73 0b 00 00 38 09 00 00 fe 09 00 00 c6 0f 00 00 00 00 00 00 af 04 00 00 b2 07 00 00 0a 05 00 00	s...8...........................
15e80	00 00 00 00 f7 09 00 00 da 09 00 00 f5 01 00 00 59 04 00 00 fb 0c 00 00 43 0c 00 00 00 00 00 00	................Y.......C.......
15ea0	12 10 00 00 57 0e 00 00 28 03 00 00 ec 0c 00 00 00 00 00 00 74 03 00 00 45 0e 00 00 60 03 00 00	....W...(...........t...E...`...
15ec0	79 01 00 00 97 02 00 00 00 00 00 00 00 00 00 00 67 0f 00 00 04 05 00 00 3f 04 00 00 65 07 00 00	y...............g.......?...e...
15ee0	e7 06 00 00 07 02 00 00 00 00 00 00 ec 04 00 00 00 00 00 00 00 00 00 00 3d 03 00 00 9b 05 00 00	........................=.......
15f00	d4 08 00 00 52 08 00 00 00 00 00 00 2c 0d 00 00 1b 0c 00 00 24 0a 00 00 29 0f 00 00 14 01 00 00	....R.......,.......$...).......
15f20	f0 01 00 00 b8 01 00 00 00 00 00 00 f8 03 00 00 af 0e 00 00 2f 09 00 00 05 0d 00 00 48 0d 00 00	..................../.......H...
15f40	53 0c 00 00 2e 0e 00 00 89 0c 00 00 fe 01 00 00 61 05 00 00 c7 0c 00 00 03 03 00 00 0a 02 00 00	S...............a...............
15f60	6b 0a 00 00 59 0c 00 00 f5 0a 00 00 68 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	k...Y.......h...................
15f80	42 01 00 00 00 00 00 00 00 00 00 00 da 04 00 00 db 04 00 00 00 00 00 00 8b 08 00 00 d8 0e 00 00	B...............................
15fa0	51 0f 00 00 75 0b 00 00 07 08 00 00 0a 03 00 00 3e 11 00 00 2a 02 00 00 bc 0f 00 00 46 02 00 00	Q...u...........>...*.......F...
15fc0	89 09 00 00 c3 0e 00 00 00 00 00 00 be 0a 00 00 35 0d 00 00 00 00 00 00 a2 0c 00 00 67 07 00 00	................5...........g...
15fe0	cf 01 00 00 d1 06 00 00 14 0a 00 00 b5 00 00 00 00 00 00 00 23 09 00 00 98 0b 00 00 b9 0b 00 00	....................#...........
16000	3c 0a 00 00 06 0d 00 00 11 00 00 00 f4 05 00 00 59 0a 00 00 07 0a 00 00 00 00 00 00 ef 08 00 00	<...............Y...............
16020	00 0f 00 00 2b 01 00 00 56 0d 00 00 2e 03 00 00 20 08 00 00 28 11 00 00 00 00 00 00 00 00 00 00	....+...V...........(...........
16040	65 06 00 00 00 00 00 00 68 05 00 00 55 10 00 00 0f 05 00 00 0f 0f 00 00 5d 06 00 00 20 09 00 00	e.......h...U...........].......
16060	4e 0e 00 00 59 0d 00 00 55 02 00 00 16 0a 00 00 8b 02 00 00 00 00 00 00 9d 09 00 00 18 04 00 00	N...Y...U.......................
16080	07 10 00 00 00 00 00 00 3f 02 00 00 ae 09 00 00 e0 01 00 00 b4 0a 00 00 9f 01 00 00 82 06 00 00	........?.......................
160a0	00 00 00 00 00 00 00 00 a1 0d 00 00 24 0d 00 00 00 00 00 00 80 0a 00 00 bd 0f 00 00 df 0a 00 00	............$...................
160c0	e9 00 00 00 00 00 00 00 65 10 00 00 81 08 00 00 e6 0c 00 00 bb 01 00 00 00 00 00 00 00 00 00 00	........e.......................
160e0	00 00 00 00 00 00 00 00 d6 06 00 00 a6 00 00 00 b0 01 00 00 00 07 00 00 7c 01 00 00 22 0a 00 00	........................|..."...
16100	76 0f 00 00 26 02 00 00 20 0f 00 00 f6 06 00 00 00 00 00 00 62 0b 00 00 00 00 00 00 08 0a 00 00	v...&...............b...........
16120	00 00 00 00 00 00 00 00 49 06 00 00 6a 09 00 00 9f 09 00 00 6f 0a 00 00 00 00 00 00 00 00 00 00	........I...j.......o...........
16140	00 00 00 00 c7 06 00 00 6c 02 00 00 12 07 00 00 d5 0a 00 00 0b 00 00 00 f1 01 00 00 f9 0b 00 00	........l.......................
16160	00 00 00 00 5a 04 00 00 00 00 00 00 00 00 00 00 5c 07 00 00 e7 0a 00 00 94 00 00 00 b2 0b 00 00	....Z...........\...............
16180	fe 02 00 00 00 00 00 00 16 0d 00 00 cc 06 00 00 69 00 00 00 78 08 00 00 00 00 00 00 00 00 00 00	................i...x...........
161a0	1b 09 00 00 2f 05 00 00 3f 0c 00 00 4c 0c 00 00 bf 07 00 00 c6 03 00 00 6f 0c 00 00 41 0c 00 00	..../...?...L...........o...A...
161c0	00 00 00 00 ea 02 00 00 00 00 00 00 00 00 00 00 04 01 00 00 8c 02 00 00 00 00 00 00 1b 05 00 00	................................
161e0	e1 02 00 00 00 00 00 00 00 00 00 00 18 0f 00 00 f1 10 00 00 13 0c 00 00 00 00 00 00 62 08 00 00	............................b...
16200	6b 0c 00 00 de 0e 00 00 00 00 00 00 af 01 00 00 00 00 00 00 a5 0e 00 00 06 0a 00 00 54 0e 00 00	k...........................T...
16220	00 00 00 00 78 0f 00 00 00 00 00 00 d0 02 00 00 00 00 00 00 9c 01 00 00 ec 10 00 00 29 0c 00 00	....x.......................)...
16240	e3 08 00 00 4c 10 00 00 72 08 00 00 00 00 00 00 fe 0e 00 00 14 07 00 00 00 00 00 00 e5 04 00 00	....L...r.......................
16260	f7 10 00 00 4d 0f 00 00 00 00 00 00 04 0e 00 00 ea 00 00 00 a0 01 00 00 cb 0f 00 00 09 08 00 00	....M...........................
16280	e8 0f 00 00 0c 07 00 00 a3 08 00 00 3a 07 00 00 2f 01 00 00 00 00 00 00 83 03 00 00 06 07 00 00	............:.../...............
162a0	00 00 00 00 fe 0b 00 00 00 00 00 00 b0 09 00 00 00 00 00 00 00 00 00 00 33 11 00 00 cd 0b 00 00	........................3.......
162c0	00 00 00 00 cb 08 00 00 00 00 00 00 00 00 00 00 80 0e 00 00 77 02 00 00 45 04 00 00 40 07 00 00	....................w...E...@...
162e0	36 00 00 00 96 03 00 00 3b 03 00 00 81 0f 00 00 00 00 00 00 69 07 00 00 00 00 00 00 16 0b 00 00	6.......;...........i...........
16300	a1 00 00 00 7b 05 00 00 26 01 00 00 12 0e 00 00 00 00 00 00 ad 05 00 00 b8 02 00 00 8a 06 00 00	....{...&.......................
16320	5c 00 00 00 cb 04 00 00 00 00 00 00 84 04 00 00 6a 08 00 00 e8 06 00 00 ac 02 00 00 00 00 00 00	\...............j...............
16340	a3 05 00 00 27 04 00 00 99 04 00 00 7c 02 00 00 2b 08 00 00 65 05 00 00 6f 06 00 00 9d 0f 00 00	....'.......|...+...e...o.......
16360	00 00 00 00 36 0e 00 00 5e 0e 00 00 b8 05 00 00 00 00 00 00 14 08 00 00 a6 08 00 00 00 00 00 00	....6...^.......................
16380	5c 01 00 00 55 05 00 00 13 10 00 00 89 00 00 00 00 00 00 00 66 0b 00 00 3c 06 00 00 d3 02 00 00	\...U...............f...<.......
163a0	33 08 00 00 91 03 00 00 00 00 00 00 00 00 00 00 2d 09 00 00 8a 08 00 00 f5 0f 00 00 00 00 00 00	3...............-...............
163c0	70 06 00 00 18 06 00 00 00 00 00 00 e1 0e 00 00 eb 0e 00 00 0b 01 00 00 d9 02 00 00 98 01 00 00	p...............................
163e0	c0 0a 00 00 00 00 00 00 dd 10 00 00 9f 02 00 00 ff 04 00 00 42 05 00 00 e4 0f 00 00 00 00 00 00	....................B...........
16400	00 00 00 00 16 0e 00 00 d3 05 00 00 3a 09 00 00 78 05 00 00 2e 05 00 00 f4 10 00 00 1c 0e 00 00	............:...x...............
16420	00 00 00 00 f9 09 00 00 4a 0e 00 00 0d 0a 00 00 00 00 00 00 27 0a 00 00 4a 03 00 00 bc 04 00 00	........J...........'...J.......
16440	00 00 00 00 3c 05 00 00 00 00 00 00 1a 0c 00 00 00 00 00 00 55 09 00 00 0b 10 00 00 00 00 00 00	....<...............U...........
16460	47 0f 00 00 26 0a 00 00 cc 07 00 00 f8 09 00 00 00 00 00 00 22 08 00 00 00 00 00 00 6d 02 00 00	G...&...............".......m...
16480	9c 0f 00 00 00 00 00 00 fd 03 00 00 dd 0f 00 00 00 00 00 00 0c 06 00 00 8c 0f 00 00 1f 06 00 00	................................
164a0	eb 0d 00 00 7d 0f 00 00 8f 0b 00 00 a7 00 00 00 49 00 00 00 61 01 00 00 21 06 00 00 8c 07 00 00	....}...........I...a...!.......
164c0	9a 07 00 00 aa 0f 00 00 cc 09 00 00 26 0d 00 00 d7 0c 00 00 2d 0d 00 00 00 00 00 00 26 10 00 00	............&.......-.......&...
164e0	6b 0f 00 00 82 0b 00 00 34 0c 00 00 a8 00 00 00 32 0d 00 00 16 0c 00 00 6e 08 00 00 1c 08 00 00	k.......4.......2.......n.......
16500	da 01 00 00 60 0a 00 00 22 03 00 00 a8 04 00 00 c8 07 00 00 0f 11 00 00 00 00 00 00 00 00 00 00	....`...".......................
16520	00 00 00 00 6a 03 00 00 09 0c 00 00 00 00 00 00 00 00 00 00 22 11 00 00 e5 01 00 00 98 0a 00 00	....j..............."...........
16540	c5 0b 00 00 d7 03 00 00 48 01 00 00 35 0c 00 00 00 00 00 00 00 00 00 00 99 09 00 00 03 0f 00 00	........H...5...................
16560	50 09 00 00 3c 0c 00 00 e7 0d 00 00 79 0f 00 00 1a 0a 00 00 3f 05 00 00 00 00 00 00 f9 0e 00 00	P...<.......y.......?...........
16580	09 0e 00 00 17 10 00 00 a2 07 00 00 2f 07 00 00 48 0b 00 00 0e 11 00 00 06 11 00 00 2d 0a 00 00	............/...H...........-...
165a0	00 00 00 00 b3 0a 00 00 00 00 00 00 00 00 00 00 87 0d 00 00 00 00 00 00 c0 0b 00 00 5b 10 00 00	............................[...
165c0	00 00 00 00 01 08 00 00 00 00 00 00 53 06 00 00 00 00 00 00 00 00 00 00 76 02 00 00 90 0d 00 00	............S...........v.......
165e0	d8 00 00 00 2a 0f 00 00 6d 05 00 00 00 00 00 00 dc 0f 00 00 4b 0c 00 00 00 00 00 00 e2 02 00 00	....*...m...........K...........
16600	07 00 00 00 2a 09 00 00 00 00 00 00 19 0e 00 00 bb 0a 00 00 af 10 00 00 80 10 00 00 e3 04 00 00	....*...........................
16620	ea 10 00 00 5d 08 00 00 d2 0d 00 00 00 00 00 00 00 11 00 00 db 0a 00 00 b8 0e 00 00 e0 09 00 00	....]...........................
16640	0b 11 00 00 83 07 00 00 bc 03 00 00 00 00 00 00 b8 04 00 00 00 00 00 00 e6 0d 00 00 00 00 00 00	................................
16660	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 05 00 00 b7 0b 00 00 55 08 00 00 46 0a 00 00	........................U...F...
16680	a9 07 00 00 02 0e 00 00 00 00 00 00 1d 0c 00 00 f8 05 00 00 fa 07 00 00 00 00 00 00 4b 03 00 00	............................K...
166a0	72 09 00 00 e0 0a 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 0d 07 00 00 00 00 00 00 00 00 00 00	r...............................
166c0	00 00 00 00 60 0b 00 00 7e 05 00 00 00 00 00 00 e6 09 00 00 ac 07 00 00 05 0c 00 00 fb 0d 00 00	....`...~.......................
166e0	34 00 00 00 b1 00 00 00 00 00 00 00 29 0e 00 00 a1 02 00 00 61 07 00 00 00 00 00 00 00 00 00 00	4...........).......a...........
16700	00 00 00 00 e7 02 00 00 e7 01 00 00 97 08 00 00 00 00 00 00 00 00 00 00 e5 0a 00 00 00 00 00 00	................................
16720	7b 06 00 00 00 00 00 00 63 0a 00 00 19 02 00 00 b9 08 00 00 c7 08 00 00 cd 02 00 00 00 00 00 00	{.......c.......................
16740	08 06 00 00 00 00 00 00 95 0a 00 00 85 0e 00 00 00 00 00 00 c2 0d 00 00 b3 04 00 00 00 00 00 00	................................
16760	81 00 00 00 00 00 00 00 db 0c 00 00 c7 09 00 00 a1 08 00 00 08 0d 00 00 ee 04 00 00 99 0e 00 00	................................
16780	00 00 00 00 d5 0e 00 00 09 00 00 00 ab 05 00 00 4a 0f 00 00 3a 11 00 00 c1 0f 00 00 ce 04 00 00	................J...:...........
167a0	00 00 00 00 4e 04 00 00 b1 0f 00 00 90 06 00 00 6f 01 00 00 39 00 00 00 18 0a 00 00 5b 0c 00 00	....N...........o...9.......[...
167c0	d7 10 00 00 8c 0a 00 00 2e 01 00 00 9d 08 00 00 f2 08 00 00 1a 0e 00 00 4c 0d 00 00 00 00 00 00	........................L.......
167e0	15 0e 00 00 0c 03 00 00 00 00 00 00 00 00 00 00 a6 06 00 00 8e 07 00 00 5f 04 00 00 84 05 00 00	........................_.......
16800	00 00 00 00 66 03 00 00 1e 03 00 00 00 00 00 00 62 0a 00 00 44 05 00 00 30 07 00 00 00 00 00 00	....f...........b...D...0.......
16820	f0 07 00 00 19 0d 00 00 58 04 00 00 16 06 00 00 c0 01 00 00 ee 0c 00 00 00 00 00 00 8a 03 00 00	........X.......................
16840	6f 0e 00 00 4d 0a 00 00 b9 0a 00 00 e1 05 00 00 e4 09 00 00 a2 04 00 00 00 00 00 00 72 02 00 00	o...M.......................r...
16860	26 09 00 00 bd 0d 00 00 76 04 00 00 00 00 00 00 fa 0d 00 00 f5 09 00 00 00 00 00 00 9f 0b 00 00	&.......v.......................
16880	00 00 00 00 47 02 00 00 dc 0b 00 00 00 00 00 00 00 00 00 00 bd 0b 00 00 74 05 00 00 eb 0b 00 00	....G...................t.......
168a0	00 00 00 00 af 0b 00 00 44 0c 00 00 d2 0e 00 00 e1 08 00 00 00 00 00 00 fc 02 00 00 62 07 00 00	........D...................b...
168c0	3d 11 00 00 00 00 00 00 a6 09 00 00 52 0a 00 00 d3 00 00 00 ed 08 00 00 00 00 00 00 82 08 00 00	=...........R...................
168e0	18 0c 00 00 2f 0e 00 00 1a 02 00 00 72 04 00 00 00 00 00 00 31 00 00 00 f1 0d 00 00 00 00 00 00	..../.......r.......1...........
16900	00 00 00 00 15 11 00 00 d8 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 46 07 00 00 6e 01 00 00	........................F...n...
16920	ea 01 00 00 2d 08 00 00 e9 0e 00 00 5a 0a 00 00 00 00 00 00 50 0d 00 00 21 08 00 00 00 00 00 00	....-.......Z.......P...!.......
16940	5e 10 00 00 3f 0a 00 00 fb 0e 00 00 29 01 00 00 5d 0d 00 00 82 09 00 00 2a 00 00 00 80 04 00 00	^...?.......)...].......*.......
16960	d0 05 00 00 36 08 00 00 d9 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 56 09 00 00 00 00 00 00	....6...................V.......
16980	00 00 00 00 4a 0a 00 00 9b 06 00 00 9a 04 00 00 00 00 00 00 5a 0e 00 00 f4 0c 00 00 a4 0f 00 00	....J...............Z...........
169a0	a9 0f 00 00 00 00 00 00 e6 02 00 00 a2 09 00 00 00 00 00 00 cc 0d 00 00 9d 01 00 00 8b 0e 00 00	................................
169c0	11 04 00 00 01 0c 00 00 00 00 00 00 00 00 00 00 b9 0c 00 00 00 00 00 00 3d 08 00 00 74 04 00 00	........................=...t...
169e0	a8 01 00 00 00 00 00 00 c7 04 00 00 86 02 00 00 9f 06 00 00 e9 10 00 00 79 05 00 00 5a 0b 00 00	........................y...Z...
16a00	c3 08 00 00 23 06 00 00 0d 0e 00 00 70 05 00 00 00 00 00 00 bf 06 00 00 9f 05 00 00 1b 08 00 00	....#.......p...................
16a20	5e 04 00 00 00 00 00 00 11 03 00 00 98 05 00 00 22 01 00 00 9b 08 00 00 00 00 00 00 57 0d 00 00	^..............."...........W...
16a40	00 00 00 00 f1 08 00 00 d3 09 00 00 67 01 00 00 4a 04 00 00 6d 06 00 00 28 0d 00 00 79 0d 00 00	............g...J...m...(...y...
16a60	d3 06 00 00 69 02 00 00 5a 09 00 00 a6 01 00 00 00 00 00 00 8a 04 00 00 ec 0b 00 00 8d 0e 00 00	....i...Z.......................
16a80	00 00 00 00 00 00 00 00 00 00 00 00 56 0e 00 00 00 00 00 00 34 03 00 00 00 00 00 00 00 00 00 00	............V.......4...........
16aa0	9d 0d 00 00 00 00 00 00 50 0f 00 00 61 03 00 00 00 00 00 00 33 09 00 00 22 10 00 00 08 05 00 00	........P...a.......3...".......
16ac0	3e 05 00 00 0d 03 00 00 5b 04 00 00 00 00 00 00 00 00 00 00 b9 0d 00 00 e2 0d 00 00 9f 04 00 00	>.......[.......................
16ae0	80 02 00 00 f2 0a 00 00 17 0e 00 00 8d 0b 00 00 d6 0c 00 00 4c 0e 00 00 e4 0e 00 00 fa 09 00 00	....................L...........
16b00	0c 05 00 00 81 05 00 00 e3 05 00 00 5a 08 00 00 3d 01 00 00 8d 09 00 00 b6 06 00 00 0a 10 00 00	............Z...=...............
16b20	6a 07 00 00 15 02 00 00 44 0d 00 00 00 00 00 00 f2 0c 00 00 95 0c 00 00 00 00 00 00 91 08 00 00	j.......D.......................
16b40	17 0c 00 00 da 0e 00 00 4f 0a 00 00 d7 02 00 00 00 00 00 00 be 0b 00 00 02 01 00 00 00 00 00 00	........O.......................
16b60	ac 00 00 00 f3 0c 00 00 fe 10 00 00 09 06 00 00 35 04 00 00 3c 10 00 00 57 09 00 00 00 00 00 00	................5...<...W.......
16b80	ab 01 00 00 8f 10 00 00 00 00 00 00 36 0c 00 00 b4 0d 00 00 67 03 00 00 00 00 00 00 ae 0a 00 00	............6.......g...........
16ba0	13 07 00 00 00 00 00 00 d6 0e 00 00 00 00 00 00 fc 08 00 00 00 00 00 00 b3 0b 00 00 45 10 00 00	............................E...
16bc0	41 02 00 00 c8 05 00 00 28 02 00 00 2f 02 00 00 f3 01 00 00 d4 04 00 00 0b 0b 00 00 5f 09 00 00	A.......(.../..............._...
16be0	5d 04 00 00 4a 06 00 00 88 10 00 00 64 03 00 00 ab 08 00 00 fe 00 00 00 00 00 00 00 ab 07 00 00	]...J.......d...................
16c00	00 00 00 00 00 00 00 00 bb 00 00 00 19 07 00 00 a3 0d 00 00 0d 06 00 00 c2 01 00 00 01 0d 00 00	................................
16c20	17 00 00 00 6e 10 00 00 d7 07 00 00 38 03 00 00 00 00 00 00 d0 0a 00 00 86 03 00 00 23 0b 00 00	....n.......8...............#...
16c40	37 11 00 00 e9 02 00 00 62 06 00 00 bd 03 00 00 19 03 00 00 f4 08 00 00 ee 0e 00 00 7a 05 00 00	7.......b...................z...
16c60	00 00 00 00 f7 0b 00 00 94 08 00 00 7c 0e 00 00 b1 09 00 00 00 00 00 00 6e 05 00 00 ca 0b 00 00	............|...........n.......
16c80	59 06 00 00 98 10 00 00 00 00 00 00 92 02 00 00 f8 0f 00 00 52 0f 00 00 5e 05 00 00 00 00 00 00	Y...................R...^.......
16ca0	00 00 00 00 97 01 00 00 31 11 00 00 a1 0e 00 00 77 10 00 00 df 03 00 00 36 0f 00 00 3e 00 00 00	........1.......w.......6...>...
16cc0	47 00 00 00 00 00 00 00 00 00 00 00 d9 05 00 00 a1 0b 00 00 f3 06 00 00 03 00 00 00 00 00 00 00	G...............................
16ce0	00 00 00 00 65 0f 00 00 f2 06 00 00 00 00 00 00 00 00 00 00 13 0a 00 00 54 0d 00 00 00 00 00 00	....e...................T.......
16d00	d2 07 00 00 17 07 00 00 8b 00 00 00 00 00 00 00 60 0f 00 00 fa 08 00 00 47 04 00 00 1b 03 00 00	................`.......G.......
16d20	92 01 00 00 00 00 00 00 ca 0c 00 00 e3 07 00 00 00 00 00 00 00 00 00 00 b5 04 00 00 a4 04 00 00	................................
16d40	05 04 00 00 a9 0d 00 00 b9 00 00 00 00 00 00 00 fd 02 00 00 cb 03 00 00 bd 0c 00 00 8b 09 00 00	................................
16d60	49 0e 00 00 00 00 00 00 00 00 00 00 09 0b 00 00 00 00 00 00 a5 04 00 00 00 00 00 00 dc 07 00 00	I...............................
16d80	d6 07 00 00 d0 06 00 00 c7 0b 00 00 40 05 00 00 ee 10 00 00 20 0a 00 00 05 0e 00 00 f2 10 00 00	............@...................
16da0	d1 0b 00 00 7d 10 00 00 71 09 00 00 a3 0b 00 00 00 00 00 00 a0 0c 00 00 07 0b 00 00 0d 04 00 00	....}...q.......................
16dc0	00 00 00 00 71 0f 00 00 4d 09 00 00 40 00 00 00 4a 05 00 00 00 00 00 00 68 03 00 00 00 00 00 00	....q...M...@...J.......h.......
16de0	32 01 00 00 00 00 00 00 5b 02 00 00 00 00 00 00 27 11 00 00 f0 0e 00 00 de 10 00 00 56 05 00 00	2.......[.......'...........V...
16e00	59 00 00 00 d3 04 00 00 42 06 00 00 57 10 00 00 68 06 00 00 c8 00 00 00 db 0d 00 00 eb 09 00 00	Y.......B...W...h...............
16e20	a5 09 00 00 02 07 00 00 9f 08 00 00 5f 10 00 00 69 08 00 00 ad 09 00 00 a4 09 00 00 f3 02 00 00	............_...i...............
16e40	dd 0a 00 00 e7 09 00 00 4c 0a 00 00 25 10 00 00 fe 08 00 00 6c 06 00 00 de 0c 00 00 96 07 00 00	........L...%.......l...........
16e60	58 03 00 00 8f 01 00 00 28 04 00 00 00 00 00 00 94 05 00 00 93 0f 00 00 06 09 00 00 10 11 00 00	X.......(.......................
16e80	b5 0c 00 00 73 06 00 00 02 0c 00 00 c6 06 00 00 60 02 00 00 d7 08 00 00 f6 04 00 00 00 00 00 00	....s...........`...............
16ea0	54 09 00 00 52 01 00 00 00 00 00 00 45 0f 00 00 0c 08 00 00 27 0e 00 00 00 00 00 00 f7 02 00 00	T...R.......E.......'...........
16ec0	00 00 00 00 50 02 00 00 a7 0e 00 00 00 00 00 00 c2 0f 00 00 0b 06 00 00 00 00 00 00 00 00 00 00	....P...........................
16ee0	00 00 00 00 66 0a 00 00 b8 07 00 00 00 00 00 00 d9 04 00 00 9e 10 00 00 00 00 00 00 44 0e 00 00	....f.......................D...
16f00	15 0d 00 00 48 06 00 00 16 03 00 00 a6 0b 00 00 00 00 00 00 52 0c 00 00 d5 06 00 00 2d 04 00 00	....H...............R.......-...
16f20	8f 00 00 00 35 05 00 00 cc 03 00 00 ea 09 00 00 00 00 00 00 ea 06 00 00 93 0e 00 00 f7 0e 00 00	....5...........................
16f40	a8 0a 00 00 6d 00 00 00 0c 0c 00 00 96 08 00 00 fa 03 00 00 00 00 00 00 59 08 00 00 f5 06 00 00	....m...................Y.......
16f60	ae 00 00 00 8a 0f 00 00 02 10 00 00 00 00 00 00 56 06 00 00 00 00 00 00 55 0c 00 00 fa 0c 00 00	................V.......U.......
16f80	00 00 00 00 cd 0d 00 00 86 05 00 00 13 06 00 00 45 0c 00 00 00 00 00 00 8f 03 00 00 ba 00 00 00	................E...............
16fa0	64 02 00 00 c5 0f 00 00 57 03 00 00 00 00 00 00 b0 07 00 00 73 08 00 00 20 04 00 00 ce 03 00 00	d.......W...........s...........
16fc0	00 00 00 00 51 01 00 00 bc 00 00 00 3c 02 00 00 73 07 00 00 00 00 00 00 00 00 00 00 8e 08 00 00	....Q.......<...s...............
16fe0	8b 01 00 00 9e 04 00 00 6c 0a 00 00 3d 0a 00 00 00 00 00 00 0d 00 00 00 9a 09 00 00 00 00 00 00	........l...=...................
17000	05 07 00 00 23 11 00 00 bd 00 00 00 cd 0a 00 00 f9 10 00 00 e9 04 00 00 d8 0a 00 00 00 00 00 00	....#...........................
17020	c6 05 00 00 00 00 00 00 eb 06 00 00 ab 03 00 00 11 01 00 00 fb 00 00 00 00 00 00 00 00 00 00 00	................................
17040	c7 0d 00 00 00 00 00 00 05 10 00 00 26 0c 00 00 00 21 3c 68 3a 68 3a 68 3a 68 3a 68 3a 68 3a 68	............&....!<h:h:h:h:h:h:h
17060	3a 68 2f 78 3e 3a 20 4d 61 74 63 68 20 65 76 65 72 79 74 68 69 6e 67 20 65 78 63 65 70 74 20 74	:h/x>:.Match.everything.except.t
17080	68 65 20 73 70 65 63 69 66 69 65 64 20 70 72 65 66 69 78 2e 00 21 3c 68 3a 68 3a 68 3a 68 3a 68	he.specified.prefix..!<h:h:h:h:h
170a0	3a 68 3a 68 3a 68 3e 2d 3c 68 3a 68 3a 68 3a 68 3a 68 3a 68 3a 68 3a 68 3e 3a 20 4d 61 74 63 68	:h:h:h>-<h:h:h:h:h:h:h:h>:.Match
170c0	20 65 76 65 72 79 74 68 69 6e 67 20 65 78 63 65 70 74 20 74 68 65 20 73 70 65 63 69 66 69 65 64	.everything.except.the.specified
170e0	20 72 61 6e 67 65 2e 00 21 3c 68 3a 68 3a 68 3a 68 3a 68 3a 68 3a 68 3a 68 3e 3a 20 4d 61 74 63	.range..!<h:h:h:h:h:h:h:h>:.Matc
17100	68 20 65 76 65 72 79 74 68 69 6e 67 20 65 78 63 65 70 74 20 74 68 65 20 73 70 65 63 69 66 69 65	h.everything.except.the.specifie
17120	64 20 61 64 64 72 65 73 73 2e 00 21 3c 78 2e 78 2e 78 2e 78 2f 78 3e 3a 20 4d 61 74 63 68 20 65	d.address..!<x.x.x.x/x>:.Match.e
17140	76 65 72 79 74 68 69 6e 67 20 65 78 63 65 70 74 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 73	verything.except.the.specified.s
17160	75 62 6e 65 74 2e 00 21 3c 78 2e 78 2e 78 2e 78 3e 2d 3c 78 2e 78 2e 78 2e 78 3e 3a 20 4d 61 74	ubnet..!<x.x.x.x>-<x.x.x.x>:.Mat
17180	63 68 20 65 76 65 72 79 74 68 69 6e 67 20 65 78 63 65 70 74 20 74 68 65 20 73 70 65 63 69 66 69	ch.everything.except.the.specifi
171a0	65 64 20 72 61 6e 67 65 2e 00 21 3c 78 2e 78 2e 78 2e 78 3e 3a 20 4d 61 74 63 68 20 65 76 65 72	ed.range..!<x.x.x.x>:.Match.ever
171c0	79 74 68 69 6e 67 20 65 78 63 65 70 74 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 61 64 64 72	ything.except.the.specified.addr
171e0	65 73 73 2e 00 22 4d 61 6e 61 67 65 64 20 61 64 64 72 65 73 73 20 63 6f 6e 66 69 67 75 72 61 74	ess.."Managed.address.configurat
17200	69 6f 6e 22 20 66 6c 61 67 00 22 4f 74 68 65 72 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 22 20	ion".flag."Other.configuration".
17220	66 6c 61 67 00 28 54 68 69 73 20 63 61 6e 20 62 65 20 75 73 65 66 75 6c 20 77 68 65 6e 20 61 20	flag.(This.can.be.useful.when.a.
17240	63 61 6c 6c 65 64 20 73 65 72 76 69 63 65 20 68 61 73 20 6d 61 6e 79 20 61 6e 64 2f 6f 72 20 6f	called.service.has.many.and/or.o
17260	66 74 65 6e 20 63 68 61 6e 67 69 6e 67 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 61 64 64 72 65 73	ften.changing.destination.addres
17280	73 65 73 20 2d 20 65 2e 67 2e 20 4e 65 74 66 6c 69 78 2e 29 00 2a 2a 31 2d 32 35 34 2a 2a 20 e2	ses.-.e.g..Netflix.).**1-254**..
172a0	80 93 20 69 6e 74 65 72 66 61 63 65 73 20 77 69 74 68 20 61 20 63 68 61 6e 6e 65 6c 20 6e 75 6d	...interfaces.with.a.channel.num
172c0	62 65 72 20 69 6e 74 65 72 66 65 72 65 20 77 69 74 68 20 69 6e 74 65 72 66 65 72 69 6e 67 20 69	ber.interfere.with.interfering.i
172e0	6e 74 65 72 66 61 63 65 73 20 61 6e 64 20 69 6e 74 65 72 66 61 63 65 73 20 77 69 74 68 20 74 68	nterfaces.and.interfaces.with.th
17300	65 20 73 61 6d 65 20 63 68 61 6e 6e 65 6c 20 6e 75 6d 62 65 72 2e 20 2a 2a 69 6e 74 65 72 66 65	e.same.channel.number..**interfe
17320	72 69 6e 67 2a 2a 20 e2 80 93 20 69 6e 74 65 72 66 65 72 69 6e 67 20 69 6e 74 65 72 66 61 63 65	ring**.....interfering.interface
17340	73 20 61 72 65 20 61 73 73 75 6d 65 64 20 74 6f 20 69 6e 74 65 72 66 65 72 65 20 77 69 74 68 20	s.are.assumed.to.interfere.with.
17360	61 6c 6c 20 6f 74 68 65 72 20 63 68 61 6e 6e 65 6c 73 20 65 78 63 65 70 74 20 6e 6f 6e 69 6e 74	all.other.channels.except.nonint
17380	65 72 66 65 72 69 6e 67 20 63 68 61 6e 6e 65 6c 73 2e 20 2a 2a 6e 6f 6e 69 6e 74 65 72 66 65 72	erfering.channels..**noninterfer
173a0	69 6e 67 2a 2a 20 e2 80 93 20 6e 6f 6e 69 6e 74 65 72 66 65 72 69 6e 67 20 69 6e 74 65 72 66 61	ing**.....noninterfering.interfa
173c0	63 65 73 20 61 72 65 20 61 73 73 75 6d 65 64 20 74 6f 20 6f 6e 6c 79 20 69 6e 74 65 72 66 65 72	ces.are.assumed.to.only.interfer
173e0	65 20 77 69 74 68 20 74 68 65 6d 73 65 6c 76 65 73 2e 00 2a 2a 31 2e 20 43 6f 6e 66 69 72 6d 20	e.with.themselves..**1..Confirm.
17400	49 50 20 63 6f 6e 6e 65 63 74 69 76 69 74 79 20 62 65 74 77 65 65 6e 20 74 75 6e 6e 65 6c 20 73	IP.connectivity.between.tunnel.s
17420	6f 75 72 63 65 2d 61 64 64 72 65 73 73 20 61 6e 64 20 72 65 6d 6f 74 65 3a 2a 2a 00 2a 2a 31 30	ource-address.and.remote:**.**10
17440	2a 2a 20 2d 20 3a 61 62 62 72 3a 60 49 50 46 49 58 20 28 49 50 20 46 6c 6f 77 20 49 6e 66 6f 72	**.-.:abbr:`IPFIX.(IP.Flow.Infor
17460	6d 61 74 69 6f 6e 20 45 78 70 6f 72 74 29 60 20 61 73 20 70 65 72 20 3a 72 66 63 3a 60 33 39 31	mation.Export)`.as.per.:rfc:`391
17480	37 60 00 2a 2a 32 2e 20 43 6f 6e 66 69 72 6d 20 74 68 65 20 6c 69 6e 6b 20 74 79 70 65 20 68 61	7`.**2..Confirm.the.link.type.ha
174a0	73 20 62 65 65 6e 20 73 65 74 20 74 6f 20 47 52 45 3a 2a 2a 00 2a 2a 33 2e 20 43 6f 6e 66 69 72	s.been.set.to.GRE:**.**3..Confir
174c0	6d 20 49 50 20 63 6f 6e 6e 65 63 74 69 76 69 74 79 20 61 63 72 6f 73 73 20 74 68 65 20 74 75 6e	m.IP.connectivity.across.the.tun
174e0	6e 65 6c 3a 2a 2a 00 2a 2a 35 2a 2a 20 2d 20 4d 6f 73 74 20 63 6f 6d 6d 6f 6e 20 76 65 72 73 69	nel:**.**5**.-.Most.common.versi
17500	6f 6e 2c 20 62 75 74 20 72 65 73 74 72 69 63 74 65 64 20 74 6f 20 49 50 76 34 20 66 6c 6f 77 73	on,.but.restricted.to.IPv4.flows
17520	20 6f 6e 6c 79 00 2a 2a 39 2a 2a 20 2d 20 4e 65 74 46 6c 6f 77 20 76 65 72 73 69 6f 6e 20 39 20	.only.**9**.-.NetFlow.version.9.
17540	28 64 65 66 61 75 6c 74 29 00 2a 2a 41 53 20 70 61 74 68 20 6c 65 6e 67 74 68 20 63 68 65 63 6b	(default).**AS.path.length.check
17560	2a 2a 00 2a 2a 41 6c 72 65 61 64 79 2d 73 65 6c 65 63 74 65 64 20 65 78 74 65 72 6e 61 6c 20 63	**.**Already-selected.external.c
17580	68 65 63 6b 2a 2a 00 2a 2a 41 70 70 6c 69 65 73 20 74 6f 3a 2a 2a 20 49 6e 62 6f 75 6e 64 20 74	heck**.**Applies.to:**.Inbound.t
175a0	72 61 66 66 69 63 2e 00 2a 2a 41 70 70 6c 69 65 73 20 74 6f 3a 2a 2a 20 4f 75 74 62 6f 75 6e 64	raffic..**Applies.to:**.Outbound
175c0	20 54 72 61 66 66 69 63 2e 00 2a 2a 41 70 70 6c 69 65 73 20 74 6f 3a 2a 2a 20 4f 75 74 62 6f 75	.Traffic..**Applies.to:**.Outbou
175e0	6e 64 20 74 72 61 66 66 69 63 2e 00 2a 2a 41 70 70 6c 79 20 74 68 65 20 74 72 61 66 66 69 63 20	nd.traffic..**Apply.the.traffic.
17600	70 6f 6c 69 63 79 20 74 6f 20 61 6e 20 69 6e 74 65 72 66 61 63 65 20 69 6e 67 72 65 73 73 20 6f	policy.to.an.interface.ingress.o
17620	72 20 65 67 72 65 73 73 2a 2a 2e 00 2a 2a 43 69 73 63 6f 20 49 4f 53 20 52 6f 75 74 65 72 3a 2a	r.egress**..**Cisco.IOS.Router:*
17640	2a 00 2a 2a 43 6c 69 65 6e 74 20 49 50 20 61 64 64 72 65 73 73 20 76 69 61 20 49 50 20 72 61 6e	*.**Client.IP.address.via.IP.ran
17660	67 65 20 64 65 66 69 6e 69 74 69 6f 6e 2a 2a 00 2a 2a 43 6c 69 65 6e 74 20 49 50 20 73 75 62 6e	ge.definition**.**Client.IP.subn
17680	65 74 73 20 76 69 61 20 43 49 44 52 20 6e 6f 74 61 74 69 6f 6e 2a 2a 00 2a 2a 43 6c 75 73 74 65	ets.via.CIDR.notation**.**Cluste
176a0	72 2d 4c 69 73 74 20 6c 65 6e 67 74 68 20 63 68 65 63 6b 2a 2a 00 2a 2a 43 72 65 61 74 65 20 61	r-List.length.check**.**Create.a
176c0	20 74 72 61 66 66 69 63 20 70 6f 6c 69 63 79 2a 2a 2e 00 2a 2a 44 48 43 50 28 76 36 29 2a 2a 00	.traffic.policy**..**DHCP(v6)**.
176e0	2a 2a 44 48 43 50 76 36 20 50 72 65 66 69 78 20 44 65 6c 65 67 61 74 69 6f 6e 20 28 50 44 29 2a	**DHCPv6.Prefix.Delegation.(PD)*
17700	2a 00 2a 2a 45 74 68 65 72 6e 65 74 20 28 70 72 6f 74 6f 63 6f 6c 2c 20 64 65 73 74 69 6e 61 74	*.**Ethernet.(protocol,.destinat
17720	69 6f 6e 20 61 64 64 72 65 73 73 20 6f 72 20 73 6f 75 72 63 65 20 61 64 64 72 65 73 73 29 2a 2a	ion.address.or.source.address)**
17740	00 2a 2a 45 78 61 6d 70 6c 65 3a 2a 2a 00 2a 2a 45 78 74 65 72 6e 61 6c 20 63 68 65 63 6b 2a 2a	.**Example:**.**External.check**
17760	00 2a 2a 46 69 72 65 77 61 6c 6c 20 6d 61 72 6b 2a 2a 00 2a 2a 49 47 50 20 63 6f 73 74 20 63 68	.**Firewall.mark**.**IGP.cost.ch
17780	65 63 6b 2a 2a 00 2a 2a 49 50 76 34 20 28 44 53 43 50 20 76 61 6c 75 65 2c 20 6d 61 78 69 6d 75	eck**.**IPv4.(DSCP.value,.maximu
177a0	6d 20 70 61 63 6b 65 74 20 6c 65 6e 67 74 68 2c 20 70 72 6f 74 6f 63 6f 6c 2c 20 73 6f 75 72 63	m.packet.length,.protocol,.sourc
177c0	65 20 61 64 64 72 65 73 73 2c 2a 2a 20 2a 2a 64 65 73 74 69 6e 61 74 69 6f 6e 20 61 64 64 72 65	e.address,**.**destination.addre
177e0	73 73 2c 20 73 6f 75 72 63 65 20 70 6f 72 74 2c 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 70 6f 72	ss,.source.port,.destination.por
17800	74 20 6f 72 20 54 43 50 20 66 6c 61 67 73 29 2a 2a 00 2a 2a 49 50 76 36 20 28 44 53 43 50 20 76	t.or.TCP.flags)**.**IPv6.(DSCP.v
17820	61 6c 75 65 2c 20 6d 61 78 69 6d 75 6d 20 70 61 79 6c 6f 61 64 20 6c 65 6e 67 74 68 2c 20 70 72	alue,.maximum.payload.length,.pr
17840	6f 74 6f 63 6f 6c 2c 20 73 6f 75 72 63 65 20 61 64 64 72 65 73 73 2c 2a 2a 20 2a 2a 64 65 73 74	otocol,.source.address,**.**dest
17860	69 6e 61 74 69 6f 6e 20 61 64 64 72 65 73 73 2c 20 73 6f 75 72 63 65 20 70 6f 72 74 2c 20 64 65	ination.address,.source.port,.de
17880	73 74 69 6e 61 74 69 6f 6e 20 70 6f 72 74 20 6f 72 20 54 43 50 20 66 6c 61 67 73 29 2a 2a 00 2a	stination.port.or.TCP.flags)**.*
178a0	2a 49 66 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 61 20 70 6f 6c 69 63 79	*If.you.are.looking.for.a.policy
178c0	20 66 6f 72 20 79 6f 75 72 20 6f 75 74 62 6f 75 6e 64 20 74 72 61 66 66 69 63 2a 2a 20 62 75 74	.for.your.outbound.traffic**.but
178e0	20 79 6f 75 20 64 6f 6e 27 74 20 6b 6e 6f 77 20 77 68 69 63 68 20 6f 6e 65 20 79 6f 75 20 6e 65	.you.don't.know.which.one.you.ne
17900	65 64 20 61 6e 64 20 79 6f 75 20 64 6f 6e 27 74 20 77 61 6e 74 20 74 6f 20 67 6f 20 74 68 72 6f	ed.and.you.don't.want.to.go.thro
17920	75 67 68 20 65 76 65 72 79 20 70 6f 73 73 69 62 6c 65 20 70 6f 6c 69 63 79 20 73 68 6f 77 6e 20	ugh.every.possible.policy.shown.
17940	68 65 72 65 2c 20 2a 2a 6f 75 72 20 62 65 74 20 69 73 20 74 68 61 74 20 68 69 67 68 6c 79 20 6c	here,.**our.bet.is.that.highly.l
17960	69 6b 65 6c 79 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 61 2a 2a 20 53 68	ikely.you.are.looking.for.a**.Sh
17980	61 70 65 72 5f 20 2a 2a 70 6f 6c 69 63 79 20 61 6e 64 20 79 6f 75 20 77 61 6e 74 20 74 6f 2a 2a	aper_.**policy.and.you.want.to**
179a0	20 3a 72 65 66 3a 60 73 65 74 20 69 74 73 20 71 75 65 75 65 73 20 3c 65 6d 62 65 64 3e 60 20 2a	.:ref:`set.its.queues.<embed>`.*
179c0	2a 61 73 20 46 51 2d 43 6f 44 65 6c 2a 2a 2e 00 2a 2a 49 6d 70 6f 72 74 61 6e 74 20 6e 6f 74 65	*as.FQ-CoDel**..**Important.note
179e0	20 61 62 6f 75 74 20 64 65 66 61 75 6c 74 2d 61 63 74 69 6f 6e 73 3a 2a 2a 20 49 66 20 64 65 66	.about.default-actions:**.If.def
17a00	61 75 6c 74 20 61 63 74 69 6f 6e 20 66 6f 72 20 61 6e 79 20 63 68 61 69 6e 20 69 73 20 6e 6f 74	ault.action.for.any.chain.is.not
17a20	20 64 65 66 69 6e 65 64 2c 20 74 68 65 6e 20 74 68 65 20 64 65 66 61 75 6c 74 20 61 63 74 69 6f	.defined,.then.the.default.actio
17a40	6e 20 69 73 20 73 65 74 20 74 6f 20 2a 2a 61 63 63 65 70 74 2a 2a 20 66 6f 72 20 74 68 61 74 20	n.is.set.to.**accept**.for.that.
17a60	63 68 61 69 6e 2e 20 4f 6e 6c 79 20 66 6f 72 20 63 75 73 74 6f 6d 20 63 68 61 69 6e 73 2c 20 74	chain..Only.for.custom.chains,.t
17a80	68 65 20 64 65 66 61 75 6c 74 20 61 63 74 69 6f 6e 20 69 73 20 73 65 74 20 74 6f 20 2a 2a 64 72	he.default.action.is.set.to.**dr
17aa0	6f 70 2a 2a 2e 00 2a 2a 49 6d 70 6f 72 74 61 6e 74 20 6e 6f 74 65 20 61 62 6f 75 74 20 64 65 66	op**..**Important.note.about.def
17ac0	61 75 6c 74 2d 61 63 74 69 6f 6e 73 3a 2a 2a 20 49 66 20 64 65 66 61 75 6c 74 20 61 63 74 69 6f	ault-actions:**.If.default.actio
17ae0	6e 20 66 6f 72 20 61 6e 79 20 63 68 61 69 6e 20 69 73 20 6e 6f 74 20 64 65 66 69 6e 65 64 2c 20	n.for.any.chain.is.not.defined,.
17b00	74 68 65 6e 20 74 68 65 20 64 65 66 61 75 6c 74 20 61 63 74 69 6f 6e 20 69 73 20 73 65 74 20 74	then.the.default.action.is.set.t
17b20	6f 20 2a 2a 64 72 6f 70 2a 2a 20 66 6f 72 20 74 68 61 74 20 63 68 61 69 6e 2e 00 2a 2a 49 6d 70	o.**drop**.for.that.chain..**Imp
17b40	6f 72 74 61 6e 74 20 6e 6f 74 65 20 6f 6e 20 75 73 61 67 65 20 6f 66 20 74 65 72 6d 73 3a 2a 2a	ortant.note.on.usage.of.terms:**
17b60	20 54 68 65 20 66 69 72 65 77 61 6c 6c 20 6d 61 6b 65 73 20 75 73 65 20 6f 66 20 74 68 65 20 74	.The.firewall.makes.use.of.the.t
17b80	65 72 6d 73 20 60 66 6f 72 77 61 72 64 60 2c 20 60 69 6e 70 75 74 60 2c 20 61 6e 64 20 60 6f 75	erms.`forward`,.`input`,.and.`ou
17ba0	74 70 75 74 60 20 66 6f 72 20 66 69 72 65 77 61 6c 6c 20 70 6f 6c 69 63 79 2e 20 4d 6f 72 65 20	tput`.for.firewall.policy..More.
17bc0	69 6e 66 6f 72 6d 61 74 69 6f 6e 20 6f 66 20 4e 65 74 66 69 6c 74 65 72 20 68 6f 6f 6b 73 20 61	information.of.Netfilter.hooks.a
17be0	6e 64 20 4c 69 6e 75 78 20 6e 65 74 77 6f 72 6b 69 6e 67 20 70 61 63 6b 65 74 20 66 6c 6f 77 73	nd.Linux.networking.packet.flows
17c00	20 63 61 6e 20 62 65 20 66 6f 75 6e 64 20 69 6e 20 60 4e 65 74 66 69 6c 74 65 72 2d 48 6f 6f 6b	.can.be.found.in.`Netfilter-Hook
17c20	73 20 3c 68 74 74 70 73 3a 2f 2f 77 69 6b 69 2e 6e 66 74 61 62 6c 65 73 2e 6f 72 67 2f 77 69 6b	s.<https://wiki.nftables.org/wik
17c40	69 2d 6e 66 74 61 62 6c 65 73 2f 69 6e 64 65 78 2e 70 68 70 2f 4e 65 74 66 69 6c 74 65 72 5f 68	i-nftables/index.php/Netfilter_h
17c60	6f 6f 6b 73 3e 60 5f 00 2a 2a 49 6d 70 6f 72 74 61 6e 74 20 6e 6f 74 65 20 6f 6e 20 75 73 61 67	ooks>`_.**Important.note.on.usag
17c80	65 20 6f 66 20 74 65 72 6d 73 3a 2a 2a 20 54 68 65 20 66 69 72 65 77 61 6c 6c 20 6d 61 6b 65 73	e.of.terms:**.The.firewall.makes
17ca0	20 75 73 65 20 6f 66 20 74 68 65 20 74 65 72 6d 73 20 60 69 6e 60 2c 20 60 6f 75 74 60 2c 20 61	.use.of.the.terms.`in`,.`out`,.a
17cc0	6e 64 20 60 6c 6f 63 61 6c 60 20 66 6f 72 20 66 69 72 65 77 61 6c 6c 20 70 6f 6c 69 63 79 2e 20	nd.`local`.for.firewall.policy..
17ce0	55 73 65 72 73 20 65 78 70 65 72 69 65 6e 63 65 64 20 77 69 74 68 20 6e 65 74 66 69 6c 74 65 72	Users.experienced.with.netfilter
17d00	20 6f 66 74 65 6e 20 63 6f 6e 66 75 73 65 20 60 69 6e 60 20 74 6f 20 62 65 20 61 20 72 65 66 65	.often.confuse.`in`.to.be.a.refe
17d20	72 65 6e 63 65 20 74 6f 20 74 68 65 20 60 49 4e 50 55 54 60 20 63 68 61 69 6e 2c 20 61 6e 64 20	rence.to.the.`INPUT`.chain,.and.
17d40	60 6f 75 74 60 20 74 68 65 20 60 4f 55 54 50 55 54 60 20 63 68 61 69 6e 20 66 72 6f 6d 20 6e 65	`out`.the.`OUTPUT`.chain.from.ne
17d60	74 66 69 6c 74 65 72 2e 20 54 68 69 73 20 69 73 20 6e 6f 74 20 74 68 65 20 63 61 73 65 2e 20 54	tfilter..This.is.not.the.case..T
17d80	68 65 73 65 20 69 6e 73 74 65 61 64 20 69 6e 64 69 63 61 74 65 20 74 68 65 20 75 73 65 20 6f 66	hese.instead.indicate.the.use.of
17da0	20 74 68 65 20 60 46 4f 52 57 41 52 44 60 20 63 68 61 69 6e 20 61 6e 64 20 65 69 74 68 65 72 20	.the.`FORWARD`.chain.and.either.
17dc0	74 68 65 20 69 6e 70 75 74 20 6f 72 20 6f 75 74 70 75 74 20 69 6e 74 65 72 66 61 63 65 2e 20 54	the.input.or.output.interface..T
17de0	68 65 20 60 49 4e 50 55 54 60 20 63 68 61 69 6e 2c 20 77 68 69 63 68 20 69 73 20 75 73 65 64 20	he.`INPUT`.chain,.which.is.used.
17e00	66 6f 72 20 6c 6f 63 61 6c 20 74 72 61 66 66 69 63 20 74 6f 20 74 68 65 20 4f 53 2c 20 69 73 20	for.local.traffic.to.the.OS,.is.
17e20	61 20 72 65 66 65 72 65 6e 63 65 20 74 6f 20 61 73 20 60 6c 6f 63 61 6c 60 20 77 69 74 68 20 72	a.reference.to.as.`local`.with.r
17e40	65 73 70 65 63 74 20 74 6f 20 69 74 73 20 69 6e 70 75 74 20 69 6e 74 65 72 66 61 63 65 2e 00 2a	espect.to.its.input.interface..*
17e60	2a 49 6d 70 6f 72 74 61 6e 74 20 6e 6f 74 65 3a 2a 2a 20 54 68 69 73 20 64 6f 63 75 6d 65 6e 74	*Important.note:**.This.document
17e80	61 74 69 6f 6e 20 69 73 20 76 61 6c 69 64 20 6f 6e 6c 79 20 66 6f 72 20 56 79 4f 53 20 53 61 67	ation.is.valid.only.for.VyOS.Sag
17ea0	69 74 74 61 20 70 72 69 6f 72 20 74 6f 20 31 2e 34 2d 72 6f 6c 6c 69 6e 67 2d 59 59 59 59 4d 4d	itta.prior.to.1.4-rolling-YYYYMM
17ec0	44 44 48 48 6d 6d 00 2a 2a 49 6e 74 65 72 66 61 63 65 20 6e 61 6d 65 2a 2a 00 2a 2a 4c 65 61 66	DDHHmm.**Interface.name**.**Leaf
17ee0	32 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3a 2a 2a 00 2a 2a 4c 65 61 66 33 20 63 6f 6e 66 69	2.configuration:**.**Leaf3.confi
17f00	67 75 72 61 74 69 6f 6e 3a 2a 2a 00 2a 2a 4c 69 6e 75 78 20 73 79 73 74 65 6d 64 2d 6e 65 74 77	guration:**.**Linux.systemd-netw
17f20	6f 72 6b 64 3a 2a 2a 00 2a 2a 4c 6f 63 61 6c 20 70 72 65 66 65 72 65 6e 63 65 20 63 68 65 63 6b	orkd:**.**Local.preference.check
17f40	2a 2a 00 2a 2a 4c 6f 63 61 6c 20 72 6f 75 74 65 20 63 68 65 63 6b 2a 2a 00 2a 2a 4d 45 44 20 63	**.**Local.route.check**.**MED.c
17f60	68 65 63 6b 2a 2a 00 2a 2a 4d 75 6c 74 69 2d 70 61 74 68 20 63 68 65 63 6b 2a 2a 00 2a 2a 4e 6f	heck**.**Multi-path.check**.**No
17f80	64 65 20 31 2a 2a 00 2a 2a 4e 6f 64 65 20 31 3a 2a 2a 00 2a 2a 4e 6f 64 65 20 32 2a 2a 00 2a 2a	de.1**.**Node.1:**.**Node.2**.**
17fa0	4e 6f 64 65 20 32 3a 2a 2a 00 2a 2a 4e 6f 64 65 31 3a 2a 2a 00 2a 2a 4e 6f 64 65 32 3a 2a 2a 00	Node.2:**.**Node1:**.**Node2:**.
17fc0	2a 2a 4f 50 54 49 4f 4e 41 4c 3a 2a 2a 20 45 78 63 6c 75 64 65 20 49 6e 74 65 72 2d 56 4c 41 4e	**OPTIONAL:**.Exclude.Inter-VLAN
17fe0	20 74 72 61 66 66 69 63 20 28 62 65 74 77 65 65 6e 20 56 4c 41 4e 31 30 20 61 6e 64 20 56 4c 41	.traffic.(between.VLAN10.and.VLA
18000	4e 31 31 29 20 66 72 6f 6d 20 50 42 52 00 2a 2a 4f 53 50 46 20 6e 65 74 77 6f 72 6b 20 72 6f 75	N11).from.PBR.**OSPF.network.rou
18020	74 69 6e 67 20 74 61 62 6c 65 2a 2a 20 e2 80 93 20 69 6e 63 6c 75 64 65 73 20 61 20 6c 69 73 74	ting.table**.....includes.a.list
18040	20 6f 66 20 61 63 71 75 69 72 65 64 20 72 6f 75 74 65 73 20 66 6f 72 20 61 6c 6c 20 61 63 63 65	.of.acquired.routes.for.all.acce
18060	73 73 69 62 6c 65 20 6e 65 74 77 6f 72 6b 73 20 28 6f 72 20 61 67 67 72 65 67 61 74 65 64 20 61	ssible.networks.(or.aggregated.a
18080	72 65 61 20 72 61 6e 67 65 73 29 20 6f 66 20 4f 53 50 46 20 73 79 73 74 65 6d 2e 20 22 49 41 22	rea.ranges).of.OSPF.system.."IA"
180a0	20 66 6c 61 67 20 6d 65 61 6e 73 20 74 68 61 74 20 72 6f 75 74 65 20 64 65 73 74 69 6e 61 74 69	.flag.means.that.route.destinati
180c0	6f 6e 20 69 73 20 69 6e 20 74 68 65 20 61 72 65 61 20 74 6f 20 77 68 69 63 68 20 74 68 65 20 72	on.is.in.the.area.to.which.the.r
180e0	6f 75 74 65 72 20 69 73 20 6e 6f 74 20 63 6f 6e 6e 65 63 74 65 64 2c 20 69 2e 65 2e 20 69 74 e2	outer.is.not.connected,.i.e..it.
18100	80 99 73 20 61 6e 20 69 6e 74 65 72 2d 61 72 65 61 20 70 61 74 68 2e 20 49 6e 20 73 71 75 61 72	..s.an.inter-area.path..In.squar
18120	65 20 62 72 61 63 6b 65 74 73 20 61 20 73 75 6d 6d 61 72 79 20 6d 65 74 72 69 63 20 66 6f 72 20	e.brackets.a.summary.metric.for.
18140	61 6c 6c 20 6c 69 6e 6b 73 20 74 68 72 6f 75 67 68 20 77 68 69 63 68 20 61 20 70 61 74 68 20 6c	all.links.through.which.a.path.l
18160	69 65 73 20 74 6f 20 74 68 69 73 20 6e 65 74 77 6f 72 6b 20 69 73 20 73 70 65 63 69 66 69 65 64	ies.to.this.network.is.specified
18180	2e 20 22 76 69 61 22 20 70 72 65 66 69 78 20 64 65 66 69 6e 65 73 20 61 20 72 6f 75 74 65 72 2d	.."via".prefix.defines.a.router-
181a0	67 61 74 65 77 61 79 2c 20 69 2e 65 2e 20 74 68 65 20 66 69 72 73 74 20 72 6f 75 74 65 72 20 6f	gateway,.i.e..the.first.router.o
181c0	6e 20 74 68 65 20 77 61 79 20 74 6f 20 74 68 65 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 28 6e 65	n.the.way.to.the.destination.(ne
181e0	78 74 20 68 6f 70 29 2e 20 2a 2a 4f 53 50 46 20 72 6f 75 74 65 72 20 72 6f 75 74 69 6e 67 20 74	xt.hop)..**OSPF.router.routing.t
18200	61 62 6c 65 2a 2a 20 e2 80 93 20 69 6e 63 6c 75 64 65 73 20 61 20 6c 69 73 74 20 6f 66 20 61 63	able**.....includes.a.list.of.ac
18220	71 75 69 72 65 64 20 72 6f 75 74 65 73 20 74 6f 20 61 6c 6c 20 61 63 63 65 73 73 69 62 6c 65 20	quired.routes.to.all.accessible.
18240	41 42 52 73 20 61 6e 64 20 41 53 42 52 73 2e 20 2a 2a 4f 53 50 46 20 65 78 74 65 72 6e 61 6c 20	ABRs.and.ASBRs..**OSPF.external.
18260	72 6f 75 74 69 6e 67 20 74 61 62 6c 65 2a 2a 20 e2 80 93 20 69 6e 63 6c 75 64 65 73 20 61 20 6c	routing.table**.....includes.a.l
18280	69 73 74 20 6f 66 20 61 63 71 75 69 72 65 64 20 72 6f 75 74 65 73 20 74 68 61 74 20 61 72 65 20	ist.of.acquired.routes.that.are.
182a0	65 78 74 65 72 6e 61 6c 20 74 6f 20 74 68 65 20 4f 53 50 46 20 70 72 6f 63 65 73 73 2e 20 22 45	external.to.the.OSPF.process.."E
182c0	22 20 66 6c 61 67 20 70 6f 69 6e 74 73 20 74 6f 20 74 68 65 20 65 78 74 65 72 6e 61 6c 20 6c 69	".flag.points.to.the.external.li
182e0	6e 6b 20 6d 65 74 72 69 63 20 74 79 70 65 20 28 45 31 20 e2 80 93 20 6d 65 74 72 69 63 20 74 79	nk.metric.type.(E1.....metric.ty
18300	70 65 20 31 2c 20 45 32 20 e2 80 93 20 6d 65 74 72 69 63 20 74 79 70 65 20 32 29 2e 20 45 78 74	pe.1,.E2.....metric.type.2)..Ext
18320	65 72 6e 61 6c 20 6c 69 6e 6b 20 6d 65 74 72 69 63 20 69 73 20 70 72 69 6e 74 65 64 20 69 6e 20	ernal.link.metric.is.printed.in.
18340	74 68 65 20 22 3c 6d 65 74 72 69 63 20 6f 66 20 74 68 65 20 72 6f 75 74 65 72 20 77 68 69 63 68	the."<metric.of.the.router.which
18360	20 61 64 76 65 72 74 69 73 65 64 20 74 68 65 20 6c 69 6e 6b 3e 2f 3c 6c 69 6e 6b 20 6d 65 74 72	.advertised.the.link>/<link.metr
18380	69 63 3e 22 20 66 6f 72 6d 61 74 2e 00 2a 2a 4f 6e 65 20 67 61 74 65 77 61 79 3a 2a 2a 00 2a 2a	ic>".format..**One.gateway:**.**
183a0	4f 72 69 67 69 6e 20 63 68 65 63 6b 2a 2a 00 2a 2a 50 65 65 72 20 61 64 64 72 65 73 73 2a 2a 00	Origin.check**.**Peer.address**.
183c0	2a 2a 50 6f 6c 69 63 79 20 64 65 66 69 6e 69 74 69 6f 6e 3a 2a 2a 00 2a 2a 50 72 69 6d 61 72 79	**Policy.definition:**.**Primary
183e0	2a 2a 00 2a 2a 51 75 65 75 65 69 6e 67 20 64 69 73 63 69 70 6c 69 6e 65 2a 2a 20 46 61 69 72 2f	**.**Queueing.discipline**.Fair/
18400	46 6c 6f 77 20 51 75 65 75 65 20 43 6f 44 65 6c 2e 00 2a 2a 51 75 65 75 65 69 6e 67 20 64 69 73	Flow.Queue.CoDel..**Queueing.dis
18420	63 69 70 6c 69 6e 65 3a 2a 2a 20 44 65 66 69 63 69 74 20 52 6f 75 6e 64 20 52 6f 62 69 6e 2e 00	cipline:**.Deficit.Round.Robin..
18440	2a 2a 51 75 65 75 65 69 6e 67 20 64 69 73 63 69 70 6c 69 6e 65 3a 2a 2a 20 47 65 6e 65 72 61 6c	**Queueing.discipline:**.General
18460	69 7a 65 64 20 52 61 6e 64 6f 6d 20 45 61 72 6c 79 20 44 72 6f 70 2e 00 2a 2a 51 75 65 75 65 69	ized.Random.Early.Drop..**Queuei
18480	6e 67 20 64 69 73 63 69 70 6c 69 6e 65 3a 2a 2a 20 48 69 65 72 61 72 63 68 69 63 61 6c 20 54 6f	ng.discipline:**.Hierarchical.To
184a0	6b 65 6e 20 42 75 63 6b 65 74 2e 00 2a 2a 51 75 65 75 65 69 6e 67 20 64 69 73 63 69 70 6c 69 6e	ken.Bucket..**Queueing.disciplin
184c0	65 3a 2a 2a 20 49 6e 67 72 65 73 73 20 70 6f 6c 69 63 65 72 2e 00 2a 2a 51 75 65 75 65 69 6e 67	e:**.Ingress.policer..**Queueing
184e0	20 64 69 73 63 69 70 6c 69 6e 65 3a 2a 2a 20 50 46 49 46 4f 20 28 50 61 63 6b 65 74 20 46 69 72	.discipline:**.PFIFO.(Packet.Fir
18500	73 74 20 49 6e 20 46 69 72 73 74 20 4f 75 74 29 2e 00 2a 2a 51 75 65 75 65 69 6e 67 20 64 69 73	st.In.First.Out)..**Queueing.dis
18520	63 69 70 6c 69 6e 65 3a 2a 2a 20 50 52 49 4f 2e 00 2a 2a 51 75 65 75 65 69 6e 67 20 64 69 73 63	cipline:**.PRIO..**Queueing.disc
18540	69 70 6c 69 6e 65 3a 2a 2a 20 53 46 51 20 28 53 74 6f 63 68 61 73 74 69 63 20 46 61 69 72 6e 65	ipline:**.SFQ.(Stochastic.Fairne
18560	73 73 20 51 75 65 75 69 6e 67 29 2e 00 2a 2a 51 75 65 75 65 69 6e 67 20 64 69 73 63 69 70 6c 69	ss.Queuing)..**Queueing.discipli
18580	6e 65 3a 2a 2a 20 54 6f 63 6b 65 6e 20 42 75 63 6b 65 74 20 46 69 6c 74 65 72 2e 00 2a 2a 51 75	ne:**.Tocken.Bucket.Filter..**Qu
185a0	65 75 65 69 6e 67 20 64 69 73 63 69 70 6c 69 6e 65 3a 2a 2a 20 6e 65 74 65 6d 20 28 4e 65 74 77	eueing.discipline:**.netem.(Netw
185c0	6f 72 6b 20 45 6d 75 6c 61 74 6f 72 29 20 2b 20 54 42 46 20 28 54 6f 6b 65 6e 20 42 75 63 6b 65	ork.Emulator).+.TBF.(Token.Bucke
185e0	74 20 46 69 6c 74 65 72 29 2e 00 2a 2a 52 31 20 53 74 61 74 69 63 20 4b 65 79 2a 2a 00 2a 2a 52	t.Filter)..**R1.Static.Key**.**R
18600	31 2a 2a 00 2a 2a 52 32 20 53 74 61 74 69 63 20 4b 65 79 2a 2a 00 2a 2a 52 32 2a 2a 00 2a 2a 52	1**.**R2.Static.Key**.**R2**.**R
18620	41 44 49 55 53 20 62 61 73 65 64 20 49 50 20 70 6f 6f 6c 73 20 28 46 72 61 6d 65 64 2d 49 50 2d	ADIUS.based.IP.pools.(Framed-IP-
18640	41 64 64 72 65 73 73 29 2a 2a 00 2a 2a 52 41 44 49 55 53 20 73 65 73 73 69 6f 6e 73 20 6d 61 6e	Address)**.**RADIUS.sessions.man
18660	61 67 65 6d 65 6e 74 20 44 4d 2f 43 6f 41 2a 2a 00 2a 2a 52 6f 75 74 65 72 20 31 2a 2a 00 2a 2a	agement.DM/CoA**.**Router.1**.**
18680	52 6f 75 74 65 72 20 32 2a 2a 00 2a 2a 52 6f 75 74 65 72 20 33 2a 2a 00 2a 2a 52 6f 75 74 65 72	Router.2**.**Router.3**.**Router
186a0	2d 49 44 20 63 68 65 63 6b 2a 2a 00 2a 2a 52 6f 75 74 65 73 20 6c 65 61 72 6e 65 64 20 61 66 74	-ID.check**.**Routes.learned.aft
186c0	65 72 20 72 6f 75 74 69 6e 67 20 70 6f 6c 69 63 79 20 61 70 70 6c 69 65 64 3a 2a 2a 00 2a 2a 52	er.routing.policy.applied:**.**R
186e0	6f 75 74 65 73 20 6c 65 61 72 6e 65 64 20 62 65 66 6f 72 65 20 72 6f 75 74 69 6e 67 20 70 6f 6c	outes.learned.before.routing.pol
18700	69 63 79 20 61 70 70 6c 69 65 64 3a 2a 2a 00 2a 2a 53 57 31 2a 2a 00 2a 2a 53 57 32 2a 2a 00 2a	icy.applied:**.**SW1**.**SW2**.*
18720	2a 53 65 63 6f 6e 64 61 72 79 2a 2a 00 2a 2a 53 65 74 74 69 6e 67 20 75 70 20 49 50 53 65 63 2a	*Secondary**.**Setting.up.IPSec*
18740	2a 00 2a 2a 53 65 74 74 69 6e 67 20 75 70 20 74 68 65 20 47 52 45 20 74 75 6e 6e 65 6c 2a 2a 00	*.**Setting.up.the.GRE.tunnel**.
18760	2a 2a 53 70 69 6e 65 31 20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3a 2a 2a 00 2a 2a 53 74 61 74	**Spine1.Configuration:**.**Stat
18780	75 73 2a 2a 00 2a 2a 54 6f 20 73 65 65 20 74 68 65 20 72 65 64 69 73 74 72 69 62 75 74 65 64 20	us**.**To.see.the.redistributed.
187a0	72 6f 75 74 65 73 3a 2a 2a 00 2a 2a 54 77 6f 20 67 61 74 65 77 61 79 73 20 61 6e 64 20 64 69 66	routes:**.**Two.gateways.and.dif
187c0	66 65 72 65 6e 74 20 6d 65 74 72 69 63 73 3a 2a 2a 00 2a 2a 56 4c 41 4e 20 49 44 2a 2a 00 2a 2a	ferent.metrics:**.**VLAN.ID**.**
187e0	56 79 4f 53 20 52 6f 75 74 65 72 3a 2a 2a 00 2a 2a 57 65 69 67 68 74 20 63 68 65 63 6b 2a 2a 00	VyOS.Router:**.**Weight.check**.
18800	2a 2a 61 64 64 72 65 73 73 2a 2a 20 63 61 6e 20 62 65 20 73 70 65 63 69 66 69 65 64 20 6d 75 6c	**address**.can.be.specified.mul
18820	74 69 70 6c 65 20 74 69 6d 65 73 20 61 73 20 49 50 76 34 20 61 6e 64 2f 6f 72 20 49 50 76 36 20	tiple.times.as.IPv4.and/or.IPv6.
18840	61 64 64 72 65 73 73 2c 20 65 2e 67 2e 20 31 39 32 2e 30 2e 32 2e 31 2f 32 34 20 61 6e 64 2f 6f	address,.e.g..192.0.2.1/24.and/o
18860	72 20 32 30 30 31 3a 64 62 38 3a 3a 31 2f 36 34 00 2a 2a 61 64 64 72 65 73 73 2a 2a 20 63 61 6e	r.2001:db8::1/64.**address**.can
18880	20 62 65 20 73 70 65 63 69 66 69 65 64 20 6d 75 6c 74 69 70 6c 65 20 74 69 6d 65 73 2c 20 65 2e	.be.specified.multiple.times,.e.
188a0	67 2e 20 31 39 32 2e 31 36 38 2e 31 30 30 2e 31 20 61 6e 64 2f 6f 72 20 31 39 32 2e 31 36 38 2e	g..192.168.100.1.and/or.192.168.
188c0	31 30 30 2e 30 2f 32 34 00 2a 2a 61 6c 6c 6f 77 2d 68 6f 73 74 2d 6e 65 74 77 6f 72 6b 73 2a 2a	100.0/24.**allow-host-networks**
188e0	20 63 61 6e 6e 6f 74 20 62 65 20 75 73 65 64 20 77 69 74 68 20 2a 2a 6e 65 74 77 6f 72 6b 2a 2a	.cannot.be.used.with.**network**
18900	00 2a 2a 61 6c 77 61 79 73 2a 2a 3a 20 52 65 73 74 61 72 74 20 63 6f 6e 74 61 69 6e 65 72 73 20	.**always**:.Restart.containers.
18920	77 68 65 6e 20 74 68 65 79 20 65 78 69 74 2c 20 72 65 67 61 72 64 6c 65 73 73 20 6f 66 20 73 74	when.they.exit,.regardless.of.st
18940	61 74 75 73 2c 20 72 65 74 72 79 69 6e 67 20 69 6e 64 65 66 69 6e 69 74 65 6c 79 00 2a 2a 61 70	atus,.retrying.indefinitely.**ap
18960	70 65 6e 64 3a 2a 2a 20 54 68 65 20 72 65 6c 61 79 20 61 67 65 6e 74 20 69 73 20 61 6c 6c 6f 77	pend:**.The.relay.agent.is.allow
18980	65 64 20 74 6f 20 61 70 70 65 6e 64 20 69 74 73 20 6f 77 6e 20 72 65 6c 61 79 20 69 6e 66 6f 72	ed.to.append.its.own.relay.infor
189a0	6d 61 74 69 6f 6e 20 74 6f 20 61 20 72 65 63 65 69 76 65 64 20 44 48 43 50 20 70 61 63 6b 65 74	mation.to.a.received.DHCP.packet
189c0	2c 20 64 69 73 72 65 67 61 72 64 69 6e 67 20 72 65 6c 61 79 20 69 6e 66 6f 72 6d 61 74 69 6f 6e	,.disregarding.relay.information
189e0	20 61 6c 72 65 61 64 79 20 70 72 65 73 65 6e 74 20 69 6e 20 74 68 65 20 70 61 63 6b 65 74 2e 00	.already.present.in.the.packet..
18a00	2a 2a 61 70 70 6c 69 63 61 74 69 6f 6e 2a 2a 3a 20 61 6e 61 6c 79 7a 65 73 20 72 65 63 65 69 76	**application**:.analyzes.receiv
18a20	65 64 20 66 6c 6f 77 20 64 61 74 61 20 69 6e 20 74 68 65 20 63 6f 6e 74 65 78 74 20 6f 66 20 69	ed.flow.data.in.the.context.of.i
18a40	6e 74 72 75 73 69 6f 6e 20 64 65 74 65 63 74 69 6f 6e 20 6f 72 20 74 72 61 66 66 69 63 20 70 72	ntrusion.detection.or.traffic.pr
18a60	6f 66 69 6c 69 6e 67 2c 20 66 6f 72 20 65 78 61 6d 70 6c 65 00 2a 2a 61 75 74 6f 2a 2a 20 e2 80	ofiling,.for.example.**auto**...
18a80	93 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 72 6d 69 6e 65 73 20 74 68 65 20 69	..automatically.determines.the.i
18aa0	6e 74 65 72 66 61 63 65 20 74 79 70 65 2e 20 2a 2a 77 69 72 65 64 2a 2a 20 e2 80 93 20 65 6e 61	nterface.type..**wired**.....ena
18ac0	62 6c 65 73 20 6f 70 74 69 6d 69 73 61 74 69 6f 6e 73 20 66 6f 72 20 77 69 72 65 64 20 69 6e 74	bles.optimisations.for.wired.int
18ae0	65 72 66 61 63 65 73 2e 20 2a 2a 77 69 72 65 6c 65 73 73 2a 2a 20 e2 80 93 20 64 69 73 61 62 6c	erfaces..**wireless**.....disabl
18b00	65 73 20 61 20 6e 75 6d 62 65 72 20 6f 66 20 6f 70 74 69 6d 69 73 61 74 69 6f 6e 73 20 74 68 61	es.a.number.of.optimisations.tha
18b20	74 20 61 72 65 20 6f 6e 6c 79 20 63 6f 72 72 65 63 74 20 6f 6e 20 77 69 72 65 64 20 69 6e 74 65	t.are.only.correct.on.wired.inte
18b40	72 66 61 63 65 73 2e 20 53 70 65 63 69 66 79 69 6e 67 20 77 69 72 65 6c 65 73 73 20 69 73 20 61	rfaces..Specifying.wireless.is.a
18b60	6c 77 61 79 73 20 63 6f 72 72 65 63 74 2c 20 62 75 74 20 6d 61 79 20 63 61 75 73 65 20 73 6c 6f	lways.correct,.but.may.cause.slo
18b80	77 65 72 20 63 6f 6e 76 65 72 67 65 6e 63 65 20 61 6e 64 20 65 78 74 72 61 20 72 6f 75 74 69 6e	wer.convergence.and.extra.routin
18ba0	67 20 74 72 61 66 66 69 63 2e 00 2a 2a 62 72 6f 61 64 63 61 73 74 2a 2a 20 e2 80 93 20 62 72 6f	g.traffic..**broadcast**.....bro
18bc0	61 64 63 61 73 74 20 49 50 20 61 64 64 72 65 73 73 65 73 20 64 69 73 74 72 69 62 75 74 69 6f 6e	adcast.IP.addresses.distribution
18be0	2e 20 2a 2a 6e 6f 6e 2d 62 72 6f 61 64 63 61 73 74 2a 2a 20 e2 80 93 20 61 64 64 72 65 73 73 20	..**non-broadcast**.....address.
18c00	64 69 73 74 72 69 62 75 74 69 6f 6e 20 69 6e 20 4e 42 4d 41 20 6e 65 74 77 6f 72 6b 73 20 74 6f	distribution.in.NBMA.networks.to
18c20	70 6f 6c 6f 67 79 2e 20 2a 2a 70 6f 69 6e 74 2d 74 6f 2d 6d 75 6c 74 69 70 6f 69 6e 74 2a 2a 20	pology..**point-to-multipoint**.
18c40	e2 80 93 20 61 64 64 72 65 73 73 20 64 69 73 74 72 69 62 75 74 69 6f 6e 20 69 6e 20 70 6f 69 6e	....address.distribution.in.poin
18c60	74 2d 74 6f 2d 6d 75 6c 74 69 70 6f 69 6e 74 20 6e 65 74 77 6f 72 6b 73 2e 20 2a 2a 70 6f 69 6e	t-to-multipoint.networks..**poin
18c80	74 2d 74 6f 2d 70 6f 69 6e 74 2a 2a 20 e2 80 93 20 61 64 64 72 65 73 73 20 64 69 73 74 72 69 62	t-to-point**.....address.distrib
18ca0	75 74 69 6f 6e 20 69 6e 20 70 6f 69 6e 74 2d 74 6f 2d 70 6f 69 6e 74 20 6e 65 74 77 6f 72 6b 73	ution.in.point-to-point.networks
18cc0	2e 00 2a 2a 62 72 6f 61 64 63 61 73 74 2a 2a 20 e2 80 93 20 62 72 6f 61 64 63 61 73 74 20 49 50	..**broadcast**.....broadcast.IP
18ce0	20 61 64 64 72 65 73 73 65 73 20 64 69 73 74 72 69 62 75 74 69 6f 6e 2e 20 2a 2a 70 6f 69 6e 74	.addresses.distribution..**point
18d00	2d 74 6f 2d 70 6f 69 6e 74 2a 2a 20 e2 80 93 20 61 64 64 72 65 73 73 20 64 69 73 74 72 69 62 75	-to-point**.....address.distribu
18d20	74 69 6f 6e 20 69 6e 20 70 6f 69 6e 74 2d 74 6f 2d 70 6f 69 6e 74 20 6e 65 74 77 6f 72 6b 73 2e	tion.in.point-to-point.networks.
18d40	00 2a 2a 63 69 73 63 6f 2a 2a 20 e2 80 93 20 61 20 72 6f 75 74 65 72 20 77 69 6c 6c 20 62 65 20	.**cisco**.....a.router.will.be.
18d60	63 6f 6e 73 69 64 65 72 65 64 20 61 73 20 41 42 52 20 69 66 20 69 74 20 68 61 73 20 73 65 76 65	considered.as.ABR.if.it.has.seve
18d80	72 61 6c 20 63 6f 6e 66 69 67 75 72 65 64 20 6c 69 6e 6b 73 20 74 6f 20 74 68 65 20 6e 65 74 77	ral.configured.links.to.the.netw
18da0	6f 72 6b 73 20 69 6e 20 64 69 66 66 65 72 65 6e 74 20 61 72 65 61 73 20 6f 6e 65 20 6f 66 20 77	orks.in.different.areas.one.of.w
18dc0	68 69 63 68 20 69 73 20 61 20 62 61 63 6b 62 6f 6e 65 20 61 72 65 61 2e 20 4d 6f 72 65 6f 76 65	hich.is.a.backbone.area..Moreove
18de0	72 2c 20 74 68 65 20 6c 69 6e 6b 20 74 6f 20 74 68 65 20 62 61 63 6b 62 6f 6e 65 20 61 72 65 61	r,.the.link.to.the.backbone.area
18e00	20 73 68 6f 75 6c 64 20 62 65 20 61 63 74 69 76 65 20 28 77 6f 72 6b 69 6e 67 29 2e 20 2a 2a 69	.should.be.active.(working)..**i
18e20	62 6d 2a 2a 20 e2 80 93 20 69 64 65 6e 74 69 63 61 6c 20 74 6f 20 22 63 69 73 63 6f 22 20 6d 6f	bm**.....identical.to."cisco".mo
18e40	64 65 6c 20 62 75 74 20 69 6e 20 74 68 69 73 20 63 61 73 65 20 61 20 62 61 63 6b 62 6f 6e 65 20	del.but.in.this.case.a.backbone.
18e60	61 72 65 61 20 6c 69 6e 6b 20 6d 61 79 20 6e 6f 74 20 62 65 20 61 63 74 69 76 65 2e 20 2a 2a 73	area.link.may.not.be.active..**s
18e80	74 61 6e 64 61 72 64 2a 2a 20 e2 80 93 20 72 6f 75 74 65 72 20 68 61 73 20 73 65 76 65 72 61 6c	tandard**.....router.has.several
18ea0	20 61 63 74 69 76 65 20 6c 69 6e 6b 73 20 74 6f 20 64 69 66 66 65 72 65 6e 74 20 61 72 65 61 73	.active.links.to.different.areas
18ec0	2e 20 2a 2a 73 68 6f 72 74 63 75 74 2a 2a 20 e2 80 93 20 69 64 65 6e 74 69 63 61 6c 20 74 6f 20	..**shortcut**.....identical.to.
18ee0	22 73 74 61 6e 64 61 72 64 22 20 62 75 74 20 69 6e 20 74 68 69 73 20 6d 6f 64 65 6c 20 61 20 72	"standard".but.in.this.model.a.r
18f00	6f 75 74 65 72 20 69 73 20 61 6c 6c 6f 77 65 64 20 74 6f 20 75 73 65 20 61 20 63 6f 6e 6e 65 63	outer.is.allowed.to.use.a.connec
18f20	74 65 64 20 61 72 65 61 73 20 74 6f 70 6f 6c 6f 67 79 20 77 69 74 68 6f 75 74 20 69 6e 76 6f 6c	ted.areas.topology.without.invol
18f40	76 69 6e 67 20 61 20 62 61 63 6b 62 6f 6e 65 20 61 72 65 61 20 66 6f 72 20 69 6e 74 65 72 2d 61	ving.a.backbone.area.for.inter-a
18f60	72 65 61 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 2e 00 2a 2a 63 6f 6c 6c 65 63 74 6f 72 2a 2a 3a 20	rea.connections..**collector**:.
18f80	72 65 73 70 6f 6e 73 69 62 6c 65 20 66 6f 72 20 72 65 63 65 70 74 69 6f 6e 2c 20 73 74 6f 72 61	responsible.for.reception,.stora
18fa0	67 65 20 61 6e 64 20 70 72 65 2d 70 72 6f 63 65 73 73 69 6e 67 20 6f 66 20 66 6c 6f 77 20 64 61	ge.and.pre-processing.of.flow.da
18fc0	74 61 20 72 65 63 65 69 76 65 64 20 66 72 6f 6d 20 61 20 66 6c 6f 77 20 65 78 70 6f 72 74 65 72	ta.received.from.a.flow.exporter
18fe0	00 2a 2a 64 65 66 61 75 6c 74 2a 2a 20 e2 80 93 20 20 74 68 69 73 20 61 72 65 61 20 77 69 6c 6c	.**default**......this.area.will
19000	20 62 65 20 75 73 65 64 20 66 6f 72 20 73 68 6f 72 74 63 75 74 74 69 6e 67 20 6f 6e 6c 79 20 69	.be.used.for.shortcutting.only.i
19020	66 20 41 42 52 20 64 6f 65 73 20 6e 6f 74 20 68 61 76 65 20 61 20 6c 69 6e 6b 20 74 6f 20 74 68	f.ABR.does.not.have.a.link.to.th
19040	65 20 62 61 63 6b 62 6f 6e 65 20 61 72 65 61 20 6f 72 20 74 68 69 73 20 6c 69 6e 6b 20 77 61 73	e.backbone.area.or.this.link.was
19060	20 6c 6f 73 74 2e 20 2a 2a 65 6e 61 62 6c 65 2a 2a 20 e2 80 93 20 74 68 65 20 61 72 65 61 20 77	.lost..**enable**.....the.area.w
19080	69 6c 6c 20 62 65 20 75 73 65 64 20 66 6f 72 20 73 68 6f 72 74 63 75 74 74 69 6e 67 20 65 76 65	ill.be.used.for.shortcutting.eve
190a0	72 79 20 74 69 6d 65 20 74 68 65 20 72 6f 75 74 65 20 74 68 61 74 20 67 6f 65 73 20 74 68 72 6f	ry.time.the.route.that.goes.thro
190c0	75 67 68 20 69 74 20 69 73 20 63 68 65 61 70 65 72 2e 20 2a 2a 64 69 73 61 62 6c 65 2a 2a 20 e2	ugh.it.is.cheaper..**disable**..
190e0	80 93 20 74 68 69 73 20 61 72 65 61 20 69 73 20 6e 65 76 65 72 20 75 73 65 64 20 62 79 20 41 42	...this.area.is.never.used.by.AB
19100	52 20 66 6f 72 20 72 6f 75 74 65 73 20 73 68 6f 72 74 63 75 74 74 69 6e 67 2e 00 2a 2a 64 65 66	R.for.routes.shortcutting..**def
19120	61 75 6c 74 2a 2a 20 e2 80 93 20 65 6e 61 62 6c 65 20 73 70 6c 69 74 2d 68 6f 72 69 7a 6f 6e 20	ault**.....enable.split-horizon.
19140	6f 6e 20 77 69 72 65 64 20 69 6e 74 65 72 66 61 63 65 73 2c 20 61 6e 64 20 64 69 73 61 62 6c 65	on.wired.interfaces,.and.disable
19160	20 73 70 6c 69 74 2d 68 6f 72 69 7a 6f 6e 20 6f 6e 20 77 69 72 65 6c 65 73 73 20 69 6e 74 65 72	.split-horizon.on.wireless.inter
19180	66 61 63 65 73 2e 20 2a 2a 65 6e 61 62 6c 65 2a 2a 20 e2 80 93 20 65 6e 61 62 6c 65 20 73 70 6c	faces..**enable**.....enable.spl
191a0	69 74 2d 68 6f 72 69 7a 6f 6e 20 6f 6e 20 74 68 69 73 20 69 6e 74 65 72 66 61 63 65 73 2e 20 2a	it-horizon.on.this.interfaces..*
191c0	2a 64 69 73 61 62 6c 65 2a 2a 20 e2 80 93 20 64 69 73 61 62 6c 65 20 73 70 6c 69 74 2d 68 6f 72	*disable**.....disable.split-hor
191e0	69 7a 6f 6e 20 6f 6e 20 74 68 69 73 20 69 6e 74 65 72 66 61 63 65 73 2e 00 2a 2a 64 65 6e 79 2a	izon.on.this.interfaces..**deny*
19200	2a 20 2d 20 64 65 6e 79 20 6d 70 70 65 00 2a 2a 64 65 73 74 69 6e 61 74 69 6f 6e 2a 2a 20 2d 20	*.-.deny.mppe.**destination**.-.
19220	73 70 65 63 69 66 79 20 77 68 69 63 68 20 70 61 63 6b 65 74 73 20 74 68 65 20 74 72 61 6e 73 6c	specify.which.packets.the.transl
19240	61 74 69 6f 6e 20 77 69 6c 6c 20 62 65 20 61 70 70 6c 69 65 64 20 74 6f 2c 20 6f 6e 6c 79 20 62	ation.will.be.applied.to,.only.b
19260	61 73 65 64 20 6f 6e 20 74 68 65 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 61 64 64 72 65 73 73 20	ased.on.the.destination.address.
19280	61 6e 64 2f 6f 72 20 70 6f 72 74 20 6e 75 6d 62 65 72 20 63 6f 6e 66 69 67 75 72 65 64 2e 00 2a	and/or.port.number.configured..*
192a0	2a 64 68 63 70 2a 2a 20 69 6e 74 65 72 66 61 63 65 20 61 64 64 72 65 73 73 20 69 73 20 72 65 63	*dhcp**.interface.address.is.rec
192c0	65 69 76 65 64 20 62 79 20 44 48 43 50 20 66 72 6f 6d 20 61 20 44 48 43 50 20 73 65 72 76 65 72	eived.by.DHCP.from.a.DHCP.server
192e0	20 6f 6e 20 74 68 69 73 20 73 65 67 6d 65 6e 74 2e 00 2a 2a 64 68 63 70 76 36 2a 2a 20 69 6e 74	.on.this.segment..**dhcpv6**.int
19300	65 72 66 61 63 65 20 61 64 64 72 65 73 73 20 69 73 20 72 65 63 65 69 76 65 64 20 62 79 20 44 48	erface.address.is.received.by.DH
19320	43 50 76 36 20 66 72 6f 6d 20 61 20 44 48 43 50 76 36 20 73 65 72 76 65 72 20 6f 6e 20 74 68 69	CPv6.from.a.DHCPv6.server.on.thi
19340	73 20 73 65 67 6d 65 6e 74 2e 00 2a 2a 64 69 73 63 61 72 64 3a 2a 2a 20 52 65 63 65 69 76 65 64	s.segment..**discard:**.Received
19360	20 70 61 63 6b 65 74 73 20 77 68 69 63 68 20 61 6c 72 65 61 64 79 20 63 6f 6e 74 61 69 6e 20 72	.packets.which.already.contain.r
19380	65 6c 61 79 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 77 69 6c 6c 20 62 65 20 64 69 73 63 61 72 64	elay.information.will.be.discard
193a0	65 64 2e 00 2a 2a 64 6f 77 6e 73 74 72 65 61 6d 3a 2a 2a 20 44 6f 77 6e 73 74 72 65 61 6d 20 6e	ed..**downstream:**.Downstream.n
193c0	65 74 77 6f 72 6b 20 69 6e 74 65 72 66 61 63 65 73 20 61 72 65 20 74 68 65 20 64 69 73 74 72 69	etwork.interfaces.are.the.distri
193e0	62 75 74 69 6f 6e 20 69 6e 74 65 72 66 61 63 65 73 20 74 6f 20 74 68 65 20 64 65 73 74 69 6e 61	bution.interfaces.to.the.destina
19400	74 69 6f 6e 20 6e 65 74 77 6f 72 6b 73 2c 20 77 68 65 72 65 20 6d 75 6c 74 69 63 61 73 74 20 63	tion.networks,.where.multicast.c
19420	6c 69 65 6e 74 73 20 63 61 6e 20 6a 6f 69 6e 20 67 72 6f 75 70 73 20 61 6e 64 20 72 65 63 65 69	lients.can.join.groups.and.recei
19440	76 65 20 6d 75 6c 74 69 63 61 73 74 20 64 61 74 61 2e 20 4f 6e 65 20 6f 72 20 6d 6f 72 65 20 64	ve.multicast.data..One.or.more.d
19460	6f 77 6e 73 74 72 65 61 6d 20 69 6e 74 65 72 66 61 63 65 73 20 6d 75 73 74 20 62 65 20 63 6f 6e	ownstream.interfaces.must.be.con
19480	66 69 67 75 72 65 64 2e 00 2a 2a 65 78 70 6f 72 74 65 72 2a 2a 3a 20 61 67 67 72 65 67 61 74 65	figured..**exporter**:.aggregate
194a0	73 20 70 61 63 6b 65 74 73 20 69 6e 74 6f 20 66 6c 6f 77 73 20 61 6e 64 20 65 78 70 6f 72 74 73	s.packets.into.flows.and.exports
194c0	20 66 6c 6f 77 20 72 65 63 6f 72 64 73 20 74 6f 77 61 72 64 73 20 6f 6e 65 20 6f 72 20 6d 6f 72	.flow.records.towards.one.or.mor
194e0	65 20 66 6c 6f 77 20 63 6f 6c 6c 65 63 74 6f 72 73 00 2a 2a 66 69 72 65 77 61 6c 6c 20 61 6c 6c	e.flow.collectors.**firewall.all
19500	2d 70 69 6e 67 2a 2a 20 61 66 66 65 63 74 73 20 6f 6e 6c 79 20 74 6f 20 4c 4f 43 41 4c 20 61 6e	-ping**.affects.only.to.LOCAL.an
19520	64 20 69 74 20 61 6c 77 61 79 73 20 62 65 68 61 76 65 73 20 69 6e 20 74 68 65 20 6d 6f 73 74 20	d.it.always.behaves.in.the.most.
19540	72 65 73 74 72 69 63 74 69 76 65 20 77 61 79 00 2a 2a 66 69 72 65 77 61 6c 6c 20 67 6c 6f 62 61	restrictive.way.**firewall.globa
19560	6c 2d 6f 70 74 69 6f 6e 73 20 61 6c 6c 2d 70 69 6e 67 2a 2a 20 61 66 66 65 63 74 73 20 6f 6e 6c	l-options.all-ping**.affects.onl
19580	79 20 74 6f 20 4c 4f 43 41 4c 20 61 6e 64 20 69 74 20 61 6c 77 61 79 73 20 62 65 68 61 76 65 73	y.to.LOCAL.and.it.always.behaves
195a0	20 69 6e 20 74 68 65 20 6d 6f 73 74 20 72 65 73 74 72 69 63 74 69 76 65 20 77 61 79 00 2a 2a 66	.in.the.most.restrictive.way.**f
195c0	6f 72 77 61 72 64 3a 2a 2a 20 41 6c 6c 20 70 61 63 6b 65 74 73 20 61 72 65 20 66 6f 72 77 61 72	orward:**.All.packets.are.forwar
195e0	64 65 64 2c 20 72 65 6c 61 79 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 6c 72 65 61 64 79 20 70	ded,.relay.information.already.p
19600	72 65 73 65 6e 74 20 77 69 6c 6c 20 62 65 20 69 67 6e 6f 72 65 64 2e 00 2a 2a 69 6e 62 6f 75 6e	resent.will.be.ignored..**inboun
19620	64 2d 69 6e 74 65 72 66 61 63 65 2a 2a 20 2d 20 61 70 70 6c 69 63 61 62 6c 65 20 6f 6e 6c 79 20	d-interface**.-.applicable.only.
19640	74 6f 20 3a 72 65 66 3a 60 64 65 73 74 69 6e 61 74 69 6f 6e 2d 6e 61 74 60 2e 20 49 74 20 63 6f	to.:ref:`destination-nat`..It.co
19660	6e 66 69 67 75 72 65 73 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 77 68 69 63 68 20 69 73 20	nfigures.the.interface.which.is.
19680	75 73 65 64 20 66 6f 72 20 74 68 65 20 69 6e 73 69 64 65 20 74 72 61 66 66 69 63 20 74 68 65 20	used.for.the.inside.traffic.the.
196a0	74 72 61 6e 73 6c 61 74 69 6f 6e 20 72 75 6c 65 20 61 70 70 6c 69 65 73 20 74 6f 2e 00 2a 2a 6c	translation.rule.applies.to..**l
196c0	61 79 65 72 32 2a 2a 20 2d 20 55 73 65 73 20 58 4f 52 20 6f 66 20 68 61 72 64 77 61 72 65 20 4d	ayer2**.-.Uses.XOR.of.hardware.M
196e0	41 43 20 61 64 64 72 65 73 73 65 73 20 61 6e 64 20 70 61 63 6b 65 74 20 74 79 70 65 20 49 44 20	AC.addresses.and.packet.type.ID.
19700	66 69 65 6c 64 20 74 6f 20 67 65 6e 65 72 61 74 65 20 74 68 65 20 68 61 73 68 2e 20 54 68 65 20	field.to.generate.the.hash..The.
19720	66 6f 72 6d 75 6c 61 20 69 73 00 2a 2a 6c 61 79 65 72 32 2b 33 2a 2a 20 2d 20 54 68 69 73 20 70	formula.is.**layer2+3**.-.This.p
19740	6f 6c 69 63 79 20 75 73 65 73 20 61 20 63 6f 6d 62 69 6e 61 74 69 6f 6e 20 6f 66 20 6c 61 79 65	olicy.uses.a.combination.of.laye
19760	72 32 20 61 6e 64 20 6c 61 79 65 72 33 20 70 72 6f 74 6f 63 6f 6c 20 69 6e 66 6f 72 6d 61 74 69	r2.and.layer3.protocol.informati
19780	6f 6e 20 74 6f 20 67 65 6e 65 72 61 74 65 20 74 68 65 20 68 61 73 68 2e 20 55 73 65 73 20 58 4f	on.to.generate.the.hash..Uses.XO
197a0	52 20 6f 66 20 68 61 72 64 77 61 72 65 20 4d 41 43 20 61 64 64 72 65 73 73 65 73 20 61 6e 64 20	R.of.hardware.MAC.addresses.and.
197c0	49 50 20 61 64 64 72 65 73 73 65 73 20 74 6f 20 67 65 6e 65 72 61 74 65 20 74 68 65 20 68 61 73	IP.addresses.to.generate.the.has
197e0	68 2e 20 54 68 65 20 66 6f 72 6d 75 6c 61 20 69 73 3a 00 2a 2a 6c 61 79 65 72 33 2b 34 2a 2a 20	h..The.formula.is:.**layer3+4**.
19800	2d 20 54 68 69 73 20 70 6f 6c 69 63 79 20 75 73 65 73 20 75 70 70 65 72 20 6c 61 79 65 72 20 70	-.This.policy.uses.upper.layer.p
19820	72 6f 74 6f 63 6f 6c 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2c 20 77 68 65 6e 20 61 76 61 69 6c 61	rotocol.information,.when.availa
19840	62 6c 65 2c 20 74 6f 20 67 65 6e 65 72 61 74 65 20 74 68 65 20 68 61 73 68 2e 20 54 68 69 73 20	ble,.to.generate.the.hash..This.
19860	61 6c 6c 6f 77 73 20 66 6f 72 20 74 72 61 66 66 69 63 20 74 6f 20 61 20 70 61 72 74 69 63 75 6c	allows.for.traffic.to.a.particul
19880	61 72 20 6e 65 74 77 6f 72 6b 20 70 65 65 72 20 74 6f 20 73 70 61 6e 20 6d 75 6c 74 69 70 6c 65	ar.network.peer.to.span.multiple
198a0	20 73 6c 61 76 65 73 2c 20 61 6c 74 68 6f 75 67 68 20 61 20 73 69 6e 67 6c 65 20 63 6f 6e 6e 65	.slaves,.although.a.single.conne
198c0	63 74 69 6f 6e 20 77 69 6c 6c 20 6e 6f 74 20 73 70 61 6e 20 6d 75 6c 74 69 70 6c 65 20 73 6c 61	ction.will.not.span.multiple.sla
198e0	76 65 73 2e 00 2a 2a 6c 65 66 74 2a 2a 00 2a 2a 6c 65 76 65 6c 2d 31 2a 2a 20 2d 20 41 63 74 20	ves..**left**.**level-1**.-.Act.
19900	61 73 20 61 20 73 74 61 74 69 6f 6e 20 28 4c 65 76 65 6c 20 31 29 20 72 6f 75 74 65 72 20 6f 6e	as.a.station.(Level.1).router.on
19920	6c 79 2e 00 2a 2a 6c 65 76 65 6c 2d 31 2a 2a 20 2d 20 4c 65 76 65 6c 2d 31 20 6f 6e 6c 79 20 61	ly..**level-1**.-.Level-1.only.a
19940	64 6a 61 63 65 6e 63 69 65 73 20 61 72 65 20 66 6f 72 6d 65 64 2e 00 2a 2a 6c 65 76 65 6c 2d 31	djacencies.are.formed..**level-1
19960	2d 32 2a 2a 20 2d 20 41 63 74 20 61 73 20 61 20 73 74 61 74 69 6f 6e 20 28 4c 65 76 65 6c 20 31	-2**.-.Act.as.a.station.(Level.1
19980	29 20 72 6f 75 74 65 72 20 61 6e 64 20 61 72 65 61 20 28 4c 65 76 65 6c 20 32 29 20 72 6f 75 74	).router.and.area.(Level.2).rout
199a0	65 72 2e 00 2a 2a 6c 65 76 65 6c 2d 31 2d 32 2a 2a 20 2d 20 4c 65 76 65 6c 2d 31 2d 32 20 61 64	er..**level-1-2**.-.Level-1-2.ad
199c0	6a 61 63 65 6e 63 69 65 73 20 61 72 65 20 66 6f 72 6d 65 64 00 2a 2a 6c 65 76 65 6c 2d 32 2d 6f	jacencies.are.formed.**level-2-o
199e0	6e 6c 79 2a 2a 20 2d 20 41 63 74 20 61 73 20 61 6e 20 61 72 65 61 20 28 4c 65 76 65 6c 20 32 29	nly**.-.Act.as.an.area.(Level.2)
19a00	20 72 6f 75 74 65 72 20 6f 6e 6c 79 2e 00 2a 2a 6c 65 76 65 6c 2d 32 2d 6f 6e 6c 79 2a 2a 20 2d	.router.only..**level-2-only**.-
19a20	20 4c 65 76 65 6c 2d 32 20 6f 6e 6c 79 20 61 64 6a 61 63 65 6e 63 69 65 73 20 61 72 65 20 66 6f	.Level-2.only.adjacencies.are.fo
19a40	72 6d 65 64 00 2a 2a 6c 6f 63 61 6c 20 73 69 64 65 20 2d 20 63 6f 6d 6d 61 6e 64 73 2a 2a 00 2a	rmed.**local.side.-.commands**.*
19a60	2a 6c 6f 63 61 6c 2a 2a 3a 20 41 6c 6c 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 71 75 65	*local**:.All.authentication.que
19a80	72 69 65 73 20 61 72 65 20 68 61 6e 64 6c 65 64 20 6c 6f 63 61 6c 6c 79 2e 00 2a 2a 6c 6f 67 2d	ries.are.handled.locally..**log-
19aa0	66 61 69 6c 2a 2a 20 49 6e 20 74 68 69 73 20 6d 6f 64 65 2c 20 74 68 65 20 72 65 63 75 72 73 6f	fail**.In.this.mode,.the.recurso
19ac0	72 20 77 69 6c 6c 20 61 74 74 65 6d 70 74 20 74 6f 20 76 61 6c 69 64 61 74 65 20 61 6c 6c 20 64	r.will.attempt.to.validate.all.d
19ae0	61 74 61 20 69 74 20 72 65 74 72 69 65 76 65 73 20 66 72 6f 6d 20 61 75 74 68 6f 72 69 74 61 74	ata.it.retrieves.from.authoritat
19b00	69 76 65 20 73 65 72 76 65 72 73 2c 20 72 65 67 61 72 64 6c 65 73 73 20 6f 66 20 74 68 65 20 63	ive.servers,.regardless.of.the.c
19b20	6c 69 65 6e 74 27 73 20 44 4e 53 53 45 43 20 64 65 73 69 72 65 73 2c 20 61 6e 64 20 77 69 6c 6c	lient's.DNSSEC.desires,.and.will
19b40	20 6c 6f 67 20 74 68 65 20 76 61 6c 69 64 61 74 69 6f 6e 20 72 65 73 75 6c 74 2e 20 54 68 69 73	.log.the.validation.result..This
19b60	20 6d 6f 64 65 20 63 61 6e 20 62 65 20 75 73 65 64 20 74 6f 20 64 65 74 65 72 6d 69 6e 65 20 74	.mode.can.be.used.to.determine.t
19b80	68 65 20 65 78 74 72 61 20 6c 6f 61 64 20 61 6e 64 20 61 6d 6f 75 6e 74 20 6f 66 20 70 6f 73 73	he.extra.load.and.amount.of.poss
19ba0	69 62 6c 79 20 62 6f 67 75 73 20 61 6e 73 77 65 72 73 20 62 65 66 6f 72 65 20 74 75 72 6e 69 6e	ibly.bogus.answers.before.turnin
19bc0	67 20 6f 6e 20 66 75 6c 6c 2d 62 6c 6f 77 6e 20 76 61 6c 69 64 61 74 69 6f 6e 2e 20 52 65 73 70	g.on.full-blown.validation..Resp
19be0	6f 6e 73 65 73 20 74 6f 20 63 6c 69 65 6e 74 20 71 75 65 72 69 65 73 20 61 72 65 20 74 68 65 20	onses.to.client.queries.are.the.
19c00	73 61 6d 65 20 61 73 20 77 69 74 68 20 70 72 6f 63 65 73 73 2e 00 2a 2a 6e 61 72 72 6f 77 2a 2a	same.as.with.process..**narrow**
19c20	20 2d 20 55 73 65 20 6f 6c 64 20 73 74 79 6c 65 20 6f 66 20 54 4c 56 73 20 77 69 74 68 20 6e 61	.-.Use.old.style.of.TLVs.with.na
19c40	72 72 6f 77 20 6d 65 74 72 69 63 2e 00 2a 2a 6e 65 74 2d 61 64 6d 69 6e 2a 2a 3a 20 4e 65 74 77	rrow.metric..**net-admin**:.Netw
19c60	6f 72 6b 20 6f 70 65 72 61 74 69 6f 6e 73 20 28 69 6e 74 65 72 66 61 63 65 2c 20 66 69 72 65 77	ork.operations.(interface,.firew
19c80	61 6c 6c 2c 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 73 29 00 2a 2a 6e 65 74 2d 62 69 6e 64 2d	all,.routing.tables).**net-bind-
19ca0	73 65 72 76 69 63 65 2a 2a 3a 20 42 69 6e 64 20 61 20 73 6f 63 6b 65 74 20 74 6f 20 70 72 69 76	service**:.Bind.a.socket.to.priv
19cc0	69 6c 65 67 65 64 20 70 6f 72 74 73 20 28 70 6f 72 74 20 6e 75 6d 62 65 72 73 20 6c 65 73 73 20	ileged.ports.(port.numbers.less.
19ce0	74 68 61 6e 20 31 30 32 34 29 00 2a 2a 6e 65 74 2d 72 61 77 2a 2a 3a 20 50 65 72 6d 69 73 73 69	than.1024).**net-raw**:.Permissi
19d00	6f 6e 20 74 6f 20 63 72 65 61 74 65 20 72 61 77 20 6e 65 74 77 6f 72 6b 20 73 6f 63 6b 65 74 73	on.to.create.raw.network.sockets
19d20	00 2a 2a 6e 6f 2a 2a 3a 20 44 6f 20 6e 6f 74 20 72 65 73 74 61 72 74 20 63 6f 6e 74 61 69 6e 65	.**no**:.Do.not.restart.containe
19d40	72 73 20 6f 6e 20 65 78 69 74 00 2a 2a 6f 66 66 2a 2a 20 49 6e 20 74 68 69 73 20 6d 6f 64 65 2c	rs.on.exit.**off**.In.this.mode,
19d60	20 6e 6f 20 44 4e 53 53 45 43 20 70 72 6f 63 65 73 73 69 6e 67 20 74 61 6b 65 73 20 70 6c 61 63	.no.DNSSEC.processing.takes.plac
19d80	65 2e 20 54 68 65 20 72 65 63 75 72 73 6f 72 20 77 69 6c 6c 20 6e 6f 74 20 73 65 74 20 74 68 65	e..The.recursor.will.not.set.the
19da0	20 44 4e 53 53 45 43 20 4f 4b 20 28 44 4f 29 20 62 69 74 20 69 6e 20 74 68 65 20 6f 75 74 67 6f	.DNSSEC.OK.(DO).bit.in.the.outgo
19dc0	69 6e 67 20 71 75 65 72 69 65 73 20 61 6e 64 20 77 69 6c 6c 20 69 67 6e 6f 72 65 20 74 68 65 20	ing.queries.and.will.ignore.the.
19de0	44 4f 20 61 6e 64 20 41 44 20 62 69 74 73 20 69 6e 20 71 75 65 72 69 65 73 2e 00 2a 2a 6f 6e 2d	DO.and.AD.bits.in.queries..**on-
19e00	66 61 69 6c 75 72 65 2a 2a 3a 20 52 65 73 74 61 72 74 20 63 6f 6e 74 61 69 6e 65 72 73 20 77 68	failure**:.Restart.containers.wh
19e20	65 6e 20 74 68 65 79 20 65 78 69 74 20 77 69 74 68 20 61 20 6e 6f 6e 2d 7a 65 72 6f 20 65 78 69	en.they.exit.with.a.non-zero.exi
19e40	74 20 63 6f 64 65 2c 20 72 65 74 72 79 69 6e 67 20 69 6e 64 65 66 69 6e 69 74 65 6c 79 20 28 64	t.code,.retrying.indefinitely.(d
19e60	65 66 61 75 6c 74 29 00 2a 2a 6f 75 74 62 6f 75 6e 64 2d 69 6e 74 65 72 66 61 63 65 2a 2a 20 2d	efault).**outbound-interface**.-
19e80	20 61 70 70 6c 69 63 61 62 6c 65 20 6f 6e 6c 79 20 74 6f 20 3a 72 65 66 3a 60 73 6f 75 72 63 65	.applicable.only.to.:ref:`source
19ea0	2d 6e 61 74 60 2e 20 49 74 20 63 6f 6e 66 69 67 75 72 65 73 20 74 68 65 20 69 6e 74 65 72 66 61	-nat`..It.configures.the.interfa
19ec0	63 65 20 77 68 69 63 68 20 69 73 20 75 73 65 64 20 66 6f 72 20 74 68 65 20 6f 75 74 73 69 64 65	ce.which.is.used.for.the.outside
19ee0	20 74 72 61 66 66 69 63 20 74 68 61 74 20 74 68 69 73 20 74 72 61 6e 73 6c 61 74 69 6f 6e 20 72	.traffic.that.this.translation.r
19f00	75 6c 65 20 61 70 70 6c 69 65 73 20 74 6f 2e 00 2a 2a 70 72 65 66 65 72 2a 2a 20 2d 20 61 73 6b	ule.applies.to..**prefer**.-.ask
19f20	20 63 6c 69 65 6e 74 20 66 6f 72 20 6d 70 70 65 2c 20 69 66 20 69 74 20 72 65 6a 65 63 74 73 20	.client.for.mppe,.if.it.rejects.
19f40	64 6f 6e 27 74 20 66 61 69 6c 00 2a 2a 70 72 6f 63 65 73 73 2a 2a 20 57 68 65 6e 20 64 6e 73 73	don't.fail.**process**.When.dnss
19f60	65 63 20 69 73 20 73 65 74 20 74 6f 20 70 72 6f 63 65 73 73 20 74 68 65 20 62 65 68 61 76 69 6f	ec.is.set.to.process.the.behavio
19f80	72 20 69 73 20 73 69 6d 69 6c 61 72 20 74 6f 20 70 72 6f 63 65 73 73 2d 6e 6f 2d 76 61 6c 69 64	r.is.similar.to.process-no-valid
19fa0	61 74 65 2e 20 48 6f 77 65 76 65 72 2c 20 74 68 65 20 72 65 63 75 72 73 6f 72 20 77 69 6c 6c 20	ate..However,.the.recursor.will.
19fc0	74 72 79 20 74 6f 20 76 61 6c 69 64 61 74 65 20 74 68 65 20 64 61 74 61 20 69 66 20 61 74 20 6c	try.to.validate.the.data.if.at.l
19fe0	65 61 73 74 20 6f 6e 65 20 6f 66 20 74 68 65 20 44 4f 20 6f 72 20 41 44 20 62 69 74 73 20 69 73	east.one.of.the.DO.or.AD.bits.is
1a000	20 73 65 74 20 69 6e 20 74 68 65 20 71 75 65 72 79 3b 20 69 6e 20 74 68 61 74 20 63 61 73 65 2c	.set.in.the.query;.in.that.case,
1a020	20 69 74 20 77 69 6c 6c 20 73 65 74 20 74 68 65 20 41 44 2d 62 69 74 20 69 6e 20 74 68 65 20 72	.it.will.set.the.AD-bit.in.the.r
1a040	65 73 70 6f 6e 73 65 20 77 68 65 6e 20 74 68 65 20 64 61 74 61 20 69 73 20 76 61 6c 69 64 61 74	esponse.when.the.data.is.validat
1a060	65 64 20 73 75 63 63 65 73 73 66 75 6c 6c 79 2c 20 6f 72 20 73 65 6e 64 20 53 45 52 56 46 41 49	ed.successfully,.or.send.SERVFAI
1a080	4c 20 77 68 65 6e 20 74 68 65 20 76 61 6c 69 64 61 74 69 6f 6e 20 63 6f 6d 65 73 20 75 70 20 62	L.when.the.validation.comes.up.b
1a0a0	6f 67 75 73 2e 00 2a 2a 70 72 6f 63 65 73 73 2d 6e 6f 2d 76 61 6c 69 64 61 74 65 2a 2a 20 49 6e	ogus..**process-no-validate**.In
1a0c0	20 74 68 69 73 20 6d 6f 64 65 20 74 68 65 20 72 65 63 75 72 73 6f 72 20 61 63 74 73 20 61 73 20	.this.mode.the.recursor.acts.as.
1a0e0	61 20 22 73 65 63 75 72 69 74 79 20 61 77 61 72 65 2c 20 6e 6f 6e 2d 76 61 6c 69 64 61 74 69 6e	a."security.aware,.non-validatin
1a100	67 22 20 6e 61 6d 65 73 65 72 76 65 72 2c 20 6d 65 61 6e 69 6e 67 20 69 74 20 77 69 6c 6c 20 73	g".nameserver,.meaning.it.will.s
1a120	65 74 20 74 68 65 20 44 4f 2d 62 69 74 20 6f 6e 20 6f 75 74 67 6f 69 6e 67 20 71 75 65 72 69 65	et.the.DO-bit.on.outgoing.querie
1a140	73 20 61 6e 64 20 77 69 6c 6c 20 70 72 6f 76 69 64 65 20 44 4e 53 53 45 43 20 72 65 6c 61 74 65	s.and.will.provide.DNSSEC.relate
1a160	64 20 52 52 73 65 74 73 20 28 4e 53 45 43 2c 20 52 52 53 49 47 29 20 74 6f 20 63 6c 69 65 6e 74	d.RRsets.(NSEC,.RRSIG).to.client
1a180	73 20 74 68 61 74 20 61 73 6b 20 66 6f 72 20 74 68 65 6d 20 28 62 79 20 6d 65 61 6e 73 20 6f 66	s.that.ask.for.them.(by.means.of
1a1a0	20 61 20 44 4f 2d 62 69 74 20 69 6e 20 74 68 65 20 71 75 65 72 79 29 2c 20 65 78 63 65 70 74 20	.a.DO-bit.in.the.query),.except.
1a1c0	66 6f 72 20 7a 6f 6e 65 73 20 70 72 6f 76 69 64 65 64 20 74 68 72 6f 75 67 68 20 74 68 65 20 61	for.zones.provided.through.the.a
1a1e0	75 74 68 2d 7a 6f 6e 65 73 20 73 65 74 74 69 6e 67 2e 20 49 74 20 77 69 6c 6c 20 6e 6f 74 20 64	uth-zones.setting..It.will.not.d
1a200	6f 20 61 6e 79 20 76 61 6c 69 64 61 74 69 6f 6e 20 69 6e 20 74 68 69 73 20 6d 6f 64 65 2c 20 6e	o.any.validation.in.this.mode,.n
1a220	6f 74 20 65 76 65 6e 20 77 68 65 6e 20 72 65 71 75 65 73 74 65 64 20 62 79 20 74 68 65 20 63 6c	ot.even.when.requested.by.the.cl
1a240	69 65 6e 74 2e 00 2a 2a 70 72 6f 74 6f 63 6f 6c 2a 2a 20 2d 20 73 70 65 63 69 66 79 20 77 68 69	ient..**protocol**.-.specify.whi
1a260	63 68 20 74 79 70 65 73 20 6f 66 20 70 72 6f 74 6f 63 6f 6c 73 20 74 68 69 73 20 74 72 61 6e 73	ch.types.of.protocols.this.trans
1a280	6c 61 74 69 6f 6e 20 72 75 6c 65 20 61 70 70 6c 69 65 73 20 74 6f 2e 20 4f 6e 6c 79 20 70 61 63	lation.rule.applies.to..Only.pac
1a2a0	6b 65 74 73 20 6d 61 74 63 68 69 6e 67 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 70 72 6f 74	kets.matching.the.specified.prot
1a2c0	6f 63 6f 6c 20 61 72 65 20 4e 41 54 65 64 2e 20 42 79 20 64 65 66 61 75 6c 74 20 74 68 69 73 20	ocol.are.NATed..By.default.this.
1a2e0	61 70 70 6c 69 65 73 20 74 6f 20 60 61 6c 6c 60 20 70 72 6f 74 6f 63 6f 6c 73 2e 00 2a 2a 72 61	applies.to.`all`.protocols..**ra
1a300	64 69 75 73 2a 2a 3a 20 41 6c 6c 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 71 75 65 72 69	dius**:.All.authentication.queri
1a320	65 73 20 61 72 65 20 68 61 6e 64 6c 65 64 20 62 79 20 61 20 63 6f 6e 66 69 67 75 72 65 64 20 52	es.are.handled.by.a.configured.R
1a340	41 44 49 55 53 20 73 65 72 76 65 72 2e 00 2a 2a 72 65 6d 6f 74 65 20 73 69 64 65 20 2d 20 63 6f	ADIUS.server..**remote.side.-.co
1a360	6d 6d 61 6e 64 73 2a 2a 00 2a 2a 72 65 70 6c 61 63 65 3a 2a 2a 20 52 65 6c 61 79 20 69 6e 66 6f	mmands**.**replace:**.Relay.info
1a380	72 6d 61 74 69 6f 6e 20 61 6c 72 65 61 64 79 20 70 72 65 73 65 6e 74 20 69 6e 20 61 20 70 61 63	rmation.already.present.in.a.pac
1a3a0	6b 65 74 20 69 73 20 73 74 72 69 70 70 65 64 20 61 6e 64 20 72 65 70 6c 61 63 65 64 20 77 69 74	ket.is.stripped.and.replaced.wit
1a3c0	68 20 74 68 65 20 72 6f 75 74 65 72 27 73 20 6f 77 6e 20 72 65 6c 61 79 20 69 6e 66 6f 72 6d 61	h.the.router's.own.relay.informa
1a3e0	74 69 6f 6e 20 73 65 74 2e 00 2a 2a 72 65 71 75 69 72 65 2a 2a 20 2d 20 61 73 6b 20 63 6c 69 65	tion.set..**require**.-.ask.clie
1a400	6e 74 20 66 6f 72 20 6d 70 70 65 2c 20 69 66 20 69 74 20 72 65 6a 65 63 74 73 20 64 72 6f 70 20	nt.for.mppe,.if.it.rejects.drop.
1a420	63 6f 6e 6e 65 63 74 69 6f 6e 00 2a 2a 72 69 67 68 74 2a 2a 00 2a 2a 73 65 74 70 63 61 70 2a 2a	connection.**right**.**setpcap**
1a440	3a 20 43 61 70 61 62 69 6c 69 74 79 20 73 65 74 73 20 28 66 72 6f 6d 20 62 6f 75 6e 64 65 64 20	:.Capability.sets.(from.bounded.
1a460	6f 72 20 69 6e 68 65 72 69 74 65 64 20 73 65 74 29 00 2a 2a 73 6f 75 72 63 65 2a 2a 20 2d 20 73	or.inherited.set).**source**.-.s
1a480	70 65 63 69 66 69 65 73 20 77 68 69 63 68 20 70 61 63 6b 65 74 73 20 74 68 65 20 4e 41 54 20 74	pecifies.which.packets.the.NAT.t
1a4a0	72 61 6e 73 6c 61 74 69 6f 6e 20 72 75 6c 65 20 61 70 70 6c 69 65 73 20 74 6f 20 62 61 73 65 64	ranslation.rule.applies.to.based
1a4c0	20 6f 6e 20 74 68 65 20 70 61 63 6b 65 74 73 20 73 6f 75 72 63 65 20 49 50 20 61 64 64 72 65 73	.on.the.packets.source.IP.addres
1a4e0	73 20 61 6e 64 2f 6f 72 20 73 6f 75 72 63 65 20 70 6f 72 74 2e 20 4f 6e 6c 79 20 6d 61 74 63 68	s.and/or.source.port..Only.match
1a500	69 6e 67 20 70 61 63 6b 65 74 73 20 61 72 65 20 63 6f 6e 73 69 64 65 72 65 64 20 66 6f 72 20 4e	ing.packets.are.considered.for.N
1a520	41 54 2e 00 2a 2a 73 79 73 2d 61 64 6d 69 6e 2a 2a 3a 20 41 64 6d 69 6e 69 73 74 61 74 69 6f 6e	AT..**sys-admin**:.Administation
1a540	20 6f 70 65 72 61 74 69 6f 6e 73 20 28 71 75 6f 74 61 63 74 6c 2c 20 6d 6f 75 6e 74 2c 20 73 65	.operations.(quotactl,.mount,.se
1a560	74 68 6f 73 74 6e 61 6d 65 2c 20 73 65 74 64 6f 6d 61 69 6e 61 6d 65 29 00 2a 2a 73 79 73 2d 74	thostname,.setdomainame).**sys-t
1a580	69 6d 65 2a 2a 3a 20 50 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 73 65 74 20 73 79 73 74 65 6d 20	ime**:.Permission.to.set.system.
1a5a0	63 6c 6f 63 6b 00 2a 2a 74 72 61 6e 73 69 74 69 6f 6e 2a 2a 20 2d 20 53 65 6e 64 20 61 6e 64 20	clock.**transition**.-.Send.and.
1a5c0	61 63 63 65 70 74 20 62 6f 74 68 20 73 74 79 6c 65 73 20 6f 66 20 54 4c 56 73 20 64 75 72 69 6e	accept.both.styles.of.TLVs.durin
1a5e0	67 20 74 72 61 6e 73 69 74 69 6f 6e 2e 00 2a 2a 75 70 73 74 72 65 61 6d 3a 2a 2a 20 54 68 65 20	g.transition..**upstream:**.The.
1a600	75 70 73 74 72 65 61 6d 20 6e 65 74 77 6f 72 6b 20 69 6e 74 65 72 66 61 63 65 20 69 73 20 74 68	upstream.network.interface.is.th
1a620	65 20 6f 75 74 67 6f 69 6e 67 20 69 6e 74 65 72 66 61 63 65 20 77 68 69 63 68 20 69 73 20 72 65	e.outgoing.interface.which.is.re
1a640	73 70 6f 6e 73 69 62 6c 65 20 66 6f 72 20 63 6f 6d 6d 75 6e 69 63 61 74 69 6e 67 20 74 6f 20 61	sponsible.for.communicating.to.a
1a660	76 61 69 6c 61 62 6c 65 20 6d 75 6c 74 69 63 61 73 74 20 64 61 74 61 20 73 6f 75 72 63 65 73 2e	vailable.multicast.data.sources.
1a680	20 54 68 65 72 65 20 63 61 6e 20 6f 6e 6c 79 20 62 65 20 6f 6e 65 20 75 70 73 74 72 65 61 6d 20	.There.can.only.be.one.upstream.
1a6a0	69 6e 74 65 72 66 61 63 65 2e 00 2a 2a 76 61 6c 69 64 61 74 65 2a 2a 20 54 68 65 20 68 69 67 68	interface..**validate**.The.high
1a6c0	65 73 74 20 6d 6f 64 65 20 6f 66 20 44 4e 53 53 45 43 20 70 72 6f 63 65 73 73 69 6e 67 2e 20 49	est.mode.of.DNSSEC.processing..I
1a6e0	6e 20 74 68 69 73 20 6d 6f 64 65 2c 20 61 6c 6c 20 71 75 65 72 69 65 73 20 77 69 6c 6c 20 62 65	n.this.mode,.all.queries.will.be
1a700	20 76 61 6c 69 64 61 74 65 64 20 61 6e 64 20 77 69 6c 6c 20 62 65 20 61 6e 73 77 65 72 65 64 20	.validated.and.will.be.answered.
1a720	77 69 74 68 20 61 20 53 45 52 56 46 41 49 4c 20 69 6e 20 63 61 73 65 20 6f 66 20 62 6f 67 75 73	with.a.SERVFAIL.in.case.of.bogus
1a740	20 64 61 74 61 2c 20 72 65 67 61 72 64 6c 65 73 73 20 6f 66 20 74 68 65 20 63 6c 69 65 6e 74 27	.data,.regardless.of.the.client'
1a760	73 20 72 65 71 75 65 73 74 2e 00 2a 2a 77 69 64 65 2a 2a 20 2d 20 55 73 65 20 6e 65 77 20 73 74	s.request..**wide**.-.Use.new.st
1a780	79 6c 65 20 6f 66 20 54 4c 56 73 20 74 6f 20 63 61 72 72 79 20 77 69 64 65 72 20 6d 65 74 72 69	yle.of.TLVs.to.carry.wider.metri
1a7a0	63 2e 00 2a 62 67 70 64 2a 20 73 75 70 70 6f 72 74 73 20 4d 75 6c 74 69 70 72 6f 74 6f 63 6f 6c	c..*bgpd*.supports.Multiprotocol
1a7c0	20 45 78 74 65 6e 73 69 6f 6e 20 66 6f 72 20 42 47 50 2e 20 53 6f 20 69 66 20 61 20 72 65 6d 6f	.Extension.for.BGP..So.if.a.remo
1a7e0	74 65 20 70 65 65 72 20 73 75 70 70 6f 72 74 73 20 74 68 65 20 70 72 6f 74 6f 63 6f 6c 2c 20 2a	te.peer.supports.the.protocol,.*
1a800	62 67 70 64 2a 20 63 61 6e 20 65 78 63 68 61 6e 67 65 20 49 50 76 36 20 61 6e 64 2f 6f 72 20 6d	bgpd*.can.exchange.IPv6.and/or.m
1a820	75 6c 74 69 63 61 73 74 20 72 6f 75 74 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 00 30 00	ulticast.routing.information..0.
1a840	30 20 69 66 20 6e 6f 74 20 64 65 66 69 6e 65 64 2c 20 77 68 69 63 68 20 6d 65 61 6e 73 20 6e 6f	0.if.not.defined,.which.means.no
1a860	20 72 65 66 72 65 73 68 69 6e 67 2e 00 30 20 69 66 20 6e 6f 74 20 64 65 66 69 6e 65 64 2e 00 30	.refreshing..0.if.not.defined..0
1a880	30 30 30 30 30 00 30 30 31 30 31 30 00 30 30 31 31 30 30 00 30 30 31 31 31 30 00 30 31 30 30 31	00000.001010.001100.001110.01001
1a8a0	30 00 30 31 30 31 30 30 00 30 31 30 31 31 30 00 30 31 31 30 31 30 00 30 31 31 31 30 30 00 30 31	0.010100.010110.011010.011100.01
1a8c0	31 31 31 30 00 30 3a 20 44 69 73 61 62 6c 65 20 44 41 44 00 31 00 31 20 69 66 20 6e 6f 74 20 64	1110.0:.Disable.DAD.1.1.if.not.d
1a8e0	65 66 69 6e 65 64 2e 00 31 2d 74 6f 2d 31 20 4e 41 54 00 31 2e 20 43 72 65 61 74 65 20 61 6e 20	efined..1-to-1.NAT.1..Create.an.
1a900	65 76 65 6e 74 20 68 61 6e 64 6c 65 72 00 31 30 00 31 30 20 2d 20 31 30 20 4d 42 69 74 2f 73 00	event.handler.10.10.-.10.MBit/s.
1a920	31 30 2e 30 2e 30 2e 30 20 74 6f 20 31 30 2e 32 35 35 2e 32 35 35 2e 32 35 35 20 28 43 49 44 52	10.0.0.0.to.10.255.255.255.(CIDR
1a940	3a 20 31 30 2e 30 2e 30 2e 30 2f 38 29 00 31 30 30 20 2d 20 31 30 30 20 4d 42 69 74 2f 73 00 31	:.10.0.0.0/8).100.-.100.MBit/s.1
1a960	30 30 30 20 2d 20 31 20 47 42 69 74 2f 73 00 31 30 30 30 30 20 2d 20 31 30 20 47 42 69 74 2f 73	000.-.1.GBit/s.10000.-.10.GBit/s
1a980	00 31 30 30 30 30 30 20 2d 20 31 30 30 20 47 42 69 74 2f 73 00 31 30 30 30 31 30 00 31 30 30 31	.100000.-.100.GBit/s.100010.1001
1a9a0	30 30 00 31 30 30 31 31 30 00 31 30 31 31 31 30 00 31 31 00 31 31 39 00 31 32 00 31 32 31 2c 20	00.100110.101110.11.119.12.121,.
1a9c0	32 34 39 00 31 33 00 31 34 00 31 35 00 31 36 00 31 37 00 31 37 32 2e 31 36 2e 30 2e 30 20 74 6f	249.13.14.15.16.17.172.16.0.0.to
1a9e0	20 31 37 32 2e 33 31 2e 32 35 35 2e 32 35 35 20 28 43 49 44 52 3a 20 31 37 32 2e 31 36 2e 30 2e	.172.31.255.255.(CIDR:.172.16.0.
1aa00	30 2f 31 32 29 00 31 38 00 31 39 00 31 39 32 2e 31 36 38 2e 30 2e 30 20 74 6f 20 31 39 32 2e 31	0/12).18.19.192.168.0.0.to.192.1
1aa20	36 38 2e 32 35 35 2e 32 35 35 20 28 43 49 44 52 3a 20 31 39 32 2e 31 36 38 2e 30 2e 30 2f 31 36	68.255.255.(CIDR:.192.168.0.0/16
1aa40	29 00 31 3a 20 45 6e 61 62 6c 65 20 44 41 44 20 28 64 65 66 61 75 6c 74 29 00 32 00 32 2e 20 41	).1:.Enable.DAD.(default).2.2..A
1aa60	64 64 20 72 65 67 65 78 20 74 6f 20 74 68 65 20 73 63 72 69 70 74 00 32 30 00 32 31 00 32 32 00	dd.regex.to.the.script.20.21.22.
1aa80	32 33 00 32 35 30 30 20 2d 20 32 2e 35 20 47 42 69 74 2f 73 00 32 35 30 30 30 20 2d 20 32 35 20	23.2500.-.2.5.GBit/s.25000.-.25.
1aaa0	47 42 69 74 2f 73 00 32 35 32 00 32 36 00 32 38 00 32 3a 20 45 6e 61 62 6c 65 20 44 41 44 2c 20	GBit/s.252.26.28.2:.Enable.DAD,.
1aac0	61 6e 64 20 64 69 73 61 62 6c 65 20 49 50 76 36 20 6f 70 65 72 61 74 69 6f 6e 20 69 66 20 4d 41	and.disable.IPv6.operation.if.MA
1aae0	43 2d 62 61 73 65 64 20 64 75 70 6c 69 63 61 74 65 20 6c 69 6e 6b 2d 6c 6f 63 61 6c 20 61 64 64	C-based.duplicate.link-local.add
1ab00	72 65 73 73 20 68 61 73 20 62 65 65 6e 20 66 6f 75 6e 64 2e 00 32 46 41 20 4f 54 50 20 73 75 70	ress.has.been.found..2FA.OTP.sup
1ab20	70 6f 72 74 00 33 00 33 2e 20 41 64 64 20 61 20 66 75 6c 6c 20 70 61 74 68 20 74 6f 20 74 68 65	port.3.3..Add.a.full.path.to.the
1ab40	20 73 63 72 69 70 74 00 33 30 00 33 34 00 33 36 00 33 38 00 34 00 34 2e 20 41 64 64 20 6f 70 74	.script.30.34.36.38.4.4..Add.opt
1ab60	69 6f 6e 61 6c 20 70 61 72 61 6d 65 74 65 72 73 00 34 30 20 4d 48 7a 20 63 68 61 6e 6e 65 6c 73	ional.parameters.40.MHz.channels
1ab80	20 6d 61 79 20 73 77 69 74 63 68 20 74 68 65 69 72 20 70 72 69 6d 61 72 79 20 61 6e 64 20 73 65	.may.switch.their.primary.and.se
1aba0	63 6f 6e 64 61 72 79 20 63 68 61 6e 6e 65 6c 73 20 69 66 20 6e 65 65 64 65 64 20 6f 72 20 63 72	condary.channels.if.needed.or.cr
1abc0	65 61 74 69 6f 6e 20 6f 66 20 34 30 20 4d 48 7a 20 63 68 61 6e 6e 65 6c 20 6d 61 79 62 65 20 72	eation.of.40.MHz.channel.maybe.r
1abe0	65 6a 65 63 74 65 64 20 62 61 73 65 64 20 6f 6e 20 6f 76 65 72 6c 61 70 70 69 6e 67 20 42 53 53	ejected.based.on.overlapping.BSS
1ac00	65 73 2e 20 54 68 65 73 65 20 63 68 61 6e 67 65 73 20 61 72 65 20 64 6f 6e 65 20 61 75 74 6f 6d	es..These.changes.are.done.autom
1ac20	61 74 69 63 61 6c 6c 79 20 77 68 65 6e 20 68 6f 73 74 61 70 64 20 69 73 20 73 65 74 74 69 6e 67	atically.when.hostapd.is.setting
1ac40	20 75 70 20 74 68 65 20 34 30 20 4d 48 7a 20 63 68 61 6e 6e 65 6c 2e 00 34 30 30 30 30 20 2d 20	.up.the.40.MHz.channel..40000.-.
1ac60	34 30 20 47 42 69 74 2f 73 00 34 32 00 34 34 00 34 36 00 35 00 35 20 69 66 20 6e 6f 74 20 64 65	40.GBit/s.42.44.46.5.5.if.not.de
1ac80	66 69 6e 65 64 2e 00 35 30 30 30 20 2d 20 35 20 47 42 69 74 2f 73 00 35 30 30 30 30 20 2d 20 35	fined..5000.-.5.GBit/s.50000.-.5
1aca0	30 20 47 42 69 74 2f 73 00 35 34 00 36 00 36 36 00 36 36 25 20 6f 66 20 74 72 61 66 66 69 63 20	0.GBit/s.54.6.66.66%.of.traffic.
1acc0	69 73 20 72 6f 75 74 65 64 20 74 6f 20 65 74 68 30 2c 20 65 74 68 31 20 67 65 74 73 20 33 33 25	is.routed.to.eth0,.eth1.gets.33%
1ace0	20 6f 66 20 74 72 61 66 66 69 63 2e 00 36 37 00 36 39 00 36 69 6e 34 20 28 53 49 54 29 00 36 69	.of.traffic..67.69.6in4.(SIT).6i
1ad00	6e 34 20 75 73 65 73 20 74 75 6e 6e 65 6c 69 6e 67 20 74 6f 20 65 6e 63 61 70 73 75 6c 61 74 65	n4.uses.tunneling.to.encapsulate
1ad20	20 49 50 76 36 20 74 72 61 66 66 69 63 20 6f 76 65 72 20 49 50 76 34 20 6c 69 6e 6b 73 20 61 73	.IPv6.traffic.over.IPv4.links.as
1ad40	20 64 65 66 69 6e 65 64 20 69 6e 20 3a 72 66 63 3a 60 34 32 31 33 60 2e 20 54 68 65 20 36 69 6e	.defined.in.:rfc:`4213`..The.6in
1ad60	34 20 74 72 61 66 66 69 63 20 69 73 20 73 65 6e 74 20 6f 76 65 72 20 49 50 76 34 20 69 6e 73 69	4.traffic.is.sent.over.IPv4.insi
1ad80	64 65 20 49 50 76 34 20 70 61 63 6b 65 74 73 20 77 68 6f 73 65 20 49 50 20 68 65 61 64 65 72 73	de.IPv4.packets.whose.IP.headers
1ada0	20 68 61 76 65 20 74 68 65 20 49 50 20 70 72 6f 74 6f 63 6f 6c 20 6e 75 6d 62 65 72 20 73 65 74	.have.the.IP.protocol.number.set
1adc0	20 74 6f 20 34 31 2e 20 54 68 69 73 20 70 72 6f 74 6f 63 6f 6c 20 6e 75 6d 62 65 72 20 69 73 20	.to.41..This.protocol.number.is.
1ade0	73 70 65 63 69 66 69 63 61 6c 6c 79 20 64 65 73 69 67 6e 61 74 65 64 20 66 6f 72 20 49 50 76 36	specifically.designated.for.IPv6
1ae00	20 65 6e 63 61 70 73 75 6c 61 74 69 6f 6e 2c 20 74 68 65 20 49 50 76 34 20 70 61 63 6b 65 74 20	.encapsulation,.the.IPv4.packet.
1ae20	68 65 61 64 65 72 20 69 73 20 69 6d 6d 65 64 69 61 74 65 6c 79 20 66 6f 6c 6c 6f 77 65 64 20 62	header.is.immediately.followed.b
1ae40	79 20 74 68 65 20 49 50 76 36 20 70 61 63 6b 65 74 20 62 65 69 6e 67 20 63 61 72 72 69 65 64 2e	y.the.IPv6.packet.being.carried.
1ae60	20 54 68 65 20 65 6e 63 61 70 73 75 6c 61 74 69 6f 6e 20 6f 76 65 72 68 65 61 64 20 69 73 20 74	.The.encapsulation.overhead.is.t
1ae80	68 65 20 73 69 7a 65 20 6f 66 20 74 68 65 20 49 50 76 34 20 68 65 61 64 65 72 20 6f 66 20 32 30	he.size.of.the.IPv4.header.of.20
1aea0	20 62 79 74 65 73 2c 20 74 68 65 72 65 66 6f 72 65 20 77 69 74 68 20 61 6e 20 4d 54 55 20 6f 66	.bytes,.therefore.with.an.MTU.of
1aec0	20 31 35 30 30 20 62 79 74 65 73 2c 20 49 50 76 36 20 70 61 63 6b 65 74 73 20 6f 66 20 31 34 38	.1500.bytes,.IPv6.packets.of.148
1aee0	30 20 62 79 74 65 73 20 63 61 6e 20 62 65 20 73 65 6e 74 20 77 69 74 68 6f 75 74 20 66 72 61 67	0.bytes.can.be.sent.without.frag
1af00	6d 65 6e 74 61 74 69 6f 6e 2e 20 54 68 69 73 20 74 75 6e 6e 65 6c 69 6e 67 20 74 65 63 68 6e 69	mentation..This.tunneling.techni
1af20	71 75 65 20 69 73 20 66 72 65 71 75 65 6e 74 6c 79 20 75 73 65 64 20 62 79 20 49 50 76 36 20 74	que.is.frequently.used.by.IPv6.t
1af40	75 6e 6e 65 6c 20 62 72 6f 6b 65 72 73 20 6c 69 6b 65 20 60 48 75 72 72 69 63 61 6e 65 20 45 6c	unnel.brokers.like.`Hurricane.El
1af60	65 63 74 72 69 63 60 5f 2e 00 37 00 37 30 00 38 00 38 30 32 2e 31 71 20 56 4c 41 4e 20 69 6e 74	ectric`_..7.70.8.802.1q.VLAN.int
1af80	65 72 66 61 63 65 73 20 61 72 65 20 72 65 70 72 65 73 65 6e 74 65 64 20 61 73 20 76 69 72 74 75	erfaces.are.represented.as.virtu
1afa0	61 6c 20 73 75 62 2d 69 6e 74 65 72 66 61 63 65 73 20 69 6e 20 56 79 4f 53 2e 20 54 68 65 20 74	al.sub-interfaces.in.VyOS..The.t
1afc0	65 72 6d 20 75 73 65 64 20 66 6f 72 20 74 68 69 73 20 69 73 20 60 60 76 69 66 60 60 2e 00 39 00	erm.used.for.this.is.``vif``..9.
1afe0	3a 61 62 62 72 3a 60 41 46 49 20 28 41 64 64 72 65 73 73 20 66 61 6d 69 6c 79 20 61 75 74 68 6f	:abbr:`AFI.(Address.family.autho
1b000	72 69 74 79 20 69 64 65 6e 74 69 66 69 65 72 29 60 20 2d 20 60 60 34 39 60 60 20 54 68 65 20 41	rity.identifier)`.-.``49``.The.A
1b020	46 49 20 76 61 6c 75 65 20 34 39 20 69 73 20 77 68 61 74 20 49 53 2d 49 53 20 75 73 65 73 20 66	FI.value.49.is.what.IS-IS.uses.f
1b040	6f 72 20 70 72 69 76 61 74 65 20 61 64 64 72 65 73 73 69 6e 67 2e 00 3a 61 62 62 72 3a 60 41 52	or.private.addressing..:abbr:`AR
1b060	50 20 28 41 64 64 72 65 73 73 20 52 65 73 6f 6c 75 74 69 6f 6e 20 50 72 6f 74 6f 63 6f 6c 29 60	P.(Address.Resolution.Protocol)`
1b080	20 69 73 20 61 20 63 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 20 70 72 6f 74 6f 63 6f 6c 20 75 73 65	.is.a.communication.protocol.use
1b0a0	64 20 66 6f 72 20 64 69 73 63 6f 76 65 72 69 6e 67 20 74 68 65 20 6c 69 6e 6b 20 6c 61 79 65 72	d.for.discovering.the.link.layer
1b0c0	20 61 64 64 72 65 73 73 2c 20 73 75 63 68 20 61 73 20 61 20 4d 41 43 20 61 64 64 72 65 73 73 2c	.address,.such.as.a.MAC.address,
1b0e0	20 61 73 73 6f 63 69 61 74 65 64 20 77 69 74 68 20 61 20 67 69 76 65 6e 20 69 6e 74 65 72 6e 65	.associated.with.a.given.interne
1b100	74 20 6c 61 79 65 72 20 61 64 64 72 65 73 73 2c 20 74 79 70 69 63 61 6c 6c 79 20 61 6e 20 49 50	t.layer.address,.typically.an.IP
1b120	76 34 20 61 64 64 72 65 73 73 2e 20 54 68 69 73 20 6d 61 70 70 69 6e 67 20 69 73 20 61 20 63 72	v4.address..This.mapping.is.a.cr
1b140	69 74 69 63 61 6c 20 66 75 6e 63 74 69 6f 6e 20 69 6e 20 74 68 65 20 49 6e 74 65 72 6e 65 74 20	itical.function.in.the.Internet.
1b160	70 72 6f 74 6f 63 6f 6c 20 73 75 69 74 65 2e 20 41 52 50 20 77 61 73 20 64 65 66 69 6e 65 64 20	protocol.suite..ARP.was.defined.
1b180	69 6e 20 31 39 38 32 20 62 79 20 3a 72 66 63 3a 60 38 32 36 60 20 77 68 69 63 68 20 69 73 20 49	in.1982.by.:rfc:`826`.which.is.I
1b1a0	6e 74 65 72 6e 65 74 20 53 74 61 6e 64 61 72 64 20 53 54 44 20 33 37 2e 00 3a 61 62 62 72 3a 60	nternet.Standard.STD.37..:abbr:`
1b1c0	42 46 44 20 28 42 69 64 69 72 65 63 74 69 6f 6e 61 6c 20 46 6f 72 77 61 72 64 69 6e 67 20 44 65	BFD.(Bidirectional.Forwarding.De
1b1e0	74 65 63 74 69 6f 6e 29 60 20 69 73 20 64 65 73 63 72 69 62 65 64 20 61 6e 64 20 65 78 74 65 6e	tection)`.is.described.and.exten
1b200	64 65 64 20 62 79 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 52 46 43 73 3a 20 3a 72 66 63 3a	ded.by.the.following.RFCs:.:rfc:
1b220	60 35 38 38 30 60 2c 20 3a 72 66 63 3a 60 35 38 38 31 60 20 61 6e 64 20 3a 72 66 63 3a 60 35 38	`5880`,.:rfc:`5881`.and.:rfc:`58
1b240	38 33 60 2e 00 3a 61 62 62 72 3a 60 42 47 50 20 28 42 6f 72 64 65 72 20 47 61 74 65 77 61 79 20	83`..:abbr:`BGP.(Border.Gateway.
1b260	50 72 6f 74 6f 63 6f 6c 29 60 20 69 73 20 6f 6e 65 20 6f 66 20 74 68 65 20 45 78 74 65 72 69 6f	Protocol)`.is.one.of.the.Exterio
1b280	72 20 47 61 74 65 77 61 79 20 50 72 6f 74 6f 63 6f 6c 73 20 61 6e 64 20 74 68 65 20 64 65 20 66	r.Gateway.Protocols.and.the.de.f
1b2a0	61 63 74 6f 20 73 74 61 6e 64 61 72 64 20 69 6e 74 65 72 64 6f 6d 61 69 6e 20 72 6f 75 74 69 6e	acto.standard.interdomain.routin
1b2c0	67 20 70 72 6f 74 6f 63 6f 6c 2e 20 54 68 65 20 6c 61 74 65 73 74 20 42 47 50 20 76 65 72 73 69	g.protocol..The.latest.BGP.versi
1b2e0	6f 6e 20 69 73 20 34 2e 20 42 47 50 2d 34 20 69 73 20 64 65 73 63 72 69 62 65 64 20 69 6e 20 3a	on.is.4..BGP-4.is.described.in.:
1b300	72 66 63 3a 60 31 37 37 31 60 20 61 6e 64 20 75 70 64 61 74 65 64 20 62 79 20 3a 72 66 63 3a 60	rfc:`1771`.and.updated.by.:rfc:`
1b320	34 32 37 31 60 2e 20 3a 72 66 63 3a 60 32 38 35 38 60 20 61 64 64 73 20 6d 75 6c 74 69 70 72 6f	4271`..:rfc:`2858`.adds.multipro
1b340	74 6f 63 6f 6c 20 73 75 70 70 6f 72 74 20 74 6f 20 42 47 50 2e 00 3a 61 62 62 72 3a 60 43 4b 4e	tocol.support.to.BGP..:abbr:`CKN
1b360	20 28 4d 41 43 73 65 63 20 63 6f 6e 6e 65 63 74 69 76 69 74 79 20 61 73 73 6f 63 69 61 74 69 6f	.(MACsec.connectivity.associatio
1b380	6e 20 6e 61 6d 65 29 60 20 6b 65 79 00 3a 61 62 62 72 3a 60 44 4d 56 50 4e 20 28 44 79 6e 61 6d	n.name)`.key.:abbr:`DMVPN.(Dynam
1b3a0	69 63 20 4d 75 6c 74 69 70 6f 69 6e 74 20 56 69 72 74 75 61 6c 20 50 72 69 76 61 74 65 20 4e 65	ic.Multipoint.Virtual.Private.Ne
1b3c0	74 77 6f 72 6b 29 60 20 69 73 20 61 20 64 79 6e 61 6d 69 63 20 3a 61 62 62 72 3a 60 56 50 4e 20	twork)`.is.a.dynamic.:abbr:`VPN.
1b3e0	28 56 69 72 74 75 61 6c 20 50 72 69 76 61 74 65 20 4e 65 74 77 6f 72 6b 29 60 20 74 65 63 68 6e	(Virtual.Private.Network)`.techn
1b400	6f 6c 6f 67 79 20 6f 72 69 67 69 6e 61 6c 6c 79 20 64 65 76 65 6c 6f 70 65 64 20 62 79 20 43 69	ology.originally.developed.by.Ci
1b420	73 63 6f 2e 20 57 68 69 6c 65 20 74 68 65 69 72 20 69 6d 70 6c 65 6d 65 6e 74 61 74 69 6f 6e 20	sco..While.their.implementation.
1b440	77 61 73 20 73 6f 6d 65 77 68 61 74 20 70 72 6f 70 72 69 65 74 61 72 79 2c 20 74 68 65 20 75 6e	was.somewhat.proprietary,.the.un
1b460	64 65 72 6c 79 69 6e 67 20 74 65 63 68 6e 6f 6c 6f 67 69 65 73 20 61 72 65 20 61 63 74 75 61 6c	derlying.technologies.are.actual
1b480	6c 79 20 73 74 61 6e 64 61 72 64 73 20 62 61 73 65 64 2e 20 54 68 65 20 74 68 72 65 65 20 74 65	ly.standards.based..The.three.te
1b4a0	63 68 6e 6f 6c 6f 67 69 65 73 20 61 72 65 3a 00 3a 61 62 62 72 3a 60 44 4e 41 54 20 28 44 65 73	chnologies.are:.:abbr:`DNAT.(Des
1b4c0	74 69 6e 61 74 69 6f 6e 20 4e 65 74 77 6f 72 6b 20 41 64 64 72 65 73 73 20 54 72 61 6e 73 6c 61	tination.Network.Address.Transla
1b4e0	74 69 6f 6e 29 60 20 63 68 61 6e 67 65 73 20 74 68 65 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 61	tion)`.changes.the.destination.a
1b500	64 64 72 65 73 73 20 6f 66 20 70 61 63 6b 65 74 73 20 70 61 73 73 69 6e 67 20 74 68 72 6f 75 67	ddress.of.packets.passing.throug
1b520	68 20 74 68 65 20 72 6f 75 74 65 72 2c 20 77 68 69 6c 65 20 3a 72 65 66 3a 60 73 6f 75 72 63 65	h.the.router,.while.:ref:`source
1b540	2d 6e 61 74 60 20 63 68 61 6e 67 65 73 20 74 68 65 20 73 6f 75 72 63 65 20 61 64 64 72 65 73 73	-nat`.changes.the.source.address
1b560	20 6f 66 20 70 61 63 6b 65 74 73 2e 20 44 4e 41 54 20 69 73 20 74 79 70 69 63 61 6c 6c 79 20 75	.of.packets..DNAT.is.typically.u
1b580	73 65 64 20 77 68 65 6e 20 61 6e 20 65 78 74 65 72 6e 61 6c 20 28 70 75 62 6c 69 63 29 20 68 6f	sed.when.an.external.(public).ho
1b5a0	73 74 20 6e 65 65 64 73 20 74 6f 20 69 6e 69 74 69 61 74 65 20 61 20 73 65 73 73 69 6f 6e 20 77	st.needs.to.initiate.a.session.w
1b5c0	69 74 68 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 28 70 72 69 76 61 74 65 29 20 68 6f 73 74 2e 20	ith.an.internal.(private).host..
1b5e0	41 20 63 75 73 74 6f 6d 65 72 20 6e 65 65 64 73 20 74 6f 20 61 63 63 65 73 73 20 61 20 70 72 69	A.customer.needs.to.access.a.pri
1b600	76 61 74 65 20 73 65 72 76 69 63 65 20 62 65 68 69 6e 64 20 74 68 65 20 72 6f 75 74 65 72 73 20	vate.service.behind.the.routers.
1b620	70 75 62 6c 69 63 20 49 50 2e 20 41 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 69 73 20 65 73 74 61 62	public.IP..A.connection.is.estab
1b640	6c 69 73 68 65 64 20 77 69 74 68 20 74 68 65 20 72 6f 75 74 65 72 73 20 70 75 62 6c 69 63 20 49	lished.with.the.routers.public.I
1b660	50 20 61 64 64 72 65 73 73 20 6f 6e 20 61 20 77 65 6c 6c 20 6b 6e 6f 77 6e 20 70 6f 72 74 20 61	P.address.on.a.well.known.port.a
1b680	6e 64 20 74 68 75 73 20 61 6c 6c 20 74 72 61 66 66 69 63 20 66 6f 72 20 74 68 69 73 20 70 6f 72	nd.thus.all.traffic.for.this.por
1b6a0	74 20 69 73 20 72 65 77 72 69 74 74 65 6e 20 74 6f 20 61 64 64 72 65 73 73 20 74 68 65 20 69 6e	t.is.rewritten.to.address.the.in
1b6c0	74 65 72 6e 61 6c 20 28 70 72 69 76 61 74 65 29 20 68 6f 73 74 2e 00 3a 61 62 62 72 3a 60 45 41	ternal.(private).host..:abbr:`EA
1b6e0	50 20 28 45 78 74 65 6e 73 69 62 6c 65 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 50 72 6f	P.(Extensible.Authentication.Pro
1b700	74 6f 63 6f 6c 29 60 20 6f 76 65 72 20 4c 41 4e 20 28 45 41 50 6f 4c 29 20 69 73 20 61 20 6e 65	tocol)`.over.LAN.(EAPoL).is.a.ne
1b720	74 77 6f 72 6b 20 70 6f 72 74 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 70 72 6f 74 6f 63	twork.port.authentication.protoc
1b740	6f 6c 20 75 73 65 64 20 69 6e 20 49 45 45 45 20 38 30 32 2e 31 58 20 28 50 6f 72 74 20 42 61 73	ol.used.in.IEEE.802.1X.(Port.Bas
1b760	65 64 20 4e 65 74 77 6f 72 6b 20 41 63 63 65 73 73 20 43 6f 6e 74 72 6f 6c 29 20 64 65 76 65 6c	ed.Network.Access.Control).devel
1b780	6f 70 65 64 20 74 6f 20 67 69 76 65 20 61 20 67 65 6e 65 72 69 63 20 6e 65 74 77 6f 72 6b 20 73	oped.to.give.a.generic.network.s
1b7a0	69 67 6e 2d 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 6e 65 74 77 6f 72 6b 20 72 65 73 6f 75 72 63	ign-on.to.access.network.resourc
1b7c0	65 73 2e 00 3a 61 62 62 72 3a 60 45 55 49 2d 36 34 20 28 36 34 2d 42 69 74 20 45 78 74 65 6e 64	es..:abbr:`EUI-64.(64-Bit.Extend
1b7e0	65 64 20 55 6e 69 71 75 65 20 49 64 65 6e 74 69 66 69 65 72 29 60 20 61 73 20 73 70 65 63 69 66	ed.Unique.Identifier)`.as.specif
1b800	69 65 64 20 69 6e 20 3a 72 66 63 3a 60 34 32 39 31 60 20 61 6c 6c 6f 77 73 20 61 20 68 6f 73 74	ied.in.:rfc:`4291`.allows.a.host
1b820	20 74 6f 20 61 73 73 69 67 6e 20 69 74 65 73 6c 66 20 61 20 75 6e 69 71 75 65 20 36 34 2d 42 69	.to.assign.iteslf.a.unique.64-Bi
1b840	74 20 49 50 76 36 20 61 64 64 72 65 73 73 2e 00 3a 61 62 62 72 3a 60 47 45 4e 45 56 45 20 28 47	t.IPv6.address..:abbr:`GENEVE.(G
1b860	65 6e 65 72 69 63 20 4e 65 74 77 6f 72 6b 20 56 69 72 74 75 61 6c 69 7a 61 74 69 6f 6e 20 45 6e	eneric.Network.Virtualization.En
1b880	63 61 70 73 75 6c 61 74 69 6f 6e 29 60 20 73 75 70 70 6f 72 74 73 20 61 6c 6c 20 6f 66 20 74 68	capsulation)`.supports.all.of.th
1b8a0	65 20 63 61 70 61 62 69 6c 69 74 69 65 73 20 6f 66 20 3a 61 62 62 72 3a 60 56 58 4c 41 4e 20 28	e.capabilities.of.:abbr:`VXLAN.(
1b8c0	56 69 72 74 75 61 6c 20 45 78 74 65 6e 73 69 62 6c 65 20 4c 41 4e 29 60 2c 20 3a 61 62 62 72 3a	Virtual.Extensible.LAN)`,.:abbr:
1b8e0	60 4e 56 47 52 45 20 28 4e 65 74 77 6f 72 6b 20 56 69 72 74 75 61 6c 69 7a 61 74 69 6f 6e 20 75	`NVGRE.(Network.Virtualization.u
1b900	73 69 6e 67 20 47 65 6e 65 72 69 63 20 52 6f 75 74 69 6e 67 20 45 6e 63 61 70 73 75 6c 61 74 69	sing.Generic.Routing.Encapsulati
1b920	6f 6e 29 60 2c 20 61 6e 64 20 3a 61 62 62 72 3a 60 53 54 54 20 28 53 74 61 74 65 6c 65 73 73 20	on)`,.and.:abbr:`STT.(Stateless.
1b940	54 72 61 6e 73 70 6f 72 74 20 54 75 6e 6e 65 6c 69 6e 67 29 60 20 61 6e 64 20 77 61 73 20 64 65	Transport.Tunneling)`.and.was.de
1b960	73 69 67 6e 65 64 20 74 6f 20 6f 76 65 72 63 6f 6d 65 20 74 68 65 69 72 20 70 65 72 63 65 69 76	signed.to.overcome.their.perceiv
1b980	65 64 20 6c 69 6d 69 74 61 74 69 6f 6e 73 2e 20 4d 61 6e 79 20 62 65 6c 69 65 76 65 20 47 45 4e	ed.limitations..Many.believe.GEN
1b9a0	45 56 45 20 63 6f 75 6c 64 20 65 76 65 6e 74 75 61 6c 6c 79 20 72 65 70 6c 61 63 65 20 74 68 65	EVE.could.eventually.replace.the
1b9c0	73 65 20 65 61 72 6c 69 65 72 20 66 6f 72 6d 61 74 73 20 65 6e 74 69 72 65 6c 79 2e 00 3a 61 62	se.earlier.formats.entirely..:ab
1b9e0	62 72 3a 60 47 52 45 20 28 47 65 6e 65 72 69 63 20 52 6f 75 74 69 6e 67 20 45 6e 63 61 70 73 75	br:`GRE.(Generic.Routing.Encapsu
1ba00	6c 61 74 69 6f 6e 29 60 2c 20 47 52 45 2f 49 50 73 65 63 20 28 6f 72 20 49 50 49 50 2f 49 50 73	lation)`,.GRE/IPsec.(or.IPIP/IPs
1ba20	65 63 2c 20 53 49 54 2f 49 50 73 65 63 2c 20 6f 72 20 61 6e 79 20 6f 74 68 65 72 20 73 74 61 74	ec,.SIT/IPsec,.or.any.other.stat
1ba40	65 6c 65 73 73 20 74 75 6e 6e 65 6c 20 70 72 6f 74 6f 63 6f 6c 20 6f 76 65 72 20 49 50 73 65 63	eless.tunnel.protocol.over.IPsec
1ba60	29 20 69 73 20 74 68 65 20 75 73 75 61 6c 20 77 61 79 20 74 6f 20 70 72 6f 74 65 63 74 20 74 68	).is.the.usual.way.to.protect.th
1ba80	65 20 74 72 61 66 66 69 63 20 69 6e 73 69 64 65 20 61 20 74 75 6e 6e 65 6c 2e 00 3a 61 62 62 72	e.traffic.inside.a.tunnel..:abbr
1baa0	3a 60 47 52 4f 20 28 47 65 6e 65 72 69 63 20 72 65 63 65 69 76 65 20 6f 66 66 6c 6f 61 64 29 60	:`GRO.(Generic.receive.offload)`
1bac0	20 69 73 20 74 68 65 20 63 6f 6d 70 6c 65 6d 65 6e 74 20 74 6f 20 47 53 4f 2e 20 49 64 65 61 6c	.is.the.complement.to.GSO..Ideal
1bae0	6c 79 20 61 6e 79 20 66 72 61 6d 65 20 61 73 73 65 6d 62 6c 65 64 20 62 79 20 47 52 4f 20 73 68	ly.any.frame.assembled.by.GRO.sh
1bb00	6f 75 6c 64 20 62 65 20 73 65 67 6d 65 6e 74 65 64 20 74 6f 20 63 72 65 61 74 65 20 61 6e 20 69	ould.be.segmented.to.create.an.i
1bb20	64 65 6e 74 69 63 61 6c 20 73 65 71 75 65 6e 63 65 20 6f 66 20 66 72 61 6d 65 73 20 75 73 69 6e	dentical.sequence.of.frames.usin
1bb40	67 20 47 53 4f 2c 20 61 6e 64 20 61 6e 79 20 73 65 71 75 65 6e 63 65 20 6f 66 20 66 72 61 6d 65	g.GSO,.and.any.sequence.of.frame
1bb60	73 20 73 65 67 6d 65 6e 74 65 64 20 62 79 20 47 53 4f 20 73 68 6f 75 6c 64 20 62 65 20 61 62 6c	s.segmented.by.GSO.should.be.abl
1bb80	65 20 74 6f 20 62 65 20 72 65 61 73 73 65 6d 62 6c 65 64 20 62 61 63 6b 20 74 6f 20 74 68 65 20	e.to.be.reassembled.back.to.the.
1bba0	6f 72 69 67 69 6e 61 6c 20 62 79 20 47 52 4f 2e 20 54 68 65 20 6f 6e 6c 79 20 65 78 63 65 70 74	original.by.GRO..The.only.except
1bbc0	69 6f 6e 20 74 6f 20 74 68 69 73 20 69 73 20 49 50 76 34 20 49 44 20 69 6e 20 74 68 65 20 63 61	ion.to.this.is.IPv4.ID.in.the.ca
1bbe0	73 65 20 74 68 61 74 20 74 68 65 20 44 46 20 62 69 74 20 69 73 20 73 65 74 20 66 6f 72 20 61 20	se.that.the.DF.bit.is.set.for.a.
1bc00	67 69 76 65 6e 20 49 50 20 68 65 61 64 65 72 2e 20 49 66 20 74 68 65 20 76 61 6c 75 65 20 6f 66	given.IP.header..If.the.value.of
1bc20	20 74 68 65 20 49 50 76 34 20 49 44 20 69 73 20 6e 6f 74 20 73 65 71 75 65 6e 74 69 61 6c 6c 79	.the.IPv4.ID.is.not.sequentially
1bc40	20 69 6e 63 72 65 6d 65 6e 74 69 6e 67 20 69 74 20 77 69 6c 6c 20 62 65 20 61 6c 74 65 72 65 64	.incrementing.it.will.be.altered
1bc60	20 73 6f 20 74 68 61 74 20 69 74 20 69 73 20 77 68 65 6e 20 61 20 66 72 61 6d 65 20 61 73 73 65	.so.that.it.is.when.a.frame.asse
1bc80	6d 62 6c 65 64 20 76 69 61 20 47 52 4f 20 69 73 20 73 65 67 6d 65 6e 74 65 64 20 76 69 61 20 47	mbled.via.GRO.is.segmented.via.G
1bca0	53 4f 2e 00 3a 61 62 62 72 3a 60 47 53 4f 20 28 47 65 6e 65 72 69 63 20 53 65 67 6d 65 6e 74 61	SO..:abbr:`GSO.(Generic.Segmenta
1bcc0	74 69 6f 6e 20 4f 66 66 6c 6f 61 64 29 60 20 69 73 20 61 20 70 75 72 65 20 73 6f 66 74 77 61 72	tion.Offload)`.is.a.pure.softwar
1bce0	65 20 6f 66 66 6c 6f 61 64 20 74 68 61 74 20 69 73 20 6d 65 61 6e 74 20 74 6f 20 64 65 61 6c 20	e.offload.that.is.meant.to.deal.
1bd00	77 69 74 68 20 63 61 73 65 73 20 77 68 65 72 65 20 64 65 76 69 63 65 20 64 72 69 76 65 72 73 20	with.cases.where.device.drivers.
1bd20	63 61 6e 6e 6f 74 20 70 65 72 66 6f 72 6d 20 74 68 65 20 6f 66 66 6c 6f 61 64 73 20 64 65 73 63	cannot.perform.the.offloads.desc
1bd40	72 69 62 65 64 20 61 62 6f 76 65 2e 20 57 68 61 74 20 6f 63 63 75 72 73 20 69 6e 20 47 53 4f 20	ribed.above..What.occurs.in.GSO.
1bd60	69 73 20 74 68 61 74 20 61 20 67 69 76 65 6e 20 73 6b 62 75 66 66 20 77 69 6c 6c 20 68 61 76 65	is.that.a.given.skbuff.will.have
1bd80	20 69 74 73 20 64 61 74 61 20 62 72 6f 6b 65 6e 20 6f 75 74 20 6f 76 65 72 20 6d 75 6c 74 69 70	.its.data.broken.out.over.multip
1bda0	6c 65 20 73 6b 62 75 66 66 73 20 74 68 61 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 73 69 7a 65	le.skbuffs.that.have.been.resize
1bdc0	64 20 74 6f 20 6d 61 74 63 68 20 74 68 65 20 4d 53 53 20 70 72 6f 76 69 64 65 64 20 76 69 61 20	d.to.match.the.MSS.provided.via.
1bde0	73 6b 62 5f 73 68 69 6e 66 6f 28 29 2d 3e 67 73 6f 5f 73 69 7a 65 2e 00 3a 61 62 62 72 3a 60 49	skb_shinfo()->gso_size..:abbr:`I
1be00	47 4d 50 20 28 49 6e 74 65 72 6e 65 74 20 47 72 6f 75 70 20 4d 61 6e 61 67 65 6d 65 6e 74 20 50	GMP.(Internet.Group.Management.P
1be20	72 6f 74 6f 63 6f 6c 29 60 20 70 72 6f 78 79 20 73 65 6e 64 73 20 49 47 4d 50 20 68 6f 73 74 20	rotocol)`.proxy.sends.IGMP.host.
1be40	6d 65 73 73 61 67 65 73 20 6f 6e 20 62 65 68 61 6c 66 20 6f 66 20 61 20 63 6f 6e 6e 65 63 74 65	messages.on.behalf.of.a.connecte
1be60	64 20 63 6c 69 65 6e 74 2e 20 54 68 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6d 75 73 74	d.client..The.configuration.must
1be80	20 64 65 66 69 6e 65 20 6f 6e 65 2c 20 61 6e 64 20 6f 6e 6c 79 20 6f 6e 65 20 75 70 73 74 72 65	.define.one,.and.only.one.upstre
1bea0	61 6d 20 69 6e 74 65 72 66 61 63 65 2c 20 61 6e 64 20 6f 6e 65 20 6f 72 20 6d 6f 72 65 20 64 6f	am.interface,.and.one.or.more.do
1bec0	77 6e 73 74 72 65 61 6d 20 69 6e 74 65 72 66 61 63 65 73 2e 00 3a 61 62 62 72 3a 60 49 50 53 65	wnstream.interfaces..:abbr:`IPSe
1bee0	63 20 28 49 50 20 53 65 63 75 72 69 74 79 29 60 20 2d 20 74 6f 6f 20 6d 61 6e 79 20 52 46 43 73	c.(IP.Security)`.-.too.many.RFCs
1bf00	20 74 6f 20 6c 69 73 74 2c 20 62 75 74 20 73 74 61 72 74 20 77 69 74 68 20 3a 72 66 63 3a 60 34	.to.list,.but.start.with.:rfc:`4
1bf20	33 30 31 60 00 3a 61 62 62 72 3a 60 49 53 2d 49 53 20 28 49 6e 74 65 72 6d 65 64 69 61 74 65 20	301`.:abbr:`IS-IS.(Intermediate.
1bf40	53 79 73 74 65 6d 20 74 6f 20 49 6e 74 65 72 6d 65 64 69 61 74 65 20 53 79 73 74 65 6d 29 60 20	System.to.Intermediate.System)`.
1bf60	69 73 20 61 20 6c 69 6e 6b 2d 73 74 61 74 65 20 69 6e 74 65 72 69 6f 72 20 67 61 74 65 77 61 79	is.a.link-state.interior.gateway
1bf80	20 70 72 6f 74 6f 63 6f 6c 20 28 49 47 50 29 20 77 68 69 63 68 20 69 73 20 64 65 73 63 72 69 62	.protocol.(IGP).which.is.describ
1bfa0	65 64 20 69 6e 20 49 53 4f 31 30 35 38 39 2c 20 3a 72 66 63 3a 60 31 31 39 35 60 2c 20 3a 72 66	ed.in.ISO10589,.:rfc:`1195`,.:rf
1bfc0	63 3a 60 35 33 30 38 60 2e 20 49 53 2d 49 53 20 72 75 6e 73 20 74 68 65 20 44 69 6a 6b 73 74 72	c:`5308`..IS-IS.runs.the.Dijkstr
1bfe0	61 20 73 68 6f 72 74 65 73 74 2d 70 61 74 68 20 66 69 72 73 74 20 28 53 50 46 29 20 61 6c 67 6f	a.shortest-path.first.(SPF).algo
1c000	72 69 74 68 6d 20 74 6f 20 63 72 65 61 74 65 20 61 20 64 61 74 61 62 61 73 65 20 6f 66 20 74 68	rithm.to.create.a.database.of.th
1c020	65 20 6e 65 74 77 6f 72 6b e2 80 99 73 20 74 6f 70 6f 6c 6f 67 79 2c 20 61 6e 64 20 66 72 6f 6d	e.network...s.topology,.and.from
1c040	20 74 68 61 74 20 64 61 74 61 62 61 73 65 20 74 6f 20 64 65 74 65 72 6d 69 6e 65 20 74 68 65 20	.that.database.to.determine.the.
1c060	62 65 73 74 20 28 74 68 61 74 20 69 73 2c 20 6c 6f 77 65 73 74 20 63 6f 73 74 29 20 70 61 74 68	best.(that.is,.lowest.cost).path
1c080	20 74 6f 20 61 20 64 65 73 74 69 6e 61 74 69 6f 6e 2e 20 54 68 65 20 69 6e 74 65 72 6d 65 64 69	.to.a.destination..The.intermedi
1c0a0	61 74 65 20 73 79 73 74 65 6d 73 20 28 74 68 65 20 6e 61 6d 65 20 66 6f 72 20 72 6f 75 74 65 72	ate.systems.(the.name.for.router
1c0c0	73 29 20 65 78 63 68 61 6e 67 65 20 74 6f 70 6f 6c 6f 67 79 20 69 6e 66 6f 72 6d 61 74 69 6f 6e	s).exchange.topology.information
1c0e0	20 77 69 74 68 20 74 68 65 69 72 20 64 69 72 65 63 74 6c 79 20 63 6f 6e 65 6e 63 74 65 64 20 6e	.with.their.directly.conencted.n
1c100	65 69 67 68 62 6f 72 73 2e 20 49 53 2d 49 53 20 72 75 6e 73 20 64 69 72 65 63 74 6c 79 20 6f 6e	eighbors..IS-IS.runs.directly.on
1c120	20 74 68 65 20 64 61 74 61 20 6c 69 6e 6b 20 6c 61 79 65 72 20 28 4c 61 79 65 72 20 32 29 2e 20	.the.data.link.layer.(Layer.2)..
1c140	49 53 2d 49 53 20 61 64 64 72 65 73 73 65 73 20 61 72 65 20 63 61 6c 6c 65 64 20 3a 61 62 62 72	IS-IS.addresses.are.called.:abbr
1c160	3a 60 4e 45 54 73 20 28 4e 65 74 77 6f 72 6b 20 45 6e 74 69 74 79 20 54 69 74 6c 65 73 29 60 20	:`NETs.(Network.Entity.Titles)`.
1c180	61 6e 64 20 63 61 6e 20 62 65 20 38 20 74 6f 20 32 30 20 62 79 74 65 73 20 6c 6f 6e 67 2c 20 62	and.can.be.8.to.20.bytes.long,.b
1c1a0	75 74 20 61 72 65 20 67 65 6e 65 72 61 6c 6c 79 20 31 30 20 62 79 74 65 73 20 6c 6f 6e 67 2e 20	ut.are.generally.10.bytes.long..
1c1c0	54 68 65 20 74 72 65 65 20 64 61 74 61 62 61 73 65 20 74 68 61 74 20 69 73 20 63 72 65 61 74 65	The.tree.database.that.is.create
1c1e0	64 20 77 69 74 68 20 49 53 2d 49 53 20 69 73 20 73 69 6d 69 6c 61 72 20 74 6f 20 74 68 65 20 6f	d.with.IS-IS.is.similar.to.the.o
1c200	6e 65 20 74 68 61 74 20 69 73 20 63 72 65 61 74 65 64 20 77 69 74 68 20 4f 53 50 46 20 69 6e 20	ne.that.is.created.with.OSPF.in.
1c220	74 68 61 74 20 74 68 65 20 70 61 74 68 73 20 63 68 6f 73 65 6e 20 73 68 6f 75 6c 64 20 62 65 20	that.the.paths.chosen.should.be.
1c240	73 69 6d 69 6c 61 72 2e 20 43 6f 6d 70 61 72 69 73 6f 6e 73 20 74 6f 20 4f 53 50 46 20 61 72 65	similar..Comparisons.to.OSPF.are
1c260	20 69 6e 65 76 69 74 61 62 6c 65 20 61 6e 64 20 6f 66 74 65 6e 20 61 72 65 20 72 65 61 73 6f 6e	.inevitable.and.often.are.reason
1c280	61 62 6c 65 20 6f 6e 65 73 20 74 6f 20 6d 61 6b 65 20 69 6e 20 72 65 67 61 72 64 73 20 74 6f 20	able.ones.to.make.in.regards.to.
1c2a0	74 68 65 20 77 61 79 20 61 20 6e 65 74 77 6f 72 6b 20 77 69 6c 6c 20 72 65 73 70 6f 6e 64 20 77	the.way.a.network.will.respond.w
1c2c0	69 74 68 20 65 69 74 68 65 72 20 49 47 50 2e 00 3a 61 62 62 72 3a 60 4c 33 56 50 4e 20 56 52 46	ith.either.IGP..:abbr:`L3VPN.VRF
1c2e0	73 20 28 20 4c 61 79 65 72 20 33 20 56 69 72 74 75 61 6c 20 50 72 69 76 61 74 65 20 4e 65 74 77	s.(.Layer.3.Virtual.Private.Netw
1c300	6f 72 6b 73 20 29 60 20 62 67 70 64 20 73 75 70 70 6f 72 74 73 20 66 6f 72 20 49 50 76 34 20 52	orks.)`.bgpd.supports.for.IPv4.R
1c320	46 43 20 34 33 36 34 20 61 6e 64 20 49 50 76 36 20 52 46 43 20 34 36 35 39 2e 20 4c 33 56 50 4e	FC.4364.and.IPv6.RFC.4659..L3VPN
1c340	20 72 6f 75 74 65 73 2c 20 61 6e 64 20 74 68 65 69 72 20 61 73 73 6f 63 69 61 74 65 64 20 56 52	.routes,.and.their.associated.VR
1c360	46 20 4d 50 4c 53 20 6c 61 62 65 6c 73 2c 20 63 61 6e 20 62 65 20 64 69 73 74 72 69 62 75 74 65	F.MPLS.labels,.can.be.distribute
1c380	64 20 74 6f 20 56 50 4e 20 53 41 46 49 20 6e 65 69 67 68 62 6f 72 73 20 69 6e 20 74 68 65 20 64	d.to.VPN.SAFI.neighbors.in.the.d
1c3a0	65 66 61 75 6c 74 2c 20 69 2e 65 2e 2c 20 6e 6f 6e 20 56 52 46 2c 20 42 47 50 20 69 6e 73 74 61	efault,.i.e.,.non.VRF,.BGP.insta
1c3c0	6e 63 65 2e 20 56 52 46 20 4d 50 4c 53 20 6c 61 62 65 6c 73 20 61 72 65 20 72 65 61 63 68 65 64	nce..VRF.MPLS.labels.are.reached
1c3e0	20 75 73 69 6e 67 20 63 6f 72 65 20 4d 50 4c 53 20 6c 61 62 65 6c 73 20 77 68 69 63 68 20 61 72	.using.core.MPLS.labels.which.ar
1c400	65 20 64 69 73 74 72 69 62 75 74 65 64 20 75 73 69 6e 67 20 4c 44 50 20 6f 72 20 42 47 50 20 6c	e.distributed.using.LDP.or.BGP.l
1c420	61 62 65 6c 65 64 20 75 6e 69 63 61 73 74 2e 20 62 67 70 64 20 61 6c 73 6f 20 73 75 70 70 6f 72	abeled.unicast..bgpd.also.suppor
1c440	74 73 20 69 6e 74 65 72 2d 56 52 46 20 72 6f 75 74 65 20 6c 65 61 6b 69 6e 67 2e 00 3a 61 62 62	ts.inter-VRF.route.leaking..:abb
1c460	72 3a 60 4c 44 50 20 28 4c 61 62 65 6c 20 44 69 73 74 72 69 62 75 74 69 6f 6e 20 50 72 6f 74 6f	r:`LDP.(Label.Distribution.Proto
1c480	63 6f 6c 29 60 20 69 73 20 61 20 54 43 50 20 62 61 73 65 64 20 4d 50 4c 53 20 73 69 67 6e 61 6c	col)`.is.a.TCP.based.MPLS.signal
1c4a0	69 6e 67 20 70 72 6f 74 6f 63 6f 6c 20 74 68 61 74 20 64 69 73 74 72 69 62 75 74 65 73 20 6c 61	ing.protocol.that.distributes.la
1c4c0	62 65 6c 73 20 63 72 65 61 74 69 6e 67 20 4d 50 4c 53 20 6c 61 62 65 6c 20 73 77 69 74 63 68 65	bels.creating.MPLS.label.switche
1c4e0	64 20 70 61 74 68 73 20 69 6e 20 61 20 64 79 6e 61 6d 69 63 20 6d 61 6e 6e 65 72 2e 20 4c 44 50	d.paths.in.a.dynamic.manner..LDP
1c500	20 69 73 20 6e 6f 74 20 61 20 72 6f 75 74 69 6e 67 20 70 72 6f 74 6f 63 6f 6c 2c 20 61 73 20 69	.is.not.a.routing.protocol,.as.i
1c520	74 20 72 65 6c 69 65 73 20 6f 6e 20 6f 74 68 65 72 20 72 6f 75 74 69 6e 67 20 70 72 6f 74 6f 63	t.relies.on.other.routing.protoc
1c540	6f 6c 73 20 66 6f 72 20 66 6f 72 77 61 72 64 69 6e 67 20 64 65 63 69 73 69 6f 6e 73 2e 20 4c 44	ols.for.forwarding.decisions..LD
1c560	50 20 63 61 6e 6e 6f 74 20 62 6f 6f 74 73 74 72 61 70 20 69 74 73 65 6c 66 2c 20 61 6e 64 20 74	P.cannot.bootstrap.itself,.and.t
1c580	68 65 72 65 66 6f 72 65 20 72 65 6c 69 65 73 20 6f 6e 20 73 61 69 64 20 72 6f 75 74 69 6e 67 20	herefore.relies.on.said.routing.
1c5a0	70 72 6f 74 6f 63 6f 6c 73 20 66 6f 72 20 63 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 20 77 69 74 68	protocols.for.communication.with
1c5c0	20 6f 74 68 65 72 20 72 6f 75 74 65 72 73 20 74 68 61 74 20 75 73 65 20 4c 44 50 2e 00 3a 61 62	.other.routers.that.use.LDP..:ab
1c5e0	62 72 3a 60 4c 4c 44 50 20 28 4c 69 6e 6b 20 4c 61 79 65 72 20 44 69 73 63 6f 76 65 72 79 20 50	br:`LLDP.(Link.Layer.Discovery.P
1c600	72 6f 74 6f 63 6f 6c 29 60 20 69 73 20 61 20 76 65 6e 64 6f 72 2d 6e 65 75 74 72 61 6c 20 6c 69	rotocol)`.is.a.vendor-neutral.li
1c620	6e 6b 20 6c 61 79 65 72 20 70 72 6f 74 6f 63 6f 6c 20 69 6e 20 74 68 65 20 49 6e 74 65 72 6e 65	nk.layer.protocol.in.the.Interne
1c640	74 20 50 72 6f 74 6f 63 6f 6c 20 53 75 69 74 65 20 75 73 65 64 20 62 79 20 6e 65 74 77 6f 72 6b	t.Protocol.Suite.used.by.network
1c660	20 64 65 76 69 63 65 73 20 66 6f 72 20 61 64 76 65 72 74 69 73 69 6e 67 20 74 68 65 69 72 20 69	.devices.for.advertising.their.i
1c680	64 65 6e 74 69 74 79 2c 20 63 61 70 61 62 69 6c 69 74 69 65 73 2c 20 61 6e 64 20 6e 65 69 67 68	dentity,.capabilities,.and.neigh
1c6a0	62 6f 72 73 20 6f 6e 20 61 6e 20 49 45 45 45 20 38 30 32 20 6c 6f 63 61 6c 20 61 72 65 61 20 6e	bors.on.an.IEEE.802.local.area.n
1c6c0	65 74 77 6f 72 6b 2c 20 70 72 69 6e 63 69 70 61 6c 6c 79 20 77 69 72 65 64 20 45 74 68 65 72 6e	etwork,.principally.wired.Ethern
1c6e0	65 74 2e 20 54 68 65 20 70 72 6f 74 6f 63 6f 6c 20 69 73 20 66 6f 72 6d 61 6c 6c 79 20 72 65 66	et..The.protocol.is.formally.ref
1c700	65 72 72 65 64 20 74 6f 20 62 79 20 74 68 65 20 49 45 45 45 20 61 73 20 53 74 61 74 69 6f 6e 20	erred.to.by.the.IEEE.as.Station.
1c720	61 6e 64 20 4d 65 64 69 61 20 41 63 63 65 73 73 20 43 6f 6e 74 72 6f 6c 20 43 6f 6e 6e 65 63 74	and.Media.Access.Control.Connect
1c740	69 76 69 74 79 20 44 69 73 63 6f 76 65 72 79 20 73 70 65 63 69 66 69 65 64 20 69 6e 20 49 45 45	ivity.Discovery.specified.in.IEE
1c760	45 20 38 30 32 2e 31 41 42 20 61 6e 64 20 49 45 45 45 20 38 30 32 2e 33 2d 32 30 31 32 20 73 65	E.802.1AB.and.IEEE.802.3-2012.se
1c780	63 74 69 6f 6e 20 36 20 63 6c 61 75 73 65 20 37 39 2e 00 3a 61 62 62 72 3a 60 4d 4b 41 20 28 4d	ction.6.clause.79..:abbr:`MKA.(M
1c7a0	41 43 73 65 63 20 4b 65 79 20 41 67 72 65 65 6d 65 6e 74 20 70 72 6f 74 6f 63 6f 6c 29 60 20 69	ACsec.Key.Agreement.protocol)`.i
1c7c0	73 20 75 73 65 64 20 74 6f 20 73 79 6e 63 68 72 6f 6e 69 7a 65 20 6b 65 79 73 20 62 65 74 77 65	s.used.to.synchronize.keys.betwe
1c7e0	65 6e 20 69 6e 64 69 76 69 64 75 61 6c 20 70 65 65 72 73 2e 00 3a 61 62 62 72 3a 60 4d 50 4c 53	en.individual.peers..:abbr:`MPLS
1c800	20 28 4d 75 6c 74 69 2d 50 72 6f 74 6f 63 6f 6c 20 4c 61 62 65 6c 20 53 77 69 74 63 68 69 6e 67	.(Multi-Protocol.Label.Switching
1c820	29 60 20 69 73 20 61 20 70 61 63 6b 65 74 20 66 6f 72 77 61 72 64 69 6e 67 20 70 61 72 61 64 69	)`.is.a.packet.forwarding.paradi
1c840	67 6d 20 77 68 69 63 68 20 64 69 66 66 65 72 73 20 66 72 6f 6d 20 72 65 67 75 6c 61 72 20 49 50	gm.which.differs.from.regular.IP
1c860	20 66 6f 72 77 61 72 64 69 6e 67 2e 20 49 6e 73 74 65 61 64 20 6f 66 20 49 50 20 61 64 64 72 65	.forwarding..Instead.of.IP.addre
1c880	73 73 65 73 20 62 65 69 6e 67 20 75 73 65 64 20 74 6f 20 6d 61 6b 65 20 74 68 65 20 64 65 63 69	sses.being.used.to.make.the.deci
1c8a0	73 69 6f 6e 20 6f 6e 20 66 69 6e 64 69 6e 67 20 74 68 65 20 65 78 69 74 20 69 6e 74 65 72 66 61	sion.on.finding.the.exit.interfa
1c8c0	63 65 2c 20 61 20 72 6f 75 74 65 72 20 77 69 6c 6c 20 69 6e 73 74 65 61 64 20 75 73 65 20 61 6e	ce,.a.router.will.instead.use.an
1c8e0	20 65 78 61 63 74 20 6d 61 74 63 68 20 6f 6e 20 61 20 33 32 20 62 69 74 2f 34 20 62 79 74 65 20	.exact.match.on.a.32.bit/4.byte.
1c900	68 65 61 64 65 72 20 63 61 6c 6c 65 64 20 74 68 65 20 4d 50 4c 53 20 6c 61 62 65 6c 2e 20 54 68	header.called.the.MPLS.label..Th
1c920	69 73 20 6c 61 62 65 6c 20 69 73 20 69 6e 73 65 72 74 65 64 20 62 65 74 77 65 65 6e 20 74 68 65	is.label.is.inserted.between.the
1c940	20 65 74 68 65 72 6e 65 74 20 28 6c 61 79 65 72 20 32 29 20 68 65 61 64 65 72 20 61 6e 64 20 74	.ethernet.(layer.2).header.and.t
1c960	68 65 20 49 50 20 28 6c 61 79 65 72 20 33 29 20 68 65 61 64 65 72 2e 20 4f 6e 65 20 63 61 6e 20	he.IP.(layer.3).header..One.can.
1c980	73 74 61 74 69 63 61 6c 6c 79 20 6f 72 20 64 79 6e 61 6d 69 63 61 6c 6c 79 20 61 73 73 69 67 6e	statically.or.dynamically.assign
1c9a0	20 6c 61 62 65 6c 20 61 6c 6c 6f 63 61 74 69 6f 6e 73 2c 20 62 75 74 20 77 65 20 77 69 6c 6c 20	.label.allocations,.but.we.will.
1c9c0	66 6f 63 75 73 20 6f 6e 20 64 79 6e 61 6d 69 63 20 61 6c 6c 6f 63 61 74 69 6f 6e 20 6f 66 20 6c	focus.on.dynamic.allocation.of.l
1c9e0	61 62 65 6c 73 20 75 73 69 6e 67 20 73 6f 6d 65 20 73 6f 72 74 20 6f 66 20 6c 61 62 65 6c 20 64	abels.using.some.sort.of.label.d
1ca00	69 73 74 72 69 62 75 74 69 6f 6e 20 70 72 6f 74 6f 63 6f 6c 20 28 73 75 63 68 20 61 73 20 74 68	istribution.protocol.(such.as.th
1ca20	65 20 61 70 74 6c 79 20 6e 61 6d 65 64 20 4c 61 62 65 6c 20 44 69 73 74 72 69 62 75 74 69 6f 6e	e.aptly.named.Label.Distribution
1ca40	20 50 72 6f 74 6f 63 6f 6c 20 2f 20 4c 44 50 2c 20 52 65 73 6f 75 72 63 65 20 52 65 73 65 72 76	.Protocol./.LDP,.Resource.Reserv
1ca60	61 74 69 6f 6e 20 50 72 6f 74 6f 63 6f 6c 20 2f 20 52 53 56 50 2c 20 6f 72 20 53 65 67 6d 65 6e	ation.Protocol./.RSVP,.or.Segmen
1ca80	74 20 52 6f 75 74 69 6e 67 20 74 68 72 6f 75 67 68 20 4f 53 50 46 2f 49 53 49 53 29 2e 20 54 68	t.Routing.through.OSPF/ISIS)..Th
1caa0	65 73 65 20 70 72 6f 74 6f 63 6f 6c 73 20 61 6c 6c 6f 77 20 66 6f 72 20 74 68 65 20 63 72 65 61	ese.protocols.allow.for.the.crea
1cac0	74 69 6f 6e 20 6f 66 20 61 20 75 6e 69 64 69 72 65 63 74 69 6f 6e 61 6c 2f 75 6e 69 63 61 73 74	tion.of.a.unidirectional/unicast
1cae0	20 70 61 74 68 20 63 61 6c 6c 65 64 20 61 20 6c 61 62 65 6c 65 64 20 73 77 69 74 63 68 65 64 20	.path.called.a.labeled.switched.
1cb00	70 61 74 68 20 28 69 6e 69 74 69 61 6c 69 7a 65 64 20 61 73 20 4c 53 50 29 20 74 68 72 6f 75 67	path.(initialized.as.LSP).throug
1cb20	68 6f 75 74 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 74 68 61 74 20 6f 70 65 72 61 74 65 73 20 76	hout.the.network.that.operates.v
1cb40	65 72 79 20 6d 75 63 68 20 6c 69 6b 65 20 61 20 74 75 6e 6e 65 6c 20 74 68 72 6f 75 67 68 20 74	ery.much.like.a.tunnel.through.t
1cb60	68 65 20 6e 65 74 77 6f 72 6b 2e 20 41 6e 20 65 61 73 79 20 77 61 79 20 6f 66 20 74 68 69 6e 6b	he.network..An.easy.way.of.think
1cb80	69 6e 67 20 61 62 6f 75 74 20 68 6f 77 20 61 6e 20 4d 50 4c 53 20 4c 53 50 20 61 63 74 75 61 6c	ing.about.how.an.MPLS.LSP.actual
1cba0	6c 79 20 66 6f 72 77 61 72 64 73 20 74 72 61 66 66 69 63 20 74 68 72 6f 75 67 68 6f 75 74 20 61	ly.forwards.traffic.throughout.a
1cbc0	20 6e 65 74 77 6f 72 6b 20 69 73 20 74 6f 20 74 68 69 6e 6b 20 6f 66 20 61 20 47 52 45 20 74 75	.network.is.to.think.of.a.GRE.tu
1cbe0	6e 6e 65 6c 2e 20 54 68 65 79 20 61 72 65 20 6e 6f 74 20 74 68 65 20 73 61 6d 65 20 69 6e 20 68	nnel..They.are.not.the.same.in.h
1cc00	6f 77 20 74 68 65 79 20 6f 70 65 72 61 74 65 2c 20 62 75 74 20 74 68 65 79 20 61 72 65 20 74 68	ow.they.operate,.but.they.are.th
1cc20	65 20 73 61 6d 65 20 69 6e 20 68 6f 77 20 74 68 65 79 20 68 61 6e 64 6c 65 20 74 68 65 20 74 75	e.same.in.how.they.handle.the.tu
1cc40	6e 6e 65 6c 65 64 20 70 61 63 6b 65 74 2e 20 49 74 20 77 6f 75 6c 64 20 62 65 20 67 6f 6f 64 20	nneled.packet..It.would.be.good.
1cc60	74 6f 20 74 68 69 6e 6b 20 6f 66 20 4d 50 4c 53 20 61 73 20 61 20 74 75 6e 6e 65 6c 69 6e 67 20	to.think.of.MPLS.as.a.tunneling.
1cc80	74 65 63 68 6e 6f 6c 6f 67 79 20 74 68 61 74 20 63 61 6e 20 62 65 20 75 73 65 64 20 74 6f 20 74	technology.that.can.be.used.to.t
1cca0	72 61 6e 73 70 6f 72 74 20 6d 61 6e 79 20 64 69 66 66 65 72 65 6e 74 20 74 79 70 65 73 20 6f 66	ransport.many.different.types.of
1ccc0	20 70 61 63 6b 65 74 73 2c 20 74 6f 20 61 69 64 20 69 6e 20 74 72 61 66 66 69 63 20 65 6e 67 69	.packets,.to.aid.in.traffic.engi
1cce0	6e 65 65 72 69 6e 67 20 62 79 20 61 6c 6c 6f 77 69 6e 67 20 6f 6e 65 20 74 6f 20 73 70 65 63 69	neering.by.allowing.one.to.speci
1cd00	66 79 20 70 61 74 68 73 20 74 68 72 6f 75 67 68 6f 75 74 20 74 68 65 20 6e 65 74 77 6f 72 6b 20	fy.paths.throughout.the.network.
1cd20	28 75 73 69 6e 67 20 52 53 56 50 20 6f 72 20 53 52 29 2c 20 61 6e 64 20 74 6f 20 67 65 6e 65 72	(using.RSVP.or.SR),.and.to.gener
1cd40	61 6c 6c 79 20 61 6c 6c 6f 77 20 66 6f 72 20 65 61 73 69 65 72 20 69 6e 74 72 61 2f 69 6e 74 65	ally.allow.for.easier.intra/inte
1cd60	72 20 6e 65 74 77 6f 72 6b 20 74 72 61 6e 73 70 6f 72 74 20 6f 66 20 64 61 74 61 20 70 61 63 6b	r.network.transport.of.data.pack
1cd80	65 74 73 2e 00 3a 61 62 62 72 3a 60 4e 41 54 20 28 4e 65 74 77 6f 72 6b 20 41 64 64 72 65 73 73	ets..:abbr:`NAT.(Network.Address
1cda0	20 54 72 61 6e 73 6c 61 74 69 6f 6e 29 60 20 69 73 20 61 20 63 6f 6d 6d 6f 6e 20 6d 65 74 68 6f	.Translation)`.is.a.common.metho
1cdc0	64 20 6f 66 20 72 65 6d 61 70 70 69 6e 67 20 6f 6e 65 20 49 50 20 61 64 64 72 65 73 73 20 73 70	d.of.remapping.one.IP.address.sp
1cde0	61 63 65 20 69 6e 74 6f 20 61 6e 6f 74 68 65 72 20 62 79 20 6d 6f 64 69 66 79 69 6e 67 20 6e 65	ace.into.another.by.modifying.ne
1ce00	74 77 6f 72 6b 20 61 64 64 72 65 73 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 69 6e 20 74 68 65	twork.address.information.in.the
1ce20	20 49 50 20 68 65 61 64 65 72 20 6f 66 20 70 61 63 6b 65 74 73 20 77 68 69 6c 65 20 74 68 65 79	.IP.header.of.packets.while.they
1ce40	20 61 72 65 20 69 6e 20 74 72 61 6e 73 69 74 20 61 63 72 6f 73 73 20 61 20 74 72 61 66 66 69 63	.are.in.transit.across.a.traffic
1ce60	20 72 6f 75 74 69 6e 67 20 64 65 76 69 63 65 2e 20 54 68 65 20 74 65 63 68 6e 69 71 75 65 20 77	.routing.device..The.technique.w
1ce80	61 73 20 6f 72 69 67 69 6e 61 6c 6c 79 20 75 73 65 64 20 61 73 20 61 20 73 68 6f 72 74 63 75 74	as.originally.used.as.a.shortcut
1cea0	20 74 6f 20 61 76 6f 69 64 20 74 68 65 20 6e 65 65 64 20 74 6f 20 72 65 61 64 64 72 65 73 73 20	.to.avoid.the.need.to.readdress.
1cec0	65 76 65 72 79 20 68 6f 73 74 20 77 68 65 6e 20 61 20 6e 65 74 77 6f 72 6b 20 77 61 73 20 6d 6f	every.host.when.a.network.was.mo
1cee0	76 65 64 2e 20 49 74 20 68 61 73 20 62 65 63 6f 6d 65 20 61 20 70 6f 70 75 6c 61 72 20 61 6e 64	ved..It.has.become.a.popular.and
1cf00	20 65 73 73 65 6e 74 69 61 6c 20 74 6f 6f 6c 20 69 6e 20 63 6f 6e 73 65 72 76 69 6e 67 20 67 6c	.essential.tool.in.conserving.gl
1cf20	6f 62 61 6c 20 61 64 64 72 65 73 73 20 73 70 61 63 65 20 69 6e 20 74 68 65 20 66 61 63 65 20 6f	obal.address.space.in.the.face.o
1cf40	66 20 49 50 76 34 20 61 64 64 72 65 73 73 20 65 78 68 61 75 73 74 69 6f 6e 2e 20 4f 6e 65 20 49	f.IPv4.address.exhaustion..One.I
1cf60	6e 74 65 72 6e 65 74 2d 72 6f 75 74 61 62 6c 65 20 49 50 20 61 64 64 72 65 73 73 20 6f 66 20 61	nternet-routable.IP.address.of.a
1cf80	20 4e 41 54 20 67 61 74 65 77 61 79 20 63 61 6e 20 62 65 20 75 73 65 64 20 66 6f 72 20 61 6e 20	.NAT.gateway.can.be.used.for.an.
1cfa0	65 6e 74 69 72 65 20 70 72 69 76 61 74 65 20 6e 65 74 77 6f 72 6b 2e 00 3a 61 62 62 72 3a 60 4e	entire.private.network..:abbr:`N
1cfc0	41 54 20 28 4e 65 74 77 6f 72 6b 20 41 64 64 72 65 73 73 20 54 72 61 6e 73 6c 61 74 69 6f 6e 29	AT.(Network.Address.Translation)
1cfe0	60 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 65 6e 74 69 72 65 6c 79 20 6f 6e 20 61 20 73 65	`.is.configured.entirely.on.a.se
1d000	72 69 65 73 20 6f 66 20 73 6f 20 63 61 6c 6c 65 64 20 60 72 75 6c 65 73 60 2e 20 52 75 6c 65 73	ries.of.so.called.`rules`..Rules
1d020	20 61 72 65 20 6e 75 6d 62 65 72 65 64 20 61 6e 64 20 65 76 61 6c 75 61 74 65 64 20 62 79 20 74	.are.numbered.and.evaluated.by.t
1d040	68 65 20 75 6e 64 65 72 6c 79 69 6e 67 20 4f 53 20 69 6e 20 6e 75 6d 65 72 69 63 61 6c 20 6f 72	he.underlying.OS.in.numerical.or
1d060	64 65 72 21 20 54 68 65 20 72 75 6c 65 20 6e 75 6d 62 65 72 73 20 63 61 6e 20 62 65 20 63 68 61	der!.The.rule.numbers.can.be.cha
1d080	6e 67 65 73 20 62 79 20 75 74 69 6c 69 7a 69 6e 67 20 74 68 65 20 3a 63 66 67 63 6d 64 3a 60 72	nges.by.utilizing.the.:cfgcmd:`r
1d0a0	65 6e 61 6d 65 60 20 61 6e 64 20 3a 63 66 67 63 6d 64 3a 60 63 6f 70 79 60 20 63 6f 6d 6d 61 6e	ename`.and.:cfgcmd:`copy`.comman
1d0c0	64 73 2e 00 3a 61 62 62 72 3a 60 4e 45 54 20 28 4e 65 74 77 6f 72 6b 20 45 6e 74 69 74 79 20 54	ds..:abbr:`NET.(Network.Entity.T
1d0e0	69 74 6c 65 29 60 20 73 65 6c 65 63 74 6f 72 3a 20 60 60 30 30 60 60 20 4d 75 73 74 20 61 6c 77	itle)`.selector:.``00``.Must.alw
1d100	61 79 73 20 62 65 20 30 30 2e 20 54 68 69 73 20 73 65 74 74 69 6e 67 20 69 6e 64 69 63 61 74 65	ays.be.00..This.setting.indicate
1d120	73 20 22 74 68 69 73 20 73 79 73 74 65 6d 22 20 6f 72 20 22 6c 6f 63 61 6c 20 73 79 73 74 65 6d	s."this.system".or."local.system
1d140	2e 22 00 3a 61 62 62 72 3a 60 4e 48 52 50 20 28 4e 65 78 74 20 48 6f 70 20 52 65 73 6f 6c 75 74	.".:abbr:`NHRP.(Next.Hop.Resolut
1d160	69 6f 6e 20 50 72 6f 74 6f 63 6f 6c 29 60 20 3a 72 66 63 3a 60 32 33 33 32 60 00 3a 61 62 62 72	ion.Protocol)`.:rfc:`2332`.:abbr
1d180	3a 60 4e 50 54 76 36 20 28 49 50 76 36 2d 74 6f 2d 49 50 76 36 20 4e 65 74 77 6f 72 6b 20 50 72	:`NPTv6.(IPv6-to-IPv6.Network.Pr
1d1a0	65 66 69 78 20 54 72 61 6e 73 6c 61 74 69 6f 6e 29 60 20 69 73 20 61 6e 20 61 64 64 72 65 73 73	efix.Translation)`.is.an.address
1d1c0	20 74 72 61 6e 73 6c 61 74 69 6f 6e 20 74 65 63 68 6e 6f 6c 6f 67 79 20 62 61 73 65 64 20 6f 6e	.translation.technology.based.on
1d1e0	20 49 50 76 36 20 6e 65 74 77 6f 72 6b 73 2c 20 75 73 65 64 20 74 6f 20 63 6f 6e 76 65 72 74 20	.IPv6.networks,.used.to.convert.
1d200	61 6e 20 49 50 76 36 20 61 64 64 72 65 73 73 20 70 72 65 66 69 78 20 69 6e 20 61 6e 20 49 50 76	an.IPv6.address.prefix.in.an.IPv
1d220	36 20 6d 65 73 73 61 67 65 20 69 6e 74 6f 20 61 6e 6f 74 68 65 72 20 49 50 76 36 20 61 64 64 72	6.message.into.another.IPv6.addr
1d240	65 73 73 20 70 72 65 66 69 78 2e 20 57 65 20 63 61 6c 6c 20 74 68 69 73 20 61 64 64 72 65 73 73	ess.prefix..We.call.this.address
1d260	20 74 72 61 6e 73 6c 61 74 69 6f 6e 20 6d 65 74 68 6f 64 20 4e 41 54 36 36 2e 20 44 65 76 69 63	.translation.method.NAT66..Devic
1d280	65 73 20 74 68 61 74 20 73 75 70 70 6f 72 74 20 74 68 65 20 4e 41 54 36 36 20 66 75 6e 63 74 69	es.that.support.the.NAT66.functi
1d2a0	6f 6e 20 61 72 65 20 63 61 6c 6c 65 64 20 4e 41 54 36 36 20 64 65 76 69 63 65 73 2c 20 77 68 69	on.are.called.NAT66.devices,.whi
1d2c0	63 68 20 63 61 6e 20 70 72 6f 76 69 64 65 20 4e 41 54 36 36 20 73 6f 75 72 63 65 20 61 6e 64 20	ch.can.provide.NAT66.source.and.
1d2e0	64 65 73 74 69 6e 61 74 69 6f 6e 20 61 64 64 72 65 73 73 20 74 72 61 6e 73 6c 61 74 69 6f 6e 20	destination.address.translation.
1d300	66 75 6e 63 74 69 6f 6e 73 2e 00 3a 61 62 62 72 3a 60 4e 54 50 20 28 4e 65 74 77 6f 72 6b 20 54	functions..:abbr:`NTP.(Network.T
1d320	69 6d 65 20 50 72 6f 74 6f 63 6f 6c 60 29 20 69 73 20 61 20 6e 65 74 77 6f 72 6b 69 6e 67 20 70	ime.Protocol`).is.a.networking.p
1d340	72 6f 74 6f 63 6f 6c 20 66 6f 72 20 63 6c 6f 63 6b 20 73 79 6e 63 68 72 6f 6e 69 7a 61 74 69 6f	rotocol.for.clock.synchronizatio
1d360	6e 20 62 65 74 77 65 65 6e 20 63 6f 6d 70 75 74 65 72 20 73 79 73 74 65 6d 73 20 6f 76 65 72 20	n.between.computer.systems.over.
1d380	70 61 63 6b 65 74 2d 73 77 69 74 63 68 65 64 2c 20 76 61 72 69 61 62 6c 65 2d 6c 61 74 65 6e 63	packet-switched,.variable-latenc
1d3a0	79 20 64 61 74 61 20 6e 65 74 77 6f 72 6b 73 2e 20 49 6e 20 6f 70 65 72 61 74 69 6f 6e 20 73 69	y.data.networks..In.operation.si
1d3c0	6e 63 65 20 62 65 66 6f 72 65 20 31 39 38 35 2c 20 4e 54 50 20 69 73 20 6f 6e 65 20 6f 66 20 74	nce.before.1985,.NTP.is.one.of.t
1d3e0	68 65 20 6f 6c 64 65 73 74 20 49 6e 74 65 72 6e 65 74 20 70 72 6f 74 6f 63 6f 6c 73 20 69 6e 20	he.oldest.Internet.protocols.in.
1d400	63 75 72 72 65 6e 74 20 75 73 65 2e 00 3a 61 62 62 72 3a 60 4f 53 50 46 20 28 4f 70 65 6e 20 53	current.use..:abbr:`OSPF.(Open.S
1d420	68 6f 72 74 65 73 74 20 50 61 74 68 20 46 69 72 73 74 29 60 20 69 73 20 61 20 72 6f 75 74 69 6e	hortest.Path.First)`.is.a.routin
1d440	67 20 70 72 6f 74 6f 63 6f 6c 20 66 6f 72 20 49 6e 74 65 72 6e 65 74 20 50 72 6f 74 6f 63 6f 6c	g.protocol.for.Internet.Protocol
1d460	20 28 49 50 29 20 6e 65 74 77 6f 72 6b 73 2e 20 49 74 20 75 73 65 73 20 61 20 6c 69 6e 6b 20 73	.(IP).networks..It.uses.a.link.s
1d480	74 61 74 65 20 72 6f 75 74 69 6e 67 20 28 4c 53 52 29 20 61 6c 67 6f 72 69 74 68 6d 20 61 6e 64	tate.routing.(LSR).algorithm.and
1d4a0	20 66 61 6c 6c 73 20 69 6e 74 6f 20 74 68 65 20 67 72 6f 75 70 20 6f 66 20 69 6e 74 65 72 69 6f	.falls.into.the.group.of.interio
1d4c0	72 20 67 61 74 65 77 61 79 20 70 72 6f 74 6f 63 6f 6c 73 20 28 49 47 50 73 29 2c 20 6f 70 65 72	r.gateway.protocols.(IGPs),.oper
1d4e0	61 74 69 6e 67 20 77 69 74 68 69 6e 20 61 20 73 69 6e 67 6c 65 20 61 75 74 6f 6e 6f 6d 6f 75 73	ating.within.a.single.autonomous
1d500	20 73 79 73 74 65 6d 20 28 41 53 29 2e 20 49 74 20 69 73 20 64 65 66 69 6e 65 64 20 61 73 20 4f	.system.(AS)..It.is.defined.as.O
1d520	53 50 46 20 56 65 72 73 69 6f 6e 20 32 20 69 6e 20 3a 72 66 63 3a 60 32 33 32 38 60 20 28 31 39	SPF.Version.2.in.:rfc:`2328`.(19
1d540	39 38 29 20 66 6f 72 20 49 50 76 34 2e 20 55 70 64 61 74 65 73 20 66 6f 72 20 49 50 76 36 20 61	98).for.IPv4..Updates.for.IPv6.a
1d560	72 65 20 73 70 65 63 69 66 69 65 64 20 61 73 20 4f 53 50 46 20 56 65 72 73 69 6f 6e 20 33 20 69	re.specified.as.OSPF.Version.3.i
1d580	6e 20 3a 72 66 63 3a 60 35 33 34 30 60 20 28 32 30 30 38 29 2e 20 4f 53 50 46 20 73 75 70 70 6f	n.:rfc:`5340`.(2008)..OSPF.suppo
1d5a0	72 74 73 20 74 68 65 20 3a 61 62 62 72 3a 60 43 49 44 52 20 28 43 6c 61 73 73 6c 65 73 73 20 49	rts.the.:abbr:`CIDR.(Classless.I
1d5c0	6e 74 65 72 2d 44 6f 6d 61 69 6e 20 52 6f 75 74 69 6e 67 29 60 20 61 64 64 72 65 73 73 69 6e 67	nter-Domain.Routing)`.addressing
1d5e0	20 6d 6f 64 65 6c 2e 00 3a 61 62 62 72 3a 60 50 50 50 6f 45 20 28 50 6f 69 6e 74 2d 74 6f 2d 50	.model..:abbr:`PPPoE.(Point-to-P
1d600	6f 69 6e 74 20 50 72 6f 74 6f 63 6f 6c 20 6f 76 65 72 20 45 74 68 65 72 6e 65 74 29 60 20 69 73	oint.Protocol.over.Ethernet)`.is
1d620	20 61 20 6e 65 74 77 6f 72 6b 20 70 72 6f 74 6f 63 6f 6c 20 66 6f 72 20 65 6e 63 61 70 73 75 6c	.a.network.protocol.for.encapsul
1d640	61 74 69 6e 67 20 50 50 50 20 66 72 61 6d 65 73 20 69 6e 73 69 64 65 20 45 74 68 65 72 6e 65 74	ating.PPP.frames.inside.Ethernet
1d660	20 66 72 61 6d 65 73 2e 20 49 74 20 61 70 70 65 61 72 65 64 20 69 6e 20 31 39 39 39 2c 20 69 6e	.frames..It.appeared.in.1999,.in
1d680	20 74 68 65 20 63 6f 6e 74 65 78 74 20 6f 66 20 74 68 65 20 62 6f 6f 6d 20 6f 66 20 44 53 4c 20	.the.context.of.the.boom.of.DSL.
1d6a0	61 73 20 74 68 65 20 73 6f 6c 75 74 69 6f 6e 20 66 6f 72 20 74 75 6e 6e 65 6c 69 6e 67 20 70 61	as.the.solution.for.tunneling.pa
1d6c0	63 6b 65 74 73 20 6f 76 65 72 20 74 68 65 20 44 53 4c 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 74 6f	ckets.over.the.DSL.connection.to
1d6e0	20 74 68 65 20 3a 61 62 62 72 3a 60 49 53 50 73 20 28 49 6e 74 65 72 6e 65 74 20 53 65 72 76 69	.the.:abbr:`ISPs.(Internet.Servi
1d700	63 65 20 50 72 6f 76 69 64 65 72 73 29 60 20 49 50 20 6e 65 74 77 6f 72 6b 2c 20 61 6e 64 20 66	ce.Providers)`.IP.network,.and.f
1d720	72 6f 6d 20 74 68 65 72 65 20 74 6f 20 74 68 65 20 72 65 73 74 20 6f 66 20 74 68 65 20 49 6e 74	rom.there.to.the.rest.of.the.Int
1d740	65 72 6e 65 74 2e 20 41 20 32 30 30 35 20 6e 65 74 77 6f 72 6b 69 6e 67 20 62 6f 6f 6b 20 6e 6f	ernet..A.2005.networking.book.no
1d760	74 65 64 20 74 68 61 74 20 22 4d 6f 73 74 20 44 53 4c 20 70 72 6f 76 69 64 65 72 73 20 75 73 65	ted.that."Most.DSL.providers.use
1d780	20 50 50 50 6f 45 2c 20 77 68 69 63 68 20 70 72 6f 76 69 64 65 73 20 61 75 74 68 65 6e 74 69 63	.PPPoE,.which.provides.authentic
1d7a0	61 74 69 6f 6e 2c 20 65 6e 63 72 79 70 74 69 6f 6e 2c 20 61 6e 64 20 63 6f 6d 70 72 65 73 73 69	ation,.encryption,.and.compressi
1d7c0	6f 6e 2e 22 20 54 79 70 69 63 61 6c 20 75 73 65 20 6f 66 20 50 50 50 6f 45 20 69 6e 76 6f 6c 76	on.".Typical.use.of.PPPoE.involv
1d7e0	65 73 20 6c 65 76 65 72 61 67 69 6e 67 20 74 68 65 20 50 50 50 20 66 61 63 69 6c 69 74 69 65 73	es.leveraging.the.PPP.facilities
1d800	20 66 6f 72 20 61 75 74 68 65 6e 74 69 63 61 74 69 6e 67 20 74 68 65 20 75 73 65 72 20 77 69 74	.for.authenticating.the.user.wit
1d820	68 20 61 20 75 73 65 72 6e 61 6d 65 20 61 6e 64 20 70 61 73 73 77 6f 72 64 2c 20 70 72 65 64 6f	h.a.username.and.password,.predo
1d840	6d 69 6e 61 74 65 6c 79 20 76 69 61 20 74 68 65 20 50 41 50 20 70 72 6f 74 6f 63 6f 6c 20 61 6e	minately.via.the.PAP.protocol.an
1d860	64 20 6c 65 73 73 20 6f 66 74 65 6e 20 76 69 61 20 43 48 41 50 2e 00 3a 61 62 62 72 3a 60 52 41	d.less.often.via.CHAP..:abbr:`RA
1d880	73 20 28 52 6f 75 74 65 72 20 61 64 76 65 72 74 69 73 65 6d 65 6e 74 73 29 60 20 61 72 65 20 64	s.(Router.advertisements)`.are.d
1d8a0	65 73 63 72 69 62 65 64 20 69 6e 20 3a 72 66 63 3a 60 34 38 36 31 23 73 65 63 74 69 6f 6e 2d 34	escribed.in.:rfc:`4861#section-4
1d8c0	2e 36 2e 32 60 2e 20 54 68 65 79 20 61 72 65 20 70 61 72 74 20 6f 66 20 77 68 61 74 20 69 73 20	.6.2`..They.are.part.of.what.is.
1d8e0	6b 6e 6f 77 6e 20 61 73 20 3a 61 62 62 72 3a 60 53 4c 41 41 43 20 28 53 74 61 74 65 6c 65 73 73	known.as.:abbr:`SLAAC.(Stateless
1d900	20 41 64 64 72 65 73 73 20 41 75 74 6f 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 29 60 2e 00 3a 61	.Address.Autoconfiguration)`..:a
1d920	62 62 72 3a 60 52 49 50 20 28 52 6f 75 74 69 6e 67 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 20 50 72	bbr:`RIP.(Routing.Information.Pr
1d940	6f 74 6f 63 6f 6c 29 60 20 69 73 20 61 20 77 69 64 65 6c 79 20 64 65 70 6c 6f 79 65 64 20 69 6e	otocol)`.is.a.widely.deployed.in
1d960	74 65 72 69 6f 72 20 67 61 74 65 77 61 79 20 70 72 6f 74 6f 63 6f 6c 2e 20 52 49 50 20 77 61 73	terior.gateway.protocol..RIP.was
1d980	20 64 65 76 65 6c 6f 70 65 64 20 69 6e 20 74 68 65 20 31 39 37 30 73 20 61 74 20 58 65 72 6f 78	.developed.in.the.1970s.at.Xerox
1d9a0	20 4c 61 62 73 20 61 73 20 70 61 72 74 20 6f 66 20 74 68 65 20 58 4e 53 20 72 6f 75 74 69 6e 67	.Labs.as.part.of.the.XNS.routing
1d9c0	20 70 72 6f 74 6f 63 6f 6c 2e 20 52 49 50 20 69 73 20 61 20 64 69 73 74 61 6e 63 65 2d 76 65 63	.protocol..RIP.is.a.distance-vec
1d9e0	74 6f 72 20 70 72 6f 74 6f 63 6f 6c 20 61 6e 64 20 69 73 20 62 61 73 65 64 20 6f 6e 20 74 68 65	tor.protocol.and.is.based.on.the
1da00	20 42 65 6c 6c 6d 61 6e 2d 46 6f 72 64 20 61 6c 67 6f 72 69 74 68 6d 73 2e 20 41 73 20 61 20 64	.Bellman-Ford.algorithms..As.a.d
1da20	69 73 74 61 6e 63 65 2d 76 65 63 74 6f 72 20 70 72 6f 74 6f 63 6f 6c 2c 20 52 49 50 20 72 6f 75	istance-vector.protocol,.RIP.rou
1da40	74 65 72 20 73 65 6e 64 20 75 70 64 61 74 65 73 20 74 6f 20 69 74 73 20 6e 65 69 67 68 62 6f 72	ter.send.updates.to.its.neighbor
1da60	73 20 70 65 72 69 6f 64 69 63 61 6c 6c 79 2c 20 74 68 75 73 20 61 6c 6c 6f 77 69 6e 67 20 74 68	s.periodically,.thus.allowing.th
1da80	65 20 63 6f 6e 76 65 72 67 65 6e 63 65 20 74 6f 20 61 20 6b 6e 6f 77 6e 20 74 6f 70 6f 6c 6f 67	e.convergence.to.a.known.topolog
1daa0	79 2e 20 49 6e 20 65 61 63 68 20 75 70 64 61 74 65 2c 20 74 68 65 20 64 69 73 74 61 6e 63 65 20	y..In.each.update,.the.distance.
1dac0	74 6f 20 61 6e 79 20 67 69 76 65 6e 20 6e 65 74 77 6f 72 6b 20 77 69 6c 6c 20 62 65 20 62 72 6f	to.any.given.network.will.be.bro
1dae0	61 64 63 61 73 74 20 74 6f 20 69 74 73 20 6e 65 69 67 68 62 6f 72 69 6e 67 20 72 6f 75 74 65 72	adcast.to.its.neighboring.router
1db00	2e 00 3a 61 62 62 72 3a 60 52 50 4b 49 20 28 52 65 73 6f 75 72 63 65 20 50 75 62 6c 69 63 20 4b	..:abbr:`RPKI.(Resource.Public.K
1db20	65 79 20 49 6e 66 72 61 73 74 72 75 63 74 75 72 65 29 60 20 69 73 20 61 20 66 72 61 6d 65 77 6f	ey.Infrastructure)`.is.a.framewo
1db40	72 6b 20 3a 61 62 62 72 3a 60 50 4b 49 20 28 50 75 62 6c 69 63 20 4b 65 79 20 49 6e 66 72 61 73	rk.:abbr:`PKI.(Public.Key.Infras
1db60	74 72 75 63 74 75 72 65 29 60 20 64 65 73 69 67 6e 65 64 20 74 6f 20 73 65 63 75 72 65 20 74 68	tructure)`.designed.to.secure.th
1db80	65 20 49 6e 74 65 72 6e 65 74 20 72 6f 75 74 69 6e 67 20 69 6e 66 72 61 73 74 72 75 63 74 75 72	e.Internet.routing.infrastructur
1dba0	65 2e 20 49 74 20 61 73 73 6f 63 69 61 74 65 73 20 42 47 50 20 72 6f 75 74 65 20 61 6e 6e 6f 75	e..It.associates.BGP.route.annou
1dbc0	6e 63 65 6d 65 6e 74 73 20 77 69 74 68 20 74 68 65 20 63 6f 72 72 65 63 74 20 6f 72 69 67 69 6e	ncements.with.the.correct.origin
1dbe0	61 74 69 6e 67 20 3a 61 62 62 72 3a 60 41 53 4e 20 28 41 75 74 6f 6e 6f 6d 75 73 20 53 79 73 74	ating.:abbr:`ASN.(Autonomus.Syst
1dc00	65 6d 20 4e 75 6d 62 65 72 29 60 20 77 68 69 63 68 20 42 47 50 20 72 6f 75 74 65 72 73 20 63 61	em.Number)`.which.BGP.routers.ca
1dc20	6e 20 74 68 65 6e 20 75 73 65 20 74 6f 20 63 68 65 63 6b 20 65 61 63 68 20 72 6f 75 74 65 20 61	n.then.use.to.check.each.route.a
1dc40	67 61 69 6e 73 74 20 74 68 65 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 3a 61 62 62 72 3a 60	gainst.the.corresponding.:abbr:`
1dc60	52 4f 41 20 28 52 6f 75 74 65 20 4f 72 69 67 69 6e 20 41 75 74 68 6f 72 69 73 61 74 69 6f 6e 29	ROA.(Route.Origin.Authorisation)
1dc80	60 20 66 6f 72 20 76 61 6c 69 64 69 74 79 2e 20 52 50 4b 49 20 69 73 20 64 65 73 63 72 69 62 65	`.for.validity..RPKI.is.describe
1dca0	64 20 69 6e 20 3a 72 66 63 3a 60 36 34 38 30 60 2e 00 3a 61 62 62 72 3a 60 52 50 53 20 28 52 65	d.in.:rfc:`6480`..:abbr:`RPS.(Re
1dcc0	63 65 69 76 65 20 50 61 63 6b 65 74 20 53 74 65 65 72 69 6e 67 29 60 20 69 73 20 6c 6f 67 69 63	ceive.Packet.Steering)`.is.logic
1dce0	61 6c 6c 79 20 61 20 73 6f 66 74 77 61 72 65 20 69 6d 70 6c 65 6d 65 6e 74 61 74 69 6f 6e 20 6f	ally.a.software.implementation.o
1dd00	66 20 3a 61 62 62 72 3a 60 52 53 53 20 28 52 65 63 65 69 76 65 20 53 69 64 65 20 53 63 61 6c 69	f.:abbr:`RSS.(Receive.Side.Scali
1dd20	6e 67 29 60 2e 20 42 65 69 6e 67 20 69 6e 20 73 6f 66 74 77 61 72 65 2c 20 69 74 20 69 73 20 6e	ng)`..Being.in.software,.it.is.n
1dd40	65 63 65 73 73 61 72 69 6c 79 20 63 61 6c 6c 65 64 20 6c 61 74 65 72 20 69 6e 20 74 68 65 20 64	ecessarily.called.later.in.the.d
1dd60	61 74 61 70 61 74 68 2e 20 57 68 65 72 65 61 73 20 52 53 53 20 73 65 6c 65 63 74 73 20 74 68 65	atapath..Whereas.RSS.selects.the
1dd80	20 71 75 65 75 65 20 61 6e 64 20 68 65 6e 63 65 20 43 50 55 20 74 68 61 74 20 77 69 6c 6c 20 72	.queue.and.hence.CPU.that.will.r
1dda0	75 6e 20 74 68 65 20 68 61 72 64 77 61 72 65 20 69 6e 74 65 72 72 75 70 74 20 68 61 6e 64 6c 65	un.the.hardware.interrupt.handle
1ddc0	72 2c 20 52 50 53 20 73 65 6c 65 63 74 73 20 74 68 65 20 43 50 55 20 74 6f 20 70 65 72 66 6f 72	r,.RPS.selects.the.CPU.to.perfor
1dde0	6d 20 70 72 6f 74 6f 63 6f 6c 20 70 72 6f 63 65 73 73 69 6e 67 20 61 62 6f 76 65 20 74 68 65 20	m.protocol.processing.above.the.
1de00	69 6e 74 65 72 72 75 70 74 20 68 61 6e 64 6c 65 72 2e 20 54 68 69 73 20 69 73 20 61 63 63 6f 6d	interrupt.handler..This.is.accom
1de20	70 6c 69 73 68 65 64 20 62 79 20 70 6c 61 63 69 6e 67 20 74 68 65 20 70 61 63 6b 65 74 20 6f 6e	plished.by.placing.the.packet.on
1de40	20 74 68 65 20 64 65 73 69 72 65 64 20 43 50 55 27 73 20 62 61 63 6b 6c 6f 67 20 71 75 65 75 65	.the.desired.CPU's.backlog.queue
1de60	20 61 6e 64 20 77 61 6b 69 6e 67 20 75 70 20 74 68 65 20 43 50 55 20 66 6f 72 20 70 72 6f 63 65	.and.waking.up.the.CPU.for.proce
1de80	73 73 69 6e 67 2e 20 52 50 53 20 68 61 73 20 73 6f 6d 65 20 61 64 76 61 6e 74 61 67 65 73 20 6f	ssing..RPS.has.some.advantages.o
1dea0	76 65 72 20 52 53 53 3a 00 3a 61 62 62 72 3a 60 53 4c 41 41 43 20 28 53 74 61 74 65 6c 65 73 73	ver.RSS:.:abbr:`SLAAC.(Stateless
1dec0	20 41 64 64 72 65 73 73 20 41 75 74 6f 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 29 60 20 3a 72 66	.Address.Autoconfiguration)`.:rf
1dee0	63 3a 60 34 38 36 32 60 2e 20 49 50 76 36 20 68 6f 73 74 73 20 63 61 6e 20 63 6f 6e 66 69 67 75	c:`4862`..IPv6.hosts.can.configu
1df00	72 65 20 74 68 65 6d 73 65 6c 76 65 73 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 77 68 65 6e	re.themselves.automatically.when
1df20	20 63 6f 6e 6e 65 63 74 65 64 20 74 6f 20 61 6e 20 49 50 76 36 20 6e 65 74 77 6f 72 6b 20 75 73	.connected.to.an.IPv6.network.us
1df40	69 6e 67 20 74 68 65 20 4e 65 69 67 68 62 6f 72 20 44 69 73 63 6f 76 65 72 79 20 50 72 6f 74 6f	ing.the.Neighbor.Discovery.Proto
1df60	63 6f 6c 20 76 69 61 20 3a 61 62 62 72 3a 60 49 43 4d 50 76 36 20 28 49 6e 74 65 72 6e 65 74 20	col.via.:abbr:`ICMPv6.(Internet.
1df80	43 6f 6e 74 72 6f 6c 20 4d 65 73 73 61 67 65 20 50 72 6f 74 6f 63 6f 6c 20 76 65 72 73 69 6f 6e	Control.Message.Protocol.version
1dfa0	20 36 29 60 20 72 6f 75 74 65 72 20 64 69 73 63 6f 76 65 72 79 20 6d 65 73 73 61 67 65 73 2e 20	.6)`.router.discovery.messages..
1dfc0	57 68 65 6e 20 66 69 72 73 74 20 63 6f 6e 6e 65 63 74 65 64 20 74 6f 20 61 20 6e 65 74 77 6f 72	When.first.connected.to.a.networ
1dfe0	6b 2c 20 61 20 68 6f 73 74 20 73 65 6e 64 73 20 61 20 6c 69 6e 6b 2d 6c 6f 63 61 6c 20 72 6f 75	k,.a.host.sends.a.link-local.rou
1e000	74 65 72 20 73 6f 6c 69 63 69 74 61 74 69 6f 6e 20 6d 75 6c 74 69 63 61 73 74 20 72 65 71 75 65	ter.solicitation.multicast.reque
1e020	73 74 20 66 6f 72 20 69 74 73 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 70 61 72 61 6d 65 74	st.for.its.configuration.paramet
1e040	65 72 73 3b 20 72 6f 75 74 65 72 73 20 72 65 73 70 6f 6e 64 20 74 6f 20 73 75 63 68 20 61 20 72	ers;.routers.respond.to.such.a.r
1e060	65 71 75 65 73 74 20 77 69 74 68 20 61 20 72 6f 75 74 65 72 20 61 64 76 65 72 74 69 73 65 6d 65	equest.with.a.router.advertiseme
1e080	6e 74 20 70 61 63 6b 65 74 20 74 68 61 74 20 63 6f 6e 74 61 69 6e 73 20 49 6e 74 65 72 6e 65 74	nt.packet.that.contains.Internet
1e0a0	20 4c 61 79 65 72 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 70 61 72 61 6d 65 74 65 72 73 2e	.Layer.configuration.parameters.
1e0c0	00 3a 61 62 62 72 3a 60 53 4e 41 54 20 28 53 6f 75 72 63 65 20 4e 65 74 77 6f 72 6b 20 41 64 64	.:abbr:`SNAT.(Source.Network.Add
1e0e0	72 65 73 73 20 54 72 61 6e 73 6c 61 74 69 6f 6e 29 60 20 69 73 20 74 68 65 20 6d 6f 73 74 20 63	ress.Translation)`.is.the.most.c
1e100	6f 6d 6d 6f 6e 20 66 6f 72 6d 20 6f 66 20 3a 61 62 62 72 3a 60 4e 41 54 20 28 4e 65 74 77 6f 72	ommon.form.of.:abbr:`NAT.(Networ
1e120	6b 20 41 64 64 72 65 73 73 20 54 72 61 6e 73 6c 61 74 69 6f 6e 29 60 20 61 6e 64 20 69 73 20 74	k.Address.Translation)`.and.is.t
1e140	79 70 69 63 61 6c 6c 79 20 72 65 66 65 72 72 65 64 20 74 6f 20 73 69 6d 70 6c 79 20 61 73 20 4e	ypically.referred.to.simply.as.N
1e160	41 54 2e 20 54 6f 20 62 65 20 6d 6f 72 65 20 63 6f 72 72 65 63 74 2c 20 77 68 61 74 20 6d 6f 73	AT..To.be.more.correct,.what.mos
1e180	74 20 70 65 6f 70 6c 65 20 72 65 66 65 72 20 74 6f 20 61 73 20 3a 61 62 62 72 3a 60 4e 41 54 20	t.people.refer.to.as.:abbr:`NAT.
1e1a0	28 4e 65 74 77 6f 72 6b 20 41 64 64 72 65 73 73 20 54 72 61 6e 73 6c 61 74 69 6f 6e 29 60 20 69	(Network.Address.Translation)`.i
1e1c0	73 20 61 63 74 75 61 6c 6c 79 20 74 68 65 20 70 72 6f 63 65 73 73 20 6f 66 20 3a 61 62 62 72 3a	s.actually.the.process.of.:abbr:
1e1e0	60 50 41 54 20 28 50 6f 72 74 20 41 64 64 72 65 73 73 20 54 72 61 6e 73 6c 61 74 69 6f 6e 29 60	`PAT.(Port.Address.Translation)`
1e200	2c 20 6f 72 20 4e 41 54 20 6f 76 65 72 6c 6f 61 64 2e 20 53 4e 41 54 20 69 73 20 74 79 70 69 63	,.or.NAT.overload..SNAT.is.typic
1e220	61 6c 6c 79 20 75 73 65 64 20 62 79 20 69 6e 74 65 72 6e 61 6c 20 75 73 65 72 73 2f 70 72 69 76	ally.used.by.internal.users/priv
1e240	61 74 65 20 68 6f 73 74 73 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 49 6e 74 65 72 6e 65 74	ate.hosts.to.access.the.Internet
1e260	20 2d 20 74 68 65 20 73 6f 75 72 63 65 20 61 64 64 72 65 73 73 20 69 73 20 74 72 61 6e 73 6c 61	.-.the.source.address.is.transla
1e280	74 65 64 20 61 6e 64 20 74 68 75 73 20 6b 65 70 74 20 70 72 69 76 61 74 65 2e 00 3a 61 62 62 72	ted.and.thus.kept.private..:abbr
1e2a0	3a 60 53 4e 4d 50 20 28 53 69 6d 70 6c 65 20 4e 65 74 77 6f 72 6b 20 4d 61 6e 61 67 65 6d 65 6e	:`SNMP.(Simple.Network.Managemen
1e2c0	74 20 50 72 6f 74 6f 63 6f 6c 29 60 20 69 73 20 61 6e 20 49 6e 74 65 72 6e 65 74 20 53 74 61 6e	t.Protocol)`.is.an.Internet.Stan
1e2e0	64 61 72 64 20 70 72 6f 74 6f 63 6f 6c 20 66 6f 72 20 63 6f 6c 6c 65 63 74 69 6e 67 20 61 6e 64	dard.protocol.for.collecting.and
1e300	20 6f 72 67 61 6e 69 7a 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 6d 61	.organizing.information.about.ma
1e320	6e 61 67 65 64 20 64 65 76 69 63 65 73 20 6f 6e 20 49 50 20 6e 65 74 77 6f 72 6b 73 20 61 6e 64	naged.devices.on.IP.networks.and
1e340	20 66 6f 72 20 6d 6f 64 69 66 79 69 6e 67 20 74 68 61 74 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20	.for.modifying.that.information.
1e360	74 6f 20 63 68 61 6e 67 65 20 64 65 76 69 63 65 20 62 65 68 61 76 69 6f 72 2e 20 44 65 76 69 63	to.change.device.behavior..Devic
1e380	65 73 20 74 68 61 74 20 74 79 70 69 63 61 6c 6c 79 20 73 75 70 70 6f 72 74 20 53 4e 4d 50 20 69	es.that.typically.support.SNMP.i
1e3a0	6e 63 6c 75 64 65 20 63 61 62 6c 65 20 6d 6f 64 65 6d 73 2c 20 72 6f 75 74 65 72 73 2c 20 73 77	nclude.cable.modems,.routers,.sw
1e3c0	69 74 63 68 65 73 2c 20 73 65 72 76 65 72 73 2c 20 77 6f 72 6b 73 74 61 74 69 6f 6e 73 2c 20 70	itches,.servers,.workstations,.p
1e3e0	72 69 6e 74 65 72 73 2c 20 61 6e 64 20 6d 6f 72 65 2e 00 3a 61 62 62 72 3a 60 53 4e 50 54 76 36	rinters,.and.more..:abbr:`SNPTv6
1e400	20 28 53 6f 75 72 63 65 20 49 50 76 36 2d 74 6f 2d 49 50 76 36 20 4e 65 74 77 6f 72 6b 20 50 72	.(Source.IPv6-to-IPv6.Network.Pr
1e420	65 66 69 78 20 54 72 61 6e 73 6c 61 74 69 6f 6e 29 60 20 54 68 65 20 63 6f 6e 76 65 72 73 69 6f	efix.Translation)`.The.conversio
1e440	6e 20 66 75 6e 63 74 69 6f 6e 20 69 73 20 6d 61 69 6e 6c 79 20 75 73 65 64 20 69 6e 20 74 68 65	n.function.is.mainly.used.in.the
1e460	20 66 6f 6c 6c 6f 77 69 6e 67 20 73 63 65 6e 61 72 69 6f 73 3a 00 3a 61 62 62 72 3a 60 53 53 48	.following.scenarios:.:abbr:`SSH
1e480	20 28 53 65 63 75 72 65 20 53 68 65 6c 6c 29 60 20 69 73 20 61 20 63 72 79 70 74 6f 67 72 61 70	.(Secure.Shell)`.is.a.cryptograp
1e4a0	68 69 63 20 6e 65 74 77 6f 72 6b 20 70 72 6f 74 6f 63 6f 6c 20 66 6f 72 20 6f 70 65 72 61 74 69	hic.network.protocol.for.operati
1e4c0	6e 67 20 6e 65 74 77 6f 72 6b 20 73 65 72 76 69 63 65 73 20 73 65 63 75 72 65 6c 79 20 6f 76 65	ng.network.services.securely.ove
1e4e0	72 20 61 6e 20 75 6e 73 65 63 75 72 65 64 20 6e 65 74 77 6f 72 6b 2e 20 54 68 65 20 73 74 61 6e	r.an.unsecured.network..The.stan
1e500	64 61 72 64 20 54 43 50 20 70 6f 72 74 20 66 6f 72 20 53 53 48 20 69 73 20 32 32 2e 20 54 68 65	dard.TCP.port.for.SSH.is.22..The
1e520	20 62 65 73 74 20 6b 6e 6f 77 6e 20 65 78 61 6d 70 6c 65 20 61 70 70 6c 69 63 61 74 69 6f 6e 20	.best.known.example.application.
1e540	69 73 20 66 6f 72 20 72 65 6d 6f 74 65 20 6c 6f 67 69 6e 20 74 6f 20 63 6f 6d 70 75 74 65 72 20	is.for.remote.login.to.computer.
1e560	73 79 73 74 65 6d 73 20 62 79 20 75 73 65 72 73 2e 00 3a 61 62 62 72 3a 60 53 53 54 50 20 28 53	systems.by.users..:abbr:`SSTP.(S
1e580	65 63 75 72 65 20 53 6f 63 6b 65 74 20 54 75 6e 6e 65 6c 69 6e 67 20 50 72 6f 74 6f 63 6f 6c 29	ecure.Socket.Tunneling.Protocol)
1e5a0	60 20 69 73 20 61 20 66 6f 72 6d 20 6f 66 20 3a 61 62 62 72 3a 60 56 50 4e 20 28 56 69 72 74 75	`.is.a.form.of.:abbr:`VPN.(Virtu
1e5c0	61 6c 20 50 72 69 76 61 74 65 20 4e 65 74 77 6f 72 6b 29 60 20 74 75 6e 6e 65 6c 20 74 68 61 74	al.Private.Network)`.tunnel.that
1e5e0	20 70 72 6f 76 69 64 65 73 20 61 20 6d 65 63 68 61 6e 69 73 6d 20 74 6f 20 74 72 61 6e 73 70 6f	.provides.a.mechanism.to.transpo
1e600	72 74 20 50 50 50 20 74 72 61 66 66 69 63 20 74 68 72 6f 75 67 68 20 61 6e 20 53 53 4c 2f 54 4c	rt.PPP.traffic.through.an.SSL/TL
1e620	53 20 63 68 61 6e 6e 65 6c 2e 20 53 53 4c 2f 54 4c 53 20 70 72 6f 76 69 64 65 73 20 74 72 61 6e	S.channel..SSL/TLS.provides.tran
1e640	73 70 6f 72 74 2d 6c 65 76 65 6c 20 73 65 63 75 72 69 74 79 20 77 69 74 68 20 6b 65 79 20 6e 65	sport-level.security.with.key.ne
1e660	67 6f 74 69 61 74 69 6f 6e 2c 20 65 6e 63 72 79 70 74 69 6f 6e 20 61 6e 64 20 74 72 61 66 66 69	gotiation,.encryption.and.traffi
1e680	63 20 69 6e 74 65 67 72 69 74 79 20 63 68 65 63 6b 69 6e 67 2e 20 54 68 65 20 75 73 65 20 6f 66	c.integrity.checking..The.use.of
1e6a0	20 53 53 4c 2f 54 4c 53 20 6f 76 65 72 20 54 43 50 20 70 6f 72 74 20 34 34 33 20 61 6c 6c 6f 77	.SSL/TLS.over.TCP.port.443.allow
1e6c0	73 20 53 53 54 50 20 74 6f 20 70 61 73 73 20 74 68 72 6f 75 67 68 20 76 69 72 74 75 61 6c 6c 79	s.SSTP.to.pass.through.virtually
1e6e0	20 61 6c 6c 20 66 69 72 65 77 61 6c 6c 73 20 61 6e 64 20 70 72 6f 78 79 20 73 65 72 76 65 72 73	.all.firewalls.and.proxy.servers
1e700	20 65 78 63 65 70 74 20 66 6f 72 20 61 75 74 68 65 6e 74 69 63 61 74 65 64 20 77 65 62 20 70 72	.except.for.authenticated.web.pr
1e720	6f 78 69 65 73 2e 00 3a 61 62 62 72 3a 60 53 53 54 50 20 28 53 65 63 75 72 65 20 53 6f 63 6b 65	oxies..:abbr:`SSTP.(Secure.Socke
1e740	74 20 54 75 6e 6e 65 6c 69 6e 67 20 50 72 6f 74 6f 63 6f 6c 29 60 20 69 73 20 61 20 66 6f 72 6d	t.Tunneling.Protocol)`.is.a.form
1e760	20 6f 66 20 3a 61 62 62 72 3a 60 56 54 50 20 28 56 69 72 74 75 61 6c 20 50 72 69 76 61 74 65 20	.of.:abbr:`VTP.(Virtual.Private.
1e780	4e 65 74 77 6f 72 6b 29 60 20 74 75 6e 6e 65 6c 20 74 68 61 74 20 70 72 6f 76 69 64 65 73 20 61	Network)`.tunnel.that.provides.a
1e7a0	20 6d 65 63 68 61 6e 69 73 6d 20 74 6f 20 74 72 61 6e 73 70 6f 72 74 20 50 50 50 20 74 72 61 66	.mechanism.to.transport.PPP.traf
1e7c0	66 69 63 20 74 68 72 6f 75 67 68 20 61 6e 20 53 53 4c 2f 54 4c 53 20 63 68 61 6e 6e 65 6c 2e 20	fic.through.an.SSL/TLS.channel..
1e7e0	53 53 4c 2f 54 4c 53 20 70 72 6f 76 69 64 65 73 20 74 72 61 6e 73 70 6f 72 74 2d 6c 65 76 65 6c	SSL/TLS.provides.transport-level
1e800	20 73 65 63 75 72 69 74 79 20 77 69 74 68 20 6b 65 79 20 6e 65 67 6f 74 69 61 74 69 6f 6e 2c 20	.security.with.key.negotiation,.
1e820	65 6e 63 72 79 70 74 69 6f 6e 20 61 6e 64 20 74 72 61 66 66 69 63 20 69 6e 74 65 67 72 69 74 79	encryption.and.traffic.integrity
1e840	20 63 68 65 63 6b 69 6e 67 2e 20 54 68 65 20 75 73 65 20 6f 66 20 53 53 4c 2f 54 4c 53 20 6f 76	.checking..The.use.of.SSL/TLS.ov
1e860	65 72 20 54 43 50 20 70 6f 72 74 20 34 34 33 20 28 62 79 20 64 65 66 61 75 6c 74 2c 20 70 6f 72	er.TCP.port.443.(by.default,.por
1e880	74 20 63 61 6e 20 62 65 20 63 68 61 6e 67 65 64 29 20 61 6c 6c 6f 77 73 20 53 53 54 50 20 74 6f	t.can.be.changed).allows.SSTP.to
1e8a0	20 70 61 73 73 20 74 68 72 6f 75 67 68 20 76 69 72 74 75 61 6c 6c 79 20 61 6c 6c 20 66 69 72 65	.pass.through.virtually.all.fire
1e8c0	77 61 6c 6c 73 20 61 6e 64 20 70 72 6f 78 79 20 73 65 72 76 65 72 73 20 65 78 63 65 70 74 20 66	walls.and.proxy.servers.except.f
1e8e0	6f 72 20 61 75 74 68 65 6e 74 69 63 61 74 65 64 20 77 65 62 20 70 72 6f 78 69 65 73 2e 00 3a 61	or.authenticated.web.proxies..:a
1e900	62 62 72 3a 60 53 54 50 20 28 53 70 61 6e 6e 69 6e 67 20 54 72 65 65 20 50 72 6f 74 6f 63 6f 6c	bbr:`STP.(Spanning.Tree.Protocol
1e920	29 60 20 69 73 20 61 20 6e 65 74 77 6f 72 6b 20 70 72 6f 74 6f 63 6f 6c 20 74 68 61 74 20 62 75	)`.is.a.network.protocol.that.bu
1e940	69 6c 64 73 20 61 20 6c 6f 6f 70 2d 66 72 65 65 20 6c 6f 67 69 63 61 6c 20 74 6f 70 6f 6c 6f 67	ilds.a.loop-free.logical.topolog
1e960	79 20 66 6f 72 20 45 74 68 65 72 6e 65 74 20 6e 65 74 77 6f 72 6b 73 2e 20 54 68 65 20 62 61 73	y.for.Ethernet.networks..The.bas
1e980	69 63 20 66 75 6e 63 74 69 6f 6e 20 6f 66 20 53 54 50 20 69 73 20 74 6f 20 70 72 65 76 65 6e 74	ic.function.of.STP.is.to.prevent
1e9a0	20 62 72 69 64 67 65 20 6c 6f 6f 70 73 20 61 6e 64 20 74 68 65 20 62 72 6f 61 64 63 61 73 74 20	.bridge.loops.and.the.broadcast.
1e9c0	72 61 64 69 61 74 69 6f 6e 20 74 68 61 74 20 72 65 73 75 6c 74 73 20 66 72 6f 6d 20 74 68 65 6d	radiation.that.results.from.them
1e9e0	2e 20 53 70 61 6e 6e 69 6e 67 20 74 72 65 65 20 61 6c 73 6f 20 61 6c 6c 6f 77 73 20 61 20 6e 65	..Spanning.tree.also.allows.a.ne
1ea00	74 77 6f 72 6b 20 64 65 73 69 67 6e 20 74 6f 20 69 6e 63 6c 75 64 65 20 62 61 63 6b 75 70 20 6c	twork.design.to.include.backup.l
1ea20	69 6e 6b 73 20 70 72 6f 76 69 64 69 6e 67 20 66 61 75 6c 74 20 74 6f 6c 65 72 61 6e 63 65 20 69	inks.providing.fault.tolerance.i
1ea40	66 20 61 6e 20 61 63 74 69 76 65 20 6c 69 6e 6b 20 66 61 69 6c 73 2e 00 3a 61 62 62 72 3a 60 54	f.an.active.link.fails..:abbr:`T
1ea60	46 54 50 20 28 54 72 69 76 69 61 6c 20 46 69 6c 65 20 54 72 61 6e 73 66 65 72 20 50 72 6f 74 6f	FTP.(Trivial.File.Transfer.Proto
1ea80	63 6f 6c 29 60 20 69 73 20 61 20 73 69 6d 70 6c 65 2c 20 6c 6f 63 6b 73 74 65 70 20 66 69 6c 65	col)`.is.a.simple,.lockstep.file
1eaa0	20 74 72 61 6e 73 66 65 72 20 70 72 6f 74 6f 63 6f 6c 20 77 68 69 63 68 20 61 6c 6c 6f 77 73 20	.transfer.protocol.which.allows.
1eac0	61 20 63 6c 69 65 6e 74 20 74 6f 20 67 65 74 20 61 20 66 69 6c 65 20 66 72 6f 6d 20 6f 72 20 70	a.client.to.get.a.file.from.or.p
1eae0	75 74 20 61 20 66 69 6c 65 20 6f 6e 74 6f 20 61 20 72 65 6d 6f 74 65 20 68 6f 73 74 2e 20 4f 6e	ut.a.file.onto.a.remote.host..On
1eb00	65 20 6f 66 20 69 74 73 20 70 72 69 6d 61 72 79 20 75 73 65 73 20 69 73 20 69 6e 20 74 68 65 20	e.of.its.primary.uses.is.in.the.
1eb20	65 61 72 6c 79 20 73 74 61 67 65 73 20 6f 66 20 6e 6f 64 65 73 20 62 6f 6f 74 69 6e 67 20 66 72	early.stages.of.nodes.booting.fr
1eb40	6f 6d 20 61 20 6c 6f 63 61 6c 20 61 72 65 61 20 6e 65 74 77 6f 72 6b 2e 20 54 46 54 50 20 68 61	om.a.local.area.network..TFTP.ha
1eb60	73 20 62 65 65 6e 20 75 73 65 64 20 66 6f 72 20 74 68 69 73 20 61 70 70 6c 69 63 61 74 69 6f 6e	s.been.used.for.this.application
1eb80	20 62 65 63 61 75 73 65 20 69 74 20 69 73 20 76 65 72 79 20 73 69 6d 70 6c 65 20 74 6f 20 69 6d	.because.it.is.very.simple.to.im
1eba0	70 6c 65 6d 65 6e 74 2e 00 3a 61 62 62 72 3a 60 56 4e 49 20 28 56 69 72 74 75 61 6c 20 4e 65 74	plement..:abbr:`VNI.(Virtual.Net
1ebc0	77 6f 72 6b 20 49 64 65 6e 74 69 66 69 65 72 29 60 20 69 73 20 61 6e 20 69 64 65 6e 74 69 66 69	work.Identifier)`.is.an.identifi
1ebe0	65 72 20 66 6f 72 20 61 20 75 6e 69 71 75 65 20 65 6c 65 6d 65 6e 74 20 6f 66 20 61 20 76 69 72	er.for.a.unique.element.of.a.vir
1ec00	74 75 61 6c 20 6e 65 74 77 6f 72 6b 2e 20 20 49 6e 20 6d 61 6e 79 20 73 69 74 75 61 74 69 6f 6e	tual.network...In.many.situation
1ec20	73 20 74 68 69 73 20 6d 61 79 20 72 65 70 72 65 73 65 6e 74 20 61 6e 20 4c 32 20 73 65 67 6d 65	s.this.may.represent.an.L2.segme
1ec40	6e 74 2c 20 68 6f 77 65 76 65 72 2c 20 74 68 65 20 63 6f 6e 74 72 6f 6c 20 70 6c 61 6e 65 20 64	nt,.however,.the.control.plane.d
1ec60	65 66 69 6e 65 73 20 74 68 65 20 66 6f 72 77 61 72 64 69 6e 67 20 73 65 6d 61 6e 74 69 63 73 20	efines.the.forwarding.semantics.
1ec80	6f 66 20 64 65 63 61 70 73 75 6c 61 74 65 64 20 70 61 63 6b 65 74 73 2e 20 54 68 65 20 56 4e 49	of.decapsulated.packets..The.VNI
1eca0	20 4d 41 59 20 62 65 20 75 73 65 64 20 61 73 20 70 61 72 74 20 6f 66 20 45 43 4d 50 20 66 6f 72	.MAY.be.used.as.part.of.ECMP.for
1ecc0	77 61 72 64 69 6e 67 20 64 65 63 69 73 69 6f 6e 73 20 6f 72 20 4d 41 59 20 62 65 20 75 73 65 64	warding.decisions.or.MAY.be.used
1ece0	20 61 73 20 61 20 6d 65 63 68 61 6e 69 73 6d 20 74 6f 20 64 69 73 74 69 6e 67 75 69 73 68 20 62	.as.a.mechanism.to.distinguish.b
1ed00	65 74 77 65 65 6e 20 6f 76 65 72 6c 61 70 70 69 6e 67 20 61 64 64 72 65 73 73 20 73 70 61 63 65	etween.overlapping.address.space
1ed20	73 20 63 6f 6e 74 61 69 6e 65 64 20 69 6e 20 74 68 65 20 65 6e 63 61 70 73 75 6c 61 74 65 64 20	s.contained.in.the.encapsulated.
1ed40	70 61 63 6b 65 74 20 77 68 65 6e 20 6c 6f 61 64 20 62 61 6c 61 6e 63 69 6e 67 20 61 63 72 6f 73	packet.when.load.balancing.acros
1ed60	73 20 43 50 55 73 2e 00 3a 61 62 62 72 3a 60 56 52 46 20 28 56 69 72 74 75 61 6c 20 52 6f 75 74	s.CPUs..:abbr:`VRF.(Virtual.Rout
1ed80	69 6e 67 20 61 6e 64 20 46 6f 72 77 61 72 64 69 6e 67 29 60 20 64 65 76 69 63 65 73 20 63 6f 6d	ing.and.Forwarding)`.devices.com
1eda0	62 69 6e 65 64 20 77 69 74 68 20 69 70 20 72 75 6c 65 73 20 70 72 6f 76 69 64 65 73 20 74 68 65	bined.with.ip.rules.provides.the
1edc0	20 61 62 69 6c 69 74 79 20 74 6f 20 63 72 65 61 74 65 20 76 69 72 74 75 61 6c 20 72 6f 75 74 69	.ability.to.create.virtual.routi
1ede0	6e 67 20 61 6e 64 20 66 6f 72 77 61 72 64 69 6e 67 20 64 6f 6d 61 69 6e 73 20 28 61 6b 61 20 56	ng.and.forwarding.domains.(aka.V
1ee00	52 46 73 2c 20 56 52 46 2d 6c 69 74 65 20 74 6f 20 62 65 20 73 70 65 63 69 66 69 63 29 20 69 6e	RFs,.VRF-lite.to.be.specific).in
1ee20	20 74 68 65 20 4c 69 6e 75 78 20 6e 65 74 77 6f 72 6b 20 73 74 61 63 6b 2e 20 4f 6e 65 20 75 73	.the.Linux.network.stack..One.us
1ee40	65 20 63 61 73 65 20 69 73 20 74 68 65 20 6d 75 6c 74 69 2d 74 65 6e 61 6e 63 79 20 70 72 6f 62	e.case.is.the.multi-tenancy.prob
1ee60	6c 65 6d 20 77 68 65 72 65 20 65 61 63 68 20 74 65 6e 61 6e 74 20 68 61 73 20 74 68 65 69 72 20	lem.where.each.tenant.has.their.
1ee80	6f 77 6e 20 75 6e 69 71 75 65 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 73 20 61 6e 64 20 69 6e	own.unique.routing.tables.and.in
1eea0	20 74 68 65 20 76 65 72 79 20 6c 65 61 73 74 20 6e 65 65 64 20 64 69 66 66 65 72 65 6e 74 20 64	.the.very.least.need.different.d
1eec0	65 66 61 75 6c 74 20 67 61 74 65 77 61 79 73 2e 00 3a 61 62 62 72 3a 60 56 58 4c 41 4e 20 28 56	efault.gateways..:abbr:`VXLAN.(V
1eee0	69 72 74 75 61 6c 20 45 78 74 65 6e 73 69 62 6c 65 20 4c 41 4e 29 60 20 69 73 20 61 20 6e 65 74	irtual.Extensible.LAN)`.is.a.net
1ef00	77 6f 72 6b 20 76 69 72 74 75 61 6c 69 7a 61 74 69 6f 6e 20 74 65 63 68 6e 6f 6c 6f 67 79 20 74	work.virtualization.technology.t
1ef20	68 61 74 20 61 74 74 65 6d 70 74 73 20 74 6f 20 61 64 64 72 65 73 73 20 74 68 65 20 73 63 61 6c	hat.attempts.to.address.the.scal
1ef40	61 62 69 6c 69 74 79 20 70 72 6f 62 6c 65 6d 73 20 61 73 73 6f 63 69 61 74 65 64 20 77 69 74 68	ability.problems.associated.with
1ef60	20 6c 61 72 67 65 20 63 6c 6f 75 64 20 63 6f 6d 70 75 74 69 6e 67 20 64 65 70 6c 6f 79 6d 65 6e	.large.cloud.computing.deploymen
1ef80	74 73 2e 20 49 74 20 75 73 65 73 20 61 20 56 4c 41 4e 2d 6c 69 6b 65 20 65 6e 63 61 70 73 75 6c	ts..It.uses.a.VLAN-like.encapsul
1efa0	61 74 69 6f 6e 20 74 65 63 68 6e 69 71 75 65 20 74 6f 20 65 6e 63 61 70 73 75 6c 61 74 65 20 4f	ation.technique.to.encapsulate.O
1efc0	53 49 20 6c 61 79 65 72 20 32 20 45 74 68 65 72 6e 65 74 20 66 72 61 6d 65 73 20 77 69 74 68 69	SI.layer.2.Ethernet.frames.withi
1efe0	6e 20 6c 61 79 65 72 20 34 20 55 44 50 20 64 61 74 61 67 72 61 6d 73 2c 20 75 73 69 6e 67 20 34	n.layer.4.UDP.datagrams,.using.4
1f000	37 38 39 20 61 73 20 74 68 65 20 64 65 66 61 75 6c 74 20 49 41 4e 41 2d 61 73 73 69 67 6e 65 64	789.as.the.default.IANA-assigned
1f020	20 64 65 73 74 69 6e 61 74 69 6f 6e 20 55 44 50 20 70 6f 72 74 20 6e 75 6d 62 65 72 2e 20 56 58	.destination.UDP.port.number..VX
1f040	4c 41 4e 20 65 6e 64 70 6f 69 6e 74 73 2c 20 77 68 69 63 68 20 74 65 72 6d 69 6e 61 74 65 20 56	LAN.endpoints,.which.terminate.V
1f060	58 4c 41 4e 20 74 75 6e 6e 65 6c 73 20 61 6e 64 20 6d 61 79 20 62 65 20 65 69 74 68 65 72 20 76	XLAN.tunnels.and.may.be.either.v
1f080	69 72 74 75 61 6c 20 6f 72 20 70 68 79 73 69 63 61 6c 20 73 77 69 74 63 68 20 70 6f 72 74 73 2c	irtual.or.physical.switch.ports,
1f0a0	20 61 72 65 20 6b 6e 6f 77 6e 20 61 73 20 3a 61 62 62 72 3a 60 56 54 45 50 73 20 28 56 58 4c 41	.are.known.as.:abbr:`VTEPs.(VXLA
1f0c0	4e 20 74 75 6e 6e 65 6c 20 65 6e 64 70 6f 69 6e 74 73 29 60 2e 00 3a 61 62 62 72 3a 60 57 41 50	N.tunnel.endpoints)`..:abbr:`WAP
1f0e0	20 28 57 69 72 65 6c 65 73 73 20 41 63 63 65 73 73 2d 50 6f 69 6e 74 29 60 20 70 72 6f 76 69 64	.(Wireless.Access-Point)`.provid
1f100	65 73 20 6e 65 74 77 6f 72 6b 20 61 63 63 65 73 73 20 74 6f 20 63 6f 6e 6e 65 63 74 69 6e 67 20	es.network.access.to.connecting.
1f120	73 74 61 74 69 6f 6e 73 20 69 66 20 74 68 65 20 70 68 79 73 69 63 61 6c 20 68 61 72 64 77 61 72	stations.if.the.physical.hardwar
1f140	65 20 73 75 70 70 6f 72 74 73 20 61 63 74 69 6e 67 20 61 73 20 61 20 57 41 50 00 3a 61 62 62 72	e.supports.acting.as.a.WAP.:abbr
1f160	3a 60 57 4c 41 4e 20 28 57 69 72 65 6c 65 73 73 20 4c 41 4e 29 60 20 69 6e 74 65 72 66 61 63 65	:`WLAN.(Wireless.LAN)`.interface
1f180	20 70 72 6f 76 69 64 65 20 38 30 32 2e 31 31 20 28 61 2f 62 2f 67 2f 6e 2f 61 63 29 20 77 69 72	.provide.802.11.(a/b/g/n/ac).wir
1f1a0	65 6c 65 73 73 20 73 75 70 70 6f 72 74 20 28 63 6f 6d 6d 6f 6e 6c 79 20 72 65 66 65 72 72 65 64	eless.support.(commonly.referred
1f1c0	20 74 6f 20 61 73 20 57 69 2d 46 69 29 20 62 79 20 6d 65 61 6e 73 20 6f 66 20 63 6f 6d 70 61 74	.to.as.Wi-Fi).by.means.of.compat
1f1e0	69 62 6c 65 20 68 61 72 64 77 61 72 65 2e 20 49 66 20 79 6f 75 72 20 68 61 72 64 77 61 72 65 20	ible.hardware..If.your.hardware.
1f200	73 75 70 70 6f 72 74 73 20 69 74 2c 20 56 79 4f 53 20 73 75 70 70 6f 72 74 73 20 6d 75 6c 74 69	supports.it,.VyOS.supports.multi
1f220	70 6c 65 20 6c 6f 67 69 63 61 6c 20 77 69 72 65 6c 65 73 73 20 69 6e 74 65 72 66 61 63 65 73 20	ple.logical.wireless.interfaces.
1f240	70 65 72 20 70 68 79 73 69 63 61 6c 20 64 65 76 69 63 65 2e 00 3a 61 62 62 72 3a 60 57 50 41 20	per.physical.device..:abbr:`WPA.
1f260	28 57 69 2d 46 69 20 50 72 6f 74 65 63 74 65 64 20 41 63 63 65 73 73 29 60 20 61 6e 64 20 57 50	(Wi-Fi.Protected.Access)`.and.WP
1f280	41 32 20 45 6e 74 65 72 70 72 69 73 65 20 69 6e 20 63 6f 6d 62 69 6e 61 74 69 6f 6e 20 77 69 74	A2.Enterprise.in.combination.wit
1f2a0	68 20 38 30 32 2e 31 78 20 62 61 73 65 64 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 63 61	h.802.1x.based.authentication.ca
1f2c0	6e 20 62 65 20 75 73 65 64 20 74 6f 20 61 75 74 68 65 6e 74 69 63 61 74 65 20 75 73 65 72 73 20	n.be.used.to.authenticate.users.
1f2e0	6f 72 20 63 6f 6d 70 75 74 65 72 73 20 69 6e 20 61 20 64 6f 6d 61 69 6e 2e 00 3a 61 62 62 72 3a	or.computers.in.a.domain..:abbr:
1f300	60 6d 47 52 45 20 28 4d 75 6c 74 69 70 6f 69 6e 74 20 47 65 6e 65 72 69 63 20 52 6f 75 74 69 6e	`mGRE.(Multipoint.Generic.Routin
1f320	67 20 45 6e 63 61 70 73 75 6c 61 74 69 6f 6e 29 60 20 3a 72 66 63 3a 60 31 37 30 32 60 00 3a 63	g.Encapsulation)`.:rfc:`1702`.:c
1f340	66 67 63 6d 64 3a 60 61 64 76 2d 72 6f 75 74 65 72 20 3c 41 2e 42 2e 43 2e 44 3e 60 20 e2 80 93	fgcmd:`adv-router.<A.B.C.D>`....
1f360	20 72 6f 75 74 65 72 20 69 64 2c 20 77 68 69 63 68 20 6c 69 6e 6b 20 61 64 76 65 72 74 69 73 65	.router.id,.which.link.advertise
1f380	6d 65 6e 74 73 20 6e 65 65 64 20 74 6f 20 62 65 20 72 65 76 69 65 77 65 64 2e 00 3a 63 66 67 63	ments.need.to.be.reviewed..:cfgc
1f3a0	6d 64 3a 60 73 65 6c 66 2d 6f 72 69 67 69 6e 61 74 65 60 20 64 69 73 70 6c 61 79 73 20 6f 6e 6c	md:`self-originate`.displays.onl
1f3c0	79 20 73 65 6c 66 2d 6f 72 69 67 69 6e 61 74 65 64 20 4c 53 41 73 20 66 72 6f 6d 20 74 68 65 20	y.self-originated.LSAs.from.the.
1f3e0	6c 6f 63 61 6c 20 72 6f 75 74 65 72 2e 00 3a 63 66 67 63 6d 64 3a 60 73 65 74 20 73 65 72 76 69	local.router..:cfgcmd:`set.servi
1f400	63 65 20 63 6f 6e 6e 74 72 61 63 6b 2d 73 79 6e 63 20 69 6e 74 65 72 66 61 63 65 20 65 74 68 30	ce.conntrack-sync.interface.eth0
1f420	20 70 65 65 72 20 31 39 32 2e 31 36 38 2e 30 2e 32 35 30 60 00 3a 63 6f 64 65 3a 60 73 65 74 20	.peer.192.168.0.250`.:code:`set.
1f440	73 65 72 76 69 63 65 20 77 65 62 70 72 6f 78 79 20 75 72 6c 2d 66 69 6c 74 65 72 69 6e 67 20 73	service.webproxy.url-filtering.s
1f460	71 75 69 64 67 75 61 72 64 20 61 75 74 6f 2d 75 70 64 61 74 65 20 75 70 64 61 74 65 2d 68 6f 75	quidguard.auto-update.update-hou
1f480	72 20 32 33 60 00 3a 63 6f 64 65 3a 60 73 65 74 20 73 65 72 76 69 63 65 20 77 65 62 70 72 6f 78	r.23`.:code:`set.service.webprox
1f4a0	79 20 75 72 6c 2d 66 69 6c 74 65 72 69 6e 67 20 73 71 75 69 64 67 75 61 72 64 20 62 6c 6f 63 6b	y.url-filtering.squidguard.block
1f4c0	2d 63 61 74 65 67 6f 72 79 20 61 64 73 60 00 3a 63 6f 64 65 3a 60 73 65 74 20 73 65 72 76 69 63	-category.ads`.:code:`set.servic
1f4e0	65 20 77 65 62 70 72 6f 78 79 20 75 72 6c 2d 66 69 6c 74 65 72 69 6e 67 20 73 71 75 69 64 67 75	e.webproxy.url-filtering.squidgu
1f500	61 72 64 20 62 6c 6f 63 6b 2d 63 61 74 65 67 6f 72 79 20 6d 61 6c 77 61 72 65 60 00 3a 63 6f 64	ard.block-category.malware`.:cod
1f520	65 3a 60 73 65 74 20 73 65 72 76 69 63 65 20 77 65 62 70 72 6f 78 79 20 77 68 69 74 65 6c 69 73	e:`set.service.webproxy.whitelis
1f540	74 20 64 65 73 74 69 6e 61 74 69 6f 6e 2d 61 64 64 72 65 73 73 20 31 39 32 2e 30 2e 32 2e 30 2f	t.destination-address.192.0.2.0/
1f560	32 34 60 00 3a 63 6f 64 65 3a 60 73 65 74 20 73 65 72 76 69 63 65 20 77 65 62 70 72 6f 78 79 20	24`.:code:`set.service.webproxy.
1f580	77 68 69 74 65 6c 69 73 74 20 64 65 73 74 69 6e 61 74 69 6f 6e 2d 61 64 64 72 65 73 73 20 31 39	whitelist.destination-address.19
1f5a0	38 2e 35 31 2e 31 30 30 2e 33 33 60 00 3a 63 6f 64 65 3a 60 73 65 74 20 73 65 72 76 69 63 65 20	8.51.100.33`.:code:`set.service.
1f5c0	77 65 62 70 72 6f 78 79 20 77 68 69 74 65 6c 69 73 74 20 73 6f 75 72 63 65 2d 61 64 64 72 65 73	webproxy.whitelist.source-addres
1f5e0	73 20 31 39 32 2e 31 36 38 2e 31 2e 32 60 00 3a 63 6f 64 65 3a 60 73 65 74 20 73 65 72 76 69 63	s.192.168.1.2`.:code:`set.servic
1f600	65 20 77 65 62 70 72 6f 78 79 20 77 68 69 74 65 6c 69 73 74 20 73 6f 75 72 63 65 2d 61 64 64 72	e.webproxy.whitelist.source-addr
1f620	65 73 73 20 31 39 32 2e 31 36 38 2e 32 2e 30 2f 32 34 60 00 3a 6c 61 73 74 70 72 6f 6f 66 72 65	ess.192.168.2.0/24`.:lastproofre
1f640	61 64 3a 32 30 32 31 2d 30 37 2d 31 32 00 3a 6f 70 63 6d 64 3a 60 67 65 6e 65 72 61 74 65 20 70	ad:2021-07-12.:opcmd:`generate.p
1f660	6b 69 20 77 69 72 65 67 75 61 72 64 20 6b 65 79 2d 70 61 69 72 60 2e 00 3a 72 65 66 3a 60 72 6f	ki.wireguard.key-pair`..:ref:`ro
1f680	75 74 69 6e 67 2d 62 67 70 60 00 3a 72 65 66 3a 60 72 6f 75 74 69 6e 67 2d 62 67 70 60 3a 20 60	uting-bgp`.:ref:`routing-bgp`:.`
1f6a0	60 73 65 74 20 76 72 66 20 6e 61 6d 65 20 3c 6e 61 6d 65 3e 20 70 72 6f 74 6f 63 6f 6c 73 20 62	`set.vrf.name.<name>.protocols.b
1f6c0	67 70 20 2e 2e 2e 60 60 00 3a 72 65 66 3a 60 72 6f 75 74 69 6e 67 2d 69 73 69 73 60 00 3a 72 65	gp....``.:ref:`routing-isis`.:re
1f6e0	66 3a 60 72 6f 75 74 69 6e 67 2d 69 73 69 73 60 3a 20 60 60 73 65 74 20 76 72 66 20 6e 61 6d 65	f:`routing-isis`:.``set.vrf.name
1f700	20 3c 6e 61 6d 65 3e 20 70 72 6f 74 6f 63 6f 6c 73 20 69 73 69 73 20 2e 2e 2e 60 60 00 3a 72 65	.<name>.protocols.isis....``.:re
1f720	66 3a 60 72 6f 75 74 69 6e 67 2d 6f 73 70 66 60 00 3a 72 65 66 3a 60 72 6f 75 74 69 6e 67 2d 6f	f:`routing-ospf`.:ref:`routing-o
1f740	73 70 66 60 3a 20 60 60 73 65 74 20 76 72 66 20 6e 61 6d 65 20 3c 6e 61 6d 65 3e 20 70 72 6f 74	spf`:.``set.vrf.name.<name>.prot
1f760	6f 63 6f 6c 73 20 6f 73 70 66 20 2e 2e 2e 60 60 00 3a 72 65 66 3a 60 72 6f 75 74 69 6e 67 2d 6f	ocols.ospf....``.:ref:`routing-o
1f780	73 70 66 76 33 60 00 3a 72 65 66 3a 60 72 6f 75 74 69 6e 67 2d 6f 73 70 66 76 33 60 3a 20 60 60	spfv3`.:ref:`routing-ospfv3`:.``
1f7a0	73 65 74 20 76 72 66 20 6e 61 6d 65 20 3c 6e 61 6d 65 3e 20 70 72 6f 74 6f 63 6f 6c 73 20 6f 73	set.vrf.name.<name>.protocols.os
1f7c0	70 66 76 33 20 2e 2e 2e 60 60 00 3a 72 65 66 3a 60 72 6f 75 74 69 6e 67 2d 73 74 61 74 69 63 60	pfv3....``.:ref:`routing-static`
1f7e0	00 3a 72 65 66 3a 60 72 6f 75 74 69 6e 67 2d 73 74 61 74 69 63 60 3a 20 60 60 73 65 74 20 76 72	.:ref:`routing-static`:.``set.vr
1f800	66 20 6e 61 6d 65 20 3c 6e 61 6d 65 3e 20 70 72 6f 74 6f 63 6f 6c 73 20 73 74 61 74 69 63 20 2e	f.name.<name>.protocols.static..
1f820	2e 2e 60 60 00 3a 72 66 63 3a 60 32 31 33 31 60 20 73 74 61 74 65 73 3a 20 54 68 65 20 63 6c 69	..``.:rfc:`2131`.states:.The.cli
1f840	65 6e 74 20 4d 41 59 20 63 68 6f 6f 73 65 20 74 6f 20 65 78 70 6c 69 63 69 74 6c 79 20 70 72 6f	ent.MAY.choose.to.explicitly.pro
1f860	76 69 64 65 20 74 68 65 20 69 64 65 6e 74 69 66 69 65 72 20 74 68 72 6f 75 67 68 20 74 68 65 20	vide.the.identifier.through.the.
1f880	27 63 6c 69 65 6e 74 20 69 64 65 6e 74 69 66 69 65 72 27 20 6f 70 74 69 6f 6e 2e 20 49 66 20 74	'client.identifier'.option..If.t
1f8a0	68 65 20 63 6c 69 65 6e 74 20 73 75 70 70 6c 69 65 73 20 61 20 27 63 6c 69 65 6e 74 20 69 64 65	he.client.supplies.a.'client.ide
1f8c0	6e 74 69 66 69 65 72 27 2c 20 74 68 65 20 63 6c 69 65 6e 74 20 4d 55 53 54 20 75 73 65 20 74 68	ntifier',.the.client.MUST.use.th
1f8e0	65 20 73 61 6d 65 20 27 63 6c 69 65 6e 74 20 69 64 65 6e 74 69 66 69 65 72 27 20 69 6e 20 61 6c	e.same.'client.identifier'.in.al
1f900	6c 20 73 75 62 73 65 71 75 65 6e 74 20 6d 65 73 73 61 67 65 73 2c 20 61 6e 64 20 74 68 65 20 73	l.subsequent.messages,.and.the.s
1f920	65 72 76 65 72 20 4d 55 53 54 20 75 73 65 20 74 68 61 74 20 69 64 65 6e 74 69 66 69 65 72 20 74	erver.MUST.use.that.identifier.t
1f940	6f 20 69 64 65 6e 74 69 66 79 20 74 68 65 20 63 6c 69 65 6e 74 2e 00 3a 72 66 63 3a 60 32 31 33	o.identify.the.client..:rfc:`213
1f960	36 60 20 42 61 73 65 64 00 3a 72 66 63 3a 60 32 33 32 38 60 2c 20 74 68 65 20 73 75 63 63 65 73	6`.Based.:rfc:`2328`,.the.succes
1f980	73 6f 72 20 74 6f 20 3a 72 66 63 3a 60 31 35 38 33 60 2c 20 73 75 67 67 65 73 74 73 20 61 63 63	sor.to.:rfc:`1583`,.suggests.acc
1f9a0	6f 72 64 69 6e 67 20 74 6f 20 73 65 63 74 69 6f 6e 20 47 2e 32 20 28 63 68 61 6e 67 65 73 29 20	ording.to.section.G.2.(changes).
1f9c0	69 6e 20 73 65 63 74 69 6f 6e 20 31 36 2e 34 2e 31 20 61 20 63 68 61 6e 67 65 20 74 6f 20 74 68	in.section.16.4.1.a.change.to.th
1f9e0	65 20 70 61 74 68 20 70 72 65 66 65 72 65 6e 63 65 20 61 6c 67 6f 72 69 74 68 6d 20 74 68 61 74	e.path.preference.algorithm.that
1fa00	20 70 72 65 76 65 6e 74 73 20 70 6f 73 73 69 62 6c 65 20 72 6f 75 74 69 6e 67 20 6c 6f 6f 70 73	.prevents.possible.routing.loops
1fa20	20 74 68 61 74 20 77 65 72 65 20 70 6f 73 73 69 62 6c 65 20 69 6e 20 74 68 65 20 6f 6c 64 20 76	.that.were.possible.in.the.old.v
1fa40	65 72 73 69 6f 6e 20 6f 66 20 4f 53 50 46 76 32 2e 20 4d 6f 72 65 20 73 70 65 63 69 66 69 63 61	ersion.of.OSPFv2..More.specifica
1fa60	6c 6c 79 20 69 74 20 64 65 6d 61 6e 64 73 20 74 68 61 74 20 69 6e 74 65 72 2d 61 72 65 61 20 70	lly.it.demands.that.inter-area.p
1fa80	61 74 68 73 20 61 6e 64 20 69 6e 74 72 61 2d 61 72 65 61 20 62 61 63 6b 62 6f 6e 65 20 70 61 74	aths.and.intra-area.backbone.pat
1faa0	68 20 61 72 65 20 6e 6f 77 20 6f 66 20 65 71 75 61 6c 20 70 72 65 66 65 72 65 6e 63 65 20 62 75	h.are.now.of.equal.preference.bu
1fac0	74 20 73 74 69 6c 6c 20 62 6f 74 68 20 70 72 65 66 65 72 72 65 64 20 74 6f 20 65 78 74 65 72 6e	t.still.both.preferred.to.extern
1fae0	61 6c 20 70 61 74 68 73 2e 00 3a 76 79 74 61 73 6b 3a 60 54 33 36 34 32 60 20 64 65 73 63 72 69	al.paths..:vytask:`T3642`.descri
1fb00	62 65 73 20 61 20 6e 65 77 20 43 4c 49 20 73 75 62 73 79 73 74 65 6d 20 74 68 61 74 20 73 65 72	bes.a.new.CLI.subsystem.that.ser
1fb20	76 65 73 20 61 73 20 61 20 22 63 65 72 74 73 74 6f 72 65 22 20 74 6f 20 61 6c 6c 20 73 65 72 76	ves.as.a."certstore".to.all.serv
1fb40	69 63 65 73 20 72 65 71 75 69 72 69 6e 67 20 61 6e 79 20 6b 69 6e 64 20 6f 66 20 65 6e 63 72 79	ices.requiring.any.kind.of.encry
1fb60	70 74 69 6f 6e 20 6b 65 79 28 73 29 2e 20 49 6e 20 73 68 6f 72 74 2c 20 70 75 62 6c 69 63 20 61	ption.key(s)..In.short,.public.a
1fb80	6e 64 20 70 72 69 76 61 74 65 20 63 65 72 74 69 66 69 63 61 74 65 73 20 61 72 65 20 6e 6f 77 20	nd.private.certificates.are.now.
1fba0	73 74 6f 72 65 64 20 69 6e 20 50 4b 43 53 23 38 20 66 6f 72 6d 61 74 20 69 6e 20 74 68 65 20 72	stored.in.PKCS#8.format.in.the.r
1fbc0	65 67 75 6c 61 72 20 56 79 4f 53 20 43 4c 49 2e 20 4b 65 79 73 20 63 61 6e 20 6e 6f 77 20 62 65	egular.VyOS.CLI..Keys.can.now.be
1fbe0	20 61 64 64 65 64 2c 20 65 64 69 74 65 64 2c 20 61 6e 64 20 64 65 6c 65 74 65 64 20 75 73 69 6e	.added,.edited,.and.deleted.usin
1fc00	67 20 74 68 65 20 72 65 67 75 6c 61 72 20 73 65 74 2f 65 64 69 74 2f 64 65 6c 65 74 65 20 43 4c	g.the.regular.set/edit/delete.CL
1fc20	49 20 63 6f 6d 6d 61 6e 64 73 2e 00 3c 31 2d 36 35 35 33 35 3e 3a 20 4e 75 6d 62 65 72 65 64 20	I.commands..<1-65535>:.Numbered.
1fc40	70 6f 72 74 2e 00 3c 61 61 3a 6e 6e 3a 6e 6e 3e 3a 20 45 78 74 65 6e 64 65 64 20 63 6f 6d 6d 75	port..<aa:nn:nn>:.Extended.commu
1fc60	6e 69 74 79 20 6c 69 73 74 20 72 65 67 75 6c 61 72 20 65 78 70 72 65 73 73 69 6f 6e 2e 00 3c 68	nity.list.regular.expression..<h
1fc80	3a 68 3a 68 3a 68 3a 68 3a 68 3a 68 3a 68 2f 78 3e 3a 20 49 50 76 36 20 70 72 65 66 69 78 20 74	:h:h:h:h:h:h:h/x>:.IPv6.prefix.t
1fca0	6f 20 6d 61 74 63 68 2e 00 3c 68 3a 68 3a 68 3a 68 3a 68 3a 68 3a 68 3a 68 3e 2d 3c 68 3a 68 3a	o.match..<h:h:h:h:h:h:h:h>-<h:h:
1fcc0	68 3a 68 3a 68 3a 68 3a 68 3a 68 3e 3a 20 49 50 76 36 20 72 61 6e 67 65 20 74 6f 20 6d 61 74 63	h:h:h:h:h:h>:.IPv6.range.to.matc
1fce0	68 2e 00 3c 68 3a 68 3a 68 3a 68 3a 68 3a 68 3a 68 3a 68 3e 3a 20 49 50 76 36 20 61 64 64 72 65	h..<h:h:h:h:h:h:h:h>:.IPv6.addre
1fd00	73 73 20 74 6f 20 6d 61 74 63 68 2e 00 3c 6c 69 6e 65 73 3e 00 3c 6e 75 6d 62 65 72 3e 20 6d 75	ss.to.match..<lines>.<number>.mu
1fd20	73 74 20 62 65 20 66 72 6f 6d 20 33 34 20 2d 20 31 37 33 2e 20 46 6f 72 20 38 30 20 4d 48 7a 20	st.be.from.34.-.173..For.80.MHz.
1fd40	63 68 61 6e 6e 65 6c 73 20 69 74 20 73 68 6f 75 6c 64 20 62 65 20 63 68 61 6e 6e 65 6c 20 2b 20	channels.it.should.be.channel.+.
1fd60	36 2e 00 3c 6e 75 6d 62 65 72 3e 20 e2 80 93 20 61 72 65 61 20 69 64 65 6e 74 69 66 69 65 72 20	6..<number>.....area.identifier.
1fd80	74 68 72 6f 75 67 68 20 77 68 69 63 68 20 61 20 76 69 72 74 75 61 6c 20 6c 69 6e 6b 20 67 6f 65	through.which.a.virtual.link.goe
1fda0	73 2e 20 3c 41 2e 42 2e 43 2e 44 3e 20 e2 80 93 20 41 42 52 20 72 6f 75 74 65 72 2d 69 64 20 77	s..<A.B.C.D>.....ABR.router-id.w
1fdc0	69 74 68 20 77 68 69 63 68 20 61 20 76 69 72 74 75 61 6c 20 6c 69 6e 6b 20 69 73 20 65 73 74 61	ith.which.a.virtual.link.is.esta
1fde0	62 6c 69 73 68 65 64 2e 20 56 69 72 74 75 61 6c 20 6c 69 6e 6b 20 6d 75 73 74 20 62 65 20 63 6f	blished..Virtual.link.must.be.co
1fe00	6e 66 69 67 75 72 65 64 20 6f 6e 20 62 6f 74 68 20 72 6f 75 74 65 72 73 2e 00 3c 70 6f 72 74 20	nfigured.on.both.routers..<port.
1fe20	6e 61 6d 65 3e 3a 20 4e 61 6d 65 64 20 70 6f 72 74 20 28 61 6e 79 20 6e 61 6d 65 20 69 6e 20 2f	name>:.Named.port.(any.name.in./
1fe40	65 74 63 2f 73 65 72 76 69 63 65 73 2c 20 65 2e 67 2e 2c 20 68 74 74 70 29 2e 00 3c 72 74 20 61	etc/services,.e.g.,.http)..<rt.a
1fe60	61 3a 6e 6e 3a 6e 6e 3e 3a 20 52 6f 75 74 65 20 54 61 72 67 65 74 20 72 65 67 75 6c 61 72 20 65	a:nn:nn>:.Route.Target.regular.e
1fe80	78 70 72 65 73 73 69 6f 6e 2e 00 3c 73 6f 6f 20 61 61 3a 6e 6e 3a 6e 6e 3e 3a 20 53 69 74 65 20	xpression..<soo.aa:nn:nn>:.Site.
1fea0	6f 66 20 4f 72 69 67 69 6e 20 72 65 67 75 6c 61 72 20 65 78 70 72 65 73 73 69 6f 6e 2e 00 3c 73	of.Origin.regular.expression..<s
1fec0	74 61 72 74 3e 2d 3c 65 6e 64 3e 3a 20 4e 75 6d 62 65 72 65 64 20 70 6f 72 74 20 72 61 6e 67 65	tart>-<end>:.Numbered.port.range
1fee0	20 28 65 2e 67 2e 2c 20 31 30 30 31 2d 31 30 30 35 29 2e 00 3c 78 2e 78 2e 78 2e 78 2f 78 3e 3a	.(e.g.,.1001-1005)..<x.x.x.x/x>:
1ff00	20 53 75 62 6e 65 74 20 74 6f 20 6d 61 74 63 68 2e 00 3c 78 2e 78 2e 78 2e 78 3e 2d 3c 78 2e 78	.Subnet.to.match..<x.x.x.x>-<x.x
1ff20	2e 78 2e 78 3e 3a 20 49 50 20 72 61 6e 67 65 20 74 6f 20 6d 61 74 63 68 2e 00 3c 78 2e 78 2e 78	.x.x>:.IP.range.to.match..<x.x.x
1ff40	2e 78 3e 3a 20 49 50 20 61 64 64 72 65 73 73 20 74 6f 20 6d 61 74 63 68 2e 00 41 20 2a 2a 64 6f	.x>:.IP.address.to.match..A.**do
1ff60	6d 61 69 6e 20 67 72 6f 75 70 2a 2a 20 72 65 70 72 65 73 65 6e 74 73 20 61 20 63 6f 6c 6c 65 63	main.group**.represents.a.collec
1ff80	74 69 6f 6e 20 6f 66 20 64 6f 6d 61 69 6e 73 2e 00 41 20 2a 2a 6d 61 63 20 67 72 6f 75 70 2a 2a	tion.of.domains..A.**mac.group**
1ffa0	20 72 65 70 72 65 73 65 6e 74 73 20 61 20 63 6f 6c 6c 65 63 74 69 6f 6e 20 6f 66 20 6d 61 63 20	.represents.a.collection.of.mac.
1ffc0	61 64 64 72 65 73 73 65 73 2e 00 41 20 2a 2a 70 6f 72 74 20 67 72 6f 75 70 2a 2a 20 72 65 70 72	addresses..A.**port.group**.repr
1ffe0	65 73 65 6e 74 73 20 6f 6e 6c 79 20 70 6f 72 74 20 6e 75 6d 62 65 72 73 2c 20 6e 6f 74 20 74 68	esents.only.port.numbers,.not.th
20000	65 20 70 72 6f 74 6f 63 6f 6c 2e 20 50 6f 72 74 20 67 72 6f 75 70 73 20 63 61 6e 20 62 65 20 72	e.protocol..Port.groups.can.be.r
20020	65 66 65 72 65 6e 63 65 64 20 66 6f 72 20 65 69 74 68 65 72 20 54 43 50 20 6f 72 20 55 44 50 2e	eferenced.for.either.TCP.or.UDP.
20040	20 49 74 20 69 73 20 72 65 63 6f 6d 6d 65 6e 64 65 64 20 74 68 61 74 20 54 43 50 20 61 6e 64 20	.It.is.recommended.that.TCP.and.
20060	55 44 50 20 67 72 6f 75 70 73 20 61 72 65 20 63 72 65 61 74 65 64 20 73 65 70 61 72 61 74 65 6c	UDP.groups.are.created.separatel
20080	79 20 74 6f 20 61 76 6f 69 64 20 61 63 63 69 64 65 6e 74 61 6c 6c 79 20 66 69 6c 74 65 72 69 6e	y.to.avoid.accidentally.filterin
200a0	67 20 75 6e 6e 65 63 65 73 73 61 72 79 20 70 6f 72 74 73 2e 20 52 61 6e 67 65 73 20 6f 66 20 70	g.unnecessary.ports..Ranges.of.p
200c0	6f 72 74 73 20 63 61 6e 20 62 65 20 73 70 65 63 69 66 69 65 64 20 62 79 20 75 73 69 6e 67 20 60	orts.can.be.specified.by.using.`
200e0	2d 60 2e 00 41 20 2a 62 69 74 2a 20 69 73 20 77 72 69 74 74 65 6e 20 61 73 20 2a 2a 62 69 74 2a	-`..A.*bit*.is.written.as.**bit*
20100	2a 2c 00 41 20 3a 61 62 62 72 3a 60 4e 49 53 20 28 4e 65 74 77 6f 72 6b 20 49 6e 66 6f 72 6d 61	*,.A.:abbr:`NIS.(Network.Informa
20120	74 69 6f 6e 20 53 65 72 76 69 63 65 29 60 20 64 6f 6d 61 69 6e 20 63 61 6e 20 62 65 20 73 65 74	tion.Service)`.domain.can.be.set
20140	20 74 6f 20 62 65 20 75 73 65 64 20 66 6f 72 20 44 48 43 50 76 36 20 63 6c 69 65 6e 74 73 2e 00	.to.be.used.for.DHCPv6.clients..
20160	41 20 42 47 50 20 63 6f 6e 66 65 64 65 72 61 74 69 6f 6e 20 64 69 76 69 64 65 73 20 6f 75 72 20	A.BGP.confederation.divides.our.
20180	41 53 20 69 6e 74 6f 20 73 75 62 2d 41 53 65 73 20 74 6f 20 72 65 64 75 63 65 20 74 68 65 20 6e	AS.into.sub-ASes.to.reduce.the.n
201a0	75 6d 62 65 72 20 6f 66 20 72 65 71 75 69 72 65 64 20 49 42 47 50 20 70 65 65 72 69 6e 67 73 2e	umber.of.required.IBGP.peerings.
201c0	20 57 69 74 68 69 6e 20 61 20 73 75 62 2d 41 53 20 77 65 20 73 74 69 6c 6c 20 72 65 71 75 69 72	.Within.a.sub-AS.we.still.requir
201e0	65 20 66 75 6c 6c 2d 6d 65 73 68 20 49 42 47 50 20 62 75 74 20 62 65 74 77 65 65 6e 20 74 68 65	e.full-mesh.IBGP.but.between.the
20200	73 65 20 73 75 62 2d 41 53 65 73 20 77 65 20 75 73 65 20 73 6f 6d 65 74 68 69 6e 67 20 74 68 61	se.sub-ASes.we.use.something.tha
20220	74 20 6c 6f 6f 6b 73 20 6c 69 6b 65 20 45 42 47 50 20 62 75 74 20 62 65 68 61 76 65 73 20 6c 69	t.looks.like.EBGP.but.behaves.li
20240	6b 65 20 49 42 47 50 20 28 63 61 6c 6c 65 64 20 63 6f 6e 66 65 64 65 72 61 74 69 6f 6e 20 42 47	ke.IBGP.(called.confederation.BG
20260	50 29 2e 20 43 6f 6e 66 65 64 65 72 61 74 69 6f 6e 20 6d 65 63 68 61 6e 69 73 6d 20 69 73 20 64	P)..Confederation.mechanism.is.d
20280	65 73 63 72 69 62 65 64 20 69 6e 20 3a 72 66 63 3a 60 35 30 36 35 60 00 41 20 42 47 50 2d 73 70	escribed.in.:rfc:`5065`.A.BGP-sp
202a0	65 61 6b 69 6e 67 20 72 6f 75 74 65 72 20 6c 69 6b 65 20 56 79 4f 53 20 63 61 6e 20 72 65 74 72	eaking.router.like.VyOS.can.retr
202c0	69 65 76 65 20 52 4f 41 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 66 72 6f 6d 20 52 50 4b 49 20 22	ieve.ROA.information.from.RPKI."
202e0	52 65 6c 79 69 6e 67 20 50 61 72 74 79 20 73 6f 66 74 77 61 72 65 22 20 28 6f 66 74 65 6e 20 6a	Relying.Party.software".(often.j
20300	75 73 74 20 63 61 6c 6c 65 64 20 61 6e 20 22 52 50 4b 49 20 73 65 72 76 65 72 22 20 6f 72 20 22	ust.called.an."RPKI.server".or."
20320	52 50 4b 49 20 76 61 6c 69 64 61 74 6f 72 22 29 20 62 79 20 75 73 69 6e 67 20 3a 61 62 62 72 3a	RPKI.validator").by.using.:abbr:
20340	60 52 54 52 20 28 52 50 4b 49 20 74 6f 20 52 6f 75 74 65 72 29 60 20 70 72 6f 74 6f 63 6f 6c 2e	`RTR.(RPKI.to.Router)`.protocol.
20360	20 54 68 65 72 65 20 61 72 65 20 73 65 76 65 72 61 6c 20 6f 70 65 6e 20 73 6f 75 72 63 65 20 69	.There.are.several.open.source.i
20380	6d 70 6c 65 6d 65 6e 74 61 74 69 6f 6e 73 20 74 6f 20 63 68 6f 6f 73 65 20 66 72 6f 6d 2c 20 73	mplementations.to.choose.from,.s
203a0	75 63 68 20 61 73 20 4e 4c 4e 65 74 4c 61 62 73 27 20 52 6f 75 74 69 6e 61 74 6f 72 5f 20 28 77	uch.as.NLNetLabs'.Routinator_.(w
203c0	72 69 74 74 65 6e 20 69 6e 20 52 75 73 74 29 2c 20 43 6c 6f 75 64 66 6c 61 72 65 27 73 20 47 6f	ritten.in.Rust),.Cloudflare's.Go
203e0	52 54 52 5f 20 61 6e 64 20 4f 63 74 6f 52 50 4b 49 5f 20 28 77 72 69 74 74 65 6e 20 69 6e 20 47	RTR_.and.OctoRPKI_.(written.in.G
20400	6f 29 2c 20 61 6e 64 20 52 49 50 45 20 4e 43 43 27 73 20 52 50 4b 49 20 56 61 6c 69 64 61 74 6f	o),.and.RIPE.NCC's.RPKI.Validato
20420	72 5f 20 28 77 72 69 74 74 65 6e 20 69 6e 20 4a 61 76 61 29 2e 20 54 68 65 20 52 54 52 20 70 72	r_.(written.in.Java)..The.RTR.pr
20440	6f 74 6f 63 6f 6c 20 69 73 20 64 65 73 63 72 69 62 65 64 20 69 6e 20 3a 72 66 63 3a 60 38 32 31	otocol.is.described.in.:rfc:`821
20460	30 60 2e 00 41 20 42 72 69 64 67 65 20 69 73 20 61 20 77 61 79 20 74 6f 20 63 6f 6e 6e 65 63 74	0`..A.Bridge.is.a.way.to.connect
20480	20 74 77 6f 20 45 74 68 65 72 6e 65 74 20 73 65 67 6d 65 6e 74 73 20 74 6f 67 65 74 68 65 72 20	.two.Ethernet.segments.together.
204a0	69 6e 20 61 20 70 72 6f 74 6f 63 6f 6c 20 69 6e 64 65 70 65 6e 64 65 6e 74 20 77 61 79 2e 20 50	in.a.protocol.independent.way..P
204c0	61 63 6b 65 74 73 20 61 72 65 20 66 6f 72 77 61 72 64 65 64 20 62 61 73 65 64 20 6f 6e 20 45 74	ackets.are.forwarded.based.on.Et
204e0	68 65 72 6e 65 74 20 61 64 64 72 65 73 73 2c 20 72 61 74 68 65 72 20 74 68 61 6e 20 49 50 20 61	hernet.address,.rather.than.IP.a
20500	64 64 72 65 73 73 20 28 6c 69 6b 65 20 61 20 72 6f 75 74 65 72 29 2e 20 53 69 6e 63 65 20 66 6f	ddress.(like.a.router)..Since.fo
20520	72 77 61 72 64 69 6e 67 20 69 73 20 64 6f 6e 65 20 61 74 20 4c 61 79 65 72 20 32 2c 20 61 6c 6c	rwarding.is.done.at.Layer.2,.all
20540	20 70 72 6f 74 6f 63 6f 6c 73 20 63 61 6e 20 67 6f 20 74 72 61 6e 73 70 61 72 65 6e 74 6c 79 20	.protocols.can.go.transparently.
20560	74 68 72 6f 75 67 68 20 61 20 62 72 69 64 67 65 2e 20 54 68 65 20 4c 69 6e 75 78 20 62 72 69 64	through.a.bridge..The.Linux.brid
20580	67 65 20 63 6f 64 65 20 69 6d 70 6c 65 6d 65 6e 74 73 20 61 20 73 75 62 73 65 74 20 6f 66 20 74	ge.code.implements.a.subset.of.t
205a0	68 65 20 41 4e 53 49 2f 49 45 45 45 20 38 30 32 2e 31 64 20 73 74 61 6e 64 61 72 64 2e 00 41 20	he.ANSI/IEEE.802.1d.standard..A.
205c0	47 52 45 20 74 75 6e 6e 65 6c 20 6f 70 65 72 61 74 65 73 20 61 74 20 6c 61 79 65 72 20 33 20 6f	GRE.tunnel.operates.at.layer.3.o
205e0	66 20 74 68 65 20 4f 53 49 20 6d 6f 64 65 6c 20 61 6e 64 20 69 73 20 72 65 70 72 65 73 65 6e 74	f.the.OSI.model.and.is.represent
20600	65 64 20 62 79 20 49 50 20 70 72 6f 74 6f 63 6f 6c 20 34 37 2e 20 54 68 65 20 6d 61 69 6e 20 62	ed.by.IP.protocol.47..The.main.b
20620	65 6e 65 66 69 74 20 6f 66 20 61 20 47 52 45 20 74 75 6e 6e 65 6c 20 69 73 20 74 68 61 74 20 79	enefit.of.a.GRE.tunnel.is.that.y
20640	6f 75 20 61 72 65 20 61 62 6c 65 20 74 6f 20 63 61 72 72 79 20 6d 75 6c 74 69 70 6c 65 20 70 72	ou.are.able.to.carry.multiple.pr
20660	6f 74 6f 63 6f 6c 73 20 69 6e 73 69 64 65 20 74 68 65 20 73 61 6d 65 20 74 75 6e 6e 65 6c 2e 20	otocols.inside.the.same.tunnel..
20680	47 52 45 20 61 6c 73 6f 20 73 75 70 70 6f 72 74 73 20 6d 75 6c 74 69 63 61 73 74 20 74 72 61 66	GRE.also.supports.multicast.traf
206a0	66 69 63 20 61 6e 64 20 73 75 70 70 6f 72 74 73 20 72 6f 75 74 69 6e 67 20 70 72 6f 74 6f 63 6f	fic.and.supports.routing.protoco
206c0	6c 73 20 74 68 61 74 20 6c 65 76 65 72 61 67 65 20 6d 75 6c 74 69 63 61 73 74 20 74 6f 20 66 6f	ls.that.leverage.multicast.to.fo
206e0	72 6d 20 6e 65 69 67 68 62 6f 72 20 61 64 6a 61 63 65 6e 63 69 65 73 2e 00 41 20 52 75 6c 65 2d	rm.neighbor.adjacencies..A.Rule-
20700	53 65 74 20 63 61 6e 20 62 65 20 61 70 70 6c 69 65 64 20 74 6f 20 65 76 65 72 79 20 69 6e 74 65	Set.can.be.applied.to.every.inte
20720	72 66 61 63 65 3a 00 41 20 53 4e 54 50 20 73 65 72 76 65 72 20 61 64 64 72 65 73 73 20 63 61 6e	rface:.A.SNTP.server.address.can
20740	20 62 65 20 73 70 65 63 69 66 69 65 64 20 66 6f 72 20 44 48 43 50 76 36 20 63 6c 69 65 6e 74 73	.be.specified.for.DHCPv6.clients
20760	2e 00 41 20 56 52 46 20 64 65 76 69 63 65 20 69 73 20 63 72 65 61 74 65 64 20 77 69 74 68 20 61	..A.VRF.device.is.created.with.a
20780	6e 20 61 73 73 6f 63 69 61 74 65 64 20 72 6f 75 74 65 20 74 61 62 6c 65 2e 20 4e 65 74 77 6f 72	n.associated.route.table..Networ
207a0	6b 20 69 6e 74 65 72 66 61 63 65 73 20 61 72 65 20 74 68 65 6e 20 65 6e 73 6c 61 76 65 64 20 74	k.interfaces.are.then.enslaved.t
207c0	6f 20 61 20 56 52 46 20 64 65 76 69 63 65 2e 00 41 20 56 79 4f 53 20 47 52 45 20 74 75 6e 6e 65	o.a.VRF.device..A.VyOS.GRE.tunne
207e0	6c 20 63 61 6e 20 63 61 72 72 79 20 62 6f 74 68 20 49 50 76 34 20 61 6e 64 20 49 50 76 36 20 74	l.can.carry.both.IPv4.and.IPv6.t
20800	72 61 66 66 69 63 20 61 6e 64 20 63 61 6e 20 61 6c 73 6f 20 62 65 20 63 72 65 61 74 65 64 20 6f	raffic.and.can.also.be.created.o
20820	76 65 72 20 65 69 74 68 65 72 20 49 50 76 34 20 28 67 72 65 29 20 6f 72 20 49 50 76 36 20 28 69	ver.either.IPv4.(gre).or.IPv6.(i
20840	70 36 67 72 65 29 2e 00 41 20 56 79 4f 53 20 72 6f 75 74 65 72 20 77 69 74 68 20 74 77 6f 20 69	p6gre)..A.VyOS.router.with.two.i
20860	6e 74 65 72 66 61 63 65 73 20 2d 20 65 74 68 30 20 28 57 41 4e 29 20 61 6e 64 20 65 74 68 31 20	nterfaces.-.eth0.(WAN).and.eth1.
20880	28 4c 41 4e 29 20 2d 20 69 73 20 72 65 71 75 69 72 65 64 20 74 6f 20 69 6d 70 6c 65 6d 65 6e 74	(LAN).-.is.required.to.implement
208a0	20 61 20 73 70 6c 69 74 2d 68 6f 72 69 7a 6f 6e 20 44 4e 53 20 63 6f 6e 66 69 67 75 72 61 74 69	.a.split-horizon.DNS.configurati
208c0	6f 6e 20 66 6f 72 20 65 78 61 6d 70 6c 65 2e 63 6f 6d 2e 00 41 20 62 61 73 69 63 20 63 6f 6e 66	on.for.example.com..A.basic.conf
208e0	69 67 75 72 61 74 69 6f 6e 20 72 65 71 75 69 72 65 73 20 61 20 74 75 6e 6e 65 6c 20 73 6f 75 72	iguration.requires.a.tunnel.sour
20900	63 65 20 28 73 6f 75 72 63 65 2d 61 64 64 72 65 73 73 29 2c 20 61 20 74 75 6e 6e 65 6c 20 64 65	ce.(source-address),.a.tunnel.de
20920	73 74 69 6e 61 74 69 6f 6e 20 28 72 65 6d 6f 74 65 29 2c 20 61 6e 20 65 6e 63 61 70 73 75 6c 61	stination.(remote),.an.encapsula
20940	74 69 6f 6e 20 74 79 70 65 20 28 67 72 65 29 2c 20 61 6e 64 20 61 6e 20 61 64 64 72 65 73 73 20	tion.type.(gre),.and.an.address.
20960	28 69 70 76 34 2f 69 70 76 36 29 2e 20 42 65 6c 6f 77 20 69 73 20 61 20 62 61 73 69 63 20 49 50	(ipv4/ipv6)..Below.is.a.basic.IP
20980	76 34 20 6f 6e 6c 79 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 65 78 61 6d 70 6c 65 20 74 61	v4.only.configuration.example.ta
209a0	6b 65 6e 20 66 72 6f 6d 20 61 20 56 79 4f 53 20 72 6f 75 74 65 72 20 61 6e 64 20 61 20 43 69 73	ken.from.a.VyOS.router.and.a.Cis
209c0	63 6f 20 49 4f 53 20 72 6f 75 74 65 72 2e 20 54 68 65 20 6d 61 69 6e 20 64 69 66 66 65 72 65 6e	co.IOS.router..The.main.differen
209e0	63 65 20 62 65 74 77 65 65 6e 20 74 68 65 73 65 20 74 77 6f 20 63 6f 6e 66 69 67 75 72 61 74 69	ce.between.these.two.configurati
20a00	6f 6e 73 20 69 73 20 74 68 61 74 20 56 79 4f 53 20 72 65 71 75 69 72 65 73 20 79 6f 75 20 65 78	ons.is.that.VyOS.requires.you.ex
20a20	70 6c 69 63 69 74 6c 79 20 63 6f 6e 66 69 67 75 72 65 20 74 68 65 20 65 6e 63 61 70 73 75 6c 61	plicitly.configure.the.encapsula
20a40	74 69 6f 6e 20 74 79 70 65 2e 20 54 68 65 20 43 69 73 63 6f 20 72 6f 75 74 65 72 20 64 65 66 61	tion.type..The.Cisco.router.defa
20a60	75 6c 74 73 20 74 6f 20 47 52 45 20 49 50 20 6f 74 68 65 72 77 69 73 65 20 69 74 20 77 6f 75 6c	ults.to.GRE.IP.otherwise.it.woul
20a80	64 20 68 61 76 65 20 74 6f 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 77 65 6c 6c 2e	d.have.to.be.configured.as.well.
20aa0	00 41 20 62 61 73 69 63 20 69 6e 74 72 6f 64 75 63 74 69 6f 6e 20 74 6f 20 7a 6f 6e 65 2d 62 61	.A.basic.introduction.to.zone-ba
20ac0	73 65 64 20 66 69 72 65 77 61 6c 6c 73 20 63 61 6e 20 62 65 20 66 6f 75 6e 64 20 60 68 65 72 65	sed.firewalls.can.be.found.`here
20ae0	20 3c 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 76 79 6f 73 2e 69 6f 2f 65 6e 2f 6b 62 2f	.<https://support.vyos.io/en/kb/
20b00	61 72 74 69 63 6c 65 73 2f 61 2d 70 72 69 6d 65 72 2d 74 6f 2d 7a 6f 6e 65 2d 62 61 73 65 64 2d	articles/a-primer-to-zone-based-
20b20	66 69 72 65 77 61 6c 6c 3e 60 5f 2c 20 61 6e 64 20 61 6e 20 65 78 61 6d 70 6c 65 20 61 74 20 3a	firewall>`_,.and.an.example.at.:
20b40	72 65 66 3a 60 65 78 61 6d 70 6c 65 73 2d 7a 6f 6e 65 2d 70 6f 6c 69 63 79 60 2e 00 41 20 62 72	ref:`examples-zone-policy`..A.br
20b60	69 64 67 65 20 6e 61 6d 65 64 20 60 62 72 31 30 30 60 00 41 20 63 6c 61 73 73 20 63 61 6e 20 68	idge.named.`br100`.A.class.can.h
20b80	61 76 65 20 6d 75 6c 74 69 70 6c 65 20 6d 61 74 63 68 20 66 69 6c 74 65 72 73 3a 00 41 20 63 6f	ave.multiple.match.filters:.A.co
20ba0	6d 6d 6f 6e 20 65 78 61 6d 70 6c 65 20 69 73 20 74 68 65 20 63 61 73 65 20 6f 66 20 73 6f 6d 65	mmon.example.is.the.case.of.some
20bc0	20 70 6f 6c 69 63 69 65 73 20 77 68 69 63 68 2c 20 69 6e 20 6f 72 64 65 72 20 74 6f 20 62 65 20	.policies.which,.in.order.to.be.
20be0	65 66 66 65 63 74 69 76 65 2c 20 74 68 65 79 20 6e 65 65 64 20 74 6f 20 62 65 20 61 70 70 6c 69	effective,.they.need.to.be.appli
20c00	65 64 20 74 6f 20 61 6e 20 69 6e 74 65 72 66 61 63 65 20 74 68 61 74 20 69 73 20 64 69 72 65 63	ed.to.an.interface.that.is.direc
20c20	74 6c 79 20 63 6f 6e 6e 65 63 74 65 64 20 77 68 65 72 65 20 74 68 65 20 62 6f 74 74 6c 65 6e 65	tly.connected.where.the.bottlene
20c40	63 6b 20 69 73 2e 20 49 66 20 79 6f 75 72 20 72 6f 75 74 65 72 20 69 73 20 6e 6f 74 20 64 69 72	ck.is..If.your.router.is.not.dir
20c60	65 63 74 6c 79 20 63 6f 6e 6e 65 63 74 65 64 20 74 6f 20 74 68 65 20 62 6f 74 74 6c 65 6e 65 63	ectly.connected.to.the.bottlenec
20c80	6b 2c 20 62 75 74 20 73 6f 6d 65 20 68 6f 70 20 62 65 66 6f 72 65 20 69 74 2c 20 79 6f 75 20 63	k,.but.some.hop.before.it,.you.c
20ca0	61 6e 20 65 6d 75 6c 61 74 65 20 74 68 65 20 62 6f 74 74 6c 65 6e 65 63 6b 20 62 79 20 65 6d 62	an.emulate.the.bottleneck.by.emb
20cc0	65 64 64 69 6e 67 20 79 6f 75 72 20 6e 6f 6e 2d 73 68 61 70 69 6e 67 20 70 6f 6c 69 63 79 20 69	edding.your.non-shaping.policy.i
20ce0	6e 74 6f 20 61 20 63 6c 61 73 73 66 75 6c 20 73 68 61 70 69 6e 67 20 6f 6e 65 20 73 6f 20 74 68	nto.a.classful.shaping.one.so.th
20d00	61 74 20 69 74 20 74 61 6b 65 73 20 65 66 66 65 63 74 2e 00 41 20 63 6f 6d 70 6c 65 74 65 20 4c	at.it.takes.effect..A.complete.L
20d20	44 41 50 20 61 75 74 68 20 4f 70 65 6e 56 50 4e 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 63	DAP.auth.OpenVPN.configuration.c
20d40	6f 75 6c 64 20 6c 6f 6f 6b 20 6c 69 6b 65 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 65 78 61	ould.look.like.the.following.exa
20d60	6d 70 6c 65 3a 00 41 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 61 74 74 65 6d 70 74 20 77 69 6c 6c 20	mple:.A.connection.attempt.will.
20d80	62 65 20 73 68 6f 77 6e 20 61 73 3a 00 41 20 64 65 66 61 75 6c 74 20 72 6f 75 74 65 20 69 73 20	be.shown.as:.A.default.route.is.
20da0	61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 69 6e 73 74 61 6c 6c 65 64 20 6f 6e 63 65 20 74 68 65	automatically.installed.once.the
20dc0	20 69 6e 74 65 72 66 61 63 65 20 69 73 20 75 70 2e 20 54 6f 20 63 68 61 6e 67 65 20 74 68 69 73	.interface.is.up..To.change.this
20de0	20 62 65 68 61 76 69 6f 72 20 75 73 65 20 74 68 65 20 60 60 6e 6f 2d 64 65 66 61 75 6c 74 2d 72	.behavior.use.the.``no-default-r
20e00	6f 75 74 65 60 60 20 43 4c 49 20 6f 70 74 69 6f 6e 2e 00 41 20 64 65 73 63 72 69 70 74 69 6f 6e	oute``.CLI.option..A.description
20e20	20 63 61 6e 20 62 65 20 61 64 64 65 64 20 66 6f 72 20 65 61 63 68 20 61 6e 64 20 65 76 65 72 79	.can.be.added.for.each.and.every
20e40	20 75 6e 69 71 75 65 20 72 65 6c 61 79 20 49 44 2e 20 54 68 69 73 20 69 73 20 75 73 65 66 75 6c	.unique.relay.ID..This.is.useful
20e60	20 74 6f 20 64 69 73 74 69 6e 67 75 69 73 68 20 62 65 74 77 65 65 6e 20 6d 75 6c 74 69 70 6c 65	.to.distinguish.between.multiple
20e80	20 64 69 66 66 65 72 65 6e 74 20 70 6f 72 74 73 2f 61 70 70 6c 69 61 63 74 69 6f 6e 73 2e 00 41	.different.ports/appliactions..A
20ea0	20 64 69 73 61 62 6c 65 64 20 67 72 6f 75 70 20 77 69 6c 6c 20 62 65 20 72 65 6d 6f 76 65 64 20	.disabled.group.will.be.removed.
20ec0	66 72 6f 6d 20 74 68 65 20 56 52 52 50 20 70 72 6f 63 65 73 73 20 61 6e 64 20 79 6f 75 72 20 72	from.the.VRRP.process.and.your.r
20ee0	6f 75 74 65 72 20 77 69 6c 6c 20 6e 6f 74 20 70 61 72 74 69 63 69 70 61 74 65 20 69 6e 20 56 52	outer.will.not.participate.in.VR
20f00	52 50 20 66 6f 72 20 74 68 61 74 20 56 52 49 44 2e 20 49 74 20 77 69 6c 6c 20 64 69 73 61 70 70	RP.for.that.VRID..It.will.disapp
20f20	65 61 72 20 66 72 6f 6d 20 6f 70 65 72 61 74 69 6f 6e 61 6c 20 6d 6f 64 65 20 63 6f 6d 6d 61 6e	ear.from.operational.mode.comman
20f40	64 73 20 6f 75 74 70 75 74 2c 20 72 61 74 68 65 72 20 74 68 61 6e 20 65 6e 74 65 72 20 74 68 65	ds.output,.rather.than.enter.the
20f60	20 62 61 63 6b 75 70 20 73 74 61 74 65 2e 00 41 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 20 69 73 20	.backup.state..A.domain.name.is.
20f80	74 68 65 20 6c 61 62 65 6c 20 28 6e 61 6d 65 29 20 61 73 73 69 67 6e 65 64 20 74 6f 20 61 20 63	the.label.(name).assigned.to.a.c
20fa0	6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 61 6e 64 20 69 73 20 74 68 75 73 20 75 6e 69 71	omputer.network.and.is.thus.uniq
20fc0	75 65 2e 20 56 79 4f 53 20 61 70 70 65 6e 64 73 20 74 68 65 20 64 6f 6d 61 69 6e 20 6e 61 6d 65	ue..VyOS.appends.the.domain.name
20fe0	20 61 73 20 61 20 73 75 66 66 69 78 20 74 6f 20 61 6e 79 20 75 6e 71 75 61 6c 69 66 69 65 64 20	.as.a.suffix.to.any.unqualified.
21000	6e 61 6d 65 2e 20 46 6f 72 20 65 78 61 6d 70 6c 65 2c 20 69 66 20 79 6f 75 20 73 65 74 20 74 68	name..For.example,.if.you.set.th
21020	65 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 20 60 65 78 61 6d 70 6c 65 2e 63 6f 6d 60 2c 20 61 6e 64	e.domain.name.`example.com`,.and
21040	20 79 6f 75 20 77 6f 75 6c 64 20 70 69 6e 67 20 74 68 65 20 75 6e 71 75 61 6c 69 66 69 65 64 20	.you.would.ping.the.unqualified.
21060	6e 61 6d 65 20 6f 66 20 60 63 72 75 78 60 2c 20 74 68 65 6e 20 56 79 4f 53 20 71 75 61 6c 69 66	name.of.`crux`,.then.VyOS.qualif
21080	69 65 73 20 74 68 65 20 6e 61 6d 65 20 74 6f 20 60 63 72 75 78 2e 65 78 61 6d 70 6c 65 2e 63 6f	ies.the.name.to.`crux.example.co
210a0	6d 60 2e 00 41 20 64 75 6d 6d 79 20 69 6e 74 65 72 66 61 63 65 20 66 6f 72 20 74 68 65 20 70 72	m`..A.dummy.interface.for.the.pr
210c0	6f 76 69 64 65 72 2d 61 73 73 69 67 6e 65 64 20 49 50 3b 00 41 20 66 69 72 65 77 61 6c 6c 20 6d	ovider-assigned.IP;.A.firewall.m
210e0	61 72 6b 20 60 60 66 77 6d 61 72 6b 60 60 20 61 6c 6c 6f 77 73 20 75 73 69 6e 67 20 6d 75 6c 74	ark.``fwmark``.allows.using.mult
21100	69 70 6c 65 20 70 6f 72 74 73 20 66 6f 72 20 68 69 67 68 2d 61 76 61 69 6c 61 62 69 6c 69 74 79	iple.ports.for.high-availability
21120	20 76 69 72 74 75 61 6c 2d 73 65 72 76 65 72 2e 20 49 74 20 75 73 65 73 20 66 77 6d 61 72 6b 20	.virtual-server..It.uses.fwmark.
21140	76 61 6c 75 65 2e 00 41 20 66 75 6c 6c 20 65 78 61 6d 70 6c 65 20 6f 66 20 61 20 54 75 6e 6e 65	value..A.full.example.of.a.Tunne
21160	6c 62 72 6f 6b 65 72 2e 6e 65 74 20 63 6f 6e 66 69 67 20 63 61 6e 20 62 65 20 66 6f 75 6e 64 20	lbroker.net.config.can.be.found.
21180	61 74 20 3a 72 65 66 3a 60 68 65 72 65 20 3c 65 78 61 6d 70 6c 65 73 2d 74 75 6e 6e 65 6c 62 72	at.:ref:`here.<examples-tunnelbr
211a0	6f 6b 65 72 2d 69 70 76 36 3e 60 2e 00 41 20 67 65 6e 65 72 69 63 20 60 3c 6e 61 6d 65 3e 60 20	oker-ipv6>`..A.generic.`<name>`.
211c0	72 65 66 65 72 65 6e 63 69 6e 67 20 74 68 69 73 20 73 79 6e 63 20 73 65 72 76 69 63 65 2e 00 41	referencing.this.sync.service..A
211e0	20 68 6f 73 74 6e 61 6d 65 20 69 73 20 74 68 65 20 6c 61 62 65 6c 20 28 6e 61 6d 65 29 20 61 73	.hostname.is.the.label.(name).as
21200	73 69 67 6e 65 64 20 74 6f 20 61 20 6e 65 74 77 6f 72 6b 20 64 65 76 69 63 65 20 28 61 20 68 6f	signed.to.a.network.device.(a.ho
21220	73 74 29 20 6f 6e 20 61 20 6e 65 74 77 6f 72 6b 20 61 6e 64 20 69 73 20 75 73 65 64 20 74 6f 20	st).on.a.network.and.is.used.to.
21240	64 69 73 74 69 6e 67 75 69 73 68 20 6f 6e 65 20 64 65 76 69 63 65 20 66 72 6f 6d 20 61 6e 6f 74	distinguish.one.device.from.anot
21260	68 65 72 20 6f 6e 20 73 70 65 63 69 66 69 63 20 6e 65 74 77 6f 72 6b 73 20 6f 72 20 6f 76 65 72	her.on.specific.networks.or.over
21280	20 74 68 65 20 69 6e 74 65 72 6e 65 74 2e 20 4f 6e 20 74 68 65 20 6f 74 68 65 72 20 68 61 6e 64	.the.internet..On.the.other.hand
212a0	20 74 68 69 73 20 77 69 6c 6c 20 62 65 20 74 68 65 20 6e 61 6d 65 20 77 68 69 63 68 20 61 70 70	.this.will.be.the.name.which.app
212c0	65 61 72 73 20 6f 6e 20 74 68 65 20 63 6f 6d 6d 61 6e 64 20 6c 69 6e 65 20 70 72 6f 6d 70 74 2e	ears.on.the.command.line.prompt.
212e0	00 41 20 68 75 6d 61 6e 20 72 65 61 64 61 62 6c 65 20 64 65 73 63 72 69 70 74 69 6f 6e 20 77 68	.A.human.readable.description.wh
21300	61 74 20 74 68 69 73 20 43 41 20 69 73 20 61 62 6f 75 74 2e 00 41 20 68 75 6d 61 6e 20 72 65 61	at.this.CA.is.about..A.human.rea
21320	64 61 62 6c 65 20 64 65 73 63 72 69 70 74 69 6f 6e 20 77 68 61 74 20 74 68 69 73 20 63 65 72 74	dable.description.what.this.cert
21340	69 66 69 63 61 74 65 20 69 73 20 61 62 6f 75 74 2e 00 41 20 6c 6f 6f 6b 62 61 63 6b 20 69 6e 74	ificate.is.about..A.lookback.int
21360	65 72 66 61 63 65 20 69 73 20 61 6c 77 61 79 73 20 75 70 2c 20 74 68 75 73 20 69 74 20 63 6f 75	erface.is.always.up,.thus.it.cou
21380	6c 64 20 62 65 20 75 73 65 64 20 66 6f 72 20 6d 61 6e 61 67 65 6d 65 6e 74 20 74 72 61 66 66 69	ld.be.used.for.management.traffi
213a0	63 20 6f 72 20 61 73 20 73 6f 75 72 63 65 2f 64 65 73 74 69 6e 61 74 69 6f 6e 20 66 6f 72 20 61	c.or.as.source/destination.for.a
213c0	6e 64 20 3a 61 62 62 72 3a 60 49 47 50 20 28 49 6e 74 65 72 69 6f 72 20 47 61 74 65 77 61 79 20	nd.:abbr:`IGP.(Interior.Gateway.
213e0	50 72 6f 74 6f 63 6f 6c 29 60 20 6c 69 6b 65 20 3a 72 65 66 3a 60 72 6f 75 74 69 6e 67 2d 62 67	Protocol)`.like.:ref:`routing-bg
21400	70 60 20 73 6f 20 79 6f 75 72 20 69 6e 74 65 72 6e 61 6c 20 42 47 50 20 6c 69 6e 6b 20 69 73 20	p`.so.your.internal.BGP.link.is.
21420	6e 6f 74 20 64 65 70 65 6e 64 65 6e 74 20 6f 6e 20 70 68 79 73 69 63 61 6c 20 6c 69 6e 6b 20 73	not.dependent.on.physical.link.s
21440	74 61 74 65 73 20 61 6e 64 20 6d 75 6c 74 69 70 6c 65 20 72 6f 75 74 65 73 20 63 61 6e 20 62 65	tates.and.multiple.routes.can.be
21460	20 63 68 6f 73 65 6e 20 74 6f 20 74 68 65 20 64 65 73 74 69 6e 61 74 69 6f 6e 2e 20 41 20 3a 72	.chosen.to.the.destination..A.:r
21480	65 66 3a 60 64 75 6d 6d 79 2d 69 6e 74 65 72 66 61 63 65 60 20 49 6e 74 65 72 66 61 63 65 20 73	ef:`dummy-interface`.Interface.s
214a0	68 6f 75 6c 64 20 61 6c 77 61 79 73 20 62 65 20 70 72 65 66 65 72 72 65 64 20 6f 76 65 72 20 61	hould.always.be.preferred.over.a
214c0	20 3a 72 65 66 3a 60 6c 6f 6f 70 62 61 63 6b 2d 69 6e 74 65 72 66 61 63 65 60 20 69 6e 74 65 72	.:ref:`loopback-interface`.inter
214e0	66 61 63 65 2e 00 41 20 6d 61 6e 61 67 65 64 20 64 65 76 69 63 65 20 69 73 20 61 20 6e 65 74 77	face..A.managed.device.is.a.netw
21500	6f 72 6b 20 6e 6f 64 65 20 74 68 61 74 20 69 6d 70 6c 65 6d 65 6e 74 73 20 61 6e 20 53 4e 4d 50	ork.node.that.implements.an.SNMP
21520	20 69 6e 74 65 72 66 61 63 65 20 74 68 61 74 20 61 6c 6c 6f 77 73 20 75 6e 69 64 69 72 65 63 74	.interface.that.allows.unidirect
21540	69 6f 6e 61 6c 20 28 72 65 61 64 2d 6f 6e 6c 79 29 20 6f 72 20 62 69 64 69 72 65 63 74 69 6f 6e	ional.(read-only).or.bidirection
21560	61 6c 20 28 72 65 61 64 20 61 6e 64 20 77 72 69 74 65 29 20 61 63 63 65 73 73 20 74 6f 20 6e 6f	al.(read.and.write).access.to.no
21580	64 65 2d 73 70 65 63 69 66 69 63 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 20 4d 61 6e 61 67 65 64	de-specific.information..Managed
215a0	20 64 65 76 69 63 65 73 20 65 78 63 68 61 6e 67 65 20 6e 6f 64 65 2d 73 70 65 63 69 66 69 63 20	.devices.exchange.node-specific.
215c0	69 6e 66 6f 72 6d 61 74 69 6f 6e 20 77 69 74 68 20 74 68 65 20 4e 4d 53 73 2e 20 53 6f 6d 65 74	information.with.the.NMSs..Somet
215e0	69 6d 65 73 20 63 61 6c 6c 65 64 20 6e 65 74 77 6f 72 6b 20 65 6c 65 6d 65 6e 74 73 2c 20 74 68	imes.called.network.elements,.th
21600	65 20 6d 61 6e 61 67 65 64 20 64 65 76 69 63 65 73 20 63 61 6e 20 62 65 20 61 6e 79 20 74 79 70	e.managed.devices.can.be.any.typ
21620	65 20 6f 66 20 64 65 76 69 63 65 2c 20 69 6e 63 6c 75 64 69 6e 67 2c 20 62 75 74 20 6e 6f 74 20	e.of.device,.including,.but.not.
21640	6c 69 6d 69 74 65 64 20 74 6f 2c 20 72 6f 75 74 65 72 73 2c 20 61 63 63 65 73 73 20 73 65 72 76	limited.to,.routers,.access.serv
21660	65 72 73 2c 20 73 77 69 74 63 68 65 73 2c 20 63 61 62 6c 65 20 6d 6f 64 65 6d 73 2c 20 62 72 69	ers,.switches,.cable.modems,.bri
21680	64 67 65 73 2c 20 68 75 62 73 2c 20 49 50 20 74 65 6c 65 70 68 6f 6e 65 73 2c 20 49 50 20 76 69	dges,.hubs,.IP.telephones,.IP.vi
216a0	64 65 6f 20 63 61 6d 65 72 61 73 2c 20 63 6f 6d 70 75 74 65 72 20 68 6f 73 74 73 2c 20 61 6e 64	deo.cameras,.computer.hosts,.and
216c0	20 70 72 69 6e 74 65 72 73 2e 00 41 20 6d 61 74 63 68 20 66 69 6c 74 65 72 20 63 61 6e 20 63 6f	.printers..A.match.filter.can.co
216e0	6e 74 61 69 6e 20 6d 75 6c 74 69 70 6c 65 20 63 72 69 74 65 72 69 61 20 61 6e 64 20 77 69 6c 6c	ntain.multiple.criteria.and.will
21700	20 6d 61 74 63 68 20 74 72 61 66 66 69 63 20 69 66 20 61 6c 6c 20 74 68 6f 73 65 20 63 72 69 74	.match.traffic.if.all.those.crit
21720	65 72 69 61 20 61 72 65 20 74 72 75 65 2e 00 41 20 6d 6f 6e 69 74 6f 72 65 64 20 73 74 61 74 69	eria.are.true..A.monitored.stati
21740	63 20 72 6f 75 74 65 20 63 6f 6e 64 69 74 69 6f 6e 73 20 74 68 65 20 69 6e 73 74 61 6c 6c 61 74	c.route.conditions.the.installat
21760	69 6f 6e 20 74 6f 20 74 68 65 20 52 49 42 20 6f 6e 20 74 68 65 20 42 46 44 20 73 65 73 73 69 6f	ion.to.the.RIB.on.the.BFD.sessio
21780	6e 20 72 75 6e 6e 69 6e 67 20 73 74 61 74 65 3a 20 77 68 65 6e 20 42 46 44 20 73 65 73 73 69 6f	n.running.state:.when.BFD.sessio
217a0	6e 20 69 73 20 75 70 20 74 68 65 20 72 6f 75 74 65 20 69 73 20 69 6e 73 74 61 6c 6c 65 64 20 74	n.is.up.the.route.is.installed.t
217c0	6f 20 52 49 42 2c 20 62 75 74 20 77 68 65 6e 20 74 68 65 20 42 46 44 20 73 65 73 73 69 6f 6e 20	o.RIB,.but.when.the.BFD.session.
217e0	69 73 20 64 6f 77 6e 20 69 74 20 69 73 20 72 65 6d 6f 76 65 64 20 66 72 6f 6d 20 74 68 65 20 52	is.down.it.is.removed.from.the.R
21800	49 42 2e 00 41 20 6e 65 74 77 6f 72 6b 20 6d 61 6e 61 67 65 6d 65 6e 74 20 73 74 61 74 69 6f 6e	IB..A.network.management.station
21820	20 65 78 65 63 75 74 65 73 20 61 70 70 6c 69 63 61 74 69 6f 6e 73 20 74 68 61 74 20 6d 6f 6e 69	.executes.applications.that.moni
21840	74 6f 72 20 61 6e 64 20 63 6f 6e 74 72 6f 6c 20 6d 61 6e 61 67 65 64 20 64 65 76 69 63 65 73 2e	tor.and.control.managed.devices.
21860	20 4e 4d 53 73 20 70 72 6f 76 69 64 65 20 74 68 65 20 62 75 6c 6b 20 6f 66 20 74 68 65 20 70 72	.NMSs.provide.the.bulk.of.the.pr
21880	6f 63 65 73 73 69 6e 67 20 61 6e 64 20 6d 65 6d 6f 72 79 20 72 65 73 6f 75 72 63 65 73 20 72 65	ocessing.and.memory.resources.re
218a0	71 75 69 72 65 64 20 66 6f 72 20 6e 65 74 77 6f 72 6b 20 6d 61 6e 61 67 65 6d 65 6e 74 2e 20 4f	quired.for.network.management..O
218c0	6e 65 20 6f 72 20 6d 6f 72 65 20 4e 4d 53 73 20 6d 61 79 20 65 78 69 73 74 20 6f 6e 20 61 6e 79	ne.or.more.NMSs.may.exist.on.any
218e0	20 6d 61 6e 61 67 65 64 20 6e 65 74 77 6f 72 6b 2e 00 41 20 6e 65 77 20 69 6e 74 65 72 66 61 63	.managed.network..A.new.interfac
21900	65 20 62 65 63 6f 6d 65 73 20 70 72 65 73 65 6e 74 20 60 60 50 6f 72 74 2d 63 68 61 6e 6e 65 6c	e.becomes.present.``Port-channel
21920	31 60 60 2c 20 61 6c 6c 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6c 69 6b 65 20 61 6c 6c 6f	1``,.all.configuration.like.allo
21940	77 65 64 20 56 4c 41 4e 20 69 6e 74 65 72 66 61 63 65 73 2c 20 53 54 50 20 77 69 6c 6c 20 68 61	wed.VLAN.interfaces,.STP.will.ha
21960	70 70 65 6e 20 68 65 72 65 2e 00 41 20 70 61 63 6b 65 74 20 72 61 74 65 20 6c 69 6d 69 74 20 63	ppen.here..A.packet.rate.limit.c
21980	61 6e 20 62 65 20 73 65 74 20 66 6f 72 20 61 20 72 75 6c 65 20 74 6f 20 61 70 70 6c 79 20 74 68	an.be.set.for.a.rule.to.apply.th
219a0	65 20 72 75 6c 65 20 74 6f 20 74 72 61 66 66 69 63 20 61 62 6f 76 65 20 6f 72 20 62 65 6c 6f 77	e.rule.to.traffic.above.or.below
219c0	20 61 20 73 70 65 63 69 66 69 65 64 20 74 68 72 65 73 68 6f 6c 64 2e 20 54 6f 20 63 6f 6e 66 69	.a.specified.threshold..To.confi
219e0	67 75 72 65 20 74 68 65 20 72 61 74 65 20 6c 69 6d 69 74 69 6e 67 20 75 73 65 3a 00 41 20 70 65	gure.the.rate.limiting.use:.A.pe
21a00	6e 61 6c 74 79 20 6f 66 20 31 30 30 30 20 69 73 20 61 73 73 65 73 73 65 64 20 65 61 63 68 20 74	nalty.of.1000.is.assessed.each.t
21a20	69 6d 65 20 74 68 65 20 72 6f 75 74 65 20 66 61 69 6c 73 2e 20 57 68 65 6e 20 74 68 65 20 70 65	ime.the.route.fails..When.the.pe
21a40	6e 61 6c 74 69 65 73 20 72 65 61 63 68 20 61 20 70 72 65 64 65 66 69 6e 65 64 20 74 68 72 65 73	nalties.reach.a.predefined.thres
21a60	68 6f 6c 64 20 28 73 75 70 70 72 65 73 73 2d 76 61 6c 75 65 29 2c 20 74 68 65 20 72 6f 75 74 65	hold.(suppress-value),.the.route
21a80	72 20 73 74 6f 70 73 20 61 64 76 65 72 74 69 73 69 6e 67 20 74 68 65 20 72 6f 75 74 65 2e 00 41	r.stops.advertising.the.route..A
21aa0	20 70 68 79 73 69 63 61 6c 20 69 6e 74 65 72 66 61 63 65 20 69 73 20 72 65 71 75 69 72 65 64 20	.physical.interface.is.required.
21ac0	74 6f 20 63 6f 6e 6e 65 63 74 20 74 68 69 73 20 4d 41 43 73 65 63 20 69 6e 73 74 61 6e 63 65 20	to.connect.this.MACsec.instance.
21ae0	74 6f 2e 20 54 72 61 66 66 69 63 20 6c 65 61 76 69 6e 67 20 74 68 69 73 20 69 6e 74 65 72 66 61	to..Traffic.leaving.this.interfa
21b00	63 65 20 77 69 6c 6c 20 6e 6f 77 20 62 65 20 61 75 74 68 65 6e 74 69 63 61 74 65 64 2f 65 6e 63	ce.will.now.be.authenticated/enc
21b20	72 79 70 74 65 64 2e 00 41 20 70 6f 6f 6c 20 6f 66 20 61 64 64 72 65 73 73 65 73 20 63 61 6e 20	rypted..A.pool.of.addresses.can.
21b40	62 65 20 64 65 66 69 6e 65 64 20 62 79 20 75 73 69 6e 67 20 61 20 68 79 70 68 65 6e 20 62 65 74	be.defined.by.using.a.hyphen.bet
21b60	77 65 65 6e 20 74 77 6f 20 49 50 20 61 64 64 72 65 73 73 65 73 3a 00 41 20 70 6f 72 74 20 63 61	ween.two.IP.addresses:.A.port.ca
21b80	6e 20 62 65 20 73 65 74 20 77 69 74 68 20 61 20 70 6f 72 74 20 6e 75 6d 62 65 72 20 6f 72 20 61	n.be.set.with.a.port.number.or.a
21ba0	20 6e 61 6d 65 20 77 68 69 63 68 20 69 73 20 68 65 72 65 20 64 65 66 69 6e 65 64 3a 20 60 60 2f	.name.which.is.here.defined:.``/
21bc0	65 74 63 2f 73 65 72 76 69 63 65 73 60 60 2e 00 41 20 71 75 65 72 79 20 66 6f 72 20 77 68 69 63	etc/services``..A.query.for.whic
21be0	68 20 74 68 65 72 65 20 69 73 20 61 75 74 68 6f 72 69 74 61 74 69 76 65 6c 79 20 6e 6f 20 61 6e	h.there.is.authoritatively.no.an
21c00	73 77 65 72 20 69 73 20 63 61 63 68 65 64 20 74 6f 20 71 75 69 63 6b 6c 79 20 64 65 6e 79 20 61	swer.is.cached.to.quickly.deny.a
21c20	20 72 65 63 6f 72 64 27 73 20 65 78 69 73 74 65 6e 63 65 20 6c 61 74 65 72 20 6f 6e 2c 20 77 69	.record's.existence.later.on,.wi
21c40	74 68 6f 75 74 20 70 75 74 74 69 6e 67 20 61 20 68 65 61 76 79 20 6c 6f 61 64 20 6f 6e 20 74 68	thout.putting.a.heavy.load.on.th
21c60	65 20 72 65 6d 6f 74 65 20 73 65 72 76 65 72 2e 20 49 6e 20 70 72 61 63 74 69 63 65 2c 20 63 61	e.remote.server..In.practice,.ca
21c80	63 68 65 73 20 63 61 6e 20 62 65 63 6f 6d 65 20 73 61 74 75 72 61 74 65 64 20 77 69 74 68 20 68	ches.can.become.saturated.with.h
21ca0	75 6e 64 72 65 64 73 20 6f 66 20 74 68 6f 75 73 61 6e 64 73 20 6f 66 20 68 6f 73 74 73 20 77 68	undreds.of.thousands.of.hosts.wh
21cc0	69 63 68 20 61 72 65 20 74 72 69 65 64 20 6f 6e 6c 79 20 6f 6e 63 65 2e 00 41 20 72 65 63 65 69	ich.are.tried.only.once..A.recei
21ce0	76 65 64 20 4e 48 52 50 20 54 72 61 66 66 69 63 20 49 6e 64 69 63 61 74 69 6f 6e 20 77 69 6c 6c	ved.NHRP.Traffic.Indication.will
21d00	20 74 72 69 67 67 65 72 20 74 68 65 20 72 65 73 6f 6c 75 74 69 6f 6e 20 61 6e 64 20 65 73 74 61	.trigger.the.resolution.and.esta
21d20	62 6c 69 73 68 6d 65 6e 74 20 6f 66 20 61 20 73 68 6f 72 74 63 75 74 20 72 6f 75 74 65 2e 00 41	blishment.of.a.shortcut.route..A
21d40	20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 20 49 44 20 63 61 6e 20 6e 6f 74 20 62 65 20 6d 6f 64	.routing.table.ID.can.not.be.mod
21d60	69 66 69 65 64 20 6f 6e 63 65 20 69 74 20 69 73 20 61 73 73 69 67 6e 65 64 2e 20 49 74 20 63 61	ified.once.it.is.assigned..It.ca
21d80	6e 20 6f 6e 6c 79 20 62 65 20 63 68 61 6e 67 65 64 20 62 79 20 64 65 6c 65 74 69 6e 67 20 61 6e	n.only.be.changed.by.deleting.an
21da0	64 20 72 65 2d 61 64 64 69 6e 67 20 74 68 65 20 56 52 46 20 69 6e 73 74 61 6e 63 65 2e 00 41 20	d.re-adding.the.VRF.instance..A.
21dc0	72 75 6c 65 2d 73 65 74 20 69 73 20 61 20 6e 61 6d 65 64 20 63 6f 6c 6c 65 63 74 69 6f 6e 20 6f	rule-set.is.a.named.collection.o
21de0	66 20 66 69 72 65 77 61 6c 6c 20 72 75 6c 65 73 20 74 68 61 74 20 63 61 6e 20 62 65 20 61 70 70	f.firewall.rules.that.can.be.app
21e00	6c 69 65 64 20 74 6f 20 61 6e 20 69 6e 74 65 72 66 61 63 65 20 6f 72 20 61 20 7a 6f 6e 65 2e 20	lied.to.an.interface.or.a.zone..
21e20	45 61 63 68 20 72 75 6c 65 20 69 73 20 6e 75 6d 62 65 72 65 64 2c 20 68 61 73 20 61 6e 20 61 63	Each.rule.is.numbered,.has.an.ac
21e40	74 69 6f 6e 20 74 6f 20 61 70 70 6c 79 20 69 66 20 74 68 65 20 72 75 6c 65 20 69 73 20 6d 61 74	tion.to.apply.if.the.rule.is.mat
21e60	63 68 65 64 2c 20 61 6e 64 20 74 68 65 20 61 62 69 6c 69 74 79 20 74 6f 20 73 70 65 63 69 66 79	ched,.and.the.ability.to.specify
21e80	20 74 68 65 20 63 72 69 74 65 72 69 61 20 74 6f 20 6d 61 74 63 68 2e 20 44 61 74 61 20 70 61 63	.the.criteria.to.match..Data.pac
21ea0	6b 65 74 73 20 67 6f 20 74 68 72 6f 75 67 68 20 74 68 65 20 72 75 6c 65 73 20 66 72 6f 6d 20 31	kets.go.through.the.rules.from.1
21ec0	20 2d 20 39 39 39 39 39 39 2c 20 61 74 20 74 68 65 20 66 69 72 73 74 20 6d 61 74 63 68 20 74 68	.-.999999,.at.the.first.match.th
21ee0	65 20 61 63 74 69 6f 6e 20 6f 66 20 74 68 65 20 72 75 6c 65 20 77 69 6c 6c 20 62 65 20 65 78 65	e.action.of.the.rule.will.be.exe
21f00	63 75 74 65 64 2e 00 41 20 72 75 6c 65 2d 73 65 74 20 69 73 20 61 20 6e 61 6d 65 64 20 63 6f 6c	cuted..A.rule-set.is.a.named.col
21f20	6c 65 63 74 69 6f 6e 20 6f 66 20 72 75 6c 65 73 20 74 68 61 74 20 63 61 6e 20 62 65 20 61 70 70	lection.of.rules.that.can.be.app
21f40	6c 69 65 64 20 74 6f 20 61 6e 20 69 6e 74 65 72 66 61 63 65 2e 20 45 61 63 68 20 72 75 6c 65 20	lied.to.an.interface..Each.rule.
21f60	69 73 20 6e 75 6d 62 65 72 65 64 2c 20 68 61 73 20 61 6e 20 61 63 74 69 6f 6e 20 74 6f 20 61 70	is.numbered,.has.an.action.to.ap
21f80	70 6c 79 20 69 66 20 74 68 65 20 72 75 6c 65 20 69 73 20 6d 61 74 63 68 65 64 2c 20 61 6e 64 20	ply.if.the.rule.is.matched,.and.
21fa0	74 68 65 20 61 62 69 6c 69 74 79 20 74 6f 20 73 70 65 63 69 66 79 20 74 68 65 20 63 72 69 74 65	the.ability.to.specify.the.crite
21fc0	72 69 61 20 74 6f 20 6d 61 74 63 68 2e 20 44 61 74 61 20 70 61 63 6b 65 74 73 20 67 6f 20 74 68	ria.to.match..Data.packets.go.th
21fe0	72 6f 75 67 68 20 74 68 65 20 72 75 6c 65 73 20 66 72 6f 6d 20 31 20 2d 20 39 39 39 39 39 39 2c	rough.the.rules.from.1.-.999999,
22000	20 61 74 20 74 68 65 20 66 69 72 73 74 20 6d 61 74 63 68 20 74 68 65 20 61 63 74 69 6f 6e 20 6f	.at.the.first.match.the.action.o
22020	66 20 74 68 65 20 72 75 6c 65 20 77 69 6c 6c 20 62 65 20 65 78 65 63 75 74 65 64 2e 00 41 20 73	f.the.rule.will.be.executed..A.s
22040	63 72 69 70 74 20 63 61 6e 20 62 65 20 72 75 6e 20 77 68 65 6e 20 61 6e 20 69 6e 74 65 72 66 61	cript.can.be.run.when.an.interfa
22060	63 65 20 73 74 61 74 65 20 63 68 61 6e 67 65 20 6f 63 63 75 72 73 2e 20 53 63 72 69 70 74 73 20	ce.state.change.occurs..Scripts.
22080	61 72 65 20 72 75 6e 20 66 72 6f 6d 20 2f 63 6f 6e 66 69 67 2f 73 63 72 69 70 74 73 2c 20 66 6f	are.run.from./config/scripts,.fo
220a0	72 20 61 20 64 69 66 66 65 72 65 6e 74 20 6c 6f 63 61 74 69 6f 6e 20 73 70 65 63 69 66 79 20 74	r.a.different.location.specify.t
220c0	68 65 20 66 75 6c 6c 20 70 61 74 68 3a 00 41 20 73 65 67 6d 65 6e 74 20 49 44 20 74 68 61 74 20	he.full.path:.A.segment.ID.that.
220e0	63 6f 6e 74 61 69 6e 73 20 61 6e 20 49 50 20 61 64 64 72 65 73 73 20 70 72 65 66 69 78 20 63 61	contains.an.IP.address.prefix.ca
22100	6c 63 75 6c 61 74 65 64 20 62 79 20 61 6e 20 49 47 50 20 69 6e 20 74 68 65 20 73 65 72 76 69 63	lculated.by.an.IGP.in.the.servic
22120	65 20 70 72 6f 76 69 64 65 72 20 63 6f 72 65 20 6e 65 74 77 6f 72 6b 2e 20 50 72 65 66 69 78 20	e.provider.core.network..Prefix.
22140	53 49 44 73 20 61 72 65 20 67 6c 6f 62 61 6c 6c 79 20 75 6e 69 71 75 65 2c 20 74 68 69 73 20 76	SIDs.are.globally.unique,.this.v
22160	61 6c 75 65 20 69 6e 64 65 6e 74 69 66 79 20 69 74 00 41 20 73 65 6e 64 69 6e 67 20 73 74 61 74	alue.indentify.it.A.sending.stat
22180	69 6f 6e 20 28 63 6f 6d 70 75 74 65 72 20 6f 72 20 6e 65 74 77 6f 72 6b 20 73 77 69 74 63 68 29	ion.(computer.or.network.switch)
221a0	20 6d 61 79 20 62 65 20 74 72 61 6e 73 6d 69 74 74 69 6e 67 20 64 61 74 61 20 66 61 73 74 65 72	.may.be.transmitting.data.faster
221c0	20 74 68 61 6e 20 74 68 65 20 6f 74 68 65 72 20 65 6e 64 20 6f 66 20 74 68 65 20 6c 69 6e 6b 20	.than.the.other.end.of.the.link.
221e0	63 61 6e 20 61 63 63 65 70 74 20 69 74 2e 20 55 73 69 6e 67 20 66 6c 6f 77 20 63 6f 6e 74 72 6f	can.accept.it..Using.flow.contro
22200	6c 2c 20 74 68 65 20 72 65 63 65 69 76 69 6e 67 20 73 74 61 74 69 6f 6e 20 63 61 6e 20 73 69 67	l,.the.receiving.station.can.sig
22220	6e 61 6c 20 74 68 65 20 73 65 6e 64 65 72 20 72 65 71 75 65 73 74 69 6e 67 20 73 75 73 70 65 6e	nal.the.sender.requesting.suspen
22240	73 69 6f 6e 20 6f 66 20 74 72 61 6e 73 6d 69 73 73 69 6f 6e 73 20 75 6e 74 69 6c 20 74 68 65 20	sion.of.transmissions.until.the.
22260	72 65 63 65 69 76 65 72 20 63 61 74 63 68 65 73 20 75 70 2e 00 41 20 73 68 61 72 65 64 20 6e 65	receiver.catches.up..A.shared.ne
22280	74 77 6f 72 6b 20 6e 61 6d 65 64 20 60 60 4e 45 54 31 60 60 20 73 65 72 76 65 73 20 73 75 62 6e	twork.named.``NET1``.serves.subn
222a0	65 74 20 60 60 32 30 30 31 3a 64 62 38 3a 3a 2f 36 34 60 60 00 41 20 73 69 6d 70 6c 65 20 42 47	et.``2001:db8::/64``.A.simple.BG
222c0	50 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 76 69 61 20 49 50 76 36 2e 00 41 20 73 69 6d 70	P.configuration.via.IPv6..A.simp
222e0	6c 65 20 52 61 6e 64 6f 6d 20 45 61 72 6c 79 20 44 65 74 65 63 74 69 6f 6e 20 28 52 45 44 29 20	le.Random.Early.Detection.(RED).
22300	70 6f 6c 69 63 79 20 77 6f 75 6c 64 20 73 74 61 72 74 20 72 61 6e 64 6f 6d 6c 79 20 64 72 6f 70	policy.would.start.randomly.drop
22320	70 69 6e 67 20 70 61 63 6b 65 74 73 20 66 72 6f 6d 20 61 20 71 75 65 75 65 20 62 65 66 6f 72 65	ping.packets.from.a.queue.before
22340	20 69 74 20 72 65 61 63 68 65 73 20 69 74 73 20 71 75 65 75 65 20 6c 69 6d 69 74 20 74 68 75 73	.it.reaches.its.queue.limit.thus
22360	20 61 76 6f 69 64 69 6e 67 20 63 6f 6e 67 65 73 74 69 6f 6e 2e 20 54 68 61 74 20 69 73 20 67 6f	.avoiding.congestion..That.is.go
22380	6f 64 20 66 6f 72 20 54 43 50 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 61 73 20 74 68 65 20 67 72	od.for.TCP.connections.as.the.gr
223a0	61 64 75 61 6c 20 64 72 6f 70 70 69 6e 67 20 6f 66 20 70 61 63 6b 65 74 73 20 61 63 74 73 20 61	adual.dropping.of.packets.acts.a
223c0	73 20 61 20 73 69 67 6e 61 6c 20 66 6f 72 20 74 68 65 20 73 65 6e 64 65 72 20 74 6f 20 64 65 63	s.a.signal.for.the.sender.to.dec
223e0	72 65 61 73 65 20 69 74 73 20 74 72 61 6e 73 6d 69 73 73 69 6f 6e 20 72 61 74 65 2e 00 41 20 73	rease.its.transmission.rate..A.s
22400	69 6d 70 6c 65 20 65 42 47 50 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3a 00 41 20 73 69 6d 70	imple.eBGP.configuration:.A.simp
22420	6c 65 20 65 78 61 6d 70 6c 65 20 6f 66 20 53 68 61 70 65 72 20 75 73 69 6e 67 20 70 72 69 6f 72	le.example.of.Shaper.using.prior
22440	69 74 69 65 73 2e 00 41 20 73 69 6d 70 6c 65 20 65 78 61 6d 70 6c 65 20 6f 66 20 61 6e 20 46 51	ities..A.simple.example.of.an.FQ
22460	2d 43 6f 44 65 6c 20 70 6f 6c 69 63 79 20 77 6f 72 6b 69 6e 67 20 69 6e 73 69 64 65 20 61 20 53	-CoDel.policy.working.inside.a.S
22480	68 61 70 65 72 20 6f 6e 65 2e 00 41 20 73 69 6e 67 6c 65 20 69 6e 74 65 72 6e 61 6c 20 6e 65 74	haper.one..A.single.internal.net
224a0	77 6f 72 6b 20 61 6e 64 20 65 78 74 65 72 6e 61 6c 20 6e 65 74 77 6f 72 6b 2e 20 55 73 65 20 74	work.and.external.network..Use.t
224c0	68 65 20 4e 41 54 36 36 20 64 65 76 69 63 65 20 74 6f 20 63 6f 6e 6e 65 63 74 20 61 20 73 69 6e	he.NAT66.device.to.connect.a.sin
224e0	67 6c 65 20 69 6e 74 65 72 6e 61 6c 20 6e 65 74 77 6f 72 6b 20 61 6e 64 20 70 75 62 6c 69 63 20	gle.internal.network.and.public.
22500	6e 65 74 77 6f 72 6b 2c 20 61 6e 64 20 74 68 65 20 68 6f 73 74 73 20 69 6e 20 74 68 65 20 69 6e	network,.and.the.hosts.in.the.in
22520	74 65 72 6e 61 6c 20 6e 65 74 77 6f 72 6b 20 75 73 65 20 49 50 76 36 20 61 64 64 72 65 73 73 20	ternal.network.use.IPv6.address.
22540	70 72 65 66 69 78 65 73 20 74 68 61 74 20 6f 6e 6c 79 20 73 75 70 70 6f 72 74 20 72 6f 75 74 69	prefixes.that.only.support.routi
22560	6e 67 20 77 69 74 68 69 6e 20 74 68 65 20 6c 6f 63 61 6c 20 72 61 6e 67 65 2e 20 57 68 65 6e 20	ng.within.the.local.range..When.
22580	61 20 68 6f 73 74 20 69 6e 20 74 68 65 20 69 6e 74 65 72 6e 61 6c 20 6e 65 74 77 6f 72 6b 20 61	a.host.in.the.internal.network.a
225a0	63 63 65 73 73 65 73 20 74 68 65 20 65 78 74 65 72 6e 61 6c 20 6e 65 74 77 6f 72 6b 2c 20 74 68	ccesses.the.external.network,.th
225c0	65 20 73 6f 75 72 63 65 20 49 50 76 36 20 61 64 64 72 65 73 73 20 70 72 65 66 69 78 20 69 6e 20	e.source.IPv6.address.prefix.in.
225e0	74 68 65 20 6d 65 73 73 61 67 65 20 77 69 6c 6c 20 62 65 20 63 6f 6e 76 65 72 74 65 64 20 69 6e	the.message.will.be.converted.in
22600	74 6f 20 61 20 67 6c 6f 62 61 6c 20 75 6e 69 63 61 73 74 20 49 50 76 36 20 61 64 64 72 65 73 73	to.a.global.unicast.IPv6.address
22620	20 70 72 65 66 69 78 20 62 79 20 74 68 65 20 4e 41 54 36 36 20 64 65 76 69 63 65 2e 00 41 20 73	.prefix.by.the.NAT66.device..A.s
22640	74 61 74 69 6f 6e 20 61 63 74 73 20 61 73 20 61 20 57 69 2d 46 69 20 63 6c 69 65 6e 74 20 61 63	tation.acts.as.a.Wi-Fi.client.ac
22660	63 65 73 73 69 6e 67 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 74 68 72 6f 75 67 68 20 61 6e 20 61	cessing.the.network.through.an.a
22680	76 61 69 6c 61 62 6c 65 20 57 41 50 00 41 20 73 79 6e 63 20 67 72 6f 75 70 20 61 6c 6c 6f 77 73	vailable.WAP.A.sync.group.allows
226a0	20 56 52 52 50 20 67 72 6f 75 70 73 20 74 6f 20 74 72 61 6e 73 69 74 69 6f 6e 20 74 6f 67 65 74	.VRRP.groups.to.transition.toget
226c0	68 65 72 2e 00 41 20 74 79 70 69 63 61 6c 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 75 73 69	her..A.typical.configuration.usi
226e0	6e 67 20 32 20 6e 6f 64 65 73 2e 00 41 20 74 79 70 69 63 61 6c 20 70 72 6f 62 6c 65 6d 20 77 69	ng.2.nodes..A.typical.problem.wi
22700	74 68 20 75 73 69 6e 67 20 4e 41 54 20 61 6e 64 20 68 6f 73 74 69 6e 67 20 70 75 62 6c 69 63 20	th.using.NAT.and.hosting.public.
22720	73 65 72 76 65 72 73 20 69 73 20 74 68 65 20 61 62 69 6c 69 74 79 20 66 6f 72 20 69 6e 74 65 72	servers.is.the.ability.for.inter
22740	6e 61 6c 20 73 79 73 74 65 6d 73 20 74 6f 20 72 65 61 63 68 20 61 6e 20 69 6e 74 65 72 6e 61 6c	nal.systems.to.reach.an.internal
22760	20 73 65 72 76 65 72 20 75 73 69 6e 67 20 69 74 27 73 20 65 78 74 65 72 6e 61 6c 20 49 50 20 61	.server.using.it's.external.IP.a
22780	64 64 72 65 73 73 2e 20 54 68 65 20 73 6f 6c 75 74 69 6f 6e 20 74 6f 20 74 68 69 73 20 69 73 20	ddress..The.solution.to.this.is.
227a0	75 73 75 61 6c 6c 79 20 74 68 65 20 75 73 65 20 6f 66 20 73 70 6c 69 74 2d 44 4e 53 20 74 6f 20	usually.the.use.of.split-DNS.to.
227c0	63 6f 72 72 65 63 74 6c 79 20 70 6f 69 6e 74 20 68 6f 73 74 20 73 79 73 74 65 6d 73 20 74 6f 20	correctly.point.host.systems.to.
227e0	74 68 65 20 69 6e 74 65 72 6e 61 6c 20 61 64 64 72 65 73 73 20 77 68 65 6e 20 72 65 71 75 65 73	the.internal.address.when.reques
22800	74 73 20 61 72 65 20 6d 61 64 65 20 69 6e 74 65 72 6e 61 6c 6c 79 2e 20 42 65 63 61 75 73 65 20	ts.are.made.internally..Because.
22820	6d 61 6e 79 20 73 6d 61 6c 6c 65 72 20 6e 65 74 77 6f 72 6b 73 20 6c 61 63 6b 20 44 4e 53 20 69	many.smaller.networks.lack.DNS.i
22840	6e 66 72 61 73 74 72 75 63 74 75 72 65 2c 20 61 20 77 6f 72 6b 2d 61 72 6f 75 6e 64 20 69 73 20	nfrastructure,.a.work-around.is.
22860	63 6f 6d 6d 6f 6e 6c 79 20 64 65 70 6c 6f 79 65 64 20 74 6f 20 66 61 63 69 6c 69 74 61 74 65 20	commonly.deployed.to.facilitate.
22880	74 68 65 20 74 72 61 66 66 69 63 20 62 79 20 4e 41 54 69 6e 67 20 74 68 65 20 72 65 71 75 65 73	the.traffic.by.NATing.the.reques
228a0	74 20 66 72 6f 6d 20 69 6e 74 65 72 6e 61 6c 20 68 6f 73 74 73 20 74 6f 20 74 68 65 20 73 6f 75	t.from.internal.hosts.to.the.sou
228c0	72 63 65 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 69 6e 74 65 72 6e 61 6c 20 69 6e 74 65	rce.address.of.the.internal.inte
228e0	72 66 61 63 65 20 6f 6e 20 74 68 65 20 66 69 72 65 77 61 6c 6c 2e 00 41 20 75 73 65 72 20 66 72	rface.on.the.firewall..A.user.fr
22900	69 65 6e 64 6c 79 20 61 6c 69 61 73 20 66 6f 72 20 74 68 69 73 20 63 6f 6e 6e 65 63 74 69 6f 6e	iendly.alias.for.this.connection
22920	2e 20 43 61 6e 20 62 65 20 75 73 65 64 20 69 6e 73 74 65 61 64 20 6f 66 20 74 68 65 20 64 65 76	..Can.be.used.instead.of.the.dev
22940	69 63 65 20 6e 61 6d 65 20 77 68 65 6e 20 63 6f 6e 6e 65 63 74 69 6e 67 2e 00 41 20 75 73 65 72	ice.name.when.connecting..A.user
22960	20 66 72 69 65 6e 64 6c 79 20 64 65 73 63 72 69 70 74 69 6f 6e 20 69 64 65 6e 74 69 66 79 69 6e	.friendly.description.identifyin
22980	67 20 74 68 65 20 63 6f 6e 6e 65 63 74 65 64 20 70 65 72 69 70 68 65 72 61 6c 2e 00 41 20 76 61	g.the.connected.peripheral..A.va
229a0	6c 75 65 20 6f 66 20 30 20 64 69 73 61 62 6c 65 73 20 41 52 50 20 6d 6f 6e 69 74 6f 72 69 6e 67	lue.of.0.disables.ARP.monitoring
229c0	2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 76 61 6c 75 65 20 69 73 20 30 2e 00 41 20 76 65 72 79	..The.default.value.is.0..A.very
229e0	20 73 6d 61 6c 6c 20 62 75 66 66 65 72 20 77 69 6c 6c 20 73 6f 6f 6e 20 73 74 61 72 74 20 64 72	.small.buffer.will.soon.start.dr
22a00	6f 70 70 69 6e 67 20 70 61 63 6b 65 74 73 2e 00 41 20 7a 6f 6e 65 20 6d 75 73 74 20 62 65 20 63	opping.packets..A.zone.must.be.c
22a20	6f 6e 66 69 67 75 72 65 64 20 62 65 66 6f 72 65 20 61 6e 20 69 6e 74 65 72 66 61 63 65 20 69 73	onfigured.before.an.interface.is
22a40	20 61 73 73 69 67 6e 65 64 20 74 6f 20 69 74 20 61 6e 64 20 61 6e 20 69 6e 74 65 72 66 61 63 65	.assigned.to.it.and.an.interface
22a60	20 63 61 6e 20 62 65 20 61 73 73 69 67 6e 65 64 20 74 6f 20 6f 6e 6c 79 20 61 20 73 69 6e 67 6c	.can.be.assigned.to.only.a.singl
22a80	65 20 7a 6f 6e 65 2e 00 41 52 50 00 41 62 6f 76 65 20 63 6f 6d 6d 61 6e 64 20 77 69 6c 6c 20 75	e.zone..ARP.Above.command.will.u
22aa0	73 65 20 60 31 30 2e 30 2e 30 2e 33 60 20 61 73 20 73 6f 75 72 63 65 20 49 50 76 34 20 61 64 64	se.`10.0.0.3`.as.source.IPv4.add
22ac0	72 65 73 73 20 66 6f 72 20 61 6c 6c 20 52 41 44 49 55 53 20 71 75 65 72 69 65 73 20 6f 6e 20 74	ress.for.all.RADIUS.queries.on.t
22ae0	68 69 73 20 4e 41 53 2e 00 41 63 63 65 6c 65 72 61 74 69 6f 6e 00 41 63 63 65 70 74 20 53 53 48	his.NAS..Acceleration.Accept.SSH
22b00	20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 66 6f 72 20 74 68 65 20 67 69 76 65 6e 20 60 3c 64 65 76	.connections.for.the.given.`<dev
22b20	69 63 65 3e 60 20 6f 6e 20 54 43 50 20 70 6f 72 74 20 60 3c 70 6f 72 74 3e 60 2e 20 41 66 74 65	ice>`.on.TCP.port.`<port>`..Afte
22b40	72 20 73 75 63 63 65 73 73 66 75 6c 6c 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 74 68 65	r.successfull.authentication.the
22b60	20 75 73 65 72 20 77 69 6c 6c 20 62 65 20 64 69 72 65 63 74 6c 79 20 64 72 6f 70 70 65 64 20 74	.user.will.be.directly.dropped.t
22b80	6f 20 74 68 65 20 63 6f 6e 6e 65 63 74 65 64 20 73 65 72 69 61 6c 20 64 65 76 69 63 65 2e 00 41	o.the.connected.serial.device..A
22ba0	63 63 65 70 74 20 6f 6e 6c 79 20 63 65 72 74 61 69 6e 20 70 72 6f 74 6f 63 6f 6c 73 3a 20 59 6f	ccept.only.certain.protocols:.Yo
22bc0	75 20 6d 61 79 20 77 61 6e 74 20 74 6f 20 72 65 70 6c 69 63 61 74 65 20 74 68 65 20 73 74 61 74	u.may.want.to.replicate.the.stat
22be0	65 20 6f 66 20 66 6c 6f 77 73 20 64 65 70 65 6e 64 69 6e 67 20 6f 6e 20 74 68 65 69 72 20 6c 61	e.of.flows.depending.on.their.la
22c00	79 65 72 20 34 20 70 72 6f 74 6f 63 6f 6c 2e 00 41 63 63 65 73 73 20 4c 69 73 74 20 50 6f 6c 69	yer.4.protocol..Access.List.Poli
22c20	63 79 00 41 63 63 65 73 73 20 4c 69 73 74 73 00 41 63 74 69 6f 6e 20 6d 75 73 74 20 62 65 20 74	cy.Access.Lists.Action.must.be.t
22c40	61 6b 65 6e 20 69 6d 6d 65 64 69 61 74 65 6c 79 20 2d 20 41 20 63 6f 6e 64 69 74 69 6f 6e 20 74	aken.immediately.-.A.condition.t
22c60	68 61 74 20 73 68 6f 75 6c 64 20 62 65 20 63 6f 72 72 65 63 74 65 64 20 69 6d 6d 65 64 69 61 74	hat.should.be.corrected.immediat
22c80	65 6c 79 2c 20 73 75 63 68 20 61 73 20 61 20 63 6f 72 72 75 70 74 65 64 20 73 79 73 74 65 6d 20	ely,.such.as.a.corrupted.system.
22ca0	64 61 74 61 62 61 73 65 2e 00 41 63 74 69 6f 6e 20 77 68 69 63 68 20 77 69 6c 6c 20 62 65 20 72	database..Action.which.will.be.r
22cc0	75 6e 20 6f 6e 63 65 20 74 68 65 20 63 74 72 6c 2d 61 6c 74 2d 64 65 6c 20 6b 65 79 73 74 72 6f	un.once.the.ctrl-alt-del.keystro
22ce0	6b 65 20 69 73 20 72 65 63 65 69 76 65 64 2e 00 41 63 74 69 6f 6e 73 00 41 63 74 69 76 65 20 44	ke.is.received..Actions.Active.D
22d00	69 72 65 63 74 6f 72 79 00 41 63 74 69 76 65 20 68 65 61 6c 74 68 20 63 68 65 63 6b 20 62 61 63	irectory.Active.health.check.bac
22d20	6b 65 6e 64 20 73 65 72 76 65 72 00 41 64 64 20 4e 54 41 20 28 6e 65 67 61 74 69 76 65 20 74 72	kend.server.Add.NTA.(negative.tr
22d40	75 73 74 20 61 6e 63 68 6f 72 29 20 66 6f 72 20 74 68 69 73 20 64 6f 6d 61 69 6e 2e 20 54 68 69	ust.anchor).for.this.domain..Thi
22d60	73 20 6d 75 73 74 20 62 65 20 73 65 74 20 69 66 20 74 68 65 20 64 6f 6d 61 69 6e 20 64 6f 65 73	s.must.be.set.if.the.domain.does
22d80	20 6e 6f 74 20 73 75 70 70 6f 72 74 20 44 4e 53 53 45 43 2e 00 41 64 64 20 50 6f 77 65 72 20 43	.not.support.DNSSEC..Add.Power.C
22da0	6f 6e 73 74 72 61 69 6e 74 20 65 6c 65 6d 65 6e 74 20 74 6f 20 42 65 61 63 6f 6e 20 61 6e 64 20	onstraint.element.to.Beacon.and.
22dc0	50 72 6f 62 65 20 52 65 73 70 6f 6e 73 65 20 66 72 61 6d 65 73 2e 00 41 64 64 20 61 20 66 6f 72	Probe.Response.frames..Add.a.for
22de0	77 61 72 64 69 6e 67 20 72 75 6c 65 20 6d 61 74 63 68 69 6e 67 20 55 44 50 20 70 6f 72 74 20 6f	warding.rule.matching.UDP.port.o
22e00	6e 20 79 6f 75 72 20 69 6e 74 65 72 6e 65 74 20 72 6f 75 74 65 72 2e 00 41 64 64 20 61 20 68 6f	n.your.internet.router..Add.a.ho
22e20	73 74 20 64 65 76 69 63 65 20 74 6f 20 74 68 65 20 63 6f 6e 74 61 69 6e 65 72 2e 00 41 64 64 20	st.device.to.the.container..Add.
22e40	61 63 63 65 73 73 2d 63 6f 6e 74 72 6f 6c 20 64 69 72 65 63 74 69 76 65 20 74 6f 20 61 6c 6c 6f	access-control.directive.to.allo
22e60	77 20 6f 72 20 64 65 6e 79 20 75 73 65 72 73 20 61 6e 64 20 67 72 6f 75 70 73 2e 20 44 69 72 65	w.or.deny.users.and.groups..Dire
22e80	63 74 69 76 65 73 20 61 72 65 20 70 72 6f 63 65 73 73 65 64 20 69 6e 20 74 68 65 20 66 6f 6c 6c	ctives.are.processed.in.the.foll
22ea0	6f 77 69 6e 67 20 6f 72 64 65 72 20 6f 66 20 70 72 65 63 65 64 65 6e 63 65 3a 20 60 60 64 65 6e	owing.order.of.precedence:.``den
22ec0	79 2d 75 73 65 72 73 60 60 2c 20 60 60 61 6c 6c 6f 77 2d 75 73 65 72 73 60 60 2c 20 60 60 64 65	y-users``,.``allow-users``,.``de
22ee0	6e 79 2d 67 72 6f 75 70 73 60 60 20 61 6e 64 20 60 60 61 6c 6c 6f 77 2d 67 72 6f 75 70 73 60 60	ny-groups``.and.``allow-groups``
22f00	2e 00 41 64 64 20 63 75 73 74 6f 6d 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 20 76 61 72 69 61 62 6c	..Add.custom.environment.variabl
22f20	65 73 2e 20 4d 75 6c 74 69 70 6c 65 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 20 76 61 72 69 61 62 6c	es..Multiple.environment.variabl
22f40	65 73 20 61 72 65 20 61 6c 6c 6f 77 65 64 2e 20 54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 63 6f	es.are.allowed..The.following.co
22f60	6d 6d 61 6e 64 73 20 74 72 61 6e 73 6c 61 74 65 20 74 6f 20 22 2d 65 20 6b 65 79 3d 76 61 6c 75	mmands.translate.to."-e.key=valu
22f80	65 22 20 77 68 65 6e 20 74 68 65 20 63 6f 6e 74 61 69 6e 65 72 20 69 73 20 63 72 65 61 74 65 64	e".when.the.container.is.created
22fa0	2e 00 41 64 64 20 64 65 66 61 75 6c 74 20 72 6f 75 74 65 73 20 66 6f 72 20 72 6f 75 74 69 6e 67	..Add.default.routes.for.routing
22fc0	20 60 60 74 61 62 6c 65 20 31 30 60 60 20 61 6e 64 20 60 60 74 61 62 6c 65 20 31 31 60 60 00 41	.``table.10``.and.``table.11``.A
22fe0	64 64 20 6d 75 6c 74 69 70 6c 65 20 73 6f 75 72 63 65 20 49 50 20 69 6e 20 6f 6e 65 20 72 75 6c	dd.multiple.source.IP.in.one.rul
23000	65 20 77 69 74 68 20 73 61 6d 65 20 70 72 69 6f 72 69 74 79 00 41 64 64 20 6e 65 77 20 70 6f 72	e.with.same.priority.Add.new.por
23020	74 20 74 6f 20 53 53 4c 2d 70 6f 72 74 73 20 61 63 6c 2e 20 50 6f 72 74 73 20 69 6e 63 6c 75 64	t.to.SSL-ports.acl..Ports.includ
23040	65 64 20 62 79 20 64 65 66 61 75 6c 74 20 69 6e 20 53 53 4c 2d 70 6f 72 74 73 20 61 63 6c 3a 20	ed.by.default.in.SSL-ports.acl:.
23060	34 34 33 00 41 64 64 20 6e 65 77 20 70 6f 72 74 20 74 6f 20 53 61 66 65 2d 70 6f 72 74 73 20 61	443.Add.new.port.to.Safe-ports.a
23080	63 6c 2e 20 50 6f 72 74 73 20 69 6e 63 6c 75 64 65 64 20 62 79 20 64 65 66 61 75 6c 74 20 69 6e	cl..Ports.included.by.default.in
230a0	20 53 61 66 65 2d 70 6f 72 74 73 20 61 63 6c 3a 20 32 31 2c 20 37 30 2c 20 38 30 2c 20 32 31 30	.Safe-ports.acl:.21,.70,.80,.210
230c0	2c 20 32 38 30 2c 20 34 34 33 2c 20 34 38 38 2c 20 35 39 31 2c 20 37 37 37 2c 20 38 37 33 2c 20	,.280,.443,.488,.591,.777,.873,.
230e0	31 30 32 35 2d 36 35 35 33 35 00 41 64 64 20 6f 72 20 72 65 70 6c 61 63 65 20 42 47 50 20 63 6f	1025-65535.Add.or.replace.BGP.co
23100	6d 6d 75 6e 69 74 79 20 61 74 74 72 69 62 75 74 65 20 69 6e 20 66 6f 72 6d 61 74 20 60 60 3c 30	mmunity.attribute.in.format.``<0
23120	2d 36 35 35 33 35 3a 30 2d 36 35 35 33 35 3e 60 60 20 6f 72 20 66 72 6f 6d 20 77 65 6c 6c 2d 6b	-65535:0-65535>``.or.from.well-k
23140	6e 6f 77 6e 20 63 6f 6d 6d 75 6e 69 74 79 20 6c 69 73 74 00 41 64 64 20 6f 72 20 72 65 70 6c 61	nown.community.list.Add.or.repla
23160	63 65 20 42 47 50 20 6c 61 72 67 65 2d 63 6f 6d 6d 75 6e 69 74 79 20 61 74 74 72 69 62 75 74 65	ce.BGP.large-community.attribute
23180	20 69 6e 20 66 6f 72 6d 61 74 20 60 60 3c 30 2d 34 32 39 34 39 36 37 32 39 35 3a 30 2d 34 32 39	.in.format.``<0-4294967295:0-429
231a0	34 39 36 37 32 39 35 3a 30 2d 34 32 39 34 39 36 37 32 39 35 3e 60 60 00 41 64 64 20 70 6f 6c 69	4967295:0-4294967295>``.Add.poli
231c0	63 79 20 72 6f 75 74 65 20 6d 61 74 63 68 69 6e 67 20 56 4c 41 4e 20 73 6f 75 72 63 65 20 61 64	cy.route.matching.VLAN.source.ad
231e0	64 72 65 73 73 65 73 00 41 64 64 20 70 75 62 6c 69 63 20 6b 65 79 20 70 6f 72 74 69 6f 6e 20 66	dresses.Add.public.key.portion.f
23200	6f 72 20 74 68 65 20 63 65 72 74 69 66 69 63 61 74 65 20 6e 61 6d 65 64 20 60 6e 61 6d 65 60 20	or.the.certificate.named.`name`.
23220	74 6f 20 74 68 65 20 56 79 4f 53 20 43 4c 49 2e 00 41 64 64 20 74 68 65 20 43 41 73 20 70 72 69	to.the.VyOS.CLI..Add.the.CAs.pri
23240	76 61 74 65 20 6b 65 79 20 74 6f 20 74 68 65 20 56 79 4f 53 20 43 4c 49 2e 20 54 68 69 73 20 73	vate.key.to.the.VyOS.CLI..This.s
23260	68 6f 75 6c 64 20 6e 65 76 65 72 20 6c 65 61 76 65 20 74 68 65 20 73 79 73 74 65 6d 2c 20 61 6e	hould.never.leave.the.system,.an
23280	64 20 69 73 20 6f 6e 6c 79 20 72 65 71 75 69 72 65 64 20 69 66 20 79 6f 75 20 75 73 65 20 56 79	d.is.only.required.if.you.use.Vy
232a0	4f 53 20 61 73 20 79 6f 75 72 20 63 65 72 74 69 66 69 63 61 74 65 20 67 65 6e 65 72 61 74 6f 72	OS.as.your.certificate.generator
232c0	20 61 73 20 6d 65 6e 74 69 6f 6e 65 64 20 61 62 6f 76 65 2e 00 41 64 64 20 74 68 65 20 70 72 69	.as.mentioned.above..Add.the.pri
232e0	76 61 74 65 20 6b 65 79 20 70 6f 72 74 69 6f 6e 20 6f 66 20 74 68 69 73 20 63 65 72 74 69 66 69	vate.key.portion.of.this.certifi
23300	63 61 74 65 20 74 6f 20 74 68 65 20 43 4c 49 2e 20 54 68 69 73 20 73 68 6f 75 6c 64 20 6e 65 76	cate.to.the.CLI..This.should.nev
23320	65 72 20 6c 65 61 76 65 20 74 68 65 20 73 79 73 74 65 6d 20 61 73 20 69 74 20 69 73 20 75 73 65	er.leave.the.system.as.it.is.use
23340	64 20 74 6f 20 64 65 63 72 79 70 74 20 74 68 65 20 64 61 74 61 2e 00 41 64 64 20 74 68 65 20 70	d.to.decrypt.the.data..Add.the.p
23360	75 62 6c 69 63 20 43 41 20 63 65 72 74 69 66 69 63 61 74 65 20 66 6f 72 20 74 68 65 20 43 41 20	ublic.CA.certificate.for.the.CA.
23380	6e 61 6d 65 64 20 60 6e 61 6d 65 60 20 74 6f 20 74 68 65 20 56 79 4f 53 20 43 4c 49 2e 00 41 64	named.`name`.to.the.VyOS.CLI..Ad
233a0	64 69 6e 67 20 61 20 32 46 41 20 77 69 74 68 20 61 6e 20 4f 54 50 2d 6b 65 79 00 41 64 64 69 74	ding.a.2FA.with.an.OTP-key.Addit
233c0	69 6f 6e 61 6c 20 67 6c 6f 62 61 6c 20 70 61 72 61 6d 65 74 65 72 73 20 61 72 65 20 73 65 74 2c	ional.global.parameters.are.set,
233e0	20 69 6e 63 6c 75 64 69 6e 67 20 74 68 65 20 6d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 63 6f	.including.the.maximum.number.co
23400	6e 6e 65 63 74 69 6f 6e 20 6c 69 6d 69 74 20 6f 66 20 34 30 30 30 20 61 6e 64 20 61 20 6d 69 6e	nnection.limit.of.4000.and.a.min
23420	69 6d 75 6d 20 54 4c 53 20 76 65 72 73 69 6f 6e 20 6f 66 20 31 2e 33 2e 00 41 64 64 69 74 69 6f	imum.TLS.version.of.1.3..Additio
23440	6e 61 6c 20 6f 70 74 69 6f 6e 20 74 6f 20 72 75 6e 20 54 46 54 50 20 73 65 72 76 65 72 20 69 6e	nal.option.to.run.TFTP.server.in
23460	20 74 68 65 20 3a 61 62 62 72 3a 60 56 52 46 20 28 56 69 72 74 75 61 6c 20 52 6f 75 74 69 6e 67	.the.:abbr:`VRF.(Virtual.Routing
23480	20 61 6e 64 20 46 6f 72 77 61 72 64 69 6e 67 29 60 20 63 6f 6e 74 65 78 74 00 41 64 64 69 74 69	.and.Forwarding)`.context.Additi
234a0	6f 6e 61 6c 6c 79 20 79 6f 75 20 73 68 6f 75 6c 64 20 6b 65 65 70 20 69 6e 20 6d 69 6e 64 20 74	onally.you.should.keep.in.mind.t
234c0	68 61 74 20 74 68 69 73 20 66 65 61 74 75 72 65 20 66 75 6e 64 61 6d 65 6e 74 61 6c 6c 79 20 64	hat.this.feature.fundamentally.d
234e0	69 73 61 62 6c 65 73 20 74 68 65 20 61 62 69 6c 69 74 79 20 74 6f 20 75 73 65 20 77 69 64 65 6c	isables.the.ability.to.use.widel
23500	79 20 64 65 70 6c 6f 79 65 64 20 42 47 50 20 66 65 61 74 75 72 65 73 2e 20 42 47 50 20 75 6e 6e	y.deployed.BGP.features..BGP.unn
23520	75 6d 62 65 72 65 64 2c 20 68 6f 73 74 6e 61 6d 65 20 73 75 70 70 6f 72 74 2c 20 41 53 34 2c 20	umbered,.hostname.support,.AS4,.
23540	41 64 64 70 61 74 68 2c 20 52 6f 75 74 65 20 52 65 66 72 65 73 68 2c 20 4f 52 46 2c 20 44 79 6e	Addpath,.Route.Refresh,.ORF,.Dyn
23560	61 6d 69 63 20 43 61 70 61 62 69 6c 69 74 69 65 73 2c 20 61 6e 64 20 67 72 61 63 65 66 75 6c 20	amic.Capabilities,.and.graceful.
23580	72 65 73 74 61 72 74 2e 00 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 65 61 63 68 20 63 6c 69 65	restart..Additionally,.each.clie
235a0	6e 74 20 6e 65 65 64 73 20 61 20 63 6f 70 79 20 6f 66 20 63 61 20 63 65 72 74 20 61 6e 64 20 69	nt.needs.a.copy.of.ca.cert.and.i
235c0	74 73 20 6f 77 6e 20 63 6c 69 65 6e 74 20 6b 65 79 20 61 6e 64 20 63 65 72 74 20 66 69 6c 65 73	ts.own.client.key.and.cert.files
235e0	2e 20 54 68 65 20 66 69 6c 65 73 20 61 72 65 20 70 6c 61 69 6e 74 65 78 74 20 73 6f 20 74 68 65	..The.files.are.plaintext.so.the
23600	79 20 6d 61 79 20 62 65 20 63 6f 70 69 65 64 20 65 69 74 68 65 72 20 6d 61 6e 75 61 6c 6c 79 20	y.may.be.copied.either.manually.
23620	66 72 6f 6d 20 74 68 65 20 43 4c 49 2e 20 43 6c 69 65 6e 74 20 6b 65 79 20 61 6e 64 20 63 65 72	from.the.CLI..Client.key.and.cer
23640	74 20 66 69 6c 65 73 20 73 68 6f 75 6c 64 20 62 65 20 73 69 67 6e 65 64 20 77 69 74 68 20 74 68	t.files.should.be.signed.with.th
23660	65 20 70 72 6f 70 65 72 20 63 61 20 63 65 72 74 20 61 6e 64 20 67 65 6e 65 72 61 74 65 64 20 6f	e.proper.ca.cert.and.generated.o
23680	6e 20 74 68 65 20 73 65 72 76 65 72 20 73 69 64 65 2e 00 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c	n.the.server.side..Additionally,
236a0	20 77 65 20 77 61 6e 74 20 74 6f 20 75 73 65 20 56 50 4e 73 20 6f 6e 6c 79 20 6f 6e 20 6f 75 72	.we.want.to.use.VPNs.only.on.our
236c0	20 65 74 68 31 20 69 6e 74 65 72 66 61 63 65 20 28 74 68 65 20 65 78 74 65 72 6e 61 6c 20 69 6e	.eth1.interface.(the.external.in
236e0	74 65 72 66 61 63 65 20 69 6e 20 74 68 65 20 69 6d 61 67 65 20 61 62 6f 76 65 29 00 41 64 64 72	terface.in.the.image.above).Addr
23700	65 73 73 00 41 64 64 72 65 73 73 20 43 6f 6e 76 65 72 73 69 6f 6e 00 41 64 64 72 65 73 73 20 46	ess.Address.Conversion.Address.F
23720	61 6d 69 6c 69 65 73 00 41 64 64 72 65 73 73 20 47 72 6f 75 70 73 00 41 64 64 72 65 73 73 20 70	amilies.Address.Groups.Address.p
23740	6f 6f 6c 20 73 68 61 6c 6c 20 62 65 20 60 60 32 30 30 31 3a 64 62 38 3a 3a 31 30 30 60 60 20 74	ool.shall.be.``2001:db8::100``.t
23760	68 72 6f 75 67 68 20 60 60 32 30 30 31 3a 64 62 38 3a 3a 31 39 39 60 60 2e 00 41 64 64 72 65 73	hrough.``2001:db8::199``..Addres
23780	73 20 70 6f 6f 6c 73 00 41 64 64 72 65 73 73 20 74 6f 20 6c 69 73 74 65 6e 20 66 6f 72 20 48 54	s.pools.Address.to.listen.for.HT
237a0	54 50 53 20 72 65 71 75 65 73 74 73 00 41 64 64 73 20 72 65 67 69 73 74 72 79 20 74 6f 20 6c 69	TPS.requests.Adds.registry.to.li
237c0	73 74 20 6f 66 20 75 6e 71 75 61 6c 69 66 69 65 64 2d 73 65 61 72 63 68 2d 72 65 67 69 73 74 72	st.of.unqualified-search-registr
237e0	69 65 73 2e 20 42 79 20 64 65 66 61 75 6c 74 2c 20 66 6f 72 20 61 6e 79 20 69 6d 61 67 65 20 74	ies..By.default,.for.any.image.t
23800	68 61 74 20 64 6f 65 73 20 6e 6f 74 20 69 6e 63 6c 75 64 65 20 74 68 65 20 72 65 67 69 73 74 72	hat.does.not.include.the.registr
23820	79 20 69 6e 20 74 68 65 20 69 6d 61 67 65 20 6e 61 6d 65 2c 20 56 79 6f 73 20 77 69 6c 6c 20 75	y.in.the.image.name,.Vyos.will.u
23840	73 65 20 64 6f 63 6b 65 72 2e 69 6f 20 61 73 20 74 68 65 20 63 6f 6e 74 61 69 6e 65 72 20 72 65	se.docker.io.as.the.container.re
23860	67 69 73 74 72 79 2e 00 41 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 44 69 73 74 61 6e 63 65 00	gistry..Administrative.Distance.
23880	41 64 76 61 6e 63 65 64 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 63 61 6e 20 62 65 20 75 73	Advanced.configuration.can.be.us
238a0	65 64 20 69 6e 20 6f 72 64 65 72 20 74 6f 20 61 70 70 6c 79 20 73 6f 75 72 63 65 20 6f 72 20 64	ed.in.order.to.apply.source.or.d
238c0	65 73 74 69 6e 61 74 69 6f 6e 20 4e 41 54 2c 20 61 6e 64 20 77 69 74 68 69 6e 20 61 20 73 69 6e	estination.NAT,.and.within.a.sin
238e0	67 6c 65 20 72 75 6c 65 2c 20 62 65 20 61 62 6c 65 20 74 6f 20 64 65 66 69 6e 65 20 6d 75 6c 74	gle.rule,.be.able.to.define.mult
23900	69 70 6c 65 20 74 72 61 6e 73 6c 61 74 65 64 20 61 64 64 72 65 73 73 65 73 2c 20 73 6f 20 4e 41	iple.translated.addresses,.so.NA
23920	54 20 62 61 6c 61 6e 63 65 73 20 74 68 65 20 74 72 61 6e 73 6c 61 74 69 6f 6e 73 20 61 6d 6f 6e	T.balances.the.translations.amon
23940	67 20 74 68 65 6d 2e 00 41 64 76 61 6e 74 61 67 65 73 20 6f 66 20 4f 70 65 6e 56 50 4e 20 61 72	g.them..Advantages.of.OpenVPN.ar
23960	65 3a 00 41 64 76 65 72 74 69 73 65 20 44 4e 53 20 73 65 72 76 65 72 20 70 65 72 20 68 74 74 70	e:.Advertise.DNS.server.per.http
23980	73 3a 2f 2f 74 6f 6f 6c 73 2e 69 65 74 66 2e 6f 72 67 2f 68 74 6d 6c 2f 72 66 63 36 31 30 36 00	s://tools.ietf.org/html/rfc6106.
239a0	41 64 76 65 72 74 69 73 69 6e 67 20 61 20 50 72 65 66 69 78 00 41 66 74 65 72 20 63 6f 6d 6d 69	Advertising.a.Prefix.After.commi
239c0	74 20 74 68 65 20 70 6c 61 69 6e 74 65 78 74 20 70 61 73 73 77 6f 72 64 73 20 77 69 6c 6c 20 62	t.the.plaintext.passwords.will.b
239e0	65 20 68 61 73 68 65 64 20 61 6e 64 20 73 74 6f 72 65 64 20 69 6e 20 79 6f 75 72 20 63 6f 6e 66	e.hashed.and.stored.in.your.conf
23a00	69 67 75 72 61 74 69 6f 6e 2e 20 54 68 65 20 72 65 73 75 6c 74 69 6e 67 20 43 4c 49 20 63 6f 6e	iguration..The.resulting.CLI.con
23a20	66 69 67 20 77 69 6c 6c 20 6c 6f 6f 6b 20 6c 69 6b 65 3a 00 41 66 74 65 72 20 63 6f 6d 6d 69 74	fig.will.look.like:.After.commit
23a40	74 69 6e 67 20 74 68 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 77 65 20 63 61 6e 20 76 65	ting.the.configuration.we.can.ve
23a60	72 69 66 79 20 61 6c 6c 20 6c 65 61 6b 65 64 20 72 6f 75 74 65 73 20 61 72 65 20 69 6e 73 74 61	rify.all.leaked.routes.are.insta
23a80	6c 6c 65 64 2c 20 61 6e 64 20 74 72 79 20 74 6f 20 49 43 4d 50 20 70 69 6e 67 20 50 43 31 20 66	lled,.and.try.to.ICMP.ping.PC1.f
23aa0	72 6f 6d 20 50 43 33 2e 00 41 66 74 65 72 20 77 65 20 68 61 76 65 20 69 6d 70 6f 72 74 65 64 20	rom.PC3..After.we.have.imported.
23ac0	74 68 65 20 43 41 20 63 65 72 74 69 66 69 63 61 74 65 28 73 29 20 77 65 20 63 61 6e 20 6e 6f 77	the.CA.certificate(s).we.can.now
23ae0	20 69 6d 70 6f 72 74 20 61 6e 64 20 61 64 64 20 63 65 72 74 69 66 69 63 61 74 65 73 20 75 73 65	.import.and.add.certificates.use
23b00	64 20 62 79 20 73 65 72 76 69 63 65 73 20 6f 6e 20 74 68 69 73 20 72 6f 75 74 65 72 2e 00 41 67	d.by.services.on.this.router..Ag
23b20	65 6e 74 20 2d 20 73 6f 66 74 77 61 72 65 20 77 68 69 63 68 20 72 75 6e 73 20 6f 6e 20 6d 61 6e	ent.-.software.which.runs.on.man
23b40	61 67 65 64 20 64 65 76 69 63 65 73 00 41 6c 65 72 74 00 41 6c 67 6f 72 69 74 68 6d 00 41 6c 69	aged.devices.Alert.Algorithm.Ali
23b60	61 73 65 73 00 41 6c 6c 20 44 4e 53 20 72 65 71 75 65 73 74 73 20 66 6f 72 20 65 78 61 6d 70 6c	ases.All.DNS.requests.for.exampl
23b80	65 2e 63 6f 6d 20 6d 75 73 74 20 62 65 20 66 6f 72 77 61 72 64 65 64 20 74 6f 20 61 20 44 4e 53	e.com.must.be.forwarded.to.a.DNS
23ba0	20 73 65 72 76 65 72 20 61 74 20 31 39 32 2e 30 2e 32 2e 32 35 34 20 61 6e 64 20 32 30 30 31 3a	.server.at.192.0.2.254.and.2001:
23bc0	64 62 38 3a 63 61 66 65 3a 3a 31 00 41 6c 6c 20 53 4e 4d 50 20 4d 49 42 73 20 61 72 65 20 6c 6f	db8:cafe::1.All.SNMP.MIBs.are.lo
23be0	63 61 74 65 64 20 69 6e 20 65 61 63 68 20 69 6d 61 67 65 20 6f 66 20 56 79 4f 53 20 68 65 72 65	cated.in.each.image.of.VyOS.here
23c00	3a 20 60 60 2f 75 73 72 2f 73 68 61 72 65 2f 73 6e 6d 70 2f 6d 69 62 73 2f 60 60 00 41 6c 6c 20	:.``/usr/share/snmp/mibs/``.All.
23c20	61 76 61 69 6c 61 62 6c 65 20 57 57 41 4e 20 63 61 72 64 73 20 68 61 76 65 20 61 20 62 75 69 6c	available.WWAN.cards.have.a.buil
23c40	64 20 69 6e 2c 20 72 65 70 72 6f 67 72 61 6d 6d 61 62 6c 65 20 66 69 72 6d 77 61 72 65 2e 20 4d	d.in,.reprogrammable.firmware..M
23c60	6f 73 74 20 6f 66 20 74 68 65 20 76 65 6e 64 6f 72 73 20 70 72 6f 76 69 64 65 20 61 20 72 65 67	ost.of.the.vendors.provide.a.reg
23c80	75 6c 61 72 20 75 70 64 61 74 65 20 74 6f 20 74 68 65 20 66 69 72 6d 77 61 72 65 20 75 73 65 64	ular.update.to.the.firmware.used
23ca0	20 69 6e 20 74 68 65 20 62 61 73 65 62 61 6e 64 20 63 68 69 70 2e 00 41 6c 6c 20 63 65 72 74 69	.in.the.baseband.chip..All.certi
23cc0	66 69 63 61 74 65 73 20 73 68 6f 75 6c 64 20 62 65 20 73 74 6f 72 65 64 20 6f 6e 20 56 79 4f 53	ficates.should.be.stored.on.VyOS
23ce0	20 75 6e 64 65 72 20 60 60 2f 63 6f 6e 66 69 67 2f 61 75 74 68 60 60 2e 20 49 66 20 63 65 72 74	.under.``/config/auth``..If.cert
23d00	69 66 69 63 61 74 65 73 20 61 72 65 20 6e 6f 74 20 73 74 6f 72 65 64 20 69 6e 20 74 68 65 20 60	ificates.are.not.stored.in.the.`
23d20	60 2f 63 6f 6e 66 69 67 60 60 20 64 69 72 65 63 74 6f 72 79 20 74 68 65 79 20 77 69 6c 6c 20 6e	`/config``.directory.they.will.n
23d40	6f 74 20 62 65 20 6d 69 67 72 61 74 65 64 20 64 75 72 69 6e 67 20 61 20 73 6f 66 74 77 61 72 65	ot.be.migrated.during.a.software
23d60	20 75 70 64 61 74 65 2e 00 41 6c 6c 20 66 61 63 69 6c 69 74 69 65 73 00 41 6c 6c 20 69 6e 74 65	.update..All.facilities.All.inte
23d80	72 66 61 63 65 73 20 75 73 65 64 20 66 6f 72 20 74 68 65 20 44 48 43 50 20 72 65 6c 61 79 20 6d	rfaces.used.for.the.DHCP.relay.m
23da0	75 73 74 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 2e 20 54 68 69 73 20 69 6e 63 6c 75 64 65 73	ust.be.configured..This.includes
23dc0	20 74 68 65 20 75 70 6c 69 6e 6b 20 74 6f 20 74 68 65 20 44 48 43 50 20 73 65 72 76 65 72 2e 00	.the.uplink.to.the.DHCP.server..
23de0	41 6c 6c 20 69 74 65 6d 73 20 69 6e 20 61 20 73 79 6e 63 20 67 72 6f 75 70 20 73 68 6f 75 6c 64	All.items.in.a.sync.group.should
23e00	20 62 65 20 73 69 6d 69 6c 61 72 6c 79 20 63 6f 6e 66 69 67 75 72 65 64 2e 20 49 66 20 6f 6e 65	.be.similarly.configured..If.one
23e20	20 56 52 52 50 20 67 72 6f 75 70 20 69 73 20 73 65 74 20 74 6f 20 61 20 64 69 66 66 65 72 65 6e	.VRRP.group.is.set.to.a.differen
23e40	74 20 70 72 65 65 6d 70 74 69 6f 6e 20 64 65 6c 61 79 20 6f 72 20 70 72 69 6f 72 69 74 79 2c 20	t.preemption.delay.or.priority,.
23e60	69 74 20 77 6f 75 6c 64 20 72 65 73 75 6c 74 20 69 6e 20 61 6e 20 65 6e 64 6c 65 73 73 20 74 72	it.would.result.in.an.endless.tr
23e80	61 6e 73 69 74 69 6f 6e 20 6c 6f 6f 70 2e 00 41 6c 6c 20 6f 74 68 65 72 20 44 4e 53 20 72 65 71	ansition.loop..All.other.DNS.req
23ea0	75 65 73 74 73 20 77 69 6c 6c 20 62 65 20 66 6f 72 77 61 72 64 65 64 20 74 6f 20 61 20 64 69 66	uests.will.be.forwarded.to.a.dif
23ec0	66 65 72 65 6e 74 20 73 65 74 20 6f 66 20 44 4e 53 20 73 65 72 76 65 72 73 20 61 74 20 31 39 32	ferent.set.of.DNS.servers.at.192
23ee0	2e 30 2e 32 2e 31 2c 20 31 39 32 2e 30 2e 32 2e 32 2c 20 32 30 30 31 3a 64 62 38 3a 3a 31 3a 66	.0.2.1,.192.0.2.2,.2001:db8::1:f
23f00	66 66 66 20 61 6e 64 20 32 30 30 31 3a 64 62 38 3a 3a 32 3a 66 66 66 66 00 41 6c 6c 20 72 65 70	fff.and.2001:db8::2:ffff.All.rep
23f20	6c 79 20 73 69 7a 65 73 20 61 72 65 20 61 63 63 65 70 74 65 64 20 62 79 20 64 65 66 61 75 6c 74	ly.sizes.are.accepted.by.default
23f40	2e 00 41 6c 6c 20 73 63 72 69 70 74 73 20 65 78 63 65 63 75 74 65 64 20 74 68 69 73 20 77 61 79	..All.scripts.excecuted.this.way
23f60	20 61 72 65 20 65 78 65 63 75 74 65 64 20 61 73 20 72 6f 6f 74 20 75 73 65 72 20 2d 20 74 68 69	.are.executed.as.root.user.-.thi
23f80	73 20 6d 61 79 20 62 65 20 64 61 6e 67 65 72 6f 75 73 2e 20 54 6f 67 65 74 68 65 72 20 77 69 74	s.may.be.dangerous..Together.wit
23fa0	68 20 3a 72 65 66 3a 60 63 6f 6d 6d 61 6e 64 2d 73 63 72 69 70 74 69 6e 67 60 20 74 68 69 73 20	h.:ref:`command-scripting`.this.
23fc0	63 61 6e 20 62 65 20 75 73 65 64 20 66 6f 72 20 61 75 74 6f 6d 61 74 69 6e 67 20 28 72 65 2d 29	can.be.used.for.automating.(re-)
23fe0	63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2e 00 41 6c 6c 20 74 68 65 73 65 20 72 75 6c 65 73 20 77	configuration..All.these.rules.w
24000	69 74 68 20 4f 54 43 20 77 69 6c 6c 20 68 65 6c 70 20 74 6f 20 64 65 74 65 63 74 20 61 6e 64 20	ith.OTC.will.help.to.detect.and.
24020	6d 69 74 69 67 61 74 65 20 72 6f 75 74 65 20 6c 65 61 6b 73 20 61 6e 64 20 68 61 70 70 65 6e 20	mitigate.route.leaks.and.happen.
24040	61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 69 66 20 6c 6f 63 61 6c 2d 72 6f 6c 65 20 69 73 20 73	automatically.if.local-role.is.s
24060	65 74 2e 00 41 6c 6c 20 74 68 6f 73 65 20 70 72 6f 74 6f 63 6f 6c 73 20 61 72 65 20 67 72 6f 75	et..All.those.protocols.are.grou
24080	70 65 64 20 75 6e 64 65 72 20 60 60 69 6e 74 65 72 66 61 63 65 73 20 74 75 6e 6e 65 6c 60 60 20	ped.under.``interfaces.tunnel``.
240a0	69 6e 20 56 79 4f 53 2e 20 4c 65 74 27 73 20 74 61 6b 65 20 61 20 63 6c 6f 73 65 72 20 6c 6f 6f	in.VyOS..Let's.take.a.closer.loo
240c0	6b 20 61 74 20 74 68 65 20 70 72 6f 74 6f 63 6f 6c 73 20 61 6e 64 20 6f 70 74 69 6f 6e 73 20 63	k.at.the.protocols.and.options.c
240e0	75 72 72 65 6e 74 6c 79 20 73 75 70 70 6f 72 74 65 64 20 62 79 20 56 79 4f 53 2e 00 41 6c 6c 20	urrently.supported.by.VyOS..All.
24100	74 72 61 66 66 69 63 20 62 65 74 77 65 65 6e 20 7a 6f 6e 65 73 20 69 73 20 61 66 66 65 63 74 65	traffic.between.zones.is.affecte
24120	64 20 62 79 20 65 78 69 73 74 69 6e 67 20 70 6f 6c 69 63 69 65 73 00 41 6c 6c 20 74 72 61 66 66	d.by.existing.policies.All.traff
24140	69 63 20 74 6f 20 61 6e 64 20 66 72 6f 6d 20 61 6e 20 69 6e 74 65 72 66 61 63 65 20 77 69 74 68	ic.to.and.from.an.interface.with
24160	69 6e 20 61 20 7a 6f 6e 65 20 69 73 20 70 65 72 6d 69 74 74 65 64 2e 00 41 6c 6c 20 74 75 6e 6e	in.a.zone.is.permitted..All.tunn
24180	65 6c 20 73 65 73 73 69 6f 6e 73 20 63 61 6e 20 62 65 20 63 68 65 63 6b 65 64 20 76 69 61 3a 00	el.sessions.can.be.checked.via:.
241a0	41 6c 6c 6f 63 61 74 69 6f 6e 20 63 6c 69 65 6e 74 73 20 69 70 20 61 64 64 72 65 73 73 65 73 20	Allocation.clients.ip.addresses.
241c0	62 79 20 52 41 44 49 55 53 00 41 6c 6c 6f 77 20 60 60 73 73 68 60 60 20 64 79 6e 61 6d 69 63 2d	by.RADIUS.Allow.``ssh``.dynamic-
241e0	70 72 6f 74 65 63 74 69 6f 6e 2e 00 41 6c 6c 6f 77 20 61 63 63 65 73 73 20 74 6f 20 73 69 74 65	protection..Allow.access.to.site
24200	73 20 69 6e 20 61 20 64 6f 6d 61 69 6e 20 77 69 74 68 6f 75 74 20 72 65 74 72 69 65 76 69 6e 67	s.in.a.domain.without.retrieving
24220	20 74 68 65 6d 20 66 72 6f 6d 20 74 68 65 20 50 72 6f 78 79 20 63 61 63 68 65 2e 20 53 70 65 63	.them.from.the.Proxy.cache..Spec
24240	69 66 79 69 6e 67 20 22 76 79 6f 73 2e 6e 65 74 22 20 77 69 6c 6c 20 61 6c 6c 6f 77 20 61 63 63	ifying."vyos.net".will.allow.acc
24260	65 73 73 20 74 6f 20 76 79 6f 73 2e 6e 65 74 20 62 75 74 20 74 68 65 20 70 61 67 65 73 20 61 63	ess.to.vyos.net.but.the.pages.ac
24280	63 65 73 73 65 64 20 77 69 6c 6c 20 6e 6f 74 20 62 65 20 63 61 63 68 65 64 2e 20 49 74 20 75 73	cessed.will.not.be.cached..It.us
242a0	65 66 75 6c 20 66 6f 72 20 77 6f 72 6b 69 6e 67 20 61 72 6f 75 6e 64 20 70 72 6f 62 6c 65 6d 73	eful.for.working.around.problems
242c0	20 77 69 74 68 20 22 49 66 2d 4d 6f 64 69 66 69 65 64 2d 53 69 6e 63 65 22 20 63 68 65 63 6b 69	.with."If-Modified-Since".checki
242e0	6e 67 20 61 74 20 63 65 72 74 61 69 6e 20 73 69 74 65 73 2e 00 41 6c 6c 6f 77 20 62 67 70 20 74	ng.at.certain.sites..Allow.bgp.t
24300	6f 20 6e 65 67 6f 74 69 61 74 65 20 74 68 65 20 65 78 74 65 6e 64 65 64 2d 6e 65 78 74 68 6f 70	o.negotiate.the.extended-nexthop
24320	20 63 61 70 61 62 69 6c 69 74 79 20 77 69 74 68 20 69 74 e2 80 99 73 20 70 65 65 72 2e 20 49 66	.capability.with.it...s.peer..If
24340	20 79 6f 75 20 61 72 65 20 70 65 65 72 69 6e 67 20 6f 76 65 72 20 61 20 49 50 76 36 20 4c 69 6e	.you.are.peering.over.a.IPv6.Lin
24360	6b 2d 4c 6f 63 61 6c 20 61 64 64 72 65 73 73 20 74 68 65 6e 20 74 68 69 73 20 63 61 70 61 62 69	k-Local.address.then.this.capabi
24380	6c 69 74 79 20 69 73 20 74 75 72 6e 65 64 20 6f 6e 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 2e	lity.is.turned.on.automatically.
243a0	20 49 66 20 79 6f 75 20 61 72 65 20 70 65 65 72 69 6e 67 20 6f 76 65 72 20 61 20 49 50 76 36 20	.If.you.are.peering.over.a.IPv6.
243c0	47 6c 6f 62 61 6c 20 41 64 64 72 65 73 73 20 74 68 65 6e 20 74 75 72 6e 69 6e 67 20 6f 6e 20 74	Global.Address.then.turning.on.t
243e0	68 69 73 20 63 6f 6d 6d 61 6e 64 20 77 69 6c 6c 20 61 6c 6c 6f 77 20 42 47 50 20 74 6f 20 69 6e	his.command.will.allow.BGP.to.in
24400	73 74 61 6c 6c 20 49 50 76 34 20 72 6f 75 74 65 73 20 77 69 74 68 20 49 50 76 36 20 6e 65 78 74	stall.IPv4.routes.with.IPv6.next
24420	68 6f 70 73 20 69 66 20 79 6f 75 20 64 6f 20 6e 6f 74 20 68 61 76 65 20 49 50 76 34 20 63 6f 6e	hops.if.you.do.not.have.IPv4.con
24440	66 69 67 75 72 65 64 20 6f 6e 20 69 6e 74 65 72 66 61 63 65 73 2e 00 41 6c 6c 6f 77 20 65 78 70	figured.on.interfaces..Allow.exp
24460	6c 69 63 69 74 20 49 50 76 36 20 61 64 64 72 65 73 73 20 66 6f 72 20 74 68 65 20 69 6e 74 65 72	licit.IPv6.address.for.the.inter
24480	66 61 63 65 2e 00 41 6c 6c 6f 77 20 68 6f 73 74 20 6e 65 74 77 6f 72 6b 69 6e 67 20 69 6e 20 61	face..Allow.host.networking.in.a
244a0	20 63 6f 6e 74 61 69 6e 65 72 2e 20 54 68 65 20 6e 65 74 77 6f 72 6b 20 73 74 61 63 6b 20 6f 66	.container..The.network.stack.of
244c0	20 74 68 65 20 63 6f 6e 74 61 69 6e 65 72 20 69 73 20 6e 6f 74 20 69 73 6f 6c 61 74 65 64 20 66	.the.container.is.not.isolated.f
244e0	72 6f 6d 20 74 68 65 20 68 6f 73 74 20 61 6e 64 20 77 69 6c 6c 20 75 73 65 20 74 68 65 20 68 6f	rom.the.host.and.will.use.the.ho
24500	73 74 20 49 50 2e 00 41 6c 6c 6f 77 20 74 68 69 73 20 42 46 44 20 70 65 65 72 20 74 6f 20 6e 6f	st.IP..Allow.this.BFD.peer.to.no
24520	74 20 62 65 20 64 69 72 65 63 74 6c 79 20 63 6f 6e 6e 65 63 74 65 64 00 41 6c 6c 6f 77 65 64 20	t.be.directly.connected.Allowed.
24540	76 61 6c 75 65 73 20 66 70 72 20 54 43 50 20 66 6c 61 67 73 3a 20 60 60 53 59 4e 60 60 2c 20 60	values.fpr.TCP.flags:.``SYN``,.`
24560	60 41 43 4b 60 60 2c 20 60 60 46 49 4e 60 60 2c 20 60 60 52 53 54 60 60 2c 20 60 60 55 52 47 60	`ACK``,.``FIN``,.``RST``,.``URG`
24580	60 2c 20 60 60 50 53 48 60 60 2c 20 60 60 41 4c 4c 60 60 20 57 68 65 6e 20 73 70 65 63 69 66 79	`,.``PSH``,.``ALL``.When.specify
245a0	69 6e 67 20 6d 6f 72 65 20 74 68 61 6e 20 6f 6e 65 20 66 6c 61 67 2c 20 66 6c 61 67 73 20 73 68	ing.more.than.one.flag,.flags.sh
245c0	6f 75 6c 64 20 62 65 20 63 6f 6d 6d 61 20 73 65 70 61 72 61 74 65 64 2e 20 54 68 65 20 60 60 21	ould.be.comma.separated..The.``!
245e0	60 60 20 6e 65 67 61 74 65 20 74 68 65 20 73 65 6c 65 63 74 65 64 20 70 72 6f 74 6f 63 6f 6c 2e	``.negate.the.selected.protocol.
24600	00 41 6c 6c 6f 77 73 20 73 70 65 63 69 66 69 63 20 56 4c 41 4e 20 49 44 73 20 74 6f 20 70 61 73	.Allows.specific.VLAN.IDs.to.pas
24620	73 20 74 68 72 6f 75 67 68 20 74 68 65 20 62 72 69 64 67 65 20 6d 65 6d 62 65 72 20 69 6e 74 65	s.through.the.bridge.member.inte
24640	72 66 61 63 65 2e 20 54 68 69 73 20 63 61 6e 20 65 69 74 68 65 72 20 62 65 20 61 6e 20 69 6e 64	rface..This.can.either.be.an.ind
24660	69 76 69 64 75 61 6c 20 56 4c 41 4e 20 69 64 20 6f 72 20 61 20 72 61 6e 67 65 20 6f 66 20 56 4c	ividual.VLAN.id.or.a.range.of.VL
24680	41 4e 20 69 64 73 20 64 65 6c 69 6d 69 74 65 64 20 62 79 20 61 20 68 79 70 68 65 6e 2e 00 41 6c	AN.ids.delimited.by.a.hyphen..Al
246a0	6c 6f 77 73 20 74 6f 20 64 65 66 69 6e 65 20 55 52 4c 20 70 61 74 68 20 6d 61 74 63 68 69 6e 67	lows.to.define.URL.path.matching
246c0	20 72 75 6c 65 73 20 66 6f 72 20 61 20 73 70 65 63 69 66 69 63 20 73 65 72 76 69 63 65 2e 00 41	.rules.for.a.specific.service..A
246e0	6c 6c 6f 77 73 20 79 6f 75 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 74 68 65 20 6e 65 78 74 2d	llows.you.to.configure.the.next-
24700	68 6f 70 20 69 6e 74 65 72 66 61 63 65 20 66 6f 72 20 61 6e 20 69 6e 74 65 72 66 61 63 65 2d 62	hop.interface.for.an.interface-b
24720	61 73 65 64 20 49 50 76 34 20 73 74 61 74 69 63 20 72 6f 75 74 65 2e 20 60 3c 69 6e 74 65 72 66	ased.IPv4.static.route..`<interf
24740	61 63 65 3e 60 20 77 69 6c 6c 20 62 65 20 74 68 65 20 6e 65 78 74 2d 68 6f 70 20 69 6e 74 65 72	ace>`.will.be.the.next-hop.inter
24760	66 61 63 65 20 77 68 65 72 65 20 74 72 61 66 66 69 63 20 69 73 20 72 6f 75 74 65 64 20 66 6f 72	face.where.traffic.is.routed.for
24780	20 74 68 65 20 67 69 76 65 6e 20 60 3c 73 75 62 6e 65 74 3e 60 2e 00 41 6c 6c 6f 77 73 20 79 6f	.the.given.`<subnet>`..Allows.yo
247a0	75 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 74 68 65 20 6e 65 78 74 2d 68 6f 70 20 69 6e 74 65	u.to.configure.the.next-hop.inte
247c0	72 66 61 63 65 20 66 6f 72 20 61 6e 20 69 6e 74 65 72 66 61 63 65 2d 62 61 73 65 64 20 49 50 76	rface.for.an.interface-based.IPv
247e0	36 20 73 74 61 74 69 63 20 72 6f 75 74 65 2e 20 60 3c 69 6e 74 65 72 66 61 63 65 3e 60 20 77 69	6.static.route..`<interface>`.wi
24800	6c 6c 20 62 65 20 74 68 65 20 6e 65 78 74 2d 68 6f 70 20 69 6e 74 65 72 66 61 63 65 20 77 68 65	ll.be.the.next-hop.interface.whe
24820	72 65 20 74 72 61 66 66 69 63 20 69 73 20 72 6f 75 74 65 64 20 66 6f 72 20 74 68 65 20 67 69 76	re.traffic.is.routed.for.the.giv
24840	65 6e 20 60 3c 73 75 62 6e 65 74 3e 60 2e 00 41 6c 72 65 61 64 79 20 6c 65 61 72 6e 65 64 20 6b	en.`<subnet>`..Already.learned.k
24860	6e 6f 77 6e 5f 68 6f 73 74 73 20 66 69 6c 65 73 20 6f 66 20 63 6c 69 65 6e 74 73 20 6e 65 65 64	nown_hosts.files.of.clients.need
24880	20 61 6e 20 75 70 64 61 74 65 20 61 73 20 74 68 65 20 70 75 62 6c 69 63 20 6b 65 79 20 77 69 6c	.an.update.as.the.public.key.wil
248a0	6c 20 63 68 61 6e 67 65 2e 00 41 6c 73 6f 2c 20 2a 2a 64 65 66 61 75 6c 74 2d 61 63 74 69 6f 6e	l.change..Also,.**default-action
248c0	2a 2a 20 69 73 20 61 6e 20 61 63 74 69 6f 6e 20 74 68 61 74 20 74 61 6b 65 73 20 70 6c 61 63 65	**.is.an.action.that.takes.place
248e0	20 77 68 65 6e 65 76 65 72 20 61 20 70 61 63 6b 65 74 20 64 6f 65 73 20 6e 6f 74 20 6d 61 74 63	.whenever.a.packet.does.not.matc
24900	68 20 61 6e 79 20 72 75 6c 65 20 69 6e 20 69 74 27 73 20 63 68 61 69 6e 2e 20 46 6f 72 20 62 61	h.any.rule.in.it's.chain..For.ba
24920	73 65 20 63 68 61 69 6e 73 2c 20 70 6f 73 73 69 62 6c 65 20 6f 70 74 69 6f 6e 73 20 66 6f 72 20	se.chains,.possible.options.for.
24940	2a 2a 64 65 66 61 75 6c 74 2d 61 63 74 69 6f 6e 2a 2a 20 61 72 65 20 2a 2a 61 63 63 65 70 74 2a	**default-action**.are.**accept*
24960	2a 20 6f 72 20 2a 2a 64 72 6f 70 2a 2a 2e 00 41 6c 73 6f 2c 20 66 6f 72 20 62 61 63 6b 77 61 72	*.or.**drop**..Also,.for.backwar
24980	64 73 20 63 6f 6d 70 61 74 69 62 69 6c 69 74 79 20 74 68 69 73 20 63 6f 6e 66 69 67 75 72 61 74	ds.compatibility.this.configurat
249a0	69 6f 6e 2c 20 77 68 69 63 68 20 75 73 65 73 20 67 65 6e 65 72 69 63 20 69 6e 74 65 72 66 61 63	ion,.which.uses.generic.interfac
249c0	65 20 64 65 66 69 6e 69 74 69 6f 6e 2c 20 69 73 20 73 74 69 6c 6c 20 76 61 6c 69 64 3a 00 41 6c	e.definition,.is.still.valid:.Al
249e0	73 6f 2c 20 66 6f 72 20 74 68 6f 73 65 20 77 68 6f 20 68 61 76 65 6e 27 74 20 75 70 64 61 74 65	so,.for.those.who.haven't.update
24a00	64 20 74 6f 20 6e 65 77 65 72 20 76 65 72 73 69 6f 6e 2c 20 6c 65 67 61 63 79 20 64 6f 63 75 6d	d.to.newer.version,.legacy.docum
24a20	65 6e 74 61 74 69 6f 6e 20 69 73 20 73 74 69 6c 6c 20 70 72 65 73 65 6e 74 20 61 6e 64 20 76 61	entation.is.still.present.and.va
24a40	6c 69 64 20 66 6f 72 20 61 6c 6c 20 73 61 67 69 74 74 61 20 76 65 72 73 69 6f 6e 20 70 72 69 6f	lid.for.all.sagitta.version.prio
24a60	72 20 74 6f 20 56 79 4f 53 20 31 2e 34 2d 72 6f 6c 6c 69 6e 67 2d 32 30 32 33 30 38 30 34 30 35	r.to.VyOS.1.4-rolling-2023080405
24a80	35 37 3a 00 41 6c 73 6f 2c 20 69 6e 20 3a 72 65 66 3a 60 64 65 73 74 69 6e 61 74 69 6f 6e 2d 6e	57:.Also,.in.:ref:`destination-n
24aa0	61 74 60 2c 20 72 65 64 69 72 65 63 74 69 6f 6e 20 74 6f 20 6c 6f 63 61 6c 68 6f 73 74 20 69 73	at`,.redirection.to.localhost.is
24ac0	20 73 75 70 70 6f 72 74 65 64 2e 20 54 68 65 20 72 65 64 69 72 65 63 74 20 73 74 61 74 65 6d 65	.supported..The.redirect.stateme
24ae0	6e 74 20 69 73 20 61 20 73 70 65 63 69 61 6c 20 66 6f 72 6d 20 6f 66 20 64 6e 61 74 20 77 68 69	nt.is.a.special.form.of.dnat.whi
24b00	63 68 20 61 6c 77 61 79 73 20 74 72 61 6e 73 6c 61 74 65 73 20 74 68 65 20 64 65 73 74 69 6e 61	ch.always.translates.the.destina
24b20	74 69 6f 6e 20 61 64 64 72 65 73 73 20 74 6f 20 74 68 65 20 6c 6f 63 61 6c 20 68 6f 73 74 e2 80	tion.address.to.the.local.host..
24b40	99 73 20 6f 6e 65 2e 00 41 6c 74 65 72 6e 61 74 65 20 52 6f 75 74 69 6e 67 20 54 61 62 6c 65 73	.s.one..Alternate.Routing.Tables
24b60	00 41 6c 74 65 72 6e 61 74 65 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 73 20 61 72 65 20 75 73	.Alternate.routing.tables.are.us
24b80	65 64 20 77 69 74 68 20 70 6f 6c 69 63 79 20 62 61 73 65 64 20 72 6f 75 74 69 6e 67 20 62 79 20	ed.with.policy.based.routing.by.
24ba0	75 74 69 6c 69 7a 69 6e 67 20 3a 72 65 66 3a 60 76 72 66 60 2e 00 41 6c 74 65 72 6e 61 74 69 76	utilizing.:ref:`vrf`..Alternativ
24bc0	65 20 74 6f 20 6d 75 6c 74 69 63 61 73 74 2c 20 74 68 65 20 72 65 6d 6f 74 65 20 49 50 76 34 20	e.to.multicast,.the.remote.IPv4.
24be0	61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 56 58 4c 41 4e 20 74 75 6e 6e 65 6c 20 63 61 6e 20	address.of.the.VXLAN.tunnel.can.
24c00	62 65 20 73 65 74 20 64 69 72 65 63 74 6c 79 2e 20 4c 65 74 27 73 20 63 68 61 6e 67 65 20 74 68	be.set.directly..Let's.change.th
24c20	65 20 4d 75 6c 74 69 63 61 73 74 20 65 78 61 6d 70 6c 65 20 66 72 6f 6d 20 61 62 6f 76 65 3a 00	e.Multicast.example.from.above:.
24c40	41 6c 77 61 79 73 20 65 78 63 6c 75 64 65 20 74 68 69 73 20 61 64 64 72 65 73 73 20 66 72 6f 6d	Always.exclude.this.address.from
24c60	20 61 6e 79 20 64 65 66 69 6e 65 64 20 72 61 6e 67 65 2e 20 54 68 69 73 20 61 64 64 72 65 73 73	.any.defined.range..This.address
24c80	20 77 69 6c 6c 20 6e 65 76 65 72 20 62 65 20 61 73 73 69 67 6e 65 64 20 62 79 20 74 68 65 20 44	.will.never.be.assigned.by.the.D
24ca0	48 43 50 20 73 65 72 76 65 72 2e 00 41 6e 20 2a 2a 69 6e 74 65 72 66 61 63 65 20 67 72 6f 75 70	HCP.server..An.**interface.group
24cc0	2a 2a 20 72 65 70 72 65 73 65 6e 74 73 20 61 20 63 6f 6c 6c 65 63 74 69 6f 6e 20 6f 66 20 69 6e	**.represents.a.collection.of.in
24ce0	74 65 72 66 61 63 65 73 2e 00 41 6e 20 41 53 20 69 73 20 61 20 63 6f 6e 6e 65 63 74 65 64 20 67	terfaces..An.AS.is.a.connected.g
24d00	72 6f 75 70 20 6f 66 20 6f 6e 65 20 6f 72 20 6d 6f 72 65 20 49 50 20 70 72 65 66 69 78 65 73 20	roup.of.one.or.more.IP.prefixes.
24d20	72 75 6e 20 62 79 20 6f 6e 65 20 6f 72 20 6d 6f 72 65 20 6e 65 74 77 6f 72 6b 20 6f 70 65 72 61	run.by.one.or.more.network.opera
24d40	74 6f 72 73 20 77 68 69 63 68 20 68 61 73 20 61 20 53 49 4e 47 4c 45 20 61 6e 64 20 43 4c 45 41	tors.which.has.a.SINGLE.and.CLEA
24d60	52 4c 59 20 44 45 46 49 4e 45 44 20 72 6f 75 74 69 6e 67 20 70 6f 6c 69 63 79 2e 00 41 6e 20 49	RLY.DEFINED.routing.policy..An.I
24d80	50 76 34 20 54 43 50 20 66 69 6c 74 65 72 20 77 69 6c 6c 20 6f 6e 6c 79 20 6d 61 74 63 68 20 70	Pv4.TCP.filter.will.only.match.p
24da0	61 63 6b 65 74 73 20 77 69 74 68 20 61 6e 20 49 50 76 34 20 68 65 61 64 65 72 20 6c 65 6e 67 74	ackets.with.an.IPv4.header.lengt
24dc0	68 20 6f 66 20 32 30 20 62 79 74 65 73 20 28 77 68 69 63 68 20 69 73 20 74 68 65 20 6d 61 6a 6f	h.of.20.bytes.(which.is.the.majo
24de0	72 69 74 79 20 6f 66 20 49 50 76 34 20 70 61 63 6b 65 74 73 20 61 6e 79 77 61 79 29 2e 00 41 6e	rity.of.IPv4.packets.anyway)..An
24e00	20 53 4e 4d 50 2d 6d 61 6e 61 67 65 64 20 6e 65 74 77 6f 72 6b 20 63 6f 6e 73 69 73 74 73 20 6f	.SNMP-managed.network.consists.o
24e20	66 20 74 68 72 65 65 20 6b 65 79 20 63 6f 6d 70 6f 6e 65 6e 74 73 3a 00 41 6e 20 60 3c 69 6e 74	f.three.key.components:.An.`<int
24e40	65 72 66 61 63 65 3e 60 20 73 70 65 63 69 66 79 69 6e 67 20 77 68 69 63 68 20 73 6c 61 76 65 20	erface>`.specifying.which.slave.
24e60	69 73 20 74 68 65 20 70 72 69 6d 61 72 79 20 64 65 76 69 63 65 2e 20 54 68 65 20 73 70 65 63 69	is.the.primary.device..The.speci
24e80	66 69 65 64 20 64 65 76 69 63 65 20 77 69 6c 6c 20 61 6c 77 61 79 73 20 62 65 20 74 68 65 20 61	fied.device.will.always.be.the.a
24ea0	63 74 69 76 65 20 73 6c 61 76 65 20 77 68 69 6c 65 20 69 74 20 69 73 20 61 76 61 69 6c 61 62 6c	ctive.slave.while.it.is.availabl
24ec0	65 2e 20 4f 6e 6c 79 20 77 68 65 6e 20 74 68 65 20 70 72 69 6d 61 72 79 20 69 73 20 6f 66 66 2d	e..Only.when.the.primary.is.off-
24ee0	6c 69 6e 65 20 77 69 6c 6c 20 61 6c 74 65 72 6e 61 74 65 20 64 65 76 69 63 65 73 20 62 65 20 75	line.will.alternate.devices.be.u
24f00	73 65 64 2e 20 54 68 69 73 20 69 73 20 75 73 65 66 75 6c 20 77 68 65 6e 20 6f 6e 65 20 73 6c 61	sed..This.is.useful.when.one.sla
24f20	76 65 20 69 73 20 70 72 65 66 65 72 72 65 64 20 6f 76 65 72 20 61 6e 6f 74 68 65 72 2c 20 65 2e	ve.is.preferred.over.another,.e.
24f40	67 2e 2c 20 77 68 65 6e 20 6f 6e 65 20 73 6c 61 76 65 20 68 61 73 20 68 69 67 68 65 72 20 74 68	g.,.when.one.slave.has.higher.th
24f60	72 6f 75 67 68 70 75 74 20 74 68 61 6e 20 61 6e 6f 74 68 65 72 2e 00 41 6e 20 61 64 64 69 74 69	roughput.than.another..An.additi
24f80	6f 6e 61 6c 20 6c 61 79 65 72 20 6f 66 20 73 79 6d 6d 65 74 72 69 63 2d 6b 65 79 20 63 72 79 70	onal.layer.of.symmetric-key.cryp
24fa0	74 6f 20 63 61 6e 20 62 65 20 75 73 65 64 20 6f 6e 20 74 6f 70 20 6f 66 20 74 68 65 20 61 73 79	to.can.be.used.on.top.of.the.asy
24fc0	6d 6d 65 74 72 69 63 20 63 72 79 70 74 6f 2e 00 41 6e 20 61 64 64 69 74 69 6f 6e 61 6c 20 6c 61	mmetric.crypto..An.additional.la
24fe0	79 65 72 20 6f 66 20 73 79 6d 6d 65 74 72 69 63 2d 6b 65 79 20 63 72 79 70 74 6f 20 63 61 6e 20	yer.of.symmetric-key.crypto.can.
25000	62 65 20 75 73 65 64 20 6f 6e 20 74 6f 70 20 6f 66 20 74 68 65 20 61 73 79 6d 6d 65 74 72 69 63	be.used.on.top.of.the.asymmetric
25020	20 63 72 79 70 74 6f 2e 20 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 61 75 74 6f 6d 61 74 69 63 61	.crypto..This.command.automatica
25040	6c 6c 79 20 63 72 65 61 74 65 73 20 66 6f 72 20 79 6f 75 20 74 68 65 20 72 65 71 75 69 72 65 64	lly.creates.for.you.the.required
25060	20 43 4c 49 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 69 6e 73 74 61 6c 6c 20 74 68 69 73 20 50 53 4b	.CLI.command.to.install.this.PSK
25080	20 66 6f 72 20 61 20 67 69 76 65 6e 20 70 65 65 72 2e 00 41 6e 20 61 64 64 69 74 69 6f 6e 61 6c	.for.a.given.peer..An.additional
250a0	20 6c 61 79 65 72 20 6f 66 20 73 79 6d 6d 65 74 72 69 63 2d 6b 65 79 20 63 72 79 70 74 6f 20 63	.layer.of.symmetric-key.crypto.c
250c0	61 6e 20 62 65 20 75 73 65 64 20 6f 6e 20 74 6f 70 20 6f 66 20 74 68 65 20 61 73 79 6d 6d 65 74	an.be.used.on.top.of.the.asymmet
250e0	72 69 63 20 63 72 79 70 74 6f 2e 20 54 68 69 73 20 69 73 20 6f 70 74 69 6f 6e 61 6c 2e 00 41 6e	ric.crypto..This.is.optional..An
25100	20 61 64 76 61 6e 74 61 67 65 20 6f 66 20 74 68 69 73 20 73 63 68 65 6d 65 20 69 73 20 74 68 61	.advantage.of.this.scheme.is.tha
25120	74 20 79 6f 75 20 67 65 74 20 61 20 72 65 61 6c 20 69 6e 74 65 72 66 61 63 65 20 77 69 74 68 20	t.you.get.a.real.interface.with.
25140	69 74 73 20 6f 77 6e 20 61 64 64 72 65 73 73 2c 20 77 68 69 63 68 20 6d 61 6b 65 73 20 69 74 20	its.own.address,.which.makes.it.
25160	65 61 73 69 65 72 20 74 6f 20 73 65 74 75 70 20 73 74 61 74 69 63 20 72 6f 75 74 65 73 20 6f 72	easier.to.setup.static.routes.or
25180	20 75 73 65 20 64 79 6e 61 6d 69 63 20 72 6f 75 74 69 6e 67 20 70 72 6f 74 6f 63 6f 6c 73 20 77	.use.dynamic.routing.protocols.w
251a0	69 74 68 6f 75 74 20 68 61 76 69 6e 67 20 74 6f 20 6d 6f 64 69 66 79 20 49 50 73 65 63 20 70 6f	ithout.having.to.modify.IPsec.po
251c0	6c 69 63 69 65 73 2e 20 54 68 65 20 6f 74 68 65 72 20 61 64 76 61 6e 74 61 67 65 20 69 73 20 74	licies..The.other.advantage.is.t
251e0	68 61 74 20 69 74 20 67 72 65 61 74 6c 79 20 73 69 6d 70 6c 69 66 69 65 73 20 72 6f 75 74 65 72	hat.it.greatly.simplifies.router
25200	20 74 6f 20 72 6f 75 74 65 72 20 63 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 2c 20 77 68 69 63 68 20	.to.router.communication,.which.
25220	63 61 6e 20 62 65 20 74 72 69 63 6b 79 20 77 69 74 68 20 70 6c 61 69 6e 20 49 50 73 65 63 20 62	can.be.tricky.with.plain.IPsec.b
25240	65 63 61 75 73 65 20 74 68 65 20 65 78 74 65 72 6e 61 6c 20 6f 75 74 67 6f 69 6e 67 20 61 64 64	ecause.the.external.outgoing.add
25260	72 65 73 73 20 6f 66 20 74 68 65 20 72 6f 75 74 65 72 20 75 73 75 61 6c 6c 79 20 64 6f 65 73 6e	ress.of.the.router.usually.doesn
25280	27 74 20 6d 61 74 63 68 20 74 68 65 20 49 50 73 65 63 20 70 6f 6c 69 63 79 20 6f 66 20 74 79 70	't.match.the.IPsec.policy.of.typ
252a0	69 63 61 6c 20 73 69 74 65 2d 74 6f 2d 73 69 74 65 20 73 65 74 75 70 20 61 6e 64 20 79 6f 75 20	ical.site-to-site.setup.and.you.
252c0	6e 65 65 64 20 74 6f 20 61 64 64 20 73 70 65 63 69 61 6c 20 63 6f 6e 66 69 67 75 72 61 74 69 6f	need.to.add.special.configuratio
252e0	6e 20 66 6f 72 20 69 74 2c 20 6f 72 20 61 64 6a 75 73 74 20 74 68 65 20 73 6f 75 72 63 65 20 61	n.for.it,.or.adjust.the.source.a
25300	64 64 72 65 73 73 20 66 6f 72 20 6f 75 74 67 6f 69 6e 67 20 74 72 61 66 66 69 63 20 6f 66 20 79	ddress.for.outgoing.traffic.of.y
25320	6f 75 72 20 61 70 70 6c 69 63 61 74 69 6f 6e 73 2e 20 47 52 45 2f 49 50 73 65 63 20 68 61 73 20	our.applications..GRE/IPsec.has.
25340	6e 6f 20 73 75 63 68 20 70 72 6f 62 6c 65 6d 20 61 6e 64 20 69 73 20 63 6f 6d 70 6c 65 74 65 6c	no.such.problem.and.is.completel
25360	79 20 74 72 61 6e 73 70 61 72 65 6e 74 20 66 6f 72 20 74 68 65 20 61 70 70 6c 69 63 61 74 69 6f	y.transparent.for.the.applicatio
25380	6e 73 2e 00 41 6e 20 61 67 65 6e 74 20 69 73 20 61 20 6e 65 74 77 6f 72 6b 2d 6d 61 6e 61 67 65	ns..An.agent.is.a.network-manage
253a0	6d 65 6e 74 20 73 6f 66 74 77 61 72 65 20 6d 6f 64 75 6c 65 20 74 68 61 74 20 72 65 73 69 64 65	ment.software.module.that.reside
253c0	73 20 6f 6e 20 61 20 6d 61 6e 61 67 65 64 20 64 65 76 69 63 65 2e 20 41 6e 20 61 67 65 6e 74 20	s.on.a.managed.device..An.agent.
253e0	68 61 73 20 6c 6f 63 61 6c 20 6b 6e 6f 77 6c 65 64 67 65 20 6f 66 20 6d 61 6e 61 67 65 6d 65 6e	has.local.knowledge.of.managemen
25400	74 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 6e 64 20 74 72 61 6e 73 6c 61 74 65 73 20 74 68 61	t.information.and.translates.tha
25420	74 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74 6f 20 6f 72 20 66 72 6f 6d 20 61 6e 20 53 4e 4d 50	t.information.to.or.from.an.SNMP
25440	2d 73 70 65 63 69 66 69 63 20 66 6f 72 6d 2e 00 41 6e 20 61 6c 74 65 72 6e 61 74 65 20 63 6f 6d	-specific.form..An.alternate.com
25460	6d 61 6e 64 20 63 6f 75 6c 64 20 62 65 20 22 6d 70 6c 73 2d 74 65 20 6f 6e 22 20 28 54 72 61 66	mand.could.be."mpls-te.on".(Traf
25480	66 69 63 20 45 6e 67 69 6e 65 65 72 69 6e 67 29 00 41 6e 20 61 72 62 69 74 72 61 72 79 20 6e 65	fic.Engineering).An.arbitrary.ne
254a0	74 6d 61 73 6b 20 63 61 6e 20 62 65 20 61 70 70 6c 69 65 64 20 74 6f 20 6d 61 73 6b 20 61 64 64	tmask.can.be.applied.to.mask.add
254c0	72 65 73 73 65 73 20 74 6f 20 6f 6e 6c 79 20 6d 61 74 63 68 20 61 67 61 69 6e 73 74 20 61 20 73	resses.to.only.match.against.a.s
254e0	70 65 63 69 66 69 63 20 70 6f 72 74 69 6f 6e 2e 20 54 68 69 73 20 69 73 20 70 61 72 74 69 63 75	pecific.portion..This.is.particu
25500	6c 61 72 6c 79 20 75 73 65 66 75 6c 20 77 69 74 68 20 49 50 76 36 20 61 6e 64 20 61 20 7a 6f 6e	larly.useful.with.IPv6.and.a.zon
25520	65 2d 62 61 73 65 64 20 66 69 72 65 77 61 6c 6c 20 61 73 20 72 75 6c 65 73 20 77 69 6c 6c 20 72	e-based.firewall.as.rules.will.r
25540	65 6d 61 69 6e 20 76 61 6c 69 64 20 69 66 20 74 68 65 20 49 50 76 36 20 70 72 65 66 69 78 20 63	emain.valid.if.the.IPv6.prefix.c
25560	68 61 6e 67 65 73 20 61 6e 64 20 74 68 65 20 68 6f 73 74 20 70 6f 72 74 69 6f 6e 20 6f 66 20 73	hanges.and.the.host.portion.of.s
25580	79 73 74 65 6d 73 20 49 50 76 36 20 61 64 64 72 65 73 73 20 69 73 20 73 74 61 74 69 63 20 28 66	ystems.IPv6.address.is.static.(f
255a0	6f 72 20 65 78 61 6d 70 6c 65 2c 20 77 69 74 68 20 53 4c 41 41 43 20 6f 72 20 60 74 6f 6b 65 6e	or.example,.with.SLAAC.or.`token
255c0	69 73 65 64 20 49 50 76 36 20 61 64 64 72 65 73 73 65 73 20 3c 68 74 74 70 73 3a 2f 2f 64 61 74	ised.IPv6.addresses.<https://dat
255e0	61 74 72 61 63 6b 65 72 2e 69 65 74 66 2e 6f 72 67 2f 64 6f 63 2f 69 64 2f 64 72 61 66 74 2d 63	atracker.ietf.org/doc/id/draft-c
25600	68 6f 77 6e 2d 36 6d 61 6e 2d 74 6f 6b 65 6e 69 73 65 64 2d 69 70 76 36 2d 69 64 65 6e 74 69 66	hown-6man-tokenised-ipv6-identif
25620	69 65 72 73 2d 30 32 2e 74 78 74 3e 60 5f 29 00 41 6e 20 61 72 62 69 74 72 61 72 79 20 6e 65 74	iers-02.txt>`_).An.arbitrary.net
25640	6d 61 73 6b 20 63 61 6e 20 62 65 20 61 70 70 6c 69 65 64 20 74 6f 20 6d 61 73 6b 20 61 64 64 72	mask.can.be.applied.to.mask.addr
25660	65 73 73 65 73 20 74 6f 20 6f 6e 6c 79 20 6d 61 74 63 68 20 61 67 61 69 6e 73 74 20 61 20 73 70	esses.to.only.match.against.a.sp
25680	65 63 69 66 69 63 20 70 6f 72 74 69 6f 6e 2e 20 54 68 69 73 20 69 73 20 70 61 72 74 69 63 75 6c	ecific.portion..This.is.particul
256a0	61 72 6c 79 20 75 73 65 66 75 6c 20 77 69 74 68 20 49 50 76 36 20 61 73 20 72 75 6c 65 73 20 77	arly.useful.with.IPv6.as.rules.w
256c0	69 6c 6c 20 72 65 6d 61 69 6e 20 76 61 6c 69 64 20 69 66 20 74 68 65 20 49 50 76 36 20 70 72 65	ill.remain.valid.if.the.IPv6.pre
256e0	66 69 78 20 63 68 61 6e 67 65 73 20 61 6e 64 20 74 68 65 20 68 6f 73 74 20 70 6f 72 74 69 6f 6e	fix.changes.and.the.host.portion
25700	20 6f 66 20 73 79 73 74 65 6d 73 20 49 50 76 36 20 61 64 64 72 65 73 73 20 69 73 20 73 74 61 74	.of.systems.IPv6.address.is.stat
25720	69 63 20 28 66 6f 72 20 65 78 61 6d 70 6c 65 2c 20 77 69 74 68 20 53 4c 41 41 43 20 6f 72 20 60	ic.(for.example,.with.SLAAC.or.`
25740	74 6f 6b 65 6e 69 73 65 64 20 49 50 76 36 20 61 64 64 72 65 73 73 65 73 20 3c 68 74 74 70 73 3a	tokenised.IPv6.addresses.<https:
25760	2f 2f 64 61 74 61 74 72 61 63 6b 65 72 2e 69 65 74 66 2e 6f 72 67 2f 64 6f 63 2f 69 64 2f 64 72	//datatracker.ietf.org/doc/id/dr
25780	61 66 74 2d 63 68 6f 77 6e 2d 36 6d 61 6e 2d 74 6f 6b 65 6e 69 73 65 64 2d 69 70 76 36 2d 69 64	aft-chown-6man-tokenised-ipv6-id
257a0	65 6e 74 69 66 69 65 72 73 2d 30 32 2e 74 78 74 3e 60 5f 29 00 41 6e 20 62 61 73 69 63 20 69 6e	entifiers-02.txt>`_).An.basic.in
257c0	74 72 6f 64 75 63 74 69 6f 6e 20 74 6f 20 7a 6f 6e 65 2d 62 61 73 65 64 20 66 69 72 65 77 61 6c	troduction.to.zone-based.firewal
257e0	6c 73 20 63 61 6e 20 62 65 20 66 6f 75 6e 64 20 60 68 65 72 65 20 3c 68 74 74 70 73 3a 2f 2f 73	ls.can.be.found.`here.<https://s
25800	75 70 70 6f 72 74 2e 76 79 6f 73 2e 69 6f 2f 65 6e 2f 6b 62 2f 61 72 74 69 63 6c 65 73 2f 61 2d	upport.vyos.io/en/kb/articles/a-
25820	70 72 69 6d 65 72 2d 74 6f 2d 7a 6f 6e 65 2d 62 61 73 65 64 2d 66 69 72 65 77 61 6c 6c 3e 60 5f	primer-to-zone-based-firewall>`_
25840	2c 20 61 6e 64 20 61 6e 20 65 78 61 6d 70 6c 65 20 61 74 20 3a 72 65 66 3a 60 65 78 61 6d 70 6c	,.and.an.example.at.:ref:`exampl
25860	65 73 2d 7a 6f 6e 65 2d 70 6f 6c 69 63 79 60 2e 00 41 6e 20 65 78 61 6d 70 6c 65 20 6f 66 20 61	es-zone-policy`..An.example.of.a
25880	20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 74 68 61 74 20 73 65 6e 64 73 20 60 60 74 65 6c 65	.configuration.that.sends.``tele
258a0	67 72 61 66 60 60 20 6d 65 74 72 69 63 73 20 74 6f 20 72 65 6d 6f 74 65 20 60 60 49 6e 66 6c 75	graf``.metrics.to.remote.``Influ
258c0	78 44 42 20 32 60 60 00 41 6e 20 65 78 61 6d 70 6c 65 20 6f 66 20 63 72 65 61 74 69 6e 67 20 61	xDB.2``.An.example.of.creating.a
258e0	20 56 4c 41 4e 2d 61 77 61 72 65 20 62 72 69 64 67 65 20 69 73 20 61 73 20 66 6f 6c 6c 6f 77 73	.VLAN-aware.bridge.is.as.follows
25900	3a 00 41 6e 20 65 78 61 6d 70 6c 65 20 6f 66 20 6b 65 79 20 67 65 6e 65 72 61 74 69 6f 6e 3a 00	:.An.example.of.key.generation:.
25920	41 6e 20 65 78 61 6d 70 6c 65 20 6f 66 20 74 68 65 20 64 61 74 61 20 63 61 70 74 75 72 65 64 20	An.example.of.the.data.captured.
25940	62 79 20 61 20 46 52 45 45 52 41 44 49 55 53 20 73 65 72 76 65 72 20 77 69 74 68 20 73 71 6c 20	by.a.FREERADIUS.server.with.sql.
25960	61 63 63 6f 75 6e 74 69 6e 67 3a 00 41 6e 20 65 78 61 6d 70 6c 65 3a 00 41 6e 20 6f 70 74 69 6f	accounting:.An.example:.An.optio
25980	6e 20 74 68 61 74 20 74 61 6b 65 73 20 61 20 71 75 6f 74 65 64 20 73 74 72 69 6e 67 20 69 73 20	n.that.takes.a.quoted.string.is.
259a0	73 65 74 20 62 79 20 72 65 70 6c 61 63 69 6e 67 20 61 6c 6c 20 71 75 6f 74 65 20 63 68 61 72 61	set.by.replacing.all.quote.chara
259c0	63 74 65 72 73 20 77 69 74 68 20 74 68 65 20 73 74 72 69 6e 67 20 60 60 26 71 75 6f 74 3b 60 60	cters.with.the.string.``&quot;``
259e0	20 69 6e 73 69 64 65 20 74 68 65 20 73 74 61 74 69 63 2d 6d 61 70 70 69 6e 67 2d 70 61 72 61 6d	.inside.the.static-mapping-param
25a00	65 74 65 72 73 20 76 61 6c 75 65 2e 20 54 68 65 20 72 65 73 75 6c 74 69 6e 67 20 6c 69 6e 65 20	eters.value..The.resulting.line.
25a20	69 6e 20 64 68 63 70 64 2e 63 6f 6e 66 20 77 69 6c 6c 20 62 65 20 60 60 6f 70 74 69 6f 6e 20 70	in.dhcpd.conf.will.be.``option.p
25a40	78 65 6c 69 6e 75 78 2e 63 6f 6e 66 69 67 66 69 6c 65 20 22 70 78 65 6c 69 6e 75 78 2e 63 66 67	xelinux.configfile."pxelinux.cfg
25a60	2f 30 31 2d 30 30 2d 31 35 2d 31 37 2d 34 34 2d 32 64 2d 61 61 22 3b 60 60 2e 00 41 6e 64 20 66	/01-00-15-17-44-2d-aa";``..And.f
25a80	6f 72 20 69 70 76 36 3a 00 41 6e 64 20 74 68 65 20 64 69 66 66 65 72 65 6e 74 20 49 50 76 34 20	or.ipv6:.And.the.different.IPv4.
25aa0	2a 2a 72 65 73 65 74 2a 2a 20 63 6f 6d 6d 61 6e 64 73 20 61 76 61 69 6c 61 62 6c 65 3a 00 41 6e	**reset**.commands.available:.An
25ac0	64 20 74 68 65 6e 20 68 61 73 68 20 69 73 20 72 65 64 75 63 65 64 20 6d 6f 64 75 6c 6f 20 73 6c	d.then.hash.is.reduced.modulo.sl
25ae0	61 76 65 20 63 6f 75 6e 74 2e 00 41 6e 6f 74 68 65 72 20 74 65 72 6d 20 6f 66 74 65 6e 20 75 73	ave.count..Another.term.often.us
25b00	65 64 20 66 6f 72 20 44 4e 41 54 20 69 73 20 2a 2a 31 2d 74 6f 2d 31 20 4e 41 54 2a 2a 2e 20 46	ed.for.DNAT.is.**1-to-1.NAT**..F
25b20	6f 72 20 61 20 31 2d 74 6f 2d 31 20 4e 41 54 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2c 20 62	or.a.1-to-1.NAT.configuration,.b
25b40	6f 74 68 20 44 4e 41 54 20 61 6e 64 20 53 4e 41 54 20 61 72 65 20 75 73 65 64 20 74 6f 20 4e 41	oth.DNAT.and.SNAT.are.used.to.NA
25b60	54 20 61 6c 6c 20 74 72 61 66 66 69 63 20 66 72 6f 6d 20 61 6e 20 65 78 74 65 72 6e 61 6c 20 49	T.all.traffic.from.an.external.I
25b80	50 20 61 64 64 72 65 73 73 20 74 6f 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 49 50 20 61 64 64 72	P.address.to.an.internal.IP.addr
25ba0	65 73 73 20 61 6e 64 20 76 69 63 65 2d 76 65 72 73 61 2e 00 41 6e 6f 74 68 65 72 20 74 68 69 6e	ess.and.vice-versa..Another.thin
25bc0	67 20 74 6f 20 6b 65 65 70 20 69 6e 20 6d 69 6e 64 20 77 69 74 68 20 4c 44 50 20 69 73 20 74 68	g.to.keep.in.mind.with.LDP.is.th
25be0	61 74 20 6d 75 63 68 20 6c 69 6b 65 20 42 47 50 2c 20 69 74 20 69 73 20 61 20 70 72 6f 74 6f 63	at.much.like.BGP,.it.is.a.protoc
25c00	6f 6c 20 74 68 61 74 20 72 75 6e 73 20 6f 6e 20 74 6f 70 20 6f 66 20 54 43 50 2e 20 49 74 20 68	ol.that.runs.on.top.of.TCP..It.h
25c20	6f 77 65 76 65 72 20 64 6f 65 73 20 6e 6f 74 20 68 61 76 65 20 61 6e 20 61 62 69 6c 69 74 79 20	owever.does.not.have.an.ability.
25c40	74 6f 20 64 6f 20 73 6f 6d 65 74 68 69 6e 67 20 6c 69 6b 65 20 61 20 72 65 66 72 65 73 68 20 63	to.do.something.like.a.refresh.c
25c60	61 70 61 62 69 6c 69 74 79 20 6c 69 6b 65 20 42 47 50 73 20 72 6f 75 74 65 20 72 65 66 72 65 73	apability.like.BGPs.route.refres
25c80	68 20 63 61 70 61 62 69 6c 69 74 79 2e 20 54 68 65 72 65 66 6f 72 65 20 6f 6e 65 20 6d 69 67 68	h.capability..Therefore.one.migh
25ca0	74 20 68 61 76 65 20 74 6f 20 72 65 73 65 74 20 74 68 65 20 6e 65 69 67 68 62 6f 72 20 66 6f 72	t.have.to.reset.the.neighbor.for
25cc0	20 61 20 63 61 70 61 62 69 6c 69 74 79 20 63 68 61 6e 67 65 20 6f 72 20 61 20 63 6f 6e 66 69 67	.a.capability.change.or.a.config
25ce0	75 72 61 74 69 6f 6e 20 63 68 61 6e 67 65 20 74 6f 20 77 6f 72 6b 2e 00 41 70 70 6c 79 20 61 20	uration.change.to.work..Apply.a.
25d00	72 6f 75 74 65 2d 6d 61 70 20 66 69 6c 74 65 72 20 74 6f 20 72 6f 75 74 65 73 20 66 6f 72 20 74	route-map.filter.to.routes.for.t
25d20	68 65 20 73 70 65 63 69 66 69 65 64 20 70 72 6f 74 6f 63 6f 6c 2e 00 41 70 70 6c 79 20 61 20 72	he.specified.protocol..Apply.a.r
25d40	6f 75 74 65 2d 6d 61 70 20 66 69 6c 74 65 72 20 74 6f 20 72 6f 75 74 65 73 20 66 6f 72 20 74 68	oute-map.filter.to.routes.for.th
25d60	65 20 73 70 65 63 69 66 69 65 64 20 70 72 6f 74 6f 63 6f 6c 2e 20 54 68 65 20 66 6f 6c 6c 6f 77	e.specified.protocol..The.follow
25d80	69 6e 67 20 70 72 6f 74 6f 63 6f 6c 73 20 63 61 6e 20 62 65 20 75 73 65 64 3a 20 61 6e 79 2c 20	ing.protocols.can.be.used:.any,.
25da0	62 61 62 65 6c 2c 20 62 67 70 2c 20 63 6f 6e 6e 65 63 74 65 64 2c 20 65 69 67 72 70 2c 20 69 73	babel,.bgp,.connected,.eigrp,.is
25dc0	69 73 2c 20 6b 65 72 6e 65 6c 2c 20 6f 73 70 66 2c 20 72 69 70 2c 20 73 74 61 74 69 63 2c 20 74	is,.kernel,.ospf,.rip,.static,.t
25de0	61 62 6c 65 00 41 70 70 6c 79 20 61 20 72 6f 75 74 65 2d 6d 61 70 20 66 69 6c 74 65 72 20 74 6f	able.Apply.a.route-map.filter.to
25e00	20 72 6f 75 74 65 73 20 66 6f 72 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 70 72 6f 74 6f 63	.routes.for.the.specified.protoc
25e20	6f 6c 2e 20 54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 70 72 6f 74 6f 63 6f 6c 73 20 63 61 6e 20	ol..The.following.protocols.can.
25e40	62 65 20 75 73 65 64 3a 20 61 6e 79 2c 20 62 61 62 65 6c 2c 20 62 67 70 2c 20 63 6f 6e 6e 65 63	be.used:.any,.babel,.bgp,.connec
25e60	74 65 64 2c 20 69 73 69 73 2c 20 6b 65 72 6e 65 6c 2c 20 6f 73 70 66 76 33 2c 20 72 69 70 6e 67	ted,.isis,.kernel,.ospfv3,.ripng
25e80	2c 20 73 74 61 74 69 63 2c 20 74 61 62 6c 65 00 41 70 70 6c 79 20 72 6f 75 74 69 6e 67 20 70 6f	,.static,.table.Apply.routing.po
25ea0	6c 69 63 79 20 74 6f 20 2a 2a 69 6e 62 6f 75 6e 64 2a 2a 20 64 69 72 65 63 74 69 6f 6e 20 6f 66	licy.to.**inbound**.direction.of
25ec0	20 6f 75 74 20 56 4c 41 4e 20 69 6e 74 65 72 66 61 63 65 73 00 41 70 70 6c 79 69 6e 67 20 61 20	.out.VLAN.interfaces.Applying.a.
25ee0	52 75 6c 65 2d 53 65 74 20 74 6f 20 61 20 5a 6f 6e 65 00 41 70 70 6c 79 69 6e 67 20 61 20 52 75	Rule-Set.to.a.Zone.Applying.a.Ru
25f00	6c 65 2d 53 65 74 20 74 6f 20 61 6e 20 49 6e 74 65 72 66 61 63 65 00 41 70 70 6c 79 69 6e 67 20	le-Set.to.an.Interface.Applying.
25f20	61 20 74 72 61 66 66 69 63 20 70 6f 6c 69 63 79 00 41 72 65 61 20 43 6f 6e 66 69 67 75 72 61 74	a.traffic.policy.Area.Configurat
25f40	69 6f 6e 00 41 72 65 61 20 69 64 65 6e 74 69 66 69 65 72 3a 20 60 60 30 30 30 31 60 60 20 49 53	ion.Area.identifier:.``0001``.IS
25f60	2d 49 53 20 61 72 65 61 20 6e 75 6d 62 65 72 20 28 6e 75 6d 62 65 72 69 63 61 6c 20 61 72 65 61	-IS.area.number.(numberical.area
25f80	20 60 60 31 60 60 29 00 41 72 67 75 6d 65 6e 74 73 20 77 68 69 63 68 20 77 69 6c 6c 20 62 65 20	.``1``).Arguments.which.will.be.
25fa0	70 61 73 73 65 64 20 74 6f 20 74 68 65 20 65 78 65 63 75 74 61 62 6c 65 2e 00 41 72 69 73 74 61	passed.to.the.executable..Arista
25fc0	20 45 4f 53 00 41 72 75 62 61 2f 48 50 00 41 73 20 49 6e 74 65 72 6e 65 74 20 77 69 64 65 20 50	.EOS.Aruba/HP.As.Internet.wide.P
25fe0	4d 54 55 20 64 69 73 63 6f 76 65 72 79 20 72 61 72 65 6c 79 20 77 6f 72 6b 73 2c 20 77 65 20 73	MTU.discovery.rarely.works,.we.s
26000	6f 6d 65 74 69 6d 65 73 20 6e 65 65 64 20 74 6f 20 63 6c 61 6d 70 20 6f 75 72 20 54 43 50 20 4d	ometimes.need.to.clamp.our.TCP.M
26020	53 53 20 76 61 6c 75 65 20 74 6f 20 61 20 73 70 65 63 69 66 69 63 20 76 61 6c 75 65 2e 20 54 68	SS.value.to.a.specific.value..Th
26040	69 73 20 69 73 20 61 20 66 69 65 6c 64 20 69 6e 20 74 68 65 20 54 43 50 20 6f 70 74 69 6f 6e 73	is.is.a.field.in.the.TCP.options
26060	20 70 61 72 74 20 6f 66 20 61 20 53 59 4e 20 70 61 63 6b 65 74 2e 20 42 79 20 73 65 74 74 69 6e	.part.of.a.SYN.packet..By.settin
26080	67 20 74 68 65 20 4d 53 53 20 76 61 6c 75 65 2c 20 79 6f 75 20 61 72 65 20 74 65 6c 6c 69 6e 67	g.the.MSS.value,.you.are.telling
260a0	20 74 68 65 20 72 65 6d 6f 74 65 20 73 69 64 65 20 75 6e 65 71 75 69 76 6f 63 61 6c 6c 79 20 27	.the.remote.side.unequivocally.'
260c0	64 6f 20 6e 6f 74 20 74 72 79 20 74 6f 20 73 65 6e 64 20 6d 65 20 70 61 63 6b 65 74 73 20 62 69	do.not.try.to.send.me.packets.bi
260e0	67 67 65 72 20 74 68 61 6e 20 74 68 69 73 20 76 61 6c 75 65 27 2e 00 41 73 20 53 53 54 50 20 70	gger.than.this.value'..As.SSTP.p
26100	72 6f 76 69 64 65 73 20 50 50 50 20 76 69 61 20 61 20 53 53 4c 2f 54 4c 53 20 63 68 61 6e 6e 65	rovides.PPP.via.a.SSL/TLS.channe
26120	6c 20 74 68 65 20 75 73 65 20 6f 66 20 65 69 74 68 65 72 20 70 75 62 6c 69 63 61 6c 6c 79 20 73	l.the.use.of.either.publically.s
26140	69 67 6e 65 64 20 63 65 72 74 69 66 69 63 61 74 65 73 20 61 73 20 77 65 6c 6c 20 61 73 20 61 20	igned.certificates.as.well.as.a.
26160	70 72 69 76 61 74 65 20 50 4b 49 20 69 73 20 72 65 71 75 69 72 65 64 2e 00 41 73 20 56 79 4f 53	private.PKI.is.required..As.VyOS
26180	20 69 73 20 4c 69 6e 75 78 20 62 61 73 65 64 20 74 68 65 20 64 65 66 61 75 6c 74 20 70 6f 72 74	.is.Linux.based.the.default.port
261a0	20 75 73 65 64 20 69 73 20 6e 6f 74 20 75 73 69 6e 67 20 34 37 38 39 20 61 73 20 74 68 65 20 64	.used.is.not.using.4789.as.the.d
261c0	65 66 61 75 6c 74 20 49 41 4e 41 2d 61 73 73 69 67 6e 65 64 20 64 65 73 74 69 6e 61 74 69 6f 6e	efault.IANA-assigned.destination
261e0	20 55 44 50 20 70 6f 72 74 20 6e 75 6d 62 65 72 2e 20 49 6e 73 74 65 61 64 20 56 79 4f 53 20 75	.UDP.port.number..Instead.VyOS.u
26200	73 65 73 20 74 68 65 20 4c 69 6e 75 78 20 64 65 66 61 75 6c 74 20 70 6f 72 74 20 6f 66 20 38 34	ses.the.Linux.default.port.of.84
26220	37 32 2e 00 41 73 20 56 79 4f 53 20 69 73 20 62 61 73 65 64 20 6f 6e 20 4c 69 6e 75 78 20 61 6e	72..As.VyOS.is.based.on.Linux.an
26240	64 20 74 68 65 72 65 20 77 61 73 20 6e 6f 20 6f 66 66 69 63 69 61 6c 20 49 41 4e 41 20 70 6f 72	d.there.was.no.official.IANA.por
26260	74 20 61 73 73 69 67 6e 65 64 20 66 6f 72 20 56 58 4c 41 4e 2c 20 56 79 4f 53 20 75 73 65 73 20	t.assigned.for.VXLAN,.VyOS.uses.
26280	61 20 64 65 66 61 75 6c 74 20 70 6f 72 74 20 6f 66 20 38 34 37 32 2e 20 59 6f 75 20 63 61 6e 20	a.default.port.of.8472..You.can.
262a0	63 68 61 6e 67 65 20 74 68 65 20 70 6f 72 74 20 6f 6e 20 61 20 70 65 72 20 56 58 4c 41 4e 20 69	change.the.port.on.a.per.VXLAN.i
262c0	6e 74 65 72 66 61 63 65 20 62 61 73 69 73 20 74 6f 20 67 65 74 20 69 74 20 77 6f 72 6b 69 6e 67	nterface.basis.to.get.it.working
262e0	20 61 63 72 6f 73 73 20 6d 75 6c 74 69 70 6c 65 20 76 65 6e 64 6f 72 73 2e 00 41 73 20 56 79 4f	.across.multiple.vendors..As.VyO
26300	53 20 6d 61 6b 65 73 20 75 73 65 20 6f 66 20 74 68 65 20 51 4d 49 20 69 6e 74 65 72 66 61 63 65	S.makes.use.of.the.QMI.interface
26320	20 74 6f 20 63 6f 6e 6e 65 63 74 20 74 6f 20 74 68 65 20 57 57 41 4e 20 6d 6f 64 65 6d 20 63 61	.to.connect.to.the.WWAN.modem.ca
26340	72 64 73 2c 20 61 6c 73 6f 20 74 68 65 20 66 69 72 6d 77 61 72 65 20 63 61 6e 20 62 65 20 72 65	rds,.also.the.firmware.can.be.re
26360	70 72 6f 67 72 61 6d 6d 65 64 2e 00 41 73 20 61 20 72 65 66 65 72 65 6e 63 65 3a 20 66 6f 72 20	programmed..As.a.reference:.for.
26380	31 30 6d 62 69 74 2f 73 20 6f 6e 20 49 6e 74 65 6c 2c 20 79 6f 75 20 6d 69 67 68 74 20 6e 65 65	10mbit/s.on.Intel,.you.might.nee
263a0	64 20 61 74 20 6c 65 61 73 74 20 31 30 6b 62 79 74 65 20 62 75 66 66 65 72 20 69 66 20 79 6f 75	d.at.least.10kbyte.buffer.if.you
263c0	20 77 61 6e 74 20 74 6f 20 72 65 61 63 68 20 79 6f 75 72 20 63 6f 6e 66 69 67 75 72 65 64 20 72	.want.to.reach.your.configured.r
263e0	61 74 65 2e 00 41 73 20 61 20 72 65 73 75 6c 74 2c 20 74 68 65 20 70 72 6f 63 65 73 73 69 6e 67	ate..As.a.result,.the.processing
26400	20 6f 66 20 65 61 63 68 20 70 61 63 6b 65 74 20 62 65 63 6f 6d 65 73 20 6d 6f 72 65 20 65 66 66	.of.each.packet.becomes.more.eff
26420	69 63 69 65 6e 74 2c 20 70 6f 74 65 6e 74 69 61 6c 6c 79 20 6c 65 76 65 72 61 67 69 6e 67 20 68	icient,.potentially.leveraging.h
26440	61 72 64 77 61 72 65 20 65 6e 63 72 79 70 74 69 6f 6e 20 6f 66 66 6c 6f 61 64 69 6e 67 20 73 75	ardware.encryption.offloading.su
26460	70 70 6f 72 74 20 61 76 61 69 6c 61 62 6c 65 20 69 6e 20 74 68 65 20 6b 65 72 6e 65 6c 2e 00 41	pport.available.in.the.kernel..A
26480	73 20 61 6e 20 61 6c 74 65 72 6e 61 74 69 76 65 20 74 6f 20 61 70 70 6c 79 69 6e 67 20 70 6f 6c	s.an.alternative.to.applying.pol
264a0	69 63 79 20 74 6f 20 61 6e 20 69 6e 74 65 72 66 61 63 65 20 64 69 72 65 63 74 6c 79 2c 20 61 20	icy.to.an.interface.directly,.a.
264c0	7a 6f 6e 65 2d 62 61 73 65 64 20 66 69 72 65 77 61 6c 6c 20 63 61 6e 20 62 65 20 63 72 65 61 74	zone-based.firewall.can.be.creat
264e0	65 64 20 74 6f 20 73 69 6d 70 6c 69 66 79 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 77 68 65	ed.to.simplify.configuration.whe
26500	6e 20 6d 75 6c 74 69 70 6c 65 20 69 6e 74 65 72 66 61 63 65 73 20 62 65 6c 6f 6e 67 20 74 6f 20	n.multiple.interfaces.belong.to.
26520	74 68 65 20 73 61 6d 65 20 73 65 63 75 72 69 74 79 20 7a 6f 6e 65 2e 20 49 6e 73 74 65 61 64 20	the.same.security.zone..Instead.
26540	6f 66 20 61 70 70 6c 79 69 6e 67 20 72 75 6c 65 2d 73 65 74 73 20 74 6f 20 69 6e 74 65 72 66 61	of.applying.rule-sets.to.interfa
26560	63 65 73 2c 20 74 68 65 79 20 61 72 65 20 61 70 70 6c 69 65 64 20 74 6f 20 73 6f 75 72 63 65 20	ces,.they.are.applied.to.source.
26580	7a 6f 6e 65 2d 64 65 73 74 69 6e 61 74 69 6f 6e 20 7a 6f 6e 65 20 70 61 69 72 73 2e 00 41 73 20	zone-destination.zone.pairs..As.
265a0	6d 6f 72 65 20 61 6e 64 20 6d 6f 72 65 20 72 6f 75 74 65 72 73 20 72 75 6e 20 6f 6e 20 48 79 70	more.and.more.routers.run.on.Hyp
265c0	65 72 76 69 73 6f 72 73 2c 20 65 78 70 65 63 69 61 6c 6c 79 20 77 69 74 68 20 61 20 3a 61 62 62	ervisors,.expecially.with.a.:abb
265e0	72 3a 60 4e 4f 53 20 28 4e 65 74 77 6f 72 6b 20 4f 70 65 72 61 74 69 6e 67 20 53 79 73 74 65 6d	r:`NOS.(Network.Operating.System
26600	29 60 20 61 73 20 56 79 4f 53 2c 20 69 74 20 6d 61 6b 65 73 20 66 65 77 65 72 20 61 6e 64 20 66	)`.as.VyOS,.it.makes.fewer.and.f
26620	65 77 65 72 20 73 65 6e 73 65 20 74 6f 20 75 73 65 20 73 74 61 74 69 63 20 72 65 73 6f 75 72 63	ewer.sense.to.use.static.resourc
26640	65 20 62 69 6e 64 69 6e 67 73 20 6c 69 6b 65 20 60 60 73 6d 70 2d 61 66 66 69 6e 69 74 79 60 60	e.bindings.like.``smp-affinity``
26660	20 61 73 20 70 72 65 73 65 6e 74 20 69 6e 20 56 79 4f 53 20 31 2e 32 20 61 6e 64 20 65 61 72 6c	.as.present.in.VyOS.1.2.and.earl
26680	69 65 72 20 74 6f 20 70 69 6e 20 63 65 72 74 61 69 6e 20 69 6e 74 65 72 72 75 70 74 20 68 61 6e	ier.to.pin.certain.interrupt.han
266a0	64 6c 65 72 73 20 74 6f 20 73 70 65 63 69 66 69 63 20 43 50 55 73 2e 00 41 73 20 6e 65 74 77 6f	dlers.to.specific.CPUs..As.netwo
266c0	72 6b 20 61 64 64 72 65 73 73 20 74 72 61 6e 73 6c 61 74 69 6f 6e 20 6d 6f 64 69 66 69 65 73 20	rk.address.translation.modifies.
266e0	74 68 65 20 49 50 20 61 64 64 72 65 73 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 69 6e 20 70 61	the.IP.address.information.in.pa
26700	63 6b 65 74 73 2c 20 4e 41 54 20 69 6d 70 6c 65 6d 65 6e 74 61 74 69 6f 6e 73 20 6d 61 79 20 76	ckets,.NAT.implementations.may.v
26720	61 72 79 20 69 6e 20 74 68 65 69 72 20 73 70 65 63 69 66 69 63 20 62 65 68 61 76 69 6f 72 20 69	ary.in.their.specific.behavior.i
26740	6e 20 76 61 72 69 6f 75 73 20 61 64 64 72 65 73 73 69 6e 67 20 63 61 73 65 73 20 61 6e 64 20 74	n.various.addressing.cases.and.t
26760	68 65 69 72 20 65 66 66 65 63 74 20 6f 6e 20 6e 65 74 77 6f 72 6b 20 74 72 61 66 66 69 63 2e 20	heir.effect.on.network.traffic..
26780	54 68 65 20 73 70 65 63 69 66 69 63 73 20 6f 66 20 4e 41 54 20 62 65 68 61 76 69 6f 72 20 61 72	The.specifics.of.NAT.behavior.ar
267a0	65 20 6e 6f 74 20 63 6f 6d 6d 6f 6e 6c 79 20 64 6f 63 75 6d 65 6e 74 65 64 20 62 79 20 76 65 6e	e.not.commonly.documented.by.ven
267c0	64 6f 72 73 20 6f 66 20 65 71 75 69 70 6d 65 6e 74 20 63 6f 6e 74 61 69 6e 69 6e 67 20 4e 41 54	dors.of.equipment.containing.NAT
267e0	20 69 6d 70 6c 65 6d 65 6e 74 61 74 69 6f 6e 73 2e 00 41 73 20 70 65 72 20 64 65 66 61 75 6c 74	.implementations..As.per.default
26800	20 61 6e 64 20 69 66 20 6e 6f 74 20 6f 74 68 65 72 77 69 73 65 20 64 65 66 69 6e 65 64 2c 20 6d	.and.if.not.otherwise.defined,.m
26820	73 63 68 61 70 2d 76 32 20 69 73 20 62 65 69 6e 67 20 75 73 65 64 20 66 6f 72 20 61 75 74 68 65	schap-v2.is.being.used.for.authe
26840	6e 74 69 63 61 74 69 6f 6e 20 61 6e 64 20 6d 70 70 65 20 31 32 38 2d 62 69 74 20 28 73 74 61 74	ntication.and.mppe.128-bit.(stat
26860	65 6c 65 73 73 29 20 66 6f 72 20 65 6e 63 72 79 70 74 69 6f 6e 2e 20 49 66 20 6e 6f 20 67 61 74	eless).for.encryption..If.no.gat
26880	65 77 61 79 2d 61 64 64 72 65 73 73 20 69 73 20 73 65 74 20 77 69 74 68 69 6e 20 74 68 65 20 63	eway-address.is.set.within.the.c
268a0	6f 6e 66 69 67 75 72 61 74 69 6f 6e 2c 20 74 68 65 20 6c 6f 77 65 73 74 20 49 50 20 6f 75 74 20	onfiguration,.the.lowest.IP.out.
268c0	6f 66 20 74 68 65 20 2f 32 34 20 63 6c 69 65 6e 74 2d 69 70 2d 70 6f 6f 6c 20 69 73 20 62 65 69	of.the./24.client-ip-pool.is.bei
268e0	6e 67 20 75 73 65 64 2e 20 46 6f 72 20 69 6e 73 74 61 6e 63 65 2c 20 69 6e 20 74 68 65 20 65 78	ng.used..For.instance,.in.the.ex
26900	61 6d 70 6c 65 20 62 65 6c 6f 77 20 69 74 20 77 6f 75 6c 64 20 62 65 20 31 39 32 2e 31 36 38 2e	ample.below.it.would.be.192.168.
26920	30 2e 31 2e 00 41 73 20 73 68 6f 77 6e 20 69 6e 20 74 68 65 20 65 78 61 6d 70 6c 65 20 61 62 6f	0.1..As.shown.in.the.example.abo
26940	76 65 2c 20 6f 6e 65 20 6f 66 20 74 68 65 20 70 6f 73 73 69 62 69 6c 69 74 69 65 73 20 74 6f 20	ve,.one.of.the.possibilities.to.
26960	6d 61 74 63 68 20 70 61 63 6b 65 74 73 20 69 73 20 62 61 73 65 64 20 6f 6e 20 6d 61 72 6b 73 20	match.packets.is.based.on.marks.
26980	64 6f 6e 65 20 62 79 20 74 68 65 20 66 69 72 65 77 61 6c 6c 2c 20 60 74 68 61 74 20 63 61 6e 20	done.by.the.firewall,.`that.can.
269a0	67 69 76 65 20 79 6f 75 20 61 20 67 72 65 61 74 20 64 65 61 6c 20 6f 66 20 66 6c 65 78 69 62 69	give.you.a.great.deal.of.flexibi
269c0	6c 69 74 79 60 5f 2e 00 41 73 20 73 68 6f 77 6e 20 69 6e 20 74 68 65 20 6c 61 73 74 20 63 6f 6d	lity`_..As.shown.in.the.last.com
269e0	6d 61 6e 64 20 6f 66 20 74 68 65 20 65 78 61 6d 70 6c 65 20 61 62 6f 76 65 2c 20 74 68 65 20 60	mand.of.the.example.above,.the.`
26a00	71 75 65 75 65 2d 74 79 70 65 60 20 73 65 74 74 69 6e 67 20 61 6c 6c 6f 77 73 20 74 68 65 73 65	queue-type`.setting.allows.these
26a20	20 63 6f 6d 62 69 6e 61 74 69 6f 6e 73 2e 20 59 6f 75 20 77 69 6c 6c 20 62 65 20 61 62 6c 65 20	.combinations..You.will.be.able.
26a40	74 6f 20 75 73 65 20 69 74 20 69 6e 20 6d 61 6e 79 20 70 6f 6c 69 63 69 65 73 2e 00 41 73 20 74	to.use.it.in.many.policies..As.t
26a60	68 65 20 6e 61 6d 65 20 69 6d 70 6c 69 65 73 2c 20 69 74 27 73 20 49 50 76 34 20 65 6e 63 61 70	he.name.implies,.it's.IPv4.encap
26a80	73 75 6c 61 74 65 64 20 69 6e 20 49 50 76 36 2c 20 61 73 20 73 69 6d 70 6c 65 20 61 73 20 74 68	sulated.in.IPv6,.as.simple.as.th
26aa0	61 74 2e 00 41 73 20 77 65 6c 6c 20 61 73 20 74 68 65 20 62 65 6c 6f 77 20 74 6f 20 61 6c 6c 6f	at..As.well.as.the.below.to.allo
26ac0	77 20 4e 41 54 2d 74 72 61 76 65 72 73 61 6c 20 28 77 68 65 6e 20 4e 41 54 20 69 73 20 64 65 74	w.NAT-traversal.(when.NAT.is.det
26ae0	65 63 74 65 64 20 62 79 20 74 68 65 20 56 50 4e 20 63 6c 69 65 6e 74 2c 20 45 53 50 20 69 73 20	ected.by.the.VPN.client,.ESP.is.
26b00	65 6e 63 61 70 73 75 6c 61 74 65 64 20 69 6e 20 55 44 50 20 66 6f 72 20 4e 41 54 2d 74 72 61 76	encapsulated.in.UDP.for.NAT-trav
26b20	65 72 73 61 6c 29 3a 00 41 73 20 77 69 74 68 20 6f 74 68 65 72 20 70 6f 6c 69 63 69 65 73 2c 20	ersal):.As.with.other.policies,.
26b40	52 6f 75 6e 64 2d 52 6f 62 69 6e 20 63 61 6e 20 65 6d 62 65 64 5f 20 61 6e 6f 74 68 65 72 20 70	Round-Robin.can.embed_.another.p
26b60	6f 6c 69 63 79 20 69 6e 74 6f 20 61 20 63 6c 61 73 73 20 74 68 72 6f 75 67 68 20 74 68 65 20 60	olicy.into.a.class.through.the.`
26b80	60 71 75 65 75 65 2d 74 79 70 65 60 60 20 73 65 74 74 69 6e 67 2e 00 41 73 20 77 69 74 68 20 6f	`queue-type``.setting..As.with.o
26ba0	74 68 65 72 20 70 6f 6c 69 63 69 65 73 2c 20 53 68 61 70 65 72 20 63 61 6e 20 65 6d 62 65 64 5f	ther.policies,.Shaper.can.embed_
26bc0	20 6f 74 68 65 72 20 70 6f 6c 69 63 69 65 73 20 69 6e 74 6f 20 69 74 73 20 63 6c 61 73 73 65 73	.other.policies.into.its.classes
26be0	20 74 68 72 6f 75 67 68 20 74 68 65 20 60 60 71 75 65 75 65 2d 74 79 70 65 60 60 20 73 65 74 74	.through.the.``queue-type``.sett
26c00	69 6e 67 20 61 6e 64 20 74 68 65 6e 20 63 6f 6e 66 69 67 75 72 65 20 74 68 65 69 72 20 70 61 72	ing.and.then.configure.their.par
26c20	61 6d 65 74 65 72 73 2e 00 41 73 20 77 69 74 68 20 6f 74 68 65 72 20 70 6f 6c 69 63 69 65 73 2c	ameters..As.with.other.policies,
26c40	20 79 6f 75 20 63 61 6e 20 64 65 66 69 6e 65 20 64 69 66 66 65 72 65 6e 74 20 74 79 70 65 20 6f	.you.can.define.different.type.o
26c60	66 20 6d 61 74 63 68 69 6e 67 20 72 75 6c 65 73 20 66 6f 72 20 79 6f 75 72 20 63 6c 61 73 73 65	f.matching.rules.for.your.classe
26c80	73 3a 00 41 73 20 77 69 74 68 20 6f 74 68 65 72 20 70 6f 6c 69 63 69 65 73 2c 20 79 6f 75 20 63	s:.As.with.other.policies,.you.c
26ca0	61 6e 20 65 6d 62 65 64 5f 20 6f 74 68 65 72 20 70 6f 6c 69 63 69 65 73 20 69 6e 74 6f 20 74 68	an.embed_.other.policies.into.th
26cc0	65 20 63 6c 61 73 73 65 73 20 28 61 6e 64 20 64 65 66 61 75 6c 74 29 20 6f 66 20 79 6f 75 72 20	e.classes.(and.default).of.your.
26ce0	50 72 69 6f 72 69 74 79 20 51 75 65 75 65 20 70 6f 6c 69 63 79 20 74 68 72 6f 75 67 68 20 74 68	Priority.Queue.policy.through.th
26d00	65 20 60 60 71 75 65 75 65 2d 74 79 70 65 60 60 20 73 65 74 74 69 6e 67 3a 00 41 73 20 79 6f 75	e.``queue-type``.setting:.As.you
26d20	20 63 61 6e 20 73 65 65 20 69 6e 20 74 68 65 20 65 78 61 6d 70 6c 65 20 68 65 72 65 2c 20 79 6f	.can.see.in.the.example.here,.yo
26d40	75 20 63 61 6e 20 61 73 73 69 67 6e 20 74 68 65 20 73 61 6d 65 20 72 75 6c 65 2d 73 65 74 20 74	u.can.assign.the.same.rule-set.t
26d60	6f 20 73 65 76 65 72 61 6c 20 69 6e 74 65 72 66 61 63 65 73 2e 20 41 6e 20 69 6e 74 65 72 66 61	o.several.interfaces..An.interfa
26d80	63 65 20 63 61 6e 20 6f 6e 6c 79 20 68 61 76 65 20 6f 6e 65 20 72 75 6c 65 2d 73 65 74 20 70 65	ce.can.only.have.one.rule-set.pe
26da0	72 20 63 68 61 69 6e 2e 00 41 73 20 79 6f 75 20 63 61 6e 20 73 65 65 2c 20 4c 65 61 66 32 20 61	r.chain..As.you.can.see,.Leaf2.a
26dc0	6e 64 20 4c 65 61 66 33 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 69 73 20 61 6c 6d 6f 73 74	nd.Leaf3.configuration.is.almost
26de0	20 69 64 65 6e 74 69 63 61 6c 2e 20 54 68 65 72 65 20 61 72 65 20 6c 6f 74 73 20 6f 66 20 63 6f	.identical..There.are.lots.of.co
26e00	6d 6d 61 6e 64 73 20 61 62 6f 76 65 2c 20 49 27 6c 6c 20 74 72 79 20 74 6f 20 69 6e 74 6f 20 6d	mmands.above,.I'll.try.to.into.m
26e20	6f 72 65 20 64 65 74 61 69 6c 20 62 65 6c 6f 77 2c 20 63 6f 6d 6d 61 6e 64 20 64 65 73 63 72 69	ore.detail.below,.command.descri
26e40	70 74 69 6f 6e 73 20 61 72 65 20 70 6c 61 63 65 64 20 75 6e 64 65 72 20 74 68 65 20 63 6f 6d 6d	ptions.are.placed.under.the.comm
26e60	61 6e 64 20 62 6f 78 65 73 3a 00 41 73 73 69 67 6e 20 60 3c 6d 65 6d 62 65 72 3e 60 20 69 6e 74	and.boxes:.Assign.`<member>`.int
26e80	65 72 66 61 63 65 20 74 6f 20 62 72 69 64 67 65 20 60 3c 69 6e 74 65 72 66 61 63 65 3e 60 2e 20	erface.to.bridge.`<interface>`..
26ea0	41 20 63 6f 6d 70 6c 65 74 69 6f 6e 20 68 65 6c 70 65 72 20 77 69 6c 6c 20 68 65 6c 70 20 79 6f	A.completion.helper.will.help.yo
26ec0	75 20 77 69 74 68 20 61 6c 6c 20 61 6c 6c 6f 77 65 64 20 69 6e 74 65 72 66 61 63 65 73 20 77 68	u.with.all.allowed.interfaces.wh
26ee0	69 63 68 20 63 61 6e 20 62 65 20 62 72 69 64 67 65 64 2e 20 54 68 69 73 20 69 6e 63 6c 75 64 65	ich.can.be.bridged..This.include
26f00	73 20 3a 72 65 66 3a 60 65 74 68 65 72 6e 65 74 2d 69 6e 74 65 72 66 61 63 65 60 2c 20 3a 72 65	s.:ref:`ethernet-interface`,.:re
26f20	66 3a 60 62 6f 6e 64 2d 69 6e 74 65 72 66 61 63 65 60 2c 20 3a 72 65 66 3a 60 6c 32 74 70 76 33	f:`bond-interface`,.:ref:`l2tpv3
26f40	2d 69 6e 74 65 72 66 61 63 65 60 2c 20 3a 72 65 66 3a 60 6f 70 65 6e 76 70 6e 60 2c 20 3a 72 65	-interface`,.:ref:`openvpn`,.:re
26f60	66 3a 60 76 78 6c 61 6e 2d 69 6e 74 65 72 66 61 63 65 60 2c 20 3a 72 65 66 3a 60 77 69 72 65 6c	f:`vxlan-interface`,.:ref:`wirel
26f80	65 73 73 2d 69 6e 74 65 72 66 61 63 65 60 2c 20 3a 72 65 66 3a 60 74 75 6e 6e 65 6c 2d 69 6e 74	ess-interface`,.:ref:`tunnel-int
26fa0	65 72 66 61 63 65 60 20 61 6e 64 20 3a 72 65 66 3a 60 67 65 6e 65 76 65 2d 69 6e 74 65 72 66 61	erface`.and.:ref:`geneve-interfa
26fc0	63 65 60 2e 00 41 73 73 69 67 6e 20 61 20 73 70 65 63 69 66 69 63 20 62 61 63 6b 65 6e 64 20 74	ce`..Assign.a.specific.backend.t
26fe0	6f 20 61 20 72 75 6c 65 00 41 73 73 69 67 6e 20 69 6e 74 65 72 66 61 63 65 20 69 64 65 6e 74 69	o.a.rule.Assign.interface.identi
27000	66 69 65 64 20 62 79 20 60 3c 69 6e 74 65 72 66 61 63 65 3e 60 20 74 6f 20 56 52 46 20 6e 61 6d	fied.by.`<interface>`.to.VRF.nam
27020	65 64 20 60 3c 6e 61 6d 65 3e 60 2e 00 41 73 73 69 67 6e 20 6d 65 6d 62 65 72 20 69 6e 74 65 72	ed.`<name>`..Assign.member.inter
27040	66 61 63 65 73 20 74 6f 20 50 6f 72 74 43 68 61 6e 6e 65 6c 00 41 73 73 69 67 6e 20 73 74 61 74	faces.to.PortChannel.Assign.stat
27060	69 63 20 49 50 20 61 64 64 72 65 73 73 20 74 6f 20 60 3c 75 73 65 72 3e 60 20 61 63 63 6f 75 6e	ic.IP.address.to.`<user>`.accoun
27080	74 2e 00 41 73 73 69 67 6e 20 74 68 65 20 49 50 20 61 64 64 72 65 73 73 20 74 6f 20 74 68 69 73	t..Assign.the.IP.address.to.this
270a0	20 6d 61 63 68 69 6e 65 20 66 6f 72 20 60 3c 74 69 6d 65 3e 60 20 73 65 63 6f 6e 64 73 2e 00 41	.machine.for.`<time>`.seconds..A
270c0	73 73 69 67 6e 20 74 68 65 20 53 53 48 20 70 75 62 6c 69 63 20 6b 65 79 20 70 6f 72 74 69 6f 6e	ssign.the.SSH.public.key.portion
270e0	20 60 3c 6b 65 79 3e 60 20 69 64 65 6e 74 69 66 69 65 64 20 62 79 20 70 65 72 2d 6b 65 79 20 60	.`<key>`.identified.by.per-key.`
27100	3c 69 64 65 6e 74 69 66 69 65 72 3e 60 20 74 6f 20 74 68 65 20 6c 6f 63 61 6c 20 75 73 65 72 20	<identifier>`.to.the.local.user.
27120	60 3c 75 73 65 72 6e 61 6d 65 3e 60 2e 00 41 73 73 6f 63 69 61 74 65 73 20 74 68 65 20 70 72 65	`<username>`..Associates.the.pre
27140	76 69 6f 75 73 6c 79 20 67 65 6e 65 72 61 74 65 64 20 70 72 69 76 61 74 65 20 6b 65 79 20 74 6f	viously.generated.private.key.to
27160	20 61 20 73 70 65 63 69 66 69 63 20 57 69 72 65 47 75 61 72 64 20 69 6e 74 65 72 66 61 63 65 2e	.a.specific.WireGuard.interface.
27180	20 54 68 65 20 70 72 69 76 61 74 65 20 6b 65 79 20 63 61 6e 20 62 65 20 67 65 6e 65 72 61 74 65	.The.private.key.can.be.generate
271a0	20 76 69 61 20 74 68 65 20 63 6f 6d 6d 61 6e 64 00 41 73 73 75 72 65 20 74 68 61 74 20 79 6f 75	.via.the.command.Assure.that.you
271c0	72 20 66 69 72 65 77 61 6c 6c 20 72 75 6c 65 73 20 61 6c 6c 6f 77 20 74 68 65 20 74 72 61 66 66	r.firewall.rules.allow.the.traff
271e0	69 63 2c 20 69 6e 20 77 68 69 63 68 20 63 61 73 65 20 79 6f 75 20 68 61 76 65 20 61 20 77 6f 72	ic,.in.which.case.you.have.a.wor
27200	6b 69 6e 67 20 56 50 4e 20 75 73 69 6e 67 20 57 69 72 65 47 75 61 72 64 2e 00 41 73 73 75 72 65	king.VPN.using.WireGuard..Assure
27220	64 20 46 6f 72 77 61 72 64 69 6e 67 28 41 46 29 20 31 31 00 41 73 73 75 72 65 64 20 46 6f 72 77	d.Forwarding(AF).11.Assured.Forw
27240	61 72 64 69 6e 67 28 41 46 29 20 31 32 00 41 73 73 75 72 65 64 20 46 6f 72 77 61 72 64 69 6e 67	arding(AF).12.Assured.Forwarding
27260	28 41 46 29 20 31 33 00 41 73 73 75 72 65 64 20 46 6f 72 77 61 72 64 69 6e 67 28 41 46 29 20 32	(AF).13.Assured.Forwarding(AF).2
27280	31 00 41 73 73 75 72 65 64 20 46 6f 72 77 61 72 64 69 6e 67 28 41 46 29 20 32 32 00 41 73 73 75	1.Assured.Forwarding(AF).22.Assu
272a0	72 65 64 20 46 6f 72 77 61 72 64 69 6e 67 28 41 46 29 20 32 33 00 41 73 73 75 72 65 64 20 46 6f	red.Forwarding(AF).23.Assured.Fo
272c0	72 77 61 72 64 69 6e 67 28 41 46 29 20 33 31 00 41 73 73 75 72 65 64 20 46 6f 72 77 61 72 64 69	rwarding(AF).31.Assured.Forwardi
272e0	6e 67 28 41 46 29 20 33 32 00 41 73 73 75 72 65 64 20 46 6f 72 77 61 72 64 69 6e 67 28 41 46 29	ng(AF).32.Assured.Forwarding(AF)
27300	20 33 33 00 41 73 73 75 72 65 64 20 46 6f 72 77 61 72 64 69 6e 67 28 41 46 29 20 34 31 00 41 73	.33.Assured.Forwarding(AF).41.As
27320	73 75 72 65 64 20 46 6f 72 77 61 72 64 69 6e 67 28 41 46 29 20 34 32 00 41 73 73 75 72 65 64 20	sured.Forwarding(AF).42.Assured.
27340	46 6f 72 77 61 72 64 69 6e 67 28 41 46 29 20 34 33 00 41 74 20 65 76 65 72 79 20 72 6f 75 6e 64	Forwarding(AF).43.At.every.round
27360	2c 20 74 68 65 20 64 65 66 69 63 69 74 20 63 6f 75 6e 74 65 72 20 61 64 64 73 20 74 68 65 20 71	,.the.deficit.counter.adds.the.q
27380	75 61 6e 74 75 6d 20 73 6f 20 74 68 61 74 20 65 76 65 6e 20 6c 61 72 67 65 20 70 61 63 6b 65 74	uantum.so.that.even.large.packet
273a0	73 20 77 69 6c 6c 20 68 61 76 65 20 74 68 65 69 72 20 6f 70 70 6f 72 74 75 6e 69 74 79 20 74 6f	s.will.have.their.opportunity.to
273c0	20 62 65 20 64 65 71 75 65 75 65 64 2e 00 41 74 20 74 68 65 20 6d 6f 6d 65 6e 74 20 69 74 20 6e	.be.dequeued..At.the.moment.it.n
273e0	6f 74 20 70 6f 73 73 69 62 6c 65 20 74 6f 20 6c 6f 6f 6b 20 61 74 20 74 68 65 20 77 68 6f 6c 65	ot.possible.to.look.at.the.whole
27400	20 66 69 72 65 77 61 6c 6c 20 6c 6f 67 20 77 69 74 68 20 56 79 4f 53 20 6f 70 65 72 61 74 69 6f	.firewall.log.with.VyOS.operatio
27420	6e 61 6c 20 63 6f 6d 6d 61 6e 64 73 2e 20 41 6c 6c 20 6c 6f 67 73 20 77 69 6c 6c 20 73 61 76 65	nal.commands..All.logs.will.save
27440	20 74 6f 20 60 60 2f 76 61 72 2f 6c 6f 67 73 2f 6d 65 73 73 61 67 65 73 60 60 2e 20 46 6f 72 20	.to.``/var/logs/messages``..For.
27460	65 78 61 6d 70 6c 65 3a 20 60 60 67 72 65 70 20 27 31 30 2e 31 30 2e 30 2e 31 30 27 20 2f 76 61	example:.``grep.'10.10.0.10'./va
27480	72 2f 6c 6f 67 2f 6d 65 73 73 61 67 65 73 60 60 00 41 74 20 74 68 65 20 74 69 6d 65 20 6f 66 20	r/log/messages``.At.the.time.of.
274a0	74 68 69 73 20 77 72 69 74 69 6e 67 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 64 69 73 70 6c	this.writing.the.following.displ
274c0	61 79 73 20 61 72 65 20 73 75 70 70 6f 72 74 65 64 3a 00 41 74 20 76 65 72 79 20 6c 6f 77 20 72	ays.are.supported:.At.very.low.r
274e0	61 74 65 73 20 28 62 65 6c 6f 77 20 33 4d 62 69 74 29 2c 20 62 65 73 69 64 65 73 20 74 75 6e 69	ates.(below.3Mbit),.besides.tuni
27500	6e 67 20 60 71 75 61 6e 74 75 6d 60 20 28 33 30 30 20 6b 65 65 70 73 20 62 65 69 6e 67 20 6f 6b	ng.`quantum`.(300.keeps.being.ok
27520	29 20 79 6f 75 20 6d 61 79 20 61 6c 73 6f 20 77 61 6e 74 20 74 6f 20 69 6e 63 72 65 61 73 65 20	).you.may.also.want.to.increase.
27540	60 74 61 72 67 65 74 60 20 74 6f 20 73 6f 6d 65 74 68 69 6e 67 20 6c 69 6b 65 20 31 35 6d 73 20	`target`.to.something.like.15ms.
27560	61 6e 64 20 69 6e 63 72 65 61 73 65 20 60 69 6e 74 65 72 76 61 6c 60 20 74 6f 20 73 6f 6d 65 74	and.increase.`interval`.to.somet
27580	68 69 6e 67 20 61 72 6f 75 6e 64 20 31 35 30 20 6d 73 2e 00 41 74 74 61 63 68 65 73 20 75 73 65	hing.around.150.ms..Attaches.use
275a0	72 2d 64 65 66 69 6e 65 64 20 6e 65 74 77 6f 72 6b 20 74 6f 20 61 20 63 6f 6e 74 61 69 6e 65 72	r-defined.network.to.a.container
275c0	2e 20 4f 6e 6c 79 20 6f 6e 65 20 6e 65 74 77 6f 72 6b 20 6d 75 73 74 20 62 65 20 73 70 65 63 69	..Only.one.network.must.be.speci
275e0	66 69 65 64 20 61 6e 64 20 6d 75 73 74 20 61 6c 72 65 61 64 79 20 65 78 69 73 74 2e 00 41 75 74	fied.and.must.already.exist..Aut
27600	68 65 6e 74 69 63 61 74 69 6f 6e 00 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 28 45 41 50 6f	hentication.Authentication.(EAPo
27620	4c 29 00 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 61 70 70 6c 69 63 61 74 69 6f 6e 20 63 6c	L).Authentication.application.cl
27640	69 65 6e 74 2d 69 64 2e 00 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 61 70 70 6c 69 63 61 74	ient-id..Authentication.applicat
27660	69 6f 6e 20 63 6c 69 65 6e 74 2d 73 65 63 72 65 74 2e 00 41 75 74 68 65 6e 74 69 63 61 74 69 6f	ion.client-secret..Authenticatio
27680	6e 20 61 70 70 6c 69 63 61 74 69 6f 6e 20 74 65 6e 61 6e 74 2d 69 64 00 41 75 74 68 65 6e 74 69	n.application.tenant-id.Authenti
276a0	63 61 74 69 6f 6e 20 69 73 20 64 6f 6e 65 20 62 79 20 75 73 69 6e 67 20 74 68 65 20 60 60 6f 70	cation.is.done.by.using.the.``op
276c0	65 6e 76 70 6e 2d 61 75 74 68 2d 6c 64 61 70 2e 73 6f 60 60 20 70 6c 75 67 69 6e 20 77 68 69 63	envpn-auth-ldap.so``.plugin.whic
276e0	68 20 69 73 20 73 68 69 70 70 65 64 20 77 69 74 68 20 65 76 65 72 79 20 56 79 4f 53 20 69 6e 73	h.is.shipped.with.every.VyOS.ins
27700	74 61 6c 6c 61 74 69 6f 6e 2e 20 41 20 64 65 64 69 63 61 74 65 64 20 63 6f 6e 66 69 67 75 72 61	tallation..A.dedicated.configura
27720	74 69 6f 6e 20 66 69 6c 65 20 69 73 20 72 65 71 75 69 72 65 64 2e 20 49 74 20 69 73 20 62 65 73	tion.file.is.required..It.is.bes
27740	74 20 70 72 61 63 74 69 73 65 20 74 6f 20 73 74 6f 72 65 20 69 74 20 69 6e 20 60 60 2f 63 6f 6e	t.practise.to.store.it.in.``/con
27760	66 69 67 60 60 20 74 6f 20 73 75 72 76 69 76 65 20 69 6d 61 67 65 20 75 70 64 61 74 65 73 00 41	fig``.to.survive.image.updates.A
27780	75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 20 6e 61 6d 65 00	uthentication.organization.name.
277a0	41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 74 6f 6b 65 6e 00 41 75 74 68 65 6e 74 69 63 61 74	Authentication.token.Authenticat
277c0	69 6f 6e 20 e2 80 93 20 74 6f 20 76 65 72 69 66 79 20 74 68 61 74 20 74 68 65 20 6d 65 73 73 61	ion.....to.verify.that.the.messa
277e0	67 65 20 69 73 20 66 72 6f 6d 20 61 20 76 61 6c 69 64 20 73 6f 75 72 63 65 2e 00 41 75 74 68 6f	ge.is.from.a.valid.source..Autho
27800	72 69 7a 61 74 69 6f 6e 20 74 6f 6b 65 6e 00 41 75 74 6f 6d 61 74 69 63 20 56 4c 41 4e 20 43 72	rization.token.Automatic.VLAN.Cr
27820	65 61 74 69 6f 6e 00 41 75 74 6f 6d 61 74 69 63 20 56 4c 41 4e 20 63 72 65 61 74 69 6f 6e 00 41	eation.Automatic.VLAN.creation.A
27840	75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 72 65 62 6f 6f 74 20 73 79 73 74 65 6d 20 6f 6e 20 6b 65	utomatically.reboot.system.on.ke
27860	72 6e 65 6c 20 70 61 6e 69 63 20 61 66 74 65 72 20 36 30 20 73 65 63 6f 6e 64 73 2e 00 41 75 74	rnel.panic.after.60.seconds..Aut
27880	6f 6e 6f 6d 6f 75 73 20 53 79 73 74 65 6d 73 00 41 76 6f 69 64 69 6e 67 20 22 6c 65 61 6b 79 22	onomous.Systems.Avoiding."leaky"
278a0	20 4e 41 54 00 41 7a 75 72 65 2d 64 61 74 61 2d 65 78 70 6c 6f 72 65 72 00 42 46 44 00 42 46 44	.NAT.Azure-data-explorer.BFD.BFD
278c0	20 53 74 61 74 69 63 20 52 6f 75 74 65 20 4d 6f 6e 69 74 6f 72 69 6e 67 00 42 46 44 20 73 65 6e	.Static.Route.Monitoring.BFD.sen
278e0	64 73 20 6c 6f 74 73 20 6f 66 20 73 6d 61 6c 6c 20 55 44 50 20 70 61 63 6b 65 74 73 20 76 65 72	ds.lots.of.small.UDP.packets.ver
27900	79 20 71 75 69 63 6b 6c 79 20 74 6f 20 65 6e 73 75 72 65 73 20 74 68 61 74 20 74 68 65 20 70 65	y.quickly.to.ensures.that.the.pe
27920	65 72 20 69 73 20 73 74 69 6c 6c 20 61 6c 69 76 65 2e 00 42 47 50 00 42 47 50 20 2d 20 41 53 20	er.is.still.alive..BGP.BGP.-.AS.
27940	50 61 74 68 20 50 6f 6c 69 63 79 00 42 47 50 20 2d 20 43 6f 6d 6d 75 6e 69 74 79 20 4c 69 73 74	Path.Policy.BGP.-.Community.List
27960	00 42 47 50 20 2d 20 45 78 74 65 6e 64 65 64 20 43 6f 6d 6d 75 6e 69 74 79 20 4c 69 73 74 00 42	.BGP.-.Extended.Community.List.B
27980	47 50 20 2d 20 4c 61 72 67 65 20 43 6f 6d 6d 75 6e 69 74 79 20 4c 69 73 74 00 42 47 50 20 45 78	GP.-.Large.Community.List.BGP.Ex
279a0	61 6d 70 6c 65 00 42 47 50 20 52 6f 75 74 65 72 20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 00 42	ample.BGP.Router.Configuration.B
279c0	47 50 20 53 63 61 6c 69 6e 67 20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 00 42 47 50 20 61 67 67	GP.Scaling.Configuration.BGP.agg
279e0	72 65 67 61 74 6f 72 20 61 74 74 72 69 62 75 74 65 3a 20 41 53 20 6e 75 6d 62 65 72 20 6f 72 20	regator.attribute:.AS.number.or.
27a00	49 50 20 61 64 64 72 65 73 73 20 6f 66 20 61 6e 20 61 67 67 72 65 67 61 74 69 6f 6e 2e 00 42 47	IP.address.of.an.aggregation..BG
27a20	50 20 61 73 2d 70 61 74 68 20 6c 69 73 74 20 74 6f 20 6d 61 74 63 68 2e 00 42 47 50 20 61 74 6f	P.as-path.list.to.match..BGP.ato
27a40	6d 69 63 20 61 67 67 72 65 67 61 74 65 20 61 74 74 72 69 62 75 74 65 2e 00 42 47 50 20 63 6f 6d	mic.aggregate.attribute..BGP.com
27a60	6d 75 6e 69 74 79 2d 6c 69 73 74 20 74 6f 20 6d 61 74 63 68 2e 00 42 47 50 20 65 78 74 65 6e 64	munity-list.to.match..BGP.extend
27a80	65 64 20 63 6f 6d 6d 75 6e 69 74 79 20 74 6f 20 6d 61 74 63 68 2e 00 42 47 50 20 72 6f 6c 65 73	ed.community.to.match..BGP.roles
27aa0	20 61 72 65 20 64 65 66 69 6e 65 64 20 69 6e 20 52 46 43 20 3a 72 66 63 3a 60 39 32 33 34 60 20	.are.defined.in.RFC.:rfc:`9234`.
27ac0	61 6e 64 20 70 72 6f 76 69 64 65 20 61 6e 20 65 61 73 79 20 77 61 79 20 74 6f 20 61 64 64 20 72	and.provide.an.easy.way.to.add.r
27ae0	6f 75 74 65 20 6c 65 61 6b 20 70 72 65 76 65 6e 74 69 6f 6e 2c 20 64 65 74 65 63 74 69 6f 6e 20	oute.leak.prevention,.detection.
27b00	61 6e 64 20 6d 69 74 69 67 61 74 69 6f 6e 2e 20 54 68 65 20 6c 6f 63 61 6c 20 52 6f 6c 65 20 76	and.mitigation..The.local.Role.v
27b20	61 6c 75 65 20 69 73 20 6e 65 67 6f 74 69 61 74 65 64 20 77 69 74 68 20 74 68 65 20 6e 65 77 20	alue.is.negotiated.with.the.new.
27b40	42 47 50 20 52 6f 6c 65 20 63 61 70 61 62 69 6c 69 74 79 20 77 68 69 63 68 20 68 61 73 20 61 20	BGP.Role.capability.which.has.a.
27b60	62 75 69 6c 74 2d 69 6e 20 63 68 65 63 6b 20 6f 66 20 74 68 65 20 63 6f 72 72 65 73 70 6f 6e 64	built-in.check.of.the.correspond
27b80	69 6e 67 20 76 61 6c 75 65 2e 20 49 6e 20 63 61 73 65 20 6f 66 20 61 20 6d 69 73 6d 61 74 63 68	ing.value..In.case.of.a.mismatch
27ba0	20 74 68 65 20 6e 65 77 20 4f 50 45 4e 20 52 6f 6c 65 73 20 4d 69 73 6d 61 74 63 68 20 4e 6f 74	.the.new.OPEN.Roles.Mismatch.Not
27bc0	69 66 69 63 61 74 69 6f 6e 20 3c 32 2c 20 31 31 3e 20 77 6f 75 6c 64 20 62 65 20 73 65 6e 74 2e	ification.<2,.11>.would.be.sent.
27be0	20 54 68 65 20 63 6f 72 72 65 63 74 20 52 6f 6c 65 20 70 61 69 72 73 20 61 72 65 3a 00 42 47 50	.The.correct.Role.pairs.are:.BGP
27c00	20 72 6f 75 74 65 72 73 20 63 6f 6e 6e 65 63 74 65 64 20 69 6e 73 69 64 65 20 74 68 65 20 73 61	.routers.connected.inside.the.sa
27c20	6d 65 20 41 53 20 74 68 72 6f 75 67 68 20 42 47 50 20 62 65 6c 6f 6e 67 20 74 6f 20 61 6e 20 69	me.AS.through.BGP.belong.to.an.i
27c40	6e 74 65 72 6e 61 6c 20 42 47 50 20 73 65 73 73 69 6f 6e 2c 20 6f 72 20 49 42 47 50 2e 20 49 6e	nternal.BGP.session,.or.IBGP..In
27c60	20 6f 72 64 65 72 20 74 6f 20 70 72 65 76 65 6e 74 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 20	.order.to.prevent.routing.table.
27c80	6c 6f 6f 70 73 2c 20 49 42 47 50 20 73 70 65 61 6b 65 72 20 64 6f 65 73 20 6e 6f 74 20 61 64 76	loops,.IBGP.speaker.does.not.adv
27ca0	65 72 74 69 73 65 20 49 42 47 50 2d 6c 65 61 72 6e 65 64 20 72 6f 75 74 65 73 20 74 6f 20 6f 74	ertise.IBGP-learned.routes.to.ot
27cc0	68 65 72 20 49 42 47 50 20 73 70 65 61 6b 65 72 20 28 53 70 6c 69 74 20 48 6f 72 69 7a 6f 6e 20	her.IBGP.speaker.(Split.Horizon.
27ce0	6d 65 63 68 61 6e 69 73 6d 29 2e 20 41 73 20 73 75 63 68 2c 20 49 42 47 50 20 72 65 71 75 69 72	mechanism)..As.such,.IBGP.requir
27d00	65 73 20 61 20 66 75 6c 6c 20 6d 65 73 68 20 6f 66 20 61 6c 6c 20 70 65 65 72 73 2e 20 46 6f 72	es.a.full.mesh.of.all.peers..For
27d20	20 6c 61 72 67 65 20 6e 65 74 77 6f 72 6b 73 2c 20 74 68 69 73 20 71 75 69 63 6b 6c 79 20 62 65	.large.networks,.this.quickly.be
27d40	63 6f 6d 65 73 20 75 6e 73 63 61 6c 61 62 6c 65 2e 00 42 47 50 20 72 6f 75 74 65 73 20 6d 61 79	comes.unscalable..BGP.routes.may
27d60	20 62 65 20 6c 65 61 6b 65 64 20 28 69 2e 65 2e 20 63 6f 70 69 65 64 29 20 62 65 74 77 65 65 6e	.be.leaked.(i.e..copied).between
27d80	20 61 20 75 6e 69 63 61 73 74 20 56 52 46 20 52 49 42 20 61 6e 64 20 74 68 65 20 56 50 4e 20 53	.a.unicast.VRF.RIB.and.the.VPN.S
27da0	41 46 49 20 52 49 42 20 6f 66 20 74 68 65 20 64 65 66 61 75 6c 74 20 56 52 46 20 66 6f 72 20 75	AFI.RIB.of.the.default.VRF.for.u
27dc0	73 65 20 69 6e 20 4d 50 4c 53 2d 62 61 73 65 64 20 4c 33 56 50 4e 73 2e 20 55 6e 69 63 61 73 74	se.in.MPLS-based.L3VPNs..Unicast
27de0	20 72 6f 75 74 65 73 20 6d 61 79 20 61 6c 73 6f 20 62 65 20 6c 65 61 6b 65 64 20 62 65 74 77 65	.routes.may.also.be.leaked.betwe
27e00	65 6e 20 61 6e 79 20 56 52 46 73 20 28 69 6e 63 6c 75 64 69 6e 67 20 74 68 65 20 75 6e 69 63 61	en.any.VRFs.(including.the.unica
27e20	73 74 20 52 49 42 20 6f 66 20 74 68 65 20 64 65 66 61 75 6c 74 20 42 47 50 20 69 6e 73 74 61 6e	st.RIB.of.the.default.BGP.instan
27e40	63 65 29 2e 20 41 20 73 68 6f 72 74 63 75 74 20 73 79 6e 74 61 78 20 69 73 20 61 6c 73 6f 20 61	ce)..A.shortcut.syntax.is.also.a
27e60	76 61 69 6c 61 62 6c 65 20 66 6f 72 20 73 70 65 63 69 66 79 69 6e 67 20 6c 65 61 6b 69 6e 67 20	vailable.for.specifying.leaking.
27e80	66 72 6f 6d 20 6f 6e 65 20 56 52 46 20 74 6f 20 61 6e 6f 74 68 65 72 20 56 52 46 20 75 73 69 6e	from.one.VRF.to.another.VRF.usin
27ea0	67 20 74 68 65 20 64 65 66 61 75 6c 74 20 69 6e 73 74 61 6e 63 65 e2 80 99 73 20 56 50 4e 20 52	g.the.default.instance...s.VPN.R
27ec0	49 42 20 61 73 20 74 68 65 20 69 6e 74 65 6d 65 64 69 61 72 79 20 2e 20 41 20 63 6f 6d 6d 6f 6e	IB.as.the.intemediary...A.common
27ee0	20 61 70 70 6c 69 63 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 56 52 46 2d 56 52 46 20 66 65 61 74	.application.of.the.VRF-VRF.feat
27f00	75 72 65 20 69 73 20 74 6f 20 63 6f 6e 6e 65 63 74 20 61 20 63 75 73 74 6f 6d 65 72 e2 80 99 73	ure.is.to.connect.a.customer...s
27f20	20 70 72 69 76 61 74 65 20 72 6f 75 74 69 6e 67 20 64 6f 6d 61 69 6e 20 74 6f 20 61 20 70 72 6f	.private.routing.domain.to.a.pro
27f40	76 69 64 65 72 e2 80 99 73 20 56 50 4e 20 73 65 72 76 69 63 65 2e 20 4c 65 61 6b 69 6e 67 20 69	vider...s.VPN.service..Leaking.i
27f60	73 20 63 6f 6e 66 69 67 75 72 65 64 20 66 72 6f 6d 20 74 68 65 20 70 6f 69 6e 74 20 6f 66 20 76	s.configured.from.the.point.of.v
27f80	69 65 77 20 6f 66 20 61 6e 20 69 6e 64 69 76 69 64 75 61 6c 20 56 52 46 3a 20 69 6d 70 6f 72 74	iew.of.an.individual.VRF:.import
27fa0	20 72 65 66 65 72 73 20 74 6f 20 72 6f 75 74 65 73 20 6c 65 61 6b 65 64 20 66 72 6f 6d 20 56 50	.refers.to.routes.leaked.from.VP
27fc0	4e 20 74 6f 20 61 20 75 6e 69 63 61 73 74 20 56 52 46 2c 20 77 68 65 72 65 61 73 20 65 78 70 6f	N.to.a.unicast.VRF,.whereas.expo
27fe0	72 74 20 72 65 66 65 72 73 20 74 6f 20 72 6f 75 74 65 73 20 6c 65 61 6b 65 64 20 66 72 6f 6d 20	rt.refers.to.routes.leaked.from.
28000	61 20 75 6e 69 63 61 73 74 20 56 52 46 20 74 6f 20 56 50 4e 2e 00 42 61 62 65 6c 00 42 61 62 65	a.unicast.VRF.to.VPN..Babel.Babe
28020	6c 20 61 20 64 75 61 6c 20 73 74 61 63 6b 20 70 72 6f 74 6f 63 6f 6c 2e 20 41 20 73 69 6e 67 6c	l.a.dual.stack.protocol..A.singl
28040	65 20 42 61 62 65 6c 20 69 6e 73 74 61 6e 63 65 20 69 73 20 61 62 6c 65 20 74 6f 20 70 65 72 66	e.Babel.instance.is.able.to.perf
28060	6f 72 6d 20 72 6f 75 74 69 6e 67 20 66 6f 72 20 62 6f 74 68 20 49 50 76 34 20 61 6e 64 20 49 50	orm.routing.for.both.IPv4.and.IP
28080	76 36 2e 00 42 61 62 65 6c 20 69 73 20 61 20 6d 6f 64 65 72 6e 20 72 6f 75 74 69 6e 67 20 70 72	v6..Babel.is.a.modern.routing.pr
280a0	6f 74 6f 63 6f 6c 20 64 65 73 69 67 6e 65 64 20 74 6f 20 62 65 20 72 6f 62 75 73 74 20 61 6e 64	otocol.designed.to.be.robust.and
280c0	20 65 66 66 69 63 69 65 6e 74 20 62 6f 74 68 20 69 6e 20 6f 72 64 69 6e 61 72 79 20 77 69 72 65	.efficient.both.in.ordinary.wire
280e0	64 20 6e 65 74 77 6f 72 6b 73 20 61 6e 64 20 69 6e 20 77 69 72 65 6c 65 73 73 20 6d 65 73 68 20	d.networks.and.in.wireless.mesh.
28100	6e 65 74 77 6f 72 6b 73 2e 20 42 79 20 64 65 66 61 75 6c 74 2c 20 69 74 20 75 73 65 73 20 68 6f	networks..By.default,.it.uses.ho
28120	70 2d 63 6f 75 6e 74 20 6f 6e 20 77 69 72 65 64 20 6e 65 74 77 6f 72 6b 73 20 61 6e 64 20 61 20	p-count.on.wired.networks.and.a.
28140	76 61 72 69 61 6e 74 20 6f 66 20 45 54 58 20 6f 6e 20 77 69 72 65 6c 65 73 73 20 6c 69 6e 6b 73	variant.of.ETX.on.wireless.links
28160	2c 20 49 74 20 63 61 6e 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 74 6f 20 74 61 6b 65 20 72	,.It.can.be.configured.to.take.r
28180	61 64 69 6f 20 64 69 76 65 72 73 69 74 79 20 69 6e 74 6f 20 61 63 63 6f 75 6e 74 20 61 6e 64 20	adio.diversity.into.account.and.
281a0	74 6f 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 63 6f 6d 70 75 74 65 20 61 20 6c 69 6e 6b 27	to.automatically.compute.a.link'
281c0	73 20 6c 61 74 65 6e 63 79 20 61 6e 64 20 69 6e 63 6c 75 64 65 20 69 74 20 69 6e 20 74 68 65 20	s.latency.and.include.it.in.the.
281e0	6d 65 74 72 69 63 2e 20 49 74 20 69 73 20 64 65 66 69 6e 65 64 20 69 6e 20 3a 72 66 63 3a 60 38	metric..It.is.defined.in.:rfc:`8
28200	39 36 36 60 2e 00 42 61 63 6b 65 6e 64 00 42 61 6c 61 6e 63 65 20 61 6c 67 6f 72 69 74 68 6d 73	966`..Backend.Balance.algorithms
28220	3a 00 42 61 6c 61 6e 63 69 6e 67 20 52 75 6c 65 73 00 42 61 6c 61 6e 63 69 6e 67 20 62 61 73 65	:.Balancing.Rules.Balancing.base
28240	64 20 6f 6e 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 00 42 61 6e 64 77 69 64 74 68 20 53 68 61 70 69	d.on.domain.name.Bandwidth.Shapi
28260	6e 67 00 42 61 6e 64 77 69 64 74 68 20 53 68 61 70 69 6e 67 20 66 6f 72 20 6c 6f 63 61 6c 20 75	ng.Bandwidth.Shaping.for.local.u
28280	73 65 72 73 00 42 61 6e 64 77 69 64 74 68 20 72 61 74 65 20 6c 69 6d 69 74 73 20 63 61 6e 20 62	sers.Bandwidth.rate.limits.can.b
282a0	65 20 73 65 74 20 66 6f 72 20 6c 6f 63 61 6c 20 75 73 65 72 73 20 6f 72 20 52 41 44 49 55 53 20	e.set.for.local.users.or.RADIUS.
282c0	62 61 73 65 64 20 61 74 74 72 69 62 75 74 65 73 2e 00 42 61 6e 64 77 69 64 74 68 20 72 61 74 65	based.attributes..Bandwidth.rate
282e0	20 6c 69 6d 69 74 73 20 63 61 6e 20 62 65 20 73 65 74 20 66 6f 72 20 6c 6f 63 61 6c 20 75 73 65	.limits.can.be.set.for.local.use
28300	72 73 20 6f 72 20 76 69 61 20 52 41 44 49 55 53 20 62 61 73 65 64 20 61 74 74 72 69 62 75 74 65	rs.or.via.RADIUS.based.attribute
28320	73 2e 00 42 61 6e 64 77 69 64 74 68 20 72 61 74 65 20 6c 69 6d 69 74 73 20 63 61 6e 20 62 65 20	s..Bandwidth.rate.limits.can.be.
28340	73 65 74 20 66 6f 72 20 6c 6f 63 61 6c 20 75 73 65 72 73 20 77 69 74 68 69 6e 20 74 68 65 20 63	set.for.local.users.within.the.c
28360	6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 72 20 76 69 61 20 52 41 44 49 55 53 20 62 61 73 65 64	onfiguration.or.via.RADIUS.based
28380	20 61 74 74 72 69 62 75 74 65 73 2e 00 42 61 73 65 6c 69 6e 65 20 44 4d 56 50 4e 20 74 6f 70 6f	.attributes..Baseline.DMVPN.topo
283a0	6c 6f 67 79 00 42 61 73 69 63 20 43 6f 6e 63 65 70 74 73 00 42 61 73 69 63 20 63 6f 6d 6d 61 6e	logy.Basic.Concepts.Basic.comman
283c0	64 73 00 42 61 73 69 63 20 66 69 6c 74 65 72 69 6e 67 20 63 61 6e 20 62 65 20 64 6f 6e 65 20 75	ds.Basic.filtering.can.be.done.u
283e0	73 69 6e 67 20 61 63 63 65 73 73 2d 6c 69 73 74 20 61 6e 64 20 61 63 63 65 73 73 2d 6c 69 73 74	sing.access-list.and.access-list
28400	36 2e 00 42 61 73 69 63 20 66 69 6c 74 65 72 69 6e 67 20 63 6f 75 6c 64 20 61 6c 73 6f 20 62 65	6..Basic.filtering.could.also.be
28420	20 61 70 70 6c 69 65 64 20 74 6f 20 49 50 76 36 20 74 72 61 66 66 69 63 2e 00 42 61 73 69 63 20	.applied.to.IPv6.traffic..Basic.
28440	73 65 74 75 70 00 42 65 20 73 75 72 65 20 74 6f 20 73 65 74 20 61 20 73 61 6e 65 20 64 65 66 61	setup.Be.sure.to.set.a.sane.defa
28460	75 6c 74 20 63 6f 6e 66 69 67 20 69 6e 20 74 68 65 20 64 65 66 61 75 6c 74 20 63 6f 6e 66 69 67	ult.config.in.the.default.config
28480	20 66 69 6c 65 2c 20 74 68 69 73 20 77 69 6c 6c 20 62 65 20 6c 6f 61 64 65 64 20 69 6e 20 74 68	.file,.this.will.be.loaded.in.th
284a0	65 20 63 61 73 65 20 74 68 61 74 20 61 20 75 73 65 72 20 69 73 20 61 75 74 68 65 6e 74 69 63 61	e.case.that.a.user.is.authentica
284c0	74 65 64 20 61 6e 64 20 6e 6f 20 66 69 6c 65 20 69 73 20 66 6f 75 6e 64 20 69 6e 20 74 68 65 20	ted.and.no.file.is.found.in.the.
284e0	63 6f 6e 66 69 67 75 72 65 64 20 64 69 72 65 63 74 6f 72 79 20 6d 61 74 63 68 69 6e 67 20 74 68	configured.directory.matching.th
28500	65 20 75 73 65 72 73 20 75 73 65 72 6e 61 6d 65 2f 67 72 6f 75 70 2e 00 42 65 61 6d 66 6f 72 6d	e.users.username/group..Beamform
28520	69 6e 67 20 63 61 70 61 62 69 6c 69 74 69 65 73 3a 00 42 65 63 61 75 73 65 20 61 6e 20 61 67 67	ing.capabilities:.Because.an.agg
28540	72 65 67 61 74 6f 72 20 63 61 6e 6e 6f 74 20 62 65 20 61 63 74 69 76 65 20 77 69 74 68 6f 75 74	regator.cannot.be.active.without
28560	20 61 74 20 6c 65 61 73 74 20 6f 6e 65 20 61 76 61 69 6c 61 62 6c 65 20 6c 69 6e 6b 2c 20 73 65	.at.least.one.available.link,.se
28580	74 74 69 6e 67 20 74 68 69 73 20 6f 70 74 69 6f 6e 20 74 6f 20 30 20 6f 72 20 74 6f 20 31 20 68	tting.this.option.to.0.or.to.1.h
285a0	61 73 20 74 68 65 20 65 78 61 63 74 20 73 61 6d 65 20 65 66 66 65 63 74 2e 00 42 65 63 61 75 73	as.the.exact.same.effect..Becaus
285c0	65 20 65 78 69 73 74 69 6e 67 20 73 65 73 73 69 6f 6e 73 20 64 6f 20 6e 6f 74 20 61 75 74 6f 6d	e.existing.sessions.do.not.autom
285e0	61 74 69 63 61 6c 6c 79 20 66 61 69 6c 20 6f 76 65 72 20 74 6f 20 61 20 6e 65 77 20 70 61 74 68	atically.fail.over.to.a.new.path
28600	2c 20 74 68 65 20 73 65 73 73 69 6f 6e 20 74 61 62 6c 65 20 63 61 6e 20 62 65 20 66 6c 75 73 68	,.the.session.table.can.be.flush
28620	65 64 20 6f 6e 20 65 61 63 68 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 73 74 61 74 65 20 63 68 61 6e	ed.on.each.connection.state.chan
28640	67 65 3a 00 42 65 66 6f 72 65 20 65 6e 61 62 6c 69 6e 67 20 61 6e 79 20 68 61 72 64 77 61 72 65	ge:.Before.enabling.any.hardware
28660	20 73 65 67 6d 65 6e 74 61 74 69 6f 6e 20 6f 66 66 6c 6f 61 64 20 61 20 63 6f 72 72 65 73 70 6f	.segmentation.offload.a.correspo
28680	6e 64 69 6e 67 20 73 6f 66 74 77 61 72 65 20 6f 66 66 6c 6f 61 64 20 69 73 20 72 65 71 75 69 72	nding.software.offload.is.requir
286a0	65 64 20 69 6e 20 47 53 4f 2e 20 4f 74 68 65 72 77 69 73 65 20 69 74 20 62 65 63 6f 6d 65 73 20	ed.in.GSO..Otherwise.it.becomes.
286c0	70 6f 73 73 69 62 6c 65 20 66 6f 72 20 61 20 66 72 61 6d 65 20 74 6f 20 62 65 20 72 65 2d 72 6f	possible.for.a.frame.to.be.re-ro
286e0	75 74 65 64 20 62 65 74 77 65 65 6e 20 64 65 76 69 63 65 73 20 61 6e 64 20 65 6e 64 20 75 70 20	uted.between.devices.and.end.up.
28700	62 65 69 6e 67 20 75 6e 61 62 6c 65 20 74 6f 20 62 65 20 74 72 61 6e 73 6d 69 74 74 65 64 2e 00	being.unable.to.be.transmitted..
28720	42 65 66 6f 72 65 20 79 6f 75 20 61 72 65 20 61 62 6c 65 20 74 6f 20 61 70 70 6c 79 20 61 20 72	Before.you.are.able.to.apply.a.r
28740	75 6c 65 2d 73 65 74 20 74 6f 20 61 20 7a 6f 6e 65 20 79 6f 75 20 68 61 76 65 20 74 6f 20 63 72	ule-set.to.a.zone.you.have.to.cr
28760	65 61 74 65 20 74 68 65 20 7a 6f 6e 65 73 20 66 69 72 73 74 2e 00 42 65 6c 6f 77 20 66 6c 6f 77	eate.the.zones.first..Below.flow
28780	2d 63 68 61 72 74 20 63 6f 75 6c 64 20 62 65 20 61 20 71 75 69 63 6b 20 72 65 66 65 72 65 6e 63	-chart.could.be.a.quick.referenc
287a0	65 20 66 6f 72 20 74 68 65 20 63 6c 6f 73 65 2d 61 63 74 69 6f 6e 20 63 6f 6d 62 69 6e 61 74 69	e.for.the.close-action.combinati
287c0	6f 6e 20 64 65 70 65 6e 64 69 6e 67 20 6f 6e 20 68 6f 77 20 74 68 65 20 70 65 65 72 20 69 73 20	on.depending.on.how.the.peer.is.
287e0	63 6f 6e 66 69 67 75 72 65 64 2e 00 42 65 6c 6f 77 20 69 73 20 61 6e 20 65 78 61 6d 70 6c 65 20	configured..Below.is.an.example.
28800	74 6f 20 63 6f 6e 66 69 67 75 72 65 20 61 20 4c 4e 53 3a 00 42 65 73 74 20 65 66 66 6f 72 74 20	to.configure.a.LNS:.Best.effort.
28820	74 72 61 66 66 69 63 2c 20 64 65 66 61 75 6c 74 00 42 65 74 77 65 65 6e 20 63 6f 6d 70 75 74 65	traffic,.default.Between.compute
28840	72 73 2c 20 74 68 65 20 6d 6f 73 74 20 63 6f 6d 6d 6f 6e 20 63 6f 6e 66 69 67 75 72 61 74 69 6f	rs,.the.most.common.configuratio
28860	6e 20 75 73 65 64 20 77 61 73 20 22 38 4e 31 22 3a 20 65 69 67 68 74 20 62 69 74 20 63 68 61 72	n.used.was."8N1":.eight.bit.char
28880	61 63 74 65 72 73 2c 20 77 69 74 68 20 6f 6e 65 20 73 74 61 72 74 20 62 69 74 2c 20 6f 6e 65 20	acters,.with.one.start.bit,.one.
288a0	73 74 6f 70 20 62 69 74 2c 20 61 6e 64 20 6e 6f 20 70 61 72 69 74 79 20 62 69 74 2e 20 54 68 75	stop.bit,.and.no.parity.bit..Thu
288c0	73 20 31 30 20 42 61 75 64 20 74 69 6d 65 73 20 61 72 65 20 75 73 65 64 20 74 6f 20 73 65 6e 64	s.10.Baud.times.are.used.to.send
288e0	20 61 20 73 69 6e 67 6c 65 20 63 68 61 72 61 63 74 65 72 2c 20 61 6e 64 20 73 6f 20 64 69 76 69	.a.single.character,.and.so.divi
28900	64 69 6e 67 20 74 68 65 20 73 69 67 6e 61 6c 6c 69 6e 67 20 62 69 74 2d 72 61 74 65 20 62 79 20	ding.the.signalling.bit-rate.by.
28920	74 65 6e 20 72 65 73 75 6c 74 73 20 69 6e 20 74 68 65 20 6f 76 65 72 61 6c 6c 20 74 72 61 6e 73	ten.results.in.the.overall.trans
28940	6d 69 73 73 69 6f 6e 20 73 70 65 65 64 20 69 6e 20 63 68 61 72 61 63 74 65 72 73 20 70 65 72 20	mission.speed.in.characters.per.
28960	73 65 63 6f 6e 64 2e 20 54 68 69 73 20 69 73 20 61 6c 73 6f 20 74 68 65 20 64 65 66 61 75 6c 74	second..This.is.also.the.default
28980	20 73 65 74 74 69 6e 67 20 69 66 20 6e 6f 6e 65 20 6f 66 20 74 68 6f 73 65 20 6f 70 74 69 6f 6e	.setting.if.none.of.those.option
289a0	73 20 61 72 65 20 64 65 66 69 6e 65 64 2e 00 42 69 64 69 72 65 63 74 69 6f 6e 61 6c 20 4e 41 54	s.are.defined..Bidirectional.NAT
289c0	00 42 69 6e 61 72 79 20 76 61 6c 75 65 00 42 69 6e 64 20 6c 69 73 74 65 6e 65 72 20 74 6f 20 73	.Binary.value.Bind.listener.to.s
289e0	70 65 63 69 66 69 63 20 69 6e 74 65 72 66 61 63 65 2f 61 64 64 72 65 73 73 2c 20 6d 61 6e 64 61	pecific.interface/address,.manda
28a00	74 6f 72 79 20 66 6f 72 20 49 50 76 36 00 42 69 6e 64 73 20 65 74 68 31 2e 32 34 31 20 61 6e 64	tory.for.IPv6.Binds.eth1.241.and
28a20	20 76 78 6c 61 6e 32 34 31 20 74 6f 20 65 61 63 68 20 6f 74 68 65 72 20 62 79 20 6d 61 6b 69 6e	.vxlan241.to.each.other.by.makin
28a40	67 20 74 68 65 6d 20 62 6f 74 68 20 6d 65 6d 62 65 72 20 69 6e 74 65 72 66 61 63 65 73 20 6f 66	g.them.both.member.interfaces.of
28a60	20 74 68 65 20 73 61 6d 65 20 62 72 69 64 67 65 2e 00 42 6c 61 63 6b 68 6f 6c 65 00 42 6c 6f 63	.the.same.bridge..Blackhole.Bloc
28a80	6b 20 73 6f 75 72 63 65 20 49 50 20 69 6e 20 73 65 63 6f 6e 64 73 2e 20 53 75 62 73 65 71 75 65	k.source.IP.in.seconds..Subseque
28aa0	6e 74 20 62 6c 6f 63 6b 73 20 69 6e 63 72 65 61 73 65 20 62 79 20 61 20 66 61 63 74 6f 72 20 6f	nt.blocks.increase.by.a.factor.o
28ac0	66 20 31 2e 35 20 54 68 65 20 64 65 66 61 75 6c 74 20 69 73 20 31 32 30 2e 00 42 6c 6f 63 6b 20	f.1.5.The.default.is.120..Block.
28ae0	73 6f 75 72 63 65 20 49 50 20 77 68 65 6e 20 74 68 65 69 72 20 63 75 6d 75 6c 61 74 69 76 65 20	source.IP.when.their.cumulative.
28b00	61 74 74 61 63 6b 20 73 63 6f 72 65 20 65 78 63 65 65 64 73 20 74 68 72 65 73 68 6f 6c 64 2e 20	attack.score.exceeds.threshold..
28b20	54 68 65 20 64 65 66 61 75 6c 74 20 69 73 20 33 30 2e 00 42 6c 6f 63 6b 69 6e 67 20 63 61 6c 6c	The.default.is.30..Blocking.call
28b40	20 77 69 74 68 20 6e 6f 20 74 69 6d 65 6f 75 74 2e 20 53 79 73 74 65 6d 20 77 69 6c 6c 20 62 65	.with.no.timeout..System.will.be
28b60	63 6f 6d 65 20 75 6e 72 65 73 70 6f 6e 73 69 76 65 20 69 66 20 73 63 72 69 70 74 20 64 6f 65 73	come.unresponsive.if.script.does
28b80	20 6e 6f 74 20 72 65 74 75 72 6e 21 00 42 6f 61 72 64 65 72 20 47 61 74 65 77 61 79 20 50 72 6f	.not.return!.Boarder.Gateway.Pro
28ba0	74 6f 63 6f 6c 20 28 42 47 50 29 20 6f 72 69 67 69 6e 20 63 6f 64 65 20 74 6f 20 6d 61 74 63 68	tocol.(BGP).origin.code.to.match
28bc0	2e 00 42 6f 6e 64 20 2f 20 4c 69 6e 6b 20 41 67 67 72 65 67 61 74 69 6f 6e 00 42 6f 6e 64 20 6f	..Bond./.Link.Aggregation.Bond.o
28be0	70 74 69 6f 6e 73 00 42 6f 6f 74 20 69 6d 61 67 65 20 6c 65 6e 67 74 68 20 69 6e 20 35 31 32 2d	ptions.Boot.image.length.in.512-
28c00	6f 63 74 65 74 20 62 6c 6f 63 6b 73 00 42 6f 6f 74 73 74 72 61 70 20 66 69 6c 65 20 6e 61 6d 65	octet.blocks.Bootstrap.file.name
28c20	00 42 6f 74 68 20 49 50 76 34 20 61 6e 64 20 49 50 76 36 20 6d 75 6c 74 69 63 61 73 74 20 69 73	.Both.IPv4.and.IPv6.multicast.is
28c40	20 70 6f 73 73 69 62 6c 65 2e 00 42 6f 74 68 20 6c 6f 63 61 6c 20 61 64 6d 69 6e 69 73 74 65 72	.possible..Both.local.administer
28c60	65 64 20 61 6e 64 20 72 65 6d 6f 74 65 20 61 64 6d 69 6e 69 73 74 65 72 65 64 20 3a 61 62 62 72	ed.and.remote.administered.:abbr
28c80	3a 60 52 41 44 49 55 53 20 28 52 65 6d 6f 74 65 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20	:`RADIUS.(Remote.Authentication.
28ca0	44 69 61 6c 2d 49 6e 20 55 73 65 72 20 53 65 72 76 69 63 65 29 60 20 61 63 63 6f 75 6e 74 73 20	Dial-In.User.Service)`.accounts.
28cc0	61 72 65 20 73 75 70 70 6f 72 74 65 64 2e 00 42 6f 74 68 20 72 65 70 6c 69 65 73 20 61 6e 64 20	are.supported..Both.replies.and.
28ce0	72 65 71 75 65 73 74 73 20 74 79 70 65 20 67 72 61 74 75 69 74 6f 75 73 20 61 72 70 20 77 69 6c	requests.type.gratuitous.arp.wil
28d00	6c 20 74 72 69 67 67 65 72 20 74 68 65 20 41 52 50 20 74 61 62 6c 65 20 74 6f 20 62 65 20 75 70	l.trigger.the.ARP.table.to.be.up
28d20	64 61 74 65 64 2c 20 69 66 20 74 68 69 73 20 73 65 74 74 69 6e 67 20 69 73 20 6f 6e 2e 00 42 72	dated,.if.this.setting.is.on..Br
28d40	61 6e 63 68 20 31 27 73 20 72 6f 75 74 65 72 20 6d 69 67 68 74 20 68 61 76 65 20 74 68 65 20 66	anch.1's.router.might.have.the.f
28d60	6f 6c 6c 6f 77 69 6e 67 20 6c 69 6e 65 73 3a 00 42 72 69 64 67 65 00 42 72 69 64 67 65 20 4f 70	ollowing.lines:.Bridge.Bridge.Op
28d80	74 69 6f 6e 73 00 42 72 69 64 67 65 20 61 6e 73 77 65 72 73 20 6f 6e 20 49 50 20 61 64 64 72 65	tions.Bridge.answers.on.IP.addre
28da0	73 73 20 31 39 32 2e 30 2e 32 2e 31 2f 32 34 20 61 6e 64 20 32 30 30 31 3a 64 62 38 3a 3a 66 66	ss.192.0.2.1/24.and.2001:db8::ff
28dc0	66 66 2f 36 34 00 42 72 69 64 67 65 20 6d 61 78 69 6d 75 6d 20 61 67 69 6e 67 20 60 3c 74 69 6d	ff/64.Bridge.maximum.aging.`<tim
28de0	65 3e 60 20 69 6e 20 73 65 63 6f 6e 64 73 20 28 64 65 66 61 75 6c 74 3a 20 32 30 29 2e 00 42 72	e>`.in.seconds.(default:.20)..Br
28e00	69 64 67 65 3a 00 42 75 73 69 6e 65 73 73 20 55 73 65 72 73 00 42 75 74 20 62 65 66 6f 72 65 20	idge:.Business.Users.But.before.
28e20	6c 65 61 72 6e 69 6e 67 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 70 6f 6c 69 63	learning.to.configure.your.polic
28e40	79 2c 20 77 65 20 77 69 6c 6c 20 77 61 72 6e 20 79 6f 75 20 61 62 6f 75 74 20 74 68 65 20 64 69	y,.we.will.warn.you.about.the.di
28e60	66 66 65 72 65 6e 74 20 75 6e 69 74 73 20 79 6f 75 20 63 61 6e 20 75 73 65 20 61 6e 64 20 61 6c	fferent.units.you.can.use.and.al
28e80	73 6f 20 73 68 6f 77 20 79 6f 75 20 77 68 61 74 20 2a 63 6c 61 73 73 65 73 2a 20 61 72 65 20 61	so.show.you.what.*classes*.are.a
28ea0	6e 64 20 68 6f 77 20 74 68 65 79 20 77 6f 72 6b 2c 20 61 73 20 73 6f 6d 65 20 70 6f 6c 69 63 69	nd.how.they.work,.as.some.polici
28ec0	65 73 20 6d 61 79 20 72 65 71 75 69 72 65 20 79 6f 75 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20	es.may.require.you.to.configure.
28ee0	74 68 65 6d 2e 00 42 79 20 64 65 66 61 75 6c 74 20 56 52 52 50 20 75 73 65 73 20 6d 75 6c 74 69	them..By.default.VRRP.uses.multi
28f00	63 61 73 74 20 70 61 63 6b 65 74 73 2e 20 49 66 20 79 6f 75 72 20 6e 65 74 77 6f 72 6b 20 64 6f	cast.packets..If.your.network.do
28f20	65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 6d 75 6c 74 69 63 61 73 74 20 66 6f 72 20 77 68 61	es.not.support.multicast.for.wha
28f40	74 65 76 65 72 20 72 65 61 73 6f 6e 2c 20 79 6f 75 20 63 61 6e 20 6d 61 6b 65 20 56 52 52 50 20	tever.reason,.you.can.make.VRRP.
28f60	75 73 65 20 75 6e 69 63 61 73 74 20 63 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 20 69 6e 73 74 65 61	use.unicast.communication.instea
28f80	64 2e 00 42 79 20 64 65 66 61 75 6c 74 20 56 52 52 50 20 75 73 65 73 20 70 72 65 65 6d 70 74 69	d..By.default.VRRP.uses.preempti
28fa0	6f 6e 2e 20 59 6f 75 20 63 61 6e 20 64 69 73 61 62 6c 65 20 69 74 20 77 69 74 68 20 74 68 65 20	on..You.can.disable.it.with.the.
28fc0	22 6e 6f 2d 70 72 65 65 6d 70 74 22 20 6f 70 74 69 6f 6e 3a 00 42 79 20 64 65 66 61 75 6c 74 20	"no-preempt".option:.By.default.
28fe0	60 73 74 72 69 63 74 2d 6c 73 61 2d 63 68 65 63 6b 69 6e 67 60 20 69 73 20 63 6f 6e 66 69 67 75	`strict-lsa-checking`.is.configu
29000	72 65 64 20 74 68 65 6e 20 74 68 65 20 68 65 6c 70 65 72 20 77 69 6c 6c 20 61 62 6f 72 74 20 74	red.then.the.helper.will.abort.t
29020	68 65 20 47 72 61 63 65 66 75 6c 20 52 65 73 74 61 72 74 20 77 68 65 6e 20 61 20 4c 53 41 20 63	he.Graceful.Restart.when.a.LSA.c
29040	68 61 6e 67 65 20 6f 63 63 75 72 73 20 77 68 69 63 68 20 61 66 66 65 63 74 73 20 74 68 65 20 72	hange.occurs.which.affects.the.r
29060	65 73 74 61 72 74 69 6e 67 20 72 6f 75 74 65 72 2e 00 42 79 20 64 65 66 61 75 6c 74 20 74 68 65	estarting.router..By.default.the
29080	20 73 63 6f 70 65 20 6f 66 20 74 68 65 20 70 6f 72 74 20 62 69 6e 64 69 6e 67 73 20 66 6f 72 20	.scope.of.the.port.bindings.for.
290a0	75 6e 62 6f 75 6e 64 20 73 6f 63 6b 65 74 73 20 69 73 20 6c 69 6d 69 74 65 64 20 74 6f 20 74 68	unbound.sockets.is.limited.to.th
290c0	65 20 64 65 66 61 75 6c 74 20 56 52 46 2e 20 54 68 61 74 20 69 73 2c 20 69 74 20 77 69 6c 6c 20	e.default.VRF..That.is,.it.will.
290e0	6e 6f 74 20 62 65 20 6d 61 74 63 68 65 64 20 62 79 20 70 61 63 6b 65 74 73 20 61 72 72 69 76 69	not.be.matched.by.packets.arrivi
29100	6e 67 20 6f 6e 20 69 6e 74 65 72 66 61 63 65 73 20 65 6e 73 6c 61 76 65 64 20 74 6f 20 61 20 56	ng.on.interfaces.enslaved.to.a.V
29120	52 46 20 61 6e 64 20 70 72 6f 63 65 73 73 65 73 20 6d 61 79 20 62 69 6e 64 20 74 6f 20 74 68 65	RF.and.processes.may.bind.to.the
29140	20 73 61 6d 65 20 70 6f 72 74 20 69 66 20 74 68 65 79 20 62 69 6e 64 20 74 6f 20 61 20 56 52 46	.same.port.if.they.bind.to.a.VRF
29160	2e 00 42 79 20 64 65 66 61 75 6c 74 2c 20 46 52 52 20 77 69 6c 6c 20 62 72 69 6e 67 20 75 70 20	..By.default,.FRR.will.bring.up.
29180	70 65 65 72 69 6e 67 20 77 69 74 68 20 6d 69 6e 69 6d 61 6c 20 63 6f 6d 6d 6f 6e 20 63 61 70 61	peering.with.minimal.common.capa
291a0	62 69 6c 69 74 79 20 66 6f 72 20 74 68 65 20 62 6f 74 68 20 73 69 64 65 73 2e 20 46 6f 72 20 65	bility.for.the.both.sides..For.e
291c0	78 61 6d 70 6c 65 2c 20 69 66 20 74 68 65 20 6c 6f 63 61 6c 20 72 6f 75 74 65 72 20 68 61 73 20	xample,.if.the.local.router.has.
291e0	75 6e 69 63 61 73 74 20 61 6e 64 20 6d 75 6c 74 69 63 61 73 74 20 63 61 70 61 62 69 6c 69 74 69	unicast.and.multicast.capabiliti
29200	65 73 20 61 6e 64 20 74 68 65 20 72 65 6d 6f 74 65 20 72 6f 75 74 65 72 20 6f 6e 6c 79 20 68 61	es.and.the.remote.router.only.ha
29220	73 20 75 6e 69 63 61 73 74 20 63 61 70 61 62 69 6c 69 74 79 20 74 68 65 20 6c 6f 63 61 6c 20 72	s.unicast.capability.the.local.r
29240	6f 75 74 65 72 20 77 69 6c 6c 20 65 73 74 61 62 6c 69 73 68 20 74 68 65 20 63 6f 6e 6e 65 63 74	outer.will.establish.the.connect
29260	69 6f 6e 20 77 69 74 68 20 75 6e 69 63 61 73 74 20 6f 6e 6c 79 20 63 61 70 61 62 69 6c 69 74 79	ion.with.unicast.only.capability
29280	2e 20 57 68 65 6e 20 74 68 65 72 65 20 61 72 65 20 6e 6f 20 63 6f 6d 6d 6f 6e 20 63 61 70 61 62	..When.there.are.no.common.capab
292a0	69 6c 69 74 69 65 73 2c 20 46 52 52 20 73 65 6e 64 73 20 55 6e 73 75 70 70 6f 72 74 65 64 20 43	ilities,.FRR.sends.Unsupported.C
292c0	61 70 61 62 69 6c 69 74 79 20 65 72 72 6f 72 20 61 6e 64 20 74 68 65 6e 20 72 65 73 65 74 73 20	apability.error.and.then.resets.
292e0	74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 2e 00 42 79 20 64 65 66 61 75 6c 74 2c 20 56 79 4f 53	the.connection..By.default,.VyOS
29300	20 64 6f 65 73 20 6e 6f 74 20 61 64 76 65 72 74 69 73 65 20 61 20 64 65 66 61 75 6c 74 20 72 6f	.does.not.advertise.a.default.ro
29320	75 74 65 20 28 30 2e 30 2e 30 2e 30 2f 30 29 20 65 76 65 6e 20 69 66 20 69 74 20 69 73 20 69 6e	ute.(0.0.0.0/0).even.if.it.is.in
29340	20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 2e 20 57 68 65 6e 20 79 6f 75 20 77 61 6e 74 20 74 6f	.routing.table..When.you.want.to
29360	20 61 6e 6e 6f 75 6e 63 65 20 64 65 66 61 75 6c 74 20 72 6f 75 74 65 73 20 74 6f 20 74 68 65 20	.announce.default.routes.to.the.
29380	70 65 65 72 2c 20 75 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 2e 20 55 73 69 6e 67 20 6f 70	peer,.use.this.command..Using.op
293a0	74 69 6f 6e 61 6c 20 61 72 67 75 6d 65 6e 74 20 3a 63 66 67 63 6d 64 3a 60 72 6f 75 74 65 2d 6d	tional.argument.:cfgcmd:`route-m
293c0	61 70 60 20 79 6f 75 20 63 61 6e 20 69 6e 6a 65 63 74 20 74 68 65 20 64 65 66 61 75 6c 74 20 72	ap`.you.can.inject.the.default.r
293e0	6f 75 74 65 20 74 6f 20 67 69 76 65 6e 20 6e 65 69 67 68 62 6f 72 20 6f 6e 6c 79 20 69 66 20 74	oute.to.given.neighbor.only.if.t
29400	68 65 20 63 6f 6e 64 69 74 69 6f 6e 73 20 69 6e 20 74 68 65 20 72 6f 75 74 65 20 6d 61 70 20 61	he.conditions.in.the.route.map.a
29420	72 65 20 6d 65 74 2e 00 42 79 20 64 65 66 61 75 6c 74 2c 20 61 20 6e 65 77 20 74 6f 6b 65 6e 20	re.met..By.default,.a.new.token.
29440	69 73 20 67 65 6e 65 72 61 74 65 64 20 65 76 65 72 79 20 33 30 20 73 65 63 6f 6e 64 73 20 62 79	is.generated.every.30.seconds.by
29460	20 74 68 65 20 6d 6f 62 69 6c 65 20 61 70 70 6c 69 63 61 74 69 6f 6e 2e 20 49 6e 20 6f 72 64 65	.the.mobile.application..In.orde
29480	72 20 74 6f 20 63 6f 6d 70 65 6e 73 61 74 65 20 66 6f 72 20 70 6f 73 73 69 62 6c 65 20 74 69 6d	r.to.compensate.for.possible.tim
294a0	65 2d 73 6b 65 77 20 62 65 74 77 65 65 6e 20 74 68 65 20 63 6c 69 65 6e 74 20 61 6e 64 20 74 68	e-skew.between.the.client.and.th
294c0	65 20 73 65 72 76 65 72 2c 20 61 6e 20 65 78 74 72 61 20 74 6f 6b 65 6e 20 62 65 66 6f 72 65 20	e.server,.an.extra.token.before.
294e0	61 6e 64 20 61 66 74 65 72 20 74 68 65 20 63 75 72 72 65 6e 74 20 74 69 6d 65 20 69 73 20 61 6c	and.after.the.current.time.is.al
29500	6c 6f 77 65 64 2e 20 54 68 69 73 20 61 6c 6c 6f 77 73 20 66 6f 72 20 61 20 74 69 6d 65 20 73 6b	lowed..This.allows.for.a.time.sk
29520	65 77 20 6f 66 20 75 70 20 74 6f 20 33 30 20 73 65 63 6f 6e 64 73 20 62 65 74 77 65 65 6e 20 61	ew.of.up.to.30.seconds.between.a
29540	75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 73 65 72 76 65 72 20 61 6e 64 20 63 6c 69 65 6e 74 2e	uthentication.server.and.client.
29560	00 42 79 20 64 65 66 61 75 6c 74 2c 20 64 64 63 6c 69 65 6e 74 5f 20 77 69 6c 6c 20 75 70 64 61	.By.default,.ddclient_.will.upda
29580	74 65 20 61 20 64 79 6e 61 6d 69 63 20 64 6e 73 20 72 65 63 6f 72 64 20 75 73 69 6e 67 20 74 68	te.a.dynamic.dns.record.using.th
295a0	65 20 49 50 20 61 64 64 72 65 73 73 20 64 69 72 65 63 74 6c 79 20 61 74 74 61 63 68 65 64 20 74	e.IP.address.directly.attached.t
295c0	6f 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 2e 20 49 66 20 79 6f 75 72 20 56 79 4f 53 20 69 6e	o.the.interface..If.your.VyOS.in
295e0	73 74 61 6e 63 65 20 69 73 20 62 65 68 69 6e 64 20 4e 41 54 2c 20 79 6f 75 72 20 72 65 63 6f 72	stance.is.behind.NAT,.your.recor
29600	64 20 77 69 6c 6c 20 62 65 20 75 70 64 61 74 65 64 20 74 6f 20 70 6f 69 6e 74 20 74 6f 20 79 6f	d.will.be.updated.to.point.to.yo
29620	75 72 20 69 6e 74 65 72 6e 61 6c 20 49 50 2e 00 42 79 20 64 65 66 61 75 6c 74 2c 20 65 6e 61 62	ur.internal.IP..By.default,.enab
29640	6c 69 6e 67 20 52 50 4b 49 20 64 6f 65 73 20 6e 6f 74 20 63 68 61 6e 67 65 20 62 65 73 74 20 70	ling.RPKI.does.not.change.best.p
29660	61 74 68 20 73 65 6c 65 63 74 69 6f 6e 2e 20 49 6e 20 70 61 72 74 69 63 75 6c 61 72 2c 20 69 6e	ath.selection..In.particular,.in
29680	76 61 6c 69 64 20 70 72 65 66 69 78 65 73 20 77 69 6c 6c 20 73 74 69 6c 6c 20 62 65 20 63 6f 6e	valid.prefixes.will.still.be.con
296a0	73 69 64 65 72 65 64 20 64 75 72 69 6e 67 20 62 65 73 74 20 70 61 74 68 20 73 65 6c 65 63 74 69	sidered.during.best.path.selecti
296c0	6f 6e 2e 20 48 6f 77 65 76 65 72 2c 20 74 68 65 20 72 6f 75 74 65 72 20 63 61 6e 20 62 65 20 63	on..However,.the.router.can.be.c
296e0	6f 6e 66 69 67 75 72 65 64 20 74 6f 20 69 67 6e 6f 72 65 20 61 6c 6c 20 69 6e 76 61 6c 69 64 20	onfigured.to.ignore.all.invalid.
29700	70 72 65 66 69 78 65 73 2e 00 42 79 20 64 65 66 61 75 6c 74 2c 20 69 74 20 73 75 70 70 6f 72 74	prefixes..By.default,.it.support
29720	73 20 62 6f 74 68 20 70 6c 61 6e 6e 65 64 20 61 6e 64 20 75 6e 70 6c 61 6e 6e 65 64 20 6f 75 74	s.both.planned.and.unplanned.out
29740	61 67 65 73 2e 00 42 79 20 64 65 66 61 75 6c 74 2c 20 6e 67 69 6e 78 20 65 78 70 6f 73 65 73 20	ages..By.default,.nginx.exposes.
29760	74 68 65 20 6c 6f 63 61 6c 20 41 50 49 20 6f 6e 20 61 6c 6c 20 76 69 72 74 75 61 6c 20 73 65 72	the.local.API.on.all.virtual.ser
29780	76 65 72 73 2e 20 55 73 65 20 74 68 69 73 20 74 6f 20 72 65 73 74 72 69 63 74 20 6e 67 69 6e 78	vers..Use.this.to.restrict.nginx
297a0	20 74 6f 20 6f 6e 65 20 6f 72 20 6d 6f 72 65 20 76 69 72 74 75 61 6c 20 68 6f 73 74 73 2e 00 42	.to.one.or.more.virtual.hosts..B
297c0	79 20 64 65 66 61 75 6c 74 2c 20 72 65 63 6f 72 64 65 64 20 66 6c 6f 77 73 20 77 69 6c 6c 20 62	y.default,.recorded.flows.will.b
297e0	65 20 73 61 76 65 64 20 69 6e 74 65 72 6e 61 6c 6c 79 20 61 6e 64 20 63 61 6e 20 62 65 20 6c 69	e.saved.internally.and.can.be.li
29800	73 74 65 64 20 77 69 74 68 20 74 68 65 20 43 4c 49 20 63 6f 6d 6d 61 6e 64 2e 20 59 6f 75 20 6d	sted.with.the.CLI.command..You.m
29820	61 79 20 64 69 73 61 62 6c 65 20 75 73 69 6e 67 20 74 68 65 20 6c 6f 63 61 6c 20 69 6e 2d 6d 65	ay.disable.using.the.local.in-me
29840	6d 6f 72 79 20 74 61 62 6c 65 20 77 69 74 68 20 74 68 65 20 63 6f 6d 6d 61 6e 64 3a 00 42 79 20	mory.table.with.the.command:.By.
29860	64 65 66 61 75 6c 74 2c 20 74 68 65 20 42 47 50 20 70 72 65 66 69 78 20 69 73 20 61 64 76 65 72	default,.the.BGP.prefix.is.adver
29880	74 69 73 65 64 20 65 76 65 6e 20 69 66 20 69 74 27 73 20 6e 6f 74 20 70 72 65 73 65 6e 74 20 69	tised.even.if.it's.not.present.i
298a0	6e 20 74 68 65 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 2e 20 54 68 69 73 20 62 65 68 61 76 69	n.the.routing.table..This.behavi
298c0	6f 75 72 20 64 69 66 66 65 72 73 20 66 72 6f 6d 20 74 68 65 20 69 6d 70 6c 65 6d 65 6e 74 61 74	our.differs.from.the.implementat
298e0	69 6f 6e 20 6f 66 20 73 6f 6d 65 20 76 65 6e 64 6f 72 73 2e 00 42 79 20 64 65 66 61 75 6c 74 2c	ion.of.some.vendors..By.default,
29900	20 74 68 69 73 20 62 72 69 64 67 69 6e 67 20 69 73 20 61 6c 6c 6f 77 65 64 2e 00 42 79 20 64 65	.this.bridging.is.allowed..By.de
29920	66 61 75 6c 74 2c 20 77 68 65 6e 20 56 79 4f 53 20 72 65 63 65 69 76 65 73 20 61 6e 20 49 43 4d	fault,.when.VyOS.receives.an.ICM
29940	50 20 65 63 68 6f 20 72 65 71 75 65 73 74 20 70 61 63 6b 65 74 20 64 65 73 74 69 6e 65 64 20 66	P.echo.request.packet.destined.f
29960	6f 72 20 69 74 73 65 6c 66 2c 20 69 74 20 77 69 6c 6c 20 61 6e 73 77 65 72 20 77 69 74 68 20 61	or.itself,.it.will.answer.with.a
29980	6e 20 49 43 4d 50 20 65 63 68 6f 20 72 65 70 6c 79 2c 20 75 6e 6c 65 73 73 20 79 6f 75 20 61 76	n.ICMP.echo.reply,.unless.you.av
299a0	6f 69 64 20 69 74 20 74 68 72 6f 75 67 68 20 69 74 73 20 66 69 72 65 77 61 6c 6c 2e 00 42 79 20	oid.it.through.its.firewall..By.
299c0	75 73 69 6e 67 20 50 73 65 75 64 6f 2d 45 74 68 65 72 6e 65 74 20 69 6e 74 65 72 66 61 63 65 73	using.Pseudo-Ethernet.interfaces
299e0	20 74 68 65 72 65 20 77 69 6c 6c 20 62 65 20 6c 65 73 73 20 73 79 73 74 65 6d 20 6f 76 65 72 68	.there.will.be.less.system.overh
29a00	65 61 64 20 63 6f 6d 70 61 72 65 64 20 74 6f 20 72 75 6e 6e 69 6e 67 20 61 20 74 72 61 64 69 74	ead.compared.to.running.a.tradit
29a20	69 6f 6e 61 6c 20 62 72 69 64 67 69 6e 67 20 61 70 70 72 6f 61 63 68 2e 20 50 73 65 75 64 6f 2d	ional.bridging.approach..Pseudo-
29a40	45 74 68 65 72 6e 65 74 20 69 6e 74 65 72 66 61 63 65 73 20 63 61 6e 20 61 6c 73 6f 20 62 65 20	Ethernet.interfaces.can.also.be.
29a60	75 73 65 64 20 74 6f 20 77 6f 72 6b 61 72 6f 75 6e 64 20 74 68 65 20 67 65 6e 65 72 61 6c 20 6c	used.to.workaround.the.general.l
29a80	69 6d 69 74 20 6f 66 20 34 30 39 36 20 76 69 72 74 75 61 6c 20 4c 41 4e 73 20 28 56 4c 41 4e 73	imit.of.4096.virtual.LANs.(VLANs
29aa0	29 20 70 65 72 20 70 68 79 73 69 63 61 6c 20 45 74 68 65 72 6e 65 74 20 70 6f 72 74 2c 20 73 69	).per.physical.Ethernet.port,.si
29ac0	6e 63 65 20 74 68 61 74 20 6c 69 6d 69 74 20 69 73 20 77 69 74 68 20 72 65 73 70 65 63 74 20 74	nce.that.limit.is.with.respect.t
29ae0	6f 20 61 20 73 69 6e 67 6c 65 20 4d 41 43 20 61 64 64 72 65 73 73 2e 00 42 79 70 61 73 73 69 6e	o.a.single.MAC.address..Bypassin
29b00	67 20 74 68 65 20 77 65 62 70 72 6f 78 79 00 43 41 20 28 43 65 72 74 69 66 69 63 61 74 65 20 41	g.the.webproxy.CA.(Certificate.A
29b20	75 74 68 6f 72 69 74 79 29 00 43 52 49 54 49 43 2f 45 43 50 00 43 61 6c 6c 20 61 6e 6f 74 68 65	uthority).CRITIC/ECP.Call.anothe
29b40	72 20 72 6f 75 74 65 2d 6d 61 70 20 70 6f 6c 69 63 79 20 6f 6e 20 6d 61 74 63 68 2e 00 43 61 70	r.route-map.policy.on.match..Cap
29b60	61 62 69 6c 69 74 79 20 4e 65 67 6f 74 69 61 74 69 6f 6e 00 43 65 72 74 61 69 6e 20 76 65 6e 64	ability.Negotiation.Certain.vend
29b80	6f 72 73 20 75 73 65 20 62 72 6f 61 64 63 61 73 74 73 20 74 6f 20 69 64 65 6e 74 69 66 79 20 74	ors.use.broadcasts.to.identify.t
29ba0	68 65 69 72 20 65 71 75 69 70 6d 65 6e 74 20 77 69 74 68 69 6e 20 6f 6e 65 20 65 74 68 65 72 6e	heir.equipment.within.one.ethern
29bc0	65 74 20 73 65 67 6d 65 6e 74 2e 20 55 6e 66 6f 72 74 75 6e 61 74 65 6c 79 20 69 66 20 79 6f 75	et.segment..Unfortunately.if.you
29be0	20 73 70 6c 69 74 20 79 6f 75 72 20 6e 65 74 77 6f 72 6b 20 77 69 74 68 20 6d 75 6c 74 69 70 6c	.split.your.network.with.multipl
29c00	65 20 56 4c 41 4e 73 20 79 6f 75 20 6c 6f 6f 73 65 20 74 68 65 20 61 62 69 6c 69 74 79 20 6f 66	e.VLANs.you.loose.the.ability.of
29c20	20 69 64 65 6e 74 69 66 79 69 6e 67 20 79 6f 75 72 20 65 71 75 69 70 6d 65 6e 74 2e 00 43 65 72	.identifying.your.equipment..Cer
29c40	74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 20 28 43 41 29 00 43 65 72 74 69 66 69 63	tificate.Authority.(CA).Certific
29c60	61 74 65 20 72 65 76 6f 63 61 74 69 6f 6e 20 6c 69 73 74 20 69 6e 20 50 45 4d 20 66 6f 72 6d 61	ate.revocation.list.in.PEM.forma
29c80	74 2e 00 43 65 72 74 69 66 69 63 61 74 65 73 00 43 68 61 6e 67 65 20 73 79 73 74 65 6d 20 6b 65	t..Certificates.Change.system.ke
29ca0	79 62 6f 61 72 64 20 6c 61 79 6f 75 74 20 74 6f 20 67 69 76 65 6e 20 6c 61 6e 67 75 61 67 65 2e	yboard.layout.to.given.language.
29cc0	00 43 68 61 6e 67 65 20 74 68 65 20 64 65 66 61 75 6c 74 2d 61 63 74 69 6f 6e 20 77 69 74 68 20	.Change.the.default-action.with.
29ce0	74 68 69 73 20 73 65 74 74 69 6e 67 2e 00 43 68 61 6e 67 65 73 20 69 6e 20 42 47 50 20 70 6f 6c	this.setting..Changes.in.BGP.pol
29d00	69 63 69 65 73 20 72 65 71 75 69 72 65 20 74 68 65 20 42 47 50 20 73 65 73 73 69 6f 6e 20 74 6f	icies.require.the.BGP.session.to
29d20	20 62 65 20 63 6c 65 61 72 65 64 2e 20 43 6c 65 61 72 69 6e 67 20 68 61 73 20 61 20 6c 61 72 67	.be.cleared..Clearing.has.a.larg
29d40	65 20 6e 65 67 61 74 69 76 65 20 69 6d 70 61 63 74 20 6f 6e 20 6e 65 74 77 6f 72 6b 20 6f 70 65	e.negative.impact.on.network.ope
29d60	72 61 74 69 6f 6e 73 2e 20 53 6f 66 74 20 72 65 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 65 6e	rations..Soft.reconfiguration.en
29d80	61 62 6c 65 73 20 79 6f 75 20 74 6f 20 67 65 6e 65 72 61 74 65 20 69 6e 62 6f 75 6e 64 20 75 70	ables.you.to.generate.inbound.up
29da0	64 61 74 65 73 20 66 72 6f 6d 20 61 20 6e 65 69 67 68 62 6f 72 2c 20 63 68 61 6e 67 65 20 61 6e	dates.from.a.neighbor,.change.an
29dc0	64 20 61 63 74 69 76 61 74 65 20 42 47 50 20 70 6f 6c 69 63 69 65 73 20 77 69 74 68 6f 75 74 20	d.activate.BGP.policies.without.
29de0	63 6c 65 61 72 69 6e 67 20 74 68 65 20 42 47 50 20 73 65 73 73 69 6f 6e 2e 00 43 68 61 6e 67 65	clearing.the.BGP.session..Change
29e00	73 20 74 6f 20 74 68 65 20 4e 41 54 20 73 79 73 74 65 6d 20 6f 6e 6c 79 20 61 66 66 65 63 74 20	s.to.the.NAT.system.only.affect.
29e20	6e 65 77 6c 79 20 65 73 74 61 62 6c 69 73 68 65 64 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 2e 20 41	newly.established.connections..A
29e40	6c 72 65 61 64 79 20 65 73 74 61 62 6c 69 73 68 65 64 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 61	lready.established.connections.a
29e60	72 65 20 6e 6f 74 20 61 66 66 65 63 74 65 64 2e 00 43 68 61 6e 67 69 6e 67 20 74 68 65 20 6b 65	re.not.affected..Changing.the.ke
29e80	79 6d 61 70 20 6f 6e 6c 79 20 68 61 73 20 61 6e 20 65 66 66 65 63 74 20 6f 6e 20 74 68 65 20 73	ymap.only.has.an.effect.on.the.s
29ea0	79 73 74 65 6d 20 63 6f 6e 73 6f 6c 65 2c 20 75 73 69 6e 67 20 53 53 48 20 6f 72 20 53 65 72 69	ystem.console,.using.SSH.or.Seri
29ec0	61 6c 20 72 65 6d 6f 74 65 20 61 63 63 65 73 73 20 74 6f 20 74 68 65 20 64 65 76 69 63 65 20 69	al.remote.access.to.the.device.i
29ee0	73 20 6e 6f 74 20 61 66 66 65 63 74 65 64 20 61 73 20 74 68 65 20 6b 65 79 62 6f 61 72 64 20 6c	s.not.affected.as.the.keyboard.l
29f00	61 79 6f 75 74 20 68 65 72 65 20 63 6f 72 72 65 73 70 6f 6e 64 73 20 74 6f 20 79 6f 75 72 20 61	ayout.here.corresponds.to.your.a
29f20	63 63 65 73 73 20 73 79 73 74 65 6d 2e 00 43 68 61 6e 6e 65 6c 20 6e 75 6d 62 65 72 20 28 49 45	ccess.system..Channel.number.(IE
29f40	45 45 20 38 30 32 2e 31 31 29 2c 20 66 6f 72 20 32 2e 34 47 68 7a 20 28 38 30 32 2e 31 31 20 62	EE.802.11),.for.2.4Ghz.(802.11.b
29f60	2f 67 2f 6e 29 20 63 68 61 6e 6e 65 6c 73 20 72 61 6e 67 65 20 66 72 6f 6d 20 31 2d 31 34 2e 20	/g/n).channels.range.from.1-14..
29f80	4f 6e 20 35 47 68 7a 20 28 38 30 32 2e 31 31 20 61 2f 68 2f 6a 2f 6e 2f 61 63 29 20 63 68 61 6e	On.5Ghz.(802.11.a/h/j/n/ac).chan
29fa0	6e 65 6c 73 20 61 76 61 69 6c 61 62 6c 65 20 61 72 65 20 30 2c 20 33 34 20 74 6f 20 31 37 33 00	nels.available.are.0,.34.to.173.
29fc0	43 68 65 63 6b 20 69 66 20 74 68 65 20 49 6e 74 65 6c c2 ae 20 51 41 54 20 64 65 76 69 63 65 20	Check.if.the.Intel...QAT.device.
29fe0	69 73 20 75 70 20 61 6e 64 20 72 65 61 64 79 20 74 6f 20 64 6f 20 74 68 65 20 6a 6f 62 2e 00 43	is.up.and.ready.to.do.the.job..C
2a000	68 65 63 6b 20 73 74 61 74 75 73 00 43 68 65 63 6b 20 74 68 65 20 6d 61 6e 79 20 70 61 72 61 6d	heck.status.Check.the.many.param
2a020	65 74 65 72 73 20 61 76 61 69 6c 61 62 6c 65 20 66 6f 72 20 74 68 65 20 60 73 68 6f 77 20 69 70	eters.available.for.the.`show.ip
2a040	76 36 20 72 6f 75 74 65 60 20 63 6f 6d 6d 61 6e 64 3a 00 43 68 65 63 6b 69 6e 67 20 63 6f 6e 6e	v6.route`.command:.Checking.conn
2a060	65 63 74 69 6f 6e 73 00 43 68 6f 6f 73 65 20 79 6f 75 72 20 60 60 64 69 72 65 63 74 6f 72 79 60	ections.Choose.your.``directory`
2a080	60 20 6c 6f 63 61 74 69 6f 6e 20 63 61 72 65 66 75 6c 6c 79 20 6f 72 20 79 6f 75 20 77 69 6c 6c	`.location.carefully.or.you.will
2a0a0	20 6c 6f 6f 73 65 20 74 68 65 20 63 6f 6e 74 65 6e 74 20 6f 6e 20 69 6d 61 67 65 20 75 70 67 72	.loose.the.content.on.image.upgr
2a0c0	61 64 65 73 2e 20 41 6e 79 20 64 69 72 65 63 74 6f 72 79 20 75 6e 64 65 72 20 60 60 2f 63 6f 6e	ades..Any.directory.under.``/con
2a0e0	66 69 67 60 60 20 69 73 20 73 61 76 65 20 61 74 20 74 68 69 73 20 77 69 6c 6c 20 62 65 20 6d 69	fig``.is.save.at.this.will.be.mi
2a100	67 72 61 74 65 64 2e 00 43 69 73 63 6f 20 43 61 74 61 6c 79 73 74 00 43 69 73 63 6f 20 61 6e 64	grated..Cisco.Catalyst.Cisco.and
2a120	20 41 6c 6c 69 65 64 20 54 65 6c 65 73 79 6e 20 63 61 6c 6c 20 69 74 20 50 72 69 76 61 74 65 20	.Allied.Telesyn.call.it.Private.
2a140	56 4c 41 4e 00 43 6c 61 6d 70 20 4d 53 53 20 66 6f 72 20 61 20 73 70 65 63 69 66 69 63 20 49 50	VLAN.Clamp.MSS.for.a.specific.IP
2a160	00 43 6c 61 73 73 20 74 72 65 61 74 6d 65 6e 74 00 43 6c 61 73 73 65 73 00 43 6c 61 73 73 6c 65	.Class.treatment.Classes.Classle
2a180	73 73 20 73 74 61 74 69 63 20 72 6f 75 74 65 00 43 6c 65 61 72 20 61 6c 6c 20 42 47 50 20 65 78	ss.static.route.Clear.all.BGP.ex
2a1a0	74 63 6f 6d 6d 75 6e 69 74 69 65 73 2e 00 43 6c 69 65 6e 74 00 43 6c 69 65 6e 74 20 41 64 64 72	tcommunities..Client.Client.Addr
2a1c0	65 73 73 20 50 6f 6f 6c 73 00 43 6c 69 65 6e 74 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 00	ess.Pools.Client.Authentication.
2a1e0	43 6c 69 65 6e 74 20 49 50 20 61 64 64 72 65 73 73 65 73 20 77 69 6c 6c 20 62 65 20 70 72 6f 76	Client.IP.addresses.will.be.prov
2a200	69 64 65 64 20 66 72 6f 6d 20 70 6f 6f 6c 20 60 31 39 32 2e 30 2e 32 2e 30 2f 32 35 60 00 43 6c	ided.from.pool.`192.0.2.0/25`.Cl
2a220	69 65 6e 74 20 53 69 64 65 00 43 6c 69 65 6e 74 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 00 43	ient.Side.Client.configuration.C
2a240	6c 69 65 6e 74 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 00 43 6c 69 65 6e 74 20 64 6f 6d 61 69 6e 20	lient.domain.name.Client.domain.
2a260	73 65 61 72 63 68 00 43 6c 69 65 6e 74 20 69 73 6f 6c 61 74 69 6f 6e 20 63 61 6e 20 62 65 20 75	search.Client.isolation.can.be.u
2a280	73 65 64 20 74 6f 20 70 72 65 76 65 6e 74 20 6c 6f 77 2d 6c 65 76 65 6c 20 62 72 69 64 67 69 6e	sed.to.prevent.low-level.bridgin
2a2a0	67 20 6f 66 20 66 72 61 6d 65 73 20 62 65 74 77 65 65 6e 20 61 73 73 6f 63 69 61 74 65 64 20 73	g.of.frames.between.associated.s
2a2c0	74 61 74 69 6f 6e 73 20 69 6e 20 74 68 65 20 42 53 53 2e 00 43 6c 69 65 6e 74 3a 00 43 6c 69 65	tations.in.the.BSS..Client:.Clie
2a2e0	6e 74 73 20 61 72 65 20 69 64 65 6e 74 69 66 69 65 64 20 62 79 20 74 68 65 20 43 4e 20 66 69 65	nts.are.identified.by.the.CN.fie
2a300	6c 64 20 6f 66 20 74 68 65 69 72 20 78 2e 35 30 39 20 63 65 72 74 69 66 69 63 61 74 65 73 2c 20	ld.of.their.x.509.certificates,.
2a320	69 6e 20 74 68 69 73 20 65 78 61 6d 70 6c 65 20 74 68 65 20 43 4e 20 69 73 20 60 60 63 6c 69 65	in.this.example.the.CN.is.``clie
2a340	6e 74 30 60 60 3a 00 43 6c 69 65 6e 74 73 20 72 65 63 65 69 76 69 6e 67 20 61 64 76 65 72 74 69	nt0``:.Clients.receiving.adverti
2a360	73 65 20 6d 65 73 73 61 67 65 73 20 66 72 6f 6d 20 6d 75 6c 74 69 70 6c 65 20 73 65 72 76 65 72	se.messages.from.multiple.server
2a380	73 20 63 68 6f 6f 73 65 20 74 68 65 20 73 65 72 76 65 72 20 77 69 74 68 20 74 68 65 20 68 69 67	s.choose.the.server.with.the.hig
2a3a0	68 65 73 74 20 70 72 65 66 65 72 65 6e 63 65 20 76 61 6c 75 65 2e 20 54 68 65 20 72 61 6e 67 65	hest.preference.value..The.range
2a3c0	20 66 6f 72 20 74 68 69 73 20 76 61 6c 75 65 20 69 73 20 60 60 30 2e 2e 2e 32 35 35 60 60 2e 00	.for.this.value.is.``0...255``..
2a3e0	43 6c 6f 63 6b 20 64 61 65 6d 6f 6e 00 43 6f 6d 6d 61 6e 64 20 63 6f 6d 70 6c 65 74 69 6f 6e 20	Clock.daemon.Command.completion.
2a400	63 61 6e 20 62 65 20 75 73 65 64 20 74 6f 20 6c 69 73 74 20 61 76 61 69 6c 61 62 6c 65 20 74 69	can.be.used.to.list.available.ti
2a420	6d 65 20 7a 6f 6e 65 73 2e 20 54 68 65 20 61 64 6a 75 73 74 6d 65 6e 74 20 66 6f 72 20 64 61 79	me.zones..The.adjustment.for.day
2a440	6c 69 67 68 74 20 74 69 6d 65 20 77 69 6c 6c 20 74 61 6b 65 20 70 6c 61 63 65 20 61 75 74 6f 6d	light.time.will.take.place.autom
2a460	61 74 69 63 61 6c 6c 79 20 62 61 73 65 64 20 6f 6e 20 74 68 65 20 74 69 6d 65 20 6f 66 20 79 65	atically.based.on.the.time.of.ye
2a480	61 72 2e 00 43 6f 6d 6d 61 6e 64 20 66 6f 72 20 64 69 73 61 62 6c 69 6e 67 20 61 20 72 75 6c 65	ar..Command.for.disabling.a.rule
2a4a0	20 62 75 74 20 6b 65 65 70 20 69 74 20 69 6e 20 74 68 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f	.but.keep.it.in.the.configuratio
2a4c0	6e 2e 00 43 6f 6d 6d 61 6e 64 20 73 68 6f 75 6c 64 20 70 72 6f 62 61 62 6c 79 20 62 65 20 65 78	n..Command.should.probably.be.ex
2a4e0	74 65 6e 64 65 64 20 74 6f 20 6c 69 73 74 20 61 6c 73 6f 20 74 68 65 20 72 65 61 6c 20 69 6e 74	tended.to.list.also.the.real.int
2a500	65 72 66 61 63 65 73 20 61 73 73 69 67 6e 65 64 20 74 6f 20 74 68 69 73 20 6f 6e 65 20 56 52 46	erfaces.assigned.to.this.one.VRF
2a520	20 74 6f 20 67 65 74 20 61 20 62 65 74 74 65 72 20 6f 76 65 72 76 69 65 77 2e 00 43 6f 6d 6d 61	.to.get.a.better.overview..Comma
2a540	6e 64 20 75 73 65 64 20 74 6f 20 75 70 64 61 74 65 20 47 65 6f 49 50 20 64 61 74 61 62 61 73 65	nd.used.to.update.GeoIP.database
2a560	20 61 6e 64 20 66 69 72 65 77 61 6c 6c 20 73 65 74 73 2e 00 43 6f 6d 6d 6f 6e 20 63 6f 6e 66 69	.and.firewall.sets..Common.confi
2a580	67 75 72 61 74 69 6f 6e 2c 20 76 61 6c 69 64 20 66 6f 72 20 62 6f 74 68 20 70 72 69 6d 61 72 79	guration,.valid.for.both.primary
2a5a0	20 61 6e 64 20 73 65 63 6f 6e 64 61 72 79 20 6e 6f 64 65 2e 00 43 6f 6d 6d 6f 6e 20 69 6e 74 65	.and.secondary.node..Common.inte
2a5c0	72 66 61 63 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 00 43 6f 6d 6d 6f 6e 20 70 61 72 61 6d	rface.configuration.Common.param
2a5e0	65 74 65 72 73 00 43 6f 6e 66 65 64 65 72 61 74 69 6f 6e 20 43 6f 6e 66 69 67 75 72 61 74 69 6f	eters.Confederation.Configuratio
2a600	6e 00 43 6f 6e 66 69 64 65 6e 74 69 61 6c 69 74 79 20 e2 80 93 20 45 6e 63 72 79 70 74 69 6f 6e	n.Confidentiality.....Encryption
2a620	20 6f 66 20 70 61 63 6b 65 74 73 20 74 6f 20 70 72 65 76 65 6e 74 20 73 6e 6f 6f 70 69 6e 67 20	.of.packets.to.prevent.snooping.
2a640	62 79 20 61 6e 20 75 6e 61 75 74 68 6f 72 69 7a 65 64 20 73 6f 75 72 63 65 2e 00 43 6f 6e 66 69	by.an.unauthorized.source..Confi
2a660	67 75 72 61 74 69 6f 6e 00 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 45 78 61 6d 70 6c 65 00 43	guration.Configuration.Example.C
2a680	6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 45 78 61 6d 70 6c 65 73 00 43 6f 6e 66 69 67 75 72 61 74	onfiguration.Examples.Configurat
2a6a0	69 6f 6e 20 47 75 69 64 65 00 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 4f 70 74 69 6f 6e 73 00	ion.Guide.Configuration.Options.
2a6c0	43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 63 6f 6d 6d 61 6e 64 73 20 66 6f 72 20 74 68 65 20 70	Configuration.commands.for.the.p
2a6e0	72 69 76 61 74 65 20 61 6e 64 20 70 75 62 6c 69 63 20 6b 65 79 20 77 69 6c 6c 20 62 65 20 64 69	rivate.and.public.key.will.be.di
2a700	73 70 6c 61 79 65 64 20 6f 6e 20 74 68 65 20 73 63 72 65 65 6e 20 77 68 69 63 68 20 6e 65 65 64	splayed.on.the.screen.which.need
2a720	73 20 74 6f 20 62 65 20 73 65 74 20 6f 6e 20 74 68 65 20 72 6f 75 74 65 72 20 66 69 72 73 74 2e	s.to.be.set.on.the.router.first.
2a740	20 4e 6f 74 65 20 74 68 65 20 63 6f 6d 6d 61 6e 64 20 77 69 74 68 20 74 68 65 20 70 75 62 6c 69	.Note.the.command.with.the.publi
2a760	63 20 6b 65 79 20 28 73 65 74 20 70 6b 69 20 6b 65 79 2d 70 61 69 72 20 69 70 73 65 63 2d 4c 45	c.key.(set.pki.key-pair.ipsec-LE
2a780	46 54 20 70 75 62 6c 69 63 20 6b 65 79 20 27 4d 49 49 42 49 6a 41 4e 42 67 6b 71 68 2e 2e 2e 27	FT.public.key.'MIIBIjANBgkqh...'
2a7a0	29 2e 20 54 68 65 6e 20 64 6f 20 74 68 65 20 73 61 6d 65 20 6f 6e 20 74 68 65 20 6f 70 70 6f 73	)..Then.do.the.same.on.the.oppos
2a7c0	69 74 65 20 72 6f 75 74 65 72 3a 00 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 63 6f 6d 6d 61 6e	ite.router:.Configuration.comman
2a7e0	64 73 20 77 69 6c 6c 20 64 69 73 70 6c 61 79 2e 20 4e 6f 74 65 20 74 68 65 20 63 6f 6d 6d 61 6e	ds.will.display..Note.the.comman
2a800	64 20 77 69 74 68 20 74 68 65 20 70 75 62 6c 69 63 20 6b 65 79 20 28 73 65 74 20 70 6b 69 20 6b	d.with.the.public.key.(set.pki.k
2a820	65 79 2d 70 61 69 72 20 69 70 73 65 63 2d 4c 45 46 54 20 70 75 62 6c 69 63 20 6b 65 79 20 27 4d	ey-pair.ipsec-LEFT.public.key.'M
2a840	49 49 42 49 6a 41 4e 42 67 6b 71 68 2e 2e 2e 27 29 2e 20 54 68 65 6e 20 64 6f 20 74 68 65 20 73	IIBIjANBgkqh...')..Then.do.the.s
2a860	61 6d 65 20 6f 6e 20 74 68 65 20 6f 70 70 6f 73 69 74 65 20 72 6f 75 74 65 72 3a 00 43 6f 6e 66	ame.on.the.opposite.router:.Conf
2a880	69 67 75 72 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 73 65 20 65 78 70 6f 72 74 65 64 20 72 6f 75	iguration.for.these.exported.rou
2a8a0	74 65 73 20 6d 75 73 74 2c 20 61 74 20 61 20 6d 69 6e 69 6d 75 6d 2c 20 73 70 65 63 69 66 79 20	tes.must,.at.a.minimum,.specify.
2a8c0	74 68 65 73 65 20 74 77 6f 20 70 61 72 61 6d 65 74 65 72 73 2e 00 43 6f 6e 66 69 67 75 72 61 74	these.two.parameters..Configurat
2a8e0	69 6f 6e 20 6f 66 20 3a 72 65 66 3a 60 72 6f 75 74 69 6e 67 2d 73 74 61 74 69 63 60 00 43 6f 6e	ion.of.:ref:`routing-static`.Con
2a900	66 69 67 75 72 61 74 69 6f 6e 20 6f 66 20 61 20 44 48 43 50 20 66 61 69 6c 6f 76 65 72 20 70 61	figuration.of.a.DHCP.failover.pa
2a920	69 72 00 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 66 20 72 6f 75 74 65 20 6c 65 61 6b 69 6e	ir.Configuration.of.route.leakin
2a940	67 20 62 65 74 77 65 65 6e 20 61 20 75 6e 69 63 61 73 74 20 56 52 46 20 52 49 42 20 61 6e 64 20	g.between.a.unicast.VRF.RIB.and.
2a960	74 68 65 20 56 50 4e 20 53 41 46 49 20 52 49 42 20 6f 66 20 74 68 65 20 64 65 66 61 75 6c 74 20	the.VPN.SAFI.RIB.of.the.default.
2a980	56 52 46 20 69 73 20 61 63 63 6f 6d 70 6c 69 73 68 65 64 20 76 69 61 20 63 6f 6d 6d 61 6e 64 73	VRF.is.accomplished.via.commands
2a9a0	20 69 6e 20 74 68 65 20 63 6f 6e 74 65 78 74 20 6f 66 20 61 20 56 52 46 20 61 64 64 72 65 73 73	.in.the.context.of.a.VRF.address
2a9c0	2d 66 61 6d 69 6c 79 2e 00 43 6f 6e 66 69 67 75 72 65 00 43 6f 6e 66 69 67 75 72 65 20 3a 61 62	-family..Configure.Configure.:ab
2a9e0	62 72 3a 60 4d 54 55 20 28 4d 61 78 69 6d 75 6d 20 54 72 61 6e 73 6d 69 73 73 69 6f 6e 20 55 6e	br:`MTU.(Maximum.Transmission.Un
2aa00	69 74 29 60 20 6f 6e 20 67 69 76 65 6e 20 60 3c 69 6e 74 65 72 66 61 63 65 3e 60 2e 20 49 74 20	it)`.on.given.`<interface>`..It.
2aa20	69 73 20 74 68 65 20 73 69 7a 65 20 28 69 6e 20 62 79 74 65 73 29 20 6f 66 20 74 68 65 20 6c 61	is.the.size.(in.bytes).of.the.la
2aa40	72 67 65 73 74 20 65 74 68 65 72 6e 65 74 20 66 72 61 6d 65 20 73 65 6e 74 20 6f 6e 20 74 68 69	rgest.ethernet.frame.sent.on.thi
2aa60	73 20 6c 69 6e 6b 2e 00 43 6f 6e 66 69 67 75 72 65 20 42 46 44 00 43 6f 6e 66 69 67 75 72 65 20	s.link..Configure.BFD.Configure.
2aa80	44 4e 53 20 60 3c 72 65 63 6f 72 64 3e 60 20 77 68 69 63 68 20 73 68 6f 75 6c 64 20 62 65 20 75	DNS.`<record>`.which.should.be.u
2aaa0	70 64 61 74 65 64 2e 20 54 68 69 73 20 63 61 6e 20 62 65 20 73 65 74 20 6d 75 6c 74 69 70 6c 65	pdated..This.can.be.set.multiple
2aac0	20 74 69 6d 65 73 2e 00 43 6f 6e 66 69 67 75 72 65 20 44 4e 53 20 60 3c 7a 6f 6e 65 3e 60 20 74	.times..Configure.DNS.`<zone>`.t
2aae0	6f 20 62 65 20 75 70 64 61 74 65 64 2e 00 43 6f 6e 66 69 67 75 72 65 20 47 45 4e 45 56 45 20 74	o.be.updated..Configure.GENEVE.t
2ab00	75 6e 6e 65 6c 20 66 61 72 20 65 6e 64 2f 72 65 6d 6f 74 65 20 74 75 6e 6e 65 6c 20 65 6e 64 70	unnel.far.end/remote.tunnel.endp
2ab20	6f 69 6e 74 2e 00 43 6f 6e 66 69 67 75 72 65 20 47 72 61 63 65 66 75 6c 20 52 65 73 74 61 72 74	oint..Configure.Graceful.Restart
2ab40	20 3a 72 66 63 3a 60 33 36 32 33 60 20 68 65 6c 70 65 72 20 73 75 70 70 6f 72 74 2e 20 42 79 20	.:rfc:`3623`.helper.support..By.
2ab60	64 65 66 61 75 6c 74 2c 20 68 65 6c 70 65 72 20 73 75 70 70 6f 72 74 20 69 73 20 64 69 73 61 62	default,.helper.support.is.disab
2ab80	6c 65 64 20 66 6f 72 20 61 6c 6c 20 6e 65 69 67 68 62 6f 75 72 73 2e 20 54 68 69 73 20 63 6f 6e	led.for.all.neighbours..This.con
2aba0	66 69 67 20 65 6e 61 62 6c 65 73 2f 64 69 73 61 62 6c 65 73 20 68 65 6c 70 65 72 20 73 75 70 70	fig.enables/disables.helper.supp
2abc0	6f 72 74 20 6f 6e 20 74 68 69 73 20 72 6f 75 74 65 72 20 66 6f 72 20 61 6c 6c 20 6e 65 69 67 68	ort.on.this.router.for.all.neigh
2abe0	62 6f 75 72 73 2e 00 43 6f 6e 66 69 67 75 72 65 20 47 72 61 63 65 66 75 6c 20 52 65 73 74 61 72	bours..Configure.Graceful.Restar
2ac00	74 20 3a 72 66 63 3a 60 33 36 32 33 60 20 72 65 73 74 61 72 74 69 6e 67 20 73 75 70 70 6f 72 74	t.:rfc:`3623`.restarting.support
2ac20	2e 20 57 68 65 6e 20 65 6e 61 62 6c 65 64 2c 20 74 68 65 20 64 65 66 61 75 6c 74 20 67 72 61 63	..When.enabled,.the.default.grac
2ac40	65 20 70 65 72 69 6f 64 20 69 73 20 31 32 30 20 73 65 63 6f 6e 64 73 2e 00 43 6f 6e 66 69 67 75	e.period.is.120.seconds..Configu
2ac60	72 65 20 49 50 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 44 48 43 50 20 60 3c 73 65 72 76	re.IP.address.of.the.DHCP.`<serv
2ac80	65 72 3e 60 20 77 68 69 63 68 20 77 69 6c 6c 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 6c 61 79	er>`.which.will.handle.the.relay
2aca0	65 64 20 70 61 63 6b 65 74 73 2e 00 43 6f 6e 66 69 67 75 72 65 20 52 41 44 49 55 53 20 60 3c 73	ed.packets..Configure.RADIUS.`<s
2acc0	65 72 76 65 72 3e 60 20 61 6e 64 20 69 74 73 20 72 65 71 75 69 72 65 64 20 70 6f 72 74 20 66 6f	erver>`.and.its.required.port.fo
2ace0	72 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 72 65 71 75 65 73 74 73 2e 00 43 6f 6e 66 69	r.authentication.requests..Confi
2ad00	67 75 72 65 20 52 41 44 49 55 53 20 60 3c 73 65 72 76 65 72 3e 60 20 61 6e 64 20 69 74 73 20 72	gure.RADIUS.`<server>`.and.its.r
2ad20	65 71 75 69 72 65 64 20 73 68 61 72 65 64 20 60 3c 73 65 63 72 65 74 3e 60 20 66 6f 72 20 63 6f	equired.shared.`<secret>`.for.co
2ad40	6d 6d 75 6e 69 63 61 74 69 6e 67 20 77 69 74 68 20 74 68 65 20 52 41 44 49 55 53 20 73 65 72 76	mmunicating.with.the.RADIUS.serv
2ad60	65 72 2e 00 43 6f 6e 66 69 67 75 72 65 20 53 4e 41 54 20 72 75 6c 65 20 28 34 30 29 20 74 6f 20	er..Configure.SNAT.rule.(40).to.
2ad80	6f 6e 6c 79 20 4e 41 54 20 70 61 63 6b 65 74 73 20 77 69 74 68 20 61 20 64 65 73 74 69 6e 61 74	only.NAT.packets.with.a.destinat
2ada0	69 6f 6e 20 61 64 64 72 65 73 73 20 6f 66 20 31 39 32 2e 30 2e 32 2e 31 2e 00 43 6f 6e 66 69 67	ion.address.of.192.0.2.1..Config
2adc0	75 72 65 20 60 3c 6d 65 73 73 61 67 65 3e 60 20 77 68 69 63 68 20 69 73 20 73 68 6f 77 6e 20 61	ure.`<message>`.which.is.shown.a
2ade0	66 74 65 72 20 75 73 65 72 20 68 61 73 20 6c 6f 67 67 65 64 20 69 6e 20 74 6f 20 74 68 65 20 73	fter.user.has.logged.in.to.the.s
2ae00	79 73 74 65 6d 2e 00 43 6f 6e 66 69 67 75 72 65 20 60 3c 6d 65 73 73 61 67 65 3e 60 20 77 68 69	ystem..Configure.`<message>`.whi
2ae20	63 68 20 69 73 20 73 68 6f 77 6e 20 64 75 72 69 6e 67 20 53 53 48 20 63 6f 6e 6e 65 63 74 20 61	ch.is.shown.during.SSH.connect.a
2ae40	6e 64 20 62 65 66 6f 72 65 20 61 20 75 73 65 72 20 69 73 20 6c 6f 67 67 65 64 20 69 6e 2e 00 43	nd.before.a.user.is.logged.in..C
2ae60	6f 6e 66 69 67 75 72 65 20 60 3c 70 61 73 73 77 6f 72 64 3e 60 20 75 73 65 64 20 77 68 65 6e 20	onfigure.`<password>`.used.when.
2ae80	61 75 74 68 65 6e 74 69 63 61 74 69 6e 67 20 74 68 65 20 75 70 64 61 74 65 20 72 65 71 75 65 73	authenticating.the.update.reques
2aea0	74 20 66 6f 72 20 44 79 6e 44 4e 53 20 73 65 72 76 69 63 65 20 69 64 65 6e 74 69 66 69 65 64 20	t.for.DynDNS.service.identified.
2aec0	62 79 20 60 3c 73 65 72 76 69 63 65 3e 60 2e 00 43 6f 6e 66 69 67 75 72 65 20 60 3c 75 73 65 72	by.`<service>`..Configure.`<user
2aee0	6e 61 6d 65 3e 60 20 75 73 65 64 20 77 68 65 6e 20 61 75 74 68 65 6e 74 69 63 61 74 69 6e 67 20	name>`.used.when.authenticating.
2af00	74 68 65 20 75 70 64 61 74 65 20 72 65 71 75 65 73 74 20 66 6f 72 20 44 79 6e 44 4e 53 20 73 65	the.update.request.for.DynDNS.se
2af20	72 76 69 63 65 20 69 64 65 6e 74 69 66 69 65 64 20 62 79 20 60 3c 73 65 72 76 69 63 65 3e 60 2e	rvice.identified.by.`<service>`.
2af40	20 46 6f 72 20 4e 61 6d 65 63 68 65 61 70 2c 20 73 65 74 20 74 68 65 20 3c 64 6f 6d 61 69 6e 3e	.For.Namecheap,.set.the.<domain>
2af60	20 79 6f 75 20 77 69 73 68 20 74 6f 20 75 70 64 61 74 65 2e 00 43 6f 6e 66 69 67 75 72 65 20 61	.you.wish.to.update..Configure.a
2af80	20 73 46 6c 6f 77 20 61 67 65 6e 74 20 61 64 64 72 65 73 73 2e 20 49 74 20 63 61 6e 20 62 65 20	.sFlow.agent.address..It.can.be.
2afa0	49 50 76 34 20 6f 72 20 49 50 76 36 20 61 64 64 72 65 73 73 2c 20 62 75 74 20 79 6f 75 20 6d 75	IPv4.or.IPv6.address,.but.you.mu
2afc0	73 74 20 73 65 74 20 74 68 65 20 73 61 6d 65 20 70 72 6f 74 6f 63 6f 6c 2c 20 77 68 69 63 68 20	st.set.the.same.protocol,.which.
2afe0	69 73 20 75 73 65 64 20 66 6f 72 20 73 46 6c 6f 77 20 63 6f 6c 6c 65 63 74 6f 72 20 61 64 64 72	is.used.for.sFlow.collector.addr
2b000	65 73 73 65 73 2e 20 42 79 20 64 65 66 61 75 6c 74 2c 20 75 73 69 6e 67 20 72 6f 75 74 65 72 2d	esses..By.default,.using.router-
2b020	69 64 20 66 72 6f 6d 20 42 47 50 20 6f 72 20 4f 53 50 46 20 70 72 6f 74 6f 63 6f 6c 2c 20 6f 72	id.from.BGP.or.OSPF.protocol,.or
2b040	20 74 68 65 20 70 72 69 6d 61 72 79 20 49 50 20 61 64 64 72 65 73 73 20 66 72 6f 6d 20 74 68 65	.the.primary.IP.address.from.the
2b060	20 66 69 72 73 74 20 69 6e 74 65 72 66 61 63 65 2e 00 43 6f 6e 66 69 67 75 72 65 20 61 20 73 74	.first.interface..Configure.a.st
2b080	61 74 69 63 20 72 6f 75 74 65 20 66 6f 72 20 3c 73 75 62 6e 65 74 3e 20 75 73 69 6e 67 20 67 61	atic.route.for.<subnet>.using.ga
2b0a0	74 65 77 61 79 20 3c 61 64 64 72 65 73 73 3e 20 2c 20 75 73 65 20 73 6f 75 72 63 65 20 61 64 64	teway.<address>.,.use.source.add
2b0c0	72 65 73 73 20 74 6f 20 69 6e 64 65 6e 74 69 66 79 20 74 68 65 20 70 65 65 72 20 77 68 65 6e 20	ress.to.indentify.the.peer.when.
2b0e0	69 73 20 6d 75 6c 74 69 2d 68 6f 70 20 73 65 73 73 69 6f 6e 20 61 6e 64 20 74 68 65 20 67 61 74	is.multi-hop.session.and.the.gat
2b100	65 77 61 79 20 61 64 64 72 65 73 73 20 61 73 20 42 46 44 20 70 65 65 72 20 64 65 73 74 69 6e 61	eway.address.as.BFD.peer.destina
2b120	74 69 6f 6e 20 61 64 64 72 65 73 73 2e 00 43 6f 6e 66 69 67 75 72 65 20 61 20 73 74 61 74 69 63	tion.address..Configure.a.static
2b140	20 72 6f 75 74 65 20 66 6f 72 20 3c 73 75 62 6e 65 74 3e 20 75 73 69 6e 67 20 67 61 74 65 77 61	.route.for.<subnet>.using.gatewa
2b160	79 20 3c 61 64 64 72 65 73 73 3e 20 61 6e 64 20 75 73 65 20 74 68 65 20 67 61 74 65 77 61 79 20	y.<address>.and.use.the.gateway.
2b180	61 64 64 72 65 73 73 20 61 73 20 42 46 44 20 70 65 65 72 20 64 65 73 74 69 6e 61 74 69 6f 6e 20	address.as.BFD.peer.destination.
2b1a0	61 64 64 72 65 73 73 2e 00 43 6f 6e 66 69 67 75 72 65 20 61 64 64 72 65 73 73 20 6f 66 20 4e 65	address..Configure.address.of.Ne
2b1c0	74 46 6c 6f 77 20 63 6f 6c 6c 65 63 74 6f 72 2e 20 4e 65 74 46 6c 6f 77 20 73 65 72 76 65 72 20	tFlow.collector..NetFlow.server.
2b1e0	61 74 20 60 3c 61 64 64 72 65 73 73 3e 60 20 63 61 6e 20 62 65 20 62 6f 74 68 20 6c 69 73 74 65	at.`<address>`.can.be.both.liste
2b200	6e 69 6e 67 20 6f 6e 20 61 6e 20 49 50 76 34 20 6f 72 20 49 50 76 36 20 61 64 64 72 65 73 73 2e	ning.on.an.IPv4.or.IPv6.address.
2b220	00 43 6f 6e 66 69 67 75 72 65 20 61 64 64 72 65 73 73 20 6f 66 20 73 46 6c 6f 77 20 63 6f 6c 6c	.Configure.address.of.sFlow.coll
2b240	65 63 74 6f 72 2e 20 73 46 6c 6f 77 20 73 65 72 76 65 72 20 61 74 20 3c 61 64 64 72 65 73 73 3e	ector..sFlow.server.at.<address>
2b260	20 63 61 6e 20 62 65 20 62 6f 74 68 20 6c 69 73 74 65 6e 69 6e 67 20 6f 6e 20 61 6e 20 49 50 76	.can.be.both.listening.on.an.IPv
2b280	34 20 6f 72 20 49 50 76 36 20 61 64 64 72 65 73 73 2e 00 43 6f 6e 66 69 67 75 72 65 20 61 64 64	4.or.IPv6.address..Configure.add
2b2a0	72 65 73 73 20 6f 66 20 73 46 6c 6f 77 20 63 6f 6c 6c 65 63 74 6f 72 2e 20 73 46 6c 6f 77 20 73	ress.of.sFlow.collector..sFlow.s
2b2c0	65 72 76 65 72 20 61 74 20 60 3c 61 64 64 72 65 73 73 3e 60 20 63 61 6e 20 62 65 20 61 6e 20 49	erver.at.`<address>`.can.be.an.I
2b2e0	50 76 34 20 6f 72 20 49 50 76 36 20 61 64 64 72 65 73 73 2e 20 42 75 74 20 79 6f 75 20 63 61 6e	Pv4.or.IPv6.address..But.you.can
2b300	6e 6f 74 20 65 78 70 6f 72 74 20 74 6f 20 62 6f 74 68 20 49 50 76 34 20 61 6e 64 20 49 50 76 36	not.export.to.both.IPv4.and.IPv6
2b320	20 63 6f 6c 6c 65 63 74 6f 72 73 20 61 74 20 74 68 65 20 73 61 6d 65 20 74 69 6d 65 21 00 43 6f	.collectors.at.the.same.time!.Co
2b340	6e 66 69 67 75 72 65 20 61 67 65 6e 74 20 49 50 20 61 64 64 72 65 73 73 20 61 73 73 6f 63 69 61	nfigure.agent.IP.address.associa
2b360	74 65 64 20 77 69 74 68 20 74 68 69 73 20 69 6e 74 65 72 66 61 63 65 2e 00 43 6f 6e 66 69 67 75	ted.with.this.interface..Configu
2b380	72 65 20 61 67 67 72 65 67 61 74 69 6f 6e 20 64 65 6c 61 79 20 74 69 6d 65 72 20 69 6e 74 65 72	re.aggregation.delay.timer.inter
2b3a0	76 61 6c 2e 00 43 6f 6e 66 69 67 75 72 65 20 61 6e 20 61 63 63 6f 75 6e 74 69 6e 67 20 73 65 72	val..Configure.an.accounting.ser
2b3c0	76 65 72 20 61 6e 64 20 65 6e 61 62 6c 65 20 61 63 63 6f 75 6e 74 69 6e 67 20 77 69 74 68 3a 00	ver.and.enable.accounting.with:.
2b3e0	43 6f 6e 66 69 67 75 72 65 20 61 6e 64 20 65 6e 61 62 6c 65 20 63 6f 6c 6c 65 63 74 69 6f 6e 20	Configure.and.enable.collection.
2b400	6f 66 20 66 6c 6f 77 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 69 6e 74 65	of.flow.information.for.the.inte
2b420	72 66 61 63 65 20 69 64 65 6e 74 69 66 69 65 64 20 62 79 20 3c 69 6e 74 65 72 66 61 63 65 3e 2e	rface.identified.by.<interface>.
2b440	00 43 6f 6e 66 69 67 75 72 65 20 61 6e 64 20 65 6e 61 62 6c 65 20 63 6f 6c 6c 65 63 74 69 6f 6e	.Configure.and.enable.collection
2b460	20 6f 66 20 66 6c 6f 77 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 69 6e 74	.of.flow.information.for.the.int
2b480	65 72 66 61 63 65 20 69 64 65 6e 74 69 66 69 65 64 20 62 79 20 60 3c 69 6e 74 65 72 66 61 63 65	erface.identified.by.`<interface
2b4a0	3e 60 2e 00 43 6f 6e 66 69 67 75 72 65 20 62 61 63 6b 65 6e 64 20 60 3c 6e 61 6d 65 3e 60 20 6d	>`..Configure.backend.`<name>`.m
2b4c0	6f 64 65 20 54 43 50 20 6f 72 20 48 54 54 50 00 43 6f 6e 66 69 67 75 72 65 20 65 69 74 68 65 72	ode.TCP.or.HTTP.Configure.either
2b4e0	20 6f 6e 65 20 6f 72 20 74 77 6f 20 73 74 6f 70 20 62 69 74 73 2e 20 54 68 69 73 20 64 65 66 61	.one.or.two.stop.bits..This.defa
2b500	75 6c 74 73 20 74 6f 20 6f 6e 65 20 73 74 6f 70 20 62 69 74 73 20 69 66 20 6c 65 66 74 20 75 6e	ults.to.one.stop.bits.if.left.un
2b520	63 6f 6e 66 69 67 75 72 65 64 2e 00 43 6f 6e 66 69 67 75 72 65 20 65 69 74 68 65 72 20 73 65 76	configured..Configure.either.sev
2b540	65 6e 20 6f 72 20 65 69 67 68 74 20 64 61 74 61 20 62 69 74 73 2e 20 54 68 69 73 20 64 65 66 61	en.or.eight.data.bits..This.defa
2b560	75 6c 74 73 20 74 6f 20 65 69 67 68 74 20 64 61 74 61 20 62 69 74 73 20 69 66 20 6c 65 66 74 20	ults.to.eight.data.bits.if.left.
2b580	75 6e 63 6f 6e 66 69 67 75 72 65 64 2e 00 43 6f 6e 66 69 67 75 72 65 20 69 6e 64 69 76 69 64 75	unconfigured..Configure.individu
2b5a0	61 6c 20 62 72 69 64 67 65 20 70 6f 72 74 20 60 3c 70 72 69 6f 72 69 74 79 3e 60 2e 00 43 6f 6e	al.bridge.port.`<priority>`..Con
2b5c0	66 69 67 75 72 65 20 69 6e 74 65 72 66 61 63 65 20 60 3c 69 6e 74 65 72 66 61 63 65 3e 60 20 77	figure.interface.`<interface>`.w
2b5e0	69 74 68 20 6f 6e 65 20 6f 72 20 6d 6f 72 65 20 69 6e 74 65 72 66 61 63 65 20 61 64 64 72 65 73	ith.one.or.more.interface.addres
2b600	73 65 73 2e 00 43 6f 6e 66 69 67 75 72 65 20 69 6e 74 65 72 66 61 63 65 2d 73 70 65 63 69 66 69	ses..Configure.interface-specifi
2b620	63 20 48 6f 73 74 2f 52 6f 75 74 65 72 20 62 65 68 61 76 69 6f 75 72 2e 20 49 66 20 73 65 74 2c	c.Host/Router.behaviour..If.set,
2b640	20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 77 69 6c 6c 20 73 77 69 74 63 68 20 74 6f 20 68 6f	.the.interface.will.switch.to.ho
2b660	73 74 20 6d 6f 64 65 20 61 6e 64 20 49 50 76 36 20 66 6f 72 77 61 72 64 69 6e 67 20 77 69 6c 6c	st.mode.and.IPv6.forwarding.will
2b680	20 62 65 20 64 69 73 61 62 6c 65 64 20 6f 6e 20 74 68 69 73 20 69 6e 74 65 72 66 61 63 65 2e 00	.be.disabled.on.this.interface..
2b6a0	43 6f 6e 66 69 67 75 72 65 20 6e 65 77 20 53 4e 4d 50 20 75 73 65 72 20 6e 61 6d 65 64 20 22 76	Configure.new.SNMP.user.named."v
2b6c0	79 6f 73 22 20 77 69 74 68 20 70 61 73 73 77 6f 72 64 20 22 76 79 6f 73 31 32 33 34 35 36 37 38	yos".with.password."vyos12345678
2b6e0	22 00 43 6f 6e 66 69 67 75 72 65 20 6e 65 78 74 2d 68 6f 70 20 60 3c 61 64 64 72 65 73 73 3e 60	".Configure.next-hop.`<address>`
2b700	20 61 6e 64 20 60 3c 74 61 72 67 65 74 2d 61 64 64 72 65 73 73 3e 60 20 66 6f 72 20 61 6e 20 49	.and.`<target-address>`.for.an.I
2b720	50 76 34 20 73 74 61 74 69 63 20 72 6f 75 74 65 2e 20 53 70 65 63 69 66 79 20 74 68 65 20 74 61	Pv4.static.route..Specify.the.ta
2b740	72 67 65 74 20 49 50 76 34 20 61 64 64 72 65 73 73 20 66 6f 72 20 68 65 61 6c 74 68 20 63 68 65	rget.IPv4.address.for.health.che
2b760	63 6b 69 6e 67 2e 00 43 6f 6e 66 69 67 75 72 65 20 6e 65 78 74 2d 68 6f 70 20 60 3c 61 64 64 72	cking..Configure.next-hop.`<addr
2b780	65 73 73 3e 60 20 66 6f 72 20 61 6e 20 49 50 76 34 20 73 74 61 74 69 63 20 72 6f 75 74 65 2e 20	ess>`.for.an.IPv4.static.route..
2b7a0	4d 75 6c 74 69 70 6c 65 20 73 74 61 74 69 63 20 72 6f 75 74 65 73 20 63 61 6e 20 62 65 20 63 72	Multiple.static.routes.can.be.cr
2b7c0	65 61 74 65 64 2e 00 43 6f 6e 66 69 67 75 72 65 20 6e 65 78 74 2d 68 6f 70 20 60 3c 61 64 64 72	eated..Configure.next-hop.`<addr
2b7e0	65 73 73 3e 60 20 66 6f 72 20 61 6e 20 49 50 76 36 20 73 74 61 74 69 63 20 72 6f 75 74 65 2e 20	ess>`.for.an.IPv6.static.route..
2b800	4d 75 6c 74 69 70 6c 65 20 73 74 61 74 69 63 20 72 6f 75 74 65 73 20 63 61 6e 20 62 65 20 63 72	Multiple.static.routes.can.be.cr
2b820	65 61 74 65 64 2e 00 43 6f 6e 66 69 67 75 72 65 20 6f 6e 65 20 6f 66 20 74 68 65 20 70 72 65 64	eated..Configure.one.of.the.pred
2b840	65 66 69 6e 65 64 20 73 79 73 74 65 6d 20 70 65 72 66 6f 72 6d 61 6e 63 65 20 70 72 6f 66 69 6c	efined.system.performance.profil
2b860	65 73 2e 00 43 6f 6e 66 69 67 75 72 65 20 6f 6e 65 20 6f 72 20 6d 6f 72 65 20 61 74 74 72 69 62	es..Configure.one.or.more.attrib
2b880	75 74 65 73 20 74 6f 20 74 68 65 20 67 69 76 65 6e 20 4e 54 50 20 73 65 72 76 65 72 2e 00 43 6f	utes.to.the.given.NTP.server..Co
2b8a0	6e 66 69 67 75 72 65 20 6f 6e 65 20 6f 72 20 6d 6f 72 65 20 73 65 72 76 65 72 73 20 66 6f 72 20	nfigure.one.or.more.servers.for.
2b8c0	73 79 6e 63 68 72 6f 6e 69 73 61 74 69 6f 6e 2e 20 53 65 72 76 65 72 20 6e 61 6d 65 20 63 61 6e	synchronisation..Server.name.can
2b8e0	20 62 65 20 65 69 74 68 65 72 20 61 6e 20 49 50 20 61 64 64 72 65 73 73 20 6f 72 20 3a 61 62 62	.be.either.an.IP.address.or.:abb
2b900	72 3a 60 46 51 44 4e 20 28 46 75 6c 6c 79 20 51 75 61 6c 69 66 69 65 64 20 44 6f 6d 61 69 6e 20	r:`FQDN.(Fully.Qualified.Domain.
2b920	4e 61 6d 65 29 60 2e 00 43 6f 6e 66 69 67 75 72 65 20 6f 70 74 69 6f 6e 61 6c 20 54 54 4c 20 76	Name)`..Configure.optional.TTL.v
2b940	61 6c 75 65 20 6f 6e 20 74 68 65 20 67 69 76 65 6e 20 72 65 73 6f 75 72 63 65 20 72 65 63 6f 72	alue.on.the.given.resource.recor
2b960	64 2e 20 54 68 69 73 20 64 65 66 61 75 6c 74 73 20 74 6f 20 36 30 30 20 73 65 63 6f 6e 64 73 2e	d..This.defaults.to.600.seconds.
2b980	00 43 6f 6e 66 69 67 75 72 65 20 70 68 79 73 69 63 61 6c 20 69 6e 74 65 72 66 61 63 65 20 64 75	.Configure.physical.interface.du
2b9a0	70 6c 65 78 20 73 65 74 74 69 6e 67 2e 00 43 6f 6e 66 69 67 75 72 65 20 70 68 79 73 69 63 61 6c	plex.setting..Configure.physical
2b9c0	20 69 6e 74 65 72 66 61 63 65 20 73 70 65 65 64 20 73 65 74 74 69 6e 67 2e 00 43 6f 6e 66 69 67	.interface.speed.setting..Config
2b9e0	75 72 65 20 70 6f 72 74 20 6d 69 72 72 6f 72 69 6e 67 20 66 6f 72 20 60 69 6e 74 65 72 66 61 63	ure.port.mirroring.for.`interfac
2ba00	65 60 20 69 6e 62 6f 75 6e 64 20 74 72 61 66 66 69 63 20 61 6e 64 20 63 6f 70 79 20 74 68 65 20	e`.inbound.traffic.and.copy.the.
2ba20	74 72 61 66 66 69 63 20 74 6f 20 60 6d 6f 6e 69 74 6f 72 2d 69 6e 74 65 72 66 61 63 65 60 00 43	traffic.to.`monitor-interface`.C
2ba40	6f 6e 66 69 67 75 72 65 20 70 6f 72 74 20 6d 69 72 72 6f 72 69 6e 67 20 66 6f 72 20 60 69 6e 74	onfigure.port.mirroring.for.`int
2ba60	65 72 66 61 63 65 60 20 6f 75 74 62 6f 75 6e 64 20 74 72 61 66 66 69 63 20 61 6e 64 20 63 6f 70	erface`.outbound.traffic.and.cop
2ba80	79 20 74 68 65 20 74 72 61 66 66 69 63 20 74 6f 20 60 6d 6f 6e 69 74 6f 72 2d 69 6e 74 65 72 66	y.the.traffic.to.`monitor-interf
2baa0	61 63 65 60 00 43 6f 6e 66 69 67 75 72 65 20 70 6f 72 74 20 6e 75 6d 62 65 72 20 6f 66 20 72 65	ace`.Configure.port.number.of.re
2bac0	6d 6f 74 65 20 56 58 4c 41 4e 20 65 6e 64 70 6f 69 6e 74 2e 00 43 6f 6e 66 69 67 75 72 65 20 70	mote.VXLAN.endpoint..Configure.p
2bae0	72 6f 74 6f 63 6f 6c 20 75 73 65 64 20 66 6f 72 20 63 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 20 74	rotocol.used.for.communication.t
2bb00	6f 20 72 65 6d 6f 74 65 20 73 79 73 6c 6f 67 20 68 6f 73 74 2e 20 54 68 69 73 20 63 61 6e 20 62	o.remote.syslog.host..This.can.b
2bb20	65 20 65 69 74 68 65 72 20 55 44 50 20 6f 72 20 54 43 50 2e 00 43 6f 6e 66 69 67 75 72 65 20 70	e.either.UDP.or.TCP..Configure.p
2bb40	72 6f 78 79 20 70 6f 72 74 20 69 66 20 69 74 20 64 6f 65 73 20 6e 6f 74 20 6c 69 73 74 65 6e 20	roxy.port.if.it.does.not.listen.
2bb60	74 6f 20 74 68 65 20 64 65 66 61 75 6c 74 20 70 6f 72 74 20 38 30 2e 00 43 6f 6e 66 69 67 75 72	to.the.default.port.80..Configur
2bb80	65 20 73 46 6c 6f 77 20 61 67 65 6e 74 20 49 50 76 34 20 6f 72 20 49 50 76 36 20 61 64 64 72 65	e.sFlow.agent.IPv4.or.IPv6.addre
2bba0	73 73 00 43 6f 6e 66 69 67 75 72 65 20 73 63 68 65 64 75 6c 65 20 63 6f 75 6e 74 65 72 2d 70 6f	ss.Configure.schedule.counter-po
2bbc0	6c 6c 69 6e 67 20 69 6e 20 73 65 63 6f 6e 64 73 20 28 64 65 66 61 75 6c 74 3a 20 33 30 29 00 43	lling.in.seconds.(default:.30).C
2bbe0	6f 6e 66 69 67 75 72 65 20 73 65 72 76 69 63 65 20 60 3c 6e 61 6d 65 3e 60 20 6d 6f 64 65 20 54	onfigure.service.`<name>`.mode.T
2bc00	43 50 20 6f 72 20 48 54 54 50 00 43 6f 6e 66 69 67 75 72 65 20 73 65 72 76 69 63 65 20 60 3c 6e	CP.or.HTTP.Configure.service.`<n
2bc20	61 6d 65 3e 60 20 74 6f 20 75 73 65 20 74 68 65 20 62 61 63 6b 65 6e 64 20 3c 6e 61 6d 65 3e 00	ame>`.to.use.the.backend.<name>.
2bc40	43 6f 6e 66 69 67 75 72 65 20 73 65 73 73 69 6f 6e 20 74 69 6d 65 6f 75 74 20 61 66 74 65 72 20	Configure.session.timeout.after.
2bc60	77 68 69 63 68 20 74 68 65 20 75 73 65 72 20 77 69 6c 6c 20 62 65 20 6c 6f 67 67 65 64 20 6f 75	which.the.user.will.be.logged.ou
2bc80	74 2e 00 43 6f 6e 66 69 67 75 72 65 20 73 79 73 74 65 6d 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 2e	t..Configure.system.domain.name.
2bca0	20 41 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 20 6d 75 73 74 20 73 74 61 72 74 20 61 6e 64 20 65 6e	.A.domain.name.must.start.and.en
2bcc0	64 20 77 69 74 68 20 61 20 6c 65 74 74 65 72 20 6f 72 20 64 69 67 69 74 2c 20 61 6e 64 20 68 61	d.with.a.letter.or.digit,.and.ha
2bce0	76 65 20 61 73 20 69 6e 74 65 72 69 6f 72 20 63 68 61 72 61 63 74 65 72 73 20 6f 6e 6c 79 20 6c	ve.as.interior.characters.only.l
2bd00	65 74 74 65 72 73 2c 20 64 69 67 69 74 73 2c 20 6f 72 20 61 20 68 79 70 68 65 6e 2e 00 43 6f 6e	etters,.digits,.or.a.hyphen..Con
2bd20	66 69 67 75 72 65 20 74 68 65 20 44 4e 53 20 60 3c 73 65 72 76 65 72 3e 60 20 49 50 2f 46 51 44	figure.the.DNS.`<server>`.IP/FQD
2bd40	4e 20 75 73 65 64 20 77 68 65 6e 20 75 70 64 61 74 69 6e 67 20 74 68 69 73 20 64 79 6e 61 6d 69	N.used.when.updating.this.dynami
2bd60	63 20 61 73 73 69 67 6e 6d 65 6e 74 2e 00 43 6f 6e 66 69 67 75 72 65 20 74 68 65 20 49 50 76 34	c.assignment..Configure.the.IPv4
2bd80	20 6f 72 20 49 50 76 36 20 6c 69 73 74 65 6e 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 54	.or.IPv6.listen.address.of.the.T
2bda0	46 54 50 20 73 65 72 76 65 72 2e 20 4d 75 6c 74 69 70 6c 65 20 49 50 76 34 20 61 6e 64 20 49 50	FTP.server..Multiple.IPv4.and.IP
2bdc0	76 36 20 61 64 64 72 65 73 73 65 73 20 63 61 6e 20 62 65 20 67 69 76 65 6e 2e 20 54 68 65 72 65	v6.addresses.can.be.given..There
2bde0	20 77 69 6c 6c 20 62 65 20 6f 6e 65 20 54 46 54 50 20 73 65 72 76 65 72 20 69 6e 73 74 61 6e 63	.will.be.one.TFTP.server.instanc
2be00	65 73 20 6c 69 73 74 65 6e 69 6e 67 20 6f 6e 20 65 61 63 68 20 49 50 20 61 64 64 72 65 73 73 2e	es.listening.on.each.IP.address.
2be20	00 43 6f 6e 66 69 67 75 72 65 20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 74 72 61 63 6b 69	.Configure.the.connection.tracki
2be40	6e 67 20 70 72 6f 74 6f 63 6f 6c 20 68 65 6c 70 65 72 20 6d 6f 64 75 6c 65 73 2e 20 41 6c 6c 20	ng.protocol.helper.modules..All.
2be60	6d 6f 64 75 6c 65 73 20 61 72 65 20 65 6e 61 62 6c 65 20 62 79 20 64 65 66 61 75 6c 74 2e 00 43	modules.are.enable.by.default..C
2be80	6f 6e 66 69 67 75 72 65 20 74 68 65 20 64 69 73 63 72 65 74 65 20 70 6f 72 74 20 75 6e 64 65 72	onfigure.the.discrete.port.under
2bea0	20 77 68 69 63 68 20 74 68 65 20 52 41 44 49 55 53 20 73 65 72 76 65 72 20 63 61 6e 20 62 65 20	.which.the.RADIUS.server.can.be.
2bec0	72 65 61 63 68 65 64 2e 00 43 6f 6e 66 69 67 75 72 65 20 74 68 65 20 64 69 73 63 72 65 74 65 20	reached..Configure.the.discrete.
2bee0	70 6f 72 74 20 75 6e 64 65 72 20 77 68 69 63 68 20 74 68 65 20 54 41 43 41 43 53 20 73 65 72 76	port.under.which.the.TACACS.serv
2bf00	65 72 20 63 61 6e 20 62 65 20 72 65 61 63 68 65 64 2e 00 43 6f 6e 66 69 67 75 72 65 20 74 68 65	er.can.be.reached..Configure.the
2bf20	20 6c 6f 61 64 2d 62 61 6c 61 6e 63 69 6e 67 20 72 65 76 65 72 73 65 2d 70 72 6f 78 79 20 73 65	.load-balancing.reverse-proxy.se
2bf40	72 76 69 63 65 20 66 6f 72 20 48 54 54 50 2e 00 43 6f 6e 66 69 67 75 72 65 20 75 73 65 72 20 64	rvice.for.HTTP..Configure.user.d
2bf60	65 66 69 6e 65 64 20 3a 61 62 62 72 3a 60 4d 41 43 20 28 4d 65 64 69 61 20 41 63 63 65 73 73 20	efined.:abbr:`MAC.(Media.Access.
2bf80	43 6f 6e 74 72 6f 6c 29 60 20 61 64 64 72 65 73 73 20 6f 6e 20 67 69 76 65 6e 20 60 3c 69 6e 74	Control)`.address.on.given.`<int
2bfa0	65 72 66 61 63 65 3e 60 2e 00 43 6f 6e 66 69 67 75 72 65 64 20 72 6f 75 74 69 6e 67 20 74 61 62	erface>`..Configured.routing.tab
2bfc0	6c 65 20 60 3c 69 64 3e 60 20 69 73 20 75 73 65 64 20 62 79 20 56 52 46 20 60 3c 6e 61 6d 65 3e	le.`<id>`.is.used.by.VRF.`<name>
2bfe0	60 2e 00 43 6f 6e 66 69 67 75 72 65 64 20 76 61 6c 75 65 00 43 6f 6e 66 69 67 75 72 65 73 20 74	`..Configured.value.Configures.t
2c000	68 65 20 42 47 50 20 73 70 65 61 6b 65 72 20 73 6f 20 74 68 61 74 20 69 74 20 6f 6e 6c 79 20 61	he.BGP.speaker.so.that.it.only.a
2c020	63 63 65 70 74 73 20 69 6e 62 6f 75 6e 64 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 66 72 6f 6d 2c	ccepts.inbound.connections.from,
2c040	20 62 75 74 20 64 6f 65 73 20 6e 6f 74 20 69 6e 69 74 69 61 74 65 20 6f 75 74 62 6f 75 6e 64 20	.but.does.not.initiate.outbound.
2c060	63 6f 6e 6e 65 63 74 69 6f 6e 73 20 74 6f 20 74 68 65 20 70 65 65 72 20 6f 72 20 70 65 65 72 20	connections.to.the.peer.or.peer.
2c080	67 72 6f 75 70 2e 00 43 6f 6e 66 69 67 75 72 69 6e 67 20 52 41 44 49 55 53 20 61 63 63 6f 75 6e	group..Configuring.RADIUS.accoun
2c0a0	74 69 6e 67 00 43 6f 6e 66 69 67 75 72 69 6e 67 20 61 20 6c 69 73 74 65 6e 2d 61 64 64 72 65 73	ting.Configuring.a.listen-addres
2c0c0	73 20 69 73 20 65 73 73 65 6e 74 69 61 6c 20 66 6f 72 20 74 68 65 20 73 65 72 76 69 63 65 20 74	s.is.essential.for.the.service.t
2c0e0	6f 20 77 6f 72 6b 2e 00 43 6f 6e 6e 65 63 74 2f 44 69 73 63 6f 6e 6e 65 63 74 00 43 6f 6e 6e 65	o.work..Connect/Disconnect.Conne
2c100	63 74 65 64 20 63 6c 69 65 6e 74 20 73 68 6f 75 6c 64 20 75 73 65 20 60 3c 61 64 64 72 65 73 73	cted.client.should.use.`<address
2c120	3e 60 20 61 73 20 74 68 65 69 72 20 44 4e 53 20 73 65 72 76 65 72 2e 20 54 68 69 73 20 63 6f 6d	>`.as.their.DNS.server..This.com
2c140	6d 61 6e 64 20 61 63 63 65 70 74 73 20 62 6f 74 68 20 49 50 76 34 20 61 6e 64 20 49 50 76 36 20	mand.accepts.both.IPv4.and.IPv6.
2c160	61 64 64 72 65 73 73 65 73 2e 20 55 70 20 74 6f 20 74 77 6f 20 6e 61 6d 65 73 65 72 76 65 72 73	addresses..Up.to.two.nameservers
2c180	20 63 61 6e 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 66 6f 72 20 49 50 76 34 2c 20 75 70 20	.can.be.configured.for.IPv4,.up.
2c1a0	74 6f 20 74 68 72 65 65 20 66 6f 72 20 49 50 76 36 2e 00 43 6f 6e 6e 65 63 74 69 6f 6e 73 20 74	to.three.for.IPv6..Connections.t
2c1c0	6f 20 74 68 65 20 52 50 4b 49 20 63 61 63 68 69 6e 67 20 73 65 72 76 65 72 20 63 61 6e 20 6e 6f	o.the.RPKI.caching.server.can.no
2c1e0	74 20 6f 6e 6c 79 20 62 65 20 65 73 74 61 62 6c 69 73 68 65 64 20 62 79 20 48 54 54 50 2f 54 4c	t.only.be.established.by.HTTP/TL
2c200	53 20 62 75 74 20 79 6f 75 20 63 61 6e 20 61 6c 73 6f 20 72 65 6c 79 20 6f 6e 20 61 20 73 65 63	S.but.you.can.also.rely.on.a.sec
2c220	75 72 65 20 53 53 48 20 73 65 73 73 69 6f 6e 20 74 6f 20 74 68 65 20 73 65 72 76 65 72 2e 20 54	ure.SSH.session.to.the.server..T
2c240	6f 20 65 6e 61 62 6c 65 20 53 53 48 20 79 6f 75 20 66 69 72 73 74 20 6e 65 65 64 20 74 6f 20 63	o.enable.SSH.you.first.need.to.c
2c260	72 65 61 74 65 20 79 6f 75 72 73 65 6c 73 20 61 6e 20 53 53 48 20 63 6c 69 65 6e 74 20 6b 65 79	reate.yoursels.an.SSH.client.key
2c280	70 61 69 72 20 75 73 69 6e 67 20 60 60 67 65 6e 65 72 61 74 65 20 73 73 68 20 63 6c 69 65 6e 74	pair.using.``generate.ssh.client
2c2a0	2d 6b 65 79 20 2f 63 6f 6e 66 69 67 2f 61 75 74 68 2f 69 64 5f 72 73 61 5f 72 70 6b 69 60 60 2e	-key./config/auth/id_rsa_rpki``.
2c2c0	20 4f 6e 63 65 20 79 6f 75 72 20 6b 65 79 20 69 73 20 63 72 65 61 74 65 64 20 79 6f 75 20 63 61	.Once.your.key.is.created.you.ca
2c2e0	6e 20 73 65 74 75 70 20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 2e 00 43 6f 6e 6e 74 72 61 63	n.setup.the.connection..Conntrac
2c300	6b 00 43 6f 6e 6e 74 72 61 63 6b 20 53 79 6e 63 00 43 6f 6e 6e 74 72 61 63 6b 20 53 79 6e 63 20	k.Conntrack.Sync.Conntrack.Sync.
2c320	45 78 61 6d 70 6c 65 00 43 6f 6e 73 6f 6c 65 00 43 6f 6e 73 6f 6c 65 20 53 65 72 76 65 72 00 43	Example.Console.Console.Server.C
2c340	6f 6e 73 74 72 61 69 6e 20 74 68 65 20 6d 65 6d 6f 72 79 20 61 76 61 69 6c 61 62 6c 65 20 74 6f	onstrain.the.memory.available.to
2c360	20 74 68 65 20 63 6f 6e 74 61 69 6e 65 72 2e 00 43 6f 6e 74 61 69 6e 65 72 00 43 6f 6e 76 65 72	.the.container..Container.Conver
2c380	74 20 74 68 65 20 61 64 64 72 65 73 73 20 70 72 65 66 69 78 20 6f 66 20 61 20 73 69 6e 67 6c 65	t.the.address.prefix.of.a.single
2c3a0	20 60 66 63 30 30 3a 3a 2f 36 34 60 20 6e 65 74 77 6f 72 6b 20 74 6f 20 60 66 63 30 31 3a 3a 2f	.`fc00::/64`.network.to.`fc01::/
2c3c0	36 34 60 00 43 6f 6e 76 65 72 74 20 74 68 65 20 61 64 64 72 65 73 73 20 70 72 65 66 69 78 20 6f	64`.Convert.the.address.prefix.o
2c3e0	66 20 61 20 73 69 6e 67 6c 65 20 60 66 63 30 31 3a 3a 2f 36 34 60 20 6e 65 74 77 6f 72 6b 20 74	f.a.single.`fc01::/64`.network.t
2c400	6f 20 60 66 63 30 30 3a 3a 2f 36 34 60 00 43 6f 70 79 20 74 68 65 20 6b 65 79 2c 20 61 73 20 69	o.`fc00::/64`.Copy.the.key,.as.i
2c420	74 20 69 73 20 6e 6f 74 20 73 74 6f 72 65 64 20 6f 6e 20 74 68 65 20 6c 6f 63 61 6c 20 66 69 6c	t.is.not.stored.on.the.local.fil
2c440	65 73 79 73 74 65 6d 2e 20 42 65 63 61 75 73 65 20 69 74 20 69 73 20 61 20 73 79 6d 6d 65 74 72	esystem..Because.it.is.a.symmetr
2c460	69 63 20 6b 65 79 2c 20 6f 6e 6c 79 20 79 6f 75 20 61 6e 64 20 79 6f 75 72 20 70 65 65 72 20 73	ic.key,.only.you.and.your.peer.s
2c480	68 6f 75 6c 64 20 68 61 76 65 20 6b 6e 6f 77 6c 65 64 67 65 20 6f 66 20 69 74 73 20 63 6f 6e 74	hould.have.knowledge.of.its.cont
2c4a0	65 6e 74 2e 20 4d 61 6b 65 20 73 75 72 65 20 79 6f 75 20 64 69 73 74 72 69 62 75 74 65 20 74 68	ent..Make.sure.you.distribute.th
2c4c0	65 20 6b 65 79 20 69 6e 20 61 20 73 61 66 65 20 6d 61 6e 6e 65 72 2c 00 43 6f 75 6e 74 72 79 20	e.key.in.a.safe.manner,.Country.
2c4e0	63 6f 64 65 20 28 49 53 4f 2f 49 45 43 20 33 31 36 36 2d 31 29 2e 20 55 73 65 64 20 74 6f 20 73	code.(ISO/IEC.3166-1)..Used.to.s
2c500	65 74 20 72 65 67 75 6c 61 74 6f 72 79 20 64 6f 6d 61 69 6e 2e 20 53 65 74 20 61 73 20 6e 65 65	et.regulatory.domain..Set.as.nee
2c520	64 65 64 20 74 6f 20 69 6e 64 69 63 61 74 65 20 63 6f 75 6e 74 72 79 20 69 6e 20 77 68 69 63 68	ded.to.indicate.country.in.which
2c540	20 64 65 76 69 63 65 20 69 73 20 6f 70 65 72 61 74 69 6e 67 2e 20 54 68 69 73 20 63 61 6e 20 6c	.device.is.operating..This.can.l
2c560	69 6d 69 74 20 61 76 61 69 6c 61 62 6c 65 20 63 68 61 6e 6e 65 6c 73 20 61 6e 64 20 74 72 61 6e	imit.available.channels.and.tran
2c580	73 6d 69 74 20 70 6f 77 65 72 2e 00 43 72 65 61 74 20 63 6f 6d 6d 75 6e 69 74 79 2d 6c 69 73 74	smit.power..Creat.community-list
2c5a0	20 70 6f 6c 69 63 79 20 69 64 65 6e 74 69 66 69 65 64 20 62 79 20 6e 61 6d 65 20 3c 74 65 78 74	.policy.identified.by.name.<text
2c5c0	3e 2e 00 43 72 65 61 74 20 65 78 74 63 6f 6d 6d 75 6e 69 74 79 2d 6c 69 73 74 20 70 6f 6c 69 63	>..Creat.extcommunity-list.polic
2c5e0	79 20 69 64 65 6e 74 69 66 69 65 64 20 62 79 20 6e 61 6d 65 20 3c 74 65 78 74 3e 2e 00 43 72 65	y.identified.by.name.<text>..Cre
2c600	61 74 65 20 44 48 43 50 20 61 64 64 72 65 73 73 20 72 61 6e 67 65 20 77 69 74 68 20 61 20 72 61	ate.DHCP.address.range.with.a.ra
2c620	6e 67 65 20 69 64 20 6f 66 20 60 3c 6e 3e 60 2e 20 44 48 43 50 20 6c 65 61 73 65 73 20 61 72 65	nge.id.of.`<n>`..DHCP.leases.are
2c640	20 74 61 6b 65 6e 20 66 72 6f 6d 20 74 68 69 73 20 70 6f 6f 6c 2e 20 54 68 65 20 70 6f 6f 6c 20	.taken.from.this.pool..The.pool.
2c660	73 74 61 72 74 73 20 61 74 20 61 64 64 72 65 73 73 20 60 3c 61 64 64 72 65 73 73 3e 60 2e 00 43	starts.at.address.`<address>`..C
2c680	72 65 61 74 65 20 44 48 43 50 20 61 64 64 72 65 73 73 20 72 61 6e 67 65 20 77 69 74 68 20 61 20	reate.DHCP.address.range.with.a.
2c6a0	72 61 6e 67 65 20 69 64 20 6f 66 20 60 3c 6e 3e 60 2e 20 44 48 43 50 20 6c 65 61 73 65 73 20 61	range.id.of.`<n>`..DHCP.leases.a
2c6c0	72 65 20 74 61 6b 65 6e 20 66 72 6f 6d 20 74 68 69 73 20 70 6f 6f 6c 2e 20 54 68 65 20 70 6f 6f	re.taken.from.this.pool..The.poo
2c6e0	6c 20 73 74 6f 70 73 20 77 69 74 68 20 61 64 64 72 65 73 73 20 60 3c 61 64 64 72 65 73 73 3e 60	l.stops.with.address.`<address>`
2c700	2e 00 43 72 65 61 74 65 20 44 4e 53 20 72 65 63 6f 72 64 20 70 65 72 20 63 6c 69 65 6e 74 20 6c	..Create.DNS.record.per.client.l
2c720	65 61 73 65 2c 20 62 79 20 61 64 64 69 6e 67 20 63 6c 69 65 6e 74 73 20 74 6f 20 2f 65 74 63 2f	ease,.by.adding.clients.to./etc/
2c740	68 6f 73 74 73 20 66 69 6c 65 2e 20 45 6e 74 72 79 20 77 69 6c 6c 20 68 61 76 65 20 66 6f 72 6d	hosts.file..Entry.will.have.form
2c760	61 74 3a 20 60 3c 73 68 61 72 65 64 2d 6e 65 74 77 6f 72 6b 2d 6e 61 6d 65 3e 5f 3c 68 6f 73 74	at:.`<shared-network-name>_<host
2c780	6e 61 6d 65 3e 2e 3c 64 6f 6d 61 69 6e 2d 6e 61 6d 65 3e 60 00 43 72 65 61 74 65 20 60 3c 75 73	name>.<domain-name>`.Create.`<us
2c7a0	65 72 3e 60 20 66 6f 72 20 6c 6f 63 61 6c 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 6f 6e	er>`.for.local.authentication.on
2c7c0	20 74 68 69 73 20 73 79 73 74 65 6d 2e 20 54 68 65 20 75 73 65 72 73 20 70 61 73 73 77 6f 72 64	.this.system..The.users.password
2c7e0	20 77 69 6c 6c 20 62 65 20 73 65 74 20 74 6f 20 60 3c 70 61 73 73 3e 60 2e 00 43 72 65 61 74 65	.will.be.set.to.`<pass>`..Create
2c800	20 61 20 62 61 73 69 63 20 62 72 69 64 67 65 00 43 72 65 61 74 65 20 61 20 66 69 6c 65 20 6e 61	.a.basic.bridge.Create.a.file.na
2c820	6d 65 64 20 60 60 56 79 4f 53 2d 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e 34 34 36 34 31 2e 43 6f 6e	med.``VyOS-1.3.6.1.4.1.44641.Con
2c840	66 69 67 4d 67 6d 74 2d 43 6f 6d 6d 61 6e 64 73 60 60 20 75 73 69 6e 67 20 74 68 65 20 66 6f 6c	figMgmt-Commands``.using.the.fol
2c860	6c 6f 77 69 6e 67 20 63 6f 6e 74 65 6e 74 3a 00 43 72 65 61 74 65 20 61 20 6c 6f 61 64 20 62 61	lowing.content:.Create.a.load.ba
2c880	6c 61 6e 63 69 6e 67 20 72 75 6c 65 2c 20 69 74 20 63 61 6e 20 62 65 20 61 20 6e 75 6d 62 65 72	lancing.rule,.it.can.be.a.number
2c8a0	20 62 65 74 77 65 65 6e 20 31 20 61 6e 64 20 39 39 39 39 3a 00 43 72 65 61 74 65 20 61 20 6e 65	.between.1.and.9999:.Create.a.ne
2c8c0	77 20 3a 61 62 62 72 3a 60 43 41 20 28 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69	w.:abbr:`CA.(Certificate.Authori
2c8e0	74 79 29 60 20 61 6e 64 20 6f 75 74 70 75 74 20 74 68 65 20 43 41 73 20 70 75 62 6c 69 63 20 61	ty)`.and.output.the.CAs.public.a
2c900	6e 64 20 70 72 69 76 61 74 65 20 6b 65 79 20 6f 6e 20 74 68 65 20 63 6f 6e 73 6f 6c 65 2e 00 43	nd.private.key.on.the.console..C
2c920	72 65 61 74 65 20 61 20 6e 65 77 20 44 48 43 50 20 73 74 61 74 69 63 20 6d 61 70 70 69 6e 67 20	reate.a.new.DHCP.static.mapping.
2c940	6e 61 6d 65 64 20 60 3c 64 65 73 63 72 69 70 74 69 6f 6e 3e 60 20 77 68 69 63 68 20 69 73 20 76	named.`<description>`.which.is.v
2c960	61 6c 69 64 20 66 6f 72 20 74 68 65 20 68 6f 73 74 20 69 64 65 6e 74 69 66 69 65 64 20 62 79 20	alid.for.the.host.identified.by.
2c980	69 74 73 20 4d 41 43 20 60 3c 61 64 64 72 65 73 73 3e 60 2e 00 43 72 65 61 74 65 20 61 20 6e 65	its.MAC.`<address>`..Create.a.ne
2c9a0	77 20 56 4c 41 4e 20 69 6e 74 65 72 66 61 63 65 20 6f 6e 20 69 6e 74 65 72 66 61 63 65 20 60 3c	w.VLAN.interface.on.interface.`<
2c9c0	69 6e 74 65 72 66 61 63 65 3e 60 20 75 73 69 6e 67 20 74 68 65 20 56 4c 41 4e 20 6e 75 6d 62 65	interface>`.using.the.VLAN.numbe
2c9e0	72 20 70 72 6f 76 69 64 65 64 20 76 69 61 20 60 3c 76 6c 61 6e 2d 69 64 3e 60 2e 00 43 72 65 61	r.provided.via.`<vlan-id>`..Crea
2ca00	74 65 20 61 20 6e 65 77 20 70 75 62 6c 69 63 2f 70 72 69 76 61 74 65 20 6b 65 79 70 61 69 72 20	te.a.new.public/private.keypair.
2ca20	61 6e 64 20 6f 75 74 70 75 74 20 74 68 65 20 63 65 72 74 69 66 69 63 61 74 65 20 6f 6e 20 74 68	and.output.the.certificate.on.th
2ca40	65 20 63 6f 6e 73 6f 6c 65 2e 00 43 72 65 61 74 65 20 61 20 6e 65 77 20 70 75 62 6c 69 63 2f 70	e.console..Create.a.new.public/p
2ca60	72 69 76 61 74 65 20 6b 65 79 70 61 69 72 20 77 68 69 63 68 20 69 73 20 73 69 67 6e 65 64 20 62	rivate.keypair.which.is.signed.b
2ca80	79 20 74 68 65 20 43 41 20 72 65 66 65 72 65 6e 63 65 64 20 62 79 20 60 63 61 2d 6e 61 6d 65 60	y.the.CA.referenced.by.`ca-name`
2caa0	2e 20 54 68 65 20 73 69 67 6e 65 64 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20 74 68 65 6e	..The.signed.certificate.is.then
2cac0	20 6f 75 74 70 75 74 20 74 6f 20 74 68 65 20 63 6f 6e 73 6f 6c 65 2e 00 43 72 65 61 74 65 20 61	.output.to.the.console..Create.a
2cae0	20 6e 65 77 20 73 65 6c 66 2d 73 69 67 6e 65 64 20 63 65 72 74 69 66 69 63 61 74 65 2e 20 54 68	.new.self-signed.certificate..Th
2cb00	65 20 70 75 62 6c 69 63 2f 70 72 69 76 61 74 65 20 69 73 20 74 68 65 6e 20 73 68 6f 77 6e 20 6f	e.public/private.is.then.shown.o
2cb20	6e 20 74 68 65 20 63 6f 6e 73 6f 6c 65 2e 00 43 72 65 61 74 65 20 61 20 6e 65 77 20 73 75 62 6f	n.the.console..Create.a.new.subo
2cb40	72 64 69 6e 61 74 65 20 3a 61 62 62 72 3a 60 43 41 20 28 43 65 72 74 69 66 69 63 61 74 65 20 41	rdinate.:abbr:`CA.(Certificate.A
2cb60	75 74 68 6f 72 69 74 79 29 60 20 61 6e 64 20 73 69 67 6e 20 69 74 20 75 73 69 6e 67 20 74 68 65	uthority)`.and.sign.it.using.the
2cb80	20 70 72 69 76 61 74 65 20 6b 65 79 20 72 65 66 65 72 65 6e 63 65 64 20 62 79 20 60 63 61 2d 6e	.private.key.referenced.by.`ca-n
2cba0	61 6d 65 60 2e 00 43 72 65 61 74 65 20 61 20 6e 65 77 20 73 75 62 6f 72 64 69 6e 61 74 65 20 3a	ame`..Create.a.new.subordinate.:
2cbc0	61 62 62 72 3a 60 43 41 20 28 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 29	abbr:`CA.(Certificate.Authority)
2cbe0	60 20 61 6e 64 20 73 69 67 6e 20 69 74 20 75 73 69 6e 67 20 74 68 65 20 70 72 69 76 61 74 65 20	`.and.sign.it.using.the.private.
2cc00	6b 65 79 20 72 65 66 65 72 65 6e 63 65 64 20 62 79 20 60 6e 61 6d 65 60 2e 00 43 72 65 61 74 65	key.referenced.by.`name`..Create
2cc20	20 61 20 70 65 65 72 20 61 73 20 79 6f 75 20 77 6f 75 6c 64 20 77 68 65 6e 20 79 6f 75 20 73 70	.a.peer.as.you.would.when.you.sp
2cc40	65 63 69 66 79 20 61 6e 20 41 53 4e 2c 20 65 78 63 65 70 74 20 74 68 61 74 20 69 66 20 74 68 65	ecify.an.ASN,.except.that.if.the
2cc60	20 70 65 65 72 73 20 41 53 4e 20 69 73 20 64 69 66 66 65 72 65 6e 74 20 74 68 61 6e 20 6d 69 6e	.peers.ASN.is.different.than.min
2cc80	65 20 61 73 20 73 70 65 63 69 66 69 65 64 20 75 6e 64 65 72 20 74 68 65 20 3a 63 66 67 63 6d 64	e.as.specified.under.the.:cfgcmd
2cca0	3a 60 70 72 6f 74 6f 63 6f 6c 73 20 62 67 70 20 3c 61 73 6e 3e 60 20 63 6f 6d 6d 61 6e 64 20 74	:`protocols.bgp.<asn>`.command.t
2ccc0	68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 77 69 6c 6c 20 62 65 20 64 65 6e 69 65 64 2e 00 43 72	he.connection.will.be.denied..Cr
2cce0	65 61 74 65 20 61 20 70 65 65 72 20 61 73 20 79 6f 75 20 77 6f 75 6c 64 20 77 68 65 6e 20 79 6f	eate.a.peer.as.you.would.when.yo
2cd00	75 20 73 70 65 63 69 66 79 20 61 6e 20 41 53 4e 2c 20 65 78 63 65 70 74 20 74 68 61 74 20 69 66	u.specify.an.ASN,.except.that.if
2cd20	20 74 68 65 20 70 65 65 72 73 20 41 53 4e 20 69 73 20 74 68 65 20 73 61 6d 65 20 61 73 20 6d 69	.the.peers.ASN.is.the.same.as.mi
2cd40	6e 65 20 61 73 20 73 70 65 63 69 66 69 65 64 20 75 6e 64 65 72 20 74 68 65 20 3a 63 66 67 63 6d	ne.as.specified.under.the.:cfgcm
2cd60	64 3a 60 70 72 6f 74 6f 63 6f 6c 73 20 62 67 70 20 3c 61 73 6e 3e 60 20 63 6f 6d 6d 61 6e 64 20	d:`protocols.bgp.<asn>`.command.
2cd80	74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 77 69 6c 6c 20 62 65 20 64 65 6e 69 65 64 2e 00 43	the.connection.will.be.denied..C
2cda0	72 65 61 74 65 20 61 20 73 74 61 74 69 63 20 68 6f 73 74 6e 61 6d 65 20 6d 61 70 70 69 6e 67 20	reate.a.static.hostname.mapping.
2cdc0	77 68 69 63 68 20 77 69 6c 6c 20 61 6c 77 61 79 73 20 72 65 73 6f 6c 76 65 20 74 68 65 20 6e 61	which.will.always.resolve.the.na
2cde0	6d 65 20 60 3c 68 6f 73 74 6e 61 6d 65 3e 60 20 74 6f 20 49 50 20 61 64 64 72 65 73 73 20 60 3c	me.`<hostname>`.to.IP.address.`<
2ce00	61 64 64 72 65 73 73 3e 60 2e 00 43 72 65 61 74 65 20 61 73 2d 70 61 74 68 2d 70 6f 6c 69 63 79	address>`..Create.as-path-policy
2ce20	20 69 64 65 6e 74 69 66 69 65 64 20 62 79 20 6e 61 6d 65 20 3c 74 65 78 74 3e 2e 00 43 72 65 61	.identified.by.name.<text>..Crea
2ce40	74 65 20 6c 61 72 67 65 2d 63 6f 6d 6d 75 6e 69 74 79 2d 6c 69 73 74 20 70 6f 6c 69 63 79 20 69	te.large-community-list.policy.i
2ce60	64 65 6e 74 69 66 69 65 64 20 62 79 20 6e 61 6d 65 20 3c 74 65 78 74 3e 2e 00 43 72 65 61 74 65	dentified.by.name.<text>..Create
2ce80	20 6e 61 6d 65 64 20 60 3c 61 6c 69 61 73 3e 60 20 66 6f 72 20 74 68 65 20 63 6f 6e 66 69 67 75	.named.`<alias>`.for.the.configu
2cea0	72 65 64 20 73 74 61 74 69 63 20 6d 61 70 70 69 6e 67 20 66 6f 72 20 60 3c 68 6f 73 74 6e 61 6d	red.static.mapping.for.`<hostnam
2cec0	65 3e 60 2e 20 54 68 75 73 20 74 68 65 20 61 64 64 72 65 73 73 20 63 6f 6e 66 69 67 75 72 65 64	e>`..Thus.the.address.configured
2cee0	20 61 73 20 3a 63 66 67 63 6d 64 3a 60 73 65 74 20 73 79 73 74 65 6d 20 73 74 61 74 69 63 2d 68	.as.:cfgcmd:`set.system.static-h
2cf00	6f 73 74 2d 6d 61 70 70 69 6e 67 20 68 6f 73 74 2d 6e 61 6d 65 20 3c 68 6f 73 74 6e 61 6d 65 3e	ost-mapping.host-name.<hostname>
2cf20	20 69 6e 65 74 20 3c 61 64 64 72 65 73 73 3e 60 20 63 61 6e 20 62 65 20 72 65 61 63 68 65 64 20	.inet.<address>`.can.be.reached.
2cf40	76 69 61 20 6d 75 6c 74 69 70 6c 65 20 6e 61 6d 65 73 2e 00 43 72 65 61 74 65 20 6e 65 77 20 3a	via.multiple.names..Create.new.:
2cf60	72 66 63 3a 60 32 31 33 36 60 20 44 4e 53 20 75 70 64 61 74 65 20 63 6f 6e 66 69 67 75 72 61 74	rfc:`2136`.DNS.update.configurat
2cf80	69 6f 6e 20 77 68 69 63 68 20 77 69 6c 6c 20 75 70 64 61 74 65 20 74 68 65 20 49 50 20 61 64 64	ion.which.will.update.the.IP.add
2cfa0	72 65 73 73 20 61 73 73 69 67 6e 65 64 20 74 6f 20 60 3c 69 6e 74 65 72 66 61 63 65 3e 60 20 6f	ress.assigned.to.`<interface>`.o
2cfc0	6e 20 74 68 65 20 73 65 72 76 69 63 65 20 79 6f 75 20 63 6f 6e 66 69 67 75 72 65 64 20 75 6e 64	n.the.service.you.configured.und
2cfe0	65 72 20 60 3c 73 65 72 76 69 63 65 2d 6e 61 6d 65 3e 60 2e 00 43 72 65 61 74 65 20 6e 65 77 20	er.`<service-name>`..Create.new.
2d000	56 52 46 20 69 6e 73 74 61 6e 63 65 20 77 69 74 68 20 60 3c 6e 61 6d 65 3e 60 2e 20 54 68 65 20	VRF.instance.with.`<name>`..The.
2d020	6e 61 6d 65 20 69 73 20 75 73 65 64 20 77 68 65 6e 20 70 6c 61 63 69 6e 67 20 69 6e 64 69 76 69	name.is.used.when.placing.indivi
2d040	64 75 61 6c 20 69 6e 74 65 72 66 61 63 65 73 20 69 6e 74 6f 20 74 68 65 20 56 52 46 2e 00 43 72	dual.interfaces.into.the.VRF..Cr
2d060	65 61 74 65 20 6e 65 77 20 73 79 73 74 65 6d 20 75 73 65 72 20 77 69 74 68 20 75 73 65 72 6e 61	eate.new.system.user.with.userna
2d080	6d 65 20 60 3c 6e 61 6d 65 3e 60 20 61 6e 64 20 72 65 61 6c 2d 6e 61 6d 65 20 73 70 65 63 69 66	me.`<name>`.and.real-name.specif
2d0a0	69 65 64 20 62 79 20 60 3c 73 74 72 69 6e 67 3e 60 2e 00 43 72 65 61 74 65 20 73 65 72 76 69 63	ied.by.`<string>`..Create.servic
2d0c0	65 20 60 3c 6e 61 6d 65 3e 60 20 74 6f 20 6c 69 73 74 65 6e 20 6f 6e 20 3c 70 6f 72 74 3e 00 43	e.`<name>`.to.listen.on.<port>.C
2d0e0	72 65 61 74 65 73 20 61 20 6e 61 6d 65 64 20 63 6f 6e 74 61 69 6e 65 72 20 6e 65 74 77 6f 72 6b	reates.a.named.container.network
2d100	00 43 72 65 61 74 65 73 20 73 74 61 74 69 63 20 70 65 65 72 20 6d 61 70 70 69 6e 67 20 6f 66 20	.Creates.static.peer.mapping.of.
2d120	70 72 6f 74 6f 63 6f 6c 2d 61 64 64 72 65 73 73 20 74 6f 20 3a 61 62 62 72 3a 60 4e 42 4d 41 20	protocol-address.to.:abbr:`NBMA.
2d140	28 4e 6f 6e 2d 62 72 6f 61 64 63 61 73 74 20 6d 75 6c 74 69 70 6c 65 2d 61 63 63 65 73 73 20 6e	(Non-broadcast.multiple-access.n
2d160	65 74 77 6f 72 6b 29 60 20 61 64 64 72 65 73 73 2e 00 43 72 65 61 74 69 6e 67 20 61 20 62 72 69	etwork)`.address..Creating.a.bri
2d180	64 67 65 20 69 6e 74 65 72 66 61 63 65 20 69 73 20 76 65 72 79 20 73 69 6d 70 6c 65 2e 20 49 6e	dge.interface.is.very.simple..In
2d1a0	20 74 68 69 73 20 65 78 61 6d 70 6c 65 2c 20 77 65 20 77 69 6c 6c 20 68 61 76 65 3a 00 43 72 65	.this.example,.we.will.have:.Cre
2d1c0	61 74 69 6e 67 20 61 20 74 72 61 66 66 69 63 20 70 6f 6c 69 63 79 00 43 72 69 74 69 63 61 6c 00	ating.a.traffic.policy.Critical.
2d1e0	43 72 69 74 69 63 61 6c 20 63 6f 6e 64 69 74 69 6f 6e 73 20 2d 20 65 2e 67 2e 20 68 61 72 64 20	Critical.conditions.-.e.g..hard.
2d200	64 72 69 76 65 20 65 72 72 6f 72 73 2e 00 43 72 79 73 74 61 6c 66 6f 6e 74 7a 20 43 46 41 2d 35	drive.errors..Crystalfontz.CFA-5
2d220	33 33 00 43 72 79 73 74 61 6c 66 6f 6e 74 7a 20 43 46 41 2d 36 33 31 00 43 72 79 73 74 61 6c 66	33.Crystalfontz.CFA-631.Crystalf
2d240	6f 6e 74 7a 20 43 46 41 2d 36 33 33 00 43 72 79 73 74 61 6c 66 6f 6e 74 7a 20 43 46 41 2d 36 33	ontz.CFA-633.Crystalfontz.CFA-63
2d260	35 00 43 75 72 20 48 6f 70 20 4c 69 6d 69 74 00 43 75 72 72 65 6e 74 6c 79 20 64 6f 65 73 20 6e	5.Cur.Hop.Limit.Currently.does.n
2d280	6f 74 20 64 6f 20 6d 75 63 68 20 61 73 20 63 61 63 68 69 6e 67 20 69 73 20 6e 6f 74 20 69 6d 70	ot.do.much.as.caching.is.not.imp
2d2a0	6c 65 6d 65 6e 74 65 64 2e 00 43 75 72 72 65 6e 74 6c 79 20 64 79 6e 61 6d 69 63 20 72 6f 75 74	lemented..Currently.dynamic.rout
2d2c0	69 6e 67 20 69 73 20 73 75 70 70 6f 72 74 65 64 20 66 6f 72 20 74 68 65 20 66 6f 6c 6c 6f 77 69	ing.is.supported.for.the.followi
2d2e0	6e 67 20 70 72 6f 74 6f 63 6f 6c 73 3a 00 43 75 73 74 6f 6d 20 46 69 6c 65 00 43 75 73 74 6f 6d	ng.protocols:.Custom.File.Custom
2d300	20 66 69 72 65 77 61 6c 6c 20 63 68 61 69 6e 73 20 63 61 6e 20 62 65 20 63 72 65 61 74 65 64 2c	.firewall.chains.can.be.created,
2d320	20 77 69 74 68 20 63 6f 6d 6d 61 6e 64 73 20 60 60 73 65 74 20 66 69 72 65 77 61 6c 6c 20 5b 69	.with.commands.``set.firewall.[i
2d340	70 76 34 20 7c 20 69 70 76 36 5d 20 5b 6e 61 6d 65 20 7c 20 69 70 76 36 2d 6e 61 6d 65 5d 20 3c	pv4.|.ipv6].[name.|.ipv6-name].<
2d360	6e 61 6d 65 3e 20 2e 2e 2e 60 60 2e 20 49 6e 20 6f 72 64 65 72 20 74 6f 20 75 73 65 20 73 75 63	name>....``..In.order.to.use.suc
2d380	68 20 63 75 73 74 6f 6d 20 63 68 61 69 6e 2c 20 61 20 72 75 6c 65 20 77 69 74 68 20 2a 2a 61 63	h.custom.chain,.a.rule.with.**ac
2d3a0	74 69 6f 6e 20 6a 75 6d 70 2a 2a 2c 20 61 6e 64 20 74 68 65 20 61 70 70 72 6f 70 69 61 74 65 20	tion.jump**,.and.the.appropiate.
2d3c0	2a 2a 74 61 72 67 65 74 2a 2a 20 73 68 6f 75 6c 64 20 62 65 20 64 65 66 69 6e 65 64 20 69 6e 20	**target**.should.be.defined.in.
2d3e0	61 20 62 61 73 65 20 63 68 61 69 6e 2e 00 43 75 73 74 6f 6d 20 68 65 61 6c 74 68 2d 63 68 65 63	a.base.chain..Custom.health-chec
2d400	6b 20 73 63 72 69 70 74 20 61 6c 6c 6f 77 73 20 63 68 65 63 6b 69 6e 67 20 72 65 61 6c 2d 73 65	k.script.allows.checking.real-se
2d420	72 76 65 72 20 61 76 61 69 6c 61 62 69 6c 69 74 79 00 43 75 73 74 6f 6d 69 7a 65 64 20 69 67 6e	rver.availability.Customized.ign
2d440	6f 72 65 20 72 75 6c 65 73 2c 20 62 61 73 65 64 20 6f 6e 20 61 20 70 61 63 6b 65 74 20 61 6e 64	ore.rules,.based.on.a.packet.and
2d460	20 66 6c 6f 77 20 73 65 6c 65 63 74 6f 72 2e 00 44 43 4f 20 63 61 6e 20 62 65 20 65 6e 61 62 6c	.flow.selector..DCO.can.be.enabl
2d480	65 64 20 66 6f 72 20 62 6f 74 68 20 6e 65 77 20 61 6e 64 20 65 78 69 73 74 69 6e 67 20 74 75 6e	ed.for.both.new.and.existing.tun
2d4a0	6e 65 6c 73 2c 56 79 4f 53 20 61 64 64 73 20 61 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 65 61 63 68	nels,VyOS.adds.an.option.in.each
2d4c0	20 74 75 6e 6e 65 6c 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 77 68 65 72 65 20 77 65 20 63	.tunnel.configuration.where.we.c
2d4e0	61 6e 20 65 6e 61 62 6c 65 20 74 68 69 73 20 66 75 6e 63 74 69 6f 6e 20 20 2e 54 68 65 20 63 75	an.enable.this.function...The.cu
2d500	72 72 65 6e 74 20 62 65 73 74 20 70 72 61 63 74 69 63 65 20 69 73 20 74 6f 20 63 72 65 61 74 65	rrent.best.practice.is.to.create
2d520	20 61 20 6e 65 77 20 74 75 6e 6e 65 6c 20 77 69 74 68 20 44 43 4f 20 74 6f 20 6d 69 6e 69 6d 69	.a.new.tunnel.with.DCO.to.minimi
2d540	7a 65 20 74 68 65 20 63 68 61 6e 63 65 20 6f 66 20 70 72 6f 62 6c 65 6d 73 20 77 69 74 68 20 65	ze.the.chance.of.problems.with.e
2d560	78 69 73 74 69 6e 67 20 63 6c 69 65 6e 74 73 2e 00 44 43 4f 20 73 75 70 70 6f 72 74 20 69 73 20	xisting.clients..DCO.support.is.
2d580	61 20 70 65 72 2d 74 75 6e 6e 65 6c 20 6f 70 74 69 6f 6e 20 61 6e 64 20 69 74 20 69 73 20 6e 6f	a.per-tunnel.option.and.it.is.no
2d5a0	74 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 65 6e 61 62 6c 65 64 20 62 79 20 64 65 66 61 75	t.automatically.enabled.by.defau
2d5c0	6c 74 20 66 6f 72 20 6e 65 77 20 6f 72 20 75 70 67 72 61 64 65 64 20 74 75 6e 6e 65 6c 73 2e 20	lt.for.new.or.upgraded.tunnels..
2d5e0	45 78 69 73 74 69 6e 67 20 74 75 6e 6e 65 6c 73 20 77 69 6c 6c 20 63 6f 6e 74 69 6e 75 65 20 74	Existing.tunnels.will.continue.t
2d600	6f 20 66 75 6e 63 74 69 6f 6e 20 61 73 20 74 68 65 79 20 68 61 76 65 20 69 6e 20 74 68 65 20 70	o.function.as.they.have.in.the.p
2d620	61 73 74 2e 00 44 48 20 47 72 6f 75 70 20 31 34 00 44 48 43 50 20 52 65 6c 61 79 00 44 48 43 50	ast..DH.Group.14.DHCP.Relay.DHCP
2d640	20 53 65 72 76 65 72 00 44 48 43 50 20 66 61 69 6c 6f 76 65 72 20 70 61 72 61 6d 65 74 65 72 73	.Server.DHCP.failover.parameters
2d660	00 44 48 43 50 20 6c 65 61 73 65 20 72 61 6e 67 65 00 44 48 43 50 20 72 61 6e 67 65 20 73 70 61	.DHCP.lease.range.DHCP.range.spa
2d680	6e 73 20 66 72 6f 6d 20 60 31 39 32 2e 31 36 38 2e 31 38 39 2e 31 30 60 20 2d 20 60 31 39 32 2e	ns.from.`192.168.189.10`.-.`192.
2d6a0	31 36 38 2e 31 38 39 2e 32 35 30 60 00 44 48 43 50 20 72 65 6c 61 79 20 65 78 61 6d 70 6c 65 00	168.189.250`.DHCP.relay.example.
2d6c0	44 48 43 50 20 73 65 72 76 65 72 20 69 73 20 6c 6f 63 61 74 65 64 20 61 74 20 49 50 76 34 20 61	DHCP.server.is.located.at.IPv4.a
2d6e0	64 64 72 65 73 73 20 31 30 2e 30 2e 31 2e 34 20 6f 6e 20 60 60 65 74 68 32 60 60 2e 00 44 48 43	ddress.10.0.1.4.on.``eth2``..DHC
2d700	50 76 36 20 61 64 64 72 65 73 73 20 70 6f 6f 6c 73 20 6d 75 73 74 20 62 65 20 63 6f 6e 66 69 67	Pv6.address.pools.must.be.config
2d720	75 72 65 64 20 66 6f 72 20 74 68 65 20 73 79 73 74 65 6d 20 74 6f 20 61 63 74 20 61 73 20 61 20	ured.for.the.system.to.act.as.a.
2d740	44 48 43 50 76 36 20 73 65 72 76 65 72 2e 20 54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 65 78 61	DHCPv6.server..The.following.exa
2d760	6d 70 6c 65 20 64 65 73 63 72 69 62 65 73 20 61 20 63 6f 6d 6d 6f 6e 20 73 63 65 6e 61 72 69 6f	mple.describes.a.common.scenario
2d780	2e 00 44 48 43 50 76 36 20 72 65 6c 61 79 20 65 78 61 6d 70 6c 65 00 44 48 43 50 76 36 20 72 65	..DHCPv6.relay.example.DHCPv6.re
2d7a0	71 75 65 73 74 73 20 61 72 65 20 72 65 63 65 69 76 65 64 20 62 79 20 74 68 65 20 72 6f 75 74 65	quests.are.received.by.the.route
2d7c0	72 20 6f 6e 20 60 6c 69 73 74 65 6e 69 6e 67 20 69 6e 74 65 72 66 61 63 65 60 20 60 60 65 74 68	r.on.`listening.interface`.``eth
2d7e0	31 60 60 00 44 4d 56 50 4e 00 44 4d 56 50 4e 20 65 78 61 6d 70 6c 65 20 6e 65 74 77 6f 72 6b 00	1``.DMVPN.DMVPN.example.network.
2d800	44 4d 56 50 4e 20 6e 65 74 77 6f 72 6b 00 44 4d 56 50 4e 20 6f 6e 6c 79 20 61 75 74 6f 6d 61 74	DMVPN.network.DMVPN.only.automat
2d820	65 73 20 74 68 65 20 74 75 6e 6e 65 6c 20 65 6e 64 70 6f 69 6e 74 20 64 69 73 63 6f 76 65 72 79	es.the.tunnel.endpoint.discovery
2d840	20 61 6e 64 20 73 65 74 75 70 2e 20 41 20 63 6f 6d 70 6c 65 74 65 20 73 6f 6c 75 74 69 6f 6e 20	.and.setup..A.complete.solution.
2d860	61 6c 73 6f 20 69 6e 63 6f 72 70 6f 72 61 74 65 73 20 74 68 65 20 75 73 65 20 6f 66 20 61 20 72	also.incorporates.the.use.of.a.r
2d880	6f 75 74 69 6e 67 20 70 72 6f 74 6f 63 6f 6c 2e 20 42 47 50 20 69 73 20 70 61 72 74 69 63 75 6c	outing.protocol..BGP.is.particul
2d8a0	61 72 6c 79 20 77 65 6c 6c 20 73 75 69 74 65 64 20 66 6f 72 20 75 73 65 20 77 69 74 68 20 44 4d	arly.well.suited.for.use.with.DM
2d8c0	56 50 4e 2e 00 44 4e 41 54 00 44 4e 41 54 20 69 73 20 74 79 70 69 63 61 6c 6c 79 20 72 65 66 65	VPN..DNAT.DNAT.is.typically.refe
2d8e0	72 72 65 64 20 74 6f 20 61 73 20 61 20 2a 2a 50 6f 72 74 20 46 6f 72 77 61 72 64 2a 2a 2e 20 57	rred.to.as.a.**Port.Forward**..W
2d900	68 65 6e 20 75 73 69 6e 67 20 56 79 4f 53 20 61 73 20 61 20 4e 41 54 20 72 6f 75 74 65 72 20 61	hen.using.VyOS.as.a.NAT.router.a
2d920	6e 64 20 66 69 72 65 77 61 6c 6c 2c 20 61 20 63 6f 6d 6d 6f 6e 20 63 6f 6e 66 69 67 75 72 61 74	nd.firewall,.a.common.configurat
2d940	69 6f 6e 20 74 61 73 6b 20 69 73 20 74 6f 20 72 65 64 69 72 65 63 74 20 69 6e 63 6f 6d 69 6e 67	ion.task.is.to.redirect.incoming
2d960	20 74 72 61 66 66 69 63 20 74 6f 20 61 20 73 79 73 74 65 6d 20 62 65 68 69 6e 64 20 74 68 65 20	.traffic.to.a.system.behind.the.
2d980	66 69 72 65 77 61 6c 6c 2e 00 44 4e 41 54 20 72 75 6c 65 20 31 30 20 72 65 70 6c 61 63 65 73 20	firewall..DNAT.rule.10.replaces.
2d9a0	74 68 65 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 61 64 64 72 65 73 73 20 6f 66 20 61 6e 20 69 6e	the.destination.address.of.an.in
2d9c0	62 6f 75 6e 64 20 70 61 63 6b 65 74 20 77 69 74 68 20 31 39 32 2e 30 2e 32 2e 31 30 00 44 4e 41	bound.packet.with.192.0.2.10.DNA
2d9e0	54 36 36 00 44 4e 53 20 46 6f 72 77 61 72 64 69 6e 67 00 44 4e 53 20 6e 61 6d 65 20 73 65 72 76	T66.DNS.Forwarding.DNS.name.serv
2da00	65 72 73 00 44 4e 53 20 73 65 61 72 63 68 20 6c 69 73 74 20 74 6f 20 61 64 76 65 72 74 69 73 65	ers.DNS.search.list.to.advertise
2da20	00 44 4e 53 20 73 65 72 76 65 72 20 49 50 76 34 20 61 64 64 72 65 73 73 00 44 4e 53 20 73 65 72	.DNS.server.IPv4.address.DNS.ser
2da40	76 65 72 20 69 73 20 6c 6f 63 61 74 65 64 20 61 74 20 60 60 32 30 30 31 3a 64 62 38 3a 3a 66 66	ver.is.located.at.``2001:db8::ff
2da60	66 66 60 60 00 44 4e 53 53 4c 00 44 53 43 50 20 76 61 6c 75 65 73 20 61 73 20 70 65 72 20 3a 72	ff``.DNSSL.DSCP.values.as.per.:r
2da80	66 63 3a 60 32 34 37 34 60 20 61 6e 64 20 3a 72 66 63 3a 60 34 35 39 35 60 3a 00 44 53 53 53 2f	fc:`2474`.and.:rfc:`4595`:.DSSS/
2daa0	43 43 4b 20 4d 6f 64 65 20 69 6e 20 34 30 20 4d 48 7a 2c 20 74 68 69 73 20 73 65 74 73 20 60 60	CCK.Mode.in.40.MHz,.this.sets.``
2dac0	5b 44 53 53 53 5f 43 43 4b 2d 34 30 5d 60 60 00 44 61 74 61 20 69 73 20 70 72 6f 76 69 64 65 64	[DSSS_CCK-40]``.Data.is.provided
2dae0	20 62 79 20 44 42 2d 49 50 2e 63 6f 6d 20 75 6e 64 65 72 20 43 43 2d 42 59 2d 34 2e 30 20 6c 69	.by.DB-IP.com.under.CC-BY-4.0.li
2db00	63 65 6e 73 65 2e 20 41 74 74 72 69 62 75 74 69 6f 6e 20 72 65 71 75 69 72 65 64 2c 20 70 65 72	cense..Attribution.required,.per
2db20	6d 69 74 73 20 72 65 64 69 73 74 72 69 62 75 74 69 6f 6e 20 73 6f 20 77 65 20 63 61 6e 20 69 6e	mits.redistribution.so.we.can.in
2db40	63 6c 75 64 65 20 61 20 64 61 74 61 62 61 73 65 20 69 6e 20 69 6d 61 67 65 73 28 7e 33 4d 42 20	clude.a.database.in.images(~3MB.
2db60	63 6f 6d 70 72 65 73 73 65 64 29 2e 20 49 6e 63 6c 75 64 65 73 20 63 72 6f 6e 20 73 63 72 69 70	compressed)..Includes.cron.scrip
2db80	74 20 28 6d 61 6e 75 61 6c 6c 79 20 63 61 6c 6c 61 62 6c 65 20 62 79 20 6f 70 2d 6d 6f 64 65 20	t.(manually.callable.by.op-mode.
2dba0	75 70 64 61 74 65 20 67 65 6f 69 70 29 20 74 6f 20 6b 65 65 70 20 64 61 74 61 62 61 73 65 20 61	update.geoip).to.keep.database.a
2dbc0	6e 64 20 72 75 6c 65 73 20 75 70 64 61 74 65 64 2e 00 44 65 62 75 67 00 44 65 62 75 67 2d 6c 65	nd.rules.updated..Debug.Debug-le
2dbe0	76 65 6c 20 6d 65 73 73 61 67 65 73 20 2d 20 4d 65 73 73 61 67 65 73 20 74 68 61 74 20 63 6f 6e	vel.messages.-.Messages.that.con
2dc00	74 61 69 6e 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 6e 6f 72 6d 61 6c 6c 79 20 6f 66 20 75 73 65	tain.information.normally.of.use
2dc20	20 6f 6e 6c 79 20 77 68 65 6e 20 64 65 62 75 67 67 69 6e 67 20 61 20 70 72 6f 67 72 61 6d 2e 00	.only.when.debugging.a.program..
2dc40	44 65 66 61 75 6c 74 00 44 65 66 61 75 6c 74 20 31 2e 00 44 65 66 61 75 6c 74 20 47 61 74 65 77	Default.Default.1..Default.Gatew
2dc60	61 79 2f 52 6f 75 74 65 00 44 65 66 61 75 6c 74 20 52 6f 75 74 65 72 20 50 72 65 66 65 72 65 6e	ay/Route.Default.Router.Preferen
2dc80	63 65 00 44 65 66 61 75 6c 74 20 62 65 68 61 76 69 6f 72 20 2d 20 64 6f 6e 27 74 20 61 73 6b 20	ce.Default.behavior.-.don't.ask.
2dca0	63 6c 69 65 6e 74 20 66 6f 72 20 6d 70 70 65 2c 20 62 75 74 20 61 6c 6c 6f 77 20 69 74 20 69 66	client.for.mppe,.but.allow.it.if
2dcc0	20 63 6c 69 65 6e 74 20 77 61 6e 74 73 2e 20 50 6c 65 61 73 65 20 6e 6f 74 65 20 74 68 61 74 20	.client.wants..Please.note.that.
2dce0	52 41 44 49 55 53 20 6d 61 79 20 6f 76 65 72 72 69 64 65 20 74 68 69 73 20 6f 70 74 69 6f 6e 20	RADIUS.may.override.this.option.
2dd00	62 79 20 4d 53 2d 4d 50 50 45 2d 45 6e 63 72 79 70 74 69 6f 6e 2d 50 6f 6c 69 63 79 20 61 74 74	by.MS-MPPE-Encryption-Policy.att
2dd20	72 69 62 75 74 65 2e 00 44 65 66 61 75 6c 74 20 67 61 74 65 77 61 79 20 61 6e 64 20 44 4e 53 20	ribute..Default.gateway.and.DNS.
2dd40	73 65 72 76 65 72 20 69 73 20 61 74 20 60 31 39 32 2e 30 2e 32 2e 32 35 34 60 00 44 65 66 61 75	server.is.at.`192.0.2.254`.Defau
2dd60	6c 74 20 69 73 20 35 31 32 20 4d 42 2e 20 55 73 65 20 30 20 4d 42 20 66 6f 72 20 75 6e 6c 69 6d	lt.is.512.MB..Use.0.MB.for.unlim
2dd80	69 74 65 64 20 6d 65 6d 6f 72 79 2e 00 44 65 66 61 75 6c 74 20 69 73 20 60 60 61 6e 79 2d 61 76	ited.memory..Default.is.``any-av
2dda0	61 69 6c 61 62 6c 65 60 60 2e 00 44 65 66 61 75 6c 74 20 69 73 20 60 60 69 63 6d 70 60 60 2e 00	ailable``..Default.is.``icmp``..
2ddc0	44 65 66 61 75 6c 74 20 69 73 20 74 6f 20 64 65 74 65 63 74 73 20 70 68 79 73 69 63 61 6c 20 6c	Default.is.to.detects.physical.l
2dde0	69 6e 6b 20 73 74 61 74 65 20 63 68 61 6e 67 65 73 2e 00 44 65 66 61 75 6c 74 20 70 6f 72 74 20	ink.state.changes..Default.port.
2de00	69 73 20 33 31 32 38 2e 00 44 65 66 61 75 6c 74 3a 20 31 00 44 65 66 61 75 6c 74 73 20 74 6f 20	is.3128..Default:.1.Defaults.to.
2de20	27 75 69 64 27 00 44 65 66 61 75 6c 74 73 20 74 6f 20 32 32 35 2e 30 2e 30 2e 35 30 2e 00 44 65	'uid'.Defaults.to.225.0.0.50..De
2de40	66 61 75 6c 74 73 20 74 6f 20 60 60 75 73 60 60 2e 00 44 65 66 69 6e 65 20 43 6f 6e 65 63 74 69	faults.to.``us``..Define.Conecti
2de60	6f 6e 20 54 69 6d 65 6f 75 74 73 00 44 65 66 69 6e 65 20 49 50 76 34 2f 49 50 76 36 20 6d 61 6e	on.Timeouts.Define.IPv4/IPv6.man
2de80	61 67 65 6d 65 6e 74 20 61 64 64 72 65 73 73 20 74 72 61 6e 73 6d 69 74 74 65 64 20 76 69 61 20	agement.address.transmitted.via.
2dea0	4c 4c 44 50 2e 20 4d 75 6c 74 69 70 6c 65 20 61 64 64 72 65 73 73 65 73 20 63 61 6e 20 62 65 20	LLDP..Multiple.addresses.can.be.
2dec0	64 65 66 69 6e 65 64 2e 20 4f 6e 6c 79 20 61 64 64 72 65 73 73 65 73 20 63 6f 6e 6e 65 63 74 65	defined..Only.addresses.connecte
2dee0	64 20 74 6f 20 74 68 65 20 73 79 73 74 65 6d 20 77 69 6c 6c 20 62 65 20 74 72 61 6e 73 6d 69 74	d.to.the.system.will.be.transmit
2df00	74 65 64 2e 00 44 65 66 69 6e 65 20 61 20 49 50 76 34 20 6f 72 20 49 50 76 36 20 4e 65 74 77 6f	ted..Define.a.IPv4.or.IPv6.Netwo
2df20	72 6b 20 67 72 6f 75 70 2e 00 44 65 66 69 6e 65 20 61 20 49 50 76 34 20 6f 72 20 61 20 49 50 76	rk.group..Define.a.IPv4.or.a.IPv
2df40	36 20 61 64 64 72 65 73 73 20 67 72 6f 75 70 00 44 65 66 69 6e 65 20 61 20 5a 6f 6e 65 00 44 65	6.address.group.Define.a.Zone.De
2df60	66 69 6e 65 20 61 20 64 69 73 63 72 65 74 65 20 73 6f 75 72 63 65 20 49 50 20 61 64 64 72 65 73	fine.a.discrete.source.IP.addres
2df80	73 20 6f 66 20 31 30 30 2e 36 34 2e 30 2e 31 20 66 6f 72 20 53 4e 41 54 20 72 75 6c 65 20 32 30	s.of.100.64.0.1.for.SNAT.rule.20
2dfa0	00 44 65 66 69 6e 65 20 61 20 64 6f 6d 61 69 6e 20 67 72 6f 75 70 2e 00 44 65 66 69 6e 65 20 61	.Define.a.domain.group..Define.a
2dfc0	20 6d 61 63 20 67 72 6f 75 70 2e 00 44 65 66 69 6e 65 20 61 20 70 6f 72 74 20 67 72 6f 75 70 2e	.mac.group..Define.a.port.group.
2dfe0	20 41 20 70 6f 72 74 20 6e 61 6d 65 20 63 61 6e 20 62 65 20 61 6e 79 20 6e 61 6d 65 20 64 65 66	.A.port.name.can.be.any.name.def
2e000	69 6e 65 64 20 69 6e 20 2f 65 74 63 2f 73 65 72 76 69 63 65 73 2e 20 65 2e 67 2e 3a 20 68 74 74	ined.in./etc/services..e.g.:.htt
2e020	70 00 44 65 66 69 6e 65 20 61 6c 6c 6f 77 65 64 20 63 69 70 68 65 72 73 20 75 73 65 64 20 66 6f	p.Define.allowed.ciphers.used.fo
2e040	72 20 74 68 65 20 53 53 48 20 63 6f 6e 6e 65 63 74 69 6f 6e 2e 20 41 20 6e 75 6d 62 65 72 20 6f	r.the.SSH.connection..A.number.o
2e060	66 20 61 6c 6c 6f 77 65 64 20 63 69 70 68 65 72 73 20 63 61 6e 20 62 65 20 73 70 65 63 69 66 69	f.allowed.ciphers.can.be.specifi
2e080	65 64 2c 20 75 73 65 20 6d 75 6c 74 69 70 6c 65 20 6f 63 63 75 72 72 65 6e 63 65 73 20 74 6f 20	ed,.use.multiple.occurrences.to.
2e0a0	61 6c 6c 6f 77 20 6d 75 6c 74 69 70 6c 65 20 63 69 70 68 65 72 73 2e 00 44 65 66 69 6e 65 20 61	allow.multiple.ciphers..Define.a
2e0c0	6e 20 69 6e 74 65 72 66 61 63 65 20 67 72 6f 75 70 2e 20 57 69 6c 64 63 61 72 64 20 61 72 65 20	n.interface.group..Wildcard.are.
2e0e0	61 63 63 65 70 74 65 64 20 74 6f 6f 2e 00 44 65 66 69 6e 65 20 62 65 68 61 76 69 6f 72 20 66 6f	accepted.too..Define.behavior.fo
2e100	72 20 67 72 61 74 75 69 74 6f 75 73 20 41 52 50 20 66 72 61 6d 65 73 20 77 68 6f 27 73 20 49 50	r.gratuitous.ARP.frames.who's.IP
2e120	20 69 73 20 6e 6f 74 20 61 6c 72 65 61 64 79 20 70 72 65 73 65 6e 74 20 69 6e 20 74 68 65 20 41	.is.not.already.present.in.the.A
2e140	52 50 20 74 61 62 6c 65 2e 20 49 66 20 63 6f 6e 66 69 67 75 72 65 64 20 63 72 65 61 74 65 20 6e	RP.table..If.configured.create.n
2e160	65 77 20 65 6e 74 72 69 65 73 20 69 6e 20 74 68 65 20 41 52 50 20 74 61 62 6c 65 2e 00 44 65 66	ew.entries.in.the.ARP.table..Def
2e180	69 6e 65 20 64 69 66 66 65 72 65 6e 74 20 6d 6f 64 65 73 20 66 6f 72 20 49 50 20 64 69 72 65 63	ine.different.modes.for.IP.direc
2e1a0	74 65 64 20 62 72 6f 61 64 63 61 73 74 20 66 6f 72 77 61 72 64 69 6e 67 20 61 73 20 64 65 73 63	ted.broadcast.forwarding.as.desc
2e1c0	72 69 62 65 64 20 69 6e 20 3a 72 66 63 3a 60 31 38 31 32 60 20 61 6e 64 20 3a 72 66 63 3a 60 32	ribed.in.:rfc:`1812`.and.:rfc:`2
2e1e0	36 34 34 60 2e 00 44 65 66 69 6e 65 20 64 69 66 66 65 72 65 6e 74 20 6d 6f 64 65 73 20 66 6f 72	644`..Define.different.modes.for
2e200	20 73 65 6e 64 69 6e 67 20 72 65 70 6c 69 65 73 20 69 6e 20 72 65 73 70 6f 6e 73 65 20 74 6f 20	.sending.replies.in.response.to.
2e220	72 65 63 65 69 76 65 64 20 41 52 50 20 72 65 71 75 65 73 74 73 20 74 68 61 74 20 72 65 73 6f 6c	received.ARP.requests.that.resol
2e240	76 65 20 6c 6f 63 61 6c 20 74 61 72 67 65 74 20 49 50 20 61 64 64 72 65 73 73 65 73 3a 00 44 65	ve.local.target.IP.addresses:.De
2e260	66 69 6e 65 20 64 69 66 66 65 72 65 6e 74 20 72 65 73 74 72 69 63 74 69 6f 6e 20 6c 65 76 65 6c	fine.different.restriction.level
2e280	73 20 66 6f 72 20 61 6e 6e 6f 75 6e 63 69 6e 67 20 74 68 65 20 6c 6f 63 61 6c 20 73 6f 75 72 63	s.for.announcing.the.local.sourc
2e2a0	65 20 49 50 20 61 64 64 72 65 73 73 20 66 72 6f 6d 20 49 50 20 70 61 63 6b 65 74 73 20 69 6e 20	e.IP.address.from.IP.packets.in.
2e2c0	41 52 50 20 72 65 71 75 65 73 74 73 20 73 65 6e 74 20 6f 6e 20 69 6e 74 65 72 66 61 63 65 2e 00	ARP.requests.sent.on.interface..
2e2e0	44 65 66 69 6e 65 20 6c 65 6e 67 74 68 20 6f 66 20 70 61 63 6b 65 74 20 70 61 79 6c 6f 61 64 20	Define.length.of.packet.payload.
2e300	74 6f 20 69 6e 63 6c 75 64 65 20 69 6e 20 6e 65 74 6c 69 6e 6b 20 6d 65 73 73 61 67 65 2e 20 4f	to.include.in.netlink.message..O
2e320	6e 6c 79 20 61 70 70 6c 69 63 61 62 6c 65 20 69 66 20 72 75 6c 65 20 6c 6f 67 20 69 73 20 65 6e	nly.applicable.if.rule.log.is.en
2e340	61 62 6c 65 20 61 6e 64 20 6c 6f 67 20 67 72 6f 75 70 20 69 73 20 64 65 66 69 6e 65 64 2e 00 44	able.and.log.group.is.defined..D
2e360	65 66 69 6e 65 20 6c 6f 67 20 67 72 6f 75 70 20 74 6f 20 73 65 6e 64 20 6d 65 73 73 61 67 65 20	efine.log.group.to.send.message.
2e380	74 6f 2e 20 4f 6e 6c 79 20 61 70 70 6c 69 63 61 62 6c 65 20 69 66 20 72 75 6c 65 20 6c 6f 67 20	to..Only.applicable.if.rule.log.
2e3a0	69 73 20 65 6e 61 62 6c 65 2e 00 44 65 66 69 6e 65 20 6c 6f 67 2d 6c 65 76 65 6c 2e 20 4f 6e 6c	is.enable..Define.log-level..Onl
2e3c0	79 20 61 70 70 6c 69 63 61 62 6c 65 20 69 66 20 72 75 6c 65 20 6c 6f 67 20 69 73 20 65 6e 61 62	y.applicable.if.rule.log.is.enab
2e3e0	6c 65 2e 00 44 65 66 69 6e 65 20 6e 75 6d 62 65 72 20 6f 66 20 70 61 63 6b 65 74 73 20 74 6f 20	le..Define.number.of.packets.to.
2e400	71 75 65 75 65 20 69 6e 73 69 64 65 20 74 68 65 20 6b 65 72 6e 65 6c 20 62 65 66 6f 72 65 20 73	queue.inside.the.kernel.before.s
2e420	65 6e 64 69 6e 67 20 74 68 65 6d 20 74 6f 20 75 73 65 72 73 70 61 63 65 2e 20 4f 6e 6c 79 20 61	ending.them.to.userspace..Only.a
2e440	70 70 6c 69 63 61 62 6c 65 20 69 66 20 72 75 6c 65 20 6c 6f 67 20 69 73 20 65 6e 61 62 6c 65 20	pplicable.if.rule.log.is.enable.
2e460	61 6e 64 20 6c 6f 67 20 67 72 6f 75 70 20 69 73 20 64 65 66 69 6e 65 64 2e 00 44 65 66 69 6e 65	and.log.group.is.defined..Define
2e480	20 74 68 65 20 74 69 6d 65 20 69 6e 74 65 72 76 61 6c 20 74 6f 20 75 70 64 61 74 65 20 74 68 65	.the.time.interval.to.update.the
2e4a0	20 6c 6f 63 61 6c 20 63 61 63 68 65 00 44 65 66 69 6e 65 20 74 68 65 20 7a 6f 6e 65 20 61 73 20	.local.cache.Define.the.zone.as.
2e4c0	61 20 6c 6f 63 61 6c 20 7a 6f 6e 65 2e 20 41 20 6c 6f 63 61 6c 20 7a 6f 6e 65 20 68 61 73 20 6e	a.local.zone..A.local.zone.has.n
2e4e0	6f 20 69 6e 74 65 72 66 61 63 65 73 20 61 6e 64 20 77 69 6c 6c 20 62 65 20 61 70 70 6c 69 65 64	o.interfaces.and.will.be.applied
2e500	20 74 6f 20 74 68 65 20 72 6f 75 74 65 72 20 69 74 73 65 6c 66 2e 00 44 65 66 69 6e 65 64 20 74	.to.the.router.itself..Defined.t
2e520	68 65 20 49 50 76 34 2c 20 49 50 76 36 20 6f 72 20 46 51 44 4e 20 61 6e 64 20 70 6f 72 74 20 6e	he.IPv4,.IPv6.or.FQDN.and.port.n
2e540	75 6d 62 65 72 20 6f 66 20 74 68 65 20 63 61 63 68 69 6e 67 20 52 50 4b 49 20 63 61 63 68 69 6e	umber.of.the.caching.RPKI.cachin
2e560	67 20 69 6e 73 74 61 6e 63 65 20 77 68 69 63 68 20 69 73 20 75 73 65 64 2e 00 44 65 66 69 6e 65	g.instance.which.is.used..Define
2e580	73 20 61 6c 74 65 72 6e 61 74 65 20 73 6f 75 72 63 65 73 20 66 6f 72 20 6d 75 6c 74 69 63 61 73	s.alternate.sources.for.multicas
2e5a0	74 69 6e 67 20 61 6e 64 20 49 47 4d 50 20 64 61 74 61 2e 20 54 68 65 20 6e 65 74 77 6f 72 6b 20	ting.and.IGMP.data..The.network.
2e5c0	61 64 64 72 65 73 73 20 6d 75 73 74 20 62 65 20 6f 6e 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67	address.must.be.on.the.following
2e5e0	20 66 6f 72 6d 61 74 20 27 61 2e 62 2e 63 2e 64 2f 6e 27 2e 20 42 79 20 64 65 66 61 75 6c 74 2c	.format.'a.b.c.d/n'..By.default,
2e600	20 74 68 65 20 72 6f 75 74 65 72 20 77 69 6c 6c 20 61 63 63 65 70 74 20 64 61 74 61 20 66 72 6f	.the.router.will.accept.data.fro
2e620	6d 20 73 6f 75 72 63 65 73 20 6f 6e 20 74 68 65 20 73 61 6d 65 20 6e 65 74 77 6f 72 6b 20 61 73	m.sources.on.the.same.network.as
2e640	20 63 6f 6e 66 69 67 75 72 65 64 20 6f 6e 20 61 6e 20 69 6e 74 65 72 66 61 63 65 2e 20 49 66 20	.configured.on.an.interface..If.
2e660	74 68 65 20 6d 75 6c 74 69 63 61 73 74 20 73 6f 75 72 63 65 20 6c 69 65 73 20 6f 6e 20 61 20 72	the.multicast.source.lies.on.a.r
2e680	65 6d 6f 74 65 20 6e 65 74 77 6f 72 6b 2c 20 6f 6e 65 20 6d 75 73 74 20 64 65 66 69 6e 65 20 66	emote.network,.one.must.define.f
2e6a0	72 6f 6d 20 77 68 65 72 65 20 74 72 61 66 66 69 63 20 73 68 6f 75 6c 64 20 62 65 20 61 63 63 65	rom.where.traffic.should.be.acce
2e6c0	70 74 65 64 2e 00 44 65 66 69 6e 65 73 20 61 6e 20 6f 66 66 2d 4e 42 4d 41 20 6e 65 74 77 6f 72	pted..Defines.an.off-NBMA.networ
2e6e0	6b 20 70 72 65 66 69 78 20 66 6f 72 20 77 68 69 63 68 20 74 68 65 20 47 52 45 20 69 6e 74 65 72	k.prefix.for.which.the.GRE.inter
2e700	66 61 63 65 20 77 69 6c 6c 20 61 63 74 20 61 73 20 61 20 67 61 74 65 77 61 79 2e 20 54 68 69 73	face.will.act.as.a.gateway..This
2e720	20 61 6e 20 61 6c 74 65 72 6e 61 74 69 76 65 20 74 6f 20 64 65 66 69 6e 69 6e 67 20 6c 6f 63 61	.an.alternative.to.defining.loca
2e740	6c 20 69 6e 74 65 72 66 61 63 65 73 20 77 69 74 68 20 73 68 6f 72 74 63 75 74 2d 64 65 73 74 69	l.interfaces.with.shortcut-desti
2e760	6e 61 74 69 6f 6e 20 66 6c 61 67 2e 00 44 65 66 69 6e 65 73 20 62 6c 61 63 6b 68 6f 6c 65 20 64	nation.flag..Defines.blackhole.d
2e780	69 73 74 61 6e 63 65 20 66 6f 72 20 74 68 69 73 20 72 6f 75 74 65 2c 20 72 6f 75 74 65 73 20 77	istance.for.this.route,.routes.w
2e7a0	69 74 68 20 73 6d 61 6c 6c 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 64 69 73 74 61	ith.smaller.administrative.dista
2e7c0	6e 63 65 20 61 72 65 20 65 6c 65 63 74 65 64 20 70 72 69 6f 72 20 74 6f 20 74 68 6f 73 65 20 77	nce.are.elected.prior.to.those.w
2e7e0	69 74 68 20 61 20 68 69 67 68 65 72 20 64 69 73 74 61 6e 63 65 2e 00 44 65 66 69 6e 65 73 20 6e	ith.a.higher.distance..Defines.n
2e800	65 78 74 2d 68 6f 70 20 64 69 73 74 61 6e 63 65 20 66 6f 72 20 74 68 69 73 20 72 6f 75 74 65 2c	ext-hop.distance.for.this.route,
2e820	20 72 6f 75 74 65 73 20 77 69 74 68 20 73 6d 61 6c 6c 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74	.routes.with.smaller.administrat
2e840	69 76 65 20 64 69 73 74 61 6e 63 65 20 61 72 65 20 65 6c 65 63 74 65 64 20 70 72 69 6f 72 20 74	ive.distance.are.elected.prior.t
2e860	6f 20 74 68 6f 73 65 20 77 69 74 68 20 61 20 68 69 67 68 65 72 20 64 69 73 74 61 6e 63 65 2e 00	o.those.with.a.higher.distance..
2e880	44 65 66 69 6e 65 73 20 70 72 6f 74 6f 63 6f 6c 73 20 66 6f 72 20 63 68 65 63 6b 69 6e 67 20 41	Defines.protocols.for.checking.A
2e8a0	52 50 2c 20 49 43 4d 50 2c 20 54 43 50 00 44 65 66 69 6e 65 73 20 74 68 65 20 6d 61 78 69 6d 75	RP,.ICMP,.TCP.Defines.the.maximu
2e8c0	6d 20 60 3c 6e 75 6d 62 65 72 3e 60 20 6f 66 20 75 6e 61 6e 73 77 65 72 65 64 20 65 63 68 6f 20	m.`<number>`.of.unanswered.echo.
2e8e0	72 65 71 75 65 73 74 73 2e 20 55 70 6f 6e 20 72 65 61 63 68 69 6e 67 20 74 68 65 20 76 61 6c 75	requests..Upon.reaching.the.valu
2e900	65 20 60 3c 6e 75 6d 62 65 72 3e 60 2c 20 74 68 65 20 73 65 73 73 69 6f 6e 20 77 69 6c 6c 20 62	e.`<number>`,.the.session.will.b
2e920	65 20 72 65 73 65 74 2e 00 44 65 66 69 6e 65 73 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 64	e.reset..Defines.the.specified.d
2e940	65 76 69 63 65 20 61 73 20 61 20 73 79 73 74 65 6d 20 63 6f 6e 73 6f 6c 65 2e 20 41 76 61 69 6c	evice.as.a.system.console..Avail
2e960	61 62 6c 65 20 63 6f 6e 73 6f 6c 65 20 64 65 76 69 63 65 73 20 63 61 6e 20 62 65 20 28 73 65 65	able.console.devices.can.be.(see
2e980	20 63 6f 6d 70 6c 65 74 69 6f 6e 20 68 65 6c 70 65 72 29 3a 00 44 65 66 69 6e 69 6e 67 20 50 65	.completion.helper):.Defining.Pe
2e9a0	65 72 73 00 44 65 6c 65 67 61 74 65 20 70 72 65 66 69 78 65 73 20 66 72 6f 6d 20 74 68 65 20 72	ers.Delegate.prefixes.from.the.r
2e9c0	61 6e 67 65 20 69 6e 64 69 63 61 74 65 64 20 62 79 20 74 68 65 20 73 74 61 72 74 20 61 6e 64 20	ange.indicated.by.the.start.and.
2e9e0	73 74 6f 70 20 71 75 61 6c 69 66 69 65 72 2e 00 44 65 6c 65 74 65 20 42 47 50 20 63 6f 6d 6d 75	stop.qualifier..Delete.BGP.commu
2ea00	6e 69 74 69 65 73 20 6d 61 74 63 68 69 6e 67 20 74 68 65 20 63 6f 6d 6d 75 6e 69 74 79 2d 6c 69	nities.matching.the.community-li
2ea20	73 74 2e 00 44 65 6c 65 74 65 20 42 47 50 20 63 6f 6d 6d 75 6e 69 74 69 65 73 20 6d 61 74 63 68	st..Delete.BGP.communities.match
2ea40	69 6e 67 20 74 68 65 20 6c 61 72 67 65 2d 63 6f 6d 6d 75 6e 69 74 79 2d 6c 69 73 74 2e 00 44 65	ing.the.large-community-list..De
2ea60	6c 65 74 65 20 4c 6f 67 73 00 44 65 6c 65 74 65 20 61 6c 6c 20 42 47 50 20 63 6f 6d 6d 75 6e 69	lete.Logs.Delete.all.BGP.communi
2ea80	74 69 65 73 00 44 65 6c 65 74 65 20 61 6c 6c 20 42 47 50 20 6c 61 72 67 65 2d 63 6f 6d 6d 75 6e	ties.Delete.all.BGP.large-commun
2eaa0	69 74 69 65 73 00 44 65 6c 65 74 65 20 64 65 66 61 75 6c 74 20 72 6f 75 74 65 20 66 72 6f 6d 20	ities.Delete.default.route.from.
2eac0	74 68 65 20 73 79 73 74 65 6d 2e 00 44 65 6c 65 74 65 73 20 74 68 65 20 73 70 65 63 69 66 69 65	the.system..Deletes.the.specifie
2eae0	64 20 75 73 65 72 2d 64 65 66 69 6e 65 64 20 66 69 6c 65 20 3c 74 65 78 74 3e 20 69 6e 20 74 68	d.user-defined.file.<text>.in.th
2eb00	65 20 2f 76 61 72 2f 6c 6f 67 2f 75 73 65 72 20 64 69 72 65 63 74 6f 72 79 00 44 65 70 65 6e 64	e./var/log/user.directory.Depend
2eb20	69 6e 67 20 6f 6e 20 74 68 65 20 6c 6f 63 61 74 69 6f 6e 2c 20 6e 6f 74 20 61 6c 6c 20 6f 66 20	ing.on.the.location,.not.all.of.
2eb40	74 68 65 73 65 20 63 68 61 6e 6e 65 6c 73 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 20	these.channels.may.be.available.
2eb60	66 6f 72 20 75 73 65 21 00 44 65 73 63 72 69 70 74 69 6f 6e 00 44 65 73 70 69 74 65 20 74 68 65	for.use!.Description.Despite.the
2eb80	20 44 72 6f 70 2d 54 61 69 6c 20 70 6f 6c 69 63 79 20 64 6f 65 73 20 6e 6f 74 20 73 6c 6f 77 20	.Drop-Tail.policy.does.not.slow.
2eba0	64 6f 77 6e 20 70 61 63 6b 65 74 73 2c 20 69 66 20 6d 61 6e 79 20 70 61 63 6b 65 74 73 20 61 72	down.packets,.if.many.packets.ar
2ebc0	65 20 74 6f 20 62 65 20 73 65 6e 74 2c 20 74 68 65 79 20 63 6f 75 6c 64 20 67 65 74 20 64 72 6f	e.to.be.sent,.they.could.get.dro
2ebe0	70 70 65 64 20 77 68 65 6e 20 74 72 79 69 6e 67 20 74 6f 20 67 65 74 20 65 6e 71 75 65 75 65 64	pped.when.trying.to.get.enqueued
2ec00	20 61 74 20 74 68 65 20 74 61 69 6c 2e 20 54 68 69 73 20 63 61 6e 20 68 61 70 70 65 6e 20 69 66	.at.the.tail..This.can.happen.if
2ec20	20 74 68 65 20 71 75 65 75 65 20 68 61 73 20 73 74 69 6c 6c 20 6e 6f 74 20 62 65 65 6e 20 61 62	.the.queue.has.still.not.been.ab
2ec40	6c 65 20 74 6f 20 72 65 6c 65 61 73 65 20 65 6e 6f 75 67 68 20 70 61 63 6b 65 74 73 20 66 72 6f	le.to.release.enough.packets.fro
2ec60	6d 20 69 74 73 20 68 65 61 64 2e 00 44 65 73 70 69 74 65 20 74 68 65 20 66 61 63 74 20 74 68 61	m.its.head..Despite.the.fact.tha
2ec80	74 20 41 44 20 69 73 20 61 20 73 75 70 65 72 73 65 74 20 6f 66 20 4c 44 41 50 00 44 65 73 74 69	t.AD.is.a.superset.of.LDAP.Desti
2eca0	6e 61 74 69 6f 6e 20 41 64 64 72 65 73 73 00 44 65 73 74 69 6e 61 74 69 6f 6e 20 4e 41 54 00 44	nation.Address.Destination.NAT.D
2ecc0	65 73 74 69 6e 61 74 69 6f 6e 20 50 72 65 66 69 78 00 44 65 74 61 69 6c 65 64 20 69 6e 66 6f 72	estination.Prefix.Detailed.infor
2ece0	6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 22 63 69 73 63 6f 22 20 61 6e 64 20 22 69 62 6d 22 20 6d	mation.about."cisco".and."ibm".m
2ed00	6f 64 65 6c 73 20 64 69 66 66 65 72 65 6e 63 65 73 20 63 61 6e 20 62 65 20 66 6f 75 6e 64 20 69	odels.differences.can.be.found.i
2ed20	6e 20 3a 72 66 63 3a 60 33 35 30 39 60 2e 20 41 20 22 73 68 6f 72 74 63 75 74 22 20 6d 6f 64 65	n.:rfc:`3509`..A."shortcut".mode
2ed40	6c 20 61 6c 6c 6f 77 73 20 41 42 52 20 74 6f 20 63 72 65 61 74 65 20 72 6f 75 74 65 73 20 62 65	l.allows.ABR.to.create.routes.be
2ed60	74 77 65 65 6e 20 61 72 65 61 73 20 62 61 73 65 64 20 6f 6e 20 74 68 65 20 74 6f 70 6f 6c 6f 67	tween.areas.based.on.the.topolog
2ed80	79 20 6f 66 20 74 68 65 20 61 72 65 61 73 20 63 6f 6e 6e 65 63 74 65 64 20 74 6f 20 74 68 69 73	y.of.the.areas.connected.to.this
2eda0	20 72 6f 75 74 65 72 20 62 75 74 20 6e 6f 74 20 75 73 69 6e 67 20 61 20 62 61 63 6b 62 6f 6e 65	.router.but.not.using.a.backbone
2edc0	20 61 72 65 61 20 69 6e 20 63 61 73 65 20 69 66 20 6e 6f 6e 2d 62 61 63 6b 62 6f 6e 65 20 72 6f	.area.in.case.if.non-backbone.ro
2ede0	75 74 65 20 77 69 6c 6c 20 62 65 20 63 68 65 61 70 65 72 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e	ute.will.be.cheaper..For.more.in
2ee00	66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 22 73 68 6f 72 74 63 75 74 22 20 6d 6f 64 65 6c	formation.about."shortcut".model
2ee20	2c 20 73 65 65 20 3a 74 3a 60 6f 73 70 66 2d 73 68 6f 72 74 63 75 74 2d 61 62 72 2d 30 32 2e 74	,.see.:t:`ospf-shortcut-abr-02.t
2ee40	78 74 60 00 44 65 74 65 72 6d 69 6e 65 73 20 68 6f 77 20 6f 70 65 6e 6e 68 72 70 20 64 61 65 6d	xt`.Determines.how.opennhrp.daem
2ee60	6f 6e 20 73 68 6f 75 6c 64 20 73 6f 66 74 20 73 77 69 74 63 68 20 74 68 65 20 6d 75 6c 74 69 63	on.should.soft.switch.the.multic
2ee80	61 73 74 20 74 72 61 66 66 69 63 2e 20 43 75 72 72 65 6e 74 6c 79 2c 20 6d 75 6c 74 69 63 61 73	ast.traffic..Currently,.multicas
2eea0	74 20 74 72 61 66 66 69 63 20 69 73 20 63 61 70 74 75 72 65 64 20 62 79 20 6f 70 65 6e 6e 68 72	t.traffic.is.captured.by.opennhr
2eec0	70 20 64 61 65 6d 6f 6e 20 75 73 69 6e 67 20 61 20 70 61 63 6b 65 74 20 73 6f 63 6b 65 74 2c 20	p.daemon.using.a.packet.socket,.
2eee0	61 6e 64 20 72 65 73 65 6e 74 20 62 61 63 6b 20 74 6f 20 70 72 6f 70 65 72 20 64 65 73 74 69 6e	and.resent.back.to.proper.destin
2ef00	61 74 69 6f 6e 73 2e 20 54 68 69 73 20 6d 65 61 6e 73 20 74 68 61 74 20 6d 75 6c 74 69 63 61 73	ations..This.means.that.multicas
2ef20	74 20 70 61 63 6b 65 74 20 73 65 6e 64 69 6e 67 20 69 73 20 43 50 55 20 69 6e 74 65 6e 73 69 76	t.packet.sending.is.CPU.intensiv
2ef40	65 2e 00 44 65 76 69 63 65 20 69 73 20 69 6e 63 61 70 61 62 6c 65 20 6f 66 20 34 30 20 4d 48 7a	e..Device.is.incapable.of.40.MHz
2ef60	2c 20 64 6f 20 6e 6f 74 20 61 64 76 65 72 74 69 73 65 2e 20 54 68 69 73 20 73 65 74 73 20 60 60	,.do.not.advertise..This.sets.``
2ef80	5b 34 30 2d 49 4e 54 4f 4c 45 52 41 4e 54 5d 60 60 00 44 65 76 69 63 65 73 20 65 76 61 6c 75 61	[40-INTOLERANT]``.Devices.evalua
2efa0	74 69 6e 67 20 77 68 65 74 68 65 72 20 61 6e 20 49 50 76 34 20 61 64 64 72 65 73 73 20 69 73 20	ting.whether.an.IPv4.address.is.
2efc0	70 75 62 6c 69 63 20 6d 75 73 74 20 62 65 20 75 70 64 61 74 65 64 20 74 6f 20 72 65 63 6f 67 6e	public.must.be.updated.to.recogn
2efe0	69 7a 65 20 74 68 65 20 6e 65 77 20 61 64 64 72 65 73 73 20 73 70 61 63 65 2e 20 41 6c 6c 6f 63	ize.the.new.address.space..Alloc
2f000	61 74 69 6e 67 20 6d 6f 72 65 20 70 72 69 76 61 74 65 20 49 50 76 34 20 61 64 64 72 65 73 73 20	ating.more.private.IPv4.address.
2f020	73 70 61 63 65 20 66 6f 72 20 4e 41 54 20 64 65 76 69 63 65 73 20 6d 69 67 68 74 20 70 72 6f 6c	space.for.NAT.devices.might.prol
2f040	6f 6e 67 20 74 68 65 20 74 72 61 6e 73 69 74 69 6f 6e 20 74 6f 20 49 50 76 36 2e 00 44 69 66 66	ong.the.transition.to.IPv6..Diff
2f060	65 72 65 6e 74 20 4e 41 54 20 54 79 70 65 73 00 44 69 66 66 69 65 2d 48 65 6c 6c 6d 61 6e 20 70	erent.NAT.Types.Diffie-Hellman.p
2f080	61 72 61 6d 65 74 65 72 73 00 44 69 73 61 62 6c 65 20 4d 4c 44 20 72 65 70 6f 72 74 73 20 61 6e	arameters.Disable.MLD.reports.an
2f0a0	64 20 71 75 65 72 79 20 6f 6e 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 2e 00 44 69 73 61 62 6c	d.query.on.the.interface..Disabl
2f0c0	65 20 60 3c 75 73 65 72 3e 60 20 61 63 63 6f 75 6e 74 2e 00 44 69 73 61 62 6c 65 20 61 20 42 46	e.`<user>`.account..Disable.a.BF
2f0e0	44 20 70 65 65 72 00 44 69 73 61 62 6c 65 20 61 20 63 6f 6e 74 61 69 6e 65 72 2e 00 44 69 73 61	D.peer.Disable.a.container..Disa
2f100	62 6c 65 20 64 68 63 70 2d 72 65 6c 61 79 20 73 65 72 76 69 63 65 2e 00 44 69 73 61 62 6c 65 20	ble.dhcp-relay.service..Disable.
2f120	64 68 63 70 76 36 2d 72 65 6c 61 79 20 73 65 72 76 69 63 65 2e 00 44 69 73 61 62 6c 65 20 67 69	dhcpv6-relay.service..Disable.gi
2f140	76 65 6e 20 60 3c 69 6e 74 65 72 66 61 63 65 3e 60 2e 20 49 74 20 77 69 6c 6c 20 62 65 20 70 6c	ven.`<interface>`..It.will.be.pl
2f160	61 63 65 64 20 69 6e 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 6c 79 20 64 6f 77 6e 20 28 60	aced.in.administratively.down.(`
2f180	60 41 2f 44 60 60 29 20 73 74 61 74 65 2e 00 44 69 73 61 62 6c 65 20 69 6d 6d 65 64 69 61 74 65	`A/D``).state..Disable.immediate
2f1a0	20 73 65 73 73 69 6f 6e 20 72 65 73 65 74 20 69 66 20 70 65 65 72 27 73 20 63 6f 6e 6e 65 63 74	.session.reset.if.peer's.connect
2f1c0	65 64 20 6c 69 6e 6b 20 67 6f 65 73 20 64 6f 77 6e 2e 00 44 69 73 61 62 6c 65 20 70 61 73 73 77	ed.link.goes.down..Disable.passw
2f1e0	6f 72 64 20 62 61 73 65 64 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 2e 20 4c 6f 67 69 6e 20	ord.based.authentication..Login.
2f200	76 69 61 20 53 53 48 20 6b 65 79 73 20 6f 6e 6c 79 2e 20 54 68 69 73 20 68 61 72 64 65 6e 73 20	via.SSH.keys.only..This.hardens.
2f220	73 65 63 75 72 69 74 79 21 00 44 69 73 61 62 6c 65 20 74 68 65 20 68 6f 73 74 20 76 61 6c 69 64	security!.Disable.the.host.valid
2f240	61 74 69 6f 6e 20 74 68 72 6f 75 67 68 20 72 65 76 65 72 73 65 20 44 4e 53 20 6c 6f 6f 6b 75 70	ation.through.reverse.DNS.lookup
2f260	73 20 2d 20 63 61 6e 20 73 70 65 65 64 75 70 20 6c 6f 67 69 6e 20 74 69 6d 65 20 77 68 65 6e 20	s.-.can.speedup.login.time.when.
2f280	72 65 76 65 72 73 65 20 6c 6f 6f 6b 75 70 20 69 73 20 6e 6f 74 20 70 6f 73 73 69 62 6c 65 2e 00	reverse.lookup.is.not.possible..
2f2a0	44 69 73 61 62 6c 65 20 74 68 65 20 70 65 65 72 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 00 44	Disable.the.peer.configuration.D
2f2c0	69 73 61 62 6c 65 20 74 68 69 73 20 49 50 76 34 20 73 74 61 74 69 63 20 72 6f 75 74 65 20 65 6e	isable.this.IPv4.static.route.en
2f2e0	74 72 79 2e 00 44 69 73 61 62 6c 65 20 74 68 69 73 20 49 50 76 36 20 73 74 61 74 69 63 20 72 6f	try..Disable.this.IPv6.static.ro
2f300	75 74 65 20 65 6e 74 72 79 2e 00 44 69 73 61 62 6c 65 20 74 68 69 73 20 73 65 72 76 69 63 65 2e	ute.entry..Disable.this.service.
2f320	00 44 69 73 61 62 6c 65 20 74 72 61 6e 73 6d 69 74 20 6f 66 20 4c 4c 44 50 20 66 72 61 6d 65 73	.Disable.transmit.of.LLDP.frames
2f340	20 6f 6e 20 67 69 76 65 6e 20 60 3c 69 6e 74 65 72 66 61 63 65 3e 60 2e 20 55 73 65 66 75 6c 20	.on.given.`<interface>`..Useful.
2f360	74 6f 20 65 78 63 6c 75 64 65 20 63 65 72 74 61 69 6e 20 69 6e 74 65 72 66 61 63 65 73 20 66 72	to.exclude.certain.interfaces.fr
2f380	6f 6d 20 4c 4c 44 50 20 77 68 65 6e 20 60 60 61 6c 6c 60 60 20 68 61 76 65 20 62 65 65 6e 20 65	om.LLDP.when.``all``.have.been.e
2f3a0	6e 61 62 6c 65 64 2e 00 44 69 73 61 62 6c 65 64 20 62 79 20 64 65 66 61 75 6c 74 20 2d 20 6e 6f	nabled..Disabled.by.default.-.no
2f3c0	20 6b 65 72 6e 65 6c 20 6d 6f 64 75 6c 65 20 6c 6f 61 64 65 64 2e 00 44 69 73 61 62 6c 65 73 20	.kernel.module.loaded..Disables.
2f3e0	63 61 63 68 69 6e 67 20 6f 66 20 70 65 65 72 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 66 72 6f 6d	caching.of.peer.information.from
2f400	20 66 6f 72 77 61 72 64 65 64 20 4e 48 52 50 20 52 65 73 6f 6c 75 74 69 6f 6e 20 52 65 70 6c 79	.forwarded.NHRP.Resolution.Reply
2f420	20 70 61 63 6b 65 74 73 2e 20 54 68 69 73 20 63 61 6e 20 62 65 20 75 73 65 64 20 74 6f 20 72 65	.packets..This.can.be.used.to.re
2f440	64 75 63 65 20 6d 65 6d 6f 72 79 20 63 6f 6e 73 75 6d 70 74 69 6f 6e 20 6f 6e 20 62 69 67 20 4e	duce.memory.consumption.on.big.N
2f460	42 4d 41 20 73 75 62 6e 65 74 73 2e 00 44 69 73 61 62 6c 65 73 20 69 6e 74 65 72 66 61 63 65 2d	BMA.subnets..Disables.interface-
2f480	62 61 73 65 64 20 49 50 76 34 20 73 74 61 74 69 63 20 72 6f 75 74 65 2e 00 44 69 73 61 62 6c 65	based.IPv4.static.route..Disable
2f4a0	73 20 69 6e 74 65 72 66 61 63 65 2d 62 61 73 65 64 20 49 50 76 36 20 73 74 61 74 69 63 20 72 6f	s.interface-based.IPv6.static.ro
2f4c0	75 74 65 2e 00 44 69 73 61 62 6c 65 73 20 71 75 69 63 6b 6c 65 61 76 65 20 6d 6f 64 65 2e 20 49	ute..Disables.quickleave.mode..I
2f4e0	6e 20 74 68 69 73 20 6d 6f 64 65 20 74 68 65 20 64 61 65 6d 6f 6e 20 77 69 6c 6c 20 6e 6f 74 20	n.this.mode.the.daemon.will.not.
2f500	73 65 6e 64 20 61 20 4c 65 61 76 65 20 49 47 4d 50 20 6d 65 73 73 61 67 65 20 75 70 73 74 72 65	send.a.Leave.IGMP.message.upstre
2f520	61 6d 20 61 73 20 73 6f 6f 6e 20 61 73 20 69 74 20 72 65 63 65 69 76 65 73 20 61 20 4c 65 61 76	am.as.soon.as.it.receives.a.Leav
2f540	65 20 6d 65 73 73 61 67 65 20 66 6f 72 20 61 6e 79 20 64 6f 77 6e 73 74 72 65 61 6d 20 69 6e 74	e.message.for.any.downstream.int
2f560	65 72 66 61 63 65 2e 20 54 68 65 20 64 61 65 6d 6f 6e 20 77 69 6c 6c 20 6e 6f 74 20 61 73 6b 20	erface..The.daemon.will.not.ask.
2f580	66 6f 72 20 4d 65 6d 62 65 72 73 68 69 70 20 72 65 70 6f 72 74 73 20 6f 6e 20 74 68 65 20 64 6f	for.Membership.reports.on.the.do
2f5a0	77 6e 73 74 72 65 61 6d 20 69 6e 74 65 72 66 61 63 65 73 2c 20 61 6e 64 20 69 66 20 61 20 72 65	wnstream.interfaces,.and.if.a.re
2f5c0	70 6f 72 74 20 69 73 20 72 65 63 65 69 76 65 64 20 74 68 65 20 67 72 6f 75 70 20 69 73 20 6e 6f	port.is.received.the.group.is.no
2f5e0	74 20 6a 6f 69 6e 65 64 20 61 67 61 69 6e 20 74 68 65 20 75 70 73 74 72 65 61 6d 2e 00 44 69 73	t.joined.again.the.upstream..Dis
2f600	61 62 6c 65 73 20 77 65 62 20 66 69 6c 74 65 72 69 6e 67 20 77 69 74 68 6f 75 74 20 64 69 73 63	ables.web.filtering.without.disc
2f620	61 72 64 69 6e 67 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2e 00 44 69 73 61 62 6c 65 73 20 77	arding.configuration..Disables.w
2f640	65 62 20 70 72 6f 78 79 20 74 72 61 6e 73 70 61 72 65 6e 74 20 6d 6f 64 65 20 61 74 20 61 20 6c	eb.proxy.transparent.mode.at.a.l
2f660	69 73 74 65 6e 69 6e 67 20 61 64 64 72 65 73 73 2e 00 44 69 73 61 62 6c 69 6e 67 20 41 64 76 65	istening.address..Disabling.Adve
2f680	72 74 69 73 65 6d 65 6e 74 73 00 44 69 73 61 62 6c 69 6e 67 20 61 20 56 52 52 50 20 67 72 6f 75	rtisements.Disabling.a.VRRP.grou
2f6a0	70 00 44 69 73 61 62 6c 69 6e 67 20 74 68 65 20 65 6e 63 72 79 70 74 69 6f 6e 20 6f 6e 20 74 68	p.Disabling.the.encryption.on.th
2f6c0	65 20 6c 69 6e 6b 20 62 79 20 72 65 6d 6f 76 69 6e 67 20 60 60 73 65 63 75 72 69 74 79 20 65 6e	e.link.by.removing.``security.en
2f6e0	63 72 79 70 74 60 60 20 77 69 6c 6c 20 73 68 6f 77 20 74 68 65 20 75 6e 65 6e 63 72 79 70 74 65	crypt``.will.show.the.unencrypte
2f700	64 20 62 75 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 64 20 63 6f 6e 74 65 6e 74 2e 00 44 69 73	d.but.authenticated.content..Dis
2f720	61 64 76 61 6e 74 61 67 65 73 20 61 72 65 3a 00 44 69 73 61 73 73 6f 63 69 61 74 65 20 73 74 61	advantages.are:.Disassociate.sta
2f740	74 69 6f 6e 73 20 62 61 73 65 64 20 6f 6e 20 65 78 63 65 73 73 69 76 65 20 74 72 61 6e 73 6d 69	tions.based.on.excessive.transmi
2f760	73 73 69 6f 6e 20 66 61 69 6c 75 72 65 73 20 6f 72 20 6f 74 68 65 72 20 69 6e 64 69 63 61 74 69	ssion.failures.or.other.indicati
2f780	6f 6e 73 20 6f 66 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 6c 6f 73 73 2e 00 44 69 73 70 6c 61 79 20	ons.of.connection.loss..Display.
2f7a0	49 50 76 34 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 20 66 6f 72 20 56 52 46 20 69 64 65 6e 74	IPv4.routing.table.for.VRF.ident
2f7c0	69 66 69 65 64 20 62 79 20 60 3c 6e 61 6d 65 3e 60 2e 00 44 69 73 70 6c 61 79 20 49 50 76 36 20	ified.by.`<name>`..Display.IPv6.
2f7e0	72 6f 75 74 69 6e 67 20 74 61 62 6c 65 20 66 6f 72 20 56 52 46 20 69 64 65 6e 74 69 66 69 65 64	routing.table.for.VRF.identified
2f800	20 62 79 20 60 3c 6e 61 6d 65 3e 60 2e 00 44 69 73 70 6c 61 79 20 4c 6f 67 73 00 44 69 73 70 6c	.by.`<name>`..Display.Logs.Displ
2f820	61 79 20 4f 54 50 20 6b 65 79 20 66 6f 72 20 75 73 65 72 00 44 69 73 70 6c 61 79 20 61 6c 6c 20	ay.OTP.key.for.user.Display.all.
2f840	61 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 61 74 74 65 6d 70 74 73 20 6f 66 20 74 68 65 20 73 70	authorization.attempts.of.the.sp
2f860	65 63 69 66 69 65 64 20 69 6d 61 67 65 00 44 69 73 70 6c 61 79 20 61 6c 6c 20 6b 6e 6f 77 6e 20	ecified.image.Display.all.known.
2f880	41 52 50 20 74 61 62 6c 65 20 65 6e 74 72 69 65 73 20 6f 6e 20 61 20 67 69 76 65 6e 20 69 6e 74	ARP.table.entries.on.a.given.int
2f8a0	65 72 66 61 63 65 20 6f 6e 6c 79 20 28 60 65 74 68 31 60 29 3a 00 44 69 73 70 6c 61 79 20 61 6c	erface.only.(`eth1`):.Display.al
2f8c0	6c 20 6b 6e 6f 77 6e 20 41 52 50 20 74 61 62 6c 65 20 65 6e 74 72 69 65 73 20 73 70 61 6e 6e 69	l.known.ARP.table.entries.spanni
2f8e0	6e 67 20 61 63 72 6f 73 73 20 61 6c 6c 20 69 6e 74 65 72 66 61 63 65 73 00 44 69 73 70 6c 61 79	ng.across.all.interfaces.Display
2f900	20 63 6f 6e 74 65 6e 74 73 20 6f 66 20 61 20 73 70 65 63 69 66 69 65 64 20 75 73 65 72 2d 64 65	.contents.of.a.specified.user-de
2f920	66 69 6e 65 64 20 6c 6f 67 20 66 69 6c 65 20 6f 66 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20	fined.log.file.of.the.specified.
2f940	69 6d 61 67 65 00 44 69 73 70 6c 61 79 20 63 6f 6e 74 65 6e 74 73 20 6f 66 20 61 6c 6c 20 6d 61	image.Display.contents.of.all.ma
2f960	73 74 65 72 20 6c 6f 67 20 66 69 6c 65 73 20 6f 66 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20	ster.log.files.of.the.specified.
2f980	69 6d 61 67 65 00 44 69 73 70 6c 61 79 20 6c 61 73 74 20 6c 69 6e 65 73 20 6f 66 20 74 68 65 20	image.Display.last.lines.of.the.
2f9a0	73 79 73 74 65 6d 20 6c 6f 67 20 6f 66 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 69 6d 61 67	system.log.of.the.specified.imag
2f9c0	65 00 44 69 73 70 6c 61 79 20 6c 69 73 74 20 6f 66 20 61 6c 6c 20 75 73 65 72 2d 64 65 66 69 6e	e.Display.list.of.all.user-defin
2f9e0	65 64 20 6c 6f 67 20 66 69 6c 65 73 20 6f 66 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 69 6d	ed.log.files.of.the.specified.im
2fa00	61 67 65 00 44 69 73 70 6c 61 79 20 6c 6f 67 20 66 69 6c 65 73 20 6f 66 20 67 69 76 65 6e 20 63	age.Display.log.files.of.given.c
2fa20	61 74 65 67 6f 72 79 20 6f 6e 20 74 68 65 20 63 6f 6e 73 6f 6c 65 2e 20 55 73 65 20 74 61 62 20	ategory.on.the.console..Use.tab.
2fa40	63 6f 6d 70 6c 65 74 69 6f 6e 20 74 6f 20 67 65 74 20 61 20 6c 69 73 74 20 6f 66 20 61 76 61 69	completion.to.get.a.list.of.avai
2fa60	6c 61 62 6c 65 20 63 61 74 65 67 6f 72 69 65 73 2e 20 54 68 6f 73 20 63 61 74 65 67 6f 72 69 65	lable.categories..Thos.categorie
2fa80	73 20 63 6f 75 6c 64 20 62 65 3a 20 61 6c 6c 2c 20 61 75 74 68 6f 72 69 7a 61 74 69 6f 6e 2c 20	s.could.be:.all,.authorization,.
2faa0	63 6c 75 73 74 65 72 2c 20 63 6f 6e 6e 74 72 61 63 6b 2d 73 79 6e 63 2c 20 64 68 63 70 2c 20 64	cluster,.conntrack-sync,.dhcp,.d
2fac0	69 72 65 63 74 6f 72 79 2c 20 64 6e 73 2c 20 66 69 6c 65 2c 20 66 69 72 65 77 61 6c 6c 2c 20 68	irectory,.dns,.file,.firewall,.h
2fae0	74 74 70 73 2c 20 69 6d 61 67 65 20 6c 6c 64 70 2c 20 6e 61 74 2c 20 6f 70 65 6e 76 70 6e 2c 20	ttps,.image.lldp,.nat,.openvpn,.
2fb00	73 6e 6d 70 2c 20 74 61 69 6c 2c 20 76 70 6e 2c 20 76 72 72 70 00 44 69 73 70 6c 61 79 73 20 69	snmp,.tail,.vpn,.vrrp.Displays.i
2fb20	6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 61 6c 6c 20 6e 65 69 67 68 62 6f 72 73 20 64	nformation.about.all.neighbors.d
2fb40	69 73 63 6f 76 65 72 65 64 20 76 69 61 20 4c 4c 44 50 2e 00 44 69 73 70 6c 61 79 73 20 71 75 65	iscovered.via.LLDP..Displays.que
2fb60	75 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 66 6f 72 20 61 20 50 50 50 6f 45 20 69 6e 74 65 72	ue.information.for.a.PPPoE.inter
2fb80	66 61 63 65 2e 00 44 69 73 70 6c 61 79 73 20 74 68 65 20 72 6f 75 74 65 20 70 61 63 6b 65 74 73	face..Displays.the.route.packets
2fba0	20 74 61 6b 65 6e 20 74 6f 20 61 20 6e 65 74 77 6f 72 6b 20 68 6f 73 74 20 75 74 69 6c 69 7a 69	.taken.to.a.network.host.utilizi
2fbc0	6e 67 20 56 52 46 20 69 6e 73 74 61 6e 63 65 20 69 64 65 6e 74 69 66 69 65 64 20 62 79 20 60 3c	ng.VRF.instance.identified.by.`<
2fbe0	6e 61 6d 65 3e 60 2e 20 57 68 65 6e 20 75 73 69 6e 67 20 74 68 65 20 49 50 76 34 20 6f 72 20 49	name>`..When.using.the.IPv4.or.I
2fc00	50 76 36 20 6f 70 74 69 6f 6e 2c 20 64 69 73 70 6c 61 79 73 20 74 68 65 20 72 6f 75 74 65 20 70	Pv6.option,.displays.the.route.p
2fc20	61 63 6b 65 74 73 20 74 61 6b 65 6e 20 74 6f 20 74 68 65 20 67 69 76 65 6e 20 68 6f 73 74 73 20	ackets.taken.to.the.given.hosts.
2fc40	49 50 20 61 64 64 72 65 73 73 20 66 61 6d 69 6c 79 2e 20 54 68 69 73 20 6f 70 74 69 6f 6e 20 69	IP.address.family..This.option.i
2fc60	73 20 75 73 65 66 75 6c 20 77 68 65 6e 20 74 68 65 20 68 6f 73 74 20 69 73 20 73 70 65 63 69 66	s.useful.when.the.host.is.specif
2fc80	69 65 64 20 61 73 20 61 20 68 6f 73 74 6e 61 6d 65 20 72 61 74 68 65 72 20 74 68 61 6e 20 61 6e	ied.as.a.hostname.rather.than.an
2fca0	20 49 50 20 61 64 64 72 65 73 73 2e 00 44 6f 20 2a 6e 6f 74 2a 20 6d 61 6e 75 61 6c 6c 79 20 65	.IP.address..Do.*not*.manually.e
2fcc0	64 69 74 20 60 2f 65 74 63 2f 68 6f 73 74 73 60 2e 20 54 68 69 73 20 66 69 6c 65 20 77 69 6c 6c	dit.`/etc/hosts`..This.file.will
2fce0	20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 62 65 20 72 65 67 65 6e 65 72 61 74 65 64 20 6f 6e	.automatically.be.regenerated.on
2fd00	20 62 6f 6f 74 20 62 61 73 65 64 20 6f 6e 20 74 68 65 20 73 65 74 74 69 6e 67 73 20 69 6e 20 74	.boot.based.on.the.settings.in.t
2fd20	68 69 73 20 73 65 63 74 69 6f 6e 2c 20 77 68 69 63 68 20 6d 65 61 6e 73 20 79 6f 75 27 6c 6c 20	his.section,.which.means.you'll.
2fd40	6c 6f 73 65 20 61 6c 6c 20 79 6f 75 72 20 6d 61 6e 75 61 6c 20 65 64 69 74 73 2e 20 49 6e 73 74	lose.all.your.manual.edits..Inst
2fd60	65 61 64 2c 20 63 6f 6e 66 69 67 75 72 65 20 73 74 61 74 69 63 20 68 6f 73 74 20 6d 61 70 70 69	ead,.configure.static.host.mappi
2fd80	6e 67 73 20 61 73 20 66 6f 6c 6c 6f 77 73 2e 00 44 6f 20 6e 6f 74 20 61 73 73 69 67 6e 20 61 20	ngs.as.follows..Do.not.assign.a.
2fda0	6c 69 6e 6b 2d 6c 6f 63 61 6c 20 49 50 76 36 20 61 64 64 72 65 73 73 20 74 6f 20 74 68 69 73 20	link-local.IPv6.address.to.this.
2fdc0	69 6e 74 65 72 66 61 63 65 2e 00 44 6f 20 6e 6f 74 20 63 6f 6e 66 69 67 75 72 65 20 49 46 42 20	interface..Do.not.configure.IFB.
2fde0	61 73 20 74 68 65 20 66 69 72 73 74 20 73 74 65 70 2e 20 46 69 72 73 74 20 63 72 65 61 74 65 20	as.the.first.step..First.create.
2fe00	65 76 65 72 79 74 68 69 6e 67 20 65 6c 73 65 20 6f 66 20 79 6f 75 72 20 74 72 61 66 66 69 63 2d	everything.else.of.your.traffic-
2fe20	70 6f 6c 69 63 79 2c 20 61 6e 64 20 74 68 65 6e 20 79 6f 75 20 63 61 6e 20 63 6f 6e 66 69 67 75	policy,.and.then.you.can.configu
2fe40	72 65 20 49 46 42 2e 20 4f 74 68 65 72 77 69 73 65 20 79 6f 75 20 6d 69 67 68 74 20 67 65 74 20	re.IFB..Otherwise.you.might.get.
2fe60	74 68 65 20 60 60 52 54 4e 45 54 4c 49 4e 4b 20 61 6e 73 77 65 72 3a 20 46 69 6c 65 20 65 78 69	the.``RTNETLINK.answer:.File.exi
2fe80	73 74 73 60 60 20 65 72 72 6f 72 2c 20 77 68 69 63 68 20 63 61 6e 20 62 65 20 73 6f 6c 76 65 64	sts``.error,.which.can.be.solved
2fea0	20 77 69 74 68 20 60 60 73 75 64 6f 20 69 70 20 6c 69 6e 6b 20 64 65 6c 65 74 65 20 69 66 62 30	.with.``sudo.ip.link.delete.ifb0
2fec0	60 60 2e 00 44 6f 20 6e 6f 74 20 75 73 65 20 74 68 65 20 6c 6f 63 61 6c 20 60 60 2f 65 74 63 2f	``..Do.not.use.the.local.``/etc/
2fee0	68 6f 73 74 73 60 60 20 66 69 6c 65 20 69 6e 20 6e 61 6d 65 20 72 65 73 6f 6c 75 74 69 6f 6e 2e	hosts``.file.in.name.resolution.
2ff00	20 56 79 4f 53 20 44 48 43 50 20 73 65 72 76 65 72 20 77 69 6c 6c 20 75 73 65 20 74 68 69 73 20	.VyOS.DHCP.server.will.use.this.
2ff20	66 69 6c 65 20 74 6f 20 61 64 64 20 72 65 73 6f 6c 76 65 72 73 20 74 6f 20 61 73 73 69 67 6e 65	file.to.add.resolvers.to.assigne
2ff40	64 20 61 64 64 72 65 73 73 65 73 2e 00 44 6f 65 73 20 6e 6f 74 20 6e 65 65 64 20 74 6f 20 62 65	d.addresses..Does.not.need.to.be
2ff60	20 75 73 65 64 20 74 6f 67 65 74 68 65 72 20 77 69 74 68 20 70 72 6f 78 79 5f 61 72 70 2e 00 44	.used.together.with.proxy_arp..D
2ff80	6f 6d 61 69 6e 00 44 6f 6d 61 69 6e 20 47 72 6f 75 70 73 00 44 6f 6d 61 69 6e 20 4e 61 6d 65 00	omain.Domain.Groups.Domain.Name.
2ffa0	44 6f 6d 61 69 6e 20 6e 61 6d 65 28 73 29 20 66 6f 72 20 77 68 69 63 68 20 74 6f 20 6f 62 74 61	Domain.name(s).for.which.to.obta
2ffc0	69 6e 20 63 65 72 74 69 66 69 63 61 74 65 00 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 20 63 61 6e 20	in.certificate.Domain.names.can.
2ffe0	69 6e 63 6c 75 64 65 20 6c 65 74 74 65 72 73 2c 20 6e 75 6d 62 65 72 73 2c 20 68 79 70 68 65 6e	include.letters,.numbers,.hyphen
30000	73 20 61 6e 64 20 70 65 72 69 6f 64 73 20 77 69 74 68 20 61 20 6d 61 78 69 6d 75 6d 20 6c 65 6e	s.and.periods.with.a.maximum.len
30020	67 74 68 20 6f 66 20 32 35 33 20 63 68 61 72 61 63 74 65 72 73 2e 00 44 6f 6d 61 69 6e 20 73 65	gth.of.253.characters..Domain.se
30040	61 72 63 68 20 6f 72 64 65 72 00 44 6f 6e 27 74 20 62 65 20 61 66 72 61 69 64 20 74 68 61 74 20	arch.order.Don't.be.afraid.that.
30060	79 6f 75 20 6e 65 65 64 20 74 6f 20 72 65 2d 64 6f 20 79 6f 75 72 20 63 6f 6e 66 69 67 75 72 61	you.need.to.re-do.your.configura
30080	74 69 6f 6e 2e 20 4b 65 79 20 74 72 61 6e 73 66 6f 72 6d 61 74 69 6f 6e 20 69 73 20 68 61 6e 64	tion..Key.transformation.is.hand
300a0	6c 65 64 2c 20 61 73 20 61 6c 77 61 79 73 2c 20 62 79 20 6f 75 72 20 6d 69 67 72 61 74 69 6f 6e	led,.as.always,.by.our.migration
300c0	20 73 63 72 69 70 74 73 2c 20 73 6f 20 74 68 69 73 20 77 69 6c 6c 20 62 65 20 61 20 73 6d 6f 6f	.scripts,.so.this.will.be.a.smoo
300e0	74 68 20 74 72 61 6e 73 69 74 69 6f 6e 20 66 6f 72 20 79 6f 75 21 00 44 6f 6e 27 74 20 66 6f 72	th.transition.for.you!.Don't.for
30100	67 65 74 2c 20 74 68 65 20 43 49 44 52 20 64 65 63 6c 61 72 65 64 20 69 6e 20 74 68 65 20 6e 65	get,.the.CIDR.declared.in.the.ne
30120	74 77 6f 72 6b 20 73 74 61 74 65 6d 65 6e 74 20 2a 2a 4d 55 53 54 20 65 78 69 73 74 20 69 6e 20	twork.statement.**MUST.exist.in.
30140	79 6f 75 72 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 20 28 64 79 6e 61 6d 69 63 20 6f 72 20 73	your.routing.table.(dynamic.or.s
30160	74 61 74 69 63 29 2c 20 74 68 65 20 62 65 73 74 20 77 61 79 20 74 6f 20 6d 61 6b 65 20 73 75 72	tatic),.the.best.way.to.make.sur
30180	65 20 74 68 61 74 20 69 73 20 74 72 75 65 20 69 73 20 63 72 65 61 74 69 6e 67 20 61 20 73 74 61	e.that.is.true.is.creating.a.sta
301a0	74 69 63 20 72 6f 75 74 65 3a 2a 2a 00 44 6f 6e 27 74 20 66 6f 72 67 65 74 2c 20 74 68 65 20 43	tic.route:**.Don't.forget,.the.C
301c0	49 44 52 20 64 65 63 6c 61 72 65 64 20 69 6e 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 73 74 61 74	IDR.declared.in.the.network.stat
301e0	65 6d 65 6e 74 20 4d 55 53 54 20 2a 2a 65 78 69 73 74 20 69 6e 20 79 6f 75 72 20 72 6f 75 74 69	ement.MUST.**exist.in.your.routi
30200	6e 67 20 74 61 62 6c 65 20 28 64 79 6e 61 6d 69 63 20 6f 72 20 73 74 61 74 69 63 29 2c 20 74 68	ng.table.(dynamic.or.static),.th
30220	65 20 62 65 73 74 20 77 61 79 20 74 6f 20 6d 61 6b 65 20 73 75 72 65 20 74 68 61 74 20 69 73 20	e.best.way.to.make.sure.that.is.
30240	74 72 75 65 20 69 73 20 63 72 65 61 74 69 6e 67 20 61 20 73 74 61 74 69 63 20 72 6f 75 74 65 3a	true.is.creating.a.static.route:
30260	2a 2a 00 44 6f 6e 27 74 20 67 65 74 20 63 6f 6e 66 75 73 65 64 20 61 62 6f 75 74 20 74 68 65 20	**.Don't.get.confused.about.the.
30280	75 73 65 64 20 2f 33 31 20 74 75 6e 6e 65 6c 20 73 75 62 6e 65 74 2e 20 3a 72 66 63 3a 60 33 30	used./31.tunnel.subnet..:rfc:`30
302a0	32 31 60 20 67 69 76 65 73 20 79 6f 75 20 61 64 64 69 74 69 6f 6e 61 6c 20 69 6e 66 6f 72 6d 61	21`.gives.you.additional.informa
302c0	74 69 6f 6e 20 66 6f 72 20 75 73 69 6e 67 20 2f 33 31 20 73 75 62 6e 65 74 73 20 6f 6e 20 70 6f	tion.for.using./31.subnets.on.po
302e0	69 6e 74 2d 74 6f 2d 70 6f 69 6e 74 20 6c 69 6e 6b 73 2e 00 44 6f 77 6e 6c 6f 61 64 20 62 61 6e	int-to-point.links..Download.ban
30300	64 77 69 64 74 68 20 6c 69 6d 69 74 20 69 6e 20 6b 62 69 74 2f 73 20 66 6f 72 20 60 3c 75 73 65	dwidth.limit.in.kbit/s.for.`<use
30320	72 3e 60 2e 00 44 6f 77 6e 6c 6f 61 64 2f 55 70 64 61 74 65 20 63 6f 6d 70 6c 65 74 65 20 62 6c	r>`..Download/Update.complete.bl
30340	61 63 6b 6c 69 73 74 00 44 6f 77 6e 6c 6f 61 64 2f 55 70 64 61 74 65 20 70 61 72 74 69 61 6c 20	acklist.Download/Update.partial.
30360	62 6c 61 63 6b 6c 69 73 74 2e 00 44 72 6f 70 20 41 53 2d 4e 55 4d 42 45 52 20 66 72 6f 6d 20 74	blacklist..Drop.AS-NUMBER.from.t
30380	68 65 20 42 47 50 20 41 53 20 70 61 74 68 2e 00 44 72 6f 70 20 54 61 69 6c 00 44 72 6f 70 20 72	he.BGP.AS.path..Drop.Tail.Drop.r
303a0	61 74 65 00 44 72 6f 70 70 65 64 20 70 61 63 6b 65 74 73 20 72 65 70 6f 72 74 65 64 20 6f 6e 20	ate.Dropped.packets.reported.on.
303c0	44 52 4f 50 4d 4f 4e 20 4e 65 74 6c 69 6e 6b 20 63 68 61 6e 6e 65 6c 20 62 79 20 4c 69 6e 75 78	DROPMON.Netlink.channel.by.Linux
303e0	20 6b 65 72 6e 65 6c 20 61 72 65 20 65 78 70 6f 72 74 65 64 20 76 69 61 20 74 68 65 20 73 74 61	.kernel.are.exported.via.the.sta
30400	6e 64 61 72 64 20 73 46 6c 6f 77 20 76 35 20 65 78 74 65 6e 73 69 6f 6e 20 66 6f 72 20 72 65 70	ndard.sFlow.v5.extension.for.rep
30420	6f 72 74 69 6e 67 20 64 72 6f 70 70 65 64 20 70 61 63 6b 65 74 73 00 44 75 61 6c 2d 53 74 61 63	orting.dropped.packets.Dual-Stac
30440	6b 20 49 50 76 34 2f 49 50 76 36 20 70 72 6f 76 69 73 69 6f 6e 69 6e 67 20 77 69 74 68 20 50 72	k.IPv4/IPv6.provisioning.with.Pr
30460	65 66 69 78 20 44 65 6c 65 67 61 74 69 6f 6e 00 44 75 6d 6d 79 00 44 75 6d 6d 79 20 69 6e 74 65	efix.Delegation.Dummy.Dummy.inte
30480	72 66 61 63 65 00 44 75 6d 6d 79 20 69 6e 74 65 72 66 61 63 65 73 20 63 61 6e 20 62 65 20 75 73	rface.Dummy.interfaces.can.be.us
304a0	65 64 20 61 73 20 69 6e 74 65 72 66 61 63 65 73 20 74 68 61 74 20 61 6c 77 61 79 73 20 73 74 61	ed.as.interfaces.that.always.sta
304c0	79 20 75 70 20 28 69 6e 20 74 68 65 20 73 61 6d 65 20 66 61 73 68 69 6f 6e 20 74 6f 20 6c 6f 6f	y.up.(in.the.same.fashion.to.loo
304e0	70 62 61 63 6b 73 20 69 6e 20 43 69 73 63 6f 20 49 4f 53 29 2c 20 6f 72 20 66 6f 72 20 74 65 73	pbacks.in.Cisco.IOS),.or.for.tes
30500	74 69 6e 67 20 70 75 72 70 6f 73 65 73 2e 00 44 75 70 6c 69 63 61 74 65 20 70 61 63 6b 65 74 73	ting.purposes..Duplicate.packets
30520	20 61 72 65 20 6e 6f 74 20 69 6e 63 6c 75 64 65 64 20 69 6e 20 74 68 65 20 70 61 63 6b 65 74 20	.are.not.included.in.the.packet.
30540	6c 6f 73 73 20 63 61 6c 63 75 6c 61 74 69 6f 6e 2c 20 61 6c 74 68 6f 75 67 68 20 74 68 65 20 72	loss.calculation,.although.the.r
30560	6f 75 6e 64 2d 74 72 69 70 20 74 69 6d 65 20 6f 66 20 74 68 65 73 65 20 70 61 63 6b 65 74 73 20	ound-trip.time.of.these.packets.
30580	69 73 20 75 73 65 64 20 69 6e 20 63 61 6c 63 75 6c 61 74 69 6e 67 20 74 68 65 20 6d 69 6e 69 6d	is.used.in.calculating.the.minim
305a0	75 6d 2f 20 61 76 65 72 61 67 65 2f 6d 61 78 69 6d 75 6d 20 72 6f 75 6e 64 2d 74 72 69 70 20 74	um/.average/maximum.round-trip.t
305c0	69 6d 65 20 6e 75 6d 62 65 72 73 2e 00 44 79 6e 61 6d 69 63 20 44 4e 53 00 44 79 6e 61 6d 69 63	ime.numbers..Dynamic.DNS.Dynamic
305e0	2d 70 72 6f 74 65 63 74 69 6f 6e 00 45 41 50 6f 4c 20 63 6f 6d 65 73 20 77 69 74 68 20 61 6e 20	-protection.EAPoL.comes.with.an.
30600	69 64 65 6e 74 69 66 79 20 6f 70 74 69 6f 6e 2e 20 57 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c	identify.option..We.automaticall
30620	79 20 75 73 65 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 4d 41 43 20 61 64 64 72 65 73 73 20	y.use.the.interface.MAC.address.
30640	61 73 20 69 64 65 6e 74 69 74 79 20 70 61 72 61 6d 65 74 65 72 2e 00 45 53 50 20 28 45 6e 63 61	as.identity.parameter..ESP.(Enca
30660	70 73 75 6c 61 74 69 6e 67 20 53 65 63 75 72 69 74 79 20 50 61 79 6c 6f 61 64 29 20 41 74 74 72	psulating.Security.Payload).Attr
30680	69 62 75 74 65 73 00 45 53 50 20 50 68 61 73 65 3a 00 45 53 50 20 69 73 20 75 73 65 64 20 74 6f	ibutes.ESP.Phase:.ESP.is.used.to
306a0	20 70 72 6f 76 69 64 65 20 63 6f 6e 66 69 64 65 6e 74 69 61 6c 69 74 79 2c 20 64 61 74 61 20 6f	.provide.confidentiality,.data.o
306c0	72 69 67 69 6e 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 2c 20 63 6f 6e 6e 65 63 74 69 6f 6e	rigin.authentication,.connection
306e0	6c 65 73 73 20 69 6e 74 65 67 72 69 74 79 2c 20 61 6e 20 61 6e 74 69 2d 72 65 70 6c 61 79 20 73	less.integrity,.an.anti-replay.s
30700	65 72 76 69 63 65 20 28 61 20 66 6f 72 6d 20 6f 66 20 70 61 72 74 69 61 6c 20 73 65 71 75 65 6e	ervice.(a.form.of.partial.sequen
30720	63 65 20 69 6e 74 65 67 72 69 74 79 29 2c 20 61 6e 64 20 6c 69 6d 69 74 65 64 20 74 72 61 66 66	ce.integrity),.and.limited.traff
30740	69 63 20 66 6c 6f 77 20 63 6f 6e 66 69 64 65 6e 74 69 61 6c 69 74 79 2e 20 68 74 74 70 73 3a 2f	ic.flow.confidentiality..https:/
30760	2f 64 61 74 61 74 72 61 63 6b 65 72 2e 69 65 74 66 2e 6f 72 67 2f 64 6f 63 2f 68 74 6d 6c 2f 72	/datatracker.ietf.org/doc/html/r
30780	66 63 34 33 30 33 00 45 61 63 68 20 3a 61 62 62 72 3a 60 41 53 20 28 41 75 74 6f 6e 6f 6d 6f 75	fc4303.Each.:abbr:`AS.(Autonomou
307a0	73 20 53 79 73 74 65 6d 29 60 20 68 61 73 20 61 6e 20 69 64 65 6e 74 69 66 79 69 6e 67 20 6e 75	s.System)`.has.an.identifying.nu
307c0	6d 62 65 72 20 61 73 73 6f 63 69 61 74 65 64 20 77 69 74 68 20 69 74 20 63 61 6c 6c 65 64 20 61	mber.associated.with.it.called.a
307e0	6e 20 3a 61 62 62 72 3a 60 41 53 4e 20 28 41 75 74 6f 6e 6f 6d 6f 75 73 20 53 79 73 74 65 6d 20	n.:abbr:`ASN.(Autonomous.System.
30800	4e 75 6d 62 65 72 29 60 2e 20 54 68 69 73 20 69 73 20 61 20 74 77 6f 20 6f 63 74 65 74 20 76 61	Number)`..This.is.a.two.octet.va
30820	6c 75 65 20 72 61 6e 67 69 6e 67 20 69 6e 20 76 61 6c 75 65 20 66 72 6f 6d 20 31 20 74 6f 20 36	lue.ranging.in.value.from.1.to.6
30840	35 35 33 35 2e 20 54 68 65 20 41 53 20 6e 75 6d 62 65 72 73 20 36 34 35 31 32 20 74 68 72 6f 75	5535..The.AS.numbers.64512.throu
30860	67 68 20 36 35 35 33 35 20 61 72 65 20 64 65 66 69 6e 65 64 20 61 73 20 70 72 69 76 61 74 65 20	gh.65535.are.defined.as.private.
30880	41 53 20 6e 75 6d 62 65 72 73 2e 20 50 72 69 76 61 74 65 20 41 53 20 6e 75 6d 62 65 72 73 20 6d	AS.numbers..Private.AS.numbers.m
308a0	75 73 74 20 6e 6f 74 20 62 65 20 61 64 76 65 72 74 69 73 65 64 20 6f 6e 20 74 68 65 20 67 6c 6f	ust.not.be.advertised.on.the.glo
308c0	62 61 6c 20 49 6e 74 65 72 6e 65 74 2e 20 54 68 65 20 32 2d 62 79 74 65 20 41 53 20 6e 75 6d 62	bal.Internet..The.2-byte.AS.numb
308e0	65 72 20 72 61 6e 67 65 20 68 61 73 20 62 65 65 6e 20 65 78 68 61 75 73 74 65 64 2e 20 34 2d 62	er.range.has.been.exhausted..4-b
30900	79 74 65 20 41 53 20 6e 75 6d 62 65 72 73 20 61 72 65 20 73 70 65 63 69 66 69 65 64 20 69 6e 20	yte.AS.numbers.are.specified.in.
30920	3a 72 66 63 3a 60 36 37 39 33 60 2c 20 61 6e 64 20 70 72 6f 76 69 64 65 20 61 20 70 6f 6f 6c 20	:rfc:`6793`,.and.provide.a.pool.
30940	6f 66 20 34 32 39 34 39 36 37 32 39 36 20 41 53 20 6e 75 6d 62 65 72 73 2e 00 45 61 63 68 20 4e	of.4294967296.AS.numbers..Each.N
30960	65 74 66 69 6c 74 65 72 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 69 73 20 75 6e 69 71 75 65 6c 79 20	etfilter.connection.is.uniquely.
30980	69 64 65 6e 74 69 66 69 65 64 20 62 79 20 61 20 28 6c 61 79 65 72 2d 33 20 70 72 6f 74 6f 63 6f	identified.by.a.(layer-3.protoco
309a0	6c 2c 20 73 6f 75 72 63 65 20 61 64 64 72 65 73 73 2c 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 61	l,.source.address,.destination.a
309c0	64 64 72 65 73 73 2c 20 6c 61 79 65 72 2d 34 20 70 72 6f 74 6f 63 6f 6c 2c 20 6c 61 79 65 72 2d	ddress,.layer-4.protocol,.layer-
309e0	34 20 6b 65 79 29 20 74 75 70 6c 65 2e 20 54 68 65 20 6c 61 79 65 72 2d 34 20 6b 65 79 20 64 65	4.key).tuple..The.layer-4.key.de
30a00	70 65 6e 64 73 20 6f 6e 20 74 68 65 20 74 72 61 6e 73 70 6f 72 74 20 70 72 6f 74 6f 63 6f 6c 3b	pends.on.the.transport.protocol;
30a20	20 66 6f 72 20 54 43 50 2f 55 44 50 20 69 74 20 69 73 20 74 68 65 20 70 6f 72 74 20 6e 75 6d 62	.for.TCP/UDP.it.is.the.port.numb
30a40	65 72 73 2c 20 66 6f 72 20 74 75 6e 6e 65 6c 73 20 69 74 20 63 61 6e 20 62 65 20 74 68 65 69 72	ers,.for.tunnels.it.can.be.their
30a60	20 74 75 6e 6e 65 6c 20 49 44 2c 20 62 75 74 20 6f 74 68 65 72 77 69 73 65 20 69 73 20 6a 75 73	.tunnel.ID,.but.otherwise.is.jus
30a80	74 20 7a 65 72 6f 2c 20 61 73 20 69 66 20 69 74 20 77 65 72 65 20 6e 6f 74 20 70 61 72 74 20 6f	t.zero,.as.if.it.were.not.part.o
30aa0	66 20 74 68 65 20 74 75 70 6c 65 2e 20 54 6f 20 62 65 20 61 62 6c 65 20 74 6f 20 69 6e 73 70 65	f.the.tuple..To.be.able.to.inspe
30ac0	63 74 20 74 68 65 20 54 43 50 20 70 6f 72 74 20 69 6e 20 61 6c 6c 20 63 61 73 65 73 2c 20 70 61	ct.the.TCP.port.in.all.cases,.pa
30ae0	63 6b 65 74 73 20 77 69 6c 6c 20 62 65 20 6d 61 6e 64 61 74 6f 72 69 6c 79 20 64 65 66 72 61 67	ckets.will.be.mandatorily.defrag
30b00	6d 65 6e 74 65 64 2e 00 45 61 63 68 20 56 58 4c 41 4e 20 73 65 67 6d 65 6e 74 20 69 73 20 69 64	mented..Each.VXLAN.segment.is.id
30b20	65 6e 74 69 66 69 65 64 20 74 68 72 6f 75 67 68 20 61 20 32 34 2d 62 69 74 20 73 65 67 6d 65 6e	entified.through.a.24-bit.segmen
30b40	74 20 49 44 2c 20 74 65 72 6d 65 64 20 74 68 65 20 3a 61 62 62 72 3a 60 56 4e 49 20 28 56 58 4c	t.ID,.termed.the.:abbr:`VNI.(VXL
30b60	41 4e 20 4e 65 74 77 6f 72 6b 20 49 64 65 6e 74 69 66 69 65 72 20 28 6f 72 20 56 58 4c 41 4e 20	AN.Network.Identifier.(or.VXLAN.
30b80	53 65 67 6d 65 6e 74 20 49 44 29 29 60 2c 20 54 68 69 73 20 61 6c 6c 6f 77 73 20 75 70 20 74 6f	Segment.ID))`,.This.allows.up.to
30ba0	20 31 36 4d 20 56 58 4c 41 4e 20 73 65 67 6d 65 6e 74 73 20 74 6f 20 63 6f 65 78 69 73 74 20 77	.16M.VXLAN.segments.to.coexist.w
30bc0	69 74 68 69 6e 20 74 68 65 20 73 61 6d 65 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 64 6f	ithin.the.same.administrative.do
30be0	6d 61 69 6e 2e 00 45 61 63 68 20 62 72 69 64 67 65 20 68 61 73 20 61 20 72 65 6c 61 74 69 76 65	main..Each.bridge.has.a.relative
30c00	20 70 72 69 6f 72 69 74 79 20 61 6e 64 20 63 6f 73 74 2e 20 45 61 63 68 20 69 6e 74 65 72 66 61	.priority.and.cost..Each.interfa
30c20	63 65 20 69 73 20 61 73 73 6f 63 69 61 74 65 64 20 77 69 74 68 20 61 20 70 6f 72 74 20 28 6e 75	ce.is.associated.with.a.port.(nu
30c40	6d 62 65 72 29 20 69 6e 20 74 68 65 20 53 54 50 20 63 6f 64 65 2e 20 45 61 63 68 20 68 61 73 20	mber).in.the.STP.code..Each.has.
30c60	61 20 70 72 69 6f 72 69 74 79 20 61 6e 64 20 61 20 63 6f 73 74 2c 20 74 68 61 74 20 69 73 20 75	a.priority.and.a.cost,.that.is.u
30c80	73 65 64 20 74 6f 20 64 65 63 69 64 65 20 77 68 69 63 68 20 69 73 20 74 68 65 20 73 68 6f 72 74	sed.to.decide.which.is.the.short
30ca0	65 73 74 20 70 61 74 68 20 74 6f 20 66 6f 72 77 61 72 64 20 61 20 70 61 63 6b 65 74 2e 20 54 68	est.path.to.forward.a.packet..Th
30cc0	65 20 6c 6f 77 65 73 74 20 63 6f 73 74 20 70 61 74 68 20 69 73 20 61 6c 77 61 79 73 20 75 73 65	e.lowest.cost.path.is.always.use
30ce0	64 20 75 6e 6c 65 73 73 20 74 68 65 20 6f 74 68 65 72 20 70 61 74 68 20 69 73 20 64 6f 77 6e 2e	d.unless.the.other.path.is.down.
30d00	20 49 66 20 79 6f 75 20 68 61 76 65 20 6d 75 6c 74 69 70 6c 65 20 62 72 69 64 67 65 73 20 61 6e	.If.you.have.multiple.bridges.an
30d20	64 20 69 6e 74 65 72 66 61 63 65 73 20 74 68 65 6e 20 79 6f 75 20 6d 61 79 20 6e 65 65 64 20 74	d.interfaces.then.you.may.need.t
30d40	6f 20 61 64 6a 75 73 74 20 74 68 65 20 70 72 69 6f 72 69 74 69 65 73 20 74 6f 20 61 63 68 69 65	o.adjust.the.priorities.to.achie
30d60	76 65 20 6f 70 74 69 6d 75 6d 20 70 65 72 66 6f 72 6d 61 6e 63 65 2e 00 45 61 63 68 20 62 72 6f	ve.optimum.performance..Each.bro
30d80	61 64 63 61 73 74 20 72 65 6c 61 79 20 69 6e 73 74 61 6e 63 65 20 63 61 6e 20 62 65 20 69 6e 64	adcast.relay.instance.can.be.ind
30da0	69 76 69 64 75 61 6c 6c 79 20 64 69 73 61 62 6c 65 64 20 77 69 74 68 6f 75 74 20 64 65 6c 65 74	ividually.disabled.without.delet
30dc0	69 6e 67 20 74 68 65 20 63 6f 6e 66 69 67 75 72 65 64 20 6e 6f 64 65 20 62 79 20 75 73 69 6e 67	ing.the.configured.node.by.using
30de0	20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 63 6f 6d 6d 61 6e 64 3a 00 45 61 63 68 20 63 6c 61	.the.following.command:.Each.cla
30e00	73 73 20 63 61 6e 20 68 61 76 65 20 61 20 67 75 61 72 61 6e 74 65 65 64 20 70 61 72 74 20 6f 66	ss.can.have.a.guaranteed.part.of
30e20	20 74 68 65 20 74 6f 74 61 6c 20 62 61 6e 64 77 69 64 74 68 20 64 65 66 69 6e 65 64 20 66 6f 72	.the.total.bandwidth.defined.for
30e40	20 74 68 65 20 77 68 6f 6c 65 20 70 6f 6c 69 63 79 2c 20 73 6f 20 61 6c 6c 20 74 68 6f 73 65 20	.the.whole.policy,.so.all.those.
30e60	73 68 61 72 65 73 20 74 6f 67 65 74 68 65 72 20 73 68 6f 75 6c 64 20 6e 6f 74 20 62 65 20 68 69	shares.together.should.not.be.hi
30e80	67 68 65 72 20 74 68 61 6e 20 74 68 65 20 70 6f 6c 69 63 79 27 73 20 77 68 6f 6c 65 20 62 61 6e	gher.than.the.policy's.whole.ban
30ea0	64 77 69 64 74 68 2e 00 45 61 63 68 20 63 6c 61 73 73 20 69 73 20 61 73 73 69 67 6e 65 64 20 61	dwidth..Each.class.is.assigned.a
30ec0	20 64 65 66 69 63 69 74 20 63 6f 75 6e 74 65 72 20 28 74 68 65 20 6e 75 6d 62 65 72 20 6f 66 20	.deficit.counter.(the.number.of.
30ee0	62 79 74 65 73 20 74 68 61 74 20 61 20 66 6c 6f 77 20 69 73 20 61 6c 6c 6f 77 65 64 20 74 6f 20	bytes.that.a.flow.is.allowed.to.
30f00	74 72 61 6e 73 6d 69 74 20 77 68 65 6e 20 69 74 20 69 73 20 69 74 73 20 74 75 72 6e 29 20 69 6e	transmit.when.it.is.its.turn).in
30f20	69 74 69 61 6c 69 7a 65 64 20 74 6f 20 71 75 61 6e 74 75 6d 2e 20 51 75 61 6e 74 75 6d 20 69 73	itialized.to.quantum..Quantum.is
30f40	20 61 20 70 61 72 61 6d 65 74 65 72 20 79 6f 75 20 63 6f 6e 66 69 67 75 72 65 20 77 68 69 63 68	.a.parameter.you.configure.which
30f60	20 61 63 74 73 20 6c 69 6b 65 20 61 20 63 72 65 64 69 74 20 6f 66 20 66 69 78 20 62 79 74 65 73	.acts.like.a.credit.of.fix.bytes
30f80	20 74 68 65 20 63 6f 75 6e 74 65 72 20 72 65 63 65 69 76 65 73 20 6f 6e 20 65 61 63 68 20 72 6f	.the.counter.receives.on.each.ro
30fa0	75 6e 64 2e 20 54 68 65 6e 20 74 68 65 20 52 6f 75 6e 64 2d 52 6f 62 69 6e 20 70 6f 6c 69 63 79	und..Then.the.Round-Robin.policy
30fc0	20 73 74 61 72 74 73 20 6d 6f 76 69 6e 67 20 69 74 73 20 52 6f 75 6e 64 20 52 6f 62 69 6e 20 70	.starts.moving.its.Round.Robin.p
30fe0	6f 69 6e 74 65 72 20 74 68 72 6f 75 67 68 20 74 68 65 20 71 75 65 75 65 73 2e 20 49 66 20 74 68	ointer.through.the.queues..If.th
31000	65 20 64 65 66 69 63 69 74 20 63 6f 75 6e 74 65 72 20 69 73 20 67 72 65 61 74 65 72 20 74 68 61	e.deficit.counter.is.greater.tha
31020	6e 20 74 68 65 20 70 61 63 6b 65 74 27 73 20 73 69 7a 65 20 61 74 20 74 68 65 20 68 65 61 64 20	n.the.packet's.size.at.the.head.
31040	6f 66 20 74 68 65 20 71 75 65 75 65 2c 20 74 68 69 73 20 70 61 63 6b 65 74 20 77 69 6c 6c 20 62	of.the.queue,.this.packet.will.b
31060	65 20 73 65 6e 74 20 61 6e 64 20 74 68 65 20 76 61 6c 75 65 20 6f 66 20 74 68 65 20 63 6f 75 6e	e.sent.and.the.value.of.the.coun
31080	74 65 72 20 77 69 6c 6c 20 62 65 20 64 65 63 72 65 6d 65 6e 74 65 64 20 62 79 20 74 68 65 20 70	ter.will.be.decremented.by.the.p
310a0	61 63 6b 65 74 20 73 69 7a 65 2e 20 54 68 65 6e 2c 20 74 68 65 20 73 69 7a 65 20 6f 66 20 74 68	acket.size..Then,.the.size.of.th
310c0	65 20 6e 65 78 74 20 70 61 63 6b 65 74 20 77 69 6c 6c 20 62 65 20 63 6f 6d 70 61 72 65 64 20 74	e.next.packet.will.be.compared.t
310e0	6f 20 74 68 65 20 63 6f 75 6e 74 65 72 20 76 61 6c 75 65 20 61 67 61 69 6e 2c 20 72 65 70 65 61	o.the.counter.value.again,.repea
31100	74 69 6e 67 20 74 68 65 20 70 72 6f 63 65 73 73 2e 20 4f 6e 63 65 20 74 68 65 20 71 75 65 75 65	ting.the.process..Once.the.queue
31120	20 69 73 20 65 6d 70 74 79 20 6f 72 20 74 68 65 20 76 61 6c 75 65 20 6f 66 20 74 68 65 20 63 6f	.is.empty.or.the.value.of.the.co
31140	75 6e 74 65 72 20 69 73 20 69 6e 73 75 66 66 69 63 69 65 6e 74 2c 20 74 68 65 20 52 6f 75 6e 64	unter.is.insufficient,.the.Round
31160	2d 52 6f 62 69 6e 20 70 6f 69 6e 74 65 72 20 77 69 6c 6c 20 6d 6f 76 65 20 74 6f 20 74 68 65 20	-Robin.pointer.will.move.to.the.
31180	6e 65 78 74 20 71 75 65 75 65 2e 20 49 66 20 74 68 65 20 71 75 65 75 65 20 69 73 20 65 6d 70 74	next.queue..If.the.queue.is.empt
311a0	79 2c 20 74 68 65 20 76 61 6c 75 65 20 6f 66 20 74 68 65 20 64 65 66 69 63 69 74 20 63 6f 75 6e	y,.the.value.of.the.deficit.coun
311c0	74 65 72 20 69 73 20 72 65 73 65 74 20 74 6f 20 30 2e 00 45 61 63 68 20 64 79 6e 61 6d 69 63 20	ter.is.reset.to.0..Each.dynamic.
311e0	4e 48 53 20 77 69 6c 6c 20 67 65 74 20 61 20 70 65 65 72 20 65 6e 74 72 79 20 77 69 74 68 20 74	NHS.will.get.a.peer.entry.with.t
31200	68 65 20 63 6f 6e 66 69 67 75 72 65 64 20 6e 65 74 77 6f 72 6b 20 61 64 64 72 65 73 73 20 61 6e	he.configured.network.address.an
31220	64 20 74 68 65 20 64 69 73 63 6f 76 65 72 65 64 20 4e 42 4d 41 20 61 64 64 72 65 73 73 2e 00 45	d.the.discovered.NBMA.address..E
31240	61 63 68 20 68 65 61 6c 74 68 20 63 68 65 63 6b 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 69	ach.health.check.is.configured.i
31260	6e 20 69 74 73 20 6f 77 6e 20 74 65 73 74 2c 20 74 65 73 74 73 20 61 72 65 20 6e 75 6d 62 65 72	n.its.own.test,.tests.are.number
31280	65 64 20 61 6e 64 20 70 72 6f 63 65 73 73 65 64 20 69 6e 20 6e 75 6d 65 72 69 63 20 6f 72 64 65	ed.and.processed.in.numeric.orde
312a0	72 2e 20 46 6f 72 20 6d 75 6c 74 69 20 74 61 72 67 65 74 20 68 65 61 6c 74 68 20 63 68 65 63 6b	r..For.multi.target.health.check
312c0	69 6e 67 20 6d 75 6c 74 69 70 6c 65 20 74 65 73 74 73 20 63 61 6e 20 62 65 20 64 65 66 69 6e 65	ing.multiple.tests.can.be.define
312e0	64 3a 00 45 61 63 68 20 69 6e 64 69 76 69 64 75 61 6c 20 63 6f 6e 66 69 67 75 72 65 64 20 63 6f	d:.Each.individual.configured.co
31300	6e 73 6f 6c 65 2d 73 65 72 76 65 72 20 64 65 76 69 63 65 20 63 61 6e 20 62 65 20 64 69 72 65 63	nsole-server.device.can.be.direc
31320	74 6c 79 20 65 78 70 6f 73 65 64 20 74 6f 20 74 68 65 20 6f 75 74 73 69 64 65 20 77 6f 72 6c 64	tly.exposed.to.the.outside.world
31340	2e 20 41 20 75 73 65 72 20 63 61 6e 20 64 69 72 65 63 74 6c 79 20 63 6f 6e 6e 65 63 74 20 76 69	..A.user.can.directly.connect.vi
31360	61 20 53 53 48 20 74 6f 20 74 68 65 20 63 6f 6e 66 69 67 75 72 65 64 20 70 6f 72 74 2e 00 45 61	a.SSH.to.the.configured.port..Ea
31380	63 68 20 6e 6f 64 65 20 28 48 75 62 20 61 6e 64 20 53 70 6f 6b 65 29 20 75 73 65 73 20 61 6e 20	ch.node.(Hub.and.Spoke).uses.an.
313a0	49 50 20 61 64 64 72 65 73 73 20 66 72 6f 6d 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 31 37 32 2e	IP.address.from.the.network.172.
313c0	31 36 2e 32 35 33 2e 31 32 38 2f 32 39 2e 00 45 61 63 68 20 6f 66 20 74 68 65 20 69 6e 73 74 61	16.253.128/29..Each.of.the.insta
313e0	6c 6c 20 63 6f 6d 6d 61 6e 64 20 73 68 6f 75 6c 64 20 62 65 20 61 70 70 6c 69 65 64 20 74 6f 20	ll.command.should.be.applied.to.
31400	74 68 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6d 6d 69 74 65 64 20 62	the.configuration.and.commited.b
31420	65 66 6f 72 65 20 75 73 69 6e 67 20 75 6e 64 65 72 20 74 68 65 20 6f 70 65 6e 63 6f 6e 6e 65 63	efore.using.under.the.openconnec
31440	74 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3a 00 45 61 63 68 20 73 69 74 65 2d 74 6f 2d 73 69	t.configuration:.Each.site-to-si
31460	74 65 20 70 65 65 72 20 68 61 73 20 74 68 65 20 6e 65 78 74 20 6f 70 74 69 6f 6e 73 3a 00 45 65	te.peer.has.the.next.options:.Ee
31480	6e 61 62 6c 65 73 20 74 68 65 20 47 65 6e 65 72 69 63 20 50 72 6f 74 6f 63 6f 6c 20 65 78 74 65	nables.the.Generic.Protocol.exte
314a0	6e 73 69 6f 6e 20 28 56 58 4c 41 4e 2d 47 50 45 29 2e 20 43 75 72 72 65 6e 74 6c 79 2c 20 74 68	nsion.(VXLAN-GPE)..Currently,.th
314c0	69 73 20 69 73 20 6f 6e 6c 79 20 73 75 70 70 6f 72 74 65 64 20 74 6f 67 65 74 68 65 72 20 77 69	is.is.only.supported.together.wi
314e0	74 68 20 74 68 65 20 65 78 74 65 72 6e 61 6c 20 6b 65 79 77 6f 72 64 2e 00 45 6d 61 69 6c 20 61	th.the.external.keyword..Email.a
31500	64 64 72 65 73 73 20 74 6f 20 61 73 73 6f 63 69 61 74 65 20 77 69 74 68 20 63 65 72 74 69 66 69	ddress.to.associate.with.certifi
31520	63 61 74 65 00 45 6d 62 65 64 64 69 6e 67 20 6f 6e 65 20 70 6f 6c 69 63 79 20 69 6e 74 6f 20 61	cate.Embedding.one.policy.into.a
31540	6e 6f 74 68 65 72 20 6f 6e 65 00 45 6d 65 72 67 65 6e 63 79 00 45 6e 61 62 6c 65 20 42 46 44 20	nother.one.Emergency.Enable.BFD.
31560	66 6f 72 20 49 53 49 53 20 6f 6e 20 61 6e 20 69 6e 74 65 72 66 61 63 65 00 45 6e 61 62 6c 65 20	for.ISIS.on.an.interface.Enable.
31580	42 46 44 20 66 6f 72 20 4f 53 50 46 20 6f 6e 20 61 6e 20 69 6e 74 65 72 66 61 63 65 00 45 6e 61	BFD.for.OSPF.on.an.interface.Ena
315a0	62 6c 65 20 42 46 44 20 66 6f 72 20 4f 53 50 46 76 33 20 6f 6e 20 61 6e 20 69 6e 74 65 72 66 61	ble.BFD.for.OSPFv3.on.an.interfa
315c0	63 65 00 45 6e 61 62 6c 65 20 42 46 44 20 69 6e 20 42 47 50 00 45 6e 61 62 6c 65 20 42 46 44 20	ce.Enable.BFD.in.BGP.Enable.BFD.
315e0	69 6e 20 49 53 49 53 00 45 6e 61 62 6c 65 20 42 46 44 20 69 6e 20 4f 53 50 46 00 45 6e 61 62 6c	in.ISIS.Enable.BFD.in.OSPF.Enabl
31600	65 20 42 46 44 20 6f 6e 20 61 20 42 47 50 20 70 65 65 72 20 67 72 6f 75 70 00 45 6e 61 62 6c 65	e.BFD.on.a.BGP.peer.group.Enable
31620	20 42 46 44 20 6f 6e 20 61 20 73 69 6e 67 6c 65 20 42 47 50 20 6e 65 69 67 68 62 6f 72 00 45 6e	.BFD.on.a.single.BGP.neighbor.En
31640	61 62 6c 65 20 44 48 43 50 20 66 61 69 6c 6f 76 65 72 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e	able.DHCP.failover.configuration
31660	20 66 6f 72 20 74 68 69 73 20 61 64 64 72 65 73 73 20 70 6f 6f 6c 2e 00 45 6e 61 62 6c 65 20 48	.for.this.address.pool..Enable.H
31680	54 2d 64 65 6c 61 79 65 64 20 42 6c 6f 63 6b 20 41 63 6b 20 60 60 5b 44 45 4c 41 59 45 44 2d 42	T-delayed.Block.Ack.``[DELAYED-B
316a0	41 5d 60 60 00 45 6e 61 62 6c 65 20 49 47 4d 50 20 61 6e 64 20 4d 4c 44 20 71 75 65 72 69 65 72	A]``.Enable.IGMP.and.MLD.querier
316c0	2e 00 45 6e 61 62 6c 65 20 49 47 4d 50 20 61 6e 64 20 4d 4c 44 20 73 6e 6f 6f 70 69 6e 67 2e 00	..Enable.IGMP.and.MLD.snooping..
316e0	45 6e 61 62 6c 65 20 49 50 20 66 6f 72 77 61 72 64 69 6e 67 20 6f 6e 20 63 6c 69 65 6e 74 00 45	Enable.IP.forwarding.on.client.E
31700	6e 61 62 6c 65 20 49 53 2d 49 53 00 45 6e 61 62 6c 65 20 49 53 2d 49 53 20 61 6e 64 20 49 47 50	nable.IS-IS.Enable.IS-IS.and.IGP
31720	2d 4c 44 50 20 73 79 6e 63 68 72 6f 6e 69 7a 61 74 69 6f 6e 00 45 6e 61 62 6c 65 20 49 53 2d 49	-LDP.synchronization.Enable.IS-I
31740	53 20 61 6e 64 20 72 65 64 69 73 74 72 69 62 75 74 65 20 72 6f 75 74 65 73 20 6e 6f 74 20 6e 61	S.and.redistribute.routes.not.na
31760	74 69 76 65 6c 79 20 69 6e 20 49 53 2d 49 53 00 45 6e 61 62 6c 65 20 49 53 2d 49 53 20 77 69 74	tively.in.IS-IS.Enable.IS-IS.wit
31780	68 20 53 65 67 6d 65 6e 74 20 52 6f 75 74 69 6e 67 20 28 45 78 70 65 72 69 6d 65 6e 74 61 6c 29	h.Segment.Routing.(Experimental)
317a0	00 45 6e 61 62 6c 65 20 4c 2d 53 49 47 20 54 58 4f 50 20 70 72 6f 74 65 63 74 69 6f 6e 20 63 61	.Enable.L-SIG.TXOP.protection.ca
317c0	70 61 62 69 6c 69 74 79 00 45 6e 61 62 6c 65 20 4c 44 50 43 20 28 4c 6f 77 20 44 65 6e 73 69 74	pability.Enable.LDPC.(Low.Densit
317e0	79 20 50 61 72 69 74 79 20 43 68 65 63 6b 29 20 63 6f 64 69 6e 67 20 63 61 70 61 62 69 6c 69 74	y.Parity.Check).coding.capabilit
31800	79 00 45 6e 61 62 6c 65 20 4c 44 50 43 20 63 6f 64 69 6e 67 20 63 61 70 61 62 69 6c 69 74 79 00	y.Enable.LDPC.coding.capability.
31820	45 6e 61 62 6c 65 20 4c 4c 44 50 20 73 65 72 76 69 63 65 00 45 6e 61 62 6c 65 20 4f 53 50 46 00	Enable.LLDP.service.Enable.OSPF.
31840	45 6e 61 62 6c 65 20 4f 53 50 46 20 61 6e 64 20 49 47 50 2d 4c 44 50 20 73 79 6e 63 68 72 6f 6e	Enable.OSPF.and.IGP-LDP.synchron
31860	69 7a 61 74 69 6f 6e 3a 00 45 6e 61 62 6c 65 20 4f 53 50 46 20 77 69 74 68 20 53 65 67 6d 65 6e	ization:.Enable.OSPF.with.Segmen
31880	74 20 52 6f 75 74 69 6e 67 20 28 45 78 70 65 72 69 6d 65 6e 74 61 6c 29 3a 00 45 6e 61 62 6c 65	t.Routing.(Experimental):.Enable
318a0	20 4f 53 50 46 20 77 69 74 68 20 72 6f 75 74 65 20 72 65 64 69 73 74 72 69 62 75 74 69 6f 6e 20	.OSPF.with.route.redistribution.
318c0	6f 66 20 74 68 65 20 6c 6f 6f 70 62 61 63 6b 20 61 6e 64 20 64 65 66 61 75 6c 74 20 6f 72 69 67	of.the.loopback.and.default.orig
318e0	69 6e 61 74 65 3a 00 45 6e 61 62 6c 65 20 4f 54 50 20 32 46 41 20 66 6f 72 20 75 73 65 72 20 60	inate:.Enable.OTP.2FA.for.user.`
31900	75 73 65 72 6e 61 6d 65 60 20 77 69 74 68 20 64 65 66 61 75 6c 74 20 73 65 74 74 69 6e 67 73 2c	username`.with.default.settings,
31920	20 75 73 69 6e 67 20 74 68 65 20 42 41 53 45 33 32 20 65 6e 63 6f 64 65 64 20 32 46 41 2f 4d 46	.using.the.BASE32.encoded.2FA/MF
31940	41 20 6b 65 79 20 73 70 65 63 69 66 69 65 64 20 62 79 20 60 3c 6b 65 79 3e 60 2e 00 45 6e 61 62	A.key.specified.by.`<key>`..Enab
31960	6c 65 20 4f 70 65 6e 56 50 4e 20 44 61 74 61 20 43 68 61 6e 6e 65 6c 20 4f 66 66 6c 6f 61 64 20	le.OpenVPN.Data.Channel.Offload.
31980	66 65 61 74 75 72 65 20 62 79 20 6c 6f 61 64 69 6e 67 20 74 68 65 20 61 70 70 72 6f 70 72 69 61	feature.by.loading.the.appropria
319a0	74 65 20 6b 65 72 6e 65 6c 20 6d 6f 64 75 6c 65 2e 00 45 6e 61 62 6c 65 20 53 4e 4d 50 20 71 75	te.kernel.module..Enable.SNMP.qu
319c0	65 72 69 65 73 20 6f 66 20 74 68 65 20 4c 4c 44 50 20 64 61 74 61 62 61 73 65 00 45 6e 61 62 6c	eries.of.the.LLDP.database.Enabl
319e0	65 20 53 54 50 00 45 6e 61 62 6c 65 20 54 46 54 50 20 73 65 72 76 69 63 65 20 62 79 20 73 70 65	e.STP.Enable.TFTP.service.by.spe
31a00	63 69 66 79 69 6e 67 20 74 68 65 20 60 3c 64 69 72 65 63 74 6f 72 79 3e 60 20 77 68 69 63 68 20	cifying.the.`<directory>`.which.
31a20	77 69 6c 6c 20 62 65 20 75 73 65 64 20 74 6f 20 73 65 72 76 65 20 66 69 6c 65 73 2e 00 45 6e 61	will.be.used.to.serve.files..Ena
31a40	62 6c 65 20 56 48 54 20 54 58 4f 50 20 50 6f 77 65 72 20 53 61 76 65 20 4d 6f 64 65 00 45 6e 61	ble.VHT.TXOP.Power.Save.Mode.Ena
31a60	62 6c 65 20 56 4c 41 4e 2d 41 77 61 72 65 20 42 72 69 64 67 65 00 45 6e 61 62 6c 65 20 63 72 65	ble.VLAN-Aware.Bridge.Enable.cre
31a80	61 74 69 6f 6e 20 6f 66 20 73 68 6f 72 74 63 75 74 20 72 6f 75 74 65 73 2e 00 45 6e 61 62 6c 65	ation.of.shortcut.routes..Enable
31aa0	20 64 69 66 66 65 72 65 6e 74 20 74 79 70 65 73 20 6f 66 20 68 61 72 64 77 61 72 65 20 6f 66 66	.different.types.of.hardware.off
31ac0	6c 6f 61 64 69 6e 67 20 6f 6e 20 74 68 65 20 67 69 76 65 6e 20 4e 49 43 2e 00 45 6e 61 62 6c 65	loading.on.the.given.NIC..Enable
31ae0	20 67 69 76 65 6e 20 6c 65 67 61 63 79 20 70 72 6f 74 6f 63 6f 6c 20 6f 6e 20 74 68 69 73 20 4c	.given.legacy.protocol.on.this.L
31b00	4c 44 50 20 69 6e 73 74 61 6e 63 65 2e 20 4c 65 67 61 63 79 20 70 72 6f 74 6f 63 6f 6c 73 20 69	LDP.instance..Legacy.protocols.i
31b20	6e 63 6c 75 64 65 3a 00 45 6e 61 62 6c 65 20 6c 61 79 65 72 20 37 20 48 54 54 50 20 68 65 61 6c	nclude:.Enable.layer.7.HTTP.heal
31b40	74 68 20 63 68 65 63 6b 00 45 6e 61 62 6c 65 20 6f 72 20 44 69 73 61 62 6c 65 20 56 79 4f 53 20	th.check.Enable.or.Disable.VyOS.
31b60	74 6f 20 62 65 20 3a 72 66 63 3a 60 31 33 33 37 60 20 63 6f 6e 66 6f 72 6d 2e 20 54 68 65 20 66	to.be.:rfc:`1337`.conform..The.f
31b80	6f 6c 6c 6f 77 69 6e 67 20 73 79 73 74 65 6d 20 70 61 72 61 6d 65 74 65 72 20 77 69 6c 6c 20 62	ollowing.system.parameter.will.b
31ba0	65 20 61 6c 74 65 72 65 64 3a 00 45 6e 61 62 6c 65 20 6f 72 20 44 69 73 61 62 6c 65 20 69 66 20	e.altered:.Enable.or.Disable.if.
31bc0	56 79 4f 53 20 75 73 65 20 49 50 76 34 20 54 43 50 20 53 59 4e 20 43 6f 6f 6b 69 65 73 2e 20 54	VyOS.use.IPv4.TCP.SYN.Cookies..T
31be0	68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 73 79 73 74 65 6d 20 70 61 72 61 6d 65 74 65 72 20 77 69	he.following.system.parameter.wi
31c00	6c 6c 20 62 65 20 61 6c 74 65 72 65 64 3a 00 45 6e 61 62 6c 65 20 6f 72 20 64 69 73 61 62 6c 65	ll.be.altered:.Enable.or.disable
31c20	20 6c 6f 67 67 69 6e 67 20 66 6f 72 20 74 68 65 20 6d 61 74 63 68 65 64 20 70 61 63 6b 65 74 2e	.logging.for.the.matched.packet.
31c40	00 45 6e 61 62 6c 65 20 6f 73 70 66 20 6f 6e 20 61 6e 20 69 6e 74 65 72 66 61 63 65 20 61 6e 64	.Enable.ospf.on.an.interface.and
31c60	20 73 65 74 20 61 73 73 6f 63 69 61 74 65 64 20 61 72 65 61 2e 00 45 6e 61 62 6c 65 20 70 6f 6c	.set.associated.area..Enable.pol
31c80	69 63 79 20 66 6f 72 20 73 6f 75 72 63 65 20 76 61 6c 69 64 61 74 69 6f 6e 20 62 79 20 72 65 76	icy.for.source.validation.by.rev
31ca0	65 72 73 65 64 20 70 61 74 68 2c 20 61 73 20 73 70 65 63 69 66 69 65 64 20 69 6e 20 3a 72 66 63	ersed.path,.as.specified.in.:rfc
31cc0	3a 60 33 37 30 34 60 2e 20 43 75 72 72 65 6e 74 20 72 65 63 6f 6d 6d 65 6e 64 65 64 20 70 72 61	:`3704`..Current.recommended.pra
31ce0	63 74 69 63 65 20 69 6e 20 3a 72 66 63 3a 60 33 37 30 34 60 20 69 73 20 74 6f 20 65 6e 61 62 6c	ctice.in.:rfc:`3704`.is.to.enabl
31d00	65 20 73 74 72 69 63 74 20 6d 6f 64 65 20 74 6f 20 70 72 65 76 65 6e 74 20 49 50 20 73 70 6f 6f	e.strict.mode.to.prevent.IP.spoo
31d20	66 69 6e 67 20 66 72 6f 6d 20 44 44 6f 73 20 61 74 74 61 63 6b 73 2e 20 49 66 20 75 73 69 6e 67	fing.from.DDos.attacks..If.using
31d40	20 61 73 79 6d 6d 65 74 72 69 63 20 72 6f 75 74 69 6e 67 20 6f 72 20 6f 74 68 65 72 20 63 6f 6d	.asymmetric.routing.or.other.com
31d60	70 6c 69 63 61 74 65 64 20 72 6f 75 74 69 6e 67 2c 20 74 68 65 6e 20 6c 6f 6f 73 65 20 6d 6f 64	plicated.routing,.then.loose.mod
31d80	65 20 69 73 20 72 65 63 6f 6d 6d 65 6e 64 65 64 2e 00 45 6e 61 62 6c 65 20 72 65 63 65 69 76 69	e.is.recommended..Enable.receivi
31da0	6e 67 20 50 50 44 55 20 75 73 69 6e 67 20 53 54 42 43 20 28 53 70 61 63 65 20 54 69 6d 65 20 42	ng.PPDU.using.STBC.(Space.Time.B
31dc0	6c 6f 63 6b 20 43 6f 64 69 6e 67 29 00 45 6e 61 62 6c 65 20 73 61 6d 70 6c 69 6e 67 20 6f 66 20	lock.Coding).Enable.sampling.of.
31de0	70 61 63 6b 65 74 73 2c 20 77 68 69 63 68 20 77 69 6c 6c 20 62 65 20 74 72 61 6e 73 6d 69 74 74	packets,.which.will.be.transmitt
31e00	65 64 20 74 6f 20 73 46 6c 6f 77 20 63 6f 6c 6c 65 63 74 6f 72 73 2e 00 45 6e 61 62 6c 65 20 73	ed.to.sFlow.collectors..Enable.s
31e20	65 6e 64 69 6e 67 20 50 50 44 55 20 75 73 69 6e 67 20 53 54 42 43 20 28 53 70 61 63 65 20 54 69	ending.PPDU.using.STBC.(Space.Ti
31e40	6d 65 20 42 6c 6f 63 6b 20 43 6f 64 69 6e 67 29 00 45 6e 61 62 6c 65 20 73 65 6e 64 69 6e 67 20	me.Block.Coding).Enable.sending.
31e60	6f 66 20 43 69 73 63 6f 20 73 74 79 6c 65 20 4e 48 52 50 20 54 72 61 66 66 69 63 20 49 6e 64 69	of.Cisco.style.NHRP.Traffic.Indi
31e80	63 61 74 69 6f 6e 20 70 61 63 6b 65 74 73 2e 20 49 66 20 74 68 69 73 20 69 73 20 65 6e 61 62 6c	cation.packets..If.this.is.enabl
31ea0	65 64 20 61 6e 64 20 6f 70 65 6e 6e 68 72 70 20 64 65 74 65 63 74 73 20 61 20 66 6f 72 77 61 72	ed.and.opennhrp.detects.a.forwar
31ec0	64 65 64 20 20 70 61 63 6b 65 74 2c 20 69 74 20 77 69 6c 6c 20 73 65 6e 64 20 61 20 6d 65 73 73	ded..packet,.it.will.send.a.mess
31ee0	61 67 65 20 74 6f 20 74 68 65 20 6f 72 69 67 69 6e 61 6c 20 73 65 6e 64 65 72 20 6f 66 20 74 68	age.to.the.original.sender.of.th
31f00	65 20 70 61 63 6b 65 74 20 69 6e 73 74 72 75 63 74 69 6e 67 20 69 74 20 74 6f 20 63 72 65 61 74	e.packet.instructing.it.to.creat
31f20	65 20 61 20 64 69 72 65 63 74 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 77 69 74 68 20 74 68 65 20 64	e.a.direct.connection.with.the.d
31f40	65 73 74 69 6e 61 74 69 6f 6e 2e 20 54 68 69 73 20 69 73 20 62 61 73 69 63 61 6c 6c 79 20 61 20	estination..This.is.basically.a.
31f60	70 72 6f 74 6f 63 6f 6c 20 69 6e 64 65 70 65 6e 64 65 6e 74 20 65 71 75 69 76 61 6c 65 6e 74 20	protocol.independent.equivalent.
31f80	6f 66 20 49 43 4d 50 20 72 65 64 69 72 65 63 74 2e 00 45 6e 61 62 6c 65 20 73 70 61 6e 6e 69 6e	of.ICMP.redirect..Enable.spannin
31fa0	67 20 74 72 65 65 20 70 72 6f 74 6f 63 6f 6c 2e 20 53 54 50 20 69 73 20 64 69 73 61 62 6c 65 64	g.tree.protocol..STP.is.disabled
31fc0	20 62 79 20 64 65 66 61 75 6c 74 2e 00 45 6e 61 62 6c 65 20 74 68 65 20 4f 70 61 71 75 65 2d 4c	.by.default..Enable.the.Opaque-L
31fe0	53 41 20 63 61 70 61 62 69 6c 69 74 79 20 28 72 66 63 32 33 37 30 29 2c 20 6e 65 63 65 73 73 61	SA.capability.(rfc2370),.necessa
32000	72 79 20 74 6f 20 74 72 61 6e 73 70 6f 72 74 20 6c 61 62 65 6c 20 6f 6e 20 49 47 50 00 45 6e 61	ry.to.transport.label.on.IGP.Ena
32020	62 6c 65 20 74 68 69 73 20 66 65 61 74 75 72 65 20 63 61 75 73 65 73 20 61 6e 20 69 6e 74 65 72	ble.this.feature.causes.an.inter
32040	66 61 63 65 20 72 65 73 65 74 2e 00 45 6e 61 62 6c 65 20 74 72 61 6e 73 6d 69 73 73 69 6f 6e 20	face.reset..Enable.transmission.
32060	6f 66 20 4c 4c 44 50 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 6f 6e 20 67 69 76 65 6e 20 60 3c 69	of.LLDP.information.on.given.`<i
32080	6e 74 65 72 66 61 63 65 3e 60 2e 20 59 6f 75 20 63 61 6e 20 61 6c 73 6f 20 73 61 79 20 60 60 61	nterface>`..You.can.also.say.``a
320a0	6c 6c 60 60 20 68 65 72 65 20 73 6f 20 4c 4c 44 50 20 69 73 20 74 75 72 6e 65 64 20 6f 6e 20 6f	ll``.here.so.LLDP.is.turned.on.o
320c0	6e 20 65 76 65 72 79 20 69 6e 74 65 72 66 61 63 65 2e 00 45 6e 61 62 6c 65 64 20 6f 6e 2d 64 65	n.every.interface..Enabled.on-de
320e0	6d 61 6e 64 20 50 50 50 6f 45 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 62 72 69 6e 67 20 75 70 20	mand.PPPoE.connections.bring.up.
32100	74 68 65 20 6c 69 6e 6b 20 6f 6e 6c 79 20 77 68 65 6e 20 74 72 61 66 66 69 63 20 6e 65 65 64 73	the.link.only.when.traffic.needs
32120	20 74 6f 20 70 61 73 73 20 74 68 69 73 20 6c 69 6e 6b 2e 20 20 49 66 20 74 68 65 20 6c 69 6e 6b	.to.pass.this.link...If.the.link
32140	20 66 61 69 6c 73 20 66 6f 72 20 61 6e 79 20 72 65 61 73 6f 6e 2c 20 74 68 65 20 6c 69 6e 6b 20	.fails.for.any.reason,.the.link.
32160	69 73 20 62 72 6f 75 67 68 74 20 62 61 63 6b 20 75 70 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79	is.brought.back.up.automatically
32180	20 6f 6e 63 65 20 74 72 61 66 66 69 63 20 70 61 73 73 65 73 20 74 68 65 20 69 6e 74 65 72 66 61	.once.traffic.passes.the.interfa
321a0	63 65 20 61 67 61 69 6e 2e 20 49 66 20 79 6f 75 20 63 6f 6e 66 69 67 75 72 65 20 61 6e 20 6f 6e	ce.again..If.you.configure.an.on
321c0	2d 64 65 6d 61 6e 64 20 50 50 50 6f 45 20 63 6f 6e 6e 65 63 74 69 6f 6e 2c 20 79 6f 75 20 6d 75	-demand.PPPoE.connection,.you.mu
321e0	73 74 20 61 6c 73 6f 20 63 6f 6e 66 69 67 75 72 65 20 74 68 65 20 69 64 6c 65 20 74 69 6d 65 6f	st.also.configure.the.idle.timeo
32200	75 74 20 70 65 72 69 6f 64 2c 20 61 66 74 65 72 20 77 68 69 63 68 20 61 6e 20 69 64 6c 65 20 50	ut.period,.after.which.an.idle.P
32220	50 50 6f 45 20 6c 69 6e 6b 20 77 69 6c 6c 20 62 65 20 64 69 73 63 6f 6e 6e 65 63 74 65 64 2e 20	PPoE.link.will.be.disconnected..
32240	41 20 6e 6f 6e 2d 7a 65 72 6f 20 69 64 6c 65 20 74 69 6d 65 6f 75 74 20 77 69 6c 6c 20 6e 65 76	A.non-zero.idle.timeout.will.nev
32260	65 72 20 64 69 73 63 6f 6e 6e 65 63 74 20 74 68 65 20 6c 69 6e 6b 20 61 66 74 65 72 20 69 74 20	er.disconnect.the.link.after.it.
32280	66 69 72 73 74 20 63 61 6d 65 20 75 70 2e 00 45 6e 61 62 6c 65 73 20 43 69 73 63 6f 20 73 74 79	first.came.up..Enables.Cisco.sty
322a0	6c 65 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 6f 6e 20 4e 48 52 50 20 70 61 63 6b 65 74	le.authentication.on.NHRP.packet
322c0	73 2e 20 54 68 69 73 20 65 6d 62 65 64 73 20 74 68 65 20 73 65 63 72 65 74 20 70 6c 61 69 6e 74	s..This.embeds.the.secret.plaint
322e0	65 78 74 20 70 61 73 73 77 6f 72 64 20 74 6f 20 74 68 65 20 6f 75 74 67 6f 69 6e 67 20 4e 48 52	ext.password.to.the.outgoing.NHR
32300	50 20 70 61 63 6b 65 74 73 2e 20 49 6e 63 6f 6d 69 6e 67 20 4e 48 52 50 20 70 61 63 6b 65 74 73	P.packets..Incoming.NHRP.packets
32320	20 6f 6e 20 74 68 69 73 20 69 6e 74 65 72 66 61 63 65 20 61 72 65 20 64 69 73 63 61 72 64 65 64	.on.this.interface.are.discarded
32340	20 75 6e 6c 65 73 73 20 74 68 65 20 73 65 63 72 65 74 20 70 61 73 73 77 6f 72 64 20 69 73 20 70	.unless.the.secret.password.is.p
32360	72 65 73 65 6e 74 2e 20 4d 61 78 69 6d 75 6d 20 6c 65 6e 67 74 68 20 6f 66 20 74 68 65 20 73 65	resent..Maximum.length.of.the.se
32380	63 72 65 74 20 69 73 20 38 20 63 68 61 72 61 63 74 65 72 73 2e 00 45 6e 61 62 6c 65 73 20 61 6e	cret.is.8.characters..Enables.an
323a0	20 4d 50 4c 53 20 6c 61 62 65 6c 20 74 6f 20 62 65 20 61 74 74 61 63 68 65 64 20 74 6f 20 61 20	.MPLS.label.to.be.attached.to.a.
323c0	72 6f 75 74 65 20 65 78 70 6f 72 74 65 64 20 66 72 6f 6d 20 74 68 65 20 63 75 72 72 65 6e 74 20	route.exported.from.the.current.
323e0	75 6e 69 63 61 73 74 20 56 52 46 20 74 6f 20 56 50 4e 2e 20 49 66 20 74 68 65 20 76 61 6c 75 65	unicast.VRF.to.VPN..If.the.value
32400	20 73 70 65 63 69 66 69 65 64 20 69 73 20 61 75 74 6f 2c 20 74 68 65 20 6c 61 62 65 6c 20 76 61	.specified.is.auto,.the.label.va
32420	6c 75 65 20 69 73 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 61 73 73 69 67 6e 65 64 20 66 72	lue.is.automatically.assigned.fr
32440	6f 6d 20 61 20 70 6f 6f 6c 20 6d 61 69 6e 74 61 69 6e 65 64 2e 00 45 6e 61 62 6c 65 73 20 62 61	om.a.pool.maintained..Enables.ba
32460	6e 64 77 69 64 74 68 20 73 68 61 70 69 6e 67 20 76 69 61 20 52 41 44 49 55 53 2e 00 45 6e 61 62	ndwidth.shaping.via.RADIUS..Enab
32480	6c 65 73 20 69 6d 70 6f 72 74 20 6f 72 20 65 78 70 6f 72 74 20 6f 66 20 72 6f 75 74 65 73 20 62	les.import.or.export.of.routes.b
324a0	65 74 77 65 65 6e 20 74 68 65 20 63 75 72 72 65 6e 74 20 75 6e 69 63 61 73 74 20 56 52 46 20 61	etween.the.current.unicast.VRF.a
324c0	6e 64 20 56 50 4e 2e 00 45 6e 61 62 6c 65 73 20 74 68 65 20 65 63 68 6f 20 74 72 61 6e 73 6d 69	nd.VPN..Enables.the.echo.transmi
324e0	73 73 69 6f 6e 20 6d 6f 64 65 00 45 6e 61 62 6c 69 6e 67 20 41 64 76 65 72 74 69 73 6d 65 6e 74	ssion.mode.Enabling.Advertisment
32500	73 00 45 6e 61 62 6c 69 6e 67 20 4f 70 65 6e 56 50 4e 20 44 43 4f 00 45 6e 61 62 6c 69 6e 67 20	s.Enabling.OpenVPN.DCO.Enabling.
32520	53 53 48 20 6f 6e 6c 79 20 72 65 71 75 69 72 65 73 20 79 6f 75 20 74 6f 20 73 70 65 63 69 66 79	SSH.only.requires.you.to.specify
32540	20 74 68 65 20 70 6f 72 74 20 60 60 3c 70 6f 72 74 3e 60 60 20 79 6f 75 20 77 61 6e 74 20 53 53	.the.port.``<port>``.you.want.SS
32560	48 20 74 6f 20 6c 69 73 74 65 6e 20 6f 6e 2e 20 42 79 20 64 65 66 61 75 6c 74 2c 20 53 53 48 20	H.to.listen.on..By.default,.SSH.
32580	72 75 6e 73 20 6f 6e 20 70 6f 72 74 20 32 32 2e 00 45 6e 61 62 6c 69 6e 67 20 74 68 69 73 20 66	runs.on.port.22..Enabling.this.f
325a0	75 6e 63 74 69 6f 6e 20 69 6e 63 72 65 61 73 65 73 20 74 68 65 20 72 69 73 6b 20 6f 66 20 62 61	unction.increases.the.risk.of.ba
325c0	6e 64 77 69 64 74 68 20 73 61 74 75 72 61 74 69 6f 6e 2e 00 45 6e 66 6f 72 63 65 20 73 74 72 69	ndwidth.saturation..Enforce.stri
325e0	63 74 20 70 61 74 68 20 63 68 65 63 6b 69 6e 67 00 45 6e 73 6c 61 76 65 20 60 3c 6d 65 6d 62 65	ct.path.checking.Enslave.`<membe
32600	72 3e 60 20 69 6e 74 65 72 66 61 63 65 20 74 6f 20 62 6f 6e 64 20 60 3c 69 6e 74 65 72 66 61 63	r>`.interface.to.bond.`<interfac
32620	65 3e 60 2e 00 45 6e 73 75 72 65 20 74 68 61 74 20 77 68 65 6e 20 63 6f 6d 70 61 72 69 6e 67 20	e>`..Ensure.that.when.comparing.
32640	72 6f 75 74 65 73 20 77 68 65 72 65 20 62 6f 74 68 20 61 72 65 20 65 71 75 61 6c 20 6f 6e 20 6d	routes.where.both.are.equal.on.m
32660	6f 73 74 20 6d 65 74 72 69 63 73 2c 20 69 6e 63 6c 75 64 69 6e 67 20 6c 6f 63 61 6c 2d 70 72 65	ost.metrics,.including.local-pre
32680	66 2c 20 41 53 5f 50 41 54 48 20 6c 65 6e 67 74 68 2c 20 49 47 50 20 63 6f 73 74 2c 20 4d 45 44	f,.AS_PATH.length,.IGP.cost,.MED
326a0	2c 20 74 68 61 74 20 74 68 65 20 74 69 65 20 69 73 20 62 72 6f 6b 65 6e 20 62 61 73 65 64 20 6f	,.that.the.tie.is.broken.based.o
326c0	6e 20 72 6f 75 74 65 72 2d 49 44 2e 00 45 6e 74 65 72 70 72 69 73 65 20 69 6e 73 74 61 6c 6c 61	n.router-ID..Enterprise.installa
326e0	74 69 6f 6e 73 20 75 73 75 61 6c 6c 79 20 73 68 69 70 20 61 20 6b 69 6e 64 20 6f 66 20 64 69 72	tions.usually.ship.a.kind.of.dir
32700	65 63 74 6f 72 79 20 73 65 72 76 69 63 65 20 77 68 69 63 68 20 69 73 20 75 73 65 64 20 74 6f 20	ectory.service.which.is.used.to.
32720	68 61 76 65 20 61 20 73 69 6e 67 6c 65 20 70 61 73 73 77 6f 72 64 20 73 74 6f 72 65 20 66 6f 72	have.a.single.password.store.for
32740	20 61 6c 6c 20 65 6d 70 6c 6f 79 65 65 73 2e 20 56 79 4f 53 20 61 6e 64 20 4f 70 65 6e 56 50 4e	.all.employees..VyOS.and.OpenVPN
32760	20 73 75 70 70 6f 72 74 20 75 73 69 6e 67 20 4c 44 41 50 2f 41 44 20 61 73 20 73 69 6e 67 6c 65	.support.using.LDAP/AD.as.single
32780	20 75 73 65 72 20 62 61 63 6b 65 6e 64 2e 00 45 72 69 63 73 73 6f 6e 20 63 61 6c 6c 20 69 74 20	.user.backend..Ericsson.call.it.
327a0	4d 41 43 2d 46 6f 72 63 65 64 20 46 6f 72 77 61 72 64 69 6e 67 20 28 52 46 43 20 44 72 61 66 74	MAC-Forced.Forwarding.(RFC.Draft
327c0	29 00 45 72 72 6f 72 00 45 72 72 6f 72 20 63 6f 6e 64 69 74 69 6f 6e 73 00 45 73 74 61 62 6c 69	).Error.Error.conditions.Establi
327e0	73 68 65 64 20 73 65 73 73 69 6f 6e 73 20 63 61 6e 20 62 65 20 76 69 65 77 65 64 20 75 73 69 6e	shed.sessions.can.be.viewed.usin
32800	67 20 74 68 65 20 2a 2a 73 68 6f 77 20 6c 32 74 70 2d 73 65 72 76 65 72 20 73 65 73 73 69 6f 6e	g.the.**show.l2tp-server.session
32820	73 2a 2a 20 6f 70 65 72 61 74 69 6f 6e 61 6c 20 63 6f 6d 6d 61 6e 64 00 45 74 68 65 72 6e 65 74	s**.operational.command.Ethernet
32840	00 45 74 68 65 72 6e 65 74 20 66 6c 6f 77 20 63 6f 6e 74 72 6f 6c 20 69 73 20 61 20 6d 65 63 68	.Ethernet.flow.control.is.a.mech
32860	61 6e 69 73 6d 20 66 6f 72 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 73 74 6f 70 70 69 6e 67 20 74	anism.for.temporarily.stopping.t
32880	68 65 20 74 72 61 6e 73 6d 69 73 73 69 6f 6e 20 6f 66 20 64 61 74 61 20 6f 6e 20 45 74 68 65 72	he.transmission.of.data.on.Ether
328a0	6e 65 74 20 66 61 6d 69 6c 79 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 73 2e 20 54 68	net.family.computer.networks..Th
328c0	65 20 67 6f 61 6c 20 6f 66 20 74 68 69 73 20 6d 65 63 68 61 6e 69 73 6d 20 69 73 20 74 6f 20 65	e.goal.of.this.mechanism.is.to.e
328e0	6e 73 75 72 65 20 7a 65 72 6f 20 70 61 63 6b 65 74 20 6c 6f 73 73 20 69 6e 20 74 68 65 20 70 72	nsure.zero.packet.loss.in.the.pr
32900	65 73 65 6e 63 65 20 6f 66 20 6e 65 74 77 6f 72 6b 20 63 6f 6e 67 65 73 74 69 6f 6e 2e 00 45 74	esence.of.network.congestion..Et
32920	68 65 72 6e 65 74 20 6f 70 74 69 6f 6e 73 00 45 76 65 6e 74 20 48 61 6e 64 6c 65 72 00 45 76 65	hernet.options.Event.Handler.Eve
32940	6e 74 20 48 61 6e 64 6c 65 72 20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 53 74 65 70 73 00 45	nt.Handler.Configuration.Steps.E
32960	76 65 6e 74 20 48 61 6e 64 6c 65 72 20 54 65 63 68 6e 6f 6c 6f 67 79 20 4f 76 65 72 76 69 65 77	vent.Handler.Technology.Overview
32980	00 45 76 65 6e 74 20 68 61 6e 64 6c 65 72 20 61 6c 6c 6f 77 73 20 79 6f 75 20 74 6f 20 65 78 65	.Event.handler.allows.you.to.exe
329a0	63 75 74 65 20 73 63 72 69 70 74 73 20 77 68 65 6e 20 61 20 73 74 72 69 6e 67 20 74 68 61 74 20	cute.scripts.when.a.string.that.
329c0	6d 61 74 63 68 65 73 20 61 20 72 65 67 65 78 20 6f 72 20 61 20 72 65 67 65 78 20 77 69 74 68 20	matches.a.regex.or.a.regex.with.
329e0	61 20 73 65 72 76 69 63 65 20 6e 61 6d 65 20 61 70 70 65 61 72 73 20 69 6e 20 6a 6f 75 72 6e 61	a.service.name.appears.in.journa
32a00	6c 64 20 6c 6f 67 73 2e 20 59 6f 75 20 63 61 6e 20 70 61 73 73 20 76 61 72 69 61 62 6c 65 73 2c	ld.logs..You.can.pass.variables,
32a20	20 61 72 67 75 6d 65 6e 74 73 2c 20 61 6e 64 20 61 20 66 75 6c 6c 20 6d 61 74 63 68 69 6e 67 20	.arguments,.and.a.full.matching.
32a40	73 74 72 69 6e 67 20 74 6f 20 74 68 65 20 73 63 72 69 70 74 2e 00 45 76 65 6e 74 20 68 61 6e 64	string.to.the.script..Event.hand
32a60	6c 65 72 20 73 63 72 69 70 74 00 45 76 65 6e 74 20 68 61 6e 64 6c 65 72 20 74 68 61 74 20 6d 6f	ler.script.Event.handler.that.mo
32a80	6e 69 74 6f 72 73 20 74 68 65 20 73 74 61 74 65 20 6f 66 20 69 6e 74 65 72 66 61 63 65 20 65 74	nitors.the.state.of.interface.et
32aa0	68 30 2e 00 45 76 65 72 79 20 4e 41 54 20 72 75 6c 65 20 68 61 73 20 61 20 74 72 61 6e 73 6c 61	h0..Every.NAT.rule.has.a.transla
32ac0	74 69 6f 6e 20 63 6f 6d 6d 61 6e 64 20 64 65 66 69 6e 65 64 2e 20 54 68 65 20 61 64 64 72 65 73	tion.command.defined..The.addres
32ae0	73 20 64 65 66 69 6e 65 64 20 66 6f 72 20 74 68 65 20 74 72 61 6e 73 6c 61 74 69 6f 6e 20 69 73	s.defined.for.the.translation.is
32b00	20 74 68 65 20 61 64 64 72 65 73 73 20 75 73 65 64 20 77 68 65 6e 20 74 68 65 20 61 64 64 72 65	.the.address.used.when.the.addre
32b20	73 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 69 6e 20 61 20 70 61 63 6b 65 74 20 69 73 20 72 65	ss.information.in.a.packet.is.re
32b40	70 6c 61 63 65 64 2e 00 45 76 65 72 79 20 53 4e 41 54 36 36 20 72 75 6c 65 20 68 61 73 20 61 20	placed..Every.SNAT66.rule.has.a.
32b60	74 72 61 6e 73 6c 61 74 69 6f 6e 20 63 6f 6d 6d 61 6e 64 20 64 65 66 69 6e 65 64 2e 20 54 68 65	translation.command.defined..The
32b80	20 70 72 65 66 69 78 20 64 65 66 69 6e 65 64 20 66 6f 72 20 74 68 65 20 74 72 61 6e 73 6c 61 74	.prefix.defined.for.the.translat
32ba0	69 6f 6e 20 69 73 20 74 68 65 20 70 72 65 66 69 78 20 75 73 65 64 20 77 68 65 6e 20 74 68 65 20	ion.is.the.prefix.used.when.the.
32bc0	61 64 64 72 65 73 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 69 6e 20 61 20 70 61 63 6b 65 74 20	address.information.in.a.packet.
32be0	69 73 20 72 65 70 6c 61 63 65 64 2e e3 80 81 00 45 76 65 72 79 20 53 53 48 20 6b 65 79 20 63 6f	is.replaced.....Every.SSH.key.co
32c00	6d 65 73 20 69 6e 20 74 68 72 65 65 20 70 61 72 74 73 3a 00 45 76 65 72 79 20 53 53 48 20 70 75	mes.in.three.parts:.Every.SSH.pu
32c20	62 6c 69 63 20 6b 65 79 20 70 6f 72 74 69 6f 6e 20 72 65 66 65 72 65 6e 63 65 64 20 62 79 20 60	blic.key.portion.referenced.by.`
32c40	3c 69 64 65 6e 74 69 66 69 65 72 3e 60 20 72 65 71 75 69 72 65 73 20 74 68 65 20 63 6f 6e 66 69	<identifier>`.requires.the.confi
32c60	67 75 72 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 60 3c 74 79 70 65 3e 60 20 6f 66 20 70 75 62 6c	guration.of.the.`<type>`.of.publ
32c80	69 63 2d 6b 65 79 20 75 73 65 64 2e 20 54 68 69 73 20 74 79 70 65 20 63 61 6e 20 62 65 20 61 6e	ic-key.used..This.type.can.be.an
32ca0	79 20 6f 66 3a 00 45 76 65 72 79 20 55 44 50 20 70 6f 72 74 20 77 68 69 63 68 20 77 69 6c 6c 20	y.of:.Every.UDP.port.which.will.
32cc0	62 65 20 66 6f 72 77 61 72 64 20 72 65 71 75 69 72 65 73 20 6f 6e 65 20 75 6e 69 71 75 65 20 49	be.forward.requires.one.unique.I
32ce0	44 2e 20 43 75 72 72 65 6e 74 6c 79 20 77 65 20 73 75 70 70 6f 72 74 20 39 39 20 49 44 73 21 00	D..Currently.we.support.99.IDs!.
32d00	45 76 65 72 79 20 56 69 72 74 75 61 6c 20 45 74 68 65 72 6e 65 74 20 69 6e 74 65 72 66 61 63 65	Every.Virtual.Ethernet.interface
32d20	73 20 62 65 68 61 76 65 73 20 6c 69 6b 65 20 61 20 72 65 61 6c 20 45 74 68 65 72 6e 65 74 20 69	s.behaves.like.a.real.Ethernet.i
32d40	6e 74 65 72 66 61 63 65 2e 20 54 68 65 79 20 63 61 6e 20 68 61 76 65 20 49 50 76 34 2f 49 50 76	nterface..They.can.have.IPv4/IPv
32d60	36 20 61 64 64 72 65 73 73 65 73 20 63 6f 6e 66 69 67 75 72 65 64 2c 20 6f 72 20 63 61 6e 20 72	6.addresses.configured,.or.can.r
32d80	65 71 75 65 73 74 20 61 64 64 72 65 73 73 65 73 20 62 79 20 44 48 43 50 2f 20 44 48 43 50 76 36	equest.addresses.by.DHCP/.DHCPv6
32da0	20 61 6e 64 20 61 72 65 20 61 73 73 6f 63 69 61 74 65 64 2f 6d 61 70 70 65 64 20 77 69 74 68 20	.and.are.associated/mapped.with.
32dc0	61 20 72 65 61 6c 20 65 74 68 65 72 6e 65 74 20 70 6f 72 74 2e 20 54 68 69 73 20 61 6c 73 6f 20	a.real.ethernet.port..This.also.
32de0	6d 61 6b 65 73 20 50 73 65 75 64 6f 2d 45 74 68 65 72 6e 65 74 20 69 6e 74 65 72 66 61 63 65 73	makes.Pseudo-Ethernet.interfaces
32e00	20 69 6e 74 65 72 65 73 74 69 6e 67 20 66 6f 72 20 74 65 73 74 69 6e 67 20 70 75 72 70 6f 73 65	.interesting.for.testing.purpose
32e20	73 2e 20 41 20 50 73 65 75 64 6f 2d 45 74 68 65 72 6e 65 74 20 64 65 76 69 63 65 20 77 69 6c 6c	s..A.Pseudo-Ethernet.device.will
32e40	20 69 6e 68 65 72 69 74 20 63 68 61 72 61 63 74 65 72 69 73 74 69 63 73 20 28 73 70 65 65 64 2c	.inherit.characteristics.(speed,
32e60	20 64 75 70 6c 65 78 2c 20 2e 2e 2e 29 20 66 72 6f 6d 20 69 74 73 20 70 68 79 73 69 63 61 6c 20	.duplex,....).from.its.physical.
32e80	70 61 72 65 6e 74 20 28 74 68 65 20 73 6f 20 63 61 6c 6c 65 64 20 6c 69 6e 6b 29 20 69 6e 74 65	parent.(the.so.called.link).inte
32ea0	72 66 61 63 65 2e 00 45 76 65 72 79 20 57 57 41 4e 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 72 65 71	rface..Every.WWAN.connection.req
32ec0	75 69 72 65 73 20 61 6e 20 3a 61 62 62 72 3a 60 41 50 4e 20 28 41 63 63 65 73 73 20 50 6f 69 6e	uires.an.:abbr:`APN.(Access.Poin
32ee0	74 20 4e 61 6d 65 29 60 20 77 68 69 63 68 20 69 73 20 75 73 65 64 20 62 79 20 74 68 65 20 63 6c	t.Name)`.which.is.used.by.the.cl
32f00	69 65 6e 74 20 74 6f 20 64 69 61 6c 20 69 6e 74 6f 20 74 68 65 20 49 53 50 73 20 6e 65 74 77 6f	ient.to.dial.into.the.ISPs.netwo
32f20	72 6b 2e 20 54 68 69 73 20 69 73 20 61 20 6d 61 6e 64 61 74 6f 72 79 20 70 61 72 61 6d 65 74 65	rk..This.is.a.mandatory.paramete
32f40	72 2e 20 43 6f 6e 74 61 63 74 20 79 6f 75 72 20 53 65 72 76 69 63 65 20 50 72 6f 76 69 64 65 72	r..Contact.your.Service.Provider
32f60	20 66 6f 72 20 63 6f 72 72 65 63 74 20 41 50 4e 2e 00 45 78 61 6d 70 6c 65 00 45 78 61 6d 70 6c	.for.correct.APN..Example.Exampl
32f80	65 20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 00 45 78 61 6d 70 6c 65 20 49 50 76 36 20 6f 6e 6c	e.Configuration.Example.IPv6.onl
32fa0	79 3a 00 45 78 61 6d 70 6c 65 20 4e 65 74 77 6f 72 6b 00 45 78 61 6d 70 6c 65 20 50 61 72 74 69	y:.Example.Network.Example.Parti
32fc0	61 6c 20 43 6f 6e 66 69 67 00 45 78 61 6d 70 6c 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20	al.Config.Example.configuration.
32fe0	66 6f 72 20 57 69 72 65 47 75 61 72 64 20 69 6e 74 65 72 66 61 63 65 73 3a 00 45 78 61 6d 70 6c	for.WireGuard.interfaces:.Exampl
33000	65 20 66 6f 72 20 63 68 61 6e 67 69 6e 67 20 72 61 74 65 2d 6c 69 6d 69 74 20 76 69 61 20 52 41	e.for.changing.rate-limit.via.RA
33020	44 49 55 53 20 43 6f 41 2e 00 45 78 61 6d 70 6c 65 20 66 6f 72 20 63 6f 6e 66 69 67 75 72 69 6e	DIUS.CoA..Example.for.configurin
33040	67 20 61 20 73 69 6d 70 6c 65 20 4c 32 54 50 20 6f 76 65 72 20 49 50 73 65 63 20 56 50 4e 20 66	g.a.simple.L2TP.over.IPsec.VPN.f
33060	6f 72 20 72 65 6d 6f 74 65 20 61 63 63 65 73 73 20 28 77 6f 72 6b 73 20 77 69 74 68 20 6e 61 74	or.remote.access.(works.with.nat
33080	69 76 65 20 57 69 6e 64 6f 77 73 20 61 6e 64 20 4d 61 63 20 56 50 4e 20 63 6c 69 65 6e 74 73 29	ive.Windows.and.Mac.VPN.clients)
330a0	3a 00 45 78 61 6d 70 6c 65 20 6f 66 20 72 65 64 69 72 65 63 74 69 6f 6e 3a 00 45 78 61 6d 70 6c	:.Example.of.redirection:.Exampl
330c0	65 2c 20 66 72 6f 6d 20 72 61 64 69 75 73 2d 73 65 72 76 65 72 20 73 65 6e 64 20 63 6f 6d 6d 61	e,.from.radius-server.send.comma
330e0	6e 64 20 66 6f 72 20 64 69 73 63 6f 6e 6e 65 63 74 20 63 6c 69 65 6e 74 20 77 69 74 68 20 75 73	nd.for.disconnect.client.with.us
33100	65 72 6e 61 6d 65 20 74 65 73 74 00 45 78 61 6d 70 6c 65 3a 00 45 78 61 6d 70 6c 65 3a 20 44 65	ername.test.Example:.Example:.De
33120	6c 65 67 61 74 65 20 61 20 2f 36 34 20 70 72 65 66 69 78 20 74 6f 20 69 6e 74 65 72 66 61 63 65	legate.a./64.prefix.to.interface
33140	20 65 74 68 38 20 77 68 69 63 68 20 77 69 6c 6c 20 75 73 65 20 61 20 6c 6f 63 61 6c 20 61 64 64	.eth8.which.will.use.a.local.add
33160	72 65 73 73 20 6f 6e 20 74 68 69 73 20 72 6f 75 74 65 72 20 6f 66 20 60 60 3c 70 72 65 66 69 78	ress.on.this.router.of.``<prefix
33180	3e 3a 3a 66 66 66 66 60 60 2c 20 61 73 20 74 68 65 20 61 64 64 72 65 73 73 20 36 35 35 33 34 20	>::ffff``,.as.the.address.65534.
331a0	77 69 6c 6c 20 63 6f 72 72 65 73 70 6f 6e 64 20 74 6f 20 60 60 66 66 66 66 60 60 20 69 6e 20 68	will.correspond.to.``ffff``.in.h
331c0	65 78 61 64 65 63 69 6d 61 6c 20 6e 6f 74 61 74 69 6f 6e 2e 00 45 78 61 6d 70 6c 65 3a 20 46 6f	exadecimal.notation..Example:.Fo
331e0	72 20 61 6e 20 7e 38 2c 30 30 30 20 68 6f 73 74 20 6e 65 74 77 6f 72 6b 20 61 20 73 6f 75 72 63	r.an.~8,000.host.network.a.sourc
33200	65 20 4e 41 54 20 70 6f 6f 6c 20 6f 66 20 33 32 20 49 50 20 61 64 64 72 65 73 73 65 73 20 69 73	e.NAT.pool.of.32.IP.addresses.is
33220	20 72 65 63 6f 6d 6d 65 6e 64 65 64 2e 00 45 78 61 6d 70 6c 65 3a 20 49 66 20 49 44 20 69 73 20	.recommended..Example:.If.ID.is.
33240	31 20 61 6e 64 20 74 68 65 20 63 6c 69 65 6e 74 20 69 73 20 64 65 6c 65 67 61 74 65 64 20 61 6e	1.and.the.client.is.delegated.an
33260	20 49 50 76 36 20 70 72 65 66 69 78 20 32 30 30 31 3a 64 62 38 3a 66 66 66 66 3a 3a 2f 34 38 2c	.IPv6.prefix.2001:db8:ffff::/48,
33280	20 64 68 63 70 36 63 20 77 69 6c 6c 20 63 6f 6d 62 69 6e 65 20 74 68 65 20 74 77 6f 20 76 61 6c	.dhcp6c.will.combine.the.two.val
332a0	75 65 73 20 69 6e 74 6f 20 61 20 73 69 6e 67 6c 65 20 49 50 76 36 20 70 72 65 66 69 78 2c 20 32	ues.into.a.single.IPv6.prefix,.2
332c0	30 30 31 3a 64 62 38 3a 66 66 66 66 3a 31 3a 3a 2f 36 34 2c 20 61 6e 64 20 77 69 6c 6c 20 63 6f	001:db8:ffff:1::/64,.and.will.co
332e0	6e 66 69 67 75 72 65 20 74 68 65 20 70 72 65 66 69 78 20 6f 6e 20 74 68 65 20 73 70 65 63 69 66	nfigure.the.prefix.on.the.specif
33300	69 65 64 20 69 6e 74 65 72 66 61 63 65 2e 00 45 78 61 6d 70 6c 65 3a 20 4d 69 72 72 6f 72 20 74	ied.interface..Example:.Mirror.t
33320	68 65 20 69 6e 62 6f 75 6e 64 20 74 72 61 66 66 69 63 20 6f 66 20 60 62 6f 6e 64 31 60 20 70 6f	he.inbound.traffic.of.`bond1`.po
33340	72 74 20 74 6f 20 60 65 74 68 33 60 00 45 78 61 6d 70 6c 65 3a 20 4d 69 72 72 6f 72 20 74 68 65	rt.to.`eth3`.Example:.Mirror.the
33360	20 69 6e 62 6f 75 6e 64 20 74 72 61 66 66 69 63 20 6f 66 20 60 62 72 31 60 20 70 6f 72 74 20 74	.inbound.traffic.of.`br1`.port.t
33380	6f 20 60 65 74 68 33 60 00 45 78 61 6d 70 6c 65 3a 20 4d 69 72 72 6f 72 20 74 68 65 20 69 6e 62	o.`eth3`.Example:.Mirror.the.inb
333a0	6f 75 6e 64 20 74 72 61 66 66 69 63 20 6f 66 20 60 65 74 68 31 60 20 70 6f 72 74 20 74 6f 20 60	ound.traffic.of.`eth1`.port.to.`
333c0	65 74 68 33 60 00 45 78 61 6d 70 6c 65 3a 20 4d 69 72 72 6f 72 20 74 68 65 20 6f 75 74 62 6f 75	eth3`.Example:.Mirror.the.outbou
333e0	6e 64 20 74 72 61 66 66 69 63 20 6f 66 20 60 62 6f 6e 64 31 60 20 70 6f 72 74 20 74 6f 20 60 65	nd.traffic.of.`bond1`.port.to.`e
33400	74 68 33 60 00 45 78 61 6d 70 6c 65 3a 20 4d 69 72 72 6f 72 20 74 68 65 20 6f 75 74 62 6f 75 6e	th3`.Example:.Mirror.the.outboun
33420	64 20 74 72 61 66 66 69 63 20 6f 66 20 60 62 72 31 60 20 70 6f 72 74 20 74 6f 20 60 65 74 68 33	d.traffic.of.`br1`.port.to.`eth3
33440	60 00 45 78 61 6d 70 6c 65 3a 20 4d 69 72 72 6f 72 20 74 68 65 20 6f 75 74 62 6f 75 6e 64 20 74	`.Example:.Mirror.the.outbound.t
33460	72 61 66 66 69 63 20 6f 66 20 60 65 74 68 31 60 20 70 6f 72 74 20 74 6f 20 60 65 74 68 33 60 00	raffic.of.`eth1`.port.to.`eth3`.
33480	45 78 61 6d 70 6c 65 3a 20 53 65 74 20 60 65 74 68 30 60 20 6d 65 6d 62 65 72 20 70 6f 72 74 20	Example:.Set.`eth0`.member.port.
334a0	74 6f 20 62 65 20 61 6c 6c 6f 77 65 64 20 56 4c 41 4e 20 34 00 45 78 61 6d 70 6c 65 3a 20 53 65	to.be.allowed.VLAN.4.Example:.Se
334c0	74 20 60 65 74 68 30 60 20 6d 65 6d 62 65 72 20 70 6f 72 74 20 74 6f 20 62 65 20 61 6c 6c 6f 77	t.`eth0`.member.port.to.be.allow
334e0	65 64 20 56 4c 41 4e 20 36 2d 38 00 45 78 61 6d 70 6c 65 3a 20 53 65 74 20 60 65 74 68 30 60 20	ed.VLAN.6-8.Example:.Set.`eth0`.
33500	6d 65 6d 62 65 72 20 70 6f 72 74 20 74 6f 20 62 65 20 6e 61 74 69 76 65 20 56 4c 41 4e 20 32 00	member.port.to.be.native.VLAN.2.
33520	45 78 61 6d 70 6c 65 3a 20 74 6f 20 62 65 20 61 70 70 65 6e 64 65 64 20 69 73 20 73 65 74 20 74	Example:.to.be.appended.is.set.t
33540	6f 20 60 60 76 79 6f 73 2e 6e 65 74 60 60 20 61 6e 64 20 74 68 65 20 55 52 4c 20 72 65 63 65 69	o.``vyos.net``.and.the.URL.recei
33560	76 65 64 20 69 73 20 60 60 77 77 77 2f 66 6f 6f 2e 68 74 6d 6c 60 60 2c 20 74 68 65 20 73 79 73	ved.is.``www/foo.html``,.the.sys
33580	74 65 6d 20 77 69 6c 6c 20 75 73 65 20 74 68 65 20 67 65 6e 65 72 61 74 65 64 2c 20 66 69 6e 61	tem.will.use.the.generated,.fina
335a0	6c 20 55 52 4c 20 6f 66 20 60 60 77 77 77 2e 76 79 6f 73 2e 6e 65 74 2f 66 6f 6f 2e 68 74 6d 6c	l.URL.of.``www.vyos.net/foo.html
335c0	60 60 2e 00 45 78 61 6d 70 6c 65 73 00 45 78 61 6d 70 6c 65 73 20 6f 66 20 70 6f 6c 69 63 69 65	``..Examples.Examples.of.policie
335e0	73 20 75 73 61 67 65 3a 00 45 78 61 6d 70 6c 65 73 3a 00 45 78 63 6c 75 64 65 20 49 50 20 61 64	s.usage:.Examples:.Exclude.IP.ad
33600	64 72 65 73 73 65 73 20 66 72 6f 6d 20 60 60 56 52 52 50 20 70 61 63 6b 65 74 73 60 60 2e 20 54	dresses.from.``VRRP.packets``..T
33620	68 69 73 20 6f 70 74 69 6f 6e 20 60 60 65 78 63 6c 75 64 65 64 2d 61 64 64 72 65 73 73 60 60 20	his.option.``excluded-address``.
33640	69 73 20 75 73 65 64 20 77 68 65 6e 20 79 6f 75 20 77 61 6e 74 20 74 6f 20 73 65 74 20 49 50 76	is.used.when.you.want.to.set.IPv
33660	34 20 2b 20 49 50 76 36 20 61 64 64 72 65 73 73 65 73 20 6f 6e 20 74 68 65 20 73 61 6d 65 20 76	4.+.IPv6.addresses.on.the.same.v
33680	69 72 74 75 61 6c 20 69 6e 74 65 72 66 61 63 65 20 6f 72 20 77 68 65 6e 20 75 73 65 64 20 6d 6f	irtual.interface.or.when.used.mo
336a0	72 65 20 74 68 61 6e 20 32 30 20 49 50 20 61 64 64 72 65 73 73 65 73 2e 00 45 78 63 6c 75 64 65	re.than.20.IP.addresses..Exclude
336c0	20 61 64 64 72 65 73 73 00 45 78 63 6c 75 64 65 20 74 72 61 66 66 69 63 00 45 78 69 74 20 70 6f	.address.Exclude.traffic.Exit.po
336e0	6c 69 63 79 20 6f 6e 20 6d 61 74 63 68 3a 20 67 6f 20 74 6f 20 6e 65 78 74 20 73 65 71 75 65 6e	licy.on.match:.go.to.next.sequen
33700	63 65 20 6e 75 6d 62 65 72 2e 00 45 78 69 74 20 70 6f 6c 69 63 79 20 6f 6e 20 6d 61 74 63 68 3a	ce.number..Exit.policy.on.match:
33720	20 67 6f 20 74 6f 20 72 75 6c 65 20 3c 31 2d 36 35 35 33 35 3e 00 45 78 70 65 64 69 74 65 64 20	.go.to.rule.<1-65535>.Expedited.
33740	66 6f 72 77 61 72 64 69 6e 67 20 28 45 46 29 00 45 78 70 6c 69 63 69 74 6c 79 20 64 65 63 6c 61	forwarding.(EF).Explicitly.decla
33760	72 65 20 49 44 20 66 6f 72 20 74 68 69 73 20 6d 69 6e 69 6f 6e 20 74 6f 20 75 73 65 20 28 64 65	re.ID.for.this.minion.to.use.(de
33780	66 61 75 6c 74 3a 20 68 6f 73 74 6e 61 6d 65 29 00 45 78 74 65 72 6e 61 6c 20 44 48 43 50 76 36	fault:.hostname).External.DHCPv6
337a0	20 73 65 72 76 65 72 20 69 73 20 61 74 20 32 30 30 31 3a 64 62 38 3a 3a 34 00 45 78 74 65 72 6e	.server.is.at.2001:db8::4.Extern
337c0	61 6c 20 52 6f 75 74 65 20 53 75 6d 6d 61 72 69 73 61 74 69 6f 6e 00 46 51 2d 43 6f 44 65 6c 00	al.Route.Summarisation.FQ-CoDel.
337e0	46 51 2d 43 6f 44 65 6c 20 66 69 67 68 74 73 20 62 75 66 66 65 72 62 6c 6f 61 74 20 61 6e 64 20	FQ-CoDel.fights.bufferbloat.and.
33800	72 65 64 75 63 65 73 20 6c 61 74 65 6e 63 79 20 77 69 74 68 6f 75 74 20 74 68 65 20 6e 65 65 64	reduces.latency.without.the.need
33820	20 6f 66 20 63 6f 6d 70 6c 65 78 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 73 2e 20 49 74 20 68	.of.complex.configurations..It.h
33840	61 73 20 62 65 63 6f 6d 65 20 74 68 65 20 6e 65 77 20 64 65 66 61 75 6c 74 20 51 75 65 75 65 69	as.become.the.new.default.Queuei
33860	6e 67 20 44 69 73 63 69 70 6c 69 6e 65 20 66 6f 72 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 73	ng.Discipline.for.the.interfaces
33880	20 6f 66 20 73 6f 6d 65 20 47 4e 55 2f 4c 69 6e 75 78 20 64 69 73 74 72 69 62 75 74 69 6f 6e 73	.of.some.GNU/Linux.distributions
338a0	2e 00 46 51 2d 43 6f 44 65 6c 20 69 73 20 62 61 73 65 64 20 6f 6e 20 61 20 6d 6f 64 69 66 69 65	..FQ-CoDel.is.based.on.a.modifie
338c0	64 20 44 65 66 69 63 69 74 20 52 6f 75 6e 64 20 52 6f 62 69 6e 20 28 44 52 52 5f 29 20 71 75 65	d.Deficit.Round.Robin.(DRR_).que
338e0	75 65 20 73 63 68 65 64 75 6c 65 72 20 77 69 74 68 20 74 68 65 20 43 6f 44 65 6c 20 41 63 74 69	ue.scheduler.with.the.CoDel.Acti
33900	76 65 20 51 75 65 75 65 20 4d 61 6e 61 67 65 6d 65 6e 74 20 28 41 51 4d 29 20 61 6c 67 6f 72 69	ve.Queue.Management.(AQM).algori
33920	74 68 6d 20 6f 70 65 72 61 74 69 6e 67 20 6f 6e 20 65 61 63 68 20 71 75 65 75 65 2e 00 46 51 2d	thm.operating.on.each.queue..FQ-
33940	43 6f 44 65 6c 20 69 73 20 74 75 6e 65 64 20 74 6f 20 72 75 6e 20 6f 6b 20 77 69 74 68 20 69 74	CoDel.is.tuned.to.run.ok.with.it
33960	73 20 64 65 66 61 75 6c 74 20 70 61 72 61 6d 65 74 65 72 73 20 61 74 20 31 30 47 62 69 74 20 73	s.default.parameters.at.10Gbit.s
33980	70 65 65 64 73 2e 20 49 74 20 6d 69 67 68 74 20 77 6f 72 6b 20 6f 6b 20 74 6f 6f 20 61 74 20 6f	peeds..It.might.work.ok.too.at.o
339a0	74 68 65 72 20 73 70 65 65 64 73 20 77 69 74 68 6f 75 74 20 63 6f 6e 66 69 67 75 72 69 6e 67 20	ther.speeds.without.configuring.
339c0	61 6e 79 74 68 69 6e 67 2c 20 62 75 74 20 68 65 72 65 20 77 65 20 77 69 6c 6c 20 65 78 70 6c 61	anything,.but.here.we.will.expla
339e0	69 6e 20 73 6f 6d 65 20 63 61 73 65 73 20 77 68 65 6e 20 79 6f 75 20 6d 69 67 68 74 20 77 61 6e	in.some.cases.when.you.might.wan
33a00	74 20 74 6f 20 74 75 6e 65 20 69 74 73 20 70 61 72 61 6d 65 74 65 72 73 2e 00 46 51 2d 43 6f 64	t.to.tune.its.parameters..FQ-Cod
33a20	65 6c 20 69 73 20 61 20 6e 6f 6e 2d 73 68 61 70 69 6e 67 20 28 77 6f 72 6b 2d 63 6f 6e 73 65 72	el.is.a.non-shaping.(work-conser
33a40	76 69 6e 67 29 20 70 6f 6c 69 63 79 2c 20 73 6f 20 69 74 20 77 69 6c 6c 20 6f 6e 6c 79 20 62 65	ving).policy,.so.it.will.only.be
33a60	20 75 73 65 66 75 6c 20 69 66 20 79 6f 75 72 20 6f 75 74 67 6f 69 6e 67 20 69 6e 74 65 72 66 61	.useful.if.your.outgoing.interfa
33a80	63 65 20 69 73 20 72 65 61 6c 6c 79 20 66 75 6c 6c 2e 20 49 66 20 69 74 20 69 73 20 6e 6f 74 2c	ce.is.really.full..If.it.is.not,
33aa0	20 56 79 4f 53 20 77 69 6c 6c 20 6e 6f 74 20 6f 77 6e 20 74 68 65 20 71 75 65 75 65 20 61 6e 64	.VyOS.will.not.own.the.queue.and
33ac0	20 46 51 2d 43 6f 64 65 6c 20 77 69 6c 6c 20 68 61 76 65 20 6e 6f 20 65 66 66 65 63 74 2e 20 49	.FQ-Codel.will.have.no.effect..I
33ae0	66 20 74 68 65 72 65 20 69 73 20 62 61 6e 64 77 69 64 74 68 20 61 76 61 69 6c 61 62 6c 65 20 6f	f.there.is.bandwidth.available.o
33b00	6e 20 74 68 65 20 70 68 79 73 69 63 61 6c 20 6c 69 6e 6b 2c 20 79 6f 75 20 63 61 6e 20 65 6d 62	n.the.physical.link,.you.can.emb
33b20	65 64 5f 20 46 51 2d 43 6f 64 65 6c 20 69 6e 74 6f 20 61 20 63 6c 61 73 73 66 75 6c 20 73 68 61	ed_.FQ-Codel.into.a.classful.sha
33b40	70 69 6e 67 20 70 6f 6c 69 63 79 20 74 6f 20 6d 61 6b 65 20 73 75 72 65 20 69 74 20 6f 77 6e 73	ping.policy.to.make.sure.it.owns
33b60	20 74 68 65 20 71 75 65 75 65 2e 20 49 66 20 79 6f 75 20 61 72 65 20 6e 6f 74 20 73 75 72 65 20	.the.queue..If.you.are.not.sure.
33b80	69 66 20 79 6f 75 20 6e 65 65 64 20 74 6f 20 65 6d 62 65 64 20 79 6f 75 72 20 46 51 2d 43 6f 44	if.you.need.to.embed.your.FQ-CoD
33ba0	65 6c 20 70 6f 6c 69 63 79 20 69 6e 74 6f 20 61 20 53 68 61 70 65 72 2c 20 64 6f 20 69 74 2e 00	el.policy.into.a.Shaper,.do.it..
33bc0	46 52 52 20 6f 66 66 65 72 73 20 6f 6e 6c 79 20 70 61 72 74 69 61 6c 20 73 75 70 70 6f 72 74 20	FRR.offers.only.partial.support.
33be0	66 6f 72 20 73 6f 6d 65 20 6f 66 20 74 68 65 20 72 6f 75 74 69 6e 67 20 70 72 6f 74 6f 63 6f 6c	for.some.of.the.routing.protocol
33c00	20 65 78 74 65 6e 73 69 6f 6e 73 20 74 68 61 74 20 61 72 65 20 75 73 65 64 20 77 69 74 68 20 4d	.extensions.that.are.used.with.M
33c20	50 4c 53 2d 54 45 3b 20 69 74 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 61 20 63 6f	PLS-TE;.it.does.not.support.a.co
33c40	6d 70 6c 65 74 65 20 52 53 56 50 2d 54 45 20 73 6f 6c 75 74 69 6f 6e 2e 00 46 52 52 20 73 75 70	mplete.RSVP-TE.solution..FRR.sup
33c60	70 6f 72 74 73 20 61 20 6e 65 77 20 77 61 79 20 6f 66 20 63 6f 6e 66 69 67 75 72 69 6e 67 20 56	ports.a.new.way.of.configuring.V
33c80	4c 41 4e 2d 74 6f 2d 56 4e 49 20 6d 61 70 70 69 6e 67 73 20 66 6f 72 20 45 56 50 4e 2d 56 58 4c	LAN-to-VNI.mappings.for.EVPN-VXL
33ca0	41 4e 2c 20 77 68 65 6e 20 77 6f 72 6b 69 6e 67 20 77 69 74 68 20 74 68 65 20 4c 69 6e 75 78 20	AN,.when.working.with.the.Linux.
33cc0	6b 65 72 6e 65 6c 2e 20 49 6e 20 74 68 69 73 20 6e 65 77 20 77 61 79 2c 20 74 68 65 20 6d 61 70	kernel..In.this.new.way,.the.map
33ce0	70 69 6e 67 20 6f 66 20 61 20 56 4c 41 4e 20 74 6f 20 61 20 3a 61 62 62 72 3a 60 56 4e 49 20 28	ping.of.a.VLAN.to.a.:abbr:`VNI.(
33d00	56 58 4c 41 4e 20 4e 65 74 77 6f 72 6b 20 49 64 65 6e 74 69 66 69 65 72 20 28 6f 72 20 56 58 4c	VXLAN.Network.Identifier.(or.VXL
33d20	41 4e 20 53 65 67 6d 65 6e 74 20 49 44 29 29 60 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61	AN.Segment.ID))`.is.configured.a
33d40	67 61 69 6e 73 74 20 61 20 63 6f 6e 74 61 69 6e 65 72 20 56 58 4c 41 4e 20 69 6e 74 65 72 66 61	gainst.a.container.VXLAN.interfa
33d60	63 65 20 77 68 69 63 68 20 69 73 20 72 65 66 65 72 72 65 64 20 74 6f 20 61 73 20 61 20 3a 61 62	ce.which.is.referred.to.as.a.:ab
33d80	62 72 3a 60 53 56 44 20 28 53 69 6e 67 6c 65 20 56 58 4c 41 4e 20 64 65 76 69 63 65 29 60 2e 00	br:`SVD.(Single.VXLAN.device)`..
33da0	46 54 50 20 64 61 65 6d 6f 6e 00 46 61 63 69 6c 69 74 69 65 73 00 46 61 63 69 6c 69 74 69 65 73	FTP.daemon.Facilities.Facilities
33dc0	20 63 61 6e 20 62 65 20 61 64 6a 75 73 74 65 64 20 74 6f 20 6d 65 65 74 20 74 68 65 20 6e 65 65	.can.be.adjusted.to.meet.the.nee
33de0	64 73 20 6f 66 20 74 68 65 20 75 73 65 72 3a 00 46 61 63 69 6c 69 74 79 20 43 6f 64 65 00 46 61	ds.of.the.user:.Facility.Code.Fa
33e00	69 6c 6f 76 65 72 00 46 61 69 6c 6f 76 65 72 20 52 6f 75 74 65 73 00 46 61 69 6c 6f 76 65 72 20	ilover.Failover.Routes.Failover.
33e20	6d 65 63 68 61 6e 69 73 6d 20 74 6f 20 75 73 65 20 66 6f 72 20 63 6f 6e 6e 74 72 61 63 6b 2d 73	mechanism.to.use.for.conntrack-s
33e40	79 6e 63 2e 00 46 61 69 6c 6f 76 65 72 20 72 6f 75 74 65 73 20 61 72 65 20 6d 61 6e 75 61 6c 6c	ync..Failover.routes.are.manuall
33e60	79 20 63 6f 6e 66 69 67 75 72 65 64 20 72 6f 75 74 65 73 2c 20 62 75 74 20 74 68 65 79 20 69 6e	y.configured.routes,.but.they.in
33e80	73 74 61 6c 6c 20 74 6f 20 74 68 65 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 20 69 66 20 74 68	stall.to.the.routing.table.if.th
33ea0	65 20 68 65 61 6c 74 68 2d 63 68 65 63 6b 20 74 61 72 67 65 74 20 69 73 20 61 6c 69 76 65 2e 20	e.health-check.target.is.alive..
33ec0	49 66 20 74 68 65 20 74 61 72 67 65 74 20 69 73 20 6e 6f 74 20 61 6c 69 76 65 20 74 68 65 20 72	If.the.target.is.not.alive.the.r
33ee0	6f 75 74 65 20 69 73 20 72 65 6d 6f 76 65 64 20 66 72 6f 6d 20 74 68 65 20 72 6f 75 74 69 6e 67	oute.is.removed.from.the.routing
33f00	20 74 61 62 6c 65 20 75 6e 74 69 6c 20 74 68 65 20 74 61 72 67 65 74 20 77 69 6c 6c 20 62 65 20	.table.until.the.target.will.be.
33f20	61 76 61 69 6c 61 62 6c 65 2e 00 46 61 69 72 20 51 75 65 75 65 00 46 61 69 72 20 51 75 65 75 65	available..Fair.Queue.Fair.Queue
33f40	20 69 73 20 61 20 6e 6f 6e 2d 73 68 61 70 69 6e 67 20 28 77 6f 72 6b 2d 63 6f 6e 73 65 72 76 69	.is.a.non-shaping.(work-conservi
33f60	6e 67 29 20 70 6f 6c 69 63 79 2c 20 73 6f 20 69 74 20 77 69 6c 6c 20 6f 6e 6c 79 20 62 65 20 75	ng).policy,.so.it.will.only.be.u
33f80	73 65 66 75 6c 20 69 66 20 79 6f 75 72 20 6f 75 74 67 6f 69 6e 67 20 69 6e 74 65 72 66 61 63 65	seful.if.your.outgoing.interface
33fa0	20 69 73 20 72 65 61 6c 6c 79 20 66 75 6c 6c 2e 20 49 66 20 69 74 20 69 73 20 6e 6f 74 2c 20 56	.is.really.full..If.it.is.not,.V
33fc0	79 4f 53 20 77 69 6c 6c 20 6e 6f 74 20 6f 77 6e 20 74 68 65 20 71 75 65 75 65 20 61 6e 64 20 46	yOS.will.not.own.the.queue.and.F
33fe0	61 69 72 20 51 75 65 75 65 20 77 69 6c 6c 20 68 61 76 65 20 6e 6f 20 65 66 66 65 63 74 2e 20 49	air.Queue.will.have.no.effect..I
34000	66 20 74 68 65 72 65 20 69 73 20 62 61 6e 64 77 69 64 74 68 20 61 76 61 69 6c 61 62 6c 65 20 6f	f.there.is.bandwidth.available.o
34020	6e 20 74 68 65 20 70 68 79 73 69 63 61 6c 20 6c 69 6e 6b 2c 20 79 6f 75 20 63 61 6e 20 65 6d 62	n.the.physical.link,.you.can.emb
34040	65 64 5f 20 46 61 69 72 2d 51 75 65 75 65 20 69 6e 74 6f 20 61 20 63 6c 61 73 73 66 75 6c 20 73	ed_.Fair-Queue.into.a.classful.s
34060	68 61 70 69 6e 67 20 70 6f 6c 69 63 79 20 74 6f 20 6d 61 6b 65 20 73 75 72 65 20 69 74 20 6f 77	haping.policy.to.make.sure.it.ow
34080	6e 73 20 74 68 65 20 71 75 65 75 65 2e 00 46 61 69 72 20 51 75 65 75 65 20 69 73 20 61 20 77 6f	ns.the.queue..Fair.Queue.is.a.wo
340a0	72 6b 2d 63 6f 6e 73 65 72 76 69 6e 67 20 73 63 68 65 64 75 6c 65 72 20 77 68 69 63 68 20 73 63	rk-conserving.scheduler.which.sc
340c0	68 65 64 75 6c 65 73 20 74 68 65 20 74 72 61 6e 73 6d 69 73 73 69 6f 6e 20 6f 66 20 70 61 63 6b	hedules.the.transmission.of.pack
340e0	65 74 73 20 62 61 73 65 64 20 6f 6e 20 66 6c 6f 77 73 2c 20 74 68 61 74 20 69 73 2c 20 69 74 20	ets.based.on.flows,.that.is,.it.
34100	62 61 6c 61 6e 63 65 73 20 74 72 61 66 66 69 63 20 64 69 73 74 72 69 62 75 74 69 6e 67 20 69 74	balances.traffic.distributing.it
34120	20 74 68 72 6f 75 67 68 20 64 69 66 66 65 72 65 6e 74 20 73 75 62 2d 71 75 65 75 65 73 20 69 6e	.through.different.sub-queues.in
34140	20 6f 72 64 65 72 20 74 6f 20 65 6e 73 75 72 65 20 66 61 69 72 6e 65 73 73 20 73 6f 20 74 68 61	.order.to.ensure.fairness.so.tha
34160	74 20 65 61 63 68 20 66 6c 6f 77 20 69 73 20 61 62 6c 65 20 74 6f 20 73 65 6e 64 20 64 61 74 61	t.each.flow.is.able.to.send.data
34180	20 69 6e 20 74 75 72 6e 2c 20 70 72 65 76 65 6e 74 69 6e 67 20 61 6e 79 20 73 69 6e 67 6c 65 20	.in.turn,.preventing.any.single.
341a0	6f 6e 65 20 66 72 6f 6d 20 64 72 6f 77 6e 69 6e 67 20 6f 75 74 20 74 68 65 20 72 65 73 74 2e 00	one.from.drowning.out.the.rest..
341c0	46 65 61 74 75 72 65 73 20 6f 66 20 74 68 65 20 43 75 72 72 65 6e 74 20 49 6d 70 6c 65 6d 65 6e	Features.of.the.Current.Implemen
341e0	74 61 74 69 6f 6e 00 46 69 65 6c 64 00 46 69 6c 65 20 69 64 65 6e 74 69 66 69 65 64 20 62 79 20	tation.Field.File.identified.by.
34200	60 3c 6b 65 79 66 69 6c 65 3e 60 20 63 6f 6e 74 61 69 6e 69 6e 67 20 74 68 65 20 73 65 63 72 65	`<keyfile>`.containing.the.secre
34220	74 20 52 4e 44 43 20 6b 65 79 20 73 68 61 72 65 64 20 77 69 74 68 20 72 65 6d 6f 74 65 20 44 4e	t.RNDC.key.shared.with.remote.DN
34240	53 20 73 65 72 76 65 72 2e 00 46 69 6c 74 65 72 20 54 79 70 65 2d 33 20 73 75 6d 6d 61 72 79 2d	S.server..Filter.Type-3.summary-
34260	4c 53 41 73 20 61 6e 6e 6f 75 6e 63 65 64 20 74 6f 20 6f 74 68 65 72 20 61 72 65 61 73 20 6f 72	LSAs.announced.to.other.areas.or
34280	69 67 69 6e 61 74 65 64 20 66 72 6f 6d 20 69 6e 74 72 61 2d 20 61 72 65 61 20 70 61 74 68 73 20	iginated.from.intra-.area.paths.
342a0	66 72 6f 6d 20 73 70 65 63 69 66 69 65 64 20 61 72 65 61 2e 20 54 68 69 73 20 63 6f 6d 6d 61 6e	from.specified.area..This.comman
342c0	64 20 6d 61 6b 65 73 20 73 65 6e 73 65 20 69 6e 20 41 42 52 20 6f 6e 6c 79 2e 00 46 69 6c 74 65	d.makes.sense.in.ABR.only..Filte
342e0	72 20 74 72 61 66 66 69 63 20 62 61 73 65 64 20 6f 6e 20 73 6f 75 72 63 65 2f 64 65 73 74 69 6e	r.traffic.based.on.source/destin
34300	61 74 69 6f 6e 20 61 64 64 72 65 73 73 2e 00 46 69 6c 74 65 72 2d 49 64 3d 32 30 30 30 2f 33 30	ation.address..Filter-Id=2000/30
34320	30 30 20 28 6d 65 61 6e 73 20 32 30 30 30 4b 62 69 74 20 64 6f 77 6e 2d 73 74 72 65 61 6d 20 72	00.(means.2000Kbit.down-stream.r
34340	61 74 65 20 61 6e 64 20 33 30 30 30 4b 62 69 74 20 75 70 2d 73 74 72 65 61 6d 20 72 61 74 65 29	ate.and.3000Kbit.up-stream.rate)
34360	00 46 69 6c 74 65 72 2d 49 64 3d 35 30 30 30 2f 34 30 30 30 20 28 6d 65 61 6e 73 20 35 30 30 30	.Filter-Id=5000/4000.(means.5000
34380	4b 62 69 74 20 64 6f 77 6e 2d 73 74 72 65 61 6d 20 72 61 74 65 20 61 6e 64 20 34 30 30 30 4b 62	Kbit.down-stream.rate.and.4000Kb
343a0	69 74 20 75 70 2d 73 74 72 65 61 6d 20 72 61 74 65 29 20 49 66 20 61 74 74 72 69 62 75 74 65 20	it.up-stream.rate).If.attribute.
343c0	46 69 6c 74 65 72 2d 49 64 20 72 65 64 65 66 69 6e 65 64 2c 20 72 65 70 6c 61 63 65 20 69 74 20	Filter-Id.redefined,.replace.it.
343e0	69 6e 20 52 41 44 49 55 53 20 43 6f 41 20 72 65 71 75 65 73 74 2e 00 46 69 6c 74 65 72 69 6e 67	in.RADIUS.CoA.request..Filtering
34400	00 46 69 6c 74 65 72 69 6e 67 20 69 73 20 75 73 65 64 20 66 6f 72 20 62 6f 74 68 20 69 6e 70 75	.Filtering.is.used.for.both.inpu
34420	74 20 61 6e 64 20 6f 75 74 70 75 74 20 6f 66 20 74 68 65 20 72 6f 75 74 69 6e 67 20 69 6e 66 6f	t.and.output.of.the.routing.info
34440	72 6d 61 74 69 6f 6e 2e 20 4f 6e 63 65 20 66 69 6c 74 65 72 69 6e 67 20 69 73 20 64 65 66 69 6e	rmation..Once.filtering.is.defin
34460	65 64 2c 20 69 74 20 63 61 6e 20 62 65 20 61 70 70 6c 69 65 64 20 69 6e 20 61 6e 79 20 64 69 72	ed,.it.can.be.applied.in.any.dir
34480	65 63 74 69 6f 6e 2e 20 56 79 4f 53 20 6d 61 6b 65 73 20 66 69 6c 74 65 72 69 6e 67 20 70 6f 73	ection..VyOS.makes.filtering.pos
344a0	73 69 62 6c 65 20 75 73 69 6e 67 20 61 63 6c 73 20 61 6e 64 20 70 72 65 66 69 78 20 6c 69 73 74	sible.using.acls.and.prefix.list
344c0	73 2e 00 46 69 6e 61 6c 6c 79 2c 20 74 6f 20 61 70 70 6c 79 20 74 68 65 20 70 6f 6c 69 63 79 20	s..Finally,.to.apply.the.policy.
344e0	72 6f 75 74 65 20 74 6f 20 69 6e 67 72 65 73 73 20 74 72 61 66 66 69 63 20 6f 6e 20 6f 75 72 20	route.to.ingress.traffic.on.our.
34500	4c 41 4e 20 69 6e 74 65 72 66 61 63 65 2c 20 77 65 20 75 73 65 3a 00 46 69 72 65 77 61 6c 6c 00	LAN.interface,.we.use:.Firewall.
34520	46 69 72 65 77 61 6c 6c 20 44 65 73 63 72 69 70 74 69 6f 6e 00 46 69 72 65 77 61 6c 6c 20 45 78	Firewall.Description.Firewall.Ex
34540	63 65 70 74 69 6f 6e 73 00 46 69 72 65 77 61 6c 6c 20 4c 6f 67 73 00 46 69 72 65 77 61 6c 6c 20	ceptions.Firewall.Logs.Firewall.
34560	52 75 6c 65 73 00 46 69 72 65 77 61 6c 6c 20 67 72 6f 75 70 73 20 72 65 70 72 65 73 65 6e 74 20	Rules.Firewall.groups.represent.
34580	63 6f 6c 6c 65 63 74 69 6f 6e 73 20 6f 66 20 49 50 20 61 64 64 72 65 73 73 65 73 2c 20 6e 65 74	collections.of.IP.addresses,.net
345a0	77 6f 72 6b 73 2c 20 70 6f 72 74 73 2c 20 6d 61 63 20 61 64 64 72 65 73 73 65 73 20 6f 72 20 64	works,.ports,.mac.addresses.or.d
345c0	6f 6d 61 69 6e 73 2e 20 4f 6e 63 65 20 63 72 65 61 74 65 64 2c 20 61 20 67 72 6f 75 70 20 63 61	omains..Once.created,.a.group.ca
345e0	6e 20 62 65 20 72 65 66 65 72 65 6e 63 65 64 20 62 79 20 66 69 72 65 77 61 6c 6c 2c 20 6e 61 74	n.be.referenced.by.firewall,.nat
34600	20 61 6e 64 20 70 6f 6c 69 63 79 20 72 6f 75 74 65 20 72 75 6c 65 73 20 61 73 20 65 69 74 68 65	.and.policy.route.rules.as.eithe
34620	72 20 61 20 73 6f 75 72 63 65 20 6f 72 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 6d 61 74 63 68 65	r.a.source.or.destination.matche
34640	72 2e 20 4d 65 6d 62 65 72 73 20 63 61 6e 20 62 65 20 61 64 64 65 64 20 6f 72 20 72 65 6d 6f 76	r..Members.can.be.added.or.remov
34660	65 64 20 66 72 6f 6d 20 61 20 67 72 6f 75 70 20 77 69 74 68 6f 75 74 20 63 68 61 6e 67 65 73 20	ed.from.a.group.without.changes.
34680	74 6f 2c 20 6f 72 20 74 68 65 20 6e 65 65 64 20 74 6f 20 72 65 6c 6f 61 64 2c 20 69 6e 64 69 76	to,.or.the.need.to.reload,.indiv
346a0	69 64 75 61 6c 20 66 69 72 65 77 61 6c 6c 20 72 75 6c 65 73 2e 00 46 69 72 65 77 61 6c 6c 20 67	idual.firewall.rules..Firewall.g
346c0	72 6f 75 70 73 20 72 65 70 72 65 73 65 6e 74 20 63 6f 6c 6c 65 63 74 69 6f 6e 73 20 6f 66 20 49	roups.represent.collections.of.I
346e0	50 20 61 64 64 72 65 73 73 65 73 2c 20 6e 65 74 77 6f 72 6b 73 2c 20 70 6f 72 74 73 2c 20 6d 61	P.addresses,.networks,.ports,.ma
34700	63 20 61 64 64 72 65 73 73 65 73 2c 20 64 6f 6d 61 69 6e 73 20 6f 72 20 69 6e 74 65 72 66 61 63	c.addresses,.domains.or.interfac
34720	65 73 2e 20 4f 6e 63 65 20 63 72 65 61 74 65 64 2c 20 61 20 67 72 6f 75 70 20 63 61 6e 20 62 65	es..Once.created,.a.group.can.be
34740	20 72 65 66 65 72 65 6e 63 65 64 20 62 79 20 66 69 72 65 77 61 6c 6c 2c 20 6e 61 74 20 61 6e 64	.referenced.by.firewall,.nat.and
34760	20 70 6f 6c 69 63 79 20 72 6f 75 74 65 20 72 75 6c 65 73 20 61 73 20 65 69 74 68 65 72 20 61 20	.policy.route.rules.as.either.a.
34780	73 6f 75 72 63 65 20 6f 72 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 6d 61 74 63 68 65 72 2c 20 61	source.or.destination.matcher,.a
347a0	6e 64 20 61 73 20 69 6e 62 70 75 6e 64 2f 6f 75 74 62 6f 75 6e 64 20 69 6e 20 74 68 65 20 63 61	nd.as.inbpund/outbound.in.the.ca
347c0	73 65 20 6f 66 20 69 6e 74 65 72 66 61 63 65 20 67 72 6f 75 70 2e 00 46 69 72 65 77 61 6c 6c 20	se.of.interface.group..Firewall.
347e0	6d 61 72 6b 2e 20 49 74 20 70 6f 73 73 69 62 6c 65 20 74 6f 20 6c 6f 61 64 62 61 6c 61 6e 63 69	mark..It.possible.to.loadbalanci
34800	6e 67 20 74 72 61 66 66 69 63 20 62 61 73 65 64 20 6f 6e 20 60 60 66 77 6d 61 72 6b 60 60 20 76	ng.traffic.based.on.``fwmark``.v
34820	61 6c 75 65 00 46 69 72 65 77 61 6c 6c 20 70 6f 6c 69 63 79 20 63 61 6e 20 61 6c 73 6f 20 62 65	alue.Firewall.policy.can.also.be
34840	20 61 70 70 6c 69 65 64 20 74 6f 20 74 68 65 20 74 75 6e 6e 65 6c 20 69 6e 74 65 72 66 61 63 65	.applied.to.the.tunnel.interface
34860	20 66 6f 72 20 60 6c 6f 63 61 6c 60 2c 20 60 69 6e 60 2c 20 61 6e 64 20 60 6f 75 74 60 20 64 69	.for.`local`,.`in`,.and.`out`.di
34880	72 65 63 74 69 6f 6e 73 20 61 6e 64 20 66 75 6e 63 74 69 6f 6e 73 20 69 64 65 6e 74 69 63 61 6c	rections.and.functions.identical
348a0	6c 79 20 74 6f 20 65 74 68 65 72 6e 65 74 20 69 6e 74 65 72 66 61 63 65 73 2e 00 46 69 72 65 77	ly.to.ethernet.interfaces..Firew
348c0	61 6c 6c 20 72 75 6c 65 73 20 61 72 65 20 77 72 69 74 74 65 6e 20 61 73 20 6e 6f 72 6d 61 6c 2c	all.rules.are.written.as.normal,
348e0	20 75 73 69 6e 67 20 74 68 65 20 69 6e 74 65 72 6e 61 6c 20 49 50 20 61 64 64 72 65 73 73 20 61	.using.the.internal.IP.address.a
34900	73 20 74 68 65 20 73 6f 75 72 63 65 20 6f 66 20 6f 75 74 62 6f 75 6e 64 20 72 75 6c 65 73 20 61	s.the.source.of.outbound.rules.a
34920	6e 64 20 74 68 65 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 6f 66 20 69 6e 62 6f 75 6e 64 20 72 75	nd.the.destination.of.inbound.ru
34940	6c 65 73 2e 00 46 69 72 65 77 61 6c 6c 2d 4c 65 67 61 63 79 00 46 69 72 6d 77 61 72 65 20 55 70	les..Firewall-Legacy.Firmware.Up
34960	64 61 74 65 00 46 69 72 73 74 20 68 6f 70 20 69 6e 74 65 72 66 61 63 65 20 6f 66 20 61 20 72 6f	date.First.hop.interface.of.a.ro
34980	75 74 65 20 74 6f 20 6d 61 74 63 68 2e 00 46 69 72 73 74 20 6f 66 20 61 6c 6c 20 79 6f 75 20 6d	ute.to.match..First.of.all.you.m
349a0	75 73 74 20 63 6f 6e 66 69 67 75 72 65 20 42 47 50 20 72 6f 75 74 65 72 20 77 69 74 68 20 74 68	ust.configure.BGP.router.with.th
349c0	65 20 3a 61 62 62 72 3a 60 41 53 4e 20 28 41 75 74 6f 6e 6f 6d 6f 75 73 20 53 79 73 74 65 6d 20	e.:abbr:`ASN.(Autonomous.System.
349e0	4e 75 6d 62 65 72 29 60 2e 20 54 68 65 20 41 53 20 6e 75 6d 62 65 72 20 69 73 20 61 6e 20 69 64	Number)`..The.AS.number.is.an.id
34a00	65 6e 74 69 66 69 65 72 20 66 6f 72 20 74 68 65 20 61 75 74 6f 6e 6f 6d 6f 75 73 20 73 79 73 74	entifier.for.the.autonomous.syst
34a20	65 6d 2e 20 54 68 65 20 42 47 50 20 70 72 6f 74 6f 63 6f 6c 20 75 73 65 73 20 74 68 65 20 41 53	em..The.BGP.protocol.uses.the.AS
34a40	20 6e 75 6d 62 65 72 20 66 6f 72 20 64 65 74 65 63 74 69 6e 67 20 77 68 65 74 68 65 72 20 74 68	.number.for.detecting.whether.th
34a60	65 20 42 47 50 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 69 73 20 69 6e 74 65 72 6e 61 6c 20 6f 72 20	e.BGP.connection.is.internal.or.
34a80	65 78 74 65 72 6e 61 6c 2e 20 56 79 4f 53 20 64 6f 65 73 20 6e 6f 74 20 68 61 76 65 20 61 20 73	external..VyOS.does.not.have.a.s
34aa0	70 65 63 69 61 6c 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 73 74 61 72 74 20 74 68 65 20 42 47 50 20	pecial.command.to.start.the.BGP.
34ac0	70 72 6f 63 65 73 73 2e 20 54 68 65 20 42 47 50 20 70 72 6f 63 65 73 73 20 73 74 61 72 74 73 20	process..The.BGP.process.starts.
34ae0	77 68 65 6e 20 74 68 65 20 66 69 72 73 74 20 6e 65 69 67 68 62 6f 72 20 69 73 20 63 6f 6e 66 69	when.the.first.neighbor.is.confi
34b00	67 75 72 65 64 2e 00 46 69 72 73 74 20 73 63 65 6e 61 72 69 6f 3a 20 61 70 70 6c 79 20 64 65 73	gured..First.scenario:.apply.des
34b20	74 69 6e 61 74 69 6f 6e 20 4e 41 54 20 66 6f 72 20 61 6c 6c 20 48 54 54 50 20 74 72 61 66 66 69	tination.NAT.for.all.HTTP.traffi
34b40	63 20 63 6f 6d 6d 69 6e 67 20 74 68 72 6f 75 67 68 20 69 6e 74 65 72 66 61 63 65 20 65 74 68 30	c.comming.through.interface.eth0
34b60	2c 20 61 6e 64 20 75 73 65 72 20 34 20 62 61 63 6b 65 6e 64 73 2e 20 46 69 72 73 74 20 62 61 63	,.and.user.4.backends..First.bac
34b80	6b 65 6e 64 20 73 68 6f 75 6c 64 20 72 65 63 65 69 76 65 64 20 33 30 25 20 6f 66 20 74 68 65 20	kend.should.received.30%.of.the.
34ba0	72 65 71 75 65 73 74 2c 20 73 65 63 6f 6e 64 20 62 61 63 6b 65 6e 64 20 73 68 6f 75 6c 64 20 67	request,.second.backend.should.g
34bc0	65 74 20 32 30 25 2c 20 74 68 69 72 64 20 31 35 25 20 61 6e 64 20 74 68 65 20 66 6f 75 72 74 68	et.20%,.third.15%.and.the.fourth
34be0	20 33 35 25 20 57 65 20 77 69 6c 6c 20 75 73 65 20 73 6f 75 72 63 65 20 61 6e 64 20 64 65 73 74	.35%.We.will.use.source.and.dest
34c00	69 6e 61 74 69 6f 6e 20 61 64 64 72 65 73 73 20 66 6f 72 20 68 61 73 68 20 67 65 6e 65 72 61 74	ination.address.for.hash.generat
34c20	69 6f 6e 2e 00 46 69 72 73 74 20 73 74 65 70 73 00 46 69 72 73 74 20 74 68 65 20 4f 54 50 20 6b	ion..First.steps.First.the.OTP.k
34c40	65 79 73 20 6d 75 73 74 20 62 65 20 67 65 6e 65 72 61 74 65 64 20 61 6e 64 20 73 65 6e 74 20 74	eys.must.be.generated.and.sent.t
34c60	6f 20 74 68 65 20 75 73 65 72 20 61 6e 64 20 74 6f 20 74 68 65 20 63 6f 6e 66 69 67 75 72 61 74	o.the.user.and.to.the.configurat
34c80	69 6f 6e 3a 00 46 69 72 73 74 20 77 65 20 6e 65 65 64 20 74 6f 20 73 70 65 63 69 66 79 20 74 68	ion:.First.we.need.to.specify.th
34ca0	65 20 62 61 73 69 63 20 73 65 74 74 69 6e 67 73 2e 20 31 31 39 34 2f 55 44 50 20 69 73 20 74 68	e.basic.settings..1194/UDP.is.th
34cc0	65 20 64 65 66 61 75 6c 74 2e 20 54 68 65 20 60 60 70 65 72 73 69 73 74 65 6e 74 2d 74 75 6e 6e	e.default..The.``persistent-tunn
34ce0	65 6c 60 60 20 6f 70 74 69 6f 6e 20 69 73 20 72 65 63 6f 6d 6d 65 6e 64 65 64 2c 20 69 74 20 70	el``.option.is.recommended,.it.p
34d00	72 65 76 65 6e 74 73 20 74 68 65 20 54 55 4e 2f 54 41 50 20 64 65 76 69 63 65 20 66 72 6f 6d 20	revents.the.TUN/TAP.device.from.
34d20	63 6c 6f 73 69 6e 67 20 6f 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 72 65 73 65 74 73 20 6f 72 20	closing.on.connection.resets.or.
34d40	64 61 65 6d 6f 6e 20 72 65 6c 6f 61 64 73 2e 00 46 69 72 73 74 20 79 6f 75 20 77 69 6c 6c 20 6e	daemon.reloads..First.you.will.n
34d60	65 65 64 20 74 6f 20 64 65 70 6c 6f 79 20 61 6e 20 52 50 4b 49 20 76 61 6c 69 64 61 74 6f 72 20	eed.to.deploy.an.RPKI.validator.
34d80	66 6f 72 20 79 6f 75 72 20 72 6f 75 74 65 72 73 20 74 6f 20 75 73 65 2e 20 54 68 65 20 52 49 50	for.your.routers.to.use..The.RIP
34da0	45 20 4e 43 43 20 68 65 6c 70 66 75 6c 6c 79 20 70 72 6f 76 69 64 65 20 60 73 6f 6d 65 20 69 6e	E.NCC.helpfully.provide.`some.in
34dc0	73 74 72 75 63 74 69 6f 6e 73 60 5f 20 74 6f 20 67 65 74 20 79 6f 75 20 73 74 61 72 74 65 64 20	structions`_.to.get.you.started.
34de0	77 69 74 68 20 73 65 76 65 72 61 6c 20 64 69 66 66 65 72 65 6e 74 20 6f 70 74 69 6f 6e 73 2e 20	with.several.different.options..
34e00	20 4f 6e 63 65 20 79 6f 75 72 20 73 65 72 76 65 72 20 69 73 20 72 75 6e 6e 69 6e 67 20 79 6f 75	.Once.your.server.is.running.you
34e20	20 63 61 6e 20 73 74 61 72 74 20 76 61 6c 69 64 61 74 69 6e 67 20 61 6e 6e 6f 75 6e 63 65 6d 65	.can.start.validating.announceme
34e40	6e 74 73 2e 00 46 69 72 73 74 2c 20 6f 6e 20 62 6f 74 68 20 72 6f 75 74 65 72 73 20 72 75 6e 20	nts..First,.on.both.routers.run.
34e60	74 68 65 20 6f 70 65 72 61 74 69 6f 6e 61 6c 20 63 6f 6d 6d 61 6e 64 20 22 67 65 6e 65 72 61 74	the.operational.command."generat
34e80	65 20 70 6b 69 20 6b 65 79 2d 70 61 69 72 20 69 6e 73 74 61 6c 6c 20 3c 6b 65 79 2d 70 61 69 72	e.pki.key-pair.install.<key-pair
34ea0	20 6e 61 6d 3e 3e 22 2e 20 59 6f 75 20 6d 61 79 20 63 68 6f 6f 73 65 20 64 69 66 66 65 72 65 6e	.nam>>"..You.may.choose.differen
34ec0	74 20 6c 65 6e 67 74 68 20 74 68 61 6e 20 32 30 34 38 20 6f 66 20 63 6f 75 72 73 65 2e 00 46 69	t.length.than.2048.of.course..Fi
34ee0	72 73 74 2c 20 6f 6e 20 62 6f 74 68 20 72 6f 75 74 65 72 73 20 72 75 6e 20 74 68 65 20 6f 70 65	rst,.on.both.routers.run.the.ope
34f00	72 61 74 69 6f 6e 61 6c 20 63 6f 6d 6d 61 6e 64 20 22 67 65 6e 65 72 61 74 65 20 70 6b 69 20 6b	rational.command."generate.pki.k
34f20	65 79 2d 70 61 69 72 20 69 6e 73 74 61 6c 6c 20 3c 6b 65 79 2d 70 61 69 72 20 6e 61 6d 65 3e 22	ey-pair.install.<key-pair.name>"
34f40	2e 20 59 6f 75 20 6d 61 79 20 63 68 6f 6f 73 65 20 64 69 66 66 65 72 65 6e 74 20 6c 65 6e 67 74	..You.may.choose.different.lengt
34f60	68 20 74 68 61 6e 20 32 30 34 38 20 6f 66 20 63 6f 75 72 73 65 2e 00 46 69 72 73 74 2c 20 6f 6e	h.than.2048.of.course..First,.on
34f80	65 20 6f 66 20 74 68 65 20 73 79 73 74 65 6d 73 20 67 65 6e 65 72 61 74 65 20 74 68 65 20 6b 65	e.of.the.systems.generate.the.ke
34fa0	79 20 75 73 69 6e 67 20 74 68 65 20 3a 72 65 66 3a 60 67 65 6e 65 72 61 74 65 20 70 6b 69 20 6f	y.using.the.:ref:`generate.pki.o
34fc0	70 65 6e 76 70 6e 20 73 68 61 72 65 64 2d 73 65 63 72 65 74 3c 63 6f 6e 66 69 67 75 72 61 74 69	penvpn.shared-secret<configurati
34fe0	6f 6e 2f 70 6b 69 2f 69 6e 64 65 78 3a 70 6b 69 3e 60 20 63 6f 6d 6d 61 6e 64 2e 20 4f 6e 63 65	on/pki/index:pki>`.command..Once
35000	20 67 65 6e 65 72 61 74 65 64 2c 20 79 6f 75 20 77 69 6c 6c 20 6e 65 65 64 20 74 6f 20 69 6e 73	.generated,.you.will.need.to.ins
35020	74 61 6c 6c 20 74 68 69 73 20 6b 65 79 20 6f 6e 20 74 68 65 20 6c 6f 63 61 6c 20 73 79 73 74 65	tall.this.key.on.the.local.syste
35040	6d 2c 20 74 68 65 6e 20 63 6f 70 79 20 61 6e 64 20 69 6e 73 74 61 6c 6c 20 74 68 69 73 20 6b 65	m,.then.copy.and.install.this.ke
35060	79 20 74 6f 20 74 68 65 20 72 65 6d 6f 74 65 20 72 6f 75 74 65 72 2e 00 46 6c 61 73 68 00 46 6c	y.to.the.remote.router..Flash.Fl
35080	61 73 68 20 4f 76 65 72 72 69 64 65 00 46 6c 6f 77 20 41 63 63 6f 75 6e 74 69 6e 67 00 46 6c 6f	ash.Override.Flow.Accounting.Flo
350a0	77 20 45 78 70 6f 72 74 00 46 6c 6f 77 20 61 6e 64 20 70 61 63 6b 65 74 2d 62 61 73 65 64 20 62	w.Export.Flow.and.packet-based.b
350c0	61 6c 61 6e 63 69 6e 67 00 46 6c 6f 77 73 20 63 61 6e 20 62 65 20 65 78 70 6f 72 74 65 64 20 76	alancing.Flows.can.be.exported.v
350e0	69 61 20 74 77 6f 20 64 69 66 66 65 72 65 6e 74 20 70 72 6f 74 6f 63 6f 6c 73 3a 20 4e 65 74 46	ia.two.different.protocols:.NetF
35100	6c 6f 77 20 28 76 65 72 73 69 6f 6e 73 20 35 2c 20 39 20 61 6e 64 20 31 30 2f 49 50 46 49 58 29	low.(versions.5,.9.and.10/IPFIX)
35120	20 61 6e 64 20 73 46 6c 6f 77 2e 20 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 79 6f 75 20 6d 61	.and.sFlow..Additionally,.you.ma
35140	79 20 73 61 76 65 20 66 6c 6f 77 73 20 74 6f 20 61 6e 20 69 6e 2d 6d 65 6d 6f 72 79 20 74 61 62	y.save.flows.to.an.in-memory.tab
35160	6c 65 20 69 6e 74 65 72 6e 61 6c 6c 79 20 69 6e 20 61 20 72 6f 75 74 65 72 2e 00 46 6c 75 73 68	le.internally.in.a.router..Flush
35180	69 6e 67 20 74 68 65 20 73 65 73 73 69 6f 6e 20 74 61 62 6c 65 20 77 69 6c 6c 20 63 61 75 73 65	ing.the.session.table.will.cause
351a0	20 6f 74 68 65 72 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 74 6f 20 66 61 6c 6c 20 62 61 63 6b 20	.other.connections.to.fall.back.
351c0	66 72 6f 6d 20 66 6c 6f 77 2d 62 61 73 65 64 20 74 6f 20 70 61 63 6b 65 74 2d 62 61 73 65 64 20	from.flow-based.to.packet-based.
351e0	62 61 6c 61 6e 63 69 6e 67 20 75 6e 74 69 6c 20 65 61 63 68 20 66 6c 6f 77 20 69 73 20 72 65 65	balancing.until.each.flow.is.ree
35200	73 74 61 62 6c 69 73 68 65 64 2e 00 46 6f 6c 6c 6f 77 20 74 68 65 20 69 6e 73 74 72 75 63 74 69	stablished..Follow.the.instructi
35220	6f 6e 73 20 74 6f 20 67 65 6e 65 72 61 74 65 20 43 41 20 63 65 72 74 20 28 69 6e 20 63 6f 6e 66	ons.to.generate.CA.cert.(in.conf
35240	69 67 75 72 61 74 69 6f 6e 20 6d 6f 64 65 29 3a 00 46 6f 6c 6c 6f 77 20 74 68 65 20 69 6e 73 74	iguration.mode):.Follow.the.inst
35260	72 75 63 74 69 6f 6e 73 20 74 6f 20 67 65 6e 65 72 61 74 65 20 73 65 72 76 65 72 20 63 65 72 74	ructions.to.generate.server.cert
35280	20 28 69 6e 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6d 6f 64 65 29 3a 00 46 6f 72 20 3a 72	.(in.configuration.mode):.For.:r
352a0	65 66 3a 60 62 69 64 69 72 65 63 74 69 6f 6e 61 6c 2d 6e 61 74 60 20 61 20 72 75 6c 65 20 66 6f	ef:`bidirectional-nat`.a.rule.fo
352c0	72 20 62 6f 74 68 20 3a 72 65 66 3a 60 73 6f 75 72 63 65 2d 6e 61 74 60 20 61 6e 64 20 3a 72 65	r.both.:ref:`source-nat`.and.:re
352e0	66 3a 60 64 65 73 74 69 6e 61 74 69 6f 6e 2d 6e 61 74 60 20 6e 65 65 64 73 20 74 6f 20 62 65 20	f:`destination-nat`.needs.to.be.
35300	63 72 65 61 74 65 64 2e 00 46 6f 72 20 3a 72 65 66 3a 60 64 65 73 74 69 6e 61 74 69 6f 6e 2d 6e	created..For.:ref:`destination-n
35320	61 74 60 20 72 75 6c 65 73 20 74 68 65 20 70 61 63 6b 65 74 73 20 64 65 73 74 69 6e 61 74 69 6f	at`.rules.the.packets.destinatio
35340	6e 20 61 64 64 72 65 73 73 20 77 69 6c 6c 20 62 65 20 72 65 70 6c 61 63 65 64 20 62 79 20 74 68	n.address.will.be.replaced.by.th
35360	65 20 73 70 65 63 69 66 69 65 64 20 61 64 64 72 65 73 73 20 69 6e 20 74 68 65 20 60 74 72 61 6e	e.specified.address.in.the.`tran
35380	73 6c 61 74 69 6f 6e 20 61 64 64 72 65 73 73 60 20 63 6f 6d 6d 61 6e 64 2e 00 46 6f 72 20 3a 72	slation.address`.command..For.:r
353a0	65 66 3a 60 73 6f 75 72 63 65 2d 6e 61 74 60 20 72 75 6c 65 73 20 74 68 65 20 70 61 63 6b 65 74	ef:`source-nat`.rules.the.packet
353c0	73 20 73 6f 75 72 63 65 20 61 64 64 72 65 73 73 20 77 69 6c 6c 20 62 65 20 72 65 70 6c 61 63 65	s.source.address.will.be.replace
353e0	64 20 77 69 74 68 20 74 68 65 20 61 64 64 72 65 73 73 20 73 70 65 63 69 66 69 65 64 20 69 6e 20	d.with.the.address.specified.in.
35400	74 68 65 20 74 72 61 6e 73 6c 61 74 69 6f 6e 20 63 6f 6d 6d 61 6e 64 2e 20 41 20 70 6f 72 74 20	the.translation.command..A.port.
35420	74 72 61 6e 73 6c 61 74 69 6f 6e 20 63 61 6e 20 61 6c 73 6f 20 62 65 20 73 70 65 63 69 66 69 65	translation.can.also.be.specifie
35440	64 20 61 6e 64 20 69 73 20 70 61 72 74 20 6f 66 20 74 68 65 20 74 72 61 6e 73 6c 61 74 69 6f 6e	d.and.is.part.of.the.translation
35460	20 61 64 64 72 65 73 73 2e 00 46 6f 72 20 45 6e 63 72 79 70 74 69 6f 6e 3a 00 46 6f 72 20 48 61	.address..For.Encryption:.For.Ha
35480	73 68 69 6e 67 3a 00 46 6f 72 20 49 53 2d 49 53 20 74 6f 70 20 6f 70 65 72 61 74 65 20 63 6f 72	shing:.For.IS-IS.top.operate.cor
354a0	72 65 63 74 6c 79 2c 20 6f 6e 65 20 6d 75 73 74 20 64 6f 20 74 68 65 20 65 71 75 69 76 61 6c 65	rectly,.one.must.do.the.equivale
354c0	6e 74 20 6f 66 20 61 20 52 6f 75 74 65 72 20 49 44 20 69 6e 20 43 4c 4e 53 2e 20 54 68 69 73 20	nt.of.a.Router.ID.in.CLNS..This.
354e0	52 6f 75 74 65 72 20 49 44 20 69 73 20 63 61 6c 6c 65 64 20 74 68 65 20 3a 61 62 62 72 3a 60 4e	Router.ID.is.called.the.:abbr:`N
35500	45 54 20 28 4e 65 74 77 6f 72 6b 20 45 6e 74 69 74 79 20 54 69 74 6c 65 29 60 2e 20 54 68 69 73	ET.(Network.Entity.Title)`..This
35520	20 6d 75 73 74 20 62 65 20 75 6e 69 71 75 65 20 66 6f 72 20 65 61 63 68 20 61 6e 64 20 65 76 65	.must.be.unique.for.each.and.eve
35540	72 79 20 72 6f 75 74 65 72 20 74 68 61 74 20 69 73 20 6f 70 65 72 61 74 69 6e 67 20 69 6e 20 49	ry.router.that.is.operating.in.I
35560	53 2d 49 53 2e 20 49 74 20 61 6c 73 6f 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 64 75 70 6c 69 63	S-IS..It.also.must.not.be.duplic
35580	61 74 65 64 20 6f 74 68 65 72 77 69 73 65 20 74 68 65 20 73 61 6d 65 20 69 73 73 75 65 73 20 74	ated.otherwise.the.same.issues.t
355a0	68 61 74 20 6f 63 63 75 72 20 77 69 74 68 69 6e 20 4f 53 50 46 20 77 69 6c 6c 20 6f 63 63 75 72	hat.occur.within.OSPF.will.occur
355c0	20 77 69 74 68 69 6e 20 49 53 2d 49 53 20 77 68 65 6e 20 69 74 20 63 6f 6d 65 73 20 74 6f 20 73	.within.IS-IS.when.it.comes.to.s
355e0	61 69 64 20 64 75 70 6c 69 63 61 74 69 6f 6e 2e 00 46 6f 72 20 49 6e 63 6f 6d 69 6e 67 20 61 6e	aid.duplication..For.Incoming.an
35600	64 20 49 6d 70 6f 72 74 20 52 6f 75 74 65 2d 6d 61 70 73 20 69 66 20 77 65 20 72 65 63 65 69 76	d.Import.Route-maps.if.we.receiv
35620	65 20 61 20 76 36 20 67 6c 6f 62 61 6c 20 61 6e 64 20 76 36 20 4c 4c 20 61 64 64 72 65 73 73 20	e.a.v6.global.and.v6.LL.address.
35640	66 6f 72 20 74 68 65 20 72 6f 75 74 65 2c 20 74 68 65 6e 20 70 72 65 66 65 72 20 74 6f 20 75 73	for.the.route,.then.prefer.to.us
35660	65 20 74 68 65 20 67 6c 6f 62 61 6c 20 61 64 64 72 65 73 73 20 61 73 20 74 68 65 20 6e 65 78 74	e.the.global.address.as.the.next
35680	68 6f 70 2e 00 46 6f 72 20 4c 6f 63 61 6c 20 55 73 65 72 73 00 46 6f 72 20 52 41 44 49 55 53 20	hop..For.Local.Users.For.RADIUS.
356a0	75 73 65 72 73 00 46 6f 72 20 55 53 42 20 70 6f 72 74 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70	users.For.USB.port.information.p
356c0	6c 65 61 73 65 20 72 65 66 6f 72 20 74 6f 3a 20 3a 72 65 66 3a 60 68 61 72 64 77 61 72 65 5f 75	lease.refor.to:.:ref:`hardware_u
356e0	73 62 60 2e 00 46 6f 72 20 61 20 68 65 61 64 73 74 61 72 74 20 79 6f 75 20 63 61 6e 20 75 73 65	sb`..For.a.headstart.you.can.use
35700	20 74 68 65 20 62 65 6c 6f 77 20 65 78 61 6d 70 6c 65 20 6f 6e 20 68 6f 77 20 74 6f 20 62 75 69	.the.below.example.on.how.to.bui
35720	6c 64 20 61 20 62 6f 6e 64 20 77 69 74 68 20 74 77 6f 20 69 6e 74 65 72 66 61 63 65 73 20 66 72	ld.a.bond.with.two.interfaces.fr
35740	6f 6d 20 56 79 4f 53 20 74 6f 20 61 20 4a 75 6e 69 70 65 72 20 45 58 20 53 77 69 74 63 68 20 73	om.VyOS.to.a.Juniper.EX.Switch.s
35760	79 73 74 65 6d 2e 00 46 6f 72 20 61 20 68 65 61 64 73 74 61 72 74 20 79 6f 75 20 63 61 6e 20 75	ystem..For.a.headstart.you.can.u
35780	73 65 20 74 68 65 20 62 65 6c 6f 77 20 65 78 61 6d 70 6c 65 20 6f 6e 20 68 6f 77 20 74 6f 20 62	se.the.below.example.on.how.to.b
357a0	75 69 6c 64 20 61 20 62 6f 6e 64 2c 70 6f 72 74 2d 63 68 61 6e 6e 65 6c 20 77 69 74 68 20 74 77	uild.a.bond,port-channel.with.tw
357c0	6f 20 69 6e 74 65 72 66 61 63 65 73 20 66 72 6f 6d 20 56 79 4f 53 20 74 6f 20 61 20 41 72 75 62	o.interfaces.from.VyOS.to.a.Arub
357e0	61 2f 48 50 20 32 35 31 30 47 20 73 77 69 74 63 68 2e 00 46 6f 72 20 61 20 6c 61 72 67 65 20 61	a/HP.2510G.switch..For.a.large.a
35800	6d 6f 75 6e 74 20 6f 66 20 70 72 69 76 61 74 65 20 6d 61 63 68 69 6e 65 73 20 62 65 68 69 6e 64	mount.of.private.machines.behind
35820	20 74 68 65 20 4e 41 54 20 79 6f 75 72 20 61 64 64 72 65 73 73 20 70 6f 6f 6c 20 6d 69 67 68 74	.the.NAT.your.address.pool.might
35840	20 74 6f 20 62 65 20 62 69 67 67 65 72 2e 20 55 73 65 20 61 6e 79 20 61 64 64 72 65 73 73 20 69	.to.be.bigger..Use.any.address.i
35860	6e 20 74 68 65 20 72 61 6e 67 65 20 31 30 30 2e 36 34 2e 30 2e 31 30 20 2d 20 31 30 30 2e 36 34	n.the.range.100.64.0.10.-.100.64
35880	2e 30 2e 32 30 20 6f 6e 20 53 4e 41 54 20 72 75 6c 65 20 34 30 20 77 68 65 6e 20 64 6f 69 6e 67	.0.20.on.SNAT.rule.40.when.doing
358a0	20 74 68 65 20 74 72 61 6e 73 6c 61 74 69 6f 6e 00 46 6f 72 20 61 20 73 69 6d 70 6c 65 20 68 6f	.the.translation.For.a.simple.ho
358c0	6d 65 20 6e 65 74 77 6f 72 6b 20 75 73 69 6e 67 20 6a 75 73 74 20 74 68 65 20 49 53 50 27 73 20	me.network.using.just.the.ISP's.
358e0	65 71 75 69 70 6d 65 6e 74 2c 20 74 68 69 73 20 69 73 20 75 73 75 61 6c 6c 79 20 64 65 73 69 72	equipment,.this.is.usually.desir
35900	61 62 6c 65 2e 20 42 75 74 20 69 66 20 79 6f 75 20 77 61 6e 74 20 74 6f 20 72 75 6e 20 56 79 4f	able..But.if.you.want.to.run.VyO
35920	53 20 61 73 20 79 6f 75 72 20 66 69 72 65 77 61 6c 6c 20 61 6e 64 20 72 6f 75 74 65 72 2c 20 74	S.as.your.firewall.and.router,.t
35940	68 69 73 20 77 69 6c 6c 20 72 65 73 75 6c 74 20 69 6e 20 68 61 76 69 6e 67 20 61 20 64 6f 75 62	his.will.result.in.having.a.doub
35960	6c 65 20 4e 41 54 20 61 6e 64 20 66 69 72 65 77 61 6c 6c 20 73 65 74 75 70 2e 20 54 68 69 73 20	le.NAT.and.firewall.setup..This.
35980	72 65 73 75 6c 74 73 20 69 6e 20 61 20 66 65 77 20 65 78 74 72 61 20 6c 61 79 65 72 73 20 6f 66	results.in.a.few.extra.layers.of
359a0	20 63 6f 6d 70 6c 65 78 69 74 79 2c 20 70 61 72 74 69 63 75 6c 61 72 6c 79 20 69 66 20 79 6f 75	.complexity,.particularly.if.you
359c0	20 75 73 65 20 73 6f 6d 65 20 4e 41 54 20 6f 72 20 74 75 6e 6e 65 6c 20 66 65 61 74 75 72 65 73	.use.some.NAT.or.tunnel.features
359e0	2e 00 46 6f 72 20 63 6f 6e 6e 65 63 74 69 6f 6e 6c 65 73 73 20 70 72 6f 74 6f 63 6f 6c 73 20 61	..For.connectionless.protocols.a
35a00	73 20 6c 69 6b 65 20 49 43 4d 50 20 61 6e 64 20 55 44 50 2c 20 61 20 66 6c 6f 77 20 69 73 20 63	s.like.ICMP.and.UDP,.a.flow.is.c
35a20	6f 6e 73 69 64 65 72 65 64 20 63 6f 6d 70 6c 65 74 65 20 6f 6e 63 65 20 6e 6f 20 6d 6f 72 65 20	onsidered.complete.once.no.more.
35a40	70 61 63 6b 65 74 73 20 66 6f 72 20 74 68 69 73 20 66 6c 6f 77 20 61 70 70 65 61 72 20 61 66 74	packets.for.this.flow.appear.aft
35a60	65 72 20 63 6f 6e 66 69 67 75 72 61 62 6c 65 20 74 69 6d 65 6f 75 74 2e 00 46 6f 72 20 65 78 61	er.configurable.timeout..For.exa
35a80	6d 70 6c 65 2c 20 69 66 20 70 72 6f 62 6c 65 6d 73 20 77 69 74 68 20 70 6f 6f 72 20 74 69 6d 65	mple,.if.problems.with.poor.time
35aa0	20 73 79 6e 63 68 72 6f 6e 69 7a 61 74 69 6f 6e 20 61 72 65 20 65 78 70 65 72 69 65 6e 63 65 64	.synchronization.are.experienced
35ac0	2c 20 74 68 65 20 77 69 6e 64 6f 77 20 63 61 6e 20 62 65 20 69 6e 63 72 65 61 73 65 64 20 66 72	,.the.window.can.be.increased.fr
35ae0	6f 6d 20 69 74 73 20 64 65 66 61 75 6c 74 20 73 69 7a 65 20 6f 66 20 33 20 70 65 72 6d 69 74 74	om.its.default.size.of.3.permitt
35b00	65 64 20 63 6f 64 65 73 20 28 6f 6e 65 20 70 72 65 76 69 6f 75 73 20 63 6f 64 65 2c 20 74 68 65	ed.codes.(one.previous.code,.the
35b20	20 63 75 72 72 65 6e 74 20 63 6f 64 65 2c 20 74 68 65 20 6e 65 78 74 20 63 6f 64 65 29 20 74 6f	.current.code,.the.next.code).to
35b40	20 31 37 20 70 65 72 6d 69 74 74 65 64 20 63 6f 64 65 73 20 28 74 68 65 20 38 20 70 72 65 76 69	.17.permitted.codes.(the.8.previ
35b60	6f 75 73 20 63 6f 64 65 73 2c 20 74 68 65 20 63 75 72 72 65 6e 74 20 63 6f 64 65 2c 20 61 6e 64	ous.codes,.the.current.code,.and
35b80	20 74 68 65 20 38 20 6e 65 78 74 20 63 6f 64 65 73 29 2e 20 54 68 69 73 20 77 69 6c 6c 20 70 65	.the.8.next.codes)..This.will.pe
35ba0	72 6d 69 74 20 66 6f 72 20 61 20 74 69 6d 65 20 73 6b 65 77 20 6f 66 20 75 70 20 74 6f 20 34 20	rmit.for.a.time.skew.of.up.to.4.
35bc0	6d 69 6e 75 74 65 73 20 62 65 74 77 65 65 6e 20 63 6c 69 65 6e 74 20 61 6e 64 20 73 65 72 76 65	minutes.between.client.and.serve
35be0	72 2e 00 46 6f 72 20 65 78 61 6d 70 6c 65 3a 00 46 6f 72 20 66 69 72 65 77 61 6c 6c 20 66 69 6c	r..For.example:.For.firewall.fil
35c00	74 65 72 69 6e 67 2c 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 73 68 6f 75 6c 64 20 62 65 20	tering,.configuration.should.be.
35c20	64 6f 6e 65 20 69 6e 20 60 60 73 65 74 20 66 69 72 65 77 61 6c 6c 20 5b 69 70 76 34 20 7c 20 69	done.in.``set.firewall.[ipv4.|.i
35c40	70 76 36 5d 20 2e 2e 2e 60 60 00 46 6f 72 20 66 69 72 65 77 61 6c 6c 20 66 69 6c 74 65 72 69 6e	pv6]....``.For.firewall.filterin
35c60	67 2c 20 66 69 72 65 77 61 6c 6c 20 72 75 6c 65 73 20 6e 65 65 64 73 20 74 6f 20 62 65 20 63 72	g,.firewall.rules.needs.to.be.cr
35c80	65 61 74 65 64 2e 20 45 61 63 68 20 72 75 6c 65 20 69 73 20 6e 75 6d 62 65 72 65 64 2c 20 68 61	eated..Each.rule.is.numbered,.ha
35ca0	73 20 61 6e 20 61 63 74 69 6f 6e 20 74 6f 20 61 70 70 6c 79 20 69 66 20 74 68 65 20 72 75 6c 65	s.an.action.to.apply.if.the.rule
35cc0	20 69 73 20 6d 61 74 63 68 65 64 2c 20 61 6e 64 20 74 68 65 20 61 62 69 6c 69 74 79 20 74 6f 20	.is.matched,.and.the.ability.to.
35ce0	73 70 65 63 69 66 79 20 6d 75 6c 74 69 70 6c 65 20 63 72 69 74 65 72 69 61 20 6d 61 74 63 68 65	specify.multiple.criteria.matche
35d00	72 73 2e 20 44 61 74 61 20 70 61 63 6b 65 74 73 20 67 6f 20 74 68 72 6f 75 67 68 20 74 68 65 20	rs..Data.packets.go.through.the.
35d20	72 75 6c 65 73 20 66 72 6f 6d 20 31 20 2d 20 39 39 39 39 39 39 2c 20 73 6f 20 6f 72 64 65 72 20	rules.from.1.-.999999,.so.order.
35d40	69 73 20 63 72 75 63 69 61 6c 2e 20 41 74 20 74 68 65 20 66 69 72 73 74 20 6d 61 74 63 68 20 74	is.crucial..At.the.first.match.t
35d60	68 65 20 61 63 74 69 6f 6e 20 6f 66 20 74 68 65 20 72 75 6c 65 20 77 69 6c 6c 20 62 65 20 65 78	he.action.of.the.rule.will.be.ex
35d80	65 63 75 74 65 64 2e 00 46 6f 72 20 66 72 61 67 6d 65 6e 74 65 64 20 54 43 50 20 6f 72 20 55 44	ecuted..For.fragmented.TCP.or.UD
35da0	50 20 70 61 63 6b 65 74 73 20 61 6e 64 20 61 6c 6c 20 6f 74 68 65 72 20 49 50 76 34 20 61 6e 64	P.packets.and.all.other.IPv4.and
35dc0	20 49 50 76 36 20 70 72 6f 74 6f 63 6f 6c 20 74 72 61 66 66 69 63 2c 20 74 68 65 20 73 6f 75 72	.IPv6.protocol.traffic,.the.sour
35de0	63 65 20 61 6e 64 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 70 6f 72 74 20 69 6e 66 6f 72 6d 61 74	ce.and.destination.port.informat
35e00	69 6f 6e 20 69 73 20 6f 6d 69 74 74 65 64 2e 20 46 6f 72 20 6e 6f 6e 2d 49 50 20 74 72 61 66 66	ion.is.omitted..For.non-IP.traff
35e20	69 63 2c 20 74 68 65 20 66 6f 72 6d 75 6c 61 20 69 73 20 74 68 65 20 73 61 6d 65 20 61 73 20 66	ic,.the.formula.is.the.same.as.f
35e40	6f 72 20 74 68 65 20 6c 61 79 65 72 32 20 74 72 61 6e 73 6d 69 74 20 68 61 73 68 20 70 6f 6c 69	or.the.layer2.transmit.hash.poli
35e60	63 79 2e 00 46 6f 72 20 67 65 6e 65 72 61 74 69 6e 67 20 61 6e 20 4f 54 50 20 6b 65 79 20 69 6e	cy..For.generating.an.OTP.key.in
35e80	20 56 79 4f 53 2c 20 79 6f 75 20 63 61 6e 20 75 73 65 20 74 68 65 20 43 4c 49 20 63 6f 6d 6d 61	.VyOS,.you.can.use.the.CLI.comma
35ea0	6e 64 20 28 6f 70 65 72 61 74 69 6f 6e 61 6c 20 6d 6f 64 65 29 3a 00 46 6f 72 20 69 6e 62 6f 75	nd.(operational.mode):.For.inbou
35ec0	6e 64 20 75 70 64 61 74 65 73 20 74 68 65 20 6f 72 64 65 72 20 6f 66 20 70 72 65 66 65 72 65 6e	nd.updates.the.order.of.preferen
35ee0	63 65 20 69 73 3a 00 46 6f 72 20 69 6e 73 74 61 6e 63 65 2c 20 77 69 74 68 20 3a 63 6f 64 65 3a	ce.is:.For.instance,.with.:code:
35f00	60 73 65 74 20 71 6f 73 20 70 6f 6c 69 63 79 20 73 68 61 70 65 72 20 4d 59 2d 53 48 41 50 45 52	`set.qos.policy.shaper.MY-SHAPER
35f20	20 63 6c 61 73 73 20 33 30 20 73 65 74 2d 64 73 63 70 20 45 46 60 20 79 6f 75 20 77 6f 75 6c 64	.class.30.set-dscp.EF`.you.would
35f40	20 62 65 20 6d 6f 64 69 66 79 69 6e 67 20 74 68 65 20 44 53 43 50 20 66 69 65 6c 64 20 76 61 6c	.be.modifying.the.DSCP.field.val
35f60	75 65 20 6f 66 20 70 61 63 6b 65 74 73 20 69 6e 20 74 68 61 74 20 63 6c 61 73 73 20 74 6f 20 45	ue.of.packets.in.that.class.to.E
35f80	78 70 65 64 69 74 65 20 46 6f 72 77 61 72 64 69 6e 67 2e 00 46 6f 72 20 69 70 76 34 3a 00 46 6f	xpedite.Forwarding..For.ipv4:.Fo
35fa0	72 20 6c 61 74 65 73 74 20 72 65 6c 65 61 73 65 73 2c 20 72 65 66 65 72 20 74 68 65 20 60 66 69	r.latest.releases,.refer.the.`fi
35fc0	72 65 77 61 6c 6c 20 3c 68 74 74 70 73 3a 2f 2f 64 6f 63 73 2e 76 79 6f 73 2e 69 6f 2f 65 6e 2f	rewall.<https://docs.vyos.io/en/
35fe0	6c 61 74 65 73 74 2f 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2f 66 69 72 65 77 61 6c 6c 2f 67 65	latest/configuration/firewall/ge
36000	6e 65 72 61 6c 2e 68 74 6d 6c 23 69 6e 74 65 72 66 61 63 65 2d 67 72 6f 75 70 73 3e 60 5f 20 6d	neral.html#interface-groups>`_.m
36020	61 69 6e 20 70 61 67 65 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 7a 6f 6e 65 20 62 61 73 65 64	ain.page.to.configure.zone.based
36040	20 72 75 6c 65 73 2e 20 4e 65 77 20 73 79 6e 74 61 78 20 77 61 73 20 69 6e 74 72 6f 64 75 63 65	.rules..New.syntax.was.introduce
36060	64 20 68 65 72 65 20 3a 76 79 74 61 73 6b 3a 60 54 35 31 36 30 60 00 46 6f 72 20 6d 6f 72 65 20	d.here.:vytask:`T5160`.For.more.
36080	69 6e 66 6f 72 6d 61 74 69 6f 6e 20 6f 6e 20 68 6f 77 20 4d 50 4c 53 20 6c 61 62 65 6c 20 73 77	information.on.how.MPLS.label.sw
360a0	69 74 63 68 69 6e 67 20 77 6f 72 6b 73 2c 20 70 6c 65 61 73 65 20 67 6f 20 76 69 73 69 74 20 60	itching.works,.please.go.visit.`
360c0	57 69 6b 69 70 65 64 69 61 20 28 4d 50 4c 53 29 60 5f 2e 00 46 6f 72 20 6e 65 74 77 6f 72 6b 20	Wikipedia.(MPLS)`_..For.network.
360e0	6d 61 69 6e 74 65 6e 61 6e 63 65 2c 20 69 74 27 73 20 61 20 67 6f 6f 64 20 69 64 65 61 20 74 6f	maintenance,.it's.a.good.idea.to
36100	20 64 69 72 65 63 74 20 75 73 65 72 73 20 74 6f 20 61 20 62 61 63 6b 75 70 20 73 65 72 76 65 72	.direct.users.to.a.backup.server
36120	20 73 6f 20 74 68 61 74 20 74 68 65 20 70 72 69 6d 61 72 79 20 73 65 72 76 65 72 20 63 61 6e 20	.so.that.the.primary.server.can.
36140	62 65 20 73 61 66 65 6c 79 20 74 61 6b 65 6e 20 6f 75 74 20 6f 66 20 73 65 72 76 69 63 65 2e 20	be.safely.taken.out.of.service..
36160	49 74 27 73 20 70 6f 73 73 69 62 6c 65 20 74 6f 20 73 77 69 74 63 68 20 79 6f 75 72 20 50 50 50	It's.possible.to.switch.your.PPP
36180	6f 45 20 73 65 72 76 65 72 20 74 6f 20 6d 61 69 6e 74 65 6e 61 6e 63 65 20 6d 6f 64 65 20 77 68	oE.server.to.maintenance.mode.wh
361a0	65 72 65 20 69 74 20 6d 61 69 6e 74 61 69 6e 73 20 61 6c 72 65 61 64 79 20 65 73 74 61 62 6c 69	ere.it.maintains.already.establi
361c0	73 68 65 64 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 2c 20 62 75 74 20 72 65 66 75 73 65 73 20 6e 65	shed.connections,.but.refuses.ne
361e0	77 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 61 74 74 65 6d 70 74 73 2e 00 46 6f 72 20 6f 70 74 69 6d	w.connection.attempts..For.optim
36200	61 6c 20 73 63 61 6c 61 62 69 6c 69 74 79 2c 20 4d 75 6c 74 69 63 61 73 74 20 73 68 6f 75 6c 64	al.scalability,.Multicast.should
36220	6e 27 74 20 62 65 20 75 73 65 64 20 61 74 20 61 6c 6c 2c 20 62 75 74 20 69 6e 73 74 65 61 64 20	n't.be.used.at.all,.but.instead.
36240	75 73 65 20 42 47 50 20 74 6f 20 73 69 67 6e 61 6c 20 61 6c 6c 20 63 6f 6e 6e 65 63 74 65 64 20	use.BGP.to.signal.all.connected.
36260	64 65 76 69 63 65 73 20 62 65 74 77 65 65 6e 20 6c 65 61 76 65 73 2e 20 55 6e 66 6f 72 74 75 6e	devices.between.leaves..Unfortun
36280	61 74 65 6c 79 2c 20 56 79 4f 53 20 64 6f 65 73 20 6e 6f 74 20 79 65 74 20 73 75 70 70 6f 72 74	ately,.VyOS.does.not.yet.support
362a0	20 74 68 69 73 2e 00 46 6f 72 20 6f 75 74 62 6f 75 6e 64 20 75 70 64 61 74 65 73 20 74 68 65 20	.this..For.outbound.updates.the.
362c0	6f 72 64 65 72 20 6f 66 20 70 72 65 66 65 72 65 6e 63 65 20 69 73 3a 00 46 6f 72 20 72 65 66 65	order.of.preference.is:.For.refe
362e0	72 65 6e 63 65 2c 20 61 20 64 65 73 63 72 69 70 74 69 6f 6e 20 63 61 6e 20 62 65 20 64 65 66 69	rence,.a.description.can.be.defi
36300	6e 65 64 20 66 6f 72 20 65 76 65 72 79 20 73 69 6e 67 6c 65 20 72 75 6c 65 2c 20 61 6e 64 20 66	ned.for.every.single.rule,.and.f
36320	6f 72 20 65 76 65 72 79 20 64 65 66 69 6e 65 64 20 63 75 73 74 6f 6d 20 63 68 61 69 6e 2e 00 46	or.every.defined.custom.chain..F
36340	6f 72 20 73 65 63 75 72 69 74 79 2c 20 74 68 65 20 6c 69 73 74 65 6e 20 61 64 64 72 65 73 73 20	or.security,.the.listen.address.
36360	73 68 6f 75 6c 64 20 6f 6e 6c 79 20 62 65 20 75 73 65 64 20 6f 6e 20 69 6e 74 65 72 6e 61 6c 2f	should.only.be.used.on.internal/
36380	74 72 75 73 74 65 64 20 6e 65 74 77 6f 72 6b 73 21 00 46 6f 72 20 73 65 72 69 61 6c 20 76 69 61	trusted.networks!.For.serial.via
363a0	20 55 53 42 20 70 6f 72 74 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 72 65 66	.USB.port.information.please.ref
363c0	6f 72 20 74 6f 3a 20 3a 72 65 66 3a 60 68 61 72 64 77 61 72 65 5f 75 73 62 60 2e 00 46 6f 72 20	or.to:.:ref:`hardware_usb`..For.
363e0	73 69 6d 70 6c 69 63 69 74 79 20 77 65 27 6c 6c 20 61 73 73 75 6d 65 20 74 68 61 74 20 74 68 65	simplicity.we'll.assume.that.the
36400	20 70 72 6f 74 6f 63 6f 6c 20 69 73 20 47 52 45 2c 20 69 74 27 73 20 6e 6f 74 20 68 61 72 64 20	.protocol.is.GRE,.it's.not.hard.
36420	74 6f 20 67 75 65 73 73 20 77 68 61 74 20 6e 65 65 64 73 20 74 6f 20 62 65 20 63 68 61 6e 67 65	to.guess.what.needs.to.be.change
36440	64 20 74 6f 20 6d 61 6b 65 20 69 74 20 77 6f 72 6b 20 77 69 74 68 20 61 20 64 69 66 66 65 72 65	d.to.make.it.work.with.a.differe
36460	6e 74 20 70 72 6f 74 6f 63 6f 6c 2e 20 57 65 20 61 73 73 75 6d 65 20 74 68 61 74 20 49 50 73 65	nt.protocol..We.assume.that.IPse
36480	63 20 77 69 6c 6c 20 75 73 65 20 70 72 65 2d 73 68 61 72 65 64 20 73 65 63 72 65 74 20 61 75 74	c.will.use.pre-shared.secret.aut
364a0	68 65 6e 74 69 63 61 74 69 6f 6e 20 61 6e 64 20 77 69 6c 6c 20 75 73 65 20 41 45 53 31 32 38 2f	hentication.and.will.use.AES128/
364c0	53 48 41 31 20 66 6f 72 20 74 68 65 20 63 69 70 68 65 72 20 61 6e 64 20 68 61 73 68 2e 20 41 64	SHA1.for.the.cipher.and.hash..Ad
364e0	6a 75 73 74 20 74 68 69 73 20 61 73 20 6e 65 63 65 73 73 61 72 79 2e 00 46 6f 72 20 74 68 65 20	just.this.as.necessary..For.the.
36500	3a 72 65 66 3a 60 64 65 73 74 69 6e 61 74 69 6f 6e 2d 6e 61 74 36 36 60 20 72 75 6c 65 2c 20 74	:ref:`destination-nat66`.rule,.t
36520	68 65 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 70 61	he.destination.address.of.the.pa
36540	63 6b 65 74 20 69 73 72 65 70 6c 61 63 65 64 20 62 79 20 74 68 65 20 61 64 64 72 65 73 73 20 63	cket.isreplaced.by.the.address.c
36560	61 6c 63 75 6c 61 74 65 64 20 66 72 6f 6d 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 61 64 64	alculated.from.the.specified.add
36580	72 65 73 73 20 6f 72 20 70 72 65 66 69 78 20 69 6e 20 74 68 65 20 60 74 72 61 6e 73 6c 61 74 69	ress.or.prefix.in.the.`translati
365a0	6f 6e 20 61 64 64 72 65 73 73 60 20 63 6f 6d 6d 61 6e 64 00 46 6f 72 20 74 68 65 20 4f 70 65 6e	on.address`.command.For.the.Open
365c0	56 50 4e 20 74 72 61 66 66 69 63 20 74 6f 20 70 61 73 73 20 74 68 72 6f 75 67 68 20 74 68 65 20	VPN.traffic.to.pass.through.the.
365e0	57 41 4e 20 69 6e 74 65 72 66 61 63 65 2c 20 79 6f 75 20 6d 75 73 74 20 63 72 65 61 74 65 20 61	WAN.interface,.you.must.create.a
36600	20 66 69 72 65 77 61 6c 6c 20 65 78 63 65 70 74 69 6f 6e 2e 00 46 6f 72 20 74 68 65 20 57 69 72	.firewall.exception..For.the.Wir
36620	65 47 75 61 72 64 20 74 72 61 66 66 69 63 20 74 6f 20 70 61 73 73 20 74 68 72 6f 75 67 68 20 74	eGuard.traffic.to.pass.through.t
36640	68 65 20 57 41 4e 20 69 6e 74 65 72 66 61 63 65 2c 20 79 6f 75 20 6d 75 73 74 20 63 72 65 61 74	he.WAN.interface,.you.must.creat
36660	65 20 61 20 66 69 72 65 77 61 6c 6c 20 65 78 63 65 70 74 69 6f 6e 2e 00 46 6f 72 20 74 68 65 20	e.a.firewall.exception..For.the.
36680	61 76 65 72 61 67 65 20 75 73 65 72 20 61 20 73 65 72 69 61 6c 20 63 6f 6e 73 6f 6c 65 20 68 61	average.user.a.serial.console.ha
366a0	73 20 6e 6f 20 61 64 76 61 6e 74 61 67 65 20 6f 76 65 72 20 61 20 63 6f 6e 73 6f 6c 65 20 6f 66	s.no.advantage.over.a.console.of
366c0	66 65 72 65 64 20 62 79 20 61 20 64 69 72 65 63 74 6c 79 20 61 74 74 61 63 68 65 64 20 6b 65 79	fered.by.a.directly.attached.key
366e0	62 6f 61 72 64 20 61 6e 64 20 73 63 72 65 65 6e 2e 20 53 65 72 69 61 6c 20 63 6f 6e 73 6f 6c 65	board.and.screen..Serial.console
36700	73 20 61 72 65 20 6d 75 63 68 20 73 6c 6f 77 65 72 2c 20 74 61 6b 69 6e 67 20 75 70 20 74 6f 20	s.are.much.slower,.taking.up.to.
36720	61 20 73 65 63 6f 6e 64 20 74 6f 20 66 69 6c 6c 20 61 20 38 30 20 63 6f 6c 75 6d 6e 20 62 79 20	a.second.to.fill.a.80.column.by.
36740	32 34 20 6c 69 6e 65 20 73 63 72 65 65 6e 2e 20 53 65 72 69 61 6c 20 63 6f 6e 73 6f 6c 65 73 20	24.line.screen..Serial.consoles.
36760	67 65 6e 65 72 61 6c 6c 79 20 6f 6e 6c 79 20 73 75 70 70 6f 72 74 20 6e 6f 6e 2d 70 72 6f 70 6f	generally.only.support.non-propo
36780	72 74 69 6f 6e 61 6c 20 41 53 43 49 49 20 74 65 78 74 2c 20 77 69 74 68 20 6c 69 6d 69 74 65 64	rtional.ASCII.text,.with.limited
367a0	20 73 75 70 70 6f 72 74 20 66 6f 72 20 6c 61 6e 67 75 61 67 65 73 20 6f 74 68 65 72 20 74 68 61	.support.for.languages.other.tha
367c0	6e 20 45 6e 67 6c 69 73 68 2e 00 46 6f 72 20 74 68 65 20 69 6e 67 72 65 73 73 20 74 72 61 66 66	n.English..For.the.ingress.traff
367e0	69 63 20 6f 66 20 61 6e 20 69 6e 74 65 72 66 61 63 65 2c 20 74 68 65 72 65 20 69 73 20 6f 6e 6c	ic.of.an.interface,.there.is.onl
36800	79 20 6f 6e 65 20 70 6f 6c 69 63 79 20 79 6f 75 20 63 61 6e 20 64 69 72 65 63 74 6c 79 20 61 70	y.one.policy.you.can.directly.ap
36820	70 6c 79 2c 20 61 20 2a 2a 4c 69 6d 69 74 65 72 2a 2a 20 70 6f 6c 69 63 79 2e 20 59 6f 75 20 63	ply,.a.**Limiter**.policy..You.c
36840	61 6e 6e 6f 74 20 61 70 70 6c 79 20 61 20 73 68 61 70 69 6e 67 20 70 6f 6c 69 63 79 20 64 69 72	annot.apply.a.shaping.policy.dir
36860	65 63 74 6c 79 20 74 6f 20 74 68 65 20 69 6e 67 72 65 73 73 20 74 72 61 66 66 69 63 20 6f 66 20	ectly.to.the.ingress.traffic.of.
36880	61 6e 79 20 69 6e 74 65 72 66 61 63 65 20 62 65 63 61 75 73 65 20 73 68 61 70 69 6e 67 20 6f 6e	any.interface.because.shaping.on
368a0	6c 79 20 77 6f 72 6b 73 20 66 6f 72 20 6f 75 74 62 6f 75 6e 64 20 74 72 61 66 66 69 63 2e 00 46	ly.works.for.outbound.traffic..F
368c0	6f 72 20 74 68 65 20 73 61 6b 65 20 6f 66 20 64 65 6d 6f 6e 73 74 72 61 74 69 6f 6e 2c 20 60 65	or.the.sake.of.demonstration,.`e
368e0	78 61 6d 70 6c 65 20 23 31 20 69 6e 20 74 68 65 20 6f 66 66 69 63 69 61 6c 20 64 6f 63 75 6d 65	xample.#1.in.the.official.docume
36900	6e 74 61 74 69 6f 6e 20 3c 68 74 74 70 73 3a 2f 2f 77 77 77 2e 7a 61 62 62 69 78 2e 63 6f 6d 2f	ntation.<https://www.zabbix.com/
36920	64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2f 63 75 72 72 65 6e 74 2f 6d 61 6e 75 61 6c 2f 69 6e 73	documentation/current/manual/ins
36940	74 61 6c 6c 61 74 69 6f 6e 2f 63 6f 6e 74 61 69 6e 65 72 73 3e 60 5f 20 74 6f 20 74 68 65 20 64	tallation/containers>`_.to.the.d
36960	65 63 6c 61 72 61 74 69 76 65 20 56 79 4f 53 20 43 4c 49 20 73 79 6e 74 61 78 2e 00 46 6f 72 20	eclarative.VyOS.CLI.syntax..For.
36980	74 72 61 66 66 69 63 20 6f 72 69 67 69 6e 61 74 65 64 20 62 79 20 74 68 65 20 72 6f 75 74 65 72	traffic.originated.by.the.router
369a0	2c 20 62 61 73 65 20 63 68 61 69 6e 20 69 73 20 2a 2a 6f 75 74 70 75 74 20 66 69 6c 74 65 72 2a	,.base.chain.is.**output.filter*
369c0	2a 3a 20 60 60 73 65 74 20 66 69 72 65 77 61 6c 6c 20 5b 69 70 76 34 20 7c 20 69 70 76 36 5d 20	*:.``set.firewall.[ipv4.|.ipv6].
369e0	6f 75 74 70 75 74 20 66 69 6c 74 65 72 20 2e 2e 2e 60 60 00 46 6f 72 20 74 72 61 66 66 69 63 20	output.filter....``.For.traffic.
36a00	74 6f 77 61 72 64 73 20 74 68 65 20 72 6f 75 74 65 72 20 69 74 73 65 6c 66 2c 20 62 61 73 65 20	towards.the.router.itself,.base.
36a20	63 68 61 69 6e 20 69 73 20 2a 2a 69 6e 70 75 74 20 66 69 6c 74 65 72 2a 2a 3a 20 60 60 73 65 74	chain.is.**input.filter**:.``set
36a40	20 66 69 72 65 77 61 6c 6c 20 5b 69 70 76 34 20 7c 20 69 70 76 36 5d 20 69 6e 70 75 74 20 66 69	.firewall.[ipv4.|.ipv6].input.fi
36a60	6c 74 65 72 20 2e 2e 2e 60 60 00 46 6f 72 20 74 72 61 6e 73 69 74 20 74 72 61 66 66 69 63 2c 20	lter....``.For.transit.traffic,.
36a80	77 68 69 63 68 20 69 73 20 72 65 63 65 69 76 65 64 20 62 79 20 74 68 65 20 72 6f 75 74 65 72 20	which.is.received.by.the.router.
36aa0	61 6e 64 20 66 6f 72 77 61 72 64 65 64 2c 20 62 61 73 65 20 63 68 61 69 6e 20 69 73 20 2a 2a 66	and.forwarded,.base.chain.is.**f
36ac0	6f 72 77 61 72 64 20 66 69 6c 74 65 72 2a 2a 3a 20 60 60 73 65 74 20 66 69 72 65 77 61 6c 6c 20	orward.filter**:.``set.firewall.
36ae0	5b 69 70 76 34 20 7c 20 69 70 76 36 5d 20 66 6f 72 77 61 72 64 20 66 69 6c 74 65 72 20 2e 2e 2e	[ipv4.|.ipv6].forward.filter....
36b00	60 60 00 46 6f 72 6d 61 6c 6c 79 2c 20 61 20 76 69 72 74 75 61 6c 20 6c 69 6e 6b 20 6c 6f 6f 6b	``.Formally,.a.virtual.link.look
36b20	73 20 6c 69 6b 65 20 61 20 70 6f 69 6e 74 2d 74 6f 2d 70 6f 69 6e 74 20 6e 65 74 77 6f 72 6b 20	s.like.a.point-to-point.network.
36b40	63 6f 6e 6e 65 63 74 69 6e 67 20 74 77 6f 20 41 42 52 20 66 72 6f 6d 20 6f 6e 65 20 61 72 65 61	connecting.two.ABR.from.one.area
36b60	20 6f 6e 65 20 6f 66 20 77 68 69 63 68 20 70 68 79 73 69 63 61 6c 6c 79 20 63 6f 6e 6e 65 63 74	.one.of.which.physically.connect
36b80	65 64 20 74 6f 20 61 20 62 61 63 6b 62 6f 6e 65 20 61 72 65 61 2e 20 54 68 69 73 20 70 73 65 75	ed.to.a.backbone.area..This.pseu
36ba0	64 6f 2d 6e 65 74 77 6f 72 6b 20 69 73 20 63 6f 6e 73 69 64 65 72 65 64 20 74 6f 20 62 65 6c 6f	do-network.is.considered.to.belo
36bc0	6e 67 20 74 6f 20 61 20 62 61 63 6b 62 6f 6e 65 20 61 72 65 61 2e 00 46 6f 72 77 61 72 64 20 69	ng.to.a.backbone.area..Forward.i
36be0	6e 63 6f 6d 69 6e 67 20 44 4e 53 20 71 75 65 72 69 65 73 20 74 6f 20 74 68 65 20 44 4e 53 20 73	ncoming.DNS.queries.to.the.DNS.s
36c00	65 72 76 65 72 73 20 63 6f 6e 66 69 67 75 72 65 64 20 75 6e 64 65 72 20 74 68 65 20 60 60 73 79	ervers.configured.under.the.``sy
36c20	73 74 65 6d 20 6e 61 6d 65 2d 73 65 72 76 65 72 60 60 20 6e 6f 64 65 73 2e 00 46 6f 72 77 61 72	stem.name-server``.nodes..Forwar
36c40	64 20 6d 65 74 68 6f 64 00 46 6f 72 77 61 72 64 20 72 65 63 65 69 76 65 64 20 71 75 65 72 69 65	d.method.Forward.received.querie
36c60	73 20 66 6f 72 20 61 20 70 61 72 74 69 63 75 6c 61 72 20 64 6f 6d 61 69 6e 20 28 73 70 65 63 69	s.for.a.particular.domain.(speci
36c80	66 69 65 64 20 76 69 61 20 60 64 6f 6d 61 69 6e 2d 6e 61 6d 65 60 29 20 74 6f 20 61 20 67 69 76	fied.via.`domain-name`).to.a.giv
36ca0	65 6e 20 6e 61 6d 65 73 65 72 76 65 72 2e 20 4d 75 6c 74 69 70 6c 65 20 6e 61 6d 65 73 65 72 76	en.nameserver..Multiple.nameserv
36cc0	65 72 73 20 63 61 6e 20 62 65 20 73 70 65 63 69 66 69 65 64 2e 20 59 6f 75 20 63 61 6e 20 75 73	ers.can.be.specified..You.can.us
36ce0	65 20 74 68 69 73 20 66 65 61 74 75 72 65 20 66 6f 72 20 61 20 44 4e 53 20 73 70 6c 69 74 2d 68	e.this.feature.for.a.DNS.split-h
36d00	6f 72 69 7a 6f 6e 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2e 00 46 6f 75 72 20 70 6f 6c 69 63	orizon.configuration..Four.polic
36d20	69 65 73 20 66 6f 72 20 72 65 66 6f 72 77 61 72 64 69 6e 67 20 44 48 43 50 20 70 61 63 6b 65 74	ies.for.reforwarding.DHCP.packet
36d40	73 20 65 78 69 73 74 3a 00 46 72 6f 6d 20 3a 72 66 63 3a 60 31 39 33 30 60 3a 00 46 72 6f 6d 20	s.exist:.From.:rfc:`1930`:.From.
36d60	61 20 73 65 63 75 72 69 74 79 20 70 65 72 73 70 65 63 74 69 76 65 2c 20 69 74 20 69 73 20 6e 6f	a.security.perspective,.it.is.no
36d80	74 20 72 65 63 6f 6d 6d 65 6e 64 65 64 20 74 6f 20 6c 65 74 20 61 20 74 68 69 72 64 20 70 61 72	t.recommended.to.let.a.third.par
36da0	74 79 20 63 72 65 61 74 65 20 61 6e 64 20 73 68 61 72 65 20 74 68 65 20 70 72 69 76 61 74 65 20	ty.create.and.share.the.private.
36dc0	6b 65 79 20 66 6f 72 20 61 20 73 65 63 75 72 65 64 20 63 6f 6e 6e 65 63 74 69 6f 6e 2e 20 59 6f	key.for.a.secured.connection..Yo
36de0	75 20 73 68 6f 75 6c 64 20 63 72 65 61 74 65 20 74 68 65 20 70 72 69 76 61 74 65 20 70 6f 72 74	u.should.create.the.private.port
36e00	69 6f 6e 20 6f 6e 20 79 6f 75 72 20 6f 77 6e 20 61 6e 64 20 6f 6e 6c 79 20 68 61 6e 64 20 6f 75	ion.on.your.own.and.only.hand.ou
36e20	74 20 74 68 65 20 70 75 62 6c 69 63 20 6b 65 79 2e 20 50 6c 65 61 73 65 20 6b 65 65 70 20 74 68	t.the.public.key..Please.keep.th
36e40	69 73 20 69 6e 20 6d 69 6e 64 20 77 68 65 6e 20 75 73 69 6e 67 20 74 68 69 73 20 63 6f 6e 76 65	is.in.mind.when.using.this.conve
36e60	6e 69 65 6e 63 65 20 66 65 61 74 75 72 65 2e 00 46 77 6d 61 72 6b 00 47 45 4e 45 56 45 00 47 45	nience.feature..Fwmark.GENEVE.GE
36e80	4e 45 56 45 20 69 73 20 64 65 73 69 67 6e 65 64 20 74 6f 20 73 75 70 70 6f 72 74 20 6e 65 74 77	NEVE.is.designed.to.support.netw
36ea0	6f 72 6b 20 76 69 72 74 75 61 6c 69 7a 61 74 69 6f 6e 20 75 73 65 20 63 61 73 65 73 2c 20 77 68	ork.virtualization.use.cases,.wh
36ec0	65 72 65 20 74 75 6e 6e 65 6c 73 20 61 72 65 20 74 79 70 69 63 61 6c 6c 79 20 65 73 74 61 62 6c	ere.tunnels.are.typically.establ
36ee0	69 73 68 65 64 20 74 6f 20 61 63 74 20 61 73 20 61 20 62 61 63 6b 70 6c 61 6e 65 20 62 65 74 77	ished.to.act.as.a.backplane.betw
36f00	65 65 6e 20 74 68 65 20 76 69 72 74 75 61 6c 20 73 77 69 74 63 68 65 73 20 72 65 73 69 64 69 6e	een.the.virtual.switches.residin
36f20	67 20 69 6e 20 68 79 70 65 72 76 69 73 6f 72 73 2c 20 70 68 79 73 69 63 61 6c 20 73 77 69 74 63	g.in.hypervisors,.physical.switc
36f40	68 65 73 2c 20 6f 72 20 6d 69 64 64 6c 65 62 6f 78 65 73 20 6f 72 20 6f 74 68 65 72 20 61 70 70	hes,.or.middleboxes.or.other.app
36f60	6c 69 61 6e 63 65 73 2e 20 41 6e 20 61 72 62 69 74 72 61 72 79 20 49 50 20 6e 65 74 77 6f 72 6b	liances..An.arbitrary.IP.network
36f80	20 63 61 6e 20 62 65 20 75 73 65 64 20 61 73 20 61 6e 20 75 6e 64 65 72 6c 61 79 20 61 6c 74 68	.can.be.used.as.an.underlay.alth
36fa0	6f 75 67 68 20 43 6c 6f 73 20 6e 65 74 77 6f 72 6b 73 20 2d 20 41 20 74 65 63 68 6e 69 71 75 65	ough.Clos.networks.-.A.technique
36fc0	20 66 6f 72 20 63 6f 6d 70 6f 73 69 6e 67 20 6e 65 74 77 6f 72 6b 20 66 61 62 72 69 63 73 20 6c	.for.composing.network.fabrics.l
36fe0	61 72 67 65 72 20 74 68 61 6e 20 61 20 73 69 6e 67 6c 65 20 73 77 69 74 63 68 20 77 68 69 6c 65	arger.than.a.single.switch.while
37000	20 6d 61 69 6e 74 61 69 6e 69 6e 67 20 6e 6f 6e 2d 62 6c 6f 63 6b 69 6e 67 20 62 61 6e 64 77 69	.maintaining.non-blocking.bandwi
37020	64 74 68 20 61 63 72 6f 73 73 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 70 6f 69 6e 74 73 2e 20 45 43	dth.across.connection.points..EC
37040	4d 50 20 69 73 20 75 73 65 64 20 74 6f 20 64 69 76 69 64 65 20 74 72 61 66 66 69 63 20 61 63 72	MP.is.used.to.divide.traffic.acr
37060	6f 73 73 20 74 68 65 20 6d 75 6c 74 69 70 6c 65 20 6c 69 6e 6b 73 20 61 6e 64 20 73 77 69 74 63	oss.the.multiple.links.and.switc
37080	68 65 73 20 74 68 61 74 20 63 6f 6e 73 74 69 74 75 74 65 20 74 68 65 20 66 61 62 72 69 63 2e 20	hes.that.constitute.the.fabric..
370a0	53 6f 6d 65 74 69 6d 65 73 20 74 65 72 6d 65 64 20 22 6c 65 61 66 20 61 6e 64 20 73 70 69 6e 65	Sometimes.termed."leaf.and.spine
370c0	22 20 6f 72 20 22 66 61 74 20 74 72 65 65 22 20 74 6f 70 6f 6c 6f 67 69 65 73 2e 00 47 45 4e 45	".or."fat.tree".topologies..GENE
370e0	56 45 20 6f 70 74 69 6f 6e 73 00 47 52 45 20 69 73 20 61 20 77 65 6c 6c 20 64 65 66 69 6e 65 64	VE.options.GRE.is.a.well.defined
37100	20 73 74 61 6e 64 61 72 64 20 74 68 61 74 20 69 73 20 63 6f 6d 6d 6f 6e 20 69 6e 20 6d 6f 73 74	.standard.that.is.common.in.most
37120	20 6e 65 74 77 6f 72 6b 73 2e 20 57 68 69 6c 65 20 6e 6f 74 20 69 6e 68 65 72 65 6e 74 6c 79 20	.networks..While.not.inherently.
37140	64 69 66 66 69 63 75 6c 74 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 74 68 65 72 65 20 61 72 65	difficult.to.configure.there.are
37160	20 61 20 63 6f 75 70 6c 65 20 6f 66 20 74 68 69 6e 67 73 20 74 6f 20 6b 65 65 70 20 69 6e 20 6d	.a.couple.of.things.to.keep.in.m
37180	69 6e 64 20 74 6f 20 6d 61 6b 65 20 73 75 72 65 20 74 68 65 20 63 6f 6e 66 69 67 75 72 61 74 69	ind.to.make.sure.the.configurati
371a0	6f 6e 20 70 65 72 66 6f 72 6d 73 20 61 73 20 65 78 70 65 63 74 65 64 2e 20 41 20 63 6f 6d 6d 6f	on.performs.as.expected..A.commo
371c0	6e 20 63 61 75 73 65 20 66 6f 72 20 47 52 45 20 74 75 6e 6e 65 6c 73 20 74 6f 20 66 61 69 6c 20	n.cause.for.GRE.tunnels.to.fail.
371e0	74 6f 20 63 6f 6d 65 20 75 70 20 63 6f 72 72 65 63 74 6c 79 20 69 6e 63 6c 75 64 65 20 41 43 4c	to.come.up.correctly.include.ACL
37200	20 6f 72 20 46 69 72 65 77 61 6c 6c 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 73 20 74 68 61 74	.or.Firewall.configurations.that
37220	20 61 72 65 20 64 69 73 63 61 72 64 69 6e 67 20 49 50 20 70 72 6f 74 6f 63 6f 6c 20 34 37 20 6f	.are.discarding.IP.protocol.47.o
37240	72 20 62 6c 6f 63 6b 69 6e 67 20 79 6f 75 72 20 73 6f 75 72 63 65 2f 64 65 73 74 69 6e 61 74 69	r.blocking.your.source/destinati
37260	6f 6e 20 74 72 61 66 66 69 63 2e 00 47 52 45 20 69 73 20 61 6c 73 6f 20 74 68 65 20 6f 6e 6c 79	on.traffic..GRE.is.also.the.only
37280	20 63 6c 61 73 73 69 63 20 70 72 6f 74 6f 63 6f 6c 20 74 68 61 74 20 61 6c 6c 6f 77 73 20 63 72	.classic.protocol.that.allows.cr
372a0	65 61 74 69 6e 67 20 6d 75 6c 74 69 70 6c 65 20 74 75 6e 6e 65 6c 73 20 77 69 74 68 20 74 68 65	eating.multiple.tunnels.with.the
372c0	20 73 61 6d 65 20 73 6f 75 72 63 65 20 61 6e 64 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 64 75 65	.same.source.and.destination.due
372e0	20 74 6f 20 69 74 73 20 73 75 70 70 6f 72 74 20 66 6f 72 20 74 75 6e 6e 65 6c 20 6b 65 79 73 2e	.to.its.support.for.tunnel.keys.
37300	20 44 65 73 70 69 74 65 20 69 74 73 20 6e 61 6d 65 2c 20 74 68 69 73 20 66 65 61 74 75 72 65 20	.Despite.its.name,.this.feature.
37320	68 61 73 20 6e 6f 74 68 69 6e 67 20 74 6f 20 64 6f 20 77 69 74 68 20 73 65 63 75 72 69 74 79 3a	has.nothing.to.do.with.security:
37340	20 69 74 27 73 20 73 69 6d 70 6c 79 20 61 6e 20 69 64 65 6e 74 69 66 69 65 72 20 74 68 61 74 20	.it's.simply.an.identifier.that.
37360	61 6c 6c 6f 77 73 20 72 6f 75 74 65 72 73 20 74 6f 20 74 65 6c 6c 20 6f 6e 65 20 74 75 6e 6e 65	allows.routers.to.tell.one.tunne
37380	6c 20 66 72 6f 6d 20 61 6e 6f 74 68 65 72 2e 00 47 52 45 20 69 73 20 6f 66 74 65 6e 20 73 65 65	l.from.another..GRE.is.often.see
373a0	6e 20 61 73 20 61 20 6f 6e 65 20 73 69 7a 65 20 66 69 74 73 20 61 6c 6c 20 73 6f 6c 75 74 69 6f	n.as.a.one.size.fits.all.solutio
373c0	6e 20 77 68 65 6e 20 69 74 20 63 6f 6d 65 73 20 74 6f 20 63 6c 61 73 73 69 63 20 49 50 20 74 75	n.when.it.comes.to.classic.IP.tu
373e0	6e 6e 65 6c 69 6e 67 20 70 72 6f 74 6f 63 6f 6c 73 2c 20 61 6e 64 20 66 6f 72 20 61 20 67 6f 6f	nneling.protocols,.and.for.a.goo
37400	64 20 72 65 61 73 6f 6e 2e 20 48 6f 77 65 76 65 72 2c 20 74 68 65 72 65 20 61 72 65 20 6d 6f 72	d.reason..However,.there.are.mor
37420	65 20 73 70 65 63 69 61 6c 69 7a 65 64 20 6f 70 74 69 6f 6e 73 2c 20 61 6e 64 20 6d 61 6e 79 20	e.specialized.options,.and.many.
37440	6f 66 20 74 68 65 6d 20 61 72 65 20 73 75 70 70 6f 72 74 65 64 20 62 79 20 56 79 4f 53 2e 20 54	of.them.are.supported.by.VyOS..T
37460	68 65 72 65 20 61 72 65 20 61 6c 73 6f 20 72 61 74 68 65 72 20 6f 62 73 63 75 72 65 20 47 52 45	here.are.also.rather.obscure.GRE
37480	20 6f 70 74 69 6f 6e 73 20 74 68 61 74 20 63 61 6e 20 62 65 20 75 73 65 66 75 6c 2e 00 47 52 45	.options.that.can.be.useful..GRE
374a0	2f 49 50 49 50 2f 53 49 54 20 61 6e 64 20 49 50 73 65 63 20 61 72 65 20 77 69 64 65 6c 79 20 61	/IPIP/SIT.and.IPsec.are.widely.a
374c0	63 63 65 70 74 65 64 20 73 74 61 6e 64 61 72 64 73 2c 20 77 68 69 63 68 20 6d 61 6b 65 20 74 68	ccepted.standards,.which.make.th
374e0	69 73 20 73 63 68 65 6d 65 20 65 61 73 79 20 74 6f 20 69 6d 70 6c 65 6d 65 6e 74 20 62 65 74 77	is.scheme.easy.to.implement.betw
37500	65 65 6e 20 56 79 4f 53 20 61 6e 64 20 76 69 72 74 75 61 6c 6c 79 20 61 6e 79 20 6f 74 68 65 72	een.VyOS.and.virtually.any.other
37520	20 72 6f 75 74 65 72 2e 00 47 52 45 54 41 50 00 47 65 6e 65 61 72 61 74 65 20 61 20 6e 65 77 20	.router..GRETAP.Genearate.a.new.
37540	4f 70 65 6e 56 50 4e 20 73 68 61 72 65 64 20 73 65 63 72 65 74 2e 20 54 68 65 20 67 65 6e 65 72	OpenVPN.shared.secret..The.gener
37560	61 74 65 64 20 73 65 63 72 65 64 20 69 73 20 74 68 65 20 6f 75 74 70 75 74 20 74 6f 20 74 68 65	ated.secred.is.the.output.to.the
37580	20 63 6f 6e 73 6f 6c 65 2e 00 47 65 6e 65 72 61 6c 00 47 65 6e 65 72 61 6c 20 43 6f 6e 66 69 67	.console..General.General.Config
375a0	75 72 61 74 69 6f 6e 00 47 65 6e 65 72 61 74 65 20 3a 61 62 62 72 3a 60 4d 4b 41 20 28 4d 41 43	uration.Generate.:abbr:`MKA.(MAC
375c0	73 65 63 20 4b 65 79 20 41 67 72 65 65 6d 65 6e 74 20 70 72 6f 74 6f 63 6f 6c 29 60 20 43 41 4b	sec.Key.Agreement.protocol)`.CAK
375e0	20 6b 65 79 20 31 32 38 20 6f 72 20 32 35 36 20 62 69 74 73 2e 00 47 65 6e 65 72 61 74 65 20 3a	.key.128.or.256.bits..Generate.:
37600	61 62 62 72 3a 60 4d 4b 41 20 28 4d 41 43 73 65 63 20 4b 65 79 20 41 67 72 65 65 6d 65 6e 74 20	abbr:`MKA.(MACsec.Key.Agreement.
37620	70 72 6f 74 6f 63 6f 6c 29 60 20 43 41 4b 20 6b 65 79 2e 00 47 65 6e 65 72 61 74 65 20 4b 65 79	protocol)`.CAK.key..Generate.Key
37640	70 61 69 72 00 47 65 6e 65 72 61 74 65 20 61 20 57 69 72 65 47 75 61 72 64 20 70 72 65 2d 73 68	pair.Generate.a.WireGuard.pre-sh
37660	61 72 65 64 20 73 65 63 72 65 74 20 75 73 65 64 20 66 6f 72 20 70 65 65 72 73 20 74 6f 20 63 6f	ared.secret.used.for.peers.to.co
37680	6d 6d 75 6e 69 63 61 74 65 2e 00 47 65 6e 65 72 61 74 65 20 61 20 6e 65 77 20 57 69 72 65 47 75	mmunicate..Generate.a.new.WireGu
376a0	61 72 64 20 70 75 62 6c 69 63 2f 70 72 69 76 61 74 65 20 6b 65 79 20 70 6f 72 74 69 6f 6e 20 61	ard.public/private.key.portion.a
376c0	6e 64 20 6f 75 74 70 75 74 20 74 68 65 20 72 65 73 75 6c 74 20 74 6f 20 74 68 65 20 63 6f 6e 73	nd.output.the.result.to.the.cons
376e0	6f 6c 65 2e 00 47 65 6e 65 72 61 74 65 20 61 20 6e 65 77 20 73 65 74 20 6f 66 20 3a 61 62 62 72	ole..Generate.a.new.set.of.:abbr
37700	3a 60 44 48 20 28 44 69 66 66 69 65 2d 48 65 6c 6c 6d 61 6e 29 60 20 70 61 72 61 6d 65 74 65 72	:`DH.(Diffie-Hellman)`.parameter
37720	73 2e 20 54 68 65 20 6b 65 79 20 73 69 7a 65 20 69 73 20 72 65 71 75 65 73 74 65 64 20 62 79 20	s..The.key.size.is.requested.by.
37740	74 68 65 20 43 4c 49 20 61 6e 64 20 64 65 66 61 75 6c 74 73 20 74 6f 20 32 30 34 38 20 62 69 74	the.CLI.and.defaults.to.2048.bit
37760	2e 00 47 65 6e 65 72 61 74 65 20 74 68 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6d 6f 64	..Generate.the.configuration.mod
37780	65 20 63 6f 6d 6d 61 6e 64 73 20 74 6f 20 61 64 64 20 61 20 70 75 62 6c 69 63 20 6b 65 79 20 66	e.commands.to.add.a.public.key.f
377a0	6f 72 20 3a 72 65 66 3a 60 73 73 68 5f 6b 65 79 5f 62 61 73 65 64 5f 61 75 74 68 65 6e 74 69 63	or.:ref:`ssh_key_based_authentic
377c0	61 74 69 6f 6e 60 2e 20 60 60 3c 6c 6f 63 61 74 69 6f 6e 3e 60 60 20 63 61 6e 20 62 65 20 61 20	ation`..``<location>``.can.be.a.
377e0	6c 6f 63 61 6c 20 70 61 74 68 20 6f 72 20 61 20 55 52 4c 20 70 6f 69 6e 74 69 6e 67 20 61 74 20	local.path.or.a.URL.pointing.at.
37800	61 20 72 65 6d 6f 74 65 20 66 69 6c 65 2e 00 47 65 6e 65 72 61 74 65 73 20 61 20 6b 65 79 70 61	a.remote.file..Generates.a.keypa
37820	69 72 2c 20 77 68 69 63 68 20 69 6e 63 6c 75 64 65 73 20 74 68 65 20 70 75 62 6c 69 63 20 61 6e	ir,.which.includes.the.public.an
37840	64 20 70 72 69 76 61 74 65 20 70 61 72 74 73 2c 20 61 6e 64 20 62 75 69 6c 64 20 61 20 63 6f 6e	d.private.parts,.and.build.a.con
37860	66 69 67 75 72 61 74 69 6f 6e 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 69 6e 73 74 61 6c 6c 20 74 68	figuration.command.to.install.th
37880	69 73 20 6b 65 79 20 74 6f 20 60 60 69 6e 74 65 72 66 61 63 65 60 60 2e 00 47 65 6e 65 72 69 63	is.key.to.``interface``..Generic
378a0	20 52 6f 75 74 69 6e 67 20 45 6e 63 61 70 73 75 6c 61 74 69 6f 6e 20 28 47 52 45 29 00 47 65 6e	.Routing.Encapsulation.(GRE).Gen
378c0	65 76 65 20 48 65 61 64 65 72 3a 00 47 65 74 20 61 20 6c 69 73 74 20 6f 66 20 61 6c 6c 20 77 69	eve.Header:.Get.a.list.of.all.wi
378e0	72 65 67 75 61 72 64 20 69 6e 74 65 72 66 61 63 65 73 00 47 65 74 20 61 6e 20 6f 76 65 72 76 69	reguard.interfaces.Get.an.overvi
37900	65 77 20 6f 76 65 72 20 74 68 65 20 65 6e 63 72 79 70 74 69 6f 6e 20 63 6f 75 6e 74 65 72 73 2e	ew.over.the.encryption.counters.
37920	00 47 65 74 20 64 65 74 61 69 6c 65 64 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20	.Get.detailed.information.about.
37940	4c 4c 44 50 20 6e 65 69 67 68 62 6f 72 73 2e 00 47 65 74 74 69 6e 67 20 73 74 61 72 74 65 64 00	LLDP.neighbors..Getting.started.
37960	47 69 76 65 6e 20 74 68 65 20 66 61 63 74 20 74 68 61 74 20 6f 70 65 6e 20 44 4e 53 20 72 65 63	Given.the.fact.that.open.DNS.rec
37980	75 72 73 6f 72 73 20 63 6f 75 6c 64 20 62 65 20 75 73 65 64 20 6f 6e 20 44 44 6f 53 20 61 6d 70	ursors.could.be.used.on.DDoS.amp
379a0	6c 69 66 69 63 61 74 69 6f 6e 20 61 74 74 61 63 6b 73 2c 20 79 6f 75 20 6d 75 73 74 20 63 6f 6e	lification.attacks,.you.must.con
379c0	66 69 67 75 72 65 20 74 68 65 20 6e 65 74 77 6f 72 6b 73 20 77 68 69 63 68 20 61 72 65 20 61 6c	figure.the.networks.which.are.al
379e0	6c 6f 77 65 64 20 74 6f 20 75 73 65 20 74 68 69 73 20 72 65 63 75 72 73 6f 72 2e 20 41 20 6e 65	lowed.to.use.this.recursor..A.ne
37a00	74 77 6f 72 6b 20 6f 66 20 60 60 30 2e 30 2e 30 2e 30 2f 30 60 60 20 6f 72 20 60 60 3a 3a 2f 30	twork.of.``0.0.0.0/0``.or.``::/0
37a20	60 60 20 77 6f 75 6c 64 20 61 6c 6c 6f 77 20 61 6c 6c 20 49 50 76 34 20 61 6e 64 20 49 50 76 36	``.would.allow.all.IPv4.and.IPv6
37a40	20 6e 65 74 77 6f 72 6b 73 20 74 6f 20 71 75 65 72 79 20 74 68 69 73 20 73 65 72 76 65 72 2e 20	.networks.to.query.this.server..
37a60	54 68 69 73 20 69 73 20 67 65 6e 65 72 61 6c 6c 79 20 61 20 62 61 64 20 69 64 65 61 2e 00 47 69	This.is.generally.a.bad.idea..Gi
37a80	76 65 6e 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 65 78 61 6d 70 6c 65 20 77 65 20 68 61 76	ven.the.following.example.we.hav
37aa0	65 20 6f 6e 65 20 56 79 4f 53 20 72 6f 75 74 65 72 20 61 63 74 69 6e 67 20 61 73 20 4f 70 65 6e	e.one.VyOS.router.acting.as.Open
37ac0	56 50 4e 20 73 65 72 76 65 72 20 61 6e 64 20 61 6e 6f 74 68 65 72 20 56 79 4f 53 20 72 6f 75 74	VPN.server.and.another.VyOS.rout
37ae0	65 72 20 61 63 74 69 6e 67 20 61 73 20 4f 70 65 6e 56 50 4e 20 63 6c 69 65 6e 74 2e 20 54 68 65	er.acting.as.OpenVPN.client..The
37b00	20 73 65 72 76 65 72 20 61 6c 73 6f 20 70 75 73 68 65 73 20 61 20 73 74 61 74 69 63 20 63 6c 69	.server.also.pushes.a.static.cli
37b20	65 6e 74 20 49 50 20 61 64 64 72 65 73 73 20 74 6f 20 74 68 65 20 4f 70 65 6e 56 50 4e 20 63 6c	ent.IP.address.to.the.OpenVPN.cl
37b40	69 65 6e 74 2e 20 52 65 6d 65 6d 62 65 72 2c 20 63 6c 69 65 6e 74 73 20 61 72 65 20 69 64 65 6e	ient..Remember,.clients.are.iden
37b60	74 69 66 69 65 64 20 75 73 69 6e 67 20 74 68 65 69 72 20 43 4e 20 61 74 74 72 69 62 75 74 65 20	tified.using.their.CN.attribute.
37b80	69 6e 20 74 68 65 20 53 53 4c 20 63 65 72 74 69 66 69 63 61 74 65 2e 00 47 6c 6f 61 62 61 6c 00	in.the.SSL.certificate..Gloabal.
37ba0	47 6c 6f 62 61 6c 20 4f 70 74 69 6f 6e 73 00 47 6c 6f 62 61 6c 20 6f 70 74 69 6f 6e 73 00 47 6c	Global.Options.Global.options.Gl
37bc0	6f 62 61 6c 20 70 61 72 61 6d 65 74 65 72 73 00 47 6c 6f 62 61 6c 20 73 65 74 74 69 6e 67 73 00	obal.parameters.Global.settings.
37be0	47 72 61 63 65 66 75 6c 20 52 65 73 74 61 72 74 00 47 72 61 74 75 69 74 6f 75 73 20 41 52 50 00	Graceful.Restart.Gratuitous.ARP.
37c00	47 72 6f 75 70 73 00 47 72 6f 75 70 73 20 6e 65 65 64 20 74 6f 20 68 61 76 65 20 75 6e 69 71 75	Groups.Groups.need.to.have.uniqu
37c20	65 20 6e 61 6d 65 73 2e 20 45 76 65 6e 20 74 68 6f 75 67 68 20 73 6f 6d 65 20 63 6f 6e 74 61 69	e.names..Even.though.some.contai
37c40	6e 20 49 50 76 34 20 61 64 64 72 65 73 73 65 73 20 61 6e 64 20 6f 74 68 65 72 73 20 63 6f 6e 74	n.IPv4.addresses.and.others.cont
37c60	61 69 6e 20 49 50 76 36 20 61 64 64 72 65 73 73 65 73 2c 20 74 68 65 79 20 73 74 69 6c 6c 20 6e	ain.IPv6.addresses,.they.still.n
37c80	65 65 64 20 74 6f 20 68 61 76 65 20 75 6e 69 71 75 65 20 6e 61 6d 65 73 2c 20 73 6f 20 79 6f 75	eed.to.have.unique.names,.so.you
37ca0	20 6d 61 79 20 77 61 6e 74 20 74 6f 20 61 70 70 65 6e 64 20 22 2d 76 34 22 20 6f 72 20 22 2d 76	.may.want.to.append."-v4".or."-v
37cc0	36 22 20 74 6f 20 79 6f 75 72 20 67 72 6f 75 70 20 6e 61 6d 65 73 2e 00 48 51 27 73 20 72 6f 75	6".to.your.group.names..HQ's.rou
37ce0	74 65 72 20 72 65 71 75 69 72 65 73 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 73 74 65 70 73	ter.requires.the.following.steps
37d00	20 74 6f 20 67 65 6e 65 72 61 74 65 20 63 72 79 70 74 6f 20 6d 61 74 65 72 69 61 6c 73 20 66 6f	.to.generate.crypto.materials.fo
37d20	72 20 74 68 65 20 42 72 61 6e 63 68 20 31 3a 00 48 54 20 28 48 69 67 68 20 54 68 72 6f 75 67 68	r.the.Branch.1:.HT.(High.Through
37d40	70 75 74 29 20 63 61 70 61 62 69 6c 69 74 69 65 73 20 28 38 30 32 2e 31 31 6e 29 00 48 54 54 50	put).capabilities.(802.11n).HTTP
37d60	20 62 61 73 65 64 20 73 65 72 76 69 63 65 73 00 48 54 54 50 20 62 61 73 69 63 20 61 75 74 68 65	.based.services.HTTP.basic.authe
37d80	6e 74 69 63 61 74 69 6f 6e 20 75 73 65 72 6e 61 6d 65 00 48 54 54 50 20 63 6c 69 65 6e 74 00 48	ntication.username.HTTP.client.H
37da0	54 54 50 2d 41 50 49 00 48 61 69 72 70 69 6e 20 4e 41 54 2f 4e 41 54 20 52 65 66 6c 65 63 74 69	TTP-API.Hairpin.NAT/NAT.Reflecti
37dc0	6f 6e 00 48 61 6e 64 20 6f 75 74 20 70 72 65 66 69 78 65 73 20 6f 66 20 73 69 7a 65 20 60 3c 6c	on.Hand.out.prefixes.of.size.`<l
37de0	65 6e 67 74 68 3e 60 20 74 6f 20 63 6c 69 65 6e 74 73 20 69 6e 20 73 75 62 6e 65 74 20 60 3c 70	ength>`.to.clients.in.subnet.`<p
37e00	72 65 66 69 78 3e 60 20 77 68 65 6e 20 74 68 65 79 20 72 65 71 75 65 73 74 20 66 6f 72 20 70 72	refix>`.when.they.request.for.pr
37e20	65 66 69 78 20 64 65 6c 65 67 61 74 69 6f 6e 2e 00 48 61 6e 64 6c 69 6e 67 20 61 6e 64 20 6d 6f	efix.delegation..Handling.and.mo
37e40	6e 69 74 6f 72 69 6e 67 00 48 61 76 69 6e 67 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 74 68 65	nitoring.Having.control.over.the
37e60	20 6d 61 74 63 68 69 6e 67 20 6f 66 20 49 4e 56 41 4c 49 44 20 73 74 61 74 65 20 74 72 61 66 66	.matching.of.INVALID.state.traff
37e80	69 63 2c 20 65 2e 67 2e 20 74 68 65 20 61 62 69 6c 69 74 79 20 74 6f 20 73 65 6c 65 63 74 69 76	ic,.e.g..the.ability.to.selectiv
37ea0	65 6c 79 20 6c 6f 67 2c 20 69 73 20 61 6e 20 69 6d 70 6f 72 74 61 6e 74 20 74 72 6f 75 62 6c 65	ely.log,.is.an.important.trouble
37ec0	73 68 6f 6f 74 69 6e 67 20 74 6f 6f 6c 20 66 6f 72 20 6f 62 73 65 72 76 69 6e 67 20 62 72 6f 6b	shooting.tool.for.observing.brok
37ee0	65 6e 20 70 72 6f 74 6f 63 6f 6c 20 62 65 68 61 76 69 6f 72 2e 20 46 6f 72 20 74 68 69 73 20 72	en.protocol.behavior..For.this.r
37f00	65 61 73 6f 6e 2c 20 56 79 4f 53 20 64 6f 65 73 20 6e 6f 74 20 67 6c 6f 62 61 6c 6c 79 20 64 72	eason,.VyOS.does.not.globally.dr
37f20	6f 70 20 69 6e 76 61 6c 69 64 20 73 74 61 74 65 20 74 72 61 66 66 69 63 2c 20 69 6e 73 74 65 61	op.invalid.state.traffic,.instea
37f40	64 20 61 6c 6c 6f 77 69 6e 67 20 74 68 65 20 6f 70 65 72 61 74 6f 72 20 74 6f 20 6d 61 6b 65 20	d.allowing.the.operator.to.make.
37f60	74 68 65 20 64 65 74 65 72 6d 69 6e 61 74 69 6f 6e 20 6f 6e 20 68 6f 77 20 74 68 65 20 74 72 61	the.determination.on.how.the.tra
37f80	66 66 69 63 20 69 73 20 68 61 6e 64 6c 65 64 2e 00 48 65 61 6c 74 68 20 63 68 65 63 6b 20 73 63	ffic.is.handled..Health.check.sc
37fa0	72 69 70 74 73 00 48 65 61 6c 74 68 20 63 68 65 63 6b 73 00 48 65 61 6c 74 68 2d 63 68 65 63 6b	ripts.Health.checks.Health-check
37fc0	00 48 65 72 65 20 61 72 65 20 73 6f 6d 65 20 65 78 61 6d 70 6c 65 73 20 66 6f 72 20 61 70 70 6c	.Here.are.some.examples.for.appl
37fe0	79 69 6e 67 20 61 20 72 75 6c 65 2d 73 65 74 20 74 6f 20 61 6e 20 69 6e 74 65 72 66 61 63 65 00	ying.a.rule-set.to.an.interface.
38000	48 65 72 65 20 69 73 20 61 20 73 65 63 6f 6e 64 20 65 78 61 6d 70 6c 65 20 6f 66 20 61 20 64 75	Here.is.a.second.example.of.a.du
38020	61 6c 2d 73 74 61 63 6b 20 74 75 6e 6e 65 6c 20 6f 76 65 72 20 49 50 76 36 20 62 65 74 77 65 65	al-stack.tunnel.over.IPv6.betwee
38040	6e 20 61 20 56 79 4f 53 20 72 6f 75 74 65 72 20 61 6e 64 20 61 20 4c 69 6e 75 78 20 68 6f 73 74	n.a.VyOS.router.and.a.Linux.host
38060	20 75 73 69 6e 67 20 73 79 73 74 65 6d 64 2d 6e 65 74 77 6f 72 6b 64 2e 00 48 65 72 65 20 69 73	.using.systemd-networkd..Here.is
38080	20 61 6e 20 65 78 61 6d 70 6c 65 20 3a 61 62 62 72 3a 60 4e 45 54 20 28 4e 65 74 77 6f 72 6b 20	.an.example.:abbr:`NET.(Network.
380a0	45 6e 74 69 74 79 20 54 69 74 6c 65 29 60 20 76 61 6c 75 65 3a 00 48 65 72 65 20 69 73 20 61 6e	Entity.Title)`.value:.Here.is.an
380c0	20 65 78 61 6d 70 6c 65 20 72 6f 75 74 65 2d 6d 61 70 20 74 6f 20 61 70 70 6c 79 20 74 6f 20 72	.example.route-map.to.apply.to.r
380e0	6f 75 74 65 73 20 6c 65 61 72 6e 65 64 20 61 74 20 69 6d 70 6f 72 74 2e 20 49 6e 20 74 68 69 73	outes.learned.at.import..In.this
38100	20 66 69 6c 74 65 72 20 77 65 20 72 65 6a 65 63 74 20 70 72 65 66 69 78 65 73 20 77 69 74 68 20	.filter.we.reject.prefixes.with.
38120	74 68 65 20 73 74 61 74 65 20 60 69 6e 76 61 6c 69 64 60 2c 20 61 6e 64 20 73 65 74 20 61 20 68	the.state.`invalid`,.and.set.a.h
38140	69 67 68 65 72 20 60 6c 6f 63 61 6c 2d 70 72 65 66 65 72 65 6e 63 65 60 20 69 66 20 74 68 65 20	igher.`local-preference`.if.the.
38160	70 72 65 66 69 78 20 69 73 20 52 50 4b 49 20 60 76 61 6c 69 64 60 20 72 61 74 68 65 72 20 74 68	prefix.is.RPKI.`valid`.rather.th
38180	61 6e 20 6d 65 72 65 6c 79 20 60 6e 6f 74 66 6f 75 6e 64 60 2e 00 48 65 72 65 20 69 73 20 74 68	an.merely.`notfound`..Here.is.th
381a0	65 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 73 20 73 68 6f 77 69 6e 67 20 74 68 65 20 4d 50 4c	e.routing.tables.showing.the.MPL
381c0	53 20 73 65 67 6d 65 6e 74 20 72 6f 75 74 69 6e 67 20 6c 61 62 65 6c 20 6f 70 65 72 61 74 69 6f	S.segment.routing.label.operatio
381e0	6e 73 3a 00 48 65 72 65 20 77 65 20 70 72 6f 76 69 64 65 20 74 77 6f 20 65 78 61 6d 70 6c 65 73	ns:.Here.we.provide.two.examples
38200	20 6f 6e 20 68 6f 77 20 74 6f 20 61 70 70 6c 79 20 4e 41 54 20 4c 6f 61 64 20 42 61 6c 61 6e 63	.on.how.to.apply.NAT.Load.Balanc
38220	65 2e 00 48 65 72 65 27 73 20 61 6e 20 65 78 74 72 61 63 74 20 6f 66 20 61 20 73 69 6d 70 6c 65	e..Here's.an.extract.of.a.simple
38240	20 31 2d 74 6f 2d 31 20 4e 41 54 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 77 69 74 68 20 6f	.1-to-1.NAT.configuration.with.o
38260	6e 65 20 69 6e 74 65 72 6e 61 6c 20 61 6e 64 20 6f 6e 65 20 65 78 74 65 72 6e 61 6c 20 69 6e 74	ne.internal.and.one.external.int
38280	65 72 66 61 63 65 3a 00 48 65 72 65 27 73 20 6f 6e 65 20 65 78 61 6d 70 6c 65 20 6f 66 20 61 20	erface:.Here's.one.example.of.a.
382a0	6e 65 74 77 6f 72 6b 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 20 66 6f 72 20 61 6e 20 41 53 50 2e 20	network.environment.for.an.ASP..
382c0	54 68 65 20 41 53 50 20 72 65 71 75 65 73 74 73 20 74 68 61 74 20 61 6c 6c 20 63 6f 6e 6e 65 63	The.ASP.requests.that.all.connec
382e0	74 69 6f 6e 73 20 66 72 6f 6d 20 74 68 69 73 20 63 6f 6d 70 61 6e 79 20 73 68 6f 75 6c 64 20 63	tions.from.this.company.should.c
38300	6f 6d 65 20 66 72 6f 6d 20 31 37 32 2e 32 39 2e 34 31 2e 38 39 20 2d 20 61 6e 20 61 64 64 72 65	ome.from.172.29.41.89.-.an.addre
38320	73 73 20 74 68 61 74 20 69 73 20 61 73 73 69 67 6e 65 64 20 62 79 20 74 68 65 20 41 53 50 20 61	ss.that.is.assigned.by.the.ASP.a
38340	6e 64 20 6e 6f 74 20 69 6e 20 75 73 65 20 61 74 20 74 68 65 20 63 75 73 74 6f 6d 65 72 20 73 69	nd.not.in.use.at.the.customer.si
38360	74 65 2e 00 48 65 72 65 27 73 20 74 68 65 20 49 50 20 72 6f 75 74 65 73 20 74 68 61 74 20 61 72	te..Here's.the.IP.routes.that.ar
38380	65 20 70 6f 70 75 6c 61 74 65 64 2e 20 4a 75 73 74 20 74 68 65 20 6c 6f 6f 70 62 61 63 6b 3a 00	e.populated..Just.the.loopback:.
383a0	48 65 72 65 27 73 20 74 68 65 20 6e 65 69 67 68 62 6f 72 73 20 75 70 3a 00 48 65 72 65 27 73 20	Here's.the.neighbors.up:.Here's.
383c0	74 68 65 20 72 6f 75 74 65 73 3a 00 48 65 77 6c 65 74 74 2d 50 61 63 6b 61 72 64 20 63 61 6c 6c	the.routes:.Hewlett-Packard.call
383e0	20 69 74 20 53 6f 75 72 63 65 2d 50 6f 72 74 20 66 69 6c 74 65 72 69 6e 67 20 6f 72 20 70 6f 72	.it.Source-Port.filtering.or.por
38400	74 2d 69 73 6f 6c 61 74 69 6f 6e 00 48 69 67 68 00 48 69 67 68 20 61 76 61 69 6c 61 62 69 6c 69	t-isolation.High.High.availabili
38420	74 79 00 48 6f 6d 65 20 55 73 65 72 73 00 48 6f 70 20 63 6f 75 6e 74 20 66 69 65 6c 64 20 6f 66	ty.Home.Users.Hop.count.field.of
38440	20 74 68 65 20 6f 75 74 67 6f 69 6e 67 20 52 41 20 70 61 63 6b 65 74 73 00 48 6f 73 74 20 49 6e	.the.outgoing.RA.packets.Host.In
38460	66 6f 72 6d 61 74 69 6f 6e 00 48 6f 73 74 20 6e 61 6d 65 00 48 6f 73 74 20 73 70 65 63 69 66 69	formation.Host.name.Host.specifi
38480	63 20 6d 61 70 70 69 6e 67 20 73 68 61 6c 6c 20 62 65 20 6e 61 6d 65 64 20 60 60 63 6c 69 65 6e	c.mapping.shall.be.named.``clien
384a0	74 31 60 60 00 48 6f 73 74 6e 61 6d 65 00 48 6f 77 20 61 6e 20 49 50 20 61 64 64 72 65 73 73 20	t1``.Hostname.How.an.IP.address.
384c0	69 73 20 61 73 73 69 67 6e 65 64 20 74 6f 20 61 6e 20 69 6e 74 65 72 66 61 63 65 20 69 6e 20 3a	is.assigned.to.an.interface.in.:
384e0	72 65 66 3a 60 65 74 68 65 72 6e 65 74 2d 69 6e 74 65 72 66 61 63 65 60 2e 20 54 68 69 73 20 73	ref:`ethernet-interface`..This.s
38500	65 63 74 69 6f 6e 20 73 68 6f 77 73 20 68 6f 77 20 74 6f 20 73 74 61 74 69 63 61 6c 6c 79 20 6d	ection.shows.how.to.statically.m
38520	61 70 20 61 6e 20 49 50 20 61 64 64 72 65 73 73 20 74 6f 20 61 20 68 6f 73 74 6e 61 6d 65 20 66	ap.an.IP.address.to.a.hostname.f
38540	6f 72 20 6c 6f 63 61 6c 20 28 6d 65 61 6e 69 6e 67 20 6f 6e 20 74 68 69 73 20 56 79 4f 53 20 69	or.local.(meaning.on.this.VyOS.i
38560	6e 73 74 61 6e 63 65 29 20 6e 61 6d 65 20 72 65 73 6f 6c 75 74 69 6f 6e 2e 20 54 68 69 73 20 69	nstance).name.resolution..This.i
38580	73 20 74 68 65 20 56 79 4f 53 20 65 71 75 69 76 61 6c 65 6e 74 20 74 6f 20 60 2f 65 74 63 2f 68	s.the.VyOS.equivalent.to.`/etc/h
385a0	6f 73 74 73 60 20 66 69 6c 65 20 65 6e 74 72 69 65 73 2e 00 48 6f 77 20 74 6f 20 63 6f 6e 66 69	osts`.file.entries..How.to.confi
385c0	67 75 72 65 20 45 76 65 6e 74 20 48 61 6e 64 6c 65 72 00 48 6f 77 20 74 6f 20 6d 61 6b 65 20 69	gure.Event.Handler.How.to.make.i
385e0	74 20 77 6f 72 6b 00 48 6f 77 65 76 65 72 2c 20 6e 6f 77 20 79 6f 75 20 6e 65 65 64 20 74 6f 20	t.work.However,.now.you.need.to.
38600	6d 61 6b 65 20 49 50 73 65 63 20 77 6f 72 6b 20 77 69 74 68 20 64 79 6e 61 6d 69 63 20 61 64 64	make.IPsec.work.with.dynamic.add
38620	72 65 73 73 20 6f 6e 20 6f 6e 65 20 73 69 64 65 2e 20 54 68 65 20 74 72 69 63 6b 79 20 70 61 72	ress.on.one.side..The.tricky.par
38640	74 20 69 73 20 74 68 61 74 20 70 72 65 2d 73 68 61 72 65 64 20 73 65 63 72 65 74 20 61 75 74 68	t.is.that.pre-shared.secret.auth
38660	65 6e 74 69 63 61 74 69 6f 6e 20 64 6f 65 73 6e 27 74 20 77 6f 72 6b 20 77 69 74 68 20 64 79 6e	entication.doesn't.work.with.dyn
38680	61 6d 69 63 20 61 64 64 72 65 73 73 2c 20 73 6f 20 77 65 27 6c 6c 20 68 61 76 65 20 74 6f 20 75	amic.address,.so.we'll.have.to.u
386a0	73 65 20 52 53 41 20 6b 65 79 73 2e 00 48 6f 77 65 76 65 72 2c 20 73 70 6c 69 74 2d 74 75 6e 6e	se.RSA.keys..However,.split-tunn
386c0	65 6c 69 6e 67 20 63 61 6e 20 62 65 20 61 63 68 69 65 76 65 64 20 62 79 20 73 70 65 63 69 66 79	eling.can.be.achieved.by.specify
386e0	69 6e 67 20 74 68 65 20 72 65 6d 6f 74 65 20 73 75 62 6e 65 74 73 2e 20 54 68 69 73 20 65 6e 73	ing.the.remote.subnets..This.ens
38700	75 72 65 73 20 74 68 61 74 20 6f 6e 6c 79 20 74 72 61 66 66 69 63 20 64 65 73 74 69 6e 65 64 20	ures.that.only.traffic.destined.
38720	66 6f 72 20 74 68 65 20 72 65 6d 6f 74 65 20 73 69 74 65 20 69 73 20 73 65 6e 74 20 6f 76 65 72	for.the.remote.site.is.sent.over
38740	20 74 68 65 20 74 75 6e 6e 65 6c 2e 20 41 6c 6c 20 6f 74 68 65 72 20 74 72 61 66 66 69 63 20 69	.the.tunnel..All.other.traffic.i
38760	73 20 75 6e 61 66 66 65 63 74 65 64 2e 00 48 75 61 77 65 69 20 4d 45 39 30 39 73 2d 31 32 30 20	s.unaffected..Huawei.ME909s-120.
38780	6d 69 6e 69 50 43 49 65 20 63 61 72 64 20 28 4c 54 45 29 00 48 75 61 77 65 69 20 4d 45 39 30 39	miniPCIe.card.(LTE).Huawei.ME909
387a0	75 2d 35 32 31 20 6d 69 6e 69 50 43 49 65 20 63 61 72 64 20 28 4c 54 45 29 00 48 75 62 00 49 45	u-521.miniPCIe.card.(LTE).Hub.IE
387c0	45 45 20 38 30 32 2e 31 58 2f 4d 41 43 73 65 63 20 70 72 65 2d 73 68 61 72 65 64 20 6b 65 79 20	EE.802.1X/MACsec.pre-shared.key.
387e0	6d 6f 64 65 2e 20 54 68 69 73 20 61 6c 6c 6f 77 73 20 63 6f 6e 66 69 67 75 72 69 6e 67 20 4d 41	mode..This.allows.configuring.MA
38800	43 73 65 63 20 77 69 74 68 20 61 20 70 72 65 2d 73 68 61 72 65 64 20 6b 65 79 20 75 73 69 6e 67	Csec.with.a.pre-shared.key.using
38820	20 61 20 3a 61 62 62 72 3a 60 43 41 4b 20 28 4d 41 43 73 65 63 20 63 6f 6e 6e 65 63 74 69 76 69	.a.:abbr:`CAK.(MACsec.connectivi
38840	74 79 20 61 73 73 6f 63 69 61 74 69 6f 6e 20 6b 65 79 29 60 20 61 6e 64 20 3a 61 62 62 72 3a 60	ty.association.key)`.and.:abbr:`
38860	43 4b 4e 20 28 4d 41 43 73 65 63 20 63 6f 6e 6e 65 63 74 69 76 69 74 79 20 61 73 73 6f 63 69 61	CKN.(MACsec.connectivity.associa
38880	74 69 6f 6e 20 6e 61 6d 65 29 60 20 70 61 69 72 2e 00 49 45 45 45 20 38 30 32 2e 31 58 2f 4d 41	tion.name)`.pair..IEEE.802.1X/MA
388a0	43 73 65 63 20 72 65 70 6c 61 79 20 70 72 6f 74 65 63 74 69 6f 6e 20 77 69 6e 64 6f 77 2e 20 54	Csec.replay.protection.window..T
388c0	68 69 73 20 64 65 74 65 72 6d 69 6e 65 73 20 61 20 77 69 6e 64 6f 77 20 69 6e 20 77 68 69 63 68	his.determines.a.window.in.which
388e0	20 72 65 70 6c 61 79 20 69 73 20 74 6f 6c 65 72 61 74 65 64 2c 20 74 6f 20 61 6c 6c 6f 77 20 72	.replay.is.tolerated,.to.allow.r
38900	65 63 65 69 70 74 20 6f 66 20 66 72 61 6d 65 73 20 74 68 61 74 20 68 61 76 65 20 62 65 65 6e 20	eceipt.of.frames.that.have.been.
38920	6d 69 73 6f 72 64 65 72 65 64 20 62 79 20 74 68 65 20 6e 65 74 77 6f 72 6b 2e 00 49 45 45 45 20	misordered.by.the.network..IEEE.
38940	38 30 32 2e 31 61 64 5f 20 77 61 73 20 61 6e 20 45 74 68 65 72 6e 65 74 20 6e 65 74 77 6f 72 6b	802.1ad_.was.an.Ethernet.network
38960	69 6e 67 20 73 74 61 6e 64 61 72 64 20 69 6e 66 6f 72 6d 61 6c 6c 79 20 6b 6e 6f 77 6e 20 61 73	ing.standard.informally.known.as
38980	20 51 69 6e 51 20 61 73 20 61 6e 20 61 6d 65 6e 64 6d 65 6e 74 20 74 6f 20 49 45 45 45 20 73 74	.QinQ.as.an.amendment.to.IEEE.st
389a0	61 6e 64 61 72 64 20 38 30 32 2e 31 71 20 56 4c 41 4e 20 69 6e 74 65 72 66 61 63 65 73 20 61 73	andard.802.1q.VLAN.interfaces.as
389c0	20 64 65 73 63 72 69 62 65 64 20 61 62 6f 76 65 2e 20 38 30 32 2e 31 61 64 20 77 61 73 20 69 6e	.described.above..802.1ad.was.in
389e0	63 6f 72 70 6f 72 61 74 65 64 20 69 6e 74 6f 20 74 68 65 20 62 61 73 65 20 38 30 32 2e 31 71 5f	corporated.into.the.base.802.1q_
38a00	20 73 74 61 6e 64 61 72 64 20 69 6e 20 32 30 31 31 2e 20 54 68 65 20 74 65 63 68 6e 69 71 75 65	.standard.in.2011..The.technique
38a20	20 69 73 20 61 6c 73 6f 20 6b 6e 6f 77 6e 20 61 73 20 70 72 6f 76 69 64 65 72 20 62 72 69 64 67	.is.also.known.as.provider.bridg
38a40	69 6e 67 2c 20 53 74 61 63 6b 65 64 20 56 4c 41 4e 73 2c 20 6f 72 20 73 69 6d 70 6c 79 20 51 69	ing,.Stacked.VLANs,.or.simply.Qi
38a60	6e 51 20 6f 72 20 51 2d 69 6e 2d 51 2e 20 22 51 2d 69 6e 2d 51 22 20 63 61 6e 20 66 6f 72 20 73	nQ.or.Q-in-Q.."Q-in-Q".can.for.s
38a80	75 70 70 6f 72 74 65 64 20 64 65 76 69 63 65 73 20 61 70 70 6c 79 20 74 6f 20 43 2d 74 61 67 20	upported.devices.apply.to.C-tag.
38aa0	73 74 61 63 6b 69 6e 67 20 6f 6e 20 43 2d 74 61 67 20 28 45 74 68 65 72 6e 65 74 20 54 79 70 65	stacking.on.C-tag.(Ethernet.Type
38ac0	20 3d 20 30 78 38 31 30 30 29 2e 00 49 45 45 45 20 38 30 32 2e 31 71 5f 2c 20 6f 66 74 65 6e 20	.=.0x8100)..IEEE.802.1q_,.often.
38ae0	72 65 66 65 72 72 65 64 20 74 6f 20 61 73 20 44 6f 74 31 71 2c 20 69 73 20 74 68 65 20 6e 65 74	referred.to.as.Dot1q,.is.the.net
38b00	77 6f 72 6b 69 6e 67 20 73 74 61 6e 64 61 72 64 20 74 68 61 74 20 73 75 70 70 6f 72 74 73 20 76	working.standard.that.supports.v
38b20	69 72 74 75 61 6c 20 4c 41 4e 73 20 28 56 4c 41 4e 73 29 20 6f 6e 20 61 6e 20 49 45 45 45 20 38	irtual.LANs.(VLANs).on.an.IEEE.8
38b40	30 32 2e 33 20 45 74 68 65 72 6e 65 74 20 6e 65 74 77 6f 72 6b 2e 20 54 68 65 20 73 74 61 6e 64	02.3.Ethernet.network..The.stand
38b60	61 72 64 20 64 65 66 69 6e 65 73 20 61 20 73 79 73 74 65 6d 20 6f 66 20 56 4c 41 4e 20 74 61 67	ard.defines.a.system.of.VLAN.tag
38b80	67 69 6e 67 20 66 6f 72 20 45 74 68 65 72 6e 65 74 20 66 72 61 6d 65 73 20 61 6e 64 20 74 68 65	ging.for.Ethernet.frames.and.the
38ba0	20 61 63 63 6f 6d 70 61 6e 79 69 6e 67 20 70 72 6f 63 65 64 75 72 65 73 20 74 6f 20 62 65 20 75	.accompanying.procedures.to.be.u
38bc0	73 65 64 20 62 79 20 62 72 69 64 67 65 73 20 61 6e 64 20 73 77 69 74 63 68 65 73 20 69 6e 20 68	sed.by.bridges.and.switches.in.h
38be0	61 6e 64 6c 69 6e 67 20 73 75 63 68 20 66 72 61 6d 65 73 2e 20 54 68 65 20 73 74 61 6e 64 61 72	andling.such.frames..The.standar
38c00	64 20 61 6c 73 6f 20 63 6f 6e 74 61 69 6e 73 20 70 72 6f 76 69 73 69 6f 6e 73 20 66 6f 72 20 61	d.also.contains.provisions.for.a
38c20	20 71 75 61 6c 69 74 79 2d 6f 66 2d 73 65 72 76 69 63 65 20 70 72 69 6f 72 69 74 69 7a 61 74 69	.quality-of-service.prioritizati
38c40	6f 6e 20 73 63 68 65 6d 65 20 63 6f 6d 6d 6f 6e 6c 79 20 6b 6e 6f 77 6e 20 61 73 20 49 45 45 45	on.scheme.commonly.known.as.IEEE
38c60	20 38 30 32 2e 31 70 20 61 6e 64 20 64 65 66 69 6e 65 73 20 74 68 65 20 47 65 6e 65 72 69 63 20	.802.1p.and.defines.the.Generic.
38c80	41 74 74 72 69 62 75 74 65 20 52 65 67 69 73 74 72 61 74 69 6f 6e 20 50 72 6f 74 6f 63 6f 6c 2e	Attribute.Registration.Protocol.
38ca0	00 49 45 54 46 20 70 75 62 6c 69 73 68 65 64 20 3a 72 66 63 3a 60 36 35 39 38 60 2c 20 64 65 74	.IETF.published.:rfc:`6598`,.det
38cc0	61 69 6c 69 6e 67 20 61 20 73 68 61 72 65 64 20 61 64 64 72 65 73 73 20 73 70 61 63 65 20 66 6f	ailing.a.shared.address.space.fo
38ce0	72 20 75 73 65 20 69 6e 20 49 53 50 20 43 47 4e 20 64 65 70 6c 6f 79 6d 65 6e 74 73 20 74 68 61	r.use.in.ISP.CGN.deployments.tha
38d00	74 20 63 61 6e 20 68 61 6e 64 6c 65 20 74 68 65 20 73 61 6d 65 20 6e 65 74 77 6f 72 6b 20 70 72	t.can.handle.the.same.network.pr
38d20	65 66 69 78 65 73 20 6f 63 63 75 72 72 69 6e 67 20 62 6f 74 68 20 6f 6e 20 69 6e 62 6f 75 6e 64	efixes.occurring.both.on.inbound
38d40	20 61 6e 64 20 6f 75 74 62 6f 75 6e 64 20 69 6e 74 65 72 66 61 63 65 73 2e 20 41 52 49 4e 20 72	.and.outbound.interfaces..ARIN.r
38d60	65 74 75 72 6e 65 64 20 61 64 64 72 65 73 73 20 73 70 61 63 65 20 74 6f 20 74 68 65 20 3a 61 62	eturned.address.space.to.the.:ab
38d80	62 72 3a 60 49 41 4e 41 20 28 49 6e 74 65 72 6e 65 74 20 41 73 73 69 67 6e 65 64 20 4e 75 6d 62	br:`IANA.(Internet.Assigned.Numb
38da0	65 72 73 20 41 75 74 68 6f 72 69 74 79 29 60 20 66 6f 72 20 74 68 69 73 20 61 6c 6c 6f 63 61 74	ers.Authority)`.for.this.allocat
38dc0	69 6f 6e 2e 00 49 47 4d 50 20 50 72 6f 78 79 00 49 4b 45 20 28 49 6e 74 65 72 6e 65 74 20 4b 65	ion..IGMP.Proxy.IKE.(Internet.Ke
38de0	79 20 45 78 63 68 61 6e 67 65 29 20 41 74 74 72 69 62 75 74 65 73 00 49 4b 45 20 50 68 61 73 65	y.Exchange).Attributes.IKE.Phase
38e00	3a 00 49 4b 45 20 70 65 72 66 6f 72 6d 73 20 6d 75 74 75 61 6c 20 61 75 74 68 65 6e 74 69 63 61	:.IKE.performs.mutual.authentica
38e20	74 69 6f 6e 20 62 65 74 77 65 65 6e 20 74 77 6f 20 70 61 72 74 69 65 73 20 61 6e 64 20 65 73 74	tion.between.two.parties.and.est
38e40	61 62 6c 69 73 68 65 73 20 61 6e 20 49 4b 45 20 73 65 63 75 72 69 74 79 20 61 73 73 6f 63 69 61	ablishes.an.IKE.security.associa
38e60	74 69 6f 6e 20 28 53 41 29 20 74 68 61 74 20 69 6e 63 6c 75 64 65 73 20 73 68 61 72 65 64 20 73	tion.(SA).that.includes.shared.s
38e80	65 63 72 65 74 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74 68 61 74 20 63 61 6e 20 62 65 20 75 73	ecret.information.that.can.be.us
38ea0	65 64 20 74 6f 20 65 66 66 69 63 69 65 6e 74 6c 79 20 65 73 74 61 62 6c 69 73 68 20 53 41 73 20	ed.to.efficiently.establish.SAs.
38ec0	66 6f 72 20 45 6e 63 61 70 73 75 6c 61 74 69 6e 67 20 53 65 63 75 72 69 74 79 20 50 61 79 6c 6f	for.Encapsulating.Security.Paylo
38ee0	61 64 20 28 45 53 50 29 20 6f 72 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 48 65 61 64 65	ad.(ESP).or.Authentication.Heade
38f00	72 20 28 41 48 29 20 61 6e 64 20 61 20 73 65 74 20 6f 66 20 63 72 79 70 74 6f 67 72 61 70 68 69	r.(AH).and.a.set.of.cryptographi
38f20	63 20 61 6c 67 6f 72 69 74 68 6d 73 20 74 6f 20 62 65 20 75 73 65 64 20 62 79 20 74 68 65 20 53	c.algorithms.to.be.used.by.the.S
38f40	41 73 20 74 6f 20 70 72 6f 74 65 63 74 20 74 68 65 20 74 72 61 66 66 69 63 20 74 68 61 74 20 74	As.to.protect.the.traffic.that.t
38f60	68 65 79 20 63 61 72 72 79 2e 20 68 74 74 70 73 3a 2f 2f 64 61 74 61 74 72 61 63 6b 65 72 2e 69	hey.carry..https://datatracker.i
38f80	65 74 66 2e 6f 72 67 2f 64 6f 63 2f 68 74 6d 6c 2f 72 66 63 35 39 39 36 00 49 4b 45 76 31 00 49	etf.org/doc/html/rfc5996.IKEv1.I
38fa0	4b 45 76 32 00 49 50 00 49 50 20 61 64 64 72 65 73 73 00 49 50 20 61 64 64 72 65 73 73 20 60 60	KEv2.IP.IP.address.IP.address.``
38fc0	31 39 32 2e 31 36 38 2e 31 2e 31 30 30 60 60 20 73 68 61 6c 6c 20 62 65 20 73 74 61 74 69 63 61	192.168.1.100``.shall.be.statica
38fe0	6c 6c 79 20 6d 61 70 70 65 64 20 74 6f 20 63 6c 69 65 6e 74 20 6e 61 6d 65 64 20 60 60 63 6c 69	lly.mapped.to.client.named.``cli
39000	65 6e 74 31 60 60 00 49 50 20 61 64 64 72 65 73 73 20 60 60 31 39 32 2e 31 36 38 2e 32 2e 31 2f	ent1``.IP.address.``192.168.2.1/
39020	32 34 60 60 00 49 50 20 61 64 64 72 65 73 73 20 66 6f 72 20 44 48 43 50 20 73 65 72 76 65 72 20	24``.IP.address.for.DHCP.server.
39040	69 64 65 6e 74 69 66 69 65 72 00 49 50 20 61 64 64 72 65 73 73 20 6f 66 20 4e 54 50 20 73 65 72	identifier.IP.address.of.NTP.ser
39060	76 65 72 00 49 50 20 61 64 64 72 65 73 73 20 6f 66 20 50 4f 50 33 20 73 65 72 76 65 72 00 49 50	ver.IP.address.of.POP3.server.IP
39080	20 61 64 64 72 65 73 73 20 6f 66 20 53 4d 54 50 20 73 65 72 76 65 72 00 49 50 20 61 64 64 72 65	.address.of.SMTP.server.IP.addre
390a0	73 73 20 6f 66 20 72 6f 75 74 65 20 74 6f 20 6d 61 74 63 68 2c 20 62 61 73 65 64 20 6f 6e 20 61	ss.of.route.to.match,.based.on.a
390c0	63 63 65 73 73 2d 6c 69 73 74 2e 00 49 50 20 61 64 64 72 65 73 73 20 6f 66 20 72 6f 75 74 65 20	ccess-list..IP.address.of.route.
390e0	74 6f 20 6d 61 74 63 68 2c 20 62 61 73 65 64 20 6f 6e 20 70 72 65 66 69 78 2d 6c 69 73 74 2e 00	to.match,.based.on.prefix-list..
39100	49 50 20 61 64 64 72 65 73 73 20 6f 66 20 72 6f 75 74 65 20 74 6f 20 6d 61 74 63 68 2c 20 62 61	IP.address.of.route.to.match,.ba
39120	73 65 64 20 6f 6e 20 73 70 65 63 69 66 69 65 64 20 70 72 65 66 69 78 2d 6c 65 6e 67 74 68 2e 20	sed.on.specified.prefix-length..
39140	4e 6f 74 65 20 74 68 61 74 20 74 68 69 73 20 63 61 6e 20 62 65 20 75 73 65 64 20 66 6f 72 20 6b	Note.that.this.can.be.used.for.k
39160	65 72 6e 65 6c 20 72 6f 75 74 65 73 20 6f 6e 6c 79 2e 20 44 6f 20 6e 6f 74 20 61 70 70 6c 79 20	ernel.routes.only..Do.not.apply.
39180	74 6f 20 74 68 65 20 72 6f 75 74 65 73 20 6f 66 20 64 79 6e 61 6d 69 63 20 72 6f 75 74 69 6e 67	to.the.routes.of.dynamic.routing
391a0	20 70 72 6f 74 6f 63 6f 6c 73 20 28 65 2e 67 2e 20 42 47 50 2c 20 52 49 50 2c 20 4f 53 46 50 29	.protocols.(e.g..BGP,.RIP,.OSFP)
391c0	2c 20 61 73 20 74 68 69 73 20 63 61 6e 20 6c 65 61 64 20 74 6f 20 75 6e 65 78 70 65 63 74 65 64	,.as.this.can.lead.to.unexpected
391e0	20 72 65 73 75 6c 74 73 2e 2e 00 49 50 20 61 64 64 72 65 73 73 20 74 6f 20 65 78 63 6c 75 64 65	.results...IP.address.to.exclude
39200	20 66 72 6f 6d 20 44 48 43 50 20 6c 65 61 73 65 20 72 61 6e 67 65 00 49 50 20 61 64 64 72 65 73	.from.DHCP.lease.range.IP.addres
39220	73 65 73 20 6f 72 20 6e 65 74 77 6f 72 6b 73 20 66 6f 72 20 77 68 69 63 68 20 6c 6f 63 61 6c 20	ses.or.networks.for.which.local.
39240	63 6f 6e 6e 74 72 61 63 6b 20 65 6e 74 72 69 65 73 20 77 69 6c 6c 20 6e 6f 74 20 62 65 20 73 79	conntrack.entries.will.not.be.sy
39260	6e 63 65 64 00 49 50 20 6d 61 6e 61 67 65 6d 65 6e 74 20 61 64 64 72 65 73 73 00 49 50 20 6d 61	nced.IP.management.address.IP.ma
39280	73 71 75 65 72 61 64 69 6e 67 20 69 73 20 61 20 74 65 63 68 6e 69 71 75 65 20 74 68 61 74 20 68	squerading.is.a.technique.that.h
392a0	69 64 65 73 20 61 6e 20 65 6e 74 69 72 65 20 49 50 20 61 64 64 72 65 73 73 20 73 70 61 63 65 2c	ides.an.entire.IP.address.space,
392c0	20 75 73 75 61 6c 6c 79 20 63 6f 6e 73 69 73 74 69 6e 67 20 6f 66 20 70 72 69 76 61 74 65 20 49	.usually.consisting.of.private.I
392e0	50 20 61 64 64 72 65 73 73 65 73 2c 20 62 65 68 69 6e 64 20 61 20 73 69 6e 67 6c 65 20 49 50 20	P.addresses,.behind.a.single.IP.
39300	61 64 64 72 65 73 73 20 69 6e 20 61 6e 6f 74 68 65 72 2c 20 75 73 75 61 6c 6c 79 20 70 75 62 6c	address.in.another,.usually.publ
39320	69 63 20 61 64 64 72 65 73 73 20 73 70 61 63 65 2e 20 54 68 65 20 68 69 64 64 65 6e 20 61 64 64	ic.address.space..The.hidden.add
39340	72 65 73 73 65 73 20 61 72 65 20 63 68 61 6e 67 65 64 20 69 6e 74 6f 20 61 20 73 69 6e 67 6c 65	resses.are.changed.into.a.single
39360	20 28 70 75 62 6c 69 63 29 20 49 50 20 61 64 64 72 65 73 73 20 61 73 20 74 68 65 20 73 6f 75 72	.(public).IP.address.as.the.sour
39380	63 65 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 6f 75 74 67 6f 69 6e 67 20 49 50 20 70 61	ce.address.of.the.outgoing.IP.pa
393a0	63 6b 65 74 73 20 73 6f 20 74 68 65 79 20 61 70 70 65 61 72 20 61 73 20 6f 72 69 67 69 6e 61 74	ckets.so.they.appear.as.originat
393c0	69 6e 67 20 6e 6f 74 20 66 72 6f 6d 20 74 68 65 20 68 69 64 64 65 6e 20 68 6f 73 74 20 62 75 74	ing.not.from.the.hidden.host.but
393e0	20 66 72 6f 6d 20 74 68 65 20 72 6f 75 74 69 6e 67 20 64 65 76 69 63 65 20 69 74 73 65 6c 66 2e	.from.the.routing.device.itself.
39400	20 42 65 63 61 75 73 65 20 6f 66 20 74 68 65 20 70 6f 70 75 6c 61 72 69 74 79 20 6f 66 20 74 68	.Because.of.the.popularity.of.th
39420	69 73 20 74 65 63 68 6e 69 71 75 65 20 74 6f 20 63 6f 6e 73 65 72 76 65 20 49 50 76 34 20 61 64	is.technique.to.conserve.IPv4.ad
39440	64 72 65 73 73 20 73 70 61 63 65 2c 20 74 68 65 20 74 65 72 6d 20 4e 41 54 20 68 61 73 20 62 65	dress.space,.the.term.NAT.has.be
39460	63 6f 6d 65 20 76 69 72 74 75 61 6c 6c 79 20 73 79 6e 6f 6e 79 6d 6f 75 73 20 77 69 74 68 20 49	come.virtually.synonymous.with.I
39480	50 20 6d 61 73 71 75 65 72 61 64 69 6e 67 2e 00 49 50 20 6e 65 78 74 2d 68 6f 70 20 6f 66 20 72	P.masquerading..IP.next-hop.of.r
394a0	6f 75 74 65 20 74 6f 20 6d 61 74 63 68 2c 20 62 61 73 65 64 20 6f 6e 20 61 63 63 65 73 73 2d 6c	oute.to.match,.based.on.access-l
394c0	69 73 74 2e 00 49 50 20 6e 65 78 74 2d 68 6f 70 20 6f 66 20 72 6f 75 74 65 20 74 6f 20 6d 61 74	ist..IP.next-hop.of.route.to.mat
394e0	63 68 2c 20 62 61 73 65 64 20 6f 6e 20 69 70 20 61 64 64 72 65 73 73 2e 00 49 50 20 6e 65 78 74	ch,.based.on.ip.address..IP.next
39500	2d 68 6f 70 20 6f 66 20 72 6f 75 74 65 20 74 6f 20 6d 61 74 63 68 2c 20 62 61 73 65 64 20 6f 6e	-hop.of.route.to.match,.based.on
39520	20 70 72 65 66 69 78 20 6c 65 6e 67 74 68 2e 00 49 50 20 6e 65 78 74 2d 68 6f 70 20 6f 66 20 72	.prefix.length..IP.next-hop.of.r
39540	6f 75 74 65 20 74 6f 20 6d 61 74 63 68 2c 20 62 61 73 65 64 20 6f 6e 20 70 72 65 66 69 78 2d 6c	oute.to.match,.based.on.prefix-l
39560	69 73 74 2e 00 49 50 20 6e 65 78 74 2d 68 6f 70 20 6f 66 20 72 6f 75 74 65 20 74 6f 20 6d 61 74	ist..IP.next-hop.of.route.to.mat
39580	63 68 2c 20 62 61 73 65 64 20 6f 6e 20 74 79 70 65 2e 00 49 50 20 70 72 65 63 65 64 65 6e 63 65	ch,.based.on.type..IP.precedence
395a0	20 61 73 20 64 65 66 69 6e 65 64 20 69 6e 20 3a 72 66 63 3a 60 37 39 31 60 3a 00 49 50 20 70 72	.as.defined.in.:rfc:`791`:.IP.pr
395c0	6f 74 6f 63 6f 6c 20 6e 75 6d 62 65 72 20 35 30 20 28 45 53 50 29 00 49 50 20 72 6f 75 74 65 20	otocol.number.50.(ESP).IP.route.
395e0	73 6f 75 72 63 65 20 6f 66 20 72 6f 75 74 65 20 74 6f 20 6d 61 74 63 68 2c 20 62 61 73 65 64 20	source.of.route.to.match,.based.
39600	6f 6e 20 61 63 63 65 73 73 2d 6c 69 73 74 2e 00 49 50 20 72 6f 75 74 65 20 73 6f 75 72 63 65 20	on.access-list..IP.route.source.
39620	6f 66 20 72 6f 75 74 65 20 74 6f 20 6d 61 74 63 68 2c 20 62 61 73 65 64 20 6f 6e 20 70 72 65 66	of.route.to.match,.based.on.pref
39640	69 78 2d 6c 69 73 74 2e 00 49 50 36 49 50 36 00 49 50 49 50 00 49 50 49 50 36 00 49 50 53 65 63	ix-list..IP6IP6.IPIP.IPIP6.IPSec
39660	20 49 4b 45 20 61 6e 64 20 45 53 50 00 49 50 53 65 63 20 49 4b 45 20 61 6e 64 20 45 53 50 20 47	.IKE.and.ESP.IPSec.IKE.and.ESP.G
39680	72 6f 75 70 73 3b 00 49 50 53 65 63 20 49 4b 45 76 32 20 73 69 74 65 32 73 69 74 65 20 56 50 4e	roups;.IPSec.IKEv2.site2site.VPN
396a0	00 49 50 53 65 63 20 49 4b 45 76 32 20 73 69 74 65 32 73 69 74 65 20 56 50 4e 20 28 73 6f 75 72	.IPSec.IKEv2.site2site.VPN.(sour
396c0	63 65 20 2e 2f 64 72 61 77 2e 69 6f 2f 76 70 6e 5f 73 32 73 5f 69 6b 65 76 32 2e 64 72 61 77 69	ce../draw.io/vpn_s2s_ikev2.drawi
396e0	6f 29 00 49 50 53 65 63 20 56 50 4e 20 54 75 6e 6e 65 6c 73 00 49 50 53 65 63 20 56 50 4e 20 74	o).IPSec.VPN.Tunnels.IPSec.VPN.t
39700	75 6e 6e 65 6c 73 2e 00 49 50 53 65 63 3a 00 49 50 6f 45 20 53 65 72 76 65 72 00 49 50 6f 45 20	unnels..IPSec:.IPoE.Server.IPoE.
39720	63 61 6e 20 62 65 20 63 6f 6e 66 69 67 75 72 65 20 6f 6e 20 64 69 66 66 65 72 65 6e 74 20 69 6e	can.be.configure.on.different.in
39740	74 65 72 66 61 63 65 73 2c 20 69 74 20 77 69 6c 6c 20 64 65 70 65 6e 64 20 6f 6e 20 65 61 63 68	terfaces,.it.will.depend.on.each
39760	20 73 70 65 63 69 66 69 63 20 73 69 74 75 61 74 69 6f 6e 20 77 68 69 63 68 20 69 6e 74 65 72 66	.specific.situation.which.interf
39780	61 63 65 20 77 69 6c 6c 20 70 72 6f 76 69 64 65 20 49 50 6f 45 20 74 6f 20 63 6c 69 65 6e 74 73	ace.will.provide.IPoE.to.clients
397a0	2e 20 54 68 65 20 63 6c 69 65 6e 74 73 20 6d 61 63 20 61 64 64 72 65 73 73 20 61 6e 64 20 74 68	..The.clients.mac.address.and.th
397c0	65 20 69 6e 63 6f 6d 69 6e 67 20 69 6e 74 65 72 66 61 63 65 20 69 73 20 62 65 69 6e 67 20 75 73	e.incoming.interface.is.being.us
397e0	65 64 20 61 73 20 63 6f 6e 74 72 6f 6c 20 70 61 72 61 6d 65 74 65 72 2c 20 74 6f 20 61 75 74 68	ed.as.control.parameter,.to.auth
39800	65 6e 74 69 63 61 74 65 20 61 20 63 6c 69 65 6e 74 2e 00 49 50 6f 45 20 69 73 20 61 20 6d 65 74	enticate.a.client..IPoE.is.a.met
39820	68 6f 64 20 6f 66 20 64 65 6c 69 76 65 72 69 6e 67 20 61 6e 20 49 50 20 70 61 79 6c 6f 61 64 20	hod.of.delivering.an.IP.payload.
39840	6f 76 65 72 20 61 6e 20 45 74 68 65 72 6e 65 74 2d 62 61 73 65 64 20 61 63 63 65 73 73 20 6e 65	over.an.Ethernet-based.access.ne
39860	74 77 6f 72 6b 20 6f 72 20 61 6e 20 61 63 63 65 73 73 20 6e 65 74 77 6f 72 6b 20 75 73 69 6e 67	twork.or.an.access.network.using
39880	20 62 72 69 64 67 65 64 20 45 74 68 65 72 6e 65 74 20 6f 76 65 72 20 41 73 79 6e 63 68 72 6f 6e	.bridged.Ethernet.over.Asynchron
398a0	6f 75 73 20 54 72 61 6e 73 66 65 72 20 4d 6f 64 65 20 28 41 54 4d 29 20 77 69 74 68 6f 75 74 20	ous.Transfer.Mode.(ATM).without.
398c0	75 73 69 6e 67 20 50 50 50 6f 45 2e 20 49 74 20 64 69 72 65 63 74 6c 79 20 65 6e 63 61 70 73 75	using.PPPoE..It.directly.encapsu
398e0	6c 61 74 65 73 20 74 68 65 20 49 50 20 64 61 74 61 67 72 61 6d 73 20 69 6e 20 45 74 68 65 72 6e	lates.the.IP.datagrams.in.Ethern
39900	65 74 20 66 72 61 6d 65 73 2c 20 75 73 69 6e 67 20 74 68 65 20 73 74 61 6e 64 61 72 64 20 3a 72	et.frames,.using.the.standard.:r
39920	66 63 3a 60 38 39 34 60 20 65 6e 63 61 70 73 75 6c 61 74 69 6f 6e 2e 00 49 50 6f 45 20 73 65 72	fc:`894`.encapsulation..IPoE.ser
39940	76 65 72 20 77 69 6c 6c 20 6c 69 73 74 65 6e 20 6f 6e 20 69 6e 74 65 72 66 61 63 65 73 20 65 74	ver.will.listen.on.interfaces.et
39960	68 31 2e 35 30 20 61 6e 64 20 65 74 68 31 2e 35 31 00 49 50 73 65 63 00 49 50 73 65 63 20 70 6f	h1.50.and.eth1.51.IPsec.IPsec.po
39980	6c 69 63 79 20 6d 61 74 63 68 69 6e 67 20 47 52 45 00 49 50 76 34 00 49 50 76 34 20 61 64 64 72	licy.matching.GRE.IPv4.IPv4.addr
399a0	65 73 73 20 6f 66 20 6e 65 78 74 20 62 6f 6f 74 73 74 72 61 70 20 73 65 72 76 65 72 00 49 50 76	ess.of.next.bootstrap.server.IPv
399c0	34 20 61 64 64 72 65 73 73 20 6f 66 20 72 6f 75 74 65 72 20 6f 6e 20 74 68 65 20 63 6c 69 65 6e	4.address.of.router.on.the.clien
399e0	74 27 73 20 73 75 62 6e 65 74 00 49 50 76 34 20 6f 72 20 49 50 76 36 20 73 6f 75 72 63 65 20 61	t's.subnet.IPv4.or.IPv6.source.a
39a00	64 64 72 65 73 73 20 6f 66 20 4e 65 74 46 6c 6f 77 20 70 61 63 6b 65 74 73 00 49 50 76 34 20 70	ddress.of.NetFlow.packets.IPv4.p
39a20	65 65 72 69 6e 67 00 49 50 76 34 20 72 65 6c 61 79 00 49 50 76 34 20 72 6f 75 74 65 20 61 6e 64	eering.IPv4.relay.IPv4.route.and
39a40	20 49 50 76 36 20 72 6f 75 74 65 20 70 6f 6c 69 63 69 65 73 20 61 72 65 20 64 65 66 69 6e 65 64	.IPv6.route.policies.are.defined
39a60	20 69 6e 20 74 68 69 73 20 73 65 63 74 69 6f 6e 2e 20 54 68 65 73 65 20 72 6f 75 74 65 20 70 6f	.in.this.section..These.route.po
39a80	6c 69 63 69 65 73 20 63 61 6e 20 74 68 65 6e 20 62 65 20 61 73 73 6f 63 69 61 74 65 64 20 74 6f	licies.can.then.be.associated.to
39aa0	20 69 6e 74 65 72 66 61 63 65 73 2e 00 49 50 76 34 20 72 6f 75 74 65 20 73 6f 75 72 63 65 3a 20	.interfaces..IPv4.route.source:.
39ac0	62 67 70 2c 20 63 6f 6e 6e 65 63 74 65 64 2c 20 65 69 67 72 70 2c 20 69 73 69 73 2c 20 6b 65 72	bgp,.connected,.eigrp,.isis,.ker
39ae0	6e 65 6c 2c 20 6e 68 72 70 2c 20 6f 73 70 66 2c 20 72 69 70 2c 20 73 74 61 74 69 63 2e 00 49 50	nel,.nhrp,.ospf,.rip,.static..IP
39b00	76 34 20 73 65 72 76 65 72 00 49 50 76 34 2f 49 50 76 36 20 72 65 6d 6f 74 65 20 61 64 64 72 65	v4.server.IPv4/IPv6.remote.addre
39b20	73 73 20 6f 66 20 74 68 65 20 56 58 4c 41 4e 20 74 75 6e 6e 65 6c 2e 20 41 6c 74 65 72 6e 61 74	ss.of.the.VXLAN.tunnel..Alternat
39b40	69 76 65 20 74 6f 20 6d 75 6c 74 69 63 61 73 74 2c 20 74 68 65 20 72 65 6d 6f 74 65 20 49 50 76	ive.to.multicast,.the.remote.IPv
39b60	34 2f 49 50 76 36 20 61 64 64 72 65 73 73 20 63 61 6e 20 73 65 74 20 64 69 72 65 63 74 6c 79 2e	4/IPv6.address.can.set.directly.
39b80	00 49 50 76 36 00 49 50 76 36 20 41 63 63 65 73 73 20 4c 69 73 74 00 49 50 76 36 20 44 48 43 50	.IPv6.IPv6.Access.List.IPv6.DHCP
39ba0	76 36 2d 50 44 20 45 78 61 6d 70 6c 65 00 49 50 76 36 20 44 4e 53 20 61 64 64 72 65 73 73 65 73	v6-PD.Example.IPv6.DNS.addresses
39bc0	20 61 72 65 20 6f 70 74 69 6f 6e 61 6c 2e 00 49 50 76 36 20 4d 75 6c 74 69 63 61 73 74 00 49 50	.are.optional..IPv6.Multicast.IP
39be0	76 36 20 50 72 65 66 69 78 20 44 65 6c 65 67 61 74 69 6f 6e 00 49 50 76 36 20 50 72 65 66 69 78	v6.Prefix.Delegation.IPv6.Prefix
39c00	20 4c 69 73 74 73 00 49 50 76 36 20 53 4c 41 41 43 20 61 6e 64 20 49 41 2d 50 44 00 49 50 76 36	.Lists.IPv6.SLAAC.and.IA-PD.IPv6
39c20	20 54 43 50 20 66 69 6c 74 65 72 73 20 77 69 6c 6c 20 6f 6e 6c 79 20 6d 61 74 63 68 20 49 50 76	.TCP.filters.will.only.match.IPv
39c40	36 20 70 61 63 6b 65 74 73 20 77 69 74 68 20 6e 6f 20 68 65 61 64 65 72 20 65 78 74 65 6e 73 69	6.packets.with.no.header.extensi
39c60	6f 6e 2c 20 73 65 65 20 68 74 74 70 73 3a 2f 2f 65 6e 2e 77 69 6b 69 70 65 64 69 61 2e 6f 72 67	on,.see.https://en.wikipedia.org
39c80	2f 77 69 6b 69 2f 49 50 76 36 5f 70 61 63 6b 65 74 23 45 78 74 65 6e 73 69 6f 6e 5f 68 65 61 64	/wiki/IPv6_packet#Extension_head
39ca0	65 72 73 00 49 50 76 36 20 61 64 64 72 65 73 73 20 60 60 32 30 30 31 3a 64 62 38 3a 3a 31 30 31	ers.IPv6.address.``2001:db8::101
39cc0	60 60 20 73 68 61 6c 6c 20 62 65 20 73 74 61 74 69 63 61 6c 6c 79 20 6d 61 70 70 65 64 00 49 50	``.shall.be.statically.mapped.IP
39ce0	76 36 20 61 64 64 72 65 73 73 20 6f 66 20 72 6f 75 74 65 20 74 6f 20 6d 61 74 63 68 2c 20 62 61	v6.address.of.route.to.match,.ba
39d00	73 65 64 20 6f 6e 20 49 50 76 36 20 61 63 63 65 73 73 2d 6c 69 73 74 2e 00 49 50 76 36 20 61 64	sed.on.IPv6.access-list..IPv6.ad
39d20	64 72 65 73 73 20 6f 66 20 72 6f 75 74 65 20 74 6f 20 6d 61 74 63 68 2c 20 62 61 73 65 64 20 6f	dress.of.route.to.match,.based.o
39d40	6e 20 49 50 76 36 20 70 72 65 66 69 78 2d 6c 69 73 74 2e 00 49 50 76 36 20 61 64 64 72 65 73 73	n.IPv6.prefix-list..IPv6.address
39d60	20 6f 66 20 72 6f 75 74 65 20 74 6f 20 6d 61 74 63 68 2c 20 62 61 73 65 64 20 6f 6e 20 73 70 65	.of.route.to.match,.based.on.spe
39d80	63 69 66 69 65 64 20 70 72 65 66 69 78 2d 6c 65 6e 67 74 68 2e 20 4e 6f 74 65 20 74 68 61 74 20	cified.prefix-length..Note.that.
39da0	74 68 69 73 20 63 61 6e 20 62 65 20 75 73 65 64 20 66 6f 72 20 6b 65 72 6e 65 6c 20 72 6f 75 74	this.can.be.used.for.kernel.rout
39dc0	65 73 20 6f 6e 6c 79 2e 20 44 6f 20 6e 6f 74 20 61 70 70 6c 79 20 74 6f 20 74 68 65 20 72 6f 75	es.only..Do.not.apply.to.the.rou
39de0	74 65 73 20 6f 66 20 64 79 6e 61 6d 69 63 20 72 6f 75 74 69 6e 67 20 70 72 6f 74 6f 63 6f 6c 73	tes.of.dynamic.routing.protocols
39e00	20 28 65 2e 67 2e 20 42 47 50 2c 20 52 49 50 2c 20 4f 53 46 50 29 2c 20 61 73 20 74 68 69 73 20	.(e.g..BGP,.RIP,.OSFP),.as.this.
39e20	63 61 6e 20 6c 65 61 64 20 74 6f 20 75 6e 65 78 70 65 63 74 65 64 20 72 65 73 75 6c 74 73 2e 2e	can.lead.to.unexpected.results..
39e40	00 49 50 76 36 20 63 6c 69 65 6e 74 27 73 20 70 72 65 66 69 78 20 61 73 73 69 67 6e 6d 65 6e 74	.IPv6.client's.prefix.assignment
39e60	00 49 50 76 36 20 70 65 65 72 69 6e 67 00 49 50 76 36 20 70 72 65 66 69 78 20 60 60 32 30 30 31	.IPv6.peering.IPv6.prefix.``2001
39e80	3a 64 62 38 3a 30 3a 31 30 31 3a 3a 2f 36 34 60 60 20 73 68 61 6c 6c 20 62 65 20 73 74 61 74 69	:db8:0:101::/64``.shall.be.stati
39ea0	63 61 6c 6c 79 20 6d 61 70 70 65 64 00 49 50 76 36 20 70 72 65 66 69 78 2e 00 49 50 76 36 20 72	cally.mapped.IPv6.prefix..IPv6.r
39ec0	65 6c 61 79 00 49 50 76 36 20 72 6f 75 74 65 20 73 6f 75 72 63 65 3a 20 62 67 70 2c 20 63 6f 6e	elay.IPv6.route.source:.bgp,.con
39ee0	6e 65 63 74 65 64 2c 20 65 69 67 72 70 2c 20 69 73 69 73 2c 20 6b 65 72 6e 65 6c 2c 20 6e 68 72	nected,.eigrp,.isis,.kernel,.nhr
39f00	70 2c 20 6f 73 70 66 76 33 2c 20 72 69 70 6e 67 2c 20 73 74 61 74 69 63 2e 00 49 50 76 36 20 73	p,.ospfv3,.ripng,.static..IPv6.s
39f20	65 72 76 65 72 00 49 50 76 36 20 73 75 70 70 6f 72 74 00 49 53 2d 49 53 00 49 53 2d 49 53 20 47	erver.IPv6.support.IS-IS.IS-IS.G
39f40	6c 6f 62 61 6c 20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 00 49 53 2d 49 53 20 53 52 20 43 6f 6e	lobal.Configuration.IS-IS.SR.Con
39f60	66 69 67 75 72 61 74 69 6f 6e 00 49 53 43 2d 44 48 43 50 20 4f 70 74 69 6f 6e 20 6e 61 6d 65 00	figuration.ISC-DHCP.Option.name.
39f80	49 64 65 6e 74 69 74 79 20 42 61 73 65 64 20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 00 49 66 20	Identity.Based.Configuration.If.
39fa0	2a 2a 6d 61 78 2d 74 68 72 65 73 68 6f 6c 64 2a 2a 20 69 73 20 73 65 74 20 62 75 74 20 2a 2a 6d	**max-threshold**.is.set.but.**m
39fc0	69 6e 2d 74 68 72 65 73 68 6f 6c 64 20 69 73 20 6e 6f 74 2c 20 74 68 65 6e 20 2a 2a 6d 69 6e 2d	in-threshold.is.not,.then.**min-
39fe0	74 68 72 65 73 68 6f 6c 64 2a 2a 20 69 73 20 73 63 61 6c 65 64 20 74 6f 20 35 30 25 20 6f 66 20	threshold**.is.scaled.to.50%.of.
3a000	2a 2a 6d 61 78 2d 74 68 72 65 73 68 6f 6c 64 2a 2a 2e 00 49 66 20 3a 63 66 67 63 6d 64 3a 60 73	**max-threshold**..If.:cfgcmd:`s
3a020	74 72 69 63 74 60 20 69 73 20 73 65 74 20 74 68 65 20 42 47 50 20 73 65 73 73 69 6f 6e 20 77 6f	trict`.is.set.the.BGP.session.wo
3a040	6e e2 80 99 74 20 62 65 63 6f 6d 65 20 65 73 74 61 62 6c 69 73 68 65 64 20 75 6e 74 69 6c 20 74	n...t.become.established.until.t
3a060	68 65 20 42 47 50 20 6e 65 69 67 68 62 6f 72 20 73 65 74 73 20 6c 6f 63 61 6c 20 52 6f 6c 65 20	he.BGP.neighbor.sets.local.Role.
3a080	6f 6e 20 69 74 73 20 73 69 64 65 2e 20 54 68 69 73 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20	on.its.side..This.configuration.
3a0a0	70 61 72 61 6d 65 74 65 72 20 69 73 20 64 65 66 69 6e 65 64 20 69 6e 20 52 46 43 20 3a 72 66 63	parameter.is.defined.in.RFC.:rfc
3a0c0	3a 60 39 32 33 34 60 20 61 6e 64 20 69 73 20 75 73 65 64 20 74 6f 20 65 6e 66 6f 72 63 65 20 74	:`9234`.and.is.used.to.enforce.t
3a0e0	68 65 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61	he.corresponding.configuration.a
3a100	74 20 79 6f 75 72 20 63 6f 75 6e 74 65 72 2d 70 61 72 74 73 20 73 69 64 65 2e 00 49 66 20 41 52	t.your.counter-parts.side..If.AR
3a120	50 20 6d 6f 6e 69 74 6f 72 69 6e 67 20 69 73 20 75 73 65 64 20 69 6e 20 61 6e 20 65 74 68 65 72	P.monitoring.is.used.in.an.ether
3a140	63 68 61 6e 6e 65 6c 20 63 6f 6d 70 61 74 69 62 6c 65 20 6d 6f 64 65 20 28 6d 6f 64 65 73 20 72	channel.compatible.mode.(modes.r
3a160	6f 75 6e 64 2d 72 6f 62 69 6e 20 61 6e 64 20 78 6f 72 2d 68 61 73 68 29 2c 20 74 68 65 20 73 77	ound-robin.and.xor-hash),.the.sw
3a180	69 74 63 68 20 73 68 6f 75 6c 64 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 69 6e 20 61 20 6d	itch.should.be.configured.in.a.m
3a1a0	6f 64 65 20 74 68 61 74 20 65 76 65 6e 6c 79 20 64 69 73 74 72 69 62 75 74 65 73 20 70 61 63 6b	ode.that.evenly.distributes.pack
3a1c0	65 74 73 20 61 63 72 6f 73 73 20 61 6c 6c 20 6c 69 6e 6b 73 2e 20 49 66 20 74 68 65 20 73 77 69	ets.across.all.links..If.the.swi
3a1e0	74 63 68 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 74 6f 20 64 69 73 74 72 69 62 75 74 65 20	tch.is.configured.to.distribute.
3a200	74 68 65 20 70 61 63 6b 65 74 73 20 69 6e 20 61 6e 20 58 4f 52 20 66 61 73 68 69 6f 6e 2c 20 61	the.packets.in.an.XOR.fashion,.a
3a220	6c 6c 20 72 65 70 6c 69 65 73 20 66 72 6f 6d 20 74 68 65 20 41 52 50 20 74 61 72 67 65 74 73 20	ll.replies.from.the.ARP.targets.
3a240	77 69 6c 6c 20 62 65 20 72 65 63 65 69 76 65 64 20 6f 6e 20 74 68 65 20 73 61 6d 65 20 6c 69 6e	will.be.received.on.the.same.lin
3a260	6b 20 77 68 69 63 68 20 63 6f 75 6c 64 20 63 61 75 73 65 20 74 68 65 20 6f 74 68 65 72 20 74 65	k.which.could.cause.the.other.te
3a280	61 6d 20 6d 65 6d 62 65 72 73 20 74 6f 20 66 61 69 6c 2e 00 49 66 20 43 41 20 69 73 20 70 72 65	am.members.to.fail..If.CA.is.pre
3a2a0	73 65 6e 74 2c 20 74 68 69 73 20 63 65 72 74 69 66 69 63 61 74 65 20 77 69 6c 6c 20 62 65 20 69	sent,.this.certificate.will.be.i
3a2c0	6e 63 6c 75 64 65 64 20 69 6e 20 67 65 6e 65 72 61 74 65 64 20 43 52 4c 73 00 49 66 20 43 4c 49	ncluded.in.generated.CRLs.If.CLI
3a2e0	20 6f 70 74 69 6f 6e 20 69 73 20 6e 6f 74 20 73 70 65 63 69 66 69 65 64 2c 20 74 68 69 73 20 66	.option.is.not.specified,.this.f
3a300	65 61 74 75 72 65 20 69 73 20 64 69 73 61 62 6c 65 64 2e 00 49 66 20 60 60 61 6c 69 61 73 60 60	eature.is.disabled..If.``alias``
3a320	20 69 73 20 73 65 74 2c 20 69 74 20 63 61 6e 20 62 65 20 75 73 65 64 20 69 6e 73 74 65 61 64 20	.is.set,.it.can.be.used.instead.
3a340	6f 66 20 74 68 65 20 64 65 76 69 63 65 20 77 68 65 6e 20 63 6f 6e 6e 65 63 74 69 6e 67 2e 00 49	of.the.device.when.connecting..I
3a360	66 20 61 20 6c 6f 63 61 6c 20 66 69 72 65 77 61 6c 6c 20 70 6f 6c 69 63 79 20 69 73 20 69 6e 20	f.a.local.firewall.policy.is.in.
3a380	70 6c 61 63 65 20 6f 6e 20 79 6f 75 72 20 65 78 74 65 72 6e 61 6c 20 69 6e 74 65 72 66 61 63 65	place.on.your.external.interface
3a3a0	20 79 6f 75 20 77 69 6c 6c 20 6e 65 65 64 20 74 6f 20 61 6c 6c 6f 77 20 74 68 65 20 70 6f 72 74	.you.will.need.to.allow.the.port
3a3c0	73 20 62 65 6c 6f 77 3a 00 49 66 20 61 20 72 65 67 69 73 74 72 79 20 69 73 20 6e 6f 74 20 73 70	s.below:.If.a.registry.is.not.sp
3a3e0	65 63 69 66 69 65 64 2c 20 44 6f 63 6b 65 72 2e 69 6f 20 77 69 6c 6c 20 62 65 20 75 73 65 64 20	ecified,.Docker.io.will.be.used.
3a400	61 73 20 74 68 65 20 63 6f 6e 74 61 69 6e 65 72 20 72 65 67 69 73 74 72 79 20 75 6e 6c 65 73 73	as.the.container.registry.unless
3a420	20 61 6e 20 61 6c 74 65 72 6e 61 74 69 76 65 20 72 65 67 69 73 74 72 79 20 69 73 20 73 70 65 63	.an.alternative.registry.is.spec
3a440	69 66 69 65 64 20 75 73 69 6e 67 20 2a 2a 73 65 74 20 63 6f 6e 74 61 69 6e 65 72 20 72 65 67 69	ified.using.**set.container.regi
3a460	73 74 72 79 20 3c 6e 61 6d 65 3e 2a 2a 20 6f 72 20 74 68 65 20 72 65 67 69 73 74 72 79 20 69 73	stry.<name>**.or.the.registry.is
3a480	20 69 6e 63 6c 75 64 65 64 20 69 6e 20 74 68 65 20 69 6d 61 67 65 20 6e 61 6d 65 00 49 66 20 61	.included.in.the.image.name.If.a
3a4a0	20 72 65 73 70 6f 6e 73 65 20 69 73 20 68 65 61 72 64 2c 20 74 68 65 20 6c 65 61 73 65 20 69 73	.response.is.heard,.the.lease.is
3a4c0	20 61 62 61 6e 64 6f 6e 65 64 2c 20 61 6e 64 20 74 68 65 20 73 65 72 76 65 72 20 64 6f 65 73 20	.abandoned,.and.the.server.does.
3a4e0	6e 6f 74 20 72 65 73 70 6f 6e 64 20 74 6f 20 74 68 65 20 63 6c 69 65 6e 74 2e 20 54 68 65 20 6c	not.respond.to.the.client..The.l
3a500	65 61 73 65 20 77 69 6c 6c 20 72 65 6d 61 69 6e 20 61 62 61 6e 64 6f 6e 65 64 20 66 6f 72 20 61	ease.will.remain.abandoned.for.a
3a520	20 6d 69 6e 69 6d 75 6d 20 6f 66 20 61 62 61 6e 64 6f 6e 2d 6c 65 61 73 65 2d 74 69 6d 65 20 73	.minimum.of.abandon-lease-time.s
3a540	65 63 6f 6e 64 73 20 28 64 65 66 61 75 6c 74 73 20 74 6f 20 32 34 20 68 6f 75 72 73 29 2e 00 49	econds.(defaults.to.24.hours)..I
3a560	66 20 61 20 72 6f 75 74 65 20 68 61 73 20 61 6e 20 4f 52 49 47 49 4e 41 54 4f 52 5f 49 44 20 61	f.a.route.has.an.ORIGINATOR_ID.a
3a580	74 74 72 69 62 75 74 65 20 62 65 63 61 75 73 65 20 69 74 20 68 61 73 20 62 65 65 6e 20 72 65 66	ttribute.because.it.has.been.ref
3a5a0	6c 65 63 74 65 64 2c 20 74 68 61 74 20 4f 52 49 47 49 4e 41 54 4f 52 5f 49 44 20 77 69 6c 6c 20	lected,.that.ORIGINATOR_ID.will.
3a5c0	62 65 20 75 73 65 64 2e 20 4f 74 68 65 72 77 69 73 65 2c 20 74 68 65 20 72 6f 75 74 65 72 2d 49	be.used..Otherwise,.the.router-I
3a5e0	44 20 6f 66 20 74 68 65 20 70 65 65 72 20 74 68 65 20 72 6f 75 74 65 20 77 61 73 20 72 65 63 65	D.of.the.peer.the.route.was.rece
3a600	69 76 65 64 20 66 72 6f 6d 20 77 69 6c 6c 20 62 65 20 75 73 65 64 2e 00 49 66 20 61 20 72 75 6c	ived.from.will.be.used..If.a.rul
3a620	65 20 69 73 20 64 65 66 69 6e 65 64 2c 20 74 68 65 6e 20 61 6e 20 61 63 74 69 6f 6e 20 6d 75 73	e.is.defined,.then.an.action.mus
3a640	74 20 62 65 20 64 65 66 69 6e 65 64 20 66 6f 72 20 69 74 2e 20 54 68 69 73 20 74 65 6c 6c 73 20	t.be.defined.for.it..This.tells.
3a660	74 68 65 20 66 69 72 65 77 61 6c 6c 20 77 68 61 74 20 74 6f 20 64 6f 20 69 66 20 61 6c 6c 20 63	the.firewall.what.to.do.if.all.c
3a680	72 69 74 65 72 69 61 20 6d 61 74 63 68 65 72 73 20 64 65 66 69 6e 65 64 20 66 6f 72 20 73 75 63	riteria.matchers.defined.for.suc
3a6a0	68 20 72 75 6c 65 20 64 6f 20 6d 61 74 63 68 2e 00 49 66 20 61 20 74 68 65 72 65 20 61 72 65 20	h.rule.do.match..If.a.there.are.
3a6c0	6e 6f 20 66 72 65 65 20 61 64 64 72 65 73 73 65 73 20 62 75 74 20 74 68 65 72 65 20 61 72 65 20	no.free.addresses.but.there.are.
3a6e0	61 62 61 6e 64 6f 6e 65 64 20 49 50 20 61 64 64 72 65 73 73 65 73 2c 20 74 68 65 20 44 48 43 50	abandoned.IP.addresses,.the.DHCP
3a700	20 73 65 72 76 65 72 20 77 69 6c 6c 20 61 74 74 65 6d 70 74 20 74 6f 20 72 65 63 6c 61 69 6d 20	.server.will.attempt.to.reclaim.
3a720	61 6e 20 61 62 61 6e 64 6f 6e 65 64 20 49 50 20 61 64 64 72 65 73 73 20 72 65 67 61 72 64 6c 65	an.abandoned.IP.address.regardle
3a740	73 73 20 6f 66 20 74 68 65 20 76 61 6c 75 65 20 6f 66 20 61 62 61 6e 64 6f 6e 2d 6c 65 61 73 65	ss.of.the.value.of.abandon-lease
3a760	2d 74 69 6d 65 2e 00 49 66 20 61 6e 20 49 53 50 20 64 65 70 6c 6f 79 73 20 61 20 3a 61 62 62 72	-time..If.an.ISP.deploys.a.:abbr
3a780	3a 60 43 47 4e 20 28 43 61 72 72 69 65 72 2d 67 72 61 64 65 20 4e 41 54 29 60 2c 20 61 6e 64 20	:`CGN.(Carrier-grade.NAT)`,.and.
3a7a0	75 73 65 73 20 3a 72 66 63 3a 60 31 39 31 38 60 20 61 64 64 72 65 73 73 20 73 70 61 63 65 20 74	uses.:rfc:`1918`.address.space.t
3a7c0	6f 20 6e 75 6d 62 65 72 20 63 75 73 74 6f 6d 65 72 20 67 61 74 65 77 61 79 73 2c 20 74 68 65 20	o.number.customer.gateways,.the.
3a7e0	72 69 73 6b 20 6f 66 20 61 64 64 72 65 73 73 20 63 6f 6c 6c 69 73 69 6f 6e 2c 20 61 6e 64 20 74	risk.of.address.collision,.and.t
3a800	68 65 72 65 66 6f 72 65 20 72 6f 75 74 69 6e 67 20 66 61 69 6c 75 72 65 73 2c 20 61 72 69 73 65	herefore.routing.failures,.arise
3a820	73 20 77 68 65 6e 20 74 68 65 20 63 75 73 74 6f 6d 65 72 20 6e 65 74 77 6f 72 6b 20 61 6c 72 65	s.when.the.customer.network.alre
3a840	61 64 79 20 75 73 65 73 20 61 6e 20 3a 72 66 63 3a 60 31 39 31 38 60 20 61 64 64 72 65 73 73 20	ady.uses.an.:rfc:`1918`.address.
3a860	73 70 61 63 65 2e 00 49 66 20 61 6e 20 61 6e 6f 74 68 65 72 20 62 72 69 64 67 65 20 69 6e 20 74	space..If.an.another.bridge.in.t
3a880	68 65 20 73 70 61 6e 6e 69 6e 67 20 74 72 65 65 20 64 6f 65 73 20 6e 6f 74 20 73 65 6e 64 20 6f	he.spanning.tree.does.not.send.o
3a8a0	75 74 20 61 20 68 65 6c 6c 6f 20 70 61 63 6b 65 74 20 66 6f 72 20 61 20 6c 6f 6e 67 20 70 65 72	ut.a.hello.packet.for.a.long.per
3a8c0	69 6f 64 20 6f 66 20 74 69 6d 65 2c 20 69 74 20 69 73 20 61 73 73 75 6d 65 64 20 74 6f 20 62 65	iod.of.time,.it.is.assumed.to.be
3a8e0	20 64 65 61 64 2e 00 49 66 20 63 6f 6e 66 69 67 75 72 65 64 2c 20 69 6e 63 6f 6d 69 6e 67 20 49	.dead..If.configured,.incoming.I
3a900	50 20 64 69 72 65 63 74 65 64 20 62 72 6f 61 64 63 61 73 74 20 70 61 63 6b 65 74 73 20 6f 6e 20	P.directed.broadcast.packets.on.
3a920	74 68 69 73 20 69 6e 74 65 72 66 61 63 65 20 77 69 6c 6c 20 62 65 20 66 6f 72 77 61 72 64 65 64	this.interface.will.be.forwarded
3a940	2e 00 49 66 20 63 6f 6e 66 69 67 75 72 65 64 2c 20 72 65 70 6c 79 20 6f 6e 6c 79 20 69 66 20 74	..If.configured,.reply.only.if.t
3a960	68 65 20 74 61 72 67 65 74 20 49 50 20 61 64 64 72 65 73 73 20 69 73 20 6c 6f 63 61 6c 20 61 64	he.target.IP.address.is.local.ad
3a980	64 72 65 73 73 20 63 6f 6e 66 69 67 75 72 65 64 20 6f 6e 20 74 68 65 20 69 6e 63 6f 6d 69 6e 67	dress.configured.on.the.incoming
3a9a0	20 69 6e 74 65 72 66 61 63 65 2e 00 49 66 20 63 6f 6e 66 69 67 75 72 65 64 2c 20 74 72 79 20 74	.interface..If.configured,.try.t
3a9c0	6f 20 61 76 6f 69 64 20 6c 6f 63 61 6c 20 61 64 64 72 65 73 73 65 73 20 74 68 61 74 20 61 72 65	o.avoid.local.addresses.that.are
3a9e0	20 6e 6f 74 20 69 6e 20 74 68 65 20 74 61 72 67 65 74 27 73 20 73 75 62 6e 65 74 20 66 6f 72 20	.not.in.the.target's.subnet.for.
3aa00	74 68 69 73 20 69 6e 74 65 72 66 61 63 65 2e 20 54 68 69 73 20 6d 6f 64 65 20 69 73 20 75 73 65	this.interface..This.mode.is.use
3aa20	66 75 6c 20 77 68 65 6e 20 74 61 72 67 65 74 20 68 6f 73 74 73 20 72 65 61 63 68 61 62 6c 65 20	ful.when.target.hosts.reachable.
3aa40	76 69 61 20 74 68 69 73 20 69 6e 74 65 72 66 61 63 65 20 72 65 71 75 69 72 65 20 74 68 65 20 73	via.this.interface.require.the.s
3aa60	6f 75 72 63 65 20 49 50 20 61 64 64 72 65 73 73 20 69 6e 20 41 52 50 20 72 65 71 75 65 73 74 73	ource.IP.address.in.ARP.requests
3aa80	20 74 6f 20 62 65 20 70 61 72 74 20 6f 66 20 74 68 65 69 72 20 6c 6f 67 69 63 61 6c 20 6e 65 74	.to.be.part.of.their.logical.net
3aaa0	77 6f 72 6b 20 63 6f 6e 66 69 67 75 72 65 64 20 6f 6e 20 74 68 65 20 72 65 63 65 69 76 69 6e 67	work.configured.on.the.receiving
3aac0	20 69 6e 74 65 72 66 61 63 65 2e 20 57 68 65 6e 20 77 65 20 67 65 6e 65 72 61 74 65 20 74 68 65	.interface..When.we.generate.the
3aae0	20 72 65 71 75 65 73 74 20 77 65 20 77 69 6c 6c 20 63 68 65 63 6b 20 61 6c 6c 20 6f 75 72 20 73	.request.we.will.check.all.our.s
3ab00	75 62 6e 65 74 73 20 74 68 61 74 20 69 6e 63 6c 75 64 65 20 74 68 65 20 74 61 72 67 65 74 20 49	ubnets.that.include.the.target.I
3ab20	50 20 61 6e 64 20 77 69 6c 6c 20 70 72 65 73 65 72 76 65 20 74 68 65 20 73 6f 75 72 63 65 20 61	P.and.will.preserve.the.source.a
3ab40	64 64 72 65 73 73 20 69 66 20 69 74 20 69 73 20 66 72 6f 6d 20 73 75 63 68 20 73 75 62 6e 65 74	ddress.if.it.is.from.such.subnet
3ab60	2e 20 49 66 20 74 68 65 72 65 20 69 73 20 6e 6f 20 73 75 63 68 20 73 75 62 6e 65 74 20 77 65 20	..If.there.is.no.such.subnet.we.
3ab80	73 65 6c 65 63 74 20 73 6f 75 72 63 65 20 61 64 64 72 65 73 73 20 61 63 63 6f 72 64 69 6e 67 20	select.source.address.according.
3aba0	74 6f 20 74 68 65 20 72 75 6c 65 73 20 66 6f 72 20 6c 65 76 65 6c 20 32 2e 00 49 66 20 63 6f 6e	to.the.rules.for.level.2..If.con
3abc0	66 69 67 75 72 69 6e 67 20 56 58 4c 41 4e 20 69 6e 20 61 20 56 79 4f 53 20 76 69 72 74 75 61 6c	figuring.VXLAN.in.a.VyOS.virtual
3abe0	20 6d 61 63 68 69 6e 65 2c 20 65 6e 73 75 72 65 20 74 68 61 74 20 4d 41 43 20 73 70 6f 6f 66 69	.machine,.ensure.that.MAC.spoofi
3ac00	6e 67 20 28 48 79 70 65 72 2d 56 29 20 6f 72 20 46 6f 72 67 65 64 20 54 72 61 6e 73 6d 69 74 73	ng.(Hyper-V).or.Forged.Transmits
3ac20	20 28 45 53 58 29 20 61 72 65 20 70 65 72 6d 69 74 74 65 64 2c 20 6f 74 68 65 72 77 69 73 65 20	.(ESX).are.permitted,.otherwise.
3ac40	66 6f 72 77 61 72 64 65 64 20 66 72 61 6d 65 73 20 6d 61 79 20 62 65 20 62 6c 6f 63 6b 65 64 20	forwarded.frames.may.be.blocked.
3ac60	62 79 20 74 68 65 20 68 79 70 65 72 76 69 73 6f 72 2e 00 49 66 20 66 6f 72 77 61 72 64 69 6e 67	by.the.hypervisor..If.forwarding
3ac80	20 74 72 61 66 66 69 63 20 74 6f 20 61 20 64 69 66 66 65 72 65 6e 74 20 70 6f 72 74 20 74 68 61	.traffic.to.a.different.port.tha
3aca0	6e 20 69 74 20 69 73 20 61 72 72 69 76 69 6e 67 20 6f 6e 2c 20 79 6f 75 20 6d 61 79 20 61 6c 73	n.it.is.arriving.on,.you.may.als
3acc0	6f 20 63 6f 6e 66 69 67 75 72 65 20 74 68 65 20 74 72 61 6e 73 6c 61 74 69 6f 6e 20 70 6f 72 74	o.configure.the.translation.port
3ace0	20 75 73 69 6e 67 20 60 73 65 74 20 6e 61 74 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 72 75 6c 65	.using.`set.nat.destination.rule
3ad00	20 5b 6e 5d 20 74 72 61 6e 73 6c 61 74 69 6f 6e 20 70 6f 72 74 60 2e 00 49 66 20 67 75 61 72 61	.[n].translation.port`..If.guara
3ad20	6e 74 65 65 64 20 74 72 61 66 66 69 63 20 66 6f 72 20 61 20 63 6c 61 73 73 20 69 73 20 6d 65 74	nteed.traffic.for.a.class.is.met
3ad40	20 61 6e 64 20 74 68 65 72 65 20 69 73 20 72 6f 6f 6d 20 66 6f 72 20 6d 6f 72 65 20 74 72 61 66	.and.there.is.room.for.more.traf
3ad60	66 69 63 2c 20 74 68 65 20 63 65 69 6c 69 6e 67 20 70 61 72 61 6d 65 74 65 72 20 63 61 6e 20 62	fic,.the.ceiling.parameter.can.b
3ad80	65 20 75 73 65 64 20 74 6f 20 73 65 74 20 68 6f 77 20 6d 75 63 68 20 6d 6f 72 65 20 62 61 6e 64	e.used.to.set.how.much.more.band
3ada0	77 69 64 74 68 20 63 6f 75 6c 64 20 62 65 20 75 73 65 64 2e 20 49 66 20 67 75 61 72 61 6e 74 65	width.could.be.used..If.guarante
3adc0	65 64 20 74 72 61 66 66 69 63 20 69 73 20 6d 65 74 20 61 6e 64 20 74 68 65 72 65 20 61 72 65 20	ed.traffic.is.met.and.there.are.
3ade0	73 65 76 65 72 61 6c 20 63 6c 61 73 73 65 73 20 77 69 6c 6c 69 6e 67 20 74 6f 20 75 73 65 20 74	several.classes.willing.to.use.t
3ae00	68 65 69 72 20 63 65 69 6c 69 6e 67 73 2c 20 74 68 65 20 70 72 69 6f 72 69 74 79 20 70 61 72 61	heir.ceilings,.the.priority.para
3ae20	6d 65 74 65 72 20 77 69 6c 6c 20 65 73 74 61 62 6c 69 73 68 20 74 68 65 20 6f 72 64 65 72 20 69	meter.will.establish.the.order.i
3ae40	6e 20 77 68 69 63 68 20 74 68 61 74 20 61 64 64 69 74 69 6f 6e 61 6c 20 74 72 61 66 66 69 63 20	n.which.that.additional.traffic.
3ae60	77 69 6c 6c 20 62 65 20 61 6c 6c 6f 63 61 74 65 64 2e 20 50 72 69 6f 72 69 74 79 20 63 61 6e 20	will.be.allocated..Priority.can.
3ae80	62 65 20 61 6e 79 20 6e 75 6d 62 65 72 20 66 72 6f 6d 20 30 20 74 6f 20 37 2e 20 54 68 65 20 6c	be.any.number.from.0.to.7..The.l
3aea0	6f 77 65 72 20 74 68 65 20 6e 75 6d 62 65 72 2c 20 74 68 65 20 68 69 67 68 65 72 20 74 68 65 20	ower.the.number,.the.higher.the.
3aec0	70 72 69 6f 72 69 74 79 2e 00 49 66 20 69 74 27 73 20 76 69 74 61 6c 20 74 68 61 74 20 74 68 65	priority..If.it's.vital.that.the
3aee0	20 64 61 65 6d 6f 6e 20 73 68 6f 75 6c 64 20 61 63 74 20 65 78 61 63 74 6c 79 20 6c 69 6b 65 20	.daemon.should.act.exactly.like.
3af00	61 20 72 65 61 6c 20 6d 75 6c 74 69 63 61 73 74 20 63 6c 69 65 6e 74 20 6f 6e 20 74 68 65 20 75	a.real.multicast.client.on.the.u
3af20	70 73 74 72 65 61 6d 20 69 6e 74 65 72 66 61 63 65 2c 20 74 68 69 73 20 66 75 6e 63 74 69 6f 6e	pstream.interface,.this.function
3af40	20 73 68 6f 75 6c 64 20 62 65 20 65 6e 61 62 6c 65 64 2e 00 49 66 20 6b 6e 6f 77 6e 2c 20 74 68	.should.be.enabled..If.known,.th
3af60	65 20 49 50 20 6f 66 20 74 68 65 20 72 65 6d 6f 74 65 20 72 6f 75 74 65 72 20 63 61 6e 20 62 65	e.IP.of.the.remote.router.can.be
3af80	20 63 6f 6e 66 69 67 75 72 65 64 20 75 73 69 6e 67 20 74 68 65 20 60 60 72 65 6d 6f 74 65 2d 68	.configured.using.the.``remote-h
3afa0	6f 73 74 60 60 20 64 69 72 65 63 74 69 76 65 3b 20 69 66 20 75 6e 6b 6e 6f 77 6e 2c 20 69 74 20	ost``.directive;.if.unknown,.it.
3afc0	63 61 6e 20 62 65 20 6f 6d 69 74 74 65 64 2e 20 57 65 20 77 69 6c 6c 20 61 73 73 75 6d 65 20 61	can.be.omitted..We.will.assume.a
3afe0	20 64 79 6e 61 6d 69 63 20 49 50 20 66 6f 72 20 6f 75 72 20 72 65 6d 6f 74 65 20 72 6f 75 74 65	.dynamic.IP.for.our.remote.route
3b000	72 2e 00 49 66 20 6c 6f 67 67 69 6e 67 20 74 6f 20 61 20 6c 6f 63 61 6c 20 75 73 65 72 20 61 63	r..If.logging.to.a.local.user.ac
3b020	63 6f 75 6e 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 2c 20 61 6c 6c 20 64 65 66 69 6e 65 64	count.is.configured,.all.defined
3b040	20 6c 6f 67 20 6d 65 73 73 61 67 65 73 20 61 72 65 20 64 69 73 70 6c 61 79 20 6f 6e 20 74 68 65	.log.messages.are.display.on.the
3b060	20 63 6f 6e 73 6f 6c 65 20 69 66 20 74 68 65 20 6c 6f 63 61 6c 20 75 73 65 72 20 69 73 20 6c 6f	.console.if.the.local.user.is.lo
3b080	67 67 65 64 20 69 6e 2c 20 69 66 20 74 68 65 20 75 73 65 72 20 69 73 20 6e 6f 74 20 6c 6f 67 67	gged.in,.if.the.user.is.not.logg
3b0a0	65 64 20 69 6e 2c 20 6e 6f 20 6d 65 73 73 61 67 65 73 20 61 72 65 20 62 65 69 6e 67 20 64 69 73	ed.in,.no.messages.are.being.dis
3b0c0	70 6c 61 79 65 64 2e 20 46 6f 72 20 61 6e 20 65 78 70 6c 61 6e 61 74 69 6f 6e 20 6f 6e 20 3a 72	played..For.an.explanation.on.:r
3b0e0	65 66 3a 60 73 79 73 6c 6f 67 5f 66 61 63 69 6c 69 74 69 65 73 60 20 6b 65 79 77 6f 72 64 73 20	ef:`syslog_facilities`.keywords.
3b100	61 6e 64 20 3a 72 65 66 3a 60 73 79 73 6c 6f 67 5f 73 65 76 65 72 69 74 79 5f 6c 65 76 65 6c 60	and.:ref:`syslog_severity_level`
3b120	20 6b 65 79 77 6f 72 64 73 20 73 65 65 20 74 61 62 6c 65 73 20 62 65 6c 6f 77 2e 00 49 66 20 6d	.keywords.see.tables.below..If.m
3b140	61 6b 69 6e 67 20 75 73 65 20 6f 66 20 6d 75 6c 74 69 70 6c 65 20 74 75 6e 6e 65 6c 73 2c 20 4f	aking.use.of.multiple.tunnels,.O
3b160	70 65 6e 56 50 4e 20 6d 75 73 74 20 68 61 76 65 20 61 20 77 61 79 20 74 6f 20 64 69 73 74 69 6e	penVPN.must.have.a.way.to.distin
3b180	67 75 69 73 68 20 62 65 74 77 65 65 6e 20 64 69 66 66 65 72 65 6e 74 20 74 75 6e 6e 65 6c 73 20	guish.between.different.tunnels.
3b1a0	61 73 69 64 65 20 66 72 6f 6d 20 74 68 65 20 70 72 65 2d 73 68 61 72 65 64 2d 6b 65 79 2e 20 54	aside.from.the.pre-shared-key..T
3b1c0	68 69 73 20 69 73 20 65 69 74 68 65 72 20 62 79 20 72 65 66 65 72 65 6e 63 69 6e 67 20 49 50 20	his.is.either.by.referencing.IP.
3b1e0	61 64 64 72 65 73 73 20 6f 72 20 70 6f 72 74 20 6e 75 6d 62 65 72 2e 20 4f 6e 65 20 6f 70 74 69	address.or.port.number..One.opti
3b200	6f 6e 20 69 73 20 74 6f 20 64 65 64 69 63 61 74 65 20 61 20 70 75 62 6c 69 63 20 49 50 20 74 6f	on.is.to.dedicate.a.public.IP.to
3b220	20 65 61 63 68 20 74 75 6e 6e 65 6c 2e 20 41 6e 6f 74 68 65 72 20 6f 70 74 69 6f 6e 20 69 73 20	.each.tunnel..Another.option.is.
3b240	74 6f 20 64 65 64 69 63 61 74 65 20 61 20 70 6f 72 74 20 6e 75 6d 62 65 72 20 74 6f 20 65 61 63	to.dedicate.a.port.number.to.eac
3b260	68 20 74 75 6e 6e 65 6c 20 28 65 2e 67 2e 20 31 31 39 35 2c 31 31 39 36 2c 31 31 39 37 2e 2e 2e	h.tunnel.(e.g..1195,1196,1197...
3b280	29 2e 00 49 66 20 6d 75 6c 74 69 2d 70 61 74 68 69 6e 67 20 69 73 20 65 6e 61 62 6c 65 64 2c 20	)..If.multi-pathing.is.enabled,.
3b2a0	74 68 65 6e 20 63 68 65 63 6b 20 77 68 65 74 68 65 72 20 74 68 65 20 72 6f 75 74 65 73 20 6e 6f	then.check.whether.the.routes.no
3b2c0	74 20 79 65 74 20 64 69 73 74 69 6e 67 75 69 73 68 65 64 20 69 6e 20 70 72 65 66 65 72 65 6e 63	t.yet.distinguished.in.preferenc
3b2e0	65 20 6d 61 79 20 62 65 20 63 6f 6e 73 69 64 65 72 65 64 20 65 71 75 61 6c 2e 20 49 66 20 3a 63	e.may.be.considered.equal..If.:c
3b300	66 67 63 6d 64 3a 60 62 67 70 20 62 65 73 74 70 61 74 68 20 61 73 2d 70 61 74 68 20 6d 75 6c 74	fgcmd:`bgp.bestpath.as-path.mult
3b320	69 70 61 74 68 2d 72 65 6c 61 78 60 20 69 73 20 73 65 74 2c 20 61 6c 6c 20 73 75 63 68 20 72 6f	ipath-relax`.is.set,.all.such.ro
3b340	75 74 65 73 20 61 72 65 20 63 6f 6e 73 69 64 65 72 65 64 20 65 71 75 61 6c 2c 20 6f 74 68 65 72	utes.are.considered.equal,.other
3b360	77 69 73 65 20 72 6f 75 74 65 73 20 72 65 63 65 69 76 65 64 20 76 69 61 20 69 42 47 50 20 77 69	wise.routes.received.via.iBGP.wi
3b380	74 68 20 69 64 65 6e 74 69 63 61 6c 20 41 53 5f 50 41 54 48 73 20 6f 72 20 72 6f 75 74 65 73 20	th.identical.AS_PATHs.or.routes.
3b3a0	72 65 63 65 69 76 65 64 20 66 72 6f 6d 20 65 42 47 50 20 6e 65 69 67 68 62 6f 75 72 73 20 69 6e	received.from.eBGP.neighbours.in
3b3c0	20 74 68 65 20 73 61 6d 65 20 41 53 20 61 72 65 20 63 6f 6e 73 69 64 65 72 65 64 20 65 71 75 61	.the.same.AS.are.considered.equa
3b3e0	6c 2e 00 49 66 20 6e 6f 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 74 6f 20 61 6e 20 52 50 4b 49 20 63	l..If.no.connection.to.an.RPKI.c
3b400	61 63 68 65 20 73 65 72 76 65 72 20 63 61 6e 20 62 65 20 65 73 74 61 62 6c 69 73 68 65 64 20 61	ache.server.can.be.established.a
3b420	66 74 65 72 20 61 20 70 72 65 2d 64 65 66 69 6e 65 64 20 74 69 6d 65 6f 75 74 2c 20 74 68 65 20	fter.a.pre-defined.timeout,.the.
3b440	72 6f 75 74 65 72 20 77 69 6c 6c 20 70 72 6f 63 65 73 73 20 72 6f 75 74 65 73 20 77 69 74 68 6f	router.will.process.routes.witho
3b460	75 74 20 70 72 65 66 69 78 20 6f 72 69 67 69 6e 20 76 61 6c 69 64 61 74 69 6f 6e 2e 20 49 74 20	ut.prefix.origin.validation..It.
3b480	73 74 69 6c 6c 20 77 69 6c 6c 20 74 72 79 20 74 6f 20 65 73 74 61 62 6c 69 73 68 20 61 20 63 6f	still.will.try.to.establish.a.co
3b4a0	6e 6e 65 63 74 69 6f 6e 20 74 6f 20 61 6e 20 52 50 4b 49 20 63 61 63 68 65 20 73 65 72 76 65 72	nnection.to.an.RPKI.cache.server
3b4c0	20 69 6e 20 74 68 65 20 62 61 63 6b 67 72 6f 75 6e 64 2e 00 49 66 20 6e 6f 20 64 65 73 74 69 6e	.in.the.background..If.no.destin
3b4e0	61 74 69 6f 6e 20 69 73 20 73 70 65 63 69 66 69 65 64 20 74 68 65 20 72 75 6c 65 20 77 69 6c 6c	ation.is.specified.the.rule.will
3b500	20 6d 61 74 63 68 20 6f 6e 20 61 6e 79 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 61 64 64 72 65 73	.match.on.any.destination.addres
3b520	73 20 61 6e 64 20 70 6f 72 74 2e 00 49 66 20 6e 6f 20 69 70 20 70 72 65 66 69 78 20 6c 69 73 74	s.and.port..If.no.ip.prefix.list
3b540	20 69 73 20 73 70 65 63 69 66 69 65 64 2c 20 69 74 20 61 63 74 73 20 61 73 20 70 65 72 6d 69 74	.is.specified,.it.acts.as.permit
3b560	2e 20 49 66 20 69 70 20 70 72 65 66 69 78 20 6c 69 73 74 20 69 73 20 64 65 66 69 6e 65 64 2c 20	..If.ip.prefix.list.is.defined,.
3b580	61 6e 64 20 6e 6f 20 6d 61 74 63 68 20 69 73 20 66 6f 75 6e 64 2c 20 64 65 66 61 75 6c 74 20 64	and.no.match.is.found,.default.d
3b5a0	65 6e 79 20 69 73 20 61 70 70 6c 69 65 64 2e 00 49 66 20 6e 6f 20 6f 70 74 69 6f 6e 20 69 73 20	eny.is.applied..If.no.option.is.
3b5c0	73 70 65 63 69 66 69 65 64 2c 20 74 68 69 73 20 64 65 66 61 75 6c 74 73 20 74 6f 20 60 61 6c 6c	specified,.this.defaults.to.`all
3b5e0	60 2e 00 49 66 20 6e 6f 74 20 73 65 74 20 28 64 65 66 61 75 6c 74 29 20 61 6c 6c 6f 77 73 20 79	`..If.not.set.(default).allows.y
3b600	6f 75 20 74 6f 20 68 61 76 65 20 6d 75 6c 74 69 70 6c 65 20 6e 65 74 77 6f 72 6b 20 69 6e 74 65	ou.to.have.multiple.network.inte
3b620	72 66 61 63 65 73 20 6f 6e 20 74 68 65 20 73 61 6d 65 20 73 75 62 6e 65 74 2c 20 61 6e 64 20 68	rfaces.on.the.same.subnet,.and.h
3b640	61 76 65 20 74 68 65 20 41 52 50 73 20 66 6f 72 20 65 61 63 68 20 69 6e 74 65 72 66 61 63 65 20	ave.the.ARPs.for.each.interface.
3b660	62 65 20 61 6e 73 77 65 72 65 64 20 62 61 73 65 64 20 6f 6e 20 77 68 65 74 68 65 72 20 6f 72 20	be.answered.based.on.whether.or.
3b680	6e 6f 74 20 74 68 65 20 6b 65 72 6e 65 6c 20 77 6f 75 6c 64 20 72 6f 75 74 65 20 61 20 70 61 63	not.the.kernel.would.route.a.pac
3b6a0	6b 65 74 20 66 72 6f 6d 20 74 68 65 20 41 52 50 27 64 20 49 50 20 6f 75 74 20 74 68 61 74 20 69	ket.from.the.ARP'd.IP.out.that.i
3b6c0	6e 74 65 72 66 61 63 65 20 28 74 68 65 72 65 66 6f 72 65 20 79 6f 75 20 6d 75 73 74 20 75 73 65	nterface.(therefore.you.must.use
3b6e0	20 73 6f 75 72 63 65 20 62 61 73 65 64 20 72 6f 75 74 69 6e 67 20 66 6f 72 20 74 68 69 73 20 74	.source.based.routing.for.this.t
3b700	6f 20 77 6f 72 6b 29 2e 00 49 66 20 73 65 74 20 74 68 65 20 6b 65 72 6e 65 6c 20 63 61 6e 20 72	o.work)..If.set.the.kernel.can.r
3b720	65 73 70 6f 6e 64 20 74 6f 20 61 72 70 20 72 65 71 75 65 73 74 73 20 77 69 74 68 20 61 64 64 72	espond.to.arp.requests.with.addr
3b740	65 73 73 65 73 20 66 72 6f 6d 20 6f 74 68 65 72 20 69 6e 74 65 72 66 61 63 65 73 2e 20 54 68 69	esses.from.other.interfaces..Thi
3b760	73 20 6d 61 79 20 73 65 65 6d 20 77 72 6f 6e 67 20 62 75 74 20 69 74 20 75 73 75 61 6c 6c 79 20	s.may.seem.wrong.but.it.usually.
3b780	6d 61 6b 65 73 20 73 65 6e 73 65 2c 20 62 65 63 61 75 73 65 20 69 74 20 69 6e 63 72 65 61 73 65	makes.sense,.because.it.increase
3b7a0	73 20 74 68 65 20 63 68 61 6e 63 65 20 6f 66 20 73 75 63 63 65 73 73 66 75 6c 20 63 6f 6d 6d 75	s.the.chance.of.successful.commu
3b7c0	6e 69 63 61 74 69 6f 6e 2e 20 49 50 20 61 64 64 72 65 73 73 65 73 20 61 72 65 20 6f 77 6e 65 64	nication..IP.addresses.are.owned
3b7e0	20 62 79 20 74 68 65 20 63 6f 6d 70 6c 65 74 65 20 68 6f 73 74 20 6f 6e 20 4c 69 6e 75 78 2c 20	.by.the.complete.host.on.Linux,.
3b800	6e 6f 74 20 62 79 20 70 61 72 74 69 63 75 6c 61 72 20 69 6e 74 65 72 66 61 63 65 73 2e 20 4f 6e	not.by.particular.interfaces..On
3b820	6c 79 20 66 6f 72 20 6d 6f 72 65 20 63 6f 6d 70 6c 65 78 20 73 65 74 75 70 73 20 6c 69 6b 65 20	ly.for.more.complex.setups.like.
3b840	6c 6f 61 64 2d 62 61 6c 61 6e 63 69 6e 67 2c 20 64 6f 65 73 20 74 68 69 73 20 62 65 68 61 76 69	load-balancing,.does.this.behavi
3b860	6f 75 72 20 63 61 75 73 65 20 70 72 6f 62 6c 65 6d 73 2e 00 49 66 20 73 65 74 2c 20 49 50 76 34	our.cause.problems..If.set,.IPv4
3b880	20 64 69 72 65 63 74 65 64 20 62 72 6f 61 64 63 61 73 74 20 66 6f 72 77 61 72 64 69 6e 67 20 77	.directed.broadcast.forwarding.w
3b8a0	69 6c 6c 20 62 65 20 63 6f 6d 70 6c 65 74 65 6c 79 20 64 69 73 61 62 6c 65 64 20 72 65 67 61 72	ill.be.completely.disabled.regar
3b8c0	64 6c 65 73 73 20 6f 66 20 77 68 65 74 68 65 72 20 70 65 72 2d 69 6e 74 65 72 66 61 63 65 20 64	dless.of.whether.per-interface.d
3b8e0	69 72 65 63 74 65 64 20 62 72 6f 61 64 63 61 73 74 20 66 6f 72 77 61 72 64 69 6e 67 20 69 73 20	irected.broadcast.forwarding.is.
3b900	65 6e 61 62 6c 65 64 20 6f 72 20 6e 6f 74 2e 00 49 66 20 73 75 66 66 69 78 20 69 73 20 6f 6d 69	enabled.or.not..If.suffix.is.omi
3b920	74 74 65 64 2c 20 6d 69 6e 75 74 65 73 20 61 72 65 20 69 6d 70 6c 69 65 64 2e 00 49 66 20 74 68	tted,.minutes.are.implied..If.th
3b940	65 20 3a 63 66 67 63 6d 64 3a 60 6e 6f 2d 70 72 65 70 65 6e 64 60 20 61 74 74 72 69 62 75 74 65	e.:cfgcmd:`no-prepend`.attribute
3b960	20 69 73 20 73 70 65 63 69 66 69 65 64 2c 20 74 68 65 6e 20 74 68 65 20 73 75 70 70 6c 69 65 64	.is.specified,.then.the.supplied
3b980	20 6c 6f 63 61 6c 2d 61 73 20 69 73 20 6e 6f 74 20 70 72 65 70 65 6e 64 65 64 20 74 6f 20 74 68	.local-as.is.not.prepended.to.th
3b9a0	65 20 72 65 63 65 69 76 65 64 20 41 53 5f 50 41 54 48 2e 00 49 66 20 74 68 65 20 3a 63 66 67 63	e.received.AS_PATH..If.the.:cfgc
3b9c0	6d 64 3a 60 72 65 70 6c 61 63 65 2d 61 73 60 20 61 74 74 72 69 62 75 74 65 20 69 73 20 73 70 65	md:`replace-as`.attribute.is.spe
3b9e0	63 69 66 69 65 64 2c 20 74 68 65 6e 20 6f 6e 6c 79 20 74 68 65 20 73 75 70 70 6c 69 65 64 20 6c	cified,.then.only.the.supplied.l
3ba00	6f 63 61 6c 2d 61 73 20 69 73 20 70 72 65 70 65 6e 64 65 64 20 74 6f 20 74 68 65 20 41 53 5f 50	ocal-as.is.prepended.to.the.AS_P
3ba20	41 54 48 20 77 68 65 6e 20 74 72 61 6e 73 6d 69 74 74 69 6e 67 20 6c 6f 63 61 6c 2d 72 6f 75 74	ATH.when.transmitting.local-rout
3ba40	65 20 75 70 64 61 74 65 73 20 74 6f 20 74 68 69 73 20 70 65 65 72 2e 00 49 66 20 74 68 65 20 41	e.updates.to.this.peer..If.the.A
3ba60	52 50 20 74 61 62 6c 65 20 61 6c 72 65 61 64 79 20 63 6f 6e 74 61 69 6e 73 20 74 68 65 20 49 50	RP.table.already.contains.the.IP
3ba80	20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 67 72 61 74 75 69 74 6f 75 73 20 61 72 70 20 66	.address.of.the.gratuitous.arp.f
3baa0	72 61 6d 65 2c 20 74 68 65 20 61 72 70 20 74 61 62 6c 65 20 77 69 6c 6c 20 62 65 20 75 70 64 61	rame,.the.arp.table.will.be.upda
3bac0	74 65 64 20 72 65 67 61 72 64 6c 65 73 73 20 69 66 20 74 68 69 73 20 73 65 74 74 69 6e 67 20 69	ted.regardless.if.this.setting.i
3bae0	73 20 6f 6e 20 6f 72 20 6f 66 66 2e 00 49 66 20 74 68 65 20 41 53 2d 50 61 74 68 20 66 6f 72 20	s.on.or.off..If.the.AS-Path.for.
3bb00	74 68 65 20 72 6f 75 74 65 20 68 61 73 20 61 20 70 72 69 76 61 74 65 20 41 53 4e 20 62 65 74 77	the.route.has.a.private.ASN.betw
3bb20	65 65 6e 20 70 75 62 6c 69 63 20 41 53 4e 73 2c 20 69 74 20 69 73 20 61 73 73 75 6d 65 64 20 74	een.public.ASNs,.it.is.assumed.t
3bb40	68 61 74 20 74 68 69 73 20 69 73 20 61 20 64 65 73 69 67 6e 20 63 68 6f 69 63 65 2c 20 61 6e 64	hat.this.is.a.design.choice,.and
3bb60	20 74 68 65 20 70 72 69 76 61 74 65 20 41 53 4e 20 69 73 20 6e 6f 74 20 72 65 6d 6f 76 65 64 2e	.the.private.ASN.is.not.removed.
3bb80	00 49 66 20 74 68 65 20 41 53 2d 50 61 74 68 20 66 6f 72 20 74 68 65 20 72 6f 75 74 65 20 68 61	.If.the.AS-Path.for.the.route.ha
3bba0	73 20 6f 6e 6c 79 20 70 72 69 76 61 74 65 20 41 53 4e 73 2c 20 74 68 65 20 70 72 69 76 61 74 65	s.only.private.ASNs,.the.private
3bbc0	20 41 53 4e 73 20 61 72 65 20 72 65 6d 6f 76 65 64 2e 00 49 66 20 74 68 65 20 49 50 20 70 72 65	.ASNs.are.removed..If.the.IP.pre
3bbe0	66 69 78 20 6d 61 73 6b 20 69 73 20 70 72 65 73 65 6e 74 2c 20 69 74 20 64 69 72 65 63 74 73 20	fix.mask.is.present,.it.directs.
3bc00	6f 70 65 6e 6e 68 72 70 20 74 6f 20 75 73 65 20 74 68 69 73 20 70 65 65 72 20 61 73 20 61 20 6e	opennhrp.to.use.this.peer.as.a.n
3bc20	65 78 74 20 68 6f 70 20 73 65 72 76 65 72 20 77 68 65 6e 20 73 65 6e 64 69 6e 67 20 52 65 73 6f	ext.hop.server.when.sending.Reso
3bc40	6c 75 74 69 6f 6e 20 52 65 71 75 65 73 74 73 20 6d 61 74 63 68 69 6e 67 20 74 68 69 73 20 73 75	lution.Requests.matching.this.su
3bc60	62 6e 65 74 2e 00 49 66 20 74 68 65 20 52 41 44 49 55 53 20 73 65 72 76 65 72 20 73 65 6e 64 73	bnet..If.the.RADIUS.server.sends
3bc80	20 74 68 65 20 61 74 74 72 69 62 75 74 65 20 60 60 46 72 61 6d 65 64 2d 49 50 2d 41 64 64 72 65	.the.attribute.``Framed-IP-Addre
3bca0	73 73 60 60 20 74 68 65 6e 20 74 68 69 73 20 49 50 20 61 64 64 72 65 73 73 20 77 69 6c 6c 20 62	ss``.then.this.IP.address.will.b
3bcc0	65 20 61 6c 6c 6f 63 61 74 65 64 20 74 6f 20 74 68 65 20 63 6c 69 65 6e 74 20 61 6e 64 20 74 68	e.allocated.to.the.client.and.th
3bce0	65 20 6f 70 74 69 6f 6e 20 69 70 2d 70 6f 6f 6c 20 77 69 74 68 69 6e 20 74 68 65 20 43 4c 49 20	e.option.ip-pool.within.the.CLI.
3bd00	63 6f 6e 66 69 67 20 69 73 20 62 65 69 6e 67 20 69 67 6e 6f 72 65 64 2e 00 49 66 20 74 68 65 20	config.is.being.ignored..If.the.
3bd20	52 41 44 49 55 53 20 73 65 72 76 65 72 20 75 73 65 73 20 74 68 65 20 61 74 74 72 69 62 75 74 65	RADIUS.server.uses.the.attribute
3bd40	20 60 60 4e 41 53 2d 50 6f 72 74 2d 49 64 60 60 2c 20 70 70 70 20 74 75 6e 6e 65 6c 73 20 77 69	.``NAS-Port-Id``,.ppp.tunnels.wi
3bd60	6c 6c 20 62 65 20 72 65 6e 61 6d 65 64 2e 00 49 66 20 74 68 65 20 61 76 65 72 61 67 65 20 71 75	ll.be.renamed..If.the.average.qu
3bd80	65 75 65 20 73 69 7a 65 20 69 73 20 6c 6f 77 65 72 20 74 68 61 6e 20 74 68 65 20 2a 2a 6d 69 6e	eue.size.is.lower.than.the.**min
3bda0	2d 74 68 72 65 73 68 6f 6c 64 2a 2a 2c 20 61 6e 20 61 72 72 69 76 69 6e 67 20 70 61 63 6b 65 74	-threshold**,.an.arriving.packet
3bdc0	20 77 69 6c 6c 20 62 65 20 70 6c 61 63 65 64 20 69 6e 20 74 68 65 20 71 75 65 75 65 2e 00 49 66	.will.be.placed.in.the.queue..If
3bde0	20 74 68 65 20 63 75 72 72 65 6e 74 20 71 75 65 75 65 20 73 69 7a 65 20 69 73 20 6c 61 72 67 65	.the.current.queue.size.is.large
3be00	72 20 74 68 61 6e 20 2a 2a 71 75 65 75 65 2d 6c 69 6d 69 74 2a 2a 2c 20 74 68 65 6e 20 70 61 63	r.than.**queue-limit**,.then.pac
3be20	6b 65 74 73 20 77 69 6c 6c 20 62 65 20 64 72 6f 70 70 65 64 2e 20 54 68 65 20 61 76 65 72 61 67	kets.will.be.dropped..The.averag
3be40	65 20 71 75 65 75 65 20 73 69 7a 65 20 64 65 70 65 6e 64 73 20 6f 6e 20 69 74 73 20 66 6f 72 6d	e.queue.size.depends.on.its.form
3be60	65 72 20 61 76 65 72 61 67 65 20 73 69 7a 65 20 61 6e 64 20 69 74 73 20 63 75 72 72 65 6e 74 20	er.average.size.and.its.current.
3be80	6f 6e 65 2e 00 49 66 20 74 68 65 20 70 72 6f 74 6f 63 6f 6c 20 69 73 20 49 50 76 36 20 74 68 65	one..If.the.protocol.is.IPv6.the
3bea0	6e 20 74 68 65 20 73 6f 75 72 63 65 20 61 6e 64 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 61 64 64	n.the.source.and.destination.add
3bec0	72 65 73 73 65 73 20 61 72 65 20 66 69 72 73 74 20 68 61 73 68 65 64 20 75 73 69 6e 67 20 69 70	resses.are.first.hashed.using.ip
3bee0	76 36 5f 61 64 64 72 5f 68 61 73 68 2e 00 49 66 20 74 68 65 20 73 74 61 74 69 63 61 6c 6c 79 20	v6_addr_hash..If.the.statically.
3bf00	6d 61 70 70 65 64 20 70 65 65 72 20 69 73 20 72 75 6e 6e 69 6e 67 20 43 69 73 63 6f 20 49 4f 53	mapped.peer.is.running.Cisco.IOS
3bf20	2c 20 73 70 65 63 69 66 79 20 74 68 65 20 63 69 73 63 6f 20 6b 65 79 77 6f 72 64 2e 20 49 74 20	,.specify.the.cisco.keyword..It.
3bf40	69 73 20 75 73 65 64 20 74 6f 20 66 69 78 20 73 74 61 74 69 63 61 6c 6c 79 20 74 68 65 20 52 65	is.used.to.fix.statically.the.Re
3bf60	67 69 73 74 72 61 74 69 6f 6e 20 52 65 71 75 65 73 74 20 49 44 20 73 6f 20 74 68 61 74 20 61 20	gistration.Request.ID.so.that.a.
3bf80	6d 61 74 63 68 69 6e 67 20 50 75 72 67 65 20 52 65 71 75 65 73 74 20 63 61 6e 20 62 65 20 73 65	matching.Purge.Request.can.be.se
3bfa0	6e 74 20 69 66 20 4e 42 4d 41 20 61 64 64 72 65 73 73 20 68 61 73 20 63 68 61 6e 67 65 64 2e 20	nt.if.NBMA.address.has.changed..
3bfc0	54 68 69 73 20 69 73 20 74 6f 20 77 6f 72 6b 20 61 72 6f 75 6e 64 20 62 72 6f 6b 65 6e 20 49 4f	This.is.to.work.around.broken.IO
3bfe0	53 20 77 68 69 63 68 20 72 65 71 75 69 72 65 73 20 50 75 72 67 65 20 52 65 71 75 65 73 74 20 49	S.which.requires.Purge.Request.I
3c000	44 20 74 6f 20 6d 61 74 63 68 20 74 68 65 20 6f 72 69 67 69 6e 61 6c 20 52 65 67 69 73 74 72 61	D.to.match.the.original.Registra
3c020	74 69 6f 6e 20 52 65 71 75 65 73 74 20 49 44 2e 00 49 66 20 74 68 65 20 73 79 73 74 65 6d 20 64	tion.Request.ID..If.the.system.d
3c040	65 74 65 63 74 73 20 61 6e 20 75 6e 63 6f 6e 66 69 67 75 72 65 64 20 77 69 72 65 6c 65 73 73 20	etects.an.unconfigured.wireless.
3c060	64 65 76 69 63 65 2c 20 69 74 20 77 69 6c 6c 20 62 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79	device,.it.will.be.automatically
3c080	20 61 64 64 65 64 20 74 68 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 74 72 65 65 2c 20 73	.added.the.configuration.tree,.s
3c0a0	70 65 63 69 66 79 69 6e 67 20 61 6e 79 20 64 65 74 65 63 74 65 64 20 73 65 74 74 69 6e 67 73 20	pecifying.any.detected.settings.
3c0c0	28 66 6f 72 20 65 78 61 6d 70 6c 65 2c 20 69 74 73 20 4d 41 43 20 61 64 64 72 65 73 73 29 20 61	(for.example,.its.MAC.address).a
3c0e0	6e 64 20 63 6f 6e 66 69 67 75 72 65 64 20 74 6f 20 72 75 6e 20 69 6e 20 6d 6f 6e 69 74 6f 72 20	nd.configured.to.run.in.monitor.
3c100	6d 6f 64 65 2e 00 49 66 20 74 68 65 20 74 61 62 6c 65 20 69 73 20 65 6d 70 74 79 20 61 6e 64 20	mode..If.the.table.is.empty.and.
3c120	79 6f 75 20 68 61 76 65 20 61 20 77 61 72 6e 69 6e 67 20 6d 65 73 73 61 67 65 2c 20 69 74 20 6d	you.have.a.warning.message,.it.m
3c140	65 61 6e 73 20 63 6f 6e 6e 74 72 61 63 6b 20 69 73 20 6e 6f 74 20 65 6e 61 62 6c 65 64 2e 20 54	eans.conntrack.is.not.enabled..T
3c160	6f 20 65 6e 61 62 6c 65 20 63 6f 6e 6e 74 72 61 63 6b 2c 20 6a 75 73 74 20 63 72 65 61 74 65 20	o.enable.conntrack,.just.create.
3c180	61 20 4e 41 54 20 6f 72 20 61 20 66 69 72 65 77 61 6c 6c 20 72 75 6c 65 2e 20 3a 63 66 67 63 6d	a.NAT.or.a.firewall.rule..:cfgcm
3c1a0	64 3a 60 73 65 74 20 66 69 72 65 77 61 6c 6c 20 73 74 61 74 65 2d 70 6f 6c 69 63 79 20 65 73 74	d:`set.firewall.state-policy.est
3c1c0	61 62 6c 69 73 68 65 64 20 61 63 74 69 6f 6e 20 61 63 63 65 70 74 60 00 49 66 20 74 68 65 72 65	ablished.action.accept`.If.there
3c1e0	20 61 72 65 20 6e 6f 20 66 72 65 65 20 61 64 64 72 65 73 73 65 73 20 62 75 74 20 74 68 65 72 65	.are.no.free.addresses.but.there
3c200	20 61 72 65 20 61 62 61 6e 64 6f 6e 65 64 20 49 50 20 61 64 64 72 65 73 73 65 73 2c 20 74 68 65	.are.abandoned.IP.addresses,.the
3c220	20 44 48 43 50 20 73 65 72 76 65 72 20 77 69 6c 6c 20 61 74 74 65 6d 70 74 20 74 6f 20 72 65 63	.DHCP.server.will.attempt.to.rec
3c240	6c 61 69 6d 20 61 6e 20 61 62 61 6e 64 6f 6e 65 64 20 49 50 20 61 64 64 72 65 73 73 20 72 65 67	laim.an.abandoned.IP.address.reg
3c260	61 72 64 6c 65 73 73 20 6f 66 20 74 68 65 20 76 61 6c 75 65 20 6f 66 20 61 62 61 6e 64 6f 6e 2d	ardless.of.the.value.of.abandon-
3c280	6c 65 61 73 65 2d 74 69 6d 65 2e 00 49 66 20 74 68 65 72 65 20 69 73 20 53 4e 41 54 20 72 75 6c	lease-time..If.there.is.SNAT.rul
3c2a0	65 73 20 6f 6e 20 65 74 68 31 2c 20 6e 65 65 64 20 74 6f 20 61 64 64 20 65 78 63 6c 75 64 65 20	es.on.eth1,.need.to.add.exclude.
3c2c0	72 75 6c 65 00 49 66 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 69 73 20 69 6e 76 6f 6b 65 64 20	rule.If.this.command.is.invoked.
3c2e0	66 72 6f 6d 20 63 6f 6e 66 69 67 75 72 65 20 6d 6f 64 65 20 77 69 74 68 20 74 68 65 20 60 60 72	from.configure.mode.with.the.``r
3c300	75 6e 60 60 20 70 72 65 66 69 78 20 74 68 65 20 6b 65 79 20 69 73 20 61 75 74 6f 6d 61 74 69 63	un``.prefix.the.key.is.automatic
3c320	61 6c 6c 79 20 69 6e 73 74 61 6c 6c 65 64 20 74 6f 20 74 68 65 20 61 70 70 72 6f 70 72 69 61 74	ally.installed.to.the.appropriat
3c340	65 20 69 6e 74 65 72 66 61 63 65 3a 00 49 66 20 74 68 69 73 20 69 73 20 73 65 74 20 74 68 65 20	e.interface:.If.this.is.set.the.
3c360	72 65 6c 61 79 20 61 67 65 6e 74 20 77 69 6c 6c 20 69 6e 73 65 72 74 20 74 68 65 20 69 6e 74 65	relay.agent.will.insert.the.inte
3c380	72 66 61 63 65 20 49 44 2e 20 54 68 69 73 20 6f 70 74 69 6f 6e 20 69 73 20 73 65 74 20 61 75 74	rface.ID..This.option.is.set.aut
3c3a0	6f 6d 61 74 69 63 61 6c 6c 79 20 69 66 20 6d 6f 72 65 20 74 68 61 6e 20 6f 6e 65 20 6c 69 73 74	omatically.if.more.than.one.list
3c3c0	65 6e 69 6e 67 20 69 6e 74 65 72 66 61 63 65 73 20 61 72 65 20 69 6e 20 75 73 65 2e 00 49 66 20	ening.interfaces.are.in.use..If.
3c3e0	74 68 69 73 20 6f 70 74 69 6f 6e 20 69 73 20 65 6e 61 62 6c 65 64 2c 20 74 68 65 6e 20 74 68 65	this.option.is.enabled,.then.the
3c400	20 61 6c 72 65 61 64 79 2d 73 65 6c 65 63 74 65 64 20 63 68 65 63 6b 2c 20 77 68 65 72 65 20 61	.already-selected.check,.where.a
3c420	6c 72 65 61 64 79 20 73 65 6c 65 63 74 65 64 20 65 42 47 50 20 72 6f 75 74 65 73 20 61 72 65 20	lready.selected.eBGP.routes.are.
3c440	70 72 65 66 65 72 72 65 64 2c 20 69 73 20 73 6b 69 70 70 65 64 2e 00 49 66 20 74 68 69 73 20 6f	preferred,.is.skipped..If.this.o
3c460	70 74 69 6f 6e 20 69 73 20 73 70 65 63 69 66 69 65 64 20 61 6e 64 20 69 73 20 67 72 65 61 74 65	ption.is.specified.and.is.greate
3c480	72 20 74 68 61 6e 20 30 2c 20 74 68 65 6e 20 74 68 65 20 50 50 50 20 6d 6f 64 75 6c 65 20 77 69	r.than.0,.then.the.PPP.module.wi
3c4a0	6c 6c 20 73 65 6e 64 20 4c 43 50 20 70 69 6e 67 73 20 6f 66 20 74 68 65 20 65 63 68 6f 20 72 65	ll.send.LCP.pings.of.the.echo.re
3c4c0	71 75 65 73 74 20 65 76 65 72 79 20 60 3c 69 6e 74 65 72 76 61 6c 3e 60 20 73 65 63 6f 6e 64 73	quest.every.`<interval>`.seconds
3c4e0	2e 00 49 66 20 74 68 69 73 20 6f 70 74 69 6f 6e 20 69 73 20 75 6e 73 65 74 20 28 64 65 66 61 75	..If.this.option.is.unset.(defau
3c500	6c 74 29 2c 20 69 6e 63 6f 6d 69 6e 67 20 49 50 20 64 69 72 65 63 74 65 64 20 62 72 6f 61 64 63	lt),.incoming.IP.directed.broadc
3c520	61 73 74 20 70 61 63 6b 65 74 73 20 77 69 6c 6c 20 6e 6f 74 20 62 65 20 66 6f 72 77 61 72 64 65	ast.packets.will.not.be.forwarde
3c540	64 2e 00 49 66 20 74 68 69 73 20 6f 70 74 69 6f 6e 20 69 73 20 75 6e 73 65 74 20 28 64 65 66 61	d..If.this.option.is.unset.(defa
3c560	75 6c 74 29 2c 20 72 65 70 6c 79 20 66 6f 72 20 61 6e 79 20 6c 6f 63 61 6c 20 74 61 72 67 65 74	ult),.reply.for.any.local.target
3c580	20 49 50 20 61 64 64 72 65 73 73 2c 20 63 6f 6e 66 69 67 75 72 65 64 20 6f 6e 20 61 6e 79 20 69	.IP.address,.configured.on.any.i
3c5a0	6e 74 65 72 66 61 63 65 2e 00 49 66 20 74 68 69 73 20 70 61 72 61 6d 65 74 65 72 20 69 73 20 6e	nterface..If.this.parameter.is.n
3c5c0	6f 74 20 73 65 74 20 6f 72 20 30 2c 20 61 6e 20 6f 6e 2d 64 65 6d 61 6e 64 20 6c 69 6e 6b 20 77	ot.set.or.0,.an.on-demand.link.w
3c5e0	69 6c 6c 20 6e 6f 74 20 62 65 20 74 61 6b 65 6e 20 64 6f 77 6e 20 77 68 65 6e 20 69 74 20 69 73	ill.not.be.taken.down.when.it.is
3c600	20 69 64 6c 65 20 61 6e 64 20 61 66 74 65 72 20 74 68 65 20 69 6e 69 74 69 61 6c 20 65 73 74 61	.idle.and.after.the.initial.esta
3c620	62 6c 69 73 68 6d 65 6e 74 20 6f 66 20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 2e 20 49 74 20	blishment.of.the.connection..It.
3c640	77 69 6c 6c 20 73 74 61 79 20 75 70 20 66 6f 72 65 76 65 72 2e 00 49 66 20 74 68 69 73 20 70 61	will.stay.up.forever..If.this.pa
3c660	72 61 6d 65 74 65 72 20 69 73 20 6e 6f 74 20 73 65 74 2c 20 74 68 65 20 64 65 66 61 75 6c 74 20	rameter.is.not.set,.the.default.
3c680	68 6f 6c 64 6f 66 66 20 74 69 6d 65 20 69 73 20 33 30 20 73 65 63 6f 6e 64 73 2e 00 49 66 20 75	holdoff.time.is.30.seconds..If.u
3c6a0	6e 73 65 74 2c 20 69 6e 63 6f 6d 69 6e 67 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 74 6f 20 74 68	nset,.incoming.connections.to.th
3c6c0	65 20 52 41 44 49 55 53 20 73 65 72 76 65 72 20 77 69 6c 6c 20 75 73 65 20 74 68 65 20 6e 65 61	e.RADIUS.server.will.use.the.nea
3c6e0	72 65 73 74 20 69 6e 74 65 72 66 61 63 65 20 61 64 64 72 65 73 73 20 70 6f 69 6e 74 69 6e 67 20	rest.interface.address.pointing.
3c700	74 6f 77 61 72 64 73 20 74 68 65 20 73 65 72 76 65 72 20 2d 20 6d 61 6b 69 6e 67 20 69 74 20 65	towards.the.server.-.making.it.e
3c720	72 72 6f 72 20 70 72 6f 6e 65 20 6f 6e 20 65 2e 67 2e 20 4f 53 50 46 20 6e 65 74 77 6f 72 6b 73	rror.prone.on.e.g..OSPF.networks
3c740	20 77 68 65 6e 20 61 20 6c 69 6e 6b 20 66 61 69 6c 73 20 61 6e 64 20 61 20 62 61 63 6b 75 70 20	.when.a.link.fails.and.a.backup.
3c760	72 6f 75 74 65 20 69 73 20 74 61 6b 65 6e 2e 00 49 66 20 75 6e 73 65 74 2c 20 69 6e 63 6f 6d 69	route.is.taken..If.unset,.incomi
3c780	6e 67 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 74 6f 20 74 68 65 20 54 41 43 41 43 53 20 73 65 72	ng.connections.to.the.TACACS.ser
3c7a0	76 65 72 20 77 69 6c 6c 20 75 73 65 20 74 68 65 20 6e 65 61 72 65 73 74 20 69 6e 74 65 72 66 61	ver.will.use.the.nearest.interfa
3c7c0	63 65 20 61 64 64 72 65 73 73 20 70 6f 69 6e 74 69 6e 67 20 74 6f 77 61 72 64 73 20 74 68 65 20	ce.address.pointing.towards.the.
3c7e0	73 65 72 76 65 72 20 2d 20 6d 61 6b 69 6e 67 20 69 74 20 65 72 72 6f 72 20 70 72 6f 6e 65 20 6f	server.-.making.it.error.prone.o
3c800	6e 20 65 2e 67 2e 20 4f 53 50 46 20 6e 65 74 77 6f 72 6b 73 20 77 68 65 6e 20 61 20 6c 69 6e 6b	n.e.g..OSPF.networks.when.a.link
3c820	20 66 61 69 6c 73 20 61 6e 64 20 61 20 62 61 63 6b 75 70 20 72 6f 75 74 65 20 69 73 20 74 61 6b	.fails.and.a.backup.route.is.tak
3c840	65 6e 2e 00 49 66 20 79 6f 75 20 61 70 70 6c 79 20 61 20 70 61 72 61 6d 65 74 65 72 20 74 6f 20	en..If.you.apply.a.parameter.to.
3c860	61 6e 20 69 6e 64 69 76 69 64 75 61 6c 20 6e 65 69 67 68 62 6f 72 20 49 50 20 61 64 64 72 65 73	an.individual.neighbor.IP.addres
3c880	73 2c 20 79 6f 75 20 6f 76 65 72 72 69 64 65 20 74 68 65 20 61 63 74 69 6f 6e 20 64 65 66 69 6e	s,.you.override.the.action.defin
3c8a0	65 64 20 66 6f 72 20 61 20 70 65 65 72 20 67 72 6f 75 70 20 74 68 61 74 20 69 6e 63 6c 75 64 65	ed.for.a.peer.group.that.include
3c8c0	73 20 74 68 61 74 20 49 50 20 61 64 64 72 65 73 73 2e 00 49 66 20 79 6f 75 20 61 72 65 20 61 20	s.that.IP.address..If.you.are.a.
3c8e0	68 61 63 6b 65 72 20 6f 72 20 77 61 6e 74 20 74 6f 20 74 72 79 20 6f 6e 20 79 6f 75 72 20 6f 77	hacker.or.want.to.try.on.your.ow
3c900	6e 20 77 65 20 73 75 70 70 6f 72 74 20 70 61 73 73 69 6e 67 20 72 61 77 20 4f 70 65 6e 56 50 4e	n.we.support.passing.raw.OpenVPN
3c920	20 6f 70 74 69 6f 6e 73 20 74 6f 20 4f 70 65 6e 56 50 4e 2e 00 49 66 20 79 6f 75 20 61 72 65 20	.options.to.OpenVPN..If.you.are.
3c940	63 6f 6e 66 69 67 75 72 69 6e 67 20 61 20 56 52 46 20 66 6f 72 20 6d 61 6e 61 67 65 6d 65 6e 74	configuring.a.VRF.for.management
3c960	20 70 75 72 70 6f 73 65 73 2c 20 74 68 65 72 65 20 69 73 20 63 75 72 72 65 6e 74 6c 79 20 6e 6f	.purposes,.there.is.currently.no
3c980	20 77 61 79 20 74 6f 20 66 6f 72 63 65 20 73 79 73 74 65 6d 20 44 4e 53 20 74 72 61 66 66 69 63	.way.to.force.system.DNS.traffic
3c9a0	20 76 69 61 20 61 20 73 70 65 63 69 66 69 63 20 56 52 46 2e 00 49 66 20 79 6f 75 20 61 72 65 20	.via.a.specific.VRF..If.you.are.
3c9c0	6e 65 77 20 74 6f 20 74 68 65 73 65 20 72 6f 75 74 69 6e 67 20 73 65 63 75 72 69 74 79 20 74 65	new.to.these.routing.security.te
3c9e0	63 68 6e 6f 6c 6f 67 69 65 73 20 74 68 65 6e 20 74 68 65 72 65 20 69 73 20 61 6e 20 60 65 78 63	chnologies.then.there.is.an.`exc
3ca00	65 6c 6c 65 6e 74 20 67 75 69 64 65 20 74 6f 20 52 50 4b 49 60 5f 20 62 79 20 4e 4c 6e 65 74 20	ellent.guide.to.RPKI`_.by.NLnet.
3ca20	4c 61 62 73 20 77 68 69 63 68 20 77 69 6c 6c 20 67 65 74 20 79 6f 75 20 75 70 20 74 6f 20 73 70	Labs.which.will.get.you.up.to.sp
3ca40	65 65 64 20 76 65 72 79 20 71 75 69 63 6b 6c 79 2e 20 54 68 65 69 72 20 64 6f 63 75 6d 65 6e 74	eed.very.quickly..Their.document
3ca60	61 74 69 6f 6e 20 65 78 70 6c 61 69 6e 73 20 65 76 65 72 79 74 68 69 6e 67 20 66 72 6f 6d 20 77	ation.explains.everything.from.w
3ca80	68 61 74 20 52 50 4b 49 20 69 73 20 74 6f 20 64 65 70 6c 6f 79 69 6e 67 20 69 74 20 69 6e 20 70	hat.RPKI.is.to.deploying.it.in.p
3caa0	72 6f 64 75 63 74 69 6f 6e 2e 20 49 74 20 61 6c 73 6f 20 68 61 73 20 73 6f 6d 65 20 60 68 65 6c	roduction..It.also.has.some.`hel
3cac0	70 20 61 6e 64 20 6f 70 65 72 61 74 69 6f 6e 61 6c 20 67 75 69 64 61 6e 63 65 60 5f 20 69 6e 63	p.and.operational.guidance`_.inc
3cae0	6c 75 64 69 6e 67 20 22 57 68 61 74 20 63 61 6e 20 49 20 64 6f 20 61 62 6f 75 74 20 6d 79 20 72	luding."What.can.I.do.about.my.r
3cb00	6f 75 74 65 20 68 61 76 69 6e 67 20 61 6e 20 49 6e 76 61 6c 69 64 20 73 74 61 74 65 3f 22 00 49	oute.having.an.Invalid.state?".I
3cb20	66 20 79 6f 75 20 61 72 65 20 72 65 73 70 6f 6e 73 69 62 6c 65 20 66 6f 72 20 74 68 65 20 67 6c	f.you.are.responsible.for.the.gl
3cb40	6f 62 61 6c 20 61 64 64 72 65 73 73 65 73 20 61 73 73 69 67 6e 65 64 20 74 6f 20 79 6f 75 72 20	obal.addresses.assigned.to.your.
3cb60	6e 65 74 77 6f 72 6b 2c 20 70 6c 65 61 73 65 20 6d 61 6b 65 20 73 75 72 65 20 74 68 61 74 20 79	network,.please.make.sure.that.y
3cb80	6f 75 72 20 70 72 65 66 69 78 65 73 20 68 61 76 65 20 52 4f 41 73 20 61 73 73 6f 63 69 61 74 65	our.prefixes.have.ROAs.associate
3cba0	64 20 77 69 74 68 20 74 68 65 6d 20 74 6f 20 61 76 6f 69 64 20 62 65 69 6e 67 20 60 6e 6f 74 66	d.with.them.to.avoid.being.`notf
3cbc0	6f 75 6e 64 60 20 62 79 20 52 50 4b 49 2e 20 46 6f 72 20 6d 6f 73 74 20 41 53 4e 73 20 74 68 69	ound`.by.RPKI..For.most.ASNs.thi
3cbe0	73 20 77 69 6c 6c 20 69 6e 76 6f 6c 76 65 20 70 75 62 6c 69 73 68 69 6e 67 20 52 4f 41 73 20 76	s.will.involve.publishing.ROAs.v
3cc00	69 61 20 79 6f 75 72 20 3a 61 62 62 72 3a 60 52 49 52 20 28 52 65 67 69 6f 6e 61 6c 20 49 6e 74	ia.your.:abbr:`RIR.(Regional.Int
3cc20	65 72 6e 65 74 20 52 65 67 69 73 74 72 79 29 60 20 28 52 49 50 45 20 4e 43 43 2c 20 41 50 4e 49	ernet.Registry)`.(RIPE.NCC,.APNI
3cc40	43 2c 20 41 52 49 4e 2c 20 4c 41 43 4e 49 43 20 6f 72 20 41 46 52 49 4e 49 43 29 2c 20 61 6e 64	C,.ARIN,.LACNIC.or.AFRINIC),.and
3cc60	20 69 73 20 73 6f 6d 65 74 68 69 6e 67 20 79 6f 75 20 61 72 65 20 65 6e 63 6f 75 72 61 67 65 64	.is.something.you.are.encouraged
3cc80	20 74 6f 20 64 6f 20 77 68 65 6e 65 76 65 72 20 79 6f 75 20 70 6c 61 6e 20 74 6f 20 61 6e 6e 6f	.to.do.whenever.you.plan.to.anno
3cca0	75 6e 63 65 20 61 64 64 72 65 73 73 65 73 20 69 6e 74 6f 20 74 68 65 20 44 46 5a 2e 00 49 66 20	unce.addresses.into.the.DFZ..If.
3ccc0	79 6f 75 20 61 72 65 20 75 73 69 6e 67 20 46 51 2d 43 6f 44 65 6c 20 65 6d 62 65 64 64 65 64 20	you.are.using.FQ-CoDel.embedded.
3cce0	69 6e 74 6f 20 53 68 61 70 65 72 5f 20 61 6e 64 20 79 6f 75 20 68 61 76 65 20 6c 61 72 67 65 20	into.Shaper_.and.you.have.large.
3cd00	72 61 74 65 73 20 28 31 30 30 4d 62 69 74 20 61 6e 64 20 61 62 6f 76 65 29 2c 20 79 6f 75 20 6d	rates.(100Mbit.and.above),.you.m
3cd20	61 79 20 63 6f 6e 73 69 64 65 72 20 69 6e 63 72 65 61 73 69 6e 67 20 60 71 75 61 6e 74 75 6d 60	ay.consider.increasing.`quantum`
3cd40	20 74 6f 20 38 30 30 30 20 6f 72 20 68 69 67 68 65 72 20 73 6f 20 74 68 61 74 20 74 68 65 20 73	.to.8000.or.higher.so.that.the.s
3cd60	63 68 65 64 75 6c 65 72 20 73 61 76 65 73 20 43 50 55 2e 00 49 66 20 79 6f 75 20 61 72 65 20 75	cheduler.saves.CPU..If.you.are.u
3cd80	73 69 6e 67 20 4f 53 50 46 20 61 73 20 49 47 50 2c 20 61 6c 77 61 79 73 20 74 68 65 20 63 6c 6f	sing.OSPF.as.IGP,.always.the.clo
3cda0	73 65 73 74 20 69 6e 74 65 72 66 61 63 65 20 63 6f 6e 6e 65 63 74 65 64 20 74 6f 20 74 68 65 20	sest.interface.connected.to.the.
3cdc0	52 41 44 49 55 53 20 73 65 72 76 65 72 20 69 73 20 75 73 65 64 2e 20 57 69 74 68 20 56 79 4f 53	RADIUS.server.is.used..With.VyOS
3cde0	20 31 2e 32 20 79 6f 75 20 63 61 6e 20 62 69 6e 64 20 61 6c 6c 20 6f 75 74 67 6f 69 6e 67 20 52	.1.2.you.can.bind.all.outgoing.R
3ce00	41 44 49 55 53 20 72 65 71 75 65 73 74 73 20 74 6f 20 61 20 73 69 6e 67 6c 65 20 73 6f 75 72 63	ADIUS.requests.to.a.single.sourc
3ce20	65 20 49 50 20 65 2e 67 2e 20 74 68 65 20 6c 6f 6f 70 62 61 63 6b 20 69 6e 74 65 72 66 61 63 65	e.IP.e.g..the.loopback.interface
3ce40	2e 00 49 66 20 79 6f 75 20 63 68 61 6e 67 65 20 74 68 65 20 64 65 66 61 75 6c 74 20 65 6e 63 72	..If.you.change.the.default.encr
3ce60	79 70 74 69 6f 6e 20 61 6e 64 20 68 61 73 68 69 6e 67 20 61 6c 67 6f 72 69 74 68 6d 73 2c 20 62	yption.and.hashing.algorithms,.b
3ce80	65 20 73 75 72 65 20 74 68 61 74 20 74 68 65 20 6c 6f 63 61 6c 20 61 6e 64 20 72 65 6d 6f 74 65	e.sure.that.the.local.and.remote
3cea0	20 65 6e 64 73 20 68 61 76 65 20 6d 61 74 63 68 69 6e 67 20 63 6f 6e 66 69 67 75 72 61 74 69 6f	.ends.have.matching.configuratio
3cec0	6e 73 2c 20 6f 74 68 65 72 77 69 73 65 20 74 68 65 20 74 75 6e 6e 65 6c 20 77 69 6c 6c 20 6e 6f	ns,.otherwise.the.tunnel.will.no
3cee0	74 20 63 6f 6d 65 20 75 70 2e 00 49 66 20 79 6f 75 20 63 68 6f 6f 73 65 20 61 6e 79 20 61 73 20	t.come.up..If.you.choose.any.as.
3cf00	74 68 65 20 6f 70 74 69 6f 6e 20 74 68 61 74 20 77 69 6c 6c 20 63 61 75 73 65 20 61 6c 6c 20 70	the.option.that.will.cause.all.p
3cf20	72 6f 74 6f 63 6f 6c 73 20 74 68 61 74 20 61 72 65 20 73 65 6e 64 69 6e 67 20 72 6f 75 74 65 73	rotocols.that.are.sending.routes
3cf40	20 74 6f 20 7a 65 62 72 61 2e 00 49 66 20 79 6f 75 20 63 6f 6e 66 69 67 75 72 65 20 61 20 63 6c	.to.zebra..If.you.configure.a.cl
3cf60	61 73 73 20 66 6f 72 20 2a 2a 56 6f 49 50 20 74 72 61 66 66 69 63 2a 2a 2c 20 64 6f 6e 27 74 20	ass.for.**VoIP.traffic**,.don't.
3cf80	67 69 76 65 20 69 74 20 61 6e 79 20 2a 63 65 69 6c 69 6e 67 2a 2c 20 6f 74 68 65 72 77 69 73 65	give.it.any.*ceiling*,.otherwise
3cfa0	20 6e 65 77 20 56 6f 49 50 20 63 61 6c 6c 73 20 63 6f 75 6c 64 20 73 74 61 72 74 20 77 68 65 6e	.new.VoIP.calls.could.start.when
3cfc0	20 74 68 65 20 6c 69 6e 6b 20 69 73 20 61 76 61 69 6c 61 62 6c 65 20 61 6e 64 20 67 65 74 20 73	.the.link.is.available.and.get.s
3cfe0	75 64 64 65 6e 6c 79 20 64 72 6f 70 70 65 64 20 77 68 65 6e 20 6f 74 68 65 72 20 63 6c 61 73 73	uddenly.dropped.when.other.class
3d000	65 73 20 73 74 61 72 74 20 75 73 69 6e 67 20 74 68 65 69 72 20 61 73 73 69 67 6e 65 64 20 2a 62	es.start.using.their.assigned.*b
3d020	61 6e 64 77 69 64 74 68 2a 20 73 68 61 72 65 2e 00 49 66 20 79 6f 75 20 65 6e 61 62 6c 65 20 74	andwidth*.share..If.you.enable.t
3d040	68 69 73 2c 20 79 6f 75 20 77 69 6c 6c 20 70 72 6f 62 61 62 6c 79 20 77 61 6e 74 20 74 6f 20 73	his,.you.will.probably.want.to.s
3d060	65 74 20 64 69 76 65 72 73 69 74 79 2d 66 61 63 74 6f 72 20 61 6e 64 20 63 68 61 6e 6e 65 6c 20	et.diversity-factor.and.channel.
3d080	62 65 6c 6f 77 2e 00 49 66 20 79 6f 75 20 68 61 70 70 65 6e 20 74 6f 20 72 75 6e 20 74 68 69 73	below..If.you.happen.to.run.this
3d0a0	20 69 6e 20 61 20 76 69 72 74 75 61 6c 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 20 6c 69 6b 65 20 62	.in.a.virtual.environment.like.b
3d0c0	79 20 45 56 45 2d 4e 47 20 79 6f 75 20 6e 65 65 64 20 74 6f 20 65 6e 73 75 72 65 20 79 6f 75 72	y.EVE-NG.you.need.to.ensure.your
3d0e0	20 56 79 4f 53 20 4e 49 43 20 69 73 20 73 65 74 20 74 6f 20 75 73 65 20 74 68 65 20 65 31 30 30	.VyOS.NIC.is.set.to.use.the.e100
3d100	30 20 64 72 69 76 65 72 2e 20 55 73 69 6e 67 20 74 68 65 20 64 65 66 61 75 6c 74 20 60 60 76 69	0.driver..Using.the.default.``vi
3d120	72 74 69 6f 2d 6e 65 74 2d 70 63 69 60 60 20 6f 72 20 74 68 65 20 60 60 76 6d 78 6e 65 74 33 60	rtio-net-pci``.or.the.``vmxnet3`
3d140	60 20 64 72 69 76 65 72 20 77 69 6c 6c 20 6e 6f 74 20 77 6f 72 6b 2e 20 49 43 4d 50 20 6d 65 73	`.driver.will.not.work..ICMP.mes
3d160	73 61 67 65 73 20 77 69 6c 6c 20 6e 6f 74 20 62 65 20 70 72 6f 70 65 72 6c 79 20 70 72 6f 63 65	sages.will.not.be.properly.proce
3d180	73 73 65 64 2e 20 54 68 65 79 20 61 72 65 20 76 69 73 69 62 6c 65 20 6f 6e 20 74 68 65 20 76 69	ssed..They.are.visible.on.the.vi
3d1a0	72 74 75 61 6c 20 77 69 72 65 20 62 75 74 20 77 69 6c 6c 20 6e 6f 74 20 6d 61 6b 65 20 69 74 20	rtual.wire.but.will.not.make.it.
3d1c0	66 75 6c 6c 79 20 75 70 20 74 68 65 20 6e 65 74 77 6f 72 6b 69 6e 67 20 73 74 61 63 6b 2e 00 49	fully.up.the.networking.stack..I
3d1e0	66 20 79 6f 75 20 68 61 70 70 65 6e 20 74 6f 20 75 73 65 20 53 6f 6c 61 72 57 69 6e 64 73 20 4f	f.you.happen.to.use.SolarWinds.O
3d200	72 69 6f 6e 20 61 73 20 4e 4d 53 20 79 6f 75 20 63 61 6e 20 61 6c 73 6f 20 75 73 65 20 74 68 65	rion.as.NMS.you.can.also.use.the
3d220	20 44 65 76 69 63 65 20 54 65 6d 70 6c 61 74 65 73 20 4d 61 6e 61 67 65 6d 65 6e 74 2e 20 41 20	.Device.Templates.Management..A.
3d240	74 65 6d 70 6c 61 74 65 20 66 6f 72 20 56 79 4f 53 20 63 61 6e 20 62 65 20 65 61 73 69 6c 79 20	template.for.VyOS.can.be.easily.
3d260	69 6d 70 6f 72 74 65 64 2e 00 49 66 20 79 6f 75 20 68 61 70 70 65 6e 65 64 20 74 6f 20 75 73 65	imported..If.you.happened.to.use
3d280	20 61 20 43 69 73 63 6f 20 4e 4d 2d 31 36 41 20 2d 20 53 69 78 74 65 65 6e 20 50 6f 72 74 20 41	.a.Cisco.NM-16A.-.Sixteen.Port.A
3d2a0	73 79 6e 63 20 4e 65 74 77 6f 72 6b 20 4d 6f 64 75 6c 65 20 6f 72 20 4e 4d 2d 33 32 41 20 2d 20	sync.Network.Module.or.NM-32A.-.
3d2c0	54 68 69 72 74 79 2d 74 77 6f 20 50 6f 72 74 20 41 73 79 6e 63 20 4e 65 74 77 6f 72 6b 20 4d 6f	Thirty-two.Port.Async.Network.Mo
3d2e0	64 75 6c 65 20 2d 20 74 68 69 73 20 69 73 20 79 6f 75 72 20 56 79 4f 53 20 72 65 70 6c 61 63 65	dule.-.this.is.your.VyOS.replace
3d300	6d 65 6e 74 2e 00 49 66 20 79 6f 75 20 68 61 76 65 20 61 20 6c 6f 74 20 6f 66 20 69 6e 74 65 72	ment..If.you.have.a.lot.of.inter
3d320	66 61 63 65 73 2c 20 61 6e 64 2f 6f 72 20 61 20 6c 6f 74 20 6f 66 20 73 75 62 6e 65 74 73 2c 20	faces,.and/or.a.lot.of.subnets,.
3d340	74 68 65 6e 20 65 6e 61 62 6c 69 6e 67 20 4f 53 50 46 20 76 69 61 20 74 68 69 73 20 63 6f 6d 6d	then.enabling.OSPF.via.this.comm
3d360	61 6e 64 20 6d 61 79 20 72 65 73 75 6c 74 20 69 6e 20 61 20 73 6c 69 67 68 74 20 70 65 72 66 6f	and.may.result.in.a.slight.perfo
3d380	72 6d 61 6e 63 65 20 69 6d 70 72 6f 76 65 6d 65 6e 74 2e 00 49 66 20 79 6f 75 20 68 61 76 65 20	rmance.improvement..If.you.have.
3d3a0	63 6f 6e 66 69 67 75 72 65 64 20 74 68 65 20 60 49 4e 53 49 44 45 2d 4f 55 54 60 20 70 6f 6c 69	configured.the.`INSIDE-OUT`.poli
3d3c0	63 79 2c 20 79 6f 75 20 77 69 6c 6c 20 6e 65 65 64 20 74 6f 20 61 64 64 20 61 64 64 69 74 69 6f	cy,.you.will.need.to.add.additio
3d3e0	6e 61 6c 20 72 75 6c 65 73 20 74 6f 20 70 65 72 6d 69 74 20 69 6e 62 6f 75 6e 64 20 4e 41 54 20	nal.rules.to.permit.inbound.NAT.
3d400	74 72 61 66 66 69 63 2e 00 49 66 20 79 6f 75 20 6e 65 65 64 20 74 6f 20 73 61 6d 70 6c 65 20 61	traffic..If.you.need.to.sample.a
3d420	6c 73 6f 20 65 67 72 65 73 73 20 74 72 61 66 66 69 63 2c 20 79 6f 75 20 6d 61 79 20 77 61 6e 74	lso.egress.traffic,.you.may.want
3d440	20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 65 67 72 65 73 73 20 66 6c 6f 77 2d 61 63 63 6f 75 6e	.to.configure.egress.flow-accoun
3d460	74 69 6e 67 3a 00 49 66 20 79 6f 75 20 6f 6e 6c 79 20 77 61 6e 74 20 74 6f 20 63 68 65 63 6b 20	ting:.If.you.only.want.to.check.
3d480	69 66 20 74 68 65 20 75 73 65 72 20 61 63 63 6f 75 6e 74 20 69 73 20 65 6e 61 62 6c 65 64 20 61	if.the.user.account.is.enabled.a
3d4a0	6e 64 20 63 61 6e 20 61 75 74 68 65 6e 74 69 63 61 74 65 20 28 61 67 61 69 6e 73 74 20 74 68 65	nd.can.authenticate.(against.the
3d4c0	20 70 72 69 6d 61 72 79 20 67 72 6f 75 70 29 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 73 6e	.primary.group).the.following.sn
3d4e0	69 70 70 65 64 20 69 73 20 73 75 66 66 69 63 69 65 6e 74 3a 00 49 66 20 79 6f 75 20 73 65 74 20	ipped.is.sufficient:.If.you.set.
3d500	61 20 63 75 73 74 6f 6d 20 52 41 44 49 55 53 20 61 74 74 72 69 62 75 74 65 20 79 6f 75 20 6d 75	a.custom.RADIUS.attribute.you.mu
3d520	73 74 20 64 65 66 69 6e 65 20 69 74 20 6f 6e 20 62 6f 74 68 20 64 69 63 74 69 6f 6e 61 72 69 65	st.define.it.on.both.dictionarie
3d540	73 20 61 74 20 52 41 44 49 55 53 20 73 65 72 76 65 72 20 61 6e 64 20 63 6c 69 65 6e 74 2c 20 77	s.at.RADIUS.server.and.client,.w
3d560	68 69 63 68 20 69 73 20 74 68 65 20 76 79 6f 73 20 72 6f 75 74 65 72 20 69 6e 20 6f 75 72 20 65	hich.is.the.vyos.router.in.our.e
3d580	78 61 6d 70 6c 65 2e 00 49 66 20 79 6f 75 20 75 73 65 20 55 53 42 20 74 6f 20 73 65 72 69 61 6c	xample..If.you.use.USB.to.serial
3d5a0	20 63 6f 6e 76 65 72 74 65 72 73 20 66 6f 72 20 63 6f 6e 6e 65 63 74 69 6e 67 20 74 6f 20 79 6f	.converters.for.connecting.to.yo
3d5c0	75 72 20 56 79 4f 53 20 61 70 70 6c 69 61 6e 63 65 20 70 6c 65 61 73 65 20 6e 6f 74 65 20 74 68	ur.VyOS.appliance.please.note.th
3d5e0	61 74 20 6d 6f 73 74 20 6f 66 20 74 68 65 6d 20 75 73 65 20 73 6f 66 74 77 61 72 65 20 65 6d 75	at.most.of.them.use.software.emu
3d600	6c 61 74 69 6f 6e 20 77 69 74 68 6f 75 74 20 66 6c 6f 77 20 63 6f 6e 74 72 6f 6c 2e 20 54 68 69	lation.without.flow.control..Thi
3d620	73 20 6d 65 61 6e 73 20 79 6f 75 20 73 68 6f 75 6c 64 20 73 74 61 72 74 20 77 69 74 68 20 61 20	s.means.you.should.start.with.a.
3d640	63 6f 6d 6d 6f 6e 20 62 61 75 64 20 72 61 74 65 20 28 6d 6f 73 74 20 6c 69 6b 65 6c 79 20 39 36	common.baud.rate.(most.likely.96
3d660	30 30 20 62 61 75 64 29 20 61 73 20 6f 74 68 65 72 77 69 73 65 20 79 6f 75 20 70 72 6f 62 61 62	00.baud).as.otherwise.you.probab
3d680	6c 79 20 63 61 6e 20 6e 6f 74 20 63 6f 6e 6e 65 63 74 20 74 6f 20 74 68 65 20 64 65 76 69 63 65	ly.can.not.connect.to.the.device
3d6a0	20 75 73 69 6e 67 20 68 69 67 68 20 73 70 65 65 64 20 62 61 75 64 20 72 61 74 65 73 20 61 73 20	.using.high.speed.baud.rates.as.
3d6c0	79 6f 75 72 20 73 65 72 69 61 6c 20 63 6f 6e 76 65 72 74 65 72 20 73 69 6d 70 6c 79 20 63 61 6e	your.serial.converter.simply.can
3d6e0	20 6e 6f 74 20 70 72 6f 63 65 73 73 20 74 68 69 73 20 64 61 74 61 20 72 61 74 65 2e 00 49 66 20	.not.process.this.data.rate..If.
3d700	79 6f 75 20 77 61 6e 74 20 74 6f 20 63 68 61 6e 67 65 20 74 68 65 20 6d 61 78 69 6d 75 6d 20 6e	you.want.to.change.the.maximum.n
3d720	75 6d 62 65 72 20 6f 66 20 66 6c 6f 77 73 2c 20 77 68 69 63 68 20 61 72 65 20 74 72 61 63 6b 69	umber.of.flows,.which.are.tracki
3d740	6e 67 20 73 69 6d 75 6c 74 61 6e 65 6f 75 73 6c 79 2c 20 79 6f 75 20 6d 61 79 20 64 6f 20 74 68	ng.simultaneously,.you.may.do.th
3d760	69 73 20 77 69 74 68 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 28 64 65 66 61 75 6c 74 20 38 31	is.with.this.command.(default.81
3d780	39 32 29 2e 00 49 66 20 79 6f 75 20 77 61 6e 74 20 74 6f 20 64 69 73 61 62 6c 65 20 61 20 72 75	92)..If.you.want.to.disable.a.ru
3d7a0	6c 65 20 62 75 74 20 6c 65 74 20 69 74 20 69 6e 20 74 68 65 20 63 6f 6e 66 69 67 75 72 61 74 69	le.but.let.it.in.the.configurati
3d7c0	6f 6e 2e 00 49 66 20 79 6f 75 20 77 61 6e 74 20 74 6f 20 68 61 76 65 20 61 64 6d 69 6e 20 75 73	on..If.you.want.to.have.admin.us
3d7e0	65 72 73 20 74 6f 20 61 75 74 68 65 6e 74 69 63 61 74 65 20 76 69 61 20 52 41 44 49 55 53 20 69	ers.to.authenticate.via.RADIUS.i
3d800	74 20 69 73 20 65 73 73 65 6e 74 69 61 6c 20 74 6f 20 73 65 6e 74 20 74 68 65 20 60 60 43 69 73	t.is.essential.to.sent.the.``Cis
3d820	63 6f 2d 41 56 2d 50 61 69 72 20 73 68 65 6c 6c 3a 70 72 69 76 2d 6c 76 6c 3d 31 35 60 60 20 61	co-AV-Pair.shell:priv-lvl=15``.a
3d840	74 74 72 69 62 75 74 65 2e 20 57 69 74 68 6f 75 74 20 74 68 65 20 61 74 74 72 69 62 75 74 65 20	ttribute..Without.the.attribute.
3d860	79 6f 75 20 77 69 6c 6c 20 6f 6e 6c 79 20 67 65 74 20 72 65 67 75 6c 61 72 2c 20 6e 6f 6e 20 70	you.will.only.get.regular,.non.p
3d880	72 69 76 69 6c 65 67 75 65 64 2c 20 73 79 73 74 65 6d 20 75 73 65 72 73 2e 00 49 66 20 79 6f 75	rivilegued,.system.users..If.you
3d8a0	20 77 61 6e 74 20 74 6f 20 75 73 65 20 65 78 69 73 74 69 6e 67 20 62 6c 61 63 6b 6c 69 73 74 73	.want.to.use.existing.blacklists
3d8c0	20 79 6f 75 20 68 61 76 65 20 74 6f 20 63 72 65 61 74 65 2f 64 6f 77 6e 6c 6f 61 64 20 61 20 64	.you.have.to.create/download.a.d
3d8e0	61 74 61 62 61 73 65 20 66 69 72 73 74 2e 20 4f 74 68 65 72 77 69 73 65 20 79 6f 75 20 77 69 6c	atabase.first..Otherwise.you.wil
3d900	6c 20 6e 6f 74 20 62 65 20 61 62 6c 65 20 74 6f 20 63 6f 6d 6d 69 74 20 74 68 65 20 63 6f 6e 66	l.not.be.able.to.commit.the.conf
3d920	69 67 20 63 68 61 6e 67 65 73 2e 00 49 66 20 79 6f 75 20 77 61 6e 74 20 79 6f 75 72 20 72 6f 75	ig.changes..If.you.want.your.rou
3d940	74 65 72 20 74 6f 20 66 6f 72 77 61 72 64 20 44 48 43 50 20 72 65 71 75 65 73 74 73 20 74 6f 20	ter.to.forward.DHCP.requests.to.
3d960	61 6e 20 65 78 74 65 72 6e 61 6c 20 44 48 43 50 20 73 65 72 76 65 72 20 79 6f 75 20 63 61 6e 20	an.external.DHCP.server.you.can.
3d980	63 6f 6e 66 69 67 75 72 65 20 74 68 65 20 73 79 73 74 65 6d 20 74 6f 20 61 63 74 20 61 73 20 61	configure.the.system.to.act.as.a
3d9a0	20 44 48 43 50 20 72 65 6c 61 79 20 61 67 65 6e 74 2e 20 54 68 65 20 44 48 43 50 20 72 65 6c 61	.DHCP.relay.agent..The.DHCP.rela
3d9c0	79 20 61 67 65 6e 74 20 77 6f 72 6b 73 20 77 69 74 68 20 49 50 76 34 20 61 6e 64 20 49 50 76 36	y.agent.works.with.IPv4.and.IPv6
3d9e0	20 61 64 64 72 65 73 73 65 73 2e 00 49 66 20 79 6f 75 27 76 65 20 63 6f 6d 70 6c 65 74 65 64 20	.addresses..If.you've.completed.
3da00	61 6c 6c 20 74 68 65 20 61 62 6f 76 65 20 73 74 65 70 73 20 79 6f 75 20 6e 6f 20 64 6f 75 62 74	all.the.above.steps.you.no.doubt
3da20	20 77 61 6e 74 20 74 6f 20 73 65 65 20 69 66 20 69 74 27 73 20 61 6c 6c 20 77 6f 72 6b 69 6e 67	.want.to.see.if.it's.all.working
3da40	2e 00 49 67 6e 6f 72 65 20 41 53 5f 50 41 54 48 20 6c 65 6e 67 74 68 20 77 68 65 6e 20 73 65 6c	..Ignore.AS_PATH.length.when.sel
3da60	65 63 74 69 6e 67 20 61 20 72 6f 75 74 65 00 49 67 6e 6f 72 65 20 56 52 52 50 20 6d 61 69 6e 20	ecting.a.route.Ignore.VRRP.main.
3da80	69 6e 74 65 72 66 61 63 65 20 66 61 75 6c 74 73 00 49 6d 61 67 65 20 74 68 61 6e 6b 66 75 6c 6c	interface.faults.Image.thankfull
3daa0	79 20 62 6f 72 72 6f 77 65 64 20 66 72 6f 6d 20 68 74 74 70 73 3a 2f 2f 65 6e 2e 77 69 6b 69 70	y.borrowed.from.https://en.wikip
3dac0	65 64 69 61 2e 6f 72 67 2f 77 69 6b 69 2f 46 69 6c 65 3a 53 4e 4d 50 5f 63 6f 6d 6d 75 6e 69 63	edia.org/wiki/File:SNMP_communic
3dae0	61 74 69 6f 6e 5f 70 72 69 6e 63 69 70 6c 65 73 5f 64 69 61 67 72 61 6d 2e 50 4e 47 20 77 68 69	ation_principles_diagram.PNG.whi
3db00	63 68 20 69 73 20 75 6e 64 65 72 20 74 68 65 20 47 4e 55 20 46 72 65 65 20 44 6f 63 75 6d 65 6e	ch.is.under.the.GNU.Free.Documen
3db20	74 61 74 69 6f 6e 20 4c 69 63 65 6e 73 65 00 49 6d 61 67 69 6e 65 20 74 68 65 20 66 6f 6c 6c 6f	tation.License.Imagine.the.follo
3db40	77 69 6e 67 20 74 6f 70 6f 6c 6f 67 79 00 49 6d 6d 65 64 69 61 74 65 00 49 6d 70 6f 72 74 65 64	wing.topology.Immediate.Imported
3db60	20 70 72 65 66 69 78 65 73 20 64 75 72 69 6e 67 20 74 68 65 20 76 61 6c 69 64 61 74 69 6f 6e 20	.prefixes.during.the.validation.
3db80	6d 61 79 20 68 61 76 65 20 76 61 6c 75 65 73 3a 00 49 6e 20 3a 72 66 63 3a 60 33 30 36 39 60 20	may.have.values:.In.:rfc:`3069`.
3dba0	69 74 20 69 73 20 63 61 6c 6c 65 64 20 56 4c 41 4e 20 41 67 67 72 65 67 61 74 69 6f 6e 00 49 6e	it.is.called.VLAN.Aggregation.In
3dbc0	20 3a 76 79 74 61 73 6b 3a 60 54 32 31 39 39 60 20 74 68 65 20 73 79 6e 74 61 78 20 6f 66 20 74	.:vytask:`T2199`.the.syntax.of.t
3dbe0	68 65 20 7a 6f 6e 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 77 61 73 20 63 68 61 6e 67 65	he.zone.configuration.was.change
3dc00	64 2e 20 54 68 65 20 7a 6f 6e 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6d 6f 76 65 64 20	d..The.zone.configuration.moved.
3dc20	66 72 6f 6d 20 60 60 7a 6f 6e 65 2d 70 6f 6c 69 63 79 20 7a 6f 6e 65 20 3c 6e 61 6d 65 3e 60 60	from.``zone-policy.zone.<name>``
3dc40	20 74 6f 20 60 60 66 69 72 65 77 61 6c 6c 20 7a 6f 6e 65 20 3c 6e 61 6d 65 3e 60 60 2e 00 49 6e	.to.``firewall.zone.<name>``..In
3dc60	20 49 6e 74 65 72 6e 65 74 20 50 72 6f 74 6f 63 6f 6c 20 56 65 72 73 69 6f 6e 20 36 20 28 49 50	.Internet.Protocol.Version.6.(IP
3dc80	76 36 29 20 6e 65 74 77 6f 72 6b 73 2c 20 74 68 65 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79 20	v6).networks,.the.functionality.
3dca0	6f 66 20 41 52 50 20 69 73 20 70 72 6f 76 69 64 65 64 20 62 79 20 74 68 65 20 4e 65 69 67 68 62	of.ARP.is.provided.by.the.Neighb
3dcc0	6f 72 20 44 69 73 63 6f 76 65 72 79 20 50 72 6f 74 6f 63 6f 6c 20 28 4e 44 50 29 2e 00 49 6e 20	or.Discovery.Protocol.(NDP)..In.
3dce0	50 72 69 6f 72 69 74 79 20 51 75 65 75 65 20 77 65 20 64 6f 20 6e 6f 74 20 64 65 66 69 6e 65 20	Priority.Queue.we.do.not.define.
3dd00	63 6c 61 73 65 73 20 77 69 74 68 20 61 20 6d 65 61 6e 69 6e 67 6c 65 73 73 20 63 6c 61 73 73 20	clases.with.a.meaningless.class.
3dd20	49 44 20 6e 75 6d 62 65 72 20 62 75 74 20 77 69 74 68 20 61 20 63 6c 61 73 73 20 70 72 69 6f 72	ID.number.but.with.a.class.prior
3dd40	69 74 79 20 6e 75 6d 62 65 72 20 28 31 2d 37 29 2e 20 54 68 65 20 6c 6f 77 65 72 20 74 68 65 20	ity.number.(1-7)..The.lower.the.
3dd60	6e 75 6d 62 65 72 2c 20 74 68 65 20 68 69 67 68 65 72 20 74 68 65 20 70 72 69 6f 72 69 74 79 2e	number,.the.higher.the.priority.
3dd80	00 49 6e 20 56 79 4f 53 20 74 68 65 20 74 65 72 6d 73 20 60 60 76 69 66 2d 73 60 60 20 61 6e 64	.In.VyOS.the.terms.``vif-s``.and
3dda0	20 60 60 76 69 66 2d 63 60 60 20 73 74 61 6e 64 20 66 6f 72 20 74 68 65 20 65 74 68 65 72 74 79	.``vif-c``.stand.for.the.etherty
3ddc0	70 65 20 74 61 67 73 20 74 68 61 74 20 61 72 65 20 75 73 65 64 2e 00 49 6e 20 56 79 4f 53 2c 20	pe.tags.that.are.used..In.VyOS,.
3dde0	45 53 50 20 61 74 74 72 69 62 75 74 65 73 20 61 72 65 20 73 70 65 63 69 66 69 65 64 20 74 68 72	ESP.attributes.are.specified.thr
3de00	6f 75 67 68 20 45 53 50 20 67 72 6f 75 70 73 2e 20 4d 75 6c 74 69 70 6c 65 20 70 72 6f 70 6f 73	ough.ESP.groups..Multiple.propos
3de20	61 6c 73 20 63 61 6e 20 62 65 20 73 70 65 63 69 66 69 65 64 20 69 6e 20 61 20 73 69 6e 67 6c 65	als.can.be.specified.in.a.single
3de40	20 67 72 6f 75 70 2e 00 49 6e 20 56 79 4f 53 2c 20 49 4b 45 20 61 74 74 72 69 62 75 74 65 73 20	.group..In.VyOS,.IKE.attributes.
3de60	61 72 65 20 73 70 65 63 69 66 69 65 64 20 74 68 72 6f 75 67 68 20 49 4b 45 20 67 72 6f 75 70 73	are.specified.through.IKE.groups
3de80	2e 20 4d 75 6c 74 69 70 6c 65 20 70 72 6f 70 6f 73 61 6c 73 20 63 61 6e 20 62 65 20 73 70 65 63	..Multiple.proposals.can.be.spec
3dea0	69 66 69 65 64 20 69 6e 20 61 20 73 69 6e 67 6c 65 20 67 72 6f 75 70 2e 00 49 6e 20 56 79 4f 53	ified.in.a.single.group..In.VyOS
3dec0	2c 20 61 20 63 6c 61 73 73 20 69 73 20 69 64 65 6e 74 69 66 69 65 64 20 62 79 20 61 20 6e 75 6d	,.a.class.is.identified.by.a.num
3dee0	62 65 72 20 79 6f 75 20 63 61 6e 20 63 68 6f 6f 73 65 20 77 68 65 6e 20 63 6f 6e 66 69 67 75 72	ber.you.can.choose.when.configur
3df00	69 6e 67 20 69 74 2e 00 49 6e 20 61 20 6d 69 6e 69 6d 61 6c 20 63 6f 6e 66 69 67 75 72 61 74 69	ing.it..In.a.minimal.configurati
3df20	6f 6e 2c 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 6d 75 73 74 20 62 65 20 70 72 6f 76 69 64	on,.the.following.must.be.provid
3df40	65 64 3a 00 49 6e 20 61 20 6d 75 6c 74 69 70 6c 65 20 56 4c 41 4e 20 68 65 61 64 65 72 20 63 6f	ed:.In.a.multiple.VLAN.header.co
3df60	6e 74 65 78 74 2c 20 6f 75 74 20 6f 66 20 63 6f 6e 76 65 6e 69 65 6e 63 65 20 74 68 65 20 74 65	ntext,.out.of.convenience.the.te
3df80	72 6d 20 22 56 4c 41 4e 20 74 61 67 22 20 6f 72 20 6a 75 73 74 20 22 74 61 67 22 20 66 6f 72 20	rm."VLAN.tag".or.just."tag".for.
3dfa0	73 68 6f 72 74 20 69 73 20 6f 66 74 65 6e 20 75 73 65 64 20 69 6e 20 70 6c 61 63 65 20 6f 66 20	short.is.often.used.in.place.of.
3dfc0	22 38 30 32 2e 31 71 5f 20 56 4c 41 4e 20 68 65 61 64 65 72 22 2e 20 51 69 6e 51 20 61 6c 6c 6f	"802.1q_.VLAN.header"..QinQ.allo
3dfe0	77 73 20 6d 75 6c 74 69 70 6c 65 20 56 4c 41 4e 20 74 61 67 73 20 69 6e 20 61 6e 20 45 74 68 65	ws.multiple.VLAN.tags.in.an.Ethe
3e000	72 6e 65 74 20 66 72 61 6d 65 3b 20 74 6f 67 65 74 68 65 72 20 74 68 65 73 65 20 74 61 67 73 20	rnet.frame;.together.these.tags.
3e020	63 6f 6e 73 74 69 74 75 74 65 20 61 20 74 61 67 20 73 74 61 63 6b 2e 20 57 68 65 6e 20 75 73 65	constitute.a.tag.stack..When.use
3e040	64 20 69 6e 20 74 68 65 20 63 6f 6e 74 65 78 74 20 6f 66 20 61 6e 20 45 74 68 65 72 6e 65 74 20	d.in.the.context.of.an.Ethernet.
3e060	66 72 61 6d 65 2c 20 61 20 51 69 6e 51 20 66 72 61 6d 65 20 69 73 20 61 20 66 72 61 6d 65 20 74	frame,.a.QinQ.frame.is.a.frame.t
3e080	68 61 74 20 68 61 73 20 32 20 56 4c 41 4e 20 38 30 32 2e 31 71 5f 20 68 65 61 64 65 72 73 20 28	hat.has.2.VLAN.802.1q_.headers.(
3e0a0	64 6f 75 62 6c 65 2d 74 61 67 67 65 64 29 2e 00 49 6e 20 61 20 6e 75 74 73 68 65 6c 6c 2c 20 74	double-tagged)..In.a.nutshell,.t
3e0c0	68 65 20 63 75 72 72 65 6e 74 20 69 6d 70 6c 65 6d 65 6e 74 61 74 69 6f 6e 20 70 72 6f 76 69 64	he.current.implementation.provid
3e0e0	65 73 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 66 65 61 74 75 72 65 73 3a 00 49 6e 20 61 64	es.the.following.features:.In.ad
3e100	64 69 74 69 6f 6e 20 74 6f 20 3a 61 62 62 72 3a 60 52 41 44 49 55 53 20 28 52 65 6d 6f 74 65 20	dition.to.:abbr:`RADIUS.(Remote.
3e120	41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 44 69 61 6c 2d 49 6e 20 55 73 65 72 20 53 65 72 76	Authentication.Dial-In.User.Serv
3e140	69 63 65 29 60 2c 20 3a 61 62 62 72 3a 60 54 41 43 41 43 53 20 28 54 65 72 6d 69 6e 61 6c 20 41	ice)`,.:abbr:`TACACS.(Terminal.A
3e160	63 63 65 73 73 20 43 6f 6e 74 72 6f 6c 6c 65 72 20 41 63 63 65 73 73 20 43 6f 6e 74 72 6f 6c 20	ccess.Controller.Access.Control.
3e180	53 79 73 74 65 6d 29 60 20 63 61 6e 20 61 6c 73 6f 20 62 65 20 66 6f 75 6e 64 20 69 6e 20 6c 61	System)`.can.also.be.found.in.la
3e1a0	72 67 65 20 64 65 70 6c 6f 79 6d 65 6e 74 73 2e 00 49 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 20	rge.deployments..In.addition.to.
3e1c0	64 69 73 70 6c 61 79 69 6e 67 20 66 6c 6f 77 20 61 63 63 6f 75 6e 74 69 6e 67 20 69 6e 66 6f 72	displaying.flow.accounting.infor
3e1e0	6d 61 74 69 6f 6e 20 6c 6f 63 61 6c 6c 79 2c 20 6f 6e 65 20 63 61 6e 20 61 6c 73 6f 20 65 78 70	mation.locally,.one.can.also.exp
3e200	6f 72 74 65 64 20 74 68 65 6d 20 74 6f 20 61 20 63 6f 6c 6c 65 63 74 69 6f 6e 20 73 65 72 76 65	orted.them.to.a.collection.serve
3e220	72 2e 00 49 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 20 74 68 65 20 63 6f 6d 6d 61 6e 64 20 61 62	r..In.addition.to.the.command.ab
3e240	6f 76 65 2c 20 74 68 65 20 6f 75 74 70 75 74 20 69 73 20 69 6e 20 61 20 66 6f 72 6d 61 74 20 77	ove,.the.output.is.in.a.format.w
3e260	68 69 63 68 20 63 61 6e 20 62 65 20 75 73 65 64 20 74 6f 20 64 69 72 65 63 74 6c 79 20 69 6d 70	hich.can.be.used.to.directly.imp
3e280	6f 72 74 20 74 68 65 20 6b 65 79 20 69 6e 74 6f 20 74 68 65 20 56 79 4f 53 20 43 4c 49 20 62 79	ort.the.key.into.the.VyOS.CLI.by
3e2a0	20 73 69 6d 70 6c 79 20 63 6f 70 79 2d 70 61 73 74 69 6e 67 20 74 68 65 20 6f 75 74 70 75 74 20	.simply.copy-pasting.the.output.
3e2c0	66 72 6f 6d 20 6f 70 2d 6d 6f 64 65 20 69 6e 74 6f 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20	from.op-mode.into.configuration.
3e2e0	6d 6f 64 65 2e 00 49 6e 20 61 64 64 69 74 69 6f 6e 20 79 6f 75 20 63 61 6e 20 61 6c 73 6f 20 64	mode..In.addition.you.can.also.d
3e300	69 73 61 62 6c 65 20 74 68 65 20 77 68 6f 6c 65 20 73 65 72 76 69 63 65 20 77 69 74 68 6f 75 74	isable.the.whole.service.without
3e320	20 74 68 65 20 6e 65 65 64 20 74 6f 20 72 65 6d 6f 76 65 20 69 74 20 66 72 6f 6d 20 74 68 65 20	.the.need.to.remove.it.from.the.
3e340	63 75 72 72 65 6e 74 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2e 00 49 6e 20 61 64 64 69 74 69	current.configuration..In.additi
3e360	6f 6e 20 79 6f 75 20 77 69 6c 6c 20 73 70 65 63 69 66 69 79 20 74 68 65 20 49 50 20 61 64 64 72	on.you.will.specifiy.the.IP.addr
3e380	65 73 73 20 6f 72 20 46 51 44 4e 20 66 6f 72 20 74 68 65 20 63 6c 69 65 6e 74 20 77 68 65 72 65	ess.or.FQDN.for.the.client.where
3e3a0	20 69 74 20 77 69 6c 6c 20 63 6f 6e 6e 65 63 74 20 74 6f 2e 20 54 68 65 20 61 64 64 72 65 73 73	.it.will.connect.to..The.address
3e3c0	20 70 61 72 61 6d 65 74 65 72 20 63 61 6e 20 62 65 20 75 73 65 64 20 75 70 20 74 6f 20 74 77 6f	.parameter.can.be.used.up.to.two
3e3e0	20 74 69 6d 65 73 20 61 6e 64 20 69 73 20 75 73 65 64 20 74 6f 20 61 73 73 69 67 6e 20 74 68 65	.times.and.is.used.to.assign.the
3e400	20 63 6c 69 65 6e 74 73 20 73 70 65 63 69 66 69 63 20 49 50 76 34 20 28 2f 33 32 29 20 6f 72 20	.clients.specific.IPv4.(/32).or.
3e420	49 50 76 36 20 28 2f 31 32 38 29 20 61 64 64 72 65 73 73 2e 00 49 6e 20 61 64 64 69 74 69 6f 6e	IPv6.(/128).address..In.addition
3e440	2c 20 79 6f 75 20 63 61 6e 20 73 70 65 63 69 66 79 20 6d 61 6e 79 20 6f 74 68 65 72 20 70 61 72	,.you.can.specify.many.other.par
3e460	61 6d 65 74 65 72 73 20 74 6f 20 67 65 74 20 42 47 50 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 3a 00	ameters.to.get.BGP.information:.
3e480	49 6e 20 61 6e 20 2a 2a 61 64 64 72 65 73 73 20 67 72 6f 75 70 2a 2a 20 61 20 73 69 6e 67 6c 65	In.an.**address.group**.a.single
3e4a0	20 49 50 20 61 64 64 72 65 73 73 20 6f 72 20 49 50 20 61 64 64 72 65 73 73 20 72 61 6e 67 65 73	.IP.address.or.IP.address.ranges
3e4c0	20 61 72 65 20 64 65 66 69 6e 65 64 2e 00 49 6e 20 63 61 73 65 20 6f 66 20 70 65 65 72 2d 70 65	.are.defined..In.case.of.peer-pe
3e4e0	65 72 20 72 65 6c 61 74 69 6f 6e 73 68 69 70 20 72 6f 75 74 65 73 20 63 61 6e 20 62 65 20 72 65	er.relationship.routes.can.be.re
3e500	63 65 69 76 65 64 20 6f 6e 6c 79 20 69 66 20 4f 54 43 20 76 61 6c 75 65 20 69 73 20 65 71 75 61	ceived.only.if.OTC.value.is.equa
3e520	6c 20 74 6f 20 79 6f 75 72 20 6e 65 69 67 68 62 6f 72 20 41 53 20 6e 75 6d 62 65 72 2e 00 49 6e	l.to.your.neighbor.AS.number..In
3e540	20 63 61 73 65 2c 20 69 66 20 79 6f 75 20 6e 65 65 64 20 74 6f 20 63 61 74 63 68 20 73 6f 6d 65	.case,.if.you.need.to.catch.some
3e560	20 6c 6f 67 73 20 66 72 6f 6d 20 66 6c 6f 77 2d 61 63 63 6f 75 6e 74 69 6e 67 20 64 61 65 6d 6f	.logs.from.flow-accounting.daemo
3e580	6e 2c 20 79 6f 75 20 6d 61 79 20 63 6f 6e 66 69 67 75 72 65 20 6c 6f 67 67 69 6e 67 20 66 61 63	n,.you.may.configure.logging.fac
3e5a0	69 6c 69 74 79 3a 00 49 6e 20 63 6f 6e 74 72 61 73 74 20 74 6f 20 73 69 6d 70 6c 65 20 52 45 44	ility:.In.contrast.to.simple.RED
3e5c0	2c 20 56 79 4f 53 27 20 52 61 6e 64 6f 6d 2d 44 65 74 65 63 74 20 75 73 65 73 20 61 20 47 65 6e	,.VyOS'.Random-Detect.uses.a.Gen
3e5e0	65 72 61 6c 69 7a 65 64 20 52 61 6e 64 6f 6d 20 45 61 72 6c 79 20 44 65 74 65 63 74 20 70 6f 6c	eralized.Random.Early.Detect.pol
3e600	69 63 79 20 74 68 61 74 20 70 72 6f 76 69 64 65 73 20 64 69 66 66 65 72 65 6e 74 20 76 69 72 74	icy.that.provides.different.virt
3e620	75 61 6c 20 71 75 65 75 65 73 20 62 61 73 65 64 20 6f 6e 20 74 68 65 20 49 50 20 50 72 65 63 65	ual.queues.based.on.the.IP.Prece
3e640	64 65 6e 63 65 20 76 61 6c 75 65 20 73 6f 20 74 68 61 74 20 73 6f 6d 65 20 76 69 72 74 75 61 6c	dence.value.so.that.some.virtual
3e660	20 71 75 65 75 65 73 20 63 61 6e 20 64 72 6f 70 20 6d 6f 72 65 20 70 61 63 6b 65 74 73 20 74 68	.queues.can.drop.more.packets.th
3e680	61 6e 20 6f 74 68 65 72 73 2e 00 49 6e 20 66 61 69 6c 6f 76 65 72 20 6d 6f 64 65 2c 20 6f 6e 65	an.others..In.failover.mode,.one
3e6a0	20 69 6e 74 65 72 66 61 63 65 20 69 73 20 73 65 74 20 74 6f 20 62 65 20 74 68 65 20 70 72 69 6d	.interface.is.set.to.be.the.prim
3e6c0	61 72 79 20 69 6e 74 65 72 66 61 63 65 20 61 6e 64 20 6f 74 68 65 72 20 69 6e 74 65 72 66 61 63	ary.interface.and.other.interfac
3e6e0	65 73 20 61 72 65 20 73 65 63 6f 6e 64 61 72 79 20 6f 72 20 73 70 61 72 65 2e 20 49 6e 73 74 65	es.are.secondary.or.spare..Inste
3e700	61 64 20 6f 66 20 62 61 6c 61 6e 63 69 6e 67 20 74 72 61 66 66 69 63 20 61 63 72 6f 73 73 20 61	ad.of.balancing.traffic.across.a
3e720	6c 6c 20 68 65 61 6c 74 68 79 20 69 6e 74 65 72 66 61 63 65 73 2c 20 6f 6e 6c 79 20 74 68 65 20	ll.healthy.interfaces,.only.the.
3e740	70 72 69 6d 61 72 79 20 69 6e 74 65 72 66 61 63 65 20 69 73 20 75 73 65 64 20 61 6e 64 20 69 6e	primary.interface.is.used.and.in
3e760	20 63 61 73 65 20 6f 66 20 66 61 69 6c 75 72 65 2c 20 61 20 73 65 63 6f 6e 64 61 72 79 20 69 6e	.case.of.failure,.a.secondary.in
3e780	74 65 72 66 61 63 65 20 73 65 6c 65 63 74 65 64 20 66 72 6f 6d 20 74 68 65 20 70 6f 6f 6c 20 6f	terface.selected.from.the.pool.o
3e7a0	66 20 61 76 61 69 6c 61 62 6c 65 20 69 6e 74 65 72 66 61 63 65 73 20 74 61 6b 65 73 20 6f 76 65	f.available.interfaces.takes.ove
3e7c0	72 2e 20 54 68 65 20 70 72 69 6d 61 72 79 20 69 6e 74 65 72 66 61 63 65 20 69 73 20 73 65 6c 65	r..The.primary.interface.is.sele
3e7e0	63 74 65 64 20 62 61 73 65 64 20 6f 6e 20 69 74 73 20 77 65 69 67 68 74 20 61 6e 64 20 68 65 61	cted.based.on.its.weight.and.hea
3e800	6c 74 68 2c 20 6f 74 68 65 72 73 20 62 65 63 6f 6d 65 20 73 65 63 6f 6e 64 61 72 79 20 69 6e 74	lth,.others.become.secondary.int
3e820	65 72 66 61 63 65 73 2e 20 53 65 63 6f 6e 64 61 72 79 20 69 6e 74 65 72 66 61 63 65 73 20 74 6f	erfaces..Secondary.interfaces.to
3e840	20 74 61 6b 65 20 6f 76 65 72 20 61 20 66 61 69 6c 65 64 20 70 72 69 6d 61 72 79 20 69 6e 74 65	.take.over.a.failed.primary.inte
3e860	72 66 61 63 65 20 61 72 65 20 63 68 6f 73 65 6e 20 66 72 6f 6d 20 74 68 65 20 6c 6f 61 64 20 62	rface.are.chosen.from.the.load.b
3e880	61 6c 61 6e 63 65 72 27 73 20 69 6e 74 65 72 66 61 63 65 20 70 6f 6f 6c 2c 20 64 65 70 65 6e 64	alancer's.interface.pool,.depend
3e8a0	69 6e 67 20 6f 6e 20 74 68 65 69 72 20 77 65 69 67 68 74 20 61 6e 64 20 68 65 61 6c 74 68 2e 20	ing.on.their.weight.and.health..
3e8c0	49 6e 74 65 72 66 61 63 65 20 72 6f 6c 65 73 20 63 61 6e 20 61 6c 73 6f 20 62 65 20 73 65 6c 65	Interface.roles.can.also.be.sele
3e8e0	63 74 65 64 20 62 61 73 65 64 20 6f 6e 20 72 75 6c 65 20 6f 72 64 65 72 20 62 79 20 69 6e 63 6c	cted.based.on.rule.order.by.incl
3e900	75 64 69 6e 67 20 69 6e 74 65 72 66 61 63 65 73 20 69 6e 20 62 61 6c 61 6e 63 69 6e 67 20 72 75	uding.interfaces.in.balancing.ru
3e920	6c 65 73 20 61 6e 64 20 6f 72 64 65 72 69 6e 67 20 74 68 6f 73 65 20 72 75 6c 65 73 20 61 63 63	les.and.ordering.those.rules.acc
3e940	6f 72 64 69 6e 67 6c 79 2e 20 54 6f 20 70 75 74 20 74 68 65 20 6c 6f 61 64 20 62 61 6c 61 6e 63	ordingly..To.put.the.load.balanc
3e960	65 72 20 69 6e 20 66 61 69 6c 6f 76 65 72 20 6d 6f 64 65 2c 20 63 72 65 61 74 65 20 61 20 66 61	er.in.failover.mode,.create.a.fa
3e980	69 6c 6f 76 65 72 20 72 75 6c 65 3a 00 49 6e 20 67 65 6e 65 72 61 6c 2c 20 4f 53 50 46 20 70 72	ilover.rule:.In.general,.OSPF.pr
3e9a0	6f 74 6f 63 6f 6c 20 72 65 71 75 69 72 65 73 20 61 20 62 61 63 6b 62 6f 6e 65 20 61 72 65 61 20	otocol.requires.a.backbone.area.
3e9c0	28 61 72 65 61 20 30 29 20 74 6f 20 62 65 20 63 6f 68 65 72 65 6e 74 20 61 6e 64 20 66 75 6c 6c	(area.0).to.be.coherent.and.full
3e9e0	79 20 63 6f 6e 6e 65 63 74 65 64 2e 20 49 2e 65 2e 20 61 6e 79 20 62 61 63 6b 62 6f 6e 65 20 61	y.connected..I.e..any.backbone.a
3ea00	72 65 61 20 72 6f 75 74 65 72 20 6d 75 73 74 20 68 61 76 65 20 61 20 72 6f 75 74 65 20 74 6f 20	rea.router.must.have.a.route.to.
3ea20	61 6e 79 20 6f 74 68 65 72 20 62 61 63 6b 62 6f 6e 65 20 61 72 65 61 20 72 6f 75 74 65 72 2e 20	any.other.backbone.area.router..
3ea40	4d 6f 72 65 6f 76 65 72 2c 20 65 76 65 72 79 20 41 42 52 20 6d 75 73 74 20 68 61 76 65 20 61 20	Moreover,.every.ABR.must.have.a.
3ea60	6c 69 6e 6b 20 74 6f 20 62 61 63 6b 62 6f 6e 65 20 61 72 65 61 2e 20 48 6f 77 65 76 65 72 2c 20	link.to.backbone.area..However,.
3ea80	69 74 20 69 73 20 6e 6f 74 20 61 6c 77 61 79 73 20 70 6f 73 73 69 62 6c 65 20 74 6f 20 68 61 76	it.is.not.always.possible.to.hav
3eaa0	65 20 61 20 70 68 79 73 69 63 61 6c 20 6c 69 6e 6b 20 74 6f 20 61 20 62 61 63 6b 62 6f 6e 65 20	e.a.physical.link.to.a.backbone.
3eac0	61 72 65 61 2e 20 49 6e 20 74 68 69 73 20 63 61 73 65 20 62 65 74 77 65 65 6e 20 74 77 6f 20 41	area..In.this.case.between.two.A
3eae0	42 52 20 28 6f 6e 65 20 6f 66 20 74 68 65 6d 20 68 61 73 20 61 20 6c 69 6e 6b 20 74 6f 20 74 68	BR.(one.of.them.has.a.link.to.th
3eb00	65 20 62 61 63 6b 62 6f 6e 65 20 61 72 65 61 29 20 69 6e 20 74 68 65 20 61 72 65 61 20 28 6e 6f	e.backbone.area).in.the.area.(no
3eb20	74 20 73 74 75 62 20 61 72 65 61 29 20 61 20 76 69 72 74 75 61 6c 20 6c 69 6e 6b 20 69 73 20 6f	t.stub.area).a.virtual.link.is.o
3eb40	72 67 61 6e 69 7a 65 64 2e 00 49 6e 20 6c 61 72 67 65 20 64 65 70 6c 6f 79 6d 65 6e 74 73 20 69	rganized..In.large.deployments.i
3eb60	74 20 69 73 20 6e 6f 74 20 72 65 61 73 6f 6e 61 62 6c 65 20 74 6f 20 63 6f 6e 66 69 67 75 72 65	t.is.not.reasonable.to.configure
3eb80	20 65 61 63 68 20 75 73 65 72 20 69 6e 64 69 76 69 64 75 61 6c 6c 79 20 6f 6e 20 65 76 65 72 79	.each.user.individually.on.every
3eba0	20 73 79 73 74 65 6d 2e 20 56 79 4f 53 20 73 75 70 70 6f 72 74 73 20 75 73 69 6e 67 20 3a 61 62	.system..VyOS.supports.using.:ab
3ebc0	62 72 3a 60 52 41 44 49 55 53 20 28 52 65 6d 6f 74 65 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f	br:`RADIUS.(Remote.Authenticatio
3ebe0	6e 20 44 69 61 6c 2d 49 6e 20 55 73 65 72 20 53 65 72 76 69 63 65 29 60 20 73 65 72 76 65 72 73	n.Dial-In.User.Service)`.servers
3ec00	20 61 73 20 62 61 63 6b 65 6e 64 20 66 6f 72 20 75 73 65 72 20 61 75 74 68 65 6e 74 69 63 61 74	.as.backend.for.user.authenticat
3ec20	69 6f 6e 2e 00 49 6e 20 6f 72 64 65 72 20 66 6f 72 20 66 6c 6f 77 20 61 63 63 6f 75 6e 74 69 6e	ion..In.order.for.flow.accountin
3ec40	67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74 6f 20 62 65 20 63 6f 6c 6c 65 63 74 65 64 20 61 6e	g.information.to.be.collected.an
3ec60	64 20 64 69 73 70 6c 61 79 65 64 20 66 6f 72 20 61 6e 20 69 6e 74 65 72 66 61 63 65 2c 20 74 68	d.displayed.for.an.interface,.th
3ec80	65 20 69 6e 74 65 72 66 61 63 65 20 6d 75 73 74 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 66	e.interface.must.be.configured.f
3eca0	6f 72 20 66 6c 6f 77 20 61 63 63 6f 75 6e 74 69 6e 67 2e 00 49 6e 20 6f 72 64 65 72 20 66 6f 72	or.flow.accounting..In.order.for
3ecc0	20 74 68 65 20 70 72 69 6d 61 72 79 20 61 6e 64 20 74 68 65 20 73 65 63 6f 6e 64 61 72 79 20 44	.the.primary.and.the.secondary.D
3ece0	48 43 50 20 73 65 72 76 65 72 20 74 6f 20 6b 65 65 70 20 74 68 65 69 72 20 6c 65 61 73 65 20 74	HCP.server.to.keep.their.lease.t
3ed00	61 62 6c 65 73 20 69 6e 20 73 79 6e 63 2c 20 74 68 65 79 20 6d 75 73 74 20 62 65 20 61 62 6c 65	ables.in.sync,.they.must.be.able
3ed20	20 74 6f 20 72 65 61 63 68 20 65 61 63 68 20 6f 74 68 65 72 20 6f 6e 20 54 43 50 20 70 6f 72 74	.to.reach.each.other.on.TCP.port
3ed40	20 36 34 37 2e 20 49 66 20 79 6f 75 20 68 61 76 65 20 66 69 72 65 77 61 6c 6c 20 72 75 6c 65 73	.647..If.you.have.firewall.rules
3ed60	20 69 6e 20 65 66 66 65 63 74 2c 20 61 64 6a 75 73 74 20 74 68 65 6d 20 61 63 63 6f 72 64 69 6e	.in.effect,.adjust.them.accordin
3ed80	67 6c 79 2e 00 49 6e 20 6f 72 64 65 72 20 66 6f 72 20 74 68 65 20 73 79 73 74 65 6d 20 74 6f 20	gly..In.order.for.the.system.to.
3eda0	75 73 65 20 61 6e 64 20 63 6f 6d 70 6c 65 74 65 20 75 6e 71 75 61 6c 69 66 69 65 64 20 68 6f 73	use.and.complete.unqualified.hos
3edc0	74 20 6e 61 6d 65 73 2c 20 61 20 6c 69 73 74 20 63 61 6e 20 62 65 20 64 65 66 69 6e 65 64 20 77	t.names,.a.list.can.be.defined.w
3ede0	68 69 63 68 20 77 69 6c 6c 20 62 65 20 75 73 65 64 20 66 6f 72 20 64 6f 6d 61 69 6e 20 73 65 61	hich.will.be.used.for.domain.sea
3ee00	72 63 68 65 73 2e 00 49 6e 20 6f 72 64 65 72 20 74 6f 20 61 6c 6c 6f 77 20 66 6f 72 20 4c 44 50	rches..In.order.to.allow.for.LDP
3ee20	20 6f 6e 20 74 68 65 20 6c 6f 63 61 6c 20 72 6f 75 74 65 72 20 74 6f 20 65 78 63 68 61 6e 67 65	.on.the.local.router.to.exchange
3ee40	20 6c 61 62 65 6c 20 61 64 76 65 72 74 69 73 65 6d 65 6e 74 73 20 77 69 74 68 20 6f 74 68 65 72	.label.advertisements.with.other
3ee60	20 72 6f 75 74 65 72 73 2c 20 61 20 54 43 50 20 73 65 73 73 69 6f 6e 20 77 69 6c 6c 20 62 65 20	.routers,.a.TCP.session.will.be.
3ee80	65 73 74 61 62 6c 69 73 68 65 64 20 62 65 74 77 65 65 6e 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c	established.between.automaticall
3eea0	79 20 64 69 73 63 6f 76 65 72 65 64 20 61 6e 64 20 73 74 61 74 69 63 61 6c 6c 79 20 61 73 73 69	y.discovered.and.statically.assi
3eec0	67 6e 65 64 20 72 6f 75 74 65 72 73 2e 20 4c 44 50 20 77 69 6c 6c 20 74 72 79 20 74 6f 20 65 73	gned.routers..LDP.will.try.to.es
3eee0	74 61 62 6c 69 73 68 20 61 20 54 43 50 20 73 65 73 73 69 6f 6e 20 74 6f 20 74 68 65 20 2a 2a 74	tablish.a.TCP.session.to.the.**t
3ef00	72 61 6e 73 70 6f 72 74 20 61 64 64 72 65 73 73 2a 2a 20 6f 66 20 6f 74 68 65 72 20 72 6f 75 74	ransport.address**.of.other.rout
3ef20	65 72 73 2e 20 54 68 65 72 65 66 6f 72 65 20 66 6f 72 20 4c 44 50 20 74 6f 20 66 75 6e 63 74 69	ers..Therefore.for.LDP.to.functi
3ef40	6f 6e 20 70 72 6f 70 65 72 6c 79 20 70 6c 65 61 73 65 20 6d 61 6b 65 20 73 75 72 65 20 74 68 65	on.properly.please.make.sure.the
3ef60	20 74 72 61 6e 73 70 6f 72 74 20 61 64 64 72 65 73 73 20 69 73 20 73 68 6f 77 6e 20 69 6e 20 74	.transport.address.is.shown.in.t
3ef80	68 65 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 20 61 6e 64 20 72 65 61 63 68 61 62 6c 65 20 74	he.routing.table.and.reachable.t
3efa0	6f 20 74 72 61 66 66 69 63 20 61 74 20 61 6c 6c 20 74 69 6d 65 73 2e 00 49 6e 20 6f 72 64 65 72	o.traffic.at.all.times..In.order
3efc0	20 74 6f 20 63 6f 6e 74 72 6f 6c 20 61 6e 64 20 6d 6f 64 69 66 79 20 72 6f 75 74 69 6e 67 20 69	.to.control.and.modify.routing.i
3efe0	6e 66 6f 72 6d 61 74 69 6f 6e 20 74 68 61 74 20 69 73 20 65 78 63 68 61 6e 67 65 64 20 62 65 74	nformation.that.is.exchanged.bet
3f000	77 65 65 6e 20 70 65 65 72 73 20 79 6f 75 20 63 61 6e 20 75 73 65 20 72 6f 75 74 65 2d 6d 61 70	ween.peers.you.can.use.route-map
3f020	2c 20 66 69 6c 74 65 72 2d 6c 69 73 74 2c 20 70 72 65 66 69 78 2d 6c 69 73 74 2c 20 64 69 73 74	,.filter-list,.prefix-list,.dist
3f040	72 69 62 75 74 65 2d 6c 69 73 74 2e 00 49 6e 20 6f 72 64 65 72 20 74 6f 20 64 65 66 69 6e 65 20	ribute-list..In.order.to.define.
3f060	77 68 69 63 68 20 74 72 61 66 66 69 63 20 67 6f 65 73 20 69 6e 74 6f 20 77 68 69 63 68 20 63 6c	which.traffic.goes.into.which.cl
3f080	61 73 73 2c 20 79 6f 75 20 64 65 66 69 6e 65 20 66 69 6c 74 65 72 73 20 28 74 68 61 74 20 69 73	ass,.you.define.filters.(that.is
3f0a0	2c 20 74 68 65 20 6d 61 74 63 68 69 6e 67 20 63 72 69 74 65 72 69 61 29 2e 20 50 61 63 6b 65 74	,.the.matching.criteria)..Packet
3f0c0	73 20 67 6f 20 74 68 72 6f 75 67 68 20 74 68 65 73 65 20 6d 61 74 63 68 69 6e 67 20 72 75 6c 65	s.go.through.these.matching.rule
3f0e0	73 20 28 61 73 20 69 6e 20 74 68 65 20 72 75 6c 65 73 20 6f 66 20 61 20 66 69 72 65 77 61 6c 6c	s.(as.in.the.rules.of.a.firewall
3f100	29 20 61 6e 64 2c 20 69 66 20 61 20 70 61 63 6b 65 74 20 6d 61 74 63 68 65 73 20 74 68 65 20 66	).and,.if.a.packet.matches.the.f
3f120	69 6c 74 65 72 2c 20 69 74 20 69 73 20 61 73 73 69 67 6e 65 64 20 74 6f 20 74 68 61 74 20 63 6c	ilter,.it.is.assigned.to.that.cl
3f140	61 73 73 2e 00 49 6e 20 6f 72 64 65 72 20 74 6f 20 68 61 76 65 20 56 79 4f 53 20 54 72 61 66 66	ass..In.order.to.have.VyOS.Traff
3f160	69 63 20 43 6f 6e 74 72 6f 6c 20 77 6f 72 6b 69 6e 67 20 79 6f 75 20 6e 65 65 64 20 74 6f 20 66	ic.Control.working.you.need.to.f
3f180	6f 6c 6c 6f 77 20 32 20 73 74 65 70 73 3a 00 49 6e 20 6f 72 64 65 72 20 74 6f 20 68 61 76 65 20	ollow.2.steps:.In.order.to.have.
3f1a0	66 75 6c 6c 20 63 6f 6e 74 72 6f 6c 20 61 6e 64 20 6d 61 6b 65 20 75 73 65 20 6f 66 20 6d 75 6c	full.control.and.make.use.of.mul
3f1c0	74 69 70 6c 65 20 73 74 61 74 69 63 20 70 75 62 6c 69 63 20 49 50 20 61 64 64 72 65 73 73 65 73	tiple.static.public.IP.addresses
3f1e0	2c 20 79 6f 75 72 20 56 79 4f 53 20 77 69 6c 6c 20 68 61 76 65 20 74 6f 20 69 6e 69 74 69 61 74	,.your.VyOS.will.have.to.initiat
3f200	65 20 74 68 65 20 50 50 50 6f 45 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72	e.the.PPPoE.connection.and.contr
3f220	6f 6c 20 69 74 2e 20 49 6e 20 6f 72 64 65 72 20 66 6f 72 20 74 68 69 73 20 6d 65 74 68 6f 64 20	ol.it..In.order.for.this.method.
3f240	74 6f 20 77 6f 72 6b 2c 20 79 6f 75 20 77 69 6c 6c 20 68 61 76 65 20 74 6f 20 66 69 67 75 72 65	to.work,.you.will.have.to.figure
3f260	20 6f 75 74 20 68 6f 77 20 74 6f 20 6d 61 6b 65 20 79 6f 75 72 20 44 53 4c 20 4d 6f 64 65 6d 2f	.out.how.to.make.your.DSL.Modem/
3f280	52 6f 75 74 65 72 20 73 77 69 74 63 68 20 69 6e 74 6f 20 61 20 42 72 69 64 67 65 64 20 4d 6f 64	Router.switch.into.a.Bridged.Mod
3f2a0	65 20 73 6f 20 69 74 20 6f 6e 6c 79 20 61 63 74 73 20 61 73 20 61 20 44 53 4c 20 54 72 61 6e 73	e.so.it.only.acts.as.a.DSL.Trans
3f2c0	63 65 69 76 65 72 20 64 65 76 69 63 65 20 74 6f 20 63 6f 6e 6e 65 63 74 20 62 65 74 77 65 65 6e	ceiver.device.to.connect.between
3f2e0	20 74 68 65 20 45 74 68 65 72 6e 65 74 20 6c 69 6e 6b 20 6f 66 20 79 6f 75 72 20 56 79 4f 53 20	.the.Ethernet.link.of.your.VyOS.
3f300	61 6e 64 20 74 68 65 20 70 68 6f 6e 65 20 63 61 62 6c 65 2e 20 4f 6e 63 65 20 79 6f 75 72 20 44	and.the.phone.cable..Once.your.D
3f320	53 4c 20 54 72 61 6e 73 63 65 69 76 65 72 20 69 73 20 69 6e 20 42 72 69 64 67 65 20 4d 6f 64 65	SL.Transceiver.is.in.Bridge.Mode
3f340	2c 20 79 6f 75 20 73 68 6f 75 6c 64 20 67 65 74 20 6e 6f 20 49 50 20 61 64 64 72 65 73 73 20 66	,.you.should.get.no.IP.address.f
3f360	72 6f 6d 20 69 74 2e 20 50 6c 65 61 73 65 20 6d 61 6b 65 20 73 75 72 65 20 79 6f 75 20 63 6f 6e	rom.it..Please.make.sure.you.con
3f380	6e 65 63 74 20 74 6f 20 74 68 65 20 45 74 68 65 72 6e 65 74 20 50 6f 72 74 20 31 20 69 66 20 79	nect.to.the.Ethernet.Port.1.if.y
3f3a0	6f 75 72 20 44 53 4c 20 54 72 61 6e 73 63 65 69 76 65 72 20 68 61 73 20 61 20 73 77 69 74 63 68	our.DSL.Transceiver.has.a.switch
3f3c0	2c 20 61 73 20 73 6f 6d 65 20 6f 66 20 74 68 65 6d 20 6f 6e 6c 79 20 77 6f 72 6b 20 74 68 69 73	,.as.some.of.them.only.work.this
3f3e0	20 77 61 79 2e 00 49 6e 20 6f 72 64 65 72 20 74 6f 20 6d 61 70 20 73 70 65 63 69 66 69 63 20 49	.way..In.order.to.map.specific.I
3f400	50 76 36 20 61 64 64 72 65 73 73 65 73 20 74 6f 20 73 70 65 63 69 66 69 63 20 68 6f 73 74 73 20	Pv6.addresses.to.specific.hosts.
3f420	73 74 61 74 69 63 20 6d 61 70 70 69 6e 67 73 20 63 61 6e 20 62 65 20 63 72 65 61 74 65 64 2e 20	static.mappings.can.be.created..
3f440	54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 65 78 61 6d 70 6c 65 20 65 78 70 6c 61 69 6e 73 20 74	The.following.example.explains.t
3f460	68 65 20 70 72 6f 63 65 73 73 2e 00 49 6e 20 6f 72 64 65 72 20 74 6f 20 73 65 70 61 72 61 74 65	he.process..In.order.to.separate
3f480	20 74 72 61 66 66 69 63 2c 20 46 61 69 72 20 51 75 65 75 65 20 75 73 65 73 20 61 20 63 6c 61 73	.traffic,.Fair.Queue.uses.a.clas
3f4a0	73 69 66 69 65 72 20 62 61 73 65 64 20 6f 6e 20 73 6f 75 72 63 65 20 61 64 64 72 65 73 73 2c 20	sifier.based.on.source.address,.
3f4c0	64 65 73 74 69 6e 61 74 69 6f 6e 20 61 64 64 72 65 73 73 20 61 6e 64 20 73 6f 75 72 63 65 20 70	destination.address.and.source.p
3f4e0	6f 72 74 2e 20 54 68 65 20 61 6c 67 6f 72 69 74 68 6d 20 65 6e 71 75 65 75 65 73 20 70 61 63 6b	ort..The.algorithm.enqueues.pack
3f500	65 74 73 20 74 6f 20 68 61 73 68 20 62 75 63 6b 65 74 73 20 62 61 73 65 64 20 6f 6e 20 74 68 6f	ets.to.hash.buckets.based.on.tho
3f520	73 65 20 74 72 65 65 20 70 61 72 61 6d 65 74 65 72 73 2e 20 45 61 63 68 20 6f 66 20 74 68 65 73	se.tree.parameters..Each.of.thes
3f540	65 20 62 75 63 6b 65 74 73 20 73 68 6f 75 6c 64 20 72 65 70 72 65 73 65 6e 74 20 61 20 75 6e 69	e.buckets.should.represent.a.uni
3f560	71 75 65 20 66 6c 6f 77 2e 20 42 65 63 61 75 73 65 20 6d 75 6c 74 69 70 6c 65 20 66 6c 6f 77 73	que.flow..Because.multiple.flows
3f580	20 6d 61 79 20 67 65 74 20 68 61 73 68 65 64 20 74 6f 20 74 68 65 20 73 61 6d 65 20 62 75 63 6b	.may.get.hashed.to.the.same.buck
3f5a0	65 74 2c 20 74 68 65 20 68 61 73 68 69 6e 67 20 61 6c 67 6f 72 69 74 68 6d 20 69 73 20 70 65 72	et,.the.hashing.algorithm.is.per
3f5c0	74 75 72 62 65 64 20 61 74 20 63 6f 6e 66 69 67 75 72 61 62 6c 65 20 69 6e 74 65 72 76 61 6c 73	turbed.at.configurable.intervals
3f5e0	20 73 6f 20 74 68 61 74 20 74 68 65 20 75 6e 66 61 69 72 6e 65 73 73 20 6c 61 73 74 73 20 6f 6e	.so.that.the.unfairness.lasts.on
3f600	6c 79 20 66 6f 72 20 61 20 73 68 6f 72 74 20 77 68 69 6c 65 2e 20 50 65 72 74 75 72 62 61 74 69	ly.for.a.short.while..Perturbati
3f620	6f 6e 20 6d 61 79 20 68 6f 77 65 76 65 72 20 63 61 75 73 65 20 73 6f 6d 65 20 69 6e 61 64 76 65	on.may.however.cause.some.inadve
3f640	72 74 65 6e 74 20 70 61 63 6b 65 74 20 72 65 6f 72 64 65 72 69 6e 67 20 74 6f 20 6f 63 63 75 72	rtent.packet.reordering.to.occur
3f660	2e 20 41 6e 20 61 64 76 69 73 61 62 6c 65 20 76 61 6c 75 65 20 63 6f 75 6c 64 20 62 65 20 31 30	..An.advisable.value.could.be.10
3f680	20 73 65 63 6f 6e 64 73 2e 00 49 6e 20 6f 72 64 65 72 20 74 6f 20 75 73 65 20 54 53 4f 2f 4c 52	.seconds..In.order.to.use.TSO/LR
3f6a0	4f 20 77 69 74 68 20 56 4d 58 4e 45 54 33 20 61 64 61 74 65 72 73 20 6f 6e 65 20 6d 75 73 74 20	O.with.VMXNET3.adaters.one.must.
3f6c0	61 6c 73 6f 20 65 6e 61 62 6c 65 20 74 68 65 20 53 47 20 6f 66 66 6c 6f 61 64 69 6e 67 20 6f 70	also.enable.the.SG.offloading.op
3f6e0	74 69 6f 6e 2e 00 49 6e 20 6f 74 68 65 72 20 77 6f 72 64 73 20 69 74 20 61 6c 6c 6f 77 73 20 63	tion..In.other.words.it.allows.c
3f700	6f 6e 74 72 6f 6c 20 6f 66 20 77 68 69 63 68 20 63 61 72 64 73 20 28 75 73 75 61 6c 6c 79 20 31	ontrol.of.which.cards.(usually.1
3f720	29 20 77 69 6c 6c 20 72 65 73 70 6f 6e 64 20 74 6f 20 61 6e 20 61 72 70 20 72 65 71 75 65 73 74	).will.respond.to.an.arp.request
3f740	2e 00 49 6e 20 6f 74 68 65 72 20 77 6f 72 64 73 2c 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 74 72 61	..In.other.words,.connection.tra
3f760	63 6b 69 6e 67 20 68 61 73 20 61 6c 72 65 61 64 79 20 6f 62 73 65 72 76 65 64 20 74 68 65 20 63	cking.has.already.observed.the.c
3f780	6f 6e 6e 65 63 74 69 6f 6e 20 62 65 20 63 6c 6f 73 65 64 20 61 6e 64 20 68 61 73 20 74 72 61 6e	onnection.be.closed.and.has.tran
3f7a0	73 69 74 69 6f 6e 20 74 68 65 20 66 6c 6f 77 20 74 6f 20 49 4e 56 41 4c 49 44 20 74 6f 20 70 72	sition.the.flow.to.INVALID.to.pr
3f7c0	65 76 65 6e 74 20 61 74 74 61 63 6b 73 20 66 72 6f 6d 20 61 74 74 65 6d 70 74 69 6e 67 20 74 6f	event.attacks.from.attempting.to
3f7e0	20 72 65 75 73 65 20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 2e 00 49 6e 20 6f 75 72 20 65 78	.reuse.the.connection..In.our.ex
3f800	61 6d 70 6c 65 2c 20 77 65 20 75 73 65 64 20 74 68 65 20 6b 65 79 20 6e 61 6d 65 20 60 60 6f 70	ample,.we.used.the.key.name.``op
3f820	65 6e 76 70 6e 2d 31 60 60 20 77 68 69 63 68 20 77 65 20 77 69 6c 6c 20 72 65 66 65 72 65 6e 63	envpn-1``.which.we.will.referenc
3f840	65 20 69 6e 20 6f 75 72 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2e 00 49 6e 20 6f 75 72 20 65	e.in.our.configuration..In.our.e
3f860	78 61 6d 70 6c 65 2c 20 77 65 20 77 69 6c 6c 20 62 65 20 66 6f 72 77 61 72 64 69 6e 67 20 77 65	xample,.we.will.be.forwarding.we
3f880	62 20 73 65 72 76 65 72 20 74 72 61 66 66 69 63 20 74 6f 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20	b.server.traffic.to.an.internal.
3f8a0	77 65 62 20 73 65 72 76 65 72 20 6f 6e 20 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 2e 20 48 54 54	web.server.on.192.168.0.100..HTT
3f8c0	50 20 74 72 61 66 66 69 63 20 6d 61 6b 65 73 20 75 73 65 20 6f 66 20 74 68 65 20 54 43 50 20 70	P.traffic.makes.use.of.the.TCP.p
3f8e0	72 6f 74 6f 63 6f 6c 20 6f 6e 20 70 6f 72 74 20 38 30 2e 20 46 6f 72 20 6f 74 68 65 72 20 63 6f	rotocol.on.port.80..For.other.co
3f900	6d 6d 6f 6e 20 70 6f 72 74 20 6e 75 6d 62 65 72 73 2c 20 73 65 65 3a 20 68 74 74 70 73 3a 2f 2f	mmon.port.numbers,.see:.https://
3f920	65 6e 2e 77 69 6b 69 70 65 64 69 61 2e 6f 72 67 2f 77 69 6b 69 2f 4c 69 73 74 5f 6f 66 5f 54 43	en.wikipedia.org/wiki/List_of_TC
3f940	50 5f 61 6e 64 5f 55 44 50 5f 70 6f 72 74 5f 6e 75 6d 62 65 72 73 00 49 6e 20 70 72 69 6e 63 69	P_and_UDP_port_numbers.In.princi
3f960	70 6c 65 2c 20 76 61 6c 75 65 73 20 6d 75 73 74 20 62 65 20 3a 63 6f 64 65 3a 60 6d 69 6e 2d 74	ple,.values.must.be.:code:`min-t
3f980	68 72 65 73 68 6f 6c 64 60 20 3c 20 3a 63 6f 64 65 3a 60 6d 61 78 2d 74 68 72 65 73 68 6f 6c 64	hreshold`.<.:code:`max-threshold
3f9a0	60 20 3c 20 3a 63 6f 64 65 3a 60 71 75 65 75 65 2d 6c 69 6d 69 74 60 2e 00 49 6e 20 73 68 6f 72	`.<.:code:`queue-limit`..In.shor
3f9c0	74 2c 20 44 4d 56 50 4e 20 70 72 6f 76 69 64 65 73 20 74 68 65 20 63 61 70 61 62 69 6c 69 74 79	t,.DMVPN.provides.the.capability
3f9e0	20 66 6f 72 20 63 72 65 61 74 69 6e 67 20 61 20 64 79 6e 61 6d 69 63 2d 6d 65 73 68 20 56 50 4e	.for.creating.a.dynamic-mesh.VPN
3fa00	20 6e 65 74 77 6f 72 6b 20 77 69 74 68 6f 75 74 20 68 61 76 69 6e 67 20 74 6f 20 70 72 65 2d 63	.network.without.having.to.pre-c
3fa20	6f 6e 66 69 67 75 72 65 20 28 73 74 61 74 69 63 29 20 61 6c 6c 20 70 6f 73 73 69 62 6c 65 20 74	onfigure.(static).all.possible.t
3fa40	75 6e 6e 65 6c 20 65 6e 64 2d 70 6f 69 6e 74 20 70 65 65 72 73 2e 00 49 6e 20 73 6f 6d 65 20 63	unnel.end-point.peers..In.some.c
3fa60	61 73 65 73 20 69 74 20 6d 61 79 20 62 65 20 6d 6f 72 65 20 63 6f 6e 76 65 6e 69 65 6e 74 20 74	ases.it.may.be.more.convenient.t
3fa80	6f 20 65 6e 61 62 6c 65 20 4f 53 50 46 20 6f 6e 20 61 20 70 65 72 20 69 6e 74 65 72 66 61 63 65	o.enable.OSPF.on.a.per.interface
3faa0	2f 73 75 62 6e 65 74 20 62 61 73 69 73 20 3a 63 66 67 63 6d 64 3a 60 73 65 74 20 70 72 6f 74 6f	/subnet.basis.:cfgcmd:`set.proto
3fac0	63 6f 6c 73 20 6f 73 70 66 20 69 6e 74 65 72 66 61 63 65 20 3c 69 6e 74 65 72 66 61 63 65 3e 20	cols.ospf.interface.<interface>.
3fae0	61 72 65 61 20 3c 78 2e 78 2e 78 2e 78 20 7c 20 78 3e 60 00 49 6e 20 74 68 65 20 3a 72 65 66 3a	area.<x.x.x.x.|.x>`.In.the.:ref:
3fb00	60 63 72 65 61 74 69 6e 67 5f 61 5f 74 72 61 66 66 69 63 5f 70 6f 6c 69 63 79 60 20 73 65 63 74	`creating_a_traffic_policy`.sect
3fb20	69 6f 6e 20 79 6f 75 20 77 69 6c 6c 20 73 65 65 20 74 68 61 74 20 73 6f 6d 65 20 6f 66 20 74 68	ion.you.will.see.that.some.of.th
3fb40	65 20 70 6f 6c 69 63 69 65 73 20 75 73 65 20 2a 63 6c 61 73 73 65 73 2a 2e 20 54 68 6f 73 65 20	e.policies.use.*classes*..Those.
3fb60	70 6f 6c 69 63 69 65 73 20 6c 65 74 20 79 6f 75 20 64 69 73 74 72 69 62 75 74 65 20 74 72 61 66	policies.let.you.distribute.traf
3fb80	66 69 63 20 69 6e 74 6f 20 64 69 66 66 65 72 65 6e 74 20 63 6c 61 73 73 65 73 20 61 63 63 6f 72	fic.into.different.classes.accor
3fba0	64 69 6e 67 20 74 6f 20 64 69 66 66 65 72 65 6e 74 20 70 61 72 61 6d 65 74 65 72 73 20 79 6f 75	ding.to.different.parameters.you
3fbc0	20 63 61 6e 20 63 68 6f 6f 73 65 2e 20 53 6f 2c 20 61 20 63 6c 61 73 73 20 69 73 20 6a 75 73 74	.can.choose..So,.a.class.is.just
3fbe0	20 61 20 73 70 65 63 69 66 69 63 20 74 79 70 65 20 6f 66 20 74 72 61 66 66 69 63 20 79 6f 75 20	.a.specific.type.of.traffic.you.
3fc00	73 65 6c 65 63 74 2e 00 49 6e 20 74 68 65 20 56 79 4f 53 20 43 4c 49 2c 20 61 20 6b 65 79 20 70	select..In.the.VyOS.CLI,.a.key.p
3fc20	6f 69 6e 74 20 6f 66 74 65 6e 20 6f 76 65 72 6c 6f 6f 6b 65 64 20 69 73 20 74 68 61 74 20 72 61	oint.often.overlooked.is.that.ra
3fc40	74 68 65 72 20 74 68 61 6e 20 62 65 69 6e 67 20 63 6f 6e 66 69 67 75 72 65 64 20 75 73 69 6e 67	ther.than.being.configured.using
3fc60	20 74 68 65 20 60 73 65 74 20 76 70 6e 60 20 73 74 61 6e 7a 61 2c 20 4f 70 65 6e 56 50 4e 20 69	.the.`set.vpn`.stanza,.OpenVPN.i
3fc80	73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 6e 65 74 77 6f 72 6b 20 69 6e 74 65 72 66	s.configured.as.a.network.interf
3fca0	61 63 65 20 75 73 69 6e 67 20 60 73 65 74 20 69 6e 74 65 72 66 61 63 65 73 20 6f 70 65 6e 76 70	ace.using.`set.interfaces.openvp
3fcc0	6e 60 2e 00 49 6e 20 74 68 65 20 61 62 6f 76 65 20 65 78 61 6d 70 6c 65 2c 20 61 6e 20 65 78 74	n`..In.the.above.example,.an.ext
3fce0	65 72 6e 61 6c 20 49 50 20 6f 66 20 31 39 32 2e 30 2e 32 2e 32 20 69 73 20 61 73 73 75 6d 65 64	ernal.IP.of.192.0.2.2.is.assumed
3fd00	2e 00 49 6e 20 74 68 65 20 61 67 65 20 6f 66 20 76 65 72 79 20 66 61 73 74 20 6e 65 74 77 6f 72	..In.the.age.of.very.fast.networ
3fd20	6b 73 2c 20 61 20 73 65 63 6f 6e 64 20 6f 66 20 75 6e 72 65 61 63 68 61 62 69 6c 69 74 79 20 6d	ks,.a.second.of.unreachability.m
3fd40	61 79 20 65 71 75 61 6c 20 6d 69 6c 6c 69 6f 6e 73 20 6f 66 20 6c 6f 73 74 20 70 61 63 6b 65 74	ay.equal.millions.of.lost.packet
3fd60	73 2e 20 54 68 65 20 69 64 65 61 20 62 65 68 69 6e 64 20 42 46 44 20 69 73 20 74 6f 20 64 65 74	s..The.idea.behind.BFD.is.to.det
3fd80	65 63 74 20 76 65 72 79 20 71 75 69 63 6b 6c 79 20 77 68 65 6e 20 61 20 70 65 65 72 20 69 73 20	ect.very.quickly.when.a.peer.is.
3fda0	64 6f 77 6e 20 61 6e 64 20 74 61 6b 65 20 61 63 74 69 6f 6e 20 65 78 74 72 65 6d 65 6c 79 20 66	down.and.take.action.extremely.f
3fdc0	61 73 74 2e 00 49 6e 20 74 68 65 20 63 61 73 65 20 6f 66 20 4c 32 54 50 76 33 2c 20 74 68 65 20	ast..In.the.case.of.L2TPv3,.the.
3fde0	66 65 61 74 75 72 65 73 20 6c 6f 73 74 20 61 72 65 20 74 65 6c 65 74 72 61 66 66 69 63 20 65 6e	features.lost.are.teletraffic.en
3fe00	67 69 6e 65 65 72 69 6e 67 20 66 65 61 74 75 72 65 73 20 63 6f 6e 73 69 64 65 72 65 64 20 69 6d	gineering.features.considered.im
3fe20	70 6f 72 74 61 6e 74 20 69 6e 20 4d 50 4c 53 2e 20 48 6f 77 65 76 65 72 2c 20 74 68 65 72 65 20	portant.in.MPLS..However,.there.
3fe40	69 73 20 6e 6f 20 72 65 61 73 6f 6e 20 74 68 65 73 65 20 66 65 61 74 75 72 65 73 20 63 6f 75 6c	is.no.reason.these.features.coul
3fe60	64 20 6e 6f 74 20 62 65 20 72 65 2d 65 6e 67 69 6e 65 65 72 65 64 20 69 6e 20 6f 72 20 6f 6e 20	d.not.be.re-engineered.in.or.on.
3fe80	74 6f 70 20 6f 66 20 4c 32 54 50 76 33 20 69 6e 20 6c 61 74 65 72 20 70 72 6f 64 75 63 74 73 2e	top.of.L2TPv3.in.later.products.
3fea0	00 49 6e 20 74 68 65 20 63 61 73 65 20 74 68 65 20 61 76 65 72 61 67 65 20 71 75 65 75 65 20 73	.In.the.case.the.average.queue.s
3fec0	69 7a 65 20 69 73 20 62 65 74 77 65 65 6e 20 2a 2a 6d 69 6e 2d 74 68 72 65 73 68 6f 6c 64 2a 2a	ize.is.between.**min-threshold**
3fee0	20 61 6e 64 20 2a 2a 6d 61 78 2d 74 68 72 65 73 68 6f 6c 64 2a 2a 2c 20 74 68 65 6e 20 61 6e 20	.and.**max-threshold**,.then.an.
3ff00	61 72 72 69 76 69 6e 67 20 70 61 63 6b 65 74 20 77 6f 75 6c 64 20 62 65 20 65 69 74 68 65 72 20	arriving.packet.would.be.either.
3ff20	64 72 6f 70 70 65 64 20 6f 72 20 70 6c 61 63 65 64 20 69 6e 20 74 68 65 20 71 75 65 75 65 2c 20	dropped.or.placed.in.the.queue,.
3ff40	69 74 20 77 69 6c 6c 20 64 65 70 65 6e 64 20 6f 6e 20 74 68 65 20 64 65 66 69 6e 65 64 20 2a 2a	it.will.depend.on.the.defined.**
3ff60	6d 61 72 6b 2d 70 72 6f 62 61 62 69 6c 69 74 79 2a 2a 2e 00 49 6e 20 74 68 65 20 63 61 73 65 20	mark-probability**..In.the.case.
3ff80	79 6f 75 20 77 61 6e 74 20 74 6f 20 61 70 70 6c 79 20 73 6f 6d 65 20 6b 69 6e 64 20 6f 66 20 2a	you.want.to.apply.some.kind.of.*
3ffa0	2a 73 68 61 70 69 6e 67 2a 2a 20 74 6f 20 79 6f 75 72 20 2a 2a 69 6e 62 6f 75 6e 64 2a 2a 20 74	*shaping**.to.your.**inbound**.t
3ffc0	72 61 66 66 69 63 2c 20 63 68 65 63 6b 20 74 68 65 20 69 6e 67 72 65 73 73 2d 73 68 61 70 69 6e	raffic,.check.the.ingress-shapin
3ffe0	67 5f 20 73 65 63 74 69 6f 6e 2e 00 49 6e 20 74 68 65 20 63 6f 6d 6d 61 6e 64 20 61 62 6f 76 65	g_.section..In.the.command.above
40000	2c 20 77 65 20 73 65 74 20 74 68 65 20 74 79 70 65 20 6f 66 20 70 6f 6c 69 63 79 20 77 65 20 61	,.we.set.the.type.of.policy.we.a
40020	72 65 20 67 6f 69 6e 67 20 74 6f 20 77 6f 72 6b 20 77 69 74 68 20 61 6e 64 20 74 68 65 20 6e 61	re.going.to.work.with.and.the.na
40040	6d 65 20 77 65 20 63 68 6f 6f 73 65 20 66 6f 72 20 69 74 3b 20 61 20 63 6c 61 73 73 20 28 73 6f	me.we.choose.for.it;.a.class.(so
40060	20 74 68 61 74 20 77 65 20 63 61 6e 20 64 69 66 66 65 72 65 6e 74 69 61 74 65 20 73 6f 6d 65 20	.that.we.can.differentiate.some.
40080	74 72 61 66 66 69 63 29 20 61 6e 64 20 61 6e 20 69 64 65 6e 74 69 66 69 61 62 6c 65 20 6e 75 6d	traffic).and.an.identifiable.num
400a0	62 65 72 20 66 6f 72 20 74 68 61 74 20 63 6c 61 73 73 3b 20 74 68 65 6e 20 77 65 20 63 6f 6e 66	ber.for.that.class;.then.we.conf
400c0	69 67 75 72 65 20 61 20 6d 61 74 63 68 69 6e 67 20 72 75 6c 65 20 28 6f 72 20 66 69 6c 74 65 72	igure.a.matching.rule.(or.filter
400e0	29 20 61 6e 64 20 61 20 6e 61 6d 65 20 66 6f 72 20 69 74 2e 00 49 6e 20 74 68 65 20 65 78 61 6d	).and.a.name.for.it..In.the.exam
40100	70 6c 65 20 61 62 6f 76 65 2c 20 74 68 65 20 66 69 72 73 74 20 34 39 39 20 73 65 73 73 69 6f 6e	ple.above,.the.first.499.session
40120	73 20 63 6f 6e 6e 65 63 74 20 77 69 74 68 6f 75 74 20 64 65 6c 61 79 2e 20 50 41 44 4f 20 70 61	s.connect.without.delay..PADO.pa
40140	63 6b 65 74 73 20 77 69 6c 6c 20 62 65 20 64 65 6c 61 79 65 64 20 35 30 20 6d 73 20 66 6f 72 20	ckets.will.be.delayed.50.ms.for.
40160	63 6f 6e 6e 65 63 74 69 6f 6e 20 66 72 6f 6d 20 35 30 30 20 74 6f 20 39 39 39 2c 20 74 68 69 73	connection.from.500.to.999,.this
40180	20 74 72 69 63 6b 20 61 6c 6c 6f 77 73 20 6f 74 68 65 72 20 50 50 50 6f 45 20 73 65 72 76 65 72	.trick.allows.other.PPPoE.server
401a0	73 20 73 65 6e 64 20 50 41 44 4f 20 66 61 73 74 65 72 20 61 6e 64 20 63 6c 69 65 6e 74 73 20 77	s.send.PADO.faster.and.clients.w
401c0	69 6c 6c 20 63 6f 6e 6e 65 63 74 20 74 6f 20 6f 74 68 65 72 20 73 65 72 76 65 72 73 2e 20 4c 61	ill.connect.to.other.servers..La
401e0	73 74 20 63 6f 6d 6d 61 6e 64 20 73 61 79 73 20 74 68 61 74 20 74 68 69 73 20 50 50 50 6f 45 20	st.command.says.that.this.PPPoE.
40200	73 65 72 76 65 72 20 63 61 6e 20 73 65 72 76 65 20 6f 6e 6c 79 20 33 30 30 30 20 63 6c 69 65 6e	server.can.serve.only.3000.clien
40220	74 73 2e 00 49 6e 20 74 68 65 20 65 78 61 6d 70 6c 65 20 75 73 65 64 20 66 6f 72 20 74 68 65 20	ts..In.the.example.used.for.the.
40240	51 75 69 63 6b 20 53 74 61 72 74 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 62 6f 76 65 2c	Quick.Start.configuration.above,
40260	20 77 65 20 64 65 6d 6f 6e 73 74 72 61 74 65 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 63 6f	.we.demonstrate.the.following.co
40280	6e 66 69 67 75 72 61 74 69 6f 6e 3a 00 49 6e 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 65 78	nfiguration:.In.the.following.ex
402a0	61 6d 70 6c 65 20 77 65 20 63 61 6e 20 73 65 65 20 61 20 62 61 73 69 63 20 6d 75 6c 74 69 63 61	ample.we.can.see.a.basic.multica
402c0	73 74 20 73 65 74 75 70 3a 00 49 6e 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 65 78 61 6d 70	st.setup:.In.the.following.examp
402e0	6c 65 2c 20 62 6f 74 68 20 60 55 73 65 72 31 60 20 61 6e 64 20 60 55 73 65 72 32 60 20 77 69 6c	le,.both.`User1`.and.`User2`.wil
40300	6c 20 62 65 20 61 62 6c 65 20 74 6f 20 53 53 48 20 69 6e 74 6f 20 56 79 4f 53 20 61 73 20 75 73	l.be.able.to.SSH.into.VyOS.as.us
40320	65 72 20 60 60 76 79 6f 73 60 60 20 75 73 69 6e 67 20 74 68 65 69 72 20 76 65 72 79 20 6f 77 6e	er.``vyos``.using.their.very.own
40340	20 6b 65 79 73 2e 20 60 55 73 65 72 31 60 20 69 73 20 72 65 73 74 72 69 63 74 65 64 20 74 6f 20	.keys..`User1`.is.restricted.to.
40360	6f 6e 6c 79 20 62 65 20 61 62 6c 65 20 74 6f 20 63 6f 6e 6e 65 63 74 20 66 72 6f 6d 20 61 20 73	only.be.able.to.connect.from.a.s
40380	69 6e 67 6c 65 20 49 50 20 61 64 64 72 65 73 73 2e 20 49 6e 20 61 64 64 69 74 69 6f 6e 20 69 66	ingle.IP.address..In.addition.if
403a0	20 70 61 73 73 77 6f 72 64 20 62 61 73 65 20 6c 6f 67 69 6e 20 69 73 20 77 61 6e 74 65 64 20 66	.password.base.login.is.wanted.f
403c0	6f 72 20 74 68 65 20 60 60 76 79 6f 73 60 60 20 75 73 65 72 20 61 20 32 46 41 2f 4d 46 41 20 6b	or.the.``vyos``.user.a.2FA/MFA.k
403e0	65 79 63 6f 64 65 20 69 73 20 72 65 71 75 69 72 65 64 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74	eycode.is.required.in.addition.t
40400	6f 20 74 68 65 20 70 61 73 73 77 6f 72 64 2e 00 49 6e 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67	o.the.password..In.the.following
40420	20 65 78 61 6d 70 6c 65 2c 20 74 68 65 20 49 50 73 20 66 6f 72 20 74 68 65 20 72 65 6d 6f 74 65	.example,.the.IPs.for.the.remote
40440	20 63 6c 69 65 6e 74 73 20 61 72 65 20 64 65 66 69 6e 65 64 20 69 6e 20 74 68 65 20 70 65 65 72	.clients.are.defined.in.the.peer
40460	73 2e 20 54 68 69 73 20 61 6c 6c 6f 77 73 20 74 68 65 20 70 65 65 72 73 20 74 6f 20 69 6e 74 65	s..This.allows.the.peers.to.inte
40480	72 61 63 74 20 77 69 74 68 20 6f 6e 65 20 61 6e 6f 74 68 65 72 2e 20 49 6e 20 63 6f 6d 70 61 72	ract.with.one.another..In.compar
404a0	69 73 6f 6e 20 74 6f 20 74 68 65 20 73 69 74 65 2d 74 6f 2d 73 69 74 65 20 65 78 61 6d 70 6c 65	ison.to.the.site-to-site.example
404c0	20 74 68 65 20 60 60 70 65 72 73 69 73 74 65 6e 74 2d 6b 65 65 70 61 6c 69 76 65 60 60 20 66 6c	.the.``persistent-keepalive``.fl
404e0	61 67 20 69 73 20 73 65 74 20 74 6f 20 31 35 20 73 65 63 6f 6e 64 73 20 74 6f 20 61 73 73 75 72	ag.is.set.to.15.seconds.to.assur
40500	65 20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 69 73 20 6b 65 70 74 20 61 6c 69 76 65 2e 20	e.the.connection.is.kept.alive..
40520	54 68 69 73 20 69 73 20 6d 61 69 6e 6c 79 20 72 65 6c 65 76 61 6e 74 20 69 66 20 6f 6e 65 20 6f	This.is.mainly.relevant.if.one.o
40540	66 20 74 68 65 20 70 65 65 72 73 20 69 73 20 62 65 68 69 6e 64 20 4e 41 54 20 61 6e 64 20 63 61	f.the.peers.is.behind.NAT.and.ca
40560	6e 27 74 20 62 65 20 63 6f 6e 6e 65 63 74 65 64 20 74 6f 20 69 66 20 74 68 65 20 63 6f 6e 6e 65	n't.be.connected.to.if.the.conne
40580	63 74 69 6f 6e 20 69 73 20 6c 6f 73 74 2e 20 54 6f 20 62 65 20 65 66 66 65 63 74 69 76 65 20 74	ction.is.lost..To.be.effective.t
405a0	68 69 73 20 76 61 6c 75 65 20 6e 65 65 64 73 20 74 6f 20 62 65 20 6c 6f 77 65 72 20 74 68 61 6e	his.value.needs.to.be.lower.than
405c0	20 74 68 65 20 55 44 50 20 74 69 6d 65 6f 75 74 2e 00 49 6e 20 74 68 65 20 66 6f 6c 6c 6f 77 69	.the.UDP.timeout..In.the.followi
405e0	6e 67 20 65 78 61 6d 70 6c 65 2c 20 77 68 65 6e 20 56 4c 41 4e 39 20 74 72 61 6e 73 69 74 69 6f	ng.example,.when.VLAN9.transitio
40600	6e 73 2c 20 56 4c 41 4e 32 30 20 77 69 6c 6c 20 61 6c 73 6f 20 74 72 61 6e 73 69 74 69 6f 6e 3a	ns,.VLAN20.will.also.transition:
40620	00 49 6e 20 74 68 65 20 66 75 74 75 72 65 20 74 68 69 73 20 69 73 20 65 78 70 65 63 74 65 64 20	.In.the.future.this.is.expected.
40640	74 6f 20 62 65 20 61 20 76 65 72 79 20 75 73 65 66 75 6c 20 70 72 6f 74 6f 63 6f 6c 20 28 74 68	to.be.a.very.useful.protocol.(th
40660	6f 75 67 68 20 74 68 65 72 65 20 61 72 65 20 60 6f 74 68 65 72 20 70 72 6f 70 6f 73 61 6c 73 60	ough.there.are.`other.proposals`
40680	5f 29 2e 00 49 6e 20 74 68 65 20 6e 65 78 74 20 65 78 61 6d 70 6c 65 20 61 6c 6c 20 74 72 61 66	_)..In.the.next.example.all.traf
406a0	66 69 63 20 64 65 73 74 69 6e 65 64 20 74 6f 20 60 60 32 30 33 2e 30 2e 31 31 33 2e 31 60 60 20	fic.destined.to.``203.0.113.1``.
406c0	61 6e 64 20 70 6f 72 74 20 60 60 38 32 38 30 60 60 20 70 72 6f 74 6f 63 6f 6c 20 54 43 50 20 69	and.port.``8280``.protocol.TCP.i
406e0	73 20 62 61 6c 61 6e 63 65 64 20 62 65 74 77 65 65 6e 20 32 20 72 65 61 6c 20 73 65 72 76 65 72	s.balanced.between.2.real.server
40700	73 20 60 60 31 39 32 2e 30 2e 32 2e 31 31 60 60 20 61 6e 64 20 60 60 31 39 32 2e 30 2e 32 2e 31	s.``192.0.2.11``.and.``192.0.2.1
40720	32 60 60 20 74 6f 20 70 6f 72 74 20 60 60 38 30 60 60 00 49 6e 20 74 68 65 20 70 61 73 74 20 28	2``.to.port.``80``.In.the.past.(
40740	56 79 4f 53 20 31 2e 31 29 20 75 73 65 64 20 61 20 67 61 74 65 77 61 79 2d 61 64 64 72 65 73 73	VyOS.1.1).used.a.gateway-address
40760	20 63 6f 6e 66 69 67 75 72 65 64 20 75 6e 64 65 72 20 74 68 65 20 73 79 73 74 65 6d 20 74 72 65	.configured.under.the.system.tre
40780	65 20 28 3a 63 66 67 63 6d 64 3a 60 73 65 74 20 73 79 73 74 65 6d 20 67 61 74 65 77 61 79 2d 61	e.(:cfgcmd:`set.system.gateway-a
407a0	64 64 72 65 73 73 20 3c 61 64 64 72 65 73 73 3e 60 29 2c 20 74 68 69 73 20 69 73 20 6e 6f 20 6c	ddress.<address>`),.this.is.no.l
407c0	6f 6e 67 65 72 20 73 75 70 70 6f 72 74 65 64 20 61 6e 64 20 65 78 69 73 74 69 6e 67 20 63 6f 6e	onger.supported.and.existing.con
407e0	66 69 67 75 72 61 74 69 6f 6e 73 20 61 72 65 20 6d 69 67 72 61 74 65 64 20 74 6f 20 74 68 65 20	figurations.are.migrated.to.the.
40800	6e 65 77 20 43 4c 49 20 63 6f 6d 6d 61 6e 64 2e 00 49 6e 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64	new.CLI.command..In.this.command
40820	20 74 72 65 65 2c 20 61 6c 6c 20 68 61 72 64 77 61 72 65 20 61 63 63 65 6c 65 72 61 74 69 6f 6e	.tree,.all.hardware.acceleration
40840	20 6f 70 74 69 6f 6e 73 20 77 69 6c 6c 20 62 65 20 68 61 6e 64 6c 65 64 2e 20 41 74 20 74 68 65	.options.will.be.handled..At.the
40860	20 6d 6f 6d 65 6e 74 20 6f 6e 6c 79 20 60 49 6e 74 65 6c c2 ae 20 51 41 54 60 5f 20 69 73 20 73	.moment.only.`Intel...QAT`_.is.s
40880	75 70 70 6f 72 74 65 64 00 49 6e 20 74 68 69 73 20 65 78 61 6d 70 6c 65 20 61 6c 6c 20 74 72 61	upported.In.this.example.all.tra
408a0	66 66 69 63 20 64 65 73 74 69 6e 65 64 20 74 6f 20 70 6f 72 74 73 20 22 38 30 2c 20 32 32 32 32	ffic.destined.to.ports."80,.2222
408c0	2c 20 38 38 38 38 22 20 70 72 6f 74 6f 63 6f 6c 20 54 43 50 20 6d 61 72 6b 73 20 74 6f 20 66 77	,.8888".protocol.TCP.marks.to.fw
408e0	6d 61 72 6b 20 22 31 31 31 22 20 61 6e 64 20 62 61 6c 61 6e 63 65 64 20 62 65 74 77 65 65 6e 20	mark."111".and.balanced.between.
40900	32 20 72 65 61 6c 20 73 65 72 76 65 72 73 2e 20 50 6f 72 74 20 22 30 22 20 69 73 20 72 65 71 75	2.real.servers..Port."0".is.requ
40920	69 72 65 64 20 69 66 20 6d 75 6c 74 69 70 6c 65 20 70 6f 72 74 73 20 61 72 65 20 75 73 65 64 2e	ired.if.multiple.ports.are.used.
40940	00 49 6e 20 74 68 69 73 20 65 78 61 6d 70 6c 65 20 77 65 20 77 69 6c 6c 20 75 73 65 20 74 68 65	.In.this.example.we.will.use.the
40960	20 6d 6f 73 74 20 63 6f 6d 70 6c 69 63 61 74 65 64 20 63 61 73 65 3a 20 61 20 73 65 74 75 70 20	.most.complicated.case:.a.setup.
40980	77 68 65 72 65 20 65 61 63 68 20 63 6c 69 65 6e 74 20 69 73 20 61 20 72 6f 75 74 65 72 20 74 68	where.each.client.is.a.router.th
409a0	61 74 20 68 61 73 20 69 74 73 20 6f 77 6e 20 73 75 62 6e 65 74 20 28 74 68 69 6e 6b 20 48 51 20	at.has.its.own.subnet.(think.HQ.
409c0	61 6e 64 20 62 72 61 6e 63 68 20 6f 66 66 69 63 65 73 29 2c 20 73 69 6e 63 65 20 73 69 6d 70 6c	and.branch.offices),.since.simpl
409e0	65 72 20 73 65 74 75 70 73 20 61 72 65 20 73 75 62 73 65 74 73 20 6f 66 20 69 74 2e 00 49 6e 20	er.setups.are.subsets.of.it..In.
40a00	74 68 69 73 20 65 78 61 6d 70 6c 65 2c 20 73 6f 6d 65 20 2a 4f 70 65 6e 4e 49 43 2a 20 73 65 72	this.example,.some.*OpenNIC*.ser
40a20	76 65 72 73 20 61 72 65 20 75 73 65 64 2c 20 74 77 6f 20 49 50 76 34 20 61 64 64 72 65 73 73 65	vers.are.used,.two.IPv4.addresse
40a40	73 20 61 6e 64 20 74 77 6f 20 49 50 76 36 20 61 64 64 72 65 73 73 65 73 3a 00 49 6e 20 74 68 69	s.and.two.IPv6.addresses:.In.thi
40a60	73 20 65 78 61 6d 70 6c 65 2c 20 77 65 20 75 73 65 20 2a 2a 6d 61 73 71 75 65 72 61 64 65 2a 2a	s.example,.we.use.**masquerade**
40a80	20 61 73 20 74 68 65 20 74 72 61 6e 73 6c 61 74 69 6f 6e 20 61 64 64 72 65 73 73 20 69 6e 73 74	.as.the.translation.address.inst
40aa0	65 61 64 20 6f 66 20 61 6e 20 49 50 20 61 64 64 72 65 73 73 2e 20 54 68 65 20 2a 2a 6d 61 73 71	ead.of.an.IP.address..The.**masq
40ac0	75 65 72 61 64 65 2a 2a 20 74 61 72 67 65 74 20 69 73 20 65 66 66 65 63 74 69 76 65 6c 79 20 61	uerade**.target.is.effectively.a
40ae0	6e 20 61 6c 69 61 73 20 74 6f 20 73 61 79 20 22 75 73 65 20 77 68 61 74 65 76 65 72 20 49 50 20	n.alias.to.say."use.whatever.IP.
40b00	61 64 64 72 65 73 73 20 69 73 20 6f 6e 20 74 68 65 20 6f 75 74 67 6f 69 6e 67 20 69 6e 74 65 72	address.is.on.the.outgoing.inter
40b20	66 61 63 65 22 2c 20 72 61 74 68 65 72 20 74 68 61 6e 20 61 20 73 74 61 74 69 63 61 6c 6c 79 20	face",.rather.than.a.statically.
40b40	63 6f 6e 66 69 67 75 72 65 64 20 49 50 20 61 64 64 72 65 73 73 2e 20 54 68 69 73 20 69 73 20 75	configured.IP.address..This.is.u
40b60	73 65 66 75 6c 20 69 66 20 79 6f 75 20 75 73 65 20 44 48 43 50 20 66 6f 72 20 79 6f 75 72 20 6f	seful.if.you.use.DHCP.for.your.o
40b80	75 74 67 6f 69 6e 67 20 69 6e 74 65 72 66 61 63 65 20 61 6e 64 20 64 6f 20 6e 6f 74 20 6b 6e 6f	utgoing.interface.and.do.not.kno
40ba0	77 20 77 68 61 74 20 74 68 65 20 65 78 74 65 72 6e 61 6c 20 61 64 64 72 65 73 73 20 77 69 6c 6c	w.what.the.external.address.will
40bc0	20 62 65 2e 00 49 6e 20 74 68 69 73 20 65 78 61 6d 70 6c 65 2c 20 77 65 20 77 69 6c 6c 20 62 65	.be..In.this.example,.we.will.be
40be0	20 75 73 69 6e 67 20 74 68 65 20 65 78 61 6d 70 6c 65 20 51 75 69 63 6b 20 53 74 61 72 74 20 63	.using.the.example.Quick.Start.c
40c00	6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 62 6f 76 65 20 61 73 20 61 20 73 74 61 72 74 69 6e 67	onfiguration.above.as.a.starting
40c20	20 70 6f 69 6e 74 2e 00 49 6e 20 74 68 69 73 20 6d 65 74 68 6f 64 2c 20 74 68 65 20 44 53 4c 20	.point..In.this.method,.the.DSL.
40c40	4d 6f 64 65 6d 2f 52 6f 75 74 65 72 20 63 6f 6e 6e 65 63 74 73 20 74 6f 20 74 68 65 20 49 53 50	Modem/Router.connects.to.the.ISP
40c60	20 66 6f 72 20 79 6f 75 20 77 69 74 68 20 79 6f 75 72 20 63 72 65 64 65 6e 74 69 61 6c 73 20 70	.for.you.with.your.credentials.p
40c80	72 65 70 72 6f 67 72 61 6d 6d 65 64 20 69 6e 74 6f 20 74 68 65 20 64 65 76 69 63 65 2e 20 54 68	reprogrammed.into.the.device..Th
40ca0	69 73 20 67 69 76 65 73 20 79 6f 75 20 61 6e 20 3a 72 66 63 3a 60 31 39 31 38 60 20 61 64 64 72	is.gives.you.an.:rfc:`1918`.addr
40cc0	65 73 73 2c 20 73 75 63 68 20 61 73 20 60 60 31 39 32 2e 31 36 38 2e 31 2e 30 2f 32 34 60 60 20	ess,.such.as.``192.168.1.0/24``.
40ce0	62 79 20 64 65 66 61 75 6c 74 2e 00 49 6e 20 74 68 69 73 20 73 63 65 6e 61 72 69 6f 3a 00 49 6e	by.default..In.this.scenario:.In
40d00	20 74 72 61 6e 73 70 61 72 65 6e 74 20 70 72 6f 78 79 20 6d 6f 64 65 2c 20 61 6c 6c 20 74 72 61	.transparent.proxy.mode,.all.tra
40d20	66 66 69 63 20 61 72 72 69 76 69 6e 67 20 6f 6e 20 70 6f 72 74 20 38 30 20 61 6e 64 20 64 65 73	ffic.arriving.on.port.80.and.des
40d40	74 69 6e 65 64 20 66 6f 72 20 74 68 65 20 49 6e 74 65 72 6e 65 74 20 69 73 20 61 75 74 6f 6d 61	tined.for.the.Internet.is.automa
40d60	74 69 63 61 6c 6c 79 20 66 6f 72 77 61 72 64 65 64 20 74 68 72 6f 75 67 68 20 74 68 65 20 70 72	tically.forwarded.through.the.pr
40d80	6f 78 79 2e 20 54 68 69 73 20 61 6c 6c 6f 77 73 20 69 6d 6d 65 64 69 61 74 65 20 70 72 6f 78 79	oxy..This.allows.immediate.proxy
40da0	20 66 6f 72 77 61 72 64 69 6e 67 20 77 69 74 68 6f 75 74 20 63 6f 6e 66 69 67 75 72 69 6e 67 20	.forwarding.without.configuring.
40dc0	63 6c 69 65 6e 74 20 62 72 6f 77 73 65 72 73 2e 00 49 6e 20 74 79 70 69 63 61 6c 20 75 73 65 73	client.browsers..In.typical.uses
40de0	20 6f 66 20 53 4e 4d 50 2c 20 6f 6e 65 20 6f 72 20 6d 6f 72 65 20 61 64 6d 69 6e 69 73 74 72 61	.of.SNMP,.one.or.more.administra
40e00	74 69 76 65 20 63 6f 6d 70 75 74 65 72 73 20 63 61 6c 6c 65 64 20 6d 61 6e 61 67 65 72 73 20 68	tive.computers.called.managers.h
40e20	61 76 65 20 74 68 65 20 74 61 73 6b 20 6f 66 20 6d 6f 6e 69 74 6f 72 69 6e 67 20 6f 72 20 6d 61	ave.the.task.of.monitoring.or.ma
40e40	6e 61 67 69 6e 67 20 61 20 67 72 6f 75 70 20 6f 66 20 68 6f 73 74 73 20 6f 72 20 64 65 76 69 63	naging.a.group.of.hosts.or.devic
40e60	65 73 20 6f 6e 20 61 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 2e 20 45 61 63 68 20 6d	es.on.a.computer.network..Each.m
40e80	61 6e 61 67 65 64 20 73 79 73 74 65 6d 20 65 78 65 63 75 74 65 73 20 61 20 73 6f 66 74 77 61 72	anaged.system.executes.a.softwar
40ea0	65 20 63 6f 6d 70 6f 6e 65 6e 74 20 63 61 6c 6c 65 64 20 61 6e 20 61 67 65 6e 74 20 77 68 69 63	e.component.called.an.agent.whic
40ec0	68 20 72 65 70 6f 72 74 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 76 69 61 20 53 4e 4d 50 20 74	h.reports.information.via.SNMP.t
40ee0	6f 20 74 68 65 20 6d 61 6e 61 67 65 72 2e 00 49 6e 20 7a 6f 6e 65 2d 62 61 73 65 64 20 70 6f 6c	o.the.manager..In.zone-based.pol
40f00	69 63 79 2c 20 69 6e 74 65 72 66 61 63 65 73 20 61 72 65 20 61 73 73 69 67 6e 65 64 20 74 6f 20	icy,.interfaces.are.assigned.to.
40f20	7a 6f 6e 65 73 2c 20 61 6e 64 20 69 6e 73 70 65 63 74 69 6f 6e 20 70 6f 6c 69 63 79 20 69 73 20	zones,.and.inspection.policy.is.
40f40	61 70 70 6c 69 65 64 20 74 6f 20 74 72 61 66 66 69 63 20 6d 6f 76 69 6e 67 20 62 65 74 77 65 65	applied.to.traffic.moving.betwee
40f60	6e 20 74 68 65 20 7a 6f 6e 65 73 20 61 6e 64 20 61 63 74 65 64 20 6f 6e 20 61 63 63 6f 72 64 69	n.the.zones.and.acted.on.accordi
40f80	6e 67 20 74 6f 20 66 69 72 65 77 61 6c 6c 20 72 75 6c 65 73 2e 20 41 20 5a 6f 6e 65 20 69 73 20	ng.to.firewall.rules..A.Zone.is.
40fa0	61 20 67 72 6f 75 70 20 6f 66 20 69 6e 74 65 72 66 61 63 65 73 20 74 68 61 74 20 68 61 76 65 20	a.group.of.interfaces.that.have.
40fc0	73 69 6d 69 6c 61 72 20 66 75 6e 63 74 69 6f 6e 73 20 6f 72 20 66 65 61 74 75 72 65 73 2e 20 49	similar.functions.or.features..I
40fe0	74 20 65 73 74 61 62 6c 69 73 68 65 73 20 74 68 65 20 73 65 63 75 72 69 74 79 20 62 6f 72 64 65	t.establishes.the.security.borde
41000	72 73 20 6f 66 20 61 20 6e 65 74 77 6f 72 6b 2e 20 41 20 7a 6f 6e 65 20 64 65 66 69 6e 65 73 20	rs.of.a.network..A.zone.defines.
41020	61 20 62 6f 75 6e 64 61 72 79 20 77 68 65 72 65 20 74 72 61 66 66 69 63 20 69 73 20 73 75 62 6a	a.boundary.where.traffic.is.subj
41040	65 63 74 65 64 20 74 6f 20 70 6f 6c 69 63 79 20 72 65 73 74 72 69 63 74 69 6f 6e 73 20 61 73 20	ected.to.policy.restrictions.as.
41060	69 74 20 63 72 6f 73 73 65 73 20 74 6f 20 61 6e 6f 74 68 65 72 20 72 65 67 69 6f 6e 20 6f 66 20	it.crosses.to.another.region.of.
41080	61 20 6e 65 74 77 6f 72 6b 2e 00 49 6e 20 7a 6f 6e 65 2d 62 61 73 65 64 20 70 6f 6c 69 63 79 2c	a.network..In.zone-based.policy,
410a0	20 69 6e 74 65 72 66 61 63 65 73 20 61 72 65 20 61 73 73 69 67 6e 65 64 20 74 6f 20 7a 6f 6e 65	.interfaces.are.assigned.to.zone
410c0	73 2c 20 61 6e 64 20 69 6e 73 70 65 63 74 69 6f 6e 20 70 6f 6c 69 63 79 20 69 73 20 61 70 70 6c	s,.and.inspection.policy.is.appl
410e0	69 65 64 20 74 6f 20 74 72 61 66 66 69 63 20 6d 6f 76 69 6e 67 20 62 65 74 77 65 65 6e 20 74 68	ied.to.traffic.moving.between.th
41100	65 20 7a 6f 6e 65 73 20 61 6e 64 20 61 63 74 65 64 20 6f 6e 20 61 63 63 6f 72 64 69 6e 67 20 74	e.zones.and.acted.on.according.t
41120	6f 20 66 69 72 65 77 61 6c 6c 20 72 75 6c 65 73 2e 20 41 20 7a 6f 6e 65 20 69 73 20 61 20 67 72	o.firewall.rules..A.zone.is.a.gr
41140	6f 75 70 20 6f 66 20 69 6e 74 65 72 66 61 63 65 73 20 74 68 61 74 20 68 61 76 65 20 73 69 6d 69	oup.of.interfaces.that.have.simi
41160	6c 61 72 20 66 75 6e 63 74 69 6f 6e 73 20 6f 72 20 66 65 61 74 75 72 65 73 2e 20 49 74 20 65 73	lar.functions.or.features..It.es
41180	74 61 62 6c 69 73 68 65 73 20 74 68 65 20 73 65 63 75 72 69 74 79 20 62 6f 72 64 65 72 73 20 6f	tablishes.the.security.borders.o
411a0	66 20 61 20 6e 65 74 77 6f 72 6b 2e 20 41 20 7a 6f 6e 65 20 64 65 66 69 6e 65 73 20 61 20 62 6f	f.a.network..A.zone.defines.a.bo
411c0	75 6e 64 61 72 79 20 77 68 65 72 65 20 74 72 61 66 66 69 63 20 69 73 20 73 75 62 6a 65 63 74 65	undary.where.traffic.is.subjecte
411e0	64 20 74 6f 20 70 6f 6c 69 63 79 20 72 65 73 74 72 69 63 74 69 6f 6e 73 20 61 73 20 69 74 20 63	d.to.policy.restrictions.as.it.c
41200	72 6f 73 73 65 73 20 74 6f 20 61 6e 6f 74 68 65 72 20 72 65 67 69 6f 6e 20 6f 66 20 61 20 6e 65	rosses.to.another.region.of.a.ne
41220	74 77 6f 72 6b 2e 00 49 6e 62 6f 75 6e 64 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 74 6f 20 61 20	twork..Inbound.connections.to.a.
41240	57 41 4e 20 69 6e 74 65 72 66 61 63 65 20 63 61 6e 20 62 65 20 69 6d 70 72 6f 70 65 72 6c 79 20	WAN.interface.can.be.improperly.
41260	68 61 6e 64 6c 65 64 20 77 68 65 6e 20 74 68 65 20 72 65 70 6c 79 20 69 73 20 73 65 6e 74 20 62	handled.when.the.reply.is.sent.b
41280	61 63 6b 20 74 6f 20 74 68 65 20 63 6c 69 65 6e 74 2e 00 49 6e 63 6f 6d 69 6e 67 20 74 72 61 66	ack.to.the.client..Incoming.traf
412a0	66 69 63 20 69 73 20 72 65 63 65 69 76 65 64 20 62 79 20 74 68 65 20 63 75 72 72 65 6e 74 20 73	fic.is.received.by.the.current.s
412c0	6c 61 76 65 2e 20 49 66 20 74 68 65 20 72 65 63 65 69 76 69 6e 67 20 73 6c 61 76 65 20 66 61 69	lave..If.the.receiving.slave.fai
412e0	6c 73 2c 20 61 6e 6f 74 68 65 72 20 73 6c 61 76 65 20 74 61 6b 65 73 20 6f 76 65 72 20 74 68 65	ls,.another.slave.takes.over.the
41300	20 4d 41 43 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 66 61 69 6c 65 64 20 72 65 63 65 69	.MAC.address.of.the.failed.recei
41320	76 69 6e 67 20 73 6c 61 76 65 2e 00 49 6e 63 72 65 61 73 65 20 4d 61 78 69 6d 75 6d 20 4d 50 44	ving.slave..Increase.Maximum.MPD
41340	55 20 6c 65 6e 67 74 68 20 74 6f 20 37 39 39 31 20 6f 72 20 31 31 34 35 34 20 6f 63 74 65 74 73	U.length.to.7991.or.11454.octets
41360	20 28 64 65 66 61 75 6c 74 20 33 38 39 35 20 6f 63 74 65 74 73 29 00 49 6e 64 69 63 61 74 69 6f	.(default.3895.octets).Indicatio
41380	6e 00 49 6e 64 69 76 69 64 75 61 6c 20 43 6c 69 65 6e 74 20 53 75 62 6e 65 74 00 49 6e 66 6f 72	n.Individual.Client.Subnet.Infor
413a0	6d 20 63 6c 69 65 6e 74 20 74 68 61 74 20 74 68 65 20 44 4e 53 20 73 65 72 76 65 72 20 63 61 6e	m.client.that.the.DNS.server.can
413c0	20 62 65 20 66 6f 75 6e 64 20 61 74 20 60 3c 61 64 64 72 65 73 73 3e 60 2e 00 49 6e 66 6f 72 6d	.be.found.at.`<address>`..Inform
413e0	61 74 69 6f 6e 20 67 61 74 68 65 72 65 64 20 77 69 74 68 20 4c 4c 44 50 20 69 73 20 73 74 6f 72	ation.gathered.with.LLDP.is.stor
41400	65 64 20 69 6e 20 74 68 65 20 64 65 76 69 63 65 20 61 73 20 61 20 3a 61 62 62 72 3a 60 4d 49 42	ed.in.the.device.as.a.:abbr:`MIB
41420	20 28 4d 61 6e 61 67 65 6d 65 6e 74 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 20 44 61 74 61 62 61 73	.(Management.Information.Databas
41440	65 29 60 20 61 6e 64 20 63 61 6e 20 62 65 20 71 75 65 72 69 65 64 20 77 69 74 68 20 3a 61 62 62	e)`.and.can.be.queried.with.:abb
41460	72 3a 60 53 4e 4d 50 20 28 53 69 6d 70 6c 65 20 4e 65 74 77 6f 72 6b 20 4d 61 6e 61 67 65 6d 65	r:`SNMP.(Simple.Network.Manageme
41480	6e 74 20 50 72 6f 74 6f 63 6f 6c 29 60 20 61 73 20 73 70 65 63 69 66 69 65 64 20 69 6e 20 3a 72	nt.Protocol)`.as.specified.in.:r
414a0	66 63 3a 60 32 39 32 32 60 2e 20 54 68 65 20 74 6f 70 6f 6c 6f 67 79 20 6f 66 20 61 6e 20 4c 4c	fc:`2922`..The.topology.of.an.LL
414c0	44 50 2d 65 6e 61 62 6c 65 64 20 6e 65 74 77 6f 72 6b 20 63 61 6e 20 62 65 20 64 69 73 63 6f 76	DP-enabled.network.can.be.discov
414e0	65 72 65 64 20 62 79 20 63 72 61 77 6c 69 6e 67 20 74 68 65 20 68 6f 73 74 73 20 61 6e 64 20 71	ered.by.crawling.the.hosts.and.q
41500	75 65 72 79 69 6e 67 20 74 68 69 73 20 64 61 74 61 62 61 73 65 2e 20 49 6e 66 6f 72 6d 61 74 69	uerying.this.database..Informati
41520	6f 6e 20 74 68 61 74 20 6d 61 79 20 62 65 20 72 65 74 72 69 65 76 65 64 20 69 6e 63 6c 75 64 65	on.that.may.be.retrieved.include
41540	3a 00 49 6e 66 6f 72 6d 61 74 69 6f 6e 61 6c 00 49 6e 66 6f 72 6d 61 74 69 6f 6e 61 6c 20 6d 65	:.Informational.Informational.me
41560	73 73 61 67 65 73 00 49 6e 70 75 74 20 66 72 6f 6d 20 60 65 74 68 30 60 20 6e 65 74 77 6f 72 6b	ssages.Input.from.`eth0`.network
41580	20 69 6e 74 65 72 66 61 63 65 00 49 6e 73 74 61 6c 6c 20 74 68 65 20 63 6c 69 65 6e 74 20 73 6f	.interface.Install.the.client.so
415a0	66 74 77 61 72 65 20 76 69 61 20 61 70 74 20 61 6e 64 20 65 78 65 63 75 74 65 20 70 70 74 70 73	ftware.via.apt.and.execute.pptps
415c0	65 74 75 70 20 74 6f 20 67 65 6e 65 72 61 74 65 20 74 68 65 20 63 6f 6e 66 69 67 75 72 61 74 69	etup.to.generate.the.configurati
415e0	6f 6e 2e 00 49 6e 73 74 65 61 64 20 6f 66 20 61 20 6e 75 6d 65 72 69 63 61 6c 20 4d 53 53 20 76	on..Instead.of.a.numerical.MSS.v
41600	61 6c 75 65 20 60 63 6c 61 6d 70 2d 6d 73 73 2d 74 6f 2d 70 6d 74 75 60 20 63 61 6e 20 62 65 20	alue.`clamp-mss-to-pmtu`.can.be.
41620	75 73 65 64 20 74 6f 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 73 65 74 20 74 68 65 20 70 72	used.to.automatically.set.the.pr
41640	6f 70 65 72 20 76 61 6c 75 65 2e 00 49 6e 73 74 65 61 64 20 6f 66 20 70 61 73 73 77 6f 72 64 20	oper.value..Instead.of.password.
41660	6f 6e 6c 79 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 2c 20 32 46 41 20 70 61 73 73 77 6f 72	only.authentication,.2FA.passwor
41680	64 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 2b 20 4f 54 50 20 6b 65 79 20 63 61 6e 20 62	d.authentication.+.OTP.key.can.b
416a0	65 20 75 73 65 64 2e 20 41 6c 74 65 72 6e 61 74 69 76 65 6c 79 2c 20 4f 54 50 20 61 75 74 68 65	e.used..Alternatively,.OTP.authe
416c0	6e 74 69 63 61 74 69 6f 6e 20 6f 6e 6c 79 2c 20 77 69 74 68 6f 75 74 20 61 20 70 61 73 73 77 6f	ntication.only,.without.a.passwo
416e0	72 64 2c 20 63 61 6e 20 62 65 20 75 73 65 64 2e 20 54 6f 20 64 6f 20 74 68 69 73 2c 20 61 6e 20	rd,.can.be.used..To.do.this,.an.
41700	4f 54 50 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6d 75 73 74 20 62 65 20 61 64 64 65 64 20	OTP.configuration.must.be.added.
41720	74 6f 20 74 68 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 62 6f 76 65 3a 00 49 6e 73 74	to.the.configuration.above:.Inst
41740	65 61 64 20 6f 66 20 73 65 6e 64 69 6e 67 20 74 68 65 20 72 65 61 6c 20 73 79 73 74 65 6d 20 68	ead.of.sending.the.real.system.h
41760	6f 73 74 6e 61 6d 65 20 74 6f 20 74 68 65 20 44 48 43 50 20 73 65 72 76 65 72 2c 20 6f 76 65 72	ostname.to.the.DHCP.server,.over
41780	77 72 69 74 65 20 74 68 65 20 68 6f 73 74 2d 6e 61 6d 65 20 77 69 74 68 20 74 68 69 73 20 67 69	write.the.host-name.with.this.gi
417a0	76 65 6e 2d 76 61 6c 75 65 2e 00 49 6e 74 65 67 72 69 74 79 20 e2 80 93 20 4d 65 73 73 61 67 65	ven-value..Integrity.....Message
417c0	20 69 6e 74 65 67 72 69 74 79 20 74 6f 20 65 6e 73 75 72 65 20 74 68 61 74 20 61 20 70 61 63 6b	.integrity.to.ensure.that.a.pack
417e0	65 74 20 68 61 73 20 6e 6f 74 20 62 65 65 6e 20 74 61 6d 70 65 72 65 64 20 77 68 69 6c 65 20 69	et.has.not.been.tampered.while.i
41800	6e 20 74 72 61 6e 73 69 74 20 69 6e 63 6c 75 64 69 6e 67 20 61 6e 20 6f 70 74 69 6f 6e 61 6c 20	n.transit.including.an.optional.
41820	70 61 63 6b 65 74 20 72 65 70 6c 61 79 20 70 72 6f 74 65 63 74 69 6f 6e 20 6d 65 63 68 61 6e 69	packet.replay.protection.mechani
41840	73 6d 2e 00 49 6e 74 65 6c 20 41 58 32 30 30 00 49 6e 74 65 6c c2 ae 20 51 41 54 00 49 6e 74 65	sm..Intel.AX200.Intel...QAT.Inte
41860	72 63 6f 6e 6e 65 63 74 20 74 68 65 20 67 6c 6f 62 61 6c 20 56 52 46 20 77 69 74 68 20 76 72 66	rconnect.the.global.VRF.with.vrf
41880	20 22 72 65 64 22 20 75 73 69 6e 67 20 74 68 65 20 76 65 74 68 31 30 20 3c 2d 3e 20 76 65 74 68	."red".using.the.veth10.<->.veth
418a0	20 31 31 20 70 61 69 72 00 49 6e 74 65 72 66 61 63 65 20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e	.11.pair.Interface.Configuration
418c0	00 49 6e 74 65 72 66 61 63 65 20 47 72 6f 75 70 73 00 49 6e 74 65 72 66 61 63 65 20 52 6f 75 74	.Interface.Groups.Interface.Rout
418e0	65 73 00 49 6e 74 65 72 66 61 63 65 20 60 65 74 68 31 60 20 4c 41 4e 20 69 73 20 62 65 68 69 6e	es.Interface.`eth1`.LAN.is.behin
41900	64 20 4e 41 54 2e 20 49 6e 20 6f 72 64 65 72 20 74 6f 20 73 75 62 73 63 72 69 62 65 20 60 31 30	d.NAT..In.order.to.subscribe.`10
41920	2e 30 2e 30 2e 30 2f 32 33 60 20 73 75 62 6e 65 74 20 6d 75 6c 74 69 63 61 73 74 20 77 68 69 63	.0.0.0/23`.subnet.multicast.whic
41940	68 20 69 73 20 69 6e 20 60 65 74 68 30 60 20 57 41 4e 20 77 65 20 6e 65 65 64 20 74 6f 20 63 6f	h.is.in.`eth0`.WAN.we.need.to.co
41960	6e 66 69 67 75 72 65 20 69 67 6d 70 2d 70 72 6f 78 79 2e 00 49 6e 74 65 72 66 61 63 65 20 63 6f	nfigure.igmp-proxy..Interface.co
41980	6e 66 69 67 75 72 61 74 69 6f 6e 00 49 6e 74 65 72 66 61 63 65 20 66 6f 72 20 44 48 43 50 20 52	nfiguration.Interface.for.DHCP.R
419a0	65 6c 61 79 20 41 67 65 6e 74 20 74 6f 20 66 6f 72 77 61 72 64 20 72 65 71 75 65 73 74 73 20 6f	elay.Agent.to.forward.requests.o
419c0	75 74 2e 00 49 6e 74 65 72 66 61 63 65 20 66 6f 72 20 44 48 43 50 20 52 65 6c 61 79 20 41 67 65	ut..Interface.for.DHCP.Relay.Age
419e0	6e 74 20 74 6f 20 6c 69 73 74 65 6e 20 66 6f 72 20 72 65 71 75 65 73 74 73 2e 00 49 6e 74 65 72	nt.to.listen.for.requests..Inter
41a00	66 61 63 65 20 74 6f 20 75 73 65 20 66 6f 72 20 73 79 6e 63 69 6e 67 20 63 6f 6e 6e 74 72 61 63	face.to.use.for.syncing.conntrac
41a20	6b 20 65 6e 74 72 69 65 73 2e 00 49 6e 74 65 72 66 61 63 65 20 75 73 65 64 20 66 6f 72 20 56 58	k.entries..Interface.used.for.VX
41a40	4c 41 4e 20 75 6e 64 65 72 6c 61 79 2e 20 54 68 69 73 20 69 73 20 6d 61 6e 64 61 74 6f 72 79 20	LAN.underlay..This.is.mandatory.
41a60	77 68 65 6e 20 75 73 69 6e 67 20 56 58 4c 41 4e 20 76 69 61 20 61 20 6d 75 6c 74 69 63 61 73 74	when.using.VXLAN.via.a.multicast
41a80	20 6e 65 74 77 6f 72 6b 2e 20 56 58 4c 41 4e 20 74 72 61 66 66 69 63 20 77 69 6c 6c 20 61 6c 77	.network..VXLAN.traffic.will.alw
41aa0	61 79 73 20 65 6e 74 65 72 20 61 6e 64 20 65 78 69 74 20 74 68 69 73 20 69 6e 74 65 72 66 61 63	ays.enter.and.exit.this.interfac
41ac0	65 2e 00 49 6e 74 65 72 66 61 63 65 20 77 65 69 67 68 74 00 49 6e 74 65 72 66 61 63 65 73 00 49	e..Interface.weight.Interfaces.I
41ae0	6e 74 65 72 66 61 63 65 73 20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 00 49 6e 74 65 72 66 61 63	nterfaces.Configuration.Interfac
41b00	65 73 20 74 68 61 74 20 70 61 72 74 69 63 69 70 61 74 65 20 69 6e 20 74 68 65 20 44 48 43 50 20	es.that.participate.in.the.DHCP.
41b20	72 65 6c 61 79 20 70 72 6f 63 65 73 73 2e 20 49 66 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 69	relay.process..If.this.command.i
41b40	73 20 75 73 65 64 2c 20 61 74 20 6c 65 61 73 74 20 74 77 6f 20 65 6e 74 72 69 65 73 20 6f 66 20	s.used,.at.least.two.entries.of.
41b60	69 74 20 61 72 65 20 72 65 71 75 69 72 65 64 3a 20 6f 6e 65 20 66 6f 72 20 74 68 65 20 69 6e 74	it.are.required:.one.for.the.int
41b80	65 72 66 61 63 65 20 74 68 61 74 20 63 61 70 74 75 72 65 73 20 74 68 65 20 64 68 63 70 2d 72 65	erface.that.captures.the.dhcp-re
41ba0	71 75 65 73 74 73 2c 20 61 6e 64 20 6f 6e 65 20 66 6f 72 20 74 68 65 20 69 6e 74 65 72 66 61 63	quests,.and.one.for.the.interfac
41bc0	65 20 74 6f 20 66 6f 72 77 61 72 64 20 73 75 63 68 20 72 65 71 75 65 73 74 73 2e 20 41 20 77 61	e.to.forward.such.requests..A.wa
41be0	72 6e 69 6e 67 20 6d 65 73 73 61 67 65 20 77 69 6c 6c 20 62 65 20 73 68 6f 77 6e 20 69 66 20 74	rning.message.will.be.shown.if.t
41c00	68 69 73 20 63 6f 6d 6d 61 6e 64 20 69 73 20 75 73 65 64 2c 20 73 69 6e 63 65 20 6e 65 77 20 69	his.command.is.used,.since.new.i
41c20	6d 70 6c 65 6d 65 6e 74 61 74 69 6f 6e 73 20 73 68 6f 75 6c 64 20 75 73 65 20 60 60 6c 69 73 74	mplementations.should.use.``list
41c40	65 6e 2d 69 6e 74 65 72 66 61 63 65 60 60 20 61 6e 64 20 60 60 75 70 73 74 72 65 61 6d 2d 69 6e	en-interface``.and.``upstream-in
41c60	74 65 72 66 61 63 65 60 60 2e 00 49 6e 74 65 72 66 61 63 65 73 20 77 68 6f 73 65 20 44 48 43 50	terface``..Interfaces.whose.DHCP
41c80	20 63 6c 69 65 6e 74 20 6e 61 6d 65 73 65 72 76 65 72 73 20 74 6f 20 66 6f 72 77 61 72 64 20 72	.client.nameservers.to.forward.r
41ca0	65 71 75 65 73 74 73 20 74 6f 2e 00 49 6e 74 65 72 66 61 63 65 73 2c 20 74 68 65 69 72 20 77 65	equests.to..Interfaces,.their.we
41cc0	69 67 68 74 20 61 6e 64 20 74 68 65 20 74 79 70 65 20 6f 66 20 74 72 61 66 66 69 63 20 74 6f 20	ight.and.the.type.of.traffic.to.
41ce0	62 65 20 62 61 6c 61 6e 63 65 64 20 61 72 65 20 64 65 66 69 6e 65 64 20 69 6e 20 6e 75 6d 62 65	be.balanced.are.defined.in.numbe
41d00	72 65 64 20 62 61 6c 61 6e 63 69 6e 67 20 72 75 6c 65 20 73 65 74 73 2e 20 54 68 65 20 72 75 6c	red.balancing.rule.sets..The.rul
41d20	65 20 73 65 74 73 20 61 72 65 20 65 78 65 63 75 74 65 64 20 69 6e 20 6e 75 6d 65 72 69 63 61 6c	e.sets.are.executed.in.numerical
41d40	20 6f 72 64 65 72 20 61 67 61 69 6e 73 74 20 6f 75 74 67 6f 69 6e 67 20 70 61 63 6b 65 74 73 2e	.order.against.outgoing.packets.
41d60	20 49 6e 20 63 61 73 65 20 6f 66 20 61 20 6d 61 74 63 68 20 74 68 65 20 70 61 63 6b 65 74 20 69	.In.case.of.a.match.the.packet.i
41d80	73 20 73 65 6e 74 20 74 68 72 6f 75 67 68 20 61 6e 20 69 6e 74 65 72 66 61 63 65 20 73 70 65 63	s.sent.through.an.interface.spec
41da0	69 66 69 65 64 20 69 6e 20 74 68 65 20 6d 61 74 63 68 69 6e 67 20 72 75 6c 65 2e 20 49 66 20 61	ified.in.the.matching.rule..If.a
41dc0	20 70 61 63 6b 65 74 20 64 6f 65 73 6e 27 74 20 6d 61 74 63 68 20 61 6e 79 20 72 75 6c 65 20 69	.packet.doesn't.match.any.rule.i
41de0	74 20 69 73 20 73 65 6e 74 20 62 79 20 75 73 69 6e 67 20 74 68 65 20 73 79 73 74 65 6d 20 72 6f	t.is.sent.by.using.the.system.ro
41e00	75 74 69 6e 67 20 74 61 62 6c 65 2e 20 52 75 6c 65 20 6e 75 6d 62 65 72 73 20 63 61 6e 27 74 20	uting.table..Rule.numbers.can't.
41e20	62 65 20 63 68 61 6e 67 65 64 2e 00 49 6e 74 65 72 6e 61 6c 6c 79 2c 20 69 6e 20 66 6c 6f 77 2d	be.changed..Internally,.in.flow-
41e40	61 63 63 6f 75 6e 74 69 6e 67 20 70 72 6f 63 65 73 73 65 73 20 65 78 69 73 74 20 61 20 62 75 66	accounting.processes.exist.a.buf
41e60	66 65 72 20 66 6f 72 20 64 61 74 61 20 65 78 63 68 61 6e 67 69 6e 67 20 62 65 74 77 65 65 6e 20	fer.for.data.exchanging.between.
41e80	63 6f 72 65 20 70 72 6f 63 65 73 73 20 61 6e 64 20 70 6c 75 67 69 6e 73 20 28 65 61 63 68 20 65	core.process.and.plugins.(each.e
41ea0	78 70 6f 72 74 20 74 61 72 67 65 74 20 69 73 20 61 20 73 65 70 61 72 61 74 65 64 20 70 6c 75 67	xport.target.is.a.separated.plug
41ec0	69 6e 29 2e 20 49 66 20 79 6f 75 20 68 61 76 65 20 68 69 67 68 20 74 72 61 66 66 69 63 20 6c 65	in)..If.you.have.high.traffic.le
41ee0	76 65 6c 73 20 6f 72 20 6e 6f 74 65 64 20 73 6f 6d 65 20 70 72 6f 62 6c 65 6d 73 20 77 69 74 68	vels.or.noted.some.problems.with
41f00	20 6d 69 73 73 65 64 20 72 65 63 6f 72 64 73 20 6f 72 20 73 74 6f 70 70 69 6e 67 20 65 78 70 6f	.missed.records.or.stopping.expo
41f20	72 74 69 6e 67 2c 20 79 6f 75 20 6d 61 79 20 74 72 79 20 74 6f 20 69 6e 63 72 65 61 73 65 20 61	rting,.you.may.try.to.increase.a
41f40	20 64 65 66 61 75 6c 74 20 62 75 66 66 65 72 20 73 69 7a 65 20 28 31 30 20 4d 69 42 29 20 77 69	.default.buffer.size.(10.MiB).wi
41f60	74 68 20 74 68 65 20 6e 65 78 74 20 63 6f 6d 6d 61 6e 64 3a 00 49 6e 74 65 72 6e 65 74 77 6f 72	th.the.next.command:.Internetwor
41f80	6b 20 43 6f 6e 74 72 6f 6c 00 49 6e 74 65 72 76 61 6c 00 49 6e 74 65 72 76 61 6c 20 69 6e 20 6d	k.Control.Interval.Interval.in.m
41fa0	69 6c 6c 69 73 65 63 6f 6e 64 73 00 49 6e 74 65 72 76 61 6c 20 69 6e 20 6d 69 6e 75 74 65 73 20	illiseconds.Interval.in.minutes.
41fc0	62 65 74 77 65 65 6e 20 75 70 64 61 74 65 73 20 28 64 65 66 61 75 6c 74 3a 20 36 30 29 00 49 6e	between.updates.(default:.60).In
41fe0	74 72 6f 64 75 63 69 6e 67 20 72 6f 75 74 65 20 72 65 66 6c 65 63 74 6f 72 73 20 72 65 6d 6f 76	troducing.route.reflectors.remov
42000	65 73 20 74 68 65 20 6e 65 65 64 20 66 6f 72 20 74 68 65 20 66 75 6c 6c 2d 6d 65 73 68 2e 20 57	es.the.need.for.the.full-mesh..W
42020	68 65 6e 20 79 6f 75 20 63 6f 6e 66 69 67 75 72 65 20 61 20 72 6f 75 74 65 20 72 65 66 6c 65 63	hen.you.configure.a.route.reflec
42040	74 6f 72 20 79 6f 75 20 68 61 76 65 20 74 6f 20 74 65 6c 6c 20 74 68 65 20 72 6f 75 74 65 72 20	tor.you.have.to.tell.the.router.
42060	77 68 65 74 68 65 72 20 74 68 65 20 6f 74 68 65 72 20 49 42 47 50 20 72 6f 75 74 65 72 20 69 73	whether.the.other.IBGP.router.is
42080	20 61 20 63 6c 69 65 6e 74 20 6f 72 20 6e 6f 6e 2d 63 6c 69 65 6e 74 2e 20 41 20 63 6c 69 65 6e	.a.client.or.non-client..A.clien
420a0	74 20 69 73 20 61 6e 20 49 42 47 50 20 72 6f 75 74 65 72 20 74 68 61 74 20 74 68 65 20 72 6f 75	t.is.an.IBGP.router.that.the.rou
420c0	74 65 20 72 65 66 6c 65 63 74 6f 72 20 77 69 6c 6c 20 e2 80 9c 72 65 66 6c 65 63 74 e2 80 9d 20	te.reflector.will....reflect....
420e0	72 6f 75 74 65 73 20 74 6f 2c 20 74 68 65 20 6e 6f 6e 2d 63 6c 69 65 6e 74 20 69 73 20 6a 75 73	routes.to,.the.non-client.is.jus
42100	74 20 61 20 72 65 67 75 6c 61 72 20 49 42 47 50 20 6e 65 69 67 68 62 6f 72 2e 20 52 6f 75 74 65	t.a.regular.IBGP.neighbor..Route
42120	20 72 65 66 6c 65 63 74 6f 72 73 20 6d 65 63 68 61 6e 69 73 6d 20 69 73 20 64 65 73 63 72 69 62	.reflectors.mechanism.is.describ
42140	65 64 20 69 6e 20 3a 72 66 63 3a 60 34 34 35 36 60 20 61 6e 64 20 75 70 64 61 74 65 64 20 62 79	ed.in.:rfc:`4456`.and.updated.by
42160	20 3a 72 66 63 3a 60 37 36 30 36 60 2e 00 49 74 20 64 69 73 61 62 6c 65 73 20 74 72 61 6e 73 70	.:rfc:`7606`..It.disables.transp
42180	61 72 65 6e 74 20 68 75 67 65 20 70 61 67 65 73 2c 20 61 6e 64 20 61 75 74 6f 6d 61 74 69 63 20	arent.huge.pages,.and.automatic.
421a0	4e 55 4d 41 20 62 61 6c 61 6e 63 69 6e 67 2e 20 49 74 20 61 6c 73 6f 20 75 73 65 73 20 63 70 75	NUMA.balancing..It.also.uses.cpu
421c0	70 6f 77 65 72 20 74 6f 20 73 65 74 20 74 68 65 20 70 65 72 66 6f 72 6d 61 6e 63 65 20 63 70 75	power.to.set.the.performance.cpu
421e0	66 72 65 71 20 67 6f 76 65 72 6e 6f 72 2c 20 61 6e 64 20 72 65 71 75 65 73 74 73 20 61 20 63 70	freq.governor,.and.requests.a.cp
42200	75 5f 64 6d 61 5f 6c 61 74 65 6e 63 79 20 76 61 6c 75 65 20 6f 66 20 31 2e 20 49 74 20 61 6c 73	u_dma_latency.value.of.1..It.als
42220	6f 20 73 65 74 73 20 62 75 73 79 5f 72 65 61 64 20 61 6e 64 20 62 75 73 79 5f 70 6f 6c 6c 20 74	o.sets.busy_read.and.busy_poll.t
42240	69 6d 65 73 20 74 6f 20 35 30 20 75 73 2c 20 61 6e 64 20 74 63 70 5f 66 61 73 74 6f 70 65 6e 20	imes.to.50.us,.and.tcp_fastopen.
42260	74 6f 20 33 2e 00 49 74 20 65 6e 61 62 6c 65 73 20 74 72 61 6e 73 70 61 72 65 6e 74 20 68 75 67	to.3..It.enables.transparent.hug
42280	65 20 70 61 67 65 73 2c 20 61 6e 64 20 75 73 65 73 20 63 70 75 70 6f 77 65 72 20 74 6f 20 73 65	e.pages,.and.uses.cpupower.to.se
422a0	74 20 74 68 65 20 70 65 72 66 6f 72 6d 61 6e 63 65 20 63 70 75 66 72 65 71 20 67 6f 76 65 72 6e	t.the.performance.cpufreq.govern
422c0	6f 72 2e 20 49 74 20 61 6c 73 6f 20 73 65 74 73 20 60 60 6b 65 72 6e 65 6c 2e 73 63 68 65 64 5f	or..It.also.sets.``kernel.sched_
422e0	6d 69 6e 5f 67 72 61 6e 75 6c 61 72 69 74 79 5f 6e 73 60 60 20 74 6f 20 31 30 20 75 73 2c 20 60	min_granularity_ns``.to.10.us,.`
42300	60 6b 65 72 6e 65 6c 2e 73 63 68 65 64 5f 77 61 6b 65 75 70 5f 67 72 61 6e 75 6c 61 72 69 74 79	`kernel.sched_wakeup_granularity
42320	5f 6e 73 60 60 20 74 6f 20 31 35 20 75 73 73 2c 20 61 6e 64 20 60 60 76 6d 2e 64 69 72 74 79 5f	_ns``.to.15.uss,.and.``vm.dirty_
42340	72 61 74 69 6f 60 60 20 74 6f 20 34 30 25 2e 00 49 74 20 67 65 6e 65 72 61 74 65 73 20 74 68 65	ratio``.to.40%..It.generates.the
42360	20 6b 65 79 70 61 69 72 2c 20 77 68 69 63 68 20 69 6e 63 6c 75 64 65 73 20 74 68 65 20 70 75 62	.keypair,.which.includes.the.pub
42380	6c 69 63 20 61 6e 64 20 70 72 69 76 61 74 65 20 70 61 72 74 73 2e 20 54 68 65 20 6b 65 79 20 69	lic.and.private.parts..The.key.i
423a0	73 20 6e 6f 74 20 73 74 6f 72 65 64 20 6f 6e 20 74 68 65 20 73 79 73 74 65 6d 20 2d 20 6f 6e 6c	s.not.stored.on.the.system.-.onl
423c0	79 20 61 20 6b 65 79 70 61 69 72 20 69 73 20 67 65 6e 65 72 61 74 65 64 2e 00 49 74 20 68 65 6c	y.a.keypair.is.generated..It.hel
423e0	70 73 20 74 6f 20 73 75 70 70 6f 72 74 20 61 73 20 48 45 4c 50 45 52 20 6f 6e 6c 79 20 66 6f 72	ps.to.support.as.HELPER.only.for
42400	20 70 6c 61 6e 6e 65 64 20 72 65 73 74 61 72 74 73 2e 00 49 74 20 68 65 6c 70 73 20 74 6f 20 74	.planned.restarts..It.helps.to.t
42420	68 69 6e 6b 20 6f 66 20 74 68 65 20 73 79 6e 74 61 78 20 61 73 3a 20 28 73 65 65 20 62 65 6c 6f	hink.of.the.syntax.as:.(see.belo
42440	77 29 2e 20 54 68 65 20 27 72 75 6c 65 2d 73 65 74 27 20 73 68 6f 75 6c 64 20 62 65 20 77 72 69	w)..The.'rule-set'.should.be.wri
42460	74 74 65 6e 20 66 72 6f 6d 20 74 68 65 20 70 65 72 73 70 65 63 74 69 76 65 20 6f 66 3a 20 2a 53	tten.from.the.perspective.of:.*S
42480	6f 75 72 63 65 20 5a 6f 6e 65 2a 2d 74 6f 2d 3e 2a 44 65 73 74 69 6e 61 74 69 6f 6e 20 5a 6f 6e	ource.Zone*-to->*Destination.Zon
424a0	65 2a 00 49 74 20 69 73 20 63 6f 6d 70 61 74 69 62 6c 65 20 77 69 74 68 20 43 69 73 63 6f 20 28	e*.It.is.compatible.with.Cisco.(
424c0	52 29 20 41 6e 79 43 6f 6e 6e 65 63 74 20 28 52 29 20 63 6c 69 65 6e 74 73 2e 00 49 74 20 69 73	R).AnyConnect.(R).clients..It.is
424e0	20 63 6f 6e 6e 65 63 74 65 64 20 74 6f 20 60 60 65 74 68 31 60 60 00 49 74 20 69 73 20 68 69 67	.connected.to.``eth1``.It.is.hig
42500	68 6c 79 20 72 65 63 6f 6d 6d 65 6e 64 65 64 20 74 6f 20 75 73 65 20 53 53 48 20 6b 65 79 20 61	hly.recommended.to.use.SSH.key.a
42520	75 74 68 65 6e 74 69 63 61 74 69 6f 6e 2e 20 42 79 20 64 65 66 61 75 6c 74 20 74 68 65 72 65 20	uthentication..By.default.there.
42540	69 73 20 6f 6e 6c 79 20 6f 6e 65 20 75 73 65 72 20 28 60 60 76 79 6f 73 60 60 29 2c 20 61 6e 64	is.only.one.user.(``vyos``),.and
42560	20 79 6f 75 20 63 61 6e 20 61 73 73 69 67 6e 20 61 6e 79 20 6e 75 6d 62 65 72 20 6f 66 20 6b 65	.you.can.assign.any.number.of.ke
42580	79 73 20 74 6f 20 74 68 61 74 20 75 73 65 72 2e 20 59 6f 75 20 63 61 6e 20 67 65 6e 65 72 61 74	ys.to.that.user..You.can.generat
425a0	65 20 61 20 73 73 68 20 6b 65 79 20 77 69 74 68 20 74 68 65 20 60 60 73 73 68 2d 6b 65 79 67 65	e.a.ssh.key.with.the.``ssh-keyge
425c0	6e 60 60 20 63 6f 6d 6d 61 6e 64 20 6f 6e 20 79 6f 75 72 20 6c 6f 63 61 6c 20 6d 61 63 68 69 6e	n``.command.on.your.local.machin
425e0	65 2c 20 77 68 69 63 68 20 77 69 6c 6c 20 28 62 79 20 64 65 66 61 75 6c 74 29 20 73 61 76 65 20	e,.which.will.(by.default).save.
42600	69 74 20 61 73 20 60 60 7e 2f 2e 73 73 68 2f 69 64 5f 72 73 61 2e 70 75 62 60 60 2e 00 49 74 20	it.as.``~/.ssh/id_rsa.pub``..It.
42620	69 73 20 68 69 67 68 6c 79 20 72 65 63 6f 6d 6d 65 6e 64 65 64 20 74 6f 20 75 73 65 20 74 68 65	is.highly.recommended.to.use.the
42640	20 73 61 6d 65 20 61 64 64 72 65 73 73 20 66 6f 72 20 62 6f 74 68 20 74 68 65 20 4c 44 50 20 72	.same.address.for.both.the.LDP.r
42660	6f 75 74 65 72 2d 69 64 20 61 6e 64 20 74 68 65 20 64 69 73 63 6f 76 65 72 79 20 74 72 61 6e 73	outer-id.and.the.discovery.trans
42680	70 6f 72 74 20 61 64 64 72 65 73 73 2c 20 62 75 74 20 66 6f 72 20 56 79 4f 53 20 4d 50 4c 53 20	port.address,.but.for.VyOS.MPLS.
426a0	4c 44 50 20 74 6f 20 77 6f 72 6b 20 62 6f 74 68 20 70 61 72 61 6d 65 74 65 72 73 20 6d 75 73 74	LDP.to.work.both.parameters.must
426c0	20 62 65 20 65 78 70 6c 69 63 69 74 6c 79 20 73 65 74 20 69 6e 20 74 68 65 20 63 6f 6e 66 69 67	.be.explicitly.set.in.the.config
426e0	75 72 61 74 69 6f 6e 2e 00 49 74 20 69 73 20 69 6d 70 6f 72 74 61 6e 74 20 74 6f 20 6e 6f 74 65	uration..It.is.important.to.note
42700	20 74 68 61 74 20 77 68 65 6e 20 63 72 65 61 74 69 6e 67 20 66 69 72 65 77 61 6c 6c 20 72 75 6c	.that.when.creating.firewall.rul
42720	65 73 20 74 68 61 74 20 74 68 65 20 44 4e 41 54 20 74 72 61 6e 73 6c 61 74 69 6f 6e 20 6f 63 63	es.that.the.DNAT.translation.occ
42740	75 72 73 20 2a 2a 62 65 66 6f 72 65 2a 2a 20 74 72 61 66 66 69 63 20 74 72 61 76 65 72 73 65 73	urs.**before**.traffic.traverses
42760	20 74 68 65 20 66 69 72 65 77 61 6c 6c 2e 20 49 6e 20 6f 74 68 65 72 20 77 6f 72 64 73 2c 20 74	.the.firewall..In.other.words,.t
42780	68 65 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 61 64 64 72 65 73 73 20 68 61 73 20 61 6c 72 65 61	he.destination.address.has.alrea
427a0	64 79 20 62 65 65 6e 20 74 72 61 6e 73 6c 61 74 65 64 20 74 6f 20 31 39 32 2e 31 36 38 2e 30 2e	dy.been.translated.to.192.168.0.
427c0	31 30 30 2e 00 49 74 20 69 73 20 6e 6f 74 20 73 75 66 66 69 63 69 65 6e 74 20 74 6f 20 6f 6e 6c	100..It.is.not.sufficient.to.onl
427e0	79 20 63 6f 6e 66 69 67 75 72 65 20 61 20 4c 33 56 50 4e 20 56 52 46 73 20 62 75 74 20 4c 33 56	y.configure.a.L3VPN.VRFs.but.L3V
42800	50 4e 20 56 52 46 73 20 6d 75 73 74 20 62 65 20 6d 61 69 6e 74 61 69 6e 65 64 2c 20 74 6f 6f 2e	PN.VRFs.must.be.maintained,.too.
42820	46 6f 72 20 4c 33 56 50 4e 20 56 52 46 20 6d 61 69 6e 74 65 6e 61 6e 63 65 20 74 68 65 20 66 6f	For.L3VPN.VRF.maintenance.the.fo
42840	6c 6c 6f 77 69 6e 67 20 6f 70 65 72 61 74 69 6f 6e 61 6c 20 63 6f 6d 6d 61 6e 64 73 20 61 72 65	llowing.operational.commands.are
42860	20 69 6e 20 70 6c 61 63 65 2e 00 49 74 20 69 73 20 6e 6f 74 20 73 75 66 66 69 63 69 65 6e 74 20	.in.place..It.is.not.sufficient.
42880	74 6f 20 6f 6e 6c 79 20 63 6f 6e 66 69 67 75 72 65 20 61 20 56 52 46 20 62 75 74 20 56 52 46 73	to.only.configure.a.VRF.but.VRFs
428a0	20 6d 75 73 74 20 62 65 20 6d 61 69 6e 74 61 69 6e 65 64 2c 20 74 6f 6f 2e 20 46 6f 72 20 56 52	.must.be.maintained,.too..For.VR
428c0	46 20 6d 61 69 6e 74 65 6e 61 6e 63 65 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 6f 70 65 72	F.maintenance.the.following.oper
428e0	61 74 69 6f 6e 61 6c 20 63 6f 6d 6d 61 6e 64 73 20 61 72 65 20 69 6e 20 70 6c 61 63 65 2e 00 49	ational.commands.are.in.place..I
42900	74 20 69 73 20 6e 6f 74 20 76 61 6c 69 64 20 74 6f 20 75 73 65 20 74 68 65 20 60 76 69 66 20 31	t.is.not.valid.to.use.the.`vif.1
42920	60 20 6f 70 74 69 6f 6e 20 66 6f 72 20 56 4c 41 4e 20 61 77 61 72 65 20 62 72 69 64 67 65 73 20	`.option.for.VLAN.aware.bridges.
42940	62 65 63 61 75 73 65 20 56 4c 41 4e 20 61 77 61 72 65 20 62 72 69 64 67 65 73 20 61 73 73 75 6d	because.VLAN.aware.bridges.assum
42960	65 20 74 68 61 74 20 61 6c 6c 20 75 6e 6c 61 62 65 6c 65 64 20 70 61 63 6b 65 74 73 20 62 65 6c	e.that.all.unlabeled.packets.bel
42980	6f 6e 67 20 74 6f 20 74 68 65 20 64 65 66 61 75 6c 74 20 56 4c 41 4e 20 31 20 6d 65 6d 62 65 72	ong.to.the.default.VLAN.1.member
429a0	20 61 6e 64 20 74 68 61 74 20 74 68 65 20 56 4c 41 4e 20 49 44 20 6f 66 20 74 68 65 20 62 72 69	.and.that.the.VLAN.ID.of.the.bri
429c0	64 67 65 27 73 20 70 61 72 65 6e 74 20 69 6e 74 65 72 66 61 63 65 20 69 73 20 61 6c 77 61 79 73	dge's.parent.interface.is.always
429e0	20 31 00 49 74 20 69 73 20 70 6f 73 73 69 62 6c 65 20 74 6f 20 65 6e 68 61 6e 63 65 20 61 75 74	.1.It.is.possible.to.enhance.aut
42a00	68 65 6e 74 69 63 61 74 69 6f 6e 20 73 65 63 75 72 69 74 79 20 62 79 20 75 73 69 6e 67 20 74 68	hentication.security.by.using.th
42a20	65 20 3a 61 62 62 72 3a 60 32 46 41 20 28 54 77 6f 2d 66 61 63 74 6f 72 20 61 75 74 68 65 6e 74	e.:abbr:`2FA.(Two-factor.authent
42a40	69 63 61 74 69 6f 6e 29 60 2f 3a 61 62 62 72 3a 60 4d 46 41 20 28 4d 75 6c 74 69 2d 66 61 63 74	ication)`/:abbr:`MFA.(Multi-fact
42a60	6f 72 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 29 60 20 66 65 61 74 75 72 65 20 74 6f 67 65	or.authentication)`.feature.toge
42a80	74 68 65 72 20 77 69 74 68 20 3a 61 62 62 72 3a 60 4f 54 50 20 28 4f 6e 65 2d 54 69 6d 65 2d 50	ther.with.:abbr:`OTP.(One-Time-P
42aa0	61 64 29 60 20 6f 6e 20 56 79 4f 53 2e 20 3a 61 62 62 72 3a 60 32 46 41 20 28 54 77 6f 2d 66 61	ad)`.on.VyOS..:abbr:`2FA.(Two-fa
42ac0	63 74 6f 72 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 29 60 2f 3a 61 62 62 72 3a 60 4d 46 41	ctor.authentication)`/:abbr:`MFA
42ae0	20 28 4d 75 6c 74 69 2d 66 61 63 74 6f 72 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 29 60 20	.(Multi-factor.authentication)`.
42b00	69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 69 6e 64 65 70 65 6e 64 65 6e 74 6c 79 20 70 65 72 20	is.configured.independently.per.
42b20	65 61 63 68 20 75 73 65 72 2e 20 49 66 20 61 6e 20 4f 54 50 20 6b 65 79 20 69 73 20 63 6f 6e 66	each.user..If.an.OTP.key.is.conf
42b40	69 67 75 72 65 64 20 66 6f 72 20 61 20 75 73 65 72 2c 20 32 46 41 2f 4d 46 41 20 69 73 20 61 75	igured.for.a.user,.2FA/MFA.is.au
42b60	74 6f 6d 61 74 69 63 61 6c 6c 79 20 65 6e 61 62 6c 65 64 20 66 6f 72 20 74 68 61 74 20 70 61 72	tomatically.enabled.for.that.par
42b80	74 69 63 75 6c 61 72 20 75 73 65 72 2e 20 49 66 20 61 20 75 73 65 72 20 64 6f 65 73 20 6e 6f 74	ticular.user..If.a.user.does.not
42ba0	20 68 61 76 65 20 61 6e 20 4f 54 50 20 6b 65 79 20 63 6f 6e 66 69 67 75 72 65 64 2c 20 74 68 65	.have.an.OTP.key.configured,.the
42bc0	72 65 20 69 73 20 6e 6f 20 32 46 41 2f 4d 46 41 20 63 68 65 63 6b 20 66 6f 72 20 74 68 61 74 20	re.is.no.2FA/MFA.check.for.that.
42be0	75 73 65 72 2e 00 49 74 20 69 73 20 70 6f 73 73 69 62 6c 65 20 74 6f 20 70 65 72 6d 69 74 20 42	user..It.is.possible.to.permit.B
42c00	47 50 20 69 6e 73 74 61 6c 6c 20 56 50 4e 20 70 72 65 66 69 78 65 73 20 77 69 74 68 6f 75 74 20	GP.install.VPN.prefixes.without.
42c20	74 72 61 6e 73 70 6f 72 74 20 6c 61 62 65 6c 73 2e 20 54 68 69 73 20 63 6f 6e 66 69 67 75 72 61	transport.labels..This.configura
42c40	74 69 6f 6e 20 77 69 6c 6c 20 69 6e 73 74 61 6c 6c 20 56 50 4e 20 70 72 65 66 69 78 65 73 20 6f	tion.will.install.VPN.prefixes.o
42c60	72 69 67 69 6e 61 74 65 64 20 66 72 6f 6d 20 61 6e 20 65 2d 62 67 70 20 73 65 73 73 69 6f 6e 2c	riginated.from.an.e-bgp.session,
42c80	20 61 6e 64 20 77 69 74 68 20 74 68 65 20 6e 65 78 74 2d 68 6f 70 20 64 69 72 65 63 74 6c 79 20	.and.with.the.next-hop.directly.
42ca0	63 6f 6e 6e 65 63 74 65 64 2e 00 49 74 20 69 73 20 70 6f 73 73 69 62 6c 65 20 74 6f 20 75 73 65	connected..It.is.possible.to.use
42cc0	20 65 69 74 68 65 72 20 4d 75 6c 74 69 63 61 73 74 20 6f 72 20 55 6e 69 63 61 73 74 20 74 6f 20	.either.Multicast.or.Unicast.to.
42ce0	73 79 6e 63 20 63 6f 6e 6e 74 72 61 63 6b 20 74 72 61 66 66 69 63 2e 20 4d 6f 73 74 20 65 78 61	sync.conntrack.traffic..Most.exa
42d00	6d 70 6c 65 73 20 62 65 6c 6f 77 20 73 68 6f 77 20 4d 75 6c 74 69 63 61 73 74 2c 20 62 75 74 20	mples.below.show.Multicast,.but.
42d20	75 6e 69 63 61 73 74 20 63 61 6e 20 62 65 20 73 70 65 63 69 66 69 65 64 20 62 79 20 75 73 69 6e	unicast.can.be.specified.by.usin
42d40	67 20 74 68 65 20 22 70 65 65 72 22 20 6b 65 79 77 6f 72 6b 20 61 66 74 65 72 20 74 68 65 20 73	g.the."peer".keywork.after.the.s
42d60	70 65 63 69 66 69 63 65 64 20 69 6e 74 65 72 66 61 63 65 2c 20 61 73 20 69 6e 20 74 68 65 20 66	pecificed.interface,.as.in.the.f
42d80	6f 6c 6c 6f 77 69 6e 67 20 65 78 61 6d 70 6c 65 3a 00 49 74 20 69 73 20 76 65 72 79 20 65 61 73	ollowing.example:.It.is.very.eas
42da0	79 20 74 6f 20 6d 69 73 63 6f 6e 66 69 67 75 72 65 20 6d 75 6c 74 69 63 61 73 74 20 72 65 70 65	y.to.misconfigure.multicast.repe
42dc0	61 74 69 6e 67 20 69 66 20 79 6f 75 20 68 61 76 65 20 6d 75 6c 74 69 70 6c 65 20 4e 48 53 65 73	ating.if.you.have.multiple.NHSes
42de0	2e 00 49 74 20 75 73 65 73 20 61 20 73 69 6e 67 6c 65 20 54 43 50 20 6f 72 20 55 44 50 20 63 6f	..It.uses.a.single.TCP.or.UDP.co
42e00	6e 6e 65 63 74 69 6f 6e 20 61 6e 64 20 64 6f 65 73 20 6e 6f 74 20 72 65 6c 79 20 6f 6e 20 70 61	nnection.and.does.not.rely.on.pa
42e20	63 6b 65 74 20 73 6f 75 72 63 65 20 61 64 64 72 65 73 73 65 73 2c 20 73 6f 20 69 74 20 77 69 6c	cket.source.addresses,.so.it.wil
42e40	6c 20 77 6f 72 6b 20 65 76 65 6e 20 74 68 72 6f 75 67 68 20 61 20 64 6f 75 62 6c 65 20 4e 41 54	l.work.even.through.a.double.NAT
42e60	3a 20 70 65 72 66 65 63 74 20 66 6f 72 20 70 75 62 6c 69 63 20 68 6f 74 73 70 6f 74 73 20 61 6e	:.perfect.for.public.hotspots.an
42e80	64 20 73 75 63 68 00 49 74 20 75 73 65 73 20 61 20 73 74 6f 63 68 61 73 74 69 63 20 6d 6f 64 65	d.such.It.uses.a.stochastic.mode
42ea0	6c 20 74 6f 20 63 6c 61 73 73 69 66 79 20 69 6e 63 6f 6d 69 6e 67 20 70 61 63 6b 65 74 73 20 69	l.to.classify.incoming.packets.i
42ec0	6e 74 6f 20 64 69 66 66 65 72 65 6e 74 20 66 6c 6f 77 73 20 61 6e 64 20 69 73 20 75 73 65 64 20	nto.different.flows.and.is.used.
42ee0	74 6f 20 70 72 6f 76 69 64 65 20 61 20 66 61 69 72 20 73 68 61 72 65 20 6f 66 20 74 68 65 20 62	to.provide.a.fair.share.of.the.b
42f00	61 6e 64 77 69 64 74 68 20 74 6f 20 61 6c 6c 20 74 68 65 20 66 6c 6f 77 73 20 75 73 69 6e 67 20	andwidth.to.all.the.flows.using.
42f20	74 68 65 20 71 75 65 75 65 2e 20 45 61 63 68 20 66 6c 6f 77 20 69 73 20 6d 61 6e 61 67 65 64 20	the.queue..Each.flow.is.managed.
42f40	62 79 20 74 68 65 20 43 6f 44 65 6c 20 71 75 65 75 69 6e 67 20 20 64 69 73 63 69 70 6c 69 6e 65	by.the.CoDel.queuing..discipline
42f60	2e 20 52 65 6f 72 64 65 72 69 6e 67 20 77 69 74 68 69 6e 20 61 20 66 6c 6f 77 20 69 73 20 61 76	..Reordering.within.a.flow.is.av
42f80	6f 69 64 65 64 20 73 69 6e 63 65 20 43 6f 64 65 6c 20 69 6e 74 65 72 6e 61 6c 6c 79 20 75 73 65	oided.since.Codel.internally.use
42fa0	73 20 61 20 46 49 46 4f 20 71 75 65 75 65 2e 00 49 74 20 77 69 6c 6c 20 62 65 20 63 6f 6d 62 69	s.a.FIFO.queue..It.will.be.combi
42fc0	6e 65 64 20 77 69 74 68 20 74 68 65 20 64 65 6c 65 67 61 74 65 64 20 70 72 65 66 69 78 20 61 6e	ned.with.the.delegated.prefix.an
42fe0	64 20 74 68 65 20 73 6c 61 2d 69 64 20 74 6f 20 66 6f 72 6d 20 61 20 63 6f 6d 70 6c 65 74 65 20	d.the.sla-id.to.form.a.complete.
43000	69 6e 74 65 72 66 61 63 65 20 61 64 64 72 65 73 73 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 69	interface.address..The.default.i
43020	73 20 74 6f 20 75 73 65 20 74 68 65 20 45 55 49 2d 36 34 20 61 64 64 72 65 73 73 20 6f 66 20 74	s.to.use.the.EUI-64.address.of.t
43040	68 65 20 69 6e 74 65 72 66 61 63 65 2e 00 49 74 27 73 20 65 61 73 79 20 74 6f 20 73 65 74 75 70	he.interface..It's.easy.to.setup
43060	20 61 6e 64 20 6f 66 66 65 72 73 20 76 65 72 79 20 66 6c 65 78 69 62 6c 65 20 73 70 6c 69 74 20	.and.offers.very.flexible.split.
43080	74 75 6e 6e 65 6c 69 6e 67 00 49 74 27 73 20 6e 6f 74 20 6c 69 6b 65 6c 79 20 74 68 61 74 20 61	tunneling.It's.not.likely.that.a
430a0	6e 79 6f 6e 65 20 77 69 6c 6c 20 6e 65 65 64 20 69 74 20 61 6e 79 20 74 69 6d 65 20 73 6f 6f 6e	nyone.will.need.it.any.time.soon
430c0	2c 20 62 75 74 20 69 74 20 64 6f 65 73 20 65 78 69 73 74 2e 00 49 74 27 73 20 73 6c 6f 77 65 72	,.but.it.does.exist..It's.slower
430e0	20 74 68 61 6e 20 49 50 73 65 63 20 64 75 65 20 74 6f 20 68 69 67 68 65 72 20 70 72 6f 74 6f 63	.than.IPsec.due.to.higher.protoc
43100	6f 6c 20 6f 76 65 72 68 65 61 64 20 61 6e 64 20 74 68 65 20 66 61 63 74 20 69 74 20 72 75 6e 73	ol.overhead.and.the.fact.it.runs
43120	20 69 6e 20 75 73 65 72 20 6d 6f 64 65 20 77 68 69 6c 65 20 49 50 73 65 63 2c 20 6f 6e 20 4c 69	.in.user.mode.while.IPsec,.on.Li
43140	6e 75 78 2c 20 69 73 20 69 6e 20 6b 65 72 6e 65 6c 20 6d 6f 64 65 00 4a 6f 69 6e 20 61 20 67 69	nux,.is.in.kernel.mode.Join.a.gi
43160	76 65 6e 20 56 52 46 2e 20 54 68 69 73 20 77 69 6c 6c 20 6f 70 65 6e 20 61 20 6e 65 77 20 73 75	ven.VRF..This.will.open.a.new.su
43180	62 73 68 65 6c 6c 20 77 69 74 68 69 6e 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 56 52 46 2e	bshell.within.the.specified.VRF.
431a0	00 4a 75 6d 70 20 74 6f 20 61 20 64 69 66 66 65 72 65 6e 74 20 72 75 6c 65 20 69 6e 20 74 68 69	.Jump.to.a.different.rule.in.thi
431c0	73 20 72 6f 75 74 65 2d 6d 61 70 20 6f 6e 20 61 20 6d 61 74 63 68 2e 00 4a 75 6e 69 70 65 72 20	s.route-map.on.a.match..Juniper.
431e0	45 58 20 53 77 69 74 63 68 00 4b 65 72 6e 65 6c 20 6d 65 73 73 61 67 65 73 00 4b 65 79 20 42 61	EX.Switch.Kernel.messages.Key.Ba
43200	73 65 64 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 00 4b 65 79 20 47 65 6e 65 72 61 74 69 6f	sed.Authentication.Key.Generatio
43220	6e 00 4b 65 79 20 4d 61 6e 61 67 65 6d 65 6e 74 00 4b 65 79 20 50 61 72 61 6d 65 74 65 72 73 3a	n.Key.Management.Key.Parameters:
43240	00 4b 65 79 20 50 6f 69 6e 74 73 3a 00 4b 65 79 20 75 73 61 67 65 20 28 43 4c 49 29 00 4b 65 79	.Key.Points:.Key.usage.(CLI).Key
43260	62 6f 61 72 64 20 4c 61 79 6f 75 74 00 4b 65 79 70 61 69 72 73 00 4b 65 79 77 6f 72 64 00 4c 32	board.Layout.Keypairs.Keyword.L2
43280	54 50 00 4c 32 54 50 20 6f 76 65 72 20 49 50 73 65 63 00 4c 32 54 50 76 33 00 4c 32 54 50 76 33	TP.L2TP.over.IPsec.L2TPv3.L2TPv3
432a0	20 63 61 6e 20 62 65 20 72 65 67 61 72 64 65 64 20 61 73 20 62 65 69 6e 67 20 74 6f 20 4d 50 4c	.can.be.regarded.as.being.to.MPL
432c0	53 20 77 68 61 74 20 49 50 20 69 73 20 74 6f 20 41 54 4d 3a 20 61 20 73 69 6d 70 6c 69 66 69 65	S.what.IP.is.to.ATM:.a.simplifie
432e0	64 20 76 65 72 73 69 6f 6e 20 6f 66 20 74 68 65 20 73 61 6d 65 20 63 6f 6e 63 65 70 74 2c 20 77	d.version.of.the.same.concept,.w
43300	69 74 68 20 6d 75 63 68 20 6f 66 20 74 68 65 20 73 61 6d 65 20 62 65 6e 65 66 69 74 20 61 63 68	ith.much.of.the.same.benefit.ach
43320	69 65 76 65 64 20 61 74 20 61 20 66 72 61 63 74 69 6f 6e 20 6f 66 20 74 68 65 20 65 66 66 6f 72	ieved.at.a.fraction.of.the.effor
43340	74 2c 20 61 74 20 74 68 65 20 63 6f 73 74 20 6f 66 20 6c 6f 73 69 6e 67 20 73 6f 6d 65 20 74 65	t,.at.the.cost.of.losing.some.te
43360	63 68 6e 69 63 61 6c 20 66 65 61 74 75 72 65 73 20 63 6f 6e 73 69 64 65 72 65 64 20 6c 65 73 73	chnical.features.considered.less
43380	20 69 6d 70 6f 72 74 61 6e 74 20 69 6e 20 74 68 65 20 6d 61 72 6b 65 74 2e 00 4c 32 54 50 76 33	.important.in.the.market..L2TPv3
433a0	20 69 73 20 64 65 73 63 72 69 62 65 64 20 69 6e 20 3a 72 66 63 3a 60 33 39 32 31 60 2e 00 4c 32	.is.described.in.:rfc:`3921`..L2
433c0	54 50 76 33 20 69 73 20 64 65 73 63 72 69 62 65 64 20 69 6e 20 3a 72 66 63 3a 60 33 39 33 31 60	TPv3.is.described.in.:rfc:`3931`
433e0	2e 00 4c 32 54 50 76 33 20 6f 70 74 69 6f 6e 73 00 4c 32 54 50 76 33 3a 00 4c 33 56 50 4e 20 56	..L2TPv3.options.L2TPv3:.L3VPN.V
43400	52 46 73 00 4c 44 41 50 00 4c 44 41 50 20 70 72 6f 74 6f 63 6f 6c 20 76 65 72 73 69 6f 6e 2e 20	RFs.LDAP.LDAP.protocol.version..
43420	44 65 66 61 75 6c 74 73 20 74 6f 20 33 20 69 66 20 6e 6f 74 20 73 70 65 63 69 66 69 65 64 2e 00	Defaults.to.3.if.not.specified..
43440	4c 44 41 50 20 73 65 61 72 63 68 20 66 69 6c 74 65 72 20 74 6f 20 6c 6f 63 61 74 65 20 74 68 65	LDAP.search.filter.to.locate.the
43460	20 75 73 65 72 20 44 4e 2e 20 52 65 71 75 69 72 65 64 20 69 66 20 74 68 65 20 75 73 65 72 73 20	.user.DN..Required.if.the.users.
43480	61 72 65 20 69 6e 20 61 20 68 69 65 72 61 72 63 68 79 20 62 65 6c 6f 77 20 74 68 65 20 62 61 73	are.in.a.hierarchy.below.the.bas
434a0	65 20 44 4e 2c 20 6f 72 20 69 66 20 74 68 65 20 6c 6f 67 69 6e 20 6e 61 6d 65 20 69 73 20 6e 6f	e.DN,.or.if.the.login.name.is.no
434c0	74 20 77 68 61 74 20 62 75 69 6c 64 73 20 74 68 65 20 75 73 65 72 20 73 70 65 63 69 66 69 63 20	t.what.builds.the.user.specific.
434e0	70 61 72 74 20 6f 66 20 74 68 65 20 75 73 65 72 73 20 44 4e 2e 00 4c 4c 44 50 00 4c 4c 44 50 20	part.of.the.users.DN..LLDP.LLDP.
43500	70 65 72 66 6f 72 6d 73 20 66 75 6e 63 74 69 6f 6e 73 20 73 69 6d 69 6c 61 72 20 74 6f 20 73 65	performs.functions.similar.to.se
43520	76 65 72 61 6c 20 70 72 6f 70 72 69 65 74 61 72 79 20 70 72 6f 74 6f 63 6f 6c 73 2c 20 73 75 63	veral.proprietary.protocols,.suc
43540	68 20 61 73 20 3a 61 62 62 72 3a 60 43 44 50 20 28 43 69 73 63 6f 20 44 69 73 63 6f 76 65 72 79	h.as.:abbr:`CDP.(Cisco.Discovery
43560	20 50 72 6f 74 6f 63 6f 6c 29 60 2c 20 3a 61 62 62 72 3a 60 46 44 50 20 28 46 6f 75 6e 64 72 79	.Protocol)`,.:abbr:`FDP.(Foundry
43580	20 44 69 73 63 6f 76 65 72 79 20 50 72 6f 74 6f 63 6f 6c 29 60 2c 20 3a 61 62 62 72 3a 60 4e 44	.Discovery.Protocol)`,.:abbr:`ND
435a0	50 20 28 4e 6f 72 74 65 6c 20 44 69 73 63 6f 76 65 72 79 20 50 72 6f 74 6f 63 6f 6c 29 60 20 61	P.(Nortel.Discovery.Protocol)`.a
435c0	6e 64 20 3a 61 62 62 72 3a 60 4c 4c 54 44 20 28 4c 69 6e 6b 20 4c 61 79 65 72 20 54 6f 70 6f 6c	nd.:abbr:`LLTD.(Link.Layer.Topol
435e0	6f 67 79 20 44 69 73 63 6f 76 65 72 79 29 60 2e 00 4c 4e 53 20 28 4c 32 54 50 20 4e 65 74 77 6f	ogy.Discovery)`..LNS.(L2TP.Netwo
43600	72 6b 20 53 65 72 76 65 72 29 00 4c 4e 53 20 61 72 65 20 6f 66 74 65 6e 20 75 73 65 64 20 74 6f	rk.Server).LNS.are.often.used.to
43620	20 63 6f 6e 6e 65 63 74 20 74 6f 20 61 20 4c 41 43 20 28 4c 32 54 50 20 41 63 63 65 73 73 20 43	.connect.to.a.LAC.(L2TP.Access.C
43640	6f 6e 63 65 6e 74 72 61 74 6f 72 29 2e 00 4c 61 62 65 6c 20 44 69 73 74 72 69 62 75 74 69 6f 6e	oncentrator)..Label.Distribution
43660	20 50 72 6f 74 6f 63 6f 6c 00 4c 61 79 65 72 20 32 20 54 75 6e 6e 65 6c 6c 69 6e 67 20 50 72 6f	.Protocol.Layer.2.Tunnelling.Pro
43680	74 6f 63 6f 6c 20 56 65 72 73 69 6f 6e 20 33 20 69 73 20 61 6e 20 49 45 54 46 20 73 74 61 6e 64	tocol.Version.3.is.an.IETF.stand
436a0	61 72 64 20 72 65 6c 61 74 65 64 20 74 6f 20 4c 32 54 50 20 74 68 61 74 20 63 61 6e 20 62 65 20	ard.related.to.L2TP.that.can.be.
436c0	75 73 65 64 20 61 73 20 61 6e 20 61 6c 74 65 72 6e 61 74 69 76 65 20 70 72 6f 74 6f 63 6f 6c 20	used.as.an.alternative.protocol.
436e0	74 6f 20 3a 72 65 66 3a 60 6d 70 6c 73 60 20 66 6f 72 20 65 6e 63 61 70 73 75 6c 61 74 69 6f 6e	to.:ref:`mpls`.for.encapsulation
43700	20 6f 66 20 6d 75 6c 74 69 70 72 6f 74 6f 63 6f 6c 20 4c 61 79 65 72 20 32 20 63 6f 6d 6d 75 6e	.of.multiprotocol.Layer.2.commun
43720	69 63 61 74 69 6f 6e 73 20 74 72 61 66 66 69 63 20 6f 76 65 72 20 49 50 20 6e 65 74 77 6f 72 6b	ications.traffic.over.IP.network
43740	73 2e 20 4c 69 6b 65 20 4c 32 54 50 2c 20 4c 32 54 50 76 33 20 70 72 6f 76 69 64 65 73 20 61 20	s..Like.L2TP,.L2TPv3.provides.a.
43760	70 73 65 75 64 6f 2d 77 69 72 65 20 73 65 72 76 69 63 65 20 62 75 74 20 69 73 20 73 63 61 6c 65	pseudo-wire.service.but.is.scale
43780	64 20 74 6f 20 66 69 74 20 63 61 72 72 69 65 72 20 72 65 71 75 69 72 65 6d 65 6e 74 73 2e 00 4c	d.to.fit.carrier.requirements..L
437a0	65 61 73 65 20 74 69 6d 65 20 77 69 6c 6c 20 62 65 20 6c 65 66 74 20 61 74 20 74 68 65 20 64 65	ease.time.will.be.left.at.the.de
437c0	66 61 75 6c 74 20 76 61 6c 75 65 20 77 68 69 63 68 20 69 73 20 32 34 20 68 6f 75 72 73 00 4c 65	fault.value.which.is.24.hours.Le
437e0	61 73 65 20 74 69 6d 65 6f 75 74 20 69 6e 20 73 65 63 6f 6e 64 73 20 28 64 65 66 61 75 6c 74 3a	ase.timeout.in.seconds.(default:
43800	20 38 36 34 30 30 29 00 4c 65 74 20 53 4e 4d 50 20 64 61 65 6d 6f 6e 20 6c 69 73 74 65 6e 20 6f	.86400).Let.SNMP.daemon.listen.o
43820	6e 6c 79 20 6f 6e 20 49 50 20 61 64 64 72 65 73 73 20 31 39 32 2e 30 2e 32 2e 31 00 4c 65 74 27	nly.on.IP.address.192.0.2.1.Let'
43840	73 20 61 73 73 75 6d 65 20 50 43 34 20 6f 6e 20 4c 65 61 66 32 20 77 61 6e 74 73 20 74 6f 20 70	s.assume.PC4.on.Leaf2.wants.to.p
43860	69 6e 67 20 50 43 35 20 6f 6e 20 4c 65 61 66 33 2e 20 49 6e 73 74 65 61 64 20 6f 66 20 73 65 74	ing.PC5.on.Leaf3..Instead.of.set
43880	74 69 6e 67 20 4c 65 61 66 33 20 61 73 20 6f 75 72 20 72 65 6d 6f 74 65 20 65 6e 64 20 6d 61 6e	ting.Leaf3.as.our.remote.end.man
438a0	75 61 6c 6c 79 2c 20 4c 65 61 66 32 20 65 6e 63 61 70 73 75 6c 61 74 65 73 20 74 68 65 20 70 61	ually,.Leaf2.encapsulates.the.pa
438c0	63 6b 65 74 20 69 6e 74 6f 20 61 20 55 44 50 2d 70 61 63 6b 65 74 20 61 6e 64 20 73 65 6e 64 73	cket.into.a.UDP-packet.and.sends
438e0	20 69 74 20 74 6f 20 69 74 73 20 64 65 73 69 67 6e 61 74 65 64 20 6d 75 6c 74 69 63 61 73 74 2d	.it.to.its.designated.multicast-
43900	61 64 64 72 65 73 73 20 76 69 61 20 53 70 69 6e 65 31 2e 20 57 68 65 6e 20 53 70 69 6e 65 31 20	address.via.Spine1..When.Spine1.
43920	72 65 63 65 69 76 65 73 20 74 68 69 73 20 70 61 63 6b 65 74 20 69 74 20 66 6f 72 77 61 72 64 73	receives.this.packet.it.forwards
43940	20 69 74 20 74 6f 20 61 6c 6c 20 6f 74 68 65 72 20 6c 65 61 76 65 73 20 77 68 6f 20 68 61 73 20	.it.to.all.other.leaves.who.has.
43960	6a 6f 69 6e 65 64 20 74 68 65 20 73 61 6d 65 20 6d 75 6c 74 69 63 61 73 74 2d 67 72 6f 75 70 2c	joined.the.same.multicast-group,
43980	20 69 6e 20 74 68 69 73 20 63 61 73 65 20 4c 65 61 66 33 2e 20 57 68 65 6e 20 4c 65 61 66 33 20	.in.this.case.Leaf3..When.Leaf3.
439a0	72 65 63 65 69 76 65 73 20 74 68 65 20 70 61 63 6b 65 74 20 69 74 20 66 6f 72 77 61 72 64 73 20	receives.the.packet.it.forwards.
439c0	69 74 2c 20 77 68 69 6c 65 20 61 74 20 74 68 65 20 73 61 6d 65 20 74 69 6d 65 20 6c 65 61 72 6e	it,.while.at.the.same.time.learn
439e0	69 6e 67 20 74 68 61 74 20 50 43 34 20 69 73 20 72 65 61 63 68 61 62 6c 65 20 62 65 68 69 6e 64	ing.that.PC4.is.reachable.behind
43a00	20 4c 65 61 66 32 2c 20 62 65 63 61 75 73 65 20 74 68 65 20 65 6e 63 61 70 73 75 6c 61 74 65 64	.Leaf2,.because.the.encapsulated
43a20	20 70 61 63 6b 65 74 20 68 61 64 20 4c 65 61 66 32 27 73 20 49 50 20 61 64 64 72 65 73 73 20 73	.packet.had.Leaf2's.IP.address.s
43a40	65 74 20 61 73 20 73 6f 75 72 63 65 20 49 50 2e 00 4c 65 74 27 73 20 61 73 73 75 6d 65 20 77 65	et.as.source.IP..Let's.assume.we
43a60	20 68 61 76 65 20 74 77 6f 20 44 48 43 50 20 57 41 4e 20 69 6e 74 65 72 66 61 63 65 73 20 61 6e	.have.two.DHCP.WAN.interfaces.an
43a80	64 20 6f 6e 65 20 4c 41 4e 20 28 65 74 68 32 29 3a 00 4c 65 74 27 73 20 62 75 69 6c 64 20 61 20	d.one.LAN.(eth2):.Let's.build.a.
43aa0	73 69 6d 70 6c 65 20 56 50 4e 20 62 65 74 77 65 65 6e 20 32 20 49 6e 74 65 6c c2 ae 20 51 41 54	simple.VPN.between.2.Intel...QAT
43ac0	20 72 65 61 64 79 20 64 65 76 69 63 65 73 2e 00 4c 65 74 27 73 20 65 78 70 61 6e 64 20 74 68 65	.ready.devices..Let's.expand.the
43ae0	20 65 78 61 6d 70 6c 65 20 66 72 6f 6d 20 61 62 6f 76 65 20 61 6e 64 20 61 64 64 20 77 65 69 67	.example.from.above.and.add.weig
43b00	68 74 20 74 6f 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 73 2e 20 54 68 65 20 62 61 6e 64 77 69	ht.to.the.interfaces..The.bandwi
43b20	64 74 68 20 66 72 6f 6d 20 65 74 68 30 20 69 73 20 6c 61 72 67 65 72 20 74 68 61 6e 20 65 74 68	dth.from.eth0.is.larger.than.eth
43b40	31 2e 20 50 65 72 20 64 65 66 61 75 6c 74 2c 20 6f 75 74 62 6f 75 6e 64 20 74 72 61 66 66 69 63	1..Per.default,.outbound.traffic
43b60	20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 72 61 6e 64 6f 6d 6c 79 20 61 63 72 6f 73 73 20	.is.distributed.randomly.across.
43b80	61 76 61 69 6c 61 62 6c 65 20 69 6e 74 65 72 66 61 63 65 73 2e 20 57 65 69 67 68 74 73 20 63 61	available.interfaces..Weights.ca
43ba0	6e 20 62 65 20 61 73 73 69 67 6e 65 64 20 74 6f 20 69 6e 74 65 72 66 61 63 65 73 20 74 6f 20 69	n.be.assigned.to.interfaces.to.i
43bc0	6e 66 6c 75 65 6e 63 65 20 74 68 65 20 62 61 6c 61 6e 63 69 6e 67 2e 00 4c 65 74 73 20 61 73 73	nfluence.the.balancing..Lets.ass
43be0	75 6d 65 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 74 6f 70 6f 6c 6f 67 79 3a 00 4c 65 76 65	ume.the.following.topology:.Leve
43c00	6c 20 34 20 62 61 6c 61 6e 63 69 6e 67 00 4c 69 66 65 74 69 6d 65 20 61 73 73 6f 63 69 61 74 65	l.4.balancing.Lifetime.associate
43c20	64 20 77 69 74 68 20 74 68 65 20 64 65 66 61 75 6c 74 20 72 6f 75 74 65 72 20 69 6e 20 75 6e 69	d.with.the.default.router.in.uni
43c40	74 73 20 6f 66 20 73 65 63 6f 6e 64 73 00 4c 69 66 65 74 69 6d 65 20 69 6e 20 64 61 79 73 3b 20	ts.of.seconds.Lifetime.in.days;.
43c60	64 65 66 61 75 6c 74 20 69 73 20 33 36 35 00 4c 69 66 65 74 69 6d 65 20 69 73 20 64 65 63 72 65	default.is.365.Lifetime.is.decre
43c80	6d 65 6e 74 65 64 20 62 79 20 74 68 65 20 6e 75 6d 62 65 72 20 6f 66 20 73 65 63 6f 6e 64 73 20	mented.by.the.number.of.seconds.
43ca0	73 69 6e 63 65 20 74 68 65 20 6c 61 73 74 20 52 41 20 2d 20 75 73 65 20 69 6e 20 63 6f 6e 6a 75	since.the.last.RA.-.use.in.conju
43cc0	6e 63 74 69 6f 6e 20 77 69 74 68 20 61 20 44 48 43 50 76 36 2d 50 44 20 70 72 65 66 69 78 00 4c	nction.with.a.DHCPv6-PD.prefix.L
43ce0	69 6d 69 74 20 61 6c 6c 6f 77 65 64 20 63 69 70 68 65 72 20 61 6c 67 6f 72 69 74 68 6d 73 20 75	imit.allowed.cipher.algorithms.u
43d00	73 65 64 20 64 75 72 69 6e 67 20 53 53 4c 2f 54 4c 53 20 68 61 6e 64 73 68 61 6b 65 00 4c 69 6d	sed.during.SSL/TLS.handshake.Lim
43d20	69 74 20 6c 6f 67 69 6e 73 20 74 6f 20 60 3c 6c 69 6d 69 74 3e 60 20 70 65 72 20 65 76 65 72 79	it.logins.to.`<limit>`.per.every
43d40	20 60 60 72 61 74 65 2d 74 69 6d 65 60 60 20 73 65 63 6f 6e 64 73 2e 20 52 61 74 65 20 6c 69 6d	.``rate-time``.seconds..Rate.lim
43d60	69 74 20 6d 75 73 74 20 62 65 20 62 65 74 77 65 65 6e 20 31 20 61 6e 64 20 31 30 20 61 74 74 65	it.must.be.between.1.and.10.atte
43d80	6d 70 74 73 2e 00 4c 69 6d 69 74 20 6c 6f 67 69 6e 73 20 74 6f 20 60 60 72 61 74 65 2d 6c 69 6d	mpts..Limit.logins.to.``rate-lim
43da0	69 74 60 60 20 61 74 74 65 6d 70 73 20 70 65 72 20 65 76 65 72 79 20 60 3c 73 65 63 6f 6e 64 73	it``.attemps.per.every.`<seconds
43dc0	3e 60 2e 20 52 61 74 65 20 74 69 6d 65 20 6d 75 73 74 20 62 65 20 62 65 74 77 65 65 6e 20 31 35	>`..Rate.time.must.be.between.15
43de0	20 61 6e 64 20 36 30 30 20 73 65 63 6f 6e 64 73 2e 00 4c 69 6d 69 74 20 6d 61 78 69 6d 75 6d 20	.and.600.seconds..Limit.maximum.
43e00	6e 75 6d 62 65 72 20 6f 66 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 00 4c 69 6d 69 74 65 72 00 4c 69	number.of.connections.Limiter.Li
43e20	6d 69 74 65 72 20 69 73 20 6f 6e 65 20 6f 66 20 74 68 6f 73 65 20 70 6f 6c 69 63 69 65 73 20 74	miter.is.one.of.those.policies.t
43e40	68 61 74 20 75 73 65 73 20 63 6c 61 73 73 65 73 5f 20 28 49 6e 67 72 65 73 73 20 71 64 69 73 63	hat.uses.classes_.(Ingress.qdisc
43e60	20 69 73 20 61 63 74 75 61 6c 6c 79 20 61 20 63 6c 61 73 73 6c 65 73 73 20 70 6f 6c 69 63 79 20	.is.actually.a.classless.policy.
43e80	62 75 74 20 66 69 6c 74 65 72 73 20 64 6f 20 77 6f 72 6b 20 69 6e 20 69 74 29 2e 00 4c 69 6d 69	but.filters.do.work.in.it)..Limi
43ea0	74 73 00 4c 69 6e 65 20 70 72 69 6e 74 65 72 20 73 75 62 73 79 73 74 65 6d 00 4c 69 6e 6b 20 4d	ts.Line.printer.subsystem.Link.M
43ec0	54 55 20 76 61 6c 75 65 20 70 6c 61 63 65 64 20 69 6e 20 52 41 73 2c 20 65 78 6c 75 64 65 64 20	TU.value.placed.in.RAs,.exluded.
43ee0	69 6e 20 52 41 73 20 69 66 20 75 6e 73 65 74 00 4c 69 6e 6b 20 61 67 67 72 65 67 61 74 69 6f 6e	in.RAs.if.unset.Link.aggregation
43f00	00 4c 69 6e 75 78 20 6e 65 74 66 69 6c 74 65 72 20 77 69 6c 6c 20 6e 6f 74 20 4e 41 54 20 74 72	.Linux.netfilter.will.not.NAT.tr
43f20	61 66 66 69 63 20 6d 61 72 6b 65 64 20 61 73 20 49 4e 56 41 4c 49 44 2e 20 54 68 69 73 20 6f 66	affic.marked.as.INVALID..This.of
43f40	74 65 6e 20 63 6f 6e 66 75 73 65 73 20 70 65 6f 70 6c 65 20 69 6e 74 6f 20 74 68 69 6e 6b 69 6e	ten.confuses.people.into.thinkin
43f60	67 20 74 68 61 74 20 4c 69 6e 75 78 20 28 6f 72 20 73 70 65 63 69 66 69 63 61 6c 6c 79 20 56 79	g.that.Linux.(or.specifically.Vy
43f80	4f 53 29 20 68 61 73 20 61 20 62 72 6f 6b 65 6e 20 4e 41 54 20 69 6d 70 6c 65 6d 65 6e 74 61 74	OS).has.a.broken.NAT.implementat
43fa0	69 6f 6e 20 62 65 63 61 75 73 65 20 6e 6f 6e 2d 4e 41 54 65 64 20 74 72 61 66 66 69 63 20 69 73	ion.because.non-NATed.traffic.is
43fc0	20 73 65 65 6e 20 6c 65 61 76 69 6e 67 20 61 6e 20 65 78 74 65 72 6e 61 6c 20 69 6e 74 65 72 66	.seen.leaving.an.external.interf
43fe0	61 63 65 2e 20 54 68 69 73 20 69 73 20 61 63 74 75 61 6c 6c 79 20 77 6f 72 6b 69 6e 67 20 61 73	ace..This.is.actually.working.as
44000	20 69 6e 74 65 6e 64 65 64 2c 20 61 6e 64 20 61 20 70 61 63 6b 65 74 20 63 61 70 74 75 72 65 20	.intended,.and.a.packet.capture.
44020	6f 66 20 74 68 65 20 22 6c 65 61 6b 79 22 20 74 72 61 66 66 69 63 20 73 68 6f 75 6c 64 20 72 65	of.the."leaky".traffic.should.re
44040	76 65 61 6c 20 74 68 61 74 20 74 68 65 20 74 72 61 66 66 69 63 20 69 73 20 65 69 74 68 65 72 20	veal.that.the.traffic.is.either.
44060	61 6e 20 61 64 64 69 74 69 6f 6e 61 6c 20 54 43 50 20 22 52 53 54 22 2c 20 22 46 49 4e 2c 41 43	an.additional.TCP."RST",."FIN,AC
44080	4b 22 2c 20 6f 72 20 22 52 53 54 2c 41 43 4b 22 20 73 65 6e 74 20 62 79 20 63 6c 69 65 6e 74 20	K",.or."RST,ACK".sent.by.client.
440a0	73 79 73 74 65 6d 73 20 61 66 74 65 72 20 4c 69 6e 75 78 20 6e 65 74 66 69 6c 74 65 72 20 63 6f	systems.after.Linux.netfilter.co
440c0	6e 73 69 64 65 72 73 20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 63 6c 6f 73 65 64 2e 20 54	nsiders.the.connection.closed..T
440e0	68 65 20 6d 6f 73 74 20 63 6f 6d 6d 6f 6e 20 69 73 20 74 68 65 20 61 64 64 69 74 69 6f 6e 61 6c	he.most.common.is.the.additional
44100	20 54 43 50 20 52 53 54 20 73 6f 6d 65 20 68 6f 73 74 20 69 6d 70 6c 65 6d 65 6e 74 61 74 69 6f	.TCP.RST.some.host.implementatio
44120	6e 73 20 73 65 6e 64 20 61 66 74 65 72 20 74 65 72 6d 69 6e 61 74 69 6e 67 20 61 20 63 6f 6e 6e	ns.send.after.terminating.a.conn
44140	65 63 74 69 6f 6e 20 28 77 68 69 63 68 20 69 73 20 69 6d 70 6c 65 6d 65 6e 74 61 74 69 6f 6e 2d	ection.(which.is.implementation-
44160	73 70 65 63 69 66 69 63 29 2e 00 4c 69 73 74 20 61 6c 6c 20 4d 41 43 73 65 63 20 69 6e 74 65 72	specific)..List.all.MACsec.inter
44180	66 61 63 65 73 2e 00 4c 69 73 74 20 6f 66 20 66 61 63 69 6c 69 74 69 65 73 20 75 73 65 64 20 62	faces..List.of.facilities.used.b
441a0	79 20 73 79 73 6c 6f 67 2e 20 4d 6f 73 74 20 66 61 63 69 6c 69 74 69 65 73 20 6e 61 6d 65 73 20	y.syslog..Most.facilities.names.
441c0	61 72 65 20 73 65 6c 66 20 65 78 70 6c 61 6e 61 74 6f 72 79 2e 20 46 61 63 69 6c 69 74 69 65 73	are.self.explanatory..Facilities
441e0	20 6c 6f 63 61 6c 30 20 2d 20 6c 6f 63 61 6c 37 20 63 6f 6d 6d 6f 6e 20 75 73 61 67 65 20 69 73	.local0.-.local7.common.usage.is
44200	20 66 2e 65 2e 20 61 73 20 6e 65 74 77 6f 72 6b 20 6c 6f 67 73 20 66 61 63 69 6c 69 74 69 65 73	.f.e..as.network.logs.facilities
44220	20 66 6f 72 20 6e 6f 64 65 73 20 61 6e 64 20 6e 65 74 77 6f 72 6b 20 65 71 75 69 70 6d 65 6e 74	.for.nodes.and.network.equipment
44240	2e 20 47 65 6e 65 72 61 6c 6c 79 20 69 74 20 64 65 70 65 6e 64 73 20 6f 6e 20 74 68 65 20 73 69	..Generally.it.depends.on.the.si
44260	74 75 61 74 69 6f 6e 20 68 6f 77 20 74 6f 20 63 6c 61 73 73 69 66 79 20 6c 6f 67 73 20 61 6e 64	tuation.how.to.classify.logs.and
44280	20 70 75 74 20 74 68 65 6d 20 74 6f 20 66 61 63 69 6c 69 74 69 65 73 2e 20 53 65 65 20 66 61 63	.put.them.to.facilities..See.fac
442a0	69 6c 69 74 69 65 73 20 6d 6f 72 65 20 61 73 20 61 20 74 6f 6f 6c 20 72 61 74 68 65 72 20 74 68	ilities.more.as.a.tool.rather.th
442c0	61 6e 20 61 20 64 69 72 65 63 74 69 76 65 20 74 6f 20 66 6f 6c 6c 6f 77 2e 00 4c 69 73 74 20 6f	an.a.directive.to.follow..List.o
442e0	66 20 6e 65 74 77 6f 72 6b 73 20 6f 72 20 63 6c 69 65 6e 74 20 61 64 64 72 65 73 73 65 73 20 70	f.networks.or.client.addresses.p
44300	65 72 6d 69 74 74 65 64 20 74 6f 20 63 6f 6e 74 61 63 74 20 74 68 69 73 20 4e 54 50 20 73 65 72	ermitted.to.contact.this.NTP.ser
44320	76 65 72 2e 00 4c 69 73 74 20 6f 66 20 73 75 70 70 6f 72 74 65 64 20 4d 41 43 73 3a 20 60 60 68	ver..List.of.supported.MACs:.``h
44340	6d 61 63 2d 6d 64 35 60 60 2c 20 60 60 68 6d 61 63 2d 6d 64 35 2d 39 36 60 60 2c 20 60 60 68 6d	mac-md5``,.``hmac-md5-96``,.``hm
44360	61 63 2d 72 69 70 65 6d 64 31 36 30 60 60 2c 20 60 60 68 6d 61 63 2d 73 68 61 31 60 60 2c 20 60	ac-ripemd160``,.``hmac-sha1``,.`
44380	60 68 6d 61 63 2d 73 68 61 31 2d 39 36 60 60 2c 20 60 60 68 6d 61 63 2d 73 68 61 32 2d 32 35 36	`hmac-sha1-96``,.``hmac-sha2-256
443a0	60 60 2c 20 60 60 68 6d 61 63 2d 73 68 61 32 2d 35 31 32 60 60 2c 20 60 60 75 6d 61 63 2d 36 34	``,.``hmac-sha2-512``,.``umac-64
443c0	40 6f 70 65 6e 73 73 68 2e 63 6f 6d 60 60 2c 20 60 60 75 6d 61 63 2d 31 32 38 40 6f 70 65 6e 73	@openssh.com``,.``umac-128@opens
443e0	73 68 2e 63 6f 6d 60 60 2c 20 60 60 68 6d 61 63 2d 6d 64 35 2d 65 74 6d 40 6f 70 65 6e 73 73 68	sh.com``,.``hmac-md5-etm@openssh
44400	2e 63 6f 6d 60 60 2c 20 60 60 68 6d 61 63 2d 6d 64 35 2d 39 36 2d 65 74 6d 40 6f 70 65 6e 73 73	.com``,.``hmac-md5-96-etm@openss
44420	68 2e 63 6f 6d 60 60 2c 20 60 60 68 6d 61 63 2d 72 69 70 65 6d 64 31 36 30 2d 65 74 6d 40 6f 70	h.com``,.``hmac-ripemd160-etm@op
44440	65 6e 73 73 68 2e 63 6f 6d 60 60 2c 20 60 60 68 6d 61 63 2d 73 68 61 31 2d 65 74 6d 40 6f 70 65	enssh.com``,.``hmac-sha1-etm@ope
44460	6e 73 73 68 2e 63 6f 6d 60 60 2c 20 60 60 68 6d 61 63 2d 73 68 61 31 2d 39 36 2d 65 74 6d 40 6f	nssh.com``,.``hmac-sha1-96-etm@o
44480	70 65 6e 73 73 68 2e 63 6f 6d 60 60 2c 20 60 60 68 6d 61 63 2d 73 68 61 32 2d 32 35 36 2d 65 74	penssh.com``,.``hmac-sha2-256-et
444a0	6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 60 60 2c 20 60 60 68 6d 61 63 2d 73 68 61 32 2d 35 31 32	m@openssh.com``,.``hmac-sha2-512
444c0	2d 65 74 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 60 60 2c 20 60 60 75 6d 61 63 2d 36 34 2d 65 74	-etm@openssh.com``,.``umac-64-et
444e0	6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 60 60 2c 20 60 60 75 6d 61 63 2d 31 32 38 2d 65 74 6d 40	m@openssh.com``,.``umac-128-etm@
44500	6f 70 65 6e 73 73 68 2e 63 6f 6d 60 60 00 4c 69 73 74 20 6f 66 20 73 75 70 70 6f 72 74 65 64 20	openssh.com``.List.of.supported.
44520	61 6c 67 6f 72 69 74 68 6d 73 3a 20 60 60 64 69 66 66 69 65 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f	algorithms:.``diffie-hellman-gro
44540	75 70 31 2d 73 68 61 31 60 60 2c 20 60 60 64 69 66 66 69 65 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f	up1-sha1``,.``diffie-hellman-gro
44560	75 70 31 34 2d 73 68 61 31 60 60 2c 20 60 60 64 69 66 66 69 65 2d 68 65 6c 6c 6d 61 6e 2d 67 72	up14-sha1``,.``diffie-hellman-gr
44580	6f 75 70 31 34 2d 73 68 61 32 35 36 60 60 2c 20 60 60 64 69 66 66 69 65 2d 68 65 6c 6c 6d 61 6e	oup14-sha256``,.``diffie-hellman
445a0	2d 67 72 6f 75 70 31 36 2d 73 68 61 35 31 32 60 60 2c 20 60 60 64 69 66 66 69 65 2d 68 65 6c 6c	-group16-sha512``,.``diffie-hell
445c0	6d 61 6e 2d 67 72 6f 75 70 31 38 2d 73 68 61 35 31 32 60 60 2c 20 60 60 64 69 66 66 69 65 2d 68	man-group18-sha512``,.``diffie-h
445e0	65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 2d 65 78 63 68 61 6e 67 65 2d 73 68 61 31 60 60 2c 20 60 60	ellman-group-exchange-sha1``,.``
44600	64 69 66 66 69 65 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 2d 65 78 63 68 61 6e 67 65 2d 73 68	diffie-hellman-group-exchange-sh
44620	61 32 35 36 60 60 2c 20 60 60 65 63 64 68 2d 73 68 61 32 2d 6e 69 73 74 70 32 35 36 60 60 2c 20	a256``,.``ecdh-sha2-nistp256``,.
44640	60 60 65 63 64 68 2d 73 68 61 32 2d 6e 69 73 74 70 33 38 34 60 60 2c 20 60 60 65 63 64 68 2d 73	``ecdh-sha2-nistp384``,.``ecdh-s
44660	68 61 32 2d 6e 69 73 74 70 35 32 31 60 60 2c 20 60 60 63 75 72 76 65 32 35 35 31 39 2d 73 68 61	ha2-nistp521``,.``curve25519-sha
44680	32 35 36 60 60 20 61 6e 64 20 60 60 63 75 72 76 65 32 35 35 31 39 2d 73 68 61 32 35 36 40 6c 69	256``.and.``curve25519-sha256@li
446a0	62 73 73 68 2e 6f 72 67 60 60 2e 00 4c 69 73 74 20 6f 66 20 73 75 70 70 6f 72 74 65 64 20 63 69	bssh.org``..List.of.supported.ci
446c0	70 68 65 72 73 3a 20 60 60 33 64 65 73 2d 63 62 63 60 60 2c 20 60 60 61 65 73 31 32 38 2d 63 62	phers:.``3des-cbc``,.``aes128-cb
446e0	63 60 60 2c 20 60 60 61 65 73 31 39 32 2d 63 62 63 60 60 2c 20 60 60 61 65 73 32 35 36 2d 63 62	c``,.``aes192-cbc``,.``aes256-cb
44700	63 60 60 2c 20 60 60 61 65 73 31 32 38 2d 63 74 72 60 60 2c 20 60 60 61 65 73 31 39 32 2d 63 74	c``,.``aes128-ctr``,.``aes192-ct
44720	72 60 60 2c 20 60 60 61 65 73 32 35 36 2d 63 74 72 60 60 2c 20 60 60 61 72 63 66 6f 75 72 31 32	r``,.``aes256-ctr``,.``arcfour12
44740	38 60 60 2c 20 60 60 61 72 63 66 6f 75 72 32 35 36 60 60 2c 20 60 60 61 72 63 66 6f 75 72 60 60	8``,.``arcfour256``,.``arcfour``
44760	2c 20 60 60 62 6c 6f 77 66 69 73 68 2d 63 62 63 60 60 2c 20 60 60 63 61 73 74 31 32 38 2d 63 62	,.``blowfish-cbc``,.``cast128-cb
44780	63 60 60 00 4c 69 73 74 20 6f 66 20 77 65 6c 6c 2d 6b 6e 6f 77 6e 20 63 6f 6d 6d 75 6e 69 74 69	c``.List.of.well-known.communiti
447a0	65 73 00 4c 69 73 74 65 6e 20 66 6f 72 20 44 48 43 50 20 72 65 71 75 65 73 74 73 20 6f 6e 20 69	es.Listen.for.DHCP.requests.on.i
447c0	6e 74 65 72 66 61 63 65 20 60 60 65 74 68 31 60 60 2e 00 4c 69 73 74 73 20 56 52 46 73 20 74 68	nterface.``eth1``..Lists.VRFs.th
447e0	61 74 20 68 61 76 65 20 62 65 65 6e 20 63 72 65 61 74 65 64 00 4c 6f 61 64 20 42 61 6c 61 6e 63	at.have.been.created.Load.Balanc
44800	65 00 4c 6f 61 64 20 42 61 6c 61 6e 63 69 6e 67 00 4c 6f 61 64 20 74 68 65 20 63 6f 6e 74 61 69	e.Load.Balancing.Load.the.contai
44820	6e 65 72 20 69 6d 61 67 65 20 69 6e 20 6f 70 2d 6d 6f 64 65 2e 00 4c 6f 61 64 2d 62 61 6c 61 6e	ner.image.in.op-mode..Load-balan
44840	63 69 6e 67 00 4c 6f 61 64 2d 62 61 6c 61 6e 63 69 6e 67 20 61 6c 67 6f 72 69 74 68 6d 73 20 74	cing.Load-balancing.algorithms.t
44860	6f 20 62 65 20 75 73 65 64 20 66 6f 72 20 64 69 73 74 72 69 62 75 74 69 6e 64 20 72 65 71 75 65	o.be.used.for.distributind.reque
44880	73 74 73 20 61 6d 6f 6e 67 20 74 68 65 20 76 61 69 6c 61 62 6c 65 20 73 65 72 76 65 72 73 00 4c	sts.among.the.vailable.servers.L
448a0	6f 61 64 2d 62 61 6c 61 6e 63 69 6e 67 20 73 63 68 65 64 75 6c 65 20 61 6c 67 6f 72 69 74 68 6d	oad-balancing.schedule.algorithm
448c0	3a 00 4c 6f 63 61 6c 00 4c 6f 63 61 6c 20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 2d 20 41 6e	:.Local.Local.Configuration.-.An
448e0	6e 6f 74 61 74 65 64 3a 00 4c 6f 63 61 6c 20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3a 00 4c 6f	notated:.Local.Configuration:.Lo
44900	63 61 6c 20 49 50 20 60 3c 61 64 64 72 65 73 73 3e 60 20 75 73 65 64 20 77 68 65 6e 20 63 6f 6d	cal.IP.`<address>`.used.when.com
44920	6d 75 6e 69 63 61 74 69 6e 67 20 74 6f 20 74 68 65 20 66 61 69 6c 6f 76 65 72 20 70 65 65 72 2e	municating.to.the.failover.peer.
44940	00 4c 6f 63 61 6c 20 49 50 20 61 64 64 72 65 73 73 65 73 20 74 6f 20 6c 69 73 74 65 6e 20 6f 6e	.Local.IP.addresses.to.listen.on
44960	00 4c 6f 63 61 6c 20 49 50 76 34 20 61 64 64 72 65 73 73 65 73 20 66 6f 72 20 73 65 72 76 69 63	.Local.IPv4.addresses.for.servic
44980	65 20 74 6f 20 6c 69 73 74 65 6e 20 6f 6e 2e 00 4c 6f 63 61 6c 20 52 6f 75 74 65 20 49 50 76 34	e.to.listen.on..Local.Route.IPv4
449a0	00 4c 6f 63 61 6c 20 52 6f 75 74 65 20 49 50 76 36 00 4c 6f 63 61 6c 20 52 6f 75 74 65 20 50 6f	.Local.Route.IPv6.Local.Route.Po
449c0	6c 69 63 79 00 4c 6f 63 61 6c 20 55 73 65 72 20 41 63 63 6f 75 6e 74 00 4c 6f 63 61 6c 20 70 61	licy.Local.User.Account.Local.pa
449e0	74 68 20 74 68 61 74 20 69 6e 63 6c 75 64 65 73 20 74 68 65 20 6b 6e 6f 77 6e 20 68 6f 73 74 73	th.that.includes.the.known.hosts
44a00	20 66 69 6c 65 2e 00 4c 6f 63 61 6c 20 70 61 74 68 20 74 68 61 74 20 69 6e 63 6c 75 64 65 73 20	.file..Local.path.that.includes.
44a20	74 68 65 20 70 72 69 76 61 74 65 20 6b 65 79 20 66 69 6c 65 20 6f 66 20 74 68 65 20 72 6f 75 74	the.private.key.file.of.the.rout
44a40	65 72 2e 00 4c 6f 63 61 6c 20 70 61 74 68 20 74 68 61 74 20 69 6e 63 6c 75 64 65 73 20 74 68 65	er..Local.path.that.includes.the
44a60	20 70 75 62 6c 69 63 20 6b 65 79 20 66 69 6c 65 20 6f 66 20 74 68 65 20 72 6f 75 74 65 72 2e 00	.public.key.file.of.the.router..
44a80	4c 6f 63 61 6c 20 72 6f 75 74 65 00 4c 6f 63 61 6c 6c 79 20 63 6f 6e 6e 65 63 74 20 74 6f 20 73	Local.route.Locally.connect.to.s
44aa0	65 72 69 61 6c 20 70 6f 72 74 20 69 64 65 6e 74 69 66 69 65 64 20 62 79 20 60 3c 64 65 76 69 63	erial.port.identified.by.`<devic
44ac0	65 3e 60 2e 00 4c 6f 63 61 6c 6c 79 20 73 69 67 6e 69 66 69 63 61 6e 74 20 61 64 6d 69 6e 69 73	e>`..Locally.significant.adminis
44ae0	74 72 61 74 69 76 65 20 64 69 73 74 61 6e 63 65 2e 00 4c 6f 67 20 61 6c 65 72 74 00 4c 6f 67 20	trative.distance..Log.alert.Log.
44b00	61 75 64 69 74 00 4c 6f 67 20 65 76 65 72 79 74 68 69 6e 67 00 4c 6f 67 20 6d 65 73 73 61 67 65	audit.Log.everything.Log.message
44b20	73 20 66 72 6f 6d 20 61 20 73 70 65 63 69 66 69 65 64 20 69 6d 61 67 65 20 63 61 6e 20 62 65 20	s.from.a.specified.image.can.be.
44b40	64 69 73 70 6c 61 79 65 64 20 6f 6e 20 74 68 65 20 63 6f 6e 73 6f 6c 65 2e 20 44 65 74 61 69 6c	displayed.on.the.console..Detail
44b60	73 20 6f 66 20 61 6c 6c 6f 77 65 64 20 70 61 72 61 6d 65 74 65 72 73 3a 00 4c 6f 67 20 73 79 73	s.of.allowed.parameters:.Log.sys
44b80	6c 6f 67 20 6d 65 73 73 61 67 65 73 20 74 6f 20 60 60 2f 64 65 76 2f 63 6f 6e 73 6f 6c 65 60 60	log.messages.to.``/dev/console``
44ba0	2c 20 66 6f 72 20 61 6e 20 65 78 70 6c 61 6e 61 74 69 6f 6e 20 6f 6e 20 3a 72 65 66 3a 60 73 79	,.for.an.explanation.on.:ref:`sy
44bc0	73 6c 6f 67 5f 66 61 63 69 6c 69 74 69 65 73 60 20 6b 65 79 77 6f 72 64 73 20 61 6e 64 20 3a 72	slog_facilities`.keywords.and.:r
44be0	65 66 3a 60 73 79 73 6c 6f 67 5f 73 65 76 65 72 69 74 79 5f 6c 65 76 65 6c 60 20 6b 65 79 77 6f	ef:`syslog_severity_level`.keywo
44c00	72 64 73 20 73 65 65 20 74 61 62 6c 65 73 20 62 65 6c 6f 77 2e 00 4c 6f 67 20 73 79 73 6c 6f 67	rds.see.tables.below..Log.syslog
44c20	20 6d 65 73 73 61 67 65 73 20 74 6f 20 66 69 6c 65 20 73 70 65 63 69 66 69 65 64 20 76 69 61 20	.messages.to.file.specified.via.
44c40	60 3c 66 69 6c 65 6e 61 6d 65 3e 60 2c 20 66 6f 72 20 61 6e 20 65 78 70 6c 61 6e 61 74 69 6f 6e	`<filename>`,.for.an.explanation
44c60	20 6f 6e 20 3a 72 65 66 3a 60 73 79 73 6c 6f 67 5f 66 61 63 69 6c 69 74 69 65 73 60 20 6b 65 79	.on.:ref:`syslog_facilities`.key
44c80	77 6f 72 64 73 20 61 6e 64 20 3a 72 65 66 3a 60 73 79 73 6c 6f 67 5f 73 65 76 65 72 69 74 79 5f	words.and.:ref:`syslog_severity_
44ca0	6c 65 76 65 6c 60 20 6b 65 79 77 6f 72 64 73 20 73 65 65 20 74 61 62 6c 65 73 20 62 65 6c 6f 77	level`.keywords.see.tables.below
44cc0	2e 00 4c 6f 67 20 73 79 73 6c 6f 67 20 6d 65 73 73 61 67 65 73 20 74 6f 20 72 65 6d 6f 74 65 20	..Log.syslog.messages.to.remote.
44ce0	68 6f 73 74 20 73 70 65 63 69 66 69 65 64 20 62 79 20 60 3c 61 64 64 72 65 73 73 3e 60 2e 20 54	host.specified.by.`<address>`..T
44d00	68 65 20 61 64 64 72 65 73 73 20 63 61 6e 20 62 65 20 73 70 65 63 69 66 69 65 64 20 62 79 20 65	he.address.can.be.specified.by.e
44d20	69 74 68 65 72 20 46 51 44 4e 20 6f 72 20 49 50 20 61 64 64 72 65 73 73 2e 20 46 6f 72 20 61 6e	ither.FQDN.or.IP.address..For.an
44d40	20 65 78 70 6c 61 6e 61 74 69 6f 6e 20 6f 6e 20 3a 72 65 66 3a 60 73 79 73 6c 6f 67 5f 66 61 63	.explanation.on.:ref:`syslog_fac
44d60	69 6c 69 74 69 65 73 60 20 6b 65 79 77 6f 72 64 73 20 61 6e 64 20 3a 72 65 66 3a 60 73 79 73 6c	ilities`.keywords.and.:ref:`sysl
44d80	6f 67 5f 73 65 76 65 72 69 74 79 5f 6c 65 76 65 6c 60 20 6b 65 79 77 6f 72 64 73 20 73 65 65 20	og_severity_level`.keywords.see.
44da0	74 61 62 6c 65 73 20 62 65 6c 6f 77 2e 00 4c 6f 67 20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e	tables.below..Log.the.connection
44dc0	20 74 72 61 63 6b 69 6e 67 20 65 76 65 6e 74 73 20 70 65 72 20 70 72 6f 74 6f 63 6f 6c 2e 00 4c	.tracking.events.per.protocol..L
44de0	6f 67 67 69 6e 67 00 4c 6f 67 67 69 6e 67 20 63 61 6e 20 62 65 20 65 6e 61 62 6c 65 20 66 6f 72	ogging.Logging.can.be.enable.for
44e00	20 65 76 65 72 79 20 73 69 6e 67 6c 65 20 66 69 72 65 77 61 6c 6c 20 72 75 6c 65 2e 20 49 66 20	.every.single.firewall.rule..If.
44e20	65 6e 61 62 6c 65 64 2c 20 6f 74 68 65 72 20 6c 6f 67 20 6f 70 74 69 6f 6e 73 20 63 61 6e 20 62	enabled,.other.log.options.can.b
44e40	65 20 64 65 66 69 6e 65 64 2e 00 4c 6f 67 67 69 6e 67 20 74 6f 20 61 20 72 65 6d 6f 74 65 20 68	e.defined..Logging.to.a.remote.h
44e60	6f 73 74 20 6c 65 61 76 65 73 20 74 68 65 20 6c 6f 63 61 6c 20 6c 6f 67 67 69 6e 67 20 63 6f 6e	ost.leaves.the.local.logging.con
44e80	66 69 67 75 72 61 74 69 6f 6e 20 69 6e 74 61 63 74 2c 20 69 74 20 63 61 6e 20 62 65 20 63 6f 6e	figuration.intact,.it.can.be.con
44ea0	66 69 67 75 72 65 64 20 69 6e 20 70 61 72 61 6c 6c 65 6c 20 74 6f 20 61 20 63 75 73 74 6f 6d 20	figured.in.parallel.to.a.custom.
44ec0	66 69 6c 65 20 6f 72 20 63 6f 6e 73 6f 6c 65 20 6c 6f 67 67 69 6e 67 2e 20 59 6f 75 20 63 61 6e	file.or.console.logging..You.can
44ee0	20 6c 6f 67 20 74 6f 20 6d 75 6c 74 69 70 6c 65 20 68 6f 73 74 73 20 61 74 20 74 68 65 20 73 61	.log.to.multiple.hosts.at.the.sa
44f00	6d 65 20 74 69 6d 65 2c 20 75 73 69 6e 67 20 65 69 74 68 65 72 20 54 43 50 20 6f 72 20 55 44 50	me.time,.using.either.TCP.or.UDP
44f20	2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 69 73 20 73 65 6e 64 69 6e 67 20 74 68 65 20 6d 65 73	..The.default.is.sending.the.mes
44f40	73 61 67 65 73 20 76 69 61 20 70 6f 72 74 20 35 31 34 2f 55 44 50 2e 00 4c 6f 67 69 6e 20 42 61	sages.via.port.514/UDP..Login.Ba
44f60	6e 6e 65 72 00 4c 6f 67 69 6e 20 6c 69 6d 69 74 73 00 4c 6f 67 69 6e 2f 55 73 65 72 20 4d 61 6e	nner.Login.limits.Login/User.Man
44f80	61 67 65 6d 65 6e 74 00 4c 6f 6f 70 62 61 63 6b 00 4c 6f 6f 70 62 61 63 6b 73 20 6f 63 63 75 72	agement.Loopback.Loopbacks.occur
44fa0	73 20 61 74 20 74 68 65 20 49 50 20 6c 65 76 65 6c 20 74 68 65 20 73 61 6d 65 20 77 61 79 20 61	s.at.the.IP.level.the.same.way.a
44fc0	73 20 66 6f 72 20 6f 74 68 65 72 20 69 6e 74 65 72 66 61 63 65 73 2c 20 65 74 68 65 72 6e 65 74	s.for.other.interfaces,.ethernet
44fe0	20 66 72 61 6d 65 73 20 61 72 65 20 6e 6f 74 20 66 6f 72 77 61 72 64 65 64 20 62 65 74 77 65 65	.frames.are.not.forwarded.betwee
45000	6e 20 50 73 65 75 64 6f 2d 45 74 68 65 72 6e 65 74 20 69 6e 74 65 72 66 61 63 65 73 2e 00 4c 6f	n.Pseudo-Ethernet.interfaces..Lo
45020	77 00 4d 41 43 20 47 72 6f 75 70 73 00 4d 41 43 20 61 64 64 72 65 73 73 20 61 67 69 6e 67 20 60	w.MAC.Groups.MAC.address.aging.`
45040	3c 74 69 6d 65 60 3e 20 69 6e 20 73 65 63 6f 6e 64 73 20 28 64 65 66 61 75 6c 74 3a 20 33 30 30	<time`>.in.seconds.(default:.300
45060	29 2e 00 4d 41 43 2f 50 48 59 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 00 4d 41 43 56 4c 41 4e 20 2d	)..MAC/PHY.information.MACVLAN.-
45080	20 50 73 65 75 64 6f 20 45 74 68 65 72 6e 65 74 00 4d 41 43 73 65 63 00 4d 41 43 73 65 63 20 69	.Pseudo.Ethernet.MACsec.MACsec.i
450a0	73 20 61 6e 20 49 45 45 45 20 73 74 61 6e 64 61 72 64 20 28 49 45 45 45 20 38 30 32 2e 31 41 45	s.an.IEEE.standard.(IEEE.802.1AE
450c0	29 20 66 6f 72 20 4d 41 43 20 73 65 63 75 72 69 74 79 2c 20 69 6e 74 72 6f 64 75 63 65 64 20 69	).for.MAC.security,.introduced.i
450e0	6e 20 32 30 30 36 2e 20 49 74 20 64 65 66 69 6e 65 73 20 61 20 77 61 79 20 74 6f 20 65 73 74 61	n.2006..It.defines.a.way.to.esta
45100	62 6c 69 73 68 20 61 20 70 72 6f 74 6f 63 6f 6c 20 69 6e 64 65 70 65 6e 64 65 6e 74 20 63 6f 6e	blish.a.protocol.independent.con
45120	6e 65 63 74 69 6f 6e 20 62 65 74 77 65 65 6e 20 74 77 6f 20 68 6f 73 74 73 20 77 69 74 68 20 64	nection.between.two.hosts.with.d
45140	61 74 61 20 63 6f 6e 66 69 64 65 6e 74 69 61 6c 69 74 79 2c 20 61 75 74 68 65 6e 74 69 63 69 74	ata.confidentiality,.authenticit
45160	79 20 61 6e 64 2f 6f 72 20 69 6e 74 65 67 72 69 74 79 2c 20 75 73 69 6e 67 20 47 43 4d 2d 41 45	y.and/or.integrity,.using.GCM-AE
45180	53 2d 31 32 38 2e 20 4d 41 43 73 65 63 20 6f 70 65 72 61 74 65 73 20 6f 6e 20 74 68 65 20 45 74	S-128..MACsec.operates.on.the.Et
451a0	68 65 72 6e 65 74 20 6c 61 79 65 72 20 61 6e 64 20 61 73 20 73 75 63 68 20 69 73 20 61 20 6c 61	hernet.layer.and.as.such.is.a.la
451c0	79 65 72 20 32 20 70 72 6f 74 6f 63 6f 6c 2c 20 77 68 69 63 68 20 6d 65 61 6e 73 20 69 74 27 73	yer.2.protocol,.which.means.it's
451e0	20 64 65 73 69 67 6e 65 64 20 74 6f 20 73 65 63 75 72 65 20 74 72 61 66 66 69 63 20 77 69 74 68	.designed.to.secure.traffic.with
45200	69 6e 20 61 20 6c 61 79 65 72 20 32 20 6e 65 74 77 6f 72 6b 2c 20 69 6e 63 6c 75 64 69 6e 67 20	in.a.layer.2.network,.including.
45220	44 48 43 50 20 6f 72 20 41 52 50 20 72 65 71 75 65 73 74 73 2e 20 49 74 20 64 6f 65 73 20 6e 6f	DHCP.or.ARP.requests..It.does.no
45240	74 20 63 6f 6d 70 65 74 65 20 77 69 74 68 20 6f 74 68 65 72 20 73 65 63 75 72 69 74 79 20 73 6f	t.compete.with.other.security.so
45260	6c 75 74 69 6f 6e 73 20 73 75 63 68 20 61 73 20 49 50 73 65 63 20 28 6c 61 79 65 72 20 33 29 20	lutions.such.as.IPsec.(layer.3).
45280	6f 72 20 54 4c 53 20 28 6c 61 79 65 72 20 34 29 2c 20 61 73 20 61 6c 6c 20 74 68 6f 73 65 20 73	or.TLS.(layer.4),.as.all.those.s
452a0	6f 6c 75 74 69 6f 6e 73 20 61 72 65 20 75 73 65 64 20 66 6f 72 20 74 68 65 69 72 20 6f 77 6e 20	olutions.are.used.for.their.own.
452c0	73 70 65 63 69 66 69 63 20 75 73 65 20 63 61 73 65 73 2e 00 4d 41 43 73 65 63 20 6f 6e 6c 79 20	specific.use.cases..MACsec.only.
452e0	70 72 6f 76 69 64 65 73 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 62 79 20 64 65 66 61 75	provides.authentication.by.defau
45300	6c 74 2c 20 65 6e 63 72 79 70 74 69 6f 6e 20 69 73 20 6f 70 74 69 6f 6e 61 6c 2e 20 54 68 69 73	lt,.encryption.is.optional..This
45320	20 63 6f 6d 6d 61 6e 64 20 77 69 6c 6c 20 65 6e 61 62 6c 65 20 65 6e 63 72 79 70 74 69 6f 6e 20	.command.will.enable.encryption.
45340	66 6f 72 20 61 6c 6c 20 6f 75 74 67 6f 69 6e 67 20 70 61 63 6b 65 74 73 2e 00 4d 41 43 73 65 63	for.all.outgoing.packets..MACsec
45360	20 6f 70 74 69 6f 6e 73 00 4d 44 49 20 70 6f 77 65 72 00 4d 46 41 2f 32 46 41 20 61 75 74 68 65	.options.MDI.power.MFA/2FA.authe
45380	6e 74 69 63 61 74 69 6f 6e 20 75 73 69 6e 67 20 4f 54 50 20 28 6f 6e 65 20 74 69 6d 65 20 70 61	ntication.using.OTP.(one.time.pa
453a0	73 73 77 6f 72 64 73 29 00 4d 50 4c 53 00 4d 50 4c 53 20 73 75 70 70 6f 72 74 20 69 6e 20 56 79	sswords).MPLS.MPLS.support.in.Vy
453c0	4f 53 20 69 73 20 6e 6f 74 20 66 69 6e 69 73 68 65 64 20 79 65 74 2c 20 61 6e 64 20 74 68 65 72	OS.is.not.finished.yet,.and.ther
453e0	65 66 6f 72 65 20 69 74 73 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79 20 69 73 20 6c 69 6d 69 74	efore.its.functionality.is.limit
45400	65 64 2e 20 43 75 72 72 65 6e 74 6c 79 20 74 68 65 72 65 20 69 73 20 6e 6f 20 73 75 70 70 6f 72	ed..Currently.there.is.no.suppor
45420	74 20 66 6f 72 20 4d 50 4c 53 20 65 6e 61 62 6c 65 64 20 56 50 4e 20 73 65 72 76 69 63 65 73 20	t.for.MPLS.enabled.VPN.services.
45440	73 75 63 68 20 61 73 20 4c 32 56 50 4e 73 20 61 6e 64 20 6d 56 50 4e 73 2e 20 52 53 56 50 20 73	such.as.L2VPNs.and.mVPNs..RSVP.s
45460	75 70 70 6f 72 74 20 69 73 20 61 6c 73 6f 20 6e 6f 74 20 70 72 65 73 65 6e 74 20 61 73 20 74 68	upport.is.also.not.present.as.th
45480	65 20 75 6e 64 65 72 6c 79 69 6e 67 20 72 6f 75 74 69 6e 67 20 73 74 61 63 6b 20 28 46 52 52 29	e.underlying.routing.stack.(FRR)
454a0	20 64 6f 65 73 20 6e 6f 74 20 69 6d 70 6c 65 6d 65 6e 74 20 69 74 2e 20 43 75 72 72 65 6e 74 6c	.does.not.implement.it..Currentl
454c0	79 20 56 79 4f 53 20 69 6d 70 6c 65 6d 65 6e 74 73 20 4c 44 50 20 61 73 20 64 65 73 63 72 69 62	y.VyOS.implements.LDP.as.describ
454e0	65 64 20 69 6e 20 52 46 43 20 35 30 33 36 3b 20 6f 74 68 65 72 20 4c 44 50 20 73 74 61 6e 64 61	ed.in.RFC.5036;.other.LDP.standa
45500	72 64 20 61 72 65 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 6f 6e 65 73 3a 20 52 46 43 20 36	rd.are.the.following.ones:.RFC.6
45520	37 32 30 2c 20 52 46 43 20 36 36 36 37 2c 20 52 46 43 20 35 39 31 39 2c 20 52 46 43 20 35 35 36	720,.RFC.6667,.RFC.5919,.RFC.556
45540	31 2c 20 52 46 43 20 37 35 35 32 2c 20 52 46 43 20 34 34 34 37 2e 20 42 65 63 61 75 73 65 20 4d	1,.RFC.7552,.RFC.4447..Because.M
45560	50 4c 53 20 69 73 20 61 6c 72 65 61 64 79 20 61 76 61 69 6c 61 62 6c 65 20 28 46 52 52 20 61 6c	PLS.is.already.available.(FRR.al
45580	73 6f 20 73 75 70 70 6f 72 74 73 20 52 46 43 20 33 30 33 31 29 2e 00 4d 53 53 20 76 61 6c 75 65	so.supports.RFC.3031)..MSS.value
455a0	20 3d 20 4d 54 55 20 2d 20 32 30 20 28 49 50 20 68 65 61 64 65 72 29 20 2d 20 32 30 20 28 54 43	.=.MTU.-.20.(IP.header).-.20.(TC
455c0	50 20 68 65 61 64 65 72 29 2c 20 72 65 73 75 6c 74 69 6e 67 20 69 6e 20 31 34 35 32 20 62 79 74	P.header),.resulting.in.1452.byt
455e0	65 73 20 6f 6e 20 61 20 31 34 39 32 20 62 79 74 65 20 4d 54 55 2e 00 4d 53 53 20 76 61 6c 75 65	es.on.a.1492.byte.MTU..MSS.value
45600	20 3d 20 4d 54 55 20 2d 20 34 30 20 28 49 50 76 36 20 68 65 61 64 65 72 29 20 2d 20 32 30 20 28	.=.MTU.-.40.(IPv6.header).-.20.(
45620	54 43 50 20 68 65 61 64 65 72 29 2c 20 72 65 73 75 6c 74 69 6e 67 20 69 6e 20 31 34 33 32 20 62	TCP.header),.resulting.in.1432.b
45640	79 74 65 73 20 6f 6e 20 61 20 31 34 39 32 20 62 79 74 65 20 4d 54 55 2e 00 4d 54 55 00 4d 61 69	ytes.on.a.1492.byte.MTU..MTU.Mai
45660	6c 20 73 79 73 74 65 6d 00 4d 61 69 6e 20 73 74 72 75 63 74 75 72 65 20 69 73 20 73 68 6f 77 6e	l.system.Main.structure.is.shown
45680	20 6e 65 78 74 3a 00 4d 61 69 6e 74 65 6e 61 6e 63 65 20 6d 6f 64 65 00 4d 61 6b 65 20 73 75 72	.next:.Maintenance.mode.Make.sur
456a0	65 20 63 6f 6e 6e 74 72 61 63 6b 20 69 73 20 65 6e 61 62 6c 65 64 20 62 79 20 72 75 6e 6e 69 6e	e.conntrack.is.enabled.by.runnin
456c0	67 20 61 6e 64 20 73 68 6f 77 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 74 72 61 63 6b 69 6e 67 20 74	g.and.show.connection.tracking.t
456e0	61 62 6c 65 2e 00 4d 61 6e 61 67 65 64 20 64 65 76 69 63 65 73 00 4d 61 6e 61 67 65 6d 65 6e 74	able..Managed.devices.Management
45700	20 46 72 61 6d 65 20 50 72 6f 74 65 63 74 69 6f 6e 20 28 4d 46 50 29 20 61 63 63 6f 72 64 69 6e	.Frame.Protection.(MFP).accordin
45720	67 20 74 6f 20 49 45 45 45 20 38 30 32 2e 31 31 77 00 4d 61 6e 64 61 74 6f 72 79 20 53 65 74 74	g.to.IEEE.802.11w.Mandatory.Sett
45740	69 6e 67 73 00 4d 61 6e 75 61 6c 20 4e 65 69 67 68 62 6f 72 20 43 6f 6e 66 69 67 75 72 61 74 69	ings.Manual.Neighbor.Configurati
45760	6f 6e 00 4d 61 70 73 20 74 68 65 20 56 4e 49 20 74 6f 20 74 68 65 20 73 70 65 63 69 66 69 65 64	on.Maps.the.VNI.to.the.specified
45780	20 56 4c 41 4e 20 69 64 2e 20 54 68 65 20 56 4c 41 4e 20 63 61 6e 20 74 68 65 6e 20 62 65 20 63	.VLAN.id..The.VLAN.can.then.be.c
457a0	6f 6e 73 75 6d 65 64 20 62 79 20 61 20 62 72 69 64 67 65 2e 00 4d 61 72 6b 20 52 41 44 49 55 53	onsumed.by.a.bridge..Mark.RADIUS
457c0	20 73 65 72 76 65 72 20 61 73 20 6f 66 66 6c 69 6e 65 20 66 6f 72 20 74 68 69 73 20 67 69 76 65	.server.as.offline.for.this.give
457e0	6e 20 60 3c 74 69 6d 65 3e 60 20 69 6e 20 73 65 63 6f 6e 64 73 2e 00 4d 61 72 6b 20 74 68 65 20	n.`<time>`.in.seconds..Mark.the.
45800	43 41 73 20 70 72 69 76 61 74 65 20 6b 65 79 20 61 73 20 70 61 73 73 77 6f 72 64 20 70 72 6f 74	CAs.private.key.as.password.prot
45820	65 63 74 65 64 2e 20 55 73 65 72 20 69 73 20 61 73 6b 65 64 20 66 6f 72 20 74 68 65 20 70 61 73	ected..User.is.asked.for.the.pas
45840	73 77 6f 72 64 20 77 68 65 6e 20 74 68 65 20 6b 65 79 20 69 73 20 72 65 66 65 72 65 6e 63 65 64	sword.when.the.key.is.referenced
45860	2e 00 4d 61 72 6b 20 74 68 65 20 70 72 69 76 61 74 65 20 6b 65 79 20 61 73 20 70 61 73 73 77 6f	..Mark.the.private.key.as.passwo
45880	72 64 20 70 72 6f 74 65 63 74 65 64 2e 20 55 73 65 72 20 69 73 20 61 73 6b 65 64 20 66 6f 72 20	rd.protected..User.is.asked.for.
458a0	74 68 65 20 70 61 73 73 77 6f 72 64 20 77 68 65 6e 20 74 68 65 20 6b 65 79 20 69 73 20 72 65 66	the.password.when.the.key.is.ref
458c0	65 72 65 6e 63 65 64 2e 00 4d 61 74 63 68 20 42 47 50 20 6c 61 72 67 65 20 63 6f 6d 6d 75 6e 69	erenced..Match.BGP.large.communi
458e0	74 69 65 73 2e 00 4d 61 74 63 68 20 49 50 20 61 64 64 72 65 73 73 65 73 20 62 61 73 65 64 20 6f	ties..Match.IP.addresses.based.o
45900	6e 20 69 74 73 20 67 65 6f 6c 6f 63 61 74 69 6f 6e 2e 20 4d 6f 72 65 20 69 6e 66 6f 3a 20 60 67	n.its.geolocation..More.info:.`g
45920	65 6f 69 70 20 6d 61 74 63 68 69 6e 67 20 3c 68 74 74 70 73 3a 2f 2f 77 69 6b 69 2e 6e 66 74 61	eoip.matching.<https://wiki.nfta
45940	62 6c 65 73 2e 6f 72 67 2f 77 69 6b 69 2d 6e 66 74 61 62 6c 65 73 2f 69 6e 64 65 78 2e 70 68 70	bles.org/wiki-nftables/index.php
45960	2f 47 65 6f 49 50 5f 6d 61 74 63 68 69 6e 67 3e 60 5f 2e 00 4d 61 74 63 68 20 49 50 20 61 64 64	/GeoIP_matching>`_..Match.IP.add
45980	72 65 73 73 65 73 20 62 61 73 65 64 20 6f 6e 20 69 74 73 20 67 65 6f 6c 6f 63 61 74 69 6f 6e 2e	resses.based.on.its.geolocation.
459a0	20 4d 6f 72 65 20 69 6e 66 6f 3a 20 60 67 65 6f 69 70 20 6d 61 74 63 68 69 6e 67 20 3c 68 74 74	.More.info:.`geoip.matching.<htt
459c0	70 73 3a 2f 2f 77 69 6b 69 2e 6e 66 74 61 62 6c 65 73 2e 6f 72 67 2f 77 69 6b 69 2d 6e 66 74 61	ps://wiki.nftables.org/wiki-nfta
459e0	62 6c 65 73 2f 69 6e 64 65 78 2e 70 68 70 2f 47 65 6f 49 50 5f 6d 61 74 63 68 69 6e 67 3e 60 5f	bles/index.php/GeoIP_matching>`_
45a00	2e 20 55 73 65 20 69 6e 76 65 72 73 65 2d 6d 61 74 63 68 20 74 6f 20 6d 61 74 63 68 20 61 6e 79	..Use.inverse-match.to.match.any
45a20	74 68 69 6e 67 20 65 78 63 65 70 74 20 74 68 65 20 67 69 76 65 6e 20 63 6f 75 6e 74 72 79 2d 63	thing.except.the.given.country-c
45a40	6f 64 65 73 2e 00 4d 61 74 63 68 20 52 50 4b 49 20 76 61 6c 69 64 61 74 69 6f 6e 20 72 65 73 75	odes..Match.RPKI.validation.resu
45a60	6c 74 2e 00 4d 61 74 63 68 20 61 20 70 72 6f 74 6f 63 6f 6c 20 63 72 69 74 65 72 69 61 2e 20 41	lt..Match.a.protocol.criteria..A
45a80	20 70 72 6f 74 6f 63 6f 6c 20 6e 75 6d 62 65 72 20 6f 72 20 61 20 6e 61 6d 65 20 77 68 69 63 68	.protocol.number.or.a.name.which
45aa0	20 69 73 20 64 65 66 69 6e 65 64 20 69 6e 3a 20 60 60 2f 65 74 63 2f 70 72 6f 74 6f 63 6f 6c 73	.is.defined.in:.``/etc/protocols
45ac0	60 60 2e 20 53 70 65 63 69 61 6c 20 6e 61 6d 65 73 20 61 72 65 20 60 60 61 6c 6c 60 60 20 66 6f	``..Special.names.are.``all``.fo
45ae0	72 20 61 6c 6c 20 70 72 6f 74 6f 63 6f 6c 73 20 61 6e 64 20 60 60 74 63 70 5f 75 64 70 60 60 20	r.all.protocols.and.``tcp_udp``.
45b00	66 6f 72 20 74 63 70 20 61 6e 64 20 75 64 70 20 62 61 73 65 64 20 70 61 63 6b 65 74 73 2e 20 54	for.tcp.and.udp.based.packets..T
45b20	68 65 20 60 60 21 60 60 20 6e 65 67 61 74 65 73 20 74 68 65 20 73 65 6c 65 63 74 65 64 20 70 72	he.``!``.negates.the.selected.pr
45b40	6f 74 6f 63 6f 6c 2e 00 4d 61 74 63 68 20 61 20 70 72 6f 74 6f 63 6f 6c 20 63 72 69 74 65 72 69	otocol..Match.a.protocol.criteri
45b60	61 2e 20 41 20 70 72 6f 74 6f 63 6f 6c 20 6e 75 6d 62 65 72 20 6f 72 20 61 20 6e 61 6d 65 20 77	a..A.protocol.number.or.a.name.w
45b80	68 69 63 68 20 69 73 20 68 65 72 65 20 64 65 66 69 6e 65 64 3a 20 60 60 2f 65 74 63 2f 70 72 6f	hich.is.here.defined:.``/etc/pro
45ba0	74 6f 63 6f 6c 73 60 60 2e 20 53 70 65 63 69 61 6c 20 6e 61 6d 65 73 20 61 72 65 20 60 60 61 6c	tocols``..Special.names.are.``al
45bc0	6c 60 60 20 66 6f 72 20 61 6c 6c 20 70 72 6f 74 6f 63 6f 6c 73 20 61 6e 64 20 60 60 74 63 70 5f	l``.for.all.protocols.and.``tcp_
45be0	75 64 70 60 60 20 66 6f 72 20 74 63 70 20 61 6e 64 20 75 64 70 20 62 61 73 65 64 20 70 61 63 6b	udp``.for.tcp.and.udp.based.pack
45c00	65 74 73 2e 20 54 68 65 20 60 60 21 60 60 20 6e 65 67 61 74 65 20 74 68 65 20 73 65 6c 65 63 74	ets..The.``!``.negate.the.select
45c20	65 64 20 70 72 6f 74 6f 63 6f 6c 2e 00 4d 61 74 63 68 20 61 67 61 69 6e 73 74 20 74 68 65 20 73	ed.protocol..Match.against.the.s
45c40	74 61 74 65 20 6f 66 20 61 20 70 61 63 6b 65 74 2e 00 4d 61 74 63 68 20 62 61 73 65 64 20 6f 6e	tate.of.a.packet..Match.based.on
45c60	20 64 73 63 70 20 76 61 6c 75 65 20 63 72 69 74 65 72 69 61 2e 20 4d 75 6c 74 69 70 6c 65 20 76	.dscp.value.criteria..Multiple.v
45c80	61 6c 75 65 73 20 66 72 6f 6d 20 30 20 74 6f 20 36 33 20 61 6e 64 20 72 61 6e 67 65 73 20 61 72	alues.from.0.to.63.and.ranges.ar
45ca0	65 20 73 75 70 70 6f 72 74 65 64 2e 00 4d 61 74 63 68 20 62 61 73 65 64 20 6f 6e 20 64 73 63 70	e.supported..Match.based.on.dscp
45cc0	20 76 61 6c 75 65 2e 00 4d 61 74 63 68 20 62 61 73 65 64 20 6f 6e 20 66 72 61 67 6d 65 6e 74 20	.value..Match.based.on.fragment.
45ce0	63 72 69 74 65 72 69 61 2e 00 4d 61 74 63 68 20 62 61 73 65 64 20 6f 6e 20 69 63 6d 70 7c 69 63	criteria..Match.based.on.icmp|ic
45d00	6d 70 76 36 20 63 6f 64 65 20 61 6e 64 20 74 79 70 65 2e 00 4d 61 74 63 68 20 62 61 73 65 64 20	mpv6.code.and.type..Match.based.
45d20	6f 6e 20 69 63 6d 70 7c 69 63 6d 70 76 36 20 74 79 70 65 2d 6e 61 6d 65 20 63 72 69 74 65 72 69	on.icmp|icmpv6.type-name.criteri
45d40	61 2e 20 55 73 65 20 74 61 62 20 66 6f 72 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74	a..Use.tab.for.information.about
45d60	20 77 68 61 74 20 2a 2a 74 79 70 65 2d 6e 61 6d 65 2a 2a 20 63 72 69 74 65 72 69 61 20 61 72 65	.what.**type-name**.criteria.are
45d80	20 73 75 70 70 6f 72 74 65 64 2e 00 4d 61 74 63 68 20 62 61 73 65 64 20 6f 6e 20 69 63 6d 70 7c	.supported..Match.based.on.icmp|
45da0	69 63 6d 70 76 36 20 74 79 70 65 2d 6e 61 6d 65 20 63 72 69 74 65 72 69 61 2e 20 55 73 65 20 74	icmpv6.type-name.criteria..Use.t
45dc0	61 62 20 66 6f 72 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 77 68 61 74 20 74 79	ab.for.information.about.what.ty
45de0	70 65 2d 6e 61 6d 65 20 63 72 69 74 65 72 69 61 20 61 72 65 20 73 75 70 70 6f 72 74 65 64 2e 00	pe-name.criteria.are.supported..
45e00	4d 61 74 63 68 20 62 61 73 65 64 20 6f 6e 20 69 6e 62 6f 75 6e 64 20 69 6e 74 65 72 66 61 63 65	Match.based.on.inbound.interface
45e20	2e 20 57 69 6c 63 61 72 64 20 60 60 2a 60 60 20 63 61 6e 20 62 65 20 75 73 65 64 2e 20 46 6f 72	..Wilcard.``*``.can.be.used..For
45e40	20 65 78 61 6d 70 6c 65 3a 20 60 60 65 74 68 32 2a 60 60 00 4d 61 74 63 68 20 62 61 73 65 64 20	.example:.``eth2*``.Match.based.
45e60	6f 6e 20 69 6e 62 6f 75 6e 64 2f 6f 75 74 62 6f 75 6e 64 20 69 6e 74 65 72 66 61 63 65 2e 20 57	on.inbound/outbound.interface..W
45e80	69 6c 63 61 72 64 20 60 60 2a 60 60 20 63 61 6e 20 62 65 20 75 73 65 64 2e 20 46 6f 72 20 65 78	ilcard.``*``.can.be.used..For.ex
45ea0	61 6d 70 6c 65 3a 20 60 60 65 74 68 32 2a 60 60 00 4d 61 74 63 68 20 62 61 73 65 64 20 6f 6e 20	ample:.``eth2*``.Match.based.on.
45ec0	69 70 73 65 63 20 63 72 69 74 65 72 69 61 2e 00 4d 61 74 63 68 20 62 61 73 65 64 20 6f 6e 20 6f	ipsec.criteria..Match.based.on.o
45ee0	75 74 62 6f 75 6e 64 20 69 6e 74 65 72 66 61 63 65 2e 20 57 69 6c 63 61 72 64 20 60 60 2a 60 60	utbound.interface..Wilcard.``*``
45f00	20 63 61 6e 20 62 65 20 75 73 65 64 2e 20 46 6f 72 20 65 78 61 6d 70 6c 65 3a 20 60 60 65 74 68	.can.be.used..For.example:.``eth
45f20	32 2a 60 60 00 4d 61 74 63 68 20 62 61 73 65 64 20 6f 6e 20 70 61 63 6b 65 74 20 6c 65 6e 67 74	2*``.Match.based.on.packet.lengt
45f40	68 20 63 72 69 74 65 72 69 61 2e 20 4d 75 6c 74 69 70 6c 65 20 76 61 6c 75 65 73 20 66 72 6f 6d	h.criteria..Multiple.values.from
45f60	20 31 20 74 6f 20 36 35 35 33 35 20 61 6e 64 20 72 61 6e 67 65 73 20 61 72 65 20 73 75 70 70 6f	.1.to.65535.and.ranges.are.suppo
45f80	72 74 65 64 2e 00 4d 61 74 63 68 20 62 61 73 65 64 20 6f 6e 20 70 61 63 6b 65 74 20 74 79 70 65	rted..Match.based.on.packet.type
45fa0	20 63 72 69 74 65 72 69 61 2e 00 4d 61 74 63 68 20 62 61 73 65 64 20 6f 6e 20 74 68 65 20 6d 61	.criteria..Match.based.on.the.ma
45fc0	78 69 6d 75 6d 20 61 76 65 72 61 67 65 20 72 61 74 65 2c 20 73 70 65 63 69 66 69 65 64 20 61 73	ximum.average.rate,.specified.as
45fe0	20 2a 2a 69 6e 74 65 67 65 72 2f 75 6e 69 74 2a 2a 2e 20 46 6f 72 20 65 78 61 6d 70 6c 65 20 2a	.**integer/unit**..For.example.*
46000	2a 35 2f 6d 69 6e 75 74 65 73 2a 2a 00 4d 61 74 63 68 20 62 61 73 65 64 20 6f 6e 20 74 68 65 20	*5/minutes**.Match.based.on.the.
46020	6d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 70 61 63 6b 65 74 73 20 74 6f 20 61 6c 6c	maximum.number.of.packets.to.all
46040	6f 77 20 69 6e 20 65 78 63 65 73 73 20 6f 66 20 72 61 74 65 2e 00 4d 61 74 63 68 20 62 61 73 65	ow.in.excess.of.rate..Match.base
46060	73 20 6f 6e 20 72 65 63 65 6e 74 6c 79 20 73 65 65 6e 20 73 6f 75 72 63 65 73 2e 00 4d 61 74 63	s.on.recently.seen.sources..Matc
46080	68 20 63 72 69 74 65 72 69 61 20 62 61 73 65 64 20 6f 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 6d	h.criteria.based.on.connection.m
460a0	61 72 6b 2e 00 4d 61 74 63 68 20 63 72 69 74 65 72 69 61 20 62 61 73 65 64 20 6f 6e 20 6e 61 74	ark..Match.criteria.based.on.nat
460c0	20 63 6f 6e 6e 65 63 74 69 6f 6e 20 73 74 61 74 75 73 2e 00 4d 61 74 63 68 20 63 72 69 74 65 72	.connection.status..Match.criter
460e0	69 61 20 62 61 73 65 64 20 6f 6e 20 73 6f 75 72 63 65 20 61 6e 64 2f 6f 72 20 64 65 73 74 69 6e	ia.based.on.source.and/or.destin
46100	61 74 69 6f 6e 20 61 64 64 72 65 73 73 2e 20 54 68 69 73 20 69 73 20 73 69 6d 69 6c 61 72 20 74	ation.address..This.is.similar.t
46120	6f 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 67 72 6f 75 70 73 20 70 61 72 74 2c 20 62 75 74 20 68	o.the.network.groups.part,.but.h
46140	65 72 65 20 79 6f 75 20 61 72 65 20 61 62 6c 65 20 74 6f 20 6e 65 67 61 74 65 20 74 68 65 20 6d	ere.you.are.able.to.negate.the.m
46160	61 74 63 68 69 6e 67 20 61 64 64 72 65 73 73 65 73 2e 00 4d 61 74 63 68 20 64 6f 6d 61 69 6e 20	atching.addresses..Match.domain.
46180	6e 61 6d 65 00 4d 61 74 63 68 20 68 6f 70 2d 6c 69 6d 69 74 20 70 61 72 61 6d 65 74 65 72 2c 20	name.Match.hop-limit.parameter,.
461a0	77 68 65 72 65 20 27 65 71 27 20 73 74 61 6e 64 73 20 66 6f 72 20 27 65 71 75 61 6c 27 3b 20 27	where.'eq'.stands.for.'equal';.'
461c0	67 74 27 20 73 74 61 6e 64 73 20 66 6f 72 20 27 67 72 65 61 74 65 72 20 74 68 61 6e 27 2c 20 61	gt'.stands.for.'greater.than',.a
461e0	6e 64 20 27 6c 74 27 20 73 74 61 6e 64 73 20 66 6f 72 20 27 6c 65 73 73 20 74 68 61 6e 27 2e 00	nd.'lt'.stands.for.'less.than'..
46200	4d 61 74 63 68 20 6c 6f 63 61 6c 20 70 72 65 66 65 72 65 6e 63 65 2e 00 4d 61 74 63 68 20 72 6f	Match.local.preference..Match.ro
46220	75 74 65 20 6d 65 74 72 69 63 2e 00 4d 61 74 63 68 20 74 69 6d 65 20 74 6f 20 6c 69 76 65 20 70	ute.metric..Match.time.to.live.p
46240	61 72 61 6d 65 74 65 72 2c 20 77 68 65 72 65 20 27 65 71 27 20 73 74 61 6e 64 73 20 66 6f 72 20	arameter,.where.'eq'.stands.for.
46260	27 65 71 75 61 6c 27 3b 20 27 67 74 27 20 73 74 61 6e 64 73 20 66 6f 72 20 27 67 72 65 61 74 65	'equal';.'gt'.stands.for.'greate
46280	72 20 74 68 61 6e 27 2c 20 61 6e 64 20 27 6c 74 27 20 73 74 61 6e 64 73 20 66 6f 72 20 27 6c 65	r.than',.and.'lt'.stands.for.'le
462a0	73 73 20 74 68 61 6e 27 2e 00 4d 61 74 63 68 20 77 68 65 6e 20 27 63 6f 75 6e 74 27 20 61 6d 6f	ss.than'..Match.when.'count'.amo
462c0	75 6e 74 20 6f 66 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 61 72 65 20 73 65 65 6e 20 77 69 74 68	unt.of.connections.are.seen.with
462e0	69 6e 20 27 74 69 6d 65 27 2e 20 54 68 65 73 65 20 6d 61 74 63 68 69 6e 67 20 63 72 69 74 65 72	in.'time'..These.matching.criter
46300	69 61 20 63 61 6e 20 62 65 20 75 73 65 64 20 74 6f 20 62 6c 6f 63 6b 20 62 72 75 74 65 2d 66 6f	ia.can.be.used.to.block.brute-fo
46320	72 63 65 20 61 74 74 65 6d 70 74 73 2e 00 4d 61 74 63 68 69 6e 67 20 63 72 69 74 65 72 69 61 00	rce.attempts..Matching.criteria.
46340	4d 61 74 63 68 69 6e 67 20 74 72 61 66 66 69 63 00 4d 61 78 69 6d 75 6d 20 41 2d 4d 53 44 55 20	Matching.traffic.Maximum.A-MSDU.
46360	6c 65 6e 67 74 68 20 33 38 33 39 20 28 64 65 66 61 75 6c 74 29 20 6f 72 20 37 39 33 35 20 6f 63	length.3839.(default).or.7935.oc
46380	74 65 74 73 00 4d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 44 4e 53 20 63 61 63 68 65	tets.Maximum.number.of.DNS.cache
463a0	20 65 6e 74 72 69 65 73 2e 20 31 20 6d 69 6c 6c 69 6f 6e 20 70 65 72 20 43 50 55 20 63 6f 72 65	.entries..1.million.per.CPU.core
463c0	20 77 69 6c 6c 20 67 65 6e 65 72 61 6c 6c 79 20 73 75 66 66 69 63 65 20 66 6f 72 20 6d 6f 73 74	.will.generally.suffice.for.most
463e0	20 69 6e 73 74 61 6c 6c 61 74 69 6f 6e 73 2e 00 4d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f	.installations..Maximum.number.o
46400	66 20 49 50 76 34 20 6e 61 6d 65 73 65 72 76 65 72 73 00 4d 61 78 69 6d 75 6d 20 6e 75 6d 62 65	f.IPv4.nameservers.Maximum.numbe
46420	72 20 6f 66 20 61 75 74 68 65 6e 74 69 63 61 74 6f 72 20 70 72 6f 63 65 73 73 65 73 20 74 6f 20	r.of.authenticator.processes.to.
46440	73 70 61 77 6e 2e 20 49 66 20 79 6f 75 20 73 74 61 72 74 20 74 6f 6f 20 66 65 77 20 53 71 75 69	spawn..If.you.start.too.few.Squi
46460	64 20 77 69 6c 6c 20 68 61 76 65 20 74 6f 20 77 61 69 74 20 66 6f 72 20 74 68 65 6d 20 74 6f 20	d.will.have.to.wait.for.them.to.
46480	70 72 6f 63 65 73 73 20 61 20 62 61 63 6b 6c 6f 67 20 6f 66 20 63 72 65 64 65 6e 74 69 61 6c 20	process.a.backlog.of.credential.
464a0	76 65 72 69 66 69 63 61 74 69 6f 6e 73 2c 20 73 6c 6f 77 69 6e 67 20 69 74 20 64 6f 77 6e 2e 20	verifications,.slowing.it.down..
464c0	57 68 65 6e 20 70 61 73 73 77 6f 72 64 20 76 65 72 69 66 69 63 61 74 69 6f 6e 73 20 61 72 65 20	When.password.verifications.are.
464e0	64 6f 6e 65 20 76 69 61 20 61 20 28 73 6c 6f 77 29 20 6e 65 74 77 6f 72 6b 20 79 6f 75 20 61 72	done.via.a.(slow).network.you.ar
46500	65 20 6c 69 6b 65 6c 79 20 74 6f 20 6e 65 65 64 20 6c 6f 74 73 20 6f 66 20 61 75 74 68 65 6e 74	e.likely.to.need.lots.of.authent
46520	69 63 61 74 6f 72 20 70 72 6f 63 65 73 73 65 73 2e 00 4d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72	icator.processes..Maximum.number
46540	20 6f 66 20 73 74 61 74 69 6f 6e 73 20 61 6c 6c 6f 77 65 64 20 69 6e 20 73 74 61 74 69 6f 6e 20	.of.stations.allowed.in.station.
46560	74 61 62 6c 65 2e 20 4e 65 77 20 73 74 61 74 69 6f 6e 73 20 77 69 6c 6c 20 62 65 20 72 65 6a 65	table..New.stations.will.be.reje
46580	63 74 65 64 20 61 66 74 65 72 20 74 68 65 20 73 74 61 74 69 6f 6e 20 74 61 62 6c 65 20 69 73 20	cted.after.the.station.table.is.
465a0	66 75 6c 6c 2e 20 49 45 45 45 20 38 30 32 2e 31 31 20 68 61 73 20 61 20 6c 69 6d 69 74 20 6f 66	full..IEEE.802.11.has.a.limit.of
465c0	20 32 30 30 37 20 64 69 66 66 65 72 65 6e 74 20 61 73 73 6f 63 69 61 74 69 6f 6e 20 49 44 73 2c	.2007.different.association.IDs,
465e0	20 73 6f 20 74 68 69 73 20 6e 75 6d 62 65 72 20 73 68 6f 75 6c 64 20 6e 6f 74 20 62 65 20 6c 61	.so.this.number.should.not.be.la
46600	72 67 65 72 20 74 68 61 6e 20 74 68 61 74 2e 00 4d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f	rger.than.that..Maximum.number.o
46620	66 20 74 72 69 65 73 20 74 6f 20 73 65 6e 64 20 41 63 63 65 73 73 2d 52 65 71 75 65 73 74 2f 41	f.tries.to.send.Access-Request/A
46640	63 63 6f 75 6e 74 69 6e 67 2d 52 65 71 75 65 73 74 20 71 75 65 72 69 65 73 00 4d 65 64 69 75 6d	ccounting-Request.queries.Medium
46660	00 4d 65 6d 62 65 72 20 49 6e 74 65 72 66 61 63 65 73 00 4d 65 6d 62 65 72 20 69 6e 74 65 72 66	.Member.Interfaces.Member.interf
46680	61 63 65 73 20 60 65 74 68 31 60 20 61 6e 64 20 56 4c 41 4e 20 31 30 20 6f 6e 20 69 6e 74 65 72	aces.`eth1`.and.VLAN.10.on.inter
466a0	66 61 63 65 20 60 65 74 68 32 60 00 4d 65 73 73 61 67 65 73 20 67 65 6e 65 72 61 74 65 64 20 69	face.`eth2`.Messages.generated.i
466c0	6e 74 65 72 6e 61 6c 6c 79 20 62 79 20 73 79 73 6c 6f 67 64 00 4d 65 74 72 69 73 20 76 65 72 73	nternally.by.syslogd.Metris.vers
466e0	69 6f 6e 2c 20 74 68 65 20 64 65 66 61 75 6c 74 20 69 73 20 60 60 32 60 60 00 4d 69 6e 20 61 6e	ion,.the.default.is.``2``.Min.an
46700	64 20 6d 61 78 20 69 6e 74 65 72 76 61 6c 73 20 62 65 74 77 65 65 6e 20 75 6e 73 6f 6c 69 63 69	d.max.intervals.between.unsolici
46720	74 65 64 20 6d 75 6c 74 69 63 61 73 74 20 52 41 73 00 4d 6f 6e 69 74 6f 72 2c 20 74 68 65 20 73	ted.multicast.RAs.Monitor,.the.s
46740	79 73 74 65 6d 20 70 61 73 73 69 76 65 6c 79 20 6d 6f 6e 69 74 6f 72 73 20 61 6e 79 20 6b 69 6e	ystem.passively.monitors.any.kin
46760	64 20 6f 66 20 77 69 72 65 6c 65 73 73 20 74 72 61 66 66 69 63 00 4d 6f 6e 69 74 6f 72 69 6e 67	d.of.wireless.traffic.Monitoring
46780	00 4d 6f 6e 69 74 6f 72 69 6e 67 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79 20 77 69 74 68 20 60	.Monitoring.functionality.with.`
467a0	60 74 65 6c 65 67 72 61 66 60 60 20 61 6e 64 20 60 60 49 6e 66 6c 75 78 44 42 20 32 60 60 20 69	`telegraf``.and.``InfluxDB.2``.i
467c0	73 20 70 72 6f 76 69 64 65 64 2e 20 54 65 6c 65 67 72 61 66 20 69 73 20 74 68 65 20 6f 70 65 6e	s.provided..Telegraf.is.the.open
467e0	20 73 6f 75 72 63 65 20 73 65 72 76 65 72 20 61 67 65 6e 74 20 74 6f 20 68 65 6c 70 20 79 6f 75	.source.server.agent.to.help.you
46800	20 63 6f 6c 6c 65 63 74 20 6d 65 74 72 69 63 73 2c 20 65 76 65 6e 74 73 20 61 6e 64 20 6c 6f 67	.collect.metrics,.events.and.log
46820	73 20 66 72 6f 6d 20 79 6f 75 72 20 72 6f 75 74 65 72 73 2e 00 4d 6f 72 65 20 64 65 74 61 69 6c	s.from.your.routers..More.detail
46840	73 20 61 62 6f 75 74 20 74 68 65 20 49 50 73 65 63 20 61 6e 64 20 56 54 49 20 69 73 73 75 65 20	s.about.the.IPsec.and.VTI.issue.
46860	61 6e 64 20 6f 70 74 69 6f 6e 20 64 69 73 61 62 6c 65 2d 72 6f 75 74 65 2d 61 75 74 6f 69 6e 73	and.option.disable-route-autoins
46880	74 61 6c 6c 20 68 74 74 70 73 3a 2f 2f 62 6c 6f 67 2e 76 79 6f 73 2e 69 6f 2f 76 79 6f 73 2d 31	tall.https://blog.vyos.io/vyos-1
468a0	2d 64 6f 74 2d 32 2d 30 2d 64 65 76 65 6c 6f 70 6d 65 6e 74 2d 6e 65 77 73 2d 69 6e 2d 6a 75 6c	-dot-2-0-development-news-in-jul
468c0	79 00 4d 6f 75 6e 74 20 61 20 76 6f 6c 75 6d 65 20 69 6e 74 6f 20 74 68 65 20 63 6f 6e 74 61 69	y.Mount.a.volume.into.the.contai
468e0	6e 65 72 00 4d 75 6c 74 69 00 4d 75 6c 74 69 2d 63 6c 69 65 6e 74 20 73 65 72 76 65 72 20 69 73	ner.Multi.Multi-client.server.is
46900	20 74 68 65 20 6d 6f 73 74 20 70 6f 70 75 6c 61 72 20 4f 70 65 6e 56 50 4e 20 6d 6f 64 65 20 6f	.the.most.popular.OpenVPN.mode.o
46920	6e 20 72 6f 75 74 65 72 73 2e 20 49 74 20 61 6c 77 61 79 73 20 75 73 65 73 20 78 2e 35 30 39 20	n.routers..It.always.uses.x.509.
46940	61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 61 6e 64 20 74 68 65 72 65 66 6f 72 65 20 72 65 71	authentication.and.therefore.req
46960	75 69 72 65 73 20 61 20 50 4b 49 20 73 65 74 75 70 2e 20 52 65 66 65 72 20 74 68 69 73 20 74 6f	uires.a.PKI.setup..Refer.this.to
46980	70 69 63 20 3a 72 65 66 3a 60 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2f 70 6b 69 2f 69 6e 64 65	pic.:ref:`configuration/pki/inde
469a0	78 3a 70 6b 69 60 20 74 6f 20 67 65 6e 65 72 61 74 65 20 61 20 43 41 20 63 65 72 74 69 66 69 63	x:pki`.to.generate.a.CA.certific
469c0	61 74 65 2c 20 61 20 73 65 72 76 65 72 20 63 65 72 74 69 66 69 63 61 74 65 20 61 6e 64 20 6b 65	ate,.a.server.certificate.and.ke
469e0	79 2c 20 61 20 63 65 72 74 69 66 69 63 61 74 65 20 72 65 76 6f 63 61 74 69 6f 6e 20 6c 69 73 74	y,.a.certificate.revocation.list
46a00	2c 20 61 20 44 69 66 66 69 65 2d 48 65 6c 6c 6d 61 6e 20 6b 65 79 20 65 78 63 68 61 6e 67 65 20	,.a.Diffie-Hellman.key.exchange.
46a20	70 61 72 61 6d 65 74 65 72 73 20 66 69 6c 65 2e 20 59 6f 75 20 64 6f 20 6e 6f 74 20 6e 65 65 64	parameters.file..You.do.not.need
46a40	20 63 6c 69 65 6e 74 20 63 65 72 74 69 66 69 63 61 74 65 73 20 61 6e 64 20 6b 65 79 73 20 66 6f	.client.certificates.and.keys.fo
46a60	72 20 74 68 65 20 73 65 72 76 65 72 20 73 65 74 75 70 2e 00 4d 75 6c 74 69 2d 68 6f 6d 65 64 2e	r.the.server.setup..Multi-homed.
46a80	20 49 6e 20 61 20 6d 75 6c 74 69 2d 68 6f 6d 65 64 20 6e 65 74 77 6f 72 6b 20 65 6e 76 69 72 6f	.In.a.multi-homed.network.enviro
46aa0	6e 6d 65 6e 74 2c 20 74 68 65 20 4e 41 54 36 36 20 64 65 76 69 63 65 20 63 6f 6e 6e 65 63 74 73	nment,.the.NAT66.device.connects
46ac0	20 74 6f 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 6e 65 74 77 6f 72 6b 20 61 6e 64 20 73 69 6d 75	.to.an.internal.network.and.simu
46ae0	6c 74 61 6e 65 6f 75 73 6c 79 20 63 6f 6e 6e 65 63 74 73 20 74 6f 20 64 69 66 66 65 72 65 6e 74	ltaneously.connects.to.different
46b00	20 65 78 74 65 72 6e 61 6c 20 6e 65 74 77 6f 72 6b 73 2e 20 41 64 64 72 65 73 73 20 74 72 61 6e	.external.networks..Address.tran
46b20	73 6c 61 74 69 6f 6e 20 63 61 6e 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 6f 6e 20 65 61 63	slation.can.be.configured.on.eac
46b40	68 20 65 78 74 65 72 6e 61 6c 20 6e 65 74 77 6f 72 6b 20 73 69 64 65 20 69 6e 74 65 72 66 61 63	h.external.network.side.interfac
46b60	65 20 6f 66 20 74 68 65 20 4e 41 54 36 36 20 64 65 76 69 63 65 20 74 6f 20 63 6f 6e 76 65 72 74	e.of.the.NAT66.device.to.convert
46b80	20 74 68 65 20 73 61 6d 65 20 69 6e 74 65 72 6e 61 6c 20 6e 65 74 77 6f 72 6b 20 61 64 64 72 65	.the.same.internal.network.addre
46ba0	73 73 20 69 6e 74 6f 20 64 69 66 66 65 72 65 6e 74 20 65 78 74 65 72 6e 61 6c 20 6e 65 74 77 6f	ss.into.different.external.netwo
46bc0	72 6b 20 61 64 64 72 65 73 73 65 73 2c 20 61 6e 64 20 72 65 61 6c 69 7a 65 20 74 68 65 20 6d 61	rk.addresses,.and.realize.the.ma
46be0	70 70 69 6e 67 20 6f 66 20 74 68 65 20 73 61 6d 65 20 69 6e 74 65 72 6e 61 6c 20 61 64 64 72 65	pping.of.the.same.internal.addre
46c00	73 73 20 74 6f 20 6d 75 6c 74 69 70 6c 65 20 65 78 74 65 72 6e 61 6c 20 61 64 64 72 65 73 73 65	ss.to.multiple.external.addresse
46c20	73 2e 00 4d 75 6c 74 69 3a 20 63 61 6e 20 62 65 20 73 70 65 63 69 66 69 65 64 20 6d 75 6c 74 69	s..Multi:.can.be.specified.multi
46c40	70 6c 65 20 74 69 6d 65 73 2e 00 4d 75 6c 74 69 63 61 73 74 00 4d 75 6c 74 69 63 61 73 74 20 44	ple.times..Multicast.Multicast.D
46c60	4e 53 20 75 73 65 73 20 74 68 65 20 32 32 34 2e 30 2e 30 2e 32 35 31 20 61 64 64 72 65 73 73 2c	NS.uses.the.224.0.0.251.address,
46c80	20 77 68 69 63 68 20 69 73 20 22 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 6c 79 20 73 63 6f 70	.which.is."administratively.scop
46ca0	65 64 22 20 61 6e 64 20 64 6f 65 73 20 6e 6f 74 20 6c 65 61 76 65 20 74 68 65 20 73 75 62 6e 65	ed".and.does.not.leave.the.subne
46cc0	74 2e 20 49 74 20 72 65 74 72 61 6e 73 6d 69 74 73 20 6d 44 4e 53 20 70 61 63 6b 65 74 73 20 66	t..It.retransmits.mDNS.packets.f
46ce0	72 6f 6d 20 6f 6e 65 20 69 6e 74 65 72 66 61 63 65 20 74 6f 20 6f 74 68 65 72 20 69 6e 74 65 72	rom.one.interface.to.other.inter
46d00	66 61 63 65 73 2e 20 54 68 69 73 20 65 6e 61 62 6c 65 73 20 73 75 70 70 6f 72 74 20 66 6f 72 20	faces..This.enables.support.for.
46d20	65 2e 67 2e 20 41 70 70 6c 65 20 41 69 72 70 6c 61 79 20 64 65 76 69 63 65 73 20 61 63 72 6f 73	e.g..Apple.Airplay.devices.acros
46d40	73 20 6d 75 6c 74 69 70 6c 65 20 56 4c 41 4e 73 2e 00 4d 75 6c 74 69 63 61 73 74 20 56 58 4c 41	s.multiple.VLANs..Multicast.VXLA
46d60	4e 00 4d 75 6c 74 69 63 61 73 74 20 67 72 6f 75 70 20 61 64 64 72 65 73 73 20 66 6f 72 20 56 58	N.Multicast.group.address.for.VX
46d80	4c 41 4e 20 69 6e 74 65 72 66 61 63 65 2e 20 56 58 4c 41 4e 20 74 75 6e 6e 65 6c 73 20 63 61 6e	LAN.interface..VXLAN.tunnels.can
46da0	20 62 65 20 62 75 69 6c 74 20 65 69 74 68 65 72 20 76 69 61 20 4d 75 6c 74 69 63 61 73 74 20 6f	.be.built.either.via.Multicast.o
46dc0	72 20 76 69 61 20 55 6e 69 63 61 73 74 2e 00 4d 75 6c 74 69 63 61 73 74 20 67 72 6f 75 70 20 74	r.via.Unicast..Multicast.group.t
46de0	6f 20 75 73 65 20 66 6f 72 20 73 79 6e 63 69 6e 67 20 63 6f 6e 6e 74 72 61 63 6b 20 65 6e 74 72	o.use.for.syncing.conntrack.entr
46e00	69 65 73 2e 00 4d 75 6c 74 69 63 61 73 74 20 72 65 63 65 69 76 65 72 73 20 77 69 6c 6c 20 74 61	ies..Multicast.receivers.will.ta
46e20	6c 6b 20 49 47 4d 50 20 74 6f 20 74 68 65 69 72 20 6c 6f 63 61 6c 20 72 6f 75 74 65 72 2c 20 73	lk.IGMP.to.their.local.router,.s
46e40	6f 2c 20 62 65 73 69 64 65 73 20 68 61 76 69 6e 67 20 50 49 4d 20 63 6f 6e 66 69 67 75 72 65 64	o,.besides.having.PIM.configured
46e60	20 69 6e 20 65 76 65 72 79 20 72 6f 75 74 65 72 2c 20 49 47 4d 50 20 6d 75 73 74 20 61 6c 73 6f	.in.every.router,.IGMP.must.also
46e80	20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 69 6e 20 61 6e 79 20 72 6f 75 74 65 72 20 77 68 65	.be.configured.in.any.router.whe
46ea0	72 65 20 74 68 65 72 65 20 63 6f 75 6c 64 20 62 65 20 61 20 6d 75 6c 74 69 63 61 73 74 20 72 65	re.there.could.be.a.multicast.re
46ec0	63 65 69 76 65 72 20 6c 6f 63 61 6c 6c 79 20 63 6f 6e 6e 65 63 74 65 64 2e 00 4d 75 6c 74 69 63	ceiver.locally.connected..Multic
46ee0	61 73 74 20 72 65 63 65 69 76 65 72 73 20 77 69 6c 6c 20 74 61 6c 6b 20 4d 4c 44 20 74 6f 20 74	ast.receivers.will.talk.MLD.to.t
46f00	68 65 69 72 20 6c 6f 63 61 6c 20 72 6f 75 74 65 72 2c 20 73 6f 2c 20 62 65 73 69 64 65 73 20 68	heir.local.router,.so,.besides.h
46f20	61 76 69 6e 67 20 50 49 4d 76 36 20 63 6f 6e 66 69 67 75 72 65 64 20 69 6e 20 65 76 65 72 79 20	aving.PIMv6.configured.in.every.
46f40	72 6f 75 74 65 72 2c 20 4d 4c 44 20 6d 75 73 74 20 61 6c 73 6f 20 62 65 20 63 6f 6e 66 69 67 75	router,.MLD.must.also.be.configu
46f60	72 65 64 20 69 6e 20 61 6e 79 20 72 6f 75 74 65 72 20 77 68 65 72 65 20 74 68 65 72 65 20 63 6f	red.in.any.router.where.there.co
46f80	75 6c 64 20 62 65 20 61 20 6d 75 6c 74 69 63 61 73 74 20 72 65 63 65 69 76 65 72 20 6c 6f 63 61	uld.be.a.multicast.receiver.loca
46fa0	6c 6c 79 20 63 6f 6e 6e 65 63 74 65 64 2e 00 4d 75 6c 74 69 63 61 73 74 2d 72 6f 75 74 69 6e 67	lly.connected..Multicast-routing
46fc0	20 69 73 20 72 65 71 75 69 72 65 64 20 66 6f 72 20 74 68 65 20 6c 65 61 76 65 73 20 74 6f 20 66	.is.required.for.the.leaves.to.f
46fe0	6f 72 77 61 72 64 20 74 72 61 66 66 69 63 20 62 65 74 77 65 65 6e 20 65 61 63 68 20 6f 74 68 65	orward.traffic.between.each.othe
47000	72 20 69 6e 20 61 20 6d 6f 72 65 20 73 63 61 6c 61 62 6c 65 20 77 61 79 2e 20 54 68 69 73 20 61	r.in.a.more.scalable.way..This.a
47020	6c 73 6f 20 72 65 71 75 69 72 65 73 20 50 49 4d 20 74 6f 20 62 65 20 65 6e 61 62 6c 65 64 20 74	lso.requires.PIM.to.be.enabled.t
47040	6f 77 61 72 64 73 20 74 68 65 20 6c 65 61 76 65 73 20 73 6f 20 74 68 61 74 20 74 68 65 20 53 70	owards.the.leaves.so.that.the.Sp
47060	69 6e 65 20 63 61 6e 20 6c 65 61 72 6e 20 77 68 61 74 20 6d 75 6c 74 69 63 61 73 74 20 67 72 6f	ine.can.learn.what.multicast.gro
47080	75 70 73 20 65 61 63 68 20 4c 65 61 66 20 65 78 70 65 63 74 73 20 74 72 61 66 66 69 63 20 66 72	ups.each.Leaf.expects.traffic.fr
470a0	6f 6d 2e 00 4d 75 6c 74 69 70 6c 65 20 44 4e 53 20 73 65 72 76 65 72 73 20 63 61 6e 20 62 65 20	om..Multiple.DNS.servers.can.be.
470c0	64 65 66 69 6e 65 64 2e 00 4d 75 6c 74 69 70 6c 65 20 52 50 4b 49 20 63 61 63 68 69 6e 67 20 69	defined..Multiple.RPKI.caching.i
470e0	6e 73 74 61 6e 63 65 73 20 63 61 6e 20 62 65 20 73 75 70 70 6c 69 65 64 20 61 6e 64 20 74 68 65	nstances.can.be.supplied.and.the
47100	79 20 6e 65 65 64 20 61 20 70 72 65 66 65 72 65 6e 63 65 20 69 6e 20 77 68 69 63 68 20 74 68 65	y.need.a.preference.in.which.the
47120	69 72 20 72 65 73 75 6c 74 20 73 65 74 73 20 61 72 65 20 75 73 65 64 2e 00 4d 75 6c 74 69 70 6c	ir.result.sets.are.used..Multipl
47140	65 20 55 70 6c 69 6e 6b 73 00 4d 75 6c 74 69 70 6c 65 20 56 4c 41 4e 20 74 6f 20 56 4e 49 20 6d	e.Uplinks.Multiple.VLAN.to.VNI.m
47160	61 70 70 69 6e 67 73 20 63 61 6e 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 61 67 61 69 6e 73	appings.can.be.configured.agains
47180	74 20 74 68 65 20 73 61 6d 65 20 53 56 44 2e 20 54 68 69 73 20 61 6c 6c 6f 77 73 20 66 6f 72 20	t.the.same.SVD..This.allows.for.
471a0	61 20 73 69 67 6e 69 66 69 63 61 6e 74 20 73 63 61 6c 69 6e 67 20 6f 66 20 74 68 65 20 6e 75 6d	a.significant.scaling.of.the.num
471c0	62 65 72 20 6f 66 20 56 4e 49 73 20 73 69 6e 63 65 20 61 20 73 65 70 61 72 61 74 65 20 56 58 4c	ber.of.VNIs.since.a.separate.VXL
471e0	41 4e 20 69 6e 74 65 72 66 61 63 65 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 72 65 71 75 69 72	AN.interface.is.no.longer.requir
47200	65 64 20 66 6f 72 20 65 61 63 68 20 56 4e 49 2e 00 4d 75 6c 74 69 70 6c 65 20 61 6c 69 61 73 65	ed.for.each.VNI..Multiple.aliase
47220	73 20 63 61 6e 20 70 65 20 73 70 65 63 69 66 69 65 64 20 70 65 72 20 68 6f 73 74 2d 6e 61 6d 65	s.can.pe.specified.per.host-name
47240	2e 00 4d 75 6c 74 69 70 6c 65 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 70 6f 72 74 73 20 63 61 6e	..Multiple.destination.ports.can
47260	20 62 65 20 73 70 65 63 69 66 69 65 64 20 61 73 20 61 20 63 6f 6d 6d 61 2d 73 65 70 61 72 61 74	.be.specified.as.a.comma-separat
47280	65 64 20 6c 69 73 74 2e 20 54 68 65 20 77 68 6f 6c 65 20 6c 69 73 74 20 63 61 6e 20 61 6c 73 6f	ed.list..The.whole.list.can.also
472a0	20 62 65 20 22 6e 65 67 61 74 65 64 22 20 75 73 69 6e 67 20 27 21 27 2e 20 46 6f 72 20 65 78 61	.be."negated".using.'!'..For.exa
472c0	6d 70 6c 65 3a 20 27 21 32 32 2c 74 65 6c 6e 65 74 2c 68 74 74 70 2c 31 32 33 2c 31 30 30 31 2d	mple:.'!22,telnet,http,123,1001-
472e0	31 30 30 35 27 00 4d 75 6c 74 69 70 6c 65 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 70 6f 72 74 73	1005'.Multiple.destination.ports
47300	20 63 61 6e 20 62 65 20 73 70 65 63 69 66 69 65 64 20 61 73 20 61 20 63 6f 6d 6d 61 2d 73 65 70	.can.be.specified.as.a.comma-sep
47320	61 72 61 74 65 64 20 6c 69 73 74 2e 20 54 68 65 20 77 68 6f 6c 65 20 6c 69 73 74 20 63 61 6e 20	arated.list..The.whole.list.can.
47340	61 6c 73 6f 20 62 65 20 22 6e 65 67 61 74 65 64 22 20 75 73 69 6e 67 20 27 21 27 2e 20 46 6f 72	also.be."negated".using.'!'..For
47360	20 65 78 61 6d 70 6c 65 3a 20 60 21 32 32 2c 74 65 6c 6e 65 74 2c 68 74 74 70 2c 31 32 33 2c 31	.example:.`!22,telnet,http,123,1
47380	30 30 31 2d 31 30 30 35 60 60 00 4d 75 6c 74 69 70 6c 65 20 69 6e 74 65 72 66 61 63 65 73 20 6d	001-1005``.Multiple.interfaces.m
473a0	61 79 20 62 65 20 73 70 65 63 69 66 69 65 64 2e 00 4d 75 6c 74 69 70 6c 65 20 6e 65 74 77 6f 72	ay.be.specified..Multiple.networ
473c0	6b 73 2f 63 6c 69 65 6e 74 20 49 50 20 61 64 64 72 65 73 73 65 73 20 63 61 6e 20 62 65 20 63 6f	ks/client.IP.addresses.can.be.co
473e0	6e 66 69 67 75 72 65 64 2e 00 4d 75 6c 74 69 70 6c 65 20 73 65 72 76 65 72 73 20 63 61 6e 20 62	nfigured..Multiple.servers.can.b
47400	65 20 73 70 65 63 69 66 69 65 64 2e 00 4d 75 6c 74 69 70 6c 65 20 73 65 72 76 69 63 65 73 20 63	e.specified..Multiple.services.c
47420	61 6e 20 62 65 20 75 73 65 64 20 70 65 72 20 69 6e 74 65 72 66 61 63 65 2e 20 4a 75 73 74 20 73	an.be.used.per.interface..Just.s
47440	70 65 63 69 66 79 20 61 73 20 6d 61 6e 79 20 73 65 72 76 69 63 65 73 20 70 65 72 20 69 6e 74 65	pecify.as.many.services.per.inte
47460	72 66 61 63 65 20 61 73 20 79 6f 75 20 6c 69 6b 65 21 00 4d 75 6c 74 69 70 6c 65 20 73 6f 75 72	rface.as.you.like!.Multiple.sour
47480	63 65 20 70 6f 72 74 73 20 63 61 6e 20 62 65 20 73 70 65 63 69 66 69 65 64 20 61 73 20 61 20 63	ce.ports.can.be.specified.as.a.c
474a0	6f 6d 6d 61 2d 73 65 70 61 72 61 74 65 64 20 6c 69 73 74 2e 20 54 68 65 20 77 68 6f 6c 65 20 6c	omma-separated.list..The.whole.l
474c0	69 73 74 20 63 61 6e 20 61 6c 73 6f 20 62 65 20 22 6e 65 67 61 74 65 64 22 20 75 73 69 6e 67 20	ist.can.also.be."negated".using.
474e0	60 60 21 60 60 2e 20 46 6f 72 20 65 78 61 6d 70 6c 65 3a 00 4d 75 6c 74 69 70 6c 65 20 74 61 72	``!``..For.example:.Multiple.tar
47500	67 65 74 20 49 50 20 61 64 64 72 65 73 73 65 73 20 63 61 6e 20 62 65 20 73 70 65 63 69 66 69 65	get.IP.addresses.can.be.specifie
47520	64 2e 20 41 74 20 6c 65 61 73 74 20 6f 6e 65 20 49 50 20 61 64 64 72 65 73 73 20 6d 75 73 74 20	d..At.least.one.IP.address.must.
47540	62 65 20 67 69 76 65 6e 20 66 6f 72 20 41 52 50 20 6d 6f 6e 69 74 6f 72 69 6e 67 20 74 6f 20 66	be.given.for.ARP.monitoring.to.f
47560	75 6e 63 74 69 6f 6e 2e 00 4d 75 6c 74 69 70 6c 65 20 75 73 65 72 73 20 63 61 6e 20 63 6f 6e 6e	unction..Multiple.users.can.conn
47580	65 63 74 20 74 6f 20 74 68 65 20 73 61 6d 65 20 73 65 72 69 61 6c 20 64 65 76 69 63 65 20 62 75	ect.to.the.same.serial.device.bu
475a0	74 20 6f 6e 6c 79 20 6f 6e 65 20 69 73 20 61 6c 6c 6f 77 65 64 20 74 6f 20 77 72 69 74 65 20 74	t.only.one.is.allowed.to.write.t
475c0	6f 20 74 68 65 20 63 6f 6e 73 6f 6c 65 20 70 6f 72 74 2e 00 4d 75 6c 74 69 70 72 6f 74 6f 63 6f	o.the.console.port..Multiprotoco
475e0	6c 20 65 78 74 65 6e 73 69 6f 6e 73 20 65 6e 61 62 6c 65 20 42 47 50 20 74 6f 20 63 61 72 72 79	l.extensions.enable.BGP.to.carry
47600	20 72 6f 75 74 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 66 6f 72 20 6d 75 6c 74 69 70 6c	.routing.information.for.multipl
47620	65 20 6e 65 74 77 6f 72 6b 20 6c 61 79 65 72 20 70 72 6f 74 6f 63 6f 6c 73 2e 20 42 47 50 20 73	e.network.layer.protocols..BGP.s
47640	75 70 70 6f 72 74 73 20 61 6e 20 41 64 64 72 65 73 73 20 46 61 6d 69 6c 79 20 49 64 65 6e 74 69	upports.an.Address.Family.Identi
47660	66 69 65 72 20 28 41 46 49 29 20 66 6f 72 20 49 50 76 34 20 61 6e 64 20 49 50 76 36 2e 00 4e 00	fier.(AFI).for.IPv4.and.IPv6..N.
47680	4e 41 54 00 4e 41 54 20 28 73 70 65 63 69 66 69 63 61 6c 6c 79 2c 20 53 6f 75 72 63 65 20 4e 41	NAT.NAT.(specifically,.Source.NA
476a0	54 29 3b 00 4e 41 54 20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 00 4e 41 54 20 4c 6f 61 64 20 42	T);.NAT.Configuration.NAT.Load.B
476c0	61 6c 61 6e 63 65 00 4e 41 54 20 4c 6f 61 64 20 42 61 6c 61 6e 63 65 20 75 73 65 73 20 61 6e 20	alance.NAT.Load.Balance.uses.an.
476e0	61 6c 67 6f 72 69 74 68 6d 20 74 68 61 74 20 67 65 6e 65 72 61 74 65 73 20 61 20 68 61 73 68 20	algorithm.that.generates.a.hash.
47700	61 6e 64 20 62 61 73 65 64 20 6f 6e 20 69 74 2c 20 74 68 65 6e 20 69 74 20 61 70 70 6c 69 65 73	and.based.on.it,.then.it.applies
47720	20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 72 61 6e 73 6c 61 74 69 6f 6e 2e 20 54 68 69 73	.corresponding.translation..This
47740	20 68 61 73 68 20 63 61 6e 20 62 65 20 67 65 6e 65 72 61 74 65 64 20 72 61 6e 64 6f 6d 6c 79 2c	.hash.can.be.generated.randomly,
47760	20 6f 72 20 63 61 6e 20 75 73 65 20 64 61 74 61 20 66 72 6f 6d 20 74 68 65 20 69 70 20 68 65 61	.or.can.use.data.from.the.ip.hea
47780	64 65 72 3a 20 73 6f 75 72 63 65 2d 61 64 64 72 65 73 73 2c 20 64 65 73 74 69 6e 61 74 69 6f 6e	der:.source-address,.destination
477a0	2d 61 64 64 72 65 73 73 2c 20 73 6f 75 72 63 65 2d 70 6f 72 74 20 61 6e 64 2f 6f 72 20 64 65 73	-address,.source-port.and/or.des
477c0	74 69 6e 61 74 69 6f 6e 2d 70 6f 72 74 2e 20 42 79 20 64 65 66 61 75 6c 74 2c 20 69 74 20 77 69	tination-port..By.default,.it.wi
477e0	6c 6c 20 67 65 6e 65 72 61 74 65 20 74 68 65 20 68 61 73 68 20 72 61 6e 64 6f 6d 6c 79 2e 00 4e	ll.generate.the.hash.randomly..N
47800	41 54 20 52 75 6c 65 73 65 74 00 4e 41 54 20 62 65 66 6f 72 65 20 56 50 4e 00 4e 41 54 20 62 65	AT.Ruleset.NAT.before.VPN.NAT.be
47820	66 6f 72 65 20 56 50 4e 20 54 6f 70 6f 6c 6f 67 79 00 4e 41 54 2c 20 52 6f 75 74 69 6e 67 2c 20	fore.VPN.Topology.NAT,.Routing,.
47840	46 69 72 65 77 61 6c 6c 20 49 6e 74 65 72 61 63 74 69 6f 6e 00 4e 41 54 34 34 00 4e 41 54 36 36	Firewall.Interaction.NAT44.NAT66
47860	28 4e 50 54 76 36 29 00 4e 48 52 50 20 70 72 6f 76 69 64 65 73 20 74 68 65 20 64 79 6e 61 6d 69	(NPTv6).NHRP.provides.the.dynami
47880	63 20 74 75 6e 6e 65 6c 20 65 6e 64 70 6f 69 6e 74 20 64 69 73 63 6f 76 65 72 79 20 6d 65 63 68	c.tunnel.endpoint.discovery.mech
478a0	61 6e 69 73 6d 20 28 65 6e 64 70 6f 69 6e 74 20 72 65 67 69 73 74 72 61 74 69 6f 6e 2c 20 61 6e	anism.(endpoint.registration,.an
478c0	64 20 65 6e 64 70 6f 69 6e 74 20 64 69 73 63 6f 76 65 72 79 2f 6c 6f 6f 6b 75 70 29 2c 20 6d 47	d.endpoint.discovery/lookup),.mG
478e0	52 45 20 70 72 6f 76 69 64 65 73 20 74 68 65 20 74 75 6e 6e 65 6c 20 65 6e 63 61 70 73 75 6c 61	RE.provides.the.tunnel.encapsula
47900	74 69 6f 6e 20 69 74 73 65 6c 66 2c 20 61 6e 64 20 74 68 65 20 49 50 53 65 63 20 70 72 6f 74 6f	tion.itself,.and.the.IPSec.proto
47920	63 6f 6c 73 20 68 61 6e 64 6c 65 20 74 68 65 20 6b 65 79 20 65 78 63 68 61 6e 67 65 2c 20 61 6e	cols.handle.the.key.exchange,.an
47940	64 20 63 72 79 70 74 6f 20 6d 65 63 68 61 6e 69 73 6d 2e 00 4e 54 50 00 4e 54 50 20 69 73 20 69	d.crypto.mechanism..NTP.NTP.is.i
47960	6e 74 65 6e 64 65 64 20 74 6f 20 73 79 6e 63 68 72 6f 6e 69 7a 65 20 61 6c 6c 20 70 61 72 74 69	ntended.to.synchronize.all.parti
47980	63 69 70 61 74 69 6e 67 20 63 6f 6d 70 75 74 65 72 73 20 74 6f 20 77 69 74 68 69 6e 20 61 20 66	cipating.computers.to.within.a.f
479a0	65 77 20 6d 69 6c 6c 69 73 65 63 6f 6e 64 73 20 6f 66 20 3a 61 62 62 72 3a 60 55 54 43 20 28 43	ew.milliseconds.of.:abbr:`UTC.(C
479c0	6f 6f 72 64 69 6e 61 74 65 64 20 55 6e 69 76 65 72 73 61 6c 20 54 69 6d 65 29 60 2e 20 49 74 20	oordinated.Universal.Time)`..It.
479e0	75 73 65 73 20 74 68 65 20 69 6e 74 65 72 73 65 63 74 69 6f 6e 20 61 6c 67 6f 72 69 74 68 6d 2c	uses.the.intersection.algorithm,
47a00	20 61 20 6d 6f 64 69 66 69 65 64 20 76 65 72 73 69 6f 6e 20 6f 66 20 4d 61 72 7a 75 6c 6c 6f 27	.a.modified.version.of.Marzullo'
47a20	73 20 61 6c 67 6f 72 69 74 68 6d 2c 20 74 6f 20 73 65 6c 65 63 74 20 61 63 63 75 72 61 74 65 20	s.algorithm,.to.select.accurate.
47a40	74 69 6d 65 20 73 65 72 76 65 72 73 20 61 6e 64 20 69 73 20 64 65 73 69 67 6e 65 64 20 74 6f 20	time.servers.and.is.designed.to.
47a60	6d 69 74 69 67 61 74 65 20 74 68 65 20 65 66 66 65 63 74 73 20 6f 66 20 76 61 72 69 61 62 6c 65	mitigate.the.effects.of.variable
47a80	20 6e 65 74 77 6f 72 6b 20 6c 61 74 65 6e 63 79 2e 20 4e 54 50 20 63 61 6e 20 75 73 75 61 6c 6c	.network.latency..NTP.can.usuall
47aa0	79 20 6d 61 69 6e 74 61 69 6e 20 74 69 6d 65 20 74 6f 20 77 69 74 68 69 6e 20 74 65 6e 73 20 6f	y.maintain.time.to.within.tens.o
47ac0	66 20 6d 69 6c 6c 69 73 65 63 6f 6e 64 73 20 6f 76 65 72 20 74 68 65 20 70 75 62 6c 69 63 20 49	f.milliseconds.over.the.public.I
47ae0	6e 74 65 72 6e 65 74 2c 20 61 6e 64 20 63 61 6e 20 61 63 68 69 65 76 65 20 62 65 74 74 65 72 20	nternet,.and.can.achieve.better.
47b00	74 68 61 6e 20 6f 6e 65 20 6d 69 6c 6c 69 73 65 63 6f 6e 64 20 61 63 63 75 72 61 63 79 20 69 6e	than.one.millisecond.accuracy.in
47b20	20 6c 6f 63 61 6c 20 61 72 65 61 20 6e 65 74 77 6f 72 6b 73 20 75 6e 64 65 72 20 69 64 65 61 6c	.local.area.networks.under.ideal
47b40	20 63 6f 6e 64 69 74 69 6f 6e 73 2e 20 41 73 79 6d 6d 65 74 72 69 63 20 72 6f 75 74 65 73 20 61	.conditions..Asymmetric.routes.a
47b60	6e 64 20 6e 65 74 77 6f 72 6b 20 63 6f 6e 67 65 73 74 69 6f 6e 20 63 61 6e 20 63 61 75 73 65 20	nd.network.congestion.can.cause.
47b80	65 72 72 6f 72 73 20 6f 66 20 31 30 30 20 6d 73 20 6f 72 20 6d 6f 72 65 2e 00 4e 54 50 20 70 72	errors.of.100.ms.or.more..NTP.pr
47ba0	6f 63 65 73 73 20 77 69 6c 6c 20 6f 6e 6c 79 20 6c 69 73 74 65 6e 20 6f 6e 20 74 68 65 20 73 70	ocess.will.only.listen.on.the.sp
47bc0	65 63 69 66 69 65 64 20 49 50 20 61 64 64 72 65 73 73 2e 20 59 6f 75 20 6d 75 73 74 20 73 70 65	ecified.IP.address..You.must.spe
47be0	63 69 66 79 20 74 68 65 20 60 3c 61 64 64 72 65 73 73 3e 60 20 61 6e 64 20 6f 70 74 69 6f 6e 61	cify.the.`<address>`.and.optiona
47c00	6c 6c 79 20 74 68 65 20 70 65 72 6d 69 74 74 65 64 20 63 6c 69 65 6e 74 73 2e 20 4d 75 6c 74 69	lly.the.permitted.clients..Multi
47c20	70 6c 65 20 6c 69 73 74 65 6e 20 61 64 64 72 65 73 73 65 73 20 63 61 6e 20 62 65 20 63 6f 6e 66	ple.listen.addresses.can.be.conf
47c40	69 67 75 72 65 64 2e 00 4e 54 50 20 73 75 62 73 79 73 74 65 6d 00 4e 54 50 20 73 75 70 70 6c 69	igured..NTP.subsystem.NTP.suppli
47c60	65 73 20 61 20 77 61 72 6e 69 6e 67 20 6f 66 20 61 6e 79 20 69 6d 70 65 6e 64 69 6e 67 20 6c 65	es.a.warning.of.any.impending.le
47c80	61 70 20 73 65 63 6f 6e 64 20 61 64 6a 75 73 74 6d 65 6e 74 2c 20 62 75 74 20 6e 6f 20 69 6e 66	ap.second.adjustment,.but.no.inf
47ca0	6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 6c 6f 63 61 6c 20 74 69 6d 65 20 7a 6f 6e 65 73 20	ormation.about.local.time.zones.
47cc0	6f 72 20 64 61 79 6c 69 67 68 74 20 73 61 76 69 6e 67 20 74 69 6d 65 20 69 73 20 74 72 61 6e 73	or.daylight.saving.time.is.trans
47ce0	6d 69 74 74 65 64 2e 00 4e 61 6d 65 20 53 65 72 76 65 72 00 4e 61 6d 65 20 6f 66 20 73 74 61 74	mitted..Name.Server.Name.of.stat
47d00	69 63 20 6d 61 70 70 69 6e 67 00 4e 61 6d 65 20 6f 66 20 74 68 65 20 73 69 6e 67 6c 65 20 74 61	ic.mapping.Name.of.the.single.ta
47d20	62 6c 65 20 4f 6e 6c 79 20 69 66 20 73 65 74 20 67 72 6f 75 70 2d 6d 65 74 72 69 63 73 20 73 69	ble.Only.if.set.group-metrics.si
47d40	6e 67 6c 65 2d 74 61 62 6c 65 2e 00 4e 61 6d 65 20 6f 72 20 49 50 76 34 20 61 64 64 72 65 73 73	ngle-table..Name.or.IPv4.address
47d60	20 6f 66 20 54 46 54 50 20 73 65 72 76 65 72 00 4e 65 74 42 49 4f 53 20 6f 76 65 72 20 54 43 50	.of.TFTP.server.NetBIOS.over.TCP
47d80	2f 49 50 20 6e 61 6d 65 20 73 65 72 76 65 72 00 4e 65 74 46 6c 6f 77 00 4e 65 74 46 6c 6f 77 20	/IP.name.server.NetFlow.NetFlow.
47da0	2f 20 49 50 46 49 58 00 4e 65 74 46 6c 6f 77 20 65 6e 67 69 6e 65 2d 69 64 20 77 68 69 63 68 20	/.IPFIX.NetFlow.engine-id.which.
47dc0	77 69 6c 6c 20 61 70 70 65 61 72 20 69 6e 20 4e 65 74 46 6c 6f 77 20 64 61 74 61 2e 20 54 68 65	will.appear.in.NetFlow.data..The
47de0	20 72 61 6e 67 65 20 69 73 20 30 20 74 6f 20 32 35 35 2e 00 4e 65 74 46 6c 6f 77 20 69 73 20 61	.range.is.0.to.255..NetFlow.is.a
47e00	20 66 65 61 74 75 72 65 20 74 68 61 74 20 77 61 73 20 69 6e 74 72 6f 64 75 63 65 64 20 6f 6e 20	.feature.that.was.introduced.on.
47e20	43 69 73 63 6f 20 72 6f 75 74 65 72 73 20 61 72 6f 75 6e 64 20 31 39 39 36 20 74 68 61 74 20 70	Cisco.routers.around.1996.that.p
47e40	72 6f 76 69 64 65 73 20 74 68 65 20 61 62 69 6c 69 74 79 20 74 6f 20 63 6f 6c 6c 65 63 74 20 49	rovides.the.ability.to.collect.I
47e60	50 20 6e 65 74 77 6f 72 6b 20 74 72 61 66 66 69 63 20 61 73 20 69 74 20 65 6e 74 65 72 73 20 6f	P.network.traffic.as.it.enters.o
47e80	72 20 65 78 69 74 73 20 61 6e 20 69 6e 74 65 72 66 61 63 65 2e 20 42 79 20 61 6e 61 6c 79 7a 69	r.exits.an.interface..By.analyzi
47ea0	6e 67 20 74 68 65 20 64 61 74 61 20 70 72 6f 76 69 64 65 64 20 62 79 20 4e 65 74 46 6c 6f 77 2c	ng.the.data.provided.by.NetFlow,
47ec0	20 61 20 6e 65 74 77 6f 72 6b 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 63 61 6e 20 64 65 74	.a.network.administrator.can.det
47ee0	65 72 6d 69 6e 65 20 74 68 69 6e 67 73 20 73 75 63 68 20 61 73 20 74 68 65 20 73 6f 75 72 63 65	ermine.things.such.as.the.source
47f00	20 61 6e 64 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 6f 66 20 74 72 61 66 66 69 63 2c 20 63 6c 61	.and.destination.of.traffic,.cla
47f20	73 73 20 6f 66 20 73 65 72 76 69 63 65 2c 20 61 6e 64 20 74 68 65 20 63 61 75 73 65 73 20 6f 66	ss.of.service,.and.the.causes.of
47f40	20 63 6f 6e 67 65 73 74 69 6f 6e 2e 20 41 20 74 79 70 69 63 61 6c 20 66 6c 6f 77 20 6d 6f 6e 69	.congestion..A.typical.flow.moni
47f60	74 6f 72 69 6e 67 20 73 65 74 75 70 20 28 75 73 69 6e 67 20 4e 65 74 46 6c 6f 77 29 20 63 6f 6e	toring.setup.(using.NetFlow).con
47f80	73 69 73 74 73 20 6f 66 20 74 68 72 65 65 20 6d 61 69 6e 20 63 6f 6d 70 6f 6e 65 6e 74 73 3a 00	sists.of.three.main.components:.
47fa0	4e 65 74 46 6c 6f 77 20 69 73 20 75 73 75 61 6c 6c 79 20 65 6e 61 62 6c 65 64 20 6f 6e 20 61 20	NetFlow.is.usually.enabled.on.a.
47fc0	70 65 72 2d 69 6e 74 65 72 66 61 63 65 20 62 61 73 69 73 20 74 6f 20 6c 69 6d 69 74 20 6c 6f 61	per-interface.basis.to.limit.loa
47fe0	64 20 6f 6e 20 74 68 65 20 72 6f 75 74 65 72 20 63 6f 6d 70 6f 6e 65 6e 74 73 20 69 6e 76 6f 6c	d.on.the.router.components.invol
48000	76 65 64 20 69 6e 20 4e 65 74 46 6c 6f 77 2c 20 6f 72 20 74 6f 20 6c 69 6d 69 74 20 74 68 65 20	ved.in.NetFlow,.or.to.limit.the.
48020	61 6d 6f 75 6e 74 20 6f 66 20 4e 65 74 46 6c 6f 77 20 72 65 63 6f 72 64 73 20 65 78 70 6f 72 74	amount.of.NetFlow.records.export
48040	65 64 2e 00 4e 65 74 46 6c 6f 77 20 76 35 20 65 78 61 6d 70 6c 65 3a 00 4e 65 74 6d 61 73 6b 20	ed..NetFlow.v5.example:.Netmask.
48060	67 72 65 61 74 65 72 20 74 68 61 6e 20 6c 65 6e 67 74 68 2e 00 4e 65 74 6d 61 73 6b 20 6c 65 73	greater.than.length..Netmask.les
48080	73 20 74 68 61 6e 20 6c 65 6e 67 74 68 00 4e 65 74 77 6f 72 6b 20 41 64 76 65 72 74 69 73 65 6d	s.than.length.Network.Advertisem
480a0	65 6e 74 20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 00 4e 65 74 77 6f 72 6b 20 43 6f 6e 74 72 6f	ent.Configuration.Network.Contro
480c0	6c 00 4e 65 74 77 6f 72 6b 20 45 6d 75 6c 61 74 6f 72 00 4e 65 74 77 6f 72 6b 20 47 72 6f 75 70	l.Network.Emulator.Network.Group
480e0	73 00 4e 65 74 77 6f 72 6b 20 49 44 20 28 53 53 49 44 29 20 60 60 45 6e 74 65 72 70 72 69 73 65	s.Network.ID.(SSID).``Enterprise
48100	2d 54 45 53 54 60 60 00 4e 65 74 77 6f 72 6b 20 49 44 20 28 53 53 49 44 29 20 60 60 54 45 53 54	-TEST``.Network.ID.(SSID).``TEST
48120	60 60 00 4e 65 74 77 6f 72 6b 20 54 6f 70 6f 6c 6f 67 79 20 44 69 61 67 72 61 6d 00 4e 65 74 77	``.Network.Topology.Diagram.Netw
48140	6f 72 6b 20 6d 61 6e 61 67 65 6d 65 6e 74 20 73 74 61 74 69 6f 6e 20 28 4e 4d 53 29 20 2d 20 73	ork.management.station.(NMS).-.s
48160	6f 66 74 77 61 72 65 20 77 68 69 63 68 20 72 75 6e 73 20 6f 6e 20 74 68 65 20 6d 61 6e 61 67 65	oftware.which.runs.on.the.manage
48180	72 00 4e 65 74 77 6f 72 6b 20 6e 65 77 73 20 73 75 62 73 79 73 74 65 6d 00 4e 65 74 77 6f 72 6b	r.Network.news.subsystem.Network
481a0	73 20 61 6c 6c 6f 77 65 64 20 74 6f 20 71 75 65 72 79 20 74 68 69 73 20 73 65 72 76 65 72 00 4e	s.allowed.to.query.this.server.N
481c0	65 77 20 75 73 65 72 20 77 69 6c 6c 20 75 73 65 20 53 48 41 2f 41 45 53 20 66 6f 72 20 61 75 74	ew.user.will.use.SHA/AES.for.aut
481e0	68 65 6e 74 69 63 61 74 69 6f 6e 20 61 6e 64 20 70 72 69 76 61 63 79 00 4e 65 78 74 20 69 74 20	hentication.and.privacy.Next.it.
48200	69 73 20 6e 65 63 65 73 73 61 72 79 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 32 46 41 20 66 6f	is.necessary.to.configure.2FA.fo
48220	72 20 4f 70 65 6e 43 6f 6e 6e 65 63 74 3a 00 4e 65 78 74 2d 68 6f 70 20 69 6e 74 65 72 66 61 63	r.OpenConnect:.Next-hop.interfac
48240	65 20 66 6f 72 20 74 68 65 20 72 6f 75 74 65 00 4e 65 78 74 68 6f 70 20 49 50 20 61 64 64 72 65	e.for.the.route.Nexthop.IP.addre
48260	73 73 2e 00 4e 65 78 74 68 6f 70 20 49 50 76 36 20 61 64 64 72 65 73 73 20 74 6f 20 6d 61 74 63	ss..Nexthop.IPv6.address.to.matc
48280	68 2e 00 4e 65 78 74 68 6f 70 20 49 50 76 36 20 61 64 64 72 65 73 73 2e 00 4e 6f 20 52 4f 41 20	h..Nexthop.IPv6.address..No.ROA.
482a0	65 78 69 73 74 73 20 77 68 69 63 68 20 63 6f 76 65 72 73 20 74 68 61 74 20 70 72 65 66 69 78 2e	exists.which.covers.that.prefix.
482c0	20 55 6e 66 6f 72 74 75 6e 61 74 65 6c 79 20 74 68 69 73 20 69 73 20 74 68 65 20 63 61 73 65 20	.Unfortunately.this.is.the.case.
482e0	66 6f 72 20 61 62 6f 75 74 20 38 30 25 20 6f 66 20 74 68 65 20 49 50 76 34 20 70 72 65 66 69 78	for.about.80%.of.the.IPv4.prefix
48300	65 73 20 77 68 69 63 68 20 77 65 72 65 20 61 6e 6e 6f 75 6e 63 65 64 20 74 6f 20 74 68 65 20 3a	es.which.were.announced.to.the.:
48320	61 62 62 72 3a 60 44 46 5a 20 28 64 65 66 61 75 6c 74 2d 66 72 65 65 20 7a 6f 6e 65 29 60 20 61	abbr:`DFZ.(default-free.zone)`.a
48340	74 20 74 68 65 20 73 74 61 72 74 20 6f 66 20 32 30 32 30 00 4e 6f 20 56 4c 41 4e 20 74 61 67 67	t.the.start.of.2020.No.VLAN.tagg
48360	69 6e 67 20 72 65 71 75 69 72 65 64 20 62 79 20 79 6f 75 72 20 49 53 50 2e 00 4e 6f 20 72 6f 75	ing.required.by.your.ISP..No.rou
48380	74 65 20 69 73 20 73 75 70 70 72 65 73 73 65 64 20 69 6e 64 65 66 69 6e 69 74 65 6c 79 2e 20 4d	te.is.suppressed.indefinitely..M
483a0	61 78 69 6d 75 6d 2d 73 75 70 70 72 65 73 73 2d 74 69 6d 65 20 64 65 66 69 6e 65 73 20 74 68 65	aximum-suppress-time.defines.the
483c0	20 6d 61 78 69 6d 75 6d 20 74 69 6d 65 20 61 20 72 6f 75 74 65 20 63 61 6e 20 62 65 20 73 75 70	.maximum.time.a.route.can.be.sup
483e0	70 72 65 73 73 65 64 20 62 65 66 6f 72 65 20 69 74 20 69 73 20 72 65 2d 61 64 76 65 72 74 69 73	pressed.before.it.is.re-advertis
48400	65 64 2e 00 4e 6f 20 73 75 70 70 6f 72 74 20 66 6f 72 20 53 52 4c 42 00 4e 6f 20 73 75 70 70 6f	ed..No.support.for.SRLB.No.suppo
48420	72 74 20 66 6f 72 20 62 69 6e 64 69 6e 67 20 53 49 44 00 4e 6f 20 73 75 70 70 6f 72 74 20 66 6f	rt.for.binding.SID.No.support.fo
48440	72 20 6c 65 76 65 6c 20 72 65 64 69 73 74 72 69 62 75 74 69 6f 6e 20 28 4c 31 20 74 6f 20 4c 32	r.level.redistribution.(L1.to.L2
48460	20 6f 72 20 4c 32 20 74 6f 20 4c 31 29 00 4e 6f 6e 2d 74 72 61 6e 73 70 61 72 65 6e 74 20 70 72	.or.L2.to.L1).Non-transparent.pr
48480	6f 78 79 69 6e 67 20 72 65 71 75 69 72 65 73 20 74 68 61 74 20 74 68 65 20 63 6c 69 65 6e 74 20	oxying.requires.that.the.client.
484a0	62 72 6f 77 73 65 72 73 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 77 69 74 68 20 74 68 65 20	browsers.be.configured.with.the.
484c0	70 72 6f 78 79 20 73 65 74 74 69 6e 67 73 20 62 65 66 6f 72 65 20 72 65 71 75 65 73 74 73 20 61	proxy.settings.before.requests.a
484e0	72 65 20 72 65 64 69 72 65 63 74 65 64 2e 20 54 68 65 20 61 64 76 61 6e 74 61 67 65 20 6f 66 20	re.redirected..The.advantage.of.
48500	74 68 69 73 20 69 73 20 74 68 61 74 20 74 68 65 20 63 6c 69 65 6e 74 20 77 65 62 20 62 72 6f 77	this.is.that.the.client.web.brow
48520	73 65 72 20 63 61 6e 20 64 65 74 65 63 74 20 74 68 61 74 20 61 20 70 72 6f 78 79 20 69 73 20 69	ser.can.detect.that.a.proxy.is.i
48540	6e 20 75 73 65 20 61 6e 64 20 63 61 6e 20 62 65 68 61 76 65 20 61 63 63 6f 72 64 69 6e 67 6c 79	n.use.and.can.behave.accordingly
48560	2e 20 49 6e 20 61 64 64 69 74 69 6f 6e 2c 20 77 65 62 2d 74 72 61 6e 73 6d 69 74 74 65 64 20 6d	..In.addition,.web-transmitted.m
48580	61 6c 77 61 72 65 20 63 61 6e 20 73 6f 6d 65 74 69 6d 65 73 20 62 65 20 62 6c 6f 63 6b 65 64 20	alware.can.sometimes.be.blocked.
485a0	62 79 20 61 20 6e 6f 6e 2d 74 72 61 6e 73 70 61 72 65 6e 74 20 77 65 62 20 70 72 6f 78 79 2c 20	by.a.non-transparent.web.proxy,.
485c0	73 69 6e 63 65 20 74 68 65 79 20 61 72 65 20 6e 6f 74 20 61 77 61 72 65 20 6f 66 20 74 68 65 20	since.they.are.not.aware.of.the.
485e0	70 72 6f 78 79 20 73 65 74 74 69 6e 67 73 2e 00 4e 6f 6e 65 20 6f 66 20 74 68 65 20 6f 70 65 72	proxy.settings..None.of.the.oper
48600	61 74 69 6e 67 20 73 79 73 74 65 6d 73 20 68 61 76 65 20 63 6c 69 65 6e 74 20 73 6f 66 74 77 61	ating.systems.have.client.softwa
48620	72 65 20 69 6e 73 74 61 6c 6c 65 64 20 62 79 20 64 65 66 61 75 6c 74 00 4e 6f 72 6d 61 6c 20 62	re.installed.by.default.Normal.b
48640	75 74 20 73 69 67 6e 69 66 69 63 61 6e 74 20 63 6f 6e 64 69 74 69 6f 6e 73 20 2d 20 63 6f 6e 64	ut.significant.conditions.-.cond
48660	69 74 69 6f 6e 73 20 74 68 61 74 20 61 72 65 20 6e 6f 74 20 65 72 72 6f 72 20 63 6f 6e 64 69 74	itions.that.are.not.error.condit
48680	69 6f 6e 73 2c 20 62 75 74 20 74 68 61 74 20 6d 61 79 20 72 65 71 75 69 72 65 20 73 70 65 63 69	ions,.but.that.may.require.speci
486a0	61 6c 20 68 61 6e 64 6c 69 6e 67 2e 00 4e 6f 74 20 61 6c 6c 20 74 72 61 6e 73 6d 69 74 20 70 6f	al.handling..Not.all.transmit.po
486c0	6c 69 63 69 65 73 20 6d 61 79 20 62 65 20 38 30 32 2e 33 61 64 20 63 6f 6d 70 6c 69 61 6e 74 2c	licies.may.be.802.3ad.compliant,
486e0	20 70 61 72 74 69 63 75 6c 61 72 6c 79 20 69 6e 20 72 65 67 61 72 64 73 20 74 6f 20 74 68 65 20	.particularly.in.regards.to.the.
48700	70 61 63 6b 65 74 20 6d 69 73 6f 72 64 65 72 69 6e 67 20 72 65 71 75 69 72 65 6d 65 6e 74 73 20	packet.misordering.requirements.
48720	6f 66 20 73 65 63 74 69 6f 6e 20 34 33 2e 32 2e 34 20 6f 66 20 74 68 65 20 38 30 32 2e 33 61 64	of.section.43.2.4.of.the.802.3ad
48740	20 73 74 61 6e 64 61 72 64 2e 00 4e 6f 74 65 20 74 68 61 74 20 64 65 6c 65 74 69 6e 67 20 74 68	.standard..Note.that.deleting.th
48760	65 20 6c 6f 67 20 66 69 6c 65 20 64 6f 65 73 20 6e 6f 74 20 73 74 6f 70 20 74 68 65 20 73 79 73	e.log.file.does.not.stop.the.sys
48780	74 65 6d 20 66 72 6f 6d 20 6c 6f 67 67 69 6e 67 20 65 76 65 6e 74 73 2e 20 49 66 20 79 6f 75 20	tem.from.logging.events..If.you.
487a0	75 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 77 68 69 6c 65 20 74 68 65 20 73 79 73 74 65	use.this.command.while.the.syste
487c0	6d 20 69 73 20 6c 6f 67 67 69 6e 67 20 65 76 65 6e 74 73 2c 20 6f 6c 64 20 6c 6f 67 20 65 76 65	m.is.logging.events,.old.log.eve
487e0	6e 74 73 20 77 69 6c 6c 20 62 65 20 64 65 6c 65 74 65 64 2c 20 62 75 74 20 65 76 65 6e 74 73 20	nts.will.be.deleted,.but.events.
48800	61 66 74 65 72 20 74 68 65 20 64 65 6c 65 74 65 20 6f 70 65 72 61 74 69 6f 6e 20 77 69 6c 6c 20	after.the.delete.operation.will.
48820	62 65 20 72 65 63 6f 72 64 65 64 20 69 6e 20 74 68 65 20 6e 65 77 20 66 69 6c 65 2e 20 54 6f 20	be.recorded.in.the.new.file..To.
48840	64 65 6c 65 74 65 20 74 68 65 20 66 69 6c 65 20 61 6c 74 6f 67 65 74 68 65 72 2c 20 66 69 72 73	delete.the.file.altogether,.firs
48860	74 20 64 65 6c 65 74 65 20 6c 6f 67 67 69 6e 67 20 74 6f 20 74 68 65 20 66 69 6c 65 20 75 73 69	t.delete.logging.to.the.file.usi
48880	6e 67 20 73 79 73 74 65 6d 20 73 79 73 6c 6f 67 20 3a 72 65 66 3a 60 63 75 73 74 6f 6d 2d 66 69	ng.system.syslog.:ref:`custom-fi
488a0	6c 65 60 20 63 6f 6d 6d 61 6e 64 2c 20 61 6e 64 20 74 68 65 6e 20 64 65 6c 65 74 65 20 74 68 65	le`.command,.and.then.delete.the
488c0	20 66 69 6c 65 2e 00 4e 6f 74 65 20 74 68 65 20 63 6f 6d 6d 61 6e 64 20 77 69 74 68 20 74 68 65	.file..Note.the.command.with.the
488e0	20 70 75 62 6c 69 63 20 6b 65 79 20 28 73 65 74 20 70 6b 69 20 6b 65 79 2d 70 61 69 72 20 69 70	.public.key.(set.pki.key-pair.ip
48900	73 65 63 2d 52 49 47 48 54 20 70 75 62 6c 69 63 20 6b 65 79 20 27 46 41 41 4f 43 41 51 38 41 4d	sec-RIGHT.public.key.'FAAOCAQ8AM
48920	49 49 2e 2e 2e 27 29 2e 00 4e 6f 74 69 63 65 00 4e 6f 77 20 63 6f 6e 66 69 67 75 72 65 20 63 6f	II...')..Notice.Now.configure.co
48940	6e 6e 74 72 61 63 6b 2d 73 79 6e 63 20 73 65 72 76 69 63 65 20 6f 6e 20 60 60 72 6f 75 74 65 72	nntrack-sync.service.on.``router
48960	31 60 60 20 2a 2a 61 6e 64 2a 2a 20 60 60 72 6f 75 74 65 72 32 60 60 00 4e 6f 77 20 74 68 65 20	1``.**and**.``router2``.Now.the.
48980	6e 6f 74 65 64 20 70 75 62 6c 69 63 20 6b 65 79 73 20 73 68 6f 75 6c 64 20 62 65 20 65 6e 74 65	noted.public.keys.should.be.ente
489a0	72 65 64 20 6f 6e 20 74 68 65 20 6f 70 70 6f 73 69 74 65 20 72 6f 75 74 65 72 73 2e 00 4e 6f 77	red.on.the.opposite.routers..Now
489c0	20 77 65 20 61 64 64 20 74 68 65 20 6f 70 74 69 6f 6e 20 74 6f 20 74 68 65 20 73 63 6f 70 65 2c	.we.add.the.option.to.the.scope,
489e0	20 61 64 61 70 74 20 74 6f 20 79 6f 75 72 20 73 65 74 75 70 00 4e 6f 77 20 77 65 20 6e 65 65 64	.adapt.to.your.setup.Now.we.need
48a00	20 74 6f 20 73 70 65 63 69 66 79 20 74 68 65 20 73 65 72 76 65 72 20 6e 65 74 77 6f 72 6b 20 73	.to.specify.the.server.network.s
48a20	65 74 74 69 6e 67 73 2e 20 49 6e 20 61 6c 6c 20 63 61 73 65 73 20 77 65 20 6e 65 65 64 20 74 6f	ettings..In.all.cases.we.need.to
48a40	20 73 70 65 63 69 66 79 20 74 68 65 20 73 75 62 6e 65 74 20 66 6f 72 20 63 6c 69 65 6e 74 20 74	.specify.the.subnet.for.client.t
48a60	75 6e 6e 65 6c 20 65 6e 64 70 6f 69 6e 74 73 2e 20 53 69 6e 63 65 20 77 65 20 77 61 6e 74 20 63	unnel.endpoints..Since.we.want.c
48a80	6c 69 65 6e 74 73 20 74 6f 20 61 63 63 65 73 73 20 61 20 73 70 65 63 69 66 69 63 20 6e 65 74 77	lients.to.access.a.specific.netw
48aa0	6f 72 6b 20 62 65 68 69 6e 64 20 6f 75 72 20 72 6f 75 74 65 72 2c 20 77 65 20 77 69 6c 6c 20 75	ork.behind.our.router,.we.will.u
48ac0	73 65 20 61 20 70 75 73 68 2d 72 6f 75 74 65 20 6f 70 74 69 6f 6e 20 66 6f 72 20 69 6e 73 74 61	se.a.push-route.option.for.insta
48ae0	6c 6c 69 6e 67 20 74 68 61 74 20 72 6f 75 74 65 20 6f 6e 20 63 6c 69 65 6e 74 73 2e 00 4e 6f 77	lling.that.route.on.clients..Now
48b00	20 77 68 65 6e 20 63 6f 6e 6e 65 63 74 69 6e 67 20 74 68 65 20 75 73 65 72 20 77 69 6c 6c 20 66	.when.connecting.the.user.will.f
48b20	69 72 73 74 20 62 65 20 61 73 6b 65 64 20 66 6f 72 20 74 68 65 20 70 61 73 73 77 6f 72 64 20 61	irst.be.asked.for.the.password.a
48b40	6e 64 20 74 68 65 6e 20 74 68 65 20 4f 54 50 20 6b 65 79 2e 00 4e 6f 77 20 79 6f 75 20 61 72 65	nd.then.the.OTP.key..Now.you.are
48b60	20 72 65 61 64 79 20 74 6f 20 73 65 74 75 70 20 49 50 73 65 63 2e 20 54 68 65 20 6b 65 79 20 70	.ready.to.setup.IPsec..The.key.p
48b80	6f 69 6e 74 73 3a 00 4e 6f 77 20 79 6f 75 20 61 72 65 20 72 65 61 64 79 20 74 6f 20 73 65 74 75	oints:.Now.you.are.ready.to.setu
48ba0	70 20 49 50 73 65 63 2e 20 59 6f 75 27 6c 6c 20 6e 65 65 64 20 74 6f 20 75 73 65 20 61 6e 20 49	p.IPsec..You'll.need.to.use.an.I
48bc0	44 20 69 6e 73 74 65 61 64 20 6f 66 20 61 64 64 72 65 73 73 20 66 6f 72 20 74 68 65 20 70 65 65	D.instead.of.address.for.the.pee
48be0	72 2e 00 4e 75 6d 62 65 72 20 6f 66 20 61 6e 74 65 6e 6e 61 73 20 6f 6e 20 74 68 69 73 20 63 61	r..Number.of.antennas.on.this.ca
48c00	72 64 00 4e 75 6d 62 65 72 20 6f 66 20 6c 69 6e 65 73 20 74 6f 20 62 65 20 64 69 73 70 6c 61 79	rd.Number.of.lines.to.be.display
48c20	65 64 2c 20 64 65 66 61 75 6c 74 20 31 30 00 4f 53 50 46 00 4f 53 50 46 20 53 52 20 20 43 6f 6e	ed,.default.10.OSPF.OSPF.SR..Con
48c40	66 69 67 75 72 61 74 69 6f 6e 00 4f 53 50 46 20 69 73 20 61 20 77 69 64 65 6c 79 20 75 73 65 64	figuration.OSPF.is.a.widely.used
48c60	20 49 47 50 20 69 6e 20 6c 61 72 67 65 20 65 6e 74 65 72 70 72 69 73 65 20 6e 65 74 77 6f 72 6b	.IGP.in.large.enterprise.network
48c80	73 2e 00 4f 53 50 46 20 72 6f 75 74 69 6e 67 20 64 65 76 69 63 65 73 20 6e 6f 72 6d 61 6c 6c 79	s..OSPF.routing.devices.normally
48ca0	20 64 69 73 63 6f 76 65 72 20 74 68 65 69 72 20 6e 65 69 67 68 62 6f 72 73 20 64 79 6e 61 6d 69	.discover.their.neighbors.dynami
48cc0	63 61 6c 6c 79 20 62 79 20 6c 69 73 74 65 6e 69 6e 67 20 74 6f 20 74 68 65 20 62 72 6f 61 64 63	cally.by.listening.to.the.broadc
48ce0	61 73 74 20 6f 72 20 6d 75 6c 74 69 63 61 73 74 20 68 65 6c 6c 6f 20 70 61 63 6b 65 74 73 20 6f	ast.or.multicast.hello.packets.o
48d00	6e 20 74 68 65 20 6e 65 74 77 6f 72 6b 2e 20 42 65 63 61 75 73 65 20 61 6e 20 4e 42 4d 41 20 6e	n.the.network..Because.an.NBMA.n
48d20	65 74 77 6f 72 6b 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 62 72 6f 61 64 63 61 73	etwork.does.not.support.broadcas
48d40	74 20 28 6f 72 20 6d 75 6c 74 69 63 61 73 74 29 2c 20 74 68 65 20 64 65 76 69 63 65 20 63 61 6e	t.(or.multicast),.the.device.can
48d60	6e 6f 74 20 64 69 73 63 6f 76 65 72 20 69 74 73 20 6e 65 69 67 68 62 6f 72 73 20 64 79 6e 61 6d	not.discover.its.neighbors.dynam
48d80	69 63 61 6c 6c 79 2c 20 73 6f 20 79 6f 75 20 6d 75 73 74 20 63 6f 6e 66 69 67 75 72 65 20 61 6c	ically,.so.you.must.configure.al
48da0	6c 20 74 68 65 20 6e 65 69 67 68 62 6f 72 73 20 73 74 61 74 69 63 61 6c 6c 79 2e 00 4f 53 50 46	l.the.neighbors.statically..OSPF
48dc0	76 32 20 28 49 50 76 34 29 00 4f 53 50 46 76 33 20 28 49 50 76 36 29 00 4f 54 50 2d 6b 65 79 20	v2.(IPv4).OSPFv3.(IPv6).OTP-key.
48de0	67 65 6e 65 72 61 74 69 6f 6e 00 4f 66 66 6c 6f 61 64 69 6e 67 00 4f 66 66 73 65 74 20 6f 66 20	generation.Offloading.Offset.of.
48e00	74 68 65 20 63 6c 69 65 6e 74 27 73 20 73 75 62 6e 65 74 20 69 6e 20 73 65 63 6f 6e 64 73 20 66	the.client's.subnet.in.seconds.f
48e20	72 6f 6d 20 43 6f 6f 72 64 69 6e 61 74 65 64 20 55 6e 69 76 65 72 73 61 6c 20 54 69 6d 65 20 28	rom.Coordinated.Universal.Time.(
48e40	55 54 43 29 00 4f 66 74 65 6e 20 77 65 20 6e 65 65 64 20 74 6f 20 65 6d 62 65 64 20 6f 6e 65 20	UTC).Often.we.need.to.embed.one.
48e60	70 6f 6c 69 63 79 20 69 6e 74 6f 20 61 6e 6f 74 68 65 72 20 6f 6e 65 2e 20 49 74 20 69 73 20 70	policy.into.another.one..It.is.p
48e80	6f 73 73 69 62 6c 65 20 74 6f 20 64 6f 20 73 6f 20 6f 6e 20 63 6c 61 73 73 66 75 6c 20 70 6f 6c	ossible.to.do.so.on.classful.pol
48ea0	69 63 69 65 73 2c 20 62 79 20 61 74 74 61 63 68 69 6e 67 20 61 20 6e 65 77 20 70 6f 6c 69 63 79	icies,.by.attaching.a.new.policy
48ec0	20 69 6e 74 6f 20 61 20 63 6c 61 73 73 2e 20 46 6f 72 20 69 6e 73 74 61 6e 63 65 2c 20 79 6f 75	.into.a.class..For.instance,.you
48ee0	20 6d 69 67 68 74 20 77 61 6e 74 20 74 6f 20 61 70 70 6c 79 20 64 69 66 66 65 72 65 6e 74 20 70	.might.want.to.apply.different.p
48f00	6f 6c 69 63 69 65 73 20 74 6f 20 74 68 65 20 64 69 66 66 65 72 65 6e 74 20 63 6c 61 73 73 65 73	olicies.to.the.different.classes
48f20	20 6f 66 20 61 20 52 6f 75 6e 64 2d 52 6f 62 69 6e 20 70 6f 6c 69 63 79 20 79 6f 75 20 68 61 76	.of.a.Round-Robin.policy.you.hav
48f40	65 20 63 6f 6e 66 69 67 75 72 65 64 2e 00 4f 66 74 65 6e 20 79 6f 75 20 77 69 6c 6c 20 61 6c 73	e.configured..Often.you.will.als
48f60	6f 20 68 61 76 65 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 2a 64 65 66 61 75 6c	o.have.to.configure.your.*defaul
48f80	74 2a 20 74 72 61 66 66 69 63 20 69 6e 20 74 68 65 20 73 61 6d 65 20 77 61 79 20 79 6f 75 20 64	t*.traffic.in.the.same.way.you.d
48fa0	6f 20 77 69 74 68 20 61 20 63 6c 61 73 73 2e 20 2a 44 65 66 61 75 6c 74 2a 20 63 61 6e 20 62 65	o.with.a.class..*Default*.can.be
48fc0	20 63 6f 6e 73 69 64 65 72 65 64 20 61 20 63 6c 61 73 73 20 61 73 20 69 74 20 62 65 68 61 76 65	.considered.a.class.as.it.behave
48fe0	73 20 6c 69 6b 65 20 74 68 61 74 2e 20 49 74 20 63 6f 6e 74 61 69 6e 73 20 61 6e 79 20 74 72 61	s.like.that..It.contains.any.tra
49000	66 66 69 63 20 74 68 61 74 20 64 69 64 20 6e 6f 74 20 6d 61 74 63 68 20 61 6e 79 20 6f 66 20 74	ffic.that.did.not.match.any.of.t
49020	68 65 20 64 65 66 69 6e 65 64 20 63 6c 61 73 73 65 73 2c 20 73 6f 20 69 74 20 69 73 20 6c 69 6b	he.defined.classes,.so.it.is.lik
49040	65 20 61 6e 20 6f 70 65 6e 20 63 6c 61 73 73 2c 20 61 20 63 6c 61 73 73 20 77 69 74 68 6f 75 74	e.an.open.class,.a.class.without
49060	20 6d 61 74 63 68 69 6e 67 20 66 69 6c 74 65 72 73 2e 00 4f 6e 20 61 63 74 69 76 65 20 72 6f 75	.matching.filters..On.active.rou
49080	74 65 72 20 72 75 6e 3a 00 4f 6e 20 6c 6f 77 20 72 61 74 65 73 20 28 62 65 6c 6f 77 20 34 30 4d	ter.run:.On.low.rates.(below.40M
490a0	62 69 74 29 20 79 6f 75 20 6d 61 79 20 77 61 6e 74 20 74 6f 20 74 75 6e 65 20 60 71 75 61 6e 74	bit).you.may.want.to.tune.`quant
490c0	75 6d 60 20 64 6f 77 6e 20 74 6f 20 73 6f 6d 65 74 68 69 6e 67 20 6c 69 6b 65 20 33 30 30 20 62	um`.down.to.something.like.300.b
490e0	79 74 65 73 2e 00 4f 6e 20 6d 6f 73 74 20 73 63 65 6e 61 72 69 6f 73 2c 20 74 68 65 72 65 27 73	ytes..On.most.scenarios,.there's
49100	20 6e 6f 20 6e 65 65 64 20 74 6f 20 63 68 61 6e 67 65 20 73 70 65 63 69 66 69 63 20 70 61 72 61	.no.need.to.change.specific.para
49120	6d 65 74 65 72 73 2c 20 61 6e 64 20 75 73 69 6e 67 20 64 65 66 61 75 6c 74 20 63 6f 6e 66 69 67	meters,.and.using.default.config
49140	75 72 61 74 69 6f 6e 20 69 73 20 65 6e 6f 75 67 68 2e 20 42 75 74 20 74 68 65 72 65 20 61 72 65	uration.is.enough..But.there.are
49160	20 63 61 73 65 73 20 77 65 72 65 20 65 78 74 72 61 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20	.cases.were.extra.configuration.
49180	69 73 20 6e 65 65 64 65 64 2e 00 4f 6e 20 73 74 61 6e 64 62 79 20 72 6f 75 74 65 72 20 72 75 6e	is.needed..On.standby.router.run
491a0	3a 00 4f 6e 20 73 79 73 74 65 6d 73 20 77 69 74 68 20 6d 75 6c 74 69 70 6c 65 20 72 65 64 75 6e	:.On.systems.with.multiple.redun
491c0	64 61 6e 74 20 75 70 6c 69 6e 6b 73 20 61 6e 64 20 72 6f 75 74 65 73 2c 20 69 74 27 73 20 61 20	dant.uplinks.and.routes,.it's.a.
491e0	67 6f 6f 64 20 69 64 65 61 20 74 6f 20 75 73 65 20 61 20 64 65 64 69 63 61 74 65 64 20 61 64 64	good.idea.to.use.a.dedicated.add
49200	72 65 73 73 20 66 6f 72 20 6d 61 6e 61 67 65 6d 65 6e 74 20 61 6e 64 20 64 79 6e 61 6d 69 63 20	ress.for.management.and.dynamic.
49220	72 6f 75 74 69 6e 67 20 70 72 6f 74 6f 63 6f 6c 73 2e 20 48 6f 77 65 76 65 72 2c 20 61 73 73 69	routing.protocols..However,.assi
49240	67 6e 69 6e 67 20 74 68 61 74 20 61 64 64 72 65 73 73 20 74 6f 20 61 20 70 68 79 73 69 63 61 6c	gning.that.address.to.a.physical
49260	20 6c 69 6e 6b 20 69 73 20 72 69 73 6b 79 3a 20 69 66 20 74 68 61 74 20 6c 69 6e 6b 20 67 6f 65	.link.is.risky:.if.that.link.goe
49280	73 20 64 6f 77 6e 2c 20 74 68 61 74 20 61 64 64 72 65 73 73 20 77 69 6c 6c 20 62 65 63 6f 6d 65	s.down,.that.address.will.become
492a0	20 69 6e 61 63 63 65 73 73 69 62 6c 65 2e 20 41 20 63 6f 6d 6d 6f 6e 20 73 6f 6c 75 74 69 6f 6e	.inaccessible..A.common.solution
492c0	20 69 73 20 74 6f 20 61 73 73 69 67 6e 20 74 68 65 20 6d 61 6e 61 67 65 6d 65 6e 74 20 61 64 64	.is.to.assign.the.management.add
492e0	72 65 73 73 20 74 6f 20 61 20 6c 6f 6f 70 62 61 63 6b 20 6f 72 20 61 20 64 75 6d 6d 79 20 69 6e	ress.to.a.loopback.or.a.dummy.in
49300	74 65 72 66 61 63 65 20 61 6e 64 20 61 64 76 65 72 74 69 73 65 20 74 68 61 74 20 61 64 64 72 65	terface.and.advertise.that.addre
49320	73 73 20 76 69 61 20 61 6c 6c 20 70 68 79 73 69 63 61 6c 20 6c 69 6e 6b 73 2c 20 73 6f 20 74 68	ss.via.all.physical.links,.so.th
49340	61 74 20 69 74 27 73 20 72 65 61 63 68 61 62 6c 65 20 74 68 72 6f 75 67 68 20 61 6e 79 20 6f 66	at.it's.reachable.through.any.of
49360	20 74 68 65 6d 2e 20 53 69 6e 63 65 20 69 6e 20 4c 69 6e 75 78 2d 62 61 73 65 64 20 73 79 73 74	.them..Since.in.Linux-based.syst
49380	65 6d 73 2c 20 74 68 65 72 65 20 63 61 6e 20 62 65 20 6f 6e 6c 79 20 6f 6e 65 20 6c 6f 6f 70 62	ems,.there.can.be.only.one.loopb
493a0	61 63 6b 20 69 6e 74 65 72 66 61 63 65 2c 20 69 74 27 73 20 62 65 74 74 65 72 20 74 6f 20 75 73	ack.interface,.it's.better.to.us
493c0	65 20 61 20 64 75 6d 6d 79 20 69 6e 74 65 72 66 61 63 65 20 66 6f 72 20 74 68 61 74 20 70 75 72	e.a.dummy.interface.for.that.pur
493e0	70 6f 73 65 2c 20 73 69 6e 63 65 20 74 68 65 79 20 63 61 6e 20 62 65 20 61 64 64 65 64 2c 20 72	pose,.since.they.can.be.added,.r
49400	65 6d 6f 76 65 64 2c 20 61 6e 64 20 74 61 6b 65 6e 20 75 70 20 61 6e 64 20 64 6f 77 6e 20 69 6e	emoved,.and.taken.up.and.down.in
49420	64 65 70 65 6e 64 65 6e 74 6c 79 2e 00 4f 6e 20 74 68 65 20 4c 45 46 54 20 28 73 74 61 74 69 63	dependently..On.the.LEFT.(static
49440	20 61 64 64 72 65 73 73 29 3a 00 4f 6e 20 74 68 65 20 4c 45 46 54 3a 00 4f 6e 20 74 68 65 20 52	.address):.On.the.LEFT:.On.the.R
49460	49 47 48 54 20 28 64 79 6e 61 6d 69 63 20 61 64 64 72 65 73 73 29 3a 00 4f 6e 20 74 68 65 20 52	IGHT.(dynamic.address):.On.the.R
49480	49 47 48 54 2c 20 73 65 74 75 70 20 62 79 20 61 6e 61 6c 6f 67 79 20 61 6e 64 20 73 77 61 70 20	IGHT,.setup.by.analogy.and.swap.
494a0	6c 6f 63 61 6c 20 61 6e 64 20 72 65 6d 6f 74 65 20 61 64 64 72 65 73 73 65 73 2e 00 4f 6e 20 74	local.and.remote.addresses..On.t
494c0	68 65 20 52 49 47 48 54 3a 00 4f 6e 20 74 68 65 20 61 63 74 69 76 65 20 72 6f 75 74 65 72 2c 20	he.RIGHT:.On.the.active.router,.
494e0	79 6f 75 20 73 68 6f 75 6c 64 20 68 61 76 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 69 6e 20 74	you.should.have.information.in.t
49500	68 65 20 69 6e 74 65 72 6e 61 6c 2d 63 61 63 68 65 20 6f 66 20 63 6f 6e 6e 74 72 61 63 6b 2d 73	he.internal-cache.of.conntrack-s
49520	79 6e 63 2e 20 54 68 65 20 73 61 6d 65 20 63 75 72 72 65 6e 74 20 61 63 74 69 76 65 20 63 6f 6e	ync..The.same.current.active.con
49540	6e 65 63 74 69 6f 6e 73 20 6e 75 6d 62 65 72 20 73 68 6f 75 6c 64 20 62 65 20 73 68 6f 77 6e 20	nections.number.should.be.shown.
49560	69 6e 20 74 68 65 20 65 78 74 65 72 6e 61 6c 2d 63 61 63 68 65 20 6f 66 20 74 68 65 20 73 74 61	in.the.external-cache.of.the.sta
49580	6e 64 62 79 20 72 6f 75 74 65 72 00 4f 6e 20 74 68 65 20 69 6e 69 74 69 61 74 6f 72 2c 20 77 65	ndby.router.On.the.initiator,.we
495a0	20 6e 65 65 64 20 74 6f 20 73 65 74 20 74 68 65 20 72 65 6d 6f 74 65 2d 69 64 20 6f 70 74 69 6f	.need.to.set.the.remote-id.optio
495c0	6e 20 73 6f 20 74 68 61 74 20 69 74 20 63 61 6e 20 69 64 65 6e 74 69 66 79 20 49 4b 45 20 74 72	n.so.that.it.can.identify.IKE.tr
495e0	61 66 66 69 63 20 66 72 6f 6d 20 74 68 65 20 72 65 73 70 6f 6e 64 65 72 20 63 6f 72 72 65 63 74	affic.from.the.responder.correct
49600	6c 79 2e 00 4f 6e 20 74 68 65 20 69 6e 69 74 69 61 74 6f 72 2c 20 77 65 20 73 65 74 20 74 68 65	ly..On.the.initiator,.we.set.the
49620	20 70 65 65 72 20 61 64 64 72 65 73 73 20 74 6f 20 69 74 73 20 70 75 62 6c 69 63 20 61 64 64 72	.peer.address.to.its.public.addr
49640	65 73 73 2c 20 62 75 74 20 6f 6e 20 74 68 65 20 72 65 73 70 6f 6e 64 65 72 20 77 65 20 6f 6e 6c	ess,.but.on.the.responder.we.onl
49660	79 20 73 65 74 20 74 68 65 20 69 64 2e 00 4f 6e 20 74 68 65 20 72 65 73 70 6f 6e 64 65 72 2c 20	y.set.the.id..On.the.responder,.
49680	77 65 20 6e 65 65 64 20 74 6f 20 73 65 74 20 74 68 65 20 6c 6f 63 61 6c 20 69 64 20 73 6f 20 74	we.need.to.set.the.local.id.so.t
496a0	68 61 74 20 69 6e 69 74 69 61 74 6f 72 20 63 61 6e 20 6b 6e 6f 77 20 77 68 6f 27 73 20 74 61 6c	hat.initiator.can.know.who's.tal
496c0	6b 69 6e 67 20 74 6f 20 69 74 20 66 6f 72 20 74 68 65 20 70 6f 69 6e 74 20 23 33 20 74 6f 20 77	king.to.it.for.the.point.#3.to.w
496e0	6f 72 6b 2e 00 4f 6e 63 65 20 61 20 63 6c 61 73 73 20 68 61 73 20 61 20 66 69 6c 74 65 72 20 63	ork..Once.a.class.has.a.filter.c
49700	6f 6e 66 69 67 75 72 65 64 2c 20 79 6f 75 20 77 69 6c 6c 20 61 6c 73 6f 20 68 61 76 65 20 74 6f	onfigured,.you.will.also.have.to
49720	20 64 65 66 69 6e 65 20 77 68 61 74 20 79 6f 75 20 77 61 6e 74 20 74 6f 20 64 6f 20 77 69 74 68	.define.what.you.want.to.do.with
49740	20 74 68 65 20 74 72 61 66 66 69 63 20 6f 66 20 74 68 61 74 20 63 6c 61 73 73 2c 20 77 68 61 74	.the.traffic.of.that.class,.what
49760	20 73 70 65 63 69 66 69 63 20 54 72 61 66 66 69 63 2d 43 6f 6e 74 72 6f 6c 20 74 72 65 61 74 6d	.specific.Traffic-Control.treatm
49780	65 6e 74 20 79 6f 75 20 77 61 6e 74 20 74 6f 20 67 69 76 65 20 69 74 2e 20 59 6f 75 20 77 69 6c	ent.you.want.to.give.it..You.wil
497a0	6c 20 68 61 76 65 20 64 69 66 66 65 72 65 6e 74 20 70 6f 73 73 69 62 69 6c 69 74 69 65 73 20 64	l.have.different.possibilities.d
497c0	65 70 65 6e 64 69 6e 67 20 6f 6e 20 74 68 65 20 54 72 61 66 66 69 63 20 50 6f 6c 69 63 79 20 79	epending.on.the.Traffic.Policy.y
497e0	6f 75 20 61 72 65 20 63 6f 6e 66 69 67 75 72 69 6e 67 2e 00 4f 6e 63 65 20 61 20 6e 65 69 67 68	ou.are.configuring..Once.a.neigh
49800	62 6f 72 20 68 61 73 20 62 65 65 6e 20 66 6f 75 6e 64 2c 20 74 68 65 20 65 6e 74 72 79 20 69 73	bor.has.been.found,.the.entry.is
49820	20 63 6f 6e 73 69 64 65 72 65 64 20 74 6f 20 62 65 20 76 61 6c 69 64 20 66 6f 72 20 61 74 20 6c	.considered.to.be.valid.for.at.l
49840	65 61 73 74 20 66 6f 72 20 74 68 69 73 20 73 70 65 63 69 66 69 63 20 74 69 6d 65 2e 20 41 6e 20	east.for.this.specific.time..An.
49860	65 6e 74 72 79 27 73 20 76 61 6c 69 64 69 74 79 20 77 69 6c 6c 20 62 65 20 65 78 74 65 6e 64 65	entry's.validity.will.be.extende
49880	64 20 69 66 20 69 74 20 72 65 63 65 69 76 65 73 20 70 6f 73 69 74 69 76 65 20 66 65 65 64 62 61	d.if.it.receives.positive.feedba
498a0	63 6b 20 66 72 6f 6d 20 68 69 67 68 65 72 20 6c 65 76 65 6c 20 70 72 6f 74 6f 63 6f 6c 73 2e 00	ck.from.higher.level.protocols..
498c0	4f 6e 63 65 20 61 20 72 6f 75 74 65 20 69 73 20 61 73 73 65 73 73 65 64 20 61 20 70 65 6e 61 6c	Once.a.route.is.assessed.a.penal
498e0	74 79 2c 20 74 68 65 20 70 65 6e 61 6c 74 79 20 69 73 20 64 65 63 72 65 61 73 65 64 20 62 79 20	ty,.the.penalty.is.decreased.by.
49900	68 61 6c 66 20 65 61 63 68 20 74 69 6d 65 20 61 20 70 72 65 64 65 66 69 6e 65 64 20 61 6d 6f 75	half.each.time.a.predefined.amou
49920	6e 74 20 6f 66 20 74 69 6d 65 20 65 6c 61 70 73 65 73 20 28 68 61 6c 66 2d 6c 69 66 65 2d 74 69	nt.of.time.elapses.(half-life-ti
49940	6d 65 29 2e 20 57 68 65 6e 20 74 68 65 20 61 63 63 75 6d 75 6c 61 74 65 64 20 70 65 6e 61 6c 74	me)..When.the.accumulated.penalt
49960	69 65 73 20 66 61 6c 6c 20 62 65 6c 6f 77 20 61 20 70 72 65 64 65 66 69 6e 65 64 20 74 68 72 65	ies.fall.below.a.predefined.thre
49980	73 68 6f 6c 64 20 28 72 65 75 73 65 2d 76 61 6c 75 65 29 2c 20 74 68 65 20 72 6f 75 74 65 20 69	shold.(reuse-value),.the.route.i
499a0	73 20 75 6e 73 75 70 70 72 65 73 73 65 64 20 61 6e 64 20 61 64 64 65 64 20 62 61 63 6b 20 69 6e	s.unsuppressed.and.added.back.in
499c0	74 6f 20 74 68 65 20 42 47 50 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 2e 00 4f 6e 63 65 20 61	to.the.BGP.routing.table..Once.a
499e0	20 74 72 61 66 66 69 63 2d 70 6f 6c 69 63 79 20 69 73 20 63 72 65 61 74 65 64 2c 20 79 6f 75 20	.traffic-policy.is.created,.you.
49a00	63 61 6e 20 61 70 70 6c 79 20 69 74 20 74 6f 20 61 6e 20 69 6e 74 65 72 66 61 63 65 3a 00 4f 6e	can.apply.it.to.an.interface:.On
49a20	63 65 20 63 72 65 61 74 65 64 20 69 6e 20 74 68 65 20 73 79 73 74 65 6d 2c 20 50 73 65 75 64 6f	ce.created.in.the.system,.Pseudo
49a40	2d 45 74 68 65 72 6e 65 74 20 69 6e 74 65 72 66 61 63 65 73 20 63 61 6e 20 62 65 20 72 65 66 65	-Ethernet.interfaces.can.be.refe
49a60	72 65 6e 63 65 64 20 69 6e 20 74 68 65 20 65 78 61 63 74 20 73 61 6d 65 20 77 61 79 20 61 73 20	renced.in.the.exact.same.way.as.
49a80	6f 74 68 65 72 20 45 74 68 65 72 6e 65 74 20 69 6e 74 65 72 66 61 63 65 73 2e 20 4e 6f 74 65 73	other.Ethernet.interfaces..Notes
49aa0	20 61 62 6f 75 74 20 75 73 69 6e 67 20 50 73 65 75 64 6f 2d 20 45 74 68 65 72 6e 65 74 20 69 6e	.about.using.Pseudo-.Ethernet.in
49ac0	74 65 72 66 61 63 65 73 3a 00 4f 6e 63 65 20 66 6c 6f 77 20 61 63 63 6f 75 6e 74 69 6e 67 20 69	terfaces:.Once.flow.accounting.i
49ae0	73 20 63 6f 6e 66 69 67 75 72 65 64 20 6f 6e 20 61 6e 20 69 6e 74 65 72 66 61 63 65 73 20 69 74	s.configured.on.an.interfaces.it
49b00	20 70 72 6f 76 69 64 65 73 20 74 68 65 20 61 62 69 6c 69 74 79 20 74 6f 20 64 69 73 70 6c 61 79	.provides.the.ability.to.display
49b20	20 63 61 70 74 75 72 65 64 20 6e 65 74 77 6f 72 6b 20 74 72 61 66 66 69 63 20 69 6e 66 6f 72 6d	.captured.network.traffic.inform
49b40	61 74 69 6f 6e 20 66 6f 72 20 61 6c 6c 20 63 6f 6e 66 69 67 75 72 65 64 20 69 6e 74 65 72 66 61	ation.for.all.configured.interfa
49b60	63 65 73 2e 00 4f 6e 63 65 20 74 68 65 20 6c 6f 63 61 6c 20 74 75 6e 6e 65 6c 20 65 6e 64 70 6f	ces..Once.the.local.tunnel.endpo
49b80	69 6e 74 20 60 60 73 65 74 20 73 65 72 76 69 63 65 20 70 70 70 6f 65 2d 73 65 72 76 65 72 20 67	int.``set.service.pppoe-server.g
49ba0	61 74 65 77 61 79 2d 61 64 64 72 65 73 73 20 27 31 30 2e 31 2e 31 2e 32 27 60 60 20 68 61 73 20	ateway-address.'10.1.1.2'``.has.
49bc0	62 65 65 6e 20 64 65 66 69 6e 65 64 2c 20 74 68 65 20 63 6c 69 65 6e 74 20 49 50 20 70 6f 6f 6c	been.defined,.the.client.IP.pool
49be0	20 63 61 6e 20 62 65 20 65 69 74 68 65 72 20 64 65 66 69 6e 65 64 20 61 73 20 61 20 72 61 6e 67	.can.be.either.defined.as.a.rang
49c00	65 20 6f 72 20 61 73 20 73 75 62 6e 65 74 20 75 73 69 6e 67 20 43 49 44 52 20 6e 6f 74 61 74 69	e.or.as.subnet.using.CIDR.notati
49c20	6f 6e 2e 20 49 66 20 74 68 65 20 43 49 44 52 20 6e 6f 74 61 74 69 6f 6e 20 69 73 20 75 73 65 64	on..If.the.CIDR.notation.is.used
49c40	2c 20 6d 75 6c 74 69 70 6c 65 20 73 75 62 6e 65 74 73 20 63 61 6e 20 62 65 20 73 65 74 75 70 20	,.multiple.subnets.can.be.setup.
49c60	77 68 69 63 68 20 61 72 65 20 75 73 65 64 20 73 65 71 75 65 6e 74 69 61 6c 6c 79 2e 00 4f 6e 63	which.are.used.sequentially..Onc
49c80	65 20 74 68 65 20 6d 61 74 63 68 69 6e 67 20 72 75 6c 65 73 20 61 72 65 20 73 65 74 20 66 6f 72	e.the.matching.rules.are.set.for
49ca0	20 61 20 63 6c 61 73 73 2c 20 79 6f 75 20 63 61 6e 20 73 74 61 72 74 20 63 6f 6e 66 69 67 75 72	.a.class,.you.can.start.configur
49cc0	69 6e 67 20 68 6f 77 20 79 6f 75 20 77 61 6e 74 20 6d 61 74 63 68 69 6e 67 20 74 72 61 66 66 69	ing.how.you.want.matching.traffi
49ce0	63 20 74 6f 20 62 65 68 61 76 65 2e 00 4f 6e 63 65 20 74 68 65 20 75 73 65 72 20 69 73 20 63 6f	c.to.behave..Once.the.user.is.co
49d00	6e 6e 65 63 74 65 64 2c 20 74 68 65 20 75 73 65 72 20 73 65 73 73 69 6f 6e 20 69 73 20 75 73 69	nnected,.the.user.session.is.usi
49d20	6e 67 20 74 68 65 20 73 65 74 20 6c 69 6d 69 74 73 20 61 6e 64 20 63 61 6e 20 62 65 20 64 69 73	ng.the.set.limits.and.can.be.dis
49d40	70 6c 61 79 65 64 20 76 69 61 20 27 73 68 6f 77 20 70 70 70 6f 65 2d 73 65 72 76 65 72 20 73 65	played.via.'show.pppoe-server.se
49d60	73 73 69 6f 6e 73 27 2e 00 4f 6e 63 65 20 79 6f 75 20 63 6f 6d 6d 69 74 20 74 68 65 20 61 62 6f	ssions'..Once.you.commit.the.abo
49d80	76 65 20 63 68 61 6e 67 65 73 20 79 6f 75 20 63 61 6e 20 63 72 65 61 74 65 20 61 20 63 6f 6e 66	ve.changes.you.can.create.a.conf
49da0	69 67 20 66 69 6c 65 20 69 6e 20 74 68 65 20 2f 63 6f 6e 66 69 67 2f 61 75 74 68 2f 6f 63 73 65	ig.file.in.the./config/auth/ocse
49dc0	72 76 2f 63 6f 6e 66 69 67 2d 70 65 72 2d 75 73 65 72 20 64 69 72 65 63 74 6f 72 79 20 74 68 61	rv/config-per-user.directory.tha
49de0	74 20 6d 61 74 63 68 65 73 20 61 20 75 73 65 72 6e 61 6d 65 20 6f 66 20 61 20 75 73 65 72 20 79	t.matches.a.username.of.a.user.y
49e00	6f 75 20 68 61 76 65 20 63 72 65 61 74 65 64 20 65 2e 67 2e 20 22 74 73 74 22 2e 20 4e 6f 77 20	ou.have.created.e.g.."tst"..Now.
49e20	77 68 65 6e 20 6c 6f 67 67 69 6e 67 20 69 6e 20 77 69 74 68 20 74 68 65 20 22 74 73 74 22 20 75	when.logging.in.with.the."tst".u
49e40	73 65 72 20 74 68 65 20 63 6f 6e 66 69 67 20 6f 70 74 69 6f 6e 73 20 79 6f 75 20 73 65 74 20 69	ser.the.config.options.you.set.i
49e60	6e 20 74 68 69 73 20 66 69 6c 65 20 77 69 6c 6c 20 62 65 20 6c 6f 61 64 65 64 2e 00 4f 6e 63 65	n.this.file.will.be.loaded..Once
49e80	20 79 6f 75 20 68 61 76 65 20 61 6e 20 45 74 68 65 72 6e 65 74 20 64 65 76 69 63 65 20 63 6f 6e	.you.have.an.Ethernet.device.con
49ea0	6e 65 63 74 65 64 2c 20 69 2e 65 2e 20 60 65 74 68 30 60 2c 20 74 68 65 6e 20 79 6f 75 20 63 61	nected,.i.e..`eth0`,.then.you.ca
49ec0	6e 20 63 6f 6e 66 69 67 75 72 65 20 69 74 20 74 6f 20 6f 70 65 6e 20 74 68 65 20 50 50 50 6f 45	n.configure.it.to.open.the.PPPoE
49ee0	20 73 65 73 73 69 6f 6e 20 66 6f 72 20 79 6f 75 20 61 6e 64 20 79 6f 75 72 20 44 53 4c 20 54 72	.session.for.you.and.your.DSL.Tr
49f00	61 6e 73 63 65 69 76 65 72 20 28 4d 6f 64 65 6d 2f 52 6f 75 74 65 72 29 20 6a 75 73 74 20 61 63	ansceiver.(Modem/Router).just.ac
49f20	74 73 20 74 6f 20 74 72 61 6e 73 6c 61 74 65 20 79 6f 75 72 20 6d 65 73 73 61 67 65 73 20 69 6e	ts.to.translate.your.messages.in
49f40	20 61 20 77 61 79 20 74 68 61 74 20 76 44 53 4c 2f 61 44 53 4c 20 75 6e 64 65 72 73 74 61 6e 64	.a.way.that.vDSL/aDSL.understand
49f60	73 2e 00 4f 6e 63 65 20 79 6f 75 20 68 61 76 65 20 73 65 74 75 70 20 79 6f 75 72 20 53 53 54 50	s..Once.you.have.setup.your.SSTP
49f80	20 73 65 72 76 65 72 20 74 68 65 72 65 20 63 6f 6d 65 73 20 74 68 65 20 74 69 6d 65 20 74 6f 20	.server.there.comes.the.time.to.
49fa0	64 6f 20 73 6f 6d 65 20 62 61 73 69 63 20 74 65 73 74 69 6e 67 2e 20 54 68 65 20 4c 69 6e 75 78	do.some.basic.testing..The.Linux
49fc0	20 63 6c 69 65 6e 74 20 75 73 65 64 20 66 6f 72 20 74 65 73 74 69 6e 67 20 69 73 20 63 61 6c 6c	.client.used.for.testing.is.call
49fe0	65 64 20 73 73 74 70 63 5f 2e 20 73 73 74 70 63 5f 20 72 65 71 75 69 72 65 73 20 61 20 50 50 50	ed.sstpc_..sstpc_.requires.a.PPP
4a000	20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2f 70 65 65 72 20 66 69 6c 65 2e 00 4f 6e 63 65 20 79	.configuration/peer.file..Once.y
4a020	6f 75 72 20 72 6f 75 74 65 72 73 20 61 72 65 20 63 6f 6e 66 69 67 75 72 65 64 20 74 6f 20 72 65	our.routers.are.configured.to.re
4a040	6a 65 63 74 20 52 50 4b 49 2d 69 6e 76 61 6c 69 64 20 70 72 65 66 69 78 65 73 2c 20 79 6f 75 20	ject.RPKI-invalid.prefixes,.you.
4a060	63 61 6e 20 74 65 73 74 20 77 68 65 74 68 65 72 20 74 68 65 20 63 6f 6e 66 69 67 75 72 61 74 69	can.test.whether.the.configurati
4a080	6f 6e 20 69 73 20 77 6f 72 6b 69 6e 67 20 63 6f 72 72 65 63 74 6c 79 20 75 73 69 6e 67 20 74 68	on.is.working.correctly.using.th
4a0a0	65 20 60 52 49 50 45 20 4c 61 62 73 20 52 50 4b 49 20 54 65 73 74 60 5f 20 65 78 70 65 72 69 6d	e.`RIPE.Labs.RPKI.Test`_.experim
4a0c0	65 6e 74 61 6c 20 74 6f 6f 6c 2e 00 4f 6e 65 20 54 79 70 65 2d 33 20 73 75 6d 6d 61 72 79 2d 4c	ental.tool..One.Type-3.summary-L
4a0e0	53 41 20 77 69 74 68 20 72 6f 75 74 69 6e 67 20 69 6e 66 6f 20 3c 45 2e 46 2e 47 2e 48 2f 4d 3e	SA.with.routing.info.<E.F.G.H/M>
4a100	20 69 73 20 61 6e 6e 6f 75 6e 63 65 64 20 69 6e 74 6f 20 62 61 63 6b 62 6f 6e 65 20 61 72 65 61	.is.announced.into.backbone.area
4a120	20 69 66 20 64 65 66 69 6e 65 64 20 61 72 65 61 20 63 6f 6e 74 61 69 6e 73 20 61 74 20 6c 65 61	.if.defined.area.contains.at.lea
4a140	73 74 20 6f 6e 65 20 69 6e 74 72 61 2d 61 72 65 61 20 6e 65 74 77 6f 72 6b 20 28 69 2e 65 2e 20	st.one.intra-area.network.(i.e..
4a160	64 65 73 63 72 69 62 65 64 20 77 69 74 68 20 72 6f 75 74 65 72 2d 4c 53 41 20 6f 72 20 6e 65 74	described.with.router-LSA.or.net
4a180	77 6f 72 6b 2d 4c 53 41 29 20 66 72 6f 6d 20 72 61 6e 67 65 20 3c 41 2e 42 2e 43 2e 44 2f 4d 3e	work-LSA).from.range.<A.B.C.D/M>
4a1a0	2e 20 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 6d 61 6b 65 73 20 73 65 6e 73 65 20 69 6e 20 41 42	..This.command.makes.sense.in.AB
4a1c0	52 20 6f 6e 6c 79 2e 00 4f 6e 65 20 69 6d 70 6c 69 63 69 74 20 65 6e 76 69 72 6f 6e 6d 65 6e 74	R.only..One.implicit.environment
4a1e0	20 65 78 69 73 74 73 2e 00 4f 6e 65 20 6f 66 20 74 68 65 20 69 6d 70 6f 72 74 61 6e 74 20 66 65	.exists..One.of.the.important.fe
4a200	61 74 75 72 65 73 20 62 75 69 6c 74 20 6f 6e 20 74 6f 70 20 6f 66 20 74 68 65 20 4e 65 74 66 69	atures.built.on.top.of.the.Netfi
4a220	6c 74 65 72 20 66 72 61 6d 65 77 6f 72 6b 20 69 73 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 74 72 61	lter.framework.is.connection.tra
4a240	63 6b 69 6e 67 2e 20 43 6f 6e 6e 65 63 74 69 6f 6e 20 74 72 61 63 6b 69 6e 67 20 61 6c 6c 6f 77	cking..Connection.tracking.allow
4a260	73 20 74 68 65 20 6b 65 72 6e 65 6c 20 74 6f 20 6b 65 65 70 20 74 72 61 63 6b 20 6f 66 20 61 6c	s.the.kernel.to.keep.track.of.al
4a280	6c 20 6c 6f 67 69 63 61 6c 20 6e 65 74 77 6f 72 6b 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 6f 72	l.logical.network.connections.or
4a2a0	20 73 65 73 73 69 6f 6e 73 2c 20 61 6e 64 20 74 68 65 72 65 62 79 20 72 65 6c 61 74 65 20 61 6c	.sessions,.and.thereby.relate.al
4a2c0	6c 20 6f 66 20 74 68 65 20 70 61 63 6b 65 74 73 20 77 68 69 63 68 20 6d 61 79 20 6d 61 6b 65 20	l.of.the.packets.which.may.make.
4a2e0	75 70 20 74 68 61 74 20 63 6f 6e 6e 65 63 74 69 6f 6e 2e 20 4e 41 54 20 72 65 6c 69 65 73 20 6f	up.that.connection..NAT.relies.o
4a300	6e 20 74 68 69 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74 6f 20 74 72 61 6e 73 6c 61 74 65 20	n.this.information.to.translate.
4a320	61 6c 6c 20 72 65 6c 61 74 65 64 20 70 61 63 6b 65 74 73 20 69 6e 20 74 68 65 20 73 61 6d 65 20	all.related.packets.in.the.same.
4a340	77 61 79 2c 20 61 6e 64 20 69 70 74 61 62 6c 65 73 20 63 61 6e 20 75 73 65 20 74 68 69 73 20 69	way,.and.iptables.can.use.this.i
4a360	6e 66 6f 72 6d 61 74 69 6f 6e 20 74 6f 20 61 63 74 20 61 73 20 61 20 73 74 61 74 65 66 75 6c 20	nformation.to.act.as.a.stateful.
4a380	66 69 72 65 77 61 6c 6c 2e 00 4f 6e 65 20 6f 66 20 74 68 65 20 75 73 65 73 20 6f 66 20 46 61 69	firewall..One.of.the.uses.of.Fai
4a3a0	72 20 51 75 65 75 65 20 6d 69 67 68 74 20 62 65 20 74 68 65 20 6d 69 74 69 67 61 74 69 6f 6e 20	r.Queue.might.be.the.mitigation.
4a3c0	6f 66 20 44 65 6e 69 61 6c 20 6f 66 20 53 65 72 76 69 63 65 20 61 74 74 61 63 6b 73 2e 00 4f 6e	of.Denial.of.Service.attacks..On
4a3e0	6c 79 20 38 30 32 2e 31 51 2d 74 61 67 67 65 64 20 70 61 63 6b 65 74 73 20 61 72 65 20 61 63 63	ly.802.1Q-tagged.packets.are.acc
4a400	65 70 74 65 64 20 6f 6e 20 45 74 68 65 72 6e 65 74 20 76 69 66 73 2e 00 4f 6e 6c 79 20 56 52 52	epted.on.Ethernet.vifs..Only.VRR
4a420	50 20 69 73 20 73 75 70 70 6f 72 74 65 64 2e 20 52 65 71 75 69 72 65 64 20 6f 70 74 69 6f 6e 2e	P.is.supported..Required.option.
4a440	00 4f 6e 6c 79 20 69 6e 20 74 68 65 20 73 6f 75 72 63 65 20 63 72 69 74 65 72 69 61 2c 20 79 6f	.Only.in.the.source.criteria,.yo
4a460	75 20 63 61 6e 20 73 70 65 63 69 66 79 20 61 20 6d 61 63 2d 61 64 64 72 65 73 73 2e 00 4f 6e 6c	u.can.specify.a.mac-address..Onl
4a480	79 20 6f 6e 65 20 53 52 47 42 20 61 6e 64 20 64 65 66 61 75 6c 74 20 53 50 46 20 41 6c 67 6f 72	y.one.SRGB.and.default.SPF.Algor
4a4a0	69 74 68 6d 20 69 73 20 73 75 70 70 6f 72 74 65 64 00 4f 6e 6c 79 20 72 65 71 75 65 73 74 20 61	ithm.is.supported.Only.request.a
4a4c0	6e 20 61 64 64 72 65 73 73 20 66 72 6f 6d 20 74 68 65 20 44 48 43 50 20 73 65 72 76 65 72 20 62	n.address.from.the.DHCP.server.b
4a4e0	75 74 20 64 6f 20 6e 6f 74 20 72 65 71 75 65 73 74 20 61 20 64 65 66 61 75 6c 74 20 67 61 74 65	ut.do.not.request.a.default.gate
4a500	77 61 79 2e 00 4f 6e 6c 79 20 72 65 71 75 65 73 74 20 61 6e 20 61 64 64 72 65 73 73 20 66 72 6f	way..Only.request.an.address.fro
4a520	6d 20 74 68 65 20 50 50 50 6f 45 20 73 65 72 76 65 72 20 62 75 74 20 64 6f 20 6e 6f 74 20 69 6e	m.the.PPPoE.server.but.do.not.in
4a540	73 74 61 6c 6c 20 61 6e 79 20 64 65 66 61 75 6c 74 20 72 6f 75 74 65 2e 00 4f 6e 6c 79 20 72 65	stall.any.default.route..Only.re
4a560	71 75 65 73 74 20 61 6e 20 61 64 64 72 65 73 73 20 66 72 6f 6d 20 74 68 65 20 53 53 54 50 20 73	quest.an.address.from.the.SSTP.s
4a580	65 72 76 65 72 20 62 75 74 20 64 6f 20 6e 6f 74 20 69 6e 73 74 61 6c 6c 20 61 6e 79 20 64 65 66	erver.but.do.not.install.any.def
4a5a0	61 75 6c 74 20 72 6f 75 74 65 2e 00 4f 6e 6c 79 20 74 68 65 20 74 79 70 65 20 28 60 60 73 73 68	ault.route..Only.the.type.(``ssh
4a5c0	2d 72 73 61 60 60 29 20 61 6e 64 20 74 68 65 20 6b 65 79 20 28 60 60 41 41 41 42 33 4e 2e 2e 2e	-rsa``).and.the.key.(``AAAB3N...
4a5e0	60 60 29 20 61 72 65 20 75 73 65 64 2e 20 4e 6f 74 65 20 74 68 61 74 20 74 68 65 20 6b 65 79 20	``).are.used..Note.that.the.key.
4a600	77 69 6c 6c 20 75 73 75 61 6c 6c 79 20 62 65 20 73 65 76 65 72 61 6c 20 68 75 6e 64 72 65 64 20	will.usually.be.several.hundred.
4a620	63 68 61 72 61 63 74 65 72 73 20 6c 6f 6e 67 2c 20 61 6e 64 20 79 6f 75 20 77 69 6c 6c 20 6e 65	characters.long,.and.you.will.ne
4a640	65 64 20 74 6f 20 63 6f 70 79 20 61 6e 64 20 70 61 73 74 65 20 69 74 2e 20 53 6f 6d 65 20 74 65	ed.to.copy.and.paste.it..Some.te
4a660	72 6d 69 6e 61 6c 20 65 6d 75 6c 61 74 6f 72 73 20 6d 61 79 20 61 63 63 69 64 65 6e 74 61 6c 6c	rminal.emulators.may.accidentall
4a680	79 20 73 70 6c 69 74 20 74 68 69 73 20 6f 76 65 72 20 73 65 76 65 72 61 6c 20 6c 69 6e 65 73 2e	y.split.this.over.several.lines.
4a6a0	20 42 65 20 61 74 74 65 6e 74 69 76 65 20 77 68 65 6e 20 79 6f 75 20 70 61 73 74 65 20 69 74 20	.Be.attentive.when.you.paste.it.
4a6c0	74 68 61 74 20 69 74 20 6f 6e 6c 79 20 70 61 73 74 65 73 20 61 73 20 61 20 73 69 6e 67 6c 65 20	that.it.only.pastes.as.a.single.
4a6e0	6c 69 6e 65 2e 20 54 68 65 20 74 68 69 72 64 20 70 61 72 74 20 69 73 20 73 69 6d 70 6c 79 20 61	line..The.third.part.is.simply.a
4a700	6e 20 69 64 65 6e 74 69 66 69 65 72 2c 20 61 6e 64 20 69 73 20 66 6f 72 20 79 6f 75 72 20 6f 77	n.identifier,.and.is.for.your.ow
4a720	6e 20 72 65 66 65 72 65 6e 63 65 2e 00 4f 70 2d 6d 6f 64 65 20 63 68 65 63 6b 20 76 69 72 74 75	n.reference..Op-mode.check.virtu
4a740	61 6c 2d 73 65 72 76 65 72 20 73 74 61 74 75 73 00 4f 70 65 6e 43 6f 6e 6e 65 63 74 00 4f 70 65	al-server.status.OpenConnect.Ope
4a760	6e 43 6f 6e 6e 65 63 74 20 63 61 6e 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 74 6f 20 73 65	nConnect.can.be.configured.to.se
4a780	6e 64 20 61 63 63 6f 75 6e 74 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74 6f 20 61 20 52	nd.accounting.information.to.a.R
4a7a0	41 44 49 55 53 20 73 65 72 76 65 72 20 74 6f 20 63 61 70 74 75 72 65 20 75 73 65 72 20 73 65 73	ADIUS.server.to.capture.user.ses
4a7c0	73 69 6f 6e 20 64 61 74 61 20 73 75 63 68 20 61 73 20 74 69 6d 65 20 6f 66 20 63 6f 6e 6e 65 63	sion.data.such.as.time.of.connec
4a7e0	74 2f 64 69 73 63 6f 6e 6e 65 63 74 2c 20 64 61 74 61 20 74 72 61 6e 73 66 65 72 72 65 64 2c 20	t/disconnect,.data.transferred,.
4a800	61 6e 64 20 73 6f 20 6f 6e 2e 00 4f 70 65 6e 43 6f 6e 6e 65 63 74 20 73 65 72 76 65 72 20 6d 61	and.so.on..OpenConnect.server.ma
4a820	74 63 68 65 73 20 74 68 65 20 66 69 6c 65 6e 61 6d 65 20 69 6e 20 61 20 63 61 73 65 20 73 65 6e	tches.the.filename.in.a.case.sen
4a840	73 69 74 69 76 65 20 6d 61 6e 6e 65 72 2c 20 6d 61 6b 65 20 73 75 72 65 20 74 68 65 20 75 73 65	sitive.manner,.make.sure.the.use
4a860	72 6e 61 6d 65 2f 67 72 6f 75 70 20 6e 61 6d 65 20 79 6f 75 20 63 6f 6e 66 69 67 75 72 65 20 6d	rname/group.name.you.configure.m
4a880	61 74 63 68 65 73 20 74 68 65 20 66 69 6c 65 6e 61 6d 65 20 65 78 61 63 74 6c 79 2e 00 4f 70 65	atches.the.filename.exactly..Ope
4a8a0	6e 43 6f 6e 6e 65 63 74 20 73 75 70 70 6f 72 74 73 20 61 20 73 75 62 73 65 74 20 6f 66 20 69 74	nConnect.supports.a.subset.of.it
4a8c0	27 73 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 73 20 74 6f 20 62 65 20 61	's.configuration.options.to.be.a
4a8e0	70 70 6c 69 65 64 20 6f 6e 20 61 20 70 65 72 20 75 73 65 72 2f 67 72 6f 75 70 20 62 61 73 69 73	pplied.on.a.per.user/group.basis
4a900	2c 20 66 6f 72 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 70 75 72 70 6f 73 65 73 20 77 65 20	,.for.configuration.purposes.we.
4a920	72 65 66 65 72 20 74 6f 20 74 68 69 73 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79 20 61 73 20 22	refer.to.this.functionality.as."
4a940	49 64 65 6e 74 69 74 79 20 62 61 73 65 64 20 63 6f 6e 66 69 67 22 2e 20 54 68 65 20 66 6f 6c 6c	Identity.based.config"..The.foll
4a960	6f 77 69 6e 67 20 60 4f 70 65 6e 43 6f 6e 6e 65 63 74 20 53 65 72 76 65 72 20 4d 61 6e 75 61 6c	owing.`OpenConnect.Server.Manual
4a980	20 3c 68 74 74 70 73 3a 2f 2f 6f 63 73 65 72 76 2e 67 69 74 6c 61 62 2e 69 6f 2f 77 77 77 2f 6d	.<https://ocserv.gitlab.io/www/m
4a9a0	61 6e 75 61 6c 2e 68 74 6d 6c 23 3a 7e 3a 74 65 78 74 3d 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e	anual.html#:~:text=Configuration
4a9c0	25 32 30 66 69 6c 65 73 25 32 30 74 68 61 74 25 20 32 30 77 69 6c 6c 25 32 30 62 65 25 32 30 61	%20files%20that%.20will%20be%20a
4a9e0	70 70 6c 69 65 64 25 32 30 70 65 72 25 32 30 75 73 65 72 25 32 30 63 6f 6e 6e 65 63 74 69 6f 6e	pplied%20per%20user%20connection
4aa00	25 32 30 6f 72 25 30 41 25 32 33 25 32 30 70 65 72 25 32 30 67 72 6f 75 70 3e 60 5f 20 6f 75 74	%20or%0A%23%20per%20group>`_.out
4aa20	6c 69 6e 65 73 20 74 68 65 20 73 65 74 20 6f 66 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f	lines.the.set.of.configuration.o
4aa40	70 74 69 6f 6e 73 20 74 68 61 74 20 61 72 65 20 61 6c 6c 6f 77 65 64 2e 20 54 68 69 73 20 63 61	ptions.that.are.allowed..This.ca
4aa60	6e 20 62 65 20 6c 65 76 65 72 61 67 65 64 20 74 6f 20 61 70 70 6c 79 20 64 69 66 66 65 72 65 6e	n.be.leveraged.to.apply.differen
4aa80	74 20 73 65 74 73 20 6f 66 20 63 6f 6e 66 69 67 73 20 74 6f 20 64 69 66 66 65 72 65 6e 74 20 75	t.sets.of.configs.to.different.u
4aaa0	73 65 72 73 20 6f 72 20 67 72 6f 75 70 73 20 6f 66 20 75 73 65 72 73 2e 00 4f 70 65 6e 43 6f 6e	sers.or.groups.of.users..OpenCon
4aac0	6e 65 63 74 2d 63 6f 6d 70 61 74 69 62 6c 65 20 73 65 72 76 65 72 20 66 65 61 74 75 72 65 20 69	nect-compatible.server.feature.i
4aae0	73 20 61 76 61 69 6c 61 62 6c 65 20 66 72 6f 6d 20 74 68 69 73 20 72 65 6c 65 61 73 65 2e 20 4f	s.available.from.this.release..O
4ab00	70 65 6e 63 6f 6e 6e 65 63 74 20 56 50 4e 20 73 75 70 70 6f 72 74 73 20 53 53 4c 20 63 6f 6e 6e	penconnect.VPN.supports.SSL.conn
4ab20	65 63 74 69 6f 6e 20 61 6e 64 20 6f 66 66 65 72 73 20 66 75 6c 6c 20 6e 65 74 77 6f 72 6b 20 61	ection.and.offers.full.network.a
4ab40	63 63 65 73 73 2e 20 53 53 4c 20 56 50 4e 20 6e 65 74 77 6f 72 6b 20 65 78 74 65 6e 73 69 6f 6e	ccess..SSL.VPN.network.extension
4ab60	20 63 6f 6e 6e 65 63 74 73 20 74 68 65 20 65 6e 64 2d 75 73 65 72 20 73 79 73 74 65 6d 20 74 6f	.connects.the.end-user.system.to
4ab80	20 74 68 65 20 63 6f 72 70 6f 72 61 74 65 20 6e 65 74 77 6f 72 6b 20 77 69 74 68 20 61 63 63 65	.the.corporate.network.with.acce
4aba0	73 73 20 63 6f 6e 74 72 6f 6c 73 20 62 61 73 65 64 20 6f 6e 6c 79 20 6f 6e 20 6e 65 74 77 6f 72	ss.controls.based.only.on.networ
4abc0	6b 20 6c 61 79 65 72 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2c 20 73 75 63 68 20 61 73 20 64 65 73	k.layer.information,.such.as.des
4abe0	74 69 6e 61 74 69 6f 6e 20 49 50 20 61 64 64 72 65 73 73 20 61 6e 64 20 70 6f 72 74 20 6e 75 6d	tination.IP.address.and.port.num
4ac00	62 65 72 2e 20 53 6f 2c 20 69 74 20 70 72 6f 76 69 64 65 73 20 73 61 66 65 20 63 6f 6d 6d 75 6e	ber..So,.it.provides.safe.commun
4ac20	69 63 61 74 69 6f 6e 20 66 6f 72 20 61 6c 6c 20 74 79 70 65 73 20 6f 66 20 64 65 76 69 63 65 20	ication.for.all.types.of.device.
4ac40	74 72 61 66 66 69 63 20 61 63 72 6f 73 73 20 70 75 62 6c 69 63 20 6e 65 74 77 6f 72 6b 73 20 61	traffic.across.public.networks.a
4ac60	6e 64 20 70 72 69 76 61 74 65 20 6e 65 74 77 6f 72 6b 73 2c 20 61 6c 73 6f 20 65 6e 63 72 79 70	nd.private.networks,.also.encryp
4ac80	74 73 20 74 68 65 20 74 72 61 66 66 69 63 20 77 69 74 68 20 53 53 4c 20 70 72 6f 74 6f 63 6f 6c	ts.the.traffic.with.SSL.protocol
4aca0	2e 00 4f 70 65 6e 56 50 4e 00 4f 70 65 6e 56 50 4e 20 2a 2a 77 69 6c 6c 20 6e 6f 74 2a 2a 20 61	..OpenVPN.OpenVPN.**will.not**.a
4acc0	75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 63 72 65 61 74 65 20 72 6f 75 74 65 73 20 69 6e 20 74 68	utomatically.create.routes.in.th
4ace0	65 20 6b 65 72 6e 65 6c 20 66 6f 72 20 63 6c 69 65 6e 74 20 73 75 62 6e 65 74 73 20 77 68 65 6e	e.kernel.for.client.subnets.when
4ad00	20 74 68 65 79 20 63 6f 6e 6e 65 63 74 20 61 6e 64 20 77 69 6c 6c 20 6f 6e 6c 79 20 75 73 65 20	.they.connect.and.will.only.use.
4ad20	63 6c 69 65 6e 74 2d 73 75 62 6e 65 74 20 61 73 73 6f 63 69 61 74 69 6f 6e 20 69 6e 74 65 72 6e	client-subnet.association.intern
4ad40	61 6c 6c 79 2c 20 73 6f 20 77 65 20 6e 65 65 64 20 74 6f 20 63 72 65 61 74 65 20 61 20 72 6f 75	ally,.so.we.need.to.create.a.rou
4ad60	74 65 20 74 6f 20 74 68 65 20 31 30 2e 32 33 2e 30 2e 30 2f 32 30 20 6e 65 74 77 6f 72 6b 20 6f	te.to.the.10.23.0.0/20.network.o
4ad80	75 72 73 65 6c 76 65 73 3a 00 4f 70 65 6e 56 50 4e 20 44 43 4f 20 69 73 20 6e 6f 74 20 66 75 6c	urselves:.OpenVPN.DCO.is.not.ful
4ada0	6c 20 4f 70 65 6e 56 50 4e 20 66 65 61 74 75 72 65 73 20 73 75 70 70 6f 72 74 65 64 20 2c 20 69	l.OpenVPN.features.supported.,.i
4adc0	73 20 63 75 72 72 65 6e 74 6c 79 20 63 6f 6e 73 69 64 65 72 65 64 20 65 78 70 65 72 69 6d 65 6e	s.currently.considered.experimen
4ade0	74 61 6c 2e 20 46 75 72 74 68 65 72 6d 6f 72 65 2c 20 74 68 65 72 65 20 61 72 65 20 63 65 72 74	tal..Furthermore,.there.are.cert
4ae00	61 69 6e 20 4f 70 65 6e 56 50 4e 20 66 65 61 74 75 72 65 73 20 61 6e 64 20 75 73 65 20 63 61 73	ain.OpenVPN.features.and.use.cas
4ae20	65 73 20 74 68 61 74 20 72 65 6d 61 69 6e 20 69 6e 63 6f 6d 70 61 74 69 62 6c 65 20 77 69 74 68	es.that.remain.incompatible.with
4ae40	20 44 43 4f 2e 20 54 6f 20 67 65 74 20 61 20 63 6f 6d 70 72 65 68 65 6e 73 69 76 65 20 75 6e 64	.DCO..To.get.a.comprehensive.und
4ae60	65 72 73 74 61 6e 64 69 6e 67 20 6f 66 20 74 68 65 20 6c 69 6d 69 74 61 74 69 6f 6e 73 20 61 73	erstanding.of.the.limitations.as
4ae80	73 6f 63 69 61 74 65 64 20 77 69 74 68 20 44 43 4f 2c 20 72 65 66 65 72 20 74 6f 20 74 68 65 20	sociated.with.DCO,.refer.to.the.
4aea0	6c 69 73 74 20 6f 66 20 6b 6e 6f 77 6e 20 6c 69 6d 69 74 61 74 69 6f 6e 73 20 69 6e 20 74 68 65	list.of.known.limitations.in.the
4aec0	20 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 00 4f 70 65 6e 56 50 4e 20 44 61 74 61 20 43 68 61	.documentation..OpenVPN.Data.Cha
4aee0	6e 6e 65 6c 20 4f 66 66 6c 6f 61 64 20 28 44 43 4f 29 00 4f 70 65 6e 56 50 4e 20 44 61 74 61 20	nnel.Offload.(DCO).OpenVPN.Data.
4af00	43 68 61 6e 6e 65 6c 20 4f 66 66 6c 6f 61 64 20 28 44 43 4f 29 20 65 6e 61 62 6c 65 73 20 73 69	Channel.Offload.(DCO).enables.si
4af20	67 6e 69 66 69 63 61 6e 74 20 70 65 72 66 6f 72 6d 61 6e 63 65 20 65 6e 68 61 6e 63 65 6d 65 6e	gnificant.performance.enhancemen
4af40	74 20 69 6e 20 65 6e 63 72 79 70 74 65 64 20 4f 70 65 6e 56 50 4e 20 64 61 74 61 20 70 72 6f 63	t.in.encrypted.OpenVPN.data.proc
4af60	65 73 73 69 6e 67 2e 20 42 79 20 6d 69 6e 69 6d 69 7a 69 6e 67 20 63 6f 6e 74 65 78 74 20 73 77	essing..By.minimizing.context.sw
4af80	69 74 63 68 69 6e 67 20 66 6f 72 20 65 61 63 68 20 70 61 63 6b 65 74 2c 20 44 43 4f 20 65 66 66	itching.for.each.packet,.DCO.eff
4afa0	65 63 74 69 76 65 6c 79 20 72 65 64 75 63 65 73 20 6f 76 65 72 68 65 61 64 2e 20 54 68 69 73 20	ectively.reduces.overhead..This.
4afc0	6f 70 74 69 6d 69 7a 61 74 69 6f 6e 20 69 73 20 61 63 68 69 65 76 65 64 20 62 79 20 6b 65 65 70	optimization.is.achieved.by.keep
4afe0	69 6e 67 20 6d 6f 73 74 20 64 61 74 61 20 68 61 6e 64 6c 69 6e 67 20 74 61 73 6b 73 20 77 69 74	ing.most.data.handling.tasks.wit
4b000	68 69 6e 20 74 68 65 20 6b 65 72 6e 65 6c 2c 20 61 76 6f 69 64 69 6e 67 20 66 72 65 71 75 65 6e	hin.the.kernel,.avoiding.frequen
4b020	74 20 73 77 69 74 63 68 65 73 20 62 65 74 77 65 65 6e 20 6b 65 72 6e 65 6c 20 61 6e 64 20 75 73	t.switches.between.kernel.and.us
4b040	65 72 20 73 70 61 63 65 20 66 6f 72 20 65 6e 63 72 79 70 74 69 6f 6e 20 61 6e 64 20 70 61 63 6b	er.space.for.encryption.and.pack
4b060	65 74 20 68 61 6e 64 6c 69 6e 67 2e 00 4f 70 65 6e 56 50 4e 20 61 6c 6c 6f 77 73 20 66 6f 72 20	et.handling..OpenVPN.allows.for.
4b080	65 69 74 68 65 72 20 54 43 50 20 6f 72 20 55 44 50 2e 20 55 44 50 20 77 69 6c 6c 20 70 72 6f 76	either.TCP.or.UDP..UDP.will.prov
4b0a0	69 64 65 20 74 68 65 20 6c 6f 77 65 73 74 20 6c 61 74 65 6e 63 79 2c 20 77 68 69 6c 65 20 54 43	ide.the.lowest.latency,.while.TC
4b0c0	50 20 77 69 6c 6c 20 77 6f 72 6b 20 62 65 74 74 65 72 20 66 6f 72 20 6c 6f 73 73 79 20 63 6f 6e	P.will.work.better.for.lossy.con
4b0e0	6e 65 63 74 69 6f 6e 73 3b 20 67 65 6e 65 72 61 6c 6c 79 20 55 44 50 20 69 73 20 70 72 65 66 65	nections;.generally.UDP.is.prefe
4b100	72 72 65 64 20 77 68 65 6e 20 70 6f 73 73 69 62 6c 65 2e 00 4f 70 65 6e 56 50 4e 20 73 74 61 74	rred.when.possible..OpenVPN.stat
4b120	75 73 20 63 61 6e 20 62 65 20 76 65 72 69 66 69 65 64 20 75 73 69 6e 67 20 74 68 65 20 60 73 68	us.can.be.verified.using.the.`sh
4b140	6f 77 20 6f 70 65 6e 76 70 6e 60 20 6f 70 65 72 61 74 69 6f 6e 61 6c 20 63 6f 6d 6d 61 6e 64 73	ow.openvpn`.operational.commands
4b160	2e 20 53 65 65 20 74 68 65 20 62 75 69 6c 74 2d 69 6e 20 68 65 6c 70 20 66 6f 72 20 61 20 63 6f	..See.the.built-in.help.for.a.co
4b180	6d 70 6c 65 74 65 20 6c 69 73 74 20 6f 66 20 6f 70 74 69 6f 6e 73 2e 00 4f 70 65 6e 63 6f 6e 6e	mplete.list.of.options..Openconn
4b1a0	65 63 74 20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 00 4f 70 65 72 61 74 69 6e 67 20 4d 6f 64 65	ect.Configuration.Operating.Mode
4b1c0	73 00 4f 70 65 72 61 74 69 6f 6e 00 4f 70 65 72 61 74 69 6f 6e 20 43 6f 6d 6d 61 6e 64 73 00 4f	s.Operation.Operation.Commands.O
4b1e0	70 65 72 61 74 69 6f 6e 20 4d 6f 64 65 00 4f 70 65 72 61 74 69 6f 6e 20 6d 6f 64 65 20 6f 66 20	peration.Mode.Operation.mode.of.
4b200	77 69 72 65 6c 65 73 73 20 72 61 64 69 6f 2e 00 4f 70 65 72 61 74 69 6f 6e 2d 6d 6f 64 65 20 46	wireless.radio..Operation-mode.F
4b220	69 72 65 77 61 6c 6c 00 4f 70 65 72 61 74 69 6f 6e 61 6c 20 43 6f 6d 6d 61 6e 64 73 00 4f 70 65	irewall.Operational.Commands.Ope
4b240	72 61 74 69 6f 6e 61 6c 20 4d 6f 64 65 20 43 6f 6d 6d 61 6e 64 73 00 4f 70 65 72 61 74 69 6f 6e	rational.Mode.Commands.Operation
4b260	61 6c 20 63 6f 6d 6d 61 6e 64 73 00 4f 70 74 69 6f 6e 00 4f 70 74 69 6f 6e 20 34 33 20 66 6f 72	al.commands.Option.Option.43.for
4b280	20 55 6e 69 46 49 00 4f 70 74 69 6f 6e 20 64 65 73 63 72 69 70 74 69 6f 6e 00 4f 70 74 69 6f 6e	.UniFI.Option.description.Option
4b2a0	20 6e 75 6d 62 65 72 00 4f 70 74 69 6f 6e 20 73 70 65 63 69 66 79 69 6e 67 20 74 68 65 20 72 61	.number.Option.specifying.the.ra
4b2c0	74 65 20 69 6e 20 77 68 69 63 68 20 77 65 27 6c 6c 20 61 73 6b 20 6f 75 72 20 6c 69 6e 6b 20 70	te.in.which.we'll.ask.our.link.p
4b2e0	61 72 74 6e 65 72 20 74 6f 20 74 72 61 6e 73 6d 69 74 20 4c 41 43 50 44 55 20 70 61 63 6b 65 74	artner.to.transmit.LACPDU.packet
4b300	73 20 69 6e 20 38 30 32 2e 33 61 64 20 6d 6f 64 65 2e 00 4f 70 74 69 6f 6e 20 74 6f 20 64 69 73	s.in.802.3ad.mode..Option.to.dis
4b320	61 62 6c 65 20 72 75 6c 65 2e 00 4f 70 74 69 6f 6e 20 74 6f 20 65 6e 61 62 6c 65 20 6f 72 20 64	able.rule..Option.to.enable.or.d
4b340	69 73 61 62 6c 65 20 6c 6f 67 20 6d 61 74 63 68 69 6e 67 20 72 75 6c 65 2e 00 4f 70 74 69 6f 6e	isable.log.matching.rule..Option
4b360	20 74 6f 20 6c 6f 67 20 70 61 63 6b 65 74 73 20 68 69 74 74 69 6e 67 20 64 65 66 61 75 6c 74 2d	.to.log.packets.hitting.default-
4b380	61 63 74 69 6f 6e 2e 00 4f 70 74 69 6f 6e 61 6c 00 4f 70 74 69 6f 6e 61 6c 20 43 6f 6e 66 69 67	action..Optional.Optional.Config
4b3a0	75 72 61 74 69 6f 6e 00 4f 70 74 69 6f 6e 61 6c 2c 20 69 66 20 79 6f 75 20 77 61 6e 74 20 74 6f	uration.Optional,.if.you.want.to
4b3c0	20 65 6e 61 62 6c 65 20 75 70 6c 6f 61 64 73 2c 20 65 6c 73 65 20 54 46 54 50 20 73 65 72 76 65	.enable.uploads,.else.TFTP.serve
4b3e0	72 20 77 69 6c 6c 20 61 63 74 20 61 73 20 61 20 72 65 61 64 2d 6f 6e 6c 79 20 73 65 72 76 65 72	r.will.act.as.a.read-only.server
4b400	2e 00 4f 70 74 69 6f 6e 61 6c 2f 64 65 66 61 75 6c 74 20 73 65 74 74 69 6e 67 73 00 4f 70 74 69	..Optional/default.settings.Opti
4b420	6f 6e 61 6c 6c 79 20 73 65 74 20 61 20 73 70 65 63 69 66 69 63 20 73 74 61 74 69 63 20 49 50 76	onally.set.a.specific.static.IPv
4b440	34 20 6f 72 20 49 50 76 36 20 61 64 64 72 65 73 73 20 66 6f 72 20 74 68 65 20 63 6f 6e 74 61 69	4.or.IPv6.address.for.the.contai
4b460	6e 65 72 2e 20 54 68 69 73 20 61 64 64 72 65 73 73 20 6d 75 73 74 20 62 65 20 77 69 74 68 69 6e	ner..This.address.must.be.within
4b480	20 74 68 65 20 6e 61 6d 65 64 20 6e 65 74 77 6f 72 6b 20 70 72 65 66 69 78 2e 00 4f 70 74 69 6f	.the.named.network.prefix..Optio
4b4a0	6e 73 00 4f 70 74 69 6f 6e 73 20 28 47 6c 6f 62 61 6c 20 49 50 73 65 63 20 73 65 74 74 69 6e 67	ns.Options.(Global.IPsec.setting
4b4c0	73 29 20 41 74 74 72 69 62 75 74 65 73 00 4f 70 74 69 6f 6e 73 20 75 73 65 64 20 66 6f 72 20 71	s).Attributes.Options.used.for.q
4b4e0	75 65 75 65 20 74 61 72 67 65 74 2e 20 41 63 74 69 6f 6e 20 71 75 65 75 65 20 6d 75 73 74 20 62	ueue.target..Action.queue.must.b
4b500	65 20 64 65 66 69 6e 65 64 20 74 6f 20 75 73 65 20 74 68 69 73 20 73 65 74 74 69 6e 67 00 4f 72	e.defined.to.use.this.setting.Or
4b520	20 2a 2a 62 69 6e 61 72 79 2a 2a 20 70 72 65 66 69 78 65 73 2e 00 4f 72 2c 20 66 6f 72 20 65 78	.**binary**.prefixes..Or,.for.ex
4b540	61 6d 70 6c 65 20 66 74 70 2c 20 60 64 65 6c 65 74 65 20 73 79 73 74 65 6d 20 63 6f 6e 6e 74 72	ample.ftp,.`delete.system.conntr
4b560	61 63 6b 20 6d 6f 64 75 6c 65 73 20 66 74 70 60 2e 00 4f 72 69 67 69 6e 61 74 65 20 61 6e 20 41	ack.modules.ftp`..Originate.an.A
4b580	53 2d 45 78 74 65 72 6e 61 6c 20 28 74 79 70 65 2d 35 29 20 4c 53 41 20 64 65 73 63 72 69 62 69	S-External.(type-5).LSA.describi
4b5a0	6e 67 20 61 20 64 65 66 61 75 6c 74 20 72 6f 75 74 65 20 69 6e 74 6f 20 61 6c 6c 20 65 78 74 65	ng.a.default.route.into.all.exte
4b5c0	72 6e 61 6c 2d 72 6f 75 74 69 6e 67 20 63 61 70 61 62 6c 65 20 61 72 65 61 73 2c 20 6f 66 20 74	rnal-routing.capable.areas,.of.t
4b5e0	68 65 20 73 70 65 63 69 66 69 65 64 20 6d 65 74 72 69 63 20 61 6e 64 20 6d 65 74 72 69 63 20 74	he.specified.metric.and.metric.t
4b600	79 70 65 2e 20 49 66 20 74 68 65 20 3a 63 66 67 63 6d 64 3a 60 61 6c 77 61 79 73 60 20 6b 65 79	ype..If.the.:cfgcmd:`always`.key
4b620	77 6f 72 64 20 69 73 20 67 69 76 65 6e 20 74 68 65 6e 20 74 68 65 20 64 65 66 61 75 6c 74 20 69	word.is.given.then.the.default.i
4b640	73 20 61 6c 77 61 79 73 20 61 64 76 65 72 74 69 73 65 64 2c 20 65 76 65 6e 20 77 68 65 6e 20 74	s.always.advertised,.even.when.t
4b660	68 65 72 65 20 69 73 20 6e 6f 20 64 65 66 61 75 6c 74 20 70 72 65 73 65 6e 74 20 69 6e 20 74 68	here.is.no.default.present.in.th
4b680	65 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 2e 20 54 68 65 20 61 72 67 75 6d 65 6e 74 20 3a 63	e.routing.table..The.argument.:c
4b6a0	66 67 63 6d 64 3a 60 72 6f 75 74 65 2d 6d 61 70 60 20 73 70 65 63 69 66 69 65 73 20 74 6f 20 61	fgcmd:`route-map`.specifies.to.a
4b6c0	64 76 65 72 74 69 73 65 20 74 68 65 20 64 65 66 61 75 6c 74 20 72 6f 75 74 65 20 69 66 20 74 68	dvertise.the.default.route.if.th
4b6e0	65 20 72 6f 75 74 65 20 6d 61 70 20 69 73 20 73 61 74 69 73 66 69 65 64 2e 00 4f 74 68 65 72 20	e.route.map.is.satisfied..Other.
4b700	61 74 74 72 69 62 75 74 65 73 20 63 61 6e 20 62 65 20 75 73 65 64 2c 20 62 75 74 20 74 68 65 79	attributes.can.be.used,.but.they
4b720	20 68 61 76 65 20 74 6f 20 62 65 20 69 6e 20 6f 6e 65 20 6f 66 20 74 68 65 20 64 69 63 74 69 6f	.have.to.be.in.one.of.the.dictio
4b740	6e 61 72 69 65 73 20 69 6e 20 2a 2f 75 73 72 2f 73 68 61 72 65 2f 61 63 63 65 6c 2d 70 70 70 2f	naries.in.*/usr/share/accel-ppp/
4b760	72 61 64 69 75 73 2a 2e 00 4f 75 72 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 63 6f 6d 6d 61	radius*..Our.configuration.comma
4b780	6e 64 73 20 77 6f 75 6c 64 20 62 65 3a 00 4f 75 72 20 72 65 6d 6f 74 65 20 65 6e 64 20 6f 66 20	nds.would.be:.Our.remote.end.of.
4b7a0	74 68 65 20 74 75 6e 6e 65 6c 20 66 6f 72 20 70 65 65 72 20 60 74 6f 2d 77 67 30 32 60 20 69 73	the.tunnel.for.peer.`to-wg02`.is
4b7c0	20 72 65 61 63 68 61 62 6c 65 20 61 74 20 31 39 32 2e 30 2e 32 2e 31 20 70 6f 72 74 20 35 31 38	.reachable.at.192.0.2.1.port.518
4b7e0	32 30 00 4f 75 74 62 6f 75 6e 64 20 74 72 61 66 66 69 63 20 63 61 6e 20 62 65 20 62 61 6c 61 6e	20.Outbound.traffic.can.be.balan
4b800	63 65 64 20 62 65 74 77 65 65 6e 20 74 77 6f 20 6f 72 20 6d 6f 72 65 20 6f 75 74 62 6f 75 6e 64	ced.between.two.or.more.outbound
4b820	20 69 6e 74 65 72 66 61 63 65 73 2e 20 49 66 20 61 20 70 61 74 68 20 66 61 69 6c 73 2c 20 74 72	.interfaces..If.a.path.fails,.tr
4b840	61 66 66 69 63 20 69 73 20 62 61 6c 61 6e 63 65 64 20 61 63 72 6f 73 73 20 74 68 65 20 72 65 6d	affic.is.balanced.across.the.rem
4b860	61 69 6e 69 6e 67 20 68 65 61 6c 74 68 79 20 70 61 74 68 73 2c 20 61 20 72 65 63 6f 76 65 72 65	aining.healthy.paths,.a.recovere
4b880	64 20 70 61 74 68 20 69 73 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 61 64 64 65 64 20 62 61	d.path.is.automatically.added.ba
4b8a0	63 6b 20 74 6f 20 74 68 65 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 20 61 6e 64 20 75 73 65 64	ck.to.the.routing.table.and.used
4b8c0	20 62 79 20 74 68 65 20 6c 6f 61 64 20 62 61 6c 61 6e 63 65 72 2e 20 54 68 65 20 6c 6f 61 64 20	.by.the.load.balancer..The.load.
4b8e0	62 61 6c 61 6e 63 65 72 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 61 64 64 73 20 72 6f 75 74	balancer.automatically.adds.rout
4b900	65 73 20 66 6f 72 20 65 61 63 68 20 70 61 74 68 20 74 6f 20 74 68 65 20 72 6f 75 74 69 6e 67 20	es.for.each.path.to.the.routing.
4b920	74 61 62 6c 65 20 61 6e 64 20 62 61 6c 61 6e 63 65 73 20 74 72 61 66 66 69 63 20 61 63 72 6f 73	table.and.balances.traffic.acros
4b940	73 20 74 68 65 20 63 6f 6e 66 69 67 75 72 65 64 20 69 6e 74 65 72 66 61 63 65 73 2c 20 64 65 74	s.the.configured.interfaces,.det
4b960	65 72 6d 69 6e 65 64 20 62 79 20 69 6e 74 65 72 66 61 63 65 20 68 65 61 6c 74 68 20 61 6e 64 20	ermined.by.interface.health.and.
4b980	77 65 69 67 68 74 2e 00 4f 75 74 67 6f 69 6e 67 20 74 72 61 66 66 69 63 20 69 73 20 62 61 6c 61	weight..Outgoing.traffic.is.bala
4b9a0	6e 63 65 64 20 69 6e 20 61 20 66 6c 6f 77 2d 62 61 73 65 64 20 6d 61 6e 6e 65 72 2e 20 41 20 63	nced.in.a.flow-based.manner..A.c
4b9c0	6f 6e 6e 65 63 74 69 6f 6e 20 74 72 61 63 6b 69 6e 67 20 74 61 62 6c 65 20 69 73 20 75 73 65 64	onnection.tracking.table.is.used
4b9e0	20 74 6f 20 74 72 61 63 6b 20 66 6c 6f 77 73 20 62 79 20 74 68 65 69 72 20 73 6f 75 72 63 65 20	.to.track.flows.by.their.source.
4ba00	61 64 64 72 65 73 73 2c 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 61 64 64 72 65 73 73 20 61 6e 64	address,.destination.address.and
4ba20	20 70 6f 72 74 2e 20 45 61 63 68 20 66 6c 6f 77 20 69 73 20 61 73 73 69 67 6e 65 64 20 74 6f 20	.port..Each.flow.is.assigned.to.
4ba40	61 6e 20 69 6e 74 65 72 66 61 63 65 20 61 63 63 6f 72 64 69 6e 67 20 74 6f 20 74 68 65 20 64 65	an.interface.according.to.the.de
4ba60	66 69 6e 65 64 20 62 61 6c 61 6e 63 69 6e 67 20 72 75 6c 65 73 20 61 6e 64 20 73 75 62 73 65 71	fined.balancing.rules.and.subseq
4ba80	75 65 6e 74 20 70 61 63 6b 65 74 73 20 61 72 65 20 73 65 6e 74 20 74 68 72 6f 75 67 68 20 74 68	uent.packets.are.sent.through.th
4baa0	65 20 73 61 6d 65 20 69 6e 74 65 72 66 61 63 65 2e 20 54 68 69 73 20 68 61 73 20 74 68 65 20 61	e.same.interface..This.has.the.a
4bac0	64 76 61 6e 74 61 67 65 20 74 68 61 74 20 70 61 63 6b 65 74 73 20 61 6c 77 61 79 73 20 61 72 72	dvantage.that.packets.always.arr
4bae0	69 76 65 20 69 6e 20 6f 72 64 65 72 20 69 66 20 6c 69 6e 6b 73 20 77 69 74 68 20 64 69 66 66 65	ive.in.order.if.links.with.diffe
4bb00	72 65 6e 74 20 73 70 65 65 64 73 20 61 72 65 20 69 6e 20 75 73 65 2e 00 4f 75 74 70 75 74 20 66	rent.speeds.are.in.use..Output.f
4bb20	72 6f 6d 20 60 65 74 68 30 60 20 6e 65 74 77 6f 72 6b 20 69 6e 74 65 72 66 61 63 65 00 4f 75 74	rom.`eth0`.network.interface.Out
4bb40	70 75 74 20 70 6c 75 67 69 6e 20 50 72 6f 6d 65 74 68 65 75 73 20 63 6c 69 65 6e 74 00 4f 76 65	put.plugin.Prometheus.client.Ove
4bb60	72 20 49 50 00 4f 76 65 72 20 49 50 53 65 63 2c 20 4c 32 20 56 50 4e 20 28 62 72 69 64 67 65 29	r.IP.Over.IPSec,.L2.VPN.(bridge)
4bb80	00 4f 76 65 72 20 55 44 50 00 4f 76 65 72 72 69 64 65 20 73 74 61 74 69 63 2d 6d 61 70 70 69 6e	.Over.UDP.Override.static-mappin
4bba0	67 27 73 20 6e 61 6d 65 2d 73 65 72 76 65 72 20 77 69 74 68 20 61 20 63 75 73 74 6f 6d 20 6f 6e	g's.name-server.with.a.custom.on
4bbc0	65 20 74 68 61 74 20 77 69 6c 6c 20 62 65 20 73 65 6e 74 20 6f 6e 6c 79 20 74 6f 20 74 68 69 73	e.that.will.be.sent.only.to.this
4bbe0	20 68 6f 73 74 2e 00 4f 76 65 72 76 69 65 77 00 4f 76 65 72 76 69 65 77 20 61 6e 64 20 62 61 73	.host..Overview.Overview.and.bas
4bc00	69 63 20 63 6f 6e 63 65 70 74 73 00 4f 76 65 72 76 69 65 77 20 6f 66 20 64 65 66 69 6e 65 64 20	ic.concepts.Overview.of.defined.
4bc20	67 72 6f 75 70 73 2e 20 59 6f 75 20 73 65 65 20 74 68 65 20 74 79 70 65 2c 20 74 68 65 20 6d 65	groups..You.see.the.type,.the.me
4bc40	6d 62 65 72 73 2c 20 61 6e 64 20 77 68 65 72 65 20 74 68 65 20 67 72 6f 75 70 20 69 73 20 75 73	mbers,.and.where.the.group.is.us
4bc60	65 64 2e 00 50 42 52 20 6d 75 6c 74 69 70 6c 65 20 75 70 6c 69 6e 6b 73 00 50 43 31 20 69 73 20	ed..PBR.multiple.uplinks.PC1.is.
4bc80	69 6e 20 74 68 65 20 60 60 64 65 66 61 75 6c 74 60 60 20 56 52 46 20 61 6e 64 20 61 63 74 69 6e	in.the.``default``.VRF.and.actin
4bca0	67 20 61 73 20 65 2e 67 2e 20 61 20 22 66 69 6c 65 73 65 72 76 65 72 22 00 50 43 32 20 69 73 20	g.as.e.g..a."fileserver".PC2.is.
4bcc0	69 6e 20 56 52 46 20 60 60 62 6c 75 65 60 60 20 77 68 69 63 68 20 69 73 20 74 68 65 20 64 65 76	in.VRF.``blue``.which.is.the.dev
4bce0	65 6c 6f 70 6d 65 6e 74 20 64 65 70 61 72 74 6d 65 6e 74 00 50 43 33 20 61 6e 64 20 50 43 34 20	elopment.department.PC3.and.PC4.
4bd00	61 72 65 20 63 6f 6e 6e 65 63 74 65 64 20 74 6f 20 61 20 62 72 69 64 67 65 20 64 65 76 69 63 65	are.connected.to.a.bridge.device
4bd20	20 6f 6e 20 72 6f 75 74 65 72 20 60 60 52 31 60 60 20 77 68 69 63 68 20 69 73 20 69 6e 20 56 52	.on.router.``R1``.which.is.in.VR
4bd40	46 20 60 60 72 65 64 60 60 2e 20 53 61 79 20 74 68 69 73 20 69 73 20 74 68 65 20 48 52 20 64 65	F.``red``..Say.this.is.the.HR.de
4bd60	70 61 72 74 6d 65 6e 74 2e 00 50 43 34 20 68 61 73 20 49 50 20 31 30 2e 30 2e 30 2e 34 2f 32 34	partment..PC4.has.IP.10.0.0.4/24
4bd80	20 61 6e 64 20 50 43 35 20 68 61 73 20 49 50 20 31 30 2e 30 2e 30 2e 35 2f 32 34 2c 20 73 6f 20	.and.PC5.has.IP.10.0.0.5/24,.so.
4bda0	74 68 65 79 20 62 65 6c 69 65 76 65 20 74 68 65 79 20 61 72 65 20 69 6e 20 74 68 65 20 73 61 6d	they.believe.they.are.in.the.sam
4bdc0	65 20 62 72 6f 61 64 63 61 73 74 20 64 6f 6d 61 69 6e 2e 00 50 43 35 20 72 65 63 65 69 76 65 73	e.broadcast.domain..PC5.receives
4bde0	20 74 68 65 20 70 69 6e 67 20 65 63 68 6f 2c 20 72 65 73 70 6f 6e 64 73 20 77 69 74 68 20 61 6e	.the.ping.echo,.responds.with.an
4be00	20 65 63 68 6f 20 72 65 70 6c 79 20 74 68 61 74 20 4c 65 61 66 33 20 72 65 63 65 69 76 65 73 20	.echo.reply.that.Leaf3.receives.
4be20	61 6e 64 20 74 68 69 73 20 74 69 6d 65 20 66 6f 72 77 61 72 64 73 20 74 6f 20 4c 65 61 66 32 27	and.this.time.forwards.to.Leaf2'
4be40	73 20 75 6e 69 63 61 73 74 20 61 64 64 72 65 73 73 20 64 69 72 65 63 74 6c 79 20 62 65 63 61 75	s.unicast.address.directly.becau
4be60	73 65 20 69 74 20 6c 65 61 72 6e 65 64 20 74 68 65 20 6c 6f 63 61 74 69 6f 6e 20 6f 66 20 50 43	se.it.learned.the.location.of.PC
4be80	34 20 61 62 6f 76 65 2e 20 57 68 65 6e 20 4c 65 61 66 32 20 72 65 63 65 69 76 65 73 20 74 68 65	4.above..When.Leaf2.receives.the
4bea0	20 65 63 68 6f 20 72 65 70 6c 79 20 66 72 6f 6d 20 50 43 35 20 69 74 20 73 65 65 73 20 74 68 61	.echo.reply.from.PC5.it.sees.tha
4bec0	74 20 69 74 20 63 61 6d 65 20 66 72 6f 6d 20 4c 65 61 66 33 20 61 6e 64 20 73 6f 20 72 65 6d 65	t.it.came.from.Leaf3.and.so.reme
4bee0	6d 62 65 72 73 20 74 68 61 74 20 50 43 35 20 69 73 20 72 65 61 63 68 61 62 6c 65 20 76 69 61 20	mbers.that.PC5.is.reachable.via.
4bf00	4c 65 61 66 33 2e 00 50 49 4d 20 28 50 72 6f 74 6f 63 6f 6c 20 49 6e 64 65 70 65 6e 64 65 6e 74	Leaf3..PIM.(Protocol.Independent
4bf20	20 4d 75 6c 74 69 63 61 73 74 29 20 6d 75 73 74 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 69	.Multicast).must.be.configured.i
4bf40	6e 20 65 76 65 72 79 20 69 6e 74 65 72 66 61 63 65 20 6f 66 20 65 76 65 72 79 20 70 61 72 74 69	n.every.interface.of.every.parti
4bf60	63 69 70 61 74 69 6e 67 20 72 6f 75 74 65 72 2e 20 45 76 65 72 79 20 72 6f 75 74 65 72 20 6d 75	cipating.router..Every.router.mu
4bf80	73 74 20 61 6c 73 6f 20 68 61 76 65 20 74 68 65 20 6c 6f 63 61 74 69 6f 6e 20 6f 66 20 74 68 65	st.also.have.the.location.of.the
4bfa0	20 52 65 6e 64 65 76 6f 75 7a 20 50 6f 69 6e 74 20 6d 61 6e 75 61 6c 6c 79 20 63 6f 6e 66 69 67	.Rendevouz.Point.manually.config
4bfc0	75 72 65 64 2e 20 54 68 65 6e 2c 20 75 6e 69 64 69 72 65 63 74 69 6f 6e 61 6c 20 73 68 61 72 65	ured..Then,.unidirectional.share
4bfe0	64 20 74 72 65 65 73 20 72 6f 6f 74 65 64 20 61 74 20 74 68 65 20 52 65 6e 64 65 76 6f 75 7a 20	d.trees.rooted.at.the.Rendevouz.
4c000	50 6f 69 6e 74 20 77 69 6c 6c 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 62 65 20 62 75 69 6c	Point.will.automatically.be.buil
4c020	74 20 66 6f 72 20 6d 75 6c 74 69 63 61 73 74 20 64 69 73 74 72 69 62 75 74 69 6f 6e 2e 00 50 49	t.for.multicast.distribution..PI
4c040	4d 20 61 6e 64 20 49 47 4d 50 00 50 49 4d 76 36 20 28 50 72 6f 74 6f 63 6f 6c 20 49 6e 64 65 70	M.and.IGMP.PIMv6.(Protocol.Indep
4c060	65 6e 64 65 6e 74 20 4d 75 6c 74 69 63 61 73 74 20 66 6f 72 20 49 50 76 36 29 20 6d 75 73 74 20	endent.Multicast.for.IPv6).must.
4c080	62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 69 6e 20 65 76 65 72 79 20 69 6e 74 65 72 66 61 63 65	be.configured.in.every.interface
4c0a0	20 6f 66 20 65 76 65 72 79 20 70 61 72 74 69 63 69 70 61 74 69 6e 67 20 72 6f 75 74 65 72 2e 20	.of.every.participating.router..
4c0c0	45 76 65 72 79 20 72 6f 75 74 65 72 20 6d 75 73 74 20 61 6c 73 6f 20 68 61 76 65 20 74 68 65 20	Every.router.must.also.have.the.
4c0e0	6c 6f 63 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 52 65 6e 64 65 76 6f 75 7a 20 50 6f 69 6e 74 20	location.of.the.Rendevouz.Point.
4c100	6d 61 6e 75 61 6c 6c 79 20 63 6f 6e 66 69 67 75 72 65 64 2e 20 54 68 65 6e 2c 20 75 6e 69 64 69	manually.configured..Then,.unidi
4c120	72 65 63 74 69 6f 6e 61 6c 20 73 68 61 72 65 64 20 74 72 65 65 73 20 72 6f 6f 74 65 64 20 61 74	rectional.shared.trees.rooted.at
4c140	20 74 68 65 20 52 65 6e 64 65 76 6f 75 7a 20 50 6f 69 6e 74 20 77 69 6c 6c 20 61 75 74 6f 6d 61	.the.Rendevouz.Point.will.automa
4c160	74 69 63 61 6c 6c 79 20 62 65 20 62 75 69 6c 74 20 66 6f 72 20 6d 75 6c 74 69 63 61 73 74 20 64	tically.be.built.for.multicast.d
4c180	69 73 74 72 69 62 75 74 69 6f 6e 2e 00 50 4b 49 00 50 50 44 55 00 50 50 50 20 53 65 74 74 69 6e	istribution..PKI.PPDU.PPP.Settin
4c1a0	67 73 00 50 50 50 6f 45 00 50 50 50 6f 45 20 53 65 72 76 65 72 00 50 50 50 6f 45 20 6f 70 74 69	gs.PPPoE.PPPoE.Server.PPPoE.opti
4c1c0	6f 6e 73 00 50 50 54 50 2d 53 65 72 76 65 72 00 50 61 63 6b 65 74 2d 62 61 73 65 64 20 62 61 6c	ons.PPTP-Server.Packet-based.bal
4c1e0	61 6e 63 69 6e 67 20 63 61 6e 20 6c 65 61 64 20 74 6f 20 61 20 62 65 74 74 65 72 20 62 61 6c 61	ancing.can.lead.to.a.better.bala
4c200	6e 63 65 20 61 63 72 6f 73 73 20 69 6e 74 65 72 66 61 63 65 73 20 77 68 65 6e 20 6f 75 74 20 6f	nce.across.interfaces.when.out.o
4c220	66 20 6f 72 64 65 72 20 70 61 63 6b 65 74 73 20 61 72 65 20 6e 6f 20 69 73 73 75 65 2e 20 50 65	f.order.packets.are.no.issue..Pe
4c240	72 2d 70 61 63 6b 65 74 2d 62 61 73 65 64 20 62 61 6c 61 6e 63 69 6e 67 20 63 61 6e 20 62 65 20	r-packet-based.balancing.can.be.
4c260	73 65 74 20 66 6f 72 20 61 20 62 61 6c 61 6e 63 69 6e 67 20 72 75 6c 65 20 77 69 74 68 3a 00 50	set.for.a.balancing.rule.with:.P
4c280	61 72 74 69 63 75 6c 61 72 6c 79 20 6c 61 72 67 65 20 6e 65 74 77 6f 72 6b 73 20 6d 61 79 20 77	articularly.large.networks.may.w
4c2a0	69 73 68 20 74 6f 20 72 75 6e 20 74 68 65 69 72 20 6f 77 6e 20 52 50 4b 49 20 63 65 72 74 69 66	ish.to.run.their.own.RPKI.certif
4c2c0	69 63 61 74 65 20 61 75 74 68 6f 72 69 74 79 20 61 6e 64 20 70 75 62 6c 69 63 61 74 69 6f 6e 20	icate.authority.and.publication.
4c2e0	73 65 72 76 65 72 20 69 6e 73 74 65 61 64 20 6f 66 20 70 75 62 6c 69 73 68 69 6e 67 20 52 4f 41	server.instead.of.publishing.ROA
4c300	73 20 76 69 61 20 74 68 65 69 72 20 52 49 52 2e 20 54 68 69 73 20 69 73 20 61 20 73 75 62 6a 65	s.via.their.RIR..This.is.a.subje
4c320	63 74 20 66 61 72 20 62 65 79 6f 6e 64 20 74 68 65 20 73 63 6f 70 65 20 6f 66 20 56 79 4f 53 27	ct.far.beyond.the.scope.of.VyOS'
4c340	20 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 20 43 6f 6e 73 69 64 65 72 20 72 65 61 64 69 6e 67	.documentation..Consider.reading
4c360	20 61 62 6f 75 74 20 4b 72 69 6c 6c 5f 20 69 66 20 74 68 69 73 20 69 73 20 61 20 72 61 62 62 69	.about.Krill_.if.this.is.a.rabbi
4c380	74 20 68 6f 6c 65 20 79 6f 75 20 6e 65 65 64 20 6f 72 20 65 73 70 65 63 69 61 6c 6c 79 20 77 61	t.hole.you.need.or.especially.wa
4c3a0	6e 74 20 74 6f 20 64 69 76 65 20 64 6f 77 6e 2e 00 50 61 74 68 20 60 3c 63 6f 73 74 3e 60 20 76	nt.to.dive.down..Path.`<cost>`.v
4c3c0	61 6c 75 65 20 66 6f 72 20 53 70 61 6e 6e 69 6e 67 20 54 72 65 65 20 50 72 6f 74 6f 63 6f 6c 2e	alue.for.Spanning.Tree.Protocol.
4c3e0	20 45 61 63 68 20 69 6e 74 65 72 66 61 63 65 20 69 6e 20 61 20 62 72 69 64 67 65 20 63 6f 75 6c	.Each.interface.in.a.bridge.coul
4c400	64 20 68 61 76 65 20 61 20 64 69 66 66 65 72 65 6e 74 20 73 70 65 65 64 20 61 6e 64 20 74 68 69	d.have.a.different.speed.and.thi
4c420	73 20 76 61 6c 75 65 20 69 73 20 75 73 65 64 20 77 68 65 6e 20 64 65 63 69 64 69 6e 67 20 77 68	s.value.is.used.when.deciding.wh
4c440	69 63 68 20 6c 69 6e 6b 20 74 6f 20 75 73 65 2e 20 46 61 73 74 65 72 20 69 6e 74 65 72 66 61 63	ich.link.to.use..Faster.interfac
4c460	65 73 20 73 68 6f 75 6c 64 20 68 61 76 65 20 6c 6f 77 65 72 20 63 6f 73 74 73 2e 00 50 61 74 68	es.should.have.lower.costs..Path
4c480	20 74 6f 20 60 3c 66 69 6c 65 3e 60 20 70 6f 69 6e 74 69 6e 67 20 74 6f 20 74 68 65 20 63 65 72	.to.`<file>`.pointing.to.the.cer
4c4a0	74 69 66 69 63 61 74 65 20 61 75 74 68 6f 72 69 74 79 20 63 65 72 74 69 66 69 63 61 74 65 2e 00	tificate.authority.certificate..
4c4c0	50 61 74 68 20 74 6f 20 60 3c 66 69 6c 65 3e 60 20 70 6f 69 6e 74 69 6e 67 20 74 6f 20 74 68 65	Path.to.`<file>`.pointing.to.the
4c4e0	20 73 65 72 76 65 72 73 20 63 65 72 74 69 66 69 63 61 74 65 20 28 70 75 62 6c 69 63 20 70 6f 72	.servers.certificate.(public.por
4c500	74 69 6f 6e 29 2e 00 50 65 65 72 20 2d 20 50 65 65 72 00 50 65 65 72 20 47 72 6f 75 70 73 00 50	tion)..Peer.-.Peer.Peer.Groups.P
4c520	65 65 72 20 49 50 20 61 64 64 72 65 73 73 20 74 6f 20 6d 61 74 63 68 2e 00 50 65 65 72 20 50 61	eer.IP.address.to.match..Peer.Pa
4c540	72 61 6d 65 74 65 72 73 00 50 65 65 72 20 67 72 6f 75 70 73 20 61 72 65 20 75 73 65 64 20 74 6f	rameters.Peer.groups.are.used.to
4c560	20 68 65 6c 70 20 69 6d 70 72 6f 76 65 20 73 63 61 6c 69 6e 67 20 62 79 20 67 65 6e 65 72 61 74	.help.improve.scaling.by.generat
4c580	69 6e 67 20 74 68 65 20 73 61 6d 65 20 75 70 64 61 74 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20	ing.the.same.update.information.
4c5a0	74 6f 20 61 6c 6c 20 6d 65 6d 62 65 72 73 20 6f 66 20 61 20 70 65 65 72 20 67 72 6f 75 70 2e 20	to.all.members.of.a.peer.group..
4c5c0	4e 6f 74 65 20 74 68 61 74 20 74 68 69 73 20 6d 65 61 6e 73 20 74 68 61 74 20 74 68 65 20 72 6f	Note.that.this.means.that.the.ro
4c5e0	75 74 65 73 20 67 65 6e 65 72 61 74 65 64 20 62 79 20 61 20 6d 65 6d 62 65 72 20 6f 66 20 61 20	utes.generated.by.a.member.of.a.
4c600	70 65 65 72 20 67 72 6f 75 70 20 77 69 6c 6c 20 62 65 20 73 65 6e 74 20 62 61 63 6b 20 74 6f 20	peer.group.will.be.sent.back.to.
4c620	74 68 61 74 20 6f 72 69 67 69 6e 61 74 69 6e 67 20 70 65 65 72 20 77 69 74 68 20 74 68 65 20 6f	that.originating.peer.with.the.o
4c640	72 69 67 69 6e 61 74 6f 72 20 69 64 65 6e 74 69 66 69 65 72 20 61 74 74 72 69 62 75 74 65 20 73	riginator.identifier.attribute.s
4c660	65 74 20 74 6f 20 69 6e 64 69 63 61 74 65 64 20 74 68 65 20 6f 72 69 67 69 6e 61 74 69 6e 67 20	et.to.indicated.the.originating.
4c680	70 65 65 72 2e 20 41 6c 6c 20 70 65 65 72 73 20 6e 6f 74 20 61 73 73 6f 63 69 61 74 65 64 20 77	peer..All.peers.not.associated.w
4c6a0	69 74 68 20 61 20 73 70 65 63 69 66 69 63 20 70 65 65 72 20 67 72 6f 75 70 20 61 72 65 20 74 72	ith.a.specific.peer.group.are.tr
4c6c0	65 61 74 65 64 20 61 73 20 62 65 6c 6f 6e 67 69 6e 67 20 74 6f 20 61 20 64 65 66 61 75 6c 74 20	eated.as.belonging.to.a.default.
4c6e0	70 65 65 72 20 67 72 6f 75 70 2c 20 61 6e 64 20 77 69 6c 6c 20 73 68 61 72 65 20 75 70 64 61 74	peer.group,.and.will.share.updat
4c700	65 73 2e 00 50 65 65 72 20 74 6f 20 73 65 6e 64 20 75 6e 69 63 61 73 74 20 55 44 50 20 63 6f 6e	es..Peer.to.send.unicast.UDP.con
4c720	6e 74 72 61 63 6b 20 73 79 6e 63 20 65 6e 74 69 72 65 73 20 74 6f 2c 20 69 66 20 6e 6f 74 20 75	ntrack.sync.entires.to,.if.not.u
4c740	73 69 6e 67 20 4d 75 6c 74 69 63 61 73 74 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 66 72 6f	sing.Multicast.configuration.fro
4c760	6d 20 61 62 6f 76 65 20 61 62 6f 76 65 2e 00 50 65 65 72 73 20 43 6f 6e 66 69 67 75 72 61 74 69	m.above.above..Peers.Configurati
4c780	6f 6e 00 50 65 72 20 64 65 66 61 75 6c 74 20 56 79 4f 53 73 20 68 61 73 20 6d 69 6e 69 6d 61 6c	on.Per.default.VyOSs.has.minimal
4c7a0	20 73 79 73 6c 6f 67 20 6c 6f 67 67 69 6e 67 20 65 6e 61 62 6c 65 64 20 77 68 69 63 68 20 69 73	.syslog.logging.enabled.which.is
4c7c0	20 73 74 6f 72 65 64 20 61 6e 64 20 72 6f 74 61 74 65 64 20 6c 6f 63 61 6c 6c 79 2e 20 45 72 72	.stored.and.rotated.locally..Err
4c7e0	6f 72 73 20 77 69 6c 6c 20 62 65 20 61 6c 77 61 79 73 20 6c 6f 67 67 65 64 20 74 6f 20 61 20 6c	ors.will.be.always.logged.to.a.l
4c800	6f 63 61 6c 20 66 69 6c 65 2c 20 77 68 69 63 68 20 69 6e 63 6c 75 64 65 73 20 60 6c 6f 63 61 6c	ocal.file,.which.includes.`local
4c820	37 60 20 65 72 72 6f 72 20 6d 65 73 73 61 67 65 73 2c 20 65 6d 65 72 67 65 6e 63 79 20 6d 65 73	7`.error.messages,.emergency.mes
4c840	73 61 67 65 73 20 77 69 6c 6c 20 62 65 20 73 65 6e 74 20 74 6f 20 74 68 65 20 63 6f 6e 73 6f 6c	sages.will.be.sent.to.the.consol
4c860	65 2c 20 74 6f 6f 2e 00 50 65 72 20 64 65 66 61 75 6c 74 20 65 76 65 72 79 20 70 61 63 6b 65 74	e,.too..Per.default.every.packet
4c880	20 69 73 20 73 61 6d 70 6c 65 64 20 28 74 68 61 74 20 69 73 2c 20 74 68 65 20 73 61 6d 70 6c 69	.is.sampled.(that.is,.the.sampli
4c8a0	6e 67 20 72 61 74 65 20 69 73 20 31 29 2e 00 50 65 72 20 64 65 66 61 75 6c 74 20 74 68 65 20 75	ng.rate.is.1)..Per.default.the.u
4c8c0	73 65 72 20 73 65 73 73 69 6f 6e 20 69 73 20 62 65 69 6e 67 20 72 65 70 6c 61 63 65 64 20 69 66	ser.session.is.being.replaced.if
4c8e0	20 61 20 73 65 63 6f 6e 64 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 72 65 71 75 65 73 74	.a.second.authentication.request
4c900	20 73 75 63 63 65 65 64 73 2e 20 53 75 63 68 20 73 65 73 73 69 6f 6e 20 72 65 71 75 65 73 74 73	.succeeds..Such.session.requests
4c920	20 63 61 6e 20 62 65 20 65 69 74 68 65 72 20 64 65 6e 69 65 64 20 6f 72 20 61 6c 6c 6f 77 65 64	.can.be.either.denied.or.allowed
4c940	20 65 6e 74 69 72 65 6c 79 2c 20 77 68 69 63 68 20 77 6f 75 6c 64 20 61 6c 6c 6f 77 20 6d 75 6c	.entirely,.which.would.allow.mul
4c960	74 69 70 6c 65 20 73 65 73 73 69 6f 6e 73 20 66 6f 72 20 61 20 75 73 65 72 20 69 6e 20 74 68 65	tiple.sessions.for.a.user.in.the
4c980	20 6c 61 74 74 65 72 20 63 61 73 65 2e 20 49 66 20 69 74 20 69 73 20 64 65 6e 69 65 64 2c 20 74	.latter.case..If.it.is.denied,.t
4c9a0	68 65 20 73 65 63 6f 6e 64 20 73 65 73 73 69 6f 6e 20 69 73 20 62 65 69 6e 67 20 72 65 6a 65 63	he.second.session.is.being.rejec
4c9c0	74 65 64 20 65 76 65 6e 20 69 66 20 74 68 65 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 73	ted.even.if.the.authentication.s
4c9e0	75 63 63 65 65 64 73 2c 20 74 68 65 20 75 73 65 72 20 68 61 73 20 74 6f 20 74 65 72 6d 69 6e 61	ucceeds,.the.user.has.to.termina
4ca00	74 65 20 69 74 73 20 66 69 72 73 74 20 73 65 73 73 69 6f 6e 20 61 6e 64 20 63 61 6e 20 74 68 65	te.its.first.session.and.can.the
4ca20	6e 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 61 67 61 69 6e 2e 00 50 65 72 20 64 65 66 61	n.authentication.again..Per.defa
4ca40	75 6c 74 2c 20 69 6e 74 65 72 66 61 63 65 73 20 75 73 65 64 20 69 6e 20 61 20 6c 6f 61 64 20 62	ult,.interfaces.used.in.a.load.b
4ca60	61 6c 61 6e 63 69 6e 67 20 70 6f 6f 6c 20 72 65 70 6c 61 63 65 20 74 68 65 20 73 6f 75 72 63 65	alancing.pool.replace.the.source
4ca80	20 49 50 20 6f 66 20 65 61 63 68 20 6f 75 74 67 6f 69 6e 67 20 70 61 63 6b 65 74 20 77 69 74 68	.IP.of.each.outgoing.packet.with
4caa0	20 69 74 73 20 6f 77 6e 20 61 64 64 72 65 73 73 20 74 6f 20 65 6e 73 75 72 65 20 74 68 61 74 20	.its.own.address.to.ensure.that.
4cac0	72 65 70 6c 69 65 73 20 61 72 72 69 76 65 20 6f 6e 20 74 68 65 20 73 61 6d 65 20 69 6e 74 65 72	replies.arrive.on.the.same.inter
4cae0	66 61 63 65 2e 20 54 68 69 73 20 77 6f 72 6b 73 20 74 68 72 6f 75 67 68 20 61 75 74 6f 6d 61 74	face..This.works.through.automat
4cb00	69 63 61 6c 6c 79 20 67 65 6e 65 72 61 74 65 64 20 73 6f 75 72 63 65 20 4e 41 54 20 28 53 4e 41	ically.generated.source.NAT.(SNA
4cb20	54 29 20 72 75 6c 65 73 2c 20 74 68 65 73 65 20 72 75 6c 65 73 20 61 72 65 20 6f 6e 6c 79 20 61	T).rules,.these.rules.are.only.a
4cb40	70 70 6c 69 65 64 20 74 6f 20 62 61 6c 61 6e 63 65 64 20 74 72 61 66 66 69 63 2e 20 49 6e 20 63	pplied.to.balanced.traffic..In.c
4cb60	61 73 65 73 20 77 68 65 72 65 20 74 68 69 73 20 62 65 68 61 76 69 6f 75 72 20 69 73 20 6e 6f 74	ases.where.this.behaviour.is.not
4cb80	20 64 65 73 69 72 65 64 2c 20 74 68 65 20 61 75 74 6f 6d 61 74 69 63 20 67 65 6e 65 72 61 74 69	.desired,.the.automatic.generati
4cba0	6f 6e 20 6f 66 20 53 4e 41 54 20 72 75 6c 65 73 20 63 61 6e 20 62 65 20 64 69 73 61 62 6c 65 64	on.of.SNAT.rules.can.be.disabled
4cbc0	3a 00 50 65 72 66 6f 72 6d 61 6e 63 65 00 50 65 72 69 6f 64 69 63 61 6c 6c 79 2c 20 61 20 68 65	:.Performance.Periodically,.a.he
4cbe0	6c 6c 6f 20 70 61 63 6b 65 74 20 69 73 20 73 65 6e 74 20 6f 75 74 20 62 79 20 74 68 65 20 52 6f	llo.packet.is.sent.out.by.the.Ro
4cc00	6f 74 20 42 72 69 64 67 65 20 61 6e 64 20 74 68 65 20 44 65 73 69 67 6e 61 74 65 64 20 42 72 69	ot.Bridge.and.the.Designated.Bri
4cc20	64 67 65 73 2e 20 48 65 6c 6c 6f 20 70 61 63 6b 65 74 73 20 61 72 65 20 75 73 65 64 20 74 6f 20	dges..Hello.packets.are.used.to.
4cc40	63 6f 6d 6d 75 6e 69 63 61 74 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68	communicate.information.about.th
4cc60	65 20 74 6f 70 6f 6c 6f 67 79 20 74 68 72 6f 75 67 68 6f 75 74 20 74 68 65 20 65 6e 74 69 72 65	e.topology.throughout.the.entire
4cc80	20 42 72 69 64 67 65 64 20 4c 6f 63 61 6c 20 41 72 65 61 20 4e 65 74 77 6f 72 6b 2e 00 50 69 6e	.Bridged.Local.Area.Network..Pin
4cca0	67 20 63 6f 6d 6d 61 6e 64 20 63 61 6e 20 62 65 20 69 6e 74 65 72 72 75 70 74 65 64 20 61 74 20	g.command.can.be.interrupted.at.
4ccc0	61 6e 79 20 67 69 76 65 6e 20 74 69 6d 65 20 75 73 69 6e 67 20 60 60 3c 43 74 72 6c 3e 2b 63 60	any.given.time.using.``<Ctrl>+c`
4cce0	60 2e 20 41 20 62 72 69 65 66 20 73 74 61 74 69 73 74 69 63 20 69 73 20 73 68 6f 77 6e 20 61 66	`..A.brief.statistic.is.shown.af
4cd00	74 65 72 77 61 72 64 73 2e 00 50 69 6e 67 20 75 73 65 73 20 49 43 4d 50 20 70 72 6f 74 6f 63 6f	terwards..Ping.uses.ICMP.protoco
4cd20	6c 27 73 20 6d 61 6e 64 61 74 6f 72 79 20 45 43 48 4f 5f 52 45 51 55 45 53 54 20 64 61 74 61 67	l's.mandatory.ECHO_REQUEST.datag
4cd40	72 61 6d 20 74 6f 20 65 6c 69 63 69 74 20 61 6e 20 49 43 4d 50 20 45 43 48 4f 5f 52 45 53 50 4f	ram.to.elicit.an.ICMP.ECHO_RESPO
4cd60	4e 53 45 20 66 72 6f 6d 20 61 20 68 6f 73 74 20 6f 72 20 67 61 74 65 77 61 79 2e 20 45 43 48 4f	NSE.from.a.host.or.gateway..ECHO
4cd80	5f 52 45 51 55 45 53 54 20 64 61 74 61 67 72 61 6d 73 20 28 70 69 6e 67 73 29 20 77 69 6c 6c 20	_REQUEST.datagrams.(pings).will.
4cda0	68 61 76 65 20 61 6e 20 49 50 20 61 6e 64 20 49 43 4d 50 20 68 65 61 64 65 72 2c 20 66 6f 6c 6c	have.an.IP.and.ICMP.header,.foll
4cdc0	6f 77 65 64 20 62 79 20 22 73 74 72 75 63 74 20 74 69 6d 65 76 61 6c 22 20 61 6e 64 20 61 6e 20	owed.by."struct.timeval".and.an.
4cde0	61 72 62 69 74 72 61 72 79 20 6e 75 6d 62 65 72 20 6f 66 20 70 61 64 20 62 79 74 65 73 20 75 73	arbitrary.number.of.pad.bytes.us
4ce00	65 64 20 74 6f 20 66 69 6c 6c 20 6f 75 74 20 74 68 65 20 70 61 63 6b 65 74 2e 00 50 69 6e 67 69	ed.to.fill.out.the.packet..Pingi
4ce20	6e 67 20 28 49 50 76 36 29 20 74 68 65 20 6f 74 68 65 72 20 68 6f 73 74 20 61 6e 64 20 69 6e 74	ng.(IPv6).the.other.host.and.int
4ce40	65 72 63 65 70 74 69 6e 67 20 74 68 65 20 74 72 61 66 66 69 63 20 69 6e 20 60 60 65 74 68 31 60	ercepting.the.traffic.in.``eth1`
4ce60	60 20 77 69 6c 6c 20 73 68 6f 77 20 79 6f 75 20 74 68 65 20 63 6f 6e 74 65 6e 74 20 69 73 20 65	`.will.show.you.the.content.is.e
4ce80	6e 63 72 79 70 74 65 64 2e 00 50 6c 61 63 65 20 69 6e 74 65 72 66 61 63 65 20 69 6e 20 67 69 76	ncrypted..Place.interface.in.giv
4cea0	65 6e 20 56 52 46 20 69 6e 73 74 61 6e 63 65 2e 00 50 6c 61 79 20 61 6e 20 61 75 64 69 62 6c 65	en.VRF.instance..Play.an.audible
4cec0	20 62 65 65 70 20 74 6f 20 74 68 65 20 73 79 73 74 65 6d 20 73 70 65 61 6b 65 72 20 77 68 65 6e	.beep.to.the.system.speaker.when
4cee0	20 73 79 73 74 65 6d 20 69 73 20 72 65 61 64 79 2e 00 50 6c 65 61 73 65 20 62 65 20 61 77 61 72	.system.is.ready..Please.be.awar
4cf00	65 2c 20 64 75 65 20 74 6f 20 61 6e 20 75 70 73 74 72 65 61 6d 20 62 75 67 2c 20 63 6f 6e 66 69	e,.due.to.an.upstream.bug,.confi
4cf20	67 20 63 68 61 6e 67 65 73 2f 63 6f 6d 6d 69 74 73 20 77 69 6c 6c 20 72 65 73 74 61 72 74 20 74	g.changes/commits.will.restart.t
4cf40	68 65 20 70 70 70 20 64 61 65 6d 6f 6e 20 61 6e 64 20 77 69 6c 6c 20 72 65 73 65 74 20 65 78 69	he.ppp.daemon.and.will.reset.exi
4cf60	73 74 69 6e 67 20 49 50 6f 45 20 73 65 73 73 69 6f 6e 73 2c 20 69 6e 20 6f 72 64 65 72 20 74 6f	sting.IPoE.sessions,.in.order.to
4cf80	20 62 65 63 6f 6d 65 20 65 66 66 65 63 74 69 76 65 2e 00 50 6c 65 61 73 65 20 62 65 20 61 77 61	.become.effective..Please.be.awa
4cfa0	72 65 2c 20 64 75 65 20 74 6f 20 61 6e 20 75 70 73 74 72 65 61 6d 20 62 75 67 2c 20 63 6f 6e 66	re,.due.to.an.upstream.bug,.conf
4cfc0	69 67 20 63 68 61 6e 67 65 73 2f 63 6f 6d 6d 69 74 73 20 77 69 6c 6c 20 72 65 73 74 61 72 74 20	ig.changes/commits.will.restart.
4cfe0	74 68 65 20 70 70 70 20 64 61 65 6d 6f 6e 20 61 6e 64 20 77 69 6c 6c 20 72 65 73 65 74 20 65 78	the.ppp.daemon.and.will.reset.ex
4d000	69 73 74 69 6e 67 20 50 50 50 6f 45 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 66 72 6f 6d 20 63 6f	isting.PPPoE.connections.from.co
4d020	6e 6e 65 63 74 65 64 20 75 73 65 72 73 2c 20 69 6e 20 6f 72 64 65 72 20 74 6f 20 62 65 63 6f 6d	nnected.users,.in.order.to.becom
4d040	65 20 65 66 66 65 63 74 69 76 65 2e 00 50 6c 65 61 73 65 20 72 65 66 65 72 20 74 6f 20 74 68 65	e.effective..Please.refer.to.the
4d060	20 3a 72 65 66 3a 60 69 70 73 65 63 60 20 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 20 66 6f 72 20	.:ref:`ipsec`.documentation.for.
4d080	74 68 65 20 69 6e 64 69 76 69 64 75 61 6c 20 49 50 53 65 63 20 72 65 6c 61 74 65 64 20 6f 70 74	the.individual.IPSec.related.opt
4d0a0	69 6f 6e 73 2e 00 50 6c 65 61 73 65 20 72 65 66 65 72 20 74 6f 20 74 68 65 20 3a 72 65 66 3a 60	ions..Please.refer.to.the.:ref:`
4d0c0	74 75 6e 6e 65 6c 2d 69 6e 74 65 72 66 61 63 65 60 20 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 20	tunnel-interface`.documentation.
4d0e0	66 6f 72 20 74 68 65 20 69 6e 64 69 76 69 64 75 61 6c 20 74 75 6e 6e 65 6c 20 72 65 6c 61 74 65	for.the.individual.tunnel.relate
4d100	64 20 6f 70 74 69 6f 6e 73 2e 00 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 3a 72 65 66 3a 60	d.options..Please.see.the.:ref:`
4d120	64 68 63 70 2d 64 6e 73 2d 71 75 69 63 6b 2d 73 74 61 72 74 60 20 63 6f 6e 66 69 67 75 72 61 74	dhcp-dns-quick-start`.configurat
4d140	69 6f 6e 2e 00 50 6c 65 61 73 65 20 74 61 6b 65 20 61 20 6c 6f 6f 6b 20 61 74 20 74 68 65 20 3a	ion..Please.take.a.look.at.the.:
4d160	72 65 66 3a 60 76 79 6f 73 61 70 69 60 20 70 61 67 65 20 66 6f 72 20 61 6e 20 64 65 74 61 69 6c	ref:`vyosapi`.page.for.an.detail
4d180	65 64 20 68 6f 77 2d 74 6f 2e 00 50 6c 65 61 73 65 20 74 61 6b 65 20 61 20 6c 6f 6f 6b 20 61 74	ed.how-to..Please.take.a.look.at
4d1a0	20 74 68 65 20 43 6f 6e 74 72 69 62 75 74 69 6e 67 20 47 75 69 64 65 20 66 6f 72 20 6f 75 72 20	.the.Contributing.Guide.for.our.
4d1c0	3a 72 65 66 3a 60 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 60 2e 00 50 6c 65 61 73 65 20 74 61 6b	:ref:`documentation`..Please.tak
4d1e0	65 20 61 20 6c 6f 6f 6b 20 69 6e 20 74 68 65 20 41 75 74 6f 6d 61 74 69 6f 6e 20 73 65 63 74 69	e.a.look.in.the.Automation.secti
4d200	6f 6e 20 74 6f 20 66 69 6e 64 20 73 6f 6d 65 20 75 73 65 66 75 6c 6c 20 45 78 61 6d 70 6c 65 73	on.to.find.some.usefull.Examples
4d220	2e 00 50 6f 6c 69 63 69 65 73 20 61 72 65 20 75 73 65 64 20 66 6f 72 20 66 69 6c 74 65 72 69 6e	..Policies.are.used.for.filterin
4d240	67 20 61 6e 64 20 74 72 61 66 66 69 63 20 6d 61 6e 61 67 65 6d 65 6e 74 2e 20 57 69 74 68 20 70	g.and.traffic.management..With.p
4d260	6f 6c 69 63 69 65 73 2c 20 6e 65 74 77 6f 72 6b 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 20	olicies,.network.administrators.
4d280	63 6f 75 6c 64 20 66 69 6c 74 65 72 20 61 6e 64 20 74 72 65 61 74 20 74 72 61 66 66 69 63 20 61	could.filter.and.treat.traffic.a
4d2a0	63 63 6f 72 64 69 6e 67 20 74 6f 20 74 68 65 69 72 20 6e 65 65 64 73 2e 00 50 6f 6c 69 63 69 65	ccording.to.their.needs..Policie
4d2c0	73 20 66 6f 72 20 6c 6f 63 61 6c 20 74 72 61 66 66 69 63 20 61 72 65 20 64 65 66 69 6e 65 64 20	s.for.local.traffic.are.defined.
4d2e0	69 6e 20 74 68 69 73 20 73 65 63 74 69 6f 6e 2e 00 50 6f 6c 69 63 69 65 73 2c 20 69 6e 20 56 79	in.this.section..Policies,.in.Vy
4d300	4f 53 2c 20 61 72 65 20 69 6d 70 6c 65 6d 65 6e 74 65 64 20 75 73 69 6e 67 20 46 52 52 20 66 69	OS,.are.implemented.using.FRR.fi
4d320	6c 74 65 72 69 6e 67 20 61 6e 64 20 72 6f 75 74 65 20 6d 61 70 73 2e 20 44 65 74 61 69 6c 65 64	ltering.and.route.maps..Detailed
4d340	20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 6f 66 20 46 52 52 20 63 6f 75 6c 64 20 62 65 20 66 6f 75	.information.of.FRR.could.be.fou
4d360	6e 64 20 69 6e 20 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 66 72 72 6f 75 74 69 6e 67 2e 6f 72 67 2f	nd.in.http://docs.frrouting.org/
4d380	00 50 6f 6c 69 63 79 00 50 6f 6c 69 63 79 20 53 65 63 74 69 6f 6e 73 00 50 6f 6c 69 63 79 20 66	.Policy.Policy.Sections.Policy.f
4d3a0	6f 72 20 63 68 65 63 6b 69 6e 67 20 74 61 72 67 65 74 73 00 50 6f 6c 69 63 79 20 74 6f 20 74 72	or.checking.targets.Policy.to.tr
4d3c0	61 63 6b 20 70 72 65 76 69 6f 75 73 6c 79 20 65 73 74 61 62 6c 69 73 68 65 64 20 63 6f 6e 6e 65	ack.previously.established.conne
4d3e0	63 74 69 6f 6e 73 2e 00 50 6f 6c 69 63 79 2d 42 61 73 65 64 20 52 6f 75 74 69 6e 67 20 77 69 74	ctions..Policy-Based.Routing.wit
4d400	68 20 6d 75 6c 74 69 70 6c 65 20 49 53 50 20 75 70 6c 69 6e 6b 73 20 28 73 6f 75 72 63 65 20 2e	h.multiple.ISP.uplinks.(source..
4d420	2f 64 72 61 77 2e 69 6f 2f 70 62 72 5f 65 78 61 6d 70 6c 65 5f 31 2e 64 72 61 77 69 6f 29 00 50	/draw.io/pbr_example_1.drawio).P
4d440	6f 72 74 20 47 72 6f 75 70 73 00 50 6f 72 74 20 4d 69 72 72 6f 72 20 28 53 50 41 4e 29 00 50 6f	ort.Groups.Port.Mirror.(SPAN).Po
4d460	72 74 20 66 6f 72 20 44 79 6e 61 6d 69 63 20 41 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 45 78 74	rt.for.Dynamic.Authorization.Ext
4d480	65 6e 73 69 6f 6e 20 73 65 72 76 65 72 20 28 44 4d 2f 43 6f 41 29 00 50 6f 72 74 20 6e 61 6d 65	ension.server.(DM/CoA).Port.name
4d4a0	20 61 6e 64 20 64 65 73 63 72 69 70 74 69 6f 6e 00 50 6f 72 74 20 6e 75 6d 62 65 72 20 75 73 65	.and.description.Port.number.use
4d4c0	64 20 62 79 20 63 6f 6e 6e 65 63 74 69 6f 6e 2c 20 64 65 66 61 75 6c 74 20 69 73 20 60 60 39 32	d.by.connection,.default.is.``92
4d4e0	37 33 60 60 00 50 6f 72 74 20 6e 75 6d 62 65 72 20 75 73 65 64 20 62 79 20 63 6f 6e 6e 65 63 74	73``.Port.number.used.by.connect
4d500	69 6f 6e 2e 00 50 6f 72 74 20 74 6f 20 6c 69 73 74 65 6e 20 66 6f 72 20 48 54 54 50 53 20 72 65	ion..Port.to.listen.for.HTTPS.re
4d520	71 75 65 73 74 73 3b 20 64 65 66 61 75 6c 74 20 34 34 33 00 50 6f 72 74 69 6f 6e 73 20 6f 66 20	quests;.default.443.Portions.of.
4d540	74 68 65 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 72 65 20 56 4c 41 4e 2d 61 77 61 72 65	the.network.which.are.VLAN-aware
4d560	20 28 69 2e 65 2e 2c 20 49 45 45 45 20 38 30 32 2e 31 71 5f 20 63 6f 6e 66 6f 72 6d 61 6e 74 29	.(i.e.,.IEEE.802.1q_.conformant)
4d580	20 63 61 6e 20 69 6e 63 6c 75 64 65 20 56 4c 41 4e 20 74 61 67 73 2e 20 57 68 65 6e 20 61 20 66	.can.include.VLAN.tags..When.a.f
4d5a0	72 61 6d 65 20 65 6e 74 65 72 73 20 74 68 65 20 56 4c 41 4e 2d 61 77 61 72 65 20 70 6f 72 74 69	rame.enters.the.VLAN-aware.porti
4d5c0	6f 6e 20 6f 66 20 74 68 65 20 6e 65 74 77 6f 72 6b 2c 20 61 20 74 61 67 20 69 73 20 61 64 64 65	on.of.the.network,.a.tag.is.adde
4d5e0	64 20 74 6f 20 72 65 70 72 65 73 65 6e 74 20 74 68 65 20 56 4c 41 4e 20 6d 65 6d 62 65 72 73 68	d.to.represent.the.VLAN.membersh
4d600	69 70 2e 20 45 61 63 68 20 66 72 61 6d 65 20 6d 75 73 74 20 62 65 20 64 69 73 74 69 6e 67 75 69	ip..Each.frame.must.be.distingui
4d620	73 68 61 62 6c 65 20 61 73 20 62 65 69 6e 67 20 77 69 74 68 69 6e 20 65 78 61 63 74 6c 79 20 6f	shable.as.being.within.exactly.o
4d640	6e 65 20 56 4c 41 4e 2e 20 41 20 66 72 61 6d 65 20 69 6e 20 74 68 65 20 56 4c 41 4e 2d 61 77 61	ne.VLAN..A.frame.in.the.VLAN-awa
4d660	72 65 20 70 6f 72 74 69 6f 6e 20 6f 66 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 74 68 61 74 20 64	re.portion.of.the.network.that.d
4d680	6f 65 73 20 6e 6f 74 20 63 6f 6e 74 61 69 6e 20 61 20 56 4c 41 4e 20 74 61 67 20 69 73 20 61 73	oes.not.contain.a.VLAN.tag.is.as
4d6a0	73 75 6d 65 64 20 74 6f 20 62 65 20 66 6c 6f 77 69 6e 67 20 6f 6e 20 74 68 65 20 6e 61 74 69 76	sumed.to.be.flowing.on.the.nativ
4d6c0	65 20 56 4c 41 4e 2e 00 50 72 65 63 65 64 65 6e 63 65 00 50 72 65 65 6d 70 74 69 6f 6e 00 50 72	e.VLAN..Precedence.Preemption.Pr
4d6e0	65 66 65 72 20 61 20 73 70 65 63 69 66 69 63 20 72 6f 75 74 69 6e 67 20 70 72 6f 74 6f 63 6f 6c	efer.a.specific.routing.protocol
4d700	20 72 6f 75 74 65 73 20 6f 76 65 72 20 61 6e 6f 74 68 65 72 20 72 6f 75 74 69 6e 67 20 70 72 6f	.routes.over.another.routing.pro
4d720	74 6f 63 6f 6c 20 72 75 6e 6e 69 6e 67 20 6f 6e 20 74 68 65 20 73 61 6d 65 20 72 6f 75 74 65 72	tocol.running.on.the.same.router
4d740	2e 00 50 72 65 66 65 72 20 68 69 67 68 65 72 20 6c 6f 63 61 6c 20 70 72 65 66 65 72 65 6e 63 65	..Prefer.higher.local.preference
4d760	20 72 6f 75 74 65 73 20 74 6f 20 6c 6f 77 65 72 2e 00 50 72 65 66 65 72 20 68 69 67 68 65 72 20	.routes.to.lower..Prefer.higher.
4d780	6c 6f 63 61 6c 20 77 65 69 67 68 74 20 72 6f 75 74 65 73 20 74 6f 20 6c 6f 77 65 72 20 72 6f 75	local.weight.routes.to.lower.rou
4d7a0	74 65 73 2e 00 50 72 65 66 65 72 20 6c 6f 63 61 6c 20 72 6f 75 74 65 73 20 28 73 74 61 74 69 63	tes..Prefer.local.routes.(static
4d7c0	73 2c 20 61 67 67 72 65 67 61 74 65 73 2c 20 72 65 64 69 73 74 72 69 62 75 74 65 64 29 20 74 6f	s,.aggregates,.redistributed).to
4d7e0	20 72 65 63 65 69 76 65 64 20 72 6f 75 74 65 73 2e 00 50 72 65 66 65 72 20 73 68 6f 72 74 65 73	.received.routes..Prefer.shortes
4d800	74 20 68 6f 70 2d 63 6f 75 6e 74 20 41 53 5f 50 41 54 48 73 2e 00 50 72 65 66 65 72 20 74 68 65	t.hop-count.AS_PATHs..Prefer.the
4d820	20 6c 6f 77 65 73 74 20 6f 72 69 67 69 6e 20 74 79 70 65 20 72 6f 75 74 65 2e 20 54 68 61 74 20	.lowest.origin.type.route..That.
4d840	69 73 2c 20 70 72 65 66 65 72 20 49 47 50 20 6f 72 69 67 69 6e 20 72 6f 75 74 65 73 20 74 6f 20	is,.prefer.IGP.origin.routes.to.
4d860	45 47 50 2c 20 74 6f 20 49 6e 63 6f 6d 70 6c 65 74 65 20 72 6f 75 74 65 73 2e 00 50 72 65 66 65	EGP,.to.Incomplete.routes..Prefe
4d880	72 20 74 68 65 20 72 6f 75 74 65 20 72 65 63 65 69 76 65 64 20 66 72 6f 6d 20 61 6e 20 65 78 74	r.the.route.received.from.an.ext
4d8a0	65 72 6e 61 6c 2c 20 65 42 47 50 20 70 65 65 72 20 6f 76 65 72 20 72 6f 75 74 65 73 20 72 65 63	ernal,.eBGP.peer.over.routes.rec
4d8c0	65 69 76 65 64 20 66 72 6f 6d 20 6f 74 68 65 72 20 74 79 70 65 73 20 6f 66 20 70 65 65 72 73 2e	eived.from.other.types.of.peers.
4d8e0	00 50 72 65 66 65 72 20 74 68 65 20 72 6f 75 74 65 20 72 65 63 65 69 76 65 64 20 66 72 6f 6d 20	.Prefer.the.route.received.from.
4d900	74 68 65 20 70 65 65 72 20 77 69 74 68 20 74 68 65 20 68 69 67 68 65 72 20 74 72 61 6e 73 70 6f	the.peer.with.the.higher.transpo
4d920	72 74 20 6c 61 79 65 72 20 61 64 64 72 65 73 73 2c 20 61 73 20 61 20 6c 61 73 74 2d 72 65 73 6f	rt.layer.address,.as.a.last-reso
4d940	72 74 20 74 69 65 2d 62 72 65 61 6b 65 72 2e 00 50 72 65 66 65 72 20 74 68 65 20 72 6f 75 74 65	rt.tie-breaker..Prefer.the.route
4d960	20 77 69 74 68 20 74 68 65 20 6c 6f 77 65 72 20 49 47 50 20 63 6f 73 74 2e 00 50 72 65 66 65 72	.with.the.lower.IGP.cost..Prefer
4d980	20 74 68 65 20 72 6f 75 74 65 20 77 69 74 68 20 74 68 65 20 6c 6f 77 65 73 74 20 60 72 6f 75 74	.the.route.with.the.lowest.`rout
4d9a0	65 72 2d 49 44 60 2e 20 49 66 20 74 68 65 20 72 6f 75 74 65 20 68 61 73 20 61 6e 20 60 4f 52 49	er-ID`..If.the.route.has.an.`ORI
4d9c0	47 49 4e 41 54 4f 52 5f 49 44 60 20 61 74 74 72 69 62 75 74 65 2c 20 74 68 72 6f 75 67 68 20 69	GINATOR_ID`.attribute,.through.i
4d9e0	42 47 50 20 72 65 66 6c 65 63 74 69 6f 6e 2c 20 74 68 65 6e 20 74 68 61 74 20 72 6f 75 74 65 72	BGP.reflection,.then.that.router
4da00	20 49 44 20 69 73 20 75 73 65 64 2c 20 6f 74 68 65 72 77 69 73 65 20 74 68 65 20 60 72 6f 75 74	.ID.is.used,.otherwise.the.`rout
4da20	65 72 2d 49 44 60 20 6f 66 20 74 68 65 20 70 65 65 72 20 74 68 65 20 72 6f 75 74 65 20 77 61 73	er-ID`.of.the.peer.the.route.was
4da40	20 72 65 63 65 69 76 65 64 20 66 72 6f 6d 20 69 73 20 75 73 65 64 2e 00 50 72 65 66 65 72 65 6e	.received.from.is.used..Preferen
4da60	63 65 20 61 73 73 6f 63 69 61 74 65 64 20 77 69 74 68 20 74 68 65 20 64 65 66 61 75 6c 74 20 72	ce.associated.with.the.default.r
4da80	6f 75 74 65 72 00 50 72 65 66 69 78 20 43 6f 6e 76 65 72 73 69 6f 6e 00 50 72 65 66 69 78 20 44	outer.Prefix.Conversion.Prefix.D
4daa0	65 6c 65 67 61 74 69 6f 6e 00 50 72 65 66 69 78 20 4c 69 73 74 20 50 6f 6c 69 63 79 00 50 72 65	elegation.Prefix.List.Policy.Pre
4dac0	66 69 78 20 4c 69 73 74 73 00 50 72 65 66 69 78 20 63 61 6e 20 6e 6f 74 20 62 65 20 75 73 65 64	fix.Lists.Prefix.can.not.be.used
4dae0	20 66 6f 72 20 6f 6e 2d 6c 69 6e 6b 20 64 65 74 65 72 6d 69 6e 61 74 69 6f 6e 00 50 72 65 66 69	.for.on-link.determination.Prefi
4db00	78 20 63 61 6e 20 6e 6f 74 20 62 65 20 75 73 65 64 20 66 6f 72 20 73 74 61 74 65 6c 65 73 73 20	x.can.not.be.used.for.stateless.
4db20	61 64 64 72 65 73 73 20 61 75 74 6f 2d 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 00 50 72 65 66 69	address.auto-configuration.Prefi
4db40	78 20 66 69 6c 74 65 72 69 6e 67 20 63 61 6e 20 62 65 20 64 6f 6e 65 20 75 73 69 6e 67 20 70 72	x.filtering.can.be.done.using.pr
4db60	65 66 69 78 2d 6c 69 73 74 20 61 6e 64 20 70 72 65 66 69 78 2d 6c 69 73 74 36 2e 00 50 72 65 66	efix-list.and.prefix-list6..Pref
4db80	69 78 20 6c 65 6e 67 74 68 20 69 6e 20 69 6e 74 65 72 66 61 63 65 20 6d 75 73 74 20 62 65 20 65	ix.length.in.interface.must.be.e
4dba0	71 75 61 6c 20 6f 72 20 62 69 67 67 65 72 20 28 69 2e 65 2e 20 73 6d 61 6c 6c 65 72 20 6e 65 74	qual.or.bigger.(i.e..smaller.net
4dbc0	77 6f 72 6b 29 20 74 68 61 6e 20 70 72 65 66 69 78 20 6c 65 6e 67 74 68 20 69 6e 20 6e 65 74 77	work).than.prefix.length.in.netw
4dbe0	6f 72 6b 20 73 74 61 74 65 6d 65 6e 74 2e 20 46 6f 72 20 65 78 61 6d 70 6c 65 20 73 74 61 74 65	ork.statement..For.example.state
4dc00	6d 65 6e 74 20 61 62 6f 76 65 20 64 6f 65 73 6e 27 74 20 65 6e 61 62 6c 65 20 6f 73 70 66 20 6f	ment.above.doesn't.enable.ospf.o
4dc20	6e 20 69 6e 74 65 72 66 61 63 65 20 77 69 74 68 20 61 64 64 72 65 73 73 20 31 39 32 2e 31 36 38	n.interface.with.address.192.168
4dc40	2e 31 2e 31 2f 32 33 2c 20 62 75 74 20 69 74 20 64 6f 65 73 20 6f 6e 20 69 6e 74 65 72 66 61 63	.1.1/23,.but.it.does.on.interfac
4dc60	65 20 77 69 74 68 20 61 64 64 72 65 73 73 20 31 39 32 2e 31 36 38 2e 31 2e 31 32 39 2f 32 35 2e	e.with.address.192.168.1.129/25.
4dc80	00 50 72 65 66 69 78 20 6c 69 73 74 73 20 70 72 6f 76 69 64 65 73 20 74 68 65 20 6d 6f 73 74 20	.Prefix.lists.provides.the.most.
4dca0	70 6f 77 65 72 66 75 6c 20 70 72 65 66 69 78 20 62 61 73 65 64 20 66 69 6c 74 65 72 69 6e 67 20	powerful.prefix.based.filtering.
4dcc0	6d 65 63 68 61 6e 69 73 6d 2e 20 49 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 20 61 63 63 65 73 73	mechanism..In.addition.to.access
4dce0	2d 6c 69 73 74 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79 2c 20 69 70 20 70 72 65 66 69 78 2d 6c	-list.functionality,.ip.prefix-l
4dd00	69 73 74 20 68 61 73 20 70 72 65 66 69 78 20 6c 65 6e 67 74 68 20 72 61 6e 67 65 20 73 70 65 63	ist.has.prefix.length.range.spec
4dd20	69 66 69 63 61 74 69 6f 6e 2e 00 50 72 65 66 69 78 20 74 6f 20 6d 61 74 63 68 20 61 67 61 69 6e	ification..Prefix.to.match.again
4dd40	73 74 2e 00 50 72 65 66 69 78 65 73 00 50 72 65 70 65 6e 64 20 74 68 65 20 65 78 69 73 74 69 6e	st..Prefixes.Prepend.the.existin
4dd60	67 20 6c 61 73 74 20 41 53 20 6e 75 6d 62 65 72 20 28 74 68 65 20 6c 65 66 74 6d 6f 73 74 20 41	g.last.AS.number.(the.leftmost.A
4dd80	53 4e 29 20 74 6f 20 74 68 65 20 41 53 5f 50 41 54 48 2e 00 50 72 65 70 65 6e 64 20 74 68 65 20	SN).to.the.AS_PATH..Prepend.the.
4dda0	67 69 76 65 6e 20 73 74 72 69 6e 67 20 6f 66 20 41 53 20 6e 75 6d 62 65 72 73 20 74 6f 20 74 68	given.string.of.AS.numbers.to.th
4ddc0	65 20 41 53 5f 50 41 54 48 20 6f 66 20 74 68 65 20 42 47 50 20 70 61 74 68 27 73 20 4e 4c 52 49	e.AS_PATH.of.the.BGP.path's.NLRI
4dde0	2e 00 50 72 69 6e 63 69 70 6c 65 20 6f 66 20 53 4e 4d 50 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f	..Principle.of.SNMP.Communicatio
4de00	6e 00 50 72 69 6e 74 20 61 20 73 75 6d 6d 61 72 79 20 6f 66 20 6e 65 69 67 68 62 6f 72 20 63 6f	n.Print.a.summary.of.neighbor.co
4de20	6e 6e 65 63 74 69 6f 6e 73 20 66 6f 72 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 41 46 49 2f	nnections.for.the.specified.AFI/
4de40	53 41 46 49 20 63 6f 6d 62 69 6e 61 74 69 6f 6e 2e 00 50 72 69 6e 74 20 61 63 74 69 76 65 20 49	SAFI.combination..Print.active.I
4de60	50 56 34 20 6f 72 20 49 50 56 36 20 72 6f 75 74 65 73 20 61 64 76 65 72 74 69 73 65 64 20 76 69	PV4.or.IPV6.routes.advertised.vi
4de80	61 20 74 68 65 20 56 50 4e 20 53 41 46 49 2e 00 50 72 69 6f 72 69 74 79 00 50 72 69 6f 72 69 74	a.the.VPN.SAFI..Priority.Priorit
4dea0	79 20 51 75 65 75 65 00 50 72 69 6f 72 69 74 79 20 51 75 65 75 65 2c 20 61 73 20 6f 74 68 65 72	y.Queue.Priority.Queue,.as.other
4dec0	20 6e 6f 6e 2d 73 68 61 70 69 6e 67 20 70 6f 6c 69 63 69 65 73 2c 20 69 73 20 6f 6e 6c 79 20 75	.non-shaping.policies,.is.only.u
4dee0	73 65 66 75 6c 20 69 66 20 79 6f 75 72 20 6f 75 74 67 6f 69 6e 67 20 69 6e 74 65 72 66 61 63 65	seful.if.your.outgoing.interface
4df00	20 69 73 20 72 65 61 6c 6c 79 20 66 75 6c 6c 2e 20 49 66 20 69 74 20 69 73 20 6e 6f 74 2c 20 56	.is.really.full..If.it.is.not,.V
4df20	79 4f 53 20 77 69 6c 6c 20 6e 6f 74 20 6f 77 6e 20 74 68 65 20 71 75 65 75 65 20 61 6e 64 20 50	yOS.will.not.own.the.queue.and.P
4df40	72 69 6f 72 69 74 79 20 51 75 65 75 65 20 77 69 6c 6c 20 68 61 76 65 20 6e 6f 20 65 66 66 65 63	riority.Queue.will.have.no.effec
4df60	74 2e 20 49 66 20 74 68 65 72 65 20 69 73 20 62 61 6e 64 77 69 64 74 68 20 61 76 61 69 6c 61 62	t..If.there.is.bandwidth.availab
4df80	6c 65 20 6f 6e 20 74 68 65 20 70 68 79 73 69 63 61 6c 20 6c 69 6e 6b 2c 20 79 6f 75 20 63 61 6e	le.on.the.physical.link,.you.can
4dfa0	20 65 6d 62 65 64 5f 20 50 72 69 6f 72 69 74 79 20 51 75 65 75 65 20 69 6e 74 6f 20 61 20 63 6c	.embed_.Priority.Queue.into.a.cl
4dfc0	61 73 73 66 75 6c 20 73 68 61 70 69 6e 67 20 70 6f 6c 69 63 79 20 74 6f 20 6d 61 6b 65 20 73 75	assful.shaping.policy.to.make.su
4dfe0	72 65 20 69 74 20 6f 77 6e 73 20 74 68 65 20 71 75 65 75 65 2e 20 49 6e 20 74 68 61 74 20 63 61	re.it.owns.the.queue..In.that.ca
4e000	73 65 20 70 61 63 6b 65 74 73 20 63 61 6e 20 62 65 20 70 72 69 6f 72 69 74 69 7a 65 64 20 62 61	se.packets.can.be.prioritized.ba
4e020	73 65 64 20 6f 6e 20 44 53 43 50 2e 00 50 72 69 76 61 74 65 20 56 4c 41 4e 20 70 72 6f 78 79 20	sed.on.DSCP..Private.VLAN.proxy.
4e040	61 72 70 2e 20 42 61 73 69 63 61 6c 6c 79 20 61 6c 6c 6f 77 20 70 72 6f 78 79 20 61 72 70 20 72	arp..Basically.allow.proxy.arp.r
4e060	65 70 6c 69 65 73 20 62 61 63 6b 20 74 6f 20 74 68 65 20 73 61 6d 65 20 69 6e 74 65 72 66 61 63	eplies.back.to.the.same.interfac
4e080	65 20 28 66 72 6f 6d 20 77 68 69 63 68 20 74 68 65 20 41 52 50 20 72 65 71 75 65 73 74 2f 73 6f	e.(from.which.the.ARP.request/so
4e0a0	6c 69 63 69 74 61 74 69 6f 6e 20 77 61 73 20 72 65 63 65 69 76 65 64 29 2e 00 50 72 6f 6d 65 74	licitation.was.received)..Promet
4e0c0	68 65 75 73 2d 63 6c 69 65 6e 74 00 50 72 6f 74 65 63 74 73 20 68 6f 73 74 20 66 72 6f 6d 20 62	heus-client.Protects.host.from.b
4e0e0	72 75 74 65 2d 66 6f 72 63 65 20 61 74 74 61 63 6b 73 20 61 67 61 69 6e 73 74 20 53 53 48 2e 20	rute-force.attacks.against.SSH..
4e100	4c 6f 67 20 6d 65 73 73 61 67 65 73 20 61 72 65 20 70 61 72 73 65 64 2c 20 6c 69 6e 65 2d 62 79	Log.messages.are.parsed,.line-by
4e120	2d 6c 69 6e 65 2c 20 66 6f 72 20 72 65 63 6f 67 6e 69 7a 65 64 20 70 61 74 74 65 72 6e 73 2e 20	-line,.for.recognized.patterns..
4e140	49 66 20 61 6e 20 61 74 74 61 63 6b 2c 20 73 75 63 68 20 61 73 20 73 65 76 65 72 61 6c 20 6c 6f	If.an.attack,.such.as.several.lo
4e160	67 69 6e 20 66 61 69 6c 75 72 65 73 20 77 69 74 68 69 6e 20 61 20 66 65 77 20 73 65 63 6f 6e 64	gin.failures.within.a.few.second
4e180	73 2c 20 69 73 20 64 65 74 65 63 74 65 64 2c 20 74 68 65 20 6f 66 66 65 6e 64 69 6e 67 20 49 50	s,.is.detected,.the.offending.IP
4e1a0	20 69 73 20 62 6c 6f 63 6b 65 64 2e 20 4f 66 66 65 6e 64 65 72 73 20 61 72 65 20 75 6e 62 6c 6f	.is.blocked..Offenders.are.unblo
4e1c0	63 6b 65 64 20 61 66 74 65 72 20 61 20 73 65 74 20 69 6e 74 65 72 76 61 6c 2e 00 50 72 6f 74 6f	cked.after.a.set.interval..Proto
4e1e0	63 6f 6c 20 66 6f 72 20 77 68 69 63 68 20 65 78 70 65 63 74 20 65 6e 74 72 69 65 73 20 6e 65 65	col.for.which.expect.entries.nee
4e200	64 20 74 6f 20 62 65 20 73 79 6e 63 68 72 6f 6e 69 7a 65 64 2e 00 50 72 6f 74 6f 63 6f 6c 73 00	d.to.be.synchronized..Protocols.
4e220	50 72 6f 74 6f 63 6f 6c 73 20 61 72 65 3a 20 74 63 70 2c 20 73 63 74 70 2c 20 64 63 63 70 2c 20	Protocols.are:.tcp,.sctp,.dccp,.
4e240	75 64 70 2c 20 69 63 6d 70 20 61 6e 64 20 69 70 76 36 2d 69 63 6d 70 2e 00 50 72 6f 76 69 64 65	udp,.icmp.and.ipv6-icmp..Provide
4e260	20 54 46 54 50 20 73 65 72 76 65 72 20 6c 69 73 74 65 6e 69 6e 67 20 6f 6e 20 62 6f 74 68 20 49	.TFTP.server.listening.on.both.I
4e280	50 76 34 20 61 6e 64 20 49 50 76 36 20 61 64 64 72 65 73 73 65 73 20 60 60 31 39 32 2e 30 2e 32	Pv4.and.IPv6.addresses.``192.0.2
4e2a0	2e 31 60 60 20 61 6e 64 20 60 60 32 30 30 31 3a 64 62 38 3a 3a 31 60 60 20 73 65 72 76 69 6e 67	.1``.and.``2001:db8::1``.serving
4e2c0	20 74 68 65 20 63 6f 6e 74 65 6e 74 20 66 72 6f 6d 20 60 60 2f 63 6f 6e 66 69 67 2f 74 66 74 70	.the.content.from.``/config/tftp
4e2e0	62 6f 6f 74 60 60 2e 20 55 70 6c 6f 61 64 69 6e 67 20 76 69 61 20 54 46 54 50 20 74 6f 20 74 68	boot``..Uploading.via.TFTP.to.th
4e300	69 73 20 73 65 72 76 65 72 20 69 73 20 64 69 73 61 62 6c 65 64 2e 00 50 72 6f 76 69 64 65 20 61	is.server.is.disabled..Provide.a
4e320	20 49 50 76 34 20 6f 72 20 49 50 76 36 20 61 64 64 72 65 73 73 20 67 72 6f 75 70 20 64 65 73 63	.IPv4.or.IPv6.address.group.desc
4e340	72 69 70 74 69 6f 6e 00 50 72 6f 76 69 64 65 20 61 20 49 50 76 34 20 6f 72 20 49 50 76 36 20 6e	ription.Provide.a.IPv4.or.IPv6.n
4e360	65 74 77 6f 72 6b 20 67 72 6f 75 70 20 64 65 73 63 72 69 70 74 69 6f 6e 2e 00 50 72 6f 76 69 64	etwork.group.description..Provid
4e380	65 20 61 20 64 65 73 63 72 69 70 74 69 6f 6e 20 66 6f 72 20 65 61 63 68 20 72 75 6c 65 2e 00 50	e.a.description.for.each.rule..P
4e3a0	72 6f 76 69 64 65 20 61 20 64 6f 6d 61 69 6e 20 67 72 6f 75 70 20 64 65 73 63 72 69 70 74 69 6f	rovide.a.domain.group.descriptio
4e3c0	6e 2e 00 50 72 6f 76 69 64 65 20 61 20 6d 61 63 20 67 72 6f 75 70 20 64 65 73 63 72 69 70 74 69	n..Provide.a.mac.group.descripti
4e3e0	6f 6e 2e 00 50 72 6f 76 69 64 65 20 61 20 70 6f 72 74 20 67 72 6f 75 70 20 64 65 73 63 72 69 70	on..Provide.a.port.group.descrip
4e400	74 69 6f 6e 2e 00 50 72 6f 76 69 64 65 20 61 20 72 75 6c 65 2d 73 65 74 20 64 65 73 63 72 69 70	tion..Provide.a.rule-set.descrip
4e420	74 69 6f 6e 20 74 6f 20 61 20 63 75 73 74 6f 6d 20 66 69 72 65 77 61 6c 6c 20 63 68 61 69 6e 2e	tion.to.a.custom.firewall.chain.
4e440	00 50 72 6f 76 69 64 65 20 61 20 72 75 6c 65 2d 73 65 74 20 64 65 73 63 72 69 70 74 69 6f 6e 2e	.Provide.a.rule-set.description.
4e460	00 50 72 6f 76 69 64 65 20 61 6e 20 49 50 76 34 20 6f 72 20 49 50 76 36 20 6e 65 74 77 6f 72 6b	.Provide.an.IPv4.or.IPv6.network
4e480	20 67 72 6f 75 70 20 64 65 73 63 72 69 70 74 69 6f 6e 2e 00 50 72 6f 76 69 64 65 20 61 6e 20 69	.group.description..Provide.an.i
4e4a0	6e 74 65 72 66 61 63 65 20 67 72 6f 75 70 20 64 65 73 63 72 69 70 74 69 6f 6e 00 50 72 6f 76 69	nterface.group.description.Provi
4e4c0	64 65 72 20 2d 20 43 75 73 74 6f 6d 65 72 00 50 72 6f 76 69 64 65 73 20 61 20 62 61 63 6b 62 6f	der.-.Customer.Provides.a.backbo
4e4e0	6e 65 20 61 72 65 61 20 63 6f 68 65 72 65 6e 63 65 20 62 79 20 76 69 72 74 75 61 6c 20 6c 69 6e	ne.area.coherence.by.virtual.lin
4e500	6b 20 65 73 74 61 62 6c 69 73 68 6d 65 6e 74 2e 00 50 72 6f 76 69 64 65 73 20 61 20 70 65 72 2d	k.establishment..Provides.a.per-
4e520	64 65 76 69 63 65 20 63 6f 6e 74 72 6f 6c 20 74 6f 20 65 6e 61 62 6c 65 2f 64 69 73 61 62 6c 65	device.control.to.enable/disable
4e540	20 74 68 65 20 74 68 72 65 61 64 65 64 20 6d 6f 64 65 20 66 6f 72 20 61 6c 6c 20 74 68 65 20 4e	.the.threaded.mode.for.all.the.N
4e560	41 50 49 20 69 6e 73 74 61 6e 63 65 73 20 6f 66 20 74 68 65 20 67 69 76 65 6e 20 6e 65 74 77 6f	API.instances.of.the.given.netwo
4e580	72 6b 20 64 65 76 69 63 65 2c 20 77 69 74 68 6f 75 74 20 74 68 65 20 6e 65 65 64 20 66 6f 72 20	rk.device,.without.the.need.for.
4e5a0	61 20 64 65 76 69 63 65 20 75 70 2f 64 6f 77 6e 2e 00 50 72 6f 78 79 20 61 75 74 68 65 6e 74 69	a.device.up/down..Proxy.authenti
4e5c0	63 61 74 69 6f 6e 20 6d 65 74 68 6f 64 2c 20 63 75 72 72 65 6e 74 6c 79 20 6f 6e 6c 79 20 4c 44	cation.method,.currently.only.LD
4e5e0	41 50 20 69 73 20 73 75 70 70 6f 72 74 65 64 2e 00 50 73 65 75 64 6f 20 45 74 68 65 72 6e 65 74	AP.is.supported..Pseudo.Ethernet
4e600	2f 4d 41 43 56 4c 41 4e 20 6f 70 74 69 6f 6e 73 00 50 73 65 75 64 6f 2d 45 74 68 65 72 6e 65 74	/MACVLAN.options.Pseudo-Ethernet
4e620	20 69 6e 74 65 72 66 61 63 65 73 20 63 61 6e 20 6e 6f 74 20 62 65 20 72 65 61 63 68 65 64 20 66	.interfaces.can.not.be.reached.f
4e640	72 6f 6d 20 79 6f 75 72 20 69 6e 74 65 72 6e 61 6c 20 68 6f 73 74 2e 20 54 68 69 73 20 6d 65 61	rom.your.internal.host..This.mea
4e660	6e 73 20 74 68 61 74 20 79 6f 75 20 63 61 6e 20 6e 6f 74 20 74 72 79 20 74 6f 20 70 69 6e 67 20	ns.that.you.can.not.try.to.ping.
4e680	61 20 50 73 65 75 64 6f 2d 45 74 68 65 72 6e 65 74 20 69 6e 74 65 72 66 61 63 65 20 66 72 6f 6d	a.Pseudo-Ethernet.interface.from
4e6a0	20 74 68 65 20 68 6f 73 74 20 73 79 73 74 65 6d 20 6f 6e 20 77 68 69 63 68 20 69 74 20 69 73 20	.the.host.system.on.which.it.is.
4e6c0	64 65 66 69 6e 65 64 2e 20 54 68 65 20 70 69 6e 67 20 77 69 6c 6c 20 62 65 20 6c 6f 73 74 2e 00	defined..The.ping.will.be.lost..
4e6e0	50 73 65 75 64 6f 2d 45 74 68 65 72 6e 65 74 20 69 6e 74 65 72 66 61 63 65 73 20 6d 61 79 20 6e	Pseudo-Ethernet.interfaces.may.n
4e700	6f 74 20 77 6f 72 6b 20 69 6e 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 73 20 77 68 69 63 68 20 65 78	ot.work.in.environments.which.ex
4e720	70 65 63 74 20 61 20 3a 61 62 62 72 3a 60 4e 49 43 20 28 4e 65 74 77 6f 72 6b 20 49 6e 74 65 72	pect.a.:abbr:`NIC.(Network.Inter
4e740	66 61 63 65 20 43 61 72 64 29 60 20 74 6f 20 6f 6e 6c 79 20 68 61 76 65 20 61 20 73 69 6e 67 6c	face.Card)`.to.only.have.a.singl
4e760	65 20 61 64 64 72 65 73 73 2e 20 54 68 69 73 20 61 70 70 6c 69 65 73 20 74 6f 3a 20 2d 20 56 4d	e.address..This.applies.to:.-.VM
4e780	77 61 72 65 20 6d 61 63 68 69 6e 65 73 20 75 73 69 6e 67 20 64 65 66 61 75 6c 74 20 73 65 74 74	ware.machines.using.default.sett
4e7a0	69 6e 67 73 20 2d 20 4e 65 74 77 6f 72 6b 20 73 77 69 74 63 68 65 73 20 77 69 74 68 20 73 65 63	ings.-.Network.switches.with.sec
4e7c0	75 72 69 74 79 20 73 65 74 74 69 6e 67 73 20 61 6c 6c 6f 77 69 6e 67 20 6f 6e 6c 79 20 61 20 73	urity.settings.allowing.only.a.s
4e7e0	69 6e 67 6c 65 20 4d 41 43 20 61 64 64 72 65 73 73 20 2d 20 78 44 53 4c 20 6d 6f 64 65 6d 73 20	ingle.MAC.address.-.xDSL.modems.
4e800	74 68 61 74 20 74 72 79 20 74 6f 20 6c 65 61 72 6e 20 74 68 65 20 4d 41 43 20 61 64 64 72 65 73	that.try.to.learn.the.MAC.addres
4e820	73 20 6f 66 20 74 68 65 20 4e 49 43 00 50 73 65 75 64 6f 2d 45 74 68 65 72 6e 65 74 20 6f 72 20	s.of.the.NIC.Pseudo-Ethernet.or.
4e840	4d 41 43 56 4c 41 4e 20 69 6e 74 65 72 66 61 63 65 73 20 63 61 6e 20 62 65 20 73 65 65 6e 20 61	MACVLAN.interfaces.can.be.seen.a
4e860	73 20 73 75 62 69 6e 74 65 72 66 61 63 65 73 20 74 6f 20 72 65 67 75 6c 61 72 20 65 74 68 65 72	s.subinterfaces.to.regular.ether
4e880	6e 65 74 20 69 6e 74 65 72 66 61 63 65 73 2e 20 45 61 63 68 20 61 6e 64 20 65 76 65 72 79 20 73	net.interfaces..Each.and.every.s
4e8a0	75 62 69 6e 74 65 72 66 61 63 65 20 69 73 20 63 72 65 61 74 65 64 20 61 20 64 69 66 66 65 72 65	ubinterface.is.created.a.differe
4e8c0	6e 74 20 6d 65 64 69 61 20 61 63 63 65 73 73 20 63 6f 6e 74 72 6f 6c 20 28 4d 41 43 29 20 61 64	nt.media.access.control.(MAC).ad
4e8e0	64 72 65 73 73 2c 20 66 6f 72 20 61 20 73 69 6e 67 6c 65 20 70 68 79 73 69 63 61 6c 20 45 74 68	dress,.for.a.single.physical.Eth
4e900	65 72 6e 65 74 20 70 6f 72 74 2e 20 50 73 65 75 64 6f 2d 20 45 74 68 65 72 6e 65 74 20 69 6e 74	ernet.port..Pseudo-.Ethernet.int
4e920	65 72 66 61 63 65 73 20 68 61 76 65 20 6d 6f 73 74 20 6f 66 20 74 68 65 69 72 20 61 70 70 6c 69	erfaces.have.most.of.their.appli
4e940	63 61 74 69 6f 6e 20 69 6e 20 76 69 72 74 75 61 6c 69 7a 65 64 20 65 6e 76 69 72 6f 6e 6d 65 6e	cation.in.virtualized.environmen
4e960	74 73 2c 00 50 75 62 6c 69 73 68 20 61 20 70 6f 72 74 20 66 6f 72 20 74 68 65 20 63 6f 6e 74 61	ts,.Publish.a.port.for.the.conta
4e980	69 6e 65 72 2e 00 50 75 6c 6c 20 61 20 6e 65 77 20 69 6d 61 67 65 20 66 6f 72 20 63 6f 6e 74 61	iner..Pull.a.new.image.for.conta
4e9a0	69 6e 65 72 00 51 69 6e 51 20 28 38 30 32 2e 31 61 64 29 00 51 6f 53 00 51 75 65 75 65 20 73 69	iner.QinQ.(802.1ad).QoS.Queue.si
4e9c0	7a 65 20 66 6f 72 20 6c 69 73 74 65 6e 69 6e 67 20 74 6f 20 6c 6f 63 61 6c 20 63 6f 6e 6e 74 72	ze.for.listening.to.local.conntr
4e9e0	61 63 6b 20 65 76 65 6e 74 73 20 69 6e 20 4d 42 2e 00 51 75 65 75 65 20 73 69 7a 65 20 66 6f 72	ack.events.in.MB..Queue.size.for
4ea00	20 73 79 6e 63 69 6e 67 20 63 6f 6e 6e 74 72 61 63 6b 20 65 6e 74 72 69 65 73 20 69 6e 20 4d 42	.syncing.conntrack.entries.in.MB
4ea20	2e 00 51 75 6f 74 65 73 20 63 61 6e 20 62 65 20 75 73 65 64 20 69 6e 73 69 64 65 20 70 61 72 61	..Quotes.can.be.used.inside.para
4ea40	6d 65 74 65 72 20 76 61 6c 75 65 73 20 62 79 20 72 65 70 6c 61 63 69 6e 67 20 61 6c 6c 20 71 75	meter.values.by.replacing.all.qu
4ea60	6f 74 65 20 63 68 61 72 61 63 74 65 72 73 20 77 69 74 68 20 74 68 65 20 73 74 72 69 6e 67 20 60	ote.characters.with.the.string.`
4ea80	60 26 71 75 6f 74 3b 60 60 2e 20 54 68 65 79 20 77 69 6c 6c 20 62 65 20 72 65 70 6c 61 63 65 64	`&quot;``..They.will.be.replaced
4eaa0	20 77 69 74 68 20 6c 69 74 65 72 61 6c 20 71 75 6f 74 65 20 63 68 61 72 61 63 74 65 72 73 20 77	.with.literal.quote.characters.w
4eac0	68 65 6e 20 67 65 6e 65 72 61 74 69 6e 67 20 64 68 63 70 64 2e 63 6f 6e 66 2e 00 52 31 20 68 61	hen.generating.dhcpd.conf..R1.ha
4eae0	73 20 31 39 32 2e 30 2e 32 2e 31 2f 32 34 20 26 20 32 30 30 31 3a 64 62 38 3a 3a 31 2f 36 34 00	s.192.0.2.1/24.&.2001:db8::1/64.
4eb00	52 31 20 69 73 20 6d 61 6e 61 67 65 64 20 74 68 72 6f 75 67 68 20 61 6e 20 6f 75 74 2d 6f 66 2d	R1.is.managed.through.an.out-of-
4eb20	62 61 6e 64 20 6e 65 74 77 6f 72 6b 20 74 68 61 74 20 72 65 73 69 64 65 73 20 69 6e 20 56 52 46	band.network.that.resides.in.VRF
4eb40	20 60 60 6d 67 6d 74 60 60 00 52 31 3a 00 52 32 20 68 61 73 20 31 39 32 2e 30 2e 32 2e 32 2f 32	.``mgmt``.R1:.R2.has.192.0.2.2/2
4eb60	34 20 26 20 32 30 30 31 3a 64 62 38 3a 3a 32 2f 36 34 00 52 32 3a 00 52 41 44 49 55 53 00 52 41	4.&.2001:db8::2/64.R2:.RADIUS.RA
4eb80	44 49 55 53 20 53 65 74 75 70 00 52 41 44 49 55 53 20 61 64 76 61 6e 63 65 64 20 66 65 61 74 75	DIUS.Setup.RADIUS.advanced.featu
4eba0	72 65 73 00 52 41 44 49 55 53 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 00 52 41 44 49 55 53	res.RADIUS.authentication.RADIUS
4ebc0	20 62 61 6e 64 77 69 64 74 68 20 73 68 61 70 69 6e 67 20 61 74 74 72 69 62 75 74 65 00 52 41 44	.bandwidth.shaping.attribute.RAD
4ebe0	49 55 53 20 70 72 6f 76 69 64 65 73 20 74 68 65 20 49 50 20 61 64 64 72 65 73 73 65 73 20 69 6e	IUS.provides.the.IP.addresses.in
4ec00	20 74 68 65 20 65 78 61 6d 70 6c 65 20 61 62 6f 76 65 20 76 69 61 20 46 72 61 6d 65 64 2d 49 50	.the.example.above.via.Framed-IP
4ec20	2d 41 64 64 72 65 73 73 2e 00 52 41 44 49 55 53 20 73 65 72 76 65 72 20 61 74 20 60 60 31 39 32	-Address..RADIUS.server.at.``192
4ec40	2e 31 36 38 2e 33 2e 31 30 60 60 20 77 69 74 68 20 73 68 61 72 65 64 2d 73 65 63 72 65 74 20 60	.168.3.10``.with.shared-secret.`
4ec60	60 56 79 4f 53 50 61 73 73 77 6f 72 64 60 60 00 52 41 44 49 55 53 20 73 65 72 76 65 72 73 20 63	`VyOSPassword``.RADIUS.servers.c
4ec80	6f 75 6c 64 20 62 65 20 68 61 72 64 65 6e 65 64 20 62 79 20 6f 6e 6c 79 20 61 6c 6c 6f 77 69 6e	ould.be.hardened.by.only.allowin
4eca0	67 20 63 65 72 74 61 69 6e 20 49 50 20 61 64 64 72 65 73 73 65 73 20 74 6f 20 63 6f 6e 6e 65 63	g.certain.IP.addresses.to.connec
4ecc0	74 2e 20 41 73 20 6f 66 20 74 68 69 73 20 74 68 65 20 73 6f 75 72 63 65 20 61 64 64 72 65 73 73	t..As.of.this.the.source.address
4ece0	20 6f 66 20 65 61 63 68 20 52 41 44 49 55 53 20 71 75 65 72 79 20 63 61 6e 20 62 65 20 63 6f 6e	.of.each.RADIUS.query.can.be.con
4ed00	66 69 67 75 72 65 64 2e 00 52 41 44 49 55 53 20 73 6f 75 72 63 65 20 61 64 64 72 65 73 73 00 52	figured..RADIUS.source.address.R
4ed20	46 43 20 33 37 36 38 20 64 65 66 69 6e 65 73 20 61 20 76 69 72 74 75 61 6c 20 4d 41 43 20 61 64	FC.3768.defines.a.virtual.MAC.ad
4ed40	64 72 65 73 73 20 74 6f 20 65 61 63 68 20 56 52 52 50 20 76 69 72 74 75 61 6c 20 72 6f 75 74 65	dress.to.each.VRRP.virtual.route
4ed60	72 2e 20 54 68 69 73 20 76 69 72 74 75 61 6c 20 72 6f 75 74 65 72 20 4d 41 43 20 61 64 64 72 65	r..This.virtual.router.MAC.addre
4ed80	73 73 20 77 69 6c 6c 20 62 65 20 75 73 65 64 20 61 73 20 74 68 65 20 73 6f 75 72 63 65 20 69 6e	ss.will.be.used.as.the.source.in
4eda0	20 61 6c 6c 20 70 65 72 69 6f 64 69 63 20 56 52 52 50 20 6d 65 73 73 61 67 65 73 20 73 65 6e 74	.all.periodic.VRRP.messages.sent
4edc0	20 62 79 20 74 68 65 20 61 63 74 69 76 65 20 6e 6f 64 65 2e 20 57 68 65 6e 20 74 68 65 20 72 66	.by.the.active.node..When.the.rf
4ede0	63 33 37 36 38 2d 63 6f 6d 70 61 74 69 62 69 6c 69 74 79 20 6f 70 74 69 6f 6e 20 69 73 20 73 65	c3768-compatibility.option.is.se
4ee00	74 2c 20 61 20 6e 65 77 20 56 52 52 50 20 69 6e 74 65 72 66 61 63 65 20 69 73 20 63 72 65 61 74	t,.a.new.VRRP.interface.is.creat
4ee20	65 64 2c 20 74 6f 20 77 68 69 63 68 20 74 68 65 20 4d 41 43 20 61 64 64 72 65 73 73 20 61 6e 64	ed,.to.which.the.MAC.address.and
4ee40	20 74 68 65 20 76 69 72 74 75 61 6c 20 49 50 20 61 64 64 72 65 73 73 20 69 73 20 61 75 74 6f 6d	.the.virtual.IP.address.is.autom
4ee60	61 74 69 63 61 6c 6c 79 20 61 73 73 69 67 6e 65 64 2e 00 52 46 43 20 38 36 38 20 74 69 6d 65 20	atically.assigned..RFC.868.time.
4ee80	73 65 72 76 65 72 20 49 50 76 34 20 61 64 64 72 65 73 73 00 52 49 50 00 52 49 50 76 31 20 61 73	server.IPv4.address.RIP.RIPv1.as
4eea0	20 64 65 73 63 72 69 62 65 64 20 69 6e 20 3a 72 66 63 3a 60 31 30 35 38 60 00 52 49 50 76 32 20	.described.in.:rfc:`1058`.RIPv2.
4eec0	61 73 20 64 65 73 63 72 69 62 65 64 20 69 6e 20 3a 72 66 63 3a 60 32 34 35 33 60 00 52 50 4b 49	as.described.in.:rfc:`2453`.RPKI
4eee0	00 52 53 2d 53 65 72 76 65 72 20 2d 20 52 53 2d 43 6c 69 65 6e 74 00 52 53 41 20 63 61 6e 20 62	.RS-Server.-.RS-Client.RSA.can.b
4ef00	65 20 75 73 65 64 20 66 6f 72 20 73 65 72 76 69 63 65 73 20 73 75 63 68 20 61 73 20 6b 65 79 20	e.used.for.services.such.as.key.
4ef20	65 78 63 68 61 6e 67 65 73 20 61 6e 64 20 66 6f 72 20 65 6e 63 72 79 70 74 69 6f 6e 20 70 75 72	exchanges.and.for.encryption.pur
4ef40	70 6f 73 65 73 2e 20 54 6f 20 6d 61 6b 65 20 49 50 53 65 63 20 77 6f 72 6b 20 77 69 74 68 20 64	poses..To.make.IPSec.work.with.d
4ef60	79 6e 61 6d 69 63 20 61 64 64 72 65 73 73 20 6f 6e 20 6f 6e 65 2f 62 6f 74 68 20 73 69 64 65 73	ynamic.address.on.one/both.sides
4ef80	2c 20 77 65 20 77 69 6c 6c 20 68 61 76 65 20 74 6f 20 75 73 65 20 52 53 41 20 6b 65 79 73 20 66	,.we.will.have.to.use.RSA.keys.f
4efa0	6f 72 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 2e 20 54 68 65 79 20 61 72 65 20 76 65 72 79	or.authentication..They.are.very
4efc0	20 66 61 73 74 20 61 6e 64 20 65 61 73 79 20 74 6f 20 73 65 74 75 70 2e 00 52 53 41 2d 4b 65 79	.fast.and.easy.to.setup..RSA-Key
4efe0	73 00 52 61 6e 64 6f 6d 2d 44 65 74 65 63 74 00 52 61 6e 64 6f 6d 2d 44 65 74 65 63 74 20 63 6f	s.Random-Detect.Random-Detect.co
4f000	75 6c 64 20 62 65 20 75 73 65 66 75 6c 20 66 6f 72 20 68 65 61 76 79 20 74 72 61 66 66 69 63 2e	uld.be.useful.for.heavy.traffic.
4f020	20 4f 6e 65 20 75 73 65 20 6f 66 20 74 68 69 73 20 61 6c 67 6f 72 69 74 68 6d 20 6d 69 67 68 74	.One.use.of.this.algorithm.might
4f040	20 62 65 20 74 6f 20 70 72 65 76 65 6e 74 20 61 20 62 61 63 6b 62 6f 6e 65 20 6f 76 65 72 6c 6f	.be.to.prevent.a.backbone.overlo
4f060	61 64 2e 20 42 75 74 20 6f 6e 6c 79 20 66 6f 72 20 54 43 50 20 28 62 65 63 61 75 73 65 20 64 72	ad..But.only.for.TCP.(because.dr
4f080	6f 70 70 65 64 20 70 61 63 6b 65 74 73 20 63 6f 75 6c 64 20 62 65 20 72 65 74 72 61 6e 73 6d 69	opped.packets.could.be.retransmi
4f0a0	74 74 65 64 29 2c 20 6e 6f 74 20 66 6f 72 20 55 44 50 2e 00 52 61 6e 67 65 20 69 73 20 31 20 74	tted),.not.for.UDP..Range.is.1.t
4f0c0	6f 20 32 35 35 2c 20 64 65 66 61 75 6c 74 20 69 73 20 31 2e 00 52 61 6e 67 65 20 69 73 20 31 20	o.255,.default.is.1..Range.is.1.
4f0e0	74 6f 20 33 30 30 2c 20 64 65 66 61 75 6c 74 20 69 73 20 31 30 2e 00 52 61 74 65 20 43 6f 6e 74	to.300,.default.is.10..Rate.Cont
4f100	72 6f 6c 00 52 61 74 65 20 6c 69 6d 69 74 00 52 61 74 65 2d 43 6f 6e 74 72 6f 6c 20 69 73 20 61	rol.Rate.limit.Rate-Control.is.a
4f120	20 43 50 55 2d 66 72 69 65 6e 64 6c 79 20 70 6f 6c 69 63 79 2e 20 59 6f 75 20 6d 69 67 68 74 20	.CPU-friendly.policy..You.might.
4f140	63 6f 6e 73 69 64 65 72 20 75 73 69 6e 67 20 69 74 20 77 68 65 6e 20 79 6f 75 20 6a 75 73 74 20	consider.using.it.when.you.just.
4f160	73 69 6d 70 6c 79 20 77 61 6e 74 20 74 6f 20 73 6c 6f 77 20 74 72 61 66 66 69 63 20 64 6f 77 6e	simply.want.to.slow.traffic.down
4f180	2e 00 52 61 74 65 2d 43 6f 6e 74 72 6f 6c 20 69 73 20 61 20 63 6c 61 73 73 6c 65 73 73 20 70 6f	..Rate-Control.is.a.classless.po
4f1a0	6c 69 63 79 20 74 68 61 74 20 6c 69 6d 69 74 73 20 74 68 65 20 70 61 63 6b 65 74 20 66 6c 6f 77	licy.that.limits.the.packet.flow
4f1c0	20 74 6f 20 61 20 73 65 74 20 72 61 74 65 2e 20 49 74 20 69 73 20 61 20 70 75 72 65 20 73 68 61	.to.a.set.rate..It.is.a.pure.sha
4f1e0	70 65 72 2c 20 69 74 20 64 6f 65 73 20 6e 6f 74 20 73 63 68 65 64 75 6c 65 20 74 72 61 66 66 69	per,.it.does.not.schedule.traffi
4f200	63 2e 20 54 72 61 66 66 69 63 20 69 73 20 66 69 6c 74 65 72 65 64 20 62 61 73 65 64 20 6f 6e 20	c..Traffic.is.filtered.based.on.
4f220	74 68 65 20 65 78 70 65 6e 64 69 74 75 72 65 20 6f 66 20 74 6f 6b 65 6e 73 2e 20 54 6f 6b 65 6e	the.expenditure.of.tokens..Token
4f240	73 20 72 6f 75 67 68 6c 79 20 63 6f 72 72 65 73 70 6f 6e 64 20 74 6f 20 62 79 74 65 73 2e 00 52	s.roughly.correspond.to.bytes..R
4f260	61 77 20 50 61 72 61 6d 65 74 65 72 73 00 52 61 77 20 70 61 72 61 6d 65 74 65 72 73 20 63 61 6e	aw.Parameters.Raw.parameters.can
4f280	20 62 65 20 70 61 73 73 65 64 20 74 6f 20 73 68 61 72 65 64 2d 6e 65 74 77 6f 72 6b 2d 6e 61 6d	.be.passed.to.shared-network-nam
4f2a0	65 2c 20 73 75 62 6e 65 74 20 61 6e 64 20 73 74 61 74 69 63 2d 6d 61 70 70 69 6e 67 3a 00 52 65	e,.subnet.and.static-mapping:.Re
4f2c0	2d 67 65 6e 65 72 61 74 65 64 20 61 20 6b 6e 6f 77 6e 20 70 75 62 2f 70 72 69 76 61 74 65 20 6b	-generated.a.known.pub/private.k
4f2e0	65 79 66 69 6c 65 20 77 68 69 63 68 20 63 61 6e 20 62 65 20 75 73 65 64 20 74 6f 20 63 6f 6e 6e	eyfile.which.can.be.used.to.conn
4f300	65 63 74 20 74 6f 20 6f 74 68 65 72 20 73 65 72 76 69 63 65 73 20 28 65 2e 67 2e 20 52 50 4b 49	ect.to.other.services.(e.g..RPKI
4f320	20 63 61 63 68 65 29 2e 00 52 65 2d 67 65 6e 65 72 61 74 65 64 20 74 68 65 20 70 75 62 6c 69 63	.cache)..Re-generated.the.public
4f340	2f 70 72 69 76 61 74 65 20 6b 65 79 70 6f 72 74 69 6f 6e 20 77 68 69 63 68 20 53 53 48 20 75 73	/private.keyportion.which.SSH.us
4f360	65 73 20 74 6f 20 73 65 63 75 72 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 2e 00 52 65 61 63 68 61	es.to.secure.connections..Reacha
4f380	62 6c 65 20 54 69 6d 65 00 52 65 61 6c 20 73 65 72 76 65 72 00 52 65 61 6c 20 73 65 72 76 65 72	ble.Time.Real.server.Real.server
4f3a0	20 49 50 20 61 64 64 72 65 73 73 20 61 6e 64 20 70 6f 72 74 00 52 65 61 6c 20 73 65 72 76 65 72	.IP.address.and.port.Real.server
4f3c0	20 69 73 20 61 75 74 6f 2d 65 78 63 6c 75 64 65 64 20 69 66 20 70 6f 72 74 20 63 68 65 63 6b 20	.is.auto-excluded.if.port.check.
4f3e0	77 69 74 68 20 74 68 69 73 20 73 65 72 76 65 72 20 66 61 69 6c 2e 00 52 65 63 65 69 76 65 20 74	with.this.server.fail..Receive.t
4f400	72 61 66 66 69 63 20 66 72 6f 6d 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 63 72 65 61 74 65 64 20	raffic.from.connections.created.
4f420	62 79 20 74 68 65 20 73 65 72 76 65 72 20 69 73 20 61 6c 73 6f 20 62 61 6c 61 6e 63 65 64 2e 20	by.the.server.is.also.balanced..
4f440	57 68 65 6e 20 74 68 65 20 6c 6f 63 61 6c 20 73 79 73 74 65 6d 20 73 65 6e 64 73 20 61 6e 20 41	When.the.local.system.sends.an.A
4f460	52 50 20 52 65 71 75 65 73 74 20 74 68 65 20 62 6f 6e 64 69 6e 67 20 64 72 69 76 65 72 20 63 6f	RP.Request.the.bonding.driver.co
4f480	70 69 65 73 20 61 6e 64 20 73 61 76 65 73 20 74 68 65 20 70 65 65 72 27 73 20 49 50 20 69 6e 66	pies.and.saves.the.peer's.IP.inf
4f4a0	6f 72 6d 61 74 69 6f 6e 20 66 72 6f 6d 20 74 68 65 20 41 52 50 20 70 61 63 6b 65 74 2e 20 57 68	ormation.from.the.ARP.packet..Wh
4f4c0	65 6e 20 74 68 65 20 41 52 50 20 52 65 70 6c 79 20 61 72 72 69 76 65 73 20 66 72 6f 6d 20 74 68	en.the.ARP.Reply.arrives.from.th
4f4e0	65 20 70 65 65 72 2c 20 69 74 73 20 68 61 72 64 77 61 72 65 20 61 64 64 72 65 73 73 20 69 73 20	e.peer,.its.hardware.address.is.
4f500	72 65 74 72 69 65 76 65 64 20 61 6e 64 20 74 68 65 20 62 6f 6e 64 69 6e 67 20 64 72 69 76 65 72	retrieved.and.the.bonding.driver
4f520	20 69 6e 69 74 69 61 74 65 73 20 61 6e 20 41 52 50 20 72 65 70 6c 79 20 74 6f 20 74 68 69 73 20	.initiates.an.ARP.reply.to.this.
4f540	70 65 65 72 20 61 73 73 69 67 6e 69 6e 67 20 69 74 20 74 6f 20 6f 6e 65 20 6f 66 20 74 68 65 20	peer.assigning.it.to.one.of.the.
4f560	73 6c 61 76 65 73 20 69 6e 20 74 68 65 20 62 6f 6e 64 2e 20 41 20 70 72 6f 62 6c 65 6d 61 74 69	slaves.in.the.bond..A.problemati
4f580	63 20 6f 75 74 63 6f 6d 65 20 6f 66 20 75 73 69 6e 67 20 41 52 50 20 6e 65 67 6f 74 69 61 74 69	c.outcome.of.using.ARP.negotiati
4f5a0	6f 6e 20 66 6f 72 20 62 61 6c 61 6e 63 69 6e 67 20 69 73 20 74 68 61 74 20 65 61 63 68 20 74 69	on.for.balancing.is.that.each.ti
4f5c0	6d 65 20 74 68 61 74 20 61 6e 20 41 52 50 20 72 65 71 75 65 73 74 20 69 73 20 62 72 6f 61 64 63	me.that.an.ARP.request.is.broadc
4f5e0	61 73 74 20 69 74 20 75 73 65 73 20 74 68 65 20 68 61 72 64 77 61 72 65 20 61 64 64 72 65 73 73	ast.it.uses.the.hardware.address
4f600	20 6f 66 20 74 68 65 20 62 6f 6e 64 2e 20 48 65 6e 63 65 2c 20 70 65 65 72 73 20 6c 65 61 72 6e	.of.the.bond..Hence,.peers.learn
4f620	20 74 68 65 20 68 61 72 64 77 61 72 65 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 62 6f 6e	.the.hardware.address.of.the.bon
4f640	64 20 61 6e 64 20 74 68 65 20 62 61 6c 61 6e 63 69 6e 67 20 6f 66 20 72 65 63 65 69 76 65 20 74	d.and.the.balancing.of.receive.t
4f660	72 61 66 66 69 63 20 63 6f 6c 6c 61 70 73 65 73 20 74 6f 20 74 68 65 20 63 75 72 72 65 6e 74 20	raffic.collapses.to.the.current.
4f680	73 6c 61 76 65 2e 20 54 68 69 73 20 69 73 20 68 61 6e 64 6c 65 64 20 62 79 20 73 65 6e 64 69 6e	slave..This.is.handled.by.sendin
4f6a0	67 20 75 70 64 61 74 65 73 20 28 41 52 50 20 52 65 70 6c 69 65 73 29 20 74 6f 20 61 6c 6c 20 74	g.updates.(ARP.Replies).to.all.t
4f6c0	68 65 20 70 65 65 72 73 20 77 69 74 68 20 74 68 65 69 72 20 69 6e 64 69 76 69 64 75 61 6c 6c 79	he.peers.with.their.individually
4f6e0	20 61 73 73 69 67 6e 65 64 20 68 61 72 64 77 61 72 65 20 61 64 64 72 65 73 73 20 73 75 63 68 20	.assigned.hardware.address.such.
4f700	74 68 61 74 20 74 68 65 20 74 72 61 66 66 69 63 20 69 73 20 72 65 64 69 73 74 72 69 62 75 74 65	that.the.traffic.is.redistribute
4f720	64 2e 20 52 65 63 65 69 76 65 20 74 72 61 66 66 69 63 20 69 73 20 61 6c 73 6f 20 72 65 64 69 73	d..Receive.traffic.is.also.redis
4f740	74 72 69 62 75 74 65 64 20 77 68 65 6e 20 61 20 6e 65 77 20 73 6c 61 76 65 20 69 73 20 61 64 64	tributed.when.a.new.slave.is.add
4f760	65 64 20 74 6f 20 74 68 65 20 62 6f 6e 64 20 61 6e 64 20 77 68 65 6e 20 61 6e 20 69 6e 61 63 74	ed.to.the.bond.and.when.an.inact
4f780	69 76 65 20 73 6c 61 76 65 20 69 73 20 72 65 2d 61 63 74 69 76 61 74 65 64 2e 20 54 68 65 20 72	ive.slave.is.re-activated..The.r
4f7a0	65 63 65 69 76 65 20 6c 6f 61 64 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 73 65 71 75 65	eceive.load.is.distributed.seque
4f7c0	6e 74 69 61 6c 6c 79 20 28 72 6f 75 6e 64 20 72 6f 62 69 6e 29 20 61 6d 6f 6e 67 20 74 68 65 20	ntially.(round.robin).among.the.
4f7e0	67 72 6f 75 70 20 6f 66 20 68 69 67 68 65 73 74 20 73 70 65 65 64 20 73 6c 61 76 65 73 20 69 6e	group.of.highest.speed.slaves.in
4f800	20 74 68 65 20 62 6f 6e 64 2e 00 52 65 63 65 69 76 65 64 20 52 41 44 49 55 53 20 61 74 74 72 69	.the.bond..Received.RADIUS.attri
4f820	62 75 74 65 73 20 68 61 76 65 20 61 20 68 69 67 68 65 72 20 70 72 69 6f 72 69 74 79 20 74 68 61	butes.have.a.higher.priority.tha
4f840	6e 20 70 61 72 61 6d 65 74 65 72 73 20 64 65 66 69 6e 65 64 20 77 69 74 68 69 6e 20 74 68 65 20	n.parameters.defined.within.the.
4f860	43 4c 49 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2c 20 72 65 66 65 72 20 74 6f 20 74 68 65 20	CLI.configuration,.refer.to.the.
4f880	65 78 70 6c 61 6e 61 74 69 6f 6e 20 62 65 6c 6f 77 2e 00 52 65 63 6f 6d 6d 65 6e 64 65 64 20 66	explanation.below..Recommended.f
4f8a0	6f 72 20 6c 61 72 67 65 72 20 69 6e 73 74 61 6c 6c 61 74 69 6f 6e 73 2e 00 52 65 64 69 72 65 63	or.larger.installations..Redirec
4f8c0	74 20 48 54 54 50 20 74 6f 20 48 54 54 50 53 00 52 65 64 69 72 65 63 74 20 4d 69 63 72 6f 73 6f	t.HTTP.to.HTTPS.Redirect.Microso
4f8e0	66 74 20 52 44 50 20 74 72 61 66 66 69 63 20 66 72 6f 6d 20 74 68 65 20 69 6e 74 65 72 6e 61 6c	ft.RDP.traffic.from.the.internal
4f900	20 28 4c 41 4e 2c 20 70 72 69 76 61 74 65 29 20 6e 65 74 77 6f 72 6b 20 76 69 61 20 3a 72 65 66	.(LAN,.private).network.via.:ref
4f920	3a 60 64 65 73 74 69 6e 61 74 69 6f 6e 2d 6e 61 74 60 20 69 6e 20 72 75 6c 65 20 31 31 30 20 74	:`destination-nat`.in.rule.110.t
4f940	6f 20 74 68 65 20 69 6e 74 65 72 6e 61 6c 2c 20 70 72 69 76 61 74 65 20 68 6f 73 74 20 31 39 32	o.the.internal,.private.host.192
4f960	2e 30 2e 32 2e 34 30 2e 20 57 65 20 61 6c 73 6f 20 6e 65 65 64 20 61 20 3a 72 65 66 3a 60 73 6f	.0.2.40..We.also.need.a.:ref:`so
4f980	75 72 63 65 2d 6e 61 74 60 20 72 75 6c 65 20 31 31 30 20 66 6f 72 20 74 68 65 20 72 65 76 65 72	urce-nat`.rule.110.for.the.rever
4f9a0	73 65 20 70 61 74 68 20 6f 66 20 74 68 65 20 74 72 61 66 66 69 63 2e 20 54 68 65 20 69 6e 74 65	se.path.of.the.traffic..The.inte
4f9c0	72 6e 61 6c 20 6e 65 74 77 6f 72 6b 20 31 39 32 2e 30 2e 32 2e 30 2f 32 34 20 69 73 20 72 65 61	rnal.network.192.0.2.0/24.is.rea
4f9e0	63 68 61 62 6c 65 20 76 69 61 20 69 6e 74 65 72 66 61 63 65 20 60 65 74 68 30 2e 31 30 60 2e 00	chable.via.interface.`eth0.10`..
4fa00	52 65 64 69 72 65 63 74 20 4d 69 63 72 6f 73 6f 66 74 20 52 44 50 20 74 72 61 66 66 69 63 20 66	Redirect.Microsoft.RDP.traffic.f
4fa20	72 6f 6d 20 74 68 65 20 6f 75 74 73 69 64 65 20 28 57 41 4e 2c 20 65 78 74 65 72 6e 61 6c 29 20	rom.the.outside.(WAN,.external).
4fa40	77 6f 72 6c 64 20 76 69 61 20 3a 72 65 66 3a 60 64 65 73 74 69 6e 61 74 69 6f 6e 2d 6e 61 74 60	world.via.:ref:`destination-nat`
4fa60	20 69 6e 20 72 75 6c 65 20 31 30 30 20 74 6f 20 74 68 65 20 69 6e 74 65 72 6e 61 6c 2c 20 70 72	.in.rule.100.to.the.internal,.pr
4fa80	69 76 61 74 65 20 68 6f 73 74 20 31 39 32 2e 30 2e 32 2e 34 30 2e 00 52 65 64 69 72 65 63 74 20	ivate.host.192.0.2.40..Redirect.
4faa0	55 52 4c 20 74 6f 20 61 20 6e 65 77 20 6c 6f 63 61 74 69 6f 6e 00 52 65 64 69 73 74 72 69 62 75	URL.to.a.new.location.Redistribu
4fac0	74 69 6f 6e 20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 00 52 65 64 75 6e 64 61 6e 63 79 20 61 6e	tion.Configuration.Redundancy.an
4fae0	64 20 6c 6f 61 64 20 73 68 61 72 69 6e 67 2e 20 54 68 65 72 65 20 61 72 65 20 6d 75 6c 74 69 70	d.load.sharing..There.are.multip
4fb00	6c 65 20 4e 41 54 36 36 20 64 65 76 69 63 65 73 20 61 74 20 74 68 65 20 65 64 67 65 20 6f 66 20	le.NAT66.devices.at.the.edge.of.
4fb20	61 6e 20 49 50 76 36 20 6e 65 74 77 6f 72 6b 20 74 6f 20 61 6e 6f 74 68 65 72 20 49 50 76 36 20	an.IPv6.network.to.another.IPv6.
4fb40	6e 65 74 77 6f 72 6b 2e 20 54 68 65 20 70 61 74 68 20 74 68 72 6f 75 67 68 20 74 68 65 20 4e 41	network..The.path.through.the.NA
4fb60	54 36 36 20 64 65 76 69 63 65 20 74 6f 20 61 6e 6f 74 68 65 72 20 49 50 76 36 20 6e 65 74 77 6f	T66.device.to.another.IPv6.netwo
4fb80	72 6b 20 66 6f 72 6d 73 20 61 6e 20 65 71 75 69 76 61 6c 65 6e 74 20 72 6f 75 74 65 2c 20 61 6e	rk.forms.an.equivalent.route,.an
4fba0	64 20 74 72 61 66 66 69 63 20 63 61 6e 20 62 65 20 6c 6f 61 64 2d 73 68 61 72 65 64 20 6f 6e 20	d.traffic.can.be.load-shared.on.
4fbc0	74 68 65 73 65 20 4e 41 54 36 36 20 64 65 76 69 63 65 73 2e 20 49 6e 20 74 68 69 73 20 63 61 73	these.NAT66.devices..In.this.cas
4fbe0	65 2c 20 79 6f 75 20 63 61 6e 20 63 6f 6e 66 69 67 75 72 65 20 74 68 65 20 73 61 6d 65 20 73 6f	e,.you.can.configure.the.same.so
4fc00	75 72 63 65 20 61 64 64 72 65 73 73 20 74 72 61 6e 73 6c 61 74 69 6f 6e 20 72 75 6c 65 73 20 6f	urce.address.translation.rules.o
4fc20	6e 20 74 68 65 73 65 20 4e 41 54 36 36 20 64 65 76 69 63 65 73 2c 20 73 6f 20 74 68 61 74 20 61	n.these.NAT66.devices,.so.that.a
4fc40	6e 79 20 4e 41 54 36 36 20 64 65 76 69 63 65 20 63 61 6e 20 68 61 6e 64 6c 65 20 49 50 76 36 20	ny.NAT66.device.can.handle.IPv6.
4fc60	74 72 61 66 66 69 63 20 62 65 74 77 65 65 6e 20 64 69 66 66 65 72 65 6e 74 20 73 69 74 65 73 2e	traffic.between.different.sites.
4fc80	00 52 65 67 69 73 74 65 72 20 44 4e 53 20 72 65 63 6f 72 64 20 60 60 65 78 61 6d 70 6c 65 2e 76	.Register.DNS.record.``example.v
4fca0	79 6f 73 2e 69 6f 60 60 20 6f 6e 20 44 4e 53 20 73 65 72 76 65 72 20 60 60 6e 73 31 2e 76 79 6f	yos.io``.on.DNS.server.``ns1.vyo
4fcc0	73 2e 69 6f 60 60 00 52 65 67 75 6c 61 72 20 56 4c 41 4e 73 20 28 38 30 32 2e 31 71 29 00 52 65	s.io``.Regular.VLANs.(802.1q).Re
4fce0	67 75 6c 61 72 20 65 78 70 72 65 73 73 69 6f 6e 20 74 6f 20 6d 61 74 63 68 20 61 67 61 69 6e 73	gular.expression.to.match.agains
4fd00	74 20 61 20 63 6f 6d 6d 75 6e 69 74 79 2d 6c 69 73 74 2e 00 52 65 67 75 6c 61 72 20 65 78 70 72	t.a.community-list..Regular.expr
4fd20	65 73 73 69 6f 6e 20 74 6f 20 6d 61 74 63 68 20 61 67 61 69 6e 73 74 20 61 20 6c 61 72 67 65 20	ession.to.match.against.a.large.
4fd40	63 6f 6d 6d 75 6e 69 74 79 20 6c 69 73 74 2e 00 52 65 67 75 6c 61 72 20 65 78 70 72 65 73 73 69	community.list..Regular.expressi
4fd60	6f 6e 20 74 6f 20 6d 61 74 63 68 20 61 67 61 69 6e 73 74 20 61 6e 20 41 53 20 70 61 74 68 2e 20	on.to.match.against.an.AS.path..
4fd80	46 6f 72 20 65 78 61 6d 70 6c 65 20 22 36 34 35 30 31 20 36 34 35 30 32 22 2e 00 52 65 67 75 6c	For.example."64501.64502"..Regul
4fda0	61 72 20 65 78 70 72 65 73 73 69 6f 6e 20 74 6f 20 6d 61 74 63 68 20 61 67 61 69 6e 73 74 20 61	ar.expression.to.match.against.a
4fdc0	6e 20 65 78 74 65 6e 64 65 64 20 63 6f 6d 6d 75 6e 69 74 79 20 6c 69 73 74 2c 20 77 68 65 72 65	n.extended.community.list,.where
4fde0	20 74 65 78 74 20 63 6f 75 6c 64 20 62 65 3a 00 52 65 6a 65 63 74 20 44 48 43 50 20 6c 65 61 73	.text.could.be:.Reject.DHCP.leas
4fe00	65 73 20 66 72 6f 6d 20 61 20 67 69 76 65 6e 20 61 64 64 72 65 73 73 20 6f 72 20 72 61 6e 67 65	es.from.a.given.address.or.range
4fe20	2e 20 54 68 69 73 20 69 73 20 75 73 65 66 75 6c 20 77 68 65 6e 20 61 20 6d 6f 64 65 6d 20 67 69	..This.is.useful.when.a.modem.gi
4fe40	76 65 73 20 61 20 6c 6f 63 61 6c 20 49 50 20 77 68 65 6e 20 66 69 72 73 74 20 73 74 61 72 74 69	ves.a.local.IP.when.first.starti
4fe60	6e 67 2e 00 52 65 6d 65 6d 62 65 72 20 73 6f 75 72 63 65 20 49 50 20 69 6e 20 73 65 63 6f 6e 64	ng..Remember.source.IP.in.second
4fe80	73 20 62 65 66 6f 72 65 20 72 65 73 65 74 20 74 68 65 69 72 20 73 63 6f 72 65 2e 20 54 68 65 20	s.before.reset.their.score..The.
4fea0	64 65 66 61 75 6c 74 20 69 73 20 31 38 30 30 2e 00 52 65 6d 6f 74 65 20 41 63 63 65 73 73 00 52	default.is.1800..Remote.Access.R
4fec0	65 6d 6f 74 65 20 41 63 63 65 73 73 20 22 52 6f 61 64 57 61 72 72 69 6f 72 22 20 45 78 61 6d 70	emote.Access."RoadWarrior".Examp
4fee0	6c 65 00 52 65 6d 6f 74 65 20 41 63 63 65 73 73 20 22 52 6f 61 64 57 61 72 72 69 6f 72 22 20 63	le.Remote.Access."RoadWarrior".c
4ff00	6c 69 65 6e 74 73 00 52 65 6d 6f 74 65 20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 2d 20 41 6e	lients.Remote.Configuration.-.An
4ff20	6e 6f 74 61 74 65 64 3a 00 52 65 6d 6f 74 65 20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3a 00 52	notated:.Remote.Configuration:.R
4ff40	65 6d 6f 74 65 20 48 6f 73 74 00 52 65 6d 6f 74 65 20 55 52 4c 00 52 65 6d 6f 74 65 20 55 52 4c	emote.Host.Remote.URL.Remote.URL
4ff60	20 74 6f 20 53 70 6c 75 6e 6b 20 63 6f 6c 6c 65 63 74 6f 72 00 52 65 6d 6f 74 65 20 55 52 4c 2e	.to.Splunk.collector.Remote.URL.
4ff80	00 52 65 6d 6f 74 65 20 60 60 49 6e 66 6c 75 78 44 42 60 60 20 62 75 63 6b 65 74 20 6e 61 6d 65	.Remote.``InfluxDB``.bucket.name
4ffa0	00 52 65 6d 6f 74 65 20 64 61 74 61 62 61 73 65 20 6e 61 6d 65 2e 00 52 65 6d 6f 74 65 20 70 65	.Remote.database.name..Remote.pe
4ffc0	65 72 20 49 50 20 60 3c 61 64 64 72 65 73 73 3e 60 20 6f 66 20 74 68 65 20 73 65 63 6f 6e 64 20	er.IP.`<address>`.of.the.second.
4ffe0	44 48 43 50 20 73 65 72 76 65 72 20 69 6e 20 74 68 69 73 20 66 61 69 6c 6f 76 65 72 20 63 6c 75	DHCP.server.in.this.failover.clu
50000	73 74 65 72 2e 00 52 65 6d 6f 74 65 20 70 6f 72 74 00 52 65 6d 6f 74 65 20 74 72 61 6e 73 6d 69	ster..Remote.port.Remote.transmi
50020	73 73 69 6f 6e 20 69 6e 74 65 72 76 61 6c 20 77 69 6c 6c 20 62 65 20 6d 75 6c 74 69 70 6c 69 65	ssion.interval.will.be.multiplie
50040	64 20 62 79 20 74 68 69 73 20 76 61 6c 75 65 00 52 65 6e 61 6d 69 6e 67 20 63 6c 69 65 6e 74 73	d.by.this.value.Renaming.clients
50060	20 69 6e 74 65 72 66 61 63 65 73 20 62 79 20 52 41 44 49 55 53 00 52 65 70 6c 61 79 20 70 72 6f	.interfaces.by.RADIUS.Replay.pro
50080	74 65 63 74 69 6f 6e 00 52 65 71 75 65 73 74 20 6f 6e 6c 79 20 61 20 74 65 6d 70 6f 72 61 72 79	tection.Request.only.a.temporary
500a0	20 61 64 64 72 65 73 73 20 61 6e 64 20 6e 6f 74 20 66 6f 72 6d 20 61 6e 20 49 41 5f 4e 41 20 28	.address.and.not.form.an.IA_NA.(
500c0	49 64 65 6e 74 69 74 79 20 41 73 73 6f 63 69 61 74 69 6f 6e 20 66 6f 72 20 4e 6f 6e 2d 74 65 6d	Identity.Association.for.Non-tem
500e0	70 6f 72 61 72 79 20 41 64 64 72 65 73 73 65 73 29 20 70 61 72 74 6e 65 72 73 68 69 70 2e 00 52	porary.Addresses).partnership..R
50100	65 71 75 65 73 74 73 20 61 72 65 20 66 6f 72 77 61 72 64 65 64 20 74 68 72 6f 75 67 68 20 60 60	equests.are.forwarded.through.``
50120	65 74 68 32 60 60 20 61 73 20 74 68 65 20 60 75 70 73 74 72 65 61 6d 20 69 6e 74 65 72 66 61 63	eth2``.as.the.`upstream.interfac
50140	65 60 00 52 65 71 75 69 72 65 20 74 68 65 20 70 65 65 72 20 74 6f 20 61 75 74 68 65 6e 74 69 63	e`.Require.the.peer.to.authentic
50160	61 74 65 20 69 74 73 65 6c 66 20 75 73 69 6e 67 20 6f 6e 65 20 6f 66 20 74 68 65 20 66 6f 6c 6c	ate.itself.using.one.of.the.foll
50180	6f 77 69 6e 67 20 70 72 6f 74 6f 63 6f 6c 73 3a 20 70 61 70 2c 20 63 68 61 70 2c 20 6d 73 63 68	owing.protocols:.pap,.chap,.msch
501a0	61 70 2c 20 6d 73 63 68 61 70 2d 76 32 2e 00 52 65 71 75 69 72 65 6d 65 6e 74 73 00 52 65 71 75	ap,.mschap-v2..Requirements.Requ
501c0	69 72 65 6d 65 6e 74 73 3a 00 52 65 73 65 74 00 52 65 73 65 74 20 4f 70 65 6e 56 50 4e 00 52 65	irements:.Reset.Reset.OpenVPN.Re
501e0	73 65 74 20 63 6f 6d 6d 61 6e 64 73 00 52 65 73 65 74 73 20 74 68 65 20 6c 6f 63 61 6c 20 44 4e	set.commands.Resets.the.local.DN
50200	53 20 66 6f 72 77 61 72 64 69 6e 67 20 63 61 63 68 65 20 64 61 74 61 62 61 73 65 2e 20 59 6f 75	S.forwarding.cache.database..You
50220	20 63 61 6e 20 72 65 73 65 74 20 74 68 65 20 63 61 63 68 65 20 66 6f 72 20 61 6c 6c 20 65 6e 74	.can.reset.the.cache.for.all.ent
50240	72 69 65 73 20 6f 72 20 6f 6e 6c 79 20 66 6f 72 20 65 6e 74 72 69 65 73 20 74 6f 20 61 20 73 70	ries.or.only.for.entries.to.a.sp
50260	65 63 69 66 69 63 20 64 6f 6d 61 69 6e 2e 00 52 65 73 74 61 72 74 00 52 65 73 74 61 72 74 20 44	ecific.domain..Restart.Restart.D
50280	48 43 50 20 72 65 6c 61 79 20 73 65 72 76 69 63 65 00 52 65 73 74 61 72 74 20 44 48 43 50 76 36	HCP.relay.service.Restart.DHCPv6
502a0	20 72 65 6c 61 79 20 61 67 65 6e 74 20 69 6d 6d 65 64 69 61 74 65 6c 79 2e 00 52 65 73 74 61 72	.relay.agent.immediately..Restar
502c0	74 20 61 20 67 69 76 65 6e 20 63 6f 6e 74 61 69 6e 65 72 00 52 65 73 74 61 72 74 20 74 68 65 20	t.a.given.container.Restart.the.
502e0	44 48 43 50 20 73 65 72 76 65 72 00 52 65 73 74 61 72 74 20 74 68 65 20 49 47 4d 50 20 70 72 6f	DHCP.server.Restart.the.IGMP.pro
50300	78 79 20 70 72 6f 63 65 73 73 2e 00 52 65 73 74 61 72 74 20 74 68 65 20 53 53 48 20 64 61 65 6d	xy.process..Restart.the.SSH.daem
50320	6f 6e 20 70 72 6f 63 65 73 73 2c 20 74 68 65 20 63 75 72 72 65 6e 74 20 73 65 73 73 69 6f 6e 20	on.process,.the.current.session.
50340	69 73 20 6e 6f 74 20 61 66 66 65 63 74 65 64 2c 20 6f 6e 6c 79 20 74 68 65 20 62 61 63 6b 67 72	is.not.affected,.only.the.backgr
50360	6f 75 6e 64 20 64 61 65 6d 6f 6e 20 69 73 20 72 65 73 74 61 72 74 65 64 2e 00 52 65 73 74 61 72	ound.daemon.is.restarted..Restar
50380	74 73 20 74 68 65 20 44 4e 53 20 72 65 63 75 72 73 6f 72 20 70 72 6f 63 65 73 73 2e 20 54 68 69	ts.the.DNS.recursor.process..Thi
503a0	73 20 61 6c 73 6f 20 69 6e 76 61 6c 69 64 61 74 65 73 20 74 68 65 20 6c 6f 63 61 6c 20 44 4e 53	s.also.invalidates.the.local.DNS
503c0	20 66 6f 72 77 61 72 64 69 6e 67 20 63 61 63 68 65 2e 00 52 65 73 75 6c 74 69 6e 67 20 69 6e 00	.forwarding.cache..Resulting.in.
503e0	52 65 73 75 6c 74 73 20 69 6e 3a 00 52 65 74 72 61 6e 73 6d 69 74 20 54 69 6d 65 72 00 52 65 74	Results.in:.Retransmit.Timer.Ret
50400	72 69 65 76 65 20 63 75 72 72 65 6e 74 20 73 74 61 74 69 73 74 69 63 73 20 6f 66 20 63 6f 6e 6e	rieve.current.statistics.of.conn
50420	65 63 74 69 6f 6e 20 74 72 61 63 6b 69 6e 67 20 73 75 62 73 79 73 74 65 6d 2e 00 52 65 74 72 69	ection.tracking.subsystem..Retri
50440	65 76 65 20 63 75 72 72 65 6e 74 20 73 74 61 74 75 73 20 6f 66 20 63 6f 6e 6e 65 63 74 69 6f 6e	eve.current.status.of.connection
50460	20 74 72 61 63 6b 69 6e 67 20 73 75 62 73 79 73 74 65 6d 2e 00 52 65 74 72 69 65 76 65 20 70 75	.tracking.subsystem..Retrieve.pu
50480	62 6c 69 63 20 6b 65 79 20 70 6f 72 74 69 6f 6e 20 66 72 6f 6d 20 63 6f 6e 66 69 67 75 72 65 64	blic.key.portion.from.configured
504a0	20 57 49 72 65 47 75 61 72 64 20 69 6e 74 65 72 66 61 63 65 2e 00 52 65 76 65 72 73 65 2d 70 72	.WIreGuard.interface..Reverse-pr
504c0	6f 78 79 00 52 6f 75 6e 64 20 52 6f 62 69 6e 00 52 6f 75 74 65 20 41 67 67 72 65 67 61 74 69 6f	oxy.Round.Robin.Route.Aggregatio
504e0	6e 20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 00 52 6f 75 74 65 20 44 61 6d 70 65 6e 69 6e 67 00	n.Configuration.Route.Dampening.
50500	52 6f 75 74 65 20 46 69 6c 74 65 72 69 6e 67 00 52 6f 75 74 65 20 46 69 6c 74 65 72 69 6e 67 20	Route.Filtering.Route.Filtering.
50520	43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 00 52 6f 75 74 65 20 4d 61 70 00 52 6f 75 74 65 20 4d 61	Configuration.Route.Map.Route.Ma
50540	70 20 50 6f 6c 69 63 79 00 52 6f 75 74 65 20 52 65 64 69 73 74 72 69 62 75 74 69 6f 6e 00 52 6f	p.Policy.Route.Redistribution.Ro
50560	75 74 65 20 52 65 66 6c 65 63 74 6f 72 20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 00 52 6f 75 74	ute.Reflector.Configuration.Rout
50580	65 20 53 65 6c 65 63 74 69 6f 6e 00 52 6f 75 74 65 20 53 65 6c 65 63 74 69 6f 6e 20 43 6f 6e 66	e.Selection.Route.Selection.Conf
505a0	69 67 75 72 61 74 69 6f 6e 00 52 6f 75 74 65 20 61 6e 64 20 52 6f 75 74 65 36 20 50 6f 6c 69 63	iguration.Route.and.Route6.Polic
505c0	79 00 52 6f 75 74 65 20 64 61 6d 70 65 6e 69 6e 67 20 77 69 63 68 20 64 65 73 63 72 69 62 65 64	y.Route.dampening.wich.described
505e0	20 69 6e 20 3a 72 66 63 3a 60 32 34 33 39 60 20 65 6e 61 62 6c 65 73 20 79 6f 75 20 74 6f 20 69	.in.:rfc:`2439`.enables.you.to.i
50600	64 65 6e 74 69 66 79 20 72 6f 75 74 65 73 20 74 68 61 74 20 72 65 70 65 61 74 65 64 6c 79 20 66	dentify.routes.that.repeatedly.f
50620	61 69 6c 20 61 6e 64 20 72 65 74 75 72 6e 2e 20 49 66 20 72 6f 75 74 65 20 64 61 6d 70 65 6e 69	ail.and.return..If.route.dampeni
50640	6e 67 20 69 73 20 65 6e 61 62 6c 65 64 2c 20 61 6e 20 75 6e 73 74 61 62 6c 65 20 72 6f 75 74 65	ng.is.enabled,.an.unstable.route
50660	20 61 63 63 75 6d 75 6c 61 74 65 73 20 70 65 6e 61 6c 74 69 65 73 20 65 61 63 68 20 74 69 6d 65	.accumulates.penalties.each.time
50680	20 74 68 65 20 72 6f 75 74 65 20 66 61 69 6c 73 20 61 6e 64 20 72 65 74 75 72 6e 73 2e 20 49 66	.the.route.fails.and.returns..If
506a0	20 74 68 65 20 61 63 63 75 6d 75 6c 61 74 65 64 20 70 65 6e 61 6c 74 69 65 73 20 65 78 63 65 65	.the.accumulated.penalties.excee
506c0	64 20 61 20 74 68 72 65 73 68 6f 6c 64 2c 20 74 68 65 20 72 6f 75 74 65 20 69 73 20 6e 6f 20 6c	d.a.threshold,.the.route.is.no.l
506e0	6f 6e 67 65 72 20 61 64 76 65 72 74 69 73 65 64 2e 20 54 68 69 73 20 69 73 20 72 6f 75 74 65 20	onger.advertised..This.is.route.
50700	73 75 70 70 72 65 73 73 69 6f 6e 2e 20 52 6f 75 74 65 73 20 74 68 61 74 20 68 61 76 65 20 62 65	suppression..Routes.that.have.be
50720	65 6e 20 73 75 70 70 72 65 73 73 65 64 20 61 72 65 20 72 65 2d 65 6e 74 65 72 65 64 20 69 6e 74	en.suppressed.are.re-entered.int
50740	6f 20 74 68 65 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 20 6f 6e 6c 79 20 77 68 65 6e 20 74 68	o.the.routing.table.only.when.th
50760	65 20 61 6d 6f 75 6e 74 20 6f 66 20 74 68 65 69 72 20 70 65 6e 61 6c 74 79 20 66 61 6c 6c 73 20	e.amount.of.their.penalty.falls.
50780	62 65 6c 6f 77 20 61 20 74 68 72 65 73 68 6f 6c 64 2e 00 52 6f 75 74 65 20 66 69 6c 74 65 72 20	below.a.threshold..Route.filter.
507a0	63 61 6e 20 62 65 20 61 70 70 6c 69 65 64 20 75 73 69 6e 67 20 61 20 72 6f 75 74 65 2d 6d 61 70	can.be.applied.using.a.route-map
507c0	3a 00 52 6f 75 74 65 20 6d 61 70 20 69 73 20 61 20 70 6f 77 65 72 66 75 6c 6c 20 63 6f 6d 6d 61	:.Route.map.is.a.powerfull.comma
507e0	6e 64 2c 20 74 68 61 74 20 67 69 76 65 73 20 6e 65 74 77 6f 72 6b 20 61 64 6d 69 6e 69 73 74 72	nd,.that.gives.network.administr
50800	61 74 6f 72 73 20 61 20 76 65 72 79 20 75 73 65 66 75 6c 20 61 6e 64 20 66 6c 65 78 69 62 6c 65	ators.a.very.useful.and.flexible
50820	20 74 6f 6f 6c 20 66 6f 72 20 74 72 61 66 66 69 63 20 6d 61 6e 69 70 75 6c 61 74 69 6f 6e 2e 00	.tool.for.traffic.manipulation..
50840	52 6f 75 74 65 20 6d 61 70 73 20 63 61 6e 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 74 6f 20	Route.maps.can.be.configured.to.
50860	6d 61 74 63 68 20 61 20 73 70 65 63 69 66 69 63 20 52 50 4b 49 20 76 61 6c 69 64 61 74 69 6f 6e	match.a.specific.RPKI.validation
50880	20 73 74 61 74 65 2e 20 54 68 69 73 20 61 6c 6c 6f 77 73 20 74 68 65 20 63 72 65 61 74 69 6f 6e	.state..This.allows.the.creation
508a0	20 6f 66 20 6c 6f 63 61 6c 20 70 6f 6c 69 63 69 65 73 2c 20 77 68 69 63 68 20 68 61 6e 64 6c 65	.of.local.policies,.which.handle
508c0	20 42 47 50 20 72 6f 75 74 65 73 20 62 61 73 65 64 20 6f 6e 20 74 68 65 20 6f 75 74 63 6f 6d 65	.BGP.routes.based.on.the.outcome
508e0	20 6f 66 20 74 68 65 20 50 72 65 66 69 78 20 4f 72 69 67 69 6e 20 56 61 6c 69 64 61 74 69 6f 6e	.of.the.Prefix.Origin.Validation
50900	2e 00 52 6f 75 74 65 20 6d 65 74 72 69 63 00 52 6f 75 74 65 20 74 61 67 20 74 6f 20 6d 61 74 63	..Route.metric.Route.tag.to.matc
50920	68 2e 00 52 6f 75 74 65 72 20 41 64 76 65 72 74 69 73 65 6d 65 6e 74 73 00 52 6f 75 74 65 72 20	h..Router.Advertisements.Router.
50940	4c 69 66 65 74 69 6d 65 00 52 6f 75 74 65 72 20 72 65 63 65 69 76 65 73 20 44 48 43 50 20 63 6c	Lifetime.Router.receives.DHCP.cl
50960	69 65 6e 74 20 72 65 71 75 65 73 74 73 20 6f 6e 20 60 60 65 74 68 31 60 60 20 61 6e 64 20 72 65	ient.requests.on.``eth1``.and.re
50980	6c 61 79 73 20 74 68 65 6d 20 74 6f 20 74 68 65 20 73 65 72 76 65 72 20 61 74 20 31 30 2e 30 2e	lays.them.to.the.server.at.10.0.
509a0	31 2e 34 20 6f 6e 20 60 60 65 74 68 32 60 60 2e 00 52 6f 75 74 65 73 20 65 78 70 6f 72 74 65 64	1.4.on.``eth2``..Routes.exported
509c0	20 66 72 6f 6d 20 61 20 75 6e 69 63 61 73 74 20 56 52 46 20 74 6f 20 74 68 65 20 56 50 4e 20 52	.from.a.unicast.VRF.to.the.VPN.R
509e0	49 42 20 6d 75 73 74 20 62 65 20 61 75 67 6d 65 6e 74 65 64 20 62 79 20 74 77 6f 20 70 61 72 61	IB.must.be.augmented.by.two.para
50a00	6d 65 74 65 72 73 3a 00 52 6f 75 74 65 73 20 6f 6e 20 4e 6f 64 65 20 32 3a 00 52 6f 75 74 65 73	meters:.Routes.on.Node.2:.Routes
50a20	20 74 68 61 74 20 61 72 65 20 73 65 6e 74 20 66 72 6f 6d 20 70 72 6f 76 69 64 65 72 2c 20 72 73	.that.are.sent.from.provider,.rs
50a40	2d 73 65 72 76 65 72 2c 20 6f 72 20 74 68 65 20 70 65 65 72 20 6c 6f 63 61 6c 2d 72 6f 6c 65 20	-server,.or.the.peer.local-role.
50a60	28 6f 72 20 69 66 20 72 65 63 65 69 76 65 64 20 62 79 20 63 75 73 74 6f 6d 65 72 2c 20 72 73 2d	(or.if.received.by.customer,.rs-
50a80	63 6c 69 65 6e 74 2c 20 6f 72 20 74 68 65 20 70 65 65 72 20 6c 6f 63 61 6c 2d 72 6f 6c 65 29 20	client,.or.the.peer.local-role).
50aa0	77 69 6c 6c 20 62 65 20 6d 61 72 6b 65 64 20 77 69 74 68 20 61 20 6e 65 77 20 4f 6e 6c 79 20 74	will.be.marked.with.a.new.Only.t
50ac0	6f 20 43 75 73 74 6f 6d 65 72 20 28 4f 54 43 29 20 61 74 74 72 69 62 75 74 65 2e 00 52 6f 75 74	o.Customer.(OTC).attribute..Rout
50ae0	65 73 20 77 69 74 68 20 61 20 64 69 73 74 61 6e 63 65 20 6f 66 20 32 35 35 20 61 72 65 20 65 66	es.with.a.distance.of.255.are.ef
50b00	66 65 63 74 69 76 65 6c 79 20 64 69 73 61 62 6c 65 64 20 61 6e 64 20 6e 6f 74 20 69 6e 73 74 61	fectively.disabled.and.not.insta
50b20	6c 6c 65 64 20 69 6e 74 6f 20 74 68 65 20 6b 65 72 6e 65 6c 2e 00 52 6f 75 74 65 73 20 77 69 74	lled.into.the.kernel..Routes.wit
50b40	68 20 74 68 69 73 20 61 74 74 72 69 62 75 74 65 20 63 61 6e 20 6f 6e 6c 79 20 62 65 20 73 65 6e	h.this.attribute.can.only.be.sen
50b60	74 20 74 6f 20 79 6f 75 72 20 6e 65 69 67 68 62 6f 72 20 69 66 20 79 6f 75 72 20 6c 6f 63 61 6c	t.to.your.neighbor.if.your.local
50b80	2d 72 6f 6c 65 20 69 73 20 70 72 6f 76 69 64 65 72 20 6f 72 20 72 73 2d 73 65 72 76 65 72 2e 20	-role.is.provider.or.rs-server..
50ba0	52 6f 75 74 65 73 20 77 69 74 68 20 74 68 69 73 20 61 74 74 72 69 62 75 74 65 20 63 61 6e 20 62	Routes.with.this.attribute.can.b
50bc0	65 20 72 65 63 65 69 76 65 64 20 6f 6e 6c 79 20 69 66 20 79 6f 75 72 20 6c 6f 63 61 6c 2d 72 6f	e.received.only.if.your.local-ro
50be0	6c 65 20 69 73 20 63 75 73 74 6f 6d 65 72 20 6f 72 20 72 73 2d 63 6c 69 65 6e 74 2e 00 52 6f 75	le.is.customer.or.rs-client..Rou
50c00	74 69 6e 65 00 52 6f 75 74 69 6e 67 00 52 6f 75 74 69 6e 67 20 74 61 62 6c 65 73 20 74 68 61 74	tine.Routing.Routing.tables.that
50c20	20 77 69 6c 6c 20 62 65 20 75 73 65 64 20 69 6e 20 74 68 69 73 20 65 78 61 6d 70 6c 65 20 61 72	.will.be.used.in.this.example.ar
50c40	65 3a 00 52 75 6c 65 20 31 30 20 6d 61 74 63 68 65 73 20 72 65 71 75 65 73 74 73 20 77 69 74 68	e:.Rule.10.matches.requests.with
50c60	20 74 68 65 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 20 60 60 6e 6f 64 65 31 2e 65 78 61 6d 70 6c 65	.the.domain.name.``node1.example
50c80	2e 63 6f 6d 60 60 20 66 6f 72 77 61 72 64 73 20 74 6f 20 74 68 65 20 62 61 63 6b 65 6e 64 20 60	.com``.forwards.to.the.backend.`
50ca0	60 62 6b 2d 61 70 69 2d 30 31 60 60 00 52 75 6c 65 20 31 30 20 6d 61 74 63 68 65 73 20 72 65 71	`bk-api-01``.Rule.10.matches.req
50cc0	75 65 73 74 73 20 77 69 74 68 20 74 68 65 20 65 78 61 63 74 20 55 52 4c 20 70 61 74 68 20 60 60	uests.with.the.exact.URL.path.``
50ce0	2f 2e 77 65 6c 6c 2d 6b 6e 6f 77 6e 2f 78 78 78 60 60 20 61 6e 64 20 72 65 64 69 72 65 63 74 73	/.well-known/xxx``.and.redirects
50d00	20 74 6f 20 6c 6f 63 61 74 69 6f 6e 20 60 60 2f 63 65 72 74 73 2f 60 60 2e 00 52 75 6c 65 20 32	.to.location.``/certs/``..Rule.2
50d20	30 20 6d 61 74 63 68 65 73 20 72 65 71 75 65 73 74 73 20 77 69 74 68 20 55 52 4c 20 70 61 74 68	0.matches.requests.with.URL.path
50d40	73 20 65 6e 64 69 6e 67 20 69 6e 20 60 60 2f 6d 61 69 6c 60 60 20 6f 72 20 65 78 61 63 74 20 70	s.ending.in.``/mail``.or.exact.p
50d60	61 74 68 20 60 60 2f 65 6d 61 69 6c 2f 62 61 72 60 60 20 72 65 64 69 72 65 63 74 20 74 6f 20 6c	ath.``/email/bar``.redirect.to.l
50d80	6f 63 61 74 69 6f 6e 20 60 60 2f 70 6f 73 74 66 69 78 2f 60 60 2e 00 52 75 6c 65 20 32 30 20 6d	ocation.``/postfix/``..Rule.20.m
50da0	61 74 63 68 65 73 20 72 65 71 75 65 73 74 73 20 77 69 74 68 20 74 68 65 20 64 6f 6d 61 69 6e 20	atches.requests.with.the.domain.
50dc0	6e 61 6d 65 20 60 60 6e 6f 64 65 32 2e 65 78 61 6d 70 6c 65 2e 63 6f 6d 60 60 20 66 6f 72 77 61	name.``node2.example.com``.forwa
50de0	72 64 73 20 74 6f 20 74 68 65 20 62 61 63 6b 65 6e 64 20 60 60 62 6b 2d 61 70 69 2d 30 32 60 60	rds.to.the.backend.``bk-api-02``
50e00	00 52 75 6c 65 20 53 74 61 74 75 73 00 52 75 6c 65 2d 53 65 74 73 00 52 75 6c 65 2d 73 65 74 20	.Rule.Status.Rule-Sets.Rule-set.
50e20	6f 76 65 72 76 69 65 77 00 52 75 6c 65 73 00 52 75 6c 65 73 20 61 6c 6c 6f 77 20 74 6f 20 63 6f	overview.Rules.Rules.allow.to.co
50e40	6e 74 72 6f 6c 20 61 6e 64 20 72 6f 75 74 65 20 69 6e 63 6f 6d 69 6e 67 20 74 72 61 66 66 69 63	ntrol.and.route.incoming.traffic
50e60	20 74 6f 20 73 70 65 63 69 66 69 63 20 62 61 63 6b 65 6e 64 20 62 61 73 65 64 20 6f 6e 20 70 72	.to.specific.backend.based.on.pr
50e80	65 64 65 66 69 6e 65 64 20 63 6f 6e 64 69 74 69 6f 6e 73 2e 20 52 75 6c 65 73 20 61 6c 6c 6f 77	edefined.conditions..Rules.allow
50ea0	20 74 6f 20 64 65 66 69 6e 65 20 6d 61 74 63 68 69 6e 67 20 63 72 69 74 65 72 69 61 20 61 6e 64	.to.define.matching.criteria.and
50ec0	20 70 65 72 66 6f 72 6d 20 61 63 74 69 6f 6e 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 00 52 75 6c	.perform.action.accordingly..Rul
50ee0	65 73 20 77 69 6c 6c 20 62 65 20 63 72 65 61 74 65 64 20 66 6f 72 20 62 6f 74 68 20 3a 72 65 66	es.will.be.created.for.both.:ref
50f00	3a 60 73 6f 75 72 63 65 2d 6e 61 74 60 20 61 6e 64 20 3a 72 65 66 3a 60 64 65 73 74 69 6e 61 74	:`source-nat`.and.:ref:`destinat
50f20	69 6f 6e 2d 6e 61 74 60 2e 00 52 75 6e 6e 69 6e 67 20 42 65 68 69 6e 64 20 4e 41 54 00 53 4e 41	ion-nat`..Running.Behind.NAT.SNA
50f40	54 00 53 4e 41 54 36 36 00 53 4e 4d 50 00 53 4e 4d 50 20 45 78 74 65 6e 73 69 6f 6e 73 00 53 4e	T.SNAT66.SNMP.SNMP.Extensions.SN
50f60	4d 50 20 50 72 6f 74 6f 63 6f 6c 20 56 65 72 73 69 6f 6e 73 00 53 4e 4d 50 20 63 61 6e 20 77 6f	MP.Protocol.Versions.SNMP.can.wo
50f80	72 6b 20 73 79 6e 63 68 72 6f 6e 6f 75 73 6c 79 20 6f 72 20 61 73 79 6e 63 68 72 6f 6e 6f 75 73	rk.synchronously.or.asynchronous
50fa0	6c 79 2e 20 49 6e 20 73 79 6e 63 68 72 6f 6e 6f 75 73 20 63 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e	ly..In.synchronous.communication
50fc0	2c 20 74 68 65 20 6d 6f 6e 69 74 6f 72 69 6e 67 20 73 79 73 74 65 6d 20 71 75 65 72 69 65 73 20	,.the.monitoring.system.queries.
50fe0	74 68 65 20 72 6f 75 74 65 72 20 70 65 72 69 6f 64 69 63 61 6c 6c 79 2e 20 49 6e 20 61 73 79 6e	the.router.periodically..In.asyn
51000	63 68 72 6f 6e 6f 75 73 2c 20 74 68 65 20 72 6f 75 74 65 72 20 73 65 6e 64 73 20 6e 6f 74 69 66	chronous,.the.router.sends.notif
51020	69 63 61 74 69 6f 6e 20 74 6f 20 74 68 65 20 22 74 72 61 70 22 20 28 74 68 65 20 6d 6f 6e 69 74	ication.to.the."trap".(the.monit
51040	6f 72 69 6e 67 20 68 6f 73 74 29 2e 00 53 4e 4d 50 20 69 73 20 61 20 63 6f 6d 70 6f 6e 65 6e 74	oring.host)..SNMP.is.a.component
51060	20 6f 66 20 74 68 65 20 49 6e 74 65 72 6e 65 74 20 50 72 6f 74 6f 63 6f 6c 20 53 75 69 74 65 20	.of.the.Internet.Protocol.Suite.
51080	61 73 20 64 65 66 69 6e 65 64 20 62 79 20 74 68 65 20 49 6e 74 65 72 6e 65 74 20 45 6e 67 69 6e	as.defined.by.the.Internet.Engin
510a0	65 65 72 69 6e 67 20 54 61 73 6b 20 46 6f 72 63 65 20 28 49 45 54 46 29 2e 20 49 74 20 63 6f 6e	eering.Task.Force.(IETF)..It.con
510c0	73 69 73 74 73 20 6f 66 20 61 20 73 65 74 20 6f 66 20 73 74 61 6e 64 61 72 64 73 20 66 6f 72 20	sists.of.a.set.of.standards.for.
510e0	6e 65 74 77 6f 72 6b 20 6d 61 6e 61 67 65 6d 65 6e 74 2c 20 69 6e 63 6c 75 64 69 6e 67 20 61 6e	network.management,.including.an
51100	20 61 70 70 6c 69 63 61 74 69 6f 6e 20 6c 61 79 65 72 20 70 72 6f 74 6f 63 6f 6c 2c 20 61 20 64	.application.layer.protocol,.a.d
51120	61 74 61 62 61 73 65 20 73 63 68 65 6d 61 2c 20 61 6e 64 20 61 20 73 65 74 20 6f 66 20 64 61 74	atabase.schema,.and.a.set.of.dat
51140	61 20 6f 62 6a 65 63 74 73 2e 00 53 4e 4d 50 20 69 73 20 77 69 64 65 6c 79 20 75 73 65 64 20 69	a.objects..SNMP.is.widely.used.i
51160	6e 20 6e 65 74 77 6f 72 6b 20 6d 61 6e 61 67 65 6d 65 6e 74 20 66 6f 72 20 6e 65 74 77 6f 72 6b	n.network.management.for.network
51180	20 6d 6f 6e 69 74 6f 72 69 6e 67 2e 20 53 4e 4d 50 20 65 78 70 6f 73 65 73 20 6d 61 6e 61 67 65	.monitoring..SNMP.exposes.manage
511a0	6d 65 6e 74 20 64 61 74 61 20 69 6e 20 74 68 65 20 66 6f 72 6d 20 6f 66 20 76 61 72 69 61 62 6c	ment.data.in.the.form.of.variabl
511c0	65 73 20 6f 6e 20 74 68 65 20 6d 61 6e 61 67 65 64 20 73 79 73 74 65 6d 73 20 6f 72 67 61 6e 69	es.on.the.managed.systems.organi
511e0	7a 65 64 20 69 6e 20 61 20 6d 61 6e 61 67 65 6d 65 6e 74 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20	zed.in.a.management.information.
51200	62 61 73 65 20 28 4d 49 42 5f 29 20 77 68 69 63 68 20 64 65 73 63 72 69 62 65 20 74 68 65 20 73	base.(MIB_).which.describe.the.s
51220	79 73 74 65 6d 20 73 74 61 74 75 73 20 61 6e 64 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2e 20	ystem.status.and.configuration..
51240	54 68 65 73 65 20 76 61 72 69 61 62 6c 65 73 20 63 61 6e 20 74 68 65 6e 20 62 65 20 72 65 6d 6f	These.variables.can.then.be.remo
51260	74 65 6c 79 20 71 75 65 72 69 65 64 20 28 61 6e 64 2c 20 69 6e 20 73 6f 6d 65 20 63 69 72 63 75	tely.queried.(and,.in.some.circu
51280	6d 73 74 61 6e 63 65 73 2c 20 6d 61 6e 69 70 75 6c 61 74 65 64 29 20 62 79 20 6d 61 6e 61 67 69	mstances,.manipulated).by.managi
512a0	6e 67 20 61 70 70 6c 69 63 61 74 69 6f 6e 73 2e 00 53 4e 4d 50 76 32 00 53 4e 4d 50 76 32 20 64	ng.applications..SNMPv2.SNMPv2.d
512c0	6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 61 6e 79 20 61 75 74 68 65 6e 74 69 63 61 74 69	oes.not.support.any.authenticati
512e0	6f 6e 20 6d 65 63 68 61 6e 69 73 6d 73 2c 20 6f 74 68 65 72 20 74 68 61 6e 20 63 6c 69 65 6e 74	on.mechanisms,.other.than.client
51300	20 73 6f 75 72 63 65 20 61 64 64 72 65 73 73 2c 20 73 6f 20 79 6f 75 20 73 68 6f 75 6c 64 20 73	.source.address,.so.you.should.s
51320	70 65 63 69 66 79 20 61 64 64 72 65 73 73 65 73 20 6f 66 20 63 6c 69 65 6e 74 73 20 61 6c 6c 6f	pecify.addresses.of.clients.allo
51340	77 65 64 20 74 6f 20 6d 6f 6e 69 74 6f 72 20 74 68 65 20 72 6f 75 74 65 72 2e 20 4e 6f 74 65 20	wed.to.monitor.the.router..Note.
51360	74 68 61 74 20 53 4e 4d 50 76 32 20 61 6c 73 6f 20 73 75 70 70 6f 72 74 73 20 6e 6f 20 65 6e 63	that.SNMPv2.also.supports.no.enc
51380	72 79 70 74 69 6f 6e 20 61 6e 64 20 61 6c 77 61 79 73 20 73 65 6e 64 73 20 64 61 74 61 20 69 6e	ryption.and.always.sends.data.in
513a0	20 70 6c 61 69 6e 20 74 65 78 74 2e 00 53 4e 4d 50 76 32 20 69 73 20 74 68 65 20 6f 72 69 67 69	.plain.text..SNMPv2.is.the.origi
513c0	6e 61 6c 20 61 6e 64 20 6d 6f 73 74 20 63 6f 6d 6d 6f 6e 6c 79 20 75 73 65 64 20 76 65 72 73 69	nal.and.most.commonly.used.versi
513e0	6f 6e 2e 20 46 6f 72 20 61 75 74 68 6f 72 69 7a 69 6e 67 20 63 6c 69 65 6e 74 73 2c 20 53 4e 4d	on..For.authorizing.clients,.SNM
51400	50 20 75 73 65 73 20 74 68 65 20 63 6f 6e 63 65 70 74 20 6f 66 20 63 6f 6d 6d 75 6e 69 74 69 65	P.uses.the.concept.of.communitie
51420	73 2e 20 43 6f 6d 6d 75 6e 69 74 69 65 73 20 6d 61 79 20 68 61 76 65 20 61 75 74 68 6f 72 69 7a	s..Communities.may.have.authoriz
51440	61 74 69 6f 6e 20 73 65 74 20 74 6f 20 72 65 61 64 20 6f 6e 6c 79 20 28 74 68 69 73 20 69 73 20	ation.set.to.read.only.(this.is.
51460	6d 6f 73 74 20 63 6f 6d 6d 6f 6e 29 20 6f 72 20 74 6f 20 72 65 61 64 20 61 6e 64 20 77 72 69 74	most.common).or.to.read.and.writ
51480	65 20 28 74 68 69 73 20 6f 70 74 69 6f 6e 20 69 73 20 6e 6f 74 20 61 63 74 69 76 65 6c 79 20 75	e.(this.option.is.not.actively.u
514a0	73 65 64 20 69 6e 20 56 79 4f 53 29 2e 00 53 4e 4d 50 76 33 00 53 4e 4d 50 76 33 20 28 76 65 72	sed.in.VyOS)..SNMPv3.SNMPv3.(ver
514c0	73 69 6f 6e 20 33 20 6f 66 20 74 68 65 20 53 4e 4d 50 20 70 72 6f 74 6f 63 6f 6c 29 20 69 6e 74	sion.3.of.the.SNMP.protocol).int
514e0	72 6f 64 75 63 65 64 20 61 20 77 68 6f 6c 65 20 73 6c 65 77 20 6f 66 20 6e 65 77 20 73 65 63 75	roduced.a.whole.slew.of.new.secu
51500	72 69 74 79 20 72 65 6c 61 74 65 64 20 66 65 61 74 75 72 65 73 20 74 68 61 74 20 68 61 76 65 20	rity.related.features.that.have.
51520	62 65 65 6e 20 6d 69 73 73 69 6e 67 20 66 72 6f 6d 20 74 68 65 20 70 72 65 76 69 6f 75 73 20 76	been.missing.from.the.previous.v
51540	65 72 73 69 6f 6e 73 2e 20 53 65 63 75 72 69 74 79 20 77 61 73 20 6f 6e 65 20 6f 66 20 74 68 65	ersions..Security.was.one.of.the
51560	20 62 69 67 67 65 73 74 20 77 65 61 6b 6e 65 73 73 20 6f 66 20 53 4e 4d 50 20 75 6e 74 69 6c 20	.biggest.weakness.of.SNMP.until.
51580	76 33 2e 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 69 6e 20 53 4e 4d 50 20 56 65 72 73 69	v3..Authentication.in.SNMP.Versi
515a0	6f 6e 73 20 31 20 61 6e 64 20 32 20 61 6d 6f 75 6e 74 73 20 74 6f 20 6e 6f 74 68 69 6e 67 20 6d	ons.1.and.2.amounts.to.nothing.m
515c0	6f 72 65 20 74 68 61 6e 20 61 20 70 61 73 73 77 6f 72 64 20 28 63 6f 6d 6d 75 6e 69 74 79 20 73	ore.than.a.password.(community.s
515e0	74 72 69 6e 67 29 20 73 65 6e 74 20 69 6e 20 63 6c 65 61 72 20 74 65 78 74 20 62 65 74 77 65 65	tring).sent.in.clear.text.betwee
51600	6e 20 61 20 6d 61 6e 61 67 65 72 20 61 6e 64 20 61 67 65 6e 74 2e 20 45 61 63 68 20 53 4e 4d 50	n.a.manager.and.agent..Each.SNMP
51620	76 33 20 6d 65 73 73 61 67 65 20 63 6f 6e 74 61 69 6e 73 20 73 65 63 75 72 69 74 79 20 70 61 72	v3.message.contains.security.par
51640	61 6d 65 74 65 72 73 20 77 68 69 63 68 20 61 72 65 20 65 6e 63 6f 64 65 64 20 61 73 20 61 6e 20	ameters.which.are.encoded.as.an.
51660	6f 63 74 65 74 20 73 74 72 69 6e 67 2e 20 54 68 65 20 6d 65 61 6e 69 6e 67 20 6f 66 20 74 68 65	octet.string..The.meaning.of.the
51680	73 65 20 73 65 63 75 72 69 74 79 20 70 61 72 61 6d 65 74 65 72 73 20 64 65 70 65 6e 64 73 20 6f	se.security.parameters.depends.o
516a0	6e 20 74 68 65 20 73 65 63 75 72 69 74 79 20 6d 6f 64 65 6c 20 62 65 69 6e 67 20 75 73 65 64 2e	n.the.security.model.being.used.
516c0	00 53 50 41 4e 20 70 6f 72 74 20 6d 69 72 72 6f 72 69 6e 67 20 63 61 6e 20 63 6f 70 79 20 74 68	.SPAN.port.mirroring.can.copy.th
516e0	65 20 69 6e 62 6f 75 6e 64 2f 6f 75 74 62 6f 75 6e 64 20 74 72 61 66 66 69 63 20 6f 66 20 74 68	e.inbound/outbound.traffic.of.th
51700	65 20 69 6e 74 65 72 66 61 63 65 20 74 6f 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 69 6e 74	e.interface.to.the.specified.int
51720	65 72 66 61 63 65 2c 20 75 73 75 61 6c 6c 79 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 63 61	erface,.usually.the.interface.ca
51740	6e 20 62 65 20 63 6f 6e 6e 65 63 74 65 64 20 74 6f 20 73 6f 6d 65 20 73 70 65 63 69 61 6c 20 65	n.be.connected.to.some.special.e
51760	71 75 69 70 6d 65 6e 74 2c 20 73 75 63 68 20 61 73 20 62 65 68 61 76 69 6f 72 20 63 6f 6e 74 72	quipment,.such.as.behavior.contr
51780	6f 6c 20 73 79 73 74 65 6d 2c 20 69 6e 74 72 75 73 69 6f 6e 20 64 65 74 65 63 74 69 6f 6e 20 73	ol.system,.intrusion.detection.s
517a0	79 73 74 65 6d 20 61 6e 64 20 74 72 61 66 66 69 63 20 63 6f 6c 6c 65 63 74 6f 72 2c 20 61 6e 64	ystem.and.traffic.collector,.and
517c0	20 63 61 6e 20 63 6f 70 79 20 61 6c 6c 20 72 65 6c 61 74 65 64 20 74 72 61 66 66 69 63 20 66 72	.can.copy.all.related.traffic.fr
517e0	6f 6d 20 74 68 69 73 20 70 6f 72 74 2e 20 54 68 65 20 62 65 6e 65 66 69 74 20 6f 66 20 6d 69 72	om.this.port..The.benefit.of.mir
51800	72 6f 72 69 6e 67 20 74 68 65 20 74 72 61 66 66 69 63 20 69 73 20 74 68 61 74 20 74 68 65 20 61	roring.the.traffic.is.that.the.a
51820	70 70 6c 69 63 61 74 69 6f 6e 20 69 73 20 69 73 6f 6c 61 74 65 64 20 66 72 6f 6d 20 74 68 65 20	pplication.is.isolated.from.the.
51840	73 6f 75 72 63 65 20 74 72 61 66 66 69 63 20 61 6e 64 20 73 6f 20 61 70 70 6c 69 63 61 74 69 6f	source.traffic.and.so.applicatio
51860	6e 20 70 72 6f 63 65 73 73 69 6e 67 20 64 6f 65 73 20 6e 6f 74 20 61 66 66 65 63 74 20 74 68 65	n.processing.does.not.affect.the
51880	20 74 72 61 66 66 69 63 20 6f 72 20 74 68 65 20 73 79 73 74 65 6d 20 70 65 72 66 6f 72 6d 61 6e	.traffic.or.the.system.performan
518a0	63 65 2e 00 53 53 48 00 53 53 48 20 3a 72 65 66 3a 60 73 73 68 5f 6b 65 79 5f 62 61 73 65 64 5f	ce..SSH.SSH.:ref:`ssh_key_based_
518c0	61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 60 00 53 53 48 20 3a 72 65 66 3a 60 73 73 68 5f 6f 70	authentication`.SSH.:ref:`ssh_op
518e0	65 72 61 74 69 6f 6e 60 00 53 53 48 20 63 6c 69 65 6e 74 00 53 53 48 20 70 72 6f 76 69 64 65 73	eration`.SSH.client.SSH.provides
51900	20 61 20 73 65 63 75 72 65 20 63 68 61 6e 6e 65 6c 20 6f 76 65 72 20 61 6e 20 75 6e 73 65 63 75	.a.secure.channel.over.an.unsecu
51920	72 65 64 20 6e 65 74 77 6f 72 6b 20 69 6e 20 61 20 63 6c 69 65 6e 74 2d 73 65 72 76 65 72 20 61	red.network.in.a.client-server.a
51940	72 63 68 69 74 65 63 74 75 72 65 2c 20 63 6f 6e 6e 65 63 74 69 6e 67 20 61 6e 20 53 53 48 20 63	rchitecture,.connecting.an.SSH.c
51960	6c 69 65 6e 74 20 61 70 70 6c 69 63 61 74 69 6f 6e 20 77 69 74 68 20 61 6e 20 53 53 48 20 73 65	lient.application.with.an.SSH.se
51980	72 76 65 72 2e 20 43 6f 6d 6d 6f 6e 20 61 70 70 6c 69 63 61 74 69 6f 6e 73 20 69 6e 63 6c 75 64	rver..Common.applications.includ
519a0	65 20 72 65 6d 6f 74 65 20 63 6f 6d 6d 61 6e 64 2d 6c 69 6e 65 20 6c 6f 67 69 6e 20 61 6e 64 20	e.remote.command-line.login.and.
519c0	72 65 6d 6f 74 65 20 63 6f 6d 6d 61 6e 64 20 65 78 65 63 75 74 69 6f 6e 2c 20 62 75 74 20 61 6e	remote.command.execution,.but.an
519e0	79 20 6e 65 74 77 6f 72 6b 20 73 65 72 76 69 63 65 20 63 61 6e 20 62 65 20 73 65 63 75 72 65 64	y.network.service.can.be.secured
51a00	20 77 69 74 68 20 53 53 48 2e 20 54 68 65 20 70 72 6f 74 6f 63 6f 6c 20 73 70 65 63 69 66 69 63	.with.SSH..The.protocol.specific
51a20	61 74 69 6f 6e 20 64 69 73 74 69 6e 67 75 69 73 68 65 73 20 62 65 74 77 65 65 6e 20 74 77 6f 20	ation.distinguishes.between.two.
51a40	6d 61 6a 6f 72 20 76 65 72 73 69 6f 6e 73 2c 20 72 65 66 65 72 72 65 64 20 74 6f 20 61 73 20 53	major.versions,.referred.to.as.S
51a60	53 48 2d 31 20 61 6e 64 20 53 53 48 2d 32 2e 00 53 53 48 20 75 73 65 72 6e 61 6d 65 20 74 6f 20	SH-1.and.SSH-2..SSH.username.to.
51a80	65 73 74 61 62 6c 69 73 68 20 61 6e 20 53 53 48 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 74 6f 20 74	establish.an.SSH.connection.to.t
51aa0	68 65 20 63 61 63 68 65 20 73 65 72 76 65 72 2e 00 53 53 48 20 77 61 73 20 64 65 73 69 67 6e 65	he.cache.server..SSH.was.designe
51ac0	64 20 61 73 20 61 20 72 65 70 6c 61 63 65 6d 65 6e 74 20 66 6f 72 20 54 65 6c 6e 65 74 20 61 6e	d.as.a.replacement.for.Telnet.an
51ae0	64 20 66 6f 72 20 75 6e 73 65 63 75 72 65 64 20 72 65 6d 6f 74 65 20 73 68 65 6c 6c 20 70 72 6f	d.for.unsecured.remote.shell.pro
51b00	74 6f 63 6f 6c 73 20 73 75 63 68 20 61 73 20 74 68 65 20 42 65 72 6b 65 6c 65 79 20 72 6c 6f 67	tocols.such.as.the.Berkeley.rlog
51b20	69 6e 2c 20 72 73 68 2c 20 61 6e 64 20 72 65 78 65 63 20 70 72 6f 74 6f 63 6f 6c 73 2e 20 54 68	in,.rsh,.and.rexec.protocols..Th
51b40	6f 73 65 20 70 72 6f 74 6f 63 6f 6c 73 20 73 65 6e 64 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2c 20	ose.protocols.send.information,.
51b60	6e 6f 74 61 62 6c 79 20 70 61 73 73 77 6f 72 64 73 2c 20 69 6e 20 70 6c 61 69 6e 74 65 78 74 2c	notably.passwords,.in.plaintext,
51b80	20 72 65 6e 64 65 72 69 6e 67 20 74 68 65 6d 20 73 75 73 63 65 70 74 69 62 6c 65 20 74 6f 20 69	.rendering.them.susceptible.to.i
51ba0	6e 74 65 72 63 65 70 74 69 6f 6e 20 61 6e 64 20 64 69 73 63 6c 6f 73 75 72 65 20 75 73 69 6e 67	nterception.and.disclosure.using
51bc0	20 70 61 63 6b 65 74 20 61 6e 61 6c 79 73 69 73 2e 20 54 68 65 20 65 6e 63 72 79 70 74 69 6f 6e	.packet.analysis..The.encryption
51be0	20 75 73 65 64 20 62 79 20 53 53 48 20 69 73 20 69 6e 74 65 6e 64 65 64 20 74 6f 20 70 72 6f 76	.used.by.SSH.is.intended.to.prov
51c00	69 64 65 20 63 6f 6e 66 69 64 65 6e 74 69 61 6c 69 74 79 20 61 6e 64 20 69 6e 74 65 67 72 69 74	ide.confidentiality.and.integrit
51c20	79 20 6f 66 20 64 61 74 61 20 6f 76 65 72 20 61 6e 20 75 6e 73 65 63 75 72 65 64 20 6e 65 74 77	y.of.data.over.an.unsecured.netw
51c40	6f 72 6b 2c 20 73 75 63 68 20 61 73 20 74 68 65 20 49 6e 74 65 72 6e 65 74 2e 00 53 53 49 44 20	ork,.such.as.the.Internet..SSID.
51c60	74 6f 20 62 65 20 75 73 65 64 20 69 6e 20 49 45 45 45 20 38 30 32 2e 31 31 20 6d 61 6e 61 67 65	to.be.used.in.IEEE.802.11.manage
51c80	6d 65 6e 74 20 66 72 61 6d 65 73 00 53 53 4c 20 43 65 72 74 69 66 69 63 61 74 65 73 00 53 53 4c	ment.frames.SSL.Certificates.SSL
51ca0	20 43 65 72 74 69 66 69 63 61 74 65 73 20 67 65 6e 65 72 61 74 69 6f 6e 00 53 53 4c 20 6d 61 74	.Certificates.generation.SSL.mat
51cc0	63 68 20 53 65 72 76 65 72 20 4e 61 6d 65 20 49 6e 64 69 63 61 74 69 6f 6e 20 28 53 4e 49 29 20	ch.Server.Name.Indication.(SNI).
51ce0	6f 70 74 69 6f 6e 3a 00 53 53 54 50 20 43 6c 69 65 6e 74 00 53 53 54 50 20 43 6c 69 65 6e 74 20	option:.SSTP.Client.SSTP.Client.
51d00	4f 70 74 69 6f 6e 73 00 53 53 54 50 20 53 65 72 76 65 72 00 53 53 54 50 20 69 73 20 61 76 61 69	Options.SSTP.Server.SSTP.is.avai
51d20	6c 61 62 6c 65 20 66 6f 72 20 4c 69 6e 75 78 2c 20 42 53 44 2c 20 61 6e 64 20 57 69 6e 64 6f 77	lable.for.Linux,.BSD,.and.Window
51d40	73 2e 00 53 53 54 50 20 72 65 6d 6f 74 65 20 73 65 72 76 65 72 20 74 6f 20 63 6f 6e 6e 65 63 74	s..SSTP.remote.server.to.connect
51d60	20 74 6f 2e 20 43 61 6e 20 62 65 20 65 69 74 68 65 72 20 61 6e 20 49 50 20 61 64 64 72 65 73 73	.to..Can.be.either.an.IP.address
51d80	20 6f 72 20 46 51 44 4e 2e 00 53 54 50 20 50 61 72 61 6d 65 74 65 72 00 53 61 6c 74 2d 4d 69 6e	.or.FQDN..STP.Parameter.Salt-Min
51da0	69 6f 6e 00 53 61 6c 74 53 74 61 63 6b 5f 20 69 73 20 50 79 74 68 6f 6e 2d 62 61 73 65 64 2c 20	ion.SaltStack_.is.Python-based,.
51dc0	6f 70 65 6e 2d 73 6f 75 72 63 65 20 73 6f 66 74 77 61 72 65 20 66 6f 72 20 65 76 65 6e 74 2d 64	open-source.software.for.event-d
51de0	72 69 76 65 6e 20 49 54 20 61 75 74 6f 6d 61 74 69 6f 6e 2c 20 72 65 6d 6f 74 65 20 74 61 73 6b	riven.IT.automation,.remote.task
51e00	20 65 78 65 63 75 74 69 6f 6e 2c 20 61 6e 64 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6d 61	.execution,.and.configuration.ma
51e20	6e 61 67 65 6d 65 6e 74 2e 20 53 75 70 70 6f 72 74 69 6e 67 20 74 68 65 20 22 69 6e 66 72 61 73	nagement..Supporting.the."infras
51e40	74 72 75 63 74 75 72 65 20 61 73 20 63 6f 64 65 22 20 61 70 70 72 6f 61 63 68 20 74 6f 20 64 61	tructure.as.code".approach.to.da
51e60	74 61 20 63 65 6e 74 65 72 20 73 79 73 74 65 6d 20 61 6e 64 20 6e 65 74 77 6f 72 6b 20 64 65 70	ta.center.system.and.network.dep
51e80	6c 6f 79 6d 65 6e 74 20 61 6e 64 20 6d 61 6e 61 67 65 6d 65 6e 74 2c 20 63 6f 6e 66 69 67 75 72	loyment.and.management,.configur
51ea0	61 74 69 6f 6e 20 61 75 74 6f 6d 61 74 69 6f 6e 2c 20 53 65 63 4f 70 73 20 6f 72 63 68 65 73 74	ation.automation,.SecOps.orchest
51ec0	72 61 74 69 6f 6e 2c 20 76 75 6c 6e 65 72 61 62 69 6c 69 74 79 20 72 65 6d 65 64 69 61 74 69 6f	ration,.vulnerability.remediatio
51ee0	6e 2c 20 61 6e 64 20 68 79 62 72 69 64 20 63 6c 6f 75 64 20 63 6f 6e 74 72 6f 6c 2e 00 53 61 6d	n,.and.hybrid.cloud.control..Sam
51f00	65 20 61 73 20 65 78 70 6f 72 74 2d 6c 69 73 74 2c 20 62 75 74 20 69 74 20 61 70 70 6c 69 65 73	e.as.export-list,.but.it.applies
51f20	20 74 6f 20 70 61 74 68 73 20 61 6e 6e 6f 75 6e 63 65 64 20 69 6e 74 6f 20 73 70 65 63 69 66 69	.to.paths.announced.into.specifi
51f40	65 64 20 61 72 65 61 20 61 73 20 54 79 70 65 2d 33 20 73 75 6d 6d 61 72 79 2d 4c 53 41 73 2e 20	ed.area.as.Type-3.summary-LSAs..
51f60	54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 6d 61 6b 65 73 20 73 65 6e 73 65 20 69 6e 20 41 42 52 20	This.command.makes.sense.in.ABR.
51f80	6f 6e 6c 79 2e 00 53 61 6d 70 6c 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 66 20 53 56	only..Sample.configuration.of.SV
51fa0	44 20 77 69 74 68 20 56 4c 41 4e 20 74 6f 20 56 4e 49 20 6d 61 70 70 69 6e 67 73 20 69 73 20 73	D.with.VLAN.to.VNI.mappings.is.s
51fc0	68 6f 77 6e 20 62 65 6c 6f 77 2e 00 53 61 6d 70 6c 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e	hown.below..Sample.configuration
51fe0	20 74 6f 20 73 65 74 75 70 20 4c 44 50 20 6f 6e 20 56 79 4f 53 00 53 63 61 6e 6e 69 6e 67 20 69	.to.setup.LDP.on.VyOS.Scanning.i
52000	73 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 20 6f 6e 20 61 6c 6c 20 77 69 72 65 6c 65 73 73 20	s.not.supported.on.all.wireless.
52020	64 72 69 76 65 72 73 20 61 6e 64 20 77 69 72 65 6c 65 73 73 20 68 61 72 64 77 61 72 65 2e 20 52	drivers.and.wireless.hardware..R
52040	65 66 65 72 20 74 6f 20 79 6f 75 72 20 64 72 69 76 65 72 20 61 6e 64 20 77 69 72 65 6c 65 73 73	efer.to.your.driver.and.wireless
52060	20 68 61 72 64 77 61 72 65 20 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 20 66 6f 72 20 66 75 72 74	.hardware.documentation.for.furt
52080	68 65 72 20 64 65 74 61 69 6c 73 2e 00 53 63 72 69 70 74 20 65 78 65 63 75 74 69 6f 6e 00 53 63	her.details..Script.execution.Sc
520a0	72 69 70 74 69 6e 67 00 53 65 63 6f 6e 64 20 73 63 65 6e 61 72 69 6f 3a 20 61 70 70 6c 79 20 73	ripting.Second.scenario:.apply.s
520c0	6f 75 72 63 65 20 4e 41 54 20 66 6f 72 20 61 6c 6c 20 6f 75 74 67 6f 69 6e 67 20 63 6f 6e 6e 65	ource.NAT.for.all.outgoing.conne
520e0	63 74 69 6f 6e 73 20 66 72 6f 6d 20 4c 41 4e 20 31 30 2e 30 2e 30 2e 30 2f 38 2c 20 75 73 69 6e	ctions.from.LAN.10.0.0.0/8,.usin
52100	67 20 33 20 70 75 62 6c 69 63 20 61 64 64 72 65 73 73 65 73 20 61 6e 64 20 65 71 75 61 6c 20 64	g.3.public.addresses.and.equal.d
52120	69 73 74 72 69 62 75 74 69 6f 6e 2e 20 57 65 20 77 69 6c 6c 20 67 65 6e 65 72 61 74 65 20 74 68	istribution..We.will.generate.th
52140	65 20 68 61 73 68 20 72 61 6e 64 6f 6d 6c 79 2e 00 53 65 63 72 65 74 20 66 6f 72 20 44 79 6e 61	e.hash.randomly..Secret.for.Dyna
52160	6d 69 63 20 41 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 45 78 74 65 6e 73 69 6f 6e 20 73 65 72 76	mic.Authorization.Extension.serv
52180	65 72 20 28 44 4d 2f 43 6f 41 29 00 53 65 63 75 72 69 74 79 00 53 65 63 75 72 69 74 79 2f 61 75	er.(DM/CoA).Security.Security/au
521a0	74 68 65 6e 74 69 63 61 74 69 6f 6e 20 6d 65 73 73 61 67 65 73 00 53 65 65 20 62 65 6c 6f 77 20	thentication.messages.See.below.
521c0	74 68 65 20 64 69 66 66 65 72 65 6e 74 20 70 61 72 61 6d 65 74 65 72 73 20 61 76 61 69 6c 61 62	the.different.parameters.availab
521e0	6c 65 20 66 6f 72 20 74 68 65 20 49 50 76 34 20 2a 2a 73 68 6f 77 2a 2a 20 63 6f 6d 6d 61 6e 64	le.for.the.IPv4.**show**.command
52200	3a 00 53 65 67 6d 65 6e 74 20 52 6f 75 74 69 6e 67 00 53 65 67 6d 65 6e 74 20 52 6f 75 74 69 6e	:.Segment.Routing.Segment.Routin
52220	67 20 28 53 52 29 20 69 73 20 61 20 6e 65 74 77 6f 72 6b 20 61 72 63 68 69 74 65 63 74 75 72 65	g.(SR).is.a.network.architecture
52240	20 74 68 61 74 20 69 73 20 73 69 6d 69 6c 61 72 20 74 6f 20 73 6f 75 72 63 65 2d 72 6f 75 74 69	.that.is.similar.to.source-routi
52260	6e 67 20 2e 20 49 6e 20 74 68 69 73 20 61 72 63 68 69 74 65 63 74 75 72 65 2c 20 74 68 65 20 69	ng...In.this.architecture,.the.i
52280	6e 67 72 65 73 73 20 72 6f 75 74 65 72 20 61 64 64 73 20 61 20 6c 69 73 74 20 6f 66 20 73 65 67	ngress.router.adds.a.list.of.seg
522a0	6d 65 6e 74 73 2c 20 6b 6e 6f 77 6e 20 61 73 20 53 49 44 73 2c 20 74 6f 20 74 68 65 20 70 61 63	ments,.known.as.SIDs,.to.the.pac
522c0	6b 65 74 20 61 73 20 69 74 20 65 6e 74 65 72 73 20 74 68 65 20 6e 65 74 77 6f 72 6b 2e 20 54 68	ket.as.it.enters.the.network..Th
522e0	65 73 65 20 73 65 67 6d 65 6e 74 73 20 72 65 70 72 65 73 65 6e 74 20 64 69 66 66 65 72 65 6e 74	ese.segments.represent.different
52300	20 70 6f 72 74 69 6f 6e 73 20 6f 66 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 61 74 68 20 74 68	.portions.of.the.network.path.th
52320	61 74 20 74 68 65 20 70 61 63 6b 65 74 20 77 69 6c 6c 20 74 61 6b 65 2e 00 53 65 67 6d 65 6e 74	at.the.packet.will.take..Segment
52340	20 52 6f 75 74 69 6e 67 20 63 61 6e 20 62 65 20 61 70 70 6c 69 65 64 20 74 6f 20 61 6e 20 65 78	.Routing.can.be.applied.to.an.ex
52360	69 73 74 69 6e 67 20 4d 50 4c 53 2d 62 61 73 65 64 20 64 61 74 61 20 70 6c 61 6e 65 20 61 6e 64	isting.MPLS-based.data.plane.and
52380	20 64 65 66 69 6e 65 73 20 61 20 63 6f 6e 74 72 6f 6c 20 70 6c 61 6e 65 20 6e 65 74 77 6f 72 6b	.defines.a.control.plane.network
523a0	20 61 72 63 68 69 74 65 63 74 75 72 65 2e 20 49 6e 20 4d 50 4c 53 20 6e 65 74 77 6f 72 6b 73 2c	.architecture..In.MPLS.networks,
523c0	20 73 65 67 6d 65 6e 74 73 20 61 72 65 20 65 6e 63 6f 64 65 64 20 61 73 20 4d 50 4c 53 20 6c 61	.segments.are.encoded.as.MPLS.la
523e0	62 65 6c 73 20 61 6e 64 20 61 72 65 20 61 64 64 65 64 20 61 74 20 74 68 65 20 69 6e 67 72 65 73	bels.and.are.added.at.the.ingres
52400	73 20 72 6f 75 74 65 72 2e 20 54 68 65 73 65 20 4d 50 4c 53 20 6c 61 62 65 6c 73 20 61 72 65 20	s.router..These.MPLS.labels.are.
52420	74 68 65 6e 20 65 78 63 68 61 6e 67 65 64 20 61 6e 64 20 70 6f 70 75 6c 61 74 65 64 20 62 79 20	then.exchanged.and.populated.by.
52440	49 6e 74 65 72 69 6f 72 20 47 61 74 65 77 61 79 20 50 72 6f 74 6f 63 6f 6c 73 20 28 49 47 50 73	Interior.Gateway.Protocols.(IGPs
52460	29 20 6c 69 6b 65 20 49 53 2d 49 53 20 6f 72 20 4f 53 50 46 20 77 68 69 63 68 20 61 72 65 20 72	).like.IS-IS.or.OSPF.which.are.r
52480	75 6e 6e 69 6e 67 20 6f 6e 20 6d 6f 73 74 20 49 53 50 73 2e 00 53 65 67 6d 65 6e 74 20 72 6f 75	unning.on.most.ISPs..Segment.rou
524a0	74 69 6e 67 20 28 53 52 29 20 69 73 20 75 73 65 64 20 62 79 20 74 68 65 20 49 47 50 20 70 72 6f	ting.(SR).is.used.by.the.IGP.pro
524c0	74 6f 63 6f 6c 73 20 74 6f 20 69 6e 74 65 72 63 6f 6e 6e 65 63 74 20 6e 65 74 77 6f 72 6b 20 64	tocols.to.interconnect.network.d
524e0	65 76 69 63 65 73 2c 20 62 65 6c 6f 77 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 73 68 6f 77	evices,.below.configuration.show
52500	73 20 68 6f 77 20 74 6f 20 65 6e 61 62 6c 65 20 53 52 20 6f 6e 20 49 53 2d 49 53 3a 00 53 65 67	s.how.to.enable.SR.on.IS-IS:.Seg
52520	6d 65 6e 74 20 72 6f 75 74 69 6e 67 20 28 53 52 29 20 69 73 20 75 73 65 64 20 62 79 20 74 68 65	ment.routing.(SR).is.used.by.the
52540	20 49 47 50 20 70 72 6f 74 6f 63 6f 6c 73 20 74 6f 20 69 6e 74 65 72 63 6f 6e 6e 65 63 74 20 6e	.IGP.protocols.to.interconnect.n
52560	65 74 77 6f 72 6b 20 64 65 76 69 63 65 73 2c 20 62 65 6c 6f 77 20 63 6f 6e 66 69 67 75 72 61 74	etwork.devices,.below.configurat
52580	69 6f 6e 20 73 68 6f 77 73 20 68 6f 77 20 74 6f 20 65 6e 61 62 6c 65 20 53 52 20 6f 6e 20 4f 53	ion.shows.how.to.enable.SR.on.OS
525a0	50 46 3a 00 53 65 67 6d 65 6e 74 20 72 6f 75 74 69 6e 67 20 64 65 66 69 6e 65 73 20 61 20 63 6f	PF:.Segment.routing.defines.a.co
525c0	6e 74 72 6f 6c 20 70 6c 61 6e 65 20 6e 65 74 77 6f 72 6b 20 61 72 63 68 69 74 65 63 74 75 72 65	ntrol.plane.network.architecture
525e0	20 61 6e 64 20 63 61 6e 20 62 65 20 61 70 70 6c 69 65 64 20 74 6f 20 61 6e 20 65 78 69 73 74 69	.and.can.be.applied.to.an.existi
52600	6e 67 20 4d 50 4c 53 20 62 61 73 65 64 20 64 61 74 61 70 6c 61 6e 65 2e 20 49 6e 20 74 68 65 20	ng.MPLS.based.dataplane..In.the.
52620	4d 50 4c 53 20 6e 65 74 77 6f 72 6b 73 2c 20 73 65 67 6d 65 6e 74 73 20 61 72 65 20 65 6e 63 6f	MPLS.networks,.segments.are.enco
52640	64 65 64 20 61 73 20 4d 50 4c 53 20 6c 61 62 65 6c 73 20 61 6e 64 20 61 72 65 20 69 6d 70 6f 73	ded.as.MPLS.labels.and.are.impos
52660	65 64 20 61 74 20 74 68 65 20 69 6e 67 72 65 73 73 20 72 6f 75 74 65 72 2e 20 4d 50 4c 53 20 6c	ed.at.the.ingress.router..MPLS.l
52680	61 62 65 6c 73 20 61 72 65 20 65 78 63 68 61 6e 67 65 64 20 61 6e 64 20 70 6f 70 75 6c 61 74 65	abels.are.exchanged.and.populate
526a0	64 20 62 79 20 49 47 50 73 20 6c 69 6b 65 20 49 53 2d 49 53 2e 53 65 67 6d 65 6e 74 20 52 6f 75	d.by.IGPs.like.IS-IS.Segment.Rou
526c0	74 69 6e 67 20 61 73 20 70 65 72 20 52 46 43 38 36 36 37 20 66 6f 72 20 4d 50 4c 53 20 64 61 74	ting.as.per.RFC8667.for.MPLS.dat
526e0	61 70 6c 61 6e 65 2e 20 49 74 20 73 75 70 70 6f 72 74 73 20 49 50 76 34 2c 20 49 50 76 36 20 61	aplane..It.supports.IPv4,.IPv6.a
52700	6e 64 20 45 43 4d 50 20 61 6e 64 20 68 61 73 20 62 65 65 6e 20 74 65 73 74 65 64 20 61 67 61 69	nd.ECMP.and.has.been.tested.agai
52720	6e 73 74 20 43 69 73 63 6f 20 26 20 4a 75 6e 69 70 65 72 20 72 6f 75 74 65 72 73 2e 68 6f 77 65	nst.Cisco.&.Juniper.routers.howe
52740	76 65 72 2c 74 68 69 73 20 64 65 70 6c 6f 79 6d 65 6e 74 20 69 73 20 73 74 69 6c 6c 20 45 58 50	ver,this.deployment.is.still.EXP
52760	45 52 49 4d 45 4e 54 41 4c 20 66 6f 72 20 46 52 52 2e 00 53 65 6c 65 63 74 20 63 69 70 68 65 72	ERIMENTAL.for.FRR..Select.cipher
52780	20 73 75 69 74 65 20 75 73 65 64 20 66 6f 72 20 63 72 79 70 74 6f 67 72 61 70 68 69 63 20 6f 70	.suite.used.for.cryptographic.op
527a0	65 72 61 74 69 6f 6e 73 2e 20 54 68 69 73 20 73 65 74 74 69 6e 67 20 69 73 20 6d 61 6e 64 61 74	erations..This.setting.is.mandat
527c0	6f 72 79 2e 00 53 65 6c 65 63 74 20 68 6f 77 20 6c 61 62 65 6c 73 20 61 72 65 20 61 6c 6c 6f 63	ory..Select.how.labels.are.alloc
527e0	61 74 65 64 20 69 6e 20 74 68 65 20 67 69 76 65 6e 20 56 52 46 2e 20 42 79 20 64 65 66 61 75 6c	ated.in.the.given.VRF..By.defaul
52800	74 2c 20 74 68 65 20 70 65 72 2d 76 72 66 20 6d 6f 64 65 20 69 73 20 73 65 6c 65 63 74 65 64 2c	t,.the.per-vrf.mode.is.selected,
52820	20 61 6e 64 20 6f 6e 65 20 6c 61 62 65 6c 20 69 73 20 75 73 65 64 20 66 6f 72 20 61 6c 6c 20 70	.and.one.label.is.used.for.all.p
52840	72 65 66 69 78 65 73 20 66 72 6f 6d 20 74 68 65 20 56 52 46 2e 20 54 68 65 20 70 65 72 2d 6e 65	refixes.from.the.VRF..The.per-ne
52860	78 74 68 6f 70 20 77 69 6c 6c 20 75 73 65 20 61 20 75 6e 69 71 75 65 20 6c 61 62 65 6c 20 66 6f	xthop.will.use.a.unique.label.fo
52880	72 20 61 6c 6c 20 70 72 65 66 69 78 65 73 20 74 68 61 74 20 61 72 65 20 72 65 61 63 68 61 62 6c	r.all.prefixes.that.are.reachabl
528a0	65 20 76 69 61 20 74 68 65 20 73 61 6d 65 20 6e 65 78 74 68 6f 70 2e 00 53 65 6c 66 20 53 69 67	e.via.the.same.nexthop..Self.Sig
528c0	6e 65 64 20 43 41 00 53 65 6e 64 20 61 20 50 72 6f 78 79 20 50 72 6f 74 6f 63 6f 6c 20 76 65 72	ned.CA.Send.a.Proxy.Protocol.ver
528e0	73 69 6f 6e 20 31 20 68 65 61 64 65 72 20 28 74 65 78 74 20 66 6f 72 6d 61 74 29 00 53 65 6e 64	sion.1.header.(text.format).Send
52900	20 61 20 50 72 6f 78 79 20 50 72 6f 74 6f 63 6f 6c 20 76 65 72 73 69 6f 6e 20 32 20 68 65 61 64	.a.Proxy.Protocol.version.2.head
52920	65 72 20 28 62 69 6e 61 72 79 20 66 6f 72 6d 61 74 29 00 53 65 6e 64 20 61 6c 6c 20 44 4e 53 20	er.(binary.format).Send.all.DNS.
52940	71 75 65 72 69 65 73 20 74 6f 20 74 68 65 20 49 50 76 34 2f 49 50 76 36 20 44 4e 53 20 73 65 72	queries.to.the.IPv4/IPv6.DNS.ser
52960	76 65 72 20 73 70 65 63 69 66 69 65 64 20 75 6e 64 65 72 20 60 3c 61 64 64 72 65 73 73 3e 60 20	ver.specified.under.`<address>`.
52980	6f 6e 20 6f 70 74 69 6f 6e 61 6c 20 70 6f 72 74 20 73 70 65 63 69 66 69 65 64 20 75 6e 64 65 72	on.optional.port.specified.under
529a0	20 60 3c 70 6f 72 74 3e 60 2e 20 54 68 65 20 70 6f 72 74 20 64 65 66 61 75 6c 74 73 20 74 6f 20	.`<port>`..The.port.defaults.to.
529c0	35 33 2e 20 59 6f 75 20 63 61 6e 20 63 6f 6e 66 69 67 75 72 65 20 6d 75 6c 74 69 70 6c 65 20 6e	53..You.can.configure.multiple.n
529e0	61 6d 65 73 65 72 76 65 72 73 20 68 65 72 65 2e 00 53 65 6e 64 20 65 6d 70 74 79 20 53 53 49 44	ameservers.here..Send.empty.SSID
52a00	20 69 6e 20 62 65 61 63 6f 6e 73 20 61 6e 64 20 69 67 6e 6f 72 65 20 70 72 6f 62 65 20 72 65 71	.in.beacons.and.ignore.probe.req
52a20	75 65 73 74 20 66 72 61 6d 65 73 20 74 68 61 74 20 64 6f 20 6e 6f 74 20 73 70 65 63 69 66 79 20	uest.frames.that.do.not.specify.
52a40	66 75 6c 6c 20 53 53 49 44 2c 20 69 2e 65 2e 2c 20 72 65 71 75 69 72 65 20 73 74 61 74 69 6f 6e	full.SSID,.i.e.,.require.station
52a60	73 20 74 6f 20 6b 6e 6f 77 20 53 53 49 44 2e 00 53 65 72 69 61 6c 20 43 6f 6e 73 6f 6c 65 00 53	s.to.know.SSID..Serial.Console.S
52a80	65 72 69 61 6c 20 69 6e 74 65 72 66 61 63 65 73 20 63 61 6e 20 62 65 20 61 6e 79 20 69 6e 74 65	erial.interfaces.can.be.any.inte
52aa0	72 66 61 63 65 20 77 68 69 63 68 20 69 73 20 64 69 72 65 63 74 6c 79 20 63 6f 6e 6e 65 63 74 65	rface.which.is.directly.connecte
52ac0	64 20 74 6f 20 74 68 65 20 43 50 55 20 6f 72 20 63 68 69 70 73 65 74 20 28 6d 6f 73 74 6c 79 20	d.to.the.CPU.or.chipset.(mostly.
52ae0	6b 6e 6f 77 6e 20 61 73 20 61 20 74 74 79 53 20 69 6e 74 65 72 66 61 63 65 20 69 6e 20 4c 69 6e	known.as.a.ttyS.interface.in.Lin
52b00	75 78 29 20 6f 72 20 61 6e 79 20 6f 74 68 65 72 20 55 53 42 20 74 6f 20 73 65 72 69 61 6c 20 63	ux).or.any.other.USB.to.serial.c
52b20	6f 6e 76 65 72 74 65 72 20 28 50 72 6f 6c 69 66 69 63 20 50 4c 32 33 30 33 20 6f 72 20 46 54 44	onverter.(Prolific.PL2303.or.FTD
52b40	49 20 46 54 32 33 32 2f 46 54 34 32 33 32 20 62 61 73 65 64 20 63 68 69 70 73 29 2e 00 53 65 72	I.FT232/FT4232.based.chips)..Ser
52b60	76 65 72 00 53 65 72 76 65 72 20 43 65 72 74 69 66 69 63 61 74 65 00 53 65 72 76 65 72 20 43 6f	ver.Server.Certificate.Server.Co
52b80	6e 66 69 67 75 72 61 74 69 6f 6e 00 53 65 72 76 65 72 20 53 69 64 65 00 53 65 72 76 65 72 20 63	nfiguration.Server.Side.Server.c
52ba0	6f 6e 66 69 67 75 72 61 74 69 6f 6e 00 53 65 72 76 65 72 20 6e 61 6d 65 73 20 66 6f 72 20 76 69	onfiguration.Server.names.for.vi
52bc0	72 74 75 61 6c 20 68 6f 73 74 73 20 69 74 20 63 61 6e 20 62 65 20 65 78 61 63 74 2c 20 77 69 6c	rtual.hosts.it.can.be.exact,.wil
52be0	64 63 61 72 64 20 6f 72 20 72 65 67 65 78 2e 00 53 65 72 76 65 72 3a 00 53 65 72 76 69 63 65 00	dcard.or.regex..Server:.Service.
52c00	53 65 72 76 69 63 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 69 73 20 72 65 73 70 6f 6e 73	Service.configuration.is.respons
52c20	69 62 6c 65 20 66 6f 72 20 62 69 6e 64 69 6e 67 20 74 6f 20 61 20 73 70 65 63 69 66 69 63 20 70	ible.for.binding.to.a.specific.p
52c40	6f 72 74 2c 20 77 68 69 6c 65 20 74 68 65 20 62 61 63 6b 65 6e 64 20 63 6f 6e 66 69 67 75 72 61	ort,.while.the.backend.configura
52c60	74 69 6f 6e 20 64 65 74 65 72 6d 69 6e 65 73 20 74 68 65 20 74 79 70 65 20 6f 66 20 6c 6f 61 64	tion.determines.the.type.of.load
52c80	20 62 61 6c 61 6e 63 69 6e 67 20 74 6f 20 62 65 20 61 70 70 6c 69 65 64 20 61 6e 64 20 73 70 65	.balancing.to.be.applied.and.spe
52ca0	63 69 66 69 65 73 20 74 68 65 20 72 65 61 6c 20 73 65 72 76 65 72 73 20 74 6f 20 62 65 20 75 74	cifies.the.real.servers.to.be.ut
52cc0	69 6c 69 7a 65 64 2e 00 53 65 74 20 42 46 44 20 70 65 65 72 20 49 50 76 34 20 61 64 64 72 65 73	ilized..Set.BFD.peer.IPv4.addres
52ce0	73 20 6f 72 20 49 50 76 36 20 61 64 64 72 65 73 73 00 53 65 74 20 42 47 50 20 63 6f 6d 6d 75 6e	s.or.IPv6.address.Set.BGP.commun
52d00	69 74 79 2d 6c 69 73 74 20 74 6f 20 65 78 61 63 74 6c 79 20 6d 61 74 63 68 2e 00 53 65 74 20 42	ity-list.to.exactly.match..Set.B
52d20	47 50 20 6c 6f 63 61 6c 20 70 72 65 66 65 72 65 6e 63 65 20 61 74 74 72 69 62 75 74 65 2e 00 53	GP.local.preference.attribute..S
52d40	65 74 20 42 47 50 20 6f 72 69 67 69 6e 20 63 6f 64 65 2e 00 53 65 74 20 42 47 50 20 6f 72 69 67	et.BGP.origin.code..Set.BGP.orig
52d60	69 6e 61 74 6f 72 20 49 44 20 61 74 74 72 69 62 75 74 65 2e 00 53 65 74 20 42 47 50 20 77 65 69	inator.ID.attribute..Set.BGP.wei
52d80	67 68 74 20 61 74 74 72 69 62 75 74 65 00 53 65 74 20 44 4e 41 54 20 72 75 6c 65 20 32 30 20 74	ght.attribute.Set.DNAT.rule.20.t
52da0	6f 20 6f 6e 6c 79 20 4e 41 54 20 55 44 50 20 70 61 63 6b 65 74 73 00 53 65 74 20 49 50 20 66 72	o.only.NAT.UDP.packets.Set.IP.fr
52dc0	61 67 6d 65 6e 74 20 6d 61 74 63 68 2c 20 77 68 65 72 65 3a 00 53 65 74 20 49 50 53 65 63 20 69	agment.match,.where:.Set.IPSec.i
52de0	6e 62 6f 75 6e 64 20 6d 61 74 63 68 20 63 72 69 74 65 72 69 61 73 2c 20 77 68 65 72 65 3a 00 53	nbound.match.criterias,.where:.S
52e00	65 74 20 4f 53 50 46 20 65 78 74 65 72 6e 61 6c 20 6d 65 74 72 69 63 2d 74 79 70 65 2e 00 53 65	et.OSPF.external.metric-type..Se
52e20	74 20 53 4e 41 54 20 72 75 6c 65 20 32 30 20 74 6f 20 6f 6e 6c 79 20 4e 41 54 20 54 43 50 20 61	t.SNAT.rule.20.to.only.NAT.TCP.a
52e40	6e 64 20 55 44 50 20 70 61 63 6b 65 74 73 00 53 65 74 20 53 4e 41 54 20 72 75 6c 65 20 32 30 20	nd.UDP.packets.Set.SNAT.rule.20.
52e60	74 6f 20 6f 6e 6c 79 20 4e 41 54 20 70 61 63 6b 65 74 73 20 61 72 72 69 76 69 6e 67 20 66 72 6f	to.only.NAT.packets.arriving.fro
52e80	6d 20 74 68 65 20 31 39 32 2e 30 2e 32 2e 30 2f 32 34 20 6e 65 74 77 6f 72 6b 00 53 65 74 20 53	m.the.192.0.2.0/24.network.Set.S
52ea0	4e 41 54 20 72 75 6c 65 20 33 30 20 74 6f 20 6f 6e 6c 79 20 4e 41 54 20 70 61 63 6b 65 74 73 20	NAT.rule.30.to.only.NAT.packets.
52ec0	61 72 72 69 76 69 6e 67 20 66 72 6f 6d 20 74 68 65 20 32 30 33 2e 30 2e 31 31 33 2e 30 2f 32 34	arriving.from.the.203.0.113.0/24
52ee0	20 6e 65 74 77 6f 72 6b 20 77 69 74 68 20 61 20 73 6f 75 72 63 65 20 70 6f 72 74 20 6f 66 20 38	.network.with.a.source.port.of.8
52f00	30 20 61 6e 64 20 34 34 33 00 53 65 74 20 53 53 4c 20 63 65 72 74 65 66 69 63 61 74 65 20 3c 6e	0.and.443.Set.SSL.certeficate.<n
52f20	61 6d 65 3e 20 66 6f 72 20 73 65 72 76 69 63 65 20 3c 6e 61 6d 65 3e 00 53 65 74 20 54 54 4c 20	ame>.for.service.<name>.Set.TTL.
52f40	74 6f 20 33 30 30 20 73 65 63 6f 6e 64 73 00 53 65 74 20 56 69 72 74 75 61 6c 20 54 75 6e 6e 65	to.300.seconds.Set.Virtual.Tunne
52f60	6c 20 49 6e 74 65 72 66 61 63 65 00 53 65 74 20 61 20 63 6f 6e 74 61 69 6e 65 72 20 64 65 73 63	l.Interface.Set.a.container.desc
52f80	72 69 70 74 69 6f 6e 00 53 65 74 20 61 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 61 6e 64 2f 6f 72	ription.Set.a.destination.and/or
52fa0	20 73 6f 75 72 63 65 20 70 6f 72 74 2e 20 41 63 63 65 70 74 65 64 20 69 6e 70 75 74 3a 00 53 65	.source.port..Accepted.input:.Se
52fc0	74 20 61 20 68 75 6d 61 6e 20 72 65 61 64 61 62 6c 65 2c 20 64 65 73 63 72 69 70 74 69 76 65 20	t.a.human.readable,.descriptive.
52fe0	61 6c 69 61 73 20 66 6f 72 20 74 68 69 73 20 63 6f 6e 6e 65 63 74 69 6f 6e 2e 20 41 6c 69 61 73	alias.for.this.connection..Alias
53000	20 69 73 20 75 73 65 64 20 62 79 20 65 2e 67 2e 20 74 68 65 20 3a 6f 70 63 6d 64 3a 60 73 68 6f	.is.used.by.e.g..the.:opcmd:`sho
53020	77 20 69 6e 74 65 72 66 61 63 65 73 60 20 63 6f 6d 6d 61 6e 64 20 6f 72 20 53 4e 4d 50 20 62 61	w.interfaces`.command.or.SNMP.ba
53040	73 65 64 20 6d 6f 6e 69 74 6f 72 69 6e 67 20 74 6f 6f 6c 73 2e 00 53 65 74 20 61 20 6c 69 6d 69	sed.monitoring.tools..Set.a.limi
53060	74 20 6f 6e 20 74 68 65 20 6d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 63 6f 6e 63 75	t.on.the.maximum.number.of.concu
53080	72 72 65 6e 74 20 6c 6f 67 67 65 64 2d 69 6e 20 75 73 65 72 73 20 6f 6e 20 74 68 65 20 73 79 73	rrent.logged-in.users.on.the.sys
530a0	74 65 6d 2e 00 53 65 74 20 61 20 6d 65 61 6e 69 6e 67 66 75 6c 20 64 65 73 63 72 69 70 74 69 6f	tem..Set.a.meaningful.descriptio
530c0	6e 2e 00 53 65 74 20 61 20 6e 61 6d 65 64 20 61 70 69 20 6b 65 79 2e 20 45 76 65 72 79 20 6b 65	n..Set.a.named.api.key..Every.ke
530e0	79 20 68 61 73 20 74 68 65 20 73 61 6d 65 2c 20 66 75 6c 6c 20 70 65 72 6d 69 73 73 69 6f 6e 73	y.has.the.same,.full.permissions
53100	20 6f 6e 20 74 68 65 20 73 79 73 74 65 6d 2e 00 53 65 74 20 61 20 72 75 6c 65 20 64 65 73 63 72	.on.the.system..Set.a.rule.descr
53120	69 70 74 69 6f 6e 2e 00 53 65 74 20 61 20 73 70 65 63 69 66 69 63 20 63 6f 6e 6e 65 63 74 69 6f	iption..Set.a.specific.connectio
53140	6e 20 6d 61 72 6b 2e 00 53 65 74 20 61 20 73 70 65 63 69 66 69 63 20 70 61 63 6b 65 74 20 6d 61	n.mark..Set.a.specific.packet.ma
53160	72 6b 2e 00 53 65 74 20 61 63 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 72 6f 75 74 65 2d 6d 61 70	rk..Set.action.for.the.route-map
53180	20 70 6f 6c 69 63 79 2e 00 53 65 74 20 61 63 74 69 6f 6e 20 74 6f 20 74 61 6b 65 20 6f 6e 20 65	.policy..Set.action.to.take.on.e
531a0	6e 74 72 69 65 73 20 6d 61 74 63 68 69 6e 67 20 74 68 69 73 20 72 75 6c 65 2e 00 53 65 74 20 61	ntries.matching.this.rule..Set.a
531c0	6e 20 41 50 49 2d 4b 45 59 20 69 73 20 74 68 65 20 6d 69 6e 69 6d 61 6c 20 63 6f 6e 66 69 67 75	n.API-KEY.is.the.minimal.configu
531e0	72 61 74 69 6f 6e 20 74 6f 20 67 65 74 20 61 20 77 6f 72 6b 69 6e 67 20 41 50 49 20 45 6e 64 70	ration.to.get.a.working.API.Endp
53200	6f 69 6e 74 2e 00 53 65 74 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 62 61 63 6b 65 6e 64	oint..Set.authentication.backend
53220	2e 20 54 68 65 20 63 6f 6e 66 69 67 75 72 65 64 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20	..The.configured.authentication.
53240	62 61 63 6b 65 6e 64 20 69 73 20 75 73 65 64 20 66 6f 72 20 61 6c 6c 20 71 75 65 72 69 65 73 2e	backend.is.used.for.all.queries.
53260	00 53 65 74 20 63 6f 6e 74 61 69 6e 65 72 20 63 61 70 61 62 69 6c 69 74 69 65 73 20 6f 72 20 70	.Set.container.capabilities.or.p
53280	65 72 6d 69 73 73 69 6f 6e 73 2e 00 53 65 74 20 64 65 6c 61 79 20 62 65 74 77 65 65 6e 20 67 72	ermissions..Set.delay.between.gr
532a0	61 74 75 69 74 6f 75 73 20 41 52 50 20 6d 65 73 73 61 67 65 73 20 73 65 6e 74 20 6f 6e 20 61 6e	atuitous.ARP.messages.sent.on.an
532c0	20 69 6e 74 65 72 66 61 63 65 2e 00 53 65 74 20 64 65 6c 61 79 20 66 6f 72 20 73 65 63 6f 6e 64	.interface..Set.delay.for.second
532e0	20 73 65 74 20 6f 66 20 67 72 61 74 75 69 74 6f 75 73 20 41 52 50 73 20 61 66 74 65 72 20 74 72	.set.of.gratuitous.ARPs.after.tr
53300	61 6e 73 69 74 69 6f 6e 20 74 6f 20 4d 41 53 54 45 52 2e 00 53 65 74 20 64 65 73 63 72 69 70 74	ansition.to.MASTER..Set.descript
53320	69 6f 6e 20 66 6f 72 20 61 73 2d 70 61 74 68 2d 6c 69 73 74 20 70 6f 6c 69 63 79 2e 00 53 65 74	ion.for.as-path-list.policy..Set
53340	20 64 65 73 63 72 69 70 74 69 6f 6e 20 66 6f 72 20 63 6f 6d 6d 75 6e 69 74 79 2d 6c 69 73 74 20	.description.for.community-list.
53360	70 6f 6c 69 63 79 2e 00 53 65 74 20 64 65 73 63 72 69 70 74 69 6f 6e 20 66 6f 72 20 65 78 74 63	policy..Set.description.for.extc
53380	6f 6d 6d 75 6e 69 74 79 2d 6c 69 73 74 20 70 6f 6c 69 63 79 2e 00 53 65 74 20 64 65 73 63 72 69	ommunity-list.policy..Set.descri
533a0	70 74 69 6f 6e 20 66 6f 72 20 6c 61 72 67 65 2d 63 6f 6d 6d 75 6e 69 74 79 2d 6c 69 73 74 20 70	ption.for.large-community-list.p
533c0	6f 6c 69 63 79 2e 00 53 65 74 20 64 65 73 63 72 69 70 74 69 6f 6e 20 66 6f 72 20 72 75 6c 65 20	olicy..Set.description.for.rule.
533e0	69 6e 20 49 50 76 36 20 70 72 65 66 69 78 2d 6c 69 73 74 2e 00 53 65 74 20 64 65 73 63 72 69 70	in.IPv6.prefix-list..Set.descrip
53400	74 69 6f 6e 20 66 6f 72 20 72 75 6c 65 20 69 6e 20 74 68 65 20 70 72 65 66 69 78 2d 6c 69 73 74	tion.for.rule.in.the.prefix-list
53420	2e 00 53 65 74 20 64 65 73 63 72 69 70 74 69 6f 6e 20 66 6f 72 20 72 75 6c 65 2e 00 53 65 74 20	..Set.description.for.rule..Set.
53440	64 65 73 63 72 69 70 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 49 50 76 36 20 61 63 63 65 73 73 20	description.for.the.IPv6.access.
53460	6c 69 73 74 2e 00 53 65 74 20 64 65 73 63 72 69 70 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 49 50	list..Set.description.for.the.IP
53480	76 36 20 70 72 65 66 69 78 2d 6c 69 73 74 20 70 6f 6c 69 63 79 2e 00 53 65 74 20 64 65 73 63 72	v6.prefix-list.policy..Set.descr
534a0	69 70 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 61 63 63 65 73 73 20 6c 69 73 74 2e 00 53 65 74 20	iption.for.the.access.list..Set.
534c0	64 65 73 63 72 69 70 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 70 72 65 66 69 78 2d 6c 69 73 74 20	description.for.the.prefix-list.
534e0	70 6f 6c 69 63 79 2e 00 53 65 74 20 64 65 73 63 72 69 70 74 69 6f 6e 20 66 6f 72 20 74 68 65 20	policy..Set.description.for.the.
53500	72 6f 75 74 65 2d 6d 61 70 20 70 6f 6c 69 63 79 2e 00 53 65 74 20 64 65 73 63 72 69 70 74 69 6f	route-map.policy..Set.descriptio
53520	6e 20 66 6f 72 20 74 68 65 20 72 75 6c 65 20 69 6e 20 74 68 65 20 72 6f 75 74 65 2d 6d 61 70 20	n.for.the.rule.in.the.route-map.
53540	70 6f 6c 69 63 79 2e 00 53 65 74 20 64 65 73 63 72 69 70 74 69 6f 6e 20 6f 66 20 74 68 65 20 70	policy..Set.description.of.the.p
53560	65 65 72 20 6f 72 20 70 65 65 72 20 67 72 6f 75 70 2e 00 53 65 74 20 64 65 73 74 69 6e 61 74 69	eer.or.peer.group..Set.destinati
53580	6f 6e 20 61 64 64 72 65 73 73 20 6f 72 20 70 72 65 66 69 78 20 74 6f 20 6d 61 74 63 68 2e 00 53	on.address.or.prefix.to.match..S
535a0	65 74 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 72 6f 75 74 69 6e 67 20 70 72 6f 74 6f 63 6f 6c 20	et.destination.routing.protocol.
535c0	6d 65 74 72 69 63 2e 20 41 64 64 20 6f 72 20 73 75 62 74 72 61 63 74 20 6d 65 74 72 69 63 2c 20	metric..Add.or.subtract.metric,.
535e0	6f 72 20 73 65 74 20 6d 65 74 72 69 63 20 76 61 6c 75 65 2e 00 53 65 74 20 65 74 68 31 20 74 6f	or.set.metric.value..Set.eth1.to
53600	20 62 65 20 74 68 65 20 6c 69 73 74 65 6e 69 6e 67 20 69 6e 74 65 72 66 61 63 65 20 66 6f 72 20	.be.the.listening.interface.for.
53620	74 68 65 20 44 48 43 50 76 36 20 72 65 6c 61 79 2e 00 53 65 74 20 65 78 65 63 75 74 69 6f 6e 20	the.DHCPv6.relay..Set.execution.
53640	74 69 6d 65 20 69 6e 20 63 6f 6d 6d 6f 6e 20 63 72 6f 6e 5f 20 74 69 6d 65 20 66 6f 72 6d 61 74	time.in.common.cron_.time.format
53660	2e 20 41 20 63 72 6f 6e 20 60 3c 73 70 65 63 3e 60 20 6f 66 20 60 60 33 30 20 2a 2f 36 20 2a 20	..A.cron.`<spec>`.of.``30.*/6.*.
53680	2a 20 2a 60 60 20 77 6f 75 6c 64 20 65 78 65 63 75 74 65 20 74 68 65 20 60 3c 74 61 73 6b 3e 60	*.*``.would.execute.the.`<task>`
536a0	20 61 74 20 6d 69 6e 75 74 65 20 33 30 20 70 61 73 74 20 65 76 65 72 79 20 36 74 68 20 68 6f 75	.at.minute.30.past.every.6th.hou
536c0	72 2e 00 53 65 74 20 65 78 74 63 6f 6d 6d 75 6e 69 74 79 20 62 61 6e 64 77 69 64 74 68 00 53 65	r..Set.extcommunity.bandwidth.Se
536e0	74 20 69 66 20 61 6e 74 65 6e 6e 61 20 70 61 74 74 65 72 6e 20 64 6f 65 73 20 6e 6f 74 20 63 68	t.if.antenna.pattern.does.not.ch
53700	61 6e 67 65 20 64 75 72 69 6e 67 20 74 68 65 20 6c 69 66 65 74 69 6d 65 20 6f 66 20 61 6e 20 61	ange.during.the.lifetime.of.an.a
53720	73 73 6f 63 69 61 74 69 6f 6e 00 53 65 74 20 69 6e 62 6f 75 6e 64 20 69 6e 74 65 72 66 61 63 65	ssociation.Set.inbound.interface
53740	20 74 6f 20 6d 61 74 63 68 2e 00 53 65 74 20 69 6e 74 65 72 66 61 63 65 73 20 74 6f 20 61 20 7a	.to.match..Set.interfaces.to.a.z
53760	6f 6e 65 2e 20 41 20 7a 6f 6e 65 20 63 61 6e 20 68 61 76 65 20 6d 75 6c 74 69 70 6c 65 20 69 6e	one..A.zone.can.have.multiple.in
53780	74 65 72 66 61 63 65 73 2e 20 42 75 74 20 61 6e 20 69 6e 74 65 72 66 61 63 65 20 63 61 6e 20 6f	terfaces..But.an.interface.can.o
537a0	6e 6c 79 20 62 65 20 61 20 6d 65 6d 62 65 72 20 69 6e 20 6f 6e 65 20 7a 6f 6e 65 2e 00 53 65 74	nly.be.a.member.in.one.zone..Set
537c0	20 6c 6f 63 61 6c 20 3a 61 62 62 72 3a 60 41 53 4e 20 28 41 75 74 6f 6e 6f 6d 6f 75 73 20 53 79	.local.:abbr:`ASN.(Autonomous.Sy
537e0	73 74 65 6d 20 4e 75 6d 62 65 72 29 60 20 74 68 61 74 20 74 68 69 73 20 72 6f 75 74 65 72 20 72	stem.Number)`.that.this.router.r
53800	65 70 72 65 73 65 6e 74 73 2e 20 54 68 69 73 20 69 73 20 61 20 61 20 6d 61 6e 64 61 74 6f 72 79	epresents..This.is.a.a.mandatory
53820	20 6f 70 74 69 6f 6e 21 00 53 65 74 20 6c 6f 63 61 6c 20 61 75 74 6f 6e 6f 6d 6f 75 73 20 73 79	.option!.Set.local.autonomous.sy
53840	73 74 65 6d 20 6e 75 6d 62 65 72 20 74 68 61 74 20 74 68 69 73 20 72 6f 75 74 65 72 20 72 65 70	stem.number.that.this.router.rep
53860	72 65 73 65 6e 74 73 2e 20 54 68 69 73 20 69 73 20 61 20 6d 61 6e 64 61 74 6f 72 79 20 6f 70 74	resents..This.is.a.mandatory.opt
53880	69 6f 6e 21 00 53 65 74 20 6d 61 74 63 68 20 63 72 69 74 65 72 69 61 20 62 61 73 65 64 20 6f 6e	ion!.Set.match.criteria.based.on
538a0	20 63 6f 6e 6e 65 63 74 69 6f 6e 20 6d 61 72 6b 2e 00 53 65 74 20 6d 61 74 63 68 20 63 72 69 74	.connection.mark..Set.match.crit
538c0	65 72 69 61 20 62 61 73 65 64 20 6f 6e 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 70 6f 72 74 2c 20	eria.based.on.destination.port,.
538e0	77 68 65 72 65 20 3c 6d 61 74 63 68 5f 63 72 69 74 65 72 69 61 3e 20 63 6f 75 6c 64 20 62 65 3a	where.<match_criteria>.could.be:
53900	00 53 65 74 20 6d 61 74 63 68 20 63 72 69 74 65 72 69 61 20 62 61 73 65 64 20 6f 6e 20 73 65 73	.Set.match.criteria.based.on.ses
53920	73 69 6f 6e 20 73 74 61 74 65 2e 00 53 65 74 20 6d 61 74 63 68 20 63 72 69 74 65 72 69 61 20 62	sion.state..Set.match.criteria.b
53940	61 73 65 64 20 6f 6e 20 73 6f 75 72 63 65 20 6f 72 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 67 72	ased.on.source.or.destination.gr
53960	6f 75 70 73 2c 20 77 68 65 72 65 20 3c 74 65 78 74 3e 20 77 6f 75 6c 64 20 62 65 20 74 68 65 20	oups,.where.<text>.would.be.the.
53980	67 72 6f 75 70 20 6e 61 6d 65 2f 69 64 65 6e 74 69 66 69 65 72 2e 20 50 72 65 70 65 6e 64 20 63	group.name/identifier..Prepend.c
539a0	68 61 72 61 63 74 65 72 20 27 21 27 20 66 6f 72 20 69 6e 76 65 72 74 65 64 20 6d 61 74 63 68 69	haracter.'!'.for.inverted.matchi
539c0	6e 67 20 63 72 69 74 65 72 69 61 2e 00 53 65 74 20 6d 61 74 63 68 20 63 72 69 74 65 72 69 61 20	ng.criteria..Set.match.criteria.
539e0	62 61 73 65 64 20 6f 6e 20 73 6f 75 72 63 65 20 6f 72 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 69	based.on.source.or.destination.i
53a00	70 76 34 7c 69 70 76 36 20 61 64 64 72 65 73 73 2c 20 77 68 65 72 65 20 3c 6d 61 74 63 68 5f 63	pv4|ipv6.address,.where.<match_c
53a20	72 69 74 65 72 69 61 3e 20 63 6f 75 6c 64 20 62 65 3a 00 53 65 74 20 6d 61 74 63 68 20 63 72 69	riteria>.could.be:.Set.match.cri
53a40	74 65 72 69 61 20 62 61 73 65 64 20 6f 6e 20 74 63 70 20 66 6c 61 67 73 2e 20 41 6c 6c 6f 77 65	teria.based.on.tcp.flags..Allowe
53a60	64 20 76 61 6c 75 65 73 20 66 6f 72 20 54 43 50 20 66 6c 61 67 73 3a 20 53 59 4e 20 41 43 4b 20	d.values.for.TCP.flags:.SYN.ACK.
53a80	46 49 4e 20 52 53 54 20 55 52 47 20 50 53 48 20 41 4c 4c 2e 20 57 68 65 6e 20 73 70 65 63 69 66	FIN.RST.URG.PSH.ALL..When.specif
53aa0	79 69 6e 67 20 6d 6f 72 65 20 74 68 61 6e 20 6f 6e 65 20 66 6c 61 67 2c 20 66 6c 61 67 73 20 73	ying.more.than.one.flag,.flags.s
53ac0	68 6f 75 6c 64 20 62 65 20 63 6f 6d 6d 61 2d 73 65 70 61 72 61 74 65 64 2e 20 46 6f 72 20 65 78	hould.be.comma-separated..For.ex
53ae0	61 6d 70 6c 65 20 3a 20 76 61 6c 75 65 20 6f 66 20 27 53 59 4e 2c 21 41 43 4b 2c 21 46 49 4e 2c	ample.:.value.of.'SYN,!ACK,!FIN,
53b00	21 52 53 54 27 20 77 69 6c 6c 20 6f 6e 6c 79 20 6d 61 74 63 68 20 70 61 63 6b 65 74 73 20 77 69	!RST'.will.only.match.packets.wi
53b20	74 68 20 74 68 65 20 53 59 4e 20 66 6c 61 67 20 73 65 74 2c 20 61 6e 64 20 74 68 65 20 41 43 4b	th.the.SYN.flag.set,.and.the.ACK
53b40	2c 20 46 49 4e 20 61 6e 64 20 52 53 54 20 66 6c 61 67 73 20 75 6e 73 65 74 2e 00 53 65 74 20 6d	,.FIN.and.RST.flags.unset..Set.m
53b60	61 78 69 6d 75 6d 20 60 3c 73 69 7a 65 3e 60 20 6f 66 20 44 48 43 50 20 70 61 63 6b 65 74 73 20	aximum.`<size>`.of.DHCP.packets.
53b80	69 6e 63 6c 75 64 69 6e 67 20 72 65 6c 61 79 20 61 67 65 6e 74 20 69 6e 66 6f 72 6d 61 74 69 6f	including.relay.agent.informatio
53ba0	6e 2e 20 49 66 20 61 20 44 48 43 50 20 70 61 63 6b 65 74 20 73 69 7a 65 20 73 75 72 70 61 73 73	n..If.a.DHCP.packet.size.surpass
53bc0	65 73 20 74 68 69 73 20 76 61 6c 75 65 20 69 74 20 77 69 6c 6c 20 62 65 20 66 6f 72 77 61 72 64	es.this.value.it.will.be.forward
53be0	65 64 20 77 69 74 68 6f 75 74 20 61 70 70 65 6e 64 69 6e 67 20 72 65 6c 61 79 20 61 67 65 6e 74	ed.without.appending.relay.agent
53c00	20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 20 52 61 6e 67 65 20 36 34 2e 2e 2e 31 34 30 30 2c 20 64	.information..Range.64...1400,.d
53c20	65 66 61 75 6c 74 20 35 37 36 2e 00 53 65 74 20 6d 61 78 69 6d 75 6d 20 61 76 65 72 61 67 65 20	efault.576..Set.maximum.average.
53c40	6d 61 74 63 68 69 6e 67 20 72 61 74 65 2e 20 46 6f 72 6d 61 74 20 66 6f 72 20 72 61 74 65 3a 20	matching.rate..Format.for.rate:.
53c60	69 6e 74 65 67 65 72 2f 74 69 6d 65 5f 75 6e 69 74 2c 20 77 68 65 72 65 20 74 69 6d 65 5f 75 6e	integer/time_unit,.where.time_un
53c80	69 74 20 63 6f 75 6c 64 20 62 65 20 61 6e 79 20 6f 6e 65 20 6f 66 20 73 65 63 6f 6e 64 2c 20 6d	it.could.be.any.one.of.second,.m
53ca0	69 6e 75 74 65 2c 20 68 6f 75 72 20 6f 72 20 64 61 79 2e 46 6f 72 20 65 78 61 6d 70 6c 65 20 31	inute,.hour.or.day.For.example.1
53cc0	2f 73 65 63 6f 6e 64 20 69 6d 70 6c 69 65 73 20 72 75 6c 65 20 74 6f 20 62 65 20 6d 61 74 63 68	/second.implies.rule.to.be.match
53ce0	65 64 20 61 74 20 61 6e 20 61 76 65 72 61 67 65 20 6f 66 20 6f 6e 63 65 20 70 65 72 20 73 65 63	ed.at.an.average.of.once.per.sec
53d00	6f 6e 64 2e 00 53 65 74 20 6d 61 78 69 6d 75 6d 20 68 6f 70 20 63 6f 75 6e 74 20 62 65 66 6f 72	ond..Set.maximum.hop.count.befor
53d20	65 20 70 61 63 6b 65 74 73 20 61 72 65 20 64 69 73 63 61 72 64 65 64 2c 20 64 65 66 61 75 6c 74	e.packets.are.discarded,.default
53d40	3a 20 31 30 00 53 65 74 20 6d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 70 61 63 6b 65	:.10.Set.maximum.number.of.packe
53d60	74 73 20 74 6f 20 61 6c 6f 77 20 69 6e 20 65 78 63 65 73 73 20 6f 66 20 72 61 74 65 2e 00 53 65	ts.to.alow.in.excess.of.rate..Se
53d80	74 20 6d 69 6e 69 6d 75 6d 20 74 69 6d 65 20 69 6e 74 65 72 76 61 6c 20 66 6f 72 20 72 65 66 72	t.minimum.time.interval.for.refr
53da0	65 73 68 69 6e 67 20 67 72 61 74 75 69 74 6f 75 73 20 41 52 50 73 20 77 68 69 6c 65 20 4d 41 53	eshing.gratuitous.ARPs.while.MAS
53dc0	54 45 52 2e 00 53 65 74 20 6e 75 6d 62 65 72 20 6f 66 20 67 72 61 74 75 69 74 6f 75 73 20 41 52	TER..Set.number.of.gratuitous.AR
53de0	50 20 6d 65 73 73 61 67 65 73 20 74 6f 20 73 65 6e 64 20 61 74 20 61 20 74 69 6d 65 20 61 66 74	P.messages.to.send.at.a.time.aft
53e00	65 72 20 74 72 61 6e 73 69 74 69 6f 6e 20 74 6f 20 4d 41 53 54 45 52 2e 00 53 65 74 20 6e 75 6d	er.transition.to.MASTER..Set.num
53e20	62 65 72 20 6f 66 20 67 72 61 74 75 69 74 6f 75 73 20 41 52 50 20 6d 65 73 73 61 67 65 73 20 74	ber.of.gratuitous.ARP.messages.t
53e40	6f 20 73 65 6e 64 20 61 74 20 61 20 74 69 6d 65 20 77 68 69 6c 65 20 4d 41 53 54 45 52 2e 00 53	o.send.at.a.time.while.MASTER..S
53e60	65 74 20 6e 75 6d 62 65 72 20 6f 66 20 73 65 63 6f 6e 64 73 20 66 6f 72 20 48 65 6c 6c 6f 20 49	et.number.of.seconds.for.Hello.I
53e80	6e 74 65 72 76 61 6c 20 74 69 6d 65 72 20 76 61 6c 75 65 2e 20 53 65 74 74 69 6e 67 20 74 68 69	nterval.timer.value..Setting.thi
53ea0	73 20 76 61 6c 75 65 2c 20 48 65 6c 6c 6f 20 70 61 63 6b 65 74 20 77 69 6c 6c 20 62 65 20 73 65	s.value,.Hello.packet.will.be.se
53ec0	6e 74 20 65 76 65 72 79 20 74 69 6d 65 72 20 76 61 6c 75 65 20 73 65 63 6f 6e 64 73 20 6f 6e 20	nt.every.timer.value.seconds.on.
53ee0	74 68 65 20 73 70 65 63 69 66 69 65 64 20 69 6e 74 65 72 66 61 63 65 2e 20 54 68 69 73 20 76 61	the.specified.interface..This.va
53f00	6c 75 65 20 6d 75 73 74 20 62 65 20 74 68 65 20 73 61 6d 65 20 66 6f 72 20 61 6c 6c 20 72 6f 75	lue.must.be.the.same.for.all.rou
53f20	74 65 72 73 20 61 74 74 61 63 68 65 64 20 74 6f 20 61 20 63 6f 6d 6d 6f 6e 20 6e 65 74 77 6f 72	ters.attached.to.a.common.networ
53f40	6b 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 76 61 6c 75 65 20 69 73 20 31 30 20 73 65 63 6f 6e	k..The.default.value.is.10.secon
53f60	64 73 2e 20 54 68 65 20 69 6e 74 65 72 76 61 6c 20 72 61 6e 67 65 20 69 73 20 31 20 74 6f 20 36	ds..The.interval.range.is.1.to.6
53f80	35 35 33 35 2e 00 53 65 74 20 6e 75 6d 62 65 72 20 6f 66 20 73 65 63 6f 6e 64 73 20 66 6f 72 20	5535..Set.number.of.seconds.for.
53fa0	72 6f 75 74 65 72 20 44 65 61 64 20 49 6e 74 65 72 76 61 6c 20 74 69 6d 65 72 20 76 61 6c 75 65	router.Dead.Interval.timer.value
53fc0	20 75 73 65 64 20 66 6f 72 20 57 61 69 74 20 54 69 6d 65 72 20 61 6e 64 20 49 6e 61 63 74 69 76	.used.for.Wait.Timer.and.Inactiv
53fe0	69 74 79 20 54 69 6d 65 72 2e 20 54 68 69 73 20 76 61 6c 75 65 20 6d 75 73 74 20 62 65 20 74 68	ity.Timer..This.value.must.be.th
54000	65 20 73 61 6d 65 20 66 6f 72 20 61 6c 6c 20 72 6f 75 74 65 72 73 20 61 74 74 61 63 68 65 64 20	e.same.for.all.routers.attached.
54020	74 6f 20 61 20 63 6f 6d 6d 6f 6e 20 6e 65 74 77 6f 72 6b 2e 20 54 68 65 20 64 65 66 61 75 6c 74	to.a.common.network..The.default
54040	20 76 61 6c 75 65 20 69 73 20 34 30 20 73 65 63 6f 6e 64 73 2e 20 54 68 65 20 69 6e 74 65 72 76	.value.is.40.seconds..The.interv
54060	61 6c 20 72 61 6e 67 65 20 69 73 20 31 20 74 6f 20 36 35 35 33 35 2e 00 53 65 74 20 70 61 63 6b	al.range.is.1.to.65535..Set.pack
54080	65 74 20 6d 6f 64 69 66 69 63 61 74 69 6f 6e 73 3a 20 45 78 70 6c 69 63 69 74 6c 79 20 73 65 74	et.modifications:.Explicitly.set
540a0	20 54 43 50 20 4d 61 78 69 6d 75 6d 20 73 65 67 6d 65 6e 74 20 73 69 7a 65 20 76 61 6c 75 65 2e	.TCP.Maximum.segment.size.value.
540c0	00 53 65 74 20 70 61 63 6b 65 74 20 6d 6f 64 69 66 69 63 61 74 69 6f 6e 73 3a 20 50 61 63 6b 65	.Set.packet.modifications:.Packe
540e0	74 20 44 69 66 66 65 72 65 6e 74 69 61 74 65 64 20 53 65 72 76 69 63 65 73 20 43 6f 64 65 70 6f	t.Differentiated.Services.Codepo
54100	69 6e 74 20 28 44 53 43 50 29 00 53 65 74 20 70 61 72 61 6d 65 74 65 72 73 20 66 6f 72 20 6d 61	int.(DSCP).Set.parameters.for.ma
54120	74 63 68 69 6e 67 20 72 65 63 65 6e 74 6c 79 20 73 65 65 6e 20 73 6f 75 72 63 65 73 2e 20 54 68	tching.recently.seen.sources..Th
54140	69 73 20 6d 61 74 63 68 20 63 6f 75 6c 64 20 62 65 20 75 73 65 64 20 62 79 20 73 65 65 74 69 6e	is.match.could.be.used.by.seetin
54160	67 20 63 6f 75 6e 74 20 28 73 6f 75 72 63 65 20 61 64 64 72 65 73 73 20 73 65 65 6e 20 6d 6f 72	g.count.(source.address.seen.mor
54180	65 20 74 68 61 6e 20 3c 31 2d 32 35 35 3e 20 74 69 6d 65 73 29 20 61 6e 64 2f 6f 72 20 74 69 6d	e.than.<1-255>.times).and/or.tim
541a0	65 20 28 73 6f 75 72 63 65 20 61 64 64 72 65 73 73 20 73 65 65 6e 20 69 6e 20 74 68 65 20 6c 61	e.(source.address.seen.in.the.la
541c0	73 74 20 3c 30 2d 34 32 39 34 39 36 37 32 39 35 3e 20 73 65 63 6f 6e 64 73 29 2e 00 53 65 74 20	st.<0-4294967295>.seconds)..Set.
541e0	70 72 65 66 69 78 65 73 20 74 6f 20 74 61 62 6c 65 2e 00 53 65 74 20 70 72 6f 78 79 20 66 6f 72	prefixes.to.table..Set.proxy.for
54200	20 61 6c 6c 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 69 6e 69 74 69 61 74 65 64 20 62 79 20 56 79	.all.connections.initiated.by.Vy
54220	4f 53 2c 20 69 6e 63 6c 75 64 69 6e 67 20 48 54 54 50 2c 20 48 54 54 50 53 2c 20 61 6e 64 20 46	OS,.including.HTTP,.HTTPS,.and.F
54240	54 50 20 28 61 6e 6f 6e 79 6d 6f 75 73 20 66 74 70 29 2e 00 53 65 74 20 72 6f 75 74 65 20 74 61	TP.(anonymous.ftp)..Set.route.ta
54260	72 67 65 74 20 76 61 6c 75 65 20 69 6e 20 66 6f 72 6d 61 74 20 60 60 3c 30 2d 36 35 35 33 35 3a	rget.value.in.format.``<0-65535:
54280	30 2d 34 32 39 34 39 36 37 32 39 35 3e 60 60 20 6f 72 20 60 60 3c 49 50 3a 30 2d 36 35 35 33 35	0-4294967295>``.or.``<IP:0-65535
542a0	3e 60 60 2e 00 53 65 74 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 20 74 6f 20 66 6f 72 77 61 72	>``..Set.routing.table.to.forwar
542c0	64 20 70 61 63 6b 65 74 20 74 6f 2e 00 53 65 74 20 72 75 6c 65 20 61 63 74 69 6f 6e 20 74 6f 20	d.packet.to..Set.rule.action.to.
542e0	64 72 6f 70 2e 00 53 65 74 20 73 65 72 76 69 63 65 20 74 6f 20 62 69 6e 64 20 6f 6e 20 49 50 20	drop..Set.service.to.bind.on.IP.
54300	61 64 64 72 65 73 73 2c 20 62 79 20 64 65 66 61 75 6c 74 20 6c 69 73 74 65 6e 20 6f 6e 20 61 6e	address,.by.default.listen.on.an
54320	79 20 49 50 76 34 20 61 6e 64 20 49 50 76 36 00 53 65 74 20 73 69 74 65 20 6f 66 20 6f 72 69 67	y.IPv4.and.IPv6.Set.site.of.orig
54340	69 6e 20 76 61 6c 75 65 20 69 6e 20 66 6f 72 6d 61 74 20 60 60 3c 30 2d 36 35 35 33 35 3a 30 2d	in.value.in.format.``<0-65535:0-
54360	34 32 39 34 39 36 37 32 39 35 3e 60 60 20 6f 72 20 60 60 3c 49 50 3a 30 2d 36 35 35 33 35 3e 60	4294967295>``.or.``<IP:0-65535>`
54380	60 2e 00 53 65 74 20 73 6f 6d 65 20 61 74 74 72 69 62 75 74 65 73 20 28 6c 69 6b 65 20 41 53 20	`..Set.some.attributes.(like.AS.
543a0	50 41 54 48 20 6f 72 20 43 6f 6d 6d 75 6e 69 74 79 20 76 61 6c 75 65 29 20 74 6f 20 61 64 76 65	PATH.or.Community.value).to.adve
543c0	72 74 69 73 65 64 20 72 6f 75 74 65 73 20 74 6f 20 6e 65 69 67 68 62 6f 72 73 2e 00 53 65 74 20	rtised.routes.to.neighbors..Set.
543e0	73 6f 6d 65 20 6d 65 74 72 69 63 20 74 6f 20 72 6f 75 74 65 73 20 6c 65 61 72 6e 65 64 20 66 72	some.metric.to.routes.learned.fr
54400	6f 6d 20 61 20 70 61 72 74 69 63 75 6c 61 72 20 6e 65 69 67 68 62 6f 72 2e 00 53 65 74 20 73 6f	om.a.particular.neighbor..Set.so
54420	75 72 63 65 20 49 50 2f 49 50 76 36 20 61 64 64 72 65 73 73 20 66 6f 72 20 72 6f 75 74 65 2e 00	urce.IP/IPv6.address.for.route..
54440	53 65 74 20 73 6f 75 72 63 65 20 61 64 64 72 65 73 73 20 6f 72 20 70 72 65 66 69 78 20 74 6f 20	Set.source.address.or.prefix.to.
54460	6d 61 74 63 68 2e 00 53 65 74 20 73 6f 75 72 63 65 2d 61 64 64 72 65 73 73 20 74 6f 20 79 6f 75	match..Set.source-address.to.you
54480	72 20 6c 6f 63 61 6c 20 49 50 20 28 4c 41 4e 29 2e 00 53 65 74 20 74 61 67 20 76 61 6c 75 65 20	r.local.IP.(LAN)..Set.tag.value.
544a0	66 6f 72 20 72 6f 75 74 69 6e 67 20 70 72 6f 74 6f 63 6f 6c 2e 00 53 65 74 20 74 68 65 20 22 72	for.routing.protocol..Set.the."r
544c0	65 63 75 72 73 69 6f 6e 20 64 65 73 69 72 65 64 22 20 62 69 74 20 69 6e 20 72 65 71 75 65 73 74	ecursion.desired".bit.in.request
544e0	73 20 74 6f 20 74 68 65 20 75 70 73 74 72 65 61 6d 20 6e 61 6d 65 73 65 72 76 65 72 2e 00 53 65	s.to.the.upstream.nameserver..Se
54500	74 20 74 68 65 20 42 47 50 20 6e 65 78 74 68 6f 70 20 61 64 64 72 65 73 73 20 74 6f 20 74 68 65	t.the.BGP.nexthop.address.to.the
54520	20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 70 65 65 72 2e 20 46 6f 72 20 61 6e 20 69 6e 63	.address.of.the.peer..For.an.inc
54540	6f 6d 69 6e 67 20 72 6f 75 74 65 2d 6d 61 70 20 74 68 69 73 20 6d 65 61 6e 73 20 74 68 65 20 69	oming.route-map.this.means.the.i
54560	70 20 61 64 64 72 65 73 73 20 6f 66 20 6f 75 72 20 70 65 65 72 20 69 73 20 75 73 65 64 2e 20 46	p.address.of.our.peer.is.used..F
54580	6f 72 20 61 6e 20 6f 75 74 67 6f 69 6e 67 20 72 6f 75 74 65 2d 6d 61 70 20 74 68 69 73 20 6d 65	or.an.outgoing.route-map.this.me
545a0	61 6e 73 20 74 68 65 20 69 70 20 61 64 64 72 65 73 73 20 6f 66 20 6f 75 72 20 73 65 6c 66 20 69	ans.the.ip.address.of.our.self.i
545c0	73 20 75 73 65 64 20 74 6f 20 65 73 74 61 62 6c 69 73 68 20 74 68 65 20 70 65 65 72 69 6e 67 20	s.used.to.establish.the.peering.
545e0	77 69 74 68 20 6f 75 72 20 6e 65 69 67 68 62 6f 72 2e 00 53 65 74 20 74 68 65 20 49 50 20 61 64	with.our.neighbor..Set.the.IP.ad
54600	64 72 65 73 73 20 6f 66 20 74 68 65 20 6c 6f 63 61 6c 20 69 6e 74 65 72 66 61 63 65 20 74 6f 20	dress.of.the.local.interface.to.
54620	62 65 20 75 73 65 64 20 66 6f 72 20 74 68 65 20 74 75 6e 6e 65 6c 2e 00 53 65 74 20 74 68 65 20	be.used.for.the.tunnel..Set.the.
54640	49 50 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 72 65 6d 6f 74 65 20 70 65 65 72 2e 20 49	IP.address.of.the.remote.peer..I
54660	74 20 6d 61 79 20 62 65 20 73 70 65 63 69 66 69 65 64 20 61 73 20 61 6e 20 49 50 76 34 20 61 64	t.may.be.specified.as.an.IPv4.ad
54680	64 72 65 73 73 20 6f 72 20 61 6e 20 49 50 76 36 20 61 64 64 72 65 73 73 2e 00 53 65 74 20 74 68	dress.or.an.IPv6.address..Set.th
546a0	65 20 49 50 76 34 20 73 6f 75 72 63 65 20 76 61 6c 69 64 61 74 69 6f 6e 20 6d 6f 64 65 2e 20 54	e.IPv4.source.validation.mode..T
546c0	68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 73 79 73 74 65 6d 20 70 61 72 61 6d 65 74 65 72 20 77 69	he.following.system.parameter.wi
546e0	6c 6c 20 62 65 20 61 6c 74 65 72 65 64 3a 00 53 65 74 20 74 68 65 20 4d 4c 44 20 6c 61 73 74 20	ll.be.altered:.Set.the.MLD.last.
54700	6d 65 6d 62 65 72 20 71 75 65 72 79 20 63 6f 75 6e 74 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20	member.query.count..The.default.
54720	76 61 6c 75 65 20 69 73 20 32 2e 00 53 65 74 20 74 68 65 20 4d 4c 44 20 6c 61 73 74 20 6d 65 6d	value.is.2..Set.the.MLD.last.mem
54740	62 65 72 20 71 75 65 72 79 20 69 6e 74 65 72 76 61 6c 20 69 6e 20 6d 69 6c 6c 69 73 65 63 6f 6e	ber.query.interval.in.millisecon
54760	64 73 20 28 31 30 30 2d 36 35 35 33 35 30 30 29 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 76 61	ds.(100-6553500)..The.default.va
54780	6c 75 65 20 69 73 20 31 30 30 30 20 6d 69 6c 6c 69 73 65 63 6f 6e 64 73 2e 00 53 65 74 20 74 68	lue.is.1000.milliseconds..Set.th
547a0	65 20 4d 4c 44 20 71 75 65 72 79 20 72 65 73 70 6f 6e 73 65 20 74 69 6d 65 6f 75 74 20 69 6e 20	e.MLD.query.response.timeout.in.
547c0	6d 69 6c 6c 69 73 65 63 6f 6e 64 73 20 28 31 30 30 2d 36 35 35 33 35 30 30 29 2e 20 54 68 65 20	milliseconds.(100-6553500)..The.
547e0	64 65 66 61 75 6c 74 20 76 61 6c 75 65 20 69 73 20 31 30 30 30 30 20 6d 69 6c 6c 69 73 65 63 6f	default.value.is.10000.milliseco
54800	6e 64 73 2e 00 53 65 74 20 74 68 65 20 4d 4c 44 20 76 65 72 73 69 6f 6e 20 75 73 65 64 20 6f 6e	nds..Set.the.MLD.version.used.on
54820	20 74 68 69 73 20 69 6e 74 65 72 66 61 63 65 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 76 61 6c	.this.interface..The.default.val
54840	75 65 20 69 73 20 32 2e 00 53 65 74 20 74 68 65 20 4d 61 78 69 6d 75 6d 20 53 74 61 63 6b 20 44	ue.is.2..Set.the.Maximum.Stack.D
54860	65 70 74 68 20 73 75 70 70 6f 72 74 65 64 20 62 79 20 74 68 65 20 72 6f 75 74 65 72 2e 20 54 68	epth.supported.by.the.router..Th
54880	65 20 76 61 6c 75 65 20 64 65 70 65 6e 64 20 6f 66 20 74 68 65 20 4d 50 4c 53 20 64 61 74 61 70	e.value.depend.of.the.MPLS.datap
548a0	6c 61 6e 65 2e 00 53 65 74 20 74 68 65 20 53 65 67 6d 65 6e 74 20 52 6f 75 74 69 6e 67 20 47 6c	lane..Set.the.Segment.Routing.Gl
548c0	6f 62 61 6c 20 42 6c 6f 63 6b 20 69 2e 65 2e 20 74 68 65 20 6c 61 62 65 6c 20 72 61 6e 67 65 20	obal.Block.i.e..the.label.range.
548e0	75 73 65 64 20 62 79 20 4d 50 4c 53 20 74 6f 20 73 74 6f 72 65 20 6c 61 62 65 6c 20 69 6e 20 74	used.by.MPLS.to.store.label.in.t
54900	68 65 20 4d 50 4c 53 20 46 49 42 20 66 6f 72 20 50 72 65 66 69 78 20 53 49 44 2e 20 4e 6f 74 65	he.MPLS.FIB.for.Prefix.SID..Note
54920	20 74 68 61 74 20 74 68 65 20 62 6c 6f 63 6b 20 73 69 7a 65 20 6d 61 79 20 6e 6f 74 20 65 78 63	.that.the.block.size.may.not.exc
54940	65 65 64 20 36 35 35 33 35 2e 00 53 65 74 20 74 68 65 20 53 65 67 6d 65 6e 74 20 52 6f 75 74 69	eed.65535..Set.the.Segment.Routi
54960	6e 67 20 47 6c 6f 62 61 6c 20 42 6c 6f 63 6b 20 69 2e 65 2e 20 74 68 65 20 6c 6f 77 20 6c 61 62	ng.Global.Block.i.e..the.low.lab
54980	65 6c 20 72 61 6e 67 65 20 75 73 65 64 20 62 79 20 4d 50 4c 53 20 74 6f 20 73 74 6f 72 65 20 6c	el.range.used.by.MPLS.to.store.l
549a0	61 62 65 6c 20 69 6e 20 74 68 65 20 4d 50 4c 53 20 46 49 42 20 66 6f 72 20 50 72 65 66 69 78 20	abel.in.the.MPLS.FIB.for.Prefix.
549c0	53 49 44 2e 20 4e 6f 74 65 20 74 68 61 74 20 74 68 65 20 62 6c 6f 63 6b 20 73 69 7a 65 20 6d 61	SID..Note.that.the.block.size.ma
549e0	79 20 6e 6f 74 20 65 78 63 65 65 64 20 36 35 35 33 35 2e 00 53 65 74 20 74 68 65 20 53 65 67 6d	y.not.exceed.65535..Set.the.Segm
54a00	65 6e 74 20 52 6f 75 74 69 6e 67 20 4c 6f 63 61 6c 20 42 6c 6f 63 6b 20 69 2e 65 2e 20 74 68 65	ent.Routing.Local.Block.i.e..the
54a20	20 6c 61 62 65 6c 20 72 61 6e 67 65 20 75 73 65 64 20 62 79 20 4d 50 4c 53 20 74 6f 20 73 74 6f	.label.range.used.by.MPLS.to.sto
54a40	72 65 20 6c 61 62 65 6c 20 69 6e 20 74 68 65 20 4d 50 4c 53 20 46 49 42 20 66 6f 72 20 50 72 65	re.label.in.the.MPLS.FIB.for.Pre
54a60	66 69 78 20 53 49 44 2e 20 4e 6f 74 65 20 74 68 61 74 20 74 68 65 20 62 6c 6f 63 6b 20 73 69 7a	fix.SID..Note.that.the.block.siz
54a80	65 20 6d 61 79 20 6e 6f 74 20 65 78 63 65 65 64 20 36 35 35 33 35 2e 53 65 67 6d 65 6e 74 20 52	e.may.not.exceed.65535.Segment.R
54aa0	6f 75 74 69 6e 67 20 4c 6f 63 61 6c 20 42 6c 6f 63 6b 2c 20 54 68 65 20 6e 65 67 61 74 69 76 65	outing.Local.Block,.The.negative
54ac0	20 63 6f 6d 6d 61 6e 64 20 61 6c 77 61 79 73 20 75 6e 73 65 74 73 20 62 6f 74 68 2e 00 53 65 74	.command.always.unsets.both..Set
54ae0	20 74 68 65 20 53 65 67 6d 65 6e 74 20 52 6f 75 74 69 6e 67 20 4c 6f 63 61 6c 20 42 6c 6f 63 6b	.the.Segment.Routing.Local.Block
54b00	20 69 2e 65 2e 20 74 68 65 20 6c 6f 77 20 6c 61 62 65 6c 20 72 61 6e 67 65 20 75 73 65 64 20 62	.i.e..the.low.label.range.used.b
54b20	79 20 4d 50 4c 53 20 74 6f 20 73 74 6f 72 65 20 6c 61 62 65 6c 20 69 6e 20 74 68 65 20 4d 50 4c	y.MPLS.to.store.label.in.the.MPL
54b40	53 20 46 49 42 20 66 6f 72 20 50 72 65 66 69 78 20 53 49 44 2e 20 4e 6f 74 65 20 74 68 61 74 20	S.FIB.for.Prefix.SID..Note.that.
54b60	74 68 65 20 62 6c 6f 63 6b 20 73 69 7a 65 20 6d 61 79 20 6e 6f 74 20 65 78 63 65 65 64 20 36 35	the.block.size.may.not.exceed.65
54b80	35 33 35 2e 53 65 67 6d 65 6e 74 20 52 6f 75 74 69 6e 67 20 4c 6f 63 61 6c 20 42 6c 6f 63 6b 2c	535.Segment.Routing.Local.Block,
54ba0	20 54 68 65 20 6e 65 67 61 74 69 76 65 20 63 6f 6d 6d 61 6e 64 20 61 6c 77 61 79 73 20 75 6e 73	.The.negative.command.always.uns
54bc0	65 74 73 20 62 6f 74 68 2e 00 53 65 74 20 74 68 65 20 60 60 73 73 68 64 60 60 20 6c 6f 67 20 6c	ets.both..Set.the.``sshd``.log.l
54be0	65 76 65 6c 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 69 73 20 60 60 69 6e 66 6f 60 60 2e 00 53	evel..The.default.is.``info``..S
54c00	65 74 20 74 68 65 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 62 61 63 6b 65 6e 64 20 70 6f	et.the.address.of.the.backend.po
54c20	72 74 00 53 65 74 20 74 68 65 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 62 61 63 6b 65 6e	rt.Set.the.address.of.the.backen
54c40	64 20 73 65 72 76 65 72 20 74 6f 20 77 68 69 63 68 20 74 68 65 20 69 6e 63 6f 6d 69 6e 67 20 74	d.server.to.which.the.incoming.t
54c60	72 61 66 66 69 63 20 77 69 6c 6c 20 62 65 20 66 6f 72 77 61 72 64 65 64 00 53 65 74 20 74 68 65	raffic.will.be.forwarded.Set.the
54c80	20 64 65 66 61 75 6c 74 20 56 52 52 50 20 76 65 72 73 69 6f 6e 20 74 6f 20 75 73 65 2e 20 54 68	.default.VRRP.version.to.use..Th
54ca0	69 73 20 64 65 66 61 75 6c 74 73 20 74 6f 20 32 2c 20 62 75 74 20 49 50 76 36 20 69 6e 73 74 61	is.defaults.to.2,.but.IPv6.insta
54cc0	6e 63 65 73 20 77 69 6c 6c 20 61 6c 77 61 79 73 20 75 73 65 20 76 65 72 73 69 6f 6e 20 33 2e 00	nces.will.always.use.version.3..
54ce0	53 65 74 20 74 68 65 20 64 65 76 69 63 65 27 73 20 74 72 61 6e 73 6d 69 74 20 28 54 58 29 20 6b	Set.the.device's.transmit.(TX).k
54d00	65 79 2e 20 54 68 69 73 20 6b 65 79 20 6d 75 73 74 20 62 65 20 61 20 68 65 78 20 73 74 72 69 6e	ey..This.key.must.be.a.hex.strin
54d20	67 20 74 68 61 74 20 69 73 20 31 36 2d 62 79 74 65 73 20 28 47 43 4d 2d 41 45 53 2d 31 32 38 29	g.that.is.16-bytes.(GCM-AES-128)
54d40	20 6f 72 20 33 32 2d 62 79 74 65 73 20 28 47 43 4d 2d 41 45 53 2d 32 35 36 29 2e 00 53 65 74 20	.or.32-bytes.(GCM-AES-256)..Set.
54d60	74 68 65 20 64 69 73 74 61 6e 63 65 20 66 6f 72 20 74 68 65 20 64 65 66 61 75 6c 74 20 67 61 74	the.distance.for.the.default.gat
54d80	65 77 61 79 20 73 65 6e 74 20 62 79 20 74 68 65 20 44 48 43 50 20 73 65 72 76 65 72 2e 00 53 65	eway.sent.by.the.DHCP.server..Se
54da0	74 20 74 68 65 20 64 69 73 74 61 6e 63 65 20 66 6f 72 20 74 68 65 20 64 65 66 61 75 6c 74 20 67	t.the.distance.for.the.default.g
54dc0	61 74 65 77 61 79 20 73 65 6e 74 20 62 79 20 74 68 65 20 50 50 50 6f 45 20 73 65 72 76 65 72 2e	ateway.sent.by.the.PPPoE.server.
54de0	00 53 65 74 20 74 68 65 20 64 69 73 74 61 6e 63 65 20 66 6f 72 20 74 68 65 20 64 65 66 61 75 6c	.Set.the.distance.for.the.defaul
54e00	74 20 67 61 74 65 77 61 79 20 73 65 6e 74 20 62 79 20 74 68 65 20 53 53 54 50 20 73 65 72 76 65	t.gateway.sent.by.the.SSTP.serve
54e20	72 2e 00 53 65 74 20 74 68 65 20 65 6e 63 61 70 73 75 6c 61 74 69 6f 6e 20 74 79 70 65 20 6f 66	r..Set.the.encapsulation.type.of
54e40	20 74 68 65 20 74 75 6e 6e 65 6c 2e 20 56 61 6c 69 64 20 76 61 6c 75 65 73 20 66 6f 72 20 65 6e	.the.tunnel..Valid.values.for.en
54e60	63 61 70 73 75 6c 61 74 69 6f 6e 20 61 72 65 3a 20 75 64 70 2c 20 69 70 2e 00 53 65 74 20 74 68	capsulation.are:.udp,.ip..Set.th
54e80	65 20 67 6c 6f 62 61 6c 20 73 65 74 74 69 6e 67 20 66 6f 72 20 61 6e 20 65 73 74 61 62 6c 69 73	e.global.setting.for.an.establis
54ea0	68 65 64 20 63 6f 6e 6e 65 63 74 69 6f 6e 2e 00 53 65 74 20 74 68 65 20 67 6c 6f 62 61 6c 20 73	hed.connection..Set.the.global.s
54ec0	65 74 74 69 6e 67 20 66 6f 72 20 69 6e 76 61 6c 69 64 20 70 61 63 6b 65 74 73 2e 00 53 65 74 20	etting.for.invalid.packets..Set.
54ee0	74 68 65 20 67 6c 6f 62 61 6c 20 73 65 74 74 69 6e 67 20 66 6f 72 20 72 65 6c 61 74 65 64 20 63	the.global.setting.for.related.c
54f00	6f 6e 6e 65 63 74 69 6f 6e 73 2e 00 53 65 74 20 74 68 65 20 6c 69 73 74 65 6e 20 70 6f 72 74 20	onnections..Set.the.listen.port.
54f20	6f 66 20 74 68 65 20 6c 6f 63 61 6c 20 41 50 49 2c 20 74 68 69 73 20 68 61 73 20 6e 6f 20 65 66	of.the.local.API,.this.has.no.ef
54f40	66 65 63 74 20 6f 6e 20 74 68 65 20 77 65 62 73 65 72 76 65 72 2e 20 54 68 65 20 64 65 66 61 75	fect.on.the.webserver..The.defau
54f60	6c 74 20 69 73 20 70 6f 72 74 20 38 30 38 30 00 53 65 74 20 74 68 65 20 6d 61 78 69 6d 75 6d 20	lt.is.port.8080.Set.the.maximum.
54f80	68 6f 70 20 60 3c 63 6f 75 6e 74 3e 60 20 62 65 66 6f 72 65 20 70 61 63 6b 65 74 73 20 61 72 65	hop.`<count>`.before.packets.are
54fa0	20 64 69 73 63 61 72 64 65 64 2e 20 52 61 6e 67 65 20 30 2e 2e 2e 32 35 35 2c 20 64 65 66 61 75	.discarded..Range.0...255,.defau
54fc0	6c 74 20 31 30 2e 00 53 65 74 20 74 68 65 20 6d 61 78 69 6d 75 6d 20 6c 65 6e 67 74 68 20 6f 66	lt.10..Set.the.maximum.length.of
54fe0	20 41 2d 4d 50 44 55 20 70 72 65 2d 45 4f 46 20 70 61 64 64 69 6e 67 20 74 68 61 74 20 74 68 65	.A-MPDU.pre-EOF.padding.that.the
55000	20 73 74 61 74 69 6f 6e 20 63 61 6e 20 72 65 63 65 69 76 65 00 53 65 74 20 74 68 65 20 6d 61 78	.station.can.receive.Set.the.max
55020	69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 54 43 50 20 68 61 6c 66 2d 6f 70 65 6e 20 63 6f 6e	imum.number.of.TCP.half-open.con
55040	6e 65 63 74 69 6f 6e 73 2e 00 53 65 74 20 74 68 65 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 53 53	nections..Set.the.name.of.the.SS
55060	4c 20 3a 61 62 62 72 3a 60 43 41 20 28 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69	L.:abbr:`CA.(Certificate.Authori
55080	74 79 29 60 20 50 4b 49 20 65 6e 74 72 79 20 75 73 65 64 20 66 6f 72 20 61 75 74 68 65 6e 74 69	ty)`.PKI.entry.used.for.authenti
550a0	63 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 72 65 6d 6f 74 65 20 73 69 64 65 2e 20 49 66 20 61 6e	cation.of.the.remote.side..If.an
550c0	20 69 6e 74 65 72 6d 65 64 69 61 74 65 20 43 41 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20	.intermediate.CA.certificate.is.
550e0	73 70 65 63 69 66 69 65 64 2c 20 74 68 65 6e 20 61 6c 6c 20 70 61 72 65 6e 74 20 43 41 20 63 65	specified,.then.all.parent.CA.ce
55100	72 74 69 66 69 63 61 74 65 73 20 74 68 61 74 20 65 78 69 73 74 20 69 6e 20 74 68 65 20 50 4b 49	rtificates.that.exist.in.the.PKI
55120	2c 20 73 75 63 68 20 61 73 20 74 68 65 20 72 6f 6f 74 20 43 41 20 6f 72 20 61 64 64 69 74 69 6f	,.such.as.the.root.CA.or.additio
55140	6e 61 6c 20 69 6e 74 65 72 6d 65 64 69 61 74 65 20 43 41 73 2c 20 77 69 6c 6c 20 61 75 74 6f 6d	nal.intermediate.CAs,.will.autom
55160	61 74 69 63 61 6c 6c 79 20 62 65 20 75 73 65 64 20 64 75 72 69 6e 67 20 63 65 72 74 69 66 69 63	atically.be.used.during.certific
55180	61 74 65 20 76 61 6c 69 64 61 74 69 6f 6e 20 74 6f 20 65 6e 73 75 72 65 20 74 68 61 74 20 74 68	ate.validation.to.ensure.that.th
551a0	65 20 66 75 6c 6c 20 63 68 61 69 6e 20 6f 66 20 74 72 75 73 74 20 69 73 20 61 76 61 69 6c 61 62	e.full.chain.of.trust.is.availab
551c0	6c 65 2e 00 53 65 74 20 74 68 65 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 78 35 30 39 20 63 6c 69	le..Set.the.name.of.the.x509.cli
551e0	65 6e 74 20 6b 65 79 70 61 69 72 20 75 73 65 64 20 74 6f 20 61 75 74 68 65 6e 74 69 63 61 74 65	ent.keypair.used.to.authenticate
55200	20 61 67 61 69 6e 73 74 20 74 68 65 20 38 30 32 2e 31 78 20 73 79 73 74 65 6d 2e 20 41 6c 6c 20	.against.the.802.1x.system..All.
55220	70 61 72 65 6e 74 20 43 41 20 63 65 72 74 69 66 69 63 61 74 65 73 20 6f 66 20 74 68 65 20 63 6c	parent.CA.certificates.of.the.cl
55240	69 65 6e 74 20 63 65 72 74 69 66 69 63 61 74 65 2c 20 73 75 63 68 20 61 73 20 69 6e 74 65 72 6d	ient.certificate,.such.as.interm
55260	65 64 69 61 74 65 20 61 6e 64 20 72 6f 6f 74 20 43 41 73 2c 20 77 69 6c 6c 20 62 65 20 73 65 6e	ediate.and.root.CAs,.will.be.sen
55280	74 20 61 73 20 70 61 72 74 20 6f 66 20 74 68 65 20 45 41 50 2d 54 4c 53 20 68 61 6e 64 73 68 61	t.as.part.of.the.EAP-TLS.handsha
552a0	6b 65 2e 00 53 65 74 20 74 68 65 20 6e 61 74 69 76 65 20 56 4c 41 4e 20 49 44 20 66 6c 61 67 20	ke..Set.the.native.VLAN.ID.flag.
552c0	6f 66 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 2e 20 57 68 65 6e 20 61 20 64 61 74 61 20 70 61	of.the.interface..When.a.data.pa
552e0	63 6b 65 74 20 77 69 74 68 6f 75 74 20 61 20 56 4c 41 4e 20 74 61 67 20 65 6e 74 65 72 73 20 74	cket.without.a.VLAN.tag.enters.t
55300	68 65 20 70 6f 72 74 2c 20 74 68 65 20 64 61 74 61 20 70 61 63 6b 65 74 20 77 69 6c 6c 20 62 65	he.port,.the.data.packet.will.be
55320	20 66 6f 72 63 65 64 20 74 6f 20 61 64 64 20 61 20 74 61 67 20 6f 66 20 61 20 73 70 65 63 69 66	.forced.to.add.a.tag.of.a.specif
55340	69 63 20 76 6c 61 6e 20 69 64 2e 20 57 68 65 6e 20 74 68 65 20 76 6c 61 6e 20 69 64 20 66 6c 61	ic.vlan.id..When.the.vlan.id.fla
55360	67 20 66 6c 6f 77 73 20 6f 75 74 2c 20 74 68 65 20 74 61 67 20 6f 66 20 74 68 65 20 76 6c 61 6e	g.flows.out,.the.tag.of.the.vlan
55380	20 69 64 20 77 69 6c 6c 20 62 65 20 73 74 72 69 70 70 65 64 00 53 65 74 20 74 68 65 20 6e 65 78	.id.will.be.stripped.Set.the.nex
553a0	74 2d 68 6f 70 20 61 73 20 75 6e 63 68 61 6e 67 65 64 2e 20 50 61 73 73 20 74 68 72 6f 75 67 68	t-hop.as.unchanged..Pass.through
553c0	20 74 68 65 20 72 6f 75 74 65 2d 6d 61 70 20 77 69 74 68 6f 75 74 20 63 68 61 6e 67 69 6e 67 20	.the.route-map.without.changing.
553e0	69 74 73 20 76 61 6c 75 65 00 53 65 74 20 74 68 65 20 6e 75 6d 62 65 72 20 6f 66 20 54 43 50 20	its.value.Set.the.number.of.TCP.
55400	6d 61 78 69 6d 75 6d 20 72 65 74 72 61 6e 73 6d 69 74 20 61 74 74 65 6d 70 74 73 2e 00 53 65 74	maximum.retransmit.attempts..Set
55420	20 74 68 65 20 6e 75 6d 62 65 72 20 6f 66 20 68 65 61 6c 74 68 20 63 68 65 63 6b 20 66 61 69 6c	.the.number.of.health.check.fail
55440	75 72 65 73 20 62 65 66 6f 72 65 20 61 6e 20 69 6e 74 65 72 66 61 63 65 20 69 73 20 6d 61 72 6b	ures.before.an.interface.is.mark
55460	65 64 20 61 73 20 75 6e 61 76 61 69 6c 61 62 6c 65 2c 20 72 61 6e 67 65 20 66 6f 72 20 6e 75 6d	ed.as.unavailable,.range.for.num
55480	62 65 72 20 69 73 20 31 20 74 6f 20 31 30 2c 20 64 65 66 61 75 6c 74 20 31 2e 20 4f 72 20 73 65	ber.is.1.to.10,.default.1..Or.se
554a0	74 20 74 68 65 20 6e 75 6d 62 65 72 20 6f 66 20 73 75 63 63 65 73 73 66 75 6c 20 68 65 61 6c 74	t.the.number.of.successful.healt
554c0	68 20 63 68 65 63 6b 73 20 62 65 66 6f 72 65 20 61 6e 20 69 6e 74 65 72 66 61 63 65 20 69 73 20	h.checks.before.an.interface.is.
554e0	61 64 64 65 64 20 62 61 63 6b 20 74 6f 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 70 6f 6f 6c	added.back.to.the.interface.pool
55500	2c 20 72 61 6e 67 65 20 66 6f 72 20 6e 75 6d 62 65 72 20 69 73 20 31 20 74 6f 20 31 30 2c 20 64	,.range.for.number.is.1.to.10,.d
55520	65 66 61 75 6c 74 20 31 2e 00 53 65 74 20 74 68 65 20 6f 70 74 69 6f 6e 73 20 66 6f 72 20 74 68	efault.1..Set.the.options.for.th
55540	69 73 20 70 75 62 6c 69 63 20 6b 65 79 2e 20 53 65 65 20 74 68 65 20 73 73 68 20 60 60 61 75 74	is.public.key..See.the.ssh.``aut
55560	68 6f 72 69 7a 65 64 5f 6b 65 79 73 60 60 20 6d 61 6e 20 70 61 67 65 20 66 6f 72 20 64 65 74 61	horized_keys``.man.page.for.deta
55580	69 6c 73 20 6f 66 20 77 68 61 74 20 79 6f 75 20 63 61 6e 20 73 70 65 63 69 66 79 20 68 65 72 65	ils.of.what.you.can.specify.here
555a0	2e 20 54 6f 20 70 6c 61 63 65 20 61 20 60 60 22 60 60 20 63 68 61 72 61 63 74 65 72 20 69 6e 20	..To.place.a.``"``.character.in.
555c0	74 68 65 20 6f 70 74 69 6f 6e 73 20 66 69 65 6c 64 2c 20 75 73 65 20 60 60 26 71 75 6f 74 3b 60	the.options.field,.use.``&quot;`
555e0	60 2c 20 66 6f 72 20 65 78 61 6d 70 6c 65 20 60 60 66 72 6f 6d 3d 26 71 75 6f 74 3b 31 30 2e 30	`,.for.example.``from=&quot;10.0
55600	2e 30 2e 30 2f 32 34 26 71 75 6f 74 3b 60 60 20 74 6f 20 72 65 73 74 72 69 63 74 20 77 68 65 72	.0.0/24&quot;``.to.restrict.wher
55620	65 20 74 68 65 20 75 73 65 72 20 6d 61 79 20 63 6f 6e 6e 65 63 74 20 66 72 6f 6d 20 77 68 65 6e	e.the.user.may.connect.from.when
55640	20 75 73 69 6e 67 20 74 68 69 73 20 6b 65 79 2e 00 53 65 74 20 74 68 65 20 70 61 72 69 74 79 20	.using.this.key..Set.the.parity.
55660	6f 70 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 63 6f 6e 73 6f 6c 65 2e 20 49 66 20 75 6e 73 65 74	option.for.the.console..If.unset
55680	20 74 68 69 73 20 77 69 6c 6c 20 64 65 66 61 75 6c 74 20 74 6f 20 6e 6f 6e 65 2e 00 53 65 74 20	.this.will.default.to.none..Set.
556a0	74 68 65 20 70 65 65 72 27 73 20 4d 41 43 20 61 64 64 72 65 73 73 00 53 65 74 20 74 68 65 20 70	the.peer's.MAC.address.Set.the.p
556c0	65 65 72 27 73 20 6b 65 79 20 75 73 65 64 20 74 6f 20 72 65 63 65 69 76 65 20 28 52 58 29 20 74	eer's.key.used.to.receive.(RX).t
556e0	72 61 66 66 69 63 00 53 65 74 20 74 68 65 20 70 65 65 72 2d 73 65 73 73 69 6f 6e 2d 69 64 2c 20	raffic.Set.the.peer-session-id,.
55700	77 68 69 63 68 20 69 73 20 61 20 33 32 2d 62 69 74 20 69 6e 74 65 67 65 72 20 76 61 6c 75 65 20	which.is.a.32-bit.integer.value.
55720	61 73 73 69 67 6e 65 64 20 74 6f 20 74 68 65 20 73 65 73 73 69 6f 6e 20 62 79 20 74 68 65 20 70	assigned.to.the.session.by.the.p
55740	65 65 72 2e 20 54 68 65 20 76 61 6c 75 65 20 75 73 65 64 20 6d 75 73 74 20 6d 61 74 63 68 20 74	eer..The.value.used.must.match.t
55760	68 65 20 73 65 73 73 69 6f 6e 5f 69 64 20 76 61 6c 75 65 20 62 65 69 6e 67 20 75 73 65 64 20 61	he.session_id.value.being.used.a
55780	74 20 74 68 65 20 70 65 65 72 2e 00 53 65 74 20 74 68 65 20 72 65 73 74 61 72 74 20 62 65 68 61	t.the.peer..Set.the.restart.beha
557a0	76 69 6f 72 20 6f 66 20 74 68 65 20 63 6f 6e 74 61 69 6e 65 72 2e 00 53 65 74 20 74 68 65 20 72	vior.of.the.container..Set.the.r
557c0	6f 75 74 69 6e 67 20 74 61 62 6c 65 20 74 6f 20 66 6f 72 77 61 72 64 20 70 61 63 6b 65 74 20 77	outing.table.to.forward.packet.w
557e0	69 74 68 2e 00 53 65 74 20 74 68 65 20 73 65 73 73 69 6f 6e 20 69 64 2c 20 77 68 69 63 68 20 69	ith..Set.the.session.id,.which.i
55800	73 20 61 20 33 32 2d 62 69 74 20 69 6e 74 65 67 65 72 20 76 61 6c 75 65 2e 20 55 6e 69 71 75 65	s.a.32-bit.integer.value..Unique
55820	6c 79 20 69 64 65 6e 74 69 66 69 65 73 20 74 68 65 20 73 65 73 73 69 6f 6e 20 62 65 69 6e 67 20	ly.identifies.the.session.being.
55840	63 72 65 61 74 65 64 2e 20 54 68 65 20 76 61 6c 75 65 20 75 73 65 64 20 6d 75 73 74 20 6d 61 74	created..The.value.used.must.mat
55860	63 68 20 74 68 65 20 70 65 65 72 5f 73 65 73 73 69 6f 6e 5f 69 64 20 76 61 6c 75 65 20 62 65 69	ch.the.peer_session_id.value.bei
55880	6e 67 20 75 73 65 64 20 61 74 20 74 68 65 20 70 65 65 72 2e 00 53 65 74 20 74 68 65 20 73 69 7a	ng.used.at.the.peer..Set.the.siz
558a0	65 20 6f 66 20 74 68 65 20 68 61 73 68 20 74 61 62 6c 65 2e 20 54 68 65 20 63 6f 6e 6e 65 63 74	e.of.the.hash.table..The.connect
558c0	69 6f 6e 20 74 72 61 63 6b 69 6e 67 20 68 61 73 68 20 74 61 62 6c 65 20 6d 61 6b 65 73 20 73 65	ion.tracking.hash.table.makes.se
558e0	61 72 63 68 69 6e 67 20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 74 72 61 63 6b 69 6e 67 20	arching.the.connection.tracking.
55900	74 61 62 6c 65 20 66 61 73 74 65 72 2e 20 54 68 65 20 68 61 73 68 20 74 61 62 6c 65 20 75 73 65	table.faster..The.hash.table.use
55920	73 20 e2 80 9c 62 75 63 6b 65 74 73 e2 80 9d 20 74 6f 20 72 65 63 6f 72 64 20 65 6e 74 72 69 65	s....buckets....to.record.entrie
55940	73 20 69 6e 20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 74 72 61 63 6b 69 6e 67 20 74 61 62	s.in.the.connection.tracking.tab
55960	6c 65 2e 00 53 65 74 20 74 68 65 20 73 6f 75 72 63 65 20 49 50 20 6f 66 20 66 6f 72 77 61 72 64	le..Set.the.source.IP.of.forward
55980	65 64 20 70 61 63 6b 65 74 73 2c 20 6f 74 68 65 72 77 69 73 65 20 6f 72 69 67 69 6e 61 6c 20 73	ed.packets,.otherwise.original.s
559a0	65 6e 64 65 72 73 20 61 64 64 72 65 73 73 20 69 73 20 75 73 65 64 2e 00 53 65 74 20 74 68 65 20	enders.address.is.used..Set.the.
559c0	74 69 6d 65 6f 75 74 20 69 6e 20 73 65 63 6f 75 6e 64 73 20 66 6f 72 20 61 20 70 72 6f 74 6f 63	timeout.in.secounds.for.a.protoc
559e0	6f 6c 20 6f 72 20 73 74 61 74 65 20 69 6e 20 61 20 63 75 73 74 6f 6d 20 72 75 6c 65 2e 00 53 65	ol.or.state.in.a.custom.rule..Se
55a00	74 20 74 68 65 20 74 69 6d 65 6f 75 74 20 69 6e 20 73 65 63 6f 75 6e 64 73 20 66 6f 72 20 61 20	t.the.timeout.in.secounds.for.a.
55a20	70 72 6f 74 6f 63 6f 6c 20 6f 72 20 73 74 61 74 65 2e 00 53 65 74 20 74 68 65 20 74 75 6e 6e 65	protocol.or.state..Set.the.tunne
55a40	6c 20 69 64 2c 20 77 68 69 63 68 20 69 73 20 61 20 33 32 2d 62 69 74 20 69 6e 74 65 67 65 72 20	l.id,.which.is.a.32-bit.integer.
55a60	76 61 6c 75 65 2e 20 55 6e 69 71 75 65 6c 79 20 69 64 65 6e 74 69 66 69 65 73 20 74 68 65 20 74	value..Uniquely.identifies.the.t
55a80	75 6e 6e 65 6c 20 69 6e 74 6f 20 77 68 69 63 68 20 74 68 65 20 73 65 73 73 69 6f 6e 20 77 69 6c	unnel.into.which.the.session.wil
55aa0	6c 20 62 65 20 63 72 65 61 74 65 64 2e 00 53 65 74 20 77 69 6e 64 6f 77 20 6f 66 20 63 6f 6e 63	l.be.created..Set.window.of.conc
55ac0	75 72 72 65 6e 74 6c 79 20 76 61 6c 69 64 20 63 6f 64 65 73 2e 00 53 65 74 73 20 74 68 65 20 69	urrently.valid.codes..Sets.the.i
55ae0	6d 61 67 65 20 6e 61 6d 65 20 69 6e 20 74 68 65 20 68 75 62 20 72 65 67 69 73 74 72 79 00 53 65	mage.name.in.the.hub.registry.Se
55b00	74 73 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 74 6f 20 6c 69 73 74 65 6e 20 66 6f 72 20 6d	ts.the.interface.to.listen.for.m
55b20	75 6c 74 69 63 61 73 74 20 70 61 63 6b 65 74 73 20 6f 6e 2e 20 43 6f 75 6c 64 20 62 65 20 61 20	ulticast.packets.on..Could.be.a.
55b40	6c 6f 6f 70 62 61 63 6b 2c 20 6e 6f 74 20 79 65 74 20 74 65 73 74 65 64 2e 00 53 65 74 73 20 74	loopback,.not.yet.tested..Sets.t
55b60	68 65 20 6c 69 73 74 65 6e 69 6e 67 20 70 6f 72 74 20 66 6f 72 20 61 20 6c 69 73 74 65 6e 69 6e	he.listening.port.for.a.listenin
55b80	67 20 61 64 64 72 65 73 73 2e 20 54 68 69 73 20 6f 76 65 72 72 69 64 65 73 20 74 68 65 20 64 65	g.address..This.overrides.the.de
55ba0	66 61 75 6c 74 20 70 6f 72 74 20 6f 66 20 33 31 32 38 20 6f 6e 20 74 68 65 20 73 70 65 63 69 66	fault.port.of.3128.on.the.specif
55bc0	69 63 20 6c 69 73 74 65 6e 20 61 64 64 72 65 73 73 2e 00 53 65 74 73 20 74 68 65 20 75 6e 69 71	ic.listen.address..Sets.the.uniq
55be0	75 65 20 69 64 20 66 6f 72 20 74 68 69 73 20 76 78 6c 61 6e 2d 69 6e 74 65 72 66 61 63 65 2e 20	ue.id.for.this.vxlan-interface..
55c00	4e 6f 74 20 73 75 72 65 20 68 6f 77 20 69 74 20 63 6f 72 72 65 6c 61 74 65 73 20 77 69 74 68 20	Not.sure.how.it.correlates.with.
55c20	6d 75 6c 74 69 63 61 73 74 2d 61 64 64 72 65 73 73 2e 00 53 65 74 74 69 6e 67 20 56 52 52 50 20	multicast-address..Setting.VRRP.
55c40	67 72 6f 75 70 20 70 72 69 6f 72 69 74 79 00 53 65 74 74 69 6e 67 20 6e 61 6d 65 00 53 65 74 74	group.priority.Setting.name.Sett
55c60	69 6e 67 20 74 68 69 73 20 75 70 20 6f 6e 20 41 57 53 20 77 69 6c 6c 20 72 65 71 75 69 72 65 20	ing.this.up.on.AWS.will.require.
55c80	61 20 22 43 75 73 74 6f 6d 20 50 72 6f 74 6f 63 6f 6c 20 52 75 6c 65 22 20 66 6f 72 20 70 72 6f	a."Custom.Protocol.Rule".for.pro
55ca0	74 6f 63 6f 6c 20 6e 75 6d 62 65 72 20 22 34 37 22 20 28 47 52 45 29 20 41 6c 6c 6f 77 20 52 75	tocol.number."47".(GRE).Allow.Ru
55cc0	6c 65 20 69 6e 20 54 57 4f 20 70 6c 61 63 65 73 2e 20 46 69 72 73 74 6c 79 20 6f 6e 20 74 68 65	le.in.TWO.places..Firstly.on.the
55ce0	20 56 50 43 20 4e 65 74 77 6f 72 6b 20 41 43 4c 2c 20 61 6e 64 20 73 65 63 6f 6e 64 6c 79 20 6f	.VPC.Network.ACL,.and.secondly.o
55d00	6e 20 74 68 65 20 73 65 63 75 72 69 74 79 20 67 72 6f 75 70 20 6e 65 74 77 6f 72 6b 20 41 43 4c	n.the.security.group.network.ACL
55d20	20 61 74 74 61 63 68 65 64 20 74 6f 20 74 68 65 20 45 43 32 20 69 6e 73 74 61 6e 63 65 2e 20 54	.attached.to.the.EC2.instance..T
55d40	68 69 73 20 68 61 73 20 62 65 65 6e 20 74 65 73 74 65 64 20 61 73 20 77 6f 72 6b 69 6e 67 20 66	his.has.been.tested.as.working.f
55d60	6f 72 20 74 68 65 20 6f 66 66 69 63 69 61 6c 20 41 4d 49 20 69 6d 61 67 65 20 6f 6e 20 74 68 65	or.the.official.AMI.image.on.the
55d80	20 41 57 53 20 4d 61 72 6b 65 74 70 6c 61 63 65 2e 20 28 4c 6f 63 61 74 65 20 74 68 65 20 63 6f	.AWS.Marketplace..(Locate.the.co
55da0	72 72 65 63 74 20 56 50 43 20 61 6e 64 20 73 65 63 75 72 69 74 79 20 67 72 6f 75 70 20 62 79 20	rrect.VPC.and.security.group.by.
55dc0	6e 61 76 69 67 61 74 69 6e 67 20 74 68 72 6f 75 67 68 20 74 68 65 20 64 65 74 61 69 6c 73 20 70	navigating.through.the.details.p
55de0	61 6e 65 20 62 65 6c 6f 77 20 79 6f 75 72 20 45 43 32 20 69 6e 73 74 61 6e 63 65 20 69 6e 20 74	ane.below.your.EC2.instance.in.t
55e00	68 65 20 41 57 53 20 63 6f 6e 73 6f 6c 65 29 2e 00 53 65 74 75 70 20 44 48 43 50 20 66 61 69 6c	he.AWS.console)..Setup.DHCP.fail
55e20	6f 76 65 72 20 66 6f 72 20 6e 65 74 77 6f 72 6b 20 31 39 32 2e 30 2e 32 2e 30 2f 32 34 00 53 65	over.for.network.192.0.2.0/24.Se
55e40	74 75 70 20 65 6e 63 72 79 70 74 65 64 20 70 61 73 73 77 6f 72 64 20 66 6f 72 20 67 69 76 65 6e	tup.encrypted.password.for.given
55e60	20 75 73 65 72 6e 61 6d 65 2e 20 54 68 69 73 20 69 73 20 75 73 65 66 75 6c 20 66 6f 72 20 74 72	.username..This.is.useful.for.tr
55e80	61 6e 73 66 65 72 72 69 6e 67 20 61 20 68 61 73 68 65 64 20 70 61 73 73 77 6f 72 64 20 66 72 6f	ansferring.a.hashed.password.fro
55ea0	6d 20 73 79 73 74 65 6d 20 74 6f 20 73 79 73 74 65 6d 2e 00 53 65 74 75 70 20 74 68 65 20 60 3c	m.system.to.system..Setup.the.`<
55ec0	74 69 6d 65 6f 75 74 3e 60 20 69 6e 20 73 65 63 6f 6e 64 73 20 77 68 65 6e 20 71 75 65 72 79 69	timeout>`.in.seconds.when.queryi
55ee0	6e 67 20 74 68 65 20 52 41 44 49 55 53 20 73 65 72 76 65 72 2e 00 53 65 74 75 70 20 74 68 65 20	ng.the.RADIUS.server..Setup.the.
55f00	60 3c 74 69 6d 65 6f 75 74 3e 60 20 69 6e 20 73 65 63 6f 6e 64 73 20 77 68 65 6e 20 71 75 65 72	`<timeout>`.in.seconds.when.quer
55f20	79 69 6e 67 20 74 68 65 20 54 41 43 41 43 53 20 73 65 72 76 65 72 2e 00 53 65 74 75 70 20 74 68	ying.the.TACACS.server..Setup.th
55f40	65 20 64 79 6e 61 6d 69 63 20 44 4e 53 20 68 6f 73 74 6e 61 6d 65 20 60 3c 68 6f 73 74 6e 61 6d	e.dynamic.DNS.hostname.`<hostnam
55f60	65 3e 60 20 61 73 73 6f 63 69 61 74 65 64 20 77 69 74 68 20 74 68 65 20 44 79 6e 44 4e 53 20 70	e>`.associated.with.the.DynDNS.p
55f80	72 6f 76 69 64 65 72 20 69 64 65 6e 74 69 66 69 65 64 20 62 79 20 60 3c 73 65 72 76 69 63 65 3e	rovider.identified.by.`<service>
55fa0	60 20 77 68 65 6e 20 74 68 65 20 49 50 20 61 64 64 72 65 73 73 20 6f 6e 20 69 6e 74 65 72 66 61	`.when.the.IP.address.on.interfa
55fc0	63 65 20 60 3c 69 6e 74 65 72 66 61 63 65 3e 60 20 63 68 61 6e 67 65 73 2e 00 53 65 76 65 72 61	ce.`<interface>`.changes..Severa
55fe0	6c 20 63 6f 6d 6d 61 6e 64 73 20 75 74 69 6c 69 7a 65 20 63 55 52 4c 20 74 6f 20 69 6e 69 74 69	l.commands.utilize.cURL.to.initi
56000	61 74 65 20 74 72 61 6e 73 66 65 72 73 2e 20 43 6f 6e 66 69 67 75 72 65 20 74 68 65 20 6c 6f 63	ate.transfers..Configure.the.loc
56020	61 6c 20 73 6f 75 72 63 65 20 49 50 76 34 2f 49 50 76 36 20 61 64 64 72 65 73 73 20 75 73 65 64	al.source.IPv4/IPv6.address.used
56040	20 66 6f 72 20 61 6c 6c 20 63 55 52 4c 20 6f 70 65 72 61 74 69 6f 6e 73 2e 00 53 65 76 65 72 61	.for.all.cURL.operations..Severa
56060	6c 20 63 6f 6d 6d 61 6e 64 73 20 75 74 69 6c 69 7a 65 20 63 75 72 6c 20 74 6f 20 69 6e 69 74 69	l.commands.utilize.curl.to.initi
56080	61 74 65 20 74 72 61 6e 73 66 65 72 73 2e 20 43 6f 6e 66 69 67 75 72 65 20 74 68 65 20 6c 6f 63	ate.transfers..Configure.the.loc
560a0	61 6c 20 73 6f 75 72 63 65 20 69 6e 74 65 72 66 61 63 65 20 75 73 65 64 20 66 6f 72 20 61 6c 6c	al.source.interface.used.for.all
560c0	20 43 55 52 4c 20 6f 70 65 72 61 74 69 6f 6e 73 2e 00 53 65 76 65 72 69 74 79 00 53 65 76 65 72	.CURL.operations..Severity.Sever
560e0	69 74 79 20 4c 65 76 65 6c 00 53 68 61 70 65 72 00 53 68 6f 72 74 20 47 49 20 63 61 70 61 62 69	ity.Level.Shaper.Short.GI.capabi
56100	6c 69 74 69 65 73 00 53 68 6f 72 74 20 47 49 20 63 61 70 61 62 69 6c 69 74 69 65 73 20 66 6f 72	lities.Short.GI.capabilities.for
56120	20 32 30 20 61 6e 64 20 34 30 20 4d 48 7a 00 53 68 6f 72 74 20 62 75 72 73 74 73 20 63 61 6e 20	.20.and.40.MHz.Short.bursts.can.
56140	62 65 20 61 6c 6c 6f 77 65 64 20 74 6f 20 65 78 63 65 65 64 20 74 68 65 20 6c 69 6d 69 74 2e 20	be.allowed.to.exceed.the.limit..
56160	4f 6e 20 63 72 65 61 74 69 6f 6e 2c 20 74 68 65 20 52 61 74 65 2d 43 6f 6e 74 72 6f 6c 20 74 72	On.creation,.the.Rate-Control.tr
56180	61 66 66 69 63 20 69 73 20 73 74 6f 63 6b 65 64 20 77 69 74 68 20 74 6f 6b 65 6e 73 20 77 68 69	affic.is.stocked.with.tokens.whi
561a0	63 68 20 63 6f 72 72 65 73 70 6f 6e 64 20 74 6f 20 74 68 65 20 61 6d 6f 75 6e 74 20 6f 66 20 74	ch.correspond.to.the.amount.of.t
561c0	72 61 66 66 69 63 20 74 68 61 74 20 63 61 6e 20 62 65 20 62 75 72 73 74 20 69 6e 20 6f 6e 65 20	raffic.that.can.be.burst.in.one.
561e0	67 6f 2e 20 54 6f 6b 65 6e 73 20 61 72 72 69 76 65 20 61 74 20 61 20 73 74 65 61 64 79 20 72 61	go..Tokens.arrive.at.a.steady.ra
56200	74 65 2c 20 75 6e 74 69 6c 20 74 68 65 20 62 75 63 6b 65 74 20 69 73 20 66 75 6c 6c 2e 00 53 68	te,.until.the.bucket.is.full..Sh
56220	6f 72 74 63 75 74 20 73 79 6e 74 61 78 20 66 6f 72 20 73 70 65 63 69 66 79 69 6e 67 20 61 75 74	ortcut.syntax.for.specifying.aut
56240	6f 6d 61 74 69 63 20 6c 65 61 6b 69 6e 67 20 66 72 6f 6d 20 76 72 66 20 56 52 46 4e 41 4d 45 20	omatic.leaking.from.vrf.VRFNAME.
56260	74 6f 20 74 68 65 20 63 75 72 72 65 6e 74 20 56 52 46 20 75 73 69 6e 67 20 74 68 65 20 56 50 4e	to.the.current.VRF.using.the.VPN
56280	20 52 49 42 20 61 73 20 69 6e 74 65 72 6d 65 64 69 61 72 79 2e 20 54 68 65 20 52 44 20 61 6e 64	.RIB.as.intermediary..The.RD.and
562a0	20 52 54 20 61 72 65 20 61 75 74 6f 20 64 65 72 69 76 65 64 20 61 6e 64 20 73 68 6f 75 6c 64 20	.RT.are.auto.derived.and.should.
562c0	6e 6f 74 20 62 65 20 73 70 65 63 69 66 69 65 64 20 65 78 70 6c 69 63 69 74 6c 79 20 66 6f 72 20	not.be.specified.explicitly.for.
562e0	65 69 74 68 65 72 20 74 68 65 20 73 6f 75 72 63 65 20 6f 72 20 64 65 73 74 69 6e 61 74 69 6f 6e	either.the.source.or.destination
56300	20 56 52 46 e2 80 99 73 2e 00 53 68 6f 77 00 53 68 6f 77 20 44 48 43 50 20 73 65 72 76 65 72 20	.VRF...s..Show.Show.DHCP.server.
56320	64 61 65 6d 6f 6e 20 6c 6f 67 20 66 69 6c 65 00 53 68 6f 77 20 44 48 43 50 76 36 20 73 65 72 76	daemon.log.file.Show.DHCPv6.serv
56340	65 72 20 64 61 65 6d 6f 6e 20 6c 6f 67 20 66 69 6c 65 00 53 68 6f 77 20 46 69 72 65 77 61 6c 6c	er.daemon.log.file.Show.Firewall
56360	20 6c 6f 67 00 53 68 6f 77 20 4c 4c 44 50 20 6e 65 69 67 68 62 6f 72 73 20 63 6f 6e 6e 65 63 74	.log.Show.LLDP.neighbors.connect
56380	65 64 20 76 69 61 20 69 6e 74 65 72 66 61 63 65 20 60 3c 69 6e 74 65 72 66 61 63 65 3e 60 2e 00	ed.via.interface.`<interface>`..
563a0	53 68 6f 77 20 57 41 4e 20 6c 6f 61 64 20 62 61 6c 61 6e 63 65 72 20 69 6e 66 6f 72 6d 61 74 69	Show.WAN.load.balancer.informati
563c0	6f 6e 20 69 6e 63 6c 75 64 69 6e 67 20 74 65 73 74 20 74 79 70 65 73 20 61 6e 64 20 74 61 72 67	on.including.test.types.and.targ
563e0	65 74 73 2e 20 41 20 63 68 61 72 61 63 74 65 72 20 61 74 20 74 68 65 20 73 74 61 72 74 20 6f 66	ets..A.character.at.the.start.of
56400	20 65 61 63 68 20 6c 69 6e 65 20 64 65 70 69 63 74 73 20 74 68 65 20 73 74 61 74 65 20 6f 66 20	.each.line.depicts.the.state.of.
56420	74 68 65 20 74 65 73 74 00 53 68 6f 77 20 57 57 41 4e 20 6d 6f 64 75 6c 65 20 49 4d 45 49 2e 00	the.test.Show.WWAN.module.IMEI..
56440	53 68 6f 77 20 57 57 41 4e 20 6d 6f 64 75 6c 65 20 49 4d 53 49 2e 00 53 68 6f 77 20 57 57 41 4e	Show.WWAN.module.IMSI..Show.WWAN
56460	20 6d 6f 64 75 6c 65 20 4d 53 49 53 44 4e 2e 00 53 68 6f 77 20 57 57 41 4e 20 6d 6f 64 75 6c 65	.module.MSISDN..Show.WWAN.module
56480	20 53 49 4d 20 63 61 72 64 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 00 53 68 6f 77 20 57 57 41 4e	.SIM.card.information..Show.WWAN
564a0	20 6d 6f 64 75 6c 65 20 66 69 72 6d 77 61 72 65 2e 00 53 68 6f 77 20 57 57 41 4e 20 6d 6f 64 75	.module.firmware..Show.WWAN.modu
564c0	6c 65 20 68 61 72 64 77 61 72 65 20 63 61 70 61 62 69 6c 69 74 69 65 73 2e 00 53 68 6f 77 20 57	le.hardware.capabilities..Show.W
564e0	57 41 4e 20 6d 6f 64 75 6c 65 20 68 61 72 64 77 61 72 65 20 72 65 76 69 73 69 6f 6e 2e 00 53 68	WAN.module.hardware.revision..Sh
56500	6f 77 20 57 57 41 4e 20 6d 6f 64 75 6c 65 20 6d 6f 64 65 6c 2e 00 53 68 6f 77 20 57 57 41 4e 20	ow.WWAN.module.model..Show.WWAN.
56520	6d 6f 64 75 6c 65 20 73 69 67 6e 61 6c 20 73 74 72 65 6e 67 74 68 2e 00 53 68 6f 77 20 61 20 6c	module.signal.strength..Show.a.l
56540	69 73 74 20 61 76 61 69 6c 61 62 6c 65 20 63 6f 6e 74 61 69 6e 65 72 20 6e 65 74 77 6f 72 6b 73	ist.available.container.networks
56560	00 53 68 6f 77 20 61 20 6c 69 73 74 20 6f 66 20 69 6e 73 74 61 6c 6c 65 64 20 3a 61 62 62 72 3a	.Show.a.list.of.installed.:abbr:
56580	60 43 41 20 28 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 29 60 20 63 65 72	`CA.(Certificate.Authority)`.cer
565a0	74 69 66 69 63 61 74 65 73 2e 00 53 68 6f 77 20 61 20 6c 69 73 74 20 6f 66 20 69 6e 73 74 61 6c	tificates..Show.a.list.of.instal
565c0	6c 65 64 20 3a 61 62 62 72 3a 60 43 52 4c 73 20 28 43 65 72 74 69 66 69 63 61 74 65 20 52 65 76	led.:abbr:`CRLs.(Certificate.Rev
565e0	6f 63 61 74 69 6f 6e 20 4c 69 73 74 29 60 2e 00 53 68 6f 77 20 61 20 6c 69 73 74 20 6f 66 20 69	ocation.List)`..Show.a.list.of.i
56600	6e 73 74 61 6c 6c 65 64 20 63 65 72 74 69 66 69 63 61 74 65 73 00 53 68 6f 77 20 61 6c 6c 20 42	nstalled.certificates.Show.all.B
56620	46 44 20 70 65 65 72 73 00 53 68 6f 77 20 61 76 61 69 6c 61 62 6c 65 20 6f 66 66 6c 6f 61 64 69	FD.peers.Show.available.offloadi
56640	6e 67 20 66 75 6e 63 74 69 6f 6e 73 20 6f 6e 20 67 69 76 65 6e 20 60 3c 69 6e 74 65 72 66 61 63	ng.functions.on.given.`<interfac
56660	65 3e 60 00 53 68 6f 77 20 62 69 6e 64 65 64 20 71 61 74 20 64 65 76 69 63 65 20 69 6e 74 65 72	e>`.Show.binded.qat.device.inter
56680	72 75 70 74 73 20 74 6f 20 63 65 72 74 61 69 6e 20 63 6f 72 65 2e 00 53 68 6f 77 20 62 72 69 64	rupts.to.certain.core..Show.brid
566a0	67 65 20 60 3c 6e 61 6d 65 3e 60 20 66 64 62 20 64 69 73 70 6c 61 79 73 20 74 68 65 20 63 75 72	ge.`<name>`.fdb.displays.the.cur
566c0	72 65 6e 74 20 66 6f 72 77 61 72 64 69 6e 67 20 74 61 62 6c 65 3a 00 53 68 6f 77 20 62 72 69 64	rent.forwarding.table:.Show.brid
566e0	67 65 20 60 3c 6e 61 6d 65 3e 60 20 6d 64 62 20 64 69 73 70 6c 61 79 73 20 74 68 65 20 63 75 72	ge.`<name>`.mdb.displays.the.cur
56700	72 65 6e 74 20 6d 75 6c 74 69 63 61 73 74 20 67 72 6f 75 70 20 6d 65 6d 62 65 72 73 68 69 70 20	rent.multicast.group.membership.
56720	74 61 62 6c 65 2e 54 68 65 20 74 61 62 6c 65 20 69 73 20 70 6f 70 75 6c 61 74 65 64 20 62 79 20	table.The.table.is.populated.by.
56740	49 47 4d 50 20 61 6e 64 20 4d 4c 44 20 73 6e 6f 6f 70 69 6e 67 20 69 6e 20 74 68 65 20 62 72 69	IGMP.and.MLD.snooping.in.the.bri
56760	64 67 65 20 64 72 69 76 65 72 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 2e 00 53 68 6f 77 20 62	dge.driver.automatically..Show.b
56780	72 69 65 66 20 69 6e 74 65 72 66 61 63 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 00 53 68 6f 77	rief.interface.information..Show
567a0	20 63 6f 6d 6d 61 6e 64 73 00 53 68 6f 77 20 63 6f 6e 66 69 67 75 72 65 64 20 73 65 72 69 61 6c	.commands.Show.configured.serial
567c0	20 70 6f 72 74 73 20 61 6e 64 20 74 68 65 69 72 20 72 65 73 70 65 63 74 69 76 65 20 69 6e 74 65	.ports.and.their.respective.inte
567e0	72 66 61 63 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2e 00 53 68 6f 77 20 63 6f 6e 6e 65 63	rface.configuration..Show.connec
56800	74 69 6f 6e 20 64 61 74 61 20 6f 66 20 6c 6f 61 64 20 62 61 6c 61 6e 63 65 64 20 74 72 61 66 66	tion.data.of.load.balanced.traff
56820	69 63 3a 00 53 68 6f 77 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 73 79 6e 63 69 6e 67 20 65 78 74 65	ic:.Show.connection.syncing.exte
56840	72 6e 61 6c 20 63 61 63 68 65 20 65 6e 74 72 69 65 73 00 53 68 6f 77 20 63 6f 6e 6e 65 63 74 69	rnal.cache.entries.Show.connecti
56860	6f 6e 20 73 79 6e 63 69 6e 67 20 69 6e 74 65 72 6e 61 6c 20 63 61 63 68 65 20 65 6e 74 72 69 65	on.syncing.internal.cache.entrie
56880	73 00 53 68 6f 77 20 63 75 72 72 65 6e 74 6c 79 20 63 6f 6e 6e 65 63 74 65 64 20 75 73 65 72 73	s.Show.currently.connected.users
568a0	2e 00 53 68 6f 77 20 64 65 74 61 69 6c 65 64 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75	..Show.detailed.information.abou
568c0	74 20 61 6c 6c 20 6c 65 61 72 6e 65 64 20 53 65 67 6d 65 6e 74 20 52 6f 75 74 69 6e 67 20 4e 6f	t.all.learned.Segment.Routing.No
568e0	64 65 73 00 53 68 6f 77 20 64 65 74 61 69 6c 65 64 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62	des.Show.detailed.information.ab
56900	6f 75 74 20 70 72 65 66 69 78 2d 73 69 64 20 61 6e 64 20 6c 61 62 65 6c 20 6c 65 61 72 6e 65 64	out.prefix-sid.and.label.learned
56920	00 53 68 6f 77 20 64 65 74 61 69 6c 65 64 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74	.Show.detailed.information.about
56940	20 74 68 65 20 75 6e 64 65 72 6c 61 79 69 6e 67 20 70 68 79 73 69 63 61 6c 20 6c 69 6e 6b 73 20	.the.underlaying.physical.links.
56960	6f 6e 20 67 69 76 65 6e 20 62 6f 6e 64 20 60 3c 69 6e 74 65 72 66 61 63 65 3e 60 2e 00 53 68 6f	on.given.bond.`<interface>`..Sho
56980	77 20 64 65 74 61 69 6c 65 64 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 6f 6e 20 67 69 76 65 6e 20	w.detailed.information.on.given.
569a0	60 3c 69 6e 74 65 72 66 61 63 65 3e 60 00 53 68 6f 77 20 64 65 74 61 69 6c 65 64 20 69 6e 66 6f	`<interface>`.Show.detailed.info
569c0	72 6d 61 74 69 6f 6e 20 6f 6e 20 74 68 65 20 67 69 76 65 6e 20 6c 6f 6f 70 62 61 63 6b 20 69 6e	rmation.on.the.given.loopback.in
569e0	74 65 72 66 61 63 65 20 60 6c 6f 60 2e 00 53 68 6f 77 20 64 65 74 61 69 6c 65 64 20 69 6e 66 6f	terface.`lo`..Show.detailed.info
56a00	72 6d 61 74 69 6f 6e 20 73 75 6d 6d 61 72 79 20 6f 6e 20 67 69 76 65 6e 20 60 3c 69 6e 74 65 72	rmation.summary.on.given.`<inter
56a20	66 61 63 65 3e 60 00 53 68 6f 77 20 66 6c 6f 77 20 61 63 63 6f 75 6e 74 69 6e 67 20 69 6e 66 6f	face>`.Show.flow.accounting.info
56a40	72 6d 61 74 69 6f 6e 20 66 6f 72 20 67 69 76 65 6e 20 60 3c 69 6e 74 65 72 66 61 63 65 3e 60 20	rmation.for.given.`<interface>`.
56a60	66 6f 72 20 61 20 73 70 65 63 69 66 69 63 20 68 6f 73 74 20 6f 6e 6c 79 2e 00 53 68 6f 77 20 66	for.a.specific.host.only..Show.f
56a80	6c 6f 77 20 61 63 63 6f 75 6e 74 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 66 6f 72 20 67	low.accounting.information.for.g
56aa0	69 76 65 6e 20 60 3c 69 6e 74 65 72 66 61 63 65 3e 60 2e 00 53 68 6f 77 20 67 65 6e 65 72 61 6c	iven.`<interface>`..Show.general
56ac0	20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 73 70 65 63 69 66 69 63 20 57 69 72 65	.information.about.specific.Wire
56ae0	47 75 61 72 64 20 69 6e 74 65 72 66 61 63 65 00 53 68 6f 77 20 69 6e 66 6f 20 61 62 6f 75 74 20	Guard.interface.Show.info.about.
56b00	74 68 65 20 57 69 72 65 67 75 61 72 64 20 73 65 72 76 69 63 65 2e 20 49 74 20 61 6c 73 6f 20 73	the.Wireguard.service..It.also.s
56b20	68 6f 77 73 20 74 68 65 20 6c 61 74 65 73 74 20 68 61 6e 64 73 68 61 6b 65 2e 00 53 68 6f 77 20	hows.the.latest.handshake..Show.
56b40	69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 70 68 79 73 69 63 61 6c 20 60 3c 69 6e 74	information.about.physical.`<int
56b60	65 72 66 61 63 65 3e 60 00 53 68 6f 77 20 6c 6f 67 73 20 66 72 6f 6d 20 61 20 67 69 76 65 6e 20	erface>`.Show.logs.from.a.given.
56b80	63 6f 6e 74 61 69 6e 65 72 00 53 68 6f 77 20 6c 6f 67 73 20 66 72 6f 6d 20 61 6c 6c 20 44 48 43	container.Show.logs.from.all.DHC
56ba0	50 20 63 6c 69 65 6e 74 20 70 72 6f 63 65 73 73 65 73 2e 00 53 68 6f 77 20 6c 6f 67 73 20 66 72	P.client.processes..Show.logs.fr
56bc0	6f 6d 20 61 6c 6c 20 44 48 43 50 76 36 20 63 6c 69 65 6e 74 20 70 72 6f 63 65 73 73 65 73 2e 00	om.all.DHCPv6.client.processes..
56be0	53 68 6f 77 20 6c 6f 67 73 20 66 72 6f 6d 20 73 70 65 63 69 66 69 63 20 60 69 6e 74 65 72 66 61	Show.logs.from.specific.`interfa
56c00	63 65 60 20 44 48 43 50 20 63 6c 69 65 6e 74 20 70 72 6f 63 65 73 73 2e 00 53 68 6f 77 20 6c 6f	ce`.DHCP.client.process..Show.lo
56c20	67 73 20 66 72 6f 6d 20 73 70 65 63 69 66 69 63 20 60 69 6e 74 65 72 66 61 63 65 60 20 44 48 43	gs.from.specific.`interface`.DHC
56c40	50 76 36 20 63 6c 69 65 6e 74 20 70 72 6f 63 65 73 73 2e 00 53 68 6f 77 20 6f 6e 6c 79 20 69 6e	Pv6.client.process..Show.only.in
56c60	66 6f 72 6d 61 74 69 6f 6e 20 66 6f 72 20 73 70 65 63 69 66 69 65 64 20 43 65 72 74 69 66 69 63	formation.for.specified.Certific
56c80	61 74 65 20 41 75 74 68 6f 72 69 74 79 2e 00 53 68 6f 77 20 6f 6e 6c 79 20 69 6e 66 6f 72 6d 61	ate.Authority..Show.only.informa
56ca0	74 69 6f 6e 20 66 6f 72 20 73 70 65 63 69 66 69 65 64 20 63 65 72 74 69 66 69 63 61 74 65 2e 00	tion.for.specified.certificate..
56cc0	53 68 6f 77 20 6f 6e 6c 79 20 6c 65 61 73 65 73 20 69 6e 20 74 68 65 20 73 70 65 63 69 66 69 65	Show.only.leases.in.the.specifie
56ce0	64 20 70 6f 6f 6c 2e 00 53 68 6f 77 20 6f 6e 6c 79 20 6c 65 61 73 65 73 20 77 69 74 68 20 74 68	d.pool..Show.only.leases.with.th
56d00	65 20 73 70 65 63 69 66 69 65 64 20 73 74 61 74 65 2e 20 50 6f 73 73 69 62 6c 65 20 73 74 61 74	e.specified.state..Possible.stat
56d20	65 73 3a 20 61 62 61 6e 64 6f 6e 65 64 2c 20 61 63 74 69 76 65 2c 20 61 6c 6c 2c 20 62 61 63 6b	es:.abandoned,.active,.all,.back
56d40	75 70 2c 20 65 78 70 69 72 65 64 2c 20 66 72 65 65 2c 20 72 65 6c 65 61 73 65 64 2c 20 72 65 73	up,.expired,.free,.released,.res
56d60	65 74 20 28 64 65 66 61 75 6c 74 20 3d 20 61 63 74 69 76 65 29 00 53 68 6f 77 20 6f 6e 6c 79 20	et.(default.=.active).Show.only.
56d80	6c 65 61 73 65 73 20 77 69 74 68 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 73 74 61 74 65 2e	leases.with.the.specified.state.
56da0	20 50 6f 73 73 69 62 6c 65 20 73 74 61 74 65 73 3a 20 61 6c 6c 2c 20 61 63 74 69 76 65 2c 20 66	.Possible.states:.all,.active,.f
56dc0	72 65 65 2c 20 65 78 70 69 72 65 64 2c 20 72 65 6c 65 61 73 65 64 2c 20 61 62 61 6e 64 6f 6e 65	ree,.expired,.released,.abandone
56de0	64 2c 20 72 65 73 65 74 2c 20 62 61 63 6b 75 70 20 28 64 65 66 61 75 6c 74 20 3d 20 61 63 74 69	d,.reset,.backup.(default.=.acti
56e00	76 65 29 00 53 68 6f 77 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 20 65 6e 74 72 79 20 66 6f 72	ve).Show.routing.table.entry.for
56e20	20 74 68 65 20 64 65 66 61 75 6c 74 20 72 6f 75 74 65 2e 00 53 68 6f 77 20 73 70 65 63 69 66 69	.the.default.route..Show.specifi
56e40	63 20 4d 41 43 73 65 63 20 69 6e 74 65 72 66 61 63 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 00 53	c.MACsec.interface.information.S
56e60	68 6f 77 20 73 74 61 74 75 73 20 6f 66 20 6e 65 77 20 73 65 74 75 70 3a 00 53 68 6f 77 20 73 74	how.status.of.new.setup:.Show.st
56e80	61 74 75 73 65 73 20 6f 66 20 61 6c 6c 20 61 63 74 69 76 65 20 6c 65 61 73 65 73 3a 00 53 68 6f	atuses.of.all.active.leases:.Sho
56ea0	77 20 74 68 65 20 44 48 43 50 20 73 65 72 76 65 72 20 73 74 61 74 69 73 74 69 63 73 20 66 6f 72	w.the.DHCP.server.statistics.for
56ec0	20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 70 6f 6f 6c 2e 00 53 68 6f 77 20 74 68 65 20 44 48	.the.specified.pool..Show.the.DH
56ee0	43 50 20 73 65 72 76 65 72 20 73 74 61 74 69 73 74 69 63 73 3a 00 53 68 6f 77 20 74 68 65 20 63	CP.server.statistics:.Show.the.c
56f00	6f 6e 73 6f 6c 65 20 73 65 72 76 65 72 20 6c 6f 67 2e 00 53 68 6f 77 20 74 68 65 20 66 75 6c 6c	onsole.server.log..Show.the.full
56f20	20 63 6f 6e 66 69 67 20 75 70 6c 6f 61 64 65 64 20 74 6f 20 74 68 65 20 51 41 54 20 64 65 76 69	.config.uploaded.to.the.QAT.devi
56f40	63 65 2e 00 53 68 6f 77 20 74 68 65 20 6c 69 73 74 20 6f 66 20 61 6c 6c 20 61 63 74 69 76 65 20	ce..Show.the.list.of.all.active.
56f60	63 6f 6e 74 61 69 6e 65 72 73 2e 00 53 68 6f 77 20 74 68 65 20 6c 6f 63 61 6c 20 63 6f 6e 74 61	containers..Show.the.local.conta
56f80	69 6e 65 72 20 69 6d 61 67 65 73 2e 00 53 68 6f 77 20 74 68 65 20 6c 6f 67 73 20 6f 66 20 61 20	iner.images..Show.the.logs.of.a.
56fa0	73 70 65 63 69 66 69 63 20 52 75 6c 65 2d 53 65 74 2e 00 53 68 6f 77 20 74 68 65 20 72 6f 75 74	specific.Rule-Set..Show.the.rout
56fc0	65 00 53 68 6f 77 20 74 72 61 6e 73 63 65 69 76 65 72 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 66	e.Show.transceiver.information.f
56fe0	72 6f 6d 20 70 6c 75 67 69 6e 20 6d 6f 64 75 6c 65 73 2c 20 65 2e 67 20 53 46 50 2b 2c 20 51 53	rom.plugin.modules,.e.g.SFP+,.QS
57000	46 50 00 53 68 6f 77 69 6e 67 20 42 46 44 20 6d 6f 6e 69 74 6f 72 65 64 20 73 74 61 74 69 63 20	FP.Showing.BFD.monitored.static.
57020	72 6f 75 74 65 73 00 53 68 6f 77 73 20 73 74 61 74 75 73 20 6f 66 20 61 6c 6c 20 61 73 73 69 67	routes.Shows.status.of.all.assig
57040	6e 65 64 20 6c 65 61 73 65 73 3a 00 53 69 64 65 20 41 3a 00 53 69 64 65 20 42 3a 00 53 69 65 72	ned.leases:.Side.A:.Side.B:.Sier
57060	72 61 20 57 69 72 65 6c 65 73 73 20 41 69 72 50 72 69 6d 65 20 4d 43 37 33 30 34 20 6d 69 6e 69	ra.Wireless.AirPrime.MC7304.mini
57080	50 43 49 65 20 63 61 72 64 20 28 4c 54 45 29 00 53 69 65 72 72 61 20 57 69 72 65 6c 65 73 73 20	PCIe.card.(LTE).Sierra.Wireless.
570a0	41 69 72 50 72 69 6d 65 20 4d 43 37 34 33 30 20 6d 69 6e 69 50 43 49 65 20 63 61 72 64 20 28 4c	AirPrime.MC7430.miniPCIe.card.(L
570c0	54 45 29 00 53 69 65 72 72 61 20 57 69 72 65 6c 65 73 73 20 41 69 72 50 72 69 6d 65 20 4d 43 37	TE).Sierra.Wireless.AirPrime.MC7
570e0	34 35 35 20 6d 69 6e 69 50 43 49 65 20 63 61 72 64 20 28 4c 54 45 29 00 53 69 65 72 72 61 20 57	455.miniPCIe.card.(LTE).Sierra.W
57100	69 72 65 6c 65 73 73 20 41 69 72 50 72 69 6d 65 20 4d 43 37 37 31 30 20 6d 69 6e 69 50 43 49 65	ireless.AirPrime.MC7710.miniPCIe
57120	20 63 61 72 64 20 28 4c 54 45 29 00 53 69 6d 69 6c 61 72 20 63 6f 6d 62 69 6e 61 74 69 6f 6e 73	.card.(LTE).Similar.combinations
57140	20 61 72 65 20 61 70 70 6c 69 63 61 62 6c 65 20 66 6f 72 20 74 68 65 20 64 65 61 64 2d 70 65 65	.are.applicable.for.the.dead-pee
57160	72 2d 64 65 74 65 63 74 69 6f 6e 2e 00 53 69 6d 70 6c 65 20 42 61 62 65 6c 20 63 6f 6e 66 69 67	r-detection..Simple.Babel.config
57180	75 72 61 74 69 6f 6e 20 75 73 69 6e 67 20 32 20 6e 6f 64 65 73 20 61 6e 64 20 72 65 64 69 73 74	uration.using.2.nodes.and.redist
571a0	72 69 62 75 74 69 6e 67 20 63 6f 6e 6e 65 63 74 65 64 20 69 6e 74 65 72 66 61 63 65 73 2e 00 53	ributing.connected.interfaces..S
571c0	69 6d 70 6c 65 20 52 49 50 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 75 73 69 6e 67 20 32 20	imple.RIP.configuration.using.2.
571e0	6e 6f 64 65 73 20 61 6e 64 20 72 65 64 69 73 74 72 69 62 75 74 69 6e 67 20 63 6f 6e 6e 65 63 74	nodes.and.redistributing.connect
57200	65 64 20 69 6e 74 65 72 66 61 63 65 73 2e 00 53 69 6d 70 6c 65 20 73 65 74 75 70 20 77 69 74 68	ed.interfaces..Simple.setup.with
57220	20 6f 6e 65 20 75 73 65 72 20 61 64 64 65 64 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 75 74	.one.user.added.and.password.aut
57240	68 65 6e 74 69 63 61 74 69 6f 6e 3a 00 53 69 6d 70 6c 65 20 74 65 78 74 20 70 61 73 73 77 6f 72	hentication:.Simple.text.passwor
57260	64 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 69 73 20 69 6e 73 65 63 75 72 65 20 61 6e 64	d.authentication.is.insecure.and
57280	20 64 65 70 72 65 63 61 74 65 64 20 69 6e 20 66 61 76 6f 75 72 20 6f 66 20 4d 44 35 20 48 4d 41	.deprecated.in.favour.of.MD5.HMA
572a0	43 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 2e 00 53 69 6e 63 65 20 62 6f 74 68 20 72 6f 75	C.authentication..Since.both.rou
572c0	74 65 72 73 20 64 6f 20 6e 6f 74 20 6b 6e 6f 77 20 74 68 65 69 72 20 65 66 66 65 63 74 69 76 65	ters.do.not.know.their.effective
572e0	20 70 75 62 6c 69 63 20 61 64 64 72 65 73 73 65 73 2c 20 77 65 20 73 65 74 20 74 68 65 20 6c 6f	.public.addresses,.we.set.the.lo
57300	63 61 6c 2d 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 70 65 65 72 20 74 6f 20 22 61 6e 79 22	cal-address.of.the.peer.to."any"
57320	2e 00 53 69 6e 63 65 20 69 74 27 73 20 61 20 48 51 20 61 6e 64 20 62 72 61 6e 63 68 20 6f 66 66	..Since.it's.a.HQ.and.branch.off
57340	69 63 65 73 20 73 65 74 75 70 2c 20 77 65 20 77 69 6c 6c 20 77 61 6e 74 20 61 6c 6c 20 63 6c 69	ices.setup,.we.will.want.all.cli
57360	65 6e 74 73 20 74 6f 20 68 61 76 65 20 66 69 78 65 64 20 61 64 64 72 65 73 73 65 73 20 61 6e 64	ents.to.have.fixed.addresses.and
57380	20 77 65 20 77 69 6c 6c 20 72 6f 75 74 65 20 74 72 61 66 66 69 63 20 74 6f 20 73 70 65 63 69 66	.we.will.route.traffic.to.specif
573a0	69 63 20 73 75 62 6e 65 74 73 20 74 68 72 6f 75 67 68 20 74 68 65 6d 2e 20 57 65 20 6e 65 65 64	ic.subnets.through.them..We.need
573c0	20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 66 6f 72 20 65 61 63 68 20 63 6c 69 65 6e 74 20 74	.configuration.for.each.client.t
573e0	6f 20 61 63 68 69 65 76 65 20 74 68 69 73 2e 00 53 69 6e 63 65 20 74 68 65 20 52 41 44 49 55 53	o.achieve.this..Since.the.RADIUS
57400	20 73 65 72 76 65 72 20 77 6f 75 6c 64 20 62 65 20 61 20 73 69 6e 67 6c 65 20 70 6f 69 6e 74 20	.server.would.be.a.single.point.
57420	6f 66 20 66 61 69 6c 75 72 65 2c 20 6d 75 6c 74 69 70 6c 65 20 52 41 44 49 55 53 20 73 65 72 76	of.failure,.multiple.RADIUS.serv
57440	65 72 73 20 63 61 6e 20 62 65 20 73 65 74 75 70 20 61 6e 64 20 77 69 6c 6c 20 62 65 20 75 73 65	ers.can.be.setup.and.will.be.use
57460	64 20 73 75 62 73 65 71 75 65 6e 74 69 61 6c 6c 79 2e 00 53 69 6e 63 65 20 74 68 65 20 6d 44 4e	d.subsequentially..Since.the.mDN
57480	53 20 70 72 6f 74 6f 63 6f 6c 20 73 65 6e 64 73 20 74 68 65 20 41 41 20 72 65 63 6f 72 64 73 20	S.protocol.sends.the.AA.records.
574a0	69 6e 20 74 68 65 20 70 61 63 6b 65 74 20 69 74 73 65 6c 66 2c 20 74 68 65 20 72 65 70 65 61 74	in.the.packet.itself,.the.repeat
574c0	65 72 20 64 6f 65 73 20 6e 6f 74 20 6e 65 65 64 20 74 6f 20 66 6f 72 67 65 20 74 68 65 20 73 6f	er.does.not.need.to.forge.the.so
574e0	75 72 63 65 20 61 64 64 72 65 73 73 2e 20 49 6e 73 74 65 61 64 2c 20 74 68 65 20 73 6f 75 72 63	urce.address..Instead,.the.sourc
57500	65 20 61 64 64 72 65 73 73 20 69 73 20 6f 66 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 74 68	e.address.is.of.the.interface.th
57520	61 74 20 72 65 70 65 61 74 73 20 74 68 65 20 70 61 63 6b 65 74 2e 00 53 69 6e 67 6c 65 20 56 58	at.repeats.the.packet..Single.VX
57540	4c 41 4e 20 64 65 76 69 63 65 20 28 53 56 44 29 00 53 69 74 65 20 74 6f 20 53 69 74 65 20 56 50	LAN.device.(SVD).Site.to.Site.VP
57560	4e 00 53 69 74 65 2d 74 6f 2d 53 69 74 65 00 53 69 74 65 2d 74 6f 2d 73 69 74 65 20 6d 6f 64 65	N.Site-to-Site.Site-to-site.mode
57580	20 70 72 6f 76 69 64 65 73 20 61 20 77 61 79 20 74 6f 20 61 64 64 20 72 65 6d 6f 74 65 20 70 65	.provides.a.way.to.add.remote.pe
575a0	65 72 73 2c 20 77 68 69 63 68 20 63 6f 75 6c 64 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 74	ers,.which.could.be.configured.t
575c0	6f 20 65 78 63 68 61 6e 67 65 20 65 6e 63 72 79 70 74 65 64 20 69 6e 66 6f 72 6d 61 74 69 6f 6e	o.exchange.encrypted.information
575e0	20 62 65 74 77 65 65 6e 20 74 68 65 6d 20 61 6e 64 20 56 79 4f 53 20 69 74 73 65 6c 66 20 6f 72	.between.them.and.VyOS.itself.or
57600	20 63 6f 6e 6e 65 63 74 65 64 2f 72 6f 75 74 65 64 20 6e 65 74 77 6f 72 6b 73 2e 00 53 69 74 65	.connected/routed.networks..Site
57620	2d 74 6f 2d 73 69 74 65 20 6d 6f 64 65 20 73 75 70 70 6f 72 74 73 20 78 2e 35 30 39 20 62 75 74	-to-site.mode.supports.x.509.but
57640	20 64 6f 65 73 6e 27 74 20 72 65 71 75 69 72 65 20 69 74 20 61 6e 64 20 63 61 6e 20 61 6c 73 6f	.doesn't.require.it.and.can.also
57660	20 77 6f 72 6b 20 77 69 74 68 20 73 74 61 74 69 63 20 6b 65 79 73 2c 20 77 68 69 63 68 20 69 73	.work.with.static.keys,.which.is
57680	20 73 69 6d 70 6c 65 72 20 69 6e 20 6d 61 6e 79 20 63 61 73 65 73 2e 20 49 6e 20 74 68 69 73 20	.simpler.in.many.cases..In.this.
576a0	65 78 61 6d 70 6c 65 2c 20 77 65 27 6c 6c 20 63 6f 6e 66 69 67 75 72 65 20 61 20 73 69 6d 70 6c	example,.we'll.configure.a.simpl
576c0	65 20 73 69 74 65 2d 74 6f 2d 73 69 74 65 20 4f 70 65 6e 56 50 4e 20 74 75 6e 6e 65 6c 20 75 73	e.site-to-site.OpenVPN.tunnel.us
576e0	69 6e 67 20 61 20 32 30 34 38 2d 62 69 74 20 70 72 65 2d 73 68 61 72 65 64 20 6b 65 79 2e 00 53	ing.a.2048-bit.pre-shared.key..S
57700	6c 61 76 65 20 73 65 6c 65 63 74 69 6f 6e 20 66 6f 72 20 6f 75 74 67 6f 69 6e 67 20 74 72 61 66	lave.selection.for.outgoing.traf
57720	66 69 63 20 69 73 20 64 6f 6e 65 20 61 63 63 6f 72 64 69 6e 67 20 74 6f 20 74 68 65 20 74 72 61	fic.is.done.according.to.the.tra
57740	6e 73 6d 69 74 20 68 61 73 68 20 70 6f 6c 69 63 79 2c 20 77 68 69 63 68 20 6d 61 79 20 62 65 20	nsmit.hash.policy,.which.may.be.
57760	63 68 61 6e 67 65 64 20 66 72 6f 6d 20 74 68 65 20 64 65 66 61 75 6c 74 20 73 69 6d 70 6c 65 20	changed.from.the.default.simple.
57780	58 4f 52 20 70 6f 6c 69 63 79 20 76 69 61 20 74 68 65 20 3a 63 66 67 63 6d 64 3a 60 68 61 73 68	XOR.policy.via.the.:cfgcmd:`hash
577a0	2d 70 6f 6c 69 63 79 60 20 6f 70 74 69 6f 6e 2c 20 64 6f 63 75 6d 65 6e 74 65 64 20 62 65 6c 6f	-policy`.option,.documented.belo
577c0	77 2e 00 53 6f 20 69 6e 20 6f 75 72 20 66 69 72 65 77 61 6c 6c 20 70 6f 6c 69 63 79 2c 20 77 65	w..So.in.our.firewall.policy,.we
577e0	20 77 61 6e 74 20 74 6f 20 61 6c 6c 6f 77 20 74 72 61 66 66 69 63 20 63 6f 6d 69 6e 67 20 69 6e	.want.to.allow.traffic.coming.in
57800	20 6f 6e 20 74 68 65 20 6f 75 74 73 69 64 65 20 69 6e 74 65 72 66 61 63 65 2c 20 64 65 73 74 69	.on.the.outside.interface,.desti
57820	6e 65 64 20 66 6f 72 20 54 43 50 20 70 6f 72 74 20 38 30 20 61 6e 64 20 74 68 65 20 49 50 20 61	ned.for.TCP.port.80.and.the.IP.a
57840	64 64 72 65 73 73 20 6f 66 20 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 2e 00 53 6f 6c 61 72 57 69	ddress.of.192.168.0.100..SolarWi
57860	6e 64 73 00 53 6f 6d 65 20 49 53 50 73 20 62 79 20 64 65 66 61 75 6c 74 20 6f 6e 6c 79 20 64 65	nds.Some.ISPs.by.default.only.de
57880	6c 65 67 61 74 65 20 61 20 2f 36 34 20 70 72 65 66 69 78 2e 20 54 6f 20 72 65 71 75 65 73 74 20	legate.a./64.prefix..To.request.
578a0	66 6f 72 20 61 20 73 70 65 63 69 66 69 63 20 70 72 65 66 69 78 20 73 69 7a 65 20 75 73 65 20 74	for.a.specific.prefix.size.use.t
578c0	68 69 73 20 6f 70 74 69 6f 6e 20 74 6f 20 72 65 71 75 65 73 74 20 66 6f 72 20 61 20 62 69 67 67	his.option.to.request.for.a.bigg
578e0	65 72 20 64 65 6c 65 67 61 74 69 6f 6e 20 66 6f 72 20 74 68 69 73 20 70 64 20 60 3c 69 64 3e 60	er.delegation.for.this.pd.`<id>`
57900	2e 20 54 68 69 73 20 76 61 6c 75 65 20 69 73 20 69 6e 20 74 68 65 20 72 61 6e 67 65 20 66 72 6f	..This.value.is.in.the.range.fro
57920	6d 20 33 32 20 2d 20 36 34 20 73 6f 20 79 6f 75 20 63 6f 75 6c 64 20 72 65 71 75 65 73 74 20 75	m.32.-.64.so.you.could.request.u
57940	70 20 74 6f 20 61 20 2f 33 32 20 70 72 65 66 69 78 20 28 69 66 20 79 6f 75 72 20 49 53 50 20 61	p.to.a./32.prefix.(if.your.ISP.a
57960	6c 6c 6f 77 73 20 74 68 69 73 29 20 64 6f 77 6e 20 74 6f 20 61 20 2f 36 34 20 64 65 6c 65 67 61	llows.this).down.to.a./64.delega
57980	74 69 6f 6e 2e 00 53 6f 6d 65 20 49 54 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 73 20 72 65 71 75 69	tion..Some.IT.environments.requi
579a0	72 65 20 74 68 65 20 75 73 65 20 6f 66 20 61 20 70 72 6f 78 79 20 74 6f 20 63 6f 6e 6e 65 63 74	re.the.use.of.a.proxy.to.connect
579c0	20 74 6f 20 74 68 65 20 49 6e 74 65 72 6e 65 74 2e 20 57 69 74 68 6f 75 74 20 74 68 69 73 20 63	.to.the.Internet..Without.this.c
579e0	6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 56 79 4f 53 20 75 70 64 61 74 65 73 20 63 6f 75 6c 64 20	onfiguration.VyOS.updates.could.
57a00	6e 6f 74 20 62 65 20 69 6e 73 74 61 6c 6c 65 64 20 64 69 72 65 63 74 6c 79 20 62 79 20 75 73 69	not.be.installed.directly.by.usi
57a20	6e 67 20 74 68 65 20 3a 6f 70 63 6d 64 3a 60 61 64 64 20 73 79 73 74 65 6d 20 69 6d 61 67 65 60	ng.the.:opcmd:`add.system.image`
57a40	20 63 6f 6d 6d 61 6e 64 20 28 3a 72 65 66 3a 60 75 70 64 61 74 65 5f 76 79 6f 73 60 29 2e 00 53	.command.(:ref:`update_vyos`)..S
57a60	6f 6d 65 20 52 41 44 49 55 53 5f 20 73 65 76 65 72 73 20 75 73 65 20 61 6e 20 61 63 63 65 73 73	ome.RADIUS_.severs.use.an.access
57a80	20 63 6f 6e 74 72 6f 6c 20 6c 69 73 74 20 77 68 69 63 68 20 61 6c 6c 6f 77 73 20 6f 72 20 64 65	.control.list.which.allows.or.de
57aa0	6e 69 65 73 20 71 75 65 72 69 65 73 2c 20 6d 61 6b 65 20 73 75 72 65 20 74 6f 20 61 64 64 20 79	nies.queries,.make.sure.to.add.y
57ac0	6f 75 72 20 56 79 4f 53 20 72 6f 75 74 65 72 20 74 6f 20 74 68 65 20 61 6c 6c 6f 77 65 64 20 63	our.VyOS.router.to.the.allowed.c
57ae0	6c 69 65 6e 74 20 6c 69 73 74 2e 00 53 6f 6d 65 20 61 70 70 6c 69 63 61 74 69 6f 6e 20 73 65 72	lient.list..Some.application.ser
57b00	76 69 63 65 20 70 72 6f 76 69 64 65 72 73 20 28 41 53 50 73 29 20 6f 70 65 72 61 74 65 20 61 20	vice.providers.(ASPs).operate.a.
57b20	56 50 4e 20 67 61 74 65 77 61 79 20 74 6f 20 70 72 6f 76 69 64 65 20 61 63 63 65 73 73 20 74 6f	VPN.gateway.to.provide.access.to
57b40	20 74 68 65 69 72 20 69 6e 74 65 72 6e 61 6c 20 72 65 73 6f 75 72 63 65 73 2c 20 61 6e 64 20 72	.their.internal.resources,.and.r
57b60	65 71 75 69 72 65 20 74 68 61 74 20 61 20 63 6f 6e 6e 65 63 74 69 6e 67 20 6f 72 67 61 6e 69 73	equire.that.a.connecting.organis
57b80	61 74 69 6f 6e 20 74 72 61 6e 73 6c 61 74 65 20 61 6c 6c 20 74 72 61 66 66 69 63 20 74 6f 20 74	ation.translate.all.traffic.to.t
57ba0	68 65 20 73 65 72 76 69 63 65 20 70 72 6f 76 69 64 65 72 20 6e 65 74 77 6f 72 6b 20 74 6f 20 61	he.service.provider.network.to.a
57bc0	20 73 6f 75 72 63 65 20 61 64 64 72 65 73 73 20 70 72 6f 76 69 64 65 64 20 62 79 20 74 68 65 20	.source.address.provided.by.the.
57be0	41 53 50 2e 00 53 6f 6d 65 20 66 69 72 65 77 61 6c 6c 20 73 65 74 74 69 6e 67 73 20 61 72 65 20	ASP..Some.firewall.settings.are.
57c00	67 6c 6f 62 61 6c 20 61 6e 64 20 68 61 76 65 20 61 6e 20 61 66 66 65 63 74 20 6f 6e 20 74 68 65	global.and.have.an.affect.on.the
57c20	20 77 68 6f 6c 65 20 73 79 73 74 65 6d 2e 00 53 6f 6d 65 20 70 6f 6c 69 63 69 65 73 20 61 6c 72	.whole.system..Some.policies.alr
57c40	65 61 64 79 20 69 6e 63 6c 75 64 65 20 6f 74 68 65 72 20 65 6d 62 65 64 64 65 64 20 70 6f 6c 69	eady.include.other.embedded.poli
57c60	63 69 65 73 20 69 6e 73 69 64 65 2e 20 54 68 61 74 20 69 73 20 74 68 65 20 63 61 73 65 20 6f 66	cies.inside..That.is.the.case.of
57c80	20 53 68 61 70 65 72 5f 3a 20 65 61 63 68 20 6f 66 20 69 74 73 20 63 6c 61 73 73 65 73 20 75 73	.Shaper_:.each.of.its.classes.us
57ca0	65 20 66 61 69 72 2d 71 75 65 75 65 20 75 6e 6c 65 73 73 20 79 6f 75 20 63 68 61 6e 67 65 20 69	e.fair-queue.unless.you.change.i
57cc0	74 2e 00 53 6f 6d 65 20 70 6f 6c 69 63 69 65 73 20 63 61 6e 20 62 65 20 63 6f 6d 62 69 6e 65 64	t..Some.policies.can.be.combined
57ce0	2c 20 79 6f 75 20 77 69 6c 6c 20 62 65 20 61 62 6c 65 20 74 6f 20 65 6d 62 65 64 5f 20 61 20 64	,.you.will.be.able.to.embed_.a.d
57d00	69 66 66 65 72 65 6e 74 20 70 6f 6c 69 63 79 20 74 68 61 74 20 77 69 6c 6c 20 62 65 20 61 70 70	ifferent.policy.that.will.be.app
57d20	6c 69 65 64 20 74 6f 20 61 20 63 6c 61 73 73 20 6f 66 20 74 68 65 20 6d 61 69 6e 20 70 6f 6c 69	lied.to.a.class.of.the.main.poli
57d40	63 79 2e 00 53 6f 6d 65 20 70 72 6f 78 79 73 20 72 65 71 75 69 72 65 2f 73 75 70 70 6f 72 74 20	cy..Some.proxys.require/support.
57d60	74 68 65 20 22 62 61 73 69 63 22 20 48 54 54 50 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20	the."basic".HTTP.authentication.
57d80	73 63 68 65 6d 65 20 61 73 20 70 65 72 20 3a 72 66 63 3a 60 37 36 31 37 60 2c 20 74 68 75 73 20	scheme.as.per.:rfc:`7617`,.thus.
57da0	61 20 70 61 73 73 77 6f 72 64 20 63 61 6e 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 2e 00 53 6f	a.password.can.be.configured..So
57dc0	6d 65 20 70 72 6f 78 79 73 20 72 65 71 75 69 72 65 2f 73 75 70 70 6f 72 74 20 74 68 65 20 22 62	me.proxys.require/support.the."b
57de0	61 73 69 63 22 20 48 54 54 50 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 73 63 68 65 6d 65	asic".HTTP.authentication.scheme
57e00	20 61 73 20 70 65 72 20 3a 72 66 63 3a 60 37 36 31 37 60 2c 20 74 68 75 73 20 61 20 75 73 65 72	.as.per.:rfc:`7617`,.thus.a.user
57e20	6e 61 6d 65 20 63 61 6e 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 2e 00 53 6f 6d 65 20 72 65 63	name.can.be.configured..Some.rec
57e40	65 6e 74 20 49 53 50 73 20 72 65 71 75 69 72 65 20 79 6f 75 20 74 6f 20 62 75 69 6c 64 20 74 68	ent.ISPs.require.you.to.build.th
57e60	65 20 50 50 50 6f 45 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 74 68 72 6f 75 67 68 20 61 20 56 4c 41	e.PPPoE.connection.through.a.VLA
57e80	4e 20 69 6e 74 65 72 66 61 63 65 2e 20 4f 6e 65 20 6f 66 20 74 68 6f 73 65 20 49 53 50 73 20 69	N.interface..One.of.those.ISPs.i
57ea0	73 20 65 2e 67 2e 20 44 65 75 74 73 63 68 65 20 54 65 6c 65 6b 6f 6d 20 69 6e 20 47 65 72 6d 61	s.e.g..Deutsche.Telekom.in.Germa
57ec0	6e 79 2e 20 56 79 4f 53 20 63 61 6e 20 65 61 73 69 6c 79 20 63 72 65 61 74 65 20 61 20 50 50 50	ny..VyOS.can.easily.create.a.PPP
57ee0	6f 45 20 73 65 73 73 69 6f 6e 20 74 68 72 6f 75 67 68 20 61 6e 20 65 6e 63 61 70 73 75 6c 61 74	oE.session.through.an.encapsulat
57f00	65 64 20 56 4c 41 4e 20 69 6e 74 65 72 66 61 63 65 2e 20 54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67	ed.VLAN.interface..The.following
57f20	20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 77 69 6c 6c 20 72 75 6e 20 79 6f 75 72 20 50 50 50	.configuration.will.run.your.PPP
57f40	6f 45 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 74 68 72 6f 75 67 68 20 56 4c 41 4e 37 20 77 68 69 63	oE.connection.through.VLAN7.whic
57f60	68 20 69 73 20 74 68 65 20 64 65 66 61 75 6c 74 20 56 4c 41 4e 20 66 6f 72 20 44 65 75 74 73 63	h.is.the.default.VLAN.for.Deutsc
57f80	68 65 20 54 65 6c 65 6b 6f 6d 3a 00 53 6f 6d 65 20 73 65 72 76 69 63 65 73 20 64 6f 6e 27 74 20	he.Telekom:.Some.services.don't.
57fa0	77 6f 72 6b 20 63 6f 72 72 65 63 74 6c 79 20 77 68 65 6e 20 62 65 69 6e 67 20 68 61 6e 64 6c 65	work.correctly.when.being.handle
57fc0	64 20 76 69 61 20 61 20 77 65 62 20 70 72 6f 78 79 2e 20 53 6f 20 73 6f 6d 65 74 69 6d 65 73 20	d.via.a.web.proxy..So.sometimes.
57fe0	69 74 20 69 73 20 75 73 65 66 75 6c 20 74 6f 20 62 79 70 61 73 73 20 61 20 74 72 61 6e 73 70 61	it.is.useful.to.bypass.a.transpa
58000	72 65 6e 74 20 70 72 6f 78 79 3a 00 53 6f 6d 65 20 75 73 65 72 73 20 74 65 6e 64 20 74 6f 20 63	rent.proxy:.Some.users.tend.to.c
58020	6f 6e 6e 65 63 74 20 74 68 65 69 72 20 6d 6f 62 69 6c 65 20 64 65 76 69 63 65 73 20 75 73 69 6e	onnect.their.mobile.devices.usin
58040	67 20 57 69 72 65 47 75 61 72 64 20 74 6f 20 74 68 65 69 72 20 56 79 4f 53 20 72 6f 75 74 65 72	g.WireGuard.to.their.VyOS.router
58060	2e 20 54 6f 20 65 61 73 65 20 64 65 70 6c 6f 79 6d 65 6e 74 20 6f 6e 65 20 63 61 6e 20 67 65 6e	..To.ease.deployment.one.can.gen
58080	65 72 61 74 65 20 61 20 22 70 65 72 20 6d 6f 62 69 6c 65 22 20 63 6f 6e 66 69 67 75 72 61 74 69	erate.a."per.mobile".configurati
580a0	6f 6e 20 66 72 6f 6d 20 74 68 65 20 56 79 4f 53 20 43 4c 49 2e 00 53 6f 6d 65 74 69 6d 65 73 20	on.from.the.VyOS.CLI..Sometimes.
580c0	6f 70 74 69 6f 6e 20 6c 69 6e 65 73 20 69 6e 20 74 68 65 20 67 65 6e 65 72 61 74 65 64 20 4f 70	option.lines.in.the.generated.Op
580e0	65 6e 56 50 4e 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 72 65 71 75 69 72 65 20 71 75 6f 74	enVPN.configuration.require.quot
58100	65 73 2e 20 54 68 69 73 20 69 73 20 64 6f 6e 65 20 74 68 72 6f 75 67 68 20 61 20 68 61 63 6b 20	es..This.is.done.through.a.hack.
58120	6f 6e 20 6f 75 72 20 63 6f 6e 66 69 67 20 67 65 6e 65 72 61 74 6f 72 2e 20 59 6f 75 20 63 61 6e	on.our.config.generator..You.can
58140	20 70 61 73 73 20 71 75 6f 74 65 73 20 75 73 69 6e 67 20 74 68 65 20 60 60 26 71 75 6f 74 3b 60	.pass.quotes.using.the.``&quot;`
58160	60 20 73 74 61 74 65 6d 65 6e 74 2e 00 53 6f 72 74 20 74 68 65 20 6f 75 74 70 75 74 20 62 79 20	`.statement..Sort.the.output.by.
58180	74 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 2e 20 50 6f 73 73 69 62 6c 65 20 6b 65 79 73	the.specified.key..Possible.keys
581a0	3a 20 65 78 70 69 72 65 73 2c 20 69 61 69 64 5f 64 75 69 64 2c 20 69 70 2c 20 6c 61 73 74 5f 63	:.expires,.iaid_duid,.ip,.last_c
581c0	6f 6d 6d 2c 20 70 6f 6f 6c 2c 20 72 65 6d 61 69 6e 69 6e 67 2c 20 73 74 61 74 65 2c 20 74 79 70	omm,.pool,.remaining,.state,.typ
581e0	65 20 28 64 65 66 61 75 6c 74 20 3d 20 69 70 29 00 53 6f 72 74 20 74 68 65 20 6f 75 74 70 75 74	e.(default.=.ip).Sort.the.output
58200	20 62 79 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 2e 20 50 6f 73 73 69 62 6c 65 20	.by.the.specified.key..Possible.
58220	6b 65 79 73 3a 20 69 70 2c 20 68 61 72 64 77 61 72 65 5f 61 64 64 72 65 73 73 2c 20 73 74 61 74	keys:.ip,.hardware_address,.stat
58240	65 2c 20 73 74 61 72 74 2c 20 65 6e 64 2c 20 72 65 6d 61 69 6e 69 6e 67 2c 20 70 6f 6f 6c 2c 20	e,.start,.end,.remaining,.pool,.
58260	68 6f 73 74 6e 61 6d 65 20 28 64 65 66 61 75 6c 74 20 3d 20 69 70 29 00 53 6f 75 72 63 65 20 41	hostname.(default.=.ip).Source.A
58280	64 64 72 65 73 73 00 53 6f 75 72 63 65 20 49 50 20 61 64 64 72 65 73 73 20 75 73 65 64 20 66 6f	ddress.Source.IP.address.used.fo
582a0	72 20 56 58 4c 41 4e 20 75 6e 64 65 72 6c 61 79 2e 20 54 68 69 73 20 69 73 20 6d 61 6e 64 61 74	r.VXLAN.underlay..This.is.mandat
582c0	6f 72 79 20 77 68 65 6e 20 75 73 69 6e 67 20 56 58 4c 41 4e 20 76 69 61 20 4c 32 56 50 4e 2f 45	ory.when.using.VXLAN.via.L2VPN/E
582e0	56 50 4e 2e 00 53 6f 75 72 63 65 20 49 50 76 34 20 61 64 64 72 65 73 73 20 75 73 65 64 20 69 6e	VPN..Source.IPv4.address.used.in
58300	20 61 6c 6c 20 52 41 44 49 55 53 20 73 65 72 76 65 72 20 71 75 65 69 72 65 73 2e 00 53 6f 75 72	.all.RADIUS.server.queires..Sour
58320	63 65 20 4e 41 54 20 72 75 6c 65 73 00 53 6f 75 72 63 65 20 50 72 65 66 69 78 00 53 6f 75 72 63	ce.NAT.rules.Source.Prefix.Sourc
58340	65 20 61 6c 6c 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 74 6f 20 74 68 65 20 52 41 44 49 55 53 20	e.all.connections.to.the.RADIUS.
58360	73 65 72 76 65 72 73 20 66 72 6f 6d 20 67 69 76 65 6e 20 56 52 46 20 60 3c 6e 61 6d 65 3e 60 2e	servers.from.given.VRF.`<name>`.
58380	00 53 6f 75 72 63 65 20 61 6c 6c 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 74 6f 20 74 68 65 20 54	.Source.all.connections.to.the.T
583a0	41 43 41 43 53 20 73 65 72 76 65 72 73 20 66 72 6f 6d 20 67 69 76 65 6e 20 56 52 46 20 60 3c 6e	ACACS.servers.from.given.VRF.`<n
583c0	61 6d 65 3e 60 2e 00 53 6f 75 72 63 65 20 70 72 6f 74 6f 63 6f 6c 20 74 6f 20 6d 61 74 63 68 2e	ame>`..Source.protocol.to.match.
583e0	00 53 6f 75 72 63 65 20 74 75 6e 6e 65 6c 20 66 72 6f 6d 20 6c 6f 6f 70 62 61 63 6b 73 00 53 70	.Source.tunnel.from.loopbacks.Sp
58400	61 6e 6e 69 6e 67 20 54 72 65 65 20 50 72 6f 74 6f 63 6f 6c 20 66 6f 72 77 61 72 64 69 6e 67 20	anning.Tree.Protocol.forwarding.
58420	60 3c 64 65 6c 61 79 3e 60 20 69 6e 20 73 65 63 6f 6e 64 73 20 28 64 65 66 61 75 6c 74 3a 20 31	`<delay>`.in.seconds.(default:.1
58440	35 29 2e 00 53 70 61 6e 6e 69 6e 67 20 54 72 65 65 20 50 72 6f 74 6f 63 6f 6c 20 68 65 6c 6c 6f	5)..Spanning.Tree.Protocol.hello
58460	20 61 64 76 65 72 74 69 73 65 6d 65 6e 74 20 60 3c 69 6e 74 65 72 76 61 6c 3e 60 20 69 6e 20 73	.advertisement.`<interval>`.in.s
58480	65 63 6f 6e 64 73 20 28 64 65 66 61 75 6c 74 3a 20 32 29 2e 00 53 70 61 6e 6e 69 6e 67 20 54 72	econds.(default:.2)..Spanning.Tr
584a0	65 65 20 50 72 6f 74 6f 63 6f 6c 20 69 73 20 6e 6f 74 20 65 6e 61 62 6c 65 64 20 62 79 20 64 65	ee.Protocol.is.not.enabled.by.de
584c0	66 61 75 6c 74 20 69 6e 20 56 79 4f 53 2e 20 3a 72 65 66 3a 60 73 74 70 60 20 63 61 6e 20 62 65	fault.in.VyOS..:ref:`stp`.can.be
584e0	20 65 61 73 69 6c 79 20 65 6e 61 62 6c 65 64 20 69 66 20 6e 65 65 64 65 64 2e 00 53 70 61 74 69	.easily.enabled.if.needed..Spati
58500	61 6c 20 4d 75 6c 74 69 70 6c 65 78 69 6e 67 20 50 6f 77 65 72 20 53 61 76 65 20 28 53 4d 50 53	al.Multiplexing.Power.Save.(SMPS
58520	29 20 73 65 74 74 69 6e 67 73 00 53 70 65 63 66 79 69 6e 67 20 6e 68 73 20 6d 61 6b 65 73 20 61	).settings.Specfying.nhs.makes.a
58540	6c 6c 20 6d 75 6c 74 69 63 61 73 74 20 70 61 63 6b 65 74 73 20 74 6f 20 62 65 20 72 65 70 65 61	ll.multicast.packets.to.be.repea
58560	74 65 64 20 74 6f 20 65 61 63 68 20 73 74 61 74 69 63 61 6c 6c 79 20 63 6f 6e 66 69 67 75 72 65	ted.to.each.statically.configure
58580	64 20 6e 65 78 74 20 68 6f 70 2e 00 53 70 65 63 69 66 69 65 73 20 3a 61 62 62 72 3a 60 4d 50 50	d.next.hop..Specifies.:abbr:`MPP
585a0	45 20 28 4d 69 63 72 6f 73 6f 66 74 20 50 6f 69 6e 74 2d 74 6f 2d 50 6f 69 6e 74 20 45 6e 63 72	E.(Microsoft.Point-to-Point.Encr
585c0	79 70 74 69 6f 6e 29 60 20 6e 65 67 6f 74 69 6f 61 74 69 6f 6e 20 70 72 65 66 65 72 65 6e 63 65	yption)`.negotioation.preference
585e0	2e 00 53 70 65 63 69 66 69 65 73 20 49 50 20 61 64 64 72 65 73 73 20 66 6f 72 20 44 79 6e 61 6d	..Specifies.IP.address.for.Dynam
58600	69 63 20 41 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 45 78 74 65 6e 73 69 6f 6e 20 73 65 72 76 65	ic.Authorization.Extension.serve
58620	72 20 28 44 4d 2f 43 6f 41 29 00 53 70 65 63 69 66 69 65 73 20 61 6e 20 6f 70 74 69 6f 6e 61 6c	r.(DM/CoA).Specifies.an.optional
58640	20 72 6f 75 74 65 2d 6d 61 70 20 74 6f 20 62 65 20 61 70 70 6c 69 65 64 20 74 6f 20 72 6f 75 74	.route-map.to.be.applied.to.rout
58660	65 73 20 69 6d 70 6f 72 74 65 64 20 6f 72 20 65 78 70 6f 72 74 65 64 20 62 65 74 77 65 65 6e 20	es.imported.or.exported.between.
58680	74 68 65 20 63 75 72 72 65 6e 74 20 75 6e 69 63 61 73 74 20 56 52 46 20 61 6e 64 20 56 50 4e 2e	the.current.unicast.VRF.and.VPN.
586a0	00 53 70 65 63 69 66 69 65 73 20 61 6e 20 75 70 73 74 72 65 61 6d 20 6e 65 74 77 6f 72 6b 20 60	.Specifies.an.upstream.network.`
586c0	3c 69 6e 74 65 72 66 61 63 65 3e 60 20 66 72 6f 6d 20 77 68 69 63 68 20 72 65 70 6c 69 65 73 20	<interface>`.from.which.replies.
586e0	66 72 6f 6d 20 60 3c 73 65 72 76 65 72 3e 60 20 61 6e 64 20 6f 74 68 65 72 20 72 65 6c 61 79 20	from.`<server>`.and.other.relay.
58700	61 67 65 6e 74 73 20 77 69 6c 6c 20 62 65 20 61 63 63 65 70 74 65 64 2e 00 53 70 65 63 69 66 69	agents.will.be.accepted..Specifi
58720	65 73 20 68 6f 77 20 6c 6f 6e 67 20 73 71 75 69 64 20 61 73 73 75 6d 65 73 20 61 6e 20 65 78 74	es.how.long.squid.assumes.an.ext
58740	65 72 6e 61 6c 6c 79 20 76 61 6c 69 64 61 74 65 64 20 75 73 65 72 6e 61 6d 65 3a 70 61 73 73 77	ernally.validated.username:passw
58760	6f 72 64 20 70 61 69 72 20 69 73 20 76 61 6c 69 64 20 66 6f 72 20 2d 20 69 6e 20 6f 74 68 65 72	ord.pair.is.valid.for.-.in.other
58780	20 77 6f 72 64 73 20 68 6f 77 20 6f 66 74 65 6e 20 74 68 65 20 68 65 6c 70 65 72 20 70 72 6f 67	.words.how.often.the.helper.prog
587a0	72 61 6d 20 69 73 20 63 61 6c 6c 65 64 20 66 6f 72 20 74 68 61 74 20 75 73 65 72 2e 20 53 65 74	ram.is.called.for.that.user..Set
587c0	20 74 68 69 73 20 6c 6f 77 20 74 6f 20 66 6f 72 63 65 20 72 65 76 61 6c 69 64 61 74 69 6f 6e 20	.this.low.to.force.revalidation.
587e0	77 69 74 68 20 73 68 6f 72 74 20 6c 69 76 65 64 20 70 61 73 73 77 6f 72 64 73 2e 00 53 70 65 63	with.short.lived.passwords..Spec
58800	69 66 69 65 73 20 6f 6e 65 20 6f 66 20 74 68 65 20 62 6f 6e 64 69 6e 67 20 70 6f 6c 69 63 69 65	ifies.one.of.the.bonding.policie
58820	73 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 69 73 20 38 30 32 2e 33 61 64 2e 20 50 6f 73 73 69	s..The.default.is.802.3ad..Possi
58840	62 6c 65 20 76 61 6c 75 65 73 20 61 72 65 3a 00 53 70 65 63 69 66 69 65 73 20 70 72 6f 78 79 20	ble.values.are:.Specifies.proxy.
58860	73 65 72 76 69 63 65 20 6c 69 73 74 65 6e 69 6e 67 20 61 64 64 72 65 73 73 2e 20 54 68 65 20 6c	service.listening.address..The.l
58880	69 73 74 65 6e 20 61 64 64 72 65 73 73 20 69 73 20 74 68 65 20 49 50 20 61 64 64 72 65 73 73 20	isten.address.is.the.IP.address.
588a0	6f 6e 20 77 68 69 63 68 20 74 68 65 20 77 65 62 20 70 72 6f 78 79 20 73 65 72 76 69 63 65 20 6c	on.which.the.web.proxy.service.l
588c0	69 73 74 65 6e 73 20 66 6f 72 20 63 6c 69 65 6e 74 20 72 65 71 75 65 73 74 73 2e 00 53 70 65 63	istens.for.client.requests..Spec
588e0	69 66 69 65 73 20 73 69 6e 67 6c 65 20 60 3c 67 61 74 65 77 61 79 3e 60 20 49 50 20 61 64 64 72	ifies.single.`<gateway>`.IP.addr
58900	65 73 73 20 74 6f 20 62 65 20 75 73 65 64 20 61 73 20 6c 6f 63 61 6c 20 61 64 64 72 65 73 73 20	ess.to.be.used.as.local.address.
58920	6f 66 20 50 50 50 20 69 6e 74 65 72 66 61 63 65 73 2e 00 53 70 65 63 69 66 69 65 73 20 74 68 61	of.PPP.interfaces..Specifies.tha
58940	74 20 74 68 65 20 3a 61 62 62 72 3a 60 4e 42 4d 41 20 28 4e 6f 6e 2d 62 72 6f 61 64 63 61 73 74	t.the.:abbr:`NBMA.(Non-broadcast
58960	20 6d 75 6c 74 69 70 6c 65 2d 61 63 63 65 73 73 20 6e 65 74 77 6f 72 6b 29 60 20 61 64 64 72 65	.multiple-access.network)`.addre
58980	73 73 65 73 20 6f 66 20 74 68 65 20 6e 65 78 74 20 68 6f 70 20 73 65 72 76 65 72 73 20 61 72 65	sses.of.the.next.hop.servers.are
589a0	20 64 65 66 69 6e 65 64 20 69 6e 20 74 68 65 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 20 6e 62 6d 61	.defined.in.the.domain.name.nbma
589c0	2d 64 6f 6d 61 69 6e 2d 6e 61 6d 65 2e 20 46 6f 72 20 65 61 63 68 20 41 20 72 65 63 6f 72 64 20	-domain-name..For.each.A.record.
589e0	6f 70 65 6e 6e 68 72 70 20 63 72 65 61 74 65 73 20 61 20 64 79 6e 61 6d 69 63 20 4e 48 53 20 65	opennhrp.creates.a.dynamic.NHS.e
58a00	6e 74 72 79 2e 00 53 70 65 63 69 66 69 65 73 20 74 68 65 20 41 52 50 20 6c 69 6e 6b 20 6d 6f 6e	ntry..Specifies.the.ARP.link.mon
58a20	69 74 6f 72 69 6e 67 20 60 3c 74 69 6d 65 3e 60 20 69 6e 20 73 65 63 6f 6e 64 73 2e 00 53 70 65	itoring.`<time>`.in.seconds..Spe
58a40	63 69 66 69 65 73 20 74 68 65 20 49 50 20 61 64 64 72 65 73 73 65 73 20 74 6f 20 75 73 65 20 61	cifies.the.IP.addresses.to.use.a
58a60	73 20 41 52 50 20 6d 6f 6e 69 74 6f 72 69 6e 67 20 70 65 65 72 73 20 77 68 65 6e 20 3a 63 66 67	s.ARP.monitoring.peers.when.:cfg
58a80	63 6d 64 3a 60 61 72 70 2d 6d 6f 6e 69 74 6f 72 20 69 6e 74 65 72 76 61 6c 60 20 6f 70 74 69 6f	cmd:`arp-monitor.interval`.optio
58aa0	6e 20 69 73 20 3e 20 30 2e 20 54 68 65 73 65 20 61 72 65 20 74 68 65 20 74 61 72 67 65 74 73 20	n.is.>.0..These.are.the.targets.
58ac0	6f 66 20 74 68 65 20 41 52 50 20 72 65 71 75 65 73 74 20 73 65 6e 74 20 74 6f 20 64 65 74 65 72	of.the.ARP.request.sent.to.deter
58ae0	6d 69 6e 65 20 74 68 65 20 68 65 61 6c 74 68 20 6f 66 20 74 68 65 20 6c 69 6e 6b 20 74 6f 20 74	mine.the.health.of.the.link.to.t
58b00	68 65 20 74 61 72 67 65 74 73 2e 00 53 70 65 63 69 66 69 65 73 20 74 68 65 20 61 76 61 69 6c 61	he.targets..Specifies.the.availa
58b20	62 6c 65 20 3a 61 62 62 72 3a 60 4d 41 43 20 28 4d 65 73 73 61 67 65 20 41 75 74 68 65 6e 74 69	ble.:abbr:`MAC.(Message.Authenti
58b40	63 61 74 69 6f 6e 20 43 6f 64 65 29 60 20 61 6c 67 6f 72 69 74 68 6d 73 2e 20 54 68 65 20 4d 41	cation.Code)`.algorithms..The.MA
58b60	43 20 61 6c 67 6f 72 69 74 68 6d 20 69 73 20 75 73 65 64 20 69 6e 20 70 72 6f 74 6f 63 6f 6c 20	C.algorithm.is.used.in.protocol.
58b80	76 65 72 73 69 6f 6e 20 32 20 66 6f 72 20 64 61 74 61 20 69 6e 74 65 67 72 69 74 79 20 70 72 6f	version.2.for.data.integrity.pro
58ba0	74 65 63 74 69 6f 6e 2e 20 4d 75 6c 74 69 70 6c 65 20 61 6c 67 6f 72 69 74 68 6d 73 20 63 61 6e	tection..Multiple.algorithms.can
58bc0	20 62 65 20 70 72 6f 76 69 64 65 64 2e 00 53 70 65 63 69 66 69 65 73 20 74 68 65 20 62 61 73 65	.be.provided..Specifies.the.base
58be0	20 44 4e 20 75 6e 64 65 72 20 77 68 69 63 68 20 74 68 65 20 75 73 65 72 73 20 61 72 65 20 6c 6f	.DN.under.which.the.users.are.lo
58c00	63 61 74 65 64 2e 00 53 70 65 63 69 66 69 65 73 20 74 68 65 20 63 6c 69 65 6e 74 73 20 73 75 62	cated..Specifies.the.clients.sub
58c20	6e 65 74 20 6d 61 73 6b 20 61 73 20 70 65 72 20 52 46 43 20 39 35 30 2e 20 49 66 20 75 6e 73 65	net.mask.as.per.RFC.950..If.unse
58c40	74 2c 20 73 75 62 6e 65 74 20 64 65 63 6c 61 72 61 74 69 6f 6e 20 69 73 20 75 73 65 64 2e 00 53	t,.subnet.declaration.is.used..S
58c60	70 65 63 69 66 69 65 73 20 74 68 65 20 68 6f 6c 64 69 6e 67 20 74 69 6d 65 20 66 6f 72 20 4e 48	pecifies.the.holding.time.for.NH
58c80	52 50 20 52 65 67 69 73 74 72 61 74 69 6f 6e 20 52 65 71 75 65 73 74 73 20 61 6e 64 20 52 65 73	RP.Registration.Requests.and.Res
58ca0	6f 6c 75 74 69 6f 6e 20 52 65 70 6c 69 65 73 20 73 65 6e 74 20 66 72 6f 6d 20 74 68 69 73 20 69	olution.Replies.sent.from.this.i
58cc0	6e 74 65 72 66 61 63 65 20 6f 72 20 73 68 6f 72 74 63 75 74 2d 74 61 72 67 65 74 2e 20 54 68 65	nterface.or.shortcut-target..The
58ce0	20 68 6f 6c 64 74 69 6d 65 20 69 73 20 73 70 65 63 69 66 69 65 64 20 69 6e 20 73 65 63 6f 6e 64	.holdtime.is.specified.in.second
58d00	73 20 61 6e 64 20 64 65 66 61 75 6c 74 73 20 74 6f 20 74 77 6f 20 68 6f 75 72 73 2e 00 53 70 65	s.and.defaults.to.two.hours..Spe
58d20	63 69 66 69 65 73 20 74 68 65 20 69 6e 74 65 72 76 61 6c 20 61 74 20 77 68 69 63 68 20 4e 65 74	cifies.the.interval.at.which.Net
58d40	66 6c 6f 77 20 64 61 74 61 20 77 69 6c 6c 20 62 65 20 73 65 6e 74 20 74 6f 20 61 20 63 6f 6c 6c	flow.data.will.be.sent.to.a.coll
58d60	65 63 74 6f 72 2e 20 41 73 20 70 65 72 20 64 65 66 61 75 6c 74 2c 20 4e 65 74 66 6c 6f 77 20 64	ector..As.per.default,.Netflow.d
58d80	61 74 61 20 77 69 6c 6c 20 62 65 20 73 65 6e 74 20 65 76 65 72 79 20 36 30 20 73 65 63 6f 6e 64	ata.will.be.sent.every.60.second
58da0	73 2e 00 53 70 65 63 69 66 69 65 73 20 74 68 65 20 6d 61 78 69 6d 75 6d 20 73 69 7a 65 20 6f 66	s..Specifies.the.maximum.size.of
58dc0	20 61 20 72 65 70 6c 79 20 62 6f 64 79 20 69 6e 20 4b 42 2c 20 75 73 65 64 20 74 6f 20 6c 69 6d	.a.reply.body.in.KB,.used.to.lim
58de0	69 74 20 74 68 65 20 72 65 70 6c 79 20 73 69 7a 65 2e 00 53 70 65 63 69 66 69 65 73 20 74 68 65	it.the.reply.size..Specifies.the
58e00	20 6d 69 6e 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 6c 69 6e 6b 73 20 74 68 61 74 20 6d 75	.minimum.number.of.links.that.mu
58e20	73 74 20 62 65 20 61 63 74 69 76 65 20 62 65 66 6f 72 65 20 61 73 73 65 72 74 69 6e 67 20 63 61	st.be.active.before.asserting.ca
58e40	72 72 69 65 72 2e 20 49 74 20 69 73 20 73 69 6d 69 6c 61 72 20 74 6f 20 74 68 65 20 43 69 73 63	rrier..It.is.similar.to.the.Cisc
58e60	6f 20 45 74 68 65 72 43 68 61 6e 6e 65 6c 20 6d 69 6e 2d 6c 69 6e 6b 73 20 66 65 61 74 75 72 65	o.EtherChannel.min-links.feature
58e80	2e 20 54 68 69 73 20 61 6c 6c 6f 77 73 20 73 65 74 74 69 6e 67 20 74 68 65 20 6d 69 6e 69 6d 75	..This.allows.setting.the.minimu
58ea0	6d 20 6e 75 6d 62 65 72 20 6f 66 20 6d 65 6d 62 65 72 20 70 6f 72 74 73 20 74 68 61 74 20 6d 75	m.number.of.member.ports.that.mu
58ec0	73 74 20 62 65 20 75 70 20 28 6c 69 6e 6b 2d 75 70 20 73 74 61 74 65 29 20 62 65 66 6f 72 65 20	st.be.up.(link-up.state).before.
58ee0	6d 61 72 6b 69 6e 67 20 74 68 65 20 62 6f 6e 64 20 64 65 76 69 63 65 20 61 73 20 75 70 20 28 63	marking.the.bond.device.as.up.(c
58f00	61 72 72 69 65 72 20 6f 6e 29 2e 20 54 68 69 73 20 69 73 20 75 73 65 66 75 6c 20 66 6f 72 20 73	arrier.on)..This.is.useful.for.s
58f20	69 74 75 61 74 69 6f 6e 73 20 77 68 65 72 65 20 68 69 67 68 65 72 20 6c 65 76 65 6c 20 73 65 72	ituations.where.higher.level.ser
58f40	76 69 63 65 73 20 73 75 63 68 20 61 73 20 63 6c 75 73 74 65 72 69 6e 67 20 77 61 6e 74 20 74 6f	vices.such.as.clustering.want.to
58f60	20 65 6e 73 75 72 65 20 61 20 6d 69 6e 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 6c 6f 77 20	.ensure.a.minimum.number.of.low.
58f80	62 61 6e 64 77 69 64 74 68 20 6c 69 6e 6b 73 20 61 72 65 20 61 63 74 69 76 65 20 62 65 66 6f 72	bandwidth.links.are.active.befor
58fa0	65 20 73 77 69 74 63 68 6f 76 65 72 2e 00 53 70 65 63 69 66 69 65 73 20 74 68 65 20 6e 61 6d 65	e.switchover..Specifies.the.name
58fc0	20 6f 66 20 74 68 65 20 44 4e 20 61 74 74 72 69 62 75 74 65 20 74 68 61 74 20 63 6f 6e 74 61 69	.of.the.DN.attribute.that.contai
58fe0	6e 73 20 74 68 65 20 75 73 65 72 6e 61 6d 65 2f 6c 6f 67 69 6e 2e 20 43 6f 6d 62 69 6e 65 64 20	ns.the.username/login..Combined.
59000	77 69 74 68 20 74 68 65 20 62 61 73 65 20 44 4e 20 74 6f 20 63 6f 6e 73 74 72 75 63 74 20 74 68	with.the.base.DN.to.construct.th
59020	65 20 75 73 65 72 73 20 44 4e 20 77 68 65 6e 20 6e 6f 20 73 65 61 72 63 68 20 66 69 6c 74 65 72	e.users.DN.when.no.search.filter
59040	20 69 73 20 73 70 65 63 69 66 69 65 64 20 28 60 66 69 6c 74 65 72 2d 65 78 70 72 65 73 73 69 6f	.is.specified.(`filter-expressio
59060	6e 60 29 2e 00 53 70 65 63 69 66 69 65 73 20 74 68 65 20 70 68 79 73 69 63 61 6c 20 60 3c 65 74	n`)..Specifies.the.physical.`<et
59080	68 58 3e 60 20 45 74 68 65 72 6e 65 74 20 69 6e 74 65 72 66 61 63 65 20 61 73 73 6f 63 69 61 74	hX>`.Ethernet.interface.associat
590a0	65 64 20 77 69 74 68 20 61 20 50 73 65 75 64 6f 20 45 74 68 65 72 6e 65 74 20 60 3c 69 6e 74 65	ed.with.a.Pseudo.Ethernet.`<inte
590c0	72 66 61 63 65 3e 60 2e 00 53 70 65 63 69 66 69 65 73 20 74 68 65 20 70 6f 72 74 20 60 3c 70 6f	rface>`..Specifies.the.port.`<po
590e0	72 74 3e 60 20 74 68 61 74 20 74 68 65 20 53 53 54 50 20 70 6f 72 74 20 77 69 6c 6c 20 6c 69 73	rt>`.that.the.SSTP.port.will.lis
59100	74 65 6e 20 6f 6e 20 28 64 65 66 61 75 6c 74 20 34 34 33 29 2e 00 53 70 65 63 69 66 69 65 73 20	ten.on.(default.443)..Specifies.
59120	74 68 65 20 70 72 6f 74 65 63 74 69 6f 6e 20 73 63 6f 70 65 20 28 61 6b 61 20 72 65 61 6c 6d 20	the.protection.scope.(aka.realm.
59140	6e 61 6d 65 29 20 77 68 69 63 68 20 69 73 20 74 6f 20 62 65 20 72 65 70 6f 72 74 65 64 20 74 6f	name).which.is.to.be.reported.to
59160	20 74 68 65 20 63 6c 69 65 6e 74 20 66 6f 72 20 74 68 65 20 61 75 74 68 65 6e 74 69 63 61 74 69	.the.client.for.the.authenticati
59180	6f 6e 20 73 63 68 65 6d 65 2e 20 49 74 20 69 73 20 63 6f 6d 6d 6f 6e 6c 79 20 70 61 72 74 20 6f	on.scheme..It.is.commonly.part.o
591a0	66 20 74 68 65 20 74 65 78 74 20 74 68 65 20 75 73 65 72 20 77 69 6c 6c 20 73 65 65 20 77 68 65	f.the.text.the.user.will.see.whe
591c0	6e 20 70 72 6f 6d 70 74 65 64 20 66 6f 72 20 74 68 65 69 72 20 75 73 65 72 6e 61 6d 65 20 61 6e	n.prompted.for.their.username.an
591e0	64 20 70 61 73 73 77 6f 72 64 2e 00 53 70 65 63 69 66 69 65 73 20 74 68 65 20 72 6f 75 74 65 20	d.password..Specifies.the.route.
59200	64 69 73 74 69 6e 67 75 69 73 68 65 72 20 74 6f 20 62 65 20 61 64 64 65 64 20 74 6f 20 61 20 72	distinguisher.to.be.added.to.a.r
59220	6f 75 74 65 20 65 78 70 6f 72 74 65 64 20 66 72 6f 6d 20 74 68 65 20 63 75 72 72 65 6e 74 20 75	oute.exported.from.the.current.u
59240	6e 69 63 61 73 74 20 56 52 46 20 74 6f 20 56 50 4e 2e 00 53 70 65 63 69 66 69 65 73 20 74 68 65	nicast.VRF.to.VPN..Specifies.the
59260	20 72 6f 75 74 65 2d 74 61 72 67 65 74 20 6c 69 73 74 20 74 6f 20 62 65 20 61 74 74 61 63 68 65	.route-target.list.to.be.attache
59280	64 20 74 6f 20 61 20 72 6f 75 74 65 20 28 65 78 70 6f 72 74 29 20 6f 72 20 74 68 65 20 72 6f 75	d.to.a.route.(export).or.the.rou
592a0	74 65 2d 74 61 72 67 65 74 20 6c 69 73 74 20 74 6f 20 6d 61 74 63 68 20 61 67 61 69 6e 73 74 20	te-target.list.to.match.against.
592c0	28 69 6d 70 6f 72 74 29 20 77 68 65 6e 20 65 78 70 6f 72 74 69 6e 67 2f 69 6d 70 6f 72 74 69 6e	(import).when.exporting/importin
592e0	67 20 62 65 74 77 65 65 6e 20 74 68 65 20 63 75 72 72 65 6e 74 20 75 6e 69 63 61 73 74 20 56 52	g.between.the.current.unicast.VR
59300	46 20 61 6e 64 20 56 50 4e 2e 54 68 65 20 52 54 4c 49 53 54 20 69 73 20 61 20 73 70 61 63 65 2d	F.and.VPN.The.RTLIST.is.a.space-
59320	73 65 70 61 72 61 74 65 64 20 6c 69 73 74 20 6f 66 20 72 6f 75 74 65 2d 74 61 72 67 65 74 73 2c	separated.list.of.route-targets,
59340	20 77 68 69 63 68 20 61 72 65 20 42 47 50 20 65 78 74 65 6e 64 65 64 20 63 6f 6d 6d 75 6e 69 74	.which.are.BGP.extended.communit
59360	79 20 76 61 6c 75 65 73 20 61 73 20 64 65 73 63 72 69 62 65 64 20 69 6e 20 45 78 74 65 6e 64 65	y.values.as.described.in.Extende
59380	64 20 43 6f 6d 6d 75 6e 69 74 69 65 73 20 41 74 74 72 69 62 75 74 65 2e 00 53 70 65 63 69 66 69	d.Communities.Attribute..Specifi
593a0	65 73 20 74 68 65 20 76 65 6e 64 6f 72 20 64 69 63 74 69 6f 6e 61 72 79 2c 20 64 69 63 74 69 6f	es.the.vendor.dictionary,.dictio
593c0	6e 61 72 79 20 6e 65 65 64 73 20 74 6f 20 62 65 20 69 6e 20 2f 75 73 72 2f 73 68 61 72 65 2f 61	nary.needs.to.be.in./usr/share/a
593e0	63 63 65 6c 2d 70 70 70 2f 72 61 64 69 75 73 2e 00 53 70 65 63 69 66 69 65 73 20 74 69 6d 65 6f	ccel-ppp/radius..Specifies.timeo
59400	75 74 20 69 6e 20 73 65 63 6f 6e 64 73 20 74 6f 20 77 61 69 74 20 66 6f 72 20 61 6e 79 20 70 65	ut.in.seconds.to.wait.for.any.pe
59420	65 72 20 61 63 74 69 76 69 74 79 2e 20 49 66 20 74 68 69 73 20 6f 70 74 69 6f 6e 20 73 70 65 63	er.activity..If.this.option.spec
59440	69 66 69 65 64 20 69 74 20 74 75 72 6e 73 20 6f 6e 20 61 64 61 70 74 69 76 65 20 6c 63 70 20 65	ified.it.turns.on.adaptive.lcp.e
59460	63 68 6f 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79 20 61 6e 64 20 22 6c 63 70 2d 65 63 68 6f 2d	cho.functionality.and."lcp-echo-
59480	66 61 69 6c 75 72 65 22 20 69 73 20 6e 6f 74 20 75 73 65 64 2e 00 53 70 65 63 69 66 69 65 73 20	failure".is.not.used..Specifies.
594a0	77 68 65 74 68 65 72 20 61 6e 20 65 78 74 65 72 6e 61 6c 20 63 6f 6e 74 72 6f 6c 20 70 6c 61 6e	whether.an.external.control.plan
594c0	65 20 28 65 2e 67 2e 20 42 47 50 20 4c 32 56 50 4e 2f 45 56 50 4e 29 20 6f 72 20 74 68 65 20 69	e.(e.g..BGP.L2VPN/EVPN).or.the.i
594e0	6e 74 65 72 6e 61 6c 20 46 44 42 20 73 68 6f 75 6c 64 20 62 65 20 75 73 65 64 2e 00 53 70 65 63	nternal.FDB.should.be.used..Spec
59500	69 66 69 65 73 20 77 68 65 74 68 65 72 20 74 68 69 73 20 4e 53 53 41 20 62 6f 72 64 65 72 20 72	ifies.whether.this.NSSA.border.r
59520	6f 75 74 65 72 20 77 69 6c 6c 20 75 6e 63 6f 6e 64 69 74 69 6f 6e 61 6c 6c 79 20 74 72 61 6e 73	outer.will.unconditionally.trans
59540	6c 61 74 65 20 54 79 70 65 2d 37 20 4c 53 41 73 20 69 6e 74 6f 20 54 79 70 65 2d 35 20 4c 53 41	late.Type-7.LSAs.into.Type-5.LSA
59560	73 2e 20 57 68 65 6e 20 72 6f 6c 65 20 69 73 20 41 6c 77 61 79 73 2c 20 54 79 70 65 2d 37 20 4c	s..When.role.is.Always,.Type-7.L
59580	53 41 73 20 61 72 65 20 74 72 61 6e 73 6c 61 74 65 64 20 69 6e 74 6f 20 54 79 70 65 2d 35 20 4c	SAs.are.translated.into.Type-5.L
595a0	53 41 73 20 72 65 67 61 72 64 6c 65 73 73 20 6f 66 20 74 68 65 20 74 72 61 6e 73 6c 61 74 6f 72	SAs.regardless.of.the.translator
595c0	20 73 74 61 74 65 20 6f 66 20 6f 74 68 65 72 20 4e 53 53 41 20 62 6f 72 64 65 72 20 72 6f 75 74	.state.of.other.NSSA.border.rout
595e0	65 72 73 2e 20 57 68 65 6e 20 72 6f 6c 65 20 69 73 20 43 61 6e 64 69 64 61 74 65 2c 20 74 68 69	ers..When.role.is.Candidate,.thi
59600	73 20 72 6f 75 74 65 72 20 70 61 72 74 69 63 69 70 61 74 65 73 20 69 6e 20 74 68 65 20 74 72 61	s.router.participates.in.the.tra
59620	6e 73 6c 61 74 6f 72 20 65 6c 65 63 74 69 6f 6e 20 74 6f 20 64 65 74 65 72 6d 69 6e 65 20 69 66	nslator.election.to.determine.if
59640	20 69 74 20 77 69 6c 6c 20 70 65 72 66 6f 72 6d 20 74 68 65 20 74 72 61 6e 73 6c 61 74 69 6f 6e	.it.will.perform.the.translation
59660	73 20 64 75 74 69 65 73 2e 20 57 68 65 6e 20 72 6f 6c 65 20 69 73 20 4e 65 76 65 72 2c 20 74 68	s.duties..When.role.is.Never,.th
59680	69 73 20 72 6f 75 74 65 72 20 77 69 6c 6c 20 6e 65 76 65 72 20 74 72 61 6e 73 6c 61 74 65 20 54	is.router.will.never.translate.T
596a0	79 70 65 2d 37 20 4c 53 41 73 20 69 6e 74 6f 20 54 79 70 65 2d 35 20 4c 53 41 73 2e 00 53 70 65	ype-7.LSAs.into.Type-5.LSAs..Spe
596c0	63 69 66 69 65 73 20 77 68 69 63 68 20 52 41 44 49 55 53 20 73 65 72 76 65 72 20 61 74 74 72 69	cifies.which.RADIUS.server.attri
596e0	62 75 74 65 20 63 6f 6e 74 61 69 6e 73 20 74 68 65 20 72 61 74 65 20 6c 69 6d 69 74 20 69 6e 66	bute.contains.the.rate.limit.inf
59700	6f 72 6d 61 74 69 6f 6e 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 61 74 74 72 69 62 75 74 65 20	ormation..The.default.attribute.
59720	69 73 20 60 46 69 6c 74 65 72 2d 49 64 60 2e 00 53 70 65 63 69 66 79 20 49 50 76 34 2f 49 50 76	is.`Filter-Id`..Specify.IPv4/IPv
59740	36 20 6c 69 73 74 65 6e 20 61 64 64 72 65 73 73 20 6f 66 20 53 53 48 20 73 65 72 76 65 72 2e 20	6.listen.address.of.SSH.server..
59760	4d 75 6c 74 69 70 6c 65 20 61 64 64 72 65 73 73 65 73 20 63 61 6e 20 62 65 20 64 65 66 69 6e 65	Multiple.addresses.can.be.define
59780	64 2e 00 53 70 65 63 69 66 79 20 61 20 3a 61 62 62 72 3a 60 53 49 50 20 28 53 65 73 73 69 6f 6e	d..Specify.a.:abbr:`SIP.(Session
597a0	20 49 6e 69 74 69 61 74 69 6f 6e 20 50 72 6f 74 6f 63 6f 6c 29 60 20 73 65 72 76 65 72 20 62 79	.Initiation.Protocol)`.server.by
597c0	20 49 50 76 36 20 61 64 64 72 65 73 73 20 6f 66 20 46 75 6c 6c 79 20 51 75 61 6c 69 66 69 65 64	.IPv6.address.of.Fully.Qualified
597e0	20 44 6f 6d 61 69 6e 20 4e 61 6d 65 20 66 6f 72 20 61 6c 6c 20 44 48 43 50 76 36 20 63 6c 69 65	.Domain.Name.for.all.DHCPv6.clie
59800	6e 74 73 2e 00 53 70 65 63 69 66 79 20 61 20 46 75 6c 6c 79 20 51 75 61 6c 69 66 69 65 64 20 44	nts..Specify.a.Fully.Qualified.D
59820	6f 6d 61 69 6e 20 4e 61 6d 65 20 61 73 20 73 6f 75 72 63 65 2f 64 65 73 74 69 6e 61 74 69 6f 6e	omain.Name.as.source/destination
59840	20 6d 61 74 63 68 65 72 2e 20 45 6e 73 75 72 65 20 72 6f 75 74 65 72 20 69 73 20 61 62 6c 65 20	.matcher..Ensure.router.is.able.
59860	74 6f 20 72 65 73 6f 6c 76 65 20 73 75 63 68 20 64 6e 73 20 71 75 65 72 79 2e 00 53 70 65 63 69	to.resolve.such.dns.query..Speci
59880	66 79 20 61 20 4e 49 53 20 73 65 72 76 65 72 20 61 64 64 72 65 73 73 20 66 6f 72 20 44 48 43 50	fy.a.NIS.server.address.for.DHCP
598a0	76 36 20 63 6c 69 65 6e 74 73 2e 00 53 70 65 63 69 66 79 20 61 20 4e 49 53 2b 20 73 65 72 76 65	v6.clients..Specify.a.NIS+.serve
598c0	72 20 61 64 64 72 65 73 73 20 66 6f 72 20 44 48 43 50 76 36 20 63 6c 69 65 6e 74 73 2e 00 53 70	r.address.for.DHCPv6.clients..Sp
598e0	65 63 69 66 79 20 61 62 73 6f 6c 75 74 65 20 60 3c 70 61 74 68 3e 60 20 74 6f 20 73 63 72 69 70	ecify.absolute.`<path>`.to.scrip
59900	74 20 77 68 69 63 68 20 77 69 6c 6c 20 62 65 20 72 75 6e 20 77 68 65 6e 20 60 3c 74 61 73 6b 3e	t.which.will.be.run.when.`<task>
59920	60 20 69 73 20 65 78 65 63 75 74 65 64 2e 00 53 70 65 63 69 66 79 20 61 6c 6c 6f 77 65 64 20 3a	`.is.executed..Specify.allowed.:
59940	61 62 62 72 3a 60 4b 45 58 20 28 4b 65 79 20 45 78 63 68 61 6e 67 65 29 60 20 61 6c 67 6f 72 69	abbr:`KEX.(Key.Exchange)`.algori
59960	74 68 6d 73 2e 00 53 70 65 63 69 66 79 20 61 6e 20 61 6c 74 65 72 6e 61 74 65 20 41 53 20 66 6f	thms..Specify.an.alternate.AS.fo
59980	72 20 74 68 69 73 20 42 47 50 20 70 72 6f 63 65 73 73 20 77 68 65 6e 20 69 6e 74 65 72 61 63 74	r.this.BGP.process.when.interact
599a0	69 6e 67 20 77 69 74 68 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 70 65 65 72 20 6f 72 20 70	ing.with.the.specified.peer.or.p
599c0	65 65 72 20 67 72 6f 75 70 2e 20 57 69 74 68 20 6e 6f 20 6d 6f 64 69 66 69 65 72 73 2c 20 74 68	eer.group..With.no.modifiers,.th
599e0	65 20 73 70 65 63 69 66 69 65 64 20 6c 6f 63 61 6c 2d 61 73 20 69 73 20 70 72 65 70 65 6e 64 65	e.specified.local-as.is.prepende
59a00	64 20 74 6f 20 74 68 65 20 72 65 63 65 69 76 65 64 20 41 53 5f 50 41 54 48 20 77 68 65 6e 20 72	d.to.the.received.AS_PATH.when.r
59a20	65 63 65 69 76 69 6e 67 20 72 6f 75 74 69 6e 67 20 75 70 64 61 74 65 73 20 66 72 6f 6d 20 74 68	eceiving.routing.updates.from.th
59a40	65 20 70 65 65 72 2c 20 61 6e 64 20 70 72 65 70 65 6e 64 65 64 20 74 6f 20 74 68 65 20 6f 75 74	e.peer,.and.prepended.to.the.out
59a60	67 6f 69 6e 67 20 41 53 5f 50 41 54 48 20 28 61 66 74 65 72 20 74 68 65 20 70 72 6f 63 65 73 73	going.AS_PATH.(after.the.process
59a80	20 6c 6f 63 61 6c 20 41 53 29 20 77 68 65 6e 20 74 72 61 6e 73 6d 69 74 74 69 6e 67 20 6c 6f 63	.local.AS).when.transmitting.loc
59aa0	61 6c 20 72 6f 75 74 65 73 20 74 6f 20 74 68 65 20 70 65 65 72 2e 00 53 70 65 63 69 66 79 20 61	al.routes.to.the.peer..Specify.a
59ac0	6e 20 61 6c 74 65 72 6e 61 74 65 20 54 43 50 20 70 6f 72 74 20 77 68 65 72 65 20 74 68 65 20 6c	n.alternate.TCP.port.where.the.l
59ae0	64 61 70 20 73 65 72 76 65 72 20 69 73 20 6c 69 73 74 65 6e 69 6e 67 20 69 66 20 6f 74 68 65 72	dap.server.is.listening.if.other
59b00	20 74 68 61 6e 20 74 68 65 20 64 65 66 61 75 6c 74 20 4c 44 41 50 20 70 6f 72 74 20 33 38 39 2e	.than.the.default.LDAP.port.389.
59b20	00 53 70 65 63 69 66 79 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 3a 61 62 62 72 3a 60 56 52 46 20	.Specify.name.of.the.:abbr:`VRF.
59b40	28 56 69 72 74 75 61 6c 20 52 6f 75 74 69 6e 67 20 61 6e 64 20 46 6f 72 77 61 72 64 69 6e 67 29	(Virtual.Routing.and.Forwarding)
59b60	60 20 69 6e 73 74 61 6e 63 65 2e 00 53 70 65 63 69 66 79 20 6e 65 78 74 68 6f 70 20 6f 6e 20 74	`.instance..Specify.nexthop.on.t
59b80	68 65 20 70 61 74 68 20 74 6f 20 74 68 65 20 64 65 73 74 69 6e 61 74 69 6f 6e 2c 20 60 60 69 70	he.path.to.the.destination,.``ip
59ba0	76 34 2d 61 64 64 72 65 73 73 60 60 20 63 61 6e 20 62 65 20 73 65 74 20 74 6f 20 60 60 64 68 63	v4-address``.can.be.set.to.``dhc
59bc0	70 60 60 00 53 70 65 63 69 66 79 20 73 74 61 74 69 63 20 72 6f 75 74 65 20 69 6e 74 6f 20 74 68	p``.Specify.static.route.into.th
59be0	65 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 20 73 65 6e 64 69 6e 67 20 61 6c 6c 20 6e 6f 6e 20	e.routing.table.sending.all.non.
59c00	6c 6f 63 61 6c 20 74 72 61 66 66 69 63 20 74 6f 20 74 68 65 20 6e 65 78 74 68 6f 70 20 61 64 64	local.traffic.to.the.nexthop.add
59c20	72 65 73 73 20 60 3c 61 64 64 72 65 73 73 3e 60 2e 00 53 70 65 63 69 66 79 20 74 68 65 20 49 50	ress.`<address>`..Specify.the.IP
59c40	20 60 3c 61 64 64 72 65 73 73 3e 60 20 6f 66 20 74 68 65 20 52 41 44 49 55 53 20 73 65 72 76 65	.`<address>`.of.the.RADIUS.serve
59c60	72 20 75 73 65 72 20 77 69 74 68 20 74 68 65 20 70 72 65 2d 73 68 61 72 65 64 2d 73 65 63 72 65	r.user.with.the.pre-shared-secre
59c80	74 20 67 69 76 65 6e 20 69 6e 20 60 3c 73 65 63 72 65 74 3e 60 2e 00 53 70 65 63 69 66 79 20 74	t.given.in.`<secret>`..Specify.t
59ca0	68 65 20 49 50 20 60 3c 61 64 64 72 65 73 73 3e 60 20 6f 66 20 74 68 65 20 54 41 43 41 43 53 20	he.IP.`<address>`.of.the.TACACS.
59cc0	73 65 72 76 65 72 20 75 73 65 72 20 77 69 74 68 20 74 68 65 20 70 72 65 2d 73 68 61 72 65 64 2d	server.user.with.the.pre-shared-
59ce0	73 65 63 72 65 74 20 67 69 76 65 6e 20 69 6e 20 60 3c 73 65 63 72 65 74 3e 60 2e 00 53 70 65 63	secret.given.in.`<secret>`..Spec
59d00	69 66 79 20 74 68 65 20 49 50 76 34 20 73 6f 75 72 63 65 20 61 64 64 72 65 73 73 20 74 6f 20 75	ify.the.IPv4.source.address.to.u
59d20	73 65 20 66 6f 72 20 74 68 65 20 42 47 50 20 73 65 73 73 69 6f 6e 20 74 6f 20 74 68 69 73 20 6e	se.for.the.BGP.session.to.this.n
59d40	65 69 67 68 62 6f 72 2c 20 6d 61 79 20 62 65 20 73 70 65 63 69 66 69 65 64 20 61 73 20 65 69 74	eighbor,.may.be.specified.as.eit
59d60	68 65 72 20 61 6e 20 49 50 76 34 20 61 64 64 72 65 73 73 20 64 69 72 65 63 74 6c 79 20 6f 72 20	her.an.IPv4.address.directly.or.
59d80	61 73 20 61 6e 20 69 6e 74 65 72 66 61 63 65 20 6e 61 6d 65 2e 00 53 70 65 63 69 66 79 20 74 68	as.an.interface.name..Specify.th
59da0	65 20 4c 44 41 50 20 73 65 72 76 65 72 20 74 6f 20 63 6f 6e 6e 65 63 74 20 74 6f 2e 00 53 70 65	e.LDAP.server.to.connect.to..Spe
59dc0	63 69 66 79 20 74 68 65 20 69 64 65 6e 74 69 66 69 65 72 20 76 61 6c 75 65 20 6f 66 20 74 68 65	cify.the.identifier.value.of.the
59de0	20 73 69 74 65 2d 6c 65 76 65 6c 20 61 67 67 72 65 67 61 74 6f 72 20 28 53 4c 41 29 20 6f 6e 20	.site-level.aggregator.(SLA).on.
59e00	74 68 65 20 69 6e 74 65 72 66 61 63 65 2e 20 49 44 20 6d 75 73 74 20 62 65 20 61 20 64 65 63 69	the.interface..ID.must.be.a.deci
59e20	6d 61 6c 20 6e 75 6d 62 65 72 20 67 72 65 61 74 65 72 20 74 68 65 6e 20 30 20 77 68 69 63 68 20	mal.number.greater.then.0.which.
59e40	66 69 74 73 20 69 6e 20 74 68 65 20 6c 65 6e 67 74 68 20 6f 66 20 53 4c 41 20 49 44 73 20 28 73	fits.in.the.length.of.SLA.IDs.(s
59e60	65 65 20 62 65 6c 6f 77 29 2e 00 53 70 65 63 69 66 79 20 74 68 65 20 69 6e 74 65 72 66 61 63 65	ee.below)..Specify.the.interface
59e80	20 61 64 64 72 65 73 73 20 75 73 65 64 20 6c 6f 63 61 6c 6c 79 20 6f 6e 20 74 68 65 20 69 6e 74	.address.used.locally.on.the.int
59ea0	65 72 66 61 63 65 20 77 68 65 72 65 20 74 68 65 20 70 72 65 66 69 78 20 68 61 73 20 62 65 65 6e	erface.where.the.prefix.has.been
59ec0	20 64 65 6c 65 67 61 74 65 64 20 74 6f 2e 20 49 44 20 6d 75 73 74 20 62 65 20 61 20 64 65 63 69	.delegated.to..ID.must.be.a.deci
59ee0	6d 61 6c 20 69 6e 74 65 67 65 72 2e 00 53 70 65 63 69 66 79 20 74 68 65 20 6d 69 6e 69 6d 75 6d	mal.integer..Specify.the.minimum
59f00	20 72 65 71 75 69 72 65 64 20 54 4c 53 20 76 65 72 73 69 6f 6e 20 31 2e 32 20 6f 72 20 31 2e 33	.required.TLS.version.1.2.or.1.3
59f20	00 53 70 65 63 69 66 79 20 74 68 65 20 70 6c 61 69 6e 74 65 78 74 20 70 61 73 73 77 6f 72 64 20	.Specify.the.plaintext.password.
59f40	75 73 65 72 20 62 79 20 75 73 65 72 20 60 3c 6e 61 6d 65 3e 60 20 6f 6e 20 74 68 69 73 20 73 79	user.by.user.`<name>`.on.this.sy
59f60	73 74 65 6d 2e 20 54 68 65 20 70 6c 61 69 6e 74 65 78 74 20 70 61 73 73 77 6f 72 64 20 77 69 6c	stem..The.plaintext.password.wil
59f80	6c 20 62 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 74 72 61 6e 73 66 65 72 72 65 64 20 69	l.be.automatically.transferred.i
59fa0	6e 74 6f 20 61 20 73 65 63 75 72 65 20 68 61 73 68 65 64 20 70 61 73 73 77 6f 72 64 20 61 6e 64	nto.a.secure.hashed.password.and
59fc0	20 6e 6f 74 20 73 61 76 65 64 20 61 6e 79 77 68 65 72 65 20 69 6e 20 70 6c 61 69 6e 74 65 78 74	.not.saved.anywhere.in.plaintext
59fe0	2e 00 53 70 65 63 69 66 79 20 74 68 65 20 70 6f 72 74 20 75 73 65 64 20 6f 6e 20 77 68 69 63 68	..Specify.the.port.used.on.which
5a000	20 74 68 65 20 70 72 6f 78 79 20 73 65 72 76 69 63 65 20 69 73 20 6c 69 73 74 65 6e 69 6e 67 20	.the.proxy.service.is.listening.
5a020	66 6f 72 20 72 65 71 75 65 73 74 73 2e 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 74 68 65 20 64	for.requests..This.port.is.the.d
5a040	65 66 61 75 6c 74 20 70 6f 72 74 20 75 73 65 64 20 66 6f 72 20 74 68 65 20 73 70 65 63 69 66 69	efault.port.used.for.the.specifi
5a060	65 64 20 6c 69 73 74 65 6e 2d 61 64 64 72 65 73 73 2e 00 53 70 65 63 69 66 79 20 74 68 65 20 73	ed.listen-address..Specify.the.s
5a080	79 73 74 65 6d 73 20 60 3c 74 69 6d 65 7a 6f 6e 65 3e 60 20 61 73 20 74 68 65 20 52 65 67 69 6f	ystems.`<timezone>`.as.the.Regio
5a0a0	6e 2f 4c 6f 63 61 74 69 6f 6e 20 74 68 61 74 20 62 65 73 74 20 64 65 66 69 6e 65 73 20 79 6f 75	n/Location.that.best.defines.you
5a0c0	72 20 6c 6f 63 61 74 69 6f 6e 2e 20 46 6f 72 20 65 78 61 6d 70 6c 65 2c 20 73 70 65 63 69 66 79	r.location..For.example,.specify
5a0e0	69 6e 67 20 55 53 2f 50 61 63 69 66 69 63 20 73 65 74 73 20 74 68 65 20 74 69 6d 65 20 7a 6f 6e	ing.US/Pacific.sets.the.time.zon
5a100	65 20 74 6f 20 55 53 20 50 61 63 69 66 69 63 20 74 69 6d 65 2e 00 53 70 65 63 69 66 79 20 74 68	e.to.US.Pacific.time..Specify.th
5a120	65 20 74 69 6d 65 20 69 6e 74 65 72 76 61 6c 20 77 68 65 6e 20 60 3c 74 61 73 6b 3e 60 20 73 68	e.time.interval.when.`<task>`.sh
5a140	6f 75 6c 64 20 62 65 20 65 78 65 63 75 74 65 64 2e 20 54 68 65 20 69 6e 74 65 72 76 61 6c 20 69	ould.be.executed..The.interval.i
5a160	73 20 73 70 65 63 69 66 69 65 64 20 61 73 20 6e 75 6d 62 65 72 20 77 69 74 68 20 6f 6e 65 20 6f	s.specified.as.number.with.one.o
5a180	66 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 73 75 66 66 69 78 65 73 3a 00 53 70 65 63 69 66	f.the.following.suffixes:.Specif
5a1a0	79 20 74 69 6d 65 6f 75 74 20 2f 20 75 70 64 61 74 65 20 69 6e 74 65 72 76 61 6c 20 74 6f 20 63	y.timeout./.update.interval.to.c
5a1c0	68 65 63 6b 20 69 66 20 49 50 20 61 64 64 72 65 73 73 20 63 68 61 6e 67 65 64 2e 00 53 70 65 63	heck.if.IP.address.changed..Spec
5a1e0	69 66 79 20 74 69 6d 65 6f 75 74 20 69 6e 74 65 72 76 61 6c 20 66 6f 72 20 6b 65 65 70 61 6c 69	ify.timeout.interval.for.keepali
5a200	76 65 20 6d 65 73 73 61 67 65 20 69 6e 20 73 65 63 6f 6e 64 73 2e 00 53 70 69 6e 65 31 20 69 73	ve.message.in.seconds..Spine1.is
5a220	20 61 20 43 69 73 63 6f 20 49 4f 53 20 72 6f 75 74 65 72 20 72 75 6e 6e 69 6e 67 20 76 65 72 73	.a.Cisco.IOS.router.running.vers
5a240	69 6f 6e 20 31 35 2e 34 2c 20 4c 65 61 66 32 20 61 6e 64 20 4c 65 61 66 33 20 69 73 20 65 61 63	ion.15.4,.Leaf2.and.Leaf3.is.eac
5a260	68 20 61 20 56 79 4f 53 20 72 6f 75 74 65 72 20 72 75 6e 6e 69 6e 67 20 31 2e 32 2e 00 53 70 6c	h.a.VyOS.router.running.1.2..Spl
5a280	75 6e 6b 00 53 70 6f 6b 65 00 53 71 75 69 64 5f 20 69 73 20 61 20 63 61 63 68 69 6e 67 20 61 6e	unk.Spoke.Squid_.is.a.caching.an
5a2a0	64 20 66 6f 72 77 61 72 64 69 6e 67 20 48 54 54 50 20 77 65 62 20 70 72 6f 78 79 2e 20 49 74 20	d.forwarding.HTTP.web.proxy..It.
5a2c0	68 61 73 20 61 20 77 69 64 65 20 76 61 72 69 65 74 79 20 6f 66 20 75 73 65 73 2c 20 69 6e 63 6c	has.a.wide.variety.of.uses,.incl
5a2e0	75 64 69 6e 67 20 73 70 65 65 64 69 6e 67 20 75 70 20 61 20 77 65 62 20 73 65 72 76 65 72 20 62	uding.speeding.up.a.web.server.b
5a300	79 20 63 61 63 68 69 6e 67 20 72 65 70 65 61 74 65 64 20 72 65 71 75 65 73 74 73 2c 20 63 61 63	y.caching.repeated.requests,.cac
5a320	68 69 6e 67 20 77 65 62 2c 20 44 4e 53 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6d 70 75 74 65 72	hing.web,.DNS.and.other.computer
5a340	20 6e 65 74 77 6f 72 6b 20 6c 6f 6f 6b 75 70 73 20 66 6f 72 20 61 20 67 72 6f 75 70 20 6f 66 20	.network.lookups.for.a.group.of.
5a360	70 65 6f 70 6c 65 20 73 68 61 72 69 6e 67 20 6e 65 74 77 6f 72 6b 20 72 65 73 6f 75 72 63 65 73	people.sharing.network.resources
5a380	2c 20 61 6e 64 20 61 69 64 69 6e 67 20 73 65 63 75 72 69 74 79 20 62 79 20 66 69 6c 74 65 72 69	,.and.aiding.security.by.filteri
5a3a0	6e 67 20 74 72 61 66 66 69 63 2e 20 41 6c 74 68 6f 75 67 68 20 70 72 69 6d 61 72 69 6c 79 20 75	ng.traffic..Although.primarily.u
5a3c0	73 65 64 20 66 6f 72 20 48 54 54 50 20 61 6e 64 20 46 54 50 2c 20 53 71 75 69 64 20 69 6e 63 6c	sed.for.HTTP.and.FTP,.Squid.incl
5a3e0	75 64 65 73 20 6c 69 6d 69 74 65 64 20 73 75 70 70 6f 72 74 20 66 6f 72 20 73 65 76 65 72 61 6c	udes.limited.support.for.several
5a400	20 6f 74 68 65 72 20 70 72 6f 74 6f 63 6f 6c 73 20 69 6e 63 6c 75 64 69 6e 67 20 49 6e 74 65 72	.other.protocols.including.Inter
5a420	6e 65 74 20 47 6f 70 68 65 72 2c 20 53 53 4c 2c 5b 36 5d 20 54 4c 53 20 61 6e 64 20 48 54 54 50	net.Gopher,.SSL,[6].TLS.and.HTTP
5a440	53 2e 20 53 71 75 69 64 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 74 68 65 20 53 4f	S..Squid.does.not.support.the.SO
5a460	43 4b 53 20 70 72 6f 74 6f 63 6f 6c 2e 00 53 74 61 72 74 20 62 79 20 63 68 65 63 6b 69 6e 67 20	CKS.protocol..Start.by.checking.
5a480	66 6f 72 20 49 50 53 65 63 20 53 41 73 20 28 53 65 63 75 72 69 74 79 20 41 73 73 6f 63 69 61 74	for.IPSec.SAs.(Security.Associat
5a4a0	69 6f 6e 73 29 20 77 69 74 68 3a 00 53 74 61 72 74 69 6e 67 20 66 72 6f 6d 20 56 79 4f 53 20 31	ions).with:.Starting.from.VyOS.1
5a4c0	2e 34 2d 72 6f 6c 6c 69 6e 67 2d 32 30 32 33 30 38 30 34 30 35 35 37 2c 20 61 20 6e 65 77 20 66	.4-rolling-202308040557,.a.new.f
5a4e0	69 72 65 77 61 6c 6c 20 73 74 72 75 63 74 75 72 65 20 63 61 6e 20 62 65 20 66 6f 75 6e 64 20 6f	irewall.structure.can.be.found.o
5a500	6e 20 61 6c 6c 20 76 79 6f 73 20 69 6e 73 74 61 6c 6c 61 74 69 6f 6e 73 2e 20 44 6f 63 75 6d 65	n.all.vyos.installations..Docume
5a520	6e 74 61 74 69 6f 6e 20 66 6f 72 20 6d 6f 73 74 20 6e 65 77 20 66 69 72 65 77 61 6c 6c 20 63 6c	ntation.for.most.new.firewall.cl
5a540	69 20 63 61 6e 20 62 65 20 66 6f 75 6e 64 20 68 65 72 65 3a 00 53 74 61 72 74 69 6e 67 20 6f 66	i.can.be.found.here:.Starting.of
5a560	20 77 69 74 68 20 56 79 4f 53 20 31 2e 33 20 28 65 71 75 75 6c 65 75 73 29 20 77 65 20 61 64 64	.with.VyOS.1.3.(equuleus).we.add
5a580	65 64 20 73 75 70 70 6f 72 74 20 66 6f 72 20 72 75 6e 6e 69 6e 67 20 56 79 4f 53 20 61 73 20 61	ed.support.for.running.VyOS.as.a
5a5a0	6e 20 4f 75 74 2d 6f 66 2d 42 61 6e 64 20 4d 61 6e 61 67 65 6d 65 6e 74 20 64 65 76 69 63 65 20	n.Out-of-Band.Management.device.
5a5c0	77 68 69 63 68 20 70 72 6f 76 69 64 65 73 20 72 65 6d 6f 74 65 20 61 63 63 65 73 73 20 62 79 20	which.provides.remote.access.by.
5a5e0	6d 65 61 6e 73 20 6f 66 20 53 53 48 20 74 6f 20 64 69 72 65 63 74 6c 79 20 61 74 74 61 63 68 65	means.of.SSH.to.directly.attache
5a600	64 20 73 65 72 69 61 6c 20 69 6e 74 65 72 66 61 63 65 73 2e 00 53 74 61 72 74 69 6e 67 20 77 69	d.serial.interfaces..Starting.wi
5a620	74 68 20 56 79 4f 53 20 31 2e 32 20 61 20 3a 61 62 62 72 3a 60 6d 44 4e 53 20 28 4d 75 6c 74 69	th.VyOS.1.2.a.:abbr:`mDNS.(Multi
5a640	63 61 73 74 20 44 4e 53 29 60 20 72 65 70 65 61 74 65 72 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74	cast.DNS)`.repeater.functionalit
5a660	79 20 69 73 20 70 72 6f 76 69 64 65 64 2e 20 41 64 64 69 74 69 6f 6e 61 6c 20 69 6e 66 6f 72 6d	y.is.provided..Additional.inform
5a680	61 74 69 6f 6e 20 63 61 6e 20 62 65 20 6f 62 74 61 69 6e 65 64 20 66 72 6f 6d 20 68 74 74 70 73	ation.can.be.obtained.from.https
5a6a0	3a 2f 2f 65 6e 2e 77 69 6b 69 70 65 64 69 61 2e 6f 72 67 2f 77 69 6b 69 2f 4d 75 6c 74 69 63 61	://en.wikipedia.org/wiki/Multica
5a6c0	73 74 5f 44 4e 53 2e 00 53 74 61 74 69 63 00 53 74 61 74 69 63 20 3a 61 62 62 72 3a 60 53 41 4b	st_DNS..Static.Static.:abbr:`SAK
5a6e0	20 28 53 65 63 75 72 65 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 4b 65 79 29 60 20 6d 6f	.(Secure.Authentication.Key)`.mo
5a700	64 65 20 63 61 6e 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 6d 61 6e 75 61 6c 6c 79 20 6f 6e	de.can.be.configured.manually.on
5a720	20 65 61 63 68 20 64 65 76 69 63 65 20 77 69 73 68 69 6e 67 20 74 6f 20 75 73 65 20 4d 41 43 73	.each.device.wishing.to.use.MACs
5a740	65 63 2e 20 4b 65 79 73 20 6d 75 73 74 20 62 65 20 73 65 74 20 73 74 61 74 69 63 61 6c 6c 79 20	ec..Keys.must.be.set.statically.
5a760	6f 6e 20 61 6c 6c 20 64 65 76 69 63 65 73 20 66 6f 72 20 74 72 61 66 66 69 63 20 74 6f 20 66 6c	on.all.devices.for.traffic.to.fl
5a780	6f 77 20 70 72 6f 70 65 72 6c 79 2e 20 4b 65 79 20 72 6f 74 61 74 69 6f 6e 20 69 73 20 64 65 70	ow.properly..Key.rotation.is.dep
5a7a0	65 6e 64 65 6e 74 20 6f 6e 20 74 68 65 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 75 70 64 61	endent.on.the.administrator.upda
5a7c0	74 69 6e 67 20 61 6c 6c 20 6b 65 79 73 20 6d 61 6e 75 61 6c 6c 79 20 61 63 72 6f 73 73 20 63 6f	ting.all.keys.manually.across.co
5a7e0	6e 6e 65 63 74 65 64 20 64 65 76 69 63 65 73 2e 20 53 74 61 74 69 63 20 53 41 4b 20 6d 6f 64 65	nnected.devices..Static.SAK.mode
5a800	20 63 61 6e 20 6e 6f 74 20 62 65 20 75 73 65 64 20 77 69 74 68 20 4d 4b 41 2e 00 53 74 61 74 69	.can.not.be.used.with.MKA..Stati
5a820	63 20 44 48 43 50 20 49 50 20 61 64 64 72 65 73 73 20 61 73 73 69 67 6e 20 74 6f 20 68 6f 73 74	c.DHCP.IP.address.assign.to.host
5a840	20 69 64 65 6e 74 69 66 69 65 64 20 62 79 20 60 3c 64 65 73 63 72 69 70 74 69 6f 6e 3e 60 2e 20	.identified.by.`<description>`..
5a860	49 50 20 61 64 64 72 65 73 73 20 6d 75 73 74 20 62 65 20 69 6e 73 69 64 65 20 74 68 65 20 60 3c	IP.address.must.be.inside.the.`<
5a880	73 75 62 6e 65 74 3e 60 20 77 68 69 63 68 20 69 73 20 64 65 66 69 6e 65 64 20 62 75 74 20 63 61	subnet>`.which.is.defined.but.ca
5a8a0	6e 20 62 65 20 6f 75 74 73 69 64 65 20 74 68 65 20 64 79 6e 61 6d 69 63 20 72 61 6e 67 65 20 63	n.be.outside.the.dynamic.range.c
5a8c0	72 65 61 74 65 64 20 77 69 74 68 20 3a 63 66 67 63 6d 64 3a 60 73 65 74 20 73 65 72 76 69 63 65	reated.with.:cfgcmd:`set.service
5a8e0	20 64 68 63 70 2d 73 65 72 76 65 72 20 73 68 61 72 65 64 2d 6e 65 74 77 6f 72 6b 2d 6e 61 6d 65	.dhcp-server.shared-network-name
5a900	20 3c 6e 61 6d 65 3e 20 73 75 62 6e 65 74 20 3c 73 75 62 6e 65 74 3e 20 72 61 6e 67 65 20 3c 6e	.<name>.subnet.<subnet>.range.<n
5a920	3e 60 2e 20 49 66 20 6e 6f 20 69 70 2d 61 64 64 72 65 73 73 20 69 73 20 73 70 65 63 69 66 69 65	>`..If.no.ip-address.is.specifie
5a940	64 2c 20 61 6e 20 49 50 20 66 72 6f 6d 20 74 68 65 20 64 79 6e 61 6d 69 63 20 70 6f 6f 6c 20 69	d,.an.IP.from.the.dynamic.pool.i
5a960	73 20 75 73 65 64 2e 00 53 74 61 74 69 63 20 48 6f 73 74 6e 61 6d 65 20 4d 61 70 70 69 6e 67 00	s.used..Static.Hostname.Mapping.
5a980	53 74 61 74 69 63 20 4b 65 79 73 00 53 74 61 74 69 63 20 52 6f 75 74 65 73 00 53 74 61 74 69 63	Static.Keys.Static.Routes.Static
5a9a0	20 52 6f 75 74 69 6e 67 20 6f 72 20 6f 74 68 65 72 20 64 79 6e 61 6d 69 63 20 72 6f 75 74 69 6e	.Routing.or.other.dynamic.routin
5a9c0	67 20 70 72 6f 74 6f 63 6f 6c 73 20 63 61 6e 20 62 65 20 75 73 65 64 20 6f 76 65 72 20 74 68 65	g.protocols.can.be.used.over.the
5a9e0	20 76 74 75 6e 20 69 6e 74 65 72 66 61 63 65 00 53 74 61 74 69 63 20 52 6f 75 74 69 6e 67 3a 00	.vtun.interface.Static.Routing:.
5aa00	53 74 61 74 69 63 20 6d 61 70 70 69 6e 67 73 00 53 74 61 74 69 63 20 6d 61 70 70 69 6e 67 73 20	Static.mappings.Static.mappings.
5aa20	61 72 65 6e 27 74 20 73 68 6f 77 6e 2e 20 54 6f 20 73 68 6f 77 20 61 6c 6c 20 73 74 61 74 65 73	aren't.shown..To.show.all.states
5aa40	2c 20 75 73 65 20 60 60 73 68 6f 77 20 64 68 63 70 20 73 65 72 76 65 72 20 6c 65 61 73 65 73 20	,.use.``show.dhcp.server.leases.
5aa60	73 74 61 74 65 20 61 6c 6c 60 60 2e 00 53 74 61 74 69 63 20 72 6f 75 74 65 73 20 61 72 65 20 6d	state.all``..Static.routes.are.m
5aa80	61 6e 75 61 6c 6c 79 20 63 6f 6e 66 69 67 75 72 65 64 20 72 6f 75 74 65 73 2c 20 77 68 69 63 68	anually.configured.routes,.which
5aaa0	2c 20 69 6e 20 67 65 6e 65 72 61 6c 2c 20 63 61 6e 6e 6f 74 20 62 65 20 75 70 64 61 74 65 64 20	,.in.general,.cannot.be.updated.
5aac0	64 79 6e 61 6d 69 63 61 6c 6c 79 20 66 72 6f 6d 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 56 79 4f	dynamically.from.information.VyO
5aae0	53 20 6c 65 61 72 6e 73 20 61 62 6f 75 74 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 74 6f 70 6f 6c	S.learns.about.the.network.topol
5ab00	6f 67 79 20 66 72 6f 6d 20 6f 74 68 65 72 20 72 6f 75 74 69 6e 67 20 70 72 6f 74 6f 63 6f 6c 73	ogy.from.other.routing.protocols
5ab20	2e 20 48 6f 77 65 76 65 72 2c 20 69 66 20 61 20 6c 69 6e 6b 20 66 61 69 6c 73 2c 20 74 68 65 20	..However,.if.a.link.fails,.the.
5ab40	72 6f 75 74 65 72 20 77 69 6c 6c 20 72 65 6d 6f 76 65 20 72 6f 75 74 65 73 2c 20 69 6e 63 6c 75	router.will.remove.routes,.inclu
5ab60	64 69 6e 67 20 73 74 61 74 69 63 20 72 6f 75 74 65 73 2c 20 66 72 6f 6d 20 74 68 65 20 3a 61 62	ding.static.routes,.from.the.:ab
5ab80	62 72 3a 60 52 49 50 42 20 28 52 6f 75 74 69 6e 67 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 20 42 61	br:`RIPB.(Routing.Information.Ba
5aba0	73 65 29 60 20 74 68 61 74 20 75 73 65 64 20 74 68 69 73 20 69 6e 74 65 72 66 61 63 65 20 74 6f	se)`.that.used.this.interface.to
5abc0	20 72 65 61 63 68 20 74 68 65 20 6e 65 78 74 20 68 6f 70 2e 20 49 6e 20 67 65 6e 65 72 61 6c 2c	.reach.the.next.hop..In.general,
5abe0	20 73 74 61 74 69 63 20 72 6f 75 74 65 73 20 73 68 6f 75 6c 64 20 6f 6e 6c 79 20 62 65 20 75 73	.static.routes.should.only.be.us
5ac00	65 64 20 66 6f 72 20 76 65 72 79 20 73 69 6d 70 6c 65 20 6e 65 74 77 6f 72 6b 20 74 6f 70 6f 6c	ed.for.very.simple.network.topol
5ac20	6f 67 69 65 73 2c 20 6f 72 20 74 6f 20 6f 76 65 72 72 69 64 65 20 74 68 65 20 62 65 68 61 76 69	ogies,.or.to.override.the.behavi
5ac40	6f 72 20 6f 66 20 61 20 64 79 6e 61 6d 69 63 20 72 6f 75 74 69 6e 67 20 70 72 6f 74 6f 63 6f 6c	or.of.a.dynamic.routing.protocol
5ac60	20 66 6f 72 20 61 20 73 6d 61 6c 6c 20 6e 75 6d 62 65 72 20 6f 66 20 72 6f 75 74 65 73 2e 20 54	.for.a.small.number.of.routes..T
5ac80	68 65 20 63 6f 6c 6c 65 63 74 69 6f 6e 20 6f 66 20 61 6c 6c 20 72 6f 75 74 65 73 20 74 68 65 20	he.collection.of.all.routes.the.
5aca0	72 6f 75 74 65 72 20 68 61 73 20 6c 65 61 72 6e 65 64 20 66 72 6f 6d 20 69 74 73 20 63 6f 6e 66	router.has.learned.from.its.conf
5acc0	69 67 75 72 61 74 69 6f 6e 20 6f 72 20 66 72 6f 6d 20 69 74 73 20 64 79 6e 61 6d 69 63 20 72 6f	iguration.or.from.its.dynamic.ro
5ace0	75 74 69 6e 67 20 70 72 6f 74 6f 63 6f 6c 73 20 69 73 20 73 74 6f 72 65 64 20 69 6e 20 74 68 65	uting.protocols.is.stored.in.the
5ad00	20 52 49 42 2e 20 55 6e 69 63 61 73 74 20 72 6f 75 74 65 73 20 61 72 65 20 64 69 72 65 63 74 6c	.RIB..Unicast.routes.are.directl
5ad20	79 20 75 73 65 64 20 74 6f 20 64 65 74 65 72 6d 69 6e 65 20 74 68 65 20 66 6f 72 77 61 72 64 69	y.used.to.determine.the.forwardi
5ad40	6e 67 20 74 61 62 6c 65 20 75 73 65 64 20 66 6f 72 20 75 6e 69 63 61 73 74 20 70 61 63 6b 65 74	ng.table.used.for.unicast.packet
5ad60	20 66 6f 72 77 61 72 64 69 6e 67 2e 00 53 74 61 74 69 63 20 72 6f 75 74 65 73 20 63 61 6e 20 62	.forwarding..Static.routes.can.b
5ad80	65 20 63 6f 6e 66 69 67 75 72 65 64 20 72 65 66 65 72 65 6e 63 69 6e 67 20 74 68 65 20 74 75 6e	e.configured.referencing.the.tun
5ada0	6e 65 6c 20 69 6e 74 65 72 66 61 63 65 3b 20 66 6f 72 20 65 78 61 6d 70 6c 65 2c 20 74 68 65 20	nel.interface;.for.example,.the.
5adc0	6c 6f 63 61 6c 20 72 6f 75 74 65 72 20 77 69 6c 6c 20 75 73 65 20 61 20 6e 65 74 77 6f 72 6b 20	local.router.will.use.a.network.
5ade0	6f 66 20 31 30 2e 30 2e 30 2e 30 2f 31 36 2c 20 77 68 69 6c 65 20 74 68 65 20 72 65 6d 6f 74 65	of.10.0.0.0/16,.while.the.remote
5ae00	20 68 61 73 20 61 20 6e 65 74 77 6f 72 6b 20 6f 66 20 31 30 2e 31 2e 30 2e 30 2f 31 36 3a 00 53	.has.a.network.of.10.1.0.0/16:.S
5ae20	74 61 74 69 6f 6e 20 73 75 70 70 6f 72 74 73 20 72 65 63 65 69 76 69 6e 67 20 56 48 54 20 76 61	tation.supports.receiving.VHT.va
5ae40	72 69 61 6e 74 20 48 54 20 43 6f 6e 74 72 6f 6c 20 66 69 65 6c 64 00 53 74 61 74 75 73 00 53 74	riant.HT.Control.field.Status.St
5ae60	69 63 6b 79 20 43 6f 6e 6e 65 63 74 69 6f 6e 73 00 53 74 6f 72 61 67 65 20 6f 66 20 72 6f 75 74	icky.Connections.Storage.of.rout
5ae80	65 20 75 70 64 61 74 65 73 20 75 73 65 73 20 6d 65 6d 6f 72 79 2e 20 49 66 20 79 6f 75 20 65 6e	e.updates.uses.memory..If.you.en
5aea0	61 62 6c 65 20 73 6f 66 74 20 72 65 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 69 6e 62 6f 75 6e	able.soft.reconfiguration.inboun
5aec0	64 20 66 6f 72 20 6d 75 6c 74 69 70 6c 65 20 6e 65 69 67 68 62 6f 72 73 2c 20 74 68 65 20 61 6d	d.for.multiple.neighbors,.the.am
5aee0	6f 75 6e 74 20 6f 66 20 6d 65 6d 6f 72 79 20 75 73 65 64 20 63 61 6e 20 62 65 63 6f 6d 65 20 73	ount.of.memory.used.can.become.s
5af00	69 67 6e 69 66 69 63 61 6e 74 2e 00 53 75 66 66 69 78 65 73 00 53 75 6d 6d 61 72 69 73 61 74 69	ignificant..Suffixes.Summarisati
5af20	6f 6e 20 73 74 61 72 74 73 20 6f 6e 6c 79 20 61 66 74 65 72 20 74 68 69 73 20 64 65 6c 61 79 20	on.starts.only.after.this.delay.
5af40	74 69 6d 65 72 20 65 78 70 69 72 79 2e 00 53 75 70 70 6f 72 74 65 64 20 4d 6f 64 75 6c 65 73 00	timer.expiry..Supported.Modules.
5af60	53 75 70 70 6f 72 74 65 64 20 63 68 61 6e 6e 65 6c 20 77 69 64 74 68 20 73 65 74 2e 00 53 75 70	Supported.channel.width.set..Sup
5af80	70 6f 72 74 65 64 20 69 6e 74 65 72 66 61 63 65 20 74 79 70 65 73 3a 00 53 75 70 70 6f 72 74 65	ported.interface.types:.Supporte
5afa0	64 20 72 65 6d 6f 74 65 20 70 72 6f 74 6f 63 6f 6c 73 20 61 72 65 20 46 54 50 2c 20 46 54 50 53	d.remote.protocols.are.FTP,.FTPS
5afc0	2c 20 48 54 54 50 2c 20 48 54 54 50 53 2c 20 53 43 50 2f 53 46 54 50 20 61 6e 64 20 54 46 54 50	,.HTTP,.HTTPS,.SCP/SFTP.and.TFTP
5afe0	2e 00 53 75 70 70 6f 72 74 65 64 20 76 65 72 73 69 6f 6e 73 20 6f 66 20 52 49 50 20 61 72 65 3a	..Supported.versions.of.RIP.are:
5b000	00 53 75 70 70 6f 72 74 73 20 61 73 20 48 45 4c 50 45 52 20 66 6f 72 20 63 6f 6e 66 69 67 75 72	.Supports.as.HELPER.for.configur
5b020	65 64 20 67 72 61 63 65 20 70 65 72 69 6f 64 2e 00 53 75 70 70 6f 73 65 20 74 68 65 20 4c 45 46	ed.grace.period..Suppose.the.LEF
5b040	54 20 72 6f 75 74 65 72 20 68 61 73 20 65 78 74 65 72 6e 61 6c 20 61 64 64 72 65 73 73 20 31 39	T.router.has.external.address.19
5b060	32 2e 30 2e 32 2e 31 30 20 6f 6e 20 69 74 73 20 65 74 68 30 20 69 6e 74 65 72 66 61 63 65 2c 20	2.0.2.10.on.its.eth0.interface,.
5b080	61 6e 64 20 74 68 65 20 52 49 47 48 54 20 72 6f 75 74 65 72 20 69 73 20 32 30 33 2e 30 2e 31 31	and.the.RIGHT.router.is.203.0.11
5b0a0	33 2e 34 35 00 53 75 70 70 6f 73 65 20 79 6f 75 20 77 61 6e 74 20 74 6f 20 75 73 65 20 31 30 2e	3.45.Suppose.you.want.to.use.10.
5b0c0	32 33 2e 31 2e 30 2f 32 34 20 6e 65 74 77 6f 72 6b 20 66 6f 72 20 63 6c 69 65 6e 74 20 74 75 6e	23.1.0/24.network.for.client.tun
5b0e0	6e 65 6c 20 65 6e 64 70 6f 69 6e 74 73 20 61 6e 64 20 61 6c 6c 20 63 6c 69 65 6e 74 20 73 75 62	nel.endpoints.and.all.client.sub
5b100	6e 65 74 73 20 62 65 6c 6f 6e 67 20 74 6f 20 31 30 2e 32 33 2e 30 2e 30 2f 32 30 2e 20 41 6c 6c	nets.belong.to.10.23.0.0/20..All
5b120	20 63 6c 69 65 6e 74 73 20 6e 65 65 64 20 61 63 63 65 73 73 20 74 6f 20 74 68 65 20 31 39 32 2e	.clients.need.access.to.the.192.
5b140	31 36 38 2e 30 2e 30 2f 31 36 20 6e 65 74 77 6f 72 6b 2e 00 53 75 70 70 72 65 73 73 20 73 65 6e	168.0.0/16.network..Suppress.sen
5b160	64 69 6e 67 20 43 61 70 61 62 69 6c 69 74 79 20 4e 65 67 6f 74 69 61 74 69 6f 6e 20 61 73 20 4f	ding.Capability.Negotiation.as.O
5b180	50 45 4e 20 6d 65 73 73 61 67 65 20 6f 70 74 69 6f 6e 61 6c 20 70 61 72 61 6d 65 74 65 72 20 74	PEN.message.optional.parameter.t
5b1a0	6f 20 74 68 65 20 70 65 65 72 2e 20 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 6f 6e 6c 79 20 61 66	o.the.peer..This.command.only.af
5b1c0	66 65 63 74 73 20 74 68 65 20 70 65 65 72 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 6f 74 68	fects.the.peer.is.configured.oth
5b1e0	65 72 20 74 68 61 6e 20 49 50 76 34 20 75 6e 69 63 61 73 74 20 63 6f 6e 66 69 67 75 72 61 74 69	er.than.IPv4.unicast.configurati
5b200	6f 6e 2e 00 53 79 6e 61 6d 69 63 20 69 6e 73 74 72 75 63 74 73 20 74 6f 20 66 6f 72 77 61 72 64	on..Synamic.instructs.to.forward
5b220	20 74 6f 20 61 6c 6c 20 70 65 65 72 73 20 77 68 69 63 68 20 77 65 20 68 61 76 65 20 61 20 64 69	.to.all.peers.which.we.have.a.di
5b240	72 65 63 74 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 77 69 74 68 2e 20 41 6c 74 65 72 6e 61 74 69 76	rect.connection.with..Alternativ
5b260	65 6c 79 2c 20 79 6f 75 20 63 61 6e 20 73 70 65 63 69 66 79 20 74 68 65 20 64 69 72 65 63 74 69	ely,.you.can.specify.the.directi
5b280	76 65 20 6d 75 6c 74 69 70 6c 65 20 74 69 6d 65 73 20 66 6f 72 20 65 61 63 68 20 70 72 6f 74 6f	ve.multiple.times.for.each.proto
5b2a0	63 6f 6c 2d 61 64 64 72 65 73 73 20 74 68 65 20 6d 75 6c 74 69 63 61 73 74 20 74 72 61 66 66 69	col-address.the.multicast.traffi
5b2c0	63 20 73 68 6f 75 6c 64 20 62 65 20 73 65 6e 74 20 74 6f 2e 00 53 79 6e 63 20 67 72 6f 75 70 73	c.should.be.sent.to..Sync.groups
5b2e0	00 53 79 6e 74 61 78 20 68 61 73 20 63 68 61 6e 67 65 64 20 66 72 6f 6d 20 56 79 4f 53 20 31 2e	.Syntax.has.changed.from.VyOS.1.
5b300	32 20 28 63 72 75 78 29 20 61 6e 64 20 69 74 20 77 69 6c 6c 20 62 65 20 61 75 74 6f 6d 61 74 69	2.(crux).and.it.will.be.automati
5b320	63 61 6c 6c 79 20 6d 69 67 72 61 74 65 64 20 64 75 72 69 6e 67 20 61 6e 20 75 70 67 72 61 64 65	cally.migrated.during.an.upgrade
5b340	2e 00 53 79 73 63 74 6c 00 53 79 73 6c 6f 67 00 53 79 73 6c 6f 67 20 73 75 70 70 6f 72 74 73 20	..Sysctl.Syslog.Syslog.supports.
5b360	6c 6f 67 67 69 6e 67 20 74 6f 20 6d 75 6c 74 69 70 6c 65 20 74 61 72 67 65 74 73 2c 20 74 68 6f	logging.to.multiple.targets,.tho
5b380	73 65 20 74 61 72 67 65 74 73 20 63 6f 75 6c 64 20 62 65 20 61 20 70 6c 61 69 6e 20 66 69 6c 65	se.targets.could.be.a.plain.file
5b3a0	20 6f 6e 20 79 6f 75 72 20 56 79 4f 53 20 69 6e 73 74 61 6c 6c 61 74 69 6f 6e 20 69 74 73 65 6c	.on.your.VyOS.installation.itsel
5b3c0	66 2c 20 61 20 73 65 72 69 61 6c 20 63 6f 6e 73 6f 6c 65 20 6f 72 20 61 20 72 65 6d 6f 74 65 20	f,.a.serial.console.or.a.remote.
5b3e0	73 79 73 6c 6f 67 20 73 65 72 76 65 72 20 77 68 69 63 68 20 69 73 20 72 65 61 63 68 65 64 20 76	syslog.server.which.is.reached.v
5b400	69 61 20 3a 61 62 62 72 3a 60 49 50 20 28 49 6e 74 65 72 6e 65 74 20 50 72 6f 74 6f 63 6f 6c 29	ia.:abbr:`IP.(Internet.Protocol)
5b420	60 20 55 44 50 2f 54 43 50 2e 00 53 79 73 6c 6f 67 20 75 73 65 73 20 6c 6f 67 72 6f 74 61 74 65	`.UDP/TCP..Syslog.uses.logrotate
5b440	20 74 6f 20 72 6f 74 61 74 65 20 6c 6f 67 69 6c 65 73 20 61 66 74 65 72 20 61 20 6e 75 6d 62 65	.to.rotate.logiles.after.a.numbe
5b460	72 20 6f 66 20 67 69 76 65 73 20 62 79 74 65 73 2e 20 57 65 20 6b 65 65 70 20 61 73 20 6d 61 6e	r.of.gives.bytes..We.keep.as.man
5b480	79 20 61 73 20 60 3c 6e 75 6d 62 65 72 3e 60 20 72 6f 74 61 74 65 64 20 66 69 6c 65 20 62 65 66	y.as.`<number>`.rotated.file.bef
5b4a0	6f 72 65 20 74 68 65 79 20 61 72 65 20 64 65 6c 65 74 65 64 20 6f 6e 20 74 68 65 20 73 79 73 74	ore.they.are.deleted.on.the.syst
5b4c0	65 6d 2e 00 53 79 73 6c 6f 67 20 77 69 6c 6c 20 77 72 69 74 65 20 60 3c 73 69 7a 65 3e 60 20 6b	em..Syslog.will.write.`<size>`.k
5b4e0	69 6c 6f 62 79 74 65 73 20 69 6e 74 6f 20 74 68 65 20 66 69 6c 65 20 73 70 65 63 69 66 69 65 64	ilobytes.into.the.file.specified
5b500	20 62 79 20 60 3c 66 69 6c 65 6e 61 6d 65 3e 60 2e 20 41 66 74 65 72 20 74 68 69 73 20 6c 69 6d	.by.`<filename>`..After.this.lim
5b520	69 74 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2c 20 74 68 65 20 63 75 73 74 6f 6d 20	it.has.been.reached,.the.custom.
5b540	66 69 6c 65 20 69 73 20 22 72 6f 74 61 74 65 64 22 20 62 79 20 6c 6f 67 72 6f 74 61 74 65 20 61	file.is."rotated".by.logrotate.a
5b560	6e 64 20 61 20 6e 65 77 20 63 75 73 74 6f 6d 20 66 69 6c 65 20 69 73 20 63 72 65 61 74 65 64 2e	nd.a.new.custom.file.is.created.
5b580	00 53 79 73 74 65 6d 00 53 79 73 74 65 6d 20 44 4e 53 00 53 79 73 74 65 6d 20 44 69 73 70 6c 61	.System.System.DNS.System.Displa
5b5a0	79 20 28 4c 43 44 29 00 53 79 73 74 65 6d 20 4e 61 6d 65 20 61 6e 64 20 44 65 73 63 72 69 70 74	y.(LCD).System.Name.and.Descript
5b5c0	69 6f 6e 00 53 79 73 74 65 6d 20 50 72 6f 78 79 00 53 79 73 74 65 6d 20 63 61 70 61 62 69 6c 69	ion.System.Proxy.System.capabili
5b5e0	74 69 65 73 20 28 73 77 69 74 63 68 69 6e 67 2c 20 72 6f 75 74 69 6e 67 2c 20 65 74 63 2e 29 00	ties.(switching,.routing,.etc.).
5b600	53 79 73 74 65 6d 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 63 6f 6d 6d 61 6e 64 73 00 53 79	System.configuration.commands.Sy
5b620	73 74 65 6d 20 64 61 65 6d 6f 6e 73 00 53 79 73 74 65 6d 20 69 64 65 6e 74 69 66 69 65 72 3a 20	stem.daemons.System.identifier:.
5b640	60 60 31 39 32 31 2e 36 38 30 30 2e 31 30 30 32 60 60 20 2d 20 66 6f 72 20 73 79 73 74 65 6d 20	``1921.6800.1002``.-.for.system.
5b660	69 64 65 74 69 66 69 65 72 73 20 77 65 20 72 65 63 6f 6d 6d 65 6e 64 20 74 6f 20 75 73 65 20 49	idetifiers.we.recommend.to.use.I
5b680	50 20 61 64 64 72 65 73 73 20 6f 72 20 4d 41 43 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20	P.address.or.MAC.address.of.the.
5b6a0	72 6f 75 74 65 72 20 69 74 73 65 6c 66 2e 20 54 68 65 20 77 61 79 20 74 6f 20 63 6f 6e 73 74 72	router.itself..The.way.to.constr
5b6c0	75 63 74 20 74 68 69 73 20 69 73 20 74 6f 20 6b 65 65 70 20 61 6c 6c 20 6f 66 20 74 68 65 20 7a	uct.this.is.to.keep.all.of.the.z
5b6e0	65 72 6f 65 73 20 6f 66 20 74 68 65 20 72 6f 75 74 65 72 20 49 50 20 61 64 64 72 65 73 73 2c 20	eroes.of.the.router.IP.address,.
5b700	61 6e 64 20 74 68 65 6e 20 63 68 61 6e 67 65 20 74 68 65 20 70 65 72 69 6f 64 73 20 66 72 6f 6d	and.then.change.the.periods.from
5b720	20 62 65 69 6e 67 20 65 76 65 72 79 20 74 68 72 65 65 20 6e 75 6d 62 65 72 73 20 74 6f 20 65 76	.being.every.three.numbers.to.ev
5b740	65 72 79 20 66 6f 75 72 20 6e 75 6d 62 65 72 73 2e 20 54 68 65 20 61 64 64 72 65 73 73 20 74 68	ery.four.numbers..The.address.th
5b760	61 74 20 69 73 20 6c 69 73 74 65 64 20 68 65 72 65 20 69 73 20 60 60 31 39 32 2e 31 36 38 2e 31	at.is.listed.here.is.``192.168.1
5b780	2e 32 60 60 2c 20 77 68 69 63 68 20 69 66 20 65 78 70 61 6e 64 65 64 20 77 69 6c 6c 20 74 75 72	.2``,.which.if.expanded.will.tur
5b7a0	6e 20 69 6e 74 6f 20 60 60 31 39 32 2e 31 36 38 2e 30 30 31 2e 30 30 32 60 60 2e 20 54 68 65 6e	n.into.``192.168.001.002``..Then
5b7c0	20 61 6c 6c 20 6f 6e 65 20 68 61 73 20 74 6f 20 64 6f 20 69 73 20 6d 6f 76 65 20 74 68 65 20 64	.all.one.has.to.do.is.move.the.d
5b7e0	6f 74 73 20 74 6f 20 68 61 76 65 20 66 6f 75 72 20 6e 75 6d 62 65 72 73 20 69 6e 73 74 65 61 64	ots.to.have.four.numbers.instead
5b800	20 6f 66 20 74 68 72 65 65 2e 20 54 68 69 73 20 67 69 76 65 73 20 75 73 20 60 60 31 39 32 31 2e	.of.three..This.gives.us.``1921.
5b820	36 38 30 30 2e 31 30 30 32 60 60 2e 00 53 79 73 74 65 6d 20 69 73 20 75 6e 75 73 61 62 6c 65 20	6800.1002``..System.is.unusable.
5b840	2d 20 61 20 70 61 6e 69 63 20 63 6f 6e 64 69 74 69 6f 6e 00 54 41 43 41 43 53 20 45 78 61 6d 70	-.a.panic.condition.TACACS.Examp
5b860	6c 65 00 54 41 43 41 43 53 20 69 73 20 64 65 66 69 6e 65 64 20 69 6e 20 3a 72 66 63 3a 60 38 39	le.TACACS.is.defined.in.:rfc:`89
5b880	30 37 60 2e 00 54 41 43 41 43 53 20 73 65 72 76 65 72 73 20 63 6f 75 6c 64 20 62 65 20 68 61 72	07`..TACACS.servers.could.be.har
5b8a0	64 65 6e 65 64 20 62 79 20 6f 6e 6c 79 20 61 6c 6c 6f 77 69 6e 67 20 63 65 72 74 61 69 6e 20 49	dened.by.only.allowing.certain.I
5b8c0	50 20 61 64 64 72 65 73 73 65 73 20 74 6f 20 63 6f 6e 6e 65 63 74 2e 20 41 73 20 6f 66 20 74 68	P.addresses.to.connect..As.of.th
5b8e0	69 73 20 74 68 65 20 73 6f 75 72 63 65 20 61 64 64 72 65 73 73 20 6f 66 20 65 61 63 68 20 54 41	is.the.source.address.of.each.TA
5b900	43 41 43 53 20 71 75 65 72 79 20 63 61 6e 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 2e 00 54 41	CACS.query.can.be.configured..TA
5b920	43 41 43 53 2b 00 54 42 44 00 54 43 50 20 26 20 55 44 50 20 73 65 72 76 69 63 65 73 20 72 75 6e	CACS+.TBD.TCP.&.UDP.services.run
5b940	6e 69 6e 67 20 69 6e 20 74 68 65 20 64 65 66 61 75 6c 74 20 56 52 46 20 63 6f 6e 74 65 78 74 20	ning.in.the.default.VRF.context.
5b960	28 69 65 2e 2c 20 6e 6f 74 20 62 6f 75 6e 64 20 74 6f 20 61 6e 79 20 56 52 46 20 64 65 76 69 63	(ie.,.not.bound.to.any.VRF.devic
5b980	65 29 20 63 61 6e 20 77 6f 72 6b 20 61 63 72 6f 73 73 20 61 6c 6c 20 56 52 46 20 64 6f 6d 61 69	e).can.work.across.all.VRF.domai
5b9a0	6e 73 20 62 79 20 65 6e 61 62 6c 69 6e 67 20 74 68 69 73 20 6f 70 74 69 6f 6e 2e 00 54 46 54 50	ns.by.enabling.this.option..TFTP
5b9c0	20 53 65 72 76 65 72 00 54 61 67 20 69 73 20 74 68 65 20 6f 70 74 69 6f 6e 61 6c 20 70 61 72 61	.Server.Tag.is.the.optional.para
5b9e0	6d 65 74 65 72 2e 20 49 66 20 74 61 67 20 63 6f 6e 66 69 67 75 72 65 64 20 53 75 6d 6d 61 72 79	meter..If.tag.configured.Summary
5ba00	20 72 6f 75 74 65 20 77 69 6c 6c 20 62 65 20 6f 72 69 67 69 6e 61 74 65 64 20 77 69 74 68 20 74	.route.will.be.originated.with.t
5ba20	68 65 20 63 6f 6e 66 69 67 75 72 65 64 20 74 61 67 2e 00 54 61 73 6b 20 53 63 68 65 64 75 6c 65	he.configured.tag..Task.Schedule
5ba40	72 00 54 65 6c 65 67 72 61 66 00 54 65 6c 65 67 72 61 66 20 6f 75 74 70 75 74 20 70 6c 75 67 69	r.Telegraf.Telegraf.output.plugi
5ba60	6e 20 61 7a 75 72 65 2d 64 61 74 61 2d 65 78 70 6c 6f 72 65 72 5f 00 54 65 6c 65 67 72 61 66 20	n.azure-data-explorer_.Telegraf.
5ba80	6f 75 74 70 75 74 20 70 6c 75 67 69 6e 20 70 72 6f 6d 65 74 68 65 75 73 2d 63 6c 69 65 6e 74 5f	output.plugin.prometheus-client_
5baa0	00 54 65 6c 65 67 72 61 66 20 6f 75 74 70 75 74 20 70 6c 75 67 69 6e 20 73 70 6c 75 6e 6b 5f 2e	.Telegraf.output.plugin.splunk_.
5bac0	20 48 54 54 50 20 45 76 65 6e 74 20 43 6f 6c 6c 65 63 74 6f 72 2e 00 54 65 6c 6c 20 68 6f 73 74	.HTTP.Event.Collector..Tell.host
5bae0	73 20 74 6f 20 75 73 65 20 74 68 65 20 61 64 6d 69 6e 69 73 74 65 72 65 64 20 28 73 74 61 74 65	s.to.use.the.administered.(state
5bb00	66 75 6c 29 20 70 72 6f 74 6f 63 6f 6c 20 28 69 2e 65 2e 20 44 48 43 50 29 20 66 6f 72 20 61 75	ful).protocol.(i.e..DHCP).for.au
5bb20	74 6f 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 66 20 6f 74 68 65 72 20 28 6e 6f 6e 2d 61 64	toconfiguration.of.other.(non-ad
5bb40	64 72 65 73 73 29 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 00 54 65 6c 6c 20 68 6f 73 74 73 20 74 6f	dress).information.Tell.hosts.to
5bb60	20 75 73 65 20 74 68 65 20 61 64 6d 69 6e 69 73 74 65 72 65 64 20 73 74 61 74 65 66 75 6c 20 70	.use.the.administered.stateful.p
5bb80	72 6f 74 6f 63 6f 6c 20 28 69 2e 65 2e 20 44 48 43 50 29 20 66 6f 72 20 61 75 74 6f 63 6f 6e 66	rotocol.(i.e..DHCP).for.autoconf
5bba0	69 67 75 72 61 74 69 6f 6e 00 54 65 6d 70 6f 72 61 72 79 20 64 69 73 61 62 6c 65 20 74 68 69 73	iguration.Temporary.disable.this
5bbc0	20 52 41 44 49 55 53 20 73 65 72 76 65 72 2e 00 54 65 6d 70 6f 72 61 72 79 20 64 69 73 61 62 6c	.RADIUS.server..Temporary.disabl
5bbe0	65 20 74 68 69 73 20 52 41 44 49 55 53 20 73 65 72 76 65 72 2e 20 49 74 20 77 6f 6e 27 74 20 62	e.this.RADIUS.server..It.won't.b
5bc00	65 20 71 75 65 72 69 65 64 2e 00 54 65 6d 70 6f 72 61 72 79 20 64 69 73 61 62 6c 65 20 74 68 69	e.queried..Temporary.disable.thi
5bc20	73 20 54 41 43 41 43 53 20 73 65 72 76 65 72 2e 20 49 74 20 77 6f 6e 27 74 20 62 65 20 71 75 65	s.TACACS.server..It.won't.be.que
5bc40	72 69 65 64 2e 00 54 65 72 6d 69 6e 61 74 65 20 53 53 4c 00 54 65 73 74 20 63 6f 6e 6e 65 63 74	ried..Terminate.SSL.Test.connect
5bc60	69 6e 67 20 67 69 76 65 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 2d 6f 72 69 65 6e 74 65 64 20 69 6e	ing.given.connection-oriented.in
5bc80	74 65 72 66 61 63 65 2e 20 60 3c 69 6e 74 65 72 66 61 63 65 3e 60 20 63 61 6e 20 62 65 20 60 60	terface..`<interface>`.can.be.``
5bca0	70 70 70 6f 65 30 60 60 20 61 73 20 74 68 65 20 65 78 61 6d 70 6c 65 2e 00 54 65 73 74 20 63 6f	pppoe0``.as.the.example..Test.co
5bcc0	6e 6e 65 63 74 69 6e 67 20 67 69 76 65 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 2d 6f 72 69 65 6e 74	nnecting.given.connection-orient
5bce0	65 64 20 69 6e 74 65 72 66 61 63 65 2e 20 60 3c 69 6e 74 65 72 66 61 63 65 3e 60 20 63 61 6e 20	ed.interface..`<interface>`.can.
5bd00	62 65 20 60 60 73 73 74 70 63 30 60 60 20 61 73 20 74 68 65 20 65 78 61 6d 70 6c 65 2e 00 54 65	be.``sstpc0``.as.the.example..Te
5bd20	73 74 20 64 69 73 63 6f 6e 6e 65 63 74 69 6e 67 20 67 69 76 65 6e 20 63 6f 6e 6e 65 63 74 69 6f	st.disconnecting.given.connectio
5bd40	6e 2d 6f 72 69 65 6e 74 65 64 20 69 6e 74 65 72 66 61 63 65 2e 20 60 3c 69 6e 74 65 72 66 61 63	n-oriented.interface..`<interfac
5bd60	65 3e 60 20 63 61 6e 20 62 65 20 60 60 70 70 70 6f 65 30 60 60 20 61 73 20 74 68 65 20 65 78 61	e>`.can.be.``pppoe0``.as.the.exa
5bd80	6d 70 6c 65 2e 00 54 65 73 74 20 64 69 73 63 6f 6e 6e 65 63 74 69 6e 67 20 67 69 76 65 6e 20 63	mple..Test.disconnecting.given.c
5bda0	6f 6e 6e 65 63 74 69 6f 6e 2d 6f 72 69 65 6e 74 65 64 20 69 6e 74 65 72 66 61 63 65 2e 20 60 3c	onnection-oriented.interface..`<
5bdc0	69 6e 74 65 72 66 61 63 65 3e 60 20 63 61 6e 20 62 65 20 60 60 73 73 74 70 63 30 60 60 20 61 73	interface>`.can.be.``sstpc0``.as
5bde0	20 74 68 65 20 65 78 61 6d 70 6c 65 2e 00 54 65 73 74 69 6e 67 20 53 53 54 50 00 54 65 73 74 69	.the.example..Testing.SSTP.Testi
5be00	6e 67 20 61 6e 64 20 56 61 6c 69 64 61 74 69 6f 6e 00 54 68 61 6e 6b 73 20 74 6f 20 74 68 69 73	ng.and.Validation.Thanks.to.this
5be20	20 64 69 73 63 6f 76 65 72 79 2c 20 61 6e 79 20 73 75 62 73 65 71 75 65 6e 74 20 74 72 61 66 66	.discovery,.any.subsequent.traff
5be40	69 63 20 62 65 74 77 65 65 6e 20 50 43 34 20 61 6e 64 20 50 43 35 20 77 69 6c 6c 20 6e 6f 74 20	ic.between.PC4.and.PC5.will.not.
5be60	62 65 20 75 73 69 6e 67 20 74 68 65 20 6d 75 6c 74 69 63 61 73 74 2d 61 64 64 72 65 73 73 20 62	be.using.the.multicast-address.b
5be80	65 74 77 65 65 6e 20 74 68 65 20 6c 65 61 76 65 73 20 61 73 20 74 68 65 79 20 62 6f 74 68 20 6b	etween.the.leaves.as.they.both.k
5bea0	6e 6f 77 20 62 65 68 69 6e 64 20 77 68 69 63 68 20 4c 65 61 66 20 74 68 65 20 50 43 73 20 61 72	now.behind.which.Leaf.the.PCs.ar
5bec0	65 20 63 6f 6e 6e 65 63 74 65 64 2e 20 54 68 69 73 20 73 61 76 65 73 20 74 72 61 66 66 69 63 20	e.connected..This.saves.traffic.
5bee0	61 73 20 6c 65 73 73 20 6d 75 6c 74 69 63 61 73 74 20 70 61 63 6b 65 74 73 20 73 65 6e 74 20 72	as.less.multicast.packets.sent.r
5bf00	65 64 75 63 65 73 20 74 68 65 20 6c 6f 61 64 20 6f 6e 20 74 68 65 20 6e 65 74 77 6f 72 6b 2c 20	educes.the.load.on.the.network,.
5bf20	77 68 69 63 68 20 69 6d 70 72 6f 76 65 73 20 73 63 61 6c 61 62 69 6c 69 74 79 20 77 68 65 6e 20	which.improves.scalability.when.
5bf40	6d 6f 72 65 20 6c 65 61 76 65 73 20 61 72 65 20 61 64 64 65 64 2e 00 54 68 61 74 20 69 73 20 68	more.leaves.are.added..That.is.h
5bf60	6f 77 20 69 74 20 69 73 20 70 6f 73 73 69 62 6c 65 20 74 6f 20 64 6f 20 74 68 65 20 73 6f 2d 63	ow.it.is.possible.to.do.the.so-c
5bf80	61 6c 6c 65 64 20 22 69 6e 67 72 65 73 73 20 73 68 61 70 69 6e 67 22 2e 00 54 68 61 74 20 6c 6f	alled."ingress.shaping"..That.lo
5bfa0	6f 6b 73 20 67 6f 6f 64 20 2d 20 77 65 20 64 65 66 69 6e 65 64 20 32 20 74 75 6e 6e 65 6c 73 20	oks.good.-.we.defined.2.tunnels.
5bfc0	61 6e 64 20 74 68 65 79 27 72 65 20 62 6f 74 68 20 75 70 20 61 6e 64 20 72 75 6e 6e 69 6e 67 2e	and.they're.both.up.and.running.
5bfe0	00 54 68 65 20 3a 61 62 62 72 3a 60 41 53 4e 20 28 41 75 74 6f 6e 6f 6d 6f 75 73 20 53 79 73 74	.The.:abbr:`ASN.(Autonomous.Syst
5c000	65 6d 20 4e 75 6d 62 65 72 29 60 20 69 73 20 6f 6e 65 20 6f 66 20 74 68 65 20 65 73 73 65 6e 74	em.Number)`.is.one.of.the.essent
5c020	69 61 6c 20 65 6c 65 6d 65 6e 74 73 20 6f 66 20 42 47 50 2e 20 42 47 50 20 69 73 20 61 20 64 69	ial.elements.of.BGP..BGP.is.a.di
5c040	73 74 61 6e 63 65 20 76 65 63 74 6f 72 20 72 6f 75 74 69 6e 67 20 70 72 6f 74 6f 63 6f 6c 2c 20	stance.vector.routing.protocol,.
5c060	61 6e 64 20 74 68 65 20 41 53 2d 50 61 74 68 20 66 72 61 6d 65 77 6f 72 6b 20 70 72 6f 76 69 64	and.the.AS-Path.framework.provid
5c080	65 73 20 64 69 73 74 61 6e 63 65 20 76 65 63 74 6f 72 20 6d 65 74 72 69 63 20 61 6e 64 20 6c 6f	es.distance.vector.metric.and.lo
5c0a0	6f 70 20 64 65 74 65 63 74 69 6f 6e 20 74 6f 20 42 47 50 2e 00 54 68 65 20 3a 61 62 62 72 3a 60	op.detection.to.BGP..The.:abbr:`
5c0c0	44 4e 50 54 76 36 20 28 44 65 73 74 69 6e 61 74 69 6f 6e 20 49 50 76 36 2d 74 6f 2d 49 50 76 36	DNPTv6.(Destination.IPv6-to-IPv6
5c0e0	20 4e 65 74 77 6f 72 6b 20 50 72 65 66 69 78 20 54 72 61 6e 73 6c 61 74 69 6f 6e 29 60 20 64 65	.Network.Prefix.Translation)`.de
5c100	73 74 69 6e 61 74 69 6f 6e 20 61 64 64 72 65 73 73 20 74 72 61 6e 73 6c 61 74 69 6f 6e 20 66 75	stination.address.translation.fu
5c120	6e 63 74 69 6f 6e 20 69 73 20 75 73 65 64 20 69 6e 20 73 63 65 6e 61 72 69 6f 73 20 77 68 65 72	nction.is.used.in.scenarios.wher
5c140	65 20 74 68 65 20 73 65 72 76 65 72 20 69 6e 20 74 68 65 20 69 6e 74 65 72 6e 61 6c 20 6e 65 74	e.the.server.in.the.internal.net
5c160	77 6f 72 6b 20 70 72 6f 76 69 64 65 73 20 73 65 72 76 69 63 65 73 20 74 6f 20 74 68 65 20 65 78	work.provides.services.to.the.ex
5c180	74 65 72 6e 61 6c 20 6e 65 74 77 6f 72 6b 2c 20 73 75 63 68 20 61 73 20 70 72 6f 76 69 64 69 6e	ternal.network,.such.as.providin
5c1a0	67 20 57 65 62 20 73 65 72 76 69 63 65 73 20 6f 72 20 46 54 50 20 73 65 72 76 69 63 65 73 20 74	g.Web.services.or.FTP.services.t
5c1c0	6f 20 74 68 65 20 65 78 74 65 72 6e 61 6c 20 6e 65 74 77 6f 72 6b 2e 20 42 79 20 63 6f 6e 66 69	o.the.external.network..By.confi
5c1e0	67 75 72 69 6e 67 20 74 68 65 20 6d 61 70 70 69 6e 67 20 72 65 6c 61 74 69 6f 6e 73 68 69 70 20	guring.the.mapping.relationship.
5c200	62 65 74 77 65 65 6e 20 74 68 65 20 69 6e 74 65 72 6e 61 6c 20 73 65 72 76 65 72 20 61 64 64 72	between.the.internal.server.addr
5c220	65 73 73 20 61 6e 64 20 74 68 65 20 65 78 74 65 72 6e 61 6c 20 6e 65 74 77 6f 72 6b 20 61 64 64	ess.and.the.external.network.add
5c240	72 65 73 73 20 6f 6e 20 74 68 65 20 65 78 74 65 72 6e 61 6c 20 6e 65 74 77 6f 72 6b 20 73 69 64	ress.on.the.external.network.sid
5c260	65 20 69 6e 74 65 72 66 61 63 65 20 6f 66 20 74 68 65 20 4e 41 54 36 36 20 64 65 76 69 63 65 2c	e.interface.of.the.NAT66.device,
5c280	20 65 78 74 65 72 6e 61 6c 20 6e 65 74 77 6f 72 6b 20 75 73 65 72 73 20 63 61 6e 20 61 63 63 65	.external.network.users.can.acce
5c2a0	73 73 20 74 68 65 20 69 6e 74 65 72 6e 61 6c 20 6e 65 74 77 6f 72 6b 20 73 65 72 76 65 72 20 74	ss.the.internal.network.server.t
5c2c0	68 72 6f 75 67 68 20 74 68 65 20 64 65 73 69 67 6e 61 74 65 64 20 65 78 74 65 72 6e 61 6c 20 6e	hrough.the.designated.external.n
5c2e0	65 74 77 6f 72 6b 20 61 64 64 72 65 73 73 2e 00 54 68 65 20 3a 61 62 62 72 3a 60 4d 50 4c 53 20	etwork.address..The.:abbr:`MPLS.
5c300	28 4d 75 6c 74 69 2d 50 72 6f 74 6f 63 6f 6c 20 4c 61 62 65 6c 20 53 77 69 74 63 68 69 6e 67 29	(Multi-Protocol.Label.Switching)
5c320	60 20 61 72 63 68 69 74 65 63 74 75 72 65 20 64 6f 65 73 20 6e 6f 74 20 61 73 73 75 6d 65 20 61	`.architecture.does.not.assume.a
5c340	20 73 69 6e 67 6c 65 20 70 72 6f 74 6f 63 6f 6c 20 74 6f 20 63 72 65 61 74 65 20 4d 50 4c 53 20	.single.protocol.to.create.MPLS.
5c360	70 61 74 68 73 2e 20 56 79 4f 53 20 73 75 70 70 6f 72 74 73 20 74 68 65 20 4c 61 62 65 6c 20 44	paths..VyOS.supports.the.Label.D
5c380	69 73 74 72 69 62 75 74 69 6f 6e 20 50 72 6f 74 6f 63 6f 6c 20 28 4c 44 50 29 20 61 73 20 69 6d	istribution.Protocol.(LDP).as.im
5c3a0	70 6c 65 6d 65 6e 74 65 64 20 62 79 20 46 52 52 2c 20 62 61 73 65 64 20 6f 6e 20 3a 72 66 63 3a	plemented.by.FRR,.based.on.:rfc:
5c3c0	60 35 30 33 36 60 2e 00 54 68 65 20 3a 72 65 66 3a 60 73 6f 75 72 63 65 2d 6e 61 74 36 36 60 20	`5036`..The.:ref:`source-nat66`.
5c3e0	72 75 6c 65 20 72 65 70 6c 61 63 65 73 20 74 68 65 20 73 6f 75 72 63 65 20 61 64 64 72 65 73 73	rule.replaces.the.source.address
5c400	20 6f 66 20 74 68 65 20 70 61 63 6b 65 74 20 61 6e 64 20 63 61 6c 63 75 6c 61 74 65 73 20 74 68	.of.the.packet.and.calculates.th
5c420	65 20 63 6f 6e 76 65 72 74 65 64 20 61 64 64 72 65 73 73 20 75 73 69 6e 67 20 74 68 65 20 70 72	e.converted.address.using.the.pr
5c440	65 66 69 78 20 73 70 65 63 69 66 69 65 64 20 69 6e 20 74 68 65 20 72 75 6c 65 2e 00 54 68 65 20	efix.specified.in.the.rule..The.
5c460	41 52 50 20 6d 6f 6e 69 74 6f 72 20 77 6f 72 6b 73 20 62 79 20 70 65 72 69 6f 64 69 63 61 6c 6c	ARP.monitor.works.by.periodicall
5c480	79 20 63 68 65 63 6b 69 6e 67 20 74 68 65 20 73 6c 61 76 65 20 64 65 76 69 63 65 73 20 74 6f 20	y.checking.the.slave.devices.to.
5c4a0	64 65 74 65 72 6d 69 6e 65 20 77 68 65 74 68 65 72 20 74 68 65 79 20 68 61 76 65 20 73 65 6e 74	determine.whether.they.have.sent
5c4c0	20 6f 72 20 72 65 63 65 69 76 65 64 20 74 72 61 66 66 69 63 20 72 65 63 65 6e 74 6c 79 20 28 74	.or.received.traffic.recently.(t
5c4e0	68 65 20 70 72 65 63 69 73 65 20 63 72 69 74 65 72 69 61 20 64 65 70 65 6e 64 73 20 75 70 6f 6e	he.precise.criteria.depends.upon
5c500	20 74 68 65 20 62 6f 6e 64 69 6e 67 20 6d 6f 64 65 2c 20 61 6e 64 20 74 68 65 20 73 74 61 74 65	.the.bonding.mode,.and.the.state
5c520	20 6f 66 20 74 68 65 20 73 6c 61 76 65 29 2e 20 52 65 67 75 6c 61 72 20 74 72 61 66 66 69 63 20	.of.the.slave)..Regular.traffic.
5c540	69 73 20 67 65 6e 65 72 61 74 65 64 20 76 69 61 20 41 52 50 20 70 72 6f 62 65 73 20 69 73 73 75	is.generated.via.ARP.probes.issu
5c560	65 64 20 66 6f 72 20 74 68 65 20 61 64 64 72 65 73 73 65 73 20 73 70 65 63 69 66 69 65 64 20 62	ed.for.the.addresses.specified.b
5c580	79 20 74 68 65 20 3a 63 66 67 63 6d 64 3a 60 61 72 70 2d 6d 6f 6e 69 74 6f 72 20 74 61 72 67 65	y.the.:cfgcmd:`arp-monitor.targe
5c5a0	74 60 20 6f 70 74 69 6f 6e 2e 00 54 68 65 20 41 53 50 20 68 61 73 20 64 6f 63 75 6d 65 6e 74 65	t`.option..The.ASP.has.documente
5c5c0	64 20 74 68 65 69 72 20 49 50 53 65 63 20 72 65 71 75 69 72 65 6d 65 6e 74 73 3a 00 54 68 65 20	d.their.IPSec.requirements:.The.
5c5e0	42 47 50 20 72 6f 75 74 65 72 20 63 61 6e 20 63 6f 6e 6e 65 63 74 20 74 6f 20 6f 6e 65 20 6f 72	BGP.router.can.connect.to.one.or
5c600	20 6d 6f 72 65 20 52 50 4b 49 20 63 61 63 68 65 20 73 65 72 76 65 72 73 20 74 6f 20 72 65 63 65	.more.RPKI.cache.servers.to.rece
5c620	69 76 65 20 76 61 6c 69 64 61 74 65 64 20 70 72 65 66 69 78 20 74 6f 20 6f 72 69 67 69 6e 20 41	ive.validated.prefix.to.origin.A
5c640	53 20 6d 61 70 70 69 6e 67 73 2e 20 41 64 76 61 6e 63 65 64 20 66 61 69 6c 6f 76 65 72 20 63 61	S.mappings..Advanced.failover.ca
5c660	6e 20 62 65 20 69 6d 70 6c 65 6d 65 6e 74 65 64 20 62 79 20 73 65 72 76 65 72 20 73 6f 63 6b 65	n.be.implemented.by.server.socke
5c680	74 73 20 77 69 74 68 20 64 69 66 66 65 72 65 6e 74 20 70 72 65 66 65 72 65 6e 63 65 20 76 61 6c	ts.with.different.preference.val
5c6a0	75 65 73 2e 00 54 68 65 20 43 4c 49 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 69 73 20 73 61	ues..The.CLI.configuration.is.sa
5c6c0	6d 65 20 61 73 20 6d 65 6e 74 69 6f 6e 65 64 20 69 6e 20 61 62 6f 76 65 20 61 72 74 69 63 6c 65	me.as.mentioned.in.above.article
5c6e0	73 2e 20 54 68 65 20 6f 6e 6c 79 20 64 69 66 66 65 72 65 6e 63 65 20 69 73 2c 20 74 68 61 74 20	s..The.only.difference.is,.that.
5c700	65 61 63 68 20 72 6f 75 74 69 6e 67 20 70 72 6f 74 6f 63 6f 6c 20 75 73 65 64 2c 20 6d 75 73 74	each.routing.protocol.used,.must
5c720	20 62 65 20 70 72 65 66 69 78 65 64 20 77 69 74 68 20 74 68 65 20 60 76 72 66 20 6e 61 6d 65 20	.be.prefixed.with.the.`vrf.name.
5c740	3c 6e 61 6d 65 3e 60 20 63 6f 6d 6d 61 6e 64 2e 00 54 68 65 20 43 4c 4e 53 20 61 64 64 72 65 73	<name>`.command..The.CLNS.addres
5c760	73 20 63 6f 6e 73 69 73 74 73 20 6f 66 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 70 61 72 74	s.consists.of.the.following.part
5c780	73 3a 00 54 68 65 20 44 48 43 50 20 75 6e 69 71 75 65 20 69 64 65 6e 74 69 66 69 65 72 20 28 44	s:.The.DHCP.unique.identifier.(D
5c7a0	55 49 44 29 20 69 73 20 75 73 65 64 20 62 79 20 61 20 63 6c 69 65 6e 74 20 74 6f 20 67 65 74 20	UID).is.used.by.a.client.to.get.
5c7c0	61 6e 20 49 50 20 61 64 64 72 65 73 73 20 66 72 6f 6d 20 61 20 44 48 43 50 76 36 20 73 65 72 76	an.IP.address.from.a.DHCPv6.serv
5c7e0	65 72 2e 20 49 74 20 68 61 73 20 61 20 32 2d 62 79 74 65 20 44 55 49 44 20 74 79 70 65 20 66 69	er..It.has.a.2-byte.DUID.type.fi
5c800	65 6c 64 2c 20 61 6e 64 20 61 20 76 61 72 69 61 62 6c 65 2d 6c 65 6e 67 74 68 20 69 64 65 6e 74	eld,.and.a.variable-length.ident
5c820	69 66 69 65 72 20 66 69 65 6c 64 20 75 70 20 74 6f 20 31 32 38 20 62 79 74 65 73 2e 20 49 74 73	ifier.field.up.to.128.bytes..Its
5c840	20 61 63 74 75 61 6c 20 6c 65 6e 67 74 68 20 64 65 70 65 6e 64 73 20 6f 6e 20 69 74 73 20 74 79	.actual.length.depends.on.its.ty
5c860	70 65 2e 20 54 68 65 20 73 65 72 76 65 72 20 63 6f 6d 70 61 72 65 73 20 74 68 65 20 44 55 49 44	pe..The.server.compares.the.DUID
5c880	20 77 69 74 68 20 69 74 73 20 64 61 74 61 62 61 73 65 20 61 6e 64 20 64 65 6c 69 76 65 72 73 20	.with.its.database.and.delivers.
5c8a0	63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 64 61 74 61 20 28 61 64 64 72 65 73 73 2c 20 6c 65 61	configuration.data.(address,.lea
5c8c0	73 65 20 74 69 6d 65 73 2c 20 44 4e 53 20 73 65 72 76 65 72 73 2c 20 65 74 63 2e 29 20 74 6f 20	se.times,.DNS.servers,.etc.).to.
5c8e0	74 68 65 20 63 6c 69 65 6e 74 2e 00 54 68 65 20 44 4e 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20	the.client..The.DN.and.password.
5c900	74 6f 20 62 69 6e 64 20 61 73 20 77 68 69 6c 65 20 70 65 72 66 6f 72 6d 69 6e 67 20 73 65 61 72	to.bind.as.while.performing.sear
5c920	63 68 65 73 2e 00 54 68 65 20 44 4e 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 74 6f 20 62 69 6e	ches..The.DN.and.password.to.bin
5c940	64 20 61 73 20 77 68 69 6c 65 20 70 65 72 66 6f 72 6d 69 6e 67 20 73 65 61 72 63 68 65 73 2e 20	d.as.while.performing.searches..
5c960	41 73 20 74 68 65 20 70 61 73 73 77 6f 72 64 20 6e 65 65 64 73 20 74 6f 20 62 65 20 70 72 69 6e	As.the.password.needs.to.be.prin
5c980	74 65 64 20 69 6e 20 70 6c 61 69 6e 20 74 65 78 74 20 69 6e 20 79 6f 75 72 20 53 71 75 69 64 20	ted.in.plain.text.in.your.Squid.
5c9a0	63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 69 74 20 69 73 20 73 74 72 6f 6e 67 6c 79 20 72 65 63	configuration.it.is.strongly.rec
5c9c0	6f 6d 6d 65 6e 64 65 64 20 74 6f 20 75 73 65 20 61 20 61 63 63 6f 75 6e 74 20 77 69 74 68 20 6d	ommended.to.use.a.account.with.m
5c9e0	69 6e 69 6d 61 6c 20 61 73 73 6f 63 69 61 74 65 64 20 70 72 69 76 69 6c 65 67 65 73 2e 20 54 68	inimal.associated.privileges..Th
5ca00	69 73 20 74 6f 20 6c 69 6d 69 74 20 74 68 65 20 64 61 6d 61 67 65 20 69 6e 20 63 61 73 65 20 73	is.to.limit.the.damage.in.case.s
5ca20	6f 6d 65 6f 6e 65 20 63 6f 75 6c 64 20 67 65 74 20 68 6f 6c 64 20 6f 66 20 61 20 63 6f 70 79 20	omeone.could.get.hold.of.a.copy.
5ca40	6f 66 20 79 6f 75 72 20 53 71 75 69 64 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 66 69 6c 65	of.your.Squid.configuration.file
5ca60	2e 00 54 68 65 20 46 51 2d 43 6f 44 65 6c 20 70 6f 6c 69 63 79 20 64 69 73 74 72 69 62 75 74 65	..The.FQ-CoDel.policy.distribute
5ca80	73 20 74 68 65 20 74 72 61 66 66 69 63 20 69 6e 74 6f 20 31 30 32 34 20 46 49 46 4f 20 71 75 65	s.the.traffic.into.1024.FIFO.que
5caa0	75 65 73 20 61 6e 64 20 74 72 69 65 73 20 74 6f 20 70 72 6f 76 69 64 65 20 67 6f 6f 64 20 73 65	ues.and.tries.to.provide.good.se
5cac0	72 76 69 63 65 20 62 65 74 77 65 65 6e 20 61 6c 6c 20 6f 66 20 74 68 65 6d 2e 20 49 74 20 61 6c	rvice.between.all.of.them..It.al
5cae0	73 6f 20 74 72 69 65 73 20 74 6f 20 6b 65 65 70 20 74 68 65 20 6c 65 6e 67 74 68 20 6f 66 20 61	so.tries.to.keep.the.length.of.a
5cb00	6c 6c 20 74 68 65 20 71 75 65 75 65 73 20 73 68 6f 72 74 2e 00 54 68 65 20 48 54 54 50 20 73 65	ll.the.queues.short..The.HTTP.se
5cb20	72 76 69 63 65 20 6c 69 73 74 65 6e 20 6f 6e 20 54 43 50 20 70 6f 72 74 20 38 30 2e 00 54 68 65	rvice.listen.on.TCP.port.80..The
5cb40	20 49 50 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 69 6e 74 65 72 6e 61 6c 20 73 79 73 74	.IP.address.of.the.internal.syst
5cb60	65 6d 20 77 65 20 77 69 73 68 20 74 6f 20 66 6f 72 77 61 72 64 20 74 72 61 66 66 69 63 20 74 6f	em.we.wish.to.forward.traffic.to
5cb80	2e 00 54 68 65 20 49 6e 74 65 6c 20 41 58 32 30 30 20 63 61 72 64 20 64 6f 65 73 20 6e 6f 74 20	..The.Intel.AX200.card.does.not.
5cba0	77 6f 72 6b 20 6f 75 74 20 6f 66 20 74 68 65 20 62 6f 78 20 69 6e 20 41 50 20 6d 6f 64 65 2c 20	work.out.of.the.box.in.AP.mode,.
5cbc0	73 65 65 20 68 74 74 70 73 3a 2f 2f 75 6e 69 78 2e 73 74 61 63 6b 65 78 63 68 61 6e 67 65 2e 63	see.https://unix.stackexchange.c
5cbe0	6f 6d 2f 71 75 65 73 74 69 6f 6e 73 2f 35 39 38 32 37 35 2f 69 6e 74 65 6c 2d 61 78 32 30 30 2d	om/questions/598275/intel-ax200-
5cc00	61 70 2d 6d 6f 64 65 2e 20 59 6f 75 20 63 61 6e 20 73 74 69 6c 6c 20 70 75 74 20 74 68 69 73 20	ap-mode..You.can.still.put.this.
5cc20	63 61 72 64 20 69 6e 74 6f 20 41 50 20 6d 6f 64 65 20 75 73 69 6e 67 20 74 68 65 20 66 6f 6c 6c	card.into.AP.mode.using.the.foll
5cc40	6f 77 69 6e 67 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3a 00 54 68 65 20 4f 49 44 20 60 60 2e	owing.configuration:.The.OID.``.
5cc60	31 2e 33 2e 36 2e 31 2e 34 2e 31 2e 38 30 37 32 2e 31 2e 33 2e 32 2e 33 2e 31 2e 31 2e 34 2e 31	1.3.6.1.4.1.8072.1.3.2.3.1.1.4.1
5cc80	31 36 2e 31 30 31 2e 31 31 35 2e 31 31 36 60 60 2c 20 6f 6e 63 65 20 63 61 6c 6c 65 64 2c 20 77	16.101.115.116``,.once.called,.w
5cca0	69 6c 6c 20 63 6f 6e 74 61 69 6e 20 74 68 65 20 6f 75 74 70 75 74 20 6f 66 20 74 68 65 20 65 78	ill.contain.the.output.of.the.ex
5ccc0	74 65 6e 73 69 6f 6e 2e 00 54 68 65 20 50 6f 69 6e 74 2d 74 6f 2d 50 6f 69 6e 74 20 54 75 6e 6e	tension..The.Point-to-Point.Tunn
5cce0	65 6c 69 6e 67 20 50 72 6f 74 6f 63 6f 6c 20 28 50 50 54 50 5f 29 20 68 61 73 20 62 65 65 6e 20	eling.Protocol.(PPTP_).has.been.
5cd00	69 6d 70 6c 65 6d 65 6e 74 65 64 20 69 6e 20 56 79 4f 53 20 6f 6e 6c 79 20 66 6f 72 20 62 61 63	implemented.in.VyOS.only.for.bac
5cd20	6b 77 61 72 64 73 20 63 6f 6d 70 61 74 69 62 69 6c 69 74 79 2e 20 50 50 54 50 20 68 61 73 20 6d	kwards.compatibility..PPTP.has.m
5cd40	61 6e 79 20 77 65 6c 6c 20 6b 6e 6f 77 6e 20 73 65 63 75 72 69 74 79 20 69 73 73 75 65 73 20 61	any.well.known.security.issues.a
5cd60	6e 64 20 79 6f 75 20 73 68 6f 75 6c 64 20 75 73 65 20 6f 6e 65 20 6f 66 20 74 68 65 20 6d 61 6e	nd.you.should.use.one.of.the.man
5cd80	79 20 6f 74 68 65 72 20 6e 65 77 20 56 50 4e 20 69 6d 70 6c 65 6d 65 6e 74 61 74 69 6f 6e 73 2e	y.other.new.VPN.implementations.
5cda0	00 54 68 65 20 50 6f 77 65 72 44 4e 53 20 72 65 63 75 72 73 6f 72 20 68 61 73 20 35 20 64 69 66	.The.PowerDNS.recursor.has.5.dif
5cdc0	66 65 72 65 6e 74 20 6c 65 76 65 6c 73 20 6f 66 20 44 4e 53 53 45 43 20 70 72 6f 63 65 73 73 69	ferent.levels.of.DNSSEC.processi
5cde0	6e 67 2c 20 77 68 69 63 68 20 63 61 6e 20 62 65 20 73 65 74 20 77 69 74 68 20 74 68 65 20 64 6e	ng,.which.can.be.set.with.the.dn
5ce00	73 73 65 63 20 73 65 74 74 69 6e 67 2e 20 49 6e 20 6f 72 64 65 72 20 66 72 6f 6d 20 6c 65 61 73	ssec.setting..In.order.from.leas
5ce20	74 20 74 6f 20 6d 6f 73 74 20 70 72 6f 63 65 73 73 69 6e 67 2c 20 74 68 65 73 65 20 61 72 65 3a	t.to.most.processing,.these.are:
5ce40	00 54 68 65 20 50 72 69 6f 72 69 74 79 20 51 75 65 75 65 20 69 73 20 61 20 63 6c 61 73 73 66 75	.The.Priority.Queue.is.a.classfu
5ce60	6c 20 73 63 68 65 64 75 6c 69 6e 67 20 70 6f 6c 69 63 79 2e 20 49 74 20 64 6f 65 73 20 6e 6f 74	l.scheduling.policy..It.does.not
5ce80	20 64 65 6c 61 79 20 70 61 63 6b 65 74 73 20 28 50 72 69 6f 72 69 74 79 20 51 75 65 75 65 20 69	.delay.packets.(Priority.Queue.i
5cea0	73 20 6e 6f 74 20 61 20 73 68 61 70 69 6e 67 20 70 6f 6c 69 63 79 29 2c 20 69 74 20 73 69 6d 70	s.not.a.shaping.policy),.it.simp
5cec0	6c 79 20 64 65 71 75 65 75 65 73 20 70 61 63 6b 65 74 73 20 61 63 63 6f 72 64 69 6e 67 20 74 6f	ly.dequeues.packets.according.to
5cee0	20 74 68 65 69 72 20 70 72 69 6f 72 69 74 79 2e 00 54 68 65 20 52 41 44 49 55 53 20 61 63 63 6f	.their.priority..The.RADIUS.acco
5cf00	75 6e 74 69 6e 67 20 66 65 61 74 75 72 65 20 6d 75 73 74 20 62 65 20 75 73 65 64 20 77 69 74 68	unting.feature.must.be.used.with
5cf20	20 74 68 65 20 4f 70 65 6e 43 6f 6e 6e 65 63 74 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20	.the.OpenConnect.authentication.
5cf40	6d 6f 64 65 20 52 41 44 49 55 53 2e 20 49 74 20 63 61 6e 6e 6f 74 20 62 65 20 75 73 65 64 20 77	mode.RADIUS..It.cannot.be.used.w
5cf60	69 74 68 20 6c 6f 63 61 6c 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 2e 20 59 6f 75 20 6d 75	ith.local.authentication..You.mu
5cf80	73 74 20 63 6f 6e 66 69 67 75 72 65 20 74 68 65 20 4f 70 65 6e 43 6f 6e 6e 65 63 74 20 61 75 74	st.configure.the.OpenConnect.aut
5cfa0	68 65 6e 74 69 63 61 74 69 6f 6e 20 6d 6f 64 65 20 74 6f 20 22 72 61 64 69 75 73 22 2e 00 54 68	hentication.mode.to."radius"..Th
5cfc0	65 20 52 41 44 49 55 53 20 64 69 63 74 69 6f 6e 61 72 69 65 73 20 69 6e 20 56 79 4f 53 20 61 72	e.RADIUS.dictionaries.in.VyOS.ar
5cfe0	65 20 6c 6f 63 61 74 65 64 20 61 74 20 60 60 2f 75 73 72 2f 73 68 61 72 65 2f 61 63 63 65 6c 2d	e.located.at.``/usr/share/accel-
5d000	70 70 70 2f 72 61 64 69 75 73 2f 60 60 00 54 68 65 20 53 52 20 73 65 67 6d 65 6e 74 73 20 61 72	ppp/radius/``.The.SR.segments.ar
5d020	65 20 70 6f 72 74 69 6f 6e 73 20 6f 66 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 61 74 68 20 74	e.portions.of.the.network.path.t
5d040	61 6b 65 6e 20 62 79 20 74 68 65 20 70 61 63 6b 65 74 2c 20 61 6e 64 20 61 72 65 20 63 61 6c 6c	aken.by.the.packet,.and.are.call
5d060	65 64 20 53 49 44 73 2e 20 41 74 20 65 61 63 68 20 6e 6f 64 65 2c 20 74 68 65 20 66 69 72 73 74	ed.SIDs..At.each.node,.the.first
5d080	20 53 49 44 20 6f 66 20 74 68 65 20 6c 69 73 74 20 69 73 20 72 65 61 64 2c 20 65 78 65 63 75 74	.SID.of.the.list.is.read,.execut
5d0a0	65 64 20 61 73 20 61 20 66 6f 72 77 61 72 64 69 6e 67 20 66 75 6e 63 74 69 6f 6e 2c 20 61 6e 64	ed.as.a.forwarding.function,.and
5d0c0	20 6d 61 79 20 62 65 20 70 6f 70 70 65 64 20 74 6f 20 6c 65 74 20 74 68 65 20 6e 65 78 74 20 6e	.may.be.popped.to.let.the.next.n
5d0e0	6f 64 65 20 72 65 61 64 20 74 68 65 20 6e 65 78 74 20 53 49 44 20 6f 66 20 74 68 65 20 6c 69 73	ode.read.the.next.SID.of.the.lis
5d100	74 2e 20 54 68 65 20 53 49 44 20 6c 69 73 74 20 63 6f 6d 70 6c 65 74 65 6c 79 20 64 65 74 65 72	t..The.SID.list.completely.deter
5d120	6d 69 6e 65 73 20 74 68 65 20 70 61 74 68 20 77 68 65 72 65 20 74 68 65 20 70 61 63 6b 65 74 20	mines.the.path.where.the.packet.
5d140	69 73 20 66 6f 72 77 61 72 64 65 64 2e 00 54 68 65 20 53 68 61 70 65 72 20 70 6f 6c 69 63 79 20	is.forwarded..The.Shaper.policy.
5d160	64 6f 65 73 20 6e 6f 74 20 67 75 61 72 61 6e 74 65 65 20 61 20 6c 6f 77 20 64 65 6c 61 79 2c 20	does.not.guarantee.a.low.delay,.
5d180	62 75 74 20 69 74 20 64 6f 65 73 20 67 75 61 72 61 6e 74 65 65 20 62 61 6e 64 77 69 64 74 68 20	but.it.does.guarantee.bandwidth.
5d1a0	74 6f 20 64 69 66 66 65 72 65 6e 74 20 74 72 61 66 66 69 63 20 63 6c 61 73 73 65 73 20 61 6e 64	to.different.traffic.classes.and
5d1c0	20 61 6c 73 6f 20 6c 65 74 73 20 79 6f 75 20 64 65 63 69 64 65 20 68 6f 77 20 74 6f 20 61 6c 6c	.also.lets.you.decide.how.to.all
5d1e0	6f 63 61 74 65 20 6d 6f 72 65 20 74 72 61 66 66 69 63 20 6f 6e 63 65 20 74 68 65 20 67 75 61 72	ocate.more.traffic.once.the.guar
5d200	61 6e 74 65 65 73 20 61 72 65 20 6d 65 74 2e 00 54 68 65 20 55 44 50 20 70 6f 72 74 20 6e 75 6d	antees.are.met..The.UDP.port.num
5d220	62 65 72 20 75 73 65 64 20 62 79 20 79 6f 75 72 20 61 70 6c 6c 69 63 61 74 69 6f 6e 2e 20 49 74	ber.used.by.your.apllication..It
5d240	20 69 73 20 6d 61 6e 64 61 74 6f 72 79 20 66 6f 72 20 74 68 69 73 20 6b 69 6e 64 20 6f 66 20 6f	.is.mandatory.for.this.kind.of.o
5d260	70 65 72 61 74 69 6f 6e 2e 00 54 68 65 20 56 58 4c 41 4e 20 73 70 65 63 69 66 69 63 61 74 69 6f	peration..The.VXLAN.specificatio
5d280	6e 20 77 61 73 20 6f 72 69 67 69 6e 61 6c 6c 79 20 63 72 65 61 74 65 64 20 62 79 20 56 4d 77 61	n.was.originally.created.by.VMwa
5d2a0	72 65 2c 20 41 72 69 73 74 61 20 4e 65 74 77 6f 72 6b 73 20 61 6e 64 20 43 69 73 63 6f 2e 20 4f	re,.Arista.Networks.and.Cisco..O
5d2c0	74 68 65 72 20 62 61 63 6b 65 72 73 20 6f 66 20 74 68 65 20 56 58 4c 41 4e 20 74 65 63 68 6e 6f	ther.backers.of.the.VXLAN.techno
5d2e0	6c 6f 67 79 20 69 6e 63 6c 75 64 65 20 48 75 61 77 65 69 2c 20 42 72 6f 61 64 63 6f 6d 2c 20 43	logy.include.Huawei,.Broadcom,.C
5d300	69 74 72 69 78 2c 20 50 69 63 61 38 2c 20 42 69 67 20 53 77 69 74 63 68 20 4e 65 74 77 6f 72 6b	itrix,.Pica8,.Big.Switch.Network
5d320	73 2c 20 43 75 6d 75 6c 75 73 20 4e 65 74 77 6f 72 6b 73 2c 20 44 65 6c 6c 20 45 4d 43 2c 20 45	s,.Cumulus.Networks,.Dell.EMC,.E
5d340	72 69 63 73 73 6f 6e 2c 20 4d 65 6c 6c 61 6e 6f 78 2c 20 46 72 65 65 42 53 44 2c 20 4f 70 65 6e	ricsson,.Mellanox,.FreeBSD,.Open
5d360	42 53 44 2c 20 52 65 64 20 48 61 74 2c 20 4a 6f 79 65 6e 74 2c 20 61 6e 64 20 4a 75 6e 69 70 65	BSD,.Red.Hat,.Joyent,.and.Junipe
5d380	72 20 4e 65 74 77 6f 72 6b 73 2e 00 54 68 65 20 56 79 4f 53 20 44 4e 53 20 66 6f 72 77 61 72 64	r.Networks..The.VyOS.DNS.forward
5d3a0	65 72 20 64 6f 65 73 20 6e 6f 74 20 72 65 71 75 69 72 65 20 61 6e 20 75 70 73 74 72 65 61 6d 20	er.does.not.require.an.upstream.
5d3c0	44 4e 53 20 73 65 72 76 65 72 2e 20 49 74 20 63 61 6e 20 73 65 72 76 65 20 61 73 20 61 20 66 75	DNS.server..It.can.serve.as.a.fu
5d3e0	6c 6c 20 72 65 63 75 72 73 69 76 65 20 44 4e 53 20 73 65 72 76 65 72 20 2d 20 62 75 74 20 69 74	ll.recursive.DNS.server.-.but.it
5d400	20 63 61 6e 20 61 6c 73 6f 20 66 6f 72 77 61 72 64 20 71 75 65 72 69 65 73 20 74 6f 20 63 6f 6e	.can.also.forward.queries.to.con
5d420	66 69 67 75 72 61 62 6c 65 20 75 70 73 74 72 65 61 6d 20 44 4e 53 20 73 65 72 76 65 72 73 2e 20	figurable.upstream.DNS.servers..
5d440	42 79 20 6e 6f 74 20 63 6f 6e 66 69 67 75 72 69 6e 67 20 61 6e 79 20 75 70 73 74 72 65 61 6d 20	By.not.configuring.any.upstream.
5d460	44 4e 53 20 73 65 72 76 65 72 73 20 79 6f 75 20 61 6c 73 6f 20 61 76 6f 69 64 20 62 65 69 6e 67	DNS.servers.you.also.avoid.being
5d480	20 74 72 61 63 6b 65 64 20 62 79 20 74 68 65 20 70 72 6f 76 69 64 65 72 20 6f 66 20 79 6f 75 72	.tracked.by.the.provider.of.your
5d4a0	20 75 70 73 74 72 65 61 6d 20 44 4e 53 20 73 65 72 76 65 72 2e 00 54 68 65 20 56 79 4f 53 20 44	.upstream.DNS.server..The.VyOS.D
5d4c0	4e 53 20 66 6f 72 77 61 72 64 65 72 20 77 69 6c 6c 20 6f 6e 6c 79 20 61 63 63 65 70 74 20 6c 6f	NS.forwarder.will.only.accept.lo
5d4e0	6f 6b 75 70 20 72 65 71 75 65 73 74 73 20 66 72 6f 6d 20 74 68 65 20 4c 41 4e 20 73 75 62 6e 65	okup.requests.from.the.LAN.subne
5d500	74 73 20 2d 20 31 39 32 2e 31 36 38 2e 31 2e 30 2f 32 34 20 61 6e 64 20 32 30 30 31 3a 64 62 38	ts.-.192.168.1.0/24.and.2001:db8
5d520	3a 3a 2f 36 34 00 54 68 65 20 56 79 4f 53 20 44 4e 53 20 66 6f 72 77 61 72 64 65 72 20 77 69 6c	::/64.The.VyOS.DNS.forwarder.wil
5d540	6c 20 6f 6e 6c 79 20 6c 69 73 74 65 6e 20 66 6f 72 20 72 65 71 75 65 73 74 73 20 6f 6e 20 74 68	l.only.listen.for.requests.on.th
5d560	65 20 65 74 68 31 20 28 4c 41 4e 29 20 69 6e 74 65 72 66 61 63 65 20 61 64 64 72 65 73 73 65 73	e.eth1.(LAN).interface.addresses
5d580	20 2d 20 31 39 32 2e 31 36 38 2e 31 2e 32 35 34 20 66 6f 72 20 49 50 76 34 20 61 6e 64 20 32 30	.-.192.168.1.254.for.IPv4.and.20
5d5a0	30 31 3a 64 62 38 3a 3a 66 66 66 66 20 66 6f 72 20 49 50 76 36 00 54 68 65 20 56 79 4f 53 20 44	01:db8::ffff.for.IPv6.The.VyOS.D
5d5c0	4e 53 20 66 6f 72 77 61 72 64 65 72 20 77 69 6c 6c 20 70 61 73 73 20 72 65 76 65 72 73 65 20 6c	NS.forwarder.will.pass.reverse.l
5d5e0	6f 6f 6b 75 70 73 20 66 6f 72 20 20 31 30 2e 69 6e 2d 61 64 64 72 2e 61 72 70 61 2c 20 31 36 38	ookups.for..10.in-addr.arpa,.168
5d600	2e 31 39 32 2e 69 6e 2d 61 64 64 72 2e 61 72 70 61 2c 20 31 36 2d 33 31 2e 31 37 32 2e 69 6e 2d	.192.in-addr.arpa,.16-31.172.in-
5d620	61 64 64 72 2e 61 72 70 61 20 7a 6f 6e 65 73 20 74 6f 20 75 70 73 74 72 65 61 6d 20 73 65 72 76	addr.arpa.zones.to.upstream.serv
5d640	65 72 2e 00 54 68 65 20 56 79 4f 53 20 63 6f 6e 74 61 69 6e 65 72 20 69 6d 70 6c 65 6d 65 6e 74	er..The.VyOS.container.implement
5d660	61 74 69 6f 6e 20 69 73 20 62 61 73 65 64 20 6f 6e 20 60 50 6f 64 6d 61 6e 3c 68 74 74 70 73 3a	ation.is.based.on.`Podman<https:
5d680	2f 2f 70 6f 64 6d 61 6e 2e 69 6f 2f 3e 60 20 61 73 20 61 20 64 65 61 6d 6f 6e 6c 65 73 73 20 63	//podman.io/>`.as.a.deamonless.c
5d6a0	6f 6e 74 61 69 6e 65 72 20 65 6e 67 69 6e 65 2e 00 54 68 65 20 57 41 50 20 69 6e 20 74 68 69 73	ontainer.engine..The.WAP.in.this
5d6c0	20 65 78 61 6d 70 6c 65 20 68 61 73 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 63 68 61 72 61	.example.has.the.following.chara
5d6e0	63 74 65 72 69 73 74 69 63 73 3a 00 54 68 65 20 57 69 72 65 6c 65 73 73 20 57 69 64 65 2d 41 72	cteristics:.The.Wireless.Wide-Ar
5d700	65 61 2d 4e 65 74 77 6f 72 6b 20 69 6e 74 65 72 66 61 63 65 20 70 72 6f 76 69 64 65 73 20 61 63	ea-Network.interface.provides.ac
5d720	63 65 73 73 20 28 74 68 72 6f 75 67 68 20 61 20 77 69 72 65 6c 65 73 73 20 6d 6f 64 65 6d 2f 77	cess.(through.a.wireless.modem/w
5d740	77 61 6e 29 20 74 6f 20 77 69 72 65 6c 65 73 73 20 6e 65 74 77 6f 72 6b 73 20 70 72 6f 76 69 64	wan).to.wireless.networks.provid
5d760	65 64 20 62 79 20 76 61 72 69 6f 75 73 20 63 65 6c 6c 75 6c 61 72 20 70 72 6f 76 69 64 65 72 73	ed.by.various.cellular.providers
5d780	2e 00 54 68 65 20 60 60 43 44 60 60 2d 62 69 74 20 69 73 20 68 6f 6e 6f 72 65 64 20 63 6f 72 72	..The.``CD``-bit.is.honored.corr
5d7a0	65 63 74 6c 79 20 66 6f 72 20 70 72 6f 63 65 73 73 20 61 6e 64 20 76 61 6c 69 64 61 74 65 2e 20	ectly.for.process.and.validate..
5d7c0	46 6f 72 20 6c 6f 67 2d 66 61 69 6c 2c 20 66 61 69 6c 75 72 65 73 20 77 69 6c 6c 20 62 65 20 6c	For.log-fail,.failures.will.be.l
5d7e0	6f 67 67 65 64 20 74 6f 6f 2e 00 54 68 65 20 60 60 61 64 64 72 65 73 73 60 60 20 63 61 6e 20 62	ogged.too..The.``address``.can.b
5d800	65 20 63 6f 6e 66 69 67 75 72 65 64 20 65 69 74 68 65 72 20 6f 6e 20 74 68 65 20 56 52 52 50 20	e.configured.either.on.the.VRRP.
5d820	69 6e 74 65 72 66 61 63 65 20 6f 72 20 6f 6e 20 6e 6f 74 20 56 52 52 50 20 69 6e 74 65 72 66 61	interface.or.on.not.VRRP.interfa
5d840	63 65 2e 00 54 68 65 20 60 60 61 64 64 72 65 73 73 60 60 20 70 61 72 61 6d 65 74 65 72 20 63 61	ce..The.``address``.parameter.ca
5d860	6e 20 62 65 20 65 69 74 68 65 72 20 61 6e 20 49 50 76 34 20 6f 72 20 49 50 76 36 20 61 64 64 72	n.be.either.an.IPv4.or.IPv6.addr
5d880	65 73 73 2c 20 62 75 74 20 79 6f 75 20 63 61 6e 20 6e 6f 74 20 6d 69 78 20 49 50 76 34 20 61 6e	ess,.but.you.can.not.mix.IPv4.an
5d8a0	64 20 49 50 76 36 20 69 6e 20 74 68 65 20 73 61 6d 65 20 67 72 6f 75 70 2c 20 61 6e 64 20 77 69	d.IPv6.in.the.same.group,.and.wi
5d8c0	6c 6c 20 6e 65 65 64 20 74 6f 20 63 72 65 61 74 65 20 67 72 6f 75 70 73 20 77 69 74 68 20 64 69	ll.need.to.create.groups.with.di
5d8e0	66 66 65 72 65 6e 74 20 56 52 49 44 73 20 73 70 65 63 69 61 6c 6c 79 20 66 6f 72 20 49 50 76 34	fferent.VRIDs.specially.for.IPv4
5d900	20 61 6e 64 20 49 50 76 36 2e 20 49 66 20 79 6f 75 20 77 61 6e 74 20 74 6f 20 75 73 65 20 49 50	.and.IPv6..If.you.want.to.use.IP
5d920	76 34 20 2b 20 49 50 76 36 20 61 64 64 72 65 73 73 20 79 6f 75 20 63 61 6e 20 75 73 65 20 6f 70	v4.+.IPv6.address.you.can.use.op
5d940	74 69 6f 6e 20 60 60 65 78 63 6c 75 64 65 64 2d 61 64 64 72 65 73 73 60 60 00 54 68 65 20 60 60	tion.``excluded-address``.The.``
5d960	68 74 74 70 60 60 20 73 65 72 76 69 63 65 20 69 73 20 6c 65 73 74 65 6e 73 20 6f 6e 20 70 6f 72	http``.service.is.lestens.on.por
5d980	74 20 38 30 20 61 6e 64 20 66 6f 72 63 65 20 72 65 64 69 72 65 63 74 73 20 66 72 6f 6d 20 48 54	t.80.and.force.redirects.from.HT
5d9a0	54 50 20 74 6f 20 48 54 54 50 53 2e 00 54 68 65 20 60 60 68 74 74 70 73 60 60 20 73 65 72 76 69	TP.to.HTTPS..The.``https``.servi
5d9c0	63 65 20 6c 69 73 74 65 6e 73 20 6f 6e 20 70 6f 72 74 20 34 34 33 20 77 69 74 68 20 62 61 63 6b	ce.listens.on.port.443.with.back
5d9e0	65 6e 64 20 60 62 6b 2d 64 65 66 61 75 6c 74 60 20 74 6f 20 68 61 6e 64 6c 65 20 48 54 54 50 53	end.`bk-default`.to.handle.HTTPS
5da00	20 74 72 61 66 66 69 63 2e 20 49 74 20 75 73 65 73 20 63 65 72 74 69 66 69 63 61 74 65 20 6e 61	.traffic..It.uses.certificate.na
5da20	6d 65 64 20 60 60 63 65 72 74 60 60 20 66 6f 72 20 53 53 4c 20 74 65 72 6d 69 6e 61 74 69 6f 6e	med.``cert``.for.SSL.termination
5da40	2e 00 54 68 65 20 60 60 70 65 72 73 69 73 74 65 6e 74 2d 74 75 6e 6e 65 6c 60 60 20 64 69 72 65	..The.``persistent-tunnel``.dire
5da60	63 74 69 76 65 20 77 69 6c 6c 20 61 6c 6c 6f 77 20 75 73 20 74 6f 20 63 6f 6e 66 69 67 75 72 65	ctive.will.allow.us.to.configure
5da80	20 74 75 6e 6e 65 6c 2d 72 65 6c 61 74 65 64 20 61 74 74 72 69 62 75 74 65 73 2c 20 73 75 63 68	.tunnel-related.attributes,.such
5daa0	20 61 73 20 66 69 72 65 77 61 6c 6c 20 70 6f 6c 69 63 79 20 61 73 20 77 65 20 77 6f 75 6c 64 20	.as.firewall.policy.as.we.would.
5dac0	6f 6e 20 61 6e 79 20 6e 6f 72 6d 61 6c 20 6e 65 74 77 6f 72 6b 20 69 6e 74 65 72 66 61 63 65 2e	on.any.normal.network.interface.
5dae0	00 54 68 65 20 60 60 73 6f 75 72 63 65 2d 61 64 64 72 65 73 73 60 60 20 6d 75 73 74 20 62 65 20	.The.``source-address``.must.be.
5db00	63 6f 6e 66 69 67 75 72 65 64 20 6f 6e 20 6f 6e 65 20 6f 66 20 56 79 4f 53 20 69 6e 74 65 72 66	configured.on.one.of.VyOS.interf
5db20	61 63 65 2e 20 42 65 73 74 20 70 72 61 63 74 69 63 65 20 77 6f 75 6c 64 20 62 65 20 61 20 6c 6f	ace..Best.practice.would.be.a.lo
5db40	6f 70 62 61 63 6b 20 6f 72 20 64 75 6d 6d 79 20 69 6e 74 65 72 66 61 63 65 2e 00 54 68 65 20 60	opback.or.dummy.interface..The.`
5db60	73 68 6f 77 20 62 72 69 64 67 65 60 20 6f 70 65 72 61 74 69 6f 6e 61 6c 20 63 6f 6d 6d 61 6e 64	show.bridge`.operational.command
5db80	20 63 61 6e 20 62 65 20 75 73 65 64 20 74 6f 20 64 69 73 70 6c 61 79 20 63 6f 6e 66 69 67 75 72	.can.be.used.to.display.configur
5dba0	65 64 20 62 72 69 64 67 65 73 3a 00 54 68 65 20 61 62 6f 76 65 20 64 69 72 65 63 74 6f 72 79 20	ed.bridges:.The.above.directory.
5dbc0	61 6e 64 20 64 65 66 61 75 6c 74 2d 63 6f 6e 66 69 67 20 6d 75 73 74 20 62 65 20 61 20 63 68 69	and.default-config.must.be.a.chi
5dbe0	6c 64 20 64 69 72 65 63 74 6f 72 79 20 6f 66 20 2f 63 6f 6e 66 69 67 2f 61 75 74 68 2c 20 73 69	ld.directory.of./config/auth,.si
5dc00	6e 63 65 20 66 69 6c 65 73 20 6f 75 74 73 69 64 65 20 74 68 69 73 20 64 69 72 65 63 74 6f 72 79	nce.files.outside.this.directory
5dc20	20 61 72 65 20 6e 6f 74 20 70 65 72 73 69 73 74 65 64 20 61 66 74 65 72 20 61 6e 20 69 6d 61 67	.are.not.persisted.after.an.imag
5dc40	65 20 75 70 67 72 61 64 65 2e 00 54 68 65 20 61 63 74 69 6f 6e 20 63 61 6e 20 62 65 20 3a 00 54	e.upgrade..The.action.can.be.:.T
5dc60	68 65 20 61 64 76 61 6e 74 61 67 65 20 6f 66 20 74 68 69 73 20 69 73 20 74 68 61 74 20 74 68 65	he.advantage.of.this.is.that.the
5dc80	20 72 6f 75 74 65 2d 73 65 6c 65 63 74 69 6f 6e 20 28 61 74 20 74 68 69 73 20 70 6f 69 6e 74 29	.route-selection.(at.this.point)
5dca0	20 77 69 6c 6c 20 62 65 20 6d 6f 72 65 20 64 65 74 65 72 6d 69 6e 69 73 74 69 63 2e 20 54 68 65	.will.be.more.deterministic..The
5dcc0	20 64 69 73 61 64 76 61 6e 74 61 67 65 20 69 73 20 74 68 61 74 20 61 20 66 65 77 20 6f 72 20 65	.disadvantage.is.that.a.few.or.e
5dce0	76 65 6e 20 6f 6e 65 20 6c 6f 77 65 73 74 2d 49 44 20 72 6f 75 74 65 72 20 6d 61 79 20 61 74 74	ven.one.lowest-ID.router.may.att
5dd00	72 61 63 74 20 61 6c 6c 20 74 72 61 66 66 69 63 20 74 6f 20 6f 74 68 65 72 77 69 73 65 2d 65 71	ract.all.traffic.to.otherwise-eq
5dd20	75 61 6c 20 70 61 74 68 73 20 62 65 63 61 75 73 65 20 6f 66 20 74 68 69 73 20 63 68 65 63 6b 2e	ual.paths.because.of.this.check.
5dd40	20 49 74 20 6d 61 79 20 69 6e 63 72 65 61 73 65 20 74 68 65 20 70 6f 73 73 69 62 69 6c 69 74 79	.It.may.increase.the.possibility
5dd60	20 6f 66 20 4d 45 44 20 6f 72 20 49 47 50 20 6f 73 63 69 6c 6c 61 74 69 6f 6e 2c 20 75 6e 6c 65	.of.MED.or.IGP.oscillation,.unle
5dd80	73 73 20 6f 74 68 65 72 20 6d 65 61 73 75 72 65 73 20 77 65 72 65 20 74 61 6b 65 6e 20 74 6f 20	ss.other.measures.were.taken.to.
5dda0	61 76 6f 69 64 20 74 68 65 73 65 2e 20 54 68 65 20 65 78 61 63 74 20 62 65 68 61 76 69 6f 75 72	avoid.these..The.exact.behaviour
5ddc0	20 77 69 6c 6c 20 62 65 20 73 65 6e 73 69 74 69 76 65 20 74 6f 20 74 68 65 20 69 42 47 50 20 61	.will.be.sensitive.to.the.iBGP.a
5dde0	6e 64 20 72 65 66 6c 65 63 74 69 6f 6e 20 74 6f 70 6f 6c 6f 67 79 2e 00 54 68 65 20 61 6c 6c 6f	nd.reflection.topology..The.allo
5de00	63 61 74 65 64 20 61 64 64 72 65 73 73 20 62 6c 6f 63 6b 20 69 73 20 31 30 30 2e 36 34 2e 30 2e	cated.address.block.is.100.64.0.
5de20	30 2f 31 30 2e 00 54 68 65 20 61 6d 6f 75 6e 74 20 6f 66 20 44 75 70 6c 69 63 61 74 65 20 41 64	0/10..The.amount.of.Duplicate.Ad
5de40	64 72 65 73 73 20 44 65 74 65 63 74 69 6f 6e 20 70 72 6f 62 65 73 20 74 6f 20 73 65 6e 64 2e 00	dress.Detection.probes.to.send..
5de60	54 68 65 20 61 74 74 72 69 62 75 74 65 73 20 3a 63 66 67 63 6d 64 3a 60 70 72 65 66 69 78 2d 6c	The.attributes.:cfgcmd:`prefix-l
5de80	69 73 74 60 20 61 6e 64 20 3a 63 66 67 63 6d 64 3a 60 64 69 73 74 72 69 62 75 74 65 2d 6c 69 73	ist`.and.:cfgcmd:`distribute-lis
5dea0	74 60 20 61 72 65 20 6d 75 74 75 61 6c 6c 79 20 65 78 63 6c 75 73 69 76 65 2c 20 61 6e 64 20 6f	t`.are.mutually.exclusive,.and.o
5dec0	6e 6c 79 20 6f 6e 65 20 63 6f 6d 6d 61 6e 64 20 28 64 69 73 74 72 69 62 75 74 65 2d 6c 69 73 74	nly.one.command.(distribute-list
5dee0	20 6f 72 20 70 72 65 66 69 78 2d 6c 69 73 74 29 20 63 61 6e 20 62 65 20 61 70 70 6c 69 65 64 20	.or.prefix-list).can.be.applied.
5df00	74 6f 20 65 61 63 68 20 69 6e 62 6f 75 6e 64 20 6f 72 20 6f 75 74 62 6f 75 6e 64 20 64 69 72 65	to.each.inbound.or.outbound.dire
5df20	63 74 69 6f 6e 20 66 6f 72 20 61 20 70 61 72 74 69 63 75 6c 61 72 20 6e 65 69 67 68 62 6f 72 2e	ction.for.a.particular.neighbor.
5df40	00 54 68 65 20 61 76 61 69 6c 61 62 6c 65 20 6f 70 74 69 6f 6e 73 20 66 6f 72 20 3c 6d 61 74 63	.The.available.options.for.<matc
5df60	68 3e 20 61 72 65 3a 00 54 68 65 20 62 65 6c 6f 77 20 72 65 66 65 72 65 6e 63 65 64 20 49 50 20	h>.are:.The.below.referenced.IP.
5df80	61 64 64 72 65 73 73 20 60 31 39 32 2e 30 2e 32 2e 31 60 20 69 73 20 75 73 65 64 20 61 73 20 65	address.`192.0.2.1`.is.used.as.e
5dfa0	78 61 6d 70 6c 65 20 61 64 64 72 65 73 73 20 72 65 70 72 65 73 65 6e 74 69 6e 67 20 61 20 67 6c	xample.address.representing.a.gl
5dfc0	6f 62 61 6c 20 75 6e 69 63 61 73 74 20 61 64 64 72 65 73 73 20 75 6e 64 65 72 20 77 68 69 63 68	obal.unicast.address.under.which
5dfe0	20 74 68 65 20 48 55 42 20 63 61 6e 20 62 65 20 63 6f 6e 74 61 63 74 65 64 20 62 79 20 65 61 63	.the.HUB.can.be.contacted.by.eac
5e000	68 20 61 6e 64 20 65 76 65 72 79 20 69 6e 64 69 76 69 64 75 61 6c 20 73 70 6f 6b 65 2e 00 54 68	h.and.every.individual.spoke..Th
5e020	65 20 62 6f 6e 64 69 6e 67 20 69 6e 74 65 72 66 61 63 65 20 70 72 6f 76 69 64 65 73 20 61 20 6d	e.bonding.interface.provides.a.m
5e040	65 74 68 6f 64 20 66 6f 72 20 61 67 67 72 65 67 61 74 69 6e 67 20 6d 75 6c 74 69 70 6c 65 20 6e	ethod.for.aggregating.multiple.n
5e060	65 74 77 6f 72 6b 20 69 6e 74 65 72 66 61 63 65 73 20 69 6e 74 6f 20 61 20 73 69 6e 67 6c 65 20	etwork.interfaces.into.a.single.
5e080	6c 6f 67 69 63 61 6c 20 22 62 6f 6e 64 65 64 22 20 69 6e 74 65 72 66 61 63 65 2c 20 6f 72 20 4c	logical."bonded".interface,.or.L
5e0a0	41 47 2c 20 6f 72 20 65 74 68 65 72 2d 63 68 61 6e 6e 65 6c 2c 20 6f 72 20 70 6f 72 74 2d 63 68	AG,.or.ether-channel,.or.port-ch
5e0c0	61 6e 6e 65 6c 2e 20 54 68 65 20 62 65 68 61 76 69 6f 72 20 6f 66 20 74 68 65 20 62 6f 6e 64 65	annel..The.behavior.of.the.bonde
5e0e0	64 20 69 6e 74 65 72 66 61 63 65 73 20 64 65 70 65 6e 64 73 20 75 70 6f 6e 20 74 68 65 20 6d 6f	d.interfaces.depends.upon.the.mo
5e100	64 65 3b 20 67 65 6e 65 72 61 6c 6c 79 20 73 70 65 61 6b 69 6e 67 2c 20 6d 6f 64 65 73 20 70 72	de;.generally.speaking,.modes.pr
5e120	6f 76 69 64 65 20 65 69 74 68 65 72 20 68 6f 74 20 73 74 61 6e 64 62 79 20 6f 72 20 6c 6f 61 64	ovide.either.hot.standby.or.load
5e140	20 62 61 6c 61 6e 63 69 6e 67 20 73 65 72 76 69 63 65 73 2e 20 41 64 64 69 74 69 6f 6e 61 6c 6c	.balancing.services..Additionall
5e160	79 2c 20 6c 69 6e 6b 20 69 6e 74 65 67 72 69 74 79 20 6d 6f 6e 69 74 6f 72 69 6e 67 20 6d 61 79	y,.link.integrity.monitoring.may
5e180	20 62 65 20 70 65 72 66 6f 72 6d 65 64 2e 00 54 68 65 20 63 61 73 65 20 6f 66 20 69 6e 67 72 65	.be.performed..The.case.of.ingre
5e1a0	73 73 20 73 68 61 70 69 6e 67 00 54 68 65 20 63 6c 69 65 6e 74 2c 20 6f 6e 63 65 20 73 75 63 63	ss.shaping.The.client,.once.succ
5e1c0	65 73 73 66 75 6c 6c 79 20 61 75 74 68 65 6e 74 69 63 61 74 65 64 2c 20 77 69 6c 6c 20 72 65 63	essfully.authenticated,.will.rec
5e1e0	65 69 76 65 20 61 6e 20 49 50 76 34 20 61 6e 64 20 61 6e 20 49 50 76 36 20 2f 36 34 20 61 64 64	eive.an.IPv4.and.an.IPv6./64.add
5e200	72 65 73 73 20 74 6f 20 74 65 72 6d 69 6e 61 74 65 20 74 68 65 20 70 70 70 6f 65 20 65 6e 64 70	ress.to.terminate.the.pppoe.endp
5e220	6f 69 6e 74 20 6f 6e 20 74 68 65 20 63 6c 69 65 6e 74 20 73 69 64 65 20 61 6e 64 20 61 20 2f 35	oint.on.the.client.side.and.a./5
5e240	36 20 73 75 62 6e 65 74 20 66 6f 72 20 74 68 65 20 63 6c 69 65 6e 74 73 20 69 6e 74 65 72 6e 61	6.subnet.for.the.clients.interna
5e260	6c 20 75 73 65 2e 00 54 68 65 20 63 6c 69 65 6e 74 73 20 3a 61 62 62 72 3a 60 43 50 45 20 28 43	l.use..The.clients.:abbr:`CPE.(C
5e280	75 73 74 6f 6d 65 72 20 50 72 65 6d 69 73 65 73 20 45 71 75 69 70 6d 65 6e 74 29 60 20 63 61 6e	ustomer.Premises.Equipment)`.can
5e2a0	20 6e 6f 77 20 63 6f 6d 6d 75 6e 69 63 61 74 65 20 76 69 61 20 49 50 76 34 20 6f 72 20 49 50 76	.now.communicate.via.IPv4.or.IPv
5e2c0	36 2e 20 41 6c 6c 20 64 65 76 69 63 65 73 20 62 65 68 69 6e 64 20 60 60 32 30 30 31 3a 64 62 38	6..All.devices.behind.``2001:db8
5e2e0	3a 3a 61 30 30 3a 32 37 66 66 3a 66 65 32 66 3a 64 38 30 36 2f 36 34 60 60 20 63 61 6e 20 75 73	::a00:27ff:fe2f:d806/64``.can.us
5e300	65 20 61 64 64 72 65 73 73 65 73 20 66 72 6f 6d 20 60 60 32 30 30 31 3a 64 62 38 3a 31 3a 3a 2f	e.addresses.from.``2001:db8:1::/
5e320	35 36 60 60 20 61 6e 64 20 63 61 6e 20 67 6c 6f 62 61 6c 6c 79 20 63 6f 6d 6d 75 6e 69 63 61 74	56``.and.can.globally.communicat
5e340	65 20 77 69 74 68 6f 75 74 20 74 68 65 20 6e 65 65 64 20 6f 66 20 61 6e 79 20 4e 41 54 20 72 75	e.without.the.need.of.any.NAT.ru
5e360	6c 65 73 2e 00 54 68 65 20 63 6f 6d 6d 61 6e 64 20 3a 6f 70 63 6d 64 3a 60 73 68 6f 77 20 69 6e	les..The.command.:opcmd:`show.in
5e380	74 65 72 66 61 63 65 73 20 77 69 72 65 67 75 61 72 64 20 77 67 30 31 20 70 75 62 6c 69 63 2d 6b	terfaces.wireguard.wg01.public-k
5e3a0	65 79 60 20 77 69 6c 6c 20 74 68 65 6e 20 73 68 6f 77 20 74 68 65 20 70 75 62 6c 69 63 20 6b 65	ey`.will.then.show.the.public.ke
5e3c0	79 2c 20 77 68 69 63 68 20 6e 65 65 64 73 20 74 6f 20 62 65 20 73 68 61 72 65 64 20 77 69 74 68	y,.which.needs.to.be.shared.with
5e3e0	20 74 68 65 20 70 65 65 72 2e 00 54 68 65 20 63 6f 6d 6d 61 6e 64 20 61 6c 73 6f 20 67 65 6e 65	.the.peer..The.command.also.gene
5e400	72 61 74 65 73 20 61 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 73 6e 69 70 70 65 64 20 77 68	rates.a.configuration.snipped.wh
5e420	69 63 68 20 63 61 6e 20 62 65 20 63 6f 70 79 2f 70 61 73 74 65 64 20 69 6e 74 6f 20 74 68 65 20	ich.can.be.copy/pasted.into.the.
5e440	56 79 4f 53 20 43 4c 49 20 69 66 20 6e 65 65 64 65 64 2e 20 54 68 65 20 73 75 70 70 6c 69 65 64	VyOS.CLI.if.needed..The.supplied
5e460	20 60 60 3c 6e 61 6d 65 3e 60 60 20 6f 6e 20 74 68 65 20 43 4c 49 20 77 69 6c 6c 20 62 65 63 6f	.``<name>``.on.the.CLI.will.beco
5e480	6d 65 20 74 68 65 20 70 65 65 72 20 6e 61 6d 65 20 69 6e 20 74 68 65 20 73 6e 69 70 70 65 74 2e	me.the.peer.name.in.the.snippet.
5e4a0	00 54 68 65 20 63 6f 6d 6d 61 6e 64 20 62 65 6c 6f 77 20 65 6e 61 62 6c 65 73 20 69 74 2c 20 61	.The.command.below.enables.it,.a
5e4c0	73 73 75 6d 69 6e 67 20 74 68 65 20 52 41 44 49 55 53 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 68 61	ssuming.the.RADIUS.connection.ha
5e4e0	73 20 62 65 65 6e 20 73 65 74 75 70 20 61 6e 64 20 69 73 20 77 6f 72 6b 69 6e 67 2e 00 54 68 65	s.been.setup.and.is.working..The
5e500	20 63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 63 75 72 72 65 6e 74 20 52 49 50 20 73 74	.command.displays.current.RIP.st
5e520	61 74 75 73 2e 20 49 74 20 69 6e 63 6c 75 64 65 73 20 52 49 50 20 74 69 6d 65 72 2c 20 66 69 6c	atus..It.includes.RIP.timer,.fil
5e540	74 65 72 69 6e 67 2c 20 76 65 72 73 69 6f 6e 2c 20 52 49 50 20 65 6e 61 62 6c 65 64 20 69 6e 74	tering,.version,.RIP.enabled.int
5e560	65 72 66 61 63 65 20 61 6e 64 20 52 49 50 20 70 65 65 72 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e	erface.and.RIP.peer.information.
5e580	00 54 68 65 20 63 6f 6d 6d 61 6e 64 20 70 6f 6e 20 54 45 53 54 55 4e 4e 45 4c 20 65 73 74 61 62	.The.command.pon.TESTUNNEL.estab
5e5a0	6c 69 73 68 65 73 20 74 68 65 20 50 50 54 50 20 74 75 6e 6e 65 6c 20 74 6f 20 74 68 65 20 72 65	lishes.the.PPTP.tunnel.to.the.re
5e5c0	6d 6f 74 65 20 73 79 73 74 65 6d 2e 00 54 68 65 20 63 6f 6d 70 75 74 65 72 73 20 6f 6e 20 61 6e	mote.system..The.computers.on.an
5e5e0	20 69 6e 74 65 72 6e 61 6c 20 6e 65 74 77 6f 72 6b 20 63 61 6e 20 75 73 65 20 61 6e 79 20 6f 66	.internal.network.can.use.any.of
5e600	20 74 68 65 20 61 64 64 72 65 73 73 65 73 20 73 65 74 20 61 73 69 64 65 20 62 79 20 74 68 65 20	.the.addresses.set.aside.by.the.
5e620	3a 61 62 62 72 3a 60 49 41 4e 41 20 28 49 6e 74 65 72 6e 65 74 20 41 73 73 69 67 6e 65 64 20 4e	:abbr:`IANA.(Internet.Assigned.N
5e640	75 6d 62 65 72 73 20 41 75 74 68 6f 72 69 74 79 29 60 20 66 6f 72 20 70 72 69 76 61 74 65 20 61	umbers.Authority)`.for.private.a
5e660	64 64 72 65 73 73 69 6e 67 20 28 73 65 65 20 3a 72 66 63 3a 60 31 39 31 38 60 29 2e 20 54 68 65	ddressing.(see.:rfc:`1918`)..The
5e680	73 65 20 72 65 73 65 72 76 65 64 20 49 50 20 61 64 64 72 65 73 73 65 73 20 61 72 65 20 6e 6f 74	se.reserved.IP.addresses.are.not
5e6a0	20 69 6e 20 75 73 65 20 6f 6e 20 74 68 65 20 49 6e 74 65 72 6e 65 74 2c 20 73 6f 20 61 6e 20 65	.in.use.on.the.Internet,.so.an.e
5e6c0	78 74 65 72 6e 61 6c 20 6d 61 63 68 69 6e 65 20 77 69 6c 6c 20 6e 6f 74 20 64 69 72 65 63 74 6c	xternal.machine.will.not.directl
5e6e0	79 20 72 6f 75 74 65 20 74 6f 20 74 68 65 6d 2e 20 54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 61	y.route.to.them..The.following.a
5e700	64 64 72 65 73 73 65 73 20 61 72 65 20 72 65 73 65 72 76 65 64 20 66 6f 72 20 70 72 69 76 61 74	ddresses.are.reserved.for.privat
5e720	65 20 75 73 65 3a 00 54 68 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 77 69 6c 6c 20 6c 6f	e.use:.The.configuration.will.lo
5e740	6f 6b 20 61 73 20 66 6f 6c 6c 6f 77 73 3a 00 54 68 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e	ok.as.follows:.The.configuration
5e760	73 20 61 62 6f 76 65 20 77 69 6c 6c 20 64 65 66 61 75 6c 74 20 74 6f 20 75 73 69 6e 67 20 32 35	s.above.will.default.to.using.25
5e780	36 2d 62 69 74 20 41 45 53 20 69 6e 20 47 43 4d 20 6d 6f 64 65 20 66 6f 72 20 65 6e 63 72 79 70	6-bit.AES.in.GCM.mode.for.encryp
5e7a0	74 69 6f 6e 20 28 69 66 20 62 6f 74 68 20 73 69 64 65 73 20 73 75 70 70 6f 72 74 20 4e 43 50 29	tion.(if.both.sides.support.NCP)
5e7c0	20 61 6e 64 20 53 48 41 2d 31 20 66 6f 72 20 48 4d 41 43 20 61 75 74 68 65 6e 74 69 63 61 74 69	.and.SHA-1.for.HMAC.authenticati
5e7e0	6f 6e 2e 20 53 48 41 2d 31 20 69 73 20 63 6f 6e 73 69 64 65 72 65 64 20 77 65 61 6b 2c 20 62 75	on..SHA-1.is.considered.weak,.bu
5e800	74 20 6f 74 68 65 72 20 68 61 73 68 69 6e 67 20 61 6c 67 6f 72 69 74 68 6d 73 20 61 72 65 20 61	t.other.hashing.algorithms.are.a
5e820	76 61 69 6c 61 62 6c 65 2c 20 61 73 20 61 72 65 20 65 6e 63 72 79 70 74 69 6f 6e 20 61 6c 67 6f	vailable,.as.are.encryption.algo
5e840	72 69 74 68 6d 73 3a 00 54 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 73 74 61 74 65 20 68 6f 77	rithms:.The.connection.state.how
5e860	65 76 65 72 20 69 73 20 63 6f 6d 70 6c 65 74 65 6c 79 20 69 6e 64 65 70 65 6e 64 65 6e 74 20 6f	ever.is.completely.independent.o
5e880	66 20 61 6e 79 20 75 70 70 65 72 2d 6c 65 76 65 6c 20 73 74 61 74 65 2c 20 73 75 63 68 20 61 73	f.any.upper-level.state,.such.as
5e8a0	20 54 43 50 27 73 20 6f 72 20 53 43 54 50 27 73 20 73 74 61 74 65 2e 20 50 61 72 74 20 6f 66 20	.TCP's.or.SCTP's.state..Part.of.
5e8c0	74 68 65 20 72 65 61 73 6f 6e 20 66 6f 72 20 74 68 69 73 20 69 73 20 74 68 61 74 20 77 68 65 6e	the.reason.for.this.is.that.when
5e8e0	20 6d 65 72 65 6c 79 20 66 6f 72 77 61 72 64 69 6e 67 20 70 61 63 6b 65 74 73 2c 20 69 2e 65 2e	.merely.forwarding.packets,.i.e.
5e900	20 6e 6f 20 6c 6f 63 61 6c 20 64 65 6c 69 76 65 72 79 2c 20 74 68 65 20 54 43 50 20 65 6e 67 69	.no.local.delivery,.the.TCP.engi
5e920	6e 65 20 6d 61 79 20 6e 6f 74 20 6e 65 63 65 73 73 61 72 69 6c 79 20 62 65 20 69 6e 76 6f 6b 65	ne.may.not.necessarily.be.invoke
5e940	64 20 61 74 20 61 6c 6c 2e 20 45 76 65 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 6c 65 73 73 2d 6d 6f	d.at.all..Even.connectionless-mo
5e960	64 65 20 74 72 61 6e 73 6d 69 73 73 69 6f 6e 73 20 73 75 63 68 20 61 73 20 55 44 50 2c 20 49 50	de.transmissions.such.as.UDP,.IP
5e980	73 65 63 20 28 41 48 2f 45 53 50 29 2c 20 47 52 45 20 61 6e 64 20 6f 74 68 65 72 20 74 75 6e 6e	sec.(AH/ESP),.GRE.and.other.tunn
5e9a0	65 6c 69 6e 67 20 70 72 6f 74 6f 63 6f 6c 73 20 68 61 76 65 2c 20 61 74 20 6c 65 61 73 74 2c 20	eling.protocols.have,.at.least,.
5e9c0	61 20 70 73 65 75 64 6f 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 73 74 61 74 65 2e 20 54 68 65 20 68	a.pseudo.connection.state..The.h
5e9e0	65 75 72 69 73 74 69 63 20 66 6f 72 20 73 75 63 68 20 70 72 6f 74 6f 63 6f 6c 73 20 69 73 20 6f	euristic.for.such.protocols.is.o
5ea00	66 74 65 6e 20 62 61 73 65 64 20 75 70 6f 6e 20 61 20 70 72 65 73 65 74 20 74 69 6d 65 6f 75 74	ften.based.upon.a.preset.timeout
5ea20	20 76 61 6c 75 65 20 66 6f 72 20 69 6e 61 63 74 69 76 69 74 79 2c 20 61 66 74 65 72 20 77 68 6f	.value.for.inactivity,.after.who
5ea40	73 65 20 65 78 70 69 72 61 74 69 6f 6e 20 61 20 4e 65 74 66 69 6c 74 65 72 20 63 6f 6e 6e 65 63	se.expiration.a.Netfilter.connec
5ea60	74 69 6f 6e 20 69 73 20 64 72 6f 70 70 65 64 2e 00 54 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 20	tion.is.dropped..The.connection.
5ea80	74 72 61 63 6b 69 6e 67 20 65 78 70 65 63 74 20 74 61 62 6c 65 20 63 6f 6e 74 61 69 6e 73 20 6f	tracking.expect.table.contains.o
5eaa0	6e 65 20 65 6e 74 72 79 20 66 6f 72 20 65 61 63 68 20 65 78 70 65 63 74 65 64 20 63 6f 6e 6e 65	ne.entry.for.each.expected.conne
5eac0	63 74 69 6f 6e 20 72 65 6c 61 74 65 64 20 74 6f 20 61 6e 20 65 78 69 73 74 69 6e 67 20 63 6f 6e	ction.related.to.an.existing.con
5eae0	6e 65 63 74 69 6f 6e 2e 20 54 68 65 73 65 20 61 72 65 20 67 65 6e 65 72 61 6c 6c 79 20 75 73 65	nection..These.are.generally.use
5eb00	64 20 62 79 20 e2 80 9c 63 6f 6e 6e 65 63 74 69 6f 6e 20 74 72 61 63 6b 69 6e 67 20 68 65 6c 70	d.by....connection.tracking.help
5eb20	65 72 e2 80 9d 20 6d 6f 64 75 6c 65 73 20 73 75 63 68 20 61 73 20 46 54 50 2e 20 54 68 65 20 64	er....modules.such.as.FTP..The.d
5eb40	65 66 61 75 6c 74 20 73 69 7a 65 20 6f 66 20 74 68 65 20 65 78 70 65 63 74 20 74 61 62 6c 65 20	efault.size.of.the.expect.table.
5eb60	69 73 20 32 30 34 38 20 65 6e 74 72 69 65 73 2e 00 54 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 20	is.2048.entries..The.connection.
5eb80	74 72 61 63 6b 69 6e 67 20 74 61 62 6c 65 20 63 6f 6e 74 61 69 6e 73 20 6f 6e 65 20 65 6e 74 72	tracking.table.contains.one.entr
5eba0	79 20 66 6f 72 20 65 61 63 68 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 62 65 69 6e 67 20 74 72 61 63	y.for.each.connection.being.trac
5ebc0	6b 65 64 20 62 79 20 74 68 65 20 73 79 73 74 65 6d 2e 00 54 68 65 20 63 75 72 72 65 6e 74 20 61	ked.by.the.system..The.current.a
5ebe0	74 74 72 69 62 75 74 65 20 27 46 69 6c 74 65 72 2d 49 64 27 20 69 73 20 62 65 69 6e 67 20 75 73	ttribute.'Filter-Id'.is.being.us
5ec00	65 64 20 61 73 20 64 65 66 61 75 6c 74 20 61 6e 64 20 63 61 6e 20 62 65 20 73 65 74 75 70 20 77	ed.as.default.and.can.be.setup.w
5ec20	69 74 68 69 6e 20 52 41 44 49 55 53 3a 00 54 68 65 20 63 75 72 72 65 6e 74 20 70 72 6f 74 6f 63	ithin.RADIUS:.The.current.protoc
5ec40	6f 6c 20 69 73 20 76 65 72 73 69 6f 6e 20 34 20 28 4e 54 50 76 34 29 2c 20 77 68 69 63 68 20 69	ol.is.version.4.(NTPv4),.which.i
5ec60	73 20 61 20 70 72 6f 70 6f 73 65 64 20 73 74 61 6e 64 61 72 64 20 61 73 20 64 6f 63 75 6d 65 6e	s.a.proposed.standard.as.documen
5ec80	74 65 64 20 69 6e 20 3a 72 66 63 3a 60 35 39 30 35 60 2e 20 49 74 20 69 73 20 62 61 63 6b 77 61	ted.in.:rfc:`5905`..It.is.backwa
5eca0	72 64 20 63 6f 6d 70 61 74 69 62 6c 65 20 77 69 74 68 20 76 65 72 73 69 6f 6e 20 33 2c 20 73 70	rd.compatible.with.version.3,.sp
5ecc0	65 63 69 66 69 65 64 20 69 6e 20 3a 72 66 63 3a 60 31 33 30 35 60 2e 00 54 68 65 20 64 61 65 6d	ecified.in.:rfc:`1305`..The.daem
5ece0	6f 6e 20 64 6f 75 62 6c 65 73 20 74 68 65 20 73 69 7a 65 20 6f 66 20 74 68 65 20 6e 65 74 6c 69	on.doubles.the.size.of.the.netli
5ed00	6e 6b 20 65 76 65 6e 74 20 73 6f 63 6b 65 74 20 62 75 66 66 65 72 20 73 69 7a 65 20 69 66 20 69	nk.event.socket.buffer.size.if.i
5ed20	74 20 64 65 74 65 63 74 73 20 6e 65 74 6c 69 6e 6b 20 65 76 65 6e 74 20 6d 65 73 73 61 67 65 20	t.detects.netlink.event.message.
5ed40	64 72 6f 70 70 69 6e 67 2e 20 54 68 69 73 20 63 6c 61 75 73 65 20 73 65 74 73 20 74 68 65 20 6d	dropping..This.clause.sets.the.m
5ed60	61 78 69 6d 75 6d 20 62 75 66 66 65 72 20 73 69 7a 65 20 67 72 6f 77 74 68 20 74 68 61 74 20 63	aximum.buffer.size.growth.that.c
5ed80	61 6e 20 62 65 20 72 65 61 63 68 65 64 2e 00 54 68 65 20 64 65 66 61 75 6c 74 20 52 41 44 49 55	an.be.reached..The.default.RADIU
5eda0	53 20 61 74 74 72 69 62 75 74 65 20 66 6f 72 20 72 61 74 65 20 6c 69 6d 69 74 69 6e 67 20 69 73	S.attribute.for.rate.limiting.is
5edc0	20 60 60 46 69 6c 74 65 72 2d 49 64 60 60 2c 20 62 75 74 20 79 6f 75 20 6d 61 79 20 61 6c 73 6f	.``Filter-Id``,.but.you.may.also
5ede0	20 72 65 64 65 66 69 6e 65 20 69 74 2e 00 54 68 65 20 64 65 66 61 75 6c 74 20 56 79 4f 53 20 75	.redefine.it..The.default.VyOS.u
5ee00	73 65 72 20 61 63 63 6f 75 6e 74 20 28 60 76 79 6f 73 60 29 2c 20 61 73 20 77 65 6c 6c 20 61 73	ser.account.(`vyos`),.as.well.as
5ee20	20 6e 65 77 6c 79 20 63 72 65 61 74 65 64 20 75 73 65 72 20 61 63 63 6f 75 6e 74 73 2c 20 68 61	.newly.created.user.accounts,.ha
5ee40	76 65 20 61 6c 6c 20 63 61 70 61 62 69 6c 69 74 69 65 73 20 74 6f 20 63 6f 6e 66 69 67 75 72 65	ve.all.capabilities.to.configure
5ee60	20 74 68 65 20 73 79 73 74 65 6d 2e 20 41 6c 6c 20 61 63 63 6f 75 6e 74 73 20 68 61 76 65 20 73	.the.system..All.accounts.have.s
5ee80	75 64 6f 20 63 61 70 61 62 69 6c 69 74 69 65 73 20 61 6e 64 20 74 68 65 72 65 66 6f 72 65 20 63	udo.capabilities.and.therefore.c
5eea0	61 6e 20 6f 70 65 72 61 74 65 20 61 73 20 72 6f 6f 74 20 6f 6e 20 74 68 65 20 73 79 73 74 65 6d	an.operate.as.root.on.the.system
5eec0	2e 00 54 68 65 20 64 65 66 61 75 6c 74 20 68 6f 73 74 6e 61 6d 65 20 75 73 65 64 20 69 73 20 60	..The.default.hostname.used.is.`
5eee0	76 79 6f 73 60 2e 00 54 68 65 20 64 65 66 61 75 6c 74 20 6c 65 61 73 65 20 74 69 6d 65 20 66 6f	vyos`..The.default.lease.time.fo
5ef00	72 20 44 48 43 50 76 36 20 6c 65 61 73 65 73 20 69 73 20 32 34 20 68 6f 75 72 73 2e 20 54 68 69	r.DHCPv6.leases.is.24.hours..Thi
5ef20	73 20 63 61 6e 20 62 65 20 63 68 61 6e 67 65 64 20 62 79 20 73 75 70 70 6c 79 69 6e 67 20 61 20	s.can.be.changed.by.supplying.a.
5ef40	60 60 64 65 66 61 75 6c 74 2d 74 69 6d 65 60 60 2c 20 60 60 6d 61 78 69 6d 75 6d 2d 74 69 6d 65	``default-time``,.``maximum-time
5ef60	60 60 20 61 6e 64 20 60 60 6d 69 6e 69 6d 75 6d 2d 74 69 6d 65 60 60 2e 20 41 6c 6c 20 76 61 6c	``.and.``minimum-time``..All.val
5ef80	75 65 73 20 6e 65 65 64 20 74 6f 20 62 65 20 73 75 70 70 6c 69 65 64 20 69 6e 20 73 65 63 6f 6e	ues.need.to.be.supplied.in.secon
5efa0	64 73 2e 00 54 68 65 20 64 65 66 61 75 6c 74 20 70 6f 72 74 20 75 64 70 20 69 73 20 73 65 74 20	ds..The.default.port.udp.is.set.
5efc0	74 6f 20 38 34 37 32 2e 20 49 74 20 63 61 6e 20 62 65 20 63 68 61 6e 67 65 64 20 77 69 74 68 20	to.8472..It.can.be.changed.with.
5efe0	60 60 73 65 74 20 69 6e 74 65 72 66 61 63 65 20 76 78 6c 61 6e 20 3c 76 78 6c 61 6e 4e 3e 20 70	``set.interface.vxlan.<vxlanN>.p
5f000	6f 72 74 20 3c 70 6f 72 74 3e 60 60 00 54 68 65 20 64 65 66 61 75 6c 74 20 76 61 6c 75 65 20 63	ort.<port>``.The.default.value.c
5f020	6f 72 72 65 73 70 6f 6e 64 73 20 74 6f 20 36 34 2e 00 54 68 65 20 64 65 66 61 75 6c 74 20 76 61	orresponds.to.64..The.default.va
5f040	6c 75 65 20 69 73 20 30 2e 20 54 68 69 73 20 77 69 6c 6c 20 63 61 75 73 65 20 74 68 65 20 63 61	lue.is.0..This.will.cause.the.ca
5f060	72 72 69 65 72 20 74 6f 20 62 65 20 61 73 73 65 72 74 65 64 20 28 66 6f 72 20 38 30 32 2e 33 61	rrier.to.be.asserted.(for.802.3a
5f080	64 20 6d 6f 64 65 29 20 77 68 65 6e 65 76 65 72 20 74 68 65 72 65 20 69 73 20 61 6e 20 61 63 74	d.mode).whenever.there.is.an.act
5f0a0	69 76 65 20 61 67 67 72 65 67 61 74 6f 72 2c 20 72 65 67 61 72 64 6c 65 73 73 20 6f 66 20 74 68	ive.aggregator,.regardless.of.th
5f0c0	65 20 6e 75 6d 62 65 72 20 6f 66 20 61 76 61 69 6c 61 62 6c 65 20 6c 69 6e 6b 73 20 69 6e 20 74	e.number.of.available.links.in.t
5f0e0	68 61 74 20 61 67 67 72 65 67 61 74 6f 72 2e 00 54 68 65 20 64 65 66 61 75 6c 74 20 76 61 6c 75	hat.aggregator..The.default.valu
5f100	65 20 69 73 20 33 30 30 20 73 65 63 6f 6e 64 73 2e 00 54 68 65 20 64 65 66 61 75 6c 74 20 76 61	e.is.300.seconds..The.default.va
5f120	6c 75 65 20 69 73 20 38 36 34 30 30 20 73 65 63 6f 6e 64 73 20 77 68 69 63 68 20 63 6f 72 72 65	lue.is.86400.seconds.which.corre
5f140	73 70 6f 6e 64 73 20 74 6f 20 6f 6e 65 20 64 61 79 2e 00 54 68 65 20 64 65 66 61 75 6c 74 20 76	sponds.to.one.day..The.default.v
5f160	61 6c 75 65 20 69 73 20 73 6c 6f 77 2e 00 54 68 65 20 64 65 66 61 75 6c 74 20 76 61 6c 75 65 73	alue.is.slow..The.default.values
5f180	20 66 6f 72 20 74 68 65 20 6d 69 6e 69 6d 75 6d 2d 74 68 72 65 73 68 6f 6c 64 20 64 65 70 65 6e	.for.the.minimum-threshold.depen
5f1a0	64 20 6f 6e 20 49 50 20 70 72 65 63 65 64 65 6e 63 65 3a 00 54 68 65 20 64 65 73 74 69 6e 61 74	d.on.IP.precedence:.The.destinat
5f1c0	69 6f 6e 20 70 6f 72 74 20 75 73 65 64 20 66 6f 72 20 63 72 65 61 74 69 6e 67 20 61 20 56 58 4c	ion.port.used.for.creating.a.VXL
5f1e0	41 4e 20 69 6e 74 65 72 66 61 63 65 20 69 6e 20 4c 69 6e 75 78 20 64 65 66 61 75 6c 74 73 20 74	AN.interface.in.Linux.defaults.t
5f200	6f 20 69 74 73 20 70 72 65 2d 73 74 61 6e 64 61 72 64 20 76 61 6c 75 65 20 6f 66 20 38 34 37 32	o.its.pre-standard.value.of.8472
5f220	20 74 6f 20 70 72 65 73 65 72 76 65 20 62 61 63 6b 77 61 72 64 20 63 6f 6d 70 61 74 69 62 69 6c	.to.preserve.backward.compatibil
5f240	69 74 79 2e 20 41 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 64 69 72 65 63 74 69 76 65 20 74	ity..A.configuration.directive.t
5f260	6f 20 73 75 70 70 6f 72 74 20 61 20 75 73 65 72 2d 73 70 65 63 69 66 69 65 64 20 64 65 73 74 69	o.support.a.user-specified.desti
5f280	6e 61 74 69 6f 6e 20 70 6f 72 74 20 74 6f 20 6f 76 65 72 72 69 64 65 20 74 68 61 74 20 62 65 68	nation.port.to.override.that.beh
5f2a0	61 76 69 6f 72 20 69 73 20 61 76 61 69 6c 61 62 6c 65 20 75 73 69 6e 67 20 74 68 65 20 61 62 6f	avior.is.available.using.the.abo
5f2c0	76 65 20 63 6f 6d 6d 61 6e 64 2e 00 54 68 65 20 64 69 61 6c 6f 67 75 65 20 62 65 74 77 65 65 6e	ve.command..The.dialogue.between
5f2e0	20 66 61 69 6c 6f 76 65 72 20 70 61 72 74 6e 65 72 73 20 69 73 20 6e 65 69 74 68 65 72 20 65 6e	.failover.partners.is.neither.en
5f300	63 72 79 70 74 65 64 20 6e 6f 72 20 61 75 74 68 65 6e 74 69 63 61 74 65 64 2e 20 53 69 6e 63 65	crypted.nor.authenticated..Since
5f320	20 6d 6f 73 74 20 44 48 43 50 20 73 65 72 76 65 72 73 20 65 78 69 73 74 20 77 69 74 68 69 6e 20	.most.DHCP.servers.exist.within.
5f340	61 6e 20 6f 72 67 61 6e 69 73 61 74 69 6f 6e 27 73 20 6f 77 6e 20 73 65 63 75 72 65 20 49 6e 74	an.organisation's.own.secure.Int
5f360	72 61 6e 65 74 2c 20 74 68 69 73 20 77 6f 75 6c 64 20 62 65 20 61 6e 20 75 6e 6e 65 63 65 73 73	ranet,.this.would.be.an.unnecess
5f380	61 72 79 20 6f 76 65 72 68 65 61 64 2e 20 48 6f 77 65 76 65 72 2c 20 69 66 20 79 6f 75 20 68 61	ary.overhead..However,.if.you.ha
5f3a0	76 65 20 44 48 43 50 20 66 61 69 6c 6f 76 65 72 20 70 65 65 72 73 20 77 68 6f 73 65 20 63 6f 6d	ve.DHCP.failover.peers.whose.com
5f3c0	6d 75 6e 69 63 61 74 69 6f 6e 73 20 74 72 61 76 65 72 73 65 20 69 6e 73 65 63 75 72 65 20 6e 65	munications.traverse.insecure.ne
5f3e0	74 77 6f 72 6b 73 2c 20 74 68 65 6e 20 77 65 20 72 65 63 6f 6d 6d 65 6e 64 20 74 68 61 74 20 79	tworks,.then.we.recommend.that.y
5f400	6f 75 20 63 6f 6e 73 69 64 65 72 20 74 68 65 20 75 73 65 20 6f 66 20 56 50 4e 20 74 75 6e 6e 65	ou.consider.the.use.of.VPN.tunne
5f420	6c 69 6e 67 20 62 65 74 77 65 65 6e 20 74 68 65 6d 20 74 6f 20 65 6e 73 75 72 65 20 74 68 61 74	ling.between.them.to.ensure.that
5f440	20 74 68 65 20 66 61 69 6c 6f 76 65 72 20 70 61 72 74 6e 65 72 73 68 69 70 20 69 73 20 69 6d 6d	.the.failover.partnership.is.imm
5f460	75 6e 65 20 74 6f 20 64 69 73 72 75 70 74 69 6f 6e 20 28 61 63 63 69 64 65 6e 74 61 6c 20 6f 72	une.to.disruption.(accidental.or
5f480	20 6f 74 68 65 72 77 69 73 65 29 20 76 69 61 20 74 68 69 72 64 20 70 61 72 74 69 65 73 2e 00 54	.otherwise).via.third.parties..T
5f4a0	68 65 20 64 6f 6d 61 69 6e 2d 6e 61 6d 65 20 70 61 72 61 6d 65 74 65 72 20 73 68 6f 75 6c 64 20	he.domain-name.parameter.should.
5f4c0	62 65 20 74 68 65 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 20 74 68 61 74 20 77 69 6c 6c 20 62 65 20	be.the.domain.name.that.will.be.
5f4e0	61 70 70 65 6e 64 65 64 20 74 6f 20 74 68 65 20 63 6c 69 65 6e 74 27 73 20 68 6f 73 74 6e 61 6d	appended.to.the.client's.hostnam
5f500	65 20 74 6f 20 66 6f 72 6d 20 61 20 66 75 6c 6c 79 2d 71 75 61 6c 69 66 69 65 64 20 64 6f 6d 61	e.to.form.a.fully-qualified.doma
5f520	69 6e 2d 6e 61 6d 65 20 28 46 51 44 4e 29 20 28 44 48 43 50 20 4f 70 74 69 6f 6e 20 30 31 35 29	in-name.(FQDN).(DHCP.Option.015)
5f540	2e 00 54 68 65 20 64 6f 6d 61 69 6e 2d 6e 61 6d 65 20 70 61 72 61 6d 65 74 65 72 20 73 68 6f 75	..The.domain-name.parameter.shou
5f560	6c 64 20 62 65 20 74 68 65 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 20 75 73 65 64 20 77 68 65 6e 20	ld.be.the.domain.name.used.when.
5f580	63 6f 6d 70 6c 65 74 69 6e 67 20 44 4e 53 20 72 65 71 75 65 73 74 20 77 68 65 72 65 20 6e 6f 20	completing.DNS.request.where.no.
5f5a0	66 75 6c 6c 20 46 51 44 4e 20 69 73 20 70 61 73 73 65 64 2e 20 54 68 69 73 20 6f 70 74 69 6f 6e	full.FQDN.is.passed..This.option
5f5c0	20 63 61 6e 20 62 65 20 67 69 76 65 6e 20 6d 75 6c 74 69 70 6c 65 20 74 69 6d 65 73 20 69 66 20	.can.be.given.multiple.times.if.
5f5e0	79 6f 75 20 6e 65 65 64 20 6d 75 6c 74 69 70 6c 65 20 73 65 61 72 63 68 20 64 6f 6d 61 69 6e 73	you.need.multiple.search.domains
5f600	20 28 44 48 43 50 20 4f 70 74 69 6f 6e 20 31 31 39 29 2e 00 54 68 65 20 64 75 6d 6d 79 20 69 6e	.(DHCP.Option.119)..The.dummy.in
5f620	74 65 72 66 61 63 65 20 61 6c 6c 6f 77 73 20 75 73 20 74 6f 20 68 61 76 65 20 61 6e 20 65 71 75	terface.allows.us.to.have.an.equ
5f640	69 76 61 6c 65 6e 74 20 6f 66 20 74 68 65 20 43 69 73 63 6f 20 49 4f 53 20 4c 6f 6f 70 62 61 63	ivalent.of.the.Cisco.IOS.Loopbac
5f660	6b 20 69 6e 74 65 72 66 61 63 65 20 2d 20 61 20 72 6f 75 74 65 72 2d 69 6e 74 65 72 6e 61 6c 20	k.interface.-.a.router-internal.
5f680	69 6e 74 65 72 66 61 63 65 20 77 65 20 63 61 6e 20 75 73 65 20 66 6f 72 20 49 50 20 61 64 64 72	interface.we.can.use.for.IP.addr
5f6a0	65 73 73 65 73 20 74 68 65 20 72 6f 75 74 65 72 20 6d 75 73 74 20 6b 6e 6f 77 20 61 62 6f 75 74	esses.the.router.must.know.about
5f6c0	2c 20 62 75 74 20 77 68 69 63 68 20 61 72 65 20 6e 6f 74 20 61 63 74 75 61 6c 6c 79 20 61 73 73	,.but.which.are.not.actually.ass
5f6e0	69 67 6e 65 64 20 74 6f 20 61 20 72 65 61 6c 20 6e 65 74 77 6f 72 6b 2e 00 54 68 65 20 64 75 6d	igned.to.a.real.network..The.dum
5f700	6d 79 20 69 6e 74 65 72 66 61 63 65 20 69 73 20 72 65 61 6c 6c 79 20 61 20 6c 69 74 74 6c 65 20	my.interface.is.really.a.little.
5f720	65 78 6f 74 69 63 2c 20 62 75 74 20 72 61 74 68 65 72 20 75 73 65 66 75 6c 20 6e 65 76 65 72 74	exotic,.but.rather.useful.nevert
5f740	68 65 6c 65 73 73 2e 20 44 75 6d 6d 79 20 69 6e 74 65 72 66 61 63 65 73 20 61 72 65 20 6d 75 63	heless..Dummy.interfaces.are.muc
5f760	68 20 6c 69 6b 65 20 74 68 65 20 3a 72 65 66 3a 60 6c 6f 6f 70 62 61 63 6b 2d 69 6e 74 65 72 66	h.like.the.:ref:`loopback-interf
5f780	61 63 65 60 20 69 6e 74 65 72 66 61 63 65 2c 20 65 78 63 65 70 74 20 79 6f 75 20 63 61 6e 20 68	ace`.interface,.except.you.can.h
5f7a0	61 76 65 20 61 73 20 6d 61 6e 79 20 61 73 20 79 6f 75 20 77 61 6e 74 2e 00 54 68 65 20 65 6d 62	ave.as.many.as.you.want..The.emb
5f7c0	65 64 64 65 64 20 53 71 75 69 64 20 70 72 6f 78 79 20 63 61 6e 20 75 73 65 20 4c 44 41 50 20 74	edded.Squid.proxy.can.use.LDAP.t
5f7e0	6f 20 61 75 74 68 65 6e 74 69 63 61 74 65 20 75 73 65 72 73 20 61 67 61 69 6e 73 74 20 61 20 63	o.authenticate.users.against.a.c
5f800	6f 6d 70 61 6e 79 20 77 69 64 65 20 64 69 72 65 63 74 6f 72 79 2e 20 54 68 65 20 66 6f 6c 6c 6f	ompany.wide.directory..The.follo
5f820	77 69 6e 67 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 69 73 20 61 6e 20 65 78 61 6d 70 6c 65	wing.configuration.is.an.example
5f840	20 6f 66 20 68 6f 77 20 74 6f 20 75 73 65 20 41 63 74 69 76 65 20 44 69 72 65 63 74 6f 72 79 20	.of.how.to.use.Active.Directory.
5f860	61 73 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 62 61 63 6b 65 6e 64 2e 20 51 75 65 72 69	as.authentication.backend..Queri
5f880	65 73 20 61 72 65 20 64 6f 6e 65 20 76 69 61 20 4c 44 41 50 2e 00 54 68 65 20 65 78 61 6d 70 6c	es.are.done.via.LDAP..The.exampl
5f8a0	65 20 61 62 6f 76 65 20 75 73 65 73 20 31 39 32 2e 30 2e 32 2e 32 20 61 73 20 65 78 74 65 72 6e	e.above.uses.192.0.2.2.as.extern
5f8c0	61 6c 20 49 50 20 61 64 64 72 65 73 73 2e 20 41 20 4c 41 43 20 6e 6f 72 6d 61 6c 6c 79 20 72 65	al.IP.address..A.LAC.normally.re
5f8e0	71 75 69 72 65 73 20 61 6e 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 70 61 73 73 77 6f 72	quires.an.authentication.passwor
5f900	64 2c 20 77 68 69 63 68 20 69 73 20 73 65 74 20 69 6e 20 74 68 65 20 65 78 61 6d 70 6c 65 20 63	d,.which.is.set.in.the.example.c
5f920	6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 74 6f 20 60 60 6c 6e 73 20 73 68 61 72 65 64 2d 73 65 63	onfiguration.to.``lns.shared-sec
5f940	72 65 74 20 27 73 65 63 72 65 74 27 60 60 2e 20 54 68 69 73 20 73 65 74 75 70 20 72 65 71 75 69	ret.'secret'``..This.setup.requi
5f960	72 65 73 20 74 68 65 20 43 6f 6d 70 72 65 73 73 69 6f 6e 20 43 6f 6e 74 72 6f 6c 20 50 72 6f 74	res.the.Compression.Control.Prot
5f980	6f 63 6f 6c 20 28 43 43 50 29 20 62 65 69 6e 67 20 64 69 73 61 62 6c 65 64 2c 20 74 68 65 20 63	ocol.(CCP).being.disabled,.the.c
5f9a0	6f 6d 6d 61 6e 64 20 60 60 73 65 74 20 76 70 6e 20 6c 32 74 70 20 72 65 6d 6f 74 65 2d 61 63 63	ommand.``set.vpn.l2tp.remote-acc
5f9c0	65 73 73 20 63 63 70 2d 64 69 73 61 62 6c 65 60 60 20 61 63 63 6f 6d 70 6c 69 73 68 65 73 20 74	ess.ccp-disable``.accomplishes.t
5f9e0	68 61 74 2e 00 54 68 65 20 65 78 61 6d 70 6c 65 20 62 65 6c 6f 77 20 63 6f 76 65 72 73 20 61 20	hat..The.example.below.covers.a.
5fa00	64 75 61 6c 2d 73 74 61 63 6b 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 76 69 61 20 70 70 70	dual-stack.configuration.via.ppp
5fa20	6f 65 2d 73 65 72 76 65 72 2e 00 54 68 65 20 65 78 61 6d 70 6c 65 20 62 65 6c 6f 77 20 75 73 65	oe-server..The.example.below.use
5fa40	73 20 41 43 4e 20 61 73 20 61 63 63 65 73 73 2d 63 6f 6e 63 65 6e 74 72 61 74 6f 72 20 6e 61 6d	s.ACN.as.access-concentrator.nam
5fa60	65 2c 20 61 73 73 69 67 6e 73 20 61 6e 20 61 64 64 72 65 73 73 20 66 72 6f 6d 20 74 68 65 20 70	e,.assigns.an.address.from.the.p
5fa80	6f 6f 6c 20 31 30 2e 31 2e 31 2e 31 30 30 2d 31 31 31 2c 20 74 65 72 6d 69 6e 61 74 65 73 20 61	ool.10.1.1.100-111,.terminates.a
5faa0	74 20 74 68 65 20 6c 6f 63 61 6c 20 65 6e 64 70 6f 69 6e 74 20 31 30 2e 31 2e 31 2e 31 20 61 6e	t.the.local.endpoint.10.1.1.1.an
5fac0	64 20 73 65 72 76 65 73 20 72 65 71 75 65 73 74 73 20 6f 6e 6c 79 20 6f 6e 20 65 74 68 31 2e 00	d.serves.requests.only.on.eth1..
5fae0	54 68 65 20 65 78 61 6d 70 6c 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 62 65 6c 6f 77 20	The.example.configuration.below.
5fb00	77 69 6c 6c 20 61 73 73 69 67 6e 20 61 6e 20 49 50 20 74 6f 20 74 68 65 20 63 6c 69 65 6e 74 20	will.assign.an.IP.to.the.client.
5fb20	6f 6e 20 74 68 65 20 69 6e 63 6f 6d 69 6e 67 20 69 6e 74 65 72 66 61 63 65 20 65 74 68 32 20 77	on.the.incoming.interface.eth2.w
5fb40	69 74 68 20 74 68 65 20 63 6c 69 65 6e 74 20 6d 61 63 20 61 64 64 72 65 73 73 20 30 38 3a 30 30	ith.the.client.mac.address.08:00
5fb60	3a 32 37 3a 32 66 3a 64 38 3a 30 36 2e 20 4f 74 68 65 72 20 44 48 43 50 20 64 69 73 63 6f 76 65	:27:2f:d8:06..Other.DHCP.discove
5fb80	72 79 20 72 65 71 75 65 73 74 73 20 77 69 6c 6c 20 62 65 20 69 67 6e 6f 72 65 64 2c 20 75 6e 6c	ry.requests.will.be.ignored,.unl
5fba0	65 73 73 20 74 68 65 20 63 6c 69 65 6e 74 20 6d 61 63 20 68 61 73 20 62 65 65 6e 20 65 6e 61 62	ess.the.client.mac.has.been.enab
5fbc0	6c 65 64 20 69 6e 20 74 68 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2e 00 54 68 65 20 65 78	led.in.the.configuration..The.ex
5fbe0	61 6d 70 6c 65 20 63 72 65 61 74 65 73 20 61 20 77 69 72 65 6c 65 73 73 20 73 74 61 74 69 6f 6e	ample.creates.a.wireless.station
5fc00	20 28 63 6f 6d 6d 6f 6e 6c 79 20 72 65 66 65 72 72 65 64 20 74 6f 20 61 73 20 57 69 2d 46 69 20	.(commonly.referred.to.as.Wi-Fi.
5fc20	63 6c 69 65 6e 74 29 20 74 68 61 74 20 61 63 63 65 73 73 65 73 20 74 68 65 20 6e 65 74 77 6f 72	client).that.accesses.the.networ
5fc40	6b 20 74 68 72 6f 75 67 68 20 74 68 65 20 57 41 50 20 64 65 66 69 6e 65 64 20 69 6e 20 74 68 65	k.through.the.WAP.defined.in.the
5fc60	20 61 62 6f 76 65 20 65 78 61 6d 70 6c 65 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 70 68 79 73	.above.example..The.default.phys
5fc80	69 63 61 6c 20 64 65 76 69 63 65 20 28 60 60 70 68 79 30 60 60 29 20 69 73 20 75 73 65 64 2e 00	ical.device.(``phy0``).is.used..
5fca0	54 68 65 20 65 78 74 65 72 6e 61 6c 20 49 50 20 61 64 64 72 65 73 73 20 74 6f 20 74 72 61 6e 73	The.external.IP.address.to.trans
5fcc0	6c 61 74 65 20 74 6f 00 54 68 65 20 66 69 72 65 77 61 6c 6c 20 73 75 70 70 6f 72 74 73 20 74 68	late.to.The.firewall.supports.th
5fce0	65 20 63 72 65 61 74 69 6f 6e 20 6f 66 20 67 72 6f 75 70 73 20 66 6f 72 20 61 64 64 72 65 73 73	e.creation.of.groups.for.address
5fd00	65 73 2c 20 64 6f 6d 61 69 6e 73 2c 20 69 6e 74 65 72 66 61 63 65 73 2c 20 6d 61 63 2d 61 64 64	es,.domains,.interfaces,.mac-add
5fd20	72 65 73 73 65 73 2c 20 6e 65 74 77 6f 72 6b 73 20 61 6e 64 20 70 6f 72 74 20 67 72 6f 75 70 73	resses,.networks.and.port.groups
5fd40	2e 20 54 68 69 73 20 67 72 6f 75 70 73 20 63 61 6e 20 62 65 20 75 73 65 64 20 6c 61 74 65 72 20	..This.groups.can.be.used.later.
5fd60	69 6e 20 66 69 72 65 77 61 6c 6c 20 72 75 6c 65 73 65 74 20 61 73 20 64 65 73 69 72 65 64 2e 00	in.firewall.ruleset.as.desired..
5fd80	54 68 65 20 66 69 72 65 77 61 6c 6c 20 73 75 70 70 6f 72 74 73 20 74 68 65 20 63 72 65 61 74 69	The.firewall.supports.the.creati
5fda0	6f 6e 20 6f 66 20 67 72 6f 75 70 73 20 66 6f 72 20 70 6f 72 74 73 2c 20 61 64 64 72 65 73 73 65	on.of.groups.for.ports,.addresse
5fdc0	73 2c 20 61 6e 64 20 6e 65 74 77 6f 72 6b 73 20 28 69 6d 70 6c 65 6d 65 6e 74 65 64 20 75 73 69	s,.and.networks.(implemented.usi
5fde0	6e 67 20 6e 65 74 66 69 6c 74 65 72 20 69 70 73 65 74 29 20 61 6e 64 20 74 68 65 20 6f 70 74 69	ng.netfilter.ipset).and.the.opti
5fe00	6f 6e 20 6f 66 20 69 6e 74 65 72 66 61 63 65 20 6f 72 20 7a 6f 6e 65 20 62 61 73 65 64 20 66 69	on.of.interface.or.zone.based.fi
5fe20	72 65 77 61 6c 6c 20 70 6f 6c 69 63 79 2e 00 54 68 65 20 66 69 72 73 74 20 49 50 20 69 6e 20 74	rewall.policy..The.first.IP.in.t
5fe40	68 65 20 63 6f 6e 74 61 69 6e 65 72 20 6e 65 74 77 6f 72 6b 20 69 73 20 72 65 73 65 72 76 65 64	he.container.network.is.reserved
5fe60	20 62 79 20 74 68 65 20 65 6e 67 69 6e 65 20 61 6e 64 20 63 61 6e 6e 6f 74 20 62 65 20 75 73 65	.by.the.engine.and.cannot.be.use
5fe80	64 00 54 68 65 20 66 69 72 73 74 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 70 61 72 61 6d	d.The.first.address.of.the.param
5fea0	65 74 65 72 20 60 60 63 6c 69 65 6e 74 2d 73 75 62 6e 65 74 60 60 2c 20 77 69 6c 6c 20 62 65 20	eter.``client-subnet``,.will.be.
5fec0	75 73 65 64 20 61 73 20 74 68 65 20 64 65 66 61 75 6c 74 20 67 61 74 65 77 61 79 2e 20 43 6f 6e	used.as.the.default.gateway..Con
5fee0	6e 65 63 74 65 64 20 73 65 73 73 69 6f 6e 73 20 63 61 6e 20 62 65 20 63 68 65 63 6b 65 64 20 76	nected.sessions.can.be.checked.v
5ff00	69 61 20 74 68 65 20 60 60 73 68 6f 77 20 69 70 6f 65 2d 73 65 72 76 65 72 20 73 65 73 73 69 6f	ia.the.``show.ipoe-server.sessio
5ff20	6e 73 60 60 20 63 6f 6d 6d 61 6e 64 2e 00 54 68 65 20 66 69 72 73 74 20 61 6e 64 20 61 72 67 75	ns``.command..The.first.and.argu
5ff40	61 62 6c 79 20 63 6c 65 61 6e 65 72 20 6f 70 74 69 6f 6e 20 69 73 20 74 6f 20 6d 61 6b 65 20 79	ably.cleaner.option.is.to.make.y
5ff60	6f 75 72 20 49 50 73 65 63 20 70 6f 6c 69 63 79 20 6d 61 74 63 68 20 47 52 45 20 70 61 63 6b 65	our.IPsec.policy.match.GRE.packe
5ff80	74 73 20 62 65 74 77 65 65 6e 20 65 78 74 65 72 6e 61 6c 20 61 64 64 72 65 73 73 65 73 20 6f 66	ts.between.external.addresses.of
5ffa0	20 79 6f 75 72 20 72 6f 75 74 65 72 73 2e 20 54 68 69 73 20 69 73 20 74 68 65 20 62 65 73 74 20	.your.routers..This.is.the.best.
5ffc0	6f 70 74 69 6f 6e 20 69 66 20 62 6f 74 68 20 72 6f 75 74 65 72 73 20 68 61 76 65 20 73 74 61 74	option.if.both.routers.have.stat
5ffe0	69 63 20 65 78 74 65 72 6e 61 6c 20 61 64 64 72 65 73 73 65 73 2e 00 54 68 65 20 66 69 72 73 74	ic.external.addresses..The.first
60000	20 66 6c 6f 77 20 63 6f 6e 74 72 6f 6c 20 6d 65 63 68 61 6e 69 73 6d 2c 20 74 68 65 20 70 61 75	.flow.control.mechanism,.the.pau
60020	73 65 20 66 72 61 6d 65 2c 20 77 61 73 20 64 65 66 69 6e 65 64 20 62 79 20 74 68 65 20 49 45 45	se.frame,.was.defined.by.the.IEE
60040	45 20 38 30 32 2e 33 78 20 73 74 61 6e 64 61 72 64 2e 00 54 68 65 20 66 69 72 73 74 20 72 65 67	E.802.3x.standard..The.first.reg
60060	69 73 74 72 61 74 69 6f 6e 20 72 65 71 75 65 73 74 20 69 73 20 73 65 6e 74 20 74 6f 20 74 68 65	istration.request.is.sent.to.the
60080	20 70 72 6f 74 6f 63 6f 6c 20 62 72 6f 61 64 63 61 73 74 20 61 64 64 72 65 73 73 2c 20 61 6e 64	.protocol.broadcast.address,.and
600a0	20 74 68 65 20 73 65 72 76 65 72 27 73 20 72 65 61 6c 20 70 72 6f 74 6f 63 6f 6c 20 61 64 64 72	.the.server's.real.protocol.addr
600c0	65 73 73 20 69 73 20 64 79 6e 61 6d 69 63 61 6c 6c 79 20 64 65 74 65 63 74 65 64 20 66 72 6f 6d	ess.is.dynamically.detected.from
600e0	20 74 68 65 20 66 69 72 73 74 20 72 65 67 69 73 74 72 61 74 69 6f 6e 20 72 65 70 6c 79 2e 00 54	.the.first.registration.reply..T
60100	68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 50 50 50 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 74	he.following.PPP.configuration.t
60120	65 73 74 73 20 4d 53 43 48 41 50 2d 76 32 3a 00 54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 63 6f	ests.MSCHAP-v2:.The.following.co
60140	6d 6d 61 6e 64 20 63 61 6e 20 62 65 20 75 73 65 64 20 74 6f 20 67 65 6e 65 72 61 74 65 20 74 68	mmand.can.be.used.to.generate.th
60160	65 20 4f 54 50 20 6b 65 79 20 61 73 20 77 65 6c 6c 20 61 73 20 74 68 65 20 43 4c 49 20 63 6f 6d	e.OTP.key.as.well.as.the.CLI.com
60180	6d 61 6e 64 73 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 74 68 65 6d 3a 00 54 68 65 20 66 6f 6c	mands.to.configure.them:.The.fol
601a0	6c 6f 77 69 6e 67 20 63 6f 6d 6d 61 6e 64 73 20 6c 65 74 20 79 6f 75 20 63 68 65 63 6b 20 74 75	lowing.commands.let.you.check.tu
601c0	6e 6e 65 6c 20 73 74 61 74 75 73 2e 00 54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 63 6f 6d 6d 61	nnel.status..The.following.comma
601e0	6e 64 73 20 6c 65 74 20 79 6f 75 20 72 65 73 65 74 20 4f 70 65 6e 56 50 4e 2e 00 54 68 65 20 66	nds.let.you.reset.OpenVPN..The.f
60200	6f 6c 6c 6f 77 69 6e 67 20 63 6f 6d 6d 61 6e 64 73 20 74 72 61 6e 73 6c 61 74 65 20 74 6f 20 22	ollowing.commands.translate.to."
60220	2d 2d 6e 65 74 20 68 6f 73 74 22 20 77 68 65 6e 20 74 68 65 20 63 6f 6e 74 61 69 6e 65 72 20 69	--net.host".when.the.container.i
60240	73 20 63 72 65 61 74 65 64 00 54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 63 6f 6d 6d 61 6e 64 73	s.created.The.following.commands
60260	20 77 6f 75 6c 64 20 62 65 20 72 65 71 75 69 72 65 64 20 74 6f 20 73 65 74 20 6f 70 74 69 6f 6e	.would.be.required.to.set.option
60280	73 20 66 6f 72 20 61 20 67 69 76 65 6e 20 64 79 6e 61 6d 69 63 20 72 6f 75 74 69 6e 67 20 70 72	s.for.a.given.dynamic.routing.pr
602a0	6f 74 6f 63 6f 6c 20 69 6e 73 69 64 65 20 61 20 67 69 76 65 6e 20 76 72 66 3a 00 54 68 65 20 66	otocol.inside.a.given.vrf:.The.f
602c0	6f 6c 6c 6f 77 69 6e 67 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 64 65 6d 6f 6e 73 74 72 61	ollowing.configuration.demonstra
602e0	74 65 73 20 68 6f 77 20 74 6f 20 75 73 65 20 56 79 4f 53 20 74 6f 20 61 63 68 69 65 76 65 20 6c	tes.how.to.use.VyOS.to.achieve.l
60300	6f 61 64 20 62 61 6c 61 6e 63 69 6e 67 20 62 61 73 65 64 20 6f 6e 20 74 68 65 20 64 6f 6d 61 69	oad.balancing.based.on.the.domai
60320	6e 20 6e 61 6d 65 2e 00 54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 63 6f 6e 66 69 67 75 72 61 74	n.name..The.following.configurat
60340	69 6f 6e 20 65 78 70 6c 69 63 69 74 6c 79 20 6a 6f 69 6e 73 20 6d 75 6c 74 69 63 61 73 74 20 67	ion.explicitly.joins.multicast.g
60360	72 6f 75 70 20 60 66 66 31 35 3a 3a 31 32 33 34 60 20 6f 6e 20 69 6e 74 65 72 66 61 63 65 20 60	roup.`ff15::1234`.on.interface.`
60380	65 74 68 31 60 20 61 6e 64 20 73 6f 75 72 63 65 2d 73 70 65 63 69 66 69 63 20 6d 75 6c 74 69 63	eth1`.and.source-specific.multic
603a0	61 73 74 20 67 72 6f 75 70 20 60 66 66 31 35 3a 3a 35 36 37 38 60 20 77 69 74 68 20 73 6f 75 72	ast.group.`ff15::5678`.with.sour
603c0	63 65 20 61 64 64 72 65 73 73 20 60 32 30 30 31 3a 64 62 38 3a 3a 31 60 20 6f 6e 20 69 6e 74 65	ce.address.`2001:db8::1`.on.inte
603e0	72 66 61 63 65 20 60 65 74 68 31 60 3a 00 54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 63 6f 6e 66	rface.`eth1`:.The.following.conf
60400	69 67 75 72 61 74 69 6f 6e 20 6f 6e 20 56 79 4f 53 20 61 70 70 6c 69 65 73 20 74 6f 20 61 6c 6c	iguration.on.VyOS.applies.to.all
60420	20 66 6f 6c 6c 6f 77 69 6e 67 20 33 72 64 20 70 61 72 74 79 20 76 65 6e 64 6f 72 73 2e 20 49 74	.following.3rd.party.vendors..It
60440	20 63 72 65 61 74 65 73 20 61 20 62 6f 6e 64 20 77 69 74 68 20 74 77 6f 20 6c 69 6e 6b 73 20 61	.creates.a.bond.with.two.links.a
60460	6e 64 20 56 4c 41 4e 20 31 30 2c 20 31 30 30 20 6f 6e 20 74 68 65 20 62 6f 6e 64 65 64 20 69 6e	nd.VLAN.10,.100.on.the.bonded.in
60480	74 65 72 66 61 63 65 73 20 77 69 74 68 20 61 20 70 65 72 20 56 49 46 20 49 50 76 34 20 61 64 64	terfaces.with.a.per.VIF.IPv4.add
604a0	72 65 73 73 2e 00 54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 63 6f 6e 66 69 67 75 72 61 74 69 6f	ress..The.following.configuratio
604c0	6e 20 72 65 76 65 72 73 65 2d 70 72 6f 78 79 20 74 65 72 6d 69 6e 61 74 65 20 53 53 4c 2e 00 54	n.reverse-proxy.terminate.SSL..T
604e0	68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 77 69 6c 6c 20	he.following.configuration.will.
60500	61 73 73 69 67 6e 20 61 20 2f 36 34 20 70 72 65 66 69 78 20 6f 75 74 20 6f 66 20 61 20 2f 35 36	assign.a./64.prefix.out.of.a./56
60520	20 64 65 6c 65 67 61 74 69 6f 6e 20 74 6f 20 65 74 68 30 2e 20 54 68 65 20 49 50 76 36 20 61 64	.delegation.to.eth0..The.IPv6.ad
60540	64 72 65 73 73 20 61 73 73 69 67 6e 65 64 20 74 6f 20 65 74 68 30 20 77 69 6c 6c 20 62 65 20 3c	dress.assigned.to.eth0.will.be.<
60560	70 72 65 66 69 78 3e 3a 3a 66 66 66 66 2f 36 34 2e 20 49 66 20 79 6f 75 20 64 6f 20 6e 6f 74 20	prefix>::ffff/64..If.you.do.not.
60580	6b 6e 6f 77 20 74 68 65 20 70 72 65 66 69 78 20 73 69 7a 65 20 64 65 6c 65 67 61 74 65 64 20 74	know.the.prefix.size.delegated.t
605a0	6f 20 79 6f 75 2c 20 73 74 61 72 74 20 77 69 74 68 20 73 6c 61 2d 6c 65 6e 20 30 2e 00 54 68 65	o.you,.start.with.sla-len.0..The
605c0	20 66 6f 6c 6c 6f 77 69 6e 67 20 65 78 61 6d 70 6c 65 20 61 6c 6c 6f 77 73 20 56 79 4f 53 20 74	.following.example.allows.VyOS.t
605e0	6f 20 75 73 65 20 3a 61 62 62 72 3a 60 50 42 52 20 28 50 6f 6c 69 63 79 2d 42 61 73 65 64 20 52	o.use.:abbr:`PBR.(Policy-Based.R
60600	6f 75 74 69 6e 67 29 60 20 66 6f 72 20 74 72 61 66 66 69 63 2c 20 77 68 69 63 68 20 6f 72 69 67	outing)`.for.traffic,.which.orig
60620	69 6e 61 74 65 64 20 66 72 6f 6d 20 74 68 65 20 72 6f 75 74 65 72 20 69 74 73 65 6c 66 2e 20 54	inated.from.the.router.itself..T
60640	68 61 74 20 73 6f 6c 75 74 69 6f 6e 20 66 6f 72 20 6d 75 6c 74 69 70 6c 65 20 49 53 50 27 73 20	hat.solution.for.multiple.ISP's.
60660	61 6e 64 20 56 79 4f 53 20 72 6f 75 74 65 72 20 77 69 6c 6c 20 72 65 73 70 6f 6e 64 20 66 72 6f	and.VyOS.router.will.respond.fro
60680	6d 20 74 68 65 20 73 61 6d 65 20 69 6e 74 65 72 66 61 63 65 20 74 68 61 74 20 74 68 65 20 70 61	m.the.same.interface.that.the.pa
606a0	63 6b 65 74 20 77 61 73 20 72 65 63 65 69 76 65 64 2e 20 41 6c 73 6f 2c 20 69 74 20 75 73 65 64	cket.was.received..Also,.it.used
606c0	2c 20 69 66 20 77 65 20 77 61 6e 74 20 74 68 61 74 20 6f 6e 65 20 56 50 4e 20 74 75 6e 6e 65 6c	,.if.we.want.that.one.VPN.tunnel
606e0	20 74 6f 20 62 65 20 74 68 72 6f 75 67 68 20 6f 6e 65 20 70 72 6f 76 69 64 65 72 2c 20 61 6e 64	.to.be.through.one.provider,.and
60700	20 74 68 65 20 73 65 63 6f 6e 64 20 74 68 72 6f 75 67 68 20 61 6e 6f 74 68 65 72 2e 00 54 68 65	.the.second.through.another..The
60720	20 66 6f 6c 6c 6f 77 69 6e 67 20 65 78 61 6d 70 6c 65 20 63 72 65 61 74 65 73 20 61 20 57 41 50	.following.example.creates.a.WAP
60740	2e 20 57 68 65 6e 20 63 6f 6e 66 69 67 75 72 69 6e 67 20 6d 75 6c 74 69 70 6c 65 20 57 41 50 20	..When.configuring.multiple.WAP.
60760	69 6e 74 65 72 66 61 63 65 73 2c 20 79 6f 75 20 6d 75 73 74 20 73 70 65 63 69 66 79 20 75 6e 69	interfaces,.you.must.specify.uni
60780	71 75 65 20 49 50 20 61 64 64 72 65 73 73 65 73 2c 20 63 68 61 6e 6e 65 6c 73 2c 20 4e 65 74 77	que.IP.addresses,.channels,.Netw
607a0	6f 72 6b 20 49 44 73 20 63 6f 6d 6d 6f 6e 6c 79 20 72 65 66 65 72 72 65 64 20 74 6f 20 61 73 20	ork.IDs.commonly.referred.to.as.
607c0	3a 61 62 62 72 3a 60 53 53 49 44 20 28 53 65 72 76 69 63 65 20 53 65 74 20 49 64 65 6e 74 69 66	:abbr:`SSID.(Service.Set.Identif
607e0	69 65 72 29 60 2c 20 61 6e 64 20 4d 41 43 20 61 64 64 72 65 73 73 65 73 2e 00 54 68 65 20 66 6f	ier)`,.and.MAC.addresses..The.fo
60800	6c 6c 6f 77 69 6e 67 20 65 78 61 6d 70 6c 65 20 69 73 20 62 61 73 65 64 20 6f 6e 20 61 20 53 69	llowing.example.is.based.on.a.Si
60820	65 72 72 61 20 57 69 72 65 6c 65 73 73 20 4d 43 37 37 31 30 20 6d 69 6e 69 50 43 49 65 20 63 61	erra.Wireless.MC7710.miniPCIe.ca
60840	72 64 20 28 6f 6e 6c 79 20 74 68 65 20 66 6f 72 6d 20 66 61 63 74 6f 72 20 69 6e 20 72 65 61 6c	rd.(only.the.form.factor.in.real
60860	69 74 79 20 69 74 20 72 75 6e 73 20 55 42 53 29 20 61 6e 64 20 44 65 75 74 73 63 68 65 20 54 65	ity.it.runs.UBS).and.Deutsche.Te
60880	6c 65 6b 6f 6d 20 61 73 20 49 53 50 2e 20 54 68 65 20 63 61 72 64 20 69 73 20 61 73 73 65 6d 62	lekom.as.ISP..The.card.is.assemb
608a0	6c 65 64 20 69 6e 74 6f 20 61 20 3a 72 65 66 3a 60 70 63 2d 65 6e 67 69 6e 65 73 2d 61 70 75 34	led.into.a.:ref:`pc-engines-apu4
608c0	60 2e 00 54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 65 78 61 6d 70 6c 65 20 74 6f 70 6f 6c 6f 67	`..The.following.example.topolog
608e0	79 20 77 61 73 20 62 75 69 6c 74 20 75 73 69 6e 67 20 45 56 45 2d 4e 47 2e 00 54 68 65 20 66 6f	y.was.built.using.EVE-NG..The.fo
60900	6c 6c 6f 77 69 6e 67 20 65 78 61 6d 70 6c 65 20 77 69 6c 6c 20 73 68 6f 77 20 68 6f 77 20 56 79	llowing.example.will.show.how.Vy
60920	4f 53 20 63 61 6e 20 62 65 20 75 73 65 64 20 74 6f 20 72 65 64 69 72 65 63 74 20 77 65 62 20 74	OS.can.be.used.to.redirect.web.t
60940	72 61 66 66 69 63 20 74 6f 20 61 6e 20 65 78 74 65 72 6e 61 6c 20 74 72 61 6e 73 70 61 72 65 6e	raffic.to.an.external.transparen
60960	74 20 70 72 6f 78 79 3a 00 54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 68 61 72 64 77 61 72 65 20	t.proxy:.The.following.hardware.
60980	6d 6f 64 75 6c 65 73 20 68 61 76 65 20 62 65 65 6e 20 74 65 73 74 65 64 20 73 75 63 63 65 73 73	modules.have.been.tested.success
609a0	66 75 6c 6c 79 20 69 6e 20 61 6e 20 3a 72 65 66 3a 60 70 63 2d 65 6e 67 69 6e 65 73 2d 61 70 75	fully.in.an.:ref:`pc-engines-apu
609c0	34 60 20 62 6f 61 72 64 3a 00 54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 69 73 20 74 68 65 20 63	4`.board:.The.following.is.the.c
609e0	6f 6e 66 69 67 20 66 6f 72 20 74 68 65 20 69 50 68 6f 6e 65 20 70 65 65 72 20 61 62 6f 76 65 2e	onfig.for.the.iPhone.peer.above.
60a00	20 49 74 27 73 20 69 6d 70 6f 72 74 61 6e 74 20 74 6f 20 6e 6f 74 65 20 74 68 61 74 20 74 68 65	.It's.important.to.note.that.the
60a20	20 60 60 41 6c 6c 6f 77 65 64 49 50 73 60 60 20 77 69 6c 64 63 61 72 64 20 73 65 74 74 69 6e 67	.``AllowedIPs``.wildcard.setting
60a40	20 64 69 72 65 63 74 73 20 61 6c 6c 20 49 50 76 34 20 61 6e 64 20 49 50 76 36 20 74 72 61 66 66	.directs.all.IPv4.and.IPv6.traff
60a60	69 63 20 74 68 72 6f 75 67 68 20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 2e 00 54 68 65 20 66	ic.through.the.connection..The.f
60a80	6f 6c 6c 6f 77 69 6e 67 20 70 72 6f 74 6f 63 6f 6c 73 20 63 61 6e 20 62 65 20 75 73 65 64 3a 20	ollowing.protocols.can.be.used:.
60aa0	61 6e 79 2c 20 62 61 62 65 6c 2c 20 62 67 70 2c 20 63 6f 6e 6e 65 63 74 65 64 2c 20 65 69 67 72	any,.babel,.bgp,.connected,.eigr
60ac0	70 2c 20 69 73 69 73 2c 20 6b 65 72 6e 65 6c 2c 20 6f 73 70 66 2c 20 72 69 70 2c 20 73 74 61 74	p,.isis,.kernel,.ospf,.rip,.stat
60ae0	69 63 2c 20 74 61 62 6c 65 00 54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 70 72 6f 74 6f 63 6f 6c	ic,.table.The.following.protocol
60b00	73 20 63 61 6e 20 62 65 20 75 73 65 64 3a 20 61 6e 79 2c 20 62 61 62 65 6c 2c 20 62 67 70 2c 20	s.can.be.used:.any,.babel,.bgp,.
60b20	63 6f 6e 6e 65 63 74 65 64 2c 20 69 73 69 73 2c 20 6b 65 72 6e 65 6c 2c 20 6f 73 70 66 76 33 2c	connected,.isis,.kernel,.ospfv3,
60b40	20 72 69 70 6e 67 2c 20 73 74 61 74 69 63 2c 20 74 61 62 6c 65 00 54 68 65 20 66 6f 6c 6c 6f 77	.ripng,.static,.table.The.follow
60b60	69 6e 67 20 73 74 72 75 63 74 75 72 65 20 72 65 73 70 72 65 73 65 6e 74 20 74 68 65 20 63 6c 69	ing.structure.respresent.the.cli
60b80	20 73 74 72 75 63 74 75 72 65 2e 00 54 68 65 20 66 6f 72 6d 75 6c 61 20 66 6f 72 20 75 6e 66 72	.structure..The.formula.for.unfr
60ba0	61 67 6d 65 6e 74 65 64 20 54 43 50 20 61 6e 64 20 55 44 50 20 70 61 63 6b 65 74 73 20 69 73 00	agmented.TCP.and.UDP.packets.is.
60bc0	54 68 65 20 66 6f 72 77 61 72 64 69 6e 67 20 64 65 6c 61 79 20 74 69 6d 65 20 69 73 20 74 68 65	The.forwarding.delay.time.is.the
60be0	20 74 69 6d 65 20 73 70 65 6e 74 20 69 6e 20 65 61 63 68 20 6f 66 20 74 68 65 20 6c 69 73 74 65	.time.spent.in.each.of.the.liste
60c00	6e 69 6e 67 20 61 6e 64 20 6c 65 61 72 6e 69 6e 67 20 73 74 61 74 65 73 20 62 65 66 6f 72 65 20	ning.and.learning.states.before.
60c20	74 68 65 20 46 6f 72 77 61 72 64 69 6e 67 20 73 74 61 74 65 20 69 73 20 65 6e 74 65 72 65 64 2e	the.Forwarding.state.is.entered.
60c40	20 54 68 69 73 20 64 65 6c 61 79 20 69 73 20 73 6f 20 74 68 61 74 20 77 68 65 6e 20 61 20 6e 65	.This.delay.is.so.that.when.a.ne
60c60	77 20 62 72 69 64 67 65 20 63 6f 6d 65 73 20 6f 6e 74 6f 20 61 20 62 75 73 79 20 6e 65 74 77 6f	w.bridge.comes.onto.a.busy.netwo
60c80	72 6b 20 69 74 20 6c 6f 6f 6b 73 20 61 74 20 73 6f 6d 65 20 74 72 61 66 66 69 63 20 62 65 66 6f	rk.it.looks.at.some.traffic.befo
60ca0	72 65 20 70 61 72 74 69 63 69 70 61 74 69 6e 67 2e 00 54 68 65 20 67 65 6e 65 72 61 74 65 64 20	re.participating..The.generated.
60cc0	63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 77 69 6c 6c 20 6c 6f 6f 6b 20 6c 69 6b 65 3a 00 54 68	configuration.will.look.like:.Th
60ce0	65 20 67 65 6e 65 72 61 74 65 64 20 70 61 72 61 6d 65 74 65 72 73 20 61 72 65 20 74 68 65 6e 20	e.generated.parameters.are.then.
60d00	6f 75 74 70 75 74 20 74 6f 20 74 68 65 20 63 6f 6e 73 6f 6c 65 2e 00 54 68 65 20 67 65 6e 65 72	output.to.the.console..The.gener
60d20	69 63 20 6e 61 6d 65 20 6f 66 20 51 75 61 6c 69 74 79 20 6f 66 20 53 65 72 76 69 63 65 20 6f 72	ic.name.of.Quality.of.Service.or
60d40	20 54 72 61 66 66 69 63 20 43 6f 6e 74 72 6f 6c 20 69 6e 76 6f 6c 76 65 73 20 74 68 69 6e 67 73	.Traffic.Control.involves.things
60d60	20 6c 69 6b 65 20 73 68 61 70 69 6e 67 20 74 72 61 66 66 69 63 2c 20 73 63 68 65 64 75 6c 69 6e	.like.shaping.traffic,.schedulin
60d80	67 20 6f 72 20 64 72 6f 70 70 69 6e 67 20 70 61 63 6b 65 74 73 2c 20 77 68 69 63 68 20 61 72 65	g.or.dropping.packets,.which.are
60da0	20 74 68 65 20 6b 69 6e 64 20 6f 66 20 74 68 69 6e 67 73 20 79 6f 75 20 6d 61 79 20 77 61 6e 74	.the.kind.of.things.you.may.want
60dc0	20 74 6f 20 70 6c 61 79 20 77 69 74 68 20 77 68 65 6e 20 79 6f 75 20 68 61 76 65 2c 20 66 6f 72	.to.play.with.when.you.have,.for
60de0	20 69 6e 73 74 61 6e 63 65 2c 20 61 20 62 61 6e 64 77 69 64 74 68 20 62 6f 74 74 6c 65 6e 65 63	.instance,.a.bandwidth.bottlenec
60e00	6b 20 69 6e 20 61 20 6c 69 6e 6b 20 61 6e 64 20 79 6f 75 20 77 61 6e 74 20 74 6f 20 73 6f 6d 65	k.in.a.link.and.you.want.to.some
60e20	68 6f 77 20 70 72 69 6f 72 69 74 69 7a 65 20 73 6f 6d 65 20 74 79 70 65 20 6f 66 20 74 72 61 66	how.prioritize.some.type.of.traf
60e40	66 69 63 20 6f 76 65 72 20 61 6e 6f 74 68 65 72 2e 00 54 68 65 20 68 61 73 68 20 74 79 70 65 20	fic.over.another..The.hash.type.
60e60	75 73 65 64 20 77 68 65 6e 20 64 69 73 63 6f 76 65 72 69 6e 67 20 66 69 6c 65 20 6f 6e 20 6d 61	used.when.discovering.file.on.ma
60e80	73 74 65 72 20 73 65 72 76 65 72 20 28 64 65 66 61 75 6c 74 3a 20 73 68 61 32 35 36 29 00 54 68	ster.server.(default:.sha256).Th
60ea0	65 20 68 65 61 6c 74 68 20 6f 66 20 69 6e 74 65 72 66 61 63 65 73 20 61 6e 64 20 70 61 74 68 73	e.health.of.interfaces.and.paths
60ec0	20 61 73 73 69 67 6e 65 64 20 74 6f 20 74 68 65 20 6c 6f 61 64 20 62 61 6c 61 6e 63 65 72 20 69	.assigned.to.the.load.balancer.i
60ee0	73 20 70 65 72 69 6f 64 69 63 61 6c 6c 79 20 63 68 65 63 6b 65 64 20 62 79 20 73 65 6e 64 69 6e	s.periodically.checked.by.sendin
60f00	67 20 49 43 4d 50 20 70 61 63 6b 65 74 73 20 28 70 69 6e 67 29 20 74 6f 20 72 65 6d 6f 74 65 20	g.ICMP.packets.(ping).to.remote.
60f20	64 65 73 74 69 6e 61 74 69 6f 6e 73 2c 20 61 20 54 54 4c 20 74 65 73 74 20 6f 72 20 74 68 65 20	destinations,.a.TTL.test.or.the.
60f40	65 78 65 63 75 74 69 6f 6e 20 6f 66 20 61 20 75 73 65 72 20 64 65 66 69 6e 65 64 20 73 63 72 69	execution.of.a.user.defined.scri
60f60	70 74 2e 20 49 66 20 61 6e 20 69 6e 74 65 72 66 61 63 65 20 66 61 69 6c 73 20 74 68 65 20 68 65	pt..If.an.interface.fails.the.he
60f80	61 6c 74 68 20 63 68 65 63 6b 20 69 74 20 69 73 20 72 65 6d 6f 76 65 64 20 66 72 6f 6d 20 74 68	alth.check.it.is.removed.from.th
60fa0	65 20 6c 6f 61 64 20 62 61 6c 61 6e 63 65 72 27 73 20 70 6f 6f 6c 20 6f 66 20 69 6e 74 65 72 66	e.load.balancer's.pool.of.interf
60fc0	61 63 65 73 2e 20 54 6f 20 65 6e 61 62 6c 65 20 68 65 61 6c 74 68 20 63 68 65 63 6b 69 6e 67 20	aces..To.enable.health.checking.
60fe0	66 6f 72 20 61 6e 20 69 6e 74 65 72 66 61 63 65 3a 00 54 68 65 20 68 65 6c 6c 6f 2d 6d 75 6c 74	for.an.interface:.The.hello-mult
61000	69 70 6c 69 65 72 20 73 70 65 63 69 66 69 65 73 20 68 6f 77 20 6d 61 6e 79 20 48 65 6c 6c 6f 73	iplier.specifies.how.many.Hellos
61020	20 74 6f 20 73 65 6e 64 20 70 65 72 20 73 65 63 6f 6e 64 2c 20 66 72 6f 6d 20 31 20 28 65 76 65	.to.send.per.second,.from.1.(eve
61040	72 79 20 73 65 63 6f 6e 64 29 20 74 6f 20 31 30 20 28 65 76 65 72 79 20 31 30 30 6d 73 29 2e 20	ry.second).to.10.(every.100ms)..
61060	54 68 75 73 20 6f 6e 65 20 63 61 6e 20 68 61 76 65 20 31 73 20 63 6f 6e 76 65 72 67 65 6e 63 65	Thus.one.can.have.1s.convergence
61080	20 74 69 6d 65 20 66 6f 72 20 4f 53 50 46 2e 20 49 66 20 74 68 69 73 20 66 6f 72 6d 20 69 73 20	.time.for.OSPF..If.this.form.is.
610a0	73 70 65 63 69 66 69 65 64 2c 20 74 68 65 6e 20 74 68 65 20 68 65 6c 6c 6f 2d 69 6e 74 65 72 76	specified,.then.the.hello-interv
610c0	61 6c 20 61 64 76 65 72 74 69 73 65 64 20 69 6e 20 48 65 6c 6c 6f 20 70 61 63 6b 65 74 73 20 69	al.advertised.in.Hello.packets.i
610e0	73 20 73 65 74 20 74 6f 20 30 20 61 6e 64 20 74 68 65 20 68 65 6c 6c 6f 2d 69 6e 74 65 72 76 61	s.set.to.0.and.the.hello-interva
61100	6c 20 6f 6e 20 72 65 63 65 69 76 65 64 20 48 65 6c 6c 6f 20 70 61 63 6b 65 74 73 20 69 73 20 6e	l.on.received.Hello.packets.is.n
61120	6f 74 20 63 68 65 63 6b 65 64 2c 20 74 68 75 73 20 74 68 65 20 68 65 6c 6c 6f 2d 6d 75 6c 74 69	ot.checked,.thus.the.hello-multi
61140	70 6c 69 65 72 20 6e 65 65 64 20 4e 4f 54 20 62 65 20 74 68 65 20 73 61 6d 65 20 61 63 72 6f 73	plier.need.NOT.be.the.same.acros
61160	73 20 6d 75 6c 74 69 70 6c 65 20 72 6f 75 74 65 72 73 20 6f 6e 20 61 20 63 6f 6d 6d 6f 6e 20 6c	s.multiple.routers.on.a.common.l
61180	69 6e 6b 2e 00 54 68 65 20 68 6f 73 74 6e 61 6d 65 20 63 61 6e 20 62 65 20 75 70 20 74 6f 20 36	ink..The.hostname.can.be.up.to.6
611a0	33 20 63 68 61 72 61 63 74 65 72 73 2e 20 41 20 68 6f 73 74 6e 61 6d 65 20 6d 75 73 74 20 73 74	3.characters..A.hostname.must.st
611c0	61 72 74 20 61 6e 64 20 65 6e 64 20 77 69 74 68 20 61 20 6c 65 74 74 65 72 20 6f 72 20 64 69 67	art.and.end.with.a.letter.or.dig
611e0	69 74 2c 20 61 6e 64 20 68 61 76 65 20 61 73 20 69 6e 74 65 72 69 6f 72 20 63 68 61 72 61 63 74	it,.and.have.as.interior.charact
61200	65 72 73 20 6f 6e 6c 79 20 6c 65 74 74 65 72 73 2c 20 64 69 67 69 74 73 2c 20 6f 72 20 61 20 68	ers.only.letters,.digits,.or.a.h
61220	79 70 68 65 6e 2e 00 54 68 65 20 68 6f 73 74 6e 61 6d 65 20 6f 72 20 49 50 20 61 64 64 72 65 73	yphen..The.hostname.or.IP.addres
61240	73 20 6f 66 20 74 68 65 20 6d 61 73 74 65 72 00 54 68 65 20 69 64 65 6e 74 69 66 69 65 72 20 69	s.of.the.master.The.identifier.i
61260	73 20 74 68 65 20 64 65 76 69 63 65 27 73 20 44 55 49 44 3a 20 63 6f 6c 6f 6e 2d 73 65 70 61 72	s.the.device's.DUID:.colon-separ
61280	61 74 65 64 20 68 65 78 20 6c 69 73 74 20 28 61 73 20 75 73 65 64 20 62 79 20 69 73 63 2d 64 68	ated.hex.list.(as.used.by.isc-dh
612a0	63 70 20 6f 70 74 69 6f 6e 20 64 68 63 70 76 36 2e 63 6c 69 65 6e 74 2d 69 64 29 2e 20 49 66 20	cp.option.dhcpv6.client-id)..If.
612c0	74 68 65 20 64 65 76 69 63 65 20 61 6c 72 65 61 64 79 20 68 61 73 20 61 20 64 79 6e 61 6d 69 63	the.device.already.has.a.dynamic
612e0	20 6c 65 61 73 65 20 66 72 6f 6d 20 74 68 65 20 44 48 43 50 76 36 20 73 65 72 76 65 72 2c 20 69	.lease.from.the.DHCPv6.server,.i
61300	74 73 20 44 55 49 44 20 63 61 6e 20 62 65 20 66 6f 75 6e 64 20 77 69 74 68 20 60 60 73 68 6f 77	ts.DUID.can.be.found.with.``show
61320	20 73 65 72 76 69 63 65 20 64 68 63 70 76 36 20 73 65 72 76 65 72 20 6c 65 61 73 65 73 60 60 2e	.service.dhcpv6.server.leases``.
61340	20 54 68 65 20 44 55 49 44 20 62 65 67 69 6e 73 20 61 74 20 74 68 65 20 35 74 68 20 6f 63 74 65	.The.DUID.begins.at.the.5th.octe
61360	74 20 28 61 66 74 65 72 20 74 68 65 20 34 74 68 20 63 6f 6c 6f 6e 29 20 6f 66 20 49 41 49 44 5f	t.(after.the.4th.colon).of.IAID_
61380	44 55 49 44 2e 00 54 68 65 20 69 6e 64 69 76 69 64 75 61 6c 20 73 70 6f 6b 65 20 63 6f 6e 66 69	DUID..The.individual.spoke.confi
613a0	67 75 72 61 74 69 6f 6e 73 20 6f 6e 6c 79 20 64 69 66 66 65 72 20 69 6e 20 74 68 65 20 6c 6f 63	gurations.only.differ.in.the.loc
613c0	61 6c 20 49 50 20 61 64 64 72 65 73 73 20 6f 6e 20 74 68 65 20 60 60 74 75 6e 31 30 60 60 20 69	al.IP.address.on.the.``tun10``.i
613e0	6e 74 65 72 66 61 63 65 2e 20 53 65 65 20 74 68 65 20 61 62 6f 76 65 20 64 69 61 67 72 61 6d 20	nterface..See.the.above.diagram.
61400	66 6f 72 20 74 68 65 20 69 6e 64 69 76 69 64 75 61 6c 20 49 50 20 61 64 64 72 65 73 73 65 73 2e	for.the.individual.IP.addresses.
61420	00 54 68 65 20 69 6e 6e 65 72 20 74 61 67 20 69 73 20 74 68 65 20 74 61 67 20 77 68 69 63 68 20	.The.inner.tag.is.the.tag.which.
61440	69 73 20 63 6c 6f 73 65 73 74 20 74 6f 20 74 68 65 20 70 61 79 6c 6f 61 64 20 70 6f 72 74 69 6f	is.closest.to.the.payload.portio
61460	6e 20 6f 66 20 74 68 65 20 66 72 61 6d 65 2e 20 49 74 20 69 73 20 6f 66 66 69 63 69 61 6c 6c 79	n.of.the.frame..It.is.officially
61480	20 63 61 6c 6c 65 64 20 43 2d 54 41 47 20 28 63 75 73 74 6f 6d 65 72 20 74 61 67 2c 20 77 69 74	.called.C-TAG.(customer.tag,.wit
614a0	68 20 65 74 68 65 72 74 79 70 65 20 30 78 38 31 30 30 29 2e 20 54 68 65 20 6f 75 74 65 72 20 74	h.ethertype.0x8100)..The.outer.t
614c0	61 67 20 69 73 20 74 68 65 20 6f 6e 65 20 63 6c 6f 73 65 72 2f 63 6c 6f 73 65 73 74 20 74 6f 20	ag.is.the.one.closer/closest.to.
614e0	74 68 65 20 45 74 68 65 72 6e 65 74 20 68 65 61 64 65 72 2c 20 69 74 73 20 6e 61 6d 65 20 69 73	the.Ethernet.header,.its.name.is
61500	20 53 2d 54 41 47 20 28 73 65 72 76 69 63 65 20 74 61 67 20 77 69 74 68 20 45 74 68 65 72 6e 65	.S-TAG.(service.tag.with.Etherne
61520	74 20 54 79 70 65 20 3d 20 30 78 38 38 61 38 29 2e 00 54 68 65 20 69 6e 74 65 72 66 61 63 65 20	t.Type.=.0x88a8)..The.interface.
61540	74 72 61 66 66 69 63 20 77 69 6c 6c 20 62 65 20 63 6f 6d 69 6e 67 20 69 6e 20 6f 6e 3b 00 54 68	traffic.will.be.coming.in.on;.Th
61560	65 20 69 6e 74 65 72 66 61 63 65 20 75 73 65 64 20 74 6f 20 72 65 63 65 69 76 65 20 61 6e 64 20	e.interface.used.to.receive.and.
61580	72 65 6c 61 79 20 69 6e 64 69 76 69 64 75 61 6c 20 62 72 6f 61 64 63 61 73 74 20 70 61 63 6b 65	relay.individual.broadcast.packe
615a0	74 73 2e 20 49 66 20 79 6f 75 20 77 61 6e 74 20 74 6f 20 72 65 63 65 69 76 65 2f 72 65 6c 61 79	ts..If.you.want.to.receive/relay
615c0	20 70 61 63 6b 65 74 73 20 6f 6e 20 62 6f 74 68 20 60 65 74 68 31 60 20 61 6e 64 20 60 65 74 68	.packets.on.both.`eth1`.and.`eth
615e0	32 60 20 62 6f 74 68 20 69 6e 74 65 72 66 61 63 65 73 20 6e 65 65 64 20 74 6f 20 62 65 20 61 64	2`.both.interfaces.need.to.be.ad
61600	64 65 64 2e 00 54 68 65 20 69 6e 74 65 72 6e 61 6c 20 49 50 20 61 64 64 72 65 73 73 65 73 20 77	ded..The.internal.IP.addresses.w
61620	65 20 77 61 6e 74 20 74 6f 20 74 72 61 6e 73 6c 61 74 65 00 54 68 65 20 69 6e 76 65 72 73 65 20	e.want.to.translate.The.inverse.
61640	63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 68 61 73 20 74 6f 20 62 65 20 61 70 70 6c 69 65 64 20	configuration.has.to.be.applied.
61660	74 6f 20 74 68 65 20 72 65 6d 6f 74 65 20 73 69 64 65 2e 00 54 68 65 20 6c 61 72 67 65 73 74 20	to.the.remote.side..The.largest.
61680	4d 54 55 20 73 69 7a 65 20 79 6f 75 20 63 61 6e 20 75 73 65 20 77 69 74 68 20 44 53 4c 20 69 73	MTU.size.you.can.use.with.DSL.is
616a0	20 31 34 39 32 20 64 75 65 20 74 6f 20 50 50 50 6f 45 20 6f 76 65 72 68 65 61 64 2e 20 49 66 20	.1492.due.to.PPPoE.overhead..If.
616c0	79 6f 75 20 61 72 65 20 73 77 69 74 63 68 69 6e 67 20 66 72 6f 6d 20 61 20 44 48 43 50 20 62 61	you.are.switching.from.a.DHCP.ba
616e0	73 65 64 20 49 53 50 20 6c 69 6b 65 20 63 61 62 6c 65 20 74 68 65 6e 20 62 65 20 61 77 61 72 65	sed.ISP.like.cable.then.be.aware
61700	20 74 68 61 74 20 74 68 69 6e 67 73 20 6c 69 6b 65 20 56 50 4e 20 6c 69 6e 6b 73 20 6d 61 79 20	.that.things.like.VPN.links.may.
61720	6e 65 65 64 20 74 6f 20 68 61 76 65 20 74 68 65 69 72 20 4d 54 55 20 73 69 7a 65 73 20 61 64 6a	need.to.have.their.MTU.sizes.adj
61740	75 73 74 65 64 20 74 6f 20 77 6f 72 6b 20 77 69 74 68 69 6e 20 74 68 69 73 20 6c 69 6d 69 74 2e	usted.to.work.within.this.limit.
61760	00 54 68 65 20 6c 61 73 74 20 73 74 65 70 20 69 73 20 74 6f 20 64 65 66 69 6e 65 20 61 6e 20 69	.The.last.step.is.to.define.an.i
61780	6e 74 65 72 66 61 63 65 20 72 6f 75 74 65 20 66 6f 72 20 31 39 32 2e 31 36 38 2e 32 2e 30 2f 32	nterface.route.for.192.168.2.0/2
617a0	34 20 74 6f 20 67 65 74 20 74 68 72 6f 75 67 68 20 74 68 65 20 57 69 72 65 47 75 61 72 64 20 69	4.to.get.through.the.WireGuard.i
617c0	6e 74 65 72 66 61 63 65 20 60 77 67 30 31 60 2e 20 4d 75 6c 74 69 70 6c 65 20 49 50 73 20 6f 72	nterface.`wg01`..Multiple.IPs.or
617e0	20 6e 65 74 77 6f 72 6b 73 20 63 61 6e 20 62 65 20 64 65 66 69 6e 65 64 20 61 6e 64 20 72 6f 75	.networks.can.be.defined.and.rou
61800	74 65 64 2e 20 54 68 65 20 6c 61 73 74 20 63 68 65 63 6b 20 69 73 20 61 6c 6c 6f 77 65 64 2d 69	ted..The.last.check.is.allowed-i
61820	70 73 20 77 68 69 63 68 20 65 69 74 68 65 72 20 70 72 65 76 65 6e 74 73 20 6f 72 20 61 6c 6c 6f	ps.which.either.prevents.or.allo
61840	77 73 20 74 68 65 20 74 72 61 66 66 69 63 2e 00 54 68 65 20 6c 69 6d 69 74 65 72 20 70 65 72 66	ws.the.traffic..The.limiter.perf
61860	6f 72 6d 73 20 62 61 73 69 63 20 69 6e 67 72 65 73 73 20 70 6f 6c 69 63 69 6e 67 20 6f 66 20 74	orms.basic.ingress.policing.of.t
61880	72 61 66 66 69 63 20 66 6c 6f 77 73 2e 20 4d 75 6c 74 69 70 6c 65 20 63 6c 61 73 73 65 73 20 6f	raffic.flows..Multiple.classes.o
618a0	66 20 74 72 61 66 66 69 63 20 63 61 6e 20 62 65 20 64 65 66 69 6e 65 64 20 61 6e 64 20 74 72 61	f.traffic.can.be.defined.and.tra
618c0	66 66 69 63 20 6c 69 6d 69 74 73 20 63 61 6e 20 62 65 20 61 70 70 6c 69 65 64 20 74 6f 20 65 61	ffic.limits.can.be.applied.to.ea
618e0	63 68 20 63 6c 61 73 73 2e 20 41 6c 74 68 6f 75 67 68 20 74 68 65 20 70 6f 6c 69 63 65 72 20 75	ch.class..Although.the.policer.u
61900	73 65 73 20 61 20 74 6f 6b 65 6e 20 62 75 63 6b 65 74 20 6d 65 63 68 61 6e 69 73 6d 20 69 6e 74	ses.a.token.bucket.mechanism.int
61920	65 72 6e 61 6c 6c 79 2c 20 69 74 20 64 6f 65 73 20 6e 6f 74 20 68 61 76 65 20 74 68 65 20 63 61	ernally,.it.does.not.have.the.ca
61940	70 61 62 69 6c 69 74 79 20 74 6f 20 64 65 6c 61 79 20 61 20 70 61 63 6b 65 74 20 61 73 20 61 20	pability.to.delay.a.packet.as.a.
61960	73 68 61 70 69 6e 67 20 6d 65 63 68 61 6e 69 73 6d 20 64 6f 65 73 2e 20 54 72 61 66 66 69 63 20	shaping.mechanism.does..Traffic.
61980	65 78 63 65 65 64 69 6e 67 20 74 68 65 20 64 65 66 69 6e 65 64 20 62 61 6e 64 77 69 64 74 68 20	exceeding.the.defined.bandwidth.
619a0	6c 69 6d 69 74 73 20 69 73 20 64 69 72 65 63 74 6c 79 20 64 72 6f 70 70 65 64 2e 20 41 20 6d 61	limits.is.directly.dropped..A.ma
619c0	78 69 6d 75 6d 20 61 6c 6c 6f 77 65 64 20 62 75 72 73 74 20 63 61 6e 20 62 65 20 63 6f 6e 66 69	ximum.allowed.burst.can.be.confi
619e0	67 75 72 65 64 20 74 6f 6f 2e 00 54 68 65 20 6c 69 6e 6b 20 62 61 6e 64 77 69 64 74 68 20 65 78	gured.too..The.link.bandwidth.ex
61a00	74 65 6e 64 65 64 20 63 6f 6d 6d 75 6e 69 74 79 20 69 73 20 65 6e 63 6f 64 65 64 20 61 73 20 6e	tended.community.is.encoded.as.n
61a20	6f 6e 2d 74 72 61 6e 73 69 74 69 76 65 00 54 68 65 20 6c 6f 63 61 6c 20 49 50 76 34 20 6f 72 20	on-transitive.The.local.IPv4.or.
61a40	49 50 76 36 20 61 64 64 72 65 73 73 65 73 20 74 6f 20 62 69 6e 64 20 74 68 65 20 44 4e 53 20 66	IPv6.addresses.to.bind.the.DNS.f
61a60	6f 72 77 61 72 64 65 72 20 74 6f 2e 20 54 68 65 20 66 6f 72 77 61 72 64 65 72 20 77 69 6c 6c 20	orwarder.to..The.forwarder.will.
61a80	6c 69 73 74 65 6e 20 6f 6e 20 74 68 69 73 20 61 64 64 72 65 73 73 20 66 6f 72 20 69 6e 63 6f 6d	listen.on.this.address.for.incom
61aa0	69 6e 67 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 2e 00 54 68 65 20 6c 6f 63 61 6c 20 49 50 76 34 20	ing.connections..The.local.IPv4.
61ac0	6f 72 20 49 50 76 36 20 61 64 64 72 65 73 73 65 73 20 74 6f 20 75 73 65 20 61 73 20 61 20 73 6f	or.IPv6.addresses.to.use.as.a.so
61ae0	75 72 63 65 20 61 64 64 72 65 73 73 20 66 6f 72 20 73 65 6e 64 69 6e 67 20 71 75 65 72 69 65 73	urce.address.for.sending.queries
61b00	2e 20 54 68 65 20 66 6f 72 77 61 72 64 65 72 20 77 69 6c 6c 20 73 65 6e 64 20 66 6f 72 77 61 72	..The.forwarder.will.send.forwar
61b20	64 65 64 20 6f 75 74 62 6f 75 6e 64 20 44 4e 53 20 72 65 71 75 65 73 74 73 20 66 72 6f 6d 20 74	ded.outbound.DNS.requests.from.t
61b40	68 69 73 20 61 64 64 72 65 73 73 2e 00 54 68 65 20 6c 6f 63 61 6c 20 73 69 74 65 20 77 69 6c 6c	his.address..The.local.site.will
61b60	20 68 61 76 65 20 61 20 73 75 62 6e 65 74 20 6f 66 20 31 30 2e 30 2e 30 2e 30 2f 31 36 2e 00 54	.have.a.subnet.of.10.0.0.0/16..T
61b80	68 65 20 6c 6f 6f 70 62 61 63 6b 20 6e 65 74 77 6f 72 6b 69 6e 67 20 69 6e 74 65 72 66 61 63 65	he.loopback.networking.interface
61ba0	20 69 73 20 61 20 76 69 72 74 75 61 6c 20 6e 65 74 77 6f 72 6b 20 64 65 76 69 63 65 20 69 6d 70	.is.a.virtual.network.device.imp
61bc0	6c 65 6d 65 6e 74 65 64 20 65 6e 74 69 72 65 6c 79 20 69 6e 20 73 6f 66 74 77 61 72 65 2e 20 41	lemented.entirely.in.software..A
61be0	6c 6c 20 74 72 61 66 66 69 63 20 73 65 6e 74 20 74 6f 20 69 74 20 22 6c 6f 6f 70 73 20 62 61 63	ll.traffic.sent.to.it."loops.bac
61c00	6b 22 20 61 6e 64 20 6a 75 73 74 20 74 61 72 67 65 74 73 20 73 65 72 76 69 63 65 73 20 6f 6e 20	k".and.just.targets.services.on.
61c20	79 6f 75 72 20 6c 6f 63 61 6c 20 6d 61 63 68 69 6e 65 2e 00 54 68 65 20 6d 61 78 69 6d 75 6d 20	your.local.machine..The.maximum.
61c40	6e 75 6d 62 65 72 20 6f 66 20 74 61 72 67 65 74 73 20 74 68 61 74 20 63 61 6e 20 62 65 20 73 70	number.of.targets.that.can.be.sp
61c60	65 63 69 66 69 65 64 20 69 73 20 31 36 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 76 61 6c 75 65	ecified.is.16..The.default.value
61c80	20 69 73 20 6e 6f 20 49 50 20 61 64 64 72 65 73 73 2e 00 54 68 65 20 6d 65 61 6e 69 6e 67 20 6f	.is.no.IP.address..The.meaning.o
61ca0	66 20 74 68 65 20 43 6c 61 73 73 20 49 44 20 69 73 20 6e 6f 74 20 74 68 65 20 73 61 6d 65 20 66	f.the.Class.ID.is.not.the.same.f
61cc0	6f 72 20 65 76 65 72 79 20 74 79 70 65 20 6f 66 20 70 6f 6c 69 63 79 2e 20 4e 6f 72 6d 61 6c 6c	or.every.type.of.policy..Normall
61ce0	79 20 70 6f 6c 69 63 69 65 73 20 6a 75 73 74 20 6e 65 65 64 20 61 20 6d 65 61 6e 69 6e 67 6c 65	y.policies.just.need.a.meaningle
61d00	73 73 20 6e 75 6d 62 65 72 20 74 6f 20 69 64 65 6e 74 69 66 79 20 61 20 63 6c 61 73 73 20 28 43	ss.number.to.identify.a.class.(C
61d20	6c 61 73 73 20 49 44 29 2c 20 62 75 74 20 74 68 61 74 20 64 6f 65 73 20 6e 6f 74 20 61 70 70 6c	lass.ID),.but.that.does.not.appl
61d40	79 20 74 6f 20 65 76 65 72 79 20 70 6f 6c 69 63 79 2e 20 54 68 65 20 6e 75 6d 62 65 72 20 6f 66	y.to.every.policy..The.number.of
61d60	20 61 20 63 6c 61 73 73 20 69 6e 20 61 20 50 72 69 6f 72 69 74 79 20 51 75 65 75 65 20 69 74 20	.a.class.in.a.Priority.Queue.it.
61d80	64 6f 65 73 20 6e 6f 74 20 6f 6e 6c 79 20 69 64 65 6e 74 69 66 79 20 69 74 2c 20 69 74 20 61 6c	does.not.only.identify.it,.it.al
61da0	73 6f 20 64 65 66 69 6e 65 73 20 69 74 73 20 70 72 69 6f 72 69 74 79 2e 00 54 68 65 20 6d 65 6d	so.defines.its.priority..The.mem
61dc0	62 65 72 20 69 6e 74 65 72 66 61 63 65 20 60 65 74 68 31 60 20 69 73 20 61 20 74 72 75 6e 6b 20	ber.interface.`eth1`.is.a.trunk.
61de0	74 68 61 74 20 61 6c 6c 6f 77 73 20 56 4c 41 4e 20 31 30 20 74 6f 20 70 61 73 73 00 54 68 65 20	that.allows.VLAN.10.to.pass.The.
61e00	6d 65 74 72 69 63 20 72 61 6e 67 65 20 69 73 20 31 20 74 6f 20 31 36 37 37 37 32 31 35 20 28 4d	metric.range.is.1.to.16777215.(M
61e20	61 78 20 76 61 6c 75 65 20 64 65 70 65 6e 64 20 69 66 20 6d 65 74 72 69 63 20 73 75 70 70 6f 72	ax.value.depend.if.metric.suppor
61e40	74 20 6e 61 72 72 6f 77 20 6f 72 20 77 69 64 65 20 76 61 6c 75 65 29 2e 00 54 68 65 20 6d 69 6e	t.narrow.or.wide.value)..The.min
61e60	69 6d 61 6c 20 65 63 68 6f 20 72 65 63 65 69 76 65 20 74 72 61 6e 73 6d 69 73 73 69 6f 6e 20 69	imal.echo.receive.transmission.i
61e80	6e 74 65 72 76 61 6c 20 74 68 61 74 20 74 68 69 73 20 73 79 73 74 65 6d 20 69 73 20 63 61 70 61	nterval.that.this.system.is.capa
61ea0	62 6c 65 20 6f 66 20 68 61 6e 64 6c 69 6e 67 00 54 68 65 20 6d 6f 73 74 20 76 69 73 69 62 6c 65	ble.of.handling.The.most.visible
61ec0	20 61 70 70 6c 69 63 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 70 72 6f 74 6f 63 6f 6c 20 69 73 20	.application.of.the.protocol.is.
61ee0	66 6f 72 20 61 63 63 65 73 73 20 74 6f 20 73 68 65 6c 6c 20 61 63 63 6f 75 6e 74 73 20 6f 6e 20	for.access.to.shell.accounts.on.
61f00	55 6e 69 78 2d 6c 69 6b 65 20 6f 70 65 72 61 74 69 6e 67 20 73 79 73 74 65 6d 73 2c 20 62 75 74	Unix-like.operating.systems,.but
61f20	20 69 74 20 73 65 65 73 20 73 6f 6d 65 20 6c 69 6d 69 74 65 64 20 75 73 65 20 6f 6e 20 57 69 6e	.it.sees.some.limited.use.on.Win
61f40	64 6f 77 73 20 61 73 20 77 65 6c 6c 2e 20 49 6e 20 32 30 31 35 2c 20 4d 69 63 72 6f 73 6f 66 74	dows.as.well..In.2015,.Microsoft
61f60	20 61 6e 6e 6f 75 6e 63 65 64 20 74 68 61 74 20 74 68 65 79 20 77 6f 75 6c 64 20 69 6e 63 6c 75	.announced.that.they.would.inclu
61f80	64 65 20 6e 61 74 69 76 65 20 73 75 70 70 6f 72 74 20 66 6f 72 20 53 53 48 20 69 6e 20 61 20 66	de.native.support.for.SSH.in.a.f
61fa0	75 74 75 72 65 20 72 65 6c 65 61 73 65 2e 00 54 68 65 20 6d 75 6c 74 69 63 61 73 74 2d 67 72 6f	uture.release..The.multicast-gro
61fc0	75 70 20 75 73 65 64 20 62 79 20 61 6c 6c 20 6c 65 61 76 65 73 20 66 6f 72 20 74 68 69 73 20 76	up.used.by.all.leaves.for.this.v
61fe0	6c 61 6e 20 65 78 74 65 6e 73 69 6f 6e 2e 20 48 61 73 20 74 6f 20 62 65 20 74 68 65 20 73 61 6d	lan.extension..Has.to.be.the.sam
62000	65 20 6f 6e 20 61 6c 6c 20 6c 65 61 76 65 73 20 74 68 61 74 20 68 61 73 20 74 68 69 73 20 69 6e	e.on.all.leaves.that.has.this.in
62020	74 65 72 66 61 63 65 2e 00 54 68 65 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 73 65 72 76 69 63 65	terface..The.name.of.the.service
62040	20 63 61 6e 20 62 65 20 64 69 66 66 65 72 65 6e 74 2c 20 69 6e 20 74 68 69 73 20 65 78 61 6d 70	.can.be.different,.in.this.examp
62060	6c 65 20 69 74 20 69 73 20 6f 6e 6c 79 20 66 6f 72 20 63 6f 6e 76 65 6e 69 65 6e 63 65 2e 00 54	le.it.is.only.for.convenience..T
62080	68 65 20 6e 65 74 77 6f 72 6b 20 74 6f 70 6f 6c 6f 67 79 20 69 73 20 64 65 63 6c 61 72 65 64 20	he.network.topology.is.declared.
620a0	62 79 20 73 68 61 72 65 64 2d 6e 65 74 77 6f 72 6b 2d 6e 61 6d 65 20 61 6e 64 20 74 68 65 20 73	by.shared-network-name.and.the.s
620c0	75 62 6e 65 74 20 64 65 63 6c 61 72 61 74 69 6f 6e 73 2e 20 54 68 65 20 44 48 43 50 20 73 65 72	ubnet.declarations..The.DHCP.ser
620e0	76 69 63 65 20 63 61 6e 20 73 65 72 76 65 20 6d 75 6c 74 69 70 6c 65 20 73 68 61 72 65 64 20 6e	vice.can.serve.multiple.shared.n
62100	65 74 77 6f 72 6b 73 2c 20 77 69 74 68 20 65 61 63 68 20 73 68 61 72 65 64 20 6e 65 74 77 6f 72	etworks,.with.each.shared.networ
62120	6b 20 68 61 76 69 6e 67 20 31 20 6f 72 20 6d 6f 72 65 20 73 75 62 6e 65 74 73 2e 20 45 61 63 68	k.having.1.or.more.subnets..Each
62140	20 73 75 62 6e 65 74 20 6d 75 73 74 20 62 65 20 70 72 65 73 65 6e 74 20 6f 6e 20 61 6e 20 69 6e	.subnet.must.be.present.on.an.in
62160	74 65 72 66 61 63 65 2e 20 41 20 72 61 6e 67 65 20 63 61 6e 20 62 65 20 64 65 63 6c 61 72 65 64	terface..A.range.can.be.declared
62180	20 69 6e 73 69 64 65 20 61 20 73 75 62 6e 65 74 20 74 6f 20 64 65 66 69 6e 65 20 61 20 70 6f 6f	.inside.a.subnet.to.define.a.poo
621a0	6c 20 6f 66 20 64 79 6e 61 6d 69 63 20 61 64 64 72 65 73 73 65 73 2e 20 4d 75 6c 74 69 70 6c 65	l.of.dynamic.addresses..Multiple
621c0	20 72 61 6e 67 65 73 20 63 61 6e 20 62 65 20 64 65 66 69 6e 65 64 20 61 6e 64 20 63 61 6e 20 63	.ranges.can.be.defined.and.can.c
621e0	6f 6e 74 61 69 6e 20 68 6f 6c 65 73 2e 20 53 74 61 74 69 63 20 6d 61 70 70 69 6e 67 73 20 63 61	ontain.holes..Static.mappings.ca
62200	6e 20 62 65 20 73 65 74 20 74 6f 20 61 73 73 69 67 6e 20 22 73 74 61 74 69 63 22 20 61 64 64 72	n.be.set.to.assign."static".addr
62220	65 73 73 65 73 20 74 6f 20 63 6c 69 65 6e 74 73 20 62 61 73 65 64 20 6f 6e 20 74 68 65 69 72 20	esses.to.clients.based.on.their.
62240	4d 41 43 20 61 64 64 72 65 73 73 2e 00 54 68 65 20 6e 65 78 74 20 65 78 61 6d 70 6c 65 20 69 73	MAC.address..The.next.example.is
62260	20 61 20 73 69 6d 70 6c 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 66 20 63 6f 6e 6e 74	.a.simple.configuration.of.connt
62280	72 61 63 6b 2d 73 79 6e 63 2e 00 54 68 65 20 6e 65 78 74 20 73 74 65 70 20 69 73 20 74 6f 20 63	rack-sync..The.next.step.is.to.c
622a0	6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 6c 6f 63 61 6c 20 73 69 64 65 20 61 73 20 77 65 6c 6c	onfigure.your.local.side.as.well
622c0	20 61 73 20 74 68 65 20 70 6f 6c 69 63 79 20 62 61 73 65 64 20 74 72 75 73 74 65 64 20 64 65 73	.as.the.policy.based.trusted.des
622e0	74 69 6e 61 74 69 6f 6e 20 61 64 64 72 65 73 73 65 73 2e 20 49 66 20 79 6f 75 20 6f 6e 6c 79 20	tination.addresses..If.you.only.
62300	69 6e 69 74 69 61 74 65 20 61 20 63 6f 6e 6e 65 63 74 69 6f 6e 2c 20 74 68 65 20 6c 69 73 74 65	initiate.a.connection,.the.liste
62320	6e 20 70 6f 72 74 20 61 6e 64 20 61 64 64 72 65 73 73 2f 70 6f 72 74 20 69 73 20 6f 70 74 69 6f	n.port.and.address/port.is.optio
62340	6e 61 6c 3b 20 68 6f 77 65 76 65 72 2c 20 69 66 20 79 6f 75 20 61 63 74 20 6c 69 6b 65 20 61 20	nal;.however,.if.you.act.like.a.
62360	73 65 72 76 65 72 20 61 6e 64 20 65 6e 64 70 6f 69 6e 74 73 20 69 6e 69 74 69 61 74 65 20 74 68	server.and.endpoints.initiate.th
62380	65 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 74 6f 20 79 6f 75 72 20 73 79 73 74 65 6d 2c 20 79 6f	e.connections.to.your.system,.yo
623a0	75 20 6e 65 65 64 20 74 6f 20 64 65 66 69 6e 65 20 61 20 70 6f 72 74 20 79 6f 75 72 20 63 6c 69	u.need.to.define.a.port.your.cli
623c0	65 6e 74 73 20 63 61 6e 20 63 6f 6e 6e 65 63 74 20 74 6f 2c 20 6f 74 68 65 72 77 69 73 65 20 74	ents.can.connect.to,.otherwise.t
623e0	68 65 20 70 6f 72 74 20 69 73 20 72 61 6e 64 6f 6d 6c 79 20 63 68 6f 73 65 6e 20 61 6e 64 20 6d	he.port.is.randomly.chosen.and.m
62400	61 79 20 6d 61 6b 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 64 69 66 66 69 63 75 6c 74 20 77 69 74	ay.make.connection.difficult.wit
62420	68 20 66 69 72 65 77 61 6c 6c 20 72 75 6c 65 73 2c 20 73 69 6e 63 65 20 74 68 65 20 70 6f 72 74	h.firewall.rules,.since.the.port
62440	20 6d 61 79 20 62 65 20 64 69 66 66 65 72 65 6e 74 20 65 61 63 68 20 74 69 6d 65 20 74 68 65 20	.may.be.different.each.time.the.
62460	73 79 73 74 65 6d 20 69 73 20 72 65 62 6f 6f 74 65 64 2e 00 54 68 65 20 6e 6f 74 65 64 20 70 75	system.is.rebooted..The.noted.pu
62480	62 6c 69 63 20 6b 65 79 73 20 73 68 6f 75 6c 64 20 62 65 20 65 6e 74 65 72 65 64 20 6f 6e 20 74	blic.keys.should.be.entered.on.t
624a0	68 65 20 6f 70 70 6f 73 69 74 65 20 72 6f 75 74 65 72 73 2e 00 54 68 65 20 6e 75 6d 62 65 72 20	he.opposite.routers..The.number.
624c0	6f 66 20 6d 69 6c 6c 69 73 65 63 6f 6e 64 73 20 74 6f 20 77 61 69 74 20 66 6f 72 20 61 20 72 65	of.milliseconds.to.wait.for.a.re
624e0	6d 6f 74 65 20 61 75 74 68 6f 72 69 74 61 74 69 76 65 20 73 65 72 76 65 72 20 74 6f 20 72 65 73	mote.authoritative.server.to.res
62500	70 6f 6e 64 20 62 65 66 6f 72 65 20 74 69 6d 69 6e 67 20 6f 75 74 20 61 6e 64 20 72 65 73 70 6f	pond.before.timing.out.and.respo
62520	6e 64 69 6e 67 20 77 69 74 68 20 53 45 52 56 46 41 49 4c 2e 00 54 68 65 20 6e 75 6d 62 65 72 20	nding.with.SERVFAIL..The.number.
62540	70 61 72 61 6d 65 74 65 72 20 28 31 2d 31 30 29 20 63 6f 6e 66 69 67 75 72 65 73 20 74 68 65 20	parameter.(1-10).configures.the.
62560	61 6d 6f 75 6e 74 20 6f 66 20 61 63 63 65 70 74 65 64 20 6f 63 63 75 72 65 6e 63 65 73 20 6f 66	amount.of.accepted.occurences.of
62580	20 74 68 65 20 73 79 73 74 65 6d 20 41 53 20 6e 75 6d 62 65 72 20 69 6e 20 41 53 20 70 61 74 68	.the.system.AS.number.in.AS.path
625a0	2e 00 54 68 65 20 6f 66 66 69 63 69 61 6c 20 70 6f 72 74 20 66 6f 72 20 4f 70 65 6e 56 50 4e 20	..The.official.port.for.OpenVPN.
625c0	69 73 20 31 31 39 34 2c 20 77 68 69 63 68 20 77 65 20 72 65 73 65 72 76 65 20 66 6f 72 20 63 6c	is.1194,.which.we.reserve.for.cl
625e0	69 65 6e 74 20 56 50 4e 3b 20 77 65 20 77 69 6c 6c 20 75 73 65 20 31 31 39 35 20 66 6f 72 20 73	ient.VPN;.we.will.use.1195.for.s
62600	69 74 65 2d 74 6f 2d 73 69 74 65 20 56 50 4e 2e 00 54 68 65 20 6f 70 74 69 6f 6e 61 6c 20 60 64	ite-to-site.VPN..The.optional.`d
62620	69 73 61 62 6c 65 60 20 6f 70 74 69 6f 6e 20 61 6c 6c 6f 77 73 20 74 6f 20 65 78 63 6c 75 64 65	isable`.option.allows.to.exclude
62640	20 69 6e 74 65 72 66 61 63 65 20 66 72 6f 6d 20 70 61 73 73 69 76 65 20 73 74 61 74 65 2e 20 54	.interface.from.passive.state..T
62660	68 69 73 20 63 6f 6d 6d 61 6e 64 20 69 73 20 75 73 65 64 20 69 66 20 74 68 65 20 63 6f 6d 6d 61	his.command.is.used.if.the.comma
62680	6e 64 20 3a 63 66 67 63 6d 64 3a 60 70 61 73 73 69 76 65 2d 69 6e 74 65 72 66 61 63 65 20 64 65	nd.:cfgcmd:`passive-interface.de
626a0	66 61 75 6c 74 60 20 77 61 73 20 63 6f 6e 66 69 67 75 72 65 64 2e 00 54 68 65 20 6f 70 74 69 6f	fault`.was.configured..The.optio
626c0	6e 61 6c 20 70 61 72 61 6d 65 74 65 72 20 72 65 67 69 73 74 65 72 20 73 70 65 63 69 66 69 65 73	nal.parameter.register.specifies
626e0	20 74 68 61 74 20 52 65 67 69 73 74 72 61 74 69 6f 6e 20 52 65 71 75 65 73 74 20 73 68 6f 75 6c	.that.Registration.Request.shoul
62700	64 20 62 65 20 73 65 6e 74 20 74 6f 20 74 68 69 73 20 70 65 65 72 20 6f 6e 20 73 74 61 72 74 75	d.be.sent.to.this.peer.on.startu
62720	70 2e 00 54 68 65 20 6f 72 69 67 69 6e 61 6c 20 38 30 32 2e 31 71 5f 20 73 70 65 63 69 66 69 63	p..The.original.802.1q_.specific
62740	61 74 69 6f 6e 20 61 6c 6c 6f 77 73 20 61 20 73 69 6e 67 6c 65 20 56 69 72 74 75 61 6c 20 4c 6f	ation.allows.a.single.Virtual.Lo
62760	63 61 6c 20 41 72 65 61 20 4e 65 74 77 6f 72 6b 20 28 56 4c 41 4e 29 20 68 65 61 64 65 72 20 74	cal.Area.Network.(VLAN).header.t
62780	6f 20 62 65 20 69 6e 73 65 72 74 65 64 20 69 6e 74 6f 20 61 6e 20 45 74 68 65 72 6e 65 74 20 66	o.be.inserted.into.an.Ethernet.f
627a0	72 61 6d 65 2e 20 51 69 6e 51 20 61 6c 6c 6f 77 73 20 6d 75 6c 74 69 70 6c 65 20 56 4c 41 4e 20	rame..QinQ.allows.multiple.VLAN.
627c0	74 61 67 73 20 74 6f 20 62 65 20 69 6e 73 65 72 74 65 64 20 69 6e 74 6f 20 61 20 73 69 6e 67 6c	tags.to.be.inserted.into.a.singl
627e0	65 20 66 72 61 6d 65 2c 20 61 6e 20 65 73 73 65 6e 74 69 61 6c 20 63 61 70 61 62 69 6c 69 74 79	e.frame,.an.essential.capability
62800	20 66 6f 72 20 69 6d 70 6c 65 6d 65 6e 74 69 6e 67 20 4d 65 74 72 6f 20 45 74 68 65 72 6e 65 74	.for.implementing.Metro.Ethernet
62820	20 6e 65 74 77 6f 72 6b 20 74 6f 70 6f 6c 6f 67 69 65 73 2e 20 4a 75 73 74 20 61 73 20 51 69 6e	.network.topologies..Just.as.Qin
62840	51 20 65 78 74 65 6e 64 73 20 38 30 32 2e 31 51 2c 20 51 69 6e 51 20 69 74 73 65 6c 66 20 69 73	Q.extends.802.1Q,.QinQ.itself.is
62860	20 65 78 74 65 6e 64 65 64 20 62 79 20 6f 74 68 65 72 20 4d 65 74 72 6f 20 45 74 68 65 72 6e 65	.extended.by.other.Metro.Etherne
62880	74 20 70 72 6f 74 6f 63 6f 6c 73 2e 00 54 68 65 20 6f 75 74 67 6f 69 6e 67 20 69 6e 74 65 72 66	t.protocols..The.outgoing.interf
628a0	61 63 65 20 74 6f 20 70 65 72 66 6f 72 6d 20 74 68 65 20 74 72 61 6e 73 6c 61 74 69 6f 6e 20 6f	ace.to.perform.the.translation.o
628c0	6e 00 54 68 65 20 70 65 65 72 20 6e 61 6d 65 20 6d 75 73 74 20 62 65 20 61 6e 20 61 6c 70 68 61	n.The.peer.name.must.be.an.alpha
628e0	6e 75 6d 65 72 69 63 20 61 6e 64 20 63 61 6e 20 68 61 76 65 20 68 79 70 65 6e 20 6f 72 20 75 6e	numeric.and.can.have.hypen.or.un
62900	64 65 72 73 63 6f 72 65 20 61 73 20 73 70 65 63 69 61 6c 20 63 68 61 72 61 63 74 65 72 73 2e 20	derscore.as.special.characters..
62920	49 74 20 69 73 20 70 75 72 65 6c 79 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 61 6c 2e 00 54 68 65 20	It.is.purely.informational..The.
62940	70 65 65 72 20 6e 61 6d 65 73 20 52 49 47 48 54 20 61 6e 64 20 4c 45 46 54 20 61 72 65 20 75 73	peer.names.RIGHT.and.LEFT.are.us
62960	65 64 20 61 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 61 6c 20 74 65 78 74 2e 00 54 68 65 20 70 65	ed.as.informational.text..The.pe
62980	65 72 20 77 69 74 68 20 6c 6f 77 65 72 20 70 72 69 6f 72 69 74 79 20 77 69 6c 6c 20 62 65 63 6f	er.with.lower.priority.will.beco
629a0	6d 65 20 74 68 65 20 6b 65 79 20 73 65 72 76 65 72 20 61 6e 64 20 73 74 61 72 74 20 64 69 73 74	me.the.key.server.and.start.dist
629c0	72 69 62 75 74 69 6e 67 20 53 41 4b 73 2e 00 54 68 65 20 70 69 6e 67 20 63 6f 6d 6d 61 6e 64 20	ributing.SAKs..The.ping.command.
629e0	69 73 20 75 73 65 64 20 74 6f 20 74 65 73 74 20 77 68 65 74 68 65 72 20 61 20 6e 65 74 77 6f 72	is.used.to.test.whether.a.networ
62a00	6b 20 68 6f 73 74 20 69 73 20 72 65 61 63 68 61 62 6c 65 20 6f 72 20 6e 6f 74 2e 00 54 68 65 20	k.host.is.reachable.or.not..The.
62a20	70 6f 70 75 6c 61 72 20 55 6e 69 78 2f 4c 69 6e 75 78 20 60 60 64 69 67 60 60 20 74 6f 6f 6c 20	popular.Unix/Linux.``dig``.tool.
62a40	73 65 74 73 20 74 68 65 20 41 44 2d 62 69 74 20 69 6e 20 74 68 65 20 71 75 65 72 79 2e 20 54 68	sets.the.AD-bit.in.the.query..Th
62a60	69 73 20 6d 69 67 68 74 20 6c 65 61 64 20 74 6f 20 75 6e 65 78 70 65 63 74 65 64 20 71 75 65 72	is.might.lead.to.unexpected.quer
62a80	79 20 72 65 73 75 6c 74 73 20 77 68 65 6e 20 74 65 73 74 69 6e 67 2e 20 53 65 74 20 60 60 2b 6e	y.results.when.testing..Set.``+n
62aa0	6f 61 64 60 60 20 6f 6e 20 74 68 65 20 60 60 64 69 67 60 60 20 63 6f 6d 6d 61 6e 64 20 6c 69 6e	oad``.on.the.``dig``.command.lin
62ac0	65 20 77 68 65 6e 20 74 68 69 73 20 69 73 20 74 68 65 20 63 61 73 65 2e 00 54 68 65 20 70 72 65	e.when.this.is.the.case..The.pre
62ae0	66 69 78 20 61 6e 64 20 41 53 4e 20 74 68 61 74 20 6f 72 69 67 69 6e 61 74 65 64 20 69 74 20 6d	fix.and.ASN.that.originated.it.m
62b00	61 74 63 68 20 61 20 73 69 67 6e 65 64 20 52 4f 41 2e 20 54 68 65 73 65 20 61 72 65 20 70 72 6f	atch.a.signed.ROA..These.are.pro
62b20	62 61 62 6c 79 20 74 72 75 73 74 77 6f 72 74 68 79 20 72 6f 75 74 65 20 61 6e 6e 6f 75 6e 63 65	bably.trustworthy.route.announce
62b40	6d 65 6e 74 73 2e 00 54 68 65 20 70 72 65 66 69 78 20 6f 72 20 70 72 65 66 69 78 20 6c 65 6e 67	ments..The.prefix.or.prefix.leng
62b60	74 68 20 61 6e 64 20 41 53 4e 20 74 68 61 74 20 6f 72 69 67 69 6e 61 74 65 64 20 69 74 20 64 6f	th.and.ASN.that.originated.it.do
62b80	65 73 6e 27 74 20 6d 61 74 63 68 20 61 6e 79 20 65 78 69 73 74 69 6e 67 20 52 4f 41 2e 20 54 68	esn't.match.any.existing.ROA..Th
62ba0	69 73 20 63 6f 75 6c 64 20 62 65 20 74 68 65 20 72 65 73 75 6c 74 20 6f 66 20 61 20 70 72 65 66	is.could.be.the.result.of.a.pref
62bc0	69 78 20 68 69 6a 61 63 6b 2c 20 6f 72 20 6d 65 72 65 6c 79 20 61 20 6d 69 73 63 6f 6e 66 69 67	ix.hijack,.or.merely.a.misconfig
62be0	75 72 61 74 69 6f 6e 2c 20 62 75 74 20 73 68 6f 75 6c 64 20 70 72 6f 62 61 62 6c 79 20 62 65 20	uration,.but.should.probably.be.
62c00	74 72 65 61 74 65 64 20 61 73 20 75 6e 74 72 75 73 74 77 6f 72 74 68 79 20 72 6f 75 74 65 20 61	treated.as.untrustworthy.route.a
62c20	6e 6e 6f 75 6e 63 65 6d 65 6e 74 73 2e 00 54 68 65 20 70 72 69 6d 61 72 79 20 44 48 43 50 20 73	nnouncements..The.primary.DHCP.s
62c40	65 72 76 65 72 20 75 73 65 73 20 61 64 64 72 65 73 73 20 60 31 39 32 2e 31 36 38 2e 31 38 39 2e	erver.uses.address.`192.168.189.
62c60	32 35 32 60 00 54 68 65 20 70 72 69 6d 61 72 79 20 61 6e 64 20 73 65 63 6f 6e 64 61 72 79 20 73	252`.The.primary.and.secondary.s
62c80	74 61 74 65 6d 65 6e 74 73 20 64 65 74 65 72 6d 69 6e 65 73 20 77 68 65 74 68 65 72 20 74 68 65	tatements.determines.whether.the
62ca0	20 73 65 72 76 65 72 20 69 73 20 70 72 69 6d 61 72 79 20 6f 72 20 73 65 63 6f 6e 64 61 72 79 2e	.server.is.primary.or.secondary.
62cc0	00 54 68 65 20 70 72 69 6d 61 72 79 20 6f 70 74 69 6f 6e 20 69 73 20 6f 6e 6c 79 20 76 61 6c 69	.The.primary.option.is.only.vali
62ce0	64 20 66 6f 72 20 61 63 74 69 76 65 2d 62 61 63 6b 75 70 2c 20 74 72 61 6e 73 6d 69 74 2d 6c 6f	d.for.active-backup,.transmit-lo
62d00	61 64 2d 62 61 6c 61 6e 63 65 2c 20 61 6e 64 20 61 64 61 70 74 69 76 65 2d 6c 6f 61 64 2d 62 61	ad-balance,.and.adaptive-load-ba
62d20	6c 61 6e 63 65 20 6d 6f 64 65 2e 00 54 68 65 20 70 72 69 6f 72 69 74 79 20 6d 75 73 74 20 62 65	lance.mode..The.priority.must.be
62d40	20 61 6e 20 69 6e 74 65 67 65 72 20 6e 75 6d 62 65 72 20 66 72 6f 6d 20 31 20 74 6f 20 32 35 35	.an.integer.number.from.1.to.255
62d60	2e 20 48 69 67 68 65 72 20 70 72 69 6f 72 69 74 79 20 76 61 6c 75 65 20 69 6e 63 72 65 61 73 65	..Higher.priority.value.increase
62d80	73 20 72 6f 75 74 65 72 27 73 20 70 72 65 63 65 64 65 6e 63 65 20 69 6e 20 74 68 65 20 6d 61 73	s.router's.precedence.in.the.mas
62da0	74 65 72 20 65 6c 65 63 74 69 6f 6e 73 2e 00 54 68 65 20 70 72 6f 63 65 64 75 72 65 20 74 6f 20	ter.elections..The.procedure.to.
62dc0	73 70 65 63 69 66 79 20 61 20 3a 61 62 62 72 3a 60 4e 49 53 2b 20 28 4e 65 74 77 6f 72 6b 20 49	specify.a.:abbr:`NIS+.(Network.I
62de0	6e 66 6f 72 6d 61 74 69 6f 6e 20 53 65 72 76 69 63 65 20 50 6c 75 73 29 60 20 64 6f 6d 61 69 6e	nformation.Service.Plus)`.domain
62e00	20 69 73 20 73 69 6d 69 6c 61 72 20 74 6f 20 74 68 65 20 4e 49 53 20 64 6f 6d 61 69 6e 20 6f 6e	.is.similar.to.the.NIS.domain.on
62e20	65 3a 00 54 68 65 20 70 72 6f 6d 70 74 20 69 73 20 61 64 6a 75 73 74 65 64 20 74 6f 20 72 65 66	e:.The.prompt.is.adjusted.to.ref
62e40	6c 65 63 74 20 74 68 69 73 20 63 68 61 6e 67 65 20 69 6e 20 62 6f 74 68 20 63 6f 6e 66 69 67 20	lect.this.change.in.both.config.
62e60	61 6e 64 20 6f 70 2d 6d 6f 64 65 2e 00 54 68 65 20 70 72 6f 74 6f 63 6f 6c 20 61 6e 64 20 70 6f	and.op-mode..The.protocol.and.po
62e80	72 74 20 77 65 20 77 69 73 68 20 74 6f 20 66 6f 72 77 61 72 64 3b 00 54 68 65 20 70 72 6f 74 6f	rt.we.wish.to.forward;.The.proto
62ea0	63 6f 6c 20 69 73 20 75 73 75 61 6c 6c 79 20 64 65 73 63 72 69 62 65 64 20 69 6e 20 74 65 72 6d	col.is.usually.described.in.term
62ec0	73 20 6f 66 20 61 20 63 6c 69 65 6e 74 2d 73 65 72 76 65 72 20 6d 6f 64 65 6c 2c 20 62 75 74 20	s.of.a.client-server.model,.but.
62ee0	63 61 6e 20 61 73 20 65 61 73 69 6c 79 20 62 65 20 75 73 65 64 20 69 6e 20 70 65 65 72 2d 74 6f	can.as.easily.be.used.in.peer-to
62f00	2d 70 65 65 72 20 72 65 6c 61 74 69 6f 6e 73 68 69 70 73 20 77 68 65 72 65 20 62 6f 74 68 20 70	-peer.relationships.where.both.p
62f20	65 65 72 73 20 63 6f 6e 73 69 64 65 72 20 74 68 65 20 6f 74 68 65 72 20 74 6f 20 62 65 20 61 20	eers.consider.the.other.to.be.a.
62f40	70 6f 74 65 6e 74 69 61 6c 20 74 69 6d 65 20 73 6f 75 72 63 65 2e 20 49 6d 70 6c 65 6d 65 6e 74	potential.time.source..Implement
62f60	61 74 69 6f 6e 73 20 73 65 6e 64 20 61 6e 64 20 72 65 63 65 69 76 65 20 74 69 6d 65 73 74 61 6d	ations.send.and.receive.timestam
62f80	70 73 20 75 73 69 6e 67 20 3a 61 62 62 72 3a 60 55 44 50 20 28 55 73 65 72 20 44 61 74 61 67 72	ps.using.:abbr:`UDP.(User.Datagr
62fa0	61 6d 20 50 72 6f 74 6f 63 6f 6c 29 60 20 6f 6e 20 70 6f 72 74 20 6e 75 6d 62 65 72 20 31 32 33	am.Protocol)`.on.port.number.123
62fc0	2e 00 54 68 65 20 70 72 6f 74 6f 63 6f 6c 20 6f 76 65 72 68 65 61 64 20 6f 66 20 4c 32 54 50 76	..The.protocol.overhead.of.L2TPv
62fe0	33 20 69 73 20 61 6c 73 6f 20 73 69 67 6e 69 66 69 63 61 6e 74 6c 79 20 62 69 67 67 65 72 20 74	3.is.also.significantly.bigger.t
63000	68 61 6e 20 4d 50 4c 53 2e 00 54 68 65 20 70 72 6f 78 79 20 73 65 72 76 69 63 65 20 69 6e 20 56	han.MPLS..The.proxy.service.in.V
63020	79 4f 53 20 69 73 20 62 61 73 65 64 20 6f 6e 20 53 71 75 69 64 5f 20 61 6e 64 20 73 6f 6d 65 20	yOS.is.based.on.Squid_.and.some.
63040	72 65 6c 61 74 65 64 20 6d 6f 64 75 6c 65 73 2e 00 54 68 65 20 70 75 62 6c 69 63 20 49 50 20 61	related.modules..The.public.IP.a
63060	64 64 72 65 73 73 20 6f 66 20 74 68 65 20 6c 6f 63 61 6c 20 73 69 64 65 20 6f 66 20 74 68 65 20	ddress.of.the.local.side.of.the.
63080	56 50 4e 20 77 69 6c 6c 20 62 65 20 31 39 38 2e 35 31 2e 31 30 30 2e 31 30 2e 00 54 68 65 20 70	VPN.will.be.198.51.100.10..The.p
630a0	75 62 6c 69 63 20 49 50 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 72 65 6d 6f 74 65 20 73	ublic.IP.address.of.the.remote.s
630c0	69 64 65 20 6f 66 20 74 68 65 20 56 50 4e 20 77 69 6c 6c 20 62 65 20 32 30 33 2e 30 2e 31 31 33	ide.of.the.VPN.will.be.203.0.113
630e0	2e 31 31 2e 00 54 68 65 20 72 61 74 65 2d 6c 69 6d 69 74 20 69 73 20 73 65 74 20 69 6e 20 6b 62	.11..The.rate-limit.is.set.in.kb
63100	69 74 2f 73 65 63 2e 00 54 68 65 20 72 65 67 75 6c 61 72 20 65 78 70 72 65 73 73 69 6f 6e 20 6d	it/sec..The.regular.expression.m
63120	61 74 63 68 65 73 20 69 66 20 61 6e 64 20 6f 6e 6c 79 20 69 66 20 74 68 65 20 65 6e 74 69 72 65	atches.if.and.only.if.the.entire
63140	20 73 74 72 69 6e 67 20 6d 61 74 63 68 65 73 20 74 68 65 20 70 61 74 74 65 72 6e 2e 00 54 68 65	.string.matches.the.pattern..The
63160	20 72 65 6d 6f 74 65 20 70 65 65 72 20 60 74 6f 2d 77 67 30 32 60 20 75 73 65 73 20 58 4d 72 6c	.remote.peer.`to-wg02`.uses.XMrl
63180	50 79 6b 61 78 68 64 41 41 69 53 6a 68 74 50 6c 76 69 33 30 4e 56 6b 76 4c 51 6c 69 51 75 4b 50	PykaxhdAAiSjhtPlvi30NVkvLQliQuKP
631a0	37 41 49 37 43 79 49 3d 20 61 73 20 69 74 73 20 70 75 62 6c 69 63 20 6b 65 79 20 70 6f 72 74 69	7AI7CyI=.as.its.public.key.porti
631c0	6f 6e 00 54 68 65 20 72 65 6d 6f 74 65 20 73 69 74 65 20 77 69 6c 6c 20 68 61 76 65 20 61 20 73	on.The.remote.site.will.have.a.s
631e0	75 62 6e 65 74 20 6f 66 20 31 30 2e 31 2e 30 2e 30 2f 31 36 2e 00 54 68 65 20 72 65 6d 6f 74 65	ubnet.of.10.1.0.0/16..The.remote
63200	20 75 73 65 72 20 77 69 6c 6c 20 75 73 65 20 74 68 65 20 6f 70 65 6e 63 6f 6e 6e 65 63 74 20 63	.user.will.use.the.openconnect.c
63220	6c 69 65 6e 74 20 74 6f 20 63 6f 6e 6e 65 63 74 20 74 6f 20 74 68 65 20 72 6f 75 74 65 72 20 61	lient.to.connect.to.the.router.a
63240	6e 64 20 77 69 6c 6c 20 72 65 63 65 69 76 65 20 61 6e 20 49 50 20 61 64 64 72 65 73 73 20 66 72	nd.will.receive.an.IP.address.fr
63260	6f 6d 20 61 20 56 50 4e 20 70 6f 6f 6c 2c 20 61 6c 6c 6f 77 69 6e 67 20 66 75 6c 6c 20 61 63 63	om.a.VPN.pool,.allowing.full.acc
63280	65 73 73 20 74 6f 20 74 68 65 20 6e 65 74 77 6f 72 6b 2e 00 54 68 65 20 72 65 71 75 69 72 65 64	ess.to.the.network..The.required
632a0	20 63 6f 6e 66 69 67 20 66 69 6c 65 20 6d 61 79 20 6c 6f 6f 6b 20 6c 69 6b 65 20 74 68 69 73 3a	.config.file.may.look.like.this:
632c0	00 54 68 65 20 72 65 71 75 69 72 65 64 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 63 61 6e 20	.The.required.configuration.can.
632e0	62 65 20 62 72 6f 6b 65 6e 20 64 6f 77 6e 20 69 6e 74 6f 20 34 20 6d 61 6a 6f 72 20 70 69 65 63	be.broken.down.into.4.major.piec
63300	65 73 3a 00 54 68 65 20 72 65 73 75 6c 74 69 6e 67 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20	es:.The.resulting.configuration.
63320	77 69 6c 6c 20 6c 6f 6f 6b 20 6c 69 6b 65 3a 00 54 68 65 20 72 6f 6f 74 20 63 61 75 73 65 20 6f	will.look.like:.The.root.cause.o
63340	66 20 74 68 65 20 70 72 6f 62 6c 65 6d 20 69 73 20 74 68 61 74 20 66 6f 72 20 56 54 49 20 74 75	f.the.problem.is.that.for.VTI.tu
63360	6e 6e 65 6c 73 20 74 6f 20 77 6f 72 6b 2c 20 74 68 65 69 72 20 74 72 61 66 66 69 63 20 73 65 6c	nnels.to.work,.their.traffic.sel
63380	65 63 74 6f 72 73 20 68 61 76 65 20 74 6f 20 62 65 20 73 65 74 20 74 6f 20 30 2e 30 2e 30 2e 30	ectors.have.to.be.set.to.0.0.0.0
633a0	2f 30 20 66 6f 72 20 74 72 61 66 66 69 63 20 74 6f 20 6d 61 74 63 68 20 74 68 65 20 74 75 6e 6e	/0.for.traffic.to.match.the.tunn
633c0	65 6c 2c 20 65 76 65 6e 20 74 68 6f 75 67 68 20 61 63 74 75 61 6c 20 72 6f 75 74 69 6e 67 20 64	el,.even.though.actual.routing.d
633e0	65 63 69 73 69 6f 6e 20 69 73 20 6d 61 64 65 20 61 63 63 6f 72 64 69 6e 67 20 74 6f 20 6e 65 74	ecision.is.made.according.to.net
63400	66 69 6c 74 65 72 20 6d 61 72 6b 73 2e 20 55 6e 6c 65 73 73 20 72 6f 75 74 65 20 69 6e 73 65 72	filter.marks..Unless.route.inser
63420	74 69 6f 6e 20 69 73 20 64 69 73 61 62 6c 65 64 20 65 6e 74 69 72 65 6c 79 2c 20 53 74 72 6f 6e	tion.is.disabled.entirely,.Stron
63440	67 53 57 41 4e 20 74 68 75 73 20 6d 69 73 74 61 6b 65 6e 6c 79 20 69 6e 73 65 72 74 73 20 61 20	gSWAN.thus.mistakenly.inserts.a.
63460	64 65 66 61 75 6c 74 20 72 6f 75 74 65 20 74 68 72 6f 75 67 68 20 74 68 65 20 56 54 49 20 70 65	default.route.through.the.VTI.pe
63480	65 72 20 61 64 64 72 65 73 73 2c 20 77 68 69 63 68 20 6d 61 6b 65 73 20 61 6c 6c 20 74 72 61 66	er.address,.which.makes.all.traf
634a0	66 69 63 20 72 6f 75 74 65 64 20 74 6f 20 6e 6f 77 68 65 72 65 2e 00 54 68 65 20 72 6f 75 6e 64	fic.routed.to.nowhere..The.round
634c0	2d 72 6f 62 69 6e 20 70 6f 6c 69 63 79 20 69 73 20 61 20 63 6c 61 73 73 66 75 6c 20 73 63 68 65	-robin.policy.is.a.classful.sche
634e0	64 75 6c 65 72 20 74 68 61 74 20 64 69 76 69 64 65 73 20 74 72 61 66 66 69 63 20 69 6e 20 64 69	duler.that.divides.traffic.in.di
63500	66 66 65 72 65 6e 74 20 63 6c 61 73 73 65 73 5f 20 79 6f 75 20 63 61 6e 20 63 6f 6e 66 69 67 75	fferent.classes_.you.can.configu
63520	72 65 20 28 75 70 20 74 6f 20 34 30 39 36 29 2e 20 59 6f 75 20 63 61 6e 20 65 6d 62 65 64 5f 20	re.(up.to.4096)..You.can.embed_.
63540	61 20 6e 65 77 20 70 6f 6c 69 63 79 20 69 6e 74 6f 20 65 61 63 68 20 6f 66 20 74 68 6f 73 65 20	a.new.policy.into.each.of.those.
63560	63 6c 61 73 73 65 73 20 28 64 65 66 61 75 6c 74 20 69 6e 63 6c 75 64 65 64 29 2e 00 54 68 65 20	classes.(default.included)..The.
63580	72 6f 75 74 65 20 73 65 6c 65 63 74 69 6f 6e 20 70 72 6f 63 65 73 73 20 75 73 65 64 20 62 79 20	route.selection.process.used.by.
635a0	46 52 52 27 73 20 42 47 50 20 69 6d 70 6c 65 6d 65 6e 74 61 74 69 6f 6e 20 75 73 65 73 20 74 68	FRR's.BGP.implementation.uses.th
635c0	65 20 66 6f 6c 6c 6f 77 69 6e 67 20 64 65 63 69 73 69 6f 6e 20 63 72 69 74 65 72 69 6f 6e 2c 20	e.following.decision.criterion,.
635e0	73 74 61 72 74 69 6e 67 20 61 74 20 74 68 65 20 74 6f 70 20 6f 66 20 74 68 65 20 6c 69 73 74 20	starting.at.the.top.of.the.list.
63600	61 6e 64 20 67 6f 69 6e 67 20 74 6f 77 61 72 64 73 20 74 68 65 20 62 6f 74 74 6f 6d 20 75 6e 74	and.going.towards.the.bottom.unt
63620	69 6c 20 6f 6e 65 20 6f 66 20 74 68 65 20 66 61 63 74 6f 72 73 20 63 61 6e 20 62 65 20 75 73 65	il.one.of.the.factors.can.be.use
63640	64 2e 00 54 68 65 20 72 6f 75 74 65 20 77 69 74 68 20 74 68 65 20 73 68 6f 72 74 65 73 74 20 63	d..The.route.with.the.shortest.c
63660	6c 75 73 74 65 72 2d 6c 69 73 74 20 6c 65 6e 67 74 68 20 69 73 20 75 73 65 64 2e 20 54 68 65 20	luster-list.length.is.used..The.
63680	63 6c 75 73 74 65 72 2d 6c 69 73 74 20 72 65 66 6c 65 63 74 73 20 74 68 65 20 69 42 47 50 20 72	cluster-list.reflects.the.iBGP.r
636a0	65 66 6c 65 63 74 69 6f 6e 20 70 61 74 68 20 74 68 65 20 72 6f 75 74 65 20 68 61 73 20 74 61 6b	eflection.path.the.route.has.tak
636c0	65 6e 2e 00 54 68 65 20 72 6f 75 74 65 72 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 75 70 64	en..The.router.automatically.upd
636e0	61 74 65 73 20 6c 69 6e 6b 2d 73 74 61 74 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 77 69 74 68	ates.link-state.information.with
63700	20 69 74 73 20 6e 65 69 67 68 62 6f 72 73 2e 20 4f 6e 6c 79 20 61 6e 20 6f 62 73 6f 6c 65 74 65	.its.neighbors..Only.an.obsolete
63720	20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 69 73 20 75 70 64 61 74 65 64 20 77 68 69 63 68 20 61 67	.information.is.updated.which.ag
63740	65 20 68 61 73 20 65 78 63 65 65 64 65 64 20 61 20 73 70 65 63 69 66 69 63 20 74 68 72 65 73 68	e.has.exceeded.a.specific.thresh
63760	6f 6c 64 2e 20 54 68 69 73 20 70 61 72 61 6d 65 74 65 72 20 63 68 61 6e 67 65 73 20 61 20 74 68	old..This.parameter.changes.a.th
63780	72 65 73 68 6f 6c 64 20 76 61 6c 75 65 2c 20 77 68 69 63 68 20 62 79 20 64 65 66 61 75 6c 74 20	reshold.value,.which.by.default.
637a0	69 73 20 31 38 30 30 20 73 65 63 6f 6e 64 73 20 28 68 61 6c 66 20 61 6e 20 68 6f 75 72 29 2e 20	is.1800.seconds.(half.an.hour)..
637c0	54 68 65 20 76 61 6c 75 65 20 69 73 20 61 70 70 6c 69 65 64 20 74 6f 20 74 68 65 20 77 68 6f 6c	The.value.is.applied.to.the.whol
637e0	65 20 4f 53 50 46 20 72 6f 75 74 65 72 2e 20 54 68 65 20 74 69 6d 65 72 20 72 61 6e 67 65 20 69	e.OSPF.router..The.timer.range.i
63800	73 20 31 30 20 74 6f 20 31 38 30 30 2e 00 54 68 65 20 72 6f 75 74 65 72 20 73 68 6f 75 6c 64 20	s.10.to.1800..The.router.should.
63820	64 69 73 63 61 72 64 20 44 48 43 50 20 70 61 63 6b 61 67 65 73 20 61 6c 72 65 61 64 79 20 63 6f	discard.DHCP.packages.already.co
63840	6e 74 61 69 6e 69 6e 67 20 72 65 6c 61 79 20 61 67 65 6e 74 20 69 6e 66 6f 72 6d 61 74 69 6f 6e	ntaining.relay.agent.information
63860	20 74 6f 20 65 6e 73 75 72 65 20 74 68 61 74 20 6f 6e 6c 79 20 72 65 71 75 65 73 74 73 20 66 72	.to.ensure.that.only.requests.fr
63880	6f 6d 20 44 48 43 50 20 63 6c 69 65 6e 74 73 20 61 72 65 20 66 6f 72 77 61 72 64 65 64 2e 00 54	om.DHCP.clients.are.forwarded..T
638a0	68 65 20 73 46 6c 6f 77 20 61 63 63 6f 75 6e 74 69 6e 67 20 62 61 73 65 64 20 6f 6e 20 68 73 66	he.sFlow.accounting.based.on.hsf
638c0	6c 6f 77 64 20 68 74 74 70 73 3a 2f 2f 73 66 6c 6f 77 2e 6e 65 74 2f 00 54 68 65 20 73 61 6d 65	lowd.https://sflow.net/.The.same
638e0	20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 73 20 61 70 70 6c 79 20 77 68 65	.configuration.options.apply.whe
63900	6e 20 49 64 65 6e 74 69 74 79 20 62 61 73 65 64 20 63 6f 6e 66 69 67 20 69 73 20 63 6f 6e 66 69	n.Identity.based.config.is.confi
63920	67 75 72 65 64 20 69 6e 20 67 72 6f 75 70 20 6d 6f 64 65 20 65 78 63 65 70 74 20 74 68 61 74 20	gured.in.group.mode.except.that.
63940	67 72 6f 75 70 20 6d 6f 64 65 20 63 61 6e 20 6f 6e 6c 79 20 62 65 20 75 73 65 64 20 77 69 74 68	group.mode.can.only.be.used.with
63960	20 52 41 44 49 55 53 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 2e 00 54 68 65 20 73 63 68 65	.RADIUS.authentication..The.sche
63980	6d 65 20 61 62 6f 76 65 20 64 6f 65 73 6e 27 74 20 77 6f 72 6b 20 77 68 65 6e 20 6f 6e 65 20 6f	me.above.doesn't.work.when.one.o
639a0	66 20 74 68 65 20 72 6f 75 74 65 72 73 20 68 61 73 20 61 20 64 79 6e 61 6d 69 63 20 65 78 74 65	f.the.routers.has.a.dynamic.exte
639c0	72 6e 61 6c 20 61 64 64 72 65 73 73 20 74 68 6f 75 67 68 2e 20 54 68 65 20 63 6c 61 73 73 69 63	rnal.address.though..The.classic
639e0	20 77 6f 72 6b 61 72 6f 75 6e 64 20 66 6f 72 20 74 68 69 73 20 69 73 20 74 6f 20 73 65 74 75 70	.workaround.for.this.is.to.setup
63a00	20 61 6e 20 61 64 64 72 65 73 73 20 6f 6e 20 61 20 6c 6f 6f 70 62 61 63 6b 20 69 6e 74 65 72 66	.an.address.on.a.loopback.interf
63a20	61 63 65 20 61 6e 64 20 75 73 65 20 69 74 20 61 73 20 61 20 73 6f 75 72 63 65 20 61 64 64 72 65	ace.and.use.it.as.a.source.addre
63a40	73 73 20 66 6f 72 20 74 68 65 20 47 52 45 20 74 75 6e 6e 65 6c 2c 20 74 68 65 6e 20 73 65 74 75	ss.for.the.GRE.tunnel,.then.setu
63a60	70 20 61 6e 20 49 50 73 65 63 20 70 6f 6c 69 63 79 20 74 6f 20 6d 61 74 63 68 20 74 68 6f 73 65	p.an.IPsec.policy.to.match.those
63a80	20 6c 6f 6f 70 62 61 63 6b 20 61 64 64 72 65 73 73 65 73 2e 00 54 68 65 20 73 65 61 72 63 68 20	.loopback.addresses..The.search.
63aa0	66 69 6c 74 65 72 20 63 61 6e 20 63 6f 6e 74 61 69 6e 20 75 70 20 74 6f 20 31 35 20 6f 63 63 75	filter.can.contain.up.to.15.occu
63ac0	72 72 65 6e 63 65 73 20 6f 66 20 25 73 20 77 68 69 63 68 20 77 69 6c 6c 20 62 65 20 72 65 70 6c	rrences.of.%s.which.will.be.repl
63ae0	61 63 65 64 20 62 79 20 74 68 65 20 75 73 65 72 6e 61 6d 65 2c 20 61 73 20 69 6e 20 22 75 69 64	aced.by.the.username,.as.in."uid
63b00	3d 25 73 22 20 66 6f 72 20 3a 72 66 63 3a 60 32 30 33 37 60 20 64 69 72 65 63 74 6f 72 69 65 73	=%s".for.:rfc:`2037`.directories
63b20	2e 20 46 6f 72 20 61 20 64 65 74 61 69 6c 65 64 20 64 65 73 63 72 69 70 74 69 6f 6e 20 6f 66 20	..For.a.detailed.description.of.
63b40	4c 44 41 50 20 73 65 61 72 63 68 20 66 69 6c 74 65 72 20 73 79 6e 74 61 78 20 73 65 65 20 3a 72	LDAP.search.filter.syntax.see.:r
63b60	66 63 3a 60 32 32 35 34 60 2e 00 54 68 65 20 73 65 63 6f 6e 64 61 72 79 20 44 48 43 50 20 73 65	fc:`2254`..The.secondary.DHCP.se
63b80	72 76 65 72 20 75 73 65 73 20 61 64 64 72 65 73 73 20 60 31 39 32 2e 31 36 38 2e 31 38 39 2e 32	rver.uses.address.`192.168.189.2
63ba0	35 33 60 00 54 68 65 20 73 65 63 75 72 69 74 79 20 61 70 70 72 6f 61 63 68 20 69 6e 20 53 4e 4d	53`.The.security.approach.in.SNM
63bc0	50 76 33 20 74 61 72 67 65 74 73 3a 00 54 68 65 20 73 65 71 75 65 6e 63 65 20 60 60 5e 45 63 3f	Pv3.targets:.The.sequence.``^Ec?
63be0	60 60 20 74 72 61 6e 73 6c 61 74 65 73 20 74 6f 3a 20 60 60 43 74 72 6c 2b 45 20 63 20 3f 60 60	``.translates.to:.``Ctrl+E.c.?``
63c00	2e 20 54 6f 20 71 75 69 74 20 74 68 65 20 73 65 73 73 69 6f 6e 20 75 73 65 3a 20 60 60 43 74 72	..To.quit.the.session.use:.``Ctr
63c20	6c 2b 45 20 63 20 2e 60 60 00 54 68 65 20 73 65 74 75 70 20 69 73 20 74 68 69 73 3a 20 4c 65 61	l+E.c..``.The.setup.is.this:.Lea
63c40	66 32 20 2d 20 53 70 69 6e 65 31 20 2d 20 4c 65 61 66 33 00 54 68 65 20 73 69 7a 65 20 6f 66 20	f2.-.Spine1.-.Leaf3.The.size.of.
63c60	74 68 65 20 6f 6e 2d 64 69 73 6b 20 50 72 6f 78 79 20 63 61 63 68 65 20 69 73 20 75 73 65 72 20	the.on-disk.Proxy.cache.is.user.
63c80	63 6f 6e 66 69 67 75 72 61 62 6c 65 2e 20 54 68 65 20 50 72 6f 78 69 65 73 20 64 65 66 61 75 6c	configurable..The.Proxies.defaul
63ca0	74 20 63 61 63 68 65 2d 73 69 7a 65 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 74 6f 20 31 30	t.cache-size.is.configured.to.10
63cc0	30 20 4d 42 2e 00 54 68 65 20 73 70 65 65 64 20 28 62 61 75 64 72 61 74 65 29 20 6f 66 20 74 68	0.MB..The.speed.(baudrate).of.th
63ce0	65 20 63 6f 6e 73 6f 6c 65 20 64 65 76 69 63 65 2e 20 53 75 70 70 6f 72 74 65 64 20 76 61 6c 75	e.console.device..Supported.valu
63d00	65 73 20 61 72 65 3a 00 54 68 65 20 73 74 61 6e 64 61 72 64 20 77 61 73 20 64 65 76 65 6c 6f 70	es.are:.The.standard.was.develop
63d20	65 64 20 62 79 20 49 45 45 45 20 38 30 32 2e 31 2c 20 61 20 77 6f 72 6b 69 6e 67 20 67 72 6f 75	ed.by.IEEE.802.1,.a.working.grou
63d40	70 20 6f 66 20 74 68 65 20 49 45 45 45 20 38 30 32 20 73 74 61 6e 64 61 72 64 73 20 63 6f 6d 6d	p.of.the.IEEE.802.standards.comm
63d60	69 74 74 65 65 2c 20 61 6e 64 20 63 6f 6e 74 69 6e 75 65 73 20 74 6f 20 62 65 20 61 63 74 69 76	ittee,.and.continues.to.be.activ
63d80	65 6c 79 20 72 65 76 69 73 65 64 2e 20 4f 6e 65 20 6f 66 20 74 68 65 20 6e 6f 74 61 62 6c 65 20	ely.revised..One.of.the.notable.
63da0	72 65 76 69 73 69 6f 6e 73 20 69 73 20 38 30 32 2e 31 51 2d 32 30 31 34 20 77 68 69 63 68 20 69	revisions.is.802.1Q-2014.which.i
63dc0	6e 63 6f 72 70 6f 72 61 74 65 64 20 49 45 45 45 20 38 30 32 2e 31 61 71 20 28 53 68 6f 72 74 65	ncorporated.IEEE.802.1aq.(Shorte
63de0	73 74 20 50 61 74 68 20 42 72 69 64 67 69 6e 67 29 20 61 6e 64 20 6d 75 63 68 20 6f 66 20 74 68	st.Path.Bridging).and.much.of.th
63e00	65 20 49 45 45 45 20 38 30 32 2e 31 64 20 73 74 61 6e 64 61 72 64 2e 00 54 68 65 20 73 79 73 74	e.IEEE.802.1d.standard..The.syst
63e20	65 6d 20 4c 43 44 20 3a 61 62 62 72 3a 60 4c 43 44 20 28 4c 69 71 75 69 64 2d 63 72 79 73 74 61	em.LCD.:abbr:`LCD.(Liquid-crysta
63e40	6c 20 64 69 73 70 6c 61 79 29 60 20 6f 70 74 69 6f 6e 20 69 73 20 66 6f 72 20 75 73 65 72 73 20	l.display)`.option.is.for.users.
63e60	72 75 6e 6e 69 6e 67 20 56 79 4f 53 20 6f 6e 20 68 61 72 64 77 61 72 65 20 74 68 61 74 20 66 65	running.VyOS.on.hardware.that.fe
63e80	61 74 75 72 65 73 20 61 6e 20 4c 43 44 20 64 69 73 70 6c 61 79 2e 20 54 68 69 73 20 69 73 20 74	atures.an.LCD.display..This.is.t
63ea0	79 70 69 63 61 6c 6c 79 20 61 20 73 6d 61 6c 6c 20 64 69 73 70 6c 61 79 20 62 75 69 6c 74 20 69	ypically.a.small.display.built.i
63ec0	6e 20 61 6e 20 31 39 20 69 6e 63 68 20 72 61 63 6b 2d 6d 6f 75 6e 74 61 62 6c 65 20 61 70 70 6c	n.an.19.inch.rack-mountable.appl
63ee0	69 61 6e 63 65 2e 20 54 68 6f 73 65 20 64 69 73 70 6c 61 79 73 20 61 72 65 20 75 73 65 64 20 74	iance..Those.displays.are.used.t
63f00	6f 20 73 68 6f 77 20 72 75 6e 74 69 6d 65 20 64 61 74 61 2e 00 54 68 65 20 73 79 73 74 65 6d 20	o.show.runtime.data..The.system.
63f20	69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 74 6f 20 61 74 74 65 6d 70 74 20 64 6f 6d 61 69 6e 20	is.configured.to.attempt.domain.
63f40	63 6f 6d 70 6c 65 74 69 6f 6e 20 69 6e 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 6f 72 64 65	completion.in.the.following.orde
63f60	72 3a 20 76 79 6f 73 2e 69 6f 20 28 66 69 72 73 74 29 2c 20 76 79 6f 73 2e 6e 65 74 20 28 73 65	r:.vyos.io.(first),.vyos.net.(se
63f80	63 6f 6e 64 29 20 61 6e 64 20 76 79 6f 73 2e 6e 65 74 77 6f 72 6b 20 28 6c 61 73 74 29 3a 00 54	cond).and.vyos.network.(last):.T
63fa0	68 65 20 74 61 62 6c 65 20 63 6f 6e 73 69 73 74 73 20 6f 66 20 66 6f 6c 6c 6f 77 69 6e 67 20 64	he.table.consists.of.following.d
63fc0	61 74 61 3a 00 54 68 65 20 74 61 73 6b 20 73 63 68 65 64 75 6c 65 72 20 61 6c 6c 6f 77 73 20 79	ata:.The.task.scheduler.allows.y
63fe0	6f 75 20 74 6f 20 65 78 65 63 75 74 65 20 74 61 73 6b 73 20 6f 6e 20 61 20 67 69 76 65 6e 20 73	ou.to.execute.tasks.on.a.given.s
64000	63 68 65 64 75 6c 65 2e 20 49 74 20 6d 61 6b 65 73 20 75 73 65 20 6f 66 20 55 4e 49 58 20 63 72	chedule..It.makes.use.of.UNIX.cr
64020	6f 6e 5f 2e 00 54 68 65 20 74 72 61 6e 73 6c 61 74 69 6f 6e 20 61 64 64 72 65 73 73 20 6d 75 73	on_..The.translation.address.mus
64040	74 20 62 65 20 73 65 74 20 74 6f 20 6f 6e 65 20 6f 66 20 74 68 65 20 61 76 61 69 6c 61 62 6c 65	t.be.set.to.one.of.the.available
64060	20 61 64 64 72 65 73 73 65 73 20 6f 6e 20 74 68 65 20 63 6f 6e 66 69 67 75 72 65 64 20 60 6f 75	.addresses.on.the.configured.`ou
64080	74 62 6f 75 6e 64 2d 69 6e 74 65 72 66 61 63 65 60 20 6f 72 20 69 74 20 6d 75 73 74 20 62 65 20	tbound-interface`.or.it.must.be.
640a0	73 65 74 20 74 6f 20 60 6d 61 73 71 75 65 72 61 64 65 60 20 77 68 69 63 68 20 77 69 6c 6c 20 75	set.to.`masquerade`.which.will.u
640c0	73 65 20 74 68 65 20 70 72 69 6d 61 72 79 20 49 50 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65	se.the.primary.IP.address.of.the
640e0	20 60 6f 75 74 62 6f 75 6e 64 2d 69 6e 74 65 72 66 61 63 65 60 20 61 73 20 69 74 73 20 74 72 61	.`outbound-interface`.as.its.tra
64100	6e 73 6c 61 74 69 6f 6e 20 61 64 64 72 65 73 73 2e 00 54 68 65 20 74 75 6e 6e 65 6c 20 77 69 6c	nslation.address..The.tunnel.wil
64120	6c 20 75 73 65 20 31 30 2e 32 35 35 2e 31 2e 31 20 66 6f 72 20 74 68 65 20 6c 6f 63 61 6c 20 49	l.use.10.255.1.1.for.the.local.I
64140	50 20 61 6e 64 20 31 30 2e 32 35 35 2e 31 2e 32 20 66 6f 72 20 74 68 65 20 72 65 6d 6f 74 65 2e	P.and.10.255.1.2.for.the.remote.
64160	00 54 68 65 20 74 79 70 65 20 63 61 6e 20 62 65 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 3a 20	.The.type.can.be.the.following:.
64180	61 73 62 72 2d 73 75 6d 6d 61 72 79 2c 20 65 78 74 65 72 6e 61 6c 2c 20 6e 65 74 77 6f 72 6b 2c	asbr-summary,.external,.network,
641a0	20 6e 73 73 61 2d 65 78 74 65 72 6e 61 6c 2c 20 6f 70 61 71 75 65 2d 61 72 65 61 2c 20 6f 70 61	.nssa-external,.opaque-area,.opa
641c0	71 75 65 2d 61 73 2c 20 6f 70 61 71 75 65 2d 6c 69 6e 6b 2c 20 72 6f 75 74 65 72 2c 20 73 75 6d	que-as,.opaque-link,.router,.sum
641e0	6d 61 72 79 2e 00 54 68 65 20 75 6c 74 69 6d 61 74 65 20 67 6f 61 6c 20 6f 66 20 63 6c 61 73 73	mary..The.ultimate.goal.of.class
64200	69 66 79 69 6e 67 20 74 72 61 66 66 69 63 20 69 73 20 74 6f 20 67 69 76 65 20 65 61 63 68 20 63	ifying.traffic.is.to.give.each.c
64220	6c 61 73 73 20 61 20 64 69 66 66 65 72 65 6e 74 20 74 72 65 61 74 6d 65 6e 74 2e 00 54 68 65 20	lass.a.different.treatment..The.
64240	75 73 65 20 6f 66 20 49 50 6f 45 20 61 64 64 72 65 73 73 65 73 20 74 68 65 20 64 69 73 61 64 76	use.of.IPoE.addresses.the.disadv
64260	61 6e 74 61 67 65 20 74 68 61 74 20 50 50 50 20 69 73 20 75 6e 73 75 69 74 65 64 20 66 6f 72 20	antage.that.PPP.is.unsuited.for.
64280	6d 75 6c 74 69 63 61 73 74 20 64 65 6c 69 76 65 72 79 20 74 6f 20 6d 75 6c 74 69 70 6c 65 20 75	multicast.delivery.to.multiple.u
642a0	73 65 72 73 2e 20 54 79 70 69 63 61 6c 6c 79 2c 20 49 50 6f 45 20 75 73 65 73 20 44 79 6e 61 6d	sers..Typically,.IPoE.uses.Dynam
642c0	69 63 20 48 6f 73 74 20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 50 72 6f 74 6f 63 6f 6c 20 61	ic.Host.Configuration.Protocol.a
642e0	6e 64 20 45 78 74 65 6e 73 69 62 6c 65 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 50 72 6f	nd.Extensible.Authentication.Pro
64300	74 6f 63 6f 6c 20 74 6f 20 70 72 6f 76 69 64 65 20 74 68 65 20 73 61 6d 65 20 66 75 6e 63 74 69	tocol.to.provide.the.same.functi
64320	6f 6e 61 6c 69 74 79 20 61 73 20 50 50 50 6f 45 2c 20 62 75 74 20 69 6e 20 61 20 6c 65 73 73 20	onality.as.PPPoE,.but.in.a.less.
64340	72 6f 62 75 73 74 20 6d 61 6e 6e 65 72 2e 00 54 68 65 20 76 61 6c 75 65 20 6f 66 20 74 68 65 20	robust.manner..The.value.of.the.
64360	61 74 74 72 69 62 75 74 65 20 60 60 4e 41 53 2d 50 6f 72 74 2d 49 64 60 60 20 6d 75 73 74 20 62	attribute.``NAS-Port-Id``.must.b
64380	65 20 6c 65 73 73 20 74 68 61 6e 20 31 36 20 63 68 61 72 61 63 74 65 72 73 2c 20 6f 74 68 65 72	e.less.than.16.characters,.other
643a0	77 69 73 65 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 77 6f 6e 27 74 20 62 65 20 72 65 6e 61	wise.the.interface.won't.be.rena
643c0	6d 65 64 2e 00 54 68 65 20 76 65 6e 64 6f 72 2d 63 6c 61 73 73 2d 69 64 20 6f 70 74 69 6f 6e 20	med..The.vendor-class-id.option.
643e0	63 61 6e 20 62 65 20 75 73 65 64 20 74 6f 20 72 65 71 75 65 73 74 20 61 20 73 70 65 63 69 66 69	can.be.used.to.request.a.specifi
64400	63 20 63 6c 61 73 73 20 6f 66 20 76 65 6e 64 6f 72 20 6f 70 74 69 6f 6e 73 20 66 72 6f 6d 20 74	c.class.of.vendor.options.from.t
64420	68 65 20 73 65 72 76 65 72 2e 00 54 68 65 20 76 65 74 68 20 64 65 76 69 63 65 73 20 61 72 65 20	he.server..The.veth.devices.are.
64440	76 69 72 74 75 61 6c 20 45 74 68 65 72 6e 65 74 20 64 65 76 69 63 65 73 2e 20 54 68 65 79 20 63	virtual.Ethernet.devices..They.c
64460	61 6e 20 61 63 74 20 61 73 20 74 75 6e 6e 65 6c 73 20 62 65 74 77 65 65 6e 20 6e 65 74 77 6f 72	an.act.as.tunnels.between.networ
64480	6b 20 6e 61 6d 65 73 70 61 63 65 73 20 74 6f 20 63 72 65 61 74 65 20 61 20 62 72 69 64 67 65 20	k.namespaces.to.create.a.bridge.
644a0	74 6f 20 61 20 70 68 79 73 69 63 61 6c 20 6e 65 74 77 6f 72 6b 20 64 65 76 69 63 65 20 69 6e 20	to.a.physical.network.device.in.
644c0	61 6e 6f 74 68 65 72 20 6e 61 6d 65 73 70 61 63 65 20 6f 72 20 56 52 46 2c 20 62 75 74 20 63 61	another.namespace.or.VRF,.but.ca
644e0	6e 20 61 6c 73 6f 20 62 65 20 75 73 65 64 20 61 73 20 73 74 61 6e 64 61 6c 6f 6e 65 20 6e 65 74	n.also.be.used.as.standalone.net
64500	77 6f 72 6b 20 64 65 76 69 63 65 73 2e 00 54 68 65 20 77 69 6e 64 6f 77 20 73 69 7a 65 20 6d 75	work.devices..The.window.size.mu
64520	73 74 20 62 65 20 62 65 74 77 65 65 6e 20 31 20 61 6e 64 20 32 31 2e 00 54 68 65 20 77 69 72 65	st.be.between.1.and.21..The.wire
64540	6c 65 73 73 20 63 6c 69 65 6e 74 20 28 73 75 70 70 6c 69 63 61 6e 74 29 20 61 75 74 68 65 6e 74	less.client.(supplicant).authent
64560	69 63 61 74 65 73 20 61 67 61 69 6e 73 74 20 74 68 65 20 52 41 44 49 55 53 20 73 65 72 76 65 72	icates.against.the.RADIUS.server
64580	20 28 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 73 65 72 76 65 72 29 20 75 73 69 6e 67 20 61	.(authentication.server).using.a
645a0	6e 20 3a 61 62 62 72 3a 60 45 41 50 20 28 45 78 74 65 6e 73 69 62 6c 65 20 41 75 74 68 65 6e 74	n.:abbr:`EAP.(Extensible.Authent
645c0	69 63 61 74 69 6f 6e 20 50 72 6f 74 6f 63 6f 6c 29 60 20 20 6d 65 74 68 6f 64 20 63 6f 6e 66 69	ication.Protocol)`..method.confi
645e0	67 75 72 65 64 20 6f 6e 20 74 68 65 20 52 41 44 49 55 53 20 73 65 72 76 65 72 2e 20 54 68 65 20	gured.on.the.RADIUS.server..The.
64600	57 41 50 20 28 61 6c 73 6f 20 72 65 66 65 72 72 65 64 20 74 6f 20 61 73 20 61 75 74 68 65 6e 74	WAP.(also.referred.to.as.authent
64620	69 63 61 74 6f 72 29 20 72 6f 6c 65 20 69 73 20 74 6f 20 73 65 6e 64 20 61 6c 6c 20 61 75 74 68	icator).role.is.to.send.all.auth
64640	65 6e 74 69 63 61 74 69 6f 6e 20 6d 65 73 73 61 67 65 73 20 62 65 74 77 65 65 6e 20 74 68 65 20	entication.messages.between.the.
64660	73 75 70 70 6c 69 63 61 6e 74 20 61 6e 64 20 74 68 65 20 63 6f 6e 66 69 67 75 72 65 64 20 61 75	supplicant.and.the.configured.au
64680	74 68 65 6e 74 69 63 61 74 69 6f 6e 20 73 65 72 76 65 72 2c 20 74 68 75 73 20 74 68 65 20 52 41	thentication.server,.thus.the.RA
646a0	44 49 55 53 20 73 65 72 76 65 72 20 69 73 20 72 65 73 70 6f 6e 73 69 62 6c 65 20 66 6f 72 20 61	DIUS.server.is.responsible.for.a
646c0	75 74 68 65 6e 74 69 63 61 74 69 6e 67 20 74 68 65 20 75 73 65 72 73 2e 00 54 68 65 6e 20 61 20	uthenticating.the.users..Then.a.
646e0	63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 53 4e 41 54 20 72 75 6c 65 20 69 73 20 63 72 65 61 74	corresponding.SNAT.rule.is.creat
64700	65 64 20 74 6f 20 4e 41 54 20 6f 75 74 67 6f 69 6e 67 20 74 72 61 66 66 69 63 20 66 6f 72 20 74	ed.to.NAT.outgoing.traffic.for.t
64720	68 65 20 69 6e 74 65 72 6e 61 6c 20 49 50 20 74 6f 20 61 20 72 65 73 65 72 76 65 64 20 65 78 74	he.internal.IP.to.a.reserved.ext
64740	65 72 6e 61 6c 20 49 50 2e 20 54 68 69 73 20 64 65 64 69 63 61 74 65 73 20 61 6e 20 65 78 74 65	ernal.IP..This.dedicates.an.exte
64760	72 6e 61 6c 20 49 50 20 61 64 64 72 65 73 73 20 74 6f 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 49	rnal.IP.address.to.an.internal.I
64780	50 20 61 64 64 72 65 73 73 20 61 6e 64 20 69 73 20 75 73 65 66 75 6c 20 66 6f 72 20 70 72 6f 74	P.address.and.is.useful.for.prot
647a0	6f 63 6f 6c 73 20 77 68 69 63 68 20 64 6f 6e 27 74 20 68 61 76 65 20 74 68 65 20 6e 6f 74 69 6f	ocols.which.don't.have.the.notio
647c0	6e 20 6f 66 20 70 6f 72 74 73 2c 20 73 75 63 68 20 61 73 20 47 52 45 2e 00 54 68 65 6e 20 77 65	n.of.ports,.such.as.GRE..Then.we
647e0	20 6e 65 65 64 20 74 6f 20 67 65 6e 65 72 61 74 65 2c 20 61 64 64 20 61 6e 64 20 73 70 65 63 69	.need.to.generate,.add.and.speci
64800	66 79 20 74 68 65 20 6e 61 6d 65 73 20 6f 66 20 74 68 65 20 63 72 79 70 74 6f 67 72 61 70 68 69	fy.the.names.of.the.cryptographi
64820	63 20 6d 61 74 65 72 69 61 6c 73 2e 20 45 61 63 68 20 6f 66 20 74 68 65 20 69 6e 73 74 61 6c 6c	c.materials..Each.of.the.install
64840	20 63 6f 6d 6d 61 6e 64 20 73 68 6f 75 6c 64 20 62 65 20 61 70 70 6c 69 65 64 20 74 6f 20 74 68	.command.should.be.applied.to.th
64860	65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6d 6d 69 74 65 64 20 62 65 66	e.configuration.and.commited.bef
64880	6f 72 65 20 75 73 69 6e 67 20 75 6e 64 65 72 20 74 68 65 20 6f 70 65 6e 76 70 6e 20 69 6e 74 65	ore.using.under.the.openvpn.inte
648a0	72 66 61 63 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2e 00 54 68 65 72 65 20 61 72 65 20 33	rface.configuration..There.are.3
648c0	20 64 65 66 61 75 6c 74 20 4e 54 50 20 73 65 72 76 65 72 20 73 65 74 2e 20 59 6f 75 20 61 72 65	.default.NTP.server.set..You.are
648e0	20 61 62 6c 65 20 74 6f 20 63 68 61 6e 67 65 20 74 68 65 6d 2e 00 54 68 65 72 65 20 61 72 65 20	.able.to.change.them..There.are.
64900	61 20 6c 6f 74 20 6f 66 20 6d 61 74 63 68 69 6e 67 20 63 72 69 74 65 72 69 61 20 61 67 61 69 6e	a.lot.of.matching.criteria.again
64920	73 74 20 77 68 69 63 68 20 74 68 65 20 70 61 63 6b 61 67 65 20 63 61 6e 20 62 65 20 74 65 73 74	st.which.the.package.can.be.test
64940	65 64 2e 00 54 68 65 72 65 20 61 72 65 20 61 20 6c 6f 74 20 6f 66 20 6d 61 74 63 68 69 6e 67 20	ed..There.are.a.lot.of.matching.
64960	63 72 69 74 65 72 69 61 20 6f 70 74 69 6f 6e 73 20 61 76 61 69 6c 61 62 6c 65 2c 20 62 6f 74 68	criteria.options.available,.both
64980	20 66 6f 72 20 60 60 70 6f 6c 69 63 79 20 72 6f 75 74 65 60 60 20 61 6e 64 20 60 60 70 6f 6c 69	.for.``policy.route``.and.``poli
649a0	63 79 20 72 6f 75 74 65 36 60 60 2e 20 54 68 65 73 65 20 6f 70 74 69 6f 6e 73 20 61 72 65 20 6c	cy.route6``..These.options.are.l
649c0	69 73 74 65 64 20 69 6e 20 74 68 69 73 20 73 65 63 74 69 6f 6e 2e 00 54 68 65 72 65 20 61 72 65	isted.in.this.section..There.are
649e0	20 64 69 66 66 65 72 65 6e 74 20 70 61 72 61 6d 65 74 65 72 73 20 66 6f 72 20 67 65 74 74 69 6e	.different.parameters.for.gettin
64a00	67 20 70 72 65 66 69 78 2d 6c 69 73 74 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 3a 00 54 68 65 72 65	g.prefix-list.information:.There
64a20	20 61 72 65 20 6c 69 6d 69 74 73 20 6f 6e 20 77 68 69 63 68 20 63 68 61 6e 6e 65 6c 73 20 63 61	.are.limits.on.which.channels.ca
64a40	6e 20 62 65 20 75 73 65 64 20 77 69 74 68 20 48 54 34 30 2d 20 61 6e 64 20 48 54 34 30 2b 2e 20	n.be.used.with.HT40-.and.HT40+..
64a60	46 6f 6c 6c 6f 77 69 6e 67 20 74 61 62 6c 65 20 73 68 6f 77 73 20 74 68 65 20 63 68 61 6e 6e 65	Following.table.shows.the.channe
64a80	6c 73 20 74 68 61 74 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 20 66 6f 72 20 48 54 34	ls.that.may.be.available.for.HT4
64aa0	30 2d 20 61 6e 64 20 48 54 34 30 2b 20 75 73 65 20 70 65 72 20 49 45 45 45 20 38 30 32 2e 31 31	0-.and.HT40+.use.per.IEEE.802.11
64ac0	6e 20 41 6e 6e 65 78 20 4a 3a 00 54 68 65 72 65 20 61 72 65 20 6d 61 6e 79 20 70 61 72 61 6d 65	n.Annex.J:.There.are.many.parame
64ae0	74 65 72 73 20 79 6f 75 20 77 69 6c 6c 20 62 65 20 61 62 6c 65 20 74 6f 20 75 73 65 20 69 6e 20	ters.you.will.be.able.to.use.in.
64b00	6f 72 64 65 72 20 74 6f 20 6d 61 74 63 68 20 74 68 65 20 74 72 61 66 66 69 63 20 79 6f 75 20 77	order.to.match.the.traffic.you.w
64b20	61 6e 74 20 66 6f 72 20 61 20 63 6c 61 73 73 3a 00 54 68 65 72 65 20 61 72 65 20 6d 75 6c 74 69	ant.for.a.class:.There.are.multi
64b40	70 6c 65 20 76 65 72 73 69 6f 6e 73 20 61 76 61 69 6c 61 62 6c 65 20 66 6f 72 20 74 68 65 20 4e	ple.versions.available.for.the.N
64b60	65 74 46 6c 6f 77 20 64 61 74 61 2e 20 54 68 65 20 60 3c 76 65 72 73 69 6f 6e 3e 60 20 75 73 65	etFlow.data..The.`<version>`.use
64b80	64 20 69 6e 20 74 68 65 20 65 78 70 6f 72 74 65 64 20 66 6c 6f 77 20 64 61 74 61 20 63 61 6e 20	d.in.the.exported.flow.data.can.
64ba0	62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 68 65 72 65 2e 20 54 68 65 20 66 6f 6c 6c 6f 77 69 6e	be.configured.here..The.followin
64bc0	67 20 76 65 72 73 69 6f 6e 73 20 61 72 65 20 73 75 70 70 6f 72 74 65 64 3a 00 54 68 65 72 65 20	g.versions.are.supported:.There.
64be0	61 72 65 20 72 61 74 65 2d 6c 69 6d 69 74 65 64 20 61 6e 64 20 6e 6f 6e 20 72 61 74 65 2d 6c 69	are.rate-limited.and.non.rate-li
64c00	6d 69 74 65 64 20 75 73 65 72 73 20 28 4d 41 43 73 29 00 54 68 65 72 65 20 61 72 65 20 73 6f 6d	mited.users.(MACs).There.are.som
64c20	65 20 73 63 65 6e 61 72 69 6f 73 20 77 68 65 72 65 20 73 65 72 69 61 6c 20 63 6f 6e 73 6f 6c 65	e.scenarios.where.serial.console
64c40	73 20 61 72 65 20 75 73 65 66 75 6c 2e 20 53 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74	s.are.useful..System.administrat
64c60	69 6f 6e 20 6f 66 20 72 65 6d 6f 74 65 20 63 6f 6d 70 75 74 65 72 73 20 69 73 20 75 73 75 61 6c	ion.of.remote.computers.is.usual
64c80	6c 79 20 64 6f 6e 65 20 75 73 69 6e 67 20 3a 72 65 66 3a 60 73 73 68 60 2c 20 62 75 74 20 74 68	ly.done.using.:ref:`ssh`,.but.th
64ca0	65 72 65 20 61 72 65 20 74 69 6d 65 73 20 77 68 65 6e 20 61 63 63 65 73 73 20 74 6f 20 74 68 65	ere.are.times.when.access.to.the
64cc0	20 63 6f 6e 73 6f 6c 65 20 69 73 20 74 68 65 20 6f 6e 6c 79 20 77 61 79 20 74 6f 20 64 69 61 67	.console.is.the.only.way.to.diag
64ce0	6e 6f 73 65 20 61 6e 64 20 63 6f 72 72 65 63 74 20 73 6f 66 74 77 61 72 65 20 66 61 69 6c 75 72	nose.and.correct.software.failur
64d00	65 73 2e 20 4d 61 6a 6f 72 20 75 70 67 72 61 64 65 73 20 74 6f 20 74 68 65 20 69 6e 73 74 61 6c	es..Major.upgrades.to.the.instal
64d20	6c 65 64 20 64 69 73 74 72 69 62 75 74 69 6f 6e 20 6d 61 79 20 61 6c 73 6f 20 72 65 71 75 69 72	led.distribution.may.also.requir
64d40	65 20 63 6f 6e 73 6f 6c 65 20 61 63 63 65 73 73 2e 00 54 68 65 72 65 20 61 72 65 20 74 68 72 65	e.console.access..There.are.thre
64d60	65 20 6d 6f 64 65 73 20 6f 66 20 6f 70 65 72 61 74 69 6f 6e 20 66 6f 72 20 61 20 77 69 72 65 6c	e.modes.of.operation.for.a.wirel
64d80	65 73 73 20 69 6e 74 65 72 66 61 63 65 3a 00 54 68 65 72 65 20 61 72 65 20 74 77 6f 20 74 79 70	ess.interface:.There.are.two.typ
64da0	65 73 20 6f 66 20 4e 65 74 77 6f 72 6b 20 41 64 6d 69 6e 73 20 77 68 6f 20 64 65 61 6c 20 77 69	es.of.Network.Admins.who.deal.wi
64dc0	74 68 20 42 47 50 2c 20 74 68 6f 73 65 20 77 68 6f 20 68 61 76 65 20 63 72 65 61 74 65 64 20 61	th.BGP,.those.who.have.created.a
64de0	6e 20 69 6e 74 65 72 6e 61 74 69 6f 6e 61 6c 20 69 6e 63 69 64 65 6e 74 20 61 6e 64 2f 6f 72 20	n.international.incident.and/or.
64e00	6f 75 74 61 67 65 2c 20 61 6e 64 20 74 68 6f 73 65 20 77 68 6f 20 61 72 65 20 6c 79 69 6e 67 00	outage,.and.those.who.are.lying.
64e20	54 68 65 72 65 20 61 72 65 20 74 77 6f 20 77 61 79 73 20 74 68 61 74 20 68 65 6c 70 20 75 73 20	There.are.two.ways.that.help.us.
64e40	74 6f 20 6d 69 74 69 67 61 74 65 20 74 68 65 20 42 47 50 73 20 66 75 6c 6c 2d 6d 65 73 68 20 72	to.mitigate.the.BGPs.full-mesh.r
64e60	65 71 75 69 72 65 6d 65 6e 74 20 69 6e 20 61 20 6e 65 74 77 6f 72 6b 3a 00 54 68 65 72 65 20 63	equirement.in.a.network:.There.c
64e80	61 6e 20 6f 6e 6c 79 20 62 65 20 6f 6e 65 20 6c 6f 6f 70 62 61 63 6b 20 60 60 6c 6f 60 60 20 69	an.only.be.one.loopback.``lo``.i
64ea0	6e 74 65 72 66 61 63 65 20 6f 6e 20 74 68 65 20 73 79 73 74 65 6d 2e 20 49 66 20 79 6f 75 20 6e	nterface.on.the.system..If.you.n
64ec0	65 65 64 20 6d 75 6c 74 69 70 6c 65 20 69 6e 74 65 72 66 61 63 65 73 2c 20 70 6c 65 61 73 65 20	eed.multiple.interfaces,.please.
64ee0	75 73 65 20 74 68 65 20 3a 72 65 66 3a 60 64 75 6d 6d 79 2d 69 6e 74 65 72 66 61 63 65 60 20 69	use.the.:ref:`dummy-interface`.i
64f00	6e 74 65 72 66 61 63 65 20 74 79 70 65 2e 00 54 68 65 72 65 20 63 6f 75 6c 64 20 62 65 20 61 20	nterface.type..There.could.be.a.
64f20	77 69 64 65 20 72 61 6e 67 65 20 6f 66 20 72 6f 75 74 69 6e 67 20 70 6f 6c 69 63 69 65 73 2e 20	wide.range.of.routing.policies..
64f40	53 6f 6d 65 20 65 78 61 6d 70 6c 65 73 20 61 72 65 20 6c 69 73 74 65 64 20 62 65 6c 6f 77 3a 00	Some.examples.are.listed.below:.
64f60	54 68 65 72 65 20 69 73 20 61 20 76 65 72 79 20 6e 69 63 65 20 70 69 63 74 75 72 65 2f 65 78 70	There.is.a.very.nice.picture/exp
64f80	6c 61 6e 61 74 69 6f 6e 20 69 6e 20 74 68 65 20 56 79 61 74 74 61 20 64 6f 63 75 6d 65 6e 74 61	lanation.in.the.Vyatta.documenta
64fa0	74 69 6f 6e 20 77 68 69 63 68 20 73 68 6f 75 6c 64 20 62 65 20 72 65 77 72 69 74 74 65 6e 20 68	tion.which.should.be.rewritten.h
64fc0	65 72 65 2e 00 54 68 65 72 65 20 69 73 20 61 6c 73 6f 20 61 20 47 52 45 20 6f 76 65 72 20 49 50	ere..There.is.also.a.GRE.over.IP
64fe0	76 36 20 65 6e 63 61 70 73 75 6c 61 74 69 6f 6e 20 61 76 61 69 6c 61 62 6c 65 2c 20 69 74 20 69	v6.encapsulation.available,.it.i
65000	73 20 63 61 6c 6c 65 64 3a 20 60 60 69 70 36 67 72 65 60 60 2e 00 54 68 65 72 65 20 69 73 20 61	s.called:.``ip6gre``..There.is.a
65020	6e 20 65 6e 74 69 72 65 20 63 68 61 70 74 65 72 20 61 62 6f 75 74 20 68 6f 77 20 74 6f 20 63 6f	n.entire.chapter.about.how.to.co
65040	6e 66 69 67 75 72 65 20 61 20 3a 72 65 66 3a 60 76 72 66 60 2c 20 70 6c 65 61 73 65 20 63 68 65	nfigure.a.:ref:`vrf`,.please.che
65060	63 6b 20 74 68 69 73 20 66 6f 72 20 61 64 64 69 74 69 6f 6e 61 6c 20 69 6e 66 6f 72 6d 61 74 69	ck.this.for.additional.informati
65080	6f 6e 2e 00 54 68 65 72 65 27 73 20 61 20 76 61 72 69 65 74 79 20 6f 66 20 63 6c 69 65 6e 74 20	on..There's.a.variety.of.client.
650a0	47 55 49 20 66 72 6f 6e 74 65 6e 64 73 20 66 6f 72 20 61 6e 79 20 70 6c 61 74 66 6f 72 6d 00 54	GUI.frontends.for.any.platform.T
650c0	68 65 73 65 20 61 72 65 20 74 68 65 20 63 6f 6d 6d 61 6e 64 73 20 66 6f 72 20 61 20 62 61 73 69	hese.are.the.commands.for.a.basi
650e0	63 20 73 65 74 75 70 2e 00 54 68 65 73 65 20 63 6f 6d 6d 61 6e 64 73 20 61 6c 6c 6f 77 20 74 68	c.setup..These.commands.allow.th
65100	65 20 56 4c 41 4e 31 30 20 61 6e 64 20 56 4c 41 4e 31 31 20 68 6f 73 74 73 20 74 6f 20 63 6f 6d	e.VLAN10.and.VLAN11.hosts.to.com
65120	6d 75 6e 69 63 61 74 65 20 77 69 74 68 20 65 61 63 68 20 6f 74 68 65 72 20 75 73 69 6e 67 20 74	municate.with.each.other.using.t
65140	68 65 20 6d 61 69 6e 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 2e 00 54 68 65 73 65 20 63 6f 6e	he.main.routing.table..These.con
65160	66 69 67 75 72 61 74 69 6f 6e 20 69 73 20 6e 6f 74 20 6d 61 6e 64 61 74 6f 72 79 20 61 6e 64 20	figuration.is.not.mandatory.and.
65180	69 6e 20 6d 6f 73 74 20 63 61 73 65 73 20 74 68 65 72 65 27 73 20 6e 6f 20 6e 65 65 64 20 74 6f	in.most.cases.there's.no.need.to
651a0	20 63 6f 6e 66 69 67 75 72 65 20 69 74 2e 20 42 75 74 20 69 66 20 6e 65 63 65 73 73 61 72 79 2c	.configure.it..But.if.necessary,
651c0	20 47 72 61 74 75 69 74 6f 75 73 20 41 52 50 20 63 61 6e 20 62 65 20 63 6f 6e 66 69 67 75 72 65	.Gratuitous.ARP.can.be.configure
651e0	64 20 69 6e 20 60 60 67 6c 6f 62 61 6c 2d 70 61 72 61 6d 65 74 65 72 73 60 60 20 61 6e 64 2f 6f	d.in.``global-parameters``.and/o
65200	72 20 69 6e 20 60 60 67 72 6f 75 70 60 60 20 73 65 63 74 69 6f 6e 2e 00 54 68 65 73 65 20 70 61	r.in.``group``.section..These.pa
65220	72 61 6d 65 74 65 72 73 20 61 72 65 20 70 61 73 73 65 64 20 61 73 2d 69 73 20 74 6f 20 69 73 63	rameters.are.passed.as-is.to.isc
65240	2d 64 68 63 70 27 73 20 64 68 63 70 64 2e 63 6f 6e 66 20 75 6e 64 65 72 20 74 68 65 20 63 6f 6e	-dhcp's.dhcpd.conf.under.the.con
65260	66 69 67 75 72 61 74 69 6f 6e 20 6e 6f 64 65 20 74 68 65 79 20 61 72 65 20 64 65 66 69 6e 65 64	figuration.node.they.are.defined
65280	20 69 6e 2e 20 54 68 65 79 20 61 72 65 20 6e 6f 74 20 76 61 6c 69 64 61 74 65 64 20 73 6f 20 61	.in..They.are.not.validated.so.a
652a0	6e 20 65 72 72 6f 72 20 69 6e 20 74 68 65 20 72 61 77 20 70 61 72 61 6d 65 74 65 72 73 20 77 6f	n.error.in.the.raw.parameters.wo
652c0	6e 27 74 20 62 65 20 63 61 75 67 68 74 20 62 79 20 76 79 6f 73 27 73 20 73 63 72 69 70 74 73 20	n't.be.caught.by.vyos's.scripts.
652e0	61 6e 64 20 77 69 6c 6c 20 63 61 75 73 65 20 64 68 63 70 64 20 74 6f 20 66 61 69 6c 20 74 6f 20	and.will.cause.dhcpd.to.fail.to.
65300	73 74 61 72 74 2e 20 41 6c 77 61 79 73 20 76 65 72 69 66 79 20 74 68 61 74 20 74 68 65 20 70 61	start..Always.verify.that.the.pa
65320	72 61 6d 65 74 65 72 73 20 61 72 65 20 63 6f 72 72 65 63 74 20 62 65 66 6f 72 65 20 63 6f 6d 6d	rameters.are.correct.before.comm
65340	69 74 74 69 6e 67 20 74 68 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2e 20 52 65 66 65 72 20	itting.the.configuration..Refer.
65360	74 6f 20 69 73 63 2d 64 68 63 70 27 73 20 64 68 63 70 64 2e 63 6f 6e 66 20 6d 61 6e 75 61 6c 20	to.isc-dhcp's.dhcpd.conf.manual.
65380	66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 3a 20 68 74 74 70 73 3a 2f 2f 6b 62	for.more.information:.https://kb
653a0	2e 69 73 63 2e 6f 72 67 2f 64 6f 63 73 2f 69 73 63 2d 64 68 63 70 2d 34 34 2d 6d 61 6e 75 61 6c	.isc.org/docs/isc-dhcp-44-manual
653c0	2d 70 61 67 65 73 2d 64 68 63 70 64 63 6f 6e 66 00 54 68 65 73 65 20 70 61 72 61 6d 65 74 65 72	-pages-dhcpdconf.These.parameter
653e0	73 20 6e 65 65 64 20 74 6f 20 62 65 20 70 61 72 74 20 6f 66 20 74 68 65 20 44 48 43 50 20 67 6c	s.need.to.be.part.of.the.DHCP.gl
65400	6f 62 61 6c 20 6f 70 74 69 6f 6e 73 2e 20 54 68 65 79 20 73 74 61 79 20 75 6e 63 68 61 6e 67 65	obal.options..They.stay.unchange
65420	64 2e 00 54 68 65 79 20 63 61 6e 20 62 65 20 2a 2a 64 65 63 69 6d 61 6c 2a 2a 20 70 72 65 66 69	d..They.can.be.**decimal**.prefi
65440	78 65 73 2e 00 54 68 69 73 20 61 64 64 72 65 73 73 20 6d 75 73 74 20 62 65 20 74 68 65 20 61 64	xes..This.address.must.be.the.ad
65460	64 72 65 73 73 20 6f 66 20 61 20 6c 6f 63 61 6c 20 69 6e 74 65 72 66 61 63 65 2e 20 49 74 20 6d	dress.of.a.local.interface..It.m
65480	61 79 20 62 65 20 73 70 65 63 69 66 69 65 64 20 61 73 20 61 6e 20 49 50 76 34 20 61 64 64 72 65	ay.be.specified.as.an.IPv4.addre
654a0	73 73 20 6f 72 20 61 6e 20 49 50 76 36 20 61 64 64 72 65 73 73 2e 00 54 68 69 73 20 61 6c 67 6f	ss.or.an.IPv6.address..This.algo
654c0	72 69 74 68 6d 20 69 73 20 38 30 32 2e 33 61 64 20 63 6f 6d 70 6c 69 61 6e 74 2e 00 54 68 69 73	rithm.is.802.3ad.compliant..This
654e0	20 61 6c 67 6f 72 69 74 68 6d 20 69 73 20 6e 6f 74 20 66 75 6c 6c 79 20 38 30 32 2e 33 61 64 20	.algorithm.is.not.fully.802.3ad.
65500	63 6f 6d 70 6c 69 61 6e 74 2e 20 41 20 73 69 6e 67 6c 65 20 54 43 50 20 6f 72 20 55 44 50 20 63	compliant..A.single.TCP.or.UDP.c
65520	6f 6e 76 65 72 73 61 74 69 6f 6e 20 63 6f 6e 74 61 69 6e 69 6e 67 20 62 6f 74 68 20 66 72 61 67	onversation.containing.both.frag
65540	6d 65 6e 74 65 64 20 61 6e 64 20 75 6e 66 72 61 67 6d 65 6e 74 65 64 20 70 61 63 6b 65 74 73 20	mented.and.unfragmented.packets.
65560	77 69 6c 6c 20 73 65 65 20 70 61 63 6b 65 74 73 20 73 74 72 69 70 65 64 20 61 63 72 6f 73 73 20	will.see.packets.striped.across.
65580	74 77 6f 20 69 6e 74 65 72 66 61 63 65 73 2e 20 54 68 69 73 20 6d 61 79 20 72 65 73 75 6c 74 20	two.interfaces..This.may.result.
655a0	69 6e 20 6f 75 74 20 6f 66 20 6f 72 64 65 72 20 64 65 6c 69 76 65 72 79 2e 20 4d 6f 73 74 20 74	in.out.of.order.delivery..Most.t
655c0	72 61 66 66 69 63 20 74 79 70 65 73 20 77 69 6c 6c 20 6e 6f 74 20 6d 65 65 74 20 74 68 65 73 65	raffic.types.will.not.meet.these
655e0	20 63 72 69 74 65 72 69 61 2c 20 61 73 20 54 43 50 20 72 61 72 65 6c 79 20 66 72 61 67 6d 65 6e	.criteria,.as.TCP.rarely.fragmen
65600	74 73 20 74 72 61 66 66 69 63 2c 20 61 6e 64 20 6d 6f 73 74 20 55 44 50 20 74 72 61 66 66 69 63	ts.traffic,.and.most.UDP.traffic
65620	20 69 73 20 6e 6f 74 20 69 6e 76 6f 6c 76 65 64 20 69 6e 20 65 78 74 65 6e 64 65 64 20 63 6f 6e	.is.not.involved.in.extended.con
65640	76 65 72 73 61 74 69 6f 6e 73 2e 20 4f 74 68 65 72 20 69 6d 70 6c 65 6d 65 6e 74 61 74 69 6f 6e	versations..Other.implementation
65660	73 20 6f 66 20 38 30 32 2e 33 61 64 20 6d 61 79 20 6f 72 20 6d 61 79 20 6e 6f 74 20 74 6f 6c 65	s.of.802.3ad.may.or.may.not.tole
65680	72 61 74 65 20 74 68 69 73 20 6e 6f 6e 63 6f 6d 70 6c 69 61 6e 63 65 2e 00 54 68 69 73 20 61 6c	rate.this.noncompliance..This.al
656a0	67 6f 72 69 74 68 6d 20 77 69 6c 6c 20 70 6c 61 63 65 20 61 6c 6c 20 74 72 61 66 66 69 63 20 74	gorithm.will.place.all.traffic.t
656c0	6f 20 61 20 70 61 72 74 69 63 75 6c 61 72 20 6e 65 74 77 6f 72 6b 20 70 65 65 72 20 6f 6e 20 74	o.a.particular.network.peer.on.t
656e0	68 65 20 73 61 6d 65 20 73 6c 61 76 65 2e 00 54 68 69 73 20 61 6c 67 6f 72 69 74 68 6d 20 77 69	he.same.slave..This.algorithm.wi
65700	6c 6c 20 70 6c 61 63 65 20 61 6c 6c 20 74 72 61 66 66 69 63 20 74 6f 20 61 20 70 61 72 74 69 63	ll.place.all.traffic.to.a.partic
65720	75 6c 61 72 20 6e 65 74 77 6f 72 6b 20 70 65 65 72 20 6f 6e 20 74 68 65 20 73 61 6d 65 20 73 6c	ular.network.peer.on.the.same.sl
65740	61 76 65 2e 20 46 6f 72 20 6e 6f 6e 2d 49 50 20 74 72 61 66 66 69 63 2c 20 74 68 65 20 66 6f 72	ave..For.non-IP.traffic,.the.for
65760	6d 75 6c 61 20 69 73 20 74 68 65 20 73 61 6d 65 20 61 73 20 66 6f 72 20 74 68 65 20 6c 61 79 65	mula.is.the.same.as.for.the.laye
65780	72 32 20 74 72 61 6e 73 6d 69 74 20 68 61 73 68 20 70 6f 6c 69 63 79 2e 00 54 68 69 73 20 61 6c	r2.transmit.hash.policy..This.al
657a0	6c 6f 77 73 20 61 76 6f 69 64 69 6e 67 20 74 68 65 20 74 69 6d 65 72 73 20 64 65 66 69 6e 65 64	lows.avoiding.the.timers.defined
657c0	20 69 6e 20 42 47 50 20 61 6e 64 20 4f 53 50 46 20 70 72 6f 74 6f 63 6f 6c 20 74 6f 20 65 78 70	.in.BGP.and.OSPF.protocol.to.exp
657e0	69 72 65 73 2e 00 54 68 69 73 20 61 6c 73 6f 20 77 6f 72 6b 73 20 66 6f 72 20 72 65 76 65 72 73	ires..This.also.works.for.revers
65800	65 2d 6c 6f 6f 6b 75 70 20 7a 6f 6e 65 73 20 28 60 60 31 38 2e 31 37 32 2e 69 6e 2d 61 64 64 72	e-lookup.zones.(``18.172.in-addr
65820	2e 61 72 70 61 60 60 29 2e 00 54 68 69 73 20 61 72 74 69 63 6c 65 20 74 6f 75 63 68 65 73 20 6f	.arpa``)..This.article.touches.o
65840	6e 20 27 63 6c 61 73 73 69 63 27 20 49 50 20 74 75 6e 6e 65 6c 69 6e 67 20 70 72 6f 74 6f 63 6f	n.'classic'.IP.tunneling.protoco
65860	6c 73 2e 00 54 68 69 73 20 62 6c 75 65 70 72 69 6e 74 20 75 73 65 73 20 56 79 4f 53 20 61 73 20	ls..This.blueprint.uses.VyOS.as.
65880	74 68 65 20 44 4d 56 50 4e 20 48 75 62 20 61 6e 64 20 43 69 73 63 6f 20 28 37 32 30 36 56 58 52	the.DMVPN.Hub.and.Cisco.(7206VXR
658a0	29 20 61 6e 64 20 56 79 4f 53 20 61 73 20 6d 75 6c 74 69 70 6c 65 20 73 70 6f 6b 65 20 73 69 74	).and.VyOS.as.multiple.spoke.sit
658c0	65 73 2e 20 54 68 65 20 6c 61 62 20 77 61 73 20 62 75 69 6c 64 20 75 73 69 6e 67 20 3a 61 62 62	es..The.lab.was.build.using.:abb
658e0	72 3a 60 45 56 45 2d 4e 47 20 28 45 6d 75 6c 61 74 65 64 20 56 69 72 74 75 61 6c 20 45 6e 76 69	r:`EVE-NG.(Emulated.Virtual.Envi
65900	72 6f 6e 6d 65 6e 74 20 4e 47 29 60 2e 00 54 68 69 73 20 63 61 6e 20 62 65 20 63 6f 6e 66 69 72	ronment.NG)`..This.can.be.confir
65920	6d 65 64 20 75 73 69 6e 67 20 74 68 65 20 60 60 73 68 6f 77 20 69 70 20 72 6f 75 74 65 20 74 61	med.using.the.``show.ip.route.ta
65940	62 6c 65 20 31 30 30 60 60 20 6f 70 65 72 61 74 69 6f 6e 61 6c 20 63 6f 6d 6d 61 6e 64 2e 00 54	ble.100``.operational.command..T
65960	68 69 73 20 63 61 6e 20 6f 6e 6c 79 20 62 65 20 64 6f 6e 65 20 69 66 20 61 6c 6c 20 79 6f 75 72	his.can.only.be.done.if.all.your
65980	20 75 73 65 72 73 20 61 72 65 20 6c 6f 63 61 74 65 64 20 64 69 72 65 63 74 6c 79 20 75 6e 64 65	.users.are.located.directly.unde
659a0	72 20 74 68 65 20 73 61 6d 65 20 70 6f 73 69 74 69 6f 6e 20 69 6e 20 74 68 65 20 4c 44 41 50 20	r.the.same.position.in.the.LDAP.
659c0	74 72 65 65 20 61 6e 64 20 74 68 65 20 6c 6f 67 69 6e 20 6e 61 6d 65 20 69 73 20 75 73 65 64 20	tree.and.the.login.name.is.used.
659e0	66 6f 72 20 6e 61 6d 69 6e 67 20 65 61 63 68 20 75 73 65 72 20 6f 62 6a 65 63 74 2e 20 49 66 20	for.naming.each.user.object..If.
65a00	79 6f 75 72 20 4c 44 41 50 20 74 72 65 65 20 64 6f 65 73 20 6e 6f 74 20 6d 61 74 63 68 20 74 68	your.LDAP.tree.does.not.match.th
65a20	65 73 65 20 63 72 69 74 65 72 69 61 73 20 6f 72 20 69 66 20 79 6f 75 20 77 61 6e 74 20 74 6f 20	ese.criterias.or.if.you.want.to.
65a40	66 69 6c 74 65 72 20 77 68 6f 20 61 72 65 20 76 61 6c 69 64 20 75 73 65 72 73 20 74 68 65 6e 20	filter.who.are.valid.users.then.
65a60	79 6f 75 20 6e 65 65 64 20 74 6f 20 75 73 65 20 61 20 73 65 61 72 63 68 20 66 69 6c 74 65 72 20	you.need.to.use.a.search.filter.
65a80	74 6f 20 73 65 61 72 63 68 20 66 6f 72 20 79 6f 75 72 20 75 73 65 72 73 20 44 4e 20 28 60 66 69	to.search.for.your.users.DN.(`fi
65aa0	6c 74 65 72 2d 65 78 70 72 65 73 73 69 6f 6e 60 29 2e 00 54 68 69 73 20 63 68 61 70 65 74 65 72	lter-expression`)..This.chapeter
65ac0	20 64 65 73 63 72 69 62 65 73 20 68 6f 77 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 6b 65 72 6e	.describes.how.to.configure.kern
65ae0	65 6c 20 70 61 72 61 6d 65 74 65 72 73 20 61 74 20 72 75 6e 74 69 6d 65 2e 00 54 68 69 73 20 63	el.parameters.at.runtime..This.c
65b00	68 61 70 74 65 72 20 64 65 73 63 72 69 62 65 20 74 68 65 20 70 6f 73 73 69 62 69 6c 69 74 69 65	hapter.describe.the.possibilitie
65b20	73 20 6f 66 20 61 64 76 61 6e 63 65 64 20 73 79 73 74 65 6d 20 62 65 68 61 76 69 6f 72 2e 00 54	s.of.advanced.system.behavior..T
65b40	68 69 73 20 63 6f 6d 6d 61 64 20 73 65 74 73 20 6e 65 74 77 6f 72 6b 20 65 6e 74 69 74 79 20 74	his.commad.sets.network.entity.t
65b60	69 74 6c 65 20 28 4e 45 54 29 20 70 72 6f 76 69 64 65 64 20 69 6e 20 49 53 4f 20 66 6f 72 6d 61	itle.(NET).provided.in.ISO.forma
65b80	74 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 61 63 63 65 70 74 20 69 6e 63 6f 6d 69 6e 67 20	t..This.command.accept.incoming.
65ba0	72 6f 75 74 65 73 20 77 69 74 68 20 41 53 20 70 61 74 68 20 63 6f 6e 74 61 69 6e 69 6e 67 20 41	routes.with.AS.path.containing.A
65bc0	53 20 6e 75 6d 62 65 72 20 77 69 74 68 20 74 68 65 20 73 61 6d 65 20 76 61 6c 75 65 20 61 73 20	S.number.with.the.same.value.as.
65be0	74 68 65 20 63 75 72 72 65 6e 74 20 73 79 73 74 65 6d 20 41 53 2e 20 54 68 69 73 20 69 73 20 75	the.current.system.AS..This.is.u
65c00	73 65 64 20 77 68 65 6e 20 79 6f 75 20 77 61 6e 74 20 74 6f 20 75 73 65 20 74 68 65 20 73 61 6d	sed.when.you.want.to.use.the.sam
65c20	65 20 41 53 20 6e 75 6d 62 65 72 20 69 6e 20 79 6f 75 72 20 73 69 74 65 73 2c 20 62 75 74 20 79	e.AS.number.in.your.sites,.but.y
65c40	6f 75 20 63 61 6e e2 80 99 74 20 63 6f 6e 6e 65 63 74 20 74 68 65 6d 20 64 69 72 65 63 74 6c 79	ou.can...t.connect.them.directly
65c60	2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 61 6c 6c 6f 77 20 6f 76 65 72 72 69 64 65 20 74 68	..This.command.allow.override.th
65c80	65 20 72 65 73 75 6c 74 20 6f 66 20 43 61 70 61 62 69 6c 69 74 79 20 4e 65 67 6f 74 69 61 74 69	e.result.of.Capability.Negotiati
65ca0	6f 6e 20 77 69 74 68 20 6c 6f 63 61 6c 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2e 20 49 67 6e	on.with.local.configuration..Ign
65cc0	6f 72 65 20 72 65 6d 6f 74 65 20 70 65 65 72 e2 80 99 73 20 63 61 70 61 62 69 6c 69 74 79 20 76	ore.remote.peer...s.capability.v
65ce0	61 6c 75 65 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 61 6c 6c 6f 77 73 20 70 65 65 72 69 6e	alue..This.command.allows.peerin
65d00	67 73 20 62 65 74 77 65 65 6e 20 64 69 72 65 63 74 6c 79 20 63 6f 6e 6e 65 63 74 65 64 20 65 42	gs.between.directly.connected.eB
65d20	47 50 20 70 65 65 72 73 20 75 73 69 6e 67 20 6c 6f 6f 70 62 61 63 6b 20 61 64 64 72 65 73 73 65	GP.peers.using.loopback.addresse
65d40	73 20 77 69 74 68 6f 75 74 20 61 64 6a 75 73 74 69 6e 67 20 74 68 65 20 64 65 66 61 75 6c 74 20	s.without.adjusting.the.default.
65d60	54 54 4c 20 6f 66 20 31 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 61 6c 6c 6f 77 73 20 73 65	TTL.of.1..This.command.allows.se
65d80	73 73 69 6f 6e 73 20 74 6f 20 62 65 20 65 73 74 61 62 6c 69 73 68 65 64 20 77 69 74 68 20 65 42	ssions.to.be.established.with.eB
65da0	47 50 20 6e 65 69 67 68 62 6f 72 73 20 77 68 65 6e 20 74 68 65 79 20 61 72 65 20 6d 75 6c 74 69	GP.neighbors.when.they.are.multi
65dc0	70 6c 65 20 68 6f 70 73 20 61 77 61 79 2e 20 57 68 65 6e 20 74 68 65 20 6e 65 69 67 68 62 6f 72	ple.hops.away..When.the.neighbor
65de0	20 69 73 20 6e 6f 74 20 64 69 72 65 63 74 6c 79 20 63 6f 6e 6e 65 63 74 65 64 20 61 6e 64 20 74	.is.not.directly.connected.and.t
65e00	68 69 73 20 6b 6e 6f 62 20 69 73 20 6e 6f 74 20 65 6e 61 62 6c 65 64 2c 20 74 68 65 20 73 65 73	his.knob.is.not.enabled,.the.ses
65e20	73 69 6f 6e 20 77 69 6c 6c 20 6e 6f 74 20 65 73 74 61 62 6c 69 73 68 2e 20 54 68 65 20 6e 75 6d	sion.will.not.establish..The.num
65e40	62 65 72 20 6f 66 20 68 6f 70 73 20 72 61 6e 67 65 20 69 73 20 31 20 74 6f 20 32 35 35 2e 20 54	ber.of.hops.range.is.1.to.255..T
65e60	68 69 73 20 63 6f 6d 6d 61 6e 64 20 69 73 20 6d 75 74 75 61 6c 6c 79 20 65 78 63 6c 75 73 69 76	his.command.is.mutually.exclusiv
65e80	65 20 77 69 74 68 20 3a 63 66 67 63 6d 64 3a 60 74 74 6c 2d 73 65 63 75 72 69 74 79 20 68 6f 70	e.with.:cfgcmd:`ttl-security.hop
65ea0	73 60 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 61 6c 6c 6f 77 73 20 74 68 65 20 72 6f 75 74	s`..This.command.allows.the.rout
65ec0	65 72 20 74 6f 20 70 72 65 66 65 72 20 72 6f 75 74 65 20 74 6f 20 73 70 65 63 69 66 69 65 64 20	er.to.prefer.route.to.specified.
65ee0	70 72 65 66 69 78 20 6c 65 61 72 6e 65 64 20 76 69 61 20 49 47 50 20 74 68 72 6f 75 67 68 20 62	prefix.learned.via.IGP.through.b
65f00	61 63 6b 64 6f 6f 72 20 6c 69 6e 6b 20 69 6e 73 74 65 61 64 20 6f 66 20 61 20 72 6f 75 74 65 20	ackdoor.link.instead.of.a.route.
65f20	74 6f 20 74 68 65 20 73 61 6d 65 20 70 72 65 66 69 78 20 6c 65 61 72 6e 65 64 20 76 69 61 20 45	to.the.same.prefix.learned.via.E
65f40	42 47 50 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 61 6c 6c 6f 77 73 20 74 6f 20 6c 6f 67 20	BGP..This.command.allows.to.log.
65f60	63 68 61 6e 67 65 73 20 69 6e 20 61 64 6a 61 63 65 6e 63 79 2e 20 57 69 74 68 20 74 68 65 20 6f	changes.in.adjacency..With.the.o
65f80	70 74 69 6f 6e 61 6c 20 3a 63 66 67 63 6d 64 3a 60 64 65 74 61 69 6c 60 20 61 72 67 75 6d 65 6e	ptional.:cfgcmd:`detail`.argumen
65fa0	74 2c 20 61 6c 6c 20 63 68 61 6e 67 65 73 20 69 6e 20 61 64 6a 61 63 65 6e 63 79 20 73 74 61 74	t,.all.changes.in.adjacency.stat
65fc0	75 73 20 61 72 65 20 73 68 6f 77 6e 2e 20 57 69 74 68 6f 75 74 20 3a 63 66 67 63 6d 64 3a 60 64	us.are.shown..Without.:cfgcmd:`d
65fe0	65 74 61 69 6c 60 2c 20 6f 6e 6c 79 20 63 68 61 6e 67 65 73 20 74 6f 20 66 75 6c 6c 20 6f 72 20	etail`,.only.changes.to.full.or.
66000	72 65 67 72 65 73 73 69 6f 6e 73 20 61 72 65 20 73 68 6f 77 6e 2e 00 54 68 69 73 20 63 6f 6d 6d	regressions.are.shown..This.comm
66020	61 6e 64 20 61 6c 6c 6f 77 73 20 74 6f 20 73 70 65 63 69 66 79 20 74 68 65 20 64 69 73 74 72 69	and.allows.to.specify.the.distri
66040	62 75 74 69 6f 6e 20 74 79 70 65 20 66 6f 72 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 63 6f 6e 6e	bution.type.for.the.network.conn
66060	65 63 74 65 64 20 74 6f 20 74 68 69 73 20 69 6e 74 65 72 66 61 63 65 3a 00 54 68 69 73 20 63 6f	ected.to.this.interface:.This.co
66080	6d 6d 61 6e 64 20 61 6c 6c 6f 77 73 20 74 6f 20 75 73 65 20 72 6f 75 74 65 20 6d 61 70 20 74 6f	mmand.allows.to.use.route.map.to
660a0	20 66 69 6c 74 65 72 20 72 65 64 69 73 74 72 69 62 75 74 65 64 20 72 6f 75 74 65 73 20 66 72 6f	.filter.redistributed.routes.fro
660c0	6d 20 67 69 76 65 6e 20 72 6f 75 74 65 20 73 6f 75 72 63 65 2e 20 54 68 65 72 65 20 61 72 65 20	m.given.route.source..There.are.
660e0	66 69 76 65 20 6d 6f 64 65 73 20 61 76 61 69 6c 61 62 6c 65 20 66 6f 72 20 72 6f 75 74 65 20 73	five.modes.available.for.route.s
66100	6f 75 72 63 65 3a 20 62 67 70 2c 20 63 6f 6e 6e 65 63 74 65 64 2c 20 6b 65 72 6e 65 6c 2c 20 72	ource:.bgp,.connected,.kernel,.r
66120	69 70 6e 67 2c 20 73 74 61 74 69 63 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 61 6c 6c 6f 77	ipng,.static..This.command.allow
66140	73 20 74 6f 20 75 73 65 20 72 6f 75 74 65 20 6d 61 70 20 74 6f 20 66 69 6c 74 65 72 20 72 65 64	s.to.use.route.map.to.filter.red
66160	69 73 74 72 69 62 75 74 65 64 20 72 6f 75 74 65 73 20 66 72 6f 6d 20 74 68 65 20 67 69 76 65 6e	istributed.routes.from.the.given
66180	20 72 6f 75 74 65 20 73 6f 75 72 63 65 2e 20 54 68 65 72 65 20 61 72 65 20 66 69 76 65 20 6d 6f	.route.source..There.are.five.mo
661a0	64 65 73 20 61 76 61 69 6c 61 62 6c 65 20 66 6f 72 20 72 6f 75 74 65 20 73 6f 75 72 63 65 3a 20	des.available.for.route.source:.
661c0	62 67 70 2c 20 63 6f 6e 6e 65 63 74 65 64 2c 20 6b 65 72 6e 65 6c 2c 20 6f 73 70 66 2c 20 73 74	bgp,.connected,.kernel,.ospf,.st
661e0	61 74 69 63 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 61 6c 6c 6f 77 73 20 74 6f 20 75 73 65	atic..This.command.allows.to.use
66200	20 72 6f 75 74 65 20 6d 61 70 20 74 6f 20 66 69 6c 74 65 72 20 72 65 64 69 73 74 72 69 62 75 74	.route.map.to.filter.redistribut
66220	65 64 20 72 6f 75 74 65 73 20 66 72 6f 6d 20 74 68 65 20 67 69 76 65 6e 20 72 6f 75 74 65 20 73	ed.routes.from.the.given.route.s
66240	6f 75 72 63 65 2e 20 54 68 65 72 65 20 61 72 65 20 66 69 76 65 20 6d 6f 64 65 73 20 61 76 61 69	ource..There.are.five.modes.avai
66260	6c 61 62 6c 65 20 66 6f 72 20 72 6f 75 74 65 20 73 6f 75 72 63 65 3a 20 62 67 70 2c 20 63 6f 6e	lable.for.route.source:.bgp,.con
66280	6e 65 63 74 65 64 2c 20 6b 65 72 6e 65 6c 2c 20 72 69 70 2c 20 73 74 61 74 69 63 2e 00 54 68 69	nected,.kernel,.rip,.static..Thi
662a0	73 20 63 6f 6d 6d 61 6e 64 20 61 6c 6c 6f 77 73 20 74 6f 20 75 73 65 20 72 6f 75 74 65 20 6d 61	s.command.allows.to.use.route.ma
662c0	70 20 74 6f 20 66 69 6c 74 65 72 20 72 65 64 69 73 74 72 69 62 75 74 65 64 20 72 6f 75 74 65 73	p.to.filter.redistributed.routes
662e0	20 66 72 6f 6d 20 74 68 65 20 67 69 76 65 6e 20 72 6f 75 74 65 20 73 6f 75 72 63 65 2e 20 54 68	.from.the.given.route.source..Th
66300	65 72 65 20 61 72 65 20 73 69 78 20 6d 6f 64 65 73 20 61 76 61 69 6c 61 62 6c 65 20 66 6f 72 20	ere.are.six.modes.available.for.
66320	72 6f 75 74 65 20 73 6f 75 72 63 65 3a 20 62 67 70 2c 20 63 6f 6e 6e 65 63 74 65 64 2c 20 6b 65	route.source:.bgp,.connected,.ke
66340	72 6e 65 6c 2c 20 6f 73 70 66 2c 20 72 69 70 2c 20 73 74 61 74 69 63 2e 00 54 68 69 73 20 63 6f	rnel,.ospf,.rip,.static..This.co
66360	6d 6d 61 6e 64 20 61 6c 6c 6f 77 73 20 74 6f 20 75 73 65 20 72 6f 75 74 65 20 6d 61 70 20 74 6f	mmand.allows.to.use.route.map.to
66380	20 66 69 6c 74 65 72 20 72 65 64 69 73 74 72 69 62 75 74 65 64 20 72 6f 75 74 65 73 2e 20 54 68	.filter.redistributed.routes..Th
663a0	65 72 65 20 61 72 65 20 73 69 78 20 6d 6f 64 65 73 20 61 76 61 69 6c 61 62 6c 65 20 66 6f 72 20	ere.are.six.modes.available.for.
663c0	72 6f 75 74 65 20 73 6f 75 72 63 65 3a 20 63 6f 6e 6e 65 63 74 65 64 2c 20 6b 65 72 6e 65 6c 2c	route.source:.connected,.kernel,
663e0	20 6f 73 70 66 2c 20 72 69 70 2c 20 73 74 61 74 69 63 2c 20 74 61 62 6c 65 2e 00 54 68 69 73 20	.ospf,.rip,.static,.table..This.
66400	63 6f 6d 6d 61 6e 64 20 61 6c 6c 6f 77 73 20 79 6f 75 20 61 70 70 6c 79 20 61 63 63 65 73 73 20	command.allows.you.apply.access.
66420	6c 69 73 74 73 20 74 6f 20 61 20 63 68 6f 73 65 6e 20 69 6e 74 65 72 66 61 63 65 20 74 6f 20 66	lists.to.a.chosen.interface.to.f
66440	69 6c 74 65 72 20 74 68 65 20 42 61 62 65 6c 20 72 6f 75 74 65 73 2e 00 54 68 69 73 20 63 6f 6d	ilter.the.Babel.routes..This.com
66460	6d 61 6e 64 20 61 6c 6c 6f 77 73 20 79 6f 75 20 61 70 70 6c 79 20 61 63 63 65 73 73 20 6c 69 73	mand.allows.you.apply.access.lis
66480	74 73 20 74 6f 20 61 20 63 68 6f 73 65 6e 20 69 6e 74 65 72 66 61 63 65 20 74 6f 20 66 69 6c 74	ts.to.a.chosen.interface.to.filt
664a0	65 72 20 74 68 65 20 52 49 50 20 70 61 74 68 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 61 6c	er.the.RIP.path..This.command.al
664c0	6c 6f 77 73 20 79 6f 75 20 61 70 70 6c 79 20 70 72 65 66 69 78 20 6c 69 73 74 73 20 74 6f 20 61	lows.you.apply.prefix.lists.to.a
664e0	20 63 68 6f 73 65 6e 20 69 6e 74 65 72 66 61 63 65 20 74 6f 20 66 69 6c 74 65 72 20 74 68 65 20	.chosen.interface.to.filter.the.
66500	42 61 62 65 6c 20 72 6f 75 74 65 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 61 6c 6c 6f 77	Babel.routes..This.command.allow
66520	73 20 79 6f 75 20 61 70 70 6c 79 20 70 72 65 66 69 78 20 6c 69 73 74 73 20 74 6f 20 61 20 63 68	s.you.apply.prefix.lists.to.a.ch
66540	6f 73 65 6e 20 69 6e 74 65 72 66 61 63 65 20 74 6f 20 66 69 6c 74 65 72 20 74 68 65 20 52 49 50	osen.interface.to.filter.the.RIP
66560	20 70 61 74 68 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 61 6c 6c 6f 77 73 20 79 6f 75 20 74	.path..This.command.allows.you.t
66580	6f 20 73 65 6c 65 63 74 20 61 20 73 70 65 63 69 66 69 63 20 61 63 63 65 73 73 20 63 6f 6e 63 65	o.select.a.specific.access.conce
665a0	6e 74 72 61 74 6f 72 20 77 68 65 6e 20 79 6f 75 20 6b 6e 6f 77 20 74 68 65 20 61 63 63 65 73 73	ntrator.when.you.know.the.access
665c0	20 63 6f 6e 63 65 6e 74 72 61 74 6f 72 73 20 60 3c 6e 61 6d 65 3e 60 2e 00 54 68 69 73 20 63 6f	.concentrators.`<name>`..This.co
665e0	6d 6d 61 6e 64 20 61 70 70 6c 69 65 73 20 72 6f 75 74 65 2d 6d 61 70 20 74 6f 20 73 65 6c 65 63	mmand.applies.route-map.to.selec
66600	74 69 76 65 6c 79 20 75 6e 73 75 70 70 72 65 73 73 20 70 72 65 66 69 78 65 73 20 73 75 70 70 72	tively.unsuppress.prefixes.suppr
66620	65 73 73 65 64 20 62 79 20 73 75 6d 6d 61 72 69 73 61 74 69 6f 6e 2e 00 54 68 69 73 20 63 6f 6d	essed.by.summarisation..This.com
66640	6d 61 6e 64 20 61 70 70 6c 69 65 73 20 74 68 65 20 41 53 20 70 61 74 68 20 61 63 63 65 73 73 20	mand.applies.the.AS.path.access.
66660	6c 69 73 74 20 66 69 6c 74 65 72 73 20 6e 61 6d 65 64 20 69 6e 20 3c 6e 61 6d 65 3e 20 74 6f 20	list.filters.named.in.<name>.to.
66680	74 68 65 20 73 70 65 63 69 66 69 65 64 20 42 47 50 20 6e 65 69 67 68 62 6f 72 20 74 6f 20 72 65	the.specified.BGP.neighbor.to.re
666a0	73 74 72 69 63 74 20 74 68 65 20 72 6f 75 74 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74	strict.the.routing.information.t
666c0	68 61 74 20 42 47 50 20 6c 65 61 72 6e 73 20 61 6e 64 2f 6f 72 20 61 64 76 65 72 74 69 73 65 73	hat.BGP.learns.and/or.advertises
666e0	2e 20 54 68 65 20 61 72 67 75 6d 65 6e 74 73 20 3a 63 66 67 63 6d 64 3a 60 65 78 70 6f 72 74 60	..The.arguments.:cfgcmd:`export`
66700	20 61 6e 64 20 3a 63 66 67 63 6d 64 3a 60 69 6d 70 6f 72 74 60 20 73 70 65 63 69 66 79 20 74 68	.and.:cfgcmd:`import`.specify.th
66720	65 20 64 69 72 65 63 74 69 6f 6e 20 69 6e 20 77 68 69 63 68 20 74 68 65 20 41 53 20 70 61 74 68	e.direction.in.which.the.AS.path
66740	20 61 63 63 65 73 73 20 6c 69 73 74 20 61 72 65 20 61 70 70 6c 69 65 64 2e 00 54 68 69 73 20 63	.access.list.are.applied..This.c
66760	6f 6d 6d 61 6e 64 20 61 70 70 6c 69 65 73 20 74 68 65 20 61 63 63 65 73 73 20 6c 69 73 74 20 66	ommand.applies.the.access.list.f
66780	69 6c 74 65 72 73 20 6e 61 6d 65 64 20 69 6e 20 3c 6e 75 6d 62 65 72 3e 20 74 6f 20 74 68 65 20	ilters.named.in.<number>.to.the.
667a0	73 70 65 63 69 66 69 65 64 20 42 47 50 20 6e 65 69 67 68 62 6f 72 20 74 6f 20 72 65 73 74 72 69	specified.BGP.neighbor.to.restri
667c0	63 74 20 74 68 65 20 72 6f 75 74 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74 68 61 74 20	ct.the.routing.information.that.
667e0	42 47 50 20 6c 65 61 72 6e 73 20 61 6e 64 2f 6f 72 20 61 64 76 65 72 74 69 73 65 73 2e 20 54 68	BGP.learns.and/or.advertises..Th
66800	65 20 61 72 67 75 6d 65 6e 74 73 20 3a 63 66 67 63 6d 64 3a 60 65 78 70 6f 72 74 60 20 61 6e 64	e.arguments.:cfgcmd:`export`.and
66820	20 3a 63 66 67 63 6d 64 3a 60 69 6d 70 6f 72 74 60 20 73 70 65 63 69 66 79 20 74 68 65 20 64 69	.:cfgcmd:`import`.specify.the.di
66840	72 65 63 74 69 6f 6e 20 69 6e 20 77 68 69 63 68 20 74 68 65 20 61 63 63 65 73 73 20 6c 69 73 74	rection.in.which.the.access.list
66860	20 61 72 65 20 61 70 70 6c 69 65 64 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 61 70 70 6c 69	.are.applied..This.command.appli
66880	65 73 20 74 68 65 20 70 72 66 65 66 69 78 20 6c 69 73 74 20 66 69 6c 74 65 72 73 20 6e 61 6d 65	es.the.prfefix.list.filters.name
668a0	64 20 69 6e 20 3c 6e 61 6d 65 3e 20 74 6f 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 42 47 50	d.in.<name>.to.the.specified.BGP
668c0	20 6e 65 69 67 68 62 6f 72 20 74 6f 20 72 65 73 74 72 69 63 74 20 74 68 65 20 72 6f 75 74 69 6e	.neighbor.to.restrict.the.routin
668e0	67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74 68 61 74 20 42 47 50 20 6c 65 61 72 6e 73 20 61 6e	g.information.that.BGP.learns.an
66900	64 2f 6f 72 20 61 64 76 65 72 74 69 73 65 73 2e 20 54 68 65 20 61 72 67 75 6d 65 6e 74 73 20 3a	d/or.advertises..The.arguments.:
66920	63 66 67 63 6d 64 3a 60 65 78 70 6f 72 74 60 20 61 6e 64 20 3a 63 66 67 63 6d 64 3a 60 69 6d 70	cfgcmd:`export`.and.:cfgcmd:`imp
66940	6f 72 74 60 20 73 70 65 63 69 66 79 20 74 68 65 20 64 69 72 65 63 74 69 6f 6e 20 69 6e 20 77 68	ort`.specify.the.direction.in.wh
66960	69 63 68 20 74 68 65 20 70 72 65 66 69 78 20 6c 69 73 74 20 61 72 65 20 61 70 70 6c 69 65 64 2e	ich.the.prefix.list.are.applied.
66980	00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 61 70 70 6c 69 65 73 20 74 68 65 20 72 6f 75 74 65 20	.This.command.applies.the.route.
669a0	6d 61 70 20 6e 61 6d 65 64 20 69 6e 20 3c 6e 61 6d 65 3e 20 74 6f 20 74 68 65 20 73 70 65 63 69	map.named.in.<name>.to.the.speci
669c0	66 69 65 64 20 42 47 50 20 6e 65 69 67 68 62 6f 72 20 74 6f 20 63 6f 6e 74 72 6f 6c 20 61 6e 64	fied.BGP.neighbor.to.control.and
669e0	20 6d 6f 64 69 66 79 20 72 6f 75 74 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74 68 61 74	.modify.routing.information.that
66a00	20 69 73 20 65 78 63 68 61 6e 67 65 64 20 62 65 74 77 65 65 6e 20 70 65 65 72 73 2e 20 54 68 65	.is.exchanged.between.peers..The
66a20	20 61 72 67 75 6d 65 6e 74 73 20 3a 63 66 67 63 6d 64 3a 60 65 78 70 6f 72 74 60 20 61 6e 64 20	.arguments.:cfgcmd:`export`.and.
66a40	3a 63 66 67 63 6d 64 3a 60 69 6d 70 6f 72 74 60 20 73 70 65 63 69 66 79 20 74 68 65 20 64 69 72	:cfgcmd:`import`.specify.the.dir
66a60	65 63 74 69 6f 6e 20 69 6e 20 77 68 69 63 68 20 74 68 65 20 72 6f 75 74 65 20 6d 61 70 20 61 72	ection.in.which.the.route.map.ar
66a80	65 20 61 70 70 6c 69 65 64 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 62 69 6e 64 20 73 70 65	e.applied..This.command.bind.spe
66aa0	63 69 66 69 63 20 70 65 65 72 20 74 6f 20 70 65 65 72 20 67 72 6f 75 70 20 77 69 74 68 20 61 20	cific.peer.to.peer.group.with.a.
66ac0	67 69 76 65 6e 20 6e 61 6d 65 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 63 61 6e 20 62 65 20	given.name..This.command.can.be.
66ae0	75 73 65 64 20 74 6f 20 66 69 6c 74 65 72 20 74 68 65 20 42 61 62 65 6c 20 72 6f 75 74 65 73 20	used.to.filter.the.Babel.routes.
66b00	75 73 69 6e 67 20 61 63 63 65 73 73 20 6c 69 73 74 73 2e 20 3a 63 66 67 63 6d 64 3a 60 69 6e 60	using.access.lists..:cfgcmd:`in`
66b20	20 61 6e 64 20 3a 63 66 67 63 6d 64 3a 60 6f 75 74 60 20 74 68 69 73 20 69 73 20 74 68 65 20 64	.and.:cfgcmd:`out`.this.is.the.d
66b40	69 72 65 63 74 69 6f 6e 20 69 6e 20 77 68 69 63 68 20 74 68 65 20 61 63 63 65 73 73 20 6c 69 73	irection.in.which.the.access.lis
66b60	74 73 20 61 72 65 20 61 70 70 6c 69 65 64 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 63 61 6e	ts.are.applied..This.command.can
66b80	20 62 65 20 75 73 65 64 20 74 6f 20 66 69 6c 74 65 72 20 74 68 65 20 42 61 62 65 6c 20 72 6f 75	.be.used.to.filter.the.Babel.rou
66ba0	74 65 73 20 75 73 69 6e 67 20 70 72 65 66 69 78 20 6c 69 73 74 73 2e 20 3a 63 66 67 63 6d 64 3a	tes.using.prefix.lists..:cfgcmd:
66bc0	60 69 6e 60 20 61 6e 64 20 3a 63 66 67 63 6d 64 3a 60 6f 75 74 60 20 74 68 69 73 20 69 73 20 74	`in`.and.:cfgcmd:`out`.this.is.t
66be0	68 65 20 64 69 72 65 63 74 69 6f 6e 20 69 6e 20 77 68 69 63 68 20 74 68 65 20 70 72 65 66 69 78	he.direction.in.which.the.prefix
66c00	20 6c 69 73 74 73 20 61 72 65 20 61 70 70 6c 69 65 64 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64	.lists.are.applied..This.command
66c20	20 63 61 6e 20 62 65 20 75 73 65 64 20 74 6f 20 66 69 6c 74 65 72 20 74 68 65 20 52 49 50 20 70	.can.be.used.to.filter.the.RIP.p
66c40	61 74 68 20 75 73 69 6e 67 20 61 63 63 65 73 73 20 6c 69 73 74 73 2e 20 3a 63 66 67 63 6d 64 3a	ath.using.access.lists..:cfgcmd:
66c60	60 69 6e 60 20 61 6e 64 20 3a 63 66 67 63 6d 64 3a 60 6f 75 74 60 20 74 68 69 73 20 69 73 20 74	`in`.and.:cfgcmd:`out`.this.is.t
66c80	68 65 20 64 69 72 65 63 74 69 6f 6e 20 69 6e 20 77 68 69 63 68 20 74 68 65 20 61 63 63 65 73 73	he.direction.in.which.the.access
66ca0	20 6c 69 73 74 73 20 61 72 65 20 61 70 70 6c 69 65 64 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64	.lists.are.applied..This.command
66cc0	20 63 61 6e 20 62 65 20 75 73 65 64 20 74 6f 20 66 69 6c 74 65 72 20 74 68 65 20 52 49 50 20 70	.can.be.used.to.filter.the.RIP.p
66ce0	61 74 68 20 75 73 69 6e 67 20 70 72 65 66 69 78 20 6c 69 73 74 73 2e 20 3a 63 66 67 63 6d 64 3a	ath.using.prefix.lists..:cfgcmd:
66d00	60 69 6e 60 20 61 6e 64 20 3a 63 66 67 63 6d 64 3a 60 6f 75 74 60 20 74 68 69 73 20 69 73 20 74	`in`.and.:cfgcmd:`out`.this.is.t
66d20	68 65 20 64 69 72 65 63 74 69 6f 6e 20 69 6e 20 77 68 69 63 68 20 74 68 65 20 70 72 65 66 69 78	he.direction.in.which.the.prefix
66d40	20 6c 69 73 74 73 20 61 72 65 20 61 70 70 6c 69 65 64 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64	.lists.are.applied..This.command
66d60	20 63 61 6e 20 62 65 20 75 73 65 64 20 77 69 74 68 20 70 72 65 76 69 6f 75 73 20 63 6f 6d 6d 61	.can.be.used.with.previous.comma
66d80	6e 64 20 74 6f 20 73 65 74 73 20 64 65 66 61 75 6c 74 20 52 49 50 20 64 69 73 74 61 6e 63 65 20	nd.to.sets.default.RIP.distance.
66da0	74 6f 20 73 70 65 63 69 66 69 65 64 20 76 61 6c 75 65 20 77 68 65 6e 20 74 68 65 20 72 6f 75 74	to.specified.value.when.the.rout
66dc0	65 20 73 6f 75 72 63 65 20 49 50 20 61 64 64 72 65 73 73 20 6d 61 74 63 68 65 73 20 74 68 65 20	e.source.IP.address.matches.the.
66de0	73 70 65 63 69 66 69 65 64 20 70 72 65 66 69 78 20 61 6e 64 20 74 68 65 20 73 70 65 63 69 66 69	specified.prefix.and.the.specifi
66e00	65 64 20 61 63 63 65 73 73 2d 6c 69 73 74 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 63 68 61	ed.access-list..This.command.cha
66e20	6e 67 65 20 64 69 73 74 61 6e 63 65 20 76 61 6c 75 65 20 6f 66 20 42 47 50 2e 20 54 68 65 20 61	nge.distance.value.of.BGP..The.a
66e40	72 67 75 6d 65 6e 74 73 20 61 72 65 20 74 68 65 20 64 69 73 74 61 6e 63 65 20 76 61 6c 75 65 73	rguments.are.the.distance.values
66e60	20 66 6f 72 20 65 78 74 65 72 6e 61 6c 20 72 6f 75 74 65 73 2c 20 69 6e 74 65 72 6e 61 6c 20 72	.for.external.routes,.internal.r
66e80	6f 75 74 65 73 20 61 6e 64 20 6c 6f 63 61 6c 20 72 6f 75 74 65 73 20 72 65 73 70 65 63 74 69 76	outes.and.local.routes.respectiv
66ea0	65 6c 79 2e 20 54 68 65 20 64 69 73 74 61 6e 63 65 20 72 61 6e 67 65 20 69 73 20 31 20 74 6f 20	ely..The.distance.range.is.1.to.
66ec0	32 35 35 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 63 68 61 6e 67 65 20 64 69 73 74 61 6e 63	255..This.command.change.distanc
66ee0	65 20 76 61 6c 75 65 20 6f 66 20 4f 53 50 46 20 67 6c 6f 62 61 6c 6c 79 2e 20 54 68 65 20 64 69	e.value.of.OSPF.globally..The.di
66f00	73 74 61 6e 63 65 20 72 61 6e 67 65 20 69 73 20 31 20 74 6f 20 32 35 35 2e 00 54 68 69 73 20 63	stance.range.is.1.to.255..This.c
66f20	6f 6d 6d 61 6e 64 20 63 68 61 6e 67 65 20 64 69 73 74 61 6e 63 65 20 76 61 6c 75 65 20 6f 66 20	ommand.change.distance.value.of.
66f40	4f 53 50 46 2e 20 54 68 65 20 61 72 67 75 6d 65 6e 74 73 20 61 72 65 20 74 68 65 20 64 69 73 74	OSPF..The.arguments.are.the.dist
66f60	61 6e 63 65 20 76 61 6c 75 65 73 20 66 6f 72 20 65 78 74 65 72 6e 61 6c 20 72 6f 75 74 65 73 2c	ance.values.for.external.routes,
66f80	20 69 6e 74 65 72 2d 61 72 65 61 20 72 6f 75 74 65 73 20 61 6e 64 20 69 6e 74 72 61 2d 61 72 65	.inter-area.routes.and.intra-are
66fa0	61 20 72 6f 75 74 65 73 20 72 65 73 70 65 63 74 69 76 65 6c 79 2e 20 54 68 65 20 64 69 73 74 61	a.routes.respectively..The.dista
66fc0	6e 63 65 20 72 61 6e 67 65 20 69 73 20 31 20 74 6f 20 32 35 35 2e 00 54 68 69 73 20 63 6f 6d 6d	nce.range.is.1.to.255..This.comm
66fe0	61 6e 64 20 63 68 61 6e 67 65 20 64 69 73 74 61 6e 63 65 20 76 61 6c 75 65 20 6f 66 20 4f 53 50	and.change.distance.value.of.OSP
67000	46 76 33 20 67 6c 6f 62 61 6c 6c 79 2e 20 54 68 65 20 64 69 73 74 61 6e 63 65 20 72 61 6e 67 65	Fv3.globally..The.distance.range
67020	20 69 73 20 31 20 74 6f 20 32 35 35 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 63 68 61 6e 67	.is.1.to.255..This.command.chang
67040	65 20 64 69 73 74 61 6e 63 65 20 76 61 6c 75 65 20 6f 66 20 4f 53 50 46 76 33 2e 20 54 68 65 20	e.distance.value.of.OSPFv3..The.
67060	61 72 67 75 6d 65 6e 74 73 20 61 72 65 20 74 68 65 20 64 69 73 74 61 6e 63 65 20 76 61 6c 75 65	arguments.are.the.distance.value
67080	73 20 66 6f 72 20 65 78 74 65 72 6e 61 6c 20 72 6f 75 74 65 73 2c 20 69 6e 74 65 72 2d 61 72 65	s.for.external.routes,.inter-are
670a0	61 20 72 6f 75 74 65 73 20 61 6e 64 20 69 6e 74 72 61 2d 61 72 65 61 20 72 6f 75 74 65 73 20 72	a.routes.and.intra-area.routes.r
670c0	65 73 70 65 63 74 69 76 65 6c 79 2e 20 54 68 65 20 64 69 73 74 61 6e 63 65 20 72 61 6e 67 65 20	espectively..The.distance.range.
670e0	69 73 20 31 20 74 6f 20 32 35 35 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 63 68 61 6e 67 65	is.1.to.255..This.command.change
67100	20 74 68 65 20 64 69 73 74 61 6e 63 65 20 76 61 6c 75 65 20 6f 66 20 52 49 50 2e 20 54 68 65 20	.the.distance.value.of.RIP..The.
67120	64 69 73 74 61 6e 63 65 20 72 61 6e 67 65 20 69 73 20 31 20 74 6f 20 32 35 35 2e 00 54 68 69 73	distance.range.is.1.to.255..This
67140	20 63 6f 6d 6d 61 6e 64 20 63 68 61 6e 67 65 73 20 74 68 65 20 65 42 47 50 20 62 65 68 61 76 69	.command.changes.the.eBGP.behavi
67160	6f 72 20 6f 66 20 46 52 52 2e 20 42 79 20 64 65 66 61 75 6c 74 20 46 52 52 20 65 6e 61 62 6c 65	or.of.FRR..By.default.FRR.enable
67180	73 20 3a 72 66 63 3a 60 38 32 31 32 60 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79 20 77 68 69 63	s.:rfc:`8212`.functionality.whic
671a0	68 20 61 66 66 65 63 74 73 20 68 6f 77 20 65 42 47 50 20 72 6f 75 74 65 73 20 61 72 65 20 61 64	h.affects.how.eBGP.routes.are.ad
671c0	76 65 72 74 69 73 65 64 2c 20 6e 61 6d 65 6c 79 20 6e 6f 20 72 6f 75 74 65 73 20 61 72 65 20 61	vertised,.namely.no.routes.are.a
671e0	64 76 65 72 74 69 73 65 64 20 61 63 72 6f 73 73 20 65 42 47 50 20 73 65 73 73 69 6f 6e 73 20 77	dvertised.across.eBGP.sessions.w
67200	69 74 68 6f 75 74 20 73 6f 6d 65 20 73 6f 72 74 20 6f 66 20 65 67 72 65 73 73 20 72 6f 75 74 65	ithout.some.sort.of.egress.route
67220	2d 6d 61 70 2f 70 6f 6c 69 63 79 20 69 6e 20 70 6c 61 63 65 2e 20 49 6e 20 56 79 4f 53 20 68 6f	-map/policy.in.place..In.VyOS.ho
67240	77 65 76 65 72 20 77 65 20 68 61 76 65 20 74 68 69 73 20 52 46 43 20 66 75 6e 63 74 69 6f 6e 61	wever.we.have.this.RFC.functiona
67260	6c 69 74 79 20 64 69 73 61 62 6c 65 64 20 62 79 20 64 65 66 61 75 6c 74 20 73 6f 20 74 68 61 74	lity.disabled.by.default.so.that
67280	20 77 65 20 63 61 6e 20 70 72 65 73 65 72 76 65 20 62 61 63 6b 77 61 72 64 73 20 63 6f 6d 70 61	.we.can.preserve.backwards.compa
672a0	74 69 62 69 6c 69 74 79 20 77 69 74 68 20 6f 6c 64 65 72 20 76 65 72 73 69 6f 6e 73 20 6f 66 20	tibility.with.older.versions.of.
672c0	56 79 4f 53 2e 20 57 69 74 68 20 74 68 69 73 20 6f 70 74 69 6f 6e 20 6f 6e 65 20 63 61 6e 20 65	VyOS..With.this.option.one.can.e
672e0	6e 61 62 6c 65 20 3a 72 66 63 3a 60 38 32 31 32 60 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79 20	nable.:rfc:`8212`.functionality.
67300	74 6f 20 6f 70 65 72 61 74 65 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 63 6f 6e 66 69 67 75	to.operate..This.command.configu
67320	72 65 73 20 70 61 64 64 69 6e 67 20 6f 6e 20 68 65 6c 6c 6f 20 70 61 63 6b 65 74 73 20 74 6f 20	res.padding.on.hello.packets.to.
67340	61 63 63 6f 6d 6d 6f 64 61 74 65 20 61 73 79 6d 6d 65 74 72 69 63 61 6c 20 6d 61 78 69 6d 75 6d	accommodate.asymmetrical.maximum
67360	20 74 72 61 6e 73 66 65 72 20 75 6e 69 74 73 20 28 4d 54 55 73 29 20 66 72 6f 6d 20 64 69 66 66	.transfer.units.(MTUs).from.diff
67380	65 72 65 6e 74 20 68 6f 73 74 73 20 61 73 20 64 65 73 63 72 69 62 65 64 20 69 6e 20 3a 72 66 63	erent.hosts.as.described.in.:rfc
673a0	3a 60 33 37 31 39 60 2e 20 54 68 69 73 20 68 65 6c 70 73 20 74 6f 20 70 72 65 76 65 6e 74 20 61	:`3719`..This.helps.to.prevent.a
673c0	20 70 72 65 6d 61 74 75 72 65 20 61 64 6a 61 63 65 6e 63 79 20 55 70 20 73 74 61 74 65 20 77 68	.premature.adjacency.Up.state.wh
673e0	65 6e 20 6f 6e 65 20 72 6f 75 74 69 6e 67 20 64 65 76 69 63 65 73 20 4d 54 55 20 64 6f 65 73 20	en.one.routing.devices.MTU.does.
67400	6e 6f 74 20 6d 65 65 74 20 74 68 65 20 72 65 71 75 69 72 65 6d 65 6e 74 73 20 74 6f 20 65 73 74	not.meet.the.requirements.to.est
67420	61 62 6c 69 73 68 20 74 68 65 20 61 64 6a 61 63 65 6e 63 79 2e 00 54 68 69 73 20 63 6f 6d 6d 61	ablish.the.adjacency..This.comma
67440	6e 64 20 63 6f 6e 66 69 67 75 72 65 73 20 74 68 65 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e	nd.configures.the.authentication
67460	20 70 61 73 73 77 6f 72 64 20 66 6f 72 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 2e 00 54 68 69	.password.for.the.interface..Thi
67480	73 20 63 6f 6d 6d 61 6e 64 20 63 6f 6e 66 69 67 75 72 65 73 20 74 68 65 20 6d 61 78 69 6d 75 6d	s.command.configures.the.maximum
674a0	20 73 69 7a 65 20 6f 66 20 67 65 6e 65 72 61 74 65 64 20 3a 61 62 62 72 3a 60 4c 53 50 73 20 28	.size.of.generated.:abbr:`LSPs.(
674c0	4c 69 6e 6b 20 53 74 61 74 65 20 50 44 55 73 29 60 2c 20 69 6e 20 62 79 74 65 73 2e 20 54 68 65	Link.State.PDUs)`,.in.bytes..The
674e0	20 73 69 7a 65 20 72 61 6e 67 65 20 69 73 20 31 32 38 20 74 6f 20 34 33 35 32 2e 00 54 68 69 73	.size.range.is.128.to.4352..This
67500	20 63 6f 6d 6d 61 6e 64 20 63 6f 6e 66 69 67 75 72 65 73 20 74 68 65 20 70 61 73 73 69 76 65 20	.command.configures.the.passive.
67520	6d 6f 64 65 20 66 6f 72 20 74 68 69 73 20 69 6e 74 65 72 66 61 63 65 2e 00 54 68 69 73 20 63 6f	mode.for.this.interface..This.co
67540	6d 6d 61 6e 64 20 63 72 65 61 74 65 73 20 61 20 6e 65 77 20 6e 65 69 67 68 62 6f 72 20 77 68 6f	mmand.creates.a.new.neighbor.who
67560	73 65 20 72 65 6d 6f 74 65 2d 61 73 20 69 73 20 3c 6e 61 73 6e 3e 2e 20 54 68 65 20 6e 65 69 67	se.remote-as.is.<nasn>..The.neig
67580	68 62 6f 72 20 61 64 64 72 65 73 73 20 63 61 6e 20 62 65 20 61 6e 20 49 50 76 34 20 61 64 64 72	hbor.address.can.be.an.IPv4.addr
675a0	65 73 73 20 6f 72 20 61 6e 20 49 50 76 36 20 61 64 64 72 65 73 73 20 6f 72 20 61 6e 20 69 6e 74	ess.or.an.IPv6.address.or.an.int
675c0	65 72 66 61 63 65 20 74 6f 20 75 73 65 20 66 6f 72 20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e	erface.to.use.for.the.connection
675e0	2e 20 54 68 65 20 63 6f 6d 6d 61 6e 64 20 69 73 20 61 70 70 6c 69 63 61 62 6c 65 20 66 6f 72 20	..The.command.is.applicable.for.
67600	70 65 65 72 20 61 6e 64 20 70 65 65 72 20 67 72 6f 75 70 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e	peer.and.peer.group..This.comman
67620	64 20 63 72 65 61 74 65 73 20 61 20 6e 65 77 20 72 6f 75 74 65 2d 6d 61 70 20 70 6f 6c 69 63 79	d.creates.a.new.route-map.policy
67640	2c 20 69 64 65 6e 74 69 66 69 65 64 20 62 79 20 3c 74 65 78 74 3e 2e 00 54 68 69 73 20 63 6f 6d	,.identified.by.<text>..This.com
67660	6d 61 6e 64 20 63 72 65 61 74 65 73 20 61 20 6e 65 77 20 72 75 6c 65 20 69 6e 20 74 68 65 20 49	mand.creates.a.new.rule.in.the.I
67680	50 76 36 20 61 63 63 65 73 73 20 6c 69 73 74 20 61 6e 64 20 64 65 66 69 6e 65 73 20 61 6e 20 61	Pv6.access.list.and.defines.an.a
676a0	63 74 69 6f 6e 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 63 72 65 61 74 65 73 20 61 20 6e 65	ction..This.command.creates.a.ne
676c0	77 20 72 75 6c 65 20 69 6e 20 74 68 65 20 49 50 76 36 20 70 72 65 66 69 78 2d 6c 69 73 74 20 61	w.rule.in.the.IPv6.prefix-list.a
676e0	6e 64 20 64 65 66 69 6e 65 73 20 61 6e 20 61 63 74 69 6f 6e 2e 00 54 68 69 73 20 63 6f 6d 6d 61	nd.defines.an.action..This.comma
67700	6e 64 20 63 72 65 61 74 65 73 20 61 20 6e 65 77 20 72 75 6c 65 20 69 6e 20 74 68 65 20 61 63 63	nd.creates.a.new.rule.in.the.acc
67720	65 73 73 20 6c 69 73 74 20 61 6e 64 20 64 65 66 69 6e 65 73 20 61 6e 20 61 63 74 69 6f 6e 2e 00	ess.list.and.defines.an.action..
67740	54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 63 72 65 61 74 65 73 20 61 20 6e 65 77 20 72 75 6c 65 20	This.command.creates.a.new.rule.
67760	69 6e 20 74 68 65 20 70 72 65 66 69 78 2d 6c 69 73 74 20 61 6e 64 20 64 65 66 69 6e 65 73 20 61	in.the.prefix-list.and.defines.a
67780	6e 20 61 63 74 69 6f 6e 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 63 72 65 61 74 65 73 20 74	n.action..This.command.creates.t
677a0	68 65 20 6e 65 77 20 49 50 76 36 20 61 63 63 65 73 73 20 6c 69 73 74 2c 20 69 64 65 6e 74 69 66	he.new.IPv6.access.list,.identif
677c0	69 65 64 20 62 79 20 3c 74 65 78 74 3e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 63 72 65 61 74	ied.by.<text>.This.command.creat
677e0	65 73 20 74 68 65 20 6e 65 77 20 49 50 76 36 20 70 72 65 66 69 78 2d 6c 69 73 74 20 70 6f 6c 69	es.the.new.IPv6.prefix-list.poli
67800	63 79 2c 20 69 64 65 6e 74 69 66 69 65 64 20 62 79 20 3c 74 65 78 74 3e 2e 00 54 68 69 73 20 63	cy,.identified.by.<text>..This.c
67820	6f 6d 6d 61 6e 64 20 63 72 65 61 74 65 73 20 74 68 65 20 6e 65 77 20 61 63 63 65 73 73 20 6c 69	ommand.creates.the.new.access.li
67840	73 74 20 70 6f 6c 69 63 79 2c 20 77 68 65 72 65 20 3c 61 63 6c 5f 6e 75 6d 62 65 72 3e 20 6d 75	st.policy,.where.<acl_number>.mu
67860	73 74 20 62 65 20 61 20 6e 75 6d 62 65 72 20 66 72 6f 6d 20 31 20 74 6f 20 32 36 39 39 2e 00 54	st.be.a.number.from.1.to.2699..T
67880	68 69 73 20 63 6f 6d 6d 61 6e 64 20 63 72 65 61 74 65 73 20 74 68 65 20 6e 65 77 20 70 72 65 66	his.command.creates.the.new.pref
678a0	69 78 2d 6c 69 73 74 20 70 6f 6c 69 63 79 2c 20 69 64 65 6e 74 69 66 69 65 64 20 62 79 20 3c 74	ix-list.policy,.identified.by.<t
678c0	65 78 74 3e 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 65 66 69 6e 65 73 20 61 20 6e 65 77	ext>..This.command.defines.a.new
678e0	20 70 65 65 72 20 67 72 6f 75 70 2e 20 59 6f 75 20 63 61 6e 20 73 70 65 63 69 66 79 20 74 6f 20	.peer.group..You.can.specify.to.
67900	74 68 65 20 67 72 6f 75 70 20 74 68 65 20 73 61 6d 65 20 70 61 72 61 6d 65 74 65 72 73 20 74 68	the.group.the.same.parameters.th
67920	61 74 20 79 6f 75 20 63 61 6e 20 73 70 65 63 69 66 79 20 66 6f 72 20 73 70 65 63 69 66 69 63 20	at.you.can.specify.for.specific.
67940	6e 65 69 67 68 62 6f 72 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 65 66 69 6e 65 73 20	neighbors..This.command.defines.
67960	6d 61 74 63 68 69 6e 67 20 70 61 72 61 6d 65 74 65 72 73 20 66 6f 72 20 49 50 76 36 20 61 63 63	matching.parameters.for.IPv6.acc
67980	65 73 73 20 6c 69 73 74 20 72 75 6c 65 2e 20 4d 61 74 63 68 69 6e 67 20 63 72 69 74 65 72 69 61	ess.list.rule..Matching.criteria
679a0	20 63 6f 75 6c 64 20 62 65 20 61 70 70 6c 69 65 64 20 74 6f 20 73 6f 75 72 63 65 20 70 61 72 61	.could.be.applied.to.source.para
679c0	6d 65 74 65 72 73 3a 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 65 66 69 6e 65 73 20 6d 61 74	meters:.This.command.defines.mat
679e0	63 68 69 6e 67 20 70 61 72 61 6d 65 74 65 72 73 20 66 6f 72 20 61 63 63 65 73 73 20 6c 69 73 74	ching.parameters.for.access.list
67a00	20 72 75 6c 65 2e 20 4d 61 74 63 68 69 6e 67 20 63 72 69 74 65 72 69 61 20 63 6f 75 6c 64 20 62	.rule..Matching.criteria.could.b
67a20	65 20 61 70 70 6c 69 65 64 20 74 6f 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 6f 72 20 73 6f 75 72	e.applied.to.destination.or.sour
67a40	63 65 20 70 61 72 61 6d 65 74 65 72 73 3a 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 65 66 69	ce.parameters:.This.command.defi
67a60	6e 65 73 20 74 68 65 20 49 53 2d 49 53 20 72 6f 75 74 65 72 20 62 65 68 61 76 69 6f 72 3a 00 54	nes.the.IS-IS.router.behavior:.T
67a80	68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 65 66 69 6e 65 73 20 74 68 65 20 61 63 63 75 6d 75 6c 61	his.command.defines.the.accumula
67aa0	74 65 64 20 70 65 6e 61 6c 74 79 20 61 6d 6f 75 6e 74 20 61 74 20 77 68 69 63 68 20 74 68 65 20	ted.penalty.amount.at.which.the.
67ac0	72 6f 75 74 65 20 69 73 20 72 65 2d 61 64 76 65 72 74 69 73 65 64 2e 20 54 68 65 20 70 65 6e 61	route.is.re-advertised..The.pena
67ae0	6c 74 79 20 72 61 6e 67 65 20 69 73 20 31 20 74 6f 20 32 30 30 30 30 2e 00 54 68 69 73 20 63 6f	lty.range.is.1.to.20000..This.co
67b00	6d 6d 61 6e 64 20 64 65 66 69 6e 65 73 20 74 68 65 20 61 63 63 75 6d 75 6c 61 74 65 64 20 70 65	mmand.defines.the.accumulated.pe
67b20	6e 61 6c 74 79 20 61 6d 6f 75 6e 74 20 61 74 20 77 68 69 63 68 20 74 68 65 20 72 6f 75 74 65 20	nalty.amount.at.which.the.route.
67b40	69 73 20 73 75 70 70 72 65 73 73 65 64 2e 20 54 68 65 20 70 65 6e 61 6c 74 79 20 72 61 6e 67 65	is.suppressed..The.penalty.range
67b60	20 69 73 20 31 20 74 6f 20 32 30 30 30 30 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 65 66	.is.1.to.20000..This.command.def
67b80	69 6e 65 73 20 74 68 65 20 61 6d 6f 75 6e 74 20 6f 66 20 74 69 6d 65 20 69 6e 20 6d 69 6e 75 74	ines.the.amount.of.time.in.minut
67ba0	65 73 20 61 66 74 65 72 20 77 68 69 63 68 20 61 20 70 65 6e 61 6c 74 79 20 69 73 20 72 65 64 75	es.after.which.a.penalty.is.redu
67bc0	63 65 64 20 62 79 20 68 61 6c 66 2e 20 54 68 65 20 74 69 6d 65 72 20 72 61 6e 67 65 20 69 73 20	ced.by.half..The.timer.range.is.
67be0	31 30 20 74 6f 20 34 35 20 6d 69 6e 75 74 65 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64	10.to.45.minutes..This.command.d
67c00	65 66 69 6e 65 73 20 74 68 65 20 6d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 70 61 72	efines.the.maximum.number.of.par
67c20	61 6c 6c 65 6c 20 72 6f 75 74 65 73 20 74 68 61 74 20 74 68 65 20 42 47 50 20 63 61 6e 20 73 75	allel.routes.that.the.BGP.can.su
67c40	70 70 6f 72 74 2e 20 49 6e 20 6f 72 64 65 72 20 66 6f 72 20 42 47 50 20 74 6f 20 75 73 65 20 74	pport..In.order.for.BGP.to.use.t
67c60	68 65 20 73 65 63 6f 6e 64 20 70 61 74 68 2c 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 61 74	he.second.path,.the.following.at
67c80	74 72 69 62 75 74 65 73 20 68 61 76 65 20 74 6f 20 6d 61 74 63 68 3a 20 57 65 69 67 68 74 2c 20	tributes.have.to.match:.Weight,.
67ca0	4c 6f 63 61 6c 20 50 72 65 66 65 72 65 6e 63 65 2c 20 41 53 20 50 61 74 68 20 28 62 6f 74 68 20	Local.Preference,.AS.Path.(both.
67cc0	41 53 20 6e 75 6d 62 65 72 20 61 6e 64 20 41 53 20 70 61 74 68 20 6c 65 6e 67 74 68 29 2c 20 4f	AS.number.and.AS.path.length),.O
67ce0	72 69 67 69 6e 20 63 6f 64 65 2c 20 4d 45 44 2c 20 49 47 50 20 6d 65 74 72 69 63 2e 20 41 6c 73	rigin.code,.MED,.IGP.metric..Als
67d00	6f 2c 20 74 68 65 20 6e 65 78 74 20 68 6f 70 20 61 64 64 72 65 73 73 20 66 6f 72 20 65 61 63 68	o,.the.next.hop.address.for.each
67d20	20 70 61 74 68 20 6d 75 73 74 20 62 65 20 64 69 66 66 65 72 65 6e 74 2e 00 54 68 69 73 20 63 6f	.path.must.be.different..This.co
67d40	6d 6d 61 6e 64 20 64 65 66 69 6e 65 73 20 74 68 65 20 6d 61 78 69 6d 75 6d 20 74 69 6d 65 20 69	mmand.defines.the.maximum.time.i
67d60	6e 20 6d 69 6e 75 74 65 73 20 74 68 61 74 20 61 20 72 6f 75 74 65 20 69 73 20 73 75 70 70 72 65	n.minutes.that.a.route.is.suppre
67d80	73 73 65 64 2e 20 54 68 65 20 74 69 6d 65 72 20 72 61 6e 67 65 20 69 73 20 31 20 74 6f 20 32 35	ssed..The.timer.range.is.1.to.25
67da0	35 20 6d 69 6e 75 74 65 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 61 62 6c 65 20	5.minutes..This.command.disable.
67dc0	74 68 65 20 70 65 65 72 20 6f 72 20 70 65 65 72 20 67 72 6f 75 70 2e 20 54 6f 20 72 65 65 6e 61	the.peer.or.peer.group..To.reena
67de0	62 6c 65 20 74 68 65 20 70 65 65 72 20 75 73 65 20 74 68 65 20 64 65 6c 65 74 65 20 66 6f 72 6d	ble.the.peer.use.the.delete.form
67e00	20 6f 66 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64	.of.this.command..This.command.d
67e20	69 73 61 62 6c 65 73 20 49 47 50 2d 4c 44 50 20 73 79 6e 63 20 66 6f 72 20 74 68 69 73 20 73 70	isables.IGP-LDP.sync.for.this.sp
67e40	65 63 69 66 69 63 20 69 6e 74 65 72 66 61 63 65 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64	ecific.interface..This.command.d
67e60	69 73 61 62 6c 65 73 20 54 68 72 65 65 2d 57 61 79 20 48 61 6e 64 73 68 61 6b 65 20 66 6f 72 20	isables.Three-Way.Handshake.for.
67e80	50 32 50 20 61 64 6a 61 63 65 6e 63 69 65 73 20 77 68 69 63 68 20 64 65 73 63 72 69 62 65 64 20	P2P.adjacencies.which.described.
67ea0	69 6e 20 3a 72 66 63 3a 60 35 33 30 33 60 2e 20 54 68 72 65 65 2d 57 61 79 20 48 61 6e 64 73 68	in.:rfc:`5303`..Three-Way.Handsh
67ec0	61 6b 65 20 69 73 20 65 6e 61 62 6c 65 64 20 62 79 20 64 65 66 61 75 6c 74 2e 00 54 68 69 73 20	ake.is.enabled.by.default..This.
67ee0	63 6f 6d 6d 61 6e 64 20 64 69 73 61 62 6c 65 73 20 63 68 65 63 6b 20 6f 66 20 74 68 65 20 4d 54	command.disables.check.of.the.MT
67f00	55 20 76 61 6c 75 65 20 69 6e 20 74 68 65 20 4f 53 50 46 20 44 42 44 20 70 61 63 6b 65 74 73 2e	U.value.in.the.OSPF.DBD.packets.
67f20	20 54 68 75 73 2c 20 75 73 65 20 6f 66 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 61 6c 6c 6f 77	.Thus,.use.of.this.command.allow
67f40	73 20 74 68 65 20 4f 53 50 46 20 61 64 6a 61 63 65 6e 63 79 20 74 6f 20 72 65 61 63 68 20 74 68	s.the.OSPF.adjacency.to.reach.th
67f60	65 20 46 55 4c 4c 20 73 74 61 74 65 20 65 76 65 6e 20 74 68 6f 75 67 68 20 74 68 65 72 65 20 69	e.FULL.state.even.though.there.i
67f80	73 20 61 6e 20 69 6e 74 65 72 66 61 63 65 20 4d 54 55 20 6d 69 73 6d 61 74 63 68 20 62 65 74 77	s.an.interface.MTU.mismatch.betw
67fa0	65 65 6e 20 74 77 6f 20 4f 53 50 46 20 72 6f 75 74 65 72 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61	een.two.OSPF.routers..This.comma
67fc0	6e 64 20 64 69 73 61 62 6c 65 73 20 69 74 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73	nd.disables.it..This.command.dis
67fe0	61 62 6c 65 73 20 72 6f 75 74 65 20 72 65 66 6c 65 63 74 69 6f 6e 20 62 65 74 77 65 65 6e 20 72	ables.route.reflection.between.r
68000	6f 75 74 65 20 72 65 66 6c 65 63 74 6f 72 20 63 6c 69 65 6e 74 73 2e 20 42 79 20 64 65 66 61 75	oute.reflector.clients..By.defau
68020	6c 74 2c 20 74 68 65 20 63 6c 69 65 6e 74 73 20 6f 66 20 61 20 72 6f 75 74 65 20 72 65 66 6c 65	lt,.the.clients.of.a.route.refle
68040	63 74 6f 72 20 61 72 65 20 6e 6f 74 20 72 65 71 75 69 72 65 64 20 74 6f 20 62 65 20 66 75 6c 6c	ctor.are.not.required.to.be.full
68060	79 20 6d 65 73 68 65 64 20 61 6e 64 20 74 68 65 20 72 6f 75 74 65 73 20 66 72 6f 6d 20 61 20 63	y.meshed.and.the.routes.from.a.c
68080	6c 69 65 6e 74 20 61 72 65 20 72 65 66 6c 65 63 74 65 64 20 74 6f 20 6f 74 68 65 72 20 63 6c 69	lient.are.reflected.to.other.cli
680a0	65 6e 74 73 2e 20 48 6f 77 65 76 65 72 2c 20 69 66 20 74 68 65 20 63 6c 69 65 6e 74 73 20 61 72	ents..However,.if.the.clients.ar
680c0	65 20 66 75 6c 6c 79 20 6d 65 73 68 65 64 2c 20 72 6f 75 74 65 20 72 65 66 6c 65 63 74 69 6f 6e	e.fully.meshed,.route.reflection
680e0	20 69 73 20 6e 6f 74 20 72 65 71 75 69 72 65 64 2e 20 49 6e 20 74 68 69 73 20 63 61 73 65 2c 20	.is.not.required..In.this.case,.
68100	75 73 65 20 74 68 65 20 3a 63 66 67 63 6d 64 3a 60 6e 6f 2d 63 6c 69 65 6e 74 2d 74 6f 2d 63 6c	use.the.:cfgcmd:`no-client-to-cl
68120	69 65 6e 74 2d 72 65 66 6c 65 63 74 69 6f 6e 60 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 64 69 73 61	ient-reflection`.command.to.disa
68140	62 6c 65 20 63 6c 69 65 6e 74 2d 74 6f 2d 63 6c 69 65 6e 74 20 72 65 66 6c 65 63 74 69 6f 6e 2e	ble.client-to-client.reflection.
68160	00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 61 62 6c 65 73 20 73 70 6c 69 74 2d 68 6f 72	.This.command.disables.split-hor
68180	69 7a 6f 6e 20 6f 6e 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 2e 20 42 79 20 64 65 66 61 75 6c	izon.on.the.interface..By.defaul
681a0	74 2c 20 56 79 4f 53 20 64 6f 65 73 20 6e 6f 74 20 61 64 76 65 72 74 69 73 65 20 52 49 50 20 72	t,.VyOS.does.not.advertise.RIP.r
681c0	6f 75 74 65 73 20 6f 75 74 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 6f 76 65 72 20 77 68 69	outes.out.the.interface.over.whi
681e0	63 68 20 74 68 65 79 20 77 65 72 65 20 6c 65 61 72 6e 65 64 20 28 73 70 6c 69 74 20 68 6f 72 69	ch.they.were.learned.(split.hori
68200	7a 6f 6e 29 2e 33 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 42 47 50	zon).3.This.command.displays.BGP
68220	20 64 61 6d 70 65 6e 65 64 20 72 6f 75 74 65 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64	.dampened.routes..This.command.d
68240	69 73 70 6c 61 79 73 20 42 47 50 20 72 65 63 65 69 76 65 64 2d 72 6f 75 74 65 73 20 74 68 61 74	isplays.BGP.received-routes.that
68260	20 61 72 65 20 61 63 63 65 70 74 65 64 20 61 66 74 65 72 20 66 69 6c 74 65 72 69 6e 67 2e 00 54	.are.accepted.after.filtering..T
68280	68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 42 47 50 20 72 6f 75 74 65 73 20	his.command.displays.BGP.routes.
682a0	61 64 76 65 72 74 69 73 65 64 20 74 6f 20 61 20 6e 65 69 67 68 62 6f 72 2e 00 54 68 69 73 20 63	advertised.to.a.neighbor..This.c
682c0	6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 42 47 50 20 72 6f 75 74 65 73 20 61 6c 6c 6f 77	ommand.displays.BGP.routes.allow
682e0	65 64 20 62 79 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 41 53 20 50 61 74 68 20 61 63 63 65	ed.by.the.specified.AS.Path.acce
68300	73 73 20 6c 69 73 74 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 42	ss.list..This.command.displays.B
68320	47 50 20 72 6f 75 74 65 73 20 6f 72 69 67 69 6e 61 74 69 6e 67 20 66 72 6f 6d 20 74 68 65 20 73	GP.routes.originating.from.the.s
68340	70 65 63 69 66 69 65 64 20 42 47 50 20 6e 65 69 67 68 62 6f 72 20 62 65 66 6f 72 65 20 69 6e 62	pecified.BGP.neighbor.before.inb
68360	6f 75 6e 64 20 70 6f 6c 69 63 79 20 69 73 20 61 70 70 6c 69 65 64 2e 20 54 6f 20 75 73 65 20 74	ound.policy.is.applied..To.use.t
68380	68 69 73 20 63 6f 6d 6d 61 6e 64 20 69 6e 62 6f 75 6e 64 20 73 6f 66 74 20 72 65 63 6f 6e 66 69	his.command.inbound.soft.reconfi
683a0	67 75 72 61 74 69 6f 6e 20 6d 75 73 74 20 62 65 20 65 6e 61 62 6c 65 64 2e 00 54 68 69 73 20 63	guration.must.be.enabled..This.c
683c0	6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 4c 53 41 73 20 69 6e 20 4d 61 78 41 67 65 20 6c	ommand.displays.LSAs.in.MaxAge.l
683e0	69 73 74 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 52 49 50 20 72	ist..This.command.displays.RIP.r
68400	6f 75 74 65 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 61 20 64	outes..This.command.displays.a.d
68420	61 74 61 62 61 73 65 20 63 6f 6e 74 65 6e 74 73 20 66 6f 72 20 61 20 73 70 65 63 69 66 69 63 20	atabase.contents.for.a.specific.
68440	6c 69 6e 6b 20 61 64 76 65 72 74 69 73 65 6d 65 6e 74 20 74 79 70 65 2e 00 54 68 69 73 20 63 6f	link.advertisement.type..This.co
68460	6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 61 20 73 75 6d 6d 61 72 79 20 74 61 62 6c 65 20 77	mmand.displays.a.summary.table.w
68480	69 74 68 20 61 20 64 61 74 61 62 61 73 65 20 63 6f 6e 74 65 6e 74 73 20 28 4c 53 41 29 2e 00 54	ith.a.database.contents.(LSA)..T
684a0	68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 61 20 74 61 62 6c 65 20 6f 66 20	his.command.displays.a.table.of.
684c0	70 61 74 68 73 20 74 6f 20 61 72 65 61 20 62 6f 75 6e 64 61 72 79 20 61 6e 64 20 61 75 74 6f 6e	paths.to.area.boundary.and.auton
684e0	6f 6d 6f 75 73 20 73 79 73 74 65 6d 20 62 6f 75 6e 64 61 72 79 20 72 6f 75 74 65 72 73 2e 00 54	omous.system.boundary.routers..T
68500	68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 61 6c 6c 20 65 6e 74 72 69 65 73	his.command.displays.all.entries
68520	20 69 6e 20 42 47 50 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 2e 00 54 68 69 73 20 63 6f 6d 6d	.in.BGP.routing.table..This.comm
68540	61 6e 64 20 64 69 73 70 6c 61 79 73 20 64 61 6d 70 65 6e 65 64 20 72 6f 75 74 65 73 20 72 65 63	and.displays.dampened.routes.rec
68560	65 69 76 65 64 20 66 72 6f 6d 20 42 47 50 20 6e 65 69 67 68 62 6f 72 2e 00 54 68 69 73 20 63 6f	eived.from.BGP.neighbor..This.co
68580	6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 65 78 74 65 72 6e 61 6c 20 69 6e 66 6f 72 6d 61 74	mmand.displays.external.informat
685a0	69 6f 6e 20 72 65 64 69 73 74 72 69 62 75 74 65 64 20 69 6e 74 6f 20 4f 53 50 46 76 33 00 54 68	ion.redistributed.into.OSPFv3.Th
685c0	69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20	is.command.displays.information.
685e0	61 62 6f 75 74 20 42 47 50 20 72 6f 75 74 65 73 20 77 68 6f 73 65 20 41 53 20 70 61 74 68 20 6d	about.BGP.routes.whose.AS.path.m
68600	61 74 63 68 65 73 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 72 65 67 75 6c 61 72 20 65 78 70	atches.the.specified.regular.exp
68620	72 65 73 73 69 6f 6e 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 69	ression..This.command.displays.i
68640	6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 66 6c 61 70 70 69 6e 67 20 42 47 50 20 72 6f	nformation.about.flapping.BGP.ro
68660	75 74 65 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 69 6e 66 6f	utes..This.command.displays.info
68680	72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 65 20 70 61 72 74 69 63 75 6c 61 72 20 65 6e 74	rmation.about.the.particular.ent
686a0	72 79 20 69 6e 20 74 68 65 20 42 47 50 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 2e 00 54 68 69	ry.in.the.BGP.routing.table..Thi
686c0	73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 72 6f 75 74 65 73 20 74 68 61 74 20 61	s.command.displays.routes.that.a
686e0	72 65 20 70 65 72 6d 69 74 74 65 64 20 62 79 20 74 68 65 20 42 47 50 20 63 6f 6d 6d 75 6e 69 74	re.permitted.by.the.BGP.communit
68700	79 20 6c 69 73 74 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 72 6f	y.list..This.command.displays.ro
68720	75 74 65 73 20 74 68 61 74 20 62 65 6c 6f 6e 67 20 74 6f 20 73 70 65 63 69 66 69 65 64 20 42 47	utes.that.belong.to.specified.BG
68740	50 20 63 6f 6d 6d 75 6e 69 74 69 65 73 2e 20 56 61 6c 69 64 20 76 61 6c 75 65 20 69 73 20 61 20	P.communities..Valid.value.is.a.
68760	63 6f 6d 6d 75 6e 69 74 79 20 6e 75 6d 62 65 72 20 69 6e 20 74 68 65 20 72 61 6e 67 65 20 66 72	community.number.in.the.range.fr
68780	6f 6d 20 31 20 74 6f 20 34 32 39 34 39 36 37 32 30 30 2c 20 6f 72 20 41 41 3a 4e 4e 20 28 61 75	om.1.to.4294967200,.or.AA:NN.(au
687a0	74 6f 6e 6f 6d 6f 75 73 20 73 79 73 74 65 6d 2d 63 6f 6d 6d 75 6e 69 74 79 20 6e 75 6d 62 65 72	tonomous.system-community.number
687c0	2f 32 2d 62 79 74 65 20 6e 75 6d 62 65 72 29 2c 20 6e 6f 2d 65 78 70 6f 72 74 2c 20 6c 6f 63 61	/2-byte.number),.no-export,.loca
687e0	6c 2d 61 73 2c 20 6f 72 20 6e 6f 2d 61 64 76 65 72 74 69 73 65 2e 00 54 68 69 73 20 63 6f 6d 6d	l-as,.or.no-advertise..This.comm
68800	61 6e 64 20 64 69 73 70 6c 61 79 73 20 72 6f 75 74 65 73 20 77 69 74 68 20 63 6c 61 73 73 6c 65	and.displays.routes.with.classle
68820	73 73 20 69 6e 74 65 72 64 6f 6d 61 69 6e 20 72 6f 75 74 69 6e 67 20 28 43 49 44 52 29 2e 00 54	ss.interdomain.routing.(CIDR)..T
68840	68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 73 74 61 74 65 20 61 6e 64 20 63	his.command.displays.state.and.c
68860	6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 66 20 4f 53 50 46 20 74 68 65 20 73 70 65 63 69 66 69	onfiguration.of.OSPF.the.specifi
68880	65 64 20 69 6e 74 65 72 66 61 63 65 2c 20 6f 72 20 61 6c 6c 20 69 6e 74 65 72 66 61 63 65 73 20	ed.interface,.or.all.interfaces.
688a0	69 66 20 6e 6f 20 69 6e 74 65 72 66 61 63 65 20 69 73 20 67 69 76 65 6e 2e 00 54 68 69 73 20 63	if.no.interface.is.given..This.c
688c0	6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 73 74 61 74 65 20 61 6e 64 20 63 6f 6e 66 69 67	ommand.displays.state.and.config
688e0	75 72 61 74 69 6f 6e 20 6f 66 20 4f 53 50 46 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 69 6e	uration.of.OSPF.the.specified.in
68900	74 65 72 66 61 63 65 2c 20 6f 72 20 61 6c 6c 20 69 6e 74 65 72 66 61 63 65 73 20 69 66 20 6e 6f	terface,.or.all.interfaces.if.no
68920	20 69 6e 74 65 72 66 61 63 65 20 69 73 20 67 69 76 65 6e 2e 20 57 68 69 74 68 20 74 68 65 20 61	.interface.is.given..Whith.the.a
68940	72 67 75 6d 65 6e 74 20 3a 63 66 67 63 6d 64 3a 60 70 72 65 66 69 78 60 20 74 68 69 73 20 63 6f	rgument.:cfgcmd:`prefix`.this.co
68960	6d 6d 61 6e 64 20 73 68 6f 77 73 20 63 6f 6e 6e 65 63 74 65 64 20 70 72 65 66 69 78 65 73 20 74	mmand.shows.connected.prefixes.t
68980	6f 20 61 64 76 65 72 74 69 73 65 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61	o.advertise..This.command.displa
689a0	79 73 20 74 68 65 20 4f 53 50 46 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 2c 20 61 73 20 64 65	ys.the.OSPF.routing.table,.as.de
689c0	74 65 72 6d 69 6e 65 64 20 62 79 20 74 68 65 20 6d 6f 73 74 20 72 65 63 65 6e 74 20 53 50 46 20	termined.by.the.most.recent.SPF.
689e0	63 61 6c 63 75 6c 61 74 69 6f 6e 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61	calculation..This.command.displa
68a00	79 73 20 74 68 65 20 4f 53 50 46 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 2c 20 61 73 20 64 65	ys.the.OSPF.routing.table,.as.de
68a20	74 65 72 6d 69 6e 65 64 20 62 79 20 74 68 65 20 6d 6f 73 74 20 72 65 63 65 6e 74 20 53 50 46 20	termined.by.the.most.recent.SPF.
68a40	63 61 6c 63 75 6c 61 74 69 6f 6e 2e 20 57 69 74 68 20 74 68 65 20 6f 70 74 69 6f 6e 61 6c 20 3a	calculation..With.the.optional.:
68a60	63 66 67 63 6d 64 3a 60 64 65 74 61 69 6c 60 20 61 72 67 75 6d 65 6e 74 2c 20 65 61 63 68 20 72	cfgcmd:`detail`.argument,.each.r
68a80	6f 75 74 65 20 69 74 65 6d 27 73 20 61 64 76 65 72 74 69 73 65 72 20 72 6f 75 74 65 72 20 61 6e	oute.item's.advertiser.router.an
68aa0	64 20 6e 65 74 77 6f 72 6b 20 61 74 74 72 69 62 75 74 65 20 77 69 6c 6c 20 62 65 20 73 68 6f 77	d.network.attribute.will.be.show
68ac0	6e 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 74 68 65 20 6e 65 69	n..This.command.displays.the.nei
68ae0	67 68 62 6f 72 20 44 52 20 63 68 6f 69 63 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 00 54 68 69	ghbor.DR.choice.information..Thi
68b00	73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 74 68 65 20 6e 65 69 67 68 62 6f 72 73	s.command.displays.the.neighbors
68b20	20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 69 6e 20 61 20 64 65 74 61 69 6c 65 64 20 66 6f 72 6d 20	.information.in.a.detailed.form.
68b40	66 6f 72 20 61 20 6e 65 69 67 68 62 6f 72 20 77 68 6f 73 65 20 49 50 20 61 64 64 72 65 73 73 20	for.a.neighbor.whose.IP.address.
68b60	69 73 20 73 70 65 63 69 66 69 65 64 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c	is.specified..This.command.displ
68b80	61 79 73 20 74 68 65 20 6e 65 69 67 68 62 6f 72 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 69 6e	ays.the.neighbors.information.in
68ba0	20 61 20 64 65 74 61 69 6c 65 64 20 66 6f 72 6d 2c 20 6e 6f 74 20 6a 75 73 74 20 61 20 73 75 6d	.a.detailed.form,.not.just.a.sum
68bc0	6d 61 72 79 20 74 61 62 6c 65 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79	mary.table..This.command.display
68be0	73 20 74 68 65 20 6e 65 69 67 68 62 6f 72 73 20 73 74 61 74 75 73 20 66 6f 72 20 61 20 6e 65 69	s.the.neighbors.status.for.a.nei
68c00	67 68 62 6f 72 20 6f 6e 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 69 6e 74 65 72 66 61 63 65	ghbor.on.the.specified.interface
68c20	2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 74 68 65 20 6e 65 69 67	..This.command.displays.the.neig
68c40	68 62 6f 72 73 20 73 74 61 74 75 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c	hbors.status..This.command.displ
68c60	61 79 73 20 74 68 65 20 73 74 61 74 75 73 20 6f 66 20 61 6c 6c 20 42 47 50 20 63 6f 6e 6e 65 63	ays.the.status.of.all.BGP.connec
68c80	74 69 6f 6e 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 65 6e 61 62 6c 65 20 6c 6f 67 67 69	tions..This.command.enable.loggi
68ca0	6e 67 20 6e 65 69 67 68 62 6f 72 20 75 70 2f 64 6f 77 6e 20 63 68 61 6e 67 65 73 20 61 6e 64 20	ng.neighbor.up/down.changes.and.
68cc0	72 65 73 65 74 20 72 65 61 73 6f 6e 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 65 6e 61 62 6c	reset.reason..This.command.enabl
68ce0	65 2f 64 69 73 61 62 6c 65 73 20 73 75 6d 6d 61 72 69 73 61 74 69 6f 6e 20 66 6f 72 20 74 68 65	e/disables.summarisation.for.the
68d00	20 63 6f 6e 66 69 67 75 72 65 64 20 61 64 64 72 65 73 73 20 72 61 6e 67 65 2e 00 54 68 69 73 20	.configured.address.range..This.
68d20	63 6f 6d 6d 61 6e 64 20 65 6e 61 62 6c 65 73 20 3a 61 62 62 72 3a 60 42 46 44 20 28 42 69 64 69	command.enables.:abbr:`BFD.(Bidi
68d40	72 65 63 74 69 6f 6e 61 6c 20 46 6f 72 77 61 72 64 69 6e 67 20 44 65 74 65 63 74 69 6f 6e 29 60	rectional.Forwarding.Detection)`
68d60	20 6f 6e 20 74 68 69 73 20 4f 53 50 46 20 6c 69 6e 6b 20 69 6e 74 65 72 66 61 63 65 2e 00 54 68	.on.this.OSPF.link.interface..Th
68d80	69 73 20 63 6f 6d 6d 61 6e 64 20 65 6e 61 62 6c 65 73 20 3a 72 66 63 3a 60 36 32 33 32 60 20 70	is.command.enables.:rfc:`6232`.p
68da0	75 72 67 65 20 6f 72 69 67 69 6e 61 74 6f 72 20 69 64 65 6e 74 69 66 69 63 61 74 69 6f 6e 2e 20	urge.originator.identification..
68dc0	45 6e 61 62 6c 65 20 70 75 72 67 65 20 6f 72 69 67 69 6e 61 74 6f 72 20 69 64 65 6e 74 69 66 69	Enable.purge.originator.identifi
68de0	63 61 74 69 6f 6e 20 28 50 4f 49 29 20 62 79 20 61 64 64 69 6e 67 20 74 68 65 20 74 79 70 65 2c	cation.(POI).by.adding.the.type,
68e00	20 6c 65 6e 67 74 68 20 61 6e 64 20 76 61 6c 75 65 20 28 54 4c 56 29 20 77 69 74 68 20 74 68 65	.length.and.value.(TLV).with.the
68e20	20 49 6e 74 65 72 6d 65 64 69 61 74 65 20 53 79 73 74 65 6d 20 28 49 53 29 20 69 64 65 6e 74 69	.Intermediate.System.(IS).identi
68e40	66 69 63 61 74 69 6f 6e 20 74 6f 20 74 68 65 20 4c 53 50 73 20 74 68 61 74 20 64 6f 20 6e 6f 74	fication.to.the.LSPs.that.do.not
68e60	20 63 6f 6e 74 61 69 6e 20 50 4f 49 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 20 49 66 20 61 6e 20	.contain.POI.information..If.an.
68e80	49 53 20 67 65 6e 65 72 61 74 65 73 20 61 20 70 75 72 67 65 2c 20 56 79 4f 53 20 61 64 64 73 20	IS.generates.a.purge,.VyOS.adds.
68ea0	74 68 69 73 20 54 4c 56 20 77 69 74 68 20 74 68 65 20 73 79 73 74 65 6d 20 49 44 20 6f 66 20 74	this.TLV.with.the.system.ID.of.t
68ec0	68 65 20 49 53 20 74 6f 20 74 68 65 20 70 75 72 67 65 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64	he.IS.to.the.purge..This.command
68ee0	20 65 6e 61 62 6c 65 73 20 49 53 2d 49 53 20 6f 6e 20 74 68 69 73 20 69 6e 74 65 72 66 61 63 65	.enables.IS-IS.on.this.interface
68f00	2c 20 61 6e 64 20 61 6c 6c 6f 77 73 20 66 6f 72 20 61 64 6a 61 63 65 6e 63 79 20 74 6f 20 6f 63	,.and.allows.for.adjacency.to.oc
68f20	63 75 72 2e 20 4e 6f 74 65 20 74 68 61 74 20 74 68 65 20 6e 61 6d 65 20 6f 66 20 49 53 2d 49 53	cur..Note.that.the.name.of.IS-IS
68f40	20 69 6e 73 74 61 6e 63 65 20 6d 75 73 74 20 62 65 20 74 68 65 20 73 61 6d 65 20 61 73 20 74 68	.instance.must.be.the.same.as.th
68f60	65 20 6f 6e 65 20 75 73 65 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 74 68 65 20 49 53 2d 49	e.one.used.to.configure.the.IS-I
68f80	53 20 70 72 6f 63 65 73 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 65 6e 61 62 6c 65 73 20	S.process..This.command.enables.
68fa0	52 49 50 20 61 6e 64 20 73 65 74 73 20 74 68 65 20 52 49 50 20 65 6e 61 62 6c 65 20 69 6e 74 65	RIP.and.sets.the.RIP.enable.inte
68fc0	72 66 61 63 65 20 62 79 20 4e 45 54 57 4f 52 4b 2e 20 54 68 65 20 69 6e 74 65 72 66 61 63 65 73	rface.by.NETWORK..The.interfaces
68fe0	20 77 68 69 63 68 20 68 61 76 65 20 61 64 64 72 65 73 73 65 73 20 6d 61 74 63 68 69 6e 67 20 77	.which.have.addresses.matching.w
69000	69 74 68 20 4e 45 54 57 4f 52 4b 20 61 72 65 20 65 6e 61 62 6c 65 64 2e 00 54 68 69 73 20 63 6f	ith.NETWORK.are.enabled..This.co
69020	6d 6d 61 6e 64 20 65 6e 61 62 6c 65 73 20 70 6f 69 73 6f 6e 2d 72 65 76 65 72 73 65 20 6f 6e 20	mmand.enables.poison-reverse.on.
69040	74 68 65 20 69 6e 74 65 72 66 61 63 65 2e 20 49 66 20 62 6f 74 68 20 70 6f 69 73 6f 6e 20 72 65	the.interface..If.both.poison.re
69060	76 65 72 73 65 20 61 6e 64 20 73 70 6c 69 74 20 68 6f 72 69 7a 6f 6e 20 61 72 65 20 65 6e 61 62	verse.and.split.horizon.are.enab
69080	6c 65 64 2c 20 74 68 65 6e 20 56 79 4f 53 20 61 64 76 65 72 74 69 73 65 73 20 74 68 65 20 6c 65	led,.then.VyOS.advertises.the.le
690a0	61 72 6e 65 64 20 72 6f 75 74 65 73 20 61 73 20 75 6e 72 65 61 63 68 61 62 6c 65 20 6f 76 65 72	arned.routes.as.unreachable.over
690c0	20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 6f 6e 20 77 68 69 63 68 20 74 68 65 20 72 6f 75 74	.the.interface.on.which.the.rout
690e0	65 20 77 61 73 20 6c 65 61 72 6e 65 64 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 65 6e 61 62	e.was.learned..This.command.enab
69100	6c 65 73 20 72 6f 75 74 69 6e 67 20 75 73 69 6e 67 20 72 61 64 69 6f 20 66 72 65 71 75 65 6e 63	les.routing.using.radio.frequenc
69120	79 20 64 69 76 65 72 73 69 74 79 2e 20 54 68 69 73 20 69 73 20 68 69 67 68 6c 79 20 72 65 63 6f	y.diversity..This.is.highly.reco
69140	6d 6d 65 6e 64 65 64 20 69 6e 20 6e 65 74 77 6f 72 6b 73 20 77 69 74 68 20 6d 61 6e 79 20 77 69	mmended.in.networks.with.many.wi
69160	72 65 6c 65 73 73 20 6e 6f 64 65 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 65 6e 61 62 6c	reless.nodes..This.command.enabl
69180	65 73 20 73 65 6e 64 69 6e 67 20 74 69 6d 65 73 74 61 6d 70 73 20 77 69 74 68 20 65 61 63 68 20	es.sending.timestamps.with.each.
691a0	48 65 6c 6c 6f 20 61 6e 64 20 49 48 55 20 6d 65 73 73 61 67 65 20 69 6e 20 6f 72 64 65 72 20 74	Hello.and.IHU.message.in.order.t
691c0	6f 20 63 6f 6d 70 75 74 65 20 52 54 54 20 76 61 6c 75 65 73 2e 20 49 74 20 69 73 20 72 65 63 6f	o.compute.RTT.values..It.is.reco
691e0	6d 6d 65 6e 64 65 64 20 74 6f 20 65 6e 61 62 6c 65 20 74 69 6d 65 73 74 61 6d 70 73 20 6f 6e 20	mmended.to.enable.timestamps.on.
69200	74 75 6e 6e 65 6c 20 69 6e 74 65 72 66 61 63 65 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20	tunnel.interfaces..This.command.
69220	65 6e 61 62 6c 65 73 20 73 75 70 70 6f 72 74 20 66 6f 72 20 64 79 6e 61 6d 69 63 20 68 6f 73 74	enables.support.for.dynamic.host
69240	6e 61 6d 65 20 54 4c 56 2e 20 44 79 6e 61 6d 69 63 20 68 6f 73 74 6e 61 6d 65 20 6d 61 70 70 69	name.TLV..Dynamic.hostname.mappi
69260	6e 67 20 64 65 74 65 72 6d 69 6e 65 64 20 61 73 20 64 65 73 63 72 69 62 65 64 20 69 6e 20 3a 72	ng.determined.as.described.in.:r
69280	66 63 3a 60 32 37 36 33 60 2c 20 44 79 6e 61 6d 69 63 20 48 6f 73 74 6e 61 6d 65 20 45 78 63 68	fc:`2763`,.Dynamic.Hostname.Exch
692a0	61 6e 67 65 20 4d 65 63 68 61 6e 69 73 6d 20 66 6f 72 20 49 53 2d 49 53 2e 00 54 68 69 73 20 63	ange.Mechanism.for.IS-IS..This.c
692c0	6f 6d 6d 61 6e 64 20 65 6e 61 62 6c 65 73 20 74 68 65 20 4f 52 46 20 63 61 70 61 62 69 6c 69 74	ommand.enables.the.ORF.capabilit
692e0	79 20 28 64 65 73 63 72 69 62 65 64 20 69 6e 20 3a 72 66 63 3a 60 35 32 39 31 60 29 20 6f 6e 20	y.(described.in.:rfc:`5291`).on.
69300	74 68 65 20 6c 6f 63 61 6c 20 72 6f 75 74 65 72 2c 20 61 6e 64 20 65 6e 61 62 6c 65 73 20 4f 52	the.local.router,.and.enables.OR
69320	46 20 63 61 70 61 62 69 6c 69 74 79 20 61 64 76 65 72 74 69 73 65 6d 65 6e 74 20 74 6f 20 74 68	F.capability.advertisement.to.th
69340	65 20 73 70 65 63 69 66 69 65 64 20 42 47 50 20 70 65 65 72 2e 20 54 68 65 20 3a 63 66 67 63 6d	e.specified.BGP.peer..The.:cfgcm
69360	64 3a 60 72 65 63 65 69 76 65 60 20 6b 65 79 77 6f 72 64 20 63 6f 6e 66 69 67 75 72 65 73 20 61	d:`receive`.keyword.configures.a
69380	20 72 6f 75 74 65 72 20 74 6f 20 61 64 76 65 72 74 69 73 65 20 4f 52 46 20 72 65 63 65 69 76 65	.router.to.advertise.ORF.receive
693a0	20 63 61 70 61 62 69 6c 69 74 69 65 73 2e 20 54 68 65 20 3a 63 66 67 63 6d 64 3a 60 73 65 6e 64	.capabilities..The.:cfgcmd:`send
693c0	60 20 6b 65 79 77 6f 72 64 20 63 6f 6e 66 69 67 75 72 65 73 20 61 20 72 6f 75 74 65 72 20 74 6f	`.keyword.configures.a.router.to
693e0	20 61 64 76 65 72 74 69 73 65 20 4f 52 46 20 73 65 6e 64 20 63 61 70 61 62 69 6c 69 74 69 65 73	.advertise.ORF.send.capabilities
69400	2e 20 54 6f 20 61 64 76 65 72 74 69 73 65 20 61 20 66 69 6c 74 65 72 20 66 72 6f 6d 20 61 20 73	..To.advertise.a.filter.from.a.s
69420	65 6e 64 65 72 2c 20 79 6f 75 20 6d 75 73 74 20 63 72 65 61 74 65 20 61 6e 20 49 50 20 70 72 65	ender,.you.must.create.an.IP.pre
69440	66 69 78 20 6c 69 73 74 20 66 6f 72 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 42 47 50 20 70	fix.list.for.the.specified.BGP.p
69460	65 65 72 20 61 70 70 6c 69 65 64 20 69 6e 20 69 6e 62 6f 75 6e 64 20 64 65 72 65 63 74 69 6f 6e	eer.applied.in.inbound.derection
69480	2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 65 6e 66 6f 72 63 65 73 20 47 65 6e 65 72 61 6c 69	..This.command.enforces.Generali
694a0	7a 65 64 20 54 54 4c 20 53 65 63 75 72 69 74 79 20 4d 65 63 68 61 6e 69 73 6d 20 28 47 54 53 4d	zed.TTL.Security.Mechanism.(GTSM
694c0	29 2c 20 61 73 20 73 70 65 63 69 66 69 65 64 20 69 6e 20 3a 72 66 63 3a 60 35 30 38 32 60 2e 20	),.as.specified.in.:rfc:`5082`..
694e0	57 69 74 68 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 2c 20 6f 6e 6c 79 20 6e 65 69 67 68 62 6f 72	With.this.command,.only.neighbor
69500	73 20 74 68 61 74 20 61 72 65 20 73 70 65 63 69 66 69 65 64 20 6e 75 6d 62 65 72 20 6f 66 20 68	s.that.are.specified.number.of.h
69520	6f 70 73 20 61 77 61 79 20 77 69 6c 6c 20 62 65 20 61 6c 6c 6f 77 65 64 20 74 6f 20 62 65 63 6f	ops.away.will.be.allowed.to.beco
69540	6d 65 20 6e 65 69 67 68 62 6f 72 73 2e 20 54 68 65 20 6e 75 6d 62 65 72 20 6f 66 20 68 6f 70 73	me.neighbors..The.number.of.hops
69560	20 72 61 6e 67 65 20 69 73 20 31 20 74 6f 20 32 35 34 2e 20 54 68 69 73 20 63 6f 6d 6d 61 6e 64	.range.is.1.to.254..This.command
69580	20 69 73 20 6d 75 74 75 61 6c 6c 79 20 65 78 63 6c 75 73 69 76 65 20 77 69 74 68 20 3a 63 66 67	.is.mutually.exclusive.with.:cfg
695a0	63 6d 64 3a 60 65 62 67 70 2d 6d 75 6c 74 69 68 6f 70 60 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e	cmd:`ebgp-multihop`..This.comman
695c0	64 20 66 6f 72 63 65 73 20 73 74 72 69 63 74 6c 79 20 63 6f 6d 70 61 72 65 20 72 65 6d 6f 74 65	d.forces.strictly.compare.remote
695e0	20 63 61 70 61 62 69 6c 69 74 69 65 73 20 61 6e 64 20 6c 6f 63 61 6c 20 63 61 70 61 62 69 6c 69	.capabilities.and.local.capabili
69600	74 69 65 73 2e 20 49 66 20 63 61 70 61 62 69 6c 69 74 69 65 73 20 61 72 65 20 64 69 66 66 65 72	ties..If.capabilities.are.differ
69620	65 6e 74 2c 20 73 65 6e 64 20 55 6e 73 75 70 70 6f 72 74 65 64 20 43 61 70 61 62 69 6c 69 74 79	ent,.send.Unsupported.Capability
69640	20 65 72 72 6f 72 20 74 68 65 6e 20 72 65 73 65 74 20 63 6f 6e 6e 65 63 74 69 6f 6e 2e 00 54 68	.error.then.reset.connection..Th
69660	69 73 20 63 6f 6d 6d 61 6e 64 20 66 6f 72 63 65 73 20 74 68 65 20 42 47 50 20 73 70 65 61 6b 65	is.command.forces.the.BGP.speake
69680	72 20 74 6f 20 72 65 70 6f 72 74 20 69 74 73 65 6c 66 20 61 73 20 74 68 65 20 6e 65 78 74 20 68	r.to.report.itself.as.the.next.h
696a0	6f 70 20 66 6f 72 20 61 6e 20 61 64 76 65 72 74 69 73 65 64 20 72 6f 75 74 65 20 69 74 20 61 64	op.for.an.advertised.route.it.ad
696c0	76 65 72 74 69 73 65 64 20 74 6f 20 61 20 6e 65 69 67 68 62 6f 72 2e 00 54 68 69 73 20 63 6f 6d	vertised.to.a.neighbor..This.com
696e0	6d 61 6e 64 20 67 65 6e 65 72 61 74 65 20 61 20 64 65 66 61 75 6c 74 20 72 6f 75 74 65 20 69 6e	mand.generate.a.default.route.in
69700	74 6f 20 74 68 65 20 52 49 50 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 67 69 76 65 73 20 61	to.the.RIP..This.command.gives.a
69720	20 62 72 69 65 66 20 73 74 61 74 75 73 20 6f 76 65 72 76 69 65 77 20 6f 66 20 61 20 73 70 65 63	.brief.status.overview.of.a.spec
69740	69 66 69 65 64 20 77 69 72 65 6c 65 73 73 20 69 6e 74 65 72 66 61 63 65 2e 20 54 68 65 20 77 69	ified.wireless.interface..The.wi
69760	72 65 6c 65 73 73 20 69 6e 74 65 72 66 61 63 65 20 69 64 65 6e 74 69 66 69 65 72 20 63 61 6e 20	reless.interface.identifier.can.
69780	72 61 6e 67 65 20 66 72 6f 6d 20 77 6c 61 6e 30 20 74 6f 20 77 6c 61 6e 39 39 39 2e 00 54 68 69	range.from.wlan0.to.wlan999..Thi
697a0	73 20 63 6f 6d 6d 61 6e 64 20 67 6f 65 73 20 68 61 6e 64 20 69 6e 20 68 61 6e 64 20 77 69 74 68	s.command.goes.hand.in.hand.with
697c0	20 74 68 65 20 6c 69 73 74 65 6e 20 72 61 6e 67 65 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 6c 69 6d	.the.listen.range.command.to.lim
697e0	69 74 20 74 68 65 20 61 6d 6f 75 6e 74 20 6f 66 20 42 47 50 20 6e 65 69 67 68 62 6f 72 73 20 74	it.the.amount.of.BGP.neighbors.t
69800	68 61 74 20 61 72 65 20 61 6c 6c 6f 77 65 64 20 74 6f 20 63 6f 6e 6e 65 63 74 20 74 6f 20 74 68	hat.are.allowed.to.connect.to.th
69820	65 20 6c 6f 63 61 6c 20 72 6f 75 74 65 72 2e 20 54 68 65 20 6c 69 6d 69 74 20 72 61 6e 67 65 20	e.local.router..The.limit.range.
69840	69 73 20 31 20 74 6f 20 35 30 30 30 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 67 6f 74 20 61	is.1.to.5000..This.command.got.a
69860	64 64 65 64 20 69 6e 20 56 79 4f 53 20 31 2e 34 20 61 6e 64 20 69 6e 76 65 72 74 73 20 74 68 65	dded.in.VyOS.1.4.and.inverts.the
69880	20 6c 6f 67 69 63 20 66 72 6f 6d 20 74 68 65 20 6f 6c 64 20 60 60 64 65 66 61 75 6c 74 2d 72 6f	.logic.from.the.old.``default-ro
698a0	75 74 65 60 60 20 43 4c 49 20 6f 70 74 69 6f 6e 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 69	ute``.CLI.option..This.command.i
698c0	6e 73 74 65 61 64 20 6f 66 20 73 75 6d 6d 61 72 69 7a 69 6e 67 20 69 6e 74 72 61 20 61 72 65 61	nstead.of.summarizing.intra.area
698e0	20 70 61 74 68 73 20 66 69 6c 74 65 72 20 74 68 65 6d 20 2d 20 69 2e 65 2e 20 69 6e 74 72 61 20	.paths.filter.them.-.i.e..intra.
69900	61 72 65 61 20 70 61 74 68 73 20 66 72 6f 6d 20 74 68 69 73 20 72 61 6e 67 65 20 61 72 65 20 6e	area.paths.from.this.range.are.n
69920	6f 74 20 61 64 76 65 72 74 69 73 65 64 20 69 6e 74 6f 20 6f 74 68 65 72 20 61 72 65 61 73 2e 20	ot.advertised.into.other.areas..
69940	54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 6d 61 6b 65 73 20 73 65 6e 73 65 20 69 6e 20 41 42 52 20	This.command.makes.sense.in.ABR.
69960	6f 6e 6c 79 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 69 73 20 61 6c 73 6f 20 75 73 65 64 20	only..This.command.is.also.used.
69980	74 6f 20 65 6e 61 62 6c 65 20 74 68 65 20 4f 53 50 46 20 70 72 6f 63 65 73 73 2e 20 54 68 65 20	to.enable.the.OSPF.process..The.
699a0	61 72 65 61 20 6e 75 6d 62 65 72 20 63 61 6e 20 62 65 20 73 70 65 63 69 66 69 65 64 20 69 6e 20	area.number.can.be.specified.in.
699c0	64 65 63 69 6d 61 6c 20 6e 6f 74 61 74 69 6f 6e 20 69 6e 20 74 68 65 20 72 61 6e 67 65 20 66 72	decimal.notation.in.the.range.fr
699e0	6f 6d 20 30 20 74 6f 20 34 32 39 34 39 36 37 32 39 35 2e 20 4f 72 20 69 74 20 63 61 6e 20 62 65	om.0.to.4294967295..Or.it.can.be
69a00	20 73 70 65 63 69 66 69 65 64 20 69 6e 20 64 6f 74 74 65 64 20 64 65 63 69 6d 61 6c 20 6e 6f 74	.specified.in.dotted.decimal.not
69a20	61 74 69 6f 6e 20 73 69 6d 69 6c 61 72 20 74 6f 20 69 70 20 61 64 64 72 65 73 73 2e 00 54 68 69	ation.similar.to.ip.address..Thi
69a40	73 20 63 6f 6d 6d 61 6e 64 20 69 73 20 6f 6e 6c 79 20 61 6c 6c 6f 77 65 64 20 66 6f 72 20 65 42	s.command.is.only.allowed.for.eB
69a60	47 50 20 70 65 65 72 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 69 73 20 6f 6e 6c 79 20 61	GP.peers..This.command.is.only.a
69a80	6c 6c 6f 77 65 64 20 66 6f 72 20 65 42 47 50 20 70 65 65 72 73 2e 20 49 74 20 69 73 20 6e 6f 74	llowed.for.eBGP.peers..It.is.not
69aa0	20 61 70 70 6c 69 63 61 62 6c 65 20 66 6f 72 20 70 65 65 72 20 67 72 6f 75 70 73 2e 00 54 68 69	.applicable.for.peer.groups..Thi
69ac0	73 20 63 6f 6d 6d 61 6e 64 20 69 73 20 73 70 65 63 69 66 69 63 20 74 6f 20 46 52 52 20 61 6e 64	s.command.is.specific.to.FRR.and
69ae0	20 56 79 4f 53 2e 20 54 68 65 20 72 6f 75 74 65 20 63 6f 6d 6d 61 6e 64 20 6d 61 6b 65 73 20 61	.VyOS..The.route.command.makes.a
69b00	20 73 74 61 74 69 63 20 72 6f 75 74 65 20 6f 6e 6c 79 20 69 6e 73 69 64 65 20 52 49 50 2e 20 54	.static.route.only.inside.RIP..T
69b20	68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 68 6f 75 6c 64 20 62 65 20 75 73 65 64 20 6f 6e 6c 79 20	his.command.should.be.used.only.
69b40	62 79 20 61 64 76 61 6e 63 65 64 20 75 73 65 72 73 20 77 68 6f 20 61 72 65 20 70 61 72 74 69 63	by.advanced.users.who.are.partic
69b60	75 6c 61 72 6c 79 20 6b 6e 6f 77 6c 65 64 67 65 61 62 6c 65 20 61 62 6f 75 74 20 74 68 65 20 52	ularly.knowledgeable.about.the.R
69b80	49 50 20 70 72 6f 74 6f 63 6f 6c 2e 20 49 6e 20 6d 6f 73 74 20 63 61 73 65 73 2c 20 77 65 20 72	IP.protocol..In.most.cases,.we.r
69ba0	65 63 6f 6d 6d 65 6e 64 20 63 72 65 61 74 69 6e 67 20 61 20 73 74 61 74 69 63 20 72 6f 75 74 65	ecommend.creating.a.static.route
69bc0	20 69 6e 20 56 79 4f 53 20 61 6e 64 20 72 65 64 69 73 74 72 69 62 75 74 69 6e 67 20 69 74 20 69	.in.VyOS.and.redistributing.it.i
69be0	6e 20 52 49 50 20 75 73 69 6e 67 20 3a 63 66 67 63 6d 64 3a 60 72 65 64 69 73 74 72 69 62 75 74	n.RIP.using.:cfgcmd:`redistribut
69c00	65 20 73 74 61 74 69 63 60 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 69 73 20 75 73 65 64 20	e.static`..This.command.is.used.
69c20	66 6f 72 20 61 64 76 65 72 74 69 73 69 6e 67 20 49 50 76 34 20 6f 72 20 49 50 76 36 20 6e 65 74	for.advertising.IPv4.or.IPv6.net
69c40	77 6f 72 6b 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 69 73 20 75 73 65 64 20 74 6f 20 72	works..This.command.is.used.to.r
69c60	65 74 72 69 65 76 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 57 41 50 20 77 69	etrieve.information.about.WAP.wi
69c80	74 68 69 6e 20 74 68 65 20 72 61 6e 67 65 20 6f 66 20 79 6f 75 72 20 77 69 72 65 6c 65 73 73 20	thin.the.range.of.your.wireless.
69ca0	69 6e 74 65 72 66 61 63 65 2e 20 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 69 73 20 75 73 65 66 75	interface..This.command.is.usefu
69cc0	6c 20 6f 6e 20 77 69 72 65 6c 65 73 73 20 69 6e 74 65 72 66 61 63 65 73 20 63 6f 6e 66 69 67 75	l.on.wireless.interfaces.configu
69ce0	72 65 64 20 69 6e 20 73 74 61 74 69 6f 6e 20 6d 6f 64 65 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e	red.in.station.mode..This.comman
69d00	64 20 69 73 20 75 73 65 66 75 6c 20 69 66 20 6f 6e 65 20 64 65 73 69 72 65 73 20 74 6f 20 6c 6f	d.is.useful.if.one.desires.to.lo
69d20	6f 73 65 6e 20 74 68 65 20 72 65 71 75 69 72 65 6d 65 6e 74 20 66 6f 72 20 42 47 50 20 74 6f 20	osen.the.requirement.for.BGP.to.
69d40	68 61 76 65 20 73 74 72 69 63 74 6c 79 20 64 65 66 69 6e 65 64 20 6e 65 69 67 68 62 6f 72 73 2e	have.strictly.defined.neighbors.
69d60	20 53 70 65 63 69 66 69 63 61 6c 6c 79 20 77 68 61 74 20 69 73 20 61 6c 6c 6f 77 65 64 20 69 73	.Specifically.what.is.allowed.is
69d80	20 66 6f 72 20 74 68 65 20 6c 6f 63 61 6c 20 72 6f 75 74 65 72 20 74 6f 20 6c 69 73 74 65 6e 20	.for.the.local.router.to.listen.
69da0	74 6f 20 61 20 72 61 6e 67 65 20 6f 66 20 49 50 76 34 20 6f 72 20 49 50 76 36 20 61 64 64 72 65	to.a.range.of.IPv4.or.IPv6.addre
69dc0	73 73 65 73 20 64 65 66 69 6e 65 64 20 62 79 20 61 20 70 72 65 66 69 78 20 61 6e 64 20 74 6f 20	sses.defined.by.a.prefix.and.to.
69de0	61 63 63 65 70 74 20 42 47 50 20 6f 70 65 6e 20 6d 65 73 73 61 67 65 73 2e 20 57 68 65 6e 20 61	accept.BGP.open.messages..When.a
69e00	20 54 43 50 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 28 61 6e 64 20 73 75 62 73 65 71 75 65 6e 74 6c	.TCP.connection.(and.subsequentl
69e20	79 20 61 20 42 47 50 20 6f 70 65 6e 20 6d 65 73 73 61 67 65 29 20 66 72 6f 6d 20 77 69 74 68 69	y.a.BGP.open.message).from.withi
69e40	6e 20 74 68 69 73 20 72 61 6e 67 65 20 74 72 69 65 73 20 74 6f 20 63 6f 6e 6e 65 63 74 20 74 68	n.this.range.tries.to.connect.th
69e60	65 20 6c 6f 63 61 6c 20 72 6f 75 74 65 72 20 74 68 65 6e 20 74 68 65 20 6c 6f 63 61 6c 20 72 6f	e.local.router.then.the.local.ro
69e80	75 74 65 72 20 77 69 6c 6c 20 72 65 73 70 6f 6e 64 20 61 6e 64 20 63 6f 6e 6e 65 63 74 20 77 69	uter.will.respond.and.connect.wi
69ea0	74 68 20 74 68 65 20 70 61 72 61 6d 65 74 65 72 73 20 74 68 61 74 20 61 72 65 20 64 65 66 69 6e	th.the.parameters.that.are.defin
69ec0	65 64 20 77 69 74 68 69 6e 20 74 68 65 20 70 65 65 72 20 67 72 6f 75 70 2e 20 4f 6e 65 20 6d 75	ed.within.the.peer.group..One.mu
69ee0	73 74 20 64 65 66 69 6e 65 20 61 20 70 65 65 72 2d 67 72 6f 75 70 20 66 6f 72 20 65 61 63 68 20	st.define.a.peer-group.for.each.
69f00	72 61 6e 67 65 20 74 68 61 74 20 69 73 20 6c 69 73 74 65 64 2e 20 49 66 20 6e 6f 20 70 65 65 72	range.that.is.listed..If.no.peer
69f20	2d 67 72 6f 75 70 20 69 73 20 64 65 66 69 6e 65 64 20 74 68 65 6e 20 61 6e 20 65 72 72 6f 72 20	-group.is.defined.then.an.error.
69f40	77 69 6c 6c 20 6b 65 65 70 20 79 6f 75 20 66 72 6f 6d 20 63 6f 6d 6d 69 74 74 69 6e 67 20 74 68	will.keep.you.from.committing.th
69f60	65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 6d 6f	e.configuration..This.command.mo
69f80	64 69 66 69 65 73 20 74 68 65 20 64 65 66 61 75 6c 74 20 6d 65 74 72 69 63 20 28 68 6f 70 20 63	difies.the.default.metric.(hop.c
69fa0	6f 75 6e 74 29 20 76 61 6c 75 65 20 66 6f 72 20 72 65 64 69 73 74 72 69 62 75 74 65 64 20 72 6f	ount).value.for.redistributed.ro
69fc0	75 74 65 73 2e 20 54 68 65 20 6d 65 74 72 69 63 20 72 61 6e 67 65 20 69 73 20 31 20 74 6f 20 31	utes..The.metric.range.is.1.to.1
69fe0	36 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 76 61 6c 75 65 20 69 73 20 31 2e 20 54 68 69 73 20	6..The.default.value.is.1..This.
6a000	63 6f 6d 6d 61 6e 64 20 64 6f 65 73 20 6e 6f 74 20 61 66 66 65 63 74 20 63 6f 6e 6e 65 63 74 65	command.does.not.affect.connecte
6a020	64 20 72 6f 75 74 65 20 65 76 65 6e 20 69 66 20 69 74 20 69 73 20 72 65 64 69 73 74 72 69 62 75	d.route.even.if.it.is.redistribu
6a040	74 65 64 20 62 79 20 3a 63 66 67 63 6d 64 3a 60 72 65 64 69 73 74 72 69 62 75 74 65 20 63 6f 6e	ted.by.:cfgcmd:`redistribute.con
6a060	6e 65 63 74 65 64 60 2e 20 54 6f 20 6d 6f 64 69 66 79 20 63 6f 6e 6e 65 63 74 65 64 20 72 6f 75	nected`..To.modify.connected.rou
6a080	74 65 73 20 6d 65 74 72 69 63 20 76 61 6c 75 65 2c 20 70 6c 65 61 73 65 20 75 73 65 20 3a 63 66	tes.metric.value,.please.use.:cf
6a0a0	67 63 6d 64 3a 60 72 65 64 69 73 74 72 69 62 75 74 65 20 63 6f 6e 6e 65 63 74 65 64 20 6d 65 74	gcmd:`redistribute.connected.met
6a0c0	72 69 63 60 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 6f 76 65 72 72 69 64 65 20 41 53 20 6e	ric`..This.command.override.AS.n
6a0e0	75 6d 62 65 72 20 6f 66 20 74 68 65 20 6f 72 69 67 69 6e 61 74 69 6e 67 20 72 6f 75 74 65 72 20	umber.of.the.originating.router.
6a100	77 69 74 68 20 74 68 65 20 6c 6f 63 61 6c 20 41 53 20 6e 75 6d 62 65 72 2e 00 54 68 69 73 20 63	with.the.local.AS.number..This.c
6a120	6f 6d 6d 61 6e 64 20 70 72 65 76 65 6e 74 73 20 66 72 6f 6d 20 73 65 6e 64 69 6e 67 20 62 61 63	ommand.prevents.from.sending.bac
6a140	6b 20 70 72 65 66 69 78 65 73 20 6c 65 61 72 6e 65 64 20 66 72 6f 6d 20 74 68 65 20 6e 65 69 67	k.prefixes.learned.from.the.neig
6a160	68 62 6f 72 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 70 72 6f 76 69 64 65 73 20 74 6f 20 63	hbor..This.command.provides.to.c
6a180	6f 6d 70 61 72 65 20 64 69 66 66 65 72 65 6e 74 20 4d 45 44 20 76 61 6c 75 65 73 20 74 68 61 74	ompare.different.MED.values.that
6a1a0	20 61 64 76 65 72 74 69 73 65 64 20 62 79 20 6e 65 69 67 68 62 6f 75 72 73 20 69 6e 20 74 68 65	.advertised.by.neighbours.in.the
6a1c0	20 73 61 6d 65 20 41 53 20 66 6f 72 20 72 6f 75 74 65 73 20 73 65 6c 65 63 74 69 6f 6e 2e 20 57	.same.AS.for.routes.selection..W
6a1e0	68 65 6e 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 69 73 20 65 6e 61 62 6c 65 64 2c 20 72 6f 75	hen.this.command.is.enabled,.rou
6a200	74 65 73 20 66 72 6f 6d 20 74 68 65 20 73 61 6d 65 20 61 75 74 6f 6e 6f 6d 6f 75 73 20 73 79 73	tes.from.the.same.autonomous.sys
6a220	74 65 6d 20 61 72 65 20 67 72 6f 75 70 65 64 20 74 6f 67 65 74 68 65 72 2c 20 61 6e 64 20 74 68	tem.are.grouped.together,.and.th
6a240	65 20 62 65 73 74 20 65 6e 74 72 69 65 73 20 6f 66 20 65 61 63 68 20 67 72 6f 75 70 20 61 72 65	e.best.entries.of.each.group.are
6a260	20 63 6f 6d 70 61 72 65 64 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 70 72 6f 76 69 64 65 73	.compared..This.command.provides
6a280	20 74 6f 20 63 6f 6d 70 61 72 65 20 74 68 65 20 4d 45 44 20 6f 6e 20 72 6f 75 74 65 73 2c 20 65	.to.compare.the.MED.on.routes,.e
6a2a0	76 65 6e 20 77 68 65 6e 20 74 68 65 79 20 77 65 72 65 20 72 65 63 65 69 76 65 64 20 66 72 6f 6d	ven.when.they.were.received.from
6a2c0	20 64 69 66 66 65 72 65 6e 74 20 6e 65 69 67 68 62 6f 75 72 69 6e 67 20 41 53 65 73 2e 20 53 65	.different.neighbouring.ASes..Se
6a2e0	74 74 69 6e 67 20 74 68 69 73 20 6f 70 74 69 6f 6e 20 6d 61 6b 65 73 20 74 68 65 20 6f 72 64 65	tting.this.option.makes.the.orde
6a300	72 20 6f 66 20 70 72 65 66 65 72 65 6e 63 65 20 6f 66 20 72 6f 75 74 65 73 20 6d 6f 72 65 20 64	r.of.preference.of.routes.more.d
6a320	65 66 69 6e 65 64 2c 20 61 6e 64 20 73 68 6f 75 6c 64 20 65 6c 69 6d 69 6e 61 74 65 20 4d 45 44	efined,.and.should.eliminate.MED
6a340	20 69 6e 64 75 63 65 64 20 6f 73 63 69 6c 6c 61 74 69 6f 6e 73 2e 00 54 68 69 73 20 63 6f 6d 6d	.induced.oscillations..This.comm
6a360	61 6e 64 20 72 65 64 69 73 74 72 69 62 75 74 65 73 20 72 6f 75 74 69 6e 67 20 69 6e 66 6f 72 6d	and.redistributes.routing.inform
6a380	61 74 69 6f 6e 20 66 72 6f 6d 20 74 68 65 20 67 69 76 65 6e 20 72 6f 75 74 65 20 73 6f 75 72 63	ation.from.the.given.route.sourc
6a3a0	65 20 69 6e 74 6f 20 74 68 65 20 49 53 49 53 20 64 61 74 61 62 61 73 65 20 61 73 20 4c 65 76 65	e.into.the.ISIS.database.as.Leve
6a3c0	6c 2d 31 2e 20 54 68 65 72 65 20 61 72 65 20 73 69 78 20 6d 6f 64 65 73 20 61 76 61 69 6c 61 62	l-1..There.are.six.modes.availab
6a3e0	6c 65 20 66 6f 72 20 72 6f 75 74 65 20 73 6f 75 72 63 65 3a 20 62 67 70 2c 20 63 6f 6e 6e 65 63	le.for.route.source:.bgp,.connec
6a400	74 65 64 2c 20 6b 65 72 6e 65 6c 2c 20 6f 73 70 66 2c 20 72 69 70 2c 20 73 74 61 74 69 63 2e 00	ted,.kernel,.ospf,.rip,.static..
6a420	54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 72 65 64 69 73 74 72 69 62 75 74 65 73 20 72 6f 75 74 69	This.command.redistributes.routi
6a440	6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 66 72 6f 6d 20 74 68 65 20 67 69 76 65 6e 20 72 6f	ng.information.from.the.given.ro
6a460	75 74 65 20 73 6f 75 72 63 65 20 69 6e 74 6f 20 74 68 65 20 49 53 49 53 20 64 61 74 61 62 61 73	ute.source.into.the.ISIS.databas
6a480	65 20 61 73 20 4c 65 76 65 6c 2d 32 2e 20 54 68 65 72 65 20 61 72 65 20 73 69 78 20 6d 6f 64 65	e.as.Level-2..There.are.six.mode
6a4a0	73 20 61 76 61 69 6c 61 62 6c 65 20 66 6f 72 20 72 6f 75 74 65 20 73 6f 75 72 63 65 3a 20 62 67	s.available.for.route.source:.bg
6a4c0	70 2c 20 63 6f 6e 6e 65 63 74 65 64 2c 20 6b 65 72 6e 65 6c 2c 20 6f 73 70 66 2c 20 72 69 70 2c	p,.connected,.kernel,.ospf,.rip,
6a4e0	20 73 74 61 74 69 63 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 72 65 64 69 73 74 72 69 62 75	.static..This.command.redistribu
6a500	74 65 73 20 72 6f 75 74 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 66 72 6f 6d 20 74 68 65	tes.routing.information.from.the
6a520	20 67 69 76 65 6e 20 72 6f 75 74 65 20 73 6f 75 72 63 65 20 69 6e 74 6f 20 74 68 65 20 52 49 50	.given.route.source.into.the.RIP
6a540	20 74 61 62 6c 65 73 2e 20 54 68 65 72 65 20 61 72 65 20 66 69 76 65 20 6d 6f 64 65 73 20 61 76	.tables..There.are.five.modes.av
6a560	61 69 6c 61 62 6c 65 20 66 6f 72 20 72 6f 75 74 65 20 73 6f 75 72 63 65 3a 20 62 67 70 2c 20 63	ailable.for.route.source:.bgp,.c
6a580	6f 6e 6e 65 63 74 65 64 2c 20 6b 65 72 6e 65 6c 2c 20 6f 73 70 66 2c 20 73 74 61 74 69 63 2e 00	onnected,.kernel,.ospf,.static..
6a5a0	54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 72 65 64 69 73 74 72 69 62 75 74 65 73 20 72 6f 75 74 69	This.command.redistributes.routi
6a5c0	6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 66 72 6f 6d 20 74 68 65 20 67 69 76 65 6e 20 72 6f	ng.information.from.the.given.ro
6a5e0	75 74 65 20 73 6f 75 72 63 65 20 74 6f 20 74 68 65 20 42 47 50 20 70 72 6f 63 65 73 73 2e 20 54	ute.source.to.the.BGP.process..T
6a600	68 65 72 65 20 61 72 65 20 73 69 78 20 6d 6f 64 65 73 20 61 76 61 69 6c 61 62 6c 65 20 66 6f 72	here.are.six.modes.available.for
6a620	20 72 6f 75 74 65 20 73 6f 75 72 63 65 3a 20 63 6f 6e 6e 65 63 74 65 64 2c 20 6b 65 72 6e 65 6c	.route.source:.connected,.kernel
6a640	2c 20 6f 73 70 66 2c 20 72 69 70 2c 20 73 74 61 74 69 63 2c 20 74 61 62 6c 65 2e 00 54 68 69 73	,.ospf,.rip,.static,.table..This
6a660	20 63 6f 6d 6d 61 6e 64 20 72 65 64 69 73 74 72 69 62 75 74 65 73 20 72 6f 75 74 69 6e 67 20 69	.command.redistributes.routing.i
6a680	6e 66 6f 72 6d 61 74 69 6f 6e 20 66 72 6f 6d 20 74 68 65 20 67 69 76 65 6e 20 72 6f 75 74 65 20	nformation.from.the.given.route.
6a6a0	73 6f 75 72 63 65 20 74 6f 20 74 68 65 20 42 61 62 65 6c 20 70 72 6f 63 65 73 73 2e 00 54 68 69	source.to.the.Babel.process..Thi
6a6c0	73 20 63 6f 6d 6d 61 6e 64 20 72 65 64 69 73 74 72 69 62 75 74 65 73 20 72 6f 75 74 69 6e 67 20	s.command.redistributes.routing.
6a6e0	69 6e 66 6f 72 6d 61 74 69 6f 6e 20 66 72 6f 6d 20 74 68 65 20 67 69 76 65 6e 20 72 6f 75 74 65	information.from.the.given.route
6a700	20 73 6f 75 72 63 65 20 74 6f 20 74 68 65 20 4f 53 50 46 20 70 72 6f 63 65 73 73 2e 20 54 68 65	.source.to.the.OSPF.process..The
6a720	72 65 20 61 72 65 20 66 69 76 65 20 6d 6f 64 65 73 20 61 76 61 69 6c 61 62 6c 65 20 66 6f 72 20	re.are.five.modes.available.for.
6a740	72 6f 75 74 65 20 73 6f 75 72 63 65 3a 20 62 67 70 2c 20 63 6f 6e 6e 65 63 74 65 64 2c 20 6b 65	route.source:.bgp,.connected,.ke
6a760	72 6e 65 6c 2c 20 72 69 70 2c 20 73 74 61 74 69 63 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20	rnel,.rip,.static..This.command.
6a780	72 65 64 69 73 74 72 69 62 75 74 65 73 20 72 6f 75 74 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f	redistributes.routing.informatio
6a7a0	6e 20 66 72 6f 6d 20 74 68 65 20 67 69 76 65 6e 20 72 6f 75 74 65 20 73 6f 75 72 63 65 20 74 6f	n.from.the.given.route.source.to
6a7c0	20 74 68 65 20 4f 53 50 46 76 33 20 70 72 6f 63 65 73 73 2e 20 54 68 65 72 65 20 61 72 65 20 66	.the.OSPFv3.process..There.are.f
6a7e0	69 76 65 20 6d 6f 64 65 73 20 61 76 61 69 6c 61 62 6c 65 20 66 6f 72 20 72 6f 75 74 65 20 73 6f	ive.modes.available.for.route.so
6a800	75 72 63 65 3a 20 62 67 70 2c 20 63 6f 6e 6e 65 63 74 65 64 2c 20 6b 65 72 6e 65 6c 2c 20 72 69	urce:.bgp,.connected,.kernel,.ri
6a820	70 6e 67 2c 20 73 74 61 74 69 63 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 72 65 6d 6f 76 65	png,.static..This.command.remove
6a840	73 20 74 68 65 20 70 72 69 76 61 74 65 20 41 53 4e 20 6f 66 20 72 6f 75 74 65 73 20 74 68 61 74	s.the.private.ASN.of.routes.that
6a860	20 61 72 65 20 61 64 76 65 72 74 69 73 65 64 20 74 6f 20 74 68 65 20 63 6f 6e 66 69 67 75 72 65	.are.advertised.to.the.configure
6a880	64 20 70 65 65 72 2e 20 49 74 20 72 65 6d 6f 76 65 73 20 6f 6e 6c 79 20 70 72 69 76 61 74 65 20	d.peer..It.removes.only.private.
6a8a0	41 53 4e 73 20 6f 6e 20 72 6f 75 74 65 73 20 61 64 76 65 72 74 69 73 65 64 20 74 6f 20 45 42 47	ASNs.on.routes.advertised.to.EBG
6a8c0	50 20 70 65 65 72 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 72 65 73 65 74 73 20 42 47 50	P.peers..This.command.resets.BGP
6a8e0	20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 74 6f 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 6e 65	.connections.to.the.specified.ne
6a900	69 67 68 62 6f 72 20 49 50 20 61 64 64 72 65 73 73 2e 20 57 69 74 68 20 61 72 67 75 6d 65 6e 74	ighbor.IP.address..With.argument
6a920	20 3a 63 66 67 63 6d 64 3a 60 73 6f 66 74 60 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 69 6e 69	.:cfgcmd:`soft`.this.command.ini
6a940	74 69 61 74 65 73 20 61 20 73 6f 66 74 20 72 65 73 65 74 2e 20 49 66 20 79 6f 75 20 64 6f 20 6e	tiates.a.soft.reset..If.you.do.n
6a960	6f 74 20 73 70 65 63 69 66 79 20 74 68 65 20 3a 63 66 67 63 6d 64 3a 60 69 6e 60 20 6f 72 20 3a	ot.specify.the.:cfgcmd:`in`.or.:
6a980	63 66 67 63 6d 64 3a 60 6f 75 74 60 20 6f 70 74 69 6f 6e 73 2c 20 62 6f 74 68 20 69 6e 62 6f 75	cfgcmd:`out`.options,.both.inbou
6a9a0	6e 64 20 61 6e 64 20 6f 75 74 62 6f 75 6e 64 20 73 6f 66 74 20 72 65 63 6f 6e 66 69 67 75 72 61	nd.and.outbound.soft.reconfigura
6a9c0	74 69 6f 6e 20 61 72 65 20 74 72 69 67 67 65 72 65 64 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64	tion.are.triggered..This.command
6a9e0	20 72 65 73 65 74 73 20 42 47 50 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 74 6f 20 74 68 65 20 73	.resets.BGP.connections.to.the.s
6aa00	70 65 63 69 66 69 65 64 20 70 65 65 72 20 67 72 6f 75 70 2e 20 57 69 74 68 20 61 72 67 75 6d 65	pecified.peer.group..With.argume
6aa20	6e 74 20 3a 63 66 67 63 6d 64 3a 60 73 6f 66 74 60 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 69	nt.:cfgcmd:`soft`.this.command.i
6aa40	6e 69 74 69 61 74 65 73 20 61 20 73 6f 66 74 20 72 65 73 65 74 2e 20 49 66 20 79 6f 75 20 64 6f	nitiates.a.soft.reset..If.you.do
6aa60	20 6e 6f 74 20 73 70 65 63 69 66 79 20 74 68 65 20 3a 63 66 67 63 6d 64 3a 60 69 6e 60 20 6f 72	.not.specify.the.:cfgcmd:`in`.or
6aa80	20 3a 63 66 67 63 6d 64 3a 60 6f 75 74 60 20 6f 70 74 69 6f 6e 73 2c 20 62 6f 74 68 20 69 6e 62	.:cfgcmd:`out`.options,.both.inb
6aaa0	6f 75 6e 64 20 61 6e 64 20 6f 75 74 62 6f 75 6e 64 20 73 6f 66 74 20 72 65 63 6f 6e 66 69 67 75	ound.and.outbound.soft.reconfigu
6aac0	72 61 74 69 6f 6e 20 61 72 65 20 74 72 69 67 67 65 72 65 64 2e 00 54 68 69 73 20 63 6f 6d 6d 61	ration.are.triggered..This.comma
6aae0	6e 64 20 72 65 73 65 74 73 20 61 6c 6c 20 42 47 50 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 6f 66	nd.resets.all.BGP.connections.of
6ab00	20 67 69 76 65 6e 20 72 6f 75 74 65 72 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 72 65 73 65	.given.router..This.command.rese
6ab20	74 73 20 61 6c 6c 20 65 78 74 65 72 6e 61 6c 20 42 47 50 20 70 65 65 72 73 20 6f 66 20 67 69 76	ts.all.external.BGP.peers.of.giv
6ab40	65 6e 20 72 6f 75 74 65 72 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 65 6c 65 63 74 73 20	en.router..This.command.selects.
6ab60	41 42 52 20 6d 6f 64 65 6c 2e 20 4f 53 50 46 20 72 6f 75 74 65 72 20 73 75 70 70 6f 72 74 73 20	ABR.model..OSPF.router.supports.
6ab80	66 6f 75 72 20 41 42 52 20 6d 6f 64 65 6c 73 3a 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 65	four.ABR.models:.This.command.se
6aba0	74 20 64 65 66 61 75 6c 74 20 6d 65 74 72 69 63 20 66 6f 72 20 63 69 72 63 75 69 74 2e 00 54 68	t.default.metric.for.circuit..Th
6abc0	69 73 20 63 6f 6d 6d 61 6e 64 20 73 65 74 20 74 68 65 20 63 68 61 6e 6e 65 6c 20 6e 75 6d 62 65	is.command.set.the.channel.numbe
6abe0	72 20 74 68 61 74 20 64 69 76 65 72 73 69 74 79 20 72 6f 75 74 69 6e 67 20 75 73 65 73 20 66 6f	r.that.diversity.routing.uses.fo
6ac00	72 20 74 68 69 73 20 69 6e 74 65 72 66 61 63 65 20 28 73 65 65 20 64 69 76 65 72 73 69 74 79 20	r.this.interface.(see.diversity.
6ac20	6f 70 74 69 6f 6e 20 61 62 6f 76 65 29 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 65 74 73	option.above)..This.command.sets
6ac40	20 41 54 54 20 62 69 74 20 74 6f 20 31 20 69 6e 20 4c 65 76 65 6c 31 20 4c 53 50 73 2e 20 49 74	.ATT.bit.to.1.in.Level1.LSPs..It
6ac60	20 69 73 20 64 65 73 63 72 69 62 65 64 20 69 6e 20 3a 72 66 63 3a 60 33 37 38 37 60 2e 00 54 68	.is.described.in.:rfc:`3787`..Th
6ac80	69 73 20 63 6f 6d 6d 61 6e 64 20 73 65 74 73 20 4c 53 50 20 6d 61 78 69 6d 75 6d 20 4c 53 50 20	is.command.sets.LSP.maximum.LSP.
6aca0	6c 69 66 65 74 69 6d 65 20 69 6e 20 73 65 63 6f 6e 64 73 2e 20 54 68 65 20 69 6e 74 65 72 76 61	lifetime.in.seconds..The.interva
6acc0	6c 20 72 61 6e 67 65 20 69 73 20 33 35 30 20 74 6f 20 36 35 35 33 35 2e 20 4c 53 50 73 20 72 65	l.range.is.350.to.65535..LSPs.re
6ace0	6d 61 69 6e 20 69 6e 20 61 20 64 61 74 61 62 61 73 65 20 66 6f 72 20 31 32 30 30 20 73 65 63 6f	main.in.a.database.for.1200.seco
6ad00	6e 64 73 20 62 79 20 64 65 66 61 75 6c 74 2e 20 49 66 20 74 68 65 79 20 61 72 65 20 6e 6f 74 20	nds.by.default..If.they.are.not.
6ad20	72 65 66 72 65 73 68 65 64 20 62 79 20 74 68 61 74 20 74 69 6d 65 2c 20 74 68 65 79 20 61 72 65	refreshed.by.that.time,.they.are
6ad40	20 64 65 6c 65 74 65 64 2e 20 59 6f 75 20 63 61 6e 20 63 68 61 6e 67 65 20 74 68 65 20 4c 53 50	.deleted..You.can.change.the.LSP
6ad60	20 72 65 66 72 65 73 68 20 69 6e 74 65 72 76 61 6c 20 6f 72 20 74 68 65 20 4c 53 50 20 6c 69 66	.refresh.interval.or.the.LSP.lif
6ad80	65 74 69 6d 65 2e 20 54 68 65 20 4c 53 50 20 72 65 66 72 65 73 68 20 69 6e 74 65 72 76 61 6c 20	etime..The.LSP.refresh.interval.
6ada0	73 68 6f 75 6c 64 20 62 65 20 6c 65 73 73 20 74 68 61 6e 20 74 68 65 20 4c 53 50 20 6c 69 66 65	should.be.less.than.the.LSP.life
6adc0	74 69 6d 65 20 6f 72 20 65 6c 73 65 20 4c 53 50 73 20 77 69 6c 6c 20 74 69 6d 65 20 6f 75 74 20	time.or.else.LSPs.will.time.out.
6ade0	62 65 66 6f 72 65 20 74 68 65 79 20 61 72 65 20 72 65 66 72 65 73 68 65 64 2e 00 54 68 69 73 20	before.they.are.refreshed..This.
6ae00	63 6f 6d 6d 61 6e 64 20 73 65 74 73 20 4c 53 50 20 72 65 66 72 65 73 68 20 69 6e 74 65 72 76 61	command.sets.LSP.refresh.interva
6ae20	6c 20 69 6e 20 73 65 63 6f 6e 64 73 2e 20 49 53 2d 49 53 20 67 65 6e 65 72 61 74 65 73 20 4c 53	l.in.seconds..IS-IS.generates.LS
6ae40	50 73 20 77 68 65 6e 20 74 68 65 20 73 74 61 74 65 20 6f 66 20 61 20 6c 69 6e 6b 20 63 68 61 6e	Ps.when.the.state.of.a.link.chan
6ae60	67 65 73 2e 20 48 6f 77 65 76 65 72 2c 20 74 6f 20 65 6e 73 75 72 65 20 74 68 61 74 20 72 6f 75	ges..However,.to.ensure.that.rou
6ae80	74 69 6e 67 20 64 61 74 61 62 61 73 65 73 20 6f 6e 20 61 6c 6c 20 72 6f 75 74 65 72 73 20 72 65	ting.databases.on.all.routers.re
6aea0	6d 61 69 6e 20 63 6f 6e 76 65 72 67 65 64 2c 20 4c 53 50 73 20 69 6e 20 73 74 61 62 6c 65 20 6e	main.converged,.LSPs.in.stable.n
6aec0	65 74 77 6f 72 6b 73 20 61 72 65 20 67 65 6e 65 72 61 74 65 64 20 6f 6e 20 61 20 72 65 67 75 6c	etworks.are.generated.on.a.regul
6aee0	61 72 20 62 61 73 69 73 20 65 76 65 6e 20 74 68 6f 75 67 68 20 74 68 65 72 65 20 68 61 73 20 62	ar.basis.even.though.there.has.b
6af00	65 65 6e 20 6e 6f 20 63 68 61 6e 67 65 20 74 6f 20 74 68 65 20 73 74 61 74 65 20 6f 66 20 74 68	een.no.change.to.the.state.of.th
6af20	65 20 6c 69 6e 6b 73 2e 20 54 68 65 20 69 6e 74 65 72 76 61 6c 20 72 61 6e 67 65 20 69 73 20 31	e.links..The.interval.range.is.1
6af40	20 74 6f 20 36 35 32 33 35 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 76 61 6c 75 65 20 69 73 20	.to.65235..The.default.value.is.
6af60	39 30 30 20 73 65 63 6f 6e 64 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 65 74 73 20 4f	900.seconds..This.command.sets.O
6af80	53 50 46 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 6b 65 79 20 74 6f 20 61 20 73 69 6d 70	SPF.authentication.key.to.a.simp
6afa0	6c 65 20 70 61 73 73 77 6f 72 64 2e 20 41 66 74 65 72 20 73 65 74 74 69 6e 67 2c 20 61 6c 6c 20	le.password..After.setting,.all.
6afc0	4f 53 50 46 20 70 61 63 6b 65 74 73 20 61 72 65 20 61 75 74 68 65 6e 74 69 63 61 74 65 64 2e 20	OSPF.packets.are.authenticated..
6afe0	4b 65 79 20 68 61 73 20 6c 65 6e 67 74 68 20 75 70 20 74 6f 20 38 20 63 68 61 72 73 2e 00 54 68	Key.has.length.up.to.8.chars..Th
6b000	69 73 20 63 6f 6d 6d 61 6e 64 20 73 65 74 73 20 50 53 4e 50 20 69 6e 74 65 72 76 61 6c 20 69 6e	is.command.sets.PSNP.interval.in
6b020	20 73 65 63 6f 6e 64 73 2e 20 54 68 65 20 69 6e 74 65 72 76 61 6c 20 72 61 6e 67 65 20 69 73 20	.seconds..The.interval.range.is.
6b040	30 20 74 6f 20 31 32 37 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 65 74 73 20 52 6f 75 74	0.to.127..This.command.sets.Rout
6b060	65 72 20 50 72 69 6f 72 69 74 79 20 69 6e 74 65 67 65 72 20 76 61 6c 75 65 2e 20 54 68 65 20 72	er.Priority.integer.value..The.r
6b080	6f 75 74 65 72 20 77 69 74 68 20 74 68 65 20 68 69 67 68 65 73 74 20 70 72 69 6f 72 69 74 79 20	outer.with.the.highest.priority.
6b0a0	77 69 6c 6c 20 62 65 20 6d 6f 72 65 20 65 6c 69 67 69 62 6c 65 20 74 6f 20 62 65 63 6f 6d 65 20	will.be.more.eligible.to.become.
6b0c0	44 65 73 69 67 6e 61 74 65 64 20 52 6f 75 74 65 72 2e 20 53 65 74 74 69 6e 67 20 74 68 65 20 76	Designated.Router..Setting.the.v
6b0e0	61 6c 75 65 20 74 6f 20 30 2c 20 6d 61 6b 65 73 20 74 68 65 20 72 6f 75 74 65 72 20 69 6e 65 6c	alue.to.0,.makes.the.router.inel
6b100	69 67 69 62 6c 65 20 74 6f 20 62 65 63 6f 6d 65 20 44 65 73 69 67 6e 61 74 65 64 20 52 6f 75 74	igible.to.become.Designated.Rout
6b120	65 72 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 76 61 6c 75 65 20 69 73 20 31 2e 20 54 68 65 20	er..The.default.value.is.1..The.
6b140	69 6e 74 65 72 76 61 6c 20 72 61 6e 67 65 20 69 73 20 30 20 74 6f 20 32 35 35 2e 00 54 68 69 73	interval.range.is.0.to.255..This
6b160	20 63 6f 6d 6d 61 6e 64 20 73 65 74 73 20 64 65 66 61 75 6c 74 20 52 49 50 20 64 69 73 74 61 6e	.command.sets.default.RIP.distan
6b180	63 65 20 74 6f 20 61 20 73 70 65 63 69 66 69 65 64 20 76 61 6c 75 65 20 77 68 65 6e 20 74 68 65	ce.to.a.specified.value.when.the
6b1a0	20 72 6f 75 74 65 73 20 73 6f 75 72 63 65 20 49 50 20 61 64 64 72 65 73 73 20 6d 61 74 63 68 65	.routes.source.IP.address.matche
6b1c0	73 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 70 72 65 66 69 78 2e 00 54 68 69 73 20 63 6f 6d	s.the.specified.prefix..This.com
6b1e0	6d 61 6e 64 20 73 65 74 73 20 68 65 6c 6c 6f 20 69 6e 74 65 72 76 61 6c 20 69 6e 20 73 65 63 6f	mand.sets.hello.interval.in.seco
6b200	6e 64 73 20 6f 6e 20 61 20 67 69 76 65 6e 20 69 6e 74 65 72 66 61 63 65 2e 20 54 68 65 20 72 61	nds.on.a.given.interface..The.ra
6b220	6e 67 65 20 69 73 20 31 20 74 6f 20 36 30 30 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 65	nge.is.1.to.600..This.command.se
6b240	74 73 20 6c 69 6e 6b 20 63 6f 73 74 20 66 6f 72 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 69	ts.link.cost.for.the.specified.i
6b260	6e 74 65 72 66 61 63 65 2e 20 54 68 65 20 63 6f 73 74 20 76 61 6c 75 65 20 69 73 20 73 65 74 20	nterface..The.cost.value.is.set.
6b280	74 6f 20 72 6f 75 74 65 72 2d 4c 53 41 e2 80 99 73 20 6d 65 74 72 69 63 20 66 69 65 6c 64 20 61	to.router-LSA...s.metric.field.a
6b2a0	6e 64 20 75 73 65 64 20 66 6f 72 20 53 50 46 20 63 61 6c 63 75 6c 61 74 69 6f 6e 2e 20 54 68 65	nd.used.for.SPF.calculation..The
6b2c0	20 63 6f 73 74 20 72 61 6e 67 65 20 69 73 20 31 20 74 6f 20 36 35 35 33 35 2e 00 54 68 69 73 20	.cost.range.is.1.to.65535..This.
6b2e0	63 6f 6d 6d 61 6e 64 20 73 65 74 73 20 6d 69 6e 69 6d 75 6d 20 69 6e 74 65 72 76 61 6c 20 62 65	command.sets.minimum.interval.be
6b300	74 77 65 65 6e 20 63 6f 6e 73 65 63 75 74 69 76 65 20 53 50 46 20 63 61 6c 63 75 6c 61 74 69 6f	tween.consecutive.SPF.calculatio
6b320	6e 73 20 69 6e 20 73 65 63 6f 6e 64 73 2e 54 68 65 20 69 6e 74 65 72 76 61 6c 20 72 61 6e 67 65	ns.in.seconds.The.interval.range
6b340	20 69 73 20 31 20 74 6f 20 31 32 30 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 65 74 73 20	.is.1.to.120..This.command.sets.
6b360	6d 69 6e 69 6d 75 6d 20 69 6e 74 65 72 76 61 6c 20 69 6e 20 73 65 63 6f 6e 64 73 20 62 65 74 77	minimum.interval.in.seconds.betw
6b380	65 65 6e 20 72 65 67 65 6e 65 72 61 74 69 6e 67 20 73 61 6d 65 20 4c 53 50 2e 20 54 68 65 20 69	een.regenerating.same.LSP..The.i
6b3a0	6e 74 65 72 76 61 6c 20 72 61 6e 67 65 20 69 73 20 31 20 74 6f 20 31 32 30 2e 00 54 68 69 73 20	nterval.range.is.1.to.120..This.
6b3c0	63 6f 6d 6d 61 6e 64 20 73 65 74 73 20 6d 75 6c 74 69 70 6c 69 65 72 20 66 6f 72 20 68 65 6c 6c	command.sets.multiplier.for.hell
6b3e0	6f 20 68 6f 6c 64 69 6e 67 20 74 69 6d 65 20 6f 6e 20 61 20 67 69 76 65 6e 20 69 6e 74 65 72 66	o.holding.time.on.a.given.interf
6b400	61 63 65 2e 20 54 68 65 20 72 61 6e 67 65 20 69 73 20 32 20 74 6f 20 31 30 30 2e 00 54 68 69 73	ace..The.range.is.2.to.100..This
6b420	20 63 6f 6d 6d 61 6e 64 20 73 65 74 73 20 6e 75 6d 62 65 72 20 6f 66 20 73 65 63 6f 6e 64 73 20	.command.sets.number.of.seconds.
6b440	66 6f 72 20 49 6e 66 54 72 61 6e 73 44 65 6c 61 79 20 76 61 6c 75 65 2e 20 49 74 20 61 6c 6c 6f	for.InfTransDelay.value..It.allo
6b460	77 73 20 74 6f 20 73 65 74 20 61 6e 64 20 61 64 6a 75 73 74 20 66 6f 72 20 65 61 63 68 20 69 6e	ws.to.set.and.adjust.for.each.in
6b480	74 65 72 66 61 63 65 20 74 68 65 20 64 65 6c 61 79 20 69 6e 74 65 72 76 61 6c 20 62 65 66 6f 72	terface.the.delay.interval.befor
6b4a0	65 20 73 74 61 72 74 69 6e 67 20 74 68 65 20 73 79 6e 63 68 72 6f 6e 69 7a 69 6e 67 20 70 72 6f	e.starting.the.synchronizing.pro
6b4c0	63 65 73 73 20 6f 66 20 74 68 65 20 72 6f 75 74 65 72 27 73 20 64 61 74 61 62 61 73 65 20 77 69	cess.of.the.router's.database.wi
6b4e0	74 68 20 61 6c 6c 20 6e 65 69 67 68 62 6f 72 73 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 76 61	th.all.neighbors..The.default.va
6b500	6c 75 65 20 69 73 20 31 20 73 65 63 6f 6e 64 73 2e 20 54 68 65 20 69 6e 74 65 72 76 61 6c 20 72	lue.is.1.seconds..The.interval.r
6b520	61 6e 67 65 20 69 73 20 33 20 74 6f 20 36 35 35 33 35 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64	ange.is.3.to.65535..This.command
6b540	20 73 65 74 73 20 6e 75 6d 62 65 72 20 6f 66 20 73 65 63 6f 6e 64 73 20 66 6f 72 20 52 78 6d 74	.sets.number.of.seconds.for.Rxmt
6b560	49 6e 74 65 72 76 61 6c 20 74 69 6d 65 72 20 76 61 6c 75 65 2e 20 54 68 69 73 20 76 61 6c 75 65	Interval.timer.value..This.value
6b580	20 69 73 20 75 73 65 64 20 77 68 65 6e 20 72 65 74 72 61 6e 73 6d 69 74 74 69 6e 67 20 44 61 74	.is.used.when.retransmitting.Dat
6b5a0	61 62 61 73 65 20 44 65 73 63 72 69 70 74 69 6f 6e 20 61 6e 64 20 4c 69 6e 6b 20 53 74 61 74 65	abase.Description.and.Link.State
6b5c0	20 52 65 71 75 65 73 74 20 70 61 63 6b 65 74 73 20 69 66 20 61 63 6b 6e 6f 77 6c 65 64 67 65 20	.Request.packets.if.acknowledge.
6b5e0	77 61 73 20 6e 6f 74 20 72 65 63 65 69 76 65 64 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 76 61	was.not.received..The.default.va
6b600	6c 75 65 20 69 73 20 35 20 73 65 63 6f 6e 64 73 2e 20 54 68 65 20 69 6e 74 65 72 76 61 6c 20 72	lue.is.5.seconds..The.interval.r
6b620	61 6e 67 65 20 69 73 20 33 20 74 6f 20 36 35 35 33 35 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64	ange.is.3.to.65535..This.command
6b640	20 73 65 74 73 20 6f 6c 64 2d 73 74 79 6c 65 20 28 49 53 4f 20 31 30 35 38 39 29 20 6f 72 20 6e	.sets.old-style.(ISO.10589).or.n
6b660	65 77 20 73 74 79 6c 65 20 70 61 63 6b 65 74 20 66 6f 72 6d 61 74 73 3a 00 54 68 69 73 20 63 6f	ew.style.packet.formats:.This.co
6b680	6d 6d 61 6e 64 20 73 65 74 73 20 6f 74 68 65 72 20 63 6f 6e 66 65 64 65 72 61 74 69 6f 6e 73 20	mmand.sets.other.confederations.
6b6a0	3c 6e 73 75 62 61 73 6e 3e 20 61 73 20 6d 65 6d 62 65 72 73 20 6f 66 20 61 75 74 6f 6e 6f 6d 6f	<nsubasn>.as.members.of.autonomo
6b6c0	75 73 20 73 79 73 74 65 6d 20 73 70 65 63 69 66 69 65 64 20 62 79 20 3a 63 66 67 63 6d 64 3a 60	us.system.specified.by.:cfgcmd:`
6b6e0	63 6f 6e 66 65 64 65 72 61 74 69 6f 6e 20 69 64 65 6e 74 69 66 69 65 72 20 3c 61 73 6e 3e 60 2e	confederation.identifier.<asn>`.
6b700	00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 65 74 73 20 6f 76 65 72 6c 6f 61 64 20 62 69 74 20	.This.command.sets.overload.bit.
6b720	74 6f 20 61 76 6f 69 64 20 61 6e 79 20 74 72 61 6e 73 69 74 20 74 72 61 66 66 69 63 20 74 68 72	to.avoid.any.transit.traffic.thr
6b740	6f 75 67 68 20 74 68 69 73 20 72 6f 75 74 65 72 2e 20 49 74 20 69 73 20 64 65 73 63 72 69 62 65	ough.this.router..It.is.describe
6b760	64 20 69 6e 20 3a 72 66 63 3a 60 33 37 38 37 60 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73	d.in.:rfc:`3787`..This.command.s
6b780	65 74 73 20 70 72 69 6f 72 69 74 79 20 66 6f 72 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 66	ets.priority.for.the.interface.f
6b7a0	6f 72 20 3a 61 62 62 72 3a 60 44 49 53 20 28 44 65 73 69 67 6e 61 74 65 64 20 49 6e 74 65 72 6d	or.:abbr:`DIS.(Designated.Interm
6b7c0	65 64 69 61 74 65 20 53 79 73 74 65 6d 29 60 20 65 6c 65 63 74 69 6f 6e 2e 20 54 68 65 20 70 72	ediate.System)`.election..The.pr
6b7e0	69 6f 72 69 74 79 20 72 61 6e 67 65 20 69 73 20 30 20 74 6f 20 31 32 37 2e 00 54 68 69 73 20 63	iority.range.is.0.to.127..This.c
6b800	6f 6d 6d 61 6e 64 20 73 65 74 73 20 74 68 65 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 64	ommand.sets.the.administrative.d
6b820	69 73 74 61 6e 63 65 20 66 6f 72 20 61 20 70 61 72 74 69 63 75 6c 61 72 20 72 6f 75 74 65 2e 20	istance.for.a.particular.route..
6b840	54 68 65 20 64 69 73 74 61 6e 63 65 20 72 61 6e 67 65 20 69 73 20 31 20 74 6f 20 32 35 35 2e 00	The.distance.range.is.1.to.255..
6b860	54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 65 74 73 20 74 68 65 20 63 6f 73 74 20 6f 66 20 64 65	This.command.sets.the.cost.of.de
6b880	66 61 75 6c 74 2d 73 75 6d 6d 61 72 79 20 4c 53 41 73 20 61 6e 6e 6f 75 6e 63 65 64 20 74 6f 20	fault-summary.LSAs.announced.to.
6b8a0	73 74 75 62 62 79 20 61 72 65 61 73 2e 20 54 68 65 20 63 6f 73 74 20 72 61 6e 67 65 20 69 73 20	stubby.areas..The.cost.range.is.
6b8c0	30 20 74 6f 20 31 36 37 37 37 32 31 35 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 65 74 73	0.to.16777215..This.command.sets
6b8e0	20 74 68 65 20 64 65 66 61 75 6c 74 20 63 6f 73 74 20 6f 66 20 4c 53 41 73 20 61 6e 6e 6f 75 6e	.the.default.cost.of.LSAs.announ
6b900	63 65 64 20 74 6f 20 4e 53 53 41 20 61 72 65 61 73 2e 20 54 68 65 20 63 6f 73 74 20 72 61 6e 67	ced.to.NSSA.areas..The.cost.rang
6b920	65 20 69 73 20 30 20 74 6f 20 31 36 37 37 37 32 31 35 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64	e.is.0.to.16777215..This.command
6b940	20 73 65 74 73 20 74 68 65 20 69 6e 69 74 69 61 6c 20 64 65 6c 61 79 2c 20 74 68 65 20 69 6e 69	.sets.the.initial.delay,.the.ini
6b960	74 69 61 6c 2d 68 6f 6c 64 74 69 6d 65 20 61 6e 64 20 74 68 65 20 6d 61 78 69 6d 75 6d 2d 68 6f	tial-holdtime.and.the.maximum-ho
6b980	6c 64 74 69 6d 65 20 62 65 74 77 65 65 6e 20 77 68 65 6e 20 53 50 46 20 69 73 20 63 61 6c 63 75	ldtime.between.when.SPF.is.calcu
6b9a0	6c 61 74 65 64 20 61 6e 64 20 74 68 65 20 65 76 65 6e 74 20 77 68 69 63 68 20 74 72 69 67 67 65	lated.and.the.event.which.trigge
6b9c0	72 65 64 20 74 68 65 20 63 61 6c 63 75 6c 61 74 69 6f 6e 2e 20 54 68 65 20 74 69 6d 65 73 20 61	red.the.calculation..The.times.a
6b9e0	72 65 20 73 70 65 63 69 66 69 65 64 20 69 6e 20 6d 69 6c 6c 69 73 65 63 6f 6e 64 73 20 61 6e 64	re.specified.in.milliseconds.and
6ba00	20 6d 75 73 74 20 62 65 20 69 6e 20 74 68 65 20 72 61 6e 67 65 20 6f 66 20 30 20 74 6f 20 36 30	.must.be.in.the.range.of.0.to.60
6ba20	30 30 30 30 20 6d 69 6c 6c 69 73 65 63 6f 6e 64 73 2e 20 3a 63 66 67 63 6d 64 3a 60 64 65 6c 61	0000.milliseconds..:cfgcmd:`dela
6ba40	79 60 20 73 65 74 73 20 74 68 65 20 69 6e 69 74 69 61 6c 20 53 50 46 20 73 63 68 65 64 75 6c 65	y`.sets.the.initial.SPF.schedule
6ba60	20 64 65 6c 61 79 20 69 6e 20 6d 69 6c 6c 69 73 65 63 6f 6e 64 73 2e 20 54 68 65 20 64 65 66 61	.delay.in.milliseconds..The.defa
6ba80	75 6c 74 20 76 61 6c 75 65 20 69 73 20 32 30 30 20 6d 73 2e 20 3a 63 66 67 63 6d 64 3a 60 69 6e	ult.value.is.200.ms..:cfgcmd:`in
6baa0	69 74 69 61 6c 2d 68 6f 6c 64 74 69 6d 65 60 20 73 65 74 73 20 74 68 65 20 6d 69 6e 69 6d 75 6d	itial-holdtime`.sets.the.minimum
6bac0	20 68 6f 6c 64 20 74 69 6d 65 20 62 65 74 77 65 65 6e 20 74 77 6f 20 63 6f 6e 73 65 63 75 74 69	.hold.time.between.two.consecuti
6bae0	76 65 20 53 50 46 20 63 61 6c 63 75 6c 61 74 69 6f 6e 73 2e 20 54 68 65 20 64 65 66 61 75 6c 74	ve.SPF.calculations..The.default
6bb00	20 76 61 6c 75 65 20 69 73 20 31 30 30 30 20 6d 73 2e 20 3a 63 66 67 63 6d 64 3a 60 6d 61 78 2d	.value.is.1000.ms..:cfgcmd:`max-
6bb20	68 6f 6c 64 74 69 6d 65 60 20 73 65 74 73 20 74 68 65 20 6d 61 78 69 6d 75 6d 20 77 61 69 74 20	holdtime`.sets.the.maximum.wait.
6bb40	74 69 6d 65 20 62 65 74 77 65 65 6e 20 74 77 6f 20 63 6f 6e 73 65 63 75 74 69 76 65 20 53 50 46	time.between.two.consecutive.SPF
6bb60	20 63 61 6c 63 75 6c 61 74 69 6f 6e 73 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 76 61 6c 75 65	.calculations..The.default.value
6bb80	20 69 73 20 31 30 30 30 30 20 6d 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 65 74 73 20	.is.10000.ms..This.command.sets.
6bba0	74 68 65 20 69 6e 74 65 72 66 61 63 65 20 62 61 6e 64 77 69 64 74 68 20 66 6f 72 20 63 6f 73 74	the.interface.bandwidth.for.cost
6bbc0	20 63 61 6c 63 75 6c 61 74 69 6f 6e 73 2c 20 77 68 65 72 65 20 62 61 6e 64 77 69 64 74 68 20 63	.calculations,.where.bandwidth.c
6bbe0	61 6e 20 62 65 20 69 6e 20 72 61 6e 67 65 20 66 72 6f 6d 20 31 20 74 6f 20 31 30 30 30 30 30 2c	an.be.in.range.from.1.to.100000,
6bc00	20 73 70 65 63 69 66 69 65 64 20 69 6e 20 4d 62 69 74 73 2f 73 2e 00 54 68 69 73 20 63 6f 6d 6d	.specified.in.Mbits/s..This.comm
6bc20	61 6e 64 20 73 65 74 73 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 74 79 70 65 3a 00 54 68 69	and.sets.the.interface.type:.Thi
6bc40	73 20 63 6f 6d 6d 61 6e 64 20 73 65 74 73 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 77 69 74	s.command.sets.the.interface.wit
6bc60	68 20 52 49 50 20 4d 44 35 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 2e 20 54 68 69 73 20 63	h.RIP.MD5.authentication..This.c
6bc80	6f 6d 6d 61 6e 64 20 61 6c 73 6f 20 73 65 74 73 20 4d 44 35 20 4b 65 79 2e 20 54 68 65 20 6b 65	ommand.also.sets.MD5.Key..The.ke
6bca0	79 20 6d 75 73 74 20 62 65 20 73 68 6f 72 74 65 72 20 74 68 61 6e 20 31 36 20 63 68 61 72 61 63	y.must.be.shorter.than.16.charac
6bcc0	74 65 72 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 65 74 73 20 74 68 65 20 69 6e 74 65	ters..This.command.sets.the.inte
6bce0	72 66 61 63 65 20 77 69 74 68 20 52 49 50 20 73 69 6d 70 6c 65 20 70 61 73 73 77 6f 72 64 20 61	rface.with.RIP.simple.password.a
6bd00	75 74 68 65 6e 74 69 63 61 74 69 6f 6e 2e 20 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 61 6c 73 6f	uthentication..This.command.also
6bd20	20 73 65 74 73 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 73 74 72 69 6e 67 2e 20 54 68 65	.sets.authentication.string..The
6bd40	20 73 74 72 69 6e 67 20 6d 75 73 74 20 62 65 20 73 68 6f 72 74 65 72 20 74 68 61 6e 20 31 36 20	.string.must.be.shorter.than.16.
6bd60	63 68 61 72 61 63 74 65 72 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 65 74 73 20 74 68	characters..This.command.sets.th
6bd80	65 20 6d 75 6c 74 69 70 6c 69 63 61 74 69 76 65 20 66 61 63 74 6f 72 20 75 73 65 64 20 66 6f 72	e.multiplicative.factor.used.for
6bda0	20 64 69 76 65 72 73 69 74 79 20 72 6f 75 74 69 6e 67 2c 20 69 6e 20 75 6e 69 74 73 20 6f 66 20	.diversity.routing,.in.units.of.
6bdc0	31 2f 32 35 36 3b 20 6c 6f 77 65 72 20 76 61 6c 75 65 73 20 63 61 75 73 65 20 64 69 76 65 72 73	1/256;.lower.values.cause.divers
6bde0	69 74 79 20 74 6f 20 70 6c 61 79 20 61 20 6d 6f 72 65 20 69 6d 70 6f 72 74 61 6e 74 20 72 6f 6c	ity.to.play.a.more.important.rol
6be00	65 20 69 6e 20 72 6f 75 74 65 20 73 65 6c 65 63 74 69 6f 6e 2e 20 54 68 65 20 64 65 66 61 75 6c	e.in.route.selection..The.defaul
6be20	74 20 69 74 20 32 35 36 2c 20 77 68 69 63 68 20 6d 65 61 6e 73 20 74 68 61 74 20 64 69 76 65 72	t.it.256,.which.means.that.diver
6be40	73 69 74 79 20 70 6c 61 79 73 20 6e 6f 20 72 6f 6c 65 20 69 6e 20 72 6f 75 74 65 20 73 65 6c 65	sity.plays.no.role.in.route.sele
6be60	63 74 69 6f 6e 3b 20 79 6f 75 20 77 69 6c 6c 20 70 72 6f 62 61 62 6c 79 20 77 61 6e 74 20 74 6f	ction;.you.will.probably.want.to
6be80	20 73 65 74 20 74 68 61 74 20 74 6f 20 31 32 38 20 6f 72 20 6c 65 73 73 20 6f 6e 20 6e 6f 64 65	.set.that.to.128.or.less.on.node
6bea0	73 20 77 69 74 68 20 6d 75 6c 74 69 70 6c 65 20 69 6e 64 65 70 65 6e 64 65 6e 74 20 72 61 64 69	s.with.multiple.independent.radi
6bec0	6f 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 65 74 73 20 74 68 65 20 72 65 66 65 72 65	os..This.command.sets.the.refere
6bee0	6e 63 65 20 62 61 6e 64 77 69 64 74 68 20 66 6f 72 20 63 6f 73 74 20 63 61 6c 63 75 6c 61 74 69	nce.bandwidth.for.cost.calculati
6bf00	6f 6e 73 2c 20 77 68 65 72 65 20 62 61 6e 64 77 69 64 74 68 20 63 61 6e 20 62 65 20 69 6e 20 72	ons,.where.bandwidth.can.be.in.r
6bf20	61 6e 67 65 20 66 72 6f 6d 20 31 20 74 6f 20 34 32 39 34 39 36 37 2c 20 73 70 65 63 69 66 69 65	ange.from.1.to.4294967,.specifie
6bf40	64 20 69 6e 20 4d 62 69 74 73 2f 73 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 69 73 20 31 30 30	d.in.Mbits/s..The.default.is.100
6bf60	4d 62 69 74 2f 73 20 28 69 2e 65 2e 20 61 20 6c 69 6e 6b 20 6f 66 20 62 61 6e 64 77 69 64 74 68	Mbit/s.(i.e..a.link.of.bandwidth
6bf80	20 31 30 30 4d 62 69 74 2f 73 20 6f 72 20 68 69 67 68 65 72 20 77 69 6c 6c 20 68 61 76 65 20 61	.100Mbit/s.or.higher.will.have.a
6bfa0	20 63 6f 73 74 20 6f 66 20 31 2e 20 43 6f 73 74 20 6f 66 20 6c 6f 77 65 72 20 62 61 6e 64 77 69	.cost.of.1..Cost.of.lower.bandwi
6bfc0	64 74 68 20 6c 69 6e 6b 73 20 77 69 6c 6c 20 62 65 20 73 63 61 6c 65 64 20 77 69 74 68 20 72 65	dth.links.will.be.scaled.with.re
6bfe0	66 65 72 65 6e 63 65 20 74 6f 20 74 68 69 73 20 63 6f 73 74 29 2e 00 54 68 69 73 20 63 6f 6d 6d	ference.to.this.cost)..This.comm
6c000	61 6e 64 20 73 65 74 73 20 74 68 65 20 72 6f 75 74 65 72 2d 49 44 20 6f 66 20 74 68 65 20 4f 53	and.sets.the.router-ID.of.the.OS
6c020	50 46 20 70 72 6f 63 65 73 73 2e 20 54 68 65 20 72 6f 75 74 65 72 2d 49 44 20 6d 61 79 20 62 65	PF.process..The.router-ID.may.be
6c040	20 61 6e 20 49 50 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 72 6f 75 74 65 72 2c 20 62 75	.an.IP.address.of.the.router,.bu
6c060	74 20 6e 65 65 64 20 6e 6f 74 20 62 65 20 e2 80 93 20 69 74 20 63 61 6e 20 62 65 20 61 6e 79 20	t.need.not.be.....it.can.be.any.
6c080	61 72 62 69 74 72 61 72 79 20 33 32 62 69 74 20 6e 75 6d 62 65 72 2e 20 48 6f 77 65 76 65 72 20	arbitrary.32bit.number..However.
6c0a0	69 74 20 4d 55 53 54 20 62 65 20 75 6e 69 71 75 65 20 77 69 74 68 69 6e 20 74 68 65 20 65 6e 74	it.MUST.be.unique.within.the.ent
6c0c0	69 72 65 20 4f 53 50 46 20 64 6f 6d 61 69 6e 20 74 6f 20 74 68 65 20 4f 53 50 46 20 73 70 65 61	ire.OSPF.domain.to.the.OSPF.spea
6c0e0	6b 65 72 20 e2 80 93 20 62 61 64 20 74 68 69 6e 67 73 20 77 69 6c 6c 20 68 61 70 70 65 6e 20 69	ker.....bad.things.will.happen.i
6c100	66 20 6d 75 6c 74 69 70 6c 65 20 4f 53 50 46 20 73 70 65 61 6b 65 72 73 20 61 72 65 20 63 6f 6e	f.multiple.OSPF.speakers.are.con
6c120	66 69 67 75 72 65 64 20 77 69 74 68 20 74 68 65 20 73 61 6d 65 20 72 6f 75 74 65 72 2d 49 44 21	figured.with.the.same.router-ID!
6c140	00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 65 74 73 20 74 68 65 20 72 6f 75 74 65 72 2d 49 44	.This.command.sets.the.router-ID
6c160	20 6f 66 20 74 68 65 20 4f 53 50 46 76 33 20 70 72 6f 63 65 73 73 2e 20 54 68 65 20 72 6f 75 74	.of.the.OSPFv3.process..The.rout
6c180	65 72 2d 49 44 20 6d 61 79 20 62 65 20 61 6e 20 49 50 20 61 64 64 72 65 73 73 20 6f 66 20 74 68	er-ID.may.be.an.IP.address.of.th
6c1a0	65 20 72 6f 75 74 65 72 2c 20 62 75 74 20 6e 65 65 64 20 6e 6f 74 20 62 65 20 e2 80 93 20 69 74	e.router,.but.need.not.be.....it
6c1c0	20 63 61 6e 20 62 65 20 61 6e 79 20 61 72 62 69 74 72 61 72 79 20 33 32 62 69 74 20 6e 75 6d 62	.can.be.any.arbitrary.32bit.numb
6c1e0	65 72 2e 20 48 6f 77 65 76 65 72 20 69 74 20 4d 55 53 54 20 62 65 20 75 6e 69 71 75 65 20 77 69	er..However.it.MUST.be.unique.wi
6c200	74 68 69 6e 20 74 68 65 20 65 6e 74 69 72 65 20 4f 53 50 46 76 33 20 64 6f 6d 61 69 6e 20 74 6f	thin.the.entire.OSPFv3.domain.to
6c220	20 74 68 65 20 4f 53 50 46 76 33 20 73 70 65 61 6b 65 72 20 e2 80 93 20 62 61 64 20 74 68 69 6e	.the.OSPFv3.speaker.....bad.thin
6c240	67 73 20 77 69 6c 6c 20 68 61 70 70 65 6e 20 69 66 20 6d 75 6c 74 69 70 6c 65 20 4f 53 50 46 76	gs.will.happen.if.multiple.OSPFv
6c260	33 20 73 70 65 61 6b 65 72 73 20 61 72 65 20 63 6f 6e 66 69 67 75 72 65 64 20 77 69 74 68 20 74	3.speakers.are.configured.with.t
6c280	68 65 20 73 61 6d 65 20 72 6f 75 74 65 72 2d 49 44 21 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20	he.same.router-ID!.This.command.
6c2a0	73 65 74 73 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 69 6e 74 65 72 66 61 63 65 20 74 6f 20	sets.the.specified.interface.to.
6c2c0	70 61 73 73 69 76 65 20 6d 6f 64 65 2e 20 4f 6e 20 70 61 73 73 69 76 65 20 6d 6f 64 65 20 69 6e	passive.mode..On.passive.mode.in
6c2e0	74 65 72 66 61 63 65 2c 20 61 6c 6c 20 72 65 63 65 69 76 69 6e 67 20 70 61 63 6b 65 74 73 20 61	terface,.all.receiving.packets.a
6c300	72 65 20 70 72 6f 63 65 73 73 65 64 20 61 73 20 6e 6f 72 6d 61 6c 20 61 6e 64 20 56 79 4f 53 20	re.processed.as.normal.and.VyOS.
6c320	64 6f 65 73 20 6e 6f 74 20 73 65 6e 64 20 65 69 74 68 65 72 20 6d 75 6c 74 69 63 61 73 74 20 6f	does.not.send.either.multicast.o
6c340	72 20 75 6e 69 63 61 73 74 20 52 49 50 20 70 61 63 6b 65 74 73 20 65 78 63 65 70 74 20 74 6f 20	r.unicast.RIP.packets.except.to.
6c360	52 49 50 20 6e 65 69 67 68 62 6f 72 73 20 73 70 65 63 69 66 69 65 64 20 77 69 74 68 20 6e 65 69	RIP.neighbors.specified.with.nei
6c380	67 68 62 6f 72 20 63 6f 6d 6d 61 6e 64 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 68 6f 75	ghbor.command..This.command.shou
6c3a0	6c 64 20 4e 4f 54 20 62 65 20 73 65 74 20 6e 6f 72 6d 61 6c 6c 79 2e 00 54 68 69 73 20 63 6f 6d	ld.NOT.be.set.normally..This.com
6c3c0	6d 61 6e 64 20 73 68 6f 77 73 20 62 6f 74 68 20 73 74 61 74 75 73 20 61 6e 64 20 73 74 61 74 69	mand.shows.both.status.and.stati
6c3e0	73 74 69 63 73 20 6f 6e 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 77 69 72 65 6c 65 73 73 20	stics.on.the.specified.wireless.
6c400	69 6e 74 65 72 66 61 63 65 2e 20 54 68 65 20 77 69 72 65 6c 65 73 73 20 69 6e 74 65 72 66 61 63	interface..The.wireless.interfac
6c420	65 20 69 64 65 6e 74 69 66 69 65 72 20 63 61 6e 20 72 61 6e 67 65 20 66 72 6f 6d 20 77 6c 61 6e	e.identifier.can.range.from.wlan
6c440	30 20 74 6f 20 77 6c 61 6e 39 39 39 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69	0.to.wlan999..This.command.speci
6c460	66 69 65 73 20 61 20 42 47 50 20 63 6f 6e 66 65 64 65 72 61 74 69 6f 6e 20 69 64 65 6e 74 69 66	fies.a.BGP.confederation.identif
6c480	69 65 72 2e 20 3c 61 73 6e 3e 20 69 73 20 74 68 65 20 6e 75 6d 62 65 72 20 6f 66 20 74 68 65 20	ier..<asn>.is.the.number.of.the.
6c4a0	61 75 74 6f 6e 6f 6d 6f 75 73 20 73 79 73 74 65 6d 20 74 68 61 74 20 69 6e 74 65 72 6e 61 6c 6c	autonomous.system.that.internall
6c4c0	79 20 69 6e 63 6c 75 64 65 73 20 6d 75 6c 74 69 70 6c 65 20 73 75 62 2d 61 75 74 6f 6e 6f 6d 6f	y.includes.multiple.sub-autonomo
6c4e0	75 73 20 73 79 73 74 65 6d 73 20 28 61 20 63 6f 6e 66 65 64 65 72 61 74 69 6f 6e 29 2e 00 54 68	us.systems.(a.confederation)..Th
6c500	69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 61 20 42 61 62 65 6c 20 65 6e 61	is.command.specifies.a.Babel.ena
6c520	62 6c 65 64 20 69 6e 74 65 72 66 61 63 65 20 62 79 20 69 6e 74 65 72 66 61 63 65 20 6e 61 6d 65	bled.interface.by.interface.name
6c540	2e 20 42 6f 74 68 20 74 68 65 20 73 65 6e 64 69 6e 67 20 61 6e 64 20 72 65 63 65 69 76 69 6e 67	..Both.the.sending.and.receiving
6c560	20 6f 66 20 42 61 62 65 6c 20 70 61 63 6b 65 74 73 20 77 69 6c 6c 20 62 65 20 65 6e 61 62 6c 65	.of.Babel.packets.will.be.enable
6c580	64 20 6f 6e 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 73 70 65 63 69 66 69 65 64 20 69 6e 20	d.on.the.interface.specified.in.
6c5a0	74 68 69 73 20 63 6f 6d 6d 61 6e 64 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69	this.command..This.command.speci
6c5c0	66 69 65 73 20 61 20 4d 44 35 20 70 61 73 73 77 6f 72 64 20 74 6f 20 62 65 20 75 73 65 64 20 77	fies.a.MD5.password.to.be.used.w
6c5e0	69 74 68 20 74 68 65 20 74 63 70 20 73 6f 63 6b 65 74 20 74 68 61 74 20 69 73 20 62 65 69 6e 67	ith.the.tcp.socket.that.is.being
6c600	20 75 73 65 64 20 74 6f 20 63 6f 6e 6e 65 63 74 20 74 6f 20 74 68 65 20 72 65 6d 6f 74 65 20 70	.used.to.connect.to.the.remote.p
6c620	65 65 72 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 61 20 52 49	eer..This.command.specifies.a.RI
6c640	50 20 65 6e 61 62 6c 65 64 20 69 6e 74 65 72 66 61 63 65 20 62 79 20 69 6e 74 65 72 66 61 63 65	P.enabled.interface.by.interface
6c660	20 6e 61 6d 65 2e 20 42 6f 74 68 20 74 68 65 20 73 65 6e 64 69 6e 67 20 61 6e 64 20 72 65 63 65	.name..Both.the.sending.and.rece
6c680	69 76 69 6e 67 20 6f 66 20 52 49 50 20 70 61 63 6b 65 74 73 20 77 69 6c 6c 20 62 65 20 65 6e 61	iving.of.RIP.packets.will.be.ena
6c6a0	62 6c 65 64 20 6f 6e 20 74 68 65 20 70 6f 72 74 20 73 70 65 63 69 66 69 65 64 20 69 6e 20 74 68	bled.on.the.port.specified.in.th
6c6c0	69 73 20 63 6f 6d 6d 61 6e 64 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69	is.command..This.command.specifi
6c6e0	65 73 20 61 20 52 49 50 20 6e 65 69 67 68 62 6f 72 2e 20 57 68 65 6e 20 61 20 6e 65 69 67 68 62	es.a.RIP.neighbor..When.a.neighb
6c700	6f 72 20 64 6f 65 73 6e e2 80 99 74 20 75 6e 64 65 72 73 74 61 6e 64 20 6d 75 6c 74 69 63 61 73	or.doesn...t.understand.multicas
6c720	74 2c 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 69 73 20 75 73 65 64 20 74 6f 20 73 70 65 63 69	t,.this.command.is.used.to.speci
6c740	66 79 20 6e 65 69 67 68 62 6f 72 73 2e 20 49 6e 20 73 6f 6d 65 20 63 61 73 65 73 2c 20 6e 6f 74	fy.neighbors..In.some.cases,.not
6c760	20 61 6c 6c 20 72 6f 75 74 65 72 73 20 77 69 6c 6c 20 62 65 20 61 62 6c 65 20 74 6f 20 75 6e 64	.all.routers.will.be.able.to.und
6c780	65 72 73 74 61 6e 64 20 6d 75 6c 74 69 63 61 73 74 69 6e 67 2c 20 77 68 65 72 65 20 70 61 63 6b	erstand.multicasting,.where.pack
6c7a0	65 74 73 20 61 72 65 20 73 65 6e 74 20 74 6f 20 61 20 6e 65 74 77 6f 72 6b 20 6f 72 20 61 20 67	ets.are.sent.to.a.network.or.a.g
6c7c0	72 6f 75 70 20 6f 66 20 61 64 64 72 65 73 73 65 73 2e 20 49 6e 20 61 20 73 69 74 75 61 74 69 6f	roup.of.addresses..In.a.situatio
6c7e0	6e 20 77 68 65 72 65 20 61 20 6e 65 69 67 68 62 6f 72 20 63 61 6e 6e 6f 74 20 70 72 6f 63 65 73	n.where.a.neighbor.cannot.proces
6c800	73 20 6d 75 6c 74 69 63 61 73 74 20 70 61 63 6b 65 74 73 2c 20 69 74 20 69 73 20 6e 65 63 65 73	s.multicast.packets,.it.is.neces
6c820	73 61 72 79 20 74 6f 20 65 73 74 61 62 6c 69 73 68 20 61 20 64 69 72 65 63 74 20 6c 69 6e 6b 20	sary.to.establish.a.direct.link.
6c840	62 65 74 77 65 65 6e 20 72 6f 75 74 65 72 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70	between.routers..This.command.sp
6c860	65 63 69 66 69 65 73 20 61 20 64 65 66 61 75 6c 74 20 77 65 69 67 68 74 20 76 61 6c 75 65 20 66	ecifies.a.default.weight.value.f
6c880	6f 72 20 74 68 65 20 6e 65 69 67 68 62 6f 72 e2 80 99 73 20 72 6f 75 74 65 73 2e 20 54 68 65 20	or.the.neighbor...s.routes..The.
6c8a0	6e 75 6d 62 65 72 20 72 61 6e 67 65 20 69 73 20 31 20 74 6f 20 36 35 35 33 35 2e 00 54 68 69 73	number.range.is.1.to.65535..This
6c8c0	20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 61 20 6d 61 78 69 6d 75 6d 20 6e 75 6d	.command.specifies.a.maximum.num
6c8e0	62 65 72 20 6f 66 20 70 72 65 66 69 78 65 73 20 77 65 20 63 61 6e 20 72 65 63 65 69 76 65 20 66	ber.of.prefixes.we.can.receive.f
6c900	72 6f 6d 20 61 20 67 69 76 65 6e 20 70 65 65 72 2e 20 49 66 20 74 68 69 73 20 6e 75 6d 62 65 72	rom.a.given.peer..If.this.number
6c920	20 69 73 20 65 78 63 65 65 64 65 64 2c 20 74 68 65 20 42 47 50 20 73 65 73 73 69 6f 6e 20 77 69	.is.exceeded,.the.BGP.session.wi
6c940	6c 6c 20 62 65 20 64 65 73 74 72 6f 79 65 64 2e 20 54 68 65 20 6e 75 6d 62 65 72 20 72 61 6e 67	ll.be.destroyed..The.number.rang
6c960	65 20 69 73 20 31 20 74 6f 20 34 32 39 34 39 36 37 32 39 35 2e 00 54 68 69 73 20 63 6f 6d 6d 61	e.is.1.to.4294967295..This.comma
6c980	6e 64 20 73 70 65 63 69 66 69 65 73 20 61 6c 6c 20 69 6e 74 65 72 66 61 63 65 73 20 61 73 20 70	nd.specifies.all.interfaces.as.p
6c9a0	61 73 73 69 76 65 20 62 79 20 64 65 66 61 75 6c 74 2e 20 42 65 63 61 75 73 65 20 74 68 69 73 20	assive.by.default..Because.this.
6c9c0	63 6f 6d 6d 61 6e 64 20 63 68 61 6e 67 65 73 20 74 68 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f	command.changes.the.configuratio
6c9e0	6e 20 6c 6f 67 69 63 20 74 6f 20 61 20 64 65 66 61 75 6c 74 20 70 61 73 73 69 76 65 3b 20 74 68	n.logic.to.a.default.passive;.th
6ca00	65 72 65 66 6f 72 65 2c 20 69 6e 74 65 72 66 61 63 65 73 20 77 68 65 72 65 20 72 6f 75 74 65 72	erefore,.interfaces.where.router
6ca20	20 61 64 6a 61 63 65 6e 63 69 65 73 20 61 72 65 20 65 78 70 65 63 74 65 64 20 6e 65 65 64 20 74	.adjacencies.are.expected.need.t
6ca40	6f 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 77 69 74 68 20 74 68 65 20 3a 63 66 67 63 6d 64	o.be.configured.with.the.:cfgcmd
6ca60	3a 60 70 61 73 73 69 76 65 2d 69 6e 74 65 72 66 61 63 65 2d 65 78 63 6c 75 64 65 60 20 63 6f 6d	:`passive-interface-exclude`.com
6ca80	6d 61 6e 64 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 61 6c 6c	mand..This.command.specifies.all
6caa0	20 69 6e 74 65 72 66 61 63 65 73 20 74 6f 20 70 61 73 73 69 76 65 20 6d 6f 64 65 2e 00 54 68 69	.interfaces.to.passive.mode..Thi
6cac0	73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 61 6e 20 61 67 67 72 65 67 61 74 65	s.command.specifies.an.aggregate
6cae0	20 61 64 64 72 65 73 73 20 61 6e 64 20 70 72 6f 76 69 64 65 73 20 74 68 61 74 20 6c 6f 6e 67 65	.address.and.provides.that.longe
6cb00	72 2d 70 72 65 66 69 78 65 73 20 69 6e 73 69 64 65 20 6f 66 20 74 68 65 20 61 67 67 72 65 67 61	r-prefixes.inside.of.the.aggrega
6cb20	74 65 20 61 64 64 72 65 73 73 20 61 72 65 20 73 75 70 70 72 65 73 73 65 64 20 62 65 66 6f 72 65	te.address.are.suppressed.before
6cb40	20 73 65 6e 64 69 6e 67 20 42 47 50 20 75 70 64 61 74 65 73 20 6f 75 74 20 74 6f 20 70 65 65 72	.sending.BGP.updates.out.to.peer
6cb60	73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 61 6e 20 61 67 67	s..This.command.specifies.an.agg
6cb80	72 65 67 61 74 65 20 61 64 64 72 65 73 73 20 77 69 74 68 20 61 20 6d 61 74 68 65 6d 61 74 69 63	regate.address.with.a.mathematic
6cba0	61 6c 20 73 65 74 20 6f 66 20 61 75 74 6f 6e 6f 6d 6f 75 73 20 73 79 73 74 65 6d 73 2e 20 54 68	al.set.of.autonomous.systems..Th
6cbc0	69 73 20 63 6f 6d 6d 61 6e 64 20 73 75 6d 6d 61 72 69 7a 65 73 20 74 68 65 20 41 53 5f 50 41 54	is.command.summarizes.the.AS_PAT
6cbe0	48 20 61 74 74 72 69 62 75 74 65 73 20 6f 66 20 61 6c 6c 20 74 68 65 20 69 6e 64 69 76 69 64 75	H.attributes.of.all.the.individu
6cc00	61 6c 20 72 6f 75 74 65 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65	al.routes..This.command.specifie
6cc20	73 20 61 6e 20 61 67 67 72 65 67 61 74 65 20 61 64 64 72 65 73 73 2e 20 54 68 65 20 72 6f 75 74	s.an.aggregate.address..The.rout
6cc40	65 72 20 77 69 6c 6c 20 61 6c 73 6f 20 61 6e 6e 6f 75 6e 63 65 20 6c 6f 6e 67 65 72 2d 70 72 65	er.will.also.announce.longer-pre
6cc60	66 69 78 65 73 20 69 6e 73 69 64 65 20 6f 66 20 74 68 65 20 61 67 67 72 65 67 61 74 65 20 61 64	fixes.inside.of.the.aggregate.ad
6cc80	64 72 65 73 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 61 74	dress..This.command.specifies.at
6cca0	74 72 69 62 75 74 65 73 20 74 6f 20 62 65 20 6c 65 66 74 20 75 6e 63 68 61 6e 67 65 64 20 66 6f	tributes.to.be.left.unchanged.fo
6ccc0	72 20 61 64 76 65 72 74 69 73 65 6d 65 6e 74 73 20 73 65 6e 74 20 74 6f 20 61 20 70 65 65 72 20	r.advertisements.sent.to.a.peer.
6cce0	6f 72 20 70 65 65 72 20 67 72 6f 75 70 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63	or.peer.group..This.command.spec
6cd00	69 66 69 65 73 20 63 69 72 63 75 69 74 20 74 79 70 65 20 66 6f 72 20 69 6e 74 65 72 66 61 63 65	ifies.circuit.type.for.interface
6cd20	3a 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 63 6c 75 73 74 65 72	:.This.command.specifies.cluster
6cd40	20 49 44 20 77 68 69 63 68 20 69 64 65 6e 74 69 66 69 65 73 20 61 20 63 6f 6c 6c 65 63 74 69 6f	.ID.which.identifies.a.collectio
6cd60	6e 20 6f 66 20 72 6f 75 74 65 20 72 65 66 6c 65 63 74 6f 72 73 20 61 6e 64 20 74 68 65 69 72 20	n.of.route.reflectors.and.their.
6cd80	63 6c 69 65 6e 74 73 2c 20 61 6e 64 20 69 73 20 75 73 65 64 20 62 79 20 72 6f 75 74 65 20 72 65	clients,.and.is.used.by.route.re
6cda0	66 6c 65 63 74 6f 72 73 20 74 6f 20 61 76 6f 69 64 20 6c 6f 6f 70 69 6e 67 2e 20 42 79 20 64 65	flectors.to.avoid.looping..By.de
6cdc0	66 61 75 6c 74 20 63 6c 75 73 74 65 72 20 49 44 20 69 73 20 73 65 74 20 74 6f 20 74 68 65 20 42	fault.cluster.ID.is.set.to.the.B
6cde0	47 50 20 72 6f 75 74 65 72 20 69 64 20 76 61 6c 75 65 2c 20 62 75 74 20 63 61 6e 20 62 65 20 73	GP.router.id.value,.but.can.be.s
6ce00	65 74 20 74 6f 20 61 6e 20 61 72 62 69 74 72 61 72 79 20 33 32 2d 62 69 74 20 76 61 6c 75 65 2e	et.to.an.arbitrary.32-bit.value.
6ce20	00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 68 6f 6c 64 2d 74 69 6d	.This.command.specifies.hold-tim
6ce40	65 20 69 6e 20 73 65 63 6f 6e 64 73 2e 20 54 68 65 20 74 69 6d 65 72 20 72 61 6e 67 65 20 69 73	e.in.seconds..The.timer.range.is
6ce60	20 34 20 74 6f 20 36 35 35 33 35 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 76 61 6c 75 65 20 69	.4.to.65535..The.default.value.i
6ce80	73 20 31 38 30 20 73 65 63 6f 6e 64 2e 20 49 66 20 79 6f 75 20 73 65 74 20 76 61 6c 75 65 20 74	s.180.second..If.you.set.value.t
6cea0	6f 20 30 20 56 79 4f 53 20 77 69 6c 6c 20 6e 6f 74 20 68 6f 6c 64 20 72 6f 75 74 65 73 2e 00 54	o.0.VyOS.will.not.hold.routes..T
6cec0	68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 69 6e 74 65 72 66 61 63 65 20	his.command.specifies.interface.
6cee0	61 73 20 70 61 73 73 69 76 65 2e 20 50 61 73 73 69 76 65 20 69 6e 74 65 72 66 61 63 65 20 61 64	as.passive..Passive.interface.ad
6cf00	76 65 72 74 69 73 65 73 20 69 74 73 20 61 64 64 72 65 73 73 2c 20 62 75 74 20 64 6f 65 73 20 6e	vertises.its.address,.but.does.n
6cf20	6f 74 20 72 75 6e 20 74 68 65 20 4f 53 50 46 20 70 72 6f 74 6f 63 6f 6c 20 28 61 64 6a 61 63 65	ot.run.the.OSPF.protocol.(adjace
6cf40	6e 63 69 65 73 20 61 72 65 20 6e 6f 74 20 66 6f 72 6d 65 64 20 61 6e 64 20 68 65 6c 6c 6f 20 70	ncies.are.not.formed.and.hello.p
6cf60	61 63 6b 65 74 73 20 61 72 65 20 6e 6f 74 20 67 65 6e 65 72 61 74 65 64 29 2e 00 54 68 69 73 20	ackets.are.not.generated)..This.
6cf80	63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 6b 65 65 70 2d 61 6c 69 76 65 20 74 69 6d	command.specifies.keep-alive.tim
6cfa0	65 20 69 6e 20 73 65 63 6f 6e 64 73 2e 20 54 68 65 20 74 69 6d 65 72 20 63 61 6e 20 72 61 6e 67	e.in.seconds..The.timer.can.rang
6cfc0	65 20 66 72 6f 6d 20 34 20 74 6f 20 36 35 35 33 35 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 76	e.from.4.to.65535..The.default.v
6cfe0	61 6c 75 65 20 69 73 20 36 30 20 73 65 63 6f 6e 64 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20	alue.is.60.second..This.command.
6d000	73 70 65 63 69 66 69 65 73 20 6d 65 74 72 69 63 20 28 4d 45 44 29 20 66 6f 72 20 72 65 64 69 73	specifies.metric.(MED).for.redis
6d020	74 72 69 62 75 74 65 64 20 72 6f 75 74 65 73 2e 20 54 68 65 20 6d 65 74 72 69 63 20 72 61 6e 67	tributed.routes..The.metric.rang
6d040	65 20 69 73 20 30 20 74 6f 20 34 32 39 34 39 36 37 32 39 35 2e 20 54 68 65 72 65 20 61 72 65 20	e.is.0.to.4294967295..There.are.
6d060	73 69 78 20 6d 6f 64 65 73 20 61 76 61 69 6c 61 62 6c 65 20 66 6f 72 20 72 6f 75 74 65 20 73 6f	six.modes.available.for.route.so
6d080	75 72 63 65 3a 20 63 6f 6e 6e 65 63 74 65 64 2c 20 6b 65 72 6e 65 6c 2c 20 6f 73 70 66 2c 20 72	urce:.connected,.kernel,.ospf,.r
6d0a0	69 70 2c 20 73 74 61 74 69 63 2c 20 74 61 62 6c 65 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20	ip,.static,.table..This.command.
6d0c0	73 70 65 63 69 66 69 65 73 20 6d 65 74 72 69 63 20 66 6f 72 20 72 65 64 69 73 74 72 69 62 75 74	specifies.metric.for.redistribut
6d0e0	65 64 20 72 6f 75 74 65 73 20 66 72 6f 6d 20 74 68 65 20 67 69 76 65 6e 20 72 6f 75 74 65 20 73	ed.routes.from.the.given.route.s
6d100	6f 75 72 63 65 2e 20 54 68 65 72 65 20 61 72 65 20 66 69 76 65 20 6d 6f 64 65 73 20 61 76 61 69	ource..There.are.five.modes.avai
6d120	6c 61 62 6c 65 20 66 6f 72 20 72 6f 75 74 65 20 73 6f 75 72 63 65 3a 20 62 67 70 2c 20 63 6f 6e	lable.for.route.source:.bgp,.con
6d140	6e 65 63 74 65 64 2c 20 6b 65 72 6e 65 6c 2c 20 6f 73 70 66 2c 20 73 74 61 74 69 63 2e 20 54 68	nected,.kernel,.ospf,.static..Th
6d160	65 20 6d 65 74 72 69 63 20 72 61 6e 67 65 20 69 73 20 31 20 74 6f 20 31 36 2e 00 54 68 69 73 20	e.metric.range.is.1.to.16..This.
6d180	63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 6d 65 74 72 69 63 20 66 6f 72 20 72 65 64	command.specifies.metric.for.red
6d1a0	69 73 74 72 69 62 75 74 65 64 20 72 6f 75 74 65 73 20 66 72 6f 6d 20 74 68 65 20 67 69 76 65 6e	istributed.routes.from.the.given
6d1c0	20 72 6f 75 74 65 20 73 6f 75 72 63 65 2e 20 54 68 65 72 65 20 61 72 65 20 66 69 76 65 20 6d 6f	.route.source..There.are.five.mo
6d1e0	64 65 73 20 61 76 61 69 6c 61 62 6c 65 20 66 6f 72 20 72 6f 75 74 65 20 73 6f 75 72 63 65 3a 20	des.available.for.route.source:.
6d200	62 67 70 2c 20 63 6f 6e 6e 65 63 74 65 64 2c 20 6b 65 72 6e 65 6c 2c 20 72 69 70 2c 20 73 74 61	bgp,.connected,.kernel,.rip,.sta
6d220	74 69 63 2e 20 54 68 65 20 6d 65 74 72 69 63 20 72 61 6e 67 65 20 69 73 20 31 20 74 6f 20 31 36	tic..The.metric.range.is.1.to.16
6d240	37 37 37 32 31 34 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 6d	777214..This.command.specifies.m
6d260	65 74 72 69 63 20 66 6f 72 20 72 65 64 69 73 74 72 69 62 75 74 65 64 20 72 6f 75 74 65 73 20 66	etric.for.redistributed.routes.f
6d280	72 6f 6d 20 74 68 65 20 67 69 76 65 6e 20 72 6f 75 74 65 20 73 6f 75 72 63 65 2e 20 54 68 65 72	rom.the.given.route.source..Ther
6d2a0	65 20 61 72 65 20 73 69 78 20 6d 6f 64 65 73 20 61 76 61 69 6c 61 62 6c 65 20 66 6f 72 20 72 6f	e.are.six.modes.available.for.ro
6d2c0	75 74 65 20 73 6f 75 72 63 65 3a 20 62 67 70 2c 20 63 6f 6e 6e 65 63 74 65 64 2c 20 6b 65 72 6e	ute.source:.bgp,.connected,.kern
6d2e0	65 6c 2c 20 6f 73 70 66 2c 20 72 69 70 2c 20 73 74 61 74 69 63 2e 20 54 68 65 20 6d 65 74 72 69	el,.ospf,.rip,.static..The.metri
6d300	63 20 72 61 6e 67 65 20 69 73 20 31 20 74 6f 20 31 36 37 37 37 32 31 35 2e 00 54 68 69 73 20 63	c.range.is.1.to.16777215..This.c
6d320	6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 6d 65 74 72 69 63 20 74 79 70 65 20 66 6f 72	ommand.specifies.metric.type.for
6d340	20 72 65 64 69 73 74 72 69 62 75 74 65 64 20 72 6f 75 74 65 73 2e 20 44 69 66 66 65 72 65 6e 63	.redistributed.routes..Differenc
6d360	65 20 62 65 74 77 65 65 6e 20 74 77 6f 20 6d 65 74 72 69 63 20 74 79 70 65 73 20 74 68 61 74 20	e.between.two.metric.types.that.
6d380	6d 65 74 72 69 63 20 74 79 70 65 20 31 20 69 73 20 61 20 6d 65 74 72 69 63 20 77 68 69 63 68 20	metric.type.1.is.a.metric.which.
6d3a0	69 73 20 22 63 6f 6d 6d 65 6e 73 75 72 61 62 6c 65 22 20 77 69 74 68 20 69 6e 6e 65 72 20 4f 53	is."commensurable".with.inner.OS
6d3c0	50 46 20 6c 69 6e 6b 73 2e 20 57 68 65 6e 20 63 61 6c 63 75 6c 61 74 69 6e 67 20 61 20 6d 65 74	PF.links..When.calculating.a.met
6d3e0	72 69 63 20 74 6f 20 74 68 65 20 65 78 74 65 72 6e 61 6c 20 64 65 73 74 69 6e 61 74 69 6f 6e 2c	ric.to.the.external.destination,
6d400	20 74 68 65 20 66 75 6c 6c 20 70 61 74 68 20 6d 65 74 72 69 63 20 69 73 20 63 61 6c 63 75 6c 61	.the.full.path.metric.is.calcula
6d420	74 65 64 20 61 73 20 61 20 6d 65 74 72 69 63 20 73 75 6d 20 70 61 74 68 20 6f 66 20 61 20 72 6f	ted.as.a.metric.sum.path.of.a.ro
6d440	75 74 65 72 20 77 68 69 63 68 20 68 61 64 20 61 64 76 65 72 74 69 73 65 64 20 74 68 69 73 20 6c	uter.which.had.advertised.this.l
6d460	69 6e 6b 20 70 6c 75 73 20 74 68 65 20 6c 69 6e 6b 20 6d 65 74 72 69 63 2e 20 54 68 75 73 2c 20	ink.plus.the.link.metric..Thus,.
6d480	61 20 72 6f 75 74 65 20 77 69 74 68 20 74 68 65 20 6c 65 61 73 74 20 73 75 6d 6d 61 72 79 20 6d	a.route.with.the.least.summary.m
6d4a0	65 74 72 69 63 20 77 69 6c 6c 20 62 65 20 73 65 6c 65 63 74 65 64 2e 20 49 66 20 65 78 74 65 72	etric.will.be.selected..If.exter
6d4c0	6e 61 6c 20 6c 69 6e 6b 20 69 73 20 61 64 76 65 72 74 69 73 65 64 20 77 69 74 68 20 6d 65 74 72	nal.link.is.advertised.with.metr
6d4e0	69 63 20 74 79 70 65 20 32 20 74 68 65 20 70 61 74 68 20 69 73 20 73 65 6c 65 63 74 65 64 20 77	ic.type.2.the.path.is.selected.w
6d500	68 69 63 68 20 6c 69 65 73 20 74 68 72 6f 75 67 68 20 74 68 65 20 72 6f 75 74 65 72 20 77 68 69	hich.lies.through.the.router.whi
6d520	63 68 20 61 64 76 65 72 74 69 73 65 64 20 74 68 69 73 20 6c 69 6e 6b 20 77 69 74 68 20 74 68 65	ch.advertised.this.link.with.the
6d540	20 6c 65 61 73 74 20 6d 65 74 72 69 63 20 64 65 73 70 69 74 65 20 6f 66 20 74 68 65 20 66 61 63	.least.metric.despite.of.the.fac
6d560	74 20 74 68 61 74 20 69 6e 74 65 72 6e 61 6c 20 70 61 74 68 20 74 6f 20 74 68 69 73 20 72 6f 75	t.that.internal.path.to.this.rou
6d580	74 65 72 20 69 73 20 6c 6f 6e 67 65 72 20 28 77 69 74 68 20 6d 6f 72 65 20 63 6f 73 74 29 2e 20	ter.is.longer.(with.more.cost)..
6d5a0	48 6f 77 65 76 65 72 2c 20 69 66 20 74 77 6f 20 72 6f 75 74 65 72 73 20 61 64 76 65 72 74 69 73	However,.if.two.routers.advertis
6d5c0	65 64 20 61 6e 20 65 78 74 65 72 6e 61 6c 20 6c 69 6e 6b 20 61 6e 64 20 77 69 74 68 20 6d 65 74	ed.an.external.link.and.with.met
6d5e0	72 69 63 20 74 79 70 65 20 32 20 74 68 65 20 70 72 65 66 65 72 65 6e 63 65 20 69 73 20 67 69 76	ric.type.2.the.preference.is.giv
6d600	65 6e 20 74 6f 20 74 68 65 20 70 61 74 68 20 77 68 69 63 68 20 6c 69 65 73 20 74 68 72 6f 75 67	en.to.the.path.which.lies.throug
6d620	68 20 74 68 65 20 72 6f 75 74 65 72 20 77 69 74 68 20 61 20 73 68 6f 72 74 65 72 20 69 6e 74 65	h.the.router.with.a.shorter.inte
6d640	72 6e 61 6c 20 70 61 74 68 2e 20 49 66 20 74 77 6f 20 64 69 66 66 65 72 65 6e 74 20 72 6f 75 74	rnal.path..If.two.different.rout
6d660	65 72 73 20 61 64 76 65 72 74 69 73 65 64 20 74 77 6f 20 6c 69 6e 6b 73 20 74 6f 20 74 68 65 20	ers.advertised.two.links.to.the.
6d680	73 61 6d 65 20 65 78 74 65 72 6e 61 6c 20 64 65 73 74 69 6d 61 74 69 6f 6e 20 62 75 74 20 77 69	same.external.destimation.but.wi
6d6a0	74 68 20 64 69 66 66 65 72 65 6e 74 20 6d 65 74 72 69 63 20 74 79 70 65 2c 20 6d 65 74 72 69 63	th.different.metric.type,.metric
6d6c0	20 74 79 70 65 20 31 20 69 73 20 70 72 65 66 65 72 72 65 64 2e 20 49 66 20 74 79 70 65 20 6f 66	.type.1.is.preferred..If.type.of
6d6e0	20 61 20 6d 65 74 72 69 63 20 6c 65 66 74 20 75 6e 64 65 66 69 6e 65 64 20 74 68 65 20 72 6f 75	.a.metric.left.undefined.the.rou
6d700	74 65 72 20 77 69 6c 6c 20 63 6f 6e 73 69 64 65 72 20 74 68 65 73 65 20 65 78 74 65 72 6e 61 6c	ter.will.consider.these.external
6d720	20 6c 69 6e 6b 73 20 74 6f 20 68 61 76 65 20 61 20 64 65 66 61 75 6c 74 20 6d 65 74 72 69 63 20	.links.to.have.a.default.metric.
6d740	74 79 70 65 20 32 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 6e	type.2..This.command.specifies.n
6d760	65 74 77 6f 72 6b 20 74 79 70 65 20 74 6f 20 50 6f 69 6e 74 2d 74 6f 2d 50 6f 69 6e 74 2e 20 54	etwork.type.to.Point-to-Point..T
6d780	68 65 20 64 65 66 61 75 6c 74 20 6e 65 74 77 6f 72 6b 20 74 79 70 65 20 69 73 20 62 72 6f 61 64	he.default.network.type.is.broad
6d7a0	63 61 73 74 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 74 68 61	cast..This.command.specifies.tha
6d7c0	74 20 42 47 50 20 63 6f 6e 73 69 64 65 72 73 20 74 68 65 20 4d 45 44 20 77 68 65 6e 20 63 6f 6d	t.BGP.considers.the.MED.when.com
6d7e0	70 61 72 69 6e 67 20 72 6f 75 74 65 73 20 6f 72 69 67 69 6e 61 74 65 64 20 66 72 6f 6d 20 64 69	paring.routes.originated.from.di
6d800	66 66 65 72 65 6e 74 20 73 75 62 2d 41 53 73 20 77 69 74 68 69 6e 20 74 68 65 20 63 6f 6e 66 65	fferent.sub-ASs.within.the.confe
6d820	64 65 72 61 74 69 6f 6e 20 74 6f 20 77 68 69 63 68 20 74 68 69 73 20 42 47 50 20 73 70 65 61 6b	deration.to.which.this.BGP.speak
6d840	65 72 20 62 65 6c 6f 6e 67 73 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 73 74 61 74 65 2c 20 77	er.belongs..The.default.state,.w
6d860	68 65 72 65 20 74 68 65 20 4d 45 44 20 61 74 74 72 69 62 75 74 65 20 69 73 20 6e 6f 74 20 63 6f	here.the.MED.attribute.is.not.co
6d880	6e 73 69 64 65 72 65 64 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73	nsidered..This.command.specifies
6d8a0	20 74 68 61 74 20 42 47 50 20 64 65 63 69 73 69 6f 6e 20 70 72 6f 63 65 73 73 20 73 68 6f 75 6c	.that.BGP.decision.process.shoul
6d8c0	64 20 63 6f 6e 73 69 64 65 72 20 70 61 74 68 73 20 6f 66 20 65 71 75 61 6c 20 41 53 5f 50 41 54	d.consider.paths.of.equal.AS_PAT
6d8e0	48 20 6c 65 6e 67 74 68 20 63 61 6e 64 69 64 61 74 65 73 20 66 6f 72 20 6d 75 6c 74 69 70 61 74	H.length.candidates.for.multipat
6d900	68 20 63 6f 6d 70 75 74 61 74 69 6f 6e 2e 20 57 69 74 68 6f 75 74 20 74 68 65 20 6b 6e 6f 62 2c	h.computation..Without.the.knob,
6d920	20 74 68 65 20 65 6e 74 69 72 65 20 41 53 5f 50 41 54 48 20 6d 75 73 74 20 6d 61 74 63 68 20 66	.the.entire.AS_PATH.must.match.f
6d940	6f 72 20 6d 75 6c 74 69 70 61 74 68 20 63 6f 6d 70 75 74 61 74 69 6f 6e 2e 00 54 68 69 73 20 63	or.multipath.computation..This.c
6d960	6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 74 68 61 74 20 61 20 72 6f 75 74 65 20 77 69	ommand.specifies.that.a.route.wi
6d980	74 68 20 61 20 4d 45 44 20 69 73 20 61 6c 77 61 79 73 20 63 6f 6e 73 69 64 65 72 65 64 20 74 6f	th.a.MED.is.always.considered.to
6d9a0	20 62 65 20 62 65 74 74 65 72 20 74 68 61 6e 20 61 20 72 6f 75 74 65 20 77 69 74 68 6f 75 74 20	.be.better.than.a.route.without.
6d9c0	61 20 4d 45 44 20 62 79 20 63 61 75 73 69 6e 67 20 74 68 65 20 6d 69 73 73 69 6e 67 20 4d 45 44	a.MED.by.causing.the.missing.MED
6d9e0	20 61 74 74 72 69 62 75 74 65 20 74 6f 20 68 61 76 65 20 61 20 76 61 6c 75 65 20 6f 66 20 69 6e	.attribute.to.have.a.value.of.in
6da00	66 69 6e 69 74 79 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 73 74 61 74 65 2c 20 77 68 65 72 65	finity..The.default.state,.where
6da20	20 74 68 65 20 6d 69 73 73 69 6e 67 20 4d 45 44 20 61 74 74 72 69 62 75 74 65 20 69 73 20 63 6f	.the.missing.MED.attribute.is.co
6da40	6e 73 69 64 65 72 65 64 20 74 6f 20 68 61 76 65 20 61 20 76 61 6c 75 65 20 6f 66 20 7a 65 72 6f	nsidered.to.have.a.value.of.zero
6da60	2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 74 68 61 74 20 72 6f	..This.command.specifies.that.ro
6da80	75 74 65 20 75 70 64 61 74 65 73 20 72 65 63 65 69 76 65 64 20 66 72 6f 6d 20 74 68 69 73 20 6e	ute.updates.received.from.this.n
6daa0	65 69 67 68 62 6f 72 20 77 69 6c 6c 20 62 65 20 73 74 6f 72 65 64 20 75 6e 6d 6f 64 69 66 69 65	eighbor.will.be.stored.unmodifie
6dac0	64 2c 20 72 65 67 61 72 64 6c 65 73 73 20 6f 66 20 74 68 65 20 69 6e 62 6f 75 6e 64 20 70 6f 6c	d,.regardless.of.the.inbound.pol
6dae0	69 63 79 2e 20 57 68 65 6e 20 69 6e 62 6f 75 6e 64 20 73 6f 66 74 20 72 65 63 6f 6e 66 69 67 75	icy..When.inbound.soft.reconfigu
6db00	72 61 74 69 6f 6e 20 69 73 20 65 6e 61 62 6c 65 64 2c 20 74 68 65 20 73 74 6f 72 65 64 20 75 70	ration.is.enabled,.the.stored.up
6db20	64 61 74 65 73 20 61 72 65 20 70 72 6f 63 65 73 73 65 64 20 62 79 20 74 68 65 20 6e 65 77 20 70	dates.are.processed.by.the.new.p
6db40	6f 6c 69 63 79 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 74 6f 20 63 72 65 61 74 65 20 6e 65	olicy.configuration.to.create.ne
6db60	77 20 69 6e 62 6f 75 6e 64 20 75 70 64 61 74 65 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20	w.inbound.updates..This.command.
6db80	73 70 65 63 69 66 69 65 73 20 74 68 61 74 20 73 69 6d 70 6c 65 20 70 61 73 73 77 6f 72 64 20 61	specifies.that.simple.password.a
6dba0	75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 73 68 6f 75 6c 64 20 62 65 20 75 73 65 64 20 66 6f 72	uthentication.should.be.used.for
6dbc0	20 74 68 65 20 67 69 76 65 6e 20 61 72 65 61 2e 20 54 68 65 20 70 61 73 73 77 6f 72 64 20 6d 75	.the.given.area..The.password.mu
6dbe0	73 74 20 61 6c 73 6f 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 6f 6e 20 61 20 70 65 72 2d 69	st.also.be.configured.on.a.per-i
6dc00	6e 74 65 72 66 61 63 65 20 62 61 73 69 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65	nterface.basis..This.command.spe
6dc20	63 69 66 69 65 73 20 74 68 61 74 20 74 68 65 20 63 6f 6d 6d 75 6e 69 74 79 20 61 74 74 72 69 62	cifies.that.the.community.attrib
6dc40	75 74 65 20 73 68 6f 75 6c 64 20 6e 6f 74 20 62 65 20 73 65 6e 74 20 69 6e 20 72 6f 75 74 65 20	ute.should.not.be.sent.in.route.
6dc60	75 70 64 61 74 65 73 20 74 6f 20 61 20 70 65 65 72 2e 20 42 79 20 64 65 66 61 75 6c 74 20 63 6f	updates.to.a.peer..By.default.co
6dc80	6d 6d 75 6e 69 74 79 20 61 74 74 72 69 62 75 74 65 20 69 73 20 73 65 6e 74 2e 00 54 68 69 73 20	mmunity.attribute.is.sent..This.
6dca0	63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 74 68 61 74 20 74 68 65 20 6c 65 6e 67 74	command.specifies.that.the.lengt
6dcc0	68 20 6f 66 20 63 6f 6e 66 65 64 65 72 61 74 69 6f 6e 20 70 61 74 68 20 73 65 74 73 20 61 6e 64	h.of.confederation.path.sets.and
6dce0	20 73 65 71 75 65 6e 63 65 73 20 73 68 6f 75 6c 64 20 62 65 20 74 61 6b 65 6e 20 69 6e 74 6f 20	.sequences.should.be.taken.into.
6dd00	61 63 63 6f 75 6e 74 20 64 75 72 69 6e 67 20 74 68 65 20 42 47 50 20 62 65 73 74 20 70 61 74 68	account.during.the.BGP.best.path
6dd20	20 64 65 63 69 73 69 6f 6e 20 70 72 6f 63 65 73 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20	.decision.process..This.command.
6dd40	73 70 65 63 69 66 69 65 73 20 74 68 65 20 49 50 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20	specifies.the.IP.address.of.the.
6dd60	6e 65 69 67 68 62 6f 72 69 6e 67 20 64 65 76 69 63 65 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64	neighboring.device..This.command
6dd80	20 73 70 65 63 69 66 69 65 73 20 74 68 65 20 4f 53 50 46 20 65 6e 61 62 6c 65 64 20 69 6e 74 65	.specifies.the.OSPF.enabled.inte
6dda0	72 66 61 63 65 28 73 29 2e 20 49 66 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 68 61 73 20 61	rface(s)..If.the.interface.has.a
6ddc0	6e 20 61 64 64 72 65 73 73 20 66 72 6f 6d 20 64 65 66 69 6e 65 64 20 72 61 6e 67 65 20 74 68 65	n.address.from.defined.range.the
6dde0	6e 20 74 68 65 20 63 6f 6d 6d 61 6e 64 20 65 6e 61 62 6c 65 73 20 4f 53 50 46 20 6f 6e 20 74 68	n.the.command.enables.OSPF.on.th
6de00	69 73 20 69 6e 74 65 72 66 61 63 65 20 73 6f 20 72 6f 75 74 65 72 20 63 61 6e 20 70 72 6f 76 69	is.interface.so.router.can.provi
6de20	64 65 20 6e 65 74 77 6f 72 6b 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74 6f 20 74 68 65 20 6f 74	de.network.information.to.the.ot
6de40	68 65 72 20 6f 73 70 66 20 72 6f 75 74 65 72 73 20 76 69 61 20 74 68 69 73 20 69 6e 74 65 72 66	her.ospf.routers.via.this.interf
6de60	61 63 65 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 74 68 65 20	ace..This.command.specifies.the.
6de80	4f 53 50 46 76 33 20 65 6e 61 62 6c 65 64 20 69 6e 74 65 72 66 61 63 65 2e 20 54 68 69 73 20 63	OSPFv3.enabled.interface..This.c
6dea0	6f 6d 6d 61 6e 64 20 69 73 20 61 6c 73 6f 20 75 73 65 64 20 74 6f 20 65 6e 61 62 6c 65 20 74 68	ommand.is.also.used.to.enable.th
6dec0	65 20 4f 53 50 46 20 70 72 6f 63 65 73 73 2e 20 54 68 65 20 61 72 65 61 20 6e 75 6d 62 65 72 20	e.OSPF.process..The.area.number.
6dee0	63 61 6e 20 62 65 20 73 70 65 63 69 66 69 65 64 20 69 6e 20 64 65 63 69 6d 61 6c 20 6e 6f 74 61	can.be.specified.in.decimal.nota
6df00	74 69 6f 6e 20 69 6e 20 74 68 65 20 72 61 6e 67 65 20 66 72 6f 6d 20 30 20 74 6f 20 34 32 39 34	tion.in.the.range.from.0.to.4294
6df20	39 36 37 32 39 35 2e 20 4f 72 20 69 74 20 63 61 6e 20 62 65 20 73 70 65 63 69 66 69 65 64 20 69	967295..Or.it.can.be.specified.i
6df40	6e 20 64 6f 74 74 65 64 20 64 65 63 69 6d 61 6c 20 6e 6f 74 61 74 69 6f 6e 20 73 69 6d 69 6c 61	n.dotted.decimal.notation.simila
6df60	72 20 74 6f 20 69 70 20 61 64 64 72 65 73 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70	r.to.ip.address..This.command.sp
6df80	65 63 69 66 69 65 73 20 74 68 65 20 61 72 65 61 20 74 6f 20 62 65 20 61 20 4e 53 53 41 20 54 6f	ecifies.the.area.to.be.a.NSSA.To
6dfa0	74 61 6c 6c 79 20 53 74 75 62 20 41 72 65 61 2e 20 41 42 52 73 20 66 6f 72 20 73 75 63 68 20 61	tally.Stub.Area..ABRs.for.such.a
6dfc0	6e 20 61 72 65 61 20 64 6f 20 6e 6f 74 20 6e 65 65 64 20 74 6f 20 70 61 73 73 20 4e 65 74 77 6f	n.area.do.not.need.to.pass.Netwo
6dfe0	72 6b 2d 53 75 6d 6d 61 72 79 20 28 74 79 70 65 2d 33 29 20 4c 53 41 73 20 28 65 78 63 65 70 74	rk-Summary.(type-3).LSAs.(except
6e000	20 74 68 65 20 64 65 66 61 75 6c 74 20 73 75 6d 6d 61 72 79 20 72 6f 75 74 65 29 2c 20 41 53 42	.the.default.summary.route),.ASB
6e020	52 2d 53 75 6d 6d 61 72 79 20 4c 53 41 73 20 28 74 79 70 65 2d 34 29 20 61 6e 64 20 41 53 2d 45	R-Summary.LSAs.(type-4).and.AS-E
6e040	78 74 65 72 6e 61 6c 20 4c 53 41 73 20 28 74 79 70 65 2d 35 29 20 69 6e 74 6f 20 74 68 65 20 61	xternal.LSAs.(type-5).into.the.a
6e060	72 65 61 2e 20 42 75 74 20 54 79 70 65 2d 37 20 4c 53 41 73 20 74 68 61 74 20 63 6f 6e 76 65 72	rea..But.Type-7.LSAs.that.conver
6e080	74 20 74 6f 20 54 79 70 65 2d 35 20 61 74 20 74 68 65 20 4e 53 53 41 20 41 42 52 20 61 72 65 20	t.to.Type-5.at.the.NSSA.ABR.are.
6e0a0	61 6c 6c 6f 77 65 64 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20	allowed..This.command.specifies.
6e0c0	74 68 65 20 61 72 65 61 20 74 6f 20 62 65 20 61 20 4e 6f 74 20 53 6f 20 53 74 75 62 62 79 20 41	the.area.to.be.a.Not.So.Stubby.A
6e0e0	72 65 61 2e 20 45 78 74 65 72 6e 61 6c 20 72 6f 75 74 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f	rea..External.routing.informatio
6e100	6e 20 69 73 20 69 6d 70 6f 72 74 65 64 20 69 6e 74 6f 20 61 6e 20 4e 53 53 41 20 69 6e 20 54 79	n.is.imported.into.an.NSSA.in.Ty
6e120	70 65 2d 37 20 4c 53 41 73 2e 20 54 79 70 65 2d 37 20 4c 53 41 73 20 61 72 65 20 73 69 6d 69 6c	pe-7.LSAs..Type-7.LSAs.are.simil
6e140	61 72 20 74 6f 20 54 79 70 65 2d 35 20 41 53 2d 65 78 74 65 72 6e 61 6c 20 4c 53 41 73 2c 20 65	ar.to.Type-5.AS-external.LSAs,.e
6e160	78 63 65 70 74 20 74 68 61 74 20 74 68 65 79 20 63 61 6e 20 6f 6e 6c 79 20 62 65 20 66 6c 6f 6f	xcept.that.they.can.only.be.floo
6e180	64 65 64 20 69 6e 74 6f 20 74 68 65 20 4e 53 53 41 2e 20 49 6e 20 6f 72 64 65 72 20 74 6f 20 66	ded.into.the.NSSA..In.order.to.f
6e1a0	75 72 74 68 65 72 20 70 72 6f 70 61 67 61 74 65 20 74 68 65 20 4e 53 53 41 20 65 78 74 65 72 6e	urther.propagate.the.NSSA.extern
6e1c0	61 6c 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2c 20 74 68 65 20 54 79 70 65 2d 37 20 4c 53 41 20 6d	al.information,.the.Type-7.LSA.m
6e1e0	75 73 74 20 62 65 20 74 72 61 6e 73 6c 61 74 65 64 20 74 6f 20 61 20 54 79 70 65 2d 35 20 41 53	ust.be.translated.to.a.Type-5.AS
6e200	2d 65 78 74 65 72 6e 61 6c 2d 4c 53 41 20 62 79 20 74 68 65 20 4e 53 53 41 20 41 42 52 2e 00 54	-external-LSA.by.the.NSSA.ABR..T
6e220	68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 74 68 65 20 61 72 65 61 20 74	his.command.specifies.the.area.t
6e240	6f 20 62 65 20 61 20 53 74 75 62 20 41 72 65 61 2e 20 54 68 61 74 20 69 73 2c 20 61 6e 20 61 72	o.be.a.Stub.Area..That.is,.an.ar
6e260	65 61 20 77 68 65 72 65 20 6e 6f 20 72 6f 75 74 65 72 20 6f 72 69 67 69 6e 61 74 65 73 20 72 6f	ea.where.no.router.originates.ro
6e280	75 74 65 73 20 65 78 74 65 72 6e 61 6c 20 74 6f 20 4f 53 50 46 20 61 6e 64 20 68 65 6e 63 65 20	utes.external.to.OSPF.and.hence.
6e2a0	61 6e 20 61 72 65 61 20 77 68 65 72 65 20 61 6c 6c 20 65 78 74 65 72 6e 61 6c 20 72 6f 75 74 65	an.area.where.all.external.route
6e2c0	73 20 61 72 65 20 76 69 61 20 74 68 65 20 41 42 52 28 73 29 2e 20 48 65 6e 63 65 2c 20 41 42 52	s.are.via.the.ABR(s)..Hence,.ABR
6e2e0	73 20 66 6f 72 20 73 75 63 68 20 61 6e 20 61 72 65 61 20 64 6f 20 6e 6f 74 20 6e 65 65 64 20 74	s.for.such.an.area.do.not.need.t
6e300	6f 20 70 61 73 73 20 41 53 2d 45 78 74 65 72 6e 61 6c 20 4c 53 41 73 20 28 74 79 70 65 2d 35 29	o.pass.AS-External.LSAs.(type-5)
6e320	20 6f 72 20 41 53 42 52 2d 53 75 6d 6d 61 72 79 20 4c 53 41 73 20 28 74 79 70 65 2d 34 29 20 69	.or.ASBR-Summary.LSAs.(type-4).i
6e340	6e 74 6f 20 74 68 65 20 61 72 65 61 2e 20 54 68 65 79 20 6e 65 65 64 20 6f 6e 6c 79 20 70 61 73	nto.the.area..They.need.only.pas
6e360	73 20 4e 65 74 77 6f 72 6b 2d 53 75 6d 6d 61 72 79 20 28 74 79 70 65 2d 33 29 20 4c 53 41 73 20	s.Network-Summary.(type-3).LSAs.
6e380	69 6e 74 6f 20 73 75 63 68 20 61 6e 20 61 72 65 61 2c 20 61 6c 6f 6e 67 20 77 69 74 68 20 61 20	into.such.an.area,.along.with.a.
6e3a0	64 65 66 61 75 6c 74 2d 72 6f 75 74 65 20 73 75 6d 6d 61 72 79 2e 00 54 68 69 73 20 63 6f 6d 6d	default-route.summary..This.comm
6e3c0	61 6e 64 20 73 70 65 63 69 66 69 65 73 20 74 68 65 20 61 72 65 61 20 74 6f 20 62 65 20 61 20 54	and.specifies.the.area.to.be.a.T
6e3e0	6f 74 61 6c 6c 79 20 53 74 75 62 20 41 72 65 61 2e 20 49 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f	otally.Stub.Area..In.addition.to
6e400	20 73 74 75 62 20 61 72 65 61 20 6c 69 6d 69 74 61 74 69 6f 6e 73 20 74 68 69 73 20 61 72 65 61	.stub.area.limitations.this.area
6e420	20 74 79 70 65 20 70 72 65 76 65 6e 74 73 20 61 6e 20 41 42 52 20 66 72 6f 6d 20 69 6e 6a 65 63	.type.prevents.an.ABR.from.injec
6e440	74 69 6e 67 20 4e 65 74 77 6f 72 6b 2d 53 75 6d 6d 61 72 79 20 28 74 79 70 65 2d 33 29 20 4c 53	ting.Network-Summary.(type-3).LS
6e460	41 73 20 69 6e 74 6f 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 73 74 75 62 20 61 72 65 61 2e	As.into.the.specified.stub.area.
6e480	20 4f 6e 6c 79 20 64 65 66 61 75 6c 74 20 73 75 6d 6d 61 72 79 20 72 6f 75 74 65 20 69 73 20 61	.Only.default.summary.route.is.a
6e4a0	6c 6c 6f 77 65 64 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 74	llowed..This.command.specifies.t
6e4c0	68 65 20 62 61 73 65 20 72 65 63 65 69 76 65 20 63 6f 73 74 20 66 6f 72 20 74 68 69 73 20 69 6e	he.base.receive.cost.for.this.in
6e4e0	74 65 72 66 61 63 65 2e 20 46 6f 72 20 77 69 72 65 6c 65 73 73 20 69 6e 74 65 72 66 61 63 65 73	terface..For.wireless.interfaces
6e500	2c 20 69 74 20 73 70 65 63 69 66 69 65 73 20 74 68 65 20 6d 75 6c 74 69 70 6c 69 65 72 20 75 73	,.it.specifies.the.multiplier.us
6e520	65 64 20 66 6f 72 20 63 6f 6d 70 75 74 69 6e 67 20 74 68 65 20 45 54 58 20 72 65 63 65 70 74 69	ed.for.computing.the.ETX.recepti
6e540	6f 6e 20 63 6f 73 74 20 28 64 65 66 61 75 6c 74 20 32 35 36 29 3b 20 66 6f 72 20 77 69 72 65 64	on.cost.(default.256);.for.wired
6e560	20 69 6e 74 65 72 66 61 63 65 73 2c 20 69 74 20 73 70 65 63 69 66 69 65 73 20 74 68 65 20 63 6f	.interfaces,.it.specifies.the.co
6e580	73 74 20 74 68 61 74 20 77 69 6c 6c 20 62 65 20 61 64 76 65 72 74 69 73 65 64 20 74 6f 20 6e 65	st.that.will.be.advertised.to.ne
6e5a0	69 67 68 62 6f 75 72 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73	ighbours..This.command.specifies
6e5c0	20 74 68 65 20 64 65 63 61 79 20 66 61 63 74 6f 72 20 66 6f 72 20 74 68 65 20 65 78 70 6f 6e 65	.the.decay.factor.for.the.expone
6e5e0	6e 74 69 61 6c 20 6d 6f 76 69 6e 67 20 61 76 65 72 61 67 65 20 6f 66 20 52 54 54 20 73 61 6d 70	ntial.moving.average.of.RTT.samp
6e600	6c 65 73 2c 20 69 6e 20 75 6e 69 74 73 20 6f 66 20 31 2f 32 35 36 2e 20 48 69 67 68 65 72 20 76	les,.in.units.of.1/256..Higher.v
6e620	61 6c 75 65 73 20 64 69 73 63 61 72 64 20 6f 6c 64 20 73 61 6d 70 6c 65 73 20 66 61 73 74 65 72	alues.discard.old.samples.faster
6e640	2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 69 73 20 34 32 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e	..The.default.is.42..This.comman
6e660	64 20 73 70 65 63 69 66 69 65 73 20 74 68 65 20 64 65 66 61 75 6c 74 20 6c 6f 63 61 6c 20 70 72	d.specifies.the.default.local.pr
6e680	65 66 65 72 65 6e 63 65 20 76 61 6c 75 65 2e 20 54 68 65 20 6c 6f 63 61 6c 20 70 72 65 66 65 72	eference.value..The.local.prefer
6e6a0	65 6e 63 65 20 72 61 6e 67 65 20 69 73 20 30 20 74 6f 20 34 32 39 34 39 36 37 32 39 35 2e 00 54	ence.range.is.0.to.4294967295..T
6e6c0	68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 74 68 65 20 64 65 66 61 75 6c	his.command.specifies.the.defaul
6e6e0	74 20 6d 65 74 72 69 63 20 76 61 6c 75 65 20 6f 66 20 72 65 64 69 73 74 72 69 62 75 74 65 64 20	t.metric.value.of.redistributed.
6e700	72 6f 75 74 65 73 2e 20 54 68 65 20 6d 65 74 72 69 63 20 72 61 6e 67 65 20 69 73 20 30 20 74 6f	routes..The.metric.range.is.0.to
6e720	20 31 36 37 37 37 32 31 34 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65	.16777214..This.command.specifie
6e740	73 20 74 68 65 20 67 61 72 62 61 67 65 2d 63 6f 6c 6c 65 63 74 69 6f 6e 20 74 69 6d 65 72 2e 20	s.the.garbage-collection.timer..
6e760	55 70 6f 6e 20 65 78 70 69 72 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 67 61 72 62 61 67 65 2d 63	Upon.expiration.of.the.garbage-c
6e780	6f 6c 6c 65 63 74 69 6f 6e 20 74 69 6d 65 72 2c 20 74 68 65 20 72 6f 75 74 65 20 69 73 20 66 69	ollection.timer,.the.route.is.fi
6e7a0	6e 61 6c 6c 79 20 72 65 6d 6f 76 65 64 20 66 72 6f 6d 20 74 68 65 20 72 6f 75 74 69 6e 67 20 74	nally.removed.from.the.routing.t
6e7c0	61 62 6c 65 2e 20 54 68 65 20 74 69 6d 65 20 72 61 6e 67 65 20 69 73 20 35 20 74 6f 20 32 31 34	able..The.time.range.is.5.to.214
6e7e0	37 34 38 33 36 34 37 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 76 61 6c 75 65 20 69 73 20 31 32	7483647..The.default.value.is.12
6e800	30 20 73 65 63 6f 6e 64 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65	0.seconds..This.command.specifie
6e820	73 20 74 68 65 20 67 69 76 65 6e 20 6e 65 69 67 68 62 6f 72 20 61 73 20 72 6f 75 74 65 20 72 65	s.the.given.neighbor.as.route.re
6e840	66 6c 65 63 74 6f 72 20 63 6c 69 65 6e 74 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65	flector.client..This.command.spe
6e860	63 69 66 69 65 73 20 74 68 65 20 6c 65 6e 67 74 68 20 6f 66 20 74 69 6d 65 2c 20 69 6e 20 73 65	cifies.the.length.of.time,.in.se
6e880	63 6f 6e 64 73 2c 20 62 65 66 6f 72 65 20 74 68 65 20 72 6f 75 74 69 6e 67 20 64 65 76 69 63 65	conds,.before.the.routing.device
6e8a0	20 73 65 6e 64 73 20 68 65 6c 6c 6f 20 70 61 63 6b 65 74 73 20 6f 75 74 20 6f 66 20 74 68 65 20	.sends.hello.packets.out.of.the.
6e8c0	69 6e 74 65 72 66 61 63 65 20 62 65 66 6f 72 65 20 69 74 20 65 73 74 61 62 6c 69 73 68 65 73 20	interface.before.it.establishes.
6e8e0	61 64 6a 61 63 65 6e 63 79 20 77 69 74 68 20 61 20 6e 65 69 67 68 62 6f 72 2e 20 54 68 65 20 72	adjacency.with.a.neighbor..The.r
6e900	61 6e 67 65 20 69 73 20 31 20 74 6f 20 36 35 35 33 35 20 73 65 63 6f 6e 64 73 2e 20 54 68 65 20	ange.is.1.to.65535.seconds..The.
6e920	64 65 66 61 75 6c 74 20 76 61 6c 75 65 20 69 73 20 36 30 20 73 65 63 6f 6e 64 73 2e 00 54 68 69	default.value.is.60.seconds..Thi
6e940	73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 74 68 65 20 6d 61 78 69 6d 75 6d 20	s.command.specifies.the.maximum.
6e960	52 54 54 2c 20 69 6e 20 6d 69 6c 6c 69 73 65 63 6f 6e 64 73 2c 20 61 62 6f 76 65 20 77 68 69 63	RTT,.in.milliseconds,.above.whic
6e980	68 20 77 65 20 64 6f 6e 27 74 20 69 6e 63 72 65 61 73 65 20 74 68 65 20 63 6f 73 74 20 74 6f 20	h.we.don't.increase.the.cost.to.
6e9a0	61 20 6e 65 69 67 68 62 6f 75 72 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 69 73 20 31 32 30 20	a.neighbour..The.default.is.120.
6e9c0	6d 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 74 68 65 20 6d	ms..This.command.specifies.the.m
6e9e0	61 78 69 6d 75 6d 20 63 6f 73 74 20 61 64 64 65 64 20 74 6f 20 61 20 6e 65 69 67 68 62 6f 75 72	aximum.cost.added.to.a.neighbour
6ea00	20 62 65 63 61 75 73 65 20 6f 66 20 52 54 54 2c 20 69 2e 65 2e 20 77 68 65 6e 20 74 68 65 20 52	.because.of.RTT,.i.e..when.the.R
6ea20	54 54 20 69 73 20 68 69 67 68 65 72 20 6f 72 20 65 71 75 61 6c 20 74 68 61 6e 20 72 74 74 2d 6d	TT.is.higher.or.equal.than.rtt-m
6ea40	61 78 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 69 73 20 31 35 30 2e 20 53 65 74 74 69 6e 67 20	ax..The.default.is.150..Setting.
6ea60	69 74 20 74 6f 20 30 20 65 66 66 65 63 74 69 76 65 6c 79 20 64 69 73 61 62 6c 65 73 20 74 68 65	it.to.0.effectively.disables.the
6ea80	20 75 73 65 20 6f 66 20 61 20 52 54 54 2d 62 61 73 65 64 20 63 6f 73 74 2e 00 54 68 69 73 20 63	.use.of.a.RTT-based.cost..This.c
6eaa0	6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 74 68 65 20 6d 69 6e 69 6d 75 6d 20 52 54 54	ommand.specifies.the.minimum.RTT
6eac0	2c 20 69 6e 20 6d 69 6c 6c 69 73 65 63 6f 6e 64 73 2c 20 73 74 61 72 74 69 6e 67 20 66 72 6f 6d	,.in.milliseconds,.starting.from
6eae0	20 77 68 69 63 68 20 77 65 20 69 6e 63 72 65 61 73 65 20 74 68 65 20 63 6f 73 74 20 74 6f 20 61	.which.we.increase.the.cost.to.a
6eb00	20 6e 65 69 67 68 62 6f 75 72 2e 20 54 68 65 20 61 64 64 69 74 69 6f 6e 61 6c 20 63 6f 73 74 20	.neighbour..The.additional.cost.
6eb20	69 73 20 6c 69 6e 65 61 72 20 69 6e 20 28 72 74 74 20 2d 20 72 74 74 2d 6d 69 6e 29 2e 20 54 68	is.linear.in.(rtt.-.rtt-min)..Th
6eb40	65 20 64 65 66 61 75 6c 74 20 69 73 20 31 30 20 6d 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64	e.default.is.10.ms..This.command
6eb60	20 73 70 65 63 69 66 69 65 73 20 74 68 65 20 6d 69 6e 69 6d 75 6d 20 72 6f 75 74 65 20 61 64 76	.specifies.the.minimum.route.adv
6eb80	65 72 74 69 73 65 6d 65 6e 74 20 69 6e 74 65 72 76 61 6c 20 66 6f 72 20 74 68 65 20 70 65 65 72	ertisement.interval.for.the.peer
6eba0	2e 20 54 68 65 20 69 6e 74 65 72 76 61 6c 20 76 61 6c 75 65 20 69 73 20 30 20 74 6f 20 36 30 30	..The.interval.value.is.0.to.600
6ebc0	20 73 65 63 6f 6e 64 73 2c 20 77 69 74 68 20 74 68 65 20 64 65 66 61 75 6c 74 20 61 64 76 65 72	.seconds,.with.the.default.adver
6ebe0	74 69 73 65 6d 65 6e 74 20 69 6e 74 65 72 76 61 6c 20 62 65 69 6e 67 20 30 2e 00 54 68 69 73 20	tisement.interval.being.0..This.
6ec00	63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 74 68 65 20 72 6f 75 74 65 72 20 70 72 69	command.specifies.the.router.pri
6ec20	6f 72 69 74 79 20 76 61 6c 75 65 20 6f 66 20 74 68 65 20 6e 6f 6e 62 72 6f 61 64 63 61 73 74 20	ority.value.of.the.nonbroadcast.
6ec40	6e 65 69 67 68 62 6f 72 20 61 73 73 6f 63 69 61 74 65 64 20 77 69 74 68 20 74 68 65 20 49 50 20	neighbor.associated.with.the.IP.
6ec60	61 64 64 72 65 73 73 20 73 70 65 63 69 66 69 65 64 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 69	address.specified..The.default.i
6ec80	73 20 30 2e 20 54 68 69 73 20 6b 65 79 77 6f 72 64 20 64 6f 65 73 20 6e 6f 74 20 61 70 70 6c 79	s.0..This.keyword.does.not.apply
6eca0	20 74 6f 20 70 6f 69 6e 74 2d 74 6f 2d 6d 75 6c 74 69 70 6f 69 6e 74 20 69 6e 74 65 72 66 61 63	.to.point-to-multipoint.interfac
6ecc0	65 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 74 68 65 20 72	es..This.command.specifies.the.r
6ece0	6f 75 74 65 72 2d 49 44 2e 20 49 66 20 72 6f 75 74 65 72 20 49 44 20 69 73 20 6e 6f 74 20 73 70	outer-ID..If.router.ID.is.not.sp
6ed00	65 63 69 66 69 65 64 20 69 74 20 77 69 6c 6c 20 75 73 65 20 74 68 65 20 68 69 67 68 65 73 74 20	ecified.it.will.use.the.highest.
6ed20	69 6e 74 65 72 66 61 63 65 20 49 50 20 61 64 64 72 65 73 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61	interface.IP.address..This.comma
6ed40	6e 64 20 73 70 65 63 69 66 69 65 73 20 74 68 65 20 74 69 6d 65 20 63 6f 6e 73 74 61 6e 74 2c 20	nd.specifies.the.time.constant,.
6ed60	69 6e 20 73 65 63 6f 6e 64 73 2c 20 6f 66 20 74 68 65 20 73 6d 6f 6f 74 68 69 6e 67 20 61 6c 67	in.seconds,.of.the.smoothing.alg
6ed80	6f 72 69 74 68 6d 20 75 73 65 64 20 66 6f 72 20 69 6d 70 6c 65 6d 65 6e 74 69 6e 67 20 68 79 73	orithm.used.for.implementing.hys
6eda0	74 65 72 65 73 69 73 2e 20 4c 61 72 67 65 72 20 76 61 6c 75 65 73 20 72 65 64 75 63 65 20 72 6f	teresis..Larger.values.reduce.ro
6edc0	75 74 65 20 6f 73 63 69 6c 6c 61 74 69 6f 6e 20 61 74 20 74 68 65 20 63 6f 73 74 20 6f 66 20 76	ute.oscillation.at.the.cost.of.v
6ede0	65 72 79 20 73 6c 69 67 68 74 6c 79 20 69 6e 63 72 65 61 73 69 6e 67 20 63 6f 6e 76 65 72 67 65	ery.slightly.increasing.converge
6ee00	6e 63 65 20 74 69 6d 65 2e 20 54 68 65 20 76 61 6c 75 65 20 30 20 64 69 73 61 62 6c 65 73 20 68	nce.time..The.value.0.disables.h
6ee20	79 73 74 65 72 65 73 69 73 2c 20 61 6e 64 20 69 73 20 73 75 69 74 61 62 6c 65 20 66 6f 72 20 77	ysteresis,.and.is.suitable.for.w
6ee40	69 72 65 64 20 6e 65 74 77 6f 72 6b 73 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 69 73 20 34 20	ired.networks..The.default.is.4.
6ee60	73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 74 68 65 20 74 69	s..This.command.specifies.the.ti
6ee80	6d 65 20 69 6e 20 6d 69 6c 6c 69 73 65 63 6f 6e 64 73 20 61 66 74 65 72 20 77 68 69 63 68 20 61	me.in.milliseconds.after.which.a
6eea0	6e 20 27 69 6d 70 6f 72 74 61 6e 74 27 20 72 65 71 75 65 73 74 20 6f 72 20 75 70 64 61 74 65 20	n.'important'.request.or.update.
6eec0	77 69 6c 6c 20 62 65 20 72 65 73 65 6e 74 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 69 73 20 32	will.be.resent..The.default.is.2
6eee0	30 30 30 20 6d 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 74	000.ms..This.command.specifies.t
6ef00	68 65 20 74 69 6d 65 20 69 6e 20 6d 69 6c 6c 69 73 65 63 6f 6e 64 73 20 62 65 74 77 65 65 6e 20	he.time.in.milliseconds.between.
6ef20	74 77 6f 20 73 63 68 65 64 75 6c 65 64 20 68 65 6c 6c 6f 73 2e 20 4f 6e 20 77 69 72 65 64 20 6c	two.scheduled.hellos..On.wired.l
6ef40	69 6e 6b 73 2c 20 42 61 62 65 6c 20 6e 6f 74 69 63 65 73 20 61 20 6c 69 6e 6b 20 66 61 69 6c 75	inks,.Babel.notices.a.link.failu
6ef60	72 65 20 77 69 74 68 69 6e 20 74 77 6f 20 68 65 6c 6c 6f 20 69 6e 74 65 72 76 61 6c 73 3b 20 6f	re.within.two.hello.intervals;.o
6ef80	6e 20 77 69 72 65 6c 65 73 73 20 6c 69 6e 6b 73 2c 20 74 68 65 20 6c 69 6e 6b 20 71 75 61 6c 69	n.wireless.links,.the.link.quali
6efa0	74 79 20 76 61 6c 75 65 20 69 73 20 72 65 65 73 74 69 6d 61 74 65 64 20 61 74 20 65 76 65 72 79	ty.value.is.reestimated.at.every
6efc0	20 68 65 6c 6c 6f 20 69 6e 74 65 72 76 61 6c 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 69 73 20	.hello.interval..The.default.is.
6efe0	34 30 30 30 20 6d 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20	4000.ms..This.command.specifies.
6f000	74 68 65 20 74 69 6d 65 20 69 6e 20 6d 69 6c 6c 69 73 65 63 6f 6e 64 73 20 62 65 74 77 65 65 6e	the.time.in.milliseconds.between
6f020	20 74 77 6f 20 73 63 68 65 64 75 6c 65 64 20 75 70 64 61 74 65 73 2e 20 53 69 6e 63 65 20 42 61	.two.scheduled.updates..Since.Ba
6f040	62 65 6c 20 6d 61 6b 65 73 20 65 78 74 65 6e 73 69 76 65 20 75 73 65 20 6f 66 20 74 72 69 67 67	bel.makes.extensive.use.of.trigg
6f060	65 72 65 64 20 75 70 64 61 74 65 73 2c 20 74 68 69 73 20 63 61 6e 20 62 65 20 73 65 74 20 74 6f	ered.updates,.this.can.be.set.to
6f080	20 66 61 69 72 6c 79 20 68 69 67 68 20 76 61 6c 75 65 73 20 6f 6e 20 6c 69 6e 6b 73 20 77 69 74	.fairly.high.values.on.links.wit
6f0a0	68 20 6c 69 74 74 6c 65 20 70 61 63 6b 65 74 20 6c 6f 73 73 2e 20 54 68 65 20 64 65 66 61 75 6c	h.little.packet.loss..The.defaul
6f0c0	74 20 69 73 20 32 30 30 30 30 20 6d 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63	t.is.20000.ms..This.command.spec
6f0e0	69 66 69 65 73 20 74 68 65 20 74 69 6d 65 6f 75 74 20 74 69 6d 65 72 2e 20 55 70 6f 6e 20 65 78	ifies.the.timeout.timer..Upon.ex
6f100	70 69 72 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 74 69 6d 65 6f 75 74 2c 20 74 68 65 20 72 6f 75	piration.of.the.timeout,.the.rou
6f120	74 65 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 76 61 6c 69 64 3b 20 68 6f 77 65 76 65 72 2c 20	te.is.no.longer.valid;.however,.
6f140	69 74 20 69 73 20 72 65 74 61 69 6e 65 64 20 69 6e 20 74 68 65 20 72 6f 75 74 69 6e 67 20 74 61	it.is.retained.in.the.routing.ta
6f160	62 6c 65 20 66 6f 72 20 61 20 73 68 6f 72 74 20 74 69 6d 65 20 73 6f 20 74 68 61 74 20 6e 65 69	ble.for.a.short.time.so.that.nei
6f180	67 68 62 6f 72 73 20 63 61 6e 20 62 65 20 6e 6f 74 69 66 69 65 64 20 74 68 61 74 20 74 68 65 20	ghbors.can.be.notified.that.the.
6f1a0	72 6f 75 74 65 20 68 61 73 20 62 65 65 6e 20 64 72 6f 70 70 65 64 2e 20 54 68 65 20 74 69 6d 65	route.has.been.dropped..The.time
6f1c0	20 72 61 6e 67 65 20 69 73 20 35 20 74 6f 20 32 31 34 37 34 38 33 36 34 37 2e 20 54 68 65 20 64	.range.is.5.to.2147483647..The.d
6f1e0	65 66 61 75 6c 74 20 76 61 6c 75 65 20 69 73 20 31 38 30 20 73 65 63 6f 6e 64 73 2e 00 54 68 69	efault.value.is.180.seconds..Thi
6f200	73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 74 68 65 20 75 70 64 61 74 65 20 74	s.command.specifies.the.update.t
6f220	69 6d 65 72 2e 20 45 76 65 72 79 20 75 70 64 61 74 65 20 74 69 6d 65 72 20 73 65 63 6f 6e 64 73	imer..Every.update.timer.seconds
6f240	2c 20 74 68 65 20 52 49 50 20 70 72 6f 63 65 73 73 20 69 73 20 61 77 61 6b 65 6e 65 64 20 74 6f	,.the.RIP.process.is.awakened.to
6f260	20 73 65 6e 64 20 61 6e 20 75 6e 73 6f 6c 69 63 69 74 65 64 20 72 65 73 70 6f 6e 73 65 20 6d 65	.send.an.unsolicited.response.me
6f280	73 73 61 67 65 20 63 6f 6e 74 61 69 6e 69 6e 67 20 74 68 65 20 63 6f 6d 70 6c 65 74 65 20 72 6f	ssage.containing.the.complete.ro
6f2a0	75 74 69 6e 67 20 74 61 62 6c 65 20 74 6f 20 61 6c 6c 20 6e 65 69 67 68 62 6f 72 69 6e 67 20 52	uting.table.to.all.neighboring.R
6f2c0	49 50 20 72 6f 75 74 65 72 73 2e 20 54 68 65 20 74 69 6d 65 20 72 61 6e 67 65 20 69 73 20 35 20	IP.routers..The.time.range.is.5.
6f2e0	74 6f 20 32 31 34 37 34 38 33 36 34 37 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 76 61 6c 75 65	to.2147483647..The.default.value
6f300	20 69 73 20 33 30 20 73 65 63 6f 6e 64 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65	.is.30.seconds..This.command.spe
6f320	63 69 66 69 65 73 20 77 68 65 74 68 65 72 20 74 6f 20 70 65 72 66 6f 72 6d 20 73 70 6c 69 74 2d	cifies.whether.to.perform.split-
6f340	68 6f 72 69 7a 6f 6e 20 6f 6e 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 2e 20 53 70 65 63 69 66	horizon.on.the.interface..Specif
6f360	79 69 6e 67 20 6e 6f 20 62 61 62 65 6c 20 73 70 6c 69 74 2d 68 6f 72 69 7a 6f 6e 20 69 73 20 61	ying.no.babel.split-horizon.is.a
6f380	6c 77 61 79 73 20 63 6f 72 72 65 63 74 2c 20 77 68 69 6c 65 20 62 61 62 65 6c 20 73 70 6c 69 74	lways.correct,.while.babel.split
6f3a0	2d 68 6f 72 69 7a 6f 6e 20 69 73 20 61 6e 20 6f 70 74 69 6d 69 73 61 74 69 6f 6e 20 74 68 61 74	-horizon.is.an.optimisation.that
6f3c0	20 73 68 6f 75 6c 64 20 6f 6e 6c 79 20 62 65 20 75 73 65 64 20 6f 6e 20 73 79 6d 6d 65 74 72 69	.should.only.be.used.on.symmetri
6f3e0	63 20 61 6e 64 20 74 72 61 6e 73 69 74 69 76 65 20 28 77 69 72 65 64 29 20 6e 65 74 77 6f 72 6b	c.and.transitive.(wired).network
6f400	73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 79 20 74 68 61 74 20 4f 53 50	s..This.command.specify.that.OSP
6f420	46 20 70 61 63 6b 65 74 73 20 6d 75 73 74 20 62 65 20 61 75 74 68 65 6e 74 69 63 61 74 65 64 20	F.packets.must.be.authenticated.
6f440	77 69 74 68 20 4d 44 35 20 48 4d 41 43 73 20 77 69 74 68 69 6e 20 74 68 65 20 67 69 76 65 6e 20	with.MD5.HMACs.within.the.given.
6f460	61 72 65 61 2e 20 4b 65 79 69 6e 67 20 6d 61 74 65 72 69 61 6c 20 6d 75 73 74 20 61 6c 73 6f 20	area..Keying.material.must.also.
6f480	62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 6f 6e 20 61 20 70 65 72 2d 69 6e 74 65 72 66 61 63 65	be.configured.on.a.per-interface
6f4a0	20 62 61 73 69 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 79 73 20 74 68	.basis..This.command.specifys.th
6f4c0	61 74 20 4d 44 35 20 48 4d 41 43 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 6d 75 73 74 20	at.MD5.HMAC.authentication.must.
6f4e0	62 65 20 75 73 65 64 20 6f 6e 20 74 68 69 73 20 69 6e 74 65 72 66 61 63 65 2e 20 49 74 20 73 65	be.used.on.this.interface..It.se
6f500	74 73 20 4f 53 50 46 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 6b 65 79 20 74 6f 20 61 20	ts.OSPF.authentication.key.to.a.
6f520	63 72 79 70 74 6f 67 72 61 70 68 69 63 20 70 61 73 73 77 6f 72 64 2e 20 4b 65 79 2d 69 64 20 69	cryptographic.password..Key-id.i
6f540	64 65 6e 74 69 66 69 65 73 20 73 65 63 72 65 74 20 6b 65 79 20 75 73 65 64 20 74 6f 20 63 72 65	dentifies.secret.key.used.to.cre
6f560	61 74 65 20 74 68 65 20 6d 65 73 73 61 67 65 20 64 69 67 65 73 74 2e 20 54 68 69 73 20 49 44 20	ate.the.message.digest..This.ID.
6f580	69 73 20 70 61 72 74 20 6f 66 20 74 68 65 20 70 72 6f 74 6f 63 6f 6c 20 61 6e 64 20 6d 75 73 74	is.part.of.the.protocol.and.must
6f5a0	20 62 65 20 63 6f 6e 73 69 73 74 65 6e 74 20 61 63 72 6f 73 73 20 72 6f 75 74 65 72 73 20 6f 6e	.be.consistent.across.routers.on
6f5c0	20 61 20 6c 69 6e 6b 2e 20 54 68 65 20 6b 65 79 20 63 61 6e 20 62 65 20 6c 6f 6e 67 20 75 70 20	.a.link..The.key.can.be.long.up.
6f5e0	74 6f 20 31 36 20 63 68 61 72 73 20 28 6c 61 72 67 65 72 20 73 74 72 69 6e 67 73 20 77 69 6c 6c	to.16.chars.(larger.strings.will
6f600	20 62 65 20 74 72 75 6e 63 61 74 65 64 29 2c 20 61 6e 64 20 69 73 20 61 73 73 6f 63 69 61 74 65	.be.truncated),.and.is.associate
6f620	64 20 77 69 74 68 20 74 68 65 20 67 69 76 65 6e 20 6b 65 79 2d 69 64 2e 00 54 68 69 73 20 63 6f	d.with.the.given.key-id..This.co
6f640	6d 6d 61 6e 64 20 73 75 6d 6d 61 72 69 7a 65 73 20 69 6e 74 72 61 20 61 72 65 61 20 70 61 74 68	mmand.summarizes.intra.area.path
6f660	73 20 66 72 6f 6d 20 73 70 65 63 69 66 69 65 64 20 61 72 65 61 20 69 6e 74 6f 20 6f 6e 65 20 54	s.from.specified.area.into.one.T
6f680	79 70 65 2d 33 20 49 6e 74 65 72 2d 41 72 65 61 20 50 72 65 66 69 78 20 4c 53 41 20 61 6e 6e 6f	ype-3.Inter-Area.Prefix.LSA.anno
6f6a0	75 6e 63 65 64 20 74 6f 20 6f 74 68 65 72 20 61 72 65 61 73 2e 20 54 68 69 73 20 63 6f 6d 6d 61	unced.to.other.areas..This.comma
6f6c0	6e 64 20 63 61 6e 20 62 65 20 75 73 65 64 20 6f 6e 6c 79 20 69 6e 20 41 42 52 2e 00 54 68 69 73	nd.can.be.used.only.in.ABR..This
6f6e0	20 63 6f 6d 6d 61 6e 64 20 73 75 6d 6d 61 72 69 7a 65 73 20 69 6e 74 72 61 20 61 72 65 61 20 70	.command.summarizes.intra.area.p
6f700	61 74 68 73 20 66 72 6f 6d 20 73 70 65 63 69 66 69 65 64 20 61 72 65 61 20 69 6e 74 6f 20 6f 6e	aths.from.specified.area.into.on
6f720	65 20 73 75 6d 6d 61 72 79 2d 4c 53 41 20 28 54 79 70 65 2d 33 29 20 61 6e 6e 6f 75 6e 63 65 64	e.summary-LSA.(Type-3).announced
6f740	20 74 6f 20 6f 74 68 65 72 20 61 72 65 61 73 2e 20 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 63 61	.to.other.areas..This.command.ca
6f760	6e 20 62 65 20 75 73 65 64 20 6f 6e 6c 79 20 69 6e 20 41 42 52 20 61 6e 64 20 4f 4e 4c 59 20 72	n.be.used.only.in.ABR.and.ONLY.r
6f780	6f 75 74 65 72 2d 4c 53 41 73 20 28 54 79 70 65 2d 31 29 20 61 6e 64 20 6e 65 74 77 6f 72 6b 2d	outer-LSAs.(Type-1).and.network-
6f7a0	4c 53 41 73 20 28 54 79 70 65 2d 32 29 20 28 69 2e 65 2e 20 4c 53 41 73 20 77 69 74 68 20 73 63	LSAs.(Type-2).(i.e..LSAs.with.sc
6f7c0	6f 70 65 20 61 72 65 61 29 20 63 61 6e 20 62 65 20 73 75 6d 6d 61 72 69 7a 65 64 2e 20 41 53 2d	ope.area).can.be.summarized..AS-
6f7e0	65 78 74 65 72 6e 61 6c 2d 4c 53 41 73 20 28 54 79 70 65 2d 35 29 20 63 61 6e e2 80 99 74 20 62	external-LSAs.(Type-5).can...t.b
6f800	65 20 73 75 6d 6d 61 72 69 7a 65 64 20 2d 20 74 68 65 69 72 20 73 63 6f 70 65 20 69 73 20 41 53	e.summarized.-.their.scope.is.AS
6f820	2e 20 54 68 65 20 6f 70 74 69 6f 6e 61 6c 20 61 72 67 75 6d 65 6e 74 20 3a 63 66 67 63 6d 64 3a	..The.optional.argument.:cfgcmd:
6f840	60 63 6f 73 74 60 20 73 70 65 63 69 66 69 65 73 20 74 68 65 20 61 67 67 72 65 67 61 74 65 64 20	`cost`.specifies.the.aggregated.
6f860	6c 69 6e 6b 20 6d 65 74 72 69 63 2e 20 54 68 65 20 6d 65 74 72 69 63 20 72 61 6e 67 65 20 69 73	link.metric..The.metric.range.is
6f880	20 30 20 74 6f 20 31 36 37 37 37 32 31 35 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20	.0.to.16777215..This.command.to.
6f8a0	65 6e 73 75 72 65 20 6e 6f 74 20 61 64 76 65 72 74 69 73 65 20 74 68 65 20 73 75 6d 6d 61 72 79	ensure.not.advertise.the.summary
6f8c0	20 6c 73 61 20 66 6f 72 20 74 68 65 20 6d 61 74 63 68 65 64 20 65 78 74 65 72 6e 61 6c 20 4c 53	.lsa.for.the.matched.external.LS
6f8e0	41 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 75 73 65 73 20 74 6f 20 63 6c 65 61 72 20 42	As..This.command.uses.to.clear.B
6f900	47 50 20 72 6f 75 74 65 20 64 61 6d 70 65 6e 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61	GP.route.dampening.information.a
6f920	6e 64 20 74 6f 20 75 6e 73 75 70 70 72 65 73 73 20 73 75 70 70 72 65 73 73 65 64 20 72 6f 75 74	nd.to.unsuppress.suppressed.rout
6f940	65 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 77 61 73 20 69 6e 74 72 6f 64 75 63 65 64 20	es..This.command.was.introduced.
6f960	69 6e 20 56 79 4f 53 20 31 2e 34 20 2d 20 69 74 20 77 61 73 20 70 72 65 76 69 6f 75 73 6c 79 20	in.VyOS.1.4.-.it.was.previously.
6f980	63 61 6c 6c 65 64 3a 20 60 60 73 65 74 20 66 69 72 65 77 61 6c 6c 20 6f 70 74 69 6f 6e 73 20 69	called:.``set.firewall.options.i
6f9a0	6e 74 65 72 66 61 63 65 20 3c 6e 61 6d 65 3e 20 61 64 6a 75 73 74 2d 6d 73 73 20 3c 76 61 6c 75	nterface.<name>.adjust-mss.<valu
6f9c0	65 3e 60 60 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 77 61 73 20 69 6e 74 72 6f 64 75 63 65 64	e>``.This.command.was.introduced
6f9e0	20 69 6e 20 56 79 4f 53 20 31 2e 34 20 2d 20 69 74 20 77 61 73 20 70 72 65 76 69 6f 75 73 6c 79	.in.VyOS.1.4.-.it.was.previously
6fa00	20 63 61 6c 6c 65 64 3a 20 60 60 73 65 74 20 66 69 72 65 77 61 6c 6c 20 6f 70 74 69 6f 6e 73 20	.called:.``set.firewall.options.
6fa20	69 6e 74 65 72 66 61 63 65 20 3c 6e 61 6d 65 3e 20 61 64 6a 75 73 74 2d 6d 73 73 36 20 3c 76 61	interface.<name>.adjust-mss6.<va
6fa40	6c 75 65 3e 60 60 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 77 69 6c 6c 20 63 68 61 6e 67 65 20	lue>``.This.command.will.change.
6fa60	74 68 65 20 68 6f 6c 64 20 64 6f 77 6e 20 76 61 6c 75 65 20 66 6f 72 20 49 47 50 2d 4c 44 50 20	the.hold.down.value.for.IGP-LDP.
6fa80	73 79 6e 63 68 72 6f 6e 69 7a 61 74 69 6f 6e 20 64 75 72 69 6e 67 20 63 6f 6e 76 65 72 67 65 6e	synchronization.during.convergen
6faa0	63 65 2f 69 6e 74 65 72 66 61 63 65 20 66 6c 61 70 20 65 76 65 6e 74 73 2c 20 62 75 74 20 66 6f	ce/interface.flap.events,.but.fo
6fac0	72 20 74 68 69 73 20 69 6e 74 65 72 66 61 63 65 20 6f 6e 6c 79 2e 00 54 68 69 73 20 63 6f 6d 6d	r.this.interface.only..This.comm
6fae0	61 6e 64 20 77 69 6c 6c 20 63 68 61 6e 67 65 20 74 68 65 20 68 6f 6c 64 20 64 6f 77 6e 20 76 61	and.will.change.the.hold.down.va
6fb00	6c 75 65 20 67 6c 6f 62 61 6c 6c 79 20 66 6f 72 20 49 47 50 2d 4c 44 50 20 73 79 6e 63 68 72 6f	lue.globally.for.IGP-LDP.synchro
6fb20	6e 69 7a 61 74 69 6f 6e 20 64 75 72 69 6e 67 20 63 6f 6e 76 65 72 67 65 6e 63 65 2f 69 6e 74 65	nization.during.convergence/inte
6fb40	72 66 61 63 65 20 66 6c 61 70 20 65 76 65 6e 74 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20	rface.flap.events..This.command.
6fb60	77 69 6c 6c 20 65 6e 61 62 6c 65 20 49 47 50 2d 4c 44 50 20 73 79 6e 63 68 72 6f 6e 69 7a 61 74	will.enable.IGP-LDP.synchronizat
6fb80	69 6f 6e 20 67 6c 6f 62 61 6c 6c 79 20 66 6f 72 20 49 53 49 53 2e 20 54 68 69 73 20 72 65 71 75	ion.globally.for.ISIS..This.requ
6fba0	69 72 65 73 20 66 6f 72 20 4c 44 50 20 74 6f 20 62 65 20 66 75 6e 63 74 69 6f 6e 61 6c 2e 20 54	ires.for.LDP.to.be.functional..T
6fbc0	68 69 73 20 69 73 20 64 65 73 63 72 69 62 65 64 20 69 6e 20 3a 72 66 63 3a 60 35 34 34 33 60 2e	his.is.described.in.:rfc:`5443`.
6fbe0	20 42 79 20 64 65 66 61 75 6c 74 20 61 6c 6c 20 69 6e 74 65 72 66 61 63 65 73 20 6f 70 65 72 61	.By.default.all.interfaces.opera
6fc00	74 69 6f 6e 61 6c 20 69 6e 20 49 53 2d 49 53 20 61 72 65 20 65 6e 61 62 6c 65 64 20 66 6f 72 20	tional.in.IS-IS.are.enabled.for.
6fc20	73 79 6e 63 68 72 6f 6e 69 7a 61 74 69 6f 6e 2e 20 4c 6f 6f 70 62 61 63 6b 73 20 61 72 65 20 65	synchronization..Loopbacks.are.e
6fc40	78 65 6d 70 74 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 77 69 6c 6c 20 65 6e 61 62 6c 65 20	xempt..This.command.will.enable.
6fc60	49 47 50 2d 4c 44 50 20 73 79 6e 63 68 72 6f 6e 69 7a 61 74 69 6f 6e 20 67 6c 6f 62 61 6c 6c 79	IGP-LDP.synchronization.globally
6fc80	20 66 6f 72 20 4f 53 50 46 2e 20 54 68 69 73 20 72 65 71 75 69 72 65 73 20 66 6f 72 20 4c 44 50	.for.OSPF..This.requires.for.LDP
6fca0	20 74 6f 20 62 65 20 66 75 6e 63 74 69 6f 6e 61 6c 2e 20 54 68 69 73 20 69 73 20 64 65 73 63 72	.to.be.functional..This.is.descr
6fcc0	69 62 65 64 20 69 6e 20 3a 72 66 63 3a 60 35 34 34 33 60 2e 20 42 79 20 64 65 66 61 75 6c 74 20	ibed.in.:rfc:`5443`..By.default.
6fce0	61 6c 6c 20 69 6e 74 65 72 66 61 63 65 73 20 6f 70 65 72 61 74 69 6f 6e 61 6c 20 69 6e 20 4f 53	all.interfaces.operational.in.OS
6fd00	50 46 20 61 72 65 20 65 6e 61 62 6c 65 64 20 66 6f 72 20 73 79 6e 63 68 72 6f 6e 69 7a 61 74 69	PF.are.enabled.for.synchronizati
6fd20	6f 6e 2e 20 4c 6f 6f 70 62 61 63 6b 73 20 61 72 65 20 65 78 65 6d 70 74 2e 00 54 68 69 73 20 63	on..Loopbacks.are.exempt..This.c
6fd40	6f 6d 6d 61 6e 64 20 77 69 6c 6c 20 67 65 6e 65 72 61 74 65 20 61 20 64 65 66 61 75 6c 74 2d 72	ommand.will.generate.a.default-r
6fd60	6f 75 74 65 20 69 6e 20 4c 31 20 64 61 74 61 62 61 73 65 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e	oute.in.L1.database..This.comman
6fd80	64 20 77 69 6c 6c 20 67 65 6e 65 72 61 74 65 20 61 20 64 65 66 61 75 6c 74 2d 72 6f 75 74 65 20	d.will.generate.a.default-route.
6fda0	69 6e 20 4c 32 20 64 61 74 61 62 61 73 65 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 77 69 6c	in.L2.database..This.command.wil
6fdc0	6c 20 67 69 76 65 20 61 6e 20 6f 76 65 72 76 69 65 77 20 6f 66 20 61 20 72 75 6c 65 20 69 6e 20	l.give.an.overview.of.a.rule.in.
6fde0	61 20 73 69 6e 67 6c 65 20 72 75 6c 65 2d 73 65 74 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 77	a.single.rule-set.This.command.w
6fe00	69 6c 6c 20 67 69 76 65 20 61 6e 20 6f 76 65 72 76 69 65 77 20 6f 66 20 61 20 72 75 6c 65 20 69	ill.give.an.overview.of.a.rule.i
6fe20	6e 20 61 20 73 69 6e 67 6c 65 20 72 75 6c 65 2d 73 65 74 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e	n.a.single.rule-set..This.comman
6fe40	64 20 77 69 6c 6c 20 67 69 76 65 20 61 6e 20 6f 76 65 72 76 69 65 77 20 6f 66 20 61 20 73 69 6e	d.will.give.an.overview.of.a.sin
6fe60	67 6c 65 20 72 75 6c 65 2d 73 65 74 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 77 6f 75 6c 64	gle.rule-set..This.command.would
6fe80	20 61 6c 6c 6f 77 20 74 68 65 20 64 79 6e 61 6d 69 63 20 75 70 64 61 74 65 20 6f 66 20 63 61 70	.allow.the.dynamic.update.of.cap
6fea0	61 62 69 6c 69 74 69 65 73 20 6f 76 65 72 20 61 6e 20 65 73 74 61 62 6c 69 73 68 65 64 20 42 47	abilities.over.an.established.BG
6fec0	50 20 73 65 73 73 69 6f 6e 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 73 20 63 72 65 61 74 65 73	P.session..This.commands.creates
6fee0	20 61 20 62 72 69 64 67 65 20 74 68 61 74 20 69 73 20 75 73 65 64 20 74 6f 20 62 69 6e 64 20 74	.a.bridge.that.is.used.to.bind.t
6ff00	72 61 66 66 69 63 20 6f 6e 20 65 74 68 31 20 76 6c 61 6e 20 32 34 31 20 77 69 74 68 20 74 68 65	raffic.on.eth1.vlan.241.with.the
6ff20	20 76 78 6c 61 6e 32 34 31 2d 69 6e 74 65 72 66 61 63 65 2e 20 54 68 65 20 49 50 20 61 64 64 72	.vxlan241-interface..The.IP.addr
6ff40	65 73 73 20 69 73 20 6e 6f 74 20 72 65 71 75 69 72 65 64 2e 20 49 74 20 6d 61 79 20 68 6f 77 65	ess.is.not.required..It.may.howe
6ff60	76 65 72 20 62 65 20 75 73 65 64 20 61 73 20 61 20 64 65 66 61 75 6c 74 20 67 61 74 65 77 61 79	ver.be.used.as.a.default.gateway
6ff80	20 66 6f 72 20 65 61 63 68 20 4c 65 61 66 20 77 68 69 63 68 20 61 6c 6c 6f 77 73 20 64 65 76 69	.for.each.Leaf.which.allows.devi
6ffa0	63 65 73 20 6f 6e 20 74 68 65 20 76 6c 61 6e 20 74 6f 20 72 65 61 63 68 20 6f 74 68 65 72 20 73	ces.on.the.vlan.to.reach.other.s
6ffc0	75 62 6e 65 74 73 2e 20 54 68 69 73 20 72 65 71 75 69 72 65 73 20 74 68 61 74 20 74 68 65 20 73	ubnets..This.requires.that.the.s
6ffe0	75 62 6e 65 74 73 20 61 72 65 20 72 65 64 69 73 74 72 69 62 75 74 65 64 20 62 79 20 4f 53 50 46	ubnets.are.redistributed.by.OSPF
70000	20 73 6f 20 74 68 61 74 20 74 68 65 20 53 70 69 6e 65 20 77 69 6c 6c 20 6c 65 61 72 6e 20 68 6f	.so.that.the.Spine.will.learn.ho
70020	77 20 74 6f 20 72 65 61 63 68 20 69 74 2e 20 54 6f 20 64 6f 20 74 68 69 73 20 79 6f 75 20 6e 65	w.to.reach.it..To.do.this.you.ne
70040	65 64 20 74 6f 20 63 68 61 6e 67 65 20 74 68 65 20 4f 53 50 46 20 6e 65 74 77 6f 72 6b 20 66 72	ed.to.change.the.OSPF.network.fr
70060	6f 6d 20 27 31 30 2e 30 2e 30 2e 30 2f 38 27 20 74 6f 20 27 30 2e 30 2e 30 2e 30 2f 30 27 20 74	om.'10.0.0.0/8'.to.'0.0.0.0/0'.t
70080	6f 20 61 6c 6c 6f 77 20 31 37 32 2e 31 36 2f 31 32 2d 6e 65 74 77 6f 72 6b 73 20 74 6f 20 62 65	o.allow.172.16/12-networks.to.be
700a0	20 61 64 76 65 72 74 69 73 65 64 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 73 20 73 70 65 63 69	.advertised..This.commands.speci
700c0	66 69 65 73 20 74 68 65 20 46 69 6e 69 74 65 20 53 74 61 74 65 20 4d 61 63 68 69 6e 65 20 28 46	fies.the.Finite.State.Machine.(F
700e0	53 4d 29 20 69 6e 74 65 6e 64 65 64 20 74 6f 20 63 6f 6e 74 72 6f 6c 20 74 68 65 20 74 69 6d 69	SM).intended.to.control.the.timi
70100	6e 67 20 6f 66 20 74 68 65 20 65 78 65 63 75 74 69 6f 6e 20 6f 66 20 53 50 46 20 63 61 6c 63 75	ng.of.the.execution.of.SPF.calcu
70120	6c 61 74 69 6f 6e 73 20 69 6e 20 72 65 73 70 6f 6e 73 65 20 74 6f 20 49 47 50 20 65 76 65 6e 74	lations.in.response.to.IGP.event
70140	73 2e 20 54 68 65 20 70 72 6f 63 65 73 73 20 64 65 73 63 72 69 62 65 64 20 69 6e 20 3a 72 66 63	s..The.process.described.in.:rfc
70160	3a 60 38 34 30 35 60 2e 00 54 68 69 73 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 65 6e 61 62	:`8405`..This.configuration.enab
70180	6c 65 73 20 74 68 65 20 54 43 50 20 72 65 76 65 72 73 65 20 70 72 6f 78 79 20 66 6f 72 20 74 68	les.the.TCP.reverse.proxy.for.th
701a0	65 20 22 6d 79 2d 74 63 70 2d 61 70 69 22 20 73 65 72 76 69 63 65 2e 20 49 6e 63 6f 6d 69 6e 67	e."my-tcp-api".service..Incoming
701c0	20 54 43 50 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 6f 6e 20 70 6f 72 74 20 38 38 38 38 20 77 69	.TCP.connections.on.port.8888.wi
701e0	6c 6c 20 62 65 20 6c 6f 61 64 20 62 61 6c 61 6e 63 65 64 20 61 63 72 6f 73 73 20 74 68 65 20 62	ll.be.load.balanced.across.the.b
70200	61 63 6b 65 6e 64 20 73 65 72 76 65 72 73 20 28 73 72 76 30 31 20 61 6e 64 20 73 72 76 30 32 29	ackend.servers.(srv01.and.srv02)
70220	20 75 73 69 6e 67 20 74 68 65 20 72 6f 75 6e 64 2d 72 6f 62 69 6e 20 6c 6f 61 64 2d 62 61 6c 61	.using.the.round-robin.load-bala
70240	6e 63 69 6e 67 20 61 6c 67 6f 72 69 74 68 6d 2e 00 54 68 69 73 20 63 6f 6e 66 69 67 75 72 61 74	ncing.algorithm..This.configurat
70260	69 6f 6e 20 6c 69 73 74 65 6e 20 6f 6e 20 70 6f 72 74 20 38 30 20 61 6e 64 20 72 65 64 69 72 65	ion.listen.on.port.80.and.redire
70280	63 74 20 69 6e 63 6f 6d 69 6e 67 20 72 65 71 75 65 73 74 73 20 74 6f 20 48 54 54 50 53 3a 00 54	ct.incoming.requests.to.HTTPS:.T
702a0	68 69 73 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6d 6f 64 69 66 69 65 73 20 74 68 65 20 62	his.configuration.modifies.the.b
702c0	65 68 61 76 69 6f 72 20 6f 66 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 73 74 61 74 65 6d 65 6e 74	ehavior.of.the.network.statement
702e0	2e 20 49 66 20 79 6f 75 20 68 61 76 65 20 74 68 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 74 68	..If.you.have.this.configured.th
70300	65 20 75 6e 64 65 72 6c 79 69 6e 67 20 6e 65 74 77 6f 72 6b 20 6d 75 73 74 20 65 78 69 73 74 20	e.underlying.network.must.exist.
70320	69 6e 20 74 68 65 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 2e 00 54 68 69 73 20 63 6f 6e 66 69	in.the.routing.table..This.confi
70340	67 75 72 61 74 69 6f 6e 20 70 61 72 61 6d 65 74 65 72 20 6c 65 74 73 20 74 68 65 20 44 48 43 50	guration.parameter.lets.the.DHCP
70360	20 73 65 72 76 65 72 20 74 6f 20 6c 69 73 74 65 6e 20 66 6f 72 20 44 48 43 50 20 72 65 71 75 65	.server.to.listen.for.DHCP.reque
70380	73 74 73 20 73 65 6e 74 20 74 6f 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 61 64 64 72 65 73	sts.sent.to.the.specified.addres
703a0	73 2c 20 69 74 20 69 73 20 6f 6e 6c 79 20 72 65 61 6c 69 73 74 69 63 61 6c 6c 79 20 75 73 65 66	s,.it.is.only.realistically.usef
703c0	75 6c 20 66 6f 72 20 61 20 73 65 72 76 65 72 20 77 68 6f 73 65 20 6f 6e 6c 79 20 63 6c 69 65 6e	ul.for.a.server.whose.only.clien
703e0	74 73 20 61 72 65 20 72 65 61 63 68 65 64 20 76 69 61 20 75 6e 69 63 61 73 74 73 2c 20 73 75 63	ts.are.reached.via.unicasts,.suc
70400	68 20 61 73 20 76 69 61 20 44 48 43 50 20 72 65 6c 61 79 20 61 67 65 6e 74 73 2e 00 54 68 69 73	h.as.via.DHCP.relay.agents..This
70420	20 63 6f 75 6c 64 20 62 65 20 68 65 6c 70 66 75 6c 20 69 66 20 79 6f 75 20 77 61 6e 74 20 74 6f	.could.be.helpful.if.you.want.to
70440	20 74 65 73 74 20 68 6f 77 20 61 6e 20 61 70 70 6c 69 63 61 74 69 6f 6e 20 62 65 68 61 76 65 73	.test.how.an.application.behaves
70460	20 75 6e 64 65 72 20 63 65 72 74 61 69 6e 20 6e 65 74 77 6f 72 6b 20 63 6f 6e 64 69 74 69 6f 6e	.under.certain.network.condition
70480	73 2e 00 54 68 69 73 20 63 72 65 61 74 65 73 20 61 20 72 6f 75 74 65 20 70 6f 6c 69 63 79 20 63	s..This.creates.a.route.policy.c
704a0	61 6c 6c 65 64 20 46 49 4c 54 45 52 2d 57 45 42 20 77 69 74 68 20 6f 6e 65 20 72 75 6c 65 20 74	alled.FILTER-WEB.with.one.rule.t
704c0	6f 20 73 65 74 20 74 68 65 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 20 66 6f 72 20 6d 61 74 63	o.set.the.routing.table.for.matc
704e0	68 69 6e 67 20 74 72 61 66 66 69 63 20 28 54 43 50 20 70 6f 72 74 20 38 30 29 20 74 6f 20 74 61	hing.traffic.(TCP.port.80).to.ta
70500	62 6c 65 20 49 44 20 31 30 30 20 69 6e 73 74 65 61 64 20 6f 66 20 74 68 65 20 64 65 66 61 75 6c	ble.ID.100.instead.of.the.defaul
70520	74 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 2e 00 54 68 69 73 20 64 65 66 61 75 6c 74 73 20 74	t.routing.table..This.defaults.t
70540	6f 20 31 30 30 30 30 2e 00 54 68 69 73 20 64 65 66 61 75 6c 74 73 20 74 6f 20 31 38 31 32 2e 00	o.10000..This.defaults.to.1812..
70560	54 68 69 73 20 64 65 66 61 75 6c 74 73 20 74 6f 20 32 30 30 37 2e 00 54 68 69 73 20 64 65 66 61	This.defaults.to.2007..This.defa
70580	75 6c 74 73 20 74 6f 20 33 30 20 73 65 63 6f 6e 64 73 2e 00 54 68 69 73 20 64 65 66 61 75 6c 74	ults.to.30.seconds..This.default
705a0	73 20 74 6f 20 33 30 30 20 73 65 63 6f 6e 64 73 2e 00 54 68 69 73 20 64 65 66 61 75 6c 74 73 20	s.to.300.seconds..This.defaults.
705c0	74 6f 20 34 39 2e 00 54 68 69 73 20 64 65 66 61 75 6c 74 73 20 74 6f 20 35 2e 00 54 68 69 73 20	to.49..This.defaults.to.5..This.
705e0	64 65 66 61 75 6c 74 73 20 74 6f 20 55 44 50 00 54 68 69 73 20 64 65 66 61 75 6c 74 73 20 74 6f	defaults.to.UDP.This.defaults.to
70600	20 70 68 79 30 2e 00 54 68 69 73 20 64 65 70 65 6e 64 73 20 6f 6e 20 74 68 65 20 64 72 69 76 65	.phy0..This.depends.on.the.drive
70620	72 20 63 61 70 61 62 69 6c 69 74 69 65 73 20 61 6e 64 20 6d 61 79 20 6e 6f 74 20 62 65 20 61 76	r.capabilities.and.may.not.be.av
70640	61 69 6c 61 62 6c 65 20 77 69 74 68 20 61 6c 6c 20 64 72 69 76 65 72 73 2e 00 54 68 69 73 20 64	ailable.with.all.drivers..This.d
70660	69 61 62 6c 65 20 74 68 65 20 65 78 74 65 72 6e 61 6c 20 63 61 63 68 65 20 61 6e 64 20 64 69 72	iable.the.external.cache.and.dir
70680	65 63 74 6c 79 20 69 6e 6a 65 63 74 73 20 74 68 65 20 66 6c 6f 77 2d 73 74 61 74 65 73 20 69 6e	ectly.injects.the.flow-states.in
706a0	74 6f 20 74 68 65 20 69 6e 2d 6b 65 72 6e 65 6c 20 43 6f 6e 6e 65 63 74 69 6f 6e 20 54 72 61 63	to.the.in-kernel.Connection.Trac
706c0	6b 69 6e 67 20 53 79 73 74 65 6d 20 6f 66 20 74 68 65 20 62 61 63 6b 75 70 20 66 69 72 65 77 61	king.System.of.the.backup.firewa
706e0	6c 6c 2e 00 54 68 69 73 20 64 69 61 67 72 61 6d 20 63 6f 72 72 65 73 70 6f 6e 64 73 20 77 69 74	ll..This.diagram.corresponds.wit
70700	68 20 74 68 65 20 65 78 61 6d 70 6c 65 20 73 69 74 65 20 74 6f 20 73 69 74 65 20 63 6f 6e 66 69	h.the.example.site.to.site.confi
70720	67 75 72 61 74 69 6f 6e 20 62 65 6c 6f 77 2e 00 54 68 69 73 20 65 6e 61 62 6c 65 73 20 3a 72 66	guration.below..This.enables.:rf
70740	63 3a 60 33 31 33 37 60 20 73 75 70 70 6f 72 74 2c 20 77 68 65 72 65 20 74 68 65 20 4f 53 50 46	c:`3137`.support,.where.the.OSPF
70760	20 70 72 6f 63 65 73 73 20 64 65 73 63 72 69 62 65 73 20 69 74 73 20 74 72 61 6e 73 69 74 20 6c	.process.describes.its.transit.l
70780	69 6e 6b 73 20 69 6e 20 69 74 73 20 72 6f 75 74 65 72 2d 4c 53 41 20 61 73 20 68 61 76 69 6e 67	inks.in.its.router-LSA.as.having
707a0	20 69 6e 66 69 6e 69 74 65 20 64 69 73 74 61 6e 63 65 20 73 6f 20 74 68 61 74 20 6f 74 68 65 72	.infinite.distance.so.that.other
707c0	20 72 6f 75 74 65 72 73 20 77 69 6c 6c 20 61 76 6f 69 64 20 63 61 6c 63 75 6c 61 74 69 6e 67 20	.routers.will.avoid.calculating.
707e0	74 72 61 6e 73 69 74 20 70 61 74 68 73 20 74 68 72 6f 75 67 68 20 74 68 65 20 72 6f 75 74 65 72	transit.paths.through.the.router
70800	20 77 68 69 6c 65 20 73 74 69 6c 6c 20 62 65 69 6e 67 20 61 62 6c 65 20 74 6f 20 72 65 61 63 68	.while.still.being.able.to.reach
70820	20 6e 65 74 77 6f 72 6b 73 20 74 68 72 6f 75 67 68 20 74 68 65 20 72 6f 75 74 65 72 2e 00 54 68	.networks.through.the.router..Th
70840	69 73 20 65 6e 61 62 6c 65 73 20 74 68 65 20 67 72 65 65 6e 66 69 65 6c 64 20 6f 70 74 69 6f 6e	is.enables.the.greenfield.option
70860	20 77 68 69 63 68 20 73 65 74 73 20 74 68 65 20 60 60 5b 47 46 5d 60 60 20 6f 70 74 69 6f 6e 00	.which.sets.the.``[GF]``.option.
70880	54 68 69 73 20 65 73 74 61 62 6c 69 73 68 65 73 20 6f 75 72 20 50 6f 72 74 20 46 6f 72 77 61 72	This.establishes.our.Port.Forwar
708a0	64 20 72 75 6c 65 2c 20 62 75 74 20 69 66 20 77 65 20 63 72 65 61 74 65 64 20 61 20 66 69 72 65	d.rule,.but.if.we.created.a.fire
708c0	77 61 6c 6c 20 70 6f 6c 69 63 79 20 69 74 20 77 69 6c 6c 20 6c 69 6b 65 6c 79 20 62 6c 6f 63 6b	wall.policy.it.will.likely.block
708e0	20 74 68 65 20 74 72 61 66 66 69 63 2e 00 54 68 69 73 20 65 78 61 6d 70 6c 65 20 73 68 6f 77 73	.the.traffic..This.example.shows
70900	20 68 6f 77 20 74 6f 20 74 61 72 67 65 74 20 61 6e 20 4d 53 53 20 63 6c 61 6d 70 20 28 69 6e 20	.how.to.target.an.MSS.clamp.(in.
70920	6f 75 72 20 65 78 61 6d 70 6c 65 20 74 6f 20 31 33 36 30 20 62 79 74 65 73 29 20 74 6f 20 61 20	our.example.to.1360.bytes).to.a.
70940	73 70 65 63 69 66 69 63 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 49 50 2e 00 54 68 69 73 20 66 65	specific.destination.IP..This.fe
70960	61 74 75 72 65 20 73 75 6d 6d 61 72 69 73 65 73 20 6f 72 69 67 69 6e 61 74 65 64 20 65 78 74 65	ature.summarises.originated.exte
70980	72 6e 61 6c 20 4c 53 41 73 20 28 54 79 70 65 2d 35 20 61 6e 64 20 54 79 70 65 2d 37 29 2e 20 53	rnal.LSAs.(Type-5.and.Type-7)..S
709a0	75 6d 6d 61 72 79 20 52 6f 75 74 65 20 77 69 6c 6c 20 62 65 20 6f 72 69 67 69 6e 61 74 65 64 20	ummary.Route.will.be.originated.
709c0	6f 6e 2d 62 65 68 61 6c 66 20 6f 66 20 61 6c 6c 20 6d 61 74 63 68 65 64 20 65 78 74 65 72 6e 61	on-behalf.of.all.matched.externa
709e0	6c 20 4c 53 41 73 2e 00 54 68 69 73 20 66 75 6e 63 74 69 6f 6e 73 20 66 6f 72 20 62 6f 74 68 20	l.LSAs..This.functions.for.both.
70a00	69 6e 64 69 76 69 64 75 61 6c 20 61 64 64 72 65 73 73 65 73 20 61 6e 64 20 61 64 64 72 65 73 73	individual.addresses.and.address
70a20	20 67 72 6f 75 70 73 2e 00 54 68 69 73 20 67 69 76 65 73 20 75 73 20 49 47 50 2d 4c 44 50 20 73	.groups..This.gives.us.IGP-LDP.s
70a40	79 6e 63 68 72 6f 6e 69 7a 61 74 69 6f 6e 20 66 6f 72 20 61 6c 6c 20 6e 6f 6e 2d 6c 6f 6f 70 62	ynchronization.for.all.non-loopb
70a60	61 63 6b 20 69 6e 74 65 72 66 61 63 65 73 20 77 69 74 68 20 61 20 68 6f 6c 64 64 6f 77 6e 20 74	ack.interfaces.with.a.holddown.t
70a80	69 6d 65 72 20 6f 66 20 7a 65 72 6f 20 73 65 63 6f 6e 64 73 3a 00 54 68 69 73 20 67 69 76 65 73	imer.of.zero.seconds:.This.gives
70aa0	20 75 73 20 4d 50 4c 53 20 73 65 67 6d 65 6e 74 20 72 6f 75 74 69 6e 67 20 65 6e 61 62 6c 65 64	.us.MPLS.segment.routing.enabled
70ac0	20 61 6e 64 20 6c 61 62 65 6c 73 20 66 6f 72 20 66 61 72 20 65 6e 64 20 6c 6f 6f 70 62 61 63 6b	.and.labels.for.far.end.loopback
70ae0	73 3a 00 54 68 69 73 20 67 69 76 65 73 20 75 73 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 6e	s:.This.gives.us.the.following.n
70b00	65 69 67 68 62 6f 72 73 68 69 70 73 2c 20 4c 65 76 65 6c 20 31 20 61 6e 64 20 4c 65 76 65 6c 20	eighborships,.Level.1.and.Level.
70b20	32 3a 00 54 68 69 73 20 69 6e 73 74 72 75 63 74 73 20 6f 70 65 6e 6e 68 72 70 20 74 6f 20 72 65	2:.This.instructs.opennhrp.to.re
70b40	70 6c 79 20 77 69 74 68 20 61 75 74 68 6f 72 61 74 69 76 65 20 61 6e 73 77 65 72 73 20 6f 6e 20	ply.with.authorative.answers.on.
70b60	4e 48 52 50 20 52 65 73 6f 6c 75 74 69 6f 6e 20 52 65 71 75 65 73 74 73 20 64 65 73 74 69 6e 69	NHRP.Resolution.Requests.destini
70b80	65 64 20 74 6f 20 61 64 64 72 65 73 73 65 73 20 69 6e 20 74 68 69 73 20 69 6e 74 65 72 66 61 63	ed.to.addresses.in.this.interfac
70ba0	65 20 28 69 6e 73 74 65 61 64 20 6f 66 20 66 6f 72 77 61 72 64 69 6e 67 20 74 68 65 20 70 61 63	e.(instead.of.forwarding.the.pac
70bc0	6b 65 74 73 29 2e 20 54 68 69 73 20 65 66 66 65 63 74 69 76 65 6c 79 20 61 6c 6c 6f 77 73 20 74	kets)..This.effectively.allows.t
70be0	68 65 20 63 72 65 61 74 69 6f 6e 20 6f 66 20 73 68 6f 72 74 63 75 74 20 72 6f 75 74 65 73 20 74	he.creation.of.shortcut.routes.t
70c00	6f 20 73 75 62 6e 65 74 73 20 6c 6f 63 61 74 65 64 20 6f 6e 20 74 68 65 20 69 6e 74 65 72 66 61	o.subnets.located.on.the.interfa
70c20	63 65 2e 00 54 68 69 73 20 69 73 20 61 20 63 6f 6d 6d 6f 6e 20 73 63 65 6e 61 72 69 6f 20 77 68	ce..This.is.a.common.scenario.wh
70c40	65 72 65 20 62 6f 74 68 20 3a 72 65 66 3a 60 73 6f 75 72 63 65 2d 6e 61 74 60 20 61 6e 64 20 3a	ere.both.:ref:`source-nat`.and.:
70c60	72 65 66 3a 60 64 65 73 74 69 6e 61 74 69 6f 6e 2d 6e 61 74 60 20 61 72 65 20 63 6f 6e 66 69 67	ref:`destination-nat`.are.config
70c80	75 72 65 64 20 61 74 20 74 68 65 20 73 61 6d 65 20 74 69 6d 65 2e 20 49 74 27 73 20 63 6f 6d 6d	ured.at.the.same.time..It's.comm
70ca0	6f 6e 6c 79 20 75 73 65 64 20 77 68 65 6e 20 69 6e 74 65 72 6e 61 6c 20 28 70 72 69 76 61 74 65	only.used.when.internal.(private
70cc0	29 20 68 6f 73 74 73 20 6e 65 65 64 20 74 6f 20 65 73 74 61 62 6c 69 73 68 20 61 20 63 6f 6e 6e	).hosts.need.to.establish.a.conn
70ce0	65 63 74 69 6f 6e 20 77 69 74 68 20 65 78 74 65 72 6e 61 6c 20 72 65 73 6f 75 72 63 65 73 20 61	ection.with.external.resources.a
70d00	6e 64 20 65 78 74 65 72 6e 61 6c 20 73 79 73 74 65 6d 73 20 6e 65 65 64 20 74 6f 20 61 63 63 65	nd.external.systems.need.to.acce
70d20	73 73 20 69 6e 74 65 72 6e 61 6c 20 28 70 72 69 76 61 74 65 29 20 72 65 73 6f 75 72 63 65 73 2e	ss.internal.(private).resources.
70d40	00 54 68 69 73 20 69 73 20 61 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 70 61 72 61 6d 65 74	.This.is.a.configuration.paramet
70d60	65 72 20 66 6f 72 20 74 68 65 20 60 3c 73 75 62 6e 65 74 3e 60 2c 20 73 61 79 69 6e 67 20 74 68	er.for.the.`<subnet>`,.saying.th
70d80	61 74 20 61 73 20 70 61 72 74 20 6f 66 20 74 68 65 20 72 65 73 70 6f 6e 73 65 2c 20 74 65 6c 6c	at.as.part.of.the.response,.tell
70da0	20 74 68 65 20 63 6c 69 65 6e 74 20 74 68 61 74 20 74 68 65 20 64 65 66 61 75 6c 74 20 67 61 74	.the.client.that.the.default.gat
70dc0	65 77 61 79 20 63 61 6e 20 62 65 20 72 65 61 63 68 65 64 20 61 74 20 60 3c 61 64 64 72 65 73 73	eway.can.be.reached.at.`<address
70de0	3e 60 2e 00 54 68 69 73 20 69 73 20 61 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 70 61 72 61	>`..This.is.a.configuration.para
70e00	6d 65 74 65 72 20 66 6f 72 20 74 68 65 20 73 75 62 6e 65 74 2c 20 73 61 79 69 6e 67 20 74 68 61	meter.for.the.subnet,.saying.tha
70e20	74 20 61 73 20 70 61 72 74 20 6f 66 20 74 68 65 20 72 65 73 70 6f 6e 73 65 2c 20 74 65 6c 6c 20	t.as.part.of.the.response,.tell.
70e40	74 68 65 20 63 6c 69 65 6e 74 20 74 68 61 74 20 74 68 65 20 44 4e 53 20 73 65 72 76 65 72 20 63	the.client.that.the.DNS.server.c
70e60	61 6e 20 62 65 20 66 6f 75 6e 64 20 61 74 20 60 3c 61 64 64 72 65 73 73 3e 60 2e 00 54 68 69 73	an.be.found.at.`<address>`..This
70e80	20 69 73 20 61 20 6d 61 6e 64 61 74 6f 72 79 20 63 6f 6d 6d 61 6e 64 2e 20 53 65 74 73 20 72 65	.is.a.mandatory.command..Sets.re
70ea0	67 75 6c 61 72 20 65 78 70 72 65 73 73 69 6f 6e 20 74 6f 20 6d 61 74 63 68 20 61 67 61 69 6e 73	gular.expression.to.match.agains
70ec0	74 20 6c 6f 67 20 73 74 72 69 6e 67 20 6d 65 73 73 61 67 65 2e 00 54 68 69 73 20 69 73 20 61 20	t.log.string.message..This.is.a.
70ee0	6d 61 6e 64 61 74 6f 72 79 20 63 6f 6d 6d 61 6e 64 2e 20 53 65 74 73 20 74 68 65 20 66 75 6c 6c	mandatory.command..Sets.the.full
70f00	20 70 61 74 68 20 74 6f 20 74 68 65 20 73 63 72 69 70 74 2e 20 54 68 65 20 73 63 72 69 70 74 20	.path.to.the.script..The.script.
70f20	66 69 6c 65 20 6d 75 73 74 20 62 65 20 65 78 65 63 75 74 61 62 6c 65 2e 00 54 68 69 73 20 69 73	file.must.be.executable..This.is
70f40	20 61 20 6d 61 6e 64 61 74 6f 72 79 20 73 65 74 74 69 6e 67 2e 00 54 68 69 73 20 69 73 20 61 63	.a.mandatory.setting..This.is.ac
70f60	68 69 65 76 65 64 20 62 79 20 75 73 69 6e 67 20 74 68 65 20 66 69 72 73 74 20 74 68 72 65 65 20	hieved.by.using.the.first.three.
70f80	62 69 74 73 20 6f 66 20 74 68 65 20 54 6f 53 20 28 54 79 70 65 20 6f 66 20 53 65 72 76 69 63 65	bits.of.the.ToS.(Type.of.Service
70fa0	29 20 66 69 65 6c 64 20 74 6f 20 63 61 74 65 67 6f 72 69 7a 65 20 64 61 74 61 20 73 74 72 65 61	).field.to.categorize.data.strea
70fc0	6d 73 20 61 6e 64 2c 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 74 68 65 20 64	ms.and,.in.accordance.with.the.d
70fe0	65 66 69 6e 65 64 20 70 72 65 63 65 64 65 6e 63 65 20 70 61 72 61 6d 65 74 65 72 73 2c 20 61 20	efined.precedence.parameters,.a.
71000	64 65 63 69 73 69 6f 6e 20 69 73 20 6d 61 64 65 2e 00 54 68 69 73 20 69 73 20 61 6c 73 6f 20 6b	decision.is.made..This.is.also.k
71020	6e 6f 77 6e 20 61 73 20 74 68 65 20 48 55 42 73 20 49 50 20 61 64 64 72 65 73 73 20 6f 72 20 46	nown.as.the.HUBs.IP.address.or.F
71040	51 44 4e 2e 00 54 68 69 73 20 69 73 20 61 6e 20 6f 70 74 69 6f 6e 61 6c 20 63 6f 6d 6d 61 6e 64	QDN..This.is.an.optional.command
71060	20 62 65 63 61 75 73 65 20 74 68 65 20 65 76 65 6e 74 20 68 61 6e 64 6c 65 72 20 77 69 6c 6c 20	.because.the.event.handler.will.
71080	62 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 63 72 65 61 74 65 64 20 61 66 74 65 72 20 61	be.automatically.created.after.a
710a0	6e 79 20 6f 66 20 74 68 65 20 6e 65 78 74 20 63 6f 6d 6d 61 6e 64 73 2e 00 54 68 69 73 20 69 73	ny.of.the.next.commands..This.is
710c0	20 61 6e 20 6f 70 74 69 6f 6e 61 6c 20 63 6f 6d 6d 61 6e 64 2e 20 41 64 64 73 20 61 72 67 75 6d	.an.optional.command..Adds.argum
710e0	65 6e 74 73 20 74 6f 20 74 68 65 20 73 63 72 69 70 74 2e 20 41 72 67 75 6d 65 6e 74 73 20 6d 75	ents.to.the.script..Arguments.mu
71100	73 74 20 62 65 20 73 65 70 61 72 61 74 65 64 20 62 79 20 73 70 61 63 65 73 2e 00 54 68 69 73 20	st.be.separated.by.spaces..This.
71120	69 73 20 61 6e 20 6f 70 74 69 6f 6e 61 6c 20 63 6f 6d 6d 61 6e 64 2e 20 41 64 64 73 20 65 6e 76	is.an.optional.command..Adds.env
71140	69 72 6f 6e 6d 65 6e 74 20 61 6e 64 20 69 74 73 20 76 61 6c 75 65 20 74 6f 20 74 68 65 20 73 63	ironment.and.its.value.to.the.sc
71160	72 69 70 74 2e 20 55 73 65 20 73 65 70 61 72 61 74 65 20 63 6f 6d 6d 61 6e 64 73 20 66 6f 72 20	ript..Use.separate.commands.for.
71180	65 61 63 68 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 00 54 68 69 73 20 69 73 20 61 6e 20 6f 70 74	each.environment..This.is.an.opt
711a0	69 6f 6e 61 6c 20 63 6f 6d 6d 61 6e 64 2e 20 46 69 6c 74 65 72 73 20 6c 6f 67 20 6d 65 73 73 61	ional.command..Filters.log.messa
711c0	67 65 73 20 62 79 20 73 79 73 6c 6f 67 2d 69 64 65 6e 74 69 66 69 65 72 2e 00 54 68 69 73 20 69	ges.by.syslog-identifier..This.i
711e0	73 20 64 6f 6e 65 20 74 6f 20 73 75 70 70 6f 72 74 20 28 65 74 68 65 72 6e 65 74 29 20 73 77 69	s.done.to.support.(ethernet).swi
71200	74 63 68 20 66 65 61 74 75 72 65 73 2c 20 6c 69 6b 65 20 3a 72 66 63 3a 60 33 30 36 39 60 2c 20	tch.features,.like.:rfc:`3069`,.
71220	77 68 65 72 65 20 74 68 65 20 69 6e 64 69 76 69 64 75 61 6c 20 70 6f 72 74 73 20 61 72 65 20 4e	where.the.individual.ports.are.N
71240	4f 54 20 61 6c 6c 6f 77 65 64 20 74 6f 20 63 6f 6d 6d 75 6e 69 63 61 74 65 20 77 69 74 68 20 65	OT.allowed.to.communicate.with.e
71260	61 63 68 20 6f 74 68 65 72 2c 20 62 75 74 20 74 68 65 79 20 61 72 65 20 61 6c 6c 6f 77 65 64 20	ach.other,.but.they.are.allowed.
71280	74 6f 20 74 61 6c 6b 20 74 6f 20 74 68 65 20 75 70 73 74 72 65 61 6d 20 72 6f 75 74 65 72 2e 20	to.talk.to.the.upstream.router..
712a0	41 73 20 64 65 73 63 72 69 62 65 64 20 69 6e 20 3a 72 66 63 3a 60 33 30 36 39 60 2c 20 69 74 20	As.described.in.:rfc:`3069`,.it.
712c0	69 73 20 70 6f 73 73 69 62 6c 65 20 74 6f 20 61 6c 6c 6f 77 20 74 68 65 73 65 20 68 6f 73 74 73	is.possible.to.allow.these.hosts
712e0	20 74 6f 20 63 6f 6d 6d 75 6e 69 63 61 74 65 20 74 68 72 6f 75 67 68 20 74 68 65 20 75 70 73 74	.to.communicate.through.the.upst
71300	72 65 61 6d 20 72 6f 75 74 65 72 20 62 79 20 70 72 6f 78 79 5f 61 72 70 27 69 6e 67 2e 00 54 68	ream.router.by.proxy_arp'ing..Th
71320	69 73 20 69 73 20 65 73 70 65 63 69 61 6c 6c 79 20 75 73 65 66 75 6c 20 66 6f 72 20 74 68 65 20	is.is.especially.useful.for.the.
71340	75 70 73 74 72 65 61 6d 20 69 6e 74 65 72 66 61 63 65 2c 20 73 69 6e 63 65 20 74 68 65 20 73 6f	upstream.interface,.since.the.so
71360	75 72 63 65 20 66 6f 72 20 6d 75 6c 74 69 63 61 73 74 20 74 72 61 66 66 69 63 20 69 73 20 6f 66	urce.for.multicast.traffic.is.of
71380	74 65 6e 20 66 72 6f 6d 20 61 20 72 65 6d 6f 74 65 20 6c 6f 63 61 74 69 6f 6e 2e 00 54 68 69 73	ten.from.a.remote.location..This
713a0	20 69 73 20 6f 6e 65 20 6f 66 20 74 68 65 20 73 69 6d 70 6c 65 73 74 20 74 79 70 65 73 20 6f 66	.is.one.of.the.simplest.types.of
713c0	20 74 75 6e 6e 65 6c 73 2c 20 61 73 20 64 65 66 69 6e 65 64 20 62 79 20 3a 72 66 63 3a 60 32 30	.tunnels,.as.defined.by.:rfc:`20
713e0	30 33 60 2e 20 49 74 20 74 61 6b 65 73 20 61 6e 20 49 50 76 34 20 70 61 63 6b 65 74 20 61 6e 64	03`..It.takes.an.IPv4.packet.and
71400	20 73 65 6e 64 73 20 69 74 20 61 73 20 61 20 70 61 79 6c 6f 61 64 20 6f 66 20 61 6e 6f 74 68 65	.sends.it.as.a.payload.of.anothe
71420	72 20 49 50 76 34 20 70 61 63 6b 65 74 2e 20 46 6f 72 20 74 68 69 73 20 72 65 61 73 6f 6e 2c 20	r.IPv4.packet..For.this.reason,.
71440	74 68 65 72 65 20 61 72 65 20 6e 6f 20 6f 74 68 65 72 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e	there.are.no.other.configuration
71460	20 6f 70 74 69 6f 6e 73 20 66 6f 72 20 74 68 69 73 20 6b 69 6e 64 20 6f 66 20 74 75 6e 6e 65 6c	.options.for.this.kind.of.tunnel
71480	2e 00 54 68 69 73 20 69 73 20 6f 70 74 69 6f 6e 61 6c 2e 00 54 68 69 73 20 69 73 20 73 69 6d 69	..This.is.optional..This.is.simi
714a0	6c 61 72 20 74 6f 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 67 72 6f 75 70 73 20 70 61 72 74 2c 20	lar.to.the.network.groups.part,.
714c0	62 75 74 20 68 65 72 65 20 79 6f 75 20 61 72 65 20 61 62 6c 65 20 74 6f 20 6e 65 67 61 74 65 20	but.here.you.are.able.to.negate.
714e0	74 68 65 20 6d 61 74 63 68 69 6e 67 20 61 64 64 72 65 73 73 65 73 2e 00 54 68 69 73 20 69 73 20	the.matching.addresses..This.is.
71500	74 68 65 20 49 50 76 36 20 63 6f 75 6e 74 65 72 70 61 72 74 20 6f 66 20 49 50 49 50 2e 20 49 27	the.IPv6.counterpart.of.IPIP..I'
71520	6d 20 6e 6f 74 20 61 77 61 72 65 20 6f 66 20 61 6e 20 52 46 43 20 74 68 61 74 20 64 65 66 69 6e	m.not.aware.of.an.RFC.that.defin
71540	65 73 20 74 68 69 73 20 65 6e 63 61 70 73 75 6c 61 74 69 6f 6e 20 73 70 65 63 69 66 69 63 61 6c	es.this.encapsulation.specifical
71560	6c 79 2c 20 62 75 74 20 69 74 27 73 20 61 20 6e 61 74 75 72 61 6c 20 73 70 65 63 69 66 69 63 20	ly,.but.it's.a.natural.specific.
71580	63 61 73 65 20 6f 66 20 49 50 76 36 20 65 6e 63 61 70 73 75 6c 61 74 69 6f 6e 20 6d 65 63 68 61	case.of.IPv6.encapsulation.mecha
715a0	6e 69 73 6d 73 20 64 65 73 63 72 69 62 65 64 20 69 6e 20 3a 72 66 63 3a 32 34 37 33 60 2e 00 54	nisms.described.in.:rfc:2473`..T
715c0	68 69 73 20 69 73 20 74 68 65 20 4c 41 4e 20 65 78 74 65 6e 73 69 6f 6e 20 75 73 65 20 63 61 73	his.is.the.LAN.extension.use.cas
715e0	65 2e 20 54 68 65 20 65 74 68 30 20 70 6f 72 74 20 6f 66 20 74 68 65 20 64 69 73 74 61 6e 74 20	e..The.eth0.port.of.the.distant.
71600	56 50 4e 20 70 65 65 72 73 20 77 69 6c 6c 20 62 65 20 64 69 72 65 63 74 6c 79 20 63 6f 6e 6e 65	VPN.peers.will.be.directly.conne
71620	63 74 65 64 20 6c 69 6b 65 20 69 66 20 74 68 65 72 65 20 77 61 73 20 61 20 73 77 69 74 63 68 20	cted.like.if.there.was.a.switch.
71640	62 65 74 77 65 65 6e 20 74 68 65 6d 2e 00 54 68 69 73 20 69 73 20 74 68 65 20 4c 43 44 20 6d 6f	between.them..This.is.the.LCD.mo
71660	64 65 6c 20 75 73 65 64 20 69 6e 20 79 6f 75 72 20 73 79 73 74 65 6d 2e 00 54 68 69 73 20 69 73	del.used.in.your.system..This.is
71680	20 74 68 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 70 61 72 61 6d 65 74 65 72 20 66 6f 72	.the.configuration.parameter.for
716a0	20 74 68 65 20 65 6e 74 69 72 65 20 73 68 61 72 65 64 20 6e 65 74 77 6f 72 6b 20 64 65 66 69 6e	.the.entire.shared.network.defin
716c0	69 74 69 6f 6e 2e 20 41 6c 6c 20 73 75 62 6e 65 74 73 20 77 69 6c 6c 20 69 6e 68 65 72 69 74 20	ition..All.subnets.will.inherit.
716e0	74 68 69 73 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 69 74 65 6d 20 69 66 20 6e 6f 74 20 73	this.configuration.item.if.not.s
71700	70 65 63 69 66 69 65 64 20 6c 6f 63 61 6c 6c 79 2e 00 54 68 69 73 20 69 73 20 74 68 65 20 65 71	pecified.locally..This.is.the.eq
71720	75 69 76 61 6c 65 6e 74 20 6f 66 20 74 68 65 20 68 6f 73 74 20 62 6c 6f 63 6b 20 69 6e 20 64 68	uivalent.of.the.host.block.in.dh
71740	63 70 64 2e 63 6f 6e 66 20 6f 66 20 69 73 63 2d 64 68 63 70 64 2e 00 54 68 69 73 20 69 73 20 74	cpd.conf.of.isc-dhcpd..This.is.t
71760	68 65 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 70 68 79 73 69 63 61 6c 20 69 6e 74 65 72 66 61 63	he.name.of.the.physical.interfac
71780	65 20 75 73 65 64 20 74 6f 20 63 6f 6e 6e 65 63 74 20 74 6f 20 79 6f 75 72 20 4c 43 44 20 64 69	e.used.to.connect.to.your.LCD.di
717a0	73 70 6c 61 79 2e 20 54 61 62 20 63 6f 6d 70 6c 65 74 69 6f 6e 20 69 73 20 73 75 70 70 6f 72 74	splay..Tab.completion.is.support
717c0	65 64 20 61 6e 64 20 69 74 20 77 69 6c 6c 20 6c 69 73 74 20 79 6f 75 20 61 6c 6c 20 61 76 61 69	ed.and.it.will.list.you.all.avai
717e0	6c 61 62 6c 65 20 73 65 72 69 61 6c 20 69 6e 74 65 72 66 61 63 65 2e 00 54 68 69 73 20 69 73 20	lable.serial.interface..This.is.
71800	74 68 65 20 70 6f 6c 69 63 79 20 74 68 61 74 20 72 65 71 75 69 65 72 65 73 20 74 68 65 20 6c 6f	the.policy.that.requieres.the.lo
71820	77 65 73 74 20 72 65 73 6f 75 72 63 65 73 20 66 6f 72 20 74 68 65 20 73 61 6d 65 20 61 6d 6f 75	west.resources.for.the.same.amou
71840	6e 74 20 6f 66 20 74 72 61 66 66 69 63 2e 20 42 75 74 20 2a 2a 76 65 72 79 20 6c 69 6b 65 6c 79	nt.of.traffic..But.**very.likely
71860	20 79 6f 75 20 64 6f 20 6e 6f 74 20 6e 65 65 64 20 69 74 20 61 73 20 79 6f 75 20 63 61 6e 6e 6f	.you.do.not.need.it.as.you.canno
71880	74 20 67 65 74 20 6d 75 63 68 20 66 72 6f 6d 20 69 74 2e 20 53 6f 6d 65 74 69 6d 65 73 20 69 74	t.get.much.from.it..Sometimes.it
718a0	20 69 73 20 75 73 65 64 20 6a 75 73 74 20 74 6f 20 65 6e 61 62 6c 65 20 6c 6f 67 67 69 6e 67 2e	.is.used.just.to.enable.logging.
718c0	2a 2a 00 54 68 69 73 20 69 73 20 75 73 65 66 75 6c 2c 20 66 6f 72 20 65 78 61 6d 70 6c 65 2c 20	**.This.is.useful,.for.example,.
718e0	69 6e 20 63 6f 6d 62 69 6e 61 74 69 6f 6e 20 77 69 74 68 20 68 6f 73 74 66 69 6c 65 20 75 70 64	in.combination.with.hostfile.upd
71900	61 74 65 2e 00 54 68 69 73 20 69 73 20 77 68 65 72 65 20 22 55 44 50 20 62 72 6f 61 64 63 61 73	ate..This.is.where."UDP.broadcas
71920	74 20 72 65 6c 61 79 22 20 63 6f 6d 65 73 20 69 6e 74 6f 20 70 6c 61 79 21 20 49 74 20 77 69 6c	t.relay".comes.into.play!.It.wil
71940	6c 20 66 6f 72 77 61 72 64 20 72 65 63 65 69 76 65 64 20 62 72 6f 61 64 63 61 73 74 73 20 74 6f	l.forward.received.broadcasts.to
71960	20 6f 74 68 65 72 20 63 6f 6e 66 69 67 75 72 65 64 20 6e 65 74 77 6f 72 6b 73 2e 00 54 68 69 73	.other.configured.networks..This
71980	20 6d 61 6b 65 73 20 74 68 65 20 73 65 72 76 65 72 20 61 75 74 68 6f 72 69 74 61 74 69 76 65 6c	.makes.the.server.authoritativel
719a0	79 20 6e 6f 74 20 61 77 61 72 65 20 6f 66 3a 20 31 30 2e 69 6e 2d 61 64 64 72 2e 61 72 70 61 2c	y.not.aware.of:.10.in-addr.arpa,
719c0	20 31 36 38 2e 31 39 32 2e 69 6e 2d 61 64 64 72 2e 61 72 70 61 2c 20 31 36 2d 33 31 2e 31 37 32	.168.192.in-addr.arpa,.16-31.172
719e0	2e 69 6e 2d 61 64 64 72 2e 61 72 70 61 2c 20 77 68 69 63 68 20 65 6e 61 62 6c 69 6e 67 20 75 70	.in-addr.arpa,.which.enabling.up
71a00	73 74 72 65 61 6d 20 44 4e 53 20 73 65 72 76 65 72 28 73 29 20 74 6f 20 62 65 20 75 73 65 64 20	stream.DNS.server(s).to.be.used.
71a20	66 6f 72 20 72 65 76 65 72 73 65 20 6c 6f 6f 6b 75 70 73 20 6f 66 20 74 68 65 73 65 20 7a 6f 6e	for.reverse.lookups.of.these.zon
71a40	65 73 2e 00 54 68 69 73 20 6d 65 74 68 6f 64 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 69	es..This.method.automatically.di
71a60	73 61 62 6c 65 73 20 49 50 76 36 20 74 72 61 66 66 69 63 20 66 6f 72 77 61 72 64 69 6e 67 20 6f	sables.IPv6.traffic.forwarding.o
71a80	6e 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 69 6e 20 71 75 65 73 74 69 6f 6e 2e 00 54 68 69	n.the.interface.in.question..Thi
71aa0	73 20 6d 6f 64 65 20 70 72 6f 76 69 64 65 73 20 66 61 75 6c 74 20 74 6f 6c 65 72 61 6e 63 65 2e	s.mode.provides.fault.tolerance.
71ac0	00 54 68 69 73 20 6d 6f 64 65 20 70 72 6f 76 69 64 65 73 20 66 61 75 6c 74 20 74 6f 6c 65 72 61	.This.mode.provides.fault.tolera
71ae0	6e 63 65 2e 20 54 68 65 20 3a 63 66 67 63 6d 64 3a 60 70 72 69 6d 61 72 79 60 20 6f 70 74 69 6f	nce..The.:cfgcmd:`primary`.optio
71b00	6e 2c 20 64 6f 63 75 6d 65 6e 74 65 64 20 62 65 6c 6f 77 2c 20 61 66 66 65 63 74 73 20 74 68 65	n,.documented.below,.affects.the
71b20	20 62 65 68 61 76 69 6f 72 20 6f 66 20 74 68 69 73 20 6d 6f 64 65 2e 00 54 68 69 73 20 6d 6f 64	.behavior.of.this.mode..This.mod
71b40	65 20 70 72 6f 76 69 64 65 73 20 6c 6f 61 64 20 62 61 6c 61 6e 63 69 6e 67 20 61 6e 64 20 66 61	e.provides.load.balancing.and.fa
71b60	75 6c 74 20 74 6f 6c 65 72 61 6e 63 65 2e 00 54 68 69 73 20 6f 70 74 69 6f 6e 20 61 64 64 73 20	ult.tolerance..This.option.adds.
71b80	50 6f 77 65 72 20 43 6f 6e 73 74 72 61 69 6e 74 20 65 6c 65 6d 65 6e 74 20 77 68 65 6e 20 61 70	Power.Constraint.element.when.ap
71ba0	70 6c 69 63 61 62 6c 65 20 61 6e 64 20 43 6f 75 6e 74 72 79 20 65 6c 65 6d 65 6e 74 20 69 73 20	plicable.and.Country.element.is.
71bc0	61 64 64 65 64 2e 20 50 6f 77 65 72 20 43 6f 6e 73 74 72 61 69 6e 74 20 65 6c 65 6d 65 6e 74 20	added..Power.Constraint.element.
71be0	69 73 20 72 65 71 75 69 72 65 64 20 62 79 20 54 72 61 6e 73 6d 69 74 20 50 6f 77 65 72 20 43 6f	is.required.by.Transmit.Power.Co
71c00	6e 74 72 6f 6c 2e 00 54 68 69 73 20 6f 70 74 69 6f 6e 20 63 61 6e 20 62 65 20 73 70 65 63 69 66	ntrol..This.option.can.be.specif
71c20	69 65 64 20 6d 75 6c 74 69 70 6c 65 20 74 69 6d 65 73 2e 00 54 68 69 73 20 6f 70 74 69 6f 6e 20	ied.multiple.times..This.option.
71c40	63 61 6e 20 62 65 20 73 75 70 70 6c 69 65 64 20 6d 75 6c 74 69 70 6c 65 20 74 69 6d 65 73 2e 00	can.be.supplied.multiple.times..
71c60	54 68 69 73 20 6f 70 74 69 6f 6e 20 69 73 20 6d 61 6e 64 61 74 6f 72 79 20 69 6e 20 41 63 63 65	This.option.is.mandatory.in.Acce
71c80	73 73 2d 50 6f 69 6e 74 20 6d 6f 64 65 2e 00 54 68 69 73 20 6f 70 74 69 6f 6e 20 69 73 20 72 65	ss-Point.mode..This.option.is.re
71ca0	71 75 69 72 65 64 20 77 68 65 6e 20 72 75 6e 6e 69 6e 67 20 61 20 44 4d 56 50 4e 20 73 70 6f 6b	quired.when.running.a.DMVPN.spok
71cc0	65 2e 00 54 68 69 73 20 6f 70 74 69 6f 6e 20 6d 75 73 74 20 62 65 20 75 73 65 64 20 77 69 74 68	e..This.option.must.be.used.with
71ce0	20 60 60 74 69 6d 65 6f 75 74 60 60 20 6f 70 74 69 6f 6e 2e 00 54 68 69 73 20 6f 70 74 69 6f 6e	.``timeout``.option..This.option
71d00	20 6f 6e 6c 79 20 61 66 66 65 63 74 73 20 38 30 32 2e 33 61 64 20 6d 6f 64 65 2e 00 54 68 69 73	.only.affects.802.3ad.mode..This
71d20	20 6f 70 74 69 6f 6e 20 73 70 65 63 69 66 69 65 73 20 61 20 64 65 6c 61 79 20 69 6e 20 73 65 63	.option.specifies.a.delay.in.sec
71d40	6f 6e 64 73 20 62 65 66 6f 72 65 20 76 72 72 70 20 69 6e 73 74 61 6e 63 65 73 20 73 74 61 72 74	onds.before.vrrp.instances.start
71d60	20 75 70 20 61 66 74 65 72 20 6b 65 65 70 61 6c 69 76 65 64 20 73 74 61 72 74 73 2e 00 54 68 69	.up.after.keepalived.starts..Thi
71d80	73 20 70 61 72 61 6d 65 74 65 72 20 61 6c 6c 6f 77 73 20 74 6f 20 22 73 68 6f 72 74 63 75 74 22	s.parameter.allows.to."shortcut"
71da0	20 72 6f 75 74 65 73 20 28 6e 6f 6e 2d 62 61 63 6b 62 6f 6e 65 29 20 66 6f 72 20 69 6e 74 65 72	.routes.(non-backbone).for.inter
71dc0	2d 61 72 65 61 20 72 6f 75 74 65 73 2e 20 54 68 65 72 65 20 61 72 65 20 74 68 72 65 65 20 6d 6f	-area.routes..There.are.three.mo
71de0	64 65 73 20 61 76 61 69 6c 61 62 6c 65 20 66 6f 72 20 72 6f 75 74 65 73 20 73 68 6f 72 74 63 75	des.available.for.routes.shortcu
71e00	74 74 69 6e 67 3a 00 54 68 69 73 20 70 6f 6c 69 63 79 20 69 73 20 69 6e 74 65 6e 64 65 64 20 74	tting:.This.policy.is.intended.t
71e20	6f 20 70 72 6f 76 69 64 65 20 61 20 6d 6f 72 65 20 62 61 6c 61 6e 63 65 64 20 64 69 73 74 72 69	o.provide.a.more.balanced.distri
71e40	62 75 74 69 6f 6e 20 6f 66 20 74 72 61 66 66 69 63 20 74 68 61 6e 20 6c 61 79 65 72 32 20 61 6c	bution.of.traffic.than.layer2.al
71e60	6f 6e 65 2c 20 65 73 70 65 63 69 61 6c 6c 79 20 69 6e 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 73 20	one,.especially.in.environments.
71e80	77 68 65 72 65 20 61 20 6c 61 79 65 72 33 20 67 61 74 65 77 61 79 20 64 65 76 69 63 65 20 69 73	where.a.layer3.gateway.device.is
71ea0	20 72 65 71 75 69 72 65 64 20 74 6f 20 72 65 61 63 68 20 6d 6f 73 74 20 64 65 73 74 69 6e 61 74	.required.to.reach.most.destinat
71ec0	69 6f 6e 73 2e 00 54 68 69 73 20 70 72 6f 6d 70 74 65 64 20 73 6f 6d 65 20 49 53 50 73 20 74 6f	ions..This.prompted.some.ISPs.to
71ee0	20 64 65 76 65 6c 6f 70 20 61 20 70 6f 6c 69 63 79 20 77 69 74 68 69 6e 20 74 68 65 20 3a 61 62	.develop.a.policy.within.the.:ab
71f00	62 72 3a 60 41 52 49 4e 20 28 41 6d 65 72 69 63 61 6e 20 52 65 67 69 73 74 72 79 20 66 6f 72 20	br:`ARIN.(American.Registry.for.
71f20	49 6e 74 65 72 6e 65 74 20 4e 75 6d 62 65 72 73 29 60 20 74 6f 20 61 6c 6c 6f 63 61 74 65 20 6e	Internet.Numbers)`.to.allocate.n
71f40	65 77 20 70 72 69 76 61 74 65 20 61 64 64 72 65 73 73 20 73 70 61 63 65 20 66 6f 72 20 43 47 4e	ew.private.address.space.for.CGN
71f60	73 2c 20 62 75 74 20 41 52 49 4e 20 64 65 66 65 72 72 65 64 20 74 6f 20 74 68 65 20 49 45 54 46	s,.but.ARIN.deferred.to.the.IETF
71f80	20 62 65 66 6f 72 65 20 69 6d 70 6c 65 6d 65 6e 74 69 6e 67 20 74 68 65 20 70 6f 6c 69 63 79 20	.before.implementing.the.policy.
71fa0	69 6e 64 69 63 61 74 69 6e 67 20 74 68 61 74 20 74 68 65 20 6d 61 74 74 65 72 20 77 61 73 20 6e	indicating.that.the.matter.was.n
71fc0	6f 74 20 61 20 74 79 70 69 63 61 6c 20 61 6c 6c 6f 63 61 74 69 6f 6e 20 69 73 73 75 65 20 62 75	ot.a.typical.allocation.issue.bu
71fe0	74 20 61 20 72 65 73 65 72 76 61 74 69 6f 6e 20 6f 66 20 61 64 64 72 65 73 73 65 73 20 66 6f 72	t.a.reservation.of.addresses.for
72000	20 74 65 63 68 6e 69 63 61 6c 20 70 75 72 70 6f 73 65 73 20 28 70 65 72 20 3a 72 66 63 3a 60 32	.technical.purposes.(per.:rfc:`2
72020	38 36 30 60 29 2e 00 54 68 69 73 20 72 65 71 75 69 72 65 64 20 73 65 74 74 69 6e 67 20 64 65 66	860`)..This.required.setting.def
72040	69 6e 65 73 20 74 68 65 20 61 63 74 69 6f 6e 20 6f 66 20 74 68 65 20 63 75 72 72 65 6e 74 20 72	ines.the.action.of.the.current.r
72060	75 6c 65 2e 20 49 66 20 61 63 74 69 6f 6e 20 69 73 20 73 65 74 20 74 6f 20 60 60 6a 75 6d 70 60	ule..If.action.is.set.to.``jump`
72080	60 2c 20 74 68 65 6e 20 60 60 6a 75 6d 70 2d 74 61 72 67 65 74 60 60 20 69 73 20 61 6c 73 6f 20	`,.then.``jump-target``.is.also.
720a0	6e 65 65 64 65 64 2e 00 54 68 69 73 20 72 65 71 75 69 72 65 64 20 73 65 74 74 69 6e 67 20 64 65	needed..This.required.setting.de
720c0	66 69 6e 65 73 20 74 68 65 20 61 63 74 69 6f 6e 20 6f 66 20 74 68 65 20 63 75 72 72 65 6e 74 20	fines.the.action.of.the.current.
720e0	72 75 6c 65 2e 20 49 66 20 61 63 74 69 6f 6e 20 69 73 20 73 65 74 20 74 6f 20 6a 75 6d 70 2c 20	rule..If.action.is.set.to.jump,.
72100	74 68 65 6e 20 6a 75 6d 70 2d 74 61 72 67 65 74 20 69 73 20 61 6c 73 6f 20 6e 65 65 64 65 64 2e	then.jump-target.is.also.needed.
72120	00 54 68 69 73 20 72 65 71 75 69 72 65 73 20 74 77 6f 20 66 69 6c 65 73 2c 20 6f 6e 65 20 74 6f	.This.requires.two.files,.one.to
72140	20 63 72 65 61 74 65 20 74 68 65 20 64 65 76 69 63 65 20 28 58 58 58 2e 6e 65 74 64 65 76 29 20	.create.the.device.(XXX.netdev).
72160	61 6e 64 20 6f 6e 65 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 74 68 65 20 6e 65 74 77 6f 72 6b	and.one.to.configure.the.network
72180	20 6f 6e 20 74 68 65 20 64 65 76 69 63 65 20 28 58 58 58 2e 6e 65 74 77 6f 72 6b 29 00 54 68 69	.on.the.device.(XXX.network).Thi
721a0	73 20 72 65 73 75 6c 74 73 20 69 6e 20 74 68 65 20 61 63 74 69 76 65 20 63 6f 6e 66 69 67 75 72	s.results.in.the.active.configur
721c0	61 74 69 6f 6e 3a 00 54 68 69 73 20 73 61 79 73 20 74 68 61 74 20 74 68 69 73 20 64 65 76 69 63	ation:.This.says.that.this.devic
721e0	65 20 69 73 20 74 68 65 20 6f 6e 6c 79 20 44 48 43 50 20 73 65 72 76 65 72 20 66 6f 72 20 74 68	e.is.the.only.DHCP.server.for.th
72200	69 73 20 6e 65 74 77 6f 72 6b 2e 20 49 66 20 6f 74 68 65 72 20 64 65 76 69 63 65 73 20 61 72 65	is.network..If.other.devices.are
72220	20 74 72 79 69 6e 67 20 74 6f 20 6f 66 66 65 72 20 44 48 43 50 20 6c 65 61 73 65 73 2c 20 74 68	.trying.to.offer.DHCP.leases,.th
72240	69 73 20 6d 61 63 68 69 6e 65 20 77 69 6c 6c 20 73 65 6e 64 20 27 44 48 43 50 4e 41 4b 27 20 74	is.machine.will.send.'DHCPNAK'.t
72260	6f 20 61 6e 79 20 64 65 76 69 63 65 20 74 72 79 69 6e 67 20 74 6f 20 72 65 71 75 65 73 74 20 61	o.any.device.trying.to.request.a
72280	6e 20 49 50 20 61 64 64 72 65 73 73 20 74 68 61 74 20 69 73 20 6e 6f 74 20 76 61 6c 69 64 20 66	n.IP.address.that.is.not.valid.f
722a0	6f 72 20 74 68 69 73 20 6e 65 74 77 6f 72 6b 2e 00 54 68 69 73 20 73 65 63 74 69 6f 6e 20 64 65	or.this.network..This.section.de
722c0	73 63 72 69 62 65 73 20 63 6f 6e 66 69 67 75 72 69 6e 67 20 44 4e 53 20 6f 6e 20 74 68 65 20 73	scribes.configuring.DNS.on.the.s
722e0	79 73 74 65 6d 2c 20 6e 61 6d 65 6c 79 3a 00 54 68 69 73 20 73 65 63 74 69 6f 6e 20 64 65 73 63	ystem,.namely:.This.section.desc
72300	72 69 62 65 73 20 74 68 65 20 73 79 73 74 65 6d 27 73 20 68 6f 73 74 20 69 6e 66 6f 72 6d 61 74	ribes.the.system's.host.informat
72320	69 6f 6e 20 61 6e 64 20 68 6f 77 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 74 68 65 6d 2c 20 69	ion.and.how.to.configure.them,.i
72340	74 20 63 6f 76 65 72 73 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 74 6f 70 69 63 73 3a 00 54	t.covers.the.following.topics:.T
72360	68 69 73 20 73 65 63 74 69 6f 6e 20 6e 65 65 64 73 20 69 6d 70 72 6f 76 65 6d 65 6e 74 73 2c 20	his.section.needs.improvements,.
72380	65 78 61 6d 70 6c 65 73 20 61 6e 64 20 65 78 70 6c 61 6e 61 74 69 6f 6e 73 2e 00 54 68 69 73 20	examples.and.explanations..This.
723a0	73 65 74 20 74 68 65 20 64 65 66 61 75 6c 74 20 61 63 74 69 6f 6e 20 6f 66 20 74 68 65 20 72 75	set.the.default.action.of.the.ru
723c0	6c 65 2d 73 65 74 20 69 66 20 6e 6f 20 72 75 6c 65 20 6d 61 74 63 68 65 64 20 61 20 70 61 63 6b	le-set.if.no.rule.matched.a.pack
723e0	65 74 20 63 72 69 74 65 72 69 61 2e 20 49 66 20 64 65 66 61 63 75 6c 74 2d 61 63 74 69 6f 6e 20	et.criteria..If.defacult-action.
72400	69 73 20 73 65 74 20 74 6f 20 60 60 6a 75 6d 70 60 60 2c 20 74 68 65 6e 20 60 60 64 65 66 61 75	is.set.to.``jump``,.then.``defau
72420	6c 74 2d 6a 75 6d 70 2d 74 61 72 67 65 74 60 60 20 69 73 20 61 6c 73 6f 20 6e 65 65 64 65 64 2e	lt-jump-target``.is.also.needed.
72440	00 54 68 69 73 20 73 65 74 20 74 68 65 20 64 65 66 61 75 6c 74 20 61 63 74 69 6f 6e 20 6f 66 20	.This.set.the.default.action.of.
72460	74 68 65 20 72 75 6c 65 2d 73 65 74 20 69 66 20 6e 6f 20 72 75 6c 65 20 6d 61 74 63 68 65 64 20	the.rule-set.if.no.rule.matched.
72480	61 20 70 61 63 6b 65 74 20 63 72 69 74 65 72 69 61 2e 20 49 66 20 64 65 66 61 63 75 6c 74 2d 61	a.packet.criteria..If.defacult-a
724a0	63 74 69 6f 6e 20 69 73 20 73 65 74 20 74 6f 20 60 60 6a 75 6d 70 60 60 2c 20 74 68 65 6e 20 60	ction.is.set.to.``jump``,.then.`
724c0	60 64 65 66 61 75 6c 74 2d 6a 75 6d 70 2d 74 61 72 67 65 74 60 60 20 69 73 20 61 6c 73 6f 20 6e	`default-jump-target``.is.also.n
724e0	65 65 64 65 64 2e 20 4e 6f 74 65 20 74 68 61 74 20 66 6f 72 20 62 61 73 65 20 63 68 61 69 6e 73	eeded..Note.that.for.base.chains
72500	2c 20 64 65 66 61 75 6c 74 20 61 63 74 69 6f 6e 20 63 61 6e 20 6f 6e 6c 79 20 62 65 20 73 65 74	,.default.action.can.only.be.set
72520	20 74 6f 20 60 60 61 63 63 65 70 74 60 60 20 6f 72 20 60 60 64 72 6f 70 60 60 2c 20 77 68 69 6c	.to.``accept``.or.``drop``,.whil
72540	65 20 6f 6e 20 63 75 73 74 6f 6d 20 63 68 61 69 6e 2c 20 6d 6f 72 65 20 61 63 74 69 6f 6e 73 20	e.on.custom.chain,.more.actions.
72560	61 72 65 20 61 76 61 69 6c 61 62 6c 65 2e 00 54 68 69 73 20 73 65 74 73 20 74 68 65 20 61 63 63	are.available..This.sets.the.acc
72580	65 70 74 65 64 20 63 69 70 68 65 72 73 20 74 6f 20 75 73 65 20 77 68 65 6e 20 76 65 72 73 69 6f	epted.ciphers.to.use.when.versio
725a0	6e 20 3d 3e 20 32 2e 34 2e 30 20 61 6e 64 20 4e 43 50 20 69 73 20 65 6e 61 62 6c 65 64 20 28 77	n.=>.2.4.0.and.NCP.is.enabled.(w
725c0	68 69 63 68 20 69 73 20 74 68 65 20 64 65 66 61 75 6c 74 29 2e 20 44 65 66 61 75 6c 74 20 4e 43	hich.is.the.default)..Default.NC
725e0	50 20 63 69 70 68 65 72 20 66 6f 72 20 76 65 72 73 69 6f 6e 73 20 3e 3d 20 32 2e 34 2e 30 20 69	P.cipher.for.versions.>=.2.4.0.i
72600	73 20 61 65 73 32 35 36 67 63 6d 2e 20 54 68 65 20 66 69 72 73 74 20 63 69 70 68 65 72 20 69 6e	s.aes256gcm..The.first.cipher.in
72620	20 74 68 69 73 20 6c 69 73 74 20 69 73 20 77 68 61 74 20 73 65 72 76 65 72 20 70 75 73 68 65 73	.this.list.is.what.server.pushes
72640	20 74 6f 20 63 6c 69 65 6e 74 73 2e 00 54 68 69 73 20 73 65 74 73 20 74 68 65 20 63 69 70 68 65	.to.clients..This.sets.the.ciphe
72660	72 20 77 68 65 6e 20 4e 43 50 20 28 4e 65 67 6f 74 69 61 62 6c 65 20 43 72 79 70 74 6f 20 50 61	r.when.NCP.(Negotiable.Crypto.Pa
72680	72 61 6d 65 74 65 72 73 29 20 69 73 20 64 69 73 61 62 6c 65 64 20 6f 72 20 4f 70 65 6e 56 50 4e	rameters).is.disabled.or.OpenVPN
726a0	20 76 65 72 73 69 6f 6e 20 3c 20 32 2e 34 2e 30 2e 00 54 68 69 73 20 73 65 74 74 69 6e 67 20 64	.version.<.2.4.0..This.setting.d
726c0	65 66 61 75 6c 74 73 20 74 6f 20 31 35 30 30 20 61 6e 64 20 69 73 20 76 61 6c 69 64 20 62 65 74	efaults.to.1500.and.is.valid.bet
726e0	77 65 65 6e 20 31 30 20 61 6e 64 20 36 30 30 30 30 2e 00 54 68 69 73 20 73 65 74 74 69 6e 67 20	ween.10.and.60000..This.setting.
72700	65 6e 61 62 6c 65 20 6f 72 20 64 69 73 61 62 6c 65 20 74 68 65 20 72 65 73 70 6f 6e 73 65 20 6f	enable.or.disable.the.response.o
72720	66 20 69 63 6d 70 20 62 72 6f 61 64 63 61 73 74 20 6d 65 73 73 61 67 65 73 2e 20 54 68 65 20 66	f.icmp.broadcast.messages..The.f
72740	6f 6c 6c 6f 77 69 6e 67 20 73 79 73 74 65 6d 20 70 61 72 61 6d 65 74 65 72 20 77 69 6c 6c 20 62	ollowing.system.parameter.will.b
72760	65 20 61 6c 74 65 72 65 64 3a 00 54 68 69 73 20 73 65 74 74 69 6e 67 20 68 61 6e 64 6c 65 20 69	e.altered:.This.setting.handle.i
72780	66 20 56 79 4f 53 20 61 63 63 65 70 74 20 70 61 63 6b 65 74 73 20 77 69 74 68 20 61 20 73 6f 75	f.VyOS.accept.packets.with.a.sou
727a0	72 63 65 20 72 6f 75 74 65 20 6f 70 74 69 6f 6e 2e 20 54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20	rce.route.option..The.following.
727c0	73 79 73 74 65 6d 20 70 61 72 61 6d 65 74 65 72 20 77 69 6c 6c 20 62 65 20 61 6c 74 65 72 65 64	system.parameter.will.be.altered
727e0	3a 00 54 68 69 73 20 73 65 74 74 69 6e 67 2c 20 77 68 69 63 68 20 64 65 66 61 75 6c 74 73 20 74	:.This.setting,.which.defaults.t
72800	6f 20 33 36 30 30 20 73 65 63 6f 6e 64 73 2c 20 70 75 74 73 20 61 20 6d 61 78 69 6d 75 6d 20 6f	o.3600.seconds,.puts.a.maximum.o
72820	6e 20 74 68 65 20 61 6d 6f 75 6e 74 20 6f 66 20 74 69 6d 65 20 6e 65 67 61 74 69 76 65 20 65 6e	n.the.amount.of.time.negative.en
72840	74 72 69 65 73 20 61 72 65 20 63 61 63 68 65 64 2e 00 54 68 69 73 20 73 65 74 75 70 20 77 69 6c	tries.are.cached..This.setup.wil
72860	6c 20 6d 61 6b 65 20 74 68 65 20 56 52 52 50 20 70 72 6f 63 65 73 73 20 65 78 65 63 75 74 65 20	l.make.the.VRRP.process.execute.
72880	74 68 65 20 60 60 2f 63 6f 6e 66 69 67 2f 73 63 72 69 70 74 73 2f 76 72 72 70 2d 63 68 65 63 6b	the.``/config/scripts/vrrp-check
728a0	2e 73 68 20 73 63 72 69 70 74 60 60 20 65 76 65 72 79 20 36 30 20 73 65 63 6f 6e 64 73 2c 20 61	.sh.script``.every.60.seconds,.a
728c0	6e 64 20 74 72 61 6e 73 69 74 69 6f 6e 20 74 68 65 20 67 72 6f 75 70 20 74 6f 20 74 68 65 20 66	nd.transition.the.group.to.the.f
728e0	61 75 6c 74 20 73 74 61 74 65 20 69 66 20 69 74 20 66 61 69 6c 73 20 28 69 2e 65 2e 20 65 78 69	ault.state.if.it.fails.(i.e..exi
72900	74 73 20 77 69 74 68 20 6e 6f 6e 2d 7a 65 72 6f 20 73 74 61 74 75 73 29 20 74 68 72 65 65 20 74	ts.with.non-zero.status).three.t
72920	69 6d 65 73 3a 00 54 68 69 73 20 73 74 61 74 65 6d 65 6e 74 20 73 70 65 63 69 66 69 65 73 20 64	imes:.This.statement.specifies.d
72940	68 63 70 36 63 20 74 6f 20 6f 6e 6c 79 20 65 78 63 68 61 6e 67 65 20 69 6e 66 6f 72 6d 61 74 69	hcp6c.to.only.exchange.informati
72960	6f 6e 61 6c 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 70 61 72 61 6d 65 74 65 72 73 20 77 69	onal.configuration.parameters.wi
72980	74 68 20 73 65 72 76 65 72 73 2e 20 41 20 6c 69 73 74 20 6f 66 20 44 4e 53 20 73 65 72 76 65 72	th.servers..A.list.of.DNS.server
729a0	20 61 64 64 72 65 73 73 65 73 20 69 73 20 61 6e 20 65 78 61 6d 70 6c 65 20 6f 66 20 73 75 63 68	.addresses.is.an.example.of.such
729c0	20 70 61 72 61 6d 65 74 65 72 73 2e 20 54 68 69 73 20 73 74 61 74 65 6d 65 6e 74 20 69 73 20 75	.parameters..This.statement.is.u
729e0	73 65 66 75 6c 20 77 68 65 6e 20 74 68 65 20 63 6c 69 65 6e 74 20 64 6f 65 73 20 6e 6f 74 20 6e	seful.when.the.client.does.not.n
72a00	65 65 64 20 73 74 61 74 65 66 75 6c 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 70 61 72 61 6d	eed.stateful.configuration.param
72a20	65 74 65 72 73 20 73 75 63 68 20 61 73 20 49 50 76 36 20 61 64 64 72 65 73 73 65 73 20 6f 72 20	eters.such.as.IPv6.addresses.or.
72a40	70 72 65 66 69 78 65 73 2e 00 54 68 69 73 20 73 75 70 70 6f 72 74 20 6d 61 79 20 62 65 20 65 6e	prefixes..This.support.may.be.en
72a60	61 62 6c 65 64 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 6c 79 20 28 61 6e 64 20 69 6e 64 65	abled.administratively.(and.inde
72a80	66 69 6e 69 74 65 6c 79 29 20 77 69 74 68 20 74 68 65 20 3a 63 66 67 63 6d 64 3a 60 61 64 6d 69	finitely).with.the.:cfgcmd:`admi
72aa0	6e 69 73 74 72 61 74 69 76 65 60 20 63 6f 6d 6d 61 6e 64 2e 20 49 74 20 6d 61 79 20 61 6c 73 6f	nistrative`.command..It.may.also
72ac0	20 62 65 20 65 6e 61 62 6c 65 64 20 63 6f 6e 64 69 74 69 6f 6e 61 6c 6c 79 2e 20 43 6f 6e 64 69	.be.enabled.conditionally..Condi
72ae0	74 69 6f 6e 61 6c 20 65 6e 61 62 6c 69 6e 67 20 6f 66 20 6d 61 78 2d 6d 65 74 72 69 63 20 72 6f	tional.enabling.of.max-metric.ro
72b00	75 74 65 72 2d 6c 73 61 73 20 63 61 6e 20 62 65 20 66 6f 72 20 61 20 70 65 72 69 6f 64 20 6f 66	uter-lsas.can.be.for.a.period.of
72b20	20 73 65 63 6f 6e 64 73 20 61 66 74 65 72 20 73 74 61 72 74 75 70 20 77 69 74 68 20 74 68 65 20	.seconds.after.startup.with.the.
72b40	3a 63 66 67 63 6d 64 3a 60 6f 6e 2d 73 74 61 72 74 75 70 20 3c 73 65 63 6f 6e 64 73 3e 60 20 63	:cfgcmd:`on-startup.<seconds>`.c
72b60	6f 6d 6d 61 6e 64 20 61 6e 64 2f 6f 72 20 66 6f 72 20 61 20 70 65 72 69 6f 64 20 6f 66 20 73 65	ommand.and/or.for.a.period.of.se
72b80	63 6f 6e 64 73 20 70 72 69 6f 72 20 74 6f 20 73 68 75 74 64 6f 77 6e 20 77 69 74 68 20 74 68 65	conds.prior.to.shutdown.with.the
72ba0	20 3a 63 66 67 63 6d 64 3a 60 6f 6e 2d 73 68 75 74 64 6f 77 6e 20 3c 73 65 63 6f 6e 64 73 3e 60	.:cfgcmd:`on-shutdown.<seconds>`
72bc0	20 63 6f 6d 6d 61 6e 64 2e 20 54 68 65 20 74 69 6d 65 20 72 61 6e 67 65 20 69 73 20 35 20 74 6f	.command..The.time.range.is.5.to
72be0	20 38 36 34 30 30 2e 00 54 68 69 73 20 74 65 63 68 6e 69 71 75 65 20 69 73 20 63 6f 6d 6d 6f 6e	.86400..This.technique.is.common
72c00	6c 79 20 72 65 66 65 72 72 65 64 20 74 6f 20 61 73 20 4e 41 54 20 52 65 66 6c 65 63 74 69 6f 6e	ly.referred.to.as.NAT.Reflection
72c20	20 6f 72 20 48 61 69 72 70 69 6e 20 4e 41 54 2e 00 54 68 69 73 20 74 65 63 68 6e 6f 6c 6f 67 79	.or.Hairpin.NAT..This.technology
72c40	20 69 73 20 6b 6e 6f 77 6e 20 62 79 20 64 69 66 66 65 72 65 6e 74 20 6e 61 6d 65 73 3a 00 54 68	.is.known.by.different.names:.Th
72c60	69 73 20 74 68 65 20 73 69 6d 70 6c 65 73 74 20 71 75 65 75 65 20 70 6f 73 73 69 62 6c 65 20 79	is.the.simplest.queue.possible.y
72c80	6f 75 20 63 61 6e 20 61 70 70 6c 79 20 74 6f 20 79 6f 75 72 20 74 72 61 66 66 69 63 2e 20 54 72	ou.can.apply.to.your.traffic..Tr
72ca0	61 66 66 69 63 20 6d 75 73 74 20 67 6f 20 74 68 72 6f 75 67 68 20 61 20 66 69 6e 69 74 65 20 71	affic.must.go.through.a.finite.q
72cc0	75 65 75 65 20 62 65 66 6f 72 65 20 69 74 20 69 73 20 61 63 74 75 61 6c 6c 79 20 73 65 6e 74 2e	ueue.before.it.is.actually.sent.
72ce0	20 59 6f 75 20 6d 75 73 74 20 64 65 66 69 6e 65 20 68 6f 77 20 6d 61 6e 79 20 70 61 63 6b 65 74	.You.must.define.how.many.packet
72d00	73 20 74 68 61 74 20 71 75 65 75 65 20 63 61 6e 20 63 6f 6e 74 61 69 6e 2e 00 54 68 69 73 20 74	s.that.queue.can.contain..This.t
72d20	6f 70 6f 6c 6f 67 79 20 77 61 73 20 62 75 69 6c 74 20 75 73 69 6e 67 20 47 4e 53 33 2e 00 54 68	opology.was.built.using.GNS3..Th
72d40	69 73 20 77 69 6c 6c 20 62 65 20 74 68 65 20 6d 6f 73 74 20 77 69 64 65 6c 79 20 75 73 65 64 20	is.will.be.the.most.widely.used.
72d60	69 6e 74 65 72 66 61 63 65 20 6f 6e 20 61 20 72 6f 75 74 65 72 20 63 61 72 72 79 69 6e 67 20 74	interface.on.a.router.carrying.t
72d80	72 61 66 66 69 63 20 74 6f 20 74 68 65 20 72 65 61 6c 20 77 6f 72 6c 64 2e 00 54 68 69 73 20 77	raffic.to.the.real.world..This.w
72da0	69 6c 6c 20 63 6f 6e 66 69 67 75 72 65 20 61 20 73 74 61 74 69 63 20 41 52 50 20 65 6e 74 72 79	ill.configure.a.static.ARP.entry
72dc0	20 61 6c 77 61 79 73 20 72 65 73 6f 6c 76 69 6e 67 20 60 3c 61 64 64 72 65 73 73 3e 60 20 74 6f	.always.resolving.`<address>`.to
72de0	20 60 3c 6d 61 63 3e 60 20 66 6f 72 20 69 6e 74 65 72 66 61 63 65 20 60 3c 69 6e 74 65 72 66 61	.`<mac>`.for.interface.`<interfa
72e00	63 65 3e 60 2e 00 54 68 69 73 20 77 69 6c 6c 20 6d 61 74 63 68 20 54 43 50 20 74 72 61 66 66 69	ce>`..This.will.match.TCP.traffi
72e20	63 20 77 69 74 68 20 73 6f 75 72 63 65 20 70 6f 72 74 20 38 30 2e 00 54 68 69 73 20 77 69 6c 6c	c.with.source.port.80..This.will
72e40	20 72 65 6e 64 65 72 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 64 64 63 6c 69 65 6e 74 5f 20	.render.the.following.ddclient_.
72e60	63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 65 6e 74 72 79 3a 00 54 68 69 73 20 77 69 6c 6c 20 73	configuration.entry:.This.will.s
72e80	68 6f 77 20 79 6f 75 20 61 20 62 61 73 69 63 20 66 69 72 65 77 61 6c 6c 20 6f 76 65 72 76 69 65	how.you.a.basic.firewall.overvie
72ea0	77 00 54 68 69 73 20 77 69 6c 6c 20 73 68 6f 77 20 79 6f 75 20 61 20 72 75 6c 65 2d 73 65 74 20	w.This.will.show.you.a.rule-set.
72ec0	73 74 61 74 69 73 74 69 63 20 73 69 6e 63 65 20 74 68 65 20 6c 61 73 74 20 62 6f 6f 74 2e 00 54	statistic.since.the.last.boot..T
72ee0	68 69 73 20 77 69 6c 6c 20 73 68 6f 77 20 79 6f 75 20 61 20 73 74 61 74 69 73 74 69 63 20 6f 66	his.will.show.you.a.statistic.of
72f00	20 61 6c 6c 20 72 75 6c 65 2d 73 65 74 73 20 73 69 6e 63 65 20 74 68 65 20 6c 61 73 74 20 62 6f	.all.rule-sets.since.the.last.bo
72f20	6f 74 2e 00 54 68 69 73 20 77 69 6c 6c 20 73 68 6f 77 20 79 6f 75 20 61 20 73 75 6d 6d 61 72 79	ot..This.will.show.you.a.summary
72f40	20 6f 66 20 72 75 6c 65 2d 73 65 74 73 20 61 6e 64 20 67 72 6f 75 70 73 00 54 68 69 73 20 77 6f	.of.rule-sets.and.groups.This.wo
72f60	72 6b 61 72 6f 75 6e 64 20 6c 65 74 73 20 79 6f 75 20 61 70 70 6c 79 20 61 20 73 68 61 70 69 6e	rkaround.lets.you.apply.a.shapin
72f80	67 20 70 6f 6c 69 63 79 20 74 6f 20 74 68 65 20 69 6e 67 72 65 73 73 20 74 72 61 66 66 69 63 20	g.policy.to.the.ingress.traffic.
72fa0	62 79 20 66 69 72 73 74 20 72 65 64 69 72 65 63 74 69 6e 67 20 69 74 20 74 6f 20 61 6e 20 69 6e	by.first.redirecting.it.to.an.in
72fc0	2d 62 65 74 77 65 65 6e 20 76 69 72 74 75 61 6c 20 69 6e 74 65 72 66 61 63 65 20 28 60 49 6e 74	-between.virtual.interface.(`Int
72fe0	65 72 6d 65 64 69 61 74 65 20 46 75 6e 63 74 69 6f 6e 61 6c 20 42 6c 6f 63 6b 60 5f 29 2e 20 54	ermediate.Functional.Block`_)..T
73000	68 65 72 65 2c 20 69 6e 20 74 68 61 74 20 76 69 72 74 75 61 6c 20 69 6e 74 65 72 66 61 63 65 2c	here,.in.that.virtual.interface,
73020	20 79 6f 75 20 77 69 6c 6c 20 62 65 20 61 62 6c 65 20 74 6f 20 61 70 70 6c 79 20 61 6e 79 20 6f	.you.will.be.able.to.apply.any.o
73040	66 20 74 68 65 20 70 6f 6c 69 63 69 65 73 20 74 68 61 74 20 77 6f 72 6b 20 66 6f 72 20 6f 75 74	f.the.policies.that.work.for.out
73060	62 6f 75 6e 64 20 74 72 61 66 66 69 63 2c 20 66 6f 72 20 69 6e 73 74 61 6e 63 65 2c 20 61 20 73	bound.traffic,.for.instance,.a.s
73080	68 61 70 69 6e 67 20 6f 6e 65 2e 00 54 68 69 73 20 77 6f 75 6c 64 20 67 65 6e 65 72 61 74 65 20	haping.one..This.would.generate.
730a0	74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3a 00 54 68 72	the.following.configuration:.Thr
730c0	65 65 20 73 69 67 6e 69 66 69 63 61 6e 74 20 76 65 72 73 69 6f 6e 73 20 6f 66 20 53 4e 4d 50 20	ee.significant.versions.of.SNMP.
730e0	68 61 76 65 20 62 65 65 6e 20 64 65 76 65 6c 6f 70 65 64 20 61 6e 64 20 64 65 70 6c 6f 79 65 64	have.been.developed.and.deployed
73100	2e 20 53 4e 4d 50 76 31 20 69 73 20 74 68 65 20 6f 72 69 67 69 6e 61 6c 20 76 65 72 73 69 6f 6e	..SNMPv1.is.the.original.version
73120	20 6f 66 20 74 68 65 20 70 72 6f 74 6f 63 6f 6c 2e 20 4d 6f 72 65 20 72 65 63 65 6e 74 20 76 65	.of.the.protocol..More.recent.ve
73140	72 73 69 6f 6e 73 2c 20 53 4e 4d 50 76 32 63 20 61 6e 64 20 53 4e 4d 50 76 33 2c 20 66 65 61 74	rsions,.SNMPv2c.and.SNMPv3,.feat
73160	75 72 65 20 69 6d 70 72 6f 76 65 6d 65 6e 74 73 20 69 6e 20 70 65 72 66 6f 72 6d 61 6e 63 65 2c	ure.improvements.in.performance,
73180	20 66 6c 65 78 69 62 69 6c 69 74 79 20 61 6e 64 20 73 65 63 75 72 69 74 79 2e 00 54 69 6d 65 20	.flexibility.and.security..Time.
731a0	5a 6f 6e 65 00 54 69 6d 65 20 5a 6f 6e 65 20 73 65 74 74 69 6e 67 20 69 73 20 76 65 72 79 20 69	Zone.Time.Zone.setting.is.very.i
731c0	6d 70 6f 72 74 61 6e 74 20 61 73 20 65 2e 67 20 61 6c 6c 20 79 6f 75 72 20 6c 6f 67 66 69 6c 65	mportant.as.e.g.all.your.logfile
731e0	20 65 6e 74 72 69 65 73 20 77 69 6c 6c 20 62 65 20 62 61 73 65 64 20 6f 6e 20 74 68 65 20 63 6f	.entries.will.be.based.on.the.co
73200	6e 66 69 67 75 72 65 64 20 7a 6f 6e 65 2e 20 57 69 74 68 6f 75 74 20 70 72 6f 70 65 72 20 74 69	nfigured.zone..Without.proper.ti
73220	6d 65 20 7a 6f 6e 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 69 74 20 77 69 6c 6c 20 62 65	me.zone.configuration.it.will.be
73240	20 76 65 72 79 20 64 69 66 66 69 63 75 6c 74 20 74 6f 20 63 6f 6d 70 61 72 65 20 6c 6f 67 66 69	.very.difficult.to.compare.logfi
73260	6c 65 73 20 66 72 6f 6d 20 64 69 66 66 65 72 65 6e 74 20 73 79 73 74 65 6d 73 2e 00 54 69 6d 65	les.from.different.systems..Time
73280	20 69 6e 20 6d 69 6c 6c 69 73 65 63 6f 6e 64 73 20 62 65 74 77 65 65 6e 20 72 65 74 72 61 6e 73	.in.milliseconds.between.retrans
732a0	6d 69 74 74 65 64 20 4e 65 69 67 68 62 6f 72 20 53 6f 6c 69 63 69 74 61 74 69 6f 6e 20 6d 65 73	mitted.Neighbor.Solicitation.mes
732c0	73 61 67 65 73 00 54 69 6d 65 20 69 6e 20 73 65 63 6f 6e 64 73 20 74 68 61 74 20 74 68 65 20 70	sages.Time.in.seconds.that.the.p
732e0	72 65 66 69 78 20 77 69 6c 6c 20 72 65 6d 61 69 6e 20 70 72 65 66 65 72 72 65 64 20 28 64 65 66	refix.will.remain.preferred.(def
73300	61 75 6c 74 20 34 20 68 6f 75 72 73 29 00 54 69 6d 65 20 69 6e 20 73 65 63 6f 6e 64 73 20 74 68	ault.4.hours).Time.in.seconds.th
73320	61 74 20 74 68 65 20 70 72 65 66 69 78 20 77 69 6c 6c 20 72 65 6d 61 69 6e 20 76 61 6c 69 64 20	at.the.prefix.will.remain.valid.
73340	28 64 65 66 61 75 6c 74 3a 20 33 30 20 64 61 79 73 29 00 54 69 6d 65 20 69 73 20 69 6e 20 6d 69	(default:.30.days).Time.is.in.mi
73360	6e 75 74 65 73 20 61 6e 64 20 64 65 66 61 75 6c 74 73 20 74 6f 20 36 30 2e 00 54 69 6d 65 20 74	nutes.and.defaults.to.60..Time.t
73380	6f 20 6d 61 74 63 68 20 74 68 65 20 64 65 66 69 6e 65 64 20 72 75 6c 65 2e 00 54 69 6d 65 2c 20	o.match.the.defined.rule..Time,.
733a0	69 6e 20 6d 69 6c 6c 69 73 65 63 6f 6e 64 73 2c 20 74 68 61 74 20 61 20 6e 6f 64 65 20 61 73 73	in.milliseconds,.that.a.node.ass
733c0	75 6d 65 73 20 61 20 6e 65 69 67 68 62 6f 72 20 69 73 20 72 65 61 63 68 61 62 6c 65 20 61 66 74	umes.a.neighbor.is.reachable.aft
733e0	65 72 20 68 61 76 69 6e 67 20 72 65 63 65 69 76 65 64 20 61 20 72 65 61 63 68 61 62 69 6c 69 74	er.having.received.a.reachabilit
73400	79 20 63 6f 6e 66 69 72 6d 61 74 69 6f 6e 00 54 69 6d 65 6f 75 74 20 69 6e 20 73 65 63 6f 6e 64	y.confirmation.Timeout.in.second
73420	73 20 62 65 74 77 65 65 6e 20 68 65 61 6c 74 68 20 74 61 72 67 65 74 20 63 68 65 63 6b 73 2e 00	s.between.health.target.checks..
73440	54 69 6d 65 6f 75 74 20 74 6f 20 77 61 69 74 20 72 65 70 6c 79 20 66 6f 72 20 49 6e 74 65 72 69	Timeout.to.wait.reply.for.Interi
73460	6d 2d 55 70 64 61 74 65 20 70 61 63 6b 65 74 73 2e 20 28 64 65 66 61 75 6c 74 20 33 20 73 65 63	m-Update.packets..(default.3.sec
73480	6f 6e 64 73 29 00 54 69 6d 65 6f 75 74 20 74 6f 20 77 61 69 74 20 72 65 73 70 6f 6e 73 65 20 66	onds).Timeout.to.wait.response.f
734a0	72 6f 6d 20 73 65 72 76 65 72 20 28 73 65 63 6f 6e 64 73 29 00 54 69 6d 65 72 73 00 54 6f 20 61	rom.server.(seconds).Timers.To.a
734c0	63 74 69 76 61 74 65 20 74 68 65 20 56 4c 41 4e 20 61 77 61 72 65 20 62 72 69 64 67 65 2c 20 79	ctivate.the.VLAN.aware.bridge,.y
734e0	6f 75 20 6d 75 73 74 20 61 63 74 69 76 61 74 65 20 74 68 69 73 20 73 65 74 74 69 6e 67 20 74 6f	ou.must.activate.this.setting.to
73500	20 75 73 65 20 56 4c 41 4e 20 73 65 74 74 69 6e 67 73 20 66 6f 72 20 74 68 65 20 62 72 69 64 67	.use.VLAN.settings.for.the.bridg
73520	65 00 54 6f 20 61 6c 6c 6f 77 20 56 50 4e 2d 63 6c 69 65 6e 74 73 20 61 63 63 65 73 73 20 76 69	e.To.allow.VPN-clients.access.vi
73540	61 20 79 6f 75 72 20 65 78 74 65 72 6e 61 6c 20 61 64 64 72 65 73 73 2c 20 61 20 4e 41 54 20 72	a.your.external.address,.a.NAT.r
73560	75 6c 65 20 69 73 20 72 65 71 75 69 72 65 64 3a 00 54 6f 20 61 6c 6c 6f 77 20 74 72 61 66 66 69	ule.is.required:.To.allow.traffi
73580	63 20 74 6f 20 70 61 73 73 20 74 68 72 6f 75 67 68 20 74 6f 20 63 6c 69 65 6e 74 73 2c 20 79 6f	c.to.pass.through.to.clients,.yo
735a0	75 20 6e 65 65 64 20 74 6f 20 61 64 64 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 72 75 6c 65	u.need.to.add.the.following.rule
735c0	73 2e 20 28 69 66 20 79 6f 75 20 75 73 65 64 20 74 68 65 20 64 65 66 61 75 6c 74 20 63 6f 6e 66	s..(if.you.used.the.default.conf
735e0	69 67 75 72 61 74 69 6f 6e 20 61 74 20 74 68 65 20 74 6f 70 20 6f 66 20 74 68 69 73 20 70 61 67	iguration.at.the.top.of.this.pag
73600	65 29 00 54 6f 20 61 70 70 6c 79 20 74 68 69 73 20 70 6f 6c 69 63 79 20 74 6f 20 74 68 65 20 63	e).To.apply.this.policy.to.the.c
73620	6f 72 72 65 63 74 20 69 6e 74 65 72 66 61 63 65 2c 20 63 6f 6e 66 69 67 75 72 65 20 69 74 20 6f	orrect.interface,.configure.it.o
73640	6e 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 74 68 65 20 69 6e 62 6f 75 6e 64 20 6c 6f 63 61	n.the.interface.the.inbound.loca
73660	6c 20 68 6f 73 74 20 77 69 6c 6c 20 73 65 6e 64 20 74 68 72 6f 75 67 68 20 74 6f 20 72 65 61 63	l.host.will.send.through.to.reac
73680	68 20 6f 75 72 20 64 65 73 74 69 6e 65 64 20 74 61 72 67 65 74 20 68 6f 73 74 20 28 69 6e 20 6f	h.our.destined.target.host.(in.o
736a0	75 72 20 65 78 61 6d 70 6c 65 20 65 74 68 31 29 2e 00 54 6f 20 61 75 74 6f 20 75 70 64 61 74 65	ur.example.eth1)..To.auto.update
736c0	20 74 68 65 20 62 6c 61 63 6b 6c 69 73 74 20 66 69 6c 65 73 00 54 6f 20 61 75 74 6f 6d 61 74 69	.the.blacklist.files.To.automati
736e0	63 61 6c 6c 79 20 61 73 73 69 67 6e 20 74 68 65 20 63 6c 69 65 6e 74 20 61 6e 20 49 50 20 61 64	cally.assign.the.client.an.IP.ad
73700	64 72 65 73 73 20 61 73 20 74 75 6e 6e 65 6c 20 65 6e 64 70 6f 69 6e 74 2c 20 61 20 63 6c 69 65	dress.as.tunnel.endpoint,.a.clie
73720	6e 74 20 49 50 20 70 6f 6f 6c 20 69 73 20 6e 65 65 64 65 64 2e 20 54 68 65 20 73 6f 75 72 63 65	nt.IP.pool.is.needed..The.source
73740	20 63 61 6e 20 62 65 20 65 69 74 68 65 72 20 52 41 44 49 55 53 20 6f 72 20 61 20 6c 6f 63 61 6c	.can.be.either.RADIUS.or.a.local
73760	20 73 75 62 6e 65 74 20 6f 72 20 49 50 20 72 61 6e 67 65 20 64 65 66 69 6e 69 74 69 6f 6e 2e 00	.subnet.or.IP.range.definition..
73780	54 6f 20 62 65 20 75 73 65 64 20 6f 6e 6c 79 20 77 68 65 6e 20 60 60 61 63 74 69 6f 6e 60 60 20	To.be.used.only.when.``action``.
737a0	69 73 20 73 65 74 20 74 6f 20 60 60 6a 75 6d 70 60 60 2e 20 55 73 65 20 74 68 69 73 20 63 6f 6d	is.set.to.``jump``..Use.this.com
737c0	6d 61 6e 64 20 74 6f 20 73 70 65 63 69 66 79 20 6a 75 6d 70 20 74 61 72 67 65 74 2e 00 54 6f 20	mand.to.specify.jump.target..To.
737e0	62 65 20 75 73 65 64 20 6f 6e 6c 79 20 77 68 65 6e 20 60 60 64 65 66 75 6c 74 2d 61 63 74 69 6f	be.used.only.when.``defult-actio
73800	6e 60 60 20 69 73 20 73 65 74 20 74 6f 20 60 60 6a 75 6d 70 60 60 2e 20 55 73 65 20 74 68 69 73	n``.is.set.to.``jump``..Use.this
73820	20 63 6f 6d 6d 61 6e 64 20 74 6f 20 73 70 65 63 69 66 79 20 6a 75 6d 70 20 74 61 72 67 65 74 20	.command.to.specify.jump.target.
73840	66 6f 72 20 64 65 66 61 75 6c 74 20 72 75 6c 65 2e 00 54 6f 20 62 65 20 75 73 65 64 20 6f 6e 6c	for.default.rule..To.be.used.onl
73860	79 20 77 68 65 6e 20 61 63 74 69 6f 6e 20 69 73 20 73 65 74 20 74 6f 20 6a 75 6d 70 2e 20 55 73	y.when.action.is.set.to.jump..Us
73880	65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 73 70 65 63 69 66 79 20 6a 75 6d 70 20 74	e.this.command.to.specify.jump.t
738a0	61 72 67 65 74 2e 00 54 6f 20 62 79 70 61 73 73 20 74 68 65 20 70 72 6f 78 79 20 66 6f 72 20 65	arget..To.bypass.the.proxy.for.e
738c0	76 65 72 79 20 72 65 71 75 65 73 74 20 74 68 61 74 20 69 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d	very.request.that.is.coming.from
738e0	20 61 20 73 70 65 63 69 66 69 63 20 73 6f 75 72 63 65 3a 00 54 6f 20 62 79 70 61 73 73 20 74 68	.a.specific.source:.To.bypass.th
73900	65 20 70 72 6f 78 79 20 66 6f 72 20 65 76 65 72 79 20 72 65 71 75 65 73 74 20 74 68 61 74 20 69	e.proxy.for.every.request.that.i
73920	73 20 64 69 72 65 63 74 65 64 20 74 6f 20 61 20 73 70 65 63 69 66 69 63 20 64 65 73 74 69 6e 61	s.directed.to.a.specific.destina
73940	74 69 6f 6e 3a 00 54 6f 20 63 6f 6e 66 69 67 75 72 65 20 49 50 76 36 20 61 73 73 69 67 6e 6d 65	tion:.To.configure.IPv6.assignme
73960	6e 74 73 20 66 6f 72 20 63 6c 69 65 6e 74 73 2c 20 74 77 6f 20 6f 70 74 69 6f 6e 73 20 6e 65 65	nts.for.clients,.two.options.nee
73980	64 20 74 6f 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 2e 20 41 20 67 6c 6f 62 61 6c 20 70 72 65	d.to.be.configured..A.global.pre
739a0	66 69 78 20 77 68 69 63 68 20 69 73 20 74 65 72 6d 69 6e 61 74 65 64 20 6f 6e 20 74 68 65 20 63	fix.which.is.terminated.on.the.c
739c0	6c 69 65 6e 74 73 20 63 70 65 20 61 6e 64 20 61 20 64 65 6c 65 67 61 74 65 64 20 70 72 65 66 69	lients.cpe.and.a.delegated.prefi
739e0	78 2c 20 74 68 65 20 63 6c 69 65 6e 74 20 63 61 6e 20 75 73 65 20 66 6f 72 20 64 65 76 69 63 65	x,.the.client.can.use.for.device
73a00	73 20 72 6f 75 74 65 64 20 76 69 61 20 74 68 65 20 63 6c 69 65 6e 74 73 20 63 70 65 2e 00 54 6f	s.routed.via.the.clients.cpe..To
73a20	20 63 6f 6e 66 69 67 75 72 65 20 62 6c 6f 63 6b 69 6e 67 20 61 64 64 20 74 68 65 20 66 6f 6c 6c	.configure.blocking.add.the.foll
73a40	6f 77 69 6e 67 20 74 6f 20 74 68 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 00 54 6f 20 63 6f	owing.to.the.configuration.To.co
73a60	6e 66 69 67 75 72 65 20 73 69 74 65 2d 74 6f 2d 73 69 74 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 20	nfigure.site-to-site.connection.
73a80	79 6f 75 20 6e 65 65 64 20 74 6f 20 61 64 64 20 70 65 65 72 73 20 77 69 74 68 20 74 68 65 20 60	you.need.to.add.peers.with.the.`
73aa0	60 73 65 74 20 76 70 6e 20 69 70 73 65 63 20 73 69 74 65 2d 74 6f 2d 73 69 74 65 20 70 65 65 72	`set.vpn.ipsec.site-to-site.peer
73ac0	20 3c 6e 61 6d 65 3e 60 60 20 63 6f 6d 6d 61 6e 64 2e 00 54 6f 20 63 6f 6e 66 69 67 75 72 65 20	.<name>``.command..To.configure.
73ae0	73 79 73 6c 6f 67 2c 20 79 6f 75 20 6e 65 65 64 20 74 6f 20 73 77 69 74 63 68 20 69 6e 74 6f 20	syslog,.you.need.to.switch.into.
73b00	63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6d 6f 64 65 2e 00 54 6f 20 63 6f 6e 66 69 67 75 72 65	configuration.mode..To.configure
73b20	20 79 6f 75 72 20 4c 43 44 20 64 69 73 70 6c 61 79 20 79 6f 75 20 6d 75 73 74 20 66 69 72 73 74	.your.LCD.display.you.must.first
73b40	20 69 64 65 6e 74 69 66 79 20 74 68 65 20 75 73 65 64 20 68 61 72 64 77 61 72 65 2c 20 61 6e 64	.identify.the.used.hardware,.and
73b60	20 63 6f 6e 6e 65 63 74 69 76 69 74 79 20 6f 66 20 74 68 65 20 64 69 73 70 6c 61 79 20 74 6f 20	.connectivity.of.the.display.to.
73b80	79 6f 75 72 20 73 79 73 74 65 6d 2e 20 54 68 69 73 20 63 61 6e 20 62 65 20 61 6e 79 20 73 65 72	your.system..This.can.be.any.ser
73ba0	69 61 6c 20 70 6f 72 74 20 28 60 74 74 79 53 78 78 60 29 20 6f 72 20 73 65 72 69 61 6c 20 76 69	ial.port.(`ttySxx`).or.serial.vi
73bc0	61 20 55 53 42 20 6f 72 20 65 76 65 6e 20 6f 6c 64 20 70 61 72 61 6c 6c 65 6c 20 70 6f 72 74 20	a.USB.or.even.old.parallel.port.
73be0	69 6e 74 65 72 66 61 63 65 73 2e 00 54 6f 20 63 72 65 61 74 65 20 56 4c 41 4e 73 20 70 65 72 20	interfaces..To.create.VLANs.per.
73c00	75 73 65 72 20 64 75 72 69 6e 67 20 72 75 6e 74 69 6d 65 2c 20 74 68 65 20 66 6f 6c 6c 6f 77 69	user.during.runtime,.the.followi
73c20	6e 67 20 73 65 74 74 69 6e 67 73 20 61 72 65 20 72 65 71 75 69 72 65 64 20 6f 6e 20 61 20 70 65	ng.settings.are.required.on.a.pe
73c40	72 20 69 6e 74 65 72 66 61 63 65 20 62 61 73 69 73 2e 20 56 4c 41 4e 20 49 44 20 61 6e 64 20 56	r.interface.basis..VLAN.ID.and.V
73c60	4c 41 4e 20 72 61 6e 67 65 20 63 61 6e 20 62 65 20 70 72 65 73 65 6e 74 20 69 6e 20 74 68 65 20	LAN.range.can.be.present.in.the.
73c80	63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 74 20 74 68 65 20 73 61 6d 65 20 74 69 6d 65 2e 00	configuration.at.the.same.time..
73ca0	54 6f 20 63 72 65 61 74 65 20 61 20 6e 65 77 20 6c 69 6e 65 20 69 6e 20 79 6f 75 72 20 6c 6f 67	To.create.a.new.line.in.your.log
73cc0	69 6e 20 6d 65 73 73 61 67 65 20 79 6f 75 20 6e 65 65 64 20 74 6f 20 65 73 63 61 70 65 20 74 68	in.message.you.need.to.escape.th
73ce0	65 20 6e 65 77 20 6c 69 6e 65 20 63 68 61 72 61 63 74 65 72 20 62 79 20 75 73 69 6e 67 20 60 60	e.new.line.character.by.using.``
73d00	5c 5c 6e 60 60 2e 00 54 6f 20 63 72 65 61 74 65 20 6d 6f 72 65 20 74 68 61 6e 20 6f 6e 65 20 74	\\n``..To.create.more.than.one.t
73d20	75 6e 6e 65 6c 2c 20 75 73 65 20 64 69 73 74 69 6e 63 74 20 55 44 50 20 70 6f 72 74 73 2e 00 54	unnel,.use.distinct.UDP.ports..T
73d40	6f 20 63 72 65 61 74 65 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 20 31 30 30 20 61 6e 64 20 61	o.create.routing.table.100.and.a
73d60	64 64 20 61 20 6e 65 77 20 64 65 66 61 75 6c 74 20 67 61 74 65 77 61 79 20 74 6f 20 62 65 20 75	dd.a.new.default.gateway.to.be.u
73d80	73 65 64 20 62 79 20 74 72 61 66 66 69 63 20 6d 61 74 63 68 69 6e 67 20 6f 75 72 20 72 6f 75 74	sed.by.traffic.matching.our.rout
73da0	65 20 70 6f 6c 69 63 79 3a 00 54 6f 20 64 65 66 69 6e 65 20 61 20 7a 6f 6e 65 20 73 65 74 75 70	e.policy:.To.define.a.zone.setup
73dc0	20 65 69 74 68 65 72 20 6f 6e 65 20 77 69 74 68 20 69 6e 74 65 72 66 61 63 65 73 20 6f 72 20 61	.either.one.with.interfaces.or.a
73de0	20 6c 6f 63 61 6c 20 7a 6f 6e 65 2e 00 54 6f 20 64 69 73 61 62 6c 65 20 61 64 76 65 72 74 69 73	.local.zone..To.disable.advertis
73e00	65 6d 65 6e 74 73 20 77 69 74 68 6f 75 74 20 64 65 6c 65 74 69 6e 67 20 74 68 65 20 63 6f 6e 66	ements.without.deleting.the.conf
73e20	69 67 75 72 61 74 69 6f 6e 3a 00 54 6f 20 64 69 73 70 6c 61 79 20 74 68 65 20 63 6f 6e 66 69 67	iguration:.To.display.the.config
73e40	75 72 65 64 20 4f 54 50 20 75 73 65 72 20 6b 65 79 2c 20 75 73 65 20 74 68 65 20 63 6f 6d 6d 61	ured.OTP.user.key,.use.the.comma
73e60	6e 64 3a 00 54 6f 20 64 69 73 70 6c 61 79 20 74 68 65 20 63 6f 6e 66 69 67 75 72 65 64 20 4f 54	nd:.To.display.the.configured.OT
73e80	50 20 75 73 65 72 20 73 65 74 74 69 6e 67 73 2c 20 75 73 65 20 74 68 65 20 63 6f 6d 6d 61 6e 64	P.user.settings,.use.the.command
73ea0	3a 00 54 6f 20 65 6e 61 62 6c 65 20 4d 4c 44 20 72 65 70 6f 72 74 73 20 61 6e 64 20 71 75 65 72	:.To.enable.MLD.reports.and.quer
73ec0	79 20 6f 6e 20 69 6e 74 65 72 66 61 63 65 73 20 60 65 74 68 30 60 20 61 6e 64 20 60 65 74 68 31	y.on.interfaces.`eth0`.and.`eth1
73ee0	60 3a 00 54 6f 20 65 6e 61 62 6c 65 20 52 41 44 49 55 53 20 62 61 73 65 64 20 61 75 74 68 65 6e	`:.To.enable.RADIUS.based.authen
73f00	74 69 63 61 74 69 6f 6e 2c 20 74 68 65 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 6d 6f 64	tication,.the.authentication.mod
73f20	65 20 6e 65 65 64 73 20 74 6f 20 62 65 20 63 68 61 6e 67 65 64 20 77 69 74 68 69 6e 20 74 68 65	e.needs.to.be.changed.within.the
73f40	20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2e 20 50 72 65 76 69 6f 75 73 20 73 65 74 74 69 6e 67	.configuration..Previous.setting
73f60	73 20 6c 69 6b 65 20 74 68 65 20 6c 6f 63 61 6c 20 75 73 65 72 73 2c 20 73 74 69 6c 6c 20 65 78	s.like.the.local.users,.still.ex
73f80	69 73 74 73 20 77 69 74 68 69 6e 20 74 68 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2c 20 68	ists.within.the.configuration,.h
73fa0	6f 77 65 76 65 72 20 74 68 65 79 20 61 72 65 20 6e 6f 74 20 75 73 65 64 20 69 66 20 74 68 65 20	owever.they.are.not.used.if.the.
73fc0	6d 6f 64 65 20 68 61 73 20 62 65 65 6e 20 63 68 61 6e 67 65 64 20 66 72 6f 6d 20 6c 6f 63 61 6c	mode.has.been.changed.from.local
73fe0	20 74 6f 20 72 61 64 69 75 73 2e 20 4f 6e 63 65 20 63 68 61 6e 67 65 64 20 62 61 63 6b 20 74 6f	.to.radius..Once.changed.back.to
74000	20 6c 6f 63 61 6c 2c 20 69 74 20 77 69 6c 6c 20 75 73 65 20 61 6c 6c 20 6c 6f 63 61 6c 20 61 63	.local,.it.will.use.all.local.ac
74020	63 6f 75 6e 74 73 20 61 67 61 69 6e 2e 00 54 6f 20 65 6e 61 62 6c 65 20 62 61 6e 64 77 69 64 74	counts.again..To.enable.bandwidt
74040	68 20 73 68 61 70 69 6e 67 20 76 69 61 20 52 41 44 49 55 53 2c 20 74 68 65 20 6f 70 74 69 6f 6e	h.shaping.via.RADIUS,.the.option
74060	20 72 61 74 65 2d 6c 69 6d 69 74 20 6e 65 65 64 73 20 74 6f 20 62 65 20 65 6e 61 62 6c 65 64 2e	.rate-limit.needs.to.be.enabled.
74080	00 54 6f 20 65 6e 61 62 6c 65 20 64 65 62 75 67 20 6d 65 73 73 61 67 65 73 2e 20 41 76 61 69 6c	.To.enable.debug.messages..Avail
740a0	61 62 6c 65 20 76 69 61 20 3a 6f 70 63 6d 64 3a 60 73 68 6f 77 20 6c 6f 67 60 20 6f 72 20 3a 6f	able.via.:opcmd:`show.log`.or.:o
740c0	70 63 6d 64 3a 60 6d 6f 6e 69 74 6f 72 20 6c 6f 67 60 00 54 6f 20 65 6e 61 62 6c 65 20 6d 44 4e	pcmd:`monitor.log`.To.enable.mDN
740e0	53 20 72 65 70 65 61 74 65 72 20 79 6f 75 20 6e 65 65 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65	S.repeater.you.need.to.configure
74100	20 61 74 20 6c 65 61 73 74 20 74 77 6f 20 69 6e 74 65 72 66 61 63 65 73 2e 20 54 6f 20 72 65 2d	.at.least.two.interfaces..To.re-
74120	62 72 6f 61 64 63 61 73 74 20 61 6c 6c 20 69 6e 63 6f 6d 69 6e 67 20 6d 44 4e 53 20 70 61 63 6b	broadcast.all.incoming.mDNS.pack
74140	65 74 73 20 66 72 6f 6d 20 61 6e 79 20 69 6e 74 65 72 66 61 63 65 20 63 6f 6e 66 69 67 75 72 65	ets.from.any.interface.configure
74160	64 20 68 65 72 65 20 74 6f 20 61 6e 79 20 6f 74 68 65 72 20 69 6e 74 65 72 66 61 63 65 20 63 6f	d.here.to.any.other.interface.co
74180	6e 66 69 67 75 72 65 64 20 75 6e 64 65 72 20 74 68 69 73 20 73 65 63 74 69 6f 6e 2e 00 54 6f 20	nfigured.under.this.section..To.
741a0	65 6e 61 62 6c 65 2f 64 69 73 61 62 6c 65 20 68 65 6c 70 65 72 20 73 75 70 70 6f 72 74 20 66 6f	enable/disable.helper.support.fo
741c0	72 20 61 20 73 70 65 63 69 66 69 63 20 6e 65 69 67 68 62 6f 75 72 2c 20 74 68 65 20 72 6f 75 74	r.a.specific.neighbour,.the.rout
741e0	65 72 2d 69 64 20 28 41 2e 42 2e 43 2e 44 29 20 68 61 73 20 74 6f 20 62 65 20 73 70 65 63 69 66	er-id.(A.B.C.D).has.to.be.specif
74200	69 65 64 2e 00 54 6f 20 65 78 63 6c 75 64 65 20 74 72 61 66 66 69 63 20 66 72 6f 6d 20 6c 6f 61	ied..To.exclude.traffic.from.loa
74220	64 20 62 61 6c 61 6e 63 69 6e 67 2c 20 74 72 61 66 66 69 63 20 6d 61 74 63 68 69 6e 67 20 61 6e	d.balancing,.traffic.matching.an
74240	20 65 78 63 6c 75 64 65 20 72 75 6c 65 20 69 73 20 6e 6f 74 20 62 61 6c 61 6e 63 65 64 20 62 75	.exclude.rule.is.not.balanced.bu
74260	74 20 72 6f 75 74 65 64 20 74 68 72 6f 75 67 68 20 74 68 65 20 73 79 73 74 65 6d 20 72 6f 75 74	t.routed.through.the.system.rout
74280	69 6e 67 20 74 61 62 6c 65 20 69 6e 73 74 65 61 64 3a 00 54 6f 20 65 78 74 65 6e 64 20 53 4e 4d	ing.table.instead:.To.extend.SNM
742a0	50 20 61 67 65 6e 74 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79 2c 20 63 75 73 74 6f 6d 20 73 63	P.agent.functionality,.custom.sc
742c0	72 69 70 74 73 20 63 61 6e 20 62 65 20 65 78 65 63 75 74 65 64 20 65 76 65 72 79 20 74 69 6d 65	ripts.can.be.executed.every.time
742e0	20 74 68 65 20 61 67 65 6e 74 20 69 73 20 62 65 69 6e 67 20 63 61 6c 6c 65 64 2e 20 54 68 69 73	.the.agent.is.being.called..This
74300	20 63 61 6e 20 62 65 20 61 63 68 69 65 76 65 64 20 62 79 20 75 73 69 6e 67 20 60 60 61 72 62 69	.can.be.achieved.by.using.``arbi
74320	74 72 61 72 79 20 65 78 74 65 6e 73 69 6f 6e 63 6f 6d 6d 61 6e 64 73 60 60 2e 20 54 68 65 20 66	trary.extensioncommands``..The.f
74340	69 72 73 74 20 73 74 65 70 20 69 73 20 74 6f 20 63 72 65 61 74 65 20 61 20 66 75 6e 63 74 69 6f	irst.step.is.to.create.a.functio
74360	6e 61 6c 20 73 63 72 69 70 74 20 6f 66 20 63 6f 75 72 73 65 2c 20 74 68 65 6e 20 75 70 6c 6f 61	nal.script.of.course,.then.uploa
74380	64 20 69 74 20 74 6f 20 79 6f 75 72 20 56 79 4f 53 20 69 6e 73 74 61 6e 63 65 20 76 69 61 20 74	d.it.to.your.VyOS.instance.via.t
743a0	68 65 20 63 6f 6d 6d 61 6e 64 20 60 60 73 63 70 20 79 6f 75 72 5f 73 63 72 69 70 74 2e 73 68 20	he.command.``scp.your_script.sh.
743c0	76 79 6f 73 40 79 6f 75 72 5f 72 6f 75 74 65 72 3a 2f 63 6f 6e 66 69 67 2f 75 73 65 72 2d 64 61	vyos@your_router:/config/user-da
743e0	74 61 60 60 2e 20 4f 6e 63 65 20 74 68 65 20 73 63 72 69 70 74 20 69 73 20 75 70 6c 6f 61 64 65	ta``..Once.the.script.is.uploade
74400	64 2c 20 69 74 20 6e 65 65 64 73 20 74 6f 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 76 69 61	d,.it.needs.to.be.configured.via
74420	20 74 68 65 20 63 6f 6d 6d 61 6e 64 20 62 65 6c 6f 77 2e 00 54 6f 20 66 6f 72 77 61 72 64 20 61	.the.command.below..To.forward.a
74440	6c 6c 20 62 72 6f 61 64 63 61 73 74 20 70 61 63 6b 65 74 73 20 72 65 63 65 69 76 65 64 20 6f 6e	ll.broadcast.packets.received.on
74460	20 60 55 44 50 20 70 6f 72 74 20 31 39 30 30 60 20 6f 6e 20 60 65 74 68 33 60 2c 20 60 65 74 68	.`UDP.port.1900`.on.`eth3`,.`eth
74480	34 60 20 6f 72 20 60 65 74 68 35 60 20 74 6f 20 61 6c 6c 20 6f 74 68 65 72 20 69 6e 74 65 72 66	4`.or.`eth5`.to.all.other.interf
744a0	61 63 65 73 20 69 6e 20 74 68 69 73 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2e 00 54 6f 20 67	aces.in.this.configuration..To.g
744c0	65 6e 65 72 61 74 65 20 74 68 65 20 43 41 2c 20 74 68 65 20 73 65 72 76 65 72 20 70 72 69 76 61	enerate.the.CA,.the.server.priva
744e0	74 65 20 6b 65 79 20 61 6e 64 20 63 65 72 74 69 66 69 63 61 74 65 73 20 74 68 65 20 66 6f 6c 6c	te.key.and.certificates.the.foll
74500	6f 77 69 6e 67 20 63 6f 6d 6d 61 6e 64 73 20 63 61 6e 20 62 65 20 75 73 65 64 2e 00 54 6f 20 67	owing.commands.can.be.used..To.g
74520	65 74 20 69 74 20 74 6f 20 77 6f 72 6b 20 61 73 20 61 6e 20 61 63 63 65 73 73 20 70 6f 69 6e 74	et.it.to.work.as.an.access.point
74540	20 77 69 74 68 20 74 68 69 73 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 79 6f 75 20 77 69 6c	.with.this.configuration.you.wil
74560	6c 20 6e 65 65 64 20 74 6f 20 73 65 74 20 75 70 20 61 20 44 48 43 50 20 73 65 72 76 65 72 20 74	l.need.to.set.up.a.DHCP.server.t
74580	6f 20 77 6f 72 6b 20 77 69 74 68 20 74 68 61 74 20 6e 65 74 77 6f 72 6b 2e 20 59 6f 75 20 63 61	o.work.with.that.network..You.ca
745a0	6e 20 2d 20 6f 66 20 63 6f 75 72 73 65 20 2d 20 61 6c 73 6f 20 62 72 69 64 67 65 20 74 68 65 20	n.-.of.course.-.also.bridge.the.
745c0	57 69 72 65 6c 65 73 73 20 69 6e 74 65 72 66 61 63 65 20 77 69 74 68 20 61 6e 79 20 63 6f 6e 66	Wireless.interface.with.any.conf
745e0	69 67 75 72 65 64 20 62 72 69 64 67 65 20 28 3a 72 65 66 3a 60 62 72 69 64 67 65 2d 69 6e 74 65	igured.bridge.(:ref:`bridge-inte
74600	72 66 61 63 65 60 29 20 6f 6e 20 74 68 65 20 73 79 73 74 65 6d 2e 00 54 6f 20 68 61 6e 64 20 6f	rface`).on.the.system..To.hand.o
74620	75 74 20 69 6e 64 69 76 69 64 75 61 6c 20 70 72 65 66 69 78 65 73 20 74 6f 20 79 6f 75 72 20 63	ut.individual.prefixes.to.your.c
74640	6c 69 65 6e 74 73 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 63 6f 6e 66 69 67 75 72 61 74 69	lients.the.following.configurati
74660	6f 6e 20 69 73 20 75 73 65 64 3a 00 54 6f 20 6b 6e 6f 77 20 6d 6f 72 65 20 61 62 6f 75 74 20 73	on.is.used:.To.know.more.about.s
74680	63 72 69 70 74 69 6e 67 2c 20 63 68 65 63 6b 20 74 68 65 20 3a 72 65 66 3a 60 63 6f 6d 6d 61 6e	cripting,.check.the.:ref:`comman
746a0	64 2d 73 63 72 69 70 74 69 6e 67 60 20 73 65 63 74 69 6f 6e 2e 00 54 6f 20 6c 69 73 74 65 6e 20	d-scripting`.section..To.listen.
746c0	6f 6e 20 62 6f 74 68 20 60 65 74 68 30 60 20 61 6e 64 20 60 65 74 68 31 60 20 6d 44 4e 53 20 70	on.both.`eth0`.and.`eth1`.mDNS.p
746e0	61 63 6b 65 74 73 20 61 6e 64 20 61 6c 73 6f 20 72 65 70 65 61 74 20 70 61 63 6b 65 74 73 20 72	ackets.and.also.repeat.packets.r
74700	65 63 65 69 76 65 64 20 6f 6e 20 60 65 74 68 30 60 20 74 6f 20 60 65 74 68 31 60 20 28 61 6e 64	eceived.on.`eth0`.to.`eth1`.(and
74720	20 76 69 63 65 2d 76 65 72 73 61 29 20 75 73 65 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 63	.vice-versa).use.the.following.c
74740	6f 6d 6d 61 6e 64 73 3a 00 54 6f 20 6d 61 6e 69 70 75 6c 61 74 65 20 6f 72 20 64 69 73 70 6c 61	ommands:.To.manipulate.or.displa
74760	79 20 41 52 50 5f 20 74 61 62 6c 65 20 65 6e 74 72 69 65 73 2c 20 74 68 65 20 66 6f 6c 6c 6f 77	y.ARP_.table.entries,.the.follow
74780	69 6e 67 20 63 6f 6d 6d 61 6e 64 73 20 61 72 65 20 69 6d 70 6c 65 6d 65 6e 74 65 64 2e 00 54 6f	ing.commands.are.implemented..To
747a0	20 70 65 72 66 6f 72 6d 20 61 20 67 72 61 63 65 66 75 6c 20 73 68 75 74 64 6f 77 6e 2c 20 74 68	.perform.a.graceful.shutdown,.th
747c0	65 20 46 52 52 20 60 60 67 72 61 63 65 66 75 6c 2d 72 65 73 74 61 72 74 20 70 72 65 70 61 72 65	e.FRR.``graceful-restart.prepare
747e0	20 69 70 20 6f 73 70 66 60 60 20 45 58 45 43 2d 6c 65 76 65 6c 20 63 6f 6d 6d 61 6e 64 20 6e 65	.ip.ospf``.EXEC-level.command.ne
74800	65 64 73 20 74 6f 20 62 65 20 69 73 73 75 65 64 20 62 65 66 6f 72 65 20 72 65 73 74 61 72 74 69	eds.to.be.issued.before.restarti
74820	6e 67 20 74 68 65 20 6f 73 70 66 64 20 64 61 65 6d 6f 6e 2e 00 54 6f 20 72 65 71 75 65 73 74 20	ng.the.ospfd.daemon..To.request.
74840	61 20 2f 35 36 20 70 72 65 66 69 78 20 66 72 6f 6d 20 79 6f 75 72 20 49 53 50 20 75 73 65 3a 00	a./56.prefix.from.your.ISP.use:.
74860	54 6f 20 72 65 73 74 61 72 74 20 74 68 65 20 44 48 43 50 76 36 20 73 65 72 76 65 72 00 54 6f 20	To.restart.the.DHCPv6.server.To.
74880	73 65 74 75 70 20 53 4e 41 54 2c 20 77 65 20 6e 65 65 64 20 74 6f 20 6b 6e 6f 77 3a 00 54 6f 20	setup.SNAT,.we.need.to.know:.To.
748a0	73 65 74 75 70 20 61 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 4e 41 54 20 72 75 6c 65 20 77 65 20	setup.a.destination.NAT.rule.we.
748c0	6e 65 65 64 20 74 6f 20 67 61 74 68 65 72 3a 00 54 6f 20 75 70 64 61 74 65 20 74 68 65 20 66 69	need.to.gather:.To.update.the.fi
748e0	72 6d 77 61 72 65 2c 20 56 79 4f 53 20 61 6c 73 6f 20 73 68 69 70 73 20 74 68 65 20 60 71 6d 69	rmware,.VyOS.also.ships.the.`qmi
74900	2d 66 69 72 6d 77 61 72 65 2d 75 70 64 61 74 65 60 20 62 69 6e 61 72 79 2e 20 54 6f 20 75 70 67	-firmware-update`.binary..To.upg
74920	72 61 64 65 20 74 68 65 20 66 69 72 6d 77 61 72 65 20 6f 66 20 61 6e 20 65 2e 67 2e 20 53 69 65	rade.the.firmware.of.an.e.g..Sie
74940	72 72 61 20 57 69 72 65 6c 65 73 73 20 4d 43 37 37 31 30 20 6d 6f 64 75 6c 65 20 74 6f 20 74 68	rra.Wireless.MC7710.module.to.th
74960	65 20 66 69 72 6d 77 61 72 65 20 70 72 6f 76 69 64 65 64 20 69 6e 20 74 68 65 20 66 69 6c 65 20	e.firmware.provided.in.the.file.
74980	60 60 39 39 39 39 39 39 39 5f 39 39 39 39 39 39 39 5f 39 32 30 30 5f 30 33 2e 30 35 2e 31 34 2e	``9999999_9999999_9200_03.05.14.
749a0	30 30 5f 30 30 5f 67 65 6e 65 72 69 63 5f 30 30 30 2e 30 30 30 5f 30 30 31 5f 53 50 4b 47 5f 4d	00_00_generic_000.000_001_SPKG_M
749c0	43 2e 63 77 65 60 60 20 75 73 65 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 63 6f 6d 6d 61 6e	C.cwe``.use.the.following.comman
749e0	64 3a 00 54 6f 20 75 73 65 20 61 20 52 41 44 49 55 53 20 73 65 72 76 65 72 20 66 6f 72 20 61 75	d:.To.use.a.RADIUS.server.for.au
74a00	74 68 65 6e 74 69 63 61 74 69 6f 6e 20 61 6e 64 20 62 61 6e 64 77 69 64 74 68 2d 73 68 61 70 69	thentication.and.bandwidth-shapi
74a20	6e 67 2c 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 65 78 61 6d 70 6c 65 20 63 6f 6e 66 69 67	ng,.the.following.example.config
74a40	75 72 61 74 69 6f 6e 20 63 61 6e 20 62 65 20 75 73 65 64 2e 00 54 6f 20 75 73 65 20 61 20 72 61	uration.can.be.used..To.use.a.ra
74a60	64 69 75 73 20 73 65 72 76 65 72 2c 20 79 6f 75 20 6e 65 65 64 20 74 6f 20 73 77 69 74 63 68 20	dius.server,.you.need.to.switch.
74a80	74 6f 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 6d 6f 64 65 20 52 41 44 49 55 53 20 61 6e	to.authentication.mode.RADIUS.an
74aa0	64 20 74 68 65 6e 20 63 6f 6e 66 69 67 75 72 65 20 69 74 2e 00 54 6f 20 75 73 65 20 73 75 63 68	d.then.configure.it..To.use.such
74ac0	20 61 20 73 65 72 76 69 63 65 2c 20 6f 6e 65 20 6d 75 73 74 20 64 65 66 69 6e 65 20 61 20 6c 6f	.a.service,.one.must.define.a.lo
74ae0	67 69 6e 2c 20 70 61 73 73 77 6f 72 64 2c 20 6f 6e 65 20 6f 72 20 6d 75 6c 74 69 70 6c 65 20 68	gin,.password,.one.or.multiple.h
74b00	6f 73 74 6e 61 6d 65 73 2c 20 70 72 6f 74 6f 63 6f 6c 20 61 6e 64 20 73 65 72 76 65 72 2e 00 54	ostnames,.protocol.and.server..T
74b20	6f 20 75 73 65 20 74 68 65 20 53 61 6c 74 2d 4d 69 6e 69 6f 6e 2c 20 61 20 72 75 6e 6e 69 6e 67	o.use.the.Salt-Minion,.a.running
74b40	20 53 61 6c 74 2d 4d 61 73 74 65 72 20 69 73 20 72 65 71 75 69 72 65 64 2e 20 59 6f 75 20 63 61	.Salt-Master.is.required..You.ca
74b60	6e 20 66 69 6e 64 20 6d 6f 72 65 20 69 6e 20 74 68 65 20 60 53 61 6c 74 20 50 6f 6a 65 63 74 20	n.find.more.in.the.`Salt.Poject.
74b80	44 6f 63 75 6d 65 6e 74 61 69 6f 6e 20 3c 68 74 74 70 73 3a 2f 2f 64 6f 63 73 2e 73 61 6c 74 70	Documentaion.<https://docs.saltp
74ba0	72 6f 6a 65 63 74 2e 69 6f 2f 65 6e 2f 6c 61 74 65 73 74 2f 63 6f 6e 74 65 6e 74 73 2e 68 74 6d	roject.io/en/latest/contents.htm
74bc0	6c 3e 60 5f 00 54 6f 20 75 73 65 20 74 68 69 73 20 66 75 6c 6c 20 63 6f 6e 66 69 67 75 72 61 74	l>`_.To.use.this.full.configurat
74be0	69 6f 6e 20 77 65 20 61 73 75 6d 65 20 61 20 70 75 62 6c 69 63 20 61 63 63 65 73 73 69 62 6c 65	ion.we.asume.a.public.accessible
74c00	20 68 6f 73 74 6e 61 6d 65 2e 00 54 6f 70 6f 6c 6f 67 79 3a 00 54 6f 70 6f 6c 6f 67 79 3a 20 50	.hostname..Topology:.Topology:.P
74c20	43 34 20 2d 20 4c 65 61 66 32 20 2d 20 53 70 69 6e 65 31 20 2d 20 4c 65 61 66 33 20 2d 20 50 43	C4.-.Leaf2.-.Spine1.-.Leaf3.-.PC
74c40	35 00 54 72 61 63 6b 00 54 72 61 63 6b 20 6f 70 74 69 6f 6e 20 74 6f 20 74 72 61 63 6b 20 6e 6f	5.Track.Track.option.to.track.no
74c60	6e 20 56 52 52 50 20 69 6e 74 65 72 66 61 63 65 20 73 74 61 74 65 73 2e 20 56 52 52 50 20 63 68	n.VRRP.interface.states..VRRP.ch
74c80	61 6e 67 65 73 20 73 74 61 74 75 73 20 74 6f 20 60 60 46 41 55 4c 54 60 60 20 69 66 20 6f 6e 65	anges.status.to.``FAULT``.if.one
74ca0	20 6f 66 20 74 68 65 20 74 72 61 63 6b 20 69 6e 74 65 72 66 61 63 65 73 20 69 6e 20 73 74 61 74	.of.the.track.interfaces.in.stat
74cc0	65 20 60 60 64 6f 77 6e 60 60 2e 00 54 72 61 64 69 74 69 6f 6e 61 6c 20 42 47 50 20 64 69 64 20	e.``down``..Traditional.BGP.did.
74ce0	6e 6f 74 20 68 61 76 65 20 74 68 65 20 66 65 61 74 75 72 65 20 74 6f 20 64 65 74 65 63 74 20 61	not.have.the.feature.to.detect.a
74d00	20 72 65 6d 6f 74 65 20 70 65 65 72 27 73 20 63 61 70 61 62 69 6c 69 74 69 65 73 2c 20 65 2e 67	.remote.peer's.capabilities,.e.g
74d20	2e 20 77 68 65 74 68 65 72 20 69 74 20 63 61 6e 20 68 61 6e 64 6c 65 20 70 72 65 66 69 78 20 74	..whether.it.can.handle.prefix.t
74d40	79 70 65 73 20 6f 74 68 65 72 20 74 68 61 6e 20 49 50 76 34 20 75 6e 69 63 61 73 74 20 72 6f 75	ypes.other.than.IPv4.unicast.rou
74d60	74 65 73 2e 20 54 68 69 73 20 77 61 73 20 61 20 62 69 67 20 70 72 6f 62 6c 65 6d 20 75 73 69 6e	tes..This.was.a.big.problem.usin
74d80	67 20 4d 75 6c 74 69 70 72 6f 74 6f 63 6f 6c 20 45 78 74 65 6e 73 69 6f 6e 20 66 6f 72 20 42 47	g.Multiprotocol.Extension.for.BG
74da0	50 20 69 6e 20 61 6e 20 6f 70 65 72 61 74 69 6f 6e 61 6c 20 6e 65 74 77 6f 72 6b 2e 20 3a 72 66	P.in.an.operational.network..:rf
74dc0	63 3a 60 32 38 34 32 60 20 61 64 6f 70 74 65 64 20 61 20 66 65 61 74 75 72 65 20 63 61 6c 6c 65	c:`2842`.adopted.a.feature.calle
74de0	64 20 43 61 70 61 62 69 6c 69 74 79 20 4e 65 67 6f 74 69 61 74 69 6f 6e 2e 20 2a 62 67 70 64 2a	d.Capability.Negotiation..*bgpd*
74e00	20 75 73 65 20 74 68 69 73 20 43 61 70 61 62 69 6c 69 74 79 20 4e 65 67 6f 74 69 61 74 69 6f 6e	.use.this.Capability.Negotiation
74e20	20 74 6f 20 64 65 74 65 63 74 20 74 68 65 20 72 65 6d 6f 74 65 20 70 65 65 72 27 73 20 63 61 70	.to.detect.the.remote.peer's.cap
74e40	61 62 69 6c 69 74 69 65 73 2e 20 49 66 20 61 20 70 65 65 72 20 69 73 20 6f 6e 6c 79 20 63 6f 6e	abilities..If.a.peer.is.only.con
74e60	66 69 67 75 72 65 64 20 61 73 20 61 6e 20 49 50 76 34 20 75 6e 69 63 61 73 74 20 6e 65 69 67 68	figured.as.an.IPv4.unicast.neigh
74e80	62 6f 72 2c 20 2a 62 67 70 64 2a 20 64 6f 65 73 20 6e 6f 74 20 73 65 6e 64 20 74 68 65 73 65 20	bor,.*bgpd*.does.not.send.these.
74ea0	43 61 70 61 62 69 6c 69 74 79 20 4e 65 67 6f 74 69 61 74 69 6f 6e 20 70 61 63 6b 65 74 73 20 28	Capability.Negotiation.packets.(
74ec0	61 74 20 6c 65 61 73 74 20 6e 6f 74 20 75 6e 6c 65 73 73 20 6f 74 68 65 72 20 6f 70 74 69 6f 6e	at.least.not.unless.other.option
74ee0	61 6c 20 42 47 50 20 66 65 61 74 75 72 65 73 20 72 65 71 75 69 72 65 20 63 61 70 61 62 69 6c 69	al.BGP.features.require.capabili
74f00	74 79 20 6e 65 67 6f 74 69 61 74 69 6f 6e 29 2e 00 54 72 61 64 69 74 69 6f 6e 61 6c 6c 79 20 68	ty.negotiation)..Traditionally.h
74f20	61 72 64 77 61 72 65 20 72 6f 75 74 65 72 73 20 69 6d 70 6c 65 6d 65 6e 74 20 49 50 73 65 63 20	ardware.routers.implement.IPsec.
74f40	65 78 63 6c 75 73 69 76 65 6c 79 20 64 75 65 20 74 6f 20 72 65 6c 61 74 69 76 65 20 65 61 73 65	exclusively.due.to.relative.ease
74f60	20 6f 66 20 69 6d 70 6c 65 6d 65 6e 74 69 6e 67 20 69 74 20 69 6e 20 68 61 72 64 77 61 72 65 20	.of.implementing.it.in.hardware.
74f80	61 6e 64 20 69 6e 73 75 66 66 69 63 69 65 6e 74 20 43 50 55 20 70 6f 77 65 72 20 66 6f 72 20 64	and.insufficient.CPU.power.for.d
74fa0	6f 69 6e 67 20 65 6e 63 72 79 70 74 69 6f 6e 20 69 6e 20 73 6f 66 74 77 61 72 65 2e 20 53 69 6e	oing.encryption.in.software..Sin
74fc0	63 65 20 56 79 4f 53 20 69 73 20 61 20 73 6f 66 74 77 61 72 65 20 72 6f 75 74 65 72 2c 20 74 68	ce.VyOS.is.a.software.router,.th
74fe0	69 73 20 69 73 20 6c 65 73 73 20 6f 66 20 61 20 63 6f 6e 63 65 72 6e 2e 20 4f 70 65 6e 56 50 4e	is.is.less.of.a.concern..OpenVPN
75000	20 68 61 73 20 62 65 65 6e 20 77 69 64 65 6c 79 20 75 73 65 64 20 6f 6e 20 55 4e 49 58 20 70 6c	.has.been.widely.used.on.UNIX.pl
75020	61 74 66 6f 72 6d 20 66 6f 72 20 61 20 6c 6f 6e 67 20 74 69 6d 65 20 61 6e 64 20 69 73 20 61 20	atform.for.a.long.time.and.is.a.
75040	70 6f 70 75 6c 61 72 20 6f 70 74 69 6f 6e 20 66 6f 72 20 72 65 6d 6f 74 65 20 61 63 63 65 73 73	popular.option.for.remote.access
75060	20 56 50 4e 2c 20 74 68 6f 75 67 68 20 69 74 27 73 20 61 6c 73 6f 20 63 61 70 61 62 6c 65 20 6f	.VPN,.though.it's.also.capable.o
75080	66 20 73 69 74 65 2d 74 6f 2d 73 69 74 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 2e 00 54 72 61 66	f.site-to-site.connections..Traf
750a0	66 69 63 20 46 69 6c 74 65 72 73 00 54 72 61 66 66 69 63 20 46 69 6c 74 65 72 73 20 61 72 65 20	fic.Filters.Traffic.Filters.are.
750c0	75 73 65 64 20 74 6f 20 63 6f 6e 74 72 6f 6c 20 77 68 69 63 68 20 70 61 63 6b 65 74 73 20 77 69	used.to.control.which.packets.wi
750e0	6c 6c 20 68 61 76 65 20 74 68 65 20 64 65 66 69 6e 65 64 20 4e 41 54 20 72 75 6c 65 73 20 61 70	ll.have.the.defined.NAT.rules.ap
75100	70 6c 69 65 64 2e 20 46 69 76 65 20 64 69 66 66 65 72 65 6e 74 20 66 69 6c 74 65 72 73 20 63 61	plied..Five.different.filters.ca
75120	6e 20 62 65 20 61 70 70 6c 69 65 64 20 77 69 74 68 69 6e 20 61 20 4e 41 54 20 72 75 6c 65 2e 00	n.be.applied.within.a.NAT.rule..
75140	54 72 61 66 66 69 63 20 50 6f 6c 69 63 79 00 54 72 61 66 66 69 63 20 63 61 6e 6e 6f 74 20 66 6c	Traffic.Policy.Traffic.cannot.fl
75160	6f 77 20 62 65 74 77 65 65 6e 20 7a 6f 6e 65 20 6d 65 6d 62 65 72 20 69 6e 74 65 72 66 61 63 65	ow.between.zone.member.interface
75180	20 61 6e 64 20 61 6e 79 20 69 6e 74 65 72 66 61 63 65 20 74 68 61 74 20 69 73 20 6e 6f 74 20 61	.and.any.interface.that.is.not.a
751a0	20 7a 6f 6e 65 20 6d 65 6d 62 65 72 2e 00 54 72 61 66 66 69 63 20 66 72 6f 6d 20 6d 75 6c 74 69	.zone.member..Traffic.from.multi
751c0	63 61 73 74 20 73 6f 75 72 63 65 73 20 77 69 6c 6c 20 67 6f 20 74 6f 20 74 68 65 20 52 65 6e 64	cast.sources.will.go.to.the.Rend
751e0	65 7a 76 6f 75 73 20 50 6f 69 6e 74 2c 20 61 6e 64 20 72 65 63 65 69 76 65 72 73 20 77 69 6c 6c	ezvous.Point,.and.receivers.will
75200	20 70 75 6c 6c 20 69 74 20 66 72 6f 6d 20 61 20 73 68 61 72 65 64 20 74 72 65 65 20 75 73 69 6e	.pull.it.from.a.shared.tree.usin
75220	67 20 49 47 4d 50 20 28 49 6e 74 65 72 6e 65 74 20 47 72 6f 75 70 20 4d 61 6e 61 67 65 6d 65 6e	g.IGMP.(Internet.Group.Managemen
75240	74 20 50 72 6f 74 6f 63 6f 6c 29 2e 00 54 72 61 66 66 69 63 20 66 72 6f 6d 20 6d 75 6c 74 69 63	t.Protocol)..Traffic.from.multic
75260	61 73 74 20 73 6f 75 72 63 65 73 20 77 69 6c 6c 20 67 6f 20 74 6f 20 74 68 65 20 52 65 6e 64 65	ast.sources.will.go.to.the.Rende
75280	7a 76 6f 75 73 20 50 6f 69 6e 74 2c 20 61 6e 64 20 72 65 63 65 69 76 65 72 73 20 77 69 6c 6c 20	zvous.Point,.and.receivers.will.
752a0	70 75 6c 6c 20 69 74 20 66 72 6f 6d 20 61 20 73 68 61 72 65 64 20 74 72 65 65 20 75 73 69 6e 67	pull.it.from.a.shared.tree.using
752c0	20 4d 4c 44 20 28 4d 75 6c 74 69 63 61 73 74 20 4c 69 73 74 65 6e 65 72 20 44 69 73 63 6f 76 65	.MLD.(Multicast.Listener.Discove
752e0	72 79 29 2e 00 54 72 61 6e 73 69 74 69 6f 6e 20 73 63 72 69 70 74 73 00 54 72 61 6e 73 69 74 69	ry)..Transition.scripts.Transiti
75300	6f 6e 20 73 63 72 69 70 74 73 20 63 61 6e 20 68 65 6c 70 20 79 6f 75 20 69 6d 70 6c 65 6d 65 6e	on.scripts.can.help.you.implemen
75320	74 20 76 61 72 69 6f 75 73 20 66 69 78 75 70 73 2c 20 73 75 63 68 20 61 73 20 73 74 61 72 74 69	t.various.fixups,.such.as.starti
75340	6e 67 20 61 6e 64 20 73 74 6f 70 70 69 6e 67 20 73 65 72 76 69 63 65 73 2c 20 6f 72 20 65 76 65	ng.and.stopping.services,.or.eve
75360	6e 20 6d 6f 64 69 66 79 69 6e 67 20 74 68 65 20 56 79 4f 53 20 63 6f 6e 66 69 67 20 6f 6e 20 56	n.modifying.the.VyOS.config.on.V
75380	52 52 50 20 74 72 61 6e 73 69 74 69 6f 6e 2e 20 54 68 69 73 20 73 65 74 75 70 20 77 69 6c 6c 20	RRP.transition..This.setup.will.
753a0	6d 61 6b 65 20 74 68 65 20 56 52 52 50 20 70 72 6f 63 65 73 73 20 65 78 65 63 75 74 65 20 74 68	make.the.VRRP.process.execute.th
753c0	65 20 60 60 2f 63 6f 6e 66 69 67 2f 73 63 72 69 70 74 73 2f 76 72 72 70 2d 66 61 69 6c 2e 73 68	e.``/config/scripts/vrrp-fail.sh
753e0	60 60 20 77 69 74 68 20 61 72 67 75 6d 65 6e 74 20 60 60 46 6f 6f 60 60 20 77 68 65 6e 20 56 52	``.with.argument.``Foo``.when.VR
75400	52 50 20 66 61 69 6c 73 2c 20 61 6e 64 20 74 68 65 20 60 60 2f 63 6f 6e 66 69 67 2f 73 63 72 69	RP.fails,.and.the.``/config/scri
75420	70 74 73 2f 76 72 72 70 2d 6d 61 73 74 65 72 2e 73 68 60 60 20 77 68 65 6e 20 74 68 65 20 72 6f	pts/vrrp-master.sh``.when.the.ro
75440	75 74 65 72 20 62 65 63 6f 6d 65 73 20 74 68 65 20 6d 61 73 74 65 72 3a 00 54 72 61 6e 73 70 61	uter.becomes.the.master:.Transpa
75460	72 65 6e 74 20 50 72 6f 78 79 00 54 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 00 54 75 6e 69 6e	rent.Proxy.Troubleshooting.Tunin
75480	67 20 63 6f 6d 6d 61 6e 64 73 00 54 75 6e 6e 65 6c 00 54 75 6e 6e 65 6c 20 6b 65 79 73 00 54 77	g.commands.Tunnel.Tunnel.keys.Tw
754a0	6f 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 20 76 61 72 69 61 62 6c 65 73 20 61 72 65 20 61 76 61 69	o.environment.variables.are.avai
754c0	6c 61 62 6c 65 3a 00 54 77 6f 20 6e 65 77 20 66 69 6c 65 73 20 60 60 2f 63 6f 6e 66 69 67 2f 61	lable:.Two.new.files.``/config/a
754e0	75 74 68 2f 69 64 5f 72 73 61 5f 72 70 6b 69 60 60 20 61 6e 64 20 60 60 2f 63 6f 6e 66 69 67 2f	uth/id_rsa_rpki``.and.``/config/
75500	61 75 74 68 2f 69 64 5f 72 73 61 5f 72 70 6b 69 2e 70 75 62 60 60 20 77 69 6c 6c 20 62 65 20 63	auth/id_rsa_rpki.pub``.will.be.c
75520	72 65 61 74 65 64 2e 00 54 77 6f 20 72 6f 75 74 65 72 73 20 63 6f 6e 6e 65 63 74 65 64 20 62 6f	reated..Two.routers.connected.bo
75540	74 68 20 76 69 61 20 65 74 68 31 20 74 68 72 6f 75 67 68 20 61 6e 20 75 6e 74 72 75 73 74 65 64	th.via.eth1.through.an.untrusted
75560	20 73 77 69 74 63 68 00 54 79 70 65 20 6f 66 20 6d 65 74 72 69 63 73 20 67 72 6f 75 70 69 6e 67	.switch.Type.of.metrics.grouping
75580	20 77 68 65 6e 20 70 75 73 68 20 74 6f 20 41 7a 75 72 65 20 44 61 74 61 20 45 78 70 6c 6f 72 65	.when.push.to.Azure.Data.Explore
755a0	72 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 69 73 20 60 60 74 61 62 6c 65 2d 70 65 72 2d 6d 65	r..The.default.is.``table-per-me
755c0	74 72 69 63 60 60 2e 00 54 79 70 69 63 61 6c 6c 79 2c 20 61 20 31 2d 74 6f 2d 31 20 4e 41 54 20	tric``..Typically,.a.1-to-1.NAT.
755e0	72 75 6c 65 20 6f 6d 69 74 73 20 74 68 65 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 70 6f 72 74 20	rule.omits.the.destination.port.
75600	28 61 6c 6c 20 70 6f 72 74 73 29 20 61 6e 64 20 72 65 70 6c 61 63 65 73 20 74 68 65 20 70 72 6f	(all.ports).and.replaces.the.pro
75620	74 6f 63 6f 6c 20 77 69 74 68 20 65 69 74 68 65 72 20 2a 2a 61 6c 6c 2a 2a 20 6f 72 20 2a 2a 69	tocol.with.either.**all**.or.**i
75640	70 2a 2a 2e 00 55 44 50 20 42 72 6f 61 64 63 61 73 74 20 52 65 6c 61 79 00 55 44 50 20 6d 6f 64	p**..UDP.Broadcast.Relay.UDP.mod
75660	65 20 77 6f 72 6b 73 20 62 65 74 74 65 72 20 77 69 74 68 20 4e 41 54 3a 00 55 44 50 20 70 6f 72	e.works.better.with.NAT:.UDP.por
75680	74 20 31 37 30 31 20 66 6f 72 20 49 50 73 65 63 00 55 44 50 20 70 6f 72 74 20 34 35 30 30 20 28	t.1701.for.IPsec.UDP.port.4500.(
756a0	4e 41 54 2d 54 29 00 55 44 50 20 70 6f 72 74 20 35 30 30 20 28 49 4b 45 29 00 55 52 4c 20 46 69	NAT-T).UDP.port.500.(IKE).URL.Fi
756c0	6c 74 65 72 69 6e 67 20 69 73 20 70 72 6f 76 69 64 65 64 20 62 79 20 53 71 75 69 64 47 75 61 72	ltering.is.provided.by.SquidGuar
756e0	64 5f 2e 00 55 52 4c 20 66 69 6c 74 65 72 69 6e 67 00 55 52 4c 20 77 69 74 68 20 73 69 67 6e 61	d_..URL.filtering.URL.with.signa
75700	74 75 72 65 20 6f 66 20 6d 61 73 74 65 72 20 66 6f 72 20 61 75 74 68 20 72 65 70 6c 79 20 76 65	ture.of.master.for.auth.reply.ve
75720	72 69 66 69 63 61 74 69 6f 6e 00 55 53 42 20 74 6f 20 73 65 72 69 61 6c 20 63 6f 6e 76 65 72 74	rification.USB.to.serial.convert
75740	65 72 73 20 77 69 6c 6c 20 68 61 6e 64 6c 65 20 6d 6f 73 74 20 6f 66 20 74 68 65 69 72 20 77 6f	ers.will.handle.most.of.their.wo
75760	72 6b 20 69 6e 20 73 6f 66 74 77 61 72 65 20 73 6f 20 79 6f 75 20 73 68 6f 75 6c 64 20 62 65 20	rk.in.software.so.you.should.be.
75780	63 61 72 65 66 75 6c 6c 20 77 69 74 68 20 74 68 65 20 73 65 6c 65 63 74 65 64 20 62 61 75 64 72	carefull.with.the.selected.baudr
757a0	61 74 65 20 61 73 20 73 6f 6d 65 20 74 69 6d 65 73 20 74 68 65 79 20 63 61 6e 27 74 20 63 6f 70	ate.as.some.times.they.can't.cop
757c0	65 20 77 69 74 68 20 74 68 65 20 65 78 70 65 63 74 65 64 20 73 70 65 65 64 2e 00 55 55 43 50 20	e.with.the.expected.speed..UUCP.
757e0	73 75 62 73 79 73 74 65 6d 00 55 6e 69 63 61 73 74 00 55 6e 69 63 61 73 74 20 56 52 52 50 00 55	subsystem.Unicast.Unicast.VRRP.U
75800	6e 69 63 61 73 74 20 56 58 4c 41 4e 00 55 6e 69 74 20 6f 66 20 74 68 69 73 20 63 6f 6d 6d 61 6e	nicast.VXLAN.Unit.of.this.comman
75820	64 20 69 73 20 4d 42 2e 00 55 6e 69 74 73 00 55 70 20 74 6f 20 73 65 76 65 6e 20 71 75 65 75 65	d.is.MB..Units.Up.to.seven.queue
75840	73 20 2d 64 65 66 69 6e 65 64 20 61 73 20 63 6c 61 73 73 65 73 5f 20 77 69 74 68 20 64 69 66 66	s.-defined.as.classes_.with.diff
75860	65 72 65 6e 74 20 70 72 69 6f 72 69 74 69 65 73 2d 20 63 61 6e 20 62 65 20 63 6f 6e 66 69 67 75	erent.priorities-.can.be.configu
75880	72 65 64 2e 20 50 61 63 6b 65 74 73 20 61 72 65 20 70 6c 61 63 65 64 20 69 6e 74 6f 20 71 75 65	red..Packets.are.placed.into.que
758a0	75 65 73 20 62 61 73 65 64 20 6f 6e 20 61 73 73 6f 63 69 61 74 65 64 20 6d 61 74 63 68 20 63 72	ues.based.on.associated.match.cr
758c0	69 74 65 72 69 61 2e 20 50 61 63 6b 65 74 73 20 61 72 65 20 74 72 61 6e 73 6d 69 74 74 65 64 20	iteria..Packets.are.transmitted.
758e0	66 72 6f 6d 20 74 68 65 20 71 75 65 75 65 73 20 69 6e 20 70 72 69 6f 72 69 74 79 20 6f 72 64 65	from.the.queues.in.priority.orde
75900	72 2e 20 49 66 20 63 6c 61 73 73 65 73 20 77 69 74 68 20 61 20 68 69 67 68 65 72 20 70 72 69 6f	r..If.classes.with.a.higher.prio
75920	72 69 74 79 20 61 72 65 20 62 65 69 6e 67 20 66 69 6c 6c 65 64 20 77 69 74 68 20 70 61 63 6b 65	rity.are.being.filled.with.packe
75940	74 73 20 63 6f 6e 74 69 6e 75 6f 75 73 6c 79 2c 20 70 61 63 6b 65 74 73 20 66 72 6f 6d 20 6c 6f	ts.continuously,.packets.from.lo
75960	77 65 72 20 70 72 69 6f 72 69 74 79 20 63 6c 61 73 73 65 73 20 77 69 6c 6c 20 6f 6e 6c 79 20 62	wer.priority.classes.will.only.b
75980	65 20 74 72 61 6e 73 6d 69 74 74 65 64 20 61 66 74 65 72 20 74 72 61 66 66 69 63 20 76 6f 6c 75	e.transmitted.after.traffic.volu
759a0	6d 65 20 66 72 6f 6d 20 68 69 67 68 65 72 20 70 72 69 6f 72 69 74 79 20 63 6c 61 73 73 65 73 20	me.from.higher.priority.classes.
759c0	64 65 63 72 65 61 73 65 73 2e 00 55 70 64 61 74 65 00 55 70 64 61 74 65 20 63 6f 6e 74 61 69 6e	decreases..Update.Update.contain
759e0	65 72 20 69 6d 61 67 65 00 55 70 64 61 74 65 20 67 65 6f 69 70 20 64 61 74 61 62 61 73 65 00 55	er.image.Update.geoip.database.U
75a00	70 64 61 74 65 73 20 66 72 6f 6d 20 74 68 65 20 52 50 4b 49 20 63 61 63 68 65 20 73 65 72 76 65	pdates.from.the.RPKI.cache.serve
75a20	72 73 20 61 72 65 20 64 69 72 65 63 74 6c 79 20 61 70 70 6c 69 65 64 20 61 6e 64 20 70 61 74 68	rs.are.directly.applied.and.path
75a40	20 73 65 6c 65 63 74 69 6f 6e 20 69 73 20 75 70 64 61 74 65 64 20 61 63 63 6f 72 64 69 6e 67 6c	.selection.is.updated.accordingl
75a60	79 2e 20 28 53 6f 66 74 20 72 65 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6d 75 73 74 20 62 65	y..(Soft.reconfiguration.must.be
75a80	20 65 6e 61 62 6c 65 64 20 66 6f 72 20 74 68 69 73 20 74 6f 20 77 6f 72 6b 29 2e 00 55 70 6c 6f	.enabled.for.this.to.work)..Uplo
75aa0	61 64 20 62 61 6e 64 77 69 64 74 68 20 6c 69 6d 69 74 20 69 6e 20 6b 62 69 74 2f 73 20 66 6f 72	ad.bandwidth.limit.in.kbit/s.for
75ac0	20 60 3c 75 73 65 72 3e 60 2e 00 55 70 6f 6e 20 72 65 63 65 70 74 69 6f 6e 20 6f 66 20 61 6e 20	.`<user>`..Upon.reception.of.an.
75ae0	69 6e 63 6f 6d 69 6e 67 20 70 61 63 6b 65 74 2c 20 77 68 65 6e 20 61 20 72 65 73 70 6f 6e 73 65	incoming.packet,.when.a.response
75b00	20 69 73 20 73 65 6e 74 2c 20 69 74 20 6d 69 67 68 74 20 62 65 20 64 65 73 69 72 65 64 20 74 6f	.is.sent,.it.might.be.desired.to
75b20	20 65 6e 73 75 72 65 20 74 68 61 74 20 69 74 20 6c 65 61 76 65 73 20 66 72 6f 6d 20 74 68 65 20	.ensure.that.it.leaves.from.the.
75b40	73 61 6d 65 20 69 6e 74 65 72 66 61 63 65 20 61 73 20 74 68 65 20 69 6e 62 6f 75 6e 64 20 6f 6e	same.interface.as.the.inbound.on
75b60	65 2e 20 54 68 69 73 20 63 61 6e 20 62 65 20 61 63 68 69 65 76 65 64 20 62 79 20 65 6e 61 62 6c	e..This.can.be.achieved.by.enabl
75b80	69 6e 67 20 73 74 69 63 6b 79 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 69 6e 20 74 68 65 20 6c 6f	ing.sticky.connections.in.the.lo
75ba0	61 64 20 62 61 6c 61 6e 63 69 6e 67 3a 00 55 70 6f 6e 20 73 68 75 74 64 6f 77 6e 2c 20 74 68 69	ad.balancing:.Upon.shutdown,.thi
75bc0	73 20 6f 70 74 69 6f 6e 20 77 69 6c 6c 20 64 65 70 72 65 63 61 74 65 20 74 68 65 20 70 72 65 66	s.option.will.deprecate.the.pref
75be0	69 78 20 62 79 20 61 6e 6e 6f 75 6e 63 69 6e 67 20 69 74 20 69 6e 20 74 68 65 20 73 68 75 74 64	ix.by.announcing.it.in.the.shutd
75c00	6f 77 6e 20 52 41 00 55 73 65 20 38 30 32 2e 31 31 6e 20 70 72 6f 74 6f 63 6f 6c 00 55 73 65 20	own.RA.Use.802.11n.protocol.Use.
75c20	44 79 6e 44 4e 53 20 61 73 20 79 6f 75 72 20 70 72 65 66 65 72 72 65 64 20 70 72 6f 76 69 64 65	DynDNS.as.your.preferred.provide
75c40	72 3a 00 55 73 65 20 54 4c 53 20 62 75 74 20 73 6b 69 70 20 68 6f 73 74 20 76 61 6c 69 64 61 74	r:.Use.TLS.but.skip.host.validat
75c60	69 6f 6e 00 55 73 65 20 54 4c 53 20 65 6e 63 72 79 70 74 69 6f 6e 2e 00 55 73 65 20 60 3c 73 75	ion.Use.TLS.encryption..Use.`<su
75c80	62 6e 65 74 3e 60 20 61 73 20 74 68 65 20 49 50 20 70 6f 6f 6c 20 66 6f 72 20 61 6c 6c 20 63 6f	bnet>`.as.the.IP.pool.for.all.co
75ca0	6e 6e 65 63 74 69 6e 67 20 63 6c 69 65 6e 74 73 2e 00 55 73 65 20 60 60 73 68 6f 77 20 6c 6f 67	nnecting.clients..Use.``show.log
75cc0	20 7c 20 73 74 72 69 70 2d 70 72 69 76 61 74 65 60 60 20 69 66 20 79 6f 75 20 77 61 6e 74 20 74	.|.strip-private``.if.you.want.t
75ce0	6f 20 68 69 64 65 20 70 72 69 76 61 74 65 20 64 61 74 61 20 77 68 65 6e 20 73 68 61 72 69 6e 67	o.hide.private.data.when.sharing
75d00	20 79 6f 75 72 20 6c 6f 67 73 2e 00 55 73 65 20 60 64 65 6c 65 74 65 20 73 79 73 74 65 6d 20 63	.your.logs..Use.`delete.system.c
75d20	6f 6e 6e 74 72 61 63 6b 20 6d 6f 64 75 6c 65 73 60 20 74 6f 20 64 65 61 63 74 69 76 65 20 61 6c	onntrack.modules`.to.deactive.al
75d40	6c 20 6d 6f 64 75 6c 65 73 2e 00 55 73 65 20 61 20 70 65 72 73 69 73 74 65 6e 74 20 4c 44 41 50	l.modules..Use.a.persistent.LDAP
75d60	20 63 6f 6e 6e 65 63 74 69 6f 6e 2e 20 4e 6f 72 6d 61 6c 6c 79 20 74 68 65 20 4c 44 41 50 20 63	.connection..Normally.the.LDAP.c
75d80	6f 6e 6e 65 63 74 69 6f 6e 20 69 73 20 6f 6e 6c 79 20 6f 70 65 6e 20 77 68 69 6c 65 20 76 61 6c	onnection.is.only.open.while.val
75da0	69 64 61 74 69 6e 67 20 61 20 75 73 65 72 6e 61 6d 65 20 74 6f 20 70 72 65 73 65 72 76 65 20 72	idating.a.username.to.preserve.r
75dc0	65 73 6f 75 72 63 65 73 20 61 74 20 74 68 65 20 4c 44 41 50 20 73 65 72 76 65 72 2e 20 54 68 69	esources.at.the.LDAP.server..Thi
75de0	73 20 6f 70 74 69 6f 6e 20 63 61 75 73 65 73 20 74 68 65 20 4c 44 41 50 20 63 6f 6e 6e 65 63 74	s.option.causes.the.LDAP.connect
75e00	69 6f 6e 20 74 6f 20 62 65 20 6b 65 70 74 20 6f 70 65 6e 2c 20 61 6c 6c 6f 77 69 6e 67 20 69 74	ion.to.be.kept.open,.allowing.it
75e20	20 74 6f 20 62 65 20 72 65 75 73 65 64 20 66 6f 72 20 66 75 72 74 68 65 72 20 75 73 65 72 20 76	.to.be.reused.for.further.user.v
75e40	61 6c 69 64 61 74 69 6f 6e 73 2e 00 55 73 65 20 61 20 73 70 65 63 69 66 69 63 20 61 64 64 72 65	alidations..Use.a.specific.addre
75e60	73 73 2d 67 72 6f 75 70 2e 20 50 72 65 70 65 6e 64 20 63 68 61 72 61 63 74 65 72 20 60 60 21 60	ss-group..Prepend.character.``!`
75e80	60 20 66 6f 72 20 69 6e 76 65 72 74 65 64 20 6d 61 74 63 68 69 6e 67 20 63 72 69 74 65 72 69 61	`.for.inverted.matching.criteria
75ea0	2e 00 55 73 65 20 61 20 73 70 65 63 69 66 69 63 20 64 6f 6d 61 69 6e 2d 67 72 6f 75 70 2e 20 50	..Use.a.specific.domain-group..P
75ec0	72 65 70 65 6e 64 20 63 68 61 72 61 63 74 65 72 20 60 60 21 60 60 20 66 6f 72 20 69 6e 76 65 72	repend.character.``!``.for.inver
75ee0	74 65 64 20 6d 61 74 63 68 69 6e 67 20 63 72 69 74 65 72 69 61 2e 00 55 73 65 20 61 20 73 70 65	ted.matching.criteria..Use.a.spe
75f00	63 69 66 69 63 20 6d 61 63 2d 67 72 6f 75 70 2e 20 50 72 65 70 65 6e 64 20 63 68 61 72 61 63 74	cific.mac-group..Prepend.charact
75f20	65 72 20 60 60 21 60 60 20 66 6f 72 20 69 6e 76 65 72 74 65 64 20 6d 61 74 63 68 69 6e 67 20 63	er.``!``.for.inverted.matching.c
75f40	72 69 74 65 72 69 61 2e 00 55 73 65 20 61 20 73 70 65 63 69 66 69 63 20 6e 65 74 77 6f 72 6b 2d	riteria..Use.a.specific.network-
75f60	67 72 6f 75 70 2e 20 50 72 65 70 65 6e 64 20 63 68 61 72 61 63 74 65 72 20 60 60 21 60 60 20 66	group..Prepend.character.``!``.f
75f80	6f 72 20 69 6e 76 65 72 74 65 64 20 6d 61 74 63 68 69 6e 67 20 63 72 69 74 65 72 69 61 2e 00 55	or.inverted.matching.criteria..U
75fa0	73 65 20 61 20 73 70 65 63 69 66 69 63 20 70 6f 72 74 2d 67 72 6f 75 70 2e 20 50 72 65 70 65 6e	se.a.specific.port-group..Prepen
75fc0	64 20 63 68 61 72 61 63 74 65 72 20 60 60 21 60 60 20 66 6f 72 20 69 6e 76 65 72 74 65 64 20 6d	d.character.``!``.for.inverted.m
75fe0	61 74 63 68 69 6e 67 20 63 72 69 74 65 72 69 61 2e 00 55 73 65 20 61 64 64 72 65 73 73 20 60 6d	atching.criteria..Use.address.`m
76000	61 73 71 75 65 72 61 64 65 60 20 28 74 68 65 20 69 6e 74 65 72 66 61 63 65 73 20 70 72 69 6d 61	asquerade`.(the.interfaces.prima
76020	72 79 20 61 64 64 72 65 73 73 29 20 6f 6e 20 72 75 6c 65 20 33 30 00 55 73 65 20 61 6e 20 61 75	ry.address).on.rule.30.Use.an.au
76040	74 6f 6d 61 74 69 63 61 6c 6c 79 20 67 65 6e 65 72 61 74 65 64 20 73 65 6c 66 2d 73 69 67 6e 65	tomatically.generated.self-signe
76060	64 20 63 65 72 74 69 66 69 63 61 74 65 00 55 73 65 20 61 6e 79 20 6c 6f 63 61 6c 20 61 64 64 72	d.certificate.Use.any.local.addr
76080	65 73 73 2c 20 63 6f 6e 66 69 67 75 72 65 64 20 6f 6e 20 61 6e 79 20 69 6e 74 65 72 66 61 63 65	ess,.configured.on.any.interface
760a0	20 69 66 20 74 68 69 73 20 69 73 20 6e 6f 74 20 73 65 74 2e 00 55 73 65 20 61 75 74 68 20 6b 65	.if.this.is.not.set..Use.auth.ke
760c0	79 20 66 69 6c 65 20 61 74 20 60 60 2f 63 6f 6e 66 69 67 2f 61 75 74 68 2f 6d 79 2e 6b 65 79 60	y.file.at.``/config/auth/my.key`
760e0	60 00 55 73 65 20 63 6f 6e 66 69 67 75 72 65 64 20 60 3c 75 72 6c 3e 60 20 74 6f 20 64 65 74 65	`.Use.configured.`<url>`.to.dete
76100	72 6d 69 6e 65 20 79 6f 75 72 20 49 50 20 61 64 64 72 65 73 73 2e 20 64 64 63 6c 69 65 6e 74 5f	rmine.your.IP.address..ddclient_
76120	20 77 69 6c 6c 20 6c 6f 61 64 20 60 3c 75 72 6c 3e 60 20 61 6e 64 20 74 72 69 65 73 20 74 6f 20	.will.load.`<url>`.and.tries.to.
76140	65 78 74 72 61 63 74 20 79 6f 75 72 20 49 50 20 61 64 64 72 65 73 73 20 66 72 6f 6d 20 74 68 65	extract.your.IP.address.from.the
76160	20 72 65 73 70 6f 6e 73 65 2e 00 55 73 65 20 69 6e 76 65 72 73 65 2d 6d 61 74 63 68 20 74 6f 20	.response..Use.inverse-match.to.
76180	6d 61 74 63 68 20 61 6e 79 74 68 69 6e 67 20 65 78 63 65 70 74 20 74 68 65 20 67 69 76 65 6e 20	match.anything.except.the.given.
761a0	63 6f 75 6e 74 72 79 2d 63 6f 64 65 73 2e 00 55 73 65 20 6c 6f 63 61 6c 20 73 6f 63 6b 65 74 20	country-codes..Use.local.socket.
761c0	66 6f 72 20 41 50 49 00 55 73 65 20 6c 6f 63 61 6c 20 75 73 65 72 20 60 66 6f 6f 60 20 77 69 74	for.API.Use.local.user.`foo`.wit
761e0	68 20 70 61 73 73 77 6f 72 64 20 60 62 61 72 60 00 55 73 65 20 74 61 62 20 63 6f 6d 70 6c 65 74	h.password.`bar`.Use.tab.complet
76200	69 6f 6e 20 74 6f 20 67 65 74 20 61 20 6c 69 73 74 20 6f 66 20 63 61 74 65 67 6f 72 69 65 73 2e	ion.to.get.a.list.of.categories.
76220	00 55 73 65 20 74 68 65 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 73 70 65 63 69 66 69 65	.Use.the.address.of.the.specifie
76240	64 20 69 6e 74 65 72 66 61 63 65 20 6f 6e 20 74 68 65 20 6c 6f 63 61 6c 20 6d 61 63 68 69 6e 65	d.interface.on.the.local.machine
76260	20 61 73 20 74 68 65 20 73 6f 75 72 63 65 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 63 6f	.as.the.source.address.of.the.co
76280	6e 6e 65 63 74 69 6f 6e 2e 00 55 73 65 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 74 6f 70 6f	nnection..Use.the.following.topo
762a0	6c 6f 67 79 20 74 6f 20 62 75 69 6c 64 20 61 20 6e 61 74 36 36 20 62 61 73 65 64 20 69 73 6f 6c	logy.to.build.a.nat66.based.isol
762c0	61 74 65 64 20 6e 65 74 77 6f 72 6b 20 62 65 74 77 65 65 6e 20 69 6e 74 65 72 6e 61 6c 20 61 6e	ated.network.between.internal.an
762e0	64 20 65 78 74 65 72 6e 61 6c 20 6e 65 74 77 6f 72 6b 73 20 28 64 79 6e 61 6d 69 63 20 70 72 65	d.external.networks.(dynamic.pre
76300	66 69 78 20 69 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 29 3a 00 55 73 65 20 74 68 65 20 73	fix.is.not.supported):.Use.the.s
76320	70 65 63 69 66 69 65 64 20 61 64 64 72 65 73 73 20 6f 6e 20 74 68 65 20 6c 6f 63 61 6c 20 6d 61	pecified.address.on.the.local.ma
76340	63 68 69 6e 65 20 61 73 20 74 68 65 20 73 6f 75 72 63 65 20 61 64 64 72 65 73 73 20 6f 66 20 74	chine.as.the.source.address.of.t
76360	68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 2e 20 4f 6e 6c 79 20 75 73 65 66 75 6c 20 6f 6e 20 73 79	he.connection..Only.useful.on.sy
76380	73 74 65 6d 73 20 77 69 74 68 20 6d 6f 72 65 20 74 68 61 6e 20 6f 6e 65 20 61 64 64 72 65 73 73	stems.with.more.than.one.address
763a0	2e 00 55 73 65 20 74 68 65 73 65 20 63 6f 6d 6d 61 6e 64 73 20 69 66 20 79 6f 75 20 77 6f 75 6c	..Use.these.commands.if.you.woul
763c0	64 20 6c 69 6b 65 20 74 6f 20 73 65 74 20 74 68 65 20 64 69 73 63 6f 76 65 72 79 20 68 65 6c 6c	d.like.to.set.the.discovery.hell
763e0	6f 20 61 6e 64 20 68 6f 6c 64 20 74 69 6d 65 20 70 61 72 61 6d 65 74 65 72 73 20 66 6f 72 20 74	o.and.hold.time.parameters.for.t
76400	68 65 20 74 61 72 67 65 74 65 64 20 4c 44 50 20 6e 65 69 67 68 62 6f 72 73 2e 00 55 73 65 20 74	he.targeted.LDP.neighbors..Use.t
76420	68 65 73 65 20 63 6f 6d 6d 61 6e 64 73 20 69 66 20 79 6f 75 20 77 6f 75 6c 64 20 6c 69 6b 65 20	hese.commands.if.you.would.like.
76440	74 6f 20 73 65 74 20 74 68 65 20 64 69 73 63 6f 76 65 72 79 20 68 65 6c 6c 6f 20 61 6e 64 20 68	to.set.the.discovery.hello.and.h
76460	6f 6c 64 20 74 69 6d 65 20 70 61 72 61 6d 65 74 65 72 73 2e 00 55 73 65 20 74 68 65 73 65 20 63	old.time.parameters..Use.these.c
76480	6f 6d 6d 61 6e 64 73 20 74 6f 20 63 6f 6e 74 72 6f 6c 20 74 68 65 20 65 78 70 6f 72 74 69 6e 67	ommands.to.control.the.exporting
764a0	20 6f 66 20 66 6f 72 77 61 72 64 69 6e 67 20 65 71 75 69 76 61 6c 65 6e 63 65 20 63 6c 61 73 73	.of.forwarding.equivalence.class
764c0	65 73 20 28 46 45 43 73 29 20 66 6f 72 20 4c 44 50 20 74 6f 20 6e 65 69 67 68 62 6f 72 73 2e 20	es.(FECs).for.LDP.to.neighbors..
764e0	54 68 69 73 20 77 6f 75 6c 64 20 62 65 20 75 73 65 66 75 6c 20 66 6f 72 20 65 78 61 6d 70 6c 65	This.would.be.useful.for.example
76500	20 6f 6e 20 6f 6e 6c 79 20 61 6e 6e 6f 75 6e 63 69 6e 67 20 74 68 65 20 6c 61 62 65 6c 65 64 20	.on.only.announcing.the.labeled.
76520	72 6f 75 74 65 73 20 74 68 61 74 20 61 72 65 20 6e 65 65 64 65 64 20 61 6e 64 20 6e 6f 74 20 6f	routes.that.are.needed.and.not.o
76540	6e 65 73 20 74 68 61 74 20 61 72 65 20 6e 6f 74 20 6e 65 65 64 65 64 2c 20 73 75 63 68 20 61 73	nes.that.are.not.needed,.such.as
76560	20 61 6e 6e 6f 75 6e 63 69 6e 67 20 6c 6f 6f 70 62 61 63 6b 20 69 6e 74 65 72 66 61 63 65 73 20	.announcing.loopback.interfaces.
76580	61 6e 64 20 6e 6f 20 6f 74 68 65 72 73 2e 00 55 73 65 20 74 68 65 73 65 20 63 6f 6d 6d 61 6e 64	and.no.others..Use.these.command
765a0	73 20 74 6f 20 63 6f 6e 74 72 6f 6c 20 74 68 65 20 69 6d 70 6f 72 74 69 6e 67 20 6f 66 20 66 6f	s.to.control.the.importing.of.fo
765c0	72 77 61 72 64 69 6e 67 20 65 71 75 69 76 61 6c 65 6e 63 65 20 63 6c 61 73 73 65 73 20 28 46 45	rwarding.equivalence.classes.(FE
765e0	43 73 29 20 66 6f 72 20 4c 44 50 20 66 72 6f 6d 20 6e 65 69 67 68 62 6f 72 73 2e 20 54 68 69 73	Cs).for.LDP.from.neighbors..This
76600	20 77 6f 75 6c 64 20 62 65 20 75 73 65 66 75 6c 20 66 6f 72 20 65 78 61 6d 70 6c 65 20 6f 6e 20	.would.be.useful.for.example.on.
76620	6f 6e 6c 79 20 61 63 63 65 70 74 69 6e 67 20 74 68 65 20 6c 61 62 65 6c 65 64 20 72 6f 75 74 65	only.accepting.the.labeled.route
76640	73 20 74 68 61 74 20 61 72 65 20 6e 65 65 64 65 64 20 61 6e 64 20 6e 6f 74 20 6f 6e 65 73 20 74	s.that.are.needed.and.not.ones.t
76660	68 61 74 20 61 72 65 20 6e 6f 74 20 6e 65 65 64 65 64 2c 20 73 75 63 68 20 61 73 20 61 63 63 65	hat.are.not.needed,.such.as.acce
76680	70 74 69 6e 67 20 6c 6f 6f 70 62 61 63 6b 20 69 6e 74 65 72 66 61 63 65 73 20 61 6e 64 20 72 65	pting.loopback.interfaces.and.re
766a0	6a 65 63 74 69 6e 67 20 61 6c 6c 20 6f 74 68 65 72 73 2e 00 55 73 65 20 74 68 69 73 20 50 49 4d	jecting.all.others..Use.this.PIM
766c0	20 63 6f 6d 6d 61 6e 64 20 69 6e 20 74 68 65 20 73 65 6c 65 63 74 65 64 20 69 6e 74 65 72 66 61	.command.in.the.selected.interfa
766e0	63 65 20 74 6f 20 73 65 74 20 74 68 65 20 70 72 69 6f 72 69 74 79 20 28 31 2d 34 32 39 34 39 36	ce.to.set.the.priority.(1-429496
76700	37 32 39 35 29 20 79 6f 75 20 77 61 6e 74 20 74 6f 20 69 6e 66 6c 75 65 6e 63 65 20 69 6e 20 74	7295).you.want.to.influence.in.t
76720	68 65 20 65 6c 65 63 74 69 6f 6e 20 6f 66 20 61 20 6e 6f 64 65 20 74 6f 20 62 65 63 6f 6d 65 20	he.election.of.a.node.to.become.
76740	74 68 65 20 44 65 73 69 67 6e 61 74 65 64 20 52 6f 75 74 65 72 20 66 6f 72 20 61 20 4c 41 4e 20	the.Designated.Router.for.a.LAN.
76760	73 65 67 6d 65 6e 74 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 70 72 69 6f 72 69 74 79 20 69 73	segment..The.default.priority.is
76780	20 31 2c 20 73 65 74 20 61 20 20 68 69 67 68 65 72 20 76 61 6c 75 65 20 74 6f 20 67 69 76 65 20	.1,.set.a..higher.value.to.give.
767a0	74 68 65 20 72 6f 75 74 65 72 20 6d 6f 72 65 20 70 72 65 66 65 72 65 6e 63 65 20 69 6e 20 74 68	the.router.more.preference.in.th
767c0	65 20 44 52 20 65 6c 65 63 74 69 6f 6e 20 70 72 6f 63 65 73 73 2e 00 55 73 65 20 74 68 69 73 20	e.DR.election.process..Use.this.
767e0	50 49 4d 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 6d 6f 64 69 66 79 20 74 68 65 20 74 69 6d 65 20 6f	PIM.command.to.modify.the.time.o
76800	75 74 20 76 61 6c 75 65 20 28 33 31 2d 36 30 30 30 30 20 73 65 63 6f 6e 64 73 29 20 66 6f 72 20	ut.value.(31-60000.seconds).for.
76820	61 6e 20 60 28 53 2c 47 29 20 3c 68 74 74 70 73 3a 2f 2f 74 6f 6f 6c 73 2e 69 65 74 66 2e 6f 72	an.`(S,G).<https://tools.ietf.or
76840	67 2f 68 74 6d 6c 2f 72 66 63 37 37 36 31 23 73 65 63 74 69 6f 6e 2d 34 2e 31 3e 60 5f 20 66 6c	g/html/rfc7761#section-4.1>`_.fl
76860	6f 77 2e 20 33 31 20 73 65 63 6f 6e 64 73 20 69 73 20 63 68 6f 73 65 6e 20 66 6f 72 20 61 20 6c	ow..31.seconds.is.chosen.for.a.l
76880	6f 77 65 72 20 62 6f 75 6e 64 20 61 73 20 73 6f 6d 65 20 68 61 72 64 77 61 72 65 20 70 6c 61 74	ower.bound.as.some.hardware.plat
768a0	66 6f 72 6d 73 20 63 61 6e 6e 6f 74 20 73 65 65 20 64 61 74 61 20 66 6c 6f 77 69 6e 67 20 69 6e	forms.cannot.see.data.flowing.in
768c0	20 62 65 74 74 65 72 20 74 68 61 6e 20 33 30 20 73 65 63 6f 6e 64 73 20 63 68 75 6e 6b 73 2e 00	.better.than.30.seconds.chunks..
768e0	55 73 65 20 74 68 69 73 20 63 6f 6d 61 6e 64 20 74 6f 20 73 65 74 20 74 68 65 20 49 50 76 36 20	Use.this.comand.to.set.the.IPv6.
76900	61 64 64 72 65 73 73 20 70 6f 6f 6c 20 66 72 6f 6d 20 77 68 69 63 68 20 61 20 50 50 50 6f 45 20	address.pool.from.which.a.PPPoE.
76920	63 6c 69 65 6e 74 20 77 69 6c 6c 20 67 65 74 20 61 6e 20 49 50 76 36 20 70 72 65 66 69 78 20 6f	client.will.get.an.IPv6.prefix.o
76940	66 20 79 6f 75 72 20 64 65 66 69 6e 65 64 20 6c 65 6e 67 74 68 20 28 6d 61 73 6b 29 20 74 6f 20	f.your.defined.length.(mask).to.
76960	74 65 72 6d 69 6e 61 74 65 20 74 68 65 20 50 50 50 6f 45 20 65 6e 64 70 6f 69 6e 74 20 61 74 20	terminate.the.PPPoE.endpoint.at.
76980	74 68 65 69 72 20 73 69 64 65 2e 20 54 68 65 20 6d 61 73 6b 20 6c 65 6e 67 74 68 20 63 61 6e 20	their.side..The.mask.length.can.
769a0	62 65 20 73 65 74 20 66 72 6f 6d 20 34 38 20 74 6f 20 31 32 38 20 62 69 74 20 6c 6f 6e 67 2c 20	be.set.from.48.to.128.bit.long,.
769c0	74 68 65 20 64 65 66 61 75 6c 74 20 76 61 6c 75 65 20 69 73 20 36 34 2e 00 55 73 65 20 74 68 69	the.default.value.is.64..Use.thi
769e0	73 20 63 6f 6d 61 6e 64 20 74 6f 20 73 65 74 20 74 68 65 20 49 50 76 36 20 61 64 64 72 65 73 73	s.comand.to.set.the.IPv6.address
76a00	20 70 6f 6f 6c 20 66 72 6f 6d 20 77 68 69 63 68 20 61 6e 20 53 53 54 50 20 63 6c 69 65 6e 74 20	.pool.from.which.an.SSTP.client.
76a20	77 69 6c 6c 20 67 65 74 20 61 6e 20 49 50 76 36 20 70 72 65 66 69 78 20 6f 66 20 79 6f 75 72 20	will.get.an.IPv6.prefix.of.your.
76a40	64 65 66 69 6e 65 64 20 6c 65 6e 67 74 68 20 28 6d 61 73 6b 29 20 74 6f 20 74 65 72 6d 69 6e 61	defined.length.(mask).to.termina
76a60	74 65 20 74 68 65 20 53 53 54 50 20 65 6e 64 70 6f 69 6e 74 20 61 74 20 74 68 65 69 72 20 73 69	te.the.SSTP.endpoint.at.their.si
76a80	64 65 2e 20 54 68 65 20 6d 61 73 6b 20 6c 65 6e 67 74 68 20 63 61 6e 20 62 65 20 73 65 74 20 66	de..The.mask.length.can.be.set.f
76aa0	72 6f 6d 20 34 38 20 74 6f 20 31 32 38 20 62 69 74 20 6c 6f 6e 67 2c 20 74 68 65 20 64 65 66 61	rom.48.to.128.bit.long,.the.defa
76ac0	75 6c 74 20 76 61 6c 75 65 20 69 73 20 36 34 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e	ult.value.is.64..Use.this.comman
76ae0	64 20 66 6f 72 20 65 76 65 72 79 20 70 6f 6f 6c 20 6f 66 20 63 6c 69 65 6e 74 20 49 50 20 61 64	d.for.every.pool.of.client.IP.ad
76b00	64 72 65 73 73 65 73 20 79 6f 75 20 77 61 6e 74 20 74 6f 20 64 65 66 69 6e 65 2e 20 54 68 65 20	dresses.you.want.to.define..The.
76b20	61 64 64 72 65 73 73 65 73 20 6f 66 20 74 68 69 73 20 70 6f 6f 6c 20 77 69 6c 6c 20 62 65 20 67	addresses.of.this.pool.will.be.g
76b40	69 76 65 6e 20 74 6f 20 50 50 50 6f 45 20 63 6c 69 65 6e 74 73 2e 20 59 6f 75 20 6d 75 73 74 20	iven.to.PPPoE.clients..You.must.
76b60	75 73 65 20 43 49 44 52 20 6e 6f 74 61 74 69 6f 6e 20 61 6e 64 20 69 74 20 6d 75 73 74 20 62 65	use.CIDR.notation.and.it.must.be
76b80	20 77 69 74 68 69 6e 20 61 20 2f 32 34 20 73 75 62 6e 65 74 2e 00 55 73 65 20 74 68 69 73 20 63	.within.a./24.subnet..Use.this.c
76ba0	6f 6d 6d 61 6e 64 20 66 6f 72 20 65 76 65 72 79 20 70 6f 6f 6c 20 6f 66 20 63 6c 69 65 6e 74 20	ommand.for.every.pool.of.client.
76bc0	49 50 20 61 64 64 72 65 73 73 65 73 20 79 6f 75 20 77 61 6e 74 20 74 6f 20 64 65 66 69 6e 65 2e	IP.addresses.you.want.to.define.
76be0	20 54 68 65 20 61 64 64 72 65 73 73 65 73 20 6f 66 20 74 68 69 73 20 70 6f 6f 6c 20 77 69 6c 6c	.The.addresses.of.this.pool.will
76c00	20 62 65 20 67 69 76 65 6e 20 74 6f 20 50 50 50 6f 45 20 63 6c 69 65 6e 74 73 2e 20 59 6f 75 20	.be.given.to.PPPoE.clients..You.
76c20	6d 75 73 74 20 75 73 65 20 43 49 44 52 20 6e 6f 74 61 74 69 6f 6e 2e 00 55 73 65 20 74 68 69 73	must.use.CIDR.notation..Use.this
76c40	20 63 6f 6d 6d 61 6e 64 20 69 66 20 79 6f 75 20 77 6f 75 6c 64 20 6c 69 6b 65 20 66 6f 72 20 74	.command.if.you.would.like.for.t
76c60	68 65 20 72 6f 75 74 65 72 20 74 6f 20 61 64 76 65 72 74 69 73 65 20 46 45 43 73 20 77 69 74 68	he.router.to.advertise.FECs.with
76c80	20 61 20 6c 61 62 65 6c 20 6f 66 20 30 20 66 6f 72 20 65 78 70 6c 69 63 69 74 20 6e 75 6c 6c 20	.a.label.of.0.for.explicit.null.
76ca0	6f 70 65 72 61 74 69 6f 6e 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 69 66 20	operations..Use.this.command.if.
76cc0	79 6f 75 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 6f 20 63 6f 6e 74 72 6f 6c 20 74 68 65 20 6c 6f	you.would.like.to.control.the.lo
76ce0	63 61 6c 20 46 45 43 20 61 6c 6c 6f 63 61 74 69 6f 6e 73 20 66 6f 72 20 4c 44 50 2e 20 41 20 67	cal.FEC.allocations.for.LDP..A.g
76d00	6f 6f 64 20 65 78 61 6d 70 6c 65 20 77 6f 75 6c 64 20 62 65 20 66 6f 72 20 79 6f 75 72 20 6c 6f	ood.example.would.be.for.your.lo
76d20	63 61 6c 20 72 6f 75 74 65 72 20 74 6f 20 6e 6f 74 20 61 6c 6c 6f 63 61 74 65 20 61 20 6c 61 62	cal.router.to.not.allocate.a.lab
76d40	65 6c 20 66 6f 72 20 65 76 65 72 79 74 68 69 6e 67 2e 20 4a 75 73 74 20 61 20 6c 61 62 65 6c 20	el.for.everything..Just.a.label.
76d60	66 6f 72 20 77 68 61 74 20 69 74 27 73 20 75 73 65 66 75 6c 2e 20 41 20 67 6f 6f 64 20 65 78 61	for.what.it's.useful..A.good.exa
76d80	6d 70 6c 65 20 77 6f 75 6c 64 20 62 65 20 6a 75 73 74 20 61 20 6c 6f 6f 70 62 61 63 6b 20 6c 61	mple.would.be.just.a.loopback.la
76da0	62 65 6c 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 69 66 20 79 6f 75 20 77 6f 75	bel..Use.this.command.if.you.wou
76dc0	6c 64 20 6c 69 6b 65 20 74 6f 20 73 65 74 20 74 68 65 20 54 43 50 20 73 65 73 73 69 6f 6e 20 68	ld.like.to.set.the.TCP.session.h
76de0	6f 6c 64 20 74 69 6d 65 20 69 6e 74 65 72 76 61 6c 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d	old.time.intervals..Use.this.com
76e00	6d 61 6e 64 20 74 6f 20 61 6c 6c 6f 77 20 74 68 65 20 73 65 6c 65 63 74 65 64 20 69 6e 74 65 72	mand.to.allow.the.selected.inter
76e20	66 61 63 65 20 74 6f 20 6a 6f 69 6e 20 61 20 6d 75 6c 74 69 63 61 73 74 20 67 72 6f 75 70 20 64	face.to.join.a.multicast.group.d
76e40	65 66 69 6e 69 6e 67 20 74 68 65 20 6d 75 6c 74 69 63 61 73 74 20 61 64 64 72 65 73 73 20 79 6f	efining.the.multicast.address.yo
76e60	75 20 77 61 6e 74 20 74 6f 20 6a 6f 69 6e 20 61 6e 64 20 74 68 65 20 73 6f 75 72 63 65 20 49 50	u.want.to.join.and.the.source.IP
76e80	20 61 64 64 72 65 73 73 20 74 6f 6f 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74	.address.too..Use.this.command.t
76ea0	6f 20 61 6c 6c 6f 77 20 74 68 65 20 73 65 6c 65 63 74 65 64 20 69 6e 74 65 72 66 61 63 65 20 74	o.allow.the.selected.interface.t
76ec0	6f 20 6a 6f 69 6e 20 61 20 6d 75 6c 74 69 63 61 73 74 20 67 72 6f 75 70 2e 00 55 73 65 20 74 68	o.join.a.multicast.group..Use.th
76ee0	69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 61 6c 6c 6f 77 20 74 68 65 20 73 65 6c 65 63 74 65 64	is.command.to.allow.the.selected
76f00	20 69 6e 74 65 72 66 61 63 65 20 74 6f 20 6a 6f 69 6e 20 61 20 73 6f 75 72 63 65 2d 73 70 65 63	.interface.to.join.a.source-spec
76f20	69 66 69 63 20 6d 75 6c 74 69 63 61 73 74 20 67 72 6f 75 70 2e 00 55 73 65 20 74 68 69 73 20 63	ific.multicast.group..Use.this.c
76f40	6f 6d 6d 61 6e 64 20 74 6f 20 63 68 65 63 6b 20 74 68 65 20 74 75 6e 6e 65 6c 20 73 74 61 74 75	ommand.to.check.the.tunnel.statu
76f60	73 20 66 6f 72 20 4f 70 65 6e 56 50 4e 20 63 6c 69 65 6e 74 20 69 6e 74 65 72 66 61 63 65 73 2e	s.for.OpenVPN.client.interfaces.
76f80	00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 68 65 63 6b 20 74 68 65 20 74	.Use.this.command.to.check.the.t
76fa0	75 6e 6e 65 6c 20 73 74 61 74 75 73 20 66 6f 72 20 4f 70 65 6e 56 50 4e 20 73 65 72 76 65 72 20	unnel.status.for.OpenVPN.server.
76fc0	69 6e 74 65 72 66 61 63 65 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20	interfaces..Use.this.command.to.
76fe0	63 68 65 63 6b 20 74 68 65 20 74 75 6e 6e 65 6c 20 73 74 61 74 75 73 20 66 6f 72 20 4f 70 65 6e	check.the.tunnel.status.for.Open
77000	56 50 4e 20 73 69 74 65 2d 74 6f 2d 73 69 74 65 20 69 6e 74 65 72 66 61 63 65 73 2e 00 55 73 65	VPN.site-to-site.interfaces..Use
77020	20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6c 65 61 72 20 42 6f 72 64 65 72 20 47 61	.this.command.to.clear.Border.Ga
77040	74 65 77 61 79 20 50 72 6f 74 6f 63 6f 6c 20 73 74 61 74 69 73 74 69 63 73 20 6f 72 20 73 74 61	teway.Protocol.statistics.or.sta
77060	74 75 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75	tus..Use.this.command.to.configu
77080	72 65 20 44 48 43 50 76 36 20 50 72 65 66 69 78 20 44 65 6c 65 67 61 74 69 6f 6e 20 28 52 46 43	re.DHCPv6.Prefix.Delegation.(RFC
770a0	33 36 33 33 29 20 6f 6e 20 53 53 54 50 2e 20 59 6f 75 20 77 69 6c 6c 20 68 61 76 65 20 74 6f 20	3633).on.SSTP..You.will.have.to.
770c0	73 65 74 20 79 6f 75 72 20 49 50 76 36 20 70 6f 6f 6c 20 61 6e 64 20 74 68 65 20 6c 65 6e 67 74	set.your.IPv6.pool.and.the.lengt
770e0	68 20 6f 66 20 74 68 65 20 64 65 6c 65 67 61 74 69 6f 6e 20 70 72 65 66 69 78 2e 20 46 72 6f 6d	h.of.the.delegation.prefix..From
77100	20 74 68 65 20 64 65 66 69 6e 65 64 20 49 50 76 36 20 70 6f 6f 6c 20 79 6f 75 20 77 69 6c 6c 20	.the.defined.IPv6.pool.you.will.
77120	62 65 20 68 61 6e 64 69 6e 67 20 6f 75 74 20 6e 65 74 77 6f 72 6b 73 20 6f 66 20 74 68 65 20 64	be.handing.out.networks.of.the.d
77140	65 66 69 6e 65 64 20 6c 65 6e 67 74 68 20 28 64 65 6c 65 67 61 74 69 6f 6e 2d 70 72 65 66 69 78	efined.length.(delegation-prefix
77160	29 2e 20 54 68 65 20 6c 65 6e 67 74 68 20 6f 66 20 74 68 65 20 64 65 6c 65 67 61 74 69 6f 6e 20	)..The.length.of.the.delegation.
77180	70 72 65 66 69 78 20 63 61 6e 20 62 65 20 73 65 74 20 66 72 6f 6d 20 33 32 20 74 6f 20 36 34 20	prefix.can.be.set.from.32.to.64.
771a0	62 69 74 20 6c 6f 6e 67 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f	bit.long..Use.this.command.to.co
771c0	6e 66 69 67 75 72 65 20 44 48 43 50 76 36 20 50 72 65 66 69 78 20 44 65 6c 65 67 61 74 69 6f 6e	nfigure.DHCPv6.Prefix.Delegation
771e0	20 28 52 46 43 33 36 33 33 29 2e 20 59 6f 75 20 77 69 6c 6c 20 68 61 76 65 20 74 6f 20 73 65 74	.(RFC3633)..You.will.have.to.set
77200	20 79 6f 75 72 20 49 50 76 36 20 70 6f 6f 6c 20 61 6e 64 20 74 68 65 20 6c 65 6e 67 74 68 20 6f	.your.IPv6.pool.and.the.length.o
77220	66 20 74 68 65 20 64 65 6c 65 67 61 74 69 6f 6e 20 70 72 65 66 69 78 2e 20 46 72 6f 6d 20 74 68	f.the.delegation.prefix..From.th
77240	65 20 64 65 66 69 6e 65 64 20 49 50 76 36 20 70 6f 6f 6c 20 79 6f 75 20 77 69 6c 6c 20 62 65 20	e.defined.IPv6.pool.you.will.be.
77260	68 61 6e 64 69 6e 67 20 6f 75 74 20 6e 65 74 77 6f 72 6b 73 20 6f 66 20 74 68 65 20 64 65 66 69	handing.out.networks.of.the.defi
77280	6e 65 64 20 6c 65 6e 67 74 68 20 28 64 65 6c 65 67 61 74 69 6f 6e 2d 70 72 65 66 69 78 29 2e 20	ned.length.(delegation-prefix)..
772a0	54 68 65 20 6c 65 6e 67 74 68 20 6f 66 20 74 68 65 20 64 65 6c 65 67 61 74 69 6f 6e 20 70 72 65	The.length.of.the.delegation.pre
772c0	66 69 78 20 63 61 6e 20 62 65 20 73 65 74 20 66 72 6f 6d 20 33 32 20 74 6f 20 36 34 20 62 69 74	fix.can.be.set.from.32.to.64.bit
772e0	20 6c 6f 6e 67 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69	.long..Use.this.command.to.confi
77300	67 75 72 65 20 44 79 6e 61 6d 69 63 20 41 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 45 78 74 65 6e	gure.Dynamic.Authorization.Exten
77320	73 69 6f 6e 73 20 74 6f 20 52 41 44 49 55 53 20 73 6f 20 74 68 61 74 20 79 6f 75 20 63 61 6e 20	sions.to.RADIUS.so.that.you.can.
77340	72 65 6d 6f 74 65 6c 79 20 64 69 73 63 6f 6e 6e 65 63 74 20 73 65 73 73 69 6f 6e 73 20 61 6e 64	remotely.disconnect.sessions.and
77360	20 63 68 61 6e 67 65 20 73 6f 6d 65 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 70 61 72 61	.change.some.authentication.para
77380	6d 65 74 65 72 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66	meters..Use.this.command.to.conf
773a0	69 67 75 72 65 20 61 20 22 62 6c 61 63 6b 2d 68 6f 6c 65 22 20 72 6f 75 74 65 20 6f 6e 20 74 68	igure.a."black-hole".route.on.th
773c0	65 20 72 6f 75 74 65 72 2e 20 41 20 62 6c 61 63 6b 2d 68 6f 6c 65 20 72 6f 75 74 65 20 69 73 20	e.router..A.black-hole.route.is.
773e0	61 20 72 6f 75 74 65 20 66 6f 72 20 77 68 69 63 68 20 74 68 65 20 73 79 73 74 65 6d 20 73 69 6c	a.route.for.which.the.system.sil
77400	65 6e 74 6c 79 20 64 69 73 63 61 72 64 20 70 61 63 6b 65 74 73 20 74 68 61 74 20 61 72 65 20 6d	ently.discard.packets.that.are.m
77420	61 74 63 68 65 64 2e 20 54 68 69 73 20 70 72 65 76 65 6e 74 73 20 6e 65 74 77 6f 72 6b 73 20 6c	atched..This.prevents.networks.l
77440	65 61 6b 69 6e 67 20 6f 75 74 20 70 75 62 6c 69 63 20 69 6e 74 65 72 66 61 63 65 73 2c 20 62 75	eaking.out.public.interfaces,.bu
77460	74 20 69 74 20 64 6f 65 73 20 6e 6f 74 20 70 72 65 76 65 6e 74 20 74 68 65 6d 20 66 72 6f 6d 20	t.it.does.not.prevent.them.from.
77480	62 65 69 6e 67 20 75 73 65 64 20 61 73 20 61 20 6d 6f 72 65 20 73 70 65 63 69 66 69 63 20 72 6f	being.used.as.a.more.specific.ro
774a0	75 74 65 20 69 6e 73 69 64 65 20 79 6f 75 72 20 6e 65 74 77 6f 72 6b 2e 00 55 73 65 20 74 68 69	ute.inside.your.network..Use.thi
774c0	73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 61 20 4e 65 74 77 6f 72 6b	s.command.to.configure.a.Network
774e0	20 45 6d 75 6c 61 74 6f 72 20 70 6f 6c 69 63 79 20 64 65 66 69 6e 69 6e 67 20 69 74 73 20 6e 61	.Emulator.policy.defining.its.na
77500	6d 65 20 61 6e 64 20 74 68 65 20 66 69 78 65 64 20 61 6d 6f 75 6e 74 20 6f 66 20 74 69 6d 65 20	me.and.the.fixed.amount.of.time.
77520	79 6f 75 20 77 61 6e 74 20 74 6f 20 61 64 64 20 74 6f 20 61 6c 6c 20 70 61 63 6b 65 74 20 67 6f	you.want.to.add.to.all.packet.go
77540	69 6e 67 20 6f 75 74 20 6f 66 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 2e 20 54 68 65 20 6c 61	ing.out.of.the.interface..The.la
77560	74 65 6e 63 79 20 77 69 6c 6c 20 62 65 20 61 64 64 65 64 20 74 68 72 6f 75 67 68 20 74 68 65 20	tency.will.be.added.through.the.
77580	54 6f 6b 65 6e 20 42 75 63 6b 65 74 20 46 69 6c 74 65 72 20 71 64 69 73 63 2e 20 49 74 20 77 69	Token.Bucket.Filter.qdisc..It.wi
775a0	6c 6c 20 6f 6e 6c 79 20 74 61 6b 65 20 65 66 66 65 63 74 20 69 66 20 79 6f 75 20 68 61 76 65 20	ll.only.take.effect.if.you.have.
775c0	63 6f 6e 66 69 67 75 72 65 64 20 69 74 73 20 62 61 6e 64 77 69 64 74 68 20 74 6f 6f 2e 20 59 6f	configured.its.bandwidth.too..Yo
775e0	75 20 63 61 6e 20 75 73 65 20 73 65 63 73 2c 20 6d 73 20 61 6e 64 20 75 73 2e 20 44 65 66 61 75	u.can.use.secs,.ms.and.us..Defau
77600	6c 74 3a 20 35 30 6d 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f	lt:.50ms..Use.this.command.to.co
77620	6e 66 69 67 75 72 65 20 61 20 50 72 69 6f 72 69 74 79 20 51 75 65 75 65 20 70 6f 6c 69 63 79 2c	nfigure.a.Priority.Queue.policy,
77640	20 73 65 74 20 69 74 73 20 6e 61 6d 65 2c 20 73 65 74 20 61 20 63 6c 61 73 73 20 77 69 74 68 20	.set.its.name,.set.a.class.with.
77660	61 20 70 72 69 6f 72 69 74 79 20 66 72 6f 6d 20 31 20 74 6f 20 37 20 61 6e 64 20 64 65 66 69 6e	a.priority.from.1.to.7.and.defin
77680	65 20 61 20 68 61 72 64 20 6c 69 6d 69 74 20 6f 6e 20 74 68 65 20 72 65 61 6c 20 71 75 65 75 65	e.a.hard.limit.on.the.real.queue
776a0	20 73 69 7a 65 2e 20 57 68 65 6e 20 74 68 69 73 20 6c 69 6d 69 74 20 69 73 20 72 65 61 63 68 65	.size..When.this.limit.is.reache
776c0	64 2c 20 6e 65 77 20 70 61 63 6b 65 74 73 20 61 72 65 20 64 72 6f 70 70 65 64 2e 00 55 73 65 20	d,.new.packets.are.dropped..Use.
776e0	74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 61 20 52 61 6e 64	this.command.to.configure.a.Rand
77700	6f 6d 2d 44 65 74 65 63 74 20 70 6f 6c 69 63 79 20 61 6e 64 20 73 65 74 20 69 74 73 20 6e 61 6d	om-Detect.policy.and.set.its.nam
77720	65 2c 20 74 68 65 6e 20 6e 61 6d 65 20 74 68 65 20 49 50 20 50 72 65 63 65 64 65 6e 63 65 20 66	e,.then.name.the.IP.Precedence.f
77740	6f 72 20 74 68 65 20 76 69 72 74 75 61 6c 20 71 75 65 75 65 20 79 6f 75 20 61 72 65 20 63 6f 6e	or.the.virtual.queue.you.are.con
77760	66 69 67 75 72 69 6e 67 20 61 6e 64 20 77 68 61 74 20 74 68 65 20 6d 61 78 69 6d 75 6d 20 73 69	figuring.and.what.the.maximum.si
77780	7a 65 20 6f 66 20 69 74 73 20 71 75 65 75 65 20 77 69 6c 6c 20 62 65 20 28 66 72 6f 6d 20 31 20	ze.of.its.queue.will.be.(from.1.
777a0	74 6f 20 31 2d 34 32 39 34 39 36 37 32 39 35 20 70 61 63 6b 65 74 73 29 2e 20 50 61 63 6b 65 74	to.1-4294967295.packets)..Packet
777c0	73 20 61 72 65 20 64 72 6f 70 70 65 64 20 77 68 65 6e 20 74 68 65 20 63 75 72 72 65 6e 74 20 71	s.are.dropped.when.the.current.q
777e0	75 65 75 65 20 6c 65 6e 67 74 68 20 72 65 61 63 68 65 73 20 74 68 69 73 20 76 61 6c 75 65 2e 00	ueue.length.reaches.this.value..
77800	55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 61 20	Use.this.command.to.configure.a.
77820	52 61 6e 64 6f 6d 2d 44 65 74 65 63 74 20 70 6f 6c 69 63 79 20 61 6e 64 20 73 65 74 20 69 74 73	Random-Detect.policy.and.set.its
77840	20 6e 61 6d 65 2c 20 74 68 65 6e 20 73 74 61 74 65 20 74 68 65 20 49 50 20 50 72 65 63 65 64 65	.name,.then.state.the.IP.Precede
77860	6e 63 65 20 66 6f 72 20 74 68 65 20 76 69 72 74 75 61 6c 20 71 75 65 75 65 20 79 6f 75 20 61 72	nce.for.the.virtual.queue.you.ar
77880	65 20 63 6f 6e 66 69 67 75 72 69 6e 67 20 61 6e 64 20 77 68 61 74 20 69 74 73 20 6d 61 72 6b 20	e.configuring.and.what.its.mark.
778a0	28 64 72 6f 70 29 20 70 72 6f 62 61 62 69 6c 69 74 79 20 77 69 6c 6c 20 62 65 2e 20 53 65 74 20	(drop).probability.will.be..Set.
778c0	74 68 65 20 70 72 6f 62 61 62 69 6c 69 74 79 20 62 79 20 67 69 76 69 6e 67 20 74 68 65 20 4e 20	the.probability.by.giving.the.N.
778e0	76 61 6c 75 65 20 6f 66 20 74 68 65 20 66 72 61 63 74 69 6f 6e 20 31 2f 4e 20 28 64 65 66 61 75	value.of.the.fraction.1/N.(defau
77900	6c 74 3a 20 31 30 29 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e	lt:.10)..Use.this.command.to.con
77920	66 69 67 75 72 65 20 61 20 52 61 6e 64 6f 6d 2d 44 65 74 65 63 74 20 70 6f 6c 69 63 79 20 61 6e	figure.a.Random-Detect.policy.an
77940	64 20 73 65 74 20 69 74 73 20 6e 61 6d 65 2c 20 74 68 65 6e 20 73 74 61 74 65 20 74 68 65 20 49	d.set.its.name,.then.state.the.I
77960	50 20 50 72 65 63 65 64 65 6e 63 65 20 66 6f 72 20 74 68 65 20 76 69 72 74 75 61 6c 20 71 75 65	P.Precedence.for.the.virtual.que
77980	75 65 20 79 6f 75 20 61 72 65 20 63 6f 6e 66 69 67 75 72 69 6e 67 20 61 6e 64 20 77 68 61 74 20	ue.you.are.configuring.and.what.
779a0	69 74 73 20 6d 61 78 69 6d 75 6d 20 74 68 72 65 73 68 6f 6c 64 20 66 6f 72 20 72 61 6e 64 6f 6d	its.maximum.threshold.for.random
779c0	20 64 65 74 65 63 74 69 6f 6e 20 77 69 6c 6c 20 62 65 20 28 66 72 6f 6d 20 30 20 74 6f 20 34 30	.detection.will.be.(from.0.to.40
779e0	39 36 20 70 61 63 6b 65 74 73 2c 20 64 65 66 61 75 6c 74 3a 20 31 38 29 2e 20 41 74 20 74 68 69	96.packets,.default:.18)..At.thi
77a00	73 20 73 69 7a 65 2c 20 74 68 65 20 6d 61 72 6b 69 6e 67 20 28 64 72 6f 70 29 20 70 72 6f 62 61	s.size,.the.marking.(drop).proba
77a20	62 69 6c 69 74 79 20 69 73 20 6d 61 78 69 6d 61 6c 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d	bility.is.maximal..Use.this.comm
77a40	61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 61 20 52 61 6e 64 6f 6d 2d 44 65 74 65 63 74	and.to.configure.a.Random-Detect
77a60	20 70 6f 6c 69 63 79 20 61 6e 64 20 73 65 74 20 69 74 73 20 6e 61 6d 65 2c 20 74 68 65 6e 20 73	.policy.and.set.its.name,.then.s
77a80	74 61 74 65 20 74 68 65 20 49 50 20 50 72 65 63 65 64 65 6e 63 65 20 66 6f 72 20 74 68 65 20 76	tate.the.IP.Precedence.for.the.v
77aa0	69 72 74 75 61 6c 20 71 75 65 75 65 20 79 6f 75 20 61 72 65 20 63 6f 6e 66 69 67 75 72 69 6e 67	irtual.queue.you.are.configuring
77ac0	20 61 6e 64 20 77 68 61 74 20 69 74 73 20 6d 69 6e 69 6d 75 6d 20 74 68 72 65 73 68 6f 6c 64 20	.and.what.its.minimum.threshold.
77ae0	66 6f 72 20 72 61 6e 64 6f 6d 20 64 65 74 65 63 74 69 6f 6e 20 77 69 6c 6c 20 62 65 20 28 66 72	for.random.detection.will.be.(fr
77b00	6f 6d 20 30 20 74 6f 20 34 30 39 36 20 70 61 63 6b 65 74 73 29 2e 20 20 49 66 20 74 68 69 73 20	om.0.to.4096.packets)...If.this.
77b20	76 61 6c 75 65 20 69 73 20 65 78 63 65 65 64 65 64 2c 20 70 61 63 6b 65 74 73 20 73 74 61 72 74	value.is.exceeded,.packets.start
77b40	20 62 65 69 6e 67 20 65 6c 69 67 69 62 6c 65 20 66 6f 72 20 62 65 69 6e 67 20 64 72 6f 70 70 65	.being.eligible.for.being.droppe
77b60	64 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65	d..Use.this.command.to.configure
77b80	20 61 20 52 61 6e 64 6f 6d 2d 44 65 74 65 63 74 20 70 6f 6c 69 63 79 20 61 6e 64 20 73 65 74 20	.a.Random-Detect.policy.and.set.
77ba0	69 74 73 20 6e 61 6d 65 2c 20 74 68 65 6e 20 73 74 61 74 65 20 74 68 65 20 49 50 20 50 72 65 63	its.name,.then.state.the.IP.Prec
77bc0	65 64 65 6e 63 65 20 66 6f 72 20 74 68 65 20 76 69 72 74 75 61 6c 20 71 75 65 75 65 20 79 6f 75	edence.for.the.virtual.queue.you
77be0	20 61 72 65 20 63 6f 6e 66 69 67 75 72 69 6e 67 20 61 6e 64 20 77 68 61 74 20 74 68 65 20 73 69	.are.configuring.and.what.the.si
77c00	7a 65 20 6f 66 20 69 74 73 20 61 76 65 72 61 67 65 2d 70 61 63 6b 65 74 20 73 68 6f 75 6c 64 20	ze.of.its.average-packet.should.
77c20	62 65 20 28 69 6e 20 62 79 74 65 73 2c 20 64 65 66 61 75 6c 74 3a 20 31 30 32 34 29 2e 00 55 73	be.(in.bytes,.default:.1024)..Us
77c40	65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 61 20 52 61	e.this.command.to.configure.a.Ra
77c60	6e 64 6f 6d 2d 44 65 74 65 63 74 20 70 6f 6c 69 63 79 2c 20 73 65 74 20 69 74 73 20 6e 61 6d 65	ndom-Detect.policy,.set.its.name
77c80	20 61 6e 64 20 73 65 74 20 74 68 65 20 61 76 61 69 6c 61 62 6c 65 20 62 61 6e 64 77 69 64 74 68	.and.set.the.available.bandwidth
77ca0	20 66 6f 72 20 74 68 69 73 20 70 6f 6c 69 63 79 2e 20 49 74 20 69 73 20 75 73 65 64 20 66 6f 72	.for.this.policy..It.is.used.for
77cc0	20 63 61 6c 63 75 6c 61 74 69 6e 67 20 74 68 65 20 61 76 65 72 61 67 65 20 71 75 65 75 65 20 73	.calculating.the.average.queue.s
77ce0	69 7a 65 20 61 66 74 65 72 20 73 6f 6d 65 20 69 64 6c 65 20 74 69 6d 65 2e 20 49 74 20 73 68 6f	ize.after.some.idle.time..It.sho
77d00	75 6c 64 20 62 65 20 73 65 74 20 74 6f 20 74 68 65 20 62 61 6e 64 77 69 64 74 68 20 6f 66 20 79	uld.be.set.to.the.bandwidth.of.y
77d20	6f 75 72 20 69 6e 74 65 72 66 61 63 65 2e 20 52 61 6e 64 6f 6d 20 44 65 74 65 63 74 20 69 73 20	our.interface..Random.Detect.is.
77d40	6e 6f 74 20 61 20 73 68 61 70 69 6e 67 20 70 6f 6c 69 63 79 2c 20 74 68 69 73 20 63 6f 6d 6d 61	not.a.shaping.policy,.this.comma
77d60	6e 64 20 77 69 6c 6c 20 6e 6f 74 20 73 68 61 70 65 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d	nd.will.not.shape..Use.this.comm
77d80	61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 61 20 52 61 74 65 2d 43 6f 6e 74 72 6f 6c 20	and.to.configure.a.Rate-Control.
77da0	70 6f 6c 69 63 79 2c 20 73 65 74 20 69 74 73 20 6e 61 6d 65 20 61 6e 64 20 74 68 65 20 6d 61 78	policy,.set.its.name.and.the.max
77dc0	69 6d 75 6d 20 61 6d 6f 75 6e 74 20 6f 66 20 74 69 6d 65 20 61 20 70 61 63 6b 65 74 20 63 61 6e	imum.amount.of.time.a.packet.can
77de0	20 62 65 20 71 75 65 75 65 64 20 28 64 65 66 61 75 6c 74 3a 20 35 30 20 6d 73 29 2e 00 55 73 65	.be.queued.(default:.50.ms)..Use
77e00	20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 61 20 52 61 74	.this.command.to.configure.a.Rat
77e20	65 2d 43 6f 6e 74 72 6f 6c 20 70 6f 6c 69 63 79 2c 20 73 65 74 20 69 74 73 20 6e 61 6d 65 20 61	e-Control.policy,.set.its.name.a
77e40	6e 64 20 74 68 65 20 72 61 74 65 20 6c 69 6d 69 74 20 79 6f 75 20 77 61 6e 74 20 74 6f 20 68 61	nd.the.rate.limit.you.want.to.ha
77e60	76 65 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72	ve..Use.this.command.to.configur
77e80	65 20 61 20 52 61 74 65 2d 43 6f 6e 74 72 6f 6c 20 70 6f 6c 69 63 79 2c 20 73 65 74 20 69 74 73	e.a.Rate-Control.policy,.set.its
77ea0	20 6e 61 6d 65 20 61 6e 64 20 74 68 65 20 73 69 7a 65 20 6f 66 20 74 68 65 20 62 75 63 6b 65 74	.name.and.the.size.of.the.bucket
77ec0	20 69 6e 20 62 79 74 65 73 20 77 68 69 63 68 20 77 69 6c 6c 20 62 65 20 61 76 61 69 6c 61 62 6c	.in.bytes.which.will.be.availabl
77ee0	65 20 66 6f 72 20 62 75 72 73 74 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f	e.for.burst..Use.this.command.to
77f00	20 63 6f 6e 66 69 67 75 72 65 20 61 20 52 6f 75 6e 64 2d 52 6f 62 69 6e 20 70 6f 6c 69 63 79 2c	.configure.a.Round-Robin.policy,
77f20	20 73 65 74 20 69 74 73 20 6e 61 6d 65 2c 20 73 65 74 20 61 20 63 6c 61 73 73 20 49 44 2c 20 61	.set.its.name,.set.a.class.ID,.a
77f40	6e 64 20 74 68 65 20 71 75 61 6e 74 75 6d 20 66 6f 72 20 74 68 61 74 20 63 6c 61 73 73 2e 20 54	nd.the.quantum.for.that.class..T
77f60	68 65 20 64 65 66 69 63 69 74 20 63 6f 75 6e 74 65 72 20 77 69 6c 6c 20 61 64 64 20 74 68 61 74	he.deficit.counter.will.add.that
77f80	20 76 61 6c 75 65 20 65 61 63 68 20 72 6f 75 6e 64 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d	.value.each.round..Use.this.comm
77fa0	61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 61 20 52 6f 75 6e 64 2d 52 6f 62 69 6e 20 70	and.to.configure.a.Round-Robin.p
77fc0	6f 6c 69 63 79 2c 20 73 65 74 20 69 74 73 20 6e 61 6d 65 2c 20 73 65 74 20 61 20 63 6c 61 73 73	olicy,.set.its.name,.set.a.class
77fe0	20 49 44 2c 20 61 6e 64 20 74 68 65 20 71 75 65 75 65 20 73 69 7a 65 20 69 6e 20 70 61 63 6b 65	.ID,.and.the.queue.size.in.packe
78000	74 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72	ts..Use.this.command.to.configur
78020	65 20 61 20 53 68 61 70 65 72 20 70 6f 6c 69 63 79 2c 20 73 65 74 20 69 74 73 20 6e 61 6d 65 20	e.a.Shaper.policy,.set.its.name.
78040	61 6e 64 20 74 68 65 20 6d 61 78 69 6d 75 6d 20 62 61 6e 64 77 69 64 74 68 20 66 6f 72 20 61 6c	and.the.maximum.bandwidth.for.al
78060	6c 20 63 6f 6d 62 69 6e 65 64 20 74 72 61 66 66 69 63 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d	l.combined.traffic..Use.this.com
78080	6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 61 20 53 68 61 70 65 72 20 70 6f 6c 69 63	mand.to.configure.a.Shaper.polic
780a0	79 2c 20 73 65 74 20 69 74 73 20 6e 61 6d 65 2c 20 64 65 66 69 6e 65 20 61 20 63 6c 61 73 73 20	y,.set.its.name,.define.a.class.
780c0	61 6e 64 20 73 65 74 20 74 68 65 20 67 75 61 72 61 6e 74 65 65 64 20 74 72 61 66 66 69 63 20 79	and.set.the.guaranteed.traffic.y
780e0	6f 75 20 77 61 6e 74 20 74 6f 20 61 6c 6c 6f 63 61 74 65 20 74 6f 20 74 68 61 74 20 63 6c 61 73	ou.want.to.allocate.to.that.clas
78100	73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65	s..Use.this.command.to.configure
78120	20 61 20 53 68 61 70 65 72 20 70 6f 6c 69 63 79 2c 20 73 65 74 20 69 74 73 20 6e 61 6d 65 2c 20	.a.Shaper.policy,.set.its.name,.
78140	64 65 66 69 6e 65 20 61 20 63 6c 61 73 73 20 61 6e 64 20 73 65 74 20 74 68 65 20 6d 61 78 69 6d	define.a.class.and.set.the.maxim
78160	75 6d 20 73 70 65 65 64 20 70 6f 73 73 69 62 6c 65 20 66 6f 72 20 74 68 69 73 20 63 6c 61 73 73	um.speed.possible.for.this.class
78180	2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 63 65 69 6c 69 6e 67 20 76 61 6c 75 65 20 69 73 20 74	..The.default.ceiling.value.is.t
781a0	68 65 20 62 61 6e 64 77 69 64 74 68 20 76 61 6c 75 65 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d	he.bandwidth.value..Use.this.com
781c0	6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 61 20 53 68 61 70 65 72 20 70 6f 6c 69 63	mand.to.configure.a.Shaper.polic
781e0	79 2c 20 73 65 74 20 69 74 73 20 6e 61 6d 65 2c 20 64 65 66 69 6e 65 20 61 20 63 6c 61 73 73 20	y,.set.its.name,.define.a.class.
78200	61 6e 64 20 73 65 74 20 74 68 65 20 70 72 69 6f 72 69 74 79 20 66 6f 72 20 75 73 61 67 65 20 6f	and.set.the.priority.for.usage.o
78220	66 20 61 76 61 69 6c 61 62 6c 65 20 62 61 6e 64 77 69 64 74 68 20 6f 6e 63 65 20 67 75 61 72 61	f.available.bandwidth.once.guara
78240	6e 74 65 65 73 20 68 61 76 65 20 62 65 65 6e 20 6d 65 74 2e 20 54 68 65 20 6c 6f 77 65 72 20 74	ntees.have.been.met..The.lower.t
78260	68 65 20 70 72 69 6f 72 69 74 79 20 6e 75 6d 62 65 72 2c 20 74 68 65 20 68 69 67 68 65 72 20 74	he.priority.number,.the.higher.t
78280	68 65 20 70 72 69 6f 72 69 74 79 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 70 72 69 6f 72 69 74	he.priority..The.default.priorit
782a0	79 20 76 61 6c 75 65 20 69 73 20 30 2c 20 74 68 65 20 68 69 67 68 65 73 74 20 70 72 69 6f 72 69	y.value.is.0,.the.highest.priori
782c0	74 79 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72	ty..Use.this.command.to.configur
782e0	65 20 61 20 53 68 61 70 65 72 20 70 6f 6c 69 63 79 2c 20 73 65 74 20 69 74 73 20 6e 61 6d 65 2c	e.a.Shaper.policy,.set.its.name,
78300	20 64 65 66 69 6e 65 20 61 20 63 6c 61 73 73 20 61 6e 64 20 73 65 74 20 74 68 65 20 73 69 7a 65	.define.a.class.and.set.the.size
78320	20 6f 66 20 74 68 65 20 60 74 6f 63 6b 65 6e 20 62 75 63 6b 65 74 60 5f 20 69 6e 20 62 79 74 65	.of.the.`tocken.bucket`_.in.byte
78340	73 2c 20 77 68 69 63 68 20 77 69 6c 6c 20 62 65 20 61 76 61 69 6c 61 62 6c 65 20 74 6f 20 62 65	s,.which.will.be.available.to.be
78360	20 73 65 6e 74 20 61 74 20 63 65 69 6c 69 6e 67 20 73 70 65 65 64 20 28 64 65 66 61 75 6c 74 3a	.sent.at.ceiling.speed.(default:
78380	20 31 35 4b 62 29 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66	.15Kb)..Use.this.command.to.conf
783a0	69 67 75 72 65 20 61 20 64 61 74 61 2d 72 61 74 65 20 6c 69 6d 69 74 20 74 6f 20 50 50 50 4f 6f	igure.a.data-rate.limit.to.PPPOo
783c0	45 20 63 6c 69 65 6e 74 73 20 66 6f 72 20 74 72 61 66 66 69 63 20 64 6f 77 6e 6c 6f 61 64 20 6f	E.clients.for.traffic.download.o
783e0	72 20 75 70 6c 6f 61 64 2e 20 54 68 65 20 72 61 74 65 2d 6c 69 6d 69 74 20 69 73 20 73 65 74 20	r.upload..The.rate-limit.is.set.
78400	69 6e 20 6b 62 69 74 2f 73 65 63 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f	in.kbit/sec..Use.this.command.to
78420	20 63 6f 6e 66 69 67 75 72 65 20 61 20 64 72 6f 70 2d 74 61 69 6c 20 70 6f 6c 69 63 79 20 28 50	.configure.a.drop-tail.policy.(P
78440	46 49 46 4f 29 2e 20 43 68 6f 6f 73 65 20 61 20 75 6e 69 71 75 65 20 6e 61 6d 65 20 66 6f 72 20	FIFO)..Choose.a.unique.name.for.
78460	74 68 69 73 20 70 6f 6c 69 63 79 20 61 6e 64 20 74 68 65 20 73 69 7a 65 20 6f 66 20 74 68 65 20	this.policy.and.the.size.of.the.
78480	71 75 65 75 65 20 62 79 20 73 65 74 74 69 6e 67 20 74 68 65 20 6e 75 6d 62 65 72 20 6f 66 20 70	queue.by.setting.the.number.of.p
784a0	61 63 6b 65 74 73 20 69 74 20 63 61 6e 20 63 6f 6e 74 61 69 6e 20 28 6d 61 78 69 6d 75 6d 20 34	ackets.it.can.contain.(maximum.4
784c0	32 39 34 39 36 37 32 39 35 29 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20	294967295)..Use.this.command.to.
784e0	63 6f 6e 66 69 67 75 72 65 20 61 20 73 70 65 63 69 66 69 63 20 73 65 73 73 69 6f 6e 20 68 6f 6c	configure.a.specific.session.hol
78500	64 20 74 69 6d 65 20 66 6f 72 20 4c 44 50 20 70 65 65 72 73 2e 20 53 65 74 20 74 68 65 20 49 50	d.time.for.LDP.peers..Set.the.IP
78520	20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 4c 44 50 20 70 65 65 72 20 61 6e 64 20 61 20 73	.address.of.the.LDP.peer.and.a.s
78540	65 73 73 69 6f 6e 20 68 6f 6c 64 20 74 69 6d 65 20 74 68 61 74 20 73 68 6f 75 6c 64 20 62 65 20	ession.hold.time.that.should.be.
78560	63 6f 6e 66 69 67 75 72 65 64 20 66 6f 72 20 69 74 2e 20 59 6f 75 20 6d 61 79 20 68 61 76 65 20	configured.for.it..You.may.have.
78580	74 6f 20 72 65 73 65 74 20 74 68 65 20 6e 65 69 67 68 62 6f 72 20 66 6f 72 20 74 68 69 73 20 74	to.reset.the.neighbor.for.this.t
785a0	6f 20 77 6f 72 6b 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66	o.work..Use.this.command.to.conf
785c0	69 67 75 72 65 20 61 6e 20 49 6e 67 72 65 73 73 20 50 6f 6c 69 63 65 72 2c 20 64 65 66 69 6e 69	igure.an.Ingress.Policer,.defini
785e0	6e 67 20 69 74 73 20 6e 61 6d 65 20 61 6e 64 20 74 68 65 20 62 75 72 73 74 20 73 69 7a 65 20 69	ng.its.name.and.the.burst.size.i
78600	6e 20 62 79 74 65 73 20 28 64 65 66 61 75 6c 74 3a 20 31 35 29 20 66 6f 72 20 69 74 73 20 64 65	n.bytes.(default:.15).for.its.de
78620	66 61 75 6c 74 20 70 6f 6c 69 63 79 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74	fault.policy..Use.this.command.t
78640	6f 20 63 6f 6e 66 69 67 75 72 65 20 61 6e 20 49 6e 67 72 65 73 73 20 50 6f 6c 69 63 65 72 2c 20	o.configure.an.Ingress.Policer,.
78660	64 65 66 69 6e 69 6e 67 20 69 74 73 20 6e 61 6d 65 20 61 6e 64 20 74 68 65 20 6d 61 78 69 6d 75	defining.its.name.and.the.maximu
78680	6d 20 61 6c 6c 6f 77 65 64 20 62 61 6e 64 77 69 64 74 68 20 66 6f 72 20 69 74 73 20 64 65 66 61	m.allowed.bandwidth.for.its.defa
786a0	75 6c 74 20 70 6f 6c 69 63 79 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20	ult.policy..Use.this.command.to.
786c0	63 6f 6e 66 69 67 75 72 65 20 61 6e 20 49 6e 67 72 65 73 73 20 50 6f 6c 69 63 65 72 2c 20 64 65	configure.an.Ingress.Policer,.de
786e0	66 69 6e 69 6e 67 20 69 74 73 20 6e 61 6d 65 2c 20 61 20 63 6c 61 73 73 20 69 64 65 6e 74 69 66	fining.its.name,.a.class.identif
78700	69 65 72 20 28 31 2d 34 30 39 30 29 20 61 6e 64 20 74 68 65 20 62 75 72 73 74 20 73 69 7a 65 20	ier.(1-4090).and.the.burst.size.
78720	69 6e 20 62 79 74 65 73 20 66 6f 72 20 74 68 69 73 20 63 6c 61 73 73 20 28 64 65 66 61 75 6c 74	in.bytes.for.this.class.(default
78740	3a 20 31 35 29 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69	:.15)..Use.this.command.to.confi
78760	67 75 72 65 20 61 6e 20 49 6e 67 72 65 73 73 20 50 6f 6c 69 63 65 72 2c 20 64 65 66 69 6e 69 6e	gure.an.Ingress.Policer,.definin
78780	67 20 69 74 73 20 6e 61 6d 65 2c 20 61 20 63 6c 61 73 73 20 69 64 65 6e 74 69 66 69 65 72 20 28	g.its.name,.a.class.identifier.(
787a0	31 2d 34 30 39 30 29 20 61 6e 64 20 74 68 65 20 6d 61 78 69 6d 75 6d 20 61 6c 6c 6f 77 65 64 20	1-4090).and.the.maximum.allowed.
787c0	62 61 6e 64 77 69 64 74 68 20 66 6f 72 20 74 68 69 73 20 63 6c 61 73 73 2e 00 55 73 65 20 74 68	bandwidth.for.this.class..Use.th
787e0	69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 61 6e 20 49 6e 67 72 65	is.command.to.configure.an.Ingre
78800	73 73 20 50 6f 6c 69 63 65 72 2c 20 64 65 66 69 6e 69 6e 67 20 69 74 73 20 6e 61 6d 65 2c 20 61	ss.Policer,.defining.its.name,.a
78820	20 63 6c 61 73 73 20 69 64 65 6e 74 69 66 69 65 72 20 28 31 2d 34 30 39 30 29 2c 20 61 20 63 6c	.class.identifier.(1-4090),.a.cl
78840	61 73 73 20 6d 61 74 63 68 69 6e 67 20 72 75 6c 65 20 6e 61 6d 65 20 61 6e 64 20 69 74 73 20 64	ass.matching.rule.name.and.its.d
78860	65 73 63 72 69 70 74 69 6f 6e 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20	escription..Use.this.command.to.
78880	63 6f 6e 66 69 67 75 72 65 20 61 6e 20 49 6e 67 72 65 73 73 20 50 6f 6c 69 63 65 72 2c 20 64 65	configure.an.Ingress.Policer,.de
788a0	66 69 6e 69 6e 67 20 69 74 73 20 6e 61 6d 65 2c 20 61 20 63 6c 61 73 73 20 69 64 65 6e 74 69 66	fining.its.name,.a.class.identif
788c0	69 65 72 20 28 31 2d 34 30 39 30 29 2c 20 61 6e 64 20 74 68 65 20 70 72 69 6f 72 69 74 79 20 28	ier.(1-4090),.and.the.priority.(
788e0	30 2d 32 30 2c 20 64 65 66 61 75 6c 74 20 32 30 29 20 69 6e 20 77 68 69 63 68 20 74 68 65 20 72	0-20,.default.20).in.which.the.r
78900	75 6c 65 20 69 73 20 65 76 61 6c 75 61 74 65 64 20 28 74 68 65 20 6c 6f 77 65 72 20 74 68 65 20	ule.is.evaluated.(the.lower.the.
78920	6e 75 6d 62 65 72 2c 20 74 68 65 20 68 69 67 68 65 72 20 74 68 65 20 70 72 69 6f 72 69 74 79 29	number,.the.higher.the.priority)
78940	2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20	..Use.this.command.to.configure.
78960	61 6e 20 66 71 2d 63 6f 64 65 6c 20 70 6f 6c 69 63 79 2c 20 73 65 74 20 69 74 73 20 6e 61 6d 65	an.fq-codel.policy,.set.its.name
78980	20 61 6e 64 20 74 68 65 20 6d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 62 79 74 65 73	.and.the.maximum.number.of.bytes
789a0	20 28 64 65 66 61 75 6c 74 3a 20 31 35 31 34 29 20 74 6f 20 62 65 20 64 65 71 75 65 75 65 64 20	.(default:.1514).to.be.dequeued.
789c0	66 72 6f 6d 20 61 20 71 75 65 75 65 20 61 74 20 6f 6e 63 65 2e 00 55 73 65 20 74 68 69 73 20 63	from.a.queue.at.once..Use.this.c
789e0	6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 61 6e 20 66 71 2d 63 6f 64 65 6c 20	ommand.to.configure.an.fq-codel.
78a00	70 6f 6c 69 63 79 2c 20 73 65 74 20 69 74 73 20 6e 61 6d 65 20 61 6e 64 20 74 68 65 20 6e 75 6d	policy,.set.its.name.and.the.num
78a20	62 65 72 20 6f 66 20 73 75 62 2d 71 75 65 75 65 73 20 28 64 65 66 61 75 6c 74 3a 20 31 30 32 34	ber.of.sub-queues.(default:.1024
78a40	29 20 69 6e 74 6f 20 77 68 69 63 68 20 70 61 63 6b 65 74 73 20 61 72 65 20 63 6c 61 73 73 69 66	).into.which.packets.are.classif
78a60	69 65 64 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75	ied..Use.this.command.to.configu
78a80	72 65 20 61 6e 20 66 71 2d 63 6f 64 65 6c 20 70 6f 6c 69 63 79 2c 20 73 65 74 20 69 74 73 20 6e	re.an.fq-codel.policy,.set.its.n
78aa0	61 6d 65 20 61 6e 64 20 74 68 65 20 74 69 6d 65 20 70 65 72 69 6f 64 20 75 73 65 64 20 62 79 20	ame.and.the.time.period.used.by.
78ac0	74 68 65 20 63 6f 6e 74 72 6f 6c 20 6c 6f 6f 70 20 6f 66 20 43 6f 44 65 6c 20 74 6f 20 64 65 74	the.control.loop.of.CoDel.to.det
78ae0	65 63 74 20 77 68 65 6e 20 61 20 70 65 72 73 69 73 74 65 6e 74 20 71 75 65 75 65 20 69 73 20 64	ect.when.a.persistent.queue.is.d
78b00	65 76 65 6c 6f 70 69 6e 67 2c 20 65 6e 73 75 72 69 6e 67 20 74 68 61 74 20 74 68 65 20 6d 65 61	eveloping,.ensuring.that.the.mea
78b20	73 75 72 65 64 20 6d 69 6e 69 6d 75 6d 20 64 65 6c 61 79 20 64 6f 65 73 20 6e 6f 74 20 62 65 63	sured.minimum.delay.does.not.bec
78b40	6f 6d 65 20 74 6f 6f 20 73 74 61 6c 65 20 28 64 65 66 61 75 6c 74 3a 20 31 30 30 6d 73 29 2e 00	ome.too.stale.(default:.100ms)..
78b60	55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 61 6e	Use.this.command.to.configure.an
78b80	20 66 71 2d 63 6f 64 65 6c 20 70 6f 6c 69 63 79 2c 20 73 65 74 20 69 74 73 20 6e 61 6d 65 2c 20	.fq-codel.policy,.set.its.name,.
78ba0	61 6e 64 20 64 65 66 69 6e 65 20 61 20 68 61 72 64 20 6c 69 6d 69 74 20 6f 6e 20 74 68 65 20 72	and.define.a.hard.limit.on.the.r
78bc0	65 61 6c 20 71 75 65 75 65 20 73 69 7a 65 2e 20 57 68 65 6e 20 74 68 69 73 20 6c 69 6d 69 74 20	eal.queue.size..When.this.limit.
78be0	69 73 20 72 65 61 63 68 65 64 2c 20 6e 65 77 20 70 61 63 6b 65 74 73 20 61 72 65 20 64 72 6f 70	is.reached,.new.packets.are.drop
78c00	70 65 64 20 28 64 65 66 61 75 6c 74 3a 20 31 30 32 34 30 20 70 61 63 6b 65 74 73 29 2e 00 55 73	ped.(default:.10240.packets)..Us
78c20	65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 61 6e 20 66	e.this.command.to.configure.an.f
78c40	71 2d 63 6f 64 65 6c 20 70 6f 6c 69 63 79 2c 20 73 65 74 20 69 74 73 20 6e 61 6d 65 2c 20 61 6e	q-codel.policy,.set.its.name,.an
78c60	64 20 64 65 66 69 6e 65 20 74 68 65 20 61 63 63 65 70 74 61 62 6c 65 20 6d 69 6e 69 6d 75 6d 20	d.define.the.acceptable.minimum.
78c80	73 74 61 6e 64 69 6e 67 2f 70 65 72 73 69 73 74 65 6e 74 20 71 75 65 75 65 20 64 65 6c 61 79 2e	standing/persistent.queue.delay.
78ca0	20 54 68 69 73 20 6d 69 6e 69 6d 75 6d 20 64 65 6c 61 79 20 69 73 20 69 64 65 6e 74 69 66 69 65	.This.minimum.delay.is.identifie
78cc0	64 20 62 79 20 74 72 61 63 6b 69 6e 67 20 74 68 65 20 6c 6f 63 61 6c 20 6d 69 6e 69 6d 75 6d 20	d.by.tracking.the.local.minimum.
78ce0	71 75 65 75 65 20 64 65 6c 61 79 20 74 68 61 74 20 70 61 63 6b 65 74 73 20 65 78 70 65 72 69 65	queue.delay.that.packets.experie
78d00	6e 63 65 20 28 64 65 66 61 75 6c 74 3a 20 35 6d 73 29 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d	nce.(default:.5ms)..Use.this.com
78d20	6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 61 6e 20 69 6e 74 65 72 66 61 63 65 20 77	mand.to.configure.an.interface.w
78d40	69 74 68 20 49 47 4d 50 20 73 6f 20 74 68 61 74 20 50 49 4d 20 63 61 6e 20 72 65 63 65 69 76 65	ith.IGMP.so.that.PIM.can.receive
78d60	20 49 47 4d 50 20 72 65 70 6f 72 74 73 20 61 6e 64 20 71 75 65 72 79 20 6f 6e 20 74 68 65 20 73	.IGMP.reports.and.query.on.the.s
78d80	65 6c 65 63 74 65 64 20 69 6e 74 65 72 66 61 63 65 2e 20 42 79 20 64 65 66 61 75 6c 74 20 49 47	elected.interface..By.default.IG
78da0	4d 50 20 76 65 72 73 69 6f 6e 20 33 20 77 69 6c 6c 20 62 65 20 75 73 65 64 2e 00 55 73 65 20 74	MP.version.3.will.be.used..Use.t
78dc0	68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 61 75 74 68 65 6e 74	his.command.to.configure.authent
78de0	69 63 61 74 69 6f 6e 20 66 6f 72 20 4c 44 50 20 70 65 65 72 73 2e 20 53 65 74 20 74 68 65 20 49	ication.for.LDP.peers..Set.the.I
78e00	50 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 4c 44 50 20 70 65 65 72 20 61 6e 64 20 61 20	P.address.of.the.LDP.peer.and.a.
78e20	70 61 73 73 77 6f 72 64 20 74 68 61 74 20 73 68 6f 75 6c 64 20 62 65 20 73 68 61 72 65 64 20 69	password.that.should.be.shared.i
78e40	6e 20 6f 72 64 65 72 20 74 6f 20 62 65 63 6f 6d 65 20 6e 65 69 67 68 62 6f 72 73 2e 00 55 73 65	n.order.to.become.neighbors..Use
78e60	20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 69 6e 20 74 68	.this.command.to.configure.in.th
78e80	65 20 73 65 6c 65 63 74 65 64 20 69 6e 74 65 72 66 61 63 65 20 74 68 65 20 49 47 4d 50 20 68 6f	e.selected.interface.the.IGMP.ho
78ea0	73 74 20 71 75 65 72 79 20 69 6e 74 65 72 76 61 6c 20 28 31 2d 31 38 30 30 29 20 69 6e 20 73 65	st.query.interval.(1-1800).in.se
78ec0	63 6f 6e 64 73 20 74 68 61 74 20 50 49 4d 20 77 69 6c 6c 20 75 73 65 2e 00 55 73 65 20 74 68 69	conds.that.PIM.will.use..Use.thi
78ee0	73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 69 6e 20 74 68 65 20 73 65	s.command.to.configure.in.the.se
78f00	6c 65 63 74 65 64 20 69 6e 74 65 72 66 61 63 65 20 74 68 65 20 49 47 4d 50 20 71 75 65 72 79 20	lected.interface.the.IGMP.query.
78f20	72 65 73 70 6f 6e 73 65 20 74 69 6d 65 6f 75 74 20 76 61 6c 75 65 20 28 31 30 2d 32 35 30 29 20	response.timeout.value.(10-250).
78f40	69 6e 20 64 65 63 69 73 65 63 6f 6e 64 73 2e 20 49 66 20 61 20 72 65 70 6f 72 74 20 69 73 20 6e	in.deciseconds..If.a.report.is.n
78f60	6f 74 20 72 65 74 75 72 6e 65 64 20 69 6e 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 74 69 6d	ot.returned.in.the.specified.tim
78f80	65 2c 20 69 74 20 77 69 6c 6c 20 62 65 20 61 73 73 75 6d 65 64 20 74 68 65 20 60 28 53 2c 47 29	e,.it.will.be.assumed.the.`(S,G)
78fa0	20 6f 72 20 28 2a 2c 47 29 20 73 74 61 74 65 20 3c 68 74 74 70 73 3a 2f 2f 74 6f 6f 6c 73 2e 69	.or.(*,G).state.<https://tools.i
78fc0	65 74 66 2e 6f 72 67 2f 68 74 6d 6c 2f 72 66 63 37 37 36 31 23 73 65 63 74 69 6f 6e 2d 34 2e 31	etf.org/html/rfc7761#section-4.1
78fe0	3e 60 5f 20 68 61 73 20 74 69 6d 65 64 20 6f 75 74 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d	>`_.has.timed.out..Use.this.comm
79000	61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 69 6e 20 74 68 65 20 73 65 6c 65 63 74 65 64	and.to.configure.in.the.selected
79020	20 69 6e 74 65 72 66 61 63 65 20 74 68 65 20 4d 4c 44 20 68 6f 73 74 20 71 75 65 72 79 20 69 6e	.interface.the.MLD.host.query.in
79040	74 65 72 76 61 6c 20 28 31 2d 36 35 35 33 35 29 20 69 6e 20 73 65 63 6f 6e 64 73 20 74 68 61 74	terval.(1-65535).in.seconds.that
79060	20 50 49 4d 20 77 69 6c 6c 20 75 73 65 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 76 61 6c 75 65	.PIM.will.use..The.default.value
79080	20 69 73 20 31 32 35 20 73 65 63 6f 6e 64 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e	.is.125.seconds..Use.this.comman
790a0	64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 74 68 65 20 20 73 61 6d 70 6c 69 6e 67 20 72 61 74	d.to.configure.the..sampling.rat
790c0	65 20 66 6f 72 20 66 6c 6f 77 20 61 63 63 6f 75 6e 74 69 6e 67 2e 20 54 68 65 20 73 79 73 74 65	e.for.flow.accounting..The.syste
790e0	6d 20 73 61 6d 70 6c 65 73 20 6f 6e 65 20 69 6e 20 65 76 65 72 79 20 60 3c 72 61 74 65 3e 60 20	m.samples.one.in.every.`<rate>`.
79100	70 61 63 6b 65 74 73 2c 20 77 68 65 72 65 20 60 3c 72 61 74 65 3e 60 20 69 73 20 74 68 65 20 76	packets,.where.`<rate>`.is.the.v
79120	61 6c 75 65 20 63 6f 6e 66 69 67 75 72 65 64 20 66 6f 72 20 74 68 65 20 73 61 6d 70 6c 69 6e 67	alue.configured.for.the.sampling
79140	2d 72 61 74 65 20 6f 70 74 69 6f 6e 2e 20 54 68 65 20 61 64 76 61 6e 74 61 67 65 20 6f 66 20 73	-rate.option..The.advantage.of.s
79160	61 6d 70 6c 69 6e 67 20 65 76 65 72 79 20 6e 20 70 61 63 6b 65 74 73 2c 20 77 68 65 72 65 20 6e	ampling.every.n.packets,.where.n
79180	20 3e 20 31 2c 20 61 6c 6c 6f 77 73 20 79 6f 75 20 74 6f 20 64 65 63 72 65 61 73 65 20 74 68 65	.>.1,.allows.you.to.decrease.the
791a0	20 61 6d 6f 75 6e 74 20 6f 66 20 70 72 6f 63 65 73 73 69 6e 67 20 72 65 73 6f 75 72 63 65 73 20	.amount.of.processing.resources.
791c0	72 65 71 75 69 72 65 64 20 66 6f 72 20 66 6c 6f 77 20 61 63 63 6f 75 6e 74 69 6e 67 2e 20 54 68	required.for.flow.accounting..Th
791e0	65 20 64 69 73 61 64 76 61 6e 74 61 67 65 20 6f 66 20 6e 6f 74 20 73 61 6d 70 6c 69 6e 67 20 65	e.disadvantage.of.not.sampling.e
79200	76 65 72 79 20 70 61 63 6b 65 74 20 69 73 20 74 68 61 74 20 74 68 65 20 73 74 61 74 69 73 74 69	very.packet.is.that.the.statisti
79220	63 73 20 70 72 6f 64 75 63 65 64 20 61 72 65 20 65 73 74 69 6d 61 74 65 73 20 6f 66 20 61 63 74	cs.produced.are.estimates.of.act
79240	75 61 6c 20 64 61 74 61 20 66 6c 6f 77 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64	ual.data.flows..Use.this.command
79260	20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 74 68 65 20 49 50 20 61 64 64 72 65 73 73 20 61 6e 64	.to.configure.the.IP.address.and
79280	20 74 68 65 20 73 68 61 72 65 64 20 73 65 63 72 65 74 20 6b 65 79 20 6f 66 20 79 6f 75 72 20 52	.the.shared.secret.key.of.your.R
792a0	41 44 49 55 53 20 73 65 72 76 65 72 2e 20 20 59 6f 75 20 63 61 6e 20 68 61 76 65 20 6d 75 6c 74	ADIUS.server...You.can.have.mult
792c0	69 70 6c 65 20 52 41 44 49 55 53 20 73 65 72 76 65 72 73 20 63 6f 6e 66 69 67 75 72 65 64 20 69	iple.RADIUS.servers.configured.i
792e0	66 20 79 6f 75 20 77 69 73 68 20 74 6f 20 61 63 68 69 65 76 65 20 72 65 64 75 6e 64 61 6e 63 79	f.you.wish.to.achieve.redundancy
79300	2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20	..Use.this.command.to.configure.
79320	74 68 65 20 49 50 20 61 64 64 72 65 73 73 20 75 73 65 64 20 61 73 20 74 68 65 20 4c 44 50 20 72	the.IP.address.used.as.the.LDP.r
79340	6f 75 74 65 72 2d 69 64 20 6f 66 20 74 68 65 20 6c 6f 63 61 6c 20 64 65 76 69 63 65 2e 00 55 73	outer-id.of.the.local.device..Us
79360	65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 74 68 65 20	e.this.command.to.configure.the.
79380	50 49 4d 20 68 65 6c 6c 6f 20 69 6e 74 65 72 76 61 6c 20 69 6e 20 73 65 63 6f 6e 64 73 20 28 31	PIM.hello.interval.in.seconds.(1
793a0	2d 31 38 30 29 20 66 6f 72 20 74 68 65 20 73 65 6c 65 63 74 65 64 20 69 6e 74 65 72 66 61 63 65	-180).for.the.selected.interface
793c0	2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20	..Use.this.command.to.configure.
793e0	74 68 65 20 62 75 72 73 74 20 73 69 7a 65 20 6f 66 20 74 68 65 20 74 72 61 66 66 69 63 20 69 6e	the.burst.size.of.the.traffic.in
79400	20 61 20 4e 65 74 77 6f 72 6b 20 45 6d 75 6c 61 74 6f 72 20 70 6f 6c 69 63 79 2e 20 44 65 66 69	.a.Network.Emulator.policy..Defi
79420	6e 65 20 74 68 65 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 4e 65 74 77 6f 72 6b 20 45 6d 75 6c 61	ne.the.name.of.the.Network.Emula
79440	74 6f 72 20 70 6f 6c 69 63 79 20 61 6e 64 20 69 74 73 20 74 72 61 66 66 69 63 20 62 75 72 73 74	tor.policy.and.its.traffic.burst
79460	20 73 69 7a 65 20 28 69 74 20 77 69 6c 6c 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 74 68 72	.size.(it.will.be.configured.thr
79480	6f 75 67 68 20 74 68 65 20 54 6f 6b 65 6e 20 42 75 63 6b 65 74 20 46 69 6c 74 65 72 20 71 64 69	ough.the.Token.Bucket.Filter.qdi
794a0	73 63 29 2e 20 44 65 66 61 75 6c 74 3a 31 35 6b 62 2e 20 49 74 20 77 69 6c 6c 20 6f 6e 6c 79 20	sc)..Default:15kb..It.will.only.
794c0	74 61 6b 65 20 65 66 66 65 63 74 20 69 66 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72	take.effect.if.you.have.configur
794e0	65 64 20 69 74 73 20 62 61 6e 64 77 69 64 74 68 20 74 6f 6f 2e 00 55 73 65 20 74 68 69 73 20 63	ed.its.bandwidth.too..Use.this.c
79500	6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 74 68 65 20 6c 6f 63 61 6c 20 67 61	ommand.to.configure.the.local.ga
79520	74 65 77 61 79 20 49 50 20 61 64 64 72 65 73 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61	teway.IP.address..Use.this.comma
79540	6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 74 68 65 20 6d 61 78 69 6d 75 6d 20 72 61 74 65	nd.to.configure.the.maximum.rate
79560	20 61 74 20 77 68 69 63 68 20 74 72 61 66 66 69 63 20 77 69 6c 6c 20 62 65 20 73 68 61 70 65 64	.at.which.traffic.will.be.shaped
79580	20 69 6e 20 61 20 4e 65 74 77 6f 72 6b 20 45 6d 75 6c 61 74 6f 72 20 70 6f 6c 69 63 79 2e 20 44	.in.a.Network.Emulator.policy..D
795a0	65 66 69 6e 65 20 74 68 65 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 70 6f 6c 69 63 79 20 61 6e 64	efine.the.name.of.the.policy.and
795c0	20 74 68 65 20 72 61 74 65 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63	.the.rate..Use.this.command.to.c
795e0	6f 6e 66 69 67 75 72 65 20 74 68 65 20 73 61 6d 70 6c 69 6e 67 20 72 61 74 65 20 66 6f 72 20 73	onfigure.the.sampling.rate.for.s
79600	46 6c 6f 77 20 61 63 63 6f 75 6e 74 69 6e 67 20 28 64 65 66 61 75 6c 74 3a 20 31 30 30 30 29 00	Flow.accounting.(default:.1000).
79620	55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 74 68	Use.this.command.to.configure.th
79640	65 20 75 73 65 72 6e 61 6d 65 20 61 6e 64 20 74 68 65 20 70 61 73 73 77 6f 72 64 20 6f 66 20 61	e.username.and.the.password.of.a
79660	20 6c 6f 63 61 6c 6c 79 20 63 6f 6e 66 69 67 75 72 65 64 20 75 73 65 72 2e 00 55 73 65 20 74 68	.locally.configured.user..Use.th
79680	69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 74 72 6f 6c 20 74 68 65 20 6d 61 78 69 6d 75	is.command.to.control.the.maximu
796a0	6d 20 6e 75 6d 62 65 72 20 6f 66 20 65 71 75 61 6c 20 63 6f 73 74 20 70 61 74 68 73 20 74 6f 20	m.number.of.equal.cost.paths.to.
796c0	72 65 61 63 68 20 61 20 73 70 65 63 69 66 69 63 20 64 65 73 74 69 6e 61 74 69 6f 6e 2e 20 54 68	reach.a.specific.destination..Th
796e0	65 20 75 70 70 65 72 20 6c 69 6d 69 74 20 6d 61 79 20 64 69 66 66 65 72 20 69 66 20 79 6f 75 20	e.upper.limit.may.differ.if.you.
79700	63 68 61 6e 67 65 20 74 68 65 20 76 61 6c 75 65 20 6f 66 20 4d 55 4c 54 49 50 41 54 48 5f 4e 55	change.the.value.of.MULTIPATH_NU
79720	4d 20 64 75 72 69 6e 67 20 63 6f 6d 70 69 6c 61 74 69 6f 6e 2e 20 54 68 65 20 64 65 66 61 75 6c	M.during.compilation..The.defaul
79740	74 20 69 73 20 4d 55 4c 54 49 50 41 54 48 5f 4e 55 4d 20 28 36 34 29 2e 00 55 73 65 20 74 68 69	t.is.MULTIPATH_NUM.(64)..Use.thi
79760	73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 72 65 61 74 65 20 61 20 46 61 69 72 2d 51 75 65 75 65	s.command.to.create.a.Fair-Queue
79780	20 70 6f 6c 69 63 79 20 61 6e 64 20 67 69 76 65 20 69 74 20 61 20 6e 61 6d 65 2e 20 49 74 20 69	.policy.and.give.it.a.name..It.i
797a0	73 20 62 61 73 65 64 20 6f 6e 20 74 68 65 20 53 74 6f 63 68 61 73 74 69 63 20 46 61 69 72 6e 65	s.based.on.the.Stochastic.Fairne
797c0	73 73 20 51 75 65 75 65 69 6e 67 20 61 6e 64 20 63 61 6e 20 62 65 20 61 70 70 6c 69 65 64 20 74	ss.Queueing.and.can.be.applied.t
797e0	6f 20 6f 75 74 62 6f 75 6e 64 20 74 72 61 66 66 69 63 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d	o.outbound.traffic..Use.this.com
79800	6d 61 6e 64 20 74 6f 20 64 65 66 69 6e 65 20 61 20 46 61 69 72 2d 51 75 65 75 65 20 70 6f 6c 69	mand.to.define.a.Fair-Queue.poli
79820	63 79 2c 20 62 61 73 65 64 20 6f 6e 20 74 68 65 20 53 74 6f 63 68 61 73 74 69 63 20 46 61 69 72	cy,.based.on.the.Stochastic.Fair
79840	6e 65 73 73 20 51 75 65 75 65 69 6e 67 2c 20 61 6e 64 20 73 65 74 20 74 68 65 20 6e 75 6d 62 65	ness.Queueing,.and.set.the.numbe
79860	72 20 6f 66 20 6d 61 78 69 6d 75 6d 20 70 61 63 6b 65 74 73 20 61 6c 6c 6f 77 65 64 20 74 6f 20	r.of.maximum.packets.allowed.to.
79880	77 61 69 74 20 69 6e 20 74 68 65 20 71 75 65 75 65 2e 20 41 6e 79 20 6f 74 68 65 72 20 70 61 63	wait.in.the.queue..Any.other.pac
798a0	6b 65 74 20 77 69 6c 6c 20 62 65 20 64 72 6f 70 70 65 64 2e 00 55 73 65 20 74 68 69 73 20 63 6f	ket.will.be.dropped..Use.this.co
798c0	6d 6d 61 6e 64 20 74 6f 20 64 65 66 69 6e 65 20 61 20 46 61 69 72 2d 51 75 65 75 65 20 70 6f 6c	mmand.to.define.a.Fair-Queue.pol
798e0	69 63 79 2c 20 62 61 73 65 64 20 6f 6e 20 74 68 65 20 53 74 6f 63 68 61 73 74 69 63 20 46 61 69	icy,.based.on.the.Stochastic.Fai
79900	72 6e 65 73 73 20 51 75 65 75 65 69 6e 67 2c 20 61 6e 64 20 73 65 74 20 74 68 65 20 6e 75 6d 62	rness.Queueing,.and.set.the.numb
79920	65 72 20 6f 66 20 73 65 63 6f 6e 64 73 20 61 74 20 77 68 69 63 68 20 61 20 6e 65 77 20 71 75 65	er.of.seconds.at.which.a.new.que
79940	75 65 20 61 6c 67 6f 72 69 74 68 6d 20 70 65 72 74 75 72 62 61 74 69 6f 6e 20 77 69 6c 6c 20 6f	ue.algorithm.perturbation.will.o
79960	63 63 75 72 20 28 6d 61 78 69 6d 75 6d 20 34 32 39 34 39 36 37 32 39 35 29 2e 00 55 73 65 20 74	ccur.(maximum.4294967295)..Use.t
79980	68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 64 65 66 69 6e 65 20 64 6f 6d 61 69 6e 73 2c 20 6f	his.command.to.define.domains,.o
799a0	6e 65 20 61 74 20 61 20 74 69 6d 65 2c 20 73 6f 20 74 68 61 74 20 74 68 65 20 73 79 73 74 65 6d	ne.at.a.time,.so.that.the.system
799c0	20 75 73 65 73 20 74 68 65 6d 20 74 6f 20 63 6f 6d 70 6c 65 74 65 20 75 6e 71 75 61 6c 69 66 69	.uses.them.to.complete.unqualifi
799e0	65 64 20 68 6f 73 74 20 6e 61 6d 65 73 2e 20 4d 61 78 69 6d 75 6d 3a 20 36 20 65 6e 74 72 69 65	ed.host.names..Maximum:.6.entrie
79a00	73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 64 65 66 69 6e 65 20 69 6e	s..Use.this.command.to.define.in
79a20	20 74 68 65 20 73 65 6c 65 63 74 65 64 20 69 6e 74 65 72 66 61 63 65 20 77 68 65 74 68 65 72 20	.the.selected.interface.whether.
79a40	79 6f 75 20 63 68 6f 6f 73 65 20 49 47 4d 50 20 76 65 72 73 69 6f 6e 20 32 20 6f 72 20 33 2e 20	you.choose.IGMP.version.2.or.3..
79a60	54 68 65 20 64 65 66 61 75 6c 74 20 76 61 6c 75 65 20 69 73 20 33 2e 00 55 73 65 20 74 68 69 73	The.default.value.is.3..Use.this
79a80	20 63 6f 6d 6d 61 6e 64 20 74 6f 20 64 65 66 69 6e 65 20 74 68 65 20 66 69 72 73 74 20 49 50 20	.command.to.define.the.first.IP.
79aa0	61 64 64 72 65 73 73 20 6f 66 20 61 20 70 6f 6f 6c 20 6f 66 20 61 64 64 72 65 73 73 65 73 20 74	address.of.a.pool.of.addresses.t
79ac0	6f 20 62 65 20 67 69 76 65 6e 20 74 6f 20 50 50 50 6f 45 20 63 6c 69 65 6e 74 73 2e 20 49 74 20	o.be.given.to.PPPoE.clients..It.
79ae0	6d 75 73 74 20 62 65 20 77 69 74 68 69 6e 20 61 20 2f 32 34 20 73 75 62 6e 65 74 2e 00 55 73 65	must.be.within.a./24.subnet..Use
79b00	20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 64 65 66 69 6e 65 20 74 68 65 20 69 6e 74 65	.this.command.to.define.the.inte
79b20	72 66 61 63 65 20 74 68 65 20 50 50 50 6f 45 20 73 65 72 76 65 72 20 77 69 6c 6c 20 75 73 65 20	rface.the.PPPoE.server.will.use.
79b40	74 6f 20 6c 69 73 74 65 6e 20 66 6f 72 20 50 50 50 6f 45 20 63 6c 69 65 6e 74 73 2e 00 55 73 65	to.listen.for.PPPoE.clients..Use
79b60	20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 64 65 66 69 6e 65 20 74 68 65 20 6c 61 73 74	.this.command.to.define.the.last
79b80	20 49 50 20 61 64 64 72 65 73 73 20 6f 66 20 61 20 70 6f 6f 6c 20 6f 66 20 61 64 64 72 65 73 73	.IP.address.of.a.pool.of.address
79ba0	65 73 20 74 6f 20 62 65 20 67 69 76 65 6e 20 74 6f 20 50 50 50 6f 45 20 63 6c 69 65 6e 74 73 2e	es.to.be.given.to.PPPoE.clients.
79bc0	20 49 74 20 6d 75 73 74 20 62 65 20 77 69 74 68 69 6e 20 61 20 2f 32 34 20 73 75 62 6e 65 74 2e	.It.must.be.within.a./24.subnet.
79be0	00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 64 65 66 69 6e 65 20 74 68 65 20	.Use.this.command.to.define.the.
79c00	6c 65 6e 67 74 68 20 6f 66 20 74 68 65 20 71 75 65 75 65 20 6f 66 20 79 6f 75 72 20 4e 65 74 77	length.of.the.queue.of.your.Netw
79c20	6f 72 6b 20 45 6d 75 6c 61 74 6f 72 20 70 6f 6c 69 63 79 2e 20 53 65 74 20 74 68 65 20 70 6f 6c	ork.Emulator.policy..Set.the.pol
79c40	69 63 79 20 6e 61 6d 65 20 61 6e 64 20 74 68 65 20 6d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20	icy.name.and.the.maximum.number.
79c60	6f 66 20 70 61 63 6b 65 74 73 20 28 31 2d 34 32 39 34 39 36 37 32 39 35 29 20 74 68 65 20 71 75	of.packets.(1-4294967295).the.qu
79c80	65 75 65 20 6d 61 79 20 68 6f 6c 64 20 71 75 65 75 65 64 20 61 74 20 61 20 74 69 6d 65 2e 00 55	eue.may.hold.queued.at.a.time..U
79ca0	73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 64 65 66 69 6e 65 20 74 68 65 20 6d 61	se.this.command.to.define.the.ma
79cc0	78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 65 6e 74 72 69 65 73 20 74 6f 20 6b 65 65 70 20	ximum.number.of.entries.to.keep.
79ce0	69 6e 20 74 68 65 20 41 52 50 20 63 61 63 68 65 20 28 31 30 32 34 2c 20 32 30 34 38 2c 20 34 30	in.the.ARP.cache.(1024,.2048,.40
79d00	39 36 2c 20 38 31 39 32 2c 20 31 36 33 38 34 2c 20 33 32 37 36 38 29 2e 00 55 73 65 20 74 68 69	96,.8192,.16384,.32768)..Use.thi
79d20	73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 64 65 66 69 6e 65 20 74 68 65 20 6d 61 78 69 6d 75 6d 20	s.command.to.define.the.maximum.
79d40	6e 75 6d 62 65 72 20 6f 66 20 65 6e 74 72 69 65 73 20 74 6f 20 6b 65 65 70 20 69 6e 20 74 68 65	number.of.entries.to.keep.in.the
79d60	20 4e 65 69 67 68 62 6f 72 20 63 61 63 68 65 20 28 31 30 32 34 2c 20 32 30 34 38 2c 20 34 30 39	.Neighbor.cache.(1024,.2048,.409
79d80	36 2c 20 38 31 39 32 2c 20 31 36 33 38 34 2c 20 33 32 37 36 38 29 2e 00 55 73 65 20 74 68 69 73	6,.8192,.16384,.32768)..Use.this
79da0	20 63 6f 6d 6d 61 6e 64 20 74 6f 20 64 65 66 69 6e 65 20 77 68 65 74 68 65 72 20 79 6f 75 72 20	.command.to.define.whether.your.
79dc0	50 50 50 6f 45 20 63 6c 69 65 6e 74 73 20 77 69 6c 6c 20 6c 6f 63 61 6c 6c 79 20 61 75 74 68 65	PPPoE.clients.will.locally.authe
79de0	6e 74 69 63 61 74 65 20 69 6e 20 79 6f 75 72 20 56 79 4f 53 20 73 79 73 74 65 6d 20 6f 72 20 69	nticate.in.your.VyOS.system.or.i
79e00	6e 20 52 41 44 49 55 53 20 73 65 72 76 65 72 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e	n.RADIUS.server..Use.this.comman
79e20	64 20 74 6f 20 64 69 72 65 63 74 20 61 6e 20 69 6e 74 65 72 66 61 63 65 20 74 6f 20 6e 6f 74 20	d.to.direct.an.interface.to.not.
79e40	64 65 74 65 63 74 20 61 6e 79 20 70 68 79 73 69 63 61 6c 20 73 74 61 74 65 20 63 68 61 6e 67 65	detect.any.physical.state.change
79e60	73 20 6f 6e 20 61 20 6c 69 6e 6b 2c 20 66 6f 72 20 65 78 61 6d 70 6c 65 2c 20 77 68 65 6e 20 74	s.on.a.link,.for.example,.when.t
79e80	68 65 20 63 61 62 6c 65 20 69 73 20 75 6e 70 6c 75 67 67 65 64 2e 00 55 73 65 20 74 68 69 73 20	he.cable.is.unplugged..Use.this.
79ea0	63 6f 6d 6d 61 6e 64 20 74 6f 20 64 69 73 61 62 6c 65 20 49 50 76 34 20 64 69 72 65 63 74 65 64	command.to.disable.IPv4.directed
79ec0	20 62 72 6f 61 64 63 61 73 74 20 66 6f 72 77 61 72 64 69 6e 67 20 6f 6e 20 61 6c 6c 20 69 6e 74	.broadcast.forwarding.on.all.int
79ee0	65 72 66 61 63 65 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 64 69 73	erfaces..Use.this.command.to.dis
79f00	61 62 6c 65 20 49 50 76 34 20 66 6f 72 77 61 72 64 69 6e 67 20 6f 6e 20 61 6c 6c 20 69 6e 74 65	able.IPv4.forwarding.on.all.inte
79f20	72 66 61 63 65 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 64 69 73 61	rfaces..Use.this.command.to.disa
79f40	62 6c 65 20 49 50 76 36 20 66 6f 72 77 61 72 64 69 6e 67 20 6f 6e 20 61 6c 6c 20 69 6e 74 65 72	ble.IPv6.forwarding.on.all.inter
79f60	66 61 63 65 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 64 69 73 61 62	faces..Use.this.command.to.disab
79f80	6c 65 20 49 50 76 36 20 6f 70 65 72 61 74 69 6f 6e 20 6f 6e 20 69 6e 74 65 72 66 61 63 65 20 77	le.IPv6.operation.on.interface.w
79fa0	68 65 6e 20 44 75 70 6c 69 63 61 74 65 20 41 64 64 72 65 73 73 20 44 65 74 65 63 74 69 6f 6e 20	hen.Duplicate.Address.Detection.
79fc0	66 61 69 6c 73 20 6f 6e 20 4c 69 6e 6b 2d 4c 6f 63 61 6c 20 61 64 64 72 65 73 73 2e 00 55 73 65	fails.on.Link-Local.address..Use
79fe0	20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 64 69 73 61 62 6c 65 20 74 68 65 20 67 65 6e	.this.command.to.disable.the.gen
7a000	65 72 61 74 69 6f 6e 20 6f 66 20 45 74 68 65 72 6e 65 74 20 66 6c 6f 77 20 63 6f 6e 74 72 6f 6c	eration.of.Ethernet.flow.control
7a020	20 28 70 61 75 73 65 20 66 72 61 6d 65 73 29 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e	.(pause.frames)..Use.this.comman
7a040	64 20 74 6f 20 65 6d 75 6c 61 74 65 20 6e 6f 69 73 65 20 69 6e 20 61 20 4e 65 74 77 6f 72 6b 20	d.to.emulate.noise.in.a.Network.
7a060	45 6d 75 6c 61 74 6f 72 20 70 6f 6c 69 63 79 2e 20 53 65 74 20 74 68 65 20 70 6f 6c 69 63 79 20	Emulator.policy..Set.the.policy.
7a080	6e 61 6d 65 20 61 6e 64 20 74 68 65 20 70 65 72 63 65 6e 74 61 67 65 20 6f 66 20 63 6f 72 72 75	name.and.the.percentage.of.corru
7a0a0	70 74 65 64 20 70 61 63 6b 65 74 73 20 79 6f 75 20 77 61 6e 74 2e 20 41 20 72 61 6e 64 6f 6d 20	pted.packets.you.want..A.random.
7a0c0	65 72 72 6f 72 20 77 69 6c 6c 20 62 65 20 69 6e 74 72 6f 64 75 63 65 64 20 69 6e 20 61 20 72 61	error.will.be.introduced.in.a.ra
7a0e0	6e 64 6f 6d 20 70 6f 73 69 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 63 68 6f 73 65 6e 20 70 65 72	ndom.position.for.the.chosen.per
7a100	63 65 6e 74 20 6f 66 20 70 61 63 6b 65 74 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e	cent.of.packets..Use.this.comman
7a120	64 20 74 6f 20 65 6d 75 6c 61 74 65 20 70 61 63 6b 65 74 2d 6c 6f 73 73 20 63 6f 6e 64 69 74 69	d.to.emulate.packet-loss.conditi
7a140	6f 6e 73 20 69 6e 20 61 20 4e 65 74 77 6f 72 6b 20 45 6d 75 6c 61 74 6f 72 20 70 6f 6c 69 63 79	ons.in.a.Network.Emulator.policy
7a160	2e 20 53 65 74 20 74 68 65 20 70 6f 6c 69 63 79 20 6e 61 6d 65 20 61 6e 64 20 74 68 65 20 70 65	..Set.the.policy.name.and.the.pe
7a180	72 63 65 6e 74 61 67 65 20 6f 66 20 6c 6f 73 73 20 70 61 63 6b 65 74 73 20 79 6f 75 72 20 74 72	rcentage.of.loss.packets.your.tr
7a1a0	61 66 66 69 63 20 77 69 6c 6c 20 73 75 66 66 65 72 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d	affic.will.suffer..Use.this.comm
7a1c0	61 6e 64 20 74 6f 20 65 6d 75 6c 61 74 65 20 70 61 63 6b 65 74 2d 72 65 6f 72 64 65 72 69 6e 67	and.to.emulate.packet-reordering
7a1e0	20 63 6f 6e 64 69 74 69 6f 6e 73 20 69 6e 20 61 20 4e 65 74 77 6f 72 6b 20 45 6d 75 6c 61 74 6f	.conditions.in.a.Network.Emulato
7a200	72 20 70 6f 6c 69 63 79 2e 20 53 65 74 20 74 68 65 20 70 6f 6c 69 63 79 20 6e 61 6d 65 20 61 6e	r.policy..Set.the.policy.name.an
7a220	64 20 74 68 65 20 70 65 72 63 65 6e 74 61 67 65 20 6f 66 20 72 65 6f 72 64 65 72 65 64 20 70 61	d.the.percentage.of.reordered.pa
7a240	63 6b 65 74 73 20 79 6f 75 72 20 74 72 61 66 66 69 63 20 77 69 6c 6c 20 73 75 66 66 65 72 2e 00	ckets.your.traffic.will.suffer..
7a260	55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 65 6e 61 62 6c 65 20 4c 44 50 20 6f	Use.this.command.to.enable.LDP.o
7a280	6e 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 79 6f 75 20 64 65 66 69 6e 65 2e 00 55 73 65 20	n.the.interface.you.define..Use.
7a2a0	74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 65 6e 61 62 6c 65 20 4d 50 4c 53 20 70 72 6f 63	this.command.to.enable.MPLS.proc
7a2c0	65 73 73 69 6e 67 20 6f 6e 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 79 6f 75 20 64 65 66 69	essing.on.the.interface.you.defi
7a2e0	6e 65 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 65 6e 61 62 6c 65 20 50	ne..Use.this.command.to.enable.P
7a300	49 4d 20 69 6e 20 74 68 65 20 73 65 6c 65 63 74 65 64 20 69 6e 74 65 72 66 61 63 65 20 73 6f 20	IM.in.the.selected.interface.so.
7a320	74 68 61 74 20 69 74 20 63 61 6e 20 63 6f 6d 6d 75 6e 69 63 61 74 65 20 77 69 74 68 20 50 49 4d	that.it.can.communicate.with.PIM
7a340	20 6e 65 69 67 68 62 6f 72 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20	.neighbors..Use.this.command.to.
7a360	65 6e 61 62 6c 65 20 50 49 4d 76 36 20 69 6e 20 74 68 65 20 73 65 6c 65 63 74 65 64 20 69 6e 74	enable.PIMv6.in.the.selected.int
7a380	65 72 66 61 63 65 20 73 6f 20 74 68 61 74 20 69 74 20 63 61 6e 20 63 6f 6d 6d 75 6e 69 63 61 74	erface.so.that.it.can.communicat
7a3a0	65 20 77 69 74 68 20 50 49 4d 76 36 20 6e 65 69 67 68 62 6f 72 73 2e 20 54 68 69 73 20 63 6f 6d	e.with.PIMv6.neighbors..This.com
7a3c0	6d 61 6e 64 20 61 6c 73 6f 20 65 6e 61 62 6c 65 73 20 4d 4c 44 20 72 65 70 6f 72 74 73 20 61 6e	mand.also.enables.MLD.reports.an
7a3e0	64 20 71 75 65 72 79 20 6f 6e 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 75 6e 6c 65 73 73 20	d.query.on.the.interface.unless.
7a400	3a 63 66 67 63 6d 64 3a 60 6d 6c 64 20 64 69 73 61 62 6c 65 60 20 69 73 20 63 6f 6e 66 69 67 75	:cfgcmd:`mld.disable`.is.configu
7a420	72 65 64 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 65 6e 61 62 6c 65 20	red..Use.this.command.to.enable.
7a440	61 63 71 75 69 73 69 74 69 6f 6e 20 6f 66 20 49 50 76 36 20 61 64 64 72 65 73 73 20 75 73 69 6e	acquisition.of.IPv6.address.usin
7a460	67 20 73 74 61 74 65 6c 65 73 73 20 61 75 74 6f 63 6f 6e 66 69 67 20 28 53 4c 41 41 43 29 2e 00	g.stateless.autoconfig.(SLAAC)..
7a480	55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 65 6e 61 62 6c 65 20 62 61 6e 64 77	Use.this.command.to.enable.bandw
7a4a0	69 64 74 68 20 73 68 61 70 69 6e 67 20 76 69 61 20 52 41 44 49 55 53 2e 00 55 73 65 20 74 68 69	idth.shaping.via.RADIUS..Use.thi
7a4c0	73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 65 6e 61 62 6c 65 20 70 72 6f 78 79 20 41 64 64 72 65 73	s.command.to.enable.proxy.Addres
7a4e0	73 20 52 65 73 6f 6c 75 74 69 6f 6e 20 50 72 6f 74 6f 63 6f 6c 20 28 41 52 50 29 20 6f 6e 20 74	s.Resolution.Protocol.(ARP).on.t
7a500	68 69 73 20 69 6e 74 65 72 66 61 63 65 2e 20 50 72 6f 78 79 20 41 52 50 20 61 6c 6c 6f 77 73 20	his.interface..Proxy.ARP.allows.
7a520	61 6e 20 45 74 68 65 72 6e 65 74 20 69 6e 74 65 72 66 61 63 65 20 74 6f 20 72 65 73 70 6f 6e 64	an.Ethernet.interface.to.respond
7a540	20 77 69 74 68 20 69 74 73 20 6f 77 6e 20 3a 61 62 62 72 3a 60 4d 41 43 20 28 4d 65 64 69 61 20	.with.its.own.:abbr:`MAC.(Media.
7a560	41 63 63 65 73 73 20 43 6f 6e 74 72 6f 6c 29 60 20 61 64 64 72 65 73 73 20 74 6f 20 41 52 50 20	Access.Control)`.address.to.ARP.
7a580	72 65 71 75 65 73 74 73 20 66 6f 72 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 49 50 20 61 64 64 72	requests.for.destination.IP.addr
7a5a0	65 73 73 65 73 20 6f 6e 20 73 75 62 6e 65 74 73 20 61 74 74 61 63 68 65 64 20 74 6f 20 6f 74 68	esses.on.subnets.attached.to.oth
7a5c0	65 72 20 69 6e 74 65 72 66 61 63 65 73 20 6f 6e 20 74 68 65 20 73 79 73 74 65 6d 2e 20 53 75 62	er.interfaces.on.the.system..Sub
7a5e0	73 65 71 75 65 6e 74 20 70 61 63 6b 65 74 73 20 73 65 6e 74 20 74 6f 20 74 68 6f 73 65 20 64 65	sequent.packets.sent.to.those.de
7a600	73 74 69 6e 61 74 69 6f 6e 20 49 50 20 61 64 64 72 65 73 73 65 73 20 61 72 65 20 66 6f 72 77 61	stination.IP.addresses.are.forwa
7a620	72 64 65 64 20 61 70 70 72 6f 70 72 69 61 74 65 6c 79 20 62 79 20 74 68 65 20 73 79 73 74 65 6d	rded.appropriately.by.the.system
7a640	2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 65 6e 61 62 6c 65 20 74 61 72	..Use.this.command.to.enable.tar
7a660	67 65 74 65 64 20 4c 44 50 20 73 65 73 73 69 6f 6e 73 20 74 6f 20 74 68 65 20 6c 6f 63 61 6c 20	geted.LDP.sessions.to.the.local.
7a680	72 6f 75 74 65 72 2e 20 54 68 65 20 72 6f 75 74 65 72 20 77 69 6c 6c 20 74 68 65 6e 20 72 65 73	router..The.router.will.then.res
7a6a0	70 6f 6e 64 20 74 6f 20 61 6e 79 20 73 65 73 73 69 6f 6e 73 20 74 68 61 74 20 61 72 65 20 74 72	pond.to.any.sessions.that.are.tr
7a6c0	79 69 6e 67 20 74 6f 20 63 6f 6e 6e 65 63 74 20 74 6f 20 69 74 20 74 68 61 74 20 61 72 65 20 6e	ying.to.connect.to.it.that.are.n
7a6e0	6f 74 20 61 20 6c 69 6e 6b 20 6c 6f 63 61 6c 20 74 79 70 65 20 6f 66 20 54 43 50 20 63 6f 6e 6e	ot.a.link.local.type.of.TCP.conn
7a700	65 63 74 69 6f 6e 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 65 6e 61 62	ection..Use.this.command.to.enab
7a720	6c 65 20 74 68 65 20 64 65 6c 61 79 20 6f 66 20 50 41 44 4f 20 28 50 50 50 6f 45 20 41 63 74 69	le.the.delay.of.PADO.(PPPoE.Acti
7a740	76 65 20 44 69 73 63 6f 76 65 72 79 20 4f 66 66 65 72 29 20 70 61 63 6b 65 74 73 2c 20 77 68 69	ve.Discovery.Offer).packets,.whi
7a760	63 68 20 63 61 6e 20 62 65 20 75 73 65 64 20 61 73 20 61 20 73 65 73 73 69 6f 6e 20 62 61 6c 61	ch.can.be.used.as.a.session.bala
7a780	6e 63 69 6e 67 20 6d 65 63 68 61 6e 69 73 6d 20 77 69 74 68 20 6f 74 68 65 72 20 50 50 50 6f 45	ncing.mechanism.with.other.PPPoE
7a7a0	20 73 65 72 76 65 72 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 65 6e	.servers..Use.this.command.to.en
7a7c0	61 62 6c 65 20 74 68 65 20 6c 6f 63 61 6c 20 72 6f 75 74 65 72 20 74 6f 20 74 72 79 20 61 6e 64	able.the.local.router.to.try.and
7a7e0	20 63 6f 6e 6e 65 63 74 20 77 69 74 68 20 61 20 74 61 72 67 65 74 65 64 20 4c 44 50 20 73 65 73	.connect.with.a.targeted.LDP.ses
7a800	73 69 6f 6e 20 74 6f 20 61 6e 6f 74 68 65 72 20 72 6f 75 74 65 72 2e 00 55 73 65 20 74 68 69 73	sion.to.another.router..Use.this
7a820	20 63 6f 6d 6d 61 6e 64 20 74 6f 20 65 6e 61 62 6c 65 20 74 68 65 20 6c 6f 67 67 69 6e 67 20 6f	.command.to.enable.the.logging.o
7a840	66 20 74 68 65 20 64 65 66 61 75 6c 74 20 61 63 74 69 6f 6e 20 6f 6e 20 63 75 73 74 6f 6d 20 63	f.the.default.action.on.custom.c
7a860	68 61 69 6e 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 65 6e 61 62 6c	hains..Use.this.command.to.enabl
7a880	65 20 74 68 65 20 6c 6f 67 67 69 6e 67 20 6f 66 20 74 68 65 20 64 65 66 61 75 6c 74 20 61 63 74	e.the.logging.of.the.default.act
7a8a0	69 6f 6e 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 65 6e 61 62 6c 65 2c	ion..Use.this.command.to.enable,
7a8c0	20 64 69 73 61 62 6c 65 2c 20 6f 72 20 73 70 65 63 69 66 79 20 68 6f 70 20 63 6f 75 6e 74 20 66	.disable,.or.specify.hop.count.f
7a8e0	6f 72 20 54 54 4c 20 73 65 63 75 72 69 74 79 20 66 6f 72 20 4c 44 50 20 70 65 65 72 73 2e 20 42	or.TTL.security.for.LDP.peers..B
7a900	79 20 64 65 66 61 75 6c 74 20 74 68 65 20 76 61 6c 75 65 20 69 73 20 73 65 74 20 74 6f 20 32 35	y.default.the.value.is.set.to.25
7a920	35 20 28 6f 72 20 6d 61 78 20 54 54 4c 29 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64	5.(or.max.TTL)..Use.this.command
7a940	20 74 6f 20 66 6c 75 73 68 20 74 68 65 20 6b 65 72 6e 65 6c 20 49 50 76 36 20 72 6f 75 74 65 20	.to.flush.the.kernel.IPv6.route.
7a960	63 61 63 68 65 2e 20 41 6e 20 61 64 64 72 65 73 73 20 63 61 6e 20 62 65 20 61 64 64 65 64 20 74	cache..An.address.can.be.added.t
7a980	6f 20 66 6c 75 73 68 20 69 74 20 6f 6e 6c 79 20 66 6f 72 20 74 68 61 74 20 72 6f 75 74 65 2e 00	o.flush.it.only.for.that.route..
7a9a0	55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 67 65 74 20 61 6e 20 6f 76 65 72 76	Use.this.command.to.get.an.overv
7a9c0	69 65 77 20 6f 66 20 61 20 7a 6f 6e 65 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20	iew.of.a.zone..Use.this.command.
7a9e0	74 6f 20 67 65 74 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 4f 53 50 46 76 33 2e	to.get.information.about.OSPFv3.
7aa00	00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 67 65 74 20 69 6e 66 6f 72 6d 61	.Use.this.command.to.get.informa
7aa20	74 69 6f 6e 20 61 62 6f 75 74 20 74 68 65 20 52 49 50 4e 47 20 70 72 6f 74 6f 63 6f 6c 00 55 73	tion.about.the.RIPNG.protocol.Us
7aa40	65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 69 6e 73 74 72 75 63 74 20 74 68 65 20 73	e.this.command.to.instruct.the.s
7aa60	79 73 74 65 6d 20 74 6f 20 65 73 74 61 62 6c 69 73 68 20 61 20 50 50 50 6f 45 20 63 6f 6e 6e 65	ystem.to.establish.a.PPPoE.conne
7aa80	63 74 69 6f 6e 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 6f 6e 63 65 20 74 72 61 66 66 69 63	ction.automatically.once.traffic
7aaa0	20 70 61 73 73 65 73 20 74 68 72 6f 75 67 68 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 2e 20 41	.passes.through.the.interface..A
7aac0	20 64 69 73 61 62 6c 65 64 20 6f 6e 2d 64 65 6d 61 6e 64 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 69	.disabled.on-demand.connection.i
7aae0	73 20 65 73 74 61 62 6c 69 73 68 65 64 20 61 74 20 62 6f 6f 74 20 74 69 6d 65 20 61 6e 64 20 72	s.established.at.boot.time.and.r
7ab00	65 6d 61 69 6e 73 20 75 70 2e 20 49 66 20 74 68 65 20 6c 69 6e 6b 20 66 61 69 6c 73 20 66 6f 72	emains.up..If.the.link.fails.for
7ab20	20 61 6e 79 20 72 65 61 73 6f 6e 2c 20 74 68 65 20 6c 69 6e 6b 20 69 73 20 62 72 6f 75 67 68 74	.any.reason,.the.link.is.brought
7ab40	20 62 61 63 6b 20 75 70 20 69 6d 6d 65 64 69 61 74 65 6c 79 2e 00 55 73 65 20 74 68 69 73 20 63	.back.up.immediately..Use.this.c
7ab60	6f 6d 6d 61 6e 64 20 74 6f 20 6c 69 6e 6b 20 74 68 65 20 50 50 50 6f 45 20 63 6f 6e 6e 65 63 74	ommand.to.link.the.PPPoE.connect
7ab80	69 6f 6e 20 74 6f 20 61 20 70 68 79 73 69 63 61 6c 20 69 6e 74 65 72 66 61 63 65 2e 20 45 61 63	ion.to.a.physical.interface..Eac
7aba0	68 20 50 50 50 6f 45 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 6d 75 73 74 20 62 65 20 65 73 74 61 62	h.PPPoE.connection.must.be.estab
7abc0	6c 69 73 68 65 64 20 6f 76 65 72 20 61 20 70 68 79 73 69 63 61 6c 20 69 6e 74 65 72 66 61 63 65	lished.over.a.physical.interface
7abe0	2e 20 49 6e 74 65 72 66 61 63 65 73 20 63 61 6e 20 62 65 20 72 65 67 75 6c 61 72 20 45 74 68 65	..Interfaces.can.be.regular.Ethe
7ac00	72 6e 65 74 20 69 6e 74 65 72 66 61 63 65 73 2c 20 56 49 46 73 20 6f 72 20 62 6f 6e 64 69 6e 67	rnet.interfaces,.VIFs.or.bonding
7ac20	20 69 6e 74 65 72 66 61 63 65 73 2f 56 49 46 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61	.interfaces/VIFs..Use.this.comma
7ac40	6e 64 20 74 6f 20 6c 6f 63 61 6c 6c 79 20 63 68 65 63 6b 20 74 68 65 20 61 63 74 69 76 65 20 73	nd.to.locally.check.the.active.s
7ac60	65 73 73 69 6f 6e 73 20 69 6e 20 74 68 65 20 50 50 50 6f 45 20 73 65 72 76 65 72 2e 00 55 73 65	essions.in.the.PPPoE.server..Use
7ac80	20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 6d 61 6e 75 61 6c 6c 79 20 63 6f 6e 66 69 67	.this.command.to.manually.config
7aca0	75 72 65 20 61 20 52 65 6e 64 65 7a 76 6f 75 73 20 50 6f 69 6e 74 20 66 6f 72 20 50 49 4d 20 73	ure.a.Rendezvous.Point.for.PIM.s
7acc0	6f 20 74 68 61 74 20 6a 6f 69 6e 20 6d 65 73 73 61 67 65 73 20 63 61 6e 20 62 65 20 73 65 6e 74	o.that.join.messages.can.be.sent
7ace0	20 74 68 65 72 65 2e 20 53 65 74 20 74 68 65 20 52 65 6e 64 65 76 6f 75 7a 20 50 6f 69 6e 74 20	.there..Set.the.Rendevouz.Point.
7ad00	61 64 64 72 65 73 73 20 61 6e 64 20 74 68 65 20 6d 61 74 63 68 69 6e 67 20 70 72 65 66 69 78 20	address.and.the.matching.prefix.
7ad20	6f 66 20 67 72 6f 75 70 20 72 61 6e 67 65 73 20 63 6f 76 65 72 65 64 2e 20 54 68 65 73 65 20 76	of.group.ranges.covered..These.v
7ad40	61 6c 75 65 73 20 6d 75 73 74 20 62 65 20 73 68 61 72 65 64 20 77 69 74 68 20 65 76 65 72 79 20	alues.must.be.shared.with.every.
7ad60	72 6f 75 74 65 72 20 70 61 72 74 69 63 69 70 61 74 69 6e 67 20 69 6e 20 74 68 65 20 50 49 4d 20	router.participating.in.the.PIM.
7ad80	6e 65 74 77 6f 72 6b 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 6e 6f 74	network..Use.this.command.to.not
7ada0	20 69 6e 73 74 61 6c 6c 20 61 64 76 65 72 74 69 73 65 64 20 44 4e 53 20 6e 61 6d 65 73 65 72 76	.install.advertised.DNS.nameserv
7adc0	65 72 73 20 69 6e 74 6f 20 74 68 65 20 6c 6f 63 61 6c 20 73 79 73 74 65 6d 2e 00 55 73 65 20 74	ers.into.the.local.system..Use.t
7ade0	68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 70 72 65 66 65 72 20 49 50 76 34 20 66 6f 72 20 54	his.command.to.prefer.IPv4.for.T
7ae00	43 50 20 70 65 65 72 20 74 72 61 6e 73 70 6f 72 74 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 66 6f 72	CP.peer.transport.connection.for
7ae20	20 4c 44 50 20 77 68 65 6e 20 62 6f 74 68 20 61 6e 20 49 50 76 34 20 61 6e 64 20 49 50 76 36 20	.LDP.when.both.an.IPv4.and.IPv6.
7ae40	4c 44 50 20 61 64 64 72 65 73 73 20 61 72 65 20 63 6f 6e 66 69 67 75 72 65 64 20 6f 6e 20 74 68	LDP.address.are.configured.on.th
7ae60	65 20 73 61 6d 65 20 69 6e 74 65 72 66 61 63 65 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61	e.same.interface..Use.this.comma
7ae80	6e 64 20 74 6f 20 72 65 73 65 74 20 49 50 76 36 20 4e 65 69 67 68 62 6f 72 20 44 69 73 63 6f 76	nd.to.reset.IPv6.Neighbor.Discov
7aea0	65 72 79 20 50 72 6f 74 6f 63 6f 6c 20 63 61 63 68 65 20 66 6f 72 20 61 6e 20 61 64 64 72 65 73	ery.Protocol.cache.for.an.addres
7aec0	73 20 6f 72 20 69 6e 74 65 72 66 61 63 65 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64	s.or.interface..Use.this.command
7aee0	20 74 6f 20 72 65 73 65 74 20 61 6e 20 4c 44 50 20 6e 65 69 67 68 62 6f 72 2f 54 43 50 20 73 65	.to.reset.an.LDP.neighbor/TCP.se
7af00	73 73 69 6f 6e 20 74 68 61 74 20 69 73 20 65 73 74 61 62 6c 69 73 68 65 64 00 55 73 65 20 74 68	ssion.that.is.established.Use.th
7af20	69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 72 65 73 65 74 20 74 68 65 20 4f 70 65 6e 56 50 4e 20	is.command.to.reset.the.OpenVPN.
7af40	70 72 6f 63 65 73 73 20 6f 6e 20 61 20 73 70 65 63 69 66 69 63 20 69 6e 74 65 72 66 61 63 65 2e	process.on.a.specific.interface.
7af60	00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 72 65 73 65 74 20 74 68 65 20 73	.Use.this.command.to.reset.the.s
7af80	70 65 63 69 66 69 65 64 20 4f 70 65 6e 56 50 4e 20 63 6c 69 65 6e 74 2e 00 55 73 65 20 74 68 69	pecified.OpenVPN.client..Use.thi
7afa0	73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 72 65 73 74 72 69 63 74 20 74 68 65 20 50 50 50 6f 45 20	s.command.to.restrict.the.PPPoE.
7afc0	73 65 73 73 69 6f 6e 20 6f 6e 20 61 20 67 69 76 65 6e 20 61 63 63 65 73 73 20 63 6f 6e 63 65 6e	session.on.a.given.access.concen
7afe0	74 72 61 74 6f 72 2e 20 4e 6f 72 6d 61 6c 6c 79 2c 20 61 20 68 6f 73 74 20 73 65 6e 64 73 20 61	trator..Normally,.a.host.sends.a
7b000	20 50 50 50 6f 45 20 69 6e 69 74 69 61 74 69 6f 6e 20 70 61 63 6b 65 74 20 74 6f 20 73 74 61 72	.PPPoE.initiation.packet.to.star
7b020	74 20 74 68 65 20 50 50 50 6f 45 20 64 69 73 63 6f 76 65 72 79 20 70 72 6f 63 65 73 73 2c 20 61	t.the.PPPoE.discovery.process,.a
7b040	20 6e 75 6d 62 65 72 20 6f 66 20 61 63 63 65 73 73 20 63 6f 6e 63 65 6e 74 72 61 74 6f 72 73 20	.number.of.access.concentrators.
7b060	72 65 73 70 6f 6e 64 20 77 69 74 68 20 6f 66 66 65 72 20 70 61 63 6b 65 74 73 20 61 6e 64 20 74	respond.with.offer.packets.and.t
7b080	68 65 20 68 6f 73 74 20 73 65 6c 65 63 74 73 20 6f 6e 65 20 6f 66 20 74 68 65 20 72 65 73 70 6f	he.host.selects.one.of.the.respo
7b0a0	6e 64 69 6e 67 20 61 63 63 65 73 73 20 63 6f 6e 63 65 6e 74 72 61 74 6f 72 73 20 74 6f 20 73 65	nding.access.concentrators.to.se
7b0c0	72 76 65 20 74 68 69 73 20 73 65 73 73 69 6f 6e 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61	rve.this.session..Use.this.comma
7b0e0	6e 64 20 74 6f 20 73 65 65 20 4c 44 50 20 69 6e 74 65 72 66 61 63 65 20 69 6e 66 6f 72 6d 61 74	nd.to.see.LDP.interface.informat
7b100	69 6f 6e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 73 65 65 20 4c 44 50 20	ion.Use.this.command.to.see.LDP.
7b120	6e 65 69 67 68 62 6f 72 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 00 55 73 65 20 74 68 69 73 20 63 6f	neighbor.information.Use.this.co
7b140	6d 6d 61 6e 64 20 74 6f 20 73 65 65 20 64 65 74 61 69 6c 65 64 20 4c 44 50 20 6e 65 69 67 68 62	mmand.to.see.detailed.LDP.neighb
7b160	6f 72 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20	or.information.Use.this.command.
7b180	74 6f 20 73 65 65 20 64 69 73 63 6f 76 65 72 79 20 68 65 6c 6c 6f 20 69 6e 66 6f 72 6d 61 74 69	to.see.discovery.hello.informati
7b1a0	6f 6e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 73 65 65 20 74 68 65 20 4c	on.Use.this.command.to.see.the.L
7b1c0	61 62 65 6c 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 20 42 61 73 65 2e 00 55 73 65 20 74 68 69 73 20	abel.Information.Base..Use.this.
7b1e0	63 6f 6d 6d 61 6e 64 20 74 6f 20 73 65 74 20 61 20 6e 61 6d 65 20 66 6f 72 20 74 68 69 73 20 50	command.to.set.a.name.for.this.P
7b200	50 50 6f 45 2d 73 65 72 76 65 72 20 61 63 63 65 73 73 20 63 6f 6e 63 65 6e 74 72 61 74 6f 72 2e	PPoE-server.access.concentrator.
7b220	00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 73 65 74 20 72 65 2d 64 69 61 6c	.Use.this.command.to.set.re-dial
7b240	20 64 65 6c 61 79 20 74 69 6d 65 20 74 6f 20 62 65 20 75 73 65 64 20 77 69 74 68 20 70 65 72 73	.delay.time.to.be.used.with.pers
7b260	69 73 74 20 50 50 50 6f 45 20 73 65 73 73 69 6f 6e 73 2e 20 57 68 65 6e 20 74 68 65 20 50 50 50	ist.PPPoE.sessions..When.the.PPP
7b280	6f 45 20 73 65 73 73 69 6f 6e 20 69 73 20 74 65 72 6d 69 6e 61 74 65 64 20 62 79 20 70 65 65 72	oE.session.is.terminated.by.peer
7b2a0	2c 20 61 6e 64 20 6f 6e 2d 64 65 6d 61 6e 64 20 6f 70 74 69 6f 6e 20 69 73 20 6e 6f 74 20 73 65	,.and.on-demand.option.is.not.se
7b2c0	74 2c 20 74 68 65 20 72 6f 75 74 65 72 20 77 69 6c 6c 20 61 74 74 65 6d 70 74 20 74 6f 20 72 65	t,.the.router.will.attempt.to.re
7b2e0	2d 65 73 74 61 62 6c 69 73 68 20 74 68 65 20 50 50 50 6f 45 20 6c 69 6e 6b 2e 00 55 73 65 20 74	-establish.the.PPPoE.link..Use.t
7b300	68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 73 65 74 20 74 68 65 20 49 50 20 61 64 64 72 65 73	his.command.to.set.the.IP.addres
7b320	73 20 6f 66 20 74 68 65 20 6c 6f 63 61 6c 20 65 6e 64 70 6f 69 6e 74 20 6f 66 20 61 20 50 50 50	s.of.the.local.endpoint.of.a.PPP
7b340	6f 45 20 73 65 73 73 69 6f 6e 2e 20 49 66 20 69 74 20 69 73 20 6e 6f 74 20 73 65 74 20 69 74 20	oE.session..If.it.is.not.set.it.
7b360	77 69 6c 6c 20 62 65 20 6e 65 67 6f 74 69 61 74 65 64 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d	will.be.negotiated..Use.this.com
7b380	6d 61 6e 64 20 74 6f 20 73 65 74 20 74 68 65 20 49 50 20 61 64 64 72 65 73 73 20 6f 66 20 74 68	mand.to.set.the.IP.address.of.th
7b3a0	65 20 72 65 6d 6f 74 65 20 65 6e 64 70 6f 69 6e 74 20 6f 66 20 61 20 50 50 50 6f 45 20 73 65 73	e.remote.endpoint.of.a.PPPoE.ses
7b3c0	73 69 6f 6e 2e 20 49 66 20 69 74 20 69 73 20 6e 6f 74 20 73 65 74 20 69 74 20 77 69 6c 6c 20 62	sion..If.it.is.not.set.it.will.b
7b3e0	65 20 6e 65 67 6f 74 69 61 74 65 64 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74	e.negotiated..Use.this.command.t
7b400	6f 20 73 65 74 20 74 68 65 20 49 50 76 34 20 6f 72 20 49 50 76 36 20 61 64 64 72 65 73 73 20 6f	o.set.the.IPv4.or.IPv6.address.o
7b420	66 20 65 76 65 72 79 20 44 6f 6d 61 6e 20 4e 61 6d 65 20 53 65 72 76 65 72 20 79 6f 75 20 77 61	f.every.Doman.Name.Server.you.wa
7b440	6e 74 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 2e 20 54 68 65 79 20 77 69 6c 6c 20 62 65 20 70 72	nt.to.configure..They.will.be.pr
7b460	6f 70 61 67 61 74 65 64 20 74 6f 20 50 50 50 6f 45 20 63 6c 69 65 6e 74 73 2e 00 55 73 65 20 74	opagated.to.PPPoE.clients..Use.t
7b480	68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 73 65 74 20 74 68 65 20 49 50 76 34 20 6f 72 20 49	his.command.to.set.the.IPv4.or.I
7b4a0	50 76 36 20 74 72 61 6e 73 70 6f 72 74 2d 61 64 64 72 65 73 73 20 75 73 65 64 20 62 79 20 4c 44	Pv6.transport-address.used.by.LD
7b4c0	50 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 73 65 74 20 74 68 65 20 69	P..Use.this.command.to.set.the.i
7b4e0	64 6c 65 20 74 69 6d 65 6f 75 74 20 69 6e 74 65 72 76 61 6c 20 74 6f 20 62 65 20 75 73 65 64 20	dle.timeout.interval.to.be.used.
7b500	77 69 74 68 20 6f 6e 2d 64 65 6d 61 6e 64 20 50 50 50 6f 45 20 73 65 73 73 69 6f 6e 73 2e 20 57	with.on-demand.PPPoE.sessions..W
7b520	68 65 6e 20 61 6e 20 6f 6e 2d 64 65 6d 61 6e 64 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 69 73 20 65	hen.an.on-demand.connection.is.e
7b540	73 74 61 62 6c 69 73 68 65 64 2c 20 74 68 65 20 6c 69 6e 6b 20 69 73 20 62 72 6f 75 67 68 74 20	stablished,.the.link.is.brought.
7b560	75 70 20 6f 6e 6c 79 20 77 68 65 6e 20 74 72 61 66 66 69 63 20 69 73 20 73 65 6e 74 20 61 6e 64	up.only.when.traffic.is.sent.and
7b580	20 69 73 20 64 69 73 61 62 6c 65 64 20 77 68 65 6e 20 74 68 65 20 6c 69 6e 6b 20 69 73 20 69 64	.is.disabled.when.the.link.is.id
7b5a0	6c 65 20 66 6f 72 20 74 68 65 20 69 6e 74 65 72 76 61 6c 20 73 70 65 63 69 66 69 65 64 2e 00 55	le.for.the.interval.specified..U
7b5c0	73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 73 65 74 20 74 68 65 20 70 61 73 73 77	se.this.command.to.set.the.passw
7b5e0	6f 72 64 20 66 6f 72 20 61 75 74 68 65 6e 74 69 63 61 74 69 6e 67 20 77 69 74 68 20 61 20 72 65	ord.for.authenticating.with.a.re
7b600	6d 6f 74 65 20 50 50 50 6f 45 20 65 6e 64 70 6f 69 6e 74 2e 20 41 75 74 68 65 6e 74 69 63 61 74	mote.PPPoE.endpoint..Authenticat
7b620	69 6f 6e 20 69 73 20 6f 70 74 69 6f 6e 61 6c 20 66 72 6f 6d 20 74 68 65 20 73 79 73 74 65 6d 27	ion.is.optional.from.the.system'
7b640	73 20 70 6f 69 6e 74 20 6f 66 20 76 69 65 77 20 62 75 74 20 6d 6f 73 74 20 73 65 72 76 69 63 65	s.point.of.view.but.most.service
7b660	20 70 72 6f 76 69 64 65 72 73 20 72 65 71 75 69 72 65 20 69 74 2e 00 55 73 65 20 74 68 69 73 20	.providers.require.it..Use.this.
7b680	63 6f 6d 6d 61 6e 64 20 74 6f 20 73 65 74 20 74 68 65 20 74 61 72 67 65 74 20 74 6f 20 75 73 65	command.to.set.the.target.to.use
7b6a0	2e 20 41 63 74 69 6f 6e 20 71 75 65 75 65 20 6d 75 73 74 20 62 65 20 64 65 66 69 6e 65 64 20 74	..Action.queue.must.be.defined.t
7b6c0	6f 20 75 73 65 20 74 68 69 73 20 73 65 74 74 69 6e 67 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d	o.use.this.setting.Use.this.comm
7b6e0	61 6e 64 20 74 6f 20 73 65 74 20 74 68 65 20 75 73 65 72 6e 61 6d 65 20 66 6f 72 20 61 75 74 68	and.to.set.the.username.for.auth
7b700	65 6e 74 69 63 61 74 69 6e 67 20 77 69 74 68 20 61 20 72 65 6d 6f 74 65 20 50 50 50 6f 45 20 65	enticating.with.a.remote.PPPoE.e
7b720	6e 64 70 6f 69 6e 74 2e 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 69 73 20 6f 70 74 69 6f	ndpoint..Authentication.is.optio
7b740	6e 61 6c 20 66 72 6f 6d 20 74 68 65 20 73 79 73 74 65 6d 27 73 20 70 6f 69 6e 74 20 6f 66 20 76	nal.from.the.system's.point.of.v
7b760	69 65 77 20 62 75 74 20 6d 6f 73 74 20 73 65 72 76 69 63 65 20 70 72 6f 76 69 64 65 72 73 20 72	iew.but.most.service.providers.r
7b780	65 71 75 69 72 65 20 69 74 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 73	equire.it..Use.this.command.to.s
7b7a0	68 6f 77 20 49 50 76 36 20 42 6f 72 64 65 72 20 47 61 74 65 77 61 79 20 50 72 6f 74 6f 63 6f 6c	how.IPv6.Border.Gateway.Protocol
7b7c0	20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74	.information..Use.this.command.t
7b7e0	6f 20 73 68 6f 77 20 49 50 76 36 20 4e 65 69 67 68 62 6f 72 20 44 69 73 63 6f 76 65 72 79 20 50	o.show.IPv6.Neighbor.Discovery.P
7b800	72 6f 74 6f 63 6f 6c 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 00 55 73 65 20 74 68 69 73 20 63 6f	rotocol.information..Use.this.co
7b820	6d 6d 61 6e 64 20 74 6f 20 73 68 6f 77 20 49 50 76 36 20 66 6f 72 77 61 72 64 69 6e 67 20 73 74	mmand.to.show.IPv6.forwarding.st
7b840	61 74 75 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 73 68 6f 77 20 49	atus..Use.this.command.to.show.I
7b860	50 76 36 20 6d 75 6c 74 69 63 61 73 74 20 67 72 6f 75 70 20 6d 65 6d 62 65 72 73 68 69 70 2e 00	Pv6.multicast.group.membership..
7b880	55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 73 68 6f 77 20 49 50 76 36 20 72 6f	Use.this.command.to.show.IPv6.ro
7b8a0	75 74 65 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 73 68 6f 77 20 61	utes..Use.this.command.to.show.a
7b8c0	6c 6c 20 49 50 76 36 20 61 63 63 65 73 73 20 6c 69 73 74 73 00 55 73 65 20 74 68 69 73 20 63 6f	ll.IPv6.access.lists.Use.this.co
7b8e0	6d 6d 61 6e 64 20 74 6f 20 73 68 6f 77 20 61 6c 6c 20 49 50 76 36 20 70 72 65 66 69 78 20 6c 69	mmand.to.show.all.IPv6.prefix.li
7b900	73 74 73 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 73 68 6f 77 20 74 68 65	sts.Use.this.command.to.show.the
7b920	20 73 74 61 74 75 73 20 6f 66 20 74 68 65 20 52 49 50 4e 47 20 70 72 6f 74 6f 63 6f 6c 00 55 73	.status.of.the.RIPNG.protocol.Us
7b940	65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 73 70 65 63 69 66 79 20 61 20 44 4e 53 20	e.this.command.to.specify.a.DNS.
7b960	73 65 72 76 65 72 20 66 6f 72 20 74 68 65 20 73 79 73 74 65 6d 20 74 6f 20 62 65 20 75 73 65 64	server.for.the.system.to.be.used
7b980	20 66 6f 72 20 44 4e 53 20 6c 6f 6f 6b 75 70 73 2e 20 4d 6f 72 65 20 74 68 61 6e 20 6f 6e 65 20	.for.DNS.lookups..More.than.one.
7b9a0	44 4e 53 20 73 65 72 76 65 72 20 63 61 6e 20 62 65 20 61 64 64 65 64 2c 20 63 6f 6e 66 69 67 75	DNS.server.can.be.added,.configu
7b9c0	72 69 6e 67 20 6f 6e 65 20 61 74 20 61 20 74 69 6d 65 2e 20 42 6f 74 68 20 49 50 76 34 20 61 6e	ring.one.at.a.time..Both.IPv4.an
7b9e0	64 20 49 50 76 36 20 61 64 64 72 65 73 73 65 73 20 61 72 65 20 73 75 70 70 6f 72 74 65 64 2e 00	d.IPv6.addresses.are.supported..
7ba00	55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 73 70 65 63 69 66 79 20 61 20 64 6f	Use.this.command.to.specify.a.do
7ba20	6d 61 69 6e 20 6e 61 6d 65 20 74 6f 20 62 65 20 61 70 70 65 6e 64 65 64 20 74 6f 20 64 6f 6d 61	main.name.to.be.appended.to.doma
7ba40	69 6e 2d 6e 61 6d 65 73 20 77 69 74 68 69 6e 20 55 52 4c 73 20 74 68 61 74 20 64 6f 20 6e 6f 74	in-names.within.URLs.that.do.not
7ba60	20 69 6e 63 6c 75 64 65 20 61 20 64 6f 74 20 60 60 2e 60 60 20 74 68 65 20 64 6f 6d 61 69 6e 20	.include.a.dot.``.``.the.domain.
7ba80	69 73 20 61 70 70 65 6e 64 65 64 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f	is.appended..Use.this.command.to
7baa0	20 73 70 65 63 69 66 79 20 61 20 73 65 72 76 69 63 65 20 6e 61 6d 65 20 62 79 20 77 68 69 63 68	.specify.a.service.name.by.which
7bac0	20 74 68 65 20 6c 6f 63 61 6c 20 50 50 50 6f 45 20 69 6e 74 65 72 66 61 63 65 20 63 61 6e 20 73	.the.local.PPPoE.interface.can.s
7bae0	65 6c 65 63 74 20 61 63 63 65 73 73 20 63 6f 6e 63 65 6e 74 72 61 74 6f 72 73 20 74 6f 20 63 6f	elect.access.concentrators.to.co
7bb00	6e 6e 65 63 74 20 77 69 74 68 2e 20 49 74 20 77 69 6c 6c 20 63 6f 6e 6e 65 63 74 20 74 6f 20 61	nnect.with..It.will.connect.to.a
7bb20	6e 79 20 61 63 63 65 73 73 20 63 6f 6e 63 65 6e 74 72 61 74 6f 72 20 69 66 20 6e 6f 74 20 73 65	ny.access.concentrator.if.not.se
7bb40	74 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 75 73 65 20 4c 61 79 65 72	t..Use.this.command.to.use.Layer
7bb60	20 34 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 66 6f 72 20 49 50 76 34 20 45 43 4d 50 20 68 61 73	.4.information.for.IPv4.ECMP.has
7bb80	68 69 6e 67 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 75 73 65 20 61 20	hing..Use.this.command.to.use.a.
7bba0	43 69 73 63 6f 20 6e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 74 20 66 6f 72 6d 61 74 20 74 6f 20 73 65	Cisco.non-compliant.format.to.se
7bbc0	6e 64 20 61 6e 64 20 69 6e 74 65 72 70 72 65 74 20 74 68 65 20 44 75 61 6c 2d 53 74 61 63 6b 20	nd.and.interpret.the.Dual-Stack.
7bbe0	63 61 70 61 62 69 6c 69 74 79 20 54 4c 56 20 66 6f 72 20 49 50 76 36 20 4c 44 50 20 63 6f 6d 6d	capability.TLV.for.IPv6.LDP.comm
7bc00	75 6e 69 63 61 74 69 6f 6e 73 2e 20 54 68 69 73 20 69 73 20 72 65 6c 61 74 65 64 20 74 6f 20 3a	unications..This.is.related.to.:
7bc20	72 66 63 3a 60 37 35 35 32 60 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20	rfc:`7552`..Use.this.command.to.
7bc40	75 73 65 20 6f 72 64 65 72 65 64 20 6c 61 62 65 6c 20 64 69 73 74 72 69 62 75 74 69 6f 6e 20 63	use.ordered.label.distribution.c
7bc60	6f 6e 74 72 6f 6c 20 6d 6f 64 65 2e 20 46 52 52 20 62 79 20 64 65 66 61 75 6c 74 20 75 73 65 73	ontrol.mode..FRR.by.default.uses
7bc80	20 69 6e 64 65 70 65 6e 64 65 6e 74 20 6c 61 62 65 6c 20 64 69 73 74 72 69 62 75 74 69 6f 6e 20	.independent.label.distribution.
7bca0	63 6f 6e 74 72 6f 6c 20 6d 6f 64 65 20 66 6f 72 20 6c 61 62 65 6c 20 64 69 73 74 72 69 62 75 74	control.mode.for.label.distribut
7bcc0	69 6f 6e 2e 20 20 54 68 69 73 20 69 73 20 72 65 6c 61 74 65 64 20 74 6f 20 3a 72 66 63 3a 60 35	ion...This.is.related.to.:rfc:`5
7bce0	30 33 36 60 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 75 73 65 72 20 4c	036`..Use.this.command.to.user.L
7bd00	61 79 65 72 20 34 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 66 6f 72 20 45 43 4d 50 20 68 61 73 68	ayer.4.information.for.ECMP.hash
7bd20	69 6e 67 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 76 69 65 77 20 6f 70	ing..Use.this.command.to.view.op
7bd40	65 72 61 74 69 6f 6e 61 6c 20 73 74 61 74 75 73 20 61 6e 64 20 64 65 74 61 69 6c 73 20 77 69 72	erational.status.and.details.wir
7bd60	65 6c 65 73 73 2d 73 70 65 63 69 66 69 63 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74	eless-specific.information.about
7bd80	20 61 6c 6c 20 77 69 72 65 6c 65 73 73 20 69 6e 74 65 72 66 61 63 65 73 2e 00 55 73 65 20 74 68	.all.wireless.interfaces..Use.th
7bda0	69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 76 69 65 77 20 6f 70 65 72 61 74 69 6f 6e 61 6c 20 73	is.command.to.view.operational.s
7bdc0	74 61 74 75 73 20 61 6e 64 20 77 69 72 65 6c 65 73 73 2d 73 70 65 63 69 66 69 63 20 69 6e 66 6f	tatus.and.wireless-specific.info
7bde0	72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 61 6c 6c 20 77 69 72 65 6c 65 73 73 20 69 6e 74 65 72	rmation.about.all.wireless.inter
7be00	66 61 63 65 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 76 69 65 77 20	faces..Use.this.command.to.view.
7be20	77 69 72 65 6c 65 73 73 20 69 6e 74 65 72 66 61 63 65 20 71 75 65 75 65 20 69 6e 66 6f 72 6d 61	wireless.interface.queue.informa
7be40	74 69 6f 6e 2e 20 54 68 65 20 77 69 72 65 6c 65 73 73 20 69 6e 74 65 72 66 61 63 65 20 69 64 65	tion..The.wireless.interface.ide
7be60	6e 74 69 66 69 65 72 20 63 61 6e 20 72 61 6e 67 65 20 66 72 6f 6d 20 77 6c 61 6e 30 20 74 6f 20	ntifier.can.range.from.wlan0.to.
7be80	77 6c 61 6e 39 39 39 2e 00 55 73 65 64 20 66 6f 72 20 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e	wlan999..Used.for.troubleshootin
7bea0	67 2e 00 55 73 65 64 20 74 6f 20 62 6c 6f 63 6b 20 61 20 73 70 65 63 69 66 69 63 20 6d 69 6d 65	g..Used.to.block.a.specific.mime
7bec0	2d 74 79 70 65 2e 00 55 73 65 64 20 74 6f 20 62 6c 6f 63 6b 20 73 70 65 63 69 66 69 63 20 64 6f	-type..Used.to.block.specific.do
7bee0	6d 61 69 6e 73 20 62 79 20 74 68 65 20 50 72 6f 78 79 2e 20 53 70 65 63 69 66 79 69 6e 67 20 22	mains.by.the.Proxy..Specifying."
7bf00	76 79 6f 73 2e 6e 65 74 22 20 77 69 6c 6c 20 62 6c 6f 63 6b 20 61 6c 6c 20 61 63 63 65 73 73 20	vyos.net".will.block.all.access.
7bf20	74 6f 20 76 79 6f 73 2e 6e 65 74 2c 20 61 6e 64 20 73 70 65 63 69 66 79 69 6e 67 20 22 2e 78 78	to.vyos.net,.and.specifying.".xx
7bf40	78 22 20 77 69 6c 6c 20 62 6c 6f 63 6b 20 61 6c 6c 20 61 63 63 65 73 73 20 74 6f 20 55 52 4c 73	x".will.block.all.access.to.URLs
7bf60	20 68 61 76 69 6e 67 20 61 6e 20 55 52 4c 20 65 6e 64 69 6e 67 20 6f 6e 20 2e 78 78 78 2e 00 55	.having.an.URL.ending.on..xxx..U
7bf80	73 65 72 2d 6c 65 76 65 6c 20 6d 65 73 73 61 67 65 73 00 55 73 69 6e 67 20 27 73 6f 66 74 2d 72	ser-level.messages.Using.'soft-r
7bfa0	65 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 27 20 77 65 20 67 65 74 20 74 68 65 20 70 6f 6c 69 63	econfiguration'.we.get.the.polic
7bfc0	79 20 75 70 64 61 74 65 20 77 69 74 68 6f 75 74 20 62 6f 75 6e 63 69 6e 67 20 74 68 65 20 6e 65	y.update.without.bouncing.the.ne
7bfe0	69 67 68 62 6f 72 2e 00 55 73 69 6e 67 20 2a 2a 6f 70 65 6e 76 70 6e 2d 6f 70 74 69 6f 6e 20 2d	ighbor..Using.**openvpn-option.-
7c000	72 65 6e 65 67 2d 73 65 63 2a 2a 20 63 61 6e 20 62 65 20 74 72 69 63 6b 79 2e 20 54 68 69 73 20	reneg-sec**.can.be.tricky..This.
7c020	6f 70 74 69 6f 6e 20 69 73 20 75 73 65 64 20 74 6f 20 72 65 6e 65 67 6f 74 69 61 74 65 20 64 61	option.is.used.to.renegotiate.da
7c040	74 61 20 63 68 61 6e 6e 65 6c 20 61 66 74 65 72 20 6e 20 73 65 63 6f 6e 64 73 2e 20 57 68 65 6e	ta.channel.after.n.seconds..When
7c060	20 75 73 65 64 20 61 74 20 62 6f 74 68 20 73 65 72 76 65 72 20 61 6e 64 20 63 6c 69 65 6e 74 2c	.used.at.both.server.and.client,
7c080	20 74 68 65 20 6c 6f 77 65 72 20 76 61 6c 75 65 20 77 69 6c 6c 20 74 72 69 67 67 65 72 20 74 68	.the.lower.value.will.trigger.th
7c0a0	65 20 72 65 6e 65 67 6f 74 69 61 74 69 6f 6e 2e 20 49 66 20 79 6f 75 20 73 65 74 20 69 74 20 74	e.renegotiation..If.you.set.it.t
7c0c0	6f 20 30 20 6f 6e 20 6f 6e 65 20 73 69 64 65 20 6f 66 20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f	o.0.on.one.side.of.the.connectio
7c0e0	6e 20 28 74 6f 20 64 69 73 61 62 6c 65 20 69 74 29 2c 20 74 68 65 20 63 68 6f 73 65 6e 20 76 61	n.(to.disable.it),.the.chosen.va
7c100	6c 75 65 20 6f 6e 20 74 68 65 20 6f 74 68 65 72 20 73 69 64 65 20 77 69 6c 6c 20 64 65 74 65 72	lue.on.the.other.side.will.deter
7c120	6d 69 6e 65 20 77 68 65 6e 20 74 68 65 20 72 65 6e 65 67 6f 74 69 61 74 69 6f 6e 20 77 69 6c 6c	mine.when.the.renegotiation.will
7c140	20 6f 63 63 75 72 2e 00 55 73 69 6e 67 20 42 47 50 20 63 6f 6e 66 65 64 65 72 61 74 69 6f 6e 00	.occur..Using.BGP.confederation.
7c160	55 73 69 6e 67 20 42 47 50 20 72 6f 75 74 65 2d 72 65 66 6c 65 63 74 6f 72 73 00 55 73 69 6e 67	Using.BGP.route-reflectors.Using
7c180	20 56 4c 41 4e 20 61 77 61 72 65 20 42 72 69 64 67 65 00 55 73 69 6e 67 20 74 68 65 20 6f 70 65	.VLAN.aware.Bridge.Using.the.ope
7c1a0	72 61 74 69 6f 6e 20 6d 6f 64 65 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 76 69 65 77 20 42 72 69 64	ration.mode.command.to.view.Brid
7c1c0	67 65 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 00 55 73 69 6e 67 20 74 68 69 73 20 63 6f 6d 6d 61 6e	ge.Information.Using.this.comman
7c1e0	64 2c 20 79 6f 75 20 77 69 6c 6c 20 63 72 65 61 74 65 20 61 20 6e 65 77 20 63 6c 69 65 6e 74 20	d,.you.will.create.a.new.client.
7c200	63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 77 68 69 63 68 20 63 61 6e 20 63 6f 6e 6e 65 63 74 20	configuration.which.can.connect.
7c220	74 6f 20 60 60 69 6e 74 65 72 66 61 63 65 60 60 20 6f 6e 20 74 68 69 73 20 72 6f 75 74 65 72 2e	to.``interface``.on.this.router.
7c240	20 54 68 65 20 70 75 62 6c 69 63 20 6b 65 79 20 66 72 6f 6d 20 74 68 65 20 73 70 65 63 69 66 69	.The.public.key.from.the.specifi
7c260	65 64 20 69 6e 74 65 72 66 61 63 65 20 69 73 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 65 78	ed.interface.is.automatically.ex
7c280	74 72 61 63 74 65 64 20 61 6e 64 20 65 6d 62 65 64 64 65 64 20 69 6e 74 6f 20 74 68 65 20 63 6f	tracted.and.embedded.into.the.co
7c2a0	6e 66 69 67 75 72 61 74 69 6f 6e 2e 00 55 73 75 61 6c 6c 79 20 74 68 69 73 20 63 6f 6e 66 69 67	nfiguration..Usually.this.config
7c2c0	75 72 61 74 69 6f 6e 20 69 73 20 75 73 65 64 20 69 6e 20 50 45 73 20 28 50 72 6f 76 69 64 65 72	uration.is.used.in.PEs.(Provider
7c2e0	20 45 64 67 65 29 20 74 6f 20 72 65 70 6c 61 63 65 20 74 68 65 20 69 6e 63 6f 6d 69 6e 67 20 63	.Edge).to.replace.the.incoming.c
7c300	75 73 74 6f 6d 65 72 20 41 53 20 6e 75 6d 62 65 72 20 73 6f 20 74 68 65 20 63 6f 6e 6e 65 63 74	ustomer.AS.number.so.the.connect
7c320	65 64 20 43 45 20 28 20 43 75 73 74 6f 6d 65 72 20 45 64 67 65 29 20 63 61 6e 20 75 73 65 20 74	ed.CE.(.Customer.Edge).can.use.t
7c340	68 65 20 73 61 6d 65 20 41 53 20 6e 75 6d 62 65 72 20 61 73 20 74 68 65 20 6f 74 68 65 72 20 63	he.same.AS.number.as.the.other.c
7c360	75 73 74 6f 6d 65 72 20 73 69 74 65 73 2e 20 54 68 69 73 20 61 6c 6c 6f 77 73 20 63 75 73 74 6f	ustomer.sites..This.allows.custo
7c380	6d 65 72 73 20 6f 66 20 74 68 65 20 70 72 6f 76 69 64 65 72 20 6e 65 74 77 6f 72 6b 20 74 6f 20	mers.of.the.provider.network.to.
7c3a0	75 73 65 20 74 68 65 20 73 61 6d 65 20 41 53 20 6e 75 6d 62 65 72 20 61 63 72 6f 73 73 20 74 68	use.the.same.AS.number.across.th
7c3c0	65 69 72 20 73 69 74 65 73 2e 00 56 48 54 20 28 56 65 72 79 20 48 69 67 68 20 54 68 72 6f 75 67	eir.sites..VHT.(Very.High.Throug
7c3e0	68 70 75 74 29 20 63 61 70 61 62 69 6c 69 74 69 65 73 20 28 38 30 32 2e 31 31 61 63 29 00 56 48	hput).capabilities.(802.11ac).VH
7c400	54 20 6c 69 6e 6b 20 61 64 61 70 74 61 74 69 6f 6e 20 63 61 70 61 62 69 6c 69 74 69 65 73 00 56	T.link.adaptation.capabilities.V
7c420	48 54 20 6f 70 65 72 61 74 69 6e 67 20 63 68 61 6e 6e 65 6c 20 63 65 6e 74 65 72 20 66 72 65 71	HT.operating.channel.center.freq
7c440	75 65 6e 63 79 20 2d 20 63 65 6e 74 65 72 20 66 72 65 71 20 31 20 28 66 6f 72 20 75 73 65 20 77	uency.-.center.freq.1.(for.use.w
7c460	69 74 68 20 38 30 2c 20 38 30 2b 38 30 20 61 6e 64 20 31 36 30 20 6d 6f 64 65 73 29 00 56 48 54	ith.80,.80+80.and.160.modes).VHT
7c480	20 6f 70 65 72 61 74 69 6e 67 20 63 68 61 6e 6e 65 6c 20 63 65 6e 74 65 72 20 66 72 65 71 75 65	.operating.channel.center.freque
7c4a0	6e 63 79 20 2d 20 63 65 6e 74 65 72 20 66 72 65 71 20 32 20 28 66 6f 72 20 75 73 65 20 77 69 74	ncy.-.center.freq.2.(for.use.wit
7c4c0	68 20 74 68 65 20 38 30 2b 38 30 20 6d 6f 64 65 29 00 56 4c 41 4e 00 56 4c 41 4e 20 31 30 20 6f	h.the.80+80.mode).VLAN.VLAN.10.o
7c4e0	6e 20 6d 65 6d 62 65 72 20 69 6e 74 65 72 66 61 63 65 20 60 65 74 68 32 60 20 28 41 43 43 45 53	n.member.interface.`eth2`.(ACCES
7c500	53 20 6d 6f 64 65 29 00 56 4c 41 4e 20 45 78 61 6d 70 6c 65 00 56 4c 41 4e 20 4f 70 74 69 6f 6e	S.mode).VLAN.Example.VLAN.Option
7c520	73 00 56 4c 41 4e 20 6e 61 6d 65 00 56 4c 41 4e 27 73 20 63 61 6e 20 62 65 20 63 72 65 61 74 65	s.VLAN.name.VLAN's.can.be.create
7c540	64 20 62 79 20 41 63 63 65 6c 2d 70 70 70 20 6f 6e 20 74 68 65 20 66 6c 79 20 76 69 61 20 74 68	d.by.Accel-ppp.on.the.fly.via.th
7c560	65 20 75 73 65 20 6f 66 20 61 20 4b 65 72 6e 65 6c 20 6d 6f 64 75 6c 65 20 6e 61 6d 65 64 20 60	e.use.of.a.Kernel.module.named.`
7c580	76 6c 61 6e 5f 6d 6f 6e 60 2c 20 77 68 69 63 68 20 69 73 20 6d 6f 6e 69 74 6f 72 69 6e 67 20 69	vlan_mon`,.which.is.monitoring.i
7c5a0	6e 63 6f 6d 69 6e 67 20 76 6c 61 6e 73 20 61 6e 64 20 63 72 65 61 74 65 73 20 74 68 65 20 6e 65	ncoming.vlans.and.creates.the.ne
7c5c0	63 65 73 73 61 72 79 20 56 4c 41 4e 20 69 66 20 72 65 71 75 69 72 65 64 20 61 6e 64 20 61 6c 6c	cessary.VLAN.if.required.and.all
7c5e0	6f 77 65 64 2e 20 56 79 4f 53 20 73 75 70 70 6f 72 74 73 20 74 68 65 20 75 73 65 20 6f 66 20 65	owed..VyOS.supports.the.use.of.e
7c600	69 74 68 65 72 20 56 4c 41 4e 20 49 44 27 73 20 6f 72 20 65 6e 74 69 72 65 20 72 61 6e 67 65 73	ither.VLAN.ID's.or.entire.ranges
7c620	2c 20 62 6f 74 68 20 76 61 6c 75 65 73 20 63 61 6e 20 62 65 20 64 65 66 69 6e 65 64 20 61 74 20	,.both.values.can.be.defined.at.
7c640	74 68 65 20 73 61 6d 65 20 74 69 6d 65 20 66 6f 72 20 61 6e 20 69 6e 74 65 72 66 61 63 65 2e 00	the.same.time.for.an.interface..
7c660	56 4d 77 61 72 65 20 75 73 65 72 73 20 73 68 6f 75 6c 64 20 65 6e 73 75 72 65 20 74 68 61 74 20	VMware.users.should.ensure.that.
7c680	61 20 56 4d 58 4e 45 54 33 20 61 64 61 70 74 65 72 20 69 73 20 75 73 65 64 2e 20 45 31 30 30 30	a.VMXNET3.adapter.is.used..E1000
7c6a0	20 61 64 61 70 74 65 72 73 20 68 61 76 65 20 6b 6e 6f 77 6e 20 69 73 73 75 65 73 20 77 69 74 68	.adapters.have.known.issues.with
7c6c0	20 47 52 45 20 70 72 6f 63 65 73 73 69 6e 67 2e 00 56 50 4e 00 56 50 4e 2d 63 6c 69 65 6e 74 73	.GRE.processing..VPN.VPN-clients
7c6e0	20 77 69 6c 6c 20 72 65 71 75 65 73 74 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 70 61 72 61	.will.request.configuration.para
7c700	6d 65 74 65 72 73 2c 20 6f 70 74 69 6f 6e 61 6c 6c 79 20 79 6f 75 20 63 61 6e 20 44 4e 53 20 70	meters,.optionally.you.can.DNS.p
7c720	61 72 61 6d 65 74 65 72 20 74 6f 20 74 68 65 20 63 6c 69 65 6e 74 2e 00 56 52 46 00 56 52 46 20	arameter.to.the.client..VRF.VRF.
7c740	52 6f 75 74 65 20 4c 65 61 6b 69 6e 67 00 56 52 46 20 62 6c 75 65 20 72 6f 75 74 69 6e 67 20 74	Route.Leaking.VRF.blue.routing.t
7c760	61 62 6c 65 00 56 52 46 20 64 65 66 61 75 6c 74 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 00 56	able.VRF.default.routing.table.V
7c780	52 46 20 72 65 64 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 00 56 52 46 20 72 6f 75 74 65 20 6c	RF.red.routing.table.VRF.route.l
7c7a0	65 61 6b 69 6e 67 00 56 52 46 20 74 6f 70 6f 6c 6f 67 79 20 65 78 61 6d 70 6c 65 00 56 52 52 50	eaking.VRF.topology.example.VRRP
7c7c0	20 28 56 69 72 74 75 61 6c 20 52 6f 75 74 65 72 20 52 65 64 75 6e 64 61 6e 63 79 20 50 72 6f 74	.(Virtual.Router.Redundancy.Prot
7c7e0	6f 63 6f 6c 29 20 70 72 6f 76 69 64 65 73 20 61 63 74 69 76 65 2f 62 61 63 6b 75 70 20 72 65 64	ocol).provides.active/backup.red
7c800	75 6e 64 61 6e 63 79 20 66 6f 72 20 72 6f 75 74 65 72 73 2e 20 45 76 65 72 79 20 56 52 52 50 20	undancy.for.routers..Every.VRRP.
7c820	72 6f 75 74 65 72 20 68 61 73 20 61 20 70 68 79 73 69 63 61 6c 20 49 50 2f 49 50 76 36 20 61 64	router.has.a.physical.IP/IPv6.ad
7c840	64 72 65 73 73 2c 20 61 6e 64 20 61 20 76 69 72 74 75 61 6c 20 61 64 64 72 65 73 73 2e 20 4f 6e	dress,.and.a.virtual.address..On
7c860	20 73 74 61 72 74 75 70 2c 20 72 6f 75 74 65 72 73 20 65 6c 65 63 74 20 74 68 65 20 6d 61 73 74	.startup,.routers.elect.the.mast
7c880	65 72 2c 20 61 6e 64 20 74 68 65 20 72 6f 75 74 65 72 20 77 69 74 68 20 74 68 65 20 68 69 67 68	er,.and.the.router.with.the.high
7c8a0	65 73 74 20 70 72 69 6f 72 69 74 79 20 62 65 63 6f 6d 65 73 20 74 68 65 20 6d 61 73 74 65 72 20	est.priority.becomes.the.master.
7c8c0	61 6e 64 20 61 73 73 69 67 6e 73 20 74 68 65 20 76 69 72 74 75 61 6c 20 61 64 64 72 65 73 73 20	and.assigns.the.virtual.address.
7c8e0	74 6f 20 69 74 73 20 69 6e 74 65 72 66 61 63 65 2e 20 41 6c 6c 20 72 6f 75 74 65 72 73 20 77 69	to.its.interface..All.routers.wi
7c900	74 68 20 6c 6f 77 65 72 20 70 72 69 6f 72 69 74 69 65 73 20 62 65 63 6f 6d 65 20 62 61 63 6b 75	th.lower.priorities.become.backu
7c920	70 20 72 6f 75 74 65 72 73 2e 20 54 68 65 20 6d 61 73 74 65 72 20 74 68 65 6e 20 73 74 61 72 74	p.routers..The.master.then.start
7c940	73 20 73 65 6e 64 69 6e 67 20 6b 65 65 70 61 6c 69 76 65 20 70 61 63 6b 65 74 73 20 74 6f 20 6e	s.sending.keepalive.packets.to.n
7c960	6f 74 69 66 79 20 6f 74 68 65 72 20 72 6f 75 74 65 72 73 20 74 68 61 74 20 69 74 27 73 20 61 76	otify.other.routers.that.it's.av
7c980	61 69 6c 61 62 6c 65 2e 20 49 66 20 74 68 65 20 6d 61 73 74 65 72 20 66 61 69 6c 73 20 61 6e 64	ailable..If.the.master.fails.and
7c9a0	20 73 74 6f 70 73 20 73 65 6e 64 69 6e 67 20 6b 65 65 70 61 6c 69 76 65 20 70 61 63 6b 65 74 73	.stops.sending.keepalive.packets
7c9c0	2c 20 74 68 65 20 72 6f 75 74 65 72 20 77 69 74 68 20 74 68 65 20 6e 65 78 74 20 68 69 67 68 65	,.the.router.with.the.next.highe
7c9e0	73 74 20 70 72 69 6f 72 69 74 79 20 62 65 63 6f 6d 65 73 20 74 68 65 20 6e 65 77 20 6d 61 73 74	st.priority.becomes.the.new.mast
7ca00	65 72 20 61 6e 64 20 74 61 6b 65 73 20 6f 76 65 72 20 74 68 65 20 76 69 72 74 75 61 6c 20 61 64	er.and.takes.over.the.virtual.ad
7ca20	64 72 65 73 73 2e 00 56 52 52 50 20 63 61 6e 20 75 73 65 20 74 77 6f 20 6d 6f 64 65 73 3a 20 70	dress..VRRP.can.use.two.modes:.p
7ca40	72 65 65 6d 70 74 69 76 65 20 61 6e 64 20 6e 6f 6e 2d 70 72 65 65 6d 70 74 69 76 65 2e 20 49 6e	reemptive.and.non-preemptive..In
7ca60	20 74 68 65 20 70 72 65 65 6d 70 74 69 76 65 20 6d 6f 64 65 2c 20 69 66 20 61 20 72 6f 75 74 65	.the.preemptive.mode,.if.a.route
7ca80	72 20 77 69 74 68 20 61 20 68 69 67 68 65 72 20 70 72 69 6f 72 69 74 79 20 66 61 69 6c 73 20 61	r.with.a.higher.priority.fails.a
7caa0	6e 64 20 74 68 65 6e 20 63 6f 6d 65 73 20 62 61 63 6b 2c 20 72 6f 75 74 65 72 73 20 77 69 74 68	nd.then.comes.back,.routers.with
7cac0	20 6c 6f 77 65 72 20 70 72 69 6f 72 69 74 79 20 77 69 6c 6c 20 67 69 76 65 20 75 70 20 74 68 65	.lower.priority.will.give.up.the
7cae0	69 72 20 6d 61 73 74 65 72 20 73 74 61 74 75 73 2e 20 49 6e 20 6e 6f 6e 2d 70 72 65 65 6d 70 74	ir.master.status..In.non-preempt
7cb00	69 76 65 20 6d 6f 64 65 2c 20 74 68 65 20 6e 65 77 6c 79 20 65 6c 65 63 74 65 64 20 6d 61 73 74	ive.mode,.the.newly.elected.mast
7cb20	65 72 20 77 69 6c 6c 20 6b 65 65 70 20 74 68 65 20 6d 61 73 74 65 72 20 73 74 61 74 75 73 20 61	er.will.keep.the.master.status.a
7cb40	6e 64 20 74 68 65 20 76 69 72 74 75 61 6c 20 61 64 64 72 65 73 73 20 69 6e 64 65 66 69 6e 69 74	nd.the.virtual.address.indefinit
7cb60	65 6c 79 2e 00 56 52 52 50 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79 20 63 61 6e 20 62 65 20 65	ely..VRRP.functionality.can.be.e
7cb80	78 74 65 6e 64 65 64 20 77 69 74 68 20 73 63 72 69 70 74 73 2e 20 56 79 4f 53 20 73 75 70 70 6f	xtended.with.scripts..VyOS.suppo
7cba0	72 74 73 20 74 77 6f 20 6b 69 6e 64 73 20 6f 66 20 73 63 72 69 70 74 73 3a 20 68 65 61 6c 74 68	rts.two.kinds.of.scripts:.health
7cbc0	20 63 68 65 63 6b 20 73 63 72 69 70 74 73 20 61 6e 64 20 74 72 61 6e 73 69 74 69 6f 6e 20 73 63	.check.scripts.and.transition.sc
7cbe0	72 69 70 74 73 2e 20 48 65 61 6c 74 68 20 63 68 65 63 6b 20 73 63 72 69 70 74 73 20 65 78 65 63	ripts..Health.check.scripts.exec
7cc00	75 74 65 20 63 75 73 74 6f 6d 20 63 68 65 63 6b 73 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f	ute.custom.checks.in.addition.to
7cc20	20 74 68 65 20 6d 61 73 74 65 72 20 72 6f 75 74 65 72 20 72 65 61 63 68 61 62 69 6c 69 74 79 2e	.the.master.router.reachability.
7cc40	20 54 72 61 6e 73 69 74 69 6f 6e 20 73 63 72 69 70 74 73 20 61 72 65 20 65 78 65 63 75 74 65 64	.Transition.scripts.are.executed
7cc60	20 77 68 65 6e 20 56 52 52 50 20 73 74 61 74 65 20 63 68 61 6e 67 65 73 20 66 72 6f 6d 20 6d 61	.when.VRRP.state.changes.from.ma
7cc80	73 74 65 72 20 74 6f 20 62 61 63 6b 75 70 20 6f 72 20 66 61 75 6c 74 20 61 6e 64 20 76 69 63 65	ster.to.backup.or.fault.and.vice
7cca0	20 76 65 72 73 61 20 61 6e 64 20 63 61 6e 20 62 65 20 75 73 65 64 20 74 6f 20 65 6e 61 62 6c 65	.versa.and.can.be.used.to.enable
7ccc0	20 6f 72 20 64 69 73 61 62 6c 65 20 63 65 72 74 61 69 6e 20 73 65 72 76 69 63 65 73 2c 20 66 6f	.or.disable.certain.services,.fo
7cce0	72 20 65 78 61 6d 70 6c 65 2e 00 56 52 52 50 20 67 72 6f 75 70 73 20 61 72 65 20 63 72 65 61 74	r.example..VRRP.groups.are.creat
7cd00	65 64 20 77 69 74 68 20 74 68 65 20 60 60 73 65 74 20 68 69 67 68 2d 61 76 61 69 6c 61 62 69 6c	ed.with.the.``set.high-availabil
7cd20	69 74 79 20 76 72 72 70 20 67 72 6f 75 70 20 24 47 52 4f 55 50 5f 4e 41 4d 45 60 60 20 63 6f 6d	ity.vrrp.group.$GROUP_NAME``.com
7cd40	6d 61 6e 64 73 2e 20 54 68 65 20 72 65 71 75 69 72 65 64 20 70 61 72 61 6d 65 74 65 72 73 20 61	mands..The.required.parameters.a
7cd60	72 65 20 69 6e 74 65 72 66 61 63 65 2c 20 76 72 69 64 2c 20 61 6e 64 20 61 64 64 72 65 73 73 2e	re.interface,.vrid,.and.address.
7cd80	00 56 52 52 50 20 6b 65 65 70 61 6c 69 76 65 20 70 61 63 6b 65 74 73 20 75 73 65 20 6d 75 6c 74	.VRRP.keepalive.packets.use.mult
7cda0	69 63 61 73 74 2c 20 61 6e 64 20 56 52 52 50 20 73 65 74 75 70 73 20 61 72 65 20 6c 69 6d 69 74	icast,.and.VRRP.setups.are.limit
7cdc0	65 64 20 74 6f 20 61 20 73 69 6e 67 6c 65 20 64 61 74 61 6c 69 6e 6b 20 6c 61 79 65 72 20 73 65	ed.to.a.single.datalink.layer.se
7cde0	67 6d 65 6e 74 2e 20 59 6f 75 20 63 61 6e 20 73 65 74 75 70 20 6d 75 6c 74 69 70 6c 65 20 56 52	gment..You.can.setup.multiple.VR
7ce00	52 50 20 67 72 6f 75 70 73 20 28 61 6c 73 6f 20 63 61 6c 6c 65 64 20 76 69 72 74 75 61 6c 20 72	RP.groups.(also.called.virtual.r
7ce20	6f 75 74 65 72 73 29 2e 20 56 69 72 74 75 61 6c 20 72 6f 75 74 65 72 73 20 61 72 65 20 69 64 65	outers)..Virtual.routers.are.ide
7ce40	6e 74 69 66 69 65 64 20 62 79 20 61 20 56 52 49 44 20 28 56 69 72 74 75 61 6c 20 52 6f 75 74 65	ntified.by.a.VRID.(Virtual.Route
7ce60	72 20 49 44 65 6e 74 69 66 69 65 72 29 2e 20 49 66 20 79 6f 75 20 73 65 74 75 70 20 6d 75 6c 74	r.IDentifier)..If.you.setup.mult
7ce80	69 70 6c 65 20 67 72 6f 75 70 73 20 6f 6e 20 74 68 65 20 73 61 6d 65 20 69 6e 74 65 72 66 61 63	iple.groups.on.the.same.interfac
7cea0	65 2c 20 74 68 65 69 72 20 56 52 49 44 73 20 6d 75 73 74 20 62 65 20 75 6e 69 71 75 65 20 69 66	e,.their.VRIDs.must.be.unique.if
7cec0	20 74 68 65 79 20 75 73 65 20 74 68 65 20 73 61 6d 65 20 61 64 64 72 65 73 73 20 66 61 6d 69 6c	.they.use.the.same.address.famil
7cee0	79 2c 20 62 75 74 20 69 74 27 73 20 70 6f 73 73 69 62 6c 65 20 28 65 76 65 6e 20 69 66 20 6e 6f	y,.but.it's.possible.(even.if.no
7cf00	74 20 72 65 63 6f 6d 6d 65 6e 64 65 64 20 66 6f 72 20 72 65 61 64 61 62 69 6c 69 74 79 20 72 65	t.recommended.for.readability.re
7cf20	61 73 6f 6e 73 29 20 74 6f 20 75 73 65 20 64 75 70 6c 69 63 61 74 65 20 56 52 49 44 73 20 6f 6e	asons).to.use.duplicate.VRIDs.on
7cf40	20 64 69 66 66 65 72 65 6e 74 20 69 6e 74 65 72 66 61 63 65 73 2e 00 56 52 52 50 20 70 72 69 6f	.different.interfaces..VRRP.prio
7cf60	72 69 74 79 20 63 61 6e 20 62 65 20 73 65 74 20 77 69 74 68 20 60 60 70 72 69 6f 72 69 74 79 60	rity.can.be.set.with.``priority`
7cf80	60 20 6f 70 74 69 6f 6e 3a 00 56 54 49 20 2d 20 56 69 72 74 75 61 6c 20 54 75 6e 6e 65 6c 20 49	`.option:.VTI.-.Virtual.Tunnel.I
7cfa0	6e 74 65 72 66 61 63 65 00 56 58 4c 41 4e 00 56 58 4c 41 4e 20 69 73 20 61 6e 20 65 76 6f 6c 75	nterface.VXLAN.VXLAN.is.an.evolu
7cfc0	74 69 6f 6e 20 6f 66 20 65 66 66 6f 72 74 73 20 74 6f 20 73 74 61 6e 64 61 72 64 69 7a 65 20 61	tion.of.efforts.to.standardize.a
7cfe0	6e 20 6f 76 65 72 6c 61 79 20 65 6e 63 61 70 73 75 6c 61 74 69 6f 6e 20 70 72 6f 74 6f 63 6f 6c	n.overlay.encapsulation.protocol
7d000	2e 20 49 74 20 69 6e 63 72 65 61 73 65 73 20 74 68 65 20 73 63 61 6c 61 62 69 6c 69 74 79 20 75	..It.increases.the.scalability.u
7d020	70 20 74 6f 20 31 36 20 6d 69 6c 6c 69 6f 6e 20 6c 6f 67 69 63 61 6c 20 6e 65 74 77 6f 72 6b 73	p.to.16.million.logical.networks
7d040	20 61 6e 64 20 61 6c 6c 6f 77 73 20 66 6f 72 20 6c 61 79 65 72 20 32 20 61 64 6a 61 63 65 6e 63	.and.allows.for.layer.2.adjacenc
7d060	79 20 61 63 72 6f 73 73 20 49 50 20 6e 65 74 77 6f 72 6b 73 2e 20 4d 75 6c 74 69 63 61 73 74 20	y.across.IP.networks..Multicast.
7d080	6f 72 20 75 6e 69 63 61 73 74 20 77 69 74 68 20 68 65 61 64 2d 65 6e 64 20 72 65 70 6c 69 63 61	or.unicast.with.head-end.replica
7d0a0	74 69 6f 6e 20 28 48 45 52 29 20 69 73 20 75 73 65 64 20 74 6f 20 66 6c 6f 6f 64 20 62 72 6f 61	tion.(HER).is.used.to.flood.broa
7d0c0	64 63 61 73 74 2c 20 75 6e 6b 6e 6f 77 6e 20 75 6e 69 63 61 73 74 2c 20 61 6e 64 20 6d 75 6c 74	dcast,.unknown.unicast,.and.mult
7d0e0	69 63 61 73 74 20 28 42 55 4d 29 20 74 72 61 66 66 69 63 2e 00 56 58 4c 41 4e 20 73 70 65 63 69	icast.(BUM).traffic..VXLAN.speci
7d100	66 69 63 20 6f 70 74 69 6f 6e 73 00 56 58 4c 41 4e 20 77 61 73 20 6f 66 66 69 63 69 61 6c 6c 79	fic.options.VXLAN.was.officially
7d120	20 64 6f 63 75 6d 65 6e 74 65 64 20 62 79 20 74 68 65 20 49 45 54 46 20 69 6e 20 3a 72 66 63 3a	.documented.by.the.IETF.in.:rfc:
7d140	60 37 33 34 38 60 2e 00 56 61 6c 69 64 20 76 61 6c 75 65 73 20 61 72 65 20 30 2e 2e 32 35 35 2e	`7348`..Valid.values.are.0..255.
7d160	00 56 61 6c 75 65 00 56 61 6c 75 65 20 74 6f 20 73 65 6e 64 20 74 6f 20 52 41 44 49 55 53 20 73	.Value.Value.to.send.to.RADIUS.s
7d180	65 72 76 65 72 20 69 6e 20 4e 41 53 2d 49 50 2d 41 64 64 72 65 73 73 20 61 74 74 72 69 62 75 74	erver.in.NAS-IP-Address.attribut
7d1a0	65 20 61 6e 64 20 74 6f 20 62 65 20 6d 61 74 63 68 65 64 20 69 6e 20 44 4d 2f 43 6f 41 20 72 65	e.and.to.be.matched.in.DM/CoA.re
7d1c0	71 75 65 73 74 73 2e 20 41 6c 73 6f 20 44 4d 2f 43 6f 41 20 73 65 72 76 65 72 20 77 69 6c 6c 20	quests..Also.DM/CoA.server.will.
7d1e0	62 69 6e 64 20 74 6f 20 74 68 61 74 20 61 64 64 72 65 73 73 2e 00 56 61 6c 75 65 20 74 6f 20 73	bind.to.that.address..Value.to.s
7d200	65 6e 64 20 74 6f 20 52 41 44 49 55 53 20 73 65 72 76 65 72 20 69 6e 20 4e 41 53 2d 49 64 65 6e	end.to.RADIUS.server.in.NAS-Iden
7d220	74 69 66 69 65 72 20 61 74 74 72 69 62 75 74 65 20 61 6e 64 20 74 6f 20 62 65 20 6d 61 74 63 68	tifier.attribute.and.to.be.match
7d240	65 64 20 69 6e 20 44 4d 2f 43 6f 41 20 72 65 71 75 65 73 74 73 2e 00 56 65 72 69 66 69 63 61 74	ed.in.DM/CoA.requests..Verificat
7d260	69 6f 6e 00 56 65 72 73 69 6f 6e 00 56 69 72 74 75 61 6c 20 45 74 68 65 72 6e 65 74 00 56 69 72	ion.Version.Virtual.Ethernet.Vir
7d280	74 75 61 6c 20 53 65 72 76 65 72 20 61 6c 6c 6f 77 73 20 74 6f 20 4c 6f 61 64 2d 62 61 6c 61 6e	tual.Server.allows.to.Load-balan
7d2a0	63 65 20 74 72 61 66 66 69 63 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 76 69 72 74 75 61 6c 2d 61	ce.traffic.destination.virtual-a
7d2c0	64 64 72 65 73 73 3a 70 6f 72 74 20 62 65 74 77 65 65 6e 20 73 65 76 65 72 61 6c 20 72 65 61 6c	ddress:port.between.several.real
7d2e0	20 73 65 72 76 65 72 73 2e 00 56 69 72 74 75 61 6c 2d 73 65 72 76 65 72 00 56 69 72 74 75 61 6c	.servers..Virtual-server.Virtual
7d300	2d 73 65 72 76 65 72 20 63 61 6e 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 77 69 74 68 20 56	-server.can.be.configured.with.V
7d320	52 52 50 20 76 69 72 74 75 61 6c 20 61 64 64 72 65 73 73 20 6f 72 20 77 69 74 68 6f 75 74 20 56	RRP.virtual.address.or.without.V
7d340	52 52 50 2e 00 56 6f 6c 75 6d 65 20 69 73 20 65 69 74 68 65 72 20 6d 6f 75 6e 74 65 64 20 61 73	RRP..Volume.is.either.mounted.as
7d360	20 72 77 20 28 72 65 61 64 2d 77 72 69 74 65 20 2d 20 64 65 66 61 75 6c 74 29 20 6f 72 20 72 6f	.rw.(read-write.-.default).or.ro
7d380	20 28 72 65 61 64 2d 6f 6e 6c 79 29 00 56 79 4f 53 20 31 2e 31 20 73 75 70 70 6f 72 74 65 64 20	.(read-only).VyOS.1.1.supported.
7d3a0	6c 6f 67 69 6e 20 61 73 20 75 73 65 72 20 60 60 72 6f 6f 74 60 60 2e 20 54 68 69 73 20 68 61 73	login.as.user.``root``..This.has
7d3c0	20 62 65 65 6e 20 72 65 6d 6f 76 65 64 20 64 75 65 20 74 6f 20 74 69 67 68 74 65 72 20 73 65 63	.been.removed.due.to.tighter.sec
7d3e0	75 72 69 74 79 20 69 6e 20 56 79 4f 53 20 31 2e 32 2e 00 56 79 4f 53 20 31 2e 33 20 28 65 71 75	urity.in.VyOS.1.2..VyOS.1.3.(equ
7d400	75 6c 65 75 73 29 20 73 75 70 70 6f 72 74 73 20 44 48 43 50 76 36 2d 50 44 20 28 3a 72 66 63 3a	uleus).supports.DHCPv6-PD.(:rfc:
7d420	60 33 36 33 33 60 29 2e 20 44 48 43 50 76 36 20 50 72 65 66 69 78 20 44 65 6c 65 67 61 74 69 6f	`3633`)..DHCPv6.Prefix.Delegatio
7d440	6e 20 69 73 20 73 75 70 70 6f 72 74 65 64 20 62 79 20 6d 6f 73 74 20 49 53 50 73 20 77 68 6f 20	n.is.supported.by.most.ISPs.who.
7d460	70 72 6f 76 69 64 65 20 6e 61 74 69 76 65 20 49 50 76 36 20 66 6f 72 20 63 6f 6e 73 75 6d 65 72	provide.native.IPv6.for.consumer
7d480	73 20 6f 6e 20 66 69 78 65 64 20 6e 65 74 77 6f 72 6b 73 2e 00 56 79 4f 53 20 31 2e 34 20 28 73	s.on.fixed.networks..VyOS.1.4.(s
7d4a0	61 67 69 74 74 61 29 20 69 6e 74 72 6f 64 75 63 65 64 20 64 79 6e 61 6d 69 63 20 72 6f 75 74 69	agitta).introduced.dynamic.routi
7d4c0	6e 67 20 73 75 70 70 6f 72 74 20 66 6f 72 20 56 52 46 73 2e 00 56 79 4f 53 20 31 2e 34 20 63 68	ng.support.for.VRFs..VyOS.1.4.ch
7d4e0	61 6e 67 65 64 20 74 68 65 20 77 61 79 20 69 6e 20 68 6f 77 20 65 6e 63 72 79 74 69 6f 6e 20 6b	anged.the.way.in.how.encrytion.k
7d500	65 79 73 20 6f 72 20 63 65 72 74 69 66 69 63 61 74 65 73 20 61 72 65 20 73 74 6f 72 65 64 20 6f	eys.or.certificates.are.stored.o
7d520	6e 20 74 68 65 20 73 79 73 74 65 6d 2e 20 49 6e 20 74 68 65 20 70 72 65 20 56 79 4f 53 20 31 2e	n.the.system..In.the.pre.VyOS.1.
7d540	34 20 65 72 61 2c 20 63 65 72 74 69 66 69 63 61 74 65 73 20 67 6f 74 20 73 74 6f 72 65 64 20 75	4.era,.certificates.got.stored.u
7d560	6e 64 65 72 20 2f 63 6f 6e 66 69 67 20 61 6e 64 20 65 76 65 72 79 20 73 65 72 76 69 63 65 20 72	nder./config.and.every.service.r
7d580	65 66 65 72 65 6e 63 65 64 20 61 20 66 69 6c 65 2e 20 54 68 61 74 20 6d 61 64 65 20 63 6f 70 79	eferenced.a.file..That.made.copy
7d5a0	69 6e 67 20 61 20 72 75 6e 6e 69 6e 67 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 66 72 6f 6d	ing.a.running.configuration.from
7d5c0	20 73 79 73 74 65 6d 20 41 20 74 6f 20 73 79 73 74 65 6d 20 42 20 61 20 62 69 74 20 68 61 72 64	.system.A.to.system.B.a.bit.hard
7d5e0	65 72 2c 20 61 73 20 79 6f 75 20 68 61 64 20 74 6f 20 63 6f 70 79 20 74 68 65 20 66 69 6c 65 73	er,.as.you.had.to.copy.the.files
7d600	20 61 6e 64 20 74 68 65 69 72 20 70 65 72 6d 69 73 73 69 6f 6e 73 20 62 79 20 68 61 6e 64 2e 00	.and.their.permissions.by.hand..
7d620	56 79 4f 53 20 31 2e 34 20 75 73 65 73 20 63 68 72 6f 6e 79 20 69 6e 73 74 65 61 64 20 6f 66 20	VyOS.1.4.uses.chrony.instead.of.
7d640	6e 74 70 64 20 28 73 65 65 20 3a 76 79 74 61 73 6b 3a 60 54 33 30 30 38 60 29 20 77 68 69 63 68	ntpd.(see.:vytask:`T3008`).which
7d660	20 77 69 6c 6c 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 63 63 65 70 74 20 61 6e 6f 6e 79 6d 6f 75 73	.will.no.longer.accept.anonymous
7d680	20 4e 54 50 20 72 65 71 75 65 73 74 73 20 61 73 20 69 6e 20 56 79 4f 53 20 31 2e 33 2e 20 41 6c	.NTP.requests.as.in.VyOS.1.3..Al
7d6a0	6c 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 73 20 77 69 6c 6c 20 62 65 20 6d 69 67 72 61 74 65	l.configurations.will.be.migrate
7d6c0	64 20 74 6f 20 6b 65 65 70 20 74 68 65 20 61 6e 6f 6e 79 6d 6f 75 73 20 66 75 6e 63 74 69 6f 6e	d.to.keep.the.anonymous.function
7d6e0	61 6c 69 74 79 2e 20 46 6f 72 20 6e 65 77 20 73 65 74 75 70 73 20 69 66 20 79 6f 75 20 68 61 76	ality..For.new.setups.if.you.hav
7d700	65 20 63 6c 69 65 6e 74 73 20 75 73 69 6e 67 20 79 6f 75 72 20 56 79 4f 53 20 69 6e 73 74 61 6c	e.clients.using.your.VyOS.instal
7d720	6c 61 74 69 6f 6e 20 61 73 20 4e 54 50 20 73 65 72 76 65 72 2c 20 79 6f 75 20 6d 75 73 74 20 73	lation.as.NTP.server,.you.must.s
7d740	70 65 63 69 66 79 20 74 68 65 20 60 61 6c 6c 6f 77 2d 63 6c 69 65 6e 74 60 20 64 69 72 65 63 74	pecify.the.`allow-client`.direct
7d760	69 76 65 2e 00 56 79 4f 53 20 41 72 69 73 74 61 20 45 4f 53 20 73 65 74 75 70 00 56 79 4f 53 20	ive..VyOS.Arista.EOS.setup.VyOS.
7d780	45 53 50 20 67 72 6f 75 70 20 68 61 73 20 74 68 65 20 6e 65 78 74 20 6f 70 74 69 6f 6e 73 3a 00	ESP.group.has.the.next.options:.
7d7a0	56 79 4f 53 20 46 69 65 6c 64 00 56 79 4f 53 20 49 4b 45 20 67 72 6f 75 70 20 68 61 73 20 74 68	VyOS.Field.VyOS.IKE.group.has.th
7d7c0	65 20 6e 65 78 74 20 6f 70 74 69 6f 6e 73 3a 00 56 79 4f 53 20 4d 49 42 73 00 56 79 4f 53 20 4e	e.next.options:.VyOS.MIBs.VyOS.N
7d7e0	41 54 36 36 20 53 69 6d 70 6c 65 20 43 6f 6e 66 69 67 75 72 65 00 56 79 4f 53 20 4e 65 74 77 6f	AT66.Simple.Configure.VyOS.Netwo
7d800	72 6b 20 45 6d 75 6c 61 74 6f 72 20 70 6f 6c 69 63 79 20 65 6d 75 6c 61 74 65 73 20 74 68 65 20	rk.Emulator.policy.emulates.the.
7d820	63 6f 6e 64 69 74 69 6f 6e 73 20 79 6f 75 20 63 61 6e 20 73 75 66 66 65 72 20 69 6e 20 61 20 72	conditions.you.can.suffer.in.a.r
7d840	65 61 6c 20 6e 65 74 77 6f 72 6b 2e 20 59 6f 75 20 77 69 6c 6c 20 62 65 20 61 62 6c 65 20 74 6f	eal.network..You.will.be.able.to
7d860	20 63 6f 6e 66 69 67 75 72 65 20 74 68 69 6e 67 73 20 6c 69 6b 65 20 72 61 74 65 2c 20 62 75 72	.configure.things.like.rate,.bur
7d880	73 74 2c 20 64 65 6c 61 79 2c 20 70 61 63 6b 65 74 20 6c 6f 73 73 2c 20 70 61 63 6b 65 74 20 63	st,.delay,.packet.loss,.packet.c
7d8a0	6f 72 72 75 70 74 69 6f 6e 20 6f 72 20 70 61 63 6b 65 74 20 72 65 6f 72 64 65 72 69 6e 67 2e 00	orruption.or.packet.reordering..
7d8c0	56 79 4f 53 20 4f 70 74 69 6f 6e 00 56 79 4f 53 20 50 6f 6c 69 63 79 2d 42 61 73 65 64 20 52 6f	VyOS.Option.VyOS.Policy-Based.Ro
7d8e0	75 74 69 6e 67 20 28 50 42 52 29 20 77 6f 72 6b 73 20 62 79 20 6d 61 74 63 68 69 6e 67 20 73 6f	uting.(PBR).works.by.matching.so
7d900	75 72 63 65 20 49 50 20 61 64 64 72 65 73 73 20 72 61 6e 67 65 73 20 61 6e 64 20 66 6f 72 77 61	urce.IP.address.ranges.and.forwa
7d920	72 64 69 6e 67 20 74 68 65 20 74 72 61 66 66 69 63 20 75 73 69 6e 67 20 64 69 66 66 65 72 65 6e	rding.the.traffic.using.differen
7d940	74 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 73 2e 00 56 79 4f 53 20 53 4e 4d 50 20 73 75 70 70	t.routing.tables..VyOS.SNMP.supp
7d960	6f 72 74 73 20 62 6f 74 68 20 49 50 76 34 20 61 6e 64 20 49 50 76 36 2e 00 56 79 4f 53 20 61 6c	orts.both.IPv4.and.IPv6..VyOS.al
7d980	73 6f 20 63 6f 6d 65 73 20 77 69 74 68 20 61 20 62 75 69 6c 64 20 69 6e 20 53 53 54 50 20 73 65	so.comes.with.a.build.in.SSTP.se
7d9a0	72 76 65 72 2c 20 73 65 65 20 3a 72 65 66 3a 60 73 73 74 70 60 2e 00 56 79 4f 53 20 61 6c 73 6f	rver,.see.:ref:`sstp`..VyOS.also
7d9c0	20 70 72 6f 76 69 64 65 73 20 44 48 43 50 76 36 20 73 65 72 76 65 72 20 66 75 6e 63 74 69 6f 6e	.provides.DHCPv6.server.function
7d9e0	61 6c 69 74 79 20 77 68 69 63 68 20 69 73 20 64 65 73 63 72 69 62 65 64 20 69 6e 20 74 68 69 73	ality.which.is.described.in.this
7da00	20 73 65 63 74 69 6f 6e 2e 00 56 79 4f 53 20 63 61 6e 20 61 6c 73 6f 20 72 75 6e 20 69 6e 20 44	.section..VyOS.can.also.run.in.D
7da20	4d 56 50 4e 20 73 70 6f 6b 65 20 6d 6f 64 65 2e 00 56 79 4f 53 20 63 61 6e 20 62 65 20 63 6f 6e	MVPN.spoke.mode..VyOS.can.be.con
7da40	66 69 67 75 72 65 64 20 74 6f 20 74 72 61 63 6b 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 75 73 69	figured.to.track.connections.usi
7da60	6e 67 20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 74 72 61 63 6b 69 6e 67 20 73 75 62 73 79	ng.the.connection.tracking.subsy
7da80	73 74 65 6d 2e 20 43 6f 6e 6e 65 63 74 69 6f 6e 20 74 72 61 63 6b 69 6e 67 20 62 65 63 6f 6d 65	stem..Connection.tracking.become
7daa0	73 20 6f 70 65 72 61 74 69 6f 6e 61 6c 20 6f 6e 63 65 20 65 69 74 68 65 72 20 73 74 61 74 65 66	s.operational.once.either.statef
7dac0	75 6c 20 66 69 72 65 77 61 6c 6c 20 6f 72 20 4e 41 54 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64	ul.firewall.or.NAT.is.configured
7dae0	2e 00 56 79 4f 53 20 63 61 6e 20 6e 6f 74 20 6f 6e 6c 79 20 61 63 74 20 61 73 20 61 6e 20 4f 70	..VyOS.can.not.only.act.as.an.Op
7db00	65 6e 56 50 4e 20 73 69 74 65 2d 74 6f 2d 73 69 74 65 20 6f 72 20 73 65 72 76 65 72 20 66 6f 72	enVPN.site-to-site.or.server.for
7db20	20 6d 75 6c 74 69 70 6c 65 20 63 6c 69 65 6e 74 73 2e 20 59 6f 75 20 63 61 6e 20 69 6e 64 65 65	.multiple.clients..You.can.indee
7db40	64 20 61 6c 73 6f 20 63 6f 6e 66 69 67 75 72 65 20 61 6e 79 20 56 79 4f 53 20 4f 70 65 6e 56 50	d.also.configure.any.VyOS.OpenVP
7db60	4e 20 69 6e 74 65 72 66 61 63 65 20 61 73 20 61 6e 20 4f 70 65 6e 56 50 4e 20 63 6c 69 65 6e 74	N.interface.as.an.OpenVPN.client
7db80	20 63 6f 6e 6e 65 63 74 69 6e 67 20 74 6f 20 61 20 56 79 4f 53 20 4f 70 65 6e 56 50 4e 20 73 65	.connecting.to.a.VyOS.OpenVPN.se
7dba0	72 76 65 72 20 6f 72 20 61 6e 79 20 6f 74 68 65 72 20 4f 70 65 6e 56 50 4e 20 73 65 72 76 65 72	rver.or.any.other.OpenVPN.server
7dbc0	2e 00 56 79 4f 53 20 64 65 66 61 75 6c 74 20 77 69 6c 6c 20 62 65 20 60 61 75 74 6f 60 2e 00 56	..VyOS.default.will.be.`auto`..V
7dbe0	79 4f 53 20 64 6f 65 73 20 6e 6f 74 20 68 61 76 65 20 61 20 73 70 65 63 69 61 6c 20 63 6f 6d 6d	yOS.does.not.have.a.special.comm
7dc00	61 6e 64 20 74 6f 20 73 74 61 72 74 20 74 68 65 20 42 61 62 65 6c 20 70 72 6f 63 65 73 73 2e 20	and.to.start.the.Babel.process..
7dc20	54 68 65 20 42 61 62 65 6c 20 70 72 6f 63 65 73 73 20 73 74 61 72 74 73 20 77 68 65 6e 20 74 68	The.Babel.process.starts.when.th
7dc40	65 20 66 69 72 73 74 20 42 61 62 65 6c 20 65 6e 61 62 6c 65 64 20 69 6e 74 65 72 66 61 63 65 20	e.first.Babel.enabled.interface.
7dc60	69 73 20 63 6f 6e 66 69 67 75 72 65 64 2e 00 56 79 4f 53 20 64 6f 65 73 20 6e 6f 74 20 68 61 76	is.configured..VyOS.does.not.hav
7dc80	65 20 61 20 73 70 65 63 69 61 6c 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 73 74 61 72 74 20 74 68 65	e.a.special.command.to.start.the
7dca0	20 4f 53 50 46 20 70 72 6f 63 65 73 73 2e 20 54 68 65 20 4f 53 50 46 20 70 72 6f 63 65 73 73 20	.OSPF.process..The.OSPF.process.
7dcc0	73 74 61 72 74 73 20 77 68 65 6e 20 74 68 65 20 66 69 72 73 74 20 6f 73 70 66 20 65 6e 61 62 6c	starts.when.the.first.ospf.enabl
7dce0	65 64 20 69 6e 74 65 72 66 61 63 65 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 2e 00 56 79 4f 53	ed.interface.is.configured..VyOS
7dd00	20 64 6f 65 73 20 6e 6f 74 20 68 61 76 65 20 61 20 73 70 65 63 69 61 6c 20 63 6f 6d 6d 61 6e 64	.does.not.have.a.special.command
7dd20	20 74 6f 20 73 74 61 72 74 20 74 68 65 20 4f 53 50 46 76 33 20 70 72 6f 63 65 73 73 2e 20 54 68	.to.start.the.OSPFv3.process..Th
7dd40	65 20 4f 53 50 46 76 33 20 70 72 6f 63 65 73 73 20 73 74 61 72 74 73 20 77 68 65 6e 20 74 68 65	e.OSPFv3.process.starts.when.the
7dd60	20 66 69 72 73 74 20 6f 73 70 66 20 65 6e 61 62 6c 65 64 20 69 6e 74 65 72 66 61 63 65 20 69 73	.first.ospf.enabled.interface.is
7dd80	20 63 6f 6e 66 69 67 75 72 65 64 2e 00 56 79 4f 53 20 66 61 63 69 6c 69 74 61 74 65 73 20 49 50	.configured..VyOS.facilitates.IP
7dda0	20 4d 75 6c 74 69 63 61 73 74 20 62 79 20 73 75 70 70 6f 72 74 69 6e 67 20 2a 2a 50 49 4d 20 53	.Multicast.by.supporting.**PIM.S
7ddc0	70 61 72 73 65 20 4d 6f 64 65 2a 2a 2c 20 2a 2a 49 47 4d 50 2a 2a 20 61 6e 64 20 2a 2a 49 47 4d	parse.Mode**,.**IGMP**.and.**IGM
7dde0	50 2d 50 72 6f 78 79 2a 2a 2e 00 56 79 4f 53 20 66 61 63 69 6c 69 74 61 74 65 73 20 49 50 76 36	P-Proxy**..VyOS.facilitates.IPv6
7de00	20 4d 75 6c 74 69 63 61 73 74 20 62 79 20 73 75 70 70 6f 72 74 69 6e 67 20 2a 2a 50 49 4d 76 36	.Multicast.by.supporting.**PIMv6
7de20	2a 2a 20 61 6e 64 20 2a 2a 4d 4c 44 2a 2a 2e 00 56 79 4f 53 20 69 73 20 61 62 6c 65 20 74 6f 20	**.and.**MLD**..VyOS.is.able.to.
7de40	75 70 64 61 74 65 20 61 20 72 65 6d 6f 74 65 20 44 4e 53 20 72 65 63 6f 72 64 20 77 68 65 6e 20	update.a.remote.DNS.record.when.
7de60	61 6e 20 69 6e 74 65 72 66 61 63 65 20 67 65 74 73 20 61 20 6e 65 77 20 49 50 20 61 64 64 72 65	an.interface.gets.a.new.IP.addre
7de80	73 73 2e 20 49 6e 20 6f 72 64 65 72 20 74 6f 20 64 6f 20 73 6f 2c 20 56 79 4f 53 20 69 6e 63 6c	ss..In.order.to.do.so,.VyOS.incl
7dea0	75 64 65 73 20 64 64 63 6c 69 65 6e 74 5f 2c 20 61 20 50 65 72 6c 20 73 63 72 69 70 74 20 77 72	udes.ddclient_,.a.Perl.script.wr
7dec0	69 74 74 65 6e 20 66 6f 72 20 74 68 69 73 20 6f 6e 6c 79 20 6f 6e 65 20 70 75 72 70 6f 73 65 2e	itten.for.this.only.one.purpose.
7dee0	00 56 79 4f 53 20 69 73 20 61 6c 73 6f 20 61 62 6c 65 20 74 6f 20 75 73 65 20 61 6e 79 20 73 65	.VyOS.is.also.able.to.use.any.se
7df00	72 76 69 63 65 20 72 65 6c 79 69 6e 67 20 6f 6e 20 70 72 6f 74 6f 63 6f 6c 73 20 73 75 70 70 6f	rvice.relying.on.protocols.suppo
7df20	72 74 65 64 20 62 79 20 64 64 63 6c 69 65 6e 74 2e 00 56 79 4f 53 20 69 74 73 65 6c 66 20 73 75	rted.by.ddclient..VyOS.itself.su
7df40	70 70 6f 72 74 73 20 53 4e 4d 50 76 32 5f 20 28 76 65 72 73 69 6f 6e 20 32 29 20 61 6e 64 20 53	pports.SNMPv2_.(version.2).and.S
7df60	4e 4d 50 76 33 5f 20 28 76 65 72 73 69 6f 6e 20 33 29 20 77 68 65 72 65 20 74 68 65 20 6c 61 74	NMPv3_.(version.3).where.the.lat
7df80	65 72 20 69 73 20 72 65 63 6f 6d 6d 65 6e 64 65 64 20 62 65 63 61 75 73 65 20 6f 66 20 69 6d 70	er.is.recommended.because.of.imp
7dfa0	72 6f 76 65 64 20 73 65 63 75 72 69 74 79 20 28 6f 70 74 69 6f 6e 61 6c 20 61 75 74 68 65 6e 74	roved.security.(optional.authent
7dfc0	69 63 61 74 69 6f 6e 20 61 6e 64 20 65 6e 63 72 79 70 74 69 6f 6e 29 2e 00 56 79 4f 53 20 6c 65	ication.and.encryption)..VyOS.le
7dfe0	74 73 20 79 6f 75 20 63 6f 6e 74 72 6f 6c 20 74 72 61 66 66 69 63 20 69 6e 20 6d 61 6e 79 20 64	ts.you.control.traffic.in.many.d
7e000	69 66 66 65 72 65 6e 74 20 77 61 79 73 2c 20 68 65 72 65 20 77 65 20 77 69 6c 6c 20 63 6f 76 65	ifferent.ways,.here.we.will.cove
7e020	72 20 65 76 65 72 79 20 70 6f 73 73 69 62 69 6c 69 74 79 2e 20 59 6f 75 20 63 61 6e 20 63 6f 6e	r.every.possibility..You.can.con
7e040	66 69 67 75 72 65 20 61 73 20 6d 61 6e 79 20 70 6f 6c 69 63 69 65 73 20 61 73 20 79 6f 75 20 77	figure.as.many.policies.as.you.w
7e060	61 6e 74 2c 20 62 75 74 20 79 6f 75 20 77 69 6c 6c 20 6f 6e 6c 79 20 62 65 20 61 62 6c 65 20 74	ant,.but.you.will.only.be.able.t
7e080	6f 20 61 70 70 6c 79 20 6f 6e 65 20 70 6f 6c 69 63 79 20 70 65 72 20 69 6e 74 65 72 66 61 63 65	o.apply.one.policy.per.interface
7e0a0	20 61 6e 64 20 64 69 72 65 63 74 69 6f 6e 20 28 69 6e 62 6f 75 6e 64 20 6f 72 20 6f 75 74 62 6f	.and.direction.(inbound.or.outbo
7e0c0	75 6e 64 29 2e 00 56 79 4f 53 20 6d 61 6b 65 73 20 75 73 65 20 6f 66 20 3a 61 62 62 72 3a 60 46	und)..VyOS.makes.use.of.:abbr:`F
7e0e0	52 52 20 28 46 72 65 65 20 52 61 6e 67 65 20 52 6f 75 74 69 6e 67 29 60 20 61 6e 64 20 77 65 20	RR.(Free.Range.Routing)`.and.we.
7e100	77 6f 75 6c 64 20 6c 69 6b 65 20 74 6f 20 74 68 61 6e 6b 20 74 68 65 6d 20 66 6f 72 20 74 68 65	would.like.to.thank.them.for.the
7e120	69 72 20 65 66 66 6f 72 74 21 00 56 79 4f 53 20 6d 61 6b 65 73 20 75 73 65 20 6f 66 20 4c 69 6e	ir.effort!.VyOS.makes.use.of.Lin
7e140	75 78 20 60 6e 65 74 66 69 6c 74 65 72 20 3c 68 74 74 70 73 3a 2f 2f 6e 65 74 66 69 6c 74 65 72	ux.`netfilter.<https://netfilter
7e160	2e 6f 72 67 2f 3e 60 5f 20 66 6f 72 20 70 61 63 6b 65 74 20 66 69 6c 74 65 72 69 6e 67 2e 00 56	.org/>`_.for.packet.filtering..V
7e180	79 4f 53 20 6e 6f 74 20 6f 6e 6c 79 20 63 61 6e 20 6e 6f 77 20 6d 61 6e 61 67 65 20 63 65 72 74	yOS.not.only.can.now.manage.cert
7e1a0	69 66 69 63 61 74 65 73 20 69 73 73 75 65 64 20 62 79 20 33 72 64 20 70 61 72 74 79 20 43 65 72	ificates.issued.by.3rd.party.Cer
7e1c0	74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 69 65 73 2c 20 69 74 20 63 61 6e 20 61 6c 73	tificate.Authorities,.it.can.als
7e1e0	6f 20 61 63 74 20 61 73 20 61 20 43 41 20 6f 6e 20 69 74 73 20 6f 77 6e 2e 20 59 6f 75 20 63 61	o.act.as.a.CA.on.its.own..You.ca
7e200	6e 20 63 72 65 61 74 65 20 79 6f 75 72 20 6f 77 6e 20 72 6f 6f 74 20 43 41 20 61 6e 64 20 73 69	n.create.your.own.root.CA.and.si
7e220	67 6e 20 6b 65 79 73 20 77 69 74 68 20 69 74 20 62 79 20 6d 61 6b 69 6e 67 20 75 73 65 20 6f 66	gn.keys.with.it.by.making.use.of
7e240	20 73 6f 6d 65 20 73 69 6d 70 6c 65 20 6f 70 2d 6d 6f 64 65 20 63 6f 6d 6d 61 6e 64 73 2e 00 56	.some.simple.op-mode.commands..V
7e260	79 4f 53 20 6e 6f 77 20 61 6c 73 6f 20 68 61 73 20 74 68 65 20 61 62 69 6c 69 74 79 20 74 6f 20	yOS.now.also.has.the.ability.to.
7e280	63 72 65 61 74 65 20 43 41 73 2c 20 6b 65 79 73 2c 20 44 69 66 66 69 65 2d 48 65 6c 6c 6d 61 6e	create.CAs,.keys,.Diffie-Hellman
7e2a0	20 61 6e 64 20 6f 74 68 65 72 20 6b 65 79 70 61 69 72 73 20 66 72 6f 6d 20 61 6e 20 65 61 73 79	.and.other.keypairs.from.an.easy
7e2c0	20 74 6f 20 61 63 63 65 73 73 20 6f 70 65 72 61 74 69 6f 6e 61 6c 20 6c 65 76 65 6c 20 63 6f 6d	.to.access.operational.level.com
7e2e0	6d 61 6e 64 2e 00 56 79 4f 53 20 6f 70 65 72 61 74 69 6f 6e 61 6c 20 6d 6f 64 65 20 63 6f 6d 6d	mand..VyOS.operational.mode.comm
7e300	61 6e 64 73 20 61 72 65 20 6e 6f 74 20 6f 6e 6c 79 20 61 76 61 69 6c 61 62 6c 65 20 66 6f 72 20	ands.are.not.only.available.for.
7e320	67 65 6e 65 72 61 74 69 6e 67 20 6b 65 79 73 20 62 75 74 20 61 6c 73 6f 20 74 6f 20 64 69 73 70	generating.keys.but.also.to.disp
7e340	6c 61 79 20 74 68 65 6d 2e 00 56 79 4f 53 20 70 72 6f 76 69 64 65 20 61 6e 20 48 54 54 50 20 41	lay.them..VyOS.provide.an.HTTP.A
7e360	50 49 2e 20 59 6f 75 20 63 61 6e 20 75 73 65 20 69 74 20 74 6f 20 65 78 65 63 75 74 65 20 6f 70	PI..You.can.use.it.to.execute.op
7e380	2d 6d 6f 64 65 20 63 6f 6d 6d 61 6e 64 73 2c 20 75 70 64 61 74 65 20 56 79 4f 53 2c 20 73 65 74	-mode.commands,.update.VyOS,.set
7e3a0	20 6f 72 20 64 65 6c 65 74 65 20 63 6f 6e 66 69 67 2e 00 56 79 4f 53 20 70 72 6f 76 69 64 65 73	.or.delete.config..VyOS.provides
7e3c0	20 44 4e 53 20 69 6e 66 72 61 73 74 72 75 63 74 75 72 65 20 66 6f 72 20 73 6d 61 6c 6c 20 6e 65	.DNS.infrastructure.for.small.ne
7e3e0	74 77 6f 72 6b 73 2e 20 49 74 20 69 73 20 64 65 73 69 67 6e 65 64 20 74 6f 20 62 65 20 6c 69 67	tworks..It.is.designed.to.be.lig
7e400	68 74 77 65 69 67 68 74 20 61 6e 64 20 68 61 76 65 20 61 20 73 6d 61 6c 6c 20 66 6f 6f 74 70 72	htweight.and.have.a.small.footpr
7e420	69 6e 74 2c 20 73 75 69 74 61 62 6c 65 20 66 6f 72 20 72 65 73 6f 75 72 63 65 20 63 6f 6e 73 74	int,.suitable.for.resource.const
7e440	72 61 69 6e 65 64 20 72 6f 75 74 65 72 73 20 61 6e 64 20 66 69 72 65 77 61 6c 6c 73 2e 20 46 6f	rained.routers.and.firewalls..Fo
7e460	72 20 74 68 69 73 20 77 65 20 75 74 69 6c 69 7a 65 20 50 6f 77 65 72 44 4e 53 20 72 65 63 75 72	r.this.we.utilize.PowerDNS.recur
7e480	73 6f 72 2e 00 56 79 4f 53 20 70 72 6f 76 69 64 65 73 20 70 6f 6c 69 63 69 65 73 20 63 6f 6d 6d	sor..VyOS.provides.policies.comm
7e4a0	61 6e 64 73 20 65 78 63 6c 75 73 69 76 65 6c 79 20 66 6f 72 20 42 47 50 20 74 72 61 66 66 69 63	ands.exclusively.for.BGP.traffic
7e4c0	20 66 69 6c 74 65 72 69 6e 67 20 61 6e 64 20 6d 61 6e 69 70 75 6c 61 74 69 6f 6e 3a 20 2a 2a 61	.filtering.and.manipulation:.**a
7e4e0	73 2d 70 61 74 68 2d 6c 69 73 74 2a 2a 20 69 73 20 6f 6e 65 20 6f 66 20 74 68 65 6d 2e 00 56 79	s-path-list**.is.one.of.them..Vy
7e500	4f 53 20 70 72 6f 76 69 64 65 73 20 70 6f 6c 69 63 69 65 73 20 63 6f 6d 6d 61 6e 64 73 20 65 78	OS.provides.policies.commands.ex
7e520	63 6c 75 73 69 76 65 6c 79 20 66 6f 72 20 42 47 50 20 74 72 61 66 66 69 63 20 66 69 6c 74 65 72	clusively.for.BGP.traffic.filter
7e540	69 6e 67 20 61 6e 64 20 6d 61 6e 69 70 75 6c 61 74 69 6f 6e 3a 20 2a 2a 63 6f 6d 6d 75 6e 69 74	ing.and.manipulation:.**communit
7e560	79 2d 6c 69 73 74 2a 2a 20 69 73 20 6f 6e 65 20 6f 66 20 74 68 65 6d 2e 00 56 79 4f 53 20 70 72	y-list**.is.one.of.them..VyOS.pr
7e580	6f 76 69 64 65 73 20 70 6f 6c 69 63 69 65 73 20 63 6f 6d 6d 61 6e 64 73 20 65 78 63 6c 75 73 69	ovides.policies.commands.exclusi
7e5a0	76 65 6c 79 20 66 6f 72 20 42 47 50 20 74 72 61 66 66 69 63 20 66 69 6c 74 65 72 69 6e 67 20 61	vely.for.BGP.traffic.filtering.a
7e5c0	6e 64 20 6d 61 6e 69 70 75 6c 61 74 69 6f 6e 3a 20 2a 2a 65 78 74 63 6f 6d 6d 75 6e 69 74 79 2d	nd.manipulation:.**extcommunity-
7e5e0	6c 69 73 74 2a 2a 20 69 73 20 6f 6e 65 20 6f 66 20 74 68 65 6d 2e 00 56 79 4f 53 20 70 72 6f 76	list**.is.one.of.them..VyOS.prov
7e600	69 64 65 73 20 70 6f 6c 69 63 69 65 73 20 63 6f 6d 6d 61 6e 64 73 20 65 78 63 6c 75 73 69 76 65	ides.policies.commands.exclusive
7e620	6c 79 20 66 6f 72 20 42 47 50 20 74 72 61 66 66 69 63 20 66 69 6c 74 65 72 69 6e 67 20 61 6e 64	ly.for.BGP.traffic.filtering.and
7e640	20 6d 61 6e 69 70 75 6c 61 74 69 6f 6e 3a 20 2a 2a 6c 61 72 67 65 2d 63 6f 6d 6d 75 6e 69 74 79	.manipulation:.**large-community
7e660	2d 6c 69 73 74 2a 2a 20 69 73 20 6f 6e 65 20 6f 66 20 74 68 65 6d 2e 00 56 79 4f 53 20 70 72 6f	-list**.is.one.of.them..VyOS.pro
7e680	76 69 64 65 73 20 73 6f 6d 65 20 6f 70 65 72 61 74 69 6f 6e 61 6c 20 63 6f 6d 6d 61 6e 64 73 20	vides.some.operational.commands.
7e6a0	6f 6e 20 4f 70 65 6e 56 50 4e 2e 00 56 79 4f 53 20 70 72 6f 76 69 64 65 73 20 73 75 70 70 6f 72	on.OpenVPN..VyOS.provides.suppor
7e6c0	74 20 66 6f 72 20 44 48 43 50 20 66 61 69 6c 6f 76 65 72 2e 20 44 48 43 50 20 66 61 69 6c 6f 76	t.for.DHCP.failover..DHCP.failov
7e6e0	65 72 20 6d 75 73 74 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 65 78 70 6c 69 63 69 74 6c 79	er.must.be.configured.explicitly
7e700	20 62 79 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 73 74 61 74 65 6d 65 6e 74 73 2e 00 56 79	.by.the.following.statements..Vy
7e720	4f 53 20 72 65 76 65 72 73 65 2d 70 72 6f 78 79 20 69 73 20 62 61 6c 61 6e 63 65 72 20 61 6e 64	OS.reverse-proxy.is.balancer.and
7e740	20 70 72 6f 78 79 20 73 65 72 76 65 72 20 74 68 61 74 20 70 72 6f 76 69 64 65 73 20 68 69 67 68	.proxy.server.that.provides.high
7e760	2d 61 76 61 69 6c 61 62 69 6c 69 74 79 2c 20 6c 6f 61 64 20 62 61 6c 61 6e 63 69 6e 67 20 61 6e	-availability,.load.balancing.an
7e780	64 20 70 72 6f 78 79 69 6e 67 20 66 6f 72 20 54 43 50 20 28 6c 65 76 65 6c 20 34 29 20 61 6e 64	d.proxying.for.TCP.(level.4).and
7e7a0	20 48 54 54 50 2d 62 61 73 65 64 20 28 6c 65 76 65 6c 20 37 29 20 61 70 70 6c 69 63 61 74 69 6f	.HTTP-based.(level.7).applicatio
7e7c0	6e 73 2e 00 56 79 4f 53 20 73 75 70 70 6f 72 74 73 20 62 6f 74 68 20 49 47 4d 50 20 76 65 72 73	ns..VyOS.supports.both.IGMP.vers
7e7e0	69 6f 6e 20 32 20 61 6e 64 20 76 65 72 73 69 6f 6e 20 33 20 28 77 68 69 63 68 20 61 6c 6c 6f 77	ion.2.and.version.3.(which.allow
7e800	73 20 73 6f 75 72 63 65 2d 73 70 65 63 69 66 69 63 20 6d 75 6c 74 69 63 61 73 74 29 2e 00 56 79	s.source-specific.multicast)..Vy
7e820	4f 53 20 73 75 70 70 6f 72 74 73 20 62 6f 74 68 20 4d 4c 44 20 76 65 72 73 69 6f 6e 20 31 20 61	OS.supports.both.MLD.version.1.a
7e840	6e 64 20 76 65 72 73 69 6f 6e 20 32 20 28 77 68 69 63 68 20 61 6c 6c 6f 77 73 20 73 6f 75 72 63	nd.version.2.(which.allows.sourc
7e860	65 2d 73 70 65 63 69 66 69 63 20 6d 75 6c 74 69 63 61 73 74 29 2e 00 56 79 4f 53 20 73 75 70 70	e-specific.multicast)..VyOS.supp
7e880	6f 72 74 73 20 66 6c 6f 77 2d 61 63 63 6f 75 6e 74 69 6e 67 20 66 6f 72 20 62 6f 74 68 20 49 50	orts.flow-accounting.for.both.IP
7e8a0	76 34 20 61 6e 64 20 49 50 76 36 20 74 72 61 66 66 69 63 2e 20 54 68 65 20 73 79 73 74 65 6d 20	v4.and.IPv6.traffic..The.system.
7e8c0	61 63 74 73 20 61 73 20 61 20 66 6c 6f 77 20 65 78 70 6f 72 74 65 72 2c 20 61 6e 64 20 79 6f 75	acts.as.a.flow.exporter,.and.you
7e8e0	20 61 72 65 20 66 72 65 65 20 74 6f 20 75 73 65 20 69 74 20 77 69 74 68 20 61 6e 79 20 63 6f 6d	.are.free.to.use.it.with.any.com
7e900	70 61 74 69 62 6c 65 20 63 6f 6c 6c 65 63 74 6f 72 2e 00 56 79 4f 53 20 73 75 70 70 6f 72 74 73	patible.collector..VyOS.supports
7e920	20 73 46 6c 6f 77 20 61 63 63 6f 75 6e 74 69 6e 67 20 66 6f 72 20 62 6f 74 68 20 49 50 76 34 20	.sFlow.accounting.for.both.IPv4.
7e940	61 6e 64 20 49 50 76 36 20 74 72 61 66 66 69 63 2e 20 54 68 65 20 73 79 73 74 65 6d 20 61 63 74	and.IPv6.traffic..The.system.act
7e960	73 20 61 73 20 61 20 66 6c 6f 77 20 65 78 70 6f 72 74 65 72 2c 20 61 6e 64 20 79 6f 75 20 61 72	s.as.a.flow.exporter,.and.you.ar
7e980	65 20 66 72 65 65 20 74 6f 20 75 73 65 20 69 74 20 77 69 74 68 20 61 6e 79 20 63 6f 6d 70 61 74	e.free.to.use.it.with.any.compat
7e9a0	69 62 6c 65 20 63 6f 6c 6c 65 63 74 6f 72 2e 00 56 79 4f 53 20 73 75 70 70 6f 72 74 73 20 73 65	ible.collector..VyOS.supports.se
7e9c0	74 74 69 6e 67 20 74 69 6d 65 6f 75 74 73 20 66 6f 72 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 61	tting.timeouts.for.connections.a
7e9e0	63 63 6f 72 64 69 6e 67 20 74 6f 20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 74 79 70 65 2e	ccording.to.the.connection.type.
7ea00	20 59 6f 75 20 63 61 6e 20 73 65 74 20 74 69 6d 65 6f 75 74 20 76 61 6c 75 65 73 20 66 6f 72 20	.You.can.set.timeout.values.for.
7ea20	67 65 6e 65 72 69 63 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 2c 20 66 6f 72 20 49 43 4d 50 20 63 6f	generic.connections,.for.ICMP.co
7ea40	6e 6e 65 63 74 69 6f 6e 73 2c 20 55 44 50 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 2c 20 6f 72 20 66	nnections,.UDP.connections,.or.f
7ea60	6f 72 20 54 43 50 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 69 6e 20 61 20 6e 75 6d 62 65 72 20 6f	or.TCP.connections.in.a.number.o
7ea80	66 20 64 69 66 66 65 72 65 6e 74 20 73 74 61 74 65 73 2e 00 56 79 4f 53 20 73 75 70 70 6f 72 74	f.different.states..VyOS.support
7eaa0	73 20 73 65 74 74 69 6e 67 20 75 70 20 50 50 50 6f 45 20 69 6e 20 74 77 6f 20 64 69 66 66 65 72	s.setting.up.PPPoE.in.two.differ
7eac0	65 6e 74 20 77 61 79 73 20 74 6f 20 61 20 50 50 50 6f 45 20 69 6e 74 65 72 6e 65 74 20 63 6f 6e	ent.ways.to.a.PPPoE.internet.con
7eae0	6e 65 63 74 69 6f 6e 2e 20 54 68 69 73 20 69 73 20 62 65 63 61 75 73 65 20 6d 6f 73 74 20 49 53	nection..This.is.because.most.IS
7eb00	50 73 20 70 72 6f 76 69 64 65 20 61 20 6d 6f 64 65 6d 20 74 68 61 74 20 69 73 20 61 6c 73 6f 20	Ps.provide.a.modem.that.is.also.
7eb20	61 20 77 69 72 65 6c 65 73 73 20 72 6f 75 74 65 72 2e 00 56 79 4f 53 20 75 73 65 73 20 49 53 43	a.wireless.router..VyOS.uses.ISC
7eb40	20 44 48 43 50 20 73 65 72 76 65 72 20 66 6f 72 20 62 6f 74 68 20 49 50 76 34 20 61 6e 64 20 49	.DHCP.server.for.both.IPv4.and.I
7eb60	50 76 36 20 61 64 64 72 65 73 73 20 61 73 73 69 67 6e 6d 65 6e 74 2e 00 56 79 4f 53 20 75 73 65	Pv6.address.assignment..VyOS.use
7eb80	73 20 74 68 65 20 60 69 6e 74 65 72 66 61 63 65 73 20 77 77 61 6e 60 20 73 75 62 73 79 73 74 65	s.the.`interfaces.wwan`.subsyste
7eba0	6d 20 66 6f 72 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2e 00 56 79 4f 53 20 75 73 65 73 20 74	m.for.configuration..VyOS.uses.t
7ebc0	68 65 20 60 6d 69 72 72 6f 72 60 20 6f 70 74 69 6f 6e 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20	he.`mirror`.option.to.configure.
7ebe0	70 6f 72 74 20 6d 69 72 72 6f 72 69 6e 67 2e 20 54 68 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f	port.mirroring..The.configuratio
7ec00	6e 20 69 73 20 64 69 76 69 64 65 64 20 69 6e 74 6f 20 32 20 64 69 66 66 65 72 65 6e 74 20 64 69	n.is.divided.into.2.different.di
7ec20	72 65 63 74 69 6f 6e 73 2e 20 44 65 73 74 69 6e 61 74 69 6f 6e 20 70 6f 72 74 73 20 73 68 6f 75	rections..Destination.ports.shou
7ec40	6c 64 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 66 6f 72 20 64 69 66 66 65 72 65 6e 74 20 74	ld.be.configured.for.different.t
7ec60	72 61 66 66 69 63 20 64 69 72 65 63 74 69 6f 6e 73 2e 00 56 79 4f 53 20 75 74 69 6c 69 7a 65 73	raffic.directions..VyOS.utilizes
7ec80	20 60 61 63 63 65 6c 2d 70 70 70 60 5f 20 74 6f 20 70 72 6f 76 69 64 65 20 3a 61 62 62 72 3a 60	.`accel-ppp`_.to.provide.:abbr:`
7eca0	49 50 6f 45 20 28 49 6e 74 65 72 6e 65 74 20 50 72 6f 74 6f 63 6f 6c 20 6f 76 65 72 20 45 74 68	IPoE.(Internet.Protocol.over.Eth
7ecc0	65 72 6e 65 74 29 60 20 73 65 72 76 65 72 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79 2e 20 49 74	ernet)`.server.functionality..It
7ece0	20 63 61 6e 20 62 65 20 75 73 65 64 20 77 69 74 68 20 6c 6f 63 61 6c 20 61 75 74 68 65 6e 74 69	.can.be.used.with.local.authenti
7ed00	63 61 74 69 6f 6e 20 28 6d 61 63 2d 61 64 64 72 65 73 73 29 20 6f 72 20 61 20 63 6f 6e 6e 65 63	cation.(mac-address).or.a.connec
7ed20	74 65 64 20 52 41 44 49 55 53 20 73 65 72 76 65 72 2e 00 56 79 4f 53 20 75 74 69 6c 69 7a 65 73	ted.RADIUS.server..VyOS.utilizes
7ed40	20 60 61 63 63 65 6c 2d 70 70 70 60 5f 20 74 6f 20 70 72 6f 76 69 64 65 20 50 50 50 6f 45 20 73	.`accel-ppp`_.to.provide.PPPoE.s
7ed60	65 72 76 65 72 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79 2e 20 49 74 20 63 61 6e 20 62 65 20 75	erver.functionality..It.can.be.u
7ed80	73 65 64 20 77 69 74 68 20 6c 6f 63 61 6c 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 6f 72	sed.with.local.authentication.or
7eda0	20 61 20 63 6f 6e 6e 65 63 74 65 64 20 52 41 44 49 55 53 20 73 65 72 76 65 72 2e 00 56 79 4f 53	.a.connected.RADIUS.server..VyOS
7edc0	20 75 74 69 6c 69 7a 65 73 20 61 63 63 65 6c 2d 70 70 70 5f 20 74 6f 20 70 72 6f 76 69 64 65 20	.utilizes.accel-ppp_.to.provide.
7ede0	4c 32 54 50 20 73 65 72 76 65 72 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79 2e 20 49 74 20 63 61	L2TP.server.functionality..It.ca
7ee00	6e 20 62 65 20 75 73 65 64 20 77 69 74 68 20 6c 6f 63 61 6c 20 61 75 74 68 65 6e 74 69 63 61 74	n.be.used.with.local.authenticat
7ee20	69 6f 6e 20 6f 72 20 61 20 63 6f 6e 6e 65 63 74 65 64 20 52 41 44 49 55 53 20 73 65 72 76 65 72	ion.or.a.connected.RADIUS.server
7ee40	2e 00 56 79 4f 53 20 75 74 69 6c 69 7a 65 73 20 61 63 63 65 6c 2d 70 70 70 5f 20 74 6f 20 70 72	..VyOS.utilizes.accel-ppp_.to.pr
7ee60	6f 76 69 64 65 20 53 53 54 50 20 73 65 72 76 65 72 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79 2e	ovide.SSTP.server.functionality.
7ee80	20 57 65 20 73 75 70 70 6f 72 74 20 62 6f 74 68 20 6c 6f 63 61 6c 20 61 6e 64 20 52 41 44 49 55	.We.support.both.local.and.RADIU
7eea0	53 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 2e 00 57 41 4e 20 4c 6f 61 64 20 42 61 6c 61 63	S.authentication..WAN.Load.Balac
7eec0	69 6e 67 20 73 68 6f 75 6c 64 20 6e 6f 74 20 62 65 20 75 73 65 64 20 77 68 65 6e 20 64 79 6e 61	ing.should.not.be.used.when.dyna
7eee0	6d 69 63 20 72 6f 75 74 69 6e 67 20 70 72 6f 74 6f 63 6f 6c 20 69 73 20 75 73 65 64 2f 6e 65 65	mic.routing.protocol.is.used/nee
7ef00	64 65 64 2e 20 54 68 69 73 20 66 65 61 74 75 72 65 20 63 72 65 61 74 65 73 20 63 75 73 74 6f 6d	ded..This.feature.creates.custom
7ef20	69 7a 65 64 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 73 20 61 6e 64 20 66 69 72 65 77 61 6c 6c	ized.routing.tables.and.firewall
7ef40	20 72 75 6c 65 73 2c 20 74 68 61 74 20 6d 61 6b 65 73 20 69 74 20 69 6e 63 6f 6d 70 61 74 69 62	.rules,.that.makes.it.incompatib
7ef60	6c 65 20 74 6f 20 75 73 65 20 77 69 74 68 20 72 6f 75 74 69 6e 67 20 70 72 6f 74 6f 63 6f 6c 73	le.to.use.with.routing.protocols
7ef80	2e 00 57 41 4e 20 69 6e 74 65 72 66 61 63 65 20 6f 6e 20 60 65 74 68 31 60 00 57 41 4e 20 6c 6f	..WAN.interface.on.`eth1`.WAN.lo
7efa0	61 64 20 62 61 6c 61 6e 63 69 6e 67 00 57 4c 41 4e 2f 57 49 46 49 20 2d 20 57 69 72 65 6c 65 73	ad.balancing.WLAN/WIFI.-.Wireles
7efc0	73 20 4c 41 4e 00 57 4d 4d 2d 50 53 20 55 6e 73 63 68 65 64 75 6c 65 64 20 41 75 74 6f 6d 61 74	s.LAN.WMM-PS.Unscheduled.Automat
7efe0	69 63 20 50 6f 77 65 72 20 53 61 76 65 20 44 65 6c 69 76 65 72 79 20 5b 55 2d 41 50 53 44 5d 00	ic.Power.Save.Delivery.[U-APSD].
7f000	57 50 41 20 70 61 73 73 70 68 72 61 73 65 20 60 60 31 32 33 34 35 36 37 38 60 60 00 57 57 41 4e	WPA.passphrase.``12345678``.WWAN
7f020	20 2d 20 57 69 72 65 6c 65 73 73 20 57 69 64 65 2d 41 72 65 61 2d 4e 65 74 77 6f 72 6b 00 57 61	.-.Wireless.Wide-Area-Network.Wa
7f040	72 6e 69 6e 67 00 57 61 72 6e 69 6e 67 20 63 6f 6e 64 69 74 69 6f 6e 73 00 57 65 20 61 73 73 75	rning.Warning.conditions.We.assu
7f060	6d 65 20 74 68 61 74 20 74 68 65 20 4c 45 46 54 20 72 6f 75 74 65 72 20 68 61 73 20 73 74 61 74	me.that.the.LEFT.router.has.stat
7f080	69 63 20 31 39 32 2e 30 2e 32 2e 31 30 20 61 64 64 72 65 73 73 20 6f 6e 20 65 74 68 30 2c 20 61	ic.192.0.2.10.address.on.eth0,.a
7f0a0	6e 64 20 74 68 65 20 52 49 47 48 54 20 72 6f 75 74 65 72 20 68 61 73 20 61 20 64 79 6e 61 6d 69	nd.the.RIGHT.router.has.a.dynami
7f0c0	63 20 61 64 64 72 65 73 73 20 6f 6e 20 65 74 68 30 2e 00 57 65 20 63 61 6e 20 61 6c 73 6f 20 63	c.address.on.eth0..We.can.also.c
7f0e0	72 65 61 74 65 20 74 68 65 20 63 65 72 74 69 66 69 63 61 74 65 73 20 75 73 69 6e 67 20 43 65 72	reate.the.certificates.using.Cer
7f100	62 6f 72 74 20 77 68 69 63 68 20 69 73 20 61 6e 20 65 61 73 79 2d 74 6f 2d 75 73 65 20 63 6c 69	bort.which.is.an.easy-to-use.cli
7f120	65 6e 74 20 74 68 61 74 20 66 65 74 63 68 65 73 20 61 20 63 65 72 74 69 66 69 63 61 74 65 20 66	ent.that.fetches.a.certificate.f
7f140	72 6f 6d 20 4c 65 74 27 73 20 45 6e 63 72 79 70 74 20 61 6e 20 6f 70 65 6e 20 63 65 72 74 69 66	rom.Let's.Encrypt.an.open.certif
7f160	69 63 61 74 65 20 61 75 74 68 6f 72 69 74 79 20 6c 61 75 6e 63 68 65 64 20 62 79 20 74 68 65 20	icate.authority.launched.by.the.
7f180	45 46 46 2c 20 4d 6f 7a 69 6c 6c 61 2c 20 61 6e 64 20 6f 74 68 65 72 73 20 61 6e 64 20 64 65 70	EFF,.Mozilla,.and.others.and.dep
7f1a0	6c 6f 79 73 20 69 74 20 74 6f 20 61 20 77 65 62 20 73 65 72 76 65 72 2e 00 57 65 20 63 61 6e 20	loys.it.to.a.web.server..We.can.
7f1c0	62 75 69 6c 64 20 72 6f 75 74 65 2d 6d 61 70 73 20 66 6f 72 20 69 6d 70 6f 72 74 20 62 61 73 65	build.route-maps.for.import.base
7f1e0	64 20 6f 6e 20 74 68 65 73 65 20 73 74 61 74 65 73 2e 20 48 65 72 65 20 69 73 20 61 20 73 69 6d	d.on.these.states..Here.is.a.sim
7f200	70 6c 65 20 52 50 4b 49 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2c 20 77 68 65 72 65 20 60 72	ple.RPKI.configuration,.where.`r
7f220	6f 75 74 69 6e 61 74 6f 72 60 20 69 73 20 74 68 65 20 52 50 4b 49 2d 76 61 6c 69 64 61 74 69 6e	outinator`.is.the.RPKI-validatin
7f240	67 20 22 63 61 63 68 65 22 20 73 65 72 76 65 72 20 77 69 74 68 20 69 70 20 60 31 39 32 2e 30 2e	g."cache".server.with.ip.`192.0.
7f260	32 2e 31 60 3a 00 57 65 20 63 61 6e 27 74 20 73 75 70 70 6f 72 74 20 61 6c 6c 20 64 69 73 70 6c	2.1`:.We.can't.support.all.displ
7f280	61 79 73 20 66 72 6f 6d 20 74 68 65 20 62 65 67 69 6e 6e 69 6e 67 2e 20 49 66 20 79 6f 75 72 20	ays.from.the.beginning..If.your.
7f2a0	64 69 73 70 6c 61 79 20 74 79 70 65 20 69 73 20 6d 69 73 73 69 6e 67 2c 20 70 6c 65 61 73 65 20	display.type.is.missing,.please.
7f2c0	63 72 65 61 74 65 20 61 20 66 65 61 74 75 72 65 20 72 65 71 75 65 73 74 20 76 69 61 20 50 68 61	create.a.feature.request.via.Pha
7f2e0	62 72 69 63 61 74 6f 72 5f 2e 00 57 65 20 63 6f 75 6c 64 20 65 78 70 61 6e 64 20 6f 6e 20 74 68	bricator_..We.could.expand.on.th
7f300	69 73 20 61 6e 64 20 61 6c 73 6f 20 64 65 6e 79 20 6c 69 6e 6b 20 6c 6f 63 61 6c 20 61 6e 64 20	is.and.also.deny.link.local.and.
7f320	6d 75 6c 74 69 63 61 73 74 20 69 6e 20 74 68 65 20 72 75 6c 65 20 32 30 20 61 63 74 69 6f 6e 20	multicast.in.the.rule.20.action.
7f340	64 65 6e 79 2e 00 57 65 20 64 6f 20 6e 6f 74 20 68 61 76 65 20 43 4c 49 20 6e 6f 64 65 73 20 66	deny..We.do.not.have.CLI.nodes.f
7f360	6f 72 20 65 76 65 72 79 20 73 69 6e 67 6c 65 20 4f 70 65 6e 56 50 4e 20 6f 70 74 69 6f 6e 2e 20	or.every.single.OpenVPN.option..
7f380	49 66 20 61 6e 20 6f 70 74 69 6f 6e 20 69 73 20 6d 69 73 73 69 6e 67 2c 20 61 20 66 65 61 74 75	If.an.option.is.missing,.a.featu
7f3a0	72 65 20 72 65 71 75 65 73 74 20 73 68 6f 75 6c 64 20 62 65 20 6f 70 65 6e 65 64 20 61 74 20 50	re.request.should.be.opened.at.P
7f3c0	68 61 62 72 69 63 61 74 6f 72 5f 20 73 6f 20 61 6c 6c 20 75 73 65 72 73 20 63 61 6e 20 62 65 6e	habricator_.so.all.users.can.ben
7f3e0	65 66 69 74 20 66 72 6f 6d 20 69 74 20 28 73 65 65 20 3a 72 65 66 3a 60 69 73 73 75 65 73 5f 66	efit.from.it.(see.:ref:`issues_f
7f400	65 61 74 75 72 65 73 60 29 2e 00 57 65 20 64 6f 6e 27 74 20 72 65 63 6f 6d 65 6e 64 20 74 6f 20	eatures`)..We.don't.recomend.to.
7f420	75 73 65 20 61 72 67 75 6d 65 6e 74 73 2e 20 55 73 69 6e 67 20 65 6e 76 69 72 6f 6e 6d 65 6e 74	use.arguments..Using.environment
7f440	73 20 69 73 20 6d 6f 72 65 20 70 72 65 66 66 65 72 65 62 6c 65 2e 00 57 65 20 6c 69 73 74 65 6e	s.is.more.preffereble..We.listen
7f460	20 6f 6e 20 70 6f 72 74 20 35 31 38 32 30 00 57 65 20 6e 65 65 64 20 74 6f 20 67 65 6e 65 72 61	.on.port.51820.We.need.to.genera
7f480	74 65 20 74 68 65 20 63 65 72 74 69 66 69 63 61 74 65 20 77 68 69 63 68 20 61 75 74 68 65 6e 74	te.the.certificate.which.authent
7f4a0	69 63 61 74 65 73 20 75 73 65 72 73 20 77 68 6f 20 61 74 74 65 6d 70 74 20 74 6f 20 61 63 63 65	icates.users.who.attempt.to.acce
7f4c0	73 73 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 72 65 73 6f 75 72 63 65 20 74 68 72 6f 75 67 68 20	ss.the.network.resource.through.
7f4e0	74 68 65 20 53 53 4c 20 56 50 4e 20 74 75 6e 6e 65 6c 73 2e 20 54 68 65 20 66 6f 6c 6c 6f 77 69	the.SSL.VPN.tunnels..The.followi
7f500	6e 67 20 63 6f 6d 6d 61 6e 64 73 20 77 69 6c 6c 20 63 72 65 61 74 65 20 61 20 73 65 6c 66 20 73	ng.commands.will.create.a.self.s
7f520	69 67 6e 65 64 20 63 65 72 74 69 66 69 63 61 74 65 73 20 61 6e 64 20 77 69 6c 6c 20 62 65 20 73	igned.certificates.and.will.be.s
7f540	74 6f 72 65 64 20 69 6e 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3a 00 57 65 20 6e 6f 77 20 75	tored.in.configuration:.We.now.u
7f560	74 69 6c 69 7a 65 20 60 74 75 6e 65 64 60 20 66 6f 72 20 64 79 6e 61 6d 69 63 20 72 65 73 6f 75	tilize.`tuned`.for.dynamic.resou
7f580	72 63 65 20 62 61 6c 61 6e 63 69 6e 67 20 62 61 73 65 64 20 6f 6e 20 70 72 6f 66 69 6c 65 73 2e	rce.balancing.based.on.profiles.
7f5a0	00 57 65 20 6f 6e 6c 79 20 61 6c 6c 6f 77 20 74 68 65 20 31 39 32 2e 31 36 38 2e 32 2e 30 2f 32	.We.only.allow.the.192.168.2.0/2
7f5c0	34 20 73 75 62 6e 65 74 20 74 6f 20 74 72 61 76 65 6c 20 6f 76 65 72 20 74 68 65 20 74 75 6e 6e	4.subnet.to.travel.over.the.tunn
7f5e0	65 6c 00 57 65 20 6f 6e 6c 79 20 6e 65 65 64 20 61 20 73 69 6e 67 6c 65 20 73 74 65 70 20 66 6f	el.We.only.need.a.single.step.fo
7f600	72 20 74 68 69 73 20 69 6e 74 65 72 66 61 63 65 3a 00 57 65 20 72 6f 75 74 65 20 61 6c 6c 20 74	r.this.interface:.We.route.all.t
7f620	72 61 66 66 69 63 20 66 6f 72 20 74 68 65 20 31 39 32 2e 31 36 38 2e 32 2e 30 2f 32 34 20 6e 65	raffic.for.the.192.168.2.0/24.ne
7f640	74 77 6f 72 6b 20 74 6f 20 69 6e 74 65 72 66 61 63 65 20 60 77 67 30 31 60 00 57 65 20 75 73 65	twork.to.interface.`wg01`.We.use
7f660	20 61 20 76 6f 6e 74 61 69 6e 65 72 20 70 72 6f 76 69 64 69 6e 67 20 74 68 65 20 54 41 43 41 43	.a.vontainer.providing.the.TACAC
7f680	53 20 73 65 72 76 65 20 72 69 6e 20 74 68 69 73 20 65 78 61 6d 70 6c 65 2e 00 57 65 27 6c 6c 20	S.serve.rin.this.example..We'll.
7f6a0	75 73 65 20 74 68 65 20 49 4b 45 20 61 6e 64 20 45 53 50 20 67 72 6f 75 70 73 20 63 72 65 61 74	use.the.IKE.and.ESP.groups.creat
7f6c0	65 64 20 61 62 6f 76 65 20 66 6f 72 20 74 68 69 73 20 56 50 4e 2e 20 42 65 63 61 75 73 65 20 77	ed.above.for.this.VPN..Because.w
7f6e0	65 20 6e 65 65 64 20 61 63 63 65 73 73 20 74 6f 20 32 20 64 69 66 66 65 72 65 6e 74 20 73 75 62	e.need.access.to.2.different.sub
7f700	6e 65 74 73 20 6f 6e 20 74 68 65 20 66 61 72 20 73 69 64 65 2c 20 77 65 20 77 69 6c 6c 20 6e 65	nets.on.the.far.side,.we.will.ne
7f720	65 64 20 74 77 6f 20 64 69 66 66 65 72 65 6e 74 20 74 75 6e 6e 65 6c 73 2e 20 49 66 20 79 6f 75	ed.two.different.tunnels..If.you
7f740	20 63 68 61 6e 67 65 64 20 74 68 65 20 6e 61 6d 65 73 20 6f 66 20 74 68 65 20 45 53 50 20 67 72	.changed.the.names.of.the.ESP.gr
7f760	6f 75 70 20 61 6e 64 20 49 4b 45 20 67 72 6f 75 70 20 69 6e 20 74 68 65 20 70 72 65 76 69 6f 75	oup.and.IKE.group.in.the.previou
7f780	73 20 73 74 65 70 2c 20 6d 61 6b 65 20 73 75 72 65 20 79 6f 75 20 75 73 65 20 74 68 65 20 63 6f	s.step,.make.sure.you.use.the.co
7f7a0	72 72 65 63 74 20 6e 61 6d 65 73 20 68 65 72 65 20 74 6f 6f 2e 00 57 65 62 20 50 72 6f 78 79 20	rrect.names.here.too..Web.Proxy.
7f7c0	41 75 74 6f 64 69 73 63 6f 76 65 72 79 20 28 57 50 41 44 29 20 55 52 4c 00 57 65 62 70 72 6f 78	Autodiscovery.(WPAD).URL.Webprox
7f7e0	79 00 57 68 65 6e 20 4c 44 50 20 69 73 20 77 6f 72 6b 69 6e 67 2c 20 79 6f 75 20 77 69 6c 6c 20	y.When.LDP.is.working,.you.will.
7f800	62 65 20 61 62 6c 65 20 74 6f 20 73 65 65 20 6c 61 62 65 6c 20 69 6e 66 6f 72 6d 61 74 69 6f 6e	be.able.to.see.label.information
7f820	20 69 6e 20 74 68 65 20 6f 75 74 63 6f 6d 65 20 6f 66 20 60 60 73 68 6f 77 20 69 70 20 72 6f 75	.in.the.outcome.of.``show.ip.rou
7f840	74 65 60 60 2e 20 42 65 73 69 64 65 73 20 74 68 61 74 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2c 20	te``..Besides.that.information,.
7f860	74 68 65 72 65 20 61 72 65 20 61 6c 73 6f 20 73 70 65 63 69 66 69 63 20 2a 73 68 6f 77 2a 20 63	there.are.also.specific.*show*.c
7f880	6f 6d 6d 61 6e 64 73 20 66 6f 72 20 4c 44 50 3a 00 57 68 65 6e 20 56 52 46 73 20 61 72 65 20 75	ommands.for.LDP:.When.VRFs.are.u
7f8a0	73 65 64 20 69 74 20 69 73 20 6e 6f 74 20 6f 6e 6c 79 20 6d 61 6e 64 61 74 6f 72 79 20 74 6f 20	sed.it.is.not.only.mandatory.to.
7f8c0	63 72 65 61 74 65 20 61 20 56 52 46 20 62 75 74 20 61 6c 73 6f 20 74 68 65 20 56 52 46 20 69 74	create.a.VRF.but.also.the.VRF.it
7f8e0	73 65 6c 66 20 6e 65 65 64 73 20 74 6f 20 62 65 20 61 73 73 69 67 6e 65 64 20 74 6f 20 61 6e 20	self.needs.to.be.assigned.to.an.
7f900	69 6e 74 65 72 66 61 63 65 2e 00 57 68 65 6e 20 61 20 60 60 63 75 73 74 6f 6d 60 60 20 44 79 6e	interface..When.a.``custom``.Dyn
7f920	44 4e 53 20 70 72 6f 76 69 64 65 72 20 69 73 20 75 73 65 64 20 74 68 65 20 60 3c 73 65 72 76 65	DNS.provider.is.used.the.`<serve
7f940	72 3e 60 20 77 68 65 72 65 20 75 70 64 61 74 65 20 72 65 71 75 65 73 74 73 20 61 72 65 20 62 65	r>`.where.update.requests.are.be
7f960	69 6e 67 20 73 65 6e 74 20 74 6f 20 6d 75 73 74 20 62 65 20 73 70 65 63 69 66 69 65 64 2e 00 57	ing.sent.to.must.be.specified..W
7f980	68 65 6e 20 61 20 60 60 63 75 73 74 6f 6d 60 60 20 44 79 6e 44 4e 53 20 70 72 6f 76 69 64 65 72	hen.a.``custom``.DynDNS.provider
7f9a0	20 69 73 20 75 73 65 64 20 74 68 65 20 70 72 6f 74 6f 63 6f 6c 20 75 73 65 64 20 66 6f 72 20 63	.is.used.the.protocol.used.for.c
7f9c0	6f 6d 6d 75 6e 69 63 61 74 69 6e 67 20 74 6f 20 74 68 65 20 70 72 6f 76 69 64 65 72 20 6d 75 73	ommunicating.to.the.provider.mus
7f9e0	74 20 62 65 20 73 70 65 63 69 66 69 65 64 20 75 6e 64 65 72 20 60 3c 70 72 6f 74 6f 63 6f 6c 3e	t.be.specified.under.`<protocol>
7fa00	60 2e 20 53 65 65 20 74 68 65 20 65 6d 62 65 64 64 65 64 20 63 6f 6d 70 6c 65 74 69 6f 6e 20 68	`..See.the.embedded.completion.h
7fa20	65 6c 70 65 72 20 66 6f 72 20 61 76 61 69 6c 61 62 6c 65 20 70 72 6f 74 6f 63 6f 6c 73 2e 00 57	elper.for.available.protocols..W
7fa40	68 65 6e 20 61 20 66 61 69 6c 6f 76 65 72 20 6f 63 63 75 72 73 20 69 6e 20 61 63 74 69 76 65 2d	hen.a.failover.occurs.in.active-
7fa60	62 61 63 6b 75 70 20 6d 6f 64 65 2c 20 62 6f 6e 64 69 6e 67 20 77 69 6c 6c 20 69 73 73 75 65 20	backup.mode,.bonding.will.issue.
7fa80	6f 6e 65 20 6f 72 20 6d 6f 72 65 20 67 72 61 74 75 69 74 6f 75 73 20 41 52 50 73 20 6f 6e 20 74	one.or.more.gratuitous.ARPs.on.t
7faa0	68 65 20 6e 65 77 6c 79 20 61 63 74 69 76 65 20 73 6c 61 76 65 2e 20 4f 6e 65 20 67 72 61 74 75	he.newly.active.slave..One.gratu
7fac0	69 74 6f 75 73 20 41 52 50 20 69 73 20 69 73 73 75 65 64 20 66 6f 72 20 74 68 65 20 62 6f 6e 64	itous.ARP.is.issued.for.the.bond
7fae0	69 6e 67 20 6d 61 73 74 65 72 20 69 6e 74 65 72 66 61 63 65 20 61 6e 64 20 65 61 63 68 20 56 4c	ing.master.interface.and.each.VL
7fb00	41 4e 20 69 6e 74 65 72 66 61 63 65 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 62 6f 76 65 20 69	AN.interfaces.configured.above.i
7fb20	74 2c 20 70 72 6f 76 69 64 65 64 20 74 68 61 74 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 68	t,.provided.that.the.interface.h
7fb40	61 73 20 61 74 20 6c 65 61 73 74 20 6f 6e 65 20 49 50 20 61 64 64 72 65 73 73 20 63 6f 6e 66 69	as.at.least.one.IP.address.confi
7fb60	67 75 72 65 64 2e 20 47 72 61 74 75 69 74 6f 75 73 20 41 52 50 73 20 69 73 73 75 65 64 20 66 6f	gured..Gratuitous.ARPs.issued.fo
7fb80	72 20 56 4c 41 4e 20 69 6e 74 65 72 66 61 63 65 73 20 61 72 65 20 74 61 67 67 65 64 20 77 69 74	r.VLAN.interfaces.are.tagged.wit
7fba0	68 20 74 68 65 20 61 70 70 72 6f 70 72 69 61 74 65 20 56 4c 41 4e 20 69 64 2e 00 57 68 65 6e 20	h.the.appropriate.VLAN.id..When.
7fbc0	61 20 6c 69 6e 6b 20 69 73 20 72 65 63 6f 6e 6e 65 63 74 65 64 20 6f 72 20 61 20 6e 65 77 20 73	a.link.is.reconnected.or.a.new.s
7fbe0	6c 61 76 65 20 6a 6f 69 6e 73 20 74 68 65 20 62 6f 6e 64 20 74 68 65 20 72 65 63 65 69 76 65 20	lave.joins.the.bond.the.receive.
7fc00	74 72 61 66 66 69 63 20 69 73 20 72 65 64 69 73 74 72 69 62 75 74 65 64 20 61 6d 6f 6e 67 20 61	traffic.is.redistributed.among.a
7fc20	6c 6c 20 61 63 74 69 76 65 20 73 6c 61 76 65 73 20 69 6e 20 74 68 65 20 62 6f 6e 64 20 62 79 20	ll.active.slaves.in.the.bond.by.
7fc40	69 6e 69 74 69 61 74 69 6e 67 20 41 52 50 20 52 65 70 6c 69 65 73 20 77 69 74 68 20 74 68 65 20	initiating.ARP.Replies.with.the.
7fc60	73 65 6c 65 63 74 65 64 20 4d 41 43 20 61 64 64 72 65 73 73 20 74 6f 20 65 61 63 68 20 6f 66 20	selected.MAC.address.to.each.of.
7fc80	74 68 65 20 63 6c 69 65 6e 74 73 2e 20 54 68 65 20 75 70 64 65 6c 61 79 20 70 61 72 61 6d 65 74	the.clients..The.updelay.paramet
7fca0	65 72 20 28 64 65 74 61 69 6c 65 64 20 62 65 6c 6f 77 29 20 6d 75 73 74 20 62 65 20 73 65 74 20	er.(detailed.below).must.be.set.
7fcc0	74 6f 20 61 20 76 61 6c 75 65 20 65 71 75 61 6c 20 6f 72 20 67 72 65 61 74 65 72 20 74 68 61 6e	to.a.value.equal.or.greater.than
7fce0	20 74 68 65 20 73 77 69 74 63 68 27 73 20 66 6f 72 77 61 72 64 69 6e 67 20 64 65 6c 61 79 20 73	.the.switch's.forwarding.delay.s
7fd00	6f 20 74 68 61 74 20 74 68 65 20 41 52 50 20 52 65 70 6c 69 65 73 20 73 65 6e 74 20 74 6f 20 74	o.that.the.ARP.Replies.sent.to.t
7fd20	68 65 20 70 65 65 72 73 20 77 69 6c 6c 20 6e 6f 74 20 62 65 20 62 6c 6f 63 6b 65 64 20 62 79 20	he.peers.will.not.be.blocked.by.
7fd40	74 68 65 20 73 77 69 74 63 68 2e 00 57 68 65 6e 20 61 20 70 61 63 6b 65 74 20 69 73 20 74 6f 20	the.switch..When.a.packet.is.to.
7fd60	62 65 20 73 65 6e 74 2c 20 69 74 20 77 69 6c 6c 20 68 61 76 65 20 74 6f 20 67 6f 20 74 68 72 6f	be.sent,.it.will.have.to.go.thro
7fd80	75 67 68 20 74 68 61 74 20 71 75 65 75 65 2c 20 73 6f 20 74 68 65 20 70 61 63 6b 65 74 20 77 69	ugh.that.queue,.so.the.packet.wi
7fda0	6c 6c 20 62 65 20 70 6c 61 63 65 64 20 61 74 20 74 68 65 20 74 61 69 6c 20 6f 66 20 69 74 2e 20	ll.be.placed.at.the.tail.of.it..
7fdc0	57 68 65 6e 20 74 68 65 20 70 61 63 6b 65 74 20 63 6f 6d 70 6c 65 74 65 6c 79 20 67 6f 65 73 20	When.the.packet.completely.goes.
7fde0	74 68 72 6f 75 67 68 20 69 74 2c 20 69 74 20 77 69 6c 6c 20 62 65 20 64 65 71 75 65 75 65 64 20	through.it,.it.will.be.dequeued.
7fe00	65 6d 70 74 79 69 6e 67 20 69 74 73 20 70 6c 61 63 65 20 69 6e 20 74 68 65 20 71 75 65 75 65 20	emptying.its.place.in.the.queue.
7fe20	61 6e 64 20 62 65 69 6e 67 20 65 76 65 6e 74 75 61 6c 6c 79 20 68 61 6e 64 65 64 20 74 6f 20 74	and.being.eventually.handed.to.t
7fe40	68 65 20 4e 49 43 20 74 6f 20 62 65 20 61 63 74 75 61 6c 6c 79 20 73 65 6e 74 20 6f 75 74 2e 00	he.NIC.to.be.actually.sent.out..
7fe60	57 68 65 6e 20 61 20 72 6f 75 74 65 20 66 61 69 6c 73 2c 20 61 20 72 6f 75 74 69 6e 67 20 75 70	When.a.route.fails,.a.routing.up
7fe80	64 61 74 65 20 69 73 20 73 65 6e 74 20 74 6f 20 77 69 74 68 64 72 61 77 20 74 68 65 20 72 6f 75	date.is.sent.to.withdraw.the.rou
7fea0	74 65 20 66 72 6f 6d 20 74 68 65 20 6e 65 74 77 6f 72 6b 27 73 20 72 6f 75 74 69 6e 67 20 74 61	te.from.the.network's.routing.ta
7fec0	62 6c 65 73 2e 20 57 68 65 6e 20 74 68 65 20 72 6f 75 74 65 20 69 73 20 72 65 2d 65 6e 61 62 6c	bles..When.the.route.is.re-enabl
7fee0	65 64 2c 20 74 68 65 20 63 68 61 6e 67 65 20 69 6e 20 61 76 61 69 6c 61 62 69 6c 69 74 79 20 69	ed,.the.change.in.availability.i
7ff00	73 20 61 6c 73 6f 20 61 64 76 65 72 74 69 73 65 64 2e 20 41 20 72 6f 75 74 65 20 74 68 61 74 20	s.also.advertised..A.route.that.
7ff20	63 6f 6e 74 69 6e 75 61 6c 6c 79 20 66 61 69 6c 73 20 61 6e 64 20 72 65 74 75 72 6e 73 20 72 65	continually.fails.and.returns.re
7ff40	71 75 69 72 65 73 20 61 20 67 72 65 61 74 20 64 65 61 6c 20 6f 66 20 6e 65 74 77 6f 72 6b 20 74	quires.a.great.deal.of.network.t
7ff60	72 61 66 66 69 63 20 74 6f 20 75 70 64 61 74 65 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 61 62 6f	raffic.to.update.the.network.abo
7ff80	75 74 20 74 68 65 20 72 6f 75 74 65 27 73 20 73 74 61 74 75 73 2e 00 57 68 65 6e 20 61 64 64 69	ut.the.route's.status..When.addi
7ffa0	6e 67 20 49 50 76 36 20 72 6f 75 74 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 65 78 63 68	ng.IPv6.routing.information.exch
7ffc0	61 6e 67 65 20 66 65 61 74 75 72 65 20 74 6f 20 42 47 50 2e 20 54 68 65 72 65 20 77 65 72 65 20	ange.feature.to.BGP..There.were.
7ffe0	73 6f 6d 65 20 70 72 6f 70 6f 73 61 6c 73 2e 20 3a 61 62 62 72 3a 60 49 45 54 46 20 28 49 6e 74	some.proposals..:abbr:`IETF.(Int
80000	65 72 6e 65 74 20 45 6e 67 69 6e 65 65 72 69 6e 67 20 54 61 73 6b 20 46 6f 72 63 65 29 60 20 3a	ernet.Engineering.Task.Force)`.:
80020	61 62 62 72 3a 60 49 44 52 20 28 49 6e 74 65 72 20 44 6f 6d 61 69 6e 20 52 6f 75 74 69 6e 67 29	abbr:`IDR.(Inter.Domain.Routing)
80040	60 20 61 64 6f 70 74 65 64 20 61 20 70 72 6f 70 6f 73 61 6c 20 63 61 6c 6c 65 64 20 4d 75 6c 74	`.adopted.a.proposal.called.Mult
80060	69 70 72 6f 74 6f 63 6f 6c 20 45 78 74 65 6e 73 69 6f 6e 20 66 6f 72 20 42 47 50 2e 20 54 68 65	iprotocol.Extension.for.BGP..The
80080	20 73 70 65 63 69 66 69 63 61 74 69 6f 6e 20 69 73 20 64 65 73 63 72 69 62 65 64 20 69 6e 20 3a	.specification.is.described.in.:
800a0	72 66 63 3a 60 32 32 38 33 60 2e 20 54 68 65 20 70 72 6f 74 6f 63 6f 6c 20 64 6f 65 73 20 6e 6f	rfc:`2283`..The.protocol.does.no
800c0	74 20 64 65 66 69 6e 65 20 6e 65 77 20 70 72 6f 74 6f 63 6f 6c 73 2e 20 49 74 20 64 65 66 69 6e	t.define.new.protocols..It.defin
800e0	65 73 20 6e 65 77 20 61 74 74 72 69 62 75 74 65 73 20 74 6f 20 65 78 69 73 74 69 6e 67 20 42 47	es.new.attributes.to.existing.BG
80100	50 2e 20 57 68 65 6e 20 69 74 20 69 73 20 75 73 65 64 20 65 78 63 68 61 6e 67 69 6e 67 20 49 50	P..When.it.is.used.exchanging.IP
80120	76 36 20 72 6f 75 74 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 69 74 20 69 73 20 63 61 6c	v6.routing.information.it.is.cal
80140	6c 65 64 20 42 47 50 2d 34 2b 2e 20 57 68 65 6e 20 69 74 20 69 73 20 75 73 65 64 20 66 6f 72 20	led.BGP-4+..When.it.is.used.for.
80160	65 78 63 68 61 6e 67 69 6e 67 20 6d 75 6c 74 69 63 61 73 74 20 72 6f 75 74 69 6e 67 20 69 6e 66	exchanging.multicast.routing.inf
80180	6f 72 6d 61 74 69 6f 6e 20 69 74 20 69 73 20 63 61 6c 6c 65 64 20 4d 42 47 50 2e 00 57 68 65 6e	ormation.it.is.called.MBGP..When
801a0	20 63 6f 6e 66 69 67 75 72 65 64 2c 20 50 50 50 6f 45 20 77 69 6c 6c 20 63 72 65 61 74 65 20 74	.configured,.PPPoE.will.create.t
801c0	68 65 20 6e 65 63 65 73 73 61 72 79 20 56 4c 41 4e 73 20 77 68 65 6e 20 72 65 71 75 69 72 65 64	he.necessary.VLANs.when.required
801e0	2e 20 4f 6e 63 65 20 74 68 65 20 75 73 65 72 20 73 65 73 73 69 6f 6e 20 68 61 73 20 62 65 65 6e	..Once.the.user.session.has.been
80200	20 63 61 6e 63 65 6c 6c 65 64 20 61 6e 64 20 74 68 65 20 56 4c 41 4e 20 69 73 20 6e 6f 74 20 6e	.cancelled.and.the.VLAN.is.not.n
80220	65 65 64 65 64 20 61 6e 79 6d 6f 72 65 2c 20 56 79 4f 53 20 77 69 6c 6c 20 72 65 6d 6f 76 65 20	eeded.anymore,.VyOS.will.remove.
80240	69 74 20 61 67 61 69 6e 2e 00 57 68 65 6e 20 63 6f 6e 66 69 67 75 72 69 6e 67 20 61 20 52 61 6e	it.again..When.configuring.a.Ran
80260	64 6f 6d 2d 44 65 74 65 63 74 20 70 6f 6c 69 63 79 3a 20 2a 2a 74 68 65 20 68 69 67 68 65 72 20	dom-Detect.policy:.**the.higher.
80280	74 68 65 20 70 72 65 63 65 64 65 6e 63 65 20 6e 75 6d 62 65 72 2c 20 74 68 65 20 68 69 67 68 65	the.precedence.number,.the.highe
802a0	72 20 74 68 65 20 70 72 69 6f 72 69 74 79 2a 2a 2e 00 57 68 65 6e 20 63 6f 6e 66 69 67 75 72 69	r.the.priority**..When.configuri
802c0	6e 67 20 79 6f 75 72 20 66 69 6c 74 65 72 2c 20 79 6f 75 20 63 61 6e 20 75 73 65 20 74 68 65 20	ng.your.filter,.you.can.use.the.
802e0	60 60 54 61 62 60 60 20 6b 65 79 20 74 6f 20 73 65 65 20 74 68 65 20 6d 61 6e 79 20 64 69 66 66	``Tab``.key.to.see.the.many.diff
80300	65 72 65 6e 74 20 70 61 72 61 6d 65 74 65 72 73 20 79 6f 75 20 63 61 6e 20 63 6f 6e 66 69 67 75	erent.parameters.you.can.configu
80320	72 65 2e 00 57 68 65 6e 20 63 6f 6e 66 69 67 75 72 69 6e 67 20 79 6f 75 72 20 74 72 61 66 66 69	re..When.configuring.your.traffi
80340	63 20 70 6f 6c 69 63 79 2c 20 79 6f 75 20 77 69 6c 6c 20 68 61 76 65 20 74 6f 20 73 65 74 20 64	c.policy,.you.will.have.to.set.d
80360	61 74 61 20 72 61 74 65 20 76 61 6c 75 65 73 2c 20 77 61 74 63 68 20 6f 75 74 20 74 68 65 20 75	ata.rate.values,.watch.out.the.u
80380	6e 69 74 73 20 79 6f 75 20 61 72 65 20 6d 61 6e 61 67 69 6e 67 2c 20 69 74 20 69 73 20 65 61 73	nits.you.are.managing,.it.is.eas
803a0	79 20 74 6f 20 67 65 74 20 63 6f 6e 66 75 73 65 64 20 77 69 74 68 20 74 68 65 20 64 69 66 66 65	y.to.get.confused.with.the.diffe
803c0	72 65 6e 74 20 70 72 65 66 69 78 65 73 20 61 6e 64 20 73 75 66 66 69 78 65 73 20 79 6f 75 20 63	rent.prefixes.and.suffixes.you.c
803e0	61 6e 20 75 73 65 2e 20 56 79 4f 53 20 77 69 6c 6c 20 61 6c 77 61 79 73 20 73 68 6f 77 20 79 6f	an.use..VyOS.will.always.show.yo
80400	75 20 74 68 65 20 64 69 66 66 65 72 65 6e 74 20 75 6e 69 74 73 20 79 6f 75 20 63 61 6e 20 75 73	u.the.different.units.you.can.us
80420	65 2e 00 57 68 65 6e 20 64 65 66 69 6e 69 6e 67 20 61 20 72 75 6c 65 2c 20 69 74 20 69 73 20 65	e..When.defining.a.rule,.it.is.e
80440	6e 61 62 6c 65 20 62 79 20 64 65 66 61 75 6c 74 2e 20 49 6e 20 73 6f 6d 65 20 63 61 73 65 73 2c	nable.by.default..In.some.cases,
80460	20 69 74 20 69 73 20 75 73 65 66 75 6c 20 74 6f 20 6a 75 73 74 20 64 69 73 61 62 6c 65 20 74 68	.it.is.useful.to.just.disable.th
80480	65 20 72 75 6c 65 2c 20 72 61 74 68 65 72 20 74 68 61 6e 20 72 65 6d 6f 76 69 6e 67 20 69 74 2e	e.rule,.rather.than.removing.it.
804a0	00 57 68 65 6e 20 64 65 66 69 6e 69 6e 67 20 74 68 65 20 74 72 61 6e 73 6c 61 74 65 64 20 61 64	.When.defining.the.translated.ad
804c0	64 72 65 73 73 2c 20 63 61 6c 6c 65 64 20 60 60 62 61 63 6b 65 6e 64 73 60 60 2c 20 61 20 60 60	dress,.called.``backends``,.a.``
804e0	77 65 69 67 68 74 60 60 20 6d 75 73 74 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 2e 20 54 68 69	weight``.must.be.configured..Thi
80500	73 20 6c 65 74 73 20 74 68 65 20 75 73 65 72 20 64 65 66 69 6e 65 20 6c 6f 61 64 20 62 61 6c 61	s.lets.the.user.define.load.bala
80520	6e 63 65 20 64 69 73 74 72 69 62 75 74 69 6f 6e 20 61 63 63 6f 72 64 69 6e 67 20 74 6f 20 74 68	nce.distribution.according.to.th
80540	65 69 72 20 6e 65 65 64 73 2e 20 54 68 65 6d 20 73 75 6d 20 6f 66 20 61 6c 6c 20 74 68 65 20 77	eir.needs..Them.sum.of.all.the.w
80560	65 69 67 68 74 73 20 64 65 66 69 6e 65 64 20 66 6f 72 20 74 68 65 20 62 61 63 6b 65 6e 64 73 20	eights.defined.for.the.backends.
80580	73 68 6f 75 6c 64 20 62 65 20 65 71 75 61 6c 20 74 6f 20 31 30 30 2e 20 49 6e 20 6f 64 65 72 20	should.be.equal.to.100..In.oder.
805a0	77 6f 72 64 73 2c 20 74 68 65 20 77 65 69 67 68 74 20 64 65 66 69 6e 65 64 20 66 6f 72 20 74 68	words,.the.weight.defined.for.th
805c0	65 20 62 61 63 6b 65 6e 64 20 69 73 20 74 68 65 20 70 65 72 63 65 6e 74 61 67 65 20 6f 66 20 74	e.backend.is.the.percentage.of.t
805e0	68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 74 68 61 74 20 77 69 6c 6c 20 72 65 63 65 69 76 65	he.connections.that.will.receive
80600	20 73 75 63 68 20 62 61 63 6b 65 6e 64 2e 00 57 68 65 6e 20 64 65 71 75 65 75 69 6e 67 2c 20 65	.such.backend..When.dequeuing,.e
80620	61 63 68 20 68 61 73 68 2d 62 75 63 6b 65 74 20 77 69 74 68 20 64 61 74 61 20 69 73 20 71 75 65	ach.hash-bucket.with.data.is.que
80640	72 69 65 64 20 69 6e 20 61 20 72 6f 75 6e 64 20 72 6f 62 69 6e 20 66 61 73 68 69 6f 6e 2e 20 59	ried.in.a.round.robin.fashion..Y
80660	6f 75 20 63 61 6e 20 63 6f 6e 66 69 67 75 72 65 20 74 68 65 20 6c 65 6e 67 74 68 20 6f 66 20 74	ou.can.configure.the.length.of.t
80680	68 65 20 71 75 65 75 65 2e 00 57 68 65 6e 20 64 65 73 69 67 6e 69 6e 67 20 79 6f 75 72 20 4e 41	he.queue..When.designing.your.NA
806a0	54 20 72 75 6c 65 73 65 74 20 6c 65 61 76 65 20 73 6f 6d 65 20 73 70 61 63 65 20 62 65 74 77 65	T.ruleset.leave.some.space.betwe
806c0	65 6e 20 63 6f 6e 73 65 63 75 74 69 76 65 20 72 75 6c 65 73 20 66 6f 72 20 6c 61 74 65 72 20 65	en.consecutive.rules.for.later.e
806e0	78 74 65 6e 73 69 6f 6e 2e 20 59 6f 75 72 20 72 75 6c 65 73 65 74 20 63 6f 75 6c 64 20 73 74 61	xtension..Your.ruleset.could.sta
80700	72 74 20 77 69 74 68 20 6e 75 6d 62 65 72 73 20 31 30 2c 20 32 30 2c 20 33 30 2e 20 59 6f 75 20	rt.with.numbers.10,.20,.30..You.
80720	74 68 75 73 20 63 61 6e 20 6c 61 74 65 72 20 65 78 74 65 6e 64 20 74 68 65 20 72 75 6c 65 73 65	thus.can.later.extend.the.rulese
80740	74 20 61 6e 64 20 70 6c 61 63 65 20 6e 65 77 20 72 75 6c 65 73 20 62 65 74 77 65 65 6e 20 65 78	t.and.place.new.rules.between.ex
80760	69 73 74 69 6e 67 20 6f 6e 65 73 2e 00 57 68 65 6e 20 64 6f 69 6e 67 20 66 61 75 6c 74 20 69 73	isting.ones..When.doing.fault.is
80780	6f 6c 61 74 69 6f 6e 20 77 69 74 68 20 70 69 6e 67 2c 20 79 6f 75 20 73 68 6f 75 6c 64 20 66 69	olation.with.ping,.you.should.fi
807a0	72 73 74 20 72 75 6e 20 69 74 20 6f 6e 20 74 68 65 20 6c 6f 63 61 6c 20 68 6f 73 74 2c 20 74 6f	rst.run.it.on.the.local.host,.to
807c0	20 76 65 72 69 66 79 20 74 68 61 74 20 74 68 65 20 6c 6f 63 61 6c 20 6e 65 74 77 6f 72 6b 20 69	.verify.that.the.local.network.i
807e0	6e 74 65 72 66 61 63 65 20 69 73 20 75 70 20 61 6e 64 20 72 75 6e 6e 69 6e 67 2e 20 54 68 65 6e	nterface.is.up.and.running..Then
80800	2c 20 63 6f 6e 74 69 6e 75 65 20 77 69 74 68 20 68 6f 73 74 73 20 61 6e 64 20 67 61 74 65 77 61	,.continue.with.hosts.and.gatewa
80820	79 73 20 66 75 72 74 68 65 72 20 64 6f 77 6e 20 74 68 65 20 72 6f 61 64 20 74 6f 77 61 72 64 73	ys.further.down.the.road.towards
80840	20 79 6f 75 72 20 64 65 73 74 69 6e 61 74 69 6f 6e 2e 20 52 6f 75 6e 64 2d 74 72 69 70 20 74 69	.your.destination..Round-trip.ti
80860	6d 65 20 61 6e 64 20 70 61 63 6b 65 74 20 6c 6f 73 73 20 73 74 61 74 69 73 74 69 63 73 20 61 72	me.and.packet.loss.statistics.ar
80880	65 20 63 6f 6d 70 75 74 65 64 2e 00 57 68 65 6e 20 6c 6f 61 64 69 6e 67 20 74 68 65 20 63 65 72	e.computed..When.loading.the.cer
808a0	74 69 66 69 63 61 74 65 20 79 6f 75 20 6e 65 65 64 20 74 6f 20 6d 61 6e 75 61 6c 6c 79 20 73 74	tificate.you.need.to.manually.st
808c0	72 69 70 20 74 68 65 20 60 60 2d 2d 2d 2d 2d 42 45 47 49 4e 20 43 45 52 54 49 46 49 43 41 54 45	rip.the.``-----BEGIN.CERTIFICATE
808e0	2d 2d 2d 2d 2d 60 60 20 61 6e 64 20 60 60 2d 2d 2d 2d 2d 45 4e 44 20 43 45 52 54 49 46 49 43 41	-----``.and.``-----END.CERTIFICA
80900	54 45 2d 2d 2d 2d 2d 60 60 20 74 61 67 73 2e 20 41 6c 73 6f 2c 20 74 68 65 20 63 65 72 74 69 66	TE-----``.tags..Also,.the.certif
80920	69 63 61 74 65 2f 6b 65 79 20 6e 65 65 64 73 20 74 6f 20 62 65 20 70 72 65 73 65 6e 74 65 64 20	icate/key.needs.to.be.presented.
80940	69 6e 20 61 20 73 69 6e 67 6c 65 20 6c 69 6e 65 20 77 69 74 68 6f 75 74 20 6c 69 6e 65 20 62 72	in.a.single.line.without.line.br
80960	65 61 6b 73 20 28 60 60 5c 6e 60 60 29 2c 20 74 68 69 73 20 63 61 6e 20 62 65 20 64 6f 6e 65 20	eaks.(``\n``),.this.can.be.done.
80980	75 73 69 6e 67 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 73 68 65 6c 6c 20 63 6f 6d 6d 61 6e	using.the.following.shell.comman
809a0	64 3a 00 57 68 65 6e 20 6c 6f 61 64 69 6e 67 20 74 68 65 20 63 65 72 74 69 66 69 63 61 74 65 20	d:.When.loading.the.certificate.
809c0	79 6f 75 20 6e 65 65 64 20 74 6f 20 6d 61 6e 75 61 6c 6c 79 20 73 74 72 69 70 20 74 68 65 20 60	you.need.to.manually.strip.the.`
809e0	60 2d 2d 2d 2d 2d 42 45 47 49 4e 20 4b 45 59 2d 2d 2d 2d 2d 60 60 20 61 6e 64 20 60 60 2d 2d 2d	`-----BEGIN.KEY-----``.and.``---
80a00	2d 2d 45 4e 44 20 4b 45 59 2d 2d 2d 2d 2d 60 60 20 74 61 67 73 2e 20 41 6c 73 6f 2c 20 74 68 65	--END.KEY-----``.tags..Also,.the
80a20	20 63 65 72 74 69 66 69 63 61 74 65 2f 6b 65 79 20 6e 65 65 64 73 20 74 6f 20 62 65 20 70 72 65	.certificate/key.needs.to.be.pre
80a40	73 65 6e 74 65 64 20 69 6e 20 61 20 73 69 6e 67 6c 65 20 6c 69 6e 65 20 77 69 74 68 6f 75 74 20	sented.in.a.single.line.without.
80a60	6c 69 6e 65 20 62 72 65 61 6b 73 20 28 60 60 5c 6e 60 60 29 2c 20 74 68 69 73 20 63 61 6e 20 62	line.breaks.(``\n``),.this.can.b
80a80	65 20 64 6f 6e 65 20 75 73 69 6e 67 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 73 68 65 6c 6c	e.done.using.the.following.shell
80aa0	20 63 6f 6d 6d 61 6e 64 3a 00 57 68 65 6e 20 6d 61 74 68 63 69 6e 67 20 61 6c 6c 20 70 61 74 74	.command:.When.mathcing.all.patt
80ac0	65 72 6e 73 20 64 65 66 69 6e 65 64 20 69 6e 20 61 20 72 75 6c 65 2c 20 74 68 65 6e 20 64 69 66	erns.defined.in.a.rule,.then.dif
80ae0	66 65 72 65 6e 74 20 61 63 74 69 6f 6e 73 20 63 61 6e 20 62 65 20 6d 61 64 65 2e 20 54 68 69 73	ferent.actions.can.be.made..This
80b00	20 69 6e 63 6c 75 64 65 73 20 64 72 6f 70 69 6e 67 20 74 68 65 20 70 61 63 6b 65 74 2c 20 6d 6f	.includes.droping.the.packet,.mo
80b20	64 69 66 79 69 6e 67 20 63 65 72 74 61 69 6e 20 64 61 74 61 2c 20 6f 72 20 73 65 74 74 69 6e 67	difying.certain.data,.or.setting
80b40	20 61 20 64 69 66 66 65 72 65 6e 74 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 2e 00 57 68 65 6e	.a.different.routing.table..When
80b60	20 6e 6f 20 6f 70 74 69 6f 6e 73 2f 70 61 72 61 6d 65 74 65 72 73 20 61 72 65 20 75 73 65 64 2c	.no.options/parameters.are.used,
80b80	20 74 68 65 20 63 6f 6e 74 65 6e 74 73 20 6f 66 20 74 68 65 20 6d 61 69 6e 20 73 79 73 6c 6f 67	.the.contents.of.the.main.syslog
80ba0	20 66 69 6c 65 20 61 72 65 20 64 69 73 70 6c 61 79 65 64 2e 00 57 68 65 6e 20 6e 6f 2d 72 65 6c	.file.are.displayed..When.no-rel
80bc0	65 61 73 65 20 69 73 20 73 70 65 63 69 66 69 65 64 2c 20 64 68 63 70 36 63 20 77 69 6c 6c 20 73	ease.is.specified,.dhcp6c.will.s
80be0	65 6e 64 20 61 20 72 65 6c 65 61 73 65 20 6d 65 73 73 61 67 65 20 6f 6e 20 63 6c 69 65 6e 74 20	end.a.release.message.on.client.
80c00	65 78 69 74 20 74 6f 20 70 72 65 76 65 6e 74 20 6c 6f 73 69 6e 67 20 61 6e 20 61 73 73 69 67 6e	exit.to.prevent.losing.an.assign
80c20	65 64 20 61 64 64 72 65 73 73 20 6f 72 20 70 72 65 66 69 78 2e 00 57 68 65 6e 20 72 61 70 69 64	ed.address.or.prefix..When.rapid
80c40	2d 63 6f 6d 6d 69 74 20 69 73 20 73 70 65 63 69 66 69 65 64 2c 20 64 68 63 70 36 63 20 77 69 6c	-commit.is.specified,.dhcp6c.wil
80c60	6c 20 69 6e 63 6c 75 64 65 20 61 20 72 61 70 69 64 2d 63 6f 6d 6d 69 74 20 6f 70 74 69 6f 6e 20	l.include.a.rapid-commit.option.
80c80	69 6e 20 73 6f 6c 69 63 69 74 20 6d 65 73 73 61 67 65 73 20 61 6e 64 20 77 61 69 74 20 66 6f 72	in.solicit.messages.and.wait.for
80ca0	20 61 6e 20 69 6d 6d 65 64 69 61 74 65 20 72 65 70 6c 79 20 69 6e 73 74 65 61 64 20 6f 66 20 61	.an.immediate.reply.instead.of.a
80cc0	64 76 65 72 74 69 73 65 6d 65 6e 74 73 2e 00 57 68 65 6e 20 72 65 6d 6f 74 65 20 70 65 65 72 20	dvertisements..When.remote.peer.
80ce0	64 6f 65 73 20 6e 6f 74 20 68 61 76 65 20 63 61 70 61 62 69 6c 69 74 79 20 6e 65 67 6f 74 69 61	does.not.have.capability.negotia
80d00	74 69 6f 6e 20 66 65 61 74 75 72 65 2c 20 72 65 6d 6f 74 65 20 70 65 65 72 20 77 69 6c 6c 20 6e	tion.feature,.remote.peer.will.n
80d20	6f 74 20 73 65 6e 64 20 61 6e 79 20 63 61 70 61 62 69 6c 69 74 69 65 73 20 61 74 20 61 6c 6c 2e	ot.send.any.capabilities.at.all.
80d40	20 49 6e 20 74 68 61 74 20 63 61 73 65 2c 20 62 67 70 20 63 6f 6e 66 69 67 75 72 65 73 20 74 68	.In.that.case,.bgp.configures.th
80d60	65 20 70 65 65 72 20 77 69 74 68 20 63 6f 6e 66 69 67 75 72 65 64 20 63 61 70 61 62 69 6c 69 74	e.peer.with.configured.capabilit
80d80	69 65 73 2e 00 57 68 65 6e 20 72 75 6e 6e 69 6e 67 20 69 74 20 61 74 20 31 47 62 69 74 20 61 6e	ies..When.running.it.at.1Gbit.an
80da0	64 20 6c 6f 77 65 72 2c 20 79 6f 75 20 6d 61 79 20 77 61 6e 74 20 74 6f 20 72 65 64 75 63 65 20	d.lower,.you.may.want.to.reduce.
80dc0	74 68 65 20 60 71 75 65 75 65 2d 6c 69 6d 69 74 60 20 74 6f 20 31 30 30 30 20 70 61 63 6b 65 74	the.`queue-limit`.to.1000.packet
80de0	73 20 6f 72 20 6c 65 73 73 2e 20 49 6e 20 72 61 74 65 73 20 6c 69 6b 65 20 31 30 4d 62 69 74 2c	s.or.less..In.rates.like.10Mbit,
80e00	20 79 6f 75 20 6d 61 79 20 77 61 6e 74 20 74 6f 20 73 65 74 20 69 74 20 74 6f 20 36 30 30 20 70	.you.may.want.to.set.it.to.600.p
80e20	61 63 6b 65 74 73 2e 00 57 68 65 6e 20 73 65 74 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 69	ackets..When.set.the.interface.i
80e40	73 20 65 6e 61 62 6c 65 64 20 66 6f 72 20 22 64 69 61 6c 2d 6f 6e 2d 64 65 6d 61 6e 64 22 2e 00	s.enabled.for."dial-on-demand"..
80e60	57 68 65 6e 20 73 70 65 63 69 66 69 65 64 2c 20 74 68 69 73 20 73 68 6f 75 6c 64 20 62 65 20 74	When.specified,.this.should.be.t
80e80	68 65 20 6f 6e 6c 79 20 6b 65 79 77 6f 72 64 20 66 6f 72 20 74 68 65 20 69 6e 74 65 72 66 61 63	he.only.keyword.for.the.interfac
80ea0	65 2e 00 57 68 65 6e 20 73 74 61 72 74 69 6e 67 20 61 20 56 79 4f 53 20 6c 69 76 65 20 73 79 73	e..When.starting.a.VyOS.live.sys
80ec0	74 65 6d 20 28 74 68 65 20 69 6e 73 74 61 6c 6c 61 74 69 6f 6e 20 43 44 29 20 74 68 65 20 63 6f	tem.(the.installation.CD).the.co
80ee0	6e 66 69 67 75 72 65 64 20 6b 65 79 62 6f 61 72 64 20 6c 61 79 6f 75 74 20 64 65 66 61 75 6c 74	nfigured.keyboard.layout.default
80f00	73 20 74 6f 20 55 53 2e 20 41 73 20 74 68 69 73 20 6d 69 67 68 74 20 6e 6f 74 20 73 75 69 74 65	s.to.US..As.this.might.not.suite
80f20	20 65 76 65 72 79 6f 6e 65 73 20 75 73 65 20 63 61 73 65 20 79 6f 75 20 63 61 6e 20 61 64 6a 75	.everyones.use.case.you.can.adju
80f40	73 74 20 74 68 65 20 75 73 65 64 20 6b 65 79 62 6f 61 72 64 20 6c 61 79 6f 75 74 20 6f 6e 20 74	st.the.used.keyboard.layout.on.t
80f60	68 65 20 73 79 73 74 65 6d 20 63 6f 6e 73 6f 6c 65 2e 00 57 68 65 6e 20 74 68 65 20 44 48 43 50	he.system.console..When.the.DHCP
80f80	20 73 65 72 76 65 72 20 69 73 20 63 6f 6e 73 69 64 65 72 69 6e 67 20 64 79 6e 61 6d 69 63 61 6c	.server.is.considering.dynamical
80fa0	6c 79 20 61 6c 6c 6f 63 61 74 69 6e 67 20 61 6e 20 49 50 20 61 64 64 72 65 73 73 20 74 6f 20 61	ly.allocating.an.IP.address.to.a
80fc0	20 63 6c 69 65 6e 74 2c 20 69 74 20 66 69 72 73 74 20 73 65 6e 64 73 20 61 6e 20 49 43 4d 50 20	.client,.it.first.sends.an.ICMP.
80fe0	45 63 68 6f 20 72 65 71 75 65 73 74 20 28 61 20 70 69 6e 67 29 20 74 6f 20 74 68 65 20 61 64 64	Echo.request.(a.ping).to.the.add
81000	72 65 73 73 20 62 65 69 6e 67 20 61 73 73 69 67 6e 65 64 2e 20 49 74 20 77 61 69 74 73 20 66 6f	ress.being.assigned..It.waits.fo
81020	72 20 61 20 73 65 63 6f 6e 64 2c 20 61 6e 64 20 69 66 20 6e 6f 20 49 43 4d 50 20 45 63 68 6f 20	r.a.second,.and.if.no.ICMP.Echo.
81040	72 65 73 70 6f 6e 73 65 20 68 61 73 20 62 65 65 6e 20 68 65 61 72 64 2c 20 69 74 20 61 73 73 69	response.has.been.heard,.it.assi
81060	67 6e 73 20 74 68 65 20 61 64 64 72 65 73 73 2e 00 57 68 65 6e 20 74 68 65 20 63 6c 6f 73 65 2d	gns.the.address..When.the.close-
81080	61 63 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 73 20 73 65 74 20 6f 6e 20 74 68 65 20 70 65 65 72	action.option.is.set.on.the.peer
810a0	73 2c 20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 2d 74 79 70 65 20 6f 66 20 65 61 63 68 20 70	s,.the.connection-type.of.each.p
810c0	65 65 72 20 68 61 73 20 74 6f 20 63 6f 6e 73 69 64 65 72 65 64 20 63 61 72 65 66 75 6c 6c 79 2e	eer.has.to.considered.carefully.
810e0	20 46 6f 72 20 65 78 61 6d 70 6c 65 2c 20 69 66 20 74 68 65 20 6f 70 74 69 6f 6e 20 69 73 20 73	.For.example,.if.the.option.is.s
81100	65 74 20 6f 6e 20 62 6f 74 68 20 70 65 65 72 73 2c 20 74 68 65 6e 20 62 6f 74 68 20 77 6f 75 6c	et.on.both.peers,.then.both.woul
81120	64 20 61 74 74 65 6d 70 74 20 74 6f 20 69 6e 69 74 69 61 74 65 20 61 6e 64 20 68 6f 6c 64 20 6f	d.attempt.to.initiate.and.hold.o
81140	70 65 6e 20 6d 75 6c 74 69 70 6c 65 20 63 6f 70 69 65 73 20 6f 66 20 65 61 63 68 20 63 68 69 6c	pen.multiple.copies.of.each.chil
81160	64 20 53 41 2e 20 54 68 69 73 20 6d 69 67 68 74 20 6c 65 61 64 20 74 6f 20 69 6e 73 74 61 62 69	d.SA..This.might.lead.to.instabi
81180	6c 69 74 79 20 6f 66 20 74 68 65 20 64 65 76 69 63 65 20 6f 72 20 63 70 75 2f 6d 65 6d 6f 72 79	lity.of.the.device.or.cpu/memory
811a0	20 75 74 69 6c 69 7a 61 74 69 6f 6e 2e 00 57 68 65 6e 20 74 68 65 20 63 6f 6d 6d 61 6e 64 20 61	.utilization..When.the.command.a
811c0	62 6f 76 65 20 69 73 20 73 65 74 2c 20 56 79 4f 53 20 77 69 6c 6c 20 61 6e 73 77 65 72 20 65 76	bove.is.set,.VyOS.will.answer.ev
811e0	65 72 79 20 49 43 4d 50 20 65 63 68 6f 20 72 65 71 75 65 73 74 20 61 64 64 72 65 73 73 65 64 20	ery.ICMP.echo.request.addressed.
81200	74 6f 20 69 74 73 65 6c 66 2c 20 62 75 74 20 74 68 61 74 20 77 69 6c 6c 20 6f 6e 6c 79 20 68 61	to.itself,.but.that.will.only.ha
81220	70 70 65 6e 20 69 66 20 6e 6f 20 6f 74 68 65 72 20 72 75 6c 65 20 69 73 20 61 70 70 6c 69 65 64	ppen.if.no.other.rule.is.applied
81240	20 64 72 6f 70 70 69 6e 67 20 6f 72 20 72 65 6a 65 63 74 69 6e 67 20 6c 6f 63 61 6c 20 65 63 68	.dropping.or.rejecting.local.ech
81260	6f 20 72 65 71 75 65 73 74 73 2e 20 49 6e 20 63 61 73 65 20 6f 66 20 63 6f 6e 66 6c 69 63 74 2c	o.requests..In.case.of.conflict,
81280	20 56 79 4f 53 20 77 69 6c 6c 20 6e 6f 74 20 61 6e 73 77 65 72 20 49 43 4d 50 20 65 63 68 6f 20	.VyOS.will.not.answer.ICMP.echo.
812a0	72 65 71 75 65 73 74 73 2e 00 57 68 65 6e 20 74 68 65 20 63 6f 6d 6d 61 6e 64 20 61 62 6f 76 65	requests..When.the.command.above
812c0	20 69 73 20 73 65 74 2c 20 56 79 4f 53 20 77 69 6c 6c 20 61 6e 73 77 65 72 20 6e 6f 20 49 43 4d	.is.set,.VyOS.will.answer.no.ICM
812e0	50 20 65 63 68 6f 20 72 65 71 75 65 73 74 20 61 64 64 72 65 73 73 65 64 20 74 6f 20 69 74 73 65	P.echo.request.addressed.to.itse
81300	6c 66 20 61 74 20 61 6c 6c 2c 20 6e 6f 20 6d 61 74 74 65 72 20 77 68 65 72 65 20 69 74 20 63 6f	lf.at.all,.no.matter.where.it.co
81320	6d 65 73 20 66 72 6f 6d 20 6f 72 20 77 68 65 74 68 65 72 20 6d 6f 72 65 20 73 70 65 63 69 66 69	mes.from.or.whether.more.specifi
81340	63 20 72 75 6c 65 73 20 61 72 65 20 62 65 69 6e 67 20 61 70 70 6c 69 65 64 20 74 6f 20 61 63 63	c.rules.are.being.applied.to.acc
81360	65 70 74 20 74 68 65 6d 2e 00 57 68 65 6e 20 75 73 69 6e 67 20 44 48 43 50 20 74 6f 20 72 65 74	ept.them..When.using.DHCP.to.ret
81380	72 69 65 76 65 20 49 50 76 34 20 61 64 64 72 65 73 73 20 61 6e 64 20 69 66 20 6c 6f 63 61 6c 20	rieve.IPv4.address.and.if.local.
813a0	63 75 73 74 6f 6d 69 7a 61 74 69 6f 6e 73 20 61 72 65 20 6e 65 65 64 65 64 2c 20 74 68 65 79 20	customizations.are.needed,.they.
813c0	73 68 6f 75 6c 64 20 62 65 20 70 6f 73 73 69 62 6c 65 20 75 73 69 6e 67 20 74 68 65 20 65 6e 74	should.be.possible.using.the.ent
813e0	65 72 20 61 6e 64 20 65 78 69 74 20 68 6f 6f 6b 73 20 70 72 6f 76 69 64 65 64 2e 20 54 68 65 20	er.and.exit.hooks.provided..The.
81400	68 6f 6f 6b 20 64 69 72 73 20 61 72 65 3a 00 57 68 65 6e 20 75 73 69 6e 67 20 45 56 45 2d 4e 47	hook.dirs.are:.When.using.EVE-NG
81420	20 74 6f 20 6c 61 62 20 74 68 69 73 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 20 65 6e 73 75 72 65 20	.to.lab.this.environment.ensure.
81440	79 6f 75 20 61 72 65 20 75 73 69 6e 67 20 65 31 30 30 30 20 61 73 20 74 68 65 20 64 65 73 69 72	you.are.using.e1000.as.the.desir
81460	65 64 20 64 72 69 76 65 72 20 66 6f 72 20 79 6f 75 72 20 56 79 4f 53 20 6e 65 74 77 6f 72 6b 20	ed.driver.for.your.VyOS.network.
81480	69 6e 74 65 72 66 61 63 65 73 2e 20 57 68 65 6e 20 75 73 69 6e 67 20 74 68 65 20 72 65 67 75 6c	interfaces..When.using.the.regul
814a0	61 72 20 76 69 72 74 69 6f 20 6e 65 74 77 6f 72 6b 20 64 72 69 76 65 72 20 6e 6f 20 4c 41 43 50	ar.virtio.network.driver.no.LACP
814c0	20 50 44 55 73 20 77 69 6c 6c 20 62 65 20 73 65 6e 74 20 62 79 20 56 79 4f 53 20 74 68 75 73 20	.PDUs.will.be.sent.by.VyOS.thus.
814e0	74 68 65 20 70 6f 72 74 2d 63 68 61 6e 6e 65 6c 20 77 69 6c 6c 20 6e 65 76 65 72 20 62 65 63 6f	the.port-channel.will.never.beco
81500	6d 65 20 61 63 74 69 76 65 21 00 57 68 65 6e 20 75 73 69 6e 67 20 4e 41 54 20 66 6f 72 20 61 20	me.active!.When.using.NAT.for.a.
81520	6c 61 72 67 65 20 6e 75 6d 62 65 72 20 6f 66 20 68 6f 73 74 20 73 79 73 74 65 6d 73 20 69 74 20	large.number.of.host.systems.it.
81540	72 65 63 6f 6d 6d 65 6e 64 65 64 20 74 68 61 74 20 61 20 6d 69 6e 69 6d 75 6d 20 6f 66 20 31 20	recommended.that.a.minimum.of.1.
81560	49 50 20 61 64 64 72 65 73 73 20 69 73 20 75 73 65 64 20 74 6f 20 4e 41 54 20 65 76 65 72 79 20	IP.address.is.used.to.NAT.every.
81580	32 35 36 20 68 6f 73 74 20 73 79 73 74 65 6d 73 2e 20 54 68 69 73 20 69 73 20 64 75 65 20 74 6f	256.host.systems..This.is.due.to
815a0	20 74 68 65 20 6c 69 6d 69 74 20 6f 66 20 36 35 2c 30 30 30 20 70 6f 72 74 20 6e 75 6d 62 65 72	.the.limit.of.65,000.port.number
815c0	73 20 61 76 61 69 6c 61 62 6c 65 20 66 6f 72 20 75 6e 69 71 75 65 20 74 72 61 6e 73 6c 61 74 69	s.available.for.unique.translati
815e0	6f 6e 73 20 61 6e 64 20 61 20 72 65 73 65 72 76 69 6e 67 20 61 6e 20 61 76 65 72 61 67 65 20 6f	ons.and.a.reserving.an.average.o
81600	66 20 32 30 30 2d 33 30 30 20 73 65 73 73 69 6f 6e 73 20 70 65 72 20 68 6f 73 74 20 73 79 73 74	f.200-300.sessions.per.host.syst
81620	65 6d 2e 00 57 68 65 6e 20 75 73 69 6e 67 20 4e 41 54 20 66 6f 72 20 61 20 6c 61 72 67 65 20 6e	em..When.using.NAT.for.a.large.n
81640	75 6d 62 65 72 20 6f 66 20 68 6f 73 74 20 73 79 73 74 65 6d 73 20 69 74 20 72 65 63 6f 6d 6d 65	umber.of.host.systems.it.recomme
81660	6e 64 65 64 20 74 68 61 74 20 61 20 6d 69 6e 69 6d 75 6d 20 6f 66 20 31 20 49 50 20 61 64 64 72	nded.that.a.minimum.of.1.IP.addr
81680	65 73 73 20 69 73 20 75 73 65 64 20 74 6f 20 4e 41 54 20 65 76 65 72 79 20 32 35 36 20 70 72 69	ess.is.used.to.NAT.every.256.pri
816a0	76 61 74 65 20 68 6f 73 74 20 73 79 73 74 65 6d 73 2e 20 54 68 69 73 20 69 73 20 64 75 65 20 74	vate.host.systems..This.is.due.t
816c0	6f 20 74 68 65 20 6c 69 6d 69 74 20 6f 66 20 36 35 2c 30 30 30 20 70 6f 72 74 20 6e 75 6d 62 65	o.the.limit.of.65,000.port.numbe
816e0	72 73 20 61 76 61 69 6c 61 62 6c 65 20 66 6f 72 20 75 6e 69 71 75 65 20 74 72 61 6e 73 6c 61 74	rs.available.for.unique.translat
81700	69 6f 6e 73 20 61 6e 64 20 61 20 72 65 73 65 72 76 69 6e 67 20 61 6e 20 61 76 65 72 61 67 65 20	ions.and.a.reserving.an.average.
81720	6f 66 20 32 30 30 2d 33 30 30 20 73 65 73 73 69 6f 6e 73 20 70 65 72 20 68 6f 73 74 20 73 79 73	of.200-300.sessions.per.host.sys
81740	74 65 6d 2e 00 57 68 65 6e 20 75 73 69 6e 67 20 53 53 48 2c 20 6b 6e 6f 77 6e 2d 68 6f 73 74 73	tem..When.using.SSH,.known-hosts
81760	2d 66 69 6c 65 2c 20 70 72 69 76 61 74 65 2d 6b 65 79 2d 66 69 6c 65 20 61 6e 64 20 70 75 62 6c	-file,.private-key-file.and.publ
81780	69 63 2d 6b 65 79 2d 66 69 6c 65 20 61 72 65 20 6d 61 6e 64 61 74 6f 72 79 20 6f 70 74 69 6f 6e	ic-key-file.are.mandatory.option
817a0	73 2e 00 57 68 65 6e 20 75 73 69 6e 67 20 54 69 6d 65 2d 62 61 73 65 64 20 6f 6e 65 2d 74 69 6d	s..When.using.Time-based.one-tim
817c0	65 20 70 61 73 73 77 6f 72 64 20 28 54 4f 54 50 29 20 28 4f 54 50 20 48 4f 54 50 2d 74 69 6d 65	e.password.(TOTP).(OTP.HOTP-time
817e0	29 2c 20 62 65 20 73 75 72 65 20 74 68 61 74 20 74 68 65 20 74 69 6d 65 20 6f 6e 20 74 68 65 20	),.be.sure.that.the.time.on.the.
81800	73 65 72 76 65 72 20 61 6e 64 20 74 68 65 20 4f 54 50 20 74 6f 6b 65 6e 20 67 65 6e 65 72 61 74	server.and.the.OTP.token.generat
81820	6f 72 20 61 72 65 20 73 79 6e 63 68 72 6f 6e 69 7a 65 64 20 62 79 20 4e 54 50 00 57 68 65 6e 20	or.are.synchronized.by.NTP.When.
81840	75 73 69 6e 67 20 73 69 74 65 2d 74 6f 2d 73 69 74 65 20 49 50 73 65 63 20 77 69 74 68 20 56 54	using.site-to-site.IPsec.with.VT
81860	49 20 69 6e 74 65 72 66 61 63 65 73 2c 20 62 65 20 73 75 72 65 20 74 6f 20 64 69 73 61 62 6c 65	I.interfaces,.be.sure.to.disable
81880	20 72 6f 75 74 65 20 61 75 74 6f 69 6e 73 74 61 6c 6c 00 57 68 65 6e 20 75 74 69 6c 69 7a 69 6e	.route.autoinstall.When.utilizin
818a0	67 20 56 79 4f 53 20 69 6e 20 61 6e 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 20 77 69 74 68 20 41 72	g.VyOS.in.an.environment.with.Ar
818c0	69 73 74 61 20 67 65 61 72 20 79 6f 75 20 63 61 6e 20 75 73 65 20 74 68 69 73 20 62 6c 75 65 20	ista.gear.you.can.use.this.blue.
818e0	70 72 69 6e 74 20 61 73 20 61 6e 20 69 6e 69 74 69 61 6c 20 73 65 74 75 70 20 74 6f 20 67 65 74	print.as.an.initial.setup.to.get
81900	20 61 6e 20 4c 41 43 50 20 62 6f 6e 64 20 2f 20 70 6f 72 74 2d 63 68 61 6e 6e 65 6c 20 6f 70 65	.an.LACP.bond./.port-channel.ope
81920	72 61 74 69 6f 6e 61 6c 20 62 65 74 77 65 65 6e 20 74 68 6f 73 65 20 74 77 6f 20 64 65 76 69 63	rational.between.those.two.devic
81940	65 73 2e 00 57 68 65 72 65 20 62 6f 74 68 20 72 6f 75 74 65 73 20 77 65 72 65 20 72 65 63 65 69	es..Where.both.routes.were.recei
81960	76 65 64 20 66 72 6f 6d 20 65 42 47 50 20 70 65 65 72 73 2c 20 74 68 65 6e 20 70 72 65 66 65 72	ved.from.eBGP.peers,.then.prefer
81980	20 74 68 65 20 72 6f 75 74 65 20 77 68 69 63 68 20 69 73 20 61 6c 72 65 61 64 79 20 73 65 6c 65	.the.route.which.is.already.sele
819a0	63 74 65 64 2e 20 4e 6f 74 65 20 74 68 61 74 20 74 68 69 73 20 63 68 65 63 6b 20 69 73 20 6e 6f	cted..Note.that.this.check.is.no
819c0	74 20 61 70 70 6c 69 65 64 20 69 66 20 3a 63 66 67 63 6d 64 3a 60 62 67 70 20 62 65 73 74 70 61	t.applied.if.:cfgcmd:`bgp.bestpa
819e0	74 68 20 63 6f 6d 70 61 72 65 2d 72 6f 75 74 65 72 69 64 60 20 69 73 20 63 6f 6e 66 69 67 75 72	th.compare-routerid`.is.configur
81a00	65 64 2e 20 54 68 69 73 20 63 68 65 63 6b 20 63 61 6e 20 70 72 65 76 65 6e 74 20 73 6f 6d 65 20	ed..This.check.can.prevent.some.
81a20	63 61 73 65 73 20 6f 66 20 6f 73 63 69 6c 6c 61 74 69 6f 6e 2e 00 57 68 65 72 65 20 72 6f 75 74	cases.of.oscillation..Where.rout
81a40	65 73 20 77 69 74 68 20 61 20 4d 45 44 20 77 65 72 65 20 72 65 63 65 69 76 65 64 20 66 72 6f 6d	es.with.a.MED.were.received.from
81a60	20 74 68 65 20 73 61 6d 65 20 41 53 2c 20 70 72 65 66 65 72 20 74 68 65 20 72 6f 75 74 65 20 77	.the.same.AS,.prefer.the.route.w
81a80	69 74 68 20 74 68 65 20 6c 6f 77 65 73 74 20 4d 45 44 2e 00 57 68 65 72 65 2c 20 6d 61 69 6e 20	ith.the.lowest.MED..Where,.main.
81aa0	6b 65 79 20 77 6f 72 64 73 20 61 6e 64 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 70 61 74 68	key.words.and.configuration.path
81ac0	73 20 74 68 61 74 20 6e 65 65 64 73 20 74 6f 20 62 65 20 75 6e 64 65 72 73 74 6f 6f 64 3a 00 57	s.that.needs.to.be.understood:.W
81ae0	68 65 74 68 65 72 20 74 6f 20 61 63 63 65 70 74 20 44 41 44 20 28 44 75 70 6c 69 63 61 74 65 20	hether.to.accept.DAD.(Duplicate.
81b00	41 64 64 72 65 73 73 20 44 65 74 65 63 74 69 6f 6e 29 2e 00 57 68 69 63 68 20 67 65 6e 65 72 61	Address.Detection)..Which.genera
81b20	74 65 73 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3a	tes.the.following.configuration:
81b40	00 57 68 69 63 68 20 72 65 73 75 6c 74 73 20 69 6e 20 61 20 63 6f 6e 66 69 67 75 72 61 74 69 6f	.Which.results.in.a.configuratio
81b60	6e 20 6f 66 3a 00 57 68 69 63 68 20 77 6f 75 6c 64 20 67 65 6e 65 72 61 74 65 20 74 68 65 20 66	n.of:.Which.would.generate.the.f
81b80	6f 6c 6c 6f 77 69 6e 67 20 4e 41 54 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 63 6f 6e 66 69 67 75	ollowing.NAT.destination.configu
81ba0	72 61 74 69 6f 6e 3a 00 57 68 69 6c 65 20 2a 2a 6e 65 74 77 6f 72 6b 20 67 72 6f 75 70 73 2a 2a	ration:.While.**network.groups**
81bc0	20 61 63 63 65 70 74 20 49 50 20 6e 65 74 77 6f 72 6b 73 20 69 6e 20 43 49 44 52 20 6e 6f 74 61	.accept.IP.networks.in.CIDR.nota
81be0	74 69 6f 6e 2c 20 73 70 65 63 69 66 69 63 20 49 50 20 61 64 64 72 65 73 73 65 73 20 63 61 6e 20	tion,.specific.IP.addresses.can.
81c00	62 65 20 61 64 64 65 64 20 61 73 20 61 20 33 32 2d 62 69 74 20 70 72 65 66 69 78 2e 20 49 66 20	be.added.as.a.32-bit.prefix..If.
81c20	79 6f 75 20 66 6f 72 65 73 65 65 20 74 68 65 20 6e 65 65 64 20 74 6f 20 61 64 64 20 61 20 6d 69	you.foresee.the.need.to.add.a.mi
81c40	78 20 6f 66 20 61 64 64 72 65 73 73 65 73 20 61 6e 64 20 6e 65 74 77 6f 72 6b 73 2c 20 74 68 65	x.of.addresses.and.networks,.the
81c60	20 6e 65 74 77 6f 72 6b 20 67 72 6f 75 70 20 69 73 20 72 65 63 6f 6d 6d 65 6e 64 65 64 2e 00 57	.network.group.is.recommended..W
81c80	68 69 6c 65 20 6d 61 6e 79 20 61 72 65 20 61 77 61 72 65 20 6f 66 20 4f 70 65 6e 56 50 4e 20 61	hile.many.are.aware.of.OpenVPN.a
81ca0	73 20 61 20 43 6c 69 65 6e 74 20 56 50 4e 20 73 6f 6c 75 74 69 6f 6e 2c 20 69 74 20 69 73 20 6f	s.a.Client.VPN.solution,.it.is.o
81cc0	66 74 65 6e 20 6f 76 65 72 6c 6f 6f 6b 65 64 20 61 73 20 61 20 73 69 74 65 2d 74 6f 2d 73 69 74	ften.overlooked.as.a.site-to-sit
81ce0	65 20 56 50 4e 20 73 6f 6c 75 74 69 6f 6e 20 64 75 65 20 74 6f 20 6c 61 63 6b 20 6f 66 20 73 75	e.VPN.solution.due.to.lack.of.su
81d00	70 70 6f 72 74 20 66 6f 72 20 74 68 69 73 20 6d 6f 64 65 20 69 6e 20 6d 61 6e 79 20 72 6f 75 74	pport.for.this.mode.in.many.rout
81d20	65 72 20 70 6c 61 74 66 6f 72 6d 73 2e 00 57 68 69 6c 65 20 6e 6f 72 6d 61 6c 20 47 52 45 20 69	er.platforms..While.normal.GRE.i
81d40	73 20 66 6f 72 20 6c 61 79 65 72 20 33 2c 20 47 52 45 54 41 50 20 69 73 20 66 6f 72 20 6c 61 79	s.for.layer.3,.GRETAP.is.for.lay
81d60	65 72 20 32 2e 20 47 52 45 54 41 50 20 63 61 6e 20 65 6e 63 61 70 73 75 6c 61 74 65 20 45 74 68	er.2..GRETAP.can.encapsulate.Eth
81d80	65 72 6e 65 74 20 66 72 61 6d 65 73 2c 20 74 68 75 73 20 69 74 20 63 61 6e 20 62 65 20 62 72 69	ernet.frames,.thus.it.can.be.bri
81da0	64 67 65 64 20 77 69 74 68 20 6f 74 68 65 72 20 69 6e 74 65 72 66 61 63 65 73 20 74 6f 20 63 72	dged.with.other.interfaces.to.cr
81dc0	65 61 74 65 20 64 61 74 61 6c 69 6e 6b 20 6c 61 79 65 72 20 73 65 67 6d 65 6e 74 73 20 74 68 61	eate.datalink.layer.segments.tha
81de0	74 20 73 70 61 6e 20 6d 75 6c 74 69 70 6c 65 20 72 65 6d 6f 74 65 20 73 69 74 65 73 2e 00 57 68	t.span.multiple.remote.sites..Wh
81e00	69 74 65 6c 69 73 74 20 6f 66 20 61 64 64 72 65 73 73 65 73 20 61 6e 64 20 6e 65 74 77 6f 72 6b	itelist.of.addresses.and.network
81e20	73 2e 20 41 6c 77 61 79 73 20 61 6c 6c 6f 77 20 69 6e 62 6f 75 6e 64 20 63 6f 6e 6e 65 63 74 69	s..Always.allow.inbound.connecti
81e40	6f 6e 73 20 66 72 6f 6d 20 74 68 65 73 65 20 73 79 73 74 65 6d 73 2e 00 57 69 6c 6c 20 61 64 64	ons.from.these.systems..Will.add
81e60	20 60 60 70 65 72 73 69 73 74 65 6e 74 2d 6b 65 79 60 60 20 61 74 20 74 68 65 20 65 6e 64 20 6f	.``persistent-key``.at.the.end.o
81e80	66 20 74 68 65 20 67 65 6e 65 72 61 74 65 64 20 4f 70 65 6e 56 50 4e 20 63 6f 6e 66 69 67 75 72	f.the.generated.OpenVPN.configur
81ea0	61 74 69 6f 6e 2e 20 50 6c 65 61 73 65 20 75 73 65 20 74 68 69 73 20 6f 6e 6c 79 20 61 73 20 6c	ation..Please.use.this.only.as.l
81ec0	61 73 74 20 72 65 73 6f 72 74 20 2d 20 74 68 69 6e 67 73 20 6d 69 67 68 74 20 62 72 65 61 6b 20	ast.resort.-.things.might.break.
81ee0	61 6e 64 20 4f 70 65 6e 56 50 4e 20 77 6f 6e 27 74 20 73 74 61 72 74 20 69 66 20 79 6f 75 20 70	and.OpenVPN.won't.start.if.you.p
81f00	61 73 73 20 69 6e 76 61 6c 69 64 20 6f 70 74 69 6f 6e 73 2f 73 79 6e 74 61 78 2e 00 57 69 6c 6c	ass.invalid.options/syntax..Will
81f20	20 61 64 64 20 60 60 70 75 73 68 20 22 6b 65 65 70 61 6c 69 76 65 20 31 20 31 30 22 60 60 20 74	.add.``push."keepalive.1.10"``.t
81f40	6f 20 74 68 65 20 67 65 6e 65 72 61 74 65 64 20 4f 70 65 6e 56 50 4e 20 63 6f 6e 66 69 67 20 66	o.the.generated.OpenVPN.config.f
81f60	69 6c 65 2e 00 57 69 6c 6c 20 62 65 20 72 65 63 6f 72 64 65 64 20 6f 6e 6c 79 20 70 61 63 6b 65	ile..Will.be.recorded.only.packe
81f80	74 73 2f 66 6c 6f 77 73 20 6f 6e 20 2a 2a 69 6e 63 6f 6d 69 6e 67 2a 2a 20 64 69 72 65 63 74 69	ts/flows.on.**incoming**.directi
81fa0	6f 6e 20 69 6e 20 63 6f 6e 66 69 67 75 72 65 64 20 69 6e 74 65 72 66 61 63 65 73 20 62 79 20 64	on.in.configured.interfaces.by.d
81fc0	65 66 61 75 6c 74 2e 00 57 69 6c 6c 20 64 72 6f 70 20 60 3c 73 68 61 72 65 64 2d 6e 65 74 77 6f	efault..Will.drop.`<shared-netwo
81fe0	72 6b 2d 6e 61 6d 65 3e 5f 60 20 66 72 6f 6d 20 63 6c 69 65 6e 74 20 44 4e 53 20 72 65 63 6f 72	rk-name>_`.from.client.DNS.recor
82000	64 2c 20 75 73 69 6e 67 20 6f 6e 6c 79 20 74 68 65 20 68 6f 73 74 20 64 65 63 6c 61 72 61 74 69	d,.using.only.the.host.declarati
82020	6f 6e 20 6e 61 6d 65 20 61 6e 64 20 64 6f 6d 61 69 6e 3a 20 60 3c 68 6f 73 74 6e 61 6d 65 3e 2e	on.name.and.domain:.`<hostname>.
82040	3c 64 6f 6d 61 69 6e 2d 6e 61 6d 65 3e 60 00 57 69 72 65 47 75 61 72 64 00 57 69 72 65 47 75 61	<domain-name>`.WireGuard.WireGua
82060	72 64 20 43 6c 69 65 6e 74 20 51 52 20 63 6f 64 65 00 57 69 72 65 47 75 61 72 64 20 69 6e 74 65	rd.Client.QR.code.WireGuard.inte
82080	72 66 61 63 65 20 69 74 73 65 6c 66 20 75 73 65 73 20 61 64 64 72 65 73 73 20 31 30 2e 31 2e 30	rface.itself.uses.address.10.1.0
820a0	2e 31 2f 33 30 00 57 69 72 65 47 75 61 72 64 20 69 73 20 61 6e 20 65 78 74 72 65 6d 65 6c 79 20	.1/30.WireGuard.is.an.extremely.
820c0	73 69 6d 70 6c 65 20 79 65 74 20 66 61 73 74 20 61 6e 64 20 6d 6f 64 65 72 6e 20 56 50 4e 20 74	simple.yet.fast.and.modern.VPN.t
820e0	68 61 74 20 75 74 69 6c 69 7a 65 73 20 73 74 61 74 65 2d 6f 66 2d 74 68 65 2d 61 72 74 20 63 72	hat.utilizes.state-of-the-art.cr
82100	79 70 74 6f 67 72 61 70 68 79 2e 20 53 65 65 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 69 72 65	yptography..See.https://www.wire
82120	67 75 61 72 64 2e 63 6f 6d 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 00	guard.com.for.more.information..
82140	57 69 72 65 47 75 61 72 64 20 72 65 71 75 69 72 65 73 20 74 68 65 20 67 65 6e 65 72 61 74 69 6f	WireGuard.requires.the.generatio
82160	6e 20 6f 66 20 61 20 6b 65 79 70 61 69 72 2c 20 77 68 69 63 68 20 69 6e 63 6c 75 64 65 73 20 61	n.of.a.keypair,.which.includes.a
82180	20 70 72 69 76 61 74 65 20 6b 65 79 20 74 6f 20 64 65 63 72 79 70 74 20 69 6e 63 6f 6d 69 6e 67	.private.key.to.decrypt.incoming
821a0	20 74 72 61 66 66 69 63 2c 20 61 6e 64 20 61 20 70 75 62 6c 69 63 20 6b 65 79 20 66 6f 72 20 70	.traffic,.and.a.public.key.for.p
821c0	65 65 72 28 73 29 20 74 6f 20 65 6e 63 72 79 70 74 20 74 72 61 66 66 69 63 2e 00 57 69 72 65 6c	eer(s).to.encrypt.traffic..Wirel
821e0	65 73 73 20 63 68 61 6e 6e 65 6c 20 60 60 31 60 60 00 57 69 72 65 6c 65 73 73 20 64 65 76 69 63	ess.channel.``1``.Wireless.devic
82200	65 20 74 79 70 65 20 66 6f 72 20 74 68 69 73 20 69 6e 74 65 72 66 61 63 65 00 57 69 72 65 6c 65	e.type.for.this.interface.Wirele
82220	73 73 20 68 61 72 64 77 61 72 65 20 64 65 76 69 63 65 20 75 73 65 64 20 61 73 20 75 6e 64 65 72	ss.hardware.device.used.as.under
82240	6c 61 79 20 72 61 64 69 6f 2e 00 57 69 72 65 6c 65 73 73 20 6f 70 74 69 6f 6e 73 00 57 69 72 65	lay.radio..Wireless.options.Wire
82260	6c 65 73 73 20 6f 70 74 69 6f 6e 73 20 28 53 74 61 74 69 6f 6e 2f 43 6c 69 65 6e 74 29 00 57 69	less.options.(Station/Client).Wi
82280	72 65 6c 65 73 73 4d 6f 64 65 6d 20 28 57 57 41 4e 29 20 6f 70 74 69 6f 6e 73 00 57 69 74 68 20	relessModem.(WWAN).options.With.
822a0	57 69 72 65 47 75 61 72 64 2c 20 61 20 52 6f 61 64 20 57 61 72 72 69 6f 72 20 56 50 4e 20 63 6f	WireGuard,.a.Road.Warrior.VPN.co
822c0	6e 66 69 67 20 69 73 20 73 69 6d 69 6c 61 72 20 74 6f 20 61 20 73 69 74 65 2d 74 6f 2d 73 69 74	nfig.is.similar.to.a.site-to-sit
822e0	65 20 56 50 4e 2e 20 49 74 20 6a 75 73 74 20 6c 61 63 6b 73 20 74 68 65 20 60 60 61 64 64 72 65	e.VPN..It.just.lacks.the.``addre
82300	73 73 60 60 20 61 6e 64 20 60 60 70 6f 72 74 60 60 20 73 74 61 74 65 6d 65 6e 74 73 2e 00 57 69	ss``.and.``port``.statements..Wi
82320	74 68 20 74 68 65 20 60 60 6e 61 6d 65 2d 73 65 72 76 65 72 60 60 20 6f 70 74 69 6f 6e 20 73 65	th.the.``name-server``.option.se
82340	74 20 74 6f 20 60 60 6e 6f 6e 65 60 60 2c 20 56 79 4f 53 20 77 69 6c 6c 20 69 67 6e 6f 72 65 20	t.to.``none``,.VyOS.will.ignore.
82360	74 68 65 20 6e 61 6d 65 73 65 72 76 65 72 73 20 79 6f 75 72 20 49 53 50 20 73 65 6e 64 73 20 79	the.nameservers.your.ISP.sends.y
82380	6f 75 20 61 6e 64 20 74 68 75 73 20 79 6f 75 20 63 61 6e 20 66 75 6c 6c 79 20 72 65 6c 79 20 6f	ou.and.thus.you.can.fully.rely.o
823a0	6e 20 74 68 65 20 6f 6e 65 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 73	n.the.ones.you.have.configured.s
823c0	74 61 74 69 63 61 6c 6c 79 2e 00 57 69 74 68 20 74 68 65 20 66 69 72 65 77 61 6c 6c 20 79 6f 75	tatically..With.the.firewall.you
823e0	20 63 61 6e 20 73 65 74 20 72 75 6c 65 73 20 74 6f 20 61 63 63 65 70 74 2c 20 64 72 6f 70 20 6f	.can.set.rules.to.accept,.drop.o
82400	72 20 72 65 6a 65 63 74 20 49 43 4d 50 20 69 6e 2c 20 6f 75 74 20 6f 72 20 6c 6f 63 61 6c 20 74	r.reject.ICMP.in,.out.or.local.t
82420	72 61 66 66 69 63 2e 20 59 6f 75 20 63 61 6e 20 61 6c 73 6f 20 75 73 65 20 74 68 65 20 67 65 6e	raffic..You.can.also.use.the.gen
82440	65 72 61 6c 20 2a 2a 66 69 72 65 77 61 6c 6c 20 61 6c 6c 2d 70 69 6e 67 2a 2a 20 63 6f 6d 6d 61	eral.**firewall.all-ping**.comma
82460	6e 64 2e 20 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 61 66 66 65 63 74 73 20 6f 6e 6c 79 20 74 6f	nd..This.command.affects.only.to
82480	20 4c 4f 43 41 4c 20 28 70 61 63 6b 65 74 73 20 64 65 73 74 69 6e 65 64 20 66 6f 72 20 79 6f 75	.LOCAL.(packets.destined.for.you
824a0	72 20 56 79 4f 53 20 73 79 73 74 65 6d 29 2c 20 6e 6f 74 20 74 6f 20 49 4e 20 6f 72 20 4f 55 54	r.VyOS.system),.not.to.IN.or.OUT
824c0	20 74 72 61 66 66 69 63 2e 00 57 69 74 68 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 2c 20 79 6f 75	.traffic..With.this.command,.you
824e0	20 63 61 6e 20 73 70 65 63 69 66 79 20 68 6f 77 20 74 68 65 20 55 52 4c 20 70 61 74 68 20 73 68	.can.specify.how.the.URL.path.sh
82500	6f 75 6c 64 20 62 65 20 6d 61 74 63 68 65 64 20 61 67 61 69 6e 73 74 20 69 6e 63 6f 6d 69 6e 67	ould.be.matched.against.incoming
82520	20 72 65 71 75 65 73 74 73 2e 00 59 00 59 6f 75 20 61 70 70 6c 79 20 61 20 72 75 6c 65 2d 73 65	.requests..Y.You.apply.a.rule-se
82540	74 20 61 6c 77 61 79 73 20 74 6f 20 61 20 7a 6f 6e 65 20 66 72 6f 6d 20 61 6e 20 6f 74 68 65 72	t.always.to.a.zone.from.an.other
82560	20 7a 6f 6e 65 2c 20 69 74 20 69 73 20 72 65 63 6f 6d 6d 65 6e 64 65 64 20 74 6f 20 63 72 65 61	.zone,.it.is.recommended.to.crea
82580	74 65 20 6f 6e 65 20 72 75 6c 65 2d 73 65 74 20 66 6f 72 20 65 61 63 68 20 7a 6f 6e 65 20 70 61	te.one.rule-set.for.each.zone.pa
825a0	69 72 2e 00 59 6f 75 20 61 72 65 20 61 62 6c 65 20 74 6f 20 73 65 74 20 70 6f 73 74 2d 6c 6f 67	ir..You.are.able.to.set.post-log
825c0	69 6e 20 6f 72 20 70 72 65 2d 6c 6f 67 69 6e 20 62 61 6e 6e 65 72 20 6d 65 73 73 61 67 65 73 20	in.or.pre-login.banner.messages.
825e0	74 6f 20 64 69 73 70 6c 61 79 20 63 65 72 74 61 69 6e 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 66	to.display.certain.information.f
82600	6f 72 20 74 68 69 73 20 73 79 73 74 65 6d 2e 00 59 6f 75 20 61 72 65 20 62 65 20 61 62 6c 65 20	or.this.system..You.are.be.able.
82620	74 6f 20 64 6f 77 6e 6c 6f 61 64 20 74 68 65 20 66 69 6c 65 73 20 75 73 69 6e 67 20 53 43 50 2c	to.download.the.files.using.SCP,
82640	20 6f 6e 63 65 20 74 68 65 20 53 53 48 20 73 65 72 76 69 63 65 20 68 61 73 20 62 65 65 6e 20 61	.once.the.SSH.service.has.been.a
82660	63 74 69 76 61 74 65 64 20 6c 69 6b 65 20 73 6f 00 59 6f 75 20 63 61 6e 20 61 6c 73 6f 20 63 6f	ctivated.like.so.You.can.also.co
82680	6e 66 69 67 75 72 65 20 74 68 65 20 74 69 6d 65 20 69 6e 74 65 72 76 61 6c 20 66 6f 72 20 70 72	nfigure.the.time.interval.for.pr
826a0	65 65 6d 70 74 69 6f 6e 20 77 69 74 68 20 74 68 65 20 22 70 72 65 65 6d 70 74 2d 64 65 6c 61 79	eemption.with.the."preempt-delay
826c0	22 20 6f 70 74 69 6f 6e 2e 20 46 6f 72 20 65 78 61 6d 70 6c 65 2c 20 74 6f 20 73 65 74 20 74 68	".option..For.example,.to.set.th
826e0	65 20 68 69 67 68 65 72 20 70 72 69 6f 72 69 74 79 20 72 6f 75 74 65 72 20 74 6f 20 74 61 6b 65	e.higher.priority.router.to.take
82700	20 6f 76 65 72 20 69 6e 20 31 38 30 20 73 65 63 6f 6e 64 73 2c 20 75 73 65 3a 00 59 6f 75 20 63	.over.in.180.seconds,.use:.You.c
82720	61 6e 20 61 6c 73 6f 20 64 65 66 69 6e 65 20 63 75 73 74 6f 6d 20 74 69 6d 65 6f 75 74 20 76 61	an.also.define.custom.timeout.va
82740	6c 75 65 73 20 74 6f 20 61 70 70 6c 79 20 74 6f 20 61 20 73 70 65 63 69 66 69 63 20 73 75 62 73	lues.to.apply.to.a.specific.subs
82760	65 74 20 6f 66 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 2c 20 62 61 73 65 64 20 6f 6e 20 61 20 70 61	et.of.connections,.based.on.a.pa
82780	63 6b 65 74 20 61 6e 64 20 66 6c 6f 77 20 73 65 6c 65 63 74 6f 72 2e 20 54 6f 20 64 6f 20 74 68	cket.and.flow.selector..To.do.th
827a0	69 73 2c 20 79 6f 75 20 6e 65 65 64 20 74 6f 20 63 72 65 61 74 65 20 61 20 72 75 6c 65 20 64 65	is,.you.need.to.create.a.rule.de
827c0	66 69 6e 69 6e 67 20 74 68 65 20 70 61 63 6b 65 74 20 61 6e 64 20 66 6c 6f 77 20 73 65 6c 65 63	fining.the.packet.and.flow.selec
827e0	74 6f 72 2e 00 59 6f 75 20 63 61 6e 20 61 6c 73 6f 20 6b 65 65 70 20 64 69 66 66 65 72 65 6e 74	tor..You.can.also.keep.different
82800	20 44 4e 53 20 7a 6f 6e 65 20 75 70 64 61 74 65 64 2e 20 4a 75 73 74 20 63 72 65 61 74 65 20 61	.DNS.zone.updated..Just.create.a
82820	20 6e 65 77 20 63 6f 6e 66 69 67 20 6e 6f 64 65 3a 20 60 60 73 65 74 20 73 65 72 76 69 63 65 20	.new.config.node:.``set.service.
82840	64 6e 73 20 64 79 6e 61 6d 69 63 20 69 6e 74 65 72 66 61 63 65 20 3c 69 6e 74 65 72 66 61 63 65	dns.dynamic.interface.<interface
82860	3e 20 72 66 63 32 31 33 36 20 3c 6f 74 68 65 72 2d 73 65 72 76 69 63 65 2d 6e 61 6d 65 3e 60 60	>.rfc2136.<other-service-name>``
82880	00 59 6f 75 20 63 61 6e 20 61 6c 73 6f 20 73 70 65 63 69 66 79 20 77 68 69 63 68 20 49 50 76 36	.You.can.also.specify.which.IPv6
828a0	20 61 63 63 65 73 73 2d 6c 69 73 74 20 73 68 6f 75 6c 64 20 62 65 20 73 68 6f 77 6e 3a 00 59 6f	.access-list.should.be.shown:.Yo
828c0	75 20 63 61 6e 20 61 6c 73 6f 20 74 75 6e 65 20 6d 75 6c 74 69 63 61 73 74 20 77 69 74 68 20 74	u.can.also.tune.multicast.with.t
828e0	68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 63 6f 6d 6d 61 6e 64 73 2e 00 59 6f 75 20 63 61 6e 20 61	he.following.commands..You.can.a
82900	6c 73 6f 20 75 73 65 20 61 6e 6f 74 68 65 72 20 61 74 74 72 69 62 75 74 65 73 20 66 6f 72 20 69	lso.use.another.attributes.for.i
82920	64 65 6e 74 69 66 79 20 63 6c 69 65 6e 74 20 66 6f 72 20 64 69 73 63 6f 6e 6e 65 63 74 2c 20 6c	dentify.client.for.disconnect,.l
82940	69 6b 65 20 46 72 61 6d 65 64 2d 49 50 2d 41 64 64 72 65 73 73 2c 20 41 63 63 74 2d 53 65 73 73	ike.Framed-IP-Address,.Acct-Sess
82960	69 6f 6e 2d 49 64 2c 20 65 74 63 2e 20 52 65 73 75 6c 74 20 63 6f 6d 6d 61 6e 64 73 20 61 70 70	ion-Id,.etc..Result.commands.app
82980	65 61 72 73 20 69 6e 20 6c 6f 67 2e 00 59 6f 75 20 63 61 6e 20 61 6c 73 6f 20 77 72 69 74 65 20	ears.in.log..You.can.also.write.
829a0	61 20 64 65 73 63 72 69 70 74 69 6f 6e 20 66 6f 72 20 61 20 66 69 6c 74 65 72 3a 00 59 6f 75 20	a.description.for.a.filter:.You.
829c0	63 61 6e 20 61 73 73 69 67 6e 20 6d 75 6c 74 69 70 6c 65 20 6b 65 79 73 20 74 6f 20 74 68 65 20	can.assign.multiple.keys.to.the.
829e0	73 61 6d 65 20 75 73 65 72 20 62 79 20 75 73 69 6e 67 20 61 20 75 6e 69 71 75 65 20 69 64 65 6e	same.user.by.using.a.unique.iden
82a00	74 69 66 69 65 72 20 70 65 72 20 53 53 48 20 6b 65 79 2e 00 59 6f 75 20 63 61 6e 20 61 76 6f 69	tifier.per.SSH.key..You.can.avoi
82a20	64 20 74 68 65 20 22 6c 65 61 6b 79 22 20 62 65 68 61 76 69 6f 72 20 62 79 20 75 73 69 6e 67 20	d.the."leaky".behavior.by.using.
82a40	61 20 66 69 72 65 77 61 6c 6c 20 70 6f 6c 69 63 79 20 74 68 61 74 20 64 72 6f 70 73 20 22 69 6e	a.firewall.policy.that.drops."in
82a60	76 61 6c 69 64 22 20 73 74 61 74 65 20 70 61 63 6b 65 74 73 2e 00 59 6f 75 20 63 61 6e 20 63 68	valid".state.packets..You.can.ch
82a80	65 63 6b 20 79 6f 75 72 20 4e 49 43 20 64 72 69 76 65 72 20 62 79 20 69 73 73 75 69 6e 67 20 3a	eck.your.NIC.driver.by.issuing.:
82aa0	6f 70 63 6d 64 3a 60 73 68 6f 77 20 69 6e 74 65 72 66 61 63 65 73 20 65 74 68 65 72 6e 65 74 20	opcmd:`show.interfaces.ethernet.
82ac0	65 74 68 30 20 70 68 79 73 69 63 61 6c 20 7c 20 67 72 65 70 20 2d 69 20 64 72 69 76 65 72 60 00	eth0.physical.|.grep.-i.driver`.
82ae0	59 6f 75 20 63 61 6e 20 63 6f 6e 66 69 67 75 72 65 20 61 20 70 6f 6c 69 63 79 20 69 6e 74 6f 20	You.can.configure.a.policy.into.
82b00	61 20 63 6c 61 73 73 20 74 68 72 6f 75 67 68 20 74 68 65 20 60 60 71 75 65 75 65 2d 74 79 70 65	a.class.through.the.``queue-type
82b20	60 60 20 73 65 74 74 69 6e 67 2e 00 59 6f 75 20 63 61 6e 20 63 6f 6e 66 69 67 75 72 65 20 63 6c	``.setting..You.can.configure.cl
82b40	61 73 73 65 73 20 28 75 70 20 74 6f 20 34 30 39 30 29 20 77 69 74 68 20 64 69 66 66 65 72 65 6e	asses.(up.to.4090).with.differen
82b60	74 20 73 65 74 74 69 6e 67 73 20 61 6e 64 20 61 20 64 65 66 61 75 6c 74 20 70 6f 6c 69 63 79 20	t.settings.and.a.default.policy.
82b80	77 68 69 63 68 20 77 69 6c 6c 20 62 65 20 61 70 70 6c 69 65 64 20 74 6f 20 61 6e 79 20 74 72 61	which.will.be.applied.to.any.tra
82ba0	66 66 69 63 20 6e 6f 74 20 6d 61 74 63 68 69 6e 67 20 61 6e 79 20 6f 66 20 74 68 65 20 63 6f 6e	ffic.not.matching.any.of.the.con
82bc0	66 69 67 75 72 65 64 20 63 6c 61 73 73 65 73 2e 00 59 6f 75 20 63 61 6e 20 63 6f 6e 66 69 67 75	figured.classes..You.can.configu
82be0	72 65 20 6d 75 6c 74 69 70 6c 65 20 69 6e 74 65 72 66 61 63 65 73 20 77 68 69 63 68 20 77 68 6f	re.multiple.interfaces.which.who
82c00	75 6c 64 20 70 61 72 74 69 63 69 70 61 74 65 20 69 6e 20 66 6c 6f 77 20 61 63 63 6f 75 6e 74 69	uld.participate.in.flow.accounti
82c20	6e 67 2e 00 59 6f 75 20 63 61 6e 20 63 6f 6e 66 69 67 75 72 65 20 6d 75 6c 74 69 70 6c 65 20 69	ng..You.can.configure.multiple.i
82c40	6e 74 65 72 66 61 63 65 73 20 77 68 69 63 68 20 77 68 6f 75 6c 64 20 70 61 72 74 69 63 69 70 61	nterfaces.which.whould.participa
82c60	74 65 20 69 6e 20 73 66 6c 6f 77 20 61 63 63 6f 75 6e 74 69 6e 67 2e 00 59 6f 75 20 63 61 6e 20	te.in.sflow.accounting..You.can.
82c80	63 72 65 61 74 65 20 6d 75 6c 74 69 70 6c 65 20 56 4c 41 4e 20 69 6e 74 65 72 66 61 63 65 73 20	create.multiple.VLAN.interfaces.
82ca0	6f 6e 20 61 20 70 68 79 73 69 63 61 6c 20 69 6e 74 65 72 66 61 63 65 2e 20 54 68 65 20 56 4c 41	on.a.physical.interface..The.VLA
82cc0	4e 20 49 44 20 72 61 6e 67 65 20 69 73 20 66 72 6f 6d 20 30 20 74 6f 20 34 30 39 34 2e 00 59 6f	N.ID.range.is.from.0.to.4094..Yo
82ce0	75 20 63 61 6e 20 64 69 73 61 62 6c 65 20 61 20 56 52 52 50 20 67 72 6f 75 70 20 77 69 74 68 20	u.can.disable.a.VRRP.group.with.
82d00	60 60 64 69 73 61 62 6c 65 60 60 20 6f 70 74 69 6f 6e 3a 00 59 6f 75 20 63 61 6e 20 67 65 74 20	``disable``.option:.You.can.get.
82d20	6d 6f 72 65 20 73 70 65 63 69 66 69 63 20 4f 53 50 46 76 33 20 69 6e 66 6f 72 6d 61 74 69 6f 6e	more.specific.OSPFv3.information
82d40	20 62 79 20 75 73 69 6e 67 20 74 68 65 20 70 61 72 61 6d 65 74 65 72 73 20 73 68 6f 77 6e 20 62	.by.using.the.parameters.shown.b
82d60	65 6c 6f 77 3a 00 59 6f 75 20 63 61 6e 20 6e 6f 74 20 61 73 73 69 67 6e 20 74 68 65 20 73 61 6d	elow:.You.can.not.assign.the.sam
82d80	65 20 61 6c 6c 6f 77 65 64 2d 69 70 73 20 73 74 61 74 65 6d 65 6e 74 20 74 6f 20 6d 75 6c 74 69	e.allowed-ips.statement.to.multi
82da0	70 6c 65 20 57 69 72 65 47 75 61 72 64 20 70 65 65 72 73 2e 20 54 68 69 73 20 61 20 64 65 73 69	ple.WireGuard.peers..This.a.desi
82dc0	67 6e 20 64 65 63 69 73 69 6f 6e 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f	gn.decision..For.more.informatio
82de0	6e 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 74 68 65 20 60 57 69 72 65 47 75 61 72 64 20 6d 61	n.please.check.the.`WireGuard.ma
82e00	69 6c 69 6e 67 20 6c 69 73 74 60 5f 2e 00 59 6f 75 20 63 61 6e 20 6e 6f 74 20 72 75 6e 20 74 68	iling.list`_..You.can.not.run.th
82e20	69 73 20 69 6e 20 61 20 56 52 52 50 20 73 65 74 75 70 2c 20 69 66 20 6d 75 6c 74 69 70 6c 65 20	is.in.a.VRRP.setup,.if.multiple.
82e40	6d 44 4e 53 20 72 65 70 65 61 74 65 72 73 20 61 72 65 20 6c 61 75 6e 63 68 65 64 20 69 6e 20 61	mDNS.repeaters.are.launched.in.a
82e60	20 73 75 62 6e 65 74 20 79 6f 75 20 77 69 6c 6c 20 65 78 70 65 72 69 65 6e 63 65 20 74 68 65 20	.subnet.you.will.experience.the.
82e80	6d 44 4e 53 20 70 61 63 6b 65 74 20 73 74 6f 72 6d 20 64 65 61 74 68 21 00 59 6f 75 20 63 61 6e	mDNS.packet.storm.death!.You.can
82ea0	20 6e 6f 77 20 22 64 69 61 6c 22 20 74 68 65 20 70 65 65 72 20 77 69 74 68 20 74 68 65 20 66 6f	.now."dial".the.peer.with.the.fo
82ec0	6c 6c 77 6f 69 6e 67 20 63 6f 6d 6d 61 6e 64 3a 20 60 60 73 73 74 70 63 20 2d 2d 6c 6f 67 2d 6c	llwoing.command:.``sstpc.--log-l
82ee0	65 76 65 6c 20 34 20 2d 2d 6c 6f 67 2d 73 74 64 65 72 72 20 2d 2d 75 73 65 72 20 76 79 6f 73 20	evel.4.--log-stderr.--user.vyos.
82f00	2d 2d 70 61 73 73 77 6f 72 64 20 76 79 6f 73 20 76 70 6e 2e 65 78 61 6d 70 6c 65 2e 63 6f 6d 20	--password.vyos.vpn.example.com.
82f20	2d 2d 20 63 61 6c 6c 20 76 79 6f 73 60 60 2e 00 59 6f 75 20 63 61 6e 20 6e 6f 77 20 53 53 48 20	--.call.vyos``..You.can.now.SSH.
82f40	69 6e 74 6f 20 79 6f 75 72 20 73 79 73 74 65 6d 20 75 73 69 6e 67 20 61 64 6d 69 6e 2f 61 64 6d	into.your.system.using.admin/adm
82f60	69 6e 20 61 73 20 61 20 64 65 66 61 75 6c 74 20 75 73 65 72 20 73 75 70 70 6c 69 65 64 20 66 72	in.as.a.default.user.supplied.fr
82f80	6f 6d 20 74 68 65 20 60 60 6c 66 6b 65 69 74 65 6c 2f 74 61 63 61 63 73 5f 70 6c 75 73 3a 6c 61	om.the.``lfkeitel/tacacs_plus:la
82fa0	74 65 73 74 60 60 20 63 6f 6e 74 61 69 6e 65 72 2e 00 59 6f 75 20 63 61 6e 20 6f 6e 6c 79 20 61	test``.container..You.can.only.a
82fc0	70 70 6c 79 20 6f 6e 65 20 70 6f 6c 69 63 79 20 70 65 72 20 69 6e 74 65 72 66 61 63 65 20 61 6e	pply.one.policy.per.interface.an
82fe0	64 20 64 69 72 65 63 74 69 6f 6e 2c 20 62 75 74 20 79 6f 75 20 63 6f 75 6c 64 20 72 65 75 73 65	d.direction,.but.you.could.reuse
83000	20 61 20 70 6f 6c 69 63 79 20 6f 6e 20 64 69 66 66 65 72 65 6e 74 20 69 6e 74 65 72 66 61 63 65	.a.policy.on.different.interface
83020	73 20 61 6e 64 20 64 69 72 65 63 74 69 6f 6e 73 3a 00 59 6f 75 20 63 61 6e 20 72 75 6e 20 74 68	s.and.directions:.You.can.run.th
83040	65 20 55 44 50 20 62 72 6f 61 64 63 61 73 74 20 72 65 6c 61 79 20 73 65 72 76 69 63 65 20 6f 6e	e.UDP.broadcast.relay.service.on
83060	20 6d 75 6c 74 69 70 6c 65 20 72 6f 75 74 65 72 73 20 63 6f 6e 6e 65 63 74 65 64 20 74 6f 20 61	.multiple.routers.connected.to.a
83080	20 73 75 62 6e 65 74 2e 20 54 68 65 72 65 20 69 73 20 2a 2a 4e 4f 2a 2a 20 55 44 50 20 62 72 6f	.subnet..There.is.**NO**.UDP.bro
830a0	61 64 63 61 73 74 20 72 65 6c 61 79 20 70 61 63 6b 65 74 20 73 74 6f 72 6d 21 00 59 6f 75 20 63	adcast.relay.packet.storm!.You.c
830c0	61 6e 20 73 70 65 63 69 66 79 20 61 20 73 74 61 74 69 63 20 44 48 43 50 20 61 73 73 69 67 6e 6d	an.specify.a.static.DHCP.assignm
830e0	65 6e 74 20 6f 6e 20 61 20 70 65 72 20 68 6f 73 74 20 62 61 73 69 73 2e 20 59 6f 75 20 77 69 6c	ent.on.a.per.host.basis..You.wil
83100	6c 20 6e 65 65 64 20 74 68 65 20 4d 41 43 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 73 74	l.need.the.MAC.address.of.the.st
83120	61 74 69 6f 6e 20 61 6e 64 20 79 6f 75 72 20 64 65 73 69 72 65 64 20 49 50 20 61 64 64 72 65 73	ation.and.your.desired.IP.addres
83140	73 2e 20 54 68 65 20 61 64 64 72 65 73 73 20 6d 75 73 74 20 62 65 20 69 6e 73 69 64 65 20 74 68	s..The.address.must.be.inside.th
83160	65 20 73 75 62 6e 65 74 20 64 65 66 69 6e 69 74 69 6f 6e 20 62 75 74 20 63 61 6e 20 62 65 20 6f	e.subnet.definition.but.can.be.o
83180	75 74 73 69 64 65 20 6f 66 20 74 68 65 20 72 61 6e 67 65 20 73 74 61 74 65 6d 65 6e 74 2e 00 59	utside.of.the.range.statement..Y
831a0	6f 75 20 63 61 6e 20 74 65 73 74 20 74 68 65 20 53 4e 4d 50 76 33 20 66 75 6e 63 74 69 6f 6e 61	ou.can.test.the.SNMPv3.functiona
831c0	6c 69 74 79 20 66 72 6f 6d 20 61 6e 79 20 6c 69 6e 75 78 20 62 61 73 65 64 20 73 79 73 74 65 6d	lity.from.any.linux.based.system
831e0	2c 20 6a 75 73 74 20 72 75 6e 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 63 6f 6d 6d 61 6e 64	,.just.run.the.following.command
83200	3a 20 60 60 73 6e 6d 70 77 61 6c 6b 20 2d 76 20 33 20 2d 75 20 76 79 6f 73 20 2d 61 20 53 48 41	:.``snmpwalk.-v.3.-u.vyos.-a.SHA
83220	20 2d 41 20 76 79 6f 73 31 32 33 34 35 36 37 38 20 2d 78 20 41 45 53 20 2d 58 20 76 79 6f 73 31	.-A.vyos12345678.-x.AES.-X.vyos1
83240	32 33 34 35 36 37 38 20 2d 6c 20 61 75 74 68 50 72 69 76 20 31 39 32 2e 30 2e 32 2e 31 20 2e 31	2345678.-l.authPriv.192.0.2.1..1
83260	60 60 00 59 6f 75 20 63 61 6e 20 75 73 65 20 77 69 6c 64 63 61 72 64 20 60 60 2a 60 60 20 74 6f	``.You.can.use.wildcard.``*``.to
83280	20 6d 61 74 63 68 20 61 20 67 72 6f 75 70 20 6f 66 20 69 6e 74 65 72 66 61 63 65 73 2e 00 59 6f	.match.a.group.of.interfaces..Yo
832a0	75 20 63 61 6e 20 76 65 72 69 66 79 20 79 6f 75 72 20 56 52 52 50 20 67 72 6f 75 70 20 73 74 61	u.can.verify.your.VRRP.group.sta
832c0	74 75 73 20 77 69 74 68 20 74 68 65 20 6f 70 65 72 61 74 69 6f 6e 61 6c 20 6d 6f 64 65 20 60 60	tus.with.the.operational.mode.``
832e0	72 75 6e 20 73 68 6f 77 20 76 72 72 70 60 60 20 63 6f 6d 6d 61 6e 64 3a 00 59 6f 75 20 63 61 6e	run.show.vrrp``.command:.You.can
83300	20 76 69 65 77 20 74 68 61 74 20 74 68 65 20 70 6f 6c 69 63 79 20 69 73 20 62 65 69 6e 67 20 63	.view.that.the.policy.is.being.c
83320	6f 72 72 65 63 74 6c 79 20 28 6f 72 20 69 6e 63 6f 72 72 65 63 74 6c 79 29 20 75 74 69 6c 69 73	orrectly.(or.incorrectly).utilis
83340	65 64 20 77 69 74 68 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 63 6f 6d 6d 61 6e 64 3a 00 59	ed.with.the.following.command:.Y
83360	6f 75 20 63 61 6e 6e 6f 74 20 65 61 73 69 6c 79 20 72 65 64 69 73 74 72 69 62 75 74 65 20 49 50	ou.cannot.easily.redistribute.IP
83380	76 36 20 72 6f 75 74 65 73 20 76 69 61 20 4f 53 50 46 76 33 20 6f 6e 20 61 20 57 69 72 65 47 75	v6.routes.via.OSPFv3.on.a.WireGu
833a0	61 72 64 20 69 6e 74 65 72 66 61 63 65 20 6c 69 6e 6b 2e 20 54 68 69 73 20 72 65 71 75 69 72 65	ard.interface.link..This.require
833c0	73 20 79 6f 75 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 6c 69 6e 6b 2d 6c 6f 63 61 6c 20 61 64	s.you.to.configure.link-local.ad
833e0	64 72 65 73 73 65 73 20 6d 61 6e 75 61 6c 6c 79 20 6f 6e 20 74 68 65 20 57 69 72 65 47 75 61 72	dresses.manually.on.the.WireGuar
83400	64 20 69 6e 74 65 72 66 61 63 65 73 2c 20 73 65 65 20 3a 76 79 74 61 73 6b 3a 60 54 31 34 38 33	d.interfaces,.see.:vytask:`T1483
83420	60 2e 00 59 6f 75 20 6d 61 79 20 61 6c 73 6f 20 61 64 64 69 74 69 6f 6e 61 6c 6c 79 20 63 6f 6e	`..You.may.also.additionally.con
83440	66 69 67 75 72 65 20 74 69 6d 65 6f 75 74 73 20 66 6f 72 20 64 69 66 66 65 72 65 6e 74 20 74 79	figure.timeouts.for.different.ty
83460	70 65 73 20 6f 66 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 2e 00 59 6f 75 20 6d 61 79 20 70 72 65 66	pes.of.connections..You.may.pref
83480	65 72 20 6c 6f 63 61 6c 6c 79 20 63 6f 6e 66 69 67 75 72 65 64 20 63 61 70 61 62 69 6c 69 74 69	er.locally.configured.capabiliti
834a0	65 73 20 6d 6f 72 65 20 74 68 61 6e 20 74 68 65 20 6e 65 67 6f 74 69 61 74 65 64 20 63 61 70 61	es.more.than.the.negotiated.capa
834c0	62 69 6c 69 74 69 65 73 20 65 76 65 6e 20 74 68 6f 75 67 68 20 72 65 6d 6f 74 65 20 70 65 65 72	bilities.even.though.remote.peer
834e0	20 73 65 6e 64 73 20 63 61 70 61 62 69 6c 69 74 69 65 73 2e 20 49 66 20 74 68 65 20 70 65 65 72	.sends.capabilities..If.the.peer
83500	20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 62 79 20 3a 63 66 67 63 6d 64 3a 60 6f 76 65 72 72	.is.configured.by.:cfgcmd:`overr
83520	69 64 65 2d 63 61 70 61 62 69 6c 69 74 79 60 2c 20 56 79 4f 53 20 69 67 6e 6f 72 65 73 20 72 65	ide-capability`,.VyOS.ignores.re
83540	63 65 69 76 65 64 20 63 61 70 61 62 69 6c 69 74 69 65 73 20 74 68 65 6e 20 6f 76 65 72 72 69 64	ceived.capabilities.then.overrid
83560	65 20 6e 65 67 6f 74 69 61 74 65 64 20 63 61 70 61 62 69 6c 69 74 69 65 73 20 77 69 74 68 20 63	e.negotiated.capabilities.with.c
83580	6f 6e 66 69 67 75 72 65 64 20 76 61 6c 75 65 73 2e 00 59 6f 75 20 6d 61 79 20 77 61 6e 74 20 74	onfigured.values..You.may.want.t
835a0	6f 20 64 69 73 61 62 6c 65 20 73 65 6e 64 69 6e 67 20 43 61 70 61 62 69 6c 69 74 79 20 4e 65 67	o.disable.sending.Capability.Neg
835c0	6f 74 69 61 74 69 6f 6e 20 4f 50 45 4e 20 6d 65 73 73 61 67 65 20 6f 70 74 69 6f 6e 61 6c 20 70	otiation.OPEN.message.optional.p
835e0	61 72 61 6d 65 74 65 72 20 74 6f 20 74 68 65 20 70 65 65 72 20 77 68 65 6e 20 72 65 6d 6f 74 65	arameter.to.the.peer.when.remote
83600	20 70 65 65 72 20 64 6f 65 73 20 6e 6f 74 20 69 6d 70 6c 65 6d 65 6e 74 20 43 61 70 61 62 69 6c	.peer.does.not.implement.Capabil
83620	69 74 79 20 4e 65 67 6f 74 69 61 74 69 6f 6e 2e 20 50 6c 65 61 73 65 20 75 73 65 20 3a 63 66 67	ity.Negotiation..Please.use.:cfg
83640	63 6d 64 3a 60 64 69 73 61 62 6c 65 2d 63 61 70 61 62 69 6c 69 74 79 2d 6e 65 67 6f 74 69 61 74	cmd:`disable-capability-negotiat
83660	69 6f 6e 60 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 64 69 73 61 62 6c 65 20 74 68 65 20 66 65 61 74	ion`.command.to.disable.the.feat
83680	75 72 65 2e 00 59 6f 75 20 6e 65 65 64 20 32 20 73 65 70 61 72 61 74 65 20 66 69 72 65 77 61 6c	ure..You.need.2.separate.firewal
836a0	6c 73 20 74 6f 20 64 65 66 69 6e 65 20 74 72 61 66 66 69 63 3a 20 6f 6e 65 20 66 6f 72 20 65 61	ls.to.define.traffic:.one.for.ea
836c0	63 68 20 64 69 72 65 63 74 69 6f 6e 2e 00 59 6f 75 20 6e 65 65 64 20 74 6f 20 64 69 73 61 62 6c	ch.direction..You.need.to.disabl
836e0	65 20 74 68 65 20 69 6e 2d 6d 65 6d 6f 72 79 20 74 61 62 6c 65 20 69 6e 20 70 72 6f 64 75 63 74	e.the.in-memory.table.in.product
83700	69 6f 6e 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 73 21 20 55 73 69 6e 67 20 3a 61 62 62 72 3a 60 49	ion.environments!.Using.:abbr:`I
83720	4d 54 20 28 49 6e 2d 4d 65 6d 6f 72 79 20 54 61 62 6c 65 29 60 20 6d 61 79 20 6c 65 61 64 20 74	MT.(In-Memory.Table)`.may.lead.t
83740	6f 20 68 65 61 76 79 20 43 50 55 20 6f 76 65 72 6c 6f 61 64 69 6e 67 20 61 6e 64 20 75 6e 73 74	o.heavy.CPU.overloading.and.unst
83760	61 62 6c 65 20 66 6c 6f 77 2d 61 63 63 6f 75 6e 74 69 6e 67 20 62 65 68 61 76 69 6f 72 2e 00 59	able.flow-accounting.behavior..Y
83780	6f 75 20 6e 65 65 64 20 79 6f 75 72 20 50 50 50 6f 45 20 63 72 65 64 65 6e 74 69 61 6c 73 20 66	ou.need.your.PPPoE.credentials.f
837a0	72 6f 6d 20 79 6f 75 72 20 44 53 4c 20 49 53 50 20 69 6e 20 6f 72 64 65 72 20 74 6f 20 63 6f 6e	rom.your.DSL.ISP.in.order.to.con
837c0	66 69 67 75 72 65 20 74 68 69 73 2e 20 54 68 65 20 75 73 75 61 6c 20 75 73 65 72 6e 61 6d 65 20	figure.this..The.usual.username.
837e0	69 73 20 69 6e 20 74 68 65 20 66 6f 72 6d 20 6f 66 20 6e 61 6d 65 40 68 6f 73 74 2e 6e 65 74 20	is.in.the.form.of.name@host.net.
83800	62 75 74 20 6d 61 79 20 76 61 72 79 20 64 65 70 65 6e 64 69 6e 67 20 6f 6e 20 49 53 50 2e 00 59	but.may.vary.depending.on.ISP..Y
83820	6f 75 20 6e 6f 77 20 73 65 65 20 74 68 65 20 6c 6f 6e 67 65 72 20 41 53 20 70 61 74 68 2e 00 59	ou.now.see.the.longer.AS.path..Y
83840	6f 75 20 73 68 6f 75 6c 64 20 61 64 64 20 61 20 66 69 72 65 77 61 6c 6c 20 74 6f 20 79 6f 75 72	ou.should.add.a.firewall.to.your
83860	20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 62 6f 76 65 20 61 73 20 77 65 6c 6c 20 62 79 20	.configuration.above.as.well.by.
83880	61 73 73 69 67 6e 69 6e 67 20 69 74 20 74 6f 20 74 68 65 20 70 70 70 6f 65 30 20 69 74 73 65 6c	assigning.it.to.the.pppoe0.itsel
838a0	66 20 61 73 20 73 68 6f 77 6e 20 68 65 72 65 3a 00 59 6f 75 20 73 68 6f 75 6c 64 20 61 6c 73 6f	f.as.shown.here:.You.should.also
838c0	20 65 6e 73 75 72 65 20 74 68 61 74 20 74 68 65 20 4f 55 54 49 53 44 45 5f 4c 4f 43 41 4c 20 66	.ensure.that.the.OUTISDE_LOCAL.f
838e0	69 72 65 77 61 6c 6c 20 67 72 6f 75 70 20 69 73 20 61 70 70 6c 69 65 64 20 74 6f 20 74 68 65 20	irewall.group.is.applied.to.the.
83900	57 41 4e 20 69 6e 74 65 72 66 61 63 65 20 61 6e 64 20 61 20 64 69 72 65 63 74 69 6f 6e 20 28 6c	WAN.interface.and.a.direction.(l
83920	6f 63 61 6c 29 2e 00 59 6f 75 20 77 69 6c 6c 20 61 6c 73 6f 20 6e 65 65 64 20 74 68 65 20 70 75	ocal)..You.will.also.need.the.pu
83940	62 6c 69 63 20 6b 65 79 20 6f 66 20 79 6f 75 72 20 70 65 65 72 20 61 73 20 77 65 6c 6c 20 61 73	blic.key.of.your.peer.as.well.as
83960	20 74 68 65 20 6e 65 74 77 6f 72 6b 28 73 29 20 79 6f 75 20 77 61 6e 74 20 74 6f 20 74 75 6e 6e	.the.network(s).you.want.to.tunn
83980	65 6c 20 28 61 6c 6c 6f 77 65 64 2d 69 70 73 29 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 61 20	el.(allowed-ips).to.configure.a.
839a0	57 69 72 65 47 75 61 72 64 20 74 75 6e 6e 65 6c 2e 20 54 68 65 20 70 75 62 6c 69 63 20 6b 65 79	WireGuard.tunnel..The.public.key
839c0	20 62 65 6c 6f 77 20 69 73 20 61 6c 77 61 79 73 20 74 68 65 20 70 75 62 6c 69 63 20 6b 65 79 20	.below.is.always.the.public.key.
839e0	66 72 6f 6d 20 79 6f 75 72 20 70 65 65 72 2c 20 6e 6f 74 20 79 6f 75 72 20 6c 6f 63 61 6c 20 6f	from.your.peer,.not.your.local.o
83a00	6e 65 2e 00 59 6f 75 72 20 49 53 50 73 20 6d 6f 64 65 6d 20 69 73 20 63 6f 6e 6e 65 63 74 65 64	ne..Your.ISPs.modem.is.connected
83a20	20 74 6f 20 70 6f 72 74 20 60 60 65 74 68 30 60 60 20 6f 66 20 79 6f 75 72 20 56 79 4f 53 20 62	.to.port.``eth0``.of.your.VyOS.b
83a40	6f 78 2e 00 5a 65 62 72 61 20 73 75 70 70 6f 72 74 73 20 70 72 65 66 69 78 2d 6c 69 73 74 73 20	ox..Zebra.supports.prefix-lists.
83a60	61 6e 64 20 52 6f 75 74 65 20 4d 61 70 73 73 20 74 6f 20 6d 61 74 63 68 20 72 6f 75 74 65 73 20	and.Route.Mapss.to.match.routes.
83a80	72 65 63 65 69 76 65 64 20 66 72 6f 6d 20 6f 74 68 65 72 20 46 52 52 20 63 6f 6d 70 6f 6e 65 6e	received.from.other.FRR.componen
83aa0	74 73 2e 20 54 68 65 20 70 65 72 6d 69 74 2f 64 65 6e 79 20 66 61 63 69 6c 69 74 69 65 73 20 70	ts..The.permit/deny.facilities.p
83ac0	72 6f 76 69 64 65 64 20 62 79 20 74 68 65 73 65 20 63 6f 6d 6d 61 6e 64 73 20 63 61 6e 20 62 65	rovided.by.these.commands.can.be
83ae0	20 75 73 65 64 20 74 6f 20 66 69 6c 74 65 72 20 77 68 69 63 68 20 72 6f 75 74 65 73 20 7a 65 62	.used.to.filter.which.routes.zeb
83b00	72 61 20 77 69 6c 6c 20 69 6e 73 74 61 6c 6c 20 69 6e 20 74 68 65 20 6b 65 72 6e 65 6c 2e 00 5a	ra.will.install.in.the.kernel..Z
83b20	65 62 72 61 2f 4b 65 72 6e 65 6c 20 72 6f 75 74 65 20 66 69 6c 74 65 72 69 6e 67 00 5a 6f 6e 65	ebra/Kernel.route.filtering.Zone
83b40	20 42 61 73 65 64 20 46 69 72 65 77 61 6c 6c 00 5a 6f 6e 65 2d 50 6f 6c 69 63 79 20 4f 76 65 72	.Based.Firewall.Zone-Policy.Over
83b60	76 69 65 77 00 5b 41 2e 42 2e 43 2e 44 5d 20 e2 80 93 20 6c 69 6e 6b 2d 73 74 61 74 65 2d 69 64	view.[A.B.C.D].....link-state-id
83b80	2e 20 57 69 74 68 20 74 68 69 73 20 73 70 65 63 69 66 69 65 64 20 74 68 65 20 63 6f 6d 6d 61 6e	..With.this.specified.the.comman
83ba0	64 20 64 69 73 70 6c 61 79 73 20 70 6f 72 74 69 6f 6e 20 6f 66 20 74 68 65 20 6e 65 74 77 6f 72	d.displays.portion.of.the.networ
83bc0	6b 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 20 74 68 61 74 20 69 73 20 62 65 69 6e 67 20 64 65 73 63	k.environment.that.is.being.desc
83be0	72 69 62 65 64 20 62 79 20 74 68 65 20 61 64 76 65 72 74 69 73 65 6d 65 6e 74 2e 20 54 68 65 20	ribed.by.the.advertisement..The.
83c00	76 61 6c 75 65 20 65 6e 74 65 72 65 64 20 64 65 70 65 6e 64 73 20 6f 6e 20 74 68 65 20 61 64 76	value.entered.depends.on.the.adv
83c20	65 72 74 69 73 65 6d 65 6e 74 e2 80 99 73 20 4c 53 20 74 79 70 65 2e 20 49 74 20 6d 75 73 74 20	ertisement...s.LS.type..It.must.
83c40	62 65 20 65 6e 74 65 72 65 64 20 69 6e 20 74 68 65 20 66 6f 72 6d 20 6f 66 20 61 6e 20 49 50 20	be.entered.in.the.form.of.an.IP.
83c60	61 64 64 72 65 73 73 2e 00 60 31 2e 20 43 72 65 61 74 65 20 61 6e 20 65 76 65 6e 74 20 68 61 6e	address..`1..Create.an.event.han
83c80	64 6c 65 72 60 5f 00 60 32 2e 20 41 64 64 20 72 65 67 65 78 20 74 6f 20 74 68 65 20 73 63 72 69	dler`_.`2..Add.regex.to.the.scri
83ca0	70 74 60 5f 00 60 33 2e 20 41 64 64 20 61 20 66 75 6c 6c 20 70 61 74 68 20 74 6f 20 74 68 65 20	pt`_.`3..Add.a.full.path.to.the.
83cc0	73 63 72 69 70 74 60 5f 00 60 34 2e 20 41 64 64 20 6f 70 74 69 6f 6e 61 6c 20 70 61 72 61 6d 65	script`_.`4..Add.optional.parame
83ce0	74 65 72 73 60 5f 00 60 3c 6e 61 6d 65 3e 60 20 6d 75 73 74 20 62 65 20 69 64 65 6e 74 69 63 61	ters`_.`<name>`.must.be.identica
83d00	6c 20 6f 6e 20 62 6f 74 68 20 73 69 64 65 73 21 00 60 60 24 20 74 61 69 6c 20 2d 6e 20 2b 32 20	l.on.both.sides!.``$.tail.-n.+2.
83d20	63 61 2e 6b 65 79 20 7c 20 68 65 61 64 20 2d 6e 20 2d 31 20 7c 20 74 72 20 2d 64 20 27 5c 6e 27	ca.key.|.head.-n.-1.|.tr.-d.'\n'
83d40	60 60 00 60 60 24 20 74 61 69 6c 20 2d 6e 20 2b 32 20 63 61 2e 70 65 6d 20 7c 20 68 65 61 64 20	``.``$.tail.-n.+2.ca.pem.|.head.
83d60	2d 6e 20 2d 31 20 7c 20 74 72 20 2d 64 20 27 5c 6e 27 60 60 00 60 60 24 20 74 61 69 6c 20 2d 6e	-n.-1.|.tr.-d.'\n'``.``$.tail.-n
83d80	20 2b 32 20 63 65 72 74 2e 6b 65 79 20 7c 20 68 65 61 64 20 2d 6e 20 2d 31 20 7c 20 74 72 20 2d	.+2.cert.key.|.head.-n.-1.|.tr.-
83da0	64 20 27 5c 6e 27 60 60 00 60 60 24 20 74 61 69 6c 20 2d 6e 20 2b 32 20 63 65 72 74 2e 70 65 6d	d.'\n'``.``$.tail.-n.+2.cert.pem
83dc0	20 7c 20 68 65 61 64 20 2d 6e 20 2d 31 20 7c 20 74 72 20 2d 64 20 27 5c 6e 27 60 60 00 60 60 2b	.|.head.-n.-1.|.tr.-d.'\n'``.``+
83de0	60 60 20 73 75 63 63 65 73 73 66 75 6c 00 60 60 2d 60 60 20 66 61 69 6c 65 64 00 60 60 2f 63 6f	``.successful.``-``.failed.``/co
83e00	6e 66 69 67 2f 73 63 72 69 70 74 73 2f 64 68 63 70 2d 63 6c 69 65 6e 74 2f 70 6f 73 74 2d 68 6f	nfig/scripts/dhcp-client/post-ho
83e20	6f 6b 73 2e 64 2f 60 60 00 60 60 2f 63 6f 6e 66 69 67 2f 73 63 72 69 70 74 73 2f 64 68 63 70 2d	oks.d/``.``/config/scripts/dhcp-
83e40	63 6c 69 65 6e 74 2f 70 72 65 2d 68 6f 6f 6b 73 2e 64 2f 60 60 00 60 60 30 2e 70 6f 6f 6c 2e 6e	client/pre-hooks.d/``.``0.pool.n
83e60	74 70 2e 6f 72 67 60 60 00 60 60 30 60 60 20 2d 20 32 30 20 6f 72 20 34 30 20 4d 48 7a 20 63 68	tp.org``.``0``.-.20.or.40.MHz.ch
83e80	61 6e 6e 65 6c 20 77 69 64 74 68 20 28 64 65 66 61 75 6c 74 29 00 60 60 30 60 60 3a 20 4e 6f 20	annel.width.(default).``0``:.No.
83ea0	72 65 70 6c 61 79 20 77 69 6e 64 6f 77 2c 20 73 74 72 69 63 74 20 63 68 65 63 6b 00 60 60 31 2d	replay.window,.strict.check.``1-
83ec0	34 32 39 34 39 36 37 32 39 35 60 60 3a 20 4e 75 6d 62 65 72 20 6f 66 20 70 61 63 6b 65 74 73 20	4294967295``:.Number.of.packets.
83ee0	74 68 61 74 20 63 6f 75 6c 64 20 62 65 20 6d 69 73 6f 72 64 65 72 65 64 00 60 60 31 2e 70 6f 6f	that.could.be.misordered.``1.poo
83f00	6c 2e 6e 74 70 2e 6f 72 67 60 60 00 60 60 31 31 35 32 30 30 60 60 20 2d 20 31 31 35 2c 32 30 30	l.ntp.org``.``115200``.-.115,200
83f20	20 62 70 73 20 28 64 65 66 61 75 6c 74 20 66 6f 72 20 73 65 72 69 61 6c 20 63 6f 6e 73 6f 6c 65	.bps.(default.for.serial.console
83f40	29 00 60 60 31 32 30 30 60 60 20 2d 20 31 32 30 30 20 62 70 73 00 60 60 31 39 32 2e 31 36 38 2e	).``1200``.-.1200.bps.``192.168.
83f60	32 2e 32 35 34 60 60 20 49 50 20 61 64 64 72 65 65 73 73 20 6f 6e 20 56 79 4f 53 20 65 74 68 32	2.254``.IP.addreess.on.VyOS.eth2
83f80	20 66 72 6f 6d 20 49 53 50 32 00 60 60 31 39 32 30 30 60 60 20 2d 20 31 39 2c 32 30 30 20 62 70	.from.ISP2.``19200``.-.19,200.bp
83fa0	73 00 60 60 31 60 60 20 2d 20 38 30 20 4d 48 7a 20 63 68 61 6e 6e 65 6c 20 77 69 64 74 68 00 60	s.``1``.-.80.MHz.channel.width.`
83fc0	60 32 2e 70 6f 6f 6c 2e 6e 74 70 2e 6f 72 67 60 60 00 60 60 32 30 33 2e 30 2e 31 31 33 2e 32 35	`2.pool.ntp.org``.``203.0.113.25
83fe0	34 60 60 20 49 50 20 61 64 64 72 65 65 73 73 20 6f 6e 20 56 79 4f 53 20 65 74 68 31 20 66 72 6f	4``.IP.addreess.on.VyOS.eth1.fro
84000	6d 20 49 53 50 31 00 60 60 32 34 30 30 60 60 20 2d 20 32 34 30 30 20 62 70 73 00 60 60 32 60 60	m.ISP1.``2400``.-.2400.bps.``2``
84020	20 2d 20 31 36 30 20 4d 48 7a 20 63 68 61 6e 6e 65 6c 20 77 69 64 74 68 00 60 60 33 38 34 30 30	.-.160.MHz.channel.width.``38400
84040	60 60 20 2d 20 33 38 2c 34 30 30 20 62 70 73 20 28 64 65 66 61 75 6c 74 20 66 6f 72 20 58 65 6e	``.-.38,400.bps.(default.for.Xen
84060	20 63 6f 6e 73 6f 6c 65 29 00 60 60 33 60 60 20 2d 20 38 30 2b 38 30 20 4d 48 7a 20 63 68 61 6e	.console).``3``.-.80+80.MHz.chan
84080	6e 65 6c 20 77 69 64 74 68 00 60 60 34 38 30 30 60 60 20 2d 20 34 38 30 30 20 62 70 73 00 60 60	nel.width.``4800``.-.4800.bps.``
840a0	35 37 36 30 30 60 60 20 2d 20 35 37 2c 36 30 30 20 62 70 73 00 60 60 38 30 32 2e 33 61 64 60 60	57600``.-.57,600.bps.``802.3ad``
840c0	20 2d 20 49 45 45 45 20 38 30 32 2e 33 61 64 20 44 79 6e 61 6d 69 63 20 6c 69 6e 6b 20 61 67 67	.-.IEEE.802.3ad.Dynamic.link.agg
840e0	72 65 67 61 74 69 6f 6e 2e 20 43 72 65 61 74 65 73 20 61 67 67 72 65 67 61 74 69 6f 6e 20 67 72	regation..Creates.aggregation.gr
84100	6f 75 70 73 20 74 68 61 74 20 73 68 61 72 65 20 74 68 65 20 73 61 6d 65 20 73 70 65 65 64 20 61	oups.that.share.the.same.speed.a
84120	6e 64 20 64 75 70 6c 65 78 20 73 65 74 74 69 6e 67 73 2e 20 55 74 69 6c 69 7a 65 73 20 61 6c 6c	nd.duplex.settings..Utilizes.all
84140	20 73 6c 61 76 65 73 20 69 6e 20 74 68 65 20 61 63 74 69 76 65 20 61 67 67 72 65 67 61 74 6f 72	.slaves.in.the.active.aggregator
84160	20 61 63 63 6f 72 64 69 6e 67 20 74 6f 20 74 68 65 20 38 30 32 2e 33 61 64 20 73 70 65 63 69 66	.according.to.the.802.3ad.specif
84180	69 63 61 74 69 6f 6e 2e 00 60 60 39 36 30 30 60 60 20 2d 20 39 36 30 30 20 62 70 73 00 60 60 3c	ication..``9600``.-.9600.bps.``<
841a0	20 64 68 2d 67 72 6f 75 70 20 3e 60 60 20 64 65 66 69 6e 65 73 20 61 20 44 69 66 66 69 65 2d 48	.dh-group.>``.defines.a.Diffie-H
841c0	65 6c 6c 6d 61 6e 20 67 72 6f 75 70 20 66 6f 72 20 50 46 53 3b 00 60 60 4b 6e 6f 77 6e 20 6c 69	ellman.group.for.PFS;.``Known.li
841e0	6d 69 74 61 74 69 6f 6e 73 3a 60 60 00 60 60 57 4c 42 5f 49 4e 54 45 52 46 41 43 45 5f 4e 41 4d	mitations:``.``WLB_INTERFACE_NAM
84200	45 3d 5b 69 6e 74 65 72 66 61 63 65 6e 61 6d 65 5d 60 60 3a 20 49 6e 74 65 72 66 61 63 65 20 74	E=[interfacename]``:.Interface.t
84220	6f 20 62 65 20 6d 6f 6e 69 74 6f 72 65 64 00 60 60 57 4c 42 5f 49 4e 54 45 52 46 41 43 45 5f 53	o.be.monitored.``WLB_INTERFACE_S
84240	54 41 54 45 3d 5b 41 43 54 49 56 45 7c 46 41 49 4c 45 44 5d 60 60 3a 20 49 6e 74 65 72 66 61 63	TATE=[ACTIVE|FAILED]``:.Interfac
84260	65 20 73 74 61 74 65 00 60 60 61 60 60 20 2d 20 38 30 32 2e 31 31 61 20 2d 20 35 34 20 4d 62 69	e.state.``a``.-.802.11a.-.54.Mbi
84280	74 73 2f 73 65 63 00 60 60 61 63 60 60 20 2d 20 38 30 32 2e 31 31 61 63 20 2d 20 31 33 30 30 20	ts/sec.``ac``.-.802.11ac.-.1300.
842a0	4d 62 69 74 73 2f 73 65 63 00 60 60 61 63 63 65 70 74 2d 6f 77 6e 2d 6e 65 78 74 68 6f 70 60 60	Mbits/sec.``accept-own-nexthop``
842c0	20 2d 20 20 20 20 20 20 20 20 20 20 20 57 65 6c 6c 2d 6b 6e 6f 77 6e 20 63 6f 6d 6d 75 6e 69 74	.-...........Well-known.communit
842e0	69 65 73 20 76 61 6c 75 65 20 61 63 63 65 70 74 2d 6f 77 6e 2d 6e 65 78 74 68 6f 70 20 30 78 46	ies.value.accept-own-nexthop.0xF
84300	46 46 46 30 30 30 38 00 60 60 61 63 63 65 70 74 2d 6f 77 6e 60 60 20 2d 20 20 20 20 20 20 20 20	FFF0008.``accept-own``.-........
84320	20 20 20 20 20 20 20 20 20 20 20 57 65 6c 6c 2d 6b 6e 6f 77 6e 20 63 6f 6d 6d 75 6e 69 74 69 65	...........Well-known.communitie
84340	73 20 76 61 6c 75 65 20 41 43 43 45 50 54 5f 4f 57 4e 20 30 78 46 46 46 46 30 30 30 31 00 60 60	s.value.ACCEPT_OWN.0xFFFF0001.``
84360	61 63 63 65 70 74 60 60 3a 20 61 63 63 65 70 74 20 74 68 65 20 70 61 63 6b 65 74 2e 00 60 60 61	accept``:.accept.the.packet..``a
84380	63 63 65 73 73 2d 70 6f 69 6e 74 60 60 20 2d 20 41 63 63 65 73 73 2d 70 6f 69 6e 74 20 66 6f 72	ccess-point``.-.Access-point.for
843a0	77 61 72 64 73 20 70 61 63 6b 65 74 73 20 62 65 74 77 65 65 6e 20 6f 74 68 65 72 20 6e 6f 64 65	wards.packets.between.other.node
843c0	73 00 60 60 61 63 74 69 6f 6e 60 60 20 6b 65 65 70 2d 61 6c 69 76 65 20 66 61 69 6c 75 72 65 20	s.``action``.keep-alive.failure.
843e0	61 63 74 69 6f 6e 3a 00 60 60 61 63 74 69 76 65 2d 62 61 63 6b 75 70 60 60 20 2d 20 41 63 74 69	action:.``active-backup``.-.Acti
84400	76 65 2d 62 61 63 6b 75 70 20 70 6f 6c 69 63 79 3a 20 4f 6e 6c 79 20 6f 6e 65 20 73 6c 61 76 65	ve-backup.policy:.Only.one.slave
84420	20 69 6e 20 74 68 65 20 62 6f 6e 64 20 69 73 20 61 63 74 69 76 65 2e 20 41 20 64 69 66 66 65 72	.in.the.bond.is.active..A.differ
84440	65 6e 74 20 73 6c 61 76 65 20 62 65 63 6f 6d 65 73 20 61 63 74 69 76 65 20 69 66 2c 20 61 6e 64	ent.slave.becomes.active.if,.and
84460	20 6f 6e 6c 79 20 69 66 2c 20 74 68 65 20 61 63 74 69 76 65 20 73 6c 61 76 65 20 66 61 69 6c 73	.only.if,.the.active.slave.fails
84480	2e 20 54 68 65 20 62 6f 6e 64 27 73 20 4d 41 43 20 61 64 64 72 65 73 73 20 69 73 20 65 78 74 65	..The.bond's.MAC.address.is.exte
844a0	72 6e 61 6c 6c 79 20 76 69 73 69 62 6c 65 20 6f 6e 20 6f 6e 6c 79 20 6f 6e 65 20 70 6f 72 74 20	rnally.visible.on.only.one.port.
844c0	28 6e 65 74 77 6f 72 6b 20 61 64 61 70 74 65 72 29 20 74 6f 20 61 76 6f 69 64 20 63 6f 6e 66 75	(network.adapter).to.avoid.confu
844e0	73 69 6e 67 20 74 68 65 20 73 77 69 74 63 68 2e 00 60 60 61 64 61 70 74 69 76 65 2d 6c 6f 61 64	sing.the.switch..``adaptive-load
84500	2d 62 61 6c 61 6e 63 65 60 60 20 2d 20 41 64 61 70 74 69 76 65 20 6c 6f 61 64 20 62 61 6c 61 6e	-balance``.-.Adaptive.load.balan
84520	63 69 6e 67 3a 20 69 6e 63 6c 75 64 65 73 20 74 72 61 6e 73 6d 69 74 2d 6c 6f 61 64 2d 62 61 6c	cing:.includes.transmit-load-bal
84540	61 6e 63 65 20 70 6c 75 73 20 72 65 63 65 69 76 65 20 6c 6f 61 64 20 62 61 6c 61 6e 63 69 6e 67	ance.plus.receive.load.balancing
84560	20 66 6f 72 20 49 50 56 34 20 74 72 61 66 66 69 63 2c 20 61 6e 64 20 64 6f 65 73 20 6e 6f 74 20	.for.IPV4.traffic,.and.does.not.
84580	72 65 71 75 69 72 65 20 61 6e 79 20 73 70 65 63 69 61 6c 20 73 77 69 74 63 68 20 73 75 70 70 6f	require.any.special.switch.suppo
845a0	72 74 2e 20 54 68 65 20 72 65 63 65 69 76 65 20 6c 6f 61 64 20 62 61 6c 61 6e 63 69 6e 67 20 69	rt..The.receive.load.balancing.i
845c0	73 20 61 63 68 69 65 76 65 64 20 62 79 20 41 52 50 20 6e 65 67 6f 74 69 61 74 69 6f 6e 2e 20 54	s.achieved.by.ARP.negotiation..T
845e0	68 65 20 62 6f 6e 64 69 6e 67 20 64 72 69 76 65 72 20 69 6e 74 65 72 63 65 70 74 73 20 74 68 65	he.bonding.driver.intercepts.the
84600	20 41 52 50 20 52 65 70 6c 69 65 73 20 73 65 6e 74 20 62 79 20 74 68 65 20 6c 6f 63 61 6c 20 73	.ARP.Replies.sent.by.the.local.s
84620	79 73 74 65 6d 20 6f 6e 20 74 68 65 69 72 20 77 61 79 20 6f 75 74 20 61 6e 64 20 6f 76 65 72 77	ystem.on.their.way.out.and.overw
84640	72 69 74 65 73 20 74 68 65 20 73 6f 75 72 63 65 20 68 61 72 64 77 61 72 65 20 61 64 64 72 65 73	rites.the.source.hardware.addres
84660	73 20 77 69 74 68 20 74 68 65 20 75 6e 69 71 75 65 20 68 61 72 64 77 61 72 65 20 61 64 64 72 65	s.with.the.unique.hardware.addre
84680	73 73 20 6f 66 20 6f 6e 65 20 6f 66 20 74 68 65 20 73 6c 61 76 65 73 20 69 6e 20 74 68 65 20 62	ss.of.one.of.the.slaves.in.the.b
846a0	6f 6e 64 20 73 75 63 68 20 74 68 61 74 20 64 69 66 66 65 72 65 6e 74 20 70 65 65 72 73 20 75 73	ond.such.that.different.peers.us
846c0	65 20 64 69 66 66 65 72 65 6e 74 20 68 61 72 64 77 61 72 65 20 61 64 64 72 65 73 73 65 73 20 66	e.different.hardware.addresses.f
846e0	6f 72 20 74 68 65 20 73 65 72 76 65 72 2e 00 60 60 61 67 67 72 65 73 73 69 76 65 60 60 20 75 73	or.the.server..``aggressive``.us
84700	65 20 41 67 67 72 65 73 73 69 76 65 20 6d 6f 64 65 20 66 6f 72 20 4b 65 79 20 45 78 63 68 61 6e	e.Aggressive.mode.for.Key.Exchan
84720	67 65 73 20 69 6e 20 74 68 65 20 49 4b 45 76 31 20 70 72 6f 74 6f 63 6f 6c 20 61 67 67 72 65 73	ges.in.the.IKEv1.protocol.aggres
84740	73 69 76 65 20 6d 6f 64 65 20 69 73 20 6d 75 63 68 20 6d 6f 72 65 20 69 6e 73 65 63 75 72 65 20	sive.mode.is.much.more.insecure.
84760	63 6f 6d 70 61 72 65 64 20 74 6f 20 4d 61 69 6e 20 6d 6f 64 65 3b 00 60 60 61 6c 6c 2d 61 76 61	compared.to.Main.mode;.``all-ava
84780	69 6c 61 62 6c 65 60 60 20 61 6c 6c 20 63 68 65 63 6b 69 6e 67 20 74 61 72 67 65 74 20 61 64 64	ilable``.all.checking.target.add
847a0	72 65 73 73 65 73 20 6d 75 73 74 20 62 65 20 61 76 61 69 6c 61 62 6c 65 20 74 6f 20 70 61 73 73	resses.must.be.available.to.pass
847c0	20 74 68 69 73 20 63 68 65 63 6b 00 60 60 61 6e 79 2d 61 76 61 69 6c 61 62 6c 65 60 60 20 61 6e	.this.check.``any-available``.an
847e0	79 20 6f 66 20 74 68 65 20 63 68 65 63 6b 69 6e 67 20 74 61 72 67 65 74 20 61 64 64 72 65 73 73	y.of.the.checking.target.address
84800	65 73 20 6d 75 73 74 20 62 65 20 61 76 61 69 6c 61 62 6c 65 20 74 6f 20 70 61 73 73 20 74 68 69	es.must.be.available.to.pass.thi
84820	73 20 63 68 65 63 6b 00 60 60 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 6c 6f 63 61 6c 2d 69	s.check.``authentication.local-i
84840	64 2f 72 65 6d 6f 74 65 2d 69 64 60 60 20 2d 20 49 4b 45 20 69 64 65 6e 74 69 66 69 63 61 74 69	d/remote-id``.-.IKE.identificati
84860	6f 6e 20 69 73 20 75 73 65 64 20 66 6f 72 20 76 61 6c 69 64 61 74 69 6f 6e 20 6f 66 20 56 50 4e	on.is.used.for.validation.of.VPN
84880	20 70 65 65 72 20 64 65 76 69 63 65 73 20 64 75 72 69 6e 67 20 49 4b 45 20 6e 65 67 6f 74 69 61	.peer.devices.during.IKE.negotia
848a0	74 69 6f 6e 2e 20 49 66 20 79 6f 75 20 64 6f 20 6e 6f 74 20 63 6f 6e 66 69 67 75 72 65 20 6c 6f	tion..If.you.do.not.configure.lo
848c0	63 61 6c 2f 72 65 6d 6f 74 65 2d 69 64 65 6e 74 69 74 79 2c 20 74 68 65 20 64 65 76 69 63 65 20	cal/remote-identity,.the.device.
848e0	75 73 65 73 20 74 68 65 20 49 50 76 34 20 6f 72 20 49 50 76 36 20 61 64 64 72 65 73 73 20 74 68	uses.the.IPv4.or.IPv6.address.th
84900	61 74 20 63 6f 72 72 65 73 70 6f 6e 64 73 20 74 6f 20 74 68 65 20 6c 6f 63 61 6c 2f 72 65 6d 6f	at.corresponds.to.the.local/remo
84920	74 65 20 70 65 65 72 20 62 79 20 64 65 66 61 75 6c 74 2e 20 49 6e 20 63 65 72 74 61 69 6e 20 6e	te.peer.by.default..In.certain.n
84940	65 74 77 6f 72 6b 20 73 65 74 75 70 73 20 28 6c 69 6b 65 20 69 70 73 65 63 20 69 6e 74 65 72 66	etwork.setups.(like.ipsec.interf
84960	61 63 65 20 77 69 74 68 20 64 79 6e 61 6d 69 63 20 61 64 64 72 65 73 73 2c 20 6f 72 20 62 65 68	ace.with.dynamic.address,.or.beh
84980	69 6e 64 20 74 68 65 20 4e 41 54 20 29 2c 20 74 68 65 20 49 4b 45 20 49 44 20 72 65 63 65 69 76	ind.the.NAT.),.the.IKE.ID.receiv
849a0	65 64 20 66 72 6f 6d 20 74 68 65 20 70 65 65 72 20 64 6f 65 73 20 6e 6f 74 20 6d 61 74 63 68 20	ed.from.the.peer.does.not.match.
849c0	74 68 65 20 49 4b 45 20 67 61 74 65 77 61 79 20 63 6f 6e 66 69 67 75 72 65 64 20 6f 6e 20 74 68	the.IKE.gateway.configured.on.th
849e0	65 20 64 65 76 69 63 65 2e 20 54 68 69 73 20 63 61 6e 20 6c 65 61 64 20 74 6f 20 61 20 50 68 61	e.device..This.can.lead.to.a.Pha
84a00	73 65 20 31 20 76 61 6c 69 64 61 74 69 6f 6e 20 66 61 69 6c 75 72 65 2e 20 53 6f 2c 20 6d 61 6b	se.1.validation.failure..So,.mak
84a20	65 20 73 75 72 65 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 74 68 65 20 6c 6f 63 61 6c 2f 72 65	e.sure.to.configure.the.local/re
84a40	6d 6f 74 65 20 69 64 20 65 78 70 6c 69 63 69 74 6c 79 20 61 6e 64 20 65 6e 73 75 72 65 20 74 68	mote.id.explicitly.and.ensure.th
84a60	61 74 20 74 68 65 20 49 4b 45 20 49 44 20 69 73 20 74 68 65 20 73 61 6d 65 20 61 73 20 74 68 65	at.the.IKE.ID.is.the.same.as.the
84a80	20 72 65 6d 6f 74 65 2d 69 64 65 6e 74 69 74 79 20 63 6f 6e 66 69 67 75 72 65 64 20 6f 6e 20 74	.remote-identity.configured.on.t
84aa0	68 65 20 70 65 65 72 20 64 65 76 69 63 65 2e 00 60 60 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e	he.peer.device..``authentication
84ac0	60 60 20 2d 20 63 6f 6e 66 69 67 75 72 65 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 62 65	``.-.configure.authentication.be
84ae0	74 77 65 65 6e 20 56 79 4f 53 20 61 6e 64 20 61 20 72 65 6d 6f 74 65 20 70 65 65 72 2e 20 53 75	tween.VyOS.and.a.remote.peer..Su
84b00	62 6f 70 74 69 6f 6e 73 3a 00 60 60 62 60 60 20 2d 20 38 30 32 2e 31 31 62 20 2d 20 31 31 20 4d	boptions:.``b``.-.802.11b.-.11.M
84b20	62 69 74 73 2f 73 65 63 00 60 60 62 61 62 65 6c 60 60 20 2d 20 42 61 62 65 6c 20 72 6f 75 74 69	bits/sec.``babel``.-.Babel.routi
84b40	6e 67 20 70 72 6f 74 6f 63 6f 6c 20 28 42 61 62 65 6c 29 00 60 60 62 65 67 69 6e 60 60 20 4d 61	ng.protocol.(Babel).``begin``.Ma
84b60	74 63 68 65 73 20 74 68 65 20 62 65 67 69 6e 6e 69 6e 67 20 6f 66 20 74 68 65 20 55 52 4c 20 70	tches.the.beginning.of.the.URL.p
84b80	61 74 68 00 60 60 62 67 70 60 60 20 2d 20 42 6f 72 64 65 72 20 47 61 74 65 77 61 79 20 50 72 6f	ath.``bgp``.-.Border.Gateway.Pro
84ba0	74 6f 63 6f 6c 20 28 42 47 50 29 00 60 60 62 69 6e 64 60 60 20 2d 20 73 65 6c 65 63 74 20 61 20	tocol.(BGP).``bind``.-.select.a.
84bc0	56 54 49 20 69 6e 74 65 72 66 61 63 65 20 74 6f 20 62 69 6e 64 20 74 6f 20 74 68 69 73 20 70 65	VTI.interface.to.bind.to.this.pe
84be0	65 72 3b 00 60 60 62 6c 61 63 6b 68 6f 6c 65 60 60 20 2d 20 20 20 20 20 20 20 20 20 20 20 20 20	er;.``blackhole``.-.............
84c00	20 20 20 20 20 20 20 57 65 6c 6c 2d 6b 6e 6f 77 6e 20 63 6f 6d 6d 75 6e 69 74 69 65 73 20 76 61	.......Well-known.communities.va
84c20	6c 75 65 20 42 4c 41 43 4b 48 4f 4c 45 20 30 78 46 46 46 46 30 32 39 41 00 60 60 62 72 6f 61 64	lue.BLACKHOLE.0xFFFF029A.``broad
84c40	63 61 73 74 60 60 20 2d 20 42 72 6f 61 64 63 61 73 74 20 70 6f 6c 69 63 79 3a 20 74 72 61 6e 73	cast``.-.Broadcast.policy:.trans
84c60	6d 69 74 73 20 65 76 65 72 79 74 68 69 6e 67 20 6f 6e 20 61 6c 6c 20 73 6c 61 76 65 20 69 6e 74	mits.everything.on.all.slave.int
84c80	65 72 66 61 63 65 73 2e 00 60 60 62 75 72 73 74 60 60 3a 20 4e 75 6d 62 65 72 20 6f 66 20 70 61	erfaces..``burst``:.Number.of.pa
84ca0	63 6b 65 74 73 20 61 6c 6c 6f 77 65 64 20 74 6f 20 6f 76 65 72 73 68 6f 6f 74 20 74 68 65 20 6c	ckets.allowed.to.overshoot.the.l
84cc0	69 6d 69 74 20 77 69 74 68 69 6e 20 60 60 70 65 72 69 6f 64 60 60 2e 20 44 65 66 61 75 6c 74 20	imit.within.``period``..Default.
84ce0	35 2e 00 60 60 63 61 2d 63 65 72 74 2d 66 69 6c 65 60 60 20 2d 20 43 41 20 63 65 72 74 69 66 69	5..``ca-cert-file``.-.CA.certifi
84d00	63 61 74 65 20 66 69 6c 65 2e 20 55 73 69 6e 67 20 66 6f 72 20 61 75 74 68 65 6e 74 69 63 61 74	cate.file..Using.for.authenticat
84d20	69 6e 67 20 72 65 6d 6f 74 65 20 70 65 65 72 3b 00 60 60 63 64 70 60 60 20 2d 20 4c 69 73 74 65	ing.remote.peer;.``cdp``.-.Liste
84d40	6e 20 66 6f 72 20 43 44 50 20 66 6f 72 20 43 69 73 63 6f 20 72 6f 75 74 65 72 73 2f 73 77 69 74	n.for.CDP.for.Cisco.routers/swit
84d60	63 68 65 73 00 60 60 63 65 72 74 2d 66 69 6c 65 60 60 20 2d 20 63 65 72 74 69 66 69 63 61 74 65	ches.``cert-file``.-.certificate
84d80	20 66 69 6c 65 2c 20 77 68 69 63 68 20 77 69 6c 6c 20 62 65 20 75 73 65 64 20 66 6f 72 20 61 75	.file,.which.will.be.used.for.au
84da0	74 68 65 6e 74 69 63 61 74 69 6e 67 20 6c 6f 63 61 6c 20 72 6f 75 74 65 72 20 6f 6e 20 72 65 6d	thenticating.local.router.on.rem
84dc0	6f 74 65 20 70 65 65 72 3b 00 60 60 63 6c 65 61 72 60 60 20 73 65 74 20 61 63 74 69 6f 6e 20 74	ote.peer;.``clear``.set.action.t
84de0	6f 20 63 6c 65 61 72 3b 00 60 60 63 6c 6f 73 65 2d 61 63 74 69 6f 6e 20 3d 20 6e 6f 6e 65 20 7c	o.clear;.``close-action.=.none.|
84e00	20 63 6c 65 61 72 20 7c 20 68 6f 6c 64 20 7c 20 72 65 73 74 61 72 74 60 60 20 2d 20 64 65 66 69	.clear.|.hold.|.restart``.-.defi
84e20	6e 65 73 20 74 68 65 20 61 63 74 69 6f 6e 20 74 6f 20 74 61 6b 65 20 69 66 20 74 68 65 20 72 65	nes.the.action.to.take.if.the.re
84e40	6d 6f 74 65 20 70 65 65 72 20 75 6e 65 78 70 65 63 74 65 64 6c 79 20 63 6c 6f 73 65 73 20 61 20	mote.peer.unexpectedly.closes.a.
84e60	43 48 49 4c 44 5f 53 41 20 28 73 65 65 20 61 62 6f 76 65 20 66 6f 72 20 6d 65 61 6e 69 6e 67 20	CHILD_SA.(see.above.for.meaning.
84e80	6f 66 20 76 61 6c 75 65 73 29 2e 20 41 20 63 6c 6f 73 65 61 63 74 69 6f 6e 20 73 68 6f 75 6c 64	of.values)..A.closeaction.should
84ea0	20 6e 6f 74 20 62 65 20 75 73 65 64 20 69 66 20 74 68 65 20 70 65 65 72 20 75 73 65 73 20 72 65	.not.be.used.if.the.peer.uses.re
84ec0	61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 6f 72 20 75 6e 69 71 75 65 69 64 73 2e 00 60 60 63	authentication.or.uniqueids..``c
84ee0	6c 6f 73 65 2d 61 63 74 69 6f 6e 60 60 20 64 65 66 69 6e 65 73 20 74 68 65 20 61 63 74 69 6f 6e	lose-action``.defines.the.action
84f00	20 74 6f 20 74 61 6b 65 20 69 66 20 74 68 65 20 72 65 6d 6f 74 65 20 70 65 65 72 20 75 6e 65 78	.to.take.if.the.remote.peer.unex
84f20	70 65 63 74 65 64 6c 79 20 63 6c 6f 73 65 73 20 61 20 43 48 49 4c 44 5f 53 41 3a 00 60 60 63 6f	pectedly.closes.a.CHILD_SA:.``co
84f40	6d 70 72 65 73 73 69 6f 6e 60 60 20 20 45 6e 61 62 6c 65 73 20 74 68 65 20 20 49 50 43 6f 6d 70	mpression``..Enables.the..IPComp
84f60	28 49 50 20 50 61 79 6c 6f 61 64 20 43 6f 6d 70 72 65 73 73 69 6f 6e 29 20 70 72 6f 74 6f 63 6f	(IP.Payload.Compression).protoco
84f80	6c 20 77 68 69 63 68 20 61 6c 6c 6f 77 73 20 63 6f 6d 70 72 65 73 73 69 6e 67 20 74 68 65 20 63	l.which.allows.compressing.the.c
84fa0	6f 6e 74 65 6e 74 20 6f 66 20 49 50 20 70 61 63 6b 65 74 73 2e 00 60 60 63 6f 6d 70 72 65 73 73	ontent.of.IP.packets..``compress
84fc0	69 6f 6e 60 60 20 77 68 65 74 68 65 72 20 49 50 43 6f 6d 70 20 63 6f 6d 70 72 65 73 73 69 6f 6e	ion``.whether.IPComp.compression
84fe0	20 6f 66 20 63 6f 6e 74 65 6e 74 20 69 73 20 70 72 6f 70 6f 73 65 64 20 6f 6e 20 74 68 65 20 63	.of.content.is.proposed.on.the.c
85000	6f 6e 6e 65 63 74 69 6f 6e 3a 00 60 60 63 6f 6e 6e 65 63 74 65 64 60 60 20 2d 20 43 6f 6e 6e 65	onnection:.``connected``.-.Conne
85020	63 74 65 64 20 72 6f 75 74 65 73 20 28 64 69 72 65 63 74 6c 79 20 61 74 74 61 63 68 65 64 20 73	cted.routes.(directly.attached.s
85040	75 62 6e 65 74 20 6f 72 20 68 6f 73 74 29 00 60 60 63 6f 6e 6e 65 63 74 69 6f 6e 2d 74 79 70 65	ubnet.or.host).``connection-type
85060	60 60 20 2d 20 68 6f 77 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 69 73 20 63 6f 6e 6e 65 63 74 69	``.-.how.to.handle.this.connecti
85080	6f 6e 20 70 72 6f 63 65 73 73 2e 20 50 6f 73 73 69 62 6c 65 20 76 61 72 69 61 6e 74 73 3a 00 60	on.process..Possible.variants:.`
850a0	60 63 72 6c 2d 66 69 6c 65 60 60 20 2d 20 66 69 6c 65 20 77 69 74 68 20 74 68 65 20 43 65 72 74	`crl-file``.-.file.with.the.Cert
850c0	69 66 69 63 61 74 65 20 52 65 76 6f 63 61 74 69 6f 6e 20 4c 69 73 74 2e 20 55 73 69 6e 67 20 74	ificate.Revocation.List..Using.t
850e0	6f 20 63 68 65 63 6b 20 69 66 20 61 20 63 65 72 74 69 66 69 63 61 74 65 20 66 6f 72 20 74 68 65	o.check.if.a.certificate.for.the
85100	20 72 65 6d 6f 74 65 20 70 65 65 72 20 69 73 20 76 61 6c 69 64 20 6f 72 20 72 65 76 6f 6b 65 64	.remote.peer.is.valid.or.revoked
85120	3b 00 60 60 64 60 60 20 2d 20 45 78 65 63 75 74 69 6f 6e 20 69 6e 74 65 72 76 61 6c 20 69 6e 20	;.``d``.-.Execution.interval.in.
85140	64 61 79 73 00 60 60 64 65 61 64 2d 70 65 65 72 2d 64 65 74 65 63 74 69 6f 6e 20 61 63 74 69 6f	days.``dead-peer-detection.actio
85160	6e 20 3d 20 63 6c 65 61 72 20 7c 20 68 6f 6c 64 20 7c 20 72 65 73 74 61 72 74 60 60 20 2d 20 52	n.=.clear.|.hold.|.restart``.-.R
85180	5f 55 5f 54 48 45 52 45 20 6e 6f 74 69 66 69 63 61 74 69 6f 6e 20 6d 65 73 73 61 67 65 73 28 49	_U_THERE.notification.messages(I
851a0	4b 45 76 31 29 20 6f 72 20 65 6d 70 74 79 20 49 4e 46 4f 52 4d 41 54 49 4f 4e 41 4c 20 6d 65 73	KEv1).or.empty.INFORMATIONAL.mes
851c0	73 61 67 65 73 20 28 49 4b 45 76 32 29 20 61 72 65 20 70 65 72 69 6f 64 69 63 61 6c 6c 79 20 73	sages.(IKEv2).are.periodically.s
851e0	65 6e 74 20 69 6e 20 6f 72 64 65 72 20 74 6f 20 63 68 65 63 6b 20 74 68 65 20 6c 69 76 65 6c 69	ent.in.order.to.check.the.liveli
85200	6e 65 73 73 20 6f 66 20 74 68 65 20 49 50 73 65 63 20 70 65 65 72 2e 20 54 68 65 20 76 61 6c 75	ness.of.the.IPsec.peer..The.valu
85220	65 73 20 63 6c 65 61 72 2c 20 68 6f 6c 64 2c 20 61 6e 64 20 72 65 73 74 61 72 74 20 61 6c 6c 20	es.clear,.hold,.and.restart.all.
85240	61 63 74 69 76 61 74 65 20 44 50 44 20 61 6e 64 20 64 65 74 65 72 6d 69 6e 65 20 74 68 65 20 61	activate.DPD.and.determine.the.a
85260	63 74 69 6f 6e 20 74 6f 20 70 65 72 66 6f 72 6d 20 6f 6e 20 61 20 74 69 6d 65 6f 75 74 2e 20 57	ction.to.perform.on.a.timeout..W
85280	69 74 68 20 60 60 63 6c 65 61 72 60 60 20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 69 73 20	ith.``clear``.the.connection.is.
852a0	63 6c 6f 73 65 64 20 77 69 74 68 20 6e 6f 20 66 75 72 74 68 65 72 20 61 63 74 69 6f 6e 73 20 74	closed.with.no.further.actions.t
852c0	61 6b 65 6e 2e 20 60 60 68 6f 6c 64 60 60 20 69 6e 73 74 61 6c 6c 73 20 61 20 74 72 61 70 20 70	aken..``hold``.installs.a.trap.p
852e0	6f 6c 69 63 79 2c 20 77 68 69 63 68 20 77 69 6c 6c 20 63 61 74 63 68 20 6d 61 74 63 68 69 6e 67	olicy,.which.will.catch.matching
85300	20 74 72 61 66 66 69 63 20 61 6e 64 20 74 72 69 65 73 20 74 6f 20 72 65 2d 6e 65 67 6f 74 69 61	.traffic.and.tries.to.re-negotia
85320	74 65 20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 6f 6e 20 64 65 6d 61 6e 64 2e 20 60 60 72	te.the.connection.on.demand..``r
85340	65 73 74 61 72 74 60 60 20 77 69 6c 6c 20 69 6d 6d 65 64 69 61 74 65 6c 79 20 74 72 69 67 67 65	estart``.will.immediately.trigge
85360	72 20 61 6e 20 61 74 74 65 6d 70 74 20 74 6f 20 72 65 2d 6e 65 67 6f 74 69 61 74 65 20 74 68 65	r.an.attempt.to.re-negotiate.the
85380	20 63 6f 6e 6e 65 63 74 69 6f 6e 2e 00 60 60 64 65 61 64 2d 70 65 65 72 2d 64 65 74 65 63 74 69	.connection..``dead-peer-detecti
853a0	6f 6e 60 60 20 63 6f 6e 74 72 6f 6c 73 20 74 68 65 20 75 73 65 20 6f 66 20 74 68 65 20 44 65 61	on``.controls.the.use.of.the.Dea
853c0	64 20 50 65 65 72 20 44 65 74 65 63 74 69 6f 6e 20 70 72 6f 74 6f 63 6f 6c 20 28 44 50 44 2c 20	d.Peer.Detection.protocol.(DPD,.
853e0	52 46 43 20 33 37 30 36 29 20 77 68 65 72 65 20 52 5f 55 5f 54 48 45 52 45 20 6e 6f 74 69 66 69	RFC.3706).where.R_U_THERE.notifi
85400	63 61 74 69 6f 6e 20 6d 65 73 73 61 67 65 73 20 28 49 4b 45 76 31 29 20 6f 72 20 65 6d 70 74 79	cation.messages.(IKEv1).or.empty
85420	20 49 4e 46 4f 52 4d 41 54 49 4f 4e 41 4c 20 6d 65 73 73 61 67 65 73 20 28 49 4b 45 76 32 29 20	.INFORMATIONAL.messages.(IKEv2).
85440	61 72 65 20 70 65 72 69 6f 64 69 63 61 6c 6c 79 20 73 65 6e 74 20 69 6e 20 6f 72 64 65 72 20 74	are.periodically.sent.in.order.t
85460	6f 20 63 68 65 63 6b 20 74 68 65 20 6c 69 76 65 6c 69 6e 65 73 73 20 6f 66 20 74 68 65 20 49 50	o.check.the.liveliness.of.the.IP
85480	73 65 63 20 70 65 65 72 3a 00 60 60 64 65 66 61 75 6c 74 2d 65 73 70 2d 67 72 6f 75 70 60 60 20	sec.peer:.``default-esp-group``.
854a0	2d 20 45 53 50 20 67 72 6f 75 70 20 74 6f 20 75 73 65 20 62 79 20 64 65 66 61 75 6c 74 20 66 6f	-.ESP.group.to.use.by.default.fo
854c0	72 20 74 72 61 66 66 69 63 20 65 6e 63 72 79 70 74 69 6f 6e 2e 20 4d 69 67 68 74 20 62 65 20 6f	r.traffic.encryption..Might.be.o
854e0	76 65 72 77 72 69 74 74 65 6e 20 62 79 20 69 6e 64 69 76 69 64 75 61 6c 20 73 65 74 74 69 6e 67	verwritten.by.individual.setting
85500	73 20 66 6f 72 20 74 75 6e 6e 65 6c 20 6f 72 20 56 54 49 20 69 6e 74 65 72 66 61 63 65 20 62 69	s.for.tunnel.or.VTI.interface.bi
85520	6e 64 69 6e 67 3b 00 60 60 64 65 73 63 72 69 70 74 69 6f 6e 60 60 20 2d 20 64 65 73 63 72 69 70	nding;.``description``.-.descrip
85540	74 69 6f 6e 20 66 6f 72 20 74 68 69 73 20 70 65 65 72 3b 00 60 60 64 68 2d 67 72 6f 75 70 60 60	tion.for.this.peer;.``dh-group``
85560	20 64 68 2d 67 72 6f 75 70 3b 00 60 60 64 68 63 70 2d 69 6e 74 65 72 66 61 63 65 60 60 20 2d 20	.dh-group;.``dhcp-interface``.-.
85580	49 44 20 66 6f 72 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 67 65 6e 65 72 61 74 65 64 20	ID.for.authentication.generated.
855a0	66 72 6f 6d 20 44 48 43 50 20 61 64 64 72 65 73 73 20 64 79 6e 61 6d 69 63 61 6c 6c 79 3b 00 60	from.DHCP.address.dynamically;.`
855c0	60 64 68 63 70 2d 69 6e 74 65 72 66 61 63 65 60 60 20 2d 20 75 73 65 20 61 6e 20 49 50 20 61 64	`dhcp-interface``.-.use.an.IP.ad
855e0	64 72 65 73 73 2c 20 72 65 63 65 69 76 65 64 20 66 72 6f 6d 20 44 48 43 50 20 66 6f 72 20 49 50	dress,.received.from.DHCP.for.IP
85600	53 65 63 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 77 69 74 68 20 74 68 69 73 20 70 65 65 72 2c 20 69	Sec.connection.with.this.peer,.i
85620	6e 73 74 65 61 64 20 6f 66 20 60 60 6c 6f 63 61 6c 2d 61 64 64 72 65 73 73 60 60 3b 00 60 60 64	nstead.of.``local-address``;.``d
85640	69 73 61 62 6c 65 2d 6d 6f 62 69 6b 65 60 60 20 64 69 73 61 62 6c 65 73 20 4d 4f 42 49 4b 45 20	isable-mobike``.disables.MOBIKE.
85660	53 75 70 70 6f 72 74 2e 20 4d 4f 42 49 4b 45 20 69 73 20 6f 6e 6c 79 20 61 76 61 69 6c 61 62 6c	Support..MOBIKE.is.only.availabl
85680	65 20 66 6f 72 20 49 4b 45 76 32 20 61 6e 64 20 65 6e 61 62 6c 65 64 20 62 79 20 64 65 66 61 75	e.for.IKEv2.and.enabled.by.defau
856a0	6c 74 2e 00 60 60 64 69 73 61 62 6c 65 2d 72 6f 75 74 65 2d 61 75 74 6f 69 6e 73 74 61 6c 6c 60	lt..``disable-route-autoinstall`
856c0	60 20 2d 20 54 68 69 73 20 6f 70 74 69 6f 6e 20 77 68 65 6e 20 63 6f 6e 66 69 67 75 72 65 64 20	`.-.This.option.when.configured.
856e0	64 69 73 61 62 6c 65 73 20 74 68 65 20 72 6f 75 74 65 73 20 69 6e 73 74 61 6c 6c 65 64 20 69 6e	disables.the.routes.installed.in
85700	20 74 68 65 20 64 65 66 61 75 6c 74 20 74 61 62 6c 65 20 32 32 30 20 66 6f 72 20 73 69 74 65 2d	.the.default.table.220.for.site-
85720	74 6f 2d 73 69 74 65 20 69 70 73 65 63 2e 20 49 74 20 69 73 20 6d 6f 73 74 6c 79 20 75 73 65 64	to-site.ipsec..It.is.mostly.used
85740	20 77 69 74 68 20 56 54 49 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2e 00 60 60 64 69 73 61 62	.with.VTI.configuration..``disab
85760	6c 65 2d 72 6f 75 74 65 2d 61 75 74 6f 69 6e 73 74 61 6c 6c 60 60 20 44 6f 20 6e 6f 74 20 61 75	le-route-autoinstall``.Do.not.au
85780	74 6f 6d 61 74 69 63 61 6c 6c 79 20 69 6e 73 74 61 6c 6c 20 72 6f 75 74 65 73 20 74 6f 20 72 65	tomatically.install.routes.to.re
857a0	6d 6f 74 65 20 6e 65 74 77 6f 72 6b 73 3b 00 60 60 64 69 73 61 62 6c 65 60 60 20 2d 20 64 69 73	mote.networks;.``disable``.-.dis
857c0	61 62 6c 65 20 74 68 69 73 20 74 75 6e 6e 65 6c 3b 00 60 60 64 69 73 61 62 6c 65 60 60 20 44 69	able.this.tunnel;.``disable``.Di
857e0	73 61 62 6c 65 20 50 46 53 3b 00 60 60 64 69 73 61 62 6c 65 60 60 20 64 69 73 61 62 6c 65 20 49	sable.PFS;.``disable``.disable.I
85800	50 43 6f 6d 70 20 63 6f 6d 70 72 65 73 73 69 6f 6e 20 28 64 65 66 61 75 6c 74 29 3b 00 60 60 64	PComp.compression.(default);.``d
85820	69 73 61 62 6c 65 60 60 20 64 69 73 61 62 6c 65 20 4d 4f 42 49 4b 45 3b 00 60 60 64 72 6f 70 60	isable``.disable.MOBIKE;.``drop`
85840	60 3a 20 64 72 6f 70 20 74 68 65 20 70 61 63 6b 65 74 2e 00 60 60 65 63 64 73 61 2d 73 68 61 32	`:.drop.the.packet..``ecdsa-sha2
85860	2d 6e 69 73 74 70 32 35 36 60 60 00 60 60 65 63 64 73 61 2d 73 68 61 32 2d 6e 69 73 74 70 33 38	-nistp256``.``ecdsa-sha2-nistp38
85880	34 60 60 00 60 60 65 63 64 73 61 2d 73 68 61 32 2d 6e 69 73 74 70 35 32 31 60 60 00 60 60 65 64	4``.``ecdsa-sha2-nistp521``.``ed
858a0	70 60 60 20 2d 20 4c 69 73 74 65 6e 20 66 6f 72 20 45 44 50 20 66 6f 72 20 45 78 74 72 65 6d 65	p``.-.Listen.for.EDP.for.Extreme
858c0	20 72 6f 75 74 65 72 73 2f 73 77 69 74 63 68 65 73 00 60 60 65 6e 61 62 6c 65 60 60 20 49 6e 68	.routers/switches.``enable``.Inh
858e0	65 72 69 74 20 44 69 66 66 69 65 2d 48 65 6c 6c 6d 61 6e 20 67 72 6f 75 70 20 66 72 6f 6d 20 49	erit.Diffie-Hellman.group.from.I
85900	4b 45 20 67 72 6f 75 70 20 28 64 65 66 61 75 6c 74 29 3b 00 60 60 65 6e 61 62 6c 65 60 60 20 65	KE.group.(default);.``enable``.e
85920	6e 61 62 6c 65 20 49 50 43 6f 6d 70 20 63 6f 6d 70 72 65 73 73 69 6f 6e 3b 00 60 60 65 6e 61 62	nable.IPComp.compression;.``enab
85940	6c 65 60 60 20 65 6e 61 62 6c 65 20 4d 4f 42 49 4b 45 20 28 64 65 66 61 75 6c 74 20 66 6f 72 20	le``.enable.MOBIKE.(default.for.
85960	49 4b 45 76 32 29 3b 00 60 60 65 6e 63 72 79 70 74 69 6f 6e 60 60 20 65 6e 63 72 79 70 74 69 6f	IKEv2);.``encryption``.encryptio
85980	6e 20 61 6c 67 6f 72 69 74 68 6d 20 28 64 65 66 61 75 6c 74 20 31 32 38 20 62 69 74 20 41 45 53	n.algorithm.(default.128.bit.AES
859a0	2d 43 42 43 29 3b 00 60 60 65 6e 63 72 79 70 74 69 6f 6e 60 60 20 65 6e 63 72 79 70 74 69 6f 6e	-CBC);.``encryption``.encryption
859c0	20 61 6c 67 6f 72 69 74 68 6d 3b 00 60 60 65 6e 64 60 60 20 4d 61 74 63 68 65 73 20 74 68 65 20	.algorithm;.``end``.Matches.the.
859e0	65 6e 64 20 6f 66 20 74 68 65 20 55 52 4c 20 70 61 74 68 2e 00 60 60 65 73 70 2d 67 72 6f 75 70	end.of.the.URL.path..``esp-group
85a00	60 60 20 2d 20 64 65 66 69 6e 65 20 45 53 50 20 67 72 6f 75 70 20 66 6f 72 20 65 6e 63 72 79 70	``.-.define.ESP.group.for.encryp
85a20	74 20 74 72 61 66 66 69 63 2c 20 64 65 66 69 6e 65 64 20 62 79 20 74 68 69 73 20 74 75 6e 6e 65	t.traffic,.defined.by.this.tunne
85a40	6c 3b 00 60 60 65 73 70 2d 67 72 6f 75 70 60 60 20 2d 20 64 65 66 69 6e 65 20 45 53 50 20 67 72	l;.``esp-group``.-.define.ESP.gr
85a60	6f 75 70 20 66 6f 72 20 65 6e 63 72 79 70 74 20 74 72 61 66 66 69 63 2c 20 70 61 73 73 65 64 20	oup.for.encrypt.traffic,.passed.
85a80	74 68 69 73 20 56 54 49 20 69 6e 74 65 72 66 61 63 65 2e 00 60 60 65 78 61 63 74 60 60 20 52 65	this.VTI.interface..``exact``.Re
85aa0	71 75 69 72 65 73 20 61 6e 20 65 78 61 63 74 6c 79 20 6d 61 74 63 68 20 6f 66 20 74 68 65 20 55	quires.an.exactly.match.of.the.U
85ac0	52 4c 20 70 61 74 68 00 60 60 66 64 70 60 60 20 2d 20 4c 69 73 74 65 6e 20 66 6f 72 20 46 44 50	RL.path.``fdp``.-.Listen.for.FDP
85ae0	20 66 6f 72 20 46 6f 75 6e 64 72 79 20 72 6f 75 74 65 72 73 2f 73 77 69 74 63 68 65 73 00 60 60	.for.Foundry.routers/switches.``
85b00	66 69 6c 65 60 60 20 2d 20 70 61 74 68 20 74 6f 20 74 68 65 20 6b 65 79 20 66 69 6c 65 3b 00 60	file``.-.path.to.the.key.file;.`
85b20	60 66 6c 65 78 76 70 6e 60 60 20 41 6c 6c 6f 77 20 46 6c 65 78 56 50 4e 20 76 65 6e 64 6f 72 20	`flexvpn``.Allow.FlexVPN.vendor.
85b40	49 44 20 70 61 79 6c 6f 61 64 20 28 49 4b 45 76 32 20 6f 6e 6c 79 29 2e 20 53 65 6e 64 20 74 68	ID.payload.(IKEv2.only)..Send.th
85b60	65 20 43 69 73 63 6f 20 46 6c 65 78 56 50 4e 20 76 65 6e 64 6f 72 20 49 44 20 70 61 79 6c 6f 61	e.Cisco.FlexVPN.vendor.ID.payloa
85b80	64 20 28 49 4b 45 76 32 20 6f 6e 6c 79 29 2c 20 77 68 69 63 68 20 69 73 20 72 65 71 75 69 72 65	d.(IKEv2.only),.which.is.require
85ba0	64 20 69 6e 20 6f 72 64 65 72 20 74 6f 20 6d 61 6b 65 20 43 69 73 63 6f 20 62 72 61 6e 64 20 64	d.in.order.to.make.Cisco.brand.d
85bc0	65 76 69 63 65 73 20 61 6c 6c 6f 77 20 6e 65 67 6f 74 69 61 74 69 6e 67 20 61 20 6c 6f 63 61 6c	evices.allow.negotiating.a.local
85be0	20 74 72 61 66 66 69 63 20 73 65 6c 65 63 74 6f 72 20 28 66 72 6f 6d 20 73 74 72 6f 6e 67 53 77	.traffic.selector.(from.strongSw
85c00	61 6e 27 73 20 70 6f 69 6e 74 20 6f 66 20 76 69 65 77 29 20 74 68 61 74 20 69 73 20 6e 6f 74 20	an's.point.of.view).that.is.not.
85c20	74 68 65 20 61 73 73 69 67 6e 65 64 20 76 69 72 74 75 61 6c 20 49 50 20 61 64 64 72 65 73 73 20	the.assigned.virtual.IP.address.
85c40	69 66 20 73 75 63 68 20 61 6e 20 61 64 64 72 65 73 73 20 69 73 20 72 65 71 75 65 73 74 65 64 20	if.such.an.address.is.requested.
85c60	62 79 20 73 74 72 6f 6e 67 53 77 61 6e 2e 20 53 65 6e 64 69 6e 67 20 74 68 65 20 43 69 73 63 6f	by.strongSwan..Sending.the.Cisco
85c80	20 46 6c 65 78 56 50 4e 20 76 65 6e 64 6f 72 20 49 44 20 70 72 65 76 65 6e 74 73 20 74 68 65 20	.FlexVPN.vendor.ID.prevents.the.
85ca0	70 65 65 72 20 66 72 6f 6d 20 6e 61 72 72 6f 77 69 6e 67 20 74 68 65 20 69 6e 69 74 69 61 74 6f	peer.from.narrowing.the.initiato
85cc0	72 27 73 20 6c 6f 63 61 6c 20 74 72 61 66 66 69 63 20 73 65 6c 65 63 74 6f 72 20 61 6e 64 20 61	r's.local.traffic.selector.and.a
85ce0	6c 6c 6f 77 73 20 69 74 20 74 6f 20 65 2e 67 2e 20 6e 65 67 6f 74 69 61 74 65 20 61 20 54 53 20	llows.it.to.e.g..negotiate.a.TS.
85d00	6f 66 20 30 2e 30 2e 30 2e 30 2f 30 20 3d 3d 20 30 2e 30 2e 30 2e 30 2f 30 20 69 6e 73 74 65 61	of.0.0.0.0/0.==.0.0.0.0/0.instea
85d20	64 2e 20 54 68 69 73 20 68 61 73 20 62 65 65 6e 20 74 65 73 74 65 64 20 77 69 74 68 20 61 20 22	d..This.has.been.tested.with.a."
85d40	74 75 6e 6e 65 6c 20 6d 6f 64 65 20 69 70 73 65 63 20 69 70 76 34 22 20 43 69 73 63 6f 20 74 65	tunnel.mode.ipsec.ipv4".Cisco.te
85d60	6d 70 6c 61 74 65 20 62 75 74 20 73 68 6f 75 6c 64 20 61 6c 73 6f 20 77 6f 72 6b 20 66 6f 72 20	mplate.but.should.also.work.for.
85d80	47 52 45 20 65 6e 63 61 70 73 75 6c 61 74 69 6f 6e 3b 00 60 60 66 6f 72 63 65 2d 75 64 70 2d 65	GRE.encapsulation;.``force-udp-e
85da0	6e 63 61 70 73 75 6c 61 74 69 6f 6e 60 60 20 2d 20 66 6f 72 63 65 20 65 6e 63 61 70 73 75 6c 61	ncapsulation``.-.force.encapsula
85dc0	74 69 6f 6e 20 6f 66 20 45 53 50 20 69 6e 74 6f 20 55 44 50 20 64 61 74 61 67 72 61 6d 73 2e 20	tion.of.ESP.into.UDP.datagrams..
85de0	55 73 65 66 75 6c 20 69 6e 20 63 61 73 65 20 69 66 20 62 65 74 77 65 65 6e 20 6c 6f 63 61 6c 20	Useful.in.case.if.between.local.
85e00	61 6e 64 20 72 65 6d 6f 74 65 20 73 69 64 65 20 69 73 20 66 69 72 65 77 61 6c 6c 20 6f 72 20 4e	and.remote.side.is.firewall.or.N
85e20	41 54 2c 20 77 68 69 63 68 20 6e 6f 74 20 61 6c 6c 6f 77 73 20 70 61 73 73 69 6e 67 20 70 6c 61	AT,.which.not.allows.passing.pla
85e40	69 6e 20 45 53 50 20 70 61 63 6b 65 74 73 20 62 65 74 77 65 65 6e 20 74 68 65 6d 3b 00 60 60 67	in.ESP.packets.between.them;.``g
85e60	60 60 20 2d 20 38 30 32 2e 31 31 67 20 2d 20 35 34 20 4d 62 69 74 73 2f 73 65 63 20 28 64 65 66	``.-.802.11g.-.54.Mbits/sec.(def
85e80	61 75 6c 74 29 00 60 60 67 72 61 63 65 66 75 6c 2d 73 68 75 74 64 6f 77 6e 60 60 20 2d 20 20 20	ault).``graceful-shutdown``.-...
85ea0	20 20 20 20 20 20 20 20 20 57 65 6c 6c 2d 6b 6e 6f 77 6e 20 63 6f 6d 6d 75 6e 69 74 69 65 73 20	.........Well-known.communities.
85ec0	76 61 6c 75 65 20 47 52 41 43 45 46 55 4c 5f 53 48 55 54 44 4f 57 4e 20 30 78 46 46 46 46 30 30	value.GRACEFUL_SHUTDOWN.0xFFFF00
85ee0	30 30 00 60 60 68 60 60 20 2d 20 45 78 65 63 75 74 69 6f 6e 20 69 6e 74 65 72 76 61 6c 20 69 6e	00.``h``.-.Execution.interval.in
85f00	20 68 6f 75 72 73 00 60 60 68 61 73 68 60 60 20 68 61 73 68 20 61 6c 67 6f 72 69 74 68 6d 20 28	.hours.``hash``.hash.algorithm.(
85f20	64 65 66 61 75 6c 74 20 73 68 61 31 29 2e 00 60 60 68 61 73 68 60 60 20 68 61 73 68 20 61 6c 67	default.sha1)..``hash``.hash.alg
85f40	6f 72 69 74 68 6d 2e 00 60 60 68 6f 6c 64 60 60 20 73 65 74 20 61 63 74 69 6f 6e 20 74 6f 20 68	orithm..``hold``.set.action.to.h
85f60	6f 6c 64 20 28 64 65 66 61 75 6c 74 29 00 60 60 68 6f 6c 64 60 60 20 73 65 74 20 61 63 74 69 6f	old.(default).``hold``.set.actio
85f80	6e 20 74 6f 20 68 6f 6c 64 3b 00 60 60 68 74 34 30 2b 60 60 20 2d 20 42 6f 74 68 20 32 30 20 4d	n.to.hold;.``ht40+``.-.Both.20.M
85fa0	48 7a 20 61 6e 64 20 34 30 20 4d 48 7a 20 77 69 74 68 20 73 65 63 6f 6e 64 61 72 79 20 63 68 61	Hz.and.40.MHz.with.secondary.cha
85fc0	6e 6e 65 6c 20 61 62 6f 76 65 20 74 68 65 20 70 72 69 6d 61 72 79 20 63 68 61 6e 6e 65 6c 00 60	nnel.above.the.primary.channel.`
85fe0	60 68 74 34 30 2d 60 60 20 2d 20 42 6f 74 68 20 32 30 20 4d 48 7a 20 61 6e 64 20 34 30 20 4d 48	`ht40-``.-.Both.20.MHz.and.40.MH
86000	7a 20 77 69 74 68 20 73 65 63 6f 6e 64 61 72 79 20 63 68 61 6e 6e 65 6c 20 62 65 6c 6f 77 20 74	z.with.secondary.channel.below.t
86020	68 65 20 70 72 69 6d 61 72 79 20 63 68 61 6e 6e 65 6c 00 60 60 68 76 63 30 60 60 20 2d 20 58 65	he.primary.channel.``hvc0``.-.Xe
86040	6e 20 63 6f 6e 73 6f 6c 65 00 60 60 69 64 60 60 20 2d 20 73 74 61 74 69 63 20 49 44 27 73 20 66	n.console.``id``.-.static.ID's.f
86060	6f 72 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 2e 20 49 6e 20 67 65 6e 65 72 61 6c 20 6c 6f	or.authentication..In.general.lo
86080	63 61 6c 20 61 6e 64 20 72 65 6d 6f 74 65 20 61 64 64 72 65 73 73 20 60 60 3c 78 2e 78 2e 78 2e	cal.and.remote.address.``<x.x.x.
860a0	78 3e 60 60 2c 20 60 60 3c 68 3a 68 3a 68 3a 68 3a 68 3a 68 3a 68 3a 68 3e 60 60 20 6f 72 20 60	x>``,.``<h:h:h:h:h:h:h:h>``.or.`
860c0	60 25 61 6e 79 60 60 3b 00 60 60 69 6b 65 2d 67 72 6f 75 70 60 60 20 2d 20 49 4b 45 20 67 72 6f	`%any``;.``ike-group``.-.IKE.gro
860e0	75 70 20 74 6f 20 75 73 65 20 66 6f 72 20 6b 65 79 20 65 78 63 68 61 6e 67 65 73 3b 00 60 60 69	up.to.use.for.key.exchanges;.``i
86100	6b 65 76 31 60 60 20 75 73 65 20 49 4b 45 76 31 20 66 6f 72 20 4b 65 79 20 45 78 63 68 61 6e 67	kev1``.use.IKEv1.for.Key.Exchang
86120	65 3b 00 60 60 69 6b 65 76 32 2d 72 65 61 75 74 68 60 60 20 2d 20 72 65 61 75 74 68 65 6e 74 69	e;.``ikev2-reauth``.-.reauthenti
86140	63 61 74 65 20 72 65 6d 6f 74 65 20 70 65 65 72 20 64 75 72 69 6e 67 20 74 68 65 20 72 65 6b 65	cate.remote.peer.during.the.reke
86160	79 69 6e 67 20 70 72 6f 63 65 73 73 2e 20 43 61 6e 20 62 65 20 75 73 65 64 20 6f 6e 6c 79 20 77	ying.process..Can.be.used.only.w
86180	69 74 68 20 49 4b 45 76 32 2e 20 43 72 65 61 74 65 20 61 20 6e 65 77 20 49 4b 45 5f 53 41 20 66	ith.IKEv2..Create.a.new.IKE_SA.f
861a0	72 6f 6d 20 74 68 65 20 73 63 72 61 74 63 68 20 61 6e 64 20 74 72 79 20 74 6f 20 72 65 63 72 65	rom.the.scratch.and.try.to.recre
861c0	61 74 65 20 61 6c 6c 20 49 50 73 65 63 20 53 41 73 3b 00 60 60 69 6b 65 76 32 2d 72 65 61 75 74	ate.all.IPsec.SAs;.``ikev2-reaut
861e0	68 60 60 20 77 68 65 74 68 65 72 20 72 65 6b 65 79 69 6e 67 20 6f 66 20 61 6e 20 49 4b 45 5f 53	h``.whether.rekeying.of.an.IKE_S
86200	41 20 73 68 6f 75 6c 64 20 61 6c 73 6f 20 72 65 61 75 74 68 65 6e 74 69 63 61 74 65 20 74 68 65	A.should.also.reauthenticate.the
86220	20 70 65 65 72 2e 20 49 6e 20 49 4b 45 76 31 2c 20 72 65 61 75 74 68 65 6e 74 69 63 61 74 69 6f	.peer..In.IKEv1,.reauthenticatio
86240	6e 20 69 73 20 61 6c 77 61 79 73 20 64 6f 6e 65 2e 20 53 65 74 74 69 6e 67 20 74 68 69 73 20 70	n.is.always.done..Setting.this.p
86260	61 72 61 6d 65 74 65 72 20 65 6e 61 62 6c 65 73 20 72 65 6d 6f 74 65 20 68 6f 73 74 20 72 65 2d	arameter.enables.remote.host.re-
86280	61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 64 75 72 69 6e 67 20 61 6e 20 49 4b 45 20 72 65 6b	authentication.during.an.IKE.rek
862a0	65 79 2e 00 60 60 69 6b 65 76 32 2d 72 65 61 75 74 68 60 60 20 77 68 65 74 68 65 72 20 72 65 6b	ey..``ikev2-reauth``.whether.rek
862c0	65 79 69 6e 67 20 6f 66 20 61 6e 20 49 4b 45 5f 53 41 20 73 68 6f 75 6c 64 20 61 6c 73 6f 20 72	eying.of.an.IKE_SA.should.also.r
862e0	65 61 75 74 68 65 6e 74 69 63 61 74 65 20 74 68 65 20 70 65 65 72 2e 20 49 6e 20 49 4b 45 76 31	eauthenticate.the.peer..In.IKEv1
86300	2c 20 72 65 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 69 73 20 61 6c 77 61 79 73 20 64 6f 6e	,.reauthentication.is.always.don
86320	65 3a 00 60 60 69 6b 65 76 32 60 60 20 75 73 65 20 49 4b 45 76 32 20 66 6f 72 20 4b 65 79 20 45	e:.``ikev2``.use.IKEv2.for.Key.E
86340	78 63 68 61 6e 67 65 3b 00 60 60 69 6e 60 60 3a 20 52 75 6c 65 73 65 74 20 66 6f 72 20 66 6f 72	xchange;.``in``:.Ruleset.for.for
86360	77 61 72 64 65 64 20 70 61 63 6b 65 74 73 20 6f 6e 20 61 6e 20 69 6e 62 6f 75 6e 64 20 69 6e 74	warded.packets.on.an.inbound.int
86380	65 72 66 61 63 65 00 60 60 69 6e 69 74 69 61 74 65 60 60 20 2d 20 64 6f 65 73 20 69 6e 69 74 69	erface.``initiate``.-.does.initi
863a0	61 6c 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 74 6f 20 72 65 6d 6f 74 65 20 70 65 65 72 20 69 6d 6d	al.connection.to.remote.peer.imm
863c0	65 64 69 61 74 65 6c 79 20 61 66 74 65 72 20 63 6f 6e 66 69 67 75 72 69 6e 67 20 61 6e 64 20 61	ediately.after.configuring.and.a
863e0	66 74 65 72 20 62 6f 6f 74 2e 20 49 6e 20 74 68 69 73 20 6d 6f 64 65 20 74 68 65 20 63 6f 6e 6e	fter.boot..In.this.mode.the.conn
86400	65 63 74 69 6f 6e 20 77 69 6c 6c 20 6e 6f 74 20 62 65 20 72 65 73 74 61 72 74 65 64 20 69 6e 20	ection.will.not.be.restarted.in.
86420	63 61 73 65 20 6f 66 20 64 69 73 63 6f 6e 6e 65 63 74 69 6f 6e 2c 20 74 68 65 72 65 66 6f 72 65	case.of.disconnection,.therefore
86440	20 73 68 6f 75 6c 64 20 62 65 20 75 73 65 64 20 6f 6e 6c 79 20 74 6f 67 65 74 68 65 72 20 77 69	.should.be.used.only.together.wi
86460	74 68 20 44 50 44 20 6f 72 20 61 6e 6f 74 68 65 72 20 73 65 73 73 69 6f 6e 20 74 72 61 63 6b 69	th.DPD.or.another.session.tracki
86480	6e 67 20 6d 65 74 68 6f 64 73 3b 00 60 60 69 6e 74 65 72 66 61 63 65 60 60 20 49 6e 74 65 72 66	ng.methods;.``interface``.Interf
864a0	61 63 65 20 4e 61 6d 65 20 74 6f 20 75 73 65 2e 20 54 68 65 20 6e 61 6d 65 20 6f 66 20 74 68 65	ace.Name.to.use..The.name.of.the
864c0	20 69 6e 74 65 72 66 61 63 65 20 6f 6e 20 77 68 69 63 68 20 76 69 72 74 75 61 6c 20 49 50 20 61	.interface.on.which.virtual.IP.a
864e0	64 64 72 65 73 73 65 73 20 73 68 6f 75 6c 64 20 62 65 20 69 6e 73 74 61 6c 6c 65 64 2e 20 49 66	ddresses.should.be.installed..If
86500	20 6e 6f 74 20 73 70 65 63 69 66 69 65 64 20 74 68 65 20 61 64 64 72 65 73 73 65 73 20 77 69 6c	.not.specified.the.addresses.wil
86520	6c 20 62 65 20 69 6e 73 74 61 6c 6c 65 64 20 6f 6e 20 74 68 65 20 6f 75 74 62 6f 75 6e 64 20 69	l.be.installed.on.the.outbound.i
86540	6e 74 65 72 66 61 63 65 3b 00 60 60 69 6e 74 65 72 66 61 63 65 60 60 20 69 73 20 75 73 65 64 20	nterface;.``interface``.is.used.
86560	66 6f 72 20 74 68 65 20 56 79 4f 53 20 43 4c 49 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 69 64 65 6e	for.the.VyOS.CLI.command.to.iden
86580	74 69 66 79 20 74 68 65 20 57 69 72 65 47 75 61 72 64 20 69 6e 74 65 72 66 61 63 65 20 77 68 65	tify.the.WireGuard.interface.whe
865a0	72 65 20 74 68 69 73 20 70 72 69 76 61 74 65 20 6b 65 79 20 69 73 20 74 6f 20 62 65 20 75 73 65	re.this.private.key.is.to.be.use
865c0	64 2e 00 60 60 69 6e 74 65 72 6e 65 74 60 60 20 2d 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20	d..``internet``.-...............
865e0	20 20 20 20 20 20 57 65 6c 6c 2d 6b 6e 6f 77 6e 20 63 6f 6d 6d 75 6e 69 74 69 65 73 20 76 61 6c	......Well-known.communities.val
86600	75 65 20 30 00 60 60 69 6e 74 65 72 76 61 6c 60 60 20 6b 65 65 70 2d 61 6c 69 76 65 20 69 6e 74	ue.0.``interval``.keep-alive.int
86620	65 72 76 61 6c 20 69 6e 20 73 65 63 6f 6e 64 73 20 3c 32 2d 38 36 34 30 30 3e 20 28 64 65 66 61	erval.in.seconds.<2-86400>.(defa
86640	75 6c 74 20 33 30 29 3b 00 60 60 69 73 69 73 60 60 20 2d 20 49 6e 74 65 72 6d 65 64 69 61 74 65	ult.30);.``isis``.-.Intermediate
86660	20 53 79 73 74 65 6d 20 74 6f 20 49 6e 74 65 72 6d 65 64 69 61 74 65 20 53 79 73 74 65 6d 20 28	.System.to.Intermediate.System.(
86680	49 53 2d 49 53 29 00 60 60 6a 75 6d 70 60 60 3a 20 6a 75 6d 70 20 74 6f 20 61 6e 6f 74 68 65 72	IS-IS).``jump``:.jump.to.another
866a0	20 63 75 73 74 6f 6d 20 63 68 61 69 6e 2e 00 60 60 6b 65 72 6e 65 6c 60 60 20 2d 20 4b 65 72 6e	.custom.chain..``kernel``.-.Kern
866c0	65 6c 20 72 6f 75 74 65 73 00 60 60 6b 65 79 2d 65 78 63 68 61 6e 67 65 60 60 20 77 68 69 63 68	el.routes.``key-exchange``.which
866e0	20 70 72 6f 74 6f 63 6f 6c 20 73 68 6f 75 6c 64 20 62 65 20 75 73 65 64 20 74 6f 20 69 6e 69 74	.protocol.should.be.used.to.init
86700	69 61 6c 69 7a 65 20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 49 66 20 6e 6f 74 20 73 65 74	ialize.the.connection.If.not.set
86720	20 62 6f 74 68 20 70 72 6f 74 6f 63 6f 6c 73 20 61 72 65 20 68 61 6e 64 6c 65 64 20 61 6e 64 20	.both.protocols.are.handled.and.
86740	63 6f 6e 6e 65 63 74 69 6f 6e 73 20 77 69 6c 6c 20 75 73 65 20 49 4b 45 76 32 20 77 68 65 6e 20	connections.will.use.IKEv2.when.
86760	69 6e 69 74 69 61 74 69 6e 67 2c 20 62 75 74 20 61 63 63 65 70 74 20 61 6e 79 20 70 72 6f 74 6f	initiating,.but.accept.any.proto
86780	63 6f 6c 20 76 65 72 73 69 6f 6e 20 77 68 65 6e 20 72 65 73 70 6f 6e 64 69 6e 67 3a 00 60 60 6b	col.version.when.responding:.``k
867a0	65 79 60 60 20 2d 20 61 20 70 72 69 76 61 74 65 20 6b 65 79 2c 20 77 68 69 63 68 20 77 69 6c 6c	ey``.-.a.private.key,.which.will
867c0	20 62 65 20 75 73 65 64 20 66 6f 72 20 61 75 74 68 65 6e 74 69 63 61 74 69 6e 67 20 6c 6f 63 61	.be.used.for.authenticating.loca
867e0	6c 20 72 6f 75 74 65 72 20 6f 6e 20 72 65 6d 6f 74 65 20 70 65 65 72 3a 00 60 60 6c 61 74 65 6e	l.router.on.remote.peer:.``laten
86800	63 79 60 60 3a 20 41 20 73 65 72 76 65 72 20 70 72 6f 66 69 6c 65 20 66 6f 63 75 73 65 64 20 6f	cy``:.A.server.profile.focused.o
86820	6e 20 6c 6f 77 65 72 69 6e 67 20 6e 65 74 77 6f 72 6b 20 6c 61 74 65 6e 63 79 2e 20 54 68 69 73	n.lowering.network.latency..This
86840	20 70 72 6f 66 69 6c 65 20 66 61 76 6f 72 73 20 70 65 72 66 6f 72 6d 61 6e 63 65 20 6f 76 65 72	.profile.favors.performance.over
86860	20 70 6f 77 65 72 20 73 61 76 69 6e 67 73 20 62 79 20 73 65 74 74 69 6e 67 20 60 60 69 6e 74 65	.power.savings.by.setting.``inte
86880	6c 5f 70 73 74 61 74 65 60 60 20 61 6e 64 20 60 60 6d 69 6e 5f 70 65 72 66 5f 70 63 74 3d 31 30	l_pstate``.and.``min_perf_pct=10
868a0	30 60 60 2e 00 60 60 6c 65 61 73 74 2d 63 6f 6e 6e 65 63 74 69 6f 6e 60 60 20 44 69 73 74 72 69	0``..``least-connection``.Distri
868c0	62 75 74 65 73 20 72 65 71 75 65 73 74 73 20 74 70 20 74 6a 65 20 73 65 72 76 65 72 20 77 6f 74	butes.requests.tp.tje.server.wot
868e0	6a 20 74 68 65 20 66 65 77 65 73 74 20 61 63 74 69 76 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 00	j.the.fewest.active.connections.
86900	60 60 6c 69 66 65 2d 62 79 74 65 73 60 60 20 45 53 50 20 6c 69 66 65 20 69 6e 20 62 79 74 65 73	``life-bytes``.ESP.life.in.bytes
86920	20 3c 31 30 32 34 2d 32 36 38 34 33 35 34 35 36 30 30 30 30 30 3e 2e 20 4e 75 6d 62 65 72 20 6f	.<1024-26843545600000>..Number.o
86940	66 20 62 79 74 65 73 20 74 72 61 6e 73 6d 69 74 74 65 64 20 6f 76 65 72 20 61 6e 20 49 50 73 65	f.bytes.transmitted.over.an.IPse
86960	63 20 53 41 20 62 65 66 6f 72 65 20 69 74 20 65 78 70 69 72 65 73 3b 00 60 60 6c 69 66 65 2d 70	c.SA.before.it.expires;.``life-p
86980	61 63 6b 65 74 73 60 60 20 45 53 50 20 6c 69 66 65 20 69 6e 20 70 61 63 6b 65 74 73 20 3c 31 30	ackets``.ESP.life.in.packets.<10
869a0	30 30 2d 32 36 38 34 33 35 34 35 36 30 30 30 30 30 3e 2e 20 4e 75 6d 62 65 72 20 6f 66 20 70 61	00-26843545600000>..Number.of.pa
869c0	63 6b 65 74 73 20 74 72 61 6e 73 6d 69 74 74 65 64 20 6f 76 65 72 20 61 6e 20 49 50 73 65 63 20	ckets.transmitted.over.an.IPsec.
869e0	53 41 20 62 65 66 6f 72 65 20 69 74 20 65 78 70 69 72 65 73 3b 00 60 60 6c 69 66 65 74 69 6d 65	SA.before.it.expires;.``lifetime
86a00	60 60 20 45 53 50 20 6c 69 66 65 74 69 6d 65 20 69 6e 20 73 65 63 6f 6e 64 73 20 3c 33 30 2d 38	``.ESP.lifetime.in.seconds.<30-8
86a20	36 34 30 30 3e 20 28 64 65 66 61 75 6c 74 20 33 36 30 30 29 2e 20 48 6f 77 20 6c 6f 6e 67 20 61	6400>.(default.3600)..How.long.a
86a40	20 70 61 72 74 69 63 75 6c 61 72 20 69 6e 73 74 61 6e 63 65 20 6f 66 20 61 20 63 6f 6e 6e 65 63	.particular.instance.of.a.connec
86a60	74 69 6f 6e 20 28 61 20 73 65 74 20 6f 66 20 65 6e 63 72 79 70 74 69 6f 6e 2f 61 75 74 68 65 6e	tion.(a.set.of.encryption/authen
86a80	74 69 63 61 74 69 6f 6e 20 6b 65 79 73 20 66 6f 72 20 75 73 65 72 20 70 61 63 6b 65 74 73 29 20	tication.keys.for.user.packets).
86aa0	73 68 6f 75 6c 64 20 6c 61 73 74 2c 20 66 72 6f 6d 20 73 75 63 63 65 73 73 66 75 6c 20 6e 65 67	should.last,.from.successful.neg
86ac0	6f 74 69 61 74 69 6f 6e 20 74 6f 20 65 78 70 69 72 79 3b 00 60 60 6c 69 66 65 74 69 6d 65 60 60	otiation.to.expiry;.``lifetime``
86ae0	20 49 4b 45 20 6c 69 66 65 74 69 6d 65 20 69 6e 20 73 65 63 6f 6e 64 73 20 3c 30 2d 38 36 34 30	.IKE.lifetime.in.seconds.<0-8640
86b00	30 3e 20 28 64 65 66 61 75 6c 74 20 32 38 38 30 30 29 3b 00 60 60 6c 69 66 65 74 69 6d 65 60 60	0>.(default.28800);.``lifetime``
86b20	20 49 4b 45 20 6c 69 66 65 74 69 6d 65 20 69 6e 20 73 65 63 6f 6e 64 73 20 3c 33 30 2d 38 36 34	.IKE.lifetime.in.seconds.<30-864
86b40	30 30 3e 20 28 64 65 66 61 75 6c 74 20 32 38 38 30 30 29 3b 00 60 60 6c 6c 67 72 2d 73 74 61 6c	00>.(default.28800);.``llgr-stal
86b60	65 60 60 20 2d 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 57 65 6c 6c 2d 6b 6e 6f	e``.-...................Well-kno
86b80	77 6e 20 63 6f 6d 6d 75 6e 69 74 69 65 73 20 76 61 6c 75 65 20 4c 4c 47 52 5f 53 54 41 4c 45 20	wn.communities.value.LLGR_STALE.
86ba0	30 78 46 46 46 46 30 30 30 36 00 60 60 6c 6f 63 61 6c 2d 61 64 64 72 65 73 73 60 60 20 2d 20 6c	0xFFFF0006.``local-address``.-.l
86bc0	6f 63 61 6c 20 49 50 20 61 64 64 72 65 73 73 20 66 6f 72 20 49 50 53 65 63 20 63 6f 6e 6e 65 63	ocal.IP.address.for.IPSec.connec
86be0	74 69 6f 6e 20 77 69 74 68 20 74 68 69 73 20 70 65 65 72 2e 20 49 66 20 64 65 66 69 6e 65 64 20	tion.with.this.peer..If.defined.
86c00	60 60 61 6e 79 60 60 2c 20 74 68 65 6e 20 61 6e 20 49 50 20 61 64 64 72 65 73 73 20 77 68 69 63	``any``,.then.an.IP.address.whic
86c20	68 20 63 6f 6e 66 69 67 75 72 65 64 20 6f 6e 20 69 6e 74 65 72 66 61 63 65 20 77 69 74 68 20 64	h.configured.on.interface.with.d
86c40	65 66 61 75 6c 74 20 72 6f 75 74 65 20 77 69 6c 6c 20 62 65 20 75 73 65 64 3b 00 60 60 6c 6f 63	efault.route.will.be.used;.``loc
86c60	61 6c 2d 61 73 60 60 20 2d 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 57 65	al-as``.-.....................We
86c80	6c 6c 2d 6b 6e 6f 77 6e 20 63 6f 6d 6d 75 6e 69 74 69 65 73 20 76 61 6c 75 65 20 4e 4f 5f 45 58	ll-known.communities.value.NO_EX
86ca0	50 4f 52 54 5f 53 55 42 43 4f 4e 46 45 44 20 30 78 46 46 46 46 46 46 30 33 00 60 60 6c 6f 63 61	PORT_SUBCONFED.0xFFFFFF03.``loca
86cc0	6c 2d 69 64 60 60 20 2d 20 49 44 20 66 6f 72 20 74 68 65 20 6c 6f 63 61 6c 20 56 79 4f 53 20 72	l-id``.-.ID.for.the.local.VyOS.r
86ce0	6f 75 74 65 72 2e 20 49 66 20 64 65 66 69 6e 65 64 2c 20 64 75 72 69 6e 67 20 74 68 65 20 61 75	outer..If.defined,.during.the.au
86d00	74 68 65 6e 74 69 63 61 74 69 6f 6e 20 69 74 20 77 69 6c 6c 20 62 65 20 73 65 6e 64 20 74 6f 20	thentication.it.will.be.send.to.
86d20	72 65 6d 6f 74 65 20 70 65 65 72 3b 00 60 60 6c 6f 63 61 6c 60 60 20 2d 20 64 65 66 69 6e 65 20	remote.peer;.``local``.-.define.
86d40	61 20 6c 6f 63 61 6c 20 73 6f 75 72 63 65 20 66 6f 72 20 6d 61 74 63 68 20 74 72 61 66 66 69 63	a.local.source.for.match.traffic
86d60	2c 20 77 68 69 63 68 20 73 68 6f 75 6c 64 20 62 65 20 65 6e 63 72 79 70 74 65 64 20 61 6e 64 20	,.which.should.be.encrypted.and.
86d80	73 65 6e 64 20 74 6f 20 74 68 69 73 20 70 65 65 72 3a 00 60 60 6c 6f 63 61 6c 60 60 3a 20 52 75	send.to.this.peer:.``local``:.Ru
86da0	6c 65 73 65 74 20 66 6f 72 20 70 61 63 6b 65 74 73 20 64 65 73 74 69 6e 65 64 20 66 6f 72 20 74	leset.for.packets.destined.for.t
86dc0	68 69 73 20 72 6f 75 74 65 72 00 60 60 6d 60 60 20 2d 20 45 78 65 63 75 74 69 6f 6e 20 69 6e 74	his.router.``m``.-.Execution.int
86de0	65 72 76 61 6c 20 69 6e 20 6d 69 6e 75 74 65 73 00 60 60 6d 61 69 6e 60 60 20 52 6f 75 74 69 6e	erval.in.minutes.``main``.Routin
86e00	67 20 74 61 62 6c 65 20 75 73 65 64 20 62 79 20 56 79 4f 53 20 61 6e 64 20 6f 74 68 65 72 20 69	g.table.used.by.VyOS.and.other.i
86e20	6e 74 65 72 66 61 63 65 73 20 6e 6f 74 20 70 61 72 74 69 63 69 70 61 74 69 6e 67 20 69 6e 20 50	nterfaces.not.participating.in.P
86e40	42 52 00 60 60 6d 61 69 6e 60 60 20 75 73 65 20 4d 61 69 6e 20 6d 6f 64 65 20 66 6f 72 20 4b 65	BR.``main``.use.Main.mode.for.Ke
86e60	79 20 45 78 63 68 61 6e 67 65 73 20 69 6e 20 74 68 65 20 49 4b 45 76 31 20 50 72 6f 74 6f 63 6f	y.Exchanges.in.the.IKEv1.Protoco
86e80	6c 20 28 52 65 63 6f 6d 6d 65 6e 64 65 64 20 44 65 66 61 75 6c 74 29 3b 00 60 60 6d 65 73 73 61	l.(Recommended.Default);.``messa
86ea0	67 65 60 60 3a 20 46 75 6c 6c 20 6d 65 73 73 61 67 65 20 74 68 61 74 20 68 61 73 20 74 72 69 67	ge``:.Full.message.that.has.trig
86ec0	67 65 72 65 64 20 74 68 65 20 73 63 72 69 70 74 2e 00 60 60 6d 6f 62 69 6b 65 60 60 20 65 6e 61	gered.the.script..``mobike``.ena
86ee0	62 6c 65 20 4d 4f 42 49 4b 45 20 53 75 70 70 6f 72 74 2e 20 4d 4f 42 49 4b 45 20 69 73 20 6f 6e	ble.MOBIKE.Support..MOBIKE.is.on
86f00	6c 79 20 61 76 61 69 6c 61 62 6c 65 20 66 6f 72 20 49 4b 45 76 32 3a 00 60 60 6d 6f 64 65 60 60	ly.available.for.IKEv2:.``mode``
86f20	20 2d 20 6d 6f 64 65 20 66 6f 72 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 62 65 74 77 65	.-.mode.for.authentication.betwe
86f40	65 6e 20 56 79 4f 53 20 61 6e 64 20 72 65 6d 6f 74 65 20 70 65 65 72 3a 00 60 60 6d 6f 64 65 60	en.VyOS.and.remote.peer:.``mode`
86f60	60 20 49 4b 45 76 31 20 50 68 61 73 65 20 31 20 4d 6f 64 65 20 53 65 6c 65 63 74 69 6f 6e 3a 00	`.IKEv1.Phase.1.Mode.Selection:.
86f80	60 60 6d 6f 64 65 60 60 20 74 68 65 20 74 79 70 65 20 6f 66 20 74 68 65 20 63 6f 6e 6e 65 63 74	``mode``.the.type.of.the.connect
86fa0	69 6f 6e 3a 00 60 60 6d 6f 6e 69 74 6f 72 60 60 20 2d 20 50 61 73 73 69 76 65 6c 79 20 6d 6f 6e	ion:.``monitor``.-.Passively.mon
86fc0	69 74 6f 72 20 61 6c 6c 20 70 61 63 6b 65 74 73 20 6f 6e 20 74 68 65 20 66 72 65 71 75 65 6e 63	itor.all.packets.on.the.frequenc
86fe0	79 2f 63 68 61 6e 6e 65 6c 00 60 60 6d 75 6c 74 69 2d 75 73 65 72 2d 62 65 61 6d 66 6f 72 6d 65	y/channel.``multi-user-beamforme
87000	65 60 60 20 2d 20 53 75 70 70 6f 72 74 20 66 6f 72 20 6f 70 65 72 61 74 69 6f 6e 20 61 73 20 73	e``.-.Support.for.operation.as.s
87020	69 6e 67 6c 65 20 75 73 65 72 20 62 65 61 6d 66 6f 72 6d 65 72 00 60 60 6d 75 6c 74 69 2d 75 73	ingle.user.beamformer.``multi-us
87040	65 72 2d 62 65 61 6d 66 6f 72 6d 65 72 60 60 20 2d 20 53 75 70 70 6f 72 74 20 66 6f 72 20 6f 70	er-beamformer``.-.Support.for.op
87060	65 72 61 74 69 6f 6e 20 61 73 20 73 69 6e 67 6c 65 20 75 73 65 72 20 62 65 61 6d 66 6f 72 6d 65	eration.as.single.user.beamforme
87080	72 00 60 60 6e 60 60 20 2d 20 38 30 32 2e 31 31 6e 20 2d 20 36 30 30 20 4d 62 69 74 73 2f 73 65	r.``n``.-.802.11n.-.600.Mbits/se
870a0	63 00 60 60 6e 61 6d 65 60 60 20 69 73 20 75 73 65 64 20 66 6f 72 20 74 68 65 20 56 79 4f 53 20	c.``name``.is.used.for.the.VyOS.
870c0	43 4c 49 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 69 64 65 6e 74 69 66 79 20 74 68 69 73 20 6b 65 79	CLI.command.to.identify.this.key
870e0	2e 20 54 68 69 73 20 6b 65 79 20 60 60 6e 61 6d 65 60 60 20 69 73 20 74 68 65 6e 20 75 73 65 64	..This.key.``name``.is.then.used
87100	20 69 6e 20 74 68 65 20 43 4c 49 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 74 6f 20 72 65 66	.in.the.CLI.configuration.to.ref
87120	65 72 65 6e 63 65 20 74 68 65 20 6b 65 79 20 69 6e 73 74 61 6e 63 65 2e 00 60 60 6e 65 74 2e 69	erence.the.key.instance..``net.i
87140	70 76 34 2e 63 6f 6e 66 2e 61 6c 6c 2e 61 63 63 65 70 74 5f 72 65 64 69 72 65 63 74 73 60 60 00	pv4.conf.all.accept_redirects``.
87160	60 60 6e 65 74 2e 69 70 76 34 2e 63 6f 6e 66 2e 61 6c 6c 2e 61 63 63 65 70 74 5f 73 6f 75 72 63	``net.ipv4.conf.all.accept_sourc
87180	65 5f 72 6f 75 74 65 60 60 00 60 60 6e 65 74 2e 69 70 76 34 2e 63 6f 6e 66 2e 61 6c 6c 2e 6c 6f	e_route``.``net.ipv4.conf.all.lo
871a0	67 5f 6d 61 72 74 69 61 6e 73 60 60 00 60 60 6e 65 74 2e 69 70 76 34 2e 63 6f 6e 66 2e 61 6c 6c	g_martians``.``net.ipv4.conf.all
871c0	2e 72 70 5f 66 69 6c 74 65 72 60 60 00 60 60 6e 65 74 2e 69 70 76 34 2e 63 6f 6e 66 2e 61 6c 6c	.rp_filter``.``net.ipv4.conf.all
871e0	2e 73 65 6e 64 5f 72 65 64 69 72 65 63 74 73 60 60 00 60 60 6e 65 74 2e 69 70 76 34 2e 69 63 6d	.send_redirects``.``net.ipv4.icm
87200	70 5f 65 63 68 6f 5f 69 67 6e 6f 72 65 5f 62 72 6f 61 64 63 61 73 74 73 60 60 00 60 60 6e 65 74	p_echo_ignore_broadcasts``.``net
87220	2e 69 70 76 34 2e 74 63 70 5f 72 66 63 31 33 33 37 60 60 00 60 60 6e 65 74 2e 69 70 76 34 2e 74	.ipv4.tcp_rfc1337``.``net.ipv4.t
87240	63 70 5f 73 79 6e 63 6f 6f 6b 69 65 73 60 60 00 60 60 6e 65 74 2e 69 70 76 36 2e 63 6f 6e 66 2e	cp_syncookies``.``net.ipv6.conf.
87260	61 6c 6c 2e 61 63 63 65 70 74 5f 72 65 64 69 72 65 63 74 73 60 60 00 60 60 6e 65 74 2e 69 70 76	all.accept_redirects``.``net.ipv
87280	36 2e 63 6f 6e 66 2e 61 6c 6c 2e 61 63 63 65 70 74 5f 73 6f 75 72 63 65 5f 72 6f 75 74 65 60 60	6.conf.all.accept_source_route``
872a0	00 60 60 6e 6f 2d 61 64 76 65 72 74 69 73 65 60 60 20 2d 20 20 20 20 20 20 20 20 20 20 20 20 20	.``no-advertise``.-.............
872c0	20 20 20 20 57 65 6c 6c 2d 6b 6e 6f 77 6e 20 63 6f 6d 6d 75 6e 69 74 69 65 73 20 76 61 6c 75 65	....Well-known.communities.value
872e0	20 4e 4f 5f 41 44 56 45 52 54 49 53 45 20 30 78 46 46 46 46 46 46 30 32 00 60 60 6e 6f 2d 65 78	.NO_ADVERTISE.0xFFFFFF02.``no-ex
87300	70 6f 72 74 60 60 20 2d 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 57 65 6c 6c	port``.-....................Well
87320	2d 6b 6e 6f 77 6e 20 63 6f 6d 6d 75 6e 69 74 69 65 73 20 76 61 6c 75 65 20 4e 4f 5f 45 58 50 4f	-known.communities.value.NO_EXPO
87340	52 54 20 30 78 46 46 46 46 46 46 30 31 00 60 60 6e 6f 2d 6c 6c 67 72 60 60 20 2d 20 20 20 20 20	RT.0xFFFFFF01.``no-llgr``.-.....
87360	20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 57 65 6c 6c 2d 6b 6e 6f 77 6e 20 63 6f 6d 6d	.................Well-known.comm
87380	75 6e 69 74 69 65 73 20 76 61 6c 75 65 20 4e 4f 5f 4c 4c 47 52 20 30 78 46 46 46 46 30 30 30 37	unities.value.NO_LLGR.0xFFFF0007
873a0	00 60 60 6e 6f 2d 70 65 65 72 60 60 20 2d 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20	.``no-peer``.-..................
873c0	20 20 20 20 57 65 6c 6c 2d 6b 6e 6f 77 6e 20 63 6f 6d 6d 75 6e 69 74 69 65 73 20 76 61 6c 75 65	....Well-known.communities.value
873e0	20 4e 4f 50 45 45 52 20 30 78 46 46 46 46 46 46 30 34 00 60 60 6e 6f 60 60 20 64 69 73 61 62 6c	.NOPEER.0xFFFFFF04.``no``.disabl
87400	65 20 72 65 6d 6f 74 65 20 68 6f 73 74 20 72 65 2d 61 75 74 68 65 6e 74 69 63 61 74 6f 6e 20 64	e.remote.host.re-authenticaton.d
87420	75 72 69 6e 67 20 61 6e 20 49 4b 45 20 72 65 6b 65 79 3b 00 60 60 6e 6f 6e 65 60 60 20 2d 20 45	uring.an.IKE.rekey;.``none``.-.E
87440	78 65 63 75 74 69 6f 6e 20 69 6e 74 65 72 76 61 6c 20 69 6e 20 6d 69 6e 75 74 65 73 00 60 60 6e	xecution.interval.in.minutes.``n
87460	6f 6e 65 60 60 20 2d 20 6c 6f 61 64 73 20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 6f 6e 6c	one``.-.loads.the.connection.onl
87480	79 2c 20 77 68 69 63 68 20 74 68 65 6e 20 63 61 6e 20 62 65 20 6d 61 6e 75 61 6c 6c 79 20 69 6e	y,.which.then.can.be.manually.in
874a0	69 74 69 61 74 65 64 20 6f 72 20 75 73 65 64 20 61 73 20 61 20 72 65 73 70 6f 6e 64 65 72 20 63	itiated.or.used.as.a.responder.c
874c0	6f 6e 66 69 67 75 72 61 74 69 6f 6e 2e 00 60 60 6e 6f 6e 65 60 60 20 73 65 74 20 61 63 74 69 6f	onfiguration..``none``.set.actio
874e0	6e 20 74 6f 20 6e 6f 6e 65 20 28 64 65 66 61 75 6c 74 29 3b 00 60 60 6e 6f 73 65 6c 65 63 74 60	n.to.none.(default);.``noselect`
87500	60 20 6d 61 72 6b 73 20 74 68 65 20 73 65 72 76 65 72 20 61 73 20 75 6e 75 73 65 64 2c 20 65 78	`.marks.the.server.as.unused,.ex
87520	63 65 70 74 20 66 6f 72 20 64 69 73 70 6c 61 79 20 70 75 72 70 6f 73 65 73 2e 20 54 68 65 20 73	cept.for.display.purposes..The.s
87540	65 72 76 65 72 20 69 73 20 64 69 73 63 61 72 64 65 64 20 62 79 20 74 68 65 20 73 65 6c 65 63 74	erver.is.discarded.by.the.select
87560	69 6f 6e 20 61 6c 67 6f 72 69 74 68 6d 2e 00 60 60 6e 74 73 60 60 20 65 6e 61 62 6c 65 73 20 4e	ion.algorithm..``nts``.enables.N
87580	65 74 77 6f 72 6b 20 54 69 6d 65 20 53 65 63 75 72 69 74 79 20 28 4e 54 53 29 20 66 6f 72 20 74	etwork.Time.Security.(NTS).for.t
875a0	68 65 20 73 65 72 76 65 72 20 61 73 20 73 70 65 63 69 66 69 65 64 20 69 6e 20 3a 72 66 63 3a 60	he.server.as.specified.in.:rfc:`
875c0	38 39 31 35 60 00 60 60 6f 70 74 69 6f 6e 73 60 60 00 60 60 6f 73 70 66 60 60 20 2d 20 4f 70 65	8915`.``options``.``ospf``.-.Ope
875e0	6e 20 53 68 6f 72 74 65 73 74 20 50 61 74 68 20 46 69 72 73 74 20 28 4f 53 50 46 76 32 29 00 60	n.Shortest.Path.First.(OSPFv2).`
87600	60 6f 73 70 66 76 33 60 60 20 2d 20 4f 70 65 6e 20 53 68 6f 72 74 65 73 74 20 50 61 74 68 20 46	`ospfv3``.-.Open.Shortest.Path.F
87620	69 72 73 74 20 28 49 50 76 36 29 20 28 4f 53 50 46 76 33 29 00 60 60 6f 75 74 60 60 3a 20 52 75	irst.(IPv6).(OSPFv3).``out``:.Ru
87640	6c 65 73 65 74 20 66 6f 72 20 66 6f 72 77 61 72 64 65 64 20 70 61 63 6b 65 74 73 20 6f 6e 20 61	leset.for.forwarded.packets.on.a
87660	6e 20 6f 75 74 62 6f 75 6e 64 20 69 6e 74 65 72 66 61 63 65 00 60 60 70 61 73 73 77 6f 72 64 60	n.outbound.interface.``password`
87680	60 20 2d 20 70 61 73 73 70 68 72 61 73 65 20 70 72 69 76 61 74 65 20 6b 65 79 2c 20 69 66 20 6e	`.-.passphrase.private.key,.if.n
876a0	65 65 64 65 64 2e 00 60 60 70 65 65 72 60 60 20 69 73 20 75 73 65 64 20 66 6f 72 20 74 68 65 20	eeded..``peer``.is.used.for.the.
876c0	56 79 4f 53 20 43 4c 49 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 69 64 65 6e 74 69 66 79 20 74 68 65	VyOS.CLI.command.to.identify.the
876e0	20 57 69 72 65 47 75 61 72 64 20 70 65 65 72 20 77 68 65 72 65 20 74 68 69 73 20 73 65 63 72 65	.WireGuard.peer.where.this.secre
87700	64 20 69 73 20 74 6f 20 62 65 20 75 73 65 64 2e 00 60 60 70 65 72 69 6f 64 60 60 3a 20 54 69 6d	d.is.to.be.used..``period``:.Tim
87720	65 20 77 69 6e 64 6f 77 20 66 6f 72 20 72 61 74 65 20 63 61 6c 63 75 6c 61 74 69 6f 6e 2e 20 50	e.window.for.rate.calculation..P
87740	6f 73 73 69 62 6c 65 20 76 61 6c 75 65 73 3a 20 60 60 73 65 63 6f 6e 64 60 60 20 28 6f 6e 65 20	ossible.values:.``second``.(one.
87760	73 65 63 6f 6e 64 29 2c 20 60 60 6d 69 6e 75 74 65 60 60 20 28 6f 6e 65 20 6d 69 6e 75 74 65 29	second),.``minute``.(one.minute)
87780	2c 20 60 60 68 6f 75 72 60 60 20 28 6f 6e 65 20 68 6f 75 72 29 2e 20 44 65 66 61 75 6c 74 20 69	,.``hour``.(one.hour)..Default.i
877a0	73 20 60 60 73 65 63 6f 6e 64 60 60 2e 00 60 60 70 66 73 60 60 20 77 68 65 74 68 65 72 20 50 65	s.``second``..``pfs``.whether.Pe
877c0	72 66 65 63 74 20 46 6f 72 77 61 72 64 20 53 65 63 72 65 63 79 20 6f 66 20 6b 65 79 73 20 69 73	rfect.Forward.Secrecy.of.keys.is
877e0	20 64 65 73 69 72 65 64 20 6f 6e 20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 27 73 20 6b 65 79	.desired.on.the.connection's.key
87800	69 6e 67 20 63 68 61 6e 6e 65 6c 20 61 6e 64 20 64 65 66 69 6e 65 73 20 61 20 44 69 66 66 69 65	ing.channel.and.defines.a.Diffie
87820	2d 48 65 6c 6c 6d 61 6e 20 67 72 6f 75 70 20 66 6f 72 20 50 46 53 3a 00 60 60 70 6f 6f 6c 60 60	-Hellman.group.for.PFS:.``pool``
87840	20 6d 6f 62 69 6c 69 7a 65 73 20 70 65 72 73 69 73 74 65 6e 74 20 63 6c 69 65 6e 74 20 6d 6f 64	.mobilizes.persistent.client.mod
87860	65 20 61 73 73 6f 63 69 61 74 69 6f 6e 20 77 69 74 68 20 61 20 6e 75 6d 62 65 72 20 6f 66 20 72	e.association.with.a.number.of.r
87880	65 6d 6f 74 65 20 73 65 72 76 65 72 73 2e 00 60 60 70 6f 72 74 60 60 20 2d 20 64 65 66 69 6e 65	emote.servers..``port``.-.define
878a0	20 70 6f 72 74 2e 20 48 61 76 65 20 65 66 66 65 63 74 20 6f 6e 6c 79 20 77 68 65 6e 20 75 73 65	.port..Have.effect.only.when.use
878c0	64 20 74 6f 67 65 74 68 65 72 20 77 69 74 68 20 60 60 70 72 65 66 69 78 60 60 3b 00 60 60 70 72	d.together.with.``prefix``;.``pr
878e0	65 2d 73 68 61 72 65 64 2d 73 65 63 72 65 74 60 60 20 2d 20 75 73 65 20 70 72 65 64 65 66 69 6e	e-shared-secret``.-.use.predefin
87900	65 64 20 73 68 61 72 65 64 20 73 65 63 72 65 74 20 70 68 72 61 73 65 3b 00 60 60 70 72 65 66 65	ed.shared.secret.phrase;.``prefe
87920	72 60 60 20 6d 61 72 6b 73 20 74 68 65 20 73 65 72 76 65 72 20 61 73 20 70 72 65 66 65 72 72 65	r``.marks.the.server.as.preferre
87940	64 2e 20 41 6c 6c 20 6f 74 68 65 72 20 74 68 69 6e 67 73 20 62 65 69 6e 67 20 65 71 75 61 6c 2c	d..All.other.things.being.equal,
87960	20 74 68 69 73 20 68 6f 73 74 20 77 69 6c 6c 20 62 65 20 63 68 6f 73 65 6e 20 66 6f 72 20 73 79	.this.host.will.be.chosen.for.sy
87980	6e 63 68 72 6f 6e 69 7a 61 74 69 6f 6e 20 61 6d 6f 6e 67 20 61 20 73 65 74 20 6f 66 20 63 6f 72	nchronization.among.a.set.of.cor
879a0	72 65 63 74 6c 79 20 6f 70 65 72 61 74 69 6e 67 20 68 6f 73 74 73 2e 00 60 60 70 72 65 66 69 78	rectly.operating.hosts..``prefix
879c0	60 60 20 2d 20 49 50 20 6e 65 74 77 6f 72 6b 20 61 74 20 6c 6f 63 61 6c 20 73 69 64 65 2e 00 60	``.-.IP.network.at.local.side..`
879e0	60 70 72 65 66 69 78 60 60 20 2d 20 49 50 20 6e 65 74 77 6f 72 6b 20 61 74 20 72 65 6d 6f 74 65	`prefix``.-.IP.network.at.remote
87a00	20 73 69 64 65 2e 00 60 60 70 72 66 60 60 20 70 73 65 75 64 6f 2d 72 61 6e 64 6f 6d 20 66 75 6e	.side..``prf``.pseudo-random.fun
87a20	63 74 69 6f 6e 2e 00 60 60 70 72 6f 70 6f 73 61 6c 60 60 20 45 53 50 2d 67 72 6f 75 70 20 70 72	ction..``proposal``.ESP-group.pr
87a40	6f 70 6f 73 61 6c 20 77 69 74 68 20 6e 75 6d 62 65 72 20 3c 31 2d 36 35 35 33 35 3e 3a 00 60 60	oposal.with.number.<1-65535>:.``
87a60	70 72 6f 70 6f 73 61 6c 60 60 20 74 68 65 20 6c 69 73 74 20 6f 66 20 70 72 6f 70 6f 73 61 6c 73	proposal``.the.list.of.proposals
87a80	20 61 6e 64 20 74 68 65 69 72 20 70 61 72 61 6d 65 74 65 72 73 3a 00 60 60 70 72 6f 74 6f 63 6f	.and.their.parameters:.``protoco
87aa0	6c 60 60 20 2d 20 64 65 66 69 6e 65 20 74 68 65 20 70 72 6f 74 6f 63 6f 6c 20 66 6f 72 20 6d 61	l``.-.define.the.protocol.for.ma
87ac0	74 63 68 20 74 72 61 66 66 69 63 2c 20 77 68 69 63 68 20 73 68 6f 75 6c 64 20 62 65 20 65 6e 63	tch.traffic,.which.should.be.enc
87ae0	72 79 70 74 65 64 20 61 6e 64 20 73 65 6e 64 20 74 6f 20 74 68 69 73 20 70 65 65 72 3b 00 60 60	rypted.and.send.to.this.peer;.``
87b00	70 73 6b 60 60 20 2d 20 50 72 65 73 68 61 72 65 64 20 73 65 63 72 65 74 20 6b 65 79 20 6e 61 6d	psk``.-.Preshared.secret.key.nam
87b20	65 3a 00 60 60 71 75 65 75 65 60 60 3a 20 45 6e 71 75 65 75 65 20 70 61 63 6b 65 74 20 74 6f 20	e:.``queue``:.Enqueue.packet.to.
87b40	75 73 65 72 73 70 61 63 65 2e 00 60 60 72 61 74 65 60 60 3a 20 4e 75 6d 62 65 72 20 6f 66 20 70	userspace..``rate``:.Number.of.p
87b60	61 63 6b 65 74 73 2e 20 44 65 66 61 75 6c 74 20 35 2e 00 60 60 72 65 6a 65 63 74 60 60 3a 20 72	ackets..Default.5..``reject``:.r
87b80	65 6a 65 63 74 20 74 68 65 20 70 61 63 6b 65 74 2e 00 60 60 72 65 6d 6f 74 65 2d 61 64 64 72 65	eject.the.packet..``remote-addre
87ba0	73 73 60 60 20 2d 20 72 65 6d 6f 74 65 20 49 50 20 61 64 64 72 65 73 73 20 6f 72 20 68 6f 73 74	ss``.-.remote.IP.address.or.host
87bc0	6e 61 6d 65 20 66 6f 72 20 49 50 53 65 63 20 63 6f 6e 6e 65 63 74 69 6f 6e 2e 20 49 50 76 34 20	name.for.IPSec.connection..IPv4.
87be0	6f 72 20 49 50 76 36 20 61 64 64 72 65 73 73 20 69 73 20 75 73 65 64 20 77 68 65 6e 20 61 20 70	or.IPv6.address.is.used.when.a.p
87c00	65 65 72 20 68 61 73 20 61 20 70 75 62 6c 69 63 20 73 74 61 74 69 63 20 49 50 20 61 64 64 72 65	eer.has.a.public.static.IP.addre
87c20	73 73 2e 20 48 6f 73 74 6e 61 6d 65 20 69 73 20 61 20 44 4e 53 20 6e 61 6d 65 20 77 68 69 63 68	ss..Hostname.is.a.DNS.name.which
87c40	20 63 6f 75 6c 64 20 62 65 20 75 73 65 64 20 77 68 65 6e 20 61 20 70 65 65 72 20 68 61 73 20 61	.could.be.used.when.a.peer.has.a
87c60	20 70 75 62 6c 69 63 20 49 50 20 61 64 64 72 65 73 73 20 61 6e 64 20 44 4e 53 20 6e 61 6d 65 2c	.public.IP.address.and.DNS.name,
87c80	20 62 75 74 20 61 6e 20 49 50 20 61 64 64 72 65 73 73 20 63 6f 75 6c 64 20 62 65 20 63 68 61 6e	.but.an.IP.address.could.be.chan
87ca0	67 65 64 20 66 72 6f 6d 20 74 69 6d 65 20 74 6f 20 74 69 6d 65 2e 00 60 60 72 65 6d 6f 74 65 2d	ged.from.time.to.time..``remote-
87cc0	69 64 60 60 20 2d 20 64 65 66 69 6e 65 20 61 6e 20 49 44 20 66 6f 72 20 72 65 6d 6f 74 65 20 70	id``.-.define.an.ID.for.remote.p
87ce0	65 65 72 2c 20 69 6e 73 74 65 61 64 20 6f 66 20 75 73 69 6e 67 20 70 65 65 72 20 6e 61 6d 65 20	eer,.instead.of.using.peer.name.
87d00	6f 72 20 61 64 64 72 65 73 73 2e 20 55 73 65 66 75 6c 20 69 6e 20 63 61 73 65 20 69 66 20 74 68	or.address..Useful.in.case.if.th
87d20	65 20 72 65 6d 6f 74 65 20 70 65 65 72 20 69 73 20 62 65 68 69 6e 64 20 4e 41 54 20 6f 72 20 69	e.remote.peer.is.behind.NAT.or.i
87d40	66 20 60 60 6d 6f 64 65 20 78 35 30 39 60 60 20 69 73 20 75 73 65 64 3b 00 60 60 72 65 6d 6f 74	f.``mode.x509``.is.used;.``remot
87d60	65 60 60 20 2d 20 64 65 66 69 6e 65 20 74 68 65 20 72 65 6d 6f 74 65 20 64 65 73 74 69 6e 61 74	e``.-.define.the.remote.destinat
87d80	69 6f 6e 20 66 6f 72 20 6d 61 74 63 68 20 74 72 61 66 66 69 63 2c 20 77 68 69 63 68 20 73 68 6f	ion.for.match.traffic,.which.sho
87da0	75 6c 64 20 62 65 20 65 6e 63 72 79 70 74 65 64 20 61 6e 64 20 73 65 6e 64 20 74 6f 20 74 68 69	uld.be.encrypted.and.send.to.thi
87dc0	73 20 70 65 65 72 3a 00 60 60 72 65 71 2d 73 73 6c 2d 73 6e 69 60 60 20 53 53 4c 20 53 65 72 76	s.peer:.``req-ssl-sni``.SSL.Serv
87de0	65 72 20 4e 61 6d 65 20 49 6e 64 69 63 61 74 69 6f 6e 20 28 53 4e 49 29 20 72 65 71 75 65 73 74	er.Name.Indication.(SNI).request
87e00	20 6d 61 74 63 68 00 60 60 72 65 73 70 2d 74 69 6d 65 60 60 3a 20 74 68 65 20 6d 61 78 69 6d 75	.match.``resp-time``:.the.maximu
87e20	6d 20 72 65 73 70 6f 6e 73 65 20 74 69 6d 65 20 66 6f 72 20 70 69 6e 67 20 69 6e 20 73 65 63 6f	m.response.time.for.ping.in.seco
87e40	6e 64 73 2e 20 52 61 6e 67 65 20 31 2e 2e 2e 33 30 2c 20 64 65 66 61 75 6c 74 20 35 00 60 60 72	nds..Range.1...30,.default.5.``r
87e60	65 73 70 6f 6e 64 60 60 20 2d 20 64 6f 65 73 20 6e 6f 74 20 74 72 79 20 74 6f 20 69 6e 69 74 69	espond``.-.does.not.try.to.initi
87e80	61 74 65 20 61 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 74 6f 20 61 20 72 65 6d 6f 74 65 20 70 65 65	ate.a.connection.to.a.remote.pee
87ea0	72 2e 20 49 6e 20 74 68 69 73 20 6d 6f 64 65 2c 20 74 68 65 20 49 50 53 65 63 20 73 65 73 73 69	r..In.this.mode,.the.IPSec.sessi
87ec0	6f 6e 20 77 69 6c 6c 20 62 65 20 65 73 74 61 62 6c 69 73 68 65 64 20 6f 6e 6c 79 20 61 66 74 65	on.will.be.established.only.afte
87ee0	72 20 69 6e 69 74 69 61 74 69 6f 6e 20 66 72 6f 6d 20 61 20 72 65 6d 6f 74 65 20 70 65 65 72 2e	r.initiation.from.a.remote.peer.
87f00	20 43 6f 75 6c 64 20 62 65 20 75 73 65 66 75 6c 20 77 68 65 6e 20 74 68 65 72 65 20 69 73 20 6e	.Could.be.useful.when.there.is.n
87f20	6f 20 64 69 72 65 63 74 20 63 6f 6e 6e 65 63 74 69 76 69 74 79 20 74 6f 20 74 68 65 20 70 65 65	o.direct.connectivity.to.the.pee
87f40	72 20 64 75 65 20 74 6f 20 66 69 72 65 77 61 6c 6c 20 6f 72 20 4e 41 54 20 69 6e 20 74 68 65 20	r.due.to.firewall.or.NAT.in.the.
87f60	6d 69 64 64 6c 65 20 6f 66 20 74 68 65 20 6c 6f 63 61 6c 20 61 6e 64 20 72 65 6d 6f 74 65 20 73	middle.of.the.local.and.remote.s
87f80	69 64 65 2e 00 60 60 72 65 73 74 61 72 74 60 60 20 73 65 74 20 61 63 74 69 6f 6e 20 74 6f 20 72	ide..``restart``.set.action.to.r
87fa0	65 73 74 61 72 74 3b 00 60 60 72 65 74 75 72 6e 60 60 3a 20 52 65 74 75 72 6e 20 66 72 6f 6d 20	estart;.``return``:.Return.from.
87fc0	74 68 65 20 63 75 72 72 65 6e 74 20 63 68 61 69 6e 20 61 6e 64 20 63 6f 6e 74 69 6e 75 65 20 61	the.current.chain.and.continue.a
87fe0	74 20 74 68 65 20 6e 65 78 74 20 72 75 6c 65 20 6f 66 20 74 68 65 20 6c 61 73 74 20 63 68 61 69	t.the.next.rule.of.the.last.chai
88000	6e 2e 00 60 60 72 69 70 60 60 20 2d 20 52 6f 75 74 69 6e 67 20 49 6e 66 6f 72 6d 61 74 69 6f 6e	n..``rip``.-.Routing.Information
88020	20 50 72 6f 74 6f 63 6f 6c 20 28 52 49 50 29 00 60 60 72 69 70 6e 67 60 60 20 2d 20 52 6f 75 74	.Protocol.(RIP).``ripng``.-.Rout
88040	69 6e 67 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 20 50 72 6f 74 6f 63 6f 6c 20 6e 65 78 74 2d 67 65	ing.Information.Protocol.next-ge
88060	6e 65 72 61 74 69 6f 6e 20 28 49 50 76 36 29 20 28 52 49 50 6e 67 29 00 60 60 72 6f 75 6e 64 2d	neration.(IPv6).(RIPng).``round-
88080	72 6f 62 69 6e 60 60 20 2d 20 52 6f 75 6e 64 2d 72 6f 62 69 6e 20 70 6f 6c 69 63 79 3a 20 54 72	robin``.-.Round-robin.policy:.Tr
880a0	61 6e 73 6d 69 74 20 70 61 63 6b 65 74 73 20 69 6e 20 73 65 71 75 65 6e 74 69 61 6c 20 6f 72 64	ansmit.packets.in.sequential.ord
880c0	65 72 20 66 72 6f 6d 20 74 68 65 20 66 69 72 73 74 20 61 76 61 69 6c 61 62 6c 65 20 73 6c 61 76	er.from.the.first.available.slav
880e0	65 20 74 68 72 6f 75 67 68 20 74 68 65 20 6c 61 73 74 2e 00 60 60 72 6f 75 6e 64 2d 72 6f 62 69	e.through.the.last..``round-robi
88100	6e 60 60 20 44 69 73 74 72 69 62 75 74 65 73 20 72 65 71 75 65 73 74 73 20 69 6e 20 61 20 63 69	n``.Distributes.requests.in.a.ci
88120	72 63 75 6c 61 72 20 6d 61 6e 6e 65 72 2c 20 73 65 71 75 65 6e 74 69 61 6c 6c 79 20 73 65 6e 64	rcular.manner,.sequentially.send
88140	69 6e 67 20 65 61 63 68 20 72 65 71 75 65 73 74 20 74 6f 20 74 68 65 20 6e 65 78 74 20 73 65 72	ing.each.request.to.the.next.ser
88160	76 65 72 20 69 6e 20 6c 69 6e 65 00 60 60 72 6f 75 74 65 2d 66 69 6c 74 65 72 2d 74 72 61 6e 73	ver.in.line.``route-filter-trans
88180	6c 61 74 65 64 2d 76 34 60 60 20 2d 20 20 20 57 65 6c 6c 2d 6b 6e 6f 77 6e 20 63 6f 6d 6d 75 6e	lated-v4``.-...Well-known.commun
881a0	69 74 69 65 73 20 76 61 6c 75 65 20 52 4f 55 54 45 5f 46 49 4c 54 45 52 5f 54 52 41 4e 53 4c 41	ities.value.ROUTE_FILTER_TRANSLA
881c0	54 45 44 5f 76 34 20 30 78 46 46 46 46 30 30 30 32 00 60 60 72 6f 75 74 65 2d 66 69 6c 74 65 72	TED_v4.0xFFFF0002.``route-filter
881e0	2d 74 72 61 6e 73 6c 61 74 65 64 2d 76 36 60 60 20 2d 20 20 20 57 65 6c 6c 2d 6b 6e 6f 77 6e 20	-translated-v6``.-...Well-known.
88200	63 6f 6d 6d 75 6e 69 74 69 65 73 20 76 61 6c 75 65 20 52 4f 55 54 45 5f 46 49 4c 54 45 52 5f 54	communities.value.ROUTE_FILTER_T
88220	52 41 4e 53 4c 41 54 45 44 5f 76 36 20 30 78 46 46 46 46 30 30 30 34 00 60 60 72 6f 75 74 65 2d	RANSLATED_v6.0xFFFF0004.``route-
88240	66 69 6c 74 65 72 2d 76 34 60 60 20 2d 20 20 20 20 20 20 20 20 20 20 20 20 20 20 57 65 6c 6c 2d	filter-v4``.-..............Well-
88260	6b 6e 6f 77 6e 20 63 6f 6d 6d 75 6e 69 74 69 65 73 20 76 61 6c 75 65 20 52 4f 55 54 45 5f 46 49	known.communities.value.ROUTE_FI
88280	4c 54 45 52 5f 76 34 20 30 78 46 46 46 46 30 30 30 33 00 60 60 72 6f 75 74 65 2d 66 69 6c 74 65	LTER_v4.0xFFFF0003.``route-filte
882a0	72 2d 76 36 60 60 20 2d 20 20 20 20 20 20 20 20 20 20 20 20 20 20 57 65 6c 6c 2d 6b 6e 6f 77 6e	r-v6``.-..............Well-known
882c0	20 63 6f 6d 6d 75 6e 69 74 69 65 73 20 76 61 6c 75 65 20 52 4f 55 54 45 5f 46 49 4c 54 45 52 5f	.communities.value.ROUTE_FILTER_
882e0	76 36 20 30 78 46 46 46 46 30 30 30 35 00 60 60 72 73 61 2d 6b 65 79 2d 6e 61 6d 65 60 60 20 2d	v6.0xFFFF0005.``rsa-key-name``.-
88300	20 73 68 61 72 65 64 20 52 53 41 20 6b 65 79 20 66 6f 72 20 61 75 74 68 65 6e 74 69 63 61 74 69	.shared.RSA.key.for.authenticati
88320	6f 6e 2e 20 54 68 65 20 6b 65 79 20 6d 75 73 74 20 62 65 20 64 65 66 69 6e 65 64 20 69 6e 20 74	on..The.key.must.be.defined.in.t
88340	68 65 20 60 60 73 65 74 20 76 70 6e 20 72 73 61 2d 6b 65 79 73 60 60 20 73 65 63 74 69 6f 6e 3b	he.``set.vpn.rsa-keys``.section;
88360	00 60 60 72 73 61 60 60 20 2d 20 75 73 65 20 73 69 6d 70 6c 65 20 73 68 61 72 65 64 20 52 53 41	.``rsa``.-.use.simple.shared.RSA
88380	20 6b 65 79 2e 20 54 68 65 20 6b 65 79 20 6d 75 73 74 20 62 65 20 64 65 66 69 6e 65 64 20 69 6e	.key..The.key.must.be.defined.in
883a0	20 74 68 65 20 60 60 73 65 74 20 76 70 6e 20 72 73 61 2d 6b 65 79 73 60 60 20 73 65 63 74 69 6f	.the.``set.vpn.rsa-keys``.sectio
883c0	6e 3b 00 60 60 73 65 63 72 65 74 60 60 20 2d 20 70 72 65 64 65 66 69 6e 65 64 20 73 68 61 72 65	n;.``secret``.-.predefined.share
883e0	64 20 73 65 63 72 65 74 2e 20 55 73 65 64 20 69 66 20 63 6f 6e 66 69 67 75 72 65 64 20 6d 6f 64	d.secret..Used.if.configured.mod
88400	65 20 60 60 70 72 65 2d 73 68 61 72 65 64 2d 73 65 63 72 65 74 60 60 3b 00 60 60 73 69 6e 67 6c	e.``pre-shared-secret``;.``singl
88420	65 2d 75 73 65 72 2d 62 65 61 6d 66 6f 72 6d 65 65 60 60 20 2d 20 53 75 70 70 6f 72 74 20 66 6f	e-user-beamformee``.-.Support.fo
88440	72 20 6f 70 65 72 61 74 69 6f 6e 20 61 73 20 73 69 6e 67 6c 65 20 75 73 65 72 20 62 65 61 6d 66	r.operation.as.single.user.beamf
88460	6f 72 6d 65 65 00 60 60 73 69 6e 67 6c 65 2d 75 73 65 72 2d 62 65 61 6d 66 6f 72 6d 65 72 60 60	ormee.``single-user-beamformer``
88480	20 2d 20 53 75 70 70 6f 72 74 20 66 6f 72 20 6f 70 65 72 61 74 69 6f 6e 20 61 73 20 73 69 6e 67	.-.Support.for.operation.as.sing
884a0	6c 65 20 75 73 65 72 20 62 65 61 6d 66 6f 72 6d 65 72 00 60 60 73 6f 6e 6d 70 60 60 20 2d 20 4c	le.user.beamformer.``sonmp``.-.L
884c0	69 73 74 65 6e 20 66 6f 72 20 53 4f 4e 4d 50 20 66 6f 72 20 4e 6f 72 74 65 6c 20 72 6f 75 74 65	isten.for.SONMP.for.Nortel.route
884e0	72 73 2f 73 77 69 74 63 68 65 73 00 60 60 73 6f 75 72 63 65 2d 61 64 64 72 65 73 73 60 60 20 44	rs/switches.``source-address``.D
88500	69 73 74 72 69 62 75 74 65 73 20 72 65 71 75 65 73 74 73 20 62 61 73 65 64 20 6f 6e 20 74 68 65	istributes.requests.based.on.the
88520	20 73 6f 75 72 63 65 20 49 50 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 63 6c 69 65 6e 74	.source.IP.address.of.the.client
88540	00 60 60 73 73 68 2d 64 73 73 60 60 00 60 60 73 73 68 2d 65 64 32 35 35 31 39 60 60 00 60 60 73	.``ssh-dss``.``ssh-ed25519``.``s
88560	73 68 2d 72 73 61 20 41 41 41 41 42 33 4e 7a 61 43 31 79 63 32 45 41 41 41 41 42 41 41 2e 2e 2e	sh-rsa.AAAAB3NzaC1yc2EAAAABAA...
88580	56 42 44 35 6c 4b 77 45 57 42 20 75 73 65 72 6e 61 6d 65 40 68 6f 73 74 2e 65 78 61 6d 70 6c 65	VBD5lKwEWB.username@host.example
885a0	2e 63 6f 6d 60 60 00 60 60 73 73 68 2d 72 73 61 60 60 00 60 60 73 73 6c 2d 66 63 2d 73 6e 69 2d	.com``.``ssh-rsa``.``ssl-fc-sni-
885c0	65 6e 64 60 60 20 53 53 4c 20 66 72 6f 6e 74 65 6e 64 20 6d 61 74 63 68 20 65 6e 64 20 6f 66 20	end``.SSL.frontend.match.end.of.
885e0	63 6f 6e 6e 65 63 74 69 6f 6e 20 53 65 72 76 65 72 20 4e 61 6d 65 00 60 60 73 73 6c 2d 66 63 2d	connection.Server.Name.``ssl-fc-
88600	73 6e 69 60 60 20 53 53 4c 20 66 72 6f 6e 74 65 6e 64 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 53 65	sni``.SSL.frontend.connection.Se
88620	72 76 65 72 20 4e 61 6d 65 20 49 6e 64 69 63 61 74 69 6f 6e 20 6d 61 74 63 68 00 60 60 73 74 61	rver.Name.Indication.match.``sta
88640	74 69 63 60 60 20 2d 20 53 74 61 74 69 63 61 6c 6c 79 20 63 6f 6e 66 69 67 75 72 65 64 20 72 6f	tic``.-.Statically.configured.ro
88660	75 74 65 73 00 60 60 73 74 61 74 69 6f 6e 60 60 20 2d 20 43 6f 6e 6e 65 63 74 73 20 74 6f 20 61	utes.``station``.-.Connects.to.a
88680	6e 6f 74 68 65 72 20 61 63 63 65 73 73 20 70 6f 69 6e 74 00 60 60 73 79 73 63 74 6c 60 60 20 69	nother.access.point.``sysctl``.i
886a0	73 20 75 73 65 64 20 74 6f 20 6d 6f 64 69 66 79 20 6b 65 72 6e 65 6c 20 70 61 72 61 6d 65 74 65	s.used.to.modify.kernel.paramete
886c0	72 73 20 61 74 20 72 75 6e 74 69 6d 65 2e 20 20 54 68 65 20 70 61 72 61 6d 65 74 65 72 73 20 61	rs.at.runtime...The.parameters.a
886e0	76 61 69 6c 61 62 6c 65 20 61 72 65 20 74 68 6f 73 65 20 6c 69 73 74 65 64 20 75 6e 64 65 72 20	vailable.are.those.listed.under.
88700	2f 70 72 6f 63 2f 73 79 73 2f 2e 00 60 60 74 61 62 6c 65 20 31 30 60 60 20 52 6f 75 74 69 6e 67	/proc/sys/..``table.10``.Routing
88720	20 74 61 62 6c 65 20 75 73 65 64 20 66 6f 72 20 49 53 50 31 00 60 60 74 61 62 6c 65 20 31 30 60	.table.used.for.ISP1.``table.10`
88740	60 20 52 6f 75 74 69 6e 67 20 74 61 62 6c 65 20 75 73 65 64 20 66 6f 72 20 56 4c 41 4e 20 31 30	`.Routing.table.used.for.VLAN.10
88760	20 28 31 39 32 2e 31 36 38 2e 31 38 38 2e 30 2f 32 34 29 00 60 60 74 61 62 6c 65 20 31 31 60 60	.(192.168.188.0/24).``table.11``
88780	20 52 6f 75 74 69 6e 67 20 74 61 62 6c 65 20 75 73 65 64 20 66 6f 72 20 49 53 50 32 00 60 60 74	.Routing.table.used.for.ISP2.``t
887a0	61 62 6c 65 20 31 31 60 60 20 52 6f 75 74 69 6e 67 20 74 61 62 6c 65 20 75 73 65 64 20 66 6f 72	able.11``.Routing.table.used.for
887c0	20 56 4c 41 4e 20 31 31 20 28 31 39 32 2e 31 36 38 2e 31 38 39 2e 30 2f 32 34 29 00 60 60 74 61	.VLAN.11.(192.168.189.0/24).``ta
887e0	62 6c 65 60 60 20 2d 20 4e 6f 6e 2d 6d 61 69 6e 20 4b 65 72 6e 65 6c 20 52 6f 75 74 69 6e 67 20	ble``.-.Non-main.Kernel.Routing.
88800	54 61 62 6c 65 00 60 60 74 61 72 67 65 74 60 60 3a 20 74 68 65 20 74 61 72 67 65 74 20 74 6f 20	Table.``target``:.the.target.to.
88820	62 65 20 73 65 6e 74 20 49 43 4d 50 20 70 61 63 6b 65 74 73 20 74 6f 2c 20 61 64 64 72 65 73 73	be.sent.ICMP.packets.to,.address
88840	20 63 61 6e 20 62 65 20 61 6e 20 49 50 76 34 20 61 64 64 72 65 73 73 20 6f 72 20 68 6f 73 74 6e	.can.be.an.IPv4.address.or.hostn
88860	61 6d 65 00 60 60 74 65 73 74 2d 73 63 72 69 70 74 60 60 3a 20 41 20 75 73 65 72 20 64 65 66 69	ame.``test-script``:.A.user.defi
88880	6e 65 64 20 73 63 72 69 70 74 20 6d 75 73 74 20 72 65 74 75 72 6e 20 30 20 74 6f 20 62 65 20 63	ned.script.must.return.0.to.be.c
888a0	6f 6e 73 69 64 65 72 65 64 20 73 75 63 63 65 73 73 66 75 6c 20 61 6e 64 20 6e 6f 6e 2d 7a 65 72	onsidered.successful.and.non-zer
888c0	6f 20 74 6f 20 66 61 69 6c 2e 20 53 63 72 69 70 74 73 20 61 72 65 20 6c 6f 63 61 74 65 64 20 69	o.to.fail..Scripts.are.located.i
888e0	6e 20 2f 63 6f 6e 66 69 67 2f 73 63 72 69 70 74 73 2c 20 66 6f 72 20 64 69 66 66 65 72 65 6e 74	n./config/scripts,.for.different
88900	20 6c 6f 63 61 74 69 6f 6e 73 20 74 68 65 20 66 75 6c 6c 20 70 61 74 68 20 6e 65 65 64 73 20 74	.locations.the.full.path.needs.t
88920	6f 20 62 65 20 70 72 6f 76 69 64 65 64 00 60 60 74 68 72 65 73 68 6f 6c 64 60 60 3a 20 60 60 62	o.be.provided.``threshold``:.``b
88940	65 6c 6f 77 60 60 20 6f 72 20 60 60 61 62 6f 76 65 60 60 20 74 68 65 20 73 70 65 63 69 66 69 65	elow``.or.``above``.the.specifie
88960	64 20 72 61 74 65 20 6c 69 6d 69 74 2e 00 60 60 74 68 72 6f 75 67 68 70 75 74 60 60 3a 20 41 20	d.rate.limit..``throughput``:.A.
88980	73 65 72 76 65 72 20 70 72 6f 66 69 6c 65 20 66 6f 63 75 73 65 64 20 6f 6e 20 69 6d 70 72 6f 76	server.profile.focused.on.improv
889a0	69 6e 67 20 6e 65 74 77 6f 72 6b 20 74 68 72 6f 75 67 68 70 75 74 2e 20 54 68 69 73 20 70 72 6f	ing.network.throughput..This.pro
889c0	66 69 6c 65 20 66 61 76 6f 72 73 20 70 65 72 66 6f 72 6d 61 6e 63 65 20 6f 76 65 72 20 70 6f 77	file.favors.performance.over.pow
889e0	65 72 20 73 61 76 69 6e 67 73 20 62 79 20 73 65 74 74 69 6e 67 20 60 60 69 6e 74 65 6c 5f 70 73	er.savings.by.setting.``intel_ps
88a00	74 61 74 65 60 60 20 61 6e 64 20 60 60 6d 61 78 5f 70 65 72 66 5f 70 63 74 3d 31 30 30 60 60 20	tate``.and.``max_perf_pct=100``.
88a20	61 6e 64 20 69 6e 63 72 65 61 73 69 6e 67 20 6b 65 72 6e 65 6c 20 6e 65 74 77 6f 72 6b 20 62 75	and.increasing.kernel.network.bu
88a40	66 66 65 72 20 73 69 7a 65 73 2e 00 60 60 74 69 6d 65 6f 75 74 60 60 20 6b 65 65 70 2d 61 6c 69	ffer.sizes..``timeout``.keep-ali
88a60	76 65 20 74 69 6d 65 6f 75 74 20 69 6e 20 73 65 63 6f 6e 64 73 20 3c 32 2d 38 36 34 30 30 3e 20	ve.timeout.in.seconds.<2-86400>.
88a80	28 64 65 66 61 75 6c 74 20 31 32 30 29 20 49 4b 45 76 31 20 6f 6e 6c 79 00 60 60 74 72 61 6e 73	(default.120).IKEv1.only.``trans
88aa0	6d 69 74 2d 6c 6f 61 64 2d 62 61 6c 61 6e 63 65 60 60 20 2d 20 41 64 61 70 74 69 76 65 20 74 72	mit-load-balance``.-.Adaptive.tr
88ac0	61 6e 73 6d 69 74 20 6c 6f 61 64 20 62 61 6c 61 6e 63 69 6e 67 3a 20 63 68 61 6e 6e 65 6c 20 62	ansmit.load.balancing:.channel.b
88ae0	6f 6e 64 69 6e 67 20 74 68 61 74 20 64 6f 65 73 20 6e 6f 74 20 72 65 71 75 69 72 65 20 61 6e 79	onding.that.does.not.require.any
88b00	20 73 70 65 63 69 61 6c 20 73 77 69 74 63 68 20 73 75 70 70 6f 72 74 2e 00 60 60 74 72 61 6e 73	.special.switch.support..``trans
88b20	70 6f 72 74 60 60 20 74 72 61 6e 73 70 6f 72 74 20 6d 6f 64 65 3b 00 60 60 74 74 6c 2d 6c 69 6d	port``.transport.mode;.``ttl-lim
88b40	69 74 60 60 3a 20 46 6f 72 20 74 68 65 20 55 44 50 20 54 54 4c 20 6c 69 6d 69 74 20 74 65 73 74	it``:.For.the.UDP.TTL.limit.test
88b60	20 74 68 65 20 68 6f 70 20 63 6f 75 6e 74 20 6c 69 6d 69 74 20 6d 75 73 74 20 62 65 20 73 70 65	.the.hop.count.limit.must.be.spe
88b80	63 69 66 69 65 64 2e 20 54 68 65 20 6c 69 6d 69 74 20 6d 75 73 74 20 62 65 20 73 68 6f 72 74 65	cified..The.limit.must.be.shorte
88ba0	72 20 74 68 61 6e 20 74 68 65 20 70 61 74 68 20 6c 65 6e 67 74 68 2c 20 61 6e 20 49 43 4d 50 20	r.than.the.path.length,.an.ICMP.
88bc0	74 69 6d 65 20 65 78 70 69 72 65 64 20 6d 65 73 73 61 67 65 20 69 73 20 6e 65 65 64 65 64 20 74	time.expired.message.is.needed.t
88be0	6f 20 62 65 20 72 65 74 75 72 6e 65 64 20 66 6f 72 20 61 20 73 75 63 63 65 73 73 66 75 6c 20 74	o.be.returned.for.a.successful.t
88c00	65 73 74 2e 20 64 65 66 61 75 6c 74 20 31 00 60 60 74 74 79 53 4e 60 60 20 2d 20 53 65 72 69 61	est..default.1.``ttySN``.-.Seria
88c20	6c 20 64 65 76 69 63 65 20 6e 61 6d 65 00 60 60 74 74 79 55 53 42 58 60 60 20 2d 20 55 53 42 20	l.device.name.``ttyUSBX``.-.USB.
88c40	53 65 72 69 61 6c 20 64 65 76 69 63 65 20 6e 61 6d 65 00 60 60 74 75 6e 6e 65 6c 60 60 20 2d 20	Serial.device.name.``tunnel``.-.
88c60	64 65 66 69 6e 65 20 63 72 69 74 65 72 69 61 20 66 6f 72 20 74 72 61 66 66 69 63 20 74 6f 20 62	define.criteria.for.traffic.to.b
88c80	65 20 6d 61 74 63 68 65 64 20 66 6f 72 20 65 6e 63 72 79 70 74 69 6e 67 20 61 6e 64 20 73 65 6e	e.matched.for.encrypting.and.sen
88ca0	64 20 69 74 20 74 6f 20 61 20 70 65 65 72 3a 00 60 60 74 75 6e 6e 65 6c 60 60 20 74 75 6e 6e 65	d.it.to.a.peer:.``tunnel``.tunne
88cc0	6c 20 6d 6f 64 65 20 28 64 65 66 61 75 6c 74 29 3b 00 60 60 74 79 70 65 60 60 3a 20 53 70 65 63	l.mode.(default);.``type``:.Spec
88ce0	69 66 79 20 74 68 65 20 74 79 70 65 20 6f 66 20 74 65 73 74 2e 20 74 79 70 65 20 63 61 6e 20 62	ify.the.type.of.test..type.can.b
88d00	65 20 70 69 6e 67 2c 20 74 74 6c 20 6f 72 20 61 20 75 73 65 72 20 64 65 66 69 6e 65 64 20 73 63	e.ping,.ttl.or.a.user.defined.sc
88d20	72 69 70 74 00 60 60 75 73 65 2d 78 35 30 39 2d 69 64 60 60 20 2d 20 75 73 65 20 6c 6f 63 61 6c	ript.``use-x509-id``.-.use.local
88d40	20 49 44 20 66 72 6f 6d 20 78 35 30 39 20 63 65 72 74 69 66 69 63 61 74 65 2e 20 43 61 6e 6e 6f	.ID.from.x509.certificate..Canno
88d60	74 20 62 65 20 75 73 65 64 20 77 68 65 6e 20 60 60 69 64 60 60 20 69 73 20 64 65 66 69 6e 65 64	t.be.used.when.``id``.is.defined
88d80	3b 00 60 60 76 69 72 74 75 61 6c 2d 69 70 60 60 20 41 6c 6c 6f 77 20 69 6e 73 74 61 6c 6c 20 76	;.``virtual-ip``.Allow.install.v
88da0	69 72 74 75 61 6c 2d 69 70 20 61 64 64 72 65 73 73 65 73 2e 20 43 6f 6d 6d 61 20 73 65 70 61 72	irtual-ip.addresses..Comma.separ
88dc0	61 74 65 64 20 6c 69 73 74 20 6f 66 20 76 69 72 74 75 61 6c 20 49 50 73 20 74 6f 20 72 65 71 75	ated.list.of.virtual.IPs.to.requ
88de0	65 73 74 20 69 6e 20 49 4b 45 76 32 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 70 61 79 6c 6f	est.in.IKEv2.configuration.paylo
88e00	61 64 73 20 6f 72 20 49 4b 45 76 31 20 4d 6f 64 65 20 43 6f 6e 66 69 67 2e 20 54 68 65 20 77 69	ads.or.IKEv1.Mode.Config..The.wi
88e20	6c 64 63 61 72 64 20 61 64 64 72 65 73 73 65 73 20 30 2e 30 2e 30 2e 30 20 61 6e 64 20 3a 3a 20	ldcard.addresses.0.0.0.0.and.::.
88e40	72 65 71 75 65 73 74 20 61 6e 20 61 72 62 69 74 72 61 72 79 20 61 64 64 72 65 73 73 2c 20 73 70	request.an.arbitrary.address,.sp
88e60	65 63 69 66 69 63 20 61 64 64 72 65 73 73 65 73 20 6d 61 79 20 62 65 20 64 65 66 69 6e 65 64 2e	ecific.addresses.may.be.defined.
88e80	20 54 68 65 20 72 65 73 70 6f 6e 64 65 72 20 6d 61 79 20 72 65 74 75 72 6e 20 61 20 64 69 66 66	.The.responder.may.return.a.diff
88ea0	65 72 65 6e 74 20 61 64 64 72 65 73 73 2c 20 74 68 6f 75 67 68 2c 20 6f 72 20 6e 6f 6e 65 20 61	erent.address,.though,.or.none.a
88ec0	74 20 61 6c 6c 2e 00 60 60 76 6e 63 60 60 20 2d 20 56 69 72 74 75 61 6c 20 4e 65 74 77 6f 72 6b	t.all..``vnc``.-.Virtual.Network
88ee0	20 43 6f 6e 74 72 6f 6c 20 28 56 4e 43 29 00 60 60 76 74 69 60 60 20 2d 20 75 73 65 20 61 20 56	.Control.(VNC).``vti``.-.use.a.V
88f00	54 49 20 69 6e 74 65 72 66 61 63 65 20 66 6f 72 20 74 72 61 66 66 69 63 20 65 6e 63 72 79 70 74	TI.interface.for.traffic.encrypt
88f20	69 6f 6e 2e 20 41 6e 79 20 74 72 61 66 66 69 63 2c 20 77 68 69 63 68 20 77 69 6c 6c 20 62 65 20	ion..Any.traffic,.which.will.be.
88f40	73 65 6e 64 20 74 6f 20 56 54 49 20 69 6e 74 65 72 66 61 63 65 20 77 69 6c 6c 20 62 65 20 65 6e	send.to.VTI.interface.will.be.en
88f60	63 72 79 70 74 65 64 20 61 6e 64 20 73 65 6e 64 20 74 6f 20 74 68 69 73 20 70 65 65 72 2e 20 55	crypted.and.send.to.this.peer..U
88f80	73 69 6e 67 20 56 54 49 20 6d 61 6b 65 73 20 49 50 53 65 63 20 63 6f 6e 66 69 67 75 72 61 74 69	sing.VTI.makes.IPSec.configurati
88fa0	6f 6e 20 6d 75 63 68 20 66 6c 65 78 69 62 6c 65 20 61 6e 64 20 65 61 73 69 65 72 20 69 6e 20 63	on.much.flexible.and.easier.in.c
88fc0	6f 6d 70 6c 65 78 20 73 69 74 75 61 74 69 6f 6e 2c 20 61 6e 64 20 61 6c 6c 6f 77 73 20 74 6f 20	omplex.situation,.and.allows.to.
88fe0	64 79 6e 61 6d 69 63 61 6c 6c 79 20 61 64 64 2f 64 65 6c 65 74 65 20 72 65 6d 6f 74 65 20 6e 65	dynamically.add/delete.remote.ne
89000	74 77 6f 72 6b 73 2c 20 72 65 61 63 68 61 62 6c 65 20 76 69 61 20 61 20 70 65 65 72 2c 20 61 73	tworks,.reachable.via.a.peer,.as
89020	20 69 6e 20 74 68 69 73 20 6d 6f 64 65 20 72 6f 75 74 65 72 20 64 6f 6e 27 74 20 6e 65 65 64 20	.in.this.mode.router.don't.need.
89040	74 6f 20 63 72 65 61 74 65 20 61 64 64 69 74 69 6f 6e 61 6c 20 53 41 2f 70 6f 6c 69 63 79 20 66	to.create.additional.SA/policy.f
89060	6f 72 20 65 61 63 68 20 72 65 6d 6f 74 65 20 6e 65 74 77 6f 72 6b 3a 00 60 60 78 35 30 39 60 60	or.each.remote.network:.``x509``
89080	20 2d 20 6f 70 74 69 6f 6e 73 20 66 6f 72 20 78 35 30 39 20 61 75 74 68 65 6e 74 69 63 61 74 69	.-.options.for.x509.authenticati
890a0	6f 6e 20 6d 6f 64 65 3a 00 60 60 78 35 30 39 60 60 20 2d 20 75 73 65 20 63 65 72 74 69 66 69 63	on.mode:.``x509``.-.use.certific
890c0	61 74 65 73 20 69 6e 66 72 61 73 74 72 75 63 74 75 72 65 20 66 6f 72 20 61 75 74 68 65 6e 74 69	ates.infrastructure.for.authenti
890e0	63 61 74 69 6f 6e 2e 00 60 60 78 6f 72 2d 68 61 73 68 60 60 20 2d 20 58 4f 52 20 70 6f 6c 69 63	cation..``xor-hash``.-.XOR.polic
89100	79 3a 20 54 72 61 6e 73 6d 69 74 20 62 61 73 65 64 20 6f 6e 20 74 68 65 20 73 65 6c 65 63 74 65	y:.Transmit.based.on.the.selecte
89120	64 20 74 72 61 6e 73 6d 69 74 20 68 61 73 68 20 70 6f 6c 69 63 79 2e 20 20 54 68 65 20 64 65 66	d.transmit.hash.policy...The.def
89140	61 75 6c 74 20 70 6f 6c 69 63 79 20 69 73 20 61 20 73 69 6d 70 6c 65 20 5b 28 73 6f 75 72 63 65	ault.policy.is.a.simple.[(source
89160	20 4d 41 43 20 61 64 64 72 65 73 73 20 58 4f 52 27 64 20 77 69 74 68 20 64 65 73 74 69 6e 61 74	.MAC.address.XOR'd.with.destinat
89180	69 6f 6e 20 4d 41 43 20 61 64 64 72 65 73 73 20 58 4f 52 20 70 61 63 6b 65 74 20 74 79 70 65 20	ion.MAC.address.XOR.packet.type.
891a0	49 44 29 20 6d 6f 64 75 6c 6f 20 73 6c 61 76 65 20 63 6f 75 6e 74 5d 2e 20 41 6c 74 65 72 6e 61	ID).modulo.slave.count]..Alterna
891c0	74 65 20 74 72 61 6e 73 6d 69 74 20 70 6f 6c 69 63 69 65 73 20 6d 61 79 20 62 65 20 73 65 6c 65	te.transmit.policies.may.be.sele
891e0	63 74 65 64 20 76 69 61 20 74 68 65 20 3a 63 66 67 63 6d 64 3a 60 68 61 73 68 2d 70 6f 6c 69 63	cted.via.the.:cfgcmd:`hash-polic
89200	79 60 20 6f 70 74 69 6f 6e 2c 20 64 65 73 63 72 69 62 65 64 20 62 65 6c 6f 77 2e 00 60 60 79 65	y`.option,.described.below..``ye
89220	73 60 60 20 65 6e 61 62 6c 65 20 72 65 6d 6f 74 65 20 68 6f 73 74 20 72 65 2d 61 75 74 68 65 6e	s``.enable.remote.host.re-authen
89240	74 69 63 61 74 69 6f 6e 20 64 75 72 69 6e 67 20 61 6e 20 49 4b 45 20 72 65 6b 65 79 3b 00 60 73	tication.during.an.IKE.rekey;.`s
89260	6f 75 72 63 65 2d 61 64 64 72 65 73 73 60 20 61 6e 64 20 60 73 6f 75 72 63 65 2d 69 6e 74 65 72	ource-address`.and.`source-inter
89280	66 61 63 65 60 20 63 61 6e 20 6e 6f 74 20 62 65 20 75 73 65 64 20 61 74 20 74 68 65 20 73 61 6d	face`.can.not.be.used.at.the.sam
892a0	65 20 74 69 6d 65 2e 00 60 74 77 65 65 74 20 62 79 20 45 76 69 6c 4d 6f 67 60 5f 2c 20 32 30 32	e.time..`tweet.by.EvilMog`_,.202
892c0	30 2d 30 32 2d 32 31 00 61 20 62 61 6e 64 77 69 64 74 68 20 74 65 73 74 20 6f 76 65 72 20 74 68	0-02-21.a.bandwidth.test.over.th
892e0	65 20 56 50 4e 20 67 6f 74 20 74 68 65 73 65 20 72 65 73 75 6c 74 73 3a 00 61 20 62 6c 61 6e 6b	e.VPN.got.these.results:.a.blank
89300	20 69 6e 64 69 63 61 74 65 73 20 74 68 61 74 20 6e 6f 20 74 65 73 74 20 68 61 73 20 62 65 65 6e	.indicates.that.no.test.has.been
89320	20 63 61 72 72 69 65 64 20 6f 75 74 00 61 65 73 32 35 36 20 45 6e 63 72 79 70 74 69 6f 6e 00 61	.carried.out.aes256.Encryption.a
89340	6c 65 72 74 00 61 6c 6c 00 61 6e 20 52 44 20 2f 20 52 54 4c 49 53 54 00 61 6e 20 69 6e 74 65 72	lert.all.an.RD./.RTLIST.an.inter
89360	66 61 63 65 20 77 69 74 68 20 61 20 6e 65 78 74 68 6f 70 00 61 6e 79 3a 20 61 6e 79 20 49 50 20	face.with.a.nexthop.any:.any.IP.
89380	61 64 64 72 65 73 73 20 74 6f 20 6d 61 74 63 68 2e 00 61 6e 79 3a 20 61 6e 79 20 49 50 76 36 20	address.to.match..any:.any.IPv6.
893a0	61 64 64 72 65 73 73 20 74 6f 20 6d 61 74 63 68 2e 00 61 75 74 68 00 61 75 74 68 6f 72 69 7a 61	address.to.match..auth.authoriza
893c0	74 69 6f 6e 00 61 75 74 6f 20 2d 20 69 6e 74 65 72 66 61 63 65 20 64 75 70 6c 65 78 20 73 65 74	tion.auto.-.interface.duplex.set
893e0	74 69 6e 67 20 69 73 20 61 75 74 6f 2d 6e 65 67 6f 74 69 61 74 65 64 00 61 75 74 6f 20 2d 20 69	ting.is.auto-negotiated.auto.-.i
89400	6e 74 65 72 66 61 63 65 20 73 70 65 65 64 20 69 73 20 61 75 74 6f 2d 6e 65 67 6f 74 69 61 74 65	nterface.speed.is.auto-negotiate
89420	64 00 62 6f 6e 64 69 6e 67 00 62 6f 6f 74 2d 73 69 7a 65 00 62 6f 6f 74 66 69 6c 65 2d 6e 61 6d	d.bonding.boot-size.bootfile-nam
89440	65 00 62 6f 6f 74 66 69 6c 65 2d 6e 61 6d 65 2c 20 66 69 6c 65 6e 61 6d 65 00 62 6f 6f 74 66 69	e.bootfile-name,.filename.bootfi
89460	6c 65 2d 73 65 72 76 65 72 00 62 6f 6f 74 66 69 6c 65 2d 73 69 7a 65 00 62 72 69 64 67 65 00 63	le-server.bootfile-size.bridge.c
89480	6c 69 65 6e 74 20 65 78 61 6d 70 6c 65 20 28 64 65 62 69 61 6e 20 39 29 00 63 6c 69 65 6e 74 2d	lient.example.(debian.9).client-
894a0	70 72 65 66 69 78 2d 6c 65 6e 67 74 68 00 63 6c 6f 63 6b 00 63 6c 6f 63 6b 20 64 61 65 6d 6f 6e	prefix-length.clock.clock.daemon
894c0	20 28 6e 6f 74 65 20 32 29 00 63 72 69 74 00 63 72 6f 6e 00 64 61 65 6d 6f 6e 00 64 64 63 6c 69	.(note.2).crit.cron.daemon.ddcli
894e0	65 6e 74 5f 20 68 61 73 20 61 6e 6f 74 68 65 72 20 77 61 79 20 74 6f 20 64 65 74 65 72 6d 69 6e	ent_.has.another.way.to.determin
89500	65 20 74 68 65 20 57 41 4e 20 49 50 20 61 64 64 72 65 73 73 2e 20 54 68 69 73 20 69 73 20 63 6f	e.the.WAN.IP.address..This.is.co
89520	6e 74 72 6f 6c 6c 65 64 20 62 79 3a 00 64 64 63 6c 69 65 6e 74 5f 20 75 73 65 73 20 74 77 6f 20	ntrolled.by:.ddclient_.uses.two.
89540	6d 65 74 68 6f 64 73 20 74 6f 20 75 70 64 61 74 65 20 61 20 44 4e 53 20 72 65 63 6f 72 64 2e 20	methods.to.update.a.DNS.record..
89560	54 68 65 20 66 69 72 73 74 20 6f 6e 65 20 77 69 6c 6c 20 73 65 6e 64 20 75 70 64 61 74 65 73 20	The.first.one.will.send.updates.
89580	64 69 72 65 63 74 6c 79 20 74 6f 20 74 68 65 20 44 4e 53 20 64 61 65 6d 6f 6e 2c 20 69 6e 20 63	directly.to.the.DNS.daemon,.in.c
895a0	6f 6d 70 6c 69 61 6e 63 65 20 77 69 74 68 20 3a 72 66 63 3a 60 32 31 33 36 60 2e 20 54 68 65 20	ompliance.with.:rfc:`2136`..The.
895c0	73 65 63 6f 6e 64 20 6f 6e 65 20 69 6e 76 6f 6c 76 65 73 20 61 20 74 68 69 72 64 20 70 61 72 74	second.one.involves.a.third.part
895e0	79 20 73 65 72 76 69 63 65 2c 20 6c 69 6b 65 20 44 79 6e 44 4e 53 2e 63 6f 6d 20 6f 72 20 61 6e	y.service,.like.DynDNS.com.or.an
89600	79 20 6f 74 68 65 72 20 73 69 6d 69 6c 61 72 20 77 65 62 73 69 74 65 2e 20 54 68 69 73 20 6d 65	y.other.similar.website..This.me
89620	74 68 6f 64 20 75 73 65 73 20 48 54 54 50 20 72 65 71 75 65 73 74 73 20 74 6f 20 74 72 61 6e 73	thod.uses.HTTP.requests.to.trans
89640	6d 69 74 20 74 68 65 20 6e 65 77 20 49 50 20 61 64 64 72 65 73 73 2e 20 59 6f 75 20 63 61 6e 20	mit.the.new.IP.address..You.can.
89660	63 6f 6e 66 69 67 75 72 65 20 62 6f 74 68 20 69 6e 20 56 79 4f 53 2e 00 64 64 63 6c 69 65 6e 74	configure.both.in.VyOS..ddclient
89680	5f 20 77 69 6c 6c 20 73 6b 69 70 20 61 6e 79 20 61 64 64 72 65 73 73 20 6c 6f 63 61 74 65 64 20	_.will.skip.any.address.located.
896a0	62 65 66 6f 72 65 20 74 68 65 20 73 74 72 69 6e 67 20 73 65 74 20 69 6e 20 60 3c 70 61 74 74 65	before.the.string.set.in.`<patte
896c0	72 6e 3e 60 2e 00 64 65 62 75 67 00 64 65 63 72 65 6d 65 6e 74 2d 6c 69 66 65 74 69 6d 65 00 64	rn>`..debug.decrement-lifetime.d
896e0	65 66 61 75 6c 74 20 6d 69 6e 2d 74 68 72 65 73 68 6f 6c 64 00 64 65 66 61 75 6c 74 2d 6c 65 61	efault.min-threshold.default-lea
89700	73 65 2d 74 69 6d 65 2c 20 6d 61 78 2d 6c 65 61 73 65 2d 74 69 6d 65 00 64 65 66 61 75 6c 74 2d	se-time,.max-lease-time.default-
89720	6c 69 66 65 74 69 6d 65 00 64 65 66 61 75 6c 74 2d 70 72 65 66 65 72 65 6e 63 65 00 64 65 66 61	lifetime.default-preference.defa
89740	75 6c 74 2d 72 6f 75 74 65 72 00 64 65 70 72 65 63 61 74 65 2d 70 72 65 66 69 78 00 64 65 73 74	ult-router.deprecate-prefix.dest
89760	69 6e 61 74 69 6f 6e 2d 68 61 73 68 69 6e 67 00 64 68 63 70 2d 73 65 72 76 65 72 2d 69 64 65 6e	ination-hashing.dhcp-server-iden
89780	74 69 66 69 65 72 00 64 69 72 65 63 74 00 64 69 72 65 63 74 6f 72 79 00 64 69 73 61 62 6c 65 3a	tifier.direct.directory.disable:
897a0	20 4e 6f 20 73 6f 75 72 63 65 20 76 61 6c 69 64 61 74 69 6f 6e 00 64 6e 73 73 6c 00 64 6f 6d 61	.No.source.validation.dnssl.doma
897c0	69 6e 2d 6e 61 6d 65 00 64 6f 6d 61 69 6e 2d 6e 61 6d 65 2d 73 65 72 76 65 72 73 00 64 6f 6d 61	in-name.domain-name-servers.doma
897e0	69 6e 2d 73 65 61 72 63 68 00 65 6d 65 72 67 00 65 6e 61 62 6c 65 20 6f 72 20 64 69 73 61 62 6c	in-search.emerg.enable.or.disabl
89800	65 20 20 49 43 4d 50 76 34 20 72 65 64 69 72 65 63 74 20 6d 65 73 73 61 67 65 73 20 73 65 6e 64	e..ICMPv4.redirect.messages.send
89820	20 62 79 20 56 79 4f 53 20 54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 73 79 73 74 65 6d 20 70 61	.by.VyOS.The.following.system.pa
89840	72 61 6d 65 74 65 72 20 77 69 6c 6c 20 62 65 20 61 6c 74 65 72 65 64 3a 00 65 6e 61 62 6c 65 20	rameter.will.be.altered:.enable.
89860	6f 72 20 64 69 73 61 62 6c 65 20 49 43 4d 50 76 34 20 72 65 64 69 72 65 63 74 20 6d 65 73 73 61	or.disable.ICMPv4.redirect.messa
89880	67 65 73 20 73 65 6e 64 20 62 79 20 56 79 4f 53 20 54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 73	ges.send.by.VyOS.The.following.s
898a0	79 73 74 65 6d 20 70 61 72 61 6d 65 74 65 72 20 77 69 6c 6c 20 62 65 20 61 6c 74 65 72 65 64 3a	ystem.parameter.will.be.altered:
898c0	00 65 6e 61 62 6c 65 20 6f 72 20 64 69 73 61 62 6c 65 20 6f 66 20 49 43 4d 50 76 34 20 6f 72 20	.enable.or.disable.of.ICMPv4.or.
898e0	49 43 4d 50 76 36 20 72 65 64 69 72 65 63 74 20 6d 65 73 73 61 67 65 73 20 61 63 63 65 70 74 65	ICMPv6.redirect.messages.accepte
89900	64 20 62 79 20 56 79 4f 53 2e 20 54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 73 79 73 74 65 6d 20	d.by.VyOS..The.following.system.
89920	70 61 72 61 6d 65 74 65 72 20 77 69 6c 6c 20 62 65 20 61 6c 74 65 72 65 64 3a 00 65 6e 61 62 6c	parameter.will.be.altered:.enabl
89940	65 20 6f 72 20 64 69 73 61 62 6c 65 20 74 68 65 20 6c 6f 67 67 69 6e 67 20 6f 66 20 6d 61 72 74	e.or.disable.the.logging.of.mart
89960	69 61 6e 20 49 50 76 34 20 70 61 63 6b 65 74 73 2e 20 54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20	ian.IPv4.packets..The.following.
89980	73 79 73 74 65 6d 20 70 61 72 61 6d 65 74 65 72 20 77 69 6c 6c 20 62 65 20 61 6c 74 65 72 65 64	system.parameter.will.be.altered
899a0	3a 00 65 72 72 00 65 74 68 65 72 6e 65 74 00 65 78 61 63 74 2d 6d 61 74 63 68 3a 20 65 78 61 63	:.err.ethernet.exact-match:.exac
899c0	74 20 6d 61 74 63 68 20 6f 66 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 72 65 66 69 78 65 73 2e	t.match.of.the.network.prefixes.
899e0	00 65 78 63 6c 75 64 65 00 66 61 69 6c 6f 76 65 72 00 66 61 73 74 3a 20 52 65 71 75 65 73 74 20	.exclude.failover.fast:.Request.
89a00	70 61 72 74 6e 65 72 20 74 6f 20 74 72 61 6e 73 6d 69 74 20 4c 41 43 50 44 55 73 20 65 76 65 72	partner.to.transmit.LACPDUs.ever
89a20	79 20 31 20 73 65 63 6f 6e 64 00 66 69 6c 65 20 3c 66 69 6c 65 20 6e 61 6d 65 3e 00 66 69 6c 74	y.1.second.file.<file.name>.filt
89a40	65 72 2d 6c 69 73 74 00 66 74 70 00 66 75 6c 6c 20 2d 20 61 6c 77 61 79 73 20 75 73 65 20 66 75	er-list.ftp.full.-.always.use.fu
89a60	6c 6c 2d 64 75 70 6c 65 78 00 68 61 6c 66 20 2d 20 61 6c 77 61 79 73 20 75 73 65 20 68 61 6c 66	ll-duplex.half.-.always.use.half
89a80	2d 64 75 70 6c 65 78 00 68 6f 70 2d 6c 69 6d 69 74 00 68 6f 73 74 3a 20 73 69 6e 67 6c 65 20 68	-duplex.hop-limit.host:.single.h
89aa0	6f 73 74 20 49 50 20 61 64 64 72 65 73 73 20 74 6f 20 6d 61 74 63 68 2e 00 68 74 74 70 73 3a 2f	ost.IP.address.to.match..https:/
89ac0	2f 61 63 63 65 73 73 2e 72 65 64 68 61 74 2e 63 6f 6d 2f 73 69 74 65 73 2f 64 65 66 61 75 6c 74	/access.redhat.com/sites/default
89ae0	2f 66 69 6c 65 73 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 32 30 31 35 30 31 2d 70 65 72 66 2d 62	/files/attachments/201501-perf-b
89b00	72 69 65 66 2d 6c 6f 77 2d 6c 61 74 65 6e 63 79 2d 74 75 6e 69 6e 67 2d 72 68 65 6c 37 2d 76 32	rief-low-latency-tuning-rhel7-v2
89b20	2e 31 2e 70 64 66 00 68 74 74 70 73 3a 2f 2f 63 6f 6d 6d 75 6e 69 74 79 2e 6f 70 65 6e 76 70 6e	.1.pdf.https://community.openvpn
89b40	2e 6e 65 74 2f 6f 70 65 6e 76 70 6e 2f 77 69 6b 69 2f 44 61 74 61 43 68 61 6e 6e 65 6c 4f 66 66	.net/openvpn/wiki/DataChannelOff
89b60	6c 6f 61 64 2f 46 65 61 74 75 72 65 73 00 69 66 20 74 68 65 72 65 20 69 73 20 61 20 73 75 70 70	load/Features.if.there.is.a.supp
89b80	6f 72 74 65 64 20 64 65 76 69 63 65 2c 20 65 6e 61 62 6c 65 20 49 6e 74 65 6c c2 ae 20 51 41 54	orted.device,.enable.Intel...QAT
89ba0	00 69 66 20 74 68 65 72 65 20 69 73 20 6e 6f 6e 20 64 65 76 69 63 65 20 74 68 65 20 63 6f 6d 6d	.if.there.is.non.device.the.comm
89bc0	61 6e 64 20 77 69 6c 6c 20 73 68 6f 77 20 60 60 60 4e 6f 20 51 41 54 20 64 65 76 69 63 65 20 66	and.will.show.```No.QAT.device.f
89be0	6f 75 6e 64 60 60 60 00 69 6e 66 6f 00 69 6e 74 65 72 76 61 6c 00 69 6e 76 61 6c 69 64 00 69 6e	ound```.info.interval.invalid.in
89c00	76 65 72 73 65 2d 6d 61 74 63 68 3a 20 6e 65 74 77 6f 72 6b 2f 6e 65 74 6d 61 73 6b 20 74 6f 20	verse-match:.network/netmask.to.
89c20	6d 61 74 63 68 20 28 72 65 71 75 69 72 65 73 20 6e 65 74 77 6f 72 6b 20 62 65 20 64 65 66 69 6e	match.(requires.network.be.defin
89c40	65 64 29 2e 00 69 70 2d 66 6f 72 77 61 72 64 69 6e 67 00 69 74 20 63 61 6e 20 62 65 20 75 73 65	ed)..ip-forwarding.it.can.be.use
89c60	64 20 77 69 74 68 20 61 6e 79 20 4e 49 43 2c 00 69 74 20 64 6f 65 73 20 6e 6f 74 20 69 6e 63 72	d.with.any.NIC,.it.does.not.incr
89c80	65 61 73 65 20 68 61 72 64 77 61 72 65 20 64 65 76 69 63 65 20 69 6e 74 65 72 72 75 70 74 20 72	ease.hardware.device.interrupt.r
89ca0	61 74 65 20 28 61 6c 74 68 6f 75 67 68 20 69 74 20 64 6f 65 73 20 69 6e 74 72 6f 64 75 63 65 20	ate.(although.it.does.introduce.
89cc0	69 6e 74 65 72 2d 70 72 6f 63 65 73 73 6f 72 20 69 6e 74 65 72 72 75 70 74 73 20 28 49 50 49 73	inter-processor.interrupts.(IPIs
89ce0	29 29 2e 00 6b 65 72 6e 00 6c 32 74 70 76 33 00 6c 65 61 73 65 00 6c 65 61 73 74 2d 63 6f 6e 6e	))..kern.l2tpv3.lease.least-conn
89d00	65 63 74 69 6f 6e 00 6c 65 66 74 20 6c 6f 63 61 6c 5f 69 70 3a 20 31 39 32 2e 31 36 38 2e 30 2e	ection.left.local_ip:.192.168.0.
89d20	31 30 20 23 20 56 50 4e 20 47 61 74 65 77 61 79 2c 20 62 65 68 69 6e 64 20 4e 41 54 20 64 65 76	10.#.VPN.Gateway,.behind.NAT.dev
89d40	69 63 65 00 6c 65 66 74 20 6c 6f 63 61 6c 5f 69 70 3a 20 60 31 39 38 2e 35 31 2e 31 30 30 2e 33	ice.left.local_ip:.`198.51.100.3
89d60	60 20 23 20 73 65 72 76 65 72 20 73 69 64 65 20 57 41 4e 20 49 50 00 6c 65 66 74 20 70 75 62 6c	`.#.server.side.WAN.IP.left.publ
89d80	69 63 5f 69 70 3a 31 37 32 2e 31 38 2e 32 30 31 2e 31 30 00 6c 65 66 74 20 73 75 62 6e 65 74 3a	ic_ip:172.18.201.10.left.subnet:
89da0	20 60 31 39 32 2e 31 36 38 2e 30 2e 30 2f 32 34 60 20 73 69 74 65 31 2c 20 73 65 72 76 65 72 20	.`192.168.0.0/24`.site1,.server.
89dc0	73 69 64 65 20 28 69 2e 65 2e 20 6c 6f 63 61 6c 69 74 79 2c 20 61 63 74 75 61 6c 6c 79 20 74 68	side.(i.e..locality,.actually.th
89de0	65 72 65 20 69 73 20 6e 6f 20 63 6c 69 65 6e 74 20 6f 72 20 73 65 72 76 65 72 20 72 6f 6c 65 73	ere.is.no.client.or.server.roles
89e00	29 00 6c 69 6e 6b 2d 6d 74 75 00 6c 6f 63 61 6c 20 75 73 65 20 30 20 28 6c 6f 63 61 6c 30 29 00	).link-mtu.local.use.0.(local0).
89e20	6c 6f 63 61 6c 20 75 73 65 20 31 20 28 6c 6f 63 61 6c 31 29 00 6c 6f 63 61 6c 20 75 73 65 20 32	local.use.1.(local1).local.use.2
89e40	20 28 6c 6f 63 61 6c 32 29 00 6c 6f 63 61 6c 20 75 73 65 20 33 20 28 6c 6f 63 61 6c 33 29 00 6c	.(local2).local.use.3.(local3).l
89e60	6f 63 61 6c 20 75 73 65 20 34 20 28 6c 6f 63 61 6c 34 29 00 6c 6f 63 61 6c 20 75 73 65 20 35 20	ocal.use.4.(local4).local.use.5.
89e80	28 6c 6f 63 61 6c 35 29 00 6c 6f 63 61 6c 20 75 73 65 20 37 20 28 6c 6f 63 61 6c 37 29 00 6c 6f	(local5).local.use.7.(local7).lo
89ea0	63 61 6c 30 00 6c 6f 63 61 6c 31 00 6c 6f 63 61 6c 32 00 6c 6f 63 61 6c 33 00 6c 6f 63 61 6c 34	cal0.local1.local2.local3.local4
89ec0	00 6c 6f 63 61 6c 35 00 6c 6f 63 61 6c 36 00 6c 6f 63 61 6c 37 00 6c 6f 63 61 6c 69 74 79 2d 62	.local5.local6.local7.locality-b
89ee0	61 73 65 64 2d 6c 65 61 73 74 2d 63 6f 6e 6e 65 63 74 69 6f 6e 00 6c 6f 67 61 6c 65 72 74 00 6c	ased-least-connection.logalert.l
89f00	6f 67 61 75 64 69 74 00 6c 6f 6f 73 65 3a 20 45 61 63 68 20 69 6e 63 6f 6d 69 6e 67 20 70 61 63	ogaudit.loose:.Each.incoming.pac
89f20	6b 65 74 27 73 20 73 6f 75 72 63 65 20 61 64 64 72 65 73 73 20 69 73 20 61 6c 73 6f 20 74 65 73	ket's.source.address.is.also.tes
89f40	74 65 64 20 61 67 61 69 6e 73 74 20 74 68 65 20 46 49 42 20 61 6e 64 20 69 66 20 74 68 65 20 73	ted.against.the.FIB.and.if.the.s
89f60	6f 75 72 63 65 20 61 64 64 72 65 73 73 20 69 73 20 6e 6f 74 20 72 65 61 63 68 61 62 6c 65 20 76	ource.address.is.not.reachable.v
89f80	69 61 20 61 6e 79 20 69 6e 74 65 72 66 61 63 65 20 74 68 65 20 70 61 63 6b 65 74 20 63 68 65 63	ia.any.interface.the.packet.chec
89fa0	6b 20 77 69 6c 6c 20 66 61 69 6c 2e 00 6c 70 72 00 6d 44 4e 53 20 52 65 70 65 61 74 65 72 00 6d	k.will.fail..lpr.mDNS.Repeater.m
89fc0	44 4e 53 20 72 65 70 65 61 74 65 72 20 63 61 6e 20 62 65 20 74 65 6d 70 6f 72 61 72 69 6c 79 20	DNS.repeater.can.be.temporarily.
89fe0	64 69 73 61 62 6c 65 64 20 77 69 74 68 6f 75 74 20 64 65 6c 65 74 69 6e 67 20 74 68 65 20 73 65	disabled.without.deleting.the.se
8a000	72 76 69 63 65 20 75 73 69 6e 67 00 6d 61 69 6c 00 6d 61 6e 61 67 65 64 2d 66 6c 61 67 00 6d 61	rvice.using.mail.managed-flag.ma
8a020	74 63 68 2d 66 72 61 67 3a 20 53 65 63 6f 6e 64 20 61 6e 64 20 66 75 72 74 68 65 72 20 66 72 61	tch-frag:.Second.and.further.fra
8a040	67 6d 65 6e 74 73 20 6f 66 20 66 72 61 67 6d 65 6e 74 65 64 20 70 61 63 6b 65 74 73 2e 00 6d 61	gments.of.fragmented.packets..ma
8a060	74 63 68 2d 69 70 73 65 63 3a 20 6d 61 74 63 68 20 69 6e 62 6f 75 6e 64 20 49 50 73 65 63 20 70	tch-ipsec:.match.inbound.IPsec.p
8a080	61 63 6b 65 74 73 2e 00 6d 61 74 63 68 2d 6e 6f 6e 2d 66 72 61 67 3a 20 48 65 61 64 20 66 72 61	ackets..match-non-frag:.Head.fra
8a0a0	67 6d 65 6e 74 73 20 6f 72 20 75 6e 66 72 61 67 6d 65 6e 74 65 64 20 70 61 63 6b 65 74 73 2e 00	gments.or.unfragmented.packets..
8a0c0	6d 61 74 63 68 2d 6e 6f 6e 65 3a 20 6d 61 74 63 68 20 69 6e 62 6f 75 6e 64 20 6e 6f 6e 2d 49 50	match-none:.match.inbound.non-IP
8a0e0	73 65 63 20 70 61 63 6b 65 74 73 2e 00 6d 69 6e 69 6d 61 6c 20 63 6f 6e 66 69 67 00 6d 6f 72 65	sec.packets..minimal.config.more
8a100	20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 72 65 6c 61 74 65 64 20 49 47 50 20 20 2d 20 3a 72 65 66	.information.related.IGP..-.:ref
8a120	3a 60 72 6f 75 74 69 6e 67 2d 69 73 69 73 60 00 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e	:`routing-isis`.more.information
8a140	20 72 65 6c 61 74 65 64 20 49 47 50 20 20 2d 20 3a 72 65 66 3a 60 72 6f 75 74 69 6e 67 2d 6f 73	.related.IGP..-.:ref:`routing-os
8a160	70 66 60 00 6e 61 6d 65 2d 73 65 72 76 65 72 00 6e 65 74 62 69 6f 73 2d 6e 61 6d 65 2d 73 65 72	pf`.name-server.netbios-name-ser
8a180	76 65 72 73 00 6e 65 74 77 6f 72 6b 3a 20 6e 65 74 77 6f 72 6b 2f 6e 65 74 6d 61 73 6b 20 74 6f	vers.network:.network/netmask.to
8a1a0	20 6d 61 74 63 68 20 28 72 65 71 75 69 72 65 73 20 69 6e 76 65 72 73 65 2d 6d 61 74 63 68 20 62	.match.(requires.inverse-match.b
8a1c0	65 20 64 65 66 69 6e 65 64 29 20 42 55 47 2c 20 4e 4f 20 69 6e 76 65 72 74 2d 6d 61 74 63 68 20	e.defined).BUG,.NO.invert-match.
8a1e0	6f 70 74 69 6f 6e 20 69 6e 20 61 63 63 65 73 73 2d 6c 69 73 74 36 00 6e 65 74 77 6f 72 6b 3a 20	option.in.access-list6.network:.
8a200	6e 65 74 77 6f 72 6b 2f 6e 65 74 6d 61 73 6b 20 74 6f 20 6d 61 74 63 68 20 28 72 65 71 75 69 72	network/netmask.to.match.(requir
8a220	65 73 20 69 6e 76 65 72 73 65 2d 6d 61 74 63 68 20 62 65 20 64 65 66 69 6e 65 64 29 2e 00 6e 65	es.inverse-match.be.defined)..ne
8a240	77 73 00 6e 65 78 74 2d 73 65 72 76 65 72 00 6e 6f 2d 61 75 74 6f 6e 6f 6d 6f 75 73 2d 66 6c 61	ws.next-server.no-autonomous-fla
8a260	67 00 6e 6f 2d 6f 6e 2d 6c 69 6e 6b 2d 66 6c 61 67 00 6e 6f 74 66 6f 75 6e 64 00 6e 6f 74 69 63	g.no-on-link-flag.notfound.notic
8a280	65 00 6e 74 70 00 6e 74 70 2d 73 65 72 76 65 72 00 6e 74 70 2d 73 65 72 76 65 72 73 00 6f 6e 65	e.ntp.ntp-server.ntp-servers.one
8a2a0	20 72 75 6c 65 20 77 69 74 68 20 61 20 4c 41 4e 20 28 69 6e 62 6f 75 6e 64 2d 69 6e 74 65 72 66	.rule.with.a.LAN.(inbound-interf
8a2c0	61 63 65 29 20 61 6e 64 20 74 68 65 20 57 41 4e 20 28 69 6e 74 65 72 66 61 63 65 29 2e 00 6f 70	ace).and.the.WAN.(interface)..op
8a2e0	65 6e 76 70 6e 00 6f 73 70 66 64 20 73 75 70 70 6f 72 74 73 20 4f 70 61 71 75 65 20 4c 53 41 20	envpn.ospfd.supports.Opaque.LSA.
8a300	3a 72 66 63 3a 60 32 33 37 30 60 20 61 73 20 70 61 72 74 69 61 6c 20 73 75 70 70 6f 72 74 20 66	:rfc:`2370`.as.partial.support.f
8a320	6f 72 20 4d 50 4c 53 20 54 72 61 66 66 69 63 20 45 6e 67 69 6e 65 65 72 69 6e 67 20 4c 53 41 73	or.MPLS.Traffic.Engineering.LSAs
8a340	2e 20 54 68 65 20 6f 70 61 71 75 65 2d 6c 73 61 20 63 61 70 61 62 69 6c 69 74 79 20 6d 75 73 74	..The.opaque-lsa.capability.must
8a360	20 62 65 20 65 6e 61 62 6c 65 64 20 69 6e 20 74 68 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e	.be.enabled.in.the.configuration
8a380	2e 00 6f 74 68 65 72 2d 63 6f 6e 66 69 67 2d 66 6c 61 67 00 70 61 67 65 73 20 74 6f 20 73 6f 72	..other-config-flag.pages.to.sor
8a3a0	74 00 70 6f 6c 69 63 79 20 61 73 2d 70 61 74 68 2d 6c 69 73 74 00 70 6f 6c 69 63 79 20 63 6f 6d	t.policy.as-path-list.policy.com
8a3c0	6d 75 6e 69 74 79 2d 6c 69 73 74 00 70 6f 6c 69 63 79 20 65 78 74 63 6f 6d 6d 75 6e 69 74 79 2d	munity-list.policy.extcommunity-
8a3e0	6c 69 73 74 00 70 6f 6c 69 63 79 20 6c 61 72 67 65 2d 63 6f 6d 6d 75 6e 69 74 79 2d 6c 69 73 74	list.policy.large-community-list
8a400	00 70 6f 70 2d 73 65 72 76 65 72 00 70 72 65 66 65 72 72 65 64 2d 6c 69 66 65 74 69 6d 65 00 70	.pop-server.preferred-lifetime.p
8a420	72 65 66 69 78 2d 6c 69 73 74 2c 20 64 69 73 74 72 69 62 75 74 65 2d 6c 69 73 74 00 70 73 65 75	refix-list,.distribute-list.pseu
8a440	64 6f 2d 65 74 68 65 72 6e 65 74 00 72 61 6e 67 65 00 72 65 61 63 68 61 62 6c 65 2d 74 69 6d 65	do-ethernet.range.reachable-time
8a460	00 72 65 73 65 74 20 63 6f 6d 6d 61 6e 64 73 00 72 65 74 72 61 6e 73 2d 74 69 6d 65 72 00 72 66	.reset.commands.retrans-timer.rf
8a480	63 33 34 34 32 2d 73 74 61 74 69 63 2d 72 6f 75 74 65 2c 20 77 69 6e 64 6f 77 73 2d 73 74 61 74	c3442-static-route,.windows-stat
8a4a0	69 63 2d 72 6f 75 74 65 00 72 66 63 33 37 36 38 2d 63 6f 6d 70 61 74 69 62 69 6c 69 74 79 00 72	ic-route.rfc3768-compatibility.r
8a4c0	69 67 68 74 20 6c 6f 63 61 6c 5f 69 70 3a 20 31 37 32 2e 31 38 2e 32 30 32 2e 31 30 20 23 20 72	ight.local_ip:.172.18.202.10.#.r
8a4e0	69 67 68 74 20 73 69 64 65 20 57 41 4e 20 49 50 00 72 69 67 68 74 20 6c 6f 63 61 6c 5f 69 70 3a	ight.side.WAN.IP.right.local_ip:
8a500	20 60 32 30 33 2e 30 2e 31 31 33 2e 32 60 20 23 20 72 65 6d 6f 74 65 20 6f 66 66 69 63 65 20 73	.`203.0.113.2`.#.remote.office.s
8a520	69 64 65 20 57 41 4e 20 49 50 00 72 69 67 68 74 20 73 75 62 6e 65 74 3a 20 60 31 30 2e 30 2e 30	ide.WAN.IP.right.subnet:.`10.0.0
8a540	2e 30 2f 32 34 60 20 73 69 74 65 32 2c 72 65 6d 6f 74 65 20 6f 66 66 69 63 65 20 73 69 64 65 00	.0/24`.site2,remote.office.side.
8a560	72 6f 75 6e 64 2d 72 6f 62 69 6e 00 72 6f 75 74 65 2d 6d 61 70 00 72 6f 75 74 65 72 73 00 73 46	round-robin.route-map.routers.sF
8a580	6c 6f 77 00 73 46 6c 6f 77 20 69 73 20 61 20 74 65 63 68 6e 6f 6c 6f 67 79 20 74 68 61 74 20 65	low.sFlow.is.a.technology.that.e
8a5a0	6e 61 62 6c 65 73 20 6d 6f 6e 69 74 6f 72 69 6e 67 20 6f 66 20 6e 65 74 77 6f 72 6b 20 74 72 61	nables.monitoring.of.network.tra
8a5c0	66 66 69 63 20 62 79 20 73 65 6e 64 69 6e 67 20 73 61 6d 70 6c 65 64 20 70 61 63 6b 65 74 73 20	ffic.by.sending.sampled.packets.
8a5e0	74 6f 20 61 20 63 6f 6c 6c 65 63 74 6f 72 20 64 65 76 69 63 65 2e 00 73 65 63 75 72 69 74 79 00	to.a.collector.device..security.
8a600	73 65 72 76 65 72 20 65 78 61 6d 70 6c 65 00 73 65 72 76 65 72 2d 69 64 65 6e 74 69 66 69 65 72	server.example.server-identifier
8a620	00 73 65 74 20 61 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 61 6e 64 2f 6f 72 20 73 6f 75 72 63 65	.set.a.destination.and/or.source
8a640	20 61 64 64 72 65 73 73 2e 20 41 63 63 65 70 74 65 64 20 69 6e 70 75 74 3a 00 73 68 61 32 35 36	.address..Accepted.input:.sha256
8a660	20 48 61 73 68 65 73 00 73 68 6f 77 20 63 6f 6d 6d 61 6e 64 73 00 73 69 61 64 64 72 00 73 6c 6f	.Hashes.show.commands.siaddr.slo
8a680	77 3a 20 52 65 71 75 65 73 74 20 70 61 72 74 6e 65 72 20 74 6f 20 74 72 61 6e 73 6d 69 74 20 4c	w:.Request.partner.to.transmit.L
8a6a0	41 43 50 44 55 73 20 65 76 65 72 79 20 33 30 20 73 65 63 6f 6e 64 73 00 73 6d 74 70 2d 73 65 72	ACPDUs.every.30.seconds.smtp-ser
8a6c0	76 65 72 00 73 6f 66 74 77 61 72 65 20 66 69 6c 74 65 72 73 20 63 61 6e 20 65 61 73 69 6c 79 20	ver.software.filters.can.easily.
8a6e0	62 65 20 61 64 64 65 64 20 74 6f 20 68 61 73 68 20 6f 76 65 72 20 6e 65 77 20 70 72 6f 74 6f 63	be.added.to.hash.over.new.protoc
8a700	6f 6c 73 2c 00 73 6f 75 72 63 65 2d 68 61 73 68 69 6e 67 00 73 70 6f 6b 65 30 31 2d 73 70 6f 6b	ols,.source-hashing.spoke01-spok
8a720	65 30 34 00 73 70 6f 6b 65 30 35 00 73 74 61 74 69 63 2d 6d 61 70 70 69 6e 67 00 73 74 61 74 69	e04.spoke05.static-mapping.stati
8a740	63 2d 72 6f 75 74 65 00 73 74 72 69 63 74 3a 20 45 61 63 68 20 69 6e 63 6f 6d 69 6e 67 20 70 61	c-route.strict:.Each.incoming.pa
8a760	63 6b 65 74 20 69 73 20 74 65 73 74 65 64 20 61 67 61 69 6e 73 74 20 74 68 65 20 46 49 42 20 61	cket.is.tested.against.the.FIB.a
8a780	6e 64 20 69 66 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 69 73 20 6e 6f 74 20 74 68 65 20 62	nd.if.the.interface.is.not.the.b
8a7a0	65 73 74 20 72 65 76 65 72 73 65 20 70 61 74 68 20 74 68 65 20 70 61 63 6b 65 74 20 63 68 65 63	est.reverse.path.the.packet.chec
8a7c0	6b 20 77 69 6c 6c 20 66 61 69 6c 2e 20 42 79 20 64 65 66 61 75 6c 74 20 66 61 69 6c 65 64 20 70	k.will.fail..By.default.failed.p
8a7e0	61 63 6b 65 74 73 20 61 72 65 20 64 69 73 63 61 72 64 65 64 2e 00 73 75 62 6e 65 74 2d 6d 61 73	ackets.are.discarded..subnet-mas
8a800	6b 00 73 79 73 6c 6f 67 00 74 61 69 6c 00 74 63 5f 20 69 73 20 61 20 70 6f 77 65 72 66 75 6c 20	k.syslog.tail.tc_.is.a.powerful.
8a820	74 6f 6f 6c 20 66 6f 72 20 54 72 61 66 66 69 63 20 43 6f 6e 74 72 6f 6c 20 66 6f 75 6e 64 20 61	tool.for.Traffic.Control.found.a
8a840	74 20 74 68 65 20 4c 69 6e 75 78 20 6b 65 72 6e 65 6c 2e 20 48 6f 77 65 76 65 72 2c 20 69 74 73	t.the.Linux.kernel..However,.its
8a860	20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 69 73 20 6f 66 74 65 6e 20 63 6f 6e 73 69 64 65 72	.configuration.is.often.consider
8a880	65 64 20 61 20 63 75 6d 62 65 72 73 6f 6d 65 20 74 61 73 6b 2e 20 46 6f 72 74 75 6e 61 74 65 6c	ed.a.cumbersome.task..Fortunatel
8a8a0	79 2c 20 56 79 4f 53 20 65 61 73 65 73 20 74 68 65 20 6a 6f 62 20 74 68 72 6f 75 67 68 20 69 74	y,.VyOS.eases.the.job.through.it
8a8c0	73 20 43 4c 49 2c 20 77 68 69 6c 65 20 75 73 69 6e 67 20 60 60 74 63 60 60 20 61 73 20 62 61 63	s.CLI,.while.using.``tc``.as.bac
8a8e0	6b 65 6e 64 2e 00 74 66 74 70 2d 73 65 72 76 65 72 2d 6e 61 6d 65 00 74 68 69 73 20 6f 70 74 69	kend..tftp-server-name.this.opti
8a900	6f 6e 20 61 6c 6c 6f 77 73 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 70 72 65 66 69 78 2d 73 69	on.allows.to.configure.prefix-si
8a920	64 20 6f 6e 20 53 52 2e 20 54 68 65 20 e2 80 98 6e 6f 2d 70 68 70 2d 66 6c 61 67 e2 80 99 20 6d	d.on.SR..The....no-php-flag....m
8a940	65 61 6e 73 20 4e 4f 20 50 65 6e 75 6c 74 69 6d 61 74 65 20 48 6f 70 20 50 6f 70 70 69 6e 67 20	eans.NO.Penultimate.Hop.Popping.
8a960	74 68 61 74 20 61 6c 6c 6f 77 73 20 53 52 20 6e 6f 64 65 20 74 6f 20 72 65 71 75 65 73 74 20 74	that.allows.SR.node.to.request.t
8a980	6f 20 69 74 73 20 6e 65 69 67 68 62 6f 72 20 74 6f 20 6e 6f 74 20 70 6f 70 20 74 68 65 20 6c 61	o.its.neighbor.to.not.pop.the.la
8a9a0	62 65 6c 2e 20 54 68 65 20 e2 80 98 65 78 70 6c 69 63 69 74 2d 6e 75 6c 6c e2 80 99 20 66 6c 61	bel..The....explicit-null....fla
8a9c0	67 20 61 6c 6c 6f 77 73 20 53 52 20 6e 6f 64 65 20 74 6f 20 72 65 71 75 65 73 74 20 74 6f 20 69	g.allows.SR.node.to.request.to.i
8a9e0	74 73 20 6e 65 69 67 68 62 6f 72 20 74 6f 20 73 65 6e 64 20 49 50 20 70 61 63 6b 65 74 20 77 69	ts.neighbor.to.send.IP.packet.wi
8aa00	74 68 20 74 68 65 20 45 58 50 4c 49 43 49 54 2d 4e 55 4c 4c 20 6c 61 62 65 6c 2e 20 54 68 65 20	th.the.EXPLICIT-NULL.label..The.
8aa20	e2 80 98 6e 2d 66 6c 61 67 2d 63 6c 65 61 72 e2 80 99 20 6f 70 74 69 6f 6e 20 63 61 6e 20 62 65	...n-flag-clear....option.can.be
8aa40	20 75 73 65 64 20 74 6f 20 65 78 70 6c 69 63 69 74 6c 79 20 63 6c 65 61 72 20 74 68 65 20 4e 6f	.used.to.explicitly.clear.the.No
8aa60	64 65 20 66 6c 61 67 20 74 68 61 74 20 69 73 20 73 65 74 20 62 79 20 64 65 66 61 75 6c 74 20 66	de.flag.that.is.set.by.default.f
8aa80	6f 72 20 50 72 65 66 69 78 2d 53 49 44 73 20 61 73 73 6f 63 69 61 74 65 64 20 74 6f 20 6c 6f 6f	or.Prefix-SIDs.associated.to.loo
8aaa0	70 62 61 63 6b 20 61 64 64 72 65 73 73 65 73 2e 20 54 68 69 73 20 6f 70 74 69 6f 6e 20 69 73 20	pback.addresses..This.option.is.
8aac0	6e 65 63 65 73 73 61 72 79 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 41 6e 79 63 61 73 74 2d 53	necessary.to.configure.Anycast-S
8aae0	49 44 73 2e 00 74 69 6d 65 2d 6f 66 66 73 65 74 00 74 69 6d 65 2d 73 65 72 76 65 72 00 74 69 6d	IDs..time-offset.time-server.tim
8ab00	65 2d 73 65 72 76 65 72 73 00 74 75 6e 6e 65 6c 00 75 73 65 20 36 20 28 6c 6f 63 61 6c 36 29 00	e-servers.tunnel.use.6.(local6).
8ab20	75 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 68 65 63 6b 20 69 66 20 74 68 65	use.this.command.to.check.if.the
8ab40	72 65 20 69 73 20 61 6e 20 49 6e 74 65 6c c2 ae 20 51 41 54 20 73 75 70 70 6f 72 74 65 64 20 50	re.is.an.Intel...QAT.supported.P
8ab60	72 6f 63 65 73 73 6f 72 20 69 6e 20 79 6f 75 72 20 73 79 73 74 65 6d 2e 00 75 73 65 72 00 75 75	rocessor.in.your.system..user.uu
8ab80	63 70 00 76 61 6c 69 64 00 76 61 6c 69 64 2d 6c 69 66 65 74 69 6d 65 00 76 65 74 68 20 69 6e 74	cp.valid.valid-lifetime.veth.int
8aba0	65 72 66 61 63 65 73 20 6e 65 65 64 20 74 6f 20 62 65 20 63 72 65 61 74 65 64 20 69 6e 20 70 61	erfaces.need.to.be.created.in.pa
8abc0	69 72 73 20 2d 20 69 74 27 73 20 63 61 6c 6c 65 64 20 74 68 65 20 70 65 65 72 20 6e 61 6d 65 00	irs.-.it's.called.the.peer.name.
8abe0	76 78 6c 61 6e 00 77 61 72 6e 69 6e 67 00 77 65 20 64 65 73 63 72 69 62 65 64 20 74 68 65 20 63	vxlan.warning.we.described.the.c
8ac00	6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 53 52 20 49 53 49 53 20 2f 20 53 52 20 4f 53 50 46 20 75	onfiguration.SR.ISIS./.SR.OSPF.u
8ac20	73 69 6e 67 20 32 20 63 6f 6e 6e 65 63 74 65 64 20 77 69 74 68 20 74 68 65 6d 20 74 6f 20 73 68	sing.2.connected.with.them.to.sh
8ac40	61 72 65 20 6c 61 62 65 6c 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 00 77 65 69 67 68 74 65 64 2d	are.label.information..weighted-
8ac60	6c 65 61 73 74 2d 63 6f 6e 6e 65 63 74 69 6f 6e 00 77 65 69 67 68 74 65 64 2d 72 6f 75 6e 64 2d	least-connection.weighted-round-
8ac80	72 6f 62 69 6e 00 77 68 69 6c 65 20 61 20 2a 62 79 74 65 2a 20 69 73 20 77 72 69 74 74 65 6e 20	robin.while.a.*byte*.is.written.
8aca0	61 73 20 61 20 73 69 6e 67 6c 65 20 2a 2a 62 2a 2a 2e 00 77 69 6e 73 2d 73 65 72 76 65 72 00 77	as.a.single.**b**..wins-server.w
8acc0	69 72 65 67 75 61 72 64 00 77 69 72 65 6c 65 73 73 00 77 69 74 68 20 3a 63 66 67 63 6d 64 3a 60	ireguard.wireless.with.:cfgcmd:`
8ace0	73 65 74 20 73 79 73 74 65 6d 20 61 63 63 65 6c 65 72 61 74 69 6f 6e 20 71 61 74 60 20 6f 6e 20	set.system.acceleration.qat`.on.
8ad00	62 6f 74 68 20 73 79 73 74 65 6d 73 20 74 68 65 20 62 61 6e 64 77 69 64 74 68 20 69 6e 63 72 65	both.systems.the.bandwidth.incre
8ad20	61 73 65 73 2e 00 77 70 61 64 2d 75 72 6c 00 77 70 61 64 2d 75 72 6c 2c 20 77 70 61 64 2d 75 72	ases..wpad-url.wpad-url,.wpad-ur
8ad40	6c 20 63 6f 64 65 20 32 35 32 20 3d 20 74 65 78 74 00 77 77 61 6e 00 4d 49 4d 45 2d 56 65 72 73	l.code.252.=.text.wwan.MIME-Vers
8ad60	69 6f 6e 3a 20 31 2e 30 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69	ion:.1.0.Content-Type:.text/plai
8ad80	6e 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65	n;.charset=UTF-8.Content-Transfe
8ada0	72 2d 45 6e 63 6f 64 69 6e 67 3a 20 38 62 69 74 0a 58 2d 47 65 6e 65 72 61 74 6f 72 3a 20 4c 6f	r-Encoding:.8bit.X-Generator:.Lo
8adc0	63 61 6c 61 7a 79 20 28 68 74 74 70 73 3a 2f 2f 6c 6f 63 61 6c 61 7a 79 2e 63 6f 6d 29 0a 50 72	calazy.(https://localazy.com).Pr
8ade0	6f 6a 65 63 74 2d 49 64 2d 56 65 72 73 69 6f 6e 3a 20 0a 4c 61 6e 67 75 61 67 65 3a 20 65 6e 0a	oject-Id-Version:..Language:.en.
8ae00	50 6c 75 72 61 6c 2d 46 6f 72 6d 73 3a 20 6e 70 6c 75 72 61 6c 73 3d 32 3b 20 70 6c 75 72 61 6c	Plural-Forms:.nplurals=2;.plural
8ae20	3d 28 6e 3d 3d 31 29 20 3f 20 30 20 3a 20 31 3b 0a 00 21 3c 68 3a 68 3a 68 3a 68 3a 68 3a 68 3a	=(n==1).?.0.:.1;..!<h:h:h:h:h:h:
8ae40	68 3a 68 2f 78 3e 3a 20 4d 61 74 63 68 20 65 76 65 72 79 74 68 69 6e 67 20 65 78 63 65 70 74 20	h:h/x>:.Match.everything.except.
8ae60	74 68 65 20 73 70 65 63 69 66 69 65 64 20 70 72 65 66 69 78 2e 00 21 3c 68 3a 68 3a 68 3a 68 3a	the.specified.prefix..!<h:h:h:h:
8ae80	68 3a 68 3a 68 3a 68 3e 2d 3c 68 3a 68 3a 68 3a 68 3a 68 3a 68 3a 68 3a 68 3e 3a 20 4d 61 74 63	h:h:h:h>-<h:h:h:h:h:h:h:h>:.Matc
8aea0	68 20 65 76 65 72 79 74 68 69 6e 67 20 65 78 63 65 70 74 20 74 68 65 20 73 70 65 63 69 66 69 65	h.everything.except.the.specifie
8aec0	64 20 72 61 6e 67 65 2e 00 21 3c 68 3a 68 3a 68 3a 68 3a 68 3a 68 3a 68 3a 68 3e 3a 20 4d 61 74	d.range..!<h:h:h:h:h:h:h:h>:.Mat
8aee0	63 68 20 65 76 65 72 79 74 68 69 6e 67 20 65 78 63 65 70 74 20 74 68 65 20 73 70 65 63 69 66 69	ch.everything.except.the.specifi
8af00	65 64 20 61 64 64 72 65 73 73 2e 00 21 3c 78 2e 78 2e 78 2e 78 2f 78 3e 3a 20 4d 61 74 63 68 20	ed.address..!<x.x.x.x/x>:.Match.
8af20	65 76 65 72 79 74 68 69 6e 67 20 65 78 63 65 70 74 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20	everything.except.the.specified.
8af40	73 75 62 6e 65 74 2e 00 21 3c 78 2e 78 2e 78 2e 78 3e 2d 3c 78 2e 78 2e 78 2e 78 3e 3a 20 4d 61	subnet..!<x.x.x.x>-<x.x.x.x>:.Ma
8af60	74 63 68 20 65 76 65 72 79 74 68 69 6e 67 20 65 78 63 65 70 74 20 74 68 65 20 73 70 65 63 69 66	tch.everything.except.the.specif
8af80	69 65 64 20 72 61 6e 67 65 2e 00 21 3c 78 2e 78 2e 78 2e 78 3e 3a 20 4d 61 74 63 68 20 65 76 65	ied.range..!<x.x.x.x>:.Match.eve
8afa0	72 79 74 68 69 6e 67 20 65 78 63 65 70 74 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 61 64 64	rything.except.the.specified.add
8afc0	72 65 73 73 2e 00 22 4d 61 6e 61 67 65 64 20 61 64 64 72 65 73 73 20 63 6f 6e 66 69 67 75 72 61	ress.."Managed.address.configura
8afe0	74 69 6f 6e 22 20 66 6c 61 67 00 22 4f 74 68 65 72 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 22	tion".flag."Other.configuration"
8b000	20 66 6c 61 67 00 28 54 68 69 73 20 63 61 6e 20 62 65 20 75 73 65 66 75 6c 20 77 68 65 6e 20 61	.flag.(This.can.be.useful.when.a
8b020	20 63 61 6c 6c 65 64 20 73 65 72 76 69 63 65 20 68 61 73 20 6d 61 6e 79 20 61 6e 64 2f 6f 72 20	.called.service.has.many.and/or.
8b040	6f 66 74 65 6e 20 63 68 61 6e 67 69 6e 67 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 61 64 64 72 65	often.changing.destination.addre
8b060	73 73 65 73 20 2d 20 65 2e 67 2e 20 4e 65 74 66 6c 69 78 2e 29 00 2a 2a 31 2d 32 35 34 2a 2a 20	sses.-.e.g..Netflix.).**1-254**.
8b080	e2 80 93 20 69 6e 74 65 72 66 61 63 65 73 20 77 69 74 68 20 61 20 63 68 61 6e 6e 65 6c 20 6e 75	....interfaces.with.a.channel.nu
8b0a0	6d 62 65 72 20 69 6e 74 65 72 66 65 72 65 20 77 69 74 68 20 69 6e 74 65 72 66 65 72 69 6e 67 20	mber.interfere.with.interfering.
8b0c0	69 6e 74 65 72 66 61 63 65 73 20 61 6e 64 20 69 6e 74 65 72 66 61 63 65 73 20 77 69 74 68 20 74	interfaces.and.interfaces.with.t
8b0e0	68 65 20 73 61 6d 65 20 63 68 61 6e 6e 65 6c 20 6e 75 6d 62 65 72 2e 20 2a 2a 69 6e 74 65 72 66	he.same.channel.number..**interf
8b100	65 72 69 6e 67 2a 2a 20 e2 80 93 20 69 6e 74 65 72 66 65 72 69 6e 67 20 69 6e 74 65 72 66 61 63	ering**.....interfering.interfac
8b120	65 73 20 61 72 65 20 61 73 73 75 6d 65 64 20 74 6f 20 69 6e 74 65 72 66 65 72 65 20 77 69 74 68	es.are.assumed.to.interfere.with
8b140	20 61 6c 6c 20 6f 74 68 65 72 20 63 68 61 6e 6e 65 6c 73 20 65 78 63 65 70 74 20 6e 6f 6e 69 6e	.all.other.channels.except.nonin
8b160	74 65 72 66 65 72 69 6e 67 20 63 68 61 6e 6e 65 6c 73 2e 20 2a 2a 6e 6f 6e 69 6e 74 65 72 66 65	terfering.channels..**noninterfe
8b180	72 69 6e 67 2a 2a 20 e2 80 93 20 6e 6f 6e 69 6e 74 65 72 66 65 72 69 6e 67 20 69 6e 74 65 72 66	ring**.....noninterfering.interf
8b1a0	61 63 65 73 20 61 72 65 20 61 73 73 75 6d 65 64 20 74 6f 20 6f 6e 6c 79 20 69 6e 74 65 72 66 65	aces.are.assumed.to.only.interfe
8b1c0	72 65 20 77 69 74 68 20 74 68 65 6d 73 65 6c 76 65 73 2e 00 2a 2a 31 2e 20 43 6f 6e 66 69 72 6d	re.with.themselves..**1..Confirm
8b1e0	20 49 50 20 63 6f 6e 6e 65 63 74 69 76 69 74 79 20 62 65 74 77 65 65 6e 20 74 75 6e 6e 65 6c 20	.IP.connectivity.between.tunnel.
8b200	73 6f 75 72 63 65 2d 61 64 64 72 65 73 73 20 61 6e 64 20 72 65 6d 6f 74 65 3a 2a 2a 00 2a 2a 31	source-address.and.remote:**.**1
8b220	30 2a 2a 20 2d 20 3a 61 62 62 72 3a 60 49 50 46 49 58 20 28 49 50 20 46 6c 6f 77 20 49 6e 66 6f	0**.-.:abbr:`IPFIX.(IP.Flow.Info
8b240	72 6d 61 74 69 6f 6e 20 45 78 70 6f 72 74 29 60 20 61 73 20 70 65 72 20 3a 72 66 63 3a 60 33 39	rmation.Export)`.as.per.:rfc:`39
8b260	31 37 60 00 2a 2a 32 2e 20 43 6f 6e 66 69 72 6d 20 74 68 65 20 6c 69 6e 6b 20 74 79 70 65 20 68	17`.**2..Confirm.the.link.type.h
8b280	61 73 20 62 65 65 6e 20 73 65 74 20 74 6f 20 47 52 45 3a 2a 2a 00 2a 2a 33 2e 20 43 6f 6e 66 69	as.been.set.to.GRE:**.**3..Confi
8b2a0	72 6d 20 49 50 20 63 6f 6e 6e 65 63 74 69 76 69 74 79 20 61 63 72 6f 73 73 20 74 68 65 20 74 75	rm.IP.connectivity.across.the.tu
8b2c0	6e 6e 65 6c 3a 2a 2a 00 2a 2a 35 2a 2a 20 2d 20 4d 6f 73 74 20 63 6f 6d 6d 6f 6e 20 76 65 72 73	nnel:**.**5**.-.Most.common.vers
8b2e0	69 6f 6e 2c 20 62 75 74 20 72 65 73 74 72 69 63 74 65 64 20 74 6f 20 49 50 76 34 20 66 6c 6f 77	ion,.but.restricted.to.IPv4.flow
8b300	73 20 6f 6e 6c 79 00 2a 2a 39 2a 2a 20 2d 20 4e 65 74 46 6c 6f 77 20 76 65 72 73 69 6f 6e 20 39	s.only.**9**.-.NetFlow.version.9
8b320	20 28 64 65 66 61 75 6c 74 29 00 2a 2a 41 53 20 70 61 74 68 20 6c 65 6e 67 74 68 20 63 68 65 63	.(default).**AS.path.length.chec
8b340	6b 2a 2a 00 2a 2a 41 6c 72 65 61 64 79 2d 73 65 6c 65 63 74 65 64 20 65 78 74 65 72 6e 61 6c 20	k**.**Already-selected.external.
8b360	63 68 65 63 6b 2a 2a 00 2a 2a 41 70 70 6c 69 65 73 20 74 6f 3a 2a 2a 20 49 6e 62 6f 75 6e 64 20	check**.**Applies.to:**.Inbound.
8b380	74 72 61 66 66 69 63 2e 00 2a 2a 41 70 70 6c 69 65 73 20 74 6f 3a 2a 2a 20 4f 75 74 62 6f 75 6e	traffic..**Applies.to:**.Outboun
8b3a0	64 20 54 72 61 66 66 69 63 2e 00 2a 2a 41 70 70 6c 69 65 73 20 74 6f 3a 2a 2a 20 4f 75 74 62 6f	d.Traffic..**Applies.to:**.Outbo
8b3c0	75 6e 64 20 74 72 61 66 66 69 63 2e 00 2a 2a 41 70 70 6c 79 20 74 68 65 20 74 72 61 66 66 69 63	und.traffic..**Apply.the.traffic
8b3e0	20 70 6f 6c 69 63 79 20 74 6f 20 61 6e 20 69 6e 74 65 72 66 61 63 65 20 69 6e 67 72 65 73 73 20	.policy.to.an.interface.ingress.
8b400	6f 72 20 65 67 72 65 73 73 2a 2a 2e 00 2a 2a 43 69 73 63 6f 20 49 4f 53 20 52 6f 75 74 65 72 3a	or.egress**..**Cisco.IOS.Router:
8b420	2a 2a 00 2a 2a 43 6c 69 65 6e 74 20 49 50 20 61 64 64 72 65 73 73 20 76 69 61 20 49 50 20 72 61	**.**Client.IP.address.via.IP.ra
8b440	6e 67 65 20 64 65 66 69 6e 69 74 69 6f 6e 2a 2a 00 2a 2a 43 6c 69 65 6e 74 20 49 50 20 73 75 62	nge.definition**.**Client.IP.sub
8b460	6e 65 74 73 20 76 69 61 20 43 49 44 52 20 6e 6f 74 61 74 69 6f 6e 2a 2a 00 2a 2a 43 6c 75 73 74	nets.via.CIDR.notation**.**Clust
8b480	65 72 2d 4c 69 73 74 20 6c 65 6e 67 74 68 20 63 68 65 63 6b 2a 2a 00 2a 2a 43 72 65 61 74 65 20	er-List.length.check**.**Create.
8b4a0	61 20 74 72 61 66 66 69 63 20 70 6f 6c 69 63 79 2a 2a 2e 00 2a 2a 44 48 43 50 28 76 36 29 2a 2a	a.traffic.policy**..**DHCP(v6)**
8b4c0	00 2a 2a 44 48 43 50 76 36 20 50 72 65 66 69 78 20 44 65 6c 65 67 61 74 69 6f 6e 20 28 50 44 29	.**DHCPv6.Prefix.Delegation.(PD)
8b4e0	2a 2a 00 2a 2a 45 74 68 65 72 6e 65 74 20 28 70 72 6f 74 6f 63 6f 6c 2c 20 64 65 73 74 69 6e 61	**.**Ethernet.(protocol,.destina
8b500	74 69 6f 6e 20 61 64 64 72 65 73 73 20 6f 72 20 73 6f 75 72 63 65 20 61 64 64 72 65 73 73 29 2a	tion.address.or.source.address)*
8b520	2a 00 2a 2a 45 78 61 6d 70 6c 65 3a 2a 2a 00 2a 2a 45 78 74 65 72 6e 61 6c 20 63 68 65 63 6b 2a	*.**Example:**.**External.check*
8b540	2a 00 2a 2a 46 69 72 65 77 61 6c 6c 20 6d 61 72 6b 2a 2a 00 2a 2a 49 47 50 20 63 6f 73 74 20 63	*.**Firewall.mark**.**IGP.cost.c
8b560	68 65 63 6b 2a 2a 00 2a 2a 49 50 76 34 20 28 44 53 43 50 20 76 61 6c 75 65 2c 20 6d 61 78 69 6d	heck**.**IPv4.(DSCP.value,.maxim
8b580	75 6d 20 70 61 63 6b 65 74 20 6c 65 6e 67 74 68 2c 20 70 72 6f 74 6f 63 6f 6c 2c 20 73 6f 75 72	um.packet.length,.protocol,.sour
8b5a0	63 65 20 61 64 64 72 65 73 73 2c 2a 2a 20 2a 2a 64 65 73 74 69 6e 61 74 69 6f 6e 20 61 64 64 72	ce.address,**.**destination.addr
8b5c0	65 73 73 2c 20 73 6f 75 72 63 65 20 70 6f 72 74 2c 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 70 6f	ess,.source.port,.destination.po
8b5e0	72 74 20 6f 72 20 54 43 50 20 66 6c 61 67 73 29 2a 2a 00 2a 2a 49 50 76 36 20 28 44 53 43 50 20	rt.or.TCP.flags)**.**IPv6.(DSCP.
8b600	76 61 6c 75 65 2c 20 6d 61 78 69 6d 75 6d 20 70 61 79 6c 6f 61 64 20 6c 65 6e 67 74 68 2c 20 70	value,.maximum.payload.length,.p
8b620	72 6f 74 6f 63 6f 6c 2c 20 73 6f 75 72 63 65 20 61 64 64 72 65 73 73 2c 2a 2a 20 2a 2a 64 65 73	rotocol,.source.address,**.**des
8b640	74 69 6e 61 74 69 6f 6e 20 61 64 64 72 65 73 73 2c 20 73 6f 75 72 63 65 20 70 6f 72 74 2c 20 64	tination.address,.source.port,.d
8b660	65 73 74 69 6e 61 74 69 6f 6e 20 70 6f 72 74 20 6f 72 20 54 43 50 20 66 6c 61 67 73 29 2a 2a 00	estination.port.or.TCP.flags)**.
8b680	2a 2a 49 66 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 61 20 70 6f 6c 69 63	**If.you.are.looking.for.a.polic
8b6a0	79 20 66 6f 72 20 79 6f 75 72 20 6f 75 74 62 6f 75 6e 64 20 74 72 61 66 66 69 63 2a 2a 20 62 75	y.for.your.outbound.traffic**.bu
8b6c0	74 20 79 6f 75 20 64 6f 6e 27 74 20 6b 6e 6f 77 20 77 68 69 63 68 20 6f 6e 65 20 79 6f 75 20 6e	t.you.don't.know.which.one.you.n
8b6e0	65 65 64 20 61 6e 64 20 79 6f 75 20 64 6f 6e 27 74 20 77 61 6e 74 20 74 6f 20 67 6f 20 74 68 72	eed.and.you.don't.want.to.go.thr
8b700	6f 75 67 68 20 65 76 65 72 79 20 70 6f 73 73 69 62 6c 65 20 70 6f 6c 69 63 79 20 73 68 6f 77 6e	ough.every.possible.policy.shown
8b720	20 68 65 72 65 2c 20 2a 2a 6f 75 72 20 62 65 74 20 69 73 20 74 68 61 74 20 68 69 67 68 6c 79 20	.here,.**our.bet.is.that.highly.
8b740	6c 69 6b 65 6c 79 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 61 2a 2a 20 53	likely.you.are.looking.for.a**.S
8b760	68 61 70 65 72 5f 20 2a 2a 70 6f 6c 69 63 79 20 61 6e 64 20 79 6f 75 20 77 61 6e 74 20 74 6f 2a	haper_.**policy.and.you.want.to*
8b780	2a 20 3a 72 65 66 3a 60 73 65 74 20 69 74 73 20 71 75 65 75 65 73 20 3c 65 6d 62 65 64 3e 60 20	*.:ref:`set.its.queues.<embed>`.
8b7a0	2a 2a 61 73 20 46 51 2d 43 6f 44 65 6c 2a 2a 2e 00 2a 2a 49 6d 70 6f 72 74 61 6e 74 20 6e 6f 74	**as.FQ-CoDel**..**Important.not
8b7c0	65 20 61 62 6f 75 74 20 64 65 66 61 75 6c 74 2d 61 63 74 69 6f 6e 73 3a 2a 2a 20 49 66 20 64 65	e.about.default-actions:**.If.de
8b7e0	66 61 75 6c 74 20 61 63 74 69 6f 6e 20 66 6f 72 20 61 6e 79 20 63 68 61 69 6e 20 69 73 20 6e 6f	fault.action.for.any.chain.is.no
8b800	74 20 64 65 66 69 6e 65 64 2c 20 74 68 65 6e 20 74 68 65 20 64 65 66 61 75 6c 74 20 61 63 74 69	t.defined,.then.the.default.acti
8b820	6f 6e 20 69 73 20 73 65 74 20 74 6f 20 2a 2a 61 63 63 65 70 74 2a 2a 20 66 6f 72 20 74 68 61 74	on.is.set.to.**accept**.for.that
8b840	20 63 68 61 69 6e 2e 20 4f 6e 6c 79 20 66 6f 72 20 63 75 73 74 6f 6d 20 63 68 61 69 6e 73 2c 20	.chain..Only.for.custom.chains,.
8b860	74 68 65 20 64 65 66 61 75 6c 74 20 61 63 74 69 6f 6e 20 69 73 20 73 65 74 20 74 6f 20 2a 2a 64	the.default.action.is.set.to.**d
8b880	72 6f 70 2a 2a 2e 00 2a 2a 49 6d 70 6f 72 74 61 6e 74 20 6e 6f 74 65 20 61 62 6f 75 74 20 64 65	rop**..**Important.note.about.de
8b8a0	66 61 75 6c 74 2d 61 63 74 69 6f 6e 73 3a 2a 2a 20 49 66 20 64 65 66 61 75 6c 74 20 61 63 74 69	fault-actions:**.If.default.acti
8b8c0	6f 6e 20 66 6f 72 20 61 6e 79 20 63 68 61 69 6e 20 69 73 20 6e 6f 74 20 64 65 66 69 6e 65 64 2c	on.for.any.chain.is.not.defined,
8b8e0	20 74 68 65 6e 20 74 68 65 20 64 65 66 61 75 6c 74 20 61 63 74 69 6f 6e 20 69 73 20 73 65 74 20	.then.the.default.action.is.set.
8b900	74 6f 20 2a 2a 64 72 6f 70 2a 2a 20 66 6f 72 20 74 68 61 74 20 63 68 61 69 6e 2e 00 2a 2a 49 6d	to.**drop**.for.that.chain..**Im
8b920	70 6f 72 74 61 6e 74 20 6e 6f 74 65 20 6f 6e 20 75 73 61 67 65 20 6f 66 20 74 65 72 6d 73 3a 2a	portant.note.on.usage.of.terms:*
8b940	2a 20 54 68 65 20 66 69 72 65 77 61 6c 6c 20 6d 61 6b 65 73 20 75 73 65 20 6f 66 20 74 68 65 20	*.The.firewall.makes.use.of.the.
8b960	74 65 72 6d 73 20 60 66 6f 72 77 61 72 64 60 2c 20 60 69 6e 70 75 74 60 2c 20 61 6e 64 20 60 6f	terms.`forward`,.`input`,.and.`o
8b980	75 74 70 75 74 60 20 66 6f 72 20 66 69 72 65 77 61 6c 6c 20 70 6f 6c 69 63 79 2e 20 4d 6f 72 65	utput`.for.firewall.policy..More
8b9a0	20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 6f 66 20 4e 65 74 66 69 6c 74 65 72 20 68 6f 6f 6b 73 20	.information.of.Netfilter.hooks.
8b9c0	61 6e 64 20 4c 69 6e 75 78 20 6e 65 74 77 6f 72 6b 69 6e 67 20 70 61 63 6b 65 74 20 66 6c 6f 77	and.Linux.networking.packet.flow
8b9e0	73 20 63 61 6e 20 62 65 20 66 6f 75 6e 64 20 69 6e 20 60 4e 65 74 66 69 6c 74 65 72 2d 48 6f 6f	s.can.be.found.in.`Netfilter-Hoo
8ba00	6b 73 20 3c 68 74 74 70 73 3a 2f 2f 77 69 6b 69 2e 6e 66 74 61 62 6c 65 73 2e 6f 72 67 2f 77 69	ks.<https://wiki.nftables.org/wi
8ba20	6b 69 2d 6e 66 74 61 62 6c 65 73 2f 69 6e 64 65 78 2e 70 68 70 2f 4e 65 74 66 69 6c 74 65 72 5f	ki-nftables/index.php/Netfilter_
8ba40	68 6f 6f 6b 73 3e 60 5f 00 2a 2a 49 6d 70 6f 72 74 61 6e 74 20 6e 6f 74 65 20 6f 6e 20 75 73 61	hooks>`_.**Important.note.on.usa
8ba60	67 65 20 6f 66 20 74 65 72 6d 73 3a 2a 2a 20 54 68 65 20 66 69 72 65 77 61 6c 6c 20 6d 61 6b 65	ge.of.terms:**.The.firewall.make
8ba80	73 20 75 73 65 20 6f 66 20 74 68 65 20 74 65 72 6d 73 20 60 69 6e 60 2c 20 60 6f 75 74 60 2c 20	s.use.of.the.terms.`in`,.`out`,.
8baa0	61 6e 64 20 60 6c 6f 63 61 6c 60 20 66 6f 72 20 66 69 72 65 77 61 6c 6c 20 70 6f 6c 69 63 79 2e	and.`local`.for.firewall.policy.
8bac0	20 55 73 65 72 73 20 65 78 70 65 72 69 65 6e 63 65 64 20 77 69 74 68 20 6e 65 74 66 69 6c 74 65	.Users.experienced.with.netfilte
8bae0	72 20 6f 66 74 65 6e 20 63 6f 6e 66 75 73 65 20 60 69 6e 60 20 74 6f 20 62 65 20 61 20 72 65 66	r.often.confuse.`in`.to.be.a.ref
8bb00	65 72 65 6e 63 65 20 74 6f 20 74 68 65 20 60 49 4e 50 55 54 60 20 63 68 61 69 6e 2c 20 61 6e 64	erence.to.the.`INPUT`.chain,.and
8bb20	20 60 6f 75 74 60 20 74 68 65 20 60 4f 55 54 50 55 54 60 20 63 68 61 69 6e 20 66 72 6f 6d 20 6e	.`out`.the.`OUTPUT`.chain.from.n
8bb40	65 74 66 69 6c 74 65 72 2e 20 54 68 69 73 20 69 73 20 6e 6f 74 20 74 68 65 20 63 61 73 65 2e 20	etfilter..This.is.not.the.case..
8bb60	54 68 65 73 65 20 69 6e 73 74 65 61 64 20 69 6e 64 69 63 61 74 65 20 74 68 65 20 75 73 65 20 6f	These.instead.indicate.the.use.o
8bb80	66 20 74 68 65 20 60 46 4f 52 57 41 52 44 60 20 63 68 61 69 6e 20 61 6e 64 20 65 69 74 68 65 72	f.the.`FORWARD`.chain.and.either
8bba0	20 74 68 65 20 69 6e 70 75 74 20 6f 72 20 6f 75 74 70 75 74 20 69 6e 74 65 72 66 61 63 65 2e 20	.the.input.or.output.interface..
8bbc0	54 68 65 20 60 49 4e 50 55 54 60 20 63 68 61 69 6e 2c 20 77 68 69 63 68 20 69 73 20 75 73 65 64	The.`INPUT`.chain,.which.is.used
8bbe0	20 66 6f 72 20 6c 6f 63 61 6c 20 74 72 61 66 66 69 63 20 74 6f 20 74 68 65 20 4f 53 2c 20 69 73	.for.local.traffic.to.the.OS,.is
8bc00	20 61 20 72 65 66 65 72 65 6e 63 65 20 74 6f 20 61 73 20 60 6c 6f 63 61 6c 60 20 77 69 74 68 20	.a.reference.to.as.`local`.with.
8bc20	72 65 73 70 65 63 74 20 74 6f 20 69 74 73 20 69 6e 70 75 74 20 69 6e 74 65 72 66 61 63 65 2e 00	respect.to.its.input.interface..
8bc40	2a 2a 49 6d 70 6f 72 74 61 6e 74 20 6e 6f 74 65 3a 2a 2a 20 54 68 69 73 20 64 6f 63 75 6d 65 6e	**Important.note:**.This.documen
8bc60	74 61 74 69 6f 6e 20 69 73 20 76 61 6c 69 64 20 6f 6e 6c 79 20 66 6f 72 20 56 79 4f 53 20 53 61	tation.is.valid.only.for.VyOS.Sa
8bc80	67 69 74 74 61 20 70 72 69 6f 72 20 74 6f 20 31 2e 34 2d 72 6f 6c 6c 69 6e 67 2d 59 59 59 59 4d	gitta.prior.to.1.4-rolling-YYYYM
8bca0	4d 44 44 48 48 6d 6d 00 2a 2a 49 6e 74 65 72 66 61 63 65 20 6e 61 6d 65 2a 2a 00 2a 2a 4c 65 61	MDDHHmm.**Interface.name**.**Lea
8bcc0	66 32 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3a 2a 2a 00 2a 2a 4c 65 61 66 33 20 63 6f 6e 66	f2.configuration:**.**Leaf3.conf
8bce0	69 67 75 72 61 74 69 6f 6e 3a 2a 2a 00 2a 2a 4c 69 6e 75 78 20 73 79 73 74 65 6d 64 2d 6e 65 74	iguration:**.**Linux.systemd-net
8bd00	77 6f 72 6b 64 3a 2a 2a 00 2a 2a 4c 6f 63 61 6c 20 70 72 65 66 65 72 65 6e 63 65 20 63 68 65 63	workd:**.**Local.preference.chec
8bd20	6b 2a 2a 00 2a 2a 4c 6f 63 61 6c 20 72 6f 75 74 65 20 63 68 65 63 6b 2a 2a 00 2a 2a 4d 45 44 20	k**.**Local.route.check**.**MED.
8bd40	63 68 65 63 6b 2a 2a 00 2a 2a 4d 75 6c 74 69 2d 70 61 74 68 20 63 68 65 63 6b 2a 2a 00 2a 2a 4e	check**.**Multi-path.check**.**N
8bd60	6f 64 65 20 31 2a 2a 00 2a 2a 4e 6f 64 65 20 31 3a 2a 2a 00 2a 2a 4e 6f 64 65 20 32 2a 2a 00 2a	ode.1**.**Node.1:**.**Node.2**.*
8bd80	2a 4e 6f 64 65 20 32 3a 2a 2a 00 2a 2a 4e 6f 64 65 31 3a 2a 2a 00 2a 2a 4e 6f 64 65 32 3a 2a 2a	*Node.2:**.**Node1:**.**Node2:**
8bda0	00 2a 2a 4f 50 54 49 4f 4e 41 4c 3a 2a 2a 20 45 78 63 6c 75 64 65 20 49 6e 74 65 72 2d 56 4c 41	.**OPTIONAL:**.Exclude.Inter-VLA
8bdc0	4e 20 74 72 61 66 66 69 63 20 28 62 65 74 77 65 65 6e 20 56 4c 41 4e 31 30 20 61 6e 64 20 56 4c	N.traffic.(between.VLAN10.and.VL
8bde0	41 4e 31 31 29 20 66 72 6f 6d 20 50 42 52 00 2a 2a 4f 53 50 46 20 6e 65 74 77 6f 72 6b 20 72 6f	AN11).from.PBR.**OSPF.network.ro
8be00	75 74 69 6e 67 20 74 61 62 6c 65 2a 2a 20 e2 80 93 20 69 6e 63 6c 75 64 65 73 20 61 20 6c 69 73	uting.table**.....includes.a.lis
8be20	74 20 6f 66 20 61 63 71 75 69 72 65 64 20 72 6f 75 74 65 73 20 66 6f 72 20 61 6c 6c 20 61 63 63	t.of.acquired.routes.for.all.acc
8be40	65 73 73 69 62 6c 65 20 6e 65 74 77 6f 72 6b 73 20 28 6f 72 20 61 67 67 72 65 67 61 74 65 64 20	essible.networks.(or.aggregated.
8be60	61 72 65 61 20 72 61 6e 67 65 73 29 20 6f 66 20 4f 53 50 46 20 73 79 73 74 65 6d 2e 20 22 49 41	area.ranges).of.OSPF.system.."IA
8be80	22 20 66 6c 61 67 20 6d 65 61 6e 73 20 74 68 61 74 20 72 6f 75 74 65 20 64 65 73 74 69 6e 61 74	".flag.means.that.route.destinat
8bea0	69 6f 6e 20 69 73 20 69 6e 20 74 68 65 20 61 72 65 61 20 74 6f 20 77 68 69 63 68 20 74 68 65 20	ion.is.in.the.area.to.which.the.
8bec0	72 6f 75 74 65 72 20 69 73 20 6e 6f 74 20 63 6f 6e 6e 65 63 74 65 64 2c 20 69 2e 65 2e 20 69 74	router.is.not.connected,.i.e..it
8bee0	e2 80 99 73 20 61 6e 20 69 6e 74 65 72 2d 61 72 65 61 20 70 61 74 68 2e 20 49 6e 20 73 71 75 61	...s.an.inter-area.path..In.squa
8bf00	72 65 20 62 72 61 63 6b 65 74 73 20 61 20 73 75 6d 6d 61 72 79 20 6d 65 74 72 69 63 20 66 6f 72	re.brackets.a.summary.metric.for
8bf20	20 61 6c 6c 20 6c 69 6e 6b 73 20 74 68 72 6f 75 67 68 20 77 68 69 63 68 20 61 20 70 61 74 68 20	.all.links.through.which.a.path.
8bf40	6c 69 65 73 20 74 6f 20 74 68 69 73 20 6e 65 74 77 6f 72 6b 20 69 73 20 73 70 65 63 69 66 69 65	lies.to.this.network.is.specifie
8bf60	64 2e 20 22 76 69 61 22 20 70 72 65 66 69 78 20 64 65 66 69 6e 65 73 20 61 20 72 6f 75 74 65 72	d.."via".prefix.defines.a.router
8bf80	2d 67 61 74 65 77 61 79 2c 20 69 2e 65 2e 20 74 68 65 20 66 69 72 73 74 20 72 6f 75 74 65 72 20	-gateway,.i.e..the.first.router.
8bfa0	6f 6e 20 74 68 65 20 77 61 79 20 74 6f 20 74 68 65 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 28 6e	on.the.way.to.the.destination.(n
8bfc0	65 78 74 20 68 6f 70 29 2e 20 2a 2a 4f 53 50 46 20 72 6f 75 74 65 72 20 72 6f 75 74 69 6e 67 20	ext.hop)..**OSPF.router.routing.
8bfe0	74 61 62 6c 65 2a 2a 20 e2 80 93 20 69 6e 63 6c 75 64 65 73 20 61 20 6c 69 73 74 20 6f 66 20 61	table**.....includes.a.list.of.a
8c000	63 71 75 69 72 65 64 20 72 6f 75 74 65 73 20 74 6f 20 61 6c 6c 20 61 63 63 65 73 73 69 62 6c 65	cquired.routes.to.all.accessible
8c020	20 41 42 52 73 20 61 6e 64 20 41 53 42 52 73 2e 20 2a 2a 4f 53 50 46 20 65 78 74 65 72 6e 61 6c	.ABRs.and.ASBRs..**OSPF.external
8c040	20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 2a 2a 20 e2 80 93 20 69 6e 63 6c 75 64 65 73 20 61 20	.routing.table**.....includes.a.
8c060	6c 69 73 74 20 6f 66 20 61 63 71 75 69 72 65 64 20 72 6f 75 74 65 73 20 74 68 61 74 20 61 72 65	list.of.acquired.routes.that.are
8c080	20 65 78 74 65 72 6e 61 6c 20 74 6f 20 74 68 65 20 4f 53 50 46 20 70 72 6f 63 65 73 73 2e 20 22	.external.to.the.OSPF.process.."
8c0a0	45 22 20 66 6c 61 67 20 70 6f 69 6e 74 73 20 74 6f 20 74 68 65 20 65 78 74 65 72 6e 61 6c 20 6c	E".flag.points.to.the.external.l
8c0c0	69 6e 6b 20 6d 65 74 72 69 63 20 74 79 70 65 20 28 45 31 20 e2 80 93 20 6d 65 74 72 69 63 20 74	ink.metric.type.(E1.....metric.t
8c0e0	79 70 65 20 31 2c 20 45 32 20 e2 80 93 20 6d 65 74 72 69 63 20 74 79 70 65 20 32 29 2e 20 45 78	ype.1,.E2.....metric.type.2)..Ex
8c100	74 65 72 6e 61 6c 20 6c 69 6e 6b 20 6d 65 74 72 69 63 20 69 73 20 70 72 69 6e 74 65 64 20 69 6e	ternal.link.metric.is.printed.in
8c120	20 74 68 65 20 22 3c 6d 65 74 72 69 63 20 6f 66 20 74 68 65 20 72 6f 75 74 65 72 20 77 68 69 63	.the."<metric.of.the.router.whic
8c140	68 20 61 64 76 65 72 74 69 73 65 64 20 74 68 65 20 6c 69 6e 6b 3e 2f 3c 6c 69 6e 6b 20 6d 65 74	h.advertised.the.link>/<link.met
8c160	72 69 63 3e 22 20 66 6f 72 6d 61 74 2e 00 2a 2a 4f 6e 65 20 67 61 74 65 77 61 79 3a 2a 2a 00 2a	ric>".format..**One.gateway:**.*
8c180	2a 4f 72 69 67 69 6e 20 63 68 65 63 6b 2a 2a 00 2a 2a 50 65 65 72 20 61 64 64 72 65 73 73 2a 2a	*Origin.check**.**Peer.address**
8c1a0	00 2a 2a 50 6f 6c 69 63 79 20 64 65 66 69 6e 69 74 69 6f 6e 3a 2a 2a 00 2a 2a 50 72 69 6d 61 72	.**Policy.definition:**.**Primar
8c1c0	79 2a 2a 00 2a 2a 51 75 65 75 65 69 6e 67 20 64 69 73 63 69 70 6c 69 6e 65 2a 2a 20 46 61 69 72	y**.**Queueing.discipline**.Fair
8c1e0	2f 46 6c 6f 77 20 51 75 65 75 65 20 43 6f 44 65 6c 2e 00 2a 2a 51 75 65 75 65 69 6e 67 20 64 69	/Flow.Queue.CoDel..**Queueing.di
8c200	73 63 69 70 6c 69 6e 65 3a 2a 2a 20 44 65 66 69 63 69 74 20 52 6f 75 6e 64 20 52 6f 62 69 6e 2e	scipline:**.Deficit.Round.Robin.
8c220	00 2a 2a 51 75 65 75 65 69 6e 67 20 64 69 73 63 69 70 6c 69 6e 65 3a 2a 2a 20 47 65 6e 65 72 61	.**Queueing.discipline:**.Genera
8c240	6c 69 7a 65 64 20 52 61 6e 64 6f 6d 20 45 61 72 6c 79 20 44 72 6f 70 2e 00 2a 2a 51 75 65 75 65	lized.Random.Early.Drop..**Queue
8c260	69 6e 67 20 64 69 73 63 69 70 6c 69 6e 65 3a 2a 2a 20 48 69 65 72 61 72 63 68 69 63 61 6c 20 54	ing.discipline:**.Hierarchical.T
8c280	6f 6b 65 6e 20 42 75 63 6b 65 74 2e 00 2a 2a 51 75 65 75 65 69 6e 67 20 64 69 73 63 69 70 6c 69	oken.Bucket..**Queueing.discipli
8c2a0	6e 65 3a 2a 2a 20 49 6e 67 72 65 73 73 20 70 6f 6c 69 63 65 72 2e 00 2a 2a 51 75 65 75 65 69 6e	ne:**.Ingress.policer..**Queuein
8c2c0	67 20 64 69 73 63 69 70 6c 69 6e 65 3a 2a 2a 20 50 46 49 46 4f 20 28 50 61 63 6b 65 74 20 46 69	g.discipline:**.PFIFO.(Packet.Fi
8c2e0	72 73 74 20 49 6e 20 46 69 72 73 74 20 4f 75 74 29 2e 00 2a 2a 51 75 65 75 65 69 6e 67 20 64 69	rst.In.First.Out)..**Queueing.di
8c300	73 63 69 70 6c 69 6e 65 3a 2a 2a 20 50 52 49 4f 2e 00 2a 2a 51 75 65 75 65 69 6e 67 20 64 69 73	scipline:**.PRIO..**Queueing.dis
8c320	63 69 70 6c 69 6e 65 3a 2a 2a 20 53 46 51 20 28 53 74 6f 63 68 61 73 74 69 63 20 46 61 69 72 6e	cipline:**.SFQ.(Stochastic.Fairn
8c340	65 73 73 20 51 75 65 75 69 6e 67 29 2e 00 2a 2a 51 75 65 75 65 69 6e 67 20 64 69 73 63 69 70 6c	ess.Queuing)..**Queueing.discipl
8c360	69 6e 65 3a 2a 2a 20 54 6f 63 6b 65 6e 20 42 75 63 6b 65 74 20 46 69 6c 74 65 72 2e 00 2a 2a 51	ine:**.Tocken.Bucket.Filter..**Q
8c380	75 65 75 65 69 6e 67 20 64 69 73 63 69 70 6c 69 6e 65 3a 2a 2a 20 6e 65 74 65 6d 20 28 4e 65 74	ueueing.discipline:**.netem.(Net
8c3a0	77 6f 72 6b 20 45 6d 75 6c 61 74 6f 72 29 20 2b 20 54 42 46 20 28 54 6f 6b 65 6e 20 42 75 63 6b	work.Emulator).+.TBF.(Token.Buck
8c3c0	65 74 20 46 69 6c 74 65 72 29 2e 00 2a 2a 52 31 20 53 74 61 74 69 63 20 4b 65 79 2a 2a 00 2a 2a	et.Filter)..**R1.Static.Key**.**
8c3e0	52 31 2a 2a 00 2a 2a 52 32 20 53 74 61 74 69 63 20 4b 65 79 2a 2a 00 2a 2a 52 32 2a 2a 00 2a 2a	R1**.**R2.Static.Key**.**R2**.**
8c400	52 41 44 49 55 53 20 62 61 73 65 64 20 49 50 20 70 6f 6f 6c 73 20 28 46 72 61 6d 65 64 2d 49 50	RADIUS.based.IP.pools.(Framed-IP
8c420	2d 41 64 64 72 65 73 73 29 2a 2a 00 2a 2a 52 41 44 49 55 53 20 73 65 73 73 69 6f 6e 73 20 6d 61	-Address)**.**RADIUS.sessions.ma
8c440	6e 61 67 65 6d 65 6e 74 20 44 4d 2f 43 6f 41 2a 2a 00 2a 2a 52 6f 75 74 65 72 20 31 2a 2a 00 2a	nagement.DM/CoA**.**Router.1**.*
8c460	2a 52 6f 75 74 65 72 20 32 2a 2a 00 2a 2a 52 6f 75 74 65 72 20 33 2a 2a 00 2a 2a 52 6f 75 74 65	*Router.2**.**Router.3**.**Route
8c480	72 2d 49 44 20 63 68 65 63 6b 2a 2a 00 2a 2a 52 6f 75 74 65 73 20 6c 65 61 72 6e 65 64 20 61 66	r-ID.check**.**Routes.learned.af
8c4a0	74 65 72 20 72 6f 75 74 69 6e 67 20 70 6f 6c 69 63 79 20 61 70 70 6c 69 65 64 3a 2a 2a 00 2a 2a	ter.routing.policy.applied:**.**
8c4c0	52 6f 75 74 65 73 20 6c 65 61 72 6e 65 64 20 62 65 66 6f 72 65 20 72 6f 75 74 69 6e 67 20 70 6f	Routes.learned.before.routing.po
8c4e0	6c 69 63 79 20 61 70 70 6c 69 65 64 3a 2a 2a 00 2a 2a 53 57 31 2a 2a 00 2a 2a 53 57 32 2a 2a 00	licy.applied:**.**SW1**.**SW2**.
8c500	2a 2a 53 65 63 6f 6e 64 61 72 79 2a 2a 00 2a 2a 53 65 74 74 69 6e 67 20 75 70 20 49 50 53 65 63	**Secondary**.**Setting.up.IPSec
8c520	2a 2a 00 2a 2a 53 65 74 74 69 6e 67 20 75 70 20 74 68 65 20 47 52 45 20 74 75 6e 6e 65 6c 2a 2a	**.**Setting.up.the.GRE.tunnel**
8c540	00 2a 2a 53 70 69 6e 65 31 20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3a 2a 2a 00 2a 2a 53 74 61	.**Spine1.Configuration:**.**Sta
8c560	74 75 73 2a 2a 00 2a 2a 54 6f 20 73 65 65 20 74 68 65 20 72 65 64 69 73 74 72 69 62 75 74 65 64	tus**.**To.see.the.redistributed
8c580	20 72 6f 75 74 65 73 3a 2a 2a 00 2a 2a 54 77 6f 20 67 61 74 65 77 61 79 73 20 61 6e 64 20 64 69	.routes:**.**Two.gateways.and.di
8c5a0	66 66 65 72 65 6e 74 20 6d 65 74 72 69 63 73 3a 2a 2a 00 2a 2a 56 4c 41 4e 20 49 44 2a 2a 00 2a	fferent.metrics:**.**VLAN.ID**.*
8c5c0	2a 56 79 4f 53 20 52 6f 75 74 65 72 3a 2a 2a 00 2a 2a 57 65 69 67 68 74 20 63 68 65 63 6b 2a 2a	*VyOS.Router:**.**Weight.check**
8c5e0	00 2a 2a 61 64 64 72 65 73 73 2a 2a 20 63 61 6e 20 62 65 20 73 70 65 63 69 66 69 65 64 20 6d 75	.**address**.can.be.specified.mu
8c600	6c 74 69 70 6c 65 20 74 69 6d 65 73 20 61 73 20 49 50 76 34 20 61 6e 64 2f 6f 72 20 49 50 76 36	ltiple.times.as.IPv4.and/or.IPv6
8c620	20 61 64 64 72 65 73 73 2c 20 65 2e 67 2e 20 31 39 32 2e 30 2e 32 2e 31 2f 32 34 20 61 6e 64 2f	.address,.e.g..192.0.2.1/24.and/
8c640	6f 72 20 32 30 30 31 3a 64 62 38 3a 3a 31 2f 36 34 00 2a 2a 61 64 64 72 65 73 73 2a 2a 20 63 61	or.2001:db8::1/64.**address**.ca
8c660	6e 20 62 65 20 73 70 65 63 69 66 69 65 64 20 6d 75 6c 74 69 70 6c 65 20 74 69 6d 65 73 2c 20 65	n.be.specified.multiple.times,.e
8c680	2e 67 2e 20 31 39 32 2e 31 36 38 2e 31 30 30 2e 31 20 61 6e 64 2f 6f 72 20 31 39 32 2e 31 36 38	.g..192.168.100.1.and/or.192.168
8c6a0	2e 31 30 30 2e 30 2f 32 34 00 2a 2a 61 6c 6c 6f 77 2d 68 6f 73 74 2d 6e 65 74 77 6f 72 6b 73 2a	.100.0/24.**allow-host-networks*
8c6c0	2a 20 63 61 6e 6e 6f 74 20 62 65 20 75 73 65 64 20 77 69 74 68 20 2a 2a 6e 65 74 77 6f 72 6b 2a	*.cannot.be.used.with.**network*
8c6e0	2a 00 2a 2a 61 6c 77 61 79 73 2a 2a 3a 20 52 65 73 74 61 72 74 20 63 6f 6e 74 61 69 6e 65 72 73	*.**always**:.Restart.containers
8c700	20 77 68 65 6e 20 74 68 65 79 20 65 78 69 74 2c 20 72 65 67 61 72 64 6c 65 73 73 20 6f 66 20 73	.when.they.exit,.regardless.of.s
8c720	74 61 74 75 73 2c 20 72 65 74 72 79 69 6e 67 20 69 6e 64 65 66 69 6e 69 74 65 6c 79 00 2a 2a 61	tatus,.retrying.indefinitely.**a
8c740	70 70 65 6e 64 3a 2a 2a 20 54 68 65 20 72 65 6c 61 79 20 61 67 65 6e 74 20 69 73 20 61 6c 6c 6f	ppend:**.The.relay.agent.is.allo
8c760	77 65 64 20 74 6f 20 61 70 70 65 6e 64 20 69 74 73 20 6f 77 6e 20 72 65 6c 61 79 20 69 6e 66 6f	wed.to.append.its.own.relay.info
8c780	72 6d 61 74 69 6f 6e 20 74 6f 20 61 20 72 65 63 65 69 76 65 64 20 44 48 43 50 20 70 61 63 6b 65	rmation.to.a.received.DHCP.packe
8c7a0	74 2c 20 64 69 73 72 65 67 61 72 64 69 6e 67 20 72 65 6c 61 79 20 69 6e 66 6f 72 6d 61 74 69 6f	t,.disregarding.relay.informatio
8c7c0	6e 20 61 6c 72 65 61 64 79 20 70 72 65 73 65 6e 74 20 69 6e 20 74 68 65 20 70 61 63 6b 65 74 2e	n.already.present.in.the.packet.
8c7e0	00 2a 2a 61 70 70 6c 69 63 61 74 69 6f 6e 2a 2a 3a 20 61 6e 61 6c 79 7a 65 73 20 72 65 63 65 69	.**application**:.analyzes.recei
8c800	76 65 64 20 66 6c 6f 77 20 64 61 74 61 20 69 6e 20 74 68 65 20 63 6f 6e 74 65 78 74 20 6f 66 20	ved.flow.data.in.the.context.of.
8c820	69 6e 74 72 75 73 69 6f 6e 20 64 65 74 65 63 74 69 6f 6e 20 6f 72 20 74 72 61 66 66 69 63 20 70	intrusion.detection.or.traffic.p
8c840	72 6f 66 69 6c 69 6e 67 2c 20 66 6f 72 20 65 78 61 6d 70 6c 65 00 2a 2a 61 75 74 6f 2a 2a 20 e2	rofiling,.for.example.**auto**..
8c860	80 93 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 72 6d 69 6e 65 73 20 74 68 65 20	...automatically.determines.the.
8c880	69 6e 74 65 72 66 61 63 65 20 74 79 70 65 2e 20 2a 2a 77 69 72 65 64 2a 2a 20 e2 80 93 20 65 6e	interface.type..**wired**.....en
8c8a0	61 62 6c 65 73 20 6f 70 74 69 6d 69 73 61 74 69 6f 6e 73 20 66 6f 72 20 77 69 72 65 64 20 69 6e	ables.optimisations.for.wired.in
8c8c0	74 65 72 66 61 63 65 73 2e 20 2a 2a 77 69 72 65 6c 65 73 73 2a 2a 20 e2 80 93 20 64 69 73 61 62	terfaces..**wireless**.....disab
8c8e0	6c 65 73 20 61 20 6e 75 6d 62 65 72 20 6f 66 20 6f 70 74 69 6d 69 73 61 74 69 6f 6e 73 20 74 68	les.a.number.of.optimisations.th
8c900	61 74 20 61 72 65 20 6f 6e 6c 79 20 63 6f 72 72 65 63 74 20 6f 6e 20 77 69 72 65 64 20 69 6e 74	at.are.only.correct.on.wired.int
8c920	65 72 66 61 63 65 73 2e 20 53 70 65 63 69 66 79 69 6e 67 20 77 69 72 65 6c 65 73 73 20 69 73 20	erfaces..Specifying.wireless.is.
8c940	61 6c 77 61 79 73 20 63 6f 72 72 65 63 74 2c 20 62 75 74 20 6d 61 79 20 63 61 75 73 65 20 73 6c	always.correct,.but.may.cause.sl
8c960	6f 77 65 72 20 63 6f 6e 76 65 72 67 65 6e 63 65 20 61 6e 64 20 65 78 74 72 61 20 72 6f 75 74 69	ower.convergence.and.extra.routi
8c980	6e 67 20 74 72 61 66 66 69 63 2e 00 2a 2a 62 72 6f 61 64 63 61 73 74 2a 2a 20 e2 80 93 20 62 72	ng.traffic..**broadcast**.....br
8c9a0	6f 61 64 63 61 73 74 20 49 50 20 61 64 64 72 65 73 73 65 73 20 64 69 73 74 72 69 62 75 74 69 6f	oadcast.IP.addresses.distributio
8c9c0	6e 2e 20 2a 2a 6e 6f 6e 2d 62 72 6f 61 64 63 61 73 74 2a 2a 20 e2 80 93 20 61 64 64 72 65 73 73	n..**non-broadcast**.....address
8c9e0	20 64 69 73 74 72 69 62 75 74 69 6f 6e 20 69 6e 20 4e 42 4d 41 20 6e 65 74 77 6f 72 6b 73 20 74	.distribution.in.NBMA.networks.t
8ca00	6f 70 6f 6c 6f 67 79 2e 20 2a 2a 70 6f 69 6e 74 2d 74 6f 2d 6d 75 6c 74 69 70 6f 69 6e 74 2a 2a	opology..**point-to-multipoint**
8ca20	20 e2 80 93 20 61 64 64 72 65 73 73 20 64 69 73 74 72 69 62 75 74 69 6f 6e 20 69 6e 20 70 6f 69	.....address.distribution.in.poi
8ca40	6e 74 2d 74 6f 2d 6d 75 6c 74 69 70 6f 69 6e 74 20 6e 65 74 77 6f 72 6b 73 2e 20 2a 2a 70 6f 69	nt-to-multipoint.networks..**poi
8ca60	6e 74 2d 74 6f 2d 70 6f 69 6e 74 2a 2a 20 e2 80 93 20 61 64 64 72 65 73 73 20 64 69 73 74 72 69	nt-to-point**.....address.distri
8ca80	62 75 74 69 6f 6e 20 69 6e 20 70 6f 69 6e 74 2d 74 6f 2d 70 6f 69 6e 74 20 6e 65 74 77 6f 72 6b	bution.in.point-to-point.network
8caa0	73 2e 00 2a 2a 62 72 6f 61 64 63 61 73 74 2a 2a 20 e2 80 93 20 62 72 6f 61 64 63 61 73 74 20 49	s..**broadcast**.....broadcast.I
8cac0	50 20 61 64 64 72 65 73 73 65 73 20 64 69 73 74 72 69 62 75 74 69 6f 6e 2e 20 2a 2a 70 6f 69 6e	P.addresses.distribution..**poin
8cae0	74 2d 74 6f 2d 70 6f 69 6e 74 2a 2a 20 e2 80 93 20 61 64 64 72 65 73 73 20 64 69 73 74 72 69 62	t-to-point**.....address.distrib
8cb00	75 74 69 6f 6e 20 69 6e 20 70 6f 69 6e 74 2d 74 6f 2d 70 6f 69 6e 74 20 6e 65 74 77 6f 72 6b 73	ution.in.point-to-point.networks
8cb20	2e 00 2a 2a 63 69 73 63 6f 2a 2a 20 e2 80 93 20 61 20 72 6f 75 74 65 72 20 77 69 6c 6c 20 62 65	..**cisco**.....a.router.will.be
8cb40	20 63 6f 6e 73 69 64 65 72 65 64 20 61 73 20 41 42 52 20 69 66 20 69 74 20 68 61 73 20 73 65 76	.considered.as.ABR.if.it.has.sev
8cb60	65 72 61 6c 20 63 6f 6e 66 69 67 75 72 65 64 20 6c 69 6e 6b 73 20 74 6f 20 74 68 65 20 6e 65 74	eral.configured.links.to.the.net
8cb80	77 6f 72 6b 73 20 69 6e 20 64 69 66 66 65 72 65 6e 74 20 61 72 65 61 73 20 6f 6e 65 20 6f 66 20	works.in.different.areas.one.of.
8cba0	77 68 69 63 68 20 69 73 20 61 20 62 61 63 6b 62 6f 6e 65 20 61 72 65 61 2e 20 4d 6f 72 65 6f 76	which.is.a.backbone.area..Moreov
8cbc0	65 72 2c 20 74 68 65 20 6c 69 6e 6b 20 74 6f 20 74 68 65 20 62 61 63 6b 62 6f 6e 65 20 61 72 65	er,.the.link.to.the.backbone.are
8cbe0	61 20 73 68 6f 75 6c 64 20 62 65 20 61 63 74 69 76 65 20 28 77 6f 72 6b 69 6e 67 29 2e 20 2a 2a	a.should.be.active.(working)..**
8cc00	69 62 6d 2a 2a 20 e2 80 93 20 69 64 65 6e 74 69 63 61 6c 20 74 6f 20 22 63 69 73 63 6f 22 20 6d	ibm**.....identical.to."cisco".m
8cc20	6f 64 65 6c 20 62 75 74 20 69 6e 20 74 68 69 73 20 63 61 73 65 20 61 20 62 61 63 6b 62 6f 6e 65	odel.but.in.this.case.a.backbone
8cc40	20 61 72 65 61 20 6c 69 6e 6b 20 6d 61 79 20 6e 6f 74 20 62 65 20 61 63 74 69 76 65 2e 20 2a 2a	.area.link.may.not.be.active..**
8cc60	73 74 61 6e 64 61 72 64 2a 2a 20 e2 80 93 20 72 6f 75 74 65 72 20 68 61 73 20 73 65 76 65 72 61	standard**.....router.has.severa
8cc80	6c 20 61 63 74 69 76 65 20 6c 69 6e 6b 73 20 74 6f 20 64 69 66 66 65 72 65 6e 74 20 61 72 65 61	l.active.links.to.different.area
8cca0	73 2e 20 2a 2a 73 68 6f 72 74 63 75 74 2a 2a 20 e2 80 93 20 69 64 65 6e 74 69 63 61 6c 20 74 6f	s..**shortcut**.....identical.to
8ccc0	20 22 73 74 61 6e 64 61 72 64 22 20 62 75 74 20 69 6e 20 74 68 69 73 20 6d 6f 64 65 6c 20 61 20	."standard".but.in.this.model.a.
8cce0	72 6f 75 74 65 72 20 69 73 20 61 6c 6c 6f 77 65 64 20 74 6f 20 75 73 65 20 61 20 63 6f 6e 6e 65	router.is.allowed.to.use.a.conne
8cd00	63 74 65 64 20 61 72 65 61 73 20 74 6f 70 6f 6c 6f 67 79 20 77 69 74 68 6f 75 74 20 69 6e 76 6f	cted.areas.topology.without.invo
8cd20	6c 76 69 6e 67 20 61 20 62 61 63 6b 62 6f 6e 65 20 61 72 65 61 20 66 6f 72 20 69 6e 74 65 72 2d	lving.a.backbone.area.for.inter-
8cd40	61 72 65 61 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 2e 00 2a 2a 63 6f 6c 6c 65 63 74 6f 72 2a 2a 3a	area.connections..**collector**:
8cd60	20 72 65 73 70 6f 6e 73 69 62 6c 65 20 66 6f 72 20 72 65 63 65 70 74 69 6f 6e 2c 20 73 74 6f 72	.responsible.for.reception,.stor
8cd80	61 67 65 20 61 6e 64 20 70 72 65 2d 70 72 6f 63 65 73 73 69 6e 67 20 6f 66 20 66 6c 6f 77 20 64	age.and.pre-processing.of.flow.d
8cda0	61 74 61 20 72 65 63 65 69 76 65 64 20 66 72 6f 6d 20 61 20 66 6c 6f 77 20 65 78 70 6f 72 74 65	ata.received.from.a.flow.exporte
8cdc0	72 00 2a 2a 64 65 66 61 75 6c 74 2a 2a 20 e2 80 93 20 20 74 68 69 73 20 61 72 65 61 20 77 69 6c	r.**default**......this.area.wil
8cde0	6c 20 62 65 20 75 73 65 64 20 66 6f 72 20 73 68 6f 72 74 63 75 74 74 69 6e 67 20 6f 6e 6c 79 20	l.be.used.for.shortcutting.only.
8ce00	69 66 20 41 42 52 20 64 6f 65 73 20 6e 6f 74 20 68 61 76 65 20 61 20 6c 69 6e 6b 20 74 6f 20 74	if.ABR.does.not.have.a.link.to.t
8ce20	68 65 20 62 61 63 6b 62 6f 6e 65 20 61 72 65 61 20 6f 72 20 74 68 69 73 20 6c 69 6e 6b 20 77 61	he.backbone.area.or.this.link.wa
8ce40	73 20 6c 6f 73 74 2e 20 2a 2a 65 6e 61 62 6c 65 2a 2a 20 e2 80 93 20 74 68 65 20 61 72 65 61 20	s.lost..**enable**.....the.area.
8ce60	77 69 6c 6c 20 62 65 20 75 73 65 64 20 66 6f 72 20 73 68 6f 72 74 63 75 74 74 69 6e 67 20 65 76	will.be.used.for.shortcutting.ev
8ce80	65 72 79 20 74 69 6d 65 20 74 68 65 20 72 6f 75 74 65 20 74 68 61 74 20 67 6f 65 73 20 74 68 72	ery.time.the.route.that.goes.thr
8cea0	6f 75 67 68 20 69 74 20 69 73 20 63 68 65 61 70 65 72 2e 20 2a 2a 64 69 73 61 62 6c 65 2a 2a 20	ough.it.is.cheaper..**disable**.
8cec0	e2 80 93 20 74 68 69 73 20 61 72 65 61 20 69 73 20 6e 65 76 65 72 20 75 73 65 64 20 62 79 20 41	....this.area.is.never.used.by.A
8cee0	42 52 20 66 6f 72 20 72 6f 75 74 65 73 20 73 68 6f 72 74 63 75 74 74 69 6e 67 2e 00 2a 2a 64 65	BR.for.routes.shortcutting..**de
8cf00	66 61 75 6c 74 2a 2a 20 e2 80 93 20 65 6e 61 62 6c 65 20 73 70 6c 69 74 2d 68 6f 72 69 7a 6f 6e	fault**.....enable.split-horizon
8cf20	20 6f 6e 20 77 69 72 65 64 20 69 6e 74 65 72 66 61 63 65 73 2c 20 61 6e 64 20 64 69 73 61 62 6c	.on.wired.interfaces,.and.disabl
8cf40	65 20 73 70 6c 69 74 2d 68 6f 72 69 7a 6f 6e 20 6f 6e 20 77 69 72 65 6c 65 73 73 20 69 6e 74 65	e.split-horizon.on.wireless.inte
8cf60	72 66 61 63 65 73 2e 20 2a 2a 65 6e 61 62 6c 65 2a 2a 20 e2 80 93 20 65 6e 61 62 6c 65 20 73 70	rfaces..**enable**.....enable.sp
8cf80	6c 69 74 2d 68 6f 72 69 7a 6f 6e 20 6f 6e 20 74 68 69 73 20 69 6e 74 65 72 66 61 63 65 73 2e 20	lit-horizon.on.this.interfaces..
8cfa0	2a 2a 64 69 73 61 62 6c 65 2a 2a 20 e2 80 93 20 64 69 73 61 62 6c 65 20 73 70 6c 69 74 2d 68 6f	**disable**.....disable.split-ho
8cfc0	72 69 7a 6f 6e 20 6f 6e 20 74 68 69 73 20 69 6e 74 65 72 66 61 63 65 73 2e 00 2a 2a 64 65 6e 79	rizon.on.this.interfaces..**deny
8cfe0	2a 2a 20 2d 20 64 65 6e 79 20 6d 70 70 65 00 2a 2a 64 65 73 74 69 6e 61 74 69 6f 6e 2a 2a 20 2d	**.-.deny.mppe.**destination**.-
8d000	20 73 70 65 63 69 66 79 20 77 68 69 63 68 20 70 61 63 6b 65 74 73 20 74 68 65 20 74 72 61 6e 73	.specify.which.packets.the.trans
8d020	6c 61 74 69 6f 6e 20 77 69 6c 6c 20 62 65 20 61 70 70 6c 69 65 64 20 74 6f 2c 20 6f 6e 6c 79 20	lation.will.be.applied.to,.only.
8d040	62 61 73 65 64 20 6f 6e 20 74 68 65 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 61 64 64 72 65 73 73	based.on.the.destination.address
8d060	20 61 6e 64 2f 6f 72 20 70 6f 72 74 20 6e 75 6d 62 65 72 20 63 6f 6e 66 69 67 75 72 65 64 2e 00	.and/or.port.number.configured..
8d080	2a 2a 64 68 63 70 2a 2a 20 69 6e 74 65 72 66 61 63 65 20 61 64 64 72 65 73 73 20 69 73 20 72 65	**dhcp**.interface.address.is.re
8d0a0	63 65 69 76 65 64 20 62 79 20 44 48 43 50 20 66 72 6f 6d 20 61 20 44 48 43 50 20 73 65 72 76 65	ceived.by.DHCP.from.a.DHCP.serve
8d0c0	72 20 6f 6e 20 74 68 69 73 20 73 65 67 6d 65 6e 74 2e 00 2a 2a 64 68 63 70 76 36 2a 2a 20 69 6e	r.on.this.segment..**dhcpv6**.in
8d0e0	74 65 72 66 61 63 65 20 61 64 64 72 65 73 73 20 69 73 20 72 65 63 65 69 76 65 64 20 62 79 20 44	terface.address.is.received.by.D
8d100	48 43 50 76 36 20 66 72 6f 6d 20 61 20 44 48 43 50 76 36 20 73 65 72 76 65 72 20 6f 6e 20 74 68	HCPv6.from.a.DHCPv6.server.on.th
8d120	69 73 20 73 65 67 6d 65 6e 74 2e 00 2a 2a 64 69 73 63 61 72 64 3a 2a 2a 20 52 65 63 65 69 76 65	is.segment..**discard:**.Receive
8d140	64 20 70 61 63 6b 65 74 73 20 77 68 69 63 68 20 61 6c 72 65 61 64 79 20 63 6f 6e 74 61 69 6e 20	d.packets.which.already.contain.
8d160	72 65 6c 61 79 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 77 69 6c 6c 20 62 65 20 64 69 73 63 61 72	relay.information.will.be.discar
8d180	64 65 64 2e 00 2a 2a 64 6f 77 6e 73 74 72 65 61 6d 3a 2a 2a 20 44 6f 77 6e 73 74 72 65 61 6d 20	ded..**downstream:**.Downstream.
8d1a0	6e 65 74 77 6f 72 6b 20 69 6e 74 65 72 66 61 63 65 73 20 61 72 65 20 74 68 65 20 64 69 73 74 72	network.interfaces.are.the.distr
8d1c0	69 62 75 74 69 6f 6e 20 69 6e 74 65 72 66 61 63 65 73 20 74 6f 20 74 68 65 20 64 65 73 74 69 6e	ibution.interfaces.to.the.destin
8d1e0	61 74 69 6f 6e 20 6e 65 74 77 6f 72 6b 73 2c 20 77 68 65 72 65 20 6d 75 6c 74 69 63 61 73 74 20	ation.networks,.where.multicast.
8d200	63 6c 69 65 6e 74 73 20 63 61 6e 20 6a 6f 69 6e 20 67 72 6f 75 70 73 20 61 6e 64 20 72 65 63 65	clients.can.join.groups.and.rece
8d220	69 76 65 20 6d 75 6c 74 69 63 61 73 74 20 64 61 74 61 2e 20 4f 6e 65 20 6f 72 20 6d 6f 72 65 20	ive.multicast.data..One.or.more.
8d240	64 6f 77 6e 73 74 72 65 61 6d 20 69 6e 74 65 72 66 61 63 65 73 20 6d 75 73 74 20 62 65 20 63 6f	downstream.interfaces.must.be.co
8d260	6e 66 69 67 75 72 65 64 2e 00 2a 2a 65 78 70 6f 72 74 65 72 2a 2a 3a 20 61 67 67 72 65 67 61 74	nfigured..**exporter**:.aggregat
8d280	65 73 20 70 61 63 6b 65 74 73 20 69 6e 74 6f 20 66 6c 6f 77 73 20 61 6e 64 20 65 78 70 6f 72 74	es.packets.into.flows.and.export
8d2a0	73 20 66 6c 6f 77 20 72 65 63 6f 72 64 73 20 74 6f 77 61 72 64 73 20 6f 6e 65 20 6f 72 20 6d 6f	s.flow.records.towards.one.or.mo
8d2c0	72 65 20 66 6c 6f 77 20 63 6f 6c 6c 65 63 74 6f 72 73 00 2a 2a 66 69 72 65 77 61 6c 6c 20 61 6c	re.flow.collectors.**firewall.al
8d2e0	6c 2d 70 69 6e 67 2a 2a 20 61 66 66 65 63 74 73 20 6f 6e 6c 79 20 74 6f 20 4c 4f 43 41 4c 20 61	l-ping**.affects.only.to.LOCAL.a
8d300	6e 64 20 69 74 20 61 6c 77 61 79 73 20 62 65 68 61 76 65 73 20 69 6e 20 74 68 65 20 6d 6f 73 74	nd.it.always.behaves.in.the.most
8d320	20 72 65 73 74 72 69 63 74 69 76 65 20 77 61 79 00 2a 2a 66 69 72 65 77 61 6c 6c 20 67 6c 6f 62	.restrictive.way.**firewall.glob
8d340	61 6c 2d 6f 70 74 69 6f 6e 73 20 61 6c 6c 2d 70 69 6e 67 2a 2a 20 61 66 66 65 63 74 73 20 6f 6e	al-options.all-ping**.affects.on
8d360	6c 79 20 74 6f 20 4c 4f 43 41 4c 20 61 6e 64 20 69 74 20 61 6c 77 61 79 73 20 62 65 68 61 76 65	ly.to.LOCAL.and.it.always.behave
8d380	73 20 69 6e 20 74 68 65 20 6d 6f 73 74 20 72 65 73 74 72 69 63 74 69 76 65 20 77 61 79 00 2a 2a	s.in.the.most.restrictive.way.**
8d3a0	66 6f 72 77 61 72 64 3a 2a 2a 20 41 6c 6c 20 70 61 63 6b 65 74 73 20 61 72 65 20 66 6f 72 77 61	forward:**.All.packets.are.forwa
8d3c0	72 64 65 64 2c 20 72 65 6c 61 79 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 6c 72 65 61 64 79 20	rded,.relay.information.already.
8d3e0	70 72 65 73 65 6e 74 20 77 69 6c 6c 20 62 65 20 69 67 6e 6f 72 65 64 2e 00 2a 2a 69 6e 62 6f 75	present.will.be.ignored..**inbou
8d400	6e 64 2d 69 6e 74 65 72 66 61 63 65 2a 2a 20 2d 20 61 70 70 6c 69 63 61 62 6c 65 20 6f 6e 6c 79	nd-interface**.-.applicable.only
8d420	20 74 6f 20 3a 72 65 66 3a 60 64 65 73 74 69 6e 61 74 69 6f 6e 2d 6e 61 74 60 2e 20 49 74 20 63	.to.:ref:`destination-nat`..It.c
8d440	6f 6e 66 69 67 75 72 65 73 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 77 68 69 63 68 20 69 73	onfigures.the.interface.which.is
8d460	20 75 73 65 64 20 66 6f 72 20 74 68 65 20 69 6e 73 69 64 65 20 74 72 61 66 66 69 63 20 74 68 65	.used.for.the.inside.traffic.the
8d480	20 74 72 61 6e 73 6c 61 74 69 6f 6e 20 72 75 6c 65 20 61 70 70 6c 69 65 73 20 74 6f 2e 00 2a 2a	.translation.rule.applies.to..**
8d4a0	6c 61 79 65 72 32 2a 2a 20 2d 20 55 73 65 73 20 58 4f 52 20 6f 66 20 68 61 72 64 77 61 72 65 20	layer2**.-.Uses.XOR.of.hardware.
8d4c0	4d 41 43 20 61 64 64 72 65 73 73 65 73 20 61 6e 64 20 70 61 63 6b 65 74 20 74 79 70 65 20 49 44	MAC.addresses.and.packet.type.ID
8d4e0	20 66 69 65 6c 64 20 74 6f 20 67 65 6e 65 72 61 74 65 20 74 68 65 20 68 61 73 68 2e 20 54 68 65	.field.to.generate.the.hash..The
8d500	20 66 6f 72 6d 75 6c 61 20 69 73 00 2a 2a 6c 61 79 65 72 32 2b 33 2a 2a 20 2d 20 54 68 69 73 20	.formula.is.**layer2+3**.-.This.
8d520	70 6f 6c 69 63 79 20 75 73 65 73 20 61 20 63 6f 6d 62 69 6e 61 74 69 6f 6e 20 6f 66 20 6c 61 79	policy.uses.a.combination.of.lay
8d540	65 72 32 20 61 6e 64 20 6c 61 79 65 72 33 20 70 72 6f 74 6f 63 6f 6c 20 69 6e 66 6f 72 6d 61 74	er2.and.layer3.protocol.informat
8d560	69 6f 6e 20 74 6f 20 67 65 6e 65 72 61 74 65 20 74 68 65 20 68 61 73 68 2e 20 55 73 65 73 20 58	ion.to.generate.the.hash..Uses.X
8d580	4f 52 20 6f 66 20 68 61 72 64 77 61 72 65 20 4d 41 43 20 61 64 64 72 65 73 73 65 73 20 61 6e 64	OR.of.hardware.MAC.addresses.and
8d5a0	20 49 50 20 61 64 64 72 65 73 73 65 73 20 74 6f 20 67 65 6e 65 72 61 74 65 20 74 68 65 20 68 61	.IP.addresses.to.generate.the.ha
8d5c0	73 68 2e 20 54 68 65 20 66 6f 72 6d 75 6c 61 20 69 73 3a 00 2a 2a 6c 61 79 65 72 33 2b 34 2a 2a	sh..The.formula.is:.**layer3+4**
8d5e0	20 2d 20 54 68 69 73 20 70 6f 6c 69 63 79 20 75 73 65 73 20 75 70 70 65 72 20 6c 61 79 65 72 20	.-.This.policy.uses.upper.layer.
8d600	70 72 6f 74 6f 63 6f 6c 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2c 20 77 68 65 6e 20 61 76 61 69 6c	protocol.information,.when.avail
8d620	61 62 6c 65 2c 20 74 6f 20 67 65 6e 65 72 61 74 65 20 74 68 65 20 68 61 73 68 2e 20 54 68 69 73	able,.to.generate.the.hash..This
8d640	20 61 6c 6c 6f 77 73 20 66 6f 72 20 74 72 61 66 66 69 63 20 74 6f 20 61 20 70 61 72 74 69 63 75	.allows.for.traffic.to.a.particu
8d660	6c 61 72 20 6e 65 74 77 6f 72 6b 20 70 65 65 72 20 74 6f 20 73 70 61 6e 20 6d 75 6c 74 69 70 6c	lar.network.peer.to.span.multipl
8d680	65 20 73 6c 61 76 65 73 2c 20 61 6c 74 68 6f 75 67 68 20 61 20 73 69 6e 67 6c 65 20 63 6f 6e 6e	e.slaves,.although.a.single.conn
8d6a0	65 63 74 69 6f 6e 20 77 69 6c 6c 20 6e 6f 74 20 73 70 61 6e 20 6d 75 6c 74 69 70 6c 65 20 73 6c	ection.will.not.span.multiple.sl
8d6c0	61 76 65 73 2e 00 2a 2a 6c 65 66 74 2a 2a 00 2a 2a 6c 65 76 65 6c 2d 31 2a 2a 20 2d 20 41 63 74	aves..**left**.**level-1**.-.Act
8d6e0	20 61 73 20 61 20 73 74 61 74 69 6f 6e 20 28 4c 65 76 65 6c 20 31 29 20 72 6f 75 74 65 72 20 6f	.as.a.station.(Level.1).router.o
8d700	6e 6c 79 2e 00 2a 2a 6c 65 76 65 6c 2d 31 2a 2a 20 2d 20 4c 65 76 65 6c 2d 31 20 6f 6e 6c 79 20	nly..**level-1**.-.Level-1.only.
8d720	61 64 6a 61 63 65 6e 63 69 65 73 20 61 72 65 20 66 6f 72 6d 65 64 2e 00 2a 2a 6c 65 76 65 6c 2d	adjacencies.are.formed..**level-
8d740	31 2d 32 2a 2a 20 2d 20 41 63 74 20 61 73 20 61 20 73 74 61 74 69 6f 6e 20 28 4c 65 76 65 6c 20	1-2**.-.Act.as.a.station.(Level.
8d760	31 29 20 72 6f 75 74 65 72 20 61 6e 64 20 61 72 65 61 20 28 4c 65 76 65 6c 20 32 29 20 72 6f 75	1).router.and.area.(Level.2).rou
8d780	74 65 72 2e 00 2a 2a 6c 65 76 65 6c 2d 31 2d 32 2a 2a 20 2d 20 4c 65 76 65 6c 2d 31 2d 32 20 61	ter..**level-1-2**.-.Level-1-2.a
8d7a0	64 6a 61 63 65 6e 63 69 65 73 20 61 72 65 20 66 6f 72 6d 65 64 00 2a 2a 6c 65 76 65 6c 2d 32 2d	djacencies.are.formed.**level-2-
8d7c0	6f 6e 6c 79 2a 2a 20 2d 20 41 63 74 20 61 73 20 61 6e 20 61 72 65 61 20 28 4c 65 76 65 6c 20 32	only**.-.Act.as.an.area.(Level.2
8d7e0	29 20 72 6f 75 74 65 72 20 6f 6e 6c 79 2e 00 2a 2a 6c 65 76 65 6c 2d 32 2d 6f 6e 6c 79 2a 2a 20	).router.only..**level-2-only**.
8d800	2d 20 4c 65 76 65 6c 2d 32 20 6f 6e 6c 79 20 61 64 6a 61 63 65 6e 63 69 65 73 20 61 72 65 20 66	-.Level-2.only.adjacencies.are.f
8d820	6f 72 6d 65 64 00 2a 2a 6c 6f 63 61 6c 20 73 69 64 65 20 2d 20 63 6f 6d 6d 61 6e 64 73 2a 2a 00	ormed.**local.side.-.commands**.
8d840	2a 2a 6c 6f 63 61 6c 2a 2a 3a 20 41 6c 6c 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 71 75	**local**:.All.authentication.qu
8d860	65 72 69 65 73 20 61 72 65 20 68 61 6e 64 6c 65 64 20 6c 6f 63 61 6c 6c 79 2e 00 2a 2a 6c 6f 67	eries.are.handled.locally..**log
8d880	2d 66 61 69 6c 2a 2a 20 49 6e 20 74 68 69 73 20 6d 6f 64 65 2c 20 74 68 65 20 72 65 63 75 72 73	-fail**.In.this.mode,.the.recurs
8d8a0	6f 72 20 77 69 6c 6c 20 61 74 74 65 6d 70 74 20 74 6f 20 76 61 6c 69 64 61 74 65 20 61 6c 6c 20	or.will.attempt.to.validate.all.
8d8c0	64 61 74 61 20 69 74 20 72 65 74 72 69 65 76 65 73 20 66 72 6f 6d 20 61 75 74 68 6f 72 69 74 61	data.it.retrieves.from.authorita
8d8e0	74 69 76 65 20 73 65 72 76 65 72 73 2c 20 72 65 67 61 72 64 6c 65 73 73 20 6f 66 20 74 68 65 20	tive.servers,.regardless.of.the.
8d900	63 6c 69 65 6e 74 27 73 20 44 4e 53 53 45 43 20 64 65 73 69 72 65 73 2c 20 61 6e 64 20 77 69 6c	client's.DNSSEC.desires,.and.wil
8d920	6c 20 6c 6f 67 20 74 68 65 20 76 61 6c 69 64 61 74 69 6f 6e 20 72 65 73 75 6c 74 2e 20 54 68 69	l.log.the.validation.result..Thi
8d940	73 20 6d 6f 64 65 20 63 61 6e 20 62 65 20 75 73 65 64 20 74 6f 20 64 65 74 65 72 6d 69 6e 65 20	s.mode.can.be.used.to.determine.
8d960	74 68 65 20 65 78 74 72 61 20 6c 6f 61 64 20 61 6e 64 20 61 6d 6f 75 6e 74 20 6f 66 20 70 6f 73	the.extra.load.and.amount.of.pos
8d980	73 69 62 6c 79 20 62 6f 67 75 73 20 61 6e 73 77 65 72 73 20 62 65 66 6f 72 65 20 74 75 72 6e 69	sibly.bogus.answers.before.turni
8d9a0	6e 67 20 6f 6e 20 66 75 6c 6c 2d 62 6c 6f 77 6e 20 76 61 6c 69 64 61 74 69 6f 6e 2e 20 52 65 73	ng.on.full-blown.validation..Res
8d9c0	70 6f 6e 73 65 73 20 74 6f 20 63 6c 69 65 6e 74 20 71 75 65 72 69 65 73 20 61 72 65 20 74 68 65	ponses.to.client.queries.are.the
8d9e0	20 73 61 6d 65 20 61 73 20 77 69 74 68 20 70 72 6f 63 65 73 73 2e 00 2a 2a 6e 61 72 72 6f 77 2a	.same.as.with.process..**narrow*
8da00	2a 20 2d 20 55 73 65 20 6f 6c 64 20 73 74 79 6c 65 20 6f 66 20 54 4c 56 73 20 77 69 74 68 20 6e	*.-.Use.old.style.of.TLVs.with.n
8da20	61 72 72 6f 77 20 6d 65 74 72 69 63 2e 00 2a 2a 6e 65 74 2d 61 64 6d 69 6e 2a 2a 3a 20 4e 65 74	arrow.metric..**net-admin**:.Net
8da40	77 6f 72 6b 20 6f 70 65 72 61 74 69 6f 6e 73 20 28 69 6e 74 65 72 66 61 63 65 2c 20 66 69 72 65	work.operations.(interface,.fire
8da60	77 61 6c 6c 2c 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 73 29 00 2a 2a 6e 65 74 2d 62 69 6e 64	wall,.routing.tables).**net-bind
8da80	2d 73 65 72 76 69 63 65 2a 2a 3a 20 42 69 6e 64 20 61 20 73 6f 63 6b 65 74 20 74 6f 20 70 72 69	-service**:.Bind.a.socket.to.pri
8daa0	76 69 6c 65 67 65 64 20 70 6f 72 74 73 20 28 70 6f 72 74 20 6e 75 6d 62 65 72 73 20 6c 65 73 73	vileged.ports.(port.numbers.less
8dac0	20 74 68 61 6e 20 31 30 32 34 29 00 2a 2a 6e 65 74 2d 72 61 77 2a 2a 3a 20 50 65 72 6d 69 73 73	.than.1024).**net-raw**:.Permiss
8dae0	69 6f 6e 20 74 6f 20 63 72 65 61 74 65 20 72 61 77 20 6e 65 74 77 6f 72 6b 20 73 6f 63 6b 65 74	ion.to.create.raw.network.socket
8db00	73 00 2a 2a 6e 6f 2a 2a 3a 20 44 6f 20 6e 6f 74 20 72 65 73 74 61 72 74 20 63 6f 6e 74 61 69 6e	s.**no**:.Do.not.restart.contain
8db20	65 72 73 20 6f 6e 20 65 78 69 74 00 2a 2a 6f 66 66 2a 2a 20 49 6e 20 74 68 69 73 20 6d 6f 64 65	ers.on.exit.**off**.In.this.mode
8db40	2c 20 6e 6f 20 44 4e 53 53 45 43 20 70 72 6f 63 65 73 73 69 6e 67 20 74 61 6b 65 73 20 70 6c 61	,.no.DNSSEC.processing.takes.pla
8db60	63 65 2e 20 54 68 65 20 72 65 63 75 72 73 6f 72 20 77 69 6c 6c 20 6e 6f 74 20 73 65 74 20 74 68	ce..The.recursor.will.not.set.th
8db80	65 20 44 4e 53 53 45 43 20 4f 4b 20 28 44 4f 29 20 62 69 74 20 69 6e 20 74 68 65 20 6f 75 74 67	e.DNSSEC.OK.(DO).bit.in.the.outg
8dba0	6f 69 6e 67 20 71 75 65 72 69 65 73 20 61 6e 64 20 77 69 6c 6c 20 69 67 6e 6f 72 65 20 74 68 65	oing.queries.and.will.ignore.the
8dbc0	20 44 4f 20 61 6e 64 20 41 44 20 62 69 74 73 20 69 6e 20 71 75 65 72 69 65 73 2e 00 2a 2a 6f 6e	.DO.and.AD.bits.in.queries..**on
8dbe0	2d 66 61 69 6c 75 72 65 2a 2a 3a 20 52 65 73 74 61 72 74 20 63 6f 6e 74 61 69 6e 65 72 73 20 77	-failure**:.Restart.containers.w
8dc00	68 65 6e 20 74 68 65 79 20 65 78 69 74 20 77 69 74 68 20 61 20 6e 6f 6e 2d 7a 65 72 6f 20 65 78	hen.they.exit.with.a.non-zero.ex
8dc20	69 74 20 63 6f 64 65 2c 20 72 65 74 72 79 69 6e 67 20 69 6e 64 65 66 69 6e 69 74 65 6c 79 20 28	it.code,.retrying.indefinitely.(
8dc40	64 65 66 61 75 6c 74 29 00 2a 2a 6f 75 74 62 6f 75 6e 64 2d 69 6e 74 65 72 66 61 63 65 2a 2a 20	default).**outbound-interface**.
8dc60	2d 20 61 70 70 6c 69 63 61 62 6c 65 20 6f 6e 6c 79 20 74 6f 20 3a 72 65 66 3a 60 73 6f 75 72 63	-.applicable.only.to.:ref:`sourc
8dc80	65 2d 6e 61 74 60 2e 20 49 74 20 63 6f 6e 66 69 67 75 72 65 73 20 74 68 65 20 69 6e 74 65 72 66	e-nat`..It.configures.the.interf
8dca0	61 63 65 20 77 68 69 63 68 20 69 73 20 75 73 65 64 20 66 6f 72 20 74 68 65 20 6f 75 74 73 69 64	ace.which.is.used.for.the.outsid
8dcc0	65 20 74 72 61 66 66 69 63 20 74 68 61 74 20 74 68 69 73 20 74 72 61 6e 73 6c 61 74 69 6f 6e 20	e.traffic.that.this.translation.
8dce0	72 75 6c 65 20 61 70 70 6c 69 65 73 20 74 6f 2e 00 2a 2a 70 72 65 66 65 72 2a 2a 20 2d 20 61 73	rule.applies.to..**prefer**.-.as
8dd00	6b 20 63 6c 69 65 6e 74 20 66 6f 72 20 6d 70 70 65 2c 20 69 66 20 69 74 20 72 65 6a 65 63 74 73	k.client.for.mppe,.if.it.rejects
8dd20	20 64 6f 6e 27 74 20 66 61 69 6c 00 2a 2a 70 72 6f 63 65 73 73 2a 2a 20 57 68 65 6e 20 64 6e 73	.don't.fail.**process**.When.dns
8dd40	73 65 63 20 69 73 20 73 65 74 20 74 6f 20 70 72 6f 63 65 73 73 20 74 68 65 20 62 65 68 61 76 69	sec.is.set.to.process.the.behavi
8dd60	6f 72 20 69 73 20 73 69 6d 69 6c 61 72 20 74 6f 20 70 72 6f 63 65 73 73 2d 6e 6f 2d 76 61 6c 69	or.is.similar.to.process-no-vali
8dd80	64 61 74 65 2e 20 48 6f 77 65 76 65 72 2c 20 74 68 65 20 72 65 63 75 72 73 6f 72 20 77 69 6c 6c	date..However,.the.recursor.will
8dda0	20 74 72 79 20 74 6f 20 76 61 6c 69 64 61 74 65 20 74 68 65 20 64 61 74 61 20 69 66 20 61 74 20	.try.to.validate.the.data.if.at.
8ddc0	6c 65 61 73 74 20 6f 6e 65 20 6f 66 20 74 68 65 20 44 4f 20 6f 72 20 41 44 20 62 69 74 73 20 69	least.one.of.the.DO.or.AD.bits.i
8dde0	73 20 73 65 74 20 69 6e 20 74 68 65 20 71 75 65 72 79 3b 20 69 6e 20 74 68 61 74 20 63 61 73 65	s.set.in.the.query;.in.that.case
8de00	2c 20 69 74 20 77 69 6c 6c 20 73 65 74 20 74 68 65 20 41 44 2d 62 69 74 20 69 6e 20 74 68 65 20	,.it.will.set.the.AD-bit.in.the.
8de20	72 65 73 70 6f 6e 73 65 20 77 68 65 6e 20 74 68 65 20 64 61 74 61 20 69 73 20 76 61 6c 69 64 61	response.when.the.data.is.valida
8de40	74 65 64 20 73 75 63 63 65 73 73 66 75 6c 6c 79 2c 20 6f 72 20 73 65 6e 64 20 53 45 52 56 46 41	ted.successfully,.or.send.SERVFA
8de60	49 4c 20 77 68 65 6e 20 74 68 65 20 76 61 6c 69 64 61 74 69 6f 6e 20 63 6f 6d 65 73 20 75 70 20	IL.when.the.validation.comes.up.
8de80	62 6f 67 75 73 2e 00 2a 2a 70 72 6f 63 65 73 73 2d 6e 6f 2d 76 61 6c 69 64 61 74 65 2a 2a 20 49	bogus..**process-no-validate**.I
8dea0	6e 20 74 68 69 73 20 6d 6f 64 65 20 74 68 65 20 72 65 63 75 72 73 6f 72 20 61 63 74 73 20 61 73	n.this.mode.the.recursor.acts.as
8dec0	20 61 20 22 73 65 63 75 72 69 74 79 20 61 77 61 72 65 2c 20 6e 6f 6e 2d 76 61 6c 69 64 61 74 69	.a."security.aware,.non-validati
8dee0	6e 67 22 20 6e 61 6d 65 73 65 72 76 65 72 2c 20 6d 65 61 6e 69 6e 67 20 69 74 20 77 69 6c 6c 20	ng".nameserver,.meaning.it.will.
8df00	73 65 74 20 74 68 65 20 44 4f 2d 62 69 74 20 6f 6e 20 6f 75 74 67 6f 69 6e 67 20 71 75 65 72 69	set.the.DO-bit.on.outgoing.queri
8df20	65 73 20 61 6e 64 20 77 69 6c 6c 20 70 72 6f 76 69 64 65 20 44 4e 53 53 45 43 20 72 65 6c 61 74	es.and.will.provide.DNSSEC.relat
8df40	65 64 20 52 52 73 65 74 73 20 28 4e 53 45 43 2c 20 52 52 53 49 47 29 20 74 6f 20 63 6c 69 65 6e	ed.RRsets.(NSEC,.RRSIG).to.clien
8df60	74 73 20 74 68 61 74 20 61 73 6b 20 66 6f 72 20 74 68 65 6d 20 28 62 79 20 6d 65 61 6e 73 20 6f	ts.that.ask.for.them.(by.means.o
8df80	66 20 61 20 44 4f 2d 62 69 74 20 69 6e 20 74 68 65 20 71 75 65 72 79 29 2c 20 65 78 63 65 70 74	f.a.DO-bit.in.the.query),.except
8dfa0	20 66 6f 72 20 7a 6f 6e 65 73 20 70 72 6f 76 69 64 65 64 20 74 68 72 6f 75 67 68 20 74 68 65 20	.for.zones.provided.through.the.
8dfc0	61 75 74 68 2d 7a 6f 6e 65 73 20 73 65 74 74 69 6e 67 2e 20 49 74 20 77 69 6c 6c 20 6e 6f 74 20	auth-zones.setting..It.will.not.
8dfe0	64 6f 20 61 6e 79 20 76 61 6c 69 64 61 74 69 6f 6e 20 69 6e 20 74 68 69 73 20 6d 6f 64 65 2c 20	do.any.validation.in.this.mode,.
8e000	6e 6f 74 20 65 76 65 6e 20 77 68 65 6e 20 72 65 71 75 65 73 74 65 64 20 62 79 20 74 68 65 20 63	not.even.when.requested.by.the.c
8e020	6c 69 65 6e 74 2e 00 2a 2a 70 72 6f 74 6f 63 6f 6c 2a 2a 20 2d 20 73 70 65 63 69 66 79 20 77 68	lient..**protocol**.-.specify.wh
8e040	69 63 68 20 74 79 70 65 73 20 6f 66 20 70 72 6f 74 6f 63 6f 6c 73 20 74 68 69 73 20 74 72 61 6e	ich.types.of.protocols.this.tran
8e060	73 6c 61 74 69 6f 6e 20 72 75 6c 65 20 61 70 70 6c 69 65 73 20 74 6f 2e 20 4f 6e 6c 79 20 70 61	slation.rule.applies.to..Only.pa
8e080	63 6b 65 74 73 20 6d 61 74 63 68 69 6e 67 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 70 72 6f	ckets.matching.the.specified.pro
8e0a0	74 6f 63 6f 6c 20 61 72 65 20 4e 41 54 65 64 2e 20 42 79 20 64 65 66 61 75 6c 74 20 74 68 69 73	tocol.are.NATed..By.default.this
8e0c0	20 61 70 70 6c 69 65 73 20 74 6f 20 60 61 6c 6c 60 20 70 72 6f 74 6f 63 6f 6c 73 2e 00 2a 2a 72	.applies.to.`all`.protocols..**r
8e0e0	61 64 69 75 73 2a 2a 3a 20 41 6c 6c 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 71 75 65 72	adius**:.All.authentication.quer
8e100	69 65 73 20 61 72 65 20 68 61 6e 64 6c 65 64 20 62 79 20 61 20 63 6f 6e 66 69 67 75 72 65 64 20	ies.are.handled.by.a.configured.
8e120	52 41 44 49 55 53 20 73 65 72 76 65 72 2e 00 2a 2a 72 65 6d 6f 74 65 20 73 69 64 65 20 2d 20 63	RADIUS.server..**remote.side.-.c
8e140	6f 6d 6d 61 6e 64 73 2a 2a 00 2a 2a 72 65 70 6c 61 63 65 3a 2a 2a 20 52 65 6c 61 79 20 69 6e 66	ommands**.**replace:**.Relay.inf
8e160	6f 72 6d 61 74 69 6f 6e 20 61 6c 72 65 61 64 79 20 70 72 65 73 65 6e 74 20 69 6e 20 61 20 70 61	ormation.already.present.in.a.pa
8e180	63 6b 65 74 20 69 73 20 73 74 72 69 70 70 65 64 20 61 6e 64 20 72 65 70 6c 61 63 65 64 20 77 69	cket.is.stripped.and.replaced.wi
8e1a0	74 68 20 74 68 65 20 72 6f 75 74 65 72 27 73 20 6f 77 6e 20 72 65 6c 61 79 20 69 6e 66 6f 72 6d	th.the.router's.own.relay.inform
8e1c0	61 74 69 6f 6e 20 73 65 74 2e 00 2a 2a 72 65 71 75 69 72 65 2a 2a 20 2d 20 61 73 6b 20 63 6c 69	ation.set..**require**.-.ask.cli
8e1e0	65 6e 74 20 66 6f 72 20 6d 70 70 65 2c 20 69 66 20 69 74 20 72 65 6a 65 63 74 73 20 64 72 6f 70	ent.for.mppe,.if.it.rejects.drop
8e200	20 63 6f 6e 6e 65 63 74 69 6f 6e 00 2a 2a 72 69 67 68 74 2a 2a 00 2a 2a 73 65 74 70 63 61 70 2a	.connection.**right**.**setpcap*
8e220	2a 3a 20 43 61 70 61 62 69 6c 69 74 79 20 73 65 74 73 20 28 66 72 6f 6d 20 62 6f 75 6e 64 65 64	*:.Capability.sets.(from.bounded
8e240	20 6f 72 20 69 6e 68 65 72 69 74 65 64 20 73 65 74 29 00 2a 2a 73 6f 75 72 63 65 2a 2a 20 2d 20	.or.inherited.set).**source**.-.
8e260	73 70 65 63 69 66 69 65 73 20 77 68 69 63 68 20 70 61 63 6b 65 74 73 20 74 68 65 20 4e 41 54 20	specifies.which.packets.the.NAT.
8e280	74 72 61 6e 73 6c 61 74 69 6f 6e 20 72 75 6c 65 20 61 70 70 6c 69 65 73 20 74 6f 20 62 61 73 65	translation.rule.applies.to.base
8e2a0	64 20 6f 6e 20 74 68 65 20 70 61 63 6b 65 74 73 20 73 6f 75 72 63 65 20 49 50 20 61 64 64 72 65	d.on.the.packets.source.IP.addre
8e2c0	73 73 20 61 6e 64 2f 6f 72 20 73 6f 75 72 63 65 20 70 6f 72 74 2e 20 4f 6e 6c 79 20 6d 61 74 63	ss.and/or.source.port..Only.matc
8e2e0	68 69 6e 67 20 70 61 63 6b 65 74 73 20 61 72 65 20 63 6f 6e 73 69 64 65 72 65 64 20 66 6f 72 20	hing.packets.are.considered.for.
8e300	4e 41 54 2e 00 2a 2a 73 79 73 2d 61 64 6d 69 6e 2a 2a 3a 20 41 64 6d 69 6e 69 73 74 61 74 69 6f	NAT..**sys-admin**:.Administatio
8e320	6e 20 6f 70 65 72 61 74 69 6f 6e 73 20 28 71 75 6f 74 61 63 74 6c 2c 20 6d 6f 75 6e 74 2c 20 73	n.operations.(quotactl,.mount,.s
8e340	65 74 68 6f 73 74 6e 61 6d 65 2c 20 73 65 74 64 6f 6d 61 69 6e 61 6d 65 29 00 2a 2a 73 79 73 2d	ethostname,.setdomainame).**sys-
8e360	74 69 6d 65 2a 2a 3a 20 50 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 73 65 74 20 73 79 73 74 65 6d	time**:.Permission.to.set.system
8e380	20 63 6c 6f 63 6b 00 2a 2a 74 72 61 6e 73 69 74 69 6f 6e 2a 2a 20 2d 20 53 65 6e 64 20 61 6e 64	.clock.**transition**.-.Send.and
8e3a0	20 61 63 63 65 70 74 20 62 6f 74 68 20 73 74 79 6c 65 73 20 6f 66 20 54 4c 56 73 20 64 75 72 69	.accept.both.styles.of.TLVs.duri
8e3c0	6e 67 20 74 72 61 6e 73 69 74 69 6f 6e 2e 00 2a 2a 75 70 73 74 72 65 61 6d 3a 2a 2a 20 54 68 65	ng.transition..**upstream:**.The
8e3e0	20 75 70 73 74 72 65 61 6d 20 6e 65 74 77 6f 72 6b 20 69 6e 74 65 72 66 61 63 65 20 69 73 20 74	.upstream.network.interface.is.t
8e400	68 65 20 6f 75 74 67 6f 69 6e 67 20 69 6e 74 65 72 66 61 63 65 20 77 68 69 63 68 20 69 73 20 72	he.outgoing.interface.which.is.r
8e420	65 73 70 6f 6e 73 69 62 6c 65 20 66 6f 72 20 63 6f 6d 6d 75 6e 69 63 61 74 69 6e 67 20 74 6f 20	esponsible.for.communicating.to.
8e440	61 76 61 69 6c 61 62 6c 65 20 6d 75 6c 74 69 63 61 73 74 20 64 61 74 61 20 73 6f 75 72 63 65 73	available.multicast.data.sources
8e460	2e 20 54 68 65 72 65 20 63 61 6e 20 6f 6e 6c 79 20 62 65 20 6f 6e 65 20 75 70 73 74 72 65 61 6d	..There.can.only.be.one.upstream
8e480	20 69 6e 74 65 72 66 61 63 65 2e 00 2a 2a 76 61 6c 69 64 61 74 65 2a 2a 20 54 68 65 20 68 69 67	.interface..**validate**.The.hig
8e4a0	68 65 73 74 20 6d 6f 64 65 20 6f 66 20 44 4e 53 53 45 43 20 70 72 6f 63 65 73 73 69 6e 67 2e 20	hest.mode.of.DNSSEC.processing..
8e4c0	49 6e 20 74 68 69 73 20 6d 6f 64 65 2c 20 61 6c 6c 20 71 75 65 72 69 65 73 20 77 69 6c 6c 20 62	In.this.mode,.all.queries.will.b
8e4e0	65 20 76 61 6c 69 64 61 74 65 64 20 61 6e 64 20 77 69 6c 6c 20 62 65 20 61 6e 73 77 65 72 65 64	e.validated.and.will.be.answered
8e500	20 77 69 74 68 20 61 20 53 45 52 56 46 41 49 4c 20 69 6e 20 63 61 73 65 20 6f 66 20 62 6f 67 75	.with.a.SERVFAIL.in.case.of.bogu
8e520	73 20 64 61 74 61 2c 20 72 65 67 61 72 64 6c 65 73 73 20 6f 66 20 74 68 65 20 63 6c 69 65 6e 74	s.data,.regardless.of.the.client
8e540	27 73 20 72 65 71 75 65 73 74 2e 00 2a 2a 77 69 64 65 2a 2a 20 2d 20 55 73 65 20 6e 65 77 20 73	's.request..**wide**.-.Use.new.s
8e560	74 79 6c 65 20 6f 66 20 54 4c 56 73 20 74 6f 20 63 61 72 72 79 20 77 69 64 65 72 20 6d 65 74 72	tyle.of.TLVs.to.carry.wider.metr
8e580	69 63 2e 00 2a 62 67 70 64 2a 20 73 75 70 70 6f 72 74 73 20 4d 75 6c 74 69 70 72 6f 74 6f 63 6f	ic..*bgpd*.supports.Multiprotoco
8e5a0	6c 20 45 78 74 65 6e 73 69 6f 6e 20 66 6f 72 20 42 47 50 2e 20 53 6f 20 69 66 20 61 20 72 65 6d	l.Extension.for.BGP..So.if.a.rem
8e5c0	6f 74 65 20 70 65 65 72 20 73 75 70 70 6f 72 74 73 20 74 68 65 20 70 72 6f 74 6f 63 6f 6c 2c 20	ote.peer.supports.the.protocol,.
8e5e0	2a 62 67 70 64 2a 20 63 61 6e 20 65 78 63 68 61 6e 67 65 20 49 50 76 36 20 61 6e 64 2f 6f 72 20	*bgpd*.can.exchange.IPv6.and/or.
8e600	6d 75 6c 74 69 63 61 73 74 20 72 6f 75 74 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 00 30	multicast.routing.information..0
8e620	00 30 20 69 66 20 6e 6f 74 20 64 65 66 69 6e 65 64 2c 20 77 68 69 63 68 20 6d 65 61 6e 73 20 6e	.0.if.not.defined,.which.means.n
8e640	6f 20 72 65 66 72 65 73 68 69 6e 67 2e 00 30 20 69 66 20 6e 6f 74 20 64 65 66 69 6e 65 64 2e 00	o.refreshing..0.if.not.defined..
8e660	30 30 30 30 30 30 00 30 30 31 30 31 30 00 30 30 31 31 30 30 00 30 30 31 31 31 30 00 30 31 30 30	000000.001010.001100.001110.0100
8e680	31 30 00 30 31 30 31 30 30 00 30 31 30 31 31 30 00 30 31 31 30 31 30 00 30 31 31 31 30 30 00 30	10.010100.010110.011010.011100.0
8e6a0	31 31 31 31 30 00 30 3a 20 44 69 73 61 62 6c 65 20 44 41 44 00 31 00 31 20 69 66 20 6e 6f 74 20	11110.0:.Disable.DAD.1.1.if.not.
8e6c0	64 65 66 69 6e 65 64 2e 00 31 2d 74 6f 2d 31 20 4e 41 54 00 31 2e 20 43 72 65 61 74 65 20 61 6e	defined..1-to-1.NAT.1..Create.an
8e6e0	20 65 76 65 6e 74 20 68 61 6e 64 6c 65 72 00 31 30 00 31 30 20 2d 20 31 30 20 4d 42 69 74 2f 73	.event.handler.10.10.-.10.MBit/s
8e700	00 31 30 2e 30 2e 30 2e 30 20 74 6f 20 31 30 2e 32 35 35 2e 32 35 35 2e 32 35 35 20 28 43 49 44	.10.0.0.0.to.10.255.255.255.(CID
8e720	52 3a 20 31 30 2e 30 2e 30 2e 30 2f 38 29 00 31 30 30 20 2d 20 31 30 30 20 4d 42 69 74 2f 73 00	R:.10.0.0.0/8).100.-.100.MBit/s.
8e740	31 30 30 30 20 2d 20 31 20 47 42 69 74 2f 73 00 31 30 30 30 30 20 2d 20 31 30 20 47 42 69 74 2f	1000.-.1.GBit/s.10000.-.10.GBit/
8e760	73 00 31 30 30 30 30 30 20 2d 20 31 30 30 20 47 42 69 74 2f 73 00 31 30 30 30 31 30 00 31 30 30	s.100000.-.100.GBit/s.100010.100
8e780	31 30 30 00 31 30 30 31 31 30 00 31 30 31 31 31 30 00 31 31 00 31 31 39 00 31 32 00 31 32 31 2c	100.100110.101110.11.119.12.121,
8e7a0	20 32 34 39 00 31 33 00 31 34 00 31 35 00 31 36 00 31 37 00 31 37 32 2e 31 36 2e 30 2e 30 20 74	.249.13.14.15.16.17.172.16.0.0.t
8e7c0	6f 20 31 37 32 2e 33 31 2e 32 35 35 2e 32 35 35 20 28 43 49 44 52 3a 20 31 37 32 2e 31 36 2e 30	o.172.31.255.255.(CIDR:.172.16.0
8e7e0	2e 30 2f 31 32 29 00 31 38 00 31 39 00 31 39 32 2e 31 36 38 2e 30 2e 30 20 74 6f 20 31 39 32 2e	.0/12).18.19.192.168.0.0.to.192.
8e800	31 36 38 2e 32 35 35 2e 32 35 35 20 28 43 49 44 52 3a 20 31 39 32 2e 31 36 38 2e 30 2e 30 2f 31	168.255.255.(CIDR:.192.168.0.0/1
8e820	36 29 00 31 3a 20 45 6e 61 62 6c 65 20 44 41 44 20 28 64 65 66 61 75 6c 74 29 00 32 00 32 2e 20	6).1:.Enable.DAD.(default).2.2..
8e840	41 64 64 20 72 65 67 65 78 20 74 6f 20 74 68 65 20 73 63 72 69 70 74 00 32 30 00 32 31 00 32 32	Add.regex.to.the.script.20.21.22
8e860	00 32 33 00 32 35 30 30 20 2d 20 32 2e 35 20 47 42 69 74 2f 73 00 32 35 30 30 30 20 2d 20 32 35	.23.2500.-.2.5.GBit/s.25000.-.25
8e880	20 47 42 69 74 2f 73 00 32 35 32 00 32 36 00 32 38 00 32 3a 20 45 6e 61 62 6c 65 20 44 41 44 2c	.GBit/s.252.26.28.2:.Enable.DAD,
8e8a0	20 61 6e 64 20 64 69 73 61 62 6c 65 20 49 50 76 36 20 6f 70 65 72 61 74 69 6f 6e 20 69 66 20 4d	.and.disable.IPv6.operation.if.M
8e8c0	41 43 2d 62 61 73 65 64 20 64 75 70 6c 69 63 61 74 65 20 6c 69 6e 6b 2d 6c 6f 63 61 6c 20 61 64	AC-based.duplicate.link-local.ad
8e8e0	64 72 65 73 73 20 68 61 73 20 62 65 65 6e 20 66 6f 75 6e 64 2e 00 32 46 41 20 4f 54 50 20 73 75	dress.has.been.found..2FA.OTP.su
8e900	70 70 6f 72 74 00 33 00 33 2e 20 41 64 64 20 61 20 66 75 6c 6c 20 70 61 74 68 20 74 6f 20 74 68	pport.3.3..Add.a.full.path.to.th
8e920	65 20 73 63 72 69 70 74 00 33 30 00 33 34 00 33 36 00 33 38 00 34 00 34 2e 20 41 64 64 20 6f 70	e.script.30.34.36.38.4.4..Add.op
8e940	74 69 6f 6e 61 6c 20 70 61 72 61 6d 65 74 65 72 73 00 34 30 20 4d 48 7a 20 63 68 61 6e 6e 65 6c	tional.parameters.40.MHz.channel
8e960	73 20 6d 61 79 20 73 77 69 74 63 68 20 74 68 65 69 72 20 70 72 69 6d 61 72 79 20 61 6e 64 20 73	s.may.switch.their.primary.and.s
8e980	65 63 6f 6e 64 61 72 79 20 63 68 61 6e 6e 65 6c 73 20 69 66 20 6e 65 65 64 65 64 20 6f 72 20 63	econdary.channels.if.needed.or.c
8e9a0	72 65 61 74 69 6f 6e 20 6f 66 20 34 30 20 4d 48 7a 20 63 68 61 6e 6e 65 6c 20 6d 61 79 62 65 20	reation.of.40.MHz.channel.maybe.
8e9c0	72 65 6a 65 63 74 65 64 20 62 61 73 65 64 20 6f 6e 20 6f 76 65 72 6c 61 70 70 69 6e 67 20 42 53	rejected.based.on.overlapping.BS
8e9e0	53 65 73 2e 20 54 68 65 73 65 20 63 68 61 6e 67 65 73 20 61 72 65 20 64 6f 6e 65 20 61 75 74 6f	Ses..These.changes.are.done.auto
8ea00	6d 61 74 69 63 61 6c 6c 79 20 77 68 65 6e 20 68 6f 73 74 61 70 64 20 69 73 20 73 65 74 74 69 6e	matically.when.hostapd.is.settin
8ea20	67 20 75 70 20 74 68 65 20 34 30 20 4d 48 7a 20 63 68 61 6e 6e 65 6c 2e 00 34 30 30 30 30 20 2d	g.up.the.40.MHz.channel..40000.-
8ea40	20 34 30 20 47 42 69 74 2f 73 00 34 32 00 34 34 00 34 36 00 35 00 35 20 69 66 20 6e 6f 74 20 64	.40.GBit/s.42.44.46.5.5.if.not.d
8ea60	65 66 69 6e 65 64 2e 00 35 30 30 30 20 2d 20 35 20 47 42 69 74 2f 73 00 35 30 30 30 30 20 2d 20	efined..5000.-.5.GBit/s.50000.-.
8ea80	35 30 20 47 42 69 74 2f 73 00 35 34 00 36 00 36 36 00 36 36 25 20 6f 66 20 74 72 61 66 66 69 63	50.GBit/s.54.6.66.66%.of.traffic
8eaa0	20 69 73 20 72 6f 75 74 65 64 20 74 6f 20 65 74 68 30 2c 20 65 74 68 31 20 67 65 74 73 20 33 33	.is.routed.to.eth0,.eth1.gets.33
8eac0	25 20 6f 66 20 74 72 61 66 66 69 63 2e 00 36 37 00 36 39 00 36 69 6e 34 20 28 53 49 54 29 00 36	%.of.traffic..67.69.6in4.(SIT).6
8eae0	69 6e 34 20 75 73 65 73 20 74 75 6e 6e 65 6c 69 6e 67 20 74 6f 20 65 6e 63 61 70 73 75 6c 61 74	in4.uses.tunneling.to.encapsulat
8eb00	65 20 49 50 76 36 20 74 72 61 66 66 69 63 20 6f 76 65 72 20 49 50 76 34 20 6c 69 6e 6b 73 20 61	e.IPv6.traffic.over.IPv4.links.a
8eb20	73 20 64 65 66 69 6e 65 64 20 69 6e 20 3a 72 66 63 3a 60 34 32 31 33 60 2e 20 54 68 65 20 36 69	s.defined.in.:rfc:`4213`..The.6i
8eb40	6e 34 20 74 72 61 66 66 69 63 20 69 73 20 73 65 6e 74 20 6f 76 65 72 20 49 50 76 34 20 69 6e 73	n4.traffic.is.sent.over.IPv4.ins
8eb60	69 64 65 20 49 50 76 34 20 70 61 63 6b 65 74 73 20 77 68 6f 73 65 20 49 50 20 68 65 61 64 65 72	ide.IPv4.packets.whose.IP.header
8eb80	73 20 68 61 76 65 20 74 68 65 20 49 50 20 70 72 6f 74 6f 63 6f 6c 20 6e 75 6d 62 65 72 20 73 65	s.have.the.IP.protocol.number.se
8eba0	74 20 74 6f 20 34 31 2e 20 54 68 69 73 20 70 72 6f 74 6f 63 6f 6c 20 6e 75 6d 62 65 72 20 69 73	t.to.41..This.protocol.number.is
8ebc0	20 73 70 65 63 69 66 69 63 61 6c 6c 79 20 64 65 73 69 67 6e 61 74 65 64 20 66 6f 72 20 49 50 76	.specifically.designated.for.IPv
8ebe0	36 20 65 6e 63 61 70 73 75 6c 61 74 69 6f 6e 2c 20 74 68 65 20 49 50 76 34 20 70 61 63 6b 65 74	6.encapsulation,.the.IPv4.packet
8ec00	20 68 65 61 64 65 72 20 69 73 20 69 6d 6d 65 64 69 61 74 65 6c 79 20 66 6f 6c 6c 6f 77 65 64 20	.header.is.immediately.followed.
8ec20	62 79 20 74 68 65 20 49 50 76 36 20 70 61 63 6b 65 74 20 62 65 69 6e 67 20 63 61 72 72 69 65 64	by.the.IPv6.packet.being.carried
8ec40	2e 20 54 68 65 20 65 6e 63 61 70 73 75 6c 61 74 69 6f 6e 20 6f 76 65 72 68 65 61 64 20 69 73 20	..The.encapsulation.overhead.is.
8ec60	74 68 65 20 73 69 7a 65 20 6f 66 20 74 68 65 20 49 50 76 34 20 68 65 61 64 65 72 20 6f 66 20 32	the.size.of.the.IPv4.header.of.2
8ec80	30 20 62 79 74 65 73 2c 20 74 68 65 72 65 66 6f 72 65 20 77 69 74 68 20 61 6e 20 4d 54 55 20 6f	0.bytes,.therefore.with.an.MTU.o
8eca0	66 20 31 35 30 30 20 62 79 74 65 73 2c 20 49 50 76 36 20 70 61 63 6b 65 74 73 20 6f 66 20 31 34	f.1500.bytes,.IPv6.packets.of.14
8ecc0	38 30 20 62 79 74 65 73 20 63 61 6e 20 62 65 20 73 65 6e 74 20 77 69 74 68 6f 75 74 20 66 72 61	80.bytes.can.be.sent.without.fra
8ece0	67 6d 65 6e 74 61 74 69 6f 6e 2e 20 54 68 69 73 20 74 75 6e 6e 65 6c 69 6e 67 20 74 65 63 68 6e	gmentation..This.tunneling.techn
8ed00	69 71 75 65 20 69 73 20 66 72 65 71 75 65 6e 74 6c 79 20 75 73 65 64 20 62 79 20 49 50 76 36 20	ique.is.frequently.used.by.IPv6.
8ed20	74 75 6e 6e 65 6c 20 62 72 6f 6b 65 72 73 20 6c 69 6b 65 20 60 48 75 72 72 69 63 61 6e 65 20 45	tunnel.brokers.like.`Hurricane.E
8ed40	6c 65 63 74 72 69 63 60 5f 2e 00 37 00 37 30 00 38 00 38 30 32 2e 31 71 20 56 4c 41 4e 20 69 6e	lectric`_..7.70.8.802.1q.VLAN.in
8ed60	74 65 72 66 61 63 65 73 20 61 72 65 20 72 65 70 72 65 73 65 6e 74 65 64 20 61 73 20 76 69 72 74	terfaces.are.represented.as.virt
8ed80	75 61 6c 20 73 75 62 2d 69 6e 74 65 72 66 61 63 65 73 20 69 6e 20 56 79 4f 53 2e 20 54 68 65 20	ual.sub-interfaces.in.VyOS..The.
8eda0	74 65 72 6d 20 75 73 65 64 20 66 6f 72 20 74 68 69 73 20 69 73 20 60 60 76 69 66 60 60 2e 00 39	term.used.for.this.is.``vif``..9
8edc0	00 3a 61 62 62 72 3a 60 41 46 49 20 28 41 64 64 72 65 73 73 20 66 61 6d 69 6c 79 20 61 75 74 68	.:abbr:`AFI.(Address.family.auth
8ede0	6f 72 69 74 79 20 69 64 65 6e 74 69 66 69 65 72 29 60 20 2d 20 60 60 34 39 60 60 20 54 68 65 20	ority.identifier)`.-.``49``.The.
8ee00	41 46 49 20 76 61 6c 75 65 20 34 39 20 69 73 20 77 68 61 74 20 49 53 2d 49 53 20 75 73 65 73 20	AFI.value.49.is.what.IS-IS.uses.
8ee20	66 6f 72 20 70 72 69 76 61 74 65 20 61 64 64 72 65 73 73 69 6e 67 2e 00 3a 61 62 62 72 3a 60 41	for.private.addressing..:abbr:`A
8ee40	52 50 20 28 41 64 64 72 65 73 73 20 52 65 73 6f 6c 75 74 69 6f 6e 20 50 72 6f 74 6f 63 6f 6c 29	RP.(Address.Resolution.Protocol)
8ee60	60 20 69 73 20 61 20 63 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 20 70 72 6f 74 6f 63 6f 6c 20 75 73	`.is.a.communication.protocol.us
8ee80	65 64 20 66 6f 72 20 64 69 73 63 6f 76 65 72 69 6e 67 20 74 68 65 20 6c 69 6e 6b 20 6c 61 79 65	ed.for.discovering.the.link.laye
8eea0	72 20 61 64 64 72 65 73 73 2c 20 73 75 63 68 20 61 73 20 61 20 4d 41 43 20 61 64 64 72 65 73 73	r.address,.such.as.a.MAC.address
8eec0	2c 20 61 73 73 6f 63 69 61 74 65 64 20 77 69 74 68 20 61 20 67 69 76 65 6e 20 69 6e 74 65 72 6e	,.associated.with.a.given.intern
8eee0	65 74 20 6c 61 79 65 72 20 61 64 64 72 65 73 73 2c 20 74 79 70 69 63 61 6c 6c 79 20 61 6e 20 49	et.layer.address,.typically.an.I
8ef00	50 76 34 20 61 64 64 72 65 73 73 2e 20 54 68 69 73 20 6d 61 70 70 69 6e 67 20 69 73 20 61 20 63	Pv4.address..This.mapping.is.a.c
8ef20	72 69 74 69 63 61 6c 20 66 75 6e 63 74 69 6f 6e 20 69 6e 20 74 68 65 20 49 6e 74 65 72 6e 65 74	ritical.function.in.the.Internet
8ef40	20 70 72 6f 74 6f 63 6f 6c 20 73 75 69 74 65 2e 20 41 52 50 20 77 61 73 20 64 65 66 69 6e 65 64	.protocol.suite..ARP.was.defined
8ef60	20 69 6e 20 31 39 38 32 20 62 79 20 3a 72 66 63 3a 60 38 32 36 60 20 77 68 69 63 68 20 69 73 20	.in.1982.by.:rfc:`826`.which.is.
8ef80	49 6e 74 65 72 6e 65 74 20 53 74 61 6e 64 61 72 64 20 53 54 44 20 33 37 2e 00 3a 61 62 62 72 3a	Internet.Standard.STD.37..:abbr:
8efa0	60 42 46 44 20 28 42 69 64 69 72 65 63 74 69 6f 6e 61 6c 20 46 6f 72 77 61 72 64 69 6e 67 20 44	`BFD.(Bidirectional.Forwarding.D
8efc0	65 74 65 63 74 69 6f 6e 29 60 20 69 73 20 64 65 73 63 72 69 62 65 64 20 61 6e 64 20 65 78 74 65	etection)`.is.described.and.exte
8efe0	6e 64 65 64 20 62 79 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 52 46 43 73 3a 20 3a 72 66 63	nded.by.the.following.RFCs:.:rfc
8f000	3a 60 35 38 38 30 60 2c 20 3a 72 66 63 3a 60 35 38 38 31 60 20 61 6e 64 20 3a 72 66 63 3a 60 35	:`5880`,.:rfc:`5881`.and.:rfc:`5
8f020	38 38 33 60 2e 00 3a 61 62 62 72 3a 60 42 47 50 20 28 42 6f 72 64 65 72 20 47 61 74 65 77 61 79	883`..:abbr:`BGP.(Border.Gateway
8f040	20 50 72 6f 74 6f 63 6f 6c 29 60 20 69 73 20 6f 6e 65 20 6f 66 20 74 68 65 20 45 78 74 65 72 69	.Protocol)`.is.one.of.the.Exteri
8f060	6f 72 20 47 61 74 65 77 61 79 20 50 72 6f 74 6f 63 6f 6c 73 20 61 6e 64 20 74 68 65 20 64 65 20	or.Gateway.Protocols.and.the.de.
8f080	66 61 63 74 6f 20 73 74 61 6e 64 61 72 64 20 69 6e 74 65 72 64 6f 6d 61 69 6e 20 72 6f 75 74 69	facto.standard.interdomain.routi
8f0a0	6e 67 20 70 72 6f 74 6f 63 6f 6c 2e 20 54 68 65 20 6c 61 74 65 73 74 20 42 47 50 20 76 65 72 73	ng.protocol..The.latest.BGP.vers
8f0c0	69 6f 6e 20 69 73 20 34 2e 20 42 47 50 2d 34 20 69 73 20 64 65 73 63 72 69 62 65 64 20 69 6e 20	ion.is.4..BGP-4.is.described.in.
8f0e0	3a 72 66 63 3a 60 31 37 37 31 60 20 61 6e 64 20 75 70 64 61 74 65 64 20 62 79 20 3a 72 66 63 3a	:rfc:`1771`.and.updated.by.:rfc:
8f100	60 34 32 37 31 60 2e 20 3a 72 66 63 3a 60 32 38 35 38 60 20 61 64 64 73 20 6d 75 6c 74 69 70 72	`4271`..:rfc:`2858`.adds.multipr
8f120	6f 74 6f 63 6f 6c 20 73 75 70 70 6f 72 74 20 74 6f 20 42 47 50 2e 00 3a 61 62 62 72 3a 60 43 4b	otocol.support.to.BGP..:abbr:`CK
8f140	4e 20 28 4d 41 43 73 65 63 20 63 6f 6e 6e 65 63 74 69 76 69 74 79 20 61 73 73 6f 63 69 61 74 69	N.(MACsec.connectivity.associati
8f160	6f 6e 20 6e 61 6d 65 29 60 20 6b 65 79 00 3a 61 62 62 72 3a 60 44 4d 56 50 4e 20 28 44 79 6e 61	on.name)`.key.:abbr:`DMVPN.(Dyna
8f180	6d 69 63 20 4d 75 6c 74 69 70 6f 69 6e 74 20 56 69 72 74 75 61 6c 20 50 72 69 76 61 74 65 20 4e	mic.Multipoint.Virtual.Private.N
8f1a0	65 74 77 6f 72 6b 29 60 20 69 73 20 61 20 64 79 6e 61 6d 69 63 20 3a 61 62 62 72 3a 60 56 50 4e	etwork)`.is.a.dynamic.:abbr:`VPN
8f1c0	20 28 56 69 72 74 75 61 6c 20 50 72 69 76 61 74 65 20 4e 65 74 77 6f 72 6b 29 60 20 74 65 63 68	.(Virtual.Private.Network)`.tech
8f1e0	6e 6f 6c 6f 67 79 20 6f 72 69 67 69 6e 61 6c 6c 79 20 64 65 76 65 6c 6f 70 65 64 20 62 79 20 43	nology.originally.developed.by.C
8f200	69 73 63 6f 2e 20 57 68 69 6c 65 20 74 68 65 69 72 20 69 6d 70 6c 65 6d 65 6e 74 61 74 69 6f 6e	isco..While.their.implementation
8f220	20 77 61 73 20 73 6f 6d 65 77 68 61 74 20 70 72 6f 70 72 69 65 74 61 72 79 2c 20 74 68 65 20 75	.was.somewhat.proprietary,.the.u
8f240	6e 64 65 72 6c 79 69 6e 67 20 74 65 63 68 6e 6f 6c 6f 67 69 65 73 20 61 72 65 20 61 63 74 75 61	nderlying.technologies.are.actua
8f260	6c 6c 79 20 73 74 61 6e 64 61 72 64 73 20 62 61 73 65 64 2e 20 54 68 65 20 74 68 72 65 65 20 74	lly.standards.based..The.three.t
8f280	65 63 68 6e 6f 6c 6f 67 69 65 73 20 61 72 65 3a 00 3a 61 62 62 72 3a 60 44 4e 41 54 20 28 44 65	echnologies.are:.:abbr:`DNAT.(De
8f2a0	73 74 69 6e 61 74 69 6f 6e 20 4e 65 74 77 6f 72 6b 20 41 64 64 72 65 73 73 20 54 72 61 6e 73 6c	stination.Network.Address.Transl
8f2c0	61 74 69 6f 6e 29 60 20 63 68 61 6e 67 65 73 20 74 68 65 20 64 65 73 74 69 6e 61 74 69 6f 6e 20	ation)`.changes.the.destination.
8f2e0	61 64 64 72 65 73 73 20 6f 66 20 70 61 63 6b 65 74 73 20 70 61 73 73 69 6e 67 20 74 68 72 6f 75	address.of.packets.passing.throu
8f300	67 68 20 74 68 65 20 72 6f 75 74 65 72 2c 20 77 68 69 6c 65 20 3a 72 65 66 3a 60 73 6f 75 72 63	gh.the.router,.while.:ref:`sourc
8f320	65 2d 6e 61 74 60 20 63 68 61 6e 67 65 73 20 74 68 65 20 73 6f 75 72 63 65 20 61 64 64 72 65 73	e-nat`.changes.the.source.addres
8f340	73 20 6f 66 20 70 61 63 6b 65 74 73 2e 20 44 4e 41 54 20 69 73 20 74 79 70 69 63 61 6c 6c 79 20	s.of.packets..DNAT.is.typically.
8f360	75 73 65 64 20 77 68 65 6e 20 61 6e 20 65 78 74 65 72 6e 61 6c 20 28 70 75 62 6c 69 63 29 20 68	used.when.an.external.(public).h
8f380	6f 73 74 20 6e 65 65 64 73 20 74 6f 20 69 6e 69 74 69 61 74 65 20 61 20 73 65 73 73 69 6f 6e 20	ost.needs.to.initiate.a.session.
8f3a0	77 69 74 68 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 28 70 72 69 76 61 74 65 29 20 68 6f 73 74 2e	with.an.internal.(private).host.
8f3c0	20 41 20 63 75 73 74 6f 6d 65 72 20 6e 65 65 64 73 20 74 6f 20 61 63 63 65 73 73 20 61 20 70 72	.A.customer.needs.to.access.a.pr
8f3e0	69 76 61 74 65 20 73 65 72 76 69 63 65 20 62 65 68 69 6e 64 20 74 68 65 20 72 6f 75 74 65 72 73	ivate.service.behind.the.routers
8f400	20 70 75 62 6c 69 63 20 49 50 2e 20 41 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 69 73 20 65 73 74 61	.public.IP..A.connection.is.esta
8f420	62 6c 69 73 68 65 64 20 77 69 74 68 20 74 68 65 20 72 6f 75 74 65 72 73 20 70 75 62 6c 69 63 20	blished.with.the.routers.public.
8f440	49 50 20 61 64 64 72 65 73 73 20 6f 6e 20 61 20 77 65 6c 6c 20 6b 6e 6f 77 6e 20 70 6f 72 74 20	IP.address.on.a.well.known.port.
8f460	61 6e 64 20 74 68 75 73 20 61 6c 6c 20 74 72 61 66 66 69 63 20 66 6f 72 20 74 68 69 73 20 70 6f	and.thus.all.traffic.for.this.po
8f480	72 74 20 69 73 20 72 65 77 72 69 74 74 65 6e 20 74 6f 20 61 64 64 72 65 73 73 20 74 68 65 20 69	rt.is.rewritten.to.address.the.i
8f4a0	6e 74 65 72 6e 61 6c 20 28 70 72 69 76 61 74 65 29 20 68 6f 73 74 2e 00 3a 61 62 62 72 3a 60 45	nternal.(private).host..:abbr:`E
8f4c0	41 50 20 28 45 78 74 65 6e 73 69 62 6c 65 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 50 72	AP.(Extensible.Authentication.Pr
8f4e0	6f 74 6f 63 6f 6c 29 60 20 6f 76 65 72 20 4c 41 4e 20 28 45 41 50 6f 4c 29 20 69 73 20 61 20 6e	otocol)`.over.LAN.(EAPoL).is.a.n
8f500	65 74 77 6f 72 6b 20 70 6f 72 74 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 70 72 6f 74 6f	etwork.port.authentication.proto
8f520	63 6f 6c 20 75 73 65 64 20 69 6e 20 49 45 45 45 20 38 30 32 2e 31 58 20 28 50 6f 72 74 20 42 61	col.used.in.IEEE.802.1X.(Port.Ba
8f540	73 65 64 20 4e 65 74 77 6f 72 6b 20 41 63 63 65 73 73 20 43 6f 6e 74 72 6f 6c 29 20 64 65 76 65	sed.Network.Access.Control).deve
8f560	6c 6f 70 65 64 20 74 6f 20 67 69 76 65 20 61 20 67 65 6e 65 72 69 63 20 6e 65 74 77 6f 72 6b 20	loped.to.give.a.generic.network.
8f580	73 69 67 6e 2d 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 6e 65 74 77 6f 72 6b 20 72 65 73 6f 75 72	sign-on.to.access.network.resour
8f5a0	63 65 73 2e 00 3a 61 62 62 72 3a 60 45 55 49 2d 36 34 20 28 36 34 2d 42 69 74 20 45 78 74 65 6e	ces..:abbr:`EUI-64.(64-Bit.Exten
8f5c0	64 65 64 20 55 6e 69 71 75 65 20 49 64 65 6e 74 69 66 69 65 72 29 60 20 61 73 20 73 70 65 63 69	ded.Unique.Identifier)`.as.speci
8f5e0	66 69 65 64 20 69 6e 20 3a 72 66 63 3a 60 34 32 39 31 60 20 61 6c 6c 6f 77 73 20 61 20 68 6f 73	fied.in.:rfc:`4291`.allows.a.hos
8f600	74 20 74 6f 20 61 73 73 69 67 6e 20 69 74 65 73 6c 66 20 61 20 75 6e 69 71 75 65 20 36 34 2d 42	t.to.assign.iteslf.a.unique.64-B
8f620	69 74 20 49 50 76 36 20 61 64 64 72 65 73 73 2e 00 3a 61 62 62 72 3a 60 47 45 4e 45 56 45 20 28	it.IPv6.address..:abbr:`GENEVE.(
8f640	47 65 6e 65 72 69 63 20 4e 65 74 77 6f 72 6b 20 56 69 72 74 75 61 6c 69 7a 61 74 69 6f 6e 20 45	Generic.Network.Virtualization.E
8f660	6e 63 61 70 73 75 6c 61 74 69 6f 6e 29 60 20 73 75 70 70 6f 72 74 73 20 61 6c 6c 20 6f 66 20 74	ncapsulation)`.supports.all.of.t
8f680	68 65 20 63 61 70 61 62 69 6c 69 74 69 65 73 20 6f 66 20 3a 61 62 62 72 3a 60 56 58 4c 41 4e 20	he.capabilities.of.:abbr:`VXLAN.
8f6a0	28 56 69 72 74 75 61 6c 20 45 78 74 65 6e 73 69 62 6c 65 20 4c 41 4e 29 60 2c 20 3a 61 62 62 72	(Virtual.Extensible.LAN)`,.:abbr
8f6c0	3a 60 4e 56 47 52 45 20 28 4e 65 74 77 6f 72 6b 20 56 69 72 74 75 61 6c 69 7a 61 74 69 6f 6e 20	:`NVGRE.(Network.Virtualization.
8f6e0	75 73 69 6e 67 20 47 65 6e 65 72 69 63 20 52 6f 75 74 69 6e 67 20 45 6e 63 61 70 73 75 6c 61 74	using.Generic.Routing.Encapsulat
8f700	69 6f 6e 29 60 2c 20 61 6e 64 20 3a 61 62 62 72 3a 60 53 54 54 20 28 53 74 61 74 65 6c 65 73 73	ion)`,.and.:abbr:`STT.(Stateless
8f720	20 54 72 61 6e 73 70 6f 72 74 20 54 75 6e 6e 65 6c 69 6e 67 29 60 20 61 6e 64 20 77 61 73 20 64	.Transport.Tunneling)`.and.was.d
8f740	65 73 69 67 6e 65 64 20 74 6f 20 6f 76 65 72 63 6f 6d 65 20 74 68 65 69 72 20 70 65 72 63 65 69	esigned.to.overcome.their.percei
8f760	76 65 64 20 6c 69 6d 69 74 61 74 69 6f 6e 73 2e 20 4d 61 6e 79 20 62 65 6c 69 65 76 65 20 47 45	ved.limitations..Many.believe.GE
8f780	4e 45 56 45 20 63 6f 75 6c 64 20 65 76 65 6e 74 75 61 6c 6c 79 20 72 65 70 6c 61 63 65 20 74 68	NEVE.could.eventually.replace.th
8f7a0	65 73 65 20 65 61 72 6c 69 65 72 20 66 6f 72 6d 61 74 73 20 65 6e 74 69 72 65 6c 79 2e 00 3a 61	ese.earlier.formats.entirely..:a
8f7c0	62 62 72 3a 60 47 52 45 20 28 47 65 6e 65 72 69 63 20 52 6f 75 74 69 6e 67 20 45 6e 63 61 70 73	bbr:`GRE.(Generic.Routing.Encaps
8f7e0	75 6c 61 74 69 6f 6e 29 60 2c 20 47 52 45 2f 49 50 73 65 63 20 28 6f 72 20 49 50 49 50 2f 49 50	ulation)`,.GRE/IPsec.(or.IPIP/IP
8f800	73 65 63 2c 20 53 49 54 2f 49 50 73 65 63 2c 20 6f 72 20 61 6e 79 20 6f 74 68 65 72 20 73 74 61	sec,.SIT/IPsec,.or.any.other.sta
8f820	74 65 6c 65 73 73 20 74 75 6e 6e 65 6c 20 70 72 6f 74 6f 63 6f 6c 20 6f 76 65 72 20 49 50 73 65	teless.tunnel.protocol.over.IPse
8f840	63 29 20 69 73 20 74 68 65 20 75 73 75 61 6c 20 77 61 79 20 74 6f 20 70 72 6f 74 65 63 74 20 74	c).is.the.usual.way.to.protect.t
8f860	68 65 20 74 72 61 66 66 69 63 20 69 6e 73 69 64 65 20 61 20 74 75 6e 6e 65 6c 2e 00 3a 61 62 62	he.traffic.inside.a.tunnel..:abb
8f880	72 3a 60 47 52 4f 20 28 47 65 6e 65 72 69 63 20 72 65 63 65 69 76 65 20 6f 66 66 6c 6f 61 64 29	r:`GRO.(Generic.receive.offload)
8f8a0	60 20 69 73 20 74 68 65 20 63 6f 6d 70 6c 65 6d 65 6e 74 20 74 6f 20 47 53 4f 2e 20 49 64 65 61	`.is.the.complement.to.GSO..Idea
8f8c0	6c 6c 79 20 61 6e 79 20 66 72 61 6d 65 20 61 73 73 65 6d 62 6c 65 64 20 62 79 20 47 52 4f 20 73	lly.any.frame.assembled.by.GRO.s
8f8e0	68 6f 75 6c 64 20 62 65 20 73 65 67 6d 65 6e 74 65 64 20 74 6f 20 63 72 65 61 74 65 20 61 6e 20	hould.be.segmented.to.create.an.
8f900	69 64 65 6e 74 69 63 61 6c 20 73 65 71 75 65 6e 63 65 20 6f 66 20 66 72 61 6d 65 73 20 75 73 69	identical.sequence.of.frames.usi
8f920	6e 67 20 47 53 4f 2c 20 61 6e 64 20 61 6e 79 20 73 65 71 75 65 6e 63 65 20 6f 66 20 66 72 61 6d	ng.GSO,.and.any.sequence.of.fram
8f940	65 73 20 73 65 67 6d 65 6e 74 65 64 20 62 79 20 47 53 4f 20 73 68 6f 75 6c 64 20 62 65 20 61 62	es.segmented.by.GSO.should.be.ab
8f960	6c 65 20 74 6f 20 62 65 20 72 65 61 73 73 65 6d 62 6c 65 64 20 62 61 63 6b 20 74 6f 20 74 68 65	le.to.be.reassembled.back.to.the
8f980	20 6f 72 69 67 69 6e 61 6c 20 62 79 20 47 52 4f 2e 20 54 68 65 20 6f 6e 6c 79 20 65 78 63 65 70	.original.by.GRO..The.only.excep
8f9a0	74 69 6f 6e 20 74 6f 20 74 68 69 73 20 69 73 20 49 50 76 34 20 49 44 20 69 6e 20 74 68 65 20 63	tion.to.this.is.IPv4.ID.in.the.c
8f9c0	61 73 65 20 74 68 61 74 20 74 68 65 20 44 46 20 62 69 74 20 69 73 20 73 65 74 20 66 6f 72 20 61	ase.that.the.DF.bit.is.set.for.a
8f9e0	20 67 69 76 65 6e 20 49 50 20 68 65 61 64 65 72 2e 20 49 66 20 74 68 65 20 76 61 6c 75 65 20 6f	.given.IP.header..If.the.value.o
8fa00	66 20 74 68 65 20 49 50 76 34 20 49 44 20 69 73 20 6e 6f 74 20 73 65 71 75 65 6e 74 69 61 6c 6c	f.the.IPv4.ID.is.not.sequentiall
8fa20	79 20 69 6e 63 72 65 6d 65 6e 74 69 6e 67 20 69 74 20 77 69 6c 6c 20 62 65 20 61 6c 74 65 72 65	y.incrementing.it.will.be.altere
8fa40	64 20 73 6f 20 74 68 61 74 20 69 74 20 69 73 20 77 68 65 6e 20 61 20 66 72 61 6d 65 20 61 73 73	d.so.that.it.is.when.a.frame.ass
8fa60	65 6d 62 6c 65 64 20 76 69 61 20 47 52 4f 20 69 73 20 73 65 67 6d 65 6e 74 65 64 20 76 69 61 20	embled.via.GRO.is.segmented.via.
8fa80	47 53 4f 2e 00 3a 61 62 62 72 3a 60 47 53 4f 20 28 47 65 6e 65 72 69 63 20 53 65 67 6d 65 6e 74	GSO..:abbr:`GSO.(Generic.Segment
8faa0	61 74 69 6f 6e 20 4f 66 66 6c 6f 61 64 29 60 20 69 73 20 61 20 70 75 72 65 20 73 6f 66 74 77 61	ation.Offload)`.is.a.pure.softwa
8fac0	72 65 20 6f 66 66 6c 6f 61 64 20 74 68 61 74 20 69 73 20 6d 65 61 6e 74 20 74 6f 20 64 65 61 6c	re.offload.that.is.meant.to.deal
8fae0	20 77 69 74 68 20 63 61 73 65 73 20 77 68 65 72 65 20 64 65 76 69 63 65 20 64 72 69 76 65 72 73	.with.cases.where.device.drivers
8fb00	20 63 61 6e 6e 6f 74 20 70 65 72 66 6f 72 6d 20 74 68 65 20 6f 66 66 6c 6f 61 64 73 20 64 65 73	.cannot.perform.the.offloads.des
8fb20	63 72 69 62 65 64 20 61 62 6f 76 65 2e 20 57 68 61 74 20 6f 63 63 75 72 73 20 69 6e 20 47 53 4f	cribed.above..What.occurs.in.GSO
8fb40	20 69 73 20 74 68 61 74 20 61 20 67 69 76 65 6e 20 73 6b 62 75 66 66 20 77 69 6c 6c 20 68 61 76	.is.that.a.given.skbuff.will.hav
8fb60	65 20 69 74 73 20 64 61 74 61 20 62 72 6f 6b 65 6e 20 6f 75 74 20 6f 76 65 72 20 6d 75 6c 74 69	e.its.data.broken.out.over.multi
8fb80	70 6c 65 20 73 6b 62 75 66 66 73 20 74 68 61 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 73 69 7a	ple.skbuffs.that.have.been.resiz
8fba0	65 64 20 74 6f 20 6d 61 74 63 68 20 74 68 65 20 4d 53 53 20 70 72 6f 76 69 64 65 64 20 76 69 61	ed.to.match.the.MSS.provided.via
8fbc0	20 73 6b 62 5f 73 68 69 6e 66 6f 28 29 2d 3e 67 73 6f 5f 73 69 7a 65 2e 00 3a 61 62 62 72 3a 60	.skb_shinfo()->gso_size..:abbr:`
8fbe0	49 47 4d 50 20 28 49 6e 74 65 72 6e 65 74 20 47 72 6f 75 70 20 4d 61 6e 61 67 65 6d 65 6e 74 20	IGMP.(Internet.Group.Management.
8fc00	50 72 6f 74 6f 63 6f 6c 29 60 20 70 72 6f 78 79 20 73 65 6e 64 73 20 49 47 4d 50 20 68 6f 73 74	Protocol)`.proxy.sends.IGMP.host
8fc20	20 6d 65 73 73 61 67 65 73 20 6f 6e 20 62 65 68 61 6c 66 20 6f 66 20 61 20 63 6f 6e 6e 65 63 74	.messages.on.behalf.of.a.connect
8fc40	65 64 20 63 6c 69 65 6e 74 2e 20 54 68 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6d 75 73	ed.client..The.configuration.mus
8fc60	74 20 64 65 66 69 6e 65 20 6f 6e 65 2c 20 61 6e 64 20 6f 6e 6c 79 20 6f 6e 65 20 75 70 73 74 72	t.define.one,.and.only.one.upstr
8fc80	65 61 6d 20 69 6e 74 65 72 66 61 63 65 2c 20 61 6e 64 20 6f 6e 65 20 6f 72 20 6d 6f 72 65 20 64	eam.interface,.and.one.or.more.d
8fca0	6f 77 6e 73 74 72 65 61 6d 20 69 6e 74 65 72 66 61 63 65 73 2e 00 3a 61 62 62 72 3a 60 49 50 53	ownstream.interfaces..:abbr:`IPS
8fcc0	65 63 20 28 49 50 20 53 65 63 75 72 69 74 79 29 60 20 2d 20 74 6f 6f 20 6d 61 6e 79 20 52 46 43	ec.(IP.Security)`.-.too.many.RFC
8fce0	73 20 74 6f 20 6c 69 73 74 2c 20 62 75 74 20 73 74 61 72 74 20 77 69 74 68 20 3a 72 66 63 3a 60	s.to.list,.but.start.with.:rfc:`
8fd00	34 33 30 31 60 00 3a 61 62 62 72 3a 60 49 53 2d 49 53 20 28 49 6e 74 65 72 6d 65 64 69 61 74 65	4301`.:abbr:`IS-IS.(Intermediate
8fd20	20 53 79 73 74 65 6d 20 74 6f 20 49 6e 74 65 72 6d 65 64 69 61 74 65 20 53 79 73 74 65 6d 29 60	.System.to.Intermediate.System)`
8fd40	20 69 73 20 61 20 6c 69 6e 6b 2d 73 74 61 74 65 20 69 6e 74 65 72 69 6f 72 20 67 61 74 65 77 61	.is.a.link-state.interior.gatewa
8fd60	79 20 70 72 6f 74 6f 63 6f 6c 20 28 49 47 50 29 20 77 68 69 63 68 20 69 73 20 64 65 73 63 72 69	y.protocol.(IGP).which.is.descri
8fd80	62 65 64 20 69 6e 20 49 53 4f 31 30 35 38 39 2c 20 3a 72 66 63 3a 60 31 31 39 35 60 2c 20 3a 72	bed.in.ISO10589,.:rfc:`1195`,.:r
8fda0	66 63 3a 60 35 33 30 38 60 2e 20 49 53 2d 49 53 20 72 75 6e 73 20 74 68 65 20 44 69 6a 6b 73 74	fc:`5308`..IS-IS.runs.the.Dijkst
8fdc0	72 61 20 73 68 6f 72 74 65 73 74 2d 70 61 74 68 20 66 69 72 73 74 20 28 53 50 46 29 20 61 6c 67	ra.shortest-path.first.(SPF).alg
8fde0	6f 72 69 74 68 6d 20 74 6f 20 63 72 65 61 74 65 20 61 20 64 61 74 61 62 61 73 65 20 6f 66 20 74	orithm.to.create.a.database.of.t
8fe00	68 65 20 6e 65 74 77 6f 72 6b e2 80 99 73 20 74 6f 70 6f 6c 6f 67 79 2c 20 61 6e 64 20 66 72 6f	he.network...s.topology,.and.fro
8fe20	6d 20 74 68 61 74 20 64 61 74 61 62 61 73 65 20 74 6f 20 64 65 74 65 72 6d 69 6e 65 20 74 68 65	m.that.database.to.determine.the
8fe40	20 62 65 73 74 20 28 74 68 61 74 20 69 73 2c 20 6c 6f 77 65 73 74 20 63 6f 73 74 29 20 70 61 74	.best.(that.is,.lowest.cost).pat
8fe60	68 20 74 6f 20 61 20 64 65 73 74 69 6e 61 74 69 6f 6e 2e 20 54 68 65 20 69 6e 74 65 72 6d 65 64	h.to.a.destination..The.intermed
8fe80	69 61 74 65 20 73 79 73 74 65 6d 73 20 28 74 68 65 20 6e 61 6d 65 20 66 6f 72 20 72 6f 75 74 65	iate.systems.(the.name.for.route
8fea0	72 73 29 20 65 78 63 68 61 6e 67 65 20 74 6f 70 6f 6c 6f 67 79 20 69 6e 66 6f 72 6d 61 74 69 6f	rs).exchange.topology.informatio
8fec0	6e 20 77 69 74 68 20 74 68 65 69 72 20 64 69 72 65 63 74 6c 79 20 63 6f 6e 65 6e 63 74 65 64 20	n.with.their.directly.conencted.
8fee0	6e 65 69 67 68 62 6f 72 73 2e 20 49 53 2d 49 53 20 72 75 6e 73 20 64 69 72 65 63 74 6c 79 20 6f	neighbors..IS-IS.runs.directly.o
8ff00	6e 20 74 68 65 20 64 61 74 61 20 6c 69 6e 6b 20 6c 61 79 65 72 20 28 4c 61 79 65 72 20 32 29 2e	n.the.data.link.layer.(Layer.2).
8ff20	20 49 53 2d 49 53 20 61 64 64 72 65 73 73 65 73 20 61 72 65 20 63 61 6c 6c 65 64 20 3a 61 62 62	.IS-IS.addresses.are.called.:abb
8ff40	72 3a 60 4e 45 54 73 20 28 4e 65 74 77 6f 72 6b 20 45 6e 74 69 74 79 20 54 69 74 6c 65 73 29 60	r:`NETs.(Network.Entity.Titles)`
8ff60	20 61 6e 64 20 63 61 6e 20 62 65 20 38 20 74 6f 20 32 30 20 62 79 74 65 73 20 6c 6f 6e 67 2c 20	.and.can.be.8.to.20.bytes.long,.
8ff80	62 75 74 20 61 72 65 20 67 65 6e 65 72 61 6c 6c 79 20 31 30 20 62 79 74 65 73 20 6c 6f 6e 67 2e	but.are.generally.10.bytes.long.
8ffa0	20 54 68 65 20 74 72 65 65 20 64 61 74 61 62 61 73 65 20 74 68 61 74 20 69 73 20 63 72 65 61 74	.The.tree.database.that.is.creat
8ffc0	65 64 20 77 69 74 68 20 49 53 2d 49 53 20 69 73 20 73 69 6d 69 6c 61 72 20 74 6f 20 74 68 65 20	ed.with.IS-IS.is.similar.to.the.
8ffe0	6f 6e 65 20 74 68 61 74 20 69 73 20 63 72 65 61 74 65 64 20 77 69 74 68 20 4f 53 50 46 20 69 6e	one.that.is.created.with.OSPF.in
90000	20 74 68 61 74 20 74 68 65 20 70 61 74 68 73 20 63 68 6f 73 65 6e 20 73 68 6f 75 6c 64 20 62 65	.that.the.paths.chosen.should.be
90020	20 73 69 6d 69 6c 61 72 2e 20 43 6f 6d 70 61 72 69 73 6f 6e 73 20 74 6f 20 4f 53 50 46 20 61 72	.similar..Comparisons.to.OSPF.ar
90040	65 20 69 6e 65 76 69 74 61 62 6c 65 20 61 6e 64 20 6f 66 74 65 6e 20 61 72 65 20 72 65 61 73 6f	e.inevitable.and.often.are.reaso
90060	6e 61 62 6c 65 20 6f 6e 65 73 20 74 6f 20 6d 61 6b 65 20 69 6e 20 72 65 67 61 72 64 73 20 74 6f	nable.ones.to.make.in.regards.to
90080	20 74 68 65 20 77 61 79 20 61 20 6e 65 74 77 6f 72 6b 20 77 69 6c 6c 20 72 65 73 70 6f 6e 64 20	.the.way.a.network.will.respond.
900a0	77 69 74 68 20 65 69 74 68 65 72 20 49 47 50 2e 00 3a 61 62 62 72 3a 60 4c 33 56 50 4e 20 56 52	with.either.IGP..:abbr:`L3VPN.VR
900c0	46 73 20 28 20 4c 61 79 65 72 20 33 20 56 69 72 74 75 61 6c 20 50 72 69 76 61 74 65 20 4e 65 74	Fs.(.Layer.3.Virtual.Private.Net
900e0	77 6f 72 6b 73 20 29 60 20 62 67 70 64 20 73 75 70 70 6f 72 74 73 20 66 6f 72 20 49 50 76 34 20	works.)`.bgpd.supports.for.IPv4.
90100	52 46 43 20 34 33 36 34 20 61 6e 64 20 49 50 76 36 20 52 46 43 20 34 36 35 39 2e 20 4c 33 56 50	RFC.4364.and.IPv6.RFC.4659..L3VP
90120	4e 20 72 6f 75 74 65 73 2c 20 61 6e 64 20 74 68 65 69 72 20 61 73 73 6f 63 69 61 74 65 64 20 56	N.routes,.and.their.associated.V
90140	52 46 20 4d 50 4c 53 20 6c 61 62 65 6c 73 2c 20 63 61 6e 20 62 65 20 64 69 73 74 72 69 62 75 74	RF.MPLS.labels,.can.be.distribut
90160	65 64 20 74 6f 20 56 50 4e 20 53 41 46 49 20 6e 65 69 67 68 62 6f 72 73 20 69 6e 20 74 68 65 20	ed.to.VPN.SAFI.neighbors.in.the.
90180	64 65 66 61 75 6c 74 2c 20 69 2e 65 2e 2c 20 6e 6f 6e 20 56 52 46 2c 20 42 47 50 20 69 6e 73 74	default,.i.e.,.non.VRF,.BGP.inst
901a0	61 6e 63 65 2e 20 56 52 46 20 4d 50 4c 53 20 6c 61 62 65 6c 73 20 61 72 65 20 72 65 61 63 68 65	ance..VRF.MPLS.labels.are.reache
901c0	64 20 75 73 69 6e 67 20 63 6f 72 65 20 4d 50 4c 53 20 6c 61 62 65 6c 73 20 77 68 69 63 68 20 61	d.using.core.MPLS.labels.which.a
901e0	72 65 20 64 69 73 74 72 69 62 75 74 65 64 20 75 73 69 6e 67 20 4c 44 50 20 6f 72 20 42 47 50 20	re.distributed.using.LDP.or.BGP.
90200	6c 61 62 65 6c 65 64 20 75 6e 69 63 61 73 74 2e 20 62 67 70 64 20 61 6c 73 6f 20 73 75 70 70 6f	labeled.unicast..bgpd.also.suppo
90220	72 74 73 20 69 6e 74 65 72 2d 56 52 46 20 72 6f 75 74 65 20 6c 65 61 6b 69 6e 67 2e 00 3a 61 62	rts.inter-VRF.route.leaking..:ab
90240	62 72 3a 60 4c 44 50 20 28 4c 61 62 65 6c 20 44 69 73 74 72 69 62 75 74 69 6f 6e 20 50 72 6f 74	br:`LDP.(Label.Distribution.Prot
90260	6f 63 6f 6c 29 60 20 69 73 20 61 20 54 43 50 20 62 61 73 65 64 20 4d 50 4c 53 20 73 69 67 6e 61	ocol)`.is.a.TCP.based.MPLS.signa
90280	6c 69 6e 67 20 70 72 6f 74 6f 63 6f 6c 20 74 68 61 74 20 64 69 73 74 72 69 62 75 74 65 73 20 6c	ling.protocol.that.distributes.l
902a0	61 62 65 6c 73 20 63 72 65 61 74 69 6e 67 20 4d 50 4c 53 20 6c 61 62 65 6c 20 73 77 69 74 63 68	abels.creating.MPLS.label.switch
902c0	65 64 20 70 61 74 68 73 20 69 6e 20 61 20 64 79 6e 61 6d 69 63 20 6d 61 6e 6e 65 72 2e 20 4c 44	ed.paths.in.a.dynamic.manner..LD
902e0	50 20 69 73 20 6e 6f 74 20 61 20 72 6f 75 74 69 6e 67 20 70 72 6f 74 6f 63 6f 6c 2c 20 61 73 20	P.is.not.a.routing.protocol,.as.
90300	69 74 20 72 65 6c 69 65 73 20 6f 6e 20 6f 74 68 65 72 20 72 6f 75 74 69 6e 67 20 70 72 6f 74 6f	it.relies.on.other.routing.proto
90320	63 6f 6c 73 20 66 6f 72 20 66 6f 72 77 61 72 64 69 6e 67 20 64 65 63 69 73 69 6f 6e 73 2e 20 4c	cols.for.forwarding.decisions..L
90340	44 50 20 63 61 6e 6e 6f 74 20 62 6f 6f 74 73 74 72 61 70 20 69 74 73 65 6c 66 2c 20 61 6e 64 20	DP.cannot.bootstrap.itself,.and.
90360	74 68 65 72 65 66 6f 72 65 20 72 65 6c 69 65 73 20 6f 6e 20 73 61 69 64 20 72 6f 75 74 69 6e 67	therefore.relies.on.said.routing
90380	20 70 72 6f 74 6f 63 6f 6c 73 20 66 6f 72 20 63 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 20 77 69 74	.protocols.for.communication.wit
903a0	68 20 6f 74 68 65 72 20 72 6f 75 74 65 72 73 20 74 68 61 74 20 75 73 65 20 4c 44 50 2e 00 3a 61	h.other.routers.that.use.LDP..:a
903c0	62 62 72 3a 60 4c 4c 44 50 20 28 4c 69 6e 6b 20 4c 61 79 65 72 20 44 69 73 63 6f 76 65 72 79 20	bbr:`LLDP.(Link.Layer.Discovery.
903e0	50 72 6f 74 6f 63 6f 6c 29 60 20 69 73 20 61 20 76 65 6e 64 6f 72 2d 6e 65 75 74 72 61 6c 20 6c	Protocol)`.is.a.vendor-neutral.l
90400	69 6e 6b 20 6c 61 79 65 72 20 70 72 6f 74 6f 63 6f 6c 20 69 6e 20 74 68 65 20 49 6e 74 65 72 6e	ink.layer.protocol.in.the.Intern
90420	65 74 20 50 72 6f 74 6f 63 6f 6c 20 53 75 69 74 65 20 75 73 65 64 20 62 79 20 6e 65 74 77 6f 72	et.Protocol.Suite.used.by.networ
90440	6b 20 64 65 76 69 63 65 73 20 66 6f 72 20 61 64 76 65 72 74 69 73 69 6e 67 20 74 68 65 69 72 20	k.devices.for.advertising.their.
90460	69 64 65 6e 74 69 74 79 2c 20 63 61 70 61 62 69 6c 69 74 69 65 73 2c 20 61 6e 64 20 6e 65 69 67	identity,.capabilities,.and.neig
90480	68 62 6f 72 73 20 6f 6e 20 61 6e 20 49 45 45 45 20 38 30 32 20 6c 6f 63 61 6c 20 61 72 65 61 20	hbors.on.an.IEEE.802.local.area.
904a0	6e 65 74 77 6f 72 6b 2c 20 70 72 69 6e 63 69 70 61 6c 6c 79 20 77 69 72 65 64 20 45 74 68 65 72	network,.principally.wired.Ether
904c0	6e 65 74 2e 20 54 68 65 20 70 72 6f 74 6f 63 6f 6c 20 69 73 20 66 6f 72 6d 61 6c 6c 79 20 72 65	net..The.protocol.is.formally.re
904e0	66 65 72 72 65 64 20 74 6f 20 62 79 20 74 68 65 20 49 45 45 45 20 61 73 20 53 74 61 74 69 6f 6e	ferred.to.by.the.IEEE.as.Station
90500	20 61 6e 64 20 4d 65 64 69 61 20 41 63 63 65 73 73 20 43 6f 6e 74 72 6f 6c 20 43 6f 6e 6e 65 63	.and.Media.Access.Control.Connec
90520	74 69 76 69 74 79 20 44 69 73 63 6f 76 65 72 79 20 73 70 65 63 69 66 69 65 64 20 69 6e 20 49 45	tivity.Discovery.specified.in.IE
90540	45 45 20 38 30 32 2e 31 41 42 20 61 6e 64 20 49 45 45 45 20 38 30 32 2e 33 2d 32 30 31 32 20 73	EE.802.1AB.and.IEEE.802.3-2012.s
90560	65 63 74 69 6f 6e 20 36 20 63 6c 61 75 73 65 20 37 39 2e 00 3a 61 62 62 72 3a 60 4d 4b 41 20 28	ection.6.clause.79..:abbr:`MKA.(
90580	4d 41 43 73 65 63 20 4b 65 79 20 41 67 72 65 65 6d 65 6e 74 20 70 72 6f 74 6f 63 6f 6c 29 60 20	MACsec.Key.Agreement.protocol)`.
905a0	69 73 20 75 73 65 64 20 74 6f 20 73 79 6e 63 68 72 6f 6e 69 7a 65 20 6b 65 79 73 20 62 65 74 77	is.used.to.synchronize.keys.betw
905c0	65 65 6e 20 69 6e 64 69 76 69 64 75 61 6c 20 70 65 65 72 73 2e 00 3a 61 62 62 72 3a 60 4d 50 4c	een.individual.peers..:abbr:`MPL
905e0	53 20 28 4d 75 6c 74 69 2d 50 72 6f 74 6f 63 6f 6c 20 4c 61 62 65 6c 20 53 77 69 74 63 68 69 6e	S.(Multi-Protocol.Label.Switchin
90600	67 29 60 20 69 73 20 61 20 70 61 63 6b 65 74 20 66 6f 72 77 61 72 64 69 6e 67 20 70 61 72 61 64	g)`.is.a.packet.forwarding.parad
90620	69 67 6d 20 77 68 69 63 68 20 64 69 66 66 65 72 73 20 66 72 6f 6d 20 72 65 67 75 6c 61 72 20 49	igm.which.differs.from.regular.I
90640	50 20 66 6f 72 77 61 72 64 69 6e 67 2e 20 49 6e 73 74 65 61 64 20 6f 66 20 49 50 20 61 64 64 72	P.forwarding..Instead.of.IP.addr
90660	65 73 73 65 73 20 62 65 69 6e 67 20 75 73 65 64 20 74 6f 20 6d 61 6b 65 20 74 68 65 20 64 65 63	esses.being.used.to.make.the.dec
90680	69 73 69 6f 6e 20 6f 6e 20 66 69 6e 64 69 6e 67 20 74 68 65 20 65 78 69 74 20 69 6e 74 65 72 66	ision.on.finding.the.exit.interf
906a0	61 63 65 2c 20 61 20 72 6f 75 74 65 72 20 77 69 6c 6c 20 69 6e 73 74 65 61 64 20 75 73 65 20 61	ace,.a.router.will.instead.use.a
906c0	6e 20 65 78 61 63 74 20 6d 61 74 63 68 20 6f 6e 20 61 20 33 32 20 62 69 74 2f 34 20 62 79 74 65	n.exact.match.on.a.32.bit/4.byte
906e0	20 68 65 61 64 65 72 20 63 61 6c 6c 65 64 20 74 68 65 20 4d 50 4c 53 20 6c 61 62 65 6c 2e 20 54	.header.called.the.MPLS.label..T
90700	68 69 73 20 6c 61 62 65 6c 20 69 73 20 69 6e 73 65 72 74 65 64 20 62 65 74 77 65 65 6e 20 74 68	his.label.is.inserted.between.th
90720	65 20 65 74 68 65 72 6e 65 74 20 28 6c 61 79 65 72 20 32 29 20 68 65 61 64 65 72 20 61 6e 64 20	e.ethernet.(layer.2).header.and.
90740	74 68 65 20 49 50 20 28 6c 61 79 65 72 20 33 29 20 68 65 61 64 65 72 2e 20 4f 6e 65 20 63 61 6e	the.IP.(layer.3).header..One.can
90760	20 73 74 61 74 69 63 61 6c 6c 79 20 6f 72 20 64 79 6e 61 6d 69 63 61 6c 6c 79 20 61 73 73 69 67	.statically.or.dynamically.assig
90780	6e 20 6c 61 62 65 6c 20 61 6c 6c 6f 63 61 74 69 6f 6e 73 2c 20 62 75 74 20 77 65 20 77 69 6c 6c	n.label.allocations,.but.we.will
907a0	20 66 6f 63 75 73 20 6f 6e 20 64 79 6e 61 6d 69 63 20 61 6c 6c 6f 63 61 74 69 6f 6e 20 6f 66 20	.focus.on.dynamic.allocation.of.
907c0	6c 61 62 65 6c 73 20 75 73 69 6e 67 20 73 6f 6d 65 20 73 6f 72 74 20 6f 66 20 6c 61 62 65 6c 20	labels.using.some.sort.of.label.
907e0	64 69 73 74 72 69 62 75 74 69 6f 6e 20 70 72 6f 74 6f 63 6f 6c 20 28 73 75 63 68 20 61 73 20 74	distribution.protocol.(such.as.t
90800	68 65 20 61 70 74 6c 79 20 6e 61 6d 65 64 20 4c 61 62 65 6c 20 44 69 73 74 72 69 62 75 74 69 6f	he.aptly.named.Label.Distributio
90820	6e 20 50 72 6f 74 6f 63 6f 6c 20 2f 20 4c 44 50 2c 20 52 65 73 6f 75 72 63 65 20 52 65 73 65 72	n.Protocol./.LDP,.Resource.Reser
90840	76 61 74 69 6f 6e 20 50 72 6f 74 6f 63 6f 6c 20 2f 20 52 53 56 50 2c 20 6f 72 20 53 65 67 6d 65	vation.Protocol./.RSVP,.or.Segme
90860	6e 74 20 52 6f 75 74 69 6e 67 20 74 68 72 6f 75 67 68 20 4f 53 50 46 2f 49 53 49 53 29 2e 20 54	nt.Routing.through.OSPF/ISIS)..T
90880	68 65 73 65 20 70 72 6f 74 6f 63 6f 6c 73 20 61 6c 6c 6f 77 20 66 6f 72 20 74 68 65 20 63 72 65	hese.protocols.allow.for.the.cre
908a0	61 74 69 6f 6e 20 6f 66 20 61 20 75 6e 69 64 69 72 65 63 74 69 6f 6e 61 6c 2f 75 6e 69 63 61 73	ation.of.a.unidirectional/unicas
908c0	74 20 70 61 74 68 20 63 61 6c 6c 65 64 20 61 20 6c 61 62 65 6c 65 64 20 73 77 69 74 63 68 65 64	t.path.called.a.labeled.switched
908e0	20 70 61 74 68 20 28 69 6e 69 74 69 61 6c 69 7a 65 64 20 61 73 20 4c 53 50 29 20 74 68 72 6f 75	.path.(initialized.as.LSP).throu
90900	67 68 6f 75 74 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 74 68 61 74 20 6f 70 65 72 61 74 65 73 20	ghout.the.network.that.operates.
90920	76 65 72 79 20 6d 75 63 68 20 6c 69 6b 65 20 61 20 74 75 6e 6e 65 6c 20 74 68 72 6f 75 67 68 20	very.much.like.a.tunnel.through.
90940	74 68 65 20 6e 65 74 77 6f 72 6b 2e 20 41 6e 20 65 61 73 79 20 77 61 79 20 6f 66 20 74 68 69 6e	the.network..An.easy.way.of.thin
90960	6b 69 6e 67 20 61 62 6f 75 74 20 68 6f 77 20 61 6e 20 4d 50 4c 53 20 4c 53 50 20 61 63 74 75 61	king.about.how.an.MPLS.LSP.actua
90980	6c 6c 79 20 66 6f 72 77 61 72 64 73 20 74 72 61 66 66 69 63 20 74 68 72 6f 75 67 68 6f 75 74 20	lly.forwards.traffic.throughout.
909a0	61 20 6e 65 74 77 6f 72 6b 20 69 73 20 74 6f 20 74 68 69 6e 6b 20 6f 66 20 61 20 47 52 45 20 74	a.network.is.to.think.of.a.GRE.t
909c0	75 6e 6e 65 6c 2e 20 54 68 65 79 20 61 72 65 20 6e 6f 74 20 74 68 65 20 73 61 6d 65 20 69 6e 20	unnel..They.are.not.the.same.in.
909e0	68 6f 77 20 74 68 65 79 20 6f 70 65 72 61 74 65 2c 20 62 75 74 20 74 68 65 79 20 61 72 65 20 74	how.they.operate,.but.they.are.t
90a00	68 65 20 73 61 6d 65 20 69 6e 20 68 6f 77 20 74 68 65 79 20 68 61 6e 64 6c 65 20 74 68 65 20 74	he.same.in.how.they.handle.the.t
90a20	75 6e 6e 65 6c 65 64 20 70 61 63 6b 65 74 2e 20 49 74 20 77 6f 75 6c 64 20 62 65 20 67 6f 6f 64	unneled.packet..It.would.be.good
90a40	20 74 6f 20 74 68 69 6e 6b 20 6f 66 20 4d 50 4c 53 20 61 73 20 61 20 74 75 6e 6e 65 6c 69 6e 67	.to.think.of.MPLS.as.a.tunneling
90a60	20 74 65 63 68 6e 6f 6c 6f 67 79 20 74 68 61 74 20 63 61 6e 20 62 65 20 75 73 65 64 20 74 6f 20	.technology.that.can.be.used.to.
90a80	74 72 61 6e 73 70 6f 72 74 20 6d 61 6e 79 20 64 69 66 66 65 72 65 6e 74 20 74 79 70 65 73 20 6f	transport.many.different.types.o
90aa0	66 20 70 61 63 6b 65 74 73 2c 20 74 6f 20 61 69 64 20 69 6e 20 74 72 61 66 66 69 63 20 65 6e 67	f.packets,.to.aid.in.traffic.eng
90ac0	69 6e 65 65 72 69 6e 67 20 62 79 20 61 6c 6c 6f 77 69 6e 67 20 6f 6e 65 20 74 6f 20 73 70 65 63	ineering.by.allowing.one.to.spec
90ae0	69 66 79 20 70 61 74 68 73 20 74 68 72 6f 75 67 68 6f 75 74 20 74 68 65 20 6e 65 74 77 6f 72 6b	ify.paths.throughout.the.network
90b00	20 28 75 73 69 6e 67 20 52 53 56 50 20 6f 72 20 53 52 29 2c 20 61 6e 64 20 74 6f 20 67 65 6e 65	.(using.RSVP.or.SR),.and.to.gene
90b20	72 61 6c 6c 79 20 61 6c 6c 6f 77 20 66 6f 72 20 65 61 73 69 65 72 20 69 6e 74 72 61 2f 69 6e 74	rally.allow.for.easier.intra/int
90b40	65 72 20 6e 65 74 77 6f 72 6b 20 74 72 61 6e 73 70 6f 72 74 20 6f 66 20 64 61 74 61 20 70 61 63	er.network.transport.of.data.pac
90b60	6b 65 74 73 2e 00 3a 61 62 62 72 3a 60 4e 41 54 20 28 4e 65 74 77 6f 72 6b 20 41 64 64 72 65 73	kets..:abbr:`NAT.(Network.Addres
90b80	73 20 54 72 61 6e 73 6c 61 74 69 6f 6e 29 60 20 69 73 20 61 20 63 6f 6d 6d 6f 6e 20 6d 65 74 68	s.Translation)`.is.a.common.meth
90ba0	6f 64 20 6f 66 20 72 65 6d 61 70 70 69 6e 67 20 6f 6e 65 20 49 50 20 61 64 64 72 65 73 73 20 73	od.of.remapping.one.IP.address.s
90bc0	70 61 63 65 20 69 6e 74 6f 20 61 6e 6f 74 68 65 72 20 62 79 20 6d 6f 64 69 66 79 69 6e 67 20 6e	pace.into.another.by.modifying.n
90be0	65 74 77 6f 72 6b 20 61 64 64 72 65 73 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 69 6e 20 74 68	etwork.address.information.in.th
90c00	65 20 49 50 20 68 65 61 64 65 72 20 6f 66 20 70 61 63 6b 65 74 73 20 77 68 69 6c 65 20 74 68 65	e.IP.header.of.packets.while.the
90c20	79 20 61 72 65 20 69 6e 20 74 72 61 6e 73 69 74 20 61 63 72 6f 73 73 20 61 20 74 72 61 66 66 69	y.are.in.transit.across.a.traffi
90c40	63 20 72 6f 75 74 69 6e 67 20 64 65 76 69 63 65 2e 20 54 68 65 20 74 65 63 68 6e 69 71 75 65 20	c.routing.device..The.technique.
90c60	77 61 73 20 6f 72 69 67 69 6e 61 6c 6c 79 20 75 73 65 64 20 61 73 20 61 20 73 68 6f 72 74 63 75	was.originally.used.as.a.shortcu
90c80	74 20 74 6f 20 61 76 6f 69 64 20 74 68 65 20 6e 65 65 64 20 74 6f 20 72 65 61 64 64 72 65 73 73	t.to.avoid.the.need.to.readdress
90ca0	20 65 76 65 72 79 20 68 6f 73 74 20 77 68 65 6e 20 61 20 6e 65 74 77 6f 72 6b 20 77 61 73 20 6d	.every.host.when.a.network.was.m
90cc0	6f 76 65 64 2e 20 49 74 20 68 61 73 20 62 65 63 6f 6d 65 20 61 20 70 6f 70 75 6c 61 72 20 61 6e	oved..It.has.become.a.popular.an
90ce0	64 20 65 73 73 65 6e 74 69 61 6c 20 74 6f 6f 6c 20 69 6e 20 63 6f 6e 73 65 72 76 69 6e 67 20 67	d.essential.tool.in.conserving.g
90d00	6c 6f 62 61 6c 20 61 64 64 72 65 73 73 20 73 70 61 63 65 20 69 6e 20 74 68 65 20 66 61 63 65 20	lobal.address.space.in.the.face.
90d20	6f 66 20 49 50 76 34 20 61 64 64 72 65 73 73 20 65 78 68 61 75 73 74 69 6f 6e 2e 20 4f 6e 65 20	of.IPv4.address.exhaustion..One.
90d40	49 6e 74 65 72 6e 65 74 2d 72 6f 75 74 61 62 6c 65 20 49 50 20 61 64 64 72 65 73 73 20 6f 66 20	Internet-routable.IP.address.of.
90d60	61 20 4e 41 54 20 67 61 74 65 77 61 79 20 63 61 6e 20 62 65 20 75 73 65 64 20 66 6f 72 20 61 6e	a.NAT.gateway.can.be.used.for.an
90d80	20 65 6e 74 69 72 65 20 70 72 69 76 61 74 65 20 6e 65 74 77 6f 72 6b 2e 00 3a 61 62 62 72 3a 60	.entire.private.network..:abbr:`
90da0	4e 41 54 20 28 4e 65 74 77 6f 72 6b 20 41 64 64 72 65 73 73 20 54 72 61 6e 73 6c 61 74 69 6f 6e	NAT.(Network.Address.Translation
90dc0	29 60 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 65 6e 74 69 72 65 6c 79 20 6f 6e 20 61 20 73	)`.is.configured.entirely.on.a.s
90de0	65 72 69 65 73 20 6f 66 20 73 6f 20 63 61 6c 6c 65 64 20 60 72 75 6c 65 73 60 2e 20 52 75 6c 65	eries.of.so.called.`rules`..Rule
90e00	73 20 61 72 65 20 6e 75 6d 62 65 72 65 64 20 61 6e 64 20 65 76 61 6c 75 61 74 65 64 20 62 79 20	s.are.numbered.and.evaluated.by.
90e20	74 68 65 20 75 6e 64 65 72 6c 79 69 6e 67 20 4f 53 20 69 6e 20 6e 75 6d 65 72 69 63 61 6c 20 6f	the.underlying.OS.in.numerical.o
90e40	72 64 65 72 21 20 54 68 65 20 72 75 6c 65 20 6e 75 6d 62 65 72 73 20 63 61 6e 20 62 65 20 63 68	rder!.The.rule.numbers.can.be.ch
90e60	61 6e 67 65 73 20 62 79 20 75 74 69 6c 69 7a 69 6e 67 20 74 68 65 20 3a 63 66 67 63 6d 64 3a 60	anges.by.utilizing.the.:cfgcmd:`
90e80	72 65 6e 61 6d 65 60 20 61 6e 64 20 3a 63 66 67 63 6d 64 3a 60 63 6f 70 79 60 20 63 6f 6d 6d 61	rename`.and.:cfgcmd:`copy`.comma
90ea0	6e 64 73 2e 00 3a 61 62 62 72 3a 60 4e 45 54 20 28 4e 65 74 77 6f 72 6b 20 45 6e 74 69 74 79 20	nds..:abbr:`NET.(Network.Entity.
90ec0	54 69 74 6c 65 29 60 20 73 65 6c 65 63 74 6f 72 3a 20 60 60 30 30 60 60 20 4d 75 73 74 20 61 6c	Title)`.selector:.``00``.Must.al
90ee0	77 61 79 73 20 62 65 20 30 30 2e 20 54 68 69 73 20 73 65 74 74 69 6e 67 20 69 6e 64 69 63 61 74	ways.be.00..This.setting.indicat
90f00	65 73 20 22 74 68 69 73 20 73 79 73 74 65 6d 22 20 6f 72 20 22 6c 6f 63 61 6c 20 73 79 73 74 65	es."this.system".or."local.syste
90f20	6d 2e 22 00 3a 61 62 62 72 3a 60 4e 48 52 50 20 28 4e 65 78 74 20 48 6f 70 20 52 65 73 6f 6c 75	m.".:abbr:`NHRP.(Next.Hop.Resolu
90f40	74 69 6f 6e 20 50 72 6f 74 6f 63 6f 6c 29 60 20 3a 72 66 63 3a 60 32 33 33 32 60 00 3a 61 62 62	tion.Protocol)`.:rfc:`2332`.:abb
90f60	72 3a 60 4e 50 54 76 36 20 28 49 50 76 36 2d 74 6f 2d 49 50 76 36 20 4e 65 74 77 6f 72 6b 20 50	r:`NPTv6.(IPv6-to-IPv6.Network.P
90f80	72 65 66 69 78 20 54 72 61 6e 73 6c 61 74 69 6f 6e 29 60 20 69 73 20 61 6e 20 61 64 64 72 65 73	refix.Translation)`.is.an.addres
90fa0	73 20 74 72 61 6e 73 6c 61 74 69 6f 6e 20 74 65 63 68 6e 6f 6c 6f 67 79 20 62 61 73 65 64 20 6f	s.translation.technology.based.o
90fc0	6e 20 49 50 76 36 20 6e 65 74 77 6f 72 6b 73 2c 20 75 73 65 64 20 74 6f 20 63 6f 6e 76 65 72 74	n.IPv6.networks,.used.to.convert
90fe0	20 61 6e 20 49 50 76 36 20 61 64 64 72 65 73 73 20 70 72 65 66 69 78 20 69 6e 20 61 6e 20 49 50	.an.IPv6.address.prefix.in.an.IP
91000	76 36 20 6d 65 73 73 61 67 65 20 69 6e 74 6f 20 61 6e 6f 74 68 65 72 20 49 50 76 36 20 61 64 64	v6.message.into.another.IPv6.add
91020	72 65 73 73 20 70 72 65 66 69 78 2e 20 57 65 20 63 61 6c 6c 20 74 68 69 73 20 61 64 64 72 65 73	ress.prefix..We.call.this.addres
91040	73 20 74 72 61 6e 73 6c 61 74 69 6f 6e 20 6d 65 74 68 6f 64 20 4e 41 54 36 36 2e 20 44 65 76 69	s.translation.method.NAT66..Devi
91060	63 65 73 20 74 68 61 74 20 73 75 70 70 6f 72 74 20 74 68 65 20 4e 41 54 36 36 20 66 75 6e 63 74	ces.that.support.the.NAT66.funct
91080	69 6f 6e 20 61 72 65 20 63 61 6c 6c 65 64 20 4e 41 54 36 36 20 64 65 76 69 63 65 73 2c 20 77 68	ion.are.called.NAT66.devices,.wh
910a0	69 63 68 20 63 61 6e 20 70 72 6f 76 69 64 65 20 4e 41 54 36 36 20 73 6f 75 72 63 65 20 61 6e 64	ich.can.provide.NAT66.source.and
910c0	20 64 65 73 74 69 6e 61 74 69 6f 6e 20 61 64 64 72 65 73 73 20 74 72 61 6e 73 6c 61 74 69 6f 6e	.destination.address.translation
910e0	20 66 75 6e 63 74 69 6f 6e 73 2e 00 3a 61 62 62 72 3a 60 4e 54 50 20 28 4e 65 74 77 6f 72 6b 20	.functions..:abbr:`NTP.(Network.
91100	54 69 6d 65 20 50 72 6f 74 6f 63 6f 6c 60 29 20 69 73 20 61 20 6e 65 74 77 6f 72 6b 69 6e 67 20	Time.Protocol`).is.a.networking.
91120	70 72 6f 74 6f 63 6f 6c 20 66 6f 72 20 63 6c 6f 63 6b 20 73 79 6e 63 68 72 6f 6e 69 7a 61 74 69	protocol.for.clock.synchronizati
91140	6f 6e 20 62 65 74 77 65 65 6e 20 63 6f 6d 70 75 74 65 72 20 73 79 73 74 65 6d 73 20 6f 76 65 72	on.between.computer.systems.over
91160	20 70 61 63 6b 65 74 2d 73 77 69 74 63 68 65 64 2c 20 76 61 72 69 61 62 6c 65 2d 6c 61 74 65 6e	.packet-switched,.variable-laten
91180	63 79 20 64 61 74 61 20 6e 65 74 77 6f 72 6b 73 2e 20 49 6e 20 6f 70 65 72 61 74 69 6f 6e 20 73	cy.data.networks..In.operation.s
911a0	69 6e 63 65 20 62 65 66 6f 72 65 20 31 39 38 35 2c 20 4e 54 50 20 69 73 20 6f 6e 65 20 6f 66 20	ince.before.1985,.NTP.is.one.of.
911c0	74 68 65 20 6f 6c 64 65 73 74 20 49 6e 74 65 72 6e 65 74 20 70 72 6f 74 6f 63 6f 6c 73 20 69 6e	the.oldest.Internet.protocols.in
911e0	20 63 75 72 72 65 6e 74 20 75 73 65 2e 00 3a 61 62 62 72 3a 60 4f 53 50 46 20 28 4f 70 65 6e 20	.current.use..:abbr:`OSPF.(Open.
91200	53 68 6f 72 74 65 73 74 20 50 61 74 68 20 46 69 72 73 74 29 60 20 69 73 20 61 20 72 6f 75 74 69	Shortest.Path.First)`.is.a.routi
91220	6e 67 20 70 72 6f 74 6f 63 6f 6c 20 66 6f 72 20 49 6e 74 65 72 6e 65 74 20 50 72 6f 74 6f 63 6f	ng.protocol.for.Internet.Protoco
91240	6c 20 28 49 50 29 20 6e 65 74 77 6f 72 6b 73 2e 20 49 74 20 75 73 65 73 20 61 20 6c 69 6e 6b 20	l.(IP).networks..It.uses.a.link.
91260	73 74 61 74 65 20 72 6f 75 74 69 6e 67 20 28 4c 53 52 29 20 61 6c 67 6f 72 69 74 68 6d 20 61 6e	state.routing.(LSR).algorithm.an
91280	64 20 66 61 6c 6c 73 20 69 6e 74 6f 20 74 68 65 20 67 72 6f 75 70 20 6f 66 20 69 6e 74 65 72 69	d.falls.into.the.group.of.interi
912a0	6f 72 20 67 61 74 65 77 61 79 20 70 72 6f 74 6f 63 6f 6c 73 20 28 49 47 50 73 29 2c 20 6f 70 65	or.gateway.protocols.(IGPs),.ope
912c0	72 61 74 69 6e 67 20 77 69 74 68 69 6e 20 61 20 73 69 6e 67 6c 65 20 61 75 74 6f 6e 6f 6d 6f 75	rating.within.a.single.autonomou
912e0	73 20 73 79 73 74 65 6d 20 28 41 53 29 2e 20 49 74 20 69 73 20 64 65 66 69 6e 65 64 20 61 73 20	s.system.(AS)..It.is.defined.as.
91300	4f 53 50 46 20 56 65 72 73 69 6f 6e 20 32 20 69 6e 20 3a 72 66 63 3a 60 32 33 32 38 60 20 28 31	OSPF.Version.2.in.:rfc:`2328`.(1
91320	39 39 38 29 20 66 6f 72 20 49 50 76 34 2e 20 55 70 64 61 74 65 73 20 66 6f 72 20 49 50 76 36 20	998).for.IPv4..Updates.for.IPv6.
91340	61 72 65 20 73 70 65 63 69 66 69 65 64 20 61 73 20 4f 53 50 46 20 56 65 72 73 69 6f 6e 20 33 20	are.specified.as.OSPF.Version.3.
91360	69 6e 20 3a 72 66 63 3a 60 35 33 34 30 60 20 28 32 30 30 38 29 2e 20 4f 53 50 46 20 73 75 70 70	in.:rfc:`5340`.(2008)..OSPF.supp
91380	6f 72 74 73 20 74 68 65 20 3a 61 62 62 72 3a 60 43 49 44 52 20 28 43 6c 61 73 73 6c 65 73 73 20	orts.the.:abbr:`CIDR.(Classless.
913a0	49 6e 74 65 72 2d 44 6f 6d 61 69 6e 20 52 6f 75 74 69 6e 67 29 60 20 61 64 64 72 65 73 73 69 6e	Inter-Domain.Routing)`.addressin
913c0	67 20 6d 6f 64 65 6c 2e 00 3a 61 62 62 72 3a 60 50 50 50 6f 45 20 28 50 6f 69 6e 74 2d 74 6f 2d	g.model..:abbr:`PPPoE.(Point-to-
913e0	50 6f 69 6e 74 20 50 72 6f 74 6f 63 6f 6c 20 6f 76 65 72 20 45 74 68 65 72 6e 65 74 29 60 20 69	Point.Protocol.over.Ethernet)`.i
91400	73 20 61 20 6e 65 74 77 6f 72 6b 20 70 72 6f 74 6f 63 6f 6c 20 66 6f 72 20 65 6e 63 61 70 73 75	s.a.network.protocol.for.encapsu
91420	6c 61 74 69 6e 67 20 50 50 50 20 66 72 61 6d 65 73 20 69 6e 73 69 64 65 20 45 74 68 65 72 6e 65	lating.PPP.frames.inside.Etherne
91440	74 20 66 72 61 6d 65 73 2e 20 49 74 20 61 70 70 65 61 72 65 64 20 69 6e 20 31 39 39 39 2c 20 69	t.frames..It.appeared.in.1999,.i
91460	6e 20 74 68 65 20 63 6f 6e 74 65 78 74 20 6f 66 20 74 68 65 20 62 6f 6f 6d 20 6f 66 20 44 53 4c	n.the.context.of.the.boom.of.DSL
91480	20 61 73 20 74 68 65 20 73 6f 6c 75 74 69 6f 6e 20 66 6f 72 20 74 75 6e 6e 65 6c 69 6e 67 20 70	.as.the.solution.for.tunneling.p
914a0	61 63 6b 65 74 73 20 6f 76 65 72 20 74 68 65 20 44 53 4c 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 74	ackets.over.the.DSL.connection.t
914c0	6f 20 74 68 65 20 3a 61 62 62 72 3a 60 49 53 50 73 20 28 49 6e 74 65 72 6e 65 74 20 53 65 72 76	o.the.:abbr:`ISPs.(Internet.Serv
914e0	69 63 65 20 50 72 6f 76 69 64 65 72 73 29 60 20 49 50 20 6e 65 74 77 6f 72 6b 2c 20 61 6e 64 20	ice.Providers)`.IP.network,.and.
91500	66 72 6f 6d 20 74 68 65 72 65 20 74 6f 20 74 68 65 20 72 65 73 74 20 6f 66 20 74 68 65 20 49 6e	from.there.to.the.rest.of.the.In
91520	74 65 72 6e 65 74 2e 20 41 20 32 30 30 35 20 6e 65 74 77 6f 72 6b 69 6e 67 20 62 6f 6f 6b 20 6e	ternet..A.2005.networking.book.n
91540	6f 74 65 64 20 74 68 61 74 20 22 4d 6f 73 74 20 44 53 4c 20 70 72 6f 76 69 64 65 72 73 20 75 73	oted.that."Most.DSL.providers.us
91560	65 20 50 50 50 6f 45 2c 20 77 68 69 63 68 20 70 72 6f 76 69 64 65 73 20 61 75 74 68 65 6e 74 69	e.PPPoE,.which.provides.authenti
91580	63 61 74 69 6f 6e 2c 20 65 6e 63 72 79 70 74 69 6f 6e 2c 20 61 6e 64 20 63 6f 6d 70 72 65 73 73	cation,.encryption,.and.compress
915a0	69 6f 6e 2e 22 20 54 79 70 69 63 61 6c 20 75 73 65 20 6f 66 20 50 50 50 6f 45 20 69 6e 76 6f 6c	ion.".Typical.use.of.PPPoE.invol
915c0	76 65 73 20 6c 65 76 65 72 61 67 69 6e 67 20 74 68 65 20 50 50 50 20 66 61 63 69 6c 69 74 69 65	ves.leveraging.the.PPP.facilitie
915e0	73 20 66 6f 72 20 61 75 74 68 65 6e 74 69 63 61 74 69 6e 67 20 74 68 65 20 75 73 65 72 20 77 69	s.for.authenticating.the.user.wi
91600	74 68 20 61 20 75 73 65 72 6e 61 6d 65 20 61 6e 64 20 70 61 73 73 77 6f 72 64 2c 20 70 72 65 64	th.a.username.and.password,.pred
91620	6f 6d 69 6e 61 74 65 6c 79 20 76 69 61 20 74 68 65 20 50 41 50 20 70 72 6f 74 6f 63 6f 6c 20 61	ominately.via.the.PAP.protocol.a
91640	6e 64 20 6c 65 73 73 20 6f 66 74 65 6e 20 76 69 61 20 43 48 41 50 2e 00 3a 61 62 62 72 3a 60 52	nd.less.often.via.CHAP..:abbr:`R
91660	41 73 20 28 52 6f 75 74 65 72 20 61 64 76 65 72 74 69 73 65 6d 65 6e 74 73 29 60 20 61 72 65 20	As.(Router.advertisements)`.are.
91680	64 65 73 63 72 69 62 65 64 20 69 6e 20 3a 72 66 63 3a 60 34 38 36 31 23 73 65 63 74 69 6f 6e 2d	described.in.:rfc:`4861#section-
916a0	34 2e 36 2e 32 60 2e 20 54 68 65 79 20 61 72 65 20 70 61 72 74 20 6f 66 20 77 68 61 74 20 69 73	4.6.2`..They.are.part.of.what.is
916c0	20 6b 6e 6f 77 6e 20 61 73 20 3a 61 62 62 72 3a 60 53 4c 41 41 43 20 28 53 74 61 74 65 6c 65 73	.known.as.:abbr:`SLAAC.(Stateles
916e0	73 20 41 64 64 72 65 73 73 20 41 75 74 6f 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 29 60 2e 00 3a	s.Address.Autoconfiguration)`..:
91700	61 62 62 72 3a 60 52 49 50 20 28 52 6f 75 74 69 6e 67 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 20 50	abbr:`RIP.(Routing.Information.P
91720	72 6f 74 6f 63 6f 6c 29 60 20 69 73 20 61 20 77 69 64 65 6c 79 20 64 65 70 6c 6f 79 65 64 20 69	rotocol)`.is.a.widely.deployed.i
91740	6e 74 65 72 69 6f 72 20 67 61 74 65 77 61 79 20 70 72 6f 74 6f 63 6f 6c 2e 20 52 49 50 20 77 61	nterior.gateway.protocol..RIP.wa
91760	73 20 64 65 76 65 6c 6f 70 65 64 20 69 6e 20 74 68 65 20 31 39 37 30 73 20 61 74 20 58 65 72 6f	s.developed.in.the.1970s.at.Xero
91780	78 20 4c 61 62 73 20 61 73 20 70 61 72 74 20 6f 66 20 74 68 65 20 58 4e 53 20 72 6f 75 74 69 6e	x.Labs.as.part.of.the.XNS.routin
917a0	67 20 70 72 6f 74 6f 63 6f 6c 2e 20 52 49 50 20 69 73 20 61 20 64 69 73 74 61 6e 63 65 2d 76 65	g.protocol..RIP.is.a.distance-ve
917c0	63 74 6f 72 20 70 72 6f 74 6f 63 6f 6c 20 61 6e 64 20 69 73 20 62 61 73 65 64 20 6f 6e 20 74 68	ctor.protocol.and.is.based.on.th
917e0	65 20 42 65 6c 6c 6d 61 6e 2d 46 6f 72 64 20 61 6c 67 6f 72 69 74 68 6d 73 2e 20 41 73 20 61 20	e.Bellman-Ford.algorithms..As.a.
91800	64 69 73 74 61 6e 63 65 2d 76 65 63 74 6f 72 20 70 72 6f 74 6f 63 6f 6c 2c 20 52 49 50 20 72 6f	distance-vector.protocol,.RIP.ro
91820	75 74 65 72 20 73 65 6e 64 20 75 70 64 61 74 65 73 20 74 6f 20 69 74 73 20 6e 65 69 67 68 62 6f	uter.send.updates.to.its.neighbo
91840	72 73 20 70 65 72 69 6f 64 69 63 61 6c 6c 79 2c 20 74 68 75 73 20 61 6c 6c 6f 77 69 6e 67 20 74	rs.periodically,.thus.allowing.t
91860	68 65 20 63 6f 6e 76 65 72 67 65 6e 63 65 20 74 6f 20 61 20 6b 6e 6f 77 6e 20 74 6f 70 6f 6c 6f	he.convergence.to.a.known.topolo
91880	67 79 2e 20 49 6e 20 65 61 63 68 20 75 70 64 61 74 65 2c 20 74 68 65 20 64 69 73 74 61 6e 63 65	gy..In.each.update,.the.distance
918a0	20 74 6f 20 61 6e 79 20 67 69 76 65 6e 20 6e 65 74 77 6f 72 6b 20 77 69 6c 6c 20 62 65 20 62 72	.to.any.given.network.will.be.br
918c0	6f 61 64 63 61 73 74 20 74 6f 20 69 74 73 20 6e 65 69 67 68 62 6f 72 69 6e 67 20 72 6f 75 74 65	oadcast.to.its.neighboring.route
918e0	72 2e 00 3a 61 62 62 72 3a 60 52 50 4b 49 20 28 52 65 73 6f 75 72 63 65 20 50 75 62 6c 69 63 20	r..:abbr:`RPKI.(Resource.Public.
91900	4b 65 79 20 49 6e 66 72 61 73 74 72 75 63 74 75 72 65 29 60 20 69 73 20 61 20 66 72 61 6d 65 77	Key.Infrastructure)`.is.a.framew
91920	6f 72 6b 20 3a 61 62 62 72 3a 60 50 4b 49 20 28 50 75 62 6c 69 63 20 4b 65 79 20 49 6e 66 72 61	ork.:abbr:`PKI.(Public.Key.Infra
91940	73 74 72 75 63 74 75 72 65 29 60 20 64 65 73 69 67 6e 65 64 20 74 6f 20 73 65 63 75 72 65 20 74	structure)`.designed.to.secure.t
91960	68 65 20 49 6e 74 65 72 6e 65 74 20 72 6f 75 74 69 6e 67 20 69 6e 66 72 61 73 74 72 75 63 74 75	he.Internet.routing.infrastructu
91980	72 65 2e 20 49 74 20 61 73 73 6f 63 69 61 74 65 73 20 42 47 50 20 72 6f 75 74 65 20 61 6e 6e 6f	re..It.associates.BGP.route.anno
919a0	75 6e 63 65 6d 65 6e 74 73 20 77 69 74 68 20 74 68 65 20 63 6f 72 72 65 63 74 20 6f 72 69 67 69	uncements.with.the.correct.origi
919c0	6e 61 74 69 6e 67 20 3a 61 62 62 72 3a 60 41 53 4e 20 28 41 75 74 6f 6e 6f 6d 75 73 20 53 79 73	nating.:abbr:`ASN.(Autonomus.Sys
919e0	74 65 6d 20 4e 75 6d 62 65 72 29 60 20 77 68 69 63 68 20 42 47 50 20 72 6f 75 74 65 72 73 20 63	tem.Number)`.which.BGP.routers.c
91a00	61 6e 20 74 68 65 6e 20 75 73 65 20 74 6f 20 63 68 65 63 6b 20 65 61 63 68 20 72 6f 75 74 65 20	an.then.use.to.check.each.route.
91a20	61 67 61 69 6e 73 74 20 74 68 65 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 3a 61 62 62 72 3a	against.the.corresponding.:abbr:
91a40	60 52 4f 41 20 28 52 6f 75 74 65 20 4f 72 69 67 69 6e 20 41 75 74 68 6f 72 69 73 61 74 69 6f 6e	`ROA.(Route.Origin.Authorisation
91a60	29 60 20 66 6f 72 20 76 61 6c 69 64 69 74 79 2e 20 52 50 4b 49 20 69 73 20 64 65 73 63 72 69 62	)`.for.validity..RPKI.is.describ
91a80	65 64 20 69 6e 20 3a 72 66 63 3a 60 36 34 38 30 60 2e 00 3a 61 62 62 72 3a 60 52 50 53 20 28 52	ed.in.:rfc:`6480`..:abbr:`RPS.(R
91aa0	65 63 65 69 76 65 20 50 61 63 6b 65 74 20 53 74 65 65 72 69 6e 67 29 60 20 69 73 20 6c 6f 67 69	eceive.Packet.Steering)`.is.logi
91ac0	63 61 6c 6c 79 20 61 20 73 6f 66 74 77 61 72 65 20 69 6d 70 6c 65 6d 65 6e 74 61 74 69 6f 6e 20	cally.a.software.implementation.
91ae0	6f 66 20 3a 61 62 62 72 3a 60 52 53 53 20 28 52 65 63 65 69 76 65 20 53 69 64 65 20 53 63 61 6c	of.:abbr:`RSS.(Receive.Side.Scal
91b00	69 6e 67 29 60 2e 20 42 65 69 6e 67 20 69 6e 20 73 6f 66 74 77 61 72 65 2c 20 69 74 20 69 73 20	ing)`..Being.in.software,.it.is.
91b20	6e 65 63 65 73 73 61 72 69 6c 79 20 63 61 6c 6c 65 64 20 6c 61 74 65 72 20 69 6e 20 74 68 65 20	necessarily.called.later.in.the.
91b40	64 61 74 61 70 61 74 68 2e 20 57 68 65 72 65 61 73 20 52 53 53 20 73 65 6c 65 63 74 73 20 74 68	datapath..Whereas.RSS.selects.th
91b60	65 20 71 75 65 75 65 20 61 6e 64 20 68 65 6e 63 65 20 43 50 55 20 74 68 61 74 20 77 69 6c 6c 20	e.queue.and.hence.CPU.that.will.
91b80	72 75 6e 20 74 68 65 20 68 61 72 64 77 61 72 65 20 69 6e 74 65 72 72 75 70 74 20 68 61 6e 64 6c	run.the.hardware.interrupt.handl
91ba0	65 72 2c 20 52 50 53 20 73 65 6c 65 63 74 73 20 74 68 65 20 43 50 55 20 74 6f 20 70 65 72 66 6f	er,.RPS.selects.the.CPU.to.perfo
91bc0	72 6d 20 70 72 6f 74 6f 63 6f 6c 20 70 72 6f 63 65 73 73 69 6e 67 20 61 62 6f 76 65 20 74 68 65	rm.protocol.processing.above.the
91be0	20 69 6e 74 65 72 72 75 70 74 20 68 61 6e 64 6c 65 72 2e 20 54 68 69 73 20 69 73 20 61 63 63 6f	.interrupt.handler..This.is.acco
91c00	6d 70 6c 69 73 68 65 64 20 62 79 20 70 6c 61 63 69 6e 67 20 74 68 65 20 70 61 63 6b 65 74 20 6f	mplished.by.placing.the.packet.o
91c20	6e 20 74 68 65 20 64 65 73 69 72 65 64 20 43 50 55 27 73 20 62 61 63 6b 6c 6f 67 20 71 75 65 75	n.the.desired.CPU's.backlog.queu
91c40	65 20 61 6e 64 20 77 61 6b 69 6e 67 20 75 70 20 74 68 65 20 43 50 55 20 66 6f 72 20 70 72 6f 63	e.and.waking.up.the.CPU.for.proc
91c60	65 73 73 69 6e 67 2e 20 52 50 53 20 68 61 73 20 73 6f 6d 65 20 61 64 76 61 6e 74 61 67 65 73 20	essing..RPS.has.some.advantages.
91c80	6f 76 65 72 20 52 53 53 3a 00 3a 61 62 62 72 3a 60 53 4c 41 41 43 20 28 53 74 61 74 65 6c 65 73	over.RSS:.:abbr:`SLAAC.(Stateles
91ca0	73 20 41 64 64 72 65 73 73 20 41 75 74 6f 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 29 60 20 3a 72	s.Address.Autoconfiguration)`.:r
91cc0	66 63 3a 60 34 38 36 32 60 2e 20 49 50 76 36 20 68 6f 73 74 73 20 63 61 6e 20 63 6f 6e 66 69 67	fc:`4862`..IPv6.hosts.can.config
91ce0	75 72 65 20 74 68 65 6d 73 65 6c 76 65 73 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 77 68 65	ure.themselves.automatically.whe
91d00	6e 20 63 6f 6e 6e 65 63 74 65 64 20 74 6f 20 61 6e 20 49 50 76 36 20 6e 65 74 77 6f 72 6b 20 75	n.connected.to.an.IPv6.network.u
91d20	73 69 6e 67 20 74 68 65 20 4e 65 69 67 68 62 6f 72 20 44 69 73 63 6f 76 65 72 79 20 50 72 6f 74	sing.the.Neighbor.Discovery.Prot
91d40	6f 63 6f 6c 20 76 69 61 20 3a 61 62 62 72 3a 60 49 43 4d 50 76 36 20 28 49 6e 74 65 72 6e 65 74	ocol.via.:abbr:`ICMPv6.(Internet
91d60	20 43 6f 6e 74 72 6f 6c 20 4d 65 73 73 61 67 65 20 50 72 6f 74 6f 63 6f 6c 20 76 65 72 73 69 6f	.Control.Message.Protocol.versio
91d80	6e 20 36 29 60 20 72 6f 75 74 65 72 20 64 69 73 63 6f 76 65 72 79 20 6d 65 73 73 61 67 65 73 2e	n.6)`.router.discovery.messages.
91da0	20 57 68 65 6e 20 66 69 72 73 74 20 63 6f 6e 6e 65 63 74 65 64 20 74 6f 20 61 20 6e 65 74 77 6f	.When.first.connected.to.a.netwo
91dc0	72 6b 2c 20 61 20 68 6f 73 74 20 73 65 6e 64 73 20 61 20 6c 69 6e 6b 2d 6c 6f 63 61 6c 20 72 6f	rk,.a.host.sends.a.link-local.ro
91de0	75 74 65 72 20 73 6f 6c 69 63 69 74 61 74 69 6f 6e 20 6d 75 6c 74 69 63 61 73 74 20 72 65 71 75	uter.solicitation.multicast.requ
91e00	65 73 74 20 66 6f 72 20 69 74 73 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 70 61 72 61 6d 65	est.for.its.configuration.parame
91e20	74 65 72 73 3b 20 72 6f 75 74 65 72 73 20 72 65 73 70 6f 6e 64 20 74 6f 20 73 75 63 68 20 61 20	ters;.routers.respond.to.such.a.
91e40	72 65 71 75 65 73 74 20 77 69 74 68 20 61 20 72 6f 75 74 65 72 20 61 64 76 65 72 74 69 73 65 6d	request.with.a.router.advertisem
91e60	65 6e 74 20 70 61 63 6b 65 74 20 74 68 61 74 20 63 6f 6e 74 61 69 6e 73 20 49 6e 74 65 72 6e 65	ent.packet.that.contains.Interne
91e80	74 20 4c 61 79 65 72 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 70 61 72 61 6d 65 74 65 72 73	t.Layer.configuration.parameters
91ea0	2e 00 3a 61 62 62 72 3a 60 53 4e 41 54 20 28 53 6f 75 72 63 65 20 4e 65 74 77 6f 72 6b 20 41 64	..:abbr:`SNAT.(Source.Network.Ad
91ec0	64 72 65 73 73 20 54 72 61 6e 73 6c 61 74 69 6f 6e 29 60 20 69 73 20 74 68 65 20 6d 6f 73 74 20	dress.Translation)`.is.the.most.
91ee0	63 6f 6d 6d 6f 6e 20 66 6f 72 6d 20 6f 66 20 3a 61 62 62 72 3a 60 4e 41 54 20 28 4e 65 74 77 6f	common.form.of.:abbr:`NAT.(Netwo
91f00	72 6b 20 41 64 64 72 65 73 73 20 54 72 61 6e 73 6c 61 74 69 6f 6e 29 60 20 61 6e 64 20 69 73 20	rk.Address.Translation)`.and.is.
91f20	74 79 70 69 63 61 6c 6c 79 20 72 65 66 65 72 72 65 64 20 74 6f 20 73 69 6d 70 6c 79 20 61 73 20	typically.referred.to.simply.as.
91f40	4e 41 54 2e 20 54 6f 20 62 65 20 6d 6f 72 65 20 63 6f 72 72 65 63 74 2c 20 77 68 61 74 20 6d 6f	NAT..To.be.more.correct,.what.mo
91f60	73 74 20 70 65 6f 70 6c 65 20 72 65 66 65 72 20 74 6f 20 61 73 20 3a 61 62 62 72 3a 60 4e 41 54	st.people.refer.to.as.:abbr:`NAT
91f80	20 28 4e 65 74 77 6f 72 6b 20 41 64 64 72 65 73 73 20 54 72 61 6e 73 6c 61 74 69 6f 6e 29 60 20	.(Network.Address.Translation)`.
91fa0	69 73 20 61 63 74 75 61 6c 6c 79 20 74 68 65 20 70 72 6f 63 65 73 73 20 6f 66 20 3a 61 62 62 72	is.actually.the.process.of.:abbr
91fc0	3a 60 50 41 54 20 28 50 6f 72 74 20 41 64 64 72 65 73 73 20 54 72 61 6e 73 6c 61 74 69 6f 6e 29	:`PAT.(Port.Address.Translation)
91fe0	60 2c 20 6f 72 20 4e 41 54 20 6f 76 65 72 6c 6f 61 64 2e 20 53 4e 41 54 20 69 73 20 74 79 70 69	`,.or.NAT.overload..SNAT.is.typi
92000	63 61 6c 6c 79 20 75 73 65 64 20 62 79 20 69 6e 74 65 72 6e 61 6c 20 75 73 65 72 73 2f 70 72 69	cally.used.by.internal.users/pri
92020	76 61 74 65 20 68 6f 73 74 73 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 49 6e 74 65 72 6e 65	vate.hosts.to.access.the.Interne
92040	74 20 2d 20 74 68 65 20 73 6f 75 72 63 65 20 61 64 64 72 65 73 73 20 69 73 20 74 72 61 6e 73 6c	t.-.the.source.address.is.transl
92060	61 74 65 64 20 61 6e 64 20 74 68 75 73 20 6b 65 70 74 20 70 72 69 76 61 74 65 2e 00 3a 61 62 62	ated.and.thus.kept.private..:abb
92080	72 3a 60 53 4e 4d 50 20 28 53 69 6d 70 6c 65 20 4e 65 74 77 6f 72 6b 20 4d 61 6e 61 67 65 6d 65	r:`SNMP.(Simple.Network.Manageme
920a0	6e 74 20 50 72 6f 74 6f 63 6f 6c 29 60 20 69 73 20 61 6e 20 49 6e 74 65 72 6e 65 74 20 53 74 61	nt.Protocol)`.is.an.Internet.Sta
920c0	6e 64 61 72 64 20 70 72 6f 74 6f 63 6f 6c 20 66 6f 72 20 63 6f 6c 6c 65 63 74 69 6e 67 20 61 6e	ndard.protocol.for.collecting.an
920e0	64 20 6f 72 67 61 6e 69 7a 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 6d	d.organizing.information.about.m
92100	61 6e 61 67 65 64 20 64 65 76 69 63 65 73 20 6f 6e 20 49 50 20 6e 65 74 77 6f 72 6b 73 20 61 6e	anaged.devices.on.IP.networks.an
92120	64 20 66 6f 72 20 6d 6f 64 69 66 79 69 6e 67 20 74 68 61 74 20 69 6e 66 6f 72 6d 61 74 69 6f 6e	d.for.modifying.that.information
92140	20 74 6f 20 63 68 61 6e 67 65 20 64 65 76 69 63 65 20 62 65 68 61 76 69 6f 72 2e 20 44 65 76 69	.to.change.device.behavior..Devi
92160	63 65 73 20 74 68 61 74 20 74 79 70 69 63 61 6c 6c 79 20 73 75 70 70 6f 72 74 20 53 4e 4d 50 20	ces.that.typically.support.SNMP.
92180	69 6e 63 6c 75 64 65 20 63 61 62 6c 65 20 6d 6f 64 65 6d 73 2c 20 72 6f 75 74 65 72 73 2c 20 73	include.cable.modems,.routers,.s
921a0	77 69 74 63 68 65 73 2c 20 73 65 72 76 65 72 73 2c 20 77 6f 72 6b 73 74 61 74 69 6f 6e 73 2c 20	witches,.servers,.workstations,.
921c0	70 72 69 6e 74 65 72 73 2c 20 61 6e 64 20 6d 6f 72 65 2e 00 3a 61 62 62 72 3a 60 53 4e 50 54 76	printers,.and.more..:abbr:`SNPTv
921e0	36 20 28 53 6f 75 72 63 65 20 49 50 76 36 2d 74 6f 2d 49 50 76 36 20 4e 65 74 77 6f 72 6b 20 50	6.(Source.IPv6-to-IPv6.Network.P
92200	72 65 66 69 78 20 54 72 61 6e 73 6c 61 74 69 6f 6e 29 60 20 54 68 65 20 63 6f 6e 76 65 72 73 69	refix.Translation)`.The.conversi
92220	6f 6e 20 66 75 6e 63 74 69 6f 6e 20 69 73 20 6d 61 69 6e 6c 79 20 75 73 65 64 20 69 6e 20 74 68	on.function.is.mainly.used.in.th
92240	65 20 66 6f 6c 6c 6f 77 69 6e 67 20 73 63 65 6e 61 72 69 6f 73 3a 00 3a 61 62 62 72 3a 60 53 53	e.following.scenarios:.:abbr:`SS
92260	48 20 28 53 65 63 75 72 65 20 53 68 65 6c 6c 29 60 20 69 73 20 61 20 63 72 79 70 74 6f 67 72 61	H.(Secure.Shell)`.is.a.cryptogra
92280	70 68 69 63 20 6e 65 74 77 6f 72 6b 20 70 72 6f 74 6f 63 6f 6c 20 66 6f 72 20 6f 70 65 72 61 74	phic.network.protocol.for.operat
922a0	69 6e 67 20 6e 65 74 77 6f 72 6b 20 73 65 72 76 69 63 65 73 20 73 65 63 75 72 65 6c 79 20 6f 76	ing.network.services.securely.ov
922c0	65 72 20 61 6e 20 75 6e 73 65 63 75 72 65 64 20 6e 65 74 77 6f 72 6b 2e 20 54 68 65 20 73 74 61	er.an.unsecured.network..The.sta
922e0	6e 64 61 72 64 20 54 43 50 20 70 6f 72 74 20 66 6f 72 20 53 53 48 20 69 73 20 32 32 2e 20 54 68	ndard.TCP.port.for.SSH.is.22..Th
92300	65 20 62 65 73 74 20 6b 6e 6f 77 6e 20 65 78 61 6d 70 6c 65 20 61 70 70 6c 69 63 61 74 69 6f 6e	e.best.known.example.application
92320	20 69 73 20 66 6f 72 20 72 65 6d 6f 74 65 20 6c 6f 67 69 6e 20 74 6f 20 63 6f 6d 70 75 74 65 72	.is.for.remote.login.to.computer
92340	20 73 79 73 74 65 6d 73 20 62 79 20 75 73 65 72 73 2e 00 3a 61 62 62 72 3a 60 53 53 54 50 20 28	.systems.by.users..:abbr:`SSTP.(
92360	53 65 63 75 72 65 20 53 6f 63 6b 65 74 20 54 75 6e 6e 65 6c 69 6e 67 20 50 72 6f 74 6f 63 6f 6c	Secure.Socket.Tunneling.Protocol
92380	29 60 20 69 73 20 61 20 66 6f 72 6d 20 6f 66 20 3a 61 62 62 72 3a 60 56 50 4e 20 28 56 69 72 74	)`.is.a.form.of.:abbr:`VPN.(Virt
923a0	75 61 6c 20 50 72 69 76 61 74 65 20 4e 65 74 77 6f 72 6b 29 60 20 74 75 6e 6e 65 6c 20 74 68 61	ual.Private.Network)`.tunnel.tha
923c0	74 20 70 72 6f 76 69 64 65 73 20 61 20 6d 65 63 68 61 6e 69 73 6d 20 74 6f 20 74 72 61 6e 73 70	t.provides.a.mechanism.to.transp
923e0	6f 72 74 20 50 50 50 20 74 72 61 66 66 69 63 20 74 68 72 6f 75 67 68 20 61 6e 20 53 53 4c 2f 54	ort.PPP.traffic.through.an.SSL/T
92400	4c 53 20 63 68 61 6e 6e 65 6c 2e 20 53 53 4c 2f 54 4c 53 20 70 72 6f 76 69 64 65 73 20 74 72 61	LS.channel..SSL/TLS.provides.tra
92420	6e 73 70 6f 72 74 2d 6c 65 76 65 6c 20 73 65 63 75 72 69 74 79 20 77 69 74 68 20 6b 65 79 20 6e	nsport-level.security.with.key.n
92440	65 67 6f 74 69 61 74 69 6f 6e 2c 20 65 6e 63 72 79 70 74 69 6f 6e 20 61 6e 64 20 74 72 61 66 66	egotiation,.encryption.and.traff
92460	69 63 20 69 6e 74 65 67 72 69 74 79 20 63 68 65 63 6b 69 6e 67 2e 20 54 68 65 20 75 73 65 20 6f	ic.integrity.checking..The.use.o
92480	66 20 53 53 4c 2f 54 4c 53 20 6f 76 65 72 20 54 43 50 20 70 6f 72 74 20 34 34 33 20 61 6c 6c 6f	f.SSL/TLS.over.TCP.port.443.allo
924a0	77 73 20 53 53 54 50 20 74 6f 20 70 61 73 73 20 74 68 72 6f 75 67 68 20 76 69 72 74 75 61 6c 6c	ws.SSTP.to.pass.through.virtuall
924c0	79 20 61 6c 6c 20 66 69 72 65 77 61 6c 6c 73 20 61 6e 64 20 70 72 6f 78 79 20 73 65 72 76 65 72	y.all.firewalls.and.proxy.server
924e0	73 20 65 78 63 65 70 74 20 66 6f 72 20 61 75 74 68 65 6e 74 69 63 61 74 65 64 20 77 65 62 20 70	s.except.for.authenticated.web.p
92500	72 6f 78 69 65 73 2e 00 3a 61 62 62 72 3a 60 53 53 54 50 20 28 53 65 63 75 72 65 20 53 6f 63 6b	roxies..:abbr:`SSTP.(Secure.Sock
92520	65 74 20 54 75 6e 6e 65 6c 69 6e 67 20 50 72 6f 74 6f 63 6f 6c 29 60 20 69 73 20 61 20 66 6f 72	et.Tunneling.Protocol)`.is.a.for
92540	6d 20 6f 66 20 3a 61 62 62 72 3a 60 56 54 50 20 28 56 69 72 74 75 61 6c 20 50 72 69 76 61 74 65	m.of.:abbr:`VTP.(Virtual.Private
92560	20 4e 65 74 77 6f 72 6b 29 60 20 74 75 6e 6e 65 6c 20 74 68 61 74 20 70 72 6f 76 69 64 65 73 20	.Network)`.tunnel.that.provides.
92580	61 20 6d 65 63 68 61 6e 69 73 6d 20 74 6f 20 74 72 61 6e 73 70 6f 72 74 20 50 50 50 20 74 72 61	a.mechanism.to.transport.PPP.tra
925a0	66 66 69 63 20 74 68 72 6f 75 67 68 20 61 6e 20 53 53 4c 2f 54 4c 53 20 63 68 61 6e 6e 65 6c 2e	ffic.through.an.SSL/TLS.channel.
925c0	20 53 53 4c 2f 54 4c 53 20 70 72 6f 76 69 64 65 73 20 74 72 61 6e 73 70 6f 72 74 2d 6c 65 76 65	.SSL/TLS.provides.transport-leve
925e0	6c 20 73 65 63 75 72 69 74 79 20 77 69 74 68 20 6b 65 79 20 6e 65 67 6f 74 69 61 74 69 6f 6e 2c	l.security.with.key.negotiation,
92600	20 65 6e 63 72 79 70 74 69 6f 6e 20 61 6e 64 20 74 72 61 66 66 69 63 20 69 6e 74 65 67 72 69 74	.encryption.and.traffic.integrit
92620	79 20 63 68 65 63 6b 69 6e 67 2e 20 54 68 65 20 75 73 65 20 6f 66 20 53 53 4c 2f 54 4c 53 20 6f	y.checking..The.use.of.SSL/TLS.o
92640	76 65 72 20 54 43 50 20 70 6f 72 74 20 34 34 33 20 28 62 79 20 64 65 66 61 75 6c 74 2c 20 70 6f	ver.TCP.port.443.(by.default,.po
92660	72 74 20 63 61 6e 20 62 65 20 63 68 61 6e 67 65 64 29 20 61 6c 6c 6f 77 73 20 53 53 54 50 20 74	rt.can.be.changed).allows.SSTP.t
92680	6f 20 70 61 73 73 20 74 68 72 6f 75 67 68 20 76 69 72 74 75 61 6c 6c 79 20 61 6c 6c 20 66 69 72	o.pass.through.virtually.all.fir
926a0	65 77 61 6c 6c 73 20 61 6e 64 20 70 72 6f 78 79 20 73 65 72 76 65 72 73 20 65 78 63 65 70 74 20	ewalls.and.proxy.servers.except.
926c0	66 6f 72 20 61 75 74 68 65 6e 74 69 63 61 74 65 64 20 77 65 62 20 70 72 6f 78 69 65 73 2e 00 3a	for.authenticated.web.proxies..:
926e0	61 62 62 72 3a 60 53 54 50 20 28 53 70 61 6e 6e 69 6e 67 20 54 72 65 65 20 50 72 6f 74 6f 63 6f	abbr:`STP.(Spanning.Tree.Protoco
92700	6c 29 60 20 69 73 20 61 20 6e 65 74 77 6f 72 6b 20 70 72 6f 74 6f 63 6f 6c 20 74 68 61 74 20 62	l)`.is.a.network.protocol.that.b
92720	75 69 6c 64 73 20 61 20 6c 6f 6f 70 2d 66 72 65 65 20 6c 6f 67 69 63 61 6c 20 74 6f 70 6f 6c 6f	uilds.a.loop-free.logical.topolo
92740	67 79 20 66 6f 72 20 45 74 68 65 72 6e 65 74 20 6e 65 74 77 6f 72 6b 73 2e 20 54 68 65 20 62 61	gy.for.Ethernet.networks..The.ba
92760	73 69 63 20 66 75 6e 63 74 69 6f 6e 20 6f 66 20 53 54 50 20 69 73 20 74 6f 20 70 72 65 76 65 6e	sic.function.of.STP.is.to.preven
92780	74 20 62 72 69 64 67 65 20 6c 6f 6f 70 73 20 61 6e 64 20 74 68 65 20 62 72 6f 61 64 63 61 73 74	t.bridge.loops.and.the.broadcast
927a0	20 72 61 64 69 61 74 69 6f 6e 20 74 68 61 74 20 72 65 73 75 6c 74 73 20 66 72 6f 6d 20 74 68 65	.radiation.that.results.from.the
927c0	6d 2e 20 53 70 61 6e 6e 69 6e 67 20 74 72 65 65 20 61 6c 73 6f 20 61 6c 6c 6f 77 73 20 61 20 6e	m..Spanning.tree.also.allows.a.n
927e0	65 74 77 6f 72 6b 20 64 65 73 69 67 6e 20 74 6f 20 69 6e 63 6c 75 64 65 20 62 61 63 6b 75 70 20	etwork.design.to.include.backup.
92800	6c 69 6e 6b 73 20 70 72 6f 76 69 64 69 6e 67 20 66 61 75 6c 74 20 74 6f 6c 65 72 61 6e 63 65 20	links.providing.fault.tolerance.
92820	69 66 20 61 6e 20 61 63 74 69 76 65 20 6c 69 6e 6b 20 66 61 69 6c 73 2e 00 3a 61 62 62 72 3a 60	if.an.active.link.fails..:abbr:`
92840	54 46 54 50 20 28 54 72 69 76 69 61 6c 20 46 69 6c 65 20 54 72 61 6e 73 66 65 72 20 50 72 6f 74	TFTP.(Trivial.File.Transfer.Prot
92860	6f 63 6f 6c 29 60 20 69 73 20 61 20 73 69 6d 70 6c 65 2c 20 6c 6f 63 6b 73 74 65 70 20 66 69 6c	ocol)`.is.a.simple,.lockstep.fil
92880	65 20 74 72 61 6e 73 66 65 72 20 70 72 6f 74 6f 63 6f 6c 20 77 68 69 63 68 20 61 6c 6c 6f 77 73	e.transfer.protocol.which.allows
928a0	20 61 20 63 6c 69 65 6e 74 20 74 6f 20 67 65 74 20 61 20 66 69 6c 65 20 66 72 6f 6d 20 6f 72 20	.a.client.to.get.a.file.from.or.
928c0	70 75 74 20 61 20 66 69 6c 65 20 6f 6e 74 6f 20 61 20 72 65 6d 6f 74 65 20 68 6f 73 74 2e 20 4f	put.a.file.onto.a.remote.host..O
928e0	6e 65 20 6f 66 20 69 74 73 20 70 72 69 6d 61 72 79 20 75 73 65 73 20 69 73 20 69 6e 20 74 68 65	ne.of.its.primary.uses.is.in.the
92900	20 65 61 72 6c 79 20 73 74 61 67 65 73 20 6f 66 20 6e 6f 64 65 73 20 62 6f 6f 74 69 6e 67 20 66	.early.stages.of.nodes.booting.f
92920	72 6f 6d 20 61 20 6c 6f 63 61 6c 20 61 72 65 61 20 6e 65 74 77 6f 72 6b 2e 20 54 46 54 50 20 68	rom.a.local.area.network..TFTP.h
92940	61 73 20 62 65 65 6e 20 75 73 65 64 20 66 6f 72 20 74 68 69 73 20 61 70 70 6c 69 63 61 74 69 6f	as.been.used.for.this.applicatio
92960	6e 20 62 65 63 61 75 73 65 20 69 74 20 69 73 20 76 65 72 79 20 73 69 6d 70 6c 65 20 74 6f 20 69	n.because.it.is.very.simple.to.i
92980	6d 70 6c 65 6d 65 6e 74 2e 00 3a 61 62 62 72 3a 60 56 4e 49 20 28 56 69 72 74 75 61 6c 20 4e 65	mplement..:abbr:`VNI.(Virtual.Ne
929a0	74 77 6f 72 6b 20 49 64 65 6e 74 69 66 69 65 72 29 60 20 69 73 20 61 6e 20 69 64 65 6e 74 69 66	twork.Identifier)`.is.an.identif
929c0	69 65 72 20 66 6f 72 20 61 20 75 6e 69 71 75 65 20 65 6c 65 6d 65 6e 74 20 6f 66 20 61 20 76 69	ier.for.a.unique.element.of.a.vi
929e0	72 74 75 61 6c 20 6e 65 74 77 6f 72 6b 2e 20 20 49 6e 20 6d 61 6e 79 20 73 69 74 75 61 74 69 6f	rtual.network...In.many.situatio
92a00	6e 73 20 74 68 69 73 20 6d 61 79 20 72 65 70 72 65 73 65 6e 74 20 61 6e 20 4c 32 20 73 65 67 6d	ns.this.may.represent.an.L2.segm
92a20	65 6e 74 2c 20 68 6f 77 65 76 65 72 2c 20 74 68 65 20 63 6f 6e 74 72 6f 6c 20 70 6c 61 6e 65 20	ent,.however,.the.control.plane.
92a40	64 65 66 69 6e 65 73 20 74 68 65 20 66 6f 72 77 61 72 64 69 6e 67 20 73 65 6d 61 6e 74 69 63 73	defines.the.forwarding.semantics
92a60	20 6f 66 20 64 65 63 61 70 73 75 6c 61 74 65 64 20 70 61 63 6b 65 74 73 2e 20 54 68 65 20 56 4e	.of.decapsulated.packets..The.VN
92a80	49 20 4d 41 59 20 62 65 20 75 73 65 64 20 61 73 20 70 61 72 74 20 6f 66 20 45 43 4d 50 20 66 6f	I.MAY.be.used.as.part.of.ECMP.fo
92aa0	72 77 61 72 64 69 6e 67 20 64 65 63 69 73 69 6f 6e 73 20 6f 72 20 4d 41 59 20 62 65 20 75 73 65	rwarding.decisions.or.MAY.be.use
92ac0	64 20 61 73 20 61 20 6d 65 63 68 61 6e 69 73 6d 20 74 6f 20 64 69 73 74 69 6e 67 75 69 73 68 20	d.as.a.mechanism.to.distinguish.
92ae0	62 65 74 77 65 65 6e 20 6f 76 65 72 6c 61 70 70 69 6e 67 20 61 64 64 72 65 73 73 20 73 70 61 63	between.overlapping.address.spac
92b00	65 73 20 63 6f 6e 74 61 69 6e 65 64 20 69 6e 20 74 68 65 20 65 6e 63 61 70 73 75 6c 61 74 65 64	es.contained.in.the.encapsulated
92b20	20 70 61 63 6b 65 74 20 77 68 65 6e 20 6c 6f 61 64 20 62 61 6c 61 6e 63 69 6e 67 20 61 63 72 6f	.packet.when.load.balancing.acro
92b40	73 73 20 43 50 55 73 2e 00 3a 61 62 62 72 3a 60 56 52 46 20 28 56 69 72 74 75 61 6c 20 52 6f 75	ss.CPUs..:abbr:`VRF.(Virtual.Rou
92b60	74 69 6e 67 20 61 6e 64 20 46 6f 72 77 61 72 64 69 6e 67 29 60 20 64 65 76 69 63 65 73 20 63 6f	ting.and.Forwarding)`.devices.co
92b80	6d 62 69 6e 65 64 20 77 69 74 68 20 69 70 20 72 75 6c 65 73 20 70 72 6f 76 69 64 65 73 20 74 68	mbined.with.ip.rules.provides.th
92ba0	65 20 61 62 69 6c 69 74 79 20 74 6f 20 63 72 65 61 74 65 20 76 69 72 74 75 61 6c 20 72 6f 75 74	e.ability.to.create.virtual.rout
92bc0	69 6e 67 20 61 6e 64 20 66 6f 72 77 61 72 64 69 6e 67 20 64 6f 6d 61 69 6e 73 20 28 61 6b 61 20	ing.and.forwarding.domains.(aka.
92be0	56 52 46 73 2c 20 56 52 46 2d 6c 69 74 65 20 74 6f 20 62 65 20 73 70 65 63 69 66 69 63 29 20 69	VRFs,.VRF-lite.to.be.specific).i
92c00	6e 20 74 68 65 20 4c 69 6e 75 78 20 6e 65 74 77 6f 72 6b 20 73 74 61 63 6b 2e 20 4f 6e 65 20 75	n.the.Linux.network.stack..One.u
92c20	73 65 20 63 61 73 65 20 69 73 20 74 68 65 20 6d 75 6c 74 69 2d 74 65 6e 61 6e 63 79 20 70 72 6f	se.case.is.the.multi-tenancy.pro
92c40	62 6c 65 6d 20 77 68 65 72 65 20 65 61 63 68 20 74 65 6e 61 6e 74 20 68 61 73 20 74 68 65 69 72	blem.where.each.tenant.has.their
92c60	20 6f 77 6e 20 75 6e 69 71 75 65 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 73 20 61 6e 64 20 69	.own.unique.routing.tables.and.i
92c80	6e 20 74 68 65 20 76 65 72 79 20 6c 65 61 73 74 20 6e 65 65 64 20 64 69 66 66 65 72 65 6e 74 20	n.the.very.least.need.different.
92ca0	64 65 66 61 75 6c 74 20 67 61 74 65 77 61 79 73 2e 00 3a 61 62 62 72 3a 60 56 58 4c 41 4e 20 28	default.gateways..:abbr:`VXLAN.(
92cc0	56 69 72 74 75 61 6c 20 45 78 74 65 6e 73 69 62 6c 65 20 4c 41 4e 29 60 20 69 73 20 61 20 6e 65	Virtual.Extensible.LAN)`.is.a.ne
92ce0	74 77 6f 72 6b 20 76 69 72 74 75 61 6c 69 7a 61 74 69 6f 6e 20 74 65 63 68 6e 6f 6c 6f 67 79 20	twork.virtualization.technology.
92d00	74 68 61 74 20 61 74 74 65 6d 70 74 73 20 74 6f 20 61 64 64 72 65 73 73 20 74 68 65 20 73 63 61	that.attempts.to.address.the.sca
92d20	6c 61 62 69 6c 69 74 79 20 70 72 6f 62 6c 65 6d 73 20 61 73 73 6f 63 69 61 74 65 64 20 77 69 74	lability.problems.associated.wit
92d40	68 20 6c 61 72 67 65 20 63 6c 6f 75 64 20 63 6f 6d 70 75 74 69 6e 67 20 64 65 70 6c 6f 79 6d 65	h.large.cloud.computing.deployme
92d60	6e 74 73 2e 20 49 74 20 75 73 65 73 20 61 20 56 4c 41 4e 2d 6c 69 6b 65 20 65 6e 63 61 70 73 75	nts..It.uses.a.VLAN-like.encapsu
92d80	6c 61 74 69 6f 6e 20 74 65 63 68 6e 69 71 75 65 20 74 6f 20 65 6e 63 61 70 73 75 6c 61 74 65 20	lation.technique.to.encapsulate.
92da0	4f 53 49 20 6c 61 79 65 72 20 32 20 45 74 68 65 72 6e 65 74 20 66 72 61 6d 65 73 20 77 69 74 68	OSI.layer.2.Ethernet.frames.with
92dc0	69 6e 20 6c 61 79 65 72 20 34 20 55 44 50 20 64 61 74 61 67 72 61 6d 73 2c 20 75 73 69 6e 67 20	in.layer.4.UDP.datagrams,.using.
92de0	34 37 38 39 20 61 73 20 74 68 65 20 64 65 66 61 75 6c 74 20 49 41 4e 41 2d 61 73 73 69 67 6e 65	4789.as.the.default.IANA-assigne
92e00	64 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 55 44 50 20 70 6f 72 74 20 6e 75 6d 62 65 72 2e 20 56	d.destination.UDP.port.number..V
92e20	58 4c 41 4e 20 65 6e 64 70 6f 69 6e 74 73 2c 20 77 68 69 63 68 20 74 65 72 6d 69 6e 61 74 65 20	XLAN.endpoints,.which.terminate.
92e40	56 58 4c 41 4e 20 74 75 6e 6e 65 6c 73 20 61 6e 64 20 6d 61 79 20 62 65 20 65 69 74 68 65 72 20	VXLAN.tunnels.and.may.be.either.
92e60	76 69 72 74 75 61 6c 20 6f 72 20 70 68 79 73 69 63 61 6c 20 73 77 69 74 63 68 20 70 6f 72 74 73	virtual.or.physical.switch.ports
92e80	2c 20 61 72 65 20 6b 6e 6f 77 6e 20 61 73 20 3a 61 62 62 72 3a 60 56 54 45 50 73 20 28 56 58 4c	,.are.known.as.:abbr:`VTEPs.(VXL
92ea0	41 4e 20 74 75 6e 6e 65 6c 20 65 6e 64 70 6f 69 6e 74 73 29 60 2e 00 3a 61 62 62 72 3a 60 57 41	AN.tunnel.endpoints)`..:abbr:`WA
92ec0	50 20 28 57 69 72 65 6c 65 73 73 20 41 63 63 65 73 73 2d 50 6f 69 6e 74 29 60 20 70 72 6f 76 69	P.(Wireless.Access-Point)`.provi
92ee0	64 65 73 20 6e 65 74 77 6f 72 6b 20 61 63 63 65 73 73 20 74 6f 20 63 6f 6e 6e 65 63 74 69 6e 67	des.network.access.to.connecting
92f00	20 73 74 61 74 69 6f 6e 73 20 69 66 20 74 68 65 20 70 68 79 73 69 63 61 6c 20 68 61 72 64 77 61	.stations.if.the.physical.hardwa
92f20	72 65 20 73 75 70 70 6f 72 74 73 20 61 63 74 69 6e 67 20 61 73 20 61 20 57 41 50 00 3a 61 62 62	re.supports.acting.as.a.WAP.:abb
92f40	72 3a 60 57 4c 41 4e 20 28 57 69 72 65 6c 65 73 73 20 4c 41 4e 29 60 20 69 6e 74 65 72 66 61 63	r:`WLAN.(Wireless.LAN)`.interfac
92f60	65 20 70 72 6f 76 69 64 65 20 38 30 32 2e 31 31 20 28 61 2f 62 2f 67 2f 6e 2f 61 63 29 20 77 69	e.provide.802.11.(a/b/g/n/ac).wi
92f80	72 65 6c 65 73 73 20 73 75 70 70 6f 72 74 20 28 63 6f 6d 6d 6f 6e 6c 79 20 72 65 66 65 72 72 65	reless.support.(commonly.referre
92fa0	64 20 74 6f 20 61 73 20 57 69 2d 46 69 29 20 62 79 20 6d 65 61 6e 73 20 6f 66 20 63 6f 6d 70 61	d.to.as.Wi-Fi).by.means.of.compa
92fc0	74 69 62 6c 65 20 68 61 72 64 77 61 72 65 2e 20 49 66 20 79 6f 75 72 20 68 61 72 64 77 61 72 65	tible.hardware..If.your.hardware
92fe0	20 73 75 70 70 6f 72 74 73 20 69 74 2c 20 56 79 4f 53 20 73 75 70 70 6f 72 74 73 20 6d 75 6c 74	.supports.it,.VyOS.supports.mult
93000	69 70 6c 65 20 6c 6f 67 69 63 61 6c 20 77 69 72 65 6c 65 73 73 20 69 6e 74 65 72 66 61 63 65 73	iple.logical.wireless.interfaces
93020	20 70 65 72 20 70 68 79 73 69 63 61 6c 20 64 65 76 69 63 65 2e 00 3a 61 62 62 72 3a 60 57 50 41	.per.physical.device..:abbr:`WPA
93040	20 28 57 69 2d 46 69 20 50 72 6f 74 65 63 74 65 64 20 41 63 63 65 73 73 29 60 20 61 6e 64 20 57	.(Wi-Fi.Protected.Access)`.and.W
93060	50 41 32 20 45 6e 74 65 72 70 72 69 73 65 20 69 6e 20 63 6f 6d 62 69 6e 61 74 69 6f 6e 20 77 69	PA2.Enterprise.in.combination.wi
93080	74 68 20 38 30 32 2e 31 78 20 62 61 73 65 64 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 63	th.802.1x.based.authentication.c
930a0	61 6e 20 62 65 20 75 73 65 64 20 74 6f 20 61 75 74 68 65 6e 74 69 63 61 74 65 20 75 73 65 72 73	an.be.used.to.authenticate.users
930c0	20 6f 72 20 63 6f 6d 70 75 74 65 72 73 20 69 6e 20 61 20 64 6f 6d 61 69 6e 2e 00 3a 61 62 62 72	.or.computers.in.a.domain..:abbr
930e0	3a 60 6d 47 52 45 20 28 4d 75 6c 74 69 70 6f 69 6e 74 20 47 65 6e 65 72 69 63 20 52 6f 75 74 69	:`mGRE.(Multipoint.Generic.Routi
93100	6e 67 20 45 6e 63 61 70 73 75 6c 61 74 69 6f 6e 29 60 20 3a 72 66 63 3a 60 31 37 30 32 60 00 3a	ng.Encapsulation)`.:rfc:`1702`.:
93120	63 66 67 63 6d 64 3a 60 61 64 76 2d 72 6f 75 74 65 72 20 3c 41 2e 42 2e 43 2e 44 3e 60 20 e2 80	cfgcmd:`adv-router.<A.B.C.D>`...
93140	93 20 72 6f 75 74 65 72 20 69 64 2c 20 77 68 69 63 68 20 6c 69 6e 6b 20 61 64 76 65 72 74 69 73	..router.id,.which.link.advertis
93160	65 6d 65 6e 74 73 20 6e 65 65 64 20 74 6f 20 62 65 20 72 65 76 69 65 77 65 64 2e 00 3a 63 66 67	ements.need.to.be.reviewed..:cfg
93180	63 6d 64 3a 60 73 65 6c 66 2d 6f 72 69 67 69 6e 61 74 65 60 20 64 69 73 70 6c 61 79 73 20 6f 6e	cmd:`self-originate`.displays.on
931a0	6c 79 20 73 65 6c 66 2d 6f 72 69 67 69 6e 61 74 65 64 20 4c 53 41 73 20 66 72 6f 6d 20 74 68 65	ly.self-originated.LSAs.from.the
931c0	20 6c 6f 63 61 6c 20 72 6f 75 74 65 72 2e 00 3a 63 66 67 63 6d 64 3a 60 73 65 74 20 73 65 72 76	.local.router..:cfgcmd:`set.serv
931e0	69 63 65 20 63 6f 6e 6e 74 72 61 63 6b 2d 73 79 6e 63 20 69 6e 74 65 72 66 61 63 65 20 65 74 68	ice.conntrack-sync.interface.eth
93200	30 20 70 65 65 72 20 31 39 32 2e 31 36 38 2e 30 2e 32 35 30 60 00 3a 63 6f 64 65 3a 60 73 65 74	0.peer.192.168.0.250`.:code:`set
93220	20 73 65 72 76 69 63 65 20 77 65 62 70 72 6f 78 79 20 75 72 6c 2d 66 69 6c 74 65 72 69 6e 67 20	.service.webproxy.url-filtering.
93240	73 71 75 69 64 67 75 61 72 64 20 61 75 74 6f 2d 75 70 64 61 74 65 20 75 70 64 61 74 65 2d 68 6f	squidguard.auto-update.update-ho
93260	75 72 20 32 33 60 00 3a 63 6f 64 65 3a 60 73 65 74 20 73 65 72 76 69 63 65 20 77 65 62 70 72 6f	ur.23`.:code:`set.service.webpro
93280	78 79 20 75 72 6c 2d 66 69 6c 74 65 72 69 6e 67 20 73 71 75 69 64 67 75 61 72 64 20 62 6c 6f 63	xy.url-filtering.squidguard.bloc
932a0	6b 2d 63 61 74 65 67 6f 72 79 20 61 64 73 60 00 3a 63 6f 64 65 3a 60 73 65 74 20 73 65 72 76 69	k-category.ads`.:code:`set.servi
932c0	63 65 20 77 65 62 70 72 6f 78 79 20 75 72 6c 2d 66 69 6c 74 65 72 69 6e 67 20 73 71 75 69 64 67	ce.webproxy.url-filtering.squidg
932e0	75 61 72 64 20 62 6c 6f 63 6b 2d 63 61 74 65 67 6f 72 79 20 6d 61 6c 77 61 72 65 60 00 3a 63 6f	uard.block-category.malware`.:co
93300	64 65 3a 60 73 65 74 20 73 65 72 76 69 63 65 20 77 65 62 70 72 6f 78 79 20 77 68 69 74 65 6c 69	de:`set.service.webproxy.whiteli
93320	73 74 20 64 65 73 74 69 6e 61 74 69 6f 6e 2d 61 64 64 72 65 73 73 20 31 39 32 2e 30 2e 32 2e 30	st.destination-address.192.0.2.0
93340	2f 32 34 60 00 3a 63 6f 64 65 3a 60 73 65 74 20 73 65 72 76 69 63 65 20 77 65 62 70 72 6f 78 79	/24`.:code:`set.service.webproxy
93360	20 77 68 69 74 65 6c 69 73 74 20 64 65 73 74 69 6e 61 74 69 6f 6e 2d 61 64 64 72 65 73 73 20 31	.whitelist.destination-address.1
93380	39 38 2e 35 31 2e 31 30 30 2e 33 33 60 00 3a 63 6f 64 65 3a 60 73 65 74 20 73 65 72 76 69 63 65	98.51.100.33`.:code:`set.service
933a0	20 77 65 62 70 72 6f 78 79 20 77 68 69 74 65 6c 69 73 74 20 73 6f 75 72 63 65 2d 61 64 64 72 65	.webproxy.whitelist.source-addre
933c0	73 73 20 31 39 32 2e 31 36 38 2e 31 2e 32 60 00 3a 63 6f 64 65 3a 60 73 65 74 20 73 65 72 76 69	ss.192.168.1.2`.:code:`set.servi
933e0	63 65 20 77 65 62 70 72 6f 78 79 20 77 68 69 74 65 6c 69 73 74 20 73 6f 75 72 63 65 2d 61 64 64	ce.webproxy.whitelist.source-add
93400	72 65 73 73 20 31 39 32 2e 31 36 38 2e 32 2e 30 2f 32 34 60 00 3a 6c 61 73 74 70 72 6f 6f 66 72	ress.192.168.2.0/24`.:lastproofr
93420	65 61 64 3a 32 30 32 31 2d 30 37 2d 31 32 00 3a 6f 70 63 6d 64 3a 60 67 65 6e 65 72 61 74 65 20	ead:2021-07-12.:opcmd:`generate.
93440	70 6b 69 20 77 69 72 65 67 75 61 72 64 20 6b 65 79 2d 70 61 69 72 60 2e 00 3a 72 65 66 3a 60 72	pki.wireguard.key-pair`..:ref:`r
93460	6f 75 74 69 6e 67 2d 62 67 70 60 00 3a 72 65 66 3a 60 72 6f 75 74 69 6e 67 2d 62 67 70 60 3a 20	outing-bgp`.:ref:`routing-bgp`:.
93480	60 60 73 65 74 20 76 72 66 20 6e 61 6d 65 20 3c 6e 61 6d 65 3e 20 70 72 6f 74 6f 63 6f 6c 73 20	``set.vrf.name.<name>.protocols.
934a0	62 67 70 20 2e 2e 2e 60 60 00 3a 72 65 66 3a 60 72 6f 75 74 69 6e 67 2d 69 73 69 73 60 00 3a 72	bgp....``.:ref:`routing-isis`.:r
934c0	65 66 3a 60 72 6f 75 74 69 6e 67 2d 69 73 69 73 60 3a 20 60 60 73 65 74 20 76 72 66 20 6e 61 6d	ef:`routing-isis`:.``set.vrf.nam
934e0	65 20 3c 6e 61 6d 65 3e 20 70 72 6f 74 6f 63 6f 6c 73 20 69 73 69 73 20 2e 2e 2e 60 60 00 3a 72	e.<name>.protocols.isis....``.:r
93500	65 66 3a 60 72 6f 75 74 69 6e 67 2d 6f 73 70 66 60 00 3a 72 65 66 3a 60 72 6f 75 74 69 6e 67 2d	ef:`routing-ospf`.:ref:`routing-
93520	6f 73 70 66 60 3a 20 60 60 73 65 74 20 76 72 66 20 6e 61 6d 65 20 3c 6e 61 6d 65 3e 20 70 72 6f	ospf`:.``set.vrf.name.<name>.pro
93540	74 6f 63 6f 6c 73 20 6f 73 70 66 20 2e 2e 2e 60 60 00 3a 72 65 66 3a 60 72 6f 75 74 69 6e 67 2d	tocols.ospf....``.:ref:`routing-
93560	6f 73 70 66 76 33 60 00 3a 72 65 66 3a 60 72 6f 75 74 69 6e 67 2d 6f 73 70 66 76 33 60 3a 20 60	ospfv3`.:ref:`routing-ospfv3`:.`
93580	60 73 65 74 20 76 72 66 20 6e 61 6d 65 20 3c 6e 61 6d 65 3e 20 70 72 6f 74 6f 63 6f 6c 73 20 6f	`set.vrf.name.<name>.protocols.o
935a0	73 70 66 76 33 20 2e 2e 2e 60 60 00 3a 72 65 66 3a 60 72 6f 75 74 69 6e 67 2d 73 74 61 74 69 63	spfv3....``.:ref:`routing-static
935c0	60 00 3a 72 65 66 3a 60 72 6f 75 74 69 6e 67 2d 73 74 61 74 69 63 60 3a 20 60 60 73 65 74 20 76	`.:ref:`routing-static`:.``set.v
935e0	72 66 20 6e 61 6d 65 20 3c 6e 61 6d 65 3e 20 70 72 6f 74 6f 63 6f 6c 73 20 73 74 61 74 69 63 20	rf.name.<name>.protocols.static.
93600	2e 2e 2e 60 60 00 3a 72 66 63 3a 60 32 31 33 31 60 20 73 74 61 74 65 73 3a 20 54 68 65 20 63 6c	...``.:rfc:`2131`.states:.The.cl
93620	69 65 6e 74 20 4d 41 59 20 63 68 6f 6f 73 65 20 74 6f 20 65 78 70 6c 69 63 69 74 6c 79 20 70 72	ient.MAY.choose.to.explicitly.pr
93640	6f 76 69 64 65 20 74 68 65 20 69 64 65 6e 74 69 66 69 65 72 20 74 68 72 6f 75 67 68 20 74 68 65	ovide.the.identifier.through.the
93660	20 27 63 6c 69 65 6e 74 20 69 64 65 6e 74 69 66 69 65 72 27 20 6f 70 74 69 6f 6e 2e 20 49 66 20	.'client.identifier'.option..If.
93680	74 68 65 20 63 6c 69 65 6e 74 20 73 75 70 70 6c 69 65 73 20 61 20 27 63 6c 69 65 6e 74 20 69 64	the.client.supplies.a.'client.id
936a0	65 6e 74 69 66 69 65 72 27 2c 20 74 68 65 20 63 6c 69 65 6e 74 20 4d 55 53 54 20 75 73 65 20 74	entifier',.the.client.MUST.use.t
936c0	68 65 20 73 61 6d 65 20 27 63 6c 69 65 6e 74 20 69 64 65 6e 74 69 66 69 65 72 27 20 69 6e 20 61	he.same.'client.identifier'.in.a
936e0	6c 6c 20 73 75 62 73 65 71 75 65 6e 74 20 6d 65 73 73 61 67 65 73 2c 20 61 6e 64 20 74 68 65 20	ll.subsequent.messages,.and.the.
93700	73 65 72 76 65 72 20 4d 55 53 54 20 75 73 65 20 74 68 61 74 20 69 64 65 6e 74 69 66 69 65 72 20	server.MUST.use.that.identifier.
93720	74 6f 20 69 64 65 6e 74 69 66 79 20 74 68 65 20 63 6c 69 65 6e 74 2e 00 3a 72 66 63 3a 60 32 31	to.identify.the.client..:rfc:`21
93740	33 36 60 20 42 61 73 65 64 00 3a 72 66 63 3a 60 32 33 32 38 60 2c 20 74 68 65 20 73 75 63 63 65	36`.Based.:rfc:`2328`,.the.succe
93760	73 73 6f 72 20 74 6f 20 3a 72 66 63 3a 60 31 35 38 33 60 2c 20 73 75 67 67 65 73 74 73 20 61 63	ssor.to.:rfc:`1583`,.suggests.ac
93780	63 6f 72 64 69 6e 67 20 74 6f 20 73 65 63 74 69 6f 6e 20 47 2e 32 20 28 63 68 61 6e 67 65 73 29	cording.to.section.G.2.(changes)
937a0	20 69 6e 20 73 65 63 74 69 6f 6e 20 31 36 2e 34 2e 31 20 61 20 63 68 61 6e 67 65 20 74 6f 20 74	.in.section.16.4.1.a.change.to.t
937c0	68 65 20 70 61 74 68 20 70 72 65 66 65 72 65 6e 63 65 20 61 6c 67 6f 72 69 74 68 6d 20 74 68 61	he.path.preference.algorithm.tha
937e0	74 20 70 72 65 76 65 6e 74 73 20 70 6f 73 73 69 62 6c 65 20 72 6f 75 74 69 6e 67 20 6c 6f 6f 70	t.prevents.possible.routing.loop
93800	73 20 74 68 61 74 20 77 65 72 65 20 70 6f 73 73 69 62 6c 65 20 69 6e 20 74 68 65 20 6f 6c 64 20	s.that.were.possible.in.the.old.
93820	76 65 72 73 69 6f 6e 20 6f 66 20 4f 53 50 46 76 32 2e 20 4d 6f 72 65 20 73 70 65 63 69 66 69 63	version.of.OSPFv2..More.specific
93840	61 6c 6c 79 20 69 74 20 64 65 6d 61 6e 64 73 20 74 68 61 74 20 69 6e 74 65 72 2d 61 72 65 61 20	ally.it.demands.that.inter-area.
93860	70 61 74 68 73 20 61 6e 64 20 69 6e 74 72 61 2d 61 72 65 61 20 62 61 63 6b 62 6f 6e 65 20 70 61	paths.and.intra-area.backbone.pa
93880	74 68 20 61 72 65 20 6e 6f 77 20 6f 66 20 65 71 75 61 6c 20 70 72 65 66 65 72 65 6e 63 65 20 62	th.are.now.of.equal.preference.b
938a0	75 74 20 73 74 69 6c 6c 20 62 6f 74 68 20 70 72 65 66 65 72 72 65 64 20 74 6f 20 65 78 74 65 72	ut.still.both.preferred.to.exter
938c0	6e 61 6c 20 70 61 74 68 73 2e 00 3a 76 79 74 61 73 6b 3a 60 54 33 36 34 32 60 20 64 65 73 63 72	nal.paths..:vytask:`T3642`.descr
938e0	69 62 65 73 20 61 20 6e 65 77 20 43 4c 49 20 73 75 62 73 79 73 74 65 6d 20 74 68 61 74 20 73 65	ibes.a.new.CLI.subsystem.that.se
93900	72 76 65 73 20 61 73 20 61 20 22 63 65 72 74 73 74 6f 72 65 22 20 74 6f 20 61 6c 6c 20 73 65 72	rves.as.a."certstore".to.all.ser
93920	76 69 63 65 73 20 72 65 71 75 69 72 69 6e 67 20 61 6e 79 20 6b 69 6e 64 20 6f 66 20 65 6e 63 72	vices.requiring.any.kind.of.encr
93940	79 70 74 69 6f 6e 20 6b 65 79 28 73 29 2e 20 49 6e 20 73 68 6f 72 74 2c 20 70 75 62 6c 69 63 20	yption.key(s)..In.short,.public.
93960	61 6e 64 20 70 72 69 76 61 74 65 20 63 65 72 74 69 66 69 63 61 74 65 73 20 61 72 65 20 6e 6f 77	and.private.certificates.are.now
93980	20 73 74 6f 72 65 64 20 69 6e 20 50 4b 43 53 23 38 20 66 6f 72 6d 61 74 20 69 6e 20 74 68 65 20	.stored.in.PKCS#8.format.in.the.
939a0	72 65 67 75 6c 61 72 20 56 79 4f 53 20 43 4c 49 2e 20 4b 65 79 73 20 63 61 6e 20 6e 6f 77 20 62	regular.VyOS.CLI..Keys.can.now.b
939c0	65 20 61 64 64 65 64 2c 20 65 64 69 74 65 64 2c 20 61 6e 64 20 64 65 6c 65 74 65 64 20 75 73 69	e.added,.edited,.and.deleted.usi
939e0	6e 67 20 74 68 65 20 72 65 67 75 6c 61 72 20 73 65 74 2f 65 64 69 74 2f 64 65 6c 65 74 65 20 43	ng.the.regular.set/edit/delete.C
93a00	4c 49 20 63 6f 6d 6d 61 6e 64 73 2e 00 3c 31 2d 36 35 35 33 35 3e 3a 20 4e 75 6d 62 65 72 65 64	LI.commands..<1-65535>:.Numbered
93a20	20 70 6f 72 74 2e 00 3c 61 61 3a 6e 6e 3a 6e 6e 3e 3a 20 45 78 74 65 6e 64 65 64 20 63 6f 6d 6d	.port..<aa:nn:nn>:.Extended.comm
93a40	75 6e 69 74 79 20 6c 69 73 74 20 72 65 67 75 6c 61 72 20 65 78 70 72 65 73 73 69 6f 6e 2e 00 3c	unity.list.regular.expression..<
93a60	68 3a 68 3a 68 3a 68 3a 68 3a 68 3a 68 3a 68 2f 78 3e 3a 20 49 50 76 36 20 70 72 65 66 69 78 20	h:h:h:h:h:h:h:h/x>:.IPv6.prefix.
93a80	74 6f 20 6d 61 74 63 68 2e 00 3c 68 3a 68 3a 68 3a 68 3a 68 3a 68 3a 68 3a 68 3e 2d 3c 68 3a 68	to.match..<h:h:h:h:h:h:h:h>-<h:h
93aa0	3a 68 3a 68 3a 68 3a 68 3a 68 3a 68 3e 3a 20 49 50 76 36 20 72 61 6e 67 65 20 74 6f 20 6d 61 74	:h:h:h:h:h:h>:.IPv6.range.to.mat
93ac0	63 68 2e 00 3c 68 3a 68 3a 68 3a 68 3a 68 3a 68 3a 68 3a 68 3e 3a 20 49 50 76 36 20 61 64 64 72	ch..<h:h:h:h:h:h:h:h>:.IPv6.addr
93ae0	65 73 73 20 74 6f 20 6d 61 74 63 68 2e 00 3c 6c 69 6e 65 73 3e 00 3c 6e 75 6d 62 65 72 3e 20 6d	ess.to.match..<lines>.<number>.m
93b00	75 73 74 20 62 65 20 66 72 6f 6d 20 33 34 20 2d 20 31 37 33 2e 20 46 6f 72 20 38 30 20 4d 48 7a	ust.be.from.34.-.173..For.80.MHz
93b20	20 63 68 61 6e 6e 65 6c 73 20 69 74 20 73 68 6f 75 6c 64 20 62 65 20 63 68 61 6e 6e 65 6c 20 2b	.channels.it.should.be.channel.+
93b40	20 36 2e 00 3c 6e 75 6d 62 65 72 3e 20 e2 80 93 20 61 72 65 61 20 69 64 65 6e 74 69 66 69 65 72	.6..<number>.....area.identifier
93b60	20 74 68 72 6f 75 67 68 20 77 68 69 63 68 20 61 20 76 69 72 74 75 61 6c 20 6c 69 6e 6b 20 67 6f	.through.which.a.virtual.link.go
93b80	65 73 2e 20 3c 41 2e 42 2e 43 2e 44 3e 20 e2 80 93 20 41 42 52 20 72 6f 75 74 65 72 2d 69 64 20	es..<A.B.C.D>.....ABR.router-id.
93ba0	77 69 74 68 20 77 68 69 63 68 20 61 20 76 69 72 74 75 61 6c 20 6c 69 6e 6b 20 69 73 20 65 73 74	with.which.a.virtual.link.is.est
93bc0	61 62 6c 69 73 68 65 64 2e 20 56 69 72 74 75 61 6c 20 6c 69 6e 6b 20 6d 75 73 74 20 62 65 20 63	ablished..Virtual.link.must.be.c
93be0	6f 6e 66 69 67 75 72 65 64 20 6f 6e 20 62 6f 74 68 20 72 6f 75 74 65 72 73 2e 00 3c 70 6f 72 74	onfigured.on.both.routers..<port
93c00	20 6e 61 6d 65 3e 3a 20 4e 61 6d 65 64 20 70 6f 72 74 20 28 61 6e 79 20 6e 61 6d 65 20 69 6e 20	.name>:.Named.port.(any.name.in.
93c20	2f 65 74 63 2f 73 65 72 76 69 63 65 73 2c 20 65 2e 67 2e 2c 20 68 74 74 70 29 2e 00 3c 72 74 20	/etc/services,.e.g.,.http)..<rt.
93c40	61 61 3a 6e 6e 3a 6e 6e 3e 3a 20 52 6f 75 74 65 20 54 61 72 67 65 74 20 72 65 67 75 6c 61 72 20	aa:nn:nn>:.Route.Target.regular.
93c60	65 78 70 72 65 73 73 69 6f 6e 2e 00 3c 73 6f 6f 20 61 61 3a 6e 6e 3a 6e 6e 3e 3a 20 53 69 74 65	expression..<soo.aa:nn:nn>:.Site
93c80	20 6f 66 20 4f 72 69 67 69 6e 20 72 65 67 75 6c 61 72 20 65 78 70 72 65 73 73 69 6f 6e 2e 00 3c	.of.Origin.regular.expression..<
93ca0	73 74 61 72 74 3e 2d 3c 65 6e 64 3e 3a 20 4e 75 6d 62 65 72 65 64 20 70 6f 72 74 20 72 61 6e 67	start>-<end>:.Numbered.port.rang
93cc0	65 20 28 65 2e 67 2e 2c 20 31 30 30 31 2d 31 30 30 35 29 2e 00 3c 78 2e 78 2e 78 2e 78 2f 78 3e	e.(e.g.,.1001-1005)..<x.x.x.x/x>
93ce0	3a 20 53 75 62 6e 65 74 20 74 6f 20 6d 61 74 63 68 2e 00 3c 78 2e 78 2e 78 2e 78 3e 2d 3c 78 2e	:.Subnet.to.match..<x.x.x.x>-<x.
93d00	78 2e 78 2e 78 3e 3a 20 49 50 20 72 61 6e 67 65 20 74 6f 20 6d 61 74 63 68 2e 00 3c 78 2e 78 2e	x.x.x>:.IP.range.to.match..<x.x.
93d20	78 2e 78 3e 3a 20 49 50 20 61 64 64 72 65 73 73 20 74 6f 20 6d 61 74 63 68 2e 00 41 20 2a 2a 64	x.x>:.IP.address.to.match..A.**d
93d40	6f 6d 61 69 6e 20 67 72 6f 75 70 2a 2a 20 72 65 70 72 65 73 65 6e 74 73 20 61 20 63 6f 6c 6c 65	omain.group**.represents.a.colle
93d60	63 74 69 6f 6e 20 6f 66 20 64 6f 6d 61 69 6e 73 2e 00 41 20 2a 2a 6d 61 63 20 67 72 6f 75 70 2a	ction.of.domains..A.**mac.group*
93d80	2a 20 72 65 70 72 65 73 65 6e 74 73 20 61 20 63 6f 6c 6c 65 63 74 69 6f 6e 20 6f 66 20 6d 61 63	*.represents.a.collection.of.mac
93da0	20 61 64 64 72 65 73 73 65 73 2e 00 41 20 2a 2a 70 6f 72 74 20 67 72 6f 75 70 2a 2a 20 72 65 70	.addresses..A.**port.group**.rep
93dc0	72 65 73 65 6e 74 73 20 6f 6e 6c 79 20 70 6f 72 74 20 6e 75 6d 62 65 72 73 2c 20 6e 6f 74 20 74	resents.only.port.numbers,.not.t
93de0	68 65 20 70 72 6f 74 6f 63 6f 6c 2e 20 50 6f 72 74 20 67 72 6f 75 70 73 20 63 61 6e 20 62 65 20	he.protocol..Port.groups.can.be.
93e00	72 65 66 65 72 65 6e 63 65 64 20 66 6f 72 20 65 69 74 68 65 72 20 54 43 50 20 6f 72 20 55 44 50	referenced.for.either.TCP.or.UDP
93e20	2e 20 49 74 20 69 73 20 72 65 63 6f 6d 6d 65 6e 64 65 64 20 74 68 61 74 20 54 43 50 20 61 6e 64	..It.is.recommended.that.TCP.and
93e40	20 55 44 50 20 67 72 6f 75 70 73 20 61 72 65 20 63 72 65 61 74 65 64 20 73 65 70 61 72 61 74 65	.UDP.groups.are.created.separate
93e60	6c 79 20 74 6f 20 61 76 6f 69 64 20 61 63 63 69 64 65 6e 74 61 6c 6c 79 20 66 69 6c 74 65 72 69	ly.to.avoid.accidentally.filteri
93e80	6e 67 20 75 6e 6e 65 63 65 73 73 61 72 79 20 70 6f 72 74 73 2e 20 52 61 6e 67 65 73 20 6f 66 20	ng.unnecessary.ports..Ranges.of.
93ea0	70 6f 72 74 73 20 63 61 6e 20 62 65 20 73 70 65 63 69 66 69 65 64 20 62 79 20 75 73 69 6e 67 20	ports.can.be.specified.by.using.
93ec0	60 2d 60 2e 00 41 20 2a 62 69 74 2a 20 69 73 20 77 72 69 74 74 65 6e 20 61 73 20 2a 2a 62 69 74	`-`..A.*bit*.is.written.as.**bit
93ee0	2a 2a 2c 00 41 20 3a 61 62 62 72 3a 60 4e 49 53 20 28 4e 65 74 77 6f 72 6b 20 49 6e 66 6f 72 6d	**,.A.:abbr:`NIS.(Network.Inform
93f00	61 74 69 6f 6e 20 53 65 72 76 69 63 65 29 60 20 64 6f 6d 61 69 6e 20 63 61 6e 20 62 65 20 73 65	ation.Service)`.domain.can.be.se
93f20	74 20 74 6f 20 62 65 20 75 73 65 64 20 66 6f 72 20 44 48 43 50 76 36 20 63 6c 69 65 6e 74 73 2e	t.to.be.used.for.DHCPv6.clients.
93f40	00 41 20 42 47 50 20 63 6f 6e 66 65 64 65 72 61 74 69 6f 6e 20 64 69 76 69 64 65 73 20 6f 75 72	.A.BGP.confederation.divides.our
93f60	20 41 53 20 69 6e 74 6f 20 73 75 62 2d 41 53 65 73 20 74 6f 20 72 65 64 75 63 65 20 74 68 65 20	.AS.into.sub-ASes.to.reduce.the.
93f80	6e 75 6d 62 65 72 20 6f 66 20 72 65 71 75 69 72 65 64 20 49 42 47 50 20 70 65 65 72 69 6e 67 73	number.of.required.IBGP.peerings
93fa0	2e 20 57 69 74 68 69 6e 20 61 20 73 75 62 2d 41 53 20 77 65 20 73 74 69 6c 6c 20 72 65 71 75 69	..Within.a.sub-AS.we.still.requi
93fc0	72 65 20 66 75 6c 6c 2d 6d 65 73 68 20 49 42 47 50 20 62 75 74 20 62 65 74 77 65 65 6e 20 74 68	re.full-mesh.IBGP.but.between.th
93fe0	65 73 65 20 73 75 62 2d 41 53 65 73 20 77 65 20 75 73 65 20 73 6f 6d 65 74 68 69 6e 67 20 74 68	ese.sub-ASes.we.use.something.th
94000	61 74 20 6c 6f 6f 6b 73 20 6c 69 6b 65 20 45 42 47 50 20 62 75 74 20 62 65 68 61 76 65 73 20 6c	at.looks.like.EBGP.but.behaves.l
94020	69 6b 65 20 49 42 47 50 20 28 63 61 6c 6c 65 64 20 63 6f 6e 66 65 64 65 72 61 74 69 6f 6e 20 42	ike.IBGP.(called.confederation.B
94040	47 50 29 2e 20 43 6f 6e 66 65 64 65 72 61 74 69 6f 6e 20 6d 65 63 68 61 6e 69 73 6d 20 69 73 20	GP)..Confederation.mechanism.is.
94060	64 65 73 63 72 69 62 65 64 20 69 6e 20 3a 72 66 63 3a 60 35 30 36 35 60 00 41 20 42 47 50 2d 73	described.in.:rfc:`5065`.A.BGP-s
94080	70 65 61 6b 69 6e 67 20 72 6f 75 74 65 72 20 6c 69 6b 65 20 56 79 4f 53 20 63 61 6e 20 72 65 74	peaking.router.like.VyOS.can.ret
940a0	72 69 65 76 65 20 52 4f 41 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 66 72 6f 6d 20 52 50 4b 49 20	rieve.ROA.information.from.RPKI.
940c0	22 52 65 6c 79 69 6e 67 20 50 61 72 74 79 20 73 6f 66 74 77 61 72 65 22 20 28 6f 66 74 65 6e 20	"Relying.Party.software".(often.
940e0	6a 75 73 74 20 63 61 6c 6c 65 64 20 61 6e 20 22 52 50 4b 49 20 73 65 72 76 65 72 22 20 6f 72 20	just.called.an."RPKI.server".or.
94100	22 52 50 4b 49 20 76 61 6c 69 64 61 74 6f 72 22 29 20 62 79 20 75 73 69 6e 67 20 3a 61 62 62 72	"RPKI.validator").by.using.:abbr
94120	3a 60 52 54 52 20 28 52 50 4b 49 20 74 6f 20 52 6f 75 74 65 72 29 60 20 70 72 6f 74 6f 63 6f 6c	:`RTR.(RPKI.to.Router)`.protocol
94140	2e 20 54 68 65 72 65 20 61 72 65 20 73 65 76 65 72 61 6c 20 6f 70 65 6e 20 73 6f 75 72 63 65 20	..There.are.several.open.source.
94160	69 6d 70 6c 65 6d 65 6e 74 61 74 69 6f 6e 73 20 74 6f 20 63 68 6f 6f 73 65 20 66 72 6f 6d 2c 20	implementations.to.choose.from,.
94180	73 75 63 68 20 61 73 20 4e 4c 4e 65 74 4c 61 62 73 27 20 52 6f 75 74 69 6e 61 74 6f 72 5f 20 28	such.as.NLNetLabs'.Routinator_.(
941a0	77 72 69 74 74 65 6e 20 69 6e 20 52 75 73 74 29 2c 20 43 6c 6f 75 64 66 6c 61 72 65 27 73 20 47	written.in.Rust),.Cloudflare's.G
941c0	6f 52 54 52 5f 20 61 6e 64 20 4f 63 74 6f 52 50 4b 49 5f 20 28 77 72 69 74 74 65 6e 20 69 6e 20	oRTR_.and.OctoRPKI_.(written.in.
941e0	47 6f 29 2c 20 61 6e 64 20 52 49 50 45 20 4e 43 43 27 73 20 52 50 4b 49 20 56 61 6c 69 64 61 74	Go),.and.RIPE.NCC's.RPKI.Validat
94200	6f 72 5f 20 28 77 72 69 74 74 65 6e 20 69 6e 20 4a 61 76 61 29 2e 20 54 68 65 20 52 54 52 20 70	or_.(written.in.Java)..The.RTR.p
94220	72 6f 74 6f 63 6f 6c 20 69 73 20 64 65 73 63 72 69 62 65 64 20 69 6e 20 3a 72 66 63 3a 60 38 32	rotocol.is.described.in.:rfc:`82
94240	31 30 60 2e 00 41 20 42 72 69 64 67 65 20 69 73 20 61 20 77 61 79 20 74 6f 20 63 6f 6e 6e 65 63	10`..A.Bridge.is.a.way.to.connec
94260	74 20 74 77 6f 20 45 74 68 65 72 6e 65 74 20 73 65 67 6d 65 6e 74 73 20 74 6f 67 65 74 68 65 72	t.two.Ethernet.segments.together
94280	20 69 6e 20 61 20 70 72 6f 74 6f 63 6f 6c 20 69 6e 64 65 70 65 6e 64 65 6e 74 20 77 61 79 2e 20	.in.a.protocol.independent.way..
942a0	50 61 63 6b 65 74 73 20 61 72 65 20 66 6f 72 77 61 72 64 65 64 20 62 61 73 65 64 20 6f 6e 20 45	Packets.are.forwarded.based.on.E
942c0	74 68 65 72 6e 65 74 20 61 64 64 72 65 73 73 2c 20 72 61 74 68 65 72 20 74 68 61 6e 20 49 50 20	thernet.address,.rather.than.IP.
942e0	61 64 64 72 65 73 73 20 28 6c 69 6b 65 20 61 20 72 6f 75 74 65 72 29 2e 20 53 69 6e 63 65 20 66	address.(like.a.router)..Since.f
94300	6f 72 77 61 72 64 69 6e 67 20 69 73 20 64 6f 6e 65 20 61 74 20 4c 61 79 65 72 20 32 2c 20 61 6c	orwarding.is.done.at.Layer.2,.al
94320	6c 20 70 72 6f 74 6f 63 6f 6c 73 20 63 61 6e 20 67 6f 20 74 72 61 6e 73 70 61 72 65 6e 74 6c 79	l.protocols.can.go.transparently
94340	20 74 68 72 6f 75 67 68 20 61 20 62 72 69 64 67 65 2e 20 54 68 65 20 4c 69 6e 75 78 20 62 72 69	.through.a.bridge..The.Linux.bri
94360	64 67 65 20 63 6f 64 65 20 69 6d 70 6c 65 6d 65 6e 74 73 20 61 20 73 75 62 73 65 74 20 6f 66 20	dge.code.implements.a.subset.of.
94380	74 68 65 20 41 4e 53 49 2f 49 45 45 45 20 38 30 32 2e 31 64 20 73 74 61 6e 64 61 72 64 2e 00 41	the.ANSI/IEEE.802.1d.standard..A
943a0	20 47 52 45 20 74 75 6e 6e 65 6c 20 6f 70 65 72 61 74 65 73 20 61 74 20 6c 61 79 65 72 20 33 20	.GRE.tunnel.operates.at.layer.3.
943c0	6f 66 20 74 68 65 20 4f 53 49 20 6d 6f 64 65 6c 20 61 6e 64 20 69 73 20 72 65 70 72 65 73 65 6e	of.the.OSI.model.and.is.represen
943e0	74 65 64 20 62 79 20 49 50 20 70 72 6f 74 6f 63 6f 6c 20 34 37 2e 20 54 68 65 20 6d 61 69 6e 20	ted.by.IP.protocol.47..The.main.
94400	62 65 6e 65 66 69 74 20 6f 66 20 61 20 47 52 45 20 74 75 6e 6e 65 6c 20 69 73 20 74 68 61 74 20	benefit.of.a.GRE.tunnel.is.that.
94420	79 6f 75 20 61 72 65 20 61 62 6c 65 20 74 6f 20 63 61 72 72 79 20 6d 75 6c 74 69 70 6c 65 20 70	you.are.able.to.carry.multiple.p
94440	72 6f 74 6f 63 6f 6c 73 20 69 6e 73 69 64 65 20 74 68 65 20 73 61 6d 65 20 74 75 6e 6e 65 6c 2e	rotocols.inside.the.same.tunnel.
94460	20 47 52 45 20 61 6c 73 6f 20 73 75 70 70 6f 72 74 73 20 6d 75 6c 74 69 63 61 73 74 20 74 72 61	.GRE.also.supports.multicast.tra
94480	66 66 69 63 20 61 6e 64 20 73 75 70 70 6f 72 74 73 20 72 6f 75 74 69 6e 67 20 70 72 6f 74 6f 63	ffic.and.supports.routing.protoc
944a0	6f 6c 73 20 74 68 61 74 20 6c 65 76 65 72 61 67 65 20 6d 75 6c 74 69 63 61 73 74 20 74 6f 20 66	ols.that.leverage.multicast.to.f
944c0	6f 72 6d 20 6e 65 69 67 68 62 6f 72 20 61 64 6a 61 63 65 6e 63 69 65 73 2e 00 41 20 52 75 6c 65	orm.neighbor.adjacencies..A.Rule
944e0	2d 53 65 74 20 63 61 6e 20 62 65 20 61 70 70 6c 69 65 64 20 74 6f 20 65 76 65 72 79 20 69 6e 74	-Set.can.be.applied.to.every.int
94500	65 72 66 61 63 65 3a 00 41 20 53 4e 54 50 20 73 65 72 76 65 72 20 61 64 64 72 65 73 73 20 63 61	erface:.A.SNTP.server.address.ca
94520	6e 20 62 65 20 73 70 65 63 69 66 69 65 64 20 66 6f 72 20 44 48 43 50 76 36 20 63 6c 69 65 6e 74	n.be.specified.for.DHCPv6.client
94540	73 2e 00 41 20 56 52 46 20 64 65 76 69 63 65 20 69 73 20 63 72 65 61 74 65 64 20 77 69 74 68 20	s..A.VRF.device.is.created.with.
94560	61 6e 20 61 73 73 6f 63 69 61 74 65 64 20 72 6f 75 74 65 20 74 61 62 6c 65 2e 20 4e 65 74 77 6f	an.associated.route.table..Netwo
94580	72 6b 20 69 6e 74 65 72 66 61 63 65 73 20 61 72 65 20 74 68 65 6e 20 65 6e 73 6c 61 76 65 64 20	rk.interfaces.are.then.enslaved.
945a0	74 6f 20 61 20 56 52 46 20 64 65 76 69 63 65 2e 00 41 20 56 79 4f 53 20 47 52 45 20 74 75 6e 6e	to.a.VRF.device..A.VyOS.GRE.tunn
945c0	65 6c 20 63 61 6e 20 63 61 72 72 79 20 62 6f 74 68 20 49 50 76 34 20 61 6e 64 20 49 50 76 36 20	el.can.carry.both.IPv4.and.IPv6.
945e0	74 72 61 66 66 69 63 20 61 6e 64 20 63 61 6e 20 61 6c 73 6f 20 62 65 20 63 72 65 61 74 65 64 20	traffic.and.can.also.be.created.
94600	6f 76 65 72 20 65 69 74 68 65 72 20 49 50 76 34 20 28 67 72 65 29 20 6f 72 20 49 50 76 36 20 28	over.either.IPv4.(gre).or.IPv6.(
94620	69 70 36 67 72 65 29 2e 00 41 20 56 79 4f 53 20 72 6f 75 74 65 72 20 77 69 74 68 20 74 77 6f 20	ip6gre)..A.VyOS.router.with.two.
94640	69 6e 74 65 72 66 61 63 65 73 20 2d 20 65 74 68 30 20 28 57 41 4e 29 20 61 6e 64 20 65 74 68 31	interfaces.-.eth0.(WAN).and.eth1
94660	20 28 4c 41 4e 29 20 2d 20 69 73 20 72 65 71 75 69 72 65 64 20 74 6f 20 69 6d 70 6c 65 6d 65 6e	.(LAN).-.is.required.to.implemen
94680	74 20 61 20 73 70 6c 69 74 2d 68 6f 72 69 7a 6f 6e 20 44 4e 53 20 63 6f 6e 66 69 67 75 72 61 74	t.a.split-horizon.DNS.configurat
946a0	69 6f 6e 20 66 6f 72 20 65 78 61 6d 70 6c 65 2e 63 6f 6d 2e 00 41 20 62 61 73 69 63 20 63 6f 6e	ion.for.example.com..A.basic.con
946c0	66 69 67 75 72 61 74 69 6f 6e 20 72 65 71 75 69 72 65 73 20 61 20 74 75 6e 6e 65 6c 20 73 6f 75	figuration.requires.a.tunnel.sou
946e0	72 63 65 20 28 73 6f 75 72 63 65 2d 61 64 64 72 65 73 73 29 2c 20 61 20 74 75 6e 6e 65 6c 20 64	rce.(source-address),.a.tunnel.d
94700	65 73 74 69 6e 61 74 69 6f 6e 20 28 72 65 6d 6f 74 65 29 2c 20 61 6e 20 65 6e 63 61 70 73 75 6c	estination.(remote),.an.encapsul
94720	61 74 69 6f 6e 20 74 79 70 65 20 28 67 72 65 29 2c 20 61 6e 64 20 61 6e 20 61 64 64 72 65 73 73	ation.type.(gre),.and.an.address
94740	20 28 69 70 76 34 2f 69 70 76 36 29 2e 20 42 65 6c 6f 77 20 69 73 20 61 20 62 61 73 69 63 20 49	.(ipv4/ipv6)..Below.is.a.basic.I
94760	50 76 34 20 6f 6e 6c 79 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 65 78 61 6d 70 6c 65 20 74	Pv4.only.configuration.example.t
94780	61 6b 65 6e 20 66 72 6f 6d 20 61 20 56 79 4f 53 20 72 6f 75 74 65 72 20 61 6e 64 20 61 20 43 69	aken.from.a.VyOS.router.and.a.Ci
947a0	73 63 6f 20 49 4f 53 20 72 6f 75 74 65 72 2e 20 54 68 65 20 6d 61 69 6e 20 64 69 66 66 65 72 65	sco.IOS.router..The.main.differe
947c0	6e 63 65 20 62 65 74 77 65 65 6e 20 74 68 65 73 65 20 74 77 6f 20 63 6f 6e 66 69 67 75 72 61 74	nce.between.these.two.configurat
947e0	69 6f 6e 73 20 69 73 20 74 68 61 74 20 56 79 4f 53 20 72 65 71 75 69 72 65 73 20 79 6f 75 20 65	ions.is.that.VyOS.requires.you.e
94800	78 70 6c 69 63 69 74 6c 79 20 63 6f 6e 66 69 67 75 72 65 20 74 68 65 20 65 6e 63 61 70 73 75 6c	xplicitly.configure.the.encapsul
94820	61 74 69 6f 6e 20 74 79 70 65 2e 20 54 68 65 20 43 69 73 63 6f 20 72 6f 75 74 65 72 20 64 65 66	ation.type..The.Cisco.router.def
94840	61 75 6c 74 73 20 74 6f 20 47 52 45 20 49 50 20 6f 74 68 65 72 77 69 73 65 20 69 74 20 77 6f 75	aults.to.GRE.IP.otherwise.it.wou
94860	6c 64 20 68 61 76 65 20 74 6f 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 77 65 6c 6c	ld.have.to.be.configured.as.well
94880	2e 00 41 20 62 61 73 69 63 20 69 6e 74 72 6f 64 75 63 74 69 6f 6e 20 74 6f 20 7a 6f 6e 65 2d 62	..A.basic.introduction.to.zone-b
948a0	61 73 65 64 20 66 69 72 65 77 61 6c 6c 73 20 63 61 6e 20 62 65 20 66 6f 75 6e 64 20 60 68 65 72	ased.firewalls.can.be.found.`her
948c0	65 20 3c 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 76 79 6f 73 2e 69 6f 2f 65 6e 2f 6b 62	e.<https://support.vyos.io/en/kb
948e0	2f 61 72 74 69 63 6c 65 73 2f 61 2d 70 72 69 6d 65 72 2d 74 6f 2d 7a 6f 6e 65 2d 62 61 73 65 64	/articles/a-primer-to-zone-based
94900	2d 66 69 72 65 77 61 6c 6c 3e 60 5f 2c 20 61 6e 64 20 61 6e 20 65 78 61 6d 70 6c 65 20 61 74 20	-firewall>`_,.and.an.example.at.
94920	3a 72 65 66 3a 60 65 78 61 6d 70 6c 65 73 2d 7a 6f 6e 65 2d 70 6f 6c 69 63 79 60 2e 00 41 20 62	:ref:`examples-zone-policy`..A.b
94940	72 69 64 67 65 20 6e 61 6d 65 64 20 60 62 72 31 30 30 60 00 41 20 63 6c 61 73 73 20 63 61 6e 20	ridge.named.`br100`.A.class.can.
94960	68 61 76 65 20 6d 75 6c 74 69 70 6c 65 20 6d 61 74 63 68 20 66 69 6c 74 65 72 73 3a 00 41 20 63	have.multiple.match.filters:.A.c
94980	6f 6d 6d 6f 6e 20 65 78 61 6d 70 6c 65 20 69 73 20 74 68 65 20 63 61 73 65 20 6f 66 20 73 6f 6d	ommon.example.is.the.case.of.som
949a0	65 20 70 6f 6c 69 63 69 65 73 20 77 68 69 63 68 2c 20 69 6e 20 6f 72 64 65 72 20 74 6f 20 62 65	e.policies.which,.in.order.to.be
949c0	20 65 66 66 65 63 74 69 76 65 2c 20 74 68 65 79 20 6e 65 65 64 20 74 6f 20 62 65 20 61 70 70 6c	.effective,.they.need.to.be.appl
949e0	69 65 64 20 74 6f 20 61 6e 20 69 6e 74 65 72 66 61 63 65 20 74 68 61 74 20 69 73 20 64 69 72 65	ied.to.an.interface.that.is.dire
94a00	63 74 6c 79 20 63 6f 6e 6e 65 63 74 65 64 20 77 68 65 72 65 20 74 68 65 20 62 6f 74 74 6c 65 6e	ctly.connected.where.the.bottlen
94a20	65 63 6b 20 69 73 2e 20 49 66 20 79 6f 75 72 20 72 6f 75 74 65 72 20 69 73 20 6e 6f 74 20 64 69	eck.is..If.your.router.is.not.di
94a40	72 65 63 74 6c 79 20 63 6f 6e 6e 65 63 74 65 64 20 74 6f 20 74 68 65 20 62 6f 74 74 6c 65 6e 65	rectly.connected.to.the.bottlene
94a60	63 6b 2c 20 62 75 74 20 73 6f 6d 65 20 68 6f 70 20 62 65 66 6f 72 65 20 69 74 2c 20 79 6f 75 20	ck,.but.some.hop.before.it,.you.
94a80	63 61 6e 20 65 6d 75 6c 61 74 65 20 74 68 65 20 62 6f 74 74 6c 65 6e 65 63 6b 20 62 79 20 65 6d	can.emulate.the.bottleneck.by.em
94aa0	62 65 64 64 69 6e 67 20 79 6f 75 72 20 6e 6f 6e 2d 73 68 61 70 69 6e 67 20 70 6f 6c 69 63 79 20	bedding.your.non-shaping.policy.
94ac0	69 6e 74 6f 20 61 20 63 6c 61 73 73 66 75 6c 20 73 68 61 70 69 6e 67 20 6f 6e 65 20 73 6f 20 74	into.a.classful.shaping.one.so.t
94ae0	68 61 74 20 69 74 20 74 61 6b 65 73 20 65 66 66 65 63 74 2e 00 41 20 63 6f 6d 70 6c 65 74 65 20	hat.it.takes.effect..A.complete.
94b00	4c 44 41 50 20 61 75 74 68 20 4f 70 65 6e 56 50 4e 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20	LDAP.auth.OpenVPN.configuration.
94b20	63 6f 75 6c 64 20 6c 6f 6f 6b 20 6c 69 6b 65 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 65 78	could.look.like.the.following.ex
94b40	61 6d 70 6c 65 3a 00 41 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 61 74 74 65 6d 70 74 20 77 69 6c 6c	ample:.A.connection.attempt.will
94b60	20 62 65 20 73 68 6f 77 6e 20 61 73 3a 00 41 20 64 65 66 61 75 6c 74 20 72 6f 75 74 65 20 69 73	.be.shown.as:.A.default.route.is
94b80	20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 69 6e 73 74 61 6c 6c 65 64 20 6f 6e 63 65 20 74 68	.automatically.installed.once.th
94ba0	65 20 69 6e 74 65 72 66 61 63 65 20 69 73 20 75 70 2e 20 54 6f 20 63 68 61 6e 67 65 20 74 68 69	e.interface.is.up..To.change.thi
94bc0	73 20 62 65 68 61 76 69 6f 72 20 75 73 65 20 74 68 65 20 60 60 6e 6f 2d 64 65 66 61 75 6c 74 2d	s.behavior.use.the.``no-default-
94be0	72 6f 75 74 65 60 60 20 43 4c 49 20 6f 70 74 69 6f 6e 2e 00 41 20 64 65 73 63 72 69 70 74 69 6f	route``.CLI.option..A.descriptio
94c00	6e 20 63 61 6e 20 62 65 20 61 64 64 65 64 20 66 6f 72 20 65 61 63 68 20 61 6e 64 20 65 76 65 72	n.can.be.added.for.each.and.ever
94c20	79 20 75 6e 69 71 75 65 20 72 65 6c 61 79 20 49 44 2e 20 54 68 69 73 20 69 73 20 75 73 65 66 75	y.unique.relay.ID..This.is.usefu
94c40	6c 20 74 6f 20 64 69 73 74 69 6e 67 75 69 73 68 20 62 65 74 77 65 65 6e 20 6d 75 6c 74 69 70 6c	l.to.distinguish.between.multipl
94c60	65 20 64 69 66 66 65 72 65 6e 74 20 70 6f 72 74 73 2f 61 70 70 6c 69 61 63 74 69 6f 6e 73 2e 00	e.different.ports/appliactions..
94c80	41 20 64 69 73 61 62 6c 65 64 20 67 72 6f 75 70 20 77 69 6c 6c 20 62 65 20 72 65 6d 6f 76 65 64	A.disabled.group.will.be.removed
94ca0	20 66 72 6f 6d 20 74 68 65 20 56 52 52 50 20 70 72 6f 63 65 73 73 20 61 6e 64 20 79 6f 75 72 20	.from.the.VRRP.process.and.your.
94cc0	72 6f 75 74 65 72 20 77 69 6c 6c 20 6e 6f 74 20 70 61 72 74 69 63 69 70 61 74 65 20 69 6e 20 56	router.will.not.participate.in.V
94ce0	52 52 50 20 66 6f 72 20 74 68 61 74 20 56 52 49 44 2e 20 49 74 20 77 69 6c 6c 20 64 69 73 61 70	RRP.for.that.VRID..It.will.disap
94d00	70 65 61 72 20 66 72 6f 6d 20 6f 70 65 72 61 74 69 6f 6e 61 6c 20 6d 6f 64 65 20 63 6f 6d 6d 61	pear.from.operational.mode.comma
94d20	6e 64 73 20 6f 75 74 70 75 74 2c 20 72 61 74 68 65 72 20 74 68 61 6e 20 65 6e 74 65 72 20 74 68	nds.output,.rather.than.enter.th
94d40	65 20 62 61 63 6b 75 70 20 73 74 61 74 65 2e 00 41 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 20 69 73	e.backup.state..A.domain.name.is
94d60	20 74 68 65 20 6c 61 62 65 6c 20 28 6e 61 6d 65 29 20 61 73 73 69 67 6e 65 64 20 74 6f 20 61 20	.the.label.(name).assigned.to.a.
94d80	63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 61 6e 64 20 69 73 20 74 68 75 73 20 75 6e 69	computer.network.and.is.thus.uni
94da0	71 75 65 2e 20 56 79 4f 53 20 61 70 70 65 6e 64 73 20 74 68 65 20 64 6f 6d 61 69 6e 20 6e 61 6d	que..VyOS.appends.the.domain.nam
94dc0	65 20 61 73 20 61 20 73 75 66 66 69 78 20 74 6f 20 61 6e 79 20 75 6e 71 75 61 6c 69 66 69 65 64	e.as.a.suffix.to.any.unqualified
94de0	20 6e 61 6d 65 2e 20 46 6f 72 20 65 78 61 6d 70 6c 65 2c 20 69 66 20 79 6f 75 20 73 65 74 20 74	.name..For.example,.if.you.set.t
94e00	68 65 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 20 60 65 78 61 6d 70 6c 65 2e 63 6f 6d 60 2c 20 61 6e	he.domain.name.`example.com`,.an
94e20	64 20 79 6f 75 20 77 6f 75 6c 64 20 70 69 6e 67 20 74 68 65 20 75 6e 71 75 61 6c 69 66 69 65 64	d.you.would.ping.the.unqualified
94e40	20 6e 61 6d 65 20 6f 66 20 60 63 72 75 78 60 2c 20 74 68 65 6e 20 56 79 4f 53 20 71 75 61 6c 69	.name.of.`crux`,.then.VyOS.quali
94e60	66 69 65 73 20 74 68 65 20 6e 61 6d 65 20 74 6f 20 60 63 72 75 78 2e 65 78 61 6d 70 6c 65 2e 63	fies.the.name.to.`crux.example.c
94e80	6f 6d 60 2e 00 41 20 64 75 6d 6d 79 20 69 6e 74 65 72 66 61 63 65 20 66 6f 72 20 74 68 65 20 70	om`..A.dummy.interface.for.the.p
94ea0	72 6f 76 69 64 65 72 2d 61 73 73 69 67 6e 65 64 20 49 50 3b 00 41 20 66 69 72 65 77 61 6c 6c 20	rovider-assigned.IP;.A.firewall.
94ec0	6d 61 72 6b 20 60 60 66 77 6d 61 72 6b 60 60 20 61 6c 6c 6f 77 73 20 75 73 69 6e 67 20 6d 75 6c	mark.``fwmark``.allows.using.mul
94ee0	74 69 70 6c 65 20 70 6f 72 74 73 20 66 6f 72 20 68 69 67 68 2d 61 76 61 69 6c 61 62 69 6c 69 74	tiple.ports.for.high-availabilit
94f00	79 20 76 69 72 74 75 61 6c 2d 73 65 72 76 65 72 2e 20 49 74 20 75 73 65 73 20 66 77 6d 61 72 6b	y.virtual-server..It.uses.fwmark
94f20	20 76 61 6c 75 65 2e 00 41 20 66 75 6c 6c 20 65 78 61 6d 70 6c 65 20 6f 66 20 61 20 54 75 6e 6e	.value..A.full.example.of.a.Tunn
94f40	65 6c 62 72 6f 6b 65 72 2e 6e 65 74 20 63 6f 6e 66 69 67 20 63 61 6e 20 62 65 20 66 6f 75 6e 64	elbroker.net.config.can.be.found
94f60	20 61 74 20 3a 72 65 66 3a 60 68 65 72 65 20 3c 65 78 61 6d 70 6c 65 73 2d 74 75 6e 6e 65 6c 62	.at.:ref:`here.<examples-tunnelb
94f80	72 6f 6b 65 72 2d 69 70 76 36 3e 60 2e 00 41 20 67 65 6e 65 72 69 63 20 60 3c 6e 61 6d 65 3e 60	roker-ipv6>`..A.generic.`<name>`
94fa0	20 72 65 66 65 72 65 6e 63 69 6e 67 20 74 68 69 73 20 73 79 6e 63 20 73 65 72 76 69 63 65 2e 00	.referencing.this.sync.service..
94fc0	41 20 68 6f 73 74 6e 61 6d 65 20 69 73 20 74 68 65 20 6c 61 62 65 6c 20 28 6e 61 6d 65 29 20 61	A.hostname.is.the.label.(name).a
94fe0	73 73 69 67 6e 65 64 20 74 6f 20 61 20 6e 65 74 77 6f 72 6b 20 64 65 76 69 63 65 20 28 61 20 68	ssigned.to.a.network.device.(a.h
95000	6f 73 74 29 20 6f 6e 20 61 20 6e 65 74 77 6f 72 6b 20 61 6e 64 20 69 73 20 75 73 65 64 20 74 6f	ost).on.a.network.and.is.used.to
95020	20 64 69 73 74 69 6e 67 75 69 73 68 20 6f 6e 65 20 64 65 76 69 63 65 20 66 72 6f 6d 20 61 6e 6f	.distinguish.one.device.from.ano
95040	74 68 65 72 20 6f 6e 20 73 70 65 63 69 66 69 63 20 6e 65 74 77 6f 72 6b 73 20 6f 72 20 6f 76 65	ther.on.specific.networks.or.ove
95060	72 20 74 68 65 20 69 6e 74 65 72 6e 65 74 2e 20 4f 6e 20 74 68 65 20 6f 74 68 65 72 20 68 61 6e	r.the.internet..On.the.other.han
95080	64 20 74 68 69 73 20 77 69 6c 6c 20 62 65 20 74 68 65 20 6e 61 6d 65 20 77 68 69 63 68 20 61 70	d.this.will.be.the.name.which.ap
950a0	70 65 61 72 73 20 6f 6e 20 74 68 65 20 63 6f 6d 6d 61 6e 64 20 6c 69 6e 65 20 70 72 6f 6d 70 74	pears.on.the.command.line.prompt
950c0	2e 00 41 20 68 75 6d 61 6e 20 72 65 61 64 61 62 6c 65 20 64 65 73 63 72 69 70 74 69 6f 6e 20 77	..A.human.readable.description.w
950e0	68 61 74 20 74 68 69 73 20 43 41 20 69 73 20 61 62 6f 75 74 2e 00 41 20 68 75 6d 61 6e 20 72 65	hat.this.CA.is.about..A.human.re
95100	61 64 61 62 6c 65 20 64 65 73 63 72 69 70 74 69 6f 6e 20 77 68 61 74 20 74 68 69 73 20 63 65 72	adable.description.what.this.cer
95120	74 69 66 69 63 61 74 65 20 69 73 20 61 62 6f 75 74 2e 00 41 20 6c 6f 6f 6b 62 61 63 6b 20 69 6e	tificate.is.about..A.lookback.in
95140	74 65 72 66 61 63 65 20 69 73 20 61 6c 77 61 79 73 20 75 70 2c 20 74 68 75 73 20 69 74 20 63 6f	terface.is.always.up,.thus.it.co
95160	75 6c 64 20 62 65 20 75 73 65 64 20 66 6f 72 20 6d 61 6e 61 67 65 6d 65 6e 74 20 74 72 61 66 66	uld.be.used.for.management.traff
95180	69 63 20 6f 72 20 61 73 20 73 6f 75 72 63 65 2f 64 65 73 74 69 6e 61 74 69 6f 6e 20 66 6f 72 20	ic.or.as.source/destination.for.
951a0	61 6e 64 20 3a 61 62 62 72 3a 60 49 47 50 20 28 49 6e 74 65 72 69 6f 72 20 47 61 74 65 77 61 79	and.:abbr:`IGP.(Interior.Gateway
951c0	20 50 72 6f 74 6f 63 6f 6c 29 60 20 6c 69 6b 65 20 3a 72 65 66 3a 60 72 6f 75 74 69 6e 67 2d 62	.Protocol)`.like.:ref:`routing-b
951e0	67 70 60 20 73 6f 20 79 6f 75 72 20 69 6e 74 65 72 6e 61 6c 20 42 47 50 20 6c 69 6e 6b 20 69 73	gp`.so.your.internal.BGP.link.is
95200	20 6e 6f 74 20 64 65 70 65 6e 64 65 6e 74 20 6f 6e 20 70 68 79 73 69 63 61 6c 20 6c 69 6e 6b 20	.not.dependent.on.physical.link.
95220	73 74 61 74 65 73 20 61 6e 64 20 6d 75 6c 74 69 70 6c 65 20 72 6f 75 74 65 73 20 63 61 6e 20 62	states.and.multiple.routes.can.b
95240	65 20 63 68 6f 73 65 6e 20 74 6f 20 74 68 65 20 64 65 73 74 69 6e 61 74 69 6f 6e 2e 20 41 20 3a	e.chosen.to.the.destination..A.:
95260	72 65 66 3a 60 64 75 6d 6d 79 2d 69 6e 74 65 72 66 61 63 65 60 20 49 6e 74 65 72 66 61 63 65 20	ref:`dummy-interface`.Interface.
95280	73 68 6f 75 6c 64 20 61 6c 77 61 79 73 20 62 65 20 70 72 65 66 65 72 72 65 64 20 6f 76 65 72 20	should.always.be.preferred.over.
952a0	61 20 3a 72 65 66 3a 60 6c 6f 6f 70 62 61 63 6b 2d 69 6e 74 65 72 66 61 63 65 60 20 69 6e 74 65	a.:ref:`loopback-interface`.inte
952c0	72 66 61 63 65 2e 00 41 20 6d 61 6e 61 67 65 64 20 64 65 76 69 63 65 20 69 73 20 61 20 6e 65 74	rface..A.managed.device.is.a.net
952e0	77 6f 72 6b 20 6e 6f 64 65 20 74 68 61 74 20 69 6d 70 6c 65 6d 65 6e 74 73 20 61 6e 20 53 4e 4d	work.node.that.implements.an.SNM
95300	50 20 69 6e 74 65 72 66 61 63 65 20 74 68 61 74 20 61 6c 6c 6f 77 73 20 75 6e 69 64 69 72 65 63	P.interface.that.allows.unidirec
95320	74 69 6f 6e 61 6c 20 28 72 65 61 64 2d 6f 6e 6c 79 29 20 6f 72 20 62 69 64 69 72 65 63 74 69 6f	tional.(read-only).or.bidirectio
95340	6e 61 6c 20 28 72 65 61 64 20 61 6e 64 20 77 72 69 74 65 29 20 61 63 63 65 73 73 20 74 6f 20 6e	nal.(read.and.write).access.to.n
95360	6f 64 65 2d 73 70 65 63 69 66 69 63 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 20 4d 61 6e 61 67 65	ode-specific.information..Manage
95380	64 20 64 65 76 69 63 65 73 20 65 78 63 68 61 6e 67 65 20 6e 6f 64 65 2d 73 70 65 63 69 66 69 63	d.devices.exchange.node-specific
953a0	20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 77 69 74 68 20 74 68 65 20 4e 4d 53 73 2e 20 53 6f 6d 65	.information.with.the.NMSs..Some
953c0	74 69 6d 65 73 20 63 61 6c 6c 65 64 20 6e 65 74 77 6f 72 6b 20 65 6c 65 6d 65 6e 74 73 2c 20 74	times.called.network.elements,.t
953e0	68 65 20 6d 61 6e 61 67 65 64 20 64 65 76 69 63 65 73 20 63 61 6e 20 62 65 20 61 6e 79 20 74 79	he.managed.devices.can.be.any.ty
95400	70 65 20 6f 66 20 64 65 76 69 63 65 2c 20 69 6e 63 6c 75 64 69 6e 67 2c 20 62 75 74 20 6e 6f 74	pe.of.device,.including,.but.not
95420	20 6c 69 6d 69 74 65 64 20 74 6f 2c 20 72 6f 75 74 65 72 73 2c 20 61 63 63 65 73 73 20 73 65 72	.limited.to,.routers,.access.ser
95440	76 65 72 73 2c 20 73 77 69 74 63 68 65 73 2c 20 63 61 62 6c 65 20 6d 6f 64 65 6d 73 2c 20 62 72	vers,.switches,.cable.modems,.br
95460	69 64 67 65 73 2c 20 68 75 62 73 2c 20 49 50 20 74 65 6c 65 70 68 6f 6e 65 73 2c 20 49 50 20 76	idges,.hubs,.IP.telephones,.IP.v
95480	69 64 65 6f 20 63 61 6d 65 72 61 73 2c 20 63 6f 6d 70 75 74 65 72 20 68 6f 73 74 73 2c 20 61 6e	ideo.cameras,.computer.hosts,.an
954a0	64 20 70 72 69 6e 74 65 72 73 2e 00 41 20 6d 61 74 63 68 20 66 69 6c 74 65 72 20 63 61 6e 20 63	d.printers..A.match.filter.can.c
954c0	6f 6e 74 61 69 6e 20 6d 75 6c 74 69 70 6c 65 20 63 72 69 74 65 72 69 61 20 61 6e 64 20 77 69 6c	ontain.multiple.criteria.and.wil
954e0	6c 20 6d 61 74 63 68 20 74 72 61 66 66 69 63 20 69 66 20 61 6c 6c 20 74 68 6f 73 65 20 63 72 69	l.match.traffic.if.all.those.cri
95500	74 65 72 69 61 20 61 72 65 20 74 72 75 65 2e 00 41 20 6d 6f 6e 69 74 6f 72 65 64 20 73 74 61 74	teria.are.true..A.monitored.stat
95520	69 63 20 72 6f 75 74 65 20 63 6f 6e 64 69 74 69 6f 6e 73 20 74 68 65 20 69 6e 73 74 61 6c 6c 61	ic.route.conditions.the.installa
95540	74 69 6f 6e 20 74 6f 20 74 68 65 20 52 49 42 20 6f 6e 20 74 68 65 20 42 46 44 20 73 65 73 73 69	tion.to.the.RIB.on.the.BFD.sessi
95560	6f 6e 20 72 75 6e 6e 69 6e 67 20 73 74 61 74 65 3a 20 77 68 65 6e 20 42 46 44 20 73 65 73 73 69	on.running.state:.when.BFD.sessi
95580	6f 6e 20 69 73 20 75 70 20 74 68 65 20 72 6f 75 74 65 20 69 73 20 69 6e 73 74 61 6c 6c 65 64 20	on.is.up.the.route.is.installed.
955a0	74 6f 20 52 49 42 2c 20 62 75 74 20 77 68 65 6e 20 74 68 65 20 42 46 44 20 73 65 73 73 69 6f 6e	to.RIB,.but.when.the.BFD.session
955c0	20 69 73 20 64 6f 77 6e 20 69 74 20 69 73 20 72 65 6d 6f 76 65 64 20 66 72 6f 6d 20 74 68 65 20	.is.down.it.is.removed.from.the.
955e0	52 49 42 2e 00 41 20 6e 65 74 77 6f 72 6b 20 6d 61 6e 61 67 65 6d 65 6e 74 20 73 74 61 74 69 6f	RIB..A.network.management.statio
95600	6e 20 65 78 65 63 75 74 65 73 20 61 70 70 6c 69 63 61 74 69 6f 6e 73 20 74 68 61 74 20 6d 6f 6e	n.executes.applications.that.mon
95620	69 74 6f 72 20 61 6e 64 20 63 6f 6e 74 72 6f 6c 20 6d 61 6e 61 67 65 64 20 64 65 76 69 63 65 73	itor.and.control.managed.devices
95640	2e 20 4e 4d 53 73 20 70 72 6f 76 69 64 65 20 74 68 65 20 62 75 6c 6b 20 6f 66 20 74 68 65 20 70	..NMSs.provide.the.bulk.of.the.p
95660	72 6f 63 65 73 73 69 6e 67 20 61 6e 64 20 6d 65 6d 6f 72 79 20 72 65 73 6f 75 72 63 65 73 20 72	rocessing.and.memory.resources.r
95680	65 71 75 69 72 65 64 20 66 6f 72 20 6e 65 74 77 6f 72 6b 20 6d 61 6e 61 67 65 6d 65 6e 74 2e 20	equired.for.network.management..
956a0	4f 6e 65 20 6f 72 20 6d 6f 72 65 20 4e 4d 53 73 20 6d 61 79 20 65 78 69 73 74 20 6f 6e 20 61 6e	One.or.more.NMSs.may.exist.on.an
956c0	79 20 6d 61 6e 61 67 65 64 20 6e 65 74 77 6f 72 6b 2e 00 41 20 6e 65 77 20 69 6e 74 65 72 66 61	y.managed.network..A.new.interfa
956e0	63 65 20 62 65 63 6f 6d 65 73 20 70 72 65 73 65 6e 74 20 60 60 50 6f 72 74 2d 63 68 61 6e 6e 65	ce.becomes.present.``Port-channe
95700	6c 31 60 60 2c 20 61 6c 6c 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6c 69 6b 65 20 61 6c 6c	l1``,.all.configuration.like.all
95720	6f 77 65 64 20 56 4c 41 4e 20 69 6e 74 65 72 66 61 63 65 73 2c 20 53 54 50 20 77 69 6c 6c 20 68	owed.VLAN.interfaces,.STP.will.h
95740	61 70 70 65 6e 20 68 65 72 65 2e 00 41 20 70 61 63 6b 65 74 20 72 61 74 65 20 6c 69 6d 69 74 20	appen.here..A.packet.rate.limit.
95760	63 61 6e 20 62 65 20 73 65 74 20 66 6f 72 20 61 20 72 75 6c 65 20 74 6f 20 61 70 70 6c 79 20 74	can.be.set.for.a.rule.to.apply.t
95780	68 65 20 72 75 6c 65 20 74 6f 20 74 72 61 66 66 69 63 20 61 62 6f 76 65 20 6f 72 20 62 65 6c 6f	he.rule.to.traffic.above.or.belo
957a0	77 20 61 20 73 70 65 63 69 66 69 65 64 20 74 68 72 65 73 68 6f 6c 64 2e 20 54 6f 20 63 6f 6e 66	w.a.specified.threshold..To.conf
957c0	69 67 75 72 65 20 74 68 65 20 72 61 74 65 20 6c 69 6d 69 74 69 6e 67 20 75 73 65 3a 00 41 20 70	igure.the.rate.limiting.use:.A.p
957e0	65 6e 61 6c 74 79 20 6f 66 20 31 30 30 30 20 69 73 20 61 73 73 65 73 73 65 64 20 65 61 63 68 20	enalty.of.1000.is.assessed.each.
95800	74 69 6d 65 20 74 68 65 20 72 6f 75 74 65 20 66 61 69 6c 73 2e 20 57 68 65 6e 20 74 68 65 20 70	time.the.route.fails..When.the.p
95820	65 6e 61 6c 74 69 65 73 20 72 65 61 63 68 20 61 20 70 72 65 64 65 66 69 6e 65 64 20 74 68 72 65	enalties.reach.a.predefined.thre
95840	73 68 6f 6c 64 20 28 73 75 70 70 72 65 73 73 2d 76 61 6c 75 65 29 2c 20 74 68 65 20 72 6f 75 74	shold.(suppress-value),.the.rout
95860	65 72 20 73 74 6f 70 73 20 61 64 76 65 72 74 69 73 69 6e 67 20 74 68 65 20 72 6f 75 74 65 2e 00	er.stops.advertising.the.route..
95880	41 20 70 68 79 73 69 63 61 6c 20 69 6e 74 65 72 66 61 63 65 20 69 73 20 72 65 71 75 69 72 65 64	A.physical.interface.is.required
958a0	20 74 6f 20 63 6f 6e 6e 65 63 74 20 74 68 69 73 20 4d 41 43 73 65 63 20 69 6e 73 74 61 6e 63 65	.to.connect.this.MACsec.instance
958c0	20 74 6f 2e 20 54 72 61 66 66 69 63 20 6c 65 61 76 69 6e 67 20 74 68 69 73 20 69 6e 74 65 72 66	.to..Traffic.leaving.this.interf
958e0	61 63 65 20 77 69 6c 6c 20 6e 6f 77 20 62 65 20 61 75 74 68 65 6e 74 69 63 61 74 65 64 2f 65 6e	ace.will.now.be.authenticated/en
95900	63 72 79 70 74 65 64 2e 00 41 20 70 6f 6f 6c 20 6f 66 20 61 64 64 72 65 73 73 65 73 20 63 61 6e	crypted..A.pool.of.addresses.can
95920	20 62 65 20 64 65 66 69 6e 65 64 20 62 79 20 75 73 69 6e 67 20 61 20 68 79 70 68 65 6e 20 62 65	.be.defined.by.using.a.hyphen.be
95940	74 77 65 65 6e 20 74 77 6f 20 49 50 20 61 64 64 72 65 73 73 65 73 3a 00 41 20 70 6f 72 74 20 63	tween.two.IP.addresses:.A.port.c
95960	61 6e 20 62 65 20 73 65 74 20 77 69 74 68 20 61 20 70 6f 72 74 20 6e 75 6d 62 65 72 20 6f 72 20	an.be.set.with.a.port.number.or.
95980	61 20 6e 61 6d 65 20 77 68 69 63 68 20 69 73 20 68 65 72 65 20 64 65 66 69 6e 65 64 3a 20 60 60	a.name.which.is.here.defined:.``
959a0	2f 65 74 63 2f 73 65 72 76 69 63 65 73 60 60 2e 00 41 20 71 75 65 72 79 20 66 6f 72 20 77 68 69	/etc/services``..A.query.for.whi
959c0	63 68 20 74 68 65 72 65 20 69 73 20 61 75 74 68 6f 72 69 74 61 74 69 76 65 6c 79 20 6e 6f 20 61	ch.there.is.authoritatively.no.a
959e0	6e 73 77 65 72 20 69 73 20 63 61 63 68 65 64 20 74 6f 20 71 75 69 63 6b 6c 79 20 64 65 6e 79 20	nswer.is.cached.to.quickly.deny.
95a00	61 20 72 65 63 6f 72 64 27 73 20 65 78 69 73 74 65 6e 63 65 20 6c 61 74 65 72 20 6f 6e 2c 20 77	a.record's.existence.later.on,.w
95a20	69 74 68 6f 75 74 20 70 75 74 74 69 6e 67 20 61 20 68 65 61 76 79 20 6c 6f 61 64 20 6f 6e 20 74	ithout.putting.a.heavy.load.on.t
95a40	68 65 20 72 65 6d 6f 74 65 20 73 65 72 76 65 72 2e 20 49 6e 20 70 72 61 63 74 69 63 65 2c 20 63	he.remote.server..In.practice,.c
95a60	61 63 68 65 73 20 63 61 6e 20 62 65 63 6f 6d 65 20 73 61 74 75 72 61 74 65 64 20 77 69 74 68 20	aches.can.become.saturated.with.
95a80	68 75 6e 64 72 65 64 73 20 6f 66 20 74 68 6f 75 73 61 6e 64 73 20 6f 66 20 68 6f 73 74 73 20 77	hundreds.of.thousands.of.hosts.w
95aa0	68 69 63 68 20 61 72 65 20 74 72 69 65 64 20 6f 6e 6c 79 20 6f 6e 63 65 2e 00 41 20 72 65 63 65	hich.are.tried.only.once..A.rece
95ac0	69 76 65 64 20 4e 48 52 50 20 54 72 61 66 66 69 63 20 49 6e 64 69 63 61 74 69 6f 6e 20 77 69 6c	ived.NHRP.Traffic.Indication.wil
95ae0	6c 20 74 72 69 67 67 65 72 20 74 68 65 20 72 65 73 6f 6c 75 74 69 6f 6e 20 61 6e 64 20 65 73 74	l.trigger.the.resolution.and.est
95b00	61 62 6c 69 73 68 6d 65 6e 74 20 6f 66 20 61 20 73 68 6f 72 74 63 75 74 20 72 6f 75 74 65 2e 00	ablishment.of.a.shortcut.route..
95b20	41 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 20 49 44 20 63 61 6e 20 6e 6f 74 20 62 65 20 6d 6f	A.routing.table.ID.can.not.be.mo
95b40	64 69 66 69 65 64 20 6f 6e 63 65 20 69 74 20 69 73 20 61 73 73 69 67 6e 65 64 2e 20 49 74 20 63	dified.once.it.is.assigned..It.c
95b60	61 6e 20 6f 6e 6c 79 20 62 65 20 63 68 61 6e 67 65 64 20 62 79 20 64 65 6c 65 74 69 6e 67 20 61	an.only.be.changed.by.deleting.a
95b80	6e 64 20 72 65 2d 61 64 64 69 6e 67 20 74 68 65 20 56 52 46 20 69 6e 73 74 61 6e 63 65 2e 00 41	nd.re-adding.the.VRF.instance..A
95ba0	20 72 75 6c 65 2d 73 65 74 20 69 73 20 61 20 6e 61 6d 65 64 20 63 6f 6c 6c 65 63 74 69 6f 6e 20	.rule-set.is.a.named.collection.
95bc0	6f 66 20 66 69 72 65 77 61 6c 6c 20 72 75 6c 65 73 20 74 68 61 74 20 63 61 6e 20 62 65 20 61 70	of.firewall.rules.that.can.be.ap
95be0	70 6c 69 65 64 20 74 6f 20 61 6e 20 69 6e 74 65 72 66 61 63 65 20 6f 72 20 61 20 7a 6f 6e 65 2e	plied.to.an.interface.or.a.zone.
95c00	20 45 61 63 68 20 72 75 6c 65 20 69 73 20 6e 75 6d 62 65 72 65 64 2c 20 68 61 73 20 61 6e 20 61	.Each.rule.is.numbered,.has.an.a
95c20	63 74 69 6f 6e 20 74 6f 20 61 70 70 6c 79 20 69 66 20 74 68 65 20 72 75 6c 65 20 69 73 20 6d 61	ction.to.apply.if.the.rule.is.ma
95c40	74 63 68 65 64 2c 20 61 6e 64 20 74 68 65 20 61 62 69 6c 69 74 79 20 74 6f 20 73 70 65 63 69 66	tched,.and.the.ability.to.specif
95c60	79 20 74 68 65 20 63 72 69 74 65 72 69 61 20 74 6f 20 6d 61 74 63 68 2e 20 44 61 74 61 20 70 61	y.the.criteria.to.match..Data.pa
95c80	63 6b 65 74 73 20 67 6f 20 74 68 72 6f 75 67 68 20 74 68 65 20 72 75 6c 65 73 20 66 72 6f 6d 20	ckets.go.through.the.rules.from.
95ca0	31 20 2d 20 39 39 39 39 39 39 2c 20 61 74 20 74 68 65 20 66 69 72 73 74 20 6d 61 74 63 68 20 74	1.-.999999,.at.the.first.match.t
95cc0	68 65 20 61 63 74 69 6f 6e 20 6f 66 20 74 68 65 20 72 75 6c 65 20 77 69 6c 6c 20 62 65 20 65 78	he.action.of.the.rule.will.be.ex
95ce0	65 63 75 74 65 64 2e 00 41 20 72 75 6c 65 2d 73 65 74 20 69 73 20 61 20 6e 61 6d 65 64 20 63 6f	ecuted..A.rule-set.is.a.named.co
95d00	6c 6c 65 63 74 69 6f 6e 20 6f 66 20 72 75 6c 65 73 20 74 68 61 74 20 63 61 6e 20 62 65 20 61 70	llection.of.rules.that.can.be.ap
95d20	70 6c 69 65 64 20 74 6f 20 61 6e 20 69 6e 74 65 72 66 61 63 65 2e 20 45 61 63 68 20 72 75 6c 65	plied.to.an.interface..Each.rule
95d40	20 69 73 20 6e 75 6d 62 65 72 65 64 2c 20 68 61 73 20 61 6e 20 61 63 74 69 6f 6e 20 74 6f 20 61	.is.numbered,.has.an.action.to.a
95d60	70 70 6c 79 20 69 66 20 74 68 65 20 72 75 6c 65 20 69 73 20 6d 61 74 63 68 65 64 2c 20 61 6e 64	pply.if.the.rule.is.matched,.and
95d80	20 74 68 65 20 61 62 69 6c 69 74 79 20 74 6f 20 73 70 65 63 69 66 79 20 74 68 65 20 63 72 69 74	.the.ability.to.specify.the.crit
95da0	65 72 69 61 20 74 6f 20 6d 61 74 63 68 2e 20 44 61 74 61 20 70 61 63 6b 65 74 73 20 67 6f 20 74	eria.to.match..Data.packets.go.t
95dc0	68 72 6f 75 67 68 20 74 68 65 20 72 75 6c 65 73 20 66 72 6f 6d 20 31 20 2d 20 39 39 39 39 39 39	hrough.the.rules.from.1.-.999999
95de0	2c 20 61 74 20 74 68 65 20 66 69 72 73 74 20 6d 61 74 63 68 20 74 68 65 20 61 63 74 69 6f 6e 20	,.at.the.first.match.the.action.
95e00	6f 66 20 74 68 65 20 72 75 6c 65 20 77 69 6c 6c 20 62 65 20 65 78 65 63 75 74 65 64 2e 00 41 20	of.the.rule.will.be.executed..A.
95e20	73 63 72 69 70 74 20 63 61 6e 20 62 65 20 72 75 6e 20 77 68 65 6e 20 61 6e 20 69 6e 74 65 72 66	script.can.be.run.when.an.interf
95e40	61 63 65 20 73 74 61 74 65 20 63 68 61 6e 67 65 20 6f 63 63 75 72 73 2e 20 53 63 72 69 70 74 73	ace.state.change.occurs..Scripts
95e60	20 61 72 65 20 72 75 6e 20 66 72 6f 6d 20 2f 63 6f 6e 66 69 67 2f 73 63 72 69 70 74 73 2c 20 66	.are.run.from./config/scripts,.f
95e80	6f 72 20 61 20 64 69 66 66 65 72 65 6e 74 20 6c 6f 63 61 74 69 6f 6e 20 73 70 65 63 69 66 79 20	or.a.different.location.specify.
95ea0	74 68 65 20 66 75 6c 6c 20 70 61 74 68 3a 00 41 20 73 65 67 6d 65 6e 74 20 49 44 20 74 68 61 74	the.full.path:.A.segment.ID.that
95ec0	20 63 6f 6e 74 61 69 6e 73 20 61 6e 20 49 50 20 61 64 64 72 65 73 73 20 70 72 65 66 69 78 20 63	.contains.an.IP.address.prefix.c
95ee0	61 6c 63 75 6c 61 74 65 64 20 62 79 20 61 6e 20 49 47 50 20 69 6e 20 74 68 65 20 73 65 72 76 69	alculated.by.an.IGP.in.the.servi
95f00	63 65 20 70 72 6f 76 69 64 65 72 20 63 6f 72 65 20 6e 65 74 77 6f 72 6b 2e 20 50 72 65 66 69 78	ce.provider.core.network..Prefix
95f20	20 53 49 44 73 20 61 72 65 20 67 6c 6f 62 61 6c 6c 79 20 75 6e 69 71 75 65 2c 20 74 68 69 73 20	.SIDs.are.globally.unique,.this.
95f40	76 61 6c 75 65 20 69 6e 64 65 6e 74 69 66 79 20 69 74 00 41 20 73 65 6e 64 69 6e 67 20 73 74 61	value.indentify.it.A.sending.sta
95f60	74 69 6f 6e 20 28 63 6f 6d 70 75 74 65 72 20 6f 72 20 6e 65 74 77 6f 72 6b 20 73 77 69 74 63 68	tion.(computer.or.network.switch
95f80	29 20 6d 61 79 20 62 65 20 74 72 61 6e 73 6d 69 74 74 69 6e 67 20 64 61 74 61 20 66 61 73 74 65	).may.be.transmitting.data.faste
95fa0	72 20 74 68 61 6e 20 74 68 65 20 6f 74 68 65 72 20 65 6e 64 20 6f 66 20 74 68 65 20 6c 69 6e 6b	r.than.the.other.end.of.the.link
95fc0	20 63 61 6e 20 61 63 63 65 70 74 20 69 74 2e 20 55 73 69 6e 67 20 66 6c 6f 77 20 63 6f 6e 74 72	.can.accept.it..Using.flow.contr
95fe0	6f 6c 2c 20 74 68 65 20 72 65 63 65 69 76 69 6e 67 20 73 74 61 74 69 6f 6e 20 63 61 6e 20 73 69	ol,.the.receiving.station.can.si
96000	67 6e 61 6c 20 74 68 65 20 73 65 6e 64 65 72 20 72 65 71 75 65 73 74 69 6e 67 20 73 75 73 70 65	gnal.the.sender.requesting.suspe
96020	6e 73 69 6f 6e 20 6f 66 20 74 72 61 6e 73 6d 69 73 73 69 6f 6e 73 20 75 6e 74 69 6c 20 74 68 65	nsion.of.transmissions.until.the
96040	20 72 65 63 65 69 76 65 72 20 63 61 74 63 68 65 73 20 75 70 2e 00 41 20 73 68 61 72 65 64 20 6e	.receiver.catches.up..A.shared.n
96060	65 74 77 6f 72 6b 20 6e 61 6d 65 64 20 60 60 4e 45 54 31 60 60 20 73 65 72 76 65 73 20 73 75 62	etwork.named.``NET1``.serves.sub
96080	6e 65 74 20 60 60 32 30 30 31 3a 64 62 38 3a 3a 2f 36 34 60 60 00 41 20 73 69 6d 70 6c 65 20 42	net.``2001:db8::/64``.A.simple.B
960a0	47 50 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 76 69 61 20 49 50 76 36 2e 00 41 20 73 69 6d	GP.configuration.via.IPv6..A.sim
960c0	70 6c 65 20 52 61 6e 64 6f 6d 20 45 61 72 6c 79 20 44 65 74 65 63 74 69 6f 6e 20 28 52 45 44 29	ple.Random.Early.Detection.(RED)
960e0	20 70 6f 6c 69 63 79 20 77 6f 75 6c 64 20 73 74 61 72 74 20 72 61 6e 64 6f 6d 6c 79 20 64 72 6f	.policy.would.start.randomly.dro
96100	70 70 69 6e 67 20 70 61 63 6b 65 74 73 20 66 72 6f 6d 20 61 20 71 75 65 75 65 20 62 65 66 6f 72	pping.packets.from.a.queue.befor
96120	65 20 69 74 20 72 65 61 63 68 65 73 20 69 74 73 20 71 75 65 75 65 20 6c 69 6d 69 74 20 74 68 75	e.it.reaches.its.queue.limit.thu
96140	73 20 61 76 6f 69 64 69 6e 67 20 63 6f 6e 67 65 73 74 69 6f 6e 2e 20 54 68 61 74 20 69 73 20 67	s.avoiding.congestion..That.is.g
96160	6f 6f 64 20 66 6f 72 20 54 43 50 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 61 73 20 74 68 65 20 67	ood.for.TCP.connections.as.the.g
96180	72 61 64 75 61 6c 20 64 72 6f 70 70 69 6e 67 20 6f 66 20 70 61 63 6b 65 74 73 20 61 63 74 73 20	radual.dropping.of.packets.acts.
961a0	61 73 20 61 20 73 69 67 6e 61 6c 20 66 6f 72 20 74 68 65 20 73 65 6e 64 65 72 20 74 6f 20 64 65	as.a.signal.for.the.sender.to.de
961c0	63 72 65 61 73 65 20 69 74 73 20 74 72 61 6e 73 6d 69 73 73 69 6f 6e 20 72 61 74 65 2e 00 41 20	crease.its.transmission.rate..A.
961e0	73 69 6d 70 6c 65 20 65 42 47 50 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3a 00 41 20 73 69 6d	simple.eBGP.configuration:.A.sim
96200	70 6c 65 20 65 78 61 6d 70 6c 65 20 6f 66 20 53 68 61 70 65 72 20 75 73 69 6e 67 20 70 72 69 6f	ple.example.of.Shaper.using.prio
96220	72 69 74 69 65 73 2e 00 41 20 73 69 6d 70 6c 65 20 65 78 61 6d 70 6c 65 20 6f 66 20 61 6e 20 46	rities..A.simple.example.of.an.F
96240	51 2d 43 6f 44 65 6c 20 70 6f 6c 69 63 79 20 77 6f 72 6b 69 6e 67 20 69 6e 73 69 64 65 20 61 20	Q-CoDel.policy.working.inside.a.
96260	53 68 61 70 65 72 20 6f 6e 65 2e 00 41 20 73 69 6e 67 6c 65 20 69 6e 74 65 72 6e 61 6c 20 6e 65	Shaper.one..A.single.internal.ne
96280	74 77 6f 72 6b 20 61 6e 64 20 65 78 74 65 72 6e 61 6c 20 6e 65 74 77 6f 72 6b 2e 20 55 73 65 20	twork.and.external.network..Use.
962a0	74 68 65 20 4e 41 54 36 36 20 64 65 76 69 63 65 20 74 6f 20 63 6f 6e 6e 65 63 74 20 61 20 73 69	the.NAT66.device.to.connect.a.si
962c0	6e 67 6c 65 20 69 6e 74 65 72 6e 61 6c 20 6e 65 74 77 6f 72 6b 20 61 6e 64 20 70 75 62 6c 69 63	ngle.internal.network.and.public
962e0	20 6e 65 74 77 6f 72 6b 2c 20 61 6e 64 20 74 68 65 20 68 6f 73 74 73 20 69 6e 20 74 68 65 20 69	.network,.and.the.hosts.in.the.i
96300	6e 74 65 72 6e 61 6c 20 6e 65 74 77 6f 72 6b 20 75 73 65 20 49 50 76 36 20 61 64 64 72 65 73 73	nternal.network.use.IPv6.address
96320	20 70 72 65 66 69 78 65 73 20 74 68 61 74 20 6f 6e 6c 79 20 73 75 70 70 6f 72 74 20 72 6f 75 74	.prefixes.that.only.support.rout
96340	69 6e 67 20 77 69 74 68 69 6e 20 74 68 65 20 6c 6f 63 61 6c 20 72 61 6e 67 65 2e 20 57 68 65 6e	ing.within.the.local.range..When
96360	20 61 20 68 6f 73 74 20 69 6e 20 74 68 65 20 69 6e 74 65 72 6e 61 6c 20 6e 65 74 77 6f 72 6b 20	.a.host.in.the.internal.network.
96380	61 63 63 65 73 73 65 73 20 74 68 65 20 65 78 74 65 72 6e 61 6c 20 6e 65 74 77 6f 72 6b 2c 20 74	accesses.the.external.network,.t
963a0	68 65 20 73 6f 75 72 63 65 20 49 50 76 36 20 61 64 64 72 65 73 73 20 70 72 65 66 69 78 20 69 6e	he.source.IPv6.address.prefix.in
963c0	20 74 68 65 20 6d 65 73 73 61 67 65 20 77 69 6c 6c 20 62 65 20 63 6f 6e 76 65 72 74 65 64 20 69	.the.message.will.be.converted.i
963e0	6e 74 6f 20 61 20 67 6c 6f 62 61 6c 20 75 6e 69 63 61 73 74 20 49 50 76 36 20 61 64 64 72 65 73	nto.a.global.unicast.IPv6.addres
96400	73 20 70 72 65 66 69 78 20 62 79 20 74 68 65 20 4e 41 54 36 36 20 64 65 76 69 63 65 2e 00 41 20	s.prefix.by.the.NAT66.device..A.
96420	73 74 61 74 69 6f 6e 20 61 63 74 73 20 61 73 20 61 20 57 69 2d 46 69 20 63 6c 69 65 6e 74 20 61	station.acts.as.a.Wi-Fi.client.a
96440	63 63 65 73 73 69 6e 67 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 74 68 72 6f 75 67 68 20 61 6e 20	ccessing.the.network.through.an.
96460	61 76 61 69 6c 61 62 6c 65 20 57 41 50 00 41 20 73 79 6e 63 20 67 72 6f 75 70 20 61 6c 6c 6f 77	available.WAP.A.sync.group.allow
96480	73 20 56 52 52 50 20 67 72 6f 75 70 73 20 74 6f 20 74 72 61 6e 73 69 74 69 6f 6e 20 74 6f 67 65	s.VRRP.groups.to.transition.toge
964a0	74 68 65 72 2e 00 41 20 74 79 70 69 63 61 6c 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 75 73	ther..A.typical.configuration.us
964c0	69 6e 67 20 32 20 6e 6f 64 65 73 2e 00 41 20 74 79 70 69 63 61 6c 20 70 72 6f 62 6c 65 6d 20 77	ing.2.nodes..A.typical.problem.w
964e0	69 74 68 20 75 73 69 6e 67 20 4e 41 54 20 61 6e 64 20 68 6f 73 74 69 6e 67 20 70 75 62 6c 69 63	ith.using.NAT.and.hosting.public
96500	20 73 65 72 76 65 72 73 20 69 73 20 74 68 65 20 61 62 69 6c 69 74 79 20 66 6f 72 20 69 6e 74 65	.servers.is.the.ability.for.inte
96520	72 6e 61 6c 20 73 79 73 74 65 6d 73 20 74 6f 20 72 65 61 63 68 20 61 6e 20 69 6e 74 65 72 6e 61	rnal.systems.to.reach.an.interna
96540	6c 20 73 65 72 76 65 72 20 75 73 69 6e 67 20 69 74 27 73 20 65 78 74 65 72 6e 61 6c 20 49 50 20	l.server.using.it's.external.IP.
96560	61 64 64 72 65 73 73 2e 20 54 68 65 20 73 6f 6c 75 74 69 6f 6e 20 74 6f 20 74 68 69 73 20 69 73	address..The.solution.to.this.is
96580	20 75 73 75 61 6c 6c 79 20 74 68 65 20 75 73 65 20 6f 66 20 73 70 6c 69 74 2d 44 4e 53 20 74 6f	.usually.the.use.of.split-DNS.to
965a0	20 63 6f 72 72 65 63 74 6c 79 20 70 6f 69 6e 74 20 68 6f 73 74 20 73 79 73 74 65 6d 73 20 74 6f	.correctly.point.host.systems.to
965c0	20 74 68 65 20 69 6e 74 65 72 6e 61 6c 20 61 64 64 72 65 73 73 20 77 68 65 6e 20 72 65 71 75 65	.the.internal.address.when.reque
965e0	73 74 73 20 61 72 65 20 6d 61 64 65 20 69 6e 74 65 72 6e 61 6c 6c 79 2e 20 42 65 63 61 75 73 65	sts.are.made.internally..Because
96600	20 6d 61 6e 79 20 73 6d 61 6c 6c 65 72 20 6e 65 74 77 6f 72 6b 73 20 6c 61 63 6b 20 44 4e 53 20	.many.smaller.networks.lack.DNS.
96620	69 6e 66 72 61 73 74 72 75 63 74 75 72 65 2c 20 61 20 77 6f 72 6b 2d 61 72 6f 75 6e 64 20 69 73	infrastructure,.a.work-around.is
96640	20 63 6f 6d 6d 6f 6e 6c 79 20 64 65 70 6c 6f 79 65 64 20 74 6f 20 66 61 63 69 6c 69 74 61 74 65	.commonly.deployed.to.facilitate
96660	20 74 68 65 20 74 72 61 66 66 69 63 20 62 79 20 4e 41 54 69 6e 67 20 74 68 65 20 72 65 71 75 65	.the.traffic.by.NATing.the.reque
96680	73 74 20 66 72 6f 6d 20 69 6e 74 65 72 6e 61 6c 20 68 6f 73 74 73 20 74 6f 20 74 68 65 20 73 6f	st.from.internal.hosts.to.the.so
966a0	75 72 63 65 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 69 6e 74 65 72 6e 61 6c 20 69 6e 74	urce.address.of.the.internal.int
966c0	65 72 66 61 63 65 20 6f 6e 20 74 68 65 20 66 69 72 65 77 61 6c 6c 2e 00 41 20 75 73 65 72 20 66	erface.on.the.firewall..A.user.f
966e0	72 69 65 6e 64 6c 79 20 61 6c 69 61 73 20 66 6f 72 20 74 68 69 73 20 63 6f 6e 6e 65 63 74 69 6f	riendly.alias.for.this.connectio
96700	6e 2e 20 43 61 6e 20 62 65 20 75 73 65 64 20 69 6e 73 74 65 61 64 20 6f 66 20 74 68 65 20 64 65	n..Can.be.used.instead.of.the.de
96720	76 69 63 65 20 6e 61 6d 65 20 77 68 65 6e 20 63 6f 6e 6e 65 63 74 69 6e 67 2e 00 41 20 75 73 65	vice.name.when.connecting..A.use
96740	72 20 66 72 69 65 6e 64 6c 79 20 64 65 73 63 72 69 70 74 69 6f 6e 20 69 64 65 6e 74 69 66 79 69	r.friendly.description.identifyi
96760	6e 67 20 74 68 65 20 63 6f 6e 6e 65 63 74 65 64 20 70 65 72 69 70 68 65 72 61 6c 2e 00 41 20 76	ng.the.connected.peripheral..A.v
96780	61 6c 75 65 20 6f 66 20 30 20 64 69 73 61 62 6c 65 73 20 41 52 50 20 6d 6f 6e 69 74 6f 72 69 6e	alue.of.0.disables.ARP.monitorin
967a0	67 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 76 61 6c 75 65 20 69 73 20 30 2e 00 41 20 76 65 72	g..The.default.value.is.0..A.ver
967c0	79 20 73 6d 61 6c 6c 20 62 75 66 66 65 72 20 77 69 6c 6c 20 73 6f 6f 6e 20 73 74 61 72 74 20 64	y.small.buffer.will.soon.start.d
967e0	72 6f 70 70 69 6e 67 20 70 61 63 6b 65 74 73 2e 00 41 20 7a 6f 6e 65 20 6d 75 73 74 20 62 65 20	ropping.packets..A.zone.must.be.
96800	63 6f 6e 66 69 67 75 72 65 64 20 62 65 66 6f 72 65 20 61 6e 20 69 6e 74 65 72 66 61 63 65 20 69	configured.before.an.interface.i
96820	73 20 61 73 73 69 67 6e 65 64 20 74 6f 20 69 74 20 61 6e 64 20 61 6e 20 69 6e 74 65 72 66 61 63	s.assigned.to.it.and.an.interfac
96840	65 20 63 61 6e 20 62 65 20 61 73 73 69 67 6e 65 64 20 74 6f 20 6f 6e 6c 79 20 61 20 73 69 6e 67	e.can.be.assigned.to.only.a.sing
96860	6c 65 20 7a 6f 6e 65 2e 00 41 52 50 00 41 62 6f 76 65 20 63 6f 6d 6d 61 6e 64 20 77 69 6c 6c 20	le.zone..ARP.Above.command.will.
96880	75 73 65 20 60 31 30 2e 30 2e 30 2e 33 60 20 61 73 20 73 6f 75 72 63 65 20 49 50 76 34 20 61 64	use.`10.0.0.3`.as.source.IPv4.ad
968a0	64 72 65 73 73 20 66 6f 72 20 61 6c 6c 20 52 41 44 49 55 53 20 71 75 65 72 69 65 73 20 6f 6e 20	dress.for.all.RADIUS.queries.on.
968c0	74 68 69 73 20 4e 41 53 2e 00 41 63 63 65 6c 65 72 61 74 69 6f 6e 00 41 63 63 65 70 74 20 53 53	this.NAS..Acceleration.Accept.SS
968e0	48 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 66 6f 72 20 74 68 65 20 67 69 76 65 6e 20 60 3c 64 65	H.connections.for.the.given.`<de
96900	76 69 63 65 3e 60 20 6f 6e 20 54 43 50 20 70 6f 72 74 20 60 3c 70 6f 72 74 3e 60 2e 20 41 66 74	vice>`.on.TCP.port.`<port>`..Aft
96920	65 72 20 73 75 63 63 65 73 73 66 75 6c 6c 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 74 68	er.successfull.authentication.th
96940	65 20 75 73 65 72 20 77 69 6c 6c 20 62 65 20 64 69 72 65 63 74 6c 79 20 64 72 6f 70 70 65 64 20	e.user.will.be.directly.dropped.
96960	74 6f 20 74 68 65 20 63 6f 6e 6e 65 63 74 65 64 20 73 65 72 69 61 6c 20 64 65 76 69 63 65 2e 00	to.the.connected.serial.device..
96980	41 63 63 65 70 74 20 6f 6e 6c 79 20 63 65 72 74 61 69 6e 20 70 72 6f 74 6f 63 6f 6c 73 3a 20 59	Accept.only.certain.protocols:.Y
969a0	6f 75 20 6d 61 79 20 77 61 6e 74 20 74 6f 20 72 65 70 6c 69 63 61 74 65 20 74 68 65 20 73 74 61	ou.may.want.to.replicate.the.sta
969c0	74 65 20 6f 66 20 66 6c 6f 77 73 20 64 65 70 65 6e 64 69 6e 67 20 6f 6e 20 74 68 65 69 72 20 6c	te.of.flows.depending.on.their.l
969e0	61 79 65 72 20 34 20 70 72 6f 74 6f 63 6f 6c 2e 00 41 63 63 65 73 73 20 4c 69 73 74 20 50 6f 6c	ayer.4.protocol..Access.List.Pol
96a00	69 63 79 00 41 63 63 65 73 73 20 4c 69 73 74 73 00 41 63 74 69 6f 6e 20 6d 75 73 74 20 62 65 20	icy.Access.Lists.Action.must.be.
96a20	74 61 6b 65 6e 20 69 6d 6d 65 64 69 61 74 65 6c 79 20 2d 20 41 20 63 6f 6e 64 69 74 69 6f 6e 20	taken.immediately.-.A.condition.
96a40	74 68 61 74 20 73 68 6f 75 6c 64 20 62 65 20 63 6f 72 72 65 63 74 65 64 20 69 6d 6d 65 64 69 61	that.should.be.corrected.immedia
96a60	74 65 6c 79 2c 20 73 75 63 68 20 61 73 20 61 20 63 6f 72 72 75 70 74 65 64 20 73 79 73 74 65 6d	tely,.such.as.a.corrupted.system
96a80	20 64 61 74 61 62 61 73 65 2e 00 41 63 74 69 6f 6e 20 77 68 69 63 68 20 77 69 6c 6c 20 62 65 20	.database..Action.which.will.be.
96aa0	72 75 6e 20 6f 6e 63 65 20 74 68 65 20 63 74 72 6c 2d 61 6c 74 2d 64 65 6c 20 6b 65 79 73 74 72	run.once.the.ctrl-alt-del.keystr
96ac0	6f 6b 65 20 69 73 20 72 65 63 65 69 76 65 64 2e 00 41 63 74 69 6f 6e 73 00 41 63 74 69 76 65 20	oke.is.received..Actions.Active.
96ae0	44 69 72 65 63 74 6f 72 79 00 41 63 74 69 76 65 20 68 65 61 6c 74 68 20 63 68 65 63 6b 20 62 61	Directory.Active.health.check.ba
96b00	63 6b 65 6e 64 20 73 65 72 76 65 72 00 41 64 64 20 4e 54 41 20 28 6e 65 67 61 74 69 76 65 20 74	ckend.server.Add.NTA.(negative.t
96b20	72 75 73 74 20 61 6e 63 68 6f 72 29 20 66 6f 72 20 74 68 69 73 20 64 6f 6d 61 69 6e 2e 20 54 68	rust.anchor).for.this.domain..Th
96b40	69 73 20 6d 75 73 74 20 62 65 20 73 65 74 20 69 66 20 74 68 65 20 64 6f 6d 61 69 6e 20 64 6f 65	is.must.be.set.if.the.domain.doe
96b60	73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 44 4e 53 53 45 43 2e 00 41 64 64 20 50 6f 77 65 72 20	s.not.support.DNSSEC..Add.Power.
96b80	43 6f 6e 73 74 72 61 69 6e 74 20 65 6c 65 6d 65 6e 74 20 74 6f 20 42 65 61 63 6f 6e 20 61 6e 64	Constraint.element.to.Beacon.and
96ba0	20 50 72 6f 62 65 20 52 65 73 70 6f 6e 73 65 20 66 72 61 6d 65 73 2e 00 41 64 64 20 61 20 66 6f	.Probe.Response.frames..Add.a.fo
96bc0	72 77 61 72 64 69 6e 67 20 72 75 6c 65 20 6d 61 74 63 68 69 6e 67 20 55 44 50 20 70 6f 72 74 20	rwarding.rule.matching.UDP.port.
96be0	6f 6e 20 79 6f 75 72 20 69 6e 74 65 72 6e 65 74 20 72 6f 75 74 65 72 2e 00 41 64 64 20 61 20 68	on.your.internet.router..Add.a.h
96c00	6f 73 74 20 64 65 76 69 63 65 20 74 6f 20 74 68 65 20 63 6f 6e 74 61 69 6e 65 72 2e 00 41 64 64	ost.device.to.the.container..Add
96c20	20 61 63 63 65 73 73 2d 63 6f 6e 74 72 6f 6c 20 64 69 72 65 63 74 69 76 65 20 74 6f 20 61 6c 6c	.access-control.directive.to.all
96c40	6f 77 20 6f 72 20 64 65 6e 79 20 75 73 65 72 73 20 61 6e 64 20 67 72 6f 75 70 73 2e 20 44 69 72	ow.or.deny.users.and.groups..Dir
96c60	65 63 74 69 76 65 73 20 61 72 65 20 70 72 6f 63 65 73 73 65 64 20 69 6e 20 74 68 65 20 66 6f 6c	ectives.are.processed.in.the.fol
96c80	6c 6f 77 69 6e 67 20 6f 72 64 65 72 20 6f 66 20 70 72 65 63 65 64 65 6e 63 65 3a 20 60 60 64 65	lowing.order.of.precedence:.``de
96ca0	6e 79 2d 75 73 65 72 73 60 60 2c 20 60 60 61 6c 6c 6f 77 2d 75 73 65 72 73 60 60 2c 20 60 60 64	ny-users``,.``allow-users``,.``d
96cc0	65 6e 79 2d 67 72 6f 75 70 73 60 60 20 61 6e 64 20 60 60 61 6c 6c 6f 77 2d 67 72 6f 75 70 73 60	eny-groups``.and.``allow-groups`
96ce0	60 2e 00 41 64 64 20 63 75 73 74 6f 6d 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 20 76 61 72 69 61 62	`..Add.custom.environment.variab
96d00	6c 65 73 2e 20 4d 75 6c 74 69 70 6c 65 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 20 76 61 72 69 61 62	les..Multiple.environment.variab
96d20	6c 65 73 20 61 72 65 20 61 6c 6c 6f 77 65 64 2e 20 54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 63	les.are.allowed..The.following.c
96d40	6f 6d 6d 61 6e 64 73 20 74 72 61 6e 73 6c 61 74 65 20 74 6f 20 22 2d 65 20 6b 65 79 3d 76 61 6c	ommands.translate.to."-e.key=val
96d60	75 65 22 20 77 68 65 6e 20 74 68 65 20 63 6f 6e 74 61 69 6e 65 72 20 69 73 20 63 72 65 61 74 65	ue".when.the.container.is.create
96d80	64 2e 00 41 64 64 20 64 65 66 61 75 6c 74 20 72 6f 75 74 65 73 20 66 6f 72 20 72 6f 75 74 69 6e	d..Add.default.routes.for.routin
96da0	67 20 60 60 74 61 62 6c 65 20 31 30 60 60 20 61 6e 64 20 60 60 74 61 62 6c 65 20 31 31 60 60 00	g.``table.10``.and.``table.11``.
96dc0	41 64 64 20 6d 75 6c 74 69 70 6c 65 20 73 6f 75 72 63 65 20 49 50 20 69 6e 20 6f 6e 65 20 72 75	Add.multiple.source.IP.in.one.ru
96de0	6c 65 20 77 69 74 68 20 73 61 6d 65 20 70 72 69 6f 72 69 74 79 00 41 64 64 20 6e 65 77 20 70 6f	le.with.same.priority.Add.new.po
96e00	72 74 20 74 6f 20 53 53 4c 2d 70 6f 72 74 73 20 61 63 6c 2e 20 50 6f 72 74 73 20 69 6e 63 6c 75	rt.to.SSL-ports.acl..Ports.inclu
96e20	64 65 64 20 62 79 20 64 65 66 61 75 6c 74 20 69 6e 20 53 53 4c 2d 70 6f 72 74 73 20 61 63 6c 3a	ded.by.default.in.SSL-ports.acl:
96e40	20 34 34 33 00 41 64 64 20 6e 65 77 20 70 6f 72 74 20 74 6f 20 53 61 66 65 2d 70 6f 72 74 73 20	.443.Add.new.port.to.Safe-ports.
96e60	61 63 6c 2e 20 50 6f 72 74 73 20 69 6e 63 6c 75 64 65 64 20 62 79 20 64 65 66 61 75 6c 74 20 69	acl..Ports.included.by.default.i
96e80	6e 20 53 61 66 65 2d 70 6f 72 74 73 20 61 63 6c 3a 20 32 31 2c 20 37 30 2c 20 38 30 2c 20 32 31	n.Safe-ports.acl:.21,.70,.80,.21
96ea0	30 2c 20 32 38 30 2c 20 34 34 33 2c 20 34 38 38 2c 20 35 39 31 2c 20 37 37 37 2c 20 38 37 33 2c	0,.280,.443,.488,.591,.777,.873,
96ec0	20 31 30 32 35 2d 36 35 35 33 35 00 41 64 64 20 6f 72 20 72 65 70 6c 61 63 65 20 42 47 50 20 63	.1025-65535.Add.or.replace.BGP.c
96ee0	6f 6d 6d 75 6e 69 74 79 20 61 74 74 72 69 62 75 74 65 20 69 6e 20 66 6f 72 6d 61 74 20 60 60 3c	ommunity.attribute.in.format.``<
96f00	30 2d 36 35 35 33 35 3a 30 2d 36 35 35 33 35 3e 60 60 20 6f 72 20 66 72 6f 6d 20 77 65 6c 6c 2d	0-65535:0-65535>``.or.from.well-
96f20	6b 6e 6f 77 6e 20 63 6f 6d 6d 75 6e 69 74 79 20 6c 69 73 74 00 41 64 64 20 6f 72 20 72 65 70 6c	known.community.list.Add.or.repl
96f40	61 63 65 20 42 47 50 20 6c 61 72 67 65 2d 63 6f 6d 6d 75 6e 69 74 79 20 61 74 74 72 69 62 75 74	ace.BGP.large-community.attribut
96f60	65 20 69 6e 20 66 6f 72 6d 61 74 20 60 60 3c 30 2d 34 32 39 34 39 36 37 32 39 35 3a 30 2d 34 32	e.in.format.``<0-4294967295:0-42
96f80	39 34 39 36 37 32 39 35 3a 30 2d 34 32 39 34 39 36 37 32 39 35 3e 60 60 00 41 64 64 20 70 6f 6c	94967295:0-4294967295>``.Add.pol
96fa0	69 63 79 20 72 6f 75 74 65 20 6d 61 74 63 68 69 6e 67 20 56 4c 41 4e 20 73 6f 75 72 63 65 20 61	icy.route.matching.VLAN.source.a
96fc0	64 64 72 65 73 73 65 73 00 41 64 64 20 70 75 62 6c 69 63 20 6b 65 79 20 70 6f 72 74 69 6f 6e 20	ddresses.Add.public.key.portion.
96fe0	66 6f 72 20 74 68 65 20 63 65 72 74 69 66 69 63 61 74 65 20 6e 61 6d 65 64 20 60 6e 61 6d 65 60	for.the.certificate.named.`name`
97000	20 74 6f 20 74 68 65 20 56 79 4f 53 20 43 4c 49 2e 00 41 64 64 20 74 68 65 20 43 41 73 20 70 72	.to.the.VyOS.CLI..Add.the.CAs.pr
97020	69 76 61 74 65 20 6b 65 79 20 74 6f 20 74 68 65 20 56 79 4f 53 20 43 4c 49 2e 20 54 68 69 73 20	ivate.key.to.the.VyOS.CLI..This.
97040	73 68 6f 75 6c 64 20 6e 65 76 65 72 20 6c 65 61 76 65 20 74 68 65 20 73 79 73 74 65 6d 2c 20 61	should.never.leave.the.system,.a
97060	6e 64 20 69 73 20 6f 6e 6c 79 20 72 65 71 75 69 72 65 64 20 69 66 20 79 6f 75 20 75 73 65 20 56	nd.is.only.required.if.you.use.V
97080	79 4f 53 20 61 73 20 79 6f 75 72 20 63 65 72 74 69 66 69 63 61 74 65 20 67 65 6e 65 72 61 74 6f	yOS.as.your.certificate.generato
970a0	72 20 61 73 20 6d 65 6e 74 69 6f 6e 65 64 20 61 62 6f 76 65 2e 00 41 64 64 20 74 68 65 20 70 72	r.as.mentioned.above..Add.the.pr
970c0	69 76 61 74 65 20 6b 65 79 20 70 6f 72 74 69 6f 6e 20 6f 66 20 74 68 69 73 20 63 65 72 74 69 66	ivate.key.portion.of.this.certif
970e0	69 63 61 74 65 20 74 6f 20 74 68 65 20 43 4c 49 2e 20 54 68 69 73 20 73 68 6f 75 6c 64 20 6e 65	icate.to.the.CLI..This.should.ne
97100	76 65 72 20 6c 65 61 76 65 20 74 68 65 20 73 79 73 74 65 6d 20 61 73 20 69 74 20 69 73 20 75 73	ver.leave.the.system.as.it.is.us
97120	65 64 20 74 6f 20 64 65 63 72 79 70 74 20 74 68 65 20 64 61 74 61 2e 00 41 64 64 20 74 68 65 20	ed.to.decrypt.the.data..Add.the.
97140	70 75 62 6c 69 63 20 43 41 20 63 65 72 74 69 66 69 63 61 74 65 20 66 6f 72 20 74 68 65 20 43 41	public.CA.certificate.for.the.CA
97160	20 6e 61 6d 65 64 20 60 6e 61 6d 65 60 20 74 6f 20 74 68 65 20 56 79 4f 53 20 43 4c 49 2e 00 41	.named.`name`.to.the.VyOS.CLI..A
97180	64 64 69 6e 67 20 61 20 32 46 41 20 77 69 74 68 20 61 6e 20 4f 54 50 2d 6b 65 79 00 41 64 64 69	dding.a.2FA.with.an.OTP-key.Addi
971a0	74 69 6f 6e 61 6c 20 67 6c 6f 62 61 6c 20 70 61 72 61 6d 65 74 65 72 73 20 61 72 65 20 73 65 74	tional.global.parameters.are.set
971c0	2c 20 69 6e 63 6c 75 64 69 6e 67 20 74 68 65 20 6d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 63	,.including.the.maximum.number.c
971e0	6f 6e 6e 65 63 74 69 6f 6e 20 6c 69 6d 69 74 20 6f 66 20 34 30 30 30 20 61 6e 64 20 61 20 6d 69	onnection.limit.of.4000.and.a.mi
97200	6e 69 6d 75 6d 20 54 4c 53 20 76 65 72 73 69 6f 6e 20 6f 66 20 31 2e 33 2e 00 41 64 64 69 74 69	nimum.TLS.version.of.1.3..Additi
97220	6f 6e 61 6c 20 6f 70 74 69 6f 6e 20 74 6f 20 72 75 6e 20 54 46 54 50 20 73 65 72 76 65 72 20 69	onal.option.to.run.TFTP.server.i
97240	6e 20 74 68 65 20 3a 61 62 62 72 3a 60 56 52 46 20 28 56 69 72 74 75 61 6c 20 52 6f 75 74 69 6e	n.the.:abbr:`VRF.(Virtual.Routin
97260	67 20 61 6e 64 20 46 6f 72 77 61 72 64 69 6e 67 29 60 20 63 6f 6e 74 65 78 74 00 41 64 64 69 74	g.and.Forwarding)`.context.Addit
97280	69 6f 6e 61 6c 6c 79 20 79 6f 75 20 73 68 6f 75 6c 64 20 6b 65 65 70 20 69 6e 20 6d 69 6e 64 20	ionally.you.should.keep.in.mind.
972a0	74 68 61 74 20 74 68 69 73 20 66 65 61 74 75 72 65 20 66 75 6e 64 61 6d 65 6e 74 61 6c 6c 79 20	that.this.feature.fundamentally.
972c0	64 69 73 61 62 6c 65 73 20 74 68 65 20 61 62 69 6c 69 74 79 20 74 6f 20 75 73 65 20 77 69 64 65	disables.the.ability.to.use.wide
972e0	6c 79 20 64 65 70 6c 6f 79 65 64 20 42 47 50 20 66 65 61 74 75 72 65 73 2e 20 42 47 50 20 75 6e	ly.deployed.BGP.features..BGP.un
97300	6e 75 6d 62 65 72 65 64 2c 20 68 6f 73 74 6e 61 6d 65 20 73 75 70 70 6f 72 74 2c 20 41 53 34 2c	numbered,.hostname.support,.AS4,
97320	20 41 64 64 70 61 74 68 2c 20 52 6f 75 74 65 20 52 65 66 72 65 73 68 2c 20 4f 52 46 2c 20 44 79	.Addpath,.Route.Refresh,.ORF,.Dy
97340	6e 61 6d 69 63 20 43 61 70 61 62 69 6c 69 74 69 65 73 2c 20 61 6e 64 20 67 72 61 63 65 66 75 6c	namic.Capabilities,.and.graceful
97360	20 72 65 73 74 61 72 74 2e 00 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 65 61 63 68 20 63 6c 69	.restart..Additionally,.each.cli
97380	65 6e 74 20 6e 65 65 64 73 20 61 20 63 6f 70 79 20 6f 66 20 63 61 20 63 65 72 74 20 61 6e 64 20	ent.needs.a.copy.of.ca.cert.and.
973a0	69 74 73 20 6f 77 6e 20 63 6c 69 65 6e 74 20 6b 65 79 20 61 6e 64 20 63 65 72 74 20 66 69 6c 65	its.own.client.key.and.cert.file
973c0	73 2e 20 54 68 65 20 66 69 6c 65 73 20 61 72 65 20 70 6c 61 69 6e 74 65 78 74 20 73 6f 20 74 68	s..The.files.are.plaintext.so.th
973e0	65 79 20 6d 61 79 20 62 65 20 63 6f 70 69 65 64 20 65 69 74 68 65 72 20 6d 61 6e 75 61 6c 6c 79	ey.may.be.copied.either.manually
97400	20 66 72 6f 6d 20 74 68 65 20 43 4c 49 2e 20 43 6c 69 65 6e 74 20 6b 65 79 20 61 6e 64 20 63 65	.from.the.CLI..Client.key.and.ce
97420	72 74 20 66 69 6c 65 73 20 73 68 6f 75 6c 64 20 62 65 20 73 69 67 6e 65 64 20 77 69 74 68 20 74	rt.files.should.be.signed.with.t
97440	68 65 20 70 72 6f 70 65 72 20 63 61 20 63 65 72 74 20 61 6e 64 20 67 65 6e 65 72 61 74 65 64 20	he.proper.ca.cert.and.generated.
97460	6f 6e 20 74 68 65 20 73 65 72 76 65 72 20 73 69 64 65 2e 00 41 64 64 69 74 69 6f 6e 61 6c 6c 79	on.the.server.side..Additionally
97480	2c 20 77 65 20 77 61 6e 74 20 74 6f 20 75 73 65 20 56 50 4e 73 20 6f 6e 6c 79 20 6f 6e 20 6f 75	,.we.want.to.use.VPNs.only.on.ou
974a0	72 20 65 74 68 31 20 69 6e 74 65 72 66 61 63 65 20 28 74 68 65 20 65 78 74 65 72 6e 61 6c 20 69	r.eth1.interface.(the.external.i
974c0	6e 74 65 72 66 61 63 65 20 69 6e 20 74 68 65 20 69 6d 61 67 65 20 61 62 6f 76 65 29 00 41 64 64	nterface.in.the.image.above).Add
974e0	72 65 73 73 00 41 64 64 72 65 73 73 20 43 6f 6e 76 65 72 73 69 6f 6e 00 41 64 64 72 65 73 73 20	ress.Address.Conversion.Address.
97500	46 61 6d 69 6c 69 65 73 00 41 64 64 72 65 73 73 20 47 72 6f 75 70 73 00 41 64 64 72 65 73 73 20	Families.Address.Groups.Address.
97520	70 6f 6f 6c 20 73 68 61 6c 6c 20 62 65 20 60 60 32 30 30 31 3a 64 62 38 3a 3a 31 30 30 60 60 20	pool.shall.be.``2001:db8::100``.
97540	74 68 72 6f 75 67 68 20 60 60 32 30 30 31 3a 64 62 38 3a 3a 31 39 39 60 60 2e 00 41 64 64 72 65	through.``2001:db8::199``..Addre
97560	73 73 20 70 6f 6f 6c 73 00 41 64 64 72 65 73 73 20 74 6f 20 6c 69 73 74 65 6e 20 66 6f 72 20 48	ss.pools.Address.to.listen.for.H
97580	54 54 50 53 20 72 65 71 75 65 73 74 73 00 41 64 64 73 20 72 65 67 69 73 74 72 79 20 74 6f 20 6c	TTPS.requests.Adds.registry.to.l
975a0	69 73 74 20 6f 66 20 75 6e 71 75 61 6c 69 66 69 65 64 2d 73 65 61 72 63 68 2d 72 65 67 69 73 74	ist.of.unqualified-search-regist
975c0	72 69 65 73 2e 20 42 79 20 64 65 66 61 75 6c 74 2c 20 66 6f 72 20 61 6e 79 20 69 6d 61 67 65 20	ries..By.default,.for.any.image.
975e0	74 68 61 74 20 64 6f 65 73 20 6e 6f 74 20 69 6e 63 6c 75 64 65 20 74 68 65 20 72 65 67 69 73 74	that.does.not.include.the.regist
97600	72 79 20 69 6e 20 74 68 65 20 69 6d 61 67 65 20 6e 61 6d 65 2c 20 56 79 6f 73 20 77 69 6c 6c 20	ry.in.the.image.name,.Vyos.will.
97620	75 73 65 20 64 6f 63 6b 65 72 2e 69 6f 20 61 73 20 74 68 65 20 63 6f 6e 74 61 69 6e 65 72 20 72	use.docker.io.as.the.container.r
97640	65 67 69 73 74 72 79 2e 00 41 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 44 69 73 74 61 6e 63 65	egistry..Administrative.Distance
97660	00 41 64 76 61 6e 63 65 64 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 63 61 6e 20 62 65 20 75	.Advanced.configuration.can.be.u
97680	73 65 64 20 69 6e 20 6f 72 64 65 72 20 74 6f 20 61 70 70 6c 79 20 73 6f 75 72 63 65 20 6f 72 20	sed.in.order.to.apply.source.or.
976a0	64 65 73 74 69 6e 61 74 69 6f 6e 20 4e 41 54 2c 20 61 6e 64 20 77 69 74 68 69 6e 20 61 20 73 69	destination.NAT,.and.within.a.si
976c0	6e 67 6c 65 20 72 75 6c 65 2c 20 62 65 20 61 62 6c 65 20 74 6f 20 64 65 66 69 6e 65 20 6d 75 6c	ngle.rule,.be.able.to.define.mul
976e0	74 69 70 6c 65 20 74 72 61 6e 73 6c 61 74 65 64 20 61 64 64 72 65 73 73 65 73 2c 20 73 6f 20 4e	tiple.translated.addresses,.so.N
97700	41 54 20 62 61 6c 61 6e 63 65 73 20 74 68 65 20 74 72 61 6e 73 6c 61 74 69 6f 6e 73 20 61 6d 6f	AT.balances.the.translations.amo
97720	6e 67 20 74 68 65 6d 2e 00 41 64 76 61 6e 74 61 67 65 73 20 6f 66 20 4f 70 65 6e 56 50 4e 20 61	ng.them..Advantages.of.OpenVPN.a
97740	72 65 3a 00 41 64 76 65 72 74 69 73 65 20 44 4e 53 20 73 65 72 76 65 72 20 70 65 72 20 68 74 74	re:.Advertise.DNS.server.per.htt
97760	70 73 3a 2f 2f 74 6f 6f 6c 73 2e 69 65 74 66 2e 6f 72 67 2f 68 74 6d 6c 2f 72 66 63 36 31 30 36	ps://tools.ietf.org/html/rfc6106
97780	00 41 64 76 65 72 74 69 73 69 6e 67 20 61 20 50 72 65 66 69 78 00 41 66 74 65 72 20 63 6f 6d 6d	.Advertising.a.Prefix.After.comm
977a0	69 74 20 74 68 65 20 70 6c 61 69 6e 74 65 78 74 20 70 61 73 73 77 6f 72 64 73 20 77 69 6c 6c 20	it.the.plaintext.passwords.will.
977c0	62 65 20 68 61 73 68 65 64 20 61 6e 64 20 73 74 6f 72 65 64 20 69 6e 20 79 6f 75 72 20 63 6f 6e	be.hashed.and.stored.in.your.con
977e0	66 69 67 75 72 61 74 69 6f 6e 2e 20 54 68 65 20 72 65 73 75 6c 74 69 6e 67 20 43 4c 49 20 63 6f	figuration..The.resulting.CLI.co
97800	6e 66 69 67 20 77 69 6c 6c 20 6c 6f 6f 6b 20 6c 69 6b 65 3a 00 41 66 74 65 72 20 63 6f 6d 6d 69	nfig.will.look.like:.After.commi
97820	74 74 69 6e 67 20 74 68 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 77 65 20 63 61 6e 20 76	tting.the.configuration.we.can.v
97840	65 72 69 66 79 20 61 6c 6c 20 6c 65 61 6b 65 64 20 72 6f 75 74 65 73 20 61 72 65 20 69 6e 73 74	erify.all.leaked.routes.are.inst
97860	61 6c 6c 65 64 2c 20 61 6e 64 20 74 72 79 20 74 6f 20 49 43 4d 50 20 70 69 6e 67 20 50 43 31 20	alled,.and.try.to.ICMP.ping.PC1.
97880	66 72 6f 6d 20 50 43 33 2e 00 41 66 74 65 72 20 77 65 20 68 61 76 65 20 69 6d 70 6f 72 74 65 64	from.PC3..After.we.have.imported
978a0	20 74 68 65 20 43 41 20 63 65 72 74 69 66 69 63 61 74 65 28 73 29 20 77 65 20 63 61 6e 20 6e 6f	.the.CA.certificate(s).we.can.no
978c0	77 20 69 6d 70 6f 72 74 20 61 6e 64 20 61 64 64 20 63 65 72 74 69 66 69 63 61 74 65 73 20 75 73	w.import.and.add.certificates.us
978e0	65 64 20 62 79 20 73 65 72 76 69 63 65 73 20 6f 6e 20 74 68 69 73 20 72 6f 75 74 65 72 2e 00 41	ed.by.services.on.this.router..A
97900	67 65 6e 74 20 2d 20 73 6f 66 74 77 61 72 65 20 77 68 69 63 68 20 72 75 6e 73 20 6f 6e 20 6d 61	gent.-.software.which.runs.on.ma
97920	6e 61 67 65 64 20 64 65 76 69 63 65 73 00 41 6c 65 72 74 00 41 6c 67 6f 72 69 74 68 6d 00 41 6c	naged.devices.Alert.Algorithm.Al
97940	69 61 73 65 73 00 41 6c 6c 20 44 4e 53 20 72 65 71 75 65 73 74 73 20 66 6f 72 20 65 78 61 6d 70	iases.All.DNS.requests.for.examp
97960	6c 65 2e 63 6f 6d 20 6d 75 73 74 20 62 65 20 66 6f 72 77 61 72 64 65 64 20 74 6f 20 61 20 44 4e	le.com.must.be.forwarded.to.a.DN
97980	53 20 73 65 72 76 65 72 20 61 74 20 31 39 32 2e 30 2e 32 2e 32 35 34 20 61 6e 64 20 32 30 30 31	S.server.at.192.0.2.254.and.2001
979a0	3a 64 62 38 3a 63 61 66 65 3a 3a 31 00 41 6c 6c 20 53 4e 4d 50 20 4d 49 42 73 20 61 72 65 20 6c	:db8:cafe::1.All.SNMP.MIBs.are.l
979c0	6f 63 61 74 65 64 20 69 6e 20 65 61 63 68 20 69 6d 61 67 65 20 6f 66 20 56 79 4f 53 20 68 65 72	ocated.in.each.image.of.VyOS.her
979e0	65 3a 20 60 60 2f 75 73 72 2f 73 68 61 72 65 2f 73 6e 6d 70 2f 6d 69 62 73 2f 60 60 00 41 6c 6c	e:.``/usr/share/snmp/mibs/``.All
97a00	20 61 76 61 69 6c 61 62 6c 65 20 57 57 41 4e 20 63 61 72 64 73 20 68 61 76 65 20 61 20 62 75 69	.available.WWAN.cards.have.a.bui
97a20	6c 64 20 69 6e 2c 20 72 65 70 72 6f 67 72 61 6d 6d 61 62 6c 65 20 66 69 72 6d 77 61 72 65 2e 20	ld.in,.reprogrammable.firmware..
97a40	4d 6f 73 74 20 6f 66 20 74 68 65 20 76 65 6e 64 6f 72 73 20 70 72 6f 76 69 64 65 20 61 20 72 65	Most.of.the.vendors.provide.a.re
97a60	67 75 6c 61 72 20 75 70 64 61 74 65 20 74 6f 20 74 68 65 20 66 69 72 6d 77 61 72 65 20 75 73 65	gular.update.to.the.firmware.use
97a80	64 20 69 6e 20 74 68 65 20 62 61 73 65 62 61 6e 64 20 63 68 69 70 2e 00 41 6c 6c 20 63 65 72 74	d.in.the.baseband.chip..All.cert
97aa0	69 66 69 63 61 74 65 73 20 73 68 6f 75 6c 64 20 62 65 20 73 74 6f 72 65 64 20 6f 6e 20 56 79 4f	ificates.should.be.stored.on.VyO
97ac0	53 20 75 6e 64 65 72 20 60 60 2f 63 6f 6e 66 69 67 2f 61 75 74 68 60 60 2e 20 49 66 20 63 65 72	S.under.``/config/auth``..If.cer
97ae0	74 69 66 69 63 61 74 65 73 20 61 72 65 20 6e 6f 74 20 73 74 6f 72 65 64 20 69 6e 20 74 68 65 20	tificates.are.not.stored.in.the.
97b00	60 60 2f 63 6f 6e 66 69 67 60 60 20 64 69 72 65 63 74 6f 72 79 20 74 68 65 79 20 77 69 6c 6c 20	``/config``.directory.they.will.
97b20	6e 6f 74 20 62 65 20 6d 69 67 72 61 74 65 64 20 64 75 72 69 6e 67 20 61 20 73 6f 66 74 77 61 72	not.be.migrated.during.a.softwar
97b40	65 20 75 70 64 61 74 65 2e 00 41 6c 6c 20 66 61 63 69 6c 69 74 69 65 73 00 41 6c 6c 20 69 6e 74	e.update..All.facilities.All.int
97b60	65 72 66 61 63 65 73 20 75 73 65 64 20 66 6f 72 20 74 68 65 20 44 48 43 50 20 72 65 6c 61 79 20	erfaces.used.for.the.DHCP.relay.
97b80	6d 75 73 74 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 2e 20 54 68 69 73 20 69 6e 63 6c 75 64 65	must.be.configured..This.include
97ba0	73 20 74 68 65 20 75 70 6c 69 6e 6b 20 74 6f 20 74 68 65 20 44 48 43 50 20 73 65 72 76 65 72 2e	s.the.uplink.to.the.DHCP.server.
97bc0	00 41 6c 6c 20 69 74 65 6d 73 20 69 6e 20 61 20 73 79 6e 63 20 67 72 6f 75 70 20 73 68 6f 75 6c	.All.items.in.a.sync.group.shoul
97be0	64 20 62 65 20 73 69 6d 69 6c 61 72 6c 79 20 63 6f 6e 66 69 67 75 72 65 64 2e 20 49 66 20 6f 6e	d.be.similarly.configured..If.on
97c00	65 20 56 52 52 50 20 67 72 6f 75 70 20 69 73 20 73 65 74 20 74 6f 20 61 20 64 69 66 66 65 72 65	e.VRRP.group.is.set.to.a.differe
97c20	6e 74 20 70 72 65 65 6d 70 74 69 6f 6e 20 64 65 6c 61 79 20 6f 72 20 70 72 69 6f 72 69 74 79 2c	nt.preemption.delay.or.priority,
97c40	20 69 74 20 77 6f 75 6c 64 20 72 65 73 75 6c 74 20 69 6e 20 61 6e 20 65 6e 64 6c 65 73 73 20 74	.it.would.result.in.an.endless.t
97c60	72 61 6e 73 69 74 69 6f 6e 20 6c 6f 6f 70 2e 00 41 6c 6c 20 6f 74 68 65 72 20 44 4e 53 20 72 65	ransition.loop..All.other.DNS.re
97c80	71 75 65 73 74 73 20 77 69 6c 6c 20 62 65 20 66 6f 72 77 61 72 64 65 64 20 74 6f 20 61 20 64 69	quests.will.be.forwarded.to.a.di
97ca0	66 66 65 72 65 6e 74 20 73 65 74 20 6f 66 20 44 4e 53 20 73 65 72 76 65 72 73 20 61 74 20 31 39	fferent.set.of.DNS.servers.at.19
97cc0	32 2e 30 2e 32 2e 31 2c 20 31 39 32 2e 30 2e 32 2e 32 2c 20 32 30 30 31 3a 64 62 38 3a 3a 31 3a	2.0.2.1,.192.0.2.2,.2001:db8::1:
97ce0	66 66 66 66 20 61 6e 64 20 32 30 30 31 3a 64 62 38 3a 3a 32 3a 66 66 66 66 00 41 6c 6c 20 72 65	ffff.and.2001:db8::2:ffff.All.re
97d00	70 6c 79 20 73 69 7a 65 73 20 61 72 65 20 61 63 63 65 70 74 65 64 20 62 79 20 64 65 66 61 75 6c	ply.sizes.are.accepted.by.defaul
97d20	74 2e 00 41 6c 6c 20 73 63 72 69 70 74 73 20 65 78 63 65 63 75 74 65 64 20 74 68 69 73 20 77 61	t..All.scripts.excecuted.this.wa
97d40	79 20 61 72 65 20 65 78 65 63 75 74 65 64 20 61 73 20 72 6f 6f 74 20 75 73 65 72 20 2d 20 74 68	y.are.executed.as.root.user.-.th
97d60	69 73 20 6d 61 79 20 62 65 20 64 61 6e 67 65 72 6f 75 73 2e 20 54 6f 67 65 74 68 65 72 20 77 69	is.may.be.dangerous..Together.wi
97d80	74 68 20 3a 72 65 66 3a 60 63 6f 6d 6d 61 6e 64 2d 73 63 72 69 70 74 69 6e 67 60 20 74 68 69 73	th.:ref:`command-scripting`.this
97da0	20 63 61 6e 20 62 65 20 75 73 65 64 20 66 6f 72 20 61 75 74 6f 6d 61 74 69 6e 67 20 28 72 65 2d	.can.be.used.for.automating.(re-
97dc0	29 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2e 00 41 6c 6c 20 74 68 65 73 65 20 72 75 6c 65 73 20	)configuration..All.these.rules.
97de0	77 69 74 68 20 4f 54 43 20 77 69 6c 6c 20 68 65 6c 70 20 74 6f 20 64 65 74 65 63 74 20 61 6e 64	with.OTC.will.help.to.detect.and
97e00	20 6d 69 74 69 67 61 74 65 20 72 6f 75 74 65 20 6c 65 61 6b 73 20 61 6e 64 20 68 61 70 70 65 6e	.mitigate.route.leaks.and.happen
97e20	20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 69 66 20 6c 6f 63 61 6c 2d 72 6f 6c 65 20 69 73 20	.automatically.if.local-role.is.
97e40	73 65 74 2e 00 41 6c 6c 20 74 68 6f 73 65 20 70 72 6f 74 6f 63 6f 6c 73 20 61 72 65 20 67 72 6f	set..All.those.protocols.are.gro
97e60	75 70 65 64 20 75 6e 64 65 72 20 60 60 69 6e 74 65 72 66 61 63 65 73 20 74 75 6e 6e 65 6c 60 60	uped.under.``interfaces.tunnel``
97e80	20 69 6e 20 56 79 4f 53 2e 20 4c 65 74 27 73 20 74 61 6b 65 20 61 20 63 6c 6f 73 65 72 20 6c 6f	.in.VyOS..Let's.take.a.closer.lo
97ea0	6f 6b 20 61 74 20 74 68 65 20 70 72 6f 74 6f 63 6f 6c 73 20 61 6e 64 20 6f 70 74 69 6f 6e 73 20	ok.at.the.protocols.and.options.
97ec0	63 75 72 72 65 6e 74 6c 79 20 73 75 70 70 6f 72 74 65 64 20 62 79 20 56 79 4f 53 2e 00 41 6c 6c	currently.supported.by.VyOS..All
97ee0	20 74 72 61 66 66 69 63 20 62 65 74 77 65 65 6e 20 7a 6f 6e 65 73 20 69 73 20 61 66 66 65 63 74	.traffic.between.zones.is.affect
97f00	65 64 20 62 79 20 65 78 69 73 74 69 6e 67 20 70 6f 6c 69 63 69 65 73 00 41 6c 6c 20 74 72 61 66	ed.by.existing.policies.All.traf
97f20	66 69 63 20 74 6f 20 61 6e 64 20 66 72 6f 6d 20 61 6e 20 69 6e 74 65 72 66 61 63 65 20 77 69 74	fic.to.and.from.an.interface.wit
97f40	68 69 6e 20 61 20 7a 6f 6e 65 20 69 73 20 70 65 72 6d 69 74 74 65 64 2e 00 41 6c 6c 20 74 75 6e	hin.a.zone.is.permitted..All.tun
97f60	6e 65 6c 20 73 65 73 73 69 6f 6e 73 20 63 61 6e 20 62 65 20 63 68 65 63 6b 65 64 20 76 69 61 3a	nel.sessions.can.be.checked.via:
97f80	00 41 6c 6c 6f 63 61 74 69 6f 6e 20 63 6c 69 65 6e 74 73 20 69 70 20 61 64 64 72 65 73 73 65 73	.Allocation.clients.ip.addresses
97fa0	20 62 79 20 52 41 44 49 55 53 00 41 6c 6c 6f 77 20 60 60 73 73 68 60 60 20 64 79 6e 61 6d 69 63	.by.RADIUS.Allow.``ssh``.dynamic
97fc0	2d 70 72 6f 74 65 63 74 69 6f 6e 2e 00 41 6c 6c 6f 77 20 61 63 63 65 73 73 20 74 6f 20 73 69 74	-protection..Allow.access.to.sit
97fe0	65 73 20 69 6e 20 61 20 64 6f 6d 61 69 6e 20 77 69 74 68 6f 75 74 20 72 65 74 72 69 65 76 69 6e	es.in.a.domain.without.retrievin
98000	67 20 74 68 65 6d 20 66 72 6f 6d 20 74 68 65 20 50 72 6f 78 79 20 63 61 63 68 65 2e 20 53 70 65	g.them.from.the.Proxy.cache..Spe
98020	63 69 66 79 69 6e 67 20 22 76 79 6f 73 2e 6e 65 74 22 20 77 69 6c 6c 20 61 6c 6c 6f 77 20 61 63	cifying."vyos.net".will.allow.ac
98040	63 65 73 73 20 74 6f 20 76 79 6f 73 2e 6e 65 74 20 62 75 74 20 74 68 65 20 70 61 67 65 73 20 61	cess.to.vyos.net.but.the.pages.a
98060	63 63 65 73 73 65 64 20 77 69 6c 6c 20 6e 6f 74 20 62 65 20 63 61 63 68 65 64 2e 20 49 74 20 75	ccessed.will.not.be.cached..It.u
98080	73 65 66 75 6c 20 66 6f 72 20 77 6f 72 6b 69 6e 67 20 61 72 6f 75 6e 64 20 70 72 6f 62 6c 65 6d	seful.for.working.around.problem
980a0	73 20 77 69 74 68 20 22 49 66 2d 4d 6f 64 69 66 69 65 64 2d 53 69 6e 63 65 22 20 63 68 65 63 6b	s.with."If-Modified-Since".check
980c0	69 6e 67 20 61 74 20 63 65 72 74 61 69 6e 20 73 69 74 65 73 2e 00 41 6c 6c 6f 77 20 62 67 70 20	ing.at.certain.sites..Allow.bgp.
980e0	74 6f 20 6e 65 67 6f 74 69 61 74 65 20 74 68 65 20 65 78 74 65 6e 64 65 64 2d 6e 65 78 74 68 6f	to.negotiate.the.extended-nextho
98100	70 20 63 61 70 61 62 69 6c 69 74 79 20 77 69 74 68 20 69 74 e2 80 99 73 20 70 65 65 72 2e 20 49	p.capability.with.it...s.peer..I
98120	66 20 79 6f 75 20 61 72 65 20 70 65 65 72 69 6e 67 20 6f 76 65 72 20 61 20 49 50 76 36 20 4c 69	f.you.are.peering.over.a.IPv6.Li
98140	6e 6b 2d 4c 6f 63 61 6c 20 61 64 64 72 65 73 73 20 74 68 65 6e 20 74 68 69 73 20 63 61 70 61 62	nk-Local.address.then.this.capab
98160	69 6c 69 74 79 20 69 73 20 74 75 72 6e 65 64 20 6f 6e 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79	ility.is.turned.on.automatically
98180	2e 20 49 66 20 79 6f 75 20 61 72 65 20 70 65 65 72 69 6e 67 20 6f 76 65 72 20 61 20 49 50 76 36	..If.you.are.peering.over.a.IPv6
981a0	20 47 6c 6f 62 61 6c 20 41 64 64 72 65 73 73 20 74 68 65 6e 20 74 75 72 6e 69 6e 67 20 6f 6e 20	.Global.Address.then.turning.on.
981c0	74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 77 69 6c 6c 20 61 6c 6c 6f 77 20 42 47 50 20 74 6f 20 69	this.command.will.allow.BGP.to.i
981e0	6e 73 74 61 6c 6c 20 49 50 76 34 20 72 6f 75 74 65 73 20 77 69 74 68 20 49 50 76 36 20 6e 65 78	nstall.IPv4.routes.with.IPv6.nex
98200	74 68 6f 70 73 20 69 66 20 79 6f 75 20 64 6f 20 6e 6f 74 20 68 61 76 65 20 49 50 76 34 20 63 6f	thops.if.you.do.not.have.IPv4.co
98220	6e 66 69 67 75 72 65 64 20 6f 6e 20 69 6e 74 65 72 66 61 63 65 73 2e 00 41 6c 6c 6f 77 20 65 78	nfigured.on.interfaces..Allow.ex
98240	70 6c 69 63 69 74 20 49 50 76 36 20 61 64 64 72 65 73 73 20 66 6f 72 20 74 68 65 20 69 6e 74 65	plicit.IPv6.address.for.the.inte
98260	72 66 61 63 65 2e 00 41 6c 6c 6f 77 20 68 6f 73 74 20 6e 65 74 77 6f 72 6b 69 6e 67 20 69 6e 20	rface..Allow.host.networking.in.
98280	61 20 63 6f 6e 74 61 69 6e 65 72 2e 20 54 68 65 20 6e 65 74 77 6f 72 6b 20 73 74 61 63 6b 20 6f	a.container..The.network.stack.o
982a0	66 20 74 68 65 20 63 6f 6e 74 61 69 6e 65 72 20 69 73 20 6e 6f 74 20 69 73 6f 6c 61 74 65 64 20	f.the.container.is.not.isolated.
982c0	66 72 6f 6d 20 74 68 65 20 68 6f 73 74 20 61 6e 64 20 77 69 6c 6c 20 75 73 65 20 74 68 65 20 68	from.the.host.and.will.use.the.h
982e0	6f 73 74 20 49 50 2e 00 41 6c 6c 6f 77 20 74 68 69 73 20 42 46 44 20 70 65 65 72 20 74 6f 20 6e	ost.IP..Allow.this.BFD.peer.to.n
98300	6f 74 20 62 65 20 64 69 72 65 63 74 6c 79 20 63 6f 6e 6e 65 63 74 65 64 00 41 6c 6c 6f 77 65 64	ot.be.directly.connected.Allowed
98320	20 76 61 6c 75 65 73 20 66 70 72 20 54 43 50 20 66 6c 61 67 73 3a 20 60 60 53 59 4e 60 60 2c 20	.values.fpr.TCP.flags:.``SYN``,.
98340	60 60 41 43 4b 60 60 2c 20 60 60 46 49 4e 60 60 2c 20 60 60 52 53 54 60 60 2c 20 60 60 55 52 47	``ACK``,.``FIN``,.``RST``,.``URG
98360	60 60 2c 20 60 60 50 53 48 60 60 2c 20 60 60 41 4c 4c 60 60 20 57 68 65 6e 20 73 70 65 63 69 66	``,.``PSH``,.``ALL``.When.specif
98380	79 69 6e 67 20 6d 6f 72 65 20 74 68 61 6e 20 6f 6e 65 20 66 6c 61 67 2c 20 66 6c 61 67 73 20 73	ying.more.than.one.flag,.flags.s
983a0	68 6f 75 6c 64 20 62 65 20 63 6f 6d 6d 61 20 73 65 70 61 72 61 74 65 64 2e 20 54 68 65 20 60 60	hould.be.comma.separated..The.``
983c0	21 60 60 20 6e 65 67 61 74 65 20 74 68 65 20 73 65 6c 65 63 74 65 64 20 70 72 6f 74 6f 63 6f 6c	!``.negate.the.selected.protocol
983e0	2e 00 41 6c 6c 6f 77 73 20 73 70 65 63 69 66 69 63 20 56 4c 41 4e 20 49 44 73 20 74 6f 20 70 61	..Allows.specific.VLAN.IDs.to.pa
98400	73 73 20 74 68 72 6f 75 67 68 20 74 68 65 20 62 72 69 64 67 65 20 6d 65 6d 62 65 72 20 69 6e 74	ss.through.the.bridge.member.int
98420	65 72 66 61 63 65 2e 20 54 68 69 73 20 63 61 6e 20 65 69 74 68 65 72 20 62 65 20 61 6e 20 69 6e	erface..This.can.either.be.an.in
98440	64 69 76 69 64 75 61 6c 20 56 4c 41 4e 20 69 64 20 6f 72 20 61 20 72 61 6e 67 65 20 6f 66 20 56	dividual.VLAN.id.or.a.range.of.V
98460	4c 41 4e 20 69 64 73 20 64 65 6c 69 6d 69 74 65 64 20 62 79 20 61 20 68 79 70 68 65 6e 2e 00 41	LAN.ids.delimited.by.a.hyphen..A
98480	6c 6c 6f 77 73 20 74 6f 20 64 65 66 69 6e 65 20 55 52 4c 20 70 61 74 68 20 6d 61 74 63 68 69 6e	llows.to.define.URL.path.matchin
984a0	67 20 72 75 6c 65 73 20 66 6f 72 20 61 20 73 70 65 63 69 66 69 63 20 73 65 72 76 69 63 65 2e 00	g.rules.for.a.specific.service..
984c0	41 6c 6c 6f 77 73 20 79 6f 75 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 74 68 65 20 6e 65 78 74	Allows.you.to.configure.the.next
984e0	2d 68 6f 70 20 69 6e 74 65 72 66 61 63 65 20 66 6f 72 20 61 6e 20 69 6e 74 65 72 66 61 63 65 2d	-hop.interface.for.an.interface-
98500	62 61 73 65 64 20 49 50 76 34 20 73 74 61 74 69 63 20 72 6f 75 74 65 2e 20 60 3c 69 6e 74 65 72	based.IPv4.static.route..`<inter
98520	66 61 63 65 3e 60 20 77 69 6c 6c 20 62 65 20 74 68 65 20 6e 65 78 74 2d 68 6f 70 20 69 6e 74 65	face>`.will.be.the.next-hop.inte
98540	72 66 61 63 65 20 77 68 65 72 65 20 74 72 61 66 66 69 63 20 69 73 20 72 6f 75 74 65 64 20 66 6f	rface.where.traffic.is.routed.fo
98560	72 20 74 68 65 20 67 69 76 65 6e 20 60 3c 73 75 62 6e 65 74 3e 60 2e 00 41 6c 6c 6f 77 73 20 79	r.the.given.`<subnet>`..Allows.y
98580	6f 75 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 74 68 65 20 6e 65 78 74 2d 68 6f 70 20 69 6e 74	ou.to.configure.the.next-hop.int
985a0	65 72 66 61 63 65 20 66 6f 72 20 61 6e 20 69 6e 74 65 72 66 61 63 65 2d 62 61 73 65 64 20 49 50	erface.for.an.interface-based.IP
985c0	76 36 20 73 74 61 74 69 63 20 72 6f 75 74 65 2e 20 60 3c 69 6e 74 65 72 66 61 63 65 3e 60 20 77	v6.static.route..`<interface>`.w
985e0	69 6c 6c 20 62 65 20 74 68 65 20 6e 65 78 74 2d 68 6f 70 20 69 6e 74 65 72 66 61 63 65 20 77 68	ill.be.the.next-hop.interface.wh
98600	65 72 65 20 74 72 61 66 66 69 63 20 69 73 20 72 6f 75 74 65 64 20 66 6f 72 20 74 68 65 20 67 69	ere.traffic.is.routed.for.the.gi
98620	76 65 6e 20 60 3c 73 75 62 6e 65 74 3e 60 2e 00 41 6c 72 65 61 64 79 20 6c 65 61 72 6e 65 64 20	ven.`<subnet>`..Already.learned.
98640	6b 6e 6f 77 6e 5f 68 6f 73 74 73 20 66 69 6c 65 73 20 6f 66 20 63 6c 69 65 6e 74 73 20 6e 65 65	known_hosts.files.of.clients.nee
98660	64 20 61 6e 20 75 70 64 61 74 65 20 61 73 20 74 68 65 20 70 75 62 6c 69 63 20 6b 65 79 20 77 69	d.an.update.as.the.public.key.wi
98680	6c 6c 20 63 68 61 6e 67 65 2e 00 41 6c 73 6f 2c 20 2a 2a 64 65 66 61 75 6c 74 2d 61 63 74 69 6f	ll.change..Also,.**default-actio
986a0	6e 2a 2a 20 69 73 20 61 6e 20 61 63 74 69 6f 6e 20 74 68 61 74 20 74 61 6b 65 73 20 70 6c 61 63	n**.is.an.action.that.takes.plac
986c0	65 20 77 68 65 6e 65 76 65 72 20 61 20 70 61 63 6b 65 74 20 64 6f 65 73 20 6e 6f 74 20 6d 61 74	e.whenever.a.packet.does.not.mat
986e0	63 68 20 61 6e 79 20 72 75 6c 65 20 69 6e 20 69 74 27 73 20 63 68 61 69 6e 2e 20 46 6f 72 20 62	ch.any.rule.in.it's.chain..For.b
98700	61 73 65 20 63 68 61 69 6e 73 2c 20 70 6f 73 73 69 62 6c 65 20 6f 70 74 69 6f 6e 73 20 66 6f 72	ase.chains,.possible.options.for
98720	20 2a 2a 64 65 66 61 75 6c 74 2d 61 63 74 69 6f 6e 2a 2a 20 61 72 65 20 2a 2a 61 63 63 65 70 74	.**default-action**.are.**accept
98740	2a 2a 20 6f 72 20 2a 2a 64 72 6f 70 2a 2a 2e 00 41 6c 73 6f 2c 20 66 6f 72 20 62 61 63 6b 77 61	**.or.**drop**..Also,.for.backwa
98760	72 64 73 20 63 6f 6d 70 61 74 69 62 69 6c 69 74 79 20 74 68 69 73 20 63 6f 6e 66 69 67 75 72 61	rds.compatibility.this.configura
98780	74 69 6f 6e 2c 20 77 68 69 63 68 20 75 73 65 73 20 67 65 6e 65 72 69 63 20 69 6e 74 65 72 66 61	tion,.which.uses.generic.interfa
987a0	63 65 20 64 65 66 69 6e 69 74 69 6f 6e 2c 20 69 73 20 73 74 69 6c 6c 20 76 61 6c 69 64 3a 00 41	ce.definition,.is.still.valid:.A
987c0	6c 73 6f 2c 20 66 6f 72 20 74 68 6f 73 65 20 77 68 6f 20 68 61 76 65 6e 27 74 20 75 70 64 61 74	lso,.for.those.who.haven't.updat
987e0	65 64 20 74 6f 20 6e 65 77 65 72 20 76 65 72 73 69 6f 6e 2c 20 6c 65 67 61 63 79 20 64 6f 63 75	ed.to.newer.version,.legacy.docu
98800	6d 65 6e 74 61 74 69 6f 6e 20 69 73 20 73 74 69 6c 6c 20 70 72 65 73 65 6e 74 20 61 6e 64 20 76	mentation.is.still.present.and.v
98820	61 6c 69 64 20 66 6f 72 20 61 6c 6c 20 73 61 67 69 74 74 61 20 76 65 72 73 69 6f 6e 20 70 72 69	alid.for.all.sagitta.version.pri
98840	6f 72 20 74 6f 20 56 79 4f 53 20 31 2e 34 2d 72 6f 6c 6c 69 6e 67 2d 32 30 32 33 30 38 30 34 30	or.to.VyOS.1.4-rolling-202308040
98860	35 35 37 3a 00 41 6c 73 6f 2c 20 69 6e 20 3a 72 65 66 3a 60 64 65 73 74 69 6e 61 74 69 6f 6e 2d	557:.Also,.in.:ref:`destination-
98880	6e 61 74 60 2c 20 72 65 64 69 72 65 63 74 69 6f 6e 20 74 6f 20 6c 6f 63 61 6c 68 6f 73 74 20 69	nat`,.redirection.to.localhost.i
988a0	73 20 73 75 70 70 6f 72 74 65 64 2e 20 54 68 65 20 72 65 64 69 72 65 63 74 20 73 74 61 74 65 6d	s.supported..The.redirect.statem
988c0	65 6e 74 20 69 73 20 61 20 73 70 65 63 69 61 6c 20 66 6f 72 6d 20 6f 66 20 64 6e 61 74 20 77 68	ent.is.a.special.form.of.dnat.wh
988e0	69 63 68 20 61 6c 77 61 79 73 20 74 72 61 6e 73 6c 61 74 65 73 20 74 68 65 20 64 65 73 74 69 6e	ich.always.translates.the.destin
98900	61 74 69 6f 6e 20 61 64 64 72 65 73 73 20 74 6f 20 74 68 65 20 6c 6f 63 61 6c 20 68 6f 73 74 e2	ation.address.to.the.local.host.
98920	80 99 73 20 6f 6e 65 2e 00 41 6c 74 65 72 6e 61 74 65 20 52 6f 75 74 69 6e 67 20 54 61 62 6c 65	..s.one..Alternate.Routing.Table
98940	73 00 41 6c 74 65 72 6e 61 74 65 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 73 20 61 72 65 20 75	s.Alternate.routing.tables.are.u
98960	73 65 64 20 77 69 74 68 20 70 6f 6c 69 63 79 20 62 61 73 65 64 20 72 6f 75 74 69 6e 67 20 62 79	sed.with.policy.based.routing.by
98980	20 75 74 69 6c 69 7a 69 6e 67 20 3a 72 65 66 3a 60 76 72 66 60 2e 00 41 6c 74 65 72 6e 61 74 69	.utilizing.:ref:`vrf`..Alternati
989a0	76 65 20 74 6f 20 6d 75 6c 74 69 63 61 73 74 2c 20 74 68 65 20 72 65 6d 6f 74 65 20 49 50 76 34	ve.to.multicast,.the.remote.IPv4
989c0	20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 56 58 4c 41 4e 20 74 75 6e 6e 65 6c 20 63 61 6e	.address.of.the.VXLAN.tunnel.can
989e0	20 62 65 20 73 65 74 20 64 69 72 65 63 74 6c 79 2e 20 4c 65 74 27 73 20 63 68 61 6e 67 65 20 74	.be.set.directly..Let's.change.t
98a00	68 65 20 4d 75 6c 74 69 63 61 73 74 20 65 78 61 6d 70 6c 65 20 66 72 6f 6d 20 61 62 6f 76 65 3a	he.Multicast.example.from.above:
98a20	00 41 6c 77 61 79 73 20 65 78 63 6c 75 64 65 20 74 68 69 73 20 61 64 64 72 65 73 73 20 66 72 6f	.Always.exclude.this.address.fro
98a40	6d 20 61 6e 79 20 64 65 66 69 6e 65 64 20 72 61 6e 67 65 2e 20 54 68 69 73 20 61 64 64 72 65 73	m.any.defined.range..This.addres
98a60	73 20 77 69 6c 6c 20 6e 65 76 65 72 20 62 65 20 61 73 73 69 67 6e 65 64 20 62 79 20 74 68 65 20	s.will.never.be.assigned.by.the.
98a80	44 48 43 50 20 73 65 72 76 65 72 2e 00 41 6e 20 2a 2a 69 6e 74 65 72 66 61 63 65 20 67 72 6f 75	DHCP.server..An.**interface.grou
98aa0	70 2a 2a 20 72 65 70 72 65 73 65 6e 74 73 20 61 20 63 6f 6c 6c 65 63 74 69 6f 6e 20 6f 66 20 69	p**.represents.a.collection.of.i
98ac0	6e 74 65 72 66 61 63 65 73 2e 00 41 6e 20 41 53 20 69 73 20 61 20 63 6f 6e 6e 65 63 74 65 64 20	nterfaces..An.AS.is.a.connected.
98ae0	67 72 6f 75 70 20 6f 66 20 6f 6e 65 20 6f 72 20 6d 6f 72 65 20 49 50 20 70 72 65 66 69 78 65 73	group.of.one.or.more.IP.prefixes
98b00	20 72 75 6e 20 62 79 20 6f 6e 65 20 6f 72 20 6d 6f 72 65 20 6e 65 74 77 6f 72 6b 20 6f 70 65 72	.run.by.one.or.more.network.oper
98b20	61 74 6f 72 73 20 77 68 69 63 68 20 68 61 73 20 61 20 53 49 4e 47 4c 45 20 61 6e 64 20 43 4c 45	ators.which.has.a.SINGLE.and.CLE
98b40	41 52 4c 59 20 44 45 46 49 4e 45 44 20 72 6f 75 74 69 6e 67 20 70 6f 6c 69 63 79 2e 00 41 6e 20	ARLY.DEFINED.routing.policy..An.
98b60	49 50 76 34 20 54 43 50 20 66 69 6c 74 65 72 20 77 69 6c 6c 20 6f 6e 6c 79 20 6d 61 74 63 68 20	IPv4.TCP.filter.will.only.match.
98b80	70 61 63 6b 65 74 73 20 77 69 74 68 20 61 6e 20 49 50 76 34 20 68 65 61 64 65 72 20 6c 65 6e 67	packets.with.an.IPv4.header.leng
98ba0	74 68 20 6f 66 20 32 30 20 62 79 74 65 73 20 28 77 68 69 63 68 20 69 73 20 74 68 65 20 6d 61 6a	th.of.20.bytes.(which.is.the.maj
98bc0	6f 72 69 74 79 20 6f 66 20 49 50 76 34 20 70 61 63 6b 65 74 73 20 61 6e 79 77 61 79 29 2e 00 41	ority.of.IPv4.packets.anyway)..A
98be0	6e 20 53 4e 4d 50 2d 6d 61 6e 61 67 65 64 20 6e 65 74 77 6f 72 6b 20 63 6f 6e 73 69 73 74 73 20	n.SNMP-managed.network.consists.
98c00	6f 66 20 74 68 72 65 65 20 6b 65 79 20 63 6f 6d 70 6f 6e 65 6e 74 73 3a 00 41 6e 20 60 3c 69 6e	of.three.key.components:.An.`<in
98c20	74 65 72 66 61 63 65 3e 60 20 73 70 65 63 69 66 79 69 6e 67 20 77 68 69 63 68 20 73 6c 61 76 65	terface>`.specifying.which.slave
98c40	20 69 73 20 74 68 65 20 70 72 69 6d 61 72 79 20 64 65 76 69 63 65 2e 20 54 68 65 20 73 70 65 63	.is.the.primary.device..The.spec
98c60	69 66 69 65 64 20 64 65 76 69 63 65 20 77 69 6c 6c 20 61 6c 77 61 79 73 20 62 65 20 74 68 65 20	ified.device.will.always.be.the.
98c80	61 63 74 69 76 65 20 73 6c 61 76 65 20 77 68 69 6c 65 20 69 74 20 69 73 20 61 76 61 69 6c 61 62	active.slave.while.it.is.availab
98ca0	6c 65 2e 20 4f 6e 6c 79 20 77 68 65 6e 20 74 68 65 20 70 72 69 6d 61 72 79 20 69 73 20 6f 66 66	le..Only.when.the.primary.is.off
98cc0	2d 6c 69 6e 65 20 77 69 6c 6c 20 61 6c 74 65 72 6e 61 74 65 20 64 65 76 69 63 65 73 20 62 65 20	-line.will.alternate.devices.be.
98ce0	75 73 65 64 2e 20 54 68 69 73 20 69 73 20 75 73 65 66 75 6c 20 77 68 65 6e 20 6f 6e 65 20 73 6c	used..This.is.useful.when.one.sl
98d00	61 76 65 20 69 73 20 70 72 65 66 65 72 72 65 64 20 6f 76 65 72 20 61 6e 6f 74 68 65 72 2c 20 65	ave.is.preferred.over.another,.e
98d20	2e 67 2e 2c 20 77 68 65 6e 20 6f 6e 65 20 73 6c 61 76 65 20 68 61 73 20 68 69 67 68 65 72 20 74	.g.,.when.one.slave.has.higher.t
98d40	68 72 6f 75 67 68 70 75 74 20 74 68 61 6e 20 61 6e 6f 74 68 65 72 2e 00 41 6e 20 61 64 64 69 74	hroughput.than.another..An.addit
98d60	69 6f 6e 61 6c 20 6c 61 79 65 72 20 6f 66 20 73 79 6d 6d 65 74 72 69 63 2d 6b 65 79 20 63 72 79	ional.layer.of.symmetric-key.cry
98d80	70 74 6f 20 63 61 6e 20 62 65 20 75 73 65 64 20 6f 6e 20 74 6f 70 20 6f 66 20 74 68 65 20 61 73	pto.can.be.used.on.top.of.the.as
98da0	79 6d 6d 65 74 72 69 63 20 63 72 79 70 74 6f 2e 00 41 6e 20 61 64 64 69 74 69 6f 6e 61 6c 20 6c	ymmetric.crypto..An.additional.l
98dc0	61 79 65 72 20 6f 66 20 73 79 6d 6d 65 74 72 69 63 2d 6b 65 79 20 63 72 79 70 74 6f 20 63 61 6e	ayer.of.symmetric-key.crypto.can
98de0	20 62 65 20 75 73 65 64 20 6f 6e 20 74 6f 70 20 6f 66 20 74 68 65 20 61 73 79 6d 6d 65 74 72 69	.be.used.on.top.of.the.asymmetri
98e00	63 20 63 72 79 70 74 6f 2e 20 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 61 75 74 6f 6d 61 74 69 63	c.crypto..This.command.automatic
98e20	61 6c 6c 79 20 63 72 65 61 74 65 73 20 66 6f 72 20 79 6f 75 20 74 68 65 20 72 65 71 75 69 72 65	ally.creates.for.you.the.require
98e40	64 20 43 4c 49 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 69 6e 73 74 61 6c 6c 20 74 68 69 73 20 50 53	d.CLI.command.to.install.this.PS
98e60	4b 20 66 6f 72 20 61 20 67 69 76 65 6e 20 70 65 65 72 2e 00 41 6e 20 61 64 64 69 74 69 6f 6e 61	K.for.a.given.peer..An.additiona
98e80	6c 20 6c 61 79 65 72 20 6f 66 20 73 79 6d 6d 65 74 72 69 63 2d 6b 65 79 20 63 72 79 70 74 6f 20	l.layer.of.symmetric-key.crypto.
98ea0	63 61 6e 20 62 65 20 75 73 65 64 20 6f 6e 20 74 6f 70 20 6f 66 20 74 68 65 20 61 73 79 6d 6d 65	can.be.used.on.top.of.the.asymme
98ec0	74 72 69 63 20 63 72 79 70 74 6f 2e 20 54 68 69 73 20 69 73 20 6f 70 74 69 6f 6e 61 6c 2e 00 41	tric.crypto..This.is.optional..A
98ee0	6e 20 61 64 76 61 6e 74 61 67 65 20 6f 66 20 74 68 69 73 20 73 63 68 65 6d 65 20 69 73 20 74 68	n.advantage.of.this.scheme.is.th
98f00	61 74 20 79 6f 75 20 67 65 74 20 61 20 72 65 61 6c 20 69 6e 74 65 72 66 61 63 65 20 77 69 74 68	at.you.get.a.real.interface.with
98f20	20 69 74 73 20 6f 77 6e 20 61 64 64 72 65 73 73 2c 20 77 68 69 63 68 20 6d 61 6b 65 73 20 69 74	.its.own.address,.which.makes.it
98f40	20 65 61 73 69 65 72 20 74 6f 20 73 65 74 75 70 20 73 74 61 74 69 63 20 72 6f 75 74 65 73 20 6f	.easier.to.setup.static.routes.o
98f60	72 20 75 73 65 20 64 79 6e 61 6d 69 63 20 72 6f 75 74 69 6e 67 20 70 72 6f 74 6f 63 6f 6c 73 20	r.use.dynamic.routing.protocols.
98f80	77 69 74 68 6f 75 74 20 68 61 76 69 6e 67 20 74 6f 20 6d 6f 64 69 66 79 20 49 50 73 65 63 20 70	without.having.to.modify.IPsec.p
98fa0	6f 6c 69 63 69 65 73 2e 20 54 68 65 20 6f 74 68 65 72 20 61 64 76 61 6e 74 61 67 65 20 69 73 20	olicies..The.other.advantage.is.
98fc0	74 68 61 74 20 69 74 20 67 72 65 61 74 6c 79 20 73 69 6d 70 6c 69 66 69 65 73 20 72 6f 75 74 65	that.it.greatly.simplifies.route
98fe0	72 20 74 6f 20 72 6f 75 74 65 72 20 63 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 2c 20 77 68 69 63 68	r.to.router.communication,.which
99000	20 63 61 6e 20 62 65 20 74 72 69 63 6b 79 20 77 69 74 68 20 70 6c 61 69 6e 20 49 50 73 65 63 20	.can.be.tricky.with.plain.IPsec.
99020	62 65 63 61 75 73 65 20 74 68 65 20 65 78 74 65 72 6e 61 6c 20 6f 75 74 67 6f 69 6e 67 20 61 64	because.the.external.outgoing.ad
99040	64 72 65 73 73 20 6f 66 20 74 68 65 20 72 6f 75 74 65 72 20 75 73 75 61 6c 6c 79 20 64 6f 65 73	dress.of.the.router.usually.does
99060	6e 27 74 20 6d 61 74 63 68 20 74 68 65 20 49 50 73 65 63 20 70 6f 6c 69 63 79 20 6f 66 20 74 79	n't.match.the.IPsec.policy.of.ty
99080	70 69 63 61 6c 20 73 69 74 65 2d 74 6f 2d 73 69 74 65 20 73 65 74 75 70 20 61 6e 64 20 79 6f 75	pical.site-to-site.setup.and.you
990a0	20 6e 65 65 64 20 74 6f 20 61 64 64 20 73 70 65 63 69 61 6c 20 63 6f 6e 66 69 67 75 72 61 74 69	.need.to.add.special.configurati
990c0	6f 6e 20 66 6f 72 20 69 74 2c 20 6f 72 20 61 64 6a 75 73 74 20 74 68 65 20 73 6f 75 72 63 65 20	on.for.it,.or.adjust.the.source.
990e0	61 64 64 72 65 73 73 20 66 6f 72 20 6f 75 74 67 6f 69 6e 67 20 74 72 61 66 66 69 63 20 6f 66 20	address.for.outgoing.traffic.of.
99100	79 6f 75 72 20 61 70 70 6c 69 63 61 74 69 6f 6e 73 2e 20 47 52 45 2f 49 50 73 65 63 20 68 61 73	your.applications..GRE/IPsec.has
99120	20 6e 6f 20 73 75 63 68 20 70 72 6f 62 6c 65 6d 20 61 6e 64 20 69 73 20 63 6f 6d 70 6c 65 74 65	.no.such.problem.and.is.complete
99140	6c 79 20 74 72 61 6e 73 70 61 72 65 6e 74 20 66 6f 72 20 74 68 65 20 61 70 70 6c 69 63 61 74 69	ly.transparent.for.the.applicati
99160	6f 6e 73 2e 00 41 6e 20 61 67 65 6e 74 20 69 73 20 61 20 6e 65 74 77 6f 72 6b 2d 6d 61 6e 61 67	ons..An.agent.is.a.network-manag
99180	65 6d 65 6e 74 20 73 6f 66 74 77 61 72 65 20 6d 6f 64 75 6c 65 20 74 68 61 74 20 72 65 73 69 64	ement.software.module.that.resid
991a0	65 73 20 6f 6e 20 61 20 6d 61 6e 61 67 65 64 20 64 65 76 69 63 65 2e 20 41 6e 20 61 67 65 6e 74	es.on.a.managed.device..An.agent
991c0	20 68 61 73 20 6c 6f 63 61 6c 20 6b 6e 6f 77 6c 65 64 67 65 20 6f 66 20 6d 61 6e 61 67 65 6d 65	.has.local.knowledge.of.manageme
991e0	6e 74 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 6e 64 20 74 72 61 6e 73 6c 61 74 65 73 20 74 68	nt.information.and.translates.th
99200	61 74 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74 6f 20 6f 72 20 66 72 6f 6d 20 61 6e 20 53 4e 4d	at.information.to.or.from.an.SNM
99220	50 2d 73 70 65 63 69 66 69 63 20 66 6f 72 6d 2e 00 41 6e 20 61 6c 74 65 72 6e 61 74 65 20 63 6f	P-specific.form..An.alternate.co
99240	6d 6d 61 6e 64 20 63 6f 75 6c 64 20 62 65 20 22 6d 70 6c 73 2d 74 65 20 6f 6e 22 20 28 54 72 61	mmand.could.be."mpls-te.on".(Tra
99260	66 66 69 63 20 45 6e 67 69 6e 65 65 72 69 6e 67 29 00 41 6e 20 61 72 62 69 74 72 61 72 79 20 6e	ffic.Engineering).An.arbitrary.n
99280	65 74 6d 61 73 6b 20 63 61 6e 20 62 65 20 61 70 70 6c 69 65 64 20 74 6f 20 6d 61 73 6b 20 61 64	etmask.can.be.applied.to.mask.ad
992a0	64 72 65 73 73 65 73 20 74 6f 20 6f 6e 6c 79 20 6d 61 74 63 68 20 61 67 61 69 6e 73 74 20 61 20	dresses.to.only.match.against.a.
992c0	73 70 65 63 69 66 69 63 20 70 6f 72 74 69 6f 6e 2e 20 54 68 69 73 20 69 73 20 70 61 72 74 69 63	specific.portion..This.is.partic
992e0	75 6c 61 72 6c 79 20 75 73 65 66 75 6c 20 77 69 74 68 20 49 50 76 36 20 61 6e 64 20 61 20 7a 6f	ularly.useful.with.IPv6.and.a.zo
99300	6e 65 2d 62 61 73 65 64 20 66 69 72 65 77 61 6c 6c 20 61 73 20 72 75 6c 65 73 20 77 69 6c 6c 20	ne-based.firewall.as.rules.will.
99320	72 65 6d 61 69 6e 20 76 61 6c 69 64 20 69 66 20 74 68 65 20 49 50 76 36 20 70 72 65 66 69 78 20	remain.valid.if.the.IPv6.prefix.
99340	63 68 61 6e 67 65 73 20 61 6e 64 20 74 68 65 20 68 6f 73 74 20 70 6f 72 74 69 6f 6e 20 6f 66 20	changes.and.the.host.portion.of.
99360	73 79 73 74 65 6d 73 20 49 50 76 36 20 61 64 64 72 65 73 73 20 69 73 20 73 74 61 74 69 63 20 28	systems.IPv6.address.is.static.(
99380	66 6f 72 20 65 78 61 6d 70 6c 65 2c 20 77 69 74 68 20 53 4c 41 41 43 20 6f 72 20 60 74 6f 6b 65	for.example,.with.SLAAC.or.`toke
993a0	6e 69 73 65 64 20 49 50 76 36 20 61 64 64 72 65 73 73 65 73 20 3c 68 74 74 70 73 3a 2f 2f 64 61	nised.IPv6.addresses.<https://da
993c0	74 61 74 72 61 63 6b 65 72 2e 69 65 74 66 2e 6f 72 67 2f 64 6f 63 2f 69 64 2f 64 72 61 66 74 2d	tatracker.ietf.org/doc/id/draft-
993e0	63 68 6f 77 6e 2d 36 6d 61 6e 2d 74 6f 6b 65 6e 69 73 65 64 2d 69 70 76 36 2d 69 64 65 6e 74 69	chown-6man-tokenised-ipv6-identi
99400	66 69 65 72 73 2d 30 32 2e 74 78 74 3e 60 5f 29 00 41 6e 20 61 72 62 69 74 72 61 72 79 20 6e 65	fiers-02.txt>`_).An.arbitrary.ne
99420	74 6d 61 73 6b 20 63 61 6e 20 62 65 20 61 70 70 6c 69 65 64 20 74 6f 20 6d 61 73 6b 20 61 64 64	tmask.can.be.applied.to.mask.add
99440	72 65 73 73 65 73 20 74 6f 20 6f 6e 6c 79 20 6d 61 74 63 68 20 61 67 61 69 6e 73 74 20 61 20 73	resses.to.only.match.against.a.s
99460	70 65 63 69 66 69 63 20 70 6f 72 74 69 6f 6e 2e 20 54 68 69 73 20 69 73 20 70 61 72 74 69 63 75	pecific.portion..This.is.particu
99480	6c 61 72 6c 79 20 75 73 65 66 75 6c 20 77 69 74 68 20 49 50 76 36 20 61 73 20 72 75 6c 65 73 20	larly.useful.with.IPv6.as.rules.
994a0	77 69 6c 6c 20 72 65 6d 61 69 6e 20 76 61 6c 69 64 20 69 66 20 74 68 65 20 49 50 76 36 20 70 72	will.remain.valid.if.the.IPv6.pr
994c0	65 66 69 78 20 63 68 61 6e 67 65 73 20 61 6e 64 20 74 68 65 20 68 6f 73 74 20 70 6f 72 74 69 6f	efix.changes.and.the.host.portio
994e0	6e 20 6f 66 20 73 79 73 74 65 6d 73 20 49 50 76 36 20 61 64 64 72 65 73 73 20 69 73 20 73 74 61	n.of.systems.IPv6.address.is.sta
99500	74 69 63 20 28 66 6f 72 20 65 78 61 6d 70 6c 65 2c 20 77 69 74 68 20 53 4c 41 41 43 20 6f 72 20	tic.(for.example,.with.SLAAC.or.
99520	60 74 6f 6b 65 6e 69 73 65 64 20 49 50 76 36 20 61 64 64 72 65 73 73 65 73 20 3c 68 74 74 70 73	`tokenised.IPv6.addresses.<https
99540	3a 2f 2f 64 61 74 61 74 72 61 63 6b 65 72 2e 69 65 74 66 2e 6f 72 67 2f 64 6f 63 2f 69 64 2f 64	://datatracker.ietf.org/doc/id/d
99560	72 61 66 74 2d 63 68 6f 77 6e 2d 36 6d 61 6e 2d 74 6f 6b 65 6e 69 73 65 64 2d 69 70 76 36 2d 69	raft-chown-6man-tokenised-ipv6-i
99580	64 65 6e 74 69 66 69 65 72 73 2d 30 32 2e 74 78 74 3e 60 5f 29 00 41 6e 20 62 61 73 69 63 20 69	dentifiers-02.txt>`_).An.basic.i
995a0	6e 74 72 6f 64 75 63 74 69 6f 6e 20 74 6f 20 7a 6f 6e 65 2d 62 61 73 65 64 20 66 69 72 65 77 61	ntroduction.to.zone-based.firewa
995c0	6c 6c 73 20 63 61 6e 20 62 65 20 66 6f 75 6e 64 20 60 68 65 72 65 20 3c 68 74 74 70 73 3a 2f 2f	lls.can.be.found.`here.<https://
995e0	73 75 70 70 6f 72 74 2e 76 79 6f 73 2e 69 6f 2f 65 6e 2f 6b 62 2f 61 72 74 69 63 6c 65 73 2f 61	support.vyos.io/en/kb/articles/a
99600	2d 70 72 69 6d 65 72 2d 74 6f 2d 7a 6f 6e 65 2d 62 61 73 65 64 2d 66 69 72 65 77 61 6c 6c 3e 60	-primer-to-zone-based-firewall>`
99620	5f 2c 20 61 6e 64 20 61 6e 20 65 78 61 6d 70 6c 65 20 61 74 20 3a 72 65 66 3a 60 65 78 61 6d 70	_,.and.an.example.at.:ref:`examp
99640	6c 65 73 2d 7a 6f 6e 65 2d 70 6f 6c 69 63 79 60 2e 00 41 6e 20 65 78 61 6d 70 6c 65 20 6f 66 20	les-zone-policy`..An.example.of.
99660	61 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 74 68 61 74 20 73 65 6e 64 73 20 60 60 74 65 6c	a.configuration.that.sends.``tel
99680	65 67 72 61 66 60 60 20 6d 65 74 72 69 63 73 20 74 6f 20 72 65 6d 6f 74 65 20 60 60 49 6e 66 6c	egraf``.metrics.to.remote.``Infl
996a0	75 78 44 42 20 32 60 60 00 41 6e 20 65 78 61 6d 70 6c 65 20 6f 66 20 63 72 65 61 74 69 6e 67 20	uxDB.2``.An.example.of.creating.
996c0	61 20 56 4c 41 4e 2d 61 77 61 72 65 20 62 72 69 64 67 65 20 69 73 20 61 73 20 66 6f 6c 6c 6f 77	a.VLAN-aware.bridge.is.as.follow
996e0	73 3a 00 41 6e 20 65 78 61 6d 70 6c 65 20 6f 66 20 6b 65 79 20 67 65 6e 65 72 61 74 69 6f 6e 3a	s:.An.example.of.key.generation:
99700	00 41 6e 20 65 78 61 6d 70 6c 65 20 6f 66 20 74 68 65 20 64 61 74 61 20 63 61 70 74 75 72 65 64	.An.example.of.the.data.captured
99720	20 62 79 20 61 20 46 52 45 45 52 41 44 49 55 53 20 73 65 72 76 65 72 20 77 69 74 68 20 73 71 6c	.by.a.FREERADIUS.server.with.sql
99740	20 61 63 63 6f 75 6e 74 69 6e 67 3a 00 41 6e 20 65 78 61 6d 70 6c 65 3a 00 41 6e 20 6f 70 74 69	.accounting:.An.example:.An.opti
99760	6f 6e 20 74 68 61 74 20 74 61 6b 65 73 20 61 20 71 75 6f 74 65 64 20 73 74 72 69 6e 67 20 69 73	on.that.takes.a.quoted.string.is
99780	20 73 65 74 20 62 79 20 72 65 70 6c 61 63 69 6e 67 20 61 6c 6c 20 71 75 6f 74 65 20 63 68 61 72	.set.by.replacing.all.quote.char
997a0	61 63 74 65 72 73 20 77 69 74 68 20 74 68 65 20 73 74 72 69 6e 67 20 60 60 26 71 75 6f 74 3b 60	acters.with.the.string.``&quot;`
997c0	60 20 69 6e 73 69 64 65 20 74 68 65 20 73 74 61 74 69 63 2d 6d 61 70 70 69 6e 67 2d 70 61 72 61	`.inside.the.static-mapping-para
997e0	6d 65 74 65 72 73 20 76 61 6c 75 65 2e 20 54 68 65 20 72 65 73 75 6c 74 69 6e 67 20 6c 69 6e 65	meters.value..The.resulting.line
99800	20 69 6e 20 64 68 63 70 64 2e 63 6f 6e 66 20 77 69 6c 6c 20 62 65 20 60 60 6f 70 74 69 6f 6e 20	.in.dhcpd.conf.will.be.``option.
99820	70 78 65 6c 69 6e 75 78 2e 63 6f 6e 66 69 67 66 69 6c 65 20 22 70 78 65 6c 69 6e 75 78 2e 63 66	pxelinux.configfile."pxelinux.cf
99840	67 2f 30 31 2d 30 30 2d 31 35 2d 31 37 2d 34 34 2d 32 64 2d 61 61 22 3b 60 60 2e 00 41 6e 64 20	g/01-00-15-17-44-2d-aa";``..And.
99860	66 6f 72 20 69 70 76 36 3a 00 41 6e 64 20 74 68 65 20 64 69 66 66 65 72 65 6e 74 20 49 50 76 34	for.ipv6:.And.the.different.IPv4
99880	20 2a 2a 72 65 73 65 74 2a 2a 20 63 6f 6d 6d 61 6e 64 73 20 61 76 61 69 6c 61 62 6c 65 3a 00 41	.**reset**.commands.available:.A
998a0	6e 64 20 74 68 65 6e 20 68 61 73 68 20 69 73 20 72 65 64 75 63 65 64 20 6d 6f 64 75 6c 6f 20 73	nd.then.hash.is.reduced.modulo.s
998c0	6c 61 76 65 20 63 6f 75 6e 74 2e 00 41 6e 6f 74 68 65 72 20 74 65 72 6d 20 6f 66 74 65 6e 20 75	lave.count..Another.term.often.u
998e0	73 65 64 20 66 6f 72 20 44 4e 41 54 20 69 73 20 2a 2a 31 2d 74 6f 2d 31 20 4e 41 54 2a 2a 2e 20	sed.for.DNAT.is.**1-to-1.NAT**..
99900	46 6f 72 20 61 20 31 2d 74 6f 2d 31 20 4e 41 54 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2c 20	For.a.1-to-1.NAT.configuration,.
99920	62 6f 74 68 20 44 4e 41 54 20 61 6e 64 20 53 4e 41 54 20 61 72 65 20 75 73 65 64 20 74 6f 20 4e	both.DNAT.and.SNAT.are.used.to.N
99940	41 54 20 61 6c 6c 20 74 72 61 66 66 69 63 20 66 72 6f 6d 20 61 6e 20 65 78 74 65 72 6e 61 6c 20	AT.all.traffic.from.an.external.
99960	49 50 20 61 64 64 72 65 73 73 20 74 6f 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 49 50 20 61 64 64	IP.address.to.an.internal.IP.add
99980	72 65 73 73 20 61 6e 64 20 76 69 63 65 2d 76 65 72 73 61 2e 00 41 6e 6f 74 68 65 72 20 74 68 69	ress.and.vice-versa..Another.thi
999a0	6e 67 20 74 6f 20 6b 65 65 70 20 69 6e 20 6d 69 6e 64 20 77 69 74 68 20 4c 44 50 20 69 73 20 74	ng.to.keep.in.mind.with.LDP.is.t
999c0	68 61 74 20 6d 75 63 68 20 6c 69 6b 65 20 42 47 50 2c 20 69 74 20 69 73 20 61 20 70 72 6f 74 6f	hat.much.like.BGP,.it.is.a.proto
999e0	63 6f 6c 20 74 68 61 74 20 72 75 6e 73 20 6f 6e 20 74 6f 70 20 6f 66 20 54 43 50 2e 20 49 74 20	col.that.runs.on.top.of.TCP..It.
99a00	68 6f 77 65 76 65 72 20 64 6f 65 73 20 6e 6f 74 20 68 61 76 65 20 61 6e 20 61 62 69 6c 69 74 79	however.does.not.have.an.ability
99a20	20 74 6f 20 64 6f 20 73 6f 6d 65 74 68 69 6e 67 20 6c 69 6b 65 20 61 20 72 65 66 72 65 73 68 20	.to.do.something.like.a.refresh.
99a40	63 61 70 61 62 69 6c 69 74 79 20 6c 69 6b 65 20 42 47 50 73 20 72 6f 75 74 65 20 72 65 66 72 65	capability.like.BGPs.route.refre
99a60	73 68 20 63 61 70 61 62 69 6c 69 74 79 2e 20 54 68 65 72 65 66 6f 72 65 20 6f 6e 65 20 6d 69 67	sh.capability..Therefore.one.mig
99a80	68 74 20 68 61 76 65 20 74 6f 20 72 65 73 65 74 20 74 68 65 20 6e 65 69 67 68 62 6f 72 20 66 6f	ht.have.to.reset.the.neighbor.fo
99aa0	72 20 61 20 63 61 70 61 62 69 6c 69 74 79 20 63 68 61 6e 67 65 20 6f 72 20 61 20 63 6f 6e 66 69	r.a.capability.change.or.a.confi
99ac0	67 75 72 61 74 69 6f 6e 20 63 68 61 6e 67 65 20 74 6f 20 77 6f 72 6b 2e 00 41 70 70 6c 79 20 61	guration.change.to.work..Apply.a
99ae0	20 72 6f 75 74 65 2d 6d 61 70 20 66 69 6c 74 65 72 20 74 6f 20 72 6f 75 74 65 73 20 66 6f 72 20	.route-map.filter.to.routes.for.
99b00	74 68 65 20 73 70 65 63 69 66 69 65 64 20 70 72 6f 74 6f 63 6f 6c 2e 00 41 70 70 6c 79 20 61 20	the.specified.protocol..Apply.a.
99b20	72 6f 75 74 65 2d 6d 61 70 20 66 69 6c 74 65 72 20 74 6f 20 72 6f 75 74 65 73 20 66 6f 72 20 74	route-map.filter.to.routes.for.t
99b40	68 65 20 73 70 65 63 69 66 69 65 64 20 70 72 6f 74 6f 63 6f 6c 2e 20 54 68 65 20 66 6f 6c 6c 6f	he.specified.protocol..The.follo
99b60	77 69 6e 67 20 70 72 6f 74 6f 63 6f 6c 73 20 63 61 6e 20 62 65 20 75 73 65 64 3a 20 61 6e 79 2c	wing.protocols.can.be.used:.any,
99b80	20 62 61 62 65 6c 2c 20 62 67 70 2c 20 63 6f 6e 6e 65 63 74 65 64 2c 20 65 69 67 72 70 2c 20 69	.babel,.bgp,.connected,.eigrp,.i
99ba0	73 69 73 2c 20 6b 65 72 6e 65 6c 2c 20 6f 73 70 66 2c 20 72 69 70 2c 20 73 74 61 74 69 63 2c 20	sis,.kernel,.ospf,.rip,.static,.
99bc0	74 61 62 6c 65 00 41 70 70 6c 79 20 61 20 72 6f 75 74 65 2d 6d 61 70 20 66 69 6c 74 65 72 20 74	table.Apply.a.route-map.filter.t
99be0	6f 20 72 6f 75 74 65 73 20 66 6f 72 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 70 72 6f 74 6f	o.routes.for.the.specified.proto
99c00	63 6f 6c 2e 20 54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 70 72 6f 74 6f 63 6f 6c 73 20 63 61 6e	col..The.following.protocols.can
99c20	20 62 65 20 75 73 65 64 3a 20 61 6e 79 2c 20 62 61 62 65 6c 2c 20 62 67 70 2c 20 63 6f 6e 6e 65	.be.used:.any,.babel,.bgp,.conne
99c40	63 74 65 64 2c 20 69 73 69 73 2c 20 6b 65 72 6e 65 6c 2c 20 6f 73 70 66 76 33 2c 20 72 69 70 6e	cted,.isis,.kernel,.ospfv3,.ripn
99c60	67 2c 20 73 74 61 74 69 63 2c 20 74 61 62 6c 65 00 41 70 70 6c 79 20 72 6f 75 74 69 6e 67 20 70	g,.static,.table.Apply.routing.p
99c80	6f 6c 69 63 79 20 74 6f 20 2a 2a 69 6e 62 6f 75 6e 64 2a 2a 20 64 69 72 65 63 74 69 6f 6e 20 6f	olicy.to.**inbound**.direction.o
99ca0	66 20 6f 75 74 20 56 4c 41 4e 20 69 6e 74 65 72 66 61 63 65 73 00 41 70 70 6c 79 69 6e 67 20 61	f.out.VLAN.interfaces.Applying.a
99cc0	20 52 75 6c 65 2d 53 65 74 20 74 6f 20 61 20 5a 6f 6e 65 00 41 70 70 6c 79 69 6e 67 20 61 20 52	.Rule-Set.to.a.Zone.Applying.a.R
99ce0	75 6c 65 2d 53 65 74 20 74 6f 20 61 6e 20 49 6e 74 65 72 66 61 63 65 00 41 70 70 6c 79 69 6e 67	ule-Set.to.an.Interface.Applying
99d00	20 61 20 74 72 61 66 66 69 63 20 70 6f 6c 69 63 79 00 41 72 65 61 20 43 6f 6e 66 69 67 75 72 61	.a.traffic.policy.Area.Configura
99d20	74 69 6f 6e 00 41 72 65 61 20 69 64 65 6e 74 69 66 69 65 72 3a 20 60 60 30 30 30 31 60 60 20 49	tion.Area.identifier:.``0001``.I
99d40	53 2d 49 53 20 61 72 65 61 20 6e 75 6d 62 65 72 20 28 6e 75 6d 62 65 72 69 63 61 6c 20 61 72 65	S-IS.area.number.(numberical.are
99d60	61 20 60 60 31 60 60 29 00 41 72 67 75 6d 65 6e 74 73 20 77 68 69 63 68 20 77 69 6c 6c 20 62 65	a.``1``).Arguments.which.will.be
99d80	20 70 61 73 73 65 64 20 74 6f 20 74 68 65 20 65 78 65 63 75 74 61 62 6c 65 2e 00 41 72 69 73 74	.passed.to.the.executable..Arist
99da0	61 20 45 4f 53 00 41 72 75 62 61 2f 48 50 00 41 73 20 49 6e 74 65 72 6e 65 74 20 77 69 64 65 20	a.EOS.Aruba/HP.As.Internet.wide.
99dc0	50 4d 54 55 20 64 69 73 63 6f 76 65 72 79 20 72 61 72 65 6c 79 20 77 6f 72 6b 73 2c 20 77 65 20	PMTU.discovery.rarely.works,.we.
99de0	73 6f 6d 65 74 69 6d 65 73 20 6e 65 65 64 20 74 6f 20 63 6c 61 6d 70 20 6f 75 72 20 54 43 50 20	sometimes.need.to.clamp.our.TCP.
99e00	4d 53 53 20 76 61 6c 75 65 20 74 6f 20 61 20 73 70 65 63 69 66 69 63 20 76 61 6c 75 65 2e 20 54	MSS.value.to.a.specific.value..T
99e20	68 69 73 20 69 73 20 61 20 66 69 65 6c 64 20 69 6e 20 74 68 65 20 54 43 50 20 6f 70 74 69 6f 6e	his.is.a.field.in.the.TCP.option
99e40	73 20 70 61 72 74 20 6f 66 20 61 20 53 59 4e 20 70 61 63 6b 65 74 2e 20 42 79 20 73 65 74 74 69	s.part.of.a.SYN.packet..By.setti
99e60	6e 67 20 74 68 65 20 4d 53 53 20 76 61 6c 75 65 2c 20 79 6f 75 20 61 72 65 20 74 65 6c 6c 69 6e	ng.the.MSS.value,.you.are.tellin
99e80	67 20 74 68 65 20 72 65 6d 6f 74 65 20 73 69 64 65 20 75 6e 65 71 75 69 76 6f 63 61 6c 6c 79 20	g.the.remote.side.unequivocally.
99ea0	27 64 6f 20 6e 6f 74 20 74 72 79 20 74 6f 20 73 65 6e 64 20 6d 65 20 70 61 63 6b 65 74 73 20 62	'do.not.try.to.send.me.packets.b
99ec0	69 67 67 65 72 20 74 68 61 6e 20 74 68 69 73 20 76 61 6c 75 65 27 2e 00 41 73 20 53 53 54 50 20	igger.than.this.value'..As.SSTP.
99ee0	70 72 6f 76 69 64 65 73 20 50 50 50 20 76 69 61 20 61 20 53 53 4c 2f 54 4c 53 20 63 68 61 6e 6e	provides.PPP.via.a.SSL/TLS.chann
99f00	65 6c 20 74 68 65 20 75 73 65 20 6f 66 20 65 69 74 68 65 72 20 70 75 62 6c 69 63 61 6c 6c 79 20	el.the.use.of.either.publically.
99f20	73 69 67 6e 65 64 20 63 65 72 74 69 66 69 63 61 74 65 73 20 61 73 20 77 65 6c 6c 20 61 73 20 61	signed.certificates.as.well.as.a
99f40	20 70 72 69 76 61 74 65 20 50 4b 49 20 69 73 20 72 65 71 75 69 72 65 64 2e 00 41 73 20 56 79 4f	.private.PKI.is.required..As.VyO
99f60	53 20 69 73 20 4c 69 6e 75 78 20 62 61 73 65 64 20 74 68 65 20 64 65 66 61 75 6c 74 20 70 6f 72	S.is.Linux.based.the.default.por
99f80	74 20 75 73 65 64 20 69 73 20 6e 6f 74 20 75 73 69 6e 67 20 34 37 38 39 20 61 73 20 74 68 65 20	t.used.is.not.using.4789.as.the.
99fa0	64 65 66 61 75 6c 74 20 49 41 4e 41 2d 61 73 73 69 67 6e 65 64 20 64 65 73 74 69 6e 61 74 69 6f	default.IANA-assigned.destinatio
99fc0	6e 20 55 44 50 20 70 6f 72 74 20 6e 75 6d 62 65 72 2e 20 49 6e 73 74 65 61 64 20 56 79 4f 53 20	n.UDP.port.number..Instead.VyOS.
99fe0	75 73 65 73 20 74 68 65 20 4c 69 6e 75 78 20 64 65 66 61 75 6c 74 20 70 6f 72 74 20 6f 66 20 38	uses.the.Linux.default.port.of.8
9a000	34 37 32 2e 00 41 73 20 56 79 4f 53 20 69 73 20 62 61 73 65 64 20 6f 6e 20 4c 69 6e 75 78 20 61	472..As.VyOS.is.based.on.Linux.a
9a020	6e 64 20 74 68 65 72 65 20 77 61 73 20 6e 6f 20 6f 66 66 69 63 69 61 6c 20 49 41 4e 41 20 70 6f	nd.there.was.no.official.IANA.po
9a040	72 74 20 61 73 73 69 67 6e 65 64 20 66 6f 72 20 56 58 4c 41 4e 2c 20 56 79 4f 53 20 75 73 65 73	rt.assigned.for.VXLAN,.VyOS.uses
9a060	20 61 20 64 65 66 61 75 6c 74 20 70 6f 72 74 20 6f 66 20 38 34 37 32 2e 20 59 6f 75 20 63 61 6e	.a.default.port.of.8472..You.can
9a080	20 63 68 61 6e 67 65 20 74 68 65 20 70 6f 72 74 20 6f 6e 20 61 20 70 65 72 20 56 58 4c 41 4e 20	.change.the.port.on.a.per.VXLAN.
9a0a0	69 6e 74 65 72 66 61 63 65 20 62 61 73 69 73 20 74 6f 20 67 65 74 20 69 74 20 77 6f 72 6b 69 6e	interface.basis.to.get.it.workin
9a0c0	67 20 61 63 72 6f 73 73 20 6d 75 6c 74 69 70 6c 65 20 76 65 6e 64 6f 72 73 2e 00 41 73 20 56 79	g.across.multiple.vendors..As.Vy
9a0e0	4f 53 20 6d 61 6b 65 73 20 75 73 65 20 6f 66 20 74 68 65 20 51 4d 49 20 69 6e 74 65 72 66 61 63	OS.makes.use.of.the.QMI.interfac
9a100	65 20 74 6f 20 63 6f 6e 6e 65 63 74 20 74 6f 20 74 68 65 20 57 57 41 4e 20 6d 6f 64 65 6d 20 63	e.to.connect.to.the.WWAN.modem.c
9a120	61 72 64 73 2c 20 61 6c 73 6f 20 74 68 65 20 66 69 72 6d 77 61 72 65 20 63 61 6e 20 62 65 20 72	ards,.also.the.firmware.can.be.r
9a140	65 70 72 6f 67 72 61 6d 6d 65 64 2e 00 41 73 20 61 20 72 65 66 65 72 65 6e 63 65 3a 20 66 6f 72	eprogrammed..As.a.reference:.for
9a160	20 31 30 6d 62 69 74 2f 73 20 6f 6e 20 49 6e 74 65 6c 2c 20 79 6f 75 20 6d 69 67 68 74 20 6e 65	.10mbit/s.on.Intel,.you.might.ne
9a180	65 64 20 61 74 20 6c 65 61 73 74 20 31 30 6b 62 79 74 65 20 62 75 66 66 65 72 20 69 66 20 79 6f	ed.at.least.10kbyte.buffer.if.yo
9a1a0	75 20 77 61 6e 74 20 74 6f 20 72 65 61 63 68 20 79 6f 75 72 20 63 6f 6e 66 69 67 75 72 65 64 20	u.want.to.reach.your.configured.
9a1c0	72 61 74 65 2e 00 41 73 20 61 20 72 65 73 75 6c 74 2c 20 74 68 65 20 70 72 6f 63 65 73 73 69 6e	rate..As.a.result,.the.processin
9a1e0	67 20 6f 66 20 65 61 63 68 20 70 61 63 6b 65 74 20 62 65 63 6f 6d 65 73 20 6d 6f 72 65 20 65 66	g.of.each.packet.becomes.more.ef
9a200	66 69 63 69 65 6e 74 2c 20 70 6f 74 65 6e 74 69 61 6c 6c 79 20 6c 65 76 65 72 61 67 69 6e 67 20	ficient,.potentially.leveraging.
9a220	68 61 72 64 77 61 72 65 20 65 6e 63 72 79 70 74 69 6f 6e 20 6f 66 66 6c 6f 61 64 69 6e 67 20 73	hardware.encryption.offloading.s
9a240	75 70 70 6f 72 74 20 61 76 61 69 6c 61 62 6c 65 20 69 6e 20 74 68 65 20 6b 65 72 6e 65 6c 2e 00	upport.available.in.the.kernel..
9a260	41 73 20 61 6e 20 61 6c 74 65 72 6e 61 74 69 76 65 20 74 6f 20 61 70 70 6c 79 69 6e 67 20 70 6f	As.an.alternative.to.applying.po
9a280	6c 69 63 79 20 74 6f 20 61 6e 20 69 6e 74 65 72 66 61 63 65 20 64 69 72 65 63 74 6c 79 2c 20 61	licy.to.an.interface.directly,.a
9a2a0	20 7a 6f 6e 65 2d 62 61 73 65 64 20 66 69 72 65 77 61 6c 6c 20 63 61 6e 20 62 65 20 63 72 65 61	.zone-based.firewall.can.be.crea
9a2c0	74 65 64 20 74 6f 20 73 69 6d 70 6c 69 66 79 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 77 68	ted.to.simplify.configuration.wh
9a2e0	65 6e 20 6d 75 6c 74 69 70 6c 65 20 69 6e 74 65 72 66 61 63 65 73 20 62 65 6c 6f 6e 67 20 74 6f	en.multiple.interfaces.belong.to
9a300	20 74 68 65 20 73 61 6d 65 20 73 65 63 75 72 69 74 79 20 7a 6f 6e 65 2e 20 49 6e 73 74 65 61 64	.the.same.security.zone..Instead
9a320	20 6f 66 20 61 70 70 6c 79 69 6e 67 20 72 75 6c 65 2d 73 65 74 73 20 74 6f 20 69 6e 74 65 72 66	.of.applying.rule-sets.to.interf
9a340	61 63 65 73 2c 20 74 68 65 79 20 61 72 65 20 61 70 70 6c 69 65 64 20 74 6f 20 73 6f 75 72 63 65	aces,.they.are.applied.to.source
9a360	20 7a 6f 6e 65 2d 64 65 73 74 69 6e 61 74 69 6f 6e 20 7a 6f 6e 65 20 70 61 69 72 73 2e 00 41 73	.zone-destination.zone.pairs..As
9a380	20 6d 6f 72 65 20 61 6e 64 20 6d 6f 72 65 20 72 6f 75 74 65 72 73 20 72 75 6e 20 6f 6e 20 48 79	.more.and.more.routers.run.on.Hy
9a3a0	70 65 72 76 69 73 6f 72 73 2c 20 65 78 70 65 63 69 61 6c 6c 79 20 77 69 74 68 20 61 20 3a 61 62	pervisors,.expecially.with.a.:ab
9a3c0	62 72 3a 60 4e 4f 53 20 28 4e 65 74 77 6f 72 6b 20 4f 70 65 72 61 74 69 6e 67 20 53 79 73 74 65	br:`NOS.(Network.Operating.Syste
9a3e0	6d 29 60 20 61 73 20 56 79 4f 53 2c 20 69 74 20 6d 61 6b 65 73 20 66 65 77 65 72 20 61 6e 64 20	m)`.as.VyOS,.it.makes.fewer.and.
9a400	66 65 77 65 72 20 73 65 6e 73 65 20 74 6f 20 75 73 65 20 73 74 61 74 69 63 20 72 65 73 6f 75 72	fewer.sense.to.use.static.resour
9a420	63 65 20 62 69 6e 64 69 6e 67 73 20 6c 69 6b 65 20 60 60 73 6d 70 2d 61 66 66 69 6e 69 74 79 60	ce.bindings.like.``smp-affinity`
9a440	60 20 61 73 20 70 72 65 73 65 6e 74 20 69 6e 20 56 79 4f 53 20 31 2e 32 20 61 6e 64 20 65 61 72	`.as.present.in.VyOS.1.2.and.ear
9a460	6c 69 65 72 20 74 6f 20 70 69 6e 20 63 65 72 74 61 69 6e 20 69 6e 74 65 72 72 75 70 74 20 68 61	lier.to.pin.certain.interrupt.ha
9a480	6e 64 6c 65 72 73 20 74 6f 20 73 70 65 63 69 66 69 63 20 43 50 55 73 2e 00 41 73 20 6e 65 74 77	ndlers.to.specific.CPUs..As.netw
9a4a0	6f 72 6b 20 61 64 64 72 65 73 73 20 74 72 61 6e 73 6c 61 74 69 6f 6e 20 6d 6f 64 69 66 69 65 73	ork.address.translation.modifies
9a4c0	20 74 68 65 20 49 50 20 61 64 64 72 65 73 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 69 6e 20 70	.the.IP.address.information.in.p
9a4e0	61 63 6b 65 74 73 2c 20 4e 41 54 20 69 6d 70 6c 65 6d 65 6e 74 61 74 69 6f 6e 73 20 6d 61 79 20	ackets,.NAT.implementations.may.
9a500	76 61 72 79 20 69 6e 20 74 68 65 69 72 20 73 70 65 63 69 66 69 63 20 62 65 68 61 76 69 6f 72 20	vary.in.their.specific.behavior.
9a520	69 6e 20 76 61 72 69 6f 75 73 20 61 64 64 72 65 73 73 69 6e 67 20 63 61 73 65 73 20 61 6e 64 20	in.various.addressing.cases.and.
9a540	74 68 65 69 72 20 65 66 66 65 63 74 20 6f 6e 20 6e 65 74 77 6f 72 6b 20 74 72 61 66 66 69 63 2e	their.effect.on.network.traffic.
9a560	20 54 68 65 20 73 70 65 63 69 66 69 63 73 20 6f 66 20 4e 41 54 20 62 65 68 61 76 69 6f 72 20 61	.The.specifics.of.NAT.behavior.a
9a580	72 65 20 6e 6f 74 20 63 6f 6d 6d 6f 6e 6c 79 20 64 6f 63 75 6d 65 6e 74 65 64 20 62 79 20 76 65	re.not.commonly.documented.by.ve
9a5a0	6e 64 6f 72 73 20 6f 66 20 65 71 75 69 70 6d 65 6e 74 20 63 6f 6e 74 61 69 6e 69 6e 67 20 4e 41	ndors.of.equipment.containing.NA
9a5c0	54 20 69 6d 70 6c 65 6d 65 6e 74 61 74 69 6f 6e 73 2e 00 41 73 20 70 65 72 20 64 65 66 61 75 6c	T.implementations..As.per.defaul
9a5e0	74 20 61 6e 64 20 69 66 20 6e 6f 74 20 6f 74 68 65 72 77 69 73 65 20 64 65 66 69 6e 65 64 2c 20	t.and.if.not.otherwise.defined,.
9a600	6d 73 63 68 61 70 2d 76 32 20 69 73 20 62 65 69 6e 67 20 75 73 65 64 20 66 6f 72 20 61 75 74 68	mschap-v2.is.being.used.for.auth
9a620	65 6e 74 69 63 61 74 69 6f 6e 20 61 6e 64 20 6d 70 70 65 20 31 32 38 2d 62 69 74 20 28 73 74 61	entication.and.mppe.128-bit.(sta
9a640	74 65 6c 65 73 73 29 20 66 6f 72 20 65 6e 63 72 79 70 74 69 6f 6e 2e 20 49 66 20 6e 6f 20 67 61	teless).for.encryption..If.no.ga
9a660	74 65 77 61 79 2d 61 64 64 72 65 73 73 20 69 73 20 73 65 74 20 77 69 74 68 69 6e 20 74 68 65 20	teway-address.is.set.within.the.
9a680	63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2c 20 74 68 65 20 6c 6f 77 65 73 74 20 49 50 20 6f 75 74	configuration,.the.lowest.IP.out
9a6a0	20 6f 66 20 74 68 65 20 2f 32 34 20 63 6c 69 65 6e 74 2d 69 70 2d 70 6f 6f 6c 20 69 73 20 62 65	.of.the./24.client-ip-pool.is.be
9a6c0	69 6e 67 20 75 73 65 64 2e 20 46 6f 72 20 69 6e 73 74 61 6e 63 65 2c 20 69 6e 20 74 68 65 20 65	ing.used..For.instance,.in.the.e
9a6e0	78 61 6d 70 6c 65 20 62 65 6c 6f 77 20 69 74 20 77 6f 75 6c 64 20 62 65 20 31 39 32 2e 31 36 38	xample.below.it.would.be.192.168
9a700	2e 30 2e 31 2e 00 41 73 20 73 68 6f 77 6e 20 69 6e 20 74 68 65 20 65 78 61 6d 70 6c 65 20 61 62	.0.1..As.shown.in.the.example.ab
9a720	6f 76 65 2c 20 6f 6e 65 20 6f 66 20 74 68 65 20 70 6f 73 73 69 62 69 6c 69 74 69 65 73 20 74 6f	ove,.one.of.the.possibilities.to
9a740	20 6d 61 74 63 68 20 70 61 63 6b 65 74 73 20 69 73 20 62 61 73 65 64 20 6f 6e 20 6d 61 72 6b 73	.match.packets.is.based.on.marks
9a760	20 64 6f 6e 65 20 62 79 20 74 68 65 20 66 69 72 65 77 61 6c 6c 2c 20 60 74 68 61 74 20 63 61 6e	.done.by.the.firewall,.`that.can
9a780	20 67 69 76 65 20 79 6f 75 20 61 20 67 72 65 61 74 20 64 65 61 6c 20 6f 66 20 66 6c 65 78 69 62	.give.you.a.great.deal.of.flexib
9a7a0	69 6c 69 74 79 60 5f 2e 00 41 73 20 73 68 6f 77 6e 20 69 6e 20 74 68 65 20 6c 61 73 74 20 63 6f	ility`_..As.shown.in.the.last.co
9a7c0	6d 6d 61 6e 64 20 6f 66 20 74 68 65 20 65 78 61 6d 70 6c 65 20 61 62 6f 76 65 2c 20 74 68 65 20	mmand.of.the.example.above,.the.
9a7e0	60 71 75 65 75 65 2d 74 79 70 65 60 20 73 65 74 74 69 6e 67 20 61 6c 6c 6f 77 73 20 74 68 65 73	`queue-type`.setting.allows.thes
9a800	65 20 63 6f 6d 62 69 6e 61 74 69 6f 6e 73 2e 20 59 6f 75 20 77 69 6c 6c 20 62 65 20 61 62 6c 65	e.combinations..You.will.be.able
9a820	20 74 6f 20 75 73 65 20 69 74 20 69 6e 20 6d 61 6e 79 20 70 6f 6c 69 63 69 65 73 2e 00 41 73 20	.to.use.it.in.many.policies..As.
9a840	74 68 65 20 6e 61 6d 65 20 69 6d 70 6c 69 65 73 2c 20 69 74 27 73 20 49 50 76 34 20 65 6e 63 61	the.name.implies,.it's.IPv4.enca
9a860	70 73 75 6c 61 74 65 64 20 69 6e 20 49 50 76 36 2c 20 61 73 20 73 69 6d 70 6c 65 20 61 73 20 74	psulated.in.IPv6,.as.simple.as.t
9a880	68 61 74 2e 00 41 73 20 77 65 6c 6c 20 61 73 20 74 68 65 20 62 65 6c 6f 77 20 74 6f 20 61 6c 6c	hat..As.well.as.the.below.to.all
9a8a0	6f 77 20 4e 41 54 2d 74 72 61 76 65 72 73 61 6c 20 28 77 68 65 6e 20 4e 41 54 20 69 73 20 64 65	ow.NAT-traversal.(when.NAT.is.de
9a8c0	74 65 63 74 65 64 20 62 79 20 74 68 65 20 56 50 4e 20 63 6c 69 65 6e 74 2c 20 45 53 50 20 69 73	tected.by.the.VPN.client,.ESP.is
9a8e0	20 65 6e 63 61 70 73 75 6c 61 74 65 64 20 69 6e 20 55 44 50 20 66 6f 72 20 4e 41 54 2d 74 72 61	.encapsulated.in.UDP.for.NAT-tra
9a900	76 65 72 73 61 6c 29 3a 00 41 73 20 77 69 74 68 20 6f 74 68 65 72 20 70 6f 6c 69 63 69 65 73 2c	versal):.As.with.other.policies,
9a920	20 52 6f 75 6e 64 2d 52 6f 62 69 6e 20 63 61 6e 20 65 6d 62 65 64 5f 20 61 6e 6f 74 68 65 72 20	.Round-Robin.can.embed_.another.
9a940	70 6f 6c 69 63 79 20 69 6e 74 6f 20 61 20 63 6c 61 73 73 20 74 68 72 6f 75 67 68 20 74 68 65 20	policy.into.a.class.through.the.
9a960	60 60 71 75 65 75 65 2d 74 79 70 65 60 60 20 73 65 74 74 69 6e 67 2e 00 41 73 20 77 69 74 68 20	``queue-type``.setting..As.with.
9a980	6f 74 68 65 72 20 70 6f 6c 69 63 69 65 73 2c 20 53 68 61 70 65 72 20 63 61 6e 20 65 6d 62 65 64	other.policies,.Shaper.can.embed
9a9a0	5f 20 6f 74 68 65 72 20 70 6f 6c 69 63 69 65 73 20 69 6e 74 6f 20 69 74 73 20 63 6c 61 73 73 65	_.other.policies.into.its.classe
9a9c0	73 20 74 68 72 6f 75 67 68 20 74 68 65 20 60 60 71 75 65 75 65 2d 74 79 70 65 60 60 20 73 65 74	s.through.the.``queue-type``.set
9a9e0	74 69 6e 67 20 61 6e 64 20 74 68 65 6e 20 63 6f 6e 66 69 67 75 72 65 20 74 68 65 69 72 20 70 61	ting.and.then.configure.their.pa
9aa00	72 61 6d 65 74 65 72 73 2e 00 41 73 20 77 69 74 68 20 6f 74 68 65 72 20 70 6f 6c 69 63 69 65 73	rameters..As.with.other.policies
9aa20	2c 20 79 6f 75 20 63 61 6e 20 64 65 66 69 6e 65 20 64 69 66 66 65 72 65 6e 74 20 74 79 70 65 20	,.you.can.define.different.type.
9aa40	6f 66 20 6d 61 74 63 68 69 6e 67 20 72 75 6c 65 73 20 66 6f 72 20 79 6f 75 72 20 63 6c 61 73 73	of.matching.rules.for.your.class
9aa60	65 73 3a 00 41 73 20 77 69 74 68 20 6f 74 68 65 72 20 70 6f 6c 69 63 69 65 73 2c 20 79 6f 75 20	es:.As.with.other.policies,.you.
9aa80	63 61 6e 20 65 6d 62 65 64 5f 20 6f 74 68 65 72 20 70 6f 6c 69 63 69 65 73 20 69 6e 74 6f 20 74	can.embed_.other.policies.into.t
9aaa0	68 65 20 63 6c 61 73 73 65 73 20 28 61 6e 64 20 64 65 66 61 75 6c 74 29 20 6f 66 20 79 6f 75 72	he.classes.(and.default).of.your
9aac0	20 50 72 69 6f 72 69 74 79 20 51 75 65 75 65 20 70 6f 6c 69 63 79 20 74 68 72 6f 75 67 68 20 74	.Priority.Queue.policy.through.t
9aae0	68 65 20 60 60 71 75 65 75 65 2d 74 79 70 65 60 60 20 73 65 74 74 69 6e 67 3a 00 41 73 20 79 6f	he.``queue-type``.setting:.As.yo
9ab00	75 20 63 61 6e 20 73 65 65 20 69 6e 20 74 68 65 20 65 78 61 6d 70 6c 65 20 68 65 72 65 2c 20 79	u.can.see.in.the.example.here,.y
9ab20	6f 75 20 63 61 6e 20 61 73 73 69 67 6e 20 74 68 65 20 73 61 6d 65 20 72 75 6c 65 2d 73 65 74 20	ou.can.assign.the.same.rule-set.
9ab40	74 6f 20 73 65 76 65 72 61 6c 20 69 6e 74 65 72 66 61 63 65 73 2e 20 41 6e 20 69 6e 74 65 72 66	to.several.interfaces..An.interf
9ab60	61 63 65 20 63 61 6e 20 6f 6e 6c 79 20 68 61 76 65 20 6f 6e 65 20 72 75 6c 65 2d 73 65 74 20 70	ace.can.only.have.one.rule-set.p
9ab80	65 72 20 63 68 61 69 6e 2e 00 41 73 20 79 6f 75 20 63 61 6e 20 73 65 65 2c 20 4c 65 61 66 32 20	er.chain..As.you.can.see,.Leaf2.
9aba0	61 6e 64 20 4c 65 61 66 33 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 69 73 20 61 6c 6d 6f 73	and.Leaf3.configuration.is.almos
9abc0	74 20 69 64 65 6e 74 69 63 61 6c 2e 20 54 68 65 72 65 20 61 72 65 20 6c 6f 74 73 20 6f 66 20 63	t.identical..There.are.lots.of.c
9abe0	6f 6d 6d 61 6e 64 73 20 61 62 6f 76 65 2c 20 49 27 6c 6c 20 74 72 79 20 74 6f 20 69 6e 74 6f 20	ommands.above,.I'll.try.to.into.
9ac00	6d 6f 72 65 20 64 65 74 61 69 6c 20 62 65 6c 6f 77 2c 20 63 6f 6d 6d 61 6e 64 20 64 65 73 63 72	more.detail.below,.command.descr
9ac20	69 70 74 69 6f 6e 73 20 61 72 65 20 70 6c 61 63 65 64 20 75 6e 64 65 72 20 74 68 65 20 63 6f 6d	iptions.are.placed.under.the.com
9ac40	6d 61 6e 64 20 62 6f 78 65 73 3a 00 41 73 73 69 67 6e 20 60 3c 6d 65 6d 62 65 72 3e 60 20 69 6e	mand.boxes:.Assign.`<member>`.in
9ac60	74 65 72 66 61 63 65 20 74 6f 20 62 72 69 64 67 65 20 60 3c 69 6e 74 65 72 66 61 63 65 3e 60 2e	terface.to.bridge.`<interface>`.
9ac80	20 41 20 63 6f 6d 70 6c 65 74 69 6f 6e 20 68 65 6c 70 65 72 20 77 69 6c 6c 20 68 65 6c 70 20 79	.A.completion.helper.will.help.y
9aca0	6f 75 20 77 69 74 68 20 61 6c 6c 20 61 6c 6c 6f 77 65 64 20 69 6e 74 65 72 66 61 63 65 73 20 77	ou.with.all.allowed.interfaces.w
9acc0	68 69 63 68 20 63 61 6e 20 62 65 20 62 72 69 64 67 65 64 2e 20 54 68 69 73 20 69 6e 63 6c 75 64	hich.can.be.bridged..This.includ
9ace0	65 73 20 3a 72 65 66 3a 60 65 74 68 65 72 6e 65 74 2d 69 6e 74 65 72 66 61 63 65 60 2c 20 3a 72	es.:ref:`ethernet-interface`,.:r
9ad00	65 66 3a 60 62 6f 6e 64 2d 69 6e 74 65 72 66 61 63 65 60 2c 20 3a 72 65 66 3a 60 6c 32 74 70 76	ef:`bond-interface`,.:ref:`l2tpv
9ad20	33 2d 69 6e 74 65 72 66 61 63 65 60 2c 20 3a 72 65 66 3a 60 6f 70 65 6e 76 70 6e 60 2c 20 3a 72	3-interface`,.:ref:`openvpn`,.:r
9ad40	65 66 3a 60 76 78 6c 61 6e 2d 69 6e 74 65 72 66 61 63 65 60 2c 20 3a 72 65 66 3a 60 77 69 72 65	ef:`vxlan-interface`,.:ref:`wire
9ad60	6c 65 73 73 2d 69 6e 74 65 72 66 61 63 65 60 2c 20 3a 72 65 66 3a 60 74 75 6e 6e 65 6c 2d 69 6e	less-interface`,.:ref:`tunnel-in
9ad80	74 65 72 66 61 63 65 60 20 61 6e 64 20 3a 72 65 66 3a 60 67 65 6e 65 76 65 2d 69 6e 74 65 72 66	terface`.and.:ref:`geneve-interf
9ada0	61 63 65 60 2e 00 41 73 73 69 67 6e 20 61 20 73 70 65 63 69 66 69 63 20 62 61 63 6b 65 6e 64 20	ace`..Assign.a.specific.backend.
9adc0	74 6f 20 61 20 72 75 6c 65 00 41 73 73 69 67 6e 20 69 6e 74 65 72 66 61 63 65 20 69 64 65 6e 74	to.a.rule.Assign.interface.ident
9ade0	69 66 69 65 64 20 62 79 20 60 3c 69 6e 74 65 72 66 61 63 65 3e 60 20 74 6f 20 56 52 46 20 6e 61	ified.by.`<interface>`.to.VRF.na
9ae00	6d 65 64 20 60 3c 6e 61 6d 65 3e 60 2e 00 41 73 73 69 67 6e 20 6d 65 6d 62 65 72 20 69 6e 74 65	med.`<name>`..Assign.member.inte
9ae20	72 66 61 63 65 73 20 74 6f 20 50 6f 72 74 43 68 61 6e 6e 65 6c 00 41 73 73 69 67 6e 20 73 74 61	rfaces.to.PortChannel.Assign.sta
9ae40	74 69 63 20 49 50 20 61 64 64 72 65 73 73 20 74 6f 20 60 3c 75 73 65 72 3e 60 20 61 63 63 6f 75	tic.IP.address.to.`<user>`.accou
9ae60	6e 74 2e 00 41 73 73 69 67 6e 20 74 68 65 20 49 50 20 61 64 64 72 65 73 73 20 74 6f 20 74 68 69	nt..Assign.the.IP.address.to.thi
9ae80	73 20 6d 61 63 68 69 6e 65 20 66 6f 72 20 60 3c 74 69 6d 65 3e 60 20 73 65 63 6f 6e 64 73 2e 00	s.machine.for.`<time>`.seconds..
9aea0	41 73 73 69 67 6e 20 74 68 65 20 53 53 48 20 70 75 62 6c 69 63 20 6b 65 79 20 70 6f 72 74 69 6f	Assign.the.SSH.public.key.portio
9aec0	6e 20 60 3c 6b 65 79 3e 60 20 69 64 65 6e 74 69 66 69 65 64 20 62 79 20 70 65 72 2d 6b 65 79 20	n.`<key>`.identified.by.per-key.
9aee0	60 3c 69 64 65 6e 74 69 66 69 65 72 3e 60 20 74 6f 20 74 68 65 20 6c 6f 63 61 6c 20 75 73 65 72	`<identifier>`.to.the.local.user
9af00	20 60 3c 75 73 65 72 6e 61 6d 65 3e 60 2e 00 41 73 73 6f 63 69 61 74 65 73 20 74 68 65 20 70 72	.`<username>`..Associates.the.pr
9af20	65 76 69 6f 75 73 6c 79 20 67 65 6e 65 72 61 74 65 64 20 70 72 69 76 61 74 65 20 6b 65 79 20 74	eviously.generated.private.key.t
9af40	6f 20 61 20 73 70 65 63 69 66 69 63 20 57 69 72 65 47 75 61 72 64 20 69 6e 74 65 72 66 61 63 65	o.a.specific.WireGuard.interface
9af60	2e 20 54 68 65 20 70 72 69 76 61 74 65 20 6b 65 79 20 63 61 6e 20 62 65 20 67 65 6e 65 72 61 74	..The.private.key.can.be.generat
9af80	65 20 76 69 61 20 74 68 65 20 63 6f 6d 6d 61 6e 64 00 41 73 73 75 72 65 20 74 68 61 74 20 79 6f	e.via.the.command.Assure.that.yo
9afa0	75 72 20 66 69 72 65 77 61 6c 6c 20 72 75 6c 65 73 20 61 6c 6c 6f 77 20 74 68 65 20 74 72 61 66	ur.firewall.rules.allow.the.traf
9afc0	66 69 63 2c 20 69 6e 20 77 68 69 63 68 20 63 61 73 65 20 79 6f 75 20 68 61 76 65 20 61 20 77 6f	fic,.in.which.case.you.have.a.wo
9afe0	72 6b 69 6e 67 20 56 50 4e 20 75 73 69 6e 67 20 57 69 72 65 47 75 61 72 64 2e 00 41 73 73 75 72	rking.VPN.using.WireGuard..Assur
9b000	65 64 20 46 6f 72 77 61 72 64 69 6e 67 28 41 46 29 20 31 31 00 41 73 73 75 72 65 64 20 46 6f 72	ed.Forwarding(AF).11.Assured.For
9b020	77 61 72 64 69 6e 67 28 41 46 29 20 31 32 00 41 73 73 75 72 65 64 20 46 6f 72 77 61 72 64 69 6e	warding(AF).12.Assured.Forwardin
9b040	67 28 41 46 29 20 31 33 00 41 73 73 75 72 65 64 20 46 6f 72 77 61 72 64 69 6e 67 28 41 46 29 20	g(AF).13.Assured.Forwarding(AF).
9b060	32 31 00 41 73 73 75 72 65 64 20 46 6f 72 77 61 72 64 69 6e 67 28 41 46 29 20 32 32 00 41 73 73	21.Assured.Forwarding(AF).22.Ass
9b080	75 72 65 64 20 46 6f 72 77 61 72 64 69 6e 67 28 41 46 29 20 32 33 00 41 73 73 75 72 65 64 20 46	ured.Forwarding(AF).23.Assured.F
9b0a0	6f 72 77 61 72 64 69 6e 67 28 41 46 29 20 33 31 00 41 73 73 75 72 65 64 20 46 6f 72 77 61 72 64	orwarding(AF).31.Assured.Forward
9b0c0	69 6e 67 28 41 46 29 20 33 32 00 41 73 73 75 72 65 64 20 46 6f 72 77 61 72 64 69 6e 67 28 41 46	ing(AF).32.Assured.Forwarding(AF
9b0e0	29 20 33 33 00 41 73 73 75 72 65 64 20 46 6f 72 77 61 72 64 69 6e 67 28 41 46 29 20 34 31 00 41	).33.Assured.Forwarding(AF).41.A
9b100	73 73 75 72 65 64 20 46 6f 72 77 61 72 64 69 6e 67 28 41 46 29 20 34 32 00 41 73 73 75 72 65 64	ssured.Forwarding(AF).42.Assured
9b120	20 46 6f 72 77 61 72 64 69 6e 67 28 41 46 29 20 34 33 00 41 74 20 65 76 65 72 79 20 72 6f 75 6e	.Forwarding(AF).43.At.every.roun
9b140	64 2c 20 74 68 65 20 64 65 66 69 63 69 74 20 63 6f 75 6e 74 65 72 20 61 64 64 73 20 74 68 65 20	d,.the.deficit.counter.adds.the.
9b160	71 75 61 6e 74 75 6d 20 73 6f 20 74 68 61 74 20 65 76 65 6e 20 6c 61 72 67 65 20 70 61 63 6b 65	quantum.so.that.even.large.packe
9b180	74 73 20 77 69 6c 6c 20 68 61 76 65 20 74 68 65 69 72 20 6f 70 70 6f 72 74 75 6e 69 74 79 20 74	ts.will.have.their.opportunity.t
9b1a0	6f 20 62 65 20 64 65 71 75 65 75 65 64 2e 00 41 74 20 74 68 65 20 6d 6f 6d 65 6e 74 20 69 74 20	o.be.dequeued..At.the.moment.it.
9b1c0	6e 6f 74 20 70 6f 73 73 69 62 6c 65 20 74 6f 20 6c 6f 6f 6b 20 61 74 20 74 68 65 20 77 68 6f 6c	not.possible.to.look.at.the.whol
9b1e0	65 20 66 69 72 65 77 61 6c 6c 20 6c 6f 67 20 77 69 74 68 20 56 79 4f 53 20 6f 70 65 72 61 74 69	e.firewall.log.with.VyOS.operati
9b200	6f 6e 61 6c 20 63 6f 6d 6d 61 6e 64 73 2e 20 41 6c 6c 20 6c 6f 67 73 20 77 69 6c 6c 20 73 61 76	onal.commands..All.logs.will.sav
9b220	65 20 74 6f 20 60 60 2f 76 61 72 2f 6c 6f 67 73 2f 6d 65 73 73 61 67 65 73 60 60 2e 20 46 6f 72	e.to.``/var/logs/messages``..For
9b240	20 65 78 61 6d 70 6c 65 3a 20 60 60 67 72 65 70 20 27 31 30 2e 31 30 2e 30 2e 31 30 27 20 2f 76	.example:.``grep.'10.10.0.10'./v
9b260	61 72 2f 6c 6f 67 2f 6d 65 73 73 61 67 65 73 60 60 00 41 74 20 74 68 65 20 74 69 6d 65 20 6f 66	ar/log/messages``.At.the.time.of
9b280	20 74 68 69 73 20 77 72 69 74 69 6e 67 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 64 69 73 70	.this.writing.the.following.disp
9b2a0	6c 61 79 73 20 61 72 65 20 73 75 70 70 6f 72 74 65 64 3a 00 41 74 20 76 65 72 79 20 6c 6f 77 20	lays.are.supported:.At.very.low.
9b2c0	72 61 74 65 73 20 28 62 65 6c 6f 77 20 33 4d 62 69 74 29 2c 20 62 65 73 69 64 65 73 20 74 75 6e	rates.(below.3Mbit),.besides.tun
9b2e0	69 6e 67 20 60 71 75 61 6e 74 75 6d 60 20 28 33 30 30 20 6b 65 65 70 73 20 62 65 69 6e 67 20 6f	ing.`quantum`.(300.keeps.being.o
9b300	6b 29 20 79 6f 75 20 6d 61 79 20 61 6c 73 6f 20 77 61 6e 74 20 74 6f 20 69 6e 63 72 65 61 73 65	k).you.may.also.want.to.increase
9b320	20 60 74 61 72 67 65 74 60 20 74 6f 20 73 6f 6d 65 74 68 69 6e 67 20 6c 69 6b 65 20 31 35 6d 73	.`target`.to.something.like.15ms
9b340	20 61 6e 64 20 69 6e 63 72 65 61 73 65 20 60 69 6e 74 65 72 76 61 6c 60 20 74 6f 20 73 6f 6d 65	.and.increase.`interval`.to.some
9b360	74 68 69 6e 67 20 61 72 6f 75 6e 64 20 31 35 30 20 6d 73 2e 00 41 74 74 61 63 68 65 73 20 75 73	thing.around.150.ms..Attaches.us
9b380	65 72 2d 64 65 66 69 6e 65 64 20 6e 65 74 77 6f 72 6b 20 74 6f 20 61 20 63 6f 6e 74 61 69 6e 65	er-defined.network.to.a.containe
9b3a0	72 2e 20 4f 6e 6c 79 20 6f 6e 65 20 6e 65 74 77 6f 72 6b 20 6d 75 73 74 20 62 65 20 73 70 65 63	r..Only.one.network.must.be.spec
9b3c0	69 66 69 65 64 20 61 6e 64 20 6d 75 73 74 20 61 6c 72 65 61 64 79 20 65 78 69 73 74 2e 00 41 75	ified.and.must.already.exist..Au
9b3e0	74 68 65 6e 74 69 63 61 74 69 6f 6e 00 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 28 45 41 50	thentication.Authentication.(EAP
9b400	6f 4c 29 00 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 61 70 70 6c 69 63 61 74 69 6f 6e 20 63	oL).Authentication.application.c
9b420	6c 69 65 6e 74 2d 69 64 2e 00 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 61 70 70 6c 69 63 61	lient-id..Authentication.applica
9b440	74 69 6f 6e 20 63 6c 69 65 6e 74 2d 73 65 63 72 65 74 2e 00 41 75 74 68 65 6e 74 69 63 61 74 69	tion.client-secret..Authenticati
9b460	6f 6e 20 61 70 70 6c 69 63 61 74 69 6f 6e 20 74 65 6e 61 6e 74 2d 69 64 00 41 75 74 68 65 6e 74	on.application.tenant-id.Authent
9b480	69 63 61 74 69 6f 6e 20 69 73 20 64 6f 6e 65 20 62 79 20 75 73 69 6e 67 20 74 68 65 20 60 60 6f	ication.is.done.by.using.the.``o
9b4a0	70 65 6e 76 70 6e 2d 61 75 74 68 2d 6c 64 61 70 2e 73 6f 60 60 20 70 6c 75 67 69 6e 20 77 68 69	penvpn-auth-ldap.so``.plugin.whi
9b4c0	63 68 20 69 73 20 73 68 69 70 70 65 64 20 77 69 74 68 20 65 76 65 72 79 20 56 79 4f 53 20 69 6e	ch.is.shipped.with.every.VyOS.in
9b4e0	73 74 61 6c 6c 61 74 69 6f 6e 2e 20 41 20 64 65 64 69 63 61 74 65 64 20 63 6f 6e 66 69 67 75 72	stallation..A.dedicated.configur
9b500	61 74 69 6f 6e 20 66 69 6c 65 20 69 73 20 72 65 71 75 69 72 65 64 2e 20 49 74 20 69 73 20 62 65	ation.file.is.required..It.is.be
9b520	73 74 20 70 72 61 63 74 69 73 65 20 74 6f 20 73 74 6f 72 65 20 69 74 20 69 6e 20 60 60 2f 63 6f	st.practise.to.store.it.in.``/co
9b540	6e 66 69 67 60 60 20 74 6f 20 73 75 72 76 69 76 65 20 69 6d 61 67 65 20 75 70 64 61 74 65 73 00	nfig``.to.survive.image.updates.
9b560	41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 20 6e 61 6d 65	Authentication.organization.name
9b580	00 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 74 6f 6b 65 6e 00 41 75 74 68 65 6e 74 69 63 61	.Authentication.token.Authentica
9b5a0	74 69 6f 6e 20 e2 80 93 20 74 6f 20 76 65 72 69 66 79 20 74 68 61 74 20 74 68 65 20 6d 65 73 73	tion.....to.verify.that.the.mess
9b5c0	61 67 65 20 69 73 20 66 72 6f 6d 20 61 20 76 61 6c 69 64 20 73 6f 75 72 63 65 2e 00 41 75 74 68	age.is.from.a.valid.source..Auth
9b5e0	6f 72 69 7a 61 74 69 6f 6e 20 74 6f 6b 65 6e 00 41 75 74 6f 6d 61 74 69 63 20 56 4c 41 4e 20 43	orization.token.Automatic.VLAN.C
9b600	72 65 61 74 69 6f 6e 00 41 75 74 6f 6d 61 74 69 63 20 56 4c 41 4e 20 63 72 65 61 74 69 6f 6e 00	reation.Automatic.VLAN.creation.
9b620	41 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 72 65 62 6f 6f 74 20 73 79 73 74 65 6d 20 6f 6e 20 6b	Automatically.reboot.system.on.k
9b640	65 72 6e 65 6c 20 70 61 6e 69 63 20 61 66 74 65 72 20 36 30 20 73 65 63 6f 6e 64 73 2e 00 41 75	ernel.panic.after.60.seconds..Au
9b660	74 6f 6e 6f 6d 6f 75 73 20 53 79 73 74 65 6d 73 00 41 76 6f 69 64 69 6e 67 20 22 6c 65 61 6b 79	tonomous.Systems.Avoiding."leaky
9b680	22 20 4e 41 54 00 41 7a 75 72 65 2d 64 61 74 61 2d 65 78 70 6c 6f 72 65 72 00 42 46 44 00 42 46	".NAT.Azure-data-explorer.BFD.BF
9b6a0	44 20 53 74 61 74 69 63 20 52 6f 75 74 65 20 4d 6f 6e 69 74 6f 72 69 6e 67 00 42 46 44 20 73 65	D.Static.Route.Monitoring.BFD.se
9b6c0	6e 64 73 20 6c 6f 74 73 20 6f 66 20 73 6d 61 6c 6c 20 55 44 50 20 70 61 63 6b 65 74 73 20 76 65	nds.lots.of.small.UDP.packets.ve
9b6e0	72 79 20 71 75 69 63 6b 6c 79 20 74 6f 20 65 6e 73 75 72 65 73 20 74 68 61 74 20 74 68 65 20 70	ry.quickly.to.ensures.that.the.p
9b700	65 65 72 20 69 73 20 73 74 69 6c 6c 20 61 6c 69 76 65 2e 00 42 47 50 00 42 47 50 20 2d 20 41 53	eer.is.still.alive..BGP.BGP.-.AS
9b720	20 50 61 74 68 20 50 6f 6c 69 63 79 00 42 47 50 20 2d 20 43 6f 6d 6d 75 6e 69 74 79 20 4c 69 73	.Path.Policy.BGP.-.Community.Lis
9b740	74 00 42 47 50 20 2d 20 45 78 74 65 6e 64 65 64 20 43 6f 6d 6d 75 6e 69 74 79 20 4c 69 73 74 00	t.BGP.-.Extended.Community.List.
9b760	42 47 50 20 2d 20 4c 61 72 67 65 20 43 6f 6d 6d 75 6e 69 74 79 20 4c 69 73 74 00 42 47 50 20 45	BGP.-.Large.Community.List.BGP.E
9b780	78 61 6d 70 6c 65 00 42 47 50 20 52 6f 75 74 65 72 20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 00	xample.BGP.Router.Configuration.
9b7a0	42 47 50 20 53 63 61 6c 69 6e 67 20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 00 42 47 50 20 61 67	BGP.Scaling.Configuration.BGP.ag
9b7c0	67 72 65 67 61 74 6f 72 20 61 74 74 72 69 62 75 74 65 3a 20 41 53 20 6e 75 6d 62 65 72 20 6f 72	gregator.attribute:.AS.number.or
9b7e0	20 49 50 20 61 64 64 72 65 73 73 20 6f 66 20 61 6e 20 61 67 67 72 65 67 61 74 69 6f 6e 2e 00 42	.IP.address.of.an.aggregation..B
9b800	47 50 20 61 73 2d 70 61 74 68 20 6c 69 73 74 20 74 6f 20 6d 61 74 63 68 2e 00 42 47 50 20 61 74	GP.as-path.list.to.match..BGP.at
9b820	6f 6d 69 63 20 61 67 67 72 65 67 61 74 65 20 61 74 74 72 69 62 75 74 65 2e 00 42 47 50 20 63 6f	omic.aggregate.attribute..BGP.co
9b840	6d 6d 75 6e 69 74 79 2d 6c 69 73 74 20 74 6f 20 6d 61 74 63 68 2e 00 42 47 50 20 65 78 74 65 6e	mmunity-list.to.match..BGP.exten
9b860	64 65 64 20 63 6f 6d 6d 75 6e 69 74 79 20 74 6f 20 6d 61 74 63 68 2e 00 42 47 50 20 72 6f 6c 65	ded.community.to.match..BGP.role
9b880	73 20 61 72 65 20 64 65 66 69 6e 65 64 20 69 6e 20 52 46 43 20 3a 72 66 63 3a 60 39 32 33 34 60	s.are.defined.in.RFC.:rfc:`9234`
9b8a0	20 61 6e 64 20 70 72 6f 76 69 64 65 20 61 6e 20 65 61 73 79 20 77 61 79 20 74 6f 20 61 64 64 20	.and.provide.an.easy.way.to.add.
9b8c0	72 6f 75 74 65 20 6c 65 61 6b 20 70 72 65 76 65 6e 74 69 6f 6e 2c 20 64 65 74 65 63 74 69 6f 6e	route.leak.prevention,.detection
9b8e0	20 61 6e 64 20 6d 69 74 69 67 61 74 69 6f 6e 2e 20 54 68 65 20 6c 6f 63 61 6c 20 52 6f 6c 65 20	.and.mitigation..The.local.Role.
9b900	76 61 6c 75 65 20 69 73 20 6e 65 67 6f 74 69 61 74 65 64 20 77 69 74 68 20 74 68 65 20 6e 65 77	value.is.negotiated.with.the.new
9b920	20 42 47 50 20 52 6f 6c 65 20 63 61 70 61 62 69 6c 69 74 79 20 77 68 69 63 68 20 68 61 73 20 61	.BGP.Role.capability.which.has.a
9b940	20 62 75 69 6c 74 2d 69 6e 20 63 68 65 63 6b 20 6f 66 20 74 68 65 20 63 6f 72 72 65 73 70 6f 6e	.built-in.check.of.the.correspon
9b960	64 69 6e 67 20 76 61 6c 75 65 2e 20 49 6e 20 63 61 73 65 20 6f 66 20 61 20 6d 69 73 6d 61 74 63	ding.value..In.case.of.a.mismatc
9b980	68 20 74 68 65 20 6e 65 77 20 4f 50 45 4e 20 52 6f 6c 65 73 20 4d 69 73 6d 61 74 63 68 20 4e 6f	h.the.new.OPEN.Roles.Mismatch.No
9b9a0	74 69 66 69 63 61 74 69 6f 6e 20 3c 32 2c 20 31 31 3e 20 77 6f 75 6c 64 20 62 65 20 73 65 6e 74	tification.<2,.11>.would.be.sent
9b9c0	2e 20 54 68 65 20 63 6f 72 72 65 63 74 20 52 6f 6c 65 20 70 61 69 72 73 20 61 72 65 3a 00 42 47	..The.correct.Role.pairs.are:.BG
9b9e0	50 20 72 6f 75 74 65 72 73 20 63 6f 6e 6e 65 63 74 65 64 20 69 6e 73 69 64 65 20 74 68 65 20 73	P.routers.connected.inside.the.s
9ba00	61 6d 65 20 41 53 20 74 68 72 6f 75 67 68 20 42 47 50 20 62 65 6c 6f 6e 67 20 74 6f 20 61 6e 20	ame.AS.through.BGP.belong.to.an.
9ba20	69 6e 74 65 72 6e 61 6c 20 42 47 50 20 73 65 73 73 69 6f 6e 2c 20 6f 72 20 49 42 47 50 2e 20 49	internal.BGP.session,.or.IBGP..I
9ba40	6e 20 6f 72 64 65 72 20 74 6f 20 70 72 65 76 65 6e 74 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65	n.order.to.prevent.routing.table
9ba60	20 6c 6f 6f 70 73 2c 20 49 42 47 50 20 73 70 65 61 6b 65 72 20 64 6f 65 73 20 6e 6f 74 20 61 64	.loops,.IBGP.speaker.does.not.ad
9ba80	76 65 72 74 69 73 65 20 49 42 47 50 2d 6c 65 61 72 6e 65 64 20 72 6f 75 74 65 73 20 74 6f 20 6f	vertise.IBGP-learned.routes.to.o
9baa0	74 68 65 72 20 49 42 47 50 20 73 70 65 61 6b 65 72 20 28 53 70 6c 69 74 20 48 6f 72 69 7a 6f 6e	ther.IBGP.speaker.(Split.Horizon
9bac0	20 6d 65 63 68 61 6e 69 73 6d 29 2e 20 41 73 20 73 75 63 68 2c 20 49 42 47 50 20 72 65 71 75 69	.mechanism)..As.such,.IBGP.requi
9bae0	72 65 73 20 61 20 66 75 6c 6c 20 6d 65 73 68 20 6f 66 20 61 6c 6c 20 70 65 65 72 73 2e 20 46 6f	res.a.full.mesh.of.all.peers..Fo
9bb00	72 20 6c 61 72 67 65 20 6e 65 74 77 6f 72 6b 73 2c 20 74 68 69 73 20 71 75 69 63 6b 6c 79 20 62	r.large.networks,.this.quickly.b
9bb20	65 63 6f 6d 65 73 20 75 6e 73 63 61 6c 61 62 6c 65 2e 00 42 47 50 20 72 6f 75 74 65 73 20 6d 61	ecomes.unscalable..BGP.routes.ma
9bb40	79 20 62 65 20 6c 65 61 6b 65 64 20 28 69 2e 65 2e 20 63 6f 70 69 65 64 29 20 62 65 74 77 65 65	y.be.leaked.(i.e..copied).betwee
9bb60	6e 20 61 20 75 6e 69 63 61 73 74 20 56 52 46 20 52 49 42 20 61 6e 64 20 74 68 65 20 56 50 4e 20	n.a.unicast.VRF.RIB.and.the.VPN.
9bb80	53 41 46 49 20 52 49 42 20 6f 66 20 74 68 65 20 64 65 66 61 75 6c 74 20 56 52 46 20 66 6f 72 20	SAFI.RIB.of.the.default.VRF.for.
9bba0	75 73 65 20 69 6e 20 4d 50 4c 53 2d 62 61 73 65 64 20 4c 33 56 50 4e 73 2e 20 55 6e 69 63 61 73	use.in.MPLS-based.L3VPNs..Unicas
9bbc0	74 20 72 6f 75 74 65 73 20 6d 61 79 20 61 6c 73 6f 20 62 65 20 6c 65 61 6b 65 64 20 62 65 74 77	t.routes.may.also.be.leaked.betw
9bbe0	65 65 6e 20 61 6e 79 20 56 52 46 73 20 28 69 6e 63 6c 75 64 69 6e 67 20 74 68 65 20 75 6e 69 63	een.any.VRFs.(including.the.unic
9bc00	61 73 74 20 52 49 42 20 6f 66 20 74 68 65 20 64 65 66 61 75 6c 74 20 42 47 50 20 69 6e 73 74 61	ast.RIB.of.the.default.BGP.insta
9bc20	6e 63 65 29 2e 20 41 20 73 68 6f 72 74 63 75 74 20 73 79 6e 74 61 78 20 69 73 20 61 6c 73 6f 20	nce)..A.shortcut.syntax.is.also.
9bc40	61 76 61 69 6c 61 62 6c 65 20 66 6f 72 20 73 70 65 63 69 66 79 69 6e 67 20 6c 65 61 6b 69 6e 67	available.for.specifying.leaking
9bc60	20 66 72 6f 6d 20 6f 6e 65 20 56 52 46 20 74 6f 20 61 6e 6f 74 68 65 72 20 56 52 46 20 75 73 69	.from.one.VRF.to.another.VRF.usi
9bc80	6e 67 20 74 68 65 20 64 65 66 61 75 6c 74 20 69 6e 73 74 61 6e 63 65 e2 80 99 73 20 56 50 4e 20	ng.the.default.instance...s.VPN.
9bca0	52 49 42 20 61 73 20 74 68 65 20 69 6e 74 65 6d 65 64 69 61 72 79 20 2e 20 41 20 63 6f 6d 6d 6f	RIB.as.the.intemediary...A.commo
9bcc0	6e 20 61 70 70 6c 69 63 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 56 52 46 2d 56 52 46 20 66 65 61	n.application.of.the.VRF-VRF.fea
9bce0	74 75 72 65 20 69 73 20 74 6f 20 63 6f 6e 6e 65 63 74 20 61 20 63 75 73 74 6f 6d 65 72 e2 80 99	ture.is.to.connect.a.customer...
9bd00	73 20 70 72 69 76 61 74 65 20 72 6f 75 74 69 6e 67 20 64 6f 6d 61 69 6e 20 74 6f 20 61 20 70 72	s.private.routing.domain.to.a.pr
9bd20	6f 76 69 64 65 72 e2 80 99 73 20 56 50 4e 20 73 65 72 76 69 63 65 2e 20 4c 65 61 6b 69 6e 67 20	ovider...s.VPN.service..Leaking.
9bd40	69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 66 72 6f 6d 20 74 68 65 20 70 6f 69 6e 74 20 6f 66 20	is.configured.from.the.point.of.
9bd60	76 69 65 77 20 6f 66 20 61 6e 20 69 6e 64 69 76 69 64 75 61 6c 20 56 52 46 3a 20 69 6d 70 6f 72	view.of.an.individual.VRF:.impor
9bd80	74 20 72 65 66 65 72 73 20 74 6f 20 72 6f 75 74 65 73 20 6c 65 61 6b 65 64 20 66 72 6f 6d 20 56	t.refers.to.routes.leaked.from.V
9bda0	50 4e 20 74 6f 20 61 20 75 6e 69 63 61 73 74 20 56 52 46 2c 20 77 68 65 72 65 61 73 20 65 78 70	PN.to.a.unicast.VRF,.whereas.exp
9bdc0	6f 72 74 20 72 65 66 65 72 73 20 74 6f 20 72 6f 75 74 65 73 20 6c 65 61 6b 65 64 20 66 72 6f 6d	ort.refers.to.routes.leaked.from
9bde0	20 61 20 75 6e 69 63 61 73 74 20 56 52 46 20 74 6f 20 56 50 4e 2e 00 42 61 62 65 6c 00 42 61 62	.a.unicast.VRF.to.VPN..Babel.Bab
9be00	65 6c 20 61 20 64 75 61 6c 20 73 74 61 63 6b 20 70 72 6f 74 6f 63 6f 6c 2e 20 41 20 73 69 6e 67	el.a.dual.stack.protocol..A.sing
9be20	6c 65 20 42 61 62 65 6c 20 69 6e 73 74 61 6e 63 65 20 69 73 20 61 62 6c 65 20 74 6f 20 70 65 72	le.Babel.instance.is.able.to.per
9be40	66 6f 72 6d 20 72 6f 75 74 69 6e 67 20 66 6f 72 20 62 6f 74 68 20 49 50 76 34 20 61 6e 64 20 49	form.routing.for.both.IPv4.and.I
9be60	50 76 36 2e 00 42 61 62 65 6c 20 69 73 20 61 20 6d 6f 64 65 72 6e 20 72 6f 75 74 69 6e 67 20 70	Pv6..Babel.is.a.modern.routing.p
9be80	72 6f 74 6f 63 6f 6c 20 64 65 73 69 67 6e 65 64 20 74 6f 20 62 65 20 72 6f 62 75 73 74 20 61 6e	rotocol.designed.to.be.robust.an
9bea0	64 20 65 66 66 69 63 69 65 6e 74 20 62 6f 74 68 20 69 6e 20 6f 72 64 69 6e 61 72 79 20 77 69 72	d.efficient.both.in.ordinary.wir
9bec0	65 64 20 6e 65 74 77 6f 72 6b 73 20 61 6e 64 20 69 6e 20 77 69 72 65 6c 65 73 73 20 6d 65 73 68	ed.networks.and.in.wireless.mesh
9bee0	20 6e 65 74 77 6f 72 6b 73 2e 20 42 79 20 64 65 66 61 75 6c 74 2c 20 69 74 20 75 73 65 73 20 68	.networks..By.default,.it.uses.h
9bf00	6f 70 2d 63 6f 75 6e 74 20 6f 6e 20 77 69 72 65 64 20 6e 65 74 77 6f 72 6b 73 20 61 6e 64 20 61	op-count.on.wired.networks.and.a
9bf20	20 76 61 72 69 61 6e 74 20 6f 66 20 45 54 58 20 6f 6e 20 77 69 72 65 6c 65 73 73 20 6c 69 6e 6b	.variant.of.ETX.on.wireless.link
9bf40	73 2c 20 49 74 20 63 61 6e 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 74 6f 20 74 61 6b 65 20	s,.It.can.be.configured.to.take.
9bf60	72 61 64 69 6f 20 64 69 76 65 72 73 69 74 79 20 69 6e 74 6f 20 61 63 63 6f 75 6e 74 20 61 6e 64	radio.diversity.into.account.and
9bf80	20 74 6f 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 63 6f 6d 70 75 74 65 20 61 20 6c 69 6e 6b	.to.automatically.compute.a.link
9bfa0	27 73 20 6c 61 74 65 6e 63 79 20 61 6e 64 20 69 6e 63 6c 75 64 65 20 69 74 20 69 6e 20 74 68 65	's.latency.and.include.it.in.the
9bfc0	20 6d 65 74 72 69 63 2e 20 49 74 20 69 73 20 64 65 66 69 6e 65 64 20 69 6e 20 3a 72 66 63 3a 60	.metric..It.is.defined.in.:rfc:`
9bfe0	38 39 36 36 60 2e 00 42 61 63 6b 65 6e 64 00 42 61 6c 61 6e 63 65 20 61 6c 67 6f 72 69 74 68 6d	8966`..Backend.Balance.algorithm
9c000	73 3a 00 42 61 6c 61 6e 63 69 6e 67 20 52 75 6c 65 73 00 42 61 6c 61 6e 63 69 6e 67 20 62 61 73	s:.Balancing.Rules.Balancing.bas
9c020	65 64 20 6f 6e 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 00 42 61 6e 64 77 69 64 74 68 20 53 68 61 70	ed.on.domain.name.Bandwidth.Shap
9c040	69 6e 67 00 42 61 6e 64 77 69 64 74 68 20 53 68 61 70 69 6e 67 20 66 6f 72 20 6c 6f 63 61 6c 20	ing.Bandwidth.Shaping.for.local.
9c060	75 73 65 72 73 00 42 61 6e 64 77 69 64 74 68 20 72 61 74 65 20 6c 69 6d 69 74 73 20 63 61 6e 20	users.Bandwidth.rate.limits.can.
9c080	62 65 20 73 65 74 20 66 6f 72 20 6c 6f 63 61 6c 20 75 73 65 72 73 20 6f 72 20 52 41 44 49 55 53	be.set.for.local.users.or.RADIUS
9c0a0	20 62 61 73 65 64 20 61 74 74 72 69 62 75 74 65 73 2e 00 42 61 6e 64 77 69 64 74 68 20 72 61 74	.based.attributes..Bandwidth.rat
9c0c0	65 20 6c 69 6d 69 74 73 20 63 61 6e 20 62 65 20 73 65 74 20 66 6f 72 20 6c 6f 63 61 6c 20 75 73	e.limits.can.be.set.for.local.us
9c0e0	65 72 73 20 6f 72 20 76 69 61 20 52 41 44 49 55 53 20 62 61 73 65 64 20 61 74 74 72 69 62 75 74	ers.or.via.RADIUS.based.attribut
9c100	65 73 2e 00 42 61 6e 64 77 69 64 74 68 20 72 61 74 65 20 6c 69 6d 69 74 73 20 63 61 6e 20 62 65	es..Bandwidth.rate.limits.can.be
9c120	20 73 65 74 20 66 6f 72 20 6c 6f 63 61 6c 20 75 73 65 72 73 20 77 69 74 68 69 6e 20 74 68 65 20	.set.for.local.users.within.the.
9c140	63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 72 20 76 69 61 20 52 41 44 49 55 53 20 62 61 73 65	configuration.or.via.RADIUS.base
9c160	64 20 61 74 74 72 69 62 75 74 65 73 2e 00 42 61 73 65 6c 69 6e 65 20 44 4d 56 50 4e 20 74 6f 70	d.attributes..Baseline.DMVPN.top
9c180	6f 6c 6f 67 79 00 42 61 73 69 63 20 43 6f 6e 63 65 70 74 73 00 42 61 73 69 63 20 63 6f 6d 6d 61	ology.Basic.Concepts.Basic.comma
9c1a0	6e 64 73 00 42 61 73 69 63 20 66 69 6c 74 65 72 69 6e 67 20 63 61 6e 20 62 65 20 64 6f 6e 65 20	nds.Basic.filtering.can.be.done.
9c1c0	75 73 69 6e 67 20 61 63 63 65 73 73 2d 6c 69 73 74 20 61 6e 64 20 61 63 63 65 73 73 2d 6c 69 73	using.access-list.and.access-lis
9c1e0	74 36 2e 00 42 61 73 69 63 20 66 69 6c 74 65 72 69 6e 67 20 63 6f 75 6c 64 20 61 6c 73 6f 20 62	t6..Basic.filtering.could.also.b
9c200	65 20 61 70 70 6c 69 65 64 20 74 6f 20 49 50 76 36 20 74 72 61 66 66 69 63 2e 00 42 61 73 69 63	e.applied.to.IPv6.traffic..Basic
9c220	20 73 65 74 75 70 00 42 65 20 73 75 72 65 20 74 6f 20 73 65 74 20 61 20 73 61 6e 65 20 64 65 66	.setup.Be.sure.to.set.a.sane.def
9c240	61 75 6c 74 20 63 6f 6e 66 69 67 20 69 6e 20 74 68 65 20 64 65 66 61 75 6c 74 20 63 6f 6e 66 69	ault.config.in.the.default.confi
9c260	67 20 66 69 6c 65 2c 20 74 68 69 73 20 77 69 6c 6c 20 62 65 20 6c 6f 61 64 65 64 20 69 6e 20 74	g.file,.this.will.be.loaded.in.t
9c280	68 65 20 63 61 73 65 20 74 68 61 74 20 61 20 75 73 65 72 20 69 73 20 61 75 74 68 65 6e 74 69 63	he.case.that.a.user.is.authentic
9c2a0	61 74 65 64 20 61 6e 64 20 6e 6f 20 66 69 6c 65 20 69 73 20 66 6f 75 6e 64 20 69 6e 20 74 68 65	ated.and.no.file.is.found.in.the
9c2c0	20 63 6f 6e 66 69 67 75 72 65 64 20 64 69 72 65 63 74 6f 72 79 20 6d 61 74 63 68 69 6e 67 20 74	.configured.directory.matching.t
9c2e0	68 65 20 75 73 65 72 73 20 75 73 65 72 6e 61 6d 65 2f 67 72 6f 75 70 2e 00 42 65 61 6d 66 6f 72	he.users.username/group..Beamfor
9c300	6d 69 6e 67 20 63 61 70 61 62 69 6c 69 74 69 65 73 3a 00 42 65 63 61 75 73 65 20 61 6e 20 61 67	ming.capabilities:.Because.an.ag
9c320	67 72 65 67 61 74 6f 72 20 63 61 6e 6e 6f 74 20 62 65 20 61 63 74 69 76 65 20 77 69 74 68 6f 75	gregator.cannot.be.active.withou
9c340	74 20 61 74 20 6c 65 61 73 74 20 6f 6e 65 20 61 76 61 69 6c 61 62 6c 65 20 6c 69 6e 6b 2c 20 73	t.at.least.one.available.link,.s
9c360	65 74 74 69 6e 67 20 74 68 69 73 20 6f 70 74 69 6f 6e 20 74 6f 20 30 20 6f 72 20 74 6f 20 31 20	etting.this.option.to.0.or.to.1.
9c380	68 61 73 20 74 68 65 20 65 78 61 63 74 20 73 61 6d 65 20 65 66 66 65 63 74 2e 00 42 65 63 61 75	has.the.exact.same.effect..Becau
9c3a0	73 65 20 65 78 69 73 74 69 6e 67 20 73 65 73 73 69 6f 6e 73 20 64 6f 20 6e 6f 74 20 61 75 74 6f	se.existing.sessions.do.not.auto
9c3c0	6d 61 74 69 63 61 6c 6c 79 20 66 61 69 6c 20 6f 76 65 72 20 74 6f 20 61 20 6e 65 77 20 70 61 74	matically.fail.over.to.a.new.pat
9c3e0	68 2c 20 74 68 65 20 73 65 73 73 69 6f 6e 20 74 61 62 6c 65 20 63 61 6e 20 62 65 20 66 6c 75 73	h,.the.session.table.can.be.flus
9c400	68 65 64 20 6f 6e 20 65 61 63 68 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 73 74 61 74 65 20 63 68 61	hed.on.each.connection.state.cha
9c420	6e 67 65 3a 00 42 65 66 6f 72 65 20 65 6e 61 62 6c 69 6e 67 20 61 6e 79 20 68 61 72 64 77 61 72	nge:.Before.enabling.any.hardwar
9c440	65 20 73 65 67 6d 65 6e 74 61 74 69 6f 6e 20 6f 66 66 6c 6f 61 64 20 61 20 63 6f 72 72 65 73 70	e.segmentation.offload.a.corresp
9c460	6f 6e 64 69 6e 67 20 73 6f 66 74 77 61 72 65 20 6f 66 66 6c 6f 61 64 20 69 73 20 72 65 71 75 69	onding.software.offload.is.requi
9c480	72 65 64 20 69 6e 20 47 53 4f 2e 20 4f 74 68 65 72 77 69 73 65 20 69 74 20 62 65 63 6f 6d 65 73	red.in.GSO..Otherwise.it.becomes
9c4a0	20 70 6f 73 73 69 62 6c 65 20 66 6f 72 20 61 20 66 72 61 6d 65 20 74 6f 20 62 65 20 72 65 2d 72	.possible.for.a.frame.to.be.re-r
9c4c0	6f 75 74 65 64 20 62 65 74 77 65 65 6e 20 64 65 76 69 63 65 73 20 61 6e 64 20 65 6e 64 20 75 70	outed.between.devices.and.end.up
9c4e0	20 62 65 69 6e 67 20 75 6e 61 62 6c 65 20 74 6f 20 62 65 20 74 72 61 6e 73 6d 69 74 74 65 64 2e	.being.unable.to.be.transmitted.
9c500	00 42 65 66 6f 72 65 20 79 6f 75 20 61 72 65 20 61 62 6c 65 20 74 6f 20 61 70 70 6c 79 20 61 20	.Before.you.are.able.to.apply.a.
9c520	72 75 6c 65 2d 73 65 74 20 74 6f 20 61 20 7a 6f 6e 65 20 79 6f 75 20 68 61 76 65 20 74 6f 20 63	rule-set.to.a.zone.you.have.to.c
9c540	72 65 61 74 65 20 74 68 65 20 7a 6f 6e 65 73 20 66 69 72 73 74 2e 00 42 65 6c 6f 77 20 66 6c 6f	reate.the.zones.first..Below.flo
9c560	77 2d 63 68 61 72 74 20 63 6f 75 6c 64 20 62 65 20 61 20 71 75 69 63 6b 20 72 65 66 65 72 65 6e	w-chart.could.be.a.quick.referen
9c580	63 65 20 66 6f 72 20 74 68 65 20 63 6c 6f 73 65 2d 61 63 74 69 6f 6e 20 63 6f 6d 62 69 6e 61 74	ce.for.the.close-action.combinat
9c5a0	69 6f 6e 20 64 65 70 65 6e 64 69 6e 67 20 6f 6e 20 68 6f 77 20 74 68 65 20 70 65 65 72 20 69 73	ion.depending.on.how.the.peer.is
9c5c0	20 63 6f 6e 66 69 67 75 72 65 64 2e 00 42 65 6c 6f 77 20 69 73 20 61 6e 20 65 78 61 6d 70 6c 65	.configured..Below.is.an.example
9c5e0	20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 61 20 4c 4e 53 3a 00 42 65 73 74 20 65 66 66 6f 72 74	.to.configure.a.LNS:.Best.effort
9c600	20 74 72 61 66 66 69 63 2c 20 64 65 66 61 75 6c 74 00 42 65 74 77 65 65 6e 20 63 6f 6d 70 75 74	.traffic,.default.Between.comput
9c620	65 72 73 2c 20 74 68 65 20 6d 6f 73 74 20 63 6f 6d 6d 6f 6e 20 63 6f 6e 66 69 67 75 72 61 74 69	ers,.the.most.common.configurati
9c640	6f 6e 20 75 73 65 64 20 77 61 73 20 22 38 4e 31 22 3a 20 65 69 67 68 74 20 62 69 74 20 63 68 61	on.used.was."8N1":.eight.bit.cha
9c660	72 61 63 74 65 72 73 2c 20 77 69 74 68 20 6f 6e 65 20 73 74 61 72 74 20 62 69 74 2c 20 6f 6e 65	racters,.with.one.start.bit,.one
9c680	20 73 74 6f 70 20 62 69 74 2c 20 61 6e 64 20 6e 6f 20 70 61 72 69 74 79 20 62 69 74 2e 20 54 68	.stop.bit,.and.no.parity.bit..Th
9c6a0	75 73 20 31 30 20 42 61 75 64 20 74 69 6d 65 73 20 61 72 65 20 75 73 65 64 20 74 6f 20 73 65 6e	us.10.Baud.times.are.used.to.sen
9c6c0	64 20 61 20 73 69 6e 67 6c 65 20 63 68 61 72 61 63 74 65 72 2c 20 61 6e 64 20 73 6f 20 64 69 76	d.a.single.character,.and.so.div
9c6e0	69 64 69 6e 67 20 74 68 65 20 73 69 67 6e 61 6c 6c 69 6e 67 20 62 69 74 2d 72 61 74 65 20 62 79	iding.the.signalling.bit-rate.by
9c700	20 74 65 6e 20 72 65 73 75 6c 74 73 20 69 6e 20 74 68 65 20 6f 76 65 72 61 6c 6c 20 74 72 61 6e	.ten.results.in.the.overall.tran
9c720	73 6d 69 73 73 69 6f 6e 20 73 70 65 65 64 20 69 6e 20 63 68 61 72 61 63 74 65 72 73 20 70 65 72	smission.speed.in.characters.per
9c740	20 73 65 63 6f 6e 64 2e 20 54 68 69 73 20 69 73 20 61 6c 73 6f 20 74 68 65 20 64 65 66 61 75 6c	.second..This.is.also.the.defaul
9c760	74 20 73 65 74 74 69 6e 67 20 69 66 20 6e 6f 6e 65 20 6f 66 20 74 68 6f 73 65 20 6f 70 74 69 6f	t.setting.if.none.of.those.optio
9c780	6e 73 20 61 72 65 20 64 65 66 69 6e 65 64 2e 00 42 69 64 69 72 65 63 74 69 6f 6e 61 6c 20 4e 41	ns.are.defined..Bidirectional.NA
9c7a0	54 00 42 69 6e 61 72 79 20 76 61 6c 75 65 00 42 69 6e 64 20 6c 69 73 74 65 6e 65 72 20 74 6f 20	T.Binary.value.Bind.listener.to.
9c7c0	73 70 65 63 69 66 69 63 20 69 6e 74 65 72 66 61 63 65 2f 61 64 64 72 65 73 73 2c 20 6d 61 6e 64	specific.interface/address,.mand
9c7e0	61 74 6f 72 79 20 66 6f 72 20 49 50 76 36 00 42 69 6e 64 73 20 65 74 68 31 2e 32 34 31 20 61 6e	atory.for.IPv6.Binds.eth1.241.an
9c800	64 20 76 78 6c 61 6e 32 34 31 20 74 6f 20 65 61 63 68 20 6f 74 68 65 72 20 62 79 20 6d 61 6b 69	d.vxlan241.to.each.other.by.maki
9c820	6e 67 20 74 68 65 6d 20 62 6f 74 68 20 6d 65 6d 62 65 72 20 69 6e 74 65 72 66 61 63 65 73 20 6f	ng.them.both.member.interfaces.o
9c840	66 20 74 68 65 20 73 61 6d 65 20 62 72 69 64 67 65 2e 00 42 6c 61 63 6b 68 6f 6c 65 00 42 6c 6f	f.the.same.bridge..Blackhole.Blo
9c860	63 6b 20 73 6f 75 72 63 65 20 49 50 20 69 6e 20 73 65 63 6f 6e 64 73 2e 20 53 75 62 73 65 71 75	ck.source.IP.in.seconds..Subsequ
9c880	65 6e 74 20 62 6c 6f 63 6b 73 20 69 6e 63 72 65 61 73 65 20 62 79 20 61 20 66 61 63 74 6f 72 20	ent.blocks.increase.by.a.factor.
9c8a0	6f 66 20 31 2e 35 20 54 68 65 20 64 65 66 61 75 6c 74 20 69 73 20 31 32 30 2e 00 42 6c 6f 63 6b	of.1.5.The.default.is.120..Block
9c8c0	20 73 6f 75 72 63 65 20 49 50 20 77 68 65 6e 20 74 68 65 69 72 20 63 75 6d 75 6c 61 74 69 76 65	.source.IP.when.their.cumulative
9c8e0	20 61 74 74 61 63 6b 20 73 63 6f 72 65 20 65 78 63 65 65 64 73 20 74 68 72 65 73 68 6f 6c 64 2e	.attack.score.exceeds.threshold.
9c900	20 54 68 65 20 64 65 66 61 75 6c 74 20 69 73 20 33 30 2e 00 42 6c 6f 63 6b 69 6e 67 20 63 61 6c	.The.default.is.30..Blocking.cal
9c920	6c 20 77 69 74 68 20 6e 6f 20 74 69 6d 65 6f 75 74 2e 20 53 79 73 74 65 6d 20 77 69 6c 6c 20 62	l.with.no.timeout..System.will.b
9c940	65 63 6f 6d 65 20 75 6e 72 65 73 70 6f 6e 73 69 76 65 20 69 66 20 73 63 72 69 70 74 20 64 6f 65	ecome.unresponsive.if.script.doe
9c960	73 20 6e 6f 74 20 72 65 74 75 72 6e 21 00 42 6f 61 72 64 65 72 20 47 61 74 65 77 61 79 20 50 72	s.not.return!.Boarder.Gateway.Pr
9c980	6f 74 6f 63 6f 6c 20 28 42 47 50 29 20 6f 72 69 67 69 6e 20 63 6f 64 65 20 74 6f 20 6d 61 74 63	otocol.(BGP).origin.code.to.matc
9c9a0	68 2e 00 42 6f 6e 64 20 2f 20 4c 69 6e 6b 20 41 67 67 72 65 67 61 74 69 6f 6e 00 42 6f 6e 64 20	h..Bond./.Link.Aggregation.Bond.
9c9c0	6f 70 74 69 6f 6e 73 00 42 6f 6f 74 20 69 6d 61 67 65 20 6c 65 6e 67 74 68 20 69 6e 20 35 31 32	options.Boot.image.length.in.512
9c9e0	2d 6f 63 74 65 74 20 62 6c 6f 63 6b 73 00 42 6f 6f 74 73 74 72 61 70 20 66 69 6c 65 20 6e 61 6d	-octet.blocks.Bootstrap.file.nam
9ca00	65 00 42 6f 74 68 20 49 50 76 34 20 61 6e 64 20 49 50 76 36 20 6d 75 6c 74 69 63 61 73 74 20 69	e.Both.IPv4.and.IPv6.multicast.i
9ca20	73 20 70 6f 73 73 69 62 6c 65 2e 00 42 6f 74 68 20 6c 6f 63 61 6c 20 61 64 6d 69 6e 69 73 74 65	s.possible..Both.local.administe
9ca40	72 65 64 20 61 6e 64 20 72 65 6d 6f 74 65 20 61 64 6d 69 6e 69 73 74 65 72 65 64 20 3a 61 62 62	red.and.remote.administered.:abb
9ca60	72 3a 60 52 41 44 49 55 53 20 28 52 65 6d 6f 74 65 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e	r:`RADIUS.(Remote.Authentication
9ca80	20 44 69 61 6c 2d 49 6e 20 55 73 65 72 20 53 65 72 76 69 63 65 29 60 20 61 63 63 6f 75 6e 74 73	.Dial-In.User.Service)`.accounts
9caa0	20 61 72 65 20 73 75 70 70 6f 72 74 65 64 2e 00 42 6f 74 68 20 72 65 70 6c 69 65 73 20 61 6e 64	.are.supported..Both.replies.and
9cac0	20 72 65 71 75 65 73 74 73 20 74 79 70 65 20 67 72 61 74 75 69 74 6f 75 73 20 61 72 70 20 77 69	.requests.type.gratuitous.arp.wi
9cae0	6c 6c 20 74 72 69 67 67 65 72 20 74 68 65 20 41 52 50 20 74 61 62 6c 65 20 74 6f 20 62 65 20 75	ll.trigger.the.ARP.table.to.be.u
9cb00	70 64 61 74 65 64 2c 20 69 66 20 74 68 69 73 20 73 65 74 74 69 6e 67 20 69 73 20 6f 6e 2e 00 42	pdated,.if.this.setting.is.on..B
9cb20	72 61 6e 63 68 20 31 27 73 20 72 6f 75 74 65 72 20 6d 69 67 68 74 20 68 61 76 65 20 74 68 65 20	ranch.1's.router.might.have.the.
9cb40	66 6f 6c 6c 6f 77 69 6e 67 20 6c 69 6e 65 73 3a 00 42 72 69 64 67 65 00 42 72 69 64 67 65 20 4f	following.lines:.Bridge.Bridge.O
9cb60	70 74 69 6f 6e 73 00 42 72 69 64 67 65 20 61 6e 73 77 65 72 73 20 6f 6e 20 49 50 20 61 64 64 72	ptions.Bridge.answers.on.IP.addr
9cb80	65 73 73 20 31 39 32 2e 30 2e 32 2e 31 2f 32 34 20 61 6e 64 20 32 30 30 31 3a 64 62 38 3a 3a 66	ess.192.0.2.1/24.and.2001:db8::f
9cba0	66 66 66 2f 36 34 00 42 72 69 64 67 65 20 6d 61 78 69 6d 75 6d 20 61 67 69 6e 67 20 60 3c 74 69	fff/64.Bridge.maximum.aging.`<ti
9cbc0	6d 65 3e 60 20 69 6e 20 73 65 63 6f 6e 64 73 20 28 64 65 66 61 75 6c 74 3a 20 32 30 29 2e 00 42	me>`.in.seconds.(default:.20)..B
9cbe0	72 69 64 67 65 3a 00 42 75 73 69 6e 65 73 73 20 55 73 65 72 73 00 42 75 74 20 62 65 66 6f 72 65	ridge:.Business.Users.But.before
9cc00	20 6c 65 61 72 6e 69 6e 67 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 70 6f 6c 69	.learning.to.configure.your.poli
9cc20	63 79 2c 20 77 65 20 77 69 6c 6c 20 77 61 72 6e 20 79 6f 75 20 61 62 6f 75 74 20 74 68 65 20 64	cy,.we.will.warn.you.about.the.d
9cc40	69 66 66 65 72 65 6e 74 20 75 6e 69 74 73 20 79 6f 75 20 63 61 6e 20 75 73 65 20 61 6e 64 20 61	ifferent.units.you.can.use.and.a
9cc60	6c 73 6f 20 73 68 6f 77 20 79 6f 75 20 77 68 61 74 20 2a 63 6c 61 73 73 65 73 2a 20 61 72 65 20	lso.show.you.what.*classes*.are.
9cc80	61 6e 64 20 68 6f 77 20 74 68 65 79 20 77 6f 72 6b 2c 20 61 73 20 73 6f 6d 65 20 70 6f 6c 69 63	and.how.they.work,.as.some.polic
9cca0	69 65 73 20 6d 61 79 20 72 65 71 75 69 72 65 20 79 6f 75 20 74 6f 20 63 6f 6e 66 69 67 75 72 65	ies.may.require.you.to.configure
9ccc0	20 74 68 65 6d 2e 00 42 79 20 64 65 66 61 75 6c 74 20 56 52 52 50 20 75 73 65 73 20 6d 75 6c 74	.them..By.default.VRRP.uses.mult
9cce0	69 63 61 73 74 20 70 61 63 6b 65 74 73 2e 20 49 66 20 79 6f 75 72 20 6e 65 74 77 6f 72 6b 20 64	icast.packets..If.your.network.d
9cd00	6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 6d 75 6c 74 69 63 61 73 74 20 66 6f 72 20 77 68	oes.not.support.multicast.for.wh
9cd20	61 74 65 76 65 72 20 72 65 61 73 6f 6e 2c 20 79 6f 75 20 63 61 6e 20 6d 61 6b 65 20 56 52 52 50	atever.reason,.you.can.make.VRRP
9cd40	20 75 73 65 20 75 6e 69 63 61 73 74 20 63 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 20 69 6e 73 74 65	.use.unicast.communication.inste
9cd60	61 64 2e 00 42 79 20 64 65 66 61 75 6c 74 20 56 52 52 50 20 75 73 65 73 20 70 72 65 65 6d 70 74	ad..By.default.VRRP.uses.preempt
9cd80	69 6f 6e 2e 20 59 6f 75 20 63 61 6e 20 64 69 73 61 62 6c 65 20 69 74 20 77 69 74 68 20 74 68 65	ion..You.can.disable.it.with.the
9cda0	20 22 6e 6f 2d 70 72 65 65 6d 70 74 22 20 6f 70 74 69 6f 6e 3a 00 42 79 20 64 65 66 61 75 6c 74	."no-preempt".option:.By.default
9cdc0	20 60 73 74 72 69 63 74 2d 6c 73 61 2d 63 68 65 63 6b 69 6e 67 60 20 69 73 20 63 6f 6e 66 69 67	.`strict-lsa-checking`.is.config
9cde0	75 72 65 64 20 74 68 65 6e 20 74 68 65 20 68 65 6c 70 65 72 20 77 69 6c 6c 20 61 62 6f 72 74 20	ured.then.the.helper.will.abort.
9ce00	74 68 65 20 47 72 61 63 65 66 75 6c 20 52 65 73 74 61 72 74 20 77 68 65 6e 20 61 20 4c 53 41 20	the.Graceful.Restart.when.a.LSA.
9ce20	63 68 61 6e 67 65 20 6f 63 63 75 72 73 20 77 68 69 63 68 20 61 66 66 65 63 74 73 20 74 68 65 20	change.occurs.which.affects.the.
9ce40	72 65 73 74 61 72 74 69 6e 67 20 72 6f 75 74 65 72 2e 00 42 79 20 64 65 66 61 75 6c 74 20 74 68	restarting.router..By.default.th
9ce60	65 20 73 63 6f 70 65 20 6f 66 20 74 68 65 20 70 6f 72 74 20 62 69 6e 64 69 6e 67 73 20 66 6f 72	e.scope.of.the.port.bindings.for
9ce80	20 75 6e 62 6f 75 6e 64 20 73 6f 63 6b 65 74 73 20 69 73 20 6c 69 6d 69 74 65 64 20 74 6f 20 74	.unbound.sockets.is.limited.to.t
9cea0	68 65 20 64 65 66 61 75 6c 74 20 56 52 46 2e 20 54 68 61 74 20 69 73 2c 20 69 74 20 77 69 6c 6c	he.default.VRF..That.is,.it.will
9cec0	20 6e 6f 74 20 62 65 20 6d 61 74 63 68 65 64 20 62 79 20 70 61 63 6b 65 74 73 20 61 72 72 69 76	.not.be.matched.by.packets.arriv
9cee0	69 6e 67 20 6f 6e 20 69 6e 74 65 72 66 61 63 65 73 20 65 6e 73 6c 61 76 65 64 20 74 6f 20 61 20	ing.on.interfaces.enslaved.to.a.
9cf00	56 52 46 20 61 6e 64 20 70 72 6f 63 65 73 73 65 73 20 6d 61 79 20 62 69 6e 64 20 74 6f 20 74 68	VRF.and.processes.may.bind.to.th
9cf20	65 20 73 61 6d 65 20 70 6f 72 74 20 69 66 20 74 68 65 79 20 62 69 6e 64 20 74 6f 20 61 20 56 52	e.same.port.if.they.bind.to.a.VR
9cf40	46 2e 00 42 79 20 64 65 66 61 75 6c 74 2c 20 46 52 52 20 77 69 6c 6c 20 62 72 69 6e 67 20 75 70	F..By.default,.FRR.will.bring.up
9cf60	20 70 65 65 72 69 6e 67 20 77 69 74 68 20 6d 69 6e 69 6d 61 6c 20 63 6f 6d 6d 6f 6e 20 63 61 70	.peering.with.minimal.common.cap
9cf80	61 62 69 6c 69 74 79 20 66 6f 72 20 74 68 65 20 62 6f 74 68 20 73 69 64 65 73 2e 20 46 6f 72 20	ability.for.the.both.sides..For.
9cfa0	65 78 61 6d 70 6c 65 2c 20 69 66 20 74 68 65 20 6c 6f 63 61 6c 20 72 6f 75 74 65 72 20 68 61 73	example,.if.the.local.router.has
9cfc0	20 75 6e 69 63 61 73 74 20 61 6e 64 20 6d 75 6c 74 69 63 61 73 74 20 63 61 70 61 62 69 6c 69 74	.unicast.and.multicast.capabilit
9cfe0	69 65 73 20 61 6e 64 20 74 68 65 20 72 65 6d 6f 74 65 20 72 6f 75 74 65 72 20 6f 6e 6c 79 20 68	ies.and.the.remote.router.only.h
9d000	61 73 20 75 6e 69 63 61 73 74 20 63 61 70 61 62 69 6c 69 74 79 20 74 68 65 20 6c 6f 63 61 6c 20	as.unicast.capability.the.local.
9d020	72 6f 75 74 65 72 20 77 69 6c 6c 20 65 73 74 61 62 6c 69 73 68 20 74 68 65 20 63 6f 6e 6e 65 63	router.will.establish.the.connec
9d040	74 69 6f 6e 20 77 69 74 68 20 75 6e 69 63 61 73 74 20 6f 6e 6c 79 20 63 61 70 61 62 69 6c 69 74	tion.with.unicast.only.capabilit
9d060	79 2e 20 57 68 65 6e 20 74 68 65 72 65 20 61 72 65 20 6e 6f 20 63 6f 6d 6d 6f 6e 20 63 61 70 61	y..When.there.are.no.common.capa
9d080	62 69 6c 69 74 69 65 73 2c 20 46 52 52 20 73 65 6e 64 73 20 55 6e 73 75 70 70 6f 72 74 65 64 20	bilities,.FRR.sends.Unsupported.
9d0a0	43 61 70 61 62 69 6c 69 74 79 20 65 72 72 6f 72 20 61 6e 64 20 74 68 65 6e 20 72 65 73 65 74 73	Capability.error.and.then.resets
9d0c0	20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 2e 00 42 79 20 64 65 66 61 75 6c 74 2c 20 56 79 4f	.the.connection..By.default,.VyO
9d0e0	53 20 64 6f 65 73 20 6e 6f 74 20 61 64 76 65 72 74 69 73 65 20 61 20 64 65 66 61 75 6c 74 20 72	S.does.not.advertise.a.default.r
9d100	6f 75 74 65 20 28 30 2e 30 2e 30 2e 30 2f 30 29 20 65 76 65 6e 20 69 66 20 69 74 20 69 73 20 69	oute.(0.0.0.0/0).even.if.it.is.i
9d120	6e 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 2e 20 57 68 65 6e 20 79 6f 75 20 77 61 6e 74 20 74	n.routing.table..When.you.want.t
9d140	6f 20 61 6e 6e 6f 75 6e 63 65 20 64 65 66 61 75 6c 74 20 72 6f 75 74 65 73 20 74 6f 20 74 68 65	o.announce.default.routes.to.the
9d160	20 70 65 65 72 2c 20 75 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 2e 20 55 73 69 6e 67 20 6f	.peer,.use.this.command..Using.o
9d180	70 74 69 6f 6e 61 6c 20 61 72 67 75 6d 65 6e 74 20 3a 63 66 67 63 6d 64 3a 60 72 6f 75 74 65 2d	ptional.argument.:cfgcmd:`route-
9d1a0	6d 61 70 60 20 79 6f 75 20 63 61 6e 20 69 6e 6a 65 63 74 20 74 68 65 20 64 65 66 61 75 6c 74 20	map`.you.can.inject.the.default.
9d1c0	72 6f 75 74 65 20 74 6f 20 67 69 76 65 6e 20 6e 65 69 67 68 62 6f 72 20 6f 6e 6c 79 20 69 66 20	route.to.given.neighbor.only.if.
9d1e0	74 68 65 20 63 6f 6e 64 69 74 69 6f 6e 73 20 69 6e 20 74 68 65 20 72 6f 75 74 65 20 6d 61 70 20	the.conditions.in.the.route.map.
9d200	61 72 65 20 6d 65 74 2e 00 42 79 20 64 65 66 61 75 6c 74 2c 20 61 20 6e 65 77 20 74 6f 6b 65 6e	are.met..By.default,.a.new.token
9d220	20 69 73 20 67 65 6e 65 72 61 74 65 64 20 65 76 65 72 79 20 33 30 20 73 65 63 6f 6e 64 73 20 62	.is.generated.every.30.seconds.b
9d240	79 20 74 68 65 20 6d 6f 62 69 6c 65 20 61 70 70 6c 69 63 61 74 69 6f 6e 2e 20 49 6e 20 6f 72 64	y.the.mobile.application..In.ord
9d260	65 72 20 74 6f 20 63 6f 6d 70 65 6e 73 61 74 65 20 66 6f 72 20 70 6f 73 73 69 62 6c 65 20 74 69	er.to.compensate.for.possible.ti
9d280	6d 65 2d 73 6b 65 77 20 62 65 74 77 65 65 6e 20 74 68 65 20 63 6c 69 65 6e 74 20 61 6e 64 20 74	me-skew.between.the.client.and.t
9d2a0	68 65 20 73 65 72 76 65 72 2c 20 61 6e 20 65 78 74 72 61 20 74 6f 6b 65 6e 20 62 65 66 6f 72 65	he.server,.an.extra.token.before
9d2c0	20 61 6e 64 20 61 66 74 65 72 20 74 68 65 20 63 75 72 72 65 6e 74 20 74 69 6d 65 20 69 73 20 61	.and.after.the.current.time.is.a
9d2e0	6c 6c 6f 77 65 64 2e 20 54 68 69 73 20 61 6c 6c 6f 77 73 20 66 6f 72 20 61 20 74 69 6d 65 20 73	llowed..This.allows.for.a.time.s
9d300	6b 65 77 20 6f 66 20 75 70 20 74 6f 20 33 30 20 73 65 63 6f 6e 64 73 20 62 65 74 77 65 65 6e 20	kew.of.up.to.30.seconds.between.
9d320	61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 73 65 72 76 65 72 20 61 6e 64 20 63 6c 69 65 6e 74	authentication.server.and.client
9d340	2e 00 42 79 20 64 65 66 61 75 6c 74 2c 20 64 64 63 6c 69 65 6e 74 5f 20 77 69 6c 6c 20 75 70 64	..By.default,.ddclient_.will.upd
9d360	61 74 65 20 61 20 64 79 6e 61 6d 69 63 20 64 6e 73 20 72 65 63 6f 72 64 20 75 73 69 6e 67 20 74	ate.a.dynamic.dns.record.using.t
9d380	68 65 20 49 50 20 61 64 64 72 65 73 73 20 64 69 72 65 63 74 6c 79 20 61 74 74 61 63 68 65 64 20	he.IP.address.directly.attached.
9d3a0	74 6f 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 2e 20 49 66 20 79 6f 75 72 20 56 79 4f 53 20 69	to.the.interface..If.your.VyOS.i
9d3c0	6e 73 74 61 6e 63 65 20 69 73 20 62 65 68 69 6e 64 20 4e 41 54 2c 20 79 6f 75 72 20 72 65 63 6f	nstance.is.behind.NAT,.your.reco
9d3e0	72 64 20 77 69 6c 6c 20 62 65 20 75 70 64 61 74 65 64 20 74 6f 20 70 6f 69 6e 74 20 74 6f 20 79	rd.will.be.updated.to.point.to.y
9d400	6f 75 72 20 69 6e 74 65 72 6e 61 6c 20 49 50 2e 00 42 79 20 64 65 66 61 75 6c 74 2c 20 65 6e 61	our.internal.IP..By.default,.ena
9d420	62 6c 69 6e 67 20 52 50 4b 49 20 64 6f 65 73 20 6e 6f 74 20 63 68 61 6e 67 65 20 62 65 73 74 20	bling.RPKI.does.not.change.best.
9d440	70 61 74 68 20 73 65 6c 65 63 74 69 6f 6e 2e 20 49 6e 20 70 61 72 74 69 63 75 6c 61 72 2c 20 69	path.selection..In.particular,.i
9d460	6e 76 61 6c 69 64 20 70 72 65 66 69 78 65 73 20 77 69 6c 6c 20 73 74 69 6c 6c 20 62 65 20 63 6f	nvalid.prefixes.will.still.be.co
9d480	6e 73 69 64 65 72 65 64 20 64 75 72 69 6e 67 20 62 65 73 74 20 70 61 74 68 20 73 65 6c 65 63 74	nsidered.during.best.path.select
9d4a0	69 6f 6e 2e 20 48 6f 77 65 76 65 72 2c 20 74 68 65 20 72 6f 75 74 65 72 20 63 61 6e 20 62 65 20	ion..However,.the.router.can.be.
9d4c0	63 6f 6e 66 69 67 75 72 65 64 20 74 6f 20 69 67 6e 6f 72 65 20 61 6c 6c 20 69 6e 76 61 6c 69 64	configured.to.ignore.all.invalid
9d4e0	20 70 72 65 66 69 78 65 73 2e 00 42 79 20 64 65 66 61 75 6c 74 2c 20 69 74 20 73 75 70 70 6f 72	.prefixes..By.default,.it.suppor
9d500	74 73 20 62 6f 74 68 20 70 6c 61 6e 6e 65 64 20 61 6e 64 20 75 6e 70 6c 61 6e 6e 65 64 20 6f 75	ts.both.planned.and.unplanned.ou
9d520	74 61 67 65 73 2e 00 42 79 20 64 65 66 61 75 6c 74 2c 20 6e 67 69 6e 78 20 65 78 70 6f 73 65 73	tages..By.default,.nginx.exposes
9d540	20 74 68 65 20 6c 6f 63 61 6c 20 41 50 49 20 6f 6e 20 61 6c 6c 20 76 69 72 74 75 61 6c 20 73 65	.the.local.API.on.all.virtual.se
9d560	72 76 65 72 73 2e 20 55 73 65 20 74 68 69 73 20 74 6f 20 72 65 73 74 72 69 63 74 20 6e 67 69 6e	rvers..Use.this.to.restrict.ngin
9d580	78 20 74 6f 20 6f 6e 65 20 6f 72 20 6d 6f 72 65 20 76 69 72 74 75 61 6c 20 68 6f 73 74 73 2e 00	x.to.one.or.more.virtual.hosts..
9d5a0	42 79 20 64 65 66 61 75 6c 74 2c 20 72 65 63 6f 72 64 65 64 20 66 6c 6f 77 73 20 77 69 6c 6c 20	By.default,.recorded.flows.will.
9d5c0	62 65 20 73 61 76 65 64 20 69 6e 74 65 72 6e 61 6c 6c 79 20 61 6e 64 20 63 61 6e 20 62 65 20 6c	be.saved.internally.and.can.be.l
9d5e0	69 73 74 65 64 20 77 69 74 68 20 74 68 65 20 43 4c 49 20 63 6f 6d 6d 61 6e 64 2e 20 59 6f 75 20	isted.with.the.CLI.command..You.
9d600	6d 61 79 20 64 69 73 61 62 6c 65 20 75 73 69 6e 67 20 74 68 65 20 6c 6f 63 61 6c 20 69 6e 2d 6d	may.disable.using.the.local.in-m
9d620	65 6d 6f 72 79 20 74 61 62 6c 65 20 77 69 74 68 20 74 68 65 20 63 6f 6d 6d 61 6e 64 3a 00 42 79	emory.table.with.the.command:.By
9d640	20 64 65 66 61 75 6c 74 2c 20 74 68 65 20 42 47 50 20 70 72 65 66 69 78 20 69 73 20 61 64 76 65	.default,.the.BGP.prefix.is.adve
9d660	72 74 69 73 65 64 20 65 76 65 6e 20 69 66 20 69 74 27 73 20 6e 6f 74 20 70 72 65 73 65 6e 74 20	rtised.even.if.it's.not.present.
9d680	69 6e 20 74 68 65 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 2e 20 54 68 69 73 20 62 65 68 61 76	in.the.routing.table..This.behav
9d6a0	69 6f 75 72 20 64 69 66 66 65 72 73 20 66 72 6f 6d 20 74 68 65 20 69 6d 70 6c 65 6d 65 6e 74 61	iour.differs.from.the.implementa
9d6c0	74 69 6f 6e 20 6f 66 20 73 6f 6d 65 20 76 65 6e 64 6f 72 73 2e 00 42 79 20 64 65 66 61 75 6c 74	tion.of.some.vendors..By.default
9d6e0	2c 20 74 68 69 73 20 62 72 69 64 67 69 6e 67 20 69 73 20 61 6c 6c 6f 77 65 64 2e 00 42 79 20 64	,.this.bridging.is.allowed..By.d
9d700	65 66 61 75 6c 74 2c 20 77 68 65 6e 20 56 79 4f 53 20 72 65 63 65 69 76 65 73 20 61 6e 20 49 43	efault,.when.VyOS.receives.an.IC
9d720	4d 50 20 65 63 68 6f 20 72 65 71 75 65 73 74 20 70 61 63 6b 65 74 20 64 65 73 74 69 6e 65 64 20	MP.echo.request.packet.destined.
9d740	66 6f 72 20 69 74 73 65 6c 66 2c 20 69 74 20 77 69 6c 6c 20 61 6e 73 77 65 72 20 77 69 74 68 20	for.itself,.it.will.answer.with.
9d760	61 6e 20 49 43 4d 50 20 65 63 68 6f 20 72 65 70 6c 79 2c 20 75 6e 6c 65 73 73 20 79 6f 75 20 61	an.ICMP.echo.reply,.unless.you.a
9d780	76 6f 69 64 20 69 74 20 74 68 72 6f 75 67 68 20 69 74 73 20 66 69 72 65 77 61 6c 6c 2e 00 42 79	void.it.through.its.firewall..By
9d7a0	20 75 73 69 6e 67 20 50 73 65 75 64 6f 2d 45 74 68 65 72 6e 65 74 20 69 6e 74 65 72 66 61 63 65	.using.Pseudo-Ethernet.interface
9d7c0	73 20 74 68 65 72 65 20 77 69 6c 6c 20 62 65 20 6c 65 73 73 20 73 79 73 74 65 6d 20 6f 76 65 72	s.there.will.be.less.system.over
9d7e0	68 65 61 64 20 63 6f 6d 70 61 72 65 64 20 74 6f 20 72 75 6e 6e 69 6e 67 20 61 20 74 72 61 64 69	head.compared.to.running.a.tradi
9d800	74 69 6f 6e 61 6c 20 62 72 69 64 67 69 6e 67 20 61 70 70 72 6f 61 63 68 2e 20 50 73 65 75 64 6f	tional.bridging.approach..Pseudo
9d820	2d 45 74 68 65 72 6e 65 74 20 69 6e 74 65 72 66 61 63 65 73 20 63 61 6e 20 61 6c 73 6f 20 62 65	-Ethernet.interfaces.can.also.be
9d840	20 75 73 65 64 20 74 6f 20 77 6f 72 6b 61 72 6f 75 6e 64 20 74 68 65 20 67 65 6e 65 72 61 6c 20	.used.to.workaround.the.general.
9d860	6c 69 6d 69 74 20 6f 66 20 34 30 39 36 20 76 69 72 74 75 61 6c 20 4c 41 4e 73 20 28 56 4c 41 4e	limit.of.4096.virtual.LANs.(VLAN
9d880	73 29 20 70 65 72 20 70 68 79 73 69 63 61 6c 20 45 74 68 65 72 6e 65 74 20 70 6f 72 74 2c 20 73	s).per.physical.Ethernet.port,.s
9d8a0	69 6e 63 65 20 74 68 61 74 20 6c 69 6d 69 74 20 69 73 20 77 69 74 68 20 72 65 73 70 65 63 74 20	ince.that.limit.is.with.respect.
9d8c0	74 6f 20 61 20 73 69 6e 67 6c 65 20 4d 41 43 20 61 64 64 72 65 73 73 2e 00 42 79 70 61 73 73 69	to.a.single.MAC.address..Bypassi
9d8e0	6e 67 20 74 68 65 20 77 65 62 70 72 6f 78 79 00 43 41 20 28 43 65 72 74 69 66 69 63 61 74 65 20	ng.the.webproxy.CA.(Certificate.
9d900	41 75 74 68 6f 72 69 74 79 29 00 43 52 49 54 49 43 2f 45 43 50 00 43 61 6c 6c 20 61 6e 6f 74 68	Authority).CRITIC/ECP.Call.anoth
9d920	65 72 20 72 6f 75 74 65 2d 6d 61 70 20 70 6f 6c 69 63 79 20 6f 6e 20 6d 61 74 63 68 2e 00 43 61	er.route-map.policy.on.match..Ca
9d940	70 61 62 69 6c 69 74 79 20 4e 65 67 6f 74 69 61 74 69 6f 6e 00 43 65 72 74 61 69 6e 20 76 65 6e	pability.Negotiation.Certain.ven
9d960	64 6f 72 73 20 75 73 65 20 62 72 6f 61 64 63 61 73 74 73 20 74 6f 20 69 64 65 6e 74 69 66 79 20	dors.use.broadcasts.to.identify.
9d980	74 68 65 69 72 20 65 71 75 69 70 6d 65 6e 74 20 77 69 74 68 69 6e 20 6f 6e 65 20 65 74 68 65 72	their.equipment.within.one.ether
9d9a0	6e 65 74 20 73 65 67 6d 65 6e 74 2e 20 55 6e 66 6f 72 74 75 6e 61 74 65 6c 79 20 69 66 20 79 6f	net.segment..Unfortunately.if.yo
9d9c0	75 20 73 70 6c 69 74 20 79 6f 75 72 20 6e 65 74 77 6f 72 6b 20 77 69 74 68 20 6d 75 6c 74 69 70	u.split.your.network.with.multip
9d9e0	6c 65 20 56 4c 41 4e 73 20 79 6f 75 20 6c 6f 6f 73 65 20 74 68 65 20 61 62 69 6c 69 74 79 20 6f	le.VLANs.you.loose.the.ability.o
9da00	66 20 69 64 65 6e 74 69 66 79 69 6e 67 20 79 6f 75 72 20 65 71 75 69 70 6d 65 6e 74 2e 00 43 65	f.identifying.your.equipment..Ce
9da20	72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 20 28 43 41 29 00 43 65 72 74 69 66 69	rtificate.Authority.(CA).Certifi
9da40	63 61 74 65 20 72 65 76 6f 63 61 74 69 6f 6e 20 6c 69 73 74 20 69 6e 20 50 45 4d 20 66 6f 72 6d	cate.revocation.list.in.PEM.form
9da60	61 74 2e 00 43 65 72 74 69 66 69 63 61 74 65 73 00 43 68 61 6e 67 65 20 73 79 73 74 65 6d 20 6b	at..Certificates.Change.system.k
9da80	65 79 62 6f 61 72 64 20 6c 61 79 6f 75 74 20 74 6f 20 67 69 76 65 6e 20 6c 61 6e 67 75 61 67 65	eyboard.layout.to.given.language
9daa0	2e 00 43 68 61 6e 67 65 20 74 68 65 20 64 65 66 61 75 6c 74 2d 61 63 74 69 6f 6e 20 77 69 74 68	..Change.the.default-action.with
9dac0	20 74 68 69 73 20 73 65 74 74 69 6e 67 2e 00 43 68 61 6e 67 65 73 20 69 6e 20 42 47 50 20 70 6f	.this.setting..Changes.in.BGP.po
9dae0	6c 69 63 69 65 73 20 72 65 71 75 69 72 65 20 74 68 65 20 42 47 50 20 73 65 73 73 69 6f 6e 20 74	licies.require.the.BGP.session.t
9db00	6f 20 62 65 20 63 6c 65 61 72 65 64 2e 20 43 6c 65 61 72 69 6e 67 20 68 61 73 20 61 20 6c 61 72	o.be.cleared..Clearing.has.a.lar
9db20	67 65 20 6e 65 67 61 74 69 76 65 20 69 6d 70 61 63 74 20 6f 6e 20 6e 65 74 77 6f 72 6b 20 6f 70	ge.negative.impact.on.network.op
9db40	65 72 61 74 69 6f 6e 73 2e 20 53 6f 66 74 20 72 65 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 65	erations..Soft.reconfiguration.e
9db60	6e 61 62 6c 65 73 20 79 6f 75 20 74 6f 20 67 65 6e 65 72 61 74 65 20 69 6e 62 6f 75 6e 64 20 75	nables.you.to.generate.inbound.u
9db80	70 64 61 74 65 73 20 66 72 6f 6d 20 61 20 6e 65 69 67 68 62 6f 72 2c 20 63 68 61 6e 67 65 20 61	pdates.from.a.neighbor,.change.a
9dba0	6e 64 20 61 63 74 69 76 61 74 65 20 42 47 50 20 70 6f 6c 69 63 69 65 73 20 77 69 74 68 6f 75 74	nd.activate.BGP.policies.without
9dbc0	20 63 6c 65 61 72 69 6e 67 20 74 68 65 20 42 47 50 20 73 65 73 73 69 6f 6e 2e 00 43 68 61 6e 67	.clearing.the.BGP.session..Chang
9dbe0	65 73 20 74 6f 20 74 68 65 20 4e 41 54 20 73 79 73 74 65 6d 20 6f 6e 6c 79 20 61 66 66 65 63 74	es.to.the.NAT.system.only.affect
9dc00	20 6e 65 77 6c 79 20 65 73 74 61 62 6c 69 73 68 65 64 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 2e 20	.newly.established.connections..
9dc20	41 6c 72 65 61 64 79 20 65 73 74 61 62 6c 69 73 68 65 64 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20	Already.established.connections.
9dc40	61 72 65 20 6e 6f 74 20 61 66 66 65 63 74 65 64 2e 00 43 68 61 6e 67 69 6e 67 20 74 68 65 20 6b	are.not.affected..Changing.the.k
9dc60	65 79 6d 61 70 20 6f 6e 6c 79 20 68 61 73 20 61 6e 20 65 66 66 65 63 74 20 6f 6e 20 74 68 65 20	eymap.only.has.an.effect.on.the.
9dc80	73 79 73 74 65 6d 20 63 6f 6e 73 6f 6c 65 2c 20 75 73 69 6e 67 20 53 53 48 20 6f 72 20 53 65 72	system.console,.using.SSH.or.Ser
9dca0	69 61 6c 20 72 65 6d 6f 74 65 20 61 63 63 65 73 73 20 74 6f 20 74 68 65 20 64 65 76 69 63 65 20	ial.remote.access.to.the.device.
9dcc0	69 73 20 6e 6f 74 20 61 66 66 65 63 74 65 64 20 61 73 20 74 68 65 20 6b 65 79 62 6f 61 72 64 20	is.not.affected.as.the.keyboard.
9dce0	6c 61 79 6f 75 74 20 68 65 72 65 20 63 6f 72 72 65 73 70 6f 6e 64 73 20 74 6f 20 79 6f 75 72 20	layout.here.corresponds.to.your.
9dd00	61 63 63 65 73 73 20 73 79 73 74 65 6d 2e 00 43 68 61 6e 6e 65 6c 20 6e 75 6d 62 65 72 20 28 49	access.system..Channel.number.(I
9dd20	45 45 45 20 38 30 32 2e 31 31 29 2c 20 66 6f 72 20 32 2e 34 47 68 7a 20 28 38 30 32 2e 31 31 20	EEE.802.11),.for.2.4Ghz.(802.11.
9dd40	62 2f 67 2f 6e 29 20 63 68 61 6e 6e 65 6c 73 20 72 61 6e 67 65 20 66 72 6f 6d 20 31 2d 31 34 2e	b/g/n).channels.range.from.1-14.
9dd60	20 4f 6e 20 35 47 68 7a 20 28 38 30 32 2e 31 31 20 61 2f 68 2f 6a 2f 6e 2f 61 63 29 20 63 68 61	.On.5Ghz.(802.11.a/h/j/n/ac).cha
9dd80	6e 6e 65 6c 73 20 61 76 61 69 6c 61 62 6c 65 20 61 72 65 20 30 2c 20 33 34 20 74 6f 20 31 37 33	nnels.available.are.0,.34.to.173
9dda0	00 43 68 65 63 6b 20 69 66 20 74 68 65 20 49 6e 74 65 6c c2 ae 20 51 41 54 20 64 65 76 69 63 65	.Check.if.the.Intel...QAT.device
9ddc0	20 69 73 20 75 70 20 61 6e 64 20 72 65 61 64 79 20 74 6f 20 64 6f 20 74 68 65 20 6a 6f 62 2e 00	.is.up.and.ready.to.do.the.job..
9dde0	43 68 65 63 6b 20 73 74 61 74 75 73 00 43 68 65 63 6b 20 74 68 65 20 6d 61 6e 79 20 70 61 72 61	Check.status.Check.the.many.para
9de00	6d 65 74 65 72 73 20 61 76 61 69 6c 61 62 6c 65 20 66 6f 72 20 74 68 65 20 60 73 68 6f 77 20 69	meters.available.for.the.`show.i
9de20	70 76 36 20 72 6f 75 74 65 60 20 63 6f 6d 6d 61 6e 64 3a 00 43 68 65 63 6b 69 6e 67 20 63 6f 6e	pv6.route`.command:.Checking.con
9de40	6e 65 63 74 69 6f 6e 73 00 43 68 6f 6f 73 65 20 79 6f 75 72 20 60 60 64 69 72 65 63 74 6f 72 79	nections.Choose.your.``directory
9de60	60 60 20 6c 6f 63 61 74 69 6f 6e 20 63 61 72 65 66 75 6c 6c 79 20 6f 72 20 79 6f 75 20 77 69 6c	``.location.carefully.or.you.wil
9de80	6c 20 6c 6f 6f 73 65 20 74 68 65 20 63 6f 6e 74 65 6e 74 20 6f 6e 20 69 6d 61 67 65 20 75 70 67	l.loose.the.content.on.image.upg
9dea0	72 61 64 65 73 2e 20 41 6e 79 20 64 69 72 65 63 74 6f 72 79 20 75 6e 64 65 72 20 60 60 2f 63 6f	rades..Any.directory.under.``/co
9dec0	6e 66 69 67 60 60 20 69 73 20 73 61 76 65 20 61 74 20 74 68 69 73 20 77 69 6c 6c 20 62 65 20 6d	nfig``.is.save.at.this.will.be.m
9dee0	69 67 72 61 74 65 64 2e 00 43 69 73 63 6f 20 43 61 74 61 6c 79 73 74 00 43 69 73 63 6f 20 61 6e	igrated..Cisco.Catalyst.Cisco.an
9df00	64 20 41 6c 6c 69 65 64 20 54 65 6c 65 73 79 6e 20 63 61 6c 6c 20 69 74 20 50 72 69 76 61 74 65	d.Allied.Telesyn.call.it.Private
9df20	20 56 4c 41 4e 00 43 6c 61 6d 70 20 4d 53 53 20 66 6f 72 20 61 20 73 70 65 63 69 66 69 63 20 49	.VLAN.Clamp.MSS.for.a.specific.I
9df40	50 00 43 6c 61 73 73 20 74 72 65 61 74 6d 65 6e 74 00 43 6c 61 73 73 65 73 00 43 6c 61 73 73 6c	P.Class.treatment.Classes.Classl
9df60	65 73 73 20 73 74 61 74 69 63 20 72 6f 75 74 65 00 43 6c 65 61 72 20 61 6c 6c 20 42 47 50 20 65	ess.static.route.Clear.all.BGP.e
9df80	78 74 63 6f 6d 6d 75 6e 69 74 69 65 73 2e 00 43 6c 69 65 6e 74 00 43 6c 69 65 6e 74 20 41 64 64	xtcommunities..Client.Client.Add
9dfa0	72 65 73 73 20 50 6f 6f 6c 73 00 43 6c 69 65 6e 74 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e	ress.Pools.Client.Authentication
9dfc0	00 43 6c 69 65 6e 74 20 49 50 20 61 64 64 72 65 73 73 65 73 20 77 69 6c 6c 20 62 65 20 70 72 6f	.Client.IP.addresses.will.be.pro
9dfe0	76 69 64 65 64 20 66 72 6f 6d 20 70 6f 6f 6c 20 60 31 39 32 2e 30 2e 32 2e 30 2f 32 35 60 00 43	vided.from.pool.`192.0.2.0/25`.C
9e000	6c 69 65 6e 74 20 53 69 64 65 00 43 6c 69 65 6e 74 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 00	lient.Side.Client.configuration.
9e020	43 6c 69 65 6e 74 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 00 43 6c 69 65 6e 74 20 64 6f 6d 61 69 6e	Client.domain.name.Client.domain
9e040	20 73 65 61 72 63 68 00 43 6c 69 65 6e 74 20 69 73 6f 6c 61 74 69 6f 6e 20 63 61 6e 20 62 65 20	.search.Client.isolation.can.be.
9e060	75 73 65 64 20 74 6f 20 70 72 65 76 65 6e 74 20 6c 6f 77 2d 6c 65 76 65 6c 20 62 72 69 64 67 69	used.to.prevent.low-level.bridgi
9e080	6e 67 20 6f 66 20 66 72 61 6d 65 73 20 62 65 74 77 65 65 6e 20 61 73 73 6f 63 69 61 74 65 64 20	ng.of.frames.between.associated.
9e0a0	73 74 61 74 69 6f 6e 73 20 69 6e 20 74 68 65 20 42 53 53 2e 00 43 6c 69 65 6e 74 3a 00 43 6c 69	stations.in.the.BSS..Client:.Cli
9e0c0	65 6e 74 73 20 61 72 65 20 69 64 65 6e 74 69 66 69 65 64 20 62 79 20 74 68 65 20 43 4e 20 66 69	ents.are.identified.by.the.CN.fi
9e0e0	65 6c 64 20 6f 66 20 74 68 65 69 72 20 78 2e 35 30 39 20 63 65 72 74 69 66 69 63 61 74 65 73 2c	eld.of.their.x.509.certificates,
9e100	20 69 6e 20 74 68 69 73 20 65 78 61 6d 70 6c 65 20 74 68 65 20 43 4e 20 69 73 20 60 60 63 6c 69	.in.this.example.the.CN.is.``cli
9e120	65 6e 74 30 60 60 3a 00 43 6c 69 65 6e 74 73 20 72 65 63 65 69 76 69 6e 67 20 61 64 76 65 72 74	ent0``:.Clients.receiving.advert
9e140	69 73 65 20 6d 65 73 73 61 67 65 73 20 66 72 6f 6d 20 6d 75 6c 74 69 70 6c 65 20 73 65 72 76 65	ise.messages.from.multiple.serve
9e160	72 73 20 63 68 6f 6f 73 65 20 74 68 65 20 73 65 72 76 65 72 20 77 69 74 68 20 74 68 65 20 68 69	rs.choose.the.server.with.the.hi
9e180	67 68 65 73 74 20 70 72 65 66 65 72 65 6e 63 65 20 76 61 6c 75 65 2e 20 54 68 65 20 72 61 6e 67	ghest.preference.value..The.rang
9e1a0	65 20 66 6f 72 20 74 68 69 73 20 76 61 6c 75 65 20 69 73 20 60 60 30 2e 2e 2e 32 35 35 60 60 2e	e.for.this.value.is.``0...255``.
9e1c0	00 43 6c 6f 63 6b 20 64 61 65 6d 6f 6e 00 43 6f 6d 6d 61 6e 64 20 63 6f 6d 70 6c 65 74 69 6f 6e	.Clock.daemon.Command.completion
9e1e0	20 63 61 6e 20 62 65 20 75 73 65 64 20 74 6f 20 6c 69 73 74 20 61 76 61 69 6c 61 62 6c 65 20 74	.can.be.used.to.list.available.t
9e200	69 6d 65 20 7a 6f 6e 65 73 2e 20 54 68 65 20 61 64 6a 75 73 74 6d 65 6e 74 20 66 6f 72 20 64 61	ime.zones..The.adjustment.for.da
9e220	79 6c 69 67 68 74 20 74 69 6d 65 20 77 69 6c 6c 20 74 61 6b 65 20 70 6c 61 63 65 20 61 75 74 6f	ylight.time.will.take.place.auto
9e240	6d 61 74 69 63 61 6c 6c 79 20 62 61 73 65 64 20 6f 6e 20 74 68 65 20 74 69 6d 65 20 6f 66 20 79	matically.based.on.the.time.of.y
9e260	65 61 72 2e 00 43 6f 6d 6d 61 6e 64 20 66 6f 72 20 64 69 73 61 62 6c 69 6e 67 20 61 20 72 75 6c	ear..Command.for.disabling.a.rul
9e280	65 20 62 75 74 20 6b 65 65 70 20 69 74 20 69 6e 20 74 68 65 20 63 6f 6e 66 69 67 75 72 61 74 69	e.but.keep.it.in.the.configurati
9e2a0	6f 6e 2e 00 43 6f 6d 6d 61 6e 64 20 73 68 6f 75 6c 64 20 70 72 6f 62 61 62 6c 79 20 62 65 20 65	on..Command.should.probably.be.e
9e2c0	78 74 65 6e 64 65 64 20 74 6f 20 6c 69 73 74 20 61 6c 73 6f 20 74 68 65 20 72 65 61 6c 20 69 6e	xtended.to.list.also.the.real.in
9e2e0	74 65 72 66 61 63 65 73 20 61 73 73 69 67 6e 65 64 20 74 6f 20 74 68 69 73 20 6f 6e 65 20 56 52	terfaces.assigned.to.this.one.VR
9e300	46 20 74 6f 20 67 65 74 20 61 20 62 65 74 74 65 72 20 6f 76 65 72 76 69 65 77 2e 00 43 6f 6d 6d	F.to.get.a.better.overview..Comm
9e320	61 6e 64 20 75 73 65 64 20 74 6f 20 75 70 64 61 74 65 20 47 65 6f 49 50 20 64 61 74 61 62 61 73	and.used.to.update.GeoIP.databas
9e340	65 20 61 6e 64 20 66 69 72 65 77 61 6c 6c 20 73 65 74 73 2e 00 43 6f 6d 6d 6f 6e 20 63 6f 6e 66	e.and.firewall.sets..Common.conf
9e360	69 67 75 72 61 74 69 6f 6e 2c 20 76 61 6c 69 64 20 66 6f 72 20 62 6f 74 68 20 70 72 69 6d 61 72	iguration,.valid.for.both.primar
9e380	79 20 61 6e 64 20 73 65 63 6f 6e 64 61 72 79 20 6e 6f 64 65 2e 00 43 6f 6d 6d 6f 6e 20 69 6e 74	y.and.secondary.node..Common.int
9e3a0	65 72 66 61 63 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 00 43 6f 6d 6d 6f 6e 20 70 61 72 61	erface.configuration.Common.para
9e3c0	6d 65 74 65 72 73 00 43 6f 6e 66 65 64 65 72 61 74 69 6f 6e 20 43 6f 6e 66 69 67 75 72 61 74 69	meters.Confederation.Configurati
9e3e0	6f 6e 00 43 6f 6e 66 69 64 65 6e 74 69 61 6c 69 74 79 20 e2 80 93 20 45 6e 63 72 79 70 74 69 6f	on.Confidentiality.....Encryptio
9e400	6e 20 6f 66 20 70 61 63 6b 65 74 73 20 74 6f 20 70 72 65 76 65 6e 74 20 73 6e 6f 6f 70 69 6e 67	n.of.packets.to.prevent.snooping
9e420	20 62 79 20 61 6e 20 75 6e 61 75 74 68 6f 72 69 7a 65 64 20 73 6f 75 72 63 65 2e 00 43 6f 6e 66	.by.an.unauthorized.source..Conf
9e440	69 67 75 72 61 74 69 6f 6e 00 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 45 78 61 6d 70 6c 65 00	iguration.Configuration.Example.
9e460	43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 45 78 61 6d 70 6c 65 73 00 43 6f 6e 66 69 67 75 72 61	Configuration.Examples.Configura
9e480	74 69 6f 6e 20 47 75 69 64 65 00 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 4f 70 74 69 6f 6e 73	tion.Guide.Configuration.Options
9e4a0	00 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 63 6f 6d 6d 61 6e 64 73 20 66 6f 72 20 74 68 65 20	.Configuration.commands.for.the.
9e4c0	70 72 69 76 61 74 65 20 61 6e 64 20 70 75 62 6c 69 63 20 6b 65 79 20 77 69 6c 6c 20 62 65 20 64	private.and.public.key.will.be.d
9e4e0	69 73 70 6c 61 79 65 64 20 6f 6e 20 74 68 65 20 73 63 72 65 65 6e 20 77 68 69 63 68 20 6e 65 65	isplayed.on.the.screen.which.nee
9e500	64 73 20 74 6f 20 62 65 20 73 65 74 20 6f 6e 20 74 68 65 20 72 6f 75 74 65 72 20 66 69 72 73 74	ds.to.be.set.on.the.router.first
9e520	2e 20 4e 6f 74 65 20 74 68 65 20 63 6f 6d 6d 61 6e 64 20 77 69 74 68 20 74 68 65 20 70 75 62 6c	..Note.the.command.with.the.publ
9e540	69 63 20 6b 65 79 20 28 73 65 74 20 70 6b 69 20 6b 65 79 2d 70 61 69 72 20 69 70 73 65 63 2d 4c	ic.key.(set.pki.key-pair.ipsec-L
9e560	45 46 54 20 70 75 62 6c 69 63 20 6b 65 79 20 27 4d 49 49 42 49 6a 41 4e 42 67 6b 71 68 2e 2e 2e	EFT.public.key.'MIIBIjANBgkqh...
9e580	27 29 2e 20 54 68 65 6e 20 64 6f 20 74 68 65 20 73 61 6d 65 20 6f 6e 20 74 68 65 20 6f 70 70 6f	')..Then.do.the.same.on.the.oppo
9e5a0	73 69 74 65 20 72 6f 75 74 65 72 3a 00 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 63 6f 6d 6d 61	site.router:.Configuration.comma
9e5c0	6e 64 73 20 77 69 6c 6c 20 64 69 73 70 6c 61 79 2e 20 4e 6f 74 65 20 74 68 65 20 63 6f 6d 6d 61	nds.will.display..Note.the.comma
9e5e0	6e 64 20 77 69 74 68 20 74 68 65 20 70 75 62 6c 69 63 20 6b 65 79 20 28 73 65 74 20 70 6b 69 20	nd.with.the.public.key.(set.pki.
9e600	6b 65 79 2d 70 61 69 72 20 69 70 73 65 63 2d 4c 45 46 54 20 70 75 62 6c 69 63 20 6b 65 79 20 27	key-pair.ipsec-LEFT.public.key.'
9e620	4d 49 49 42 49 6a 41 4e 42 67 6b 71 68 2e 2e 2e 27 29 2e 20 54 68 65 6e 20 64 6f 20 74 68 65 20	MIIBIjANBgkqh...')..Then.do.the.
9e640	73 61 6d 65 20 6f 6e 20 74 68 65 20 6f 70 70 6f 73 69 74 65 20 72 6f 75 74 65 72 3a 00 43 6f 6e	same.on.the.opposite.router:.Con
9e660	66 69 67 75 72 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 73 65 20 65 78 70 6f 72 74 65 64 20 72 6f	figuration.for.these.exported.ro
9e680	75 74 65 73 20 6d 75 73 74 2c 20 61 74 20 61 20 6d 69 6e 69 6d 75 6d 2c 20 73 70 65 63 69 66 79	utes.must,.at.a.minimum,.specify
9e6a0	20 74 68 65 73 65 20 74 77 6f 20 70 61 72 61 6d 65 74 65 72 73 2e 00 43 6f 6e 66 69 67 75 72 61	.these.two.parameters..Configura
9e6c0	74 69 6f 6e 20 6f 66 20 3a 72 65 66 3a 60 72 6f 75 74 69 6e 67 2d 73 74 61 74 69 63 60 00 43 6f	tion.of.:ref:`routing-static`.Co
9e6e0	6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 66 20 61 20 44 48 43 50 20 66 61 69 6c 6f 76 65 72 20 70	nfiguration.of.a.DHCP.failover.p
9e700	61 69 72 00 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 66 20 72 6f 75 74 65 20 6c 65 61 6b 69	air.Configuration.of.route.leaki
9e720	6e 67 20 62 65 74 77 65 65 6e 20 61 20 75 6e 69 63 61 73 74 20 56 52 46 20 52 49 42 20 61 6e 64	ng.between.a.unicast.VRF.RIB.and
9e740	20 74 68 65 20 56 50 4e 20 53 41 46 49 20 52 49 42 20 6f 66 20 74 68 65 20 64 65 66 61 75 6c 74	.the.VPN.SAFI.RIB.of.the.default
9e760	20 56 52 46 20 69 73 20 61 63 63 6f 6d 70 6c 69 73 68 65 64 20 76 69 61 20 63 6f 6d 6d 61 6e 64	.VRF.is.accomplished.via.command
9e780	73 20 69 6e 20 74 68 65 20 63 6f 6e 74 65 78 74 20 6f 66 20 61 20 56 52 46 20 61 64 64 72 65 73	s.in.the.context.of.a.VRF.addres
9e7a0	73 2d 66 61 6d 69 6c 79 2e 00 43 6f 6e 66 69 67 75 72 65 00 43 6f 6e 66 69 67 75 72 65 20 3a 61	s-family..Configure.Configure.:a
9e7c0	62 62 72 3a 60 4d 54 55 20 28 4d 61 78 69 6d 75 6d 20 54 72 61 6e 73 6d 69 73 73 69 6f 6e 20 55	bbr:`MTU.(Maximum.Transmission.U
9e7e0	6e 69 74 29 60 20 6f 6e 20 67 69 76 65 6e 20 60 3c 69 6e 74 65 72 66 61 63 65 3e 60 2e 20 49 74	nit)`.on.given.`<interface>`..It
9e800	20 69 73 20 74 68 65 20 73 69 7a 65 20 28 69 6e 20 62 79 74 65 73 29 20 6f 66 20 74 68 65 20 6c	.is.the.size.(in.bytes).of.the.l
9e820	61 72 67 65 73 74 20 65 74 68 65 72 6e 65 74 20 66 72 61 6d 65 20 73 65 6e 74 20 6f 6e 20 74 68	argest.ethernet.frame.sent.on.th
9e840	69 73 20 6c 69 6e 6b 2e 00 43 6f 6e 66 69 67 75 72 65 20 42 46 44 00 43 6f 6e 66 69 67 75 72 65	is.link..Configure.BFD.Configure
9e860	20 44 4e 53 20 60 3c 72 65 63 6f 72 64 3e 60 20 77 68 69 63 68 20 73 68 6f 75 6c 64 20 62 65 20	.DNS.`<record>`.which.should.be.
9e880	75 70 64 61 74 65 64 2e 20 54 68 69 73 20 63 61 6e 20 62 65 20 73 65 74 20 6d 75 6c 74 69 70 6c	updated..This.can.be.set.multipl
9e8a0	65 20 74 69 6d 65 73 2e 00 43 6f 6e 66 69 67 75 72 65 20 44 4e 53 20 60 3c 7a 6f 6e 65 3e 60 20	e.times..Configure.DNS.`<zone>`.
9e8c0	74 6f 20 62 65 20 75 70 64 61 74 65 64 2e 00 43 6f 6e 66 69 67 75 72 65 20 47 45 4e 45 56 45 20	to.be.updated..Configure.GENEVE.
9e8e0	74 75 6e 6e 65 6c 20 66 61 72 20 65 6e 64 2f 72 65 6d 6f 74 65 20 74 75 6e 6e 65 6c 20 65 6e 64	tunnel.far.end/remote.tunnel.end
9e900	70 6f 69 6e 74 2e 00 43 6f 6e 66 69 67 75 72 65 20 47 72 61 63 65 66 75 6c 20 52 65 73 74 61 72	point..Configure.Graceful.Restar
9e920	74 20 3a 72 66 63 3a 60 33 36 32 33 60 20 68 65 6c 70 65 72 20 73 75 70 70 6f 72 74 2e 20 42 79	t.:rfc:`3623`.helper.support..By
9e940	20 64 65 66 61 75 6c 74 2c 20 68 65 6c 70 65 72 20 73 75 70 70 6f 72 74 20 69 73 20 64 69 73 61	.default,.helper.support.is.disa
9e960	62 6c 65 64 20 66 6f 72 20 61 6c 6c 20 6e 65 69 67 68 62 6f 75 72 73 2e 20 54 68 69 73 20 63 6f	bled.for.all.neighbours..This.co
9e980	6e 66 69 67 20 65 6e 61 62 6c 65 73 2f 64 69 73 61 62 6c 65 73 20 68 65 6c 70 65 72 20 73 75 70	nfig.enables/disables.helper.sup
9e9a0	70 6f 72 74 20 6f 6e 20 74 68 69 73 20 72 6f 75 74 65 72 20 66 6f 72 20 61 6c 6c 20 6e 65 69 67	port.on.this.router.for.all.neig
9e9c0	68 62 6f 75 72 73 2e 00 43 6f 6e 66 69 67 75 72 65 20 47 72 61 63 65 66 75 6c 20 52 65 73 74 61	hbours..Configure.Graceful.Resta
9e9e0	72 74 20 3a 72 66 63 3a 60 33 36 32 33 60 20 72 65 73 74 61 72 74 69 6e 67 20 73 75 70 70 6f 72	rt.:rfc:`3623`.restarting.suppor
9ea00	74 2e 20 57 68 65 6e 20 65 6e 61 62 6c 65 64 2c 20 74 68 65 20 64 65 66 61 75 6c 74 20 67 72 61	t..When.enabled,.the.default.gra
9ea20	63 65 20 70 65 72 69 6f 64 20 69 73 20 31 32 30 20 73 65 63 6f 6e 64 73 2e 00 43 6f 6e 66 69 67	ce.period.is.120.seconds..Config
9ea40	75 72 65 20 49 50 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 44 48 43 50 20 60 3c 73 65 72	ure.IP.address.of.the.DHCP.`<ser
9ea60	76 65 72 3e 60 20 77 68 69 63 68 20 77 69 6c 6c 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 6c 61	ver>`.which.will.handle.the.rela
9ea80	79 65 64 20 70 61 63 6b 65 74 73 2e 00 43 6f 6e 66 69 67 75 72 65 20 52 41 44 49 55 53 20 60 3c	yed.packets..Configure.RADIUS.`<
9eaa0	73 65 72 76 65 72 3e 60 20 61 6e 64 20 69 74 73 20 72 65 71 75 69 72 65 64 20 70 6f 72 74 20 66	server>`.and.its.required.port.f
9eac0	6f 72 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 72 65 71 75 65 73 74 73 2e 00 43 6f 6e 66	or.authentication.requests..Conf
9eae0	69 67 75 72 65 20 52 41 44 49 55 53 20 60 3c 73 65 72 76 65 72 3e 60 20 61 6e 64 20 69 74 73 20	igure.RADIUS.`<server>`.and.its.
9eb00	72 65 71 75 69 72 65 64 20 73 68 61 72 65 64 20 60 3c 73 65 63 72 65 74 3e 60 20 66 6f 72 20 63	required.shared.`<secret>`.for.c
9eb20	6f 6d 6d 75 6e 69 63 61 74 69 6e 67 20 77 69 74 68 20 74 68 65 20 52 41 44 49 55 53 20 73 65 72	ommunicating.with.the.RADIUS.ser
9eb40	76 65 72 2e 00 43 6f 6e 66 69 67 75 72 65 20 53 4e 41 54 20 72 75 6c 65 20 28 34 30 29 20 74 6f	ver..Configure.SNAT.rule.(40).to
9eb60	20 6f 6e 6c 79 20 4e 41 54 20 70 61 63 6b 65 74 73 20 77 69 74 68 20 61 20 64 65 73 74 69 6e 61	.only.NAT.packets.with.a.destina
9eb80	74 69 6f 6e 20 61 64 64 72 65 73 73 20 6f 66 20 31 39 32 2e 30 2e 32 2e 31 2e 00 43 6f 6e 66 69	tion.address.of.192.0.2.1..Confi
9eba0	67 75 72 65 20 60 3c 6d 65 73 73 61 67 65 3e 60 20 77 68 69 63 68 20 69 73 20 73 68 6f 77 6e 20	gure.`<message>`.which.is.shown.
9ebc0	61 66 74 65 72 20 75 73 65 72 20 68 61 73 20 6c 6f 67 67 65 64 20 69 6e 20 74 6f 20 74 68 65 20	after.user.has.logged.in.to.the.
9ebe0	73 79 73 74 65 6d 2e 00 43 6f 6e 66 69 67 75 72 65 20 60 3c 6d 65 73 73 61 67 65 3e 60 20 77 68	system..Configure.`<message>`.wh
9ec00	69 63 68 20 69 73 20 73 68 6f 77 6e 20 64 75 72 69 6e 67 20 53 53 48 20 63 6f 6e 6e 65 63 74 20	ich.is.shown.during.SSH.connect.
9ec20	61 6e 64 20 62 65 66 6f 72 65 20 61 20 75 73 65 72 20 69 73 20 6c 6f 67 67 65 64 20 69 6e 2e 00	and.before.a.user.is.logged.in..
9ec40	43 6f 6e 66 69 67 75 72 65 20 60 3c 70 61 73 73 77 6f 72 64 3e 60 20 75 73 65 64 20 77 68 65 6e	Configure.`<password>`.used.when
9ec60	20 61 75 74 68 65 6e 74 69 63 61 74 69 6e 67 20 74 68 65 20 75 70 64 61 74 65 20 72 65 71 75 65	.authenticating.the.update.reque
9ec80	73 74 20 66 6f 72 20 44 79 6e 44 4e 53 20 73 65 72 76 69 63 65 20 69 64 65 6e 74 69 66 69 65 64	st.for.DynDNS.service.identified
9eca0	20 62 79 20 60 3c 73 65 72 76 69 63 65 3e 60 2e 00 43 6f 6e 66 69 67 75 72 65 20 60 3c 75 73 65	.by.`<service>`..Configure.`<use
9ecc0	72 6e 61 6d 65 3e 60 20 75 73 65 64 20 77 68 65 6e 20 61 75 74 68 65 6e 74 69 63 61 74 69 6e 67	rname>`.used.when.authenticating
9ece0	20 74 68 65 20 75 70 64 61 74 65 20 72 65 71 75 65 73 74 20 66 6f 72 20 44 79 6e 44 4e 53 20 73	.the.update.request.for.DynDNS.s
9ed00	65 72 76 69 63 65 20 69 64 65 6e 74 69 66 69 65 64 20 62 79 20 60 3c 73 65 72 76 69 63 65 3e 60	ervice.identified.by.`<service>`
9ed20	2e 20 46 6f 72 20 4e 61 6d 65 63 68 65 61 70 2c 20 73 65 74 20 74 68 65 20 3c 64 6f 6d 61 69 6e	..For.Namecheap,.set.the.<domain
9ed40	3e 20 79 6f 75 20 77 69 73 68 20 74 6f 20 75 70 64 61 74 65 2e 00 43 6f 6e 66 69 67 75 72 65 20	>.you.wish.to.update..Configure.
9ed60	61 20 73 46 6c 6f 77 20 61 67 65 6e 74 20 61 64 64 72 65 73 73 2e 20 49 74 20 63 61 6e 20 62 65	a.sFlow.agent.address..It.can.be
9ed80	20 49 50 76 34 20 6f 72 20 49 50 76 36 20 61 64 64 72 65 73 73 2c 20 62 75 74 20 79 6f 75 20 6d	.IPv4.or.IPv6.address,.but.you.m
9eda0	75 73 74 20 73 65 74 20 74 68 65 20 73 61 6d 65 20 70 72 6f 74 6f 63 6f 6c 2c 20 77 68 69 63 68	ust.set.the.same.protocol,.which
9edc0	20 69 73 20 75 73 65 64 20 66 6f 72 20 73 46 6c 6f 77 20 63 6f 6c 6c 65 63 74 6f 72 20 61 64 64	.is.used.for.sFlow.collector.add
9ede0	72 65 73 73 65 73 2e 20 42 79 20 64 65 66 61 75 6c 74 2c 20 75 73 69 6e 67 20 72 6f 75 74 65 72	resses..By.default,.using.router
9ee00	2d 69 64 20 66 72 6f 6d 20 42 47 50 20 6f 72 20 4f 53 50 46 20 70 72 6f 74 6f 63 6f 6c 2c 20 6f	-id.from.BGP.or.OSPF.protocol,.o
9ee20	72 20 74 68 65 20 70 72 69 6d 61 72 79 20 49 50 20 61 64 64 72 65 73 73 20 66 72 6f 6d 20 74 68	r.the.primary.IP.address.from.th
9ee40	65 20 66 69 72 73 74 20 69 6e 74 65 72 66 61 63 65 2e 00 43 6f 6e 66 69 67 75 72 65 20 61 20 73	e.first.interface..Configure.a.s
9ee60	74 61 74 69 63 20 72 6f 75 74 65 20 66 6f 72 20 3c 73 75 62 6e 65 74 3e 20 75 73 69 6e 67 20 67	tatic.route.for.<subnet>.using.g
9ee80	61 74 65 77 61 79 20 3c 61 64 64 72 65 73 73 3e 20 2c 20 75 73 65 20 73 6f 75 72 63 65 20 61 64	ateway.<address>.,.use.source.ad
9eea0	64 72 65 73 73 20 74 6f 20 69 6e 64 65 6e 74 69 66 79 20 74 68 65 20 70 65 65 72 20 77 68 65 6e	dress.to.indentify.the.peer.when
9eec0	20 69 73 20 6d 75 6c 74 69 2d 68 6f 70 20 73 65 73 73 69 6f 6e 20 61 6e 64 20 74 68 65 20 67 61	.is.multi-hop.session.and.the.ga
9eee0	74 65 77 61 79 20 61 64 64 72 65 73 73 20 61 73 20 42 46 44 20 70 65 65 72 20 64 65 73 74 69 6e	teway.address.as.BFD.peer.destin
9ef00	61 74 69 6f 6e 20 61 64 64 72 65 73 73 2e 00 43 6f 6e 66 69 67 75 72 65 20 61 20 73 74 61 74 69	ation.address..Configure.a.stati
9ef20	63 20 72 6f 75 74 65 20 66 6f 72 20 3c 73 75 62 6e 65 74 3e 20 75 73 69 6e 67 20 67 61 74 65 77	c.route.for.<subnet>.using.gatew
9ef40	61 79 20 3c 61 64 64 72 65 73 73 3e 20 61 6e 64 20 75 73 65 20 74 68 65 20 67 61 74 65 77 61 79	ay.<address>.and.use.the.gateway
9ef60	20 61 64 64 72 65 73 73 20 61 73 20 42 46 44 20 70 65 65 72 20 64 65 73 74 69 6e 61 74 69 6f 6e	.address.as.BFD.peer.destination
9ef80	20 61 64 64 72 65 73 73 2e 00 43 6f 6e 66 69 67 75 72 65 20 61 64 64 72 65 73 73 20 6f 66 20 4e	.address..Configure.address.of.N
9efa0	65 74 46 6c 6f 77 20 63 6f 6c 6c 65 63 74 6f 72 2e 20 4e 65 74 46 6c 6f 77 20 73 65 72 76 65 72	etFlow.collector..NetFlow.server
9efc0	20 61 74 20 60 3c 61 64 64 72 65 73 73 3e 60 20 63 61 6e 20 62 65 20 62 6f 74 68 20 6c 69 73 74	.at.`<address>`.can.be.both.list
9efe0	65 6e 69 6e 67 20 6f 6e 20 61 6e 20 49 50 76 34 20 6f 72 20 49 50 76 36 20 61 64 64 72 65 73 73	ening.on.an.IPv4.or.IPv6.address
9f000	2e 00 43 6f 6e 66 69 67 75 72 65 20 61 64 64 72 65 73 73 20 6f 66 20 73 46 6c 6f 77 20 63 6f 6c	..Configure.address.of.sFlow.col
9f020	6c 65 63 74 6f 72 2e 20 73 46 6c 6f 77 20 73 65 72 76 65 72 20 61 74 20 3c 61 64 64 72 65 73 73	lector..sFlow.server.at.<address
9f040	3e 20 63 61 6e 20 62 65 20 62 6f 74 68 20 6c 69 73 74 65 6e 69 6e 67 20 6f 6e 20 61 6e 20 49 50	>.can.be.both.listening.on.an.IP
9f060	76 34 20 6f 72 20 49 50 76 36 20 61 64 64 72 65 73 73 2e 00 43 6f 6e 66 69 67 75 72 65 20 61 64	v4.or.IPv6.address..Configure.ad
9f080	64 72 65 73 73 20 6f 66 20 73 46 6c 6f 77 20 63 6f 6c 6c 65 63 74 6f 72 2e 20 73 46 6c 6f 77 20	dress.of.sFlow.collector..sFlow.
9f0a0	73 65 72 76 65 72 20 61 74 20 60 3c 61 64 64 72 65 73 73 3e 60 20 63 61 6e 20 62 65 20 61 6e 20	server.at.`<address>`.can.be.an.
9f0c0	49 50 76 34 20 6f 72 20 49 50 76 36 20 61 64 64 72 65 73 73 2e 20 42 75 74 20 79 6f 75 20 63 61	IPv4.or.IPv6.address..But.you.ca
9f0e0	6e 6e 6f 74 20 65 78 70 6f 72 74 20 74 6f 20 62 6f 74 68 20 49 50 76 34 20 61 6e 64 20 49 50 76	nnot.export.to.both.IPv4.and.IPv
9f100	36 20 63 6f 6c 6c 65 63 74 6f 72 73 20 61 74 20 74 68 65 20 73 61 6d 65 20 74 69 6d 65 21 00 43	6.collectors.at.the.same.time!.C
9f120	6f 6e 66 69 67 75 72 65 20 61 67 65 6e 74 20 49 50 20 61 64 64 72 65 73 73 20 61 73 73 6f 63 69	onfigure.agent.IP.address.associ
9f140	61 74 65 64 20 77 69 74 68 20 74 68 69 73 20 69 6e 74 65 72 66 61 63 65 2e 00 43 6f 6e 66 69 67	ated.with.this.interface..Config
9f160	75 72 65 20 61 67 67 72 65 67 61 74 69 6f 6e 20 64 65 6c 61 79 20 74 69 6d 65 72 20 69 6e 74 65	ure.aggregation.delay.timer.inte
9f180	72 76 61 6c 2e 00 43 6f 6e 66 69 67 75 72 65 20 61 6e 20 61 63 63 6f 75 6e 74 69 6e 67 20 73 65	rval..Configure.an.accounting.se
9f1a0	72 76 65 72 20 61 6e 64 20 65 6e 61 62 6c 65 20 61 63 63 6f 75 6e 74 69 6e 67 20 77 69 74 68 3a	rver.and.enable.accounting.with:
9f1c0	00 43 6f 6e 66 69 67 75 72 65 20 61 6e 64 20 65 6e 61 62 6c 65 20 63 6f 6c 6c 65 63 74 69 6f 6e	.Configure.and.enable.collection
9f1e0	20 6f 66 20 66 6c 6f 77 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 69 6e 74	.of.flow.information.for.the.int
9f200	65 72 66 61 63 65 20 69 64 65 6e 74 69 66 69 65 64 20 62 79 20 3c 69 6e 74 65 72 66 61 63 65 3e	erface.identified.by.<interface>
9f220	2e 00 43 6f 6e 66 69 67 75 72 65 20 61 6e 64 20 65 6e 61 62 6c 65 20 63 6f 6c 6c 65 63 74 69 6f	..Configure.and.enable.collectio
9f240	6e 20 6f 66 20 66 6c 6f 77 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 69 6e	n.of.flow.information.for.the.in
9f260	74 65 72 66 61 63 65 20 69 64 65 6e 74 69 66 69 65 64 20 62 79 20 60 3c 69 6e 74 65 72 66 61 63	terface.identified.by.`<interfac
9f280	65 3e 60 2e 00 43 6f 6e 66 69 67 75 72 65 20 62 61 63 6b 65 6e 64 20 60 3c 6e 61 6d 65 3e 60 20	e>`..Configure.backend.`<name>`.
9f2a0	6d 6f 64 65 20 54 43 50 20 6f 72 20 48 54 54 50 00 43 6f 6e 66 69 67 75 72 65 20 65 69 74 68 65	mode.TCP.or.HTTP.Configure.eithe
9f2c0	72 20 6f 6e 65 20 6f 72 20 74 77 6f 20 73 74 6f 70 20 62 69 74 73 2e 20 54 68 69 73 20 64 65 66	r.one.or.two.stop.bits..This.def
9f2e0	61 75 6c 74 73 20 74 6f 20 6f 6e 65 20 73 74 6f 70 20 62 69 74 73 20 69 66 20 6c 65 66 74 20 75	aults.to.one.stop.bits.if.left.u
9f300	6e 63 6f 6e 66 69 67 75 72 65 64 2e 00 43 6f 6e 66 69 67 75 72 65 20 65 69 74 68 65 72 20 73 65	nconfigured..Configure.either.se
9f320	76 65 6e 20 6f 72 20 65 69 67 68 74 20 64 61 74 61 20 62 69 74 73 2e 20 54 68 69 73 20 64 65 66	ven.or.eight.data.bits..This.def
9f340	61 75 6c 74 73 20 74 6f 20 65 69 67 68 74 20 64 61 74 61 20 62 69 74 73 20 69 66 20 6c 65 66 74	aults.to.eight.data.bits.if.left
9f360	20 75 6e 63 6f 6e 66 69 67 75 72 65 64 2e 00 43 6f 6e 66 69 67 75 72 65 20 69 6e 64 69 76 69 64	.unconfigured..Configure.individ
9f380	75 61 6c 20 62 72 69 64 67 65 20 70 6f 72 74 20 60 3c 70 72 69 6f 72 69 74 79 3e 60 2e 00 43 6f	ual.bridge.port.`<priority>`..Co
9f3a0	6e 66 69 67 75 72 65 20 69 6e 74 65 72 66 61 63 65 20 60 3c 69 6e 74 65 72 66 61 63 65 3e 60 20	nfigure.interface.`<interface>`.
9f3c0	77 69 74 68 20 6f 6e 65 20 6f 72 20 6d 6f 72 65 20 69 6e 74 65 72 66 61 63 65 20 61 64 64 72 65	with.one.or.more.interface.addre
9f3e0	73 73 65 73 2e 00 43 6f 6e 66 69 67 75 72 65 20 69 6e 74 65 72 66 61 63 65 2d 73 70 65 63 69 66	sses..Configure.interface-specif
9f400	69 63 20 48 6f 73 74 2f 52 6f 75 74 65 72 20 62 65 68 61 76 69 6f 75 72 2e 20 49 66 20 73 65 74	ic.Host/Router.behaviour..If.set
9f420	2c 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 77 69 6c 6c 20 73 77 69 74 63 68 20 74 6f 20 68	,.the.interface.will.switch.to.h
9f440	6f 73 74 20 6d 6f 64 65 20 61 6e 64 20 49 50 76 36 20 66 6f 72 77 61 72 64 69 6e 67 20 77 69 6c	ost.mode.and.IPv6.forwarding.wil
9f460	6c 20 62 65 20 64 69 73 61 62 6c 65 64 20 6f 6e 20 74 68 69 73 20 69 6e 74 65 72 66 61 63 65 2e	l.be.disabled.on.this.interface.
9f480	00 43 6f 6e 66 69 67 75 72 65 20 6e 65 77 20 53 4e 4d 50 20 75 73 65 72 20 6e 61 6d 65 64 20 22	.Configure.new.SNMP.user.named."
9f4a0	76 79 6f 73 22 20 77 69 74 68 20 70 61 73 73 77 6f 72 64 20 22 76 79 6f 73 31 32 33 34 35 36 37	vyos".with.password."vyos1234567
9f4c0	38 22 00 43 6f 6e 66 69 67 75 72 65 20 6e 65 78 74 2d 68 6f 70 20 60 3c 61 64 64 72 65 73 73 3e	8".Configure.next-hop.`<address>
9f4e0	60 20 61 6e 64 20 60 3c 74 61 72 67 65 74 2d 61 64 64 72 65 73 73 3e 60 20 66 6f 72 20 61 6e 20	`.and.`<target-address>`.for.an.
9f500	49 50 76 34 20 73 74 61 74 69 63 20 72 6f 75 74 65 2e 20 53 70 65 63 69 66 79 20 74 68 65 20 74	IPv4.static.route..Specify.the.t
9f520	61 72 67 65 74 20 49 50 76 34 20 61 64 64 72 65 73 73 20 66 6f 72 20 68 65 61 6c 74 68 20 63 68	arget.IPv4.address.for.health.ch
9f540	65 63 6b 69 6e 67 2e 00 43 6f 6e 66 69 67 75 72 65 20 6e 65 78 74 2d 68 6f 70 20 60 3c 61 64 64	ecking..Configure.next-hop.`<add
9f560	72 65 73 73 3e 60 20 66 6f 72 20 61 6e 20 49 50 76 34 20 73 74 61 74 69 63 20 72 6f 75 74 65 2e	ress>`.for.an.IPv4.static.route.
9f580	20 4d 75 6c 74 69 70 6c 65 20 73 74 61 74 69 63 20 72 6f 75 74 65 73 20 63 61 6e 20 62 65 20 63	.Multiple.static.routes.can.be.c
9f5a0	72 65 61 74 65 64 2e 00 43 6f 6e 66 69 67 75 72 65 20 6e 65 78 74 2d 68 6f 70 20 60 3c 61 64 64	reated..Configure.next-hop.`<add
9f5c0	72 65 73 73 3e 60 20 66 6f 72 20 61 6e 20 49 50 76 36 20 73 74 61 74 69 63 20 72 6f 75 74 65 2e	ress>`.for.an.IPv6.static.route.
9f5e0	20 4d 75 6c 74 69 70 6c 65 20 73 74 61 74 69 63 20 72 6f 75 74 65 73 20 63 61 6e 20 62 65 20 63	.Multiple.static.routes.can.be.c
9f600	72 65 61 74 65 64 2e 00 43 6f 6e 66 69 67 75 72 65 20 6f 6e 65 20 6f 66 20 74 68 65 20 70 72 65	reated..Configure.one.of.the.pre
9f620	64 65 66 69 6e 65 64 20 73 79 73 74 65 6d 20 70 65 72 66 6f 72 6d 61 6e 63 65 20 70 72 6f 66 69	defined.system.performance.profi
9f640	6c 65 73 2e 00 43 6f 6e 66 69 67 75 72 65 20 6f 6e 65 20 6f 72 20 6d 6f 72 65 20 61 74 74 72 69	les..Configure.one.or.more.attri
9f660	62 75 74 65 73 20 74 6f 20 74 68 65 20 67 69 76 65 6e 20 4e 54 50 20 73 65 72 76 65 72 2e 00 43	butes.to.the.given.NTP.server..C
9f680	6f 6e 66 69 67 75 72 65 20 6f 6e 65 20 6f 72 20 6d 6f 72 65 20 73 65 72 76 65 72 73 20 66 6f 72	onfigure.one.or.more.servers.for
9f6a0	20 73 79 6e 63 68 72 6f 6e 69 73 61 74 69 6f 6e 2e 20 53 65 72 76 65 72 20 6e 61 6d 65 20 63 61	.synchronisation..Server.name.ca
9f6c0	6e 20 62 65 20 65 69 74 68 65 72 20 61 6e 20 49 50 20 61 64 64 72 65 73 73 20 6f 72 20 3a 61 62	n.be.either.an.IP.address.or.:ab
9f6e0	62 72 3a 60 46 51 44 4e 20 28 46 75 6c 6c 79 20 51 75 61 6c 69 66 69 65 64 20 44 6f 6d 61 69 6e	br:`FQDN.(Fully.Qualified.Domain
9f700	20 4e 61 6d 65 29 60 2e 00 43 6f 6e 66 69 67 75 72 65 20 6f 70 74 69 6f 6e 61 6c 20 54 54 4c 20	.Name)`..Configure.optional.TTL.
9f720	76 61 6c 75 65 20 6f 6e 20 74 68 65 20 67 69 76 65 6e 20 72 65 73 6f 75 72 63 65 20 72 65 63 6f	value.on.the.given.resource.reco
9f740	72 64 2e 20 54 68 69 73 20 64 65 66 61 75 6c 74 73 20 74 6f 20 36 30 30 20 73 65 63 6f 6e 64 73	rd..This.defaults.to.600.seconds
9f760	2e 00 43 6f 6e 66 69 67 75 72 65 20 70 68 79 73 69 63 61 6c 20 69 6e 74 65 72 66 61 63 65 20 64	..Configure.physical.interface.d
9f780	75 70 6c 65 78 20 73 65 74 74 69 6e 67 2e 00 43 6f 6e 66 69 67 75 72 65 20 70 68 79 73 69 63 61	uplex.setting..Configure.physica
9f7a0	6c 20 69 6e 74 65 72 66 61 63 65 20 73 70 65 65 64 20 73 65 74 74 69 6e 67 2e 00 43 6f 6e 66 69	l.interface.speed.setting..Confi
9f7c0	67 75 72 65 20 70 6f 72 74 20 6d 69 72 72 6f 72 69 6e 67 20 66 6f 72 20 60 69 6e 74 65 72 66 61	gure.port.mirroring.for.`interfa
9f7e0	63 65 60 20 69 6e 62 6f 75 6e 64 20 74 72 61 66 66 69 63 20 61 6e 64 20 63 6f 70 79 20 74 68 65	ce`.inbound.traffic.and.copy.the
9f800	20 74 72 61 66 66 69 63 20 74 6f 20 60 6d 6f 6e 69 74 6f 72 2d 69 6e 74 65 72 66 61 63 65 60 00	.traffic.to.`monitor-interface`.
9f820	43 6f 6e 66 69 67 75 72 65 20 70 6f 72 74 20 6d 69 72 72 6f 72 69 6e 67 20 66 6f 72 20 60 69 6e	Configure.port.mirroring.for.`in
9f840	74 65 72 66 61 63 65 60 20 6f 75 74 62 6f 75 6e 64 20 74 72 61 66 66 69 63 20 61 6e 64 20 63 6f	terface`.outbound.traffic.and.co
9f860	70 79 20 74 68 65 20 74 72 61 66 66 69 63 20 74 6f 20 60 6d 6f 6e 69 74 6f 72 2d 69 6e 74 65 72	py.the.traffic.to.`monitor-inter
9f880	66 61 63 65 60 00 43 6f 6e 66 69 67 75 72 65 20 70 6f 72 74 20 6e 75 6d 62 65 72 20 6f 66 20 72	face`.Configure.port.number.of.r
9f8a0	65 6d 6f 74 65 20 56 58 4c 41 4e 20 65 6e 64 70 6f 69 6e 74 2e 00 43 6f 6e 66 69 67 75 72 65 20	emote.VXLAN.endpoint..Configure.
9f8c0	70 72 6f 74 6f 63 6f 6c 20 75 73 65 64 20 66 6f 72 20 63 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 20	protocol.used.for.communication.
9f8e0	74 6f 20 72 65 6d 6f 74 65 20 73 79 73 6c 6f 67 20 68 6f 73 74 2e 20 54 68 69 73 20 63 61 6e 20	to.remote.syslog.host..This.can.
9f900	62 65 20 65 69 74 68 65 72 20 55 44 50 20 6f 72 20 54 43 50 2e 00 43 6f 6e 66 69 67 75 72 65 20	be.either.UDP.or.TCP..Configure.
9f920	70 72 6f 78 79 20 70 6f 72 74 20 69 66 20 69 74 20 64 6f 65 73 20 6e 6f 74 20 6c 69 73 74 65 6e	proxy.port.if.it.does.not.listen
9f940	20 74 6f 20 74 68 65 20 64 65 66 61 75 6c 74 20 70 6f 72 74 20 38 30 2e 00 43 6f 6e 66 69 67 75	.to.the.default.port.80..Configu
9f960	72 65 20 73 46 6c 6f 77 20 61 67 65 6e 74 20 49 50 76 34 20 6f 72 20 49 50 76 36 20 61 64 64 72	re.sFlow.agent.IPv4.or.IPv6.addr
9f980	65 73 73 00 43 6f 6e 66 69 67 75 72 65 20 73 63 68 65 64 75 6c 65 20 63 6f 75 6e 74 65 72 2d 70	ess.Configure.schedule.counter-p
9f9a0	6f 6c 6c 69 6e 67 20 69 6e 20 73 65 63 6f 6e 64 73 20 28 64 65 66 61 75 6c 74 3a 20 33 30 29 00	olling.in.seconds.(default:.30).
9f9c0	43 6f 6e 66 69 67 75 72 65 20 73 65 72 76 69 63 65 20 60 3c 6e 61 6d 65 3e 60 20 6d 6f 64 65 20	Configure.service.`<name>`.mode.
9f9e0	54 43 50 20 6f 72 20 48 54 54 50 00 43 6f 6e 66 69 67 75 72 65 20 73 65 72 76 69 63 65 20 60 3c	TCP.or.HTTP.Configure.service.`<
9fa00	6e 61 6d 65 3e 60 20 74 6f 20 75 73 65 20 74 68 65 20 62 61 63 6b 65 6e 64 20 3c 6e 61 6d 65 3e	name>`.to.use.the.backend.<name>
9fa20	00 43 6f 6e 66 69 67 75 72 65 20 73 65 73 73 69 6f 6e 20 74 69 6d 65 6f 75 74 20 61 66 74 65 72	.Configure.session.timeout.after
9fa40	20 77 68 69 63 68 20 74 68 65 20 75 73 65 72 20 77 69 6c 6c 20 62 65 20 6c 6f 67 67 65 64 20 6f	.which.the.user.will.be.logged.o
9fa60	75 74 2e 00 43 6f 6e 66 69 67 75 72 65 20 73 79 73 74 65 6d 20 64 6f 6d 61 69 6e 20 6e 61 6d 65	ut..Configure.system.domain.name
9fa80	2e 20 41 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 20 6d 75 73 74 20 73 74 61 72 74 20 61 6e 64 20 65	..A.domain.name.must.start.and.e
9faa0	6e 64 20 77 69 74 68 20 61 20 6c 65 74 74 65 72 20 6f 72 20 64 69 67 69 74 2c 20 61 6e 64 20 68	nd.with.a.letter.or.digit,.and.h
9fac0	61 76 65 20 61 73 20 69 6e 74 65 72 69 6f 72 20 63 68 61 72 61 63 74 65 72 73 20 6f 6e 6c 79 20	ave.as.interior.characters.only.
9fae0	6c 65 74 74 65 72 73 2c 20 64 69 67 69 74 73 2c 20 6f 72 20 61 20 68 79 70 68 65 6e 2e 00 43 6f	letters,.digits,.or.a.hyphen..Co
9fb00	6e 66 69 67 75 72 65 20 74 68 65 20 44 4e 53 20 60 3c 73 65 72 76 65 72 3e 60 20 49 50 2f 46 51	nfigure.the.DNS.`<server>`.IP/FQ
9fb20	44 4e 20 75 73 65 64 20 77 68 65 6e 20 75 70 64 61 74 69 6e 67 20 74 68 69 73 20 64 79 6e 61 6d	DN.used.when.updating.this.dynam
9fb40	69 63 20 61 73 73 69 67 6e 6d 65 6e 74 2e 00 43 6f 6e 66 69 67 75 72 65 20 74 68 65 20 49 50 76	ic.assignment..Configure.the.IPv
9fb60	34 20 6f 72 20 49 50 76 36 20 6c 69 73 74 65 6e 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20	4.or.IPv6.listen.address.of.the.
9fb80	54 46 54 50 20 73 65 72 76 65 72 2e 20 4d 75 6c 74 69 70 6c 65 20 49 50 76 34 20 61 6e 64 20 49	TFTP.server..Multiple.IPv4.and.I
9fba0	50 76 36 20 61 64 64 72 65 73 73 65 73 20 63 61 6e 20 62 65 20 67 69 76 65 6e 2e 20 54 68 65 72	Pv6.addresses.can.be.given..Ther
9fbc0	65 20 77 69 6c 6c 20 62 65 20 6f 6e 65 20 54 46 54 50 20 73 65 72 76 65 72 20 69 6e 73 74 61 6e	e.will.be.one.TFTP.server.instan
9fbe0	63 65 73 20 6c 69 73 74 65 6e 69 6e 67 20 6f 6e 20 65 61 63 68 20 49 50 20 61 64 64 72 65 73 73	ces.listening.on.each.IP.address
9fc00	2e 00 43 6f 6e 66 69 67 75 72 65 20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 74 72 61 63 6b	..Configure.the.connection.track
9fc20	69 6e 67 20 70 72 6f 74 6f 63 6f 6c 20 68 65 6c 70 65 72 20 6d 6f 64 75 6c 65 73 2e 20 41 6c 6c	ing.protocol.helper.modules..All
9fc40	20 6d 6f 64 75 6c 65 73 20 61 72 65 20 65 6e 61 62 6c 65 20 62 79 20 64 65 66 61 75 6c 74 2e 00	.modules.are.enable.by.default..
9fc60	43 6f 6e 66 69 67 75 72 65 20 74 68 65 20 64 69 73 63 72 65 74 65 20 70 6f 72 74 20 75 6e 64 65	Configure.the.discrete.port.unde
9fc80	72 20 77 68 69 63 68 20 74 68 65 20 52 41 44 49 55 53 20 73 65 72 76 65 72 20 63 61 6e 20 62 65	r.which.the.RADIUS.server.can.be
9fca0	20 72 65 61 63 68 65 64 2e 00 43 6f 6e 66 69 67 75 72 65 20 74 68 65 20 64 69 73 63 72 65 74 65	.reached..Configure.the.discrete
9fcc0	20 70 6f 72 74 20 75 6e 64 65 72 20 77 68 69 63 68 20 74 68 65 20 54 41 43 41 43 53 20 73 65 72	.port.under.which.the.TACACS.ser
9fce0	76 65 72 20 63 61 6e 20 62 65 20 72 65 61 63 68 65 64 2e 00 43 6f 6e 66 69 67 75 72 65 20 74 68	ver.can.be.reached..Configure.th
9fd00	65 20 6c 6f 61 64 2d 62 61 6c 61 6e 63 69 6e 67 20 72 65 76 65 72 73 65 2d 70 72 6f 78 79 20 73	e.load-balancing.reverse-proxy.s
9fd20	65 72 76 69 63 65 20 66 6f 72 20 48 54 54 50 2e 00 43 6f 6e 66 69 67 75 72 65 20 75 73 65 72 20	ervice.for.HTTP..Configure.user.
9fd40	64 65 66 69 6e 65 64 20 3a 61 62 62 72 3a 60 4d 41 43 20 28 4d 65 64 69 61 20 41 63 63 65 73 73	defined.:abbr:`MAC.(Media.Access
9fd60	20 43 6f 6e 74 72 6f 6c 29 60 20 61 64 64 72 65 73 73 20 6f 6e 20 67 69 76 65 6e 20 60 3c 69 6e	.Control)`.address.on.given.`<in
9fd80	74 65 72 66 61 63 65 3e 60 2e 00 43 6f 6e 66 69 67 75 72 65 64 20 72 6f 75 74 69 6e 67 20 74 61	terface>`..Configured.routing.ta
9fda0	62 6c 65 20 60 3c 69 64 3e 60 20 69 73 20 75 73 65 64 20 62 79 20 56 52 46 20 60 3c 6e 61 6d 65	ble.`<id>`.is.used.by.VRF.`<name
9fdc0	3e 60 2e 00 43 6f 6e 66 69 67 75 72 65 64 20 76 61 6c 75 65 00 43 6f 6e 66 69 67 75 72 65 73 20	>`..Configured.value.Configures.
9fde0	74 68 65 20 42 47 50 20 73 70 65 61 6b 65 72 20 73 6f 20 74 68 61 74 20 69 74 20 6f 6e 6c 79 20	the.BGP.speaker.so.that.it.only.
9fe00	61 63 63 65 70 74 73 20 69 6e 62 6f 75 6e 64 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 66 72 6f 6d	accepts.inbound.connections.from
9fe20	2c 20 62 75 74 20 64 6f 65 73 20 6e 6f 74 20 69 6e 69 74 69 61 74 65 20 6f 75 74 62 6f 75 6e 64	,.but.does.not.initiate.outbound
9fe40	20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 74 6f 20 74 68 65 20 70 65 65 72 20 6f 72 20 70 65 65 72	.connections.to.the.peer.or.peer
9fe60	20 67 72 6f 75 70 2e 00 43 6f 6e 66 69 67 75 72 69 6e 67 20 52 41 44 49 55 53 20 61 63 63 6f 75	.group..Configuring.RADIUS.accou
9fe80	6e 74 69 6e 67 00 43 6f 6e 66 69 67 75 72 69 6e 67 20 61 20 6c 69 73 74 65 6e 2d 61 64 64 72 65	nting.Configuring.a.listen-addre
9fea0	73 73 20 69 73 20 65 73 73 65 6e 74 69 61 6c 20 66 6f 72 20 74 68 65 20 73 65 72 76 69 63 65 20	ss.is.essential.for.the.service.
9fec0	74 6f 20 77 6f 72 6b 2e 00 43 6f 6e 6e 65 63 74 2f 44 69 73 63 6f 6e 6e 65 63 74 00 43 6f 6e 6e	to.work..Connect/Disconnect.Conn
9fee0	65 63 74 65 64 20 63 6c 69 65 6e 74 20 73 68 6f 75 6c 64 20 75 73 65 20 60 3c 61 64 64 72 65 73	ected.client.should.use.`<addres
9ff00	73 3e 60 20 61 73 20 74 68 65 69 72 20 44 4e 53 20 73 65 72 76 65 72 2e 20 54 68 69 73 20 63 6f	s>`.as.their.DNS.server..This.co
9ff20	6d 6d 61 6e 64 20 61 63 63 65 70 74 73 20 62 6f 74 68 20 49 50 76 34 20 61 6e 64 20 49 50 76 36	mmand.accepts.both.IPv4.and.IPv6
9ff40	20 61 64 64 72 65 73 73 65 73 2e 20 55 70 20 74 6f 20 74 77 6f 20 6e 61 6d 65 73 65 72 76 65 72	.addresses..Up.to.two.nameserver
9ff60	73 20 63 61 6e 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 66 6f 72 20 49 50 76 34 2c 20 75 70	s.can.be.configured.for.IPv4,.up
9ff80	20 74 6f 20 74 68 72 65 65 20 66 6f 72 20 49 50 76 36 2e 00 43 6f 6e 6e 65 63 74 69 6f 6e 73 20	.to.three.for.IPv6..Connections.
9ffa0	74 6f 20 74 68 65 20 52 50 4b 49 20 63 61 63 68 69 6e 67 20 73 65 72 76 65 72 20 63 61 6e 20 6e	to.the.RPKI.caching.server.can.n
9ffc0	6f 74 20 6f 6e 6c 79 20 62 65 20 65 73 74 61 62 6c 69 73 68 65 64 20 62 79 20 48 54 54 50 2f 54	ot.only.be.established.by.HTTP/T
9ffe0	4c 53 20 62 75 74 20 79 6f 75 20 63 61 6e 20 61 6c 73 6f 20 72 65 6c 79 20 6f 6e 20 61 20 73 65	LS.but.you.can.also.rely.on.a.se
a0000	63 75 72 65 20 53 53 48 20 73 65 73 73 69 6f 6e 20 74 6f 20 74 68 65 20 73 65 72 76 65 72 2e 20	cure.SSH.session.to.the.server..
a0020	54 6f 20 65 6e 61 62 6c 65 20 53 53 48 20 79 6f 75 20 66 69 72 73 74 20 6e 65 65 64 20 74 6f 20	To.enable.SSH.you.first.need.to.
a0040	63 72 65 61 74 65 20 79 6f 75 72 73 65 6c 73 20 61 6e 20 53 53 48 20 63 6c 69 65 6e 74 20 6b 65	create.yoursels.an.SSH.client.ke
a0060	79 70 61 69 72 20 75 73 69 6e 67 20 60 60 67 65 6e 65 72 61 74 65 20 73 73 68 20 63 6c 69 65 6e	ypair.using.``generate.ssh.clien
a0080	74 2d 6b 65 79 20 2f 63 6f 6e 66 69 67 2f 61 75 74 68 2f 69 64 5f 72 73 61 5f 72 70 6b 69 60 60	t-key./config/auth/id_rsa_rpki``
a00a0	2e 20 4f 6e 63 65 20 79 6f 75 72 20 6b 65 79 20 69 73 20 63 72 65 61 74 65 64 20 79 6f 75 20 63	..Once.your.key.is.created.you.c
a00c0	61 6e 20 73 65 74 75 70 20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 2e 00 43 6f 6e 6e 74 72 61	an.setup.the.connection..Conntra
a00e0	63 6b 00 43 6f 6e 6e 74 72 61 63 6b 20 53 79 6e 63 00 43 6f 6e 6e 74 72 61 63 6b 20 53 79 6e 63	ck.Conntrack.Sync.Conntrack.Sync
a0100	20 45 78 61 6d 70 6c 65 00 43 6f 6e 73 6f 6c 65 00 43 6f 6e 73 6f 6c 65 20 53 65 72 76 65 72 00	.Example.Console.Console.Server.
a0120	43 6f 6e 73 74 72 61 69 6e 20 74 68 65 20 6d 65 6d 6f 72 79 20 61 76 61 69 6c 61 62 6c 65 20 74	Constrain.the.memory.available.t
a0140	6f 20 74 68 65 20 63 6f 6e 74 61 69 6e 65 72 2e 00 43 6f 6e 74 61 69 6e 65 72 00 43 6f 6e 76 65	o.the.container..Container.Conve
a0160	72 74 20 74 68 65 20 61 64 64 72 65 73 73 20 70 72 65 66 69 78 20 6f 66 20 61 20 73 69 6e 67 6c	rt.the.address.prefix.of.a.singl
a0180	65 20 60 66 63 30 30 3a 3a 2f 36 34 60 20 6e 65 74 77 6f 72 6b 20 74 6f 20 60 66 63 30 31 3a 3a	e.`fc00::/64`.network.to.`fc01::
a01a0	2f 36 34 60 00 43 6f 6e 76 65 72 74 20 74 68 65 20 61 64 64 72 65 73 73 20 70 72 65 66 69 78 20	/64`.Convert.the.address.prefix.
a01c0	6f 66 20 61 20 73 69 6e 67 6c 65 20 60 66 63 30 31 3a 3a 2f 36 34 60 20 6e 65 74 77 6f 72 6b 20	of.a.single.`fc01::/64`.network.
a01e0	74 6f 20 60 66 63 30 30 3a 3a 2f 36 34 60 00 43 6f 70 79 20 74 68 65 20 6b 65 79 2c 20 61 73 20	to.`fc00::/64`.Copy.the.key,.as.
a0200	69 74 20 69 73 20 6e 6f 74 20 73 74 6f 72 65 64 20 6f 6e 20 74 68 65 20 6c 6f 63 61 6c 20 66 69	it.is.not.stored.on.the.local.fi
a0220	6c 65 73 79 73 74 65 6d 2e 20 42 65 63 61 75 73 65 20 69 74 20 69 73 20 61 20 73 79 6d 6d 65 74	lesystem..Because.it.is.a.symmet
a0240	72 69 63 20 6b 65 79 2c 20 6f 6e 6c 79 20 79 6f 75 20 61 6e 64 20 79 6f 75 72 20 70 65 65 72 20	ric.key,.only.you.and.your.peer.
a0260	73 68 6f 75 6c 64 20 68 61 76 65 20 6b 6e 6f 77 6c 65 64 67 65 20 6f 66 20 69 74 73 20 63 6f 6e	should.have.knowledge.of.its.con
a0280	74 65 6e 74 2e 20 4d 61 6b 65 20 73 75 72 65 20 79 6f 75 20 64 69 73 74 72 69 62 75 74 65 20 74	tent..Make.sure.you.distribute.t
a02a0	68 65 20 6b 65 79 20 69 6e 20 61 20 73 61 66 65 20 6d 61 6e 6e 65 72 2c 00 43 6f 75 6e 74 72 79	he.key.in.a.safe.manner,.Country
a02c0	20 63 6f 64 65 20 28 49 53 4f 2f 49 45 43 20 33 31 36 36 2d 31 29 2e 20 55 73 65 64 20 74 6f 20	.code.(ISO/IEC.3166-1)..Used.to.
a02e0	73 65 74 20 72 65 67 75 6c 61 74 6f 72 79 20 64 6f 6d 61 69 6e 2e 20 53 65 74 20 61 73 20 6e 65	set.regulatory.domain..Set.as.ne
a0300	65 64 65 64 20 74 6f 20 69 6e 64 69 63 61 74 65 20 63 6f 75 6e 74 72 79 20 69 6e 20 77 68 69 63	eded.to.indicate.country.in.whic
a0320	68 20 64 65 76 69 63 65 20 69 73 20 6f 70 65 72 61 74 69 6e 67 2e 20 54 68 69 73 20 63 61 6e 20	h.device.is.operating..This.can.
a0340	6c 69 6d 69 74 20 61 76 61 69 6c 61 62 6c 65 20 63 68 61 6e 6e 65 6c 73 20 61 6e 64 20 74 72 61	limit.available.channels.and.tra
a0360	6e 73 6d 69 74 20 70 6f 77 65 72 2e 00 43 72 65 61 74 20 63 6f 6d 6d 75 6e 69 74 79 2d 6c 69 73	nsmit.power..Creat.community-lis
a0380	74 20 70 6f 6c 69 63 79 20 69 64 65 6e 74 69 66 69 65 64 20 62 79 20 6e 61 6d 65 20 3c 74 65 78	t.policy.identified.by.name.<tex
a03a0	74 3e 2e 00 43 72 65 61 74 20 65 78 74 63 6f 6d 6d 75 6e 69 74 79 2d 6c 69 73 74 20 70 6f 6c 69	t>..Creat.extcommunity-list.poli
a03c0	63 79 20 69 64 65 6e 74 69 66 69 65 64 20 62 79 20 6e 61 6d 65 20 3c 74 65 78 74 3e 2e 00 43 72	cy.identified.by.name.<text>..Cr
a03e0	65 61 74 65 20 44 48 43 50 20 61 64 64 72 65 73 73 20 72 61 6e 67 65 20 77 69 74 68 20 61 20 72	eate.DHCP.address.range.with.a.r
a0400	61 6e 67 65 20 69 64 20 6f 66 20 60 3c 6e 3e 60 2e 20 44 48 43 50 20 6c 65 61 73 65 73 20 61 72	ange.id.of.`<n>`..DHCP.leases.ar
a0420	65 20 74 61 6b 65 6e 20 66 72 6f 6d 20 74 68 69 73 20 70 6f 6f 6c 2e 20 54 68 65 20 70 6f 6f 6c	e.taken.from.this.pool..The.pool
a0440	20 73 74 61 72 74 73 20 61 74 20 61 64 64 72 65 73 73 20 60 3c 61 64 64 72 65 73 73 3e 60 2e 00	.starts.at.address.`<address>`..
a0460	43 72 65 61 74 65 20 44 48 43 50 20 61 64 64 72 65 73 73 20 72 61 6e 67 65 20 77 69 74 68 20 61	Create.DHCP.address.range.with.a
a0480	20 72 61 6e 67 65 20 69 64 20 6f 66 20 60 3c 6e 3e 60 2e 20 44 48 43 50 20 6c 65 61 73 65 73 20	.range.id.of.`<n>`..DHCP.leases.
a04a0	61 72 65 20 74 61 6b 65 6e 20 66 72 6f 6d 20 74 68 69 73 20 70 6f 6f 6c 2e 20 54 68 65 20 70 6f	are.taken.from.this.pool..The.po
a04c0	6f 6c 20 73 74 6f 70 73 20 77 69 74 68 20 61 64 64 72 65 73 73 20 60 3c 61 64 64 72 65 73 73 3e	ol.stops.with.address.`<address>
a04e0	60 2e 00 43 72 65 61 74 65 20 44 4e 53 20 72 65 63 6f 72 64 20 70 65 72 20 63 6c 69 65 6e 74 20	`..Create.DNS.record.per.client.
a0500	6c 65 61 73 65 2c 20 62 79 20 61 64 64 69 6e 67 20 63 6c 69 65 6e 74 73 20 74 6f 20 2f 65 74 63	lease,.by.adding.clients.to./etc
a0520	2f 68 6f 73 74 73 20 66 69 6c 65 2e 20 45 6e 74 72 79 20 77 69 6c 6c 20 68 61 76 65 20 66 6f 72	/hosts.file..Entry.will.have.for
a0540	6d 61 74 3a 20 60 3c 73 68 61 72 65 64 2d 6e 65 74 77 6f 72 6b 2d 6e 61 6d 65 3e 5f 3c 68 6f 73	mat:.`<shared-network-name>_<hos
a0560	74 6e 61 6d 65 3e 2e 3c 64 6f 6d 61 69 6e 2d 6e 61 6d 65 3e 60 00 43 72 65 61 74 65 20 60 3c 75	tname>.<domain-name>`.Create.`<u
a0580	73 65 72 3e 60 20 66 6f 72 20 6c 6f 63 61 6c 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 6f	ser>`.for.local.authentication.o
a05a0	6e 20 74 68 69 73 20 73 79 73 74 65 6d 2e 20 54 68 65 20 75 73 65 72 73 20 70 61 73 73 77 6f 72	n.this.system..The.users.passwor
a05c0	64 20 77 69 6c 6c 20 62 65 20 73 65 74 20 74 6f 20 60 3c 70 61 73 73 3e 60 2e 00 43 72 65 61 74	d.will.be.set.to.`<pass>`..Creat
a05e0	65 20 61 20 62 61 73 69 63 20 62 72 69 64 67 65 00 43 72 65 61 74 65 20 61 20 66 69 6c 65 20 6e	e.a.basic.bridge.Create.a.file.n
a0600	61 6d 65 64 20 60 60 56 79 4f 53 2d 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e 34 34 36 34 31 2e 43 6f	amed.``VyOS-1.3.6.1.4.1.44641.Co
a0620	6e 66 69 67 4d 67 6d 74 2d 43 6f 6d 6d 61 6e 64 73 60 60 20 75 73 69 6e 67 20 74 68 65 20 66 6f	nfigMgmt-Commands``.using.the.fo
a0640	6c 6c 6f 77 69 6e 67 20 63 6f 6e 74 65 6e 74 3a 00 43 72 65 61 74 65 20 61 20 6c 6f 61 64 20 62	llowing.content:.Create.a.load.b
a0660	61 6c 61 6e 63 69 6e 67 20 72 75 6c 65 2c 20 69 74 20 63 61 6e 20 62 65 20 61 20 6e 75 6d 62 65	alancing.rule,.it.can.be.a.numbe
a0680	72 20 62 65 74 77 65 65 6e 20 31 20 61 6e 64 20 39 39 39 39 3a 00 43 72 65 61 74 65 20 61 20 6e	r.between.1.and.9999:.Create.a.n
a06a0	65 77 20 3a 61 62 62 72 3a 60 43 41 20 28 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72	ew.:abbr:`CA.(Certificate.Author
a06c0	69 74 79 29 60 20 61 6e 64 20 6f 75 74 70 75 74 20 74 68 65 20 43 41 73 20 70 75 62 6c 69 63 20	ity)`.and.output.the.CAs.public.
a06e0	61 6e 64 20 70 72 69 76 61 74 65 20 6b 65 79 20 6f 6e 20 74 68 65 20 63 6f 6e 73 6f 6c 65 2e 00	and.private.key.on.the.console..
a0700	43 72 65 61 74 65 20 61 20 6e 65 77 20 44 48 43 50 20 73 74 61 74 69 63 20 6d 61 70 70 69 6e 67	Create.a.new.DHCP.static.mapping
a0720	20 6e 61 6d 65 64 20 60 3c 64 65 73 63 72 69 70 74 69 6f 6e 3e 60 20 77 68 69 63 68 20 69 73 20	.named.`<description>`.which.is.
a0740	76 61 6c 69 64 20 66 6f 72 20 74 68 65 20 68 6f 73 74 20 69 64 65 6e 74 69 66 69 65 64 20 62 79	valid.for.the.host.identified.by
a0760	20 69 74 73 20 4d 41 43 20 60 3c 61 64 64 72 65 73 73 3e 60 2e 00 43 72 65 61 74 65 20 61 20 6e	.its.MAC.`<address>`..Create.a.n
a0780	65 77 20 56 4c 41 4e 20 69 6e 74 65 72 66 61 63 65 20 6f 6e 20 69 6e 74 65 72 66 61 63 65 20 60	ew.VLAN.interface.on.interface.`
a07a0	3c 69 6e 74 65 72 66 61 63 65 3e 60 20 75 73 69 6e 67 20 74 68 65 20 56 4c 41 4e 20 6e 75 6d 62	<interface>`.using.the.VLAN.numb
a07c0	65 72 20 70 72 6f 76 69 64 65 64 20 76 69 61 20 60 3c 76 6c 61 6e 2d 69 64 3e 60 2e 00 43 72 65	er.provided.via.`<vlan-id>`..Cre
a07e0	61 74 65 20 61 20 6e 65 77 20 70 75 62 6c 69 63 2f 70 72 69 76 61 74 65 20 6b 65 79 70 61 69 72	ate.a.new.public/private.keypair
a0800	20 61 6e 64 20 6f 75 74 70 75 74 20 74 68 65 20 63 65 72 74 69 66 69 63 61 74 65 20 6f 6e 20 74	.and.output.the.certificate.on.t
a0820	68 65 20 63 6f 6e 73 6f 6c 65 2e 00 43 72 65 61 74 65 20 61 20 6e 65 77 20 70 75 62 6c 69 63 2f	he.console..Create.a.new.public/
a0840	70 72 69 76 61 74 65 20 6b 65 79 70 61 69 72 20 77 68 69 63 68 20 69 73 20 73 69 67 6e 65 64 20	private.keypair.which.is.signed.
a0860	62 79 20 74 68 65 20 43 41 20 72 65 66 65 72 65 6e 63 65 64 20 62 79 20 60 63 61 2d 6e 61 6d 65	by.the.CA.referenced.by.`ca-name
a0880	60 2e 20 54 68 65 20 73 69 67 6e 65 64 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20 74 68 65	`..The.signed.certificate.is.the
a08a0	6e 20 6f 75 74 70 75 74 20 74 6f 20 74 68 65 20 63 6f 6e 73 6f 6c 65 2e 00 43 72 65 61 74 65 20	n.output.to.the.console..Create.
a08c0	61 20 6e 65 77 20 73 65 6c 66 2d 73 69 67 6e 65 64 20 63 65 72 74 69 66 69 63 61 74 65 2e 20 54	a.new.self-signed.certificate..T
a08e0	68 65 20 70 75 62 6c 69 63 2f 70 72 69 76 61 74 65 20 69 73 20 74 68 65 6e 20 73 68 6f 77 6e 20	he.public/private.is.then.shown.
a0900	6f 6e 20 74 68 65 20 63 6f 6e 73 6f 6c 65 2e 00 43 72 65 61 74 65 20 61 20 6e 65 77 20 73 75 62	on.the.console..Create.a.new.sub
a0920	6f 72 64 69 6e 61 74 65 20 3a 61 62 62 72 3a 60 43 41 20 28 43 65 72 74 69 66 69 63 61 74 65 20	ordinate.:abbr:`CA.(Certificate.
a0940	41 75 74 68 6f 72 69 74 79 29 60 20 61 6e 64 20 73 69 67 6e 20 69 74 20 75 73 69 6e 67 20 74 68	Authority)`.and.sign.it.using.th
a0960	65 20 70 72 69 76 61 74 65 20 6b 65 79 20 72 65 66 65 72 65 6e 63 65 64 20 62 79 20 60 63 61 2d	e.private.key.referenced.by.`ca-
a0980	6e 61 6d 65 60 2e 00 43 72 65 61 74 65 20 61 20 6e 65 77 20 73 75 62 6f 72 64 69 6e 61 74 65 20	name`..Create.a.new.subordinate.
a09a0	3a 61 62 62 72 3a 60 43 41 20 28 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79	:abbr:`CA.(Certificate.Authority
a09c0	29 60 20 61 6e 64 20 73 69 67 6e 20 69 74 20 75 73 69 6e 67 20 74 68 65 20 70 72 69 76 61 74 65	)`.and.sign.it.using.the.private
a09e0	20 6b 65 79 20 72 65 66 65 72 65 6e 63 65 64 20 62 79 20 60 6e 61 6d 65 60 2e 00 43 72 65 61 74	.key.referenced.by.`name`..Creat
a0a00	65 20 61 20 70 65 65 72 20 61 73 20 79 6f 75 20 77 6f 75 6c 64 20 77 68 65 6e 20 79 6f 75 20 73	e.a.peer.as.you.would.when.you.s
a0a20	70 65 63 69 66 79 20 61 6e 20 41 53 4e 2c 20 65 78 63 65 70 74 20 74 68 61 74 20 69 66 20 74 68	pecify.an.ASN,.except.that.if.th
a0a40	65 20 70 65 65 72 73 20 41 53 4e 20 69 73 20 64 69 66 66 65 72 65 6e 74 20 74 68 61 6e 20 6d 69	e.peers.ASN.is.different.than.mi
a0a60	6e 65 20 61 73 20 73 70 65 63 69 66 69 65 64 20 75 6e 64 65 72 20 74 68 65 20 3a 63 66 67 63 6d	ne.as.specified.under.the.:cfgcm
a0a80	64 3a 60 70 72 6f 74 6f 63 6f 6c 73 20 62 67 70 20 3c 61 73 6e 3e 60 20 63 6f 6d 6d 61 6e 64 20	d:`protocols.bgp.<asn>`.command.
a0aa0	74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 77 69 6c 6c 20 62 65 20 64 65 6e 69 65 64 2e 00 43	the.connection.will.be.denied..C
a0ac0	72 65 61 74 65 20 61 20 70 65 65 72 20 61 73 20 79 6f 75 20 77 6f 75 6c 64 20 77 68 65 6e 20 79	reate.a.peer.as.you.would.when.y
a0ae0	6f 75 20 73 70 65 63 69 66 79 20 61 6e 20 41 53 4e 2c 20 65 78 63 65 70 74 20 74 68 61 74 20 69	ou.specify.an.ASN,.except.that.i
a0b00	66 20 74 68 65 20 70 65 65 72 73 20 41 53 4e 20 69 73 20 74 68 65 20 73 61 6d 65 20 61 73 20 6d	f.the.peers.ASN.is.the.same.as.m
a0b20	69 6e 65 20 61 73 20 73 70 65 63 69 66 69 65 64 20 75 6e 64 65 72 20 74 68 65 20 3a 63 66 67 63	ine.as.specified.under.the.:cfgc
a0b40	6d 64 3a 60 70 72 6f 74 6f 63 6f 6c 73 20 62 67 70 20 3c 61 73 6e 3e 60 20 63 6f 6d 6d 61 6e 64	md:`protocols.bgp.<asn>`.command
a0b60	20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 77 69 6c 6c 20 62 65 20 64 65 6e 69 65 64 2e 00	.the.connection.will.be.denied..
a0b80	43 72 65 61 74 65 20 61 20 73 74 61 74 69 63 20 68 6f 73 74 6e 61 6d 65 20 6d 61 70 70 69 6e 67	Create.a.static.hostname.mapping
a0ba0	20 77 68 69 63 68 20 77 69 6c 6c 20 61 6c 77 61 79 73 20 72 65 73 6f 6c 76 65 20 74 68 65 20 6e	.which.will.always.resolve.the.n
a0bc0	61 6d 65 20 60 3c 68 6f 73 74 6e 61 6d 65 3e 60 20 74 6f 20 49 50 20 61 64 64 72 65 73 73 20 60	ame.`<hostname>`.to.IP.address.`
a0be0	3c 61 64 64 72 65 73 73 3e 60 2e 00 43 72 65 61 74 65 20 61 73 2d 70 61 74 68 2d 70 6f 6c 69 63	<address>`..Create.as-path-polic
a0c00	79 20 69 64 65 6e 74 69 66 69 65 64 20 62 79 20 6e 61 6d 65 20 3c 74 65 78 74 3e 2e 00 43 72 65	y.identified.by.name.<text>..Cre
a0c20	61 74 65 20 6c 61 72 67 65 2d 63 6f 6d 6d 75 6e 69 74 79 2d 6c 69 73 74 20 70 6f 6c 69 63 79 20	ate.large-community-list.policy.
a0c40	69 64 65 6e 74 69 66 69 65 64 20 62 79 20 6e 61 6d 65 20 3c 74 65 78 74 3e 2e 00 43 72 65 61 74	identified.by.name.<text>..Creat
a0c60	65 20 6e 61 6d 65 64 20 60 3c 61 6c 69 61 73 3e 60 20 66 6f 72 20 74 68 65 20 63 6f 6e 66 69 67	e.named.`<alias>`.for.the.config
a0c80	75 72 65 64 20 73 74 61 74 69 63 20 6d 61 70 70 69 6e 67 20 66 6f 72 20 60 3c 68 6f 73 74 6e 61	ured.static.mapping.for.`<hostna
a0ca0	6d 65 3e 60 2e 20 54 68 75 73 20 74 68 65 20 61 64 64 72 65 73 73 20 63 6f 6e 66 69 67 75 72 65	me>`..Thus.the.address.configure
a0cc0	64 20 61 73 20 3a 63 66 67 63 6d 64 3a 60 73 65 74 20 73 79 73 74 65 6d 20 73 74 61 74 69 63 2d	d.as.:cfgcmd:`set.system.static-
a0ce0	68 6f 73 74 2d 6d 61 70 70 69 6e 67 20 68 6f 73 74 2d 6e 61 6d 65 20 3c 68 6f 73 74 6e 61 6d 65	host-mapping.host-name.<hostname
a0d00	3e 20 69 6e 65 74 20 3c 61 64 64 72 65 73 73 3e 60 20 63 61 6e 20 62 65 20 72 65 61 63 68 65 64	>.inet.<address>`.can.be.reached
a0d20	20 76 69 61 20 6d 75 6c 74 69 70 6c 65 20 6e 61 6d 65 73 2e 00 43 72 65 61 74 65 20 6e 65 77 20	.via.multiple.names..Create.new.
a0d40	3a 72 66 63 3a 60 32 31 33 36 60 20 44 4e 53 20 75 70 64 61 74 65 20 63 6f 6e 66 69 67 75 72 61	:rfc:`2136`.DNS.update.configura
a0d60	74 69 6f 6e 20 77 68 69 63 68 20 77 69 6c 6c 20 75 70 64 61 74 65 20 74 68 65 20 49 50 20 61 64	tion.which.will.update.the.IP.ad
a0d80	64 72 65 73 73 20 61 73 73 69 67 6e 65 64 20 74 6f 20 60 3c 69 6e 74 65 72 66 61 63 65 3e 60 20	dress.assigned.to.`<interface>`.
a0da0	6f 6e 20 74 68 65 20 73 65 72 76 69 63 65 20 79 6f 75 20 63 6f 6e 66 69 67 75 72 65 64 20 75 6e	on.the.service.you.configured.un
a0dc0	64 65 72 20 60 3c 73 65 72 76 69 63 65 2d 6e 61 6d 65 3e 60 2e 00 43 72 65 61 74 65 20 6e 65 77	der.`<service-name>`..Create.new
a0de0	20 56 52 46 20 69 6e 73 74 61 6e 63 65 20 77 69 74 68 20 60 3c 6e 61 6d 65 3e 60 2e 20 54 68 65	.VRF.instance.with.`<name>`..The
a0e00	20 6e 61 6d 65 20 69 73 20 75 73 65 64 20 77 68 65 6e 20 70 6c 61 63 69 6e 67 20 69 6e 64 69 76	.name.is.used.when.placing.indiv
a0e20	69 64 75 61 6c 20 69 6e 74 65 72 66 61 63 65 73 20 69 6e 74 6f 20 74 68 65 20 56 52 46 2e 00 43	idual.interfaces.into.the.VRF..C
a0e40	72 65 61 74 65 20 6e 65 77 20 73 79 73 74 65 6d 20 75 73 65 72 20 77 69 74 68 20 75 73 65 72 6e	reate.new.system.user.with.usern
a0e60	61 6d 65 20 60 3c 6e 61 6d 65 3e 60 20 61 6e 64 20 72 65 61 6c 2d 6e 61 6d 65 20 73 70 65 63 69	ame.`<name>`.and.real-name.speci
a0e80	66 69 65 64 20 62 79 20 60 3c 73 74 72 69 6e 67 3e 60 2e 00 43 72 65 61 74 65 20 73 65 72 76 69	fied.by.`<string>`..Create.servi
a0ea0	63 65 20 60 3c 6e 61 6d 65 3e 60 20 74 6f 20 6c 69 73 74 65 6e 20 6f 6e 20 3c 70 6f 72 74 3e 00	ce.`<name>`.to.listen.on.<port>.
a0ec0	43 72 65 61 74 65 73 20 61 20 6e 61 6d 65 64 20 63 6f 6e 74 61 69 6e 65 72 20 6e 65 74 77 6f 72	Creates.a.named.container.networ
a0ee0	6b 00 43 72 65 61 74 65 73 20 73 74 61 74 69 63 20 70 65 65 72 20 6d 61 70 70 69 6e 67 20 6f 66	k.Creates.static.peer.mapping.of
a0f00	20 70 72 6f 74 6f 63 6f 6c 2d 61 64 64 72 65 73 73 20 74 6f 20 3a 61 62 62 72 3a 60 4e 42 4d 41	.protocol-address.to.:abbr:`NBMA
a0f20	20 28 4e 6f 6e 2d 62 72 6f 61 64 63 61 73 74 20 6d 75 6c 74 69 70 6c 65 2d 61 63 63 65 73 73 20	.(Non-broadcast.multiple-access.
a0f40	6e 65 74 77 6f 72 6b 29 60 20 61 64 64 72 65 73 73 2e 00 43 72 65 61 74 69 6e 67 20 61 20 62 72	network)`.address..Creating.a.br
a0f60	69 64 67 65 20 69 6e 74 65 72 66 61 63 65 20 69 73 20 76 65 72 79 20 73 69 6d 70 6c 65 2e 20 49	idge.interface.is.very.simple..I
a0f80	6e 20 74 68 69 73 20 65 78 61 6d 70 6c 65 2c 20 77 65 20 77 69 6c 6c 20 68 61 76 65 3a 00 43 72	n.this.example,.we.will.have:.Cr
a0fa0	65 61 74 69 6e 67 20 61 20 74 72 61 66 66 69 63 20 70 6f 6c 69 63 79 00 43 72 69 74 69 63 61 6c	eating.a.traffic.policy.Critical
a0fc0	00 43 72 69 74 69 63 61 6c 20 63 6f 6e 64 69 74 69 6f 6e 73 20 2d 20 65 2e 67 2e 20 68 61 72 64	.Critical.conditions.-.e.g..hard
a0fe0	20 64 72 69 76 65 20 65 72 72 6f 72 73 2e 00 43 72 79 73 74 61 6c 66 6f 6e 74 7a 20 43 46 41 2d	.drive.errors..Crystalfontz.CFA-
a1000	35 33 33 00 43 72 79 73 74 61 6c 66 6f 6e 74 7a 20 43 46 41 2d 36 33 31 00 43 72 79 73 74 61 6c	533.Crystalfontz.CFA-631.Crystal
a1020	66 6f 6e 74 7a 20 43 46 41 2d 36 33 33 00 43 72 79 73 74 61 6c 66 6f 6e 74 7a 20 43 46 41 2d 36	fontz.CFA-633.Crystalfontz.CFA-6
a1040	33 35 00 43 75 72 20 48 6f 70 20 4c 69 6d 69 74 00 43 75 72 72 65 6e 74 6c 79 20 64 6f 65 73 20	35.Cur.Hop.Limit.Currently.does.
a1060	6e 6f 74 20 64 6f 20 6d 75 63 68 20 61 73 20 63 61 63 68 69 6e 67 20 69 73 20 6e 6f 74 20 69 6d	not.do.much.as.caching.is.not.im
a1080	70 6c 65 6d 65 6e 74 65 64 2e 00 43 75 72 72 65 6e 74 6c 79 20 64 79 6e 61 6d 69 63 20 72 6f 75	plemented..Currently.dynamic.rou
a10a0	74 69 6e 67 20 69 73 20 73 75 70 70 6f 72 74 65 64 20 66 6f 72 20 74 68 65 20 66 6f 6c 6c 6f 77	ting.is.supported.for.the.follow
a10c0	69 6e 67 20 70 72 6f 74 6f 63 6f 6c 73 3a 00 43 75 73 74 6f 6d 20 46 69 6c 65 00 43 75 73 74 6f	ing.protocols:.Custom.File.Custo
a10e0	6d 20 66 69 72 65 77 61 6c 6c 20 63 68 61 69 6e 73 20 63 61 6e 20 62 65 20 63 72 65 61 74 65 64	m.firewall.chains.can.be.created
a1100	2c 20 77 69 74 68 20 63 6f 6d 6d 61 6e 64 73 20 60 60 73 65 74 20 66 69 72 65 77 61 6c 6c 20 5b	,.with.commands.``set.firewall.[
a1120	69 70 76 34 20 7c 20 69 70 76 36 5d 20 5b 6e 61 6d 65 20 7c 20 69 70 76 36 2d 6e 61 6d 65 5d 20	ipv4.|.ipv6].[name.|.ipv6-name].
a1140	3c 6e 61 6d 65 3e 20 2e 2e 2e 60 60 2e 20 49 6e 20 6f 72 64 65 72 20 74 6f 20 75 73 65 20 73 75	<name>....``..In.order.to.use.su
a1160	63 68 20 63 75 73 74 6f 6d 20 63 68 61 69 6e 2c 20 61 20 72 75 6c 65 20 77 69 74 68 20 2a 2a 61	ch.custom.chain,.a.rule.with.**a
a1180	63 74 69 6f 6e 20 6a 75 6d 70 2a 2a 2c 20 61 6e 64 20 74 68 65 20 61 70 70 72 6f 70 69 61 74 65	ction.jump**,.and.the.appropiate
a11a0	20 2a 2a 74 61 72 67 65 74 2a 2a 20 73 68 6f 75 6c 64 20 62 65 20 64 65 66 69 6e 65 64 20 69 6e	.**target**.should.be.defined.in
a11c0	20 61 20 62 61 73 65 20 63 68 61 69 6e 2e 00 43 75 73 74 6f 6d 20 68 65 61 6c 74 68 2d 63 68 65	.a.base.chain..Custom.health-che
a11e0	63 6b 20 73 63 72 69 70 74 20 61 6c 6c 6f 77 73 20 63 68 65 63 6b 69 6e 67 20 72 65 61 6c 2d 73	ck.script.allows.checking.real-s
a1200	65 72 76 65 72 20 61 76 61 69 6c 61 62 69 6c 69 74 79 00 43 75 73 74 6f 6d 69 7a 65 64 20 69 67	erver.availability.Customized.ig
a1220	6e 6f 72 65 20 72 75 6c 65 73 2c 20 62 61 73 65 64 20 6f 6e 20 61 20 70 61 63 6b 65 74 20 61 6e	nore.rules,.based.on.a.packet.an
a1240	64 20 66 6c 6f 77 20 73 65 6c 65 63 74 6f 72 2e 00 44 43 4f 20 63 61 6e 20 62 65 20 65 6e 61 62	d.flow.selector..DCO.can.be.enab
a1260	6c 65 64 20 66 6f 72 20 62 6f 74 68 20 6e 65 77 20 61 6e 64 20 65 78 69 73 74 69 6e 67 20 74 75	led.for.both.new.and.existing.tu
a1280	6e 6e 65 6c 73 2c 56 79 4f 53 20 61 64 64 73 20 61 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 65 61 63	nnels,VyOS.adds.an.option.in.eac
a12a0	68 20 74 75 6e 6e 65 6c 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 77 68 65 72 65 20 77 65 20	h.tunnel.configuration.where.we.
a12c0	63 61 6e 20 65 6e 61 62 6c 65 20 74 68 69 73 20 66 75 6e 63 74 69 6f 6e 20 20 2e 54 68 65 20 63	can.enable.this.function...The.c
a12e0	75 72 72 65 6e 74 20 62 65 73 74 20 70 72 61 63 74 69 63 65 20 69 73 20 74 6f 20 63 72 65 61 74	urrent.best.practice.is.to.creat
a1300	65 20 61 20 6e 65 77 20 74 75 6e 6e 65 6c 20 77 69 74 68 20 44 43 4f 20 74 6f 20 6d 69 6e 69 6d	e.a.new.tunnel.with.DCO.to.minim
a1320	69 7a 65 20 74 68 65 20 63 68 61 6e 63 65 20 6f 66 20 70 72 6f 62 6c 65 6d 73 20 77 69 74 68 20	ize.the.chance.of.problems.with.
a1340	65 78 69 73 74 69 6e 67 20 63 6c 69 65 6e 74 73 2e 00 44 43 4f 20 73 75 70 70 6f 72 74 20 69 73	existing.clients..DCO.support.is
a1360	20 61 20 70 65 72 2d 74 75 6e 6e 65 6c 20 6f 70 74 69 6f 6e 20 61 6e 64 20 69 74 20 69 73 20 6e	.a.per-tunnel.option.and.it.is.n
a1380	6f 74 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 65 6e 61 62 6c 65 64 20 62 79 20 64 65 66 61	ot.automatically.enabled.by.defa
a13a0	75 6c 74 20 66 6f 72 20 6e 65 77 20 6f 72 20 75 70 67 72 61 64 65 64 20 74 75 6e 6e 65 6c 73 2e	ult.for.new.or.upgraded.tunnels.
a13c0	20 45 78 69 73 74 69 6e 67 20 74 75 6e 6e 65 6c 73 20 77 69 6c 6c 20 63 6f 6e 74 69 6e 75 65 20	.Existing.tunnels.will.continue.
a13e0	74 6f 20 66 75 6e 63 74 69 6f 6e 20 61 73 20 74 68 65 79 20 68 61 76 65 20 69 6e 20 74 68 65 20	to.function.as.they.have.in.the.
a1400	70 61 73 74 2e 00 44 48 20 47 72 6f 75 70 20 31 34 00 44 48 43 50 20 52 65 6c 61 79 00 44 48 43	past..DH.Group.14.DHCP.Relay.DHC
a1420	50 20 53 65 72 76 65 72 00 44 48 43 50 20 66 61 69 6c 6f 76 65 72 20 70 61 72 61 6d 65 74 65 72	P.Server.DHCP.failover.parameter
a1440	73 00 44 48 43 50 20 6c 65 61 73 65 20 72 61 6e 67 65 00 44 48 43 50 20 72 61 6e 67 65 20 73 70	s.DHCP.lease.range.DHCP.range.sp
a1460	61 6e 73 20 66 72 6f 6d 20 60 31 39 32 2e 31 36 38 2e 31 38 39 2e 31 30 60 20 2d 20 60 31 39 32	ans.from.`192.168.189.10`.-.`192
a1480	2e 31 36 38 2e 31 38 39 2e 32 35 30 60 00 44 48 43 50 20 72 65 6c 61 79 20 65 78 61 6d 70 6c 65	.168.189.250`.DHCP.relay.example
a14a0	00 44 48 43 50 20 73 65 72 76 65 72 20 69 73 20 6c 6f 63 61 74 65 64 20 61 74 20 49 50 76 34 20	.DHCP.server.is.located.at.IPv4.
a14c0	61 64 64 72 65 73 73 20 31 30 2e 30 2e 31 2e 34 20 6f 6e 20 60 60 65 74 68 32 60 60 2e 00 44 48	address.10.0.1.4.on.``eth2``..DH
a14e0	43 50 76 36 20 61 64 64 72 65 73 73 20 70 6f 6f 6c 73 20 6d 75 73 74 20 62 65 20 63 6f 6e 66 69	CPv6.address.pools.must.be.confi
a1500	67 75 72 65 64 20 66 6f 72 20 74 68 65 20 73 79 73 74 65 6d 20 74 6f 20 61 63 74 20 61 73 20 61	gured.for.the.system.to.act.as.a
a1520	20 44 48 43 50 76 36 20 73 65 72 76 65 72 2e 20 54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 65 78	.DHCPv6.server..The.following.ex
a1540	61 6d 70 6c 65 20 64 65 73 63 72 69 62 65 73 20 61 20 63 6f 6d 6d 6f 6e 20 73 63 65 6e 61 72 69	ample.describes.a.common.scenari
a1560	6f 2e 00 44 48 43 50 76 36 20 72 65 6c 61 79 20 65 78 61 6d 70 6c 65 00 44 48 43 50 76 36 20 72	o..DHCPv6.relay.example.DHCPv6.r
a1580	65 71 75 65 73 74 73 20 61 72 65 20 72 65 63 65 69 76 65 64 20 62 79 20 74 68 65 20 72 6f 75 74	equests.are.received.by.the.rout
a15a0	65 72 20 6f 6e 20 60 6c 69 73 74 65 6e 69 6e 67 20 69 6e 74 65 72 66 61 63 65 60 20 60 60 65 74	er.on.`listening.interface`.``et
a15c0	68 31 60 60 00 44 4d 56 50 4e 00 44 4d 56 50 4e 20 65 78 61 6d 70 6c 65 20 6e 65 74 77 6f 72 6b	h1``.DMVPN.DMVPN.example.network
a15e0	00 44 4d 56 50 4e 20 6e 65 74 77 6f 72 6b 00 44 4d 56 50 4e 20 6f 6e 6c 79 20 61 75 74 6f 6d 61	.DMVPN.network.DMVPN.only.automa
a1600	74 65 73 20 74 68 65 20 74 75 6e 6e 65 6c 20 65 6e 64 70 6f 69 6e 74 20 64 69 73 63 6f 76 65 72	tes.the.tunnel.endpoint.discover
a1620	79 20 61 6e 64 20 73 65 74 75 70 2e 20 41 20 63 6f 6d 70 6c 65 74 65 20 73 6f 6c 75 74 69 6f 6e	y.and.setup..A.complete.solution
a1640	20 61 6c 73 6f 20 69 6e 63 6f 72 70 6f 72 61 74 65 73 20 74 68 65 20 75 73 65 20 6f 66 20 61 20	.also.incorporates.the.use.of.a.
a1660	72 6f 75 74 69 6e 67 20 70 72 6f 74 6f 63 6f 6c 2e 20 42 47 50 20 69 73 20 70 61 72 74 69 63 75	routing.protocol..BGP.is.particu
a1680	6c 61 72 6c 79 20 77 65 6c 6c 20 73 75 69 74 65 64 20 66 6f 72 20 75 73 65 20 77 69 74 68 20 44	larly.well.suited.for.use.with.D
a16a0	4d 56 50 4e 2e 00 44 4e 41 54 00 44 4e 41 54 20 69 73 20 74 79 70 69 63 61 6c 6c 79 20 72 65 66	MVPN..DNAT.DNAT.is.typically.ref
a16c0	65 72 72 65 64 20 74 6f 20 61 73 20 61 20 2a 2a 50 6f 72 74 20 46 6f 72 77 61 72 64 2a 2a 2e 20	erred.to.as.a.**Port.Forward**..
a16e0	57 68 65 6e 20 75 73 69 6e 67 20 56 79 4f 53 20 61 73 20 61 20 4e 41 54 20 72 6f 75 74 65 72 20	When.using.VyOS.as.a.NAT.router.
a1700	61 6e 64 20 66 69 72 65 77 61 6c 6c 2c 20 61 20 63 6f 6d 6d 6f 6e 20 63 6f 6e 66 69 67 75 72 61	and.firewall,.a.common.configura
a1720	74 69 6f 6e 20 74 61 73 6b 20 69 73 20 74 6f 20 72 65 64 69 72 65 63 74 20 69 6e 63 6f 6d 69 6e	tion.task.is.to.redirect.incomin
a1740	67 20 74 72 61 66 66 69 63 20 74 6f 20 61 20 73 79 73 74 65 6d 20 62 65 68 69 6e 64 20 74 68 65	g.traffic.to.a.system.behind.the
a1760	20 66 69 72 65 77 61 6c 6c 2e 00 44 4e 41 54 20 72 75 6c 65 20 31 30 20 72 65 70 6c 61 63 65 73	.firewall..DNAT.rule.10.replaces
a1780	20 74 68 65 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 61 64 64 72 65 73 73 20 6f 66 20 61 6e 20 69	.the.destination.address.of.an.i
a17a0	6e 62 6f 75 6e 64 20 70 61 63 6b 65 74 20 77 69 74 68 20 31 39 32 2e 30 2e 32 2e 31 30 00 44 4e	nbound.packet.with.192.0.2.10.DN
a17c0	41 54 36 36 00 44 4e 53 20 46 6f 72 77 61 72 64 69 6e 67 00 44 4e 53 20 6e 61 6d 65 20 73 65 72	AT66.DNS.Forwarding.DNS.name.ser
a17e0	76 65 72 73 00 44 4e 53 20 73 65 61 72 63 68 20 6c 69 73 74 20 74 6f 20 61 64 76 65 72 74 69 73	vers.DNS.search.list.to.advertis
a1800	65 00 44 4e 53 20 73 65 72 76 65 72 20 49 50 76 34 20 61 64 64 72 65 73 73 00 44 4e 53 20 73 65	e.DNS.server.IPv4.address.DNS.se
a1820	72 76 65 72 20 69 73 20 6c 6f 63 61 74 65 64 20 61 74 20 60 60 32 30 30 31 3a 64 62 38 3a 3a 66	rver.is.located.at.``2001:db8::f
a1840	66 66 66 60 60 00 44 4e 53 53 4c 00 44 53 43 50 20 76 61 6c 75 65 73 20 61 73 20 70 65 72 20 3a	fff``.DNSSL.DSCP.values.as.per.:
a1860	72 66 63 3a 60 32 34 37 34 60 20 61 6e 64 20 3a 72 66 63 3a 60 34 35 39 35 60 3a 00 44 53 53 53	rfc:`2474`.and.:rfc:`4595`:.DSSS
a1880	2f 43 43 4b 20 4d 6f 64 65 20 69 6e 20 34 30 20 4d 48 7a 2c 20 74 68 69 73 20 73 65 74 73 20 60	/CCK.Mode.in.40.MHz,.this.sets.`
a18a0	60 5b 44 53 53 53 5f 43 43 4b 2d 34 30 5d 60 60 00 44 61 74 61 20 69 73 20 70 72 6f 76 69 64 65	`[DSSS_CCK-40]``.Data.is.provide
a18c0	64 20 62 79 20 44 42 2d 49 50 2e 63 6f 6d 20 75 6e 64 65 72 20 43 43 2d 42 59 2d 34 2e 30 20 6c	d.by.DB-IP.com.under.CC-BY-4.0.l
a18e0	69 63 65 6e 73 65 2e 20 41 74 74 72 69 62 75 74 69 6f 6e 20 72 65 71 75 69 72 65 64 2c 20 70 65	icense..Attribution.required,.pe
a1900	72 6d 69 74 73 20 72 65 64 69 73 74 72 69 62 75 74 69 6f 6e 20 73 6f 20 77 65 20 63 61 6e 20 69	rmits.redistribution.so.we.can.i
a1920	6e 63 6c 75 64 65 20 61 20 64 61 74 61 62 61 73 65 20 69 6e 20 69 6d 61 67 65 73 28 7e 33 4d 42	nclude.a.database.in.images(~3MB
a1940	20 63 6f 6d 70 72 65 73 73 65 64 29 2e 20 49 6e 63 6c 75 64 65 73 20 63 72 6f 6e 20 73 63 72 69	.compressed)..Includes.cron.scri
a1960	70 74 20 28 6d 61 6e 75 61 6c 6c 79 20 63 61 6c 6c 61 62 6c 65 20 62 79 20 6f 70 2d 6d 6f 64 65	pt.(manually.callable.by.op-mode
a1980	20 75 70 64 61 74 65 20 67 65 6f 69 70 29 20 74 6f 20 6b 65 65 70 20 64 61 74 61 62 61 73 65 20	.update.geoip).to.keep.database.
a19a0	61 6e 64 20 72 75 6c 65 73 20 75 70 64 61 74 65 64 2e 00 44 65 62 75 67 00 44 65 62 75 67 2d 6c	and.rules.updated..Debug.Debug-l
a19c0	65 76 65 6c 20 6d 65 73 73 61 67 65 73 20 2d 20 4d 65 73 73 61 67 65 73 20 74 68 61 74 20 63 6f	evel.messages.-.Messages.that.co
a19e0	6e 74 61 69 6e 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 6e 6f 72 6d 61 6c 6c 79 20 6f 66 20 75 73	ntain.information.normally.of.us
a1a00	65 20 6f 6e 6c 79 20 77 68 65 6e 20 64 65 62 75 67 67 69 6e 67 20 61 20 70 72 6f 67 72 61 6d 2e	e.only.when.debugging.a.program.
a1a20	00 44 65 66 61 75 6c 74 00 44 65 66 61 75 6c 74 20 31 2e 00 44 65 66 61 75 6c 74 20 47 61 74 65	.Default.Default.1..Default.Gate
a1a40	77 61 79 2f 52 6f 75 74 65 00 44 65 66 61 75 6c 74 20 52 6f 75 74 65 72 20 50 72 65 66 65 72 65	way/Route.Default.Router.Prefere
a1a60	6e 63 65 00 44 65 66 61 75 6c 74 20 62 65 68 61 76 69 6f 72 20 2d 20 64 6f 6e 27 74 20 61 73 6b	nce.Default.behavior.-.don't.ask
a1a80	20 63 6c 69 65 6e 74 20 66 6f 72 20 6d 70 70 65 2c 20 62 75 74 20 61 6c 6c 6f 77 20 69 74 20 69	.client.for.mppe,.but.allow.it.i
a1aa0	66 20 63 6c 69 65 6e 74 20 77 61 6e 74 73 2e 20 50 6c 65 61 73 65 20 6e 6f 74 65 20 74 68 61 74	f.client.wants..Please.note.that
a1ac0	20 52 41 44 49 55 53 20 6d 61 79 20 6f 76 65 72 72 69 64 65 20 74 68 69 73 20 6f 70 74 69 6f 6e	.RADIUS.may.override.this.option
a1ae0	20 62 79 20 4d 53 2d 4d 50 50 45 2d 45 6e 63 72 79 70 74 69 6f 6e 2d 50 6f 6c 69 63 79 20 61 74	.by.MS-MPPE-Encryption-Policy.at
a1b00	74 72 69 62 75 74 65 2e 00 44 65 66 61 75 6c 74 20 67 61 74 65 77 61 79 20 61 6e 64 20 44 4e 53	tribute..Default.gateway.and.DNS
a1b20	20 73 65 72 76 65 72 20 69 73 20 61 74 20 60 31 39 32 2e 30 2e 32 2e 32 35 34 60 00 44 65 66 61	.server.is.at.`192.0.2.254`.Defa
a1b40	75 6c 74 20 69 73 20 35 31 32 20 4d 42 2e 20 55 73 65 20 30 20 4d 42 20 66 6f 72 20 75 6e 6c 69	ult.is.512.MB..Use.0.MB.for.unli
a1b60	6d 69 74 65 64 20 6d 65 6d 6f 72 79 2e 00 44 65 66 61 75 6c 74 20 69 73 20 60 60 61 6e 79 2d 61	mited.memory..Default.is.``any-a
a1b80	76 61 69 6c 61 62 6c 65 60 60 2e 00 44 65 66 61 75 6c 74 20 69 73 20 60 60 69 63 6d 70 60 60 2e	vailable``..Default.is.``icmp``.
a1ba0	00 44 65 66 61 75 6c 74 20 69 73 20 74 6f 20 64 65 74 65 63 74 73 20 70 68 79 73 69 63 61 6c 20	.Default.is.to.detects.physical.
a1bc0	6c 69 6e 6b 20 73 74 61 74 65 20 63 68 61 6e 67 65 73 2e 00 44 65 66 61 75 6c 74 20 70 6f 72 74	link.state.changes..Default.port
a1be0	20 69 73 20 33 31 32 38 2e 00 44 65 66 61 75 6c 74 3a 20 31 00 44 65 66 61 75 6c 74 73 20 74 6f	.is.3128..Default:.1.Defaults.to
a1c00	20 27 75 69 64 27 00 44 65 66 61 75 6c 74 73 20 74 6f 20 32 32 35 2e 30 2e 30 2e 35 30 2e 00 44	.'uid'.Defaults.to.225.0.0.50..D
a1c20	65 66 61 75 6c 74 73 20 74 6f 20 60 60 75 73 60 60 2e 00 44 65 66 69 6e 65 20 43 6f 6e 65 63 74	efaults.to.``us``..Define.Conect
a1c40	69 6f 6e 20 54 69 6d 65 6f 75 74 73 00 44 65 66 69 6e 65 20 49 50 76 34 2f 49 50 76 36 20 6d 61	ion.Timeouts.Define.IPv4/IPv6.ma
a1c60	6e 61 67 65 6d 65 6e 74 20 61 64 64 72 65 73 73 20 74 72 61 6e 73 6d 69 74 74 65 64 20 76 69 61	nagement.address.transmitted.via
a1c80	20 4c 4c 44 50 2e 20 4d 75 6c 74 69 70 6c 65 20 61 64 64 72 65 73 73 65 73 20 63 61 6e 20 62 65	.LLDP..Multiple.addresses.can.be
a1ca0	20 64 65 66 69 6e 65 64 2e 20 4f 6e 6c 79 20 61 64 64 72 65 73 73 65 73 20 63 6f 6e 6e 65 63 74	.defined..Only.addresses.connect
a1cc0	65 64 20 74 6f 20 74 68 65 20 73 79 73 74 65 6d 20 77 69 6c 6c 20 62 65 20 74 72 61 6e 73 6d 69	ed.to.the.system.will.be.transmi
a1ce0	74 74 65 64 2e 00 44 65 66 69 6e 65 20 61 20 49 50 76 34 20 6f 72 20 49 50 76 36 20 4e 65 74 77	tted..Define.a.IPv4.or.IPv6.Netw
a1d00	6f 72 6b 20 67 72 6f 75 70 2e 00 44 65 66 69 6e 65 20 61 20 49 50 76 34 20 6f 72 20 61 20 49 50	ork.group..Define.a.IPv4.or.a.IP
a1d20	76 36 20 61 64 64 72 65 73 73 20 67 72 6f 75 70 00 44 65 66 69 6e 65 20 61 20 5a 6f 6e 65 00 44	v6.address.group.Define.a.Zone.D
a1d40	65 66 69 6e 65 20 61 20 64 69 73 63 72 65 74 65 20 73 6f 75 72 63 65 20 49 50 20 61 64 64 72 65	efine.a.discrete.source.IP.addre
a1d60	73 73 20 6f 66 20 31 30 30 2e 36 34 2e 30 2e 31 20 66 6f 72 20 53 4e 41 54 20 72 75 6c 65 20 32	ss.of.100.64.0.1.for.SNAT.rule.2
a1d80	30 00 44 65 66 69 6e 65 20 61 20 64 6f 6d 61 69 6e 20 67 72 6f 75 70 2e 00 44 65 66 69 6e 65 20	0.Define.a.domain.group..Define.
a1da0	61 20 6d 61 63 20 67 72 6f 75 70 2e 00 44 65 66 69 6e 65 20 61 20 70 6f 72 74 20 67 72 6f 75 70	a.mac.group..Define.a.port.group
a1dc0	2e 20 41 20 70 6f 72 74 20 6e 61 6d 65 20 63 61 6e 20 62 65 20 61 6e 79 20 6e 61 6d 65 20 64 65	..A.port.name.can.be.any.name.de
a1de0	66 69 6e 65 64 20 69 6e 20 2f 65 74 63 2f 73 65 72 76 69 63 65 73 2e 20 65 2e 67 2e 3a 20 68 74	fined.in./etc/services..e.g.:.ht
a1e00	74 70 00 44 65 66 69 6e 65 20 61 6c 6c 6f 77 65 64 20 63 69 70 68 65 72 73 20 75 73 65 64 20 66	tp.Define.allowed.ciphers.used.f
a1e20	6f 72 20 74 68 65 20 53 53 48 20 63 6f 6e 6e 65 63 74 69 6f 6e 2e 20 41 20 6e 75 6d 62 65 72 20	or.the.SSH.connection..A.number.
a1e40	6f 66 20 61 6c 6c 6f 77 65 64 20 63 69 70 68 65 72 73 20 63 61 6e 20 62 65 20 73 70 65 63 69 66	of.allowed.ciphers.can.be.specif
a1e60	69 65 64 2c 20 75 73 65 20 6d 75 6c 74 69 70 6c 65 20 6f 63 63 75 72 72 65 6e 63 65 73 20 74 6f	ied,.use.multiple.occurrences.to
a1e80	20 61 6c 6c 6f 77 20 6d 75 6c 74 69 70 6c 65 20 63 69 70 68 65 72 73 2e 00 44 65 66 69 6e 65 20	.allow.multiple.ciphers..Define.
a1ea0	61 6e 20 69 6e 74 65 72 66 61 63 65 20 67 72 6f 75 70 2e 20 57 69 6c 64 63 61 72 64 20 61 72 65	an.interface.group..Wildcard.are
a1ec0	20 61 63 63 65 70 74 65 64 20 74 6f 6f 2e 00 44 65 66 69 6e 65 20 62 65 68 61 76 69 6f 72 20 66	.accepted.too..Define.behavior.f
a1ee0	6f 72 20 67 72 61 74 75 69 74 6f 75 73 20 41 52 50 20 66 72 61 6d 65 73 20 77 68 6f 27 73 20 49	or.gratuitous.ARP.frames.who's.I
a1f00	50 20 69 73 20 6e 6f 74 20 61 6c 72 65 61 64 79 20 70 72 65 73 65 6e 74 20 69 6e 20 74 68 65 20	P.is.not.already.present.in.the.
a1f20	41 52 50 20 74 61 62 6c 65 2e 20 49 66 20 63 6f 6e 66 69 67 75 72 65 64 20 63 72 65 61 74 65 20	ARP.table..If.configured.create.
a1f40	6e 65 77 20 65 6e 74 72 69 65 73 20 69 6e 20 74 68 65 20 41 52 50 20 74 61 62 6c 65 2e 00 44 65	new.entries.in.the.ARP.table..De
a1f60	66 69 6e 65 20 64 69 66 66 65 72 65 6e 74 20 6d 6f 64 65 73 20 66 6f 72 20 49 50 20 64 69 72 65	fine.different.modes.for.IP.dire
a1f80	63 74 65 64 20 62 72 6f 61 64 63 61 73 74 20 66 6f 72 77 61 72 64 69 6e 67 20 61 73 20 64 65 73	cted.broadcast.forwarding.as.des
a1fa0	63 72 69 62 65 64 20 69 6e 20 3a 72 66 63 3a 60 31 38 31 32 60 20 61 6e 64 20 3a 72 66 63 3a 60	cribed.in.:rfc:`1812`.and.:rfc:`
a1fc0	32 36 34 34 60 2e 00 44 65 66 69 6e 65 20 64 69 66 66 65 72 65 6e 74 20 6d 6f 64 65 73 20 66 6f	2644`..Define.different.modes.fo
a1fe0	72 20 73 65 6e 64 69 6e 67 20 72 65 70 6c 69 65 73 20 69 6e 20 72 65 73 70 6f 6e 73 65 20 74 6f	r.sending.replies.in.response.to
a2000	20 72 65 63 65 69 76 65 64 20 41 52 50 20 72 65 71 75 65 73 74 73 20 74 68 61 74 20 72 65 73 6f	.received.ARP.requests.that.reso
a2020	6c 76 65 20 6c 6f 63 61 6c 20 74 61 72 67 65 74 20 49 50 20 61 64 64 72 65 73 73 65 73 3a 00 44	lve.local.target.IP.addresses:.D
a2040	65 66 69 6e 65 20 64 69 66 66 65 72 65 6e 74 20 72 65 73 74 72 69 63 74 69 6f 6e 20 6c 65 76 65	efine.different.restriction.leve
a2060	6c 73 20 66 6f 72 20 61 6e 6e 6f 75 6e 63 69 6e 67 20 74 68 65 20 6c 6f 63 61 6c 20 73 6f 75 72	ls.for.announcing.the.local.sour
a2080	63 65 20 49 50 20 61 64 64 72 65 73 73 20 66 72 6f 6d 20 49 50 20 70 61 63 6b 65 74 73 20 69 6e	ce.IP.address.from.IP.packets.in
a20a0	20 41 52 50 20 72 65 71 75 65 73 74 73 20 73 65 6e 74 20 6f 6e 20 69 6e 74 65 72 66 61 63 65 2e	.ARP.requests.sent.on.interface.
a20c0	00 44 65 66 69 6e 65 20 6c 65 6e 67 74 68 20 6f 66 20 70 61 63 6b 65 74 20 70 61 79 6c 6f 61 64	.Define.length.of.packet.payload
a20e0	20 74 6f 20 69 6e 63 6c 75 64 65 20 69 6e 20 6e 65 74 6c 69 6e 6b 20 6d 65 73 73 61 67 65 2e 20	.to.include.in.netlink.message..
a2100	4f 6e 6c 79 20 61 70 70 6c 69 63 61 62 6c 65 20 69 66 20 72 75 6c 65 20 6c 6f 67 20 69 73 20 65	Only.applicable.if.rule.log.is.e
a2120	6e 61 62 6c 65 20 61 6e 64 20 6c 6f 67 20 67 72 6f 75 70 20 69 73 20 64 65 66 69 6e 65 64 2e 00	nable.and.log.group.is.defined..
a2140	44 65 66 69 6e 65 20 6c 6f 67 20 67 72 6f 75 70 20 74 6f 20 73 65 6e 64 20 6d 65 73 73 61 67 65	Define.log.group.to.send.message
a2160	20 74 6f 2e 20 4f 6e 6c 79 20 61 70 70 6c 69 63 61 62 6c 65 20 69 66 20 72 75 6c 65 20 6c 6f 67	.to..Only.applicable.if.rule.log
a2180	20 69 73 20 65 6e 61 62 6c 65 2e 00 44 65 66 69 6e 65 20 6c 6f 67 2d 6c 65 76 65 6c 2e 20 4f 6e	.is.enable..Define.log-level..On
a21a0	6c 79 20 61 70 70 6c 69 63 61 62 6c 65 20 69 66 20 72 75 6c 65 20 6c 6f 67 20 69 73 20 65 6e 61	ly.applicable.if.rule.log.is.ena
a21c0	62 6c 65 2e 00 44 65 66 69 6e 65 20 6e 75 6d 62 65 72 20 6f 66 20 70 61 63 6b 65 74 73 20 74 6f	ble..Define.number.of.packets.to
a21e0	20 71 75 65 75 65 20 69 6e 73 69 64 65 20 74 68 65 20 6b 65 72 6e 65 6c 20 62 65 66 6f 72 65 20	.queue.inside.the.kernel.before.
a2200	73 65 6e 64 69 6e 67 20 74 68 65 6d 20 74 6f 20 75 73 65 72 73 70 61 63 65 2e 20 4f 6e 6c 79 20	sending.them.to.userspace..Only.
a2220	61 70 70 6c 69 63 61 62 6c 65 20 69 66 20 72 75 6c 65 20 6c 6f 67 20 69 73 20 65 6e 61 62 6c 65	applicable.if.rule.log.is.enable
a2240	20 61 6e 64 20 6c 6f 67 20 67 72 6f 75 70 20 69 73 20 64 65 66 69 6e 65 64 2e 00 44 65 66 69 6e	.and.log.group.is.defined..Defin
a2260	65 20 74 68 65 20 74 69 6d 65 20 69 6e 74 65 72 76 61 6c 20 74 6f 20 75 70 64 61 74 65 20 74 68	e.the.time.interval.to.update.th
a2280	65 20 6c 6f 63 61 6c 20 63 61 63 68 65 00 44 65 66 69 6e 65 20 74 68 65 20 7a 6f 6e 65 20 61 73	e.local.cache.Define.the.zone.as
a22a0	20 61 20 6c 6f 63 61 6c 20 7a 6f 6e 65 2e 20 41 20 6c 6f 63 61 6c 20 7a 6f 6e 65 20 68 61 73 20	.a.local.zone..A.local.zone.has.
a22c0	6e 6f 20 69 6e 74 65 72 66 61 63 65 73 20 61 6e 64 20 77 69 6c 6c 20 62 65 20 61 70 70 6c 69 65	no.interfaces.and.will.be.applie
a22e0	64 20 74 6f 20 74 68 65 20 72 6f 75 74 65 72 20 69 74 73 65 6c 66 2e 00 44 65 66 69 6e 65 64 20	d.to.the.router.itself..Defined.
a2300	74 68 65 20 49 50 76 34 2c 20 49 50 76 36 20 6f 72 20 46 51 44 4e 20 61 6e 64 20 70 6f 72 74 20	the.IPv4,.IPv6.or.FQDN.and.port.
a2320	6e 75 6d 62 65 72 20 6f 66 20 74 68 65 20 63 61 63 68 69 6e 67 20 52 50 4b 49 20 63 61 63 68 69	number.of.the.caching.RPKI.cachi
a2340	6e 67 20 69 6e 73 74 61 6e 63 65 20 77 68 69 63 68 20 69 73 20 75 73 65 64 2e 00 44 65 66 69 6e	ng.instance.which.is.used..Defin
a2360	65 73 20 61 6c 74 65 72 6e 61 74 65 20 73 6f 75 72 63 65 73 20 66 6f 72 20 6d 75 6c 74 69 63 61	es.alternate.sources.for.multica
a2380	73 74 69 6e 67 20 61 6e 64 20 49 47 4d 50 20 64 61 74 61 2e 20 54 68 65 20 6e 65 74 77 6f 72 6b	sting.and.IGMP.data..The.network
a23a0	20 61 64 64 72 65 73 73 20 6d 75 73 74 20 62 65 20 6f 6e 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e	.address.must.be.on.the.followin
a23c0	67 20 66 6f 72 6d 61 74 20 27 61 2e 62 2e 63 2e 64 2f 6e 27 2e 20 42 79 20 64 65 66 61 75 6c 74	g.format.'a.b.c.d/n'..By.default
a23e0	2c 20 74 68 65 20 72 6f 75 74 65 72 20 77 69 6c 6c 20 61 63 63 65 70 74 20 64 61 74 61 20 66 72	,.the.router.will.accept.data.fr
a2400	6f 6d 20 73 6f 75 72 63 65 73 20 6f 6e 20 74 68 65 20 73 61 6d 65 20 6e 65 74 77 6f 72 6b 20 61	om.sources.on.the.same.network.a
a2420	73 20 63 6f 6e 66 69 67 75 72 65 64 20 6f 6e 20 61 6e 20 69 6e 74 65 72 66 61 63 65 2e 20 49 66	s.configured.on.an.interface..If
a2440	20 74 68 65 20 6d 75 6c 74 69 63 61 73 74 20 73 6f 75 72 63 65 20 6c 69 65 73 20 6f 6e 20 61 20	.the.multicast.source.lies.on.a.
a2460	72 65 6d 6f 74 65 20 6e 65 74 77 6f 72 6b 2c 20 6f 6e 65 20 6d 75 73 74 20 64 65 66 69 6e 65 20	remote.network,.one.must.define.
a2480	66 72 6f 6d 20 77 68 65 72 65 20 74 72 61 66 66 69 63 20 73 68 6f 75 6c 64 20 62 65 20 61 63 63	from.where.traffic.should.be.acc
a24a0	65 70 74 65 64 2e 00 44 65 66 69 6e 65 73 20 61 6e 20 6f 66 66 2d 4e 42 4d 41 20 6e 65 74 77 6f	epted..Defines.an.off-NBMA.netwo
a24c0	72 6b 20 70 72 65 66 69 78 20 66 6f 72 20 77 68 69 63 68 20 74 68 65 20 47 52 45 20 69 6e 74 65	rk.prefix.for.which.the.GRE.inte
a24e0	72 66 61 63 65 20 77 69 6c 6c 20 61 63 74 20 61 73 20 61 20 67 61 74 65 77 61 79 2e 20 54 68 69	rface.will.act.as.a.gateway..Thi
a2500	73 20 61 6e 20 61 6c 74 65 72 6e 61 74 69 76 65 20 74 6f 20 64 65 66 69 6e 69 6e 67 20 6c 6f 63	s.an.alternative.to.defining.loc
a2520	61 6c 20 69 6e 74 65 72 66 61 63 65 73 20 77 69 74 68 20 73 68 6f 72 74 63 75 74 2d 64 65 73 74	al.interfaces.with.shortcut-dest
a2540	69 6e 61 74 69 6f 6e 20 66 6c 61 67 2e 00 44 65 66 69 6e 65 73 20 62 6c 61 63 6b 68 6f 6c 65 20	ination.flag..Defines.blackhole.
a2560	64 69 73 74 61 6e 63 65 20 66 6f 72 20 74 68 69 73 20 72 6f 75 74 65 2c 20 72 6f 75 74 65 73 20	distance.for.this.route,.routes.
a2580	77 69 74 68 20 73 6d 61 6c 6c 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 64 69 73 74	with.smaller.administrative.dist
a25a0	61 6e 63 65 20 61 72 65 20 65 6c 65 63 74 65 64 20 70 72 69 6f 72 20 74 6f 20 74 68 6f 73 65 20	ance.are.elected.prior.to.those.
a25c0	77 69 74 68 20 61 20 68 69 67 68 65 72 20 64 69 73 74 61 6e 63 65 2e 00 44 65 66 69 6e 65 73 20	with.a.higher.distance..Defines.
a25e0	6e 65 78 74 2d 68 6f 70 20 64 69 73 74 61 6e 63 65 20 66 6f 72 20 74 68 69 73 20 72 6f 75 74 65	next-hop.distance.for.this.route
a2600	2c 20 72 6f 75 74 65 73 20 77 69 74 68 20 73 6d 61 6c 6c 65 72 20 61 64 6d 69 6e 69 73 74 72 61	,.routes.with.smaller.administra
a2620	74 69 76 65 20 64 69 73 74 61 6e 63 65 20 61 72 65 20 65 6c 65 63 74 65 64 20 70 72 69 6f 72 20	tive.distance.are.elected.prior.
a2640	74 6f 20 74 68 6f 73 65 20 77 69 74 68 20 61 20 68 69 67 68 65 72 20 64 69 73 74 61 6e 63 65 2e	to.those.with.a.higher.distance.
a2660	00 44 65 66 69 6e 65 73 20 70 72 6f 74 6f 63 6f 6c 73 20 66 6f 72 20 63 68 65 63 6b 69 6e 67 20	.Defines.protocols.for.checking.
a2680	41 52 50 2c 20 49 43 4d 50 2c 20 54 43 50 00 44 65 66 69 6e 65 73 20 74 68 65 20 6d 61 78 69 6d	ARP,.ICMP,.TCP.Defines.the.maxim
a26a0	75 6d 20 60 3c 6e 75 6d 62 65 72 3e 60 20 6f 66 20 75 6e 61 6e 73 77 65 72 65 64 20 65 63 68 6f	um.`<number>`.of.unanswered.echo
a26c0	20 72 65 71 75 65 73 74 73 2e 20 55 70 6f 6e 20 72 65 61 63 68 69 6e 67 20 74 68 65 20 76 61 6c	.requests..Upon.reaching.the.val
a26e0	75 65 20 60 3c 6e 75 6d 62 65 72 3e 60 2c 20 74 68 65 20 73 65 73 73 69 6f 6e 20 77 69 6c 6c 20	ue.`<number>`,.the.session.will.
a2700	62 65 20 72 65 73 65 74 2e 00 44 65 66 69 6e 65 73 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20	be.reset..Defines.the.specified.
a2720	64 65 76 69 63 65 20 61 73 20 61 20 73 79 73 74 65 6d 20 63 6f 6e 73 6f 6c 65 2e 20 41 76 61 69	device.as.a.system.console..Avai
a2740	6c 61 62 6c 65 20 63 6f 6e 73 6f 6c 65 20 64 65 76 69 63 65 73 20 63 61 6e 20 62 65 20 28 73 65	lable.console.devices.can.be.(se
a2760	65 20 63 6f 6d 70 6c 65 74 69 6f 6e 20 68 65 6c 70 65 72 29 3a 00 44 65 66 69 6e 69 6e 67 20 50	e.completion.helper):.Defining.P
a2780	65 65 72 73 00 44 65 6c 65 67 61 74 65 20 70 72 65 66 69 78 65 73 20 66 72 6f 6d 20 74 68 65 20	eers.Delegate.prefixes.from.the.
a27a0	72 61 6e 67 65 20 69 6e 64 69 63 61 74 65 64 20 62 79 20 74 68 65 20 73 74 61 72 74 20 61 6e 64	range.indicated.by.the.start.and
a27c0	20 73 74 6f 70 20 71 75 61 6c 69 66 69 65 72 2e 00 44 65 6c 65 74 65 20 42 47 50 20 63 6f 6d 6d	.stop.qualifier..Delete.BGP.comm
a27e0	75 6e 69 74 69 65 73 20 6d 61 74 63 68 69 6e 67 20 74 68 65 20 63 6f 6d 6d 75 6e 69 74 79 2d 6c	unities.matching.the.community-l
a2800	69 73 74 2e 00 44 65 6c 65 74 65 20 42 47 50 20 63 6f 6d 6d 75 6e 69 74 69 65 73 20 6d 61 74 63	ist..Delete.BGP.communities.matc
a2820	68 69 6e 67 20 74 68 65 20 6c 61 72 67 65 2d 63 6f 6d 6d 75 6e 69 74 79 2d 6c 69 73 74 2e 00 44	hing.the.large-community-list..D
a2840	65 6c 65 74 65 20 4c 6f 67 73 00 44 65 6c 65 74 65 20 61 6c 6c 20 42 47 50 20 63 6f 6d 6d 75 6e	elete.Logs.Delete.all.BGP.commun
a2860	69 74 69 65 73 00 44 65 6c 65 74 65 20 61 6c 6c 20 42 47 50 20 6c 61 72 67 65 2d 63 6f 6d 6d 75	ities.Delete.all.BGP.large-commu
a2880	6e 69 74 69 65 73 00 44 65 6c 65 74 65 20 64 65 66 61 75 6c 74 20 72 6f 75 74 65 20 66 72 6f 6d	nities.Delete.default.route.from
a28a0	20 74 68 65 20 73 79 73 74 65 6d 2e 00 44 65 6c 65 74 65 73 20 74 68 65 20 73 70 65 63 69 66 69	.the.system..Deletes.the.specifi
a28c0	65 64 20 75 73 65 72 2d 64 65 66 69 6e 65 64 20 66 69 6c 65 20 3c 74 65 78 74 3e 20 69 6e 20 74	ed.user-defined.file.<text>.in.t
a28e0	68 65 20 2f 76 61 72 2f 6c 6f 67 2f 75 73 65 72 20 64 69 72 65 63 74 6f 72 79 00 44 65 70 65 6e	he./var/log/user.directory.Depen
a2900	64 69 6e 67 20 6f 6e 20 74 68 65 20 6c 6f 63 61 74 69 6f 6e 2c 20 6e 6f 74 20 61 6c 6c 20 6f 66	ding.on.the.location,.not.all.of
a2920	20 74 68 65 73 65 20 63 68 61 6e 6e 65 6c 73 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65	.these.channels.may.be.available
a2940	20 66 6f 72 20 75 73 65 21 00 44 65 73 63 72 69 70 74 69 6f 6e 00 44 65 73 70 69 74 65 20 74 68	.for.use!.Description.Despite.th
a2960	65 20 44 72 6f 70 2d 54 61 69 6c 20 70 6f 6c 69 63 79 20 64 6f 65 73 20 6e 6f 74 20 73 6c 6f 77	e.Drop-Tail.policy.does.not.slow
a2980	20 64 6f 77 6e 20 70 61 63 6b 65 74 73 2c 20 69 66 20 6d 61 6e 79 20 70 61 63 6b 65 74 73 20 61	.down.packets,.if.many.packets.a
a29a0	72 65 20 74 6f 20 62 65 20 73 65 6e 74 2c 20 74 68 65 79 20 63 6f 75 6c 64 20 67 65 74 20 64 72	re.to.be.sent,.they.could.get.dr
a29c0	6f 70 70 65 64 20 77 68 65 6e 20 74 72 79 69 6e 67 20 74 6f 20 67 65 74 20 65 6e 71 75 65 75 65	opped.when.trying.to.get.enqueue
a29e0	64 20 61 74 20 74 68 65 20 74 61 69 6c 2e 20 54 68 69 73 20 63 61 6e 20 68 61 70 70 65 6e 20 69	d.at.the.tail..This.can.happen.i
a2a00	66 20 74 68 65 20 71 75 65 75 65 20 68 61 73 20 73 74 69 6c 6c 20 6e 6f 74 20 62 65 65 6e 20 61	f.the.queue.has.still.not.been.a
a2a20	62 6c 65 20 74 6f 20 72 65 6c 65 61 73 65 20 65 6e 6f 75 67 68 20 70 61 63 6b 65 74 73 20 66 72	ble.to.release.enough.packets.fr
a2a40	6f 6d 20 69 74 73 20 68 65 61 64 2e 00 44 65 73 70 69 74 65 20 74 68 65 20 66 61 63 74 20 74 68	om.its.head..Despite.the.fact.th
a2a60	61 74 20 41 44 20 69 73 20 61 20 73 75 70 65 72 73 65 74 20 6f 66 20 4c 44 41 50 00 44 65 73 74	at.AD.is.a.superset.of.LDAP.Dest
a2a80	69 6e 61 74 69 6f 6e 20 41 64 64 72 65 73 73 00 44 65 73 74 69 6e 61 74 69 6f 6e 20 4e 41 54 00	ination.Address.Destination.NAT.
a2aa0	44 65 73 74 69 6e 61 74 69 6f 6e 20 50 72 65 66 69 78 00 44 65 74 61 69 6c 65 64 20 69 6e 66 6f	Destination.Prefix.Detailed.info
a2ac0	72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 22 63 69 73 63 6f 22 20 61 6e 64 20 22 69 62 6d 22 20	rmation.about."cisco".and."ibm".
a2ae0	6d 6f 64 65 6c 73 20 64 69 66 66 65 72 65 6e 63 65 73 20 63 61 6e 20 62 65 20 66 6f 75 6e 64 20	models.differences.can.be.found.
a2b00	69 6e 20 3a 72 66 63 3a 60 33 35 30 39 60 2e 20 41 20 22 73 68 6f 72 74 63 75 74 22 20 6d 6f 64	in.:rfc:`3509`..A."shortcut".mod
a2b20	65 6c 20 61 6c 6c 6f 77 73 20 41 42 52 20 74 6f 20 63 72 65 61 74 65 20 72 6f 75 74 65 73 20 62	el.allows.ABR.to.create.routes.b
a2b40	65 74 77 65 65 6e 20 61 72 65 61 73 20 62 61 73 65 64 20 6f 6e 20 74 68 65 20 74 6f 70 6f 6c 6f	etween.areas.based.on.the.topolo
a2b60	67 79 20 6f 66 20 74 68 65 20 61 72 65 61 73 20 63 6f 6e 6e 65 63 74 65 64 20 74 6f 20 74 68 69	gy.of.the.areas.connected.to.thi
a2b80	73 20 72 6f 75 74 65 72 20 62 75 74 20 6e 6f 74 20 75 73 69 6e 67 20 61 20 62 61 63 6b 62 6f 6e	s.router.but.not.using.a.backbon
a2ba0	65 20 61 72 65 61 20 69 6e 20 63 61 73 65 20 69 66 20 6e 6f 6e 2d 62 61 63 6b 62 6f 6e 65 20 72	e.area.in.case.if.non-backbone.r
a2bc0	6f 75 74 65 20 77 69 6c 6c 20 62 65 20 63 68 65 61 70 65 72 2e 20 46 6f 72 20 6d 6f 72 65 20 69	oute.will.be.cheaper..For.more.i
a2be0	6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 22 73 68 6f 72 74 63 75 74 22 20 6d 6f 64 65	nformation.about."shortcut".mode
a2c00	6c 2c 20 73 65 65 20 3a 74 3a 60 6f 73 70 66 2d 73 68 6f 72 74 63 75 74 2d 61 62 72 2d 30 32 2e	l,.see.:t:`ospf-shortcut-abr-02.
a2c20	74 78 74 60 00 44 65 74 65 72 6d 69 6e 65 73 20 68 6f 77 20 6f 70 65 6e 6e 68 72 70 20 64 61 65	txt`.Determines.how.opennhrp.dae
a2c40	6d 6f 6e 20 73 68 6f 75 6c 64 20 73 6f 66 74 20 73 77 69 74 63 68 20 74 68 65 20 6d 75 6c 74 69	mon.should.soft.switch.the.multi
a2c60	63 61 73 74 20 74 72 61 66 66 69 63 2e 20 43 75 72 72 65 6e 74 6c 79 2c 20 6d 75 6c 74 69 63 61	cast.traffic..Currently,.multica
a2c80	73 74 20 74 72 61 66 66 69 63 20 69 73 20 63 61 70 74 75 72 65 64 20 62 79 20 6f 70 65 6e 6e 68	st.traffic.is.captured.by.opennh
a2ca0	72 70 20 64 61 65 6d 6f 6e 20 75 73 69 6e 67 20 61 20 70 61 63 6b 65 74 20 73 6f 63 6b 65 74 2c	rp.daemon.using.a.packet.socket,
a2cc0	20 61 6e 64 20 72 65 73 65 6e 74 20 62 61 63 6b 20 74 6f 20 70 72 6f 70 65 72 20 64 65 73 74 69	.and.resent.back.to.proper.desti
a2ce0	6e 61 74 69 6f 6e 73 2e 20 54 68 69 73 20 6d 65 61 6e 73 20 74 68 61 74 20 6d 75 6c 74 69 63 61	nations..This.means.that.multica
a2d00	73 74 20 70 61 63 6b 65 74 20 73 65 6e 64 69 6e 67 20 69 73 20 43 50 55 20 69 6e 74 65 6e 73 69	st.packet.sending.is.CPU.intensi
a2d20	76 65 2e 00 44 65 76 69 63 65 20 69 73 20 69 6e 63 61 70 61 62 6c 65 20 6f 66 20 34 30 20 4d 48	ve..Device.is.incapable.of.40.MH
a2d40	7a 2c 20 64 6f 20 6e 6f 74 20 61 64 76 65 72 74 69 73 65 2e 20 54 68 69 73 20 73 65 74 73 20 60	z,.do.not.advertise..This.sets.`
a2d60	60 5b 34 30 2d 49 4e 54 4f 4c 45 52 41 4e 54 5d 60 60 00 44 65 76 69 63 65 73 20 65 76 61 6c 75	`[40-INTOLERANT]``.Devices.evalu
a2d80	61 74 69 6e 67 20 77 68 65 74 68 65 72 20 61 6e 20 49 50 76 34 20 61 64 64 72 65 73 73 20 69 73	ating.whether.an.IPv4.address.is
a2da0	20 70 75 62 6c 69 63 20 6d 75 73 74 20 62 65 20 75 70 64 61 74 65 64 20 74 6f 20 72 65 63 6f 67	.public.must.be.updated.to.recog
a2dc0	6e 69 7a 65 20 74 68 65 20 6e 65 77 20 61 64 64 72 65 73 73 20 73 70 61 63 65 2e 20 41 6c 6c 6f	nize.the.new.address.space..Allo
a2de0	63 61 74 69 6e 67 20 6d 6f 72 65 20 70 72 69 76 61 74 65 20 49 50 76 34 20 61 64 64 72 65 73 73	cating.more.private.IPv4.address
a2e00	20 73 70 61 63 65 20 66 6f 72 20 4e 41 54 20 64 65 76 69 63 65 73 20 6d 69 67 68 74 20 70 72 6f	.space.for.NAT.devices.might.pro
a2e20	6c 6f 6e 67 20 74 68 65 20 74 72 61 6e 73 69 74 69 6f 6e 20 74 6f 20 49 50 76 36 2e 00 44 69 66	long.the.transition.to.IPv6..Dif
a2e40	66 65 72 65 6e 74 20 4e 41 54 20 54 79 70 65 73 00 44 69 66 66 69 65 2d 48 65 6c 6c 6d 61 6e 20	ferent.NAT.Types.Diffie-Hellman.
a2e60	70 61 72 61 6d 65 74 65 72 73 00 44 69 73 61 62 6c 65 20 4d 4c 44 20 72 65 70 6f 72 74 73 20 61	parameters.Disable.MLD.reports.a
a2e80	6e 64 20 71 75 65 72 79 20 6f 6e 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 2e 00 44 69 73 61 62	nd.query.on.the.interface..Disab
a2ea0	6c 65 20 60 3c 75 73 65 72 3e 60 20 61 63 63 6f 75 6e 74 2e 00 44 69 73 61 62 6c 65 20 61 20 42	le.`<user>`.account..Disable.a.B
a2ec0	46 44 20 70 65 65 72 00 44 69 73 61 62 6c 65 20 61 20 63 6f 6e 74 61 69 6e 65 72 2e 00 44 69 73	FD.peer.Disable.a.container..Dis
a2ee0	61 62 6c 65 20 64 68 63 70 2d 72 65 6c 61 79 20 73 65 72 76 69 63 65 2e 00 44 69 73 61 62 6c 65	able.dhcp-relay.service..Disable
a2f00	20 64 68 63 70 76 36 2d 72 65 6c 61 79 20 73 65 72 76 69 63 65 2e 00 44 69 73 61 62 6c 65 20 67	.dhcpv6-relay.service..Disable.g
a2f20	69 76 65 6e 20 60 3c 69 6e 74 65 72 66 61 63 65 3e 60 2e 20 49 74 20 77 69 6c 6c 20 62 65 20 70	iven.`<interface>`..It.will.be.p
a2f40	6c 61 63 65 64 20 69 6e 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 6c 79 20 64 6f 77 6e 20 28	laced.in.administratively.down.(
a2f60	60 60 41 2f 44 60 60 29 20 73 74 61 74 65 2e 00 44 69 73 61 62 6c 65 20 69 6d 6d 65 64 69 61 74	``A/D``).state..Disable.immediat
a2f80	65 20 73 65 73 73 69 6f 6e 20 72 65 73 65 74 20 69 66 20 70 65 65 72 27 73 20 63 6f 6e 6e 65 63	e.session.reset.if.peer's.connec
a2fa0	74 65 64 20 6c 69 6e 6b 20 67 6f 65 73 20 64 6f 77 6e 2e 00 44 69 73 61 62 6c 65 20 70 61 73 73	ted.link.goes.down..Disable.pass
a2fc0	77 6f 72 64 20 62 61 73 65 64 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 2e 20 4c 6f 67 69 6e	word.based.authentication..Login
a2fe0	20 76 69 61 20 53 53 48 20 6b 65 79 73 20 6f 6e 6c 79 2e 20 54 68 69 73 20 68 61 72 64 65 6e 73	.via.SSH.keys.only..This.hardens
a3000	20 73 65 63 75 72 69 74 79 21 00 44 69 73 61 62 6c 65 20 74 68 65 20 68 6f 73 74 20 76 61 6c 69	.security!.Disable.the.host.vali
a3020	64 61 74 69 6f 6e 20 74 68 72 6f 75 67 68 20 72 65 76 65 72 73 65 20 44 4e 53 20 6c 6f 6f 6b 75	dation.through.reverse.DNS.looku
a3040	70 73 20 2d 20 63 61 6e 20 73 70 65 65 64 75 70 20 6c 6f 67 69 6e 20 74 69 6d 65 20 77 68 65 6e	ps.-.can.speedup.login.time.when
a3060	20 72 65 76 65 72 73 65 20 6c 6f 6f 6b 75 70 20 69 73 20 6e 6f 74 20 70 6f 73 73 69 62 6c 65 2e	.reverse.lookup.is.not.possible.
a3080	00 44 69 73 61 62 6c 65 20 74 68 65 20 70 65 65 72 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 00	.Disable.the.peer.configuration.
a30a0	44 69 73 61 62 6c 65 20 74 68 69 73 20 49 50 76 34 20 73 74 61 74 69 63 20 72 6f 75 74 65 20 65	Disable.this.IPv4.static.route.e
a30c0	6e 74 72 79 2e 00 44 69 73 61 62 6c 65 20 74 68 69 73 20 49 50 76 36 20 73 74 61 74 69 63 20 72	ntry..Disable.this.IPv6.static.r
a30e0	6f 75 74 65 20 65 6e 74 72 79 2e 00 44 69 73 61 62 6c 65 20 74 68 69 73 20 73 65 72 76 69 63 65	oute.entry..Disable.this.service
a3100	2e 00 44 69 73 61 62 6c 65 20 74 72 61 6e 73 6d 69 74 20 6f 66 20 4c 4c 44 50 20 66 72 61 6d 65	..Disable.transmit.of.LLDP.frame
a3120	73 20 6f 6e 20 67 69 76 65 6e 20 60 3c 69 6e 74 65 72 66 61 63 65 3e 60 2e 20 55 73 65 66 75 6c	s.on.given.`<interface>`..Useful
a3140	20 74 6f 20 65 78 63 6c 75 64 65 20 63 65 72 74 61 69 6e 20 69 6e 74 65 72 66 61 63 65 73 20 66	.to.exclude.certain.interfaces.f
a3160	72 6f 6d 20 4c 4c 44 50 20 77 68 65 6e 20 60 60 61 6c 6c 60 60 20 68 61 76 65 20 62 65 65 6e 20	rom.LLDP.when.``all``.have.been.
a3180	65 6e 61 62 6c 65 64 2e 00 44 69 73 61 62 6c 65 64 20 62 79 20 64 65 66 61 75 6c 74 20 2d 20 6e	enabled..Disabled.by.default.-.n
a31a0	6f 20 6b 65 72 6e 65 6c 20 6d 6f 64 75 6c 65 20 6c 6f 61 64 65 64 2e 00 44 69 73 61 62 6c 65 73	o.kernel.module.loaded..Disables
a31c0	20 63 61 63 68 69 6e 67 20 6f 66 20 70 65 65 72 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 66 72 6f	.caching.of.peer.information.fro
a31e0	6d 20 66 6f 72 77 61 72 64 65 64 20 4e 48 52 50 20 52 65 73 6f 6c 75 74 69 6f 6e 20 52 65 70 6c	m.forwarded.NHRP.Resolution.Repl
a3200	79 20 70 61 63 6b 65 74 73 2e 20 54 68 69 73 20 63 61 6e 20 62 65 20 75 73 65 64 20 74 6f 20 72	y.packets..This.can.be.used.to.r
a3220	65 64 75 63 65 20 6d 65 6d 6f 72 79 20 63 6f 6e 73 75 6d 70 74 69 6f 6e 20 6f 6e 20 62 69 67 20	educe.memory.consumption.on.big.
a3240	4e 42 4d 41 20 73 75 62 6e 65 74 73 2e 00 44 69 73 61 62 6c 65 73 20 69 6e 74 65 72 66 61 63 65	NBMA.subnets..Disables.interface
a3260	2d 62 61 73 65 64 20 49 50 76 34 20 73 74 61 74 69 63 20 72 6f 75 74 65 2e 00 44 69 73 61 62 6c	-based.IPv4.static.route..Disabl
a3280	65 73 20 69 6e 74 65 72 66 61 63 65 2d 62 61 73 65 64 20 49 50 76 36 20 73 74 61 74 69 63 20 72	es.interface-based.IPv6.static.r
a32a0	6f 75 74 65 2e 00 44 69 73 61 62 6c 65 73 20 71 75 69 63 6b 6c 65 61 76 65 20 6d 6f 64 65 2e 20	oute..Disables.quickleave.mode..
a32c0	49 6e 20 74 68 69 73 20 6d 6f 64 65 20 74 68 65 20 64 61 65 6d 6f 6e 20 77 69 6c 6c 20 6e 6f 74	In.this.mode.the.daemon.will.not
a32e0	20 73 65 6e 64 20 61 20 4c 65 61 76 65 20 49 47 4d 50 20 6d 65 73 73 61 67 65 20 75 70 73 74 72	.send.a.Leave.IGMP.message.upstr
a3300	65 61 6d 20 61 73 20 73 6f 6f 6e 20 61 73 20 69 74 20 72 65 63 65 69 76 65 73 20 61 20 4c 65 61	eam.as.soon.as.it.receives.a.Lea
a3320	76 65 20 6d 65 73 73 61 67 65 20 66 6f 72 20 61 6e 79 20 64 6f 77 6e 73 74 72 65 61 6d 20 69 6e	ve.message.for.any.downstream.in
a3340	74 65 72 66 61 63 65 2e 20 54 68 65 20 64 61 65 6d 6f 6e 20 77 69 6c 6c 20 6e 6f 74 20 61 73 6b	terface..The.daemon.will.not.ask
a3360	20 66 6f 72 20 4d 65 6d 62 65 72 73 68 69 70 20 72 65 70 6f 72 74 73 20 6f 6e 20 74 68 65 20 64	.for.Membership.reports.on.the.d
a3380	6f 77 6e 73 74 72 65 61 6d 20 69 6e 74 65 72 66 61 63 65 73 2c 20 61 6e 64 20 69 66 20 61 20 72	ownstream.interfaces,.and.if.a.r
a33a0	65 70 6f 72 74 20 69 73 20 72 65 63 65 69 76 65 64 20 74 68 65 20 67 72 6f 75 70 20 69 73 20 6e	eport.is.received.the.group.is.n
a33c0	6f 74 20 6a 6f 69 6e 65 64 20 61 67 61 69 6e 20 74 68 65 20 75 70 73 74 72 65 61 6d 2e 00 44 69	ot.joined.again.the.upstream..Di
a33e0	73 61 62 6c 65 73 20 77 65 62 20 66 69 6c 74 65 72 69 6e 67 20 77 69 74 68 6f 75 74 20 64 69 73	sables.web.filtering.without.dis
a3400	63 61 72 64 69 6e 67 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2e 00 44 69 73 61 62 6c 65 73 20	carding.configuration..Disables.
a3420	77 65 62 20 70 72 6f 78 79 20 74 72 61 6e 73 70 61 72 65 6e 74 20 6d 6f 64 65 20 61 74 20 61 20	web.proxy.transparent.mode.at.a.
a3440	6c 69 73 74 65 6e 69 6e 67 20 61 64 64 72 65 73 73 2e 00 44 69 73 61 62 6c 69 6e 67 20 41 64 76	listening.address..Disabling.Adv
a3460	65 72 74 69 73 65 6d 65 6e 74 73 00 44 69 73 61 62 6c 69 6e 67 20 61 20 56 52 52 50 20 67 72 6f	ertisements.Disabling.a.VRRP.gro
a3480	75 70 00 44 69 73 61 62 6c 69 6e 67 20 74 68 65 20 65 6e 63 72 79 70 74 69 6f 6e 20 6f 6e 20 74	up.Disabling.the.encryption.on.t
a34a0	68 65 20 6c 69 6e 6b 20 62 79 20 72 65 6d 6f 76 69 6e 67 20 60 60 73 65 63 75 72 69 74 79 20 65	he.link.by.removing.``security.e
a34c0	6e 63 72 79 70 74 60 60 20 77 69 6c 6c 20 73 68 6f 77 20 74 68 65 20 75 6e 65 6e 63 72 79 70 74	ncrypt``.will.show.the.unencrypt
a34e0	65 64 20 62 75 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 64 20 63 6f 6e 74 65 6e 74 2e 00 44 69	ed.but.authenticated.content..Di
a3500	73 61 64 76 61 6e 74 61 67 65 73 20 61 72 65 3a 00 44 69 73 61 73 73 6f 63 69 61 74 65 20 73 74	sadvantages.are:.Disassociate.st
a3520	61 74 69 6f 6e 73 20 62 61 73 65 64 20 6f 6e 20 65 78 63 65 73 73 69 76 65 20 74 72 61 6e 73 6d	ations.based.on.excessive.transm
a3540	69 73 73 69 6f 6e 20 66 61 69 6c 75 72 65 73 20 6f 72 20 6f 74 68 65 72 20 69 6e 64 69 63 61 74	ission.failures.or.other.indicat
a3560	69 6f 6e 73 20 6f 66 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 6c 6f 73 73 2e 00 44 69 73 70 6c 61 79	ions.of.connection.loss..Display
a3580	20 49 50 76 34 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 20 66 6f 72 20 56 52 46 20 69 64 65 6e	.IPv4.routing.table.for.VRF.iden
a35a0	74 69 66 69 65 64 20 62 79 20 60 3c 6e 61 6d 65 3e 60 2e 00 44 69 73 70 6c 61 79 20 49 50 76 36	tified.by.`<name>`..Display.IPv6
a35c0	20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 20 66 6f 72 20 56 52 46 20 69 64 65 6e 74 69 66 69 65	.routing.table.for.VRF.identifie
a35e0	64 20 62 79 20 60 3c 6e 61 6d 65 3e 60 2e 00 44 69 73 70 6c 61 79 20 4c 6f 67 73 00 44 69 73 70	d.by.`<name>`..Display.Logs.Disp
a3600	6c 61 79 20 4f 54 50 20 6b 65 79 20 66 6f 72 20 75 73 65 72 00 44 69 73 70 6c 61 79 20 61 6c 6c	lay.OTP.key.for.user.Display.all
a3620	20 61 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 61 74 74 65 6d 70 74 73 20 6f 66 20 74 68 65 20 73	.authorization.attempts.of.the.s
a3640	70 65 63 69 66 69 65 64 20 69 6d 61 67 65 00 44 69 73 70 6c 61 79 20 61 6c 6c 20 6b 6e 6f 77 6e	pecified.image.Display.all.known
a3660	20 41 52 50 20 74 61 62 6c 65 20 65 6e 74 72 69 65 73 20 6f 6e 20 61 20 67 69 76 65 6e 20 69 6e	.ARP.table.entries.on.a.given.in
a3680	74 65 72 66 61 63 65 20 6f 6e 6c 79 20 28 60 65 74 68 31 60 29 3a 00 44 69 73 70 6c 61 79 20 61	terface.only.(`eth1`):.Display.a
a36a0	6c 6c 20 6b 6e 6f 77 6e 20 41 52 50 20 74 61 62 6c 65 20 65 6e 74 72 69 65 73 20 73 70 61 6e 6e	ll.known.ARP.table.entries.spann
a36c0	69 6e 67 20 61 63 72 6f 73 73 20 61 6c 6c 20 69 6e 74 65 72 66 61 63 65 73 00 44 69 73 70 6c 61	ing.across.all.interfaces.Displa
a36e0	79 20 63 6f 6e 74 65 6e 74 73 20 6f 66 20 61 20 73 70 65 63 69 66 69 65 64 20 75 73 65 72 2d 64	y.contents.of.a.specified.user-d
a3700	65 66 69 6e 65 64 20 6c 6f 67 20 66 69 6c 65 20 6f 66 20 74 68 65 20 73 70 65 63 69 66 69 65 64	efined.log.file.of.the.specified
a3720	20 69 6d 61 67 65 00 44 69 73 70 6c 61 79 20 63 6f 6e 74 65 6e 74 73 20 6f 66 20 61 6c 6c 20 6d	.image.Display.contents.of.all.m
a3740	61 73 74 65 72 20 6c 6f 67 20 66 69 6c 65 73 20 6f 66 20 74 68 65 20 73 70 65 63 69 66 69 65 64	aster.log.files.of.the.specified
a3760	20 69 6d 61 67 65 00 44 69 73 70 6c 61 79 20 6c 61 73 74 20 6c 69 6e 65 73 20 6f 66 20 74 68 65	.image.Display.last.lines.of.the
a3780	20 73 79 73 74 65 6d 20 6c 6f 67 20 6f 66 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 69 6d 61	.system.log.of.the.specified.ima
a37a0	67 65 00 44 69 73 70 6c 61 79 20 6c 69 73 74 20 6f 66 20 61 6c 6c 20 75 73 65 72 2d 64 65 66 69	ge.Display.list.of.all.user-defi
a37c0	6e 65 64 20 6c 6f 67 20 66 69 6c 65 73 20 6f 66 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 69	ned.log.files.of.the.specified.i
a37e0	6d 61 67 65 00 44 69 73 70 6c 61 79 20 6c 6f 67 20 66 69 6c 65 73 20 6f 66 20 67 69 76 65 6e 20	mage.Display.log.files.of.given.
a3800	63 61 74 65 67 6f 72 79 20 6f 6e 20 74 68 65 20 63 6f 6e 73 6f 6c 65 2e 20 55 73 65 20 74 61 62	category.on.the.console..Use.tab
a3820	20 63 6f 6d 70 6c 65 74 69 6f 6e 20 74 6f 20 67 65 74 20 61 20 6c 69 73 74 20 6f 66 20 61 76 61	.completion.to.get.a.list.of.ava
a3840	69 6c 61 62 6c 65 20 63 61 74 65 67 6f 72 69 65 73 2e 20 54 68 6f 73 20 63 61 74 65 67 6f 72 69	ilable.categories..Thos.categori
a3860	65 73 20 63 6f 75 6c 64 20 62 65 3a 20 61 6c 6c 2c 20 61 75 74 68 6f 72 69 7a 61 74 69 6f 6e 2c	es.could.be:.all,.authorization,
a3880	20 63 6c 75 73 74 65 72 2c 20 63 6f 6e 6e 74 72 61 63 6b 2d 73 79 6e 63 2c 20 64 68 63 70 2c 20	.cluster,.conntrack-sync,.dhcp,.
a38a0	64 69 72 65 63 74 6f 72 79 2c 20 64 6e 73 2c 20 66 69 6c 65 2c 20 66 69 72 65 77 61 6c 6c 2c 20	directory,.dns,.file,.firewall,.
a38c0	68 74 74 70 73 2c 20 69 6d 61 67 65 20 6c 6c 64 70 2c 20 6e 61 74 2c 20 6f 70 65 6e 76 70 6e 2c	https,.image.lldp,.nat,.openvpn,
a38e0	20 73 6e 6d 70 2c 20 74 61 69 6c 2c 20 76 70 6e 2c 20 76 72 72 70 00 44 69 73 70 6c 61 79 73 20	.snmp,.tail,.vpn,.vrrp.Displays.
a3900	69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 61 6c 6c 20 6e 65 69 67 68 62 6f 72 73 20	information.about.all.neighbors.
a3920	64 69 73 63 6f 76 65 72 65 64 20 76 69 61 20 4c 4c 44 50 2e 00 44 69 73 70 6c 61 79 73 20 71 75	discovered.via.LLDP..Displays.qu
a3940	65 75 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 66 6f 72 20 61 20 50 50 50 6f 45 20 69 6e 74 65	eue.information.for.a.PPPoE.inte
a3960	72 66 61 63 65 2e 00 44 69 73 70 6c 61 79 73 20 74 68 65 20 72 6f 75 74 65 20 70 61 63 6b 65 74	rface..Displays.the.route.packet
a3980	73 20 74 61 6b 65 6e 20 74 6f 20 61 20 6e 65 74 77 6f 72 6b 20 68 6f 73 74 20 75 74 69 6c 69 7a	s.taken.to.a.network.host.utiliz
a39a0	69 6e 67 20 56 52 46 20 69 6e 73 74 61 6e 63 65 20 69 64 65 6e 74 69 66 69 65 64 20 62 79 20 60	ing.VRF.instance.identified.by.`
a39c0	3c 6e 61 6d 65 3e 60 2e 20 57 68 65 6e 20 75 73 69 6e 67 20 74 68 65 20 49 50 76 34 20 6f 72 20	<name>`..When.using.the.IPv4.or.
a39e0	49 50 76 36 20 6f 70 74 69 6f 6e 2c 20 64 69 73 70 6c 61 79 73 20 74 68 65 20 72 6f 75 74 65 20	IPv6.option,.displays.the.route.
a3a00	70 61 63 6b 65 74 73 20 74 61 6b 65 6e 20 74 6f 20 74 68 65 20 67 69 76 65 6e 20 68 6f 73 74 73	packets.taken.to.the.given.hosts
a3a20	20 49 50 20 61 64 64 72 65 73 73 20 66 61 6d 69 6c 79 2e 20 54 68 69 73 20 6f 70 74 69 6f 6e 20	.IP.address.family..This.option.
a3a40	69 73 20 75 73 65 66 75 6c 20 77 68 65 6e 20 74 68 65 20 68 6f 73 74 20 69 73 20 73 70 65 63 69	is.useful.when.the.host.is.speci
a3a60	66 69 65 64 20 61 73 20 61 20 68 6f 73 74 6e 61 6d 65 20 72 61 74 68 65 72 20 74 68 61 6e 20 61	fied.as.a.hostname.rather.than.a
a3a80	6e 20 49 50 20 61 64 64 72 65 73 73 2e 00 44 6f 20 2a 6e 6f 74 2a 20 6d 61 6e 75 61 6c 6c 79 20	n.IP.address..Do.*not*.manually.
a3aa0	65 64 69 74 20 60 2f 65 74 63 2f 68 6f 73 74 73 60 2e 20 54 68 69 73 20 66 69 6c 65 20 77 69 6c	edit.`/etc/hosts`..This.file.wil
a3ac0	6c 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 62 65 20 72 65 67 65 6e 65 72 61 74 65 64 20 6f	l.automatically.be.regenerated.o
a3ae0	6e 20 62 6f 6f 74 20 62 61 73 65 64 20 6f 6e 20 74 68 65 20 73 65 74 74 69 6e 67 73 20 69 6e 20	n.boot.based.on.the.settings.in.
a3b00	74 68 69 73 20 73 65 63 74 69 6f 6e 2c 20 77 68 69 63 68 20 6d 65 61 6e 73 20 79 6f 75 27 6c 6c	this.section,.which.means.you'll
a3b20	20 6c 6f 73 65 20 61 6c 6c 20 79 6f 75 72 20 6d 61 6e 75 61 6c 20 65 64 69 74 73 2e 20 49 6e 73	.lose.all.your.manual.edits..Ins
a3b40	74 65 61 64 2c 20 63 6f 6e 66 69 67 75 72 65 20 73 74 61 74 69 63 20 68 6f 73 74 20 6d 61 70 70	tead,.configure.static.host.mapp
a3b60	69 6e 67 73 20 61 73 20 66 6f 6c 6c 6f 77 73 2e 00 44 6f 20 6e 6f 74 20 61 73 73 69 67 6e 20 61	ings.as.follows..Do.not.assign.a
a3b80	20 6c 69 6e 6b 2d 6c 6f 63 61 6c 20 49 50 76 36 20 61 64 64 72 65 73 73 20 74 6f 20 74 68 69 73	.link-local.IPv6.address.to.this
a3ba0	20 69 6e 74 65 72 66 61 63 65 2e 00 44 6f 20 6e 6f 74 20 63 6f 6e 66 69 67 75 72 65 20 49 46 42	.interface..Do.not.configure.IFB
a3bc0	20 61 73 20 74 68 65 20 66 69 72 73 74 20 73 74 65 70 2e 20 46 69 72 73 74 20 63 72 65 61 74 65	.as.the.first.step..First.create
a3be0	20 65 76 65 72 79 74 68 69 6e 67 20 65 6c 73 65 20 6f 66 20 79 6f 75 72 20 74 72 61 66 66 69 63	.everything.else.of.your.traffic
a3c00	2d 70 6f 6c 69 63 79 2c 20 61 6e 64 20 74 68 65 6e 20 79 6f 75 20 63 61 6e 20 63 6f 6e 66 69 67	-policy,.and.then.you.can.config
a3c20	75 72 65 20 49 46 42 2e 20 4f 74 68 65 72 77 69 73 65 20 79 6f 75 20 6d 69 67 68 74 20 67 65 74	ure.IFB..Otherwise.you.might.get
a3c40	20 74 68 65 20 60 60 52 54 4e 45 54 4c 49 4e 4b 20 61 6e 73 77 65 72 3a 20 46 69 6c 65 20 65 78	.the.``RTNETLINK.answer:.File.ex
a3c60	69 73 74 73 60 60 20 65 72 72 6f 72 2c 20 77 68 69 63 68 20 63 61 6e 20 62 65 20 73 6f 6c 76 65	ists``.error,.which.can.be.solve
a3c80	64 20 77 69 74 68 20 60 60 73 75 64 6f 20 69 70 20 6c 69 6e 6b 20 64 65 6c 65 74 65 20 69 66 62	d.with.``sudo.ip.link.delete.ifb
a3ca0	30 60 60 2e 00 44 6f 20 6e 6f 74 20 75 73 65 20 74 68 65 20 6c 6f 63 61 6c 20 60 60 2f 65 74 63	0``..Do.not.use.the.local.``/etc
a3cc0	2f 68 6f 73 74 73 60 60 20 66 69 6c 65 20 69 6e 20 6e 61 6d 65 20 72 65 73 6f 6c 75 74 69 6f 6e	/hosts``.file.in.name.resolution
a3ce0	2e 20 56 79 4f 53 20 44 48 43 50 20 73 65 72 76 65 72 20 77 69 6c 6c 20 75 73 65 20 74 68 69 73	..VyOS.DHCP.server.will.use.this
a3d00	20 66 69 6c 65 20 74 6f 20 61 64 64 20 72 65 73 6f 6c 76 65 72 73 20 74 6f 20 61 73 73 69 67 6e	.file.to.add.resolvers.to.assign
a3d20	65 64 20 61 64 64 72 65 73 73 65 73 2e 00 44 6f 65 73 20 6e 6f 74 20 6e 65 65 64 20 74 6f 20 62	ed.addresses..Does.not.need.to.b
a3d40	65 20 75 73 65 64 20 74 6f 67 65 74 68 65 72 20 77 69 74 68 20 70 72 6f 78 79 5f 61 72 70 2e 00	e.used.together.with.proxy_arp..
a3d60	44 6f 6d 61 69 6e 00 44 6f 6d 61 69 6e 20 47 72 6f 75 70 73 00 44 6f 6d 61 69 6e 20 4e 61 6d 65	Domain.Domain.Groups.Domain.Name
a3d80	00 44 6f 6d 61 69 6e 20 6e 61 6d 65 28 73 29 20 66 6f 72 20 77 68 69 63 68 20 74 6f 20 6f 62 74	.Domain.name(s).for.which.to.obt
a3da0	61 69 6e 20 63 65 72 74 69 66 69 63 61 74 65 00 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 20 63 61 6e	ain.certificate.Domain.names.can
a3dc0	20 69 6e 63 6c 75 64 65 20 6c 65 74 74 65 72 73 2c 20 6e 75 6d 62 65 72 73 2c 20 68 79 70 68 65	.include.letters,.numbers,.hyphe
a3de0	6e 73 20 61 6e 64 20 70 65 72 69 6f 64 73 20 77 69 74 68 20 61 20 6d 61 78 69 6d 75 6d 20 6c 65	ns.and.periods.with.a.maximum.le
a3e00	6e 67 74 68 20 6f 66 20 32 35 33 20 63 68 61 72 61 63 74 65 72 73 2e 00 44 6f 6d 61 69 6e 20 73	ngth.of.253.characters..Domain.s
a3e20	65 61 72 63 68 20 6f 72 64 65 72 00 44 6f 6e 27 74 20 62 65 20 61 66 72 61 69 64 20 74 68 61 74	earch.order.Don't.be.afraid.that
a3e40	20 79 6f 75 20 6e 65 65 64 20 74 6f 20 72 65 2d 64 6f 20 79 6f 75 72 20 63 6f 6e 66 69 67 75 72	.you.need.to.re-do.your.configur
a3e60	61 74 69 6f 6e 2e 20 4b 65 79 20 74 72 61 6e 73 66 6f 72 6d 61 74 69 6f 6e 20 69 73 20 68 61 6e	ation..Key.transformation.is.han
a3e80	64 6c 65 64 2c 20 61 73 20 61 6c 77 61 79 73 2c 20 62 79 20 6f 75 72 20 6d 69 67 72 61 74 69 6f	dled,.as.always,.by.our.migratio
a3ea0	6e 20 73 63 72 69 70 74 73 2c 20 73 6f 20 74 68 69 73 20 77 69 6c 6c 20 62 65 20 61 20 73 6d 6f	n.scripts,.so.this.will.be.a.smo
a3ec0	6f 74 68 20 74 72 61 6e 73 69 74 69 6f 6e 20 66 6f 72 20 79 6f 75 21 00 44 6f 6e 27 74 20 66 6f	oth.transition.for.you!.Don't.fo
a3ee0	72 67 65 74 2c 20 74 68 65 20 43 49 44 52 20 64 65 63 6c 61 72 65 64 20 69 6e 20 74 68 65 20 6e	rget,.the.CIDR.declared.in.the.n
a3f00	65 74 77 6f 72 6b 20 73 74 61 74 65 6d 65 6e 74 20 2a 2a 4d 55 53 54 20 65 78 69 73 74 20 69 6e	etwork.statement.**MUST.exist.in
a3f20	20 79 6f 75 72 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 20 28 64 79 6e 61 6d 69 63 20 6f 72 20	.your.routing.table.(dynamic.or.
a3f40	73 74 61 74 69 63 29 2c 20 74 68 65 20 62 65 73 74 20 77 61 79 20 74 6f 20 6d 61 6b 65 20 73 75	static),.the.best.way.to.make.su
a3f60	72 65 20 74 68 61 74 20 69 73 20 74 72 75 65 20 69 73 20 63 72 65 61 74 69 6e 67 20 61 20 73 74	re.that.is.true.is.creating.a.st
a3f80	61 74 69 63 20 72 6f 75 74 65 3a 2a 2a 00 44 6f 6e 27 74 20 66 6f 72 67 65 74 2c 20 74 68 65 20	atic.route:**.Don't.forget,.the.
a3fa0	43 49 44 52 20 64 65 63 6c 61 72 65 64 20 69 6e 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 73 74 61	CIDR.declared.in.the.network.sta
a3fc0	74 65 6d 65 6e 74 20 4d 55 53 54 20 2a 2a 65 78 69 73 74 20 69 6e 20 79 6f 75 72 20 72 6f 75 74	tement.MUST.**exist.in.your.rout
a3fe0	69 6e 67 20 74 61 62 6c 65 20 28 64 79 6e 61 6d 69 63 20 6f 72 20 73 74 61 74 69 63 29 2c 20 74	ing.table.(dynamic.or.static),.t
a4000	68 65 20 62 65 73 74 20 77 61 79 20 74 6f 20 6d 61 6b 65 20 73 75 72 65 20 74 68 61 74 20 69 73	he.best.way.to.make.sure.that.is
a4020	20 74 72 75 65 20 69 73 20 63 72 65 61 74 69 6e 67 20 61 20 73 74 61 74 69 63 20 72 6f 75 74 65	.true.is.creating.a.static.route
a4040	3a 2a 2a 00 44 6f 6e 27 74 20 67 65 74 20 63 6f 6e 66 75 73 65 64 20 61 62 6f 75 74 20 74 68 65	:**.Don't.get.confused.about.the
a4060	20 75 73 65 64 20 2f 33 31 20 74 75 6e 6e 65 6c 20 73 75 62 6e 65 74 2e 20 3a 72 66 63 3a 60 33	.used./31.tunnel.subnet..:rfc:`3
a4080	30 32 31 60 20 67 69 76 65 73 20 79 6f 75 20 61 64 64 69 74 69 6f 6e 61 6c 20 69 6e 66 6f 72 6d	021`.gives.you.additional.inform
a40a0	61 74 69 6f 6e 20 66 6f 72 20 75 73 69 6e 67 20 2f 33 31 20 73 75 62 6e 65 74 73 20 6f 6e 20 70	ation.for.using./31.subnets.on.p
a40c0	6f 69 6e 74 2d 74 6f 2d 70 6f 69 6e 74 20 6c 69 6e 6b 73 2e 00 44 6f 77 6e 6c 6f 61 64 20 62 61	oint-to-point.links..Download.ba
a40e0	6e 64 77 69 64 74 68 20 6c 69 6d 69 74 20 69 6e 20 6b 62 69 74 2f 73 20 66 6f 72 20 60 3c 75 73	ndwidth.limit.in.kbit/s.for.`<us
a4100	65 72 3e 60 2e 00 44 6f 77 6e 6c 6f 61 64 2f 55 70 64 61 74 65 20 63 6f 6d 70 6c 65 74 65 20 62	er>`..Download/Update.complete.b
a4120	6c 61 63 6b 6c 69 73 74 00 44 6f 77 6e 6c 6f 61 64 2f 55 70 64 61 74 65 20 70 61 72 74 69 61 6c	lacklist.Download/Update.partial
a4140	20 62 6c 61 63 6b 6c 69 73 74 2e 00 44 72 6f 70 20 41 53 2d 4e 55 4d 42 45 52 20 66 72 6f 6d 20	.blacklist..Drop.AS-NUMBER.from.
a4160	74 68 65 20 42 47 50 20 41 53 20 70 61 74 68 2e 00 44 72 6f 70 20 54 61 69 6c 00 44 72 6f 70 20	the.BGP.AS.path..Drop.Tail.Drop.
a4180	72 61 74 65 00 44 72 6f 70 70 65 64 20 70 61 63 6b 65 74 73 20 72 65 70 6f 72 74 65 64 20 6f 6e	rate.Dropped.packets.reported.on
a41a0	20 44 52 4f 50 4d 4f 4e 20 4e 65 74 6c 69 6e 6b 20 63 68 61 6e 6e 65 6c 20 62 79 20 4c 69 6e 75	.DROPMON.Netlink.channel.by.Linu
a41c0	78 20 6b 65 72 6e 65 6c 20 61 72 65 20 65 78 70 6f 72 74 65 64 20 76 69 61 20 74 68 65 20 73 74	x.kernel.are.exported.via.the.st
a41e0	61 6e 64 61 72 64 20 73 46 6c 6f 77 20 76 35 20 65 78 74 65 6e 73 69 6f 6e 20 66 6f 72 20 72 65	andard.sFlow.v5.extension.for.re
a4200	70 6f 72 74 69 6e 67 20 64 72 6f 70 70 65 64 20 70 61 63 6b 65 74 73 00 44 75 61 6c 2d 53 74 61	porting.dropped.packets.Dual-Sta
a4220	63 6b 20 49 50 76 34 2f 49 50 76 36 20 70 72 6f 76 69 73 69 6f 6e 69 6e 67 20 77 69 74 68 20 50	ck.IPv4/IPv6.provisioning.with.P
a4240	72 65 66 69 78 20 44 65 6c 65 67 61 74 69 6f 6e 00 44 75 6d 6d 79 00 44 75 6d 6d 79 20 69 6e 74	refix.Delegation.Dummy.Dummy.int
a4260	65 72 66 61 63 65 00 44 75 6d 6d 79 20 69 6e 74 65 72 66 61 63 65 73 20 63 61 6e 20 62 65 20 75	erface.Dummy.interfaces.can.be.u
a4280	73 65 64 20 61 73 20 69 6e 74 65 72 66 61 63 65 73 20 74 68 61 74 20 61 6c 77 61 79 73 20 73 74	sed.as.interfaces.that.always.st
a42a0	61 79 20 75 70 20 28 69 6e 20 74 68 65 20 73 61 6d 65 20 66 61 73 68 69 6f 6e 20 74 6f 20 6c 6f	ay.up.(in.the.same.fashion.to.lo
a42c0	6f 70 62 61 63 6b 73 20 69 6e 20 43 69 73 63 6f 20 49 4f 53 29 2c 20 6f 72 20 66 6f 72 20 74 65	opbacks.in.Cisco.IOS),.or.for.te
a42e0	73 74 69 6e 67 20 70 75 72 70 6f 73 65 73 2e 00 44 75 70 6c 69 63 61 74 65 20 70 61 63 6b 65 74	sting.purposes..Duplicate.packet
a4300	73 20 61 72 65 20 6e 6f 74 20 69 6e 63 6c 75 64 65 64 20 69 6e 20 74 68 65 20 70 61 63 6b 65 74	s.are.not.included.in.the.packet
a4320	20 6c 6f 73 73 20 63 61 6c 63 75 6c 61 74 69 6f 6e 2c 20 61 6c 74 68 6f 75 67 68 20 74 68 65 20	.loss.calculation,.although.the.
a4340	72 6f 75 6e 64 2d 74 72 69 70 20 74 69 6d 65 20 6f 66 20 74 68 65 73 65 20 70 61 63 6b 65 74 73	round-trip.time.of.these.packets
a4360	20 69 73 20 75 73 65 64 20 69 6e 20 63 61 6c 63 75 6c 61 74 69 6e 67 20 74 68 65 20 6d 69 6e 69	.is.used.in.calculating.the.mini
a4380	6d 75 6d 2f 20 61 76 65 72 61 67 65 2f 6d 61 78 69 6d 75 6d 20 72 6f 75 6e 64 2d 74 72 69 70 20	mum/.average/maximum.round-trip.
a43a0	74 69 6d 65 20 6e 75 6d 62 65 72 73 2e 00 44 79 6e 61 6d 69 63 20 44 4e 53 00 44 79 6e 61 6d 69	time.numbers..Dynamic.DNS.Dynami
a43c0	63 2d 70 72 6f 74 65 63 74 69 6f 6e 00 45 41 50 6f 4c 20 63 6f 6d 65 73 20 77 69 74 68 20 61 6e	c-protection.EAPoL.comes.with.an
a43e0	20 69 64 65 6e 74 69 66 79 20 6f 70 74 69 6f 6e 2e 20 57 65 20 61 75 74 6f 6d 61 74 69 63 61 6c	.identify.option..We.automatical
a4400	6c 79 20 75 73 65 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 4d 41 43 20 61 64 64 72 65 73 73	ly.use.the.interface.MAC.address
a4420	20 61 73 20 69 64 65 6e 74 69 74 79 20 70 61 72 61 6d 65 74 65 72 2e 00 45 53 50 20 28 45 6e 63	.as.identity.parameter..ESP.(Enc
a4440	61 70 73 75 6c 61 74 69 6e 67 20 53 65 63 75 72 69 74 79 20 50 61 79 6c 6f 61 64 29 20 41 74 74	apsulating.Security.Payload).Att
a4460	72 69 62 75 74 65 73 00 45 53 50 20 50 68 61 73 65 3a 00 45 53 50 20 69 73 20 75 73 65 64 20 74	ributes.ESP.Phase:.ESP.is.used.t
a4480	6f 20 70 72 6f 76 69 64 65 20 63 6f 6e 66 69 64 65 6e 74 69 61 6c 69 74 79 2c 20 64 61 74 61 20	o.provide.confidentiality,.data.
a44a0	6f 72 69 67 69 6e 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 2c 20 63 6f 6e 6e 65 63 74 69 6f	origin.authentication,.connectio
a44c0	6e 6c 65 73 73 20 69 6e 74 65 67 72 69 74 79 2c 20 61 6e 20 61 6e 74 69 2d 72 65 70 6c 61 79 20	nless.integrity,.an.anti-replay.
a44e0	73 65 72 76 69 63 65 20 28 61 20 66 6f 72 6d 20 6f 66 20 70 61 72 74 69 61 6c 20 73 65 71 75 65	service.(a.form.of.partial.seque
a4500	6e 63 65 20 69 6e 74 65 67 72 69 74 79 29 2c 20 61 6e 64 20 6c 69 6d 69 74 65 64 20 74 72 61 66	nce.integrity),.and.limited.traf
a4520	66 69 63 20 66 6c 6f 77 20 63 6f 6e 66 69 64 65 6e 74 69 61 6c 69 74 79 2e 20 68 74 74 70 73 3a	fic.flow.confidentiality..https:
a4540	2f 2f 64 61 74 61 74 72 61 63 6b 65 72 2e 69 65 74 66 2e 6f 72 67 2f 64 6f 63 2f 68 74 6d 6c 2f	//datatracker.ietf.org/doc/html/
a4560	72 66 63 34 33 30 33 00 45 61 63 68 20 3a 61 62 62 72 3a 60 41 53 20 28 41 75 74 6f 6e 6f 6d 6f	rfc4303.Each.:abbr:`AS.(Autonomo
a4580	75 73 20 53 79 73 74 65 6d 29 60 20 68 61 73 20 61 6e 20 69 64 65 6e 74 69 66 79 69 6e 67 20 6e	us.System)`.has.an.identifying.n
a45a0	75 6d 62 65 72 20 61 73 73 6f 63 69 61 74 65 64 20 77 69 74 68 20 69 74 20 63 61 6c 6c 65 64 20	umber.associated.with.it.called.
a45c0	61 6e 20 3a 61 62 62 72 3a 60 41 53 4e 20 28 41 75 74 6f 6e 6f 6d 6f 75 73 20 53 79 73 74 65 6d	an.:abbr:`ASN.(Autonomous.System
a45e0	20 4e 75 6d 62 65 72 29 60 2e 20 54 68 69 73 20 69 73 20 61 20 74 77 6f 20 6f 63 74 65 74 20 76	.Number)`..This.is.a.two.octet.v
a4600	61 6c 75 65 20 72 61 6e 67 69 6e 67 20 69 6e 20 76 61 6c 75 65 20 66 72 6f 6d 20 31 20 74 6f 20	alue.ranging.in.value.from.1.to.
a4620	36 35 35 33 35 2e 20 54 68 65 20 41 53 20 6e 75 6d 62 65 72 73 20 36 34 35 31 32 20 74 68 72 6f	65535..The.AS.numbers.64512.thro
a4640	75 67 68 20 36 35 35 33 35 20 61 72 65 20 64 65 66 69 6e 65 64 20 61 73 20 70 72 69 76 61 74 65	ugh.65535.are.defined.as.private
a4660	20 41 53 20 6e 75 6d 62 65 72 73 2e 20 50 72 69 76 61 74 65 20 41 53 20 6e 75 6d 62 65 72 73 20	.AS.numbers..Private.AS.numbers.
a4680	6d 75 73 74 20 6e 6f 74 20 62 65 20 61 64 76 65 72 74 69 73 65 64 20 6f 6e 20 74 68 65 20 67 6c	must.not.be.advertised.on.the.gl
a46a0	6f 62 61 6c 20 49 6e 74 65 72 6e 65 74 2e 20 54 68 65 20 32 2d 62 79 74 65 20 41 53 20 6e 75 6d	obal.Internet..The.2-byte.AS.num
a46c0	62 65 72 20 72 61 6e 67 65 20 68 61 73 20 62 65 65 6e 20 65 78 68 61 75 73 74 65 64 2e 20 34 2d	ber.range.has.been.exhausted..4-
a46e0	62 79 74 65 20 41 53 20 6e 75 6d 62 65 72 73 20 61 72 65 20 73 70 65 63 69 66 69 65 64 20 69 6e	byte.AS.numbers.are.specified.in
a4700	20 3a 72 66 63 3a 60 36 37 39 33 60 2c 20 61 6e 64 20 70 72 6f 76 69 64 65 20 61 20 70 6f 6f 6c	.:rfc:`6793`,.and.provide.a.pool
a4720	20 6f 66 20 34 32 39 34 39 36 37 32 39 36 20 41 53 20 6e 75 6d 62 65 72 73 2e 00 45 61 63 68 20	.of.4294967296.AS.numbers..Each.
a4740	4e 65 74 66 69 6c 74 65 72 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 69 73 20 75 6e 69 71 75 65 6c 79	Netfilter.connection.is.uniquely
a4760	20 69 64 65 6e 74 69 66 69 65 64 20 62 79 20 61 20 28 6c 61 79 65 72 2d 33 20 70 72 6f 74 6f 63	.identified.by.a.(layer-3.protoc
a4780	6f 6c 2c 20 73 6f 75 72 63 65 20 61 64 64 72 65 73 73 2c 20 64 65 73 74 69 6e 61 74 69 6f 6e 20	ol,.source.address,.destination.
a47a0	61 64 64 72 65 73 73 2c 20 6c 61 79 65 72 2d 34 20 70 72 6f 74 6f 63 6f 6c 2c 20 6c 61 79 65 72	address,.layer-4.protocol,.layer
a47c0	2d 34 20 6b 65 79 29 20 74 75 70 6c 65 2e 20 54 68 65 20 6c 61 79 65 72 2d 34 20 6b 65 79 20 64	-4.key).tuple..The.layer-4.key.d
a47e0	65 70 65 6e 64 73 20 6f 6e 20 74 68 65 20 74 72 61 6e 73 70 6f 72 74 20 70 72 6f 74 6f 63 6f 6c	epends.on.the.transport.protocol
a4800	3b 20 66 6f 72 20 54 43 50 2f 55 44 50 20 69 74 20 69 73 20 74 68 65 20 70 6f 72 74 20 6e 75 6d	;.for.TCP/UDP.it.is.the.port.num
a4820	62 65 72 73 2c 20 66 6f 72 20 74 75 6e 6e 65 6c 73 20 69 74 20 63 61 6e 20 62 65 20 74 68 65 69	bers,.for.tunnels.it.can.be.thei
a4840	72 20 74 75 6e 6e 65 6c 20 49 44 2c 20 62 75 74 20 6f 74 68 65 72 77 69 73 65 20 69 73 20 6a 75	r.tunnel.ID,.but.otherwise.is.ju
a4860	73 74 20 7a 65 72 6f 2c 20 61 73 20 69 66 20 69 74 20 77 65 72 65 20 6e 6f 74 20 70 61 72 74 20	st.zero,.as.if.it.were.not.part.
a4880	6f 66 20 74 68 65 20 74 75 70 6c 65 2e 20 54 6f 20 62 65 20 61 62 6c 65 20 74 6f 20 69 6e 73 70	of.the.tuple..To.be.able.to.insp
a48a0	65 63 74 20 74 68 65 20 54 43 50 20 70 6f 72 74 20 69 6e 20 61 6c 6c 20 63 61 73 65 73 2c 20 70	ect.the.TCP.port.in.all.cases,.p
a48c0	61 63 6b 65 74 73 20 77 69 6c 6c 20 62 65 20 6d 61 6e 64 61 74 6f 72 69 6c 79 20 64 65 66 72 61	ackets.will.be.mandatorily.defra
a48e0	67 6d 65 6e 74 65 64 2e 00 45 61 63 68 20 56 58 4c 41 4e 20 73 65 67 6d 65 6e 74 20 69 73 20 69	gmented..Each.VXLAN.segment.is.i
a4900	64 65 6e 74 69 66 69 65 64 20 74 68 72 6f 75 67 68 20 61 20 32 34 2d 62 69 74 20 73 65 67 6d 65	dentified.through.a.24-bit.segme
a4920	6e 74 20 49 44 2c 20 74 65 72 6d 65 64 20 74 68 65 20 3a 61 62 62 72 3a 60 56 4e 49 20 28 56 58	nt.ID,.termed.the.:abbr:`VNI.(VX
a4940	4c 41 4e 20 4e 65 74 77 6f 72 6b 20 49 64 65 6e 74 69 66 69 65 72 20 28 6f 72 20 56 58 4c 41 4e	LAN.Network.Identifier.(or.VXLAN
a4960	20 53 65 67 6d 65 6e 74 20 49 44 29 29 60 2c 20 54 68 69 73 20 61 6c 6c 6f 77 73 20 75 70 20 74	.Segment.ID))`,.This.allows.up.t
a4980	6f 20 31 36 4d 20 56 58 4c 41 4e 20 73 65 67 6d 65 6e 74 73 20 74 6f 20 63 6f 65 78 69 73 74 20	o.16M.VXLAN.segments.to.coexist.
a49a0	77 69 74 68 69 6e 20 74 68 65 20 73 61 6d 65 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 64	within.the.same.administrative.d
a49c0	6f 6d 61 69 6e 2e 00 45 61 63 68 20 62 72 69 64 67 65 20 68 61 73 20 61 20 72 65 6c 61 74 69 76	omain..Each.bridge.has.a.relativ
a49e0	65 20 70 72 69 6f 72 69 74 79 20 61 6e 64 20 63 6f 73 74 2e 20 45 61 63 68 20 69 6e 74 65 72 66	e.priority.and.cost..Each.interf
a4a00	61 63 65 20 69 73 20 61 73 73 6f 63 69 61 74 65 64 20 77 69 74 68 20 61 20 70 6f 72 74 20 28 6e	ace.is.associated.with.a.port.(n
a4a20	75 6d 62 65 72 29 20 69 6e 20 74 68 65 20 53 54 50 20 63 6f 64 65 2e 20 45 61 63 68 20 68 61 73	umber).in.the.STP.code..Each.has
a4a40	20 61 20 70 72 69 6f 72 69 74 79 20 61 6e 64 20 61 20 63 6f 73 74 2c 20 74 68 61 74 20 69 73 20	.a.priority.and.a.cost,.that.is.
a4a60	75 73 65 64 20 74 6f 20 64 65 63 69 64 65 20 77 68 69 63 68 20 69 73 20 74 68 65 20 73 68 6f 72	used.to.decide.which.is.the.shor
a4a80	74 65 73 74 20 70 61 74 68 20 74 6f 20 66 6f 72 77 61 72 64 20 61 20 70 61 63 6b 65 74 2e 20 54	test.path.to.forward.a.packet..T
a4aa0	68 65 20 6c 6f 77 65 73 74 20 63 6f 73 74 20 70 61 74 68 20 69 73 20 61 6c 77 61 79 73 20 75 73	he.lowest.cost.path.is.always.us
a4ac0	65 64 20 75 6e 6c 65 73 73 20 74 68 65 20 6f 74 68 65 72 20 70 61 74 68 20 69 73 20 64 6f 77 6e	ed.unless.the.other.path.is.down
a4ae0	2e 20 49 66 20 79 6f 75 20 68 61 76 65 20 6d 75 6c 74 69 70 6c 65 20 62 72 69 64 67 65 73 20 61	..If.you.have.multiple.bridges.a
a4b00	6e 64 20 69 6e 74 65 72 66 61 63 65 73 20 74 68 65 6e 20 79 6f 75 20 6d 61 79 20 6e 65 65 64 20	nd.interfaces.then.you.may.need.
a4b20	74 6f 20 61 64 6a 75 73 74 20 74 68 65 20 70 72 69 6f 72 69 74 69 65 73 20 74 6f 20 61 63 68 69	to.adjust.the.priorities.to.achi
a4b40	65 76 65 20 6f 70 74 69 6d 75 6d 20 70 65 72 66 6f 72 6d 61 6e 63 65 2e 00 45 61 63 68 20 62 72	eve.optimum.performance..Each.br
a4b60	6f 61 64 63 61 73 74 20 72 65 6c 61 79 20 69 6e 73 74 61 6e 63 65 20 63 61 6e 20 62 65 20 69 6e	oadcast.relay.instance.can.be.in
a4b80	64 69 76 69 64 75 61 6c 6c 79 20 64 69 73 61 62 6c 65 64 20 77 69 74 68 6f 75 74 20 64 65 6c 65	dividually.disabled.without.dele
a4ba0	74 69 6e 67 20 74 68 65 20 63 6f 6e 66 69 67 75 72 65 64 20 6e 6f 64 65 20 62 79 20 75 73 69 6e	ting.the.configured.node.by.usin
a4bc0	67 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 63 6f 6d 6d 61 6e 64 3a 00 45 61 63 68 20 63 6c	g.the.following.command:.Each.cl
a4be0	61 73 73 20 63 61 6e 20 68 61 76 65 20 61 20 67 75 61 72 61 6e 74 65 65 64 20 70 61 72 74 20 6f	ass.can.have.a.guaranteed.part.o
a4c00	66 20 74 68 65 20 74 6f 74 61 6c 20 62 61 6e 64 77 69 64 74 68 20 64 65 66 69 6e 65 64 20 66 6f	f.the.total.bandwidth.defined.fo
a4c20	72 20 74 68 65 20 77 68 6f 6c 65 20 70 6f 6c 69 63 79 2c 20 73 6f 20 61 6c 6c 20 74 68 6f 73 65	r.the.whole.policy,.so.all.those
a4c40	20 73 68 61 72 65 73 20 74 6f 67 65 74 68 65 72 20 73 68 6f 75 6c 64 20 6e 6f 74 20 62 65 20 68	.shares.together.should.not.be.h
a4c60	69 67 68 65 72 20 74 68 61 6e 20 74 68 65 20 70 6f 6c 69 63 79 27 73 20 77 68 6f 6c 65 20 62 61	igher.than.the.policy's.whole.ba
a4c80	6e 64 77 69 64 74 68 2e 00 45 61 63 68 20 63 6c 61 73 73 20 69 73 20 61 73 73 69 67 6e 65 64 20	ndwidth..Each.class.is.assigned.
a4ca0	61 20 64 65 66 69 63 69 74 20 63 6f 75 6e 74 65 72 20 28 74 68 65 20 6e 75 6d 62 65 72 20 6f 66	a.deficit.counter.(the.number.of
a4cc0	20 62 79 74 65 73 20 74 68 61 74 20 61 20 66 6c 6f 77 20 69 73 20 61 6c 6c 6f 77 65 64 20 74 6f	.bytes.that.a.flow.is.allowed.to
a4ce0	20 74 72 61 6e 73 6d 69 74 20 77 68 65 6e 20 69 74 20 69 73 20 69 74 73 20 74 75 72 6e 29 20 69	.transmit.when.it.is.its.turn).i
a4d00	6e 69 74 69 61 6c 69 7a 65 64 20 74 6f 20 71 75 61 6e 74 75 6d 2e 20 51 75 61 6e 74 75 6d 20 69	nitialized.to.quantum..Quantum.i
a4d20	73 20 61 20 70 61 72 61 6d 65 74 65 72 20 79 6f 75 20 63 6f 6e 66 69 67 75 72 65 20 77 68 69 63	s.a.parameter.you.configure.whic
a4d40	68 20 61 63 74 73 20 6c 69 6b 65 20 61 20 63 72 65 64 69 74 20 6f 66 20 66 69 78 20 62 79 74 65	h.acts.like.a.credit.of.fix.byte
a4d60	73 20 74 68 65 20 63 6f 75 6e 74 65 72 20 72 65 63 65 69 76 65 73 20 6f 6e 20 65 61 63 68 20 72	s.the.counter.receives.on.each.r
a4d80	6f 75 6e 64 2e 20 54 68 65 6e 20 74 68 65 20 52 6f 75 6e 64 2d 52 6f 62 69 6e 20 70 6f 6c 69 63	ound..Then.the.Round-Robin.polic
a4da0	79 20 73 74 61 72 74 73 20 6d 6f 76 69 6e 67 20 69 74 73 20 52 6f 75 6e 64 20 52 6f 62 69 6e 20	y.starts.moving.its.Round.Robin.
a4dc0	70 6f 69 6e 74 65 72 20 74 68 72 6f 75 67 68 20 74 68 65 20 71 75 65 75 65 73 2e 20 49 66 20 74	pointer.through.the.queues..If.t
a4de0	68 65 20 64 65 66 69 63 69 74 20 63 6f 75 6e 74 65 72 20 69 73 20 67 72 65 61 74 65 72 20 74 68	he.deficit.counter.is.greater.th
a4e00	61 6e 20 74 68 65 20 70 61 63 6b 65 74 27 73 20 73 69 7a 65 20 61 74 20 74 68 65 20 68 65 61 64	an.the.packet's.size.at.the.head
a4e20	20 6f 66 20 74 68 65 20 71 75 65 75 65 2c 20 74 68 69 73 20 70 61 63 6b 65 74 20 77 69 6c 6c 20	.of.the.queue,.this.packet.will.
a4e40	62 65 20 73 65 6e 74 20 61 6e 64 20 74 68 65 20 76 61 6c 75 65 20 6f 66 20 74 68 65 20 63 6f 75	be.sent.and.the.value.of.the.cou
a4e60	6e 74 65 72 20 77 69 6c 6c 20 62 65 20 64 65 63 72 65 6d 65 6e 74 65 64 20 62 79 20 74 68 65 20	nter.will.be.decremented.by.the.
a4e80	70 61 63 6b 65 74 20 73 69 7a 65 2e 20 54 68 65 6e 2c 20 74 68 65 20 73 69 7a 65 20 6f 66 20 74	packet.size..Then,.the.size.of.t
a4ea0	68 65 20 6e 65 78 74 20 70 61 63 6b 65 74 20 77 69 6c 6c 20 62 65 20 63 6f 6d 70 61 72 65 64 20	he.next.packet.will.be.compared.
a4ec0	74 6f 20 74 68 65 20 63 6f 75 6e 74 65 72 20 76 61 6c 75 65 20 61 67 61 69 6e 2c 20 72 65 70 65	to.the.counter.value.again,.repe
a4ee0	61 74 69 6e 67 20 74 68 65 20 70 72 6f 63 65 73 73 2e 20 4f 6e 63 65 20 74 68 65 20 71 75 65 75	ating.the.process..Once.the.queu
a4f00	65 20 69 73 20 65 6d 70 74 79 20 6f 72 20 74 68 65 20 76 61 6c 75 65 20 6f 66 20 74 68 65 20 63	e.is.empty.or.the.value.of.the.c
a4f20	6f 75 6e 74 65 72 20 69 73 20 69 6e 73 75 66 66 69 63 69 65 6e 74 2c 20 74 68 65 20 52 6f 75 6e	ounter.is.insufficient,.the.Roun
a4f40	64 2d 52 6f 62 69 6e 20 70 6f 69 6e 74 65 72 20 77 69 6c 6c 20 6d 6f 76 65 20 74 6f 20 74 68 65	d-Robin.pointer.will.move.to.the
a4f60	20 6e 65 78 74 20 71 75 65 75 65 2e 20 49 66 20 74 68 65 20 71 75 65 75 65 20 69 73 20 65 6d 70	.next.queue..If.the.queue.is.emp
a4f80	74 79 2c 20 74 68 65 20 76 61 6c 75 65 20 6f 66 20 74 68 65 20 64 65 66 69 63 69 74 20 63 6f 75	ty,.the.value.of.the.deficit.cou
a4fa0	6e 74 65 72 20 69 73 20 72 65 73 65 74 20 74 6f 20 30 2e 00 45 61 63 68 20 64 79 6e 61 6d 69 63	nter.is.reset.to.0..Each.dynamic
a4fc0	20 4e 48 53 20 77 69 6c 6c 20 67 65 74 20 61 20 70 65 65 72 20 65 6e 74 72 79 20 77 69 74 68 20	.NHS.will.get.a.peer.entry.with.
a4fe0	74 68 65 20 63 6f 6e 66 69 67 75 72 65 64 20 6e 65 74 77 6f 72 6b 20 61 64 64 72 65 73 73 20 61	the.configured.network.address.a
a5000	6e 64 20 74 68 65 20 64 69 73 63 6f 76 65 72 65 64 20 4e 42 4d 41 20 61 64 64 72 65 73 73 2e 00	nd.the.discovered.NBMA.address..
a5020	45 61 63 68 20 68 65 61 6c 74 68 20 63 68 65 63 6b 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20	Each.health.check.is.configured.
a5040	69 6e 20 69 74 73 20 6f 77 6e 20 74 65 73 74 2c 20 74 65 73 74 73 20 61 72 65 20 6e 75 6d 62 65	in.its.own.test,.tests.are.numbe
a5060	72 65 64 20 61 6e 64 20 70 72 6f 63 65 73 73 65 64 20 69 6e 20 6e 75 6d 65 72 69 63 20 6f 72 64	red.and.processed.in.numeric.ord
a5080	65 72 2e 20 46 6f 72 20 6d 75 6c 74 69 20 74 61 72 67 65 74 20 68 65 61 6c 74 68 20 63 68 65 63	er..For.multi.target.health.chec
a50a0	6b 69 6e 67 20 6d 75 6c 74 69 70 6c 65 20 74 65 73 74 73 20 63 61 6e 20 62 65 20 64 65 66 69 6e	king.multiple.tests.can.be.defin
a50c0	65 64 3a 00 45 61 63 68 20 69 6e 64 69 76 69 64 75 61 6c 20 63 6f 6e 66 69 67 75 72 65 64 20 63	ed:.Each.individual.configured.c
a50e0	6f 6e 73 6f 6c 65 2d 73 65 72 76 65 72 20 64 65 76 69 63 65 20 63 61 6e 20 62 65 20 64 69 72 65	onsole-server.device.can.be.dire
a5100	63 74 6c 79 20 65 78 70 6f 73 65 64 20 74 6f 20 74 68 65 20 6f 75 74 73 69 64 65 20 77 6f 72 6c	ctly.exposed.to.the.outside.worl
a5120	64 2e 20 41 20 75 73 65 72 20 63 61 6e 20 64 69 72 65 63 74 6c 79 20 63 6f 6e 6e 65 63 74 20 76	d..A.user.can.directly.connect.v
a5140	69 61 20 53 53 48 20 74 6f 20 74 68 65 20 63 6f 6e 66 69 67 75 72 65 64 20 70 6f 72 74 2e 00 45	ia.SSH.to.the.configured.port..E
a5160	61 63 68 20 6e 6f 64 65 20 28 48 75 62 20 61 6e 64 20 53 70 6f 6b 65 29 20 75 73 65 73 20 61 6e	ach.node.(Hub.and.Spoke).uses.an
a5180	20 49 50 20 61 64 64 72 65 73 73 20 66 72 6f 6d 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 31 37 32	.IP.address.from.the.network.172
a51a0	2e 31 36 2e 32 35 33 2e 31 32 38 2f 32 39 2e 00 45 61 63 68 20 6f 66 20 74 68 65 20 69 6e 73 74	.16.253.128/29..Each.of.the.inst
a51c0	61 6c 6c 20 63 6f 6d 6d 61 6e 64 20 73 68 6f 75 6c 64 20 62 65 20 61 70 70 6c 69 65 64 20 74 6f	all.command.should.be.applied.to
a51e0	20 74 68 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6d 6d 69 74 65 64 20	.the.configuration.and.commited.
a5200	62 65 66 6f 72 65 20 75 73 69 6e 67 20 75 6e 64 65 72 20 74 68 65 20 6f 70 65 6e 63 6f 6e 6e 65	before.using.under.the.openconne
a5220	63 74 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3a 00 45 61 63 68 20 73 69 74 65 2d 74 6f 2d 73	ct.configuration:.Each.site-to-s
a5240	69 74 65 20 70 65 65 72 20 68 61 73 20 74 68 65 20 6e 65 78 74 20 6f 70 74 69 6f 6e 73 3a 00 45	ite.peer.has.the.next.options:.E
a5260	65 6e 61 62 6c 65 73 20 74 68 65 20 47 65 6e 65 72 69 63 20 50 72 6f 74 6f 63 6f 6c 20 65 78 74	enables.the.Generic.Protocol.ext
a5280	65 6e 73 69 6f 6e 20 28 56 58 4c 41 4e 2d 47 50 45 29 2e 20 43 75 72 72 65 6e 74 6c 79 2c 20 74	ension.(VXLAN-GPE)..Currently,.t
a52a0	68 69 73 20 69 73 20 6f 6e 6c 79 20 73 75 70 70 6f 72 74 65 64 20 74 6f 67 65 74 68 65 72 20 77	his.is.only.supported.together.w
a52c0	69 74 68 20 74 68 65 20 65 78 74 65 72 6e 61 6c 20 6b 65 79 77 6f 72 64 2e 00 45 6d 61 69 6c 20	ith.the.external.keyword..Email.
a52e0	61 64 64 72 65 73 73 20 74 6f 20 61 73 73 6f 63 69 61 74 65 20 77 69 74 68 20 63 65 72 74 69 66	address.to.associate.with.certif
a5300	69 63 61 74 65 00 45 6d 62 65 64 64 69 6e 67 20 6f 6e 65 20 70 6f 6c 69 63 79 20 69 6e 74 6f 20	icate.Embedding.one.policy.into.
a5320	61 6e 6f 74 68 65 72 20 6f 6e 65 00 45 6d 65 72 67 65 6e 63 79 00 45 6e 61 62 6c 65 20 42 46 44	another.one.Emergency.Enable.BFD
a5340	20 66 6f 72 20 49 53 49 53 20 6f 6e 20 61 6e 20 69 6e 74 65 72 66 61 63 65 00 45 6e 61 62 6c 65	.for.ISIS.on.an.interface.Enable
a5360	20 42 46 44 20 66 6f 72 20 4f 53 50 46 20 6f 6e 20 61 6e 20 69 6e 74 65 72 66 61 63 65 00 45 6e	.BFD.for.OSPF.on.an.interface.En
a5380	61 62 6c 65 20 42 46 44 20 66 6f 72 20 4f 53 50 46 76 33 20 6f 6e 20 61 6e 20 69 6e 74 65 72 66	able.BFD.for.OSPFv3.on.an.interf
a53a0	61 63 65 00 45 6e 61 62 6c 65 20 42 46 44 20 69 6e 20 42 47 50 00 45 6e 61 62 6c 65 20 42 46 44	ace.Enable.BFD.in.BGP.Enable.BFD
a53c0	20 69 6e 20 49 53 49 53 00 45 6e 61 62 6c 65 20 42 46 44 20 69 6e 20 4f 53 50 46 00 45 6e 61 62	.in.ISIS.Enable.BFD.in.OSPF.Enab
a53e0	6c 65 20 42 46 44 20 6f 6e 20 61 20 42 47 50 20 70 65 65 72 20 67 72 6f 75 70 00 45 6e 61 62 6c	le.BFD.on.a.BGP.peer.group.Enabl
a5400	65 20 42 46 44 20 6f 6e 20 61 20 73 69 6e 67 6c 65 20 42 47 50 20 6e 65 69 67 68 62 6f 72 00 45	e.BFD.on.a.single.BGP.neighbor.E
a5420	6e 61 62 6c 65 20 44 48 43 50 20 66 61 69 6c 6f 76 65 72 20 63 6f 6e 66 69 67 75 72 61 74 69 6f	nable.DHCP.failover.configuratio
a5440	6e 20 66 6f 72 20 74 68 69 73 20 61 64 64 72 65 73 73 20 70 6f 6f 6c 2e 00 45 6e 61 62 6c 65 20	n.for.this.address.pool..Enable.
a5460	48 54 2d 64 65 6c 61 79 65 64 20 42 6c 6f 63 6b 20 41 63 6b 20 60 60 5b 44 45 4c 41 59 45 44 2d	HT-delayed.Block.Ack.``[DELAYED-
a5480	42 41 5d 60 60 00 45 6e 61 62 6c 65 20 49 47 4d 50 20 61 6e 64 20 4d 4c 44 20 71 75 65 72 69 65	BA]``.Enable.IGMP.and.MLD.querie
a54a0	72 2e 00 45 6e 61 62 6c 65 20 49 47 4d 50 20 61 6e 64 20 4d 4c 44 20 73 6e 6f 6f 70 69 6e 67 2e	r..Enable.IGMP.and.MLD.snooping.
a54c0	00 45 6e 61 62 6c 65 20 49 50 20 66 6f 72 77 61 72 64 69 6e 67 20 6f 6e 20 63 6c 69 65 6e 74 00	.Enable.IP.forwarding.on.client.
a54e0	45 6e 61 62 6c 65 20 49 53 2d 49 53 00 45 6e 61 62 6c 65 20 49 53 2d 49 53 20 61 6e 64 20 49 47	Enable.IS-IS.Enable.IS-IS.and.IG
a5500	50 2d 4c 44 50 20 73 79 6e 63 68 72 6f 6e 69 7a 61 74 69 6f 6e 00 45 6e 61 62 6c 65 20 49 53 2d	P-LDP.synchronization.Enable.IS-
a5520	49 53 20 61 6e 64 20 72 65 64 69 73 74 72 69 62 75 74 65 20 72 6f 75 74 65 73 20 6e 6f 74 20 6e	IS.and.redistribute.routes.not.n
a5540	61 74 69 76 65 6c 79 20 69 6e 20 49 53 2d 49 53 00 45 6e 61 62 6c 65 20 49 53 2d 49 53 20 77 69	atively.in.IS-IS.Enable.IS-IS.wi
a5560	74 68 20 53 65 67 6d 65 6e 74 20 52 6f 75 74 69 6e 67 20 28 45 78 70 65 72 69 6d 65 6e 74 61 6c	th.Segment.Routing.(Experimental
a5580	29 00 45 6e 61 62 6c 65 20 4c 2d 53 49 47 20 54 58 4f 50 20 70 72 6f 74 65 63 74 69 6f 6e 20 63	).Enable.L-SIG.TXOP.protection.c
a55a0	61 70 61 62 69 6c 69 74 79 00 45 6e 61 62 6c 65 20 4c 44 50 43 20 28 4c 6f 77 20 44 65 6e 73 69	apability.Enable.LDPC.(Low.Densi
a55c0	74 79 20 50 61 72 69 74 79 20 43 68 65 63 6b 29 20 63 6f 64 69 6e 67 20 63 61 70 61 62 69 6c 69	ty.Parity.Check).coding.capabili
a55e0	74 79 00 45 6e 61 62 6c 65 20 4c 44 50 43 20 63 6f 64 69 6e 67 20 63 61 70 61 62 69 6c 69 74 79	ty.Enable.LDPC.coding.capability
a5600	00 45 6e 61 62 6c 65 20 4c 4c 44 50 20 73 65 72 76 69 63 65 00 45 6e 61 62 6c 65 20 4f 53 50 46	.Enable.LLDP.service.Enable.OSPF
a5620	00 45 6e 61 62 6c 65 20 4f 53 50 46 20 61 6e 64 20 49 47 50 2d 4c 44 50 20 73 79 6e 63 68 72 6f	.Enable.OSPF.and.IGP-LDP.synchro
a5640	6e 69 7a 61 74 69 6f 6e 3a 00 45 6e 61 62 6c 65 20 4f 53 50 46 20 77 69 74 68 20 53 65 67 6d 65	nization:.Enable.OSPF.with.Segme
a5660	6e 74 20 52 6f 75 74 69 6e 67 20 28 45 78 70 65 72 69 6d 65 6e 74 61 6c 29 3a 00 45 6e 61 62 6c	nt.Routing.(Experimental):.Enabl
a5680	65 20 4f 53 50 46 20 77 69 74 68 20 72 6f 75 74 65 20 72 65 64 69 73 74 72 69 62 75 74 69 6f 6e	e.OSPF.with.route.redistribution
a56a0	20 6f 66 20 74 68 65 20 6c 6f 6f 70 62 61 63 6b 20 61 6e 64 20 64 65 66 61 75 6c 74 20 6f 72 69	.of.the.loopback.and.default.ori
a56c0	67 69 6e 61 74 65 3a 00 45 6e 61 62 6c 65 20 4f 54 50 20 32 46 41 20 66 6f 72 20 75 73 65 72 20	ginate:.Enable.OTP.2FA.for.user.
a56e0	60 75 73 65 72 6e 61 6d 65 60 20 77 69 74 68 20 64 65 66 61 75 6c 74 20 73 65 74 74 69 6e 67 73	`username`.with.default.settings
a5700	2c 20 75 73 69 6e 67 20 74 68 65 20 42 41 53 45 33 32 20 65 6e 63 6f 64 65 64 20 32 46 41 2f 4d	,.using.the.BASE32.encoded.2FA/M
a5720	46 41 20 6b 65 79 20 73 70 65 63 69 66 69 65 64 20 62 79 20 60 3c 6b 65 79 3e 60 2e 00 45 6e 61	FA.key.specified.by.`<key>`..Ena
a5740	62 6c 65 20 4f 70 65 6e 56 50 4e 20 44 61 74 61 20 43 68 61 6e 6e 65 6c 20 4f 66 66 6c 6f 61 64	ble.OpenVPN.Data.Channel.Offload
a5760	20 66 65 61 74 75 72 65 20 62 79 20 6c 6f 61 64 69 6e 67 20 74 68 65 20 61 70 70 72 6f 70 72 69	.feature.by.loading.the.appropri
a5780	61 74 65 20 6b 65 72 6e 65 6c 20 6d 6f 64 75 6c 65 2e 00 45 6e 61 62 6c 65 20 53 4e 4d 50 20 71	ate.kernel.module..Enable.SNMP.q
a57a0	75 65 72 69 65 73 20 6f 66 20 74 68 65 20 4c 4c 44 50 20 64 61 74 61 62 61 73 65 00 45 6e 61 62	ueries.of.the.LLDP.database.Enab
a57c0	6c 65 20 53 54 50 00 45 6e 61 62 6c 65 20 54 46 54 50 20 73 65 72 76 69 63 65 20 62 79 20 73 70	le.STP.Enable.TFTP.service.by.sp
a57e0	65 63 69 66 79 69 6e 67 20 74 68 65 20 60 3c 64 69 72 65 63 74 6f 72 79 3e 60 20 77 68 69 63 68	ecifying.the.`<directory>`.which
a5800	20 77 69 6c 6c 20 62 65 20 75 73 65 64 20 74 6f 20 73 65 72 76 65 20 66 69 6c 65 73 2e 00 45 6e	.will.be.used.to.serve.files..En
a5820	61 62 6c 65 20 56 48 54 20 54 58 4f 50 20 50 6f 77 65 72 20 53 61 76 65 20 4d 6f 64 65 00 45 6e	able.VHT.TXOP.Power.Save.Mode.En
a5840	61 62 6c 65 20 56 4c 41 4e 2d 41 77 61 72 65 20 42 72 69 64 67 65 00 45 6e 61 62 6c 65 20 63 72	able.VLAN-Aware.Bridge.Enable.cr
a5860	65 61 74 69 6f 6e 20 6f 66 20 73 68 6f 72 74 63 75 74 20 72 6f 75 74 65 73 2e 00 45 6e 61 62 6c	eation.of.shortcut.routes..Enabl
a5880	65 20 64 69 66 66 65 72 65 6e 74 20 74 79 70 65 73 20 6f 66 20 68 61 72 64 77 61 72 65 20 6f 66	e.different.types.of.hardware.of
a58a0	66 6c 6f 61 64 69 6e 67 20 6f 6e 20 74 68 65 20 67 69 76 65 6e 20 4e 49 43 2e 00 45 6e 61 62 6c	floading.on.the.given.NIC..Enabl
a58c0	65 20 67 69 76 65 6e 20 6c 65 67 61 63 79 20 70 72 6f 74 6f 63 6f 6c 20 6f 6e 20 74 68 69 73 20	e.given.legacy.protocol.on.this.
a58e0	4c 4c 44 50 20 69 6e 73 74 61 6e 63 65 2e 20 4c 65 67 61 63 79 20 70 72 6f 74 6f 63 6f 6c 73 20	LLDP.instance..Legacy.protocols.
a5900	69 6e 63 6c 75 64 65 3a 00 45 6e 61 62 6c 65 20 6c 61 79 65 72 20 37 20 48 54 54 50 20 68 65 61	include:.Enable.layer.7.HTTP.hea
a5920	6c 74 68 20 63 68 65 63 6b 00 45 6e 61 62 6c 65 20 6f 72 20 44 69 73 61 62 6c 65 20 56 79 4f 53	lth.check.Enable.or.Disable.VyOS
a5940	20 74 6f 20 62 65 20 3a 72 66 63 3a 60 31 33 33 37 60 20 63 6f 6e 66 6f 72 6d 2e 20 54 68 65 20	.to.be.:rfc:`1337`.conform..The.
a5960	66 6f 6c 6c 6f 77 69 6e 67 20 73 79 73 74 65 6d 20 70 61 72 61 6d 65 74 65 72 20 77 69 6c 6c 20	following.system.parameter.will.
a5980	62 65 20 61 6c 74 65 72 65 64 3a 00 45 6e 61 62 6c 65 20 6f 72 20 44 69 73 61 62 6c 65 20 69 66	be.altered:.Enable.or.Disable.if
a59a0	20 56 79 4f 53 20 75 73 65 20 49 50 76 34 20 54 43 50 20 53 59 4e 20 43 6f 6f 6b 69 65 73 2e 20	.VyOS.use.IPv4.TCP.SYN.Cookies..
a59c0	54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 73 79 73 74 65 6d 20 70 61 72 61 6d 65 74 65 72 20 77	The.following.system.parameter.w
a59e0	69 6c 6c 20 62 65 20 61 6c 74 65 72 65 64 3a 00 45 6e 61 62 6c 65 20 6f 72 20 64 69 73 61 62 6c	ill.be.altered:.Enable.or.disabl
a5a00	65 20 6c 6f 67 67 69 6e 67 20 66 6f 72 20 74 68 65 20 6d 61 74 63 68 65 64 20 70 61 63 6b 65 74	e.logging.for.the.matched.packet
a5a20	2e 00 45 6e 61 62 6c 65 20 6f 73 70 66 20 6f 6e 20 61 6e 20 69 6e 74 65 72 66 61 63 65 20 61 6e	..Enable.ospf.on.an.interface.an
a5a40	64 20 73 65 74 20 61 73 73 6f 63 69 61 74 65 64 20 61 72 65 61 2e 00 45 6e 61 62 6c 65 20 70 6f	d.set.associated.area..Enable.po
a5a60	6c 69 63 79 20 66 6f 72 20 73 6f 75 72 63 65 20 76 61 6c 69 64 61 74 69 6f 6e 20 62 79 20 72 65	licy.for.source.validation.by.re
a5a80	76 65 72 73 65 64 20 70 61 74 68 2c 20 61 73 20 73 70 65 63 69 66 69 65 64 20 69 6e 20 3a 72 66	versed.path,.as.specified.in.:rf
a5aa0	63 3a 60 33 37 30 34 60 2e 20 43 75 72 72 65 6e 74 20 72 65 63 6f 6d 6d 65 6e 64 65 64 20 70 72	c:`3704`..Current.recommended.pr
a5ac0	61 63 74 69 63 65 20 69 6e 20 3a 72 66 63 3a 60 33 37 30 34 60 20 69 73 20 74 6f 20 65 6e 61 62	actice.in.:rfc:`3704`.is.to.enab
a5ae0	6c 65 20 73 74 72 69 63 74 20 6d 6f 64 65 20 74 6f 20 70 72 65 76 65 6e 74 20 49 50 20 73 70 6f	le.strict.mode.to.prevent.IP.spo
a5b00	6f 66 69 6e 67 20 66 72 6f 6d 20 44 44 6f 73 20 61 74 74 61 63 6b 73 2e 20 49 66 20 75 73 69 6e	ofing.from.DDos.attacks..If.usin
a5b20	67 20 61 73 79 6d 6d 65 74 72 69 63 20 72 6f 75 74 69 6e 67 20 6f 72 20 6f 74 68 65 72 20 63 6f	g.asymmetric.routing.or.other.co
a5b40	6d 70 6c 69 63 61 74 65 64 20 72 6f 75 74 69 6e 67 2c 20 74 68 65 6e 20 6c 6f 6f 73 65 20 6d 6f	mplicated.routing,.then.loose.mo
a5b60	64 65 20 69 73 20 72 65 63 6f 6d 6d 65 6e 64 65 64 2e 00 45 6e 61 62 6c 65 20 72 65 63 65 69 76	de.is.recommended..Enable.receiv
a5b80	69 6e 67 20 50 50 44 55 20 75 73 69 6e 67 20 53 54 42 43 20 28 53 70 61 63 65 20 54 69 6d 65 20	ing.PPDU.using.STBC.(Space.Time.
a5ba0	42 6c 6f 63 6b 20 43 6f 64 69 6e 67 29 00 45 6e 61 62 6c 65 20 73 61 6d 70 6c 69 6e 67 20 6f 66	Block.Coding).Enable.sampling.of
a5bc0	20 70 61 63 6b 65 74 73 2c 20 77 68 69 63 68 20 77 69 6c 6c 20 62 65 20 74 72 61 6e 73 6d 69 74	.packets,.which.will.be.transmit
a5be0	74 65 64 20 74 6f 20 73 46 6c 6f 77 20 63 6f 6c 6c 65 63 74 6f 72 73 2e 00 45 6e 61 62 6c 65 20	ted.to.sFlow.collectors..Enable.
a5c00	73 65 6e 64 69 6e 67 20 50 50 44 55 20 75 73 69 6e 67 20 53 54 42 43 20 28 53 70 61 63 65 20 54	sending.PPDU.using.STBC.(Space.T
a5c20	69 6d 65 20 42 6c 6f 63 6b 20 43 6f 64 69 6e 67 29 00 45 6e 61 62 6c 65 20 73 65 6e 64 69 6e 67	ime.Block.Coding).Enable.sending
a5c40	20 6f 66 20 43 69 73 63 6f 20 73 74 79 6c 65 20 4e 48 52 50 20 54 72 61 66 66 69 63 20 49 6e 64	.of.Cisco.style.NHRP.Traffic.Ind
a5c60	69 63 61 74 69 6f 6e 20 70 61 63 6b 65 74 73 2e 20 49 66 20 74 68 69 73 20 69 73 20 65 6e 61 62	ication.packets..If.this.is.enab
a5c80	6c 65 64 20 61 6e 64 20 6f 70 65 6e 6e 68 72 70 20 64 65 74 65 63 74 73 20 61 20 66 6f 72 77 61	led.and.opennhrp.detects.a.forwa
a5ca0	72 64 65 64 20 20 70 61 63 6b 65 74 2c 20 69 74 20 77 69 6c 6c 20 73 65 6e 64 20 61 20 6d 65 73	rded..packet,.it.will.send.a.mes
a5cc0	73 61 67 65 20 74 6f 20 74 68 65 20 6f 72 69 67 69 6e 61 6c 20 73 65 6e 64 65 72 20 6f 66 20 74	sage.to.the.original.sender.of.t
a5ce0	68 65 20 70 61 63 6b 65 74 20 69 6e 73 74 72 75 63 74 69 6e 67 20 69 74 20 74 6f 20 63 72 65 61	he.packet.instructing.it.to.crea
a5d00	74 65 20 61 20 64 69 72 65 63 74 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 77 69 74 68 20 74 68 65 20	te.a.direct.connection.with.the.
a5d20	64 65 73 74 69 6e 61 74 69 6f 6e 2e 20 54 68 69 73 20 69 73 20 62 61 73 69 63 61 6c 6c 79 20 61	destination..This.is.basically.a
a5d40	20 70 72 6f 74 6f 63 6f 6c 20 69 6e 64 65 70 65 6e 64 65 6e 74 20 65 71 75 69 76 61 6c 65 6e 74	.protocol.independent.equivalent
a5d60	20 6f 66 20 49 43 4d 50 20 72 65 64 69 72 65 63 74 2e 00 45 6e 61 62 6c 65 20 73 70 61 6e 6e 69	.of.ICMP.redirect..Enable.spanni
a5d80	6e 67 20 74 72 65 65 20 70 72 6f 74 6f 63 6f 6c 2e 20 53 54 50 20 69 73 20 64 69 73 61 62 6c 65	ng.tree.protocol..STP.is.disable
a5da0	64 20 62 79 20 64 65 66 61 75 6c 74 2e 00 45 6e 61 62 6c 65 20 74 68 65 20 4f 70 61 71 75 65 2d	d.by.default..Enable.the.Opaque-
a5dc0	4c 53 41 20 63 61 70 61 62 69 6c 69 74 79 20 28 72 66 63 32 33 37 30 29 2c 20 6e 65 63 65 73 73	LSA.capability.(rfc2370),.necess
a5de0	61 72 79 20 74 6f 20 74 72 61 6e 73 70 6f 72 74 20 6c 61 62 65 6c 20 6f 6e 20 49 47 50 00 45 6e	ary.to.transport.label.on.IGP.En
a5e00	61 62 6c 65 20 74 68 69 73 20 66 65 61 74 75 72 65 20 63 61 75 73 65 73 20 61 6e 20 69 6e 74 65	able.this.feature.causes.an.inte
a5e20	72 66 61 63 65 20 72 65 73 65 74 2e 00 45 6e 61 62 6c 65 20 74 72 61 6e 73 6d 69 73 73 69 6f 6e	rface.reset..Enable.transmission
a5e40	20 6f 66 20 4c 4c 44 50 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 6f 6e 20 67 69 76 65 6e 20 60 3c	.of.LLDP.information.on.given.`<
a5e60	69 6e 74 65 72 66 61 63 65 3e 60 2e 20 59 6f 75 20 63 61 6e 20 61 6c 73 6f 20 73 61 79 20 60 60	interface>`..You.can.also.say.``
a5e80	61 6c 6c 60 60 20 68 65 72 65 20 73 6f 20 4c 4c 44 50 20 69 73 20 74 75 72 6e 65 64 20 6f 6e 20	all``.here.so.LLDP.is.turned.on.
a5ea0	6f 6e 20 65 76 65 72 79 20 69 6e 74 65 72 66 61 63 65 2e 00 45 6e 61 62 6c 65 64 20 6f 6e 2d 64	on.every.interface..Enabled.on-d
a5ec0	65 6d 61 6e 64 20 50 50 50 6f 45 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 62 72 69 6e 67 20 75 70	emand.PPPoE.connections.bring.up
a5ee0	20 74 68 65 20 6c 69 6e 6b 20 6f 6e 6c 79 20 77 68 65 6e 20 74 72 61 66 66 69 63 20 6e 65 65 64	.the.link.only.when.traffic.need
a5f00	73 20 74 6f 20 70 61 73 73 20 74 68 69 73 20 6c 69 6e 6b 2e 20 20 49 66 20 74 68 65 20 6c 69 6e	s.to.pass.this.link...If.the.lin
a5f20	6b 20 66 61 69 6c 73 20 66 6f 72 20 61 6e 79 20 72 65 61 73 6f 6e 2c 20 74 68 65 20 6c 69 6e 6b	k.fails.for.any.reason,.the.link
a5f40	20 69 73 20 62 72 6f 75 67 68 74 20 62 61 63 6b 20 75 70 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c	.is.brought.back.up.automaticall
a5f60	79 20 6f 6e 63 65 20 74 72 61 66 66 69 63 20 70 61 73 73 65 73 20 74 68 65 20 69 6e 74 65 72 66	y.once.traffic.passes.the.interf
a5f80	61 63 65 20 61 67 61 69 6e 2e 20 49 66 20 79 6f 75 20 63 6f 6e 66 69 67 75 72 65 20 61 6e 20 6f	ace.again..If.you.configure.an.o
a5fa0	6e 2d 64 65 6d 61 6e 64 20 50 50 50 6f 45 20 63 6f 6e 6e 65 63 74 69 6f 6e 2c 20 79 6f 75 20 6d	n-demand.PPPoE.connection,.you.m
a5fc0	75 73 74 20 61 6c 73 6f 20 63 6f 6e 66 69 67 75 72 65 20 74 68 65 20 69 64 6c 65 20 74 69 6d 65	ust.also.configure.the.idle.time
a5fe0	6f 75 74 20 70 65 72 69 6f 64 2c 20 61 66 74 65 72 20 77 68 69 63 68 20 61 6e 20 69 64 6c 65 20	out.period,.after.which.an.idle.
a6000	50 50 50 6f 45 20 6c 69 6e 6b 20 77 69 6c 6c 20 62 65 20 64 69 73 63 6f 6e 6e 65 63 74 65 64 2e	PPPoE.link.will.be.disconnected.
a6020	20 41 20 6e 6f 6e 2d 7a 65 72 6f 20 69 64 6c 65 20 74 69 6d 65 6f 75 74 20 77 69 6c 6c 20 6e 65	.A.non-zero.idle.timeout.will.ne
a6040	76 65 72 20 64 69 73 63 6f 6e 6e 65 63 74 20 74 68 65 20 6c 69 6e 6b 20 61 66 74 65 72 20 69 74	ver.disconnect.the.link.after.it
a6060	20 66 69 72 73 74 20 63 61 6d 65 20 75 70 2e 00 45 6e 61 62 6c 65 73 20 43 69 73 63 6f 20 73 74	.first.came.up..Enables.Cisco.st
a6080	79 6c 65 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 6f 6e 20 4e 48 52 50 20 70 61 63 6b 65	yle.authentication.on.NHRP.packe
a60a0	74 73 2e 20 54 68 69 73 20 65 6d 62 65 64 73 20 74 68 65 20 73 65 63 72 65 74 20 70 6c 61 69 6e	ts..This.embeds.the.secret.plain
a60c0	74 65 78 74 20 70 61 73 73 77 6f 72 64 20 74 6f 20 74 68 65 20 6f 75 74 67 6f 69 6e 67 20 4e 48	text.password.to.the.outgoing.NH
a60e0	52 50 20 70 61 63 6b 65 74 73 2e 20 49 6e 63 6f 6d 69 6e 67 20 4e 48 52 50 20 70 61 63 6b 65 74	RP.packets..Incoming.NHRP.packet
a6100	73 20 6f 6e 20 74 68 69 73 20 69 6e 74 65 72 66 61 63 65 20 61 72 65 20 64 69 73 63 61 72 64 65	s.on.this.interface.are.discarde
a6120	64 20 75 6e 6c 65 73 73 20 74 68 65 20 73 65 63 72 65 74 20 70 61 73 73 77 6f 72 64 20 69 73 20	d.unless.the.secret.password.is.
a6140	70 72 65 73 65 6e 74 2e 20 4d 61 78 69 6d 75 6d 20 6c 65 6e 67 74 68 20 6f 66 20 74 68 65 20 73	present..Maximum.length.of.the.s
a6160	65 63 72 65 74 20 69 73 20 38 20 63 68 61 72 61 63 74 65 72 73 2e 00 45 6e 61 62 6c 65 73 20 61	ecret.is.8.characters..Enables.a
a6180	6e 20 4d 50 4c 53 20 6c 61 62 65 6c 20 74 6f 20 62 65 20 61 74 74 61 63 68 65 64 20 74 6f 20 61	n.MPLS.label.to.be.attached.to.a
a61a0	20 72 6f 75 74 65 20 65 78 70 6f 72 74 65 64 20 66 72 6f 6d 20 74 68 65 20 63 75 72 72 65 6e 74	.route.exported.from.the.current
a61c0	20 75 6e 69 63 61 73 74 20 56 52 46 20 74 6f 20 56 50 4e 2e 20 49 66 20 74 68 65 20 76 61 6c 75	.unicast.VRF.to.VPN..If.the.valu
a61e0	65 20 73 70 65 63 69 66 69 65 64 20 69 73 20 61 75 74 6f 2c 20 74 68 65 20 6c 61 62 65 6c 20 76	e.specified.is.auto,.the.label.v
a6200	61 6c 75 65 20 69 73 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 61 73 73 69 67 6e 65 64 20 66	alue.is.automatically.assigned.f
a6220	72 6f 6d 20 61 20 70 6f 6f 6c 20 6d 61 69 6e 74 61 69 6e 65 64 2e 00 45 6e 61 62 6c 65 73 20 62	rom.a.pool.maintained..Enables.b
a6240	61 6e 64 77 69 64 74 68 20 73 68 61 70 69 6e 67 20 76 69 61 20 52 41 44 49 55 53 2e 00 45 6e 61	andwidth.shaping.via.RADIUS..Ena
a6260	62 6c 65 73 20 69 6d 70 6f 72 74 20 6f 72 20 65 78 70 6f 72 74 20 6f 66 20 72 6f 75 74 65 73 20	bles.import.or.export.of.routes.
a6280	62 65 74 77 65 65 6e 20 74 68 65 20 63 75 72 72 65 6e 74 20 75 6e 69 63 61 73 74 20 56 52 46 20	between.the.current.unicast.VRF.
a62a0	61 6e 64 20 56 50 4e 2e 00 45 6e 61 62 6c 65 73 20 74 68 65 20 65 63 68 6f 20 74 72 61 6e 73 6d	and.VPN..Enables.the.echo.transm
a62c0	69 73 73 69 6f 6e 20 6d 6f 64 65 00 45 6e 61 62 6c 69 6e 67 20 41 64 76 65 72 74 69 73 6d 65 6e	ission.mode.Enabling.Advertismen
a62e0	74 73 00 45 6e 61 62 6c 69 6e 67 20 4f 70 65 6e 56 50 4e 20 44 43 4f 00 45 6e 61 62 6c 69 6e 67	ts.Enabling.OpenVPN.DCO.Enabling
a6300	20 53 53 48 20 6f 6e 6c 79 20 72 65 71 75 69 72 65 73 20 79 6f 75 20 74 6f 20 73 70 65 63 69 66	.SSH.only.requires.you.to.specif
a6320	79 20 74 68 65 20 70 6f 72 74 20 60 60 3c 70 6f 72 74 3e 60 60 20 79 6f 75 20 77 61 6e 74 20 53	y.the.port.``<port>``.you.want.S
a6340	53 48 20 74 6f 20 6c 69 73 74 65 6e 20 6f 6e 2e 20 42 79 20 64 65 66 61 75 6c 74 2c 20 53 53 48	SH.to.listen.on..By.default,.SSH
a6360	20 72 75 6e 73 20 6f 6e 20 70 6f 72 74 20 32 32 2e 00 45 6e 61 62 6c 69 6e 67 20 74 68 69 73 20	.runs.on.port.22..Enabling.this.
a6380	66 75 6e 63 74 69 6f 6e 20 69 6e 63 72 65 61 73 65 73 20 74 68 65 20 72 69 73 6b 20 6f 66 20 62	function.increases.the.risk.of.b
a63a0	61 6e 64 77 69 64 74 68 20 73 61 74 75 72 61 74 69 6f 6e 2e 00 45 6e 66 6f 72 63 65 20 73 74 72	andwidth.saturation..Enforce.str
a63c0	69 63 74 20 70 61 74 68 20 63 68 65 63 6b 69 6e 67 00 45 6e 73 6c 61 76 65 20 60 3c 6d 65 6d 62	ict.path.checking.Enslave.`<memb
a63e0	65 72 3e 60 20 69 6e 74 65 72 66 61 63 65 20 74 6f 20 62 6f 6e 64 20 60 3c 69 6e 74 65 72 66 61	er>`.interface.to.bond.`<interfa
a6400	63 65 3e 60 2e 00 45 6e 73 75 72 65 20 74 68 61 74 20 77 68 65 6e 20 63 6f 6d 70 61 72 69 6e 67	ce>`..Ensure.that.when.comparing
a6420	20 72 6f 75 74 65 73 20 77 68 65 72 65 20 62 6f 74 68 20 61 72 65 20 65 71 75 61 6c 20 6f 6e 20	.routes.where.both.are.equal.on.
a6440	6d 6f 73 74 20 6d 65 74 72 69 63 73 2c 20 69 6e 63 6c 75 64 69 6e 67 20 6c 6f 63 61 6c 2d 70 72	most.metrics,.including.local-pr
a6460	65 66 2c 20 41 53 5f 50 41 54 48 20 6c 65 6e 67 74 68 2c 20 49 47 50 20 63 6f 73 74 2c 20 4d 45	ef,.AS_PATH.length,.IGP.cost,.ME
a6480	44 2c 20 74 68 61 74 20 74 68 65 20 74 69 65 20 69 73 20 62 72 6f 6b 65 6e 20 62 61 73 65 64 20	D,.that.the.tie.is.broken.based.
a64a0	6f 6e 20 72 6f 75 74 65 72 2d 49 44 2e 00 45 6e 74 65 72 70 72 69 73 65 20 69 6e 73 74 61 6c 6c	on.router-ID..Enterprise.install
a64c0	61 74 69 6f 6e 73 20 75 73 75 61 6c 6c 79 20 73 68 69 70 20 61 20 6b 69 6e 64 20 6f 66 20 64 69	ations.usually.ship.a.kind.of.di
a64e0	72 65 63 74 6f 72 79 20 73 65 72 76 69 63 65 20 77 68 69 63 68 20 69 73 20 75 73 65 64 20 74 6f	rectory.service.which.is.used.to
a6500	20 68 61 76 65 20 61 20 73 69 6e 67 6c 65 20 70 61 73 73 77 6f 72 64 20 73 74 6f 72 65 20 66 6f	.have.a.single.password.store.fo
a6520	72 20 61 6c 6c 20 65 6d 70 6c 6f 79 65 65 73 2e 20 56 79 4f 53 20 61 6e 64 20 4f 70 65 6e 56 50	r.all.employees..VyOS.and.OpenVP
a6540	4e 20 73 75 70 70 6f 72 74 20 75 73 69 6e 67 20 4c 44 41 50 2f 41 44 20 61 73 20 73 69 6e 67 6c	N.support.using.LDAP/AD.as.singl
a6560	65 20 75 73 65 72 20 62 61 63 6b 65 6e 64 2e 00 45 72 69 63 73 73 6f 6e 20 63 61 6c 6c 20 69 74	e.user.backend..Ericsson.call.it
a6580	20 4d 41 43 2d 46 6f 72 63 65 64 20 46 6f 72 77 61 72 64 69 6e 67 20 28 52 46 43 20 44 72 61 66	.MAC-Forced.Forwarding.(RFC.Draf
a65a0	74 29 00 45 72 72 6f 72 00 45 72 72 6f 72 20 63 6f 6e 64 69 74 69 6f 6e 73 00 45 73 74 61 62 6c	t).Error.Error.conditions.Establ
a65c0	69 73 68 65 64 20 73 65 73 73 69 6f 6e 73 20 63 61 6e 20 62 65 20 76 69 65 77 65 64 20 75 73 69	ished.sessions.can.be.viewed.usi
a65e0	6e 67 20 74 68 65 20 2a 2a 73 68 6f 77 20 6c 32 74 70 2d 73 65 72 76 65 72 20 73 65 73 73 69 6f	ng.the.**show.l2tp-server.sessio
a6600	6e 73 2a 2a 20 6f 70 65 72 61 74 69 6f 6e 61 6c 20 63 6f 6d 6d 61 6e 64 00 45 74 68 65 72 6e 65	ns**.operational.command.Etherne
a6620	74 00 45 74 68 65 72 6e 65 74 20 66 6c 6f 77 20 63 6f 6e 74 72 6f 6c 20 69 73 20 61 20 6d 65 63	t.Ethernet.flow.control.is.a.mec
a6640	68 61 6e 69 73 6d 20 66 6f 72 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 73 74 6f 70 70 69 6e 67 20	hanism.for.temporarily.stopping.
a6660	74 68 65 20 74 72 61 6e 73 6d 69 73 73 69 6f 6e 20 6f 66 20 64 61 74 61 20 6f 6e 20 45 74 68 65	the.transmission.of.data.on.Ethe
a6680	72 6e 65 74 20 66 61 6d 69 6c 79 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 73 2e 20 54	rnet.family.computer.networks..T
a66a0	68 65 20 67 6f 61 6c 20 6f 66 20 74 68 69 73 20 6d 65 63 68 61 6e 69 73 6d 20 69 73 20 74 6f 20	he.goal.of.this.mechanism.is.to.
a66c0	65 6e 73 75 72 65 20 7a 65 72 6f 20 70 61 63 6b 65 74 20 6c 6f 73 73 20 69 6e 20 74 68 65 20 70	ensure.zero.packet.loss.in.the.p
a66e0	72 65 73 65 6e 63 65 20 6f 66 20 6e 65 74 77 6f 72 6b 20 63 6f 6e 67 65 73 74 69 6f 6e 2e 00 45	resence.of.network.congestion..E
a6700	74 68 65 72 6e 65 74 20 6f 70 74 69 6f 6e 73 00 45 76 65 6e 74 20 48 61 6e 64 6c 65 72 00 45 76	thernet.options.Event.Handler.Ev
a6720	65 6e 74 20 48 61 6e 64 6c 65 72 20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 53 74 65 70 73 00	ent.Handler.Configuration.Steps.
a6740	45 76 65 6e 74 20 48 61 6e 64 6c 65 72 20 54 65 63 68 6e 6f 6c 6f 67 79 20 4f 76 65 72 76 69 65	Event.Handler.Technology.Overvie
a6760	77 00 45 76 65 6e 74 20 68 61 6e 64 6c 65 72 20 61 6c 6c 6f 77 73 20 79 6f 75 20 74 6f 20 65 78	w.Event.handler.allows.you.to.ex
a6780	65 63 75 74 65 20 73 63 72 69 70 74 73 20 77 68 65 6e 20 61 20 73 74 72 69 6e 67 20 74 68 61 74	ecute.scripts.when.a.string.that
a67a0	20 6d 61 74 63 68 65 73 20 61 20 72 65 67 65 78 20 6f 72 20 61 20 72 65 67 65 78 20 77 69 74 68	.matches.a.regex.or.a.regex.with
a67c0	20 61 20 73 65 72 76 69 63 65 20 6e 61 6d 65 20 61 70 70 65 61 72 73 20 69 6e 20 6a 6f 75 72 6e	.a.service.name.appears.in.journ
a67e0	61 6c 64 20 6c 6f 67 73 2e 20 59 6f 75 20 63 61 6e 20 70 61 73 73 20 76 61 72 69 61 62 6c 65 73	ald.logs..You.can.pass.variables
a6800	2c 20 61 72 67 75 6d 65 6e 74 73 2c 20 61 6e 64 20 61 20 66 75 6c 6c 20 6d 61 74 63 68 69 6e 67	,.arguments,.and.a.full.matching
a6820	20 73 74 72 69 6e 67 20 74 6f 20 74 68 65 20 73 63 72 69 70 74 2e 00 45 76 65 6e 74 20 68 61 6e	.string.to.the.script..Event.han
a6840	64 6c 65 72 20 73 63 72 69 70 74 00 45 76 65 6e 74 20 68 61 6e 64 6c 65 72 20 74 68 61 74 20 6d	dler.script.Event.handler.that.m
a6860	6f 6e 69 74 6f 72 73 20 74 68 65 20 73 74 61 74 65 20 6f 66 20 69 6e 74 65 72 66 61 63 65 20 65	onitors.the.state.of.interface.e
a6880	74 68 30 2e 00 45 76 65 72 79 20 4e 41 54 20 72 75 6c 65 20 68 61 73 20 61 20 74 72 61 6e 73 6c	th0..Every.NAT.rule.has.a.transl
a68a0	61 74 69 6f 6e 20 63 6f 6d 6d 61 6e 64 20 64 65 66 69 6e 65 64 2e 20 54 68 65 20 61 64 64 72 65	ation.command.defined..The.addre
a68c0	73 73 20 64 65 66 69 6e 65 64 20 66 6f 72 20 74 68 65 20 74 72 61 6e 73 6c 61 74 69 6f 6e 20 69	ss.defined.for.the.translation.i
a68e0	73 20 74 68 65 20 61 64 64 72 65 73 73 20 75 73 65 64 20 77 68 65 6e 20 74 68 65 20 61 64 64 72	s.the.address.used.when.the.addr
a6900	65 73 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 69 6e 20 61 20 70 61 63 6b 65 74 20 69 73 20 72	ess.information.in.a.packet.is.r
a6920	65 70 6c 61 63 65 64 2e 00 45 76 65 72 79 20 53 4e 41 54 36 36 20 72 75 6c 65 20 68 61 73 20 61	eplaced..Every.SNAT66.rule.has.a
a6940	20 74 72 61 6e 73 6c 61 74 69 6f 6e 20 63 6f 6d 6d 61 6e 64 20 64 65 66 69 6e 65 64 2e 20 54 68	.translation.command.defined..Th
a6960	65 20 70 72 65 66 69 78 20 64 65 66 69 6e 65 64 20 66 6f 72 20 74 68 65 20 74 72 61 6e 73 6c 61	e.prefix.defined.for.the.transla
a6980	74 69 6f 6e 20 69 73 20 74 68 65 20 70 72 65 66 69 78 20 75 73 65 64 20 77 68 65 6e 20 74 68 65	tion.is.the.prefix.used.when.the
a69a0	20 61 64 64 72 65 73 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 69 6e 20 61 20 70 61 63 6b 65 74	.address.information.in.a.packet
a69c0	20 69 73 20 72 65 70 6c 61 63 65 64 2e e3 80 81 00 45 76 65 72 79 20 53 53 48 20 6b 65 79 20 63	.is.replaced.....Every.SSH.key.c
a69e0	6f 6d 65 73 20 69 6e 20 74 68 72 65 65 20 70 61 72 74 73 3a 00 45 76 65 72 79 20 53 53 48 20 70	omes.in.three.parts:.Every.SSH.p
a6a00	75 62 6c 69 63 20 6b 65 79 20 70 6f 72 74 69 6f 6e 20 72 65 66 65 72 65 6e 63 65 64 20 62 79 20	ublic.key.portion.referenced.by.
a6a20	60 3c 69 64 65 6e 74 69 66 69 65 72 3e 60 20 72 65 71 75 69 72 65 73 20 74 68 65 20 63 6f 6e 66	`<identifier>`.requires.the.conf
a6a40	69 67 75 72 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 60 3c 74 79 70 65 3e 60 20 6f 66 20 70 75 62	iguration.of.the.`<type>`.of.pub
a6a60	6c 69 63 2d 6b 65 79 20 75 73 65 64 2e 20 54 68 69 73 20 74 79 70 65 20 63 61 6e 20 62 65 20 61	lic-key.used..This.type.can.be.a
a6a80	6e 79 20 6f 66 3a 00 45 76 65 72 79 20 55 44 50 20 70 6f 72 74 20 77 68 69 63 68 20 77 69 6c 6c	ny.of:.Every.UDP.port.which.will
a6aa0	20 62 65 20 66 6f 72 77 61 72 64 20 72 65 71 75 69 72 65 73 20 6f 6e 65 20 75 6e 69 71 75 65 20	.be.forward.requires.one.unique.
a6ac0	49 44 2e 20 43 75 72 72 65 6e 74 6c 79 20 77 65 20 73 75 70 70 6f 72 74 20 39 39 20 49 44 73 21	ID..Currently.we.support.99.IDs!
a6ae0	00 45 76 65 72 79 20 56 69 72 74 75 61 6c 20 45 74 68 65 72 6e 65 74 20 69 6e 74 65 72 66 61 63	.Every.Virtual.Ethernet.interfac
a6b00	65 73 20 62 65 68 61 76 65 73 20 6c 69 6b 65 20 61 20 72 65 61 6c 20 45 74 68 65 72 6e 65 74 20	es.behaves.like.a.real.Ethernet.
a6b20	69 6e 74 65 72 66 61 63 65 2e 20 54 68 65 79 20 63 61 6e 20 68 61 76 65 20 49 50 76 34 2f 49 50	interface..They.can.have.IPv4/IP
a6b40	76 36 20 61 64 64 72 65 73 73 65 73 20 63 6f 6e 66 69 67 75 72 65 64 2c 20 6f 72 20 63 61 6e 20	v6.addresses.configured,.or.can.
a6b60	72 65 71 75 65 73 74 20 61 64 64 72 65 73 73 65 73 20 62 79 20 44 48 43 50 2f 20 44 48 43 50 76	request.addresses.by.DHCP/.DHCPv
a6b80	36 20 61 6e 64 20 61 72 65 20 61 73 73 6f 63 69 61 74 65 64 2f 6d 61 70 70 65 64 20 77 69 74 68	6.and.are.associated/mapped.with
a6ba0	20 61 20 72 65 61 6c 20 65 74 68 65 72 6e 65 74 20 70 6f 72 74 2e 20 54 68 69 73 20 61 6c 73 6f	.a.real.ethernet.port..This.also
a6bc0	20 6d 61 6b 65 73 20 50 73 65 75 64 6f 2d 45 74 68 65 72 6e 65 74 20 69 6e 74 65 72 66 61 63 65	.makes.Pseudo-Ethernet.interface
a6be0	73 20 69 6e 74 65 72 65 73 74 69 6e 67 20 66 6f 72 20 74 65 73 74 69 6e 67 20 70 75 72 70 6f 73	s.interesting.for.testing.purpos
a6c00	65 73 2e 20 41 20 50 73 65 75 64 6f 2d 45 74 68 65 72 6e 65 74 20 64 65 76 69 63 65 20 77 69 6c	es..A.Pseudo-Ethernet.device.wil
a6c20	6c 20 69 6e 68 65 72 69 74 20 63 68 61 72 61 63 74 65 72 69 73 74 69 63 73 20 28 73 70 65 65 64	l.inherit.characteristics.(speed
a6c40	2c 20 64 75 70 6c 65 78 2c 20 2e 2e 2e 29 20 66 72 6f 6d 20 69 74 73 20 70 68 79 73 69 63 61 6c	,.duplex,....).from.its.physical
a6c60	20 70 61 72 65 6e 74 20 28 74 68 65 20 73 6f 20 63 61 6c 6c 65 64 20 6c 69 6e 6b 29 20 69 6e 74	.parent.(the.so.called.link).int
a6c80	65 72 66 61 63 65 2e 00 45 76 65 72 79 20 57 57 41 4e 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 72 65	erface..Every.WWAN.connection.re
a6ca0	71 75 69 72 65 73 20 61 6e 20 3a 61 62 62 72 3a 60 41 50 4e 20 28 41 63 63 65 73 73 20 50 6f 69	quires.an.:abbr:`APN.(Access.Poi
a6cc0	6e 74 20 4e 61 6d 65 29 60 20 77 68 69 63 68 20 69 73 20 75 73 65 64 20 62 79 20 74 68 65 20 63	nt.Name)`.which.is.used.by.the.c
a6ce0	6c 69 65 6e 74 20 74 6f 20 64 69 61 6c 20 69 6e 74 6f 20 74 68 65 20 49 53 50 73 20 6e 65 74 77	lient.to.dial.into.the.ISPs.netw
a6d00	6f 72 6b 2e 20 54 68 69 73 20 69 73 20 61 20 6d 61 6e 64 61 74 6f 72 79 20 70 61 72 61 6d 65 74	ork..This.is.a.mandatory.paramet
a6d20	65 72 2e 20 43 6f 6e 74 61 63 74 20 79 6f 75 72 20 53 65 72 76 69 63 65 20 50 72 6f 76 69 64 65	er..Contact.your.Service.Provide
a6d40	72 20 66 6f 72 20 63 6f 72 72 65 63 74 20 41 50 4e 2e 00 45 78 61 6d 70 6c 65 00 45 78 61 6d 70	r.for.correct.APN..Example.Examp
a6d60	6c 65 20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 00 45 78 61 6d 70 6c 65 20 49 50 76 36 20 6f 6e	le.Configuration.Example.IPv6.on
a6d80	6c 79 3a 00 45 78 61 6d 70 6c 65 20 4e 65 74 77 6f 72 6b 00 45 78 61 6d 70 6c 65 20 50 61 72 74	ly:.Example.Network.Example.Part
a6da0	69 61 6c 20 43 6f 6e 66 69 67 00 45 78 61 6d 70 6c 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e	ial.Config.Example.configuration
a6dc0	20 66 6f 72 20 57 69 72 65 47 75 61 72 64 20 69 6e 74 65 72 66 61 63 65 73 3a 00 45 78 61 6d 70	.for.WireGuard.interfaces:.Examp
a6de0	6c 65 20 66 6f 72 20 63 68 61 6e 67 69 6e 67 20 72 61 74 65 2d 6c 69 6d 69 74 20 76 69 61 20 52	le.for.changing.rate-limit.via.R
a6e00	41 44 49 55 53 20 43 6f 41 2e 00 45 78 61 6d 70 6c 65 20 66 6f 72 20 63 6f 6e 66 69 67 75 72 69	ADIUS.CoA..Example.for.configuri
a6e20	6e 67 20 61 20 73 69 6d 70 6c 65 20 4c 32 54 50 20 6f 76 65 72 20 49 50 73 65 63 20 56 50 4e 20	ng.a.simple.L2TP.over.IPsec.VPN.
a6e40	66 6f 72 20 72 65 6d 6f 74 65 20 61 63 63 65 73 73 20 28 77 6f 72 6b 73 20 77 69 74 68 20 6e 61	for.remote.access.(works.with.na
a6e60	74 69 76 65 20 57 69 6e 64 6f 77 73 20 61 6e 64 20 4d 61 63 20 56 50 4e 20 63 6c 69 65 6e 74 73	tive.Windows.and.Mac.VPN.clients
a6e80	29 3a 00 45 78 61 6d 70 6c 65 20 6f 66 20 72 65 64 69 72 65 63 74 69 6f 6e 3a 00 45 78 61 6d 70	):.Example.of.redirection:.Examp
a6ea0	6c 65 2c 20 66 72 6f 6d 20 72 61 64 69 75 73 2d 73 65 72 76 65 72 20 73 65 6e 64 20 63 6f 6d 6d	le,.from.radius-server.send.comm
a6ec0	61 6e 64 20 66 6f 72 20 64 69 73 63 6f 6e 6e 65 63 74 20 63 6c 69 65 6e 74 20 77 69 74 68 20 75	and.for.disconnect.client.with.u
a6ee0	73 65 72 6e 61 6d 65 20 74 65 73 74 00 45 78 61 6d 70 6c 65 3a 00 45 78 61 6d 70 6c 65 3a 20 44	sername.test.Example:.Example:.D
a6f00	65 6c 65 67 61 74 65 20 61 20 2f 36 34 20 70 72 65 66 69 78 20 74 6f 20 69 6e 74 65 72 66 61 63	elegate.a./64.prefix.to.interfac
a6f20	65 20 65 74 68 38 20 77 68 69 63 68 20 77 69 6c 6c 20 75 73 65 20 61 20 6c 6f 63 61 6c 20 61 64	e.eth8.which.will.use.a.local.ad
a6f40	64 72 65 73 73 20 6f 6e 20 74 68 69 73 20 72 6f 75 74 65 72 20 6f 66 20 60 60 3c 70 72 65 66 69	dress.on.this.router.of.``<prefi
a6f60	78 3e 3a 3a 66 66 66 66 60 60 2c 20 61 73 20 74 68 65 20 61 64 64 72 65 73 73 20 36 35 35 33 34	x>::ffff``,.as.the.address.65534
a6f80	20 77 69 6c 6c 20 63 6f 72 72 65 73 70 6f 6e 64 20 74 6f 20 60 60 66 66 66 66 60 60 20 69 6e 20	.will.correspond.to.``ffff``.in.
a6fa0	68 65 78 61 64 65 63 69 6d 61 6c 20 6e 6f 74 61 74 69 6f 6e 2e 00 45 78 61 6d 70 6c 65 3a 20 46	hexadecimal.notation..Example:.F
a6fc0	6f 72 20 61 6e 20 7e 38 2c 30 30 30 20 68 6f 73 74 20 6e 65 74 77 6f 72 6b 20 61 20 73 6f 75 72	or.an.~8,000.host.network.a.sour
a6fe0	63 65 20 4e 41 54 20 70 6f 6f 6c 20 6f 66 20 33 32 20 49 50 20 61 64 64 72 65 73 73 65 73 20 69	ce.NAT.pool.of.32.IP.addresses.i
a7000	73 20 72 65 63 6f 6d 6d 65 6e 64 65 64 2e 00 45 78 61 6d 70 6c 65 3a 20 49 66 20 49 44 20 69 73	s.recommended..Example:.If.ID.is
a7020	20 31 20 61 6e 64 20 74 68 65 20 63 6c 69 65 6e 74 20 69 73 20 64 65 6c 65 67 61 74 65 64 20 61	.1.and.the.client.is.delegated.a
a7040	6e 20 49 50 76 36 20 70 72 65 66 69 78 20 32 30 30 31 3a 64 62 38 3a 66 66 66 66 3a 3a 2f 34 38	n.IPv6.prefix.2001:db8:ffff::/48
a7060	2c 20 64 68 63 70 36 63 20 77 69 6c 6c 20 63 6f 6d 62 69 6e 65 20 74 68 65 20 74 77 6f 20 76 61	,.dhcp6c.will.combine.the.two.va
a7080	6c 75 65 73 20 69 6e 74 6f 20 61 20 73 69 6e 67 6c 65 20 49 50 76 36 20 70 72 65 66 69 78 2c 20	lues.into.a.single.IPv6.prefix,.
a70a0	32 30 30 31 3a 64 62 38 3a 66 66 66 66 3a 31 3a 3a 2f 36 34 2c 20 61 6e 64 20 77 69 6c 6c 20 63	2001:db8:ffff:1::/64,.and.will.c
a70c0	6f 6e 66 69 67 75 72 65 20 74 68 65 20 70 72 65 66 69 78 20 6f 6e 20 74 68 65 20 73 70 65 63 69	onfigure.the.prefix.on.the.speci
a70e0	66 69 65 64 20 69 6e 74 65 72 66 61 63 65 2e 00 45 78 61 6d 70 6c 65 3a 20 4d 69 72 72 6f 72 20	fied.interface..Example:.Mirror.
a7100	74 68 65 20 69 6e 62 6f 75 6e 64 20 74 72 61 66 66 69 63 20 6f 66 20 60 62 6f 6e 64 31 60 20 70	the.inbound.traffic.of.`bond1`.p
a7120	6f 72 74 20 74 6f 20 60 65 74 68 33 60 00 45 78 61 6d 70 6c 65 3a 20 4d 69 72 72 6f 72 20 74 68	ort.to.`eth3`.Example:.Mirror.th
a7140	65 20 69 6e 62 6f 75 6e 64 20 74 72 61 66 66 69 63 20 6f 66 20 60 62 72 31 60 20 70 6f 72 74 20	e.inbound.traffic.of.`br1`.port.
a7160	74 6f 20 60 65 74 68 33 60 00 45 78 61 6d 70 6c 65 3a 20 4d 69 72 72 6f 72 20 74 68 65 20 69 6e	to.`eth3`.Example:.Mirror.the.in
a7180	62 6f 75 6e 64 20 74 72 61 66 66 69 63 20 6f 66 20 60 65 74 68 31 60 20 70 6f 72 74 20 74 6f 20	bound.traffic.of.`eth1`.port.to.
a71a0	60 65 74 68 33 60 00 45 78 61 6d 70 6c 65 3a 20 4d 69 72 72 6f 72 20 74 68 65 20 6f 75 74 62 6f	`eth3`.Example:.Mirror.the.outbo
a71c0	75 6e 64 20 74 72 61 66 66 69 63 20 6f 66 20 60 62 6f 6e 64 31 60 20 70 6f 72 74 20 74 6f 20 60	und.traffic.of.`bond1`.port.to.`
a71e0	65 74 68 33 60 00 45 78 61 6d 70 6c 65 3a 20 4d 69 72 72 6f 72 20 74 68 65 20 6f 75 74 62 6f 75	eth3`.Example:.Mirror.the.outbou
a7200	6e 64 20 74 72 61 66 66 69 63 20 6f 66 20 60 62 72 31 60 20 70 6f 72 74 20 74 6f 20 60 65 74 68	nd.traffic.of.`br1`.port.to.`eth
a7220	33 60 00 45 78 61 6d 70 6c 65 3a 20 4d 69 72 72 6f 72 20 74 68 65 20 6f 75 74 62 6f 75 6e 64 20	3`.Example:.Mirror.the.outbound.
a7240	74 72 61 66 66 69 63 20 6f 66 20 60 65 74 68 31 60 20 70 6f 72 74 20 74 6f 20 60 65 74 68 33 60	traffic.of.`eth1`.port.to.`eth3`
a7260	00 45 78 61 6d 70 6c 65 3a 20 53 65 74 20 60 65 74 68 30 60 20 6d 65 6d 62 65 72 20 70 6f 72 74	.Example:.Set.`eth0`.member.port
a7280	20 74 6f 20 62 65 20 61 6c 6c 6f 77 65 64 20 56 4c 41 4e 20 34 00 45 78 61 6d 70 6c 65 3a 20 53	.to.be.allowed.VLAN.4.Example:.S
a72a0	65 74 20 60 65 74 68 30 60 20 6d 65 6d 62 65 72 20 70 6f 72 74 20 74 6f 20 62 65 20 61 6c 6c 6f	et.`eth0`.member.port.to.be.allo
a72c0	77 65 64 20 56 4c 41 4e 20 36 2d 38 00 45 78 61 6d 70 6c 65 3a 20 53 65 74 20 60 65 74 68 30 60	wed.VLAN.6-8.Example:.Set.`eth0`
a72e0	20 6d 65 6d 62 65 72 20 70 6f 72 74 20 74 6f 20 62 65 20 6e 61 74 69 76 65 20 56 4c 41 4e 20 32	.member.port.to.be.native.VLAN.2
a7300	00 45 78 61 6d 70 6c 65 3a 20 74 6f 20 62 65 20 61 70 70 65 6e 64 65 64 20 69 73 20 73 65 74 20	.Example:.to.be.appended.is.set.
a7320	74 6f 20 60 60 76 79 6f 73 2e 6e 65 74 60 60 20 61 6e 64 20 74 68 65 20 55 52 4c 20 72 65 63 65	to.``vyos.net``.and.the.URL.rece
a7340	69 76 65 64 20 69 73 20 60 60 77 77 77 2f 66 6f 6f 2e 68 74 6d 6c 60 60 2c 20 74 68 65 20 73 79	ived.is.``www/foo.html``,.the.sy
a7360	73 74 65 6d 20 77 69 6c 6c 20 75 73 65 20 74 68 65 20 67 65 6e 65 72 61 74 65 64 2c 20 66 69 6e	stem.will.use.the.generated,.fin
a7380	61 6c 20 55 52 4c 20 6f 66 20 60 60 77 77 77 2e 76 79 6f 73 2e 6e 65 74 2f 66 6f 6f 2e 68 74 6d	al.URL.of.``www.vyos.net/foo.htm
a73a0	6c 60 60 2e 00 45 78 61 6d 70 6c 65 73 00 45 78 61 6d 70 6c 65 73 20 6f 66 20 70 6f 6c 69 63 69	l``..Examples.Examples.of.polici
a73c0	65 73 20 75 73 61 67 65 3a 00 45 78 61 6d 70 6c 65 73 3a 00 45 78 63 6c 75 64 65 20 49 50 20 61	es.usage:.Examples:.Exclude.IP.a
a73e0	64 64 72 65 73 73 65 73 20 66 72 6f 6d 20 60 60 56 52 52 50 20 70 61 63 6b 65 74 73 60 60 2e 20	ddresses.from.``VRRP.packets``..
a7400	54 68 69 73 20 6f 70 74 69 6f 6e 20 60 60 65 78 63 6c 75 64 65 64 2d 61 64 64 72 65 73 73 60 60	This.option.``excluded-address``
a7420	20 69 73 20 75 73 65 64 20 77 68 65 6e 20 79 6f 75 20 77 61 6e 74 20 74 6f 20 73 65 74 20 49 50	.is.used.when.you.want.to.set.IP
a7440	76 34 20 2b 20 49 50 76 36 20 61 64 64 72 65 73 73 65 73 20 6f 6e 20 74 68 65 20 73 61 6d 65 20	v4.+.IPv6.addresses.on.the.same.
a7460	76 69 72 74 75 61 6c 20 69 6e 74 65 72 66 61 63 65 20 6f 72 20 77 68 65 6e 20 75 73 65 64 20 6d	virtual.interface.or.when.used.m
a7480	6f 72 65 20 74 68 61 6e 20 32 30 20 49 50 20 61 64 64 72 65 73 73 65 73 2e 00 45 78 63 6c 75 64	ore.than.20.IP.addresses..Exclud
a74a0	65 20 61 64 64 72 65 73 73 00 45 78 63 6c 75 64 65 20 74 72 61 66 66 69 63 00 45 78 69 74 20 70	e.address.Exclude.traffic.Exit.p
a74c0	6f 6c 69 63 79 20 6f 6e 20 6d 61 74 63 68 3a 20 67 6f 20 74 6f 20 6e 65 78 74 20 73 65 71 75 65	olicy.on.match:.go.to.next.seque
a74e0	6e 63 65 20 6e 75 6d 62 65 72 2e 00 45 78 69 74 20 70 6f 6c 69 63 79 20 6f 6e 20 6d 61 74 63 68	nce.number..Exit.policy.on.match
a7500	3a 20 67 6f 20 74 6f 20 72 75 6c 65 20 3c 31 2d 36 35 35 33 35 3e 00 45 78 70 65 64 69 74 65 64	:.go.to.rule.<1-65535>.Expedited
a7520	20 66 6f 72 77 61 72 64 69 6e 67 20 28 45 46 29 00 45 78 70 6c 69 63 69 74 6c 79 20 64 65 63 6c	.forwarding.(EF).Explicitly.decl
a7540	61 72 65 20 49 44 20 66 6f 72 20 74 68 69 73 20 6d 69 6e 69 6f 6e 20 74 6f 20 75 73 65 20 28 64	are.ID.for.this.minion.to.use.(d
a7560	65 66 61 75 6c 74 3a 20 68 6f 73 74 6e 61 6d 65 29 00 45 78 74 65 72 6e 61 6c 20 44 48 43 50 76	efault:.hostname).External.DHCPv
a7580	36 20 73 65 72 76 65 72 20 69 73 20 61 74 20 32 30 30 31 3a 64 62 38 3a 3a 34 00 45 78 74 65 72	6.server.is.at.2001:db8::4.Exter
a75a0	6e 61 6c 20 52 6f 75 74 65 20 53 75 6d 6d 61 72 69 73 61 74 69 6f 6e 00 46 51 2d 43 6f 44 65 6c	nal.Route.Summarisation.FQ-CoDel
a75c0	00 46 51 2d 43 6f 44 65 6c 20 66 69 67 68 74 73 20 62 75 66 66 65 72 62 6c 6f 61 74 20 61 6e 64	.FQ-CoDel.fights.bufferbloat.and
a75e0	20 72 65 64 75 63 65 73 20 6c 61 74 65 6e 63 79 20 77 69 74 68 6f 75 74 20 74 68 65 20 6e 65 65	.reduces.latency.without.the.nee
a7600	64 20 6f 66 20 63 6f 6d 70 6c 65 78 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 73 2e 20 49 74 20	d.of.complex.configurations..It.
a7620	68 61 73 20 62 65 63 6f 6d 65 20 74 68 65 20 6e 65 77 20 64 65 66 61 75 6c 74 20 51 75 65 75 65	has.become.the.new.default.Queue
a7640	69 6e 67 20 44 69 73 63 69 70 6c 69 6e 65 20 66 6f 72 20 74 68 65 20 69 6e 74 65 72 66 61 63 65	ing.Discipline.for.the.interface
a7660	73 20 6f 66 20 73 6f 6d 65 20 47 4e 55 2f 4c 69 6e 75 78 20 64 69 73 74 72 69 62 75 74 69 6f 6e	s.of.some.GNU/Linux.distribution
a7680	73 2e 00 46 51 2d 43 6f 44 65 6c 20 69 73 20 62 61 73 65 64 20 6f 6e 20 61 20 6d 6f 64 69 66 69	s..FQ-CoDel.is.based.on.a.modifi
a76a0	65 64 20 44 65 66 69 63 69 74 20 52 6f 75 6e 64 20 52 6f 62 69 6e 20 28 44 52 52 5f 29 20 71 75	ed.Deficit.Round.Robin.(DRR_).qu
a76c0	65 75 65 20 73 63 68 65 64 75 6c 65 72 20 77 69 74 68 20 74 68 65 20 43 6f 44 65 6c 20 41 63 74	eue.scheduler.with.the.CoDel.Act
a76e0	69 76 65 20 51 75 65 75 65 20 4d 61 6e 61 67 65 6d 65 6e 74 20 28 41 51 4d 29 20 61 6c 67 6f 72	ive.Queue.Management.(AQM).algor
a7700	69 74 68 6d 20 6f 70 65 72 61 74 69 6e 67 20 6f 6e 20 65 61 63 68 20 71 75 65 75 65 2e 00 46 51	ithm.operating.on.each.queue..FQ
a7720	2d 43 6f 44 65 6c 20 69 73 20 74 75 6e 65 64 20 74 6f 20 72 75 6e 20 6f 6b 20 77 69 74 68 20 69	-CoDel.is.tuned.to.run.ok.with.i
a7740	74 73 20 64 65 66 61 75 6c 74 20 70 61 72 61 6d 65 74 65 72 73 20 61 74 20 31 30 47 62 69 74 20	ts.default.parameters.at.10Gbit.
a7760	73 70 65 65 64 73 2e 20 49 74 20 6d 69 67 68 74 20 77 6f 72 6b 20 6f 6b 20 74 6f 6f 20 61 74 20	speeds..It.might.work.ok.too.at.
a7780	6f 74 68 65 72 20 73 70 65 65 64 73 20 77 69 74 68 6f 75 74 20 63 6f 6e 66 69 67 75 72 69 6e 67	other.speeds.without.configuring
a77a0	20 61 6e 79 74 68 69 6e 67 2c 20 62 75 74 20 68 65 72 65 20 77 65 20 77 69 6c 6c 20 65 78 70 6c	.anything,.but.here.we.will.expl
a77c0	61 69 6e 20 73 6f 6d 65 20 63 61 73 65 73 20 77 68 65 6e 20 79 6f 75 20 6d 69 67 68 74 20 77 61	ain.some.cases.when.you.might.wa
a77e0	6e 74 20 74 6f 20 74 75 6e 65 20 69 74 73 20 70 61 72 61 6d 65 74 65 72 73 2e 00 46 51 2d 43 6f	nt.to.tune.its.parameters..FQ-Co
a7800	64 65 6c 20 69 73 20 61 20 6e 6f 6e 2d 73 68 61 70 69 6e 67 20 28 77 6f 72 6b 2d 63 6f 6e 73 65	del.is.a.non-shaping.(work-conse
a7820	72 76 69 6e 67 29 20 70 6f 6c 69 63 79 2c 20 73 6f 20 69 74 20 77 69 6c 6c 20 6f 6e 6c 79 20 62	rving).policy,.so.it.will.only.b
a7840	65 20 75 73 65 66 75 6c 20 69 66 20 79 6f 75 72 20 6f 75 74 67 6f 69 6e 67 20 69 6e 74 65 72 66	e.useful.if.your.outgoing.interf
a7860	61 63 65 20 69 73 20 72 65 61 6c 6c 79 20 66 75 6c 6c 2e 20 49 66 20 69 74 20 69 73 20 6e 6f 74	ace.is.really.full..If.it.is.not
a7880	2c 20 56 79 4f 53 20 77 69 6c 6c 20 6e 6f 74 20 6f 77 6e 20 74 68 65 20 71 75 65 75 65 20 61 6e	,.VyOS.will.not.own.the.queue.an
a78a0	64 20 46 51 2d 43 6f 64 65 6c 20 77 69 6c 6c 20 68 61 76 65 20 6e 6f 20 65 66 66 65 63 74 2e 20	d.FQ-Codel.will.have.no.effect..
a78c0	49 66 20 74 68 65 72 65 20 69 73 20 62 61 6e 64 77 69 64 74 68 20 61 76 61 69 6c 61 62 6c 65 20	If.there.is.bandwidth.available.
a78e0	6f 6e 20 74 68 65 20 70 68 79 73 69 63 61 6c 20 6c 69 6e 6b 2c 20 79 6f 75 20 63 61 6e 20 65 6d	on.the.physical.link,.you.can.em
a7900	62 65 64 5f 20 46 51 2d 43 6f 64 65 6c 20 69 6e 74 6f 20 61 20 63 6c 61 73 73 66 75 6c 20 73 68	bed_.FQ-Codel.into.a.classful.sh
a7920	61 70 69 6e 67 20 70 6f 6c 69 63 79 20 74 6f 20 6d 61 6b 65 20 73 75 72 65 20 69 74 20 6f 77 6e	aping.policy.to.make.sure.it.own
a7940	73 20 74 68 65 20 71 75 65 75 65 2e 20 49 66 20 79 6f 75 20 61 72 65 20 6e 6f 74 20 73 75 72 65	s.the.queue..If.you.are.not.sure
a7960	20 69 66 20 79 6f 75 20 6e 65 65 64 20 74 6f 20 65 6d 62 65 64 20 79 6f 75 72 20 46 51 2d 43 6f	.if.you.need.to.embed.your.FQ-Co
a7980	44 65 6c 20 70 6f 6c 69 63 79 20 69 6e 74 6f 20 61 20 53 68 61 70 65 72 2c 20 64 6f 20 69 74 2e	Del.policy.into.a.Shaper,.do.it.
a79a0	00 46 52 52 20 6f 66 66 65 72 73 20 6f 6e 6c 79 20 70 61 72 74 69 61 6c 20 73 75 70 70 6f 72 74	.FRR.offers.only.partial.support
a79c0	20 66 6f 72 20 73 6f 6d 65 20 6f 66 20 74 68 65 20 72 6f 75 74 69 6e 67 20 70 72 6f 74 6f 63 6f	.for.some.of.the.routing.protoco
a79e0	6c 20 65 78 74 65 6e 73 69 6f 6e 73 20 74 68 61 74 20 61 72 65 20 75 73 65 64 20 77 69 74 68 20	l.extensions.that.are.used.with.
a7a00	4d 50 4c 53 2d 54 45 3b 20 69 74 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 61 20 63	MPLS-TE;.it.does.not.support.a.c
a7a20	6f 6d 70 6c 65 74 65 20 52 53 56 50 2d 54 45 20 73 6f 6c 75 74 69 6f 6e 2e 00 46 52 52 20 73 75	omplete.RSVP-TE.solution..FRR.su
a7a40	70 70 6f 72 74 73 20 61 20 6e 65 77 20 77 61 79 20 6f 66 20 63 6f 6e 66 69 67 75 72 69 6e 67 20	pports.a.new.way.of.configuring.
a7a60	56 4c 41 4e 2d 74 6f 2d 56 4e 49 20 6d 61 70 70 69 6e 67 73 20 66 6f 72 20 45 56 50 4e 2d 56 58	VLAN-to-VNI.mappings.for.EVPN-VX
a7a80	4c 41 4e 2c 20 77 68 65 6e 20 77 6f 72 6b 69 6e 67 20 77 69 74 68 20 74 68 65 20 4c 69 6e 75 78	LAN,.when.working.with.the.Linux
a7aa0	20 6b 65 72 6e 65 6c 2e 20 49 6e 20 74 68 69 73 20 6e 65 77 20 77 61 79 2c 20 74 68 65 20 6d 61	.kernel..In.this.new.way,.the.ma
a7ac0	70 70 69 6e 67 20 6f 66 20 61 20 56 4c 41 4e 20 74 6f 20 61 20 3a 61 62 62 72 3a 60 56 4e 49 20	pping.of.a.VLAN.to.a.:abbr:`VNI.
a7ae0	28 56 58 4c 41 4e 20 4e 65 74 77 6f 72 6b 20 49 64 65 6e 74 69 66 69 65 72 20 28 6f 72 20 56 58	(VXLAN.Network.Identifier.(or.VX
a7b00	4c 41 4e 20 53 65 67 6d 65 6e 74 20 49 44 29 29 60 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20	LAN.Segment.ID))`.is.configured.
a7b20	61 67 61 69 6e 73 74 20 61 20 63 6f 6e 74 61 69 6e 65 72 20 56 58 4c 41 4e 20 69 6e 74 65 72 66	against.a.container.VXLAN.interf
a7b40	61 63 65 20 77 68 69 63 68 20 69 73 20 72 65 66 65 72 72 65 64 20 74 6f 20 61 73 20 61 20 3a 61	ace.which.is.referred.to.as.a.:a
a7b60	62 62 72 3a 60 53 56 44 20 28 53 69 6e 67 6c 65 20 56 58 4c 41 4e 20 64 65 76 69 63 65 29 60 2e	bbr:`SVD.(Single.VXLAN.device)`.
a7b80	00 46 54 50 20 64 61 65 6d 6f 6e 00 46 61 63 69 6c 69 74 69 65 73 00 46 61 63 69 6c 69 74 69 65	.FTP.daemon.Facilities.Facilitie
a7ba0	73 20 63 61 6e 20 62 65 20 61 64 6a 75 73 74 65 64 20 74 6f 20 6d 65 65 74 20 74 68 65 20 6e 65	s.can.be.adjusted.to.meet.the.ne
a7bc0	65 64 73 20 6f 66 20 74 68 65 20 75 73 65 72 3a 00 46 61 63 69 6c 69 74 79 20 43 6f 64 65 00 46	eds.of.the.user:.Facility.Code.F
a7be0	61 69 6c 6f 76 65 72 00 46 61 69 6c 6f 76 65 72 20 52 6f 75 74 65 73 00 46 61 69 6c 6f 76 65 72	ailover.Failover.Routes.Failover
a7c00	20 6d 65 63 68 61 6e 69 73 6d 20 74 6f 20 75 73 65 20 66 6f 72 20 63 6f 6e 6e 74 72 61 63 6b 2d	.mechanism.to.use.for.conntrack-
a7c20	73 79 6e 63 2e 00 46 61 69 6c 6f 76 65 72 20 72 6f 75 74 65 73 20 61 72 65 20 6d 61 6e 75 61 6c	sync..Failover.routes.are.manual
a7c40	6c 79 20 63 6f 6e 66 69 67 75 72 65 64 20 72 6f 75 74 65 73 2c 20 62 75 74 20 74 68 65 79 20 69	ly.configured.routes,.but.they.i
a7c60	6e 73 74 61 6c 6c 20 74 6f 20 74 68 65 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 20 69 66 20 74	nstall.to.the.routing.table.if.t
a7c80	68 65 20 68 65 61 6c 74 68 2d 63 68 65 63 6b 20 74 61 72 67 65 74 20 69 73 20 61 6c 69 76 65 2e	he.health-check.target.is.alive.
a7ca0	20 49 66 20 74 68 65 20 74 61 72 67 65 74 20 69 73 20 6e 6f 74 20 61 6c 69 76 65 20 74 68 65 20	.If.the.target.is.not.alive.the.
a7cc0	72 6f 75 74 65 20 69 73 20 72 65 6d 6f 76 65 64 20 66 72 6f 6d 20 74 68 65 20 72 6f 75 74 69 6e	route.is.removed.from.the.routin
a7ce0	67 20 74 61 62 6c 65 20 75 6e 74 69 6c 20 74 68 65 20 74 61 72 67 65 74 20 77 69 6c 6c 20 62 65	g.table.until.the.target.will.be
a7d00	20 61 76 61 69 6c 61 62 6c 65 2e 00 46 61 69 72 20 51 75 65 75 65 00 46 61 69 72 20 51 75 65 75	.available..Fair.Queue.Fair.Queu
a7d20	65 20 69 73 20 61 20 6e 6f 6e 2d 73 68 61 70 69 6e 67 20 28 77 6f 72 6b 2d 63 6f 6e 73 65 72 76	e.is.a.non-shaping.(work-conserv
a7d40	69 6e 67 29 20 70 6f 6c 69 63 79 2c 20 73 6f 20 69 74 20 77 69 6c 6c 20 6f 6e 6c 79 20 62 65 20	ing).policy,.so.it.will.only.be.
a7d60	75 73 65 66 75 6c 20 69 66 20 79 6f 75 72 20 6f 75 74 67 6f 69 6e 67 20 69 6e 74 65 72 66 61 63	useful.if.your.outgoing.interfac
a7d80	65 20 69 73 20 72 65 61 6c 6c 79 20 66 75 6c 6c 2e 20 49 66 20 69 74 20 69 73 20 6e 6f 74 2c 20	e.is.really.full..If.it.is.not,.
a7da0	56 79 4f 53 20 77 69 6c 6c 20 6e 6f 74 20 6f 77 6e 20 74 68 65 20 71 75 65 75 65 20 61 6e 64 20	VyOS.will.not.own.the.queue.and.
a7dc0	46 61 69 72 20 51 75 65 75 65 20 77 69 6c 6c 20 68 61 76 65 20 6e 6f 20 65 66 66 65 63 74 2e 20	Fair.Queue.will.have.no.effect..
a7de0	49 66 20 74 68 65 72 65 20 69 73 20 62 61 6e 64 77 69 64 74 68 20 61 76 61 69 6c 61 62 6c 65 20	If.there.is.bandwidth.available.
a7e00	6f 6e 20 74 68 65 20 70 68 79 73 69 63 61 6c 20 6c 69 6e 6b 2c 20 79 6f 75 20 63 61 6e 20 65 6d	on.the.physical.link,.you.can.em
a7e20	62 65 64 5f 20 46 61 69 72 2d 51 75 65 75 65 20 69 6e 74 6f 20 61 20 63 6c 61 73 73 66 75 6c 20	bed_.Fair-Queue.into.a.classful.
a7e40	73 68 61 70 69 6e 67 20 70 6f 6c 69 63 79 20 74 6f 20 6d 61 6b 65 20 73 75 72 65 20 69 74 20 6f	shaping.policy.to.make.sure.it.o
a7e60	77 6e 73 20 74 68 65 20 71 75 65 75 65 2e 00 46 61 69 72 20 51 75 65 75 65 20 69 73 20 61 20 77	wns.the.queue..Fair.Queue.is.a.w
a7e80	6f 72 6b 2d 63 6f 6e 73 65 72 76 69 6e 67 20 73 63 68 65 64 75 6c 65 72 20 77 68 69 63 68 20 73	ork-conserving.scheduler.which.s
a7ea0	63 68 65 64 75 6c 65 73 20 74 68 65 20 74 72 61 6e 73 6d 69 73 73 69 6f 6e 20 6f 66 20 70 61 63	chedules.the.transmission.of.pac
a7ec0	6b 65 74 73 20 62 61 73 65 64 20 6f 6e 20 66 6c 6f 77 73 2c 20 74 68 61 74 20 69 73 2c 20 69 74	kets.based.on.flows,.that.is,.it
a7ee0	20 62 61 6c 61 6e 63 65 73 20 74 72 61 66 66 69 63 20 64 69 73 74 72 69 62 75 74 69 6e 67 20 69	.balances.traffic.distributing.i
a7f00	74 20 74 68 72 6f 75 67 68 20 64 69 66 66 65 72 65 6e 74 20 73 75 62 2d 71 75 65 75 65 73 20 69	t.through.different.sub-queues.i
a7f20	6e 20 6f 72 64 65 72 20 74 6f 20 65 6e 73 75 72 65 20 66 61 69 72 6e 65 73 73 20 73 6f 20 74 68	n.order.to.ensure.fairness.so.th
a7f40	61 74 20 65 61 63 68 20 66 6c 6f 77 20 69 73 20 61 62 6c 65 20 74 6f 20 73 65 6e 64 20 64 61 74	at.each.flow.is.able.to.send.dat
a7f60	61 20 69 6e 20 74 75 72 6e 2c 20 70 72 65 76 65 6e 74 69 6e 67 20 61 6e 79 20 73 69 6e 67 6c 65	a.in.turn,.preventing.any.single
a7f80	20 6f 6e 65 20 66 72 6f 6d 20 64 72 6f 77 6e 69 6e 67 20 6f 75 74 20 74 68 65 20 72 65 73 74 2e	.one.from.drowning.out.the.rest.
a7fa0	00 46 65 61 74 75 72 65 73 20 6f 66 20 74 68 65 20 43 75 72 72 65 6e 74 20 49 6d 70 6c 65 6d 65	.Features.of.the.Current.Impleme
a7fc0	6e 74 61 74 69 6f 6e 00 46 69 65 6c 64 00 46 69 6c 65 20 69 64 65 6e 74 69 66 69 65 64 20 62 79	ntation.Field.File.identified.by
a7fe0	20 60 3c 6b 65 79 66 69 6c 65 3e 60 20 63 6f 6e 74 61 69 6e 69 6e 67 20 74 68 65 20 73 65 63 72	.`<keyfile>`.containing.the.secr
a8000	65 74 20 52 4e 44 43 20 6b 65 79 20 73 68 61 72 65 64 20 77 69 74 68 20 72 65 6d 6f 74 65 20 44	et.RNDC.key.shared.with.remote.D
a8020	4e 53 20 73 65 72 76 65 72 2e 00 46 69 6c 74 65 72 20 54 79 70 65 2d 33 20 73 75 6d 6d 61 72 79	NS.server..Filter.Type-3.summary
a8040	2d 4c 53 41 73 20 61 6e 6e 6f 75 6e 63 65 64 20 74 6f 20 6f 74 68 65 72 20 61 72 65 61 73 20 6f	-LSAs.announced.to.other.areas.o
a8060	72 69 67 69 6e 61 74 65 64 20 66 72 6f 6d 20 69 6e 74 72 61 2d 20 61 72 65 61 20 70 61 74 68 73	riginated.from.intra-.area.paths
a8080	20 66 72 6f 6d 20 73 70 65 63 69 66 69 65 64 20 61 72 65 61 2e 20 54 68 69 73 20 63 6f 6d 6d 61	.from.specified.area..This.comma
a80a0	6e 64 20 6d 61 6b 65 73 20 73 65 6e 73 65 20 69 6e 20 41 42 52 20 6f 6e 6c 79 2e 00 46 69 6c 74	nd.makes.sense.in.ABR.only..Filt
a80c0	65 72 20 74 72 61 66 66 69 63 20 62 61 73 65 64 20 6f 6e 20 73 6f 75 72 63 65 2f 64 65 73 74 69	er.traffic.based.on.source/desti
a80e0	6e 61 74 69 6f 6e 20 61 64 64 72 65 73 73 2e 00 46 69 6c 74 65 72 2d 49 64 3d 32 30 30 30 2f 33	nation.address..Filter-Id=2000/3
a8100	30 30 30 20 28 6d 65 61 6e 73 20 32 30 30 30 4b 62 69 74 20 64 6f 77 6e 2d 73 74 72 65 61 6d 20	000.(means.2000Kbit.down-stream.
a8120	72 61 74 65 20 61 6e 64 20 33 30 30 30 4b 62 69 74 20 75 70 2d 73 74 72 65 61 6d 20 72 61 74 65	rate.and.3000Kbit.up-stream.rate
a8140	29 00 46 69 6c 74 65 72 2d 49 64 3d 35 30 30 30 2f 34 30 30 30 20 28 6d 65 61 6e 73 20 35 30 30	).Filter-Id=5000/4000.(means.500
a8160	30 4b 62 69 74 20 64 6f 77 6e 2d 73 74 72 65 61 6d 20 72 61 74 65 20 61 6e 64 20 34 30 30 30 4b	0Kbit.down-stream.rate.and.4000K
a8180	62 69 74 20 75 70 2d 73 74 72 65 61 6d 20 72 61 74 65 29 20 49 66 20 61 74 74 72 69 62 75 74 65	bit.up-stream.rate).If.attribute
a81a0	20 46 69 6c 74 65 72 2d 49 64 20 72 65 64 65 66 69 6e 65 64 2c 20 72 65 70 6c 61 63 65 20 69 74	.Filter-Id.redefined,.replace.it
a81c0	20 69 6e 20 52 41 44 49 55 53 20 43 6f 41 20 72 65 71 75 65 73 74 2e 00 46 69 6c 74 65 72 69 6e	.in.RADIUS.CoA.request..Filterin
a81e0	67 00 46 69 6c 74 65 72 69 6e 67 20 69 73 20 75 73 65 64 20 66 6f 72 20 62 6f 74 68 20 69 6e 70	g.Filtering.is.used.for.both.inp
a8200	75 74 20 61 6e 64 20 6f 75 74 70 75 74 20 6f 66 20 74 68 65 20 72 6f 75 74 69 6e 67 20 69 6e 66	ut.and.output.of.the.routing.inf
a8220	6f 72 6d 61 74 69 6f 6e 2e 20 4f 6e 63 65 20 66 69 6c 74 65 72 69 6e 67 20 69 73 20 64 65 66 69	ormation..Once.filtering.is.defi
a8240	6e 65 64 2c 20 69 74 20 63 61 6e 20 62 65 20 61 70 70 6c 69 65 64 20 69 6e 20 61 6e 79 20 64 69	ned,.it.can.be.applied.in.any.di
a8260	72 65 63 74 69 6f 6e 2e 20 56 79 4f 53 20 6d 61 6b 65 73 20 66 69 6c 74 65 72 69 6e 67 20 70 6f	rection..VyOS.makes.filtering.po
a8280	73 73 69 62 6c 65 20 75 73 69 6e 67 20 61 63 6c 73 20 61 6e 64 20 70 72 65 66 69 78 20 6c 69 73	ssible.using.acls.and.prefix.lis
a82a0	74 73 2e 00 46 69 6e 61 6c 6c 79 2c 20 74 6f 20 61 70 70 6c 79 20 74 68 65 20 70 6f 6c 69 63 79	ts..Finally,.to.apply.the.policy
a82c0	20 72 6f 75 74 65 20 74 6f 20 69 6e 67 72 65 73 73 20 74 72 61 66 66 69 63 20 6f 6e 20 6f 75 72	.route.to.ingress.traffic.on.our
a82e0	20 4c 41 4e 20 69 6e 74 65 72 66 61 63 65 2c 20 77 65 20 75 73 65 3a 00 46 69 72 65 77 61 6c 6c	.LAN.interface,.we.use:.Firewall
a8300	00 46 69 72 65 77 61 6c 6c 20 44 65 73 63 72 69 70 74 69 6f 6e 00 46 69 72 65 77 61 6c 6c 20 45	.Firewall.Description.Firewall.E
a8320	78 63 65 70 74 69 6f 6e 73 00 46 69 72 65 77 61 6c 6c 20 4c 6f 67 73 00 46 69 72 65 77 61 6c 6c	xceptions.Firewall.Logs.Firewall
a8340	20 52 75 6c 65 73 00 46 69 72 65 77 61 6c 6c 20 67 72 6f 75 70 73 20 72 65 70 72 65 73 65 6e 74	.Rules.Firewall.groups.represent
a8360	20 63 6f 6c 6c 65 63 74 69 6f 6e 73 20 6f 66 20 49 50 20 61 64 64 72 65 73 73 65 73 2c 20 6e 65	.collections.of.IP.addresses,.ne
a8380	74 77 6f 72 6b 73 2c 20 70 6f 72 74 73 2c 20 6d 61 63 20 61 64 64 72 65 73 73 65 73 20 6f 72 20	tworks,.ports,.mac.addresses.or.
a83a0	64 6f 6d 61 69 6e 73 2e 20 4f 6e 63 65 20 63 72 65 61 74 65 64 2c 20 61 20 67 72 6f 75 70 20 63	domains..Once.created,.a.group.c
a83c0	61 6e 20 62 65 20 72 65 66 65 72 65 6e 63 65 64 20 62 79 20 66 69 72 65 77 61 6c 6c 2c 20 6e 61	an.be.referenced.by.firewall,.na
a83e0	74 20 61 6e 64 20 70 6f 6c 69 63 79 20 72 6f 75 74 65 20 72 75 6c 65 73 20 61 73 20 65 69 74 68	t.and.policy.route.rules.as.eith
a8400	65 72 20 61 20 73 6f 75 72 63 65 20 6f 72 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 6d 61 74 63 68	er.a.source.or.destination.match
a8420	65 72 2e 20 4d 65 6d 62 65 72 73 20 63 61 6e 20 62 65 20 61 64 64 65 64 20 6f 72 20 72 65 6d 6f	er..Members.can.be.added.or.remo
a8440	76 65 64 20 66 72 6f 6d 20 61 20 67 72 6f 75 70 20 77 69 74 68 6f 75 74 20 63 68 61 6e 67 65 73	ved.from.a.group.without.changes
a8460	20 74 6f 2c 20 6f 72 20 74 68 65 20 6e 65 65 64 20 74 6f 20 72 65 6c 6f 61 64 2c 20 69 6e 64 69	.to,.or.the.need.to.reload,.indi
a8480	76 69 64 75 61 6c 20 66 69 72 65 77 61 6c 6c 20 72 75 6c 65 73 2e 00 46 69 72 65 77 61 6c 6c 20	vidual.firewall.rules..Firewall.
a84a0	67 72 6f 75 70 73 20 72 65 70 72 65 73 65 6e 74 20 63 6f 6c 6c 65 63 74 69 6f 6e 73 20 6f 66 20	groups.represent.collections.of.
a84c0	49 50 20 61 64 64 72 65 73 73 65 73 2c 20 6e 65 74 77 6f 72 6b 73 2c 20 70 6f 72 74 73 2c 20 6d	IP.addresses,.networks,.ports,.m
a84e0	61 63 20 61 64 64 72 65 73 73 65 73 2c 20 64 6f 6d 61 69 6e 73 20 6f 72 20 69 6e 74 65 72 66 61	ac.addresses,.domains.or.interfa
a8500	63 65 73 2e 20 4f 6e 63 65 20 63 72 65 61 74 65 64 2c 20 61 20 67 72 6f 75 70 20 63 61 6e 20 62	ces..Once.created,.a.group.can.b
a8520	65 20 72 65 66 65 72 65 6e 63 65 64 20 62 79 20 66 69 72 65 77 61 6c 6c 2c 20 6e 61 74 20 61 6e	e.referenced.by.firewall,.nat.an
a8540	64 20 70 6f 6c 69 63 79 20 72 6f 75 74 65 20 72 75 6c 65 73 20 61 73 20 65 69 74 68 65 72 20 61	d.policy.route.rules.as.either.a
a8560	20 73 6f 75 72 63 65 20 6f 72 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 6d 61 74 63 68 65 72 2c 20	.source.or.destination.matcher,.
a8580	61 6e 64 20 61 73 20 69 6e 62 70 75 6e 64 2f 6f 75 74 62 6f 75 6e 64 20 69 6e 20 74 68 65 20 63	and.as.inbpund/outbound.in.the.c
a85a0	61 73 65 20 6f 66 20 69 6e 74 65 72 66 61 63 65 20 67 72 6f 75 70 2e 00 46 69 72 65 77 61 6c 6c	ase.of.interface.group..Firewall
a85c0	20 6d 61 72 6b 2e 20 49 74 20 70 6f 73 73 69 62 6c 65 20 74 6f 20 6c 6f 61 64 62 61 6c 61 6e 63	.mark..It.possible.to.loadbalanc
a85e0	69 6e 67 20 74 72 61 66 66 69 63 20 62 61 73 65 64 20 6f 6e 20 60 60 66 77 6d 61 72 6b 60 60 20	ing.traffic.based.on.``fwmark``.
a8600	76 61 6c 75 65 00 46 69 72 65 77 61 6c 6c 20 70 6f 6c 69 63 79 20 63 61 6e 20 61 6c 73 6f 20 62	value.Firewall.policy.can.also.b
a8620	65 20 61 70 70 6c 69 65 64 20 74 6f 20 74 68 65 20 74 75 6e 6e 65 6c 20 69 6e 74 65 72 66 61 63	e.applied.to.the.tunnel.interfac
a8640	65 20 66 6f 72 20 60 6c 6f 63 61 6c 60 2c 20 60 69 6e 60 2c 20 61 6e 64 20 60 6f 75 74 60 20 64	e.for.`local`,.`in`,.and.`out`.d
a8660	69 72 65 63 74 69 6f 6e 73 20 61 6e 64 20 66 75 6e 63 74 69 6f 6e 73 20 69 64 65 6e 74 69 63 61	irections.and.functions.identica
a8680	6c 6c 79 20 74 6f 20 65 74 68 65 72 6e 65 74 20 69 6e 74 65 72 66 61 63 65 73 2e 00 46 69 72 65	lly.to.ethernet.interfaces..Fire
a86a0	77 61 6c 6c 20 72 75 6c 65 73 20 61 72 65 20 77 72 69 74 74 65 6e 20 61 73 20 6e 6f 72 6d 61 6c	wall.rules.are.written.as.normal
a86c0	2c 20 75 73 69 6e 67 20 74 68 65 20 69 6e 74 65 72 6e 61 6c 20 49 50 20 61 64 64 72 65 73 73 20	,.using.the.internal.IP.address.
a86e0	61 73 20 74 68 65 20 73 6f 75 72 63 65 20 6f 66 20 6f 75 74 62 6f 75 6e 64 20 72 75 6c 65 73 20	as.the.source.of.outbound.rules.
a8700	61 6e 64 20 74 68 65 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 6f 66 20 69 6e 62 6f 75 6e 64 20 72	and.the.destination.of.inbound.r
a8720	75 6c 65 73 2e 00 46 69 72 65 77 61 6c 6c 2d 4c 65 67 61 63 79 00 46 69 72 6d 77 61 72 65 20 55	ules..Firewall-Legacy.Firmware.U
a8740	70 64 61 74 65 00 46 69 72 73 74 20 68 6f 70 20 69 6e 74 65 72 66 61 63 65 20 6f 66 20 61 20 72	pdate.First.hop.interface.of.a.r
a8760	6f 75 74 65 20 74 6f 20 6d 61 74 63 68 2e 00 46 69 72 73 74 20 6f 66 20 61 6c 6c 20 79 6f 75 20	oute.to.match..First.of.all.you.
a8780	6d 75 73 74 20 63 6f 6e 66 69 67 75 72 65 20 42 47 50 20 72 6f 75 74 65 72 20 77 69 74 68 20 74	must.configure.BGP.router.with.t
a87a0	68 65 20 3a 61 62 62 72 3a 60 41 53 4e 20 28 41 75 74 6f 6e 6f 6d 6f 75 73 20 53 79 73 74 65 6d	he.:abbr:`ASN.(Autonomous.System
a87c0	20 4e 75 6d 62 65 72 29 60 2e 20 54 68 65 20 41 53 20 6e 75 6d 62 65 72 20 69 73 20 61 6e 20 69	.Number)`..The.AS.number.is.an.i
a87e0	64 65 6e 74 69 66 69 65 72 20 66 6f 72 20 74 68 65 20 61 75 74 6f 6e 6f 6d 6f 75 73 20 73 79 73	dentifier.for.the.autonomous.sys
a8800	74 65 6d 2e 20 54 68 65 20 42 47 50 20 70 72 6f 74 6f 63 6f 6c 20 75 73 65 73 20 74 68 65 20 41	tem..The.BGP.protocol.uses.the.A
a8820	53 20 6e 75 6d 62 65 72 20 66 6f 72 20 64 65 74 65 63 74 69 6e 67 20 77 68 65 74 68 65 72 20 74	S.number.for.detecting.whether.t
a8840	68 65 20 42 47 50 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 69 73 20 69 6e 74 65 72 6e 61 6c 20 6f 72	he.BGP.connection.is.internal.or
a8860	20 65 78 74 65 72 6e 61 6c 2e 20 56 79 4f 53 20 64 6f 65 73 20 6e 6f 74 20 68 61 76 65 20 61 20	.external..VyOS.does.not.have.a.
a8880	73 70 65 63 69 61 6c 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 73 74 61 72 74 20 74 68 65 20 42 47 50	special.command.to.start.the.BGP
a88a0	20 70 72 6f 63 65 73 73 2e 20 54 68 65 20 42 47 50 20 70 72 6f 63 65 73 73 20 73 74 61 72 74 73	.process..The.BGP.process.starts
a88c0	20 77 68 65 6e 20 74 68 65 20 66 69 72 73 74 20 6e 65 69 67 68 62 6f 72 20 69 73 20 63 6f 6e 66	.when.the.first.neighbor.is.conf
a88e0	69 67 75 72 65 64 2e 00 46 69 72 73 74 20 73 63 65 6e 61 72 69 6f 3a 20 61 70 70 6c 79 20 64 65	igured..First.scenario:.apply.de
a8900	73 74 69 6e 61 74 69 6f 6e 20 4e 41 54 20 66 6f 72 20 61 6c 6c 20 48 54 54 50 20 74 72 61 66 66	stination.NAT.for.all.HTTP.traff
a8920	69 63 20 63 6f 6d 6d 69 6e 67 20 74 68 72 6f 75 67 68 20 69 6e 74 65 72 66 61 63 65 20 65 74 68	ic.comming.through.interface.eth
a8940	30 2c 20 61 6e 64 20 75 73 65 72 20 34 20 62 61 63 6b 65 6e 64 73 2e 20 46 69 72 73 74 20 62 61	0,.and.user.4.backends..First.ba
a8960	63 6b 65 6e 64 20 73 68 6f 75 6c 64 20 72 65 63 65 69 76 65 64 20 33 30 25 20 6f 66 20 74 68 65	ckend.should.received.30%.of.the
a8980	20 72 65 71 75 65 73 74 2c 20 73 65 63 6f 6e 64 20 62 61 63 6b 65 6e 64 20 73 68 6f 75 6c 64 20	.request,.second.backend.should.
a89a0	67 65 74 20 32 30 25 2c 20 74 68 69 72 64 20 31 35 25 20 61 6e 64 20 74 68 65 20 66 6f 75 72 74	get.20%,.third.15%.and.the.fourt
a89c0	68 20 33 35 25 20 57 65 20 77 69 6c 6c 20 75 73 65 20 73 6f 75 72 63 65 20 61 6e 64 20 64 65 73	h.35%.We.will.use.source.and.des
a89e0	74 69 6e 61 74 69 6f 6e 20 61 64 64 72 65 73 73 20 66 6f 72 20 68 61 73 68 20 67 65 6e 65 72 61	tination.address.for.hash.genera
a8a00	74 69 6f 6e 2e 00 46 69 72 73 74 20 73 74 65 70 73 00 46 69 72 73 74 20 74 68 65 20 4f 54 50 20	tion..First.steps.First.the.OTP.
a8a20	6b 65 79 73 20 6d 75 73 74 20 62 65 20 67 65 6e 65 72 61 74 65 64 20 61 6e 64 20 73 65 6e 74 20	keys.must.be.generated.and.sent.
a8a40	74 6f 20 74 68 65 20 75 73 65 72 20 61 6e 64 20 74 6f 20 74 68 65 20 63 6f 6e 66 69 67 75 72 61	to.the.user.and.to.the.configura
a8a60	74 69 6f 6e 3a 00 46 69 72 73 74 20 77 65 20 6e 65 65 64 20 74 6f 20 73 70 65 63 69 66 79 20 74	tion:.First.we.need.to.specify.t
a8a80	68 65 20 62 61 73 69 63 20 73 65 74 74 69 6e 67 73 2e 20 31 31 39 34 2f 55 44 50 20 69 73 20 74	he.basic.settings..1194/UDP.is.t
a8aa0	68 65 20 64 65 66 61 75 6c 74 2e 20 54 68 65 20 60 60 70 65 72 73 69 73 74 65 6e 74 2d 74 75 6e	he.default..The.``persistent-tun
a8ac0	6e 65 6c 60 60 20 6f 70 74 69 6f 6e 20 69 73 20 72 65 63 6f 6d 6d 65 6e 64 65 64 2c 20 69 74 20	nel``.option.is.recommended,.it.
a8ae0	70 72 65 76 65 6e 74 73 20 74 68 65 20 54 55 4e 2f 54 41 50 20 64 65 76 69 63 65 20 66 72 6f 6d	prevents.the.TUN/TAP.device.from
a8b00	20 63 6c 6f 73 69 6e 67 20 6f 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 72 65 73 65 74 73 20 6f 72	.closing.on.connection.resets.or
a8b20	20 64 61 65 6d 6f 6e 20 72 65 6c 6f 61 64 73 2e 00 46 69 72 73 74 20 79 6f 75 20 77 69 6c 6c 20	.daemon.reloads..First.you.will.
a8b40	6e 65 65 64 20 74 6f 20 64 65 70 6c 6f 79 20 61 6e 20 52 50 4b 49 20 76 61 6c 69 64 61 74 6f 72	need.to.deploy.an.RPKI.validator
a8b60	20 66 6f 72 20 79 6f 75 72 20 72 6f 75 74 65 72 73 20 74 6f 20 75 73 65 2e 20 54 68 65 20 52 49	.for.your.routers.to.use..The.RI
a8b80	50 45 20 4e 43 43 20 68 65 6c 70 66 75 6c 6c 79 20 70 72 6f 76 69 64 65 20 60 73 6f 6d 65 20 69	PE.NCC.helpfully.provide.`some.i
a8ba0	6e 73 74 72 75 63 74 69 6f 6e 73 60 5f 20 74 6f 20 67 65 74 20 79 6f 75 20 73 74 61 72 74 65 64	nstructions`_.to.get.you.started
a8bc0	20 77 69 74 68 20 73 65 76 65 72 61 6c 20 64 69 66 66 65 72 65 6e 74 20 6f 70 74 69 6f 6e 73 2e	.with.several.different.options.
a8be0	20 20 4f 6e 63 65 20 79 6f 75 72 20 73 65 72 76 65 72 20 69 73 20 72 75 6e 6e 69 6e 67 20 79 6f	..Once.your.server.is.running.yo
a8c00	75 20 63 61 6e 20 73 74 61 72 74 20 76 61 6c 69 64 61 74 69 6e 67 20 61 6e 6e 6f 75 6e 63 65 6d	u.can.start.validating.announcem
a8c20	65 6e 74 73 2e 00 46 69 72 73 74 2c 20 6f 6e 20 62 6f 74 68 20 72 6f 75 74 65 72 73 20 72 75 6e	ents..First,.on.both.routers.run
a8c40	20 74 68 65 20 6f 70 65 72 61 74 69 6f 6e 61 6c 20 63 6f 6d 6d 61 6e 64 20 22 67 65 6e 65 72 61	.the.operational.command."genera
a8c60	74 65 20 70 6b 69 20 6b 65 79 2d 70 61 69 72 20 69 6e 73 74 61 6c 6c 20 3c 6b 65 79 2d 70 61 69	te.pki.key-pair.install.<key-pai
a8c80	72 20 6e 61 6d 3e 3e 22 2e 20 59 6f 75 20 6d 61 79 20 63 68 6f 6f 73 65 20 64 69 66 66 65 72 65	r.nam>>"..You.may.choose.differe
a8ca0	6e 74 20 6c 65 6e 67 74 68 20 74 68 61 6e 20 32 30 34 38 20 6f 66 20 63 6f 75 72 73 65 2e 00 46	nt.length.than.2048.of.course..F
a8cc0	69 72 73 74 2c 20 6f 6e 20 62 6f 74 68 20 72 6f 75 74 65 72 73 20 72 75 6e 20 74 68 65 20 6f 70	irst,.on.both.routers.run.the.op
a8ce0	65 72 61 74 69 6f 6e 61 6c 20 63 6f 6d 6d 61 6e 64 20 22 67 65 6e 65 72 61 74 65 20 70 6b 69 20	erational.command."generate.pki.
a8d00	6b 65 79 2d 70 61 69 72 20 69 6e 73 74 61 6c 6c 20 3c 6b 65 79 2d 70 61 69 72 20 6e 61 6d 65 3e	key-pair.install.<key-pair.name>
a8d20	22 2e 20 59 6f 75 20 6d 61 79 20 63 68 6f 6f 73 65 20 64 69 66 66 65 72 65 6e 74 20 6c 65 6e 67	"..You.may.choose.different.leng
a8d40	74 68 20 74 68 61 6e 20 32 30 34 38 20 6f 66 20 63 6f 75 72 73 65 2e 00 46 69 72 73 74 2c 20 6f	th.than.2048.of.course..First,.o
a8d60	6e 65 20 6f 66 20 74 68 65 20 73 79 73 74 65 6d 73 20 67 65 6e 65 72 61 74 65 20 74 68 65 20 6b	ne.of.the.systems.generate.the.k
a8d80	65 79 20 75 73 69 6e 67 20 74 68 65 20 3a 72 65 66 3a 60 67 65 6e 65 72 61 74 65 20 70 6b 69 20	ey.using.the.:ref:`generate.pki.
a8da0	6f 70 65 6e 76 70 6e 20 73 68 61 72 65 64 2d 73 65 63 72 65 74 3c 63 6f 6e 66 69 67 75 72 61 74	openvpn.shared-secret<configurat
a8dc0	69 6f 6e 2f 70 6b 69 2f 69 6e 64 65 78 3a 70 6b 69 3e 60 20 63 6f 6d 6d 61 6e 64 2e 20 4f 6e 63	ion/pki/index:pki>`.command..Onc
a8de0	65 20 67 65 6e 65 72 61 74 65 64 2c 20 79 6f 75 20 77 69 6c 6c 20 6e 65 65 64 20 74 6f 20 69 6e	e.generated,.you.will.need.to.in
a8e00	73 74 61 6c 6c 20 74 68 69 73 20 6b 65 79 20 6f 6e 20 74 68 65 20 6c 6f 63 61 6c 20 73 79 73 74	stall.this.key.on.the.local.syst
a8e20	65 6d 2c 20 74 68 65 6e 20 63 6f 70 79 20 61 6e 64 20 69 6e 73 74 61 6c 6c 20 74 68 69 73 20 6b	em,.then.copy.and.install.this.k
a8e40	65 79 20 74 6f 20 74 68 65 20 72 65 6d 6f 74 65 20 72 6f 75 74 65 72 2e 00 46 6c 61 73 68 00 46	ey.to.the.remote.router..Flash.F
a8e60	6c 61 73 68 20 4f 76 65 72 72 69 64 65 00 46 6c 6f 77 20 41 63 63 6f 75 6e 74 69 6e 67 00 46 6c	lash.Override.Flow.Accounting.Fl
a8e80	6f 77 20 45 78 70 6f 72 74 00 46 6c 6f 77 20 61 6e 64 20 70 61 63 6b 65 74 2d 62 61 73 65 64 20	ow.Export.Flow.and.packet-based.
a8ea0	62 61 6c 61 6e 63 69 6e 67 00 46 6c 6f 77 73 20 63 61 6e 20 62 65 20 65 78 70 6f 72 74 65 64 20	balancing.Flows.can.be.exported.
a8ec0	76 69 61 20 74 77 6f 20 64 69 66 66 65 72 65 6e 74 20 70 72 6f 74 6f 63 6f 6c 73 3a 20 4e 65 74	via.two.different.protocols:.Net
a8ee0	46 6c 6f 77 20 28 76 65 72 73 69 6f 6e 73 20 35 2c 20 39 20 61 6e 64 20 31 30 2f 49 50 46 49 58	Flow.(versions.5,.9.and.10/IPFIX
a8f00	29 20 61 6e 64 20 73 46 6c 6f 77 2e 20 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 79 6f 75 20 6d	).and.sFlow..Additionally,.you.m
a8f20	61 79 20 73 61 76 65 20 66 6c 6f 77 73 20 74 6f 20 61 6e 20 69 6e 2d 6d 65 6d 6f 72 79 20 74 61	ay.save.flows.to.an.in-memory.ta
a8f40	62 6c 65 20 69 6e 74 65 72 6e 61 6c 6c 79 20 69 6e 20 61 20 72 6f 75 74 65 72 2e 00 46 6c 75 73	ble.internally.in.a.router..Flus
a8f60	68 69 6e 67 20 74 68 65 20 73 65 73 73 69 6f 6e 20 74 61 62 6c 65 20 77 69 6c 6c 20 63 61 75 73	hing.the.session.table.will.caus
a8f80	65 20 6f 74 68 65 72 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 74 6f 20 66 61 6c 6c 20 62 61 63 6b	e.other.connections.to.fall.back
a8fa0	20 66 72 6f 6d 20 66 6c 6f 77 2d 62 61 73 65 64 20 74 6f 20 70 61 63 6b 65 74 2d 62 61 73 65 64	.from.flow-based.to.packet-based
a8fc0	20 62 61 6c 61 6e 63 69 6e 67 20 75 6e 74 69 6c 20 65 61 63 68 20 66 6c 6f 77 20 69 73 20 72 65	.balancing.until.each.flow.is.re
a8fe0	65 73 74 61 62 6c 69 73 68 65 64 2e 00 46 6f 6c 6c 6f 77 20 74 68 65 20 69 6e 73 74 72 75 63 74	established..Follow.the.instruct
a9000	69 6f 6e 73 20 74 6f 20 67 65 6e 65 72 61 74 65 20 43 41 20 63 65 72 74 20 28 69 6e 20 63 6f 6e	ions.to.generate.CA.cert.(in.con
a9020	66 69 67 75 72 61 74 69 6f 6e 20 6d 6f 64 65 29 3a 00 46 6f 6c 6c 6f 77 20 74 68 65 20 69 6e 73	figuration.mode):.Follow.the.ins
a9040	74 72 75 63 74 69 6f 6e 73 20 74 6f 20 67 65 6e 65 72 61 74 65 20 73 65 72 76 65 72 20 63 65 72	tructions.to.generate.server.cer
a9060	74 20 28 69 6e 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6d 6f 64 65 29 3a 00 46 6f 72 20 3a	t.(in.configuration.mode):.For.:
a9080	72 65 66 3a 60 62 69 64 69 72 65 63 74 69 6f 6e 61 6c 2d 6e 61 74 60 20 61 20 72 75 6c 65 20 66	ref:`bidirectional-nat`.a.rule.f
a90a0	6f 72 20 62 6f 74 68 20 3a 72 65 66 3a 60 73 6f 75 72 63 65 2d 6e 61 74 60 20 61 6e 64 20 3a 72	or.both.:ref:`source-nat`.and.:r
a90c0	65 66 3a 60 64 65 73 74 69 6e 61 74 69 6f 6e 2d 6e 61 74 60 20 6e 65 65 64 73 20 74 6f 20 62 65	ef:`destination-nat`.needs.to.be
a90e0	20 63 72 65 61 74 65 64 2e 00 46 6f 72 20 3a 72 65 66 3a 60 64 65 73 74 69 6e 61 74 69 6f 6e 2d	.created..For.:ref:`destination-
a9100	6e 61 74 60 20 72 75 6c 65 73 20 74 68 65 20 70 61 63 6b 65 74 73 20 64 65 73 74 69 6e 61 74 69	nat`.rules.the.packets.destinati
a9120	6f 6e 20 61 64 64 72 65 73 73 20 77 69 6c 6c 20 62 65 20 72 65 70 6c 61 63 65 64 20 62 79 20 74	on.address.will.be.replaced.by.t
a9140	68 65 20 73 70 65 63 69 66 69 65 64 20 61 64 64 72 65 73 73 20 69 6e 20 74 68 65 20 60 74 72 61	he.specified.address.in.the.`tra
a9160	6e 73 6c 61 74 69 6f 6e 20 61 64 64 72 65 73 73 60 20 63 6f 6d 6d 61 6e 64 2e 00 46 6f 72 20 3a	nslation.address`.command..For.:
a9180	72 65 66 3a 60 73 6f 75 72 63 65 2d 6e 61 74 60 20 72 75 6c 65 73 20 74 68 65 20 70 61 63 6b 65	ref:`source-nat`.rules.the.packe
a91a0	74 73 20 73 6f 75 72 63 65 20 61 64 64 72 65 73 73 20 77 69 6c 6c 20 62 65 20 72 65 70 6c 61 63	ts.source.address.will.be.replac
a91c0	65 64 20 77 69 74 68 20 74 68 65 20 61 64 64 72 65 73 73 20 73 70 65 63 69 66 69 65 64 20 69 6e	ed.with.the.address.specified.in
a91e0	20 74 68 65 20 74 72 61 6e 73 6c 61 74 69 6f 6e 20 63 6f 6d 6d 61 6e 64 2e 20 41 20 70 6f 72 74	.the.translation.command..A.port
a9200	20 74 72 61 6e 73 6c 61 74 69 6f 6e 20 63 61 6e 20 61 6c 73 6f 20 62 65 20 73 70 65 63 69 66 69	.translation.can.also.be.specifi
a9220	65 64 20 61 6e 64 20 69 73 20 70 61 72 74 20 6f 66 20 74 68 65 20 74 72 61 6e 73 6c 61 74 69 6f	ed.and.is.part.of.the.translatio
a9240	6e 20 61 64 64 72 65 73 73 2e 00 46 6f 72 20 45 6e 63 72 79 70 74 69 6f 6e 3a 00 46 6f 72 20 48	n.address..For.Encryption:.For.H
a9260	61 73 68 69 6e 67 3a 00 46 6f 72 20 49 53 2d 49 53 20 74 6f 70 20 6f 70 65 72 61 74 65 20 63 6f	ashing:.For.IS-IS.top.operate.co
a9280	72 72 65 63 74 6c 79 2c 20 6f 6e 65 20 6d 75 73 74 20 64 6f 20 74 68 65 20 65 71 75 69 76 61 6c	rrectly,.one.must.do.the.equival
a92a0	65 6e 74 20 6f 66 20 61 20 52 6f 75 74 65 72 20 49 44 20 69 6e 20 43 4c 4e 53 2e 20 54 68 69 73	ent.of.a.Router.ID.in.CLNS..This
a92c0	20 52 6f 75 74 65 72 20 49 44 20 69 73 20 63 61 6c 6c 65 64 20 74 68 65 20 3a 61 62 62 72 3a 60	.Router.ID.is.called.the.:abbr:`
a92e0	4e 45 54 20 28 4e 65 74 77 6f 72 6b 20 45 6e 74 69 74 79 20 54 69 74 6c 65 29 60 2e 20 54 68 69	NET.(Network.Entity.Title)`..Thi
a9300	73 20 6d 75 73 74 20 62 65 20 75 6e 69 71 75 65 20 66 6f 72 20 65 61 63 68 20 61 6e 64 20 65 76	s.must.be.unique.for.each.and.ev
a9320	65 72 79 20 72 6f 75 74 65 72 20 74 68 61 74 20 69 73 20 6f 70 65 72 61 74 69 6e 67 20 69 6e 20	ery.router.that.is.operating.in.
a9340	49 53 2d 49 53 2e 20 49 74 20 61 6c 73 6f 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 64 75 70 6c 69	IS-IS..It.also.must.not.be.dupli
a9360	63 61 74 65 64 20 6f 74 68 65 72 77 69 73 65 20 74 68 65 20 73 61 6d 65 20 69 73 73 75 65 73 20	cated.otherwise.the.same.issues.
a9380	74 68 61 74 20 6f 63 63 75 72 20 77 69 74 68 69 6e 20 4f 53 50 46 20 77 69 6c 6c 20 6f 63 63 75	that.occur.within.OSPF.will.occu
a93a0	72 20 77 69 74 68 69 6e 20 49 53 2d 49 53 20 77 68 65 6e 20 69 74 20 63 6f 6d 65 73 20 74 6f 20	r.within.IS-IS.when.it.comes.to.
a93c0	73 61 69 64 20 64 75 70 6c 69 63 61 74 69 6f 6e 2e 00 46 6f 72 20 49 6e 63 6f 6d 69 6e 67 20 61	said.duplication..For.Incoming.a
a93e0	6e 64 20 49 6d 70 6f 72 74 20 52 6f 75 74 65 2d 6d 61 70 73 20 69 66 20 77 65 20 72 65 63 65 69	nd.Import.Route-maps.if.we.recei
a9400	76 65 20 61 20 76 36 20 67 6c 6f 62 61 6c 20 61 6e 64 20 76 36 20 4c 4c 20 61 64 64 72 65 73 73	ve.a.v6.global.and.v6.LL.address
a9420	20 66 6f 72 20 74 68 65 20 72 6f 75 74 65 2c 20 74 68 65 6e 20 70 72 65 66 65 72 20 74 6f 20 75	.for.the.route,.then.prefer.to.u
a9440	73 65 20 74 68 65 20 67 6c 6f 62 61 6c 20 61 64 64 72 65 73 73 20 61 73 20 74 68 65 20 6e 65 78	se.the.global.address.as.the.nex
a9460	74 68 6f 70 2e 00 46 6f 72 20 4c 6f 63 61 6c 20 55 73 65 72 73 00 46 6f 72 20 52 41 44 49 55 53	thop..For.Local.Users.For.RADIUS
a9480	20 75 73 65 72 73 00 46 6f 72 20 55 53 42 20 70 6f 72 74 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20	.users.For.USB.port.information.
a94a0	70 6c 65 61 73 65 20 72 65 66 6f 72 20 74 6f 3a 20 3a 72 65 66 3a 60 68 61 72 64 77 61 72 65 5f	please.refor.to:.:ref:`hardware_
a94c0	75 73 62 60 2e 00 46 6f 72 20 61 20 68 65 61 64 73 74 61 72 74 20 79 6f 75 20 63 61 6e 20 75 73	usb`..For.a.headstart.you.can.us
a94e0	65 20 74 68 65 20 62 65 6c 6f 77 20 65 78 61 6d 70 6c 65 20 6f 6e 20 68 6f 77 20 74 6f 20 62 75	e.the.below.example.on.how.to.bu
a9500	69 6c 64 20 61 20 62 6f 6e 64 20 77 69 74 68 20 74 77 6f 20 69 6e 74 65 72 66 61 63 65 73 20 66	ild.a.bond.with.two.interfaces.f
a9520	72 6f 6d 20 56 79 4f 53 20 74 6f 20 61 20 4a 75 6e 69 70 65 72 20 45 58 20 53 77 69 74 63 68 20	rom.VyOS.to.a.Juniper.EX.Switch.
a9540	73 79 73 74 65 6d 2e 00 46 6f 72 20 61 20 68 65 61 64 73 74 61 72 74 20 79 6f 75 20 63 61 6e 20	system..For.a.headstart.you.can.
a9560	75 73 65 20 74 68 65 20 62 65 6c 6f 77 20 65 78 61 6d 70 6c 65 20 6f 6e 20 68 6f 77 20 74 6f 20	use.the.below.example.on.how.to.
a9580	62 75 69 6c 64 20 61 20 62 6f 6e 64 2c 70 6f 72 74 2d 63 68 61 6e 6e 65 6c 20 77 69 74 68 20 74	build.a.bond,port-channel.with.t
a95a0	77 6f 20 69 6e 74 65 72 66 61 63 65 73 20 66 72 6f 6d 20 56 79 4f 53 20 74 6f 20 61 20 41 72 75	wo.interfaces.from.VyOS.to.a.Aru
a95c0	62 61 2f 48 50 20 32 35 31 30 47 20 73 77 69 74 63 68 2e 00 46 6f 72 20 61 20 6c 61 72 67 65 20	ba/HP.2510G.switch..For.a.large.
a95e0	61 6d 6f 75 6e 74 20 6f 66 20 70 72 69 76 61 74 65 20 6d 61 63 68 69 6e 65 73 20 62 65 68 69 6e	amount.of.private.machines.behin
a9600	64 20 74 68 65 20 4e 41 54 20 79 6f 75 72 20 61 64 64 72 65 73 73 20 70 6f 6f 6c 20 6d 69 67 68	d.the.NAT.your.address.pool.migh
a9620	74 20 74 6f 20 62 65 20 62 69 67 67 65 72 2e 20 55 73 65 20 61 6e 79 20 61 64 64 72 65 73 73 20	t.to.be.bigger..Use.any.address.
a9640	69 6e 20 74 68 65 20 72 61 6e 67 65 20 31 30 30 2e 36 34 2e 30 2e 31 30 20 2d 20 31 30 30 2e 36	in.the.range.100.64.0.10.-.100.6
a9660	34 2e 30 2e 32 30 20 6f 6e 20 53 4e 41 54 20 72 75 6c 65 20 34 30 20 77 68 65 6e 20 64 6f 69 6e	4.0.20.on.SNAT.rule.40.when.doin
a9680	67 20 74 68 65 20 74 72 61 6e 73 6c 61 74 69 6f 6e 00 46 6f 72 20 61 20 73 69 6d 70 6c 65 20 68	g.the.translation.For.a.simple.h
a96a0	6f 6d 65 20 6e 65 74 77 6f 72 6b 20 75 73 69 6e 67 20 6a 75 73 74 20 74 68 65 20 49 53 50 27 73	ome.network.using.just.the.ISP's
a96c0	20 65 71 75 69 70 6d 65 6e 74 2c 20 74 68 69 73 20 69 73 20 75 73 75 61 6c 6c 79 20 64 65 73 69	.equipment,.this.is.usually.desi
a96e0	72 61 62 6c 65 2e 20 42 75 74 20 69 66 20 79 6f 75 20 77 61 6e 74 20 74 6f 20 72 75 6e 20 56 79	rable..But.if.you.want.to.run.Vy
a9700	4f 53 20 61 73 20 79 6f 75 72 20 66 69 72 65 77 61 6c 6c 20 61 6e 64 20 72 6f 75 74 65 72 2c 20	OS.as.your.firewall.and.router,.
a9720	74 68 69 73 20 77 69 6c 6c 20 72 65 73 75 6c 74 20 69 6e 20 68 61 76 69 6e 67 20 61 20 64 6f 75	this.will.result.in.having.a.dou
a9740	62 6c 65 20 4e 41 54 20 61 6e 64 20 66 69 72 65 77 61 6c 6c 20 73 65 74 75 70 2e 20 54 68 69 73	ble.NAT.and.firewall.setup..This
a9760	20 72 65 73 75 6c 74 73 20 69 6e 20 61 20 66 65 77 20 65 78 74 72 61 20 6c 61 79 65 72 73 20 6f	.results.in.a.few.extra.layers.o
a9780	66 20 63 6f 6d 70 6c 65 78 69 74 79 2c 20 70 61 72 74 69 63 75 6c 61 72 6c 79 20 69 66 20 79 6f	f.complexity,.particularly.if.yo
a97a0	75 20 75 73 65 20 73 6f 6d 65 20 4e 41 54 20 6f 72 20 74 75 6e 6e 65 6c 20 66 65 61 74 75 72 65	u.use.some.NAT.or.tunnel.feature
a97c0	73 2e 00 46 6f 72 20 63 6f 6e 6e 65 63 74 69 6f 6e 6c 65 73 73 20 70 72 6f 74 6f 63 6f 6c 73 20	s..For.connectionless.protocols.
a97e0	61 73 20 6c 69 6b 65 20 49 43 4d 50 20 61 6e 64 20 55 44 50 2c 20 61 20 66 6c 6f 77 20 69 73 20	as.like.ICMP.and.UDP,.a.flow.is.
a9800	63 6f 6e 73 69 64 65 72 65 64 20 63 6f 6d 70 6c 65 74 65 20 6f 6e 63 65 20 6e 6f 20 6d 6f 72 65	considered.complete.once.no.more
a9820	20 70 61 63 6b 65 74 73 20 66 6f 72 20 74 68 69 73 20 66 6c 6f 77 20 61 70 70 65 61 72 20 61 66	.packets.for.this.flow.appear.af
a9840	74 65 72 20 63 6f 6e 66 69 67 75 72 61 62 6c 65 20 74 69 6d 65 6f 75 74 2e 00 46 6f 72 20 65 78	ter.configurable.timeout..For.ex
a9860	61 6d 70 6c 65 2c 20 69 66 20 70 72 6f 62 6c 65 6d 73 20 77 69 74 68 20 70 6f 6f 72 20 74 69 6d	ample,.if.problems.with.poor.tim
a9880	65 20 73 79 6e 63 68 72 6f 6e 69 7a 61 74 69 6f 6e 20 61 72 65 20 65 78 70 65 72 69 65 6e 63 65	e.synchronization.are.experience
a98a0	64 2c 20 74 68 65 20 77 69 6e 64 6f 77 20 63 61 6e 20 62 65 20 69 6e 63 72 65 61 73 65 64 20 66	d,.the.window.can.be.increased.f
a98c0	72 6f 6d 20 69 74 73 20 64 65 66 61 75 6c 74 20 73 69 7a 65 20 6f 66 20 33 20 70 65 72 6d 69 74	rom.its.default.size.of.3.permit
a98e0	74 65 64 20 63 6f 64 65 73 20 28 6f 6e 65 20 70 72 65 76 69 6f 75 73 20 63 6f 64 65 2c 20 74 68	ted.codes.(one.previous.code,.th
a9900	65 20 63 75 72 72 65 6e 74 20 63 6f 64 65 2c 20 74 68 65 20 6e 65 78 74 20 63 6f 64 65 29 20 74	e.current.code,.the.next.code).t
a9920	6f 20 31 37 20 70 65 72 6d 69 74 74 65 64 20 63 6f 64 65 73 20 28 74 68 65 20 38 20 70 72 65 76	o.17.permitted.codes.(the.8.prev
a9940	69 6f 75 73 20 63 6f 64 65 73 2c 20 74 68 65 20 63 75 72 72 65 6e 74 20 63 6f 64 65 2c 20 61 6e	ious.codes,.the.current.code,.an
a9960	64 20 74 68 65 20 38 20 6e 65 78 74 20 63 6f 64 65 73 29 2e 20 54 68 69 73 20 77 69 6c 6c 20 70	d.the.8.next.codes)..This.will.p
a9980	65 72 6d 69 74 20 66 6f 72 20 61 20 74 69 6d 65 20 73 6b 65 77 20 6f 66 20 75 70 20 74 6f 20 34	ermit.for.a.time.skew.of.up.to.4
a99a0	20 6d 69 6e 75 74 65 73 20 62 65 74 77 65 65 6e 20 63 6c 69 65 6e 74 20 61 6e 64 20 73 65 72 76	.minutes.between.client.and.serv
a99c0	65 72 2e 00 46 6f 72 20 65 78 61 6d 70 6c 65 3a 00 46 6f 72 20 66 69 72 65 77 61 6c 6c 20 66 69	er..For.example:.For.firewall.fi
a99e0	6c 74 65 72 69 6e 67 2c 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 73 68 6f 75 6c 64 20 62 65	ltering,.configuration.should.be
a9a00	20 64 6f 6e 65 20 69 6e 20 60 60 73 65 74 20 66 69 72 65 77 61 6c 6c 20 5b 69 70 76 34 20 7c 20	.done.in.``set.firewall.[ipv4.|.
a9a20	69 70 76 36 5d 20 2e 2e 2e 60 60 00 46 6f 72 20 66 69 72 65 77 61 6c 6c 20 66 69 6c 74 65 72 69	ipv6]....``.For.firewall.filteri
a9a40	6e 67 2c 20 66 69 72 65 77 61 6c 6c 20 72 75 6c 65 73 20 6e 65 65 64 73 20 74 6f 20 62 65 20 63	ng,.firewall.rules.needs.to.be.c
a9a60	72 65 61 74 65 64 2e 20 45 61 63 68 20 72 75 6c 65 20 69 73 20 6e 75 6d 62 65 72 65 64 2c 20 68	reated..Each.rule.is.numbered,.h
a9a80	61 73 20 61 6e 20 61 63 74 69 6f 6e 20 74 6f 20 61 70 70 6c 79 20 69 66 20 74 68 65 20 72 75 6c	as.an.action.to.apply.if.the.rul
a9aa0	65 20 69 73 20 6d 61 74 63 68 65 64 2c 20 61 6e 64 20 74 68 65 20 61 62 69 6c 69 74 79 20 74 6f	e.is.matched,.and.the.ability.to
a9ac0	20 73 70 65 63 69 66 79 20 6d 75 6c 74 69 70 6c 65 20 63 72 69 74 65 72 69 61 20 6d 61 74 63 68	.specify.multiple.criteria.match
a9ae0	65 72 73 2e 20 44 61 74 61 20 70 61 63 6b 65 74 73 20 67 6f 20 74 68 72 6f 75 67 68 20 74 68 65	ers..Data.packets.go.through.the
a9b00	20 72 75 6c 65 73 20 66 72 6f 6d 20 31 20 2d 20 39 39 39 39 39 39 2c 20 73 6f 20 6f 72 64 65 72	.rules.from.1.-.999999,.so.order
a9b20	20 69 73 20 63 72 75 63 69 61 6c 2e 20 41 74 20 74 68 65 20 66 69 72 73 74 20 6d 61 74 63 68 20	.is.crucial..At.the.first.match.
a9b40	74 68 65 20 61 63 74 69 6f 6e 20 6f 66 20 74 68 65 20 72 75 6c 65 20 77 69 6c 6c 20 62 65 20 65	the.action.of.the.rule.will.be.e
a9b60	78 65 63 75 74 65 64 2e 00 46 6f 72 20 66 72 61 67 6d 65 6e 74 65 64 20 54 43 50 20 6f 72 20 55	xecuted..For.fragmented.TCP.or.U
a9b80	44 50 20 70 61 63 6b 65 74 73 20 61 6e 64 20 61 6c 6c 20 6f 74 68 65 72 20 49 50 76 34 20 61 6e	DP.packets.and.all.other.IPv4.an
a9ba0	64 20 49 50 76 36 20 70 72 6f 74 6f 63 6f 6c 20 74 72 61 66 66 69 63 2c 20 74 68 65 20 73 6f 75	d.IPv6.protocol.traffic,.the.sou
a9bc0	72 63 65 20 61 6e 64 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 70 6f 72 74 20 69 6e 66 6f 72 6d 61	rce.and.destination.port.informa
a9be0	74 69 6f 6e 20 69 73 20 6f 6d 69 74 74 65 64 2e 20 46 6f 72 20 6e 6f 6e 2d 49 50 20 74 72 61 66	tion.is.omitted..For.non-IP.traf
a9c00	66 69 63 2c 20 74 68 65 20 66 6f 72 6d 75 6c 61 20 69 73 20 74 68 65 20 73 61 6d 65 20 61 73 20	fic,.the.formula.is.the.same.as.
a9c20	66 6f 72 20 74 68 65 20 6c 61 79 65 72 32 20 74 72 61 6e 73 6d 69 74 20 68 61 73 68 20 70 6f 6c	for.the.layer2.transmit.hash.pol
a9c40	69 63 79 2e 00 46 6f 72 20 67 65 6e 65 72 61 74 69 6e 67 20 61 6e 20 4f 54 50 20 6b 65 79 20 69	icy..For.generating.an.OTP.key.i
a9c60	6e 20 56 79 4f 53 2c 20 79 6f 75 20 63 61 6e 20 75 73 65 20 74 68 65 20 43 4c 49 20 63 6f 6d 6d	n.VyOS,.you.can.use.the.CLI.comm
a9c80	61 6e 64 20 28 6f 70 65 72 61 74 69 6f 6e 61 6c 20 6d 6f 64 65 29 3a 00 46 6f 72 20 69 6e 62 6f	and.(operational.mode):.For.inbo
a9ca0	75 6e 64 20 75 70 64 61 74 65 73 20 74 68 65 20 6f 72 64 65 72 20 6f 66 20 70 72 65 66 65 72 65	und.updates.the.order.of.prefere
a9cc0	6e 63 65 20 69 73 3a 00 46 6f 72 20 69 6e 73 74 61 6e 63 65 2c 20 77 69 74 68 20 3a 63 6f 64 65	nce.is:.For.instance,.with.:code
a9ce0	3a 60 73 65 74 20 71 6f 73 20 70 6f 6c 69 63 79 20 73 68 61 70 65 72 20 4d 59 2d 53 48 41 50 45	:`set.qos.policy.shaper.MY-SHAPE
a9d00	52 20 63 6c 61 73 73 20 33 30 20 73 65 74 2d 64 73 63 70 20 45 46 60 20 79 6f 75 20 77 6f 75 6c	R.class.30.set-dscp.EF`.you.woul
a9d20	64 20 62 65 20 6d 6f 64 69 66 79 69 6e 67 20 74 68 65 20 44 53 43 50 20 66 69 65 6c 64 20 76 61	d.be.modifying.the.DSCP.field.va
a9d40	6c 75 65 20 6f 66 20 70 61 63 6b 65 74 73 20 69 6e 20 74 68 61 74 20 63 6c 61 73 73 20 74 6f 20	lue.of.packets.in.that.class.to.
a9d60	45 78 70 65 64 69 74 65 20 46 6f 72 77 61 72 64 69 6e 67 2e 00 46 6f 72 20 69 70 76 34 3a 00 46	Expedite.Forwarding..For.ipv4:.F
a9d80	6f 72 20 6c 61 74 65 73 74 20 72 65 6c 65 61 73 65 73 2c 20 72 65 66 65 72 20 74 68 65 20 60 66	or.latest.releases,.refer.the.`f
a9da0	69 72 65 77 61 6c 6c 20 3c 68 74 74 70 73 3a 2f 2f 64 6f 63 73 2e 76 79 6f 73 2e 69 6f 2f 65 6e	irewall.<https://docs.vyos.io/en
a9dc0	2f 6c 61 74 65 73 74 2f 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2f 66 69 72 65 77 61 6c 6c 2f 67	/latest/configuration/firewall/g
a9de0	65 6e 65 72 61 6c 2e 68 74 6d 6c 23 69 6e 74 65 72 66 61 63 65 2d 67 72 6f 75 70 73 3e 60 5f 20	eneral.html#interface-groups>`_.
a9e00	6d 61 69 6e 20 70 61 67 65 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 7a 6f 6e 65 20 62 61 73 65	main.page.to.configure.zone.base
a9e20	64 20 72 75 6c 65 73 2e 20 4e 65 77 20 73 79 6e 74 61 78 20 77 61 73 20 69 6e 74 72 6f 64 75 63	d.rules..New.syntax.was.introduc
a9e40	65 64 20 68 65 72 65 20 3a 76 79 74 61 73 6b 3a 60 54 35 31 36 30 60 00 46 6f 72 20 6d 6f 72 65	ed.here.:vytask:`T5160`.For.more
a9e60	20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 6f 6e 20 68 6f 77 20 4d 50 4c 53 20 6c 61 62 65 6c 20 73	.information.on.how.MPLS.label.s
a9e80	77 69 74 63 68 69 6e 67 20 77 6f 72 6b 73 2c 20 70 6c 65 61 73 65 20 67 6f 20 76 69 73 69 74 20	witching.works,.please.go.visit.
a9ea0	60 57 69 6b 69 70 65 64 69 61 20 28 4d 50 4c 53 29 60 5f 2e 00 46 6f 72 20 6e 65 74 77 6f 72 6b	`Wikipedia.(MPLS)`_..For.network
a9ec0	20 6d 61 69 6e 74 65 6e 61 6e 63 65 2c 20 69 74 27 73 20 61 20 67 6f 6f 64 20 69 64 65 61 20 74	.maintenance,.it's.a.good.idea.t
a9ee0	6f 20 64 69 72 65 63 74 20 75 73 65 72 73 20 74 6f 20 61 20 62 61 63 6b 75 70 20 73 65 72 76 65	o.direct.users.to.a.backup.serve
a9f00	72 20 73 6f 20 74 68 61 74 20 74 68 65 20 70 72 69 6d 61 72 79 20 73 65 72 76 65 72 20 63 61 6e	r.so.that.the.primary.server.can
a9f20	20 62 65 20 73 61 66 65 6c 79 20 74 61 6b 65 6e 20 6f 75 74 20 6f 66 20 73 65 72 76 69 63 65 2e	.be.safely.taken.out.of.service.
a9f40	20 49 74 27 73 20 70 6f 73 73 69 62 6c 65 20 74 6f 20 73 77 69 74 63 68 20 79 6f 75 72 20 50 50	.It's.possible.to.switch.your.PP
a9f60	50 6f 45 20 73 65 72 76 65 72 20 74 6f 20 6d 61 69 6e 74 65 6e 61 6e 63 65 20 6d 6f 64 65 20 77	PoE.server.to.maintenance.mode.w
a9f80	68 65 72 65 20 69 74 20 6d 61 69 6e 74 61 69 6e 73 20 61 6c 72 65 61 64 79 20 65 73 74 61 62 6c	here.it.maintains.already.establ
a9fa0	69 73 68 65 64 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 2c 20 62 75 74 20 72 65 66 75 73 65 73 20 6e	ished.connections,.but.refuses.n
a9fc0	65 77 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 61 74 74 65 6d 70 74 73 2e 00 46 6f 72 20 6f 70 74 69	ew.connection.attempts..For.opti
a9fe0	6d 61 6c 20 73 63 61 6c 61 62 69 6c 69 74 79 2c 20 4d 75 6c 74 69 63 61 73 74 20 73 68 6f 75 6c	mal.scalability,.Multicast.shoul
aa000	64 6e 27 74 20 62 65 20 75 73 65 64 20 61 74 20 61 6c 6c 2c 20 62 75 74 20 69 6e 73 74 65 61 64	dn't.be.used.at.all,.but.instead
aa020	20 75 73 65 20 42 47 50 20 74 6f 20 73 69 67 6e 61 6c 20 61 6c 6c 20 63 6f 6e 6e 65 63 74 65 64	.use.BGP.to.signal.all.connected
aa040	20 64 65 76 69 63 65 73 20 62 65 74 77 65 65 6e 20 6c 65 61 76 65 73 2e 20 55 6e 66 6f 72 74 75	.devices.between.leaves..Unfortu
aa060	6e 61 74 65 6c 79 2c 20 56 79 4f 53 20 64 6f 65 73 20 6e 6f 74 20 79 65 74 20 73 75 70 70 6f 72	nately,.VyOS.does.not.yet.suppor
aa080	74 20 74 68 69 73 2e 00 46 6f 72 20 6f 75 74 62 6f 75 6e 64 20 75 70 64 61 74 65 73 20 74 68 65	t.this..For.outbound.updates.the
aa0a0	20 6f 72 64 65 72 20 6f 66 20 70 72 65 66 65 72 65 6e 63 65 20 69 73 3a 00 46 6f 72 20 72 65 66	.order.of.preference.is:.For.ref
aa0c0	65 72 65 6e 63 65 2c 20 61 20 64 65 73 63 72 69 70 74 69 6f 6e 20 63 61 6e 20 62 65 20 64 65 66	erence,.a.description.can.be.def
aa0e0	69 6e 65 64 20 66 6f 72 20 65 76 65 72 79 20 73 69 6e 67 6c 65 20 72 75 6c 65 2c 20 61 6e 64 20	ined.for.every.single.rule,.and.
aa100	66 6f 72 20 65 76 65 72 79 20 64 65 66 69 6e 65 64 20 63 75 73 74 6f 6d 20 63 68 61 69 6e 2e 00	for.every.defined.custom.chain..
aa120	46 6f 72 20 73 65 63 75 72 69 74 79 2c 20 74 68 65 20 6c 69 73 74 65 6e 20 61 64 64 72 65 73 73	For.security,.the.listen.address
aa140	20 73 68 6f 75 6c 64 20 6f 6e 6c 79 20 62 65 20 75 73 65 64 20 6f 6e 20 69 6e 74 65 72 6e 61 6c	.should.only.be.used.on.internal
aa160	2f 74 72 75 73 74 65 64 20 6e 65 74 77 6f 72 6b 73 21 00 46 6f 72 20 73 65 72 69 61 6c 20 76 69	/trusted.networks!.For.serial.vi
aa180	61 20 55 53 42 20 70 6f 72 74 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 72 65	a.USB.port.information.please.re
aa1a0	66 6f 72 20 74 6f 3a 20 3a 72 65 66 3a 60 68 61 72 64 77 61 72 65 5f 75 73 62 60 2e 00 46 6f 72	for.to:.:ref:`hardware_usb`..For
aa1c0	20 73 69 6d 70 6c 69 63 69 74 79 20 77 65 27 6c 6c 20 61 73 73 75 6d 65 20 74 68 61 74 20 74 68	.simplicity.we'll.assume.that.th
aa1e0	65 20 70 72 6f 74 6f 63 6f 6c 20 69 73 20 47 52 45 2c 20 69 74 27 73 20 6e 6f 74 20 68 61 72 64	e.protocol.is.GRE,.it's.not.hard
aa200	20 74 6f 20 67 75 65 73 73 20 77 68 61 74 20 6e 65 65 64 73 20 74 6f 20 62 65 20 63 68 61 6e 67	.to.guess.what.needs.to.be.chang
aa220	65 64 20 74 6f 20 6d 61 6b 65 20 69 74 20 77 6f 72 6b 20 77 69 74 68 20 61 20 64 69 66 66 65 72	ed.to.make.it.work.with.a.differ
aa240	65 6e 74 20 70 72 6f 74 6f 63 6f 6c 2e 20 57 65 20 61 73 73 75 6d 65 20 74 68 61 74 20 49 50 73	ent.protocol..We.assume.that.IPs
aa260	65 63 20 77 69 6c 6c 20 75 73 65 20 70 72 65 2d 73 68 61 72 65 64 20 73 65 63 72 65 74 20 61 75	ec.will.use.pre-shared.secret.au
aa280	74 68 65 6e 74 69 63 61 74 69 6f 6e 20 61 6e 64 20 77 69 6c 6c 20 75 73 65 20 41 45 53 31 32 38	thentication.and.will.use.AES128
aa2a0	2f 53 48 41 31 20 66 6f 72 20 74 68 65 20 63 69 70 68 65 72 20 61 6e 64 20 68 61 73 68 2e 20 41	/SHA1.for.the.cipher.and.hash..A
aa2c0	64 6a 75 73 74 20 74 68 69 73 20 61 73 20 6e 65 63 65 73 73 61 72 79 2e 00 46 6f 72 20 74 68 65	djust.this.as.necessary..For.the
aa2e0	20 3a 72 65 66 3a 60 64 65 73 74 69 6e 61 74 69 6f 6e 2d 6e 61 74 36 36 60 20 72 75 6c 65 2c 20	.:ref:`destination-nat66`.rule,.
aa300	74 68 65 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 70	the.destination.address.of.the.p
aa320	61 63 6b 65 74 20 69 73 72 65 70 6c 61 63 65 64 20 62 79 20 74 68 65 20 61 64 64 72 65 73 73 20	acket.isreplaced.by.the.address.
aa340	63 61 6c 63 75 6c 61 74 65 64 20 66 72 6f 6d 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 61 64	calculated.from.the.specified.ad
aa360	64 72 65 73 73 20 6f 72 20 70 72 65 66 69 78 20 69 6e 20 74 68 65 20 60 74 72 61 6e 73 6c 61 74	dress.or.prefix.in.the.`translat
aa380	69 6f 6e 20 61 64 64 72 65 73 73 60 20 63 6f 6d 6d 61 6e 64 00 46 6f 72 20 74 68 65 20 4f 70 65	ion.address`.command.For.the.Ope
aa3a0	6e 56 50 4e 20 74 72 61 66 66 69 63 20 74 6f 20 70 61 73 73 20 74 68 72 6f 75 67 68 20 74 68 65	nVPN.traffic.to.pass.through.the
aa3c0	20 57 41 4e 20 69 6e 74 65 72 66 61 63 65 2c 20 79 6f 75 20 6d 75 73 74 20 63 72 65 61 74 65 20	.WAN.interface,.you.must.create.
aa3e0	61 20 66 69 72 65 77 61 6c 6c 20 65 78 63 65 70 74 69 6f 6e 2e 00 46 6f 72 20 74 68 65 20 57 69	a.firewall.exception..For.the.Wi
aa400	72 65 47 75 61 72 64 20 74 72 61 66 66 69 63 20 74 6f 20 70 61 73 73 20 74 68 72 6f 75 67 68 20	reGuard.traffic.to.pass.through.
aa420	74 68 65 20 57 41 4e 20 69 6e 74 65 72 66 61 63 65 2c 20 79 6f 75 20 6d 75 73 74 20 63 72 65 61	the.WAN.interface,.you.must.crea
aa440	74 65 20 61 20 66 69 72 65 77 61 6c 6c 20 65 78 63 65 70 74 69 6f 6e 2e 00 46 6f 72 20 74 68 65	te.a.firewall.exception..For.the
aa460	20 61 76 65 72 61 67 65 20 75 73 65 72 20 61 20 73 65 72 69 61 6c 20 63 6f 6e 73 6f 6c 65 20 68	.average.user.a.serial.console.h
aa480	61 73 20 6e 6f 20 61 64 76 61 6e 74 61 67 65 20 6f 76 65 72 20 61 20 63 6f 6e 73 6f 6c 65 20 6f	as.no.advantage.over.a.console.o
aa4a0	66 66 65 72 65 64 20 62 79 20 61 20 64 69 72 65 63 74 6c 79 20 61 74 74 61 63 68 65 64 20 6b 65	ffered.by.a.directly.attached.ke
aa4c0	79 62 6f 61 72 64 20 61 6e 64 20 73 63 72 65 65 6e 2e 20 53 65 72 69 61 6c 20 63 6f 6e 73 6f 6c	yboard.and.screen..Serial.consol
aa4e0	65 73 20 61 72 65 20 6d 75 63 68 20 73 6c 6f 77 65 72 2c 20 74 61 6b 69 6e 67 20 75 70 20 74 6f	es.are.much.slower,.taking.up.to
aa500	20 61 20 73 65 63 6f 6e 64 20 74 6f 20 66 69 6c 6c 20 61 20 38 30 20 63 6f 6c 75 6d 6e 20 62 79	.a.second.to.fill.a.80.column.by
aa520	20 32 34 20 6c 69 6e 65 20 73 63 72 65 65 6e 2e 20 53 65 72 69 61 6c 20 63 6f 6e 73 6f 6c 65 73	.24.line.screen..Serial.consoles
aa540	20 67 65 6e 65 72 61 6c 6c 79 20 6f 6e 6c 79 20 73 75 70 70 6f 72 74 20 6e 6f 6e 2d 70 72 6f 70	.generally.only.support.non-prop
aa560	6f 72 74 69 6f 6e 61 6c 20 41 53 43 49 49 20 74 65 78 74 2c 20 77 69 74 68 20 6c 69 6d 69 74 65	ortional.ASCII.text,.with.limite
aa580	64 20 73 75 70 70 6f 72 74 20 66 6f 72 20 6c 61 6e 67 75 61 67 65 73 20 6f 74 68 65 72 20 74 68	d.support.for.languages.other.th
aa5a0	61 6e 20 45 6e 67 6c 69 73 68 2e 00 46 6f 72 20 74 68 65 20 69 6e 67 72 65 73 73 20 74 72 61 66	an.English..For.the.ingress.traf
aa5c0	66 69 63 20 6f 66 20 61 6e 20 69 6e 74 65 72 66 61 63 65 2c 20 74 68 65 72 65 20 69 73 20 6f 6e	fic.of.an.interface,.there.is.on
aa5e0	6c 79 20 6f 6e 65 20 70 6f 6c 69 63 79 20 79 6f 75 20 63 61 6e 20 64 69 72 65 63 74 6c 79 20 61	ly.one.policy.you.can.directly.a
aa600	70 70 6c 79 2c 20 61 20 2a 2a 4c 69 6d 69 74 65 72 2a 2a 20 70 6f 6c 69 63 79 2e 20 59 6f 75 20	pply,.a.**Limiter**.policy..You.
aa620	63 61 6e 6e 6f 74 20 61 70 70 6c 79 20 61 20 73 68 61 70 69 6e 67 20 70 6f 6c 69 63 79 20 64 69	cannot.apply.a.shaping.policy.di
aa640	72 65 63 74 6c 79 20 74 6f 20 74 68 65 20 69 6e 67 72 65 73 73 20 74 72 61 66 66 69 63 20 6f 66	rectly.to.the.ingress.traffic.of
aa660	20 61 6e 79 20 69 6e 74 65 72 66 61 63 65 20 62 65 63 61 75 73 65 20 73 68 61 70 69 6e 67 20 6f	.any.interface.because.shaping.o
aa680	6e 6c 79 20 77 6f 72 6b 73 20 66 6f 72 20 6f 75 74 62 6f 75 6e 64 20 74 72 61 66 66 69 63 2e 00	nly.works.for.outbound.traffic..
aa6a0	46 6f 72 20 74 68 65 20 73 61 6b 65 20 6f 66 20 64 65 6d 6f 6e 73 74 72 61 74 69 6f 6e 2c 20 60	For.the.sake.of.demonstration,.`
aa6c0	65 78 61 6d 70 6c 65 20 23 31 20 69 6e 20 74 68 65 20 6f 66 66 69 63 69 61 6c 20 64 6f 63 75 6d	example.#1.in.the.official.docum
aa6e0	65 6e 74 61 74 69 6f 6e 20 3c 68 74 74 70 73 3a 2f 2f 77 77 77 2e 7a 61 62 62 69 78 2e 63 6f 6d	entation.<https://www.zabbix.com
aa700	2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2f 63 75 72 72 65 6e 74 2f 6d 61 6e 75 61 6c 2f 69 6e	/documentation/current/manual/in
aa720	73 74 61 6c 6c 61 74 69 6f 6e 2f 63 6f 6e 74 61 69 6e 65 72 73 3e 60 5f 20 74 6f 20 74 68 65 20	stallation/containers>`_.to.the.
aa740	64 65 63 6c 61 72 61 74 69 76 65 20 56 79 4f 53 20 43 4c 49 20 73 79 6e 74 61 78 2e 00 46 6f 72	declarative.VyOS.CLI.syntax..For
aa760	20 74 72 61 66 66 69 63 20 6f 72 69 67 69 6e 61 74 65 64 20 62 79 20 74 68 65 20 72 6f 75 74 65	.traffic.originated.by.the.route
aa780	72 2c 20 62 61 73 65 20 63 68 61 69 6e 20 69 73 20 2a 2a 6f 75 74 70 75 74 20 66 69 6c 74 65 72	r,.base.chain.is.**output.filter
aa7a0	2a 2a 3a 20 60 60 73 65 74 20 66 69 72 65 77 61 6c 6c 20 5b 69 70 76 34 20 7c 20 69 70 76 36 5d	**:.``set.firewall.[ipv4.|.ipv6]
aa7c0	20 6f 75 74 70 75 74 20 66 69 6c 74 65 72 20 2e 2e 2e 60 60 00 46 6f 72 20 74 72 61 66 66 69 63	.output.filter....``.For.traffic
aa7e0	20 74 6f 77 61 72 64 73 20 74 68 65 20 72 6f 75 74 65 72 20 69 74 73 65 6c 66 2c 20 62 61 73 65	.towards.the.router.itself,.base
aa800	20 63 68 61 69 6e 20 69 73 20 2a 2a 69 6e 70 75 74 20 66 69 6c 74 65 72 2a 2a 3a 20 60 60 73 65	.chain.is.**input.filter**:.``se
aa820	74 20 66 69 72 65 77 61 6c 6c 20 5b 69 70 76 34 20 7c 20 69 70 76 36 5d 20 69 6e 70 75 74 20 66	t.firewall.[ipv4.|.ipv6].input.f
aa840	69 6c 74 65 72 20 2e 2e 2e 60 60 00 46 6f 72 20 74 72 61 6e 73 69 74 20 74 72 61 66 66 69 63 2c	ilter....``.For.transit.traffic,
aa860	20 77 68 69 63 68 20 69 73 20 72 65 63 65 69 76 65 64 20 62 79 20 74 68 65 20 72 6f 75 74 65 72	.which.is.received.by.the.router
aa880	20 61 6e 64 20 66 6f 72 77 61 72 64 65 64 2c 20 62 61 73 65 20 63 68 61 69 6e 20 69 73 20 2a 2a	.and.forwarded,.base.chain.is.**
aa8a0	66 6f 72 77 61 72 64 20 66 69 6c 74 65 72 2a 2a 3a 20 60 60 73 65 74 20 66 69 72 65 77 61 6c 6c	forward.filter**:.``set.firewall
aa8c0	20 5b 69 70 76 34 20 7c 20 69 70 76 36 5d 20 66 6f 72 77 61 72 64 20 66 69 6c 74 65 72 20 2e 2e	.[ipv4.|.ipv6].forward.filter...
aa8e0	2e 60 60 00 46 6f 72 6d 61 6c 6c 79 2c 20 61 20 76 69 72 74 75 61 6c 20 6c 69 6e 6b 20 6c 6f 6f	.``.Formally,.a.virtual.link.loo
aa900	6b 73 20 6c 69 6b 65 20 61 20 70 6f 69 6e 74 2d 74 6f 2d 70 6f 69 6e 74 20 6e 65 74 77 6f 72 6b	ks.like.a.point-to-point.network
aa920	20 63 6f 6e 6e 65 63 74 69 6e 67 20 74 77 6f 20 41 42 52 20 66 72 6f 6d 20 6f 6e 65 20 61 72 65	.connecting.two.ABR.from.one.are
aa940	61 20 6f 6e 65 20 6f 66 20 77 68 69 63 68 20 70 68 79 73 69 63 61 6c 6c 79 20 63 6f 6e 6e 65 63	a.one.of.which.physically.connec
aa960	74 65 64 20 74 6f 20 61 20 62 61 63 6b 62 6f 6e 65 20 61 72 65 61 2e 20 54 68 69 73 20 70 73 65	ted.to.a.backbone.area..This.pse
aa980	75 64 6f 2d 6e 65 74 77 6f 72 6b 20 69 73 20 63 6f 6e 73 69 64 65 72 65 64 20 74 6f 20 62 65 6c	udo-network.is.considered.to.bel
aa9a0	6f 6e 67 20 74 6f 20 61 20 62 61 63 6b 62 6f 6e 65 20 61 72 65 61 2e 00 46 6f 72 77 61 72 64 20	ong.to.a.backbone.area..Forward.
aa9c0	69 6e 63 6f 6d 69 6e 67 20 44 4e 53 20 71 75 65 72 69 65 73 20 74 6f 20 74 68 65 20 44 4e 53 20	incoming.DNS.queries.to.the.DNS.
aa9e0	73 65 72 76 65 72 73 20 63 6f 6e 66 69 67 75 72 65 64 20 75 6e 64 65 72 20 74 68 65 20 60 60 73	servers.configured.under.the.``s
aaa00	79 73 74 65 6d 20 6e 61 6d 65 2d 73 65 72 76 65 72 60 60 20 6e 6f 64 65 73 2e 00 46 6f 72 77 61	ystem.name-server``.nodes..Forwa
aaa20	72 64 20 6d 65 74 68 6f 64 00 46 6f 72 77 61 72 64 20 72 65 63 65 69 76 65 64 20 71 75 65 72 69	rd.method.Forward.received.queri
aaa40	65 73 20 66 6f 72 20 61 20 70 61 72 74 69 63 75 6c 61 72 20 64 6f 6d 61 69 6e 20 28 73 70 65 63	es.for.a.particular.domain.(spec
aaa60	69 66 69 65 64 20 76 69 61 20 60 64 6f 6d 61 69 6e 2d 6e 61 6d 65 60 29 20 74 6f 20 61 20 67 69	ified.via.`domain-name`).to.a.gi
aaa80	76 65 6e 20 6e 61 6d 65 73 65 72 76 65 72 2e 20 4d 75 6c 74 69 70 6c 65 20 6e 61 6d 65 73 65 72	ven.nameserver..Multiple.nameser
aaaa0	76 65 72 73 20 63 61 6e 20 62 65 20 73 70 65 63 69 66 69 65 64 2e 20 59 6f 75 20 63 61 6e 20 75	vers.can.be.specified..You.can.u
aaac0	73 65 20 74 68 69 73 20 66 65 61 74 75 72 65 20 66 6f 72 20 61 20 44 4e 53 20 73 70 6c 69 74 2d	se.this.feature.for.a.DNS.split-
aaae0	68 6f 72 69 7a 6f 6e 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2e 00 46 6f 75 72 20 70 6f 6c 69	horizon.configuration..Four.poli
aab00	63 69 65 73 20 66 6f 72 20 72 65 66 6f 72 77 61 72 64 69 6e 67 20 44 48 43 50 20 70 61 63 6b 65	cies.for.reforwarding.DHCP.packe
aab20	74 73 20 65 78 69 73 74 3a 00 46 72 6f 6d 20 3a 72 66 63 3a 60 31 39 33 30 60 3a 00 46 72 6f 6d	ts.exist:.From.:rfc:`1930`:.From
aab40	20 61 20 73 65 63 75 72 69 74 79 20 70 65 72 73 70 65 63 74 69 76 65 2c 20 69 74 20 69 73 20 6e	.a.security.perspective,.it.is.n
aab60	6f 74 20 72 65 63 6f 6d 6d 65 6e 64 65 64 20 74 6f 20 6c 65 74 20 61 20 74 68 69 72 64 20 70 61	ot.recommended.to.let.a.third.pa
aab80	72 74 79 20 63 72 65 61 74 65 20 61 6e 64 20 73 68 61 72 65 20 74 68 65 20 70 72 69 76 61 74 65	rty.create.and.share.the.private
aaba0	20 6b 65 79 20 66 6f 72 20 61 20 73 65 63 75 72 65 64 20 63 6f 6e 6e 65 63 74 69 6f 6e 2e 20 59	.key.for.a.secured.connection..Y
aabc0	6f 75 20 73 68 6f 75 6c 64 20 63 72 65 61 74 65 20 74 68 65 20 70 72 69 76 61 74 65 20 70 6f 72	ou.should.create.the.private.por
aabe0	74 69 6f 6e 20 6f 6e 20 79 6f 75 72 20 6f 77 6e 20 61 6e 64 20 6f 6e 6c 79 20 68 61 6e 64 20 6f	tion.on.your.own.and.only.hand.o
aac00	75 74 20 74 68 65 20 70 75 62 6c 69 63 20 6b 65 79 2e 20 50 6c 65 61 73 65 20 6b 65 65 70 20 74	ut.the.public.key..Please.keep.t
aac20	68 69 73 20 69 6e 20 6d 69 6e 64 20 77 68 65 6e 20 75 73 69 6e 67 20 74 68 69 73 20 63 6f 6e 76	his.in.mind.when.using.this.conv
aac40	65 6e 69 65 6e 63 65 20 66 65 61 74 75 72 65 2e 00 46 77 6d 61 72 6b 00 47 45 4e 45 56 45 00 47	enience.feature..Fwmark.GENEVE.G
aac60	45 4e 45 56 45 20 69 73 20 64 65 73 69 67 6e 65 64 20 74 6f 20 73 75 70 70 6f 72 74 20 6e 65 74	ENEVE.is.designed.to.support.net
aac80	77 6f 72 6b 20 76 69 72 74 75 61 6c 69 7a 61 74 69 6f 6e 20 75 73 65 20 63 61 73 65 73 2c 20 77	work.virtualization.use.cases,.w
aaca0	68 65 72 65 20 74 75 6e 6e 65 6c 73 20 61 72 65 20 74 79 70 69 63 61 6c 6c 79 20 65 73 74 61 62	here.tunnels.are.typically.estab
aacc0	6c 69 73 68 65 64 20 74 6f 20 61 63 74 20 61 73 20 61 20 62 61 63 6b 70 6c 61 6e 65 20 62 65 74	lished.to.act.as.a.backplane.bet
aace0	77 65 65 6e 20 74 68 65 20 76 69 72 74 75 61 6c 20 73 77 69 74 63 68 65 73 20 72 65 73 69 64 69	ween.the.virtual.switches.residi
aad00	6e 67 20 69 6e 20 68 79 70 65 72 76 69 73 6f 72 73 2c 20 70 68 79 73 69 63 61 6c 20 73 77 69 74	ng.in.hypervisors,.physical.swit
aad20	63 68 65 73 2c 20 6f 72 20 6d 69 64 64 6c 65 62 6f 78 65 73 20 6f 72 20 6f 74 68 65 72 20 61 70	ches,.or.middleboxes.or.other.ap
aad40	70 6c 69 61 6e 63 65 73 2e 20 41 6e 20 61 72 62 69 74 72 61 72 79 20 49 50 20 6e 65 74 77 6f 72	pliances..An.arbitrary.IP.networ
aad60	6b 20 63 61 6e 20 62 65 20 75 73 65 64 20 61 73 20 61 6e 20 75 6e 64 65 72 6c 61 79 20 61 6c 74	k.can.be.used.as.an.underlay.alt
aad80	68 6f 75 67 68 20 43 6c 6f 73 20 6e 65 74 77 6f 72 6b 73 20 2d 20 41 20 74 65 63 68 6e 69 71 75	hough.Clos.networks.-.A.techniqu
aada0	65 20 66 6f 72 20 63 6f 6d 70 6f 73 69 6e 67 20 6e 65 74 77 6f 72 6b 20 66 61 62 72 69 63 73 20	e.for.composing.network.fabrics.
aadc0	6c 61 72 67 65 72 20 74 68 61 6e 20 61 20 73 69 6e 67 6c 65 20 73 77 69 74 63 68 20 77 68 69 6c	larger.than.a.single.switch.whil
aade0	65 20 6d 61 69 6e 74 61 69 6e 69 6e 67 20 6e 6f 6e 2d 62 6c 6f 63 6b 69 6e 67 20 62 61 6e 64 77	e.maintaining.non-blocking.bandw
aae00	69 64 74 68 20 61 63 72 6f 73 73 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 70 6f 69 6e 74 73 2e 20 45	idth.across.connection.points..E
aae20	43 4d 50 20 69 73 20 75 73 65 64 20 74 6f 20 64 69 76 69 64 65 20 74 72 61 66 66 69 63 20 61 63	CMP.is.used.to.divide.traffic.ac
aae40	72 6f 73 73 20 74 68 65 20 6d 75 6c 74 69 70 6c 65 20 6c 69 6e 6b 73 20 61 6e 64 20 73 77 69 74	ross.the.multiple.links.and.swit
aae60	63 68 65 73 20 74 68 61 74 20 63 6f 6e 73 74 69 74 75 74 65 20 74 68 65 20 66 61 62 72 69 63 2e	ches.that.constitute.the.fabric.
aae80	20 53 6f 6d 65 74 69 6d 65 73 20 74 65 72 6d 65 64 20 22 6c 65 61 66 20 61 6e 64 20 73 70 69 6e	.Sometimes.termed."leaf.and.spin
aaea0	65 22 20 6f 72 20 22 66 61 74 20 74 72 65 65 22 20 74 6f 70 6f 6c 6f 67 69 65 73 2e 00 47 45 4e	e".or."fat.tree".topologies..GEN
aaec0	45 56 45 20 6f 70 74 69 6f 6e 73 00 47 52 45 20 69 73 20 61 20 77 65 6c 6c 20 64 65 66 69 6e 65	EVE.options.GRE.is.a.well.define
aaee0	64 20 73 74 61 6e 64 61 72 64 20 74 68 61 74 20 69 73 20 63 6f 6d 6d 6f 6e 20 69 6e 20 6d 6f 73	d.standard.that.is.common.in.mos
aaf00	74 20 6e 65 74 77 6f 72 6b 73 2e 20 57 68 69 6c 65 20 6e 6f 74 20 69 6e 68 65 72 65 6e 74 6c 79	t.networks..While.not.inherently
aaf20	20 64 69 66 66 69 63 75 6c 74 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 74 68 65 72 65 20 61 72	.difficult.to.configure.there.ar
aaf40	65 20 61 20 63 6f 75 70 6c 65 20 6f 66 20 74 68 69 6e 67 73 20 74 6f 20 6b 65 65 70 20 69 6e 20	e.a.couple.of.things.to.keep.in.
aaf60	6d 69 6e 64 20 74 6f 20 6d 61 6b 65 20 73 75 72 65 20 74 68 65 20 63 6f 6e 66 69 67 75 72 61 74	mind.to.make.sure.the.configurat
aaf80	69 6f 6e 20 70 65 72 66 6f 72 6d 73 20 61 73 20 65 78 70 65 63 74 65 64 2e 20 41 20 63 6f 6d 6d	ion.performs.as.expected..A.comm
aafa0	6f 6e 20 63 61 75 73 65 20 66 6f 72 20 47 52 45 20 74 75 6e 6e 65 6c 73 20 74 6f 20 66 61 69 6c	on.cause.for.GRE.tunnels.to.fail
aafc0	20 74 6f 20 63 6f 6d 65 20 75 70 20 63 6f 72 72 65 63 74 6c 79 20 69 6e 63 6c 75 64 65 20 41 43	.to.come.up.correctly.include.AC
aafe0	4c 20 6f 72 20 46 69 72 65 77 61 6c 6c 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 73 20 74 68 61	L.or.Firewall.configurations.tha
ab000	74 20 61 72 65 20 64 69 73 63 61 72 64 69 6e 67 20 49 50 20 70 72 6f 74 6f 63 6f 6c 20 34 37 20	t.are.discarding.IP.protocol.47.
ab020	6f 72 20 62 6c 6f 63 6b 69 6e 67 20 79 6f 75 72 20 73 6f 75 72 63 65 2f 64 65 73 74 69 6e 61 74	or.blocking.your.source/destinat
ab040	69 6f 6e 20 74 72 61 66 66 69 63 2e 00 47 52 45 20 69 73 20 61 6c 73 6f 20 74 68 65 20 6f 6e 6c	ion.traffic..GRE.is.also.the.onl
ab060	79 20 63 6c 61 73 73 69 63 20 70 72 6f 74 6f 63 6f 6c 20 74 68 61 74 20 61 6c 6c 6f 77 73 20 63	y.classic.protocol.that.allows.c
ab080	72 65 61 74 69 6e 67 20 6d 75 6c 74 69 70 6c 65 20 74 75 6e 6e 65 6c 73 20 77 69 74 68 20 74 68	reating.multiple.tunnels.with.th
ab0a0	65 20 73 61 6d 65 20 73 6f 75 72 63 65 20 61 6e 64 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 64 75	e.same.source.and.destination.du
ab0c0	65 20 74 6f 20 69 74 73 20 73 75 70 70 6f 72 74 20 66 6f 72 20 74 75 6e 6e 65 6c 20 6b 65 79 73	e.to.its.support.for.tunnel.keys
ab0e0	2e 20 44 65 73 70 69 74 65 20 69 74 73 20 6e 61 6d 65 2c 20 74 68 69 73 20 66 65 61 74 75 72 65	..Despite.its.name,.this.feature
ab100	20 68 61 73 20 6e 6f 74 68 69 6e 67 20 74 6f 20 64 6f 20 77 69 74 68 20 73 65 63 75 72 69 74 79	.has.nothing.to.do.with.security
ab120	3a 20 69 74 27 73 20 73 69 6d 70 6c 79 20 61 6e 20 69 64 65 6e 74 69 66 69 65 72 20 74 68 61 74	:.it's.simply.an.identifier.that
ab140	20 61 6c 6c 6f 77 73 20 72 6f 75 74 65 72 73 20 74 6f 20 74 65 6c 6c 20 6f 6e 65 20 74 75 6e 6e	.allows.routers.to.tell.one.tunn
ab160	65 6c 20 66 72 6f 6d 20 61 6e 6f 74 68 65 72 2e 00 47 52 45 20 69 73 20 6f 66 74 65 6e 20 73 65	el.from.another..GRE.is.often.se
ab180	65 6e 20 61 73 20 61 20 6f 6e 65 20 73 69 7a 65 20 66 69 74 73 20 61 6c 6c 20 73 6f 6c 75 74 69	en.as.a.one.size.fits.all.soluti
ab1a0	6f 6e 20 77 68 65 6e 20 69 74 20 63 6f 6d 65 73 20 74 6f 20 63 6c 61 73 73 69 63 20 49 50 20 74	on.when.it.comes.to.classic.IP.t
ab1c0	75 6e 6e 65 6c 69 6e 67 20 70 72 6f 74 6f 63 6f 6c 73 2c 20 61 6e 64 20 66 6f 72 20 61 20 67 6f	unneling.protocols,.and.for.a.go
ab1e0	6f 64 20 72 65 61 73 6f 6e 2e 20 48 6f 77 65 76 65 72 2c 20 74 68 65 72 65 20 61 72 65 20 6d 6f	od.reason..However,.there.are.mo
ab200	72 65 20 73 70 65 63 69 61 6c 69 7a 65 64 20 6f 70 74 69 6f 6e 73 2c 20 61 6e 64 20 6d 61 6e 79	re.specialized.options,.and.many
ab220	20 6f 66 20 74 68 65 6d 20 61 72 65 20 73 75 70 70 6f 72 74 65 64 20 62 79 20 56 79 4f 53 2e 20	.of.them.are.supported.by.VyOS..
ab240	54 68 65 72 65 20 61 72 65 20 61 6c 73 6f 20 72 61 74 68 65 72 20 6f 62 73 63 75 72 65 20 47 52	There.are.also.rather.obscure.GR
ab260	45 20 6f 70 74 69 6f 6e 73 20 74 68 61 74 20 63 61 6e 20 62 65 20 75 73 65 66 75 6c 2e 00 47 52	E.options.that.can.be.useful..GR
ab280	45 2f 49 50 49 50 2f 53 49 54 20 61 6e 64 20 49 50 73 65 63 20 61 72 65 20 77 69 64 65 6c 79 20	E/IPIP/SIT.and.IPsec.are.widely.
ab2a0	61 63 63 65 70 74 65 64 20 73 74 61 6e 64 61 72 64 73 2c 20 77 68 69 63 68 20 6d 61 6b 65 20 74	accepted.standards,.which.make.t
ab2c0	68 69 73 20 73 63 68 65 6d 65 20 65 61 73 79 20 74 6f 20 69 6d 70 6c 65 6d 65 6e 74 20 62 65 74	his.scheme.easy.to.implement.bet
ab2e0	77 65 65 6e 20 56 79 4f 53 20 61 6e 64 20 76 69 72 74 75 61 6c 6c 79 20 61 6e 79 20 6f 74 68 65	ween.VyOS.and.virtually.any.othe
ab300	72 20 72 6f 75 74 65 72 2e 00 47 52 45 54 41 50 00 47 65 6e 65 61 72 61 74 65 20 61 20 6e 65 77	r.router..GRETAP.Genearate.a.new
ab320	20 4f 70 65 6e 56 50 4e 20 73 68 61 72 65 64 20 73 65 63 72 65 74 2e 20 54 68 65 20 67 65 6e 65	.OpenVPN.shared.secret..The.gene
ab340	72 61 74 65 64 20 73 65 63 72 65 64 20 69 73 20 74 68 65 20 6f 75 74 70 75 74 20 74 6f 20 74 68	rated.secred.is.the.output.to.th
ab360	65 20 63 6f 6e 73 6f 6c 65 2e 00 47 65 6e 65 72 61 6c 00 47 65 6e 65 72 61 6c 20 43 6f 6e 66 69	e.console..General.General.Confi
ab380	67 75 72 61 74 69 6f 6e 00 47 65 6e 65 72 61 74 65 20 3a 61 62 62 72 3a 60 4d 4b 41 20 28 4d 41	guration.Generate.:abbr:`MKA.(MA
ab3a0	43 73 65 63 20 4b 65 79 20 41 67 72 65 65 6d 65 6e 74 20 70 72 6f 74 6f 63 6f 6c 29 60 20 43 41	Csec.Key.Agreement.protocol)`.CA
ab3c0	4b 20 6b 65 79 20 31 32 38 20 6f 72 20 32 35 36 20 62 69 74 73 2e 00 47 65 6e 65 72 61 74 65 20	K.key.128.or.256.bits..Generate.
ab3e0	3a 61 62 62 72 3a 60 4d 4b 41 20 28 4d 41 43 73 65 63 20 4b 65 79 20 41 67 72 65 65 6d 65 6e 74	:abbr:`MKA.(MACsec.Key.Agreement
ab400	20 70 72 6f 74 6f 63 6f 6c 29 60 20 43 41 4b 20 6b 65 79 2e 00 47 65 6e 65 72 61 74 65 20 4b 65	.protocol)`.CAK.key..Generate.Ke
ab420	79 70 61 69 72 00 47 65 6e 65 72 61 74 65 20 61 20 57 69 72 65 47 75 61 72 64 20 70 72 65 2d 73	ypair.Generate.a.WireGuard.pre-s
ab440	68 61 72 65 64 20 73 65 63 72 65 74 20 75 73 65 64 20 66 6f 72 20 70 65 65 72 73 20 74 6f 20 63	hared.secret.used.for.peers.to.c
ab460	6f 6d 6d 75 6e 69 63 61 74 65 2e 00 47 65 6e 65 72 61 74 65 20 61 20 6e 65 77 20 57 69 72 65 47	ommunicate..Generate.a.new.WireG
ab480	75 61 72 64 20 70 75 62 6c 69 63 2f 70 72 69 76 61 74 65 20 6b 65 79 20 70 6f 72 74 69 6f 6e 20	uard.public/private.key.portion.
ab4a0	61 6e 64 20 6f 75 74 70 75 74 20 74 68 65 20 72 65 73 75 6c 74 20 74 6f 20 74 68 65 20 63 6f 6e	and.output.the.result.to.the.con
ab4c0	73 6f 6c 65 2e 00 47 65 6e 65 72 61 74 65 20 61 20 6e 65 77 20 73 65 74 20 6f 66 20 3a 61 62 62	sole..Generate.a.new.set.of.:abb
ab4e0	72 3a 60 44 48 20 28 44 69 66 66 69 65 2d 48 65 6c 6c 6d 61 6e 29 60 20 70 61 72 61 6d 65 74 65	r:`DH.(Diffie-Hellman)`.paramete
ab500	72 73 2e 20 54 68 65 20 6b 65 79 20 73 69 7a 65 20 69 73 20 72 65 71 75 65 73 74 65 64 20 62 79	rs..The.key.size.is.requested.by
ab520	20 74 68 65 20 43 4c 49 20 61 6e 64 20 64 65 66 61 75 6c 74 73 20 74 6f 20 32 30 34 38 20 62 69	.the.CLI.and.defaults.to.2048.bi
ab540	74 2e 00 47 65 6e 65 72 61 74 65 20 74 68 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6d 6f	t..Generate.the.configuration.mo
ab560	64 65 20 63 6f 6d 6d 61 6e 64 73 20 74 6f 20 61 64 64 20 61 20 70 75 62 6c 69 63 20 6b 65 79 20	de.commands.to.add.a.public.key.
ab580	66 6f 72 20 3a 72 65 66 3a 60 73 73 68 5f 6b 65 79 5f 62 61 73 65 64 5f 61 75 74 68 65 6e 74 69	for.:ref:`ssh_key_based_authenti
ab5a0	63 61 74 69 6f 6e 60 2e 20 60 60 3c 6c 6f 63 61 74 69 6f 6e 3e 60 60 20 63 61 6e 20 62 65 20 61	cation`..``<location>``.can.be.a
ab5c0	20 6c 6f 63 61 6c 20 70 61 74 68 20 6f 72 20 61 20 55 52 4c 20 70 6f 69 6e 74 69 6e 67 20 61 74	.local.path.or.a.URL.pointing.at
ab5e0	20 61 20 72 65 6d 6f 74 65 20 66 69 6c 65 2e 00 47 65 6e 65 72 61 74 65 73 20 61 20 6b 65 79 70	.a.remote.file..Generates.a.keyp
ab600	61 69 72 2c 20 77 68 69 63 68 20 69 6e 63 6c 75 64 65 73 20 74 68 65 20 70 75 62 6c 69 63 20 61	air,.which.includes.the.public.a
ab620	6e 64 20 70 72 69 76 61 74 65 20 70 61 72 74 73 2c 20 61 6e 64 20 62 75 69 6c 64 20 61 20 63 6f	nd.private.parts,.and.build.a.co
ab640	6e 66 69 67 75 72 61 74 69 6f 6e 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 69 6e 73 74 61 6c 6c 20 74	nfiguration.command.to.install.t
ab660	68 69 73 20 6b 65 79 20 74 6f 20 60 60 69 6e 74 65 72 66 61 63 65 60 60 2e 00 47 65 6e 65 72 69	his.key.to.``interface``..Generi
ab680	63 20 52 6f 75 74 69 6e 67 20 45 6e 63 61 70 73 75 6c 61 74 69 6f 6e 20 28 47 52 45 29 00 47 65	c.Routing.Encapsulation.(GRE).Ge
ab6a0	6e 65 76 65 20 48 65 61 64 65 72 3a 00 47 65 74 20 61 20 6c 69 73 74 20 6f 66 20 61 6c 6c 20 77	neve.Header:.Get.a.list.of.all.w
ab6c0	69 72 65 67 75 61 72 64 20 69 6e 74 65 72 66 61 63 65 73 00 47 65 74 20 61 6e 20 6f 76 65 72 76	ireguard.interfaces.Get.an.overv
ab6e0	69 65 77 20 6f 76 65 72 20 74 68 65 20 65 6e 63 72 79 70 74 69 6f 6e 20 63 6f 75 6e 74 65 72 73	iew.over.the.encryption.counters
ab700	2e 00 47 65 74 20 64 65 74 61 69 6c 65 64 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74	..Get.detailed.information.about
ab720	20 4c 4c 44 50 20 6e 65 69 67 68 62 6f 72 73 2e 00 47 65 74 74 69 6e 67 20 73 74 61 72 74 65 64	.LLDP.neighbors..Getting.started
ab740	00 47 69 76 65 6e 20 74 68 65 20 66 61 63 74 20 74 68 61 74 20 6f 70 65 6e 20 44 4e 53 20 72 65	.Given.the.fact.that.open.DNS.re
ab760	63 75 72 73 6f 72 73 20 63 6f 75 6c 64 20 62 65 20 75 73 65 64 20 6f 6e 20 44 44 6f 53 20 61 6d	cursors.could.be.used.on.DDoS.am
ab780	70 6c 69 66 69 63 61 74 69 6f 6e 20 61 74 74 61 63 6b 73 2c 20 79 6f 75 20 6d 75 73 74 20 63 6f	plification.attacks,.you.must.co
ab7a0	6e 66 69 67 75 72 65 20 74 68 65 20 6e 65 74 77 6f 72 6b 73 20 77 68 69 63 68 20 61 72 65 20 61	nfigure.the.networks.which.are.a
ab7c0	6c 6c 6f 77 65 64 20 74 6f 20 75 73 65 20 74 68 69 73 20 72 65 63 75 72 73 6f 72 2e 20 41 20 6e	llowed.to.use.this.recursor..A.n
ab7e0	65 74 77 6f 72 6b 20 6f 66 20 60 60 30 2e 30 2e 30 2e 30 2f 30 60 60 20 6f 72 20 60 60 3a 3a 2f	etwork.of.``0.0.0.0/0``.or.``::/
ab800	30 60 60 20 77 6f 75 6c 64 20 61 6c 6c 6f 77 20 61 6c 6c 20 49 50 76 34 20 61 6e 64 20 49 50 76	0``.would.allow.all.IPv4.and.IPv
ab820	36 20 6e 65 74 77 6f 72 6b 73 20 74 6f 20 71 75 65 72 79 20 74 68 69 73 20 73 65 72 76 65 72 2e	6.networks.to.query.this.server.
ab840	20 54 68 69 73 20 69 73 20 67 65 6e 65 72 61 6c 6c 79 20 61 20 62 61 64 20 69 64 65 61 2e 00 47	.This.is.generally.a.bad.idea..G
ab860	69 76 65 6e 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 65 78 61 6d 70 6c 65 20 77 65 20 68 61	iven.the.following.example.we.ha
ab880	76 65 20 6f 6e 65 20 56 79 4f 53 20 72 6f 75 74 65 72 20 61 63 74 69 6e 67 20 61 73 20 4f 70 65	ve.one.VyOS.router.acting.as.Ope
ab8a0	6e 56 50 4e 20 73 65 72 76 65 72 20 61 6e 64 20 61 6e 6f 74 68 65 72 20 56 79 4f 53 20 72 6f 75	nVPN.server.and.another.VyOS.rou
ab8c0	74 65 72 20 61 63 74 69 6e 67 20 61 73 20 4f 70 65 6e 56 50 4e 20 63 6c 69 65 6e 74 2e 20 54 68	ter.acting.as.OpenVPN.client..Th
ab8e0	65 20 73 65 72 76 65 72 20 61 6c 73 6f 20 70 75 73 68 65 73 20 61 20 73 74 61 74 69 63 20 63 6c	e.server.also.pushes.a.static.cl
ab900	69 65 6e 74 20 49 50 20 61 64 64 72 65 73 73 20 74 6f 20 74 68 65 20 4f 70 65 6e 56 50 4e 20 63	ient.IP.address.to.the.OpenVPN.c
ab920	6c 69 65 6e 74 2e 20 52 65 6d 65 6d 62 65 72 2c 20 63 6c 69 65 6e 74 73 20 61 72 65 20 69 64 65	lient..Remember,.clients.are.ide
ab940	6e 74 69 66 69 65 64 20 75 73 69 6e 67 20 74 68 65 69 72 20 43 4e 20 61 74 74 72 69 62 75 74 65	ntified.using.their.CN.attribute
ab960	20 69 6e 20 74 68 65 20 53 53 4c 20 63 65 72 74 69 66 69 63 61 74 65 2e 00 47 6c 6f 61 62 61 6c	.in.the.SSL.certificate..Gloabal
ab980	00 47 6c 6f 62 61 6c 20 4f 70 74 69 6f 6e 73 00 47 6c 6f 62 61 6c 20 6f 70 74 69 6f 6e 73 00 47	.Global.Options.Global.options.G
ab9a0	6c 6f 62 61 6c 20 70 61 72 61 6d 65 74 65 72 73 00 47 6c 6f 62 61 6c 20 73 65 74 74 69 6e 67 73	lobal.parameters.Global.settings
ab9c0	00 47 72 61 63 65 66 75 6c 20 52 65 73 74 61 72 74 00 47 72 61 74 75 69 74 6f 75 73 20 41 52 50	.Graceful.Restart.Gratuitous.ARP
ab9e0	00 47 72 6f 75 70 73 00 47 72 6f 75 70 73 20 6e 65 65 64 20 74 6f 20 68 61 76 65 20 75 6e 69 71	.Groups.Groups.need.to.have.uniq
aba00	75 65 20 6e 61 6d 65 73 2e 20 45 76 65 6e 20 74 68 6f 75 67 68 20 73 6f 6d 65 20 63 6f 6e 74 61	ue.names..Even.though.some.conta
aba20	69 6e 20 49 50 76 34 20 61 64 64 72 65 73 73 65 73 20 61 6e 64 20 6f 74 68 65 72 73 20 63 6f 6e	in.IPv4.addresses.and.others.con
aba40	74 61 69 6e 20 49 50 76 36 20 61 64 64 72 65 73 73 65 73 2c 20 74 68 65 79 20 73 74 69 6c 6c 20	tain.IPv6.addresses,.they.still.
aba60	6e 65 65 64 20 74 6f 20 68 61 76 65 20 75 6e 69 71 75 65 20 6e 61 6d 65 73 2c 20 73 6f 20 79 6f	need.to.have.unique.names,.so.yo
aba80	75 20 6d 61 79 20 77 61 6e 74 20 74 6f 20 61 70 70 65 6e 64 20 22 2d 76 34 22 20 6f 72 20 22 2d	u.may.want.to.append."-v4".or."-
abaa0	76 36 22 20 74 6f 20 79 6f 75 72 20 67 72 6f 75 70 20 6e 61 6d 65 73 2e 00 48 51 27 73 20 72 6f	v6".to.your.group.names..HQ's.ro
abac0	75 74 65 72 20 72 65 71 75 69 72 65 73 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 73 74 65 70	uter.requires.the.following.step
abae0	73 20 74 6f 20 67 65 6e 65 72 61 74 65 20 63 72 79 70 74 6f 20 6d 61 74 65 72 69 61 6c 73 20 66	s.to.generate.crypto.materials.f
abb00	6f 72 20 74 68 65 20 42 72 61 6e 63 68 20 31 3a 00 48 54 20 28 48 69 67 68 20 54 68 72 6f 75 67	or.the.Branch.1:.HT.(High.Throug
abb20	68 70 75 74 29 20 63 61 70 61 62 69 6c 69 74 69 65 73 20 28 38 30 32 2e 31 31 6e 29 00 48 54 54	hput).capabilities.(802.11n).HTT
abb40	50 20 62 61 73 65 64 20 73 65 72 76 69 63 65 73 00 48 54 54 50 20 62 61 73 69 63 20 61 75 74 68	P.based.services.HTTP.basic.auth
abb60	65 6e 74 69 63 61 74 69 6f 6e 20 75 73 65 72 6e 61 6d 65 00 48 54 54 50 20 63 6c 69 65 6e 74 00	entication.username.HTTP.client.
abb80	48 54 54 50 2d 41 50 49 00 48 61 69 72 70 69 6e 20 4e 41 54 2f 4e 41 54 20 52 65 66 6c 65 63 74	HTTP-API.Hairpin.NAT/NAT.Reflect
abba0	69 6f 6e 00 48 61 6e 64 20 6f 75 74 20 70 72 65 66 69 78 65 73 20 6f 66 20 73 69 7a 65 20 60 3c	ion.Hand.out.prefixes.of.size.`<
abbc0	6c 65 6e 67 74 68 3e 60 20 74 6f 20 63 6c 69 65 6e 74 73 20 69 6e 20 73 75 62 6e 65 74 20 60 3c	length>`.to.clients.in.subnet.`<
abbe0	70 72 65 66 69 78 3e 60 20 77 68 65 6e 20 74 68 65 79 20 72 65 71 75 65 73 74 20 66 6f 72 20 70	prefix>`.when.they.request.for.p
abc00	72 65 66 69 78 20 64 65 6c 65 67 61 74 69 6f 6e 2e 00 48 61 6e 64 6c 69 6e 67 20 61 6e 64 20 6d	refix.delegation..Handling.and.m
abc20	6f 6e 69 74 6f 72 69 6e 67 00 48 61 76 69 6e 67 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 74 68	onitoring.Having.control.over.th
abc40	65 20 6d 61 74 63 68 69 6e 67 20 6f 66 20 49 4e 56 41 4c 49 44 20 73 74 61 74 65 20 74 72 61 66	e.matching.of.INVALID.state.traf
abc60	66 69 63 2c 20 65 2e 67 2e 20 74 68 65 20 61 62 69 6c 69 74 79 20 74 6f 20 73 65 6c 65 63 74 69	fic,.e.g..the.ability.to.selecti
abc80	76 65 6c 79 20 6c 6f 67 2c 20 69 73 20 61 6e 20 69 6d 70 6f 72 74 61 6e 74 20 74 72 6f 75 62 6c	vely.log,.is.an.important.troubl
abca0	65 73 68 6f 6f 74 69 6e 67 20 74 6f 6f 6c 20 66 6f 72 20 6f 62 73 65 72 76 69 6e 67 20 62 72 6f	eshooting.tool.for.observing.bro
abcc0	6b 65 6e 20 70 72 6f 74 6f 63 6f 6c 20 62 65 68 61 76 69 6f 72 2e 20 46 6f 72 20 74 68 69 73 20	ken.protocol.behavior..For.this.
abce0	72 65 61 73 6f 6e 2c 20 56 79 4f 53 20 64 6f 65 73 20 6e 6f 74 20 67 6c 6f 62 61 6c 6c 79 20 64	reason,.VyOS.does.not.globally.d
abd00	72 6f 70 20 69 6e 76 61 6c 69 64 20 73 74 61 74 65 20 74 72 61 66 66 69 63 2c 20 69 6e 73 74 65	rop.invalid.state.traffic,.inste
abd20	61 64 20 61 6c 6c 6f 77 69 6e 67 20 74 68 65 20 6f 70 65 72 61 74 6f 72 20 74 6f 20 6d 61 6b 65	ad.allowing.the.operator.to.make
abd40	20 74 68 65 20 64 65 74 65 72 6d 69 6e 61 74 69 6f 6e 20 6f 6e 20 68 6f 77 20 74 68 65 20 74 72	.the.determination.on.how.the.tr
abd60	61 66 66 69 63 20 69 73 20 68 61 6e 64 6c 65 64 2e 00 48 65 61 6c 74 68 20 63 68 65 63 6b 20 73	affic.is.handled..Health.check.s
abd80	63 72 69 70 74 73 00 48 65 61 6c 74 68 20 63 68 65 63 6b 73 00 48 65 61 6c 74 68 2d 63 68 65 63	cripts.Health.checks.Health-chec
abda0	6b 00 48 65 72 65 20 61 72 65 20 73 6f 6d 65 20 65 78 61 6d 70 6c 65 73 20 66 6f 72 20 61 70 70	k.Here.are.some.examples.for.app
abdc0	6c 79 69 6e 67 20 61 20 72 75 6c 65 2d 73 65 74 20 74 6f 20 61 6e 20 69 6e 74 65 72 66 61 63 65	lying.a.rule-set.to.an.interface
abde0	00 48 65 72 65 20 69 73 20 61 20 73 65 63 6f 6e 64 20 65 78 61 6d 70 6c 65 20 6f 66 20 61 20 64	.Here.is.a.second.example.of.a.d
abe00	75 61 6c 2d 73 74 61 63 6b 20 74 75 6e 6e 65 6c 20 6f 76 65 72 20 49 50 76 36 20 62 65 74 77 65	ual-stack.tunnel.over.IPv6.betwe
abe20	65 6e 20 61 20 56 79 4f 53 20 72 6f 75 74 65 72 20 61 6e 64 20 61 20 4c 69 6e 75 78 20 68 6f 73	en.a.VyOS.router.and.a.Linux.hos
abe40	74 20 75 73 69 6e 67 20 73 79 73 74 65 6d 64 2d 6e 65 74 77 6f 72 6b 64 2e 00 48 65 72 65 20 69	t.using.systemd-networkd..Here.i
abe60	73 20 61 6e 20 65 78 61 6d 70 6c 65 20 3a 61 62 62 72 3a 60 4e 45 54 20 28 4e 65 74 77 6f 72 6b	s.an.example.:abbr:`NET.(Network
abe80	20 45 6e 74 69 74 79 20 54 69 74 6c 65 29 60 20 76 61 6c 75 65 3a 00 48 65 72 65 20 69 73 20 61	.Entity.Title)`.value:.Here.is.a
abea0	6e 20 65 78 61 6d 70 6c 65 20 72 6f 75 74 65 2d 6d 61 70 20 74 6f 20 61 70 70 6c 79 20 74 6f 20	n.example.route-map.to.apply.to.
abec0	72 6f 75 74 65 73 20 6c 65 61 72 6e 65 64 20 61 74 20 69 6d 70 6f 72 74 2e 20 49 6e 20 74 68 69	routes.learned.at.import..In.thi
abee0	73 20 66 69 6c 74 65 72 20 77 65 20 72 65 6a 65 63 74 20 70 72 65 66 69 78 65 73 20 77 69 74 68	s.filter.we.reject.prefixes.with
abf00	20 74 68 65 20 73 74 61 74 65 20 60 69 6e 76 61 6c 69 64 60 2c 20 61 6e 64 20 73 65 74 20 61 20	.the.state.`invalid`,.and.set.a.
abf20	68 69 67 68 65 72 20 60 6c 6f 63 61 6c 2d 70 72 65 66 65 72 65 6e 63 65 60 20 69 66 20 74 68 65	higher.`local-preference`.if.the
abf40	20 70 72 65 66 69 78 20 69 73 20 52 50 4b 49 20 60 76 61 6c 69 64 60 20 72 61 74 68 65 72 20 74	.prefix.is.RPKI.`valid`.rather.t
abf60	68 61 6e 20 6d 65 72 65 6c 79 20 60 6e 6f 74 66 6f 75 6e 64 60 2e 00 48 65 72 65 20 69 73 20 74	han.merely.`notfound`..Here.is.t
abf80	68 65 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 73 20 73 68 6f 77 69 6e 67 20 74 68 65 20 4d 50	he.routing.tables.showing.the.MP
abfa0	4c 53 20 73 65 67 6d 65 6e 74 20 72 6f 75 74 69 6e 67 20 6c 61 62 65 6c 20 6f 70 65 72 61 74 69	LS.segment.routing.label.operati
abfc0	6f 6e 73 3a 00 48 65 72 65 20 77 65 20 70 72 6f 76 69 64 65 20 74 77 6f 20 65 78 61 6d 70 6c 65	ons:.Here.we.provide.two.example
abfe0	73 20 6f 6e 20 68 6f 77 20 74 6f 20 61 70 70 6c 79 20 4e 41 54 20 4c 6f 61 64 20 42 61 6c 61 6e	s.on.how.to.apply.NAT.Load.Balan
ac000	63 65 2e 00 48 65 72 65 27 73 20 61 6e 20 65 78 74 72 61 63 74 20 6f 66 20 61 20 73 69 6d 70 6c	ce..Here's.an.extract.of.a.simpl
ac020	65 20 31 2d 74 6f 2d 31 20 4e 41 54 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 77 69 74 68 20	e.1-to-1.NAT.configuration.with.
ac040	6f 6e 65 20 69 6e 74 65 72 6e 61 6c 20 61 6e 64 20 6f 6e 65 20 65 78 74 65 72 6e 61 6c 20 69 6e	one.internal.and.one.external.in
ac060	74 65 72 66 61 63 65 3a 00 48 65 72 65 27 73 20 6f 6e 65 20 65 78 61 6d 70 6c 65 20 6f 66 20 61	terface:.Here's.one.example.of.a
ac080	20 6e 65 74 77 6f 72 6b 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 20 66 6f 72 20 61 6e 20 41 53 50 2e	.network.environment.for.an.ASP.
ac0a0	20 54 68 65 20 41 53 50 20 72 65 71 75 65 73 74 73 20 74 68 61 74 20 61 6c 6c 20 63 6f 6e 6e 65	.The.ASP.requests.that.all.conne
ac0c0	63 74 69 6f 6e 73 20 66 72 6f 6d 20 74 68 69 73 20 63 6f 6d 70 61 6e 79 20 73 68 6f 75 6c 64 20	ctions.from.this.company.should.
ac0e0	63 6f 6d 65 20 66 72 6f 6d 20 31 37 32 2e 32 39 2e 34 31 2e 38 39 20 2d 20 61 6e 20 61 64 64 72	come.from.172.29.41.89.-.an.addr
ac100	65 73 73 20 74 68 61 74 20 69 73 20 61 73 73 69 67 6e 65 64 20 62 79 20 74 68 65 20 41 53 50 20	ess.that.is.assigned.by.the.ASP.
ac120	61 6e 64 20 6e 6f 74 20 69 6e 20 75 73 65 20 61 74 20 74 68 65 20 63 75 73 74 6f 6d 65 72 20 73	and.not.in.use.at.the.customer.s
ac140	69 74 65 2e 00 48 65 72 65 27 73 20 74 68 65 20 49 50 20 72 6f 75 74 65 73 20 74 68 61 74 20 61	ite..Here's.the.IP.routes.that.a
ac160	72 65 20 70 6f 70 75 6c 61 74 65 64 2e 20 4a 75 73 74 20 74 68 65 20 6c 6f 6f 70 62 61 63 6b 3a	re.populated..Just.the.loopback:
ac180	00 48 65 72 65 27 73 20 74 68 65 20 6e 65 69 67 68 62 6f 72 73 20 75 70 3a 00 48 65 72 65 27 73	.Here's.the.neighbors.up:.Here's
ac1a0	20 74 68 65 20 72 6f 75 74 65 73 3a 00 48 65 77 6c 65 74 74 2d 50 61 63 6b 61 72 64 20 63 61 6c	.the.routes:.Hewlett-Packard.cal
ac1c0	6c 20 69 74 20 53 6f 75 72 63 65 2d 50 6f 72 74 20 66 69 6c 74 65 72 69 6e 67 20 6f 72 20 70 6f	l.it.Source-Port.filtering.or.po
ac1e0	72 74 2d 69 73 6f 6c 61 74 69 6f 6e 00 48 69 67 68 00 48 69 67 68 20 61 76 61 69 6c 61 62 69 6c	rt-isolation.High.High.availabil
ac200	69 74 79 00 48 6f 6d 65 20 55 73 65 72 73 00 48 6f 70 20 63 6f 75 6e 74 20 66 69 65 6c 64 20 6f	ity.Home.Users.Hop.count.field.o
ac220	66 20 74 68 65 20 6f 75 74 67 6f 69 6e 67 20 52 41 20 70 61 63 6b 65 74 73 00 48 6f 73 74 20 49	f.the.outgoing.RA.packets.Host.I
ac240	6e 66 6f 72 6d 61 74 69 6f 6e 00 48 6f 73 74 20 6e 61 6d 65 00 48 6f 73 74 20 73 70 65 63 69 66	nformation.Host.name.Host.specif
ac260	69 63 20 6d 61 70 70 69 6e 67 20 73 68 61 6c 6c 20 62 65 20 6e 61 6d 65 64 20 60 60 63 6c 69 65	ic.mapping.shall.be.named.``clie
ac280	6e 74 31 60 60 00 48 6f 73 74 6e 61 6d 65 00 48 6f 77 20 61 6e 20 49 50 20 61 64 64 72 65 73 73	nt1``.Hostname.How.an.IP.address
ac2a0	20 69 73 20 61 73 73 69 67 6e 65 64 20 74 6f 20 61 6e 20 69 6e 74 65 72 66 61 63 65 20 69 6e 20	.is.assigned.to.an.interface.in.
ac2c0	3a 72 65 66 3a 60 65 74 68 65 72 6e 65 74 2d 69 6e 74 65 72 66 61 63 65 60 2e 20 54 68 69 73 20	:ref:`ethernet-interface`..This.
ac2e0	73 65 63 74 69 6f 6e 20 73 68 6f 77 73 20 68 6f 77 20 74 6f 20 73 74 61 74 69 63 61 6c 6c 79 20	section.shows.how.to.statically.
ac300	6d 61 70 20 61 6e 20 49 50 20 61 64 64 72 65 73 73 20 74 6f 20 61 20 68 6f 73 74 6e 61 6d 65 20	map.an.IP.address.to.a.hostname.
ac320	66 6f 72 20 6c 6f 63 61 6c 20 28 6d 65 61 6e 69 6e 67 20 6f 6e 20 74 68 69 73 20 56 79 4f 53 20	for.local.(meaning.on.this.VyOS.
ac340	69 6e 73 74 61 6e 63 65 29 20 6e 61 6d 65 20 72 65 73 6f 6c 75 74 69 6f 6e 2e 20 54 68 69 73 20	instance).name.resolution..This.
ac360	69 73 20 74 68 65 20 56 79 4f 53 20 65 71 75 69 76 61 6c 65 6e 74 20 74 6f 20 60 2f 65 74 63 2f	is.the.VyOS.equivalent.to.`/etc/
ac380	68 6f 73 74 73 60 20 66 69 6c 65 20 65 6e 74 72 69 65 73 2e 00 48 6f 77 20 74 6f 20 63 6f 6e 66	hosts`.file.entries..How.to.conf
ac3a0	69 67 75 72 65 20 45 76 65 6e 74 20 48 61 6e 64 6c 65 72 00 48 6f 77 20 74 6f 20 6d 61 6b 65 20	igure.Event.Handler.How.to.make.
ac3c0	69 74 20 77 6f 72 6b 00 48 6f 77 65 76 65 72 2c 20 6e 6f 77 20 79 6f 75 20 6e 65 65 64 20 74 6f	it.work.However,.now.you.need.to
ac3e0	20 6d 61 6b 65 20 49 50 73 65 63 20 77 6f 72 6b 20 77 69 74 68 20 64 79 6e 61 6d 69 63 20 61 64	.make.IPsec.work.with.dynamic.ad
ac400	64 72 65 73 73 20 6f 6e 20 6f 6e 65 20 73 69 64 65 2e 20 54 68 65 20 74 72 69 63 6b 79 20 70 61	dress.on.one.side..The.tricky.pa
ac420	72 74 20 69 73 20 74 68 61 74 20 70 72 65 2d 73 68 61 72 65 64 20 73 65 63 72 65 74 20 61 75 74	rt.is.that.pre-shared.secret.aut
ac440	68 65 6e 74 69 63 61 74 69 6f 6e 20 64 6f 65 73 6e 27 74 20 77 6f 72 6b 20 77 69 74 68 20 64 79	hentication.doesn't.work.with.dy
ac460	6e 61 6d 69 63 20 61 64 64 72 65 73 73 2c 20 73 6f 20 77 65 27 6c 6c 20 68 61 76 65 20 74 6f 20	namic.address,.so.we'll.have.to.
ac480	75 73 65 20 52 53 41 20 6b 65 79 73 2e 00 48 6f 77 65 76 65 72 2c 20 73 70 6c 69 74 2d 74 75 6e	use.RSA.keys..However,.split-tun
ac4a0	6e 65 6c 69 6e 67 20 63 61 6e 20 62 65 20 61 63 68 69 65 76 65 64 20 62 79 20 73 70 65 63 69 66	neling.can.be.achieved.by.specif
ac4c0	79 69 6e 67 20 74 68 65 20 72 65 6d 6f 74 65 20 73 75 62 6e 65 74 73 2e 20 54 68 69 73 20 65 6e	ying.the.remote.subnets..This.en
ac4e0	73 75 72 65 73 20 74 68 61 74 20 6f 6e 6c 79 20 74 72 61 66 66 69 63 20 64 65 73 74 69 6e 65 64	sures.that.only.traffic.destined
ac500	20 66 6f 72 20 74 68 65 20 72 65 6d 6f 74 65 20 73 69 74 65 20 69 73 20 73 65 6e 74 20 6f 76 65	.for.the.remote.site.is.sent.ove
ac520	72 20 74 68 65 20 74 75 6e 6e 65 6c 2e 20 41 6c 6c 20 6f 74 68 65 72 20 74 72 61 66 66 69 63 20	r.the.tunnel..All.other.traffic.
ac540	69 73 20 75 6e 61 66 66 65 63 74 65 64 2e 00 48 75 61 77 65 69 20 4d 45 39 30 39 73 2d 31 32 30	is.unaffected..Huawei.ME909s-120
ac560	20 6d 69 6e 69 50 43 49 65 20 63 61 72 64 20 28 4c 54 45 29 00 48 75 61 77 65 69 20 4d 45 39 30	.miniPCIe.card.(LTE).Huawei.ME90
ac580	39 75 2d 35 32 31 20 6d 69 6e 69 50 43 49 65 20 63 61 72 64 20 28 4c 54 45 29 00 48 75 62 00 49	9u-521.miniPCIe.card.(LTE).Hub.I
ac5a0	45 45 45 20 38 30 32 2e 31 58 2f 4d 41 43 73 65 63 20 70 72 65 2d 73 68 61 72 65 64 20 6b 65 79	EEE.802.1X/MACsec.pre-shared.key
ac5c0	20 6d 6f 64 65 2e 20 54 68 69 73 20 61 6c 6c 6f 77 73 20 63 6f 6e 66 69 67 75 72 69 6e 67 20 4d	.mode..This.allows.configuring.M
ac5e0	41 43 73 65 63 20 77 69 74 68 20 61 20 70 72 65 2d 73 68 61 72 65 64 20 6b 65 79 20 75 73 69 6e	ACsec.with.a.pre-shared.key.usin
ac600	67 20 61 20 3a 61 62 62 72 3a 60 43 41 4b 20 28 4d 41 43 73 65 63 20 63 6f 6e 6e 65 63 74 69 76	g.a.:abbr:`CAK.(MACsec.connectiv
ac620	69 74 79 20 61 73 73 6f 63 69 61 74 69 6f 6e 20 6b 65 79 29 60 20 61 6e 64 20 3a 61 62 62 72 3a	ity.association.key)`.and.:abbr:
ac640	60 43 4b 4e 20 28 4d 41 43 73 65 63 20 63 6f 6e 6e 65 63 74 69 76 69 74 79 20 61 73 73 6f 63 69	`CKN.(MACsec.connectivity.associ
ac660	61 74 69 6f 6e 20 6e 61 6d 65 29 60 20 70 61 69 72 2e 00 49 45 45 45 20 38 30 32 2e 31 58 2f 4d	ation.name)`.pair..IEEE.802.1X/M
ac680	41 43 73 65 63 20 72 65 70 6c 61 79 20 70 72 6f 74 65 63 74 69 6f 6e 20 77 69 6e 64 6f 77 2e 20	ACsec.replay.protection.window..
ac6a0	54 68 69 73 20 64 65 74 65 72 6d 69 6e 65 73 20 61 20 77 69 6e 64 6f 77 20 69 6e 20 77 68 69 63	This.determines.a.window.in.whic
ac6c0	68 20 72 65 70 6c 61 79 20 69 73 20 74 6f 6c 65 72 61 74 65 64 2c 20 74 6f 20 61 6c 6c 6f 77 20	h.replay.is.tolerated,.to.allow.
ac6e0	72 65 63 65 69 70 74 20 6f 66 20 66 72 61 6d 65 73 20 74 68 61 74 20 68 61 76 65 20 62 65 65 6e	receipt.of.frames.that.have.been
ac700	20 6d 69 73 6f 72 64 65 72 65 64 20 62 79 20 74 68 65 20 6e 65 74 77 6f 72 6b 2e 00 49 45 45 45	.misordered.by.the.network..IEEE
ac720	20 38 30 32 2e 31 61 64 5f 20 77 61 73 20 61 6e 20 45 74 68 65 72 6e 65 74 20 6e 65 74 77 6f 72	.802.1ad_.was.an.Ethernet.networ
ac740	6b 69 6e 67 20 73 74 61 6e 64 61 72 64 20 69 6e 66 6f 72 6d 61 6c 6c 79 20 6b 6e 6f 77 6e 20 61	king.standard.informally.known.a
ac760	73 20 51 69 6e 51 20 61 73 20 61 6e 20 61 6d 65 6e 64 6d 65 6e 74 20 74 6f 20 49 45 45 45 20 73	s.QinQ.as.an.amendment.to.IEEE.s
ac780	74 61 6e 64 61 72 64 20 38 30 32 2e 31 71 20 56 4c 41 4e 20 69 6e 74 65 72 66 61 63 65 73 20 61	tandard.802.1q.VLAN.interfaces.a
ac7a0	73 20 64 65 73 63 72 69 62 65 64 20 61 62 6f 76 65 2e 20 38 30 32 2e 31 61 64 20 77 61 73 20 69	s.described.above..802.1ad.was.i
ac7c0	6e 63 6f 72 70 6f 72 61 74 65 64 20 69 6e 74 6f 20 74 68 65 20 62 61 73 65 20 38 30 32 2e 31 71	ncorporated.into.the.base.802.1q
ac7e0	5f 20 73 74 61 6e 64 61 72 64 20 69 6e 20 32 30 31 31 2e 20 54 68 65 20 74 65 63 68 6e 69 71 75	_.standard.in.2011..The.techniqu
ac800	65 20 69 73 20 61 6c 73 6f 20 6b 6e 6f 77 6e 20 61 73 20 70 72 6f 76 69 64 65 72 20 62 72 69 64	e.is.also.known.as.provider.brid
ac820	67 69 6e 67 2c 20 53 74 61 63 6b 65 64 20 56 4c 41 4e 73 2c 20 6f 72 20 73 69 6d 70 6c 79 20 51	ging,.Stacked.VLANs,.or.simply.Q
ac840	69 6e 51 20 6f 72 20 51 2d 69 6e 2d 51 2e 20 22 51 2d 69 6e 2d 51 22 20 63 61 6e 20 66 6f 72 20	inQ.or.Q-in-Q.."Q-in-Q".can.for.
ac860	73 75 70 70 6f 72 74 65 64 20 64 65 76 69 63 65 73 20 61 70 70 6c 79 20 74 6f 20 43 2d 74 61 67	supported.devices.apply.to.C-tag
ac880	20 73 74 61 63 6b 69 6e 67 20 6f 6e 20 43 2d 74 61 67 20 28 45 74 68 65 72 6e 65 74 20 54 79 70	.stacking.on.C-tag.(Ethernet.Typ
ac8a0	65 20 3d 20 30 78 38 31 30 30 29 2e 00 49 45 45 45 20 38 30 32 2e 31 71 5f 2c 20 6f 66 74 65 6e	e.=.0x8100)..IEEE.802.1q_,.often
ac8c0	20 72 65 66 65 72 72 65 64 20 74 6f 20 61 73 20 44 6f 74 31 71 2c 20 69 73 20 74 68 65 20 6e 65	.referred.to.as.Dot1q,.is.the.ne
ac8e0	74 77 6f 72 6b 69 6e 67 20 73 74 61 6e 64 61 72 64 20 74 68 61 74 20 73 75 70 70 6f 72 74 73 20	tworking.standard.that.supports.
ac900	76 69 72 74 75 61 6c 20 4c 41 4e 73 20 28 56 4c 41 4e 73 29 20 6f 6e 20 61 6e 20 49 45 45 45 20	virtual.LANs.(VLANs).on.an.IEEE.
ac920	38 30 32 2e 33 20 45 74 68 65 72 6e 65 74 20 6e 65 74 77 6f 72 6b 2e 20 54 68 65 20 73 74 61 6e	802.3.Ethernet.network..The.stan
ac940	64 61 72 64 20 64 65 66 69 6e 65 73 20 61 20 73 79 73 74 65 6d 20 6f 66 20 56 4c 41 4e 20 74 61	dard.defines.a.system.of.VLAN.ta
ac960	67 67 69 6e 67 20 66 6f 72 20 45 74 68 65 72 6e 65 74 20 66 72 61 6d 65 73 20 61 6e 64 20 74 68	gging.for.Ethernet.frames.and.th
ac980	65 20 61 63 63 6f 6d 70 61 6e 79 69 6e 67 20 70 72 6f 63 65 64 75 72 65 73 20 74 6f 20 62 65 20	e.accompanying.procedures.to.be.
ac9a0	75 73 65 64 20 62 79 20 62 72 69 64 67 65 73 20 61 6e 64 20 73 77 69 74 63 68 65 73 20 69 6e 20	used.by.bridges.and.switches.in.
ac9c0	68 61 6e 64 6c 69 6e 67 20 73 75 63 68 20 66 72 61 6d 65 73 2e 20 54 68 65 20 73 74 61 6e 64 61	handling.such.frames..The.standa
ac9e0	72 64 20 61 6c 73 6f 20 63 6f 6e 74 61 69 6e 73 20 70 72 6f 76 69 73 69 6f 6e 73 20 66 6f 72 20	rd.also.contains.provisions.for.
aca00	61 20 71 75 61 6c 69 74 79 2d 6f 66 2d 73 65 72 76 69 63 65 20 70 72 69 6f 72 69 74 69 7a 61 74	a.quality-of-service.prioritizat
aca20	69 6f 6e 20 73 63 68 65 6d 65 20 63 6f 6d 6d 6f 6e 6c 79 20 6b 6e 6f 77 6e 20 61 73 20 49 45 45	ion.scheme.commonly.known.as.IEE
aca40	45 20 38 30 32 2e 31 70 20 61 6e 64 20 64 65 66 69 6e 65 73 20 74 68 65 20 47 65 6e 65 72 69 63	E.802.1p.and.defines.the.Generic
aca60	20 41 74 74 72 69 62 75 74 65 20 52 65 67 69 73 74 72 61 74 69 6f 6e 20 50 72 6f 74 6f 63 6f 6c	.Attribute.Registration.Protocol
aca80	2e 00 49 45 54 46 20 70 75 62 6c 69 73 68 65 64 20 3a 72 66 63 3a 60 36 35 39 38 60 2c 20 64 65	..IETF.published.:rfc:`6598`,.de
acaa0	74 61 69 6c 69 6e 67 20 61 20 73 68 61 72 65 64 20 61 64 64 72 65 73 73 20 73 70 61 63 65 20 66	tailing.a.shared.address.space.f
acac0	6f 72 20 75 73 65 20 69 6e 20 49 53 50 20 43 47 4e 20 64 65 70 6c 6f 79 6d 65 6e 74 73 20 74 68	or.use.in.ISP.CGN.deployments.th
acae0	61 74 20 63 61 6e 20 68 61 6e 64 6c 65 20 74 68 65 20 73 61 6d 65 20 6e 65 74 77 6f 72 6b 20 70	at.can.handle.the.same.network.p
acb00	72 65 66 69 78 65 73 20 6f 63 63 75 72 72 69 6e 67 20 62 6f 74 68 20 6f 6e 20 69 6e 62 6f 75 6e	refixes.occurring.both.on.inboun
acb20	64 20 61 6e 64 20 6f 75 74 62 6f 75 6e 64 20 69 6e 74 65 72 66 61 63 65 73 2e 20 41 52 49 4e 20	d.and.outbound.interfaces..ARIN.
acb40	72 65 74 75 72 6e 65 64 20 61 64 64 72 65 73 73 20 73 70 61 63 65 20 74 6f 20 74 68 65 20 3a 61	returned.address.space.to.the.:a
acb60	62 62 72 3a 60 49 41 4e 41 20 28 49 6e 74 65 72 6e 65 74 20 41 73 73 69 67 6e 65 64 20 4e 75 6d	bbr:`IANA.(Internet.Assigned.Num
acb80	62 65 72 73 20 41 75 74 68 6f 72 69 74 79 29 60 20 66 6f 72 20 74 68 69 73 20 61 6c 6c 6f 63 61	bers.Authority)`.for.this.alloca
acba0	74 69 6f 6e 2e 00 49 47 4d 50 20 50 72 6f 78 79 00 49 4b 45 20 28 49 6e 74 65 72 6e 65 74 20 4b	tion..IGMP.Proxy.IKE.(Internet.K
acbc0	65 79 20 45 78 63 68 61 6e 67 65 29 20 41 74 74 72 69 62 75 74 65 73 00 49 4b 45 20 50 68 61 73	ey.Exchange).Attributes.IKE.Phas
acbe0	65 3a 00 49 4b 45 20 70 65 72 66 6f 72 6d 73 20 6d 75 74 75 61 6c 20 61 75 74 68 65 6e 74 69 63	e:.IKE.performs.mutual.authentic
acc00	61 74 69 6f 6e 20 62 65 74 77 65 65 6e 20 74 77 6f 20 70 61 72 74 69 65 73 20 61 6e 64 20 65 73	ation.between.two.parties.and.es
acc20	74 61 62 6c 69 73 68 65 73 20 61 6e 20 49 4b 45 20 73 65 63 75 72 69 74 79 20 61 73 73 6f 63 69	tablishes.an.IKE.security.associ
acc40	61 74 69 6f 6e 20 28 53 41 29 20 74 68 61 74 20 69 6e 63 6c 75 64 65 73 20 73 68 61 72 65 64 20	ation.(SA).that.includes.shared.
acc60	73 65 63 72 65 74 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74 68 61 74 20 63 61 6e 20 62 65 20 75	secret.information.that.can.be.u
acc80	73 65 64 20 74 6f 20 65 66 66 69 63 69 65 6e 74 6c 79 20 65 73 74 61 62 6c 69 73 68 20 53 41 73	sed.to.efficiently.establish.SAs
acca0	20 66 6f 72 20 45 6e 63 61 70 73 75 6c 61 74 69 6e 67 20 53 65 63 75 72 69 74 79 20 50 61 79 6c	.for.Encapsulating.Security.Payl
accc0	6f 61 64 20 28 45 53 50 29 20 6f 72 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 48 65 61 64	oad.(ESP).or.Authentication.Head
acce0	65 72 20 28 41 48 29 20 61 6e 64 20 61 20 73 65 74 20 6f 66 20 63 72 79 70 74 6f 67 72 61 70 68	er.(AH).and.a.set.of.cryptograph
acd00	69 63 20 61 6c 67 6f 72 69 74 68 6d 73 20 74 6f 20 62 65 20 75 73 65 64 20 62 79 20 74 68 65 20	ic.algorithms.to.be.used.by.the.
acd20	53 41 73 20 74 6f 20 70 72 6f 74 65 63 74 20 74 68 65 20 74 72 61 66 66 69 63 20 74 68 61 74 20	SAs.to.protect.the.traffic.that.
acd40	74 68 65 79 20 63 61 72 72 79 2e 20 68 74 74 70 73 3a 2f 2f 64 61 74 61 74 72 61 63 6b 65 72 2e	they.carry..https://datatracker.
acd60	69 65 74 66 2e 6f 72 67 2f 64 6f 63 2f 68 74 6d 6c 2f 72 66 63 35 39 39 36 00 49 4b 45 76 31 00	ietf.org/doc/html/rfc5996.IKEv1.
acd80	49 4b 45 76 32 00 49 50 00 49 50 20 61 64 64 72 65 73 73 00 49 50 20 61 64 64 72 65 73 73 20 60	IKEv2.IP.IP.address.IP.address.`
acda0	60 31 39 32 2e 31 36 38 2e 31 2e 31 30 30 60 60 20 73 68 61 6c 6c 20 62 65 20 73 74 61 74 69 63	`192.168.1.100``.shall.be.static
acdc0	61 6c 6c 79 20 6d 61 70 70 65 64 20 74 6f 20 63 6c 69 65 6e 74 20 6e 61 6d 65 64 20 60 60 63 6c	ally.mapped.to.client.named.``cl
acde0	69 65 6e 74 31 60 60 00 49 50 20 61 64 64 72 65 73 73 20 60 60 31 39 32 2e 31 36 38 2e 32 2e 31	ient1``.IP.address.``192.168.2.1
ace00	2f 32 34 60 60 00 49 50 20 61 64 64 72 65 73 73 20 66 6f 72 20 44 48 43 50 20 73 65 72 76 65 72	/24``.IP.address.for.DHCP.server
ace20	20 69 64 65 6e 74 69 66 69 65 72 00 49 50 20 61 64 64 72 65 73 73 20 6f 66 20 4e 54 50 20 73 65	.identifier.IP.address.of.NTP.se
ace40	72 76 65 72 00 49 50 20 61 64 64 72 65 73 73 20 6f 66 20 50 4f 50 33 20 73 65 72 76 65 72 00 49	rver.IP.address.of.POP3.server.I
ace60	50 20 61 64 64 72 65 73 73 20 6f 66 20 53 4d 54 50 20 73 65 72 76 65 72 00 49 50 20 61 64 64 72	P.address.of.SMTP.server.IP.addr
ace80	65 73 73 20 6f 66 20 72 6f 75 74 65 20 74 6f 20 6d 61 74 63 68 2c 20 62 61 73 65 64 20 6f 6e 20	ess.of.route.to.match,.based.on.
acea0	61 63 63 65 73 73 2d 6c 69 73 74 2e 00 49 50 20 61 64 64 72 65 73 73 20 6f 66 20 72 6f 75 74 65	access-list..IP.address.of.route
acec0	20 74 6f 20 6d 61 74 63 68 2c 20 62 61 73 65 64 20 6f 6e 20 70 72 65 66 69 78 2d 6c 69 73 74 2e	.to.match,.based.on.prefix-list.
acee0	00 49 50 20 61 64 64 72 65 73 73 20 6f 66 20 72 6f 75 74 65 20 74 6f 20 6d 61 74 63 68 2c 20 62	.IP.address.of.route.to.match,.b
acf00	61 73 65 64 20 6f 6e 20 73 70 65 63 69 66 69 65 64 20 70 72 65 66 69 78 2d 6c 65 6e 67 74 68 2e	ased.on.specified.prefix-length.
acf20	20 4e 6f 74 65 20 74 68 61 74 20 74 68 69 73 20 63 61 6e 20 62 65 20 75 73 65 64 20 66 6f 72 20	.Note.that.this.can.be.used.for.
acf40	6b 65 72 6e 65 6c 20 72 6f 75 74 65 73 20 6f 6e 6c 79 2e 20 44 6f 20 6e 6f 74 20 61 70 70 6c 79	kernel.routes.only..Do.not.apply
acf60	20 74 6f 20 74 68 65 20 72 6f 75 74 65 73 20 6f 66 20 64 79 6e 61 6d 69 63 20 72 6f 75 74 69 6e	.to.the.routes.of.dynamic.routin
acf80	67 20 70 72 6f 74 6f 63 6f 6c 73 20 28 65 2e 67 2e 20 42 47 50 2c 20 52 49 50 2c 20 4f 53 46 50	g.protocols.(e.g..BGP,.RIP,.OSFP
acfa0	29 2c 20 61 73 20 74 68 69 73 20 63 61 6e 20 6c 65 61 64 20 74 6f 20 75 6e 65 78 70 65 63 74 65	),.as.this.can.lead.to.unexpecte
acfc0	64 20 72 65 73 75 6c 74 73 2e 2e 00 49 50 20 61 64 64 72 65 73 73 20 74 6f 20 65 78 63 6c 75 64	d.results...IP.address.to.exclud
acfe0	65 20 66 72 6f 6d 20 44 48 43 50 20 6c 65 61 73 65 20 72 61 6e 67 65 00 49 50 20 61 64 64 72 65	e.from.DHCP.lease.range.IP.addre
ad000	73 73 65 73 20 6f 72 20 6e 65 74 77 6f 72 6b 73 20 66 6f 72 20 77 68 69 63 68 20 6c 6f 63 61 6c	sses.or.networks.for.which.local
ad020	20 63 6f 6e 6e 74 72 61 63 6b 20 65 6e 74 72 69 65 73 20 77 69 6c 6c 20 6e 6f 74 20 62 65 20 73	.conntrack.entries.will.not.be.s
ad040	79 6e 63 65 64 00 49 50 20 6d 61 6e 61 67 65 6d 65 6e 74 20 61 64 64 72 65 73 73 00 49 50 20 6d	ynced.IP.management.address.IP.m
ad060	61 73 71 75 65 72 61 64 69 6e 67 20 69 73 20 61 20 74 65 63 68 6e 69 71 75 65 20 74 68 61 74 20	asquerading.is.a.technique.that.
ad080	68 69 64 65 73 20 61 6e 20 65 6e 74 69 72 65 20 49 50 20 61 64 64 72 65 73 73 20 73 70 61 63 65	hides.an.entire.IP.address.space
ad0a0	2c 20 75 73 75 61 6c 6c 79 20 63 6f 6e 73 69 73 74 69 6e 67 20 6f 66 20 70 72 69 76 61 74 65 20	,.usually.consisting.of.private.
ad0c0	49 50 20 61 64 64 72 65 73 73 65 73 2c 20 62 65 68 69 6e 64 20 61 20 73 69 6e 67 6c 65 20 49 50	IP.addresses,.behind.a.single.IP
ad0e0	20 61 64 64 72 65 73 73 20 69 6e 20 61 6e 6f 74 68 65 72 2c 20 75 73 75 61 6c 6c 79 20 70 75 62	.address.in.another,.usually.pub
ad100	6c 69 63 20 61 64 64 72 65 73 73 20 73 70 61 63 65 2e 20 54 68 65 20 68 69 64 64 65 6e 20 61 64	lic.address.space..The.hidden.ad
ad120	64 72 65 73 73 65 73 20 61 72 65 20 63 68 61 6e 67 65 64 20 69 6e 74 6f 20 61 20 73 69 6e 67 6c	dresses.are.changed.into.a.singl
ad140	65 20 28 70 75 62 6c 69 63 29 20 49 50 20 61 64 64 72 65 73 73 20 61 73 20 74 68 65 20 73 6f 75	e.(public).IP.address.as.the.sou
ad160	72 63 65 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 6f 75 74 67 6f 69 6e 67 20 49 50 20 70	rce.address.of.the.outgoing.IP.p
ad180	61 63 6b 65 74 73 20 73 6f 20 74 68 65 79 20 61 70 70 65 61 72 20 61 73 20 6f 72 69 67 69 6e 61	ackets.so.they.appear.as.origina
ad1a0	74 69 6e 67 20 6e 6f 74 20 66 72 6f 6d 20 74 68 65 20 68 69 64 64 65 6e 20 68 6f 73 74 20 62 75	ting.not.from.the.hidden.host.bu
ad1c0	74 20 66 72 6f 6d 20 74 68 65 20 72 6f 75 74 69 6e 67 20 64 65 76 69 63 65 20 69 74 73 65 6c 66	t.from.the.routing.device.itself
ad1e0	2e 20 42 65 63 61 75 73 65 20 6f 66 20 74 68 65 20 70 6f 70 75 6c 61 72 69 74 79 20 6f 66 20 74	..Because.of.the.popularity.of.t
ad200	68 69 73 20 74 65 63 68 6e 69 71 75 65 20 74 6f 20 63 6f 6e 73 65 72 76 65 20 49 50 76 34 20 61	his.technique.to.conserve.IPv4.a
ad220	64 64 72 65 73 73 20 73 70 61 63 65 2c 20 74 68 65 20 74 65 72 6d 20 4e 41 54 20 68 61 73 20 62	ddress.space,.the.term.NAT.has.b
ad240	65 63 6f 6d 65 20 76 69 72 74 75 61 6c 6c 79 20 73 79 6e 6f 6e 79 6d 6f 75 73 20 77 69 74 68 20	ecome.virtually.synonymous.with.
ad260	49 50 20 6d 61 73 71 75 65 72 61 64 69 6e 67 2e 00 49 50 20 6e 65 78 74 2d 68 6f 70 20 6f 66 20	IP.masquerading..IP.next-hop.of.
ad280	72 6f 75 74 65 20 74 6f 20 6d 61 74 63 68 2c 20 62 61 73 65 64 20 6f 6e 20 61 63 63 65 73 73 2d	route.to.match,.based.on.access-
ad2a0	6c 69 73 74 2e 00 49 50 20 6e 65 78 74 2d 68 6f 70 20 6f 66 20 72 6f 75 74 65 20 74 6f 20 6d 61	list..IP.next-hop.of.route.to.ma
ad2c0	74 63 68 2c 20 62 61 73 65 64 20 6f 6e 20 69 70 20 61 64 64 72 65 73 73 2e 00 49 50 20 6e 65 78	tch,.based.on.ip.address..IP.nex
ad2e0	74 2d 68 6f 70 20 6f 66 20 72 6f 75 74 65 20 74 6f 20 6d 61 74 63 68 2c 20 62 61 73 65 64 20 6f	t-hop.of.route.to.match,.based.o
ad300	6e 20 70 72 65 66 69 78 20 6c 65 6e 67 74 68 2e 00 49 50 20 6e 65 78 74 2d 68 6f 70 20 6f 66 20	n.prefix.length..IP.next-hop.of.
ad320	72 6f 75 74 65 20 74 6f 20 6d 61 74 63 68 2c 20 62 61 73 65 64 20 6f 6e 20 70 72 65 66 69 78 2d	route.to.match,.based.on.prefix-
ad340	6c 69 73 74 2e 00 49 50 20 6e 65 78 74 2d 68 6f 70 20 6f 66 20 72 6f 75 74 65 20 74 6f 20 6d 61	list..IP.next-hop.of.route.to.ma
ad360	74 63 68 2c 20 62 61 73 65 64 20 6f 6e 20 74 79 70 65 2e 00 49 50 20 70 72 65 63 65 64 65 6e 63	tch,.based.on.type..IP.precedenc
ad380	65 20 61 73 20 64 65 66 69 6e 65 64 20 69 6e 20 3a 72 66 63 3a 60 37 39 31 60 3a 00 49 50 20 70	e.as.defined.in.:rfc:`791`:.IP.p
ad3a0	72 6f 74 6f 63 6f 6c 20 6e 75 6d 62 65 72 20 35 30 20 28 45 53 50 29 00 49 50 20 72 6f 75 74 65	rotocol.number.50.(ESP).IP.route
ad3c0	20 73 6f 75 72 63 65 20 6f 66 20 72 6f 75 74 65 20 74 6f 20 6d 61 74 63 68 2c 20 62 61 73 65 64	.source.of.route.to.match,.based
ad3e0	20 6f 6e 20 61 63 63 65 73 73 2d 6c 69 73 74 2e 00 49 50 20 72 6f 75 74 65 20 73 6f 75 72 63 65	.on.access-list..IP.route.source
ad400	20 6f 66 20 72 6f 75 74 65 20 74 6f 20 6d 61 74 63 68 2c 20 62 61 73 65 64 20 6f 6e 20 70 72 65	.of.route.to.match,.based.on.pre
ad420	66 69 78 2d 6c 69 73 74 2e 00 49 50 36 49 50 36 00 49 50 49 50 00 49 50 49 50 36 00 49 50 53 65	fix-list..IP6IP6.IPIP.IPIP6.IPSe
ad440	63 20 49 4b 45 20 61 6e 64 20 45 53 50 00 49 50 53 65 63 20 49 4b 45 20 61 6e 64 20 45 53 50 20	c.IKE.and.ESP.IPSec.IKE.and.ESP.
ad460	47 72 6f 75 70 73 3b 00 49 50 53 65 63 20 49 4b 45 76 32 20 73 69 74 65 32 73 69 74 65 20 56 50	Groups;.IPSec.IKEv2.site2site.VP
ad480	4e 00 49 50 53 65 63 20 49 4b 45 76 32 20 73 69 74 65 32 73 69 74 65 20 56 50 4e 20 28 73 6f 75	N.IPSec.IKEv2.site2site.VPN.(sou
ad4a0	72 63 65 20 2e 2f 64 72 61 77 2e 69 6f 2f 76 70 6e 5f 73 32 73 5f 69 6b 65 76 32 2e 64 72 61 77	rce../draw.io/vpn_s2s_ikev2.draw
ad4c0	69 6f 29 00 49 50 53 65 63 20 56 50 4e 20 54 75 6e 6e 65 6c 73 00 49 50 53 65 63 20 56 50 4e 20	io).IPSec.VPN.Tunnels.IPSec.VPN.
ad4e0	74 75 6e 6e 65 6c 73 2e 00 49 50 53 65 63 3a 00 49 50 6f 45 20 53 65 72 76 65 72 00 49 50 6f 45	tunnels..IPSec:.IPoE.Server.IPoE
ad500	20 63 61 6e 20 62 65 20 63 6f 6e 66 69 67 75 72 65 20 6f 6e 20 64 69 66 66 65 72 65 6e 74 20 69	.can.be.configure.on.different.i
ad520	6e 74 65 72 66 61 63 65 73 2c 20 69 74 20 77 69 6c 6c 20 64 65 70 65 6e 64 20 6f 6e 20 65 61 63	nterfaces,.it.will.depend.on.eac
ad540	68 20 73 70 65 63 69 66 69 63 20 73 69 74 75 61 74 69 6f 6e 20 77 68 69 63 68 20 69 6e 74 65 72	h.specific.situation.which.inter
ad560	66 61 63 65 20 77 69 6c 6c 20 70 72 6f 76 69 64 65 20 49 50 6f 45 20 74 6f 20 63 6c 69 65 6e 74	face.will.provide.IPoE.to.client
ad580	73 2e 20 54 68 65 20 63 6c 69 65 6e 74 73 20 6d 61 63 20 61 64 64 72 65 73 73 20 61 6e 64 20 74	s..The.clients.mac.address.and.t
ad5a0	68 65 20 69 6e 63 6f 6d 69 6e 67 20 69 6e 74 65 72 66 61 63 65 20 69 73 20 62 65 69 6e 67 20 75	he.incoming.interface.is.being.u
ad5c0	73 65 64 20 61 73 20 63 6f 6e 74 72 6f 6c 20 70 61 72 61 6d 65 74 65 72 2c 20 74 6f 20 61 75 74	sed.as.control.parameter,.to.aut
ad5e0	68 65 6e 74 69 63 61 74 65 20 61 20 63 6c 69 65 6e 74 2e 00 49 50 6f 45 20 69 73 20 61 20 6d 65	henticate.a.client..IPoE.is.a.me
ad600	74 68 6f 64 20 6f 66 20 64 65 6c 69 76 65 72 69 6e 67 20 61 6e 20 49 50 20 70 61 79 6c 6f 61 64	thod.of.delivering.an.IP.payload
ad620	20 6f 76 65 72 20 61 6e 20 45 74 68 65 72 6e 65 74 2d 62 61 73 65 64 20 61 63 63 65 73 73 20 6e	.over.an.Ethernet-based.access.n
ad640	65 74 77 6f 72 6b 20 6f 72 20 61 6e 20 61 63 63 65 73 73 20 6e 65 74 77 6f 72 6b 20 75 73 69 6e	etwork.or.an.access.network.usin
ad660	67 20 62 72 69 64 67 65 64 20 45 74 68 65 72 6e 65 74 20 6f 76 65 72 20 41 73 79 6e 63 68 72 6f	g.bridged.Ethernet.over.Asynchro
ad680	6e 6f 75 73 20 54 72 61 6e 73 66 65 72 20 4d 6f 64 65 20 28 41 54 4d 29 20 77 69 74 68 6f 75 74	nous.Transfer.Mode.(ATM).without
ad6a0	20 75 73 69 6e 67 20 50 50 50 6f 45 2e 20 49 74 20 64 69 72 65 63 74 6c 79 20 65 6e 63 61 70 73	.using.PPPoE..It.directly.encaps
ad6c0	75 6c 61 74 65 73 20 74 68 65 20 49 50 20 64 61 74 61 67 72 61 6d 73 20 69 6e 20 45 74 68 65 72	ulates.the.IP.datagrams.in.Ether
ad6e0	6e 65 74 20 66 72 61 6d 65 73 2c 20 75 73 69 6e 67 20 74 68 65 20 73 74 61 6e 64 61 72 64 20 3a	net.frames,.using.the.standard.:
ad700	72 66 63 3a 60 38 39 34 60 20 65 6e 63 61 70 73 75 6c 61 74 69 6f 6e 2e 00 49 50 6f 45 20 73 65	rfc:`894`.encapsulation..IPoE.se
ad720	72 76 65 72 20 77 69 6c 6c 20 6c 69 73 74 65 6e 20 6f 6e 20 69 6e 74 65 72 66 61 63 65 73 20 65	rver.will.listen.on.interfaces.e
ad740	74 68 31 2e 35 30 20 61 6e 64 20 65 74 68 31 2e 35 31 00 49 50 73 65 63 00 49 50 73 65 63 20 70	th1.50.and.eth1.51.IPsec.IPsec.p
ad760	6f 6c 69 63 79 20 6d 61 74 63 68 69 6e 67 20 47 52 45 00 49 50 76 34 00 49 50 76 34 20 61 64 64	olicy.matching.GRE.IPv4.IPv4.add
ad780	72 65 73 73 20 6f 66 20 6e 65 78 74 20 62 6f 6f 74 73 74 72 61 70 20 73 65 72 76 65 72 00 49 50	ress.of.next.bootstrap.server.IP
ad7a0	76 34 20 61 64 64 72 65 73 73 20 6f 66 20 72 6f 75 74 65 72 20 6f 6e 20 74 68 65 20 63 6c 69 65	v4.address.of.router.on.the.clie
ad7c0	6e 74 27 73 20 73 75 62 6e 65 74 00 49 50 76 34 20 6f 72 20 49 50 76 36 20 73 6f 75 72 63 65 20	nt's.subnet.IPv4.or.IPv6.source.
ad7e0	61 64 64 72 65 73 73 20 6f 66 20 4e 65 74 46 6c 6f 77 20 70 61 63 6b 65 74 73 00 49 50 76 34 20	address.of.NetFlow.packets.IPv4.
ad800	70 65 65 72 69 6e 67 00 49 50 76 34 20 72 65 6c 61 79 00 49 50 76 34 20 72 6f 75 74 65 20 61 6e	peering.IPv4.relay.IPv4.route.an
ad820	64 20 49 50 76 36 20 72 6f 75 74 65 20 70 6f 6c 69 63 69 65 73 20 61 72 65 20 64 65 66 69 6e 65	d.IPv6.route.policies.are.define
ad840	64 20 69 6e 20 74 68 69 73 20 73 65 63 74 69 6f 6e 2e 20 54 68 65 73 65 20 72 6f 75 74 65 20 70	d.in.this.section..These.route.p
ad860	6f 6c 69 63 69 65 73 20 63 61 6e 20 74 68 65 6e 20 62 65 20 61 73 73 6f 63 69 61 74 65 64 20 74	olicies.can.then.be.associated.t
ad880	6f 20 69 6e 74 65 72 66 61 63 65 73 2e 00 49 50 76 34 20 72 6f 75 74 65 20 73 6f 75 72 63 65 3a	o.interfaces..IPv4.route.source:
ad8a0	20 62 67 70 2c 20 63 6f 6e 6e 65 63 74 65 64 2c 20 65 69 67 72 70 2c 20 69 73 69 73 2c 20 6b 65	.bgp,.connected,.eigrp,.isis,.ke
ad8c0	72 6e 65 6c 2c 20 6e 68 72 70 2c 20 6f 73 70 66 2c 20 72 69 70 2c 20 73 74 61 74 69 63 2e 00 49	rnel,.nhrp,.ospf,.rip,.static..I
ad8e0	50 76 34 20 73 65 72 76 65 72 00 49 50 76 34 2f 49 50 76 36 20 72 65 6d 6f 74 65 20 61 64 64 72	Pv4.server.IPv4/IPv6.remote.addr
ad900	65 73 73 20 6f 66 20 74 68 65 20 56 58 4c 41 4e 20 74 75 6e 6e 65 6c 2e 20 41 6c 74 65 72 6e 61	ess.of.the.VXLAN.tunnel..Alterna
ad920	74 69 76 65 20 74 6f 20 6d 75 6c 74 69 63 61 73 74 2c 20 74 68 65 20 72 65 6d 6f 74 65 20 49 50	tive.to.multicast,.the.remote.IP
ad940	76 34 2f 49 50 76 36 20 61 64 64 72 65 73 73 20 63 61 6e 20 73 65 74 20 64 69 72 65 63 74 6c 79	v4/IPv6.address.can.set.directly
ad960	2e 00 49 50 76 36 00 49 50 76 36 20 41 63 63 65 73 73 20 4c 69 73 74 00 49 50 76 36 20 44 48 43	..IPv6.IPv6.Access.List.IPv6.DHC
ad980	50 76 36 2d 50 44 20 45 78 61 6d 70 6c 65 00 49 50 76 36 20 44 4e 53 20 61 64 64 72 65 73 73 65	Pv6-PD.Example.IPv6.DNS.addresse
ad9a0	73 20 61 72 65 20 6f 70 74 69 6f 6e 61 6c 2e 00 49 50 76 36 20 4d 75 6c 74 69 63 61 73 74 00 49	s.are.optional..IPv6.Multicast.I
ad9c0	50 76 36 20 50 72 65 66 69 78 20 44 65 6c 65 67 61 74 69 6f 6e 00 49 50 76 36 20 50 72 65 66 69	Pv6.Prefix.Delegation.IPv6.Prefi
ad9e0	78 20 4c 69 73 74 73 00 49 50 76 36 20 53 4c 41 41 43 20 61 6e 64 20 49 41 2d 50 44 00 49 50 76	x.Lists.IPv6.SLAAC.and.IA-PD.IPv
ada00	36 20 54 43 50 20 66 69 6c 74 65 72 73 20 77 69 6c 6c 20 6f 6e 6c 79 20 6d 61 74 63 68 20 49 50	6.TCP.filters.will.only.match.IP
ada20	76 36 20 70 61 63 6b 65 74 73 20 77 69 74 68 20 6e 6f 20 68 65 61 64 65 72 20 65 78 74 65 6e 73	v6.packets.with.no.header.extens
ada40	69 6f 6e 2c 20 73 65 65 20 68 74 74 70 73 3a 2f 2f 65 6e 2e 77 69 6b 69 70 65 64 69 61 2e 6f 72	ion,.see.https://en.wikipedia.or
ada60	67 2f 77 69 6b 69 2f 49 50 76 36 5f 70 61 63 6b 65 74 23 45 78 74 65 6e 73 69 6f 6e 5f 68 65 61	g/wiki/IPv6_packet#Extension_hea
ada80	64 65 72 73 00 49 50 76 36 20 61 64 64 72 65 73 73 20 60 60 32 30 30 31 3a 64 62 38 3a 3a 31 30	ders.IPv6.address.``2001:db8::10
adaa0	31 60 60 20 73 68 61 6c 6c 20 62 65 20 73 74 61 74 69 63 61 6c 6c 79 20 6d 61 70 70 65 64 00 49	1``.shall.be.statically.mapped.I
adac0	50 76 36 20 61 64 64 72 65 73 73 20 6f 66 20 72 6f 75 74 65 20 74 6f 20 6d 61 74 63 68 2c 20 62	Pv6.address.of.route.to.match,.b
adae0	61 73 65 64 20 6f 6e 20 49 50 76 36 20 61 63 63 65 73 73 2d 6c 69 73 74 2e 00 49 50 76 36 20 61	ased.on.IPv6.access-list..IPv6.a
adb00	64 64 72 65 73 73 20 6f 66 20 72 6f 75 74 65 20 74 6f 20 6d 61 74 63 68 2c 20 62 61 73 65 64 20	ddress.of.route.to.match,.based.
adb20	6f 6e 20 49 50 76 36 20 70 72 65 66 69 78 2d 6c 69 73 74 2e 00 49 50 76 36 20 61 64 64 72 65 73	on.IPv6.prefix-list..IPv6.addres
adb40	73 20 6f 66 20 72 6f 75 74 65 20 74 6f 20 6d 61 74 63 68 2c 20 62 61 73 65 64 20 6f 6e 20 73 70	s.of.route.to.match,.based.on.sp
adb60	65 63 69 66 69 65 64 20 70 72 65 66 69 78 2d 6c 65 6e 67 74 68 2e 20 4e 6f 74 65 20 74 68 61 74	ecified.prefix-length..Note.that
adb80	20 74 68 69 73 20 63 61 6e 20 62 65 20 75 73 65 64 20 66 6f 72 20 6b 65 72 6e 65 6c 20 72 6f 75	.this.can.be.used.for.kernel.rou
adba0	74 65 73 20 6f 6e 6c 79 2e 20 44 6f 20 6e 6f 74 20 61 70 70 6c 79 20 74 6f 20 74 68 65 20 72 6f	tes.only..Do.not.apply.to.the.ro
adbc0	75 74 65 73 20 6f 66 20 64 79 6e 61 6d 69 63 20 72 6f 75 74 69 6e 67 20 70 72 6f 74 6f 63 6f 6c	utes.of.dynamic.routing.protocol
adbe0	73 20 28 65 2e 67 2e 20 42 47 50 2c 20 52 49 50 2c 20 4f 53 46 50 29 2c 20 61 73 20 74 68 69 73	s.(e.g..BGP,.RIP,.OSFP),.as.this
adc00	20 63 61 6e 20 6c 65 61 64 20 74 6f 20 75 6e 65 78 70 65 63 74 65 64 20 72 65 73 75 6c 74 73 2e	.can.lead.to.unexpected.results.
adc20	2e 00 49 50 76 36 20 63 6c 69 65 6e 74 27 73 20 70 72 65 66 69 78 20 61 73 73 69 67 6e 6d 65 6e	..IPv6.client's.prefix.assignmen
adc40	74 00 49 50 76 36 20 70 65 65 72 69 6e 67 00 49 50 76 36 20 70 72 65 66 69 78 20 60 60 32 30 30	t.IPv6.peering.IPv6.prefix.``200
adc60	31 3a 64 62 38 3a 30 3a 31 30 31 3a 3a 2f 36 34 60 60 20 73 68 61 6c 6c 20 62 65 20 73 74 61 74	1:db8:0:101::/64``.shall.be.stat
adc80	69 63 61 6c 6c 79 20 6d 61 70 70 65 64 00 49 50 76 36 20 70 72 65 66 69 78 2e 00 49 50 76 36 20	ically.mapped.IPv6.prefix..IPv6.
adca0	72 65 6c 61 79 00 49 50 76 36 20 72 6f 75 74 65 20 73 6f 75 72 63 65 3a 20 62 67 70 2c 20 63 6f	relay.IPv6.route.source:.bgp,.co
adcc0	6e 6e 65 63 74 65 64 2c 20 65 69 67 72 70 2c 20 69 73 69 73 2c 20 6b 65 72 6e 65 6c 2c 20 6e 68	nnected,.eigrp,.isis,.kernel,.nh
adce0	72 70 2c 20 6f 73 70 66 76 33 2c 20 72 69 70 6e 67 2c 20 73 74 61 74 69 63 2e 00 49 50 76 36 20	rp,.ospfv3,.ripng,.static..IPv6.
add00	73 65 72 76 65 72 00 49 50 76 36 20 73 75 70 70 6f 72 74 00 49 53 2d 49 53 00 49 53 2d 49 53 20	server.IPv6.support.IS-IS.IS-IS.
add20	47 6c 6f 62 61 6c 20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 00 49 53 2d 49 53 20 53 52 20 43 6f	Global.Configuration.IS-IS.SR.Co
add40	6e 66 69 67 75 72 61 74 69 6f 6e 00 49 53 43 2d 44 48 43 50 20 4f 70 74 69 6f 6e 20 6e 61 6d 65	nfiguration.ISC-DHCP.Option.name
add60	00 49 64 65 6e 74 69 74 79 20 42 61 73 65 64 20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 00 49 66	.Identity.Based.Configuration.If
add80	20 2a 2a 6d 61 78 2d 74 68 72 65 73 68 6f 6c 64 2a 2a 20 69 73 20 73 65 74 20 62 75 74 20 2a 2a	.**max-threshold**.is.set.but.**
adda0	6d 69 6e 2d 74 68 72 65 73 68 6f 6c 64 20 69 73 20 6e 6f 74 2c 20 74 68 65 6e 20 2a 2a 6d 69 6e	min-threshold.is.not,.then.**min
addc0	2d 74 68 72 65 73 68 6f 6c 64 2a 2a 20 69 73 20 73 63 61 6c 65 64 20 74 6f 20 35 30 25 20 6f 66	-threshold**.is.scaled.to.50%.of
adde0	20 2a 2a 6d 61 78 2d 74 68 72 65 73 68 6f 6c 64 2a 2a 2e 00 49 66 20 3a 63 66 67 63 6d 64 3a 60	.**max-threshold**..If.:cfgcmd:`
ade00	73 74 72 69 63 74 60 20 69 73 20 73 65 74 20 74 68 65 20 42 47 50 20 73 65 73 73 69 6f 6e 20 77	strict`.is.set.the.BGP.session.w
ade20	6f 6e e2 80 99 74 20 62 65 63 6f 6d 65 20 65 73 74 61 62 6c 69 73 68 65 64 20 75 6e 74 69 6c 20	on...t.become.established.until.
ade40	74 68 65 20 42 47 50 20 6e 65 69 67 68 62 6f 72 20 73 65 74 73 20 6c 6f 63 61 6c 20 52 6f 6c 65	the.BGP.neighbor.sets.local.Role
ade60	20 6f 6e 20 69 74 73 20 73 69 64 65 2e 20 54 68 69 73 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e	.on.its.side..This.configuration
ade80	20 70 61 72 61 6d 65 74 65 72 20 69 73 20 64 65 66 69 6e 65 64 20 69 6e 20 52 46 43 20 3a 72 66	.parameter.is.defined.in.RFC.:rf
adea0	63 3a 60 39 32 33 34 60 20 61 6e 64 20 69 73 20 75 73 65 64 20 74 6f 20 65 6e 66 6f 72 63 65 20	c:`9234`.and.is.used.to.enforce.
adec0	74 68 65 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20	the.corresponding.configuration.
adee0	61 74 20 79 6f 75 72 20 63 6f 75 6e 74 65 72 2d 70 61 72 74 73 20 73 69 64 65 2e 00 49 66 20 41	at.your.counter-parts.side..If.A
adf00	52 50 20 6d 6f 6e 69 74 6f 72 69 6e 67 20 69 73 20 75 73 65 64 20 69 6e 20 61 6e 20 65 74 68 65	RP.monitoring.is.used.in.an.ethe
adf20	72 63 68 61 6e 6e 65 6c 20 63 6f 6d 70 61 74 69 62 6c 65 20 6d 6f 64 65 20 28 6d 6f 64 65 73 20	rchannel.compatible.mode.(modes.
adf40	72 6f 75 6e 64 2d 72 6f 62 69 6e 20 61 6e 64 20 78 6f 72 2d 68 61 73 68 29 2c 20 74 68 65 20 73	round-robin.and.xor-hash),.the.s
adf60	77 69 74 63 68 20 73 68 6f 75 6c 64 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 69 6e 20 61 20	witch.should.be.configured.in.a.
adf80	6d 6f 64 65 20 74 68 61 74 20 65 76 65 6e 6c 79 20 64 69 73 74 72 69 62 75 74 65 73 20 70 61 63	mode.that.evenly.distributes.pac
adfa0	6b 65 74 73 20 61 63 72 6f 73 73 20 61 6c 6c 20 6c 69 6e 6b 73 2e 20 49 66 20 74 68 65 20 73 77	kets.across.all.links..If.the.sw
adfc0	69 74 63 68 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 74 6f 20 64 69 73 74 72 69 62 75 74 65	itch.is.configured.to.distribute
adfe0	20 74 68 65 20 70 61 63 6b 65 74 73 20 69 6e 20 61 6e 20 58 4f 52 20 66 61 73 68 69 6f 6e 2c 20	.the.packets.in.an.XOR.fashion,.
ae000	61 6c 6c 20 72 65 70 6c 69 65 73 20 66 72 6f 6d 20 74 68 65 20 41 52 50 20 74 61 72 67 65 74 73	all.replies.from.the.ARP.targets
ae020	20 77 69 6c 6c 20 62 65 20 72 65 63 65 69 76 65 64 20 6f 6e 20 74 68 65 20 73 61 6d 65 20 6c 69	.will.be.received.on.the.same.li
ae040	6e 6b 20 77 68 69 63 68 20 63 6f 75 6c 64 20 63 61 75 73 65 20 74 68 65 20 6f 74 68 65 72 20 74	nk.which.could.cause.the.other.t
ae060	65 61 6d 20 6d 65 6d 62 65 72 73 20 74 6f 20 66 61 69 6c 2e 00 49 66 20 43 41 20 69 73 20 70 72	eam.members.to.fail..If.CA.is.pr
ae080	65 73 65 6e 74 2c 20 74 68 69 73 20 63 65 72 74 69 66 69 63 61 74 65 20 77 69 6c 6c 20 62 65 20	esent,.this.certificate.will.be.
ae0a0	69 6e 63 6c 75 64 65 64 20 69 6e 20 67 65 6e 65 72 61 74 65 64 20 43 52 4c 73 00 49 66 20 43 4c	included.in.generated.CRLs.If.CL
ae0c0	49 20 6f 70 74 69 6f 6e 20 69 73 20 6e 6f 74 20 73 70 65 63 69 66 69 65 64 2c 20 74 68 69 73 20	I.option.is.not.specified,.this.
ae0e0	66 65 61 74 75 72 65 20 69 73 20 64 69 73 61 62 6c 65 64 2e 00 49 66 20 60 60 61 6c 69 61 73 60	feature.is.disabled..If.``alias`
ae100	60 20 69 73 20 73 65 74 2c 20 69 74 20 63 61 6e 20 62 65 20 75 73 65 64 20 69 6e 73 74 65 61 64	`.is.set,.it.can.be.used.instead
ae120	20 6f 66 20 74 68 65 20 64 65 76 69 63 65 20 77 68 65 6e 20 63 6f 6e 6e 65 63 74 69 6e 67 2e 00	.of.the.device.when.connecting..
ae140	49 66 20 61 20 6c 6f 63 61 6c 20 66 69 72 65 77 61 6c 6c 20 70 6f 6c 69 63 79 20 69 73 20 69 6e	If.a.local.firewall.policy.is.in
ae160	20 70 6c 61 63 65 20 6f 6e 20 79 6f 75 72 20 65 78 74 65 72 6e 61 6c 20 69 6e 74 65 72 66 61 63	.place.on.your.external.interfac
ae180	65 20 79 6f 75 20 77 69 6c 6c 20 6e 65 65 64 20 74 6f 20 61 6c 6c 6f 77 20 74 68 65 20 70 6f 72	e.you.will.need.to.allow.the.por
ae1a0	74 73 20 62 65 6c 6f 77 3a 00 49 66 20 61 20 72 65 67 69 73 74 72 79 20 69 73 20 6e 6f 74 20 73	ts.below:.If.a.registry.is.not.s
ae1c0	70 65 63 69 66 69 65 64 2c 20 44 6f 63 6b 65 72 2e 69 6f 20 77 69 6c 6c 20 62 65 20 75 73 65 64	pecified,.Docker.io.will.be.used
ae1e0	20 61 73 20 74 68 65 20 63 6f 6e 74 61 69 6e 65 72 20 72 65 67 69 73 74 72 79 20 75 6e 6c 65 73	.as.the.container.registry.unles
ae200	73 20 61 6e 20 61 6c 74 65 72 6e 61 74 69 76 65 20 72 65 67 69 73 74 72 79 20 69 73 20 73 70 65	s.an.alternative.registry.is.spe
ae220	63 69 66 69 65 64 20 75 73 69 6e 67 20 2a 2a 73 65 74 20 63 6f 6e 74 61 69 6e 65 72 20 72 65 67	cified.using.**set.container.reg
ae240	69 73 74 72 79 20 3c 6e 61 6d 65 3e 2a 2a 20 6f 72 20 74 68 65 20 72 65 67 69 73 74 72 79 20 69	istry.<name>**.or.the.registry.i
ae260	73 20 69 6e 63 6c 75 64 65 64 20 69 6e 20 74 68 65 20 69 6d 61 67 65 20 6e 61 6d 65 00 49 66 20	s.included.in.the.image.name.If.
ae280	61 20 72 65 73 70 6f 6e 73 65 20 69 73 20 68 65 61 72 64 2c 20 74 68 65 20 6c 65 61 73 65 20 69	a.response.is.heard,.the.lease.i
ae2a0	73 20 61 62 61 6e 64 6f 6e 65 64 2c 20 61 6e 64 20 74 68 65 20 73 65 72 76 65 72 20 64 6f 65 73	s.abandoned,.and.the.server.does
ae2c0	20 6e 6f 74 20 72 65 73 70 6f 6e 64 20 74 6f 20 74 68 65 20 63 6c 69 65 6e 74 2e 20 54 68 65 20	.not.respond.to.the.client..The.
ae2e0	6c 65 61 73 65 20 77 69 6c 6c 20 72 65 6d 61 69 6e 20 61 62 61 6e 64 6f 6e 65 64 20 66 6f 72 20	lease.will.remain.abandoned.for.
ae300	61 20 6d 69 6e 69 6d 75 6d 20 6f 66 20 61 62 61 6e 64 6f 6e 2d 6c 65 61 73 65 2d 74 69 6d 65 20	a.minimum.of.abandon-lease-time.
ae320	73 65 63 6f 6e 64 73 20 28 64 65 66 61 75 6c 74 73 20 74 6f 20 32 34 20 68 6f 75 72 73 29 2e 00	seconds.(defaults.to.24.hours)..
ae340	49 66 20 61 20 72 6f 75 74 65 20 68 61 73 20 61 6e 20 4f 52 49 47 49 4e 41 54 4f 52 5f 49 44 20	If.a.route.has.an.ORIGINATOR_ID.
ae360	61 74 74 72 69 62 75 74 65 20 62 65 63 61 75 73 65 20 69 74 20 68 61 73 20 62 65 65 6e 20 72 65	attribute.because.it.has.been.re
ae380	66 6c 65 63 74 65 64 2c 20 74 68 61 74 20 4f 52 49 47 49 4e 41 54 4f 52 5f 49 44 20 77 69 6c 6c	flected,.that.ORIGINATOR_ID.will
ae3a0	20 62 65 20 75 73 65 64 2e 20 4f 74 68 65 72 77 69 73 65 2c 20 74 68 65 20 72 6f 75 74 65 72 2d	.be.used..Otherwise,.the.router-
ae3c0	49 44 20 6f 66 20 74 68 65 20 70 65 65 72 20 74 68 65 20 72 6f 75 74 65 20 77 61 73 20 72 65 63	ID.of.the.peer.the.route.was.rec
ae3e0	65 69 76 65 64 20 66 72 6f 6d 20 77 69 6c 6c 20 62 65 20 75 73 65 64 2e 00 49 66 20 61 20 72 75	eived.from.will.be.used..If.a.ru
ae400	6c 65 20 69 73 20 64 65 66 69 6e 65 64 2c 20 74 68 65 6e 20 61 6e 20 61 63 74 69 6f 6e 20 6d 75	le.is.defined,.then.an.action.mu
ae420	73 74 20 62 65 20 64 65 66 69 6e 65 64 20 66 6f 72 20 69 74 2e 20 54 68 69 73 20 74 65 6c 6c 73	st.be.defined.for.it..This.tells
ae440	20 74 68 65 20 66 69 72 65 77 61 6c 6c 20 77 68 61 74 20 74 6f 20 64 6f 20 69 66 20 61 6c 6c 20	.the.firewall.what.to.do.if.all.
ae460	63 72 69 74 65 72 69 61 20 6d 61 74 63 68 65 72 73 20 64 65 66 69 6e 65 64 20 66 6f 72 20 73 75	criteria.matchers.defined.for.su
ae480	63 68 20 72 75 6c 65 20 64 6f 20 6d 61 74 63 68 2e 00 49 66 20 61 20 74 68 65 72 65 20 61 72 65	ch.rule.do.match..If.a.there.are
ae4a0	20 6e 6f 20 66 72 65 65 20 61 64 64 72 65 73 73 65 73 20 62 75 74 20 74 68 65 72 65 20 61 72 65	.no.free.addresses.but.there.are
ae4c0	20 61 62 61 6e 64 6f 6e 65 64 20 49 50 20 61 64 64 72 65 73 73 65 73 2c 20 74 68 65 20 44 48 43	.abandoned.IP.addresses,.the.DHC
ae4e0	50 20 73 65 72 76 65 72 20 77 69 6c 6c 20 61 74 74 65 6d 70 74 20 74 6f 20 72 65 63 6c 61 69 6d	P.server.will.attempt.to.reclaim
ae500	20 61 6e 20 61 62 61 6e 64 6f 6e 65 64 20 49 50 20 61 64 64 72 65 73 73 20 72 65 67 61 72 64 6c	.an.abandoned.IP.address.regardl
ae520	65 73 73 20 6f 66 20 74 68 65 20 76 61 6c 75 65 20 6f 66 20 61 62 61 6e 64 6f 6e 2d 6c 65 61 73	ess.of.the.value.of.abandon-leas
ae540	65 2d 74 69 6d 65 2e 00 49 66 20 61 6e 20 49 53 50 20 64 65 70 6c 6f 79 73 20 61 20 3a 61 62 62	e-time..If.an.ISP.deploys.a.:abb
ae560	72 3a 60 43 47 4e 20 28 43 61 72 72 69 65 72 2d 67 72 61 64 65 20 4e 41 54 29 60 2c 20 61 6e 64	r:`CGN.(Carrier-grade.NAT)`,.and
ae580	20 75 73 65 73 20 3a 72 66 63 3a 60 31 39 31 38 60 20 61 64 64 72 65 73 73 20 73 70 61 63 65 20	.uses.:rfc:`1918`.address.space.
ae5a0	74 6f 20 6e 75 6d 62 65 72 20 63 75 73 74 6f 6d 65 72 20 67 61 74 65 77 61 79 73 2c 20 74 68 65	to.number.customer.gateways,.the
ae5c0	20 72 69 73 6b 20 6f 66 20 61 64 64 72 65 73 73 20 63 6f 6c 6c 69 73 69 6f 6e 2c 20 61 6e 64 20	.risk.of.address.collision,.and.
ae5e0	74 68 65 72 65 66 6f 72 65 20 72 6f 75 74 69 6e 67 20 66 61 69 6c 75 72 65 73 2c 20 61 72 69 73	therefore.routing.failures,.aris
ae600	65 73 20 77 68 65 6e 20 74 68 65 20 63 75 73 74 6f 6d 65 72 20 6e 65 74 77 6f 72 6b 20 61 6c 72	es.when.the.customer.network.alr
ae620	65 61 64 79 20 75 73 65 73 20 61 6e 20 3a 72 66 63 3a 60 31 39 31 38 60 20 61 64 64 72 65 73 73	eady.uses.an.:rfc:`1918`.address
ae640	20 73 70 61 63 65 2e 00 49 66 20 61 6e 20 61 6e 6f 74 68 65 72 20 62 72 69 64 67 65 20 69 6e 20	.space..If.an.another.bridge.in.
ae660	74 68 65 20 73 70 61 6e 6e 69 6e 67 20 74 72 65 65 20 64 6f 65 73 20 6e 6f 74 20 73 65 6e 64 20	the.spanning.tree.does.not.send.
ae680	6f 75 74 20 61 20 68 65 6c 6c 6f 20 70 61 63 6b 65 74 20 66 6f 72 20 61 20 6c 6f 6e 67 20 70 65	out.a.hello.packet.for.a.long.pe
ae6a0	72 69 6f 64 20 6f 66 20 74 69 6d 65 2c 20 69 74 20 69 73 20 61 73 73 75 6d 65 64 20 74 6f 20 62	riod.of.time,.it.is.assumed.to.b
ae6c0	65 20 64 65 61 64 2e 00 49 66 20 63 6f 6e 66 69 67 75 72 65 64 2c 20 69 6e 63 6f 6d 69 6e 67 20	e.dead..If.configured,.incoming.
ae6e0	49 50 20 64 69 72 65 63 74 65 64 20 62 72 6f 61 64 63 61 73 74 20 70 61 63 6b 65 74 73 20 6f 6e	IP.directed.broadcast.packets.on
ae700	20 74 68 69 73 20 69 6e 74 65 72 66 61 63 65 20 77 69 6c 6c 20 62 65 20 66 6f 72 77 61 72 64 65	.this.interface.will.be.forwarde
ae720	64 2e 00 49 66 20 63 6f 6e 66 69 67 75 72 65 64 2c 20 72 65 70 6c 79 20 6f 6e 6c 79 20 69 66 20	d..If.configured,.reply.only.if.
ae740	74 68 65 20 74 61 72 67 65 74 20 49 50 20 61 64 64 72 65 73 73 20 69 73 20 6c 6f 63 61 6c 20 61	the.target.IP.address.is.local.a
ae760	64 64 72 65 73 73 20 63 6f 6e 66 69 67 75 72 65 64 20 6f 6e 20 74 68 65 20 69 6e 63 6f 6d 69 6e	ddress.configured.on.the.incomin
ae780	67 20 69 6e 74 65 72 66 61 63 65 2e 00 49 66 20 63 6f 6e 66 69 67 75 72 65 64 2c 20 74 72 79 20	g.interface..If.configured,.try.
ae7a0	74 6f 20 61 76 6f 69 64 20 6c 6f 63 61 6c 20 61 64 64 72 65 73 73 65 73 20 74 68 61 74 20 61 72	to.avoid.local.addresses.that.ar
ae7c0	65 20 6e 6f 74 20 69 6e 20 74 68 65 20 74 61 72 67 65 74 27 73 20 73 75 62 6e 65 74 20 66 6f 72	e.not.in.the.target's.subnet.for
ae7e0	20 74 68 69 73 20 69 6e 74 65 72 66 61 63 65 2e 20 54 68 69 73 20 6d 6f 64 65 20 69 73 20 75 73	.this.interface..This.mode.is.us
ae800	65 66 75 6c 20 77 68 65 6e 20 74 61 72 67 65 74 20 68 6f 73 74 73 20 72 65 61 63 68 61 62 6c 65	eful.when.target.hosts.reachable
ae820	20 76 69 61 20 74 68 69 73 20 69 6e 74 65 72 66 61 63 65 20 72 65 71 75 69 72 65 20 74 68 65 20	.via.this.interface.require.the.
ae840	73 6f 75 72 63 65 20 49 50 20 61 64 64 72 65 73 73 20 69 6e 20 41 52 50 20 72 65 71 75 65 73 74	source.IP.address.in.ARP.request
ae860	73 20 74 6f 20 62 65 20 70 61 72 74 20 6f 66 20 74 68 65 69 72 20 6c 6f 67 69 63 61 6c 20 6e 65	s.to.be.part.of.their.logical.ne
ae880	74 77 6f 72 6b 20 63 6f 6e 66 69 67 75 72 65 64 20 6f 6e 20 74 68 65 20 72 65 63 65 69 76 69 6e	twork.configured.on.the.receivin
ae8a0	67 20 69 6e 74 65 72 66 61 63 65 2e 20 57 68 65 6e 20 77 65 20 67 65 6e 65 72 61 74 65 20 74 68	g.interface..When.we.generate.th
ae8c0	65 20 72 65 71 75 65 73 74 20 77 65 20 77 69 6c 6c 20 63 68 65 63 6b 20 61 6c 6c 20 6f 75 72 20	e.request.we.will.check.all.our.
ae8e0	73 75 62 6e 65 74 73 20 74 68 61 74 20 69 6e 63 6c 75 64 65 20 74 68 65 20 74 61 72 67 65 74 20	subnets.that.include.the.target.
ae900	49 50 20 61 6e 64 20 77 69 6c 6c 20 70 72 65 73 65 72 76 65 20 74 68 65 20 73 6f 75 72 63 65 20	IP.and.will.preserve.the.source.
ae920	61 64 64 72 65 73 73 20 69 66 20 69 74 20 69 73 20 66 72 6f 6d 20 73 75 63 68 20 73 75 62 6e 65	address.if.it.is.from.such.subne
ae940	74 2e 20 49 66 20 74 68 65 72 65 20 69 73 20 6e 6f 20 73 75 63 68 20 73 75 62 6e 65 74 20 77 65	t..If.there.is.no.such.subnet.we
ae960	20 73 65 6c 65 63 74 20 73 6f 75 72 63 65 20 61 64 64 72 65 73 73 20 61 63 63 6f 72 64 69 6e 67	.select.source.address.according
ae980	20 74 6f 20 74 68 65 20 72 75 6c 65 73 20 66 6f 72 20 6c 65 76 65 6c 20 32 2e 00 49 66 20 63 6f	.to.the.rules.for.level.2..If.co
ae9a0	6e 66 69 67 75 72 69 6e 67 20 56 58 4c 41 4e 20 69 6e 20 61 20 56 79 4f 53 20 76 69 72 74 75 61	nfiguring.VXLAN.in.a.VyOS.virtua
ae9c0	6c 20 6d 61 63 68 69 6e 65 2c 20 65 6e 73 75 72 65 20 74 68 61 74 20 4d 41 43 20 73 70 6f 6f 66	l.machine,.ensure.that.MAC.spoof
ae9e0	69 6e 67 20 28 48 79 70 65 72 2d 56 29 20 6f 72 20 46 6f 72 67 65 64 20 54 72 61 6e 73 6d 69 74	ing.(Hyper-V).or.Forged.Transmit
aea00	73 20 28 45 53 58 29 20 61 72 65 20 70 65 72 6d 69 74 74 65 64 2c 20 6f 74 68 65 72 77 69 73 65	s.(ESX).are.permitted,.otherwise
aea20	20 66 6f 72 77 61 72 64 65 64 20 66 72 61 6d 65 73 20 6d 61 79 20 62 65 20 62 6c 6f 63 6b 65 64	.forwarded.frames.may.be.blocked
aea40	20 62 79 20 74 68 65 20 68 79 70 65 72 76 69 73 6f 72 2e 00 49 66 20 66 6f 72 77 61 72 64 69 6e	.by.the.hypervisor..If.forwardin
aea60	67 20 74 72 61 66 66 69 63 20 74 6f 20 61 20 64 69 66 66 65 72 65 6e 74 20 70 6f 72 74 20 74 68	g.traffic.to.a.different.port.th
aea80	61 6e 20 69 74 20 69 73 20 61 72 72 69 76 69 6e 67 20 6f 6e 2c 20 79 6f 75 20 6d 61 79 20 61 6c	an.it.is.arriving.on,.you.may.al
aeaa0	73 6f 20 63 6f 6e 66 69 67 75 72 65 20 74 68 65 20 74 72 61 6e 73 6c 61 74 69 6f 6e 20 70 6f 72	so.configure.the.translation.por
aeac0	74 20 75 73 69 6e 67 20 60 73 65 74 20 6e 61 74 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 72 75 6c	t.using.`set.nat.destination.rul
aeae0	65 20 5b 6e 5d 20 74 72 61 6e 73 6c 61 74 69 6f 6e 20 70 6f 72 74 60 2e 00 49 66 20 67 75 61 72	e.[n].translation.port`..If.guar
aeb00	61 6e 74 65 65 64 20 74 72 61 66 66 69 63 20 66 6f 72 20 61 20 63 6c 61 73 73 20 69 73 20 6d 65	anteed.traffic.for.a.class.is.me
aeb20	74 20 61 6e 64 20 74 68 65 72 65 20 69 73 20 72 6f 6f 6d 20 66 6f 72 20 6d 6f 72 65 20 74 72 61	t.and.there.is.room.for.more.tra
aeb40	66 66 69 63 2c 20 74 68 65 20 63 65 69 6c 69 6e 67 20 70 61 72 61 6d 65 74 65 72 20 63 61 6e 20	ffic,.the.ceiling.parameter.can.
aeb60	62 65 20 75 73 65 64 20 74 6f 20 73 65 74 20 68 6f 77 20 6d 75 63 68 20 6d 6f 72 65 20 62 61 6e	be.used.to.set.how.much.more.ban
aeb80	64 77 69 64 74 68 20 63 6f 75 6c 64 20 62 65 20 75 73 65 64 2e 20 49 66 20 67 75 61 72 61 6e 74	dwidth.could.be.used..If.guarant
aeba0	65 65 64 20 74 72 61 66 66 69 63 20 69 73 20 6d 65 74 20 61 6e 64 20 74 68 65 72 65 20 61 72 65	eed.traffic.is.met.and.there.are
aebc0	20 73 65 76 65 72 61 6c 20 63 6c 61 73 73 65 73 20 77 69 6c 6c 69 6e 67 20 74 6f 20 75 73 65 20	.several.classes.willing.to.use.
aebe0	74 68 65 69 72 20 63 65 69 6c 69 6e 67 73 2c 20 74 68 65 20 70 72 69 6f 72 69 74 79 20 70 61 72	their.ceilings,.the.priority.par
aec00	61 6d 65 74 65 72 20 77 69 6c 6c 20 65 73 74 61 62 6c 69 73 68 20 74 68 65 20 6f 72 64 65 72 20	ameter.will.establish.the.order.
aec20	69 6e 20 77 68 69 63 68 20 74 68 61 74 20 61 64 64 69 74 69 6f 6e 61 6c 20 74 72 61 66 66 69 63	in.which.that.additional.traffic
aec40	20 77 69 6c 6c 20 62 65 20 61 6c 6c 6f 63 61 74 65 64 2e 20 50 72 69 6f 72 69 74 79 20 63 61 6e	.will.be.allocated..Priority.can
aec60	20 62 65 20 61 6e 79 20 6e 75 6d 62 65 72 20 66 72 6f 6d 20 30 20 74 6f 20 37 2e 20 54 68 65 20	.be.any.number.from.0.to.7..The.
aec80	6c 6f 77 65 72 20 74 68 65 20 6e 75 6d 62 65 72 2c 20 74 68 65 20 68 69 67 68 65 72 20 74 68 65	lower.the.number,.the.higher.the
aeca0	20 70 72 69 6f 72 69 74 79 2e 00 49 66 20 69 74 27 73 20 76 69 74 61 6c 20 74 68 61 74 20 74 68	.priority..If.it's.vital.that.th
aecc0	65 20 64 61 65 6d 6f 6e 20 73 68 6f 75 6c 64 20 61 63 74 20 65 78 61 63 74 6c 79 20 6c 69 6b 65	e.daemon.should.act.exactly.like
aece0	20 61 20 72 65 61 6c 20 6d 75 6c 74 69 63 61 73 74 20 63 6c 69 65 6e 74 20 6f 6e 20 74 68 65 20	.a.real.multicast.client.on.the.
aed00	75 70 73 74 72 65 61 6d 20 69 6e 74 65 72 66 61 63 65 2c 20 74 68 69 73 20 66 75 6e 63 74 69 6f	upstream.interface,.this.functio
aed20	6e 20 73 68 6f 75 6c 64 20 62 65 20 65 6e 61 62 6c 65 64 2e 00 49 66 20 6b 6e 6f 77 6e 2c 20 74	n.should.be.enabled..If.known,.t
aed40	68 65 20 49 50 20 6f 66 20 74 68 65 20 72 65 6d 6f 74 65 20 72 6f 75 74 65 72 20 63 61 6e 20 62	he.IP.of.the.remote.router.can.b
aed60	65 20 63 6f 6e 66 69 67 75 72 65 64 20 75 73 69 6e 67 20 74 68 65 20 60 60 72 65 6d 6f 74 65 2d	e.configured.using.the.``remote-
aed80	68 6f 73 74 60 60 20 64 69 72 65 63 74 69 76 65 3b 20 69 66 20 75 6e 6b 6e 6f 77 6e 2c 20 69 74	host``.directive;.if.unknown,.it
aeda0	20 63 61 6e 20 62 65 20 6f 6d 69 74 74 65 64 2e 20 57 65 20 77 69 6c 6c 20 61 73 73 75 6d 65 20	.can.be.omitted..We.will.assume.
aedc0	61 20 64 79 6e 61 6d 69 63 20 49 50 20 66 6f 72 20 6f 75 72 20 72 65 6d 6f 74 65 20 72 6f 75 74	a.dynamic.IP.for.our.remote.rout
aede0	65 72 2e 00 49 66 20 6c 6f 67 67 69 6e 67 20 74 6f 20 61 20 6c 6f 63 61 6c 20 75 73 65 72 20 61	er..If.logging.to.a.local.user.a
aee00	63 63 6f 75 6e 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 2c 20 61 6c 6c 20 64 65 66 69 6e 65	ccount.is.configured,.all.define
aee20	64 20 6c 6f 67 20 6d 65 73 73 61 67 65 73 20 61 72 65 20 64 69 73 70 6c 61 79 20 6f 6e 20 74 68	d.log.messages.are.display.on.th
aee40	65 20 63 6f 6e 73 6f 6c 65 20 69 66 20 74 68 65 20 6c 6f 63 61 6c 20 75 73 65 72 20 69 73 20 6c	e.console.if.the.local.user.is.l
aee60	6f 67 67 65 64 20 69 6e 2c 20 69 66 20 74 68 65 20 75 73 65 72 20 69 73 20 6e 6f 74 20 6c 6f 67	ogged.in,.if.the.user.is.not.log
aee80	67 65 64 20 69 6e 2c 20 6e 6f 20 6d 65 73 73 61 67 65 73 20 61 72 65 20 62 65 69 6e 67 20 64 69	ged.in,.no.messages.are.being.di
aeea0	73 70 6c 61 79 65 64 2e 20 46 6f 72 20 61 6e 20 65 78 70 6c 61 6e 61 74 69 6f 6e 20 6f 6e 20 3a	splayed..For.an.explanation.on.:
aeec0	72 65 66 3a 60 73 79 73 6c 6f 67 5f 66 61 63 69 6c 69 74 69 65 73 60 20 6b 65 79 77 6f 72 64 73	ref:`syslog_facilities`.keywords
aeee0	20 61 6e 64 20 3a 72 65 66 3a 60 73 79 73 6c 6f 67 5f 73 65 76 65 72 69 74 79 5f 6c 65 76 65 6c	.and.:ref:`syslog_severity_level
aef00	60 20 6b 65 79 77 6f 72 64 73 20 73 65 65 20 74 61 62 6c 65 73 20 62 65 6c 6f 77 2e 00 49 66 20	`.keywords.see.tables.below..If.
aef20	6d 61 6b 69 6e 67 20 75 73 65 20 6f 66 20 6d 75 6c 74 69 70 6c 65 20 74 75 6e 6e 65 6c 73 2c 20	making.use.of.multiple.tunnels,.
aef40	4f 70 65 6e 56 50 4e 20 6d 75 73 74 20 68 61 76 65 20 61 20 77 61 79 20 74 6f 20 64 69 73 74 69	OpenVPN.must.have.a.way.to.disti
aef60	6e 67 75 69 73 68 20 62 65 74 77 65 65 6e 20 64 69 66 66 65 72 65 6e 74 20 74 75 6e 6e 65 6c 73	nguish.between.different.tunnels
aef80	20 61 73 69 64 65 20 66 72 6f 6d 20 74 68 65 20 70 72 65 2d 73 68 61 72 65 64 2d 6b 65 79 2e 20	.aside.from.the.pre-shared-key..
aefa0	54 68 69 73 20 69 73 20 65 69 74 68 65 72 20 62 79 20 72 65 66 65 72 65 6e 63 69 6e 67 20 49 50	This.is.either.by.referencing.IP
aefc0	20 61 64 64 72 65 73 73 20 6f 72 20 70 6f 72 74 20 6e 75 6d 62 65 72 2e 20 4f 6e 65 20 6f 70 74	.address.or.port.number..One.opt
aefe0	69 6f 6e 20 69 73 20 74 6f 20 64 65 64 69 63 61 74 65 20 61 20 70 75 62 6c 69 63 20 49 50 20 74	ion.is.to.dedicate.a.public.IP.t
af000	6f 20 65 61 63 68 20 74 75 6e 6e 65 6c 2e 20 41 6e 6f 74 68 65 72 20 6f 70 74 69 6f 6e 20 69 73	o.each.tunnel..Another.option.is
af020	20 74 6f 20 64 65 64 69 63 61 74 65 20 61 20 70 6f 72 74 20 6e 75 6d 62 65 72 20 74 6f 20 65 61	.to.dedicate.a.port.number.to.ea
af040	63 68 20 74 75 6e 6e 65 6c 20 28 65 2e 67 2e 20 31 31 39 35 2c 31 31 39 36 2c 31 31 39 37 2e 2e	ch.tunnel.(e.g..1195,1196,1197..
af060	2e 29 2e 00 49 66 20 6d 75 6c 74 69 2d 70 61 74 68 69 6e 67 20 69 73 20 65 6e 61 62 6c 65 64 2c	.)..If.multi-pathing.is.enabled,
af080	20 74 68 65 6e 20 63 68 65 63 6b 20 77 68 65 74 68 65 72 20 74 68 65 20 72 6f 75 74 65 73 20 6e	.then.check.whether.the.routes.n
af0a0	6f 74 20 79 65 74 20 64 69 73 74 69 6e 67 75 69 73 68 65 64 20 69 6e 20 70 72 65 66 65 72 65 6e	ot.yet.distinguished.in.preferen
af0c0	63 65 20 6d 61 79 20 62 65 20 63 6f 6e 73 69 64 65 72 65 64 20 65 71 75 61 6c 2e 20 49 66 20 3a	ce.may.be.considered.equal..If.:
af0e0	63 66 67 63 6d 64 3a 60 62 67 70 20 62 65 73 74 70 61 74 68 20 61 73 2d 70 61 74 68 20 6d 75 6c	cfgcmd:`bgp.bestpath.as-path.mul
af100	74 69 70 61 74 68 2d 72 65 6c 61 78 60 20 69 73 20 73 65 74 2c 20 61 6c 6c 20 73 75 63 68 20 72	tipath-relax`.is.set,.all.such.r
af120	6f 75 74 65 73 20 61 72 65 20 63 6f 6e 73 69 64 65 72 65 64 20 65 71 75 61 6c 2c 20 6f 74 68 65	outes.are.considered.equal,.othe
af140	72 77 69 73 65 20 72 6f 75 74 65 73 20 72 65 63 65 69 76 65 64 20 76 69 61 20 69 42 47 50 20 77	rwise.routes.received.via.iBGP.w
af160	69 74 68 20 69 64 65 6e 74 69 63 61 6c 20 41 53 5f 50 41 54 48 73 20 6f 72 20 72 6f 75 74 65 73	ith.identical.AS_PATHs.or.routes
af180	20 72 65 63 65 69 76 65 64 20 66 72 6f 6d 20 65 42 47 50 20 6e 65 69 67 68 62 6f 75 72 73 20 69	.received.from.eBGP.neighbours.i
af1a0	6e 20 74 68 65 20 73 61 6d 65 20 41 53 20 61 72 65 20 63 6f 6e 73 69 64 65 72 65 64 20 65 71 75	n.the.same.AS.are.considered.equ
af1c0	61 6c 2e 00 49 66 20 6e 6f 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 74 6f 20 61 6e 20 52 50 4b 49 20	al..If.no.connection.to.an.RPKI.
af1e0	63 61 63 68 65 20 73 65 72 76 65 72 20 63 61 6e 20 62 65 20 65 73 74 61 62 6c 69 73 68 65 64 20	cache.server.can.be.established.
af200	61 66 74 65 72 20 61 20 70 72 65 2d 64 65 66 69 6e 65 64 20 74 69 6d 65 6f 75 74 2c 20 74 68 65	after.a.pre-defined.timeout,.the
af220	20 72 6f 75 74 65 72 20 77 69 6c 6c 20 70 72 6f 63 65 73 73 20 72 6f 75 74 65 73 20 77 69 74 68	.router.will.process.routes.with
af240	6f 75 74 20 70 72 65 66 69 78 20 6f 72 69 67 69 6e 20 76 61 6c 69 64 61 74 69 6f 6e 2e 20 49 74	out.prefix.origin.validation..It
af260	20 73 74 69 6c 6c 20 77 69 6c 6c 20 74 72 79 20 74 6f 20 65 73 74 61 62 6c 69 73 68 20 61 20 63	.still.will.try.to.establish.a.c
af280	6f 6e 6e 65 63 74 69 6f 6e 20 74 6f 20 61 6e 20 52 50 4b 49 20 63 61 63 68 65 20 73 65 72 76 65	onnection.to.an.RPKI.cache.serve
af2a0	72 20 69 6e 20 74 68 65 20 62 61 63 6b 67 72 6f 75 6e 64 2e 00 49 66 20 6e 6f 20 64 65 73 74 69	r.in.the.background..If.no.desti
af2c0	6e 61 74 69 6f 6e 20 69 73 20 73 70 65 63 69 66 69 65 64 20 74 68 65 20 72 75 6c 65 20 77 69 6c	nation.is.specified.the.rule.wil
af2e0	6c 20 6d 61 74 63 68 20 6f 6e 20 61 6e 79 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 61 64 64 72 65	l.match.on.any.destination.addre
af300	73 73 20 61 6e 64 20 70 6f 72 74 2e 00 49 66 20 6e 6f 20 69 70 20 70 72 65 66 69 78 20 6c 69 73	ss.and.port..If.no.ip.prefix.lis
af320	74 20 69 73 20 73 70 65 63 69 66 69 65 64 2c 20 69 74 20 61 63 74 73 20 61 73 20 70 65 72 6d 69	t.is.specified,.it.acts.as.permi
af340	74 2e 20 49 66 20 69 70 20 70 72 65 66 69 78 20 6c 69 73 74 20 69 73 20 64 65 66 69 6e 65 64 2c	t..If.ip.prefix.list.is.defined,
af360	20 61 6e 64 20 6e 6f 20 6d 61 74 63 68 20 69 73 20 66 6f 75 6e 64 2c 20 64 65 66 61 75 6c 74 20	.and.no.match.is.found,.default.
af380	64 65 6e 79 20 69 73 20 61 70 70 6c 69 65 64 2e 00 49 66 20 6e 6f 20 6f 70 74 69 6f 6e 20 69 73	deny.is.applied..If.no.option.is
af3a0	20 73 70 65 63 69 66 69 65 64 2c 20 74 68 69 73 20 64 65 66 61 75 6c 74 73 20 74 6f 20 60 61 6c	.specified,.this.defaults.to.`al
af3c0	6c 60 2e 00 49 66 20 6e 6f 74 20 73 65 74 20 28 64 65 66 61 75 6c 74 29 20 61 6c 6c 6f 77 73 20	l`..If.not.set.(default).allows.
af3e0	79 6f 75 20 74 6f 20 68 61 76 65 20 6d 75 6c 74 69 70 6c 65 20 6e 65 74 77 6f 72 6b 20 69 6e 74	you.to.have.multiple.network.int
af400	65 72 66 61 63 65 73 20 6f 6e 20 74 68 65 20 73 61 6d 65 20 73 75 62 6e 65 74 2c 20 61 6e 64 20	erfaces.on.the.same.subnet,.and.
af420	68 61 76 65 20 74 68 65 20 41 52 50 73 20 66 6f 72 20 65 61 63 68 20 69 6e 74 65 72 66 61 63 65	have.the.ARPs.for.each.interface
af440	20 62 65 20 61 6e 73 77 65 72 65 64 20 62 61 73 65 64 20 6f 6e 20 77 68 65 74 68 65 72 20 6f 72	.be.answered.based.on.whether.or
af460	20 6e 6f 74 20 74 68 65 20 6b 65 72 6e 65 6c 20 77 6f 75 6c 64 20 72 6f 75 74 65 20 61 20 70 61	.not.the.kernel.would.route.a.pa
af480	63 6b 65 74 20 66 72 6f 6d 20 74 68 65 20 41 52 50 27 64 20 49 50 20 6f 75 74 20 74 68 61 74 20	cket.from.the.ARP'd.IP.out.that.
af4a0	69 6e 74 65 72 66 61 63 65 20 28 74 68 65 72 65 66 6f 72 65 20 79 6f 75 20 6d 75 73 74 20 75 73	interface.(therefore.you.must.us
af4c0	65 20 73 6f 75 72 63 65 20 62 61 73 65 64 20 72 6f 75 74 69 6e 67 20 66 6f 72 20 74 68 69 73 20	e.source.based.routing.for.this.
af4e0	74 6f 20 77 6f 72 6b 29 2e 00 49 66 20 73 65 74 20 74 68 65 20 6b 65 72 6e 65 6c 20 63 61 6e 20	to.work)..If.set.the.kernel.can.
af500	72 65 73 70 6f 6e 64 20 74 6f 20 61 72 70 20 72 65 71 75 65 73 74 73 20 77 69 74 68 20 61 64 64	respond.to.arp.requests.with.add
af520	72 65 73 73 65 73 20 66 72 6f 6d 20 6f 74 68 65 72 20 69 6e 74 65 72 66 61 63 65 73 2e 20 54 68	resses.from.other.interfaces..Th
af540	69 73 20 6d 61 79 20 73 65 65 6d 20 77 72 6f 6e 67 20 62 75 74 20 69 74 20 75 73 75 61 6c 6c 79	is.may.seem.wrong.but.it.usually
af560	20 6d 61 6b 65 73 20 73 65 6e 73 65 2c 20 62 65 63 61 75 73 65 20 69 74 20 69 6e 63 72 65 61 73	.makes.sense,.because.it.increas
af580	65 73 20 74 68 65 20 63 68 61 6e 63 65 20 6f 66 20 73 75 63 63 65 73 73 66 75 6c 20 63 6f 6d 6d	es.the.chance.of.successful.comm
af5a0	75 6e 69 63 61 74 69 6f 6e 2e 20 49 50 20 61 64 64 72 65 73 73 65 73 20 61 72 65 20 6f 77 6e 65	unication..IP.addresses.are.owne
af5c0	64 20 62 79 20 74 68 65 20 63 6f 6d 70 6c 65 74 65 20 68 6f 73 74 20 6f 6e 20 4c 69 6e 75 78 2c	d.by.the.complete.host.on.Linux,
af5e0	20 6e 6f 74 20 62 79 20 70 61 72 74 69 63 75 6c 61 72 20 69 6e 74 65 72 66 61 63 65 73 2e 20 4f	.not.by.particular.interfaces..O
af600	6e 6c 79 20 66 6f 72 20 6d 6f 72 65 20 63 6f 6d 70 6c 65 78 20 73 65 74 75 70 73 20 6c 69 6b 65	nly.for.more.complex.setups.like
af620	20 6c 6f 61 64 2d 62 61 6c 61 6e 63 69 6e 67 2c 20 64 6f 65 73 20 74 68 69 73 20 62 65 68 61 76	.load-balancing,.does.this.behav
af640	69 6f 75 72 20 63 61 75 73 65 20 70 72 6f 62 6c 65 6d 73 2e 00 49 66 20 73 65 74 2c 20 49 50 76	iour.cause.problems..If.set,.IPv
af660	34 20 64 69 72 65 63 74 65 64 20 62 72 6f 61 64 63 61 73 74 20 66 6f 72 77 61 72 64 69 6e 67 20	4.directed.broadcast.forwarding.
af680	77 69 6c 6c 20 62 65 20 63 6f 6d 70 6c 65 74 65 6c 79 20 64 69 73 61 62 6c 65 64 20 72 65 67 61	will.be.completely.disabled.rega
af6a0	72 64 6c 65 73 73 20 6f 66 20 77 68 65 74 68 65 72 20 70 65 72 2d 69 6e 74 65 72 66 61 63 65 20	rdless.of.whether.per-interface.
af6c0	64 69 72 65 63 74 65 64 20 62 72 6f 61 64 63 61 73 74 20 66 6f 72 77 61 72 64 69 6e 67 20 69 73	directed.broadcast.forwarding.is
af6e0	20 65 6e 61 62 6c 65 64 20 6f 72 20 6e 6f 74 2e 00 49 66 20 73 75 66 66 69 78 20 69 73 20 6f 6d	.enabled.or.not..If.suffix.is.om
af700	69 74 74 65 64 2c 20 6d 69 6e 75 74 65 73 20 61 72 65 20 69 6d 70 6c 69 65 64 2e 00 49 66 20 74	itted,.minutes.are.implied..If.t
af720	68 65 20 3a 63 66 67 63 6d 64 3a 60 6e 6f 2d 70 72 65 70 65 6e 64 60 20 61 74 74 72 69 62 75 74	he.:cfgcmd:`no-prepend`.attribut
af740	65 20 69 73 20 73 70 65 63 69 66 69 65 64 2c 20 74 68 65 6e 20 74 68 65 20 73 75 70 70 6c 69 65	e.is.specified,.then.the.supplie
af760	64 20 6c 6f 63 61 6c 2d 61 73 20 69 73 20 6e 6f 74 20 70 72 65 70 65 6e 64 65 64 20 74 6f 20 74	d.local-as.is.not.prepended.to.t
af780	68 65 20 72 65 63 65 69 76 65 64 20 41 53 5f 50 41 54 48 2e 00 49 66 20 74 68 65 20 3a 63 66 67	he.received.AS_PATH..If.the.:cfg
af7a0	63 6d 64 3a 60 72 65 70 6c 61 63 65 2d 61 73 60 20 61 74 74 72 69 62 75 74 65 20 69 73 20 73 70	cmd:`replace-as`.attribute.is.sp
af7c0	65 63 69 66 69 65 64 2c 20 74 68 65 6e 20 6f 6e 6c 79 20 74 68 65 20 73 75 70 70 6c 69 65 64 20	ecified,.then.only.the.supplied.
af7e0	6c 6f 63 61 6c 2d 61 73 20 69 73 20 70 72 65 70 65 6e 64 65 64 20 74 6f 20 74 68 65 20 41 53 5f	local-as.is.prepended.to.the.AS_
af800	50 41 54 48 20 77 68 65 6e 20 74 72 61 6e 73 6d 69 74 74 69 6e 67 20 6c 6f 63 61 6c 2d 72 6f 75	PATH.when.transmitting.local-rou
af820	74 65 20 75 70 64 61 74 65 73 20 74 6f 20 74 68 69 73 20 70 65 65 72 2e 00 49 66 20 74 68 65 20	te.updates.to.this.peer..If.the.
af840	41 52 50 20 74 61 62 6c 65 20 61 6c 72 65 61 64 79 20 63 6f 6e 74 61 69 6e 73 20 74 68 65 20 49	ARP.table.already.contains.the.I
af860	50 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 67 72 61 74 75 69 74 6f 75 73 20 61 72 70 20	P.address.of.the.gratuitous.arp.
af880	66 72 61 6d 65 2c 20 74 68 65 20 61 72 70 20 74 61 62 6c 65 20 77 69 6c 6c 20 62 65 20 75 70 64	frame,.the.arp.table.will.be.upd
af8a0	61 74 65 64 20 72 65 67 61 72 64 6c 65 73 73 20 69 66 20 74 68 69 73 20 73 65 74 74 69 6e 67 20	ated.regardless.if.this.setting.
af8c0	69 73 20 6f 6e 20 6f 72 20 6f 66 66 2e 00 49 66 20 74 68 65 20 41 53 2d 50 61 74 68 20 66 6f 72	is.on.or.off..If.the.AS-Path.for
af8e0	20 74 68 65 20 72 6f 75 74 65 20 68 61 73 20 61 20 70 72 69 76 61 74 65 20 41 53 4e 20 62 65 74	.the.route.has.a.private.ASN.bet
af900	77 65 65 6e 20 70 75 62 6c 69 63 20 41 53 4e 73 2c 20 69 74 20 69 73 20 61 73 73 75 6d 65 64 20	ween.public.ASNs,.it.is.assumed.
af920	74 68 61 74 20 74 68 69 73 20 69 73 20 61 20 64 65 73 69 67 6e 20 63 68 6f 69 63 65 2c 20 61 6e	that.this.is.a.design.choice,.an
af940	64 20 74 68 65 20 70 72 69 76 61 74 65 20 41 53 4e 20 69 73 20 6e 6f 74 20 72 65 6d 6f 76 65 64	d.the.private.ASN.is.not.removed
af960	2e 00 49 66 20 74 68 65 20 41 53 2d 50 61 74 68 20 66 6f 72 20 74 68 65 20 72 6f 75 74 65 20 68	..If.the.AS-Path.for.the.route.h
af980	61 73 20 6f 6e 6c 79 20 70 72 69 76 61 74 65 20 41 53 4e 73 2c 20 74 68 65 20 70 72 69 76 61 74	as.only.private.ASNs,.the.privat
af9a0	65 20 41 53 4e 73 20 61 72 65 20 72 65 6d 6f 76 65 64 2e 00 49 66 20 74 68 65 20 49 50 20 70 72	e.ASNs.are.removed..If.the.IP.pr
af9c0	65 66 69 78 20 6d 61 73 6b 20 69 73 20 70 72 65 73 65 6e 74 2c 20 69 74 20 64 69 72 65 63 74 73	efix.mask.is.present,.it.directs
af9e0	20 6f 70 65 6e 6e 68 72 70 20 74 6f 20 75 73 65 20 74 68 69 73 20 70 65 65 72 20 61 73 20 61 20	.opennhrp.to.use.this.peer.as.a.
afa00	6e 65 78 74 20 68 6f 70 20 73 65 72 76 65 72 20 77 68 65 6e 20 73 65 6e 64 69 6e 67 20 52 65 73	next.hop.server.when.sending.Res
afa20	6f 6c 75 74 69 6f 6e 20 52 65 71 75 65 73 74 73 20 6d 61 74 63 68 69 6e 67 20 74 68 69 73 20 73	olution.Requests.matching.this.s
afa40	75 62 6e 65 74 2e 00 49 66 20 74 68 65 20 52 41 44 49 55 53 20 73 65 72 76 65 72 20 73 65 6e 64	ubnet..If.the.RADIUS.server.send
afa60	73 20 74 68 65 20 61 74 74 72 69 62 75 74 65 20 60 60 46 72 61 6d 65 64 2d 49 50 2d 41 64 64 72	s.the.attribute.``Framed-IP-Addr
afa80	65 73 73 60 60 20 74 68 65 6e 20 74 68 69 73 20 49 50 20 61 64 64 72 65 73 73 20 77 69 6c 6c 20	ess``.then.this.IP.address.will.
afaa0	62 65 20 61 6c 6c 6f 63 61 74 65 64 20 74 6f 20 74 68 65 20 63 6c 69 65 6e 74 20 61 6e 64 20 74	be.allocated.to.the.client.and.t
afac0	68 65 20 6f 70 74 69 6f 6e 20 69 70 2d 70 6f 6f 6c 20 77 69 74 68 69 6e 20 74 68 65 20 43 4c 49	he.option.ip-pool.within.the.CLI
afae0	20 63 6f 6e 66 69 67 20 69 73 20 62 65 69 6e 67 20 69 67 6e 6f 72 65 64 2e 00 49 66 20 74 68 65	.config.is.being.ignored..If.the
afb00	20 52 41 44 49 55 53 20 73 65 72 76 65 72 20 75 73 65 73 20 74 68 65 20 61 74 74 72 69 62 75 74	.RADIUS.server.uses.the.attribut
afb20	65 20 60 60 4e 41 53 2d 50 6f 72 74 2d 49 64 60 60 2c 20 70 70 70 20 74 75 6e 6e 65 6c 73 20 77	e.``NAS-Port-Id``,.ppp.tunnels.w
afb40	69 6c 6c 20 62 65 20 72 65 6e 61 6d 65 64 2e 00 49 66 20 74 68 65 20 61 76 65 72 61 67 65 20 71	ill.be.renamed..If.the.average.q
afb60	75 65 75 65 20 73 69 7a 65 20 69 73 20 6c 6f 77 65 72 20 74 68 61 6e 20 74 68 65 20 2a 2a 6d 69	ueue.size.is.lower.than.the.**mi
afb80	6e 2d 74 68 72 65 73 68 6f 6c 64 2a 2a 2c 20 61 6e 20 61 72 72 69 76 69 6e 67 20 70 61 63 6b 65	n-threshold**,.an.arriving.packe
afba0	74 20 77 69 6c 6c 20 62 65 20 70 6c 61 63 65 64 20 69 6e 20 74 68 65 20 71 75 65 75 65 2e 00 49	t.will.be.placed.in.the.queue..I
afbc0	66 20 74 68 65 20 63 75 72 72 65 6e 74 20 71 75 65 75 65 20 73 69 7a 65 20 69 73 20 6c 61 72 67	f.the.current.queue.size.is.larg
afbe0	65 72 20 74 68 61 6e 20 2a 2a 71 75 65 75 65 2d 6c 69 6d 69 74 2a 2a 2c 20 74 68 65 6e 20 70 61	er.than.**queue-limit**,.then.pa
afc00	63 6b 65 74 73 20 77 69 6c 6c 20 62 65 20 64 72 6f 70 70 65 64 2e 20 54 68 65 20 61 76 65 72 61	ckets.will.be.dropped..The.avera
afc20	67 65 20 71 75 65 75 65 20 73 69 7a 65 20 64 65 70 65 6e 64 73 20 6f 6e 20 69 74 73 20 66 6f 72	ge.queue.size.depends.on.its.for
afc40	6d 65 72 20 61 76 65 72 61 67 65 20 73 69 7a 65 20 61 6e 64 20 69 74 73 20 63 75 72 72 65 6e 74	mer.average.size.and.its.current
afc60	20 6f 6e 65 2e 00 49 66 20 74 68 65 20 70 72 6f 74 6f 63 6f 6c 20 69 73 20 49 50 76 36 20 74 68	.one..If.the.protocol.is.IPv6.th
afc80	65 6e 20 74 68 65 20 73 6f 75 72 63 65 20 61 6e 64 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 61 64	en.the.source.and.destination.ad
afca0	64 72 65 73 73 65 73 20 61 72 65 20 66 69 72 73 74 20 68 61 73 68 65 64 20 75 73 69 6e 67 20 69	dresses.are.first.hashed.using.i
afcc0	70 76 36 5f 61 64 64 72 5f 68 61 73 68 2e 00 49 66 20 74 68 65 20 73 74 61 74 69 63 61 6c 6c 79	pv6_addr_hash..If.the.statically
afce0	20 6d 61 70 70 65 64 20 70 65 65 72 20 69 73 20 72 75 6e 6e 69 6e 67 20 43 69 73 63 6f 20 49 4f	.mapped.peer.is.running.Cisco.IO
afd00	53 2c 20 73 70 65 63 69 66 79 20 74 68 65 20 63 69 73 63 6f 20 6b 65 79 77 6f 72 64 2e 20 49 74	S,.specify.the.cisco.keyword..It
afd20	20 69 73 20 75 73 65 64 20 74 6f 20 66 69 78 20 73 74 61 74 69 63 61 6c 6c 79 20 74 68 65 20 52	.is.used.to.fix.statically.the.R
afd40	65 67 69 73 74 72 61 74 69 6f 6e 20 52 65 71 75 65 73 74 20 49 44 20 73 6f 20 74 68 61 74 20 61	egistration.Request.ID.so.that.a
afd60	20 6d 61 74 63 68 69 6e 67 20 50 75 72 67 65 20 52 65 71 75 65 73 74 20 63 61 6e 20 62 65 20 73	.matching.Purge.Request.can.be.s
afd80	65 6e 74 20 69 66 20 4e 42 4d 41 20 61 64 64 72 65 73 73 20 68 61 73 20 63 68 61 6e 67 65 64 2e	ent.if.NBMA.address.has.changed.
afda0	20 54 68 69 73 20 69 73 20 74 6f 20 77 6f 72 6b 20 61 72 6f 75 6e 64 20 62 72 6f 6b 65 6e 20 49	.This.is.to.work.around.broken.I
afdc0	4f 53 20 77 68 69 63 68 20 72 65 71 75 69 72 65 73 20 50 75 72 67 65 20 52 65 71 75 65 73 74 20	OS.which.requires.Purge.Request.
afde0	49 44 20 74 6f 20 6d 61 74 63 68 20 74 68 65 20 6f 72 69 67 69 6e 61 6c 20 52 65 67 69 73 74 72	ID.to.match.the.original.Registr
afe00	61 74 69 6f 6e 20 52 65 71 75 65 73 74 20 49 44 2e 00 49 66 20 74 68 65 20 73 79 73 74 65 6d 20	ation.Request.ID..If.the.system.
afe20	64 65 74 65 63 74 73 20 61 6e 20 75 6e 63 6f 6e 66 69 67 75 72 65 64 20 77 69 72 65 6c 65 73 73	detects.an.unconfigured.wireless
afe40	20 64 65 76 69 63 65 2c 20 69 74 20 77 69 6c 6c 20 62 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c	.device,.it.will.be.automaticall
afe60	79 20 61 64 64 65 64 20 74 68 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 74 72 65 65 2c 20	y.added.the.configuration.tree,.
afe80	73 70 65 63 69 66 79 69 6e 67 20 61 6e 79 20 64 65 74 65 63 74 65 64 20 73 65 74 74 69 6e 67 73	specifying.any.detected.settings
afea0	20 28 66 6f 72 20 65 78 61 6d 70 6c 65 2c 20 69 74 73 20 4d 41 43 20 61 64 64 72 65 73 73 29 20	.(for.example,.its.MAC.address).
afec0	61 6e 64 20 63 6f 6e 66 69 67 75 72 65 64 20 74 6f 20 72 75 6e 20 69 6e 20 6d 6f 6e 69 74 6f 72	and.configured.to.run.in.monitor
afee0	20 6d 6f 64 65 2e 00 49 66 20 74 68 65 20 74 61 62 6c 65 20 69 73 20 65 6d 70 74 79 20 61 6e 64	.mode..If.the.table.is.empty.and
aff00	20 79 6f 75 20 68 61 76 65 20 61 20 77 61 72 6e 69 6e 67 20 6d 65 73 73 61 67 65 2c 20 69 74 20	.you.have.a.warning.message,.it.
aff20	6d 65 61 6e 73 20 63 6f 6e 6e 74 72 61 63 6b 20 69 73 20 6e 6f 74 20 65 6e 61 62 6c 65 64 2e 20	means.conntrack.is.not.enabled..
aff40	54 6f 20 65 6e 61 62 6c 65 20 63 6f 6e 6e 74 72 61 63 6b 2c 20 6a 75 73 74 20 63 72 65 61 74 65	To.enable.conntrack,.just.create
aff60	20 61 20 4e 41 54 20 6f 72 20 61 20 66 69 72 65 77 61 6c 6c 20 72 75 6c 65 2e 20 3a 63 66 67 63	.a.NAT.or.a.firewall.rule..:cfgc
aff80	6d 64 3a 60 73 65 74 20 66 69 72 65 77 61 6c 6c 20 73 74 61 74 65 2d 70 6f 6c 69 63 79 20 65 73	md:`set.firewall.state-policy.es
affa0	74 61 62 6c 69 73 68 65 64 20 61 63 74 69 6f 6e 20 61 63 63 65 70 74 60 00 49 66 20 74 68 65 72	tablished.action.accept`.If.ther
affc0	65 20 61 72 65 20 6e 6f 20 66 72 65 65 20 61 64 64 72 65 73 73 65 73 20 62 75 74 20 74 68 65 72	e.are.no.free.addresses.but.ther
affe0	65 20 61 72 65 20 61 62 61 6e 64 6f 6e 65 64 20 49 50 20 61 64 64 72 65 73 73 65 73 2c 20 74 68	e.are.abandoned.IP.addresses,.th
b0000	65 20 44 48 43 50 20 73 65 72 76 65 72 20 77 69 6c 6c 20 61 74 74 65 6d 70 74 20 74 6f 20 72 65	e.DHCP.server.will.attempt.to.re
b0020	63 6c 61 69 6d 20 61 6e 20 61 62 61 6e 64 6f 6e 65 64 20 49 50 20 61 64 64 72 65 73 73 20 72 65	claim.an.abandoned.IP.address.re
b0040	67 61 72 64 6c 65 73 73 20 6f 66 20 74 68 65 20 76 61 6c 75 65 20 6f 66 20 61 62 61 6e 64 6f 6e	gardless.of.the.value.of.abandon
b0060	2d 6c 65 61 73 65 2d 74 69 6d 65 2e 00 49 66 20 74 68 65 72 65 20 69 73 20 53 4e 41 54 20 72 75	-lease-time..If.there.is.SNAT.ru
b0080	6c 65 73 20 6f 6e 20 65 74 68 31 2c 20 6e 65 65 64 20 74 6f 20 61 64 64 20 65 78 63 6c 75 64 65	les.on.eth1,.need.to.add.exclude
b00a0	20 72 75 6c 65 00 49 66 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 69 73 20 69 6e 76 6f 6b 65 64	.rule.If.this.command.is.invoked
b00c0	20 66 72 6f 6d 20 63 6f 6e 66 69 67 75 72 65 20 6d 6f 64 65 20 77 69 74 68 20 74 68 65 20 60 60	.from.configure.mode.with.the.``
b00e0	72 75 6e 60 60 20 70 72 65 66 69 78 20 74 68 65 20 6b 65 79 20 69 73 20 61 75 74 6f 6d 61 74 69	run``.prefix.the.key.is.automati
b0100	63 61 6c 6c 79 20 69 6e 73 74 61 6c 6c 65 64 20 74 6f 20 74 68 65 20 61 70 70 72 6f 70 72 69 61	cally.installed.to.the.appropria
b0120	74 65 20 69 6e 74 65 72 66 61 63 65 3a 00 49 66 20 74 68 69 73 20 69 73 20 73 65 74 20 74 68 65	te.interface:.If.this.is.set.the
b0140	20 72 65 6c 61 79 20 61 67 65 6e 74 20 77 69 6c 6c 20 69 6e 73 65 72 74 20 74 68 65 20 69 6e 74	.relay.agent.will.insert.the.int
b0160	65 72 66 61 63 65 20 49 44 2e 20 54 68 69 73 20 6f 70 74 69 6f 6e 20 69 73 20 73 65 74 20 61 75	erface.ID..This.option.is.set.au
b0180	74 6f 6d 61 74 69 63 61 6c 6c 79 20 69 66 20 6d 6f 72 65 20 74 68 61 6e 20 6f 6e 65 20 6c 69 73	tomatically.if.more.than.one.lis
b01a0	74 65 6e 69 6e 67 20 69 6e 74 65 72 66 61 63 65 73 20 61 72 65 20 69 6e 20 75 73 65 2e 00 49 66	tening.interfaces.are.in.use..If
b01c0	20 74 68 69 73 20 6f 70 74 69 6f 6e 20 69 73 20 65 6e 61 62 6c 65 64 2c 20 74 68 65 6e 20 74 68	.this.option.is.enabled,.then.th
b01e0	65 20 61 6c 72 65 61 64 79 2d 73 65 6c 65 63 74 65 64 20 63 68 65 63 6b 2c 20 77 68 65 72 65 20	e.already-selected.check,.where.
b0200	61 6c 72 65 61 64 79 20 73 65 6c 65 63 74 65 64 20 65 42 47 50 20 72 6f 75 74 65 73 20 61 72 65	already.selected.eBGP.routes.are
b0220	20 70 72 65 66 65 72 72 65 64 2c 20 69 73 20 73 6b 69 70 70 65 64 2e 00 49 66 20 74 68 69 73 20	.preferred,.is.skipped..If.this.
b0240	6f 70 74 69 6f 6e 20 69 73 20 73 70 65 63 69 66 69 65 64 20 61 6e 64 20 69 73 20 67 72 65 61 74	option.is.specified.and.is.great
b0260	65 72 20 74 68 61 6e 20 30 2c 20 74 68 65 6e 20 74 68 65 20 50 50 50 20 6d 6f 64 75 6c 65 20 77	er.than.0,.then.the.PPP.module.w
b0280	69 6c 6c 20 73 65 6e 64 20 4c 43 50 20 70 69 6e 67 73 20 6f 66 20 74 68 65 20 65 63 68 6f 20 72	ill.send.LCP.pings.of.the.echo.r
b02a0	65 71 75 65 73 74 20 65 76 65 72 79 20 60 3c 69 6e 74 65 72 76 61 6c 3e 60 20 73 65 63 6f 6e 64	equest.every.`<interval>`.second
b02c0	73 2e 00 49 66 20 74 68 69 73 20 6f 70 74 69 6f 6e 20 69 73 20 75 6e 73 65 74 20 28 64 65 66 61	s..If.this.option.is.unset.(defa
b02e0	75 6c 74 29 2c 20 69 6e 63 6f 6d 69 6e 67 20 49 50 20 64 69 72 65 63 74 65 64 20 62 72 6f 61 64	ult),.incoming.IP.directed.broad
b0300	63 61 73 74 20 70 61 63 6b 65 74 73 20 77 69 6c 6c 20 6e 6f 74 20 62 65 20 66 6f 72 77 61 72 64	cast.packets.will.not.be.forward
b0320	65 64 2e 00 49 66 20 74 68 69 73 20 6f 70 74 69 6f 6e 20 69 73 20 75 6e 73 65 74 20 28 64 65 66	ed..If.this.option.is.unset.(def
b0340	61 75 6c 74 29 2c 20 72 65 70 6c 79 20 66 6f 72 20 61 6e 79 20 6c 6f 63 61 6c 20 74 61 72 67 65	ault),.reply.for.any.local.targe
b0360	74 20 49 50 20 61 64 64 72 65 73 73 2c 20 63 6f 6e 66 69 67 75 72 65 64 20 6f 6e 20 61 6e 79 20	t.IP.address,.configured.on.any.
b0380	69 6e 74 65 72 66 61 63 65 2e 00 49 66 20 74 68 69 73 20 70 61 72 61 6d 65 74 65 72 20 69 73 20	interface..If.this.parameter.is.
b03a0	6e 6f 74 20 73 65 74 20 6f 72 20 30 2c 20 61 6e 20 6f 6e 2d 64 65 6d 61 6e 64 20 6c 69 6e 6b 20	not.set.or.0,.an.on-demand.link.
b03c0	77 69 6c 6c 20 6e 6f 74 20 62 65 20 74 61 6b 65 6e 20 64 6f 77 6e 20 77 68 65 6e 20 69 74 20 69	will.not.be.taken.down.when.it.i
b03e0	73 20 69 64 6c 65 20 61 6e 64 20 61 66 74 65 72 20 74 68 65 20 69 6e 69 74 69 61 6c 20 65 73 74	s.idle.and.after.the.initial.est
b0400	61 62 6c 69 73 68 6d 65 6e 74 20 6f 66 20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 2e 20 49 74	ablishment.of.the.connection..It
b0420	20 77 69 6c 6c 20 73 74 61 79 20 75 70 20 66 6f 72 65 76 65 72 2e 00 49 66 20 74 68 69 73 20 70	.will.stay.up.forever..If.this.p
b0440	61 72 61 6d 65 74 65 72 20 69 73 20 6e 6f 74 20 73 65 74 2c 20 74 68 65 20 64 65 66 61 75 6c 74	arameter.is.not.set,.the.default
b0460	20 68 6f 6c 64 6f 66 66 20 74 69 6d 65 20 69 73 20 33 30 20 73 65 63 6f 6e 64 73 2e 00 49 66 20	.holdoff.time.is.30.seconds..If.
b0480	75 6e 73 65 74 2c 20 69 6e 63 6f 6d 69 6e 67 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 74 6f 20 74	unset,.incoming.connections.to.t
b04a0	68 65 20 52 41 44 49 55 53 20 73 65 72 76 65 72 20 77 69 6c 6c 20 75 73 65 20 74 68 65 20 6e 65	he.RADIUS.server.will.use.the.ne
b04c0	61 72 65 73 74 20 69 6e 74 65 72 66 61 63 65 20 61 64 64 72 65 73 73 20 70 6f 69 6e 74 69 6e 67	arest.interface.address.pointing
b04e0	20 74 6f 77 61 72 64 73 20 74 68 65 20 73 65 72 76 65 72 20 2d 20 6d 61 6b 69 6e 67 20 69 74 20	.towards.the.server.-.making.it.
b0500	65 72 72 6f 72 20 70 72 6f 6e 65 20 6f 6e 20 65 2e 67 2e 20 4f 53 50 46 20 6e 65 74 77 6f 72 6b	error.prone.on.e.g..OSPF.network
b0520	73 20 77 68 65 6e 20 61 20 6c 69 6e 6b 20 66 61 69 6c 73 20 61 6e 64 20 61 20 62 61 63 6b 75 70	s.when.a.link.fails.and.a.backup
b0540	20 72 6f 75 74 65 20 69 73 20 74 61 6b 65 6e 2e 00 49 66 20 75 6e 73 65 74 2c 20 69 6e 63 6f 6d	.route.is.taken..If.unset,.incom
b0560	69 6e 67 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 74 6f 20 74 68 65 20 54 41 43 41 43 53 20 73 65	ing.connections.to.the.TACACS.se
b0580	72 76 65 72 20 77 69 6c 6c 20 75 73 65 20 74 68 65 20 6e 65 61 72 65 73 74 20 69 6e 74 65 72 66	rver.will.use.the.nearest.interf
b05a0	61 63 65 20 61 64 64 72 65 73 73 20 70 6f 69 6e 74 69 6e 67 20 74 6f 77 61 72 64 73 20 74 68 65	ace.address.pointing.towards.the
b05c0	20 73 65 72 76 65 72 20 2d 20 6d 61 6b 69 6e 67 20 69 74 20 65 72 72 6f 72 20 70 72 6f 6e 65 20	.server.-.making.it.error.prone.
b05e0	6f 6e 20 65 2e 67 2e 20 4f 53 50 46 20 6e 65 74 77 6f 72 6b 73 20 77 68 65 6e 20 61 20 6c 69 6e	on.e.g..OSPF.networks.when.a.lin
b0600	6b 20 66 61 69 6c 73 20 61 6e 64 20 61 20 62 61 63 6b 75 70 20 72 6f 75 74 65 20 69 73 20 74 61	k.fails.and.a.backup.route.is.ta
b0620	6b 65 6e 2e 00 49 66 20 79 6f 75 20 61 70 70 6c 79 20 61 20 70 61 72 61 6d 65 74 65 72 20 74 6f	ken..If.you.apply.a.parameter.to
b0640	20 61 6e 20 69 6e 64 69 76 69 64 75 61 6c 20 6e 65 69 67 68 62 6f 72 20 49 50 20 61 64 64 72 65	.an.individual.neighbor.IP.addre
b0660	73 73 2c 20 79 6f 75 20 6f 76 65 72 72 69 64 65 20 74 68 65 20 61 63 74 69 6f 6e 20 64 65 66 69	ss,.you.override.the.action.defi
b0680	6e 65 64 20 66 6f 72 20 61 20 70 65 65 72 20 67 72 6f 75 70 20 74 68 61 74 20 69 6e 63 6c 75 64	ned.for.a.peer.group.that.includ
b06a0	65 73 20 74 68 61 74 20 49 50 20 61 64 64 72 65 73 73 2e 00 49 66 20 79 6f 75 20 61 72 65 20 61	es.that.IP.address..If.you.are.a
b06c0	20 68 61 63 6b 65 72 20 6f 72 20 77 61 6e 74 20 74 6f 20 74 72 79 20 6f 6e 20 79 6f 75 72 20 6f	.hacker.or.want.to.try.on.your.o
b06e0	77 6e 20 77 65 20 73 75 70 70 6f 72 74 20 70 61 73 73 69 6e 67 20 72 61 77 20 4f 70 65 6e 56 50	wn.we.support.passing.raw.OpenVP
b0700	4e 20 6f 70 74 69 6f 6e 73 20 74 6f 20 4f 70 65 6e 56 50 4e 2e 00 49 66 20 79 6f 75 20 61 72 65	N.options.to.OpenVPN..If.you.are
b0720	20 63 6f 6e 66 69 67 75 72 69 6e 67 20 61 20 56 52 46 20 66 6f 72 20 6d 61 6e 61 67 65 6d 65 6e	.configuring.a.VRF.for.managemen
b0740	74 20 70 75 72 70 6f 73 65 73 2c 20 74 68 65 72 65 20 69 73 20 63 75 72 72 65 6e 74 6c 79 20 6e	t.purposes,.there.is.currently.n
b0760	6f 20 77 61 79 20 74 6f 20 66 6f 72 63 65 20 73 79 73 74 65 6d 20 44 4e 53 20 74 72 61 66 66 69	o.way.to.force.system.DNS.traffi
b0780	63 20 76 69 61 20 61 20 73 70 65 63 69 66 69 63 20 56 52 46 2e 00 49 66 20 79 6f 75 20 61 72 65	c.via.a.specific.VRF..If.you.are
b07a0	20 6e 65 77 20 74 6f 20 74 68 65 73 65 20 72 6f 75 74 69 6e 67 20 73 65 63 75 72 69 74 79 20 74	.new.to.these.routing.security.t
b07c0	65 63 68 6e 6f 6c 6f 67 69 65 73 20 74 68 65 6e 20 74 68 65 72 65 20 69 73 20 61 6e 20 60 65 78	echnologies.then.there.is.an.`ex
b07e0	63 65 6c 6c 65 6e 74 20 67 75 69 64 65 20 74 6f 20 52 50 4b 49 60 5f 20 62 79 20 4e 4c 6e 65 74	cellent.guide.to.RPKI`_.by.NLnet
b0800	20 4c 61 62 73 20 77 68 69 63 68 20 77 69 6c 6c 20 67 65 74 20 79 6f 75 20 75 70 20 74 6f 20 73	.Labs.which.will.get.you.up.to.s
b0820	70 65 65 64 20 76 65 72 79 20 71 75 69 63 6b 6c 79 2e 20 54 68 65 69 72 20 64 6f 63 75 6d 65 6e	peed.very.quickly..Their.documen
b0840	74 61 74 69 6f 6e 20 65 78 70 6c 61 69 6e 73 20 65 76 65 72 79 74 68 69 6e 67 20 66 72 6f 6d 20	tation.explains.everything.from.
b0860	77 68 61 74 20 52 50 4b 49 20 69 73 20 74 6f 20 64 65 70 6c 6f 79 69 6e 67 20 69 74 20 69 6e 20	what.RPKI.is.to.deploying.it.in.
b0880	70 72 6f 64 75 63 74 69 6f 6e 2e 20 49 74 20 61 6c 73 6f 20 68 61 73 20 73 6f 6d 65 20 60 68 65	production..It.also.has.some.`he
b08a0	6c 70 20 61 6e 64 20 6f 70 65 72 61 74 69 6f 6e 61 6c 20 67 75 69 64 61 6e 63 65 60 5f 20 69 6e	lp.and.operational.guidance`_.in
b08c0	63 6c 75 64 69 6e 67 20 22 57 68 61 74 20 63 61 6e 20 49 20 64 6f 20 61 62 6f 75 74 20 6d 79 20	cluding."What.can.I.do.about.my.
b08e0	72 6f 75 74 65 20 68 61 76 69 6e 67 20 61 6e 20 49 6e 76 61 6c 69 64 20 73 74 61 74 65 3f 22 00	route.having.an.Invalid.state?".
b0900	49 66 20 79 6f 75 20 61 72 65 20 72 65 73 70 6f 6e 73 69 62 6c 65 20 66 6f 72 20 74 68 65 20 67	If.you.are.responsible.for.the.g
b0920	6c 6f 62 61 6c 20 61 64 64 72 65 73 73 65 73 20 61 73 73 69 67 6e 65 64 20 74 6f 20 79 6f 75 72	lobal.addresses.assigned.to.your
b0940	20 6e 65 74 77 6f 72 6b 2c 20 70 6c 65 61 73 65 20 6d 61 6b 65 20 73 75 72 65 20 74 68 61 74 20	.network,.please.make.sure.that.
b0960	79 6f 75 72 20 70 72 65 66 69 78 65 73 20 68 61 76 65 20 52 4f 41 73 20 61 73 73 6f 63 69 61 74	your.prefixes.have.ROAs.associat
b0980	65 64 20 77 69 74 68 20 74 68 65 6d 20 74 6f 20 61 76 6f 69 64 20 62 65 69 6e 67 20 60 6e 6f 74	ed.with.them.to.avoid.being.`not
b09a0	66 6f 75 6e 64 60 20 62 79 20 52 50 4b 49 2e 20 46 6f 72 20 6d 6f 73 74 20 41 53 4e 73 20 74 68	found`.by.RPKI..For.most.ASNs.th
b09c0	69 73 20 77 69 6c 6c 20 69 6e 76 6f 6c 76 65 20 70 75 62 6c 69 73 68 69 6e 67 20 52 4f 41 73 20	is.will.involve.publishing.ROAs.
b09e0	76 69 61 20 79 6f 75 72 20 3a 61 62 62 72 3a 60 52 49 52 20 28 52 65 67 69 6f 6e 61 6c 20 49 6e	via.your.:abbr:`RIR.(Regional.In
b0a00	74 65 72 6e 65 74 20 52 65 67 69 73 74 72 79 29 60 20 28 52 49 50 45 20 4e 43 43 2c 20 41 50 4e	ternet.Registry)`.(RIPE.NCC,.APN
b0a20	49 43 2c 20 41 52 49 4e 2c 20 4c 41 43 4e 49 43 20 6f 72 20 41 46 52 49 4e 49 43 29 2c 20 61 6e	IC,.ARIN,.LACNIC.or.AFRINIC),.an
b0a40	64 20 69 73 20 73 6f 6d 65 74 68 69 6e 67 20 79 6f 75 20 61 72 65 20 65 6e 63 6f 75 72 61 67 65	d.is.something.you.are.encourage
b0a60	64 20 74 6f 20 64 6f 20 77 68 65 6e 65 76 65 72 20 79 6f 75 20 70 6c 61 6e 20 74 6f 20 61 6e 6e	d.to.do.whenever.you.plan.to.ann
b0a80	6f 75 6e 63 65 20 61 64 64 72 65 73 73 65 73 20 69 6e 74 6f 20 74 68 65 20 44 46 5a 2e 00 49 66	ounce.addresses.into.the.DFZ..If
b0aa0	20 79 6f 75 20 61 72 65 20 75 73 69 6e 67 20 46 51 2d 43 6f 44 65 6c 20 65 6d 62 65 64 64 65 64	.you.are.using.FQ-CoDel.embedded
b0ac0	20 69 6e 74 6f 20 53 68 61 70 65 72 5f 20 61 6e 64 20 79 6f 75 20 68 61 76 65 20 6c 61 72 67 65	.into.Shaper_.and.you.have.large
b0ae0	20 72 61 74 65 73 20 28 31 30 30 4d 62 69 74 20 61 6e 64 20 61 62 6f 76 65 29 2c 20 79 6f 75 20	.rates.(100Mbit.and.above),.you.
b0b00	6d 61 79 20 63 6f 6e 73 69 64 65 72 20 69 6e 63 72 65 61 73 69 6e 67 20 60 71 75 61 6e 74 75 6d	may.consider.increasing.`quantum
b0b20	60 20 74 6f 20 38 30 30 30 20 6f 72 20 68 69 67 68 65 72 20 73 6f 20 74 68 61 74 20 74 68 65 20	`.to.8000.or.higher.so.that.the.
b0b40	73 63 68 65 64 75 6c 65 72 20 73 61 76 65 73 20 43 50 55 2e 00 49 66 20 79 6f 75 20 61 72 65 20	scheduler.saves.CPU..If.you.are.
b0b60	75 73 69 6e 67 20 4f 53 50 46 20 61 73 20 49 47 50 2c 20 61 6c 77 61 79 73 20 74 68 65 20 63 6c	using.OSPF.as.IGP,.always.the.cl
b0b80	6f 73 65 73 74 20 69 6e 74 65 72 66 61 63 65 20 63 6f 6e 6e 65 63 74 65 64 20 74 6f 20 74 68 65	osest.interface.connected.to.the
b0ba0	20 52 41 44 49 55 53 20 73 65 72 76 65 72 20 69 73 20 75 73 65 64 2e 20 57 69 74 68 20 56 79 4f	.RADIUS.server.is.used..With.VyO
b0bc0	53 20 31 2e 32 20 79 6f 75 20 63 61 6e 20 62 69 6e 64 20 61 6c 6c 20 6f 75 74 67 6f 69 6e 67 20	S.1.2.you.can.bind.all.outgoing.
b0be0	52 41 44 49 55 53 20 72 65 71 75 65 73 74 73 20 74 6f 20 61 20 73 69 6e 67 6c 65 20 73 6f 75 72	RADIUS.requests.to.a.single.sour
b0c00	63 65 20 49 50 20 65 2e 67 2e 20 74 68 65 20 6c 6f 6f 70 62 61 63 6b 20 69 6e 74 65 72 66 61 63	ce.IP.e.g..the.loopback.interfac
b0c20	65 2e 00 49 66 20 79 6f 75 20 63 68 61 6e 67 65 20 74 68 65 20 64 65 66 61 75 6c 74 20 65 6e 63	e..If.you.change.the.default.enc
b0c40	72 79 70 74 69 6f 6e 20 61 6e 64 20 68 61 73 68 69 6e 67 20 61 6c 67 6f 72 69 74 68 6d 73 2c 20	ryption.and.hashing.algorithms,.
b0c60	62 65 20 73 75 72 65 20 74 68 61 74 20 74 68 65 20 6c 6f 63 61 6c 20 61 6e 64 20 72 65 6d 6f 74	be.sure.that.the.local.and.remot
b0c80	65 20 65 6e 64 73 20 68 61 76 65 20 6d 61 74 63 68 69 6e 67 20 63 6f 6e 66 69 67 75 72 61 74 69	e.ends.have.matching.configurati
b0ca0	6f 6e 73 2c 20 6f 74 68 65 72 77 69 73 65 20 74 68 65 20 74 75 6e 6e 65 6c 20 77 69 6c 6c 20 6e	ons,.otherwise.the.tunnel.will.n
b0cc0	6f 74 20 63 6f 6d 65 20 75 70 2e 00 49 66 20 79 6f 75 20 63 68 6f 6f 73 65 20 61 6e 79 20 61 73	ot.come.up..If.you.choose.any.as
b0ce0	20 74 68 65 20 6f 70 74 69 6f 6e 20 74 68 61 74 20 77 69 6c 6c 20 63 61 75 73 65 20 61 6c 6c 20	.the.option.that.will.cause.all.
b0d00	70 72 6f 74 6f 63 6f 6c 73 20 74 68 61 74 20 61 72 65 20 73 65 6e 64 69 6e 67 20 72 6f 75 74 65	protocols.that.are.sending.route
b0d20	73 20 74 6f 20 7a 65 62 72 61 2e 00 49 66 20 79 6f 75 20 63 6f 6e 66 69 67 75 72 65 20 61 20 63	s.to.zebra..If.you.configure.a.c
b0d40	6c 61 73 73 20 66 6f 72 20 2a 2a 56 6f 49 50 20 74 72 61 66 66 69 63 2a 2a 2c 20 64 6f 6e 27 74	lass.for.**VoIP.traffic**,.don't
b0d60	20 67 69 76 65 20 69 74 20 61 6e 79 20 2a 63 65 69 6c 69 6e 67 2a 2c 20 6f 74 68 65 72 77 69 73	.give.it.any.*ceiling*,.otherwis
b0d80	65 20 6e 65 77 20 56 6f 49 50 20 63 61 6c 6c 73 20 63 6f 75 6c 64 20 73 74 61 72 74 20 77 68 65	e.new.VoIP.calls.could.start.whe
b0da0	6e 20 74 68 65 20 6c 69 6e 6b 20 69 73 20 61 76 61 69 6c 61 62 6c 65 20 61 6e 64 20 67 65 74 20	n.the.link.is.available.and.get.
b0dc0	73 75 64 64 65 6e 6c 79 20 64 72 6f 70 70 65 64 20 77 68 65 6e 20 6f 74 68 65 72 20 63 6c 61 73	suddenly.dropped.when.other.clas
b0de0	73 65 73 20 73 74 61 72 74 20 75 73 69 6e 67 20 74 68 65 69 72 20 61 73 73 69 67 6e 65 64 20 2a	ses.start.using.their.assigned.*
b0e00	62 61 6e 64 77 69 64 74 68 2a 20 73 68 61 72 65 2e 00 49 66 20 79 6f 75 20 65 6e 61 62 6c 65 20	bandwidth*.share..If.you.enable.
b0e20	74 68 69 73 2c 20 79 6f 75 20 77 69 6c 6c 20 70 72 6f 62 61 62 6c 79 20 77 61 6e 74 20 74 6f 20	this,.you.will.probably.want.to.
b0e40	73 65 74 20 64 69 76 65 72 73 69 74 79 2d 66 61 63 74 6f 72 20 61 6e 64 20 63 68 61 6e 6e 65 6c	set.diversity-factor.and.channel
b0e60	20 62 65 6c 6f 77 2e 00 49 66 20 79 6f 75 20 68 61 70 70 65 6e 20 74 6f 20 72 75 6e 20 74 68 69	.below..If.you.happen.to.run.thi
b0e80	73 20 69 6e 20 61 20 76 69 72 74 75 61 6c 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 20 6c 69 6b 65 20	s.in.a.virtual.environment.like.
b0ea0	62 79 20 45 56 45 2d 4e 47 20 79 6f 75 20 6e 65 65 64 20 74 6f 20 65 6e 73 75 72 65 20 79 6f 75	by.EVE-NG.you.need.to.ensure.you
b0ec0	72 20 56 79 4f 53 20 4e 49 43 20 69 73 20 73 65 74 20 74 6f 20 75 73 65 20 74 68 65 20 65 31 30	r.VyOS.NIC.is.set.to.use.the.e10
b0ee0	30 30 20 64 72 69 76 65 72 2e 20 55 73 69 6e 67 20 74 68 65 20 64 65 66 61 75 6c 74 20 60 60 76	00.driver..Using.the.default.``v
b0f00	69 72 74 69 6f 2d 6e 65 74 2d 70 63 69 60 60 20 6f 72 20 74 68 65 20 60 60 76 6d 78 6e 65 74 33	irtio-net-pci``.or.the.``vmxnet3
b0f20	60 60 20 64 72 69 76 65 72 20 77 69 6c 6c 20 6e 6f 74 20 77 6f 72 6b 2e 20 49 43 4d 50 20 6d 65	``.driver.will.not.work..ICMP.me
b0f40	73 73 61 67 65 73 20 77 69 6c 6c 20 6e 6f 74 20 62 65 20 70 72 6f 70 65 72 6c 79 20 70 72 6f 63	ssages.will.not.be.properly.proc
b0f60	65 73 73 65 64 2e 20 54 68 65 79 20 61 72 65 20 76 69 73 69 62 6c 65 20 6f 6e 20 74 68 65 20 76	essed..They.are.visible.on.the.v
b0f80	69 72 74 75 61 6c 20 77 69 72 65 20 62 75 74 20 77 69 6c 6c 20 6e 6f 74 20 6d 61 6b 65 20 69 74	irtual.wire.but.will.not.make.it
b0fa0	20 66 75 6c 6c 79 20 75 70 20 74 68 65 20 6e 65 74 77 6f 72 6b 69 6e 67 20 73 74 61 63 6b 2e 00	.fully.up.the.networking.stack..
b0fc0	49 66 20 79 6f 75 20 68 61 70 70 65 6e 20 74 6f 20 75 73 65 20 53 6f 6c 61 72 57 69 6e 64 73 20	If.you.happen.to.use.SolarWinds.
b0fe0	4f 72 69 6f 6e 20 61 73 20 4e 4d 53 20 79 6f 75 20 63 61 6e 20 61 6c 73 6f 20 75 73 65 20 74 68	Orion.as.NMS.you.can.also.use.th
b1000	65 20 44 65 76 69 63 65 20 54 65 6d 70 6c 61 74 65 73 20 4d 61 6e 61 67 65 6d 65 6e 74 2e 20 41	e.Device.Templates.Management..A
b1020	20 74 65 6d 70 6c 61 74 65 20 66 6f 72 20 56 79 4f 53 20 63 61 6e 20 62 65 20 65 61 73 69 6c 79	.template.for.VyOS.can.be.easily
b1040	20 69 6d 70 6f 72 74 65 64 2e 00 49 66 20 79 6f 75 20 68 61 70 70 65 6e 65 64 20 74 6f 20 75 73	.imported..If.you.happened.to.us
b1060	65 20 61 20 43 69 73 63 6f 20 4e 4d 2d 31 36 41 20 2d 20 53 69 78 74 65 65 6e 20 50 6f 72 74 20	e.a.Cisco.NM-16A.-.Sixteen.Port.
b1080	41 73 79 6e 63 20 4e 65 74 77 6f 72 6b 20 4d 6f 64 75 6c 65 20 6f 72 20 4e 4d 2d 33 32 41 20 2d	Async.Network.Module.or.NM-32A.-
b10a0	20 54 68 69 72 74 79 2d 74 77 6f 20 50 6f 72 74 20 41 73 79 6e 63 20 4e 65 74 77 6f 72 6b 20 4d	.Thirty-two.Port.Async.Network.M
b10c0	6f 64 75 6c 65 20 2d 20 74 68 69 73 20 69 73 20 79 6f 75 72 20 56 79 4f 53 20 72 65 70 6c 61 63	odule.-.this.is.your.VyOS.replac
b10e0	65 6d 65 6e 74 2e 00 49 66 20 79 6f 75 20 68 61 76 65 20 61 20 6c 6f 74 20 6f 66 20 69 6e 74 65	ement..If.you.have.a.lot.of.inte
b1100	72 66 61 63 65 73 2c 20 61 6e 64 2f 6f 72 20 61 20 6c 6f 74 20 6f 66 20 73 75 62 6e 65 74 73 2c	rfaces,.and/or.a.lot.of.subnets,
b1120	20 74 68 65 6e 20 65 6e 61 62 6c 69 6e 67 20 4f 53 50 46 20 76 69 61 20 74 68 69 73 20 63 6f 6d	.then.enabling.OSPF.via.this.com
b1140	6d 61 6e 64 20 6d 61 79 20 72 65 73 75 6c 74 20 69 6e 20 61 20 73 6c 69 67 68 74 20 70 65 72 66	mand.may.result.in.a.slight.perf
b1160	6f 72 6d 61 6e 63 65 20 69 6d 70 72 6f 76 65 6d 65 6e 74 2e 00 49 66 20 79 6f 75 20 68 61 76 65	ormance.improvement..If.you.have
b1180	20 63 6f 6e 66 69 67 75 72 65 64 20 74 68 65 20 60 49 4e 53 49 44 45 2d 4f 55 54 60 20 70 6f 6c	.configured.the.`INSIDE-OUT`.pol
b11a0	69 63 79 2c 20 79 6f 75 20 77 69 6c 6c 20 6e 65 65 64 20 74 6f 20 61 64 64 20 61 64 64 69 74 69	icy,.you.will.need.to.add.additi
b11c0	6f 6e 61 6c 20 72 75 6c 65 73 20 74 6f 20 70 65 72 6d 69 74 20 69 6e 62 6f 75 6e 64 20 4e 41 54	onal.rules.to.permit.inbound.NAT
b11e0	20 74 72 61 66 66 69 63 2e 00 49 66 20 79 6f 75 20 6e 65 65 64 20 74 6f 20 73 61 6d 70 6c 65 20	.traffic..If.you.need.to.sample.
b1200	61 6c 73 6f 20 65 67 72 65 73 73 20 74 72 61 66 66 69 63 2c 20 79 6f 75 20 6d 61 79 20 77 61 6e	also.egress.traffic,.you.may.wan
b1220	74 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 65 67 72 65 73 73 20 66 6c 6f 77 2d 61 63 63 6f 75	t.to.configure.egress.flow-accou
b1240	6e 74 69 6e 67 3a 00 49 66 20 79 6f 75 20 6f 6e 6c 79 20 77 61 6e 74 20 74 6f 20 63 68 65 63 6b	nting:.If.you.only.want.to.check
b1260	20 69 66 20 74 68 65 20 75 73 65 72 20 61 63 63 6f 75 6e 74 20 69 73 20 65 6e 61 62 6c 65 64 20	.if.the.user.account.is.enabled.
b1280	61 6e 64 20 63 61 6e 20 61 75 74 68 65 6e 74 69 63 61 74 65 20 28 61 67 61 69 6e 73 74 20 74 68	and.can.authenticate.(against.th
b12a0	65 20 70 72 69 6d 61 72 79 20 67 72 6f 75 70 29 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 73	e.primary.group).the.following.s
b12c0	6e 69 70 70 65 64 20 69 73 20 73 75 66 66 69 63 69 65 6e 74 3a 00 49 66 20 79 6f 75 20 73 65 74	nipped.is.sufficient:.If.you.set
b12e0	20 61 20 63 75 73 74 6f 6d 20 52 41 44 49 55 53 20 61 74 74 72 69 62 75 74 65 20 79 6f 75 20 6d	.a.custom.RADIUS.attribute.you.m
b1300	75 73 74 20 64 65 66 69 6e 65 20 69 74 20 6f 6e 20 62 6f 74 68 20 64 69 63 74 69 6f 6e 61 72 69	ust.define.it.on.both.dictionari
b1320	65 73 20 61 74 20 52 41 44 49 55 53 20 73 65 72 76 65 72 20 61 6e 64 20 63 6c 69 65 6e 74 2c 20	es.at.RADIUS.server.and.client,.
b1340	77 68 69 63 68 20 69 73 20 74 68 65 20 76 79 6f 73 20 72 6f 75 74 65 72 20 69 6e 20 6f 75 72 20	which.is.the.vyos.router.in.our.
b1360	65 78 61 6d 70 6c 65 2e 00 49 66 20 79 6f 75 20 75 73 65 20 55 53 42 20 74 6f 20 73 65 72 69 61	example..If.you.use.USB.to.seria
b1380	6c 20 63 6f 6e 76 65 72 74 65 72 73 20 66 6f 72 20 63 6f 6e 6e 65 63 74 69 6e 67 20 74 6f 20 79	l.converters.for.connecting.to.y
b13a0	6f 75 72 20 56 79 4f 53 20 61 70 70 6c 69 61 6e 63 65 20 70 6c 65 61 73 65 20 6e 6f 74 65 20 74	our.VyOS.appliance.please.note.t
b13c0	68 61 74 20 6d 6f 73 74 20 6f 66 20 74 68 65 6d 20 75 73 65 20 73 6f 66 74 77 61 72 65 20 65 6d	hat.most.of.them.use.software.em
b13e0	75 6c 61 74 69 6f 6e 20 77 69 74 68 6f 75 74 20 66 6c 6f 77 20 63 6f 6e 74 72 6f 6c 2e 20 54 68	ulation.without.flow.control..Th
b1400	69 73 20 6d 65 61 6e 73 20 79 6f 75 20 73 68 6f 75 6c 64 20 73 74 61 72 74 20 77 69 74 68 20 61	is.means.you.should.start.with.a
b1420	20 63 6f 6d 6d 6f 6e 20 62 61 75 64 20 72 61 74 65 20 28 6d 6f 73 74 20 6c 69 6b 65 6c 79 20 39	.common.baud.rate.(most.likely.9
b1440	36 30 30 20 62 61 75 64 29 20 61 73 20 6f 74 68 65 72 77 69 73 65 20 79 6f 75 20 70 72 6f 62 61	600.baud).as.otherwise.you.proba
b1460	62 6c 79 20 63 61 6e 20 6e 6f 74 20 63 6f 6e 6e 65 63 74 20 74 6f 20 74 68 65 20 64 65 76 69 63	bly.can.not.connect.to.the.devic
b1480	65 20 75 73 69 6e 67 20 68 69 67 68 20 73 70 65 65 64 20 62 61 75 64 20 72 61 74 65 73 20 61 73	e.using.high.speed.baud.rates.as
b14a0	20 79 6f 75 72 20 73 65 72 69 61 6c 20 63 6f 6e 76 65 72 74 65 72 20 73 69 6d 70 6c 79 20 63 61	.your.serial.converter.simply.ca
b14c0	6e 20 6e 6f 74 20 70 72 6f 63 65 73 73 20 74 68 69 73 20 64 61 74 61 20 72 61 74 65 2e 00 49 66	n.not.process.this.data.rate..If
b14e0	20 79 6f 75 20 77 61 6e 74 20 74 6f 20 63 68 61 6e 67 65 20 74 68 65 20 6d 61 78 69 6d 75 6d 20	.you.want.to.change.the.maximum.
b1500	6e 75 6d 62 65 72 20 6f 66 20 66 6c 6f 77 73 2c 20 77 68 69 63 68 20 61 72 65 20 74 72 61 63 6b	number.of.flows,.which.are.track
b1520	69 6e 67 20 73 69 6d 75 6c 74 61 6e 65 6f 75 73 6c 79 2c 20 79 6f 75 20 6d 61 79 20 64 6f 20 74	ing.simultaneously,.you.may.do.t
b1540	68 69 73 20 77 69 74 68 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 28 64 65 66 61 75 6c 74 20 38	his.with.this.command.(default.8
b1560	31 39 32 29 2e 00 49 66 20 79 6f 75 20 77 61 6e 74 20 74 6f 20 64 69 73 61 62 6c 65 20 61 20 72	192)..If.you.want.to.disable.a.r
b1580	75 6c 65 20 62 75 74 20 6c 65 74 20 69 74 20 69 6e 20 74 68 65 20 63 6f 6e 66 69 67 75 72 61 74	ule.but.let.it.in.the.configurat
b15a0	69 6f 6e 2e 00 49 66 20 79 6f 75 20 77 61 6e 74 20 74 6f 20 68 61 76 65 20 61 64 6d 69 6e 20 75	ion..If.you.want.to.have.admin.u
b15c0	73 65 72 73 20 74 6f 20 61 75 74 68 65 6e 74 69 63 61 74 65 20 76 69 61 20 52 41 44 49 55 53 20	sers.to.authenticate.via.RADIUS.
b15e0	69 74 20 69 73 20 65 73 73 65 6e 74 69 61 6c 20 74 6f 20 73 65 6e 74 20 74 68 65 20 60 60 43 69	it.is.essential.to.sent.the.``Ci
b1600	73 63 6f 2d 41 56 2d 50 61 69 72 20 73 68 65 6c 6c 3a 70 72 69 76 2d 6c 76 6c 3d 31 35 60 60 20	sco-AV-Pair.shell:priv-lvl=15``.
b1620	61 74 74 72 69 62 75 74 65 2e 20 57 69 74 68 6f 75 74 20 74 68 65 20 61 74 74 72 69 62 75 74 65	attribute..Without.the.attribute
b1640	20 79 6f 75 20 77 69 6c 6c 20 6f 6e 6c 79 20 67 65 74 20 72 65 67 75 6c 61 72 2c 20 6e 6f 6e 20	.you.will.only.get.regular,.non.
b1660	70 72 69 76 69 6c 65 67 75 65 64 2c 20 73 79 73 74 65 6d 20 75 73 65 72 73 2e 00 49 66 20 79 6f	privilegued,.system.users..If.yo
b1680	75 20 77 61 6e 74 20 74 6f 20 75 73 65 20 65 78 69 73 74 69 6e 67 20 62 6c 61 63 6b 6c 69 73 74	u.want.to.use.existing.blacklist
b16a0	73 20 79 6f 75 20 68 61 76 65 20 74 6f 20 63 72 65 61 74 65 2f 64 6f 77 6e 6c 6f 61 64 20 61 20	s.you.have.to.create/download.a.
b16c0	64 61 74 61 62 61 73 65 20 66 69 72 73 74 2e 20 4f 74 68 65 72 77 69 73 65 20 79 6f 75 20 77 69	database.first..Otherwise.you.wi
b16e0	6c 6c 20 6e 6f 74 20 62 65 20 61 62 6c 65 20 74 6f 20 63 6f 6d 6d 69 74 20 74 68 65 20 63 6f 6e	ll.not.be.able.to.commit.the.con
b1700	66 69 67 20 63 68 61 6e 67 65 73 2e 00 49 66 20 79 6f 75 20 77 61 6e 74 20 79 6f 75 72 20 72 6f	fig.changes..If.you.want.your.ro
b1720	75 74 65 72 20 74 6f 20 66 6f 72 77 61 72 64 20 44 48 43 50 20 72 65 71 75 65 73 74 73 20 74 6f	uter.to.forward.DHCP.requests.to
b1740	20 61 6e 20 65 78 74 65 72 6e 61 6c 20 44 48 43 50 20 73 65 72 76 65 72 20 79 6f 75 20 63 61 6e	.an.external.DHCP.server.you.can
b1760	20 63 6f 6e 66 69 67 75 72 65 20 74 68 65 20 73 79 73 74 65 6d 20 74 6f 20 61 63 74 20 61 73 20	.configure.the.system.to.act.as.
b1780	61 20 44 48 43 50 20 72 65 6c 61 79 20 61 67 65 6e 74 2e 20 54 68 65 20 44 48 43 50 20 72 65 6c	a.DHCP.relay.agent..The.DHCP.rel
b17a0	61 79 20 61 67 65 6e 74 20 77 6f 72 6b 73 20 77 69 74 68 20 49 50 76 34 20 61 6e 64 20 49 50 76	ay.agent.works.with.IPv4.and.IPv
b17c0	36 20 61 64 64 72 65 73 73 65 73 2e 00 49 66 20 79 6f 75 27 76 65 20 63 6f 6d 70 6c 65 74 65 64	6.addresses..If.you've.completed
b17e0	20 61 6c 6c 20 74 68 65 20 61 62 6f 76 65 20 73 74 65 70 73 20 79 6f 75 20 6e 6f 20 64 6f 75 62	.all.the.above.steps.you.no.doub
b1800	74 20 77 61 6e 74 20 74 6f 20 73 65 65 20 69 66 20 69 74 27 73 20 61 6c 6c 20 77 6f 72 6b 69 6e	t.want.to.see.if.it's.all.workin
b1820	67 2e 00 49 67 6e 6f 72 65 20 41 53 5f 50 41 54 48 20 6c 65 6e 67 74 68 20 77 68 65 6e 20 73 65	g..Ignore.AS_PATH.length.when.se
b1840	6c 65 63 74 69 6e 67 20 61 20 72 6f 75 74 65 00 49 67 6e 6f 72 65 20 56 52 52 50 20 6d 61 69 6e	lecting.a.route.Ignore.VRRP.main
b1860	20 69 6e 74 65 72 66 61 63 65 20 66 61 75 6c 74 73 00 49 6d 61 67 65 20 74 68 61 6e 6b 66 75 6c	.interface.faults.Image.thankful
b1880	6c 79 20 62 6f 72 72 6f 77 65 64 20 66 72 6f 6d 20 68 74 74 70 73 3a 2f 2f 65 6e 2e 77 69 6b 69	ly.borrowed.from.https://en.wiki
b18a0	70 65 64 69 61 2e 6f 72 67 2f 77 69 6b 69 2f 46 69 6c 65 3a 53 4e 4d 50 5f 63 6f 6d 6d 75 6e 69	pedia.org/wiki/File:SNMP_communi
b18c0	63 61 74 69 6f 6e 5f 70 72 69 6e 63 69 70 6c 65 73 5f 64 69 61 67 72 61 6d 2e 50 4e 47 20 77 68	cation_principles_diagram.PNG.wh
b18e0	69 63 68 20 69 73 20 75 6e 64 65 72 20 74 68 65 20 47 4e 55 20 46 72 65 65 20 44 6f 63 75 6d 65	ich.is.under.the.GNU.Free.Docume
b1900	6e 74 61 74 69 6f 6e 20 4c 69 63 65 6e 73 65 00 49 6d 61 67 69 6e 65 20 74 68 65 20 66 6f 6c 6c	ntation.License.Imagine.the.foll
b1920	6f 77 69 6e 67 20 74 6f 70 6f 6c 6f 67 79 00 49 6d 6d 65 64 69 61 74 65 00 49 6d 70 6f 72 74 65	owing.topology.Immediate.Importe
b1940	64 20 70 72 65 66 69 78 65 73 20 64 75 72 69 6e 67 20 74 68 65 20 76 61 6c 69 64 61 74 69 6f 6e	d.prefixes.during.the.validation
b1960	20 6d 61 79 20 68 61 76 65 20 76 61 6c 75 65 73 3a 00 49 6e 20 3a 72 66 63 3a 60 33 30 36 39 60	.may.have.values:.In.:rfc:`3069`
b1980	20 69 74 20 69 73 20 63 61 6c 6c 65 64 20 56 4c 41 4e 20 41 67 67 72 65 67 61 74 69 6f 6e 00 49	.it.is.called.VLAN.Aggregation.I
b19a0	6e 20 3a 76 79 74 61 73 6b 3a 60 54 32 31 39 39 60 20 74 68 65 20 73 79 6e 74 61 78 20 6f 66 20	n.:vytask:`T2199`.the.syntax.of.
b19c0	74 68 65 20 7a 6f 6e 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 77 61 73 20 63 68 61 6e 67	the.zone.configuration.was.chang
b19e0	65 64 2e 20 54 68 65 20 7a 6f 6e 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6d 6f 76 65 64	ed..The.zone.configuration.moved
b1a00	20 66 72 6f 6d 20 60 60 7a 6f 6e 65 2d 70 6f 6c 69 63 79 20 7a 6f 6e 65 20 3c 6e 61 6d 65 3e 60	.from.``zone-policy.zone.<name>`
b1a20	60 20 74 6f 20 60 60 66 69 72 65 77 61 6c 6c 20 7a 6f 6e 65 20 3c 6e 61 6d 65 3e 60 60 2e 00 49	`.to.``firewall.zone.<name>``..I
b1a40	6e 20 49 6e 74 65 72 6e 65 74 20 50 72 6f 74 6f 63 6f 6c 20 56 65 72 73 69 6f 6e 20 36 20 28 49	n.Internet.Protocol.Version.6.(I
b1a60	50 76 36 29 20 6e 65 74 77 6f 72 6b 73 2c 20 74 68 65 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79	Pv6).networks,.the.functionality
b1a80	20 6f 66 20 41 52 50 20 69 73 20 70 72 6f 76 69 64 65 64 20 62 79 20 74 68 65 20 4e 65 69 67 68	.of.ARP.is.provided.by.the.Neigh
b1aa0	62 6f 72 20 44 69 73 63 6f 76 65 72 79 20 50 72 6f 74 6f 63 6f 6c 20 28 4e 44 50 29 2e 00 49 6e	bor.Discovery.Protocol.(NDP)..In
b1ac0	20 50 72 69 6f 72 69 74 79 20 51 75 65 75 65 20 77 65 20 64 6f 20 6e 6f 74 20 64 65 66 69 6e 65	.Priority.Queue.we.do.not.define
b1ae0	20 63 6c 61 73 65 73 20 77 69 74 68 20 61 20 6d 65 61 6e 69 6e 67 6c 65 73 73 20 63 6c 61 73 73	.clases.with.a.meaningless.class
b1b00	20 49 44 20 6e 75 6d 62 65 72 20 62 75 74 20 77 69 74 68 20 61 20 63 6c 61 73 73 20 70 72 69 6f	.ID.number.but.with.a.class.prio
b1b20	72 69 74 79 20 6e 75 6d 62 65 72 20 28 31 2d 37 29 2e 20 54 68 65 20 6c 6f 77 65 72 20 74 68 65	rity.number.(1-7)..The.lower.the
b1b40	20 6e 75 6d 62 65 72 2c 20 74 68 65 20 68 69 67 68 65 72 20 74 68 65 20 70 72 69 6f 72 69 74 79	.number,.the.higher.the.priority
b1b60	2e 00 49 6e 20 56 79 4f 53 20 74 68 65 20 74 65 72 6d 73 20 60 60 76 69 66 2d 73 60 60 20 61 6e	..In.VyOS.the.terms.``vif-s``.an
b1b80	64 20 60 60 76 69 66 2d 63 60 60 20 73 74 61 6e 64 20 66 6f 72 20 74 68 65 20 65 74 68 65 72 74	d.``vif-c``.stand.for.the.ethert
b1ba0	79 70 65 20 74 61 67 73 20 74 68 61 74 20 61 72 65 20 75 73 65 64 2e 00 49 6e 20 56 79 4f 53 2c	ype.tags.that.are.used..In.VyOS,
b1bc0	20 45 53 50 20 61 74 74 72 69 62 75 74 65 73 20 61 72 65 20 73 70 65 63 69 66 69 65 64 20 74 68	.ESP.attributes.are.specified.th
b1be0	72 6f 75 67 68 20 45 53 50 20 67 72 6f 75 70 73 2e 20 4d 75 6c 74 69 70 6c 65 20 70 72 6f 70 6f	rough.ESP.groups..Multiple.propo
b1c00	73 61 6c 73 20 63 61 6e 20 62 65 20 73 70 65 63 69 66 69 65 64 20 69 6e 20 61 20 73 69 6e 67 6c	sals.can.be.specified.in.a.singl
b1c20	65 20 67 72 6f 75 70 2e 00 49 6e 20 56 79 4f 53 2c 20 49 4b 45 20 61 74 74 72 69 62 75 74 65 73	e.group..In.VyOS,.IKE.attributes
b1c40	20 61 72 65 20 73 70 65 63 69 66 69 65 64 20 74 68 72 6f 75 67 68 20 49 4b 45 20 67 72 6f 75 70	.are.specified.through.IKE.group
b1c60	73 2e 20 4d 75 6c 74 69 70 6c 65 20 70 72 6f 70 6f 73 61 6c 73 20 63 61 6e 20 62 65 20 73 70 65	s..Multiple.proposals.can.be.spe
b1c80	63 69 66 69 65 64 20 69 6e 20 61 20 73 69 6e 67 6c 65 20 67 72 6f 75 70 2e 00 49 6e 20 56 79 4f	cified.in.a.single.group..In.VyO
b1ca0	53 2c 20 61 20 63 6c 61 73 73 20 69 73 20 69 64 65 6e 74 69 66 69 65 64 20 62 79 20 61 20 6e 75	S,.a.class.is.identified.by.a.nu
b1cc0	6d 62 65 72 20 79 6f 75 20 63 61 6e 20 63 68 6f 6f 73 65 20 77 68 65 6e 20 63 6f 6e 66 69 67 75	mber.you.can.choose.when.configu
b1ce0	72 69 6e 67 20 69 74 2e 00 49 6e 20 61 20 6d 69 6e 69 6d 61 6c 20 63 6f 6e 66 69 67 75 72 61 74	ring.it..In.a.minimal.configurat
b1d00	69 6f 6e 2c 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 6d 75 73 74 20 62 65 20 70 72 6f 76 69	ion,.the.following.must.be.provi
b1d20	64 65 64 3a 00 49 6e 20 61 20 6d 75 6c 74 69 70 6c 65 20 56 4c 41 4e 20 68 65 61 64 65 72 20 63	ded:.In.a.multiple.VLAN.header.c
b1d40	6f 6e 74 65 78 74 2c 20 6f 75 74 20 6f 66 20 63 6f 6e 76 65 6e 69 65 6e 63 65 20 74 68 65 20 74	ontext,.out.of.convenience.the.t
b1d60	65 72 6d 20 22 56 4c 41 4e 20 74 61 67 22 20 6f 72 20 6a 75 73 74 20 22 74 61 67 22 20 66 6f 72	erm."VLAN.tag".or.just."tag".for
b1d80	20 73 68 6f 72 74 20 69 73 20 6f 66 74 65 6e 20 75 73 65 64 20 69 6e 20 70 6c 61 63 65 20 6f 66	.short.is.often.used.in.place.of
b1da0	20 22 38 30 32 2e 31 71 5f 20 56 4c 41 4e 20 68 65 61 64 65 72 22 2e 20 51 69 6e 51 20 61 6c 6c	."802.1q_.VLAN.header"..QinQ.all
b1dc0	6f 77 73 20 6d 75 6c 74 69 70 6c 65 20 56 4c 41 4e 20 74 61 67 73 20 69 6e 20 61 6e 20 45 74 68	ows.multiple.VLAN.tags.in.an.Eth
b1de0	65 72 6e 65 74 20 66 72 61 6d 65 3b 20 74 6f 67 65 74 68 65 72 20 74 68 65 73 65 20 74 61 67 73	ernet.frame;.together.these.tags
b1e00	20 63 6f 6e 73 74 69 74 75 74 65 20 61 20 74 61 67 20 73 74 61 63 6b 2e 20 57 68 65 6e 20 75 73	.constitute.a.tag.stack..When.us
b1e20	65 64 20 69 6e 20 74 68 65 20 63 6f 6e 74 65 78 74 20 6f 66 20 61 6e 20 45 74 68 65 72 6e 65 74	ed.in.the.context.of.an.Ethernet
b1e40	20 66 72 61 6d 65 2c 20 61 20 51 69 6e 51 20 66 72 61 6d 65 20 69 73 20 61 20 66 72 61 6d 65 20	.frame,.a.QinQ.frame.is.a.frame.
b1e60	74 68 61 74 20 68 61 73 20 32 20 56 4c 41 4e 20 38 30 32 2e 31 71 5f 20 68 65 61 64 65 72 73 20	that.has.2.VLAN.802.1q_.headers.
b1e80	28 64 6f 75 62 6c 65 2d 74 61 67 67 65 64 29 2e 00 49 6e 20 61 20 6e 75 74 73 68 65 6c 6c 2c 20	(double-tagged)..In.a.nutshell,.
b1ea0	74 68 65 20 63 75 72 72 65 6e 74 20 69 6d 70 6c 65 6d 65 6e 74 61 74 69 6f 6e 20 70 72 6f 76 69	the.current.implementation.provi
b1ec0	64 65 73 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 66 65 61 74 75 72 65 73 3a 00 49 6e 20 61	des.the.following.features:.In.a
b1ee0	64 64 69 74 69 6f 6e 20 74 6f 20 3a 61 62 62 72 3a 60 52 41 44 49 55 53 20 28 52 65 6d 6f 74 65	ddition.to.:abbr:`RADIUS.(Remote
b1f00	20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 44 69 61 6c 2d 49 6e 20 55 73 65 72 20 53 65 72	.Authentication.Dial-In.User.Ser
b1f20	76 69 63 65 29 60 2c 20 3a 61 62 62 72 3a 60 54 41 43 41 43 53 20 28 54 65 72 6d 69 6e 61 6c 20	vice)`,.:abbr:`TACACS.(Terminal.
b1f40	41 63 63 65 73 73 20 43 6f 6e 74 72 6f 6c 6c 65 72 20 41 63 63 65 73 73 20 43 6f 6e 74 72 6f 6c	Access.Controller.Access.Control
b1f60	20 53 79 73 74 65 6d 29 60 20 63 61 6e 20 61 6c 73 6f 20 62 65 20 66 6f 75 6e 64 20 69 6e 20 6c	.System)`.can.also.be.found.in.l
b1f80	61 72 67 65 20 64 65 70 6c 6f 79 6d 65 6e 74 73 2e 00 49 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f	arge.deployments..In.addition.to
b1fa0	20 64 69 73 70 6c 61 79 69 6e 67 20 66 6c 6f 77 20 61 63 63 6f 75 6e 74 69 6e 67 20 69 6e 66 6f	.displaying.flow.accounting.info
b1fc0	72 6d 61 74 69 6f 6e 20 6c 6f 63 61 6c 6c 79 2c 20 6f 6e 65 20 63 61 6e 20 61 6c 73 6f 20 65 78	rmation.locally,.one.can.also.ex
b1fe0	70 6f 72 74 65 64 20 74 68 65 6d 20 74 6f 20 61 20 63 6f 6c 6c 65 63 74 69 6f 6e 20 73 65 72 76	ported.them.to.a.collection.serv
b2000	65 72 2e 00 49 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 20 74 68 65 20 63 6f 6d 6d 61 6e 64 20 61	er..In.addition.to.the.command.a
b2020	62 6f 76 65 2c 20 74 68 65 20 6f 75 74 70 75 74 20 69 73 20 69 6e 20 61 20 66 6f 72 6d 61 74 20	bove,.the.output.is.in.a.format.
b2040	77 68 69 63 68 20 63 61 6e 20 62 65 20 75 73 65 64 20 74 6f 20 64 69 72 65 63 74 6c 79 20 69 6d	which.can.be.used.to.directly.im
b2060	70 6f 72 74 20 74 68 65 20 6b 65 79 20 69 6e 74 6f 20 74 68 65 20 56 79 4f 53 20 43 4c 49 20 62	port.the.key.into.the.VyOS.CLI.b
b2080	79 20 73 69 6d 70 6c 79 20 63 6f 70 79 2d 70 61 73 74 69 6e 67 20 74 68 65 20 6f 75 74 70 75 74	y.simply.copy-pasting.the.output
b20a0	20 66 72 6f 6d 20 6f 70 2d 6d 6f 64 65 20 69 6e 74 6f 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e	.from.op-mode.into.configuration
b20c0	20 6d 6f 64 65 2e 00 49 6e 20 61 64 64 69 74 69 6f 6e 20 79 6f 75 20 63 61 6e 20 61 6c 73 6f 20	.mode..In.addition.you.can.also.
b20e0	64 69 73 61 62 6c 65 20 74 68 65 20 77 68 6f 6c 65 20 73 65 72 76 69 63 65 20 77 69 74 68 6f 75	disable.the.whole.service.withou
b2100	74 20 74 68 65 20 6e 65 65 64 20 74 6f 20 72 65 6d 6f 76 65 20 69 74 20 66 72 6f 6d 20 74 68 65	t.the.need.to.remove.it.from.the
b2120	20 63 75 72 72 65 6e 74 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2e 00 49 6e 20 61 64 64 69 74	.current.configuration..In.addit
b2140	69 6f 6e 20 79 6f 75 20 77 69 6c 6c 20 73 70 65 63 69 66 69 79 20 74 68 65 20 49 50 20 61 64 64	ion.you.will.specifiy.the.IP.add
b2160	72 65 73 73 20 6f 72 20 46 51 44 4e 20 66 6f 72 20 74 68 65 20 63 6c 69 65 6e 74 20 77 68 65 72	ress.or.FQDN.for.the.client.wher
b2180	65 20 69 74 20 77 69 6c 6c 20 63 6f 6e 6e 65 63 74 20 74 6f 2e 20 54 68 65 20 61 64 64 72 65 73	e.it.will.connect.to..The.addres
b21a0	73 20 70 61 72 61 6d 65 74 65 72 20 63 61 6e 20 62 65 20 75 73 65 64 20 75 70 20 74 6f 20 74 77	s.parameter.can.be.used.up.to.tw
b21c0	6f 20 74 69 6d 65 73 20 61 6e 64 20 69 73 20 75 73 65 64 20 74 6f 20 61 73 73 69 67 6e 20 74 68	o.times.and.is.used.to.assign.th
b21e0	65 20 63 6c 69 65 6e 74 73 20 73 70 65 63 69 66 69 63 20 49 50 76 34 20 28 2f 33 32 29 20 6f 72	e.clients.specific.IPv4.(/32).or
b2200	20 49 50 76 36 20 28 2f 31 32 38 29 20 61 64 64 72 65 73 73 2e 00 49 6e 20 61 64 64 69 74 69 6f	.IPv6.(/128).address..In.additio
b2220	6e 2c 20 79 6f 75 20 63 61 6e 20 73 70 65 63 69 66 79 20 6d 61 6e 79 20 6f 74 68 65 72 20 70 61	n,.you.can.specify.many.other.pa
b2240	72 61 6d 65 74 65 72 73 20 74 6f 20 67 65 74 20 42 47 50 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 3a	rameters.to.get.BGP.information:
b2260	00 49 6e 20 61 6e 20 2a 2a 61 64 64 72 65 73 73 20 67 72 6f 75 70 2a 2a 20 61 20 73 69 6e 67 6c	.In.an.**address.group**.a.singl
b2280	65 20 49 50 20 61 64 64 72 65 73 73 20 6f 72 20 49 50 20 61 64 64 72 65 73 73 20 72 61 6e 67 65	e.IP.address.or.IP.address.range
b22a0	73 20 61 72 65 20 64 65 66 69 6e 65 64 2e 00 49 6e 20 63 61 73 65 20 6f 66 20 70 65 65 72 2d 70	s.are.defined..In.case.of.peer-p
b22c0	65 65 72 20 72 65 6c 61 74 69 6f 6e 73 68 69 70 20 72 6f 75 74 65 73 20 63 61 6e 20 62 65 20 72	eer.relationship.routes.can.be.r
b22e0	65 63 65 69 76 65 64 20 6f 6e 6c 79 20 69 66 20 4f 54 43 20 76 61 6c 75 65 20 69 73 20 65 71 75	eceived.only.if.OTC.value.is.equ
b2300	61 6c 20 74 6f 20 79 6f 75 72 20 6e 65 69 67 68 62 6f 72 20 41 53 20 6e 75 6d 62 65 72 2e 00 49	al.to.your.neighbor.AS.number..I
b2320	6e 20 63 61 73 65 2c 20 69 66 20 79 6f 75 20 6e 65 65 64 20 74 6f 20 63 61 74 63 68 20 73 6f 6d	n.case,.if.you.need.to.catch.som
b2340	65 20 6c 6f 67 73 20 66 72 6f 6d 20 66 6c 6f 77 2d 61 63 63 6f 75 6e 74 69 6e 67 20 64 61 65 6d	e.logs.from.flow-accounting.daem
b2360	6f 6e 2c 20 79 6f 75 20 6d 61 79 20 63 6f 6e 66 69 67 75 72 65 20 6c 6f 67 67 69 6e 67 20 66 61	on,.you.may.configure.logging.fa
b2380	63 69 6c 69 74 79 3a 00 49 6e 20 63 6f 6e 74 72 61 73 74 20 74 6f 20 73 69 6d 70 6c 65 20 52 45	cility:.In.contrast.to.simple.RE
b23a0	44 2c 20 56 79 4f 53 27 20 52 61 6e 64 6f 6d 2d 44 65 74 65 63 74 20 75 73 65 73 20 61 20 47 65	D,.VyOS'.Random-Detect.uses.a.Ge
b23c0	6e 65 72 61 6c 69 7a 65 64 20 52 61 6e 64 6f 6d 20 45 61 72 6c 79 20 44 65 74 65 63 74 20 70 6f	neralized.Random.Early.Detect.po
b23e0	6c 69 63 79 20 74 68 61 74 20 70 72 6f 76 69 64 65 73 20 64 69 66 66 65 72 65 6e 74 20 76 69 72	licy.that.provides.different.vir
b2400	74 75 61 6c 20 71 75 65 75 65 73 20 62 61 73 65 64 20 6f 6e 20 74 68 65 20 49 50 20 50 72 65 63	tual.queues.based.on.the.IP.Prec
b2420	65 64 65 6e 63 65 20 76 61 6c 75 65 20 73 6f 20 74 68 61 74 20 73 6f 6d 65 20 76 69 72 74 75 61	edence.value.so.that.some.virtua
b2440	6c 20 71 75 65 75 65 73 20 63 61 6e 20 64 72 6f 70 20 6d 6f 72 65 20 70 61 63 6b 65 74 73 20 74	l.queues.can.drop.more.packets.t
b2460	68 61 6e 20 6f 74 68 65 72 73 2e 00 49 6e 20 66 61 69 6c 6f 76 65 72 20 6d 6f 64 65 2c 20 6f 6e	han.others..In.failover.mode,.on
b2480	65 20 69 6e 74 65 72 66 61 63 65 20 69 73 20 73 65 74 20 74 6f 20 62 65 20 74 68 65 20 70 72 69	e.interface.is.set.to.be.the.pri
b24a0	6d 61 72 79 20 69 6e 74 65 72 66 61 63 65 20 61 6e 64 20 6f 74 68 65 72 20 69 6e 74 65 72 66 61	mary.interface.and.other.interfa
b24c0	63 65 73 20 61 72 65 20 73 65 63 6f 6e 64 61 72 79 20 6f 72 20 73 70 61 72 65 2e 20 49 6e 73 74	ces.are.secondary.or.spare..Inst
b24e0	65 61 64 20 6f 66 20 62 61 6c 61 6e 63 69 6e 67 20 74 72 61 66 66 69 63 20 61 63 72 6f 73 73 20	ead.of.balancing.traffic.across.
b2500	61 6c 6c 20 68 65 61 6c 74 68 79 20 69 6e 74 65 72 66 61 63 65 73 2c 20 6f 6e 6c 79 20 74 68 65	all.healthy.interfaces,.only.the
b2520	20 70 72 69 6d 61 72 79 20 69 6e 74 65 72 66 61 63 65 20 69 73 20 75 73 65 64 20 61 6e 64 20 69	.primary.interface.is.used.and.i
b2540	6e 20 63 61 73 65 20 6f 66 20 66 61 69 6c 75 72 65 2c 20 61 20 73 65 63 6f 6e 64 61 72 79 20 69	n.case.of.failure,.a.secondary.i
b2560	6e 74 65 72 66 61 63 65 20 73 65 6c 65 63 74 65 64 20 66 72 6f 6d 20 74 68 65 20 70 6f 6f 6c 20	nterface.selected.from.the.pool.
b2580	6f 66 20 61 76 61 69 6c 61 62 6c 65 20 69 6e 74 65 72 66 61 63 65 73 20 74 61 6b 65 73 20 6f 76	of.available.interfaces.takes.ov
b25a0	65 72 2e 20 54 68 65 20 70 72 69 6d 61 72 79 20 69 6e 74 65 72 66 61 63 65 20 69 73 20 73 65 6c	er..The.primary.interface.is.sel
b25c0	65 63 74 65 64 20 62 61 73 65 64 20 6f 6e 20 69 74 73 20 77 65 69 67 68 74 20 61 6e 64 20 68 65	ected.based.on.its.weight.and.he
b25e0	61 6c 74 68 2c 20 6f 74 68 65 72 73 20 62 65 63 6f 6d 65 20 73 65 63 6f 6e 64 61 72 79 20 69 6e	alth,.others.become.secondary.in
b2600	74 65 72 66 61 63 65 73 2e 20 53 65 63 6f 6e 64 61 72 79 20 69 6e 74 65 72 66 61 63 65 73 20 74	terfaces..Secondary.interfaces.t
b2620	6f 20 74 61 6b 65 20 6f 76 65 72 20 61 20 66 61 69 6c 65 64 20 70 72 69 6d 61 72 79 20 69 6e 74	o.take.over.a.failed.primary.int
b2640	65 72 66 61 63 65 20 61 72 65 20 63 68 6f 73 65 6e 20 66 72 6f 6d 20 74 68 65 20 6c 6f 61 64 20	erface.are.chosen.from.the.load.
b2660	62 61 6c 61 6e 63 65 72 27 73 20 69 6e 74 65 72 66 61 63 65 20 70 6f 6f 6c 2c 20 64 65 70 65 6e	balancer's.interface.pool,.depen
b2680	64 69 6e 67 20 6f 6e 20 74 68 65 69 72 20 77 65 69 67 68 74 20 61 6e 64 20 68 65 61 6c 74 68 2e	ding.on.their.weight.and.health.
b26a0	20 49 6e 74 65 72 66 61 63 65 20 72 6f 6c 65 73 20 63 61 6e 20 61 6c 73 6f 20 62 65 20 73 65 6c	.Interface.roles.can.also.be.sel
b26c0	65 63 74 65 64 20 62 61 73 65 64 20 6f 6e 20 72 75 6c 65 20 6f 72 64 65 72 20 62 79 20 69 6e 63	ected.based.on.rule.order.by.inc
b26e0	6c 75 64 69 6e 67 20 69 6e 74 65 72 66 61 63 65 73 20 69 6e 20 62 61 6c 61 6e 63 69 6e 67 20 72	luding.interfaces.in.balancing.r
b2700	75 6c 65 73 20 61 6e 64 20 6f 72 64 65 72 69 6e 67 20 74 68 6f 73 65 20 72 75 6c 65 73 20 61 63	ules.and.ordering.those.rules.ac
b2720	63 6f 72 64 69 6e 67 6c 79 2e 20 54 6f 20 70 75 74 20 74 68 65 20 6c 6f 61 64 20 62 61 6c 61 6e	cordingly..To.put.the.load.balan
b2740	63 65 72 20 69 6e 20 66 61 69 6c 6f 76 65 72 20 6d 6f 64 65 2c 20 63 72 65 61 74 65 20 61 20 66	cer.in.failover.mode,.create.a.f
b2760	61 69 6c 6f 76 65 72 20 72 75 6c 65 3a 00 49 6e 20 67 65 6e 65 72 61 6c 2c 20 4f 53 50 46 20 70	ailover.rule:.In.general,.OSPF.p
b2780	72 6f 74 6f 63 6f 6c 20 72 65 71 75 69 72 65 73 20 61 20 62 61 63 6b 62 6f 6e 65 20 61 72 65 61	rotocol.requires.a.backbone.area
b27a0	20 28 61 72 65 61 20 30 29 20 74 6f 20 62 65 20 63 6f 68 65 72 65 6e 74 20 61 6e 64 20 66 75 6c	.(area.0).to.be.coherent.and.ful
b27c0	6c 79 20 63 6f 6e 6e 65 63 74 65 64 2e 20 49 2e 65 2e 20 61 6e 79 20 62 61 63 6b 62 6f 6e 65 20	ly.connected..I.e..any.backbone.
b27e0	61 72 65 61 20 72 6f 75 74 65 72 20 6d 75 73 74 20 68 61 76 65 20 61 20 72 6f 75 74 65 20 74 6f	area.router.must.have.a.route.to
b2800	20 61 6e 79 20 6f 74 68 65 72 20 62 61 63 6b 62 6f 6e 65 20 61 72 65 61 20 72 6f 75 74 65 72 2e	.any.other.backbone.area.router.
b2820	20 4d 6f 72 65 6f 76 65 72 2c 20 65 76 65 72 79 20 41 42 52 20 6d 75 73 74 20 68 61 76 65 20 61	.Moreover,.every.ABR.must.have.a
b2840	20 6c 69 6e 6b 20 74 6f 20 62 61 63 6b 62 6f 6e 65 20 61 72 65 61 2e 20 48 6f 77 65 76 65 72 2c	.link.to.backbone.area..However,
b2860	20 69 74 20 69 73 20 6e 6f 74 20 61 6c 77 61 79 73 20 70 6f 73 73 69 62 6c 65 20 74 6f 20 68 61	.it.is.not.always.possible.to.ha
b2880	76 65 20 61 20 70 68 79 73 69 63 61 6c 20 6c 69 6e 6b 20 74 6f 20 61 20 62 61 63 6b 62 6f 6e 65	ve.a.physical.link.to.a.backbone
b28a0	20 61 72 65 61 2e 20 49 6e 20 74 68 69 73 20 63 61 73 65 20 62 65 74 77 65 65 6e 20 74 77 6f 20	.area..In.this.case.between.two.
b28c0	41 42 52 20 28 6f 6e 65 20 6f 66 20 74 68 65 6d 20 68 61 73 20 61 20 6c 69 6e 6b 20 74 6f 20 74	ABR.(one.of.them.has.a.link.to.t
b28e0	68 65 20 62 61 63 6b 62 6f 6e 65 20 61 72 65 61 29 20 69 6e 20 74 68 65 20 61 72 65 61 20 28 6e	he.backbone.area).in.the.area.(n
b2900	6f 74 20 73 74 75 62 20 61 72 65 61 29 20 61 20 76 69 72 74 75 61 6c 20 6c 69 6e 6b 20 69 73 20	ot.stub.area).a.virtual.link.is.
b2920	6f 72 67 61 6e 69 7a 65 64 2e 00 49 6e 20 6c 61 72 67 65 20 64 65 70 6c 6f 79 6d 65 6e 74 73 20	organized..In.large.deployments.
b2940	69 74 20 69 73 20 6e 6f 74 20 72 65 61 73 6f 6e 61 62 6c 65 20 74 6f 20 63 6f 6e 66 69 67 75 72	it.is.not.reasonable.to.configur
b2960	65 20 65 61 63 68 20 75 73 65 72 20 69 6e 64 69 76 69 64 75 61 6c 6c 79 20 6f 6e 20 65 76 65 72	e.each.user.individually.on.ever
b2980	79 20 73 79 73 74 65 6d 2e 20 56 79 4f 53 20 73 75 70 70 6f 72 74 73 20 75 73 69 6e 67 20 3a 61	y.system..VyOS.supports.using.:a
b29a0	62 62 72 3a 60 52 41 44 49 55 53 20 28 52 65 6d 6f 74 65 20 41 75 74 68 65 6e 74 69 63 61 74 69	bbr:`RADIUS.(Remote.Authenticati
b29c0	6f 6e 20 44 69 61 6c 2d 49 6e 20 55 73 65 72 20 53 65 72 76 69 63 65 29 60 20 73 65 72 76 65 72	on.Dial-In.User.Service)`.server
b29e0	73 20 61 73 20 62 61 63 6b 65 6e 64 20 66 6f 72 20 75 73 65 72 20 61 75 74 68 65 6e 74 69 63 61	s.as.backend.for.user.authentica
b2a00	74 69 6f 6e 2e 00 49 6e 20 6f 72 64 65 72 20 66 6f 72 20 66 6c 6f 77 20 61 63 63 6f 75 6e 74 69	tion..In.order.for.flow.accounti
b2a20	6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74 6f 20 62 65 20 63 6f 6c 6c 65 63 74 65 64 20 61	ng.information.to.be.collected.a
b2a40	6e 64 20 64 69 73 70 6c 61 79 65 64 20 66 6f 72 20 61 6e 20 69 6e 74 65 72 66 61 63 65 2c 20 74	nd.displayed.for.an.interface,.t
b2a60	68 65 20 69 6e 74 65 72 66 61 63 65 20 6d 75 73 74 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20	he.interface.must.be.configured.
b2a80	66 6f 72 20 66 6c 6f 77 20 61 63 63 6f 75 6e 74 69 6e 67 2e 00 49 6e 20 6f 72 64 65 72 20 66 6f	for.flow.accounting..In.order.fo
b2aa0	72 20 74 68 65 20 70 72 69 6d 61 72 79 20 61 6e 64 20 74 68 65 20 73 65 63 6f 6e 64 61 72 79 20	r.the.primary.and.the.secondary.
b2ac0	44 48 43 50 20 73 65 72 76 65 72 20 74 6f 20 6b 65 65 70 20 74 68 65 69 72 20 6c 65 61 73 65 20	DHCP.server.to.keep.their.lease.
b2ae0	74 61 62 6c 65 73 20 69 6e 20 73 79 6e 63 2c 20 74 68 65 79 20 6d 75 73 74 20 62 65 20 61 62 6c	tables.in.sync,.they.must.be.abl
b2b00	65 20 74 6f 20 72 65 61 63 68 20 65 61 63 68 20 6f 74 68 65 72 20 6f 6e 20 54 43 50 20 70 6f 72	e.to.reach.each.other.on.TCP.por
b2b20	74 20 36 34 37 2e 20 49 66 20 79 6f 75 20 68 61 76 65 20 66 69 72 65 77 61 6c 6c 20 72 75 6c 65	t.647..If.you.have.firewall.rule
b2b40	73 20 69 6e 20 65 66 66 65 63 74 2c 20 61 64 6a 75 73 74 20 74 68 65 6d 20 61 63 63 6f 72 64 69	s.in.effect,.adjust.them.accordi
b2b60	6e 67 6c 79 2e 00 49 6e 20 6f 72 64 65 72 20 66 6f 72 20 74 68 65 20 73 79 73 74 65 6d 20 74 6f	ngly..In.order.for.the.system.to
b2b80	20 75 73 65 20 61 6e 64 20 63 6f 6d 70 6c 65 74 65 20 75 6e 71 75 61 6c 69 66 69 65 64 20 68 6f	.use.and.complete.unqualified.ho
b2ba0	73 74 20 6e 61 6d 65 73 2c 20 61 20 6c 69 73 74 20 63 61 6e 20 62 65 20 64 65 66 69 6e 65 64 20	st.names,.a.list.can.be.defined.
b2bc0	77 68 69 63 68 20 77 69 6c 6c 20 62 65 20 75 73 65 64 20 66 6f 72 20 64 6f 6d 61 69 6e 20 73 65	which.will.be.used.for.domain.se
b2be0	61 72 63 68 65 73 2e 00 49 6e 20 6f 72 64 65 72 20 74 6f 20 61 6c 6c 6f 77 20 66 6f 72 20 4c 44	arches..In.order.to.allow.for.LD
b2c00	50 20 6f 6e 20 74 68 65 20 6c 6f 63 61 6c 20 72 6f 75 74 65 72 20 74 6f 20 65 78 63 68 61 6e 67	P.on.the.local.router.to.exchang
b2c20	65 20 6c 61 62 65 6c 20 61 64 76 65 72 74 69 73 65 6d 65 6e 74 73 20 77 69 74 68 20 6f 74 68 65	e.label.advertisements.with.othe
b2c40	72 20 72 6f 75 74 65 72 73 2c 20 61 20 54 43 50 20 73 65 73 73 69 6f 6e 20 77 69 6c 6c 20 62 65	r.routers,.a.TCP.session.will.be
b2c60	20 65 73 74 61 62 6c 69 73 68 65 64 20 62 65 74 77 65 65 6e 20 61 75 74 6f 6d 61 74 69 63 61 6c	.established.between.automatical
b2c80	6c 79 20 64 69 73 63 6f 76 65 72 65 64 20 61 6e 64 20 73 74 61 74 69 63 61 6c 6c 79 20 61 73 73	ly.discovered.and.statically.ass
b2ca0	69 67 6e 65 64 20 72 6f 75 74 65 72 73 2e 20 4c 44 50 20 77 69 6c 6c 20 74 72 79 20 74 6f 20 65	igned.routers..LDP.will.try.to.e
b2cc0	73 74 61 62 6c 69 73 68 20 61 20 54 43 50 20 73 65 73 73 69 6f 6e 20 74 6f 20 74 68 65 20 2a 2a	stablish.a.TCP.session.to.the.**
b2ce0	74 72 61 6e 73 70 6f 72 74 20 61 64 64 72 65 73 73 2a 2a 20 6f 66 20 6f 74 68 65 72 20 72 6f 75	transport.address**.of.other.rou
b2d00	74 65 72 73 2e 20 54 68 65 72 65 66 6f 72 65 20 66 6f 72 20 4c 44 50 20 74 6f 20 66 75 6e 63 74	ters..Therefore.for.LDP.to.funct
b2d20	69 6f 6e 20 70 72 6f 70 65 72 6c 79 20 70 6c 65 61 73 65 20 6d 61 6b 65 20 73 75 72 65 20 74 68	ion.properly.please.make.sure.th
b2d40	65 20 74 72 61 6e 73 70 6f 72 74 20 61 64 64 72 65 73 73 20 69 73 20 73 68 6f 77 6e 20 69 6e 20	e.transport.address.is.shown.in.
b2d60	74 68 65 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 20 61 6e 64 20 72 65 61 63 68 61 62 6c 65 20	the.routing.table.and.reachable.
b2d80	74 6f 20 74 72 61 66 66 69 63 20 61 74 20 61 6c 6c 20 74 69 6d 65 73 2e 00 49 6e 20 6f 72 64 65	to.traffic.at.all.times..In.orde
b2da0	72 20 74 6f 20 63 6f 6e 74 72 6f 6c 20 61 6e 64 20 6d 6f 64 69 66 79 20 72 6f 75 74 69 6e 67 20	r.to.control.and.modify.routing.
b2dc0	69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74 68 61 74 20 69 73 20 65 78 63 68 61 6e 67 65 64 20 62 65	information.that.is.exchanged.be
b2de0	74 77 65 65 6e 20 70 65 65 72 73 20 79 6f 75 20 63 61 6e 20 75 73 65 20 72 6f 75 74 65 2d 6d 61	tween.peers.you.can.use.route-ma
b2e00	70 2c 20 66 69 6c 74 65 72 2d 6c 69 73 74 2c 20 70 72 65 66 69 78 2d 6c 69 73 74 2c 20 64 69 73	p,.filter-list,.prefix-list,.dis
b2e20	74 72 69 62 75 74 65 2d 6c 69 73 74 2e 00 49 6e 20 6f 72 64 65 72 20 74 6f 20 64 65 66 69 6e 65	tribute-list..In.order.to.define
b2e40	20 77 68 69 63 68 20 74 72 61 66 66 69 63 20 67 6f 65 73 20 69 6e 74 6f 20 77 68 69 63 68 20 63	.which.traffic.goes.into.which.c
b2e60	6c 61 73 73 2c 20 79 6f 75 20 64 65 66 69 6e 65 20 66 69 6c 74 65 72 73 20 28 74 68 61 74 20 69	lass,.you.define.filters.(that.i
b2e80	73 2c 20 74 68 65 20 6d 61 74 63 68 69 6e 67 20 63 72 69 74 65 72 69 61 29 2e 20 50 61 63 6b 65	s,.the.matching.criteria)..Packe
b2ea0	74 73 20 67 6f 20 74 68 72 6f 75 67 68 20 74 68 65 73 65 20 6d 61 74 63 68 69 6e 67 20 72 75 6c	ts.go.through.these.matching.rul
b2ec0	65 73 20 28 61 73 20 69 6e 20 74 68 65 20 72 75 6c 65 73 20 6f 66 20 61 20 66 69 72 65 77 61 6c	es.(as.in.the.rules.of.a.firewal
b2ee0	6c 29 20 61 6e 64 2c 20 69 66 20 61 20 70 61 63 6b 65 74 20 6d 61 74 63 68 65 73 20 74 68 65 20	l).and,.if.a.packet.matches.the.
b2f00	66 69 6c 74 65 72 2c 20 69 74 20 69 73 20 61 73 73 69 67 6e 65 64 20 74 6f 20 74 68 61 74 20 63	filter,.it.is.assigned.to.that.c
b2f20	6c 61 73 73 2e 00 49 6e 20 6f 72 64 65 72 20 74 6f 20 68 61 76 65 20 56 79 4f 53 20 54 72 61 66	lass..In.order.to.have.VyOS.Traf
b2f40	66 69 63 20 43 6f 6e 74 72 6f 6c 20 77 6f 72 6b 69 6e 67 20 79 6f 75 20 6e 65 65 64 20 74 6f 20	fic.Control.working.you.need.to.
b2f60	66 6f 6c 6c 6f 77 20 32 20 73 74 65 70 73 3a 00 49 6e 20 6f 72 64 65 72 20 74 6f 20 68 61 76 65	follow.2.steps:.In.order.to.have
b2f80	20 66 75 6c 6c 20 63 6f 6e 74 72 6f 6c 20 61 6e 64 20 6d 61 6b 65 20 75 73 65 20 6f 66 20 6d 75	.full.control.and.make.use.of.mu
b2fa0	6c 74 69 70 6c 65 20 73 74 61 74 69 63 20 70 75 62 6c 69 63 20 49 50 20 61 64 64 72 65 73 73 65	ltiple.static.public.IP.addresse
b2fc0	73 2c 20 79 6f 75 72 20 56 79 4f 53 20 77 69 6c 6c 20 68 61 76 65 20 74 6f 20 69 6e 69 74 69 61	s,.your.VyOS.will.have.to.initia
b2fe0	74 65 20 74 68 65 20 50 50 50 6f 45 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74	te.the.PPPoE.connection.and.cont
b3000	72 6f 6c 20 69 74 2e 20 49 6e 20 6f 72 64 65 72 20 66 6f 72 20 74 68 69 73 20 6d 65 74 68 6f 64	rol.it..In.order.for.this.method
b3020	20 74 6f 20 77 6f 72 6b 2c 20 79 6f 75 20 77 69 6c 6c 20 68 61 76 65 20 74 6f 20 66 69 67 75 72	.to.work,.you.will.have.to.figur
b3040	65 20 6f 75 74 20 68 6f 77 20 74 6f 20 6d 61 6b 65 20 79 6f 75 72 20 44 53 4c 20 4d 6f 64 65 6d	e.out.how.to.make.your.DSL.Modem
b3060	2f 52 6f 75 74 65 72 20 73 77 69 74 63 68 20 69 6e 74 6f 20 61 20 42 72 69 64 67 65 64 20 4d 6f	/Router.switch.into.a.Bridged.Mo
b3080	64 65 20 73 6f 20 69 74 20 6f 6e 6c 79 20 61 63 74 73 20 61 73 20 61 20 44 53 4c 20 54 72 61 6e	de.so.it.only.acts.as.a.DSL.Tran
b30a0	73 63 65 69 76 65 72 20 64 65 76 69 63 65 20 74 6f 20 63 6f 6e 6e 65 63 74 20 62 65 74 77 65 65	sceiver.device.to.connect.betwee
b30c0	6e 20 74 68 65 20 45 74 68 65 72 6e 65 74 20 6c 69 6e 6b 20 6f 66 20 79 6f 75 72 20 56 79 4f 53	n.the.Ethernet.link.of.your.VyOS
b30e0	20 61 6e 64 20 74 68 65 20 70 68 6f 6e 65 20 63 61 62 6c 65 2e 20 4f 6e 63 65 20 79 6f 75 72 20	.and.the.phone.cable..Once.your.
b3100	44 53 4c 20 54 72 61 6e 73 63 65 69 76 65 72 20 69 73 20 69 6e 20 42 72 69 64 67 65 20 4d 6f 64	DSL.Transceiver.is.in.Bridge.Mod
b3120	65 2c 20 79 6f 75 20 73 68 6f 75 6c 64 20 67 65 74 20 6e 6f 20 49 50 20 61 64 64 72 65 73 73 20	e,.you.should.get.no.IP.address.
b3140	66 72 6f 6d 20 69 74 2e 20 50 6c 65 61 73 65 20 6d 61 6b 65 20 73 75 72 65 20 79 6f 75 20 63 6f	from.it..Please.make.sure.you.co
b3160	6e 6e 65 63 74 20 74 6f 20 74 68 65 20 45 74 68 65 72 6e 65 74 20 50 6f 72 74 20 31 20 69 66 20	nnect.to.the.Ethernet.Port.1.if.
b3180	79 6f 75 72 20 44 53 4c 20 54 72 61 6e 73 63 65 69 76 65 72 20 68 61 73 20 61 20 73 77 69 74 63	your.DSL.Transceiver.has.a.switc
b31a0	68 2c 20 61 73 20 73 6f 6d 65 20 6f 66 20 74 68 65 6d 20 6f 6e 6c 79 20 77 6f 72 6b 20 74 68 69	h,.as.some.of.them.only.work.thi
b31c0	73 20 77 61 79 2e 00 49 6e 20 6f 72 64 65 72 20 74 6f 20 6d 61 70 20 73 70 65 63 69 66 69 63 20	s.way..In.order.to.map.specific.
b31e0	49 50 76 36 20 61 64 64 72 65 73 73 65 73 20 74 6f 20 73 70 65 63 69 66 69 63 20 68 6f 73 74 73	IPv6.addresses.to.specific.hosts
b3200	20 73 74 61 74 69 63 20 6d 61 70 70 69 6e 67 73 20 63 61 6e 20 62 65 20 63 72 65 61 74 65 64 2e	.static.mappings.can.be.created.
b3220	20 54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 65 78 61 6d 70 6c 65 20 65 78 70 6c 61 69 6e 73 20	.The.following.example.explains.
b3240	74 68 65 20 70 72 6f 63 65 73 73 2e 00 49 6e 20 6f 72 64 65 72 20 74 6f 20 73 65 70 61 72 61 74	the.process..In.order.to.separat
b3260	65 20 74 72 61 66 66 69 63 2c 20 46 61 69 72 20 51 75 65 75 65 20 75 73 65 73 20 61 20 63 6c 61	e.traffic,.Fair.Queue.uses.a.cla
b3280	73 73 69 66 69 65 72 20 62 61 73 65 64 20 6f 6e 20 73 6f 75 72 63 65 20 61 64 64 72 65 73 73 2c	ssifier.based.on.source.address,
b32a0	20 64 65 73 74 69 6e 61 74 69 6f 6e 20 61 64 64 72 65 73 73 20 61 6e 64 20 73 6f 75 72 63 65 20	.destination.address.and.source.
b32c0	70 6f 72 74 2e 20 54 68 65 20 61 6c 67 6f 72 69 74 68 6d 20 65 6e 71 75 65 75 65 73 20 70 61 63	port..The.algorithm.enqueues.pac
b32e0	6b 65 74 73 20 74 6f 20 68 61 73 68 20 62 75 63 6b 65 74 73 20 62 61 73 65 64 20 6f 6e 20 74 68	kets.to.hash.buckets.based.on.th
b3300	6f 73 65 20 74 72 65 65 20 70 61 72 61 6d 65 74 65 72 73 2e 20 45 61 63 68 20 6f 66 20 74 68 65	ose.tree.parameters..Each.of.the
b3320	73 65 20 62 75 63 6b 65 74 73 20 73 68 6f 75 6c 64 20 72 65 70 72 65 73 65 6e 74 20 61 20 75 6e	se.buckets.should.represent.a.un
b3340	69 71 75 65 20 66 6c 6f 77 2e 20 42 65 63 61 75 73 65 20 6d 75 6c 74 69 70 6c 65 20 66 6c 6f 77	ique.flow..Because.multiple.flow
b3360	73 20 6d 61 79 20 67 65 74 20 68 61 73 68 65 64 20 74 6f 20 74 68 65 20 73 61 6d 65 20 62 75 63	s.may.get.hashed.to.the.same.buc
b3380	6b 65 74 2c 20 74 68 65 20 68 61 73 68 69 6e 67 20 61 6c 67 6f 72 69 74 68 6d 20 69 73 20 70 65	ket,.the.hashing.algorithm.is.pe
b33a0	72 74 75 72 62 65 64 20 61 74 20 63 6f 6e 66 69 67 75 72 61 62 6c 65 20 69 6e 74 65 72 76 61 6c	rturbed.at.configurable.interval
b33c0	73 20 73 6f 20 74 68 61 74 20 74 68 65 20 75 6e 66 61 69 72 6e 65 73 73 20 6c 61 73 74 73 20 6f	s.so.that.the.unfairness.lasts.o
b33e0	6e 6c 79 20 66 6f 72 20 61 20 73 68 6f 72 74 20 77 68 69 6c 65 2e 20 50 65 72 74 75 72 62 61 74	nly.for.a.short.while..Perturbat
b3400	69 6f 6e 20 6d 61 79 20 68 6f 77 65 76 65 72 20 63 61 75 73 65 20 73 6f 6d 65 20 69 6e 61 64 76	ion.may.however.cause.some.inadv
b3420	65 72 74 65 6e 74 20 70 61 63 6b 65 74 20 72 65 6f 72 64 65 72 69 6e 67 20 74 6f 20 6f 63 63 75	ertent.packet.reordering.to.occu
b3440	72 2e 20 41 6e 20 61 64 76 69 73 61 62 6c 65 20 76 61 6c 75 65 20 63 6f 75 6c 64 20 62 65 20 31	r..An.advisable.value.could.be.1
b3460	30 20 73 65 63 6f 6e 64 73 2e 00 49 6e 20 6f 72 64 65 72 20 74 6f 20 75 73 65 20 54 53 4f 2f 4c	0.seconds..In.order.to.use.TSO/L
b3480	52 4f 20 77 69 74 68 20 56 4d 58 4e 45 54 33 20 61 64 61 74 65 72 73 20 6f 6e 65 20 6d 75 73 74	RO.with.VMXNET3.adaters.one.must
b34a0	20 61 6c 73 6f 20 65 6e 61 62 6c 65 20 74 68 65 20 53 47 20 6f 66 66 6c 6f 61 64 69 6e 67 20 6f	.also.enable.the.SG.offloading.o
b34c0	70 74 69 6f 6e 2e 00 49 6e 20 6f 74 68 65 72 20 77 6f 72 64 73 20 69 74 20 61 6c 6c 6f 77 73 20	ption..In.other.words.it.allows.
b34e0	63 6f 6e 74 72 6f 6c 20 6f 66 20 77 68 69 63 68 20 63 61 72 64 73 20 28 75 73 75 61 6c 6c 79 20	control.of.which.cards.(usually.
b3500	31 29 20 77 69 6c 6c 20 72 65 73 70 6f 6e 64 20 74 6f 20 61 6e 20 61 72 70 20 72 65 71 75 65 73	1).will.respond.to.an.arp.reques
b3520	74 2e 00 49 6e 20 6f 74 68 65 72 20 77 6f 72 64 73 2c 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 74 72	t..In.other.words,.connection.tr
b3540	61 63 6b 69 6e 67 20 68 61 73 20 61 6c 72 65 61 64 79 20 6f 62 73 65 72 76 65 64 20 74 68 65 20	acking.has.already.observed.the.
b3560	63 6f 6e 6e 65 63 74 69 6f 6e 20 62 65 20 63 6c 6f 73 65 64 20 61 6e 64 20 68 61 73 20 74 72 61	connection.be.closed.and.has.tra
b3580	6e 73 69 74 69 6f 6e 20 74 68 65 20 66 6c 6f 77 20 74 6f 20 49 4e 56 41 4c 49 44 20 74 6f 20 70	nsition.the.flow.to.INVALID.to.p
b35a0	72 65 76 65 6e 74 20 61 74 74 61 63 6b 73 20 66 72 6f 6d 20 61 74 74 65 6d 70 74 69 6e 67 20 74	revent.attacks.from.attempting.t
b35c0	6f 20 72 65 75 73 65 20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 2e 00 49 6e 20 6f 75 72 20 65	o.reuse.the.connection..In.our.e
b35e0	78 61 6d 70 6c 65 2c 20 77 65 20 75 73 65 64 20 74 68 65 20 6b 65 79 20 6e 61 6d 65 20 60 60 6f	xample,.we.used.the.key.name.``o
b3600	70 65 6e 76 70 6e 2d 31 60 60 20 77 68 69 63 68 20 77 65 20 77 69 6c 6c 20 72 65 66 65 72 65 6e	penvpn-1``.which.we.will.referen
b3620	63 65 20 69 6e 20 6f 75 72 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2e 00 49 6e 20 6f 75 72 20	ce.in.our.configuration..In.our.
b3640	65 78 61 6d 70 6c 65 2c 20 77 65 20 77 69 6c 6c 20 62 65 20 66 6f 72 77 61 72 64 69 6e 67 20 77	example,.we.will.be.forwarding.w
b3660	65 62 20 73 65 72 76 65 72 20 74 72 61 66 66 69 63 20 74 6f 20 61 6e 20 69 6e 74 65 72 6e 61 6c	eb.server.traffic.to.an.internal
b3680	20 77 65 62 20 73 65 72 76 65 72 20 6f 6e 20 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 2e 20 48 54	.web.server.on.192.168.0.100..HT
b36a0	54 50 20 74 72 61 66 66 69 63 20 6d 61 6b 65 73 20 75 73 65 20 6f 66 20 74 68 65 20 54 43 50 20	TP.traffic.makes.use.of.the.TCP.
b36c0	70 72 6f 74 6f 63 6f 6c 20 6f 6e 20 70 6f 72 74 20 38 30 2e 20 46 6f 72 20 6f 74 68 65 72 20 63	protocol.on.port.80..For.other.c
b36e0	6f 6d 6d 6f 6e 20 70 6f 72 74 20 6e 75 6d 62 65 72 73 2c 20 73 65 65 3a 20 68 74 74 70 73 3a 2f	ommon.port.numbers,.see:.https:/
b3700	2f 65 6e 2e 77 69 6b 69 70 65 64 69 61 2e 6f 72 67 2f 77 69 6b 69 2f 4c 69 73 74 5f 6f 66 5f 54	/en.wikipedia.org/wiki/List_of_T
b3720	43 50 5f 61 6e 64 5f 55 44 50 5f 70 6f 72 74 5f 6e 75 6d 62 65 72 73 00 49 6e 20 70 72 69 6e 63	CP_and_UDP_port_numbers.In.princ
b3740	69 70 6c 65 2c 20 76 61 6c 75 65 73 20 6d 75 73 74 20 62 65 20 3a 63 6f 64 65 3a 60 6d 69 6e 2d	iple,.values.must.be.:code:`min-
b3760	74 68 72 65 73 68 6f 6c 64 60 20 3c 20 3a 63 6f 64 65 3a 60 6d 61 78 2d 74 68 72 65 73 68 6f 6c	threshold`.<.:code:`max-threshol
b3780	64 60 20 3c 20 3a 63 6f 64 65 3a 60 71 75 65 75 65 2d 6c 69 6d 69 74 60 2e 00 49 6e 20 73 68 6f	d`.<.:code:`queue-limit`..In.sho
b37a0	72 74 2c 20 44 4d 56 50 4e 20 70 72 6f 76 69 64 65 73 20 74 68 65 20 63 61 70 61 62 69 6c 69 74	rt,.DMVPN.provides.the.capabilit
b37c0	79 20 66 6f 72 20 63 72 65 61 74 69 6e 67 20 61 20 64 79 6e 61 6d 69 63 2d 6d 65 73 68 20 56 50	y.for.creating.a.dynamic-mesh.VP
b37e0	4e 20 6e 65 74 77 6f 72 6b 20 77 69 74 68 6f 75 74 20 68 61 76 69 6e 67 20 74 6f 20 70 72 65 2d	N.network.without.having.to.pre-
b3800	63 6f 6e 66 69 67 75 72 65 20 28 73 74 61 74 69 63 29 20 61 6c 6c 20 70 6f 73 73 69 62 6c 65 20	configure.(static).all.possible.
b3820	74 75 6e 6e 65 6c 20 65 6e 64 2d 70 6f 69 6e 74 20 70 65 65 72 73 2e 00 49 6e 20 73 6f 6d 65 20	tunnel.end-point.peers..In.some.
b3840	63 61 73 65 73 20 69 74 20 6d 61 79 20 62 65 20 6d 6f 72 65 20 63 6f 6e 76 65 6e 69 65 6e 74 20	cases.it.may.be.more.convenient.
b3860	74 6f 20 65 6e 61 62 6c 65 20 4f 53 50 46 20 6f 6e 20 61 20 70 65 72 20 69 6e 74 65 72 66 61 63	to.enable.OSPF.on.a.per.interfac
b3880	65 2f 73 75 62 6e 65 74 20 62 61 73 69 73 20 3a 63 66 67 63 6d 64 3a 60 73 65 74 20 70 72 6f 74	e/subnet.basis.:cfgcmd:`set.prot
b38a0	6f 63 6f 6c 73 20 6f 73 70 66 20 69 6e 74 65 72 66 61 63 65 20 3c 69 6e 74 65 72 66 61 63 65 3e	ocols.ospf.interface.<interface>
b38c0	20 61 72 65 61 20 3c 78 2e 78 2e 78 2e 78 20 7c 20 78 3e 60 00 49 6e 20 74 68 65 20 3a 72 65 66	.area.<x.x.x.x.|.x>`.In.the.:ref
b38e0	3a 60 63 72 65 61 74 69 6e 67 5f 61 5f 74 72 61 66 66 69 63 5f 70 6f 6c 69 63 79 60 20 73 65 63	:`creating_a_traffic_policy`.sec
b3900	74 69 6f 6e 20 79 6f 75 20 77 69 6c 6c 20 73 65 65 20 74 68 61 74 20 73 6f 6d 65 20 6f 66 20 74	tion.you.will.see.that.some.of.t
b3920	68 65 20 70 6f 6c 69 63 69 65 73 20 75 73 65 20 2a 63 6c 61 73 73 65 73 2a 2e 20 54 68 6f 73 65	he.policies.use.*classes*..Those
b3940	20 70 6f 6c 69 63 69 65 73 20 6c 65 74 20 79 6f 75 20 64 69 73 74 72 69 62 75 74 65 20 74 72 61	.policies.let.you.distribute.tra
b3960	66 66 69 63 20 69 6e 74 6f 20 64 69 66 66 65 72 65 6e 74 20 63 6c 61 73 73 65 73 20 61 63 63 6f	ffic.into.different.classes.acco
b3980	72 64 69 6e 67 20 74 6f 20 64 69 66 66 65 72 65 6e 74 20 70 61 72 61 6d 65 74 65 72 73 20 79 6f	rding.to.different.parameters.yo
b39a0	75 20 63 61 6e 20 63 68 6f 6f 73 65 2e 20 53 6f 2c 20 61 20 63 6c 61 73 73 20 69 73 20 6a 75 73	u.can.choose..So,.a.class.is.jus
b39c0	74 20 61 20 73 70 65 63 69 66 69 63 20 74 79 70 65 20 6f 66 20 74 72 61 66 66 69 63 20 79 6f 75	t.a.specific.type.of.traffic.you
b39e0	20 73 65 6c 65 63 74 2e 00 49 6e 20 74 68 65 20 56 79 4f 53 20 43 4c 49 2c 20 61 20 6b 65 79 20	.select..In.the.VyOS.CLI,.a.key.
b3a00	70 6f 69 6e 74 20 6f 66 74 65 6e 20 6f 76 65 72 6c 6f 6f 6b 65 64 20 69 73 20 74 68 61 74 20 72	point.often.overlooked.is.that.r
b3a20	61 74 68 65 72 20 74 68 61 6e 20 62 65 69 6e 67 20 63 6f 6e 66 69 67 75 72 65 64 20 75 73 69 6e	ather.than.being.configured.usin
b3a40	67 20 74 68 65 20 60 73 65 74 20 76 70 6e 60 20 73 74 61 6e 7a 61 2c 20 4f 70 65 6e 56 50 4e 20	g.the.`set.vpn`.stanza,.OpenVPN.
b3a60	69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 6e 65 74 77 6f 72 6b 20 69 6e 74 65 72	is.configured.as.a.network.inter
b3a80	66 61 63 65 20 75 73 69 6e 67 20 60 73 65 74 20 69 6e 74 65 72 66 61 63 65 73 20 6f 70 65 6e 76	face.using.`set.interfaces.openv
b3aa0	70 6e 60 2e 00 49 6e 20 74 68 65 20 61 62 6f 76 65 20 65 78 61 6d 70 6c 65 2c 20 61 6e 20 65 78	pn`..In.the.above.example,.an.ex
b3ac0	74 65 72 6e 61 6c 20 49 50 20 6f 66 20 31 39 32 2e 30 2e 32 2e 32 20 69 73 20 61 73 73 75 6d 65	ternal.IP.of.192.0.2.2.is.assume
b3ae0	64 2e 00 49 6e 20 74 68 65 20 61 67 65 20 6f 66 20 76 65 72 79 20 66 61 73 74 20 6e 65 74 77 6f	d..In.the.age.of.very.fast.netwo
b3b00	72 6b 73 2c 20 61 20 73 65 63 6f 6e 64 20 6f 66 20 75 6e 72 65 61 63 68 61 62 69 6c 69 74 79 20	rks,.a.second.of.unreachability.
b3b20	6d 61 79 20 65 71 75 61 6c 20 6d 69 6c 6c 69 6f 6e 73 20 6f 66 20 6c 6f 73 74 20 70 61 63 6b 65	may.equal.millions.of.lost.packe
b3b40	74 73 2e 20 54 68 65 20 69 64 65 61 20 62 65 68 69 6e 64 20 42 46 44 20 69 73 20 74 6f 20 64 65	ts..The.idea.behind.BFD.is.to.de
b3b60	74 65 63 74 20 76 65 72 79 20 71 75 69 63 6b 6c 79 20 77 68 65 6e 20 61 20 70 65 65 72 20 69 73	tect.very.quickly.when.a.peer.is
b3b80	20 64 6f 77 6e 20 61 6e 64 20 74 61 6b 65 20 61 63 74 69 6f 6e 20 65 78 74 72 65 6d 65 6c 79 20	.down.and.take.action.extremely.
b3ba0	66 61 73 74 2e 00 49 6e 20 74 68 65 20 63 61 73 65 20 6f 66 20 4c 32 54 50 76 33 2c 20 74 68 65	fast..In.the.case.of.L2TPv3,.the
b3bc0	20 66 65 61 74 75 72 65 73 20 6c 6f 73 74 20 61 72 65 20 74 65 6c 65 74 72 61 66 66 69 63 20 65	.features.lost.are.teletraffic.e
b3be0	6e 67 69 6e 65 65 72 69 6e 67 20 66 65 61 74 75 72 65 73 20 63 6f 6e 73 69 64 65 72 65 64 20 69	ngineering.features.considered.i
b3c00	6d 70 6f 72 74 61 6e 74 20 69 6e 20 4d 50 4c 53 2e 20 48 6f 77 65 76 65 72 2c 20 74 68 65 72 65	mportant.in.MPLS..However,.there
b3c20	20 69 73 20 6e 6f 20 72 65 61 73 6f 6e 20 74 68 65 73 65 20 66 65 61 74 75 72 65 73 20 63 6f 75	.is.no.reason.these.features.cou
b3c40	6c 64 20 6e 6f 74 20 62 65 20 72 65 2d 65 6e 67 69 6e 65 65 72 65 64 20 69 6e 20 6f 72 20 6f 6e	ld.not.be.re-engineered.in.or.on
b3c60	20 74 6f 70 20 6f 66 20 4c 32 54 50 76 33 20 69 6e 20 6c 61 74 65 72 20 70 72 6f 64 75 63 74 73	.top.of.L2TPv3.in.later.products
b3c80	2e 00 49 6e 20 74 68 65 20 63 61 73 65 20 74 68 65 20 61 76 65 72 61 67 65 20 71 75 65 75 65 20	..In.the.case.the.average.queue.
b3ca0	73 69 7a 65 20 69 73 20 62 65 74 77 65 65 6e 20 2a 2a 6d 69 6e 2d 74 68 72 65 73 68 6f 6c 64 2a	size.is.between.**min-threshold*
b3cc0	2a 20 61 6e 64 20 2a 2a 6d 61 78 2d 74 68 72 65 73 68 6f 6c 64 2a 2a 2c 20 74 68 65 6e 20 61 6e	*.and.**max-threshold**,.then.an
b3ce0	20 61 72 72 69 76 69 6e 67 20 70 61 63 6b 65 74 20 77 6f 75 6c 64 20 62 65 20 65 69 74 68 65 72	.arriving.packet.would.be.either
b3d00	20 64 72 6f 70 70 65 64 20 6f 72 20 70 6c 61 63 65 64 20 69 6e 20 74 68 65 20 71 75 65 75 65 2c	.dropped.or.placed.in.the.queue,
b3d20	20 69 74 20 77 69 6c 6c 20 64 65 70 65 6e 64 20 6f 6e 20 74 68 65 20 64 65 66 69 6e 65 64 20 2a	.it.will.depend.on.the.defined.*
b3d40	2a 6d 61 72 6b 2d 70 72 6f 62 61 62 69 6c 69 74 79 2a 2a 2e 00 49 6e 20 74 68 65 20 63 61 73 65	*mark-probability**..In.the.case
b3d60	20 79 6f 75 20 77 61 6e 74 20 74 6f 20 61 70 70 6c 79 20 73 6f 6d 65 20 6b 69 6e 64 20 6f 66 20	.you.want.to.apply.some.kind.of.
b3d80	2a 2a 73 68 61 70 69 6e 67 2a 2a 20 74 6f 20 79 6f 75 72 20 2a 2a 69 6e 62 6f 75 6e 64 2a 2a 20	**shaping**.to.your.**inbound**.
b3da0	74 72 61 66 66 69 63 2c 20 63 68 65 63 6b 20 74 68 65 20 69 6e 67 72 65 73 73 2d 73 68 61 70 69	traffic,.check.the.ingress-shapi
b3dc0	6e 67 5f 20 73 65 63 74 69 6f 6e 2e 00 49 6e 20 74 68 65 20 63 6f 6d 6d 61 6e 64 20 61 62 6f 76	ng_.section..In.the.command.abov
b3de0	65 2c 20 77 65 20 73 65 74 20 74 68 65 20 74 79 70 65 20 6f 66 20 70 6f 6c 69 63 79 20 77 65 20	e,.we.set.the.type.of.policy.we.
b3e00	61 72 65 20 67 6f 69 6e 67 20 74 6f 20 77 6f 72 6b 20 77 69 74 68 20 61 6e 64 20 74 68 65 20 6e	are.going.to.work.with.and.the.n
b3e20	61 6d 65 20 77 65 20 63 68 6f 6f 73 65 20 66 6f 72 20 69 74 3b 20 61 20 63 6c 61 73 73 20 28 73	ame.we.choose.for.it;.a.class.(s
b3e40	6f 20 74 68 61 74 20 77 65 20 63 61 6e 20 64 69 66 66 65 72 65 6e 74 69 61 74 65 20 73 6f 6d 65	o.that.we.can.differentiate.some
b3e60	20 74 72 61 66 66 69 63 29 20 61 6e 64 20 61 6e 20 69 64 65 6e 74 69 66 69 61 62 6c 65 20 6e 75	.traffic).and.an.identifiable.nu
b3e80	6d 62 65 72 20 66 6f 72 20 74 68 61 74 20 63 6c 61 73 73 3b 20 74 68 65 6e 20 77 65 20 63 6f 6e	mber.for.that.class;.then.we.con
b3ea0	66 69 67 75 72 65 20 61 20 6d 61 74 63 68 69 6e 67 20 72 75 6c 65 20 28 6f 72 20 66 69 6c 74 65	figure.a.matching.rule.(or.filte
b3ec0	72 29 20 61 6e 64 20 61 20 6e 61 6d 65 20 66 6f 72 20 69 74 2e 00 49 6e 20 74 68 65 20 65 78 61	r).and.a.name.for.it..In.the.exa
b3ee0	6d 70 6c 65 20 61 62 6f 76 65 2c 20 74 68 65 20 66 69 72 73 74 20 34 39 39 20 73 65 73 73 69 6f	mple.above,.the.first.499.sessio
b3f00	6e 73 20 63 6f 6e 6e 65 63 74 20 77 69 74 68 6f 75 74 20 64 65 6c 61 79 2e 20 50 41 44 4f 20 70	ns.connect.without.delay..PADO.p
b3f20	61 63 6b 65 74 73 20 77 69 6c 6c 20 62 65 20 64 65 6c 61 79 65 64 20 35 30 20 6d 73 20 66 6f 72	ackets.will.be.delayed.50.ms.for
b3f40	20 63 6f 6e 6e 65 63 74 69 6f 6e 20 66 72 6f 6d 20 35 30 30 20 74 6f 20 39 39 39 2c 20 74 68 69	.connection.from.500.to.999,.thi
b3f60	73 20 74 72 69 63 6b 20 61 6c 6c 6f 77 73 20 6f 74 68 65 72 20 50 50 50 6f 45 20 73 65 72 76 65	s.trick.allows.other.PPPoE.serve
b3f80	72 73 20 73 65 6e 64 20 50 41 44 4f 20 66 61 73 74 65 72 20 61 6e 64 20 63 6c 69 65 6e 74 73 20	rs.send.PADO.faster.and.clients.
b3fa0	77 69 6c 6c 20 63 6f 6e 6e 65 63 74 20 74 6f 20 6f 74 68 65 72 20 73 65 72 76 65 72 73 2e 20 4c	will.connect.to.other.servers..L
b3fc0	61 73 74 20 63 6f 6d 6d 61 6e 64 20 73 61 79 73 20 74 68 61 74 20 74 68 69 73 20 50 50 50 6f 45	ast.command.says.that.this.PPPoE
b3fe0	20 73 65 72 76 65 72 20 63 61 6e 20 73 65 72 76 65 20 6f 6e 6c 79 20 33 30 30 30 20 63 6c 69 65	.server.can.serve.only.3000.clie
b4000	6e 74 73 2e 00 49 6e 20 74 68 65 20 65 78 61 6d 70 6c 65 20 75 73 65 64 20 66 6f 72 20 74 68 65	nts..In.the.example.used.for.the
b4020	20 51 75 69 63 6b 20 53 74 61 72 74 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 62 6f 76 65	.Quick.Start.configuration.above
b4040	2c 20 77 65 20 64 65 6d 6f 6e 73 74 72 61 74 65 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 63	,.we.demonstrate.the.following.c
b4060	6f 6e 66 69 67 75 72 61 74 69 6f 6e 3a 00 49 6e 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 65	onfiguration:.In.the.following.e
b4080	78 61 6d 70 6c 65 20 77 65 20 63 61 6e 20 73 65 65 20 61 20 62 61 73 69 63 20 6d 75 6c 74 69 63	xample.we.can.see.a.basic.multic
b40a0	61 73 74 20 73 65 74 75 70 3a 00 49 6e 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 65 78 61 6d	ast.setup:.In.the.following.exam
b40c0	70 6c 65 2c 20 62 6f 74 68 20 60 55 73 65 72 31 60 20 61 6e 64 20 60 55 73 65 72 32 60 20 77 69	ple,.both.`User1`.and.`User2`.wi
b40e0	6c 6c 20 62 65 20 61 62 6c 65 20 74 6f 20 53 53 48 20 69 6e 74 6f 20 56 79 4f 53 20 61 73 20 75	ll.be.able.to.SSH.into.VyOS.as.u
b4100	73 65 72 20 60 60 76 79 6f 73 60 60 20 75 73 69 6e 67 20 74 68 65 69 72 20 76 65 72 79 20 6f 77	ser.``vyos``.using.their.very.ow
b4120	6e 20 6b 65 79 73 2e 20 60 55 73 65 72 31 60 20 69 73 20 72 65 73 74 72 69 63 74 65 64 20 74 6f	n.keys..`User1`.is.restricted.to
b4140	20 6f 6e 6c 79 20 62 65 20 61 62 6c 65 20 74 6f 20 63 6f 6e 6e 65 63 74 20 66 72 6f 6d 20 61 20	.only.be.able.to.connect.from.a.
b4160	73 69 6e 67 6c 65 20 49 50 20 61 64 64 72 65 73 73 2e 20 49 6e 20 61 64 64 69 74 69 6f 6e 20 69	single.IP.address..In.addition.i
b4180	66 20 70 61 73 73 77 6f 72 64 20 62 61 73 65 20 6c 6f 67 69 6e 20 69 73 20 77 61 6e 74 65 64 20	f.password.base.login.is.wanted.
b41a0	66 6f 72 20 74 68 65 20 60 60 76 79 6f 73 60 60 20 75 73 65 72 20 61 20 32 46 41 2f 4d 46 41 20	for.the.``vyos``.user.a.2FA/MFA.
b41c0	6b 65 79 63 6f 64 65 20 69 73 20 72 65 71 75 69 72 65 64 20 69 6e 20 61 64 64 69 74 69 6f 6e 20	keycode.is.required.in.addition.
b41e0	74 6f 20 74 68 65 20 70 61 73 73 77 6f 72 64 2e 00 49 6e 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e	to.the.password..In.the.followin
b4200	67 20 65 78 61 6d 70 6c 65 2c 20 74 68 65 20 49 50 73 20 66 6f 72 20 74 68 65 20 72 65 6d 6f 74	g.example,.the.IPs.for.the.remot
b4220	65 20 63 6c 69 65 6e 74 73 20 61 72 65 20 64 65 66 69 6e 65 64 20 69 6e 20 74 68 65 20 70 65 65	e.clients.are.defined.in.the.pee
b4240	72 73 2e 20 54 68 69 73 20 61 6c 6c 6f 77 73 20 74 68 65 20 70 65 65 72 73 20 74 6f 20 69 6e 74	rs..This.allows.the.peers.to.int
b4260	65 72 61 63 74 20 77 69 74 68 20 6f 6e 65 20 61 6e 6f 74 68 65 72 2e 20 49 6e 20 63 6f 6d 70 61	eract.with.one.another..In.compa
b4280	72 69 73 6f 6e 20 74 6f 20 74 68 65 20 73 69 74 65 2d 74 6f 2d 73 69 74 65 20 65 78 61 6d 70 6c	rison.to.the.site-to-site.exampl
b42a0	65 20 74 68 65 20 60 60 70 65 72 73 69 73 74 65 6e 74 2d 6b 65 65 70 61 6c 69 76 65 60 60 20 66	e.the.``persistent-keepalive``.f
b42c0	6c 61 67 20 69 73 20 73 65 74 20 74 6f 20 31 35 20 73 65 63 6f 6e 64 73 20 74 6f 20 61 73 73 75	lag.is.set.to.15.seconds.to.assu
b42e0	72 65 20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 69 73 20 6b 65 70 74 20 61 6c 69 76 65 2e	re.the.connection.is.kept.alive.
b4300	20 54 68 69 73 20 69 73 20 6d 61 69 6e 6c 79 20 72 65 6c 65 76 61 6e 74 20 69 66 20 6f 6e 65 20	.This.is.mainly.relevant.if.one.
b4320	6f 66 20 74 68 65 20 70 65 65 72 73 20 69 73 20 62 65 68 69 6e 64 20 4e 41 54 20 61 6e 64 20 63	of.the.peers.is.behind.NAT.and.c
b4340	61 6e 27 74 20 62 65 20 63 6f 6e 6e 65 63 74 65 64 20 74 6f 20 69 66 20 74 68 65 20 63 6f 6e 6e	an't.be.connected.to.if.the.conn
b4360	65 63 74 69 6f 6e 20 69 73 20 6c 6f 73 74 2e 20 54 6f 20 62 65 20 65 66 66 65 63 74 69 76 65 20	ection.is.lost..To.be.effective.
b4380	74 68 69 73 20 76 61 6c 75 65 20 6e 65 65 64 73 20 74 6f 20 62 65 20 6c 6f 77 65 72 20 74 68 61	this.value.needs.to.be.lower.tha
b43a0	6e 20 74 68 65 20 55 44 50 20 74 69 6d 65 6f 75 74 2e 00 49 6e 20 74 68 65 20 66 6f 6c 6c 6f 77	n.the.UDP.timeout..In.the.follow
b43c0	69 6e 67 20 65 78 61 6d 70 6c 65 2c 20 77 68 65 6e 20 56 4c 41 4e 39 20 74 72 61 6e 73 69 74 69	ing.example,.when.VLAN9.transiti
b43e0	6f 6e 73 2c 20 56 4c 41 4e 32 30 20 77 69 6c 6c 20 61 6c 73 6f 20 74 72 61 6e 73 69 74 69 6f 6e	ons,.VLAN20.will.also.transition
b4400	3a 00 49 6e 20 74 68 65 20 66 75 74 75 72 65 20 74 68 69 73 20 69 73 20 65 78 70 65 63 74 65 64	:.In.the.future.this.is.expected
b4420	20 74 6f 20 62 65 20 61 20 76 65 72 79 20 75 73 65 66 75 6c 20 70 72 6f 74 6f 63 6f 6c 20 28 74	.to.be.a.very.useful.protocol.(t
b4440	68 6f 75 67 68 20 74 68 65 72 65 20 61 72 65 20 60 6f 74 68 65 72 20 70 72 6f 70 6f 73 61 6c 73	hough.there.are.`other.proposals
b4460	60 5f 29 2e 00 49 6e 20 74 68 65 20 6e 65 78 74 20 65 78 61 6d 70 6c 65 20 61 6c 6c 20 74 72 61	`_)..In.the.next.example.all.tra
b4480	66 66 69 63 20 64 65 73 74 69 6e 65 64 20 74 6f 20 60 60 32 30 33 2e 30 2e 31 31 33 2e 31 60 60	ffic.destined.to.``203.0.113.1``
b44a0	20 61 6e 64 20 70 6f 72 74 20 60 60 38 32 38 30 60 60 20 70 72 6f 74 6f 63 6f 6c 20 54 43 50 20	.and.port.``8280``.protocol.TCP.
b44c0	69 73 20 62 61 6c 61 6e 63 65 64 20 62 65 74 77 65 65 6e 20 32 20 72 65 61 6c 20 73 65 72 76 65	is.balanced.between.2.real.serve
b44e0	72 73 20 60 60 31 39 32 2e 30 2e 32 2e 31 31 60 60 20 61 6e 64 20 60 60 31 39 32 2e 30 2e 32 2e	rs.``192.0.2.11``.and.``192.0.2.
b4500	31 32 60 60 20 74 6f 20 70 6f 72 74 20 60 60 38 30 60 60 00 49 6e 20 74 68 65 20 70 61 73 74 20	12``.to.port.``80``.In.the.past.
b4520	28 56 79 4f 53 20 31 2e 31 29 20 75 73 65 64 20 61 20 67 61 74 65 77 61 79 2d 61 64 64 72 65 73	(VyOS.1.1).used.a.gateway-addres
b4540	73 20 63 6f 6e 66 69 67 75 72 65 64 20 75 6e 64 65 72 20 74 68 65 20 73 79 73 74 65 6d 20 74 72	s.configured.under.the.system.tr
b4560	65 65 20 28 3a 63 66 67 63 6d 64 3a 60 73 65 74 20 73 79 73 74 65 6d 20 67 61 74 65 77 61 79 2d	ee.(:cfgcmd:`set.system.gateway-
b4580	61 64 64 72 65 73 73 20 3c 61 64 64 72 65 73 73 3e 60 29 2c 20 74 68 69 73 20 69 73 20 6e 6f 20	address.<address>`),.this.is.no.
b45a0	6c 6f 6e 67 65 72 20 73 75 70 70 6f 72 74 65 64 20 61 6e 64 20 65 78 69 73 74 69 6e 67 20 63 6f	longer.supported.and.existing.co
b45c0	6e 66 69 67 75 72 61 74 69 6f 6e 73 20 61 72 65 20 6d 69 67 72 61 74 65 64 20 74 6f 20 74 68 65	nfigurations.are.migrated.to.the
b45e0	20 6e 65 77 20 43 4c 49 20 63 6f 6d 6d 61 6e 64 2e 00 49 6e 20 74 68 69 73 20 63 6f 6d 6d 61 6e	.new.CLI.command..In.this.comman
b4600	64 20 74 72 65 65 2c 20 61 6c 6c 20 68 61 72 64 77 61 72 65 20 61 63 63 65 6c 65 72 61 74 69 6f	d.tree,.all.hardware.acceleratio
b4620	6e 20 6f 70 74 69 6f 6e 73 20 77 69 6c 6c 20 62 65 20 68 61 6e 64 6c 65 64 2e 20 41 74 20 74 68	n.options.will.be.handled..At.th
b4640	65 20 6d 6f 6d 65 6e 74 20 6f 6e 6c 79 20 60 49 6e 74 65 6c c2 ae 20 51 41 54 60 5f 20 69 73 20	e.moment.only.`Intel...QAT`_.is.
b4660	73 75 70 70 6f 72 74 65 64 00 49 6e 20 74 68 69 73 20 65 78 61 6d 70 6c 65 20 61 6c 6c 20 74 72	supported.In.this.example.all.tr
b4680	61 66 66 69 63 20 64 65 73 74 69 6e 65 64 20 74 6f 20 70 6f 72 74 73 20 22 38 30 2c 20 32 32 32	affic.destined.to.ports."80,.222
b46a0	32 2c 20 38 38 38 38 22 20 70 72 6f 74 6f 63 6f 6c 20 54 43 50 20 6d 61 72 6b 73 20 74 6f 20 66	2,.8888".protocol.TCP.marks.to.f
b46c0	77 6d 61 72 6b 20 22 31 31 31 22 20 61 6e 64 20 62 61 6c 61 6e 63 65 64 20 62 65 74 77 65 65 6e	wmark."111".and.balanced.between
b46e0	20 32 20 72 65 61 6c 20 73 65 72 76 65 72 73 2e 20 50 6f 72 74 20 22 30 22 20 69 73 20 72 65 71	.2.real.servers..Port."0".is.req
b4700	75 69 72 65 64 20 69 66 20 6d 75 6c 74 69 70 6c 65 20 70 6f 72 74 73 20 61 72 65 20 75 73 65 64	uired.if.multiple.ports.are.used
b4720	2e 00 49 6e 20 74 68 69 73 20 65 78 61 6d 70 6c 65 20 77 65 20 77 69 6c 6c 20 75 73 65 20 74 68	..In.this.example.we.will.use.th
b4740	65 20 6d 6f 73 74 20 63 6f 6d 70 6c 69 63 61 74 65 64 20 63 61 73 65 3a 20 61 20 73 65 74 75 70	e.most.complicated.case:.a.setup
b4760	20 77 68 65 72 65 20 65 61 63 68 20 63 6c 69 65 6e 74 20 69 73 20 61 20 72 6f 75 74 65 72 20 74	.where.each.client.is.a.router.t
b4780	68 61 74 20 68 61 73 20 69 74 73 20 6f 77 6e 20 73 75 62 6e 65 74 20 28 74 68 69 6e 6b 20 48 51	hat.has.its.own.subnet.(think.HQ
b47a0	20 61 6e 64 20 62 72 61 6e 63 68 20 6f 66 66 69 63 65 73 29 2c 20 73 69 6e 63 65 20 73 69 6d 70	.and.branch.offices),.since.simp
b47c0	6c 65 72 20 73 65 74 75 70 73 20 61 72 65 20 73 75 62 73 65 74 73 20 6f 66 20 69 74 2e 00 49 6e	ler.setups.are.subsets.of.it..In
b47e0	20 74 68 69 73 20 65 78 61 6d 70 6c 65 2c 20 73 6f 6d 65 20 2a 4f 70 65 6e 4e 49 43 2a 20 73 65	.this.example,.some.*OpenNIC*.se
b4800	72 76 65 72 73 20 61 72 65 20 75 73 65 64 2c 20 74 77 6f 20 49 50 76 34 20 61 64 64 72 65 73 73	rvers.are.used,.two.IPv4.address
b4820	65 73 20 61 6e 64 20 74 77 6f 20 49 50 76 36 20 61 64 64 72 65 73 73 65 73 3a 00 49 6e 20 74 68	es.and.two.IPv6.addresses:.In.th
b4840	69 73 20 65 78 61 6d 70 6c 65 2c 20 77 65 20 75 73 65 20 2a 2a 6d 61 73 71 75 65 72 61 64 65 2a	is.example,.we.use.**masquerade*
b4860	2a 20 61 73 20 74 68 65 20 74 72 61 6e 73 6c 61 74 69 6f 6e 20 61 64 64 72 65 73 73 20 69 6e 73	*.as.the.translation.address.ins
b4880	74 65 61 64 20 6f 66 20 61 6e 20 49 50 20 61 64 64 72 65 73 73 2e 20 54 68 65 20 2a 2a 6d 61 73	tead.of.an.IP.address..The.**mas
b48a0	71 75 65 72 61 64 65 2a 2a 20 74 61 72 67 65 74 20 69 73 20 65 66 66 65 63 74 69 76 65 6c 79 20	querade**.target.is.effectively.
b48c0	61 6e 20 61 6c 69 61 73 20 74 6f 20 73 61 79 20 22 75 73 65 20 77 68 61 74 65 76 65 72 20 49 50	an.alias.to.say."use.whatever.IP
b48e0	20 61 64 64 72 65 73 73 20 69 73 20 6f 6e 20 74 68 65 20 6f 75 74 67 6f 69 6e 67 20 69 6e 74 65	.address.is.on.the.outgoing.inte
b4900	72 66 61 63 65 22 2c 20 72 61 74 68 65 72 20 74 68 61 6e 20 61 20 73 74 61 74 69 63 61 6c 6c 79	rface",.rather.than.a.statically
b4920	20 63 6f 6e 66 69 67 75 72 65 64 20 49 50 20 61 64 64 72 65 73 73 2e 20 54 68 69 73 20 69 73 20	.configured.IP.address..This.is.
b4940	75 73 65 66 75 6c 20 69 66 20 79 6f 75 20 75 73 65 20 44 48 43 50 20 66 6f 72 20 79 6f 75 72 20	useful.if.you.use.DHCP.for.your.
b4960	6f 75 74 67 6f 69 6e 67 20 69 6e 74 65 72 66 61 63 65 20 61 6e 64 20 64 6f 20 6e 6f 74 20 6b 6e	outgoing.interface.and.do.not.kn
b4980	6f 77 20 77 68 61 74 20 74 68 65 20 65 78 74 65 72 6e 61 6c 20 61 64 64 72 65 73 73 20 77 69 6c	ow.what.the.external.address.wil
b49a0	6c 20 62 65 2e 00 49 6e 20 74 68 69 73 20 65 78 61 6d 70 6c 65 2c 20 77 65 20 77 69 6c 6c 20 62	l.be..In.this.example,.we.will.b
b49c0	65 20 75 73 69 6e 67 20 74 68 65 20 65 78 61 6d 70 6c 65 20 51 75 69 63 6b 20 53 74 61 72 74 20	e.using.the.example.Quick.Start.
b49e0	63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 62 6f 76 65 20 61 73 20 61 20 73 74 61 72 74 69 6e	configuration.above.as.a.startin
b4a00	67 20 70 6f 69 6e 74 2e 00 49 6e 20 74 68 69 73 20 6d 65 74 68 6f 64 2c 20 74 68 65 20 44 53 4c	g.point..In.this.method,.the.DSL
b4a20	20 4d 6f 64 65 6d 2f 52 6f 75 74 65 72 20 63 6f 6e 6e 65 63 74 73 20 74 6f 20 74 68 65 20 49 53	.Modem/Router.connects.to.the.IS
b4a40	50 20 66 6f 72 20 79 6f 75 20 77 69 74 68 20 79 6f 75 72 20 63 72 65 64 65 6e 74 69 61 6c 73 20	P.for.you.with.your.credentials.
b4a60	70 72 65 70 72 6f 67 72 61 6d 6d 65 64 20 69 6e 74 6f 20 74 68 65 20 64 65 76 69 63 65 2e 20 54	preprogrammed.into.the.device..T
b4a80	68 69 73 20 67 69 76 65 73 20 79 6f 75 20 61 6e 20 3a 72 66 63 3a 60 31 39 31 38 60 20 61 64 64	his.gives.you.an.:rfc:`1918`.add
b4aa0	72 65 73 73 2c 20 73 75 63 68 20 61 73 20 60 60 31 39 32 2e 31 36 38 2e 31 2e 30 2f 32 34 60 60	ress,.such.as.``192.168.1.0/24``
b4ac0	20 62 79 20 64 65 66 61 75 6c 74 2e 00 49 6e 20 74 68 69 73 20 73 63 65 6e 61 72 69 6f 3a 00 49	.by.default..In.this.scenario:.I
b4ae0	6e 20 74 72 61 6e 73 70 61 72 65 6e 74 20 70 72 6f 78 79 20 6d 6f 64 65 2c 20 61 6c 6c 20 74 72	n.transparent.proxy.mode,.all.tr
b4b00	61 66 66 69 63 20 61 72 72 69 76 69 6e 67 20 6f 6e 20 70 6f 72 74 20 38 30 20 61 6e 64 20 64 65	affic.arriving.on.port.80.and.de
b4b20	73 74 69 6e 65 64 20 66 6f 72 20 74 68 65 20 49 6e 74 65 72 6e 65 74 20 69 73 20 61 75 74 6f 6d	stined.for.the.Internet.is.autom
b4b40	61 74 69 63 61 6c 6c 79 20 66 6f 72 77 61 72 64 65 64 20 74 68 72 6f 75 67 68 20 74 68 65 20 70	atically.forwarded.through.the.p
b4b60	72 6f 78 79 2e 20 54 68 69 73 20 61 6c 6c 6f 77 73 20 69 6d 6d 65 64 69 61 74 65 20 70 72 6f 78	roxy..This.allows.immediate.prox
b4b80	79 20 66 6f 72 77 61 72 64 69 6e 67 20 77 69 74 68 6f 75 74 20 63 6f 6e 66 69 67 75 72 69 6e 67	y.forwarding.without.configuring
b4ba0	20 63 6c 69 65 6e 74 20 62 72 6f 77 73 65 72 73 2e 00 49 6e 20 74 79 70 69 63 61 6c 20 75 73 65	.client.browsers..In.typical.use
b4bc0	73 20 6f 66 20 53 4e 4d 50 2c 20 6f 6e 65 20 6f 72 20 6d 6f 72 65 20 61 64 6d 69 6e 69 73 74 72	s.of.SNMP,.one.or.more.administr
b4be0	61 74 69 76 65 20 63 6f 6d 70 75 74 65 72 73 20 63 61 6c 6c 65 64 20 6d 61 6e 61 67 65 72 73 20	ative.computers.called.managers.
b4c00	68 61 76 65 20 74 68 65 20 74 61 73 6b 20 6f 66 20 6d 6f 6e 69 74 6f 72 69 6e 67 20 6f 72 20 6d	have.the.task.of.monitoring.or.m
b4c20	61 6e 61 67 69 6e 67 20 61 20 67 72 6f 75 70 20 6f 66 20 68 6f 73 74 73 20 6f 72 20 64 65 76 69	anaging.a.group.of.hosts.or.devi
b4c40	63 65 73 20 6f 6e 20 61 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 2e 20 45 61 63 68 20	ces.on.a.computer.network..Each.
b4c60	6d 61 6e 61 67 65 64 20 73 79 73 74 65 6d 20 65 78 65 63 75 74 65 73 20 61 20 73 6f 66 74 77 61	managed.system.executes.a.softwa
b4c80	72 65 20 63 6f 6d 70 6f 6e 65 6e 74 20 63 61 6c 6c 65 64 20 61 6e 20 61 67 65 6e 74 20 77 68 69	re.component.called.an.agent.whi
b4ca0	63 68 20 72 65 70 6f 72 74 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 76 69 61 20 53 4e 4d 50 20	ch.reports.information.via.SNMP.
b4cc0	74 6f 20 74 68 65 20 6d 61 6e 61 67 65 72 2e 00 49 6e 20 7a 6f 6e 65 2d 62 61 73 65 64 20 70 6f	to.the.manager..In.zone-based.po
b4ce0	6c 69 63 79 2c 20 69 6e 74 65 72 66 61 63 65 73 20 61 72 65 20 61 73 73 69 67 6e 65 64 20 74 6f	licy,.interfaces.are.assigned.to
b4d00	20 7a 6f 6e 65 73 2c 20 61 6e 64 20 69 6e 73 70 65 63 74 69 6f 6e 20 70 6f 6c 69 63 79 20 69 73	.zones,.and.inspection.policy.is
b4d20	20 61 70 70 6c 69 65 64 20 74 6f 20 74 72 61 66 66 69 63 20 6d 6f 76 69 6e 67 20 62 65 74 77 65	.applied.to.traffic.moving.betwe
b4d40	65 6e 20 74 68 65 20 7a 6f 6e 65 73 20 61 6e 64 20 61 63 74 65 64 20 6f 6e 20 61 63 63 6f 72 64	en.the.zones.and.acted.on.accord
b4d60	69 6e 67 20 74 6f 20 66 69 72 65 77 61 6c 6c 20 72 75 6c 65 73 2e 20 41 20 5a 6f 6e 65 20 69 73	ing.to.firewall.rules..A.Zone.is
b4d80	20 61 20 67 72 6f 75 70 20 6f 66 20 69 6e 74 65 72 66 61 63 65 73 20 74 68 61 74 20 68 61 76 65	.a.group.of.interfaces.that.have
b4da0	20 73 69 6d 69 6c 61 72 20 66 75 6e 63 74 69 6f 6e 73 20 6f 72 20 66 65 61 74 75 72 65 73 2e 20	.similar.functions.or.features..
b4dc0	49 74 20 65 73 74 61 62 6c 69 73 68 65 73 20 74 68 65 20 73 65 63 75 72 69 74 79 20 62 6f 72 64	It.establishes.the.security.bord
b4de0	65 72 73 20 6f 66 20 61 20 6e 65 74 77 6f 72 6b 2e 20 41 20 7a 6f 6e 65 20 64 65 66 69 6e 65 73	ers.of.a.network..A.zone.defines
b4e00	20 61 20 62 6f 75 6e 64 61 72 79 20 77 68 65 72 65 20 74 72 61 66 66 69 63 20 69 73 20 73 75 62	.a.boundary.where.traffic.is.sub
b4e20	6a 65 63 74 65 64 20 74 6f 20 70 6f 6c 69 63 79 20 72 65 73 74 72 69 63 74 69 6f 6e 73 20 61 73	jected.to.policy.restrictions.as
b4e40	20 69 74 20 63 72 6f 73 73 65 73 20 74 6f 20 61 6e 6f 74 68 65 72 20 72 65 67 69 6f 6e 20 6f 66	.it.crosses.to.another.region.of
b4e60	20 61 20 6e 65 74 77 6f 72 6b 2e 00 49 6e 20 7a 6f 6e 65 2d 62 61 73 65 64 20 70 6f 6c 69 63 79	.a.network..In.zone-based.policy
b4e80	2c 20 69 6e 74 65 72 66 61 63 65 73 20 61 72 65 20 61 73 73 69 67 6e 65 64 20 74 6f 20 7a 6f 6e	,.interfaces.are.assigned.to.zon
b4ea0	65 73 2c 20 61 6e 64 20 69 6e 73 70 65 63 74 69 6f 6e 20 70 6f 6c 69 63 79 20 69 73 20 61 70 70	es,.and.inspection.policy.is.app
b4ec0	6c 69 65 64 20 74 6f 20 74 72 61 66 66 69 63 20 6d 6f 76 69 6e 67 20 62 65 74 77 65 65 6e 20 74	lied.to.traffic.moving.between.t
b4ee0	68 65 20 7a 6f 6e 65 73 20 61 6e 64 20 61 63 74 65 64 20 6f 6e 20 61 63 63 6f 72 64 69 6e 67 20	he.zones.and.acted.on.according.
b4f00	74 6f 20 66 69 72 65 77 61 6c 6c 20 72 75 6c 65 73 2e 20 41 20 7a 6f 6e 65 20 69 73 20 61 20 67	to.firewall.rules..A.zone.is.a.g
b4f20	72 6f 75 70 20 6f 66 20 69 6e 74 65 72 66 61 63 65 73 20 74 68 61 74 20 68 61 76 65 20 73 69 6d	roup.of.interfaces.that.have.sim
b4f40	69 6c 61 72 20 66 75 6e 63 74 69 6f 6e 73 20 6f 72 20 66 65 61 74 75 72 65 73 2e 20 49 74 20 65	ilar.functions.or.features..It.e
b4f60	73 74 61 62 6c 69 73 68 65 73 20 74 68 65 20 73 65 63 75 72 69 74 79 20 62 6f 72 64 65 72 73 20	stablishes.the.security.borders.
b4f80	6f 66 20 61 20 6e 65 74 77 6f 72 6b 2e 20 41 20 7a 6f 6e 65 20 64 65 66 69 6e 65 73 20 61 20 62	of.a.network..A.zone.defines.a.b
b4fa0	6f 75 6e 64 61 72 79 20 77 68 65 72 65 20 74 72 61 66 66 69 63 20 69 73 20 73 75 62 6a 65 63 74	oundary.where.traffic.is.subject
b4fc0	65 64 20 74 6f 20 70 6f 6c 69 63 79 20 72 65 73 74 72 69 63 74 69 6f 6e 73 20 61 73 20 69 74 20	ed.to.policy.restrictions.as.it.
b4fe0	63 72 6f 73 73 65 73 20 74 6f 20 61 6e 6f 74 68 65 72 20 72 65 67 69 6f 6e 20 6f 66 20 61 20 6e	crosses.to.another.region.of.a.n
b5000	65 74 77 6f 72 6b 2e 00 49 6e 62 6f 75 6e 64 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 74 6f 20 61	etwork..Inbound.connections.to.a
b5020	20 57 41 4e 20 69 6e 74 65 72 66 61 63 65 20 63 61 6e 20 62 65 20 69 6d 70 72 6f 70 65 72 6c 79	.WAN.interface.can.be.improperly
b5040	20 68 61 6e 64 6c 65 64 20 77 68 65 6e 20 74 68 65 20 72 65 70 6c 79 20 69 73 20 73 65 6e 74 20	.handled.when.the.reply.is.sent.
b5060	62 61 63 6b 20 74 6f 20 74 68 65 20 63 6c 69 65 6e 74 2e 00 49 6e 63 6f 6d 69 6e 67 20 74 72 61	back.to.the.client..Incoming.tra
b5080	66 66 69 63 20 69 73 20 72 65 63 65 69 76 65 64 20 62 79 20 74 68 65 20 63 75 72 72 65 6e 74 20	ffic.is.received.by.the.current.
b50a0	73 6c 61 76 65 2e 20 49 66 20 74 68 65 20 72 65 63 65 69 76 69 6e 67 20 73 6c 61 76 65 20 66 61	slave..If.the.receiving.slave.fa
b50c0	69 6c 73 2c 20 61 6e 6f 74 68 65 72 20 73 6c 61 76 65 20 74 61 6b 65 73 20 6f 76 65 72 20 74 68	ils,.another.slave.takes.over.th
b50e0	65 20 4d 41 43 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 66 61 69 6c 65 64 20 72 65 63 65	e.MAC.address.of.the.failed.rece
b5100	69 76 69 6e 67 20 73 6c 61 76 65 2e 00 49 6e 63 72 65 61 73 65 20 4d 61 78 69 6d 75 6d 20 4d 50	iving.slave..Increase.Maximum.MP
b5120	44 55 20 6c 65 6e 67 74 68 20 74 6f 20 37 39 39 31 20 6f 72 20 31 31 34 35 34 20 6f 63 74 65 74	DU.length.to.7991.or.11454.octet
b5140	73 20 28 64 65 66 61 75 6c 74 20 33 38 39 35 20 6f 63 74 65 74 73 29 00 49 6e 64 69 63 61 74 69	s.(default.3895.octets).Indicati
b5160	6f 6e 00 49 6e 64 69 76 69 64 75 61 6c 20 43 6c 69 65 6e 74 20 53 75 62 6e 65 74 00 49 6e 66 6f	on.Individual.Client.Subnet.Info
b5180	72 6d 20 63 6c 69 65 6e 74 20 74 68 61 74 20 74 68 65 20 44 4e 53 20 73 65 72 76 65 72 20 63 61	rm.client.that.the.DNS.server.ca
b51a0	6e 20 62 65 20 66 6f 75 6e 64 20 61 74 20 60 3c 61 64 64 72 65 73 73 3e 60 2e 00 49 6e 66 6f 72	n.be.found.at.`<address>`..Infor
b51c0	6d 61 74 69 6f 6e 20 67 61 74 68 65 72 65 64 20 77 69 74 68 20 4c 4c 44 50 20 69 73 20 73 74 6f	mation.gathered.with.LLDP.is.sto
b51e0	72 65 64 20 69 6e 20 74 68 65 20 64 65 76 69 63 65 20 61 73 20 61 20 3a 61 62 62 72 3a 60 4d 49	red.in.the.device.as.a.:abbr:`MI
b5200	42 20 28 4d 61 6e 61 67 65 6d 65 6e 74 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 20 44 61 74 61 62 61	B.(Management.Information.Databa
b5220	73 65 29 60 20 61 6e 64 20 63 61 6e 20 62 65 20 71 75 65 72 69 65 64 20 77 69 74 68 20 3a 61 62	se)`.and.can.be.queried.with.:ab
b5240	62 72 3a 60 53 4e 4d 50 20 28 53 69 6d 70 6c 65 20 4e 65 74 77 6f 72 6b 20 4d 61 6e 61 67 65 6d	br:`SNMP.(Simple.Network.Managem
b5260	65 6e 74 20 50 72 6f 74 6f 63 6f 6c 29 60 20 61 73 20 73 70 65 63 69 66 69 65 64 20 69 6e 20 3a	ent.Protocol)`.as.specified.in.:
b5280	72 66 63 3a 60 32 39 32 32 60 2e 20 54 68 65 20 74 6f 70 6f 6c 6f 67 79 20 6f 66 20 61 6e 20 4c	rfc:`2922`..The.topology.of.an.L
b52a0	4c 44 50 2d 65 6e 61 62 6c 65 64 20 6e 65 74 77 6f 72 6b 20 63 61 6e 20 62 65 20 64 69 73 63 6f	LDP-enabled.network.can.be.disco
b52c0	76 65 72 65 64 20 62 79 20 63 72 61 77 6c 69 6e 67 20 74 68 65 20 68 6f 73 74 73 20 61 6e 64 20	vered.by.crawling.the.hosts.and.
b52e0	71 75 65 72 79 69 6e 67 20 74 68 69 73 20 64 61 74 61 62 61 73 65 2e 20 49 6e 66 6f 72 6d 61 74	querying.this.database..Informat
b5300	69 6f 6e 20 74 68 61 74 20 6d 61 79 20 62 65 20 72 65 74 72 69 65 76 65 64 20 69 6e 63 6c 75 64	ion.that.may.be.retrieved.includ
b5320	65 3a 00 49 6e 66 6f 72 6d 61 74 69 6f 6e 61 6c 00 49 6e 66 6f 72 6d 61 74 69 6f 6e 61 6c 20 6d	e:.Informational.Informational.m
b5340	65 73 73 61 67 65 73 00 49 6e 70 75 74 20 66 72 6f 6d 20 60 65 74 68 30 60 20 6e 65 74 77 6f 72	essages.Input.from.`eth0`.networ
b5360	6b 20 69 6e 74 65 72 66 61 63 65 00 49 6e 73 74 61 6c 6c 20 74 68 65 20 63 6c 69 65 6e 74 20 73	k.interface.Install.the.client.s
b5380	6f 66 74 77 61 72 65 20 76 69 61 20 61 70 74 20 61 6e 64 20 65 78 65 63 75 74 65 20 70 70 74 70	oftware.via.apt.and.execute.pptp
b53a0	73 65 74 75 70 20 74 6f 20 67 65 6e 65 72 61 74 65 20 74 68 65 20 63 6f 6e 66 69 67 75 72 61 74	setup.to.generate.the.configurat
b53c0	69 6f 6e 2e 00 49 6e 73 74 65 61 64 20 6f 66 20 61 20 6e 75 6d 65 72 69 63 61 6c 20 4d 53 53 20	ion..Instead.of.a.numerical.MSS.
b53e0	76 61 6c 75 65 20 60 63 6c 61 6d 70 2d 6d 73 73 2d 74 6f 2d 70 6d 74 75 60 20 63 61 6e 20 62 65	value.`clamp-mss-to-pmtu`.can.be
b5400	20 75 73 65 64 20 74 6f 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 73 65 74 20 74 68 65 20 70	.used.to.automatically.set.the.p
b5420	72 6f 70 65 72 20 76 61 6c 75 65 2e 00 49 6e 73 74 65 61 64 20 6f 66 20 70 61 73 73 77 6f 72 64	roper.value..Instead.of.password
b5440	20 6f 6e 6c 79 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 2c 20 32 46 41 20 70 61 73 73 77 6f	.only.authentication,.2FA.passwo
b5460	72 64 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 2b 20 4f 54 50 20 6b 65 79 20 63 61 6e 20	rd.authentication.+.OTP.key.can.
b5480	62 65 20 75 73 65 64 2e 20 41 6c 74 65 72 6e 61 74 69 76 65 6c 79 2c 20 4f 54 50 20 61 75 74 68	be.used..Alternatively,.OTP.auth
b54a0	65 6e 74 69 63 61 74 69 6f 6e 20 6f 6e 6c 79 2c 20 77 69 74 68 6f 75 74 20 61 20 70 61 73 73 77	entication.only,.without.a.passw
b54c0	6f 72 64 2c 20 63 61 6e 20 62 65 20 75 73 65 64 2e 20 54 6f 20 64 6f 20 74 68 69 73 2c 20 61 6e	ord,.can.be.used..To.do.this,.an
b54e0	20 4f 54 50 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6d 75 73 74 20 62 65 20 61 64 64 65 64	.OTP.configuration.must.be.added
b5500	20 74 6f 20 74 68 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 62 6f 76 65 3a 00 49 6e 73	.to.the.configuration.above:.Ins
b5520	74 65 61 64 20 6f 66 20 73 65 6e 64 69 6e 67 20 74 68 65 20 72 65 61 6c 20 73 79 73 74 65 6d 20	tead.of.sending.the.real.system.
b5540	68 6f 73 74 6e 61 6d 65 20 74 6f 20 74 68 65 20 44 48 43 50 20 73 65 72 76 65 72 2c 20 6f 76 65	hostname.to.the.DHCP.server,.ove
b5560	72 77 72 69 74 65 20 74 68 65 20 68 6f 73 74 2d 6e 61 6d 65 20 77 69 74 68 20 74 68 69 73 20 67	rwrite.the.host-name.with.this.g
b5580	69 76 65 6e 2d 76 61 6c 75 65 2e 00 49 6e 74 65 67 72 69 74 79 20 e2 80 93 20 4d 65 73 73 61 67	iven-value..Integrity.....Messag
b55a0	65 20 69 6e 74 65 67 72 69 74 79 20 74 6f 20 65 6e 73 75 72 65 20 74 68 61 74 20 61 20 70 61 63	e.integrity.to.ensure.that.a.pac
b55c0	6b 65 74 20 68 61 73 20 6e 6f 74 20 62 65 65 6e 20 74 61 6d 70 65 72 65 64 20 77 68 69 6c 65 20	ket.has.not.been.tampered.while.
b55e0	69 6e 20 74 72 61 6e 73 69 74 20 69 6e 63 6c 75 64 69 6e 67 20 61 6e 20 6f 70 74 69 6f 6e 61 6c	in.transit.including.an.optional
b5600	20 70 61 63 6b 65 74 20 72 65 70 6c 61 79 20 70 72 6f 74 65 63 74 69 6f 6e 20 6d 65 63 68 61 6e	.packet.replay.protection.mechan
b5620	69 73 6d 2e 00 49 6e 74 65 6c 20 41 58 32 30 30 00 49 6e 74 65 6c c2 ae 20 51 41 54 00 49 6e 74	ism..Intel.AX200.Intel...QAT.Int
b5640	65 72 63 6f 6e 6e 65 63 74 20 74 68 65 20 67 6c 6f 62 61 6c 20 56 52 46 20 77 69 74 68 20 76 72	erconnect.the.global.VRF.with.vr
b5660	66 20 22 72 65 64 22 20 75 73 69 6e 67 20 74 68 65 20 76 65 74 68 31 30 20 3c 2d 3e 20 76 65 74	f."red".using.the.veth10.<->.vet
b5680	68 20 31 31 20 70 61 69 72 00 49 6e 74 65 72 66 61 63 65 20 43 6f 6e 66 69 67 75 72 61 74 69 6f	h.11.pair.Interface.Configuratio
b56a0	6e 00 49 6e 74 65 72 66 61 63 65 20 47 72 6f 75 70 73 00 49 6e 74 65 72 66 61 63 65 20 52 6f 75	n.Interface.Groups.Interface.Rou
b56c0	74 65 73 00 49 6e 74 65 72 66 61 63 65 20 60 65 74 68 31 60 20 4c 41 4e 20 69 73 20 62 65 68 69	tes.Interface.`eth1`.LAN.is.behi
b56e0	6e 64 20 4e 41 54 2e 20 49 6e 20 6f 72 64 65 72 20 74 6f 20 73 75 62 73 63 72 69 62 65 20 60 31	nd.NAT..In.order.to.subscribe.`1
b5700	30 2e 30 2e 30 2e 30 2f 32 33 60 20 73 75 62 6e 65 74 20 6d 75 6c 74 69 63 61 73 74 20 77 68 69	0.0.0.0/23`.subnet.multicast.whi
b5720	63 68 20 69 73 20 69 6e 20 60 65 74 68 30 60 20 57 41 4e 20 77 65 20 6e 65 65 64 20 74 6f 20 63	ch.is.in.`eth0`.WAN.we.need.to.c
b5740	6f 6e 66 69 67 75 72 65 20 69 67 6d 70 2d 70 72 6f 78 79 2e 00 49 6e 74 65 72 66 61 63 65 20 63	onfigure.igmp-proxy..Interface.c
b5760	6f 6e 66 69 67 75 72 61 74 69 6f 6e 00 49 6e 74 65 72 66 61 63 65 20 66 6f 72 20 44 48 43 50 20	onfiguration.Interface.for.DHCP.
b5780	52 65 6c 61 79 20 41 67 65 6e 74 20 74 6f 20 66 6f 72 77 61 72 64 20 72 65 71 75 65 73 74 73 20	Relay.Agent.to.forward.requests.
b57a0	6f 75 74 2e 00 49 6e 74 65 72 66 61 63 65 20 66 6f 72 20 44 48 43 50 20 52 65 6c 61 79 20 41 67	out..Interface.for.DHCP.Relay.Ag
b57c0	65 6e 74 20 74 6f 20 6c 69 73 74 65 6e 20 66 6f 72 20 72 65 71 75 65 73 74 73 2e 00 49 6e 74 65	ent.to.listen.for.requests..Inte
b57e0	72 66 61 63 65 20 74 6f 20 75 73 65 20 66 6f 72 20 73 79 6e 63 69 6e 67 20 63 6f 6e 6e 74 72 61	rface.to.use.for.syncing.conntra
b5800	63 6b 20 65 6e 74 72 69 65 73 2e 00 49 6e 74 65 72 66 61 63 65 20 75 73 65 64 20 66 6f 72 20 56	ck.entries..Interface.used.for.V
b5820	58 4c 41 4e 20 75 6e 64 65 72 6c 61 79 2e 20 54 68 69 73 20 69 73 20 6d 61 6e 64 61 74 6f 72 79	XLAN.underlay..This.is.mandatory
b5840	20 77 68 65 6e 20 75 73 69 6e 67 20 56 58 4c 41 4e 20 76 69 61 20 61 20 6d 75 6c 74 69 63 61 73	.when.using.VXLAN.via.a.multicas
b5860	74 20 6e 65 74 77 6f 72 6b 2e 20 56 58 4c 41 4e 20 74 72 61 66 66 69 63 20 77 69 6c 6c 20 61 6c	t.network..VXLAN.traffic.will.al
b5880	77 61 79 73 20 65 6e 74 65 72 20 61 6e 64 20 65 78 69 74 20 74 68 69 73 20 69 6e 74 65 72 66 61	ways.enter.and.exit.this.interfa
b58a0	63 65 2e 00 49 6e 74 65 72 66 61 63 65 20 77 65 69 67 68 74 00 49 6e 74 65 72 66 61 63 65 73 00	ce..Interface.weight.Interfaces.
b58c0	49 6e 74 65 72 66 61 63 65 73 20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 00 49 6e 74 65 72 66 61	Interfaces.Configuration.Interfa
b58e0	63 65 73 20 74 68 61 74 20 70 61 72 74 69 63 69 70 61 74 65 20 69 6e 20 74 68 65 20 44 48 43 50	ces.that.participate.in.the.DHCP
b5900	20 72 65 6c 61 79 20 70 72 6f 63 65 73 73 2e 20 49 66 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20	.relay.process..If.this.command.
b5920	69 73 20 75 73 65 64 2c 20 61 74 20 6c 65 61 73 74 20 74 77 6f 20 65 6e 74 72 69 65 73 20 6f 66	is.used,.at.least.two.entries.of
b5940	20 69 74 20 61 72 65 20 72 65 71 75 69 72 65 64 3a 20 6f 6e 65 20 66 6f 72 20 74 68 65 20 69 6e	.it.are.required:.one.for.the.in
b5960	74 65 72 66 61 63 65 20 74 68 61 74 20 63 61 70 74 75 72 65 73 20 74 68 65 20 64 68 63 70 2d 72	terface.that.captures.the.dhcp-r
b5980	65 71 75 65 73 74 73 2c 20 61 6e 64 20 6f 6e 65 20 66 6f 72 20 74 68 65 20 69 6e 74 65 72 66 61	equests,.and.one.for.the.interfa
b59a0	63 65 20 74 6f 20 66 6f 72 77 61 72 64 20 73 75 63 68 20 72 65 71 75 65 73 74 73 2e 20 41 20 77	ce.to.forward.such.requests..A.w
b59c0	61 72 6e 69 6e 67 20 6d 65 73 73 61 67 65 20 77 69 6c 6c 20 62 65 20 73 68 6f 77 6e 20 69 66 20	arning.message.will.be.shown.if.
b59e0	74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 69 73 20 75 73 65 64 2c 20 73 69 6e 63 65 20 6e 65 77 20	this.command.is.used,.since.new.
b5a00	69 6d 70 6c 65 6d 65 6e 74 61 74 69 6f 6e 73 20 73 68 6f 75 6c 64 20 75 73 65 20 60 60 6c 69 73	implementations.should.use.``lis
b5a20	74 65 6e 2d 69 6e 74 65 72 66 61 63 65 60 60 20 61 6e 64 20 60 60 75 70 73 74 72 65 61 6d 2d 69	ten-interface``.and.``upstream-i
b5a40	6e 74 65 72 66 61 63 65 60 60 2e 00 49 6e 74 65 72 66 61 63 65 73 20 77 68 6f 73 65 20 44 48 43	nterface``..Interfaces.whose.DHC
b5a60	50 20 63 6c 69 65 6e 74 20 6e 61 6d 65 73 65 72 76 65 72 73 20 74 6f 20 66 6f 72 77 61 72 64 20	P.client.nameservers.to.forward.
b5a80	72 65 71 75 65 73 74 73 20 74 6f 2e 00 49 6e 74 65 72 66 61 63 65 73 2c 20 74 68 65 69 72 20 77	requests.to..Interfaces,.their.w
b5aa0	65 69 67 68 74 20 61 6e 64 20 74 68 65 20 74 79 70 65 20 6f 66 20 74 72 61 66 66 69 63 20 74 6f	eight.and.the.type.of.traffic.to
b5ac0	20 62 65 20 62 61 6c 61 6e 63 65 64 20 61 72 65 20 64 65 66 69 6e 65 64 20 69 6e 20 6e 75 6d 62	.be.balanced.are.defined.in.numb
b5ae0	65 72 65 64 20 62 61 6c 61 6e 63 69 6e 67 20 72 75 6c 65 20 73 65 74 73 2e 20 54 68 65 20 72 75	ered.balancing.rule.sets..The.ru
b5b00	6c 65 20 73 65 74 73 20 61 72 65 20 65 78 65 63 75 74 65 64 20 69 6e 20 6e 75 6d 65 72 69 63 61	le.sets.are.executed.in.numerica
b5b20	6c 20 6f 72 64 65 72 20 61 67 61 69 6e 73 74 20 6f 75 74 67 6f 69 6e 67 20 70 61 63 6b 65 74 73	l.order.against.outgoing.packets
b5b40	2e 20 49 6e 20 63 61 73 65 20 6f 66 20 61 20 6d 61 74 63 68 20 74 68 65 20 70 61 63 6b 65 74 20	..In.case.of.a.match.the.packet.
b5b60	69 73 20 73 65 6e 74 20 74 68 72 6f 75 67 68 20 61 6e 20 69 6e 74 65 72 66 61 63 65 20 73 70 65	is.sent.through.an.interface.spe
b5b80	63 69 66 69 65 64 20 69 6e 20 74 68 65 20 6d 61 74 63 68 69 6e 67 20 72 75 6c 65 2e 20 49 66 20	cified.in.the.matching.rule..If.
b5ba0	61 20 70 61 63 6b 65 74 20 64 6f 65 73 6e 27 74 20 6d 61 74 63 68 20 61 6e 79 20 72 75 6c 65 20	a.packet.doesn't.match.any.rule.
b5bc0	69 74 20 69 73 20 73 65 6e 74 20 62 79 20 75 73 69 6e 67 20 74 68 65 20 73 79 73 74 65 6d 20 72	it.is.sent.by.using.the.system.r
b5be0	6f 75 74 69 6e 67 20 74 61 62 6c 65 2e 20 52 75 6c 65 20 6e 75 6d 62 65 72 73 20 63 61 6e 27 74	outing.table..Rule.numbers.can't
b5c00	20 62 65 20 63 68 61 6e 67 65 64 2e 00 49 6e 74 65 72 6e 61 6c 6c 79 2c 20 69 6e 20 66 6c 6f 77	.be.changed..Internally,.in.flow
b5c20	2d 61 63 63 6f 75 6e 74 69 6e 67 20 70 72 6f 63 65 73 73 65 73 20 65 78 69 73 74 20 61 20 62 75	-accounting.processes.exist.a.bu
b5c40	66 66 65 72 20 66 6f 72 20 64 61 74 61 20 65 78 63 68 61 6e 67 69 6e 67 20 62 65 74 77 65 65 6e	ffer.for.data.exchanging.between
b5c60	20 63 6f 72 65 20 70 72 6f 63 65 73 73 20 61 6e 64 20 70 6c 75 67 69 6e 73 20 28 65 61 63 68 20	.core.process.and.plugins.(each.
b5c80	65 78 70 6f 72 74 20 74 61 72 67 65 74 20 69 73 20 61 20 73 65 70 61 72 61 74 65 64 20 70 6c 75	export.target.is.a.separated.plu
b5ca0	67 69 6e 29 2e 20 49 66 20 79 6f 75 20 68 61 76 65 20 68 69 67 68 20 74 72 61 66 66 69 63 20 6c	gin)..If.you.have.high.traffic.l
b5cc0	65 76 65 6c 73 20 6f 72 20 6e 6f 74 65 64 20 73 6f 6d 65 20 70 72 6f 62 6c 65 6d 73 20 77 69 74	evels.or.noted.some.problems.wit
b5ce0	68 20 6d 69 73 73 65 64 20 72 65 63 6f 72 64 73 20 6f 72 20 73 74 6f 70 70 69 6e 67 20 65 78 70	h.missed.records.or.stopping.exp
b5d00	6f 72 74 69 6e 67 2c 20 79 6f 75 20 6d 61 79 20 74 72 79 20 74 6f 20 69 6e 63 72 65 61 73 65 20	orting,.you.may.try.to.increase.
b5d20	61 20 64 65 66 61 75 6c 74 20 62 75 66 66 65 72 20 73 69 7a 65 20 28 31 30 20 4d 69 42 29 20 77	a.default.buffer.size.(10.MiB).w
b5d40	69 74 68 20 74 68 65 20 6e 65 78 74 20 63 6f 6d 6d 61 6e 64 3a 00 49 6e 74 65 72 6e 65 74 77 6f	ith.the.next.command:.Internetwo
b5d60	72 6b 20 43 6f 6e 74 72 6f 6c 00 49 6e 74 65 72 76 61 6c 00 49 6e 74 65 72 76 61 6c 20 69 6e 20	rk.Control.Interval.Interval.in.
b5d80	6d 69 6c 6c 69 73 65 63 6f 6e 64 73 00 49 6e 74 65 72 76 61 6c 20 69 6e 20 6d 69 6e 75 74 65 73	milliseconds.Interval.in.minutes
b5da0	20 62 65 74 77 65 65 6e 20 75 70 64 61 74 65 73 20 28 64 65 66 61 75 6c 74 3a 20 36 30 29 00 49	.between.updates.(default:.60).I
b5dc0	6e 74 72 6f 64 75 63 69 6e 67 20 72 6f 75 74 65 20 72 65 66 6c 65 63 74 6f 72 73 20 72 65 6d 6f	ntroducing.route.reflectors.remo
b5de0	76 65 73 20 74 68 65 20 6e 65 65 64 20 66 6f 72 20 74 68 65 20 66 75 6c 6c 2d 6d 65 73 68 2e 20	ves.the.need.for.the.full-mesh..
b5e00	57 68 65 6e 20 79 6f 75 20 63 6f 6e 66 69 67 75 72 65 20 61 20 72 6f 75 74 65 20 72 65 66 6c 65	When.you.configure.a.route.refle
b5e20	63 74 6f 72 20 79 6f 75 20 68 61 76 65 20 74 6f 20 74 65 6c 6c 20 74 68 65 20 72 6f 75 74 65 72	ctor.you.have.to.tell.the.router
b5e40	20 77 68 65 74 68 65 72 20 74 68 65 20 6f 74 68 65 72 20 49 42 47 50 20 72 6f 75 74 65 72 20 69	.whether.the.other.IBGP.router.i
b5e60	73 20 61 20 63 6c 69 65 6e 74 20 6f 72 20 6e 6f 6e 2d 63 6c 69 65 6e 74 2e 20 41 20 63 6c 69 65	s.a.client.or.non-client..A.clie
b5e80	6e 74 20 69 73 20 61 6e 20 49 42 47 50 20 72 6f 75 74 65 72 20 74 68 61 74 20 74 68 65 20 72 6f	nt.is.an.IBGP.router.that.the.ro
b5ea0	75 74 65 20 72 65 66 6c 65 63 74 6f 72 20 77 69 6c 6c 20 e2 80 9c 72 65 66 6c 65 63 74 e2 80 9d	ute.reflector.will....reflect...
b5ec0	20 72 6f 75 74 65 73 20 74 6f 2c 20 74 68 65 20 6e 6f 6e 2d 63 6c 69 65 6e 74 20 69 73 20 6a 75	.routes.to,.the.non-client.is.ju
b5ee0	73 74 20 61 20 72 65 67 75 6c 61 72 20 49 42 47 50 20 6e 65 69 67 68 62 6f 72 2e 20 52 6f 75 74	st.a.regular.IBGP.neighbor..Rout
b5f00	65 20 72 65 66 6c 65 63 74 6f 72 73 20 6d 65 63 68 61 6e 69 73 6d 20 69 73 20 64 65 73 63 72 69	e.reflectors.mechanism.is.descri
b5f20	62 65 64 20 69 6e 20 3a 72 66 63 3a 60 34 34 35 36 60 20 61 6e 64 20 75 70 64 61 74 65 64 20 62	bed.in.:rfc:`4456`.and.updated.b
b5f40	79 20 3a 72 66 63 3a 60 37 36 30 36 60 2e 00 49 74 20 64 69 73 61 62 6c 65 73 20 74 72 61 6e 73	y.:rfc:`7606`..It.disables.trans
b5f60	70 61 72 65 6e 74 20 68 75 67 65 20 70 61 67 65 73 2c 20 61 6e 64 20 61 75 74 6f 6d 61 74 69 63	parent.huge.pages,.and.automatic
b5f80	20 4e 55 4d 41 20 62 61 6c 61 6e 63 69 6e 67 2e 20 49 74 20 61 6c 73 6f 20 75 73 65 73 20 63 70	.NUMA.balancing..It.also.uses.cp
b5fa0	75 70 6f 77 65 72 20 74 6f 20 73 65 74 20 74 68 65 20 70 65 72 66 6f 72 6d 61 6e 63 65 20 63 70	upower.to.set.the.performance.cp
b5fc0	75 66 72 65 71 20 67 6f 76 65 72 6e 6f 72 2c 20 61 6e 64 20 72 65 71 75 65 73 74 73 20 61 20 63	ufreq.governor,.and.requests.a.c
b5fe0	70 75 5f 64 6d 61 5f 6c 61 74 65 6e 63 79 20 76 61 6c 75 65 20 6f 66 20 31 2e 20 49 74 20 61 6c	pu_dma_latency.value.of.1..It.al
b6000	73 6f 20 73 65 74 73 20 62 75 73 79 5f 72 65 61 64 20 61 6e 64 20 62 75 73 79 5f 70 6f 6c 6c 20	so.sets.busy_read.and.busy_poll.
b6020	74 69 6d 65 73 20 74 6f 20 35 30 20 75 73 2c 20 61 6e 64 20 74 63 70 5f 66 61 73 74 6f 70 65 6e	times.to.50.us,.and.tcp_fastopen
b6040	20 74 6f 20 33 2e 00 49 74 20 65 6e 61 62 6c 65 73 20 74 72 61 6e 73 70 61 72 65 6e 74 20 68 75	.to.3..It.enables.transparent.hu
b6060	67 65 20 70 61 67 65 73 2c 20 61 6e 64 20 75 73 65 73 20 63 70 75 70 6f 77 65 72 20 74 6f 20 73	ge.pages,.and.uses.cpupower.to.s
b6080	65 74 20 74 68 65 20 70 65 72 66 6f 72 6d 61 6e 63 65 20 63 70 75 66 72 65 71 20 67 6f 76 65 72	et.the.performance.cpufreq.gover
b60a0	6e 6f 72 2e 20 49 74 20 61 6c 73 6f 20 73 65 74 73 20 60 60 6b 65 72 6e 65 6c 2e 73 63 68 65 64	nor..It.also.sets.``kernel.sched
b60c0	5f 6d 69 6e 5f 67 72 61 6e 75 6c 61 72 69 74 79 5f 6e 73 60 60 20 74 6f 20 31 30 20 75 73 2c 20	_min_granularity_ns``.to.10.us,.
b60e0	60 60 6b 65 72 6e 65 6c 2e 73 63 68 65 64 5f 77 61 6b 65 75 70 5f 67 72 61 6e 75 6c 61 72 69 74	``kernel.sched_wakeup_granularit
b6100	79 5f 6e 73 60 60 20 74 6f 20 31 35 20 75 73 73 2c 20 61 6e 64 20 60 60 76 6d 2e 64 69 72 74 79	y_ns``.to.15.uss,.and.``vm.dirty
b6120	5f 72 61 74 69 6f 60 60 20 74 6f 20 34 30 25 2e 00 49 74 20 67 65 6e 65 72 61 74 65 73 20 74 68	_ratio``.to.40%..It.generates.th
b6140	65 20 6b 65 79 70 61 69 72 2c 20 77 68 69 63 68 20 69 6e 63 6c 75 64 65 73 20 74 68 65 20 70 75	e.keypair,.which.includes.the.pu
b6160	62 6c 69 63 20 61 6e 64 20 70 72 69 76 61 74 65 20 70 61 72 74 73 2e 20 54 68 65 20 6b 65 79 20	blic.and.private.parts..The.key.
b6180	69 73 20 6e 6f 74 20 73 74 6f 72 65 64 20 6f 6e 20 74 68 65 20 73 79 73 74 65 6d 20 2d 20 6f 6e	is.not.stored.on.the.system.-.on
b61a0	6c 79 20 61 20 6b 65 79 70 61 69 72 20 69 73 20 67 65 6e 65 72 61 74 65 64 2e 00 49 74 20 68 65	ly.a.keypair.is.generated..It.he
b61c0	6c 70 73 20 74 6f 20 73 75 70 70 6f 72 74 20 61 73 20 48 45 4c 50 45 52 20 6f 6e 6c 79 20 66 6f	lps.to.support.as.HELPER.only.fo
b61e0	72 20 70 6c 61 6e 6e 65 64 20 72 65 73 74 61 72 74 73 2e 00 49 74 20 68 65 6c 70 73 20 74 6f 20	r.planned.restarts..It.helps.to.
b6200	74 68 69 6e 6b 20 6f 66 20 74 68 65 20 73 79 6e 74 61 78 20 61 73 3a 20 28 73 65 65 20 62 65 6c	think.of.the.syntax.as:.(see.bel
b6220	6f 77 29 2e 20 54 68 65 20 27 72 75 6c 65 2d 73 65 74 27 20 73 68 6f 75 6c 64 20 62 65 20 77 72	ow)..The.'rule-set'.should.be.wr
b6240	69 74 74 65 6e 20 66 72 6f 6d 20 74 68 65 20 70 65 72 73 70 65 63 74 69 76 65 20 6f 66 3a 20 2a	itten.from.the.perspective.of:.*
b6260	53 6f 75 72 63 65 20 5a 6f 6e 65 2a 2d 74 6f 2d 3e 2a 44 65 73 74 69 6e 61 74 69 6f 6e 20 5a 6f	Source.Zone*-to->*Destination.Zo
b6280	6e 65 2a 00 49 74 20 69 73 20 63 6f 6d 70 61 74 69 62 6c 65 20 77 69 74 68 20 43 69 73 63 6f 20	ne*.It.is.compatible.with.Cisco.
b62a0	28 52 29 20 41 6e 79 43 6f 6e 6e 65 63 74 20 28 52 29 20 63 6c 69 65 6e 74 73 2e 00 49 74 20 69	(R).AnyConnect.(R).clients..It.i
b62c0	73 20 63 6f 6e 6e 65 63 74 65 64 20 74 6f 20 60 60 65 74 68 31 60 60 00 49 74 20 69 73 20 68 69	s.connected.to.``eth1``.It.is.hi
b62e0	67 68 6c 79 20 72 65 63 6f 6d 6d 65 6e 64 65 64 20 74 6f 20 75 73 65 20 53 53 48 20 6b 65 79 20	ghly.recommended.to.use.SSH.key.
b6300	61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 2e 20 42 79 20 64 65 66 61 75 6c 74 20 74 68 65 72 65	authentication..By.default.there
b6320	20 69 73 20 6f 6e 6c 79 20 6f 6e 65 20 75 73 65 72 20 28 60 60 76 79 6f 73 60 60 29 2c 20 61 6e	.is.only.one.user.(``vyos``),.an
b6340	64 20 79 6f 75 20 63 61 6e 20 61 73 73 69 67 6e 20 61 6e 79 20 6e 75 6d 62 65 72 20 6f 66 20 6b	d.you.can.assign.any.number.of.k
b6360	65 79 73 20 74 6f 20 74 68 61 74 20 75 73 65 72 2e 20 59 6f 75 20 63 61 6e 20 67 65 6e 65 72 61	eys.to.that.user..You.can.genera
b6380	74 65 20 61 20 73 73 68 20 6b 65 79 20 77 69 74 68 20 74 68 65 20 60 60 73 73 68 2d 6b 65 79 67	te.a.ssh.key.with.the.``ssh-keyg
b63a0	65 6e 60 60 20 63 6f 6d 6d 61 6e 64 20 6f 6e 20 79 6f 75 72 20 6c 6f 63 61 6c 20 6d 61 63 68 69	en``.command.on.your.local.machi
b63c0	6e 65 2c 20 77 68 69 63 68 20 77 69 6c 6c 20 28 62 79 20 64 65 66 61 75 6c 74 29 20 73 61 76 65	ne,.which.will.(by.default).save
b63e0	20 69 74 20 61 73 20 60 60 7e 2f 2e 73 73 68 2f 69 64 5f 72 73 61 2e 70 75 62 60 60 2e 00 49 74	.it.as.``~/.ssh/id_rsa.pub``..It
b6400	20 69 73 20 68 69 67 68 6c 79 20 72 65 63 6f 6d 6d 65 6e 64 65 64 20 74 6f 20 75 73 65 20 74 68	.is.highly.recommended.to.use.th
b6420	65 20 73 61 6d 65 20 61 64 64 72 65 73 73 20 66 6f 72 20 62 6f 74 68 20 74 68 65 20 4c 44 50 20	e.same.address.for.both.the.LDP.
b6440	72 6f 75 74 65 72 2d 69 64 20 61 6e 64 20 74 68 65 20 64 69 73 63 6f 76 65 72 79 20 74 72 61 6e	router-id.and.the.discovery.tran
b6460	73 70 6f 72 74 20 61 64 64 72 65 73 73 2c 20 62 75 74 20 66 6f 72 20 56 79 4f 53 20 4d 50 4c 53	sport.address,.but.for.VyOS.MPLS
b6480	20 4c 44 50 20 74 6f 20 77 6f 72 6b 20 62 6f 74 68 20 70 61 72 61 6d 65 74 65 72 73 20 6d 75 73	.LDP.to.work.both.parameters.mus
b64a0	74 20 62 65 20 65 78 70 6c 69 63 69 74 6c 79 20 73 65 74 20 69 6e 20 74 68 65 20 63 6f 6e 66 69	t.be.explicitly.set.in.the.confi
b64c0	67 75 72 61 74 69 6f 6e 2e 00 49 74 20 69 73 20 69 6d 70 6f 72 74 61 6e 74 20 74 6f 20 6e 6f 74	guration..It.is.important.to.not
b64e0	65 20 74 68 61 74 20 77 68 65 6e 20 63 72 65 61 74 69 6e 67 20 66 69 72 65 77 61 6c 6c 20 72 75	e.that.when.creating.firewall.ru
b6500	6c 65 73 20 74 68 61 74 20 74 68 65 20 44 4e 41 54 20 74 72 61 6e 73 6c 61 74 69 6f 6e 20 6f 63	les.that.the.DNAT.translation.oc
b6520	63 75 72 73 20 2a 2a 62 65 66 6f 72 65 2a 2a 20 74 72 61 66 66 69 63 20 74 72 61 76 65 72 73 65	curs.**before**.traffic.traverse
b6540	73 20 74 68 65 20 66 69 72 65 77 61 6c 6c 2e 20 49 6e 20 6f 74 68 65 72 20 77 6f 72 64 73 2c 20	s.the.firewall..In.other.words,.
b6560	74 68 65 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 61 64 64 72 65 73 73 20 68 61 73 20 61 6c 72 65	the.destination.address.has.alre
b6580	61 64 79 20 62 65 65 6e 20 74 72 61 6e 73 6c 61 74 65 64 20 74 6f 20 31 39 32 2e 31 36 38 2e 30	ady.been.translated.to.192.168.0
b65a0	2e 31 30 30 2e 00 49 74 20 69 73 20 6e 6f 74 20 73 75 66 66 69 63 69 65 6e 74 20 74 6f 20 6f 6e	.100..It.is.not.sufficient.to.on
b65c0	6c 79 20 63 6f 6e 66 69 67 75 72 65 20 61 20 4c 33 56 50 4e 20 56 52 46 73 20 62 75 74 20 4c 33	ly.configure.a.L3VPN.VRFs.but.L3
b65e0	56 50 4e 20 56 52 46 73 20 6d 75 73 74 20 62 65 20 6d 61 69 6e 74 61 69 6e 65 64 2c 20 74 6f 6f	VPN.VRFs.must.be.maintained,.too
b6600	2e 46 6f 72 20 4c 33 56 50 4e 20 56 52 46 20 6d 61 69 6e 74 65 6e 61 6e 63 65 20 74 68 65 20 66	.For.L3VPN.VRF.maintenance.the.f
b6620	6f 6c 6c 6f 77 69 6e 67 20 6f 70 65 72 61 74 69 6f 6e 61 6c 20 63 6f 6d 6d 61 6e 64 73 20 61 72	ollowing.operational.commands.ar
b6640	65 20 69 6e 20 70 6c 61 63 65 2e 00 49 74 20 69 73 20 6e 6f 74 20 73 75 66 66 69 63 69 65 6e 74	e.in.place..It.is.not.sufficient
b6660	20 74 6f 20 6f 6e 6c 79 20 63 6f 6e 66 69 67 75 72 65 20 61 20 56 52 46 20 62 75 74 20 56 52 46	.to.only.configure.a.VRF.but.VRF
b6680	73 20 6d 75 73 74 20 62 65 20 6d 61 69 6e 74 61 69 6e 65 64 2c 20 74 6f 6f 2e 20 46 6f 72 20 56	s.must.be.maintained,.too..For.V
b66a0	52 46 20 6d 61 69 6e 74 65 6e 61 6e 63 65 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 6f 70 65	RF.maintenance.the.following.ope
b66c0	72 61 74 69 6f 6e 61 6c 20 63 6f 6d 6d 61 6e 64 73 20 61 72 65 20 69 6e 20 70 6c 61 63 65 2e 00	rational.commands.are.in.place..
b66e0	49 74 20 69 73 20 6e 6f 74 20 76 61 6c 69 64 20 74 6f 20 75 73 65 20 74 68 65 20 60 76 69 66 20	It.is.not.valid.to.use.the.`vif.
b6700	31 60 20 6f 70 74 69 6f 6e 20 66 6f 72 20 56 4c 41 4e 20 61 77 61 72 65 20 62 72 69 64 67 65 73	1`.option.for.VLAN.aware.bridges
b6720	20 62 65 63 61 75 73 65 20 56 4c 41 4e 20 61 77 61 72 65 20 62 72 69 64 67 65 73 20 61 73 73 75	.because.VLAN.aware.bridges.assu
b6740	6d 65 20 74 68 61 74 20 61 6c 6c 20 75 6e 6c 61 62 65 6c 65 64 20 70 61 63 6b 65 74 73 20 62 65	me.that.all.unlabeled.packets.be
b6760	6c 6f 6e 67 20 74 6f 20 74 68 65 20 64 65 66 61 75 6c 74 20 56 4c 41 4e 20 31 20 6d 65 6d 62 65	long.to.the.default.VLAN.1.membe
b6780	72 20 61 6e 64 20 74 68 61 74 20 74 68 65 20 56 4c 41 4e 20 49 44 20 6f 66 20 74 68 65 20 62 72	r.and.that.the.VLAN.ID.of.the.br
b67a0	69 64 67 65 27 73 20 70 61 72 65 6e 74 20 69 6e 74 65 72 66 61 63 65 20 69 73 20 61 6c 77 61 79	idge's.parent.interface.is.alway
b67c0	73 20 31 00 49 74 20 69 73 20 70 6f 73 73 69 62 6c 65 20 74 6f 20 65 6e 68 61 6e 63 65 20 61 75	s.1.It.is.possible.to.enhance.au
b67e0	74 68 65 6e 74 69 63 61 74 69 6f 6e 20 73 65 63 75 72 69 74 79 20 62 79 20 75 73 69 6e 67 20 74	thentication.security.by.using.t
b6800	68 65 20 3a 61 62 62 72 3a 60 32 46 41 20 28 54 77 6f 2d 66 61 63 74 6f 72 20 61 75 74 68 65 6e	he.:abbr:`2FA.(Two-factor.authen
b6820	74 69 63 61 74 69 6f 6e 29 60 2f 3a 61 62 62 72 3a 60 4d 46 41 20 28 4d 75 6c 74 69 2d 66 61 63	tication)`/:abbr:`MFA.(Multi-fac
b6840	74 6f 72 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 29 60 20 66 65 61 74 75 72 65 20 74 6f 67	tor.authentication)`.feature.tog
b6860	65 74 68 65 72 20 77 69 74 68 20 3a 61 62 62 72 3a 60 4f 54 50 20 28 4f 6e 65 2d 54 69 6d 65 2d	ether.with.:abbr:`OTP.(One-Time-
b6880	50 61 64 29 60 20 6f 6e 20 56 79 4f 53 2e 20 3a 61 62 62 72 3a 60 32 46 41 20 28 54 77 6f 2d 66	Pad)`.on.VyOS..:abbr:`2FA.(Two-f
b68a0	61 63 74 6f 72 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 29 60 2f 3a 61 62 62 72 3a 60 4d 46	actor.authentication)`/:abbr:`MF
b68c0	41 20 28 4d 75 6c 74 69 2d 66 61 63 74 6f 72 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 29 60	A.(Multi-factor.authentication)`
b68e0	20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 69 6e 64 65 70 65 6e 64 65 6e 74 6c 79 20 70 65 72	.is.configured.independently.per
b6900	20 65 61 63 68 20 75 73 65 72 2e 20 49 66 20 61 6e 20 4f 54 50 20 6b 65 79 20 69 73 20 63 6f 6e	.each.user..If.an.OTP.key.is.con
b6920	66 69 67 75 72 65 64 20 66 6f 72 20 61 20 75 73 65 72 2c 20 32 46 41 2f 4d 46 41 20 69 73 20 61	figured.for.a.user,.2FA/MFA.is.a
b6940	75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 65 6e 61 62 6c 65 64 20 66 6f 72 20 74 68 61 74 20 70 61	utomatically.enabled.for.that.pa
b6960	72 74 69 63 75 6c 61 72 20 75 73 65 72 2e 20 49 66 20 61 20 75 73 65 72 20 64 6f 65 73 20 6e 6f	rticular.user..If.a.user.does.no
b6980	74 20 68 61 76 65 20 61 6e 20 4f 54 50 20 6b 65 79 20 63 6f 6e 66 69 67 75 72 65 64 2c 20 74 68	t.have.an.OTP.key.configured,.th
b69a0	65 72 65 20 69 73 20 6e 6f 20 32 46 41 2f 4d 46 41 20 63 68 65 63 6b 20 66 6f 72 20 74 68 61 74	ere.is.no.2FA/MFA.check.for.that
b69c0	20 75 73 65 72 2e 00 49 74 20 69 73 20 70 6f 73 73 69 62 6c 65 20 74 6f 20 70 65 72 6d 69 74 20	.user..It.is.possible.to.permit.
b69e0	42 47 50 20 69 6e 73 74 61 6c 6c 20 56 50 4e 20 70 72 65 66 69 78 65 73 20 77 69 74 68 6f 75 74	BGP.install.VPN.prefixes.without
b6a00	20 74 72 61 6e 73 70 6f 72 74 20 6c 61 62 65 6c 73 2e 20 54 68 69 73 20 63 6f 6e 66 69 67 75 72	.transport.labels..This.configur
b6a20	61 74 69 6f 6e 20 77 69 6c 6c 20 69 6e 73 74 61 6c 6c 20 56 50 4e 20 70 72 65 66 69 78 65 73 20	ation.will.install.VPN.prefixes.
b6a40	6f 72 69 67 69 6e 61 74 65 64 20 66 72 6f 6d 20 61 6e 20 65 2d 62 67 70 20 73 65 73 73 69 6f 6e	originated.from.an.e-bgp.session
b6a60	2c 20 61 6e 64 20 77 69 74 68 20 74 68 65 20 6e 65 78 74 2d 68 6f 70 20 64 69 72 65 63 74 6c 79	,.and.with.the.next-hop.directly
b6a80	20 63 6f 6e 6e 65 63 74 65 64 2e 00 49 74 20 69 73 20 70 6f 73 73 69 62 6c 65 20 74 6f 20 75 73	.connected..It.is.possible.to.us
b6aa0	65 20 65 69 74 68 65 72 20 4d 75 6c 74 69 63 61 73 74 20 6f 72 20 55 6e 69 63 61 73 74 20 74 6f	e.either.Multicast.or.Unicast.to
b6ac0	20 73 79 6e 63 20 63 6f 6e 6e 74 72 61 63 6b 20 74 72 61 66 66 69 63 2e 20 4d 6f 73 74 20 65 78	.sync.conntrack.traffic..Most.ex
b6ae0	61 6d 70 6c 65 73 20 62 65 6c 6f 77 20 73 68 6f 77 20 4d 75 6c 74 69 63 61 73 74 2c 20 62 75 74	amples.below.show.Multicast,.but
b6b00	20 75 6e 69 63 61 73 74 20 63 61 6e 20 62 65 20 73 70 65 63 69 66 69 65 64 20 62 79 20 75 73 69	.unicast.can.be.specified.by.usi
b6b20	6e 67 20 74 68 65 20 22 70 65 65 72 22 20 6b 65 79 77 6f 72 6b 20 61 66 74 65 72 20 74 68 65 20	ng.the."peer".keywork.after.the.
b6b40	73 70 65 63 69 66 69 63 65 64 20 69 6e 74 65 72 66 61 63 65 2c 20 61 73 20 69 6e 20 74 68 65 20	specificed.interface,.as.in.the.
b6b60	66 6f 6c 6c 6f 77 69 6e 67 20 65 78 61 6d 70 6c 65 3a 00 49 74 20 69 73 20 76 65 72 79 20 65 61	following.example:.It.is.very.ea
b6b80	73 79 20 74 6f 20 6d 69 73 63 6f 6e 66 69 67 75 72 65 20 6d 75 6c 74 69 63 61 73 74 20 72 65 70	sy.to.misconfigure.multicast.rep
b6ba0	65 61 74 69 6e 67 20 69 66 20 79 6f 75 20 68 61 76 65 20 6d 75 6c 74 69 70 6c 65 20 4e 48 53 65	eating.if.you.have.multiple.NHSe
b6bc0	73 2e 00 49 74 20 75 73 65 73 20 61 20 73 69 6e 67 6c 65 20 54 43 50 20 6f 72 20 55 44 50 20 63	s..It.uses.a.single.TCP.or.UDP.c
b6be0	6f 6e 6e 65 63 74 69 6f 6e 20 61 6e 64 20 64 6f 65 73 20 6e 6f 74 20 72 65 6c 79 20 6f 6e 20 70	onnection.and.does.not.rely.on.p
b6c00	61 63 6b 65 74 20 73 6f 75 72 63 65 20 61 64 64 72 65 73 73 65 73 2c 20 73 6f 20 69 74 20 77 69	acket.source.addresses,.so.it.wi
b6c20	6c 6c 20 77 6f 72 6b 20 65 76 65 6e 20 74 68 72 6f 75 67 68 20 61 20 64 6f 75 62 6c 65 20 4e 41	ll.work.even.through.a.double.NA
b6c40	54 3a 20 70 65 72 66 65 63 74 20 66 6f 72 20 70 75 62 6c 69 63 20 68 6f 74 73 70 6f 74 73 20 61	T:.perfect.for.public.hotspots.a
b6c60	6e 64 20 73 75 63 68 00 49 74 20 75 73 65 73 20 61 20 73 74 6f 63 68 61 73 74 69 63 20 6d 6f 64	nd.such.It.uses.a.stochastic.mod
b6c80	65 6c 20 74 6f 20 63 6c 61 73 73 69 66 79 20 69 6e 63 6f 6d 69 6e 67 20 70 61 63 6b 65 74 73 20	el.to.classify.incoming.packets.
b6ca0	69 6e 74 6f 20 64 69 66 66 65 72 65 6e 74 20 66 6c 6f 77 73 20 61 6e 64 20 69 73 20 75 73 65 64	into.different.flows.and.is.used
b6cc0	20 74 6f 20 70 72 6f 76 69 64 65 20 61 20 66 61 69 72 20 73 68 61 72 65 20 6f 66 20 74 68 65 20	.to.provide.a.fair.share.of.the.
b6ce0	62 61 6e 64 77 69 64 74 68 20 74 6f 20 61 6c 6c 20 74 68 65 20 66 6c 6f 77 73 20 75 73 69 6e 67	bandwidth.to.all.the.flows.using
b6d00	20 74 68 65 20 71 75 65 75 65 2e 20 45 61 63 68 20 66 6c 6f 77 20 69 73 20 6d 61 6e 61 67 65 64	.the.queue..Each.flow.is.managed
b6d20	20 62 79 20 74 68 65 20 43 6f 44 65 6c 20 71 75 65 75 69 6e 67 20 20 64 69 73 63 69 70 6c 69 6e	.by.the.CoDel.queuing..disciplin
b6d40	65 2e 20 52 65 6f 72 64 65 72 69 6e 67 20 77 69 74 68 69 6e 20 61 20 66 6c 6f 77 20 69 73 20 61	e..Reordering.within.a.flow.is.a
b6d60	76 6f 69 64 65 64 20 73 69 6e 63 65 20 43 6f 64 65 6c 20 69 6e 74 65 72 6e 61 6c 6c 79 20 75 73	voided.since.Codel.internally.us
b6d80	65 73 20 61 20 46 49 46 4f 20 71 75 65 75 65 2e 00 49 74 20 77 69 6c 6c 20 62 65 20 63 6f 6d 62	es.a.FIFO.queue..It.will.be.comb
b6da0	69 6e 65 64 20 77 69 74 68 20 74 68 65 20 64 65 6c 65 67 61 74 65 64 20 70 72 65 66 69 78 20 61	ined.with.the.delegated.prefix.a
b6dc0	6e 64 20 74 68 65 20 73 6c 61 2d 69 64 20 74 6f 20 66 6f 72 6d 20 61 20 63 6f 6d 70 6c 65 74 65	nd.the.sla-id.to.form.a.complete
b6de0	20 69 6e 74 65 72 66 61 63 65 20 61 64 64 72 65 73 73 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20	.interface.address..The.default.
b6e00	69 73 20 74 6f 20 75 73 65 20 74 68 65 20 45 55 49 2d 36 34 20 61 64 64 72 65 73 73 20 6f 66 20	is.to.use.the.EUI-64.address.of.
b6e20	74 68 65 20 69 6e 74 65 72 66 61 63 65 2e 00 49 74 27 73 20 65 61 73 79 20 74 6f 20 73 65 74 75	the.interface..It's.easy.to.setu
b6e40	70 20 61 6e 64 20 6f 66 66 65 72 73 20 76 65 72 79 20 66 6c 65 78 69 62 6c 65 20 73 70 6c 69 74	p.and.offers.very.flexible.split
b6e60	20 74 75 6e 6e 65 6c 69 6e 67 00 49 74 27 73 20 6e 6f 74 20 6c 69 6b 65 6c 79 20 74 68 61 74 20	.tunneling.It's.not.likely.that.
b6e80	61 6e 79 6f 6e 65 20 77 69 6c 6c 20 6e 65 65 64 20 69 74 20 61 6e 79 20 74 69 6d 65 20 73 6f 6f	anyone.will.need.it.any.time.soo
b6ea0	6e 2c 20 62 75 74 20 69 74 20 64 6f 65 73 20 65 78 69 73 74 2e 00 49 74 27 73 20 73 6c 6f 77 65	n,.but.it.does.exist..It's.slowe
b6ec0	72 20 74 68 61 6e 20 49 50 73 65 63 20 64 75 65 20 74 6f 20 68 69 67 68 65 72 20 70 72 6f 74 6f	r.than.IPsec.due.to.higher.proto
b6ee0	63 6f 6c 20 6f 76 65 72 68 65 61 64 20 61 6e 64 20 74 68 65 20 66 61 63 74 20 69 74 20 72 75 6e	col.overhead.and.the.fact.it.run
b6f00	73 20 69 6e 20 75 73 65 72 20 6d 6f 64 65 20 77 68 69 6c 65 20 49 50 73 65 63 2c 20 6f 6e 20 4c	s.in.user.mode.while.IPsec,.on.L
b6f20	69 6e 75 78 2c 20 69 73 20 69 6e 20 6b 65 72 6e 65 6c 20 6d 6f 64 65 00 4a 6f 69 6e 20 61 20 67	inux,.is.in.kernel.mode.Join.a.g
b6f40	69 76 65 6e 20 56 52 46 2e 20 54 68 69 73 20 77 69 6c 6c 20 6f 70 65 6e 20 61 20 6e 65 77 20 73	iven.VRF..This.will.open.a.new.s
b6f60	75 62 73 68 65 6c 6c 20 77 69 74 68 69 6e 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 56 52 46	ubshell.within.the.specified.VRF
b6f80	2e 00 4a 75 6d 70 20 74 6f 20 61 20 64 69 66 66 65 72 65 6e 74 20 72 75 6c 65 20 69 6e 20 74 68	..Jump.to.a.different.rule.in.th
b6fa0	69 73 20 72 6f 75 74 65 2d 6d 61 70 20 6f 6e 20 61 20 6d 61 74 63 68 2e 00 4a 75 6e 69 70 65 72	is.route-map.on.a.match..Juniper
b6fc0	20 45 58 20 53 77 69 74 63 68 00 4b 65 72 6e 65 6c 20 6d 65 73 73 61 67 65 73 00 4b 65 79 20 42	.EX.Switch.Kernel.messages.Key.B
b6fe0	61 73 65 64 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 00 4b 65 79 20 47 65 6e 65 72 61 74 69	ased.Authentication.Key.Generati
b7000	6f 6e 00 4b 65 79 20 4d 61 6e 61 67 65 6d 65 6e 74 00 4b 65 79 20 50 61 72 61 6d 65 74 65 72 73	on.Key.Management.Key.Parameters
b7020	3a 00 4b 65 79 20 50 6f 69 6e 74 73 3a 00 4b 65 79 20 75 73 61 67 65 20 28 43 4c 49 29 00 4b 65	:.Key.Points:.Key.usage.(CLI).Ke
b7040	79 62 6f 61 72 64 20 4c 61 79 6f 75 74 00 4b 65 79 70 61 69 72 73 00 4b 65 79 77 6f 72 64 00 4c	yboard.Layout.Keypairs.Keyword.L
b7060	32 54 50 00 4c 32 54 50 20 6f 76 65 72 20 49 50 73 65 63 00 4c 32 54 50 76 33 00 4c 32 54 50 76	2TP.L2TP.over.IPsec.L2TPv3.L2TPv
b7080	33 20 63 61 6e 20 62 65 20 72 65 67 61 72 64 65 64 20 61 73 20 62 65 69 6e 67 20 74 6f 20 4d 50	3.can.be.regarded.as.being.to.MP
b70a0	4c 53 20 77 68 61 74 20 49 50 20 69 73 20 74 6f 20 41 54 4d 3a 20 61 20 73 69 6d 70 6c 69 66 69	LS.what.IP.is.to.ATM:.a.simplifi
b70c0	65 64 20 76 65 72 73 69 6f 6e 20 6f 66 20 74 68 65 20 73 61 6d 65 20 63 6f 6e 63 65 70 74 2c 20	ed.version.of.the.same.concept,.
b70e0	77 69 74 68 20 6d 75 63 68 20 6f 66 20 74 68 65 20 73 61 6d 65 20 62 65 6e 65 66 69 74 20 61 63	with.much.of.the.same.benefit.ac
b7100	68 69 65 76 65 64 20 61 74 20 61 20 66 72 61 63 74 69 6f 6e 20 6f 66 20 74 68 65 20 65 66 66 6f	hieved.at.a.fraction.of.the.effo
b7120	72 74 2c 20 61 74 20 74 68 65 20 63 6f 73 74 20 6f 66 20 6c 6f 73 69 6e 67 20 73 6f 6d 65 20 74	rt,.at.the.cost.of.losing.some.t
b7140	65 63 68 6e 69 63 61 6c 20 66 65 61 74 75 72 65 73 20 63 6f 6e 73 69 64 65 72 65 64 20 6c 65 73	echnical.features.considered.les
b7160	73 20 69 6d 70 6f 72 74 61 6e 74 20 69 6e 20 74 68 65 20 6d 61 72 6b 65 74 2e 00 4c 32 54 50 76	s.important.in.the.market..L2TPv
b7180	33 20 69 73 20 64 65 73 63 72 69 62 65 64 20 69 6e 20 3a 72 66 63 3a 60 33 39 32 31 60 2e 00 4c	3.is.described.in.:rfc:`3921`..L
b71a0	32 54 50 76 33 20 69 73 20 64 65 73 63 72 69 62 65 64 20 69 6e 20 3a 72 66 63 3a 60 33 39 33 31	2TPv3.is.described.in.:rfc:`3931
b71c0	60 2e 00 4c 32 54 50 76 33 20 6f 70 74 69 6f 6e 73 00 4c 32 54 50 76 33 3a 00 4c 33 56 50 4e 20	`..L2TPv3.options.L2TPv3:.L3VPN.
b71e0	56 52 46 73 00 4c 44 41 50 00 4c 44 41 50 20 70 72 6f 74 6f 63 6f 6c 20 76 65 72 73 69 6f 6e 2e	VRFs.LDAP.LDAP.protocol.version.
b7200	20 44 65 66 61 75 6c 74 73 20 74 6f 20 33 20 69 66 20 6e 6f 74 20 73 70 65 63 69 66 69 65 64 2e	.Defaults.to.3.if.not.specified.
b7220	00 4c 44 41 50 20 73 65 61 72 63 68 20 66 69 6c 74 65 72 20 74 6f 20 6c 6f 63 61 74 65 20 74 68	.LDAP.search.filter.to.locate.th
b7240	65 20 75 73 65 72 20 44 4e 2e 20 52 65 71 75 69 72 65 64 20 69 66 20 74 68 65 20 75 73 65 72 73	e.user.DN..Required.if.the.users
b7260	20 61 72 65 20 69 6e 20 61 20 68 69 65 72 61 72 63 68 79 20 62 65 6c 6f 77 20 74 68 65 20 62 61	.are.in.a.hierarchy.below.the.ba
b7280	73 65 20 44 4e 2c 20 6f 72 20 69 66 20 74 68 65 20 6c 6f 67 69 6e 20 6e 61 6d 65 20 69 73 20 6e	se.DN,.or.if.the.login.name.is.n
b72a0	6f 74 20 77 68 61 74 20 62 75 69 6c 64 73 20 74 68 65 20 75 73 65 72 20 73 70 65 63 69 66 69 63	ot.what.builds.the.user.specific
b72c0	20 70 61 72 74 20 6f 66 20 74 68 65 20 75 73 65 72 73 20 44 4e 2e 00 4c 4c 44 50 00 4c 4c 44 50	.part.of.the.users.DN..LLDP.LLDP
b72e0	20 70 65 72 66 6f 72 6d 73 20 66 75 6e 63 74 69 6f 6e 73 20 73 69 6d 69 6c 61 72 20 74 6f 20 73	.performs.functions.similar.to.s
b7300	65 76 65 72 61 6c 20 70 72 6f 70 72 69 65 74 61 72 79 20 70 72 6f 74 6f 63 6f 6c 73 2c 20 73 75	everal.proprietary.protocols,.su
b7320	63 68 20 61 73 20 3a 61 62 62 72 3a 60 43 44 50 20 28 43 69 73 63 6f 20 44 69 73 63 6f 76 65 72	ch.as.:abbr:`CDP.(Cisco.Discover
b7340	79 20 50 72 6f 74 6f 63 6f 6c 29 60 2c 20 3a 61 62 62 72 3a 60 46 44 50 20 28 46 6f 75 6e 64 72	y.Protocol)`,.:abbr:`FDP.(Foundr
b7360	79 20 44 69 73 63 6f 76 65 72 79 20 50 72 6f 74 6f 63 6f 6c 29 60 2c 20 3a 61 62 62 72 3a 60 4e	y.Discovery.Protocol)`,.:abbr:`N
b7380	44 50 20 28 4e 6f 72 74 65 6c 20 44 69 73 63 6f 76 65 72 79 20 50 72 6f 74 6f 63 6f 6c 29 60 20	DP.(Nortel.Discovery.Protocol)`.
b73a0	61 6e 64 20 3a 61 62 62 72 3a 60 4c 4c 54 44 20 28 4c 69 6e 6b 20 4c 61 79 65 72 20 54 6f 70 6f	and.:abbr:`LLTD.(Link.Layer.Topo
b73c0	6c 6f 67 79 20 44 69 73 63 6f 76 65 72 79 29 60 2e 00 4c 4e 53 20 28 4c 32 54 50 20 4e 65 74 77	logy.Discovery)`..LNS.(L2TP.Netw
b73e0	6f 72 6b 20 53 65 72 76 65 72 29 00 4c 4e 53 20 61 72 65 20 6f 66 74 65 6e 20 75 73 65 64 20 74	ork.Server).LNS.are.often.used.t
b7400	6f 20 63 6f 6e 6e 65 63 74 20 74 6f 20 61 20 4c 41 43 20 28 4c 32 54 50 20 41 63 63 65 73 73 20	o.connect.to.a.LAC.(L2TP.Access.
b7420	43 6f 6e 63 65 6e 74 72 61 74 6f 72 29 2e 00 4c 61 62 65 6c 20 44 69 73 74 72 69 62 75 74 69 6f	Concentrator)..Label.Distributio
b7440	6e 20 50 72 6f 74 6f 63 6f 6c 00 4c 61 79 65 72 20 32 20 54 75 6e 6e 65 6c 6c 69 6e 67 20 50 72	n.Protocol.Layer.2.Tunnelling.Pr
b7460	6f 74 6f 63 6f 6c 20 56 65 72 73 69 6f 6e 20 33 20 69 73 20 61 6e 20 49 45 54 46 20 73 74 61 6e	otocol.Version.3.is.an.IETF.stan
b7480	64 61 72 64 20 72 65 6c 61 74 65 64 20 74 6f 20 4c 32 54 50 20 74 68 61 74 20 63 61 6e 20 62 65	dard.related.to.L2TP.that.can.be
b74a0	20 75 73 65 64 20 61 73 20 61 6e 20 61 6c 74 65 72 6e 61 74 69 76 65 20 70 72 6f 74 6f 63 6f 6c	.used.as.an.alternative.protocol
b74c0	20 74 6f 20 3a 72 65 66 3a 60 6d 70 6c 73 60 20 66 6f 72 20 65 6e 63 61 70 73 75 6c 61 74 69 6f	.to.:ref:`mpls`.for.encapsulatio
b74e0	6e 20 6f 66 20 6d 75 6c 74 69 70 72 6f 74 6f 63 6f 6c 20 4c 61 79 65 72 20 32 20 63 6f 6d 6d 75	n.of.multiprotocol.Layer.2.commu
b7500	6e 69 63 61 74 69 6f 6e 73 20 74 72 61 66 66 69 63 20 6f 76 65 72 20 49 50 20 6e 65 74 77 6f 72	nications.traffic.over.IP.networ
b7520	6b 73 2e 20 4c 69 6b 65 20 4c 32 54 50 2c 20 4c 32 54 50 76 33 20 70 72 6f 76 69 64 65 73 20 61	ks..Like.L2TP,.L2TPv3.provides.a
b7540	20 70 73 65 75 64 6f 2d 77 69 72 65 20 73 65 72 76 69 63 65 20 62 75 74 20 69 73 20 73 63 61 6c	.pseudo-wire.service.but.is.scal
b7560	65 64 20 74 6f 20 66 69 74 20 63 61 72 72 69 65 72 20 72 65 71 75 69 72 65 6d 65 6e 74 73 2e 00	ed.to.fit.carrier.requirements..
b7580	4c 65 61 73 65 20 74 69 6d 65 20 77 69 6c 6c 20 62 65 20 6c 65 66 74 20 61 74 20 74 68 65 20 64	Lease.time.will.be.left.at.the.d
b75a0	65 66 61 75 6c 74 20 76 61 6c 75 65 20 77 68 69 63 68 20 69 73 20 32 34 20 68 6f 75 72 73 00 4c	efault.value.which.is.24.hours.L
b75c0	65 61 73 65 20 74 69 6d 65 6f 75 74 20 69 6e 20 73 65 63 6f 6e 64 73 20 28 64 65 66 61 75 6c 74	ease.timeout.in.seconds.(default
b75e0	3a 20 38 36 34 30 30 29 00 4c 65 74 20 53 4e 4d 50 20 64 61 65 6d 6f 6e 20 6c 69 73 74 65 6e 20	:.86400).Let.SNMP.daemon.listen.
b7600	6f 6e 6c 79 20 6f 6e 20 49 50 20 61 64 64 72 65 73 73 20 31 39 32 2e 30 2e 32 2e 31 00 4c 65 74	only.on.IP.address.192.0.2.1.Let
b7620	27 73 20 61 73 73 75 6d 65 20 50 43 34 20 6f 6e 20 4c 65 61 66 32 20 77 61 6e 74 73 20 74 6f 20	's.assume.PC4.on.Leaf2.wants.to.
b7640	70 69 6e 67 20 50 43 35 20 6f 6e 20 4c 65 61 66 33 2e 20 49 6e 73 74 65 61 64 20 6f 66 20 73 65	ping.PC5.on.Leaf3..Instead.of.se
b7660	74 74 69 6e 67 20 4c 65 61 66 33 20 61 73 20 6f 75 72 20 72 65 6d 6f 74 65 20 65 6e 64 20 6d 61	tting.Leaf3.as.our.remote.end.ma
b7680	6e 75 61 6c 6c 79 2c 20 4c 65 61 66 32 20 65 6e 63 61 70 73 75 6c 61 74 65 73 20 74 68 65 20 70	nually,.Leaf2.encapsulates.the.p
b76a0	61 63 6b 65 74 20 69 6e 74 6f 20 61 20 55 44 50 2d 70 61 63 6b 65 74 20 61 6e 64 20 73 65 6e 64	acket.into.a.UDP-packet.and.send
b76c0	73 20 69 74 20 74 6f 20 69 74 73 20 64 65 73 69 67 6e 61 74 65 64 20 6d 75 6c 74 69 63 61 73 74	s.it.to.its.designated.multicast
b76e0	2d 61 64 64 72 65 73 73 20 76 69 61 20 53 70 69 6e 65 31 2e 20 57 68 65 6e 20 53 70 69 6e 65 31	-address.via.Spine1..When.Spine1
b7700	20 72 65 63 65 69 76 65 73 20 74 68 69 73 20 70 61 63 6b 65 74 20 69 74 20 66 6f 72 77 61 72 64	.receives.this.packet.it.forward
b7720	73 20 69 74 20 74 6f 20 61 6c 6c 20 6f 74 68 65 72 20 6c 65 61 76 65 73 20 77 68 6f 20 68 61 73	s.it.to.all.other.leaves.who.has
b7740	20 6a 6f 69 6e 65 64 20 74 68 65 20 73 61 6d 65 20 6d 75 6c 74 69 63 61 73 74 2d 67 72 6f 75 70	.joined.the.same.multicast-group
b7760	2c 20 69 6e 20 74 68 69 73 20 63 61 73 65 20 4c 65 61 66 33 2e 20 57 68 65 6e 20 4c 65 61 66 33	,.in.this.case.Leaf3..When.Leaf3
b7780	20 72 65 63 65 69 76 65 73 20 74 68 65 20 70 61 63 6b 65 74 20 69 74 20 66 6f 72 77 61 72 64 73	.receives.the.packet.it.forwards
b77a0	20 69 74 2c 20 77 68 69 6c 65 20 61 74 20 74 68 65 20 73 61 6d 65 20 74 69 6d 65 20 6c 65 61 72	.it,.while.at.the.same.time.lear
b77c0	6e 69 6e 67 20 74 68 61 74 20 50 43 34 20 69 73 20 72 65 61 63 68 61 62 6c 65 20 62 65 68 69 6e	ning.that.PC4.is.reachable.behin
b77e0	64 20 4c 65 61 66 32 2c 20 62 65 63 61 75 73 65 20 74 68 65 20 65 6e 63 61 70 73 75 6c 61 74 65	d.Leaf2,.because.the.encapsulate
b7800	64 20 70 61 63 6b 65 74 20 68 61 64 20 4c 65 61 66 32 27 73 20 49 50 20 61 64 64 72 65 73 73 20	d.packet.had.Leaf2's.IP.address.
b7820	73 65 74 20 61 73 20 73 6f 75 72 63 65 20 49 50 2e 00 4c 65 74 27 73 20 61 73 73 75 6d 65 20 77	set.as.source.IP..Let's.assume.w
b7840	65 20 68 61 76 65 20 74 77 6f 20 44 48 43 50 20 57 41 4e 20 69 6e 74 65 72 66 61 63 65 73 20 61	e.have.two.DHCP.WAN.interfaces.a
b7860	6e 64 20 6f 6e 65 20 4c 41 4e 20 28 65 74 68 32 29 3a 00 4c 65 74 27 73 20 62 75 69 6c 64 20 61	nd.one.LAN.(eth2):.Let's.build.a
b7880	20 73 69 6d 70 6c 65 20 56 50 4e 20 62 65 74 77 65 65 6e 20 32 20 49 6e 74 65 6c c2 ae 20 51 41	.simple.VPN.between.2.Intel...QA
b78a0	54 20 72 65 61 64 79 20 64 65 76 69 63 65 73 2e 00 4c 65 74 27 73 20 65 78 70 61 6e 64 20 74 68	T.ready.devices..Let's.expand.th
b78c0	65 20 65 78 61 6d 70 6c 65 20 66 72 6f 6d 20 61 62 6f 76 65 20 61 6e 64 20 61 64 64 20 77 65 69	e.example.from.above.and.add.wei
b78e0	67 68 74 20 74 6f 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 73 2e 20 54 68 65 20 62 61 6e 64 77	ght.to.the.interfaces..The.bandw
b7900	69 64 74 68 20 66 72 6f 6d 20 65 74 68 30 20 69 73 20 6c 61 72 67 65 72 20 74 68 61 6e 20 65 74	idth.from.eth0.is.larger.than.et
b7920	68 31 2e 20 50 65 72 20 64 65 66 61 75 6c 74 2c 20 6f 75 74 62 6f 75 6e 64 20 74 72 61 66 66 69	h1..Per.default,.outbound.traffi
b7940	63 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 72 61 6e 64 6f 6d 6c 79 20 61 63 72 6f 73 73	c.is.distributed.randomly.across
b7960	20 61 76 61 69 6c 61 62 6c 65 20 69 6e 74 65 72 66 61 63 65 73 2e 20 57 65 69 67 68 74 73 20 63	.available.interfaces..Weights.c
b7980	61 6e 20 62 65 20 61 73 73 69 67 6e 65 64 20 74 6f 20 69 6e 74 65 72 66 61 63 65 73 20 74 6f 20	an.be.assigned.to.interfaces.to.
b79a0	69 6e 66 6c 75 65 6e 63 65 20 74 68 65 20 62 61 6c 61 6e 63 69 6e 67 2e 00 4c 65 74 73 20 61 73	influence.the.balancing..Lets.as
b79c0	73 75 6d 65 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 74 6f 70 6f 6c 6f 67 79 3a 00 4c 65 76	sume.the.following.topology:.Lev
b79e0	65 6c 20 34 20 62 61 6c 61 6e 63 69 6e 67 00 4c 69 66 65 74 69 6d 65 20 61 73 73 6f 63 69 61 74	el.4.balancing.Lifetime.associat
b7a00	65 64 20 77 69 74 68 20 74 68 65 20 64 65 66 61 75 6c 74 20 72 6f 75 74 65 72 20 69 6e 20 75 6e	ed.with.the.default.router.in.un
b7a20	69 74 73 20 6f 66 20 73 65 63 6f 6e 64 73 00 4c 69 66 65 74 69 6d 65 20 69 6e 20 64 61 79 73 3b	its.of.seconds.Lifetime.in.days;
b7a40	20 64 65 66 61 75 6c 74 20 69 73 20 33 36 35 00 4c 69 66 65 74 69 6d 65 20 69 73 20 64 65 63 72	.default.is.365.Lifetime.is.decr
b7a60	65 6d 65 6e 74 65 64 20 62 79 20 74 68 65 20 6e 75 6d 62 65 72 20 6f 66 20 73 65 63 6f 6e 64 73	emented.by.the.number.of.seconds
b7a80	20 73 69 6e 63 65 20 74 68 65 20 6c 61 73 74 20 52 41 20 2d 20 75 73 65 20 69 6e 20 63 6f 6e 6a	.since.the.last.RA.-.use.in.conj
b7aa0	75 6e 63 74 69 6f 6e 20 77 69 74 68 20 61 20 44 48 43 50 76 36 2d 50 44 20 70 72 65 66 69 78 00	unction.with.a.DHCPv6-PD.prefix.
b7ac0	4c 69 6d 69 74 20 61 6c 6c 6f 77 65 64 20 63 69 70 68 65 72 20 61 6c 67 6f 72 69 74 68 6d 73 20	Limit.allowed.cipher.algorithms.
b7ae0	75 73 65 64 20 64 75 72 69 6e 67 20 53 53 4c 2f 54 4c 53 20 68 61 6e 64 73 68 61 6b 65 00 4c 69	used.during.SSL/TLS.handshake.Li
b7b00	6d 69 74 20 6c 6f 67 69 6e 73 20 74 6f 20 60 3c 6c 69 6d 69 74 3e 60 20 70 65 72 20 65 76 65 72	mit.logins.to.`<limit>`.per.ever
b7b20	79 20 60 60 72 61 74 65 2d 74 69 6d 65 60 60 20 73 65 63 6f 6e 64 73 2e 20 52 61 74 65 20 6c 69	y.``rate-time``.seconds..Rate.li
b7b40	6d 69 74 20 6d 75 73 74 20 62 65 20 62 65 74 77 65 65 6e 20 31 20 61 6e 64 20 31 30 20 61 74 74	mit.must.be.between.1.and.10.att
b7b60	65 6d 70 74 73 2e 00 4c 69 6d 69 74 20 6c 6f 67 69 6e 73 20 74 6f 20 60 60 72 61 74 65 2d 6c 69	empts..Limit.logins.to.``rate-li
b7b80	6d 69 74 60 60 20 61 74 74 65 6d 70 73 20 70 65 72 20 65 76 65 72 79 20 60 3c 73 65 63 6f 6e 64	mit``.attemps.per.every.`<second
b7ba0	73 3e 60 2e 20 52 61 74 65 20 74 69 6d 65 20 6d 75 73 74 20 62 65 20 62 65 74 77 65 65 6e 20 31	s>`..Rate.time.must.be.between.1
b7bc0	35 20 61 6e 64 20 36 30 30 20 73 65 63 6f 6e 64 73 2e 00 4c 69 6d 69 74 20 6d 61 78 69 6d 75 6d	5.and.600.seconds..Limit.maximum
b7be0	20 6e 75 6d 62 65 72 20 6f 66 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 00 4c 69 6d 69 74 65 72 00 4c	.number.of.connections.Limiter.L
b7c00	69 6d 69 74 65 72 20 69 73 20 6f 6e 65 20 6f 66 20 74 68 6f 73 65 20 70 6f 6c 69 63 69 65 73 20	imiter.is.one.of.those.policies.
b7c20	74 68 61 74 20 75 73 65 73 20 63 6c 61 73 73 65 73 5f 20 28 49 6e 67 72 65 73 73 20 71 64 69 73	that.uses.classes_.(Ingress.qdis
b7c40	63 20 69 73 20 61 63 74 75 61 6c 6c 79 20 61 20 63 6c 61 73 73 6c 65 73 73 20 70 6f 6c 69 63 79	c.is.actually.a.classless.policy
b7c60	20 62 75 74 20 66 69 6c 74 65 72 73 20 64 6f 20 77 6f 72 6b 20 69 6e 20 69 74 29 2e 00 4c 69 6d	.but.filters.do.work.in.it)..Lim
b7c80	69 74 73 00 4c 69 6e 65 20 70 72 69 6e 74 65 72 20 73 75 62 73 79 73 74 65 6d 00 4c 69 6e 6b 20	its.Line.printer.subsystem.Link.
b7ca0	4d 54 55 20 76 61 6c 75 65 20 70 6c 61 63 65 64 20 69 6e 20 52 41 73 2c 20 65 78 6c 75 64 65 64	MTU.value.placed.in.RAs,.exluded
b7cc0	20 69 6e 20 52 41 73 20 69 66 20 75 6e 73 65 74 00 4c 69 6e 6b 20 61 67 67 72 65 67 61 74 69 6f	.in.RAs.if.unset.Link.aggregatio
b7ce0	6e 00 4c 69 6e 75 78 20 6e 65 74 66 69 6c 74 65 72 20 77 69 6c 6c 20 6e 6f 74 20 4e 41 54 20 74	n.Linux.netfilter.will.not.NAT.t
b7d00	72 61 66 66 69 63 20 6d 61 72 6b 65 64 20 61 73 20 49 4e 56 41 4c 49 44 2e 20 54 68 69 73 20 6f	raffic.marked.as.INVALID..This.o
b7d20	66 74 65 6e 20 63 6f 6e 66 75 73 65 73 20 70 65 6f 70 6c 65 20 69 6e 74 6f 20 74 68 69 6e 6b 69	ften.confuses.people.into.thinki
b7d40	6e 67 20 74 68 61 74 20 4c 69 6e 75 78 20 28 6f 72 20 73 70 65 63 69 66 69 63 61 6c 6c 79 20 56	ng.that.Linux.(or.specifically.V
b7d60	79 4f 53 29 20 68 61 73 20 61 20 62 72 6f 6b 65 6e 20 4e 41 54 20 69 6d 70 6c 65 6d 65 6e 74 61	yOS).has.a.broken.NAT.implementa
b7d80	74 69 6f 6e 20 62 65 63 61 75 73 65 20 6e 6f 6e 2d 4e 41 54 65 64 20 74 72 61 66 66 69 63 20 69	tion.because.non-NATed.traffic.i
b7da0	73 20 73 65 65 6e 20 6c 65 61 76 69 6e 67 20 61 6e 20 65 78 74 65 72 6e 61 6c 20 69 6e 74 65 72	s.seen.leaving.an.external.inter
b7dc0	66 61 63 65 2e 20 54 68 69 73 20 69 73 20 61 63 74 75 61 6c 6c 79 20 77 6f 72 6b 69 6e 67 20 61	face..This.is.actually.working.a
b7de0	73 20 69 6e 74 65 6e 64 65 64 2c 20 61 6e 64 20 61 20 70 61 63 6b 65 74 20 63 61 70 74 75 72 65	s.intended,.and.a.packet.capture
b7e00	20 6f 66 20 74 68 65 20 22 6c 65 61 6b 79 22 20 74 72 61 66 66 69 63 20 73 68 6f 75 6c 64 20 72	.of.the."leaky".traffic.should.r
b7e20	65 76 65 61 6c 20 74 68 61 74 20 74 68 65 20 74 72 61 66 66 69 63 20 69 73 20 65 69 74 68 65 72	eveal.that.the.traffic.is.either
b7e40	20 61 6e 20 61 64 64 69 74 69 6f 6e 61 6c 20 54 43 50 20 22 52 53 54 22 2c 20 22 46 49 4e 2c 41	.an.additional.TCP."RST",."FIN,A
b7e60	43 4b 22 2c 20 6f 72 20 22 52 53 54 2c 41 43 4b 22 20 73 65 6e 74 20 62 79 20 63 6c 69 65 6e 74	CK",.or."RST,ACK".sent.by.client
b7e80	20 73 79 73 74 65 6d 73 20 61 66 74 65 72 20 4c 69 6e 75 78 20 6e 65 74 66 69 6c 74 65 72 20 63	.systems.after.Linux.netfilter.c
b7ea0	6f 6e 73 69 64 65 72 73 20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 63 6c 6f 73 65 64 2e 20	onsiders.the.connection.closed..
b7ec0	54 68 65 20 6d 6f 73 74 20 63 6f 6d 6d 6f 6e 20 69 73 20 74 68 65 20 61 64 64 69 74 69 6f 6e 61	The.most.common.is.the.additiona
b7ee0	6c 20 54 43 50 20 52 53 54 20 73 6f 6d 65 20 68 6f 73 74 20 69 6d 70 6c 65 6d 65 6e 74 61 74 69	l.TCP.RST.some.host.implementati
b7f00	6f 6e 73 20 73 65 6e 64 20 61 66 74 65 72 20 74 65 72 6d 69 6e 61 74 69 6e 67 20 61 20 63 6f 6e	ons.send.after.terminating.a.con
b7f20	6e 65 63 74 69 6f 6e 20 28 77 68 69 63 68 20 69 73 20 69 6d 70 6c 65 6d 65 6e 74 61 74 69 6f 6e	nection.(which.is.implementation
b7f40	2d 73 70 65 63 69 66 69 63 29 2e 00 4c 69 73 74 20 61 6c 6c 20 4d 41 43 73 65 63 20 69 6e 74 65	-specific)..List.all.MACsec.inte
b7f60	72 66 61 63 65 73 2e 00 4c 69 73 74 20 6f 66 20 66 61 63 69 6c 69 74 69 65 73 20 75 73 65 64 20	rfaces..List.of.facilities.used.
b7f80	62 79 20 73 79 73 6c 6f 67 2e 20 4d 6f 73 74 20 66 61 63 69 6c 69 74 69 65 73 20 6e 61 6d 65 73	by.syslog..Most.facilities.names
b7fa0	20 61 72 65 20 73 65 6c 66 20 65 78 70 6c 61 6e 61 74 6f 72 79 2e 20 46 61 63 69 6c 69 74 69 65	.are.self.explanatory..Facilitie
b7fc0	73 20 6c 6f 63 61 6c 30 20 2d 20 6c 6f 63 61 6c 37 20 63 6f 6d 6d 6f 6e 20 75 73 61 67 65 20 69	s.local0.-.local7.common.usage.i
b7fe0	73 20 66 2e 65 2e 20 61 73 20 6e 65 74 77 6f 72 6b 20 6c 6f 67 73 20 66 61 63 69 6c 69 74 69 65	s.f.e..as.network.logs.facilitie
b8000	73 20 66 6f 72 20 6e 6f 64 65 73 20 61 6e 64 20 6e 65 74 77 6f 72 6b 20 65 71 75 69 70 6d 65 6e	s.for.nodes.and.network.equipmen
b8020	74 2e 20 47 65 6e 65 72 61 6c 6c 79 20 69 74 20 64 65 70 65 6e 64 73 20 6f 6e 20 74 68 65 20 73	t..Generally.it.depends.on.the.s
b8040	69 74 75 61 74 69 6f 6e 20 68 6f 77 20 74 6f 20 63 6c 61 73 73 69 66 79 20 6c 6f 67 73 20 61 6e	ituation.how.to.classify.logs.an
b8060	64 20 70 75 74 20 74 68 65 6d 20 74 6f 20 66 61 63 69 6c 69 74 69 65 73 2e 20 53 65 65 20 66 61	d.put.them.to.facilities..See.fa
b8080	63 69 6c 69 74 69 65 73 20 6d 6f 72 65 20 61 73 20 61 20 74 6f 6f 6c 20 72 61 74 68 65 72 20 74	cilities.more.as.a.tool.rather.t
b80a0	68 61 6e 20 61 20 64 69 72 65 63 74 69 76 65 20 74 6f 20 66 6f 6c 6c 6f 77 2e 00 4c 69 73 74 20	han.a.directive.to.follow..List.
b80c0	6f 66 20 6e 65 74 77 6f 72 6b 73 20 6f 72 20 63 6c 69 65 6e 74 20 61 64 64 72 65 73 73 65 73 20	of.networks.or.client.addresses.
b80e0	70 65 72 6d 69 74 74 65 64 20 74 6f 20 63 6f 6e 74 61 63 74 20 74 68 69 73 20 4e 54 50 20 73 65	permitted.to.contact.this.NTP.se
b8100	72 76 65 72 2e 00 4c 69 73 74 20 6f 66 20 73 75 70 70 6f 72 74 65 64 20 4d 41 43 73 3a 20 60 60	rver..List.of.supported.MACs:.``
b8120	68 6d 61 63 2d 6d 64 35 60 60 2c 20 60 60 68 6d 61 63 2d 6d 64 35 2d 39 36 60 60 2c 20 60 60 68	hmac-md5``,.``hmac-md5-96``,.``h
b8140	6d 61 63 2d 72 69 70 65 6d 64 31 36 30 60 60 2c 20 60 60 68 6d 61 63 2d 73 68 61 31 60 60 2c 20	mac-ripemd160``,.``hmac-sha1``,.
b8160	60 60 68 6d 61 63 2d 73 68 61 31 2d 39 36 60 60 2c 20 60 60 68 6d 61 63 2d 73 68 61 32 2d 32 35	``hmac-sha1-96``,.``hmac-sha2-25
b8180	36 60 60 2c 20 60 60 68 6d 61 63 2d 73 68 61 32 2d 35 31 32 60 60 2c 20 60 60 75 6d 61 63 2d 36	6``,.``hmac-sha2-512``,.``umac-6
b81a0	34 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 60 60 2c 20 60 60 75 6d 61 63 2d 31 32 38 40 6f 70 65 6e	4@openssh.com``,.``umac-128@open
b81c0	73 73 68 2e 63 6f 6d 60 60 2c 20 60 60 68 6d 61 63 2d 6d 64 35 2d 65 74 6d 40 6f 70 65 6e 73 73	ssh.com``,.``hmac-md5-etm@openss
b81e0	68 2e 63 6f 6d 60 60 2c 20 60 60 68 6d 61 63 2d 6d 64 35 2d 39 36 2d 65 74 6d 40 6f 70 65 6e 73	h.com``,.``hmac-md5-96-etm@opens
b8200	73 68 2e 63 6f 6d 60 60 2c 20 60 60 68 6d 61 63 2d 72 69 70 65 6d 64 31 36 30 2d 65 74 6d 40 6f	sh.com``,.``hmac-ripemd160-etm@o
b8220	70 65 6e 73 73 68 2e 63 6f 6d 60 60 2c 20 60 60 68 6d 61 63 2d 73 68 61 31 2d 65 74 6d 40 6f 70	penssh.com``,.``hmac-sha1-etm@op
b8240	65 6e 73 73 68 2e 63 6f 6d 60 60 2c 20 60 60 68 6d 61 63 2d 73 68 61 31 2d 39 36 2d 65 74 6d 40	enssh.com``,.``hmac-sha1-96-etm@
b8260	6f 70 65 6e 73 73 68 2e 63 6f 6d 60 60 2c 20 60 60 68 6d 61 63 2d 73 68 61 32 2d 32 35 36 2d 65	openssh.com``,.``hmac-sha2-256-e
b8280	74 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 60 60 2c 20 60 60 68 6d 61 63 2d 73 68 61 32 2d 35 31	tm@openssh.com``,.``hmac-sha2-51
b82a0	32 2d 65 74 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 60 60 2c 20 60 60 75 6d 61 63 2d 36 34 2d 65	2-etm@openssh.com``,.``umac-64-e
b82c0	74 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 60 60 2c 20 60 60 75 6d 61 63 2d 31 32 38 2d 65 74 6d	tm@openssh.com``,.``umac-128-etm
b82e0	40 6f 70 65 6e 73 73 68 2e 63 6f 6d 60 60 00 4c 69 73 74 20 6f 66 20 73 75 70 70 6f 72 74 65 64	@openssh.com``.List.of.supported
b8300	20 61 6c 67 6f 72 69 74 68 6d 73 3a 20 60 60 64 69 66 66 69 65 2d 68 65 6c 6c 6d 61 6e 2d 67 72	.algorithms:.``diffie-hellman-gr
b8320	6f 75 70 31 2d 73 68 61 31 60 60 2c 20 60 60 64 69 66 66 69 65 2d 68 65 6c 6c 6d 61 6e 2d 67 72	oup1-sha1``,.``diffie-hellman-gr
b8340	6f 75 70 31 34 2d 73 68 61 31 60 60 2c 20 60 60 64 69 66 66 69 65 2d 68 65 6c 6c 6d 61 6e 2d 67	oup14-sha1``,.``diffie-hellman-g
b8360	72 6f 75 70 31 34 2d 73 68 61 32 35 36 60 60 2c 20 60 60 64 69 66 66 69 65 2d 68 65 6c 6c 6d 61	roup14-sha256``,.``diffie-hellma
b8380	6e 2d 67 72 6f 75 70 31 36 2d 73 68 61 35 31 32 60 60 2c 20 60 60 64 69 66 66 69 65 2d 68 65 6c	n-group16-sha512``,.``diffie-hel
b83a0	6c 6d 61 6e 2d 67 72 6f 75 70 31 38 2d 73 68 61 35 31 32 60 60 2c 20 60 60 64 69 66 66 69 65 2d	lman-group18-sha512``,.``diffie-
b83c0	68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 2d 65 78 63 68 61 6e 67 65 2d 73 68 61 31 60 60 2c 20 60	hellman-group-exchange-sha1``,.`
b83e0	60 64 69 66 66 69 65 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 2d 65 78 63 68 61 6e 67 65 2d 73	`diffie-hellman-group-exchange-s
b8400	68 61 32 35 36 60 60 2c 20 60 60 65 63 64 68 2d 73 68 61 32 2d 6e 69 73 74 70 32 35 36 60 60 2c	ha256``,.``ecdh-sha2-nistp256``,
b8420	20 60 60 65 63 64 68 2d 73 68 61 32 2d 6e 69 73 74 70 33 38 34 60 60 2c 20 60 60 65 63 64 68 2d	.``ecdh-sha2-nistp384``,.``ecdh-
b8440	73 68 61 32 2d 6e 69 73 74 70 35 32 31 60 60 2c 20 60 60 63 75 72 76 65 32 35 35 31 39 2d 73 68	sha2-nistp521``,.``curve25519-sh
b8460	61 32 35 36 60 60 20 61 6e 64 20 60 60 63 75 72 76 65 32 35 35 31 39 2d 73 68 61 32 35 36 40 6c	a256``.and.``curve25519-sha256@l
b8480	69 62 73 73 68 2e 6f 72 67 60 60 2e 00 4c 69 73 74 20 6f 66 20 73 75 70 70 6f 72 74 65 64 20 63	ibssh.org``..List.of.supported.c
b84a0	69 70 68 65 72 73 3a 20 60 60 33 64 65 73 2d 63 62 63 60 60 2c 20 60 60 61 65 73 31 32 38 2d 63	iphers:.``3des-cbc``,.``aes128-c
b84c0	62 63 60 60 2c 20 60 60 61 65 73 31 39 32 2d 63 62 63 60 60 2c 20 60 60 61 65 73 32 35 36 2d 63	bc``,.``aes192-cbc``,.``aes256-c
b84e0	62 63 60 60 2c 20 60 60 61 65 73 31 32 38 2d 63 74 72 60 60 2c 20 60 60 61 65 73 31 39 32 2d 63	bc``,.``aes128-ctr``,.``aes192-c
b8500	74 72 60 60 2c 20 60 60 61 65 73 32 35 36 2d 63 74 72 60 60 2c 20 60 60 61 72 63 66 6f 75 72 31	tr``,.``aes256-ctr``,.``arcfour1
b8520	32 38 60 60 2c 20 60 60 61 72 63 66 6f 75 72 32 35 36 60 60 2c 20 60 60 61 72 63 66 6f 75 72 60	28``,.``arcfour256``,.``arcfour`
b8540	60 2c 20 60 60 62 6c 6f 77 66 69 73 68 2d 63 62 63 60 60 2c 20 60 60 63 61 73 74 31 32 38 2d 63	`,.``blowfish-cbc``,.``cast128-c
b8560	62 63 60 60 00 4c 69 73 74 20 6f 66 20 77 65 6c 6c 2d 6b 6e 6f 77 6e 20 63 6f 6d 6d 75 6e 69 74	bc``.List.of.well-known.communit
b8580	69 65 73 00 4c 69 73 74 65 6e 20 66 6f 72 20 44 48 43 50 20 72 65 71 75 65 73 74 73 20 6f 6e 20	ies.Listen.for.DHCP.requests.on.
b85a0	69 6e 74 65 72 66 61 63 65 20 60 60 65 74 68 31 60 60 2e 00 4c 69 73 74 73 20 56 52 46 73 20 74	interface.``eth1``..Lists.VRFs.t
b85c0	68 61 74 20 68 61 76 65 20 62 65 65 6e 20 63 72 65 61 74 65 64 00 4c 6f 61 64 20 42 61 6c 61 6e	hat.have.been.created.Load.Balan
b85e0	63 65 00 4c 6f 61 64 20 42 61 6c 61 6e 63 69 6e 67 00 4c 6f 61 64 20 74 68 65 20 63 6f 6e 74 61	ce.Load.Balancing.Load.the.conta
b8600	69 6e 65 72 20 69 6d 61 67 65 20 69 6e 20 6f 70 2d 6d 6f 64 65 2e 00 4c 6f 61 64 2d 62 61 6c 61	iner.image.in.op-mode..Load-bala
b8620	6e 63 69 6e 67 00 4c 6f 61 64 2d 62 61 6c 61 6e 63 69 6e 67 20 61 6c 67 6f 72 69 74 68 6d 73 20	ncing.Load-balancing.algorithms.
b8640	74 6f 20 62 65 20 75 73 65 64 20 66 6f 72 20 64 69 73 74 72 69 62 75 74 69 6e 64 20 72 65 71 75	to.be.used.for.distributind.requ
b8660	65 73 74 73 20 61 6d 6f 6e 67 20 74 68 65 20 76 61 69 6c 61 62 6c 65 20 73 65 72 76 65 72 73 00	ests.among.the.vailable.servers.
b8680	4c 6f 61 64 2d 62 61 6c 61 6e 63 69 6e 67 20 73 63 68 65 64 75 6c 65 20 61 6c 67 6f 72 69 74 68	Load-balancing.schedule.algorith
b86a0	6d 3a 00 4c 6f 63 61 6c 00 4c 6f 63 61 6c 20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 2d 20 41	m:.Local.Local.Configuration.-.A
b86c0	6e 6e 6f 74 61 74 65 64 3a 00 4c 6f 63 61 6c 20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3a 00 4c	nnotated:.Local.Configuration:.L
b86e0	6f 63 61 6c 20 49 50 20 60 3c 61 64 64 72 65 73 73 3e 60 20 75 73 65 64 20 77 68 65 6e 20 63 6f	ocal.IP.`<address>`.used.when.co
b8700	6d 6d 75 6e 69 63 61 74 69 6e 67 20 74 6f 20 74 68 65 20 66 61 69 6c 6f 76 65 72 20 70 65 65 72	mmunicating.to.the.failover.peer
b8720	2e 00 4c 6f 63 61 6c 20 49 50 20 61 64 64 72 65 73 73 65 73 20 74 6f 20 6c 69 73 74 65 6e 20 6f	..Local.IP.addresses.to.listen.o
b8740	6e 00 4c 6f 63 61 6c 20 49 50 76 34 20 61 64 64 72 65 73 73 65 73 20 66 6f 72 20 73 65 72 76 69	n.Local.IPv4.addresses.for.servi
b8760	63 65 20 74 6f 20 6c 69 73 74 65 6e 20 6f 6e 2e 00 4c 6f 63 61 6c 20 52 6f 75 74 65 20 49 50 76	ce.to.listen.on..Local.Route.IPv
b8780	34 00 4c 6f 63 61 6c 20 52 6f 75 74 65 20 49 50 76 36 00 4c 6f 63 61 6c 20 52 6f 75 74 65 20 50	4.Local.Route.IPv6.Local.Route.P
b87a0	6f 6c 69 63 79 00 4c 6f 63 61 6c 20 55 73 65 72 20 41 63 63 6f 75 6e 74 00 4c 6f 63 61 6c 20 70	olicy.Local.User.Account.Local.p
b87c0	61 74 68 20 74 68 61 74 20 69 6e 63 6c 75 64 65 73 20 74 68 65 20 6b 6e 6f 77 6e 20 68 6f 73 74	ath.that.includes.the.known.host
b87e0	73 20 66 69 6c 65 2e 00 4c 6f 63 61 6c 20 70 61 74 68 20 74 68 61 74 20 69 6e 63 6c 75 64 65 73	s.file..Local.path.that.includes
b8800	20 74 68 65 20 70 72 69 76 61 74 65 20 6b 65 79 20 66 69 6c 65 20 6f 66 20 74 68 65 20 72 6f 75	.the.private.key.file.of.the.rou
b8820	74 65 72 2e 00 4c 6f 63 61 6c 20 70 61 74 68 20 74 68 61 74 20 69 6e 63 6c 75 64 65 73 20 74 68	ter..Local.path.that.includes.th
b8840	65 20 70 75 62 6c 69 63 20 6b 65 79 20 66 69 6c 65 20 6f 66 20 74 68 65 20 72 6f 75 74 65 72 2e	e.public.key.file.of.the.router.
b8860	00 4c 6f 63 61 6c 20 72 6f 75 74 65 00 4c 6f 63 61 6c 6c 79 20 63 6f 6e 6e 65 63 74 20 74 6f 20	.Local.route.Locally.connect.to.
b8880	73 65 72 69 61 6c 20 70 6f 72 74 20 69 64 65 6e 74 69 66 69 65 64 20 62 79 20 60 3c 64 65 76 69	serial.port.identified.by.`<devi
b88a0	63 65 3e 60 2e 00 4c 6f 63 61 6c 6c 79 20 73 69 67 6e 69 66 69 63 61 6e 74 20 61 64 6d 69 6e 69	ce>`..Locally.significant.admini
b88c0	73 74 72 61 74 69 76 65 20 64 69 73 74 61 6e 63 65 2e 00 4c 6f 67 20 61 6c 65 72 74 00 4c 6f 67	strative.distance..Log.alert.Log
b88e0	20 61 75 64 69 74 00 4c 6f 67 20 65 76 65 72 79 74 68 69 6e 67 00 4c 6f 67 20 6d 65 73 73 61 67	.audit.Log.everything.Log.messag
b8900	65 73 20 66 72 6f 6d 20 61 20 73 70 65 63 69 66 69 65 64 20 69 6d 61 67 65 20 63 61 6e 20 62 65	es.from.a.specified.image.can.be
b8920	20 64 69 73 70 6c 61 79 65 64 20 6f 6e 20 74 68 65 20 63 6f 6e 73 6f 6c 65 2e 20 44 65 74 61 69	.displayed.on.the.console..Detai
b8940	6c 73 20 6f 66 20 61 6c 6c 6f 77 65 64 20 70 61 72 61 6d 65 74 65 72 73 3a 00 4c 6f 67 20 73 79	ls.of.allowed.parameters:.Log.sy
b8960	73 6c 6f 67 20 6d 65 73 73 61 67 65 73 20 74 6f 20 60 60 2f 64 65 76 2f 63 6f 6e 73 6f 6c 65 60	slog.messages.to.``/dev/console`
b8980	60 2c 20 66 6f 72 20 61 6e 20 65 78 70 6c 61 6e 61 74 69 6f 6e 20 6f 6e 20 3a 72 65 66 3a 60 73	`,.for.an.explanation.on.:ref:`s
b89a0	79 73 6c 6f 67 5f 66 61 63 69 6c 69 74 69 65 73 60 20 6b 65 79 77 6f 72 64 73 20 61 6e 64 20 3a	yslog_facilities`.keywords.and.:
b89c0	72 65 66 3a 60 73 79 73 6c 6f 67 5f 73 65 76 65 72 69 74 79 5f 6c 65 76 65 6c 60 20 6b 65 79 77	ref:`syslog_severity_level`.keyw
b89e0	6f 72 64 73 20 73 65 65 20 74 61 62 6c 65 73 20 62 65 6c 6f 77 2e 00 4c 6f 67 20 73 79 73 6c 6f	ords.see.tables.below..Log.syslo
b8a00	67 20 6d 65 73 73 61 67 65 73 20 74 6f 20 66 69 6c 65 20 73 70 65 63 69 66 69 65 64 20 76 69 61	g.messages.to.file.specified.via
b8a20	20 60 3c 66 69 6c 65 6e 61 6d 65 3e 60 2c 20 66 6f 72 20 61 6e 20 65 78 70 6c 61 6e 61 74 69 6f	.`<filename>`,.for.an.explanatio
b8a40	6e 20 6f 6e 20 3a 72 65 66 3a 60 73 79 73 6c 6f 67 5f 66 61 63 69 6c 69 74 69 65 73 60 20 6b 65	n.on.:ref:`syslog_facilities`.ke
b8a60	79 77 6f 72 64 73 20 61 6e 64 20 3a 72 65 66 3a 60 73 79 73 6c 6f 67 5f 73 65 76 65 72 69 74 79	ywords.and.:ref:`syslog_severity
b8a80	5f 6c 65 76 65 6c 60 20 6b 65 79 77 6f 72 64 73 20 73 65 65 20 74 61 62 6c 65 73 20 62 65 6c 6f	_level`.keywords.see.tables.belo
b8aa0	77 2e 00 4c 6f 67 20 73 79 73 6c 6f 67 20 6d 65 73 73 61 67 65 73 20 74 6f 20 72 65 6d 6f 74 65	w..Log.syslog.messages.to.remote
b8ac0	20 68 6f 73 74 20 73 70 65 63 69 66 69 65 64 20 62 79 20 60 3c 61 64 64 72 65 73 73 3e 60 2e 20	.host.specified.by.`<address>`..
b8ae0	54 68 65 20 61 64 64 72 65 73 73 20 63 61 6e 20 62 65 20 73 70 65 63 69 66 69 65 64 20 62 79 20	The.address.can.be.specified.by.
b8b00	65 69 74 68 65 72 20 46 51 44 4e 20 6f 72 20 49 50 20 61 64 64 72 65 73 73 2e 20 46 6f 72 20 61	either.FQDN.or.IP.address..For.a
b8b20	6e 20 65 78 70 6c 61 6e 61 74 69 6f 6e 20 6f 6e 20 3a 72 65 66 3a 60 73 79 73 6c 6f 67 5f 66 61	n.explanation.on.:ref:`syslog_fa
b8b40	63 69 6c 69 74 69 65 73 60 20 6b 65 79 77 6f 72 64 73 20 61 6e 64 20 3a 72 65 66 3a 60 73 79 73	cilities`.keywords.and.:ref:`sys
b8b60	6c 6f 67 5f 73 65 76 65 72 69 74 79 5f 6c 65 76 65 6c 60 20 6b 65 79 77 6f 72 64 73 20 73 65 65	log_severity_level`.keywords.see
b8b80	20 74 61 62 6c 65 73 20 62 65 6c 6f 77 2e 00 4c 6f 67 20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f	.tables.below..Log.the.connectio
b8ba0	6e 20 74 72 61 63 6b 69 6e 67 20 65 76 65 6e 74 73 20 70 65 72 20 70 72 6f 74 6f 63 6f 6c 2e 00	n.tracking.events.per.protocol..
b8bc0	4c 6f 67 67 69 6e 67 00 4c 6f 67 67 69 6e 67 20 63 61 6e 20 62 65 20 65 6e 61 62 6c 65 20 66 6f	Logging.Logging.can.be.enable.fo
b8be0	72 20 65 76 65 72 79 20 73 69 6e 67 6c 65 20 66 69 72 65 77 61 6c 6c 20 72 75 6c 65 2e 20 49 66	r.every.single.firewall.rule..If
b8c00	20 65 6e 61 62 6c 65 64 2c 20 6f 74 68 65 72 20 6c 6f 67 20 6f 70 74 69 6f 6e 73 20 63 61 6e 20	.enabled,.other.log.options.can.
b8c20	62 65 20 64 65 66 69 6e 65 64 2e 00 4c 6f 67 67 69 6e 67 20 74 6f 20 61 20 72 65 6d 6f 74 65 20	be.defined..Logging.to.a.remote.
b8c40	68 6f 73 74 20 6c 65 61 76 65 73 20 74 68 65 20 6c 6f 63 61 6c 20 6c 6f 67 67 69 6e 67 20 63 6f	host.leaves.the.local.logging.co
b8c60	6e 66 69 67 75 72 61 74 69 6f 6e 20 69 6e 74 61 63 74 2c 20 69 74 20 63 61 6e 20 62 65 20 63 6f	nfiguration.intact,.it.can.be.co
b8c80	6e 66 69 67 75 72 65 64 20 69 6e 20 70 61 72 61 6c 6c 65 6c 20 74 6f 20 61 20 63 75 73 74 6f 6d	nfigured.in.parallel.to.a.custom
b8ca0	20 66 69 6c 65 20 6f 72 20 63 6f 6e 73 6f 6c 65 20 6c 6f 67 67 69 6e 67 2e 20 59 6f 75 20 63 61	.file.or.console.logging..You.ca
b8cc0	6e 20 6c 6f 67 20 74 6f 20 6d 75 6c 74 69 70 6c 65 20 68 6f 73 74 73 20 61 74 20 74 68 65 20 73	n.log.to.multiple.hosts.at.the.s
b8ce0	61 6d 65 20 74 69 6d 65 2c 20 75 73 69 6e 67 20 65 69 74 68 65 72 20 54 43 50 20 6f 72 20 55 44	ame.time,.using.either.TCP.or.UD
b8d00	50 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 69 73 20 73 65 6e 64 69 6e 67 20 74 68 65 20 6d 65	P..The.default.is.sending.the.me
b8d20	73 73 61 67 65 73 20 76 69 61 20 70 6f 72 74 20 35 31 34 2f 55 44 50 2e 00 4c 6f 67 69 6e 20 42	ssages.via.port.514/UDP..Login.B
b8d40	61 6e 6e 65 72 00 4c 6f 67 69 6e 20 6c 69 6d 69 74 73 00 4c 6f 67 69 6e 2f 55 73 65 72 20 4d 61	anner.Login.limits.Login/User.Ma
b8d60	6e 61 67 65 6d 65 6e 74 00 4c 6f 6f 70 62 61 63 6b 00 4c 6f 6f 70 62 61 63 6b 73 20 6f 63 63 75	nagement.Loopback.Loopbacks.occu
b8d80	72 73 20 61 74 20 74 68 65 20 49 50 20 6c 65 76 65 6c 20 74 68 65 20 73 61 6d 65 20 77 61 79 20	rs.at.the.IP.level.the.same.way.
b8da0	61 73 20 66 6f 72 20 6f 74 68 65 72 20 69 6e 74 65 72 66 61 63 65 73 2c 20 65 74 68 65 72 6e 65	as.for.other.interfaces,.etherne
b8dc0	74 20 66 72 61 6d 65 73 20 61 72 65 20 6e 6f 74 20 66 6f 72 77 61 72 64 65 64 20 62 65 74 77 65	t.frames.are.not.forwarded.betwe
b8de0	65 6e 20 50 73 65 75 64 6f 2d 45 74 68 65 72 6e 65 74 20 69 6e 74 65 72 66 61 63 65 73 2e 00 4c	en.Pseudo-Ethernet.interfaces..L
b8e00	6f 77 00 4d 41 43 20 47 72 6f 75 70 73 00 4d 41 43 20 61 64 64 72 65 73 73 20 61 67 69 6e 67 20	ow.MAC.Groups.MAC.address.aging.
b8e20	60 3c 74 69 6d 65 60 3e 20 69 6e 20 73 65 63 6f 6e 64 73 20 28 64 65 66 61 75 6c 74 3a 20 33 30	`<time`>.in.seconds.(default:.30
b8e40	30 29 2e 00 4d 41 43 2f 50 48 59 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 00 4d 41 43 56 4c 41 4e 20	0)..MAC/PHY.information.MACVLAN.
b8e60	2d 20 50 73 65 75 64 6f 20 45 74 68 65 72 6e 65 74 00 4d 41 43 73 65 63 00 4d 41 43 73 65 63 20	-.Pseudo.Ethernet.MACsec.MACsec.
b8e80	69 73 20 61 6e 20 49 45 45 45 20 73 74 61 6e 64 61 72 64 20 28 49 45 45 45 20 38 30 32 2e 31 41	is.an.IEEE.standard.(IEEE.802.1A
b8ea0	45 29 20 66 6f 72 20 4d 41 43 20 73 65 63 75 72 69 74 79 2c 20 69 6e 74 72 6f 64 75 63 65 64 20	E).for.MAC.security,.introduced.
b8ec0	69 6e 20 32 30 30 36 2e 20 49 74 20 64 65 66 69 6e 65 73 20 61 20 77 61 79 20 74 6f 20 65 73 74	in.2006..It.defines.a.way.to.est
b8ee0	61 62 6c 69 73 68 20 61 20 70 72 6f 74 6f 63 6f 6c 20 69 6e 64 65 70 65 6e 64 65 6e 74 20 63 6f	ablish.a.protocol.independent.co
b8f00	6e 6e 65 63 74 69 6f 6e 20 62 65 74 77 65 65 6e 20 74 77 6f 20 68 6f 73 74 73 20 77 69 74 68 20	nnection.between.two.hosts.with.
b8f20	64 61 74 61 20 63 6f 6e 66 69 64 65 6e 74 69 61 6c 69 74 79 2c 20 61 75 74 68 65 6e 74 69 63 69	data.confidentiality,.authentici
b8f40	74 79 20 61 6e 64 2f 6f 72 20 69 6e 74 65 67 72 69 74 79 2c 20 75 73 69 6e 67 20 47 43 4d 2d 41	ty.and/or.integrity,.using.GCM-A
b8f60	45 53 2d 31 32 38 2e 20 4d 41 43 73 65 63 20 6f 70 65 72 61 74 65 73 20 6f 6e 20 74 68 65 20 45	ES-128..MACsec.operates.on.the.E
b8f80	74 68 65 72 6e 65 74 20 6c 61 79 65 72 20 61 6e 64 20 61 73 20 73 75 63 68 20 69 73 20 61 20 6c	thernet.layer.and.as.such.is.a.l
b8fa0	61 79 65 72 20 32 20 70 72 6f 74 6f 63 6f 6c 2c 20 77 68 69 63 68 20 6d 65 61 6e 73 20 69 74 27	ayer.2.protocol,.which.means.it'
b8fc0	73 20 64 65 73 69 67 6e 65 64 20 74 6f 20 73 65 63 75 72 65 20 74 72 61 66 66 69 63 20 77 69 74	s.designed.to.secure.traffic.wit
b8fe0	68 69 6e 20 61 20 6c 61 79 65 72 20 32 20 6e 65 74 77 6f 72 6b 2c 20 69 6e 63 6c 75 64 69 6e 67	hin.a.layer.2.network,.including
b9000	20 44 48 43 50 20 6f 72 20 41 52 50 20 72 65 71 75 65 73 74 73 2e 20 49 74 20 64 6f 65 73 20 6e	.DHCP.or.ARP.requests..It.does.n
b9020	6f 74 20 63 6f 6d 70 65 74 65 20 77 69 74 68 20 6f 74 68 65 72 20 73 65 63 75 72 69 74 79 20 73	ot.compete.with.other.security.s
b9040	6f 6c 75 74 69 6f 6e 73 20 73 75 63 68 20 61 73 20 49 50 73 65 63 20 28 6c 61 79 65 72 20 33 29	olutions.such.as.IPsec.(layer.3)
b9060	20 6f 72 20 54 4c 53 20 28 6c 61 79 65 72 20 34 29 2c 20 61 73 20 61 6c 6c 20 74 68 6f 73 65 20	.or.TLS.(layer.4),.as.all.those.
b9080	73 6f 6c 75 74 69 6f 6e 73 20 61 72 65 20 75 73 65 64 20 66 6f 72 20 74 68 65 69 72 20 6f 77 6e	solutions.are.used.for.their.own
b90a0	20 73 70 65 63 69 66 69 63 20 75 73 65 20 63 61 73 65 73 2e 00 4d 41 43 73 65 63 20 6f 6e 6c 79	.specific.use.cases..MACsec.only
b90c0	20 70 72 6f 76 69 64 65 73 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 62 79 20 64 65 66 61	.provides.authentication.by.defa
b90e0	75 6c 74 2c 20 65 6e 63 72 79 70 74 69 6f 6e 20 69 73 20 6f 70 74 69 6f 6e 61 6c 2e 20 54 68 69	ult,.encryption.is.optional..Thi
b9100	73 20 63 6f 6d 6d 61 6e 64 20 77 69 6c 6c 20 65 6e 61 62 6c 65 20 65 6e 63 72 79 70 74 69 6f 6e	s.command.will.enable.encryption
b9120	20 66 6f 72 20 61 6c 6c 20 6f 75 74 67 6f 69 6e 67 20 70 61 63 6b 65 74 73 2e 00 4d 41 43 73 65	.for.all.outgoing.packets..MACse
b9140	63 20 6f 70 74 69 6f 6e 73 00 4d 44 49 20 70 6f 77 65 72 00 4d 46 41 2f 32 46 41 20 61 75 74 68	c.options.MDI.power.MFA/2FA.auth
b9160	65 6e 74 69 63 61 74 69 6f 6e 20 75 73 69 6e 67 20 4f 54 50 20 28 6f 6e 65 20 74 69 6d 65 20 70	entication.using.OTP.(one.time.p
b9180	61 73 73 77 6f 72 64 73 29 00 4d 50 4c 53 00 4d 50 4c 53 20 73 75 70 70 6f 72 74 20 69 6e 20 56	asswords).MPLS.MPLS.support.in.V
b91a0	79 4f 53 20 69 73 20 6e 6f 74 20 66 69 6e 69 73 68 65 64 20 79 65 74 2c 20 61 6e 64 20 74 68 65	yOS.is.not.finished.yet,.and.the
b91c0	72 65 66 6f 72 65 20 69 74 73 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79 20 69 73 20 6c 69 6d 69	refore.its.functionality.is.limi
b91e0	74 65 64 2e 20 43 75 72 72 65 6e 74 6c 79 20 74 68 65 72 65 20 69 73 20 6e 6f 20 73 75 70 70 6f	ted..Currently.there.is.no.suppo
b9200	72 74 20 66 6f 72 20 4d 50 4c 53 20 65 6e 61 62 6c 65 64 20 56 50 4e 20 73 65 72 76 69 63 65 73	rt.for.MPLS.enabled.VPN.services
b9220	20 73 75 63 68 20 61 73 20 4c 32 56 50 4e 73 20 61 6e 64 20 6d 56 50 4e 73 2e 20 52 53 56 50 20	.such.as.L2VPNs.and.mVPNs..RSVP.
b9240	73 75 70 70 6f 72 74 20 69 73 20 61 6c 73 6f 20 6e 6f 74 20 70 72 65 73 65 6e 74 20 61 73 20 74	support.is.also.not.present.as.t
b9260	68 65 20 75 6e 64 65 72 6c 79 69 6e 67 20 72 6f 75 74 69 6e 67 20 73 74 61 63 6b 20 28 46 52 52	he.underlying.routing.stack.(FRR
b9280	29 20 64 6f 65 73 20 6e 6f 74 20 69 6d 70 6c 65 6d 65 6e 74 20 69 74 2e 20 43 75 72 72 65 6e 74	).does.not.implement.it..Current
b92a0	6c 79 20 56 79 4f 53 20 69 6d 70 6c 65 6d 65 6e 74 73 20 4c 44 50 20 61 73 20 64 65 73 63 72 69	ly.VyOS.implements.LDP.as.descri
b92c0	62 65 64 20 69 6e 20 52 46 43 20 35 30 33 36 3b 20 6f 74 68 65 72 20 4c 44 50 20 73 74 61 6e 64	bed.in.RFC.5036;.other.LDP.stand
b92e0	61 72 64 20 61 72 65 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 6f 6e 65 73 3a 20 52 46 43 20	ard.are.the.following.ones:.RFC.
b9300	36 37 32 30 2c 20 52 46 43 20 36 36 36 37 2c 20 52 46 43 20 35 39 31 39 2c 20 52 46 43 20 35 35	6720,.RFC.6667,.RFC.5919,.RFC.55
b9320	36 31 2c 20 52 46 43 20 37 35 35 32 2c 20 52 46 43 20 34 34 34 37 2e 20 42 65 63 61 75 73 65 20	61,.RFC.7552,.RFC.4447..Because.
b9340	4d 50 4c 53 20 69 73 20 61 6c 72 65 61 64 79 20 61 76 61 69 6c 61 62 6c 65 20 28 46 52 52 20 61	MPLS.is.already.available.(FRR.a
b9360	6c 73 6f 20 73 75 70 70 6f 72 74 73 20 52 46 43 20 33 30 33 31 29 2e 00 4d 53 53 20 76 61 6c 75	lso.supports.RFC.3031)..MSS.valu
b9380	65 20 3d 20 4d 54 55 20 2d 20 32 30 20 28 49 50 20 68 65 61 64 65 72 29 20 2d 20 32 30 20 28 54	e.=.MTU.-.20.(IP.header).-.20.(T
b93a0	43 50 20 68 65 61 64 65 72 29 2c 20 72 65 73 75 6c 74 69 6e 67 20 69 6e 20 31 34 35 32 20 62 79	CP.header),.resulting.in.1452.by
b93c0	74 65 73 20 6f 6e 20 61 20 31 34 39 32 20 62 79 74 65 20 4d 54 55 2e 00 4d 53 53 20 76 61 6c 75	tes.on.a.1492.byte.MTU..MSS.valu
b93e0	65 20 3d 20 4d 54 55 20 2d 20 34 30 20 28 49 50 76 36 20 68 65 61 64 65 72 29 20 2d 20 32 30 20	e.=.MTU.-.40.(IPv6.header).-.20.
b9400	28 54 43 50 20 68 65 61 64 65 72 29 2c 20 72 65 73 75 6c 74 69 6e 67 20 69 6e 20 31 34 33 32 20	(TCP.header),.resulting.in.1432.
b9420	62 79 74 65 73 20 6f 6e 20 61 20 31 34 39 32 20 62 79 74 65 20 4d 54 55 2e 00 4d 54 55 00 4d 61	bytes.on.a.1492.byte.MTU..MTU.Ma
b9440	69 6c 20 73 79 73 74 65 6d 00 4d 61 69 6e 20 73 74 72 75 63 74 75 72 65 20 69 73 20 73 68 6f 77	il.system.Main.structure.is.show
b9460	6e 20 6e 65 78 74 3a 00 4d 61 69 6e 74 65 6e 61 6e 63 65 20 6d 6f 64 65 00 4d 61 6b 65 20 73 75	n.next:.Maintenance.mode.Make.su
b9480	72 65 20 63 6f 6e 6e 74 72 61 63 6b 20 69 73 20 65 6e 61 62 6c 65 64 20 62 79 20 72 75 6e 6e 69	re.conntrack.is.enabled.by.runni
b94a0	6e 67 20 61 6e 64 20 73 68 6f 77 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 74 72 61 63 6b 69 6e 67 20	ng.and.show.connection.tracking.
b94c0	74 61 62 6c 65 2e 00 4d 61 6e 61 67 65 64 20 64 65 76 69 63 65 73 00 4d 61 6e 61 67 65 6d 65 6e	table..Managed.devices.Managemen
b94e0	74 20 46 72 61 6d 65 20 50 72 6f 74 65 63 74 69 6f 6e 20 28 4d 46 50 29 20 61 63 63 6f 72 64 69	t.Frame.Protection.(MFP).accordi
b9500	6e 67 20 74 6f 20 49 45 45 45 20 38 30 32 2e 31 31 77 00 4d 61 6e 64 61 74 6f 72 79 20 53 65 74	ng.to.IEEE.802.11w.Mandatory.Set
b9520	74 69 6e 67 73 00 4d 61 6e 75 61 6c 20 4e 65 69 67 68 62 6f 72 20 43 6f 6e 66 69 67 75 72 61 74	tings.Manual.Neighbor.Configurat
b9540	69 6f 6e 00 4d 61 70 73 20 74 68 65 20 56 4e 49 20 74 6f 20 74 68 65 20 73 70 65 63 69 66 69 65	ion.Maps.the.VNI.to.the.specifie
b9560	64 20 56 4c 41 4e 20 69 64 2e 20 54 68 65 20 56 4c 41 4e 20 63 61 6e 20 74 68 65 6e 20 62 65 20	d.VLAN.id..The.VLAN.can.then.be.
b9580	63 6f 6e 73 75 6d 65 64 20 62 79 20 61 20 62 72 69 64 67 65 2e 00 4d 61 72 6b 20 52 41 44 49 55	consumed.by.a.bridge..Mark.RADIU
b95a0	53 20 73 65 72 76 65 72 20 61 73 20 6f 66 66 6c 69 6e 65 20 66 6f 72 20 74 68 69 73 20 67 69 76	S.server.as.offline.for.this.giv
b95c0	65 6e 20 60 3c 74 69 6d 65 3e 60 20 69 6e 20 73 65 63 6f 6e 64 73 2e 00 4d 61 72 6b 20 74 68 65	en.`<time>`.in.seconds..Mark.the
b95e0	20 43 41 73 20 70 72 69 76 61 74 65 20 6b 65 79 20 61 73 20 70 61 73 73 77 6f 72 64 20 70 72 6f	.CAs.private.key.as.password.pro
b9600	74 65 63 74 65 64 2e 20 55 73 65 72 20 69 73 20 61 73 6b 65 64 20 66 6f 72 20 74 68 65 20 70 61	tected..User.is.asked.for.the.pa
b9620	73 73 77 6f 72 64 20 77 68 65 6e 20 74 68 65 20 6b 65 79 20 69 73 20 72 65 66 65 72 65 6e 63 65	ssword.when.the.key.is.reference
b9640	64 2e 00 4d 61 72 6b 20 74 68 65 20 70 72 69 76 61 74 65 20 6b 65 79 20 61 73 20 70 61 73 73 77	d..Mark.the.private.key.as.passw
b9660	6f 72 64 20 70 72 6f 74 65 63 74 65 64 2e 20 55 73 65 72 20 69 73 20 61 73 6b 65 64 20 66 6f 72	ord.protected..User.is.asked.for
b9680	20 74 68 65 20 70 61 73 73 77 6f 72 64 20 77 68 65 6e 20 74 68 65 20 6b 65 79 20 69 73 20 72 65	.the.password.when.the.key.is.re
b96a0	66 65 72 65 6e 63 65 64 2e 00 4d 61 74 63 68 20 42 47 50 20 6c 61 72 67 65 20 63 6f 6d 6d 75 6e	ferenced..Match.BGP.large.commun
b96c0	69 74 69 65 73 2e 00 4d 61 74 63 68 20 49 50 20 61 64 64 72 65 73 73 65 73 20 62 61 73 65 64 20	ities..Match.IP.addresses.based.
b96e0	6f 6e 20 69 74 73 20 67 65 6f 6c 6f 63 61 74 69 6f 6e 2e 20 4d 6f 72 65 20 69 6e 66 6f 3a 20 60	on.its.geolocation..More.info:.`
b9700	67 65 6f 69 70 20 6d 61 74 63 68 69 6e 67 20 3c 68 74 74 70 73 3a 2f 2f 77 69 6b 69 2e 6e 66 74	geoip.matching.<https://wiki.nft
b9720	61 62 6c 65 73 2e 6f 72 67 2f 77 69 6b 69 2d 6e 66 74 61 62 6c 65 73 2f 69 6e 64 65 78 2e 70 68	ables.org/wiki-nftables/index.ph
b9740	70 2f 47 65 6f 49 50 5f 6d 61 74 63 68 69 6e 67 3e 60 5f 2e 00 4d 61 74 63 68 20 49 50 20 61 64	p/GeoIP_matching>`_..Match.IP.ad
b9760	64 72 65 73 73 65 73 20 62 61 73 65 64 20 6f 6e 20 69 74 73 20 67 65 6f 6c 6f 63 61 74 69 6f 6e	dresses.based.on.its.geolocation
b9780	2e 20 4d 6f 72 65 20 69 6e 66 6f 3a 20 60 67 65 6f 69 70 20 6d 61 74 63 68 69 6e 67 20 3c 68 74	..More.info:.`geoip.matching.<ht
b97a0	74 70 73 3a 2f 2f 77 69 6b 69 2e 6e 66 74 61 62 6c 65 73 2e 6f 72 67 2f 77 69 6b 69 2d 6e 66 74	tps://wiki.nftables.org/wiki-nft
b97c0	61 62 6c 65 73 2f 69 6e 64 65 78 2e 70 68 70 2f 47 65 6f 49 50 5f 6d 61 74 63 68 69 6e 67 3e 60	ables/index.php/GeoIP_matching>`
b97e0	5f 2e 20 55 73 65 20 69 6e 76 65 72 73 65 2d 6d 61 74 63 68 20 74 6f 20 6d 61 74 63 68 20 61 6e	_..Use.inverse-match.to.match.an
b9800	79 74 68 69 6e 67 20 65 78 63 65 70 74 20 74 68 65 20 67 69 76 65 6e 20 63 6f 75 6e 74 72 79 2d	ything.except.the.given.country-
b9820	63 6f 64 65 73 2e 00 4d 61 74 63 68 20 52 50 4b 49 20 76 61 6c 69 64 61 74 69 6f 6e 20 72 65 73	codes..Match.RPKI.validation.res
b9840	75 6c 74 2e 00 4d 61 74 63 68 20 61 20 70 72 6f 74 6f 63 6f 6c 20 63 72 69 74 65 72 69 61 2e 20	ult..Match.a.protocol.criteria..
b9860	41 20 70 72 6f 74 6f 63 6f 6c 20 6e 75 6d 62 65 72 20 6f 72 20 61 20 6e 61 6d 65 20 77 68 69 63	A.protocol.number.or.a.name.whic
b9880	68 20 69 73 20 64 65 66 69 6e 65 64 20 69 6e 3a 20 60 60 2f 65 74 63 2f 70 72 6f 74 6f 63 6f 6c	h.is.defined.in:.``/etc/protocol
b98a0	73 60 60 2e 20 53 70 65 63 69 61 6c 20 6e 61 6d 65 73 20 61 72 65 20 60 60 61 6c 6c 60 60 20 66	s``..Special.names.are.``all``.f
b98c0	6f 72 20 61 6c 6c 20 70 72 6f 74 6f 63 6f 6c 73 20 61 6e 64 20 60 60 74 63 70 5f 75 64 70 60 60	or.all.protocols.and.``tcp_udp``
b98e0	20 66 6f 72 20 74 63 70 20 61 6e 64 20 75 64 70 20 62 61 73 65 64 20 70 61 63 6b 65 74 73 2e 20	.for.tcp.and.udp.based.packets..
b9900	54 68 65 20 60 60 21 60 60 20 6e 65 67 61 74 65 73 20 74 68 65 20 73 65 6c 65 63 74 65 64 20 70	The.``!``.negates.the.selected.p
b9920	72 6f 74 6f 63 6f 6c 2e 00 4d 61 74 63 68 20 61 20 70 72 6f 74 6f 63 6f 6c 20 63 72 69 74 65 72	rotocol..Match.a.protocol.criter
b9940	69 61 2e 20 41 20 70 72 6f 74 6f 63 6f 6c 20 6e 75 6d 62 65 72 20 6f 72 20 61 20 6e 61 6d 65 20	ia..A.protocol.number.or.a.name.
b9960	77 68 69 63 68 20 69 73 20 68 65 72 65 20 64 65 66 69 6e 65 64 3a 20 60 60 2f 65 74 63 2f 70 72	which.is.here.defined:.``/etc/pr
b9980	6f 74 6f 63 6f 6c 73 60 60 2e 20 53 70 65 63 69 61 6c 20 6e 61 6d 65 73 20 61 72 65 20 60 60 61	otocols``..Special.names.are.``a
b99a0	6c 6c 60 60 20 66 6f 72 20 61 6c 6c 20 70 72 6f 74 6f 63 6f 6c 73 20 61 6e 64 20 60 60 74 63 70	ll``.for.all.protocols.and.``tcp
b99c0	5f 75 64 70 60 60 20 66 6f 72 20 74 63 70 20 61 6e 64 20 75 64 70 20 62 61 73 65 64 20 70 61 63	_udp``.for.tcp.and.udp.based.pac
b99e0	6b 65 74 73 2e 20 54 68 65 20 60 60 21 60 60 20 6e 65 67 61 74 65 20 74 68 65 20 73 65 6c 65 63	kets..The.``!``.negate.the.selec
b9a00	74 65 64 20 70 72 6f 74 6f 63 6f 6c 2e 00 4d 61 74 63 68 20 61 67 61 69 6e 73 74 20 74 68 65 20	ted.protocol..Match.against.the.
b9a20	73 74 61 74 65 20 6f 66 20 61 20 70 61 63 6b 65 74 2e 00 4d 61 74 63 68 20 62 61 73 65 64 20 6f	state.of.a.packet..Match.based.o
b9a40	6e 20 64 73 63 70 20 76 61 6c 75 65 20 63 72 69 74 65 72 69 61 2e 20 4d 75 6c 74 69 70 6c 65 20	n.dscp.value.criteria..Multiple.
b9a60	76 61 6c 75 65 73 20 66 72 6f 6d 20 30 20 74 6f 20 36 33 20 61 6e 64 20 72 61 6e 67 65 73 20 61	values.from.0.to.63.and.ranges.a
b9a80	72 65 20 73 75 70 70 6f 72 74 65 64 2e 00 4d 61 74 63 68 20 62 61 73 65 64 20 6f 6e 20 64 73 63	re.supported..Match.based.on.dsc
b9aa0	70 20 76 61 6c 75 65 2e 00 4d 61 74 63 68 20 62 61 73 65 64 20 6f 6e 20 66 72 61 67 6d 65 6e 74	p.value..Match.based.on.fragment
b9ac0	20 63 72 69 74 65 72 69 61 2e 00 4d 61 74 63 68 20 62 61 73 65 64 20 6f 6e 20 69 63 6d 70 7c 69	.criteria..Match.based.on.icmp|i
b9ae0	63 6d 70 76 36 20 63 6f 64 65 20 61 6e 64 20 74 79 70 65 2e 00 4d 61 74 63 68 20 62 61 73 65 64	cmpv6.code.and.type..Match.based
b9b00	20 6f 6e 20 69 63 6d 70 7c 69 63 6d 70 76 36 20 74 79 70 65 2d 6e 61 6d 65 20 63 72 69 74 65 72	.on.icmp|icmpv6.type-name.criter
b9b20	69 61 2e 20 55 73 65 20 74 61 62 20 66 6f 72 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75	ia..Use.tab.for.information.abou
b9b40	74 20 77 68 61 74 20 2a 2a 74 79 70 65 2d 6e 61 6d 65 2a 2a 20 63 72 69 74 65 72 69 61 20 61 72	t.what.**type-name**.criteria.ar
b9b60	65 20 73 75 70 70 6f 72 74 65 64 2e 00 4d 61 74 63 68 20 62 61 73 65 64 20 6f 6e 20 69 63 6d 70	e.supported..Match.based.on.icmp
b9b80	7c 69 63 6d 70 76 36 20 74 79 70 65 2d 6e 61 6d 65 20 63 72 69 74 65 72 69 61 2e 20 55 73 65 20	|icmpv6.type-name.criteria..Use.
b9ba0	74 61 62 20 66 6f 72 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 77 68 61 74 20 74	tab.for.information.about.what.t
b9bc0	79 70 65 2d 6e 61 6d 65 20 63 72 69 74 65 72 69 61 20 61 72 65 20 73 75 70 70 6f 72 74 65 64 2e	ype-name.criteria.are.supported.
b9be0	00 4d 61 74 63 68 20 62 61 73 65 64 20 6f 6e 20 69 6e 62 6f 75 6e 64 20 69 6e 74 65 72 66 61 63	.Match.based.on.inbound.interfac
b9c00	65 2e 20 57 69 6c 63 61 72 64 20 60 60 2a 60 60 20 63 61 6e 20 62 65 20 75 73 65 64 2e 20 46 6f	e..Wilcard.``*``.can.be.used..Fo
b9c20	72 20 65 78 61 6d 70 6c 65 3a 20 60 60 65 74 68 32 2a 60 60 00 4d 61 74 63 68 20 62 61 73 65 64	r.example:.``eth2*``.Match.based
b9c40	20 6f 6e 20 69 6e 62 6f 75 6e 64 2f 6f 75 74 62 6f 75 6e 64 20 69 6e 74 65 72 66 61 63 65 2e 20	.on.inbound/outbound.interface..
b9c60	57 69 6c 63 61 72 64 20 60 60 2a 60 60 20 63 61 6e 20 62 65 20 75 73 65 64 2e 20 46 6f 72 20 65	Wilcard.``*``.can.be.used..For.e
b9c80	78 61 6d 70 6c 65 3a 20 60 60 65 74 68 32 2a 60 60 00 4d 61 74 63 68 20 62 61 73 65 64 20 6f 6e	xample:.``eth2*``.Match.based.on
b9ca0	20 69 70 73 65 63 20 63 72 69 74 65 72 69 61 2e 00 4d 61 74 63 68 20 62 61 73 65 64 20 6f 6e 20	.ipsec.criteria..Match.based.on.
b9cc0	6f 75 74 62 6f 75 6e 64 20 69 6e 74 65 72 66 61 63 65 2e 20 57 69 6c 63 61 72 64 20 60 60 2a 60	outbound.interface..Wilcard.``*`
b9ce0	60 20 63 61 6e 20 62 65 20 75 73 65 64 2e 20 46 6f 72 20 65 78 61 6d 70 6c 65 3a 20 60 60 65 74	`.can.be.used..For.example:.``et
b9d00	68 32 2a 60 60 00 4d 61 74 63 68 20 62 61 73 65 64 20 6f 6e 20 70 61 63 6b 65 74 20 6c 65 6e 67	h2*``.Match.based.on.packet.leng
b9d20	74 68 20 63 72 69 74 65 72 69 61 2e 20 4d 75 6c 74 69 70 6c 65 20 76 61 6c 75 65 73 20 66 72 6f	th.criteria..Multiple.values.fro
b9d40	6d 20 31 20 74 6f 20 36 35 35 33 35 20 61 6e 64 20 72 61 6e 67 65 73 20 61 72 65 20 73 75 70 70	m.1.to.65535.and.ranges.are.supp
b9d60	6f 72 74 65 64 2e 00 4d 61 74 63 68 20 62 61 73 65 64 20 6f 6e 20 70 61 63 6b 65 74 20 74 79 70	orted..Match.based.on.packet.typ
b9d80	65 20 63 72 69 74 65 72 69 61 2e 00 4d 61 74 63 68 20 62 61 73 65 64 20 6f 6e 20 74 68 65 20 6d	e.criteria..Match.based.on.the.m
b9da0	61 78 69 6d 75 6d 20 61 76 65 72 61 67 65 20 72 61 74 65 2c 20 73 70 65 63 69 66 69 65 64 20 61	aximum.average.rate,.specified.a
b9dc0	73 20 2a 2a 69 6e 74 65 67 65 72 2f 75 6e 69 74 2a 2a 2e 20 46 6f 72 20 65 78 61 6d 70 6c 65 20	s.**integer/unit**..For.example.
b9de0	2a 2a 35 2f 6d 69 6e 75 74 65 73 2a 2a 00 4d 61 74 63 68 20 62 61 73 65 64 20 6f 6e 20 74 68 65	**5/minutes**.Match.based.on.the
b9e00	20 6d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 70 61 63 6b 65 74 73 20 74 6f 20 61 6c	.maximum.number.of.packets.to.al
b9e20	6c 6f 77 20 69 6e 20 65 78 63 65 73 73 20 6f 66 20 72 61 74 65 2e 00 4d 61 74 63 68 20 62 61 73	low.in.excess.of.rate..Match.bas
b9e40	65 73 20 6f 6e 20 72 65 63 65 6e 74 6c 79 20 73 65 65 6e 20 73 6f 75 72 63 65 73 2e 00 4d 61 74	es.on.recently.seen.sources..Mat
b9e60	63 68 20 63 72 69 74 65 72 69 61 20 62 61 73 65 64 20 6f 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 20	ch.criteria.based.on.connection.
b9e80	6d 61 72 6b 2e 00 4d 61 74 63 68 20 63 72 69 74 65 72 69 61 20 62 61 73 65 64 20 6f 6e 20 6e 61	mark..Match.criteria.based.on.na
b9ea0	74 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 73 74 61 74 75 73 2e 00 4d 61 74 63 68 20 63 72 69 74 65	t.connection.status..Match.crite
b9ec0	72 69 61 20 62 61 73 65 64 20 6f 6e 20 73 6f 75 72 63 65 20 61 6e 64 2f 6f 72 20 64 65 73 74 69	ria.based.on.source.and/or.desti
b9ee0	6e 61 74 69 6f 6e 20 61 64 64 72 65 73 73 2e 20 54 68 69 73 20 69 73 20 73 69 6d 69 6c 61 72 20	nation.address..This.is.similar.
b9f00	74 6f 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 67 72 6f 75 70 73 20 70 61 72 74 2c 20 62 75 74 20	to.the.network.groups.part,.but.
b9f20	68 65 72 65 20 79 6f 75 20 61 72 65 20 61 62 6c 65 20 74 6f 20 6e 65 67 61 74 65 20 74 68 65 20	here.you.are.able.to.negate.the.
b9f40	6d 61 74 63 68 69 6e 67 20 61 64 64 72 65 73 73 65 73 2e 00 4d 61 74 63 68 20 64 6f 6d 61 69 6e	matching.addresses..Match.domain
b9f60	20 6e 61 6d 65 00 4d 61 74 63 68 20 68 6f 70 2d 6c 69 6d 69 74 20 70 61 72 61 6d 65 74 65 72 2c	.name.Match.hop-limit.parameter,
b9f80	20 77 68 65 72 65 20 27 65 71 27 20 73 74 61 6e 64 73 20 66 6f 72 20 27 65 71 75 61 6c 27 3b 20	.where.'eq'.stands.for.'equal';.
b9fa0	27 67 74 27 20 73 74 61 6e 64 73 20 66 6f 72 20 27 67 72 65 61 74 65 72 20 74 68 61 6e 27 2c 20	'gt'.stands.for.'greater.than',.
b9fc0	61 6e 64 20 27 6c 74 27 20 73 74 61 6e 64 73 20 66 6f 72 20 27 6c 65 73 73 20 74 68 61 6e 27 2e	and.'lt'.stands.for.'less.than'.
b9fe0	00 4d 61 74 63 68 20 6c 6f 63 61 6c 20 70 72 65 66 65 72 65 6e 63 65 2e 00 4d 61 74 63 68 20 72	.Match.local.preference..Match.r
ba000	6f 75 74 65 20 6d 65 74 72 69 63 2e 00 4d 61 74 63 68 20 74 69 6d 65 20 74 6f 20 6c 69 76 65 20	oute.metric..Match.time.to.live.
ba020	70 61 72 61 6d 65 74 65 72 2c 20 77 68 65 72 65 20 27 65 71 27 20 73 74 61 6e 64 73 20 66 6f 72	parameter,.where.'eq'.stands.for
ba040	20 27 65 71 75 61 6c 27 3b 20 27 67 74 27 20 73 74 61 6e 64 73 20 66 6f 72 20 27 67 72 65 61 74	.'equal';.'gt'.stands.for.'great
ba060	65 72 20 74 68 61 6e 27 2c 20 61 6e 64 20 27 6c 74 27 20 73 74 61 6e 64 73 20 66 6f 72 20 27 6c	er.than',.and.'lt'.stands.for.'l
ba080	65 73 73 20 74 68 61 6e 27 2e 00 4d 61 74 63 68 20 77 68 65 6e 20 27 63 6f 75 6e 74 27 20 61 6d	ess.than'..Match.when.'count'.am
ba0a0	6f 75 6e 74 20 6f 66 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 61 72 65 20 73 65 65 6e 20 77 69 74	ount.of.connections.are.seen.wit
ba0c0	68 69 6e 20 27 74 69 6d 65 27 2e 20 54 68 65 73 65 20 6d 61 74 63 68 69 6e 67 20 63 72 69 74 65	hin.'time'..These.matching.crite
ba0e0	72 69 61 20 63 61 6e 20 62 65 20 75 73 65 64 20 74 6f 20 62 6c 6f 63 6b 20 62 72 75 74 65 2d 66	ria.can.be.used.to.block.brute-f
ba100	6f 72 63 65 20 61 74 74 65 6d 70 74 73 2e 00 4d 61 74 63 68 69 6e 67 20 63 72 69 74 65 72 69 61	orce.attempts..Matching.criteria
ba120	00 4d 61 74 63 68 69 6e 67 20 74 72 61 66 66 69 63 00 4d 61 78 69 6d 75 6d 20 41 2d 4d 53 44 55	.Matching.traffic.Maximum.A-MSDU
ba140	20 6c 65 6e 67 74 68 20 33 38 33 39 20 28 64 65 66 61 75 6c 74 29 20 6f 72 20 37 39 33 35 20 6f	.length.3839.(default).or.7935.o
ba160	63 74 65 74 73 00 4d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 44 4e 53 20 63 61 63 68	ctets.Maximum.number.of.DNS.cach
ba180	65 20 65 6e 74 72 69 65 73 2e 20 31 20 6d 69 6c 6c 69 6f 6e 20 70 65 72 20 43 50 55 20 63 6f 72	e.entries..1.million.per.CPU.cor
ba1a0	65 20 77 69 6c 6c 20 67 65 6e 65 72 61 6c 6c 79 20 73 75 66 66 69 63 65 20 66 6f 72 20 6d 6f 73	e.will.generally.suffice.for.mos
ba1c0	74 20 69 6e 73 74 61 6c 6c 61 74 69 6f 6e 73 2e 00 4d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20	t.installations..Maximum.number.
ba1e0	6f 66 20 49 50 76 34 20 6e 61 6d 65 73 65 72 76 65 72 73 00 4d 61 78 69 6d 75 6d 20 6e 75 6d 62	of.IPv4.nameservers.Maximum.numb
ba200	65 72 20 6f 66 20 61 75 74 68 65 6e 74 69 63 61 74 6f 72 20 70 72 6f 63 65 73 73 65 73 20 74 6f	er.of.authenticator.processes.to
ba220	20 73 70 61 77 6e 2e 20 49 66 20 79 6f 75 20 73 74 61 72 74 20 74 6f 6f 20 66 65 77 20 53 71 75	.spawn..If.you.start.too.few.Squ
ba240	69 64 20 77 69 6c 6c 20 68 61 76 65 20 74 6f 20 77 61 69 74 20 66 6f 72 20 74 68 65 6d 20 74 6f	id.will.have.to.wait.for.them.to
ba260	20 70 72 6f 63 65 73 73 20 61 20 62 61 63 6b 6c 6f 67 20 6f 66 20 63 72 65 64 65 6e 74 69 61 6c	.process.a.backlog.of.credential
ba280	20 76 65 72 69 66 69 63 61 74 69 6f 6e 73 2c 20 73 6c 6f 77 69 6e 67 20 69 74 20 64 6f 77 6e 2e	.verifications,.slowing.it.down.
ba2a0	20 57 68 65 6e 20 70 61 73 73 77 6f 72 64 20 76 65 72 69 66 69 63 61 74 69 6f 6e 73 20 61 72 65	.When.password.verifications.are
ba2c0	20 64 6f 6e 65 20 76 69 61 20 61 20 28 73 6c 6f 77 29 20 6e 65 74 77 6f 72 6b 20 79 6f 75 20 61	.done.via.a.(slow).network.you.a
ba2e0	72 65 20 6c 69 6b 65 6c 79 20 74 6f 20 6e 65 65 64 20 6c 6f 74 73 20 6f 66 20 61 75 74 68 65 6e	re.likely.to.need.lots.of.authen
ba300	74 69 63 61 74 6f 72 20 70 72 6f 63 65 73 73 65 73 2e 00 4d 61 78 69 6d 75 6d 20 6e 75 6d 62 65	ticator.processes..Maximum.numbe
ba320	72 20 6f 66 20 73 74 61 74 69 6f 6e 73 20 61 6c 6c 6f 77 65 64 20 69 6e 20 73 74 61 74 69 6f 6e	r.of.stations.allowed.in.station
ba340	20 74 61 62 6c 65 2e 20 4e 65 77 20 73 74 61 74 69 6f 6e 73 20 77 69 6c 6c 20 62 65 20 72 65 6a	.table..New.stations.will.be.rej
ba360	65 63 74 65 64 20 61 66 74 65 72 20 74 68 65 20 73 74 61 74 69 6f 6e 20 74 61 62 6c 65 20 69 73	ected.after.the.station.table.is
ba380	20 66 75 6c 6c 2e 20 49 45 45 45 20 38 30 32 2e 31 31 20 68 61 73 20 61 20 6c 69 6d 69 74 20 6f	.full..IEEE.802.11.has.a.limit.o
ba3a0	66 20 32 30 30 37 20 64 69 66 66 65 72 65 6e 74 20 61 73 73 6f 63 69 61 74 69 6f 6e 20 49 44 73	f.2007.different.association.IDs
ba3c0	2c 20 73 6f 20 74 68 69 73 20 6e 75 6d 62 65 72 20 73 68 6f 75 6c 64 20 6e 6f 74 20 62 65 20 6c	,.so.this.number.should.not.be.l
ba3e0	61 72 67 65 72 20 74 68 61 6e 20 74 68 61 74 2e 00 4d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20	arger.than.that..Maximum.number.
ba400	6f 66 20 74 72 69 65 73 20 74 6f 20 73 65 6e 64 20 41 63 63 65 73 73 2d 52 65 71 75 65 73 74 2f	of.tries.to.send.Access-Request/
ba420	41 63 63 6f 75 6e 74 69 6e 67 2d 52 65 71 75 65 73 74 20 71 75 65 72 69 65 73 00 4d 65 64 69 75	Accounting-Request.queries.Mediu
ba440	6d 00 4d 65 6d 62 65 72 20 49 6e 74 65 72 66 61 63 65 73 00 4d 65 6d 62 65 72 20 69 6e 74 65 72	m.Member.Interfaces.Member.inter
ba460	66 61 63 65 73 20 60 65 74 68 31 60 20 61 6e 64 20 56 4c 41 4e 20 31 30 20 6f 6e 20 69 6e 74 65	faces.`eth1`.and.VLAN.10.on.inte
ba480	72 66 61 63 65 20 60 65 74 68 32 60 00 4d 65 73 73 61 67 65 73 20 67 65 6e 65 72 61 74 65 64 20	rface.`eth2`.Messages.generated.
ba4a0	69 6e 74 65 72 6e 61 6c 6c 79 20 62 79 20 73 79 73 6c 6f 67 64 00 4d 65 74 72 69 73 20 76 65 72	internally.by.syslogd.Metris.ver
ba4c0	73 69 6f 6e 2c 20 74 68 65 20 64 65 66 61 75 6c 74 20 69 73 20 60 60 32 60 60 00 4d 69 6e 20 61	sion,.the.default.is.``2``.Min.a
ba4e0	6e 64 20 6d 61 78 20 69 6e 74 65 72 76 61 6c 73 20 62 65 74 77 65 65 6e 20 75 6e 73 6f 6c 69 63	nd.max.intervals.between.unsolic
ba500	69 74 65 64 20 6d 75 6c 74 69 63 61 73 74 20 52 41 73 00 4d 6f 6e 69 74 6f 72 2c 20 74 68 65 20	ited.multicast.RAs.Monitor,.the.
ba520	73 79 73 74 65 6d 20 70 61 73 73 69 76 65 6c 79 20 6d 6f 6e 69 74 6f 72 73 20 61 6e 79 20 6b 69	system.passively.monitors.any.ki
ba540	6e 64 20 6f 66 20 77 69 72 65 6c 65 73 73 20 74 72 61 66 66 69 63 00 4d 6f 6e 69 74 6f 72 69 6e	nd.of.wireless.traffic.Monitorin
ba560	67 00 4d 6f 6e 69 74 6f 72 69 6e 67 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79 20 77 69 74 68 20	g.Monitoring.functionality.with.
ba580	60 60 74 65 6c 65 67 72 61 66 60 60 20 61 6e 64 20 60 60 49 6e 66 6c 75 78 44 42 20 32 60 60 20	``telegraf``.and.``InfluxDB.2``.
ba5a0	69 73 20 70 72 6f 76 69 64 65 64 2e 20 54 65 6c 65 67 72 61 66 20 69 73 20 74 68 65 20 6f 70 65	is.provided..Telegraf.is.the.ope
ba5c0	6e 20 73 6f 75 72 63 65 20 73 65 72 76 65 72 20 61 67 65 6e 74 20 74 6f 20 68 65 6c 70 20 79 6f	n.source.server.agent.to.help.yo
ba5e0	75 20 63 6f 6c 6c 65 63 74 20 6d 65 74 72 69 63 73 2c 20 65 76 65 6e 74 73 20 61 6e 64 20 6c 6f	u.collect.metrics,.events.and.lo
ba600	67 73 20 66 72 6f 6d 20 79 6f 75 72 20 72 6f 75 74 65 72 73 2e 00 4d 6f 72 65 20 64 65 74 61 69	gs.from.your.routers..More.detai
ba620	6c 73 20 61 62 6f 75 74 20 74 68 65 20 49 50 73 65 63 20 61 6e 64 20 56 54 49 20 69 73 73 75 65	ls.about.the.IPsec.and.VTI.issue
ba640	20 61 6e 64 20 6f 70 74 69 6f 6e 20 64 69 73 61 62 6c 65 2d 72 6f 75 74 65 2d 61 75 74 6f 69 6e	.and.option.disable-route-autoin
ba660	73 74 61 6c 6c 20 68 74 74 70 73 3a 2f 2f 62 6c 6f 67 2e 76 79 6f 73 2e 69 6f 2f 76 79 6f 73 2d	stall.https://blog.vyos.io/vyos-
ba680	31 2d 64 6f 74 2d 32 2d 30 2d 64 65 76 65 6c 6f 70 6d 65 6e 74 2d 6e 65 77 73 2d 69 6e 2d 6a 75	1-dot-2-0-development-news-in-ju
ba6a0	6c 79 00 4d 6f 75 6e 74 20 61 20 76 6f 6c 75 6d 65 20 69 6e 74 6f 20 74 68 65 20 63 6f 6e 74 61	ly.Mount.a.volume.into.the.conta
ba6c0	69 6e 65 72 00 4d 75 6c 74 69 00 4d 75 6c 74 69 2d 63 6c 69 65 6e 74 20 73 65 72 76 65 72 20 69	iner.Multi.Multi-client.server.i
ba6e0	73 20 74 68 65 20 6d 6f 73 74 20 70 6f 70 75 6c 61 72 20 4f 70 65 6e 56 50 4e 20 6d 6f 64 65 20	s.the.most.popular.OpenVPN.mode.
ba700	6f 6e 20 72 6f 75 74 65 72 73 2e 20 49 74 20 61 6c 77 61 79 73 20 75 73 65 73 20 78 2e 35 30 39	on.routers..It.always.uses.x.509
ba720	20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 61 6e 64 20 74 68 65 72 65 66 6f 72 65 20 72 65	.authentication.and.therefore.re
ba740	71 75 69 72 65 73 20 61 20 50 4b 49 20 73 65 74 75 70 2e 20 52 65 66 65 72 20 74 68 69 73 20 74	quires.a.PKI.setup..Refer.this.t
ba760	6f 70 69 63 20 3a 72 65 66 3a 60 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2f 70 6b 69 2f 69 6e 64	opic.:ref:`configuration/pki/ind
ba780	65 78 3a 70 6b 69 60 20 74 6f 20 67 65 6e 65 72 61 74 65 20 61 20 43 41 20 63 65 72 74 69 66 69	ex:pki`.to.generate.a.CA.certifi
ba7a0	63 61 74 65 2c 20 61 20 73 65 72 76 65 72 20 63 65 72 74 69 66 69 63 61 74 65 20 61 6e 64 20 6b	cate,.a.server.certificate.and.k
ba7c0	65 79 2c 20 61 20 63 65 72 74 69 66 69 63 61 74 65 20 72 65 76 6f 63 61 74 69 6f 6e 20 6c 69 73	ey,.a.certificate.revocation.lis
ba7e0	74 2c 20 61 20 44 69 66 66 69 65 2d 48 65 6c 6c 6d 61 6e 20 6b 65 79 20 65 78 63 68 61 6e 67 65	t,.a.Diffie-Hellman.key.exchange
ba800	20 70 61 72 61 6d 65 74 65 72 73 20 66 69 6c 65 2e 20 59 6f 75 20 64 6f 20 6e 6f 74 20 6e 65 65	.parameters.file..You.do.not.nee
ba820	64 20 63 6c 69 65 6e 74 20 63 65 72 74 69 66 69 63 61 74 65 73 20 61 6e 64 20 6b 65 79 73 20 66	d.client.certificates.and.keys.f
ba840	6f 72 20 74 68 65 20 73 65 72 76 65 72 20 73 65 74 75 70 2e 00 4d 75 6c 74 69 2d 68 6f 6d 65 64	or.the.server.setup..Multi-homed
ba860	2e 20 49 6e 20 61 20 6d 75 6c 74 69 2d 68 6f 6d 65 64 20 6e 65 74 77 6f 72 6b 20 65 6e 76 69 72	..In.a.multi-homed.network.envir
ba880	6f 6e 6d 65 6e 74 2c 20 74 68 65 20 4e 41 54 36 36 20 64 65 76 69 63 65 20 63 6f 6e 6e 65 63 74	onment,.the.NAT66.device.connect
ba8a0	73 20 74 6f 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 6e 65 74 77 6f 72 6b 20 61 6e 64 20 73 69 6d	s.to.an.internal.network.and.sim
ba8c0	75 6c 74 61 6e 65 6f 75 73 6c 79 20 63 6f 6e 6e 65 63 74 73 20 74 6f 20 64 69 66 66 65 72 65 6e	ultaneously.connects.to.differen
ba8e0	74 20 65 78 74 65 72 6e 61 6c 20 6e 65 74 77 6f 72 6b 73 2e 20 41 64 64 72 65 73 73 20 74 72 61	t.external.networks..Address.tra
ba900	6e 73 6c 61 74 69 6f 6e 20 63 61 6e 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 6f 6e 20 65 61	nslation.can.be.configured.on.ea
ba920	63 68 20 65 78 74 65 72 6e 61 6c 20 6e 65 74 77 6f 72 6b 20 73 69 64 65 20 69 6e 74 65 72 66 61	ch.external.network.side.interfa
ba940	63 65 20 6f 66 20 74 68 65 20 4e 41 54 36 36 20 64 65 76 69 63 65 20 74 6f 20 63 6f 6e 76 65 72	ce.of.the.NAT66.device.to.conver
ba960	74 20 74 68 65 20 73 61 6d 65 20 69 6e 74 65 72 6e 61 6c 20 6e 65 74 77 6f 72 6b 20 61 64 64 72	t.the.same.internal.network.addr
ba980	65 73 73 20 69 6e 74 6f 20 64 69 66 66 65 72 65 6e 74 20 65 78 74 65 72 6e 61 6c 20 6e 65 74 77	ess.into.different.external.netw
ba9a0	6f 72 6b 20 61 64 64 72 65 73 73 65 73 2c 20 61 6e 64 20 72 65 61 6c 69 7a 65 20 74 68 65 20 6d	ork.addresses,.and.realize.the.m
ba9c0	61 70 70 69 6e 67 20 6f 66 20 74 68 65 20 73 61 6d 65 20 69 6e 74 65 72 6e 61 6c 20 61 64 64 72	apping.of.the.same.internal.addr
ba9e0	65 73 73 20 74 6f 20 6d 75 6c 74 69 70 6c 65 20 65 78 74 65 72 6e 61 6c 20 61 64 64 72 65 73 73	ess.to.multiple.external.address
baa00	65 73 2e 00 4d 75 6c 74 69 3a 20 63 61 6e 20 62 65 20 73 70 65 63 69 66 69 65 64 20 6d 75 6c 74	es..Multi:.can.be.specified.mult
baa20	69 70 6c 65 20 74 69 6d 65 73 2e 00 4d 75 6c 74 69 63 61 73 74 00 4d 75 6c 74 69 63 61 73 74 20	iple.times..Multicast.Multicast.
baa40	44 4e 53 20 75 73 65 73 20 74 68 65 20 32 32 34 2e 30 2e 30 2e 32 35 31 20 61 64 64 72 65 73 73	DNS.uses.the.224.0.0.251.address
baa60	2c 20 77 68 69 63 68 20 69 73 20 22 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 6c 79 20 73 63 6f	,.which.is."administratively.sco
baa80	70 65 64 22 20 61 6e 64 20 64 6f 65 73 20 6e 6f 74 20 6c 65 61 76 65 20 74 68 65 20 73 75 62 6e	ped".and.does.not.leave.the.subn
baaa0	65 74 2e 20 49 74 20 72 65 74 72 61 6e 73 6d 69 74 73 20 6d 44 4e 53 20 70 61 63 6b 65 74 73 20	et..It.retransmits.mDNS.packets.
baac0	66 72 6f 6d 20 6f 6e 65 20 69 6e 74 65 72 66 61 63 65 20 74 6f 20 6f 74 68 65 72 20 69 6e 74 65	from.one.interface.to.other.inte
baae0	72 66 61 63 65 73 2e 20 54 68 69 73 20 65 6e 61 62 6c 65 73 20 73 75 70 70 6f 72 74 20 66 6f 72	rfaces..This.enables.support.for
bab00	20 65 2e 67 2e 20 41 70 70 6c 65 20 41 69 72 70 6c 61 79 20 64 65 76 69 63 65 73 20 61 63 72 6f	.e.g..Apple.Airplay.devices.acro
bab20	73 73 20 6d 75 6c 74 69 70 6c 65 20 56 4c 41 4e 73 2e 00 4d 75 6c 74 69 63 61 73 74 20 56 58 4c	ss.multiple.VLANs..Multicast.VXL
bab40	41 4e 00 4d 75 6c 74 69 63 61 73 74 20 67 72 6f 75 70 20 61 64 64 72 65 73 73 20 66 6f 72 20 56	AN.Multicast.group.address.for.V
bab60	58 4c 41 4e 20 69 6e 74 65 72 66 61 63 65 2e 20 56 58 4c 41 4e 20 74 75 6e 6e 65 6c 73 20 63 61	XLAN.interface..VXLAN.tunnels.ca
bab80	6e 20 62 65 20 62 75 69 6c 74 20 65 69 74 68 65 72 20 76 69 61 20 4d 75 6c 74 69 63 61 73 74 20	n.be.built.either.via.Multicast.
baba0	6f 72 20 76 69 61 20 55 6e 69 63 61 73 74 2e 00 4d 75 6c 74 69 63 61 73 74 20 67 72 6f 75 70 20	or.via.Unicast..Multicast.group.
babc0	74 6f 20 75 73 65 20 66 6f 72 20 73 79 6e 63 69 6e 67 20 63 6f 6e 6e 74 72 61 63 6b 20 65 6e 74	to.use.for.syncing.conntrack.ent
babe0	72 69 65 73 2e 00 4d 75 6c 74 69 63 61 73 74 20 72 65 63 65 69 76 65 72 73 20 77 69 6c 6c 20 74	ries..Multicast.receivers.will.t
bac00	61 6c 6b 20 49 47 4d 50 20 74 6f 20 74 68 65 69 72 20 6c 6f 63 61 6c 20 72 6f 75 74 65 72 2c 20	alk.IGMP.to.their.local.router,.
bac20	73 6f 2c 20 62 65 73 69 64 65 73 20 68 61 76 69 6e 67 20 50 49 4d 20 63 6f 6e 66 69 67 75 72 65	so,.besides.having.PIM.configure
bac40	64 20 69 6e 20 65 76 65 72 79 20 72 6f 75 74 65 72 2c 20 49 47 4d 50 20 6d 75 73 74 20 61 6c 73	d.in.every.router,.IGMP.must.als
bac60	6f 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 69 6e 20 61 6e 79 20 72 6f 75 74 65 72 20 77 68	o.be.configured.in.any.router.wh
bac80	65 72 65 20 74 68 65 72 65 20 63 6f 75 6c 64 20 62 65 20 61 20 6d 75 6c 74 69 63 61 73 74 20 72	ere.there.could.be.a.multicast.r
baca0	65 63 65 69 76 65 72 20 6c 6f 63 61 6c 6c 79 20 63 6f 6e 6e 65 63 74 65 64 2e 00 4d 75 6c 74 69	eceiver.locally.connected..Multi
bacc0	63 61 73 74 20 72 65 63 65 69 76 65 72 73 20 77 69 6c 6c 20 74 61 6c 6b 20 4d 4c 44 20 74 6f 20	cast.receivers.will.talk.MLD.to.
bace0	74 68 65 69 72 20 6c 6f 63 61 6c 20 72 6f 75 74 65 72 2c 20 73 6f 2c 20 62 65 73 69 64 65 73 20	their.local.router,.so,.besides.
bad00	68 61 76 69 6e 67 20 50 49 4d 76 36 20 63 6f 6e 66 69 67 75 72 65 64 20 69 6e 20 65 76 65 72 79	having.PIMv6.configured.in.every
bad20	20 72 6f 75 74 65 72 2c 20 4d 4c 44 20 6d 75 73 74 20 61 6c 73 6f 20 62 65 20 63 6f 6e 66 69 67	.router,.MLD.must.also.be.config
bad40	75 72 65 64 20 69 6e 20 61 6e 79 20 72 6f 75 74 65 72 20 77 68 65 72 65 20 74 68 65 72 65 20 63	ured.in.any.router.where.there.c
bad60	6f 75 6c 64 20 62 65 20 61 20 6d 75 6c 74 69 63 61 73 74 20 72 65 63 65 69 76 65 72 20 6c 6f 63	ould.be.a.multicast.receiver.loc
bad80	61 6c 6c 79 20 63 6f 6e 6e 65 63 74 65 64 2e 00 4d 75 6c 74 69 63 61 73 74 2d 72 6f 75 74 69 6e	ally.connected..Multicast-routin
bada0	67 20 69 73 20 72 65 71 75 69 72 65 64 20 66 6f 72 20 74 68 65 20 6c 65 61 76 65 73 20 74 6f 20	g.is.required.for.the.leaves.to.
badc0	66 6f 72 77 61 72 64 20 74 72 61 66 66 69 63 20 62 65 74 77 65 65 6e 20 65 61 63 68 20 6f 74 68	forward.traffic.between.each.oth
bade0	65 72 20 69 6e 20 61 20 6d 6f 72 65 20 73 63 61 6c 61 62 6c 65 20 77 61 79 2e 20 54 68 69 73 20	er.in.a.more.scalable.way..This.
bae00	61 6c 73 6f 20 72 65 71 75 69 72 65 73 20 50 49 4d 20 74 6f 20 62 65 20 65 6e 61 62 6c 65 64 20	also.requires.PIM.to.be.enabled.
bae20	74 6f 77 61 72 64 73 20 74 68 65 20 6c 65 61 76 65 73 20 73 6f 20 74 68 61 74 20 74 68 65 20 53	towards.the.leaves.so.that.the.S
bae40	70 69 6e 65 20 63 61 6e 20 6c 65 61 72 6e 20 77 68 61 74 20 6d 75 6c 74 69 63 61 73 74 20 67 72	pine.can.learn.what.multicast.gr
bae60	6f 75 70 73 20 65 61 63 68 20 4c 65 61 66 20 65 78 70 65 63 74 73 20 74 72 61 66 66 69 63 20 66	oups.each.Leaf.expects.traffic.f
bae80	72 6f 6d 2e 00 4d 75 6c 74 69 70 6c 65 20 44 4e 53 20 73 65 72 76 65 72 73 20 63 61 6e 20 62 65	rom..Multiple.DNS.servers.can.be
baea0	20 64 65 66 69 6e 65 64 2e 00 4d 75 6c 74 69 70 6c 65 20 52 50 4b 49 20 63 61 63 68 69 6e 67 20	.defined..Multiple.RPKI.caching.
baec0	69 6e 73 74 61 6e 63 65 73 20 63 61 6e 20 62 65 20 73 75 70 70 6c 69 65 64 20 61 6e 64 20 74 68	instances.can.be.supplied.and.th
baee0	65 79 20 6e 65 65 64 20 61 20 70 72 65 66 65 72 65 6e 63 65 20 69 6e 20 77 68 69 63 68 20 74 68	ey.need.a.preference.in.which.th
baf00	65 69 72 20 72 65 73 75 6c 74 20 73 65 74 73 20 61 72 65 20 75 73 65 64 2e 00 4d 75 6c 74 69 70	eir.result.sets.are.used..Multip
baf20	6c 65 20 55 70 6c 69 6e 6b 73 00 4d 75 6c 74 69 70 6c 65 20 56 4c 41 4e 20 74 6f 20 56 4e 49 20	le.Uplinks.Multiple.VLAN.to.VNI.
baf40	6d 61 70 70 69 6e 67 73 20 63 61 6e 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 61 67 61 69 6e	mappings.can.be.configured.again
baf60	73 74 20 74 68 65 20 73 61 6d 65 20 53 56 44 2e 20 54 68 69 73 20 61 6c 6c 6f 77 73 20 66 6f 72	st.the.same.SVD..This.allows.for
baf80	20 61 20 73 69 67 6e 69 66 69 63 61 6e 74 20 73 63 61 6c 69 6e 67 20 6f 66 20 74 68 65 20 6e 75	.a.significant.scaling.of.the.nu
bafa0	6d 62 65 72 20 6f 66 20 56 4e 49 73 20 73 69 6e 63 65 20 61 20 73 65 70 61 72 61 74 65 20 56 58	mber.of.VNIs.since.a.separate.VX
bafc0	4c 41 4e 20 69 6e 74 65 72 66 61 63 65 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 72 65 71 75 69	LAN.interface.is.no.longer.requi
bafe0	72 65 64 20 66 6f 72 20 65 61 63 68 20 56 4e 49 2e 00 4d 75 6c 74 69 70 6c 65 20 61 6c 69 61 73	red.for.each.VNI..Multiple.alias
bb000	65 73 20 63 61 6e 20 70 65 20 73 70 65 63 69 66 69 65 64 20 70 65 72 20 68 6f 73 74 2d 6e 61 6d	es.can.pe.specified.per.host-nam
bb020	65 2e 00 4d 75 6c 74 69 70 6c 65 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 70 6f 72 74 73 20 63 61	e..Multiple.destination.ports.ca
bb040	6e 20 62 65 20 73 70 65 63 69 66 69 65 64 20 61 73 20 61 20 63 6f 6d 6d 61 2d 73 65 70 61 72 61	n.be.specified.as.a.comma-separa
bb060	74 65 64 20 6c 69 73 74 2e 20 54 68 65 20 77 68 6f 6c 65 20 6c 69 73 74 20 63 61 6e 20 61 6c 73	ted.list..The.whole.list.can.als
bb080	6f 20 62 65 20 22 6e 65 67 61 74 65 64 22 20 75 73 69 6e 67 20 27 21 27 2e 20 46 6f 72 20 65 78	o.be."negated".using.'!'..For.ex
bb0a0	61 6d 70 6c 65 3a 20 27 21 32 32 2c 74 65 6c 6e 65 74 2c 68 74 74 70 2c 31 32 33 2c 31 30 30 31	ample:.'!22,telnet,http,123,1001
bb0c0	2d 31 30 30 35 27 00 4d 75 6c 74 69 70 6c 65 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 70 6f 72 74	-1005'.Multiple.destination.port
bb0e0	73 20 63 61 6e 20 62 65 20 73 70 65 63 69 66 69 65 64 20 61 73 20 61 20 63 6f 6d 6d 61 2d 73 65	s.can.be.specified.as.a.comma-se
bb100	70 61 72 61 74 65 64 20 6c 69 73 74 2e 20 54 68 65 20 77 68 6f 6c 65 20 6c 69 73 74 20 63 61 6e	parated.list..The.whole.list.can
bb120	20 61 6c 73 6f 20 62 65 20 22 6e 65 67 61 74 65 64 22 20 75 73 69 6e 67 20 27 21 27 2e 20 46 6f	.also.be."negated".using.'!'..Fo
bb140	72 20 65 78 61 6d 70 6c 65 3a 20 60 21 32 32 2c 74 65 6c 6e 65 74 2c 68 74 74 70 2c 31 32 33 2c	r.example:.`!22,telnet,http,123,
bb160	31 30 30 31 2d 31 30 30 35 60 60 00 4d 75 6c 74 69 70 6c 65 20 69 6e 74 65 72 66 61 63 65 73 20	1001-1005``.Multiple.interfaces.
bb180	6d 61 79 20 62 65 20 73 70 65 63 69 66 69 65 64 2e 00 4d 75 6c 74 69 70 6c 65 20 6e 65 74 77 6f	may.be.specified..Multiple.netwo
bb1a0	72 6b 73 2f 63 6c 69 65 6e 74 20 49 50 20 61 64 64 72 65 73 73 65 73 20 63 61 6e 20 62 65 20 63	rks/client.IP.addresses.can.be.c
bb1c0	6f 6e 66 69 67 75 72 65 64 2e 00 4d 75 6c 74 69 70 6c 65 20 73 65 72 76 65 72 73 20 63 61 6e 20	onfigured..Multiple.servers.can.
bb1e0	62 65 20 73 70 65 63 69 66 69 65 64 2e 00 4d 75 6c 74 69 70 6c 65 20 73 65 72 76 69 63 65 73 20	be.specified..Multiple.services.
bb200	63 61 6e 20 62 65 20 75 73 65 64 20 70 65 72 20 69 6e 74 65 72 66 61 63 65 2e 20 4a 75 73 74 20	can.be.used.per.interface..Just.
bb220	73 70 65 63 69 66 79 20 61 73 20 6d 61 6e 79 20 73 65 72 76 69 63 65 73 20 70 65 72 20 69 6e 74	specify.as.many.services.per.int
bb240	65 72 66 61 63 65 20 61 73 20 79 6f 75 20 6c 69 6b 65 21 00 4d 75 6c 74 69 70 6c 65 20 73 6f 75	erface.as.you.like!.Multiple.sou
bb260	72 63 65 20 70 6f 72 74 73 20 63 61 6e 20 62 65 20 73 70 65 63 69 66 69 65 64 20 61 73 20 61 20	rce.ports.can.be.specified.as.a.
bb280	63 6f 6d 6d 61 2d 73 65 70 61 72 61 74 65 64 20 6c 69 73 74 2e 20 54 68 65 20 77 68 6f 6c 65 20	comma-separated.list..The.whole.
bb2a0	6c 69 73 74 20 63 61 6e 20 61 6c 73 6f 20 62 65 20 22 6e 65 67 61 74 65 64 22 20 75 73 69 6e 67	list.can.also.be."negated".using
bb2c0	20 60 60 21 60 60 2e 20 46 6f 72 20 65 78 61 6d 70 6c 65 3a 00 4d 75 6c 74 69 70 6c 65 20 74 61	.``!``..For.example:.Multiple.ta
bb2e0	72 67 65 74 20 49 50 20 61 64 64 72 65 73 73 65 73 20 63 61 6e 20 62 65 20 73 70 65 63 69 66 69	rget.IP.addresses.can.be.specifi
bb300	65 64 2e 20 41 74 20 6c 65 61 73 74 20 6f 6e 65 20 49 50 20 61 64 64 72 65 73 73 20 6d 75 73 74	ed..At.least.one.IP.address.must
bb320	20 62 65 20 67 69 76 65 6e 20 66 6f 72 20 41 52 50 20 6d 6f 6e 69 74 6f 72 69 6e 67 20 74 6f 20	.be.given.for.ARP.monitoring.to.
bb340	66 75 6e 63 74 69 6f 6e 2e 00 4d 75 6c 74 69 70 6c 65 20 75 73 65 72 73 20 63 61 6e 20 63 6f 6e	function..Multiple.users.can.con
bb360	6e 65 63 74 20 74 6f 20 74 68 65 20 73 61 6d 65 20 73 65 72 69 61 6c 20 64 65 76 69 63 65 20 62	nect.to.the.same.serial.device.b
bb380	75 74 20 6f 6e 6c 79 20 6f 6e 65 20 69 73 20 61 6c 6c 6f 77 65 64 20 74 6f 20 77 72 69 74 65 20	ut.only.one.is.allowed.to.write.
bb3a0	74 6f 20 74 68 65 20 63 6f 6e 73 6f 6c 65 20 70 6f 72 74 2e 00 4d 75 6c 74 69 70 72 6f 74 6f 63	to.the.console.port..Multiprotoc
bb3c0	6f 6c 20 65 78 74 65 6e 73 69 6f 6e 73 20 65 6e 61 62 6c 65 20 42 47 50 20 74 6f 20 63 61 72 72	ol.extensions.enable.BGP.to.carr
bb3e0	79 20 72 6f 75 74 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 66 6f 72 20 6d 75 6c 74 69 70	y.routing.information.for.multip
bb400	6c 65 20 6e 65 74 77 6f 72 6b 20 6c 61 79 65 72 20 70 72 6f 74 6f 63 6f 6c 73 2e 20 42 47 50 20	le.network.layer.protocols..BGP.
bb420	73 75 70 70 6f 72 74 73 20 61 6e 20 41 64 64 72 65 73 73 20 46 61 6d 69 6c 79 20 49 64 65 6e 74	supports.an.Address.Family.Ident
bb440	69 66 69 65 72 20 28 41 46 49 29 20 66 6f 72 20 49 50 76 34 20 61 6e 64 20 49 50 76 36 2e 00 4e	ifier.(AFI).for.IPv4.and.IPv6..N
bb460	00 4e 41 54 00 4e 41 54 20 28 73 70 65 63 69 66 69 63 61 6c 6c 79 2c 20 53 6f 75 72 63 65 20 4e	.NAT.NAT.(specifically,.Source.N
bb480	41 54 29 3b 00 4e 41 54 20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 00 4e 41 54 20 4c 6f 61 64 20	AT);.NAT.Configuration.NAT.Load.
bb4a0	42 61 6c 61 6e 63 65 00 4e 41 54 20 4c 6f 61 64 20 42 61 6c 61 6e 63 65 20 75 73 65 73 20 61 6e	Balance.NAT.Load.Balance.uses.an
bb4c0	20 61 6c 67 6f 72 69 74 68 6d 20 74 68 61 74 20 67 65 6e 65 72 61 74 65 73 20 61 20 68 61 73 68	.algorithm.that.generates.a.hash
bb4e0	20 61 6e 64 20 62 61 73 65 64 20 6f 6e 20 69 74 2c 20 74 68 65 6e 20 69 74 20 61 70 70 6c 69 65	.and.based.on.it,.then.it.applie
bb500	73 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 72 61 6e 73 6c 61 74 69 6f 6e 2e 20 54 68 69	s.corresponding.translation..Thi
bb520	73 20 68 61 73 68 20 63 61 6e 20 62 65 20 67 65 6e 65 72 61 74 65 64 20 72 61 6e 64 6f 6d 6c 79	s.hash.can.be.generated.randomly
bb540	2c 20 6f 72 20 63 61 6e 20 75 73 65 20 64 61 74 61 20 66 72 6f 6d 20 74 68 65 20 69 70 20 68 65	,.or.can.use.data.from.the.ip.he
bb560	61 64 65 72 3a 20 73 6f 75 72 63 65 2d 61 64 64 72 65 73 73 2c 20 64 65 73 74 69 6e 61 74 69 6f	ader:.source-address,.destinatio
bb580	6e 2d 61 64 64 72 65 73 73 2c 20 73 6f 75 72 63 65 2d 70 6f 72 74 20 61 6e 64 2f 6f 72 20 64 65	n-address,.source-port.and/or.de
bb5a0	73 74 69 6e 61 74 69 6f 6e 2d 70 6f 72 74 2e 20 42 79 20 64 65 66 61 75 6c 74 2c 20 69 74 20 77	stination-port..By.default,.it.w
bb5c0	69 6c 6c 20 67 65 6e 65 72 61 74 65 20 74 68 65 20 68 61 73 68 20 72 61 6e 64 6f 6d 6c 79 2e 00	ill.generate.the.hash.randomly..
bb5e0	4e 41 54 20 52 75 6c 65 73 65 74 00 4e 41 54 20 62 65 66 6f 72 65 20 56 50 4e 00 4e 41 54 20 62	NAT.Ruleset.NAT.before.VPN.NAT.b
bb600	65 66 6f 72 65 20 56 50 4e 20 54 6f 70 6f 6c 6f 67 79 00 4e 41 54 2c 20 52 6f 75 74 69 6e 67 2c	efore.VPN.Topology.NAT,.Routing,
bb620	20 46 69 72 65 77 61 6c 6c 20 49 6e 74 65 72 61 63 74 69 6f 6e 00 4e 41 54 34 34 00 4e 41 54 36	.Firewall.Interaction.NAT44.NAT6
bb640	36 28 4e 50 54 76 36 29 00 4e 48 52 50 20 70 72 6f 76 69 64 65 73 20 74 68 65 20 64 79 6e 61 6d	6(NPTv6).NHRP.provides.the.dynam
bb660	69 63 20 74 75 6e 6e 65 6c 20 65 6e 64 70 6f 69 6e 74 20 64 69 73 63 6f 76 65 72 79 20 6d 65 63	ic.tunnel.endpoint.discovery.mec
bb680	68 61 6e 69 73 6d 20 28 65 6e 64 70 6f 69 6e 74 20 72 65 67 69 73 74 72 61 74 69 6f 6e 2c 20 61	hanism.(endpoint.registration,.a
bb6a0	6e 64 20 65 6e 64 70 6f 69 6e 74 20 64 69 73 63 6f 76 65 72 79 2f 6c 6f 6f 6b 75 70 29 2c 20 6d	nd.endpoint.discovery/lookup),.m
bb6c0	47 52 45 20 70 72 6f 76 69 64 65 73 20 74 68 65 20 74 75 6e 6e 65 6c 20 65 6e 63 61 70 73 75 6c	GRE.provides.the.tunnel.encapsul
bb6e0	61 74 69 6f 6e 20 69 74 73 65 6c 66 2c 20 61 6e 64 20 74 68 65 20 49 50 53 65 63 20 70 72 6f 74	ation.itself,.and.the.IPSec.prot
bb700	6f 63 6f 6c 73 20 68 61 6e 64 6c 65 20 74 68 65 20 6b 65 79 20 65 78 63 68 61 6e 67 65 2c 20 61	ocols.handle.the.key.exchange,.a
bb720	6e 64 20 63 72 79 70 74 6f 20 6d 65 63 68 61 6e 69 73 6d 2e 00 4e 54 50 00 4e 54 50 20 69 73 20	nd.crypto.mechanism..NTP.NTP.is.
bb740	69 6e 74 65 6e 64 65 64 20 74 6f 20 73 79 6e 63 68 72 6f 6e 69 7a 65 20 61 6c 6c 20 70 61 72 74	intended.to.synchronize.all.part
bb760	69 63 69 70 61 74 69 6e 67 20 63 6f 6d 70 75 74 65 72 73 20 74 6f 20 77 69 74 68 69 6e 20 61 20	icipating.computers.to.within.a.
bb780	66 65 77 20 6d 69 6c 6c 69 73 65 63 6f 6e 64 73 20 6f 66 20 3a 61 62 62 72 3a 60 55 54 43 20 28	few.milliseconds.of.:abbr:`UTC.(
bb7a0	43 6f 6f 72 64 69 6e 61 74 65 64 20 55 6e 69 76 65 72 73 61 6c 20 54 69 6d 65 29 60 2e 20 49 74	Coordinated.Universal.Time)`..It
bb7c0	20 75 73 65 73 20 74 68 65 20 69 6e 74 65 72 73 65 63 74 69 6f 6e 20 61 6c 67 6f 72 69 74 68 6d	.uses.the.intersection.algorithm
bb7e0	2c 20 61 20 6d 6f 64 69 66 69 65 64 20 76 65 72 73 69 6f 6e 20 6f 66 20 4d 61 72 7a 75 6c 6c 6f	,.a.modified.version.of.Marzullo
bb800	27 73 20 61 6c 67 6f 72 69 74 68 6d 2c 20 74 6f 20 73 65 6c 65 63 74 20 61 63 63 75 72 61 74 65	's.algorithm,.to.select.accurate
bb820	20 74 69 6d 65 20 73 65 72 76 65 72 73 20 61 6e 64 20 69 73 20 64 65 73 69 67 6e 65 64 20 74 6f	.time.servers.and.is.designed.to
bb840	20 6d 69 74 69 67 61 74 65 20 74 68 65 20 65 66 66 65 63 74 73 20 6f 66 20 76 61 72 69 61 62 6c	.mitigate.the.effects.of.variabl
bb860	65 20 6e 65 74 77 6f 72 6b 20 6c 61 74 65 6e 63 79 2e 20 4e 54 50 20 63 61 6e 20 75 73 75 61 6c	e.network.latency..NTP.can.usual
bb880	6c 79 20 6d 61 69 6e 74 61 69 6e 20 74 69 6d 65 20 74 6f 20 77 69 74 68 69 6e 20 74 65 6e 73 20	ly.maintain.time.to.within.tens.
bb8a0	6f 66 20 6d 69 6c 6c 69 73 65 63 6f 6e 64 73 20 6f 76 65 72 20 74 68 65 20 70 75 62 6c 69 63 20	of.milliseconds.over.the.public.
bb8c0	49 6e 74 65 72 6e 65 74 2c 20 61 6e 64 20 63 61 6e 20 61 63 68 69 65 76 65 20 62 65 74 74 65 72	Internet,.and.can.achieve.better
bb8e0	20 74 68 61 6e 20 6f 6e 65 20 6d 69 6c 6c 69 73 65 63 6f 6e 64 20 61 63 63 75 72 61 63 79 20 69	.than.one.millisecond.accuracy.i
bb900	6e 20 6c 6f 63 61 6c 20 61 72 65 61 20 6e 65 74 77 6f 72 6b 73 20 75 6e 64 65 72 20 69 64 65 61	n.local.area.networks.under.idea
bb920	6c 20 63 6f 6e 64 69 74 69 6f 6e 73 2e 20 41 73 79 6d 6d 65 74 72 69 63 20 72 6f 75 74 65 73 20	l.conditions..Asymmetric.routes.
bb940	61 6e 64 20 6e 65 74 77 6f 72 6b 20 63 6f 6e 67 65 73 74 69 6f 6e 20 63 61 6e 20 63 61 75 73 65	and.network.congestion.can.cause
bb960	20 65 72 72 6f 72 73 20 6f 66 20 31 30 30 20 6d 73 20 6f 72 20 6d 6f 72 65 2e 00 4e 54 50 20 70	.errors.of.100.ms.or.more..NTP.p
bb980	72 6f 63 65 73 73 20 77 69 6c 6c 20 6f 6e 6c 79 20 6c 69 73 74 65 6e 20 6f 6e 20 74 68 65 20 73	rocess.will.only.listen.on.the.s
bb9a0	70 65 63 69 66 69 65 64 20 49 50 20 61 64 64 72 65 73 73 2e 20 59 6f 75 20 6d 75 73 74 20 73 70	pecified.IP.address..You.must.sp
bb9c0	65 63 69 66 79 20 74 68 65 20 60 3c 61 64 64 72 65 73 73 3e 60 20 61 6e 64 20 6f 70 74 69 6f 6e	ecify.the.`<address>`.and.option
bb9e0	61 6c 6c 79 20 74 68 65 20 70 65 72 6d 69 74 74 65 64 20 63 6c 69 65 6e 74 73 2e 20 4d 75 6c 74	ally.the.permitted.clients..Mult
bba00	69 70 6c 65 20 6c 69 73 74 65 6e 20 61 64 64 72 65 73 73 65 73 20 63 61 6e 20 62 65 20 63 6f 6e	iple.listen.addresses.can.be.con
bba20	66 69 67 75 72 65 64 2e 00 4e 54 50 20 73 75 62 73 79 73 74 65 6d 00 4e 54 50 20 73 75 70 70 6c	figured..NTP.subsystem.NTP.suppl
bba40	69 65 73 20 61 20 77 61 72 6e 69 6e 67 20 6f 66 20 61 6e 79 20 69 6d 70 65 6e 64 69 6e 67 20 6c	ies.a.warning.of.any.impending.l
bba60	65 61 70 20 73 65 63 6f 6e 64 20 61 64 6a 75 73 74 6d 65 6e 74 2c 20 62 75 74 20 6e 6f 20 69 6e	eap.second.adjustment,.but.no.in
bba80	66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 6c 6f 63 61 6c 20 74 69 6d 65 20 7a 6f 6e 65 73	formation.about.local.time.zones
bbaa0	20 6f 72 20 64 61 79 6c 69 67 68 74 20 73 61 76 69 6e 67 20 74 69 6d 65 20 69 73 20 74 72 61 6e	.or.daylight.saving.time.is.tran
bbac0	73 6d 69 74 74 65 64 2e 00 4e 61 6d 65 20 53 65 72 76 65 72 00 4e 61 6d 65 20 6f 66 20 73 74 61	smitted..Name.Server.Name.of.sta
bbae0	74 69 63 20 6d 61 70 70 69 6e 67 00 4e 61 6d 65 20 6f 66 20 74 68 65 20 73 69 6e 67 6c 65 20 74	tic.mapping.Name.of.the.single.t
bbb00	61 62 6c 65 20 4f 6e 6c 79 20 69 66 20 73 65 74 20 67 72 6f 75 70 2d 6d 65 74 72 69 63 73 20 73	able.Only.if.set.group-metrics.s
bbb20	69 6e 67 6c 65 2d 74 61 62 6c 65 2e 00 4e 61 6d 65 20 6f 72 20 49 50 76 34 20 61 64 64 72 65 73	ingle-table..Name.or.IPv4.addres
bbb40	73 20 6f 66 20 54 46 54 50 20 73 65 72 76 65 72 00 4e 65 74 42 49 4f 53 20 6f 76 65 72 20 54 43	s.of.TFTP.server.NetBIOS.over.TC
bbb60	50 2f 49 50 20 6e 61 6d 65 20 73 65 72 76 65 72 00 4e 65 74 46 6c 6f 77 00 4e 65 74 46 6c 6f 77	P/IP.name.server.NetFlow.NetFlow
bbb80	20 2f 20 49 50 46 49 58 00 4e 65 74 46 6c 6f 77 20 65 6e 67 69 6e 65 2d 69 64 20 77 68 69 63 68	./.IPFIX.NetFlow.engine-id.which
bbba0	20 77 69 6c 6c 20 61 70 70 65 61 72 20 69 6e 20 4e 65 74 46 6c 6f 77 20 64 61 74 61 2e 20 54 68	.will.appear.in.NetFlow.data..Th
bbbc0	65 20 72 61 6e 67 65 20 69 73 20 30 20 74 6f 20 32 35 35 2e 00 4e 65 74 46 6c 6f 77 20 69 73 20	e.range.is.0.to.255..NetFlow.is.
bbbe0	61 20 66 65 61 74 75 72 65 20 74 68 61 74 20 77 61 73 20 69 6e 74 72 6f 64 75 63 65 64 20 6f 6e	a.feature.that.was.introduced.on
bbc00	20 43 69 73 63 6f 20 72 6f 75 74 65 72 73 20 61 72 6f 75 6e 64 20 31 39 39 36 20 74 68 61 74 20	.Cisco.routers.around.1996.that.
bbc20	70 72 6f 76 69 64 65 73 20 74 68 65 20 61 62 69 6c 69 74 79 20 74 6f 20 63 6f 6c 6c 65 63 74 20	provides.the.ability.to.collect.
bbc40	49 50 20 6e 65 74 77 6f 72 6b 20 74 72 61 66 66 69 63 20 61 73 20 69 74 20 65 6e 74 65 72 73 20	IP.network.traffic.as.it.enters.
bbc60	6f 72 20 65 78 69 74 73 20 61 6e 20 69 6e 74 65 72 66 61 63 65 2e 20 42 79 20 61 6e 61 6c 79 7a	or.exits.an.interface..By.analyz
bbc80	69 6e 67 20 74 68 65 20 64 61 74 61 20 70 72 6f 76 69 64 65 64 20 62 79 20 4e 65 74 46 6c 6f 77	ing.the.data.provided.by.NetFlow
bbca0	2c 20 61 20 6e 65 74 77 6f 72 6b 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 63 61 6e 20 64 65	,.a.network.administrator.can.de
bbcc0	74 65 72 6d 69 6e 65 20 74 68 69 6e 67 73 20 73 75 63 68 20 61 73 20 74 68 65 20 73 6f 75 72 63	termine.things.such.as.the.sourc
bbce0	65 20 61 6e 64 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 6f 66 20 74 72 61 66 66 69 63 2c 20 63 6c	e.and.destination.of.traffic,.cl
bbd00	61 73 73 20 6f 66 20 73 65 72 76 69 63 65 2c 20 61 6e 64 20 74 68 65 20 63 61 75 73 65 73 20 6f	ass.of.service,.and.the.causes.o
bbd20	66 20 63 6f 6e 67 65 73 74 69 6f 6e 2e 20 41 20 74 79 70 69 63 61 6c 20 66 6c 6f 77 20 6d 6f 6e	f.congestion..A.typical.flow.mon
bbd40	69 74 6f 72 69 6e 67 20 73 65 74 75 70 20 28 75 73 69 6e 67 20 4e 65 74 46 6c 6f 77 29 20 63 6f	itoring.setup.(using.NetFlow).co
bbd60	6e 73 69 73 74 73 20 6f 66 20 74 68 72 65 65 20 6d 61 69 6e 20 63 6f 6d 70 6f 6e 65 6e 74 73 3a	nsists.of.three.main.components:
bbd80	00 4e 65 74 46 6c 6f 77 20 69 73 20 75 73 75 61 6c 6c 79 20 65 6e 61 62 6c 65 64 20 6f 6e 20 61	.NetFlow.is.usually.enabled.on.a
bbda0	20 70 65 72 2d 69 6e 74 65 72 66 61 63 65 20 62 61 73 69 73 20 74 6f 20 6c 69 6d 69 74 20 6c 6f	.per-interface.basis.to.limit.lo
bbdc0	61 64 20 6f 6e 20 74 68 65 20 72 6f 75 74 65 72 20 63 6f 6d 70 6f 6e 65 6e 74 73 20 69 6e 76 6f	ad.on.the.router.components.invo
bbde0	6c 76 65 64 20 69 6e 20 4e 65 74 46 6c 6f 77 2c 20 6f 72 20 74 6f 20 6c 69 6d 69 74 20 74 68 65	lved.in.NetFlow,.or.to.limit.the
bbe00	20 61 6d 6f 75 6e 74 20 6f 66 20 4e 65 74 46 6c 6f 77 20 72 65 63 6f 72 64 73 20 65 78 70 6f 72	.amount.of.NetFlow.records.expor
bbe20	74 65 64 2e 00 4e 65 74 46 6c 6f 77 20 76 35 20 65 78 61 6d 70 6c 65 3a 00 4e 65 74 6d 61 73 6b	ted..NetFlow.v5.example:.Netmask
bbe40	20 67 72 65 61 74 65 72 20 74 68 61 6e 20 6c 65 6e 67 74 68 2e 00 4e 65 74 6d 61 73 6b 20 6c 65	.greater.than.length..Netmask.le
bbe60	73 73 20 74 68 61 6e 20 6c 65 6e 67 74 68 00 4e 65 74 77 6f 72 6b 20 41 64 76 65 72 74 69 73 65	ss.than.length.Network.Advertise
bbe80	6d 65 6e 74 20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 00 4e 65 74 77 6f 72 6b 20 43 6f 6e 74 72	ment.Configuration.Network.Contr
bbea0	6f 6c 00 4e 65 74 77 6f 72 6b 20 45 6d 75 6c 61 74 6f 72 00 4e 65 74 77 6f 72 6b 20 47 72 6f 75	ol.Network.Emulator.Network.Grou
bbec0	70 73 00 4e 65 74 77 6f 72 6b 20 49 44 20 28 53 53 49 44 29 20 60 60 45 6e 74 65 72 70 72 69 73	ps.Network.ID.(SSID).``Enterpris
bbee0	65 2d 54 45 53 54 60 60 00 4e 65 74 77 6f 72 6b 20 49 44 20 28 53 53 49 44 29 20 60 60 54 45 53	e-TEST``.Network.ID.(SSID).``TES
bbf00	54 60 60 00 4e 65 74 77 6f 72 6b 20 54 6f 70 6f 6c 6f 67 79 20 44 69 61 67 72 61 6d 00 4e 65 74	T``.Network.Topology.Diagram.Net
bbf20	77 6f 72 6b 20 6d 61 6e 61 67 65 6d 65 6e 74 20 73 74 61 74 69 6f 6e 20 28 4e 4d 53 29 20 2d 20	work.management.station.(NMS).-.
bbf40	73 6f 66 74 77 61 72 65 20 77 68 69 63 68 20 72 75 6e 73 20 6f 6e 20 74 68 65 20 6d 61 6e 61 67	software.which.runs.on.the.manag
bbf60	65 72 00 4e 65 74 77 6f 72 6b 20 6e 65 77 73 20 73 75 62 73 79 73 74 65 6d 00 4e 65 74 77 6f 72	er.Network.news.subsystem.Networ
bbf80	6b 73 20 61 6c 6c 6f 77 65 64 20 74 6f 20 71 75 65 72 79 20 74 68 69 73 20 73 65 72 76 65 72 00	ks.allowed.to.query.this.server.
bbfa0	4e 65 77 20 75 73 65 72 20 77 69 6c 6c 20 75 73 65 20 53 48 41 2f 41 45 53 20 66 6f 72 20 61 75	New.user.will.use.SHA/AES.for.au
bbfc0	74 68 65 6e 74 69 63 61 74 69 6f 6e 20 61 6e 64 20 70 72 69 76 61 63 79 00 4e 65 78 74 20 69 74	thentication.and.privacy.Next.it
bbfe0	20 69 73 20 6e 65 63 65 73 73 61 72 79 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 32 46 41 20 66	.is.necessary.to.configure.2FA.f
bc000	6f 72 20 4f 70 65 6e 43 6f 6e 6e 65 63 74 3a 00 4e 65 78 74 2d 68 6f 70 20 69 6e 74 65 72 66 61	or.OpenConnect:.Next-hop.interfa
bc020	63 65 20 66 6f 72 20 74 68 65 20 72 6f 75 74 65 00 4e 65 78 74 68 6f 70 20 49 50 20 61 64 64 72	ce.for.the.route.Nexthop.IP.addr
bc040	65 73 73 2e 00 4e 65 78 74 68 6f 70 20 49 50 76 36 20 61 64 64 72 65 73 73 20 74 6f 20 6d 61 74	ess..Nexthop.IPv6.address.to.mat
bc060	63 68 2e 00 4e 65 78 74 68 6f 70 20 49 50 76 36 20 61 64 64 72 65 73 73 2e 00 4e 6f 20 52 4f 41	ch..Nexthop.IPv6.address..No.ROA
bc080	20 65 78 69 73 74 73 20 77 68 69 63 68 20 63 6f 76 65 72 73 20 74 68 61 74 20 70 72 65 66 69 78	.exists.which.covers.that.prefix
bc0a0	2e 20 55 6e 66 6f 72 74 75 6e 61 74 65 6c 79 20 74 68 69 73 20 69 73 20 74 68 65 20 63 61 73 65	..Unfortunately.this.is.the.case
bc0c0	20 66 6f 72 20 61 62 6f 75 74 20 38 30 25 20 6f 66 20 74 68 65 20 49 50 76 34 20 70 72 65 66 69	.for.about.80%.of.the.IPv4.prefi
bc0e0	78 65 73 20 77 68 69 63 68 20 77 65 72 65 20 61 6e 6e 6f 75 6e 63 65 64 20 74 6f 20 74 68 65 20	xes.which.were.announced.to.the.
bc100	3a 61 62 62 72 3a 60 44 46 5a 20 28 64 65 66 61 75 6c 74 2d 66 72 65 65 20 7a 6f 6e 65 29 60 20	:abbr:`DFZ.(default-free.zone)`.
bc120	61 74 20 74 68 65 20 73 74 61 72 74 20 6f 66 20 32 30 32 30 00 4e 6f 20 56 4c 41 4e 20 74 61 67	at.the.start.of.2020.No.VLAN.tag
bc140	67 69 6e 67 20 72 65 71 75 69 72 65 64 20 62 79 20 79 6f 75 72 20 49 53 50 2e 00 4e 6f 20 72 6f	ging.required.by.your.ISP..No.ro
bc160	75 74 65 20 69 73 20 73 75 70 70 72 65 73 73 65 64 20 69 6e 64 65 66 69 6e 69 74 65 6c 79 2e 20	ute.is.suppressed.indefinitely..
bc180	4d 61 78 69 6d 75 6d 2d 73 75 70 70 72 65 73 73 2d 74 69 6d 65 20 64 65 66 69 6e 65 73 20 74 68	Maximum-suppress-time.defines.th
bc1a0	65 20 6d 61 78 69 6d 75 6d 20 74 69 6d 65 20 61 20 72 6f 75 74 65 20 63 61 6e 20 62 65 20 73 75	e.maximum.time.a.route.can.be.su
bc1c0	70 70 72 65 73 73 65 64 20 62 65 66 6f 72 65 20 69 74 20 69 73 20 72 65 2d 61 64 76 65 72 74 69	ppressed.before.it.is.re-adverti
bc1e0	73 65 64 2e 00 4e 6f 20 73 75 70 70 6f 72 74 20 66 6f 72 20 53 52 4c 42 00 4e 6f 20 73 75 70 70	sed..No.support.for.SRLB.No.supp
bc200	6f 72 74 20 66 6f 72 20 62 69 6e 64 69 6e 67 20 53 49 44 00 4e 6f 20 73 75 70 70 6f 72 74 20 66	ort.for.binding.SID.No.support.f
bc220	6f 72 20 6c 65 76 65 6c 20 72 65 64 69 73 74 72 69 62 75 74 69 6f 6e 20 28 4c 31 20 74 6f 20 4c	or.level.redistribution.(L1.to.L
bc240	32 20 6f 72 20 4c 32 20 74 6f 20 4c 31 29 00 4e 6f 6e 2d 74 72 61 6e 73 70 61 72 65 6e 74 20 70	2.or.L2.to.L1).Non-transparent.p
bc260	72 6f 78 79 69 6e 67 20 72 65 71 75 69 72 65 73 20 74 68 61 74 20 74 68 65 20 63 6c 69 65 6e 74	roxying.requires.that.the.client
bc280	20 62 72 6f 77 73 65 72 73 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 77 69 74 68 20 74 68 65	.browsers.be.configured.with.the
bc2a0	20 70 72 6f 78 79 20 73 65 74 74 69 6e 67 73 20 62 65 66 6f 72 65 20 72 65 71 75 65 73 74 73 20	.proxy.settings.before.requests.
bc2c0	61 72 65 20 72 65 64 69 72 65 63 74 65 64 2e 20 54 68 65 20 61 64 76 61 6e 74 61 67 65 20 6f 66	are.redirected..The.advantage.of
bc2e0	20 74 68 69 73 20 69 73 20 74 68 61 74 20 74 68 65 20 63 6c 69 65 6e 74 20 77 65 62 20 62 72 6f	.this.is.that.the.client.web.bro
bc300	77 73 65 72 20 63 61 6e 20 64 65 74 65 63 74 20 74 68 61 74 20 61 20 70 72 6f 78 79 20 69 73 20	wser.can.detect.that.a.proxy.is.
bc320	69 6e 20 75 73 65 20 61 6e 64 20 63 61 6e 20 62 65 68 61 76 65 20 61 63 63 6f 72 64 69 6e 67 6c	in.use.and.can.behave.accordingl
bc340	79 2e 20 49 6e 20 61 64 64 69 74 69 6f 6e 2c 20 77 65 62 2d 74 72 61 6e 73 6d 69 74 74 65 64 20	y..In.addition,.web-transmitted.
bc360	6d 61 6c 77 61 72 65 20 63 61 6e 20 73 6f 6d 65 74 69 6d 65 73 20 62 65 20 62 6c 6f 63 6b 65 64	malware.can.sometimes.be.blocked
bc380	20 62 79 20 61 20 6e 6f 6e 2d 74 72 61 6e 73 70 61 72 65 6e 74 20 77 65 62 20 70 72 6f 78 79 2c	.by.a.non-transparent.web.proxy,
bc3a0	20 73 69 6e 63 65 20 74 68 65 79 20 61 72 65 20 6e 6f 74 20 61 77 61 72 65 20 6f 66 20 74 68 65	.since.they.are.not.aware.of.the
bc3c0	20 70 72 6f 78 79 20 73 65 74 74 69 6e 67 73 2e 00 4e 6f 6e 65 20 6f 66 20 74 68 65 20 6f 70 65	.proxy.settings..None.of.the.ope
bc3e0	72 61 74 69 6e 67 20 73 79 73 74 65 6d 73 20 68 61 76 65 20 63 6c 69 65 6e 74 20 73 6f 66 74 77	rating.systems.have.client.softw
bc400	61 72 65 20 69 6e 73 74 61 6c 6c 65 64 20 62 79 20 64 65 66 61 75 6c 74 00 4e 6f 72 6d 61 6c 20	are.installed.by.default.Normal.
bc420	62 75 74 20 73 69 67 6e 69 66 69 63 61 6e 74 20 63 6f 6e 64 69 74 69 6f 6e 73 20 2d 20 63 6f 6e	but.significant.conditions.-.con
bc440	64 69 74 69 6f 6e 73 20 74 68 61 74 20 61 72 65 20 6e 6f 74 20 65 72 72 6f 72 20 63 6f 6e 64 69	ditions.that.are.not.error.condi
bc460	74 69 6f 6e 73 2c 20 62 75 74 20 74 68 61 74 20 6d 61 79 20 72 65 71 75 69 72 65 20 73 70 65 63	tions,.but.that.may.require.spec
bc480	69 61 6c 20 68 61 6e 64 6c 69 6e 67 2e 00 4e 6f 74 20 61 6c 6c 20 74 72 61 6e 73 6d 69 74 20 70	ial.handling..Not.all.transmit.p
bc4a0	6f 6c 69 63 69 65 73 20 6d 61 79 20 62 65 20 38 30 32 2e 33 61 64 20 63 6f 6d 70 6c 69 61 6e 74	olicies.may.be.802.3ad.compliant
bc4c0	2c 20 70 61 72 74 69 63 75 6c 61 72 6c 79 20 69 6e 20 72 65 67 61 72 64 73 20 74 6f 20 74 68 65	,.particularly.in.regards.to.the
bc4e0	20 70 61 63 6b 65 74 20 6d 69 73 6f 72 64 65 72 69 6e 67 20 72 65 71 75 69 72 65 6d 65 6e 74 73	.packet.misordering.requirements
bc500	20 6f 66 20 73 65 63 74 69 6f 6e 20 34 33 2e 32 2e 34 20 6f 66 20 74 68 65 20 38 30 32 2e 33 61	.of.section.43.2.4.of.the.802.3a
bc520	64 20 73 74 61 6e 64 61 72 64 2e 00 4e 6f 74 65 20 74 68 61 74 20 64 65 6c 65 74 69 6e 67 20 74	d.standard..Note.that.deleting.t
bc540	68 65 20 6c 6f 67 20 66 69 6c 65 20 64 6f 65 73 20 6e 6f 74 20 73 74 6f 70 20 74 68 65 20 73 79	he.log.file.does.not.stop.the.sy
bc560	73 74 65 6d 20 66 72 6f 6d 20 6c 6f 67 67 69 6e 67 20 65 76 65 6e 74 73 2e 20 49 66 20 79 6f 75	stem.from.logging.events..If.you
bc580	20 75 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 77 68 69 6c 65 20 74 68 65 20 73 79 73 74	.use.this.command.while.the.syst
bc5a0	65 6d 20 69 73 20 6c 6f 67 67 69 6e 67 20 65 76 65 6e 74 73 2c 20 6f 6c 64 20 6c 6f 67 20 65 76	em.is.logging.events,.old.log.ev
bc5c0	65 6e 74 73 20 77 69 6c 6c 20 62 65 20 64 65 6c 65 74 65 64 2c 20 62 75 74 20 65 76 65 6e 74 73	ents.will.be.deleted,.but.events
bc5e0	20 61 66 74 65 72 20 74 68 65 20 64 65 6c 65 74 65 20 6f 70 65 72 61 74 69 6f 6e 20 77 69 6c 6c	.after.the.delete.operation.will
bc600	20 62 65 20 72 65 63 6f 72 64 65 64 20 69 6e 20 74 68 65 20 6e 65 77 20 66 69 6c 65 2e 20 54 6f	.be.recorded.in.the.new.file..To
bc620	20 64 65 6c 65 74 65 20 74 68 65 20 66 69 6c 65 20 61 6c 74 6f 67 65 74 68 65 72 2c 20 66 69 72	.delete.the.file.altogether,.fir
bc640	73 74 20 64 65 6c 65 74 65 20 6c 6f 67 67 69 6e 67 20 74 6f 20 74 68 65 20 66 69 6c 65 20 75 73	st.delete.logging.to.the.file.us
bc660	69 6e 67 20 73 79 73 74 65 6d 20 73 79 73 6c 6f 67 20 3a 72 65 66 3a 60 63 75 73 74 6f 6d 2d 66	ing.system.syslog.:ref:`custom-f
bc680	69 6c 65 60 20 63 6f 6d 6d 61 6e 64 2c 20 61 6e 64 20 74 68 65 6e 20 64 65 6c 65 74 65 20 74 68	ile`.command,.and.then.delete.th
bc6a0	65 20 66 69 6c 65 2e 00 4e 6f 74 65 20 74 68 65 20 63 6f 6d 6d 61 6e 64 20 77 69 74 68 20 74 68	e.file..Note.the.command.with.th
bc6c0	65 20 70 75 62 6c 69 63 20 6b 65 79 20 28 73 65 74 20 70 6b 69 20 6b 65 79 2d 70 61 69 72 20 69	e.public.key.(set.pki.key-pair.i
bc6e0	70 73 65 63 2d 52 49 47 48 54 20 70 75 62 6c 69 63 20 6b 65 79 20 27 46 41 41 4f 43 41 51 38 41	psec-RIGHT.public.key.'FAAOCAQ8A
bc700	4d 49 49 2e 2e 2e 27 29 2e 00 4e 6f 74 69 63 65 00 4e 6f 77 20 63 6f 6e 66 69 67 75 72 65 20 63	MII...')..Notice.Now.configure.c
bc720	6f 6e 6e 74 72 61 63 6b 2d 73 79 6e 63 20 73 65 72 76 69 63 65 20 6f 6e 20 60 60 72 6f 75 74 65	onntrack-sync.service.on.``route
bc740	72 31 60 60 20 2a 2a 61 6e 64 2a 2a 20 60 60 72 6f 75 74 65 72 32 60 60 00 4e 6f 77 20 74 68 65	r1``.**and**.``router2``.Now.the
bc760	20 6e 6f 74 65 64 20 70 75 62 6c 69 63 20 6b 65 79 73 20 73 68 6f 75 6c 64 20 62 65 20 65 6e 74	.noted.public.keys.should.be.ent
bc780	65 72 65 64 20 6f 6e 20 74 68 65 20 6f 70 70 6f 73 69 74 65 20 72 6f 75 74 65 72 73 2e 00 4e 6f	ered.on.the.opposite.routers..No
bc7a0	77 20 77 65 20 61 64 64 20 74 68 65 20 6f 70 74 69 6f 6e 20 74 6f 20 74 68 65 20 73 63 6f 70 65	w.we.add.the.option.to.the.scope
bc7c0	2c 20 61 64 61 70 74 20 74 6f 20 79 6f 75 72 20 73 65 74 75 70 00 4e 6f 77 20 77 65 20 6e 65 65	,.adapt.to.your.setup.Now.we.nee
bc7e0	64 20 74 6f 20 73 70 65 63 69 66 79 20 74 68 65 20 73 65 72 76 65 72 20 6e 65 74 77 6f 72 6b 20	d.to.specify.the.server.network.
bc800	73 65 74 74 69 6e 67 73 2e 20 49 6e 20 61 6c 6c 20 63 61 73 65 73 20 77 65 20 6e 65 65 64 20 74	settings..In.all.cases.we.need.t
bc820	6f 20 73 70 65 63 69 66 79 20 74 68 65 20 73 75 62 6e 65 74 20 66 6f 72 20 63 6c 69 65 6e 74 20	o.specify.the.subnet.for.client.
bc840	74 75 6e 6e 65 6c 20 65 6e 64 70 6f 69 6e 74 73 2e 20 53 69 6e 63 65 20 77 65 20 77 61 6e 74 20	tunnel.endpoints..Since.we.want.
bc860	63 6c 69 65 6e 74 73 20 74 6f 20 61 63 63 65 73 73 20 61 20 73 70 65 63 69 66 69 63 20 6e 65 74	clients.to.access.a.specific.net
bc880	77 6f 72 6b 20 62 65 68 69 6e 64 20 6f 75 72 20 72 6f 75 74 65 72 2c 20 77 65 20 77 69 6c 6c 20	work.behind.our.router,.we.will.
bc8a0	75 73 65 20 61 20 70 75 73 68 2d 72 6f 75 74 65 20 6f 70 74 69 6f 6e 20 66 6f 72 20 69 6e 73 74	use.a.push-route.option.for.inst
bc8c0	61 6c 6c 69 6e 67 20 74 68 61 74 20 72 6f 75 74 65 20 6f 6e 20 63 6c 69 65 6e 74 73 2e 00 4e 6f	alling.that.route.on.clients..No
bc8e0	77 20 77 68 65 6e 20 63 6f 6e 6e 65 63 74 69 6e 67 20 74 68 65 20 75 73 65 72 20 77 69 6c 6c 20	w.when.connecting.the.user.will.
bc900	66 69 72 73 74 20 62 65 20 61 73 6b 65 64 20 66 6f 72 20 74 68 65 20 70 61 73 73 77 6f 72 64 20	first.be.asked.for.the.password.
bc920	61 6e 64 20 74 68 65 6e 20 74 68 65 20 4f 54 50 20 6b 65 79 2e 00 4e 6f 77 20 79 6f 75 20 61 72	and.then.the.OTP.key..Now.you.ar
bc940	65 20 72 65 61 64 79 20 74 6f 20 73 65 74 75 70 20 49 50 73 65 63 2e 20 54 68 65 20 6b 65 79 20	e.ready.to.setup.IPsec..The.key.
bc960	70 6f 69 6e 74 73 3a 00 4e 6f 77 20 79 6f 75 20 61 72 65 20 72 65 61 64 79 20 74 6f 20 73 65 74	points:.Now.you.are.ready.to.set
bc980	75 70 20 49 50 73 65 63 2e 20 59 6f 75 27 6c 6c 20 6e 65 65 64 20 74 6f 20 75 73 65 20 61 6e 20	up.IPsec..You'll.need.to.use.an.
bc9a0	49 44 20 69 6e 73 74 65 61 64 20 6f 66 20 61 64 64 72 65 73 73 20 66 6f 72 20 74 68 65 20 70 65	ID.instead.of.address.for.the.pe
bc9c0	65 72 2e 00 4e 75 6d 62 65 72 20 6f 66 20 61 6e 74 65 6e 6e 61 73 20 6f 6e 20 74 68 69 73 20 63	er..Number.of.antennas.on.this.c
bc9e0	61 72 64 00 4e 75 6d 62 65 72 20 6f 66 20 6c 69 6e 65 73 20 74 6f 20 62 65 20 64 69 73 70 6c 61	ard.Number.of.lines.to.be.displa
bca00	79 65 64 2c 20 64 65 66 61 75 6c 74 20 31 30 00 4f 53 50 46 00 4f 53 50 46 20 53 52 20 20 43 6f	yed,.default.10.OSPF.OSPF.SR..Co
bca20	6e 66 69 67 75 72 61 74 69 6f 6e 00 4f 53 50 46 20 69 73 20 61 20 77 69 64 65 6c 79 20 75 73 65	nfiguration.OSPF.is.a.widely.use
bca40	64 20 49 47 50 20 69 6e 20 6c 61 72 67 65 20 65 6e 74 65 72 70 72 69 73 65 20 6e 65 74 77 6f 72	d.IGP.in.large.enterprise.networ
bca60	6b 73 2e 00 4f 53 50 46 20 72 6f 75 74 69 6e 67 20 64 65 76 69 63 65 73 20 6e 6f 72 6d 61 6c 6c	ks..OSPF.routing.devices.normall
bca80	79 20 64 69 73 63 6f 76 65 72 20 74 68 65 69 72 20 6e 65 69 67 68 62 6f 72 73 20 64 79 6e 61 6d	y.discover.their.neighbors.dynam
bcaa0	69 63 61 6c 6c 79 20 62 79 20 6c 69 73 74 65 6e 69 6e 67 20 74 6f 20 74 68 65 20 62 72 6f 61 64	ically.by.listening.to.the.broad
bcac0	63 61 73 74 20 6f 72 20 6d 75 6c 74 69 63 61 73 74 20 68 65 6c 6c 6f 20 70 61 63 6b 65 74 73 20	cast.or.multicast.hello.packets.
bcae0	6f 6e 20 74 68 65 20 6e 65 74 77 6f 72 6b 2e 20 42 65 63 61 75 73 65 20 61 6e 20 4e 42 4d 41 20	on.the.network..Because.an.NBMA.
bcb00	6e 65 74 77 6f 72 6b 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 62 72 6f 61 64 63 61	network.does.not.support.broadca
bcb20	73 74 20 28 6f 72 20 6d 75 6c 74 69 63 61 73 74 29 2c 20 74 68 65 20 64 65 76 69 63 65 20 63 61	st.(or.multicast),.the.device.ca
bcb40	6e 6e 6f 74 20 64 69 73 63 6f 76 65 72 20 69 74 73 20 6e 65 69 67 68 62 6f 72 73 20 64 79 6e 61	nnot.discover.its.neighbors.dyna
bcb60	6d 69 63 61 6c 6c 79 2c 20 73 6f 20 79 6f 75 20 6d 75 73 74 20 63 6f 6e 66 69 67 75 72 65 20 61	mically,.so.you.must.configure.a
bcb80	6c 6c 20 74 68 65 20 6e 65 69 67 68 62 6f 72 73 20 73 74 61 74 69 63 61 6c 6c 79 2e 00 4f 53 50	ll.the.neighbors.statically..OSP
bcba0	46 76 32 20 28 49 50 76 34 29 00 4f 53 50 46 76 33 20 28 49 50 76 36 29 00 4f 54 50 2d 6b 65 79	Fv2.(IPv4).OSPFv3.(IPv6).OTP-key
bcbc0	20 67 65 6e 65 72 61 74 69 6f 6e 00 4f 66 66 6c 6f 61 64 69 6e 67 00 4f 66 66 73 65 74 20 6f 66	.generation.Offloading.Offset.of
bcbe0	20 74 68 65 20 63 6c 69 65 6e 74 27 73 20 73 75 62 6e 65 74 20 69 6e 20 73 65 63 6f 6e 64 73 20	.the.client's.subnet.in.seconds.
bcc00	66 72 6f 6d 20 43 6f 6f 72 64 69 6e 61 74 65 64 20 55 6e 69 76 65 72 73 61 6c 20 54 69 6d 65 20	from.Coordinated.Universal.Time.
bcc20	28 55 54 43 29 00 4f 66 74 65 6e 20 77 65 20 6e 65 65 64 20 74 6f 20 65 6d 62 65 64 20 6f 6e 65	(UTC).Often.we.need.to.embed.one
bcc40	20 70 6f 6c 69 63 79 20 69 6e 74 6f 20 61 6e 6f 74 68 65 72 20 6f 6e 65 2e 20 49 74 20 69 73 20	.policy.into.another.one..It.is.
bcc60	70 6f 73 73 69 62 6c 65 20 74 6f 20 64 6f 20 73 6f 20 6f 6e 20 63 6c 61 73 73 66 75 6c 20 70 6f	possible.to.do.so.on.classful.po
bcc80	6c 69 63 69 65 73 2c 20 62 79 20 61 74 74 61 63 68 69 6e 67 20 61 20 6e 65 77 20 70 6f 6c 69 63	licies,.by.attaching.a.new.polic
bcca0	79 20 69 6e 74 6f 20 61 20 63 6c 61 73 73 2e 20 46 6f 72 20 69 6e 73 74 61 6e 63 65 2c 20 79 6f	y.into.a.class..For.instance,.yo
bccc0	75 20 6d 69 67 68 74 20 77 61 6e 74 20 74 6f 20 61 70 70 6c 79 20 64 69 66 66 65 72 65 6e 74 20	u.might.want.to.apply.different.
bcce0	70 6f 6c 69 63 69 65 73 20 74 6f 20 74 68 65 20 64 69 66 66 65 72 65 6e 74 20 63 6c 61 73 73 65	policies.to.the.different.classe
bcd00	73 20 6f 66 20 61 20 52 6f 75 6e 64 2d 52 6f 62 69 6e 20 70 6f 6c 69 63 79 20 79 6f 75 20 68 61	s.of.a.Round-Robin.policy.you.ha
bcd20	76 65 20 63 6f 6e 66 69 67 75 72 65 64 2e 00 4f 66 74 65 6e 20 79 6f 75 20 77 69 6c 6c 20 61 6c	ve.configured..Often.you.will.al
bcd40	73 6f 20 68 61 76 65 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 2a 64 65 66 61 75	so.have.to.configure.your.*defau
bcd60	6c 74 2a 20 74 72 61 66 66 69 63 20 69 6e 20 74 68 65 20 73 61 6d 65 20 77 61 79 20 79 6f 75 20	lt*.traffic.in.the.same.way.you.
bcd80	64 6f 20 77 69 74 68 20 61 20 63 6c 61 73 73 2e 20 2a 44 65 66 61 75 6c 74 2a 20 63 61 6e 20 62	do.with.a.class..*Default*.can.b
bcda0	65 20 63 6f 6e 73 69 64 65 72 65 64 20 61 20 63 6c 61 73 73 20 61 73 20 69 74 20 62 65 68 61 76	e.considered.a.class.as.it.behav
bcdc0	65 73 20 6c 69 6b 65 20 74 68 61 74 2e 20 49 74 20 63 6f 6e 74 61 69 6e 73 20 61 6e 79 20 74 72	es.like.that..It.contains.any.tr
bcde0	61 66 66 69 63 20 74 68 61 74 20 64 69 64 20 6e 6f 74 20 6d 61 74 63 68 20 61 6e 79 20 6f 66 20	affic.that.did.not.match.any.of.
bce00	74 68 65 20 64 65 66 69 6e 65 64 20 63 6c 61 73 73 65 73 2c 20 73 6f 20 69 74 20 69 73 20 6c 69	the.defined.classes,.so.it.is.li
bce20	6b 65 20 61 6e 20 6f 70 65 6e 20 63 6c 61 73 73 2c 20 61 20 63 6c 61 73 73 20 77 69 74 68 6f 75	ke.an.open.class,.a.class.withou
bce40	74 20 6d 61 74 63 68 69 6e 67 20 66 69 6c 74 65 72 73 2e 00 4f 6e 20 61 63 74 69 76 65 20 72 6f	t.matching.filters..On.active.ro
bce60	75 74 65 72 20 72 75 6e 3a 00 4f 6e 20 6c 6f 77 20 72 61 74 65 73 20 28 62 65 6c 6f 77 20 34 30	uter.run:.On.low.rates.(below.40
bce80	4d 62 69 74 29 20 79 6f 75 20 6d 61 79 20 77 61 6e 74 20 74 6f 20 74 75 6e 65 20 60 71 75 61 6e	Mbit).you.may.want.to.tune.`quan
bcea0	74 75 6d 60 20 64 6f 77 6e 20 74 6f 20 73 6f 6d 65 74 68 69 6e 67 20 6c 69 6b 65 20 33 30 30 20	tum`.down.to.something.like.300.
bcec0	62 79 74 65 73 2e 00 4f 6e 20 6d 6f 73 74 20 73 63 65 6e 61 72 69 6f 73 2c 20 74 68 65 72 65 27	bytes..On.most.scenarios,.there'
bcee0	73 20 6e 6f 20 6e 65 65 64 20 74 6f 20 63 68 61 6e 67 65 20 73 70 65 63 69 66 69 63 20 70 61 72	s.no.need.to.change.specific.par
bcf00	61 6d 65 74 65 72 73 2c 20 61 6e 64 20 75 73 69 6e 67 20 64 65 66 61 75 6c 74 20 63 6f 6e 66 69	ameters,.and.using.default.confi
bcf20	67 75 72 61 74 69 6f 6e 20 69 73 20 65 6e 6f 75 67 68 2e 20 42 75 74 20 74 68 65 72 65 20 61 72	guration.is.enough..But.there.ar
bcf40	65 20 63 61 73 65 73 20 77 65 72 65 20 65 78 74 72 61 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e	e.cases.were.extra.configuration
bcf60	20 69 73 20 6e 65 65 64 65 64 2e 00 4f 6e 20 73 74 61 6e 64 62 79 20 72 6f 75 74 65 72 20 72 75	.is.needed..On.standby.router.ru
bcf80	6e 3a 00 4f 6e 20 73 79 73 74 65 6d 73 20 77 69 74 68 20 6d 75 6c 74 69 70 6c 65 20 72 65 64 75	n:.On.systems.with.multiple.redu
bcfa0	6e 64 61 6e 74 20 75 70 6c 69 6e 6b 73 20 61 6e 64 20 72 6f 75 74 65 73 2c 20 69 74 27 73 20 61	ndant.uplinks.and.routes,.it's.a
bcfc0	20 67 6f 6f 64 20 69 64 65 61 20 74 6f 20 75 73 65 20 61 20 64 65 64 69 63 61 74 65 64 20 61 64	.good.idea.to.use.a.dedicated.ad
bcfe0	64 72 65 73 73 20 66 6f 72 20 6d 61 6e 61 67 65 6d 65 6e 74 20 61 6e 64 20 64 79 6e 61 6d 69 63	dress.for.management.and.dynamic
bd000	20 72 6f 75 74 69 6e 67 20 70 72 6f 74 6f 63 6f 6c 73 2e 20 48 6f 77 65 76 65 72 2c 20 61 73 73	.routing.protocols..However,.ass
bd020	69 67 6e 69 6e 67 20 74 68 61 74 20 61 64 64 72 65 73 73 20 74 6f 20 61 20 70 68 79 73 69 63 61	igning.that.address.to.a.physica
bd040	6c 20 6c 69 6e 6b 20 69 73 20 72 69 73 6b 79 3a 20 69 66 20 74 68 61 74 20 6c 69 6e 6b 20 67 6f	l.link.is.risky:.if.that.link.go
bd060	65 73 20 64 6f 77 6e 2c 20 74 68 61 74 20 61 64 64 72 65 73 73 20 77 69 6c 6c 20 62 65 63 6f 6d	es.down,.that.address.will.becom
bd080	65 20 69 6e 61 63 63 65 73 73 69 62 6c 65 2e 20 41 20 63 6f 6d 6d 6f 6e 20 73 6f 6c 75 74 69 6f	e.inaccessible..A.common.solutio
bd0a0	6e 20 69 73 20 74 6f 20 61 73 73 69 67 6e 20 74 68 65 20 6d 61 6e 61 67 65 6d 65 6e 74 20 61 64	n.is.to.assign.the.management.ad
bd0c0	64 72 65 73 73 20 74 6f 20 61 20 6c 6f 6f 70 62 61 63 6b 20 6f 72 20 61 20 64 75 6d 6d 79 20 69	dress.to.a.loopback.or.a.dummy.i
bd0e0	6e 74 65 72 66 61 63 65 20 61 6e 64 20 61 64 76 65 72 74 69 73 65 20 74 68 61 74 20 61 64 64 72	nterface.and.advertise.that.addr
bd100	65 73 73 20 76 69 61 20 61 6c 6c 20 70 68 79 73 69 63 61 6c 20 6c 69 6e 6b 73 2c 20 73 6f 20 74	ess.via.all.physical.links,.so.t
bd120	68 61 74 20 69 74 27 73 20 72 65 61 63 68 61 62 6c 65 20 74 68 72 6f 75 67 68 20 61 6e 79 20 6f	hat.it's.reachable.through.any.o
bd140	66 20 74 68 65 6d 2e 20 53 69 6e 63 65 20 69 6e 20 4c 69 6e 75 78 2d 62 61 73 65 64 20 73 79 73	f.them..Since.in.Linux-based.sys
bd160	74 65 6d 73 2c 20 74 68 65 72 65 20 63 61 6e 20 62 65 20 6f 6e 6c 79 20 6f 6e 65 20 6c 6f 6f 70	tems,.there.can.be.only.one.loop
bd180	62 61 63 6b 20 69 6e 74 65 72 66 61 63 65 2c 20 69 74 27 73 20 62 65 74 74 65 72 20 74 6f 20 75	back.interface,.it's.better.to.u
bd1a0	73 65 20 61 20 64 75 6d 6d 79 20 69 6e 74 65 72 66 61 63 65 20 66 6f 72 20 74 68 61 74 20 70 75	se.a.dummy.interface.for.that.pu
bd1c0	72 70 6f 73 65 2c 20 73 69 6e 63 65 20 74 68 65 79 20 63 61 6e 20 62 65 20 61 64 64 65 64 2c 20	rpose,.since.they.can.be.added,.
bd1e0	72 65 6d 6f 76 65 64 2c 20 61 6e 64 20 74 61 6b 65 6e 20 75 70 20 61 6e 64 20 64 6f 77 6e 20 69	removed,.and.taken.up.and.down.i
bd200	6e 64 65 70 65 6e 64 65 6e 74 6c 79 2e 00 4f 6e 20 74 68 65 20 4c 45 46 54 20 28 73 74 61 74 69	ndependently..On.the.LEFT.(stati
bd220	63 20 61 64 64 72 65 73 73 29 3a 00 4f 6e 20 74 68 65 20 4c 45 46 54 3a 00 4f 6e 20 74 68 65 20	c.address):.On.the.LEFT:.On.the.
bd240	52 49 47 48 54 20 28 64 79 6e 61 6d 69 63 20 61 64 64 72 65 73 73 29 3a 00 4f 6e 20 74 68 65 20	RIGHT.(dynamic.address):.On.the.
bd260	52 49 47 48 54 2c 20 73 65 74 75 70 20 62 79 20 61 6e 61 6c 6f 67 79 20 61 6e 64 20 73 77 61 70	RIGHT,.setup.by.analogy.and.swap
bd280	20 6c 6f 63 61 6c 20 61 6e 64 20 72 65 6d 6f 74 65 20 61 64 64 72 65 73 73 65 73 2e 00 4f 6e 20	.local.and.remote.addresses..On.
bd2a0	74 68 65 20 52 49 47 48 54 3a 00 4f 6e 20 74 68 65 20 61 63 74 69 76 65 20 72 6f 75 74 65 72 2c	the.RIGHT:.On.the.active.router,
bd2c0	20 79 6f 75 20 73 68 6f 75 6c 64 20 68 61 76 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 69 6e 20	.you.should.have.information.in.
bd2e0	74 68 65 20 69 6e 74 65 72 6e 61 6c 2d 63 61 63 68 65 20 6f 66 20 63 6f 6e 6e 74 72 61 63 6b 2d	the.internal-cache.of.conntrack-
bd300	73 79 6e 63 2e 20 54 68 65 20 73 61 6d 65 20 63 75 72 72 65 6e 74 20 61 63 74 69 76 65 20 63 6f	sync..The.same.current.active.co
bd320	6e 6e 65 63 74 69 6f 6e 73 20 6e 75 6d 62 65 72 20 73 68 6f 75 6c 64 20 62 65 20 73 68 6f 77 6e	nnections.number.should.be.shown
bd340	20 69 6e 20 74 68 65 20 65 78 74 65 72 6e 61 6c 2d 63 61 63 68 65 20 6f 66 20 74 68 65 20 73 74	.in.the.external-cache.of.the.st
bd360	61 6e 64 62 79 20 72 6f 75 74 65 72 00 4f 6e 20 74 68 65 20 69 6e 69 74 69 61 74 6f 72 2c 20 77	andby.router.On.the.initiator,.w
bd380	65 20 6e 65 65 64 20 74 6f 20 73 65 74 20 74 68 65 20 72 65 6d 6f 74 65 2d 69 64 20 6f 70 74 69	e.need.to.set.the.remote-id.opti
bd3a0	6f 6e 20 73 6f 20 74 68 61 74 20 69 74 20 63 61 6e 20 69 64 65 6e 74 69 66 79 20 49 4b 45 20 74	on.so.that.it.can.identify.IKE.t
bd3c0	72 61 66 66 69 63 20 66 72 6f 6d 20 74 68 65 20 72 65 73 70 6f 6e 64 65 72 20 63 6f 72 72 65 63	raffic.from.the.responder.correc
bd3e0	74 6c 79 2e 00 4f 6e 20 74 68 65 20 69 6e 69 74 69 61 74 6f 72 2c 20 77 65 20 73 65 74 20 74 68	tly..On.the.initiator,.we.set.th
bd400	65 20 70 65 65 72 20 61 64 64 72 65 73 73 20 74 6f 20 69 74 73 20 70 75 62 6c 69 63 20 61 64 64	e.peer.address.to.its.public.add
bd420	72 65 73 73 2c 20 62 75 74 20 6f 6e 20 74 68 65 20 72 65 73 70 6f 6e 64 65 72 20 77 65 20 6f 6e	ress,.but.on.the.responder.we.on
bd440	6c 79 20 73 65 74 20 74 68 65 20 69 64 2e 00 4f 6e 20 74 68 65 20 72 65 73 70 6f 6e 64 65 72 2c	ly.set.the.id..On.the.responder,
bd460	20 77 65 20 6e 65 65 64 20 74 6f 20 73 65 74 20 74 68 65 20 6c 6f 63 61 6c 20 69 64 20 73 6f 20	.we.need.to.set.the.local.id.so.
bd480	74 68 61 74 20 69 6e 69 74 69 61 74 6f 72 20 63 61 6e 20 6b 6e 6f 77 20 77 68 6f 27 73 20 74 61	that.initiator.can.know.who's.ta
bd4a0	6c 6b 69 6e 67 20 74 6f 20 69 74 20 66 6f 72 20 74 68 65 20 70 6f 69 6e 74 20 23 33 20 74 6f 20	lking.to.it.for.the.point.#3.to.
bd4c0	77 6f 72 6b 2e 00 4f 6e 63 65 20 61 20 63 6c 61 73 73 20 68 61 73 20 61 20 66 69 6c 74 65 72 20	work..Once.a.class.has.a.filter.
bd4e0	63 6f 6e 66 69 67 75 72 65 64 2c 20 79 6f 75 20 77 69 6c 6c 20 61 6c 73 6f 20 68 61 76 65 20 74	configured,.you.will.also.have.t
bd500	6f 20 64 65 66 69 6e 65 20 77 68 61 74 20 79 6f 75 20 77 61 6e 74 20 74 6f 20 64 6f 20 77 69 74	o.define.what.you.want.to.do.wit
bd520	68 20 74 68 65 20 74 72 61 66 66 69 63 20 6f 66 20 74 68 61 74 20 63 6c 61 73 73 2c 20 77 68 61	h.the.traffic.of.that.class,.wha
bd540	74 20 73 70 65 63 69 66 69 63 20 54 72 61 66 66 69 63 2d 43 6f 6e 74 72 6f 6c 20 74 72 65 61 74	t.specific.Traffic-Control.treat
bd560	6d 65 6e 74 20 79 6f 75 20 77 61 6e 74 20 74 6f 20 67 69 76 65 20 69 74 2e 20 59 6f 75 20 77 69	ment.you.want.to.give.it..You.wi
bd580	6c 6c 20 68 61 76 65 20 64 69 66 66 65 72 65 6e 74 20 70 6f 73 73 69 62 69 6c 69 74 69 65 73 20	ll.have.different.possibilities.
bd5a0	64 65 70 65 6e 64 69 6e 67 20 6f 6e 20 74 68 65 20 54 72 61 66 66 69 63 20 50 6f 6c 69 63 79 20	depending.on.the.Traffic.Policy.
bd5c0	79 6f 75 20 61 72 65 20 63 6f 6e 66 69 67 75 72 69 6e 67 2e 00 4f 6e 63 65 20 61 20 6e 65 69 67	you.are.configuring..Once.a.neig
bd5e0	68 62 6f 72 20 68 61 73 20 62 65 65 6e 20 66 6f 75 6e 64 2c 20 74 68 65 20 65 6e 74 72 79 20 69	hbor.has.been.found,.the.entry.i
bd600	73 20 63 6f 6e 73 69 64 65 72 65 64 20 74 6f 20 62 65 20 76 61 6c 69 64 20 66 6f 72 20 61 74 20	s.considered.to.be.valid.for.at.
bd620	6c 65 61 73 74 20 66 6f 72 20 74 68 69 73 20 73 70 65 63 69 66 69 63 20 74 69 6d 65 2e 20 41 6e	least.for.this.specific.time..An
bd640	20 65 6e 74 72 79 27 73 20 76 61 6c 69 64 69 74 79 20 77 69 6c 6c 20 62 65 20 65 78 74 65 6e 64	.entry's.validity.will.be.extend
bd660	65 64 20 69 66 20 69 74 20 72 65 63 65 69 76 65 73 20 70 6f 73 69 74 69 76 65 20 66 65 65 64 62	ed.if.it.receives.positive.feedb
bd680	61 63 6b 20 66 72 6f 6d 20 68 69 67 68 65 72 20 6c 65 76 65 6c 20 70 72 6f 74 6f 63 6f 6c 73 2e	ack.from.higher.level.protocols.
bd6a0	00 4f 6e 63 65 20 61 20 72 6f 75 74 65 20 69 73 20 61 73 73 65 73 73 65 64 20 61 20 70 65 6e 61	.Once.a.route.is.assessed.a.pena
bd6c0	6c 74 79 2c 20 74 68 65 20 70 65 6e 61 6c 74 79 20 69 73 20 64 65 63 72 65 61 73 65 64 20 62 79	lty,.the.penalty.is.decreased.by
bd6e0	20 68 61 6c 66 20 65 61 63 68 20 74 69 6d 65 20 61 20 70 72 65 64 65 66 69 6e 65 64 20 61 6d 6f	.half.each.time.a.predefined.amo
bd700	75 6e 74 20 6f 66 20 74 69 6d 65 20 65 6c 61 70 73 65 73 20 28 68 61 6c 66 2d 6c 69 66 65 2d 74	unt.of.time.elapses.(half-life-t
bd720	69 6d 65 29 2e 20 57 68 65 6e 20 74 68 65 20 61 63 63 75 6d 75 6c 61 74 65 64 20 70 65 6e 61 6c	ime)..When.the.accumulated.penal
bd740	74 69 65 73 20 66 61 6c 6c 20 62 65 6c 6f 77 20 61 20 70 72 65 64 65 66 69 6e 65 64 20 74 68 72	ties.fall.below.a.predefined.thr
bd760	65 73 68 6f 6c 64 20 28 72 65 75 73 65 2d 76 61 6c 75 65 29 2c 20 74 68 65 20 72 6f 75 74 65 20	eshold.(reuse-value),.the.route.
bd780	69 73 20 75 6e 73 75 70 70 72 65 73 73 65 64 20 61 6e 64 20 61 64 64 65 64 20 62 61 63 6b 20 69	is.unsuppressed.and.added.back.i
bd7a0	6e 74 6f 20 74 68 65 20 42 47 50 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 2e 00 4f 6e 63 65 20	nto.the.BGP.routing.table..Once.
bd7c0	61 20 74 72 61 66 66 69 63 2d 70 6f 6c 69 63 79 20 69 73 20 63 72 65 61 74 65 64 2c 20 79 6f 75	a.traffic-policy.is.created,.you
bd7e0	20 63 61 6e 20 61 70 70 6c 79 20 69 74 20 74 6f 20 61 6e 20 69 6e 74 65 72 66 61 63 65 3a 00 4f	.can.apply.it.to.an.interface:.O
bd800	6e 63 65 20 63 72 65 61 74 65 64 20 69 6e 20 74 68 65 20 73 79 73 74 65 6d 2c 20 50 73 65 75 64	nce.created.in.the.system,.Pseud
bd820	6f 2d 45 74 68 65 72 6e 65 74 20 69 6e 74 65 72 66 61 63 65 73 20 63 61 6e 20 62 65 20 72 65 66	o-Ethernet.interfaces.can.be.ref
bd840	65 72 65 6e 63 65 64 20 69 6e 20 74 68 65 20 65 78 61 63 74 20 73 61 6d 65 20 77 61 79 20 61 73	erenced.in.the.exact.same.way.as
bd860	20 6f 74 68 65 72 20 45 74 68 65 72 6e 65 74 20 69 6e 74 65 72 66 61 63 65 73 2e 20 4e 6f 74 65	.other.Ethernet.interfaces..Note
bd880	73 20 61 62 6f 75 74 20 75 73 69 6e 67 20 50 73 65 75 64 6f 2d 20 45 74 68 65 72 6e 65 74 20 69	s.about.using.Pseudo-.Ethernet.i
bd8a0	6e 74 65 72 66 61 63 65 73 3a 00 4f 6e 63 65 20 66 6c 6f 77 20 61 63 63 6f 75 6e 74 69 6e 67 20	nterfaces:.Once.flow.accounting.
bd8c0	69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 6f 6e 20 61 6e 20 69 6e 74 65 72 66 61 63 65 73 20 69	is.configured.on.an.interfaces.i
bd8e0	74 20 70 72 6f 76 69 64 65 73 20 74 68 65 20 61 62 69 6c 69 74 79 20 74 6f 20 64 69 73 70 6c 61	t.provides.the.ability.to.displa
bd900	79 20 63 61 70 74 75 72 65 64 20 6e 65 74 77 6f 72 6b 20 74 72 61 66 66 69 63 20 69 6e 66 6f 72	y.captured.network.traffic.infor
bd920	6d 61 74 69 6f 6e 20 66 6f 72 20 61 6c 6c 20 63 6f 6e 66 69 67 75 72 65 64 20 69 6e 74 65 72 66	mation.for.all.configured.interf
bd940	61 63 65 73 2e 00 4f 6e 63 65 20 74 68 65 20 6c 6f 63 61 6c 20 74 75 6e 6e 65 6c 20 65 6e 64 70	aces..Once.the.local.tunnel.endp
bd960	6f 69 6e 74 20 60 60 73 65 74 20 73 65 72 76 69 63 65 20 70 70 70 6f 65 2d 73 65 72 76 65 72 20	oint.``set.service.pppoe-server.
bd980	67 61 74 65 77 61 79 2d 61 64 64 72 65 73 73 20 27 31 30 2e 31 2e 31 2e 32 27 60 60 20 68 61 73	gateway-address.'10.1.1.2'``.has
bd9a0	20 62 65 65 6e 20 64 65 66 69 6e 65 64 2c 20 74 68 65 20 63 6c 69 65 6e 74 20 49 50 20 70 6f 6f	.been.defined,.the.client.IP.poo
bd9c0	6c 20 63 61 6e 20 62 65 20 65 69 74 68 65 72 20 64 65 66 69 6e 65 64 20 61 73 20 61 20 72 61 6e	l.can.be.either.defined.as.a.ran
bd9e0	67 65 20 6f 72 20 61 73 20 73 75 62 6e 65 74 20 75 73 69 6e 67 20 43 49 44 52 20 6e 6f 74 61 74	ge.or.as.subnet.using.CIDR.notat
bda00	69 6f 6e 2e 20 49 66 20 74 68 65 20 43 49 44 52 20 6e 6f 74 61 74 69 6f 6e 20 69 73 20 75 73 65	ion..If.the.CIDR.notation.is.use
bda20	64 2c 20 6d 75 6c 74 69 70 6c 65 20 73 75 62 6e 65 74 73 20 63 61 6e 20 62 65 20 73 65 74 75 70	d,.multiple.subnets.can.be.setup
bda40	20 77 68 69 63 68 20 61 72 65 20 75 73 65 64 20 73 65 71 75 65 6e 74 69 61 6c 6c 79 2e 00 4f 6e	.which.are.used.sequentially..On
bda60	63 65 20 74 68 65 20 6d 61 74 63 68 69 6e 67 20 72 75 6c 65 73 20 61 72 65 20 73 65 74 20 66 6f	ce.the.matching.rules.are.set.fo
bda80	72 20 61 20 63 6c 61 73 73 2c 20 79 6f 75 20 63 61 6e 20 73 74 61 72 74 20 63 6f 6e 66 69 67 75	r.a.class,.you.can.start.configu
bdaa0	72 69 6e 67 20 68 6f 77 20 79 6f 75 20 77 61 6e 74 20 6d 61 74 63 68 69 6e 67 20 74 72 61 66 66	ring.how.you.want.matching.traff
bdac0	69 63 20 74 6f 20 62 65 68 61 76 65 2e 00 4f 6e 63 65 20 74 68 65 20 75 73 65 72 20 69 73 20 63	ic.to.behave..Once.the.user.is.c
bdae0	6f 6e 6e 65 63 74 65 64 2c 20 74 68 65 20 75 73 65 72 20 73 65 73 73 69 6f 6e 20 69 73 20 75 73	onnected,.the.user.session.is.us
bdb00	69 6e 67 20 74 68 65 20 73 65 74 20 6c 69 6d 69 74 73 20 61 6e 64 20 63 61 6e 20 62 65 20 64 69	ing.the.set.limits.and.can.be.di
bdb20	73 70 6c 61 79 65 64 20 76 69 61 20 27 73 68 6f 77 20 70 70 70 6f 65 2d 73 65 72 76 65 72 20 73	splayed.via.'show.pppoe-server.s
bdb40	65 73 73 69 6f 6e 73 27 2e 00 4f 6e 63 65 20 79 6f 75 20 63 6f 6d 6d 69 74 20 74 68 65 20 61 62	essions'..Once.you.commit.the.ab
bdb60	6f 76 65 20 63 68 61 6e 67 65 73 20 79 6f 75 20 63 61 6e 20 63 72 65 61 74 65 20 61 20 63 6f 6e	ove.changes.you.can.create.a.con
bdb80	66 69 67 20 66 69 6c 65 20 69 6e 20 74 68 65 20 2f 63 6f 6e 66 69 67 2f 61 75 74 68 2f 6f 63 73	fig.file.in.the./config/auth/ocs
bdba0	65 72 76 2f 63 6f 6e 66 69 67 2d 70 65 72 2d 75 73 65 72 20 64 69 72 65 63 74 6f 72 79 20 74 68	erv/config-per-user.directory.th
bdbc0	61 74 20 6d 61 74 63 68 65 73 20 61 20 75 73 65 72 6e 61 6d 65 20 6f 66 20 61 20 75 73 65 72 20	at.matches.a.username.of.a.user.
bdbe0	79 6f 75 20 68 61 76 65 20 63 72 65 61 74 65 64 20 65 2e 67 2e 20 22 74 73 74 22 2e 20 4e 6f 77	you.have.created.e.g.."tst"..Now
bdc00	20 77 68 65 6e 20 6c 6f 67 67 69 6e 67 20 69 6e 20 77 69 74 68 20 74 68 65 20 22 74 73 74 22 20	.when.logging.in.with.the."tst".
bdc20	75 73 65 72 20 74 68 65 20 63 6f 6e 66 69 67 20 6f 70 74 69 6f 6e 73 20 79 6f 75 20 73 65 74 20	user.the.config.options.you.set.
bdc40	69 6e 20 74 68 69 73 20 66 69 6c 65 20 77 69 6c 6c 20 62 65 20 6c 6f 61 64 65 64 2e 00 4f 6e 63	in.this.file.will.be.loaded..Onc
bdc60	65 20 79 6f 75 20 68 61 76 65 20 61 6e 20 45 74 68 65 72 6e 65 74 20 64 65 76 69 63 65 20 63 6f	e.you.have.an.Ethernet.device.co
bdc80	6e 6e 65 63 74 65 64 2c 20 69 2e 65 2e 20 60 65 74 68 30 60 2c 20 74 68 65 6e 20 79 6f 75 20 63	nnected,.i.e..`eth0`,.then.you.c
bdca0	61 6e 20 63 6f 6e 66 69 67 75 72 65 20 69 74 20 74 6f 20 6f 70 65 6e 20 74 68 65 20 50 50 50 6f	an.configure.it.to.open.the.PPPo
bdcc0	45 20 73 65 73 73 69 6f 6e 20 66 6f 72 20 79 6f 75 20 61 6e 64 20 79 6f 75 72 20 44 53 4c 20 54	E.session.for.you.and.your.DSL.T
bdce0	72 61 6e 73 63 65 69 76 65 72 20 28 4d 6f 64 65 6d 2f 52 6f 75 74 65 72 29 20 6a 75 73 74 20 61	ransceiver.(Modem/Router).just.a
bdd00	63 74 73 20 74 6f 20 74 72 61 6e 73 6c 61 74 65 20 79 6f 75 72 20 6d 65 73 73 61 67 65 73 20 69	cts.to.translate.your.messages.i
bdd20	6e 20 61 20 77 61 79 20 74 68 61 74 20 76 44 53 4c 2f 61 44 53 4c 20 75 6e 64 65 72 73 74 61 6e	n.a.way.that.vDSL/aDSL.understan
bdd40	64 73 2e 00 4f 6e 63 65 20 79 6f 75 20 68 61 76 65 20 73 65 74 75 70 20 79 6f 75 72 20 53 53 54	ds..Once.you.have.setup.your.SST
bdd60	50 20 73 65 72 76 65 72 20 74 68 65 72 65 20 63 6f 6d 65 73 20 74 68 65 20 74 69 6d 65 20 74 6f	P.server.there.comes.the.time.to
bdd80	20 64 6f 20 73 6f 6d 65 20 62 61 73 69 63 20 74 65 73 74 69 6e 67 2e 20 54 68 65 20 4c 69 6e 75	.do.some.basic.testing..The.Linu
bdda0	78 20 63 6c 69 65 6e 74 20 75 73 65 64 20 66 6f 72 20 74 65 73 74 69 6e 67 20 69 73 20 63 61 6c	x.client.used.for.testing.is.cal
bddc0	6c 65 64 20 73 73 74 70 63 5f 2e 20 73 73 74 70 63 5f 20 72 65 71 75 69 72 65 73 20 61 20 50 50	led.sstpc_..sstpc_.requires.a.PP
bdde0	50 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2f 70 65 65 72 20 66 69 6c 65 2e 00 4f 6e 63 65 20	P.configuration/peer.file..Once.
bde00	79 6f 75 72 20 72 6f 75 74 65 72 73 20 61 72 65 20 63 6f 6e 66 69 67 75 72 65 64 20 74 6f 20 72	your.routers.are.configured.to.r
bde20	65 6a 65 63 74 20 52 50 4b 49 2d 69 6e 76 61 6c 69 64 20 70 72 65 66 69 78 65 73 2c 20 79 6f 75	eject.RPKI-invalid.prefixes,.you
bde40	20 63 61 6e 20 74 65 73 74 20 77 68 65 74 68 65 72 20 74 68 65 20 63 6f 6e 66 69 67 75 72 61 74	.can.test.whether.the.configurat
bde60	69 6f 6e 20 69 73 20 77 6f 72 6b 69 6e 67 20 63 6f 72 72 65 63 74 6c 79 20 75 73 69 6e 67 20 74	ion.is.working.correctly.using.t
bde80	68 65 20 60 52 49 50 45 20 4c 61 62 73 20 52 50 4b 49 20 54 65 73 74 60 5f 20 65 78 70 65 72 69	he.`RIPE.Labs.RPKI.Test`_.experi
bdea0	6d 65 6e 74 61 6c 20 74 6f 6f 6c 2e 00 4f 6e 65 20 54 79 70 65 2d 33 20 73 75 6d 6d 61 72 79 2d	mental.tool..One.Type-3.summary-
bdec0	4c 53 41 20 77 69 74 68 20 72 6f 75 74 69 6e 67 20 69 6e 66 6f 20 3c 45 2e 46 2e 47 2e 48 2f 4d	LSA.with.routing.info.<E.F.G.H/M
bdee0	3e 20 69 73 20 61 6e 6e 6f 75 6e 63 65 64 20 69 6e 74 6f 20 62 61 63 6b 62 6f 6e 65 20 61 72 65	>.is.announced.into.backbone.are
bdf00	61 20 69 66 20 64 65 66 69 6e 65 64 20 61 72 65 61 20 63 6f 6e 74 61 69 6e 73 20 61 74 20 6c 65	a.if.defined.area.contains.at.le
bdf20	61 73 74 20 6f 6e 65 20 69 6e 74 72 61 2d 61 72 65 61 20 6e 65 74 77 6f 72 6b 20 28 69 2e 65 2e	ast.one.intra-area.network.(i.e.
bdf40	20 64 65 73 63 72 69 62 65 64 20 77 69 74 68 20 72 6f 75 74 65 72 2d 4c 53 41 20 6f 72 20 6e 65	.described.with.router-LSA.or.ne
bdf60	74 77 6f 72 6b 2d 4c 53 41 29 20 66 72 6f 6d 20 72 61 6e 67 65 20 3c 41 2e 42 2e 43 2e 44 2f 4d	twork-LSA).from.range.<A.B.C.D/M
bdf80	3e 2e 20 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 6d 61 6b 65 73 20 73 65 6e 73 65 20 69 6e 20 41	>..This.command.makes.sense.in.A
bdfa0	42 52 20 6f 6e 6c 79 2e 00 4f 6e 65 20 69 6d 70 6c 69 63 69 74 20 65 6e 76 69 72 6f 6e 6d 65 6e	BR.only..One.implicit.environmen
bdfc0	74 20 65 78 69 73 74 73 2e 00 4f 6e 65 20 6f 66 20 74 68 65 20 69 6d 70 6f 72 74 61 6e 74 20 66	t.exists..One.of.the.important.f
bdfe0	65 61 74 75 72 65 73 20 62 75 69 6c 74 20 6f 6e 20 74 6f 70 20 6f 66 20 74 68 65 20 4e 65 74 66	eatures.built.on.top.of.the.Netf
be000	69 6c 74 65 72 20 66 72 61 6d 65 77 6f 72 6b 20 69 73 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 74 72	ilter.framework.is.connection.tr
be020	61 63 6b 69 6e 67 2e 20 43 6f 6e 6e 65 63 74 69 6f 6e 20 74 72 61 63 6b 69 6e 67 20 61 6c 6c 6f	acking..Connection.tracking.allo
be040	77 73 20 74 68 65 20 6b 65 72 6e 65 6c 20 74 6f 20 6b 65 65 70 20 74 72 61 63 6b 20 6f 66 20 61	ws.the.kernel.to.keep.track.of.a
be060	6c 6c 20 6c 6f 67 69 63 61 6c 20 6e 65 74 77 6f 72 6b 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 6f	ll.logical.network.connections.o
be080	72 20 73 65 73 73 69 6f 6e 73 2c 20 61 6e 64 20 74 68 65 72 65 62 79 20 72 65 6c 61 74 65 20 61	r.sessions,.and.thereby.relate.a
be0a0	6c 6c 20 6f 66 20 74 68 65 20 70 61 63 6b 65 74 73 20 77 68 69 63 68 20 6d 61 79 20 6d 61 6b 65	ll.of.the.packets.which.may.make
be0c0	20 75 70 20 74 68 61 74 20 63 6f 6e 6e 65 63 74 69 6f 6e 2e 20 4e 41 54 20 72 65 6c 69 65 73 20	.up.that.connection..NAT.relies.
be0e0	6f 6e 20 74 68 69 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74 6f 20 74 72 61 6e 73 6c 61 74 65	on.this.information.to.translate
be100	20 61 6c 6c 20 72 65 6c 61 74 65 64 20 70 61 63 6b 65 74 73 20 69 6e 20 74 68 65 20 73 61 6d 65	.all.related.packets.in.the.same
be120	20 77 61 79 2c 20 61 6e 64 20 69 70 74 61 62 6c 65 73 20 63 61 6e 20 75 73 65 20 74 68 69 73 20	.way,.and.iptables.can.use.this.
be140	69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74 6f 20 61 63 74 20 61 73 20 61 20 73 74 61 74 65 66 75 6c	information.to.act.as.a.stateful
be160	20 66 69 72 65 77 61 6c 6c 2e 00 4f 6e 65 20 6f 66 20 74 68 65 20 75 73 65 73 20 6f 66 20 46 61	.firewall..One.of.the.uses.of.Fa
be180	69 72 20 51 75 65 75 65 20 6d 69 67 68 74 20 62 65 20 74 68 65 20 6d 69 74 69 67 61 74 69 6f 6e	ir.Queue.might.be.the.mitigation
be1a0	20 6f 66 20 44 65 6e 69 61 6c 20 6f 66 20 53 65 72 76 69 63 65 20 61 74 74 61 63 6b 73 2e 00 4f	.of.Denial.of.Service.attacks..O
be1c0	6e 6c 79 20 38 30 32 2e 31 51 2d 74 61 67 67 65 64 20 70 61 63 6b 65 74 73 20 61 72 65 20 61 63	nly.802.1Q-tagged.packets.are.ac
be1e0	63 65 70 74 65 64 20 6f 6e 20 45 74 68 65 72 6e 65 74 20 76 69 66 73 2e 00 4f 6e 6c 79 20 56 52	cepted.on.Ethernet.vifs..Only.VR
be200	52 50 20 69 73 20 73 75 70 70 6f 72 74 65 64 2e 20 52 65 71 75 69 72 65 64 20 6f 70 74 69 6f 6e	RP.is.supported..Required.option
be220	2e 00 4f 6e 6c 79 20 69 6e 20 74 68 65 20 73 6f 75 72 63 65 20 63 72 69 74 65 72 69 61 2c 20 79	..Only.in.the.source.criteria,.y
be240	6f 75 20 63 61 6e 20 73 70 65 63 69 66 79 20 61 20 6d 61 63 2d 61 64 64 72 65 73 73 2e 00 4f 6e	ou.can.specify.a.mac-address..On
be260	6c 79 20 6f 6e 65 20 53 52 47 42 20 61 6e 64 20 64 65 66 61 75 6c 74 20 53 50 46 20 41 6c 67 6f	ly.one.SRGB.and.default.SPF.Algo
be280	72 69 74 68 6d 20 69 73 20 73 75 70 70 6f 72 74 65 64 00 4f 6e 6c 79 20 72 65 71 75 65 73 74 20	rithm.is.supported.Only.request.
be2a0	61 6e 20 61 64 64 72 65 73 73 20 66 72 6f 6d 20 74 68 65 20 44 48 43 50 20 73 65 72 76 65 72 20	an.address.from.the.DHCP.server.
be2c0	62 75 74 20 64 6f 20 6e 6f 74 20 72 65 71 75 65 73 74 20 61 20 64 65 66 61 75 6c 74 20 67 61 74	but.do.not.request.a.default.gat
be2e0	65 77 61 79 2e 00 4f 6e 6c 79 20 72 65 71 75 65 73 74 20 61 6e 20 61 64 64 72 65 73 73 20 66 72	eway..Only.request.an.address.fr
be300	6f 6d 20 74 68 65 20 50 50 50 6f 45 20 73 65 72 76 65 72 20 62 75 74 20 64 6f 20 6e 6f 74 20 69	om.the.PPPoE.server.but.do.not.i
be320	6e 73 74 61 6c 6c 20 61 6e 79 20 64 65 66 61 75 6c 74 20 72 6f 75 74 65 2e 00 4f 6e 6c 79 20 72	nstall.any.default.route..Only.r
be340	65 71 75 65 73 74 20 61 6e 20 61 64 64 72 65 73 73 20 66 72 6f 6d 20 74 68 65 20 53 53 54 50 20	equest.an.address.from.the.SSTP.
be360	73 65 72 76 65 72 20 62 75 74 20 64 6f 20 6e 6f 74 20 69 6e 73 74 61 6c 6c 20 61 6e 79 20 64 65	server.but.do.not.install.any.de
be380	66 61 75 6c 74 20 72 6f 75 74 65 2e 00 4f 6e 6c 79 20 74 68 65 20 74 79 70 65 20 28 60 60 73 73	fault.route..Only.the.type.(``ss
be3a0	68 2d 72 73 61 60 60 29 20 61 6e 64 20 74 68 65 20 6b 65 79 20 28 60 60 41 41 41 42 33 4e 2e 2e	h-rsa``).and.the.key.(``AAAB3N..
be3c0	2e 60 60 29 20 61 72 65 20 75 73 65 64 2e 20 4e 6f 74 65 20 74 68 61 74 20 74 68 65 20 6b 65 79	.``).are.used..Note.that.the.key
be3e0	20 77 69 6c 6c 20 75 73 75 61 6c 6c 79 20 62 65 20 73 65 76 65 72 61 6c 20 68 75 6e 64 72 65 64	.will.usually.be.several.hundred
be400	20 63 68 61 72 61 63 74 65 72 73 20 6c 6f 6e 67 2c 20 61 6e 64 20 79 6f 75 20 77 69 6c 6c 20 6e	.characters.long,.and.you.will.n
be420	65 65 64 20 74 6f 20 63 6f 70 79 20 61 6e 64 20 70 61 73 74 65 20 69 74 2e 20 53 6f 6d 65 20 74	eed.to.copy.and.paste.it..Some.t
be440	65 72 6d 69 6e 61 6c 20 65 6d 75 6c 61 74 6f 72 73 20 6d 61 79 20 61 63 63 69 64 65 6e 74 61 6c	erminal.emulators.may.accidental
be460	6c 79 20 73 70 6c 69 74 20 74 68 69 73 20 6f 76 65 72 20 73 65 76 65 72 61 6c 20 6c 69 6e 65 73	ly.split.this.over.several.lines
be480	2e 20 42 65 20 61 74 74 65 6e 74 69 76 65 20 77 68 65 6e 20 79 6f 75 20 70 61 73 74 65 20 69 74	..Be.attentive.when.you.paste.it
be4a0	20 74 68 61 74 20 69 74 20 6f 6e 6c 79 20 70 61 73 74 65 73 20 61 73 20 61 20 73 69 6e 67 6c 65	.that.it.only.pastes.as.a.single
be4c0	20 6c 69 6e 65 2e 20 54 68 65 20 74 68 69 72 64 20 70 61 72 74 20 69 73 20 73 69 6d 70 6c 79 20	.line..The.third.part.is.simply.
be4e0	61 6e 20 69 64 65 6e 74 69 66 69 65 72 2c 20 61 6e 64 20 69 73 20 66 6f 72 20 79 6f 75 72 20 6f	an.identifier,.and.is.for.your.o
be500	77 6e 20 72 65 66 65 72 65 6e 63 65 2e 00 4f 70 2d 6d 6f 64 65 20 63 68 65 63 6b 20 76 69 72 74	wn.reference..Op-mode.check.virt
be520	75 61 6c 2d 73 65 72 76 65 72 20 73 74 61 74 75 73 00 4f 70 65 6e 43 6f 6e 6e 65 63 74 00 4f 70	ual-server.status.OpenConnect.Op
be540	65 6e 43 6f 6e 6e 65 63 74 20 63 61 6e 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 74 6f 20 73	enConnect.can.be.configured.to.s
be560	65 6e 64 20 61 63 63 6f 75 6e 74 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74 6f 20 61 20	end.accounting.information.to.a.
be580	52 41 44 49 55 53 20 73 65 72 76 65 72 20 74 6f 20 63 61 70 74 75 72 65 20 75 73 65 72 20 73 65	RADIUS.server.to.capture.user.se
be5a0	73 73 69 6f 6e 20 64 61 74 61 20 73 75 63 68 20 61 73 20 74 69 6d 65 20 6f 66 20 63 6f 6e 6e 65	ssion.data.such.as.time.of.conne
be5c0	63 74 2f 64 69 73 63 6f 6e 6e 65 63 74 2c 20 64 61 74 61 20 74 72 61 6e 73 66 65 72 72 65 64 2c	ct/disconnect,.data.transferred,
be5e0	20 61 6e 64 20 73 6f 20 6f 6e 2e 00 4f 70 65 6e 43 6f 6e 6e 65 63 74 20 73 65 72 76 65 72 20 6d	.and.so.on..OpenConnect.server.m
be600	61 74 63 68 65 73 20 74 68 65 20 66 69 6c 65 6e 61 6d 65 20 69 6e 20 61 20 63 61 73 65 20 73 65	atches.the.filename.in.a.case.se
be620	6e 73 69 74 69 76 65 20 6d 61 6e 6e 65 72 2c 20 6d 61 6b 65 20 73 75 72 65 20 74 68 65 20 75 73	nsitive.manner,.make.sure.the.us
be640	65 72 6e 61 6d 65 2f 67 72 6f 75 70 20 6e 61 6d 65 20 79 6f 75 20 63 6f 6e 66 69 67 75 72 65 20	ername/group.name.you.configure.
be660	6d 61 74 63 68 65 73 20 74 68 65 20 66 69 6c 65 6e 61 6d 65 20 65 78 61 63 74 6c 79 2e 00 4f 70	matches.the.filename.exactly..Op
be680	65 6e 43 6f 6e 6e 65 63 74 20 73 75 70 70 6f 72 74 73 20 61 20 73 75 62 73 65 74 20 6f 66 20 69	enConnect.supports.a.subset.of.i
be6a0	74 27 73 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 73 20 74 6f 20 62 65 20	t's.configuration.options.to.be.
be6c0	61 70 70 6c 69 65 64 20 6f 6e 20 61 20 70 65 72 20 75 73 65 72 2f 67 72 6f 75 70 20 62 61 73 69	applied.on.a.per.user/group.basi
be6e0	73 2c 20 66 6f 72 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 70 75 72 70 6f 73 65 73 20 77 65	s,.for.configuration.purposes.we
be700	20 72 65 66 65 72 20 74 6f 20 74 68 69 73 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79 20 61 73 20	.refer.to.this.functionality.as.
be720	22 49 64 65 6e 74 69 74 79 20 62 61 73 65 64 20 63 6f 6e 66 69 67 22 2e 20 54 68 65 20 66 6f 6c	"Identity.based.config"..The.fol
be740	6c 6f 77 69 6e 67 20 60 4f 70 65 6e 43 6f 6e 6e 65 63 74 20 53 65 72 76 65 72 20 4d 61 6e 75 61	lowing.`OpenConnect.Server.Manua
be760	6c 20 3c 68 74 74 70 73 3a 2f 2f 6f 63 73 65 72 76 2e 67 69 74 6c 61 62 2e 69 6f 2f 77 77 77 2f	l.<https://ocserv.gitlab.io/www/
be780	6d 61 6e 75 61 6c 2e 68 74 6d 6c 23 3a 7e 3a 74 65 78 74 3d 43 6f 6e 66 69 67 75 72 61 74 69 6f	manual.html#:~:text=Configuratio
be7a0	6e 25 32 30 66 69 6c 65 73 25 32 30 74 68 61 74 25 20 32 30 77 69 6c 6c 25 32 30 62 65 25 32 30	n%20files%20that%.20will%20be%20
be7c0	61 70 70 6c 69 65 64 25 32 30 70 65 72 25 32 30 75 73 65 72 25 32 30 63 6f 6e 6e 65 63 74 69 6f	applied%20per%20user%20connectio
be7e0	6e 25 32 30 6f 72 25 30 41 25 32 33 25 32 30 70 65 72 25 32 30 67 72 6f 75 70 3e 60 5f 20 6f 75	n%20or%0A%23%20per%20group>`_.ou
be800	74 6c 69 6e 65 73 20 74 68 65 20 73 65 74 20 6f 66 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20	tlines.the.set.of.configuration.
be820	6f 70 74 69 6f 6e 73 20 74 68 61 74 20 61 72 65 20 61 6c 6c 6f 77 65 64 2e 20 54 68 69 73 20 63	options.that.are.allowed..This.c
be840	61 6e 20 62 65 20 6c 65 76 65 72 61 67 65 64 20 74 6f 20 61 70 70 6c 79 20 64 69 66 66 65 72 65	an.be.leveraged.to.apply.differe
be860	6e 74 20 73 65 74 73 20 6f 66 20 63 6f 6e 66 69 67 73 20 74 6f 20 64 69 66 66 65 72 65 6e 74 20	nt.sets.of.configs.to.different.
be880	75 73 65 72 73 20 6f 72 20 67 72 6f 75 70 73 20 6f 66 20 75 73 65 72 73 2e 00 4f 70 65 6e 43 6f	users.or.groups.of.users..OpenCo
be8a0	6e 6e 65 63 74 2d 63 6f 6d 70 61 74 69 62 6c 65 20 73 65 72 76 65 72 20 66 65 61 74 75 72 65 20	nnect-compatible.server.feature.
be8c0	69 73 20 61 76 61 69 6c 61 62 6c 65 20 66 72 6f 6d 20 74 68 69 73 20 72 65 6c 65 61 73 65 2e 20	is.available.from.this.release..
be8e0	4f 70 65 6e 63 6f 6e 6e 65 63 74 20 56 50 4e 20 73 75 70 70 6f 72 74 73 20 53 53 4c 20 63 6f 6e	Openconnect.VPN.supports.SSL.con
be900	6e 65 63 74 69 6f 6e 20 61 6e 64 20 6f 66 66 65 72 73 20 66 75 6c 6c 20 6e 65 74 77 6f 72 6b 20	nection.and.offers.full.network.
be920	61 63 63 65 73 73 2e 20 53 53 4c 20 56 50 4e 20 6e 65 74 77 6f 72 6b 20 65 78 74 65 6e 73 69 6f	access..SSL.VPN.network.extensio
be940	6e 20 63 6f 6e 6e 65 63 74 73 20 74 68 65 20 65 6e 64 2d 75 73 65 72 20 73 79 73 74 65 6d 20 74	n.connects.the.end-user.system.t
be960	6f 20 74 68 65 20 63 6f 72 70 6f 72 61 74 65 20 6e 65 74 77 6f 72 6b 20 77 69 74 68 20 61 63 63	o.the.corporate.network.with.acc
be980	65 73 73 20 63 6f 6e 74 72 6f 6c 73 20 62 61 73 65 64 20 6f 6e 6c 79 20 6f 6e 20 6e 65 74 77 6f	ess.controls.based.only.on.netwo
be9a0	72 6b 20 6c 61 79 65 72 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2c 20 73 75 63 68 20 61 73 20 64 65	rk.layer.information,.such.as.de
be9c0	73 74 69 6e 61 74 69 6f 6e 20 49 50 20 61 64 64 72 65 73 73 20 61 6e 64 20 70 6f 72 74 20 6e 75	stination.IP.address.and.port.nu
be9e0	6d 62 65 72 2e 20 53 6f 2c 20 69 74 20 70 72 6f 76 69 64 65 73 20 73 61 66 65 20 63 6f 6d 6d 75	mber..So,.it.provides.safe.commu
bea00	6e 69 63 61 74 69 6f 6e 20 66 6f 72 20 61 6c 6c 20 74 79 70 65 73 20 6f 66 20 64 65 76 69 63 65	nication.for.all.types.of.device
bea20	20 74 72 61 66 66 69 63 20 61 63 72 6f 73 73 20 70 75 62 6c 69 63 20 6e 65 74 77 6f 72 6b 73 20	.traffic.across.public.networks.
bea40	61 6e 64 20 70 72 69 76 61 74 65 20 6e 65 74 77 6f 72 6b 73 2c 20 61 6c 73 6f 20 65 6e 63 72 79	and.private.networks,.also.encry
bea60	70 74 73 20 74 68 65 20 74 72 61 66 66 69 63 20 77 69 74 68 20 53 53 4c 20 70 72 6f 74 6f 63 6f	pts.the.traffic.with.SSL.protoco
bea80	6c 2e 00 4f 70 65 6e 56 50 4e 00 4f 70 65 6e 56 50 4e 20 2a 2a 77 69 6c 6c 20 6e 6f 74 2a 2a 20	l..OpenVPN.OpenVPN.**will.not**.
beaa0	61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 63 72 65 61 74 65 20 72 6f 75 74 65 73 20 69 6e 20 74	automatically.create.routes.in.t
beac0	68 65 20 6b 65 72 6e 65 6c 20 66 6f 72 20 63 6c 69 65 6e 74 20 73 75 62 6e 65 74 73 20 77 68 65	he.kernel.for.client.subnets.whe
beae0	6e 20 74 68 65 79 20 63 6f 6e 6e 65 63 74 20 61 6e 64 20 77 69 6c 6c 20 6f 6e 6c 79 20 75 73 65	n.they.connect.and.will.only.use
beb00	20 63 6c 69 65 6e 74 2d 73 75 62 6e 65 74 20 61 73 73 6f 63 69 61 74 69 6f 6e 20 69 6e 74 65 72	.client-subnet.association.inter
beb20	6e 61 6c 6c 79 2c 20 73 6f 20 77 65 20 6e 65 65 64 20 74 6f 20 63 72 65 61 74 65 20 61 20 72 6f	nally,.so.we.need.to.create.a.ro
beb40	75 74 65 20 74 6f 20 74 68 65 20 31 30 2e 32 33 2e 30 2e 30 2f 32 30 20 6e 65 74 77 6f 72 6b 20	ute.to.the.10.23.0.0/20.network.
beb60	6f 75 72 73 65 6c 76 65 73 3a 00 4f 70 65 6e 56 50 4e 20 44 43 4f 20 69 73 20 6e 6f 74 20 66 75	ourselves:.OpenVPN.DCO.is.not.fu
beb80	6c 6c 20 4f 70 65 6e 56 50 4e 20 66 65 61 74 75 72 65 73 20 73 75 70 70 6f 72 74 65 64 20 2c 20	ll.OpenVPN.features.supported.,.
beba0	69 73 20 63 75 72 72 65 6e 74 6c 79 20 63 6f 6e 73 69 64 65 72 65 64 20 65 78 70 65 72 69 6d 65	is.currently.considered.experime
bebc0	6e 74 61 6c 2e 20 46 75 72 74 68 65 72 6d 6f 72 65 2c 20 74 68 65 72 65 20 61 72 65 20 63 65 72	ntal..Furthermore,.there.are.cer
bebe0	74 61 69 6e 20 4f 70 65 6e 56 50 4e 20 66 65 61 74 75 72 65 73 20 61 6e 64 20 75 73 65 20 63 61	tain.OpenVPN.features.and.use.ca
bec00	73 65 73 20 74 68 61 74 20 72 65 6d 61 69 6e 20 69 6e 63 6f 6d 70 61 74 69 62 6c 65 20 77 69 74	ses.that.remain.incompatible.wit
bec20	68 20 44 43 4f 2e 20 54 6f 20 67 65 74 20 61 20 63 6f 6d 70 72 65 68 65 6e 73 69 76 65 20 75 6e	h.DCO..To.get.a.comprehensive.un
bec40	64 65 72 73 74 61 6e 64 69 6e 67 20 6f 66 20 74 68 65 20 6c 69 6d 69 74 61 74 69 6f 6e 73 20 61	derstanding.of.the.limitations.a
bec60	73 73 6f 63 69 61 74 65 64 20 77 69 74 68 20 44 43 4f 2c 20 72 65 66 65 72 20 74 6f 20 74 68 65	ssociated.with.DCO,.refer.to.the
bec80	20 6c 69 73 74 20 6f 66 20 6b 6e 6f 77 6e 20 6c 69 6d 69 74 61 74 69 6f 6e 73 20 69 6e 20 74 68	.list.of.known.limitations.in.th
beca0	65 20 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 00 4f 70 65 6e 56 50 4e 20 44 61 74 61 20 43 68	e.documentation..OpenVPN.Data.Ch
becc0	61 6e 6e 65 6c 20 4f 66 66 6c 6f 61 64 20 28 44 43 4f 29 00 4f 70 65 6e 56 50 4e 20 44 61 74 61	annel.Offload.(DCO).OpenVPN.Data
bece0	20 43 68 61 6e 6e 65 6c 20 4f 66 66 6c 6f 61 64 20 28 44 43 4f 29 20 65 6e 61 62 6c 65 73 20 73	.Channel.Offload.(DCO).enables.s
bed00	69 67 6e 69 66 69 63 61 6e 74 20 70 65 72 66 6f 72 6d 61 6e 63 65 20 65 6e 68 61 6e 63 65 6d 65	ignificant.performance.enhanceme
bed20	6e 74 20 69 6e 20 65 6e 63 72 79 70 74 65 64 20 4f 70 65 6e 56 50 4e 20 64 61 74 61 20 70 72 6f	nt.in.encrypted.OpenVPN.data.pro
bed40	63 65 73 73 69 6e 67 2e 20 42 79 20 6d 69 6e 69 6d 69 7a 69 6e 67 20 63 6f 6e 74 65 78 74 20 73	cessing..By.minimizing.context.s
bed60	77 69 74 63 68 69 6e 67 20 66 6f 72 20 65 61 63 68 20 70 61 63 6b 65 74 2c 20 44 43 4f 20 65 66	witching.for.each.packet,.DCO.ef
bed80	66 65 63 74 69 76 65 6c 79 20 72 65 64 75 63 65 73 20 6f 76 65 72 68 65 61 64 2e 20 54 68 69 73	fectively.reduces.overhead..This
beda0	20 6f 70 74 69 6d 69 7a 61 74 69 6f 6e 20 69 73 20 61 63 68 69 65 76 65 64 20 62 79 20 6b 65 65	.optimization.is.achieved.by.kee
bedc0	70 69 6e 67 20 6d 6f 73 74 20 64 61 74 61 20 68 61 6e 64 6c 69 6e 67 20 74 61 73 6b 73 20 77 69	ping.most.data.handling.tasks.wi
bede0	74 68 69 6e 20 74 68 65 20 6b 65 72 6e 65 6c 2c 20 61 76 6f 69 64 69 6e 67 20 66 72 65 71 75 65	thin.the.kernel,.avoiding.freque
bee00	6e 74 20 73 77 69 74 63 68 65 73 20 62 65 74 77 65 65 6e 20 6b 65 72 6e 65 6c 20 61 6e 64 20 75	nt.switches.between.kernel.and.u
bee20	73 65 72 20 73 70 61 63 65 20 66 6f 72 20 65 6e 63 72 79 70 74 69 6f 6e 20 61 6e 64 20 70 61 63	ser.space.for.encryption.and.pac
bee40	6b 65 74 20 68 61 6e 64 6c 69 6e 67 2e 00 4f 70 65 6e 56 50 4e 20 61 6c 6c 6f 77 73 20 66 6f 72	ket.handling..OpenVPN.allows.for
bee60	20 65 69 74 68 65 72 20 54 43 50 20 6f 72 20 55 44 50 2e 20 55 44 50 20 77 69 6c 6c 20 70 72 6f	.either.TCP.or.UDP..UDP.will.pro
bee80	76 69 64 65 20 74 68 65 20 6c 6f 77 65 73 74 20 6c 61 74 65 6e 63 79 2c 20 77 68 69 6c 65 20 54	vide.the.lowest.latency,.while.T
beea0	43 50 20 77 69 6c 6c 20 77 6f 72 6b 20 62 65 74 74 65 72 20 66 6f 72 20 6c 6f 73 73 79 20 63 6f	CP.will.work.better.for.lossy.co
beec0	6e 6e 65 63 74 69 6f 6e 73 3b 20 67 65 6e 65 72 61 6c 6c 79 20 55 44 50 20 69 73 20 70 72 65 66	nnections;.generally.UDP.is.pref
beee0	65 72 72 65 64 20 77 68 65 6e 20 70 6f 73 73 69 62 6c 65 2e 00 4f 70 65 6e 56 50 4e 20 73 74 61	erred.when.possible..OpenVPN.sta
bef00	74 75 73 20 63 61 6e 20 62 65 20 76 65 72 69 66 69 65 64 20 75 73 69 6e 67 20 74 68 65 20 60 73	tus.can.be.verified.using.the.`s
bef20	68 6f 77 20 6f 70 65 6e 76 70 6e 60 20 6f 70 65 72 61 74 69 6f 6e 61 6c 20 63 6f 6d 6d 61 6e 64	how.openvpn`.operational.command
bef40	73 2e 20 53 65 65 20 74 68 65 20 62 75 69 6c 74 2d 69 6e 20 68 65 6c 70 20 66 6f 72 20 61 20 63	s..See.the.built-in.help.for.a.c
bef60	6f 6d 70 6c 65 74 65 20 6c 69 73 74 20 6f 66 20 6f 70 74 69 6f 6e 73 2e 00 4f 70 65 6e 63 6f 6e	omplete.list.of.options..Opencon
bef80	6e 65 63 74 20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 00 4f 70 65 72 61 74 69 6e 67 20 4d 6f 64	nect.Configuration.Operating.Mod
befa0	65 73 00 4f 70 65 72 61 74 69 6f 6e 00 4f 70 65 72 61 74 69 6f 6e 20 43 6f 6d 6d 61 6e 64 73 00	es.Operation.Operation.Commands.
befc0	4f 70 65 72 61 74 69 6f 6e 20 4d 6f 64 65 00 4f 70 65 72 61 74 69 6f 6e 20 6d 6f 64 65 20 6f 66	Operation.Mode.Operation.mode.of
befe0	20 77 69 72 65 6c 65 73 73 20 72 61 64 69 6f 2e 00 4f 70 65 72 61 74 69 6f 6e 2d 6d 6f 64 65 20	.wireless.radio..Operation-mode.
bf000	46 69 72 65 77 61 6c 6c 00 4f 70 65 72 61 74 69 6f 6e 61 6c 20 43 6f 6d 6d 61 6e 64 73 00 4f 70	Firewall.Operational.Commands.Op
bf020	65 72 61 74 69 6f 6e 61 6c 20 4d 6f 64 65 20 43 6f 6d 6d 61 6e 64 73 00 4f 70 65 72 61 74 69 6f	erational.Mode.Commands.Operatio
bf040	6e 61 6c 20 63 6f 6d 6d 61 6e 64 73 00 4f 70 74 69 6f 6e 00 4f 70 74 69 6f 6e 20 34 33 20 66 6f	nal.commands.Option.Option.43.fo
bf060	72 20 55 6e 69 46 49 00 4f 70 74 69 6f 6e 20 64 65 73 63 72 69 70 74 69 6f 6e 00 4f 70 74 69 6f	r.UniFI.Option.description.Optio
bf080	6e 20 6e 75 6d 62 65 72 00 4f 70 74 69 6f 6e 20 73 70 65 63 69 66 79 69 6e 67 20 74 68 65 20 72	n.number.Option.specifying.the.r
bf0a0	61 74 65 20 69 6e 20 77 68 69 63 68 20 77 65 27 6c 6c 20 61 73 6b 20 6f 75 72 20 6c 69 6e 6b 20	ate.in.which.we'll.ask.our.link.
bf0c0	70 61 72 74 6e 65 72 20 74 6f 20 74 72 61 6e 73 6d 69 74 20 4c 41 43 50 44 55 20 70 61 63 6b 65	partner.to.transmit.LACPDU.packe
bf0e0	74 73 20 69 6e 20 38 30 32 2e 33 61 64 20 6d 6f 64 65 2e 00 4f 70 74 69 6f 6e 20 74 6f 20 64 69	ts.in.802.3ad.mode..Option.to.di
bf100	73 61 62 6c 65 20 72 75 6c 65 2e 00 4f 70 74 69 6f 6e 20 74 6f 20 65 6e 61 62 6c 65 20 6f 72 20	sable.rule..Option.to.enable.or.
bf120	64 69 73 61 62 6c 65 20 6c 6f 67 20 6d 61 74 63 68 69 6e 67 20 72 75 6c 65 2e 00 4f 70 74 69 6f	disable.log.matching.rule..Optio
bf140	6e 20 74 6f 20 6c 6f 67 20 70 61 63 6b 65 74 73 20 68 69 74 74 69 6e 67 20 64 65 66 61 75 6c 74	n.to.log.packets.hitting.default
bf160	2d 61 63 74 69 6f 6e 2e 00 4f 70 74 69 6f 6e 61 6c 00 4f 70 74 69 6f 6e 61 6c 20 43 6f 6e 66 69	-action..Optional.Optional.Confi
bf180	67 75 72 61 74 69 6f 6e 00 4f 70 74 69 6f 6e 61 6c 2c 20 69 66 20 79 6f 75 20 77 61 6e 74 20 74	guration.Optional,.if.you.want.t
bf1a0	6f 20 65 6e 61 62 6c 65 20 75 70 6c 6f 61 64 73 2c 20 65 6c 73 65 20 54 46 54 50 20 73 65 72 76	o.enable.uploads,.else.TFTP.serv
bf1c0	65 72 20 77 69 6c 6c 20 61 63 74 20 61 73 20 61 20 72 65 61 64 2d 6f 6e 6c 79 20 73 65 72 76 65	er.will.act.as.a.read-only.serve
bf1e0	72 2e 00 4f 70 74 69 6f 6e 61 6c 2f 64 65 66 61 75 6c 74 20 73 65 74 74 69 6e 67 73 00 4f 70 74	r..Optional/default.settings.Opt
bf200	69 6f 6e 61 6c 6c 79 20 73 65 74 20 61 20 73 70 65 63 69 66 69 63 20 73 74 61 74 69 63 20 49 50	ionally.set.a.specific.static.IP
bf220	76 34 20 6f 72 20 49 50 76 36 20 61 64 64 72 65 73 73 20 66 6f 72 20 74 68 65 20 63 6f 6e 74 61	v4.or.IPv6.address.for.the.conta
bf240	69 6e 65 72 2e 20 54 68 69 73 20 61 64 64 72 65 73 73 20 6d 75 73 74 20 62 65 20 77 69 74 68 69	iner..This.address.must.be.withi
bf260	6e 20 74 68 65 20 6e 61 6d 65 64 20 6e 65 74 77 6f 72 6b 20 70 72 65 66 69 78 2e 00 4f 70 74 69	n.the.named.network.prefix..Opti
bf280	6f 6e 73 00 4f 70 74 69 6f 6e 73 20 28 47 6c 6f 62 61 6c 20 49 50 73 65 63 20 73 65 74 74 69 6e	ons.Options.(Global.IPsec.settin
bf2a0	67 73 29 20 41 74 74 72 69 62 75 74 65 73 00 4f 70 74 69 6f 6e 73 20 75 73 65 64 20 66 6f 72 20	gs).Attributes.Options.used.for.
bf2c0	71 75 65 75 65 20 74 61 72 67 65 74 2e 20 41 63 74 69 6f 6e 20 71 75 65 75 65 20 6d 75 73 74 20	queue.target..Action.queue.must.
bf2e0	62 65 20 64 65 66 69 6e 65 64 20 74 6f 20 75 73 65 20 74 68 69 73 20 73 65 74 74 69 6e 67 00 4f	be.defined.to.use.this.setting.O
bf300	72 20 2a 2a 62 69 6e 61 72 79 2a 2a 20 70 72 65 66 69 78 65 73 2e 00 4f 72 2c 20 66 6f 72 20 65	r.**binary**.prefixes..Or,.for.e
bf320	78 61 6d 70 6c 65 20 66 74 70 2c 20 60 64 65 6c 65 74 65 20 73 79 73 74 65 6d 20 63 6f 6e 6e 74	xample.ftp,.`delete.system.connt
bf340	72 61 63 6b 20 6d 6f 64 75 6c 65 73 20 66 74 70 60 2e 00 4f 72 69 67 69 6e 61 74 65 20 61 6e 20	rack.modules.ftp`..Originate.an.
bf360	41 53 2d 45 78 74 65 72 6e 61 6c 20 28 74 79 70 65 2d 35 29 20 4c 53 41 20 64 65 73 63 72 69 62	AS-External.(type-5).LSA.describ
bf380	69 6e 67 20 61 20 64 65 66 61 75 6c 74 20 72 6f 75 74 65 20 69 6e 74 6f 20 61 6c 6c 20 65 78 74	ing.a.default.route.into.all.ext
bf3a0	65 72 6e 61 6c 2d 72 6f 75 74 69 6e 67 20 63 61 70 61 62 6c 65 20 61 72 65 61 73 2c 20 6f 66 20	ernal-routing.capable.areas,.of.
bf3c0	74 68 65 20 73 70 65 63 69 66 69 65 64 20 6d 65 74 72 69 63 20 61 6e 64 20 6d 65 74 72 69 63 20	the.specified.metric.and.metric.
bf3e0	74 79 70 65 2e 20 49 66 20 74 68 65 20 3a 63 66 67 63 6d 64 3a 60 61 6c 77 61 79 73 60 20 6b 65	type..If.the.:cfgcmd:`always`.ke
bf400	79 77 6f 72 64 20 69 73 20 67 69 76 65 6e 20 74 68 65 6e 20 74 68 65 20 64 65 66 61 75 6c 74 20	yword.is.given.then.the.default.
bf420	69 73 20 61 6c 77 61 79 73 20 61 64 76 65 72 74 69 73 65 64 2c 20 65 76 65 6e 20 77 68 65 6e 20	is.always.advertised,.even.when.
bf440	74 68 65 72 65 20 69 73 20 6e 6f 20 64 65 66 61 75 6c 74 20 70 72 65 73 65 6e 74 20 69 6e 20 74	there.is.no.default.present.in.t
bf460	68 65 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 2e 20 54 68 65 20 61 72 67 75 6d 65 6e 74 20 3a	he.routing.table..The.argument.:
bf480	63 66 67 63 6d 64 3a 60 72 6f 75 74 65 2d 6d 61 70 60 20 73 70 65 63 69 66 69 65 73 20 74 6f 20	cfgcmd:`route-map`.specifies.to.
bf4a0	61 64 76 65 72 74 69 73 65 20 74 68 65 20 64 65 66 61 75 6c 74 20 72 6f 75 74 65 20 69 66 20 74	advertise.the.default.route.if.t
bf4c0	68 65 20 72 6f 75 74 65 20 6d 61 70 20 69 73 20 73 61 74 69 73 66 69 65 64 2e 00 4f 74 68 65 72	he.route.map.is.satisfied..Other
bf4e0	20 61 74 74 72 69 62 75 74 65 73 20 63 61 6e 20 62 65 20 75 73 65 64 2c 20 62 75 74 20 74 68 65	.attributes.can.be.used,.but.the
bf500	79 20 68 61 76 65 20 74 6f 20 62 65 20 69 6e 20 6f 6e 65 20 6f 66 20 74 68 65 20 64 69 63 74 69	y.have.to.be.in.one.of.the.dicti
bf520	6f 6e 61 72 69 65 73 20 69 6e 20 2a 2f 75 73 72 2f 73 68 61 72 65 2f 61 63 63 65 6c 2d 70 70 70	onaries.in.*/usr/share/accel-ppp
bf540	2f 72 61 64 69 75 73 2a 2e 00 4f 75 72 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 63 6f 6d 6d	/radius*..Our.configuration.comm
bf560	61 6e 64 73 20 77 6f 75 6c 64 20 62 65 3a 00 4f 75 72 20 72 65 6d 6f 74 65 20 65 6e 64 20 6f 66	ands.would.be:.Our.remote.end.of
bf580	20 74 68 65 20 74 75 6e 6e 65 6c 20 66 6f 72 20 70 65 65 72 20 60 74 6f 2d 77 67 30 32 60 20 69	.the.tunnel.for.peer.`to-wg02`.i
bf5a0	73 20 72 65 61 63 68 61 62 6c 65 20 61 74 20 31 39 32 2e 30 2e 32 2e 31 20 70 6f 72 74 20 35 31	s.reachable.at.192.0.2.1.port.51
bf5c0	38 32 30 00 4f 75 74 62 6f 75 6e 64 20 74 72 61 66 66 69 63 20 63 61 6e 20 62 65 20 62 61 6c 61	820.Outbound.traffic.can.be.bala
bf5e0	6e 63 65 64 20 62 65 74 77 65 65 6e 20 74 77 6f 20 6f 72 20 6d 6f 72 65 20 6f 75 74 62 6f 75 6e	nced.between.two.or.more.outboun
bf600	64 20 69 6e 74 65 72 66 61 63 65 73 2e 20 49 66 20 61 20 70 61 74 68 20 66 61 69 6c 73 2c 20 74	d.interfaces..If.a.path.fails,.t
bf620	72 61 66 66 69 63 20 69 73 20 62 61 6c 61 6e 63 65 64 20 61 63 72 6f 73 73 20 74 68 65 20 72 65	raffic.is.balanced.across.the.re
bf640	6d 61 69 6e 69 6e 67 20 68 65 61 6c 74 68 79 20 70 61 74 68 73 2c 20 61 20 72 65 63 6f 76 65 72	maining.healthy.paths,.a.recover
bf660	65 64 20 70 61 74 68 20 69 73 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 61 64 64 65 64 20 62	ed.path.is.automatically.added.b
bf680	61 63 6b 20 74 6f 20 74 68 65 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 20 61 6e 64 20 75 73 65	ack.to.the.routing.table.and.use
bf6a0	64 20 62 79 20 74 68 65 20 6c 6f 61 64 20 62 61 6c 61 6e 63 65 72 2e 20 54 68 65 20 6c 6f 61 64	d.by.the.load.balancer..The.load
bf6c0	20 62 61 6c 61 6e 63 65 72 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 61 64 64 73 20 72 6f 75	.balancer.automatically.adds.rou
bf6e0	74 65 73 20 66 6f 72 20 65 61 63 68 20 70 61 74 68 20 74 6f 20 74 68 65 20 72 6f 75 74 69 6e 67	tes.for.each.path.to.the.routing
bf700	20 74 61 62 6c 65 20 61 6e 64 20 62 61 6c 61 6e 63 65 73 20 74 72 61 66 66 69 63 20 61 63 72 6f	.table.and.balances.traffic.acro
bf720	73 73 20 74 68 65 20 63 6f 6e 66 69 67 75 72 65 64 20 69 6e 74 65 72 66 61 63 65 73 2c 20 64 65	ss.the.configured.interfaces,.de
bf740	74 65 72 6d 69 6e 65 64 20 62 79 20 69 6e 74 65 72 66 61 63 65 20 68 65 61 6c 74 68 20 61 6e 64	termined.by.interface.health.and
bf760	20 77 65 69 67 68 74 2e 00 4f 75 74 67 6f 69 6e 67 20 74 72 61 66 66 69 63 20 69 73 20 62 61 6c	.weight..Outgoing.traffic.is.bal
bf780	61 6e 63 65 64 20 69 6e 20 61 20 66 6c 6f 77 2d 62 61 73 65 64 20 6d 61 6e 6e 65 72 2e 20 41 20	anced.in.a.flow-based.manner..A.
bf7a0	63 6f 6e 6e 65 63 74 69 6f 6e 20 74 72 61 63 6b 69 6e 67 20 74 61 62 6c 65 20 69 73 20 75 73 65	connection.tracking.table.is.use
bf7c0	64 20 74 6f 20 74 72 61 63 6b 20 66 6c 6f 77 73 20 62 79 20 74 68 65 69 72 20 73 6f 75 72 63 65	d.to.track.flows.by.their.source
bf7e0	20 61 64 64 72 65 73 73 2c 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 61 64 64 72 65 73 73 20 61 6e	.address,.destination.address.an
bf800	64 20 70 6f 72 74 2e 20 45 61 63 68 20 66 6c 6f 77 20 69 73 20 61 73 73 69 67 6e 65 64 20 74 6f	d.port..Each.flow.is.assigned.to
bf820	20 61 6e 20 69 6e 74 65 72 66 61 63 65 20 61 63 63 6f 72 64 69 6e 67 20 74 6f 20 74 68 65 20 64	.an.interface.according.to.the.d
bf840	65 66 69 6e 65 64 20 62 61 6c 61 6e 63 69 6e 67 20 72 75 6c 65 73 20 61 6e 64 20 73 75 62 73 65	efined.balancing.rules.and.subse
bf860	71 75 65 6e 74 20 70 61 63 6b 65 74 73 20 61 72 65 20 73 65 6e 74 20 74 68 72 6f 75 67 68 20 74	quent.packets.are.sent.through.t
bf880	68 65 20 73 61 6d 65 20 69 6e 74 65 72 66 61 63 65 2e 20 54 68 69 73 20 68 61 73 20 74 68 65 20	he.same.interface..This.has.the.
bf8a0	61 64 76 61 6e 74 61 67 65 20 74 68 61 74 20 70 61 63 6b 65 74 73 20 61 6c 77 61 79 73 20 61 72	advantage.that.packets.always.ar
bf8c0	72 69 76 65 20 69 6e 20 6f 72 64 65 72 20 69 66 20 6c 69 6e 6b 73 20 77 69 74 68 20 64 69 66 66	rive.in.order.if.links.with.diff
bf8e0	65 72 65 6e 74 20 73 70 65 65 64 73 20 61 72 65 20 69 6e 20 75 73 65 2e 00 4f 75 74 70 75 74 20	erent.speeds.are.in.use..Output.
bf900	66 72 6f 6d 20 60 65 74 68 30 60 20 6e 65 74 77 6f 72 6b 20 69 6e 74 65 72 66 61 63 65 00 4f 75	from.`eth0`.network.interface.Ou
bf920	74 70 75 74 20 70 6c 75 67 69 6e 20 50 72 6f 6d 65 74 68 65 75 73 20 63 6c 69 65 6e 74 00 4f 76	tput.plugin.Prometheus.client.Ov
bf940	65 72 20 49 50 00 4f 76 65 72 20 49 50 53 65 63 2c 20 4c 32 20 56 50 4e 20 28 62 72 69 64 67 65	er.IP.Over.IPSec,.L2.VPN.(bridge
bf960	29 00 4f 76 65 72 20 55 44 50 00 4f 76 65 72 72 69 64 65 20 73 74 61 74 69 63 2d 6d 61 70 70 69	).Over.UDP.Override.static-mappi
bf980	6e 67 27 73 20 6e 61 6d 65 2d 73 65 72 76 65 72 20 77 69 74 68 20 61 20 63 75 73 74 6f 6d 20 6f	ng's.name-server.with.a.custom.o
bf9a0	6e 65 20 74 68 61 74 20 77 69 6c 6c 20 62 65 20 73 65 6e 74 20 6f 6e 6c 79 20 74 6f 20 74 68 69	ne.that.will.be.sent.only.to.thi
bf9c0	73 20 68 6f 73 74 2e 00 4f 76 65 72 76 69 65 77 00 4f 76 65 72 76 69 65 77 20 61 6e 64 20 62 61	s.host..Overview.Overview.and.ba
bf9e0	73 69 63 20 63 6f 6e 63 65 70 74 73 00 4f 76 65 72 76 69 65 77 20 6f 66 20 64 65 66 69 6e 65 64	sic.concepts.Overview.of.defined
bfa00	20 67 72 6f 75 70 73 2e 20 59 6f 75 20 73 65 65 20 74 68 65 20 74 79 70 65 2c 20 74 68 65 20 6d	.groups..You.see.the.type,.the.m
bfa20	65 6d 62 65 72 73 2c 20 61 6e 64 20 77 68 65 72 65 20 74 68 65 20 67 72 6f 75 70 20 69 73 20 75	embers,.and.where.the.group.is.u
bfa40	73 65 64 2e 00 50 42 52 20 6d 75 6c 74 69 70 6c 65 20 75 70 6c 69 6e 6b 73 00 50 43 31 20 69 73	sed..PBR.multiple.uplinks.PC1.is
bfa60	20 69 6e 20 74 68 65 20 60 60 64 65 66 61 75 6c 74 60 60 20 56 52 46 20 61 6e 64 20 61 63 74 69	.in.the.``default``.VRF.and.acti
bfa80	6e 67 20 61 73 20 65 2e 67 2e 20 61 20 22 66 69 6c 65 73 65 72 76 65 72 22 00 50 43 32 20 69 73	ng.as.e.g..a."fileserver".PC2.is
bfaa0	20 69 6e 20 56 52 46 20 60 60 62 6c 75 65 60 60 20 77 68 69 63 68 20 69 73 20 74 68 65 20 64 65	.in.VRF.``blue``.which.is.the.de
bfac0	76 65 6c 6f 70 6d 65 6e 74 20 64 65 70 61 72 74 6d 65 6e 74 00 50 43 33 20 61 6e 64 20 50 43 34	velopment.department.PC3.and.PC4
bfae0	20 61 72 65 20 63 6f 6e 6e 65 63 74 65 64 20 74 6f 20 61 20 62 72 69 64 67 65 20 64 65 76 69 63	.are.connected.to.a.bridge.devic
bfb00	65 20 6f 6e 20 72 6f 75 74 65 72 20 60 60 52 31 60 60 20 77 68 69 63 68 20 69 73 20 69 6e 20 56	e.on.router.``R1``.which.is.in.V
bfb20	52 46 20 60 60 72 65 64 60 60 2e 20 53 61 79 20 74 68 69 73 20 69 73 20 74 68 65 20 48 52 20 64	RF.``red``..Say.this.is.the.HR.d
bfb40	65 70 61 72 74 6d 65 6e 74 2e 00 50 43 34 20 68 61 73 20 49 50 20 31 30 2e 30 2e 30 2e 34 2f 32	epartment..PC4.has.IP.10.0.0.4/2
bfb60	34 20 61 6e 64 20 50 43 35 20 68 61 73 20 49 50 20 31 30 2e 30 2e 30 2e 35 2f 32 34 2c 20 73 6f	4.and.PC5.has.IP.10.0.0.5/24,.so
bfb80	20 74 68 65 79 20 62 65 6c 69 65 76 65 20 74 68 65 79 20 61 72 65 20 69 6e 20 74 68 65 20 73 61	.they.believe.they.are.in.the.sa
bfba0	6d 65 20 62 72 6f 61 64 63 61 73 74 20 64 6f 6d 61 69 6e 2e 00 50 43 35 20 72 65 63 65 69 76 65	me.broadcast.domain..PC5.receive
bfbc0	73 20 74 68 65 20 70 69 6e 67 20 65 63 68 6f 2c 20 72 65 73 70 6f 6e 64 73 20 77 69 74 68 20 61	s.the.ping.echo,.responds.with.a
bfbe0	6e 20 65 63 68 6f 20 72 65 70 6c 79 20 74 68 61 74 20 4c 65 61 66 33 20 72 65 63 65 69 76 65 73	n.echo.reply.that.Leaf3.receives
bfc00	20 61 6e 64 20 74 68 69 73 20 74 69 6d 65 20 66 6f 72 77 61 72 64 73 20 74 6f 20 4c 65 61 66 32	.and.this.time.forwards.to.Leaf2
bfc20	27 73 20 75 6e 69 63 61 73 74 20 61 64 64 72 65 73 73 20 64 69 72 65 63 74 6c 79 20 62 65 63 61	's.unicast.address.directly.beca
bfc40	75 73 65 20 69 74 20 6c 65 61 72 6e 65 64 20 74 68 65 20 6c 6f 63 61 74 69 6f 6e 20 6f 66 20 50	use.it.learned.the.location.of.P
bfc60	43 34 20 61 62 6f 76 65 2e 20 57 68 65 6e 20 4c 65 61 66 32 20 72 65 63 65 69 76 65 73 20 74 68	C4.above..When.Leaf2.receives.th
bfc80	65 20 65 63 68 6f 20 72 65 70 6c 79 20 66 72 6f 6d 20 50 43 35 20 69 74 20 73 65 65 73 20 74 68	e.echo.reply.from.PC5.it.sees.th
bfca0	61 74 20 69 74 20 63 61 6d 65 20 66 72 6f 6d 20 4c 65 61 66 33 20 61 6e 64 20 73 6f 20 72 65 6d	at.it.came.from.Leaf3.and.so.rem
bfcc0	65 6d 62 65 72 73 20 74 68 61 74 20 50 43 35 20 69 73 20 72 65 61 63 68 61 62 6c 65 20 76 69 61	embers.that.PC5.is.reachable.via
bfce0	20 4c 65 61 66 33 2e 00 50 49 4d 20 28 50 72 6f 74 6f 63 6f 6c 20 49 6e 64 65 70 65 6e 64 65 6e	.Leaf3..PIM.(Protocol.Independen
bfd00	74 20 4d 75 6c 74 69 63 61 73 74 29 20 6d 75 73 74 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20	t.Multicast).must.be.configured.
bfd20	69 6e 20 65 76 65 72 79 20 69 6e 74 65 72 66 61 63 65 20 6f 66 20 65 76 65 72 79 20 70 61 72 74	in.every.interface.of.every.part
bfd40	69 63 69 70 61 74 69 6e 67 20 72 6f 75 74 65 72 2e 20 45 76 65 72 79 20 72 6f 75 74 65 72 20 6d	icipating.router..Every.router.m
bfd60	75 73 74 20 61 6c 73 6f 20 68 61 76 65 20 74 68 65 20 6c 6f 63 61 74 69 6f 6e 20 6f 66 20 74 68	ust.also.have.the.location.of.th
bfd80	65 20 52 65 6e 64 65 76 6f 75 7a 20 50 6f 69 6e 74 20 6d 61 6e 75 61 6c 6c 79 20 63 6f 6e 66 69	e.Rendevouz.Point.manually.confi
bfda0	67 75 72 65 64 2e 20 54 68 65 6e 2c 20 75 6e 69 64 69 72 65 63 74 69 6f 6e 61 6c 20 73 68 61 72	gured..Then,.unidirectional.shar
bfdc0	65 64 20 74 72 65 65 73 20 72 6f 6f 74 65 64 20 61 74 20 74 68 65 20 52 65 6e 64 65 76 6f 75 7a	ed.trees.rooted.at.the.Rendevouz
bfde0	20 50 6f 69 6e 74 20 77 69 6c 6c 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 62 65 20 62 75 69	.Point.will.automatically.be.bui
bfe00	6c 74 20 66 6f 72 20 6d 75 6c 74 69 63 61 73 74 20 64 69 73 74 72 69 62 75 74 69 6f 6e 2e 00 50	lt.for.multicast.distribution..P
bfe20	49 4d 20 61 6e 64 20 49 47 4d 50 00 50 49 4d 76 36 20 28 50 72 6f 74 6f 63 6f 6c 20 49 6e 64 65	IM.and.IGMP.PIMv6.(Protocol.Inde
bfe40	70 65 6e 64 65 6e 74 20 4d 75 6c 74 69 63 61 73 74 20 66 6f 72 20 49 50 76 36 29 20 6d 75 73 74	pendent.Multicast.for.IPv6).must
bfe60	20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 69 6e 20 65 76 65 72 79 20 69 6e 74 65 72 66 61 63	.be.configured.in.every.interfac
bfe80	65 20 6f 66 20 65 76 65 72 79 20 70 61 72 74 69 63 69 70 61 74 69 6e 67 20 72 6f 75 74 65 72 2e	e.of.every.participating.router.
bfea0	20 45 76 65 72 79 20 72 6f 75 74 65 72 20 6d 75 73 74 20 61 6c 73 6f 20 68 61 76 65 20 74 68 65	.Every.router.must.also.have.the
bfec0	20 6c 6f 63 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 52 65 6e 64 65 76 6f 75 7a 20 50 6f 69 6e 74	.location.of.the.Rendevouz.Point
bfee0	20 6d 61 6e 75 61 6c 6c 79 20 63 6f 6e 66 69 67 75 72 65 64 2e 20 54 68 65 6e 2c 20 75 6e 69 64	.manually.configured..Then,.unid
bff00	69 72 65 63 74 69 6f 6e 61 6c 20 73 68 61 72 65 64 20 74 72 65 65 73 20 72 6f 6f 74 65 64 20 61	irectional.shared.trees.rooted.a
bff20	74 20 74 68 65 20 52 65 6e 64 65 76 6f 75 7a 20 50 6f 69 6e 74 20 77 69 6c 6c 20 61 75 74 6f 6d	t.the.Rendevouz.Point.will.autom
bff40	61 74 69 63 61 6c 6c 79 20 62 65 20 62 75 69 6c 74 20 66 6f 72 20 6d 75 6c 74 69 63 61 73 74 20	atically.be.built.for.multicast.
bff60	64 69 73 74 72 69 62 75 74 69 6f 6e 2e 00 50 4b 49 00 50 50 44 55 00 50 50 50 20 53 65 74 74 69	distribution..PKI.PPDU.PPP.Setti
bff80	6e 67 73 00 50 50 50 6f 45 00 50 50 50 6f 45 20 53 65 72 76 65 72 00 50 50 50 6f 45 20 6f 70 74	ngs.PPPoE.PPPoE.Server.PPPoE.opt
bffa0	69 6f 6e 73 00 50 50 54 50 2d 53 65 72 76 65 72 00 50 61 63 6b 65 74 2d 62 61 73 65 64 20 62 61	ions.PPTP-Server.Packet-based.ba
bffc0	6c 61 6e 63 69 6e 67 20 63 61 6e 20 6c 65 61 64 20 74 6f 20 61 20 62 65 74 74 65 72 20 62 61 6c	lancing.can.lead.to.a.better.bal
bffe0	61 6e 63 65 20 61 63 72 6f 73 73 20 69 6e 74 65 72 66 61 63 65 73 20 77 68 65 6e 20 6f 75 74 20	ance.across.interfaces.when.out.
c0000	6f 66 20 6f 72 64 65 72 20 70 61 63 6b 65 74 73 20 61 72 65 20 6e 6f 20 69 73 73 75 65 2e 20 50	of.order.packets.are.no.issue..P
c0020	65 72 2d 70 61 63 6b 65 74 2d 62 61 73 65 64 20 62 61 6c 61 6e 63 69 6e 67 20 63 61 6e 20 62 65	er-packet-based.balancing.can.be
c0040	20 73 65 74 20 66 6f 72 20 61 20 62 61 6c 61 6e 63 69 6e 67 20 72 75 6c 65 20 77 69 74 68 3a 00	.set.for.a.balancing.rule.with:.
c0060	50 61 72 74 69 63 75 6c 61 72 6c 79 20 6c 61 72 67 65 20 6e 65 74 77 6f 72 6b 73 20 6d 61 79 20	Particularly.large.networks.may.
c0080	77 69 73 68 20 74 6f 20 72 75 6e 20 74 68 65 69 72 20 6f 77 6e 20 52 50 4b 49 20 63 65 72 74 69	wish.to.run.their.own.RPKI.certi
c00a0	66 69 63 61 74 65 20 61 75 74 68 6f 72 69 74 79 20 61 6e 64 20 70 75 62 6c 69 63 61 74 69 6f 6e	ficate.authority.and.publication
c00c0	20 73 65 72 76 65 72 20 69 6e 73 74 65 61 64 20 6f 66 20 70 75 62 6c 69 73 68 69 6e 67 20 52 4f	.server.instead.of.publishing.RO
c00e0	41 73 20 76 69 61 20 74 68 65 69 72 20 52 49 52 2e 20 54 68 69 73 20 69 73 20 61 20 73 75 62 6a	As.via.their.RIR..This.is.a.subj
c0100	65 63 74 20 66 61 72 20 62 65 79 6f 6e 64 20 74 68 65 20 73 63 6f 70 65 20 6f 66 20 56 79 4f 53	ect.far.beyond.the.scope.of.VyOS
c0120	27 20 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 20 43 6f 6e 73 69 64 65 72 20 72 65 61 64 69 6e	'.documentation..Consider.readin
c0140	67 20 61 62 6f 75 74 20 4b 72 69 6c 6c 5f 20 69 66 20 74 68 69 73 20 69 73 20 61 20 72 61 62 62	g.about.Krill_.if.this.is.a.rabb
c0160	69 74 20 68 6f 6c 65 20 79 6f 75 20 6e 65 65 64 20 6f 72 20 65 73 70 65 63 69 61 6c 6c 79 20 77	it.hole.you.need.or.especially.w
c0180	61 6e 74 20 74 6f 20 64 69 76 65 20 64 6f 77 6e 2e 00 50 61 74 68 20 60 3c 63 6f 73 74 3e 60 20	ant.to.dive.down..Path.`<cost>`.
c01a0	76 61 6c 75 65 20 66 6f 72 20 53 70 61 6e 6e 69 6e 67 20 54 72 65 65 20 50 72 6f 74 6f 63 6f 6c	value.for.Spanning.Tree.Protocol
c01c0	2e 20 45 61 63 68 20 69 6e 74 65 72 66 61 63 65 20 69 6e 20 61 20 62 72 69 64 67 65 20 63 6f 75	..Each.interface.in.a.bridge.cou
c01e0	6c 64 20 68 61 76 65 20 61 20 64 69 66 66 65 72 65 6e 74 20 73 70 65 65 64 20 61 6e 64 20 74 68	ld.have.a.different.speed.and.th
c0200	69 73 20 76 61 6c 75 65 20 69 73 20 75 73 65 64 20 77 68 65 6e 20 64 65 63 69 64 69 6e 67 20 77	is.value.is.used.when.deciding.w
c0220	68 69 63 68 20 6c 69 6e 6b 20 74 6f 20 75 73 65 2e 20 46 61 73 74 65 72 20 69 6e 74 65 72 66 61	hich.link.to.use..Faster.interfa
c0240	63 65 73 20 73 68 6f 75 6c 64 20 68 61 76 65 20 6c 6f 77 65 72 20 63 6f 73 74 73 2e 00 50 61 74	ces.should.have.lower.costs..Pat
c0260	68 20 74 6f 20 60 3c 66 69 6c 65 3e 60 20 70 6f 69 6e 74 69 6e 67 20 74 6f 20 74 68 65 20 63 65	h.to.`<file>`.pointing.to.the.ce
c0280	72 74 69 66 69 63 61 74 65 20 61 75 74 68 6f 72 69 74 79 20 63 65 72 74 69 66 69 63 61 74 65 2e	rtificate.authority.certificate.
c02a0	00 50 61 74 68 20 74 6f 20 60 3c 66 69 6c 65 3e 60 20 70 6f 69 6e 74 69 6e 67 20 74 6f 20 74 68	.Path.to.`<file>`.pointing.to.th
c02c0	65 20 73 65 72 76 65 72 73 20 63 65 72 74 69 66 69 63 61 74 65 20 28 70 75 62 6c 69 63 20 70 6f	e.servers.certificate.(public.po
c02e0	72 74 69 6f 6e 29 2e 00 50 65 65 72 20 2d 20 50 65 65 72 00 50 65 65 72 20 47 72 6f 75 70 73 00	rtion)..Peer.-.Peer.Peer.Groups.
c0300	50 65 65 72 20 49 50 20 61 64 64 72 65 73 73 20 74 6f 20 6d 61 74 63 68 2e 00 50 65 65 72 20 50	Peer.IP.address.to.match..Peer.P
c0320	61 72 61 6d 65 74 65 72 73 00 50 65 65 72 20 67 72 6f 75 70 73 20 61 72 65 20 75 73 65 64 20 74	arameters.Peer.groups.are.used.t
c0340	6f 20 68 65 6c 70 20 69 6d 70 72 6f 76 65 20 73 63 61 6c 69 6e 67 20 62 79 20 67 65 6e 65 72 61	o.help.improve.scaling.by.genera
c0360	74 69 6e 67 20 74 68 65 20 73 61 6d 65 20 75 70 64 61 74 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e	ting.the.same.update.information
c0380	20 74 6f 20 61 6c 6c 20 6d 65 6d 62 65 72 73 20 6f 66 20 61 20 70 65 65 72 20 67 72 6f 75 70 2e	.to.all.members.of.a.peer.group.
c03a0	20 4e 6f 74 65 20 74 68 61 74 20 74 68 69 73 20 6d 65 61 6e 73 20 74 68 61 74 20 74 68 65 20 72	.Note.that.this.means.that.the.r
c03c0	6f 75 74 65 73 20 67 65 6e 65 72 61 74 65 64 20 62 79 20 61 20 6d 65 6d 62 65 72 20 6f 66 20 61	outes.generated.by.a.member.of.a
c03e0	20 70 65 65 72 20 67 72 6f 75 70 20 77 69 6c 6c 20 62 65 20 73 65 6e 74 20 62 61 63 6b 20 74 6f	.peer.group.will.be.sent.back.to
c0400	20 74 68 61 74 20 6f 72 69 67 69 6e 61 74 69 6e 67 20 70 65 65 72 20 77 69 74 68 20 74 68 65 20	.that.originating.peer.with.the.
c0420	6f 72 69 67 69 6e 61 74 6f 72 20 69 64 65 6e 74 69 66 69 65 72 20 61 74 74 72 69 62 75 74 65 20	originator.identifier.attribute.
c0440	73 65 74 20 74 6f 20 69 6e 64 69 63 61 74 65 64 20 74 68 65 20 6f 72 69 67 69 6e 61 74 69 6e 67	set.to.indicated.the.originating
c0460	20 70 65 65 72 2e 20 41 6c 6c 20 70 65 65 72 73 20 6e 6f 74 20 61 73 73 6f 63 69 61 74 65 64 20	.peer..All.peers.not.associated.
c0480	77 69 74 68 20 61 20 73 70 65 63 69 66 69 63 20 70 65 65 72 20 67 72 6f 75 70 20 61 72 65 20 74	with.a.specific.peer.group.are.t
c04a0	72 65 61 74 65 64 20 61 73 20 62 65 6c 6f 6e 67 69 6e 67 20 74 6f 20 61 20 64 65 66 61 75 6c 74	reated.as.belonging.to.a.default
c04c0	20 70 65 65 72 20 67 72 6f 75 70 2c 20 61 6e 64 20 77 69 6c 6c 20 73 68 61 72 65 20 75 70 64 61	.peer.group,.and.will.share.upda
c04e0	74 65 73 2e 00 50 65 65 72 20 74 6f 20 73 65 6e 64 20 75 6e 69 63 61 73 74 20 55 44 50 20 63 6f	tes..Peer.to.send.unicast.UDP.co
c0500	6e 6e 74 72 61 63 6b 20 73 79 6e 63 20 65 6e 74 69 72 65 73 20 74 6f 2c 20 69 66 20 6e 6f 74 20	nntrack.sync.entires.to,.if.not.
c0520	75 73 69 6e 67 20 4d 75 6c 74 69 63 61 73 74 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 66 72	using.Multicast.configuration.fr
c0540	6f 6d 20 61 62 6f 76 65 20 61 62 6f 76 65 2e 00 50 65 65 72 73 20 43 6f 6e 66 69 67 75 72 61 74	om.above.above..Peers.Configurat
c0560	69 6f 6e 00 50 65 72 20 64 65 66 61 75 6c 74 20 56 79 4f 53 73 20 68 61 73 20 6d 69 6e 69 6d 61	ion.Per.default.VyOSs.has.minima
c0580	6c 20 73 79 73 6c 6f 67 20 6c 6f 67 67 69 6e 67 20 65 6e 61 62 6c 65 64 20 77 68 69 63 68 20 69	l.syslog.logging.enabled.which.i
c05a0	73 20 73 74 6f 72 65 64 20 61 6e 64 20 72 6f 74 61 74 65 64 20 6c 6f 63 61 6c 6c 79 2e 20 45 72	s.stored.and.rotated.locally..Er
c05c0	72 6f 72 73 20 77 69 6c 6c 20 62 65 20 61 6c 77 61 79 73 20 6c 6f 67 67 65 64 20 74 6f 20 61 20	rors.will.be.always.logged.to.a.
c05e0	6c 6f 63 61 6c 20 66 69 6c 65 2c 20 77 68 69 63 68 20 69 6e 63 6c 75 64 65 73 20 60 6c 6f 63 61	local.file,.which.includes.`loca
c0600	6c 37 60 20 65 72 72 6f 72 20 6d 65 73 73 61 67 65 73 2c 20 65 6d 65 72 67 65 6e 63 79 20 6d 65	l7`.error.messages,.emergency.me
c0620	73 73 61 67 65 73 20 77 69 6c 6c 20 62 65 20 73 65 6e 74 20 74 6f 20 74 68 65 20 63 6f 6e 73 6f	ssages.will.be.sent.to.the.conso
c0640	6c 65 2c 20 74 6f 6f 2e 00 50 65 72 20 64 65 66 61 75 6c 74 20 65 76 65 72 79 20 70 61 63 6b 65	le,.too..Per.default.every.packe
c0660	74 20 69 73 20 73 61 6d 70 6c 65 64 20 28 74 68 61 74 20 69 73 2c 20 74 68 65 20 73 61 6d 70 6c	t.is.sampled.(that.is,.the.sampl
c0680	69 6e 67 20 72 61 74 65 20 69 73 20 31 29 2e 00 50 65 72 20 64 65 66 61 75 6c 74 20 74 68 65 20	ing.rate.is.1)..Per.default.the.
c06a0	75 73 65 72 20 73 65 73 73 69 6f 6e 20 69 73 20 62 65 69 6e 67 20 72 65 70 6c 61 63 65 64 20 69	user.session.is.being.replaced.i
c06c0	66 20 61 20 73 65 63 6f 6e 64 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 72 65 71 75 65 73	f.a.second.authentication.reques
c06e0	74 20 73 75 63 63 65 65 64 73 2e 20 53 75 63 68 20 73 65 73 73 69 6f 6e 20 72 65 71 75 65 73 74	t.succeeds..Such.session.request
c0700	73 20 63 61 6e 20 62 65 20 65 69 74 68 65 72 20 64 65 6e 69 65 64 20 6f 72 20 61 6c 6c 6f 77 65	s.can.be.either.denied.or.allowe
c0720	64 20 65 6e 74 69 72 65 6c 79 2c 20 77 68 69 63 68 20 77 6f 75 6c 64 20 61 6c 6c 6f 77 20 6d 75	d.entirely,.which.would.allow.mu
c0740	6c 74 69 70 6c 65 20 73 65 73 73 69 6f 6e 73 20 66 6f 72 20 61 20 75 73 65 72 20 69 6e 20 74 68	ltiple.sessions.for.a.user.in.th
c0760	65 20 6c 61 74 74 65 72 20 63 61 73 65 2e 20 49 66 20 69 74 20 69 73 20 64 65 6e 69 65 64 2c 20	e.latter.case..If.it.is.denied,.
c0780	74 68 65 20 73 65 63 6f 6e 64 20 73 65 73 73 69 6f 6e 20 69 73 20 62 65 69 6e 67 20 72 65 6a 65	the.second.session.is.being.reje
c07a0	63 74 65 64 20 65 76 65 6e 20 69 66 20 74 68 65 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20	cted.even.if.the.authentication.
c07c0	73 75 63 63 65 65 64 73 2c 20 74 68 65 20 75 73 65 72 20 68 61 73 20 74 6f 20 74 65 72 6d 69 6e	succeeds,.the.user.has.to.termin
c07e0	61 74 65 20 69 74 73 20 66 69 72 73 74 20 73 65 73 73 69 6f 6e 20 61 6e 64 20 63 61 6e 20 74 68	ate.its.first.session.and.can.th
c0800	65 6e 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 61 67 61 69 6e 2e 00 50 65 72 20 64 65 66	en.authentication.again..Per.def
c0820	61 75 6c 74 2c 20 69 6e 74 65 72 66 61 63 65 73 20 75 73 65 64 20 69 6e 20 61 20 6c 6f 61 64 20	ault,.interfaces.used.in.a.load.
c0840	62 61 6c 61 6e 63 69 6e 67 20 70 6f 6f 6c 20 72 65 70 6c 61 63 65 20 74 68 65 20 73 6f 75 72 63	balancing.pool.replace.the.sourc
c0860	65 20 49 50 20 6f 66 20 65 61 63 68 20 6f 75 74 67 6f 69 6e 67 20 70 61 63 6b 65 74 20 77 69 74	e.IP.of.each.outgoing.packet.wit
c0880	68 20 69 74 73 20 6f 77 6e 20 61 64 64 72 65 73 73 20 74 6f 20 65 6e 73 75 72 65 20 74 68 61 74	h.its.own.address.to.ensure.that
c08a0	20 72 65 70 6c 69 65 73 20 61 72 72 69 76 65 20 6f 6e 20 74 68 65 20 73 61 6d 65 20 69 6e 74 65	.replies.arrive.on.the.same.inte
c08c0	72 66 61 63 65 2e 20 54 68 69 73 20 77 6f 72 6b 73 20 74 68 72 6f 75 67 68 20 61 75 74 6f 6d 61	rface..This.works.through.automa
c08e0	74 69 63 61 6c 6c 79 20 67 65 6e 65 72 61 74 65 64 20 73 6f 75 72 63 65 20 4e 41 54 20 28 53 4e	tically.generated.source.NAT.(SN
c0900	41 54 29 20 72 75 6c 65 73 2c 20 74 68 65 73 65 20 72 75 6c 65 73 20 61 72 65 20 6f 6e 6c 79 20	AT).rules,.these.rules.are.only.
c0920	61 70 70 6c 69 65 64 20 74 6f 20 62 61 6c 61 6e 63 65 64 20 74 72 61 66 66 69 63 2e 20 49 6e 20	applied.to.balanced.traffic..In.
c0940	63 61 73 65 73 20 77 68 65 72 65 20 74 68 69 73 20 62 65 68 61 76 69 6f 75 72 20 69 73 20 6e 6f	cases.where.this.behaviour.is.no
c0960	74 20 64 65 73 69 72 65 64 2c 20 74 68 65 20 61 75 74 6f 6d 61 74 69 63 20 67 65 6e 65 72 61 74	t.desired,.the.automatic.generat
c0980	69 6f 6e 20 6f 66 20 53 4e 41 54 20 72 75 6c 65 73 20 63 61 6e 20 62 65 20 64 69 73 61 62 6c 65	ion.of.SNAT.rules.can.be.disable
c09a0	64 3a 00 50 65 72 66 6f 72 6d 61 6e 63 65 00 50 65 72 69 6f 64 69 63 61 6c 6c 79 2c 20 61 20 68	d:.Performance.Periodically,.a.h
c09c0	65 6c 6c 6f 20 70 61 63 6b 65 74 20 69 73 20 73 65 6e 74 20 6f 75 74 20 62 79 20 74 68 65 20 52	ello.packet.is.sent.out.by.the.R
c09e0	6f 6f 74 20 42 72 69 64 67 65 20 61 6e 64 20 74 68 65 20 44 65 73 69 67 6e 61 74 65 64 20 42 72	oot.Bridge.and.the.Designated.Br
c0a00	69 64 67 65 73 2e 20 48 65 6c 6c 6f 20 70 61 63 6b 65 74 73 20 61 72 65 20 75 73 65 64 20 74 6f	idges..Hello.packets.are.used.to
c0a20	20 63 6f 6d 6d 75 6e 69 63 61 74 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74	.communicate.information.about.t
c0a40	68 65 20 74 6f 70 6f 6c 6f 67 79 20 74 68 72 6f 75 67 68 6f 75 74 20 74 68 65 20 65 6e 74 69 72	he.topology.throughout.the.entir
c0a60	65 20 42 72 69 64 67 65 64 20 4c 6f 63 61 6c 20 41 72 65 61 20 4e 65 74 77 6f 72 6b 2e 00 50 69	e.Bridged.Local.Area.Network..Pi
c0a80	6e 67 20 63 6f 6d 6d 61 6e 64 20 63 61 6e 20 62 65 20 69 6e 74 65 72 72 75 70 74 65 64 20 61 74	ng.command.can.be.interrupted.at
c0aa0	20 61 6e 79 20 67 69 76 65 6e 20 74 69 6d 65 20 75 73 69 6e 67 20 60 60 3c 43 74 72 6c 3e 2b 63	.any.given.time.using.``<Ctrl>+c
c0ac0	60 60 2e 20 41 20 62 72 69 65 66 20 73 74 61 74 69 73 74 69 63 20 69 73 20 73 68 6f 77 6e 20 61	``..A.brief.statistic.is.shown.a
c0ae0	66 74 65 72 77 61 72 64 73 2e 00 50 69 6e 67 20 75 73 65 73 20 49 43 4d 50 20 70 72 6f 74 6f 63	fterwards..Ping.uses.ICMP.protoc
c0b00	6f 6c 27 73 20 6d 61 6e 64 61 74 6f 72 79 20 45 43 48 4f 5f 52 45 51 55 45 53 54 20 64 61 74 61	ol's.mandatory.ECHO_REQUEST.data
c0b20	67 72 61 6d 20 74 6f 20 65 6c 69 63 69 74 20 61 6e 20 49 43 4d 50 20 45 43 48 4f 5f 52 45 53 50	gram.to.elicit.an.ICMP.ECHO_RESP
c0b40	4f 4e 53 45 20 66 72 6f 6d 20 61 20 68 6f 73 74 20 6f 72 20 67 61 74 65 77 61 79 2e 20 45 43 48	ONSE.from.a.host.or.gateway..ECH
c0b60	4f 5f 52 45 51 55 45 53 54 20 64 61 74 61 67 72 61 6d 73 20 28 70 69 6e 67 73 29 20 77 69 6c 6c	O_REQUEST.datagrams.(pings).will
c0b80	20 68 61 76 65 20 61 6e 20 49 50 20 61 6e 64 20 49 43 4d 50 20 68 65 61 64 65 72 2c 20 66 6f 6c	.have.an.IP.and.ICMP.header,.fol
c0ba0	6c 6f 77 65 64 20 62 79 20 22 73 74 72 75 63 74 20 74 69 6d 65 76 61 6c 22 20 61 6e 64 20 61 6e	lowed.by."struct.timeval".and.an
c0bc0	20 61 72 62 69 74 72 61 72 79 20 6e 75 6d 62 65 72 20 6f 66 20 70 61 64 20 62 79 74 65 73 20 75	.arbitrary.number.of.pad.bytes.u
c0be0	73 65 64 20 74 6f 20 66 69 6c 6c 20 6f 75 74 20 74 68 65 20 70 61 63 6b 65 74 2e 00 50 69 6e 67	sed.to.fill.out.the.packet..Ping
c0c00	69 6e 67 20 28 49 50 76 36 29 20 74 68 65 20 6f 74 68 65 72 20 68 6f 73 74 20 61 6e 64 20 69 6e	ing.(IPv6).the.other.host.and.in
c0c20	74 65 72 63 65 70 74 69 6e 67 20 74 68 65 20 74 72 61 66 66 69 63 20 69 6e 20 60 60 65 74 68 31	tercepting.the.traffic.in.``eth1
c0c40	60 60 20 77 69 6c 6c 20 73 68 6f 77 20 79 6f 75 20 74 68 65 20 63 6f 6e 74 65 6e 74 20 69 73 20	``.will.show.you.the.content.is.
c0c60	65 6e 63 72 79 70 74 65 64 2e 00 50 6c 61 63 65 20 69 6e 74 65 72 66 61 63 65 20 69 6e 20 67 69	encrypted..Place.interface.in.gi
c0c80	76 65 6e 20 56 52 46 20 69 6e 73 74 61 6e 63 65 2e 00 50 6c 61 79 20 61 6e 20 61 75 64 69 62 6c	ven.VRF.instance..Play.an.audibl
c0ca0	65 20 62 65 65 70 20 74 6f 20 74 68 65 20 73 79 73 74 65 6d 20 73 70 65 61 6b 65 72 20 77 68 65	e.beep.to.the.system.speaker.whe
c0cc0	6e 20 73 79 73 74 65 6d 20 69 73 20 72 65 61 64 79 2e 00 50 6c 65 61 73 65 20 62 65 20 61 77 61	n.system.is.ready..Please.be.awa
c0ce0	72 65 2c 20 64 75 65 20 74 6f 20 61 6e 20 75 70 73 74 72 65 61 6d 20 62 75 67 2c 20 63 6f 6e 66	re,.due.to.an.upstream.bug,.conf
c0d00	69 67 20 63 68 61 6e 67 65 73 2f 63 6f 6d 6d 69 74 73 20 77 69 6c 6c 20 72 65 73 74 61 72 74 20	ig.changes/commits.will.restart.
c0d20	74 68 65 20 70 70 70 20 64 61 65 6d 6f 6e 20 61 6e 64 20 77 69 6c 6c 20 72 65 73 65 74 20 65 78	the.ppp.daemon.and.will.reset.ex
c0d40	69 73 74 69 6e 67 20 49 50 6f 45 20 73 65 73 73 69 6f 6e 73 2c 20 69 6e 20 6f 72 64 65 72 20 74	isting.IPoE.sessions,.in.order.t
c0d60	6f 20 62 65 63 6f 6d 65 20 65 66 66 65 63 74 69 76 65 2e 00 50 6c 65 61 73 65 20 62 65 20 61 77	o.become.effective..Please.be.aw
c0d80	61 72 65 2c 20 64 75 65 20 74 6f 20 61 6e 20 75 70 73 74 72 65 61 6d 20 62 75 67 2c 20 63 6f 6e	are,.due.to.an.upstream.bug,.con
c0da0	66 69 67 20 63 68 61 6e 67 65 73 2f 63 6f 6d 6d 69 74 73 20 77 69 6c 6c 20 72 65 73 74 61 72 74	fig.changes/commits.will.restart
c0dc0	20 74 68 65 20 70 70 70 20 64 61 65 6d 6f 6e 20 61 6e 64 20 77 69 6c 6c 20 72 65 73 65 74 20 65	.the.ppp.daemon.and.will.reset.e
c0de0	78 69 73 74 69 6e 67 20 50 50 50 6f 45 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 66 72 6f 6d 20 63	xisting.PPPoE.connections.from.c
c0e00	6f 6e 6e 65 63 74 65 64 20 75 73 65 72 73 2c 20 69 6e 20 6f 72 64 65 72 20 74 6f 20 62 65 63 6f	onnected.users,.in.order.to.beco
c0e20	6d 65 20 65 66 66 65 63 74 69 76 65 2e 00 50 6c 65 61 73 65 20 72 65 66 65 72 20 74 6f 20 74 68	me.effective..Please.refer.to.th
c0e40	65 20 3a 72 65 66 3a 60 69 70 73 65 63 60 20 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 20 66 6f 72	e.:ref:`ipsec`.documentation.for
c0e60	20 74 68 65 20 69 6e 64 69 76 69 64 75 61 6c 20 49 50 53 65 63 20 72 65 6c 61 74 65 64 20 6f 70	.the.individual.IPSec.related.op
c0e80	74 69 6f 6e 73 2e 00 50 6c 65 61 73 65 20 72 65 66 65 72 20 74 6f 20 74 68 65 20 3a 72 65 66 3a	tions..Please.refer.to.the.:ref:
c0ea0	60 74 75 6e 6e 65 6c 2d 69 6e 74 65 72 66 61 63 65 60 20 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e	`tunnel-interface`.documentation
c0ec0	20 66 6f 72 20 74 68 65 20 69 6e 64 69 76 69 64 75 61 6c 20 74 75 6e 6e 65 6c 20 72 65 6c 61 74	.for.the.individual.tunnel.relat
c0ee0	65 64 20 6f 70 74 69 6f 6e 73 2e 00 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 3a 72 65 66 3a	ed.options..Please.see.the.:ref:
c0f00	60 64 68 63 70 2d 64 6e 73 2d 71 75 69 63 6b 2d 73 74 61 72 74 60 20 63 6f 6e 66 69 67 75 72 61	`dhcp-dns-quick-start`.configura
c0f20	74 69 6f 6e 2e 00 50 6c 65 61 73 65 20 74 61 6b 65 20 61 20 6c 6f 6f 6b 20 61 74 20 74 68 65 20	tion..Please.take.a.look.at.the.
c0f40	3a 72 65 66 3a 60 76 79 6f 73 61 70 69 60 20 70 61 67 65 20 66 6f 72 20 61 6e 20 64 65 74 61 69	:ref:`vyosapi`.page.for.an.detai
c0f60	6c 65 64 20 68 6f 77 2d 74 6f 2e 00 50 6c 65 61 73 65 20 74 61 6b 65 20 61 20 6c 6f 6f 6b 20 61	led.how-to..Please.take.a.look.a
c0f80	74 20 74 68 65 20 43 6f 6e 74 72 69 62 75 74 69 6e 67 20 47 75 69 64 65 20 66 6f 72 20 6f 75 72	t.the.Contributing.Guide.for.our
c0fa0	20 3a 72 65 66 3a 60 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 60 2e 00 50 6c 65 61 73 65 20 74 61	.:ref:`documentation`..Please.ta
c0fc0	6b 65 20 61 20 6c 6f 6f 6b 20 69 6e 20 74 68 65 20 41 75 74 6f 6d 61 74 69 6f 6e 20 73 65 63 74	ke.a.look.in.the.Automation.sect
c0fe0	69 6f 6e 20 74 6f 20 66 69 6e 64 20 73 6f 6d 65 20 75 73 65 66 75 6c 6c 20 45 78 61 6d 70 6c 65	ion.to.find.some.usefull.Example
c1000	73 2e 00 50 6f 6c 69 63 69 65 73 20 61 72 65 20 75 73 65 64 20 66 6f 72 20 66 69 6c 74 65 72 69	s..Policies.are.used.for.filteri
c1020	6e 67 20 61 6e 64 20 74 72 61 66 66 69 63 20 6d 61 6e 61 67 65 6d 65 6e 74 2e 20 57 69 74 68 20	ng.and.traffic.management..With.
c1040	70 6f 6c 69 63 69 65 73 2c 20 6e 65 74 77 6f 72 6b 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73	policies,.network.administrators
c1060	20 63 6f 75 6c 64 20 66 69 6c 74 65 72 20 61 6e 64 20 74 72 65 61 74 20 74 72 61 66 66 69 63 20	.could.filter.and.treat.traffic.
c1080	61 63 63 6f 72 64 69 6e 67 20 74 6f 20 74 68 65 69 72 20 6e 65 65 64 73 2e 00 50 6f 6c 69 63 69	according.to.their.needs..Polici
c10a0	65 73 20 66 6f 72 20 6c 6f 63 61 6c 20 74 72 61 66 66 69 63 20 61 72 65 20 64 65 66 69 6e 65 64	es.for.local.traffic.are.defined
c10c0	20 69 6e 20 74 68 69 73 20 73 65 63 74 69 6f 6e 2e 00 50 6f 6c 69 63 69 65 73 2c 20 69 6e 20 56	.in.this.section..Policies,.in.V
c10e0	79 4f 53 2c 20 61 72 65 20 69 6d 70 6c 65 6d 65 6e 74 65 64 20 75 73 69 6e 67 20 46 52 52 20 66	yOS,.are.implemented.using.FRR.f
c1100	69 6c 74 65 72 69 6e 67 20 61 6e 64 20 72 6f 75 74 65 20 6d 61 70 73 2e 20 44 65 74 61 69 6c 65	iltering.and.route.maps..Detaile
c1120	64 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 6f 66 20 46 52 52 20 63 6f 75 6c 64 20 62 65 20 66 6f	d.information.of.FRR.could.be.fo
c1140	75 6e 64 20 69 6e 20 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 66 72 72 6f 75 74 69 6e 67 2e 6f 72 67	und.in.http://docs.frrouting.org
c1160	2f 00 50 6f 6c 69 63 79 00 50 6f 6c 69 63 79 20 53 65 63 74 69 6f 6e 73 00 50 6f 6c 69 63 79 20	/.Policy.Policy.Sections.Policy.
c1180	66 6f 72 20 63 68 65 63 6b 69 6e 67 20 74 61 72 67 65 74 73 00 50 6f 6c 69 63 79 20 74 6f 20 74	for.checking.targets.Policy.to.t
c11a0	72 61 63 6b 20 70 72 65 76 69 6f 75 73 6c 79 20 65 73 74 61 62 6c 69 73 68 65 64 20 63 6f 6e 6e	rack.previously.established.conn
c11c0	65 63 74 69 6f 6e 73 2e 00 50 6f 6c 69 63 79 2d 42 61 73 65 64 20 52 6f 75 74 69 6e 67 20 77 69	ections..Policy-Based.Routing.wi
c11e0	74 68 20 6d 75 6c 74 69 70 6c 65 20 49 53 50 20 75 70 6c 69 6e 6b 73 20 28 73 6f 75 72 63 65 20	th.multiple.ISP.uplinks.(source.
c1200	2e 2f 64 72 61 77 2e 69 6f 2f 70 62 72 5f 65 78 61 6d 70 6c 65 5f 31 2e 64 72 61 77 69 6f 29 00	./draw.io/pbr_example_1.drawio).
c1220	50 6f 72 74 20 47 72 6f 75 70 73 00 50 6f 72 74 20 4d 69 72 72 6f 72 20 28 53 50 41 4e 29 00 50	Port.Groups.Port.Mirror.(SPAN).P
c1240	6f 72 74 20 66 6f 72 20 44 79 6e 61 6d 69 63 20 41 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 45 78	ort.for.Dynamic.Authorization.Ex
c1260	74 65 6e 73 69 6f 6e 20 73 65 72 76 65 72 20 28 44 4d 2f 43 6f 41 29 00 50 6f 72 74 20 6e 61 6d	tension.server.(DM/CoA).Port.nam
c1280	65 20 61 6e 64 20 64 65 73 63 72 69 70 74 69 6f 6e 00 50 6f 72 74 20 6e 75 6d 62 65 72 20 75 73	e.and.description.Port.number.us
c12a0	65 64 20 62 79 20 63 6f 6e 6e 65 63 74 69 6f 6e 2c 20 64 65 66 61 75 6c 74 20 69 73 20 60 60 39	ed.by.connection,.default.is.``9
c12c0	32 37 33 60 60 00 50 6f 72 74 20 6e 75 6d 62 65 72 20 75 73 65 64 20 62 79 20 63 6f 6e 6e 65 63	273``.Port.number.used.by.connec
c12e0	74 69 6f 6e 2e 00 50 6f 72 74 20 74 6f 20 6c 69 73 74 65 6e 20 66 6f 72 20 48 54 54 50 53 20 72	tion..Port.to.listen.for.HTTPS.r
c1300	65 71 75 65 73 74 73 3b 20 64 65 66 61 75 6c 74 20 34 34 33 00 50 6f 72 74 69 6f 6e 73 20 6f 66	equests;.default.443.Portions.of
c1320	20 74 68 65 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 72 65 20 56 4c 41 4e 2d 61 77 61 72	.the.network.which.are.VLAN-awar
c1340	65 20 28 69 2e 65 2e 2c 20 49 45 45 45 20 38 30 32 2e 31 71 5f 20 63 6f 6e 66 6f 72 6d 61 6e 74	e.(i.e.,.IEEE.802.1q_.conformant
c1360	29 20 63 61 6e 20 69 6e 63 6c 75 64 65 20 56 4c 41 4e 20 74 61 67 73 2e 20 57 68 65 6e 20 61 20	).can.include.VLAN.tags..When.a.
c1380	66 72 61 6d 65 20 65 6e 74 65 72 73 20 74 68 65 20 56 4c 41 4e 2d 61 77 61 72 65 20 70 6f 72 74	frame.enters.the.VLAN-aware.port
c13a0	69 6f 6e 20 6f 66 20 74 68 65 20 6e 65 74 77 6f 72 6b 2c 20 61 20 74 61 67 20 69 73 20 61 64 64	ion.of.the.network,.a.tag.is.add
c13c0	65 64 20 74 6f 20 72 65 70 72 65 73 65 6e 74 20 74 68 65 20 56 4c 41 4e 20 6d 65 6d 62 65 72 73	ed.to.represent.the.VLAN.members
c13e0	68 69 70 2e 20 45 61 63 68 20 66 72 61 6d 65 20 6d 75 73 74 20 62 65 20 64 69 73 74 69 6e 67 75	hip..Each.frame.must.be.distingu
c1400	69 73 68 61 62 6c 65 20 61 73 20 62 65 69 6e 67 20 77 69 74 68 69 6e 20 65 78 61 63 74 6c 79 20	ishable.as.being.within.exactly.
c1420	6f 6e 65 20 56 4c 41 4e 2e 20 41 20 66 72 61 6d 65 20 69 6e 20 74 68 65 20 56 4c 41 4e 2d 61 77	one.VLAN..A.frame.in.the.VLAN-aw
c1440	61 72 65 20 70 6f 72 74 69 6f 6e 20 6f 66 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 74 68 61 74 20	are.portion.of.the.network.that.
c1460	64 6f 65 73 20 6e 6f 74 20 63 6f 6e 74 61 69 6e 20 61 20 56 4c 41 4e 20 74 61 67 20 69 73 20 61	does.not.contain.a.VLAN.tag.is.a
c1480	73 73 75 6d 65 64 20 74 6f 20 62 65 20 66 6c 6f 77 69 6e 67 20 6f 6e 20 74 68 65 20 6e 61 74 69	ssumed.to.be.flowing.on.the.nati
c14a0	76 65 20 56 4c 41 4e 2e 00 50 72 65 63 65 64 65 6e 63 65 00 50 72 65 65 6d 70 74 69 6f 6e 00 50	ve.VLAN..Precedence.Preemption.P
c14c0	72 65 66 65 72 20 61 20 73 70 65 63 69 66 69 63 20 72 6f 75 74 69 6e 67 20 70 72 6f 74 6f 63 6f	refer.a.specific.routing.protoco
c14e0	6c 20 72 6f 75 74 65 73 20 6f 76 65 72 20 61 6e 6f 74 68 65 72 20 72 6f 75 74 69 6e 67 20 70 72	l.routes.over.another.routing.pr
c1500	6f 74 6f 63 6f 6c 20 72 75 6e 6e 69 6e 67 20 6f 6e 20 74 68 65 20 73 61 6d 65 20 72 6f 75 74 65	otocol.running.on.the.same.route
c1520	72 2e 00 50 72 65 66 65 72 20 68 69 67 68 65 72 20 6c 6f 63 61 6c 20 70 72 65 66 65 72 65 6e 63	r..Prefer.higher.local.preferenc
c1540	65 20 72 6f 75 74 65 73 20 74 6f 20 6c 6f 77 65 72 2e 00 50 72 65 66 65 72 20 68 69 67 68 65 72	e.routes.to.lower..Prefer.higher
c1560	20 6c 6f 63 61 6c 20 77 65 69 67 68 74 20 72 6f 75 74 65 73 20 74 6f 20 6c 6f 77 65 72 20 72 6f	.local.weight.routes.to.lower.ro
c1580	75 74 65 73 2e 00 50 72 65 66 65 72 20 6c 6f 63 61 6c 20 72 6f 75 74 65 73 20 28 73 74 61 74 69	utes..Prefer.local.routes.(stati
c15a0	63 73 2c 20 61 67 67 72 65 67 61 74 65 73 2c 20 72 65 64 69 73 74 72 69 62 75 74 65 64 29 20 74	cs,.aggregates,.redistributed).t
c15c0	6f 20 72 65 63 65 69 76 65 64 20 72 6f 75 74 65 73 2e 00 50 72 65 66 65 72 20 73 68 6f 72 74 65	o.received.routes..Prefer.shorte
c15e0	73 74 20 68 6f 70 2d 63 6f 75 6e 74 20 41 53 5f 50 41 54 48 73 2e 00 50 72 65 66 65 72 20 74 68	st.hop-count.AS_PATHs..Prefer.th
c1600	65 20 6c 6f 77 65 73 74 20 6f 72 69 67 69 6e 20 74 79 70 65 20 72 6f 75 74 65 2e 20 54 68 61 74	e.lowest.origin.type.route..That
c1620	20 69 73 2c 20 70 72 65 66 65 72 20 49 47 50 20 6f 72 69 67 69 6e 20 72 6f 75 74 65 73 20 74 6f	.is,.prefer.IGP.origin.routes.to
c1640	20 45 47 50 2c 20 74 6f 20 49 6e 63 6f 6d 70 6c 65 74 65 20 72 6f 75 74 65 73 2e 00 50 72 65 66	.EGP,.to.Incomplete.routes..Pref
c1660	65 72 20 74 68 65 20 72 6f 75 74 65 20 72 65 63 65 69 76 65 64 20 66 72 6f 6d 20 61 6e 20 65 78	er.the.route.received.from.an.ex
c1680	74 65 72 6e 61 6c 2c 20 65 42 47 50 20 70 65 65 72 20 6f 76 65 72 20 72 6f 75 74 65 73 20 72 65	ternal,.eBGP.peer.over.routes.re
c16a0	63 65 69 76 65 64 20 66 72 6f 6d 20 6f 74 68 65 72 20 74 79 70 65 73 20 6f 66 20 70 65 65 72 73	ceived.from.other.types.of.peers
c16c0	2e 00 50 72 65 66 65 72 20 74 68 65 20 72 6f 75 74 65 20 72 65 63 65 69 76 65 64 20 66 72 6f 6d	..Prefer.the.route.received.from
c16e0	20 74 68 65 20 70 65 65 72 20 77 69 74 68 20 74 68 65 20 68 69 67 68 65 72 20 74 72 61 6e 73 70	.the.peer.with.the.higher.transp
c1700	6f 72 74 20 6c 61 79 65 72 20 61 64 64 72 65 73 73 2c 20 61 73 20 61 20 6c 61 73 74 2d 72 65 73	ort.layer.address,.as.a.last-res
c1720	6f 72 74 20 74 69 65 2d 62 72 65 61 6b 65 72 2e 00 50 72 65 66 65 72 20 74 68 65 20 72 6f 75 74	ort.tie-breaker..Prefer.the.rout
c1740	65 20 77 69 74 68 20 74 68 65 20 6c 6f 77 65 72 20 49 47 50 20 63 6f 73 74 2e 00 50 72 65 66 65	e.with.the.lower.IGP.cost..Prefe
c1760	72 20 74 68 65 20 72 6f 75 74 65 20 77 69 74 68 20 74 68 65 20 6c 6f 77 65 73 74 20 60 72 6f 75	r.the.route.with.the.lowest.`rou
c1780	74 65 72 2d 49 44 60 2e 20 49 66 20 74 68 65 20 72 6f 75 74 65 20 68 61 73 20 61 6e 20 60 4f 52	ter-ID`..If.the.route.has.an.`OR
c17a0	49 47 49 4e 41 54 4f 52 5f 49 44 60 20 61 74 74 72 69 62 75 74 65 2c 20 74 68 72 6f 75 67 68 20	IGINATOR_ID`.attribute,.through.
c17c0	69 42 47 50 20 72 65 66 6c 65 63 74 69 6f 6e 2c 20 74 68 65 6e 20 74 68 61 74 20 72 6f 75 74 65	iBGP.reflection,.then.that.route
c17e0	72 20 49 44 20 69 73 20 75 73 65 64 2c 20 6f 74 68 65 72 77 69 73 65 20 74 68 65 20 60 72 6f 75	r.ID.is.used,.otherwise.the.`rou
c1800	74 65 72 2d 49 44 60 20 6f 66 20 74 68 65 20 70 65 65 72 20 74 68 65 20 72 6f 75 74 65 20 77 61	ter-ID`.of.the.peer.the.route.wa
c1820	73 20 72 65 63 65 69 76 65 64 20 66 72 6f 6d 20 69 73 20 75 73 65 64 2e 00 50 72 65 66 65 72 65	s.received.from.is.used..Prefere
c1840	6e 63 65 20 61 73 73 6f 63 69 61 74 65 64 20 77 69 74 68 20 74 68 65 20 64 65 66 61 75 6c 74 20	nce.associated.with.the.default.
c1860	72 6f 75 74 65 72 00 50 72 65 66 69 78 20 43 6f 6e 76 65 72 73 69 6f 6e 00 50 72 65 66 69 78 20	router.Prefix.Conversion.Prefix.
c1880	44 65 6c 65 67 61 74 69 6f 6e 00 50 72 65 66 69 78 20 4c 69 73 74 20 50 6f 6c 69 63 79 00 50 72	Delegation.Prefix.List.Policy.Pr
c18a0	65 66 69 78 20 4c 69 73 74 73 00 50 72 65 66 69 78 20 63 61 6e 20 6e 6f 74 20 62 65 20 75 73 65	efix.Lists.Prefix.can.not.be.use
c18c0	64 20 66 6f 72 20 6f 6e 2d 6c 69 6e 6b 20 64 65 74 65 72 6d 69 6e 61 74 69 6f 6e 00 50 72 65 66	d.for.on-link.determination.Pref
c18e0	69 78 20 63 61 6e 20 6e 6f 74 20 62 65 20 75 73 65 64 20 66 6f 72 20 73 74 61 74 65 6c 65 73 73	ix.can.not.be.used.for.stateless
c1900	20 61 64 64 72 65 73 73 20 61 75 74 6f 2d 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 00 50 72 65 66	.address.auto-configuration.Pref
c1920	69 78 20 66 69 6c 74 65 72 69 6e 67 20 63 61 6e 20 62 65 20 64 6f 6e 65 20 75 73 69 6e 67 20 70	ix.filtering.can.be.done.using.p
c1940	72 65 66 69 78 2d 6c 69 73 74 20 61 6e 64 20 70 72 65 66 69 78 2d 6c 69 73 74 36 2e 00 50 72 65	refix-list.and.prefix-list6..Pre
c1960	66 69 78 20 6c 65 6e 67 74 68 20 69 6e 20 69 6e 74 65 72 66 61 63 65 20 6d 75 73 74 20 62 65 20	fix.length.in.interface.must.be.
c1980	65 71 75 61 6c 20 6f 72 20 62 69 67 67 65 72 20 28 69 2e 65 2e 20 73 6d 61 6c 6c 65 72 20 6e 65	equal.or.bigger.(i.e..smaller.ne
c19a0	74 77 6f 72 6b 29 20 74 68 61 6e 20 70 72 65 66 69 78 20 6c 65 6e 67 74 68 20 69 6e 20 6e 65 74	twork).than.prefix.length.in.net
c19c0	77 6f 72 6b 20 73 74 61 74 65 6d 65 6e 74 2e 20 46 6f 72 20 65 78 61 6d 70 6c 65 20 73 74 61 74	work.statement..For.example.stat
c19e0	65 6d 65 6e 74 20 61 62 6f 76 65 20 64 6f 65 73 6e 27 74 20 65 6e 61 62 6c 65 20 6f 73 70 66 20	ement.above.doesn't.enable.ospf.
c1a00	6f 6e 20 69 6e 74 65 72 66 61 63 65 20 77 69 74 68 20 61 64 64 72 65 73 73 20 31 39 32 2e 31 36	on.interface.with.address.192.16
c1a20	38 2e 31 2e 31 2f 32 33 2c 20 62 75 74 20 69 74 20 64 6f 65 73 20 6f 6e 20 69 6e 74 65 72 66 61	8.1.1/23,.but.it.does.on.interfa
c1a40	63 65 20 77 69 74 68 20 61 64 64 72 65 73 73 20 31 39 32 2e 31 36 38 2e 31 2e 31 32 39 2f 32 35	ce.with.address.192.168.1.129/25
c1a60	2e 00 50 72 65 66 69 78 20 6c 69 73 74 73 20 70 72 6f 76 69 64 65 73 20 74 68 65 20 6d 6f 73 74	..Prefix.lists.provides.the.most
c1a80	20 70 6f 77 65 72 66 75 6c 20 70 72 65 66 69 78 20 62 61 73 65 64 20 66 69 6c 74 65 72 69 6e 67	.powerful.prefix.based.filtering
c1aa0	20 6d 65 63 68 61 6e 69 73 6d 2e 20 49 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 20 61 63 63 65 73	.mechanism..In.addition.to.acces
c1ac0	73 2d 6c 69 73 74 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79 2c 20 69 70 20 70 72 65 66 69 78 2d	s-list.functionality,.ip.prefix-
c1ae0	6c 69 73 74 20 68 61 73 20 70 72 65 66 69 78 20 6c 65 6e 67 74 68 20 72 61 6e 67 65 20 73 70 65	list.has.prefix.length.range.spe
c1b00	63 69 66 69 63 61 74 69 6f 6e 2e 00 50 72 65 66 69 78 20 74 6f 20 6d 61 74 63 68 20 61 67 61 69	cification..Prefix.to.match.agai
c1b20	6e 73 74 2e 00 50 72 65 66 69 78 65 73 00 50 72 65 70 65 6e 64 20 74 68 65 20 65 78 69 73 74 69	nst..Prefixes.Prepend.the.existi
c1b40	6e 67 20 6c 61 73 74 20 41 53 20 6e 75 6d 62 65 72 20 28 74 68 65 20 6c 65 66 74 6d 6f 73 74 20	ng.last.AS.number.(the.leftmost.
c1b60	41 53 4e 29 20 74 6f 20 74 68 65 20 41 53 5f 50 41 54 48 2e 00 50 72 65 70 65 6e 64 20 74 68 65	ASN).to.the.AS_PATH..Prepend.the
c1b80	20 67 69 76 65 6e 20 73 74 72 69 6e 67 20 6f 66 20 41 53 20 6e 75 6d 62 65 72 73 20 74 6f 20 74	.given.string.of.AS.numbers.to.t
c1ba0	68 65 20 41 53 5f 50 41 54 48 20 6f 66 20 74 68 65 20 42 47 50 20 70 61 74 68 27 73 20 4e 4c 52	he.AS_PATH.of.the.BGP.path's.NLR
c1bc0	49 2e 00 50 72 69 6e 63 69 70 6c 65 20 6f 66 20 53 4e 4d 50 20 43 6f 6d 6d 75 6e 69 63 61 74 69	I..Principle.of.SNMP.Communicati
c1be0	6f 6e 00 50 72 69 6e 74 20 61 20 73 75 6d 6d 61 72 79 20 6f 66 20 6e 65 69 67 68 62 6f 72 20 63	on.Print.a.summary.of.neighbor.c
c1c00	6f 6e 6e 65 63 74 69 6f 6e 73 20 66 6f 72 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 41 46 49	onnections.for.the.specified.AFI
c1c20	2f 53 41 46 49 20 63 6f 6d 62 69 6e 61 74 69 6f 6e 2e 00 50 72 69 6e 74 20 61 63 74 69 76 65 20	/SAFI.combination..Print.active.
c1c40	49 50 56 34 20 6f 72 20 49 50 56 36 20 72 6f 75 74 65 73 20 61 64 76 65 72 74 69 73 65 64 20 76	IPV4.or.IPV6.routes.advertised.v
c1c60	69 61 20 74 68 65 20 56 50 4e 20 53 41 46 49 2e 00 50 72 69 6f 72 69 74 79 00 50 72 69 6f 72 69	ia.the.VPN.SAFI..Priority.Priori
c1c80	74 79 20 51 75 65 75 65 00 50 72 69 6f 72 69 74 79 20 51 75 65 75 65 2c 20 61 73 20 6f 74 68 65	ty.Queue.Priority.Queue,.as.othe
c1ca0	72 20 6e 6f 6e 2d 73 68 61 70 69 6e 67 20 70 6f 6c 69 63 69 65 73 2c 20 69 73 20 6f 6e 6c 79 20	r.non-shaping.policies,.is.only.
c1cc0	75 73 65 66 75 6c 20 69 66 20 79 6f 75 72 20 6f 75 74 67 6f 69 6e 67 20 69 6e 74 65 72 66 61 63	useful.if.your.outgoing.interfac
c1ce0	65 20 69 73 20 72 65 61 6c 6c 79 20 66 75 6c 6c 2e 20 49 66 20 69 74 20 69 73 20 6e 6f 74 2c 20	e.is.really.full..If.it.is.not,.
c1d00	56 79 4f 53 20 77 69 6c 6c 20 6e 6f 74 20 6f 77 6e 20 74 68 65 20 71 75 65 75 65 20 61 6e 64 20	VyOS.will.not.own.the.queue.and.
c1d20	50 72 69 6f 72 69 74 79 20 51 75 65 75 65 20 77 69 6c 6c 20 68 61 76 65 20 6e 6f 20 65 66 66 65	Priority.Queue.will.have.no.effe
c1d40	63 74 2e 20 49 66 20 74 68 65 72 65 20 69 73 20 62 61 6e 64 77 69 64 74 68 20 61 76 61 69 6c 61	ct..If.there.is.bandwidth.availa
c1d60	62 6c 65 20 6f 6e 20 74 68 65 20 70 68 79 73 69 63 61 6c 20 6c 69 6e 6b 2c 20 79 6f 75 20 63 61	ble.on.the.physical.link,.you.ca
c1d80	6e 20 65 6d 62 65 64 5f 20 50 72 69 6f 72 69 74 79 20 51 75 65 75 65 20 69 6e 74 6f 20 61 20 63	n.embed_.Priority.Queue.into.a.c
c1da0	6c 61 73 73 66 75 6c 20 73 68 61 70 69 6e 67 20 70 6f 6c 69 63 79 20 74 6f 20 6d 61 6b 65 20 73	lassful.shaping.policy.to.make.s
c1dc0	75 72 65 20 69 74 20 6f 77 6e 73 20 74 68 65 20 71 75 65 75 65 2e 20 49 6e 20 74 68 61 74 20 63	ure.it.owns.the.queue..In.that.c
c1de0	61 73 65 20 70 61 63 6b 65 74 73 20 63 61 6e 20 62 65 20 70 72 69 6f 72 69 74 69 7a 65 64 20 62	ase.packets.can.be.prioritized.b
c1e00	61 73 65 64 20 6f 6e 20 44 53 43 50 2e 00 50 72 69 76 61 74 65 20 56 4c 41 4e 20 70 72 6f 78 79	ased.on.DSCP..Private.VLAN.proxy
c1e20	20 61 72 70 2e 20 42 61 73 69 63 61 6c 6c 79 20 61 6c 6c 6f 77 20 70 72 6f 78 79 20 61 72 70 20	.arp..Basically.allow.proxy.arp.
c1e40	72 65 70 6c 69 65 73 20 62 61 63 6b 20 74 6f 20 74 68 65 20 73 61 6d 65 20 69 6e 74 65 72 66 61	replies.back.to.the.same.interfa
c1e60	63 65 20 28 66 72 6f 6d 20 77 68 69 63 68 20 74 68 65 20 41 52 50 20 72 65 71 75 65 73 74 2f 73	ce.(from.which.the.ARP.request/s
c1e80	6f 6c 69 63 69 74 61 74 69 6f 6e 20 77 61 73 20 72 65 63 65 69 76 65 64 29 2e 00 50 72 6f 6d 65	olicitation.was.received)..Prome
c1ea0	74 68 65 75 73 2d 63 6c 69 65 6e 74 00 50 72 6f 74 65 63 74 73 20 68 6f 73 74 20 66 72 6f 6d 20	theus-client.Protects.host.from.
c1ec0	62 72 75 74 65 2d 66 6f 72 63 65 20 61 74 74 61 63 6b 73 20 61 67 61 69 6e 73 74 20 53 53 48 2e	brute-force.attacks.against.SSH.
c1ee0	20 4c 6f 67 20 6d 65 73 73 61 67 65 73 20 61 72 65 20 70 61 72 73 65 64 2c 20 6c 69 6e 65 2d 62	.Log.messages.are.parsed,.line-b
c1f00	79 2d 6c 69 6e 65 2c 20 66 6f 72 20 72 65 63 6f 67 6e 69 7a 65 64 20 70 61 74 74 65 72 6e 73 2e	y-line,.for.recognized.patterns.
c1f20	20 49 66 20 61 6e 20 61 74 74 61 63 6b 2c 20 73 75 63 68 20 61 73 20 73 65 76 65 72 61 6c 20 6c	.If.an.attack,.such.as.several.l
c1f40	6f 67 69 6e 20 66 61 69 6c 75 72 65 73 20 77 69 74 68 69 6e 20 61 20 66 65 77 20 73 65 63 6f 6e	ogin.failures.within.a.few.secon
c1f60	64 73 2c 20 69 73 20 64 65 74 65 63 74 65 64 2c 20 74 68 65 20 6f 66 66 65 6e 64 69 6e 67 20 49	ds,.is.detected,.the.offending.I
c1f80	50 20 69 73 20 62 6c 6f 63 6b 65 64 2e 20 4f 66 66 65 6e 64 65 72 73 20 61 72 65 20 75 6e 62 6c	P.is.blocked..Offenders.are.unbl
c1fa0	6f 63 6b 65 64 20 61 66 74 65 72 20 61 20 73 65 74 20 69 6e 74 65 72 76 61 6c 2e 00 50 72 6f 74	ocked.after.a.set.interval..Prot
c1fc0	6f 63 6f 6c 20 66 6f 72 20 77 68 69 63 68 20 65 78 70 65 63 74 20 65 6e 74 72 69 65 73 20 6e 65	ocol.for.which.expect.entries.ne
c1fe0	65 64 20 74 6f 20 62 65 20 73 79 6e 63 68 72 6f 6e 69 7a 65 64 2e 00 50 72 6f 74 6f 63 6f 6c 73	ed.to.be.synchronized..Protocols
c2000	00 50 72 6f 74 6f 63 6f 6c 73 20 61 72 65 3a 20 74 63 70 2c 20 73 63 74 70 2c 20 64 63 63 70 2c	.Protocols.are:.tcp,.sctp,.dccp,
c2020	20 75 64 70 2c 20 69 63 6d 70 20 61 6e 64 20 69 70 76 36 2d 69 63 6d 70 2e 00 50 72 6f 76 69 64	.udp,.icmp.and.ipv6-icmp..Provid
c2040	65 20 54 46 54 50 20 73 65 72 76 65 72 20 6c 69 73 74 65 6e 69 6e 67 20 6f 6e 20 62 6f 74 68 20	e.TFTP.server.listening.on.both.
c2060	49 50 76 34 20 61 6e 64 20 49 50 76 36 20 61 64 64 72 65 73 73 65 73 20 60 60 31 39 32 2e 30 2e	IPv4.and.IPv6.addresses.``192.0.
c2080	32 2e 31 60 60 20 61 6e 64 20 60 60 32 30 30 31 3a 64 62 38 3a 3a 31 60 60 20 73 65 72 76 69 6e	2.1``.and.``2001:db8::1``.servin
c20a0	67 20 74 68 65 20 63 6f 6e 74 65 6e 74 20 66 72 6f 6d 20 60 60 2f 63 6f 6e 66 69 67 2f 74 66 74	g.the.content.from.``/config/tft
c20c0	70 62 6f 6f 74 60 60 2e 20 55 70 6c 6f 61 64 69 6e 67 20 76 69 61 20 54 46 54 50 20 74 6f 20 74	pboot``..Uploading.via.TFTP.to.t
c20e0	68 69 73 20 73 65 72 76 65 72 20 69 73 20 64 69 73 61 62 6c 65 64 2e 00 50 72 6f 76 69 64 65 20	his.server.is.disabled..Provide.
c2100	61 20 49 50 76 34 20 6f 72 20 49 50 76 36 20 61 64 64 72 65 73 73 20 67 72 6f 75 70 20 64 65 73	a.IPv4.or.IPv6.address.group.des
c2120	63 72 69 70 74 69 6f 6e 00 50 72 6f 76 69 64 65 20 61 20 49 50 76 34 20 6f 72 20 49 50 76 36 20	cription.Provide.a.IPv4.or.IPv6.
c2140	6e 65 74 77 6f 72 6b 20 67 72 6f 75 70 20 64 65 73 63 72 69 70 74 69 6f 6e 2e 00 50 72 6f 76 69	network.group.description..Provi
c2160	64 65 20 61 20 64 65 73 63 72 69 70 74 69 6f 6e 20 66 6f 72 20 65 61 63 68 20 72 75 6c 65 2e 00	de.a.description.for.each.rule..
c2180	50 72 6f 76 69 64 65 20 61 20 64 6f 6d 61 69 6e 20 67 72 6f 75 70 20 64 65 73 63 72 69 70 74 69	Provide.a.domain.group.descripti
c21a0	6f 6e 2e 00 50 72 6f 76 69 64 65 20 61 20 6d 61 63 20 67 72 6f 75 70 20 64 65 73 63 72 69 70 74	on..Provide.a.mac.group.descript
c21c0	69 6f 6e 2e 00 50 72 6f 76 69 64 65 20 61 20 70 6f 72 74 20 67 72 6f 75 70 20 64 65 73 63 72 69	ion..Provide.a.port.group.descri
c21e0	70 74 69 6f 6e 2e 00 50 72 6f 76 69 64 65 20 61 20 72 75 6c 65 2d 73 65 74 20 64 65 73 63 72 69	ption..Provide.a.rule-set.descri
c2200	70 74 69 6f 6e 20 74 6f 20 61 20 63 75 73 74 6f 6d 20 66 69 72 65 77 61 6c 6c 20 63 68 61 69 6e	ption.to.a.custom.firewall.chain
c2220	2e 00 50 72 6f 76 69 64 65 20 61 20 72 75 6c 65 2d 73 65 74 20 64 65 73 63 72 69 70 74 69 6f 6e	..Provide.a.rule-set.description
c2240	2e 00 50 72 6f 76 69 64 65 20 61 6e 20 49 50 76 34 20 6f 72 20 49 50 76 36 20 6e 65 74 77 6f 72	..Provide.an.IPv4.or.IPv6.networ
c2260	6b 20 67 72 6f 75 70 20 64 65 73 63 72 69 70 74 69 6f 6e 2e 00 50 72 6f 76 69 64 65 20 61 6e 20	k.group.description..Provide.an.
c2280	69 6e 74 65 72 66 61 63 65 20 67 72 6f 75 70 20 64 65 73 63 72 69 70 74 69 6f 6e 00 50 72 6f 76	interface.group.description.Prov
c22a0	69 64 65 72 20 2d 20 43 75 73 74 6f 6d 65 72 00 50 72 6f 76 69 64 65 73 20 61 20 62 61 63 6b 62	ider.-.Customer.Provides.a.backb
c22c0	6f 6e 65 20 61 72 65 61 20 63 6f 68 65 72 65 6e 63 65 20 62 79 20 76 69 72 74 75 61 6c 20 6c 69	one.area.coherence.by.virtual.li
c22e0	6e 6b 20 65 73 74 61 62 6c 69 73 68 6d 65 6e 74 2e 00 50 72 6f 76 69 64 65 73 20 61 20 70 65 72	nk.establishment..Provides.a.per
c2300	2d 64 65 76 69 63 65 20 63 6f 6e 74 72 6f 6c 20 74 6f 20 65 6e 61 62 6c 65 2f 64 69 73 61 62 6c	-device.control.to.enable/disabl
c2320	65 20 74 68 65 20 74 68 72 65 61 64 65 64 20 6d 6f 64 65 20 66 6f 72 20 61 6c 6c 20 74 68 65 20	e.the.threaded.mode.for.all.the.
c2340	4e 41 50 49 20 69 6e 73 74 61 6e 63 65 73 20 6f 66 20 74 68 65 20 67 69 76 65 6e 20 6e 65 74 77	NAPI.instances.of.the.given.netw
c2360	6f 72 6b 20 64 65 76 69 63 65 2c 20 77 69 74 68 6f 75 74 20 74 68 65 20 6e 65 65 64 20 66 6f 72	ork.device,.without.the.need.for
c2380	20 61 20 64 65 76 69 63 65 20 75 70 2f 64 6f 77 6e 2e 00 50 72 6f 78 79 20 61 75 74 68 65 6e 74	.a.device.up/down..Proxy.authent
c23a0	69 63 61 74 69 6f 6e 20 6d 65 74 68 6f 64 2c 20 63 75 72 72 65 6e 74 6c 79 20 6f 6e 6c 79 20 4c	ication.method,.currently.only.L
c23c0	44 41 50 20 69 73 20 73 75 70 70 6f 72 74 65 64 2e 00 50 73 65 75 64 6f 20 45 74 68 65 72 6e 65	DAP.is.supported..Pseudo.Etherne
c23e0	74 2f 4d 41 43 56 4c 41 4e 20 6f 70 74 69 6f 6e 73 00 50 73 65 75 64 6f 2d 45 74 68 65 72 6e 65	t/MACVLAN.options.Pseudo-Etherne
c2400	74 20 69 6e 74 65 72 66 61 63 65 73 20 63 61 6e 20 6e 6f 74 20 62 65 20 72 65 61 63 68 65 64 20	t.interfaces.can.not.be.reached.
c2420	66 72 6f 6d 20 79 6f 75 72 20 69 6e 74 65 72 6e 61 6c 20 68 6f 73 74 2e 20 54 68 69 73 20 6d 65	from.your.internal.host..This.me
c2440	61 6e 73 20 74 68 61 74 20 79 6f 75 20 63 61 6e 20 6e 6f 74 20 74 72 79 20 74 6f 20 70 69 6e 67	ans.that.you.can.not.try.to.ping
c2460	20 61 20 50 73 65 75 64 6f 2d 45 74 68 65 72 6e 65 74 20 69 6e 74 65 72 66 61 63 65 20 66 72 6f	.a.Pseudo-Ethernet.interface.fro
c2480	6d 20 74 68 65 20 68 6f 73 74 20 73 79 73 74 65 6d 20 6f 6e 20 77 68 69 63 68 20 69 74 20 69 73	m.the.host.system.on.which.it.is
c24a0	20 64 65 66 69 6e 65 64 2e 20 54 68 65 20 70 69 6e 67 20 77 69 6c 6c 20 62 65 20 6c 6f 73 74 2e	.defined..The.ping.will.be.lost.
c24c0	00 50 73 65 75 64 6f 2d 45 74 68 65 72 6e 65 74 20 69 6e 74 65 72 66 61 63 65 73 20 6d 61 79 20	.Pseudo-Ethernet.interfaces.may.
c24e0	6e 6f 74 20 77 6f 72 6b 20 69 6e 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 73 20 77 68 69 63 68 20 65	not.work.in.environments.which.e
c2500	78 70 65 63 74 20 61 20 3a 61 62 62 72 3a 60 4e 49 43 20 28 4e 65 74 77 6f 72 6b 20 49 6e 74 65	xpect.a.:abbr:`NIC.(Network.Inte
c2520	72 66 61 63 65 20 43 61 72 64 29 60 20 74 6f 20 6f 6e 6c 79 20 68 61 76 65 20 61 20 73 69 6e 67	rface.Card)`.to.only.have.a.sing
c2540	6c 65 20 61 64 64 72 65 73 73 2e 20 54 68 69 73 20 61 70 70 6c 69 65 73 20 74 6f 3a 20 2d 20 56	le.address..This.applies.to:.-.V
c2560	4d 77 61 72 65 20 6d 61 63 68 69 6e 65 73 20 75 73 69 6e 67 20 64 65 66 61 75 6c 74 20 73 65 74	Mware.machines.using.default.set
c2580	74 69 6e 67 73 20 2d 20 4e 65 74 77 6f 72 6b 20 73 77 69 74 63 68 65 73 20 77 69 74 68 20 73 65	tings.-.Network.switches.with.se
c25a0	63 75 72 69 74 79 20 73 65 74 74 69 6e 67 73 20 61 6c 6c 6f 77 69 6e 67 20 6f 6e 6c 79 20 61 20	curity.settings.allowing.only.a.
c25c0	73 69 6e 67 6c 65 20 4d 41 43 20 61 64 64 72 65 73 73 20 2d 20 78 44 53 4c 20 6d 6f 64 65 6d 73	single.MAC.address.-.xDSL.modems
c25e0	20 74 68 61 74 20 74 72 79 20 74 6f 20 6c 65 61 72 6e 20 74 68 65 20 4d 41 43 20 61 64 64 72 65	.that.try.to.learn.the.MAC.addre
c2600	73 73 20 6f 66 20 74 68 65 20 4e 49 43 00 50 73 65 75 64 6f 2d 45 74 68 65 72 6e 65 74 20 6f 72	ss.of.the.NIC.Pseudo-Ethernet.or
c2620	20 4d 41 43 56 4c 41 4e 20 69 6e 74 65 72 66 61 63 65 73 20 63 61 6e 20 62 65 20 73 65 65 6e 20	.MACVLAN.interfaces.can.be.seen.
c2640	61 73 20 73 75 62 69 6e 74 65 72 66 61 63 65 73 20 74 6f 20 72 65 67 75 6c 61 72 20 65 74 68 65	as.subinterfaces.to.regular.ethe
c2660	72 6e 65 74 20 69 6e 74 65 72 66 61 63 65 73 2e 20 45 61 63 68 20 61 6e 64 20 65 76 65 72 79 20	rnet.interfaces..Each.and.every.
c2680	73 75 62 69 6e 74 65 72 66 61 63 65 20 69 73 20 63 72 65 61 74 65 64 20 61 20 64 69 66 66 65 72	subinterface.is.created.a.differ
c26a0	65 6e 74 20 6d 65 64 69 61 20 61 63 63 65 73 73 20 63 6f 6e 74 72 6f 6c 20 28 4d 41 43 29 20 61	ent.media.access.control.(MAC).a
c26c0	64 64 72 65 73 73 2c 20 66 6f 72 20 61 20 73 69 6e 67 6c 65 20 70 68 79 73 69 63 61 6c 20 45 74	ddress,.for.a.single.physical.Et
c26e0	68 65 72 6e 65 74 20 70 6f 72 74 2e 20 50 73 65 75 64 6f 2d 20 45 74 68 65 72 6e 65 74 20 69 6e	hernet.port..Pseudo-.Ethernet.in
c2700	74 65 72 66 61 63 65 73 20 68 61 76 65 20 6d 6f 73 74 20 6f 66 20 74 68 65 69 72 20 61 70 70 6c	terfaces.have.most.of.their.appl
c2720	69 63 61 74 69 6f 6e 20 69 6e 20 76 69 72 74 75 61 6c 69 7a 65 64 20 65 6e 76 69 72 6f 6e 6d 65	ication.in.virtualized.environme
c2740	6e 74 73 2c 00 50 75 62 6c 69 73 68 20 61 20 70 6f 72 74 20 66 6f 72 20 74 68 65 20 63 6f 6e 74	nts,.Publish.a.port.for.the.cont
c2760	61 69 6e 65 72 2e 00 50 75 6c 6c 20 61 20 6e 65 77 20 69 6d 61 67 65 20 66 6f 72 20 63 6f 6e 74	ainer..Pull.a.new.image.for.cont
c2780	61 69 6e 65 72 00 51 69 6e 51 20 28 38 30 32 2e 31 61 64 29 00 51 6f 53 00 51 75 65 75 65 20 73	ainer.QinQ.(802.1ad).QoS.Queue.s
c27a0	69 7a 65 20 66 6f 72 20 6c 69 73 74 65 6e 69 6e 67 20 74 6f 20 6c 6f 63 61 6c 20 63 6f 6e 6e 74	ize.for.listening.to.local.connt
c27c0	72 61 63 6b 20 65 76 65 6e 74 73 20 69 6e 20 4d 42 2e 00 51 75 65 75 65 20 73 69 7a 65 20 66 6f	rack.events.in.MB..Queue.size.fo
c27e0	72 20 73 79 6e 63 69 6e 67 20 63 6f 6e 6e 74 72 61 63 6b 20 65 6e 74 72 69 65 73 20 69 6e 20 4d	r.syncing.conntrack.entries.in.M
c2800	42 2e 00 51 75 6f 74 65 73 20 63 61 6e 20 62 65 20 75 73 65 64 20 69 6e 73 69 64 65 20 70 61 72	B..Quotes.can.be.used.inside.par
c2820	61 6d 65 74 65 72 20 76 61 6c 75 65 73 20 62 79 20 72 65 70 6c 61 63 69 6e 67 20 61 6c 6c 20 71	ameter.values.by.replacing.all.q
c2840	75 6f 74 65 20 63 68 61 72 61 63 74 65 72 73 20 77 69 74 68 20 74 68 65 20 73 74 72 69 6e 67 20	uote.characters.with.the.string.
c2860	60 60 26 71 75 6f 74 3b 60 60 2e 20 54 68 65 79 20 77 69 6c 6c 20 62 65 20 72 65 70 6c 61 63 65	``&quot;``..They.will.be.replace
c2880	64 20 77 69 74 68 20 6c 69 74 65 72 61 6c 20 71 75 6f 74 65 20 63 68 61 72 61 63 74 65 72 73 20	d.with.literal.quote.characters.
c28a0	77 68 65 6e 20 67 65 6e 65 72 61 74 69 6e 67 20 64 68 63 70 64 2e 63 6f 6e 66 2e 00 52 31 20 68	when.generating.dhcpd.conf..R1.h
c28c0	61 73 20 31 39 32 2e 30 2e 32 2e 31 2f 32 34 20 26 20 32 30 30 31 3a 64 62 38 3a 3a 31 2f 36 34	as.192.0.2.1/24.&.2001:db8::1/64
c28e0	00 52 31 20 69 73 20 6d 61 6e 61 67 65 64 20 74 68 72 6f 75 67 68 20 61 6e 20 6f 75 74 2d 6f 66	.R1.is.managed.through.an.out-of
c2900	2d 62 61 6e 64 20 6e 65 74 77 6f 72 6b 20 74 68 61 74 20 72 65 73 69 64 65 73 20 69 6e 20 56 52	-band.network.that.resides.in.VR
c2920	46 20 60 60 6d 67 6d 74 60 60 00 52 31 3a 00 52 32 20 68 61 73 20 31 39 32 2e 30 2e 32 2e 32 2f	F.``mgmt``.R1:.R2.has.192.0.2.2/
c2940	32 34 20 26 20 32 30 30 31 3a 64 62 38 3a 3a 32 2f 36 34 00 52 32 3a 00 52 41 44 49 55 53 00 52	24.&.2001:db8::2/64.R2:.RADIUS.R
c2960	41 44 49 55 53 20 53 65 74 75 70 00 52 41 44 49 55 53 20 61 64 76 61 6e 63 65 64 20 66 65 61 74	ADIUS.Setup.RADIUS.advanced.feat
c2980	75 72 65 73 00 52 41 44 49 55 53 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 00 52 41 44 49 55	ures.RADIUS.authentication.RADIU
c29a0	53 20 62 61 6e 64 77 69 64 74 68 20 73 68 61 70 69 6e 67 20 61 74 74 72 69 62 75 74 65 00 52 41	S.bandwidth.shaping.attribute.RA
c29c0	44 49 55 53 20 70 72 6f 76 69 64 65 73 20 74 68 65 20 49 50 20 61 64 64 72 65 73 73 65 73 20 69	DIUS.provides.the.IP.addresses.i
c29e0	6e 20 74 68 65 20 65 78 61 6d 70 6c 65 20 61 62 6f 76 65 20 76 69 61 20 46 72 61 6d 65 64 2d 49	n.the.example.above.via.Framed-I
c2a00	50 2d 41 64 64 72 65 73 73 2e 00 52 41 44 49 55 53 20 73 65 72 76 65 72 20 61 74 20 60 60 31 39	P-Address..RADIUS.server.at.``19
c2a20	32 2e 31 36 38 2e 33 2e 31 30 60 60 20 77 69 74 68 20 73 68 61 72 65 64 2d 73 65 63 72 65 74 20	2.168.3.10``.with.shared-secret.
c2a40	60 60 56 79 4f 53 50 61 73 73 77 6f 72 64 60 60 00 52 41 44 49 55 53 20 73 65 72 76 65 72 73 20	``VyOSPassword``.RADIUS.servers.
c2a60	63 6f 75 6c 64 20 62 65 20 68 61 72 64 65 6e 65 64 20 62 79 20 6f 6e 6c 79 20 61 6c 6c 6f 77 69	could.be.hardened.by.only.allowi
c2a80	6e 67 20 63 65 72 74 61 69 6e 20 49 50 20 61 64 64 72 65 73 73 65 73 20 74 6f 20 63 6f 6e 6e 65	ng.certain.IP.addresses.to.conne
c2aa0	63 74 2e 20 41 73 20 6f 66 20 74 68 69 73 20 74 68 65 20 73 6f 75 72 63 65 20 61 64 64 72 65 73	ct..As.of.this.the.source.addres
c2ac0	73 20 6f 66 20 65 61 63 68 20 52 41 44 49 55 53 20 71 75 65 72 79 20 63 61 6e 20 62 65 20 63 6f	s.of.each.RADIUS.query.can.be.co
c2ae0	6e 66 69 67 75 72 65 64 2e 00 52 41 44 49 55 53 20 73 6f 75 72 63 65 20 61 64 64 72 65 73 73 00	nfigured..RADIUS.source.address.
c2b00	52 46 43 20 33 37 36 38 20 64 65 66 69 6e 65 73 20 61 20 76 69 72 74 75 61 6c 20 4d 41 43 20 61	RFC.3768.defines.a.virtual.MAC.a
c2b20	64 64 72 65 73 73 20 74 6f 20 65 61 63 68 20 56 52 52 50 20 76 69 72 74 75 61 6c 20 72 6f 75 74	ddress.to.each.VRRP.virtual.rout
c2b40	65 72 2e 20 54 68 69 73 20 76 69 72 74 75 61 6c 20 72 6f 75 74 65 72 20 4d 41 43 20 61 64 64 72	er..This.virtual.router.MAC.addr
c2b60	65 73 73 20 77 69 6c 6c 20 62 65 20 75 73 65 64 20 61 73 20 74 68 65 20 73 6f 75 72 63 65 20 69	ess.will.be.used.as.the.source.i
c2b80	6e 20 61 6c 6c 20 70 65 72 69 6f 64 69 63 20 56 52 52 50 20 6d 65 73 73 61 67 65 73 20 73 65 6e	n.all.periodic.VRRP.messages.sen
c2ba0	74 20 62 79 20 74 68 65 20 61 63 74 69 76 65 20 6e 6f 64 65 2e 20 57 68 65 6e 20 74 68 65 20 72	t.by.the.active.node..When.the.r
c2bc0	66 63 33 37 36 38 2d 63 6f 6d 70 61 74 69 62 69 6c 69 74 79 20 6f 70 74 69 6f 6e 20 69 73 20 73	fc3768-compatibility.option.is.s
c2be0	65 74 2c 20 61 20 6e 65 77 20 56 52 52 50 20 69 6e 74 65 72 66 61 63 65 20 69 73 20 63 72 65 61	et,.a.new.VRRP.interface.is.crea
c2c00	74 65 64 2c 20 74 6f 20 77 68 69 63 68 20 74 68 65 20 4d 41 43 20 61 64 64 72 65 73 73 20 61 6e	ted,.to.which.the.MAC.address.an
c2c20	64 20 74 68 65 20 76 69 72 74 75 61 6c 20 49 50 20 61 64 64 72 65 73 73 20 69 73 20 61 75 74 6f	d.the.virtual.IP.address.is.auto
c2c40	6d 61 74 69 63 61 6c 6c 79 20 61 73 73 69 67 6e 65 64 2e 00 52 46 43 20 38 36 38 20 74 69 6d 65	matically.assigned..RFC.868.time
c2c60	20 73 65 72 76 65 72 20 49 50 76 34 20 61 64 64 72 65 73 73 00 52 49 50 00 52 49 50 76 31 20 61	.server.IPv4.address.RIP.RIPv1.a
c2c80	73 20 64 65 73 63 72 69 62 65 64 20 69 6e 20 3a 72 66 63 3a 60 31 30 35 38 60 00 52 49 50 76 32	s.described.in.:rfc:`1058`.RIPv2
c2ca0	20 61 73 20 64 65 73 63 72 69 62 65 64 20 69 6e 20 3a 72 66 63 3a 60 32 34 35 33 60 00 52 50 4b	.as.described.in.:rfc:`2453`.RPK
c2cc0	49 00 52 53 2d 53 65 72 76 65 72 20 2d 20 52 53 2d 43 6c 69 65 6e 74 00 52 53 41 20 63 61 6e 20	I.RS-Server.-.RS-Client.RSA.can.
c2ce0	62 65 20 75 73 65 64 20 66 6f 72 20 73 65 72 76 69 63 65 73 20 73 75 63 68 20 61 73 20 6b 65 79	be.used.for.services.such.as.key
c2d00	20 65 78 63 68 61 6e 67 65 73 20 61 6e 64 20 66 6f 72 20 65 6e 63 72 79 70 74 69 6f 6e 20 70 75	.exchanges.and.for.encryption.pu
c2d20	72 70 6f 73 65 73 2e 20 54 6f 20 6d 61 6b 65 20 49 50 53 65 63 20 77 6f 72 6b 20 77 69 74 68 20	rposes..To.make.IPSec.work.with.
c2d40	64 79 6e 61 6d 69 63 20 61 64 64 72 65 73 73 20 6f 6e 20 6f 6e 65 2f 62 6f 74 68 20 73 69 64 65	dynamic.address.on.one/both.side
c2d60	73 2c 20 77 65 20 77 69 6c 6c 20 68 61 76 65 20 74 6f 20 75 73 65 20 52 53 41 20 6b 65 79 73 20	s,.we.will.have.to.use.RSA.keys.
c2d80	66 6f 72 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 2e 20 54 68 65 79 20 61 72 65 20 76 65 72	for.authentication..They.are.ver
c2da0	79 20 66 61 73 74 20 61 6e 64 20 65 61 73 79 20 74 6f 20 73 65 74 75 70 2e 00 52 53 41 2d 4b 65	y.fast.and.easy.to.setup..RSA-Ke
c2dc0	79 73 00 52 61 6e 64 6f 6d 2d 44 65 74 65 63 74 00 52 61 6e 64 6f 6d 2d 44 65 74 65 63 74 20 63	ys.Random-Detect.Random-Detect.c
c2de0	6f 75 6c 64 20 62 65 20 75 73 65 66 75 6c 20 66 6f 72 20 68 65 61 76 79 20 74 72 61 66 66 69 63	ould.be.useful.for.heavy.traffic
c2e00	2e 20 4f 6e 65 20 75 73 65 20 6f 66 20 74 68 69 73 20 61 6c 67 6f 72 69 74 68 6d 20 6d 69 67 68	..One.use.of.this.algorithm.migh
c2e20	74 20 62 65 20 74 6f 20 70 72 65 76 65 6e 74 20 61 20 62 61 63 6b 62 6f 6e 65 20 6f 76 65 72 6c	t.be.to.prevent.a.backbone.overl
c2e40	6f 61 64 2e 20 42 75 74 20 6f 6e 6c 79 20 66 6f 72 20 54 43 50 20 28 62 65 63 61 75 73 65 20 64	oad..But.only.for.TCP.(because.d
c2e60	72 6f 70 70 65 64 20 70 61 63 6b 65 74 73 20 63 6f 75 6c 64 20 62 65 20 72 65 74 72 61 6e 73 6d	ropped.packets.could.be.retransm
c2e80	69 74 74 65 64 29 2c 20 6e 6f 74 20 66 6f 72 20 55 44 50 2e 00 52 61 6e 67 65 20 69 73 20 31 20	itted),.not.for.UDP..Range.is.1.
c2ea0	74 6f 20 32 35 35 2c 20 64 65 66 61 75 6c 74 20 69 73 20 31 2e 00 52 61 6e 67 65 20 69 73 20 31	to.255,.default.is.1..Range.is.1
c2ec0	20 74 6f 20 33 30 30 2c 20 64 65 66 61 75 6c 74 20 69 73 20 31 30 2e 00 52 61 74 65 20 43 6f 6e	.to.300,.default.is.10..Rate.Con
c2ee0	74 72 6f 6c 00 52 61 74 65 20 6c 69 6d 69 74 00 52 61 74 65 2d 43 6f 6e 74 72 6f 6c 20 69 73 20	trol.Rate.limit.Rate-Control.is.
c2f00	61 20 43 50 55 2d 66 72 69 65 6e 64 6c 79 20 70 6f 6c 69 63 79 2e 20 59 6f 75 20 6d 69 67 68 74	a.CPU-friendly.policy..You.might
c2f20	20 63 6f 6e 73 69 64 65 72 20 75 73 69 6e 67 20 69 74 20 77 68 65 6e 20 79 6f 75 20 6a 75 73 74	.consider.using.it.when.you.just
c2f40	20 73 69 6d 70 6c 79 20 77 61 6e 74 20 74 6f 20 73 6c 6f 77 20 74 72 61 66 66 69 63 20 64 6f 77	.simply.want.to.slow.traffic.dow
c2f60	6e 2e 00 52 61 74 65 2d 43 6f 6e 74 72 6f 6c 20 69 73 20 61 20 63 6c 61 73 73 6c 65 73 73 20 70	n..Rate-Control.is.a.classless.p
c2f80	6f 6c 69 63 79 20 74 68 61 74 20 6c 69 6d 69 74 73 20 74 68 65 20 70 61 63 6b 65 74 20 66 6c 6f	olicy.that.limits.the.packet.flo
c2fa0	77 20 74 6f 20 61 20 73 65 74 20 72 61 74 65 2e 20 49 74 20 69 73 20 61 20 70 75 72 65 20 73 68	w.to.a.set.rate..It.is.a.pure.sh
c2fc0	61 70 65 72 2c 20 69 74 20 64 6f 65 73 20 6e 6f 74 20 73 63 68 65 64 75 6c 65 20 74 72 61 66 66	aper,.it.does.not.schedule.traff
c2fe0	69 63 2e 20 54 72 61 66 66 69 63 20 69 73 20 66 69 6c 74 65 72 65 64 20 62 61 73 65 64 20 6f 6e	ic..Traffic.is.filtered.based.on
c3000	20 74 68 65 20 65 78 70 65 6e 64 69 74 75 72 65 20 6f 66 20 74 6f 6b 65 6e 73 2e 20 54 6f 6b 65	.the.expenditure.of.tokens..Toke
c3020	6e 73 20 72 6f 75 67 68 6c 79 20 63 6f 72 72 65 73 70 6f 6e 64 20 74 6f 20 62 79 74 65 73 2e 00	ns.roughly.correspond.to.bytes..
c3040	52 61 77 20 50 61 72 61 6d 65 74 65 72 73 00 52 61 77 20 70 61 72 61 6d 65 74 65 72 73 20 63 61	Raw.Parameters.Raw.parameters.ca
c3060	6e 20 62 65 20 70 61 73 73 65 64 20 74 6f 20 73 68 61 72 65 64 2d 6e 65 74 77 6f 72 6b 2d 6e 61	n.be.passed.to.shared-network-na
c3080	6d 65 2c 20 73 75 62 6e 65 74 20 61 6e 64 20 73 74 61 74 69 63 2d 6d 61 70 70 69 6e 67 3a 00 52	me,.subnet.and.static-mapping:.R
c30a0	65 2d 67 65 6e 65 72 61 74 65 64 20 61 20 6b 6e 6f 77 6e 20 70 75 62 2f 70 72 69 76 61 74 65 20	e-generated.a.known.pub/private.
c30c0	6b 65 79 66 69 6c 65 20 77 68 69 63 68 20 63 61 6e 20 62 65 20 75 73 65 64 20 74 6f 20 63 6f 6e	keyfile.which.can.be.used.to.con
c30e0	6e 65 63 74 20 74 6f 20 6f 74 68 65 72 20 73 65 72 76 69 63 65 73 20 28 65 2e 67 2e 20 52 50 4b	nect.to.other.services.(e.g..RPK
c3100	49 20 63 61 63 68 65 29 2e 00 52 65 2d 67 65 6e 65 72 61 74 65 64 20 74 68 65 20 70 75 62 6c 69	I.cache)..Re-generated.the.publi
c3120	63 2f 70 72 69 76 61 74 65 20 6b 65 79 70 6f 72 74 69 6f 6e 20 77 68 69 63 68 20 53 53 48 20 75	c/private.keyportion.which.SSH.u
c3140	73 65 73 20 74 6f 20 73 65 63 75 72 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 2e 00 52 65 61 63 68	ses.to.secure.connections..Reach
c3160	61 62 6c 65 20 54 69 6d 65 00 52 65 61 6c 20 73 65 72 76 65 72 00 52 65 61 6c 20 73 65 72 76 65	able.Time.Real.server.Real.serve
c3180	72 20 49 50 20 61 64 64 72 65 73 73 20 61 6e 64 20 70 6f 72 74 00 52 65 61 6c 20 73 65 72 76 65	r.IP.address.and.port.Real.serve
c31a0	72 20 69 73 20 61 75 74 6f 2d 65 78 63 6c 75 64 65 64 20 69 66 20 70 6f 72 74 20 63 68 65 63 6b	r.is.auto-excluded.if.port.check
c31c0	20 77 69 74 68 20 74 68 69 73 20 73 65 72 76 65 72 20 66 61 69 6c 2e 00 52 65 63 65 69 76 65 20	.with.this.server.fail..Receive.
c31e0	74 72 61 66 66 69 63 20 66 72 6f 6d 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 63 72 65 61 74 65 64	traffic.from.connections.created
c3200	20 62 79 20 74 68 65 20 73 65 72 76 65 72 20 69 73 20 61 6c 73 6f 20 62 61 6c 61 6e 63 65 64 2e	.by.the.server.is.also.balanced.
c3220	20 57 68 65 6e 20 74 68 65 20 6c 6f 63 61 6c 20 73 79 73 74 65 6d 20 73 65 6e 64 73 20 61 6e 20	.When.the.local.system.sends.an.
c3240	41 52 50 20 52 65 71 75 65 73 74 20 74 68 65 20 62 6f 6e 64 69 6e 67 20 64 72 69 76 65 72 20 63	ARP.Request.the.bonding.driver.c
c3260	6f 70 69 65 73 20 61 6e 64 20 73 61 76 65 73 20 74 68 65 20 70 65 65 72 27 73 20 49 50 20 69 6e	opies.and.saves.the.peer's.IP.in
c3280	66 6f 72 6d 61 74 69 6f 6e 20 66 72 6f 6d 20 74 68 65 20 41 52 50 20 70 61 63 6b 65 74 2e 20 57	formation.from.the.ARP.packet..W
c32a0	68 65 6e 20 74 68 65 20 41 52 50 20 52 65 70 6c 79 20 61 72 72 69 76 65 73 20 66 72 6f 6d 20 74	hen.the.ARP.Reply.arrives.from.t
c32c0	68 65 20 70 65 65 72 2c 20 69 74 73 20 68 61 72 64 77 61 72 65 20 61 64 64 72 65 73 73 20 69 73	he.peer,.its.hardware.address.is
c32e0	20 72 65 74 72 69 65 76 65 64 20 61 6e 64 20 74 68 65 20 62 6f 6e 64 69 6e 67 20 64 72 69 76 65	.retrieved.and.the.bonding.drive
c3300	72 20 69 6e 69 74 69 61 74 65 73 20 61 6e 20 41 52 50 20 72 65 70 6c 79 20 74 6f 20 74 68 69 73	r.initiates.an.ARP.reply.to.this
c3320	20 70 65 65 72 20 61 73 73 69 67 6e 69 6e 67 20 69 74 20 74 6f 20 6f 6e 65 20 6f 66 20 74 68 65	.peer.assigning.it.to.one.of.the
c3340	20 73 6c 61 76 65 73 20 69 6e 20 74 68 65 20 62 6f 6e 64 2e 20 41 20 70 72 6f 62 6c 65 6d 61 74	.slaves.in.the.bond..A.problemat
c3360	69 63 20 6f 75 74 63 6f 6d 65 20 6f 66 20 75 73 69 6e 67 20 41 52 50 20 6e 65 67 6f 74 69 61 74	ic.outcome.of.using.ARP.negotiat
c3380	69 6f 6e 20 66 6f 72 20 62 61 6c 61 6e 63 69 6e 67 20 69 73 20 74 68 61 74 20 65 61 63 68 20 74	ion.for.balancing.is.that.each.t
c33a0	69 6d 65 20 74 68 61 74 20 61 6e 20 41 52 50 20 72 65 71 75 65 73 74 20 69 73 20 62 72 6f 61 64	ime.that.an.ARP.request.is.broad
c33c0	63 61 73 74 20 69 74 20 75 73 65 73 20 74 68 65 20 68 61 72 64 77 61 72 65 20 61 64 64 72 65 73	cast.it.uses.the.hardware.addres
c33e0	73 20 6f 66 20 74 68 65 20 62 6f 6e 64 2e 20 48 65 6e 63 65 2c 20 70 65 65 72 73 20 6c 65 61 72	s.of.the.bond..Hence,.peers.lear
c3400	6e 20 74 68 65 20 68 61 72 64 77 61 72 65 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 62 6f	n.the.hardware.address.of.the.bo
c3420	6e 64 20 61 6e 64 20 74 68 65 20 62 61 6c 61 6e 63 69 6e 67 20 6f 66 20 72 65 63 65 69 76 65 20	nd.and.the.balancing.of.receive.
c3440	74 72 61 66 66 69 63 20 63 6f 6c 6c 61 70 73 65 73 20 74 6f 20 74 68 65 20 63 75 72 72 65 6e 74	traffic.collapses.to.the.current
c3460	20 73 6c 61 76 65 2e 20 54 68 69 73 20 69 73 20 68 61 6e 64 6c 65 64 20 62 79 20 73 65 6e 64 69	.slave..This.is.handled.by.sendi
c3480	6e 67 20 75 70 64 61 74 65 73 20 28 41 52 50 20 52 65 70 6c 69 65 73 29 20 74 6f 20 61 6c 6c 20	ng.updates.(ARP.Replies).to.all.
c34a0	74 68 65 20 70 65 65 72 73 20 77 69 74 68 20 74 68 65 69 72 20 69 6e 64 69 76 69 64 75 61 6c 6c	the.peers.with.their.individuall
c34c0	79 20 61 73 73 69 67 6e 65 64 20 68 61 72 64 77 61 72 65 20 61 64 64 72 65 73 73 20 73 75 63 68	y.assigned.hardware.address.such
c34e0	20 74 68 61 74 20 74 68 65 20 74 72 61 66 66 69 63 20 69 73 20 72 65 64 69 73 74 72 69 62 75 74	.that.the.traffic.is.redistribut
c3500	65 64 2e 20 52 65 63 65 69 76 65 20 74 72 61 66 66 69 63 20 69 73 20 61 6c 73 6f 20 72 65 64 69	ed..Receive.traffic.is.also.redi
c3520	73 74 72 69 62 75 74 65 64 20 77 68 65 6e 20 61 20 6e 65 77 20 73 6c 61 76 65 20 69 73 20 61 64	stributed.when.a.new.slave.is.ad
c3540	64 65 64 20 74 6f 20 74 68 65 20 62 6f 6e 64 20 61 6e 64 20 77 68 65 6e 20 61 6e 20 69 6e 61 63	ded.to.the.bond.and.when.an.inac
c3560	74 69 76 65 20 73 6c 61 76 65 20 69 73 20 72 65 2d 61 63 74 69 76 61 74 65 64 2e 20 54 68 65 20	tive.slave.is.re-activated..The.
c3580	72 65 63 65 69 76 65 20 6c 6f 61 64 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 73 65 71 75	receive.load.is.distributed.sequ
c35a0	65 6e 74 69 61 6c 6c 79 20 28 72 6f 75 6e 64 20 72 6f 62 69 6e 29 20 61 6d 6f 6e 67 20 74 68 65	entially.(round.robin).among.the
c35c0	20 67 72 6f 75 70 20 6f 66 20 68 69 67 68 65 73 74 20 73 70 65 65 64 20 73 6c 61 76 65 73 20 69	.group.of.highest.speed.slaves.i
c35e0	6e 20 74 68 65 20 62 6f 6e 64 2e 00 52 65 63 65 69 76 65 64 20 52 41 44 49 55 53 20 61 74 74 72	n.the.bond..Received.RADIUS.attr
c3600	69 62 75 74 65 73 20 68 61 76 65 20 61 20 68 69 67 68 65 72 20 70 72 69 6f 72 69 74 79 20 74 68	ibutes.have.a.higher.priority.th
c3620	61 6e 20 70 61 72 61 6d 65 74 65 72 73 20 64 65 66 69 6e 65 64 20 77 69 74 68 69 6e 20 74 68 65	an.parameters.defined.within.the
c3640	20 43 4c 49 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2c 20 72 65 66 65 72 20 74 6f 20 74 68 65	.CLI.configuration,.refer.to.the
c3660	20 65 78 70 6c 61 6e 61 74 69 6f 6e 20 62 65 6c 6f 77 2e 00 52 65 63 6f 6d 6d 65 6e 64 65 64 20	.explanation.below..Recommended.
c3680	66 6f 72 20 6c 61 72 67 65 72 20 69 6e 73 74 61 6c 6c 61 74 69 6f 6e 73 2e 00 52 65 64 69 72 65	for.larger.installations..Redire
c36a0	63 74 20 48 54 54 50 20 74 6f 20 48 54 54 50 53 00 52 65 64 69 72 65 63 74 20 4d 69 63 72 6f 73	ct.HTTP.to.HTTPS.Redirect.Micros
c36c0	6f 66 74 20 52 44 50 20 74 72 61 66 66 69 63 20 66 72 6f 6d 20 74 68 65 20 69 6e 74 65 72 6e 61	oft.RDP.traffic.from.the.interna
c36e0	6c 20 28 4c 41 4e 2c 20 70 72 69 76 61 74 65 29 20 6e 65 74 77 6f 72 6b 20 76 69 61 20 3a 72 65	l.(LAN,.private).network.via.:re
c3700	66 3a 60 64 65 73 74 69 6e 61 74 69 6f 6e 2d 6e 61 74 60 20 69 6e 20 72 75 6c 65 20 31 31 30 20	f:`destination-nat`.in.rule.110.
c3720	74 6f 20 74 68 65 20 69 6e 74 65 72 6e 61 6c 2c 20 70 72 69 76 61 74 65 20 68 6f 73 74 20 31 39	to.the.internal,.private.host.19
c3740	32 2e 30 2e 32 2e 34 30 2e 20 57 65 20 61 6c 73 6f 20 6e 65 65 64 20 61 20 3a 72 65 66 3a 60 73	2.0.2.40..We.also.need.a.:ref:`s
c3760	6f 75 72 63 65 2d 6e 61 74 60 20 72 75 6c 65 20 31 31 30 20 66 6f 72 20 74 68 65 20 72 65 76 65	ource-nat`.rule.110.for.the.reve
c3780	72 73 65 20 70 61 74 68 20 6f 66 20 74 68 65 20 74 72 61 66 66 69 63 2e 20 54 68 65 20 69 6e 74	rse.path.of.the.traffic..The.int
c37a0	65 72 6e 61 6c 20 6e 65 74 77 6f 72 6b 20 31 39 32 2e 30 2e 32 2e 30 2f 32 34 20 69 73 20 72 65	ernal.network.192.0.2.0/24.is.re
c37c0	61 63 68 61 62 6c 65 20 76 69 61 20 69 6e 74 65 72 66 61 63 65 20 60 65 74 68 30 2e 31 30 60 2e	achable.via.interface.`eth0.10`.
c37e0	00 52 65 64 69 72 65 63 74 20 4d 69 63 72 6f 73 6f 66 74 20 52 44 50 20 74 72 61 66 66 69 63 20	.Redirect.Microsoft.RDP.traffic.
c3800	66 72 6f 6d 20 74 68 65 20 6f 75 74 73 69 64 65 20 28 57 41 4e 2c 20 65 78 74 65 72 6e 61 6c 29	from.the.outside.(WAN,.external)
c3820	20 77 6f 72 6c 64 20 76 69 61 20 3a 72 65 66 3a 60 64 65 73 74 69 6e 61 74 69 6f 6e 2d 6e 61 74	.world.via.:ref:`destination-nat
c3840	60 20 69 6e 20 72 75 6c 65 20 31 30 30 20 74 6f 20 74 68 65 20 69 6e 74 65 72 6e 61 6c 2c 20 70	`.in.rule.100.to.the.internal,.p
c3860	72 69 76 61 74 65 20 68 6f 73 74 20 31 39 32 2e 30 2e 32 2e 34 30 2e 00 52 65 64 69 72 65 63 74	rivate.host.192.0.2.40..Redirect
c3880	20 55 52 4c 20 74 6f 20 61 20 6e 65 77 20 6c 6f 63 61 74 69 6f 6e 00 52 65 64 69 73 74 72 69 62	.URL.to.a.new.location.Redistrib
c38a0	75 74 69 6f 6e 20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 00 52 65 64 75 6e 64 61 6e 63 79 20 61	ution.Configuration.Redundancy.a
c38c0	6e 64 20 6c 6f 61 64 20 73 68 61 72 69 6e 67 2e 20 54 68 65 72 65 20 61 72 65 20 6d 75 6c 74 69	nd.load.sharing..There.are.multi
c38e0	70 6c 65 20 4e 41 54 36 36 20 64 65 76 69 63 65 73 20 61 74 20 74 68 65 20 65 64 67 65 20 6f 66	ple.NAT66.devices.at.the.edge.of
c3900	20 61 6e 20 49 50 76 36 20 6e 65 74 77 6f 72 6b 20 74 6f 20 61 6e 6f 74 68 65 72 20 49 50 76 36	.an.IPv6.network.to.another.IPv6
c3920	20 6e 65 74 77 6f 72 6b 2e 20 54 68 65 20 70 61 74 68 20 74 68 72 6f 75 67 68 20 74 68 65 20 4e	.network..The.path.through.the.N
c3940	41 54 36 36 20 64 65 76 69 63 65 20 74 6f 20 61 6e 6f 74 68 65 72 20 49 50 76 36 20 6e 65 74 77	AT66.device.to.another.IPv6.netw
c3960	6f 72 6b 20 66 6f 72 6d 73 20 61 6e 20 65 71 75 69 76 61 6c 65 6e 74 20 72 6f 75 74 65 2c 20 61	ork.forms.an.equivalent.route,.a
c3980	6e 64 20 74 72 61 66 66 69 63 20 63 61 6e 20 62 65 20 6c 6f 61 64 2d 73 68 61 72 65 64 20 6f 6e	nd.traffic.can.be.load-shared.on
c39a0	20 74 68 65 73 65 20 4e 41 54 36 36 20 64 65 76 69 63 65 73 2e 20 49 6e 20 74 68 69 73 20 63 61	.these.NAT66.devices..In.this.ca
c39c0	73 65 2c 20 79 6f 75 20 63 61 6e 20 63 6f 6e 66 69 67 75 72 65 20 74 68 65 20 73 61 6d 65 20 73	se,.you.can.configure.the.same.s
c39e0	6f 75 72 63 65 20 61 64 64 72 65 73 73 20 74 72 61 6e 73 6c 61 74 69 6f 6e 20 72 75 6c 65 73 20	ource.address.translation.rules.
c3a00	6f 6e 20 74 68 65 73 65 20 4e 41 54 36 36 20 64 65 76 69 63 65 73 2c 20 73 6f 20 74 68 61 74 20	on.these.NAT66.devices,.so.that.
c3a20	61 6e 79 20 4e 41 54 36 36 20 64 65 76 69 63 65 20 63 61 6e 20 68 61 6e 64 6c 65 20 49 50 76 36	any.NAT66.device.can.handle.IPv6
c3a40	20 74 72 61 66 66 69 63 20 62 65 74 77 65 65 6e 20 64 69 66 66 65 72 65 6e 74 20 73 69 74 65 73	.traffic.between.different.sites
c3a60	2e 00 52 65 67 69 73 74 65 72 20 44 4e 53 20 72 65 63 6f 72 64 20 60 60 65 78 61 6d 70 6c 65 2e	..Register.DNS.record.``example.
c3a80	76 79 6f 73 2e 69 6f 60 60 20 6f 6e 20 44 4e 53 20 73 65 72 76 65 72 20 60 60 6e 73 31 2e 76 79	vyos.io``.on.DNS.server.``ns1.vy
c3aa0	6f 73 2e 69 6f 60 60 00 52 65 67 75 6c 61 72 20 56 4c 41 4e 73 20 28 38 30 32 2e 31 71 29 00 52	os.io``.Regular.VLANs.(802.1q).R
c3ac0	65 67 75 6c 61 72 20 65 78 70 72 65 73 73 69 6f 6e 20 74 6f 20 6d 61 74 63 68 20 61 67 61 69 6e	egular.expression.to.match.again
c3ae0	73 74 20 61 20 63 6f 6d 6d 75 6e 69 74 79 2d 6c 69 73 74 2e 00 52 65 67 75 6c 61 72 20 65 78 70	st.a.community-list..Regular.exp
c3b00	72 65 73 73 69 6f 6e 20 74 6f 20 6d 61 74 63 68 20 61 67 61 69 6e 73 74 20 61 20 6c 61 72 67 65	ression.to.match.against.a.large
c3b20	20 63 6f 6d 6d 75 6e 69 74 79 20 6c 69 73 74 2e 00 52 65 67 75 6c 61 72 20 65 78 70 72 65 73 73	.community.list..Regular.express
c3b40	69 6f 6e 20 74 6f 20 6d 61 74 63 68 20 61 67 61 69 6e 73 74 20 61 6e 20 41 53 20 70 61 74 68 2e	ion.to.match.against.an.AS.path.
c3b60	20 46 6f 72 20 65 78 61 6d 70 6c 65 20 22 36 34 35 30 31 20 36 34 35 30 32 22 2e 00 52 65 67 75	.For.example."64501.64502"..Regu
c3b80	6c 61 72 20 65 78 70 72 65 73 73 69 6f 6e 20 74 6f 20 6d 61 74 63 68 20 61 67 61 69 6e 73 74 20	lar.expression.to.match.against.
c3ba0	61 6e 20 65 78 74 65 6e 64 65 64 20 63 6f 6d 6d 75 6e 69 74 79 20 6c 69 73 74 2c 20 77 68 65 72	an.extended.community.list,.wher
c3bc0	65 20 74 65 78 74 20 63 6f 75 6c 64 20 62 65 3a 00 52 65 6a 65 63 74 20 44 48 43 50 20 6c 65 61	e.text.could.be:.Reject.DHCP.lea
c3be0	73 65 73 20 66 72 6f 6d 20 61 20 67 69 76 65 6e 20 61 64 64 72 65 73 73 20 6f 72 20 72 61 6e 67	ses.from.a.given.address.or.rang
c3c00	65 2e 20 54 68 69 73 20 69 73 20 75 73 65 66 75 6c 20 77 68 65 6e 20 61 20 6d 6f 64 65 6d 20 67	e..This.is.useful.when.a.modem.g
c3c20	69 76 65 73 20 61 20 6c 6f 63 61 6c 20 49 50 20 77 68 65 6e 20 66 69 72 73 74 20 73 74 61 72 74	ives.a.local.IP.when.first.start
c3c40	69 6e 67 2e 00 52 65 6d 65 6d 62 65 72 20 73 6f 75 72 63 65 20 49 50 20 69 6e 20 73 65 63 6f 6e	ing..Remember.source.IP.in.secon
c3c60	64 73 20 62 65 66 6f 72 65 20 72 65 73 65 74 20 74 68 65 69 72 20 73 63 6f 72 65 2e 20 54 68 65	ds.before.reset.their.score..The
c3c80	20 64 65 66 61 75 6c 74 20 69 73 20 31 38 30 30 2e 00 52 65 6d 6f 74 65 20 41 63 63 65 73 73 00	.default.is.1800..Remote.Access.
c3ca0	52 65 6d 6f 74 65 20 41 63 63 65 73 73 20 22 52 6f 61 64 57 61 72 72 69 6f 72 22 20 45 78 61 6d	Remote.Access."RoadWarrior".Exam
c3cc0	70 6c 65 00 52 65 6d 6f 74 65 20 41 63 63 65 73 73 20 22 52 6f 61 64 57 61 72 72 69 6f 72 22 20	ple.Remote.Access."RoadWarrior".
c3ce0	63 6c 69 65 6e 74 73 00 52 65 6d 6f 74 65 20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 2d 20 41	clients.Remote.Configuration.-.A
c3d00	6e 6e 6f 74 61 74 65 64 3a 00 52 65 6d 6f 74 65 20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3a 00	nnotated:.Remote.Configuration:.
c3d20	52 65 6d 6f 74 65 20 48 6f 73 74 00 52 65 6d 6f 74 65 20 55 52 4c 00 52 65 6d 6f 74 65 20 55 52	Remote.Host.Remote.URL.Remote.UR
c3d40	4c 20 74 6f 20 53 70 6c 75 6e 6b 20 63 6f 6c 6c 65 63 74 6f 72 00 52 65 6d 6f 74 65 20 55 52 4c	L.to.Splunk.collector.Remote.URL
c3d60	2e 00 52 65 6d 6f 74 65 20 60 60 49 6e 66 6c 75 78 44 42 60 60 20 62 75 63 6b 65 74 20 6e 61 6d	..Remote.``InfluxDB``.bucket.nam
c3d80	65 00 52 65 6d 6f 74 65 20 64 61 74 61 62 61 73 65 20 6e 61 6d 65 2e 00 52 65 6d 6f 74 65 20 70	e.Remote.database.name..Remote.p
c3da0	65 65 72 20 49 50 20 60 3c 61 64 64 72 65 73 73 3e 60 20 6f 66 20 74 68 65 20 73 65 63 6f 6e 64	eer.IP.`<address>`.of.the.second
c3dc0	20 44 48 43 50 20 73 65 72 76 65 72 20 69 6e 20 74 68 69 73 20 66 61 69 6c 6f 76 65 72 20 63 6c	.DHCP.server.in.this.failover.cl
c3de0	75 73 74 65 72 2e 00 52 65 6d 6f 74 65 20 70 6f 72 74 00 52 65 6d 6f 74 65 20 74 72 61 6e 73 6d	uster..Remote.port.Remote.transm
c3e00	69 73 73 69 6f 6e 20 69 6e 74 65 72 76 61 6c 20 77 69 6c 6c 20 62 65 20 6d 75 6c 74 69 70 6c 69	ission.interval.will.be.multipli
c3e20	65 64 20 62 79 20 74 68 69 73 20 76 61 6c 75 65 00 52 65 6e 61 6d 69 6e 67 20 63 6c 69 65 6e 74	ed.by.this.value.Renaming.client
c3e40	73 20 69 6e 74 65 72 66 61 63 65 73 20 62 79 20 52 41 44 49 55 53 00 52 65 70 6c 61 79 20 70 72	s.interfaces.by.RADIUS.Replay.pr
c3e60	6f 74 65 63 74 69 6f 6e 00 52 65 71 75 65 73 74 20 6f 6e 6c 79 20 61 20 74 65 6d 70 6f 72 61 72	otection.Request.only.a.temporar
c3e80	79 20 61 64 64 72 65 73 73 20 61 6e 64 20 6e 6f 74 20 66 6f 72 6d 20 61 6e 20 49 41 5f 4e 41 20	y.address.and.not.form.an.IA_NA.
c3ea0	28 49 64 65 6e 74 69 74 79 20 41 73 73 6f 63 69 61 74 69 6f 6e 20 66 6f 72 20 4e 6f 6e 2d 74 65	(Identity.Association.for.Non-te
c3ec0	6d 70 6f 72 61 72 79 20 41 64 64 72 65 73 73 65 73 29 20 70 61 72 74 6e 65 72 73 68 69 70 2e 00	mporary.Addresses).partnership..
c3ee0	52 65 71 75 65 73 74 73 20 61 72 65 20 66 6f 72 77 61 72 64 65 64 20 74 68 72 6f 75 67 68 20 60	Requests.are.forwarded.through.`
c3f00	60 65 74 68 32 60 60 20 61 73 20 74 68 65 20 60 75 70 73 74 72 65 61 6d 20 69 6e 74 65 72 66 61	`eth2``.as.the.`upstream.interfa
c3f20	63 65 60 00 52 65 71 75 69 72 65 20 74 68 65 20 70 65 65 72 20 74 6f 20 61 75 74 68 65 6e 74 69	ce`.Require.the.peer.to.authenti
c3f40	63 61 74 65 20 69 74 73 65 6c 66 20 75 73 69 6e 67 20 6f 6e 65 20 6f 66 20 74 68 65 20 66 6f 6c	cate.itself.using.one.of.the.fol
c3f60	6c 6f 77 69 6e 67 20 70 72 6f 74 6f 63 6f 6c 73 3a 20 70 61 70 2c 20 63 68 61 70 2c 20 6d 73 63	lowing.protocols:.pap,.chap,.msc
c3f80	68 61 70 2c 20 6d 73 63 68 61 70 2d 76 32 2e 00 52 65 71 75 69 72 65 6d 65 6e 74 73 00 52 65 71	hap,.mschap-v2..Requirements.Req
c3fa0	75 69 72 65 6d 65 6e 74 73 3a 00 52 65 73 65 74 00 52 65 73 65 74 20 4f 70 65 6e 56 50 4e 00 52	uirements:.Reset.Reset.OpenVPN.R
c3fc0	65 73 65 74 20 63 6f 6d 6d 61 6e 64 73 00 52 65 73 65 74 73 20 74 68 65 20 6c 6f 63 61 6c 20 44	eset.commands.Resets.the.local.D
c3fe0	4e 53 20 66 6f 72 77 61 72 64 69 6e 67 20 63 61 63 68 65 20 64 61 74 61 62 61 73 65 2e 20 59 6f	NS.forwarding.cache.database..Yo
c4000	75 20 63 61 6e 20 72 65 73 65 74 20 74 68 65 20 63 61 63 68 65 20 66 6f 72 20 61 6c 6c 20 65 6e	u.can.reset.the.cache.for.all.en
c4020	74 72 69 65 73 20 6f 72 20 6f 6e 6c 79 20 66 6f 72 20 65 6e 74 72 69 65 73 20 74 6f 20 61 20 73	tries.or.only.for.entries.to.a.s
c4040	70 65 63 69 66 69 63 20 64 6f 6d 61 69 6e 2e 00 52 65 73 74 61 72 74 00 52 65 73 74 61 72 74 20	pecific.domain..Restart.Restart.
c4060	44 48 43 50 20 72 65 6c 61 79 20 73 65 72 76 69 63 65 00 52 65 73 74 61 72 74 20 44 48 43 50 76	DHCP.relay.service.Restart.DHCPv
c4080	36 20 72 65 6c 61 79 20 61 67 65 6e 74 20 69 6d 6d 65 64 69 61 74 65 6c 79 2e 00 52 65 73 74 61	6.relay.agent.immediately..Resta
c40a0	72 74 20 61 20 67 69 76 65 6e 20 63 6f 6e 74 61 69 6e 65 72 00 52 65 73 74 61 72 74 20 74 68 65	rt.a.given.container.Restart.the
c40c0	20 44 48 43 50 20 73 65 72 76 65 72 00 52 65 73 74 61 72 74 20 74 68 65 20 49 47 4d 50 20 70 72	.DHCP.server.Restart.the.IGMP.pr
c40e0	6f 78 79 20 70 72 6f 63 65 73 73 2e 00 52 65 73 74 61 72 74 20 74 68 65 20 53 53 48 20 64 61 65	oxy.process..Restart.the.SSH.dae
c4100	6d 6f 6e 20 70 72 6f 63 65 73 73 2c 20 74 68 65 20 63 75 72 72 65 6e 74 20 73 65 73 73 69 6f 6e	mon.process,.the.current.session
c4120	20 69 73 20 6e 6f 74 20 61 66 66 65 63 74 65 64 2c 20 6f 6e 6c 79 20 74 68 65 20 62 61 63 6b 67	.is.not.affected,.only.the.backg
c4140	72 6f 75 6e 64 20 64 61 65 6d 6f 6e 20 69 73 20 72 65 73 74 61 72 74 65 64 2e 00 52 65 73 74 61	round.daemon.is.restarted..Resta
c4160	72 74 73 20 74 68 65 20 44 4e 53 20 72 65 63 75 72 73 6f 72 20 70 72 6f 63 65 73 73 2e 20 54 68	rts.the.DNS.recursor.process..Th
c4180	69 73 20 61 6c 73 6f 20 69 6e 76 61 6c 69 64 61 74 65 73 20 74 68 65 20 6c 6f 63 61 6c 20 44 4e	is.also.invalidates.the.local.DN
c41a0	53 20 66 6f 72 77 61 72 64 69 6e 67 20 63 61 63 68 65 2e 00 52 65 73 75 6c 74 69 6e 67 20 69 6e	S.forwarding.cache..Resulting.in
c41c0	00 52 65 73 75 6c 74 73 20 69 6e 3a 00 52 65 74 72 61 6e 73 6d 69 74 20 54 69 6d 65 72 00 52 65	.Results.in:.Retransmit.Timer.Re
c41e0	74 72 69 65 76 65 20 63 75 72 72 65 6e 74 20 73 74 61 74 69 73 74 69 63 73 20 6f 66 20 63 6f 6e	trieve.current.statistics.of.con
c4200	6e 65 63 74 69 6f 6e 20 74 72 61 63 6b 69 6e 67 20 73 75 62 73 79 73 74 65 6d 2e 00 52 65 74 72	nection.tracking.subsystem..Retr
c4220	69 65 76 65 20 63 75 72 72 65 6e 74 20 73 74 61 74 75 73 20 6f 66 20 63 6f 6e 6e 65 63 74 69 6f	ieve.current.status.of.connectio
c4240	6e 20 74 72 61 63 6b 69 6e 67 20 73 75 62 73 79 73 74 65 6d 2e 00 52 65 74 72 69 65 76 65 20 70	n.tracking.subsystem..Retrieve.p
c4260	75 62 6c 69 63 20 6b 65 79 20 70 6f 72 74 69 6f 6e 20 66 72 6f 6d 20 63 6f 6e 66 69 67 75 72 65	ublic.key.portion.from.configure
c4280	64 20 57 49 72 65 47 75 61 72 64 20 69 6e 74 65 72 66 61 63 65 2e 00 52 65 76 65 72 73 65 2d 70	d.WIreGuard.interface..Reverse-p
c42a0	72 6f 78 79 00 52 6f 75 6e 64 20 52 6f 62 69 6e 00 52 6f 75 74 65 20 41 67 67 72 65 67 61 74 69	roxy.Round.Robin.Route.Aggregati
c42c0	6f 6e 20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 00 52 6f 75 74 65 20 44 61 6d 70 65 6e 69 6e 67	on.Configuration.Route.Dampening
c42e0	00 52 6f 75 74 65 20 46 69 6c 74 65 72 69 6e 67 00 52 6f 75 74 65 20 46 69 6c 74 65 72 69 6e 67	.Route.Filtering.Route.Filtering
c4300	20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 00 52 6f 75 74 65 20 4d 61 70 00 52 6f 75 74 65 20 4d	.Configuration.Route.Map.Route.M
c4320	61 70 20 50 6f 6c 69 63 79 00 52 6f 75 74 65 20 52 65 64 69 73 74 72 69 62 75 74 69 6f 6e 00 52	ap.Policy.Route.Redistribution.R
c4340	6f 75 74 65 20 52 65 66 6c 65 63 74 6f 72 20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 00 52 6f 75	oute.Reflector.Configuration.Rou
c4360	74 65 20 53 65 6c 65 63 74 69 6f 6e 00 52 6f 75 74 65 20 53 65 6c 65 63 74 69 6f 6e 20 43 6f 6e	te.Selection.Route.Selection.Con
c4380	66 69 67 75 72 61 74 69 6f 6e 00 52 6f 75 74 65 20 61 6e 64 20 52 6f 75 74 65 36 20 50 6f 6c 69	figuration.Route.and.Route6.Poli
c43a0	63 79 00 52 6f 75 74 65 20 64 61 6d 70 65 6e 69 6e 67 20 77 69 63 68 20 64 65 73 63 72 69 62 65	cy.Route.dampening.wich.describe
c43c0	64 20 69 6e 20 3a 72 66 63 3a 60 32 34 33 39 60 20 65 6e 61 62 6c 65 73 20 79 6f 75 20 74 6f 20	d.in.:rfc:`2439`.enables.you.to.
c43e0	69 64 65 6e 74 69 66 79 20 72 6f 75 74 65 73 20 74 68 61 74 20 72 65 70 65 61 74 65 64 6c 79 20	identify.routes.that.repeatedly.
c4400	66 61 69 6c 20 61 6e 64 20 72 65 74 75 72 6e 2e 20 49 66 20 72 6f 75 74 65 20 64 61 6d 70 65 6e	fail.and.return..If.route.dampen
c4420	69 6e 67 20 69 73 20 65 6e 61 62 6c 65 64 2c 20 61 6e 20 75 6e 73 74 61 62 6c 65 20 72 6f 75 74	ing.is.enabled,.an.unstable.rout
c4440	65 20 61 63 63 75 6d 75 6c 61 74 65 73 20 70 65 6e 61 6c 74 69 65 73 20 65 61 63 68 20 74 69 6d	e.accumulates.penalties.each.tim
c4460	65 20 74 68 65 20 72 6f 75 74 65 20 66 61 69 6c 73 20 61 6e 64 20 72 65 74 75 72 6e 73 2e 20 49	e.the.route.fails.and.returns..I
c4480	66 20 74 68 65 20 61 63 63 75 6d 75 6c 61 74 65 64 20 70 65 6e 61 6c 74 69 65 73 20 65 78 63 65	f.the.accumulated.penalties.exce
c44a0	65 64 20 61 20 74 68 72 65 73 68 6f 6c 64 2c 20 74 68 65 20 72 6f 75 74 65 20 69 73 20 6e 6f 20	ed.a.threshold,.the.route.is.no.
c44c0	6c 6f 6e 67 65 72 20 61 64 76 65 72 74 69 73 65 64 2e 20 54 68 69 73 20 69 73 20 72 6f 75 74 65	longer.advertised..This.is.route
c44e0	20 73 75 70 70 72 65 73 73 69 6f 6e 2e 20 52 6f 75 74 65 73 20 74 68 61 74 20 68 61 76 65 20 62	.suppression..Routes.that.have.b
c4500	65 65 6e 20 73 75 70 70 72 65 73 73 65 64 20 61 72 65 20 72 65 2d 65 6e 74 65 72 65 64 20 69 6e	een.suppressed.are.re-entered.in
c4520	74 6f 20 74 68 65 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 20 6f 6e 6c 79 20 77 68 65 6e 20 74	to.the.routing.table.only.when.t
c4540	68 65 20 61 6d 6f 75 6e 74 20 6f 66 20 74 68 65 69 72 20 70 65 6e 61 6c 74 79 20 66 61 6c 6c 73	he.amount.of.their.penalty.falls
c4560	20 62 65 6c 6f 77 20 61 20 74 68 72 65 73 68 6f 6c 64 2e 00 52 6f 75 74 65 20 66 69 6c 74 65 72	.below.a.threshold..Route.filter
c4580	20 63 61 6e 20 62 65 20 61 70 70 6c 69 65 64 20 75 73 69 6e 67 20 61 20 72 6f 75 74 65 2d 6d 61	.can.be.applied.using.a.route-ma
c45a0	70 3a 00 52 6f 75 74 65 20 6d 61 70 20 69 73 20 61 20 70 6f 77 65 72 66 75 6c 6c 20 63 6f 6d 6d	p:.Route.map.is.a.powerfull.comm
c45c0	61 6e 64 2c 20 74 68 61 74 20 67 69 76 65 73 20 6e 65 74 77 6f 72 6b 20 61 64 6d 69 6e 69 73 74	and,.that.gives.network.administ
c45e0	72 61 74 6f 72 73 20 61 20 76 65 72 79 20 75 73 65 66 75 6c 20 61 6e 64 20 66 6c 65 78 69 62 6c	rators.a.very.useful.and.flexibl
c4600	65 20 74 6f 6f 6c 20 66 6f 72 20 74 72 61 66 66 69 63 20 6d 61 6e 69 70 75 6c 61 74 69 6f 6e 2e	e.tool.for.traffic.manipulation.
c4620	00 52 6f 75 74 65 20 6d 61 70 73 20 63 61 6e 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 74 6f	.Route.maps.can.be.configured.to
c4640	20 6d 61 74 63 68 20 61 20 73 70 65 63 69 66 69 63 20 52 50 4b 49 20 76 61 6c 69 64 61 74 69 6f	.match.a.specific.RPKI.validatio
c4660	6e 20 73 74 61 74 65 2e 20 54 68 69 73 20 61 6c 6c 6f 77 73 20 74 68 65 20 63 72 65 61 74 69 6f	n.state..This.allows.the.creatio
c4680	6e 20 6f 66 20 6c 6f 63 61 6c 20 70 6f 6c 69 63 69 65 73 2c 20 77 68 69 63 68 20 68 61 6e 64 6c	n.of.local.policies,.which.handl
c46a0	65 20 42 47 50 20 72 6f 75 74 65 73 20 62 61 73 65 64 20 6f 6e 20 74 68 65 20 6f 75 74 63 6f 6d	e.BGP.routes.based.on.the.outcom
c46c0	65 20 6f 66 20 74 68 65 20 50 72 65 66 69 78 20 4f 72 69 67 69 6e 20 56 61 6c 69 64 61 74 69 6f	e.of.the.Prefix.Origin.Validatio
c46e0	6e 2e 00 52 6f 75 74 65 20 6d 65 74 72 69 63 00 52 6f 75 74 65 20 74 61 67 20 74 6f 20 6d 61 74	n..Route.metric.Route.tag.to.mat
c4700	63 68 2e 00 52 6f 75 74 65 72 20 41 64 76 65 72 74 69 73 65 6d 65 6e 74 73 00 52 6f 75 74 65 72	ch..Router.Advertisements.Router
c4720	20 4c 69 66 65 74 69 6d 65 00 52 6f 75 74 65 72 20 72 65 63 65 69 76 65 73 20 44 48 43 50 20 63	.Lifetime.Router.receives.DHCP.c
c4740	6c 69 65 6e 74 20 72 65 71 75 65 73 74 73 20 6f 6e 20 60 60 65 74 68 31 60 60 20 61 6e 64 20 72	lient.requests.on.``eth1``.and.r
c4760	65 6c 61 79 73 20 74 68 65 6d 20 74 6f 20 74 68 65 20 73 65 72 76 65 72 20 61 74 20 31 30 2e 30	elays.them.to.the.server.at.10.0
c4780	2e 31 2e 34 20 6f 6e 20 60 60 65 74 68 32 60 60 2e 00 52 6f 75 74 65 73 20 65 78 70 6f 72 74 65	.1.4.on.``eth2``..Routes.exporte
c47a0	64 20 66 72 6f 6d 20 61 20 75 6e 69 63 61 73 74 20 56 52 46 20 74 6f 20 74 68 65 20 56 50 4e 20	d.from.a.unicast.VRF.to.the.VPN.
c47c0	52 49 42 20 6d 75 73 74 20 62 65 20 61 75 67 6d 65 6e 74 65 64 20 62 79 20 74 77 6f 20 70 61 72	RIB.must.be.augmented.by.two.par
c47e0	61 6d 65 74 65 72 73 3a 00 52 6f 75 74 65 73 20 6f 6e 20 4e 6f 64 65 20 32 3a 00 52 6f 75 74 65	ameters:.Routes.on.Node.2:.Route
c4800	73 20 74 68 61 74 20 61 72 65 20 73 65 6e 74 20 66 72 6f 6d 20 70 72 6f 76 69 64 65 72 2c 20 72	s.that.are.sent.from.provider,.r
c4820	73 2d 73 65 72 76 65 72 2c 20 6f 72 20 74 68 65 20 70 65 65 72 20 6c 6f 63 61 6c 2d 72 6f 6c 65	s-server,.or.the.peer.local-role
c4840	20 28 6f 72 20 69 66 20 72 65 63 65 69 76 65 64 20 62 79 20 63 75 73 74 6f 6d 65 72 2c 20 72 73	.(or.if.received.by.customer,.rs
c4860	2d 63 6c 69 65 6e 74 2c 20 6f 72 20 74 68 65 20 70 65 65 72 20 6c 6f 63 61 6c 2d 72 6f 6c 65 29	-client,.or.the.peer.local-role)
c4880	20 77 69 6c 6c 20 62 65 20 6d 61 72 6b 65 64 20 77 69 74 68 20 61 20 6e 65 77 20 4f 6e 6c 79 20	.will.be.marked.with.a.new.Only.
c48a0	74 6f 20 43 75 73 74 6f 6d 65 72 20 28 4f 54 43 29 20 61 74 74 72 69 62 75 74 65 2e 00 52 6f 75	to.Customer.(OTC).attribute..Rou
c48c0	74 65 73 20 77 69 74 68 20 61 20 64 69 73 74 61 6e 63 65 20 6f 66 20 32 35 35 20 61 72 65 20 65	tes.with.a.distance.of.255.are.e
c48e0	66 66 65 63 74 69 76 65 6c 79 20 64 69 73 61 62 6c 65 64 20 61 6e 64 20 6e 6f 74 20 69 6e 73 74	ffectively.disabled.and.not.inst
c4900	61 6c 6c 65 64 20 69 6e 74 6f 20 74 68 65 20 6b 65 72 6e 65 6c 2e 00 52 6f 75 74 65 73 20 77 69	alled.into.the.kernel..Routes.wi
c4920	74 68 20 74 68 69 73 20 61 74 74 72 69 62 75 74 65 20 63 61 6e 20 6f 6e 6c 79 20 62 65 20 73 65	th.this.attribute.can.only.be.se
c4940	6e 74 20 74 6f 20 79 6f 75 72 20 6e 65 69 67 68 62 6f 72 20 69 66 20 79 6f 75 72 20 6c 6f 63 61	nt.to.your.neighbor.if.your.loca
c4960	6c 2d 72 6f 6c 65 20 69 73 20 70 72 6f 76 69 64 65 72 20 6f 72 20 72 73 2d 73 65 72 76 65 72 2e	l-role.is.provider.or.rs-server.
c4980	20 52 6f 75 74 65 73 20 77 69 74 68 20 74 68 69 73 20 61 74 74 72 69 62 75 74 65 20 63 61 6e 20	.Routes.with.this.attribute.can.
c49a0	62 65 20 72 65 63 65 69 76 65 64 20 6f 6e 6c 79 20 69 66 20 79 6f 75 72 20 6c 6f 63 61 6c 2d 72	be.received.only.if.your.local-r
c49c0	6f 6c 65 20 69 73 20 63 75 73 74 6f 6d 65 72 20 6f 72 20 72 73 2d 63 6c 69 65 6e 74 2e 00 52 6f	ole.is.customer.or.rs-client..Ro
c49e0	75 74 69 6e 65 00 52 6f 75 74 69 6e 67 00 52 6f 75 74 69 6e 67 20 74 61 62 6c 65 73 20 74 68 61	utine.Routing.Routing.tables.tha
c4a00	74 20 77 69 6c 6c 20 62 65 20 75 73 65 64 20 69 6e 20 74 68 69 73 20 65 78 61 6d 70 6c 65 20 61	t.will.be.used.in.this.example.a
c4a20	72 65 3a 00 52 75 6c 65 20 31 30 20 6d 61 74 63 68 65 73 20 72 65 71 75 65 73 74 73 20 77 69 74	re:.Rule.10.matches.requests.wit
c4a40	68 20 74 68 65 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 20 60 60 6e 6f 64 65 31 2e 65 78 61 6d 70 6c	h.the.domain.name.``node1.exampl
c4a60	65 2e 63 6f 6d 60 60 20 66 6f 72 77 61 72 64 73 20 74 6f 20 74 68 65 20 62 61 63 6b 65 6e 64 20	e.com``.forwards.to.the.backend.
c4a80	60 60 62 6b 2d 61 70 69 2d 30 31 60 60 00 52 75 6c 65 20 31 30 20 6d 61 74 63 68 65 73 20 72 65	``bk-api-01``.Rule.10.matches.re
c4aa0	71 75 65 73 74 73 20 77 69 74 68 20 74 68 65 20 65 78 61 63 74 20 55 52 4c 20 70 61 74 68 20 60	quests.with.the.exact.URL.path.`
c4ac0	60 2f 2e 77 65 6c 6c 2d 6b 6e 6f 77 6e 2f 78 78 78 60 60 20 61 6e 64 20 72 65 64 69 72 65 63 74	`/.well-known/xxx``.and.redirect
c4ae0	73 20 74 6f 20 6c 6f 63 61 74 69 6f 6e 20 60 60 2f 63 65 72 74 73 2f 60 60 2e 00 52 75 6c 65 20	s.to.location.``/certs/``..Rule.
c4b00	32 30 20 6d 61 74 63 68 65 73 20 72 65 71 75 65 73 74 73 20 77 69 74 68 20 55 52 4c 20 70 61 74	20.matches.requests.with.URL.pat
c4b20	68 73 20 65 6e 64 69 6e 67 20 69 6e 20 60 60 2f 6d 61 69 6c 60 60 20 6f 72 20 65 78 61 63 74 20	hs.ending.in.``/mail``.or.exact.
c4b40	70 61 74 68 20 60 60 2f 65 6d 61 69 6c 2f 62 61 72 60 60 20 72 65 64 69 72 65 63 74 20 74 6f 20	path.``/email/bar``.redirect.to.
c4b60	6c 6f 63 61 74 69 6f 6e 20 60 60 2f 70 6f 73 74 66 69 78 2f 60 60 2e 00 52 75 6c 65 20 32 30 20	location.``/postfix/``..Rule.20.
c4b80	6d 61 74 63 68 65 73 20 72 65 71 75 65 73 74 73 20 77 69 74 68 20 74 68 65 20 64 6f 6d 61 69 6e	matches.requests.with.the.domain
c4ba0	20 6e 61 6d 65 20 60 60 6e 6f 64 65 32 2e 65 78 61 6d 70 6c 65 2e 63 6f 6d 60 60 20 66 6f 72 77	.name.``node2.example.com``.forw
c4bc0	61 72 64 73 20 74 6f 20 74 68 65 20 62 61 63 6b 65 6e 64 20 60 60 62 6b 2d 61 70 69 2d 30 32 60	ards.to.the.backend.``bk-api-02`
c4be0	60 00 52 75 6c 65 20 53 74 61 74 75 73 00 52 75 6c 65 2d 53 65 74 73 00 52 75 6c 65 2d 73 65 74	`.Rule.Status.Rule-Sets.Rule-set
c4c00	20 6f 76 65 72 76 69 65 77 00 52 75 6c 65 73 00 52 75 6c 65 73 20 61 6c 6c 6f 77 20 74 6f 20 63	.overview.Rules.Rules.allow.to.c
c4c20	6f 6e 74 72 6f 6c 20 61 6e 64 20 72 6f 75 74 65 20 69 6e 63 6f 6d 69 6e 67 20 74 72 61 66 66 69	ontrol.and.route.incoming.traffi
c4c40	63 20 74 6f 20 73 70 65 63 69 66 69 63 20 62 61 63 6b 65 6e 64 20 62 61 73 65 64 20 6f 6e 20 70	c.to.specific.backend.based.on.p
c4c60	72 65 64 65 66 69 6e 65 64 20 63 6f 6e 64 69 74 69 6f 6e 73 2e 20 52 75 6c 65 73 20 61 6c 6c 6f	redefined.conditions..Rules.allo
c4c80	77 20 74 6f 20 64 65 66 69 6e 65 20 6d 61 74 63 68 69 6e 67 20 63 72 69 74 65 72 69 61 20 61 6e	w.to.define.matching.criteria.an
c4ca0	64 20 70 65 72 66 6f 72 6d 20 61 63 74 69 6f 6e 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 00 52 75	d.perform.action.accordingly..Ru
c4cc0	6c 65 73 20 77 69 6c 6c 20 62 65 20 63 72 65 61 74 65 64 20 66 6f 72 20 62 6f 74 68 20 3a 72 65	les.will.be.created.for.both.:re
c4ce0	66 3a 60 73 6f 75 72 63 65 2d 6e 61 74 60 20 61 6e 64 20 3a 72 65 66 3a 60 64 65 73 74 69 6e 61	f:`source-nat`.and.:ref:`destina
c4d00	74 69 6f 6e 2d 6e 61 74 60 2e 00 52 75 6e 6e 69 6e 67 20 42 65 68 69 6e 64 20 4e 41 54 00 53 4e	tion-nat`..Running.Behind.NAT.SN
c4d20	41 54 00 53 4e 41 54 36 36 00 53 4e 4d 50 00 53 4e 4d 50 20 45 78 74 65 6e 73 69 6f 6e 73 00 53	AT.SNAT66.SNMP.SNMP.Extensions.S
c4d40	4e 4d 50 20 50 72 6f 74 6f 63 6f 6c 20 56 65 72 73 69 6f 6e 73 00 53 4e 4d 50 20 63 61 6e 20 77	NMP.Protocol.Versions.SNMP.can.w
c4d60	6f 72 6b 20 73 79 6e 63 68 72 6f 6e 6f 75 73 6c 79 20 6f 72 20 61 73 79 6e 63 68 72 6f 6e 6f 75	ork.synchronously.or.asynchronou
c4d80	73 6c 79 2e 20 49 6e 20 73 79 6e 63 68 72 6f 6e 6f 75 73 20 63 6f 6d 6d 75 6e 69 63 61 74 69 6f	sly..In.synchronous.communicatio
c4da0	6e 2c 20 74 68 65 20 6d 6f 6e 69 74 6f 72 69 6e 67 20 73 79 73 74 65 6d 20 71 75 65 72 69 65 73	n,.the.monitoring.system.queries
c4dc0	20 74 68 65 20 72 6f 75 74 65 72 20 70 65 72 69 6f 64 69 63 61 6c 6c 79 2e 20 49 6e 20 61 73 79	.the.router.periodically..In.asy
c4de0	6e 63 68 72 6f 6e 6f 75 73 2c 20 74 68 65 20 72 6f 75 74 65 72 20 73 65 6e 64 73 20 6e 6f 74 69	nchronous,.the.router.sends.noti
c4e00	66 69 63 61 74 69 6f 6e 20 74 6f 20 74 68 65 20 22 74 72 61 70 22 20 28 74 68 65 20 6d 6f 6e 69	fication.to.the."trap".(the.moni
c4e20	74 6f 72 69 6e 67 20 68 6f 73 74 29 2e 00 53 4e 4d 50 20 69 73 20 61 20 63 6f 6d 70 6f 6e 65 6e	toring.host)..SNMP.is.a.componen
c4e40	74 20 6f 66 20 74 68 65 20 49 6e 74 65 72 6e 65 74 20 50 72 6f 74 6f 63 6f 6c 20 53 75 69 74 65	t.of.the.Internet.Protocol.Suite
c4e60	20 61 73 20 64 65 66 69 6e 65 64 20 62 79 20 74 68 65 20 49 6e 74 65 72 6e 65 74 20 45 6e 67 69	.as.defined.by.the.Internet.Engi
c4e80	6e 65 65 72 69 6e 67 20 54 61 73 6b 20 46 6f 72 63 65 20 28 49 45 54 46 29 2e 20 49 74 20 63 6f	neering.Task.Force.(IETF)..It.co
c4ea0	6e 73 69 73 74 73 20 6f 66 20 61 20 73 65 74 20 6f 66 20 73 74 61 6e 64 61 72 64 73 20 66 6f 72	nsists.of.a.set.of.standards.for
c4ec0	20 6e 65 74 77 6f 72 6b 20 6d 61 6e 61 67 65 6d 65 6e 74 2c 20 69 6e 63 6c 75 64 69 6e 67 20 61	.network.management,.including.a
c4ee0	6e 20 61 70 70 6c 69 63 61 74 69 6f 6e 20 6c 61 79 65 72 20 70 72 6f 74 6f 63 6f 6c 2c 20 61 20	n.application.layer.protocol,.a.
c4f00	64 61 74 61 62 61 73 65 20 73 63 68 65 6d 61 2c 20 61 6e 64 20 61 20 73 65 74 20 6f 66 20 64 61	database.schema,.and.a.set.of.da
c4f20	74 61 20 6f 62 6a 65 63 74 73 2e 00 53 4e 4d 50 20 69 73 20 77 69 64 65 6c 79 20 75 73 65 64 20	ta.objects..SNMP.is.widely.used.
c4f40	69 6e 20 6e 65 74 77 6f 72 6b 20 6d 61 6e 61 67 65 6d 65 6e 74 20 66 6f 72 20 6e 65 74 77 6f 72	in.network.management.for.networ
c4f60	6b 20 6d 6f 6e 69 74 6f 72 69 6e 67 2e 20 53 4e 4d 50 20 65 78 70 6f 73 65 73 20 6d 61 6e 61 67	k.monitoring..SNMP.exposes.manag
c4f80	65 6d 65 6e 74 20 64 61 74 61 20 69 6e 20 74 68 65 20 66 6f 72 6d 20 6f 66 20 76 61 72 69 61 62	ement.data.in.the.form.of.variab
c4fa0	6c 65 73 20 6f 6e 20 74 68 65 20 6d 61 6e 61 67 65 64 20 73 79 73 74 65 6d 73 20 6f 72 67 61 6e	les.on.the.managed.systems.organ
c4fc0	69 7a 65 64 20 69 6e 20 61 20 6d 61 6e 61 67 65 6d 65 6e 74 20 69 6e 66 6f 72 6d 61 74 69 6f 6e	ized.in.a.management.information
c4fe0	20 62 61 73 65 20 28 4d 49 42 5f 29 20 77 68 69 63 68 20 64 65 73 63 72 69 62 65 20 74 68 65 20	.base.(MIB_).which.describe.the.
c5000	73 79 73 74 65 6d 20 73 74 61 74 75 73 20 61 6e 64 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2e	system.status.and.configuration.
c5020	20 54 68 65 73 65 20 76 61 72 69 61 62 6c 65 73 20 63 61 6e 20 74 68 65 6e 20 62 65 20 72 65 6d	.These.variables.can.then.be.rem
c5040	6f 74 65 6c 79 20 71 75 65 72 69 65 64 20 28 61 6e 64 2c 20 69 6e 20 73 6f 6d 65 20 63 69 72 63	otely.queried.(and,.in.some.circ
c5060	75 6d 73 74 61 6e 63 65 73 2c 20 6d 61 6e 69 70 75 6c 61 74 65 64 29 20 62 79 20 6d 61 6e 61 67	umstances,.manipulated).by.manag
c5080	69 6e 67 20 61 70 70 6c 69 63 61 74 69 6f 6e 73 2e 00 53 4e 4d 50 76 32 00 53 4e 4d 50 76 32 20	ing.applications..SNMPv2.SNMPv2.
c50a0	64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 61 6e 79 20 61 75 74 68 65 6e 74 69 63 61 74	does.not.support.any.authenticat
c50c0	69 6f 6e 20 6d 65 63 68 61 6e 69 73 6d 73 2c 20 6f 74 68 65 72 20 74 68 61 6e 20 63 6c 69 65 6e	ion.mechanisms,.other.than.clien
c50e0	74 20 73 6f 75 72 63 65 20 61 64 64 72 65 73 73 2c 20 73 6f 20 79 6f 75 20 73 68 6f 75 6c 64 20	t.source.address,.so.you.should.
c5100	73 70 65 63 69 66 79 20 61 64 64 72 65 73 73 65 73 20 6f 66 20 63 6c 69 65 6e 74 73 20 61 6c 6c	specify.addresses.of.clients.all
c5120	6f 77 65 64 20 74 6f 20 6d 6f 6e 69 74 6f 72 20 74 68 65 20 72 6f 75 74 65 72 2e 20 4e 6f 74 65	owed.to.monitor.the.router..Note
c5140	20 74 68 61 74 20 53 4e 4d 50 76 32 20 61 6c 73 6f 20 73 75 70 70 6f 72 74 73 20 6e 6f 20 65 6e	.that.SNMPv2.also.supports.no.en
c5160	63 72 79 70 74 69 6f 6e 20 61 6e 64 20 61 6c 77 61 79 73 20 73 65 6e 64 73 20 64 61 74 61 20 69	cryption.and.always.sends.data.i
c5180	6e 20 70 6c 61 69 6e 20 74 65 78 74 2e 00 53 4e 4d 50 76 32 20 69 73 20 74 68 65 20 6f 72 69 67	n.plain.text..SNMPv2.is.the.orig
c51a0	69 6e 61 6c 20 61 6e 64 20 6d 6f 73 74 20 63 6f 6d 6d 6f 6e 6c 79 20 75 73 65 64 20 76 65 72 73	inal.and.most.commonly.used.vers
c51c0	69 6f 6e 2e 20 46 6f 72 20 61 75 74 68 6f 72 69 7a 69 6e 67 20 63 6c 69 65 6e 74 73 2c 20 53 4e	ion..For.authorizing.clients,.SN
c51e0	4d 50 20 75 73 65 73 20 74 68 65 20 63 6f 6e 63 65 70 74 20 6f 66 20 63 6f 6d 6d 75 6e 69 74 69	MP.uses.the.concept.of.communiti
c5200	65 73 2e 20 43 6f 6d 6d 75 6e 69 74 69 65 73 20 6d 61 79 20 68 61 76 65 20 61 75 74 68 6f 72 69	es..Communities.may.have.authori
c5220	7a 61 74 69 6f 6e 20 73 65 74 20 74 6f 20 72 65 61 64 20 6f 6e 6c 79 20 28 74 68 69 73 20 69 73	zation.set.to.read.only.(this.is
c5240	20 6d 6f 73 74 20 63 6f 6d 6d 6f 6e 29 20 6f 72 20 74 6f 20 72 65 61 64 20 61 6e 64 20 77 72 69	.most.common).or.to.read.and.wri
c5260	74 65 20 28 74 68 69 73 20 6f 70 74 69 6f 6e 20 69 73 20 6e 6f 74 20 61 63 74 69 76 65 6c 79 20	te.(this.option.is.not.actively.
c5280	75 73 65 64 20 69 6e 20 56 79 4f 53 29 2e 00 53 4e 4d 50 76 33 00 53 4e 4d 50 76 33 20 28 76 65	used.in.VyOS)..SNMPv3.SNMPv3.(ve
c52a0	72 73 69 6f 6e 20 33 20 6f 66 20 74 68 65 20 53 4e 4d 50 20 70 72 6f 74 6f 63 6f 6c 29 20 69 6e	rsion.3.of.the.SNMP.protocol).in
c52c0	74 72 6f 64 75 63 65 64 20 61 20 77 68 6f 6c 65 20 73 6c 65 77 20 6f 66 20 6e 65 77 20 73 65 63	troduced.a.whole.slew.of.new.sec
c52e0	75 72 69 74 79 20 72 65 6c 61 74 65 64 20 66 65 61 74 75 72 65 73 20 74 68 61 74 20 68 61 76 65	urity.related.features.that.have
c5300	20 62 65 65 6e 20 6d 69 73 73 69 6e 67 20 66 72 6f 6d 20 74 68 65 20 70 72 65 76 69 6f 75 73 20	.been.missing.from.the.previous.
c5320	76 65 72 73 69 6f 6e 73 2e 20 53 65 63 75 72 69 74 79 20 77 61 73 20 6f 6e 65 20 6f 66 20 74 68	versions..Security.was.one.of.th
c5340	65 20 62 69 67 67 65 73 74 20 77 65 61 6b 6e 65 73 73 20 6f 66 20 53 4e 4d 50 20 75 6e 74 69 6c	e.biggest.weakness.of.SNMP.until
c5360	20 76 33 2e 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 69 6e 20 53 4e 4d 50 20 56 65 72 73	.v3..Authentication.in.SNMP.Vers
c5380	69 6f 6e 73 20 31 20 61 6e 64 20 32 20 61 6d 6f 75 6e 74 73 20 74 6f 20 6e 6f 74 68 69 6e 67 20	ions.1.and.2.amounts.to.nothing.
c53a0	6d 6f 72 65 20 74 68 61 6e 20 61 20 70 61 73 73 77 6f 72 64 20 28 63 6f 6d 6d 75 6e 69 74 79 20	more.than.a.password.(community.
c53c0	73 74 72 69 6e 67 29 20 73 65 6e 74 20 69 6e 20 63 6c 65 61 72 20 74 65 78 74 20 62 65 74 77 65	string).sent.in.clear.text.betwe
c53e0	65 6e 20 61 20 6d 61 6e 61 67 65 72 20 61 6e 64 20 61 67 65 6e 74 2e 20 45 61 63 68 20 53 4e 4d	en.a.manager.and.agent..Each.SNM
c5400	50 76 33 20 6d 65 73 73 61 67 65 20 63 6f 6e 74 61 69 6e 73 20 73 65 63 75 72 69 74 79 20 70 61	Pv3.message.contains.security.pa
c5420	72 61 6d 65 74 65 72 73 20 77 68 69 63 68 20 61 72 65 20 65 6e 63 6f 64 65 64 20 61 73 20 61 6e	rameters.which.are.encoded.as.an
c5440	20 6f 63 74 65 74 20 73 74 72 69 6e 67 2e 20 54 68 65 20 6d 65 61 6e 69 6e 67 20 6f 66 20 74 68	.octet.string..The.meaning.of.th
c5460	65 73 65 20 73 65 63 75 72 69 74 79 20 70 61 72 61 6d 65 74 65 72 73 20 64 65 70 65 6e 64 73 20	ese.security.parameters.depends.
c5480	6f 6e 20 74 68 65 20 73 65 63 75 72 69 74 79 20 6d 6f 64 65 6c 20 62 65 69 6e 67 20 75 73 65 64	on.the.security.model.being.used
c54a0	2e 00 53 50 41 4e 20 70 6f 72 74 20 6d 69 72 72 6f 72 69 6e 67 20 63 61 6e 20 63 6f 70 79 20 74	..SPAN.port.mirroring.can.copy.t
c54c0	68 65 20 69 6e 62 6f 75 6e 64 2f 6f 75 74 62 6f 75 6e 64 20 74 72 61 66 66 69 63 20 6f 66 20 74	he.inbound/outbound.traffic.of.t
c54e0	68 65 20 69 6e 74 65 72 66 61 63 65 20 74 6f 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 69 6e	he.interface.to.the.specified.in
c5500	74 65 72 66 61 63 65 2c 20 75 73 75 61 6c 6c 79 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 63	terface,.usually.the.interface.c
c5520	61 6e 20 62 65 20 63 6f 6e 6e 65 63 74 65 64 20 74 6f 20 73 6f 6d 65 20 73 70 65 63 69 61 6c 20	an.be.connected.to.some.special.
c5540	65 71 75 69 70 6d 65 6e 74 2c 20 73 75 63 68 20 61 73 20 62 65 68 61 76 69 6f 72 20 63 6f 6e 74	equipment,.such.as.behavior.cont
c5560	72 6f 6c 20 73 79 73 74 65 6d 2c 20 69 6e 74 72 75 73 69 6f 6e 20 64 65 74 65 63 74 69 6f 6e 20	rol.system,.intrusion.detection.
c5580	73 79 73 74 65 6d 20 61 6e 64 20 74 72 61 66 66 69 63 20 63 6f 6c 6c 65 63 74 6f 72 2c 20 61 6e	system.and.traffic.collector,.an
c55a0	64 20 63 61 6e 20 63 6f 70 79 20 61 6c 6c 20 72 65 6c 61 74 65 64 20 74 72 61 66 66 69 63 20 66	d.can.copy.all.related.traffic.f
c55c0	72 6f 6d 20 74 68 69 73 20 70 6f 72 74 2e 20 54 68 65 20 62 65 6e 65 66 69 74 20 6f 66 20 6d 69	rom.this.port..The.benefit.of.mi
c55e0	72 72 6f 72 69 6e 67 20 74 68 65 20 74 72 61 66 66 69 63 20 69 73 20 74 68 61 74 20 74 68 65 20	rroring.the.traffic.is.that.the.
c5600	61 70 70 6c 69 63 61 74 69 6f 6e 20 69 73 20 69 73 6f 6c 61 74 65 64 20 66 72 6f 6d 20 74 68 65	application.is.isolated.from.the
c5620	20 73 6f 75 72 63 65 20 74 72 61 66 66 69 63 20 61 6e 64 20 73 6f 20 61 70 70 6c 69 63 61 74 69	.source.traffic.and.so.applicati
c5640	6f 6e 20 70 72 6f 63 65 73 73 69 6e 67 20 64 6f 65 73 20 6e 6f 74 20 61 66 66 65 63 74 20 74 68	on.processing.does.not.affect.th
c5660	65 20 74 72 61 66 66 69 63 20 6f 72 20 74 68 65 20 73 79 73 74 65 6d 20 70 65 72 66 6f 72 6d 61	e.traffic.or.the.system.performa
c5680	6e 63 65 2e 00 53 53 48 00 53 53 48 20 3a 72 65 66 3a 60 73 73 68 5f 6b 65 79 5f 62 61 73 65 64	nce..SSH.SSH.:ref:`ssh_key_based
c56a0	5f 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 60 00 53 53 48 20 3a 72 65 66 3a 60 73 73 68 5f 6f	_authentication`.SSH.:ref:`ssh_o
c56c0	70 65 72 61 74 69 6f 6e 60 00 53 53 48 20 63 6c 69 65 6e 74 00 53 53 48 20 70 72 6f 76 69 64 65	peration`.SSH.client.SSH.provide
c56e0	73 20 61 20 73 65 63 75 72 65 20 63 68 61 6e 6e 65 6c 20 6f 76 65 72 20 61 6e 20 75 6e 73 65 63	s.a.secure.channel.over.an.unsec
c5700	75 72 65 64 20 6e 65 74 77 6f 72 6b 20 69 6e 20 61 20 63 6c 69 65 6e 74 2d 73 65 72 76 65 72 20	ured.network.in.a.client-server.
c5720	61 72 63 68 69 74 65 63 74 75 72 65 2c 20 63 6f 6e 6e 65 63 74 69 6e 67 20 61 6e 20 53 53 48 20	architecture,.connecting.an.SSH.
c5740	63 6c 69 65 6e 74 20 61 70 70 6c 69 63 61 74 69 6f 6e 20 77 69 74 68 20 61 6e 20 53 53 48 20 73	client.application.with.an.SSH.s
c5760	65 72 76 65 72 2e 20 43 6f 6d 6d 6f 6e 20 61 70 70 6c 69 63 61 74 69 6f 6e 73 20 69 6e 63 6c 75	erver..Common.applications.inclu
c5780	64 65 20 72 65 6d 6f 74 65 20 63 6f 6d 6d 61 6e 64 2d 6c 69 6e 65 20 6c 6f 67 69 6e 20 61 6e 64	de.remote.command-line.login.and
c57a0	20 72 65 6d 6f 74 65 20 63 6f 6d 6d 61 6e 64 20 65 78 65 63 75 74 69 6f 6e 2c 20 62 75 74 20 61	.remote.command.execution,.but.a
c57c0	6e 79 20 6e 65 74 77 6f 72 6b 20 73 65 72 76 69 63 65 20 63 61 6e 20 62 65 20 73 65 63 75 72 65	ny.network.service.can.be.secure
c57e0	64 20 77 69 74 68 20 53 53 48 2e 20 54 68 65 20 70 72 6f 74 6f 63 6f 6c 20 73 70 65 63 69 66 69	d.with.SSH..The.protocol.specifi
c5800	63 61 74 69 6f 6e 20 64 69 73 74 69 6e 67 75 69 73 68 65 73 20 62 65 74 77 65 65 6e 20 74 77 6f	cation.distinguishes.between.two
c5820	20 6d 61 6a 6f 72 20 76 65 72 73 69 6f 6e 73 2c 20 72 65 66 65 72 72 65 64 20 74 6f 20 61 73 20	.major.versions,.referred.to.as.
c5840	53 53 48 2d 31 20 61 6e 64 20 53 53 48 2d 32 2e 00 53 53 48 20 75 73 65 72 6e 61 6d 65 20 74 6f	SSH-1.and.SSH-2..SSH.username.to
c5860	20 65 73 74 61 62 6c 69 73 68 20 61 6e 20 53 53 48 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 74 6f 20	.establish.an.SSH.connection.to.
c5880	74 68 65 20 63 61 63 68 65 20 73 65 72 76 65 72 2e 00 53 53 48 20 77 61 73 20 64 65 73 69 67 6e	the.cache.server..SSH.was.design
c58a0	65 64 20 61 73 20 61 20 72 65 70 6c 61 63 65 6d 65 6e 74 20 66 6f 72 20 54 65 6c 6e 65 74 20 61	ed.as.a.replacement.for.Telnet.a
c58c0	6e 64 20 66 6f 72 20 75 6e 73 65 63 75 72 65 64 20 72 65 6d 6f 74 65 20 73 68 65 6c 6c 20 70 72	nd.for.unsecured.remote.shell.pr
c58e0	6f 74 6f 63 6f 6c 73 20 73 75 63 68 20 61 73 20 74 68 65 20 42 65 72 6b 65 6c 65 79 20 72 6c 6f	otocols.such.as.the.Berkeley.rlo
c5900	67 69 6e 2c 20 72 73 68 2c 20 61 6e 64 20 72 65 78 65 63 20 70 72 6f 74 6f 63 6f 6c 73 2e 20 54	gin,.rsh,.and.rexec.protocols..T
c5920	68 6f 73 65 20 70 72 6f 74 6f 63 6f 6c 73 20 73 65 6e 64 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2c	hose.protocols.send.information,
c5940	20 6e 6f 74 61 62 6c 79 20 70 61 73 73 77 6f 72 64 73 2c 20 69 6e 20 70 6c 61 69 6e 74 65 78 74	.notably.passwords,.in.plaintext
c5960	2c 20 72 65 6e 64 65 72 69 6e 67 20 74 68 65 6d 20 73 75 73 63 65 70 74 69 62 6c 65 20 74 6f 20	,.rendering.them.susceptible.to.
c5980	69 6e 74 65 72 63 65 70 74 69 6f 6e 20 61 6e 64 20 64 69 73 63 6c 6f 73 75 72 65 20 75 73 69 6e	interception.and.disclosure.usin
c59a0	67 20 70 61 63 6b 65 74 20 61 6e 61 6c 79 73 69 73 2e 20 54 68 65 20 65 6e 63 72 79 70 74 69 6f	g.packet.analysis..The.encryptio
c59c0	6e 20 75 73 65 64 20 62 79 20 53 53 48 20 69 73 20 69 6e 74 65 6e 64 65 64 20 74 6f 20 70 72 6f	n.used.by.SSH.is.intended.to.pro
c59e0	76 69 64 65 20 63 6f 6e 66 69 64 65 6e 74 69 61 6c 69 74 79 20 61 6e 64 20 69 6e 74 65 67 72 69	vide.confidentiality.and.integri
c5a00	74 79 20 6f 66 20 64 61 74 61 20 6f 76 65 72 20 61 6e 20 75 6e 73 65 63 75 72 65 64 20 6e 65 74	ty.of.data.over.an.unsecured.net
c5a20	77 6f 72 6b 2c 20 73 75 63 68 20 61 73 20 74 68 65 20 49 6e 74 65 72 6e 65 74 2e 00 53 53 49 44	work,.such.as.the.Internet..SSID
c5a40	20 74 6f 20 62 65 20 75 73 65 64 20 69 6e 20 49 45 45 45 20 38 30 32 2e 31 31 20 6d 61 6e 61 67	.to.be.used.in.IEEE.802.11.manag
c5a60	65 6d 65 6e 74 20 66 72 61 6d 65 73 00 53 53 4c 20 43 65 72 74 69 66 69 63 61 74 65 73 00 53 53	ement.frames.SSL.Certificates.SS
c5a80	4c 20 43 65 72 74 69 66 69 63 61 74 65 73 20 67 65 6e 65 72 61 74 69 6f 6e 00 53 53 4c 20 6d 61	L.Certificates.generation.SSL.ma
c5aa0	74 63 68 20 53 65 72 76 65 72 20 4e 61 6d 65 20 49 6e 64 69 63 61 74 69 6f 6e 20 28 53 4e 49 29	tch.Server.Name.Indication.(SNI)
c5ac0	20 6f 70 74 69 6f 6e 3a 00 53 53 54 50 20 43 6c 69 65 6e 74 00 53 53 54 50 20 43 6c 69 65 6e 74	.option:.SSTP.Client.SSTP.Client
c5ae0	20 4f 70 74 69 6f 6e 73 00 53 53 54 50 20 53 65 72 76 65 72 00 53 53 54 50 20 69 73 20 61 76 61	.Options.SSTP.Server.SSTP.is.ava
c5b00	69 6c 61 62 6c 65 20 66 6f 72 20 4c 69 6e 75 78 2c 20 42 53 44 2c 20 61 6e 64 20 57 69 6e 64 6f	ilable.for.Linux,.BSD,.and.Windo
c5b20	77 73 2e 00 53 53 54 50 20 72 65 6d 6f 74 65 20 73 65 72 76 65 72 20 74 6f 20 63 6f 6e 6e 65 63	ws..SSTP.remote.server.to.connec
c5b40	74 20 74 6f 2e 20 43 61 6e 20 62 65 20 65 69 74 68 65 72 20 61 6e 20 49 50 20 61 64 64 72 65 73	t.to..Can.be.either.an.IP.addres
c5b60	73 20 6f 72 20 46 51 44 4e 2e 00 53 54 50 20 50 61 72 61 6d 65 74 65 72 00 53 61 6c 74 2d 4d 69	s.or.FQDN..STP.Parameter.Salt-Mi
c5b80	6e 69 6f 6e 00 53 61 6c 74 53 74 61 63 6b 5f 20 69 73 20 50 79 74 68 6f 6e 2d 62 61 73 65 64 2c	nion.SaltStack_.is.Python-based,
c5ba0	20 6f 70 65 6e 2d 73 6f 75 72 63 65 20 73 6f 66 74 77 61 72 65 20 66 6f 72 20 65 76 65 6e 74 2d	.open-source.software.for.event-
c5bc0	64 72 69 76 65 6e 20 49 54 20 61 75 74 6f 6d 61 74 69 6f 6e 2c 20 72 65 6d 6f 74 65 20 74 61 73	driven.IT.automation,.remote.tas
c5be0	6b 20 65 78 65 63 75 74 69 6f 6e 2c 20 61 6e 64 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6d	k.execution,.and.configuration.m
c5c00	61 6e 61 67 65 6d 65 6e 74 2e 20 53 75 70 70 6f 72 74 69 6e 67 20 74 68 65 20 22 69 6e 66 72 61	anagement..Supporting.the."infra
c5c20	73 74 72 75 63 74 75 72 65 20 61 73 20 63 6f 64 65 22 20 61 70 70 72 6f 61 63 68 20 74 6f 20 64	structure.as.code".approach.to.d
c5c40	61 74 61 20 63 65 6e 74 65 72 20 73 79 73 74 65 6d 20 61 6e 64 20 6e 65 74 77 6f 72 6b 20 64 65	ata.center.system.and.network.de
c5c60	70 6c 6f 79 6d 65 6e 74 20 61 6e 64 20 6d 61 6e 61 67 65 6d 65 6e 74 2c 20 63 6f 6e 66 69 67 75	ployment.and.management,.configu
c5c80	72 61 74 69 6f 6e 20 61 75 74 6f 6d 61 74 69 6f 6e 2c 20 53 65 63 4f 70 73 20 6f 72 63 68 65 73	ration.automation,.SecOps.orches
c5ca0	74 72 61 74 69 6f 6e 2c 20 76 75 6c 6e 65 72 61 62 69 6c 69 74 79 20 72 65 6d 65 64 69 61 74 69	tration,.vulnerability.remediati
c5cc0	6f 6e 2c 20 61 6e 64 20 68 79 62 72 69 64 20 63 6c 6f 75 64 20 63 6f 6e 74 72 6f 6c 2e 00 53 61	on,.and.hybrid.cloud.control..Sa
c5ce0	6d 65 20 61 73 20 65 78 70 6f 72 74 2d 6c 69 73 74 2c 20 62 75 74 20 69 74 20 61 70 70 6c 69 65	me.as.export-list,.but.it.applie
c5d00	73 20 74 6f 20 70 61 74 68 73 20 61 6e 6e 6f 75 6e 63 65 64 20 69 6e 74 6f 20 73 70 65 63 69 66	s.to.paths.announced.into.specif
c5d20	69 65 64 20 61 72 65 61 20 61 73 20 54 79 70 65 2d 33 20 73 75 6d 6d 61 72 79 2d 4c 53 41 73 2e	ied.area.as.Type-3.summary-LSAs.
c5d40	20 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 6d 61 6b 65 73 20 73 65 6e 73 65 20 69 6e 20 41 42 52	.This.command.makes.sense.in.ABR
c5d60	20 6f 6e 6c 79 2e 00 53 61 6d 70 6c 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 66 20 53	.only..Sample.configuration.of.S
c5d80	56 44 20 77 69 74 68 20 56 4c 41 4e 20 74 6f 20 56 4e 49 20 6d 61 70 70 69 6e 67 73 20 69 73 20	VD.with.VLAN.to.VNI.mappings.is.
c5da0	73 68 6f 77 6e 20 62 65 6c 6f 77 2e 00 53 61 6d 70 6c 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f	shown.below..Sample.configuratio
c5dc0	6e 20 74 6f 20 73 65 74 75 70 20 4c 44 50 20 6f 6e 20 56 79 4f 53 00 53 63 61 6e 6e 69 6e 67 20	n.to.setup.LDP.on.VyOS.Scanning.
c5de0	69 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 20 6f 6e 20 61 6c 6c 20 77 69 72 65 6c 65 73 73	is.not.supported.on.all.wireless
c5e00	20 64 72 69 76 65 72 73 20 61 6e 64 20 77 69 72 65 6c 65 73 73 20 68 61 72 64 77 61 72 65 2e 20	.drivers.and.wireless.hardware..
c5e20	52 65 66 65 72 20 74 6f 20 79 6f 75 72 20 64 72 69 76 65 72 20 61 6e 64 20 77 69 72 65 6c 65 73	Refer.to.your.driver.and.wireles
c5e40	73 20 68 61 72 64 77 61 72 65 20 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 20 66 6f 72 20 66 75 72	s.hardware.documentation.for.fur
c5e60	74 68 65 72 20 64 65 74 61 69 6c 73 2e 00 53 63 72 69 70 74 20 65 78 65 63 75 74 69 6f 6e 00 53	ther.details..Script.execution.S
c5e80	63 72 69 70 74 69 6e 67 00 53 65 63 6f 6e 64 20 73 63 65 6e 61 72 69 6f 3a 20 61 70 70 6c 79 20	cripting.Second.scenario:.apply.
c5ea0	73 6f 75 72 63 65 20 4e 41 54 20 66 6f 72 20 61 6c 6c 20 6f 75 74 67 6f 69 6e 67 20 63 6f 6e 6e	source.NAT.for.all.outgoing.conn
c5ec0	65 63 74 69 6f 6e 73 20 66 72 6f 6d 20 4c 41 4e 20 31 30 2e 30 2e 30 2e 30 2f 38 2c 20 75 73 69	ections.from.LAN.10.0.0.0/8,.usi
c5ee0	6e 67 20 33 20 70 75 62 6c 69 63 20 61 64 64 72 65 73 73 65 73 20 61 6e 64 20 65 71 75 61 6c 20	ng.3.public.addresses.and.equal.
c5f00	64 69 73 74 72 69 62 75 74 69 6f 6e 2e 20 57 65 20 77 69 6c 6c 20 67 65 6e 65 72 61 74 65 20 74	distribution..We.will.generate.t
c5f20	68 65 20 68 61 73 68 20 72 61 6e 64 6f 6d 6c 79 2e 00 53 65 63 72 65 74 20 66 6f 72 20 44 79 6e	he.hash.randomly..Secret.for.Dyn
c5f40	61 6d 69 63 20 41 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 45 78 74 65 6e 73 69 6f 6e 20 73 65 72	amic.Authorization.Extension.ser
c5f60	76 65 72 20 28 44 4d 2f 43 6f 41 29 00 53 65 63 75 72 69 74 79 00 53 65 63 75 72 69 74 79 2f 61	ver.(DM/CoA).Security.Security/a
c5f80	75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 6d 65 73 73 61 67 65 73 00 53 65 65 20 62 65 6c 6f 77	uthentication.messages.See.below
c5fa0	20 74 68 65 20 64 69 66 66 65 72 65 6e 74 20 70 61 72 61 6d 65 74 65 72 73 20 61 76 61 69 6c 61	.the.different.parameters.availa
c5fc0	62 6c 65 20 66 6f 72 20 74 68 65 20 49 50 76 34 20 2a 2a 73 68 6f 77 2a 2a 20 63 6f 6d 6d 61 6e	ble.for.the.IPv4.**show**.comman
c5fe0	64 3a 00 53 65 67 6d 65 6e 74 20 52 6f 75 74 69 6e 67 00 53 65 67 6d 65 6e 74 20 52 6f 75 74 69	d:.Segment.Routing.Segment.Routi
c6000	6e 67 20 28 53 52 29 20 69 73 20 61 20 6e 65 74 77 6f 72 6b 20 61 72 63 68 69 74 65 63 74 75 72	ng.(SR).is.a.network.architectur
c6020	65 20 74 68 61 74 20 69 73 20 73 69 6d 69 6c 61 72 20 74 6f 20 73 6f 75 72 63 65 2d 72 6f 75 74	e.that.is.similar.to.source-rout
c6040	69 6e 67 20 2e 20 49 6e 20 74 68 69 73 20 61 72 63 68 69 74 65 63 74 75 72 65 2c 20 74 68 65 20	ing...In.this.architecture,.the.
c6060	69 6e 67 72 65 73 73 20 72 6f 75 74 65 72 20 61 64 64 73 20 61 20 6c 69 73 74 20 6f 66 20 73 65	ingress.router.adds.a.list.of.se
c6080	67 6d 65 6e 74 73 2c 20 6b 6e 6f 77 6e 20 61 73 20 53 49 44 73 2c 20 74 6f 20 74 68 65 20 70 61	gments,.known.as.SIDs,.to.the.pa
c60a0	63 6b 65 74 20 61 73 20 69 74 20 65 6e 74 65 72 73 20 74 68 65 20 6e 65 74 77 6f 72 6b 2e 20 54	cket.as.it.enters.the.network..T
c60c0	68 65 73 65 20 73 65 67 6d 65 6e 74 73 20 72 65 70 72 65 73 65 6e 74 20 64 69 66 66 65 72 65 6e	hese.segments.represent.differen
c60e0	74 20 70 6f 72 74 69 6f 6e 73 20 6f 66 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 61 74 68 20 74	t.portions.of.the.network.path.t
c6100	68 61 74 20 74 68 65 20 70 61 63 6b 65 74 20 77 69 6c 6c 20 74 61 6b 65 2e 00 53 65 67 6d 65 6e	hat.the.packet.will.take..Segmen
c6120	74 20 52 6f 75 74 69 6e 67 20 63 61 6e 20 62 65 20 61 70 70 6c 69 65 64 20 74 6f 20 61 6e 20 65	t.Routing.can.be.applied.to.an.e
c6140	78 69 73 74 69 6e 67 20 4d 50 4c 53 2d 62 61 73 65 64 20 64 61 74 61 20 70 6c 61 6e 65 20 61 6e	xisting.MPLS-based.data.plane.an
c6160	64 20 64 65 66 69 6e 65 73 20 61 20 63 6f 6e 74 72 6f 6c 20 70 6c 61 6e 65 20 6e 65 74 77 6f 72	d.defines.a.control.plane.networ
c6180	6b 20 61 72 63 68 69 74 65 63 74 75 72 65 2e 20 49 6e 20 4d 50 4c 53 20 6e 65 74 77 6f 72 6b 73	k.architecture..In.MPLS.networks
c61a0	2c 20 73 65 67 6d 65 6e 74 73 20 61 72 65 20 65 6e 63 6f 64 65 64 20 61 73 20 4d 50 4c 53 20 6c	,.segments.are.encoded.as.MPLS.l
c61c0	61 62 65 6c 73 20 61 6e 64 20 61 72 65 20 61 64 64 65 64 20 61 74 20 74 68 65 20 69 6e 67 72 65	abels.and.are.added.at.the.ingre
c61e0	73 73 20 72 6f 75 74 65 72 2e 20 54 68 65 73 65 20 4d 50 4c 53 20 6c 61 62 65 6c 73 20 61 72 65	ss.router..These.MPLS.labels.are
c6200	20 74 68 65 6e 20 65 78 63 68 61 6e 67 65 64 20 61 6e 64 20 70 6f 70 75 6c 61 74 65 64 20 62 79	.then.exchanged.and.populated.by
c6220	20 49 6e 74 65 72 69 6f 72 20 47 61 74 65 77 61 79 20 50 72 6f 74 6f 63 6f 6c 73 20 28 49 47 50	.Interior.Gateway.Protocols.(IGP
c6240	73 29 20 6c 69 6b 65 20 49 53 2d 49 53 20 6f 72 20 4f 53 50 46 20 77 68 69 63 68 20 61 72 65 20	s).like.IS-IS.or.OSPF.which.are.
c6260	72 75 6e 6e 69 6e 67 20 6f 6e 20 6d 6f 73 74 20 49 53 50 73 2e 00 53 65 67 6d 65 6e 74 20 72 6f	running.on.most.ISPs..Segment.ro
c6280	75 74 69 6e 67 20 28 53 52 29 20 69 73 20 75 73 65 64 20 62 79 20 74 68 65 20 49 47 50 20 70 72	uting.(SR).is.used.by.the.IGP.pr
c62a0	6f 74 6f 63 6f 6c 73 20 74 6f 20 69 6e 74 65 72 63 6f 6e 6e 65 63 74 20 6e 65 74 77 6f 72 6b 20	otocols.to.interconnect.network.
c62c0	64 65 76 69 63 65 73 2c 20 62 65 6c 6f 77 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 73 68 6f	devices,.below.configuration.sho
c62e0	77 73 20 68 6f 77 20 74 6f 20 65 6e 61 62 6c 65 20 53 52 20 6f 6e 20 49 53 2d 49 53 3a 00 53 65	ws.how.to.enable.SR.on.IS-IS:.Se
c6300	67 6d 65 6e 74 20 72 6f 75 74 69 6e 67 20 28 53 52 29 20 69 73 20 75 73 65 64 20 62 79 20 74 68	gment.routing.(SR).is.used.by.th
c6320	65 20 49 47 50 20 70 72 6f 74 6f 63 6f 6c 73 20 74 6f 20 69 6e 74 65 72 63 6f 6e 6e 65 63 74 20	e.IGP.protocols.to.interconnect.
c6340	6e 65 74 77 6f 72 6b 20 64 65 76 69 63 65 73 2c 20 62 65 6c 6f 77 20 63 6f 6e 66 69 67 75 72 61	network.devices,.below.configura
c6360	74 69 6f 6e 20 73 68 6f 77 73 20 68 6f 77 20 74 6f 20 65 6e 61 62 6c 65 20 53 52 20 6f 6e 20 4f	tion.shows.how.to.enable.SR.on.O
c6380	53 50 46 3a 00 53 65 67 6d 65 6e 74 20 72 6f 75 74 69 6e 67 20 64 65 66 69 6e 65 73 20 61 20 63	SPF:.Segment.routing.defines.a.c
c63a0	6f 6e 74 72 6f 6c 20 70 6c 61 6e 65 20 6e 65 74 77 6f 72 6b 20 61 72 63 68 69 74 65 63 74 75 72	ontrol.plane.network.architectur
c63c0	65 20 61 6e 64 20 63 61 6e 20 62 65 20 61 70 70 6c 69 65 64 20 74 6f 20 61 6e 20 65 78 69 73 74	e.and.can.be.applied.to.an.exist
c63e0	69 6e 67 20 4d 50 4c 53 20 62 61 73 65 64 20 64 61 74 61 70 6c 61 6e 65 2e 20 49 6e 20 74 68 65	ing.MPLS.based.dataplane..In.the
c6400	20 4d 50 4c 53 20 6e 65 74 77 6f 72 6b 73 2c 20 73 65 67 6d 65 6e 74 73 20 61 72 65 20 65 6e 63	.MPLS.networks,.segments.are.enc
c6420	6f 64 65 64 20 61 73 20 4d 50 4c 53 20 6c 61 62 65 6c 73 20 61 6e 64 20 61 72 65 20 69 6d 70 6f	oded.as.MPLS.labels.and.are.impo
c6440	73 65 64 20 61 74 20 74 68 65 20 69 6e 67 72 65 73 73 20 72 6f 75 74 65 72 2e 20 4d 50 4c 53 20	sed.at.the.ingress.router..MPLS.
c6460	6c 61 62 65 6c 73 20 61 72 65 20 65 78 63 68 61 6e 67 65 64 20 61 6e 64 20 70 6f 70 75 6c 61 74	labels.are.exchanged.and.populat
c6480	65 64 20 62 79 20 49 47 50 73 20 6c 69 6b 65 20 49 53 2d 49 53 2e 53 65 67 6d 65 6e 74 20 52 6f	ed.by.IGPs.like.IS-IS.Segment.Ro
c64a0	75 74 69 6e 67 20 61 73 20 70 65 72 20 52 46 43 38 36 36 37 20 66 6f 72 20 4d 50 4c 53 20 64 61	uting.as.per.RFC8667.for.MPLS.da
c64c0	74 61 70 6c 61 6e 65 2e 20 49 74 20 73 75 70 70 6f 72 74 73 20 49 50 76 34 2c 20 49 50 76 36 20	taplane..It.supports.IPv4,.IPv6.
c64e0	61 6e 64 20 45 43 4d 50 20 61 6e 64 20 68 61 73 20 62 65 65 6e 20 74 65 73 74 65 64 20 61 67 61	and.ECMP.and.has.been.tested.aga
c6500	69 6e 73 74 20 43 69 73 63 6f 20 26 20 4a 75 6e 69 70 65 72 20 72 6f 75 74 65 72 73 2e 68 6f 77	inst.Cisco.&.Juniper.routers.how
c6520	65 76 65 72 2c 74 68 69 73 20 64 65 70 6c 6f 79 6d 65 6e 74 20 69 73 20 73 74 69 6c 6c 20 45 58	ever,this.deployment.is.still.EX
c6540	50 45 52 49 4d 45 4e 54 41 4c 20 66 6f 72 20 46 52 52 2e 00 53 65 6c 65 63 74 20 63 69 70 68 65	PERIMENTAL.for.FRR..Select.ciphe
c6560	72 20 73 75 69 74 65 20 75 73 65 64 20 66 6f 72 20 63 72 79 70 74 6f 67 72 61 70 68 69 63 20 6f	r.suite.used.for.cryptographic.o
c6580	70 65 72 61 74 69 6f 6e 73 2e 20 54 68 69 73 20 73 65 74 74 69 6e 67 20 69 73 20 6d 61 6e 64 61	perations..This.setting.is.manda
c65a0	74 6f 72 79 2e 00 53 65 6c 65 63 74 20 68 6f 77 20 6c 61 62 65 6c 73 20 61 72 65 20 61 6c 6c 6f	tory..Select.how.labels.are.allo
c65c0	63 61 74 65 64 20 69 6e 20 74 68 65 20 67 69 76 65 6e 20 56 52 46 2e 20 42 79 20 64 65 66 61 75	cated.in.the.given.VRF..By.defau
c65e0	6c 74 2c 20 74 68 65 20 70 65 72 2d 76 72 66 20 6d 6f 64 65 20 69 73 20 73 65 6c 65 63 74 65 64	lt,.the.per-vrf.mode.is.selected
c6600	2c 20 61 6e 64 20 6f 6e 65 20 6c 61 62 65 6c 20 69 73 20 75 73 65 64 20 66 6f 72 20 61 6c 6c 20	,.and.one.label.is.used.for.all.
c6620	70 72 65 66 69 78 65 73 20 66 72 6f 6d 20 74 68 65 20 56 52 46 2e 20 54 68 65 20 70 65 72 2d 6e	prefixes.from.the.VRF..The.per-n
c6640	65 78 74 68 6f 70 20 77 69 6c 6c 20 75 73 65 20 61 20 75 6e 69 71 75 65 20 6c 61 62 65 6c 20 66	exthop.will.use.a.unique.label.f
c6660	6f 72 20 61 6c 6c 20 70 72 65 66 69 78 65 73 20 74 68 61 74 20 61 72 65 20 72 65 61 63 68 61 62	or.all.prefixes.that.are.reachab
c6680	6c 65 20 76 69 61 20 74 68 65 20 73 61 6d 65 20 6e 65 78 74 68 6f 70 2e 00 53 65 6c 66 20 53 69	le.via.the.same.nexthop..Self.Si
c66a0	67 6e 65 64 20 43 41 00 53 65 6e 64 20 61 20 50 72 6f 78 79 20 50 72 6f 74 6f 63 6f 6c 20 76 65	gned.CA.Send.a.Proxy.Protocol.ve
c66c0	72 73 69 6f 6e 20 31 20 68 65 61 64 65 72 20 28 74 65 78 74 20 66 6f 72 6d 61 74 29 00 53 65 6e	rsion.1.header.(text.format).Sen
c66e0	64 20 61 20 50 72 6f 78 79 20 50 72 6f 74 6f 63 6f 6c 20 76 65 72 73 69 6f 6e 20 32 20 68 65 61	d.a.Proxy.Protocol.version.2.hea
c6700	64 65 72 20 28 62 69 6e 61 72 79 20 66 6f 72 6d 61 74 29 00 53 65 6e 64 20 61 6c 6c 20 44 4e 53	der.(binary.format).Send.all.DNS
c6720	20 71 75 65 72 69 65 73 20 74 6f 20 74 68 65 20 49 50 76 34 2f 49 50 76 36 20 44 4e 53 20 73 65	.queries.to.the.IPv4/IPv6.DNS.se
c6740	72 76 65 72 20 73 70 65 63 69 66 69 65 64 20 75 6e 64 65 72 20 60 3c 61 64 64 72 65 73 73 3e 60	rver.specified.under.`<address>`
c6760	20 6f 6e 20 6f 70 74 69 6f 6e 61 6c 20 70 6f 72 74 20 73 70 65 63 69 66 69 65 64 20 75 6e 64 65	.on.optional.port.specified.unde
c6780	72 20 60 3c 70 6f 72 74 3e 60 2e 20 54 68 65 20 70 6f 72 74 20 64 65 66 61 75 6c 74 73 20 74 6f	r.`<port>`..The.port.defaults.to
c67a0	20 35 33 2e 20 59 6f 75 20 63 61 6e 20 63 6f 6e 66 69 67 75 72 65 20 6d 75 6c 74 69 70 6c 65 20	.53..You.can.configure.multiple.
c67c0	6e 61 6d 65 73 65 72 76 65 72 73 20 68 65 72 65 2e 00 53 65 6e 64 20 65 6d 70 74 79 20 53 53 49	nameservers.here..Send.empty.SSI
c67e0	44 20 69 6e 20 62 65 61 63 6f 6e 73 20 61 6e 64 20 69 67 6e 6f 72 65 20 70 72 6f 62 65 20 72 65	D.in.beacons.and.ignore.probe.re
c6800	71 75 65 73 74 20 66 72 61 6d 65 73 20 74 68 61 74 20 64 6f 20 6e 6f 74 20 73 70 65 63 69 66 79	quest.frames.that.do.not.specify
c6820	20 66 75 6c 6c 20 53 53 49 44 2c 20 69 2e 65 2e 2c 20 72 65 71 75 69 72 65 20 73 74 61 74 69 6f	.full.SSID,.i.e.,.require.statio
c6840	6e 73 20 74 6f 20 6b 6e 6f 77 20 53 53 49 44 2e 00 53 65 72 69 61 6c 20 43 6f 6e 73 6f 6c 65 00	ns.to.know.SSID..Serial.Console.
c6860	53 65 72 69 61 6c 20 69 6e 74 65 72 66 61 63 65 73 20 63 61 6e 20 62 65 20 61 6e 79 20 69 6e 74	Serial.interfaces.can.be.any.int
c6880	65 72 66 61 63 65 20 77 68 69 63 68 20 69 73 20 64 69 72 65 63 74 6c 79 20 63 6f 6e 6e 65 63 74	erface.which.is.directly.connect
c68a0	65 64 20 74 6f 20 74 68 65 20 43 50 55 20 6f 72 20 63 68 69 70 73 65 74 20 28 6d 6f 73 74 6c 79	ed.to.the.CPU.or.chipset.(mostly
c68c0	20 6b 6e 6f 77 6e 20 61 73 20 61 20 74 74 79 53 20 69 6e 74 65 72 66 61 63 65 20 69 6e 20 4c 69	.known.as.a.ttyS.interface.in.Li
c68e0	6e 75 78 29 20 6f 72 20 61 6e 79 20 6f 74 68 65 72 20 55 53 42 20 74 6f 20 73 65 72 69 61 6c 20	nux).or.any.other.USB.to.serial.
c6900	63 6f 6e 76 65 72 74 65 72 20 28 50 72 6f 6c 69 66 69 63 20 50 4c 32 33 30 33 20 6f 72 20 46 54	converter.(Prolific.PL2303.or.FT
c6920	44 49 20 46 54 32 33 32 2f 46 54 34 32 33 32 20 62 61 73 65 64 20 63 68 69 70 73 29 2e 00 53 65	DI.FT232/FT4232.based.chips)..Se
c6940	72 76 65 72 00 53 65 72 76 65 72 20 43 65 72 74 69 66 69 63 61 74 65 00 53 65 72 76 65 72 20 43	rver.Server.Certificate.Server.C
c6960	6f 6e 66 69 67 75 72 61 74 69 6f 6e 00 53 65 72 76 65 72 20 53 69 64 65 00 53 65 72 76 65 72 20	onfiguration.Server.Side.Server.
c6980	63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 00 53 65 72 76 65 72 20 6e 61 6d 65 73 20 66 6f 72 20 76	configuration.Server.names.for.v
c69a0	69 72 74 75 61 6c 20 68 6f 73 74 73 20 69 74 20 63 61 6e 20 62 65 20 65 78 61 63 74 2c 20 77 69	irtual.hosts.it.can.be.exact,.wi
c69c0	6c 64 63 61 72 64 20 6f 72 20 72 65 67 65 78 2e 00 53 65 72 76 65 72 3a 00 53 65 72 76 69 63 65	ldcard.or.regex..Server:.Service
c69e0	00 53 65 72 76 69 63 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 69 73 20 72 65 73 70 6f 6e	.Service.configuration.is.respon
c6a00	73 69 62 6c 65 20 66 6f 72 20 62 69 6e 64 69 6e 67 20 74 6f 20 61 20 73 70 65 63 69 66 69 63 20	sible.for.binding.to.a.specific.
c6a20	70 6f 72 74 2c 20 77 68 69 6c 65 20 74 68 65 20 62 61 63 6b 65 6e 64 20 63 6f 6e 66 69 67 75 72	port,.while.the.backend.configur
c6a40	61 74 69 6f 6e 20 64 65 74 65 72 6d 69 6e 65 73 20 74 68 65 20 74 79 70 65 20 6f 66 20 6c 6f 61	ation.determines.the.type.of.loa
c6a60	64 20 62 61 6c 61 6e 63 69 6e 67 20 74 6f 20 62 65 20 61 70 70 6c 69 65 64 20 61 6e 64 20 73 70	d.balancing.to.be.applied.and.sp
c6a80	65 63 69 66 69 65 73 20 74 68 65 20 72 65 61 6c 20 73 65 72 76 65 72 73 20 74 6f 20 62 65 20 75	ecifies.the.real.servers.to.be.u
c6aa0	74 69 6c 69 7a 65 64 2e 00 53 65 74 20 42 46 44 20 70 65 65 72 20 49 50 76 34 20 61 64 64 72 65	tilized..Set.BFD.peer.IPv4.addre
c6ac0	73 73 20 6f 72 20 49 50 76 36 20 61 64 64 72 65 73 73 00 53 65 74 20 42 47 50 20 63 6f 6d 6d 75	ss.or.IPv6.address.Set.BGP.commu
c6ae0	6e 69 74 79 2d 6c 69 73 74 20 74 6f 20 65 78 61 63 74 6c 79 20 6d 61 74 63 68 2e 00 53 65 74 20	nity-list.to.exactly.match..Set.
c6b00	42 47 50 20 6c 6f 63 61 6c 20 70 72 65 66 65 72 65 6e 63 65 20 61 74 74 72 69 62 75 74 65 2e 00	BGP.local.preference.attribute..
c6b20	53 65 74 20 42 47 50 20 6f 72 69 67 69 6e 20 63 6f 64 65 2e 00 53 65 74 20 42 47 50 20 6f 72 69	Set.BGP.origin.code..Set.BGP.ori
c6b40	67 69 6e 61 74 6f 72 20 49 44 20 61 74 74 72 69 62 75 74 65 2e 00 53 65 74 20 42 47 50 20 77 65	ginator.ID.attribute..Set.BGP.we
c6b60	69 67 68 74 20 61 74 74 72 69 62 75 74 65 00 53 65 74 20 44 4e 41 54 20 72 75 6c 65 20 32 30 20	ight.attribute.Set.DNAT.rule.20.
c6b80	74 6f 20 6f 6e 6c 79 20 4e 41 54 20 55 44 50 20 70 61 63 6b 65 74 73 00 53 65 74 20 49 50 20 66	to.only.NAT.UDP.packets.Set.IP.f
c6ba0	72 61 67 6d 65 6e 74 20 6d 61 74 63 68 2c 20 77 68 65 72 65 3a 00 53 65 74 20 49 50 53 65 63 20	ragment.match,.where:.Set.IPSec.
c6bc0	69 6e 62 6f 75 6e 64 20 6d 61 74 63 68 20 63 72 69 74 65 72 69 61 73 2c 20 77 68 65 72 65 3a 00	inbound.match.criterias,.where:.
c6be0	53 65 74 20 4f 53 50 46 20 65 78 74 65 72 6e 61 6c 20 6d 65 74 72 69 63 2d 74 79 70 65 2e 00 53	Set.OSPF.external.metric-type..S
c6c00	65 74 20 53 4e 41 54 20 72 75 6c 65 20 32 30 20 74 6f 20 6f 6e 6c 79 20 4e 41 54 20 54 43 50 20	et.SNAT.rule.20.to.only.NAT.TCP.
c6c20	61 6e 64 20 55 44 50 20 70 61 63 6b 65 74 73 00 53 65 74 20 53 4e 41 54 20 72 75 6c 65 20 32 30	and.UDP.packets.Set.SNAT.rule.20
c6c40	20 74 6f 20 6f 6e 6c 79 20 4e 41 54 20 70 61 63 6b 65 74 73 20 61 72 72 69 76 69 6e 67 20 66 72	.to.only.NAT.packets.arriving.fr
c6c60	6f 6d 20 74 68 65 20 31 39 32 2e 30 2e 32 2e 30 2f 32 34 20 6e 65 74 77 6f 72 6b 00 53 65 74 20	om.the.192.0.2.0/24.network.Set.
c6c80	53 4e 41 54 20 72 75 6c 65 20 33 30 20 74 6f 20 6f 6e 6c 79 20 4e 41 54 20 70 61 63 6b 65 74 73	SNAT.rule.30.to.only.NAT.packets
c6ca0	20 61 72 72 69 76 69 6e 67 20 66 72 6f 6d 20 74 68 65 20 32 30 33 2e 30 2e 31 31 33 2e 30 2f 32	.arriving.from.the.203.0.113.0/2
c6cc0	34 20 6e 65 74 77 6f 72 6b 20 77 69 74 68 20 61 20 73 6f 75 72 63 65 20 70 6f 72 74 20 6f 66 20	4.network.with.a.source.port.of.
c6ce0	38 30 20 61 6e 64 20 34 34 33 00 53 65 74 20 53 53 4c 20 63 65 72 74 65 66 69 63 61 74 65 20 3c	80.and.443.Set.SSL.certeficate.<
c6d00	6e 61 6d 65 3e 20 66 6f 72 20 73 65 72 76 69 63 65 20 3c 6e 61 6d 65 3e 00 53 65 74 20 54 54 4c	name>.for.service.<name>.Set.TTL
c6d20	20 74 6f 20 33 30 30 20 73 65 63 6f 6e 64 73 00 53 65 74 20 56 69 72 74 75 61 6c 20 54 75 6e 6e	.to.300.seconds.Set.Virtual.Tunn
c6d40	65 6c 20 49 6e 74 65 72 66 61 63 65 00 53 65 74 20 61 20 63 6f 6e 74 61 69 6e 65 72 20 64 65 73	el.Interface.Set.a.container.des
c6d60	63 72 69 70 74 69 6f 6e 00 53 65 74 20 61 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 61 6e 64 2f 6f	cription.Set.a.destination.and/o
c6d80	72 20 73 6f 75 72 63 65 20 70 6f 72 74 2e 20 41 63 63 65 70 74 65 64 20 69 6e 70 75 74 3a 00 53	r.source.port..Accepted.input:.S
c6da0	65 74 20 61 20 68 75 6d 61 6e 20 72 65 61 64 61 62 6c 65 2c 20 64 65 73 63 72 69 70 74 69 76 65	et.a.human.readable,.descriptive
c6dc0	20 61 6c 69 61 73 20 66 6f 72 20 74 68 69 73 20 63 6f 6e 6e 65 63 74 69 6f 6e 2e 20 41 6c 69 61	.alias.for.this.connection..Alia
c6de0	73 20 69 73 20 75 73 65 64 20 62 79 20 65 2e 67 2e 20 74 68 65 20 3a 6f 70 63 6d 64 3a 60 73 68	s.is.used.by.e.g..the.:opcmd:`sh
c6e00	6f 77 20 69 6e 74 65 72 66 61 63 65 73 60 20 63 6f 6d 6d 61 6e 64 20 6f 72 20 53 4e 4d 50 20 62	ow.interfaces`.command.or.SNMP.b
c6e20	61 73 65 64 20 6d 6f 6e 69 74 6f 72 69 6e 67 20 74 6f 6f 6c 73 2e 00 53 65 74 20 61 20 6c 69 6d	ased.monitoring.tools..Set.a.lim
c6e40	69 74 20 6f 6e 20 74 68 65 20 6d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 63 6f 6e 63	it.on.the.maximum.number.of.conc
c6e60	75 72 72 65 6e 74 20 6c 6f 67 67 65 64 2d 69 6e 20 75 73 65 72 73 20 6f 6e 20 74 68 65 20 73 79	urrent.logged-in.users.on.the.sy
c6e80	73 74 65 6d 2e 00 53 65 74 20 61 20 6d 65 61 6e 69 6e 67 66 75 6c 20 64 65 73 63 72 69 70 74 69	stem..Set.a.meaningful.descripti
c6ea0	6f 6e 2e 00 53 65 74 20 61 20 6e 61 6d 65 64 20 61 70 69 20 6b 65 79 2e 20 45 76 65 72 79 20 6b	on..Set.a.named.api.key..Every.k
c6ec0	65 79 20 68 61 73 20 74 68 65 20 73 61 6d 65 2c 20 66 75 6c 6c 20 70 65 72 6d 69 73 73 69 6f 6e	ey.has.the.same,.full.permission
c6ee0	73 20 6f 6e 20 74 68 65 20 73 79 73 74 65 6d 2e 00 53 65 74 20 61 20 72 75 6c 65 20 64 65 73 63	s.on.the.system..Set.a.rule.desc
c6f00	72 69 70 74 69 6f 6e 2e 00 53 65 74 20 61 20 73 70 65 63 69 66 69 63 20 63 6f 6e 6e 65 63 74 69	ription..Set.a.specific.connecti
c6f20	6f 6e 20 6d 61 72 6b 2e 00 53 65 74 20 61 20 73 70 65 63 69 66 69 63 20 70 61 63 6b 65 74 20 6d	on.mark..Set.a.specific.packet.m
c6f40	61 72 6b 2e 00 53 65 74 20 61 63 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 72 6f 75 74 65 2d 6d 61	ark..Set.action.for.the.route-ma
c6f60	70 20 70 6f 6c 69 63 79 2e 00 53 65 74 20 61 63 74 69 6f 6e 20 74 6f 20 74 61 6b 65 20 6f 6e 20	p.policy..Set.action.to.take.on.
c6f80	65 6e 74 72 69 65 73 20 6d 61 74 63 68 69 6e 67 20 74 68 69 73 20 72 75 6c 65 2e 00 53 65 74 20	entries.matching.this.rule..Set.
c6fa0	61 6e 20 41 50 49 2d 4b 45 59 20 69 73 20 74 68 65 20 6d 69 6e 69 6d 61 6c 20 63 6f 6e 66 69 67	an.API-KEY.is.the.minimal.config
c6fc0	75 72 61 74 69 6f 6e 20 74 6f 20 67 65 74 20 61 20 77 6f 72 6b 69 6e 67 20 41 50 49 20 45 6e 64	uration.to.get.a.working.API.End
c6fe0	70 6f 69 6e 74 2e 00 53 65 74 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 62 61 63 6b 65 6e	point..Set.authentication.backen
c7000	64 2e 20 54 68 65 20 63 6f 6e 66 69 67 75 72 65 64 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e	d..The.configured.authentication
c7020	20 62 61 63 6b 65 6e 64 20 69 73 20 75 73 65 64 20 66 6f 72 20 61 6c 6c 20 71 75 65 72 69 65 73	.backend.is.used.for.all.queries
c7040	2e 00 53 65 74 20 63 6f 6e 74 61 69 6e 65 72 20 63 61 70 61 62 69 6c 69 74 69 65 73 20 6f 72 20	..Set.container.capabilities.or.
c7060	70 65 72 6d 69 73 73 69 6f 6e 73 2e 00 53 65 74 20 64 65 6c 61 79 20 62 65 74 77 65 65 6e 20 67	permissions..Set.delay.between.g
c7080	72 61 74 75 69 74 6f 75 73 20 41 52 50 20 6d 65 73 73 61 67 65 73 20 73 65 6e 74 20 6f 6e 20 61	ratuitous.ARP.messages.sent.on.a
c70a0	6e 20 69 6e 74 65 72 66 61 63 65 2e 00 53 65 74 20 64 65 6c 61 79 20 66 6f 72 20 73 65 63 6f 6e	n.interface..Set.delay.for.secon
c70c0	64 20 73 65 74 20 6f 66 20 67 72 61 74 75 69 74 6f 75 73 20 41 52 50 73 20 61 66 74 65 72 20 74	d.set.of.gratuitous.ARPs.after.t
c70e0	72 61 6e 73 69 74 69 6f 6e 20 74 6f 20 4d 41 53 54 45 52 2e 00 53 65 74 20 64 65 73 63 72 69 70	ransition.to.MASTER..Set.descrip
c7100	74 69 6f 6e 20 66 6f 72 20 61 73 2d 70 61 74 68 2d 6c 69 73 74 20 70 6f 6c 69 63 79 2e 00 53 65	tion.for.as-path-list.policy..Se
c7120	74 20 64 65 73 63 72 69 70 74 69 6f 6e 20 66 6f 72 20 63 6f 6d 6d 75 6e 69 74 79 2d 6c 69 73 74	t.description.for.community-list
c7140	20 70 6f 6c 69 63 79 2e 00 53 65 74 20 64 65 73 63 72 69 70 74 69 6f 6e 20 66 6f 72 20 65 78 74	.policy..Set.description.for.ext
c7160	63 6f 6d 6d 75 6e 69 74 79 2d 6c 69 73 74 20 70 6f 6c 69 63 79 2e 00 53 65 74 20 64 65 73 63 72	community-list.policy..Set.descr
c7180	69 70 74 69 6f 6e 20 66 6f 72 20 6c 61 72 67 65 2d 63 6f 6d 6d 75 6e 69 74 79 2d 6c 69 73 74 20	iption.for.large-community-list.
c71a0	70 6f 6c 69 63 79 2e 00 53 65 74 20 64 65 73 63 72 69 70 74 69 6f 6e 20 66 6f 72 20 72 75 6c 65	policy..Set.description.for.rule
c71c0	20 69 6e 20 49 50 76 36 20 70 72 65 66 69 78 2d 6c 69 73 74 2e 00 53 65 74 20 64 65 73 63 72 69	.in.IPv6.prefix-list..Set.descri
c71e0	70 74 69 6f 6e 20 66 6f 72 20 72 75 6c 65 20 69 6e 20 74 68 65 20 70 72 65 66 69 78 2d 6c 69 73	ption.for.rule.in.the.prefix-lis
c7200	74 2e 00 53 65 74 20 64 65 73 63 72 69 70 74 69 6f 6e 20 66 6f 72 20 72 75 6c 65 2e 00 53 65 74	t..Set.description.for.rule..Set
c7220	20 64 65 73 63 72 69 70 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 49 50 76 36 20 61 63 63 65 73 73	.description.for.the.IPv6.access
c7240	20 6c 69 73 74 2e 00 53 65 74 20 64 65 73 63 72 69 70 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 49	.list..Set.description.for.the.I
c7260	50 76 36 20 70 72 65 66 69 78 2d 6c 69 73 74 20 70 6f 6c 69 63 79 2e 00 53 65 74 20 64 65 73 63	Pv6.prefix-list.policy..Set.desc
c7280	72 69 70 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 61 63 63 65 73 73 20 6c 69 73 74 2e 00 53 65 74	ription.for.the.access.list..Set
c72a0	20 64 65 73 63 72 69 70 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 70 72 65 66 69 78 2d 6c 69 73 74	.description.for.the.prefix-list
c72c0	20 70 6f 6c 69 63 79 2e 00 53 65 74 20 64 65 73 63 72 69 70 74 69 6f 6e 20 66 6f 72 20 74 68 65	.policy..Set.description.for.the
c72e0	20 72 6f 75 74 65 2d 6d 61 70 20 70 6f 6c 69 63 79 2e 00 53 65 74 20 64 65 73 63 72 69 70 74 69	.route-map.policy..Set.descripti
c7300	6f 6e 20 66 6f 72 20 74 68 65 20 72 75 6c 65 20 69 6e 20 74 68 65 20 72 6f 75 74 65 2d 6d 61 70	on.for.the.rule.in.the.route-map
c7320	20 70 6f 6c 69 63 79 2e 00 53 65 74 20 64 65 73 63 72 69 70 74 69 6f 6e 20 6f 66 20 74 68 65 20	.policy..Set.description.of.the.
c7340	70 65 65 72 20 6f 72 20 70 65 65 72 20 67 72 6f 75 70 2e 00 53 65 74 20 64 65 73 74 69 6e 61 74	peer.or.peer.group..Set.destinat
c7360	69 6f 6e 20 61 64 64 72 65 73 73 20 6f 72 20 70 72 65 66 69 78 20 74 6f 20 6d 61 74 63 68 2e 00	ion.address.or.prefix.to.match..
c7380	53 65 74 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 72 6f 75 74 69 6e 67 20 70 72 6f 74 6f 63 6f 6c	Set.destination.routing.protocol
c73a0	20 6d 65 74 72 69 63 2e 20 41 64 64 20 6f 72 20 73 75 62 74 72 61 63 74 20 6d 65 74 72 69 63 2c	.metric..Add.or.subtract.metric,
c73c0	20 6f 72 20 73 65 74 20 6d 65 74 72 69 63 20 76 61 6c 75 65 2e 00 53 65 74 20 65 74 68 31 20 74	.or.set.metric.value..Set.eth1.t
c73e0	6f 20 62 65 20 74 68 65 20 6c 69 73 74 65 6e 69 6e 67 20 69 6e 74 65 72 66 61 63 65 20 66 6f 72	o.be.the.listening.interface.for
c7400	20 74 68 65 20 44 48 43 50 76 36 20 72 65 6c 61 79 2e 00 53 65 74 20 65 78 65 63 75 74 69 6f 6e	.the.DHCPv6.relay..Set.execution
c7420	20 74 69 6d 65 20 69 6e 20 63 6f 6d 6d 6f 6e 20 63 72 6f 6e 5f 20 74 69 6d 65 20 66 6f 72 6d 61	.time.in.common.cron_.time.forma
c7440	74 2e 20 41 20 63 72 6f 6e 20 60 3c 73 70 65 63 3e 60 20 6f 66 20 60 60 33 30 20 2a 2f 36 20 2a	t..A.cron.`<spec>`.of.``30.*/6.*
c7460	20 2a 20 2a 60 60 20 77 6f 75 6c 64 20 65 78 65 63 75 74 65 20 74 68 65 20 60 3c 74 61 73 6b 3e	.*.*``.would.execute.the.`<task>
c7480	60 20 61 74 20 6d 69 6e 75 74 65 20 33 30 20 70 61 73 74 20 65 76 65 72 79 20 36 74 68 20 68 6f	`.at.minute.30.past.every.6th.ho
c74a0	75 72 2e 00 53 65 74 20 65 78 74 63 6f 6d 6d 75 6e 69 74 79 20 62 61 6e 64 77 69 64 74 68 00 53	ur..Set.extcommunity.bandwidth.S
c74c0	65 74 20 69 66 20 61 6e 74 65 6e 6e 61 20 70 61 74 74 65 72 6e 20 64 6f 65 73 20 6e 6f 74 20 63	et.if.antenna.pattern.does.not.c
c74e0	68 61 6e 67 65 20 64 75 72 69 6e 67 20 74 68 65 20 6c 69 66 65 74 69 6d 65 20 6f 66 20 61 6e 20	hange.during.the.lifetime.of.an.
c7500	61 73 73 6f 63 69 61 74 69 6f 6e 00 53 65 74 20 69 6e 62 6f 75 6e 64 20 69 6e 74 65 72 66 61 63	association.Set.inbound.interfac
c7520	65 20 74 6f 20 6d 61 74 63 68 2e 00 53 65 74 20 69 6e 74 65 72 66 61 63 65 73 20 74 6f 20 61 20	e.to.match..Set.interfaces.to.a.
c7540	7a 6f 6e 65 2e 20 41 20 7a 6f 6e 65 20 63 61 6e 20 68 61 76 65 20 6d 75 6c 74 69 70 6c 65 20 69	zone..A.zone.can.have.multiple.i
c7560	6e 74 65 72 66 61 63 65 73 2e 20 42 75 74 20 61 6e 20 69 6e 74 65 72 66 61 63 65 20 63 61 6e 20	nterfaces..But.an.interface.can.
c7580	6f 6e 6c 79 20 62 65 20 61 20 6d 65 6d 62 65 72 20 69 6e 20 6f 6e 65 20 7a 6f 6e 65 2e 00 53 65	only.be.a.member.in.one.zone..Se
c75a0	74 20 6c 6f 63 61 6c 20 3a 61 62 62 72 3a 60 41 53 4e 20 28 41 75 74 6f 6e 6f 6d 6f 75 73 20 53	t.local.:abbr:`ASN.(Autonomous.S
c75c0	79 73 74 65 6d 20 4e 75 6d 62 65 72 29 60 20 74 68 61 74 20 74 68 69 73 20 72 6f 75 74 65 72 20	ystem.Number)`.that.this.router.
c75e0	72 65 70 72 65 73 65 6e 74 73 2e 20 54 68 69 73 20 69 73 20 61 20 61 20 6d 61 6e 64 61 74 6f 72	represents..This.is.a.a.mandator
c7600	79 20 6f 70 74 69 6f 6e 21 00 53 65 74 20 6c 6f 63 61 6c 20 61 75 74 6f 6e 6f 6d 6f 75 73 20 73	y.option!.Set.local.autonomous.s
c7620	79 73 74 65 6d 20 6e 75 6d 62 65 72 20 74 68 61 74 20 74 68 69 73 20 72 6f 75 74 65 72 20 72 65	ystem.number.that.this.router.re
c7640	70 72 65 73 65 6e 74 73 2e 20 54 68 69 73 20 69 73 20 61 20 6d 61 6e 64 61 74 6f 72 79 20 6f 70	presents..This.is.a.mandatory.op
c7660	74 69 6f 6e 21 00 53 65 74 20 6d 61 74 63 68 20 63 72 69 74 65 72 69 61 20 62 61 73 65 64 20 6f	tion!.Set.match.criteria.based.o
c7680	6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 6d 61 72 6b 2e 00 53 65 74 20 6d 61 74 63 68 20 63 72 69	n.connection.mark..Set.match.cri
c76a0	74 65 72 69 61 20 62 61 73 65 64 20 6f 6e 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 70 6f 72 74 2c	teria.based.on.destination.port,
c76c0	20 77 68 65 72 65 20 3c 6d 61 74 63 68 5f 63 72 69 74 65 72 69 61 3e 20 63 6f 75 6c 64 20 62 65	.where.<match_criteria>.could.be
c76e0	3a 00 53 65 74 20 6d 61 74 63 68 20 63 72 69 74 65 72 69 61 20 62 61 73 65 64 20 6f 6e 20 73 65	:.Set.match.criteria.based.on.se
c7700	73 73 69 6f 6e 20 73 74 61 74 65 2e 00 53 65 74 20 6d 61 74 63 68 20 63 72 69 74 65 72 69 61 20	ssion.state..Set.match.criteria.
c7720	62 61 73 65 64 20 6f 6e 20 73 6f 75 72 63 65 20 6f 72 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 67	based.on.source.or.destination.g
c7740	72 6f 75 70 73 2c 20 77 68 65 72 65 20 3c 74 65 78 74 3e 20 77 6f 75 6c 64 20 62 65 20 74 68 65	roups,.where.<text>.would.be.the
c7760	20 67 72 6f 75 70 20 6e 61 6d 65 2f 69 64 65 6e 74 69 66 69 65 72 2e 20 50 72 65 70 65 6e 64 20	.group.name/identifier..Prepend.
c7780	63 68 61 72 61 63 74 65 72 20 27 21 27 20 66 6f 72 20 69 6e 76 65 72 74 65 64 20 6d 61 74 63 68	character.'!'.for.inverted.match
c77a0	69 6e 67 20 63 72 69 74 65 72 69 61 2e 00 53 65 74 20 6d 61 74 63 68 20 63 72 69 74 65 72 69 61	ing.criteria..Set.match.criteria
c77c0	20 62 61 73 65 64 20 6f 6e 20 73 6f 75 72 63 65 20 6f 72 20 64 65 73 74 69 6e 61 74 69 6f 6e 20	.based.on.source.or.destination.
c77e0	69 70 76 34 7c 69 70 76 36 20 61 64 64 72 65 73 73 2c 20 77 68 65 72 65 20 3c 6d 61 74 63 68 5f	ipv4|ipv6.address,.where.<match_
c7800	63 72 69 74 65 72 69 61 3e 20 63 6f 75 6c 64 20 62 65 3a 00 53 65 74 20 6d 61 74 63 68 20 63 72	criteria>.could.be:.Set.match.cr
c7820	69 74 65 72 69 61 20 62 61 73 65 64 20 6f 6e 20 74 63 70 20 66 6c 61 67 73 2e 20 41 6c 6c 6f 77	iteria.based.on.tcp.flags..Allow
c7840	65 64 20 76 61 6c 75 65 73 20 66 6f 72 20 54 43 50 20 66 6c 61 67 73 3a 20 53 59 4e 20 41 43 4b	ed.values.for.TCP.flags:.SYN.ACK
c7860	20 46 49 4e 20 52 53 54 20 55 52 47 20 50 53 48 20 41 4c 4c 2e 20 57 68 65 6e 20 73 70 65 63 69	.FIN.RST.URG.PSH.ALL..When.speci
c7880	66 79 69 6e 67 20 6d 6f 72 65 20 74 68 61 6e 20 6f 6e 65 20 66 6c 61 67 2c 20 66 6c 61 67 73 20	fying.more.than.one.flag,.flags.
c78a0	73 68 6f 75 6c 64 20 62 65 20 63 6f 6d 6d 61 2d 73 65 70 61 72 61 74 65 64 2e 20 46 6f 72 20 65	should.be.comma-separated..For.e
c78c0	78 61 6d 70 6c 65 20 3a 20 76 61 6c 75 65 20 6f 66 20 27 53 59 4e 2c 21 41 43 4b 2c 21 46 49 4e	xample.:.value.of.'SYN,!ACK,!FIN
c78e0	2c 21 52 53 54 27 20 77 69 6c 6c 20 6f 6e 6c 79 20 6d 61 74 63 68 20 70 61 63 6b 65 74 73 20 77	,!RST'.will.only.match.packets.w
c7900	69 74 68 20 74 68 65 20 53 59 4e 20 66 6c 61 67 20 73 65 74 2c 20 61 6e 64 20 74 68 65 20 41 43	ith.the.SYN.flag.set,.and.the.AC
c7920	4b 2c 20 46 49 4e 20 61 6e 64 20 52 53 54 20 66 6c 61 67 73 20 75 6e 73 65 74 2e 00 53 65 74 20	K,.FIN.and.RST.flags.unset..Set.
c7940	6d 61 78 69 6d 75 6d 20 60 3c 73 69 7a 65 3e 60 20 6f 66 20 44 48 43 50 20 70 61 63 6b 65 74 73	maximum.`<size>`.of.DHCP.packets
c7960	20 69 6e 63 6c 75 64 69 6e 67 20 72 65 6c 61 79 20 61 67 65 6e 74 20 69 6e 66 6f 72 6d 61 74 69	.including.relay.agent.informati
c7980	6f 6e 2e 20 49 66 20 61 20 44 48 43 50 20 70 61 63 6b 65 74 20 73 69 7a 65 20 73 75 72 70 61 73	on..If.a.DHCP.packet.size.surpas
c79a0	73 65 73 20 74 68 69 73 20 76 61 6c 75 65 20 69 74 20 77 69 6c 6c 20 62 65 20 66 6f 72 77 61 72	ses.this.value.it.will.be.forwar
c79c0	64 65 64 20 77 69 74 68 6f 75 74 20 61 70 70 65 6e 64 69 6e 67 20 72 65 6c 61 79 20 61 67 65 6e	ded.without.appending.relay.agen
c79e0	74 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 20 52 61 6e 67 65 20 36 34 2e 2e 2e 31 34 30 30 2c 20	t.information..Range.64...1400,.
c7a00	64 65 66 61 75 6c 74 20 35 37 36 2e 00 53 65 74 20 6d 61 78 69 6d 75 6d 20 61 76 65 72 61 67 65	default.576..Set.maximum.average
c7a20	20 6d 61 74 63 68 69 6e 67 20 72 61 74 65 2e 20 46 6f 72 6d 61 74 20 66 6f 72 20 72 61 74 65 3a	.matching.rate..Format.for.rate:
c7a40	20 69 6e 74 65 67 65 72 2f 74 69 6d 65 5f 75 6e 69 74 2c 20 77 68 65 72 65 20 74 69 6d 65 5f 75	.integer/time_unit,.where.time_u
c7a60	6e 69 74 20 63 6f 75 6c 64 20 62 65 20 61 6e 79 20 6f 6e 65 20 6f 66 20 73 65 63 6f 6e 64 2c 20	nit.could.be.any.one.of.second,.
c7a80	6d 69 6e 75 74 65 2c 20 68 6f 75 72 20 6f 72 20 64 61 79 2e 46 6f 72 20 65 78 61 6d 70 6c 65 20	minute,.hour.or.day.For.example.
c7aa0	31 2f 73 65 63 6f 6e 64 20 69 6d 70 6c 69 65 73 20 72 75 6c 65 20 74 6f 20 62 65 20 6d 61 74 63	1/second.implies.rule.to.be.matc
c7ac0	68 65 64 20 61 74 20 61 6e 20 61 76 65 72 61 67 65 20 6f 66 20 6f 6e 63 65 20 70 65 72 20 73 65	hed.at.an.average.of.once.per.se
c7ae0	63 6f 6e 64 2e 00 53 65 74 20 6d 61 78 69 6d 75 6d 20 68 6f 70 20 63 6f 75 6e 74 20 62 65 66 6f	cond..Set.maximum.hop.count.befo
c7b00	72 65 20 70 61 63 6b 65 74 73 20 61 72 65 20 64 69 73 63 61 72 64 65 64 2c 20 64 65 66 61 75 6c	re.packets.are.discarded,.defaul
c7b20	74 3a 20 31 30 00 53 65 74 20 6d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 70 61 63 6b	t:.10.Set.maximum.number.of.pack
c7b40	65 74 73 20 74 6f 20 61 6c 6f 77 20 69 6e 20 65 78 63 65 73 73 20 6f 66 20 72 61 74 65 2e 00 53	ets.to.alow.in.excess.of.rate..S
c7b60	65 74 20 6d 69 6e 69 6d 75 6d 20 74 69 6d 65 20 69 6e 74 65 72 76 61 6c 20 66 6f 72 20 72 65 66	et.minimum.time.interval.for.ref
c7b80	72 65 73 68 69 6e 67 20 67 72 61 74 75 69 74 6f 75 73 20 41 52 50 73 20 77 68 69 6c 65 20 4d 41	reshing.gratuitous.ARPs.while.MA
c7ba0	53 54 45 52 2e 00 53 65 74 20 6e 75 6d 62 65 72 20 6f 66 20 67 72 61 74 75 69 74 6f 75 73 20 41	STER..Set.number.of.gratuitous.A
c7bc0	52 50 20 6d 65 73 73 61 67 65 73 20 74 6f 20 73 65 6e 64 20 61 74 20 61 20 74 69 6d 65 20 61 66	RP.messages.to.send.at.a.time.af
c7be0	74 65 72 20 74 72 61 6e 73 69 74 69 6f 6e 20 74 6f 20 4d 41 53 54 45 52 2e 00 53 65 74 20 6e 75	ter.transition.to.MASTER..Set.nu
c7c00	6d 62 65 72 20 6f 66 20 67 72 61 74 75 69 74 6f 75 73 20 41 52 50 20 6d 65 73 73 61 67 65 73 20	mber.of.gratuitous.ARP.messages.
c7c20	74 6f 20 73 65 6e 64 20 61 74 20 61 20 74 69 6d 65 20 77 68 69 6c 65 20 4d 41 53 54 45 52 2e 00	to.send.at.a.time.while.MASTER..
c7c40	53 65 74 20 6e 75 6d 62 65 72 20 6f 66 20 73 65 63 6f 6e 64 73 20 66 6f 72 20 48 65 6c 6c 6f 20	Set.number.of.seconds.for.Hello.
c7c60	49 6e 74 65 72 76 61 6c 20 74 69 6d 65 72 20 76 61 6c 75 65 2e 20 53 65 74 74 69 6e 67 20 74 68	Interval.timer.value..Setting.th
c7c80	69 73 20 76 61 6c 75 65 2c 20 48 65 6c 6c 6f 20 70 61 63 6b 65 74 20 77 69 6c 6c 20 62 65 20 73	is.value,.Hello.packet.will.be.s
c7ca0	65 6e 74 20 65 76 65 72 79 20 74 69 6d 65 72 20 76 61 6c 75 65 20 73 65 63 6f 6e 64 73 20 6f 6e	ent.every.timer.value.seconds.on
c7cc0	20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 69 6e 74 65 72 66 61 63 65 2e 20 54 68 69 73 20 76	.the.specified.interface..This.v
c7ce0	61 6c 75 65 20 6d 75 73 74 20 62 65 20 74 68 65 20 73 61 6d 65 20 66 6f 72 20 61 6c 6c 20 72 6f	alue.must.be.the.same.for.all.ro
c7d00	75 74 65 72 73 20 61 74 74 61 63 68 65 64 20 74 6f 20 61 20 63 6f 6d 6d 6f 6e 20 6e 65 74 77 6f	uters.attached.to.a.common.netwo
c7d20	72 6b 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 76 61 6c 75 65 20 69 73 20 31 30 20 73 65 63 6f	rk..The.default.value.is.10.seco
c7d40	6e 64 73 2e 20 54 68 65 20 69 6e 74 65 72 76 61 6c 20 72 61 6e 67 65 20 69 73 20 31 20 74 6f 20	nds..The.interval.range.is.1.to.
c7d60	36 35 35 33 35 2e 00 53 65 74 20 6e 75 6d 62 65 72 20 6f 66 20 73 65 63 6f 6e 64 73 20 66 6f 72	65535..Set.number.of.seconds.for
c7d80	20 72 6f 75 74 65 72 20 44 65 61 64 20 49 6e 74 65 72 76 61 6c 20 74 69 6d 65 72 20 76 61 6c 75	.router.Dead.Interval.timer.valu
c7da0	65 20 75 73 65 64 20 66 6f 72 20 57 61 69 74 20 54 69 6d 65 72 20 61 6e 64 20 49 6e 61 63 74 69	e.used.for.Wait.Timer.and.Inacti
c7dc0	76 69 74 79 20 54 69 6d 65 72 2e 20 54 68 69 73 20 76 61 6c 75 65 20 6d 75 73 74 20 62 65 20 74	vity.Timer..This.value.must.be.t
c7de0	68 65 20 73 61 6d 65 20 66 6f 72 20 61 6c 6c 20 72 6f 75 74 65 72 73 20 61 74 74 61 63 68 65 64	he.same.for.all.routers.attached
c7e00	20 74 6f 20 61 20 63 6f 6d 6d 6f 6e 20 6e 65 74 77 6f 72 6b 2e 20 54 68 65 20 64 65 66 61 75 6c	.to.a.common.network..The.defaul
c7e20	74 20 76 61 6c 75 65 20 69 73 20 34 30 20 73 65 63 6f 6e 64 73 2e 20 54 68 65 20 69 6e 74 65 72	t.value.is.40.seconds..The.inter
c7e40	76 61 6c 20 72 61 6e 67 65 20 69 73 20 31 20 74 6f 20 36 35 35 33 35 2e 00 53 65 74 20 70 61 63	val.range.is.1.to.65535..Set.pac
c7e60	6b 65 74 20 6d 6f 64 69 66 69 63 61 74 69 6f 6e 73 3a 20 45 78 70 6c 69 63 69 74 6c 79 20 73 65	ket.modifications:.Explicitly.se
c7e80	74 20 54 43 50 20 4d 61 78 69 6d 75 6d 20 73 65 67 6d 65 6e 74 20 73 69 7a 65 20 76 61 6c 75 65	t.TCP.Maximum.segment.size.value
c7ea0	2e 00 53 65 74 20 70 61 63 6b 65 74 20 6d 6f 64 69 66 69 63 61 74 69 6f 6e 73 3a 20 50 61 63 6b	..Set.packet.modifications:.Pack
c7ec0	65 74 20 44 69 66 66 65 72 65 6e 74 69 61 74 65 64 20 53 65 72 76 69 63 65 73 20 43 6f 64 65 70	et.Differentiated.Services.Codep
c7ee0	6f 69 6e 74 20 28 44 53 43 50 29 00 53 65 74 20 70 61 72 61 6d 65 74 65 72 73 20 66 6f 72 20 6d	oint.(DSCP).Set.parameters.for.m
c7f00	61 74 63 68 69 6e 67 20 72 65 63 65 6e 74 6c 79 20 73 65 65 6e 20 73 6f 75 72 63 65 73 2e 20 54	atching.recently.seen.sources..T
c7f20	68 69 73 20 6d 61 74 63 68 20 63 6f 75 6c 64 20 62 65 20 75 73 65 64 20 62 79 20 73 65 65 74 69	his.match.could.be.used.by.seeti
c7f40	6e 67 20 63 6f 75 6e 74 20 28 73 6f 75 72 63 65 20 61 64 64 72 65 73 73 20 73 65 65 6e 20 6d 6f	ng.count.(source.address.seen.mo
c7f60	72 65 20 74 68 61 6e 20 3c 31 2d 32 35 35 3e 20 74 69 6d 65 73 29 20 61 6e 64 2f 6f 72 20 74 69	re.than.<1-255>.times).and/or.ti
c7f80	6d 65 20 28 73 6f 75 72 63 65 20 61 64 64 72 65 73 73 20 73 65 65 6e 20 69 6e 20 74 68 65 20 6c	me.(source.address.seen.in.the.l
c7fa0	61 73 74 20 3c 30 2d 34 32 39 34 39 36 37 32 39 35 3e 20 73 65 63 6f 6e 64 73 29 2e 00 53 65 74	ast.<0-4294967295>.seconds)..Set
c7fc0	20 70 72 65 66 69 78 65 73 20 74 6f 20 74 61 62 6c 65 2e 00 53 65 74 20 70 72 6f 78 79 20 66 6f	.prefixes.to.table..Set.proxy.fo
c7fe0	72 20 61 6c 6c 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 69 6e 69 74 69 61 74 65 64 20 62 79 20 56	r.all.connections.initiated.by.V
c8000	79 4f 53 2c 20 69 6e 63 6c 75 64 69 6e 67 20 48 54 54 50 2c 20 48 54 54 50 53 2c 20 61 6e 64 20	yOS,.including.HTTP,.HTTPS,.and.
c8020	46 54 50 20 28 61 6e 6f 6e 79 6d 6f 75 73 20 66 74 70 29 2e 00 53 65 74 20 72 6f 75 74 65 20 74	FTP.(anonymous.ftp)..Set.route.t
c8040	61 72 67 65 74 20 76 61 6c 75 65 20 69 6e 20 66 6f 72 6d 61 74 20 60 60 3c 30 2d 36 35 35 33 35	arget.value.in.format.``<0-65535
c8060	3a 30 2d 34 32 39 34 39 36 37 32 39 35 3e 60 60 20 6f 72 20 60 60 3c 49 50 3a 30 2d 36 35 35 33	:0-4294967295>``.or.``<IP:0-6553
c8080	35 3e 60 60 2e 00 53 65 74 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 20 74 6f 20 66 6f 72 77 61	5>``..Set.routing.table.to.forwa
c80a0	72 64 20 70 61 63 6b 65 74 20 74 6f 2e 00 53 65 74 20 72 75 6c 65 20 61 63 74 69 6f 6e 20 74 6f	rd.packet.to..Set.rule.action.to
c80c0	20 64 72 6f 70 2e 00 53 65 74 20 73 65 72 76 69 63 65 20 74 6f 20 62 69 6e 64 20 6f 6e 20 49 50	.drop..Set.service.to.bind.on.IP
c80e0	20 61 64 64 72 65 73 73 2c 20 62 79 20 64 65 66 61 75 6c 74 20 6c 69 73 74 65 6e 20 6f 6e 20 61	.address,.by.default.listen.on.a
c8100	6e 79 20 49 50 76 34 20 61 6e 64 20 49 50 76 36 00 53 65 74 20 73 69 74 65 20 6f 66 20 6f 72 69	ny.IPv4.and.IPv6.Set.site.of.ori
c8120	67 69 6e 20 76 61 6c 75 65 20 69 6e 20 66 6f 72 6d 61 74 20 60 60 3c 30 2d 36 35 35 33 35 3a 30	gin.value.in.format.``<0-65535:0
c8140	2d 34 32 39 34 39 36 37 32 39 35 3e 60 60 20 6f 72 20 60 60 3c 49 50 3a 30 2d 36 35 35 33 35 3e	-4294967295>``.or.``<IP:0-65535>
c8160	60 60 2e 00 53 65 74 20 73 6f 6d 65 20 61 74 74 72 69 62 75 74 65 73 20 28 6c 69 6b 65 20 41 53	``..Set.some.attributes.(like.AS
c8180	20 50 41 54 48 20 6f 72 20 43 6f 6d 6d 75 6e 69 74 79 20 76 61 6c 75 65 29 20 74 6f 20 61 64 76	.PATH.or.Community.value).to.adv
c81a0	65 72 74 69 73 65 64 20 72 6f 75 74 65 73 20 74 6f 20 6e 65 69 67 68 62 6f 72 73 2e 00 53 65 74	ertised.routes.to.neighbors..Set
c81c0	20 73 6f 6d 65 20 6d 65 74 72 69 63 20 74 6f 20 72 6f 75 74 65 73 20 6c 65 61 72 6e 65 64 20 66	.some.metric.to.routes.learned.f
c81e0	72 6f 6d 20 61 20 70 61 72 74 69 63 75 6c 61 72 20 6e 65 69 67 68 62 6f 72 2e 00 53 65 74 20 73	rom.a.particular.neighbor..Set.s
c8200	6f 75 72 63 65 20 49 50 2f 49 50 76 36 20 61 64 64 72 65 73 73 20 66 6f 72 20 72 6f 75 74 65 2e	ource.IP/IPv6.address.for.route.
c8220	00 53 65 74 20 73 6f 75 72 63 65 20 61 64 64 72 65 73 73 20 6f 72 20 70 72 65 66 69 78 20 74 6f	.Set.source.address.or.prefix.to
c8240	20 6d 61 74 63 68 2e 00 53 65 74 20 73 6f 75 72 63 65 2d 61 64 64 72 65 73 73 20 74 6f 20 79 6f	.match..Set.source-address.to.yo
c8260	75 72 20 6c 6f 63 61 6c 20 49 50 20 28 4c 41 4e 29 2e 00 53 65 74 20 74 61 67 20 76 61 6c 75 65	ur.local.IP.(LAN)..Set.tag.value
c8280	20 66 6f 72 20 72 6f 75 74 69 6e 67 20 70 72 6f 74 6f 63 6f 6c 2e 00 53 65 74 20 74 68 65 20 22	.for.routing.protocol..Set.the."
c82a0	72 65 63 75 72 73 69 6f 6e 20 64 65 73 69 72 65 64 22 20 62 69 74 20 69 6e 20 72 65 71 75 65 73	recursion.desired".bit.in.reques
c82c0	74 73 20 74 6f 20 74 68 65 20 75 70 73 74 72 65 61 6d 20 6e 61 6d 65 73 65 72 76 65 72 2e 00 53	ts.to.the.upstream.nameserver..S
c82e0	65 74 20 74 68 65 20 42 47 50 20 6e 65 78 74 68 6f 70 20 61 64 64 72 65 73 73 20 74 6f 20 74 68	et.the.BGP.nexthop.address.to.th
c8300	65 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 70 65 65 72 2e 20 46 6f 72 20 61 6e 20 69 6e	e.address.of.the.peer..For.an.in
c8320	63 6f 6d 69 6e 67 20 72 6f 75 74 65 2d 6d 61 70 20 74 68 69 73 20 6d 65 61 6e 73 20 74 68 65 20	coming.route-map.this.means.the.
c8340	69 70 20 61 64 64 72 65 73 73 20 6f 66 20 6f 75 72 20 70 65 65 72 20 69 73 20 75 73 65 64 2e 20	ip.address.of.our.peer.is.used..
c8360	46 6f 72 20 61 6e 20 6f 75 74 67 6f 69 6e 67 20 72 6f 75 74 65 2d 6d 61 70 20 74 68 69 73 20 6d	For.an.outgoing.route-map.this.m
c8380	65 61 6e 73 20 74 68 65 20 69 70 20 61 64 64 72 65 73 73 20 6f 66 20 6f 75 72 20 73 65 6c 66 20	eans.the.ip.address.of.our.self.
c83a0	69 73 20 75 73 65 64 20 74 6f 20 65 73 74 61 62 6c 69 73 68 20 74 68 65 20 70 65 65 72 69 6e 67	is.used.to.establish.the.peering
c83c0	20 77 69 74 68 20 6f 75 72 20 6e 65 69 67 68 62 6f 72 2e 00 53 65 74 20 74 68 65 20 49 50 20 61	.with.our.neighbor..Set.the.IP.a
c83e0	64 64 72 65 73 73 20 6f 66 20 74 68 65 20 6c 6f 63 61 6c 20 69 6e 74 65 72 66 61 63 65 20 74 6f	ddress.of.the.local.interface.to
c8400	20 62 65 20 75 73 65 64 20 66 6f 72 20 74 68 65 20 74 75 6e 6e 65 6c 2e 00 53 65 74 20 74 68 65	.be.used.for.the.tunnel..Set.the
c8420	20 49 50 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 72 65 6d 6f 74 65 20 70 65 65 72 2e 20	.IP.address.of.the.remote.peer..
c8440	49 74 20 6d 61 79 20 62 65 20 73 70 65 63 69 66 69 65 64 20 61 73 20 61 6e 20 49 50 76 34 20 61	It.may.be.specified.as.an.IPv4.a
c8460	64 64 72 65 73 73 20 6f 72 20 61 6e 20 49 50 76 36 20 61 64 64 72 65 73 73 2e 00 53 65 74 20 74	ddress.or.an.IPv6.address..Set.t
c8480	68 65 20 49 50 76 34 20 73 6f 75 72 63 65 20 76 61 6c 69 64 61 74 69 6f 6e 20 6d 6f 64 65 2e 20	he.IPv4.source.validation.mode..
c84a0	54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 73 79 73 74 65 6d 20 70 61 72 61 6d 65 74 65 72 20 77	The.following.system.parameter.w
c84c0	69 6c 6c 20 62 65 20 61 6c 74 65 72 65 64 3a 00 53 65 74 20 74 68 65 20 4d 4c 44 20 6c 61 73 74	ill.be.altered:.Set.the.MLD.last
c84e0	20 6d 65 6d 62 65 72 20 71 75 65 72 79 20 63 6f 75 6e 74 2e 20 54 68 65 20 64 65 66 61 75 6c 74	.member.query.count..The.default
c8500	20 76 61 6c 75 65 20 69 73 20 32 2e 00 53 65 74 20 74 68 65 20 4d 4c 44 20 6c 61 73 74 20 6d 65	.value.is.2..Set.the.MLD.last.me
c8520	6d 62 65 72 20 71 75 65 72 79 20 69 6e 74 65 72 76 61 6c 20 69 6e 20 6d 69 6c 6c 69 73 65 63 6f	mber.query.interval.in.milliseco
c8540	6e 64 73 20 28 31 30 30 2d 36 35 35 33 35 30 30 29 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 76	nds.(100-6553500)..The.default.v
c8560	61 6c 75 65 20 69 73 20 31 30 30 30 20 6d 69 6c 6c 69 73 65 63 6f 6e 64 73 2e 00 53 65 74 20 74	alue.is.1000.milliseconds..Set.t
c8580	68 65 20 4d 4c 44 20 71 75 65 72 79 20 72 65 73 70 6f 6e 73 65 20 74 69 6d 65 6f 75 74 20 69 6e	he.MLD.query.response.timeout.in
c85a0	20 6d 69 6c 6c 69 73 65 63 6f 6e 64 73 20 28 31 30 30 2d 36 35 35 33 35 30 30 29 2e 20 54 68 65	.milliseconds.(100-6553500)..The
c85c0	20 64 65 66 61 75 6c 74 20 76 61 6c 75 65 20 69 73 20 31 30 30 30 30 20 6d 69 6c 6c 69 73 65 63	.default.value.is.10000.millisec
c85e0	6f 6e 64 73 2e 00 53 65 74 20 74 68 65 20 4d 4c 44 20 76 65 72 73 69 6f 6e 20 75 73 65 64 20 6f	onds..Set.the.MLD.version.used.o
c8600	6e 20 74 68 69 73 20 69 6e 74 65 72 66 61 63 65 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 76 61	n.this.interface..The.default.va
c8620	6c 75 65 20 69 73 20 32 2e 00 53 65 74 20 74 68 65 20 4d 61 78 69 6d 75 6d 20 53 74 61 63 6b 20	lue.is.2..Set.the.Maximum.Stack.
c8640	44 65 70 74 68 20 73 75 70 70 6f 72 74 65 64 20 62 79 20 74 68 65 20 72 6f 75 74 65 72 2e 20 54	Depth.supported.by.the.router..T
c8660	68 65 20 76 61 6c 75 65 20 64 65 70 65 6e 64 20 6f 66 20 74 68 65 20 4d 50 4c 53 20 64 61 74 61	he.value.depend.of.the.MPLS.data
c8680	70 6c 61 6e 65 2e 00 53 65 74 20 74 68 65 20 53 65 67 6d 65 6e 74 20 52 6f 75 74 69 6e 67 20 47	plane..Set.the.Segment.Routing.G
c86a0	6c 6f 62 61 6c 20 42 6c 6f 63 6b 20 69 2e 65 2e 20 74 68 65 20 6c 61 62 65 6c 20 72 61 6e 67 65	lobal.Block.i.e..the.label.range
c86c0	20 75 73 65 64 20 62 79 20 4d 50 4c 53 20 74 6f 20 73 74 6f 72 65 20 6c 61 62 65 6c 20 69 6e 20	.used.by.MPLS.to.store.label.in.
c86e0	74 68 65 20 4d 50 4c 53 20 46 49 42 20 66 6f 72 20 50 72 65 66 69 78 20 53 49 44 2e 20 4e 6f 74	the.MPLS.FIB.for.Prefix.SID..Not
c8700	65 20 74 68 61 74 20 74 68 65 20 62 6c 6f 63 6b 20 73 69 7a 65 20 6d 61 79 20 6e 6f 74 20 65 78	e.that.the.block.size.may.not.ex
c8720	63 65 65 64 20 36 35 35 33 35 2e 00 53 65 74 20 74 68 65 20 53 65 67 6d 65 6e 74 20 52 6f 75 74	ceed.65535..Set.the.Segment.Rout
c8740	69 6e 67 20 47 6c 6f 62 61 6c 20 42 6c 6f 63 6b 20 69 2e 65 2e 20 74 68 65 20 6c 6f 77 20 6c 61	ing.Global.Block.i.e..the.low.la
c8760	62 65 6c 20 72 61 6e 67 65 20 75 73 65 64 20 62 79 20 4d 50 4c 53 20 74 6f 20 73 74 6f 72 65 20	bel.range.used.by.MPLS.to.store.
c8780	6c 61 62 65 6c 20 69 6e 20 74 68 65 20 4d 50 4c 53 20 46 49 42 20 66 6f 72 20 50 72 65 66 69 78	label.in.the.MPLS.FIB.for.Prefix
c87a0	20 53 49 44 2e 20 4e 6f 74 65 20 74 68 61 74 20 74 68 65 20 62 6c 6f 63 6b 20 73 69 7a 65 20 6d	.SID..Note.that.the.block.size.m
c87c0	61 79 20 6e 6f 74 20 65 78 63 65 65 64 20 36 35 35 33 35 2e 00 53 65 74 20 74 68 65 20 53 65 67	ay.not.exceed.65535..Set.the.Seg
c87e0	6d 65 6e 74 20 52 6f 75 74 69 6e 67 20 4c 6f 63 61 6c 20 42 6c 6f 63 6b 20 69 2e 65 2e 20 74 68	ment.Routing.Local.Block.i.e..th
c8800	65 20 6c 61 62 65 6c 20 72 61 6e 67 65 20 75 73 65 64 20 62 79 20 4d 50 4c 53 20 74 6f 20 73 74	e.label.range.used.by.MPLS.to.st
c8820	6f 72 65 20 6c 61 62 65 6c 20 69 6e 20 74 68 65 20 4d 50 4c 53 20 46 49 42 20 66 6f 72 20 50 72	ore.label.in.the.MPLS.FIB.for.Pr
c8840	65 66 69 78 20 53 49 44 2e 20 4e 6f 74 65 20 74 68 61 74 20 74 68 65 20 62 6c 6f 63 6b 20 73 69	efix.SID..Note.that.the.block.si
c8860	7a 65 20 6d 61 79 20 6e 6f 74 20 65 78 63 65 65 64 20 36 35 35 33 35 2e 53 65 67 6d 65 6e 74 20	ze.may.not.exceed.65535.Segment.
c8880	52 6f 75 74 69 6e 67 20 4c 6f 63 61 6c 20 42 6c 6f 63 6b 2c 20 54 68 65 20 6e 65 67 61 74 69 76	Routing.Local.Block,.The.negativ
c88a0	65 20 63 6f 6d 6d 61 6e 64 20 61 6c 77 61 79 73 20 75 6e 73 65 74 73 20 62 6f 74 68 2e 00 53 65	e.command.always.unsets.both..Se
c88c0	74 20 74 68 65 20 53 65 67 6d 65 6e 74 20 52 6f 75 74 69 6e 67 20 4c 6f 63 61 6c 20 42 6c 6f 63	t.the.Segment.Routing.Local.Bloc
c88e0	6b 20 69 2e 65 2e 20 74 68 65 20 6c 6f 77 20 6c 61 62 65 6c 20 72 61 6e 67 65 20 75 73 65 64 20	k.i.e..the.low.label.range.used.
c8900	62 79 20 4d 50 4c 53 20 74 6f 20 73 74 6f 72 65 20 6c 61 62 65 6c 20 69 6e 20 74 68 65 20 4d 50	by.MPLS.to.store.label.in.the.MP
c8920	4c 53 20 46 49 42 20 66 6f 72 20 50 72 65 66 69 78 20 53 49 44 2e 20 4e 6f 74 65 20 74 68 61 74	LS.FIB.for.Prefix.SID..Note.that
c8940	20 74 68 65 20 62 6c 6f 63 6b 20 73 69 7a 65 20 6d 61 79 20 6e 6f 74 20 65 78 63 65 65 64 20 36	.the.block.size.may.not.exceed.6
c8960	35 35 33 35 2e 53 65 67 6d 65 6e 74 20 52 6f 75 74 69 6e 67 20 4c 6f 63 61 6c 20 42 6c 6f 63 6b	5535.Segment.Routing.Local.Block
c8980	2c 20 54 68 65 20 6e 65 67 61 74 69 76 65 20 63 6f 6d 6d 61 6e 64 20 61 6c 77 61 79 73 20 75 6e	,.The.negative.command.always.un
c89a0	73 65 74 73 20 62 6f 74 68 2e 00 53 65 74 20 74 68 65 20 60 60 73 73 68 64 60 60 20 6c 6f 67 20	sets.both..Set.the.``sshd``.log.
c89c0	6c 65 76 65 6c 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 69 73 20 60 60 69 6e 66 6f 60 60 2e 00	level..The.default.is.``info``..
c89e0	53 65 74 20 74 68 65 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 62 61 63 6b 65 6e 64 20 70	Set.the.address.of.the.backend.p
c8a00	6f 72 74 00 53 65 74 20 74 68 65 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 62 61 63 6b 65	ort.Set.the.address.of.the.backe
c8a20	6e 64 20 73 65 72 76 65 72 20 74 6f 20 77 68 69 63 68 20 74 68 65 20 69 6e 63 6f 6d 69 6e 67 20	nd.server.to.which.the.incoming.
c8a40	74 72 61 66 66 69 63 20 77 69 6c 6c 20 62 65 20 66 6f 72 77 61 72 64 65 64 00 53 65 74 20 74 68	traffic.will.be.forwarded.Set.th
c8a60	65 20 64 65 66 61 75 6c 74 20 56 52 52 50 20 76 65 72 73 69 6f 6e 20 74 6f 20 75 73 65 2e 20 54	e.default.VRRP.version.to.use..T
c8a80	68 69 73 20 64 65 66 61 75 6c 74 73 20 74 6f 20 32 2c 20 62 75 74 20 49 50 76 36 20 69 6e 73 74	his.defaults.to.2,.but.IPv6.inst
c8aa0	61 6e 63 65 73 20 77 69 6c 6c 20 61 6c 77 61 79 73 20 75 73 65 20 76 65 72 73 69 6f 6e 20 33 2e	ances.will.always.use.version.3.
c8ac0	00 53 65 74 20 74 68 65 20 64 65 76 69 63 65 27 73 20 74 72 61 6e 73 6d 69 74 20 28 54 58 29 20	.Set.the.device's.transmit.(TX).
c8ae0	6b 65 79 2e 20 54 68 69 73 20 6b 65 79 20 6d 75 73 74 20 62 65 20 61 20 68 65 78 20 73 74 72 69	key..This.key.must.be.a.hex.stri
c8b00	6e 67 20 74 68 61 74 20 69 73 20 31 36 2d 62 79 74 65 73 20 28 47 43 4d 2d 41 45 53 2d 31 32 38	ng.that.is.16-bytes.(GCM-AES-128
c8b20	29 20 6f 72 20 33 32 2d 62 79 74 65 73 20 28 47 43 4d 2d 41 45 53 2d 32 35 36 29 2e 00 53 65 74	).or.32-bytes.(GCM-AES-256)..Set
c8b40	20 74 68 65 20 64 69 73 74 61 6e 63 65 20 66 6f 72 20 74 68 65 20 64 65 66 61 75 6c 74 20 67 61	.the.distance.for.the.default.ga
c8b60	74 65 77 61 79 20 73 65 6e 74 20 62 79 20 74 68 65 20 44 48 43 50 20 73 65 72 76 65 72 2e 00 53	teway.sent.by.the.DHCP.server..S
c8b80	65 74 20 74 68 65 20 64 69 73 74 61 6e 63 65 20 66 6f 72 20 74 68 65 20 64 65 66 61 75 6c 74 20	et.the.distance.for.the.default.
c8ba0	67 61 74 65 77 61 79 20 73 65 6e 74 20 62 79 20 74 68 65 20 50 50 50 6f 45 20 73 65 72 76 65 72	gateway.sent.by.the.PPPoE.server
c8bc0	2e 00 53 65 74 20 74 68 65 20 64 69 73 74 61 6e 63 65 20 66 6f 72 20 74 68 65 20 64 65 66 61 75	..Set.the.distance.for.the.defau
c8be0	6c 74 20 67 61 74 65 77 61 79 20 73 65 6e 74 20 62 79 20 74 68 65 20 53 53 54 50 20 73 65 72 76	lt.gateway.sent.by.the.SSTP.serv
c8c00	65 72 2e 00 53 65 74 20 74 68 65 20 65 6e 63 61 70 73 75 6c 61 74 69 6f 6e 20 74 79 70 65 20 6f	er..Set.the.encapsulation.type.o
c8c20	66 20 74 68 65 20 74 75 6e 6e 65 6c 2e 20 56 61 6c 69 64 20 76 61 6c 75 65 73 20 66 6f 72 20 65	f.the.tunnel..Valid.values.for.e
c8c40	6e 63 61 70 73 75 6c 61 74 69 6f 6e 20 61 72 65 3a 20 75 64 70 2c 20 69 70 2e 00 53 65 74 20 74	ncapsulation.are:.udp,.ip..Set.t
c8c60	68 65 20 67 6c 6f 62 61 6c 20 73 65 74 74 69 6e 67 20 66 6f 72 20 61 6e 20 65 73 74 61 62 6c 69	he.global.setting.for.an.establi
c8c80	73 68 65 64 20 63 6f 6e 6e 65 63 74 69 6f 6e 2e 00 53 65 74 20 74 68 65 20 67 6c 6f 62 61 6c 20	shed.connection..Set.the.global.
c8ca0	73 65 74 74 69 6e 67 20 66 6f 72 20 69 6e 76 61 6c 69 64 20 70 61 63 6b 65 74 73 2e 00 53 65 74	setting.for.invalid.packets..Set
c8cc0	20 74 68 65 20 67 6c 6f 62 61 6c 20 73 65 74 74 69 6e 67 20 66 6f 72 20 72 65 6c 61 74 65 64 20	.the.global.setting.for.related.
c8ce0	63 6f 6e 6e 65 63 74 69 6f 6e 73 2e 00 53 65 74 20 74 68 65 20 6c 69 73 74 65 6e 20 70 6f 72 74	connections..Set.the.listen.port
c8d00	20 6f 66 20 74 68 65 20 6c 6f 63 61 6c 20 41 50 49 2c 20 74 68 69 73 20 68 61 73 20 6e 6f 20 65	.of.the.local.API,.this.has.no.e
c8d20	66 66 65 63 74 20 6f 6e 20 74 68 65 20 77 65 62 73 65 72 76 65 72 2e 20 54 68 65 20 64 65 66 61	ffect.on.the.webserver..The.defa
c8d40	75 6c 74 20 69 73 20 70 6f 72 74 20 38 30 38 30 00 53 65 74 20 74 68 65 20 6d 61 78 69 6d 75 6d	ult.is.port.8080.Set.the.maximum
c8d60	20 68 6f 70 20 60 3c 63 6f 75 6e 74 3e 60 20 62 65 66 6f 72 65 20 70 61 63 6b 65 74 73 20 61 72	.hop.`<count>`.before.packets.ar
c8d80	65 20 64 69 73 63 61 72 64 65 64 2e 20 52 61 6e 67 65 20 30 2e 2e 2e 32 35 35 2c 20 64 65 66 61	e.discarded..Range.0...255,.defa
c8da0	75 6c 74 20 31 30 2e 00 53 65 74 20 74 68 65 20 6d 61 78 69 6d 75 6d 20 6c 65 6e 67 74 68 20 6f	ult.10..Set.the.maximum.length.o
c8dc0	66 20 41 2d 4d 50 44 55 20 70 72 65 2d 45 4f 46 20 70 61 64 64 69 6e 67 20 74 68 61 74 20 74 68	f.A-MPDU.pre-EOF.padding.that.th
c8de0	65 20 73 74 61 74 69 6f 6e 20 63 61 6e 20 72 65 63 65 69 76 65 00 53 65 74 20 74 68 65 20 6d 61	e.station.can.receive.Set.the.ma
c8e00	78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 54 43 50 20 68 61 6c 66 2d 6f 70 65 6e 20 63 6f	ximum.number.of.TCP.half-open.co
c8e20	6e 6e 65 63 74 69 6f 6e 73 2e 00 53 65 74 20 74 68 65 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 53	nnections..Set.the.name.of.the.S
c8e40	53 4c 20 3a 61 62 62 72 3a 60 43 41 20 28 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72	SL.:abbr:`CA.(Certificate.Author
c8e60	69 74 79 29 60 20 50 4b 49 20 65 6e 74 72 79 20 75 73 65 64 20 66 6f 72 20 61 75 74 68 65 6e 74	ity)`.PKI.entry.used.for.authent
c8e80	69 63 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 72 65 6d 6f 74 65 20 73 69 64 65 2e 20 49 66 20 61	ication.of.the.remote.side..If.a
c8ea0	6e 20 69 6e 74 65 72 6d 65 64 69 61 74 65 20 43 41 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73	n.intermediate.CA.certificate.is
c8ec0	20 73 70 65 63 69 66 69 65 64 2c 20 74 68 65 6e 20 61 6c 6c 20 70 61 72 65 6e 74 20 43 41 20 63	.specified,.then.all.parent.CA.c
c8ee0	65 72 74 69 66 69 63 61 74 65 73 20 74 68 61 74 20 65 78 69 73 74 20 69 6e 20 74 68 65 20 50 4b	ertificates.that.exist.in.the.PK
c8f00	49 2c 20 73 75 63 68 20 61 73 20 74 68 65 20 72 6f 6f 74 20 43 41 20 6f 72 20 61 64 64 69 74 69	I,.such.as.the.root.CA.or.additi
c8f20	6f 6e 61 6c 20 69 6e 74 65 72 6d 65 64 69 61 74 65 20 43 41 73 2c 20 77 69 6c 6c 20 61 75 74 6f	onal.intermediate.CAs,.will.auto
c8f40	6d 61 74 69 63 61 6c 6c 79 20 62 65 20 75 73 65 64 20 64 75 72 69 6e 67 20 63 65 72 74 69 66 69	matically.be.used.during.certifi
c8f60	63 61 74 65 20 76 61 6c 69 64 61 74 69 6f 6e 20 74 6f 20 65 6e 73 75 72 65 20 74 68 61 74 20 74	cate.validation.to.ensure.that.t
c8f80	68 65 20 66 75 6c 6c 20 63 68 61 69 6e 20 6f 66 20 74 72 75 73 74 20 69 73 20 61 76 61 69 6c 61	he.full.chain.of.trust.is.availa
c8fa0	62 6c 65 2e 00 53 65 74 20 74 68 65 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 78 35 30 39 20 63 6c	ble..Set.the.name.of.the.x509.cl
c8fc0	69 65 6e 74 20 6b 65 79 70 61 69 72 20 75 73 65 64 20 74 6f 20 61 75 74 68 65 6e 74 69 63 61 74	ient.keypair.used.to.authenticat
c8fe0	65 20 61 67 61 69 6e 73 74 20 74 68 65 20 38 30 32 2e 31 78 20 73 79 73 74 65 6d 2e 20 41 6c 6c	e.against.the.802.1x.system..All
c9000	20 70 61 72 65 6e 74 20 43 41 20 63 65 72 74 69 66 69 63 61 74 65 73 20 6f 66 20 74 68 65 20 63	.parent.CA.certificates.of.the.c
c9020	6c 69 65 6e 74 20 63 65 72 74 69 66 69 63 61 74 65 2c 20 73 75 63 68 20 61 73 20 69 6e 74 65 72	lient.certificate,.such.as.inter
c9040	6d 65 64 69 61 74 65 20 61 6e 64 20 72 6f 6f 74 20 43 41 73 2c 20 77 69 6c 6c 20 62 65 20 73 65	mediate.and.root.CAs,.will.be.se
c9060	6e 74 20 61 73 20 70 61 72 74 20 6f 66 20 74 68 65 20 45 41 50 2d 54 4c 53 20 68 61 6e 64 73 68	nt.as.part.of.the.EAP-TLS.handsh
c9080	61 6b 65 2e 00 53 65 74 20 74 68 65 20 6e 61 74 69 76 65 20 56 4c 41 4e 20 49 44 20 66 6c 61 67	ake..Set.the.native.VLAN.ID.flag
c90a0	20 6f 66 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 2e 20 57 68 65 6e 20 61 20 64 61 74 61 20 70	.of.the.interface..When.a.data.p
c90c0	61 63 6b 65 74 20 77 69 74 68 6f 75 74 20 61 20 56 4c 41 4e 20 74 61 67 20 65 6e 74 65 72 73 20	acket.without.a.VLAN.tag.enters.
c90e0	74 68 65 20 70 6f 72 74 2c 20 74 68 65 20 64 61 74 61 20 70 61 63 6b 65 74 20 77 69 6c 6c 20 62	the.port,.the.data.packet.will.b
c9100	65 20 66 6f 72 63 65 64 20 74 6f 20 61 64 64 20 61 20 74 61 67 20 6f 66 20 61 20 73 70 65 63 69	e.forced.to.add.a.tag.of.a.speci
c9120	66 69 63 20 76 6c 61 6e 20 69 64 2e 20 57 68 65 6e 20 74 68 65 20 76 6c 61 6e 20 69 64 20 66 6c	fic.vlan.id..When.the.vlan.id.fl
c9140	61 67 20 66 6c 6f 77 73 20 6f 75 74 2c 20 74 68 65 20 74 61 67 20 6f 66 20 74 68 65 20 76 6c 61	ag.flows.out,.the.tag.of.the.vla
c9160	6e 20 69 64 20 77 69 6c 6c 20 62 65 20 73 74 72 69 70 70 65 64 00 53 65 74 20 74 68 65 20 6e 65	n.id.will.be.stripped.Set.the.ne
c9180	78 74 2d 68 6f 70 20 61 73 20 75 6e 63 68 61 6e 67 65 64 2e 20 50 61 73 73 20 74 68 72 6f 75 67	xt-hop.as.unchanged..Pass.throug
c91a0	68 20 74 68 65 20 72 6f 75 74 65 2d 6d 61 70 20 77 69 74 68 6f 75 74 20 63 68 61 6e 67 69 6e 67	h.the.route-map.without.changing
c91c0	20 69 74 73 20 76 61 6c 75 65 00 53 65 74 20 74 68 65 20 6e 75 6d 62 65 72 20 6f 66 20 54 43 50	.its.value.Set.the.number.of.TCP
c91e0	20 6d 61 78 69 6d 75 6d 20 72 65 74 72 61 6e 73 6d 69 74 20 61 74 74 65 6d 70 74 73 2e 00 53 65	.maximum.retransmit.attempts..Se
c9200	74 20 74 68 65 20 6e 75 6d 62 65 72 20 6f 66 20 68 65 61 6c 74 68 20 63 68 65 63 6b 20 66 61 69	t.the.number.of.health.check.fai
c9220	6c 75 72 65 73 20 62 65 66 6f 72 65 20 61 6e 20 69 6e 74 65 72 66 61 63 65 20 69 73 20 6d 61 72	lures.before.an.interface.is.mar
c9240	6b 65 64 20 61 73 20 75 6e 61 76 61 69 6c 61 62 6c 65 2c 20 72 61 6e 67 65 20 66 6f 72 20 6e 75	ked.as.unavailable,.range.for.nu
c9260	6d 62 65 72 20 69 73 20 31 20 74 6f 20 31 30 2c 20 64 65 66 61 75 6c 74 20 31 2e 20 4f 72 20 73	mber.is.1.to.10,.default.1..Or.s
c9280	65 74 20 74 68 65 20 6e 75 6d 62 65 72 20 6f 66 20 73 75 63 63 65 73 73 66 75 6c 20 68 65 61 6c	et.the.number.of.successful.heal
c92a0	74 68 20 63 68 65 63 6b 73 20 62 65 66 6f 72 65 20 61 6e 20 69 6e 74 65 72 66 61 63 65 20 69 73	th.checks.before.an.interface.is
c92c0	20 61 64 64 65 64 20 62 61 63 6b 20 74 6f 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 70 6f 6f	.added.back.to.the.interface.poo
c92e0	6c 2c 20 72 61 6e 67 65 20 66 6f 72 20 6e 75 6d 62 65 72 20 69 73 20 31 20 74 6f 20 31 30 2c 20	l,.range.for.number.is.1.to.10,.
c9300	64 65 66 61 75 6c 74 20 31 2e 00 53 65 74 20 74 68 65 20 6f 70 74 69 6f 6e 73 20 66 6f 72 20 74	default.1..Set.the.options.for.t
c9320	68 69 73 20 70 75 62 6c 69 63 20 6b 65 79 2e 20 53 65 65 20 74 68 65 20 73 73 68 20 60 60 61 75	his.public.key..See.the.ssh.``au
c9340	74 68 6f 72 69 7a 65 64 5f 6b 65 79 73 60 60 20 6d 61 6e 20 70 61 67 65 20 66 6f 72 20 64 65 74	thorized_keys``.man.page.for.det
c9360	61 69 6c 73 20 6f 66 20 77 68 61 74 20 79 6f 75 20 63 61 6e 20 73 70 65 63 69 66 79 20 68 65 72	ails.of.what.you.can.specify.her
c9380	65 2e 20 54 6f 20 70 6c 61 63 65 20 61 20 60 60 22 60 60 20 63 68 61 72 61 63 74 65 72 20 69 6e	e..To.place.a.``"``.character.in
c93a0	20 74 68 65 20 6f 70 74 69 6f 6e 73 20 66 69 65 6c 64 2c 20 75 73 65 20 60 60 26 71 75 6f 74 3b	.the.options.field,.use.``&quot;
c93c0	60 60 2c 20 66 6f 72 20 65 78 61 6d 70 6c 65 20 60 60 66 72 6f 6d 3d 26 71 75 6f 74 3b 31 30 2e	``,.for.example.``from=&quot;10.
c93e0	30 2e 30 2e 30 2f 32 34 26 71 75 6f 74 3b 60 60 20 74 6f 20 72 65 73 74 72 69 63 74 20 77 68 65	0.0.0/24&quot;``.to.restrict.whe
c9400	72 65 20 74 68 65 20 75 73 65 72 20 6d 61 79 20 63 6f 6e 6e 65 63 74 20 66 72 6f 6d 20 77 68 65	re.the.user.may.connect.from.whe
c9420	6e 20 75 73 69 6e 67 20 74 68 69 73 20 6b 65 79 2e 00 53 65 74 20 74 68 65 20 70 61 72 69 74 79	n.using.this.key..Set.the.parity
c9440	20 6f 70 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 63 6f 6e 73 6f 6c 65 2e 20 49 66 20 75 6e 73 65	.option.for.the.console..If.unse
c9460	74 20 74 68 69 73 20 77 69 6c 6c 20 64 65 66 61 75 6c 74 20 74 6f 20 6e 6f 6e 65 2e 00 53 65 74	t.this.will.default.to.none..Set
c9480	20 74 68 65 20 70 65 65 72 27 73 20 4d 41 43 20 61 64 64 72 65 73 73 00 53 65 74 20 74 68 65 20	.the.peer's.MAC.address.Set.the.
c94a0	70 65 65 72 27 73 20 6b 65 79 20 75 73 65 64 20 74 6f 20 72 65 63 65 69 76 65 20 28 52 58 29 20	peer's.key.used.to.receive.(RX).
c94c0	74 72 61 66 66 69 63 00 53 65 74 20 74 68 65 20 70 65 65 72 2d 73 65 73 73 69 6f 6e 2d 69 64 2c	traffic.Set.the.peer-session-id,
c94e0	20 77 68 69 63 68 20 69 73 20 61 20 33 32 2d 62 69 74 20 69 6e 74 65 67 65 72 20 76 61 6c 75 65	.which.is.a.32-bit.integer.value
c9500	20 61 73 73 69 67 6e 65 64 20 74 6f 20 74 68 65 20 73 65 73 73 69 6f 6e 20 62 79 20 74 68 65 20	.assigned.to.the.session.by.the.
c9520	70 65 65 72 2e 20 54 68 65 20 76 61 6c 75 65 20 75 73 65 64 20 6d 75 73 74 20 6d 61 74 63 68 20	peer..The.value.used.must.match.
c9540	74 68 65 20 73 65 73 73 69 6f 6e 5f 69 64 20 76 61 6c 75 65 20 62 65 69 6e 67 20 75 73 65 64 20	the.session_id.value.being.used.
c9560	61 74 20 74 68 65 20 70 65 65 72 2e 00 53 65 74 20 74 68 65 20 72 65 73 74 61 72 74 20 62 65 68	at.the.peer..Set.the.restart.beh
c9580	61 76 69 6f 72 20 6f 66 20 74 68 65 20 63 6f 6e 74 61 69 6e 65 72 2e 00 53 65 74 20 74 68 65 20	avior.of.the.container..Set.the.
c95a0	72 6f 75 74 69 6e 67 20 74 61 62 6c 65 20 74 6f 20 66 6f 72 77 61 72 64 20 70 61 63 6b 65 74 20	routing.table.to.forward.packet.
c95c0	77 69 74 68 2e 00 53 65 74 20 74 68 65 20 73 65 73 73 69 6f 6e 20 69 64 2c 20 77 68 69 63 68 20	with..Set.the.session.id,.which.
c95e0	69 73 20 61 20 33 32 2d 62 69 74 20 69 6e 74 65 67 65 72 20 76 61 6c 75 65 2e 20 55 6e 69 71 75	is.a.32-bit.integer.value..Uniqu
c9600	65 6c 79 20 69 64 65 6e 74 69 66 69 65 73 20 74 68 65 20 73 65 73 73 69 6f 6e 20 62 65 69 6e 67	ely.identifies.the.session.being
c9620	20 63 72 65 61 74 65 64 2e 20 54 68 65 20 76 61 6c 75 65 20 75 73 65 64 20 6d 75 73 74 20 6d 61	.created..The.value.used.must.ma
c9640	74 63 68 20 74 68 65 20 70 65 65 72 5f 73 65 73 73 69 6f 6e 5f 69 64 20 76 61 6c 75 65 20 62 65	tch.the.peer_session_id.value.be
c9660	69 6e 67 20 75 73 65 64 20 61 74 20 74 68 65 20 70 65 65 72 2e 00 53 65 74 20 74 68 65 20 73 69	ing.used.at.the.peer..Set.the.si
c9680	7a 65 20 6f 66 20 74 68 65 20 68 61 73 68 20 74 61 62 6c 65 2e 20 54 68 65 20 63 6f 6e 6e 65 63	ze.of.the.hash.table..The.connec
c96a0	74 69 6f 6e 20 74 72 61 63 6b 69 6e 67 20 68 61 73 68 20 74 61 62 6c 65 20 6d 61 6b 65 73 20 73	tion.tracking.hash.table.makes.s
c96c0	65 61 72 63 68 69 6e 67 20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 74 72 61 63 6b 69 6e 67	earching.the.connection.tracking
c96e0	20 74 61 62 6c 65 20 66 61 73 74 65 72 2e 20 54 68 65 20 68 61 73 68 20 74 61 62 6c 65 20 75 73	.table.faster..The.hash.table.us
c9700	65 73 20 e2 80 9c 62 75 63 6b 65 74 73 e2 80 9d 20 74 6f 20 72 65 63 6f 72 64 20 65 6e 74 72 69	es....buckets....to.record.entri
c9720	65 73 20 69 6e 20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 74 72 61 63 6b 69 6e 67 20 74 61	es.in.the.connection.tracking.ta
c9740	62 6c 65 2e 00 53 65 74 20 74 68 65 20 73 6f 75 72 63 65 20 49 50 20 6f 66 20 66 6f 72 77 61 72	ble..Set.the.source.IP.of.forwar
c9760	64 65 64 20 70 61 63 6b 65 74 73 2c 20 6f 74 68 65 72 77 69 73 65 20 6f 72 69 67 69 6e 61 6c 20	ded.packets,.otherwise.original.
c9780	73 65 6e 64 65 72 73 20 61 64 64 72 65 73 73 20 69 73 20 75 73 65 64 2e 00 53 65 74 20 74 68 65	senders.address.is.used..Set.the
c97a0	20 74 69 6d 65 6f 75 74 20 69 6e 20 73 65 63 6f 75 6e 64 73 20 66 6f 72 20 61 20 70 72 6f 74 6f	.timeout.in.secounds.for.a.proto
c97c0	63 6f 6c 20 6f 72 20 73 74 61 74 65 20 69 6e 20 61 20 63 75 73 74 6f 6d 20 72 75 6c 65 2e 00 53	col.or.state.in.a.custom.rule..S
c97e0	65 74 20 74 68 65 20 74 69 6d 65 6f 75 74 20 69 6e 20 73 65 63 6f 75 6e 64 73 20 66 6f 72 20 61	et.the.timeout.in.secounds.for.a
c9800	20 70 72 6f 74 6f 63 6f 6c 20 6f 72 20 73 74 61 74 65 2e 00 53 65 74 20 74 68 65 20 74 75 6e 6e	.protocol.or.state..Set.the.tunn
c9820	65 6c 20 69 64 2c 20 77 68 69 63 68 20 69 73 20 61 20 33 32 2d 62 69 74 20 69 6e 74 65 67 65 72	el.id,.which.is.a.32-bit.integer
c9840	20 76 61 6c 75 65 2e 20 55 6e 69 71 75 65 6c 79 20 69 64 65 6e 74 69 66 69 65 73 20 74 68 65 20	.value..Uniquely.identifies.the.
c9860	74 75 6e 6e 65 6c 20 69 6e 74 6f 20 77 68 69 63 68 20 74 68 65 20 73 65 73 73 69 6f 6e 20 77 69	tunnel.into.which.the.session.wi
c9880	6c 6c 20 62 65 20 63 72 65 61 74 65 64 2e 00 53 65 74 20 77 69 6e 64 6f 77 20 6f 66 20 63 6f 6e	ll.be.created..Set.window.of.con
c98a0	63 75 72 72 65 6e 74 6c 79 20 76 61 6c 69 64 20 63 6f 64 65 73 2e 00 53 65 74 73 20 74 68 65 20	currently.valid.codes..Sets.the.
c98c0	69 6d 61 67 65 20 6e 61 6d 65 20 69 6e 20 74 68 65 20 68 75 62 20 72 65 67 69 73 74 72 79 00 53	image.name.in.the.hub.registry.S
c98e0	65 74 73 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 74 6f 20 6c 69 73 74 65 6e 20 66 6f 72 20	ets.the.interface.to.listen.for.
c9900	6d 75 6c 74 69 63 61 73 74 20 70 61 63 6b 65 74 73 20 6f 6e 2e 20 43 6f 75 6c 64 20 62 65 20 61	multicast.packets.on..Could.be.a
c9920	20 6c 6f 6f 70 62 61 63 6b 2c 20 6e 6f 74 20 79 65 74 20 74 65 73 74 65 64 2e 00 53 65 74 73 20	.loopback,.not.yet.tested..Sets.
c9940	74 68 65 20 6c 69 73 74 65 6e 69 6e 67 20 70 6f 72 74 20 66 6f 72 20 61 20 6c 69 73 74 65 6e 69	the.listening.port.for.a.listeni
c9960	6e 67 20 61 64 64 72 65 73 73 2e 20 54 68 69 73 20 6f 76 65 72 72 69 64 65 73 20 74 68 65 20 64	ng.address..This.overrides.the.d
c9980	65 66 61 75 6c 74 20 70 6f 72 74 20 6f 66 20 33 31 32 38 20 6f 6e 20 74 68 65 20 73 70 65 63 69	efault.port.of.3128.on.the.speci
c99a0	66 69 63 20 6c 69 73 74 65 6e 20 61 64 64 72 65 73 73 2e 00 53 65 74 73 20 74 68 65 20 75 6e 69	fic.listen.address..Sets.the.uni
c99c0	71 75 65 20 69 64 20 66 6f 72 20 74 68 69 73 20 76 78 6c 61 6e 2d 69 6e 74 65 72 66 61 63 65 2e	que.id.for.this.vxlan-interface.
c99e0	20 4e 6f 74 20 73 75 72 65 20 68 6f 77 20 69 74 20 63 6f 72 72 65 6c 61 74 65 73 20 77 69 74 68	.Not.sure.how.it.correlates.with
c9a00	20 6d 75 6c 74 69 63 61 73 74 2d 61 64 64 72 65 73 73 2e 00 53 65 74 74 69 6e 67 20 56 52 52 50	.multicast-address..Setting.VRRP
c9a20	20 67 72 6f 75 70 20 70 72 69 6f 72 69 74 79 00 53 65 74 74 69 6e 67 20 6e 61 6d 65 00 53 65 74	.group.priority.Setting.name.Set
c9a40	74 69 6e 67 20 74 68 69 73 20 75 70 20 6f 6e 20 41 57 53 20 77 69 6c 6c 20 72 65 71 75 69 72 65	ting.this.up.on.AWS.will.require
c9a60	20 61 20 22 43 75 73 74 6f 6d 20 50 72 6f 74 6f 63 6f 6c 20 52 75 6c 65 22 20 66 6f 72 20 70 72	.a."Custom.Protocol.Rule".for.pr
c9a80	6f 74 6f 63 6f 6c 20 6e 75 6d 62 65 72 20 22 34 37 22 20 28 47 52 45 29 20 41 6c 6c 6f 77 20 52	otocol.number."47".(GRE).Allow.R
c9aa0	75 6c 65 20 69 6e 20 54 57 4f 20 70 6c 61 63 65 73 2e 20 46 69 72 73 74 6c 79 20 6f 6e 20 74 68	ule.in.TWO.places..Firstly.on.th
c9ac0	65 20 56 50 43 20 4e 65 74 77 6f 72 6b 20 41 43 4c 2c 20 61 6e 64 20 73 65 63 6f 6e 64 6c 79 20	e.VPC.Network.ACL,.and.secondly.
c9ae0	6f 6e 20 74 68 65 20 73 65 63 75 72 69 74 79 20 67 72 6f 75 70 20 6e 65 74 77 6f 72 6b 20 41 43	on.the.security.group.network.AC
c9b00	4c 20 61 74 74 61 63 68 65 64 20 74 6f 20 74 68 65 20 45 43 32 20 69 6e 73 74 61 6e 63 65 2e 20	L.attached.to.the.EC2.instance..
c9b20	54 68 69 73 20 68 61 73 20 62 65 65 6e 20 74 65 73 74 65 64 20 61 73 20 77 6f 72 6b 69 6e 67 20	This.has.been.tested.as.working.
c9b40	66 6f 72 20 74 68 65 20 6f 66 66 69 63 69 61 6c 20 41 4d 49 20 69 6d 61 67 65 20 6f 6e 20 74 68	for.the.official.AMI.image.on.th
c9b60	65 20 41 57 53 20 4d 61 72 6b 65 74 70 6c 61 63 65 2e 20 28 4c 6f 63 61 74 65 20 74 68 65 20 63	e.AWS.Marketplace..(Locate.the.c
c9b80	6f 72 72 65 63 74 20 56 50 43 20 61 6e 64 20 73 65 63 75 72 69 74 79 20 67 72 6f 75 70 20 62 79	orrect.VPC.and.security.group.by
c9ba0	20 6e 61 76 69 67 61 74 69 6e 67 20 74 68 72 6f 75 67 68 20 74 68 65 20 64 65 74 61 69 6c 73 20	.navigating.through.the.details.
c9bc0	70 61 6e 65 20 62 65 6c 6f 77 20 79 6f 75 72 20 45 43 32 20 69 6e 73 74 61 6e 63 65 20 69 6e 20	pane.below.your.EC2.instance.in.
c9be0	74 68 65 20 41 57 53 20 63 6f 6e 73 6f 6c 65 29 2e 00 53 65 74 75 70 20 44 48 43 50 20 66 61 69	the.AWS.console)..Setup.DHCP.fai
c9c00	6c 6f 76 65 72 20 66 6f 72 20 6e 65 74 77 6f 72 6b 20 31 39 32 2e 30 2e 32 2e 30 2f 32 34 00 53	lover.for.network.192.0.2.0/24.S
c9c20	65 74 75 70 20 65 6e 63 72 79 70 74 65 64 20 70 61 73 73 77 6f 72 64 20 66 6f 72 20 67 69 76 65	etup.encrypted.password.for.give
c9c40	6e 20 75 73 65 72 6e 61 6d 65 2e 20 54 68 69 73 20 69 73 20 75 73 65 66 75 6c 20 66 6f 72 20 74	n.username..This.is.useful.for.t
c9c60	72 61 6e 73 66 65 72 72 69 6e 67 20 61 20 68 61 73 68 65 64 20 70 61 73 73 77 6f 72 64 20 66 72	ransferring.a.hashed.password.fr
c9c80	6f 6d 20 73 79 73 74 65 6d 20 74 6f 20 73 79 73 74 65 6d 2e 00 53 65 74 75 70 20 74 68 65 20 60	om.system.to.system..Setup.the.`
c9ca0	3c 74 69 6d 65 6f 75 74 3e 60 20 69 6e 20 73 65 63 6f 6e 64 73 20 77 68 65 6e 20 71 75 65 72 79	<timeout>`.in.seconds.when.query
c9cc0	69 6e 67 20 74 68 65 20 52 41 44 49 55 53 20 73 65 72 76 65 72 2e 00 53 65 74 75 70 20 74 68 65	ing.the.RADIUS.server..Setup.the
c9ce0	20 60 3c 74 69 6d 65 6f 75 74 3e 60 20 69 6e 20 73 65 63 6f 6e 64 73 20 77 68 65 6e 20 71 75 65	.`<timeout>`.in.seconds.when.que
c9d00	72 79 69 6e 67 20 74 68 65 20 54 41 43 41 43 53 20 73 65 72 76 65 72 2e 00 53 65 74 75 70 20 74	rying.the.TACACS.server..Setup.t
c9d20	68 65 20 64 79 6e 61 6d 69 63 20 44 4e 53 20 68 6f 73 74 6e 61 6d 65 20 60 3c 68 6f 73 74 6e 61	he.dynamic.DNS.hostname.`<hostna
c9d40	6d 65 3e 60 20 61 73 73 6f 63 69 61 74 65 64 20 77 69 74 68 20 74 68 65 20 44 79 6e 44 4e 53 20	me>`.associated.with.the.DynDNS.
c9d60	70 72 6f 76 69 64 65 72 20 69 64 65 6e 74 69 66 69 65 64 20 62 79 20 60 3c 73 65 72 76 69 63 65	provider.identified.by.`<service
c9d80	3e 60 20 77 68 65 6e 20 74 68 65 20 49 50 20 61 64 64 72 65 73 73 20 6f 6e 20 69 6e 74 65 72 66	>`.when.the.IP.address.on.interf
c9da0	61 63 65 20 60 3c 69 6e 74 65 72 66 61 63 65 3e 60 20 63 68 61 6e 67 65 73 2e 00 53 65 76 65 72	ace.`<interface>`.changes..Sever
c9dc0	61 6c 20 63 6f 6d 6d 61 6e 64 73 20 75 74 69 6c 69 7a 65 20 63 55 52 4c 20 74 6f 20 69 6e 69 74	al.commands.utilize.cURL.to.init
c9de0	69 61 74 65 20 74 72 61 6e 73 66 65 72 73 2e 20 43 6f 6e 66 69 67 75 72 65 20 74 68 65 20 6c 6f	iate.transfers..Configure.the.lo
c9e00	63 61 6c 20 73 6f 75 72 63 65 20 49 50 76 34 2f 49 50 76 36 20 61 64 64 72 65 73 73 20 75 73 65	cal.source.IPv4/IPv6.address.use
c9e20	64 20 66 6f 72 20 61 6c 6c 20 63 55 52 4c 20 6f 70 65 72 61 74 69 6f 6e 73 2e 00 53 65 76 65 72	d.for.all.cURL.operations..Sever
c9e40	61 6c 20 63 6f 6d 6d 61 6e 64 73 20 75 74 69 6c 69 7a 65 20 63 75 72 6c 20 74 6f 20 69 6e 69 74	al.commands.utilize.curl.to.init
c9e60	69 61 74 65 20 74 72 61 6e 73 66 65 72 73 2e 20 43 6f 6e 66 69 67 75 72 65 20 74 68 65 20 6c 6f	iate.transfers..Configure.the.lo
c9e80	63 61 6c 20 73 6f 75 72 63 65 20 69 6e 74 65 72 66 61 63 65 20 75 73 65 64 20 66 6f 72 20 61 6c	cal.source.interface.used.for.al
c9ea0	6c 20 43 55 52 4c 20 6f 70 65 72 61 74 69 6f 6e 73 2e 00 53 65 76 65 72 69 74 79 00 53 65 76 65	l.CURL.operations..Severity.Seve
c9ec0	72 69 74 79 20 4c 65 76 65 6c 00 53 68 61 70 65 72 00 53 68 6f 72 74 20 47 49 20 63 61 70 61 62	rity.Level.Shaper.Short.GI.capab
c9ee0	69 6c 69 74 69 65 73 00 53 68 6f 72 74 20 47 49 20 63 61 70 61 62 69 6c 69 74 69 65 73 20 66 6f	ilities.Short.GI.capabilities.fo
c9f00	72 20 32 30 20 61 6e 64 20 34 30 20 4d 48 7a 00 53 68 6f 72 74 20 62 75 72 73 74 73 20 63 61 6e	r.20.and.40.MHz.Short.bursts.can
c9f20	20 62 65 20 61 6c 6c 6f 77 65 64 20 74 6f 20 65 78 63 65 65 64 20 74 68 65 20 6c 69 6d 69 74 2e	.be.allowed.to.exceed.the.limit.
c9f40	20 4f 6e 20 63 72 65 61 74 69 6f 6e 2c 20 74 68 65 20 52 61 74 65 2d 43 6f 6e 74 72 6f 6c 20 74	.On.creation,.the.Rate-Control.t
c9f60	72 61 66 66 69 63 20 69 73 20 73 74 6f 63 6b 65 64 20 77 69 74 68 20 74 6f 6b 65 6e 73 20 77 68	raffic.is.stocked.with.tokens.wh
c9f80	69 63 68 20 63 6f 72 72 65 73 70 6f 6e 64 20 74 6f 20 74 68 65 20 61 6d 6f 75 6e 74 20 6f 66 20	ich.correspond.to.the.amount.of.
c9fa0	74 72 61 66 66 69 63 20 74 68 61 74 20 63 61 6e 20 62 65 20 62 75 72 73 74 20 69 6e 20 6f 6e 65	traffic.that.can.be.burst.in.one
c9fc0	20 67 6f 2e 20 54 6f 6b 65 6e 73 20 61 72 72 69 76 65 20 61 74 20 61 20 73 74 65 61 64 79 20 72	.go..Tokens.arrive.at.a.steady.r
c9fe0	61 74 65 2c 20 75 6e 74 69 6c 20 74 68 65 20 62 75 63 6b 65 74 20 69 73 20 66 75 6c 6c 2e 00 53	ate,.until.the.bucket.is.full..S
ca000	68 6f 72 74 63 75 74 20 73 79 6e 74 61 78 20 66 6f 72 20 73 70 65 63 69 66 79 69 6e 67 20 61 75	hortcut.syntax.for.specifying.au
ca020	74 6f 6d 61 74 69 63 20 6c 65 61 6b 69 6e 67 20 66 72 6f 6d 20 76 72 66 20 56 52 46 4e 41 4d 45	tomatic.leaking.from.vrf.VRFNAME
ca040	20 74 6f 20 74 68 65 20 63 75 72 72 65 6e 74 20 56 52 46 20 75 73 69 6e 67 20 74 68 65 20 56 50	.to.the.current.VRF.using.the.VP
ca060	4e 20 52 49 42 20 61 73 20 69 6e 74 65 72 6d 65 64 69 61 72 79 2e 20 54 68 65 20 52 44 20 61 6e	N.RIB.as.intermediary..The.RD.an
ca080	64 20 52 54 20 61 72 65 20 61 75 74 6f 20 64 65 72 69 76 65 64 20 61 6e 64 20 73 68 6f 75 6c 64	d.RT.are.auto.derived.and.should
ca0a0	20 6e 6f 74 20 62 65 20 73 70 65 63 69 66 69 65 64 20 65 78 70 6c 69 63 69 74 6c 79 20 66 6f 72	.not.be.specified.explicitly.for
ca0c0	20 65 69 74 68 65 72 20 74 68 65 20 73 6f 75 72 63 65 20 6f 72 20 64 65 73 74 69 6e 61 74 69 6f	.either.the.source.or.destinatio
ca0e0	6e 20 56 52 46 e2 80 99 73 2e 00 53 68 6f 77 00 53 68 6f 77 20 44 48 43 50 20 73 65 72 76 65 72	n.VRF...s..Show.Show.DHCP.server
ca100	20 64 61 65 6d 6f 6e 20 6c 6f 67 20 66 69 6c 65 00 53 68 6f 77 20 44 48 43 50 76 36 20 73 65 72	.daemon.log.file.Show.DHCPv6.ser
ca120	76 65 72 20 64 61 65 6d 6f 6e 20 6c 6f 67 20 66 69 6c 65 00 53 68 6f 77 20 46 69 72 65 77 61 6c	ver.daemon.log.file.Show.Firewal
ca140	6c 20 6c 6f 67 00 53 68 6f 77 20 4c 4c 44 50 20 6e 65 69 67 68 62 6f 72 73 20 63 6f 6e 6e 65 63	l.log.Show.LLDP.neighbors.connec
ca160	74 65 64 20 76 69 61 20 69 6e 74 65 72 66 61 63 65 20 60 3c 69 6e 74 65 72 66 61 63 65 3e 60 2e	ted.via.interface.`<interface>`.
ca180	00 53 68 6f 77 20 57 41 4e 20 6c 6f 61 64 20 62 61 6c 61 6e 63 65 72 20 69 6e 66 6f 72 6d 61 74	.Show.WAN.load.balancer.informat
ca1a0	69 6f 6e 20 69 6e 63 6c 75 64 69 6e 67 20 74 65 73 74 20 74 79 70 65 73 20 61 6e 64 20 74 61 72	ion.including.test.types.and.tar
ca1c0	67 65 74 73 2e 20 41 20 63 68 61 72 61 63 74 65 72 20 61 74 20 74 68 65 20 73 74 61 72 74 20 6f	gets..A.character.at.the.start.o
ca1e0	66 20 65 61 63 68 20 6c 69 6e 65 20 64 65 70 69 63 74 73 20 74 68 65 20 73 74 61 74 65 20 6f 66	f.each.line.depicts.the.state.of
ca200	20 74 68 65 20 74 65 73 74 00 53 68 6f 77 20 57 57 41 4e 20 6d 6f 64 75 6c 65 20 49 4d 45 49 2e	.the.test.Show.WWAN.module.IMEI.
ca220	00 53 68 6f 77 20 57 57 41 4e 20 6d 6f 64 75 6c 65 20 49 4d 53 49 2e 00 53 68 6f 77 20 57 57 41	.Show.WWAN.module.IMSI..Show.WWA
ca240	4e 20 6d 6f 64 75 6c 65 20 4d 53 49 53 44 4e 2e 00 53 68 6f 77 20 57 57 41 4e 20 6d 6f 64 75 6c	N.module.MSISDN..Show.WWAN.modul
ca260	65 20 53 49 4d 20 63 61 72 64 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 00 53 68 6f 77 20 57 57 41	e.SIM.card.information..Show.WWA
ca280	4e 20 6d 6f 64 75 6c 65 20 66 69 72 6d 77 61 72 65 2e 00 53 68 6f 77 20 57 57 41 4e 20 6d 6f 64	N.module.firmware..Show.WWAN.mod
ca2a0	75 6c 65 20 68 61 72 64 77 61 72 65 20 63 61 70 61 62 69 6c 69 74 69 65 73 2e 00 53 68 6f 77 20	ule.hardware.capabilities..Show.
ca2c0	57 57 41 4e 20 6d 6f 64 75 6c 65 20 68 61 72 64 77 61 72 65 20 72 65 76 69 73 69 6f 6e 2e 00 53	WWAN.module.hardware.revision..S
ca2e0	68 6f 77 20 57 57 41 4e 20 6d 6f 64 75 6c 65 20 6d 6f 64 65 6c 2e 00 53 68 6f 77 20 57 57 41 4e	how.WWAN.module.model..Show.WWAN
ca300	20 6d 6f 64 75 6c 65 20 73 69 67 6e 61 6c 20 73 74 72 65 6e 67 74 68 2e 00 53 68 6f 77 20 61 20	.module.signal.strength..Show.a.
ca320	6c 69 73 74 20 61 76 61 69 6c 61 62 6c 65 20 63 6f 6e 74 61 69 6e 65 72 20 6e 65 74 77 6f 72 6b	list.available.container.network
ca340	73 00 53 68 6f 77 20 61 20 6c 69 73 74 20 6f 66 20 69 6e 73 74 61 6c 6c 65 64 20 3a 61 62 62 72	s.Show.a.list.of.installed.:abbr
ca360	3a 60 43 41 20 28 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 29 60 20 63 65	:`CA.(Certificate.Authority)`.ce
ca380	72 74 69 66 69 63 61 74 65 73 2e 00 53 68 6f 77 20 61 20 6c 69 73 74 20 6f 66 20 69 6e 73 74 61	rtificates..Show.a.list.of.insta
ca3a0	6c 6c 65 64 20 3a 61 62 62 72 3a 60 43 52 4c 73 20 28 43 65 72 74 69 66 69 63 61 74 65 20 52 65	lled.:abbr:`CRLs.(Certificate.Re
ca3c0	76 6f 63 61 74 69 6f 6e 20 4c 69 73 74 29 60 2e 00 53 68 6f 77 20 61 20 6c 69 73 74 20 6f 66 20	vocation.List)`..Show.a.list.of.
ca3e0	69 6e 73 74 61 6c 6c 65 64 20 63 65 72 74 69 66 69 63 61 74 65 73 00 53 68 6f 77 20 61 6c 6c 20	installed.certificates.Show.all.
ca400	42 46 44 20 70 65 65 72 73 00 53 68 6f 77 20 61 76 61 69 6c 61 62 6c 65 20 6f 66 66 6c 6f 61 64	BFD.peers.Show.available.offload
ca420	69 6e 67 20 66 75 6e 63 74 69 6f 6e 73 20 6f 6e 20 67 69 76 65 6e 20 60 3c 69 6e 74 65 72 66 61	ing.functions.on.given.`<interfa
ca440	63 65 3e 60 00 53 68 6f 77 20 62 69 6e 64 65 64 20 71 61 74 20 64 65 76 69 63 65 20 69 6e 74 65	ce>`.Show.binded.qat.device.inte
ca460	72 72 75 70 74 73 20 74 6f 20 63 65 72 74 61 69 6e 20 63 6f 72 65 2e 00 53 68 6f 77 20 62 72 69	rrupts.to.certain.core..Show.bri
ca480	64 67 65 20 60 3c 6e 61 6d 65 3e 60 20 66 64 62 20 64 69 73 70 6c 61 79 73 20 74 68 65 20 63 75	dge.`<name>`.fdb.displays.the.cu
ca4a0	72 72 65 6e 74 20 66 6f 72 77 61 72 64 69 6e 67 20 74 61 62 6c 65 3a 00 53 68 6f 77 20 62 72 69	rrent.forwarding.table:.Show.bri
ca4c0	64 67 65 20 60 3c 6e 61 6d 65 3e 60 20 6d 64 62 20 64 69 73 70 6c 61 79 73 20 74 68 65 20 63 75	dge.`<name>`.mdb.displays.the.cu
ca4e0	72 72 65 6e 74 20 6d 75 6c 74 69 63 61 73 74 20 67 72 6f 75 70 20 6d 65 6d 62 65 72 73 68 69 70	rrent.multicast.group.membership
ca500	20 74 61 62 6c 65 2e 54 68 65 20 74 61 62 6c 65 20 69 73 20 70 6f 70 75 6c 61 74 65 64 20 62 79	.table.The.table.is.populated.by
ca520	20 49 47 4d 50 20 61 6e 64 20 4d 4c 44 20 73 6e 6f 6f 70 69 6e 67 20 69 6e 20 74 68 65 20 62 72	.IGMP.and.MLD.snooping.in.the.br
ca540	69 64 67 65 20 64 72 69 76 65 72 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 2e 00 53 68 6f 77 20	idge.driver.automatically..Show.
ca560	62 72 69 65 66 20 69 6e 74 65 72 66 61 63 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 00 53 68 6f	brief.interface.information..Sho
ca580	77 20 63 6f 6d 6d 61 6e 64 73 00 53 68 6f 77 20 63 6f 6e 66 69 67 75 72 65 64 20 73 65 72 69 61	w.commands.Show.configured.seria
ca5a0	6c 20 70 6f 72 74 73 20 61 6e 64 20 74 68 65 69 72 20 72 65 73 70 65 63 74 69 76 65 20 69 6e 74	l.ports.and.their.respective.int
ca5c0	65 72 66 61 63 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2e 00 53 68 6f 77 20 63 6f 6e 6e 65	erface.configuration..Show.conne
ca5e0	63 74 69 6f 6e 20 64 61 74 61 20 6f 66 20 6c 6f 61 64 20 62 61 6c 61 6e 63 65 64 20 74 72 61 66	ction.data.of.load.balanced.traf
ca600	66 69 63 3a 00 53 68 6f 77 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 73 79 6e 63 69 6e 67 20 65 78 74	fic:.Show.connection.syncing.ext
ca620	65 72 6e 61 6c 20 63 61 63 68 65 20 65 6e 74 72 69 65 73 00 53 68 6f 77 20 63 6f 6e 6e 65 63 74	ernal.cache.entries.Show.connect
ca640	69 6f 6e 20 73 79 6e 63 69 6e 67 20 69 6e 74 65 72 6e 61 6c 20 63 61 63 68 65 20 65 6e 74 72 69	ion.syncing.internal.cache.entri
ca660	65 73 00 53 68 6f 77 20 63 75 72 72 65 6e 74 6c 79 20 63 6f 6e 6e 65 63 74 65 64 20 75 73 65 72	es.Show.currently.connected.user
ca680	73 2e 00 53 68 6f 77 20 64 65 74 61 69 6c 65 64 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f	s..Show.detailed.information.abo
ca6a0	75 74 20 61 6c 6c 20 6c 65 61 72 6e 65 64 20 53 65 67 6d 65 6e 74 20 52 6f 75 74 69 6e 67 20 4e	ut.all.learned.Segment.Routing.N
ca6c0	6f 64 65 73 00 53 68 6f 77 20 64 65 74 61 69 6c 65 64 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61	odes.Show.detailed.information.a
ca6e0	62 6f 75 74 20 70 72 65 66 69 78 2d 73 69 64 20 61 6e 64 20 6c 61 62 65 6c 20 6c 65 61 72 6e 65	bout.prefix-sid.and.label.learne
ca700	64 00 53 68 6f 77 20 64 65 74 61 69 6c 65 64 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75	d.Show.detailed.information.abou
ca720	74 20 74 68 65 20 75 6e 64 65 72 6c 61 79 69 6e 67 20 70 68 79 73 69 63 61 6c 20 6c 69 6e 6b 73	t.the.underlaying.physical.links
ca740	20 6f 6e 20 67 69 76 65 6e 20 62 6f 6e 64 20 60 3c 69 6e 74 65 72 66 61 63 65 3e 60 2e 00 53 68	.on.given.bond.`<interface>`..Sh
ca760	6f 77 20 64 65 74 61 69 6c 65 64 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 6f 6e 20 67 69 76 65 6e	ow.detailed.information.on.given
ca780	20 60 3c 69 6e 74 65 72 66 61 63 65 3e 60 00 53 68 6f 77 20 64 65 74 61 69 6c 65 64 20 69 6e 66	.`<interface>`.Show.detailed.inf
ca7a0	6f 72 6d 61 74 69 6f 6e 20 6f 6e 20 74 68 65 20 67 69 76 65 6e 20 6c 6f 6f 70 62 61 63 6b 20 69	ormation.on.the.given.loopback.i
ca7c0	6e 74 65 72 66 61 63 65 20 60 6c 6f 60 2e 00 53 68 6f 77 20 64 65 74 61 69 6c 65 64 20 69 6e 66	nterface.`lo`..Show.detailed.inf
ca7e0	6f 72 6d 61 74 69 6f 6e 20 73 75 6d 6d 61 72 79 20 6f 6e 20 67 69 76 65 6e 20 60 3c 69 6e 74 65	ormation.summary.on.given.`<inte
ca800	72 66 61 63 65 3e 60 00 53 68 6f 77 20 66 6c 6f 77 20 61 63 63 6f 75 6e 74 69 6e 67 20 69 6e 66	rface>`.Show.flow.accounting.inf
ca820	6f 72 6d 61 74 69 6f 6e 20 66 6f 72 20 67 69 76 65 6e 20 60 3c 69 6e 74 65 72 66 61 63 65 3e 60	ormation.for.given.`<interface>`
ca840	20 66 6f 72 20 61 20 73 70 65 63 69 66 69 63 20 68 6f 73 74 20 6f 6e 6c 79 2e 00 53 68 6f 77 20	.for.a.specific.host.only..Show.
ca860	66 6c 6f 77 20 61 63 63 6f 75 6e 74 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 66 6f 72 20	flow.accounting.information.for.
ca880	67 69 76 65 6e 20 60 3c 69 6e 74 65 72 66 61 63 65 3e 60 2e 00 53 68 6f 77 20 67 65 6e 65 72 61	given.`<interface>`..Show.genera
ca8a0	6c 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 73 70 65 63 69 66 69 63 20 57 69 72	l.information.about.specific.Wir
ca8c0	65 47 75 61 72 64 20 69 6e 74 65 72 66 61 63 65 00 53 68 6f 77 20 69 6e 66 6f 20 61 62 6f 75 74	eGuard.interface.Show.info.about
ca8e0	20 74 68 65 20 57 69 72 65 67 75 61 72 64 20 73 65 72 76 69 63 65 2e 20 49 74 20 61 6c 73 6f 20	.the.Wireguard.service..It.also.
ca900	73 68 6f 77 73 20 74 68 65 20 6c 61 74 65 73 74 20 68 61 6e 64 73 68 61 6b 65 2e 00 53 68 6f 77	shows.the.latest.handshake..Show
ca920	20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 70 68 79 73 69 63 61 6c 20 60 3c 69 6e	.information.about.physical.`<in
ca940	74 65 72 66 61 63 65 3e 60 00 53 68 6f 77 20 6c 6f 67 73 20 66 72 6f 6d 20 61 20 67 69 76 65 6e	terface>`.Show.logs.from.a.given
ca960	20 63 6f 6e 74 61 69 6e 65 72 00 53 68 6f 77 20 6c 6f 67 73 20 66 72 6f 6d 20 61 6c 6c 20 44 48	.container.Show.logs.from.all.DH
ca980	43 50 20 63 6c 69 65 6e 74 20 70 72 6f 63 65 73 73 65 73 2e 00 53 68 6f 77 20 6c 6f 67 73 20 66	CP.client.processes..Show.logs.f
ca9a0	72 6f 6d 20 61 6c 6c 20 44 48 43 50 76 36 20 63 6c 69 65 6e 74 20 70 72 6f 63 65 73 73 65 73 2e	rom.all.DHCPv6.client.processes.
ca9c0	00 53 68 6f 77 20 6c 6f 67 73 20 66 72 6f 6d 20 73 70 65 63 69 66 69 63 20 60 69 6e 74 65 72 66	.Show.logs.from.specific.`interf
ca9e0	61 63 65 60 20 44 48 43 50 20 63 6c 69 65 6e 74 20 70 72 6f 63 65 73 73 2e 00 53 68 6f 77 20 6c	ace`.DHCP.client.process..Show.l
caa00	6f 67 73 20 66 72 6f 6d 20 73 70 65 63 69 66 69 63 20 60 69 6e 74 65 72 66 61 63 65 60 20 44 48	ogs.from.specific.`interface`.DH
caa20	43 50 76 36 20 63 6c 69 65 6e 74 20 70 72 6f 63 65 73 73 2e 00 53 68 6f 77 20 6f 6e 6c 79 20 69	CPv6.client.process..Show.only.i
caa40	6e 66 6f 72 6d 61 74 69 6f 6e 20 66 6f 72 20 73 70 65 63 69 66 69 65 64 20 43 65 72 74 69 66 69	nformation.for.specified.Certifi
caa60	63 61 74 65 20 41 75 74 68 6f 72 69 74 79 2e 00 53 68 6f 77 20 6f 6e 6c 79 20 69 6e 66 6f 72 6d	cate.Authority..Show.only.inform
caa80	61 74 69 6f 6e 20 66 6f 72 20 73 70 65 63 69 66 69 65 64 20 63 65 72 74 69 66 69 63 61 74 65 2e	ation.for.specified.certificate.
caaa0	00 53 68 6f 77 20 6f 6e 6c 79 20 6c 65 61 73 65 73 20 69 6e 20 74 68 65 20 73 70 65 63 69 66 69	.Show.only.leases.in.the.specifi
caac0	65 64 20 70 6f 6f 6c 2e 00 53 68 6f 77 20 6f 6e 6c 79 20 6c 65 61 73 65 73 20 77 69 74 68 20 74	ed.pool..Show.only.leases.with.t
caae0	68 65 20 73 70 65 63 69 66 69 65 64 20 73 74 61 74 65 2e 20 50 6f 73 73 69 62 6c 65 20 73 74 61	he.specified.state..Possible.sta
cab00	74 65 73 3a 20 61 62 61 6e 64 6f 6e 65 64 2c 20 61 63 74 69 76 65 2c 20 61 6c 6c 2c 20 62 61 63	tes:.abandoned,.active,.all,.bac
cab20	6b 75 70 2c 20 65 78 70 69 72 65 64 2c 20 66 72 65 65 2c 20 72 65 6c 65 61 73 65 64 2c 20 72 65	kup,.expired,.free,.released,.re
cab40	73 65 74 20 28 64 65 66 61 75 6c 74 20 3d 20 61 63 74 69 76 65 29 00 53 68 6f 77 20 6f 6e 6c 79	set.(default.=.active).Show.only
cab60	20 6c 65 61 73 65 73 20 77 69 74 68 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 73 74 61 74 65	.leases.with.the.specified.state
cab80	2e 20 50 6f 73 73 69 62 6c 65 20 73 74 61 74 65 73 3a 20 61 6c 6c 2c 20 61 63 74 69 76 65 2c 20	..Possible.states:.all,.active,.
caba0	66 72 65 65 2c 20 65 78 70 69 72 65 64 2c 20 72 65 6c 65 61 73 65 64 2c 20 61 62 61 6e 64 6f 6e	free,.expired,.released,.abandon
cabc0	65 64 2c 20 72 65 73 65 74 2c 20 62 61 63 6b 75 70 20 28 64 65 66 61 75 6c 74 20 3d 20 61 63 74	ed,.reset,.backup.(default.=.act
cabe0	69 76 65 29 00 53 68 6f 77 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 20 65 6e 74 72 79 20 66 6f	ive).Show.routing.table.entry.fo
cac00	72 20 74 68 65 20 64 65 66 61 75 6c 74 20 72 6f 75 74 65 2e 00 53 68 6f 77 20 73 70 65 63 69 66	r.the.default.route..Show.specif
cac20	69 63 20 4d 41 43 73 65 63 20 69 6e 74 65 72 66 61 63 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 00	ic.MACsec.interface.information.
cac40	53 68 6f 77 20 73 74 61 74 75 73 20 6f 66 20 6e 65 77 20 73 65 74 75 70 3a 00 53 68 6f 77 20 73	Show.status.of.new.setup:.Show.s
cac60	74 61 74 75 73 65 73 20 6f 66 20 61 6c 6c 20 61 63 74 69 76 65 20 6c 65 61 73 65 73 3a 00 53 68	tatuses.of.all.active.leases:.Sh
cac80	6f 77 20 74 68 65 20 44 48 43 50 20 73 65 72 76 65 72 20 73 74 61 74 69 73 74 69 63 73 20 66 6f	ow.the.DHCP.server.statistics.fo
caca0	72 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 70 6f 6f 6c 2e 00 53 68 6f 77 20 74 68 65 20 44	r.the.specified.pool..Show.the.D
cacc0	48 43 50 20 73 65 72 76 65 72 20 73 74 61 74 69 73 74 69 63 73 3a 00 53 68 6f 77 20 74 68 65 20	HCP.server.statistics:.Show.the.
cace0	63 6f 6e 73 6f 6c 65 20 73 65 72 76 65 72 20 6c 6f 67 2e 00 53 68 6f 77 20 74 68 65 20 66 75 6c	console.server.log..Show.the.ful
cad00	6c 20 63 6f 6e 66 69 67 20 75 70 6c 6f 61 64 65 64 20 74 6f 20 74 68 65 20 51 41 54 20 64 65 76	l.config.uploaded.to.the.QAT.dev
cad20	69 63 65 2e 00 53 68 6f 77 20 74 68 65 20 6c 69 73 74 20 6f 66 20 61 6c 6c 20 61 63 74 69 76 65	ice..Show.the.list.of.all.active
cad40	20 63 6f 6e 74 61 69 6e 65 72 73 2e 00 53 68 6f 77 20 74 68 65 20 6c 6f 63 61 6c 20 63 6f 6e 74	.containers..Show.the.local.cont
cad60	61 69 6e 65 72 20 69 6d 61 67 65 73 2e 00 53 68 6f 77 20 74 68 65 20 6c 6f 67 73 20 6f 66 20 61	ainer.images..Show.the.logs.of.a
cad80	20 73 70 65 63 69 66 69 63 20 52 75 6c 65 2d 53 65 74 2e 00 53 68 6f 77 20 74 68 65 20 72 6f 75	.specific.Rule-Set..Show.the.rou
cada0	74 65 00 53 68 6f 77 20 74 72 61 6e 73 63 65 69 76 65 72 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20	te.Show.transceiver.information.
cadc0	66 72 6f 6d 20 70 6c 75 67 69 6e 20 6d 6f 64 75 6c 65 73 2c 20 65 2e 67 20 53 46 50 2b 2c 20 51	from.plugin.modules,.e.g.SFP+,.Q
cade0	53 46 50 00 53 68 6f 77 69 6e 67 20 42 46 44 20 6d 6f 6e 69 74 6f 72 65 64 20 73 74 61 74 69 63	SFP.Showing.BFD.monitored.static
cae00	20 72 6f 75 74 65 73 00 53 68 6f 77 73 20 73 74 61 74 75 73 20 6f 66 20 61 6c 6c 20 61 73 73 69	.routes.Shows.status.of.all.assi
cae20	67 6e 65 64 20 6c 65 61 73 65 73 3a 00 53 69 64 65 20 41 3a 00 53 69 64 65 20 42 3a 00 53 69 65	gned.leases:.Side.A:.Side.B:.Sie
cae40	72 72 61 20 57 69 72 65 6c 65 73 73 20 41 69 72 50 72 69 6d 65 20 4d 43 37 33 30 34 20 6d 69 6e	rra.Wireless.AirPrime.MC7304.min
cae60	69 50 43 49 65 20 63 61 72 64 20 28 4c 54 45 29 00 53 69 65 72 72 61 20 57 69 72 65 6c 65 73 73	iPCIe.card.(LTE).Sierra.Wireless
cae80	20 41 69 72 50 72 69 6d 65 20 4d 43 37 34 33 30 20 6d 69 6e 69 50 43 49 65 20 63 61 72 64 20 28	.AirPrime.MC7430.miniPCIe.card.(
caea0	4c 54 45 29 00 53 69 65 72 72 61 20 57 69 72 65 6c 65 73 73 20 41 69 72 50 72 69 6d 65 20 4d 43	LTE).Sierra.Wireless.AirPrime.MC
caec0	37 34 35 35 20 6d 69 6e 69 50 43 49 65 20 63 61 72 64 20 28 4c 54 45 29 00 53 69 65 72 72 61 20	7455.miniPCIe.card.(LTE).Sierra.
caee0	57 69 72 65 6c 65 73 73 20 41 69 72 50 72 69 6d 65 20 4d 43 37 37 31 30 20 6d 69 6e 69 50 43 49	Wireless.AirPrime.MC7710.miniPCI
caf00	65 20 63 61 72 64 20 28 4c 54 45 29 00 53 69 6d 69 6c 61 72 20 63 6f 6d 62 69 6e 61 74 69 6f 6e	e.card.(LTE).Similar.combination
caf20	73 20 61 72 65 20 61 70 70 6c 69 63 61 62 6c 65 20 66 6f 72 20 74 68 65 20 64 65 61 64 2d 70 65	s.are.applicable.for.the.dead-pe
caf40	65 72 2d 64 65 74 65 63 74 69 6f 6e 2e 00 53 69 6d 70 6c 65 20 42 61 62 65 6c 20 63 6f 6e 66 69	er-detection..Simple.Babel.confi
caf60	67 75 72 61 74 69 6f 6e 20 75 73 69 6e 67 20 32 20 6e 6f 64 65 73 20 61 6e 64 20 72 65 64 69 73	guration.using.2.nodes.and.redis
caf80	74 72 69 62 75 74 69 6e 67 20 63 6f 6e 6e 65 63 74 65 64 20 69 6e 74 65 72 66 61 63 65 73 2e 00	tributing.connected.interfaces..
cafa0	53 69 6d 70 6c 65 20 52 49 50 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 75 73 69 6e 67 20 32	Simple.RIP.configuration.using.2
cafc0	20 6e 6f 64 65 73 20 61 6e 64 20 72 65 64 69 73 74 72 69 62 75 74 69 6e 67 20 63 6f 6e 6e 65 63	.nodes.and.redistributing.connec
cafe0	74 65 64 20 69 6e 74 65 72 66 61 63 65 73 2e 00 53 69 6d 70 6c 65 20 73 65 74 75 70 20 77 69 74	ted.interfaces..Simple.setup.wit
cb000	68 20 6f 6e 65 20 75 73 65 72 20 61 64 64 65 64 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 75	h.one.user.added.and.password.au
cb020	74 68 65 6e 74 69 63 61 74 69 6f 6e 3a 00 53 69 6d 70 6c 65 20 74 65 78 74 20 70 61 73 73 77 6f	thentication:.Simple.text.passwo
cb040	72 64 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 69 73 20 69 6e 73 65 63 75 72 65 20 61 6e	rd.authentication.is.insecure.an
cb060	64 20 64 65 70 72 65 63 61 74 65 64 20 69 6e 20 66 61 76 6f 75 72 20 6f 66 20 4d 44 35 20 48 4d	d.deprecated.in.favour.of.MD5.HM
cb080	41 43 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 2e 00 53 69 6e 63 65 20 62 6f 74 68 20 72 6f	AC.authentication..Since.both.ro
cb0a0	75 74 65 72 73 20 64 6f 20 6e 6f 74 20 6b 6e 6f 77 20 74 68 65 69 72 20 65 66 66 65 63 74 69 76	uters.do.not.know.their.effectiv
cb0c0	65 20 70 75 62 6c 69 63 20 61 64 64 72 65 73 73 65 73 2c 20 77 65 20 73 65 74 20 74 68 65 20 6c	e.public.addresses,.we.set.the.l
cb0e0	6f 63 61 6c 2d 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 70 65 65 72 20 74 6f 20 22 61 6e 79	ocal-address.of.the.peer.to."any
cb100	22 2e 00 53 69 6e 63 65 20 69 74 27 73 20 61 20 48 51 20 61 6e 64 20 62 72 61 6e 63 68 20 6f 66	"..Since.it's.a.HQ.and.branch.of
cb120	66 69 63 65 73 20 73 65 74 75 70 2c 20 77 65 20 77 69 6c 6c 20 77 61 6e 74 20 61 6c 6c 20 63 6c	fices.setup,.we.will.want.all.cl
cb140	69 65 6e 74 73 20 74 6f 20 68 61 76 65 20 66 69 78 65 64 20 61 64 64 72 65 73 73 65 73 20 61 6e	ients.to.have.fixed.addresses.an
cb160	64 20 77 65 20 77 69 6c 6c 20 72 6f 75 74 65 20 74 72 61 66 66 69 63 20 74 6f 20 73 70 65 63 69	d.we.will.route.traffic.to.speci
cb180	66 69 63 20 73 75 62 6e 65 74 73 20 74 68 72 6f 75 67 68 20 74 68 65 6d 2e 20 57 65 20 6e 65 65	fic.subnets.through.them..We.nee
cb1a0	64 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 66 6f 72 20 65 61 63 68 20 63 6c 69 65 6e 74 20	d.configuration.for.each.client.
cb1c0	74 6f 20 61 63 68 69 65 76 65 20 74 68 69 73 2e 00 53 69 6e 63 65 20 74 68 65 20 52 41 44 49 55	to.achieve.this..Since.the.RADIU
cb1e0	53 20 73 65 72 76 65 72 20 77 6f 75 6c 64 20 62 65 20 61 20 73 69 6e 67 6c 65 20 70 6f 69 6e 74	S.server.would.be.a.single.point
cb200	20 6f 66 20 66 61 69 6c 75 72 65 2c 20 6d 75 6c 74 69 70 6c 65 20 52 41 44 49 55 53 20 73 65 72	.of.failure,.multiple.RADIUS.ser
cb220	76 65 72 73 20 63 61 6e 20 62 65 20 73 65 74 75 70 20 61 6e 64 20 77 69 6c 6c 20 62 65 20 75 73	vers.can.be.setup.and.will.be.us
cb240	65 64 20 73 75 62 73 65 71 75 65 6e 74 69 61 6c 6c 79 2e 00 53 69 6e 63 65 20 74 68 65 20 6d 44	ed.subsequentially..Since.the.mD
cb260	4e 53 20 70 72 6f 74 6f 63 6f 6c 20 73 65 6e 64 73 20 74 68 65 20 41 41 20 72 65 63 6f 72 64 73	NS.protocol.sends.the.AA.records
cb280	20 69 6e 20 74 68 65 20 70 61 63 6b 65 74 20 69 74 73 65 6c 66 2c 20 74 68 65 20 72 65 70 65 61	.in.the.packet.itself,.the.repea
cb2a0	74 65 72 20 64 6f 65 73 20 6e 6f 74 20 6e 65 65 64 20 74 6f 20 66 6f 72 67 65 20 74 68 65 20 73	ter.does.not.need.to.forge.the.s
cb2c0	6f 75 72 63 65 20 61 64 64 72 65 73 73 2e 20 49 6e 73 74 65 61 64 2c 20 74 68 65 20 73 6f 75 72	ource.address..Instead,.the.sour
cb2e0	63 65 20 61 64 64 72 65 73 73 20 69 73 20 6f 66 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 74	ce.address.is.of.the.interface.t
cb300	68 61 74 20 72 65 70 65 61 74 73 20 74 68 65 20 70 61 63 6b 65 74 2e 00 53 69 6e 67 6c 65 20 56	hat.repeats.the.packet..Single.V
cb320	58 4c 41 4e 20 64 65 76 69 63 65 20 28 53 56 44 29 00 53 69 74 65 20 74 6f 20 53 69 74 65 20 56	XLAN.device.(SVD).Site.to.Site.V
cb340	50 4e 00 53 69 74 65 2d 74 6f 2d 53 69 74 65 00 53 69 74 65 2d 74 6f 2d 73 69 74 65 20 6d 6f 64	PN.Site-to-Site.Site-to-site.mod
cb360	65 20 70 72 6f 76 69 64 65 73 20 61 20 77 61 79 20 74 6f 20 61 64 64 20 72 65 6d 6f 74 65 20 70	e.provides.a.way.to.add.remote.p
cb380	65 65 72 73 2c 20 77 68 69 63 68 20 63 6f 75 6c 64 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20	eers,.which.could.be.configured.
cb3a0	74 6f 20 65 78 63 68 61 6e 67 65 20 65 6e 63 72 79 70 74 65 64 20 69 6e 66 6f 72 6d 61 74 69 6f	to.exchange.encrypted.informatio
cb3c0	6e 20 62 65 74 77 65 65 6e 20 74 68 65 6d 20 61 6e 64 20 56 79 4f 53 20 69 74 73 65 6c 66 20 6f	n.between.them.and.VyOS.itself.o
cb3e0	72 20 63 6f 6e 6e 65 63 74 65 64 2f 72 6f 75 74 65 64 20 6e 65 74 77 6f 72 6b 73 2e 00 53 69 74	r.connected/routed.networks..Sit
cb400	65 2d 74 6f 2d 73 69 74 65 20 6d 6f 64 65 20 73 75 70 70 6f 72 74 73 20 78 2e 35 30 39 20 62 75	e-to-site.mode.supports.x.509.bu
cb420	74 20 64 6f 65 73 6e 27 74 20 72 65 71 75 69 72 65 20 69 74 20 61 6e 64 20 63 61 6e 20 61 6c 73	t.doesn't.require.it.and.can.als
cb440	6f 20 77 6f 72 6b 20 77 69 74 68 20 73 74 61 74 69 63 20 6b 65 79 73 2c 20 77 68 69 63 68 20 69	o.work.with.static.keys,.which.i
cb460	73 20 73 69 6d 70 6c 65 72 20 69 6e 20 6d 61 6e 79 20 63 61 73 65 73 2e 20 49 6e 20 74 68 69 73	s.simpler.in.many.cases..In.this
cb480	20 65 78 61 6d 70 6c 65 2c 20 77 65 27 6c 6c 20 63 6f 6e 66 69 67 75 72 65 20 61 20 73 69 6d 70	.example,.we'll.configure.a.simp
cb4a0	6c 65 20 73 69 74 65 2d 74 6f 2d 73 69 74 65 20 4f 70 65 6e 56 50 4e 20 74 75 6e 6e 65 6c 20 75	le.site-to-site.OpenVPN.tunnel.u
cb4c0	73 69 6e 67 20 61 20 32 30 34 38 2d 62 69 74 20 70 72 65 2d 73 68 61 72 65 64 20 6b 65 79 2e 00	sing.a.2048-bit.pre-shared.key..
cb4e0	53 6c 61 76 65 20 73 65 6c 65 63 74 69 6f 6e 20 66 6f 72 20 6f 75 74 67 6f 69 6e 67 20 74 72 61	Slave.selection.for.outgoing.tra
cb500	66 66 69 63 20 69 73 20 64 6f 6e 65 20 61 63 63 6f 72 64 69 6e 67 20 74 6f 20 74 68 65 20 74 72	ffic.is.done.according.to.the.tr
cb520	61 6e 73 6d 69 74 20 68 61 73 68 20 70 6f 6c 69 63 79 2c 20 77 68 69 63 68 20 6d 61 79 20 62 65	ansmit.hash.policy,.which.may.be
cb540	20 63 68 61 6e 67 65 64 20 66 72 6f 6d 20 74 68 65 20 64 65 66 61 75 6c 74 20 73 69 6d 70 6c 65	.changed.from.the.default.simple
cb560	20 58 4f 52 20 70 6f 6c 69 63 79 20 76 69 61 20 74 68 65 20 3a 63 66 67 63 6d 64 3a 60 68 61 73	.XOR.policy.via.the.:cfgcmd:`has
cb580	68 2d 70 6f 6c 69 63 79 60 20 6f 70 74 69 6f 6e 2c 20 64 6f 63 75 6d 65 6e 74 65 64 20 62 65 6c	h-policy`.option,.documented.bel
cb5a0	6f 77 2e 00 53 6f 20 69 6e 20 6f 75 72 20 66 69 72 65 77 61 6c 6c 20 70 6f 6c 69 63 79 2c 20 77	ow..So.in.our.firewall.policy,.w
cb5c0	65 20 77 61 6e 74 20 74 6f 20 61 6c 6c 6f 77 20 74 72 61 66 66 69 63 20 63 6f 6d 69 6e 67 20 69	e.want.to.allow.traffic.coming.i
cb5e0	6e 20 6f 6e 20 74 68 65 20 6f 75 74 73 69 64 65 20 69 6e 74 65 72 66 61 63 65 2c 20 64 65 73 74	n.on.the.outside.interface,.dest
cb600	69 6e 65 64 20 66 6f 72 20 54 43 50 20 70 6f 72 74 20 38 30 20 61 6e 64 20 74 68 65 20 49 50 20	ined.for.TCP.port.80.and.the.IP.
cb620	61 64 64 72 65 73 73 20 6f 66 20 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 2e 00 53 6f 6c 61 72 57	address.of.192.168.0.100..SolarW
cb640	69 6e 64 73 00 53 6f 6d 65 20 49 53 50 73 20 62 79 20 64 65 66 61 75 6c 74 20 6f 6e 6c 79 20 64	inds.Some.ISPs.by.default.only.d
cb660	65 6c 65 67 61 74 65 20 61 20 2f 36 34 20 70 72 65 66 69 78 2e 20 54 6f 20 72 65 71 75 65 73 74	elegate.a./64.prefix..To.request
cb680	20 66 6f 72 20 61 20 73 70 65 63 69 66 69 63 20 70 72 65 66 69 78 20 73 69 7a 65 20 75 73 65 20	.for.a.specific.prefix.size.use.
cb6a0	74 68 69 73 20 6f 70 74 69 6f 6e 20 74 6f 20 72 65 71 75 65 73 74 20 66 6f 72 20 61 20 62 69 67	this.option.to.request.for.a.big
cb6c0	67 65 72 20 64 65 6c 65 67 61 74 69 6f 6e 20 66 6f 72 20 74 68 69 73 20 70 64 20 60 3c 69 64 3e	ger.delegation.for.this.pd.`<id>
cb6e0	60 2e 20 54 68 69 73 20 76 61 6c 75 65 20 69 73 20 69 6e 20 74 68 65 20 72 61 6e 67 65 20 66 72	`..This.value.is.in.the.range.fr
cb700	6f 6d 20 33 32 20 2d 20 36 34 20 73 6f 20 79 6f 75 20 63 6f 75 6c 64 20 72 65 71 75 65 73 74 20	om.32.-.64.so.you.could.request.
cb720	75 70 20 74 6f 20 61 20 2f 33 32 20 70 72 65 66 69 78 20 28 69 66 20 79 6f 75 72 20 49 53 50 20	up.to.a./32.prefix.(if.your.ISP.
cb740	61 6c 6c 6f 77 73 20 74 68 69 73 29 20 64 6f 77 6e 20 74 6f 20 61 20 2f 36 34 20 64 65 6c 65 67	allows.this).down.to.a./64.deleg
cb760	61 74 69 6f 6e 2e 00 53 6f 6d 65 20 49 54 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 73 20 72 65 71 75	ation..Some.IT.environments.requ
cb780	69 72 65 20 74 68 65 20 75 73 65 20 6f 66 20 61 20 70 72 6f 78 79 20 74 6f 20 63 6f 6e 6e 65 63	ire.the.use.of.a.proxy.to.connec
cb7a0	74 20 74 6f 20 74 68 65 20 49 6e 74 65 72 6e 65 74 2e 20 57 69 74 68 6f 75 74 20 74 68 69 73 20	t.to.the.Internet..Without.this.
cb7c0	63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 56 79 4f 53 20 75 70 64 61 74 65 73 20 63 6f 75 6c 64	configuration.VyOS.updates.could
cb7e0	20 6e 6f 74 20 62 65 20 69 6e 73 74 61 6c 6c 65 64 20 64 69 72 65 63 74 6c 79 20 62 79 20 75 73	.not.be.installed.directly.by.us
cb800	69 6e 67 20 74 68 65 20 3a 6f 70 63 6d 64 3a 60 61 64 64 20 73 79 73 74 65 6d 20 69 6d 61 67 65	ing.the.:opcmd:`add.system.image
cb820	60 20 63 6f 6d 6d 61 6e 64 20 28 3a 72 65 66 3a 60 75 70 64 61 74 65 5f 76 79 6f 73 60 29 2e 00	`.command.(:ref:`update_vyos`)..
cb840	53 6f 6d 65 20 52 41 44 49 55 53 5f 20 73 65 76 65 72 73 20 75 73 65 20 61 6e 20 61 63 63 65 73	Some.RADIUS_.severs.use.an.acces
cb860	73 20 63 6f 6e 74 72 6f 6c 20 6c 69 73 74 20 77 68 69 63 68 20 61 6c 6c 6f 77 73 20 6f 72 20 64	s.control.list.which.allows.or.d
cb880	65 6e 69 65 73 20 71 75 65 72 69 65 73 2c 20 6d 61 6b 65 20 73 75 72 65 20 74 6f 20 61 64 64 20	enies.queries,.make.sure.to.add.
cb8a0	79 6f 75 72 20 56 79 4f 53 20 72 6f 75 74 65 72 20 74 6f 20 74 68 65 20 61 6c 6c 6f 77 65 64 20	your.VyOS.router.to.the.allowed.
cb8c0	63 6c 69 65 6e 74 20 6c 69 73 74 2e 00 53 6f 6d 65 20 61 70 70 6c 69 63 61 74 69 6f 6e 20 73 65	client.list..Some.application.se
cb8e0	72 76 69 63 65 20 70 72 6f 76 69 64 65 72 73 20 28 41 53 50 73 29 20 6f 70 65 72 61 74 65 20 61	rvice.providers.(ASPs).operate.a
cb900	20 56 50 4e 20 67 61 74 65 77 61 79 20 74 6f 20 70 72 6f 76 69 64 65 20 61 63 63 65 73 73 20 74	.VPN.gateway.to.provide.access.t
cb920	6f 20 74 68 65 69 72 20 69 6e 74 65 72 6e 61 6c 20 72 65 73 6f 75 72 63 65 73 2c 20 61 6e 64 20	o.their.internal.resources,.and.
cb940	72 65 71 75 69 72 65 20 74 68 61 74 20 61 20 63 6f 6e 6e 65 63 74 69 6e 67 20 6f 72 67 61 6e 69	require.that.a.connecting.organi
cb960	73 61 74 69 6f 6e 20 74 72 61 6e 73 6c 61 74 65 20 61 6c 6c 20 74 72 61 66 66 69 63 20 74 6f 20	sation.translate.all.traffic.to.
cb980	74 68 65 20 73 65 72 76 69 63 65 20 70 72 6f 76 69 64 65 72 20 6e 65 74 77 6f 72 6b 20 74 6f 20	the.service.provider.network.to.
cb9a0	61 20 73 6f 75 72 63 65 20 61 64 64 72 65 73 73 20 70 72 6f 76 69 64 65 64 20 62 79 20 74 68 65	a.source.address.provided.by.the
cb9c0	20 41 53 50 2e 00 53 6f 6d 65 20 66 69 72 65 77 61 6c 6c 20 73 65 74 74 69 6e 67 73 20 61 72 65	.ASP..Some.firewall.settings.are
cb9e0	20 67 6c 6f 62 61 6c 20 61 6e 64 20 68 61 76 65 20 61 6e 20 61 66 66 65 63 74 20 6f 6e 20 74 68	.global.and.have.an.affect.on.th
cba00	65 20 77 68 6f 6c 65 20 73 79 73 74 65 6d 2e 00 53 6f 6d 65 20 70 6f 6c 69 63 69 65 73 20 61 6c	e.whole.system..Some.policies.al
cba20	72 65 61 64 79 20 69 6e 63 6c 75 64 65 20 6f 74 68 65 72 20 65 6d 62 65 64 64 65 64 20 70 6f 6c	ready.include.other.embedded.pol
cba40	69 63 69 65 73 20 69 6e 73 69 64 65 2e 20 54 68 61 74 20 69 73 20 74 68 65 20 63 61 73 65 20 6f	icies.inside..That.is.the.case.o
cba60	66 20 53 68 61 70 65 72 5f 3a 20 65 61 63 68 20 6f 66 20 69 74 73 20 63 6c 61 73 73 65 73 20 75	f.Shaper_:.each.of.its.classes.u
cba80	73 65 20 66 61 69 72 2d 71 75 65 75 65 20 75 6e 6c 65 73 73 20 79 6f 75 20 63 68 61 6e 67 65 20	se.fair-queue.unless.you.change.
cbaa0	69 74 2e 00 53 6f 6d 65 20 70 6f 6c 69 63 69 65 73 20 63 61 6e 20 62 65 20 63 6f 6d 62 69 6e 65	it..Some.policies.can.be.combine
cbac0	64 2c 20 79 6f 75 20 77 69 6c 6c 20 62 65 20 61 62 6c 65 20 74 6f 20 65 6d 62 65 64 5f 20 61 20	d,.you.will.be.able.to.embed_.a.
cbae0	64 69 66 66 65 72 65 6e 74 20 70 6f 6c 69 63 79 20 74 68 61 74 20 77 69 6c 6c 20 62 65 20 61 70	different.policy.that.will.be.ap
cbb00	70 6c 69 65 64 20 74 6f 20 61 20 63 6c 61 73 73 20 6f 66 20 74 68 65 20 6d 61 69 6e 20 70 6f 6c	plied.to.a.class.of.the.main.pol
cbb20	69 63 79 2e 00 53 6f 6d 65 20 70 72 6f 78 79 73 20 72 65 71 75 69 72 65 2f 73 75 70 70 6f 72 74	icy..Some.proxys.require/support
cbb40	20 74 68 65 20 22 62 61 73 69 63 22 20 48 54 54 50 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e	.the."basic".HTTP.authentication
cbb60	20 73 63 68 65 6d 65 20 61 73 20 70 65 72 20 3a 72 66 63 3a 60 37 36 31 37 60 2c 20 74 68 75 73	.scheme.as.per.:rfc:`7617`,.thus
cbb80	20 61 20 70 61 73 73 77 6f 72 64 20 63 61 6e 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 2e 00 53	.a.password.can.be.configured..S
cbba0	6f 6d 65 20 70 72 6f 78 79 73 20 72 65 71 75 69 72 65 2f 73 75 70 70 6f 72 74 20 74 68 65 20 22	ome.proxys.require/support.the."
cbbc0	62 61 73 69 63 22 20 48 54 54 50 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 73 63 68 65 6d	basic".HTTP.authentication.schem
cbbe0	65 20 61 73 20 70 65 72 20 3a 72 66 63 3a 60 37 36 31 37 60 2c 20 74 68 75 73 20 61 20 75 73 65	e.as.per.:rfc:`7617`,.thus.a.use
cbc00	72 6e 61 6d 65 20 63 61 6e 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 2e 00 53 6f 6d 65 20 72 65	rname.can.be.configured..Some.re
cbc20	63 65 6e 74 20 49 53 50 73 20 72 65 71 75 69 72 65 20 79 6f 75 20 74 6f 20 62 75 69 6c 64 20 74	cent.ISPs.require.you.to.build.t
cbc40	68 65 20 50 50 50 6f 45 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 74 68 72 6f 75 67 68 20 61 20 56 4c	he.PPPoE.connection.through.a.VL
cbc60	41 4e 20 69 6e 74 65 72 66 61 63 65 2e 20 4f 6e 65 20 6f 66 20 74 68 6f 73 65 20 49 53 50 73 20	AN.interface..One.of.those.ISPs.
cbc80	69 73 20 65 2e 67 2e 20 44 65 75 74 73 63 68 65 20 54 65 6c 65 6b 6f 6d 20 69 6e 20 47 65 72 6d	is.e.g..Deutsche.Telekom.in.Germ
cbca0	61 6e 79 2e 20 56 79 4f 53 20 63 61 6e 20 65 61 73 69 6c 79 20 63 72 65 61 74 65 20 61 20 50 50	any..VyOS.can.easily.create.a.PP
cbcc0	50 6f 45 20 73 65 73 73 69 6f 6e 20 74 68 72 6f 75 67 68 20 61 6e 20 65 6e 63 61 70 73 75 6c 61	PoE.session.through.an.encapsula
cbce0	74 65 64 20 56 4c 41 4e 20 69 6e 74 65 72 66 61 63 65 2e 20 54 68 65 20 66 6f 6c 6c 6f 77 69 6e	ted.VLAN.interface..The.followin
cbd00	67 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 77 69 6c 6c 20 72 75 6e 20 79 6f 75 72 20 50 50	g.configuration.will.run.your.PP
cbd20	50 6f 45 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 74 68 72 6f 75 67 68 20 56 4c 41 4e 37 20 77 68 69	PoE.connection.through.VLAN7.whi
cbd40	63 68 20 69 73 20 74 68 65 20 64 65 66 61 75 6c 74 20 56 4c 41 4e 20 66 6f 72 20 44 65 75 74 73	ch.is.the.default.VLAN.for.Deuts
cbd60	63 68 65 20 54 65 6c 65 6b 6f 6d 3a 00 53 6f 6d 65 20 73 65 72 76 69 63 65 73 20 64 6f 6e 27 74	che.Telekom:.Some.services.don't
cbd80	20 77 6f 72 6b 20 63 6f 72 72 65 63 74 6c 79 20 77 68 65 6e 20 62 65 69 6e 67 20 68 61 6e 64 6c	.work.correctly.when.being.handl
cbda0	65 64 20 76 69 61 20 61 20 77 65 62 20 70 72 6f 78 79 2e 20 53 6f 20 73 6f 6d 65 74 69 6d 65 73	ed.via.a.web.proxy..So.sometimes
cbdc0	20 69 74 20 69 73 20 75 73 65 66 75 6c 20 74 6f 20 62 79 70 61 73 73 20 61 20 74 72 61 6e 73 70	.it.is.useful.to.bypass.a.transp
cbde0	61 72 65 6e 74 20 70 72 6f 78 79 3a 00 53 6f 6d 65 20 75 73 65 72 73 20 74 65 6e 64 20 74 6f 20	arent.proxy:.Some.users.tend.to.
cbe00	63 6f 6e 6e 65 63 74 20 74 68 65 69 72 20 6d 6f 62 69 6c 65 20 64 65 76 69 63 65 73 20 75 73 69	connect.their.mobile.devices.usi
cbe20	6e 67 20 57 69 72 65 47 75 61 72 64 20 74 6f 20 74 68 65 69 72 20 56 79 4f 53 20 72 6f 75 74 65	ng.WireGuard.to.their.VyOS.route
cbe40	72 2e 20 54 6f 20 65 61 73 65 20 64 65 70 6c 6f 79 6d 65 6e 74 20 6f 6e 65 20 63 61 6e 20 67 65	r..To.ease.deployment.one.can.ge
cbe60	6e 65 72 61 74 65 20 61 20 22 70 65 72 20 6d 6f 62 69 6c 65 22 20 63 6f 6e 66 69 67 75 72 61 74	nerate.a."per.mobile".configurat
cbe80	69 6f 6e 20 66 72 6f 6d 20 74 68 65 20 56 79 4f 53 20 43 4c 49 2e 00 53 6f 6d 65 74 69 6d 65 73	ion.from.the.VyOS.CLI..Sometimes
cbea0	20 6f 70 74 69 6f 6e 20 6c 69 6e 65 73 20 69 6e 20 74 68 65 20 67 65 6e 65 72 61 74 65 64 20 4f	.option.lines.in.the.generated.O
cbec0	70 65 6e 56 50 4e 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 72 65 71 75 69 72 65 20 71 75 6f	penVPN.configuration.require.quo
cbee0	74 65 73 2e 20 54 68 69 73 20 69 73 20 64 6f 6e 65 20 74 68 72 6f 75 67 68 20 61 20 68 61 63 6b	tes..This.is.done.through.a.hack
cbf00	20 6f 6e 20 6f 75 72 20 63 6f 6e 66 69 67 20 67 65 6e 65 72 61 74 6f 72 2e 20 59 6f 75 20 63 61	.on.our.config.generator..You.ca
cbf20	6e 20 70 61 73 73 20 71 75 6f 74 65 73 20 75 73 69 6e 67 20 74 68 65 20 60 60 26 71 75 6f 74 3b	n.pass.quotes.using.the.``&quot;
cbf40	60 60 20 73 74 61 74 65 6d 65 6e 74 2e 00 53 6f 72 74 20 74 68 65 20 6f 75 74 70 75 74 20 62 79	``.statement..Sort.the.output.by
cbf60	20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 2e 20 50 6f 73 73 69 62 6c 65 20 6b 65 79	.the.specified.key..Possible.key
cbf80	73 3a 20 65 78 70 69 72 65 73 2c 20 69 61 69 64 5f 64 75 69 64 2c 20 69 70 2c 20 6c 61 73 74 5f	s:.expires,.iaid_duid,.ip,.last_
cbfa0	63 6f 6d 6d 2c 20 70 6f 6f 6c 2c 20 72 65 6d 61 69 6e 69 6e 67 2c 20 73 74 61 74 65 2c 20 74 79	comm,.pool,.remaining,.state,.ty
cbfc0	70 65 20 28 64 65 66 61 75 6c 74 20 3d 20 69 70 29 00 53 6f 72 74 20 74 68 65 20 6f 75 74 70 75	pe.(default.=.ip).Sort.the.outpu
cbfe0	74 20 62 79 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 2e 20 50 6f 73 73 69 62 6c 65	t.by.the.specified.key..Possible
cc000	20 6b 65 79 73 3a 20 69 70 2c 20 68 61 72 64 77 61 72 65 5f 61 64 64 72 65 73 73 2c 20 73 74 61	.keys:.ip,.hardware_address,.sta
cc020	74 65 2c 20 73 74 61 72 74 2c 20 65 6e 64 2c 20 72 65 6d 61 69 6e 69 6e 67 2c 20 70 6f 6f 6c 2c	te,.start,.end,.remaining,.pool,
cc040	20 68 6f 73 74 6e 61 6d 65 20 28 64 65 66 61 75 6c 74 20 3d 20 69 70 29 00 53 6f 75 72 63 65 20	.hostname.(default.=.ip).Source.
cc060	41 64 64 72 65 73 73 00 53 6f 75 72 63 65 20 49 50 20 61 64 64 72 65 73 73 20 75 73 65 64 20 66	Address.Source.IP.address.used.f
cc080	6f 72 20 56 58 4c 41 4e 20 75 6e 64 65 72 6c 61 79 2e 20 54 68 69 73 20 69 73 20 6d 61 6e 64 61	or.VXLAN.underlay..This.is.manda
cc0a0	74 6f 72 79 20 77 68 65 6e 20 75 73 69 6e 67 20 56 58 4c 41 4e 20 76 69 61 20 4c 32 56 50 4e 2f	tory.when.using.VXLAN.via.L2VPN/
cc0c0	45 56 50 4e 2e 00 53 6f 75 72 63 65 20 49 50 76 34 20 61 64 64 72 65 73 73 20 75 73 65 64 20 69	EVPN..Source.IPv4.address.used.i
cc0e0	6e 20 61 6c 6c 20 52 41 44 49 55 53 20 73 65 72 76 65 72 20 71 75 65 69 72 65 73 2e 00 53 6f 75	n.all.RADIUS.server.queires..Sou
cc100	72 63 65 20 4e 41 54 20 72 75 6c 65 73 00 53 6f 75 72 63 65 20 50 72 65 66 69 78 00 53 6f 75 72	rce.NAT.rules.Source.Prefix.Sour
cc120	63 65 20 61 6c 6c 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 74 6f 20 74 68 65 20 52 41 44 49 55 53	ce.all.connections.to.the.RADIUS
cc140	20 73 65 72 76 65 72 73 20 66 72 6f 6d 20 67 69 76 65 6e 20 56 52 46 20 60 3c 6e 61 6d 65 3e 60	.servers.from.given.VRF.`<name>`
cc160	2e 00 53 6f 75 72 63 65 20 61 6c 6c 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 74 6f 20 74 68 65 20	..Source.all.connections.to.the.
cc180	54 41 43 41 43 53 20 73 65 72 76 65 72 73 20 66 72 6f 6d 20 67 69 76 65 6e 20 56 52 46 20 60 3c	TACACS.servers.from.given.VRF.`<
cc1a0	6e 61 6d 65 3e 60 2e 00 53 6f 75 72 63 65 20 70 72 6f 74 6f 63 6f 6c 20 74 6f 20 6d 61 74 63 68	name>`..Source.protocol.to.match
cc1c0	2e 00 53 6f 75 72 63 65 20 74 75 6e 6e 65 6c 20 66 72 6f 6d 20 6c 6f 6f 70 62 61 63 6b 73 00 53	..Source.tunnel.from.loopbacks.S
cc1e0	70 61 6e 6e 69 6e 67 20 54 72 65 65 20 50 72 6f 74 6f 63 6f 6c 20 66 6f 72 77 61 72 64 69 6e 67	panning.Tree.Protocol.forwarding
cc200	20 60 3c 64 65 6c 61 79 3e 60 20 69 6e 20 73 65 63 6f 6e 64 73 20 28 64 65 66 61 75 6c 74 3a 20	.`<delay>`.in.seconds.(default:.
cc220	31 35 29 2e 00 53 70 61 6e 6e 69 6e 67 20 54 72 65 65 20 50 72 6f 74 6f 63 6f 6c 20 68 65 6c 6c	15)..Spanning.Tree.Protocol.hell
cc240	6f 20 61 64 76 65 72 74 69 73 65 6d 65 6e 74 20 60 3c 69 6e 74 65 72 76 61 6c 3e 60 20 69 6e 20	o.advertisement.`<interval>`.in.
cc260	73 65 63 6f 6e 64 73 20 28 64 65 66 61 75 6c 74 3a 20 32 29 2e 00 53 70 61 6e 6e 69 6e 67 20 54	seconds.(default:.2)..Spanning.T
cc280	72 65 65 20 50 72 6f 74 6f 63 6f 6c 20 69 73 20 6e 6f 74 20 65 6e 61 62 6c 65 64 20 62 79 20 64	ree.Protocol.is.not.enabled.by.d
cc2a0	65 66 61 75 6c 74 20 69 6e 20 56 79 4f 53 2e 20 3a 72 65 66 3a 60 73 74 70 60 20 63 61 6e 20 62	efault.in.VyOS..:ref:`stp`.can.b
cc2c0	65 20 65 61 73 69 6c 79 20 65 6e 61 62 6c 65 64 20 69 66 20 6e 65 65 64 65 64 2e 00 53 70 61 74	e.easily.enabled.if.needed..Spat
cc2e0	69 61 6c 20 4d 75 6c 74 69 70 6c 65 78 69 6e 67 20 50 6f 77 65 72 20 53 61 76 65 20 28 53 4d 50	ial.Multiplexing.Power.Save.(SMP
cc300	53 29 20 73 65 74 74 69 6e 67 73 00 53 70 65 63 66 79 69 6e 67 20 6e 68 73 20 6d 61 6b 65 73 20	S).settings.Specfying.nhs.makes.
cc320	61 6c 6c 20 6d 75 6c 74 69 63 61 73 74 20 70 61 63 6b 65 74 73 20 74 6f 20 62 65 20 72 65 70 65	all.multicast.packets.to.be.repe
cc340	61 74 65 64 20 74 6f 20 65 61 63 68 20 73 74 61 74 69 63 61 6c 6c 79 20 63 6f 6e 66 69 67 75 72	ated.to.each.statically.configur
cc360	65 64 20 6e 65 78 74 20 68 6f 70 2e 00 53 70 65 63 69 66 69 65 73 20 3a 61 62 62 72 3a 60 4d 50	ed.next.hop..Specifies.:abbr:`MP
cc380	50 45 20 28 4d 69 63 72 6f 73 6f 66 74 20 50 6f 69 6e 74 2d 74 6f 2d 50 6f 69 6e 74 20 45 6e 63	PE.(Microsoft.Point-to-Point.Enc
cc3a0	72 79 70 74 69 6f 6e 29 60 20 6e 65 67 6f 74 69 6f 61 74 69 6f 6e 20 70 72 65 66 65 72 65 6e 63	ryption)`.negotioation.preferenc
cc3c0	65 2e 00 53 70 65 63 69 66 69 65 73 20 49 50 20 61 64 64 72 65 73 73 20 66 6f 72 20 44 79 6e 61	e..Specifies.IP.address.for.Dyna
cc3e0	6d 69 63 20 41 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 45 78 74 65 6e 73 69 6f 6e 20 73 65 72 76	mic.Authorization.Extension.serv
cc400	65 72 20 28 44 4d 2f 43 6f 41 29 00 53 70 65 63 69 66 69 65 73 20 61 6e 20 6f 70 74 69 6f 6e 61	er.(DM/CoA).Specifies.an.optiona
cc420	6c 20 72 6f 75 74 65 2d 6d 61 70 20 74 6f 20 62 65 20 61 70 70 6c 69 65 64 20 74 6f 20 72 6f 75	l.route-map.to.be.applied.to.rou
cc440	74 65 73 20 69 6d 70 6f 72 74 65 64 20 6f 72 20 65 78 70 6f 72 74 65 64 20 62 65 74 77 65 65 6e	tes.imported.or.exported.between
cc460	20 74 68 65 20 63 75 72 72 65 6e 74 20 75 6e 69 63 61 73 74 20 56 52 46 20 61 6e 64 20 56 50 4e	.the.current.unicast.VRF.and.VPN
cc480	2e 00 53 70 65 63 69 66 69 65 73 20 61 6e 20 75 70 73 74 72 65 61 6d 20 6e 65 74 77 6f 72 6b 20	..Specifies.an.upstream.network.
cc4a0	60 3c 69 6e 74 65 72 66 61 63 65 3e 60 20 66 72 6f 6d 20 77 68 69 63 68 20 72 65 70 6c 69 65 73	`<interface>`.from.which.replies
cc4c0	20 66 72 6f 6d 20 60 3c 73 65 72 76 65 72 3e 60 20 61 6e 64 20 6f 74 68 65 72 20 72 65 6c 61 79	.from.`<server>`.and.other.relay
cc4e0	20 61 67 65 6e 74 73 20 77 69 6c 6c 20 62 65 20 61 63 63 65 70 74 65 64 2e 00 53 70 65 63 69 66	.agents.will.be.accepted..Specif
cc500	69 65 73 20 68 6f 77 20 6c 6f 6e 67 20 73 71 75 69 64 20 61 73 73 75 6d 65 73 20 61 6e 20 65 78	ies.how.long.squid.assumes.an.ex
cc520	74 65 72 6e 61 6c 6c 79 20 76 61 6c 69 64 61 74 65 64 20 75 73 65 72 6e 61 6d 65 3a 70 61 73 73	ternally.validated.username:pass
cc540	77 6f 72 64 20 70 61 69 72 20 69 73 20 76 61 6c 69 64 20 66 6f 72 20 2d 20 69 6e 20 6f 74 68 65	word.pair.is.valid.for.-.in.othe
cc560	72 20 77 6f 72 64 73 20 68 6f 77 20 6f 66 74 65 6e 20 74 68 65 20 68 65 6c 70 65 72 20 70 72 6f	r.words.how.often.the.helper.pro
cc580	67 72 61 6d 20 69 73 20 63 61 6c 6c 65 64 20 66 6f 72 20 74 68 61 74 20 75 73 65 72 2e 20 53 65	gram.is.called.for.that.user..Se
cc5a0	74 20 74 68 69 73 20 6c 6f 77 20 74 6f 20 66 6f 72 63 65 20 72 65 76 61 6c 69 64 61 74 69 6f 6e	t.this.low.to.force.revalidation
cc5c0	20 77 69 74 68 20 73 68 6f 72 74 20 6c 69 76 65 64 20 70 61 73 73 77 6f 72 64 73 2e 00 53 70 65	.with.short.lived.passwords..Spe
cc5e0	63 69 66 69 65 73 20 6f 6e 65 20 6f 66 20 74 68 65 20 62 6f 6e 64 69 6e 67 20 70 6f 6c 69 63 69	cifies.one.of.the.bonding.polici
cc600	65 73 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 69 73 20 38 30 32 2e 33 61 64 2e 20 50 6f 73 73	es..The.default.is.802.3ad..Poss
cc620	69 62 6c 65 20 76 61 6c 75 65 73 20 61 72 65 3a 00 53 70 65 63 69 66 69 65 73 20 70 72 6f 78 79	ible.values.are:.Specifies.proxy
cc640	20 73 65 72 76 69 63 65 20 6c 69 73 74 65 6e 69 6e 67 20 61 64 64 72 65 73 73 2e 20 54 68 65 20	.service.listening.address..The.
cc660	6c 69 73 74 65 6e 20 61 64 64 72 65 73 73 20 69 73 20 74 68 65 20 49 50 20 61 64 64 72 65 73 73	listen.address.is.the.IP.address
cc680	20 6f 6e 20 77 68 69 63 68 20 74 68 65 20 77 65 62 20 70 72 6f 78 79 20 73 65 72 76 69 63 65 20	.on.which.the.web.proxy.service.
cc6a0	6c 69 73 74 65 6e 73 20 66 6f 72 20 63 6c 69 65 6e 74 20 72 65 71 75 65 73 74 73 2e 00 53 70 65	listens.for.client.requests..Spe
cc6c0	63 69 66 69 65 73 20 73 69 6e 67 6c 65 20 60 3c 67 61 74 65 77 61 79 3e 60 20 49 50 20 61 64 64	cifies.single.`<gateway>`.IP.add
cc6e0	72 65 73 73 20 74 6f 20 62 65 20 75 73 65 64 20 61 73 20 6c 6f 63 61 6c 20 61 64 64 72 65 73 73	ress.to.be.used.as.local.address
cc700	20 6f 66 20 50 50 50 20 69 6e 74 65 72 66 61 63 65 73 2e 00 53 70 65 63 69 66 69 65 73 20 74 68	.of.PPP.interfaces..Specifies.th
cc720	61 74 20 74 68 65 20 3a 61 62 62 72 3a 60 4e 42 4d 41 20 28 4e 6f 6e 2d 62 72 6f 61 64 63 61 73	at.the.:abbr:`NBMA.(Non-broadcas
cc740	74 20 6d 75 6c 74 69 70 6c 65 2d 61 63 63 65 73 73 20 6e 65 74 77 6f 72 6b 29 60 20 61 64 64 72	t.multiple-access.network)`.addr
cc760	65 73 73 65 73 20 6f 66 20 74 68 65 20 6e 65 78 74 20 68 6f 70 20 73 65 72 76 65 72 73 20 61 72	esses.of.the.next.hop.servers.ar
cc780	65 20 64 65 66 69 6e 65 64 20 69 6e 20 74 68 65 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 20 6e 62 6d	e.defined.in.the.domain.name.nbm
cc7a0	61 2d 64 6f 6d 61 69 6e 2d 6e 61 6d 65 2e 20 46 6f 72 20 65 61 63 68 20 41 20 72 65 63 6f 72 64	a-domain-name..For.each.A.record
cc7c0	20 6f 70 65 6e 6e 68 72 70 20 63 72 65 61 74 65 73 20 61 20 64 79 6e 61 6d 69 63 20 4e 48 53 20	.opennhrp.creates.a.dynamic.NHS.
cc7e0	65 6e 74 72 79 2e 00 53 70 65 63 69 66 69 65 73 20 74 68 65 20 41 52 50 20 6c 69 6e 6b 20 6d 6f	entry..Specifies.the.ARP.link.mo
cc800	6e 69 74 6f 72 69 6e 67 20 60 3c 74 69 6d 65 3e 60 20 69 6e 20 73 65 63 6f 6e 64 73 2e 00 53 70	nitoring.`<time>`.in.seconds..Sp
cc820	65 63 69 66 69 65 73 20 74 68 65 20 49 50 20 61 64 64 72 65 73 73 65 73 20 74 6f 20 75 73 65 20	ecifies.the.IP.addresses.to.use.
cc840	61 73 20 41 52 50 20 6d 6f 6e 69 74 6f 72 69 6e 67 20 70 65 65 72 73 20 77 68 65 6e 20 3a 63 66	as.ARP.monitoring.peers.when.:cf
cc860	67 63 6d 64 3a 60 61 72 70 2d 6d 6f 6e 69 74 6f 72 20 69 6e 74 65 72 76 61 6c 60 20 6f 70 74 69	gcmd:`arp-monitor.interval`.opti
cc880	6f 6e 20 69 73 20 3e 20 30 2e 20 54 68 65 73 65 20 61 72 65 20 74 68 65 20 74 61 72 67 65 74 73	on.is.>.0..These.are.the.targets
cc8a0	20 6f 66 20 74 68 65 20 41 52 50 20 72 65 71 75 65 73 74 20 73 65 6e 74 20 74 6f 20 64 65 74 65	.of.the.ARP.request.sent.to.dete
cc8c0	72 6d 69 6e 65 20 74 68 65 20 68 65 61 6c 74 68 20 6f 66 20 74 68 65 20 6c 69 6e 6b 20 74 6f 20	rmine.the.health.of.the.link.to.
cc8e0	74 68 65 20 74 61 72 67 65 74 73 2e 00 53 70 65 63 69 66 69 65 73 20 74 68 65 20 61 76 61 69 6c	the.targets..Specifies.the.avail
cc900	61 62 6c 65 20 3a 61 62 62 72 3a 60 4d 41 43 20 28 4d 65 73 73 61 67 65 20 41 75 74 68 65 6e 74	able.:abbr:`MAC.(Message.Authent
cc920	69 63 61 74 69 6f 6e 20 43 6f 64 65 29 60 20 61 6c 67 6f 72 69 74 68 6d 73 2e 20 54 68 65 20 4d	ication.Code)`.algorithms..The.M
cc940	41 43 20 61 6c 67 6f 72 69 74 68 6d 20 69 73 20 75 73 65 64 20 69 6e 20 70 72 6f 74 6f 63 6f 6c	AC.algorithm.is.used.in.protocol
cc960	20 76 65 72 73 69 6f 6e 20 32 20 66 6f 72 20 64 61 74 61 20 69 6e 74 65 67 72 69 74 79 20 70 72	.version.2.for.data.integrity.pr
cc980	6f 74 65 63 74 69 6f 6e 2e 20 4d 75 6c 74 69 70 6c 65 20 61 6c 67 6f 72 69 74 68 6d 73 20 63 61	otection..Multiple.algorithms.ca
cc9a0	6e 20 62 65 20 70 72 6f 76 69 64 65 64 2e 00 53 70 65 63 69 66 69 65 73 20 74 68 65 20 62 61 73	n.be.provided..Specifies.the.bas
cc9c0	65 20 44 4e 20 75 6e 64 65 72 20 77 68 69 63 68 20 74 68 65 20 75 73 65 72 73 20 61 72 65 20 6c	e.DN.under.which.the.users.are.l
cc9e0	6f 63 61 74 65 64 2e 00 53 70 65 63 69 66 69 65 73 20 74 68 65 20 63 6c 69 65 6e 74 73 20 73 75	ocated..Specifies.the.clients.su
cca00	62 6e 65 74 20 6d 61 73 6b 20 61 73 20 70 65 72 20 52 46 43 20 39 35 30 2e 20 49 66 20 75 6e 73	bnet.mask.as.per.RFC.950..If.uns
cca20	65 74 2c 20 73 75 62 6e 65 74 20 64 65 63 6c 61 72 61 74 69 6f 6e 20 69 73 20 75 73 65 64 2e 00	et,.subnet.declaration.is.used..
cca40	53 70 65 63 69 66 69 65 73 20 74 68 65 20 68 6f 6c 64 69 6e 67 20 74 69 6d 65 20 66 6f 72 20 4e	Specifies.the.holding.time.for.N
cca60	48 52 50 20 52 65 67 69 73 74 72 61 74 69 6f 6e 20 52 65 71 75 65 73 74 73 20 61 6e 64 20 52 65	HRP.Registration.Requests.and.Re
cca80	73 6f 6c 75 74 69 6f 6e 20 52 65 70 6c 69 65 73 20 73 65 6e 74 20 66 72 6f 6d 20 74 68 69 73 20	solution.Replies.sent.from.this.
ccaa0	69 6e 74 65 72 66 61 63 65 20 6f 72 20 73 68 6f 72 74 63 75 74 2d 74 61 72 67 65 74 2e 20 54 68	interface.or.shortcut-target..Th
ccac0	65 20 68 6f 6c 64 74 69 6d 65 20 69 73 20 73 70 65 63 69 66 69 65 64 20 69 6e 20 73 65 63 6f 6e	e.holdtime.is.specified.in.secon
ccae0	64 73 20 61 6e 64 20 64 65 66 61 75 6c 74 73 20 74 6f 20 74 77 6f 20 68 6f 75 72 73 2e 00 53 70	ds.and.defaults.to.two.hours..Sp
ccb00	65 63 69 66 69 65 73 20 74 68 65 20 69 6e 74 65 72 76 61 6c 20 61 74 20 77 68 69 63 68 20 4e 65	ecifies.the.interval.at.which.Ne
ccb20	74 66 6c 6f 77 20 64 61 74 61 20 77 69 6c 6c 20 62 65 20 73 65 6e 74 20 74 6f 20 61 20 63 6f 6c	tflow.data.will.be.sent.to.a.col
ccb40	6c 65 63 74 6f 72 2e 20 41 73 20 70 65 72 20 64 65 66 61 75 6c 74 2c 20 4e 65 74 66 6c 6f 77 20	lector..As.per.default,.Netflow.
ccb60	64 61 74 61 20 77 69 6c 6c 20 62 65 20 73 65 6e 74 20 65 76 65 72 79 20 36 30 20 73 65 63 6f 6e	data.will.be.sent.every.60.secon
ccb80	64 73 2e 00 53 70 65 63 69 66 69 65 73 20 74 68 65 20 6d 61 78 69 6d 75 6d 20 73 69 7a 65 20 6f	ds..Specifies.the.maximum.size.o
ccba0	66 20 61 20 72 65 70 6c 79 20 62 6f 64 79 20 69 6e 20 4b 42 2c 20 75 73 65 64 20 74 6f 20 6c 69	f.a.reply.body.in.KB,.used.to.li
ccbc0	6d 69 74 20 74 68 65 20 72 65 70 6c 79 20 73 69 7a 65 2e 00 53 70 65 63 69 66 69 65 73 20 74 68	mit.the.reply.size..Specifies.th
ccbe0	65 20 6d 69 6e 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 6c 69 6e 6b 73 20 74 68 61 74 20 6d	e.minimum.number.of.links.that.m
ccc00	75 73 74 20 62 65 20 61 63 74 69 76 65 20 62 65 66 6f 72 65 20 61 73 73 65 72 74 69 6e 67 20 63	ust.be.active.before.asserting.c
ccc20	61 72 72 69 65 72 2e 20 49 74 20 69 73 20 73 69 6d 69 6c 61 72 20 74 6f 20 74 68 65 20 43 69 73	arrier..It.is.similar.to.the.Cis
ccc40	63 6f 20 45 74 68 65 72 43 68 61 6e 6e 65 6c 20 6d 69 6e 2d 6c 69 6e 6b 73 20 66 65 61 74 75 72	co.EtherChannel.min-links.featur
ccc60	65 2e 20 54 68 69 73 20 61 6c 6c 6f 77 73 20 73 65 74 74 69 6e 67 20 74 68 65 20 6d 69 6e 69 6d	e..This.allows.setting.the.minim
ccc80	75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 6d 65 6d 62 65 72 20 70 6f 72 74 73 20 74 68 61 74 20 6d	um.number.of.member.ports.that.m
ccca0	75 73 74 20 62 65 20 75 70 20 28 6c 69 6e 6b 2d 75 70 20 73 74 61 74 65 29 20 62 65 66 6f 72 65	ust.be.up.(link-up.state).before
cccc0	20 6d 61 72 6b 69 6e 67 20 74 68 65 20 62 6f 6e 64 20 64 65 76 69 63 65 20 61 73 20 75 70 20 28	.marking.the.bond.device.as.up.(
ccce0	63 61 72 72 69 65 72 20 6f 6e 29 2e 20 54 68 69 73 20 69 73 20 75 73 65 66 75 6c 20 66 6f 72 20	carrier.on)..This.is.useful.for.
ccd00	73 69 74 75 61 74 69 6f 6e 73 20 77 68 65 72 65 20 68 69 67 68 65 72 20 6c 65 76 65 6c 20 73 65	situations.where.higher.level.se
ccd20	72 76 69 63 65 73 20 73 75 63 68 20 61 73 20 63 6c 75 73 74 65 72 69 6e 67 20 77 61 6e 74 20 74	rvices.such.as.clustering.want.t
ccd40	6f 20 65 6e 73 75 72 65 20 61 20 6d 69 6e 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 6c 6f 77	o.ensure.a.minimum.number.of.low
ccd60	20 62 61 6e 64 77 69 64 74 68 20 6c 69 6e 6b 73 20 61 72 65 20 61 63 74 69 76 65 20 62 65 66 6f	.bandwidth.links.are.active.befo
ccd80	72 65 20 73 77 69 74 63 68 6f 76 65 72 2e 00 53 70 65 63 69 66 69 65 73 20 74 68 65 20 6e 61 6d	re.switchover..Specifies.the.nam
ccda0	65 20 6f 66 20 74 68 65 20 44 4e 20 61 74 74 72 69 62 75 74 65 20 74 68 61 74 20 63 6f 6e 74 61	e.of.the.DN.attribute.that.conta
ccdc0	69 6e 73 20 74 68 65 20 75 73 65 72 6e 61 6d 65 2f 6c 6f 67 69 6e 2e 20 43 6f 6d 62 69 6e 65 64	ins.the.username/login..Combined
ccde0	20 77 69 74 68 20 74 68 65 20 62 61 73 65 20 44 4e 20 74 6f 20 63 6f 6e 73 74 72 75 63 74 20 74	.with.the.base.DN.to.construct.t
cce00	68 65 20 75 73 65 72 73 20 44 4e 20 77 68 65 6e 20 6e 6f 20 73 65 61 72 63 68 20 66 69 6c 74 65	he.users.DN.when.no.search.filte
cce20	72 20 69 73 20 73 70 65 63 69 66 69 65 64 20 28 60 66 69 6c 74 65 72 2d 65 78 70 72 65 73 73 69	r.is.specified.(`filter-expressi
cce40	6f 6e 60 29 2e 00 53 70 65 63 69 66 69 65 73 20 74 68 65 20 70 68 79 73 69 63 61 6c 20 60 3c 65	on`)..Specifies.the.physical.`<e
cce60	74 68 58 3e 60 20 45 74 68 65 72 6e 65 74 20 69 6e 74 65 72 66 61 63 65 20 61 73 73 6f 63 69 61	thX>`.Ethernet.interface.associa
cce80	74 65 64 20 77 69 74 68 20 61 20 50 73 65 75 64 6f 20 45 74 68 65 72 6e 65 74 20 60 3c 69 6e 74	ted.with.a.Pseudo.Ethernet.`<int
ccea0	65 72 66 61 63 65 3e 60 2e 00 53 70 65 63 69 66 69 65 73 20 74 68 65 20 70 6f 72 74 20 60 3c 70	erface>`..Specifies.the.port.`<p
ccec0	6f 72 74 3e 60 20 74 68 61 74 20 74 68 65 20 53 53 54 50 20 70 6f 72 74 20 77 69 6c 6c 20 6c 69	ort>`.that.the.SSTP.port.will.li
ccee0	73 74 65 6e 20 6f 6e 20 28 64 65 66 61 75 6c 74 20 34 34 33 29 2e 00 53 70 65 63 69 66 69 65 73	sten.on.(default.443)..Specifies
ccf00	20 74 68 65 20 70 72 6f 74 65 63 74 69 6f 6e 20 73 63 6f 70 65 20 28 61 6b 61 20 72 65 61 6c 6d	.the.protection.scope.(aka.realm
ccf20	20 6e 61 6d 65 29 20 77 68 69 63 68 20 69 73 20 74 6f 20 62 65 20 72 65 70 6f 72 74 65 64 20 74	.name).which.is.to.be.reported.t
ccf40	6f 20 74 68 65 20 63 6c 69 65 6e 74 20 66 6f 72 20 74 68 65 20 61 75 74 68 65 6e 74 69 63 61 74	o.the.client.for.the.authenticat
ccf60	69 6f 6e 20 73 63 68 65 6d 65 2e 20 49 74 20 69 73 20 63 6f 6d 6d 6f 6e 6c 79 20 70 61 72 74 20	ion.scheme..It.is.commonly.part.
ccf80	6f 66 20 74 68 65 20 74 65 78 74 20 74 68 65 20 75 73 65 72 20 77 69 6c 6c 20 73 65 65 20 77 68	of.the.text.the.user.will.see.wh
ccfa0	65 6e 20 70 72 6f 6d 70 74 65 64 20 66 6f 72 20 74 68 65 69 72 20 75 73 65 72 6e 61 6d 65 20 61	en.prompted.for.their.username.a
ccfc0	6e 64 20 70 61 73 73 77 6f 72 64 2e 00 53 70 65 63 69 66 69 65 73 20 74 68 65 20 72 6f 75 74 65	nd.password..Specifies.the.route
ccfe0	20 64 69 73 74 69 6e 67 75 69 73 68 65 72 20 74 6f 20 62 65 20 61 64 64 65 64 20 74 6f 20 61 20	.distinguisher.to.be.added.to.a.
cd000	72 6f 75 74 65 20 65 78 70 6f 72 74 65 64 20 66 72 6f 6d 20 74 68 65 20 63 75 72 72 65 6e 74 20	route.exported.from.the.current.
cd020	75 6e 69 63 61 73 74 20 56 52 46 20 74 6f 20 56 50 4e 2e 00 53 70 65 63 69 66 69 65 73 20 74 68	unicast.VRF.to.VPN..Specifies.th
cd040	65 20 72 6f 75 74 65 2d 74 61 72 67 65 74 20 6c 69 73 74 20 74 6f 20 62 65 20 61 74 74 61 63 68	e.route-target.list.to.be.attach
cd060	65 64 20 74 6f 20 61 20 72 6f 75 74 65 20 28 65 78 70 6f 72 74 29 20 6f 72 20 74 68 65 20 72 6f	ed.to.a.route.(export).or.the.ro
cd080	75 74 65 2d 74 61 72 67 65 74 20 6c 69 73 74 20 74 6f 20 6d 61 74 63 68 20 61 67 61 69 6e 73 74	ute-target.list.to.match.against
cd0a0	20 28 69 6d 70 6f 72 74 29 20 77 68 65 6e 20 65 78 70 6f 72 74 69 6e 67 2f 69 6d 70 6f 72 74 69	.(import).when.exporting/importi
cd0c0	6e 67 20 62 65 74 77 65 65 6e 20 74 68 65 20 63 75 72 72 65 6e 74 20 75 6e 69 63 61 73 74 20 56	ng.between.the.current.unicast.V
cd0e0	52 46 20 61 6e 64 20 56 50 4e 2e 54 68 65 20 52 54 4c 49 53 54 20 69 73 20 61 20 73 70 61 63 65	RF.and.VPN.The.RTLIST.is.a.space
cd100	2d 73 65 70 61 72 61 74 65 64 20 6c 69 73 74 20 6f 66 20 72 6f 75 74 65 2d 74 61 72 67 65 74 73	-separated.list.of.route-targets
cd120	2c 20 77 68 69 63 68 20 61 72 65 20 42 47 50 20 65 78 74 65 6e 64 65 64 20 63 6f 6d 6d 75 6e 69	,.which.are.BGP.extended.communi
cd140	74 79 20 76 61 6c 75 65 73 20 61 73 20 64 65 73 63 72 69 62 65 64 20 69 6e 20 45 78 74 65 6e 64	ty.values.as.described.in.Extend
cd160	65 64 20 43 6f 6d 6d 75 6e 69 74 69 65 73 20 41 74 74 72 69 62 75 74 65 2e 00 53 70 65 63 69 66	ed.Communities.Attribute..Specif
cd180	69 65 73 20 74 68 65 20 76 65 6e 64 6f 72 20 64 69 63 74 69 6f 6e 61 72 79 2c 20 64 69 63 74 69	ies.the.vendor.dictionary,.dicti
cd1a0	6f 6e 61 72 79 20 6e 65 65 64 73 20 74 6f 20 62 65 20 69 6e 20 2f 75 73 72 2f 73 68 61 72 65 2f	onary.needs.to.be.in./usr/share/
cd1c0	61 63 63 65 6c 2d 70 70 70 2f 72 61 64 69 75 73 2e 00 53 70 65 63 69 66 69 65 73 20 74 69 6d 65	accel-ppp/radius..Specifies.time
cd1e0	6f 75 74 20 69 6e 20 73 65 63 6f 6e 64 73 20 74 6f 20 77 61 69 74 20 66 6f 72 20 61 6e 79 20 70	out.in.seconds.to.wait.for.any.p
cd200	65 65 72 20 61 63 74 69 76 69 74 79 2e 20 49 66 20 74 68 69 73 20 6f 70 74 69 6f 6e 20 73 70 65	eer.activity..If.this.option.spe
cd220	63 69 66 69 65 64 20 69 74 20 74 75 72 6e 73 20 6f 6e 20 61 64 61 70 74 69 76 65 20 6c 63 70 20	cified.it.turns.on.adaptive.lcp.
cd240	65 63 68 6f 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79 20 61 6e 64 20 22 6c 63 70 2d 65 63 68 6f	echo.functionality.and."lcp-echo
cd260	2d 66 61 69 6c 75 72 65 22 20 69 73 20 6e 6f 74 20 75 73 65 64 2e 00 53 70 65 63 69 66 69 65 73	-failure".is.not.used..Specifies
cd280	20 77 68 65 74 68 65 72 20 61 6e 20 65 78 74 65 72 6e 61 6c 20 63 6f 6e 74 72 6f 6c 20 70 6c 61	.whether.an.external.control.pla
cd2a0	6e 65 20 28 65 2e 67 2e 20 42 47 50 20 4c 32 56 50 4e 2f 45 56 50 4e 29 20 6f 72 20 74 68 65 20	ne.(e.g..BGP.L2VPN/EVPN).or.the.
cd2c0	69 6e 74 65 72 6e 61 6c 20 46 44 42 20 73 68 6f 75 6c 64 20 62 65 20 75 73 65 64 2e 00 53 70 65	internal.FDB.should.be.used..Spe
cd2e0	63 69 66 69 65 73 20 77 68 65 74 68 65 72 20 74 68 69 73 20 4e 53 53 41 20 62 6f 72 64 65 72 20	cifies.whether.this.NSSA.border.
cd300	72 6f 75 74 65 72 20 77 69 6c 6c 20 75 6e 63 6f 6e 64 69 74 69 6f 6e 61 6c 6c 79 20 74 72 61 6e	router.will.unconditionally.tran
cd320	73 6c 61 74 65 20 54 79 70 65 2d 37 20 4c 53 41 73 20 69 6e 74 6f 20 54 79 70 65 2d 35 20 4c 53	slate.Type-7.LSAs.into.Type-5.LS
cd340	41 73 2e 20 57 68 65 6e 20 72 6f 6c 65 20 69 73 20 41 6c 77 61 79 73 2c 20 54 79 70 65 2d 37 20	As..When.role.is.Always,.Type-7.
cd360	4c 53 41 73 20 61 72 65 20 74 72 61 6e 73 6c 61 74 65 64 20 69 6e 74 6f 20 54 79 70 65 2d 35 20	LSAs.are.translated.into.Type-5.
cd380	4c 53 41 73 20 72 65 67 61 72 64 6c 65 73 73 20 6f 66 20 74 68 65 20 74 72 61 6e 73 6c 61 74 6f	LSAs.regardless.of.the.translato
cd3a0	72 20 73 74 61 74 65 20 6f 66 20 6f 74 68 65 72 20 4e 53 53 41 20 62 6f 72 64 65 72 20 72 6f 75	r.state.of.other.NSSA.border.rou
cd3c0	74 65 72 73 2e 20 57 68 65 6e 20 72 6f 6c 65 20 69 73 20 43 61 6e 64 69 64 61 74 65 2c 20 74 68	ters..When.role.is.Candidate,.th
cd3e0	69 73 20 72 6f 75 74 65 72 20 70 61 72 74 69 63 69 70 61 74 65 73 20 69 6e 20 74 68 65 20 74 72	is.router.participates.in.the.tr
cd400	61 6e 73 6c 61 74 6f 72 20 65 6c 65 63 74 69 6f 6e 20 74 6f 20 64 65 74 65 72 6d 69 6e 65 20 69	anslator.election.to.determine.i
cd420	66 20 69 74 20 77 69 6c 6c 20 70 65 72 66 6f 72 6d 20 74 68 65 20 74 72 61 6e 73 6c 61 74 69 6f	f.it.will.perform.the.translatio
cd440	6e 73 20 64 75 74 69 65 73 2e 20 57 68 65 6e 20 72 6f 6c 65 20 69 73 20 4e 65 76 65 72 2c 20 74	ns.duties..When.role.is.Never,.t
cd460	68 69 73 20 72 6f 75 74 65 72 20 77 69 6c 6c 20 6e 65 76 65 72 20 74 72 61 6e 73 6c 61 74 65 20	his.router.will.never.translate.
cd480	54 79 70 65 2d 37 20 4c 53 41 73 20 69 6e 74 6f 20 54 79 70 65 2d 35 20 4c 53 41 73 2e 00 53 70	Type-7.LSAs.into.Type-5.LSAs..Sp
cd4a0	65 63 69 66 69 65 73 20 77 68 69 63 68 20 52 41 44 49 55 53 20 73 65 72 76 65 72 20 61 74 74 72	ecifies.which.RADIUS.server.attr
cd4c0	69 62 75 74 65 20 63 6f 6e 74 61 69 6e 73 20 74 68 65 20 72 61 74 65 20 6c 69 6d 69 74 20 69 6e	ibute.contains.the.rate.limit.in
cd4e0	66 6f 72 6d 61 74 69 6f 6e 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 61 74 74 72 69 62 75 74 65	formation..The.default.attribute
cd500	20 69 73 20 60 46 69 6c 74 65 72 2d 49 64 60 2e 00 53 70 65 63 69 66 79 20 49 50 76 34 2f 49 50	.is.`Filter-Id`..Specify.IPv4/IP
cd520	76 36 20 6c 69 73 74 65 6e 20 61 64 64 72 65 73 73 20 6f 66 20 53 53 48 20 73 65 72 76 65 72 2e	v6.listen.address.of.SSH.server.
cd540	20 4d 75 6c 74 69 70 6c 65 20 61 64 64 72 65 73 73 65 73 20 63 61 6e 20 62 65 20 64 65 66 69 6e	.Multiple.addresses.can.be.defin
cd560	65 64 2e 00 53 70 65 63 69 66 79 20 61 20 3a 61 62 62 72 3a 60 53 49 50 20 28 53 65 73 73 69 6f	ed..Specify.a.:abbr:`SIP.(Sessio
cd580	6e 20 49 6e 69 74 69 61 74 69 6f 6e 20 50 72 6f 74 6f 63 6f 6c 29 60 20 73 65 72 76 65 72 20 62	n.Initiation.Protocol)`.server.b
cd5a0	79 20 49 50 76 36 20 61 64 64 72 65 73 73 20 6f 66 20 46 75 6c 6c 79 20 51 75 61 6c 69 66 69 65	y.IPv6.address.of.Fully.Qualifie
cd5c0	64 20 44 6f 6d 61 69 6e 20 4e 61 6d 65 20 66 6f 72 20 61 6c 6c 20 44 48 43 50 76 36 20 63 6c 69	d.Domain.Name.for.all.DHCPv6.cli
cd5e0	65 6e 74 73 2e 00 53 70 65 63 69 66 79 20 61 20 46 75 6c 6c 79 20 51 75 61 6c 69 66 69 65 64 20	ents..Specify.a.Fully.Qualified.
cd600	44 6f 6d 61 69 6e 20 4e 61 6d 65 20 61 73 20 73 6f 75 72 63 65 2f 64 65 73 74 69 6e 61 74 69 6f	Domain.Name.as.source/destinatio
cd620	6e 20 6d 61 74 63 68 65 72 2e 20 45 6e 73 75 72 65 20 72 6f 75 74 65 72 20 69 73 20 61 62 6c 65	n.matcher..Ensure.router.is.able
cd640	20 74 6f 20 72 65 73 6f 6c 76 65 20 73 75 63 68 20 64 6e 73 20 71 75 65 72 79 2e 00 53 70 65 63	.to.resolve.such.dns.query..Spec
cd660	69 66 79 20 61 20 4e 49 53 20 73 65 72 76 65 72 20 61 64 64 72 65 73 73 20 66 6f 72 20 44 48 43	ify.a.NIS.server.address.for.DHC
cd680	50 76 36 20 63 6c 69 65 6e 74 73 2e 00 53 70 65 63 69 66 79 20 61 20 4e 49 53 2b 20 73 65 72 76	Pv6.clients..Specify.a.NIS+.serv
cd6a0	65 72 20 61 64 64 72 65 73 73 20 66 6f 72 20 44 48 43 50 76 36 20 63 6c 69 65 6e 74 73 2e 00 53	er.address.for.DHCPv6.clients..S
cd6c0	70 65 63 69 66 79 20 61 62 73 6f 6c 75 74 65 20 60 3c 70 61 74 68 3e 60 20 74 6f 20 73 63 72 69	pecify.absolute.`<path>`.to.scri
cd6e0	70 74 20 77 68 69 63 68 20 77 69 6c 6c 20 62 65 20 72 75 6e 20 77 68 65 6e 20 60 3c 74 61 73 6b	pt.which.will.be.run.when.`<task
cd700	3e 60 20 69 73 20 65 78 65 63 75 74 65 64 2e 00 53 70 65 63 69 66 79 20 61 6c 6c 6f 77 65 64 20	>`.is.executed..Specify.allowed.
cd720	3a 61 62 62 72 3a 60 4b 45 58 20 28 4b 65 79 20 45 78 63 68 61 6e 67 65 29 60 20 61 6c 67 6f 72	:abbr:`KEX.(Key.Exchange)`.algor
cd740	69 74 68 6d 73 2e 00 53 70 65 63 69 66 79 20 61 6e 20 61 6c 74 65 72 6e 61 74 65 20 41 53 20 66	ithms..Specify.an.alternate.AS.f
cd760	6f 72 20 74 68 69 73 20 42 47 50 20 70 72 6f 63 65 73 73 20 77 68 65 6e 20 69 6e 74 65 72 61 63	or.this.BGP.process.when.interac
cd780	74 69 6e 67 20 77 69 74 68 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 70 65 65 72 20 6f 72 20	ting.with.the.specified.peer.or.
cd7a0	70 65 65 72 20 67 72 6f 75 70 2e 20 57 69 74 68 20 6e 6f 20 6d 6f 64 69 66 69 65 72 73 2c 20 74	peer.group..With.no.modifiers,.t
cd7c0	68 65 20 73 70 65 63 69 66 69 65 64 20 6c 6f 63 61 6c 2d 61 73 20 69 73 20 70 72 65 70 65 6e 64	he.specified.local-as.is.prepend
cd7e0	65 64 20 74 6f 20 74 68 65 20 72 65 63 65 69 76 65 64 20 41 53 5f 50 41 54 48 20 77 68 65 6e 20	ed.to.the.received.AS_PATH.when.
cd800	72 65 63 65 69 76 69 6e 67 20 72 6f 75 74 69 6e 67 20 75 70 64 61 74 65 73 20 66 72 6f 6d 20 74	receiving.routing.updates.from.t
cd820	68 65 20 70 65 65 72 2c 20 61 6e 64 20 70 72 65 70 65 6e 64 65 64 20 74 6f 20 74 68 65 20 6f 75	he.peer,.and.prepended.to.the.ou
cd840	74 67 6f 69 6e 67 20 41 53 5f 50 41 54 48 20 28 61 66 74 65 72 20 74 68 65 20 70 72 6f 63 65 73	tgoing.AS_PATH.(after.the.proces
cd860	73 20 6c 6f 63 61 6c 20 41 53 29 20 77 68 65 6e 20 74 72 61 6e 73 6d 69 74 74 69 6e 67 20 6c 6f	s.local.AS).when.transmitting.lo
cd880	63 61 6c 20 72 6f 75 74 65 73 20 74 6f 20 74 68 65 20 70 65 65 72 2e 00 53 70 65 63 69 66 79 20	cal.routes.to.the.peer..Specify.
cd8a0	61 6e 20 61 6c 74 65 72 6e 61 74 65 20 54 43 50 20 70 6f 72 74 20 77 68 65 72 65 20 74 68 65 20	an.alternate.TCP.port.where.the.
cd8c0	6c 64 61 70 20 73 65 72 76 65 72 20 69 73 20 6c 69 73 74 65 6e 69 6e 67 20 69 66 20 6f 74 68 65	ldap.server.is.listening.if.othe
cd8e0	72 20 74 68 61 6e 20 74 68 65 20 64 65 66 61 75 6c 74 20 4c 44 41 50 20 70 6f 72 74 20 33 38 39	r.than.the.default.LDAP.port.389
cd900	2e 00 53 70 65 63 69 66 79 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 3a 61 62 62 72 3a 60 56 52 46	..Specify.name.of.the.:abbr:`VRF
cd920	20 28 56 69 72 74 75 61 6c 20 52 6f 75 74 69 6e 67 20 61 6e 64 20 46 6f 72 77 61 72 64 69 6e 67	.(Virtual.Routing.and.Forwarding
cd940	29 60 20 69 6e 73 74 61 6e 63 65 2e 00 53 70 65 63 69 66 79 20 6e 65 78 74 68 6f 70 20 6f 6e 20	)`.instance..Specify.nexthop.on.
cd960	74 68 65 20 70 61 74 68 20 74 6f 20 74 68 65 20 64 65 73 74 69 6e 61 74 69 6f 6e 2c 20 60 60 69	the.path.to.the.destination,.``i
cd980	70 76 34 2d 61 64 64 72 65 73 73 60 60 20 63 61 6e 20 62 65 20 73 65 74 20 74 6f 20 60 60 64 68	pv4-address``.can.be.set.to.``dh
cd9a0	63 70 60 60 00 53 70 65 63 69 66 79 20 73 74 61 74 69 63 20 72 6f 75 74 65 20 69 6e 74 6f 20 74	cp``.Specify.static.route.into.t
cd9c0	68 65 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 20 73 65 6e 64 69 6e 67 20 61 6c 6c 20 6e 6f 6e	he.routing.table.sending.all.non
cd9e0	20 6c 6f 63 61 6c 20 74 72 61 66 66 69 63 20 74 6f 20 74 68 65 20 6e 65 78 74 68 6f 70 20 61 64	.local.traffic.to.the.nexthop.ad
cda00	64 72 65 73 73 20 60 3c 61 64 64 72 65 73 73 3e 60 2e 00 53 70 65 63 69 66 79 20 74 68 65 20 49	dress.`<address>`..Specify.the.I
cda20	50 20 60 3c 61 64 64 72 65 73 73 3e 60 20 6f 66 20 74 68 65 20 52 41 44 49 55 53 20 73 65 72 76	P.`<address>`.of.the.RADIUS.serv
cda40	65 72 20 75 73 65 72 20 77 69 74 68 20 74 68 65 20 70 72 65 2d 73 68 61 72 65 64 2d 73 65 63 72	er.user.with.the.pre-shared-secr
cda60	65 74 20 67 69 76 65 6e 20 69 6e 20 60 3c 73 65 63 72 65 74 3e 60 2e 00 53 70 65 63 69 66 79 20	et.given.in.`<secret>`..Specify.
cda80	74 68 65 20 49 50 20 60 3c 61 64 64 72 65 73 73 3e 60 20 6f 66 20 74 68 65 20 54 41 43 41 43 53	the.IP.`<address>`.of.the.TACACS
cdaa0	20 73 65 72 76 65 72 20 75 73 65 72 20 77 69 74 68 20 74 68 65 20 70 72 65 2d 73 68 61 72 65 64	.server.user.with.the.pre-shared
cdac0	2d 73 65 63 72 65 74 20 67 69 76 65 6e 20 69 6e 20 60 3c 73 65 63 72 65 74 3e 60 2e 00 53 70 65	-secret.given.in.`<secret>`..Spe
cdae0	63 69 66 79 20 74 68 65 20 49 50 76 34 20 73 6f 75 72 63 65 20 61 64 64 72 65 73 73 20 74 6f 20	cify.the.IPv4.source.address.to.
cdb00	75 73 65 20 66 6f 72 20 74 68 65 20 42 47 50 20 73 65 73 73 69 6f 6e 20 74 6f 20 74 68 69 73 20	use.for.the.BGP.session.to.this.
cdb20	6e 65 69 67 68 62 6f 72 2c 20 6d 61 79 20 62 65 20 73 70 65 63 69 66 69 65 64 20 61 73 20 65 69	neighbor,.may.be.specified.as.ei
cdb40	74 68 65 72 20 61 6e 20 49 50 76 34 20 61 64 64 72 65 73 73 20 64 69 72 65 63 74 6c 79 20 6f 72	ther.an.IPv4.address.directly.or
cdb60	20 61 73 20 61 6e 20 69 6e 74 65 72 66 61 63 65 20 6e 61 6d 65 2e 00 53 70 65 63 69 66 79 20 74	.as.an.interface.name..Specify.t
cdb80	68 65 20 4c 44 41 50 20 73 65 72 76 65 72 20 74 6f 20 63 6f 6e 6e 65 63 74 20 74 6f 2e 00 53 70	he.LDAP.server.to.connect.to..Sp
cdba0	65 63 69 66 79 20 74 68 65 20 69 64 65 6e 74 69 66 69 65 72 20 76 61 6c 75 65 20 6f 66 20 74 68	ecify.the.identifier.value.of.th
cdbc0	65 20 73 69 74 65 2d 6c 65 76 65 6c 20 61 67 67 72 65 67 61 74 6f 72 20 28 53 4c 41 29 20 6f 6e	e.site-level.aggregator.(SLA).on
cdbe0	20 74 68 65 20 69 6e 74 65 72 66 61 63 65 2e 20 49 44 20 6d 75 73 74 20 62 65 20 61 20 64 65 63	.the.interface..ID.must.be.a.dec
cdc00	69 6d 61 6c 20 6e 75 6d 62 65 72 20 67 72 65 61 74 65 72 20 74 68 65 6e 20 30 20 77 68 69 63 68	imal.number.greater.then.0.which
cdc20	20 66 69 74 73 20 69 6e 20 74 68 65 20 6c 65 6e 67 74 68 20 6f 66 20 53 4c 41 20 49 44 73 20 28	.fits.in.the.length.of.SLA.IDs.(
cdc40	73 65 65 20 62 65 6c 6f 77 29 2e 00 53 70 65 63 69 66 79 20 74 68 65 20 69 6e 74 65 72 66 61 63	see.below)..Specify.the.interfac
cdc60	65 20 61 64 64 72 65 73 73 20 75 73 65 64 20 6c 6f 63 61 6c 6c 79 20 6f 6e 20 74 68 65 20 69 6e	e.address.used.locally.on.the.in
cdc80	74 65 72 66 61 63 65 20 77 68 65 72 65 20 74 68 65 20 70 72 65 66 69 78 20 68 61 73 20 62 65 65	terface.where.the.prefix.has.bee
cdca0	6e 20 64 65 6c 65 67 61 74 65 64 20 74 6f 2e 20 49 44 20 6d 75 73 74 20 62 65 20 61 20 64 65 63	n.delegated.to..ID.must.be.a.dec
cdcc0	69 6d 61 6c 20 69 6e 74 65 67 65 72 2e 00 53 70 65 63 69 66 79 20 74 68 65 20 6d 69 6e 69 6d 75	imal.integer..Specify.the.minimu
cdce0	6d 20 72 65 71 75 69 72 65 64 20 54 4c 53 20 76 65 72 73 69 6f 6e 20 31 2e 32 20 6f 72 20 31 2e	m.required.TLS.version.1.2.or.1.
cdd00	33 00 53 70 65 63 69 66 79 20 74 68 65 20 70 6c 61 69 6e 74 65 78 74 20 70 61 73 73 77 6f 72 64	3.Specify.the.plaintext.password
cdd20	20 75 73 65 72 20 62 79 20 75 73 65 72 20 60 3c 6e 61 6d 65 3e 60 20 6f 6e 20 74 68 69 73 20 73	.user.by.user.`<name>`.on.this.s
cdd40	79 73 74 65 6d 2e 20 54 68 65 20 70 6c 61 69 6e 74 65 78 74 20 70 61 73 73 77 6f 72 64 20 77 69	ystem..The.plaintext.password.wi
cdd60	6c 6c 20 62 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 74 72 61 6e 73 66 65 72 72 65 64 20	ll.be.automatically.transferred.
cdd80	69 6e 74 6f 20 61 20 73 65 63 75 72 65 20 68 61 73 68 65 64 20 70 61 73 73 77 6f 72 64 20 61 6e	into.a.secure.hashed.password.an
cdda0	64 20 6e 6f 74 20 73 61 76 65 64 20 61 6e 79 77 68 65 72 65 20 69 6e 20 70 6c 61 69 6e 74 65 78	d.not.saved.anywhere.in.plaintex
cddc0	74 2e 00 53 70 65 63 69 66 79 20 74 68 65 20 70 6f 72 74 20 75 73 65 64 20 6f 6e 20 77 68 69 63	t..Specify.the.port.used.on.whic
cdde0	68 20 74 68 65 20 70 72 6f 78 79 20 73 65 72 76 69 63 65 20 69 73 20 6c 69 73 74 65 6e 69 6e 67	h.the.proxy.service.is.listening
cde00	20 66 6f 72 20 72 65 71 75 65 73 74 73 2e 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 74 68 65 20	.for.requests..This.port.is.the.
cde20	64 65 66 61 75 6c 74 20 70 6f 72 74 20 75 73 65 64 20 66 6f 72 20 74 68 65 20 73 70 65 63 69 66	default.port.used.for.the.specif
cde40	69 65 64 20 6c 69 73 74 65 6e 2d 61 64 64 72 65 73 73 2e 00 53 70 65 63 69 66 79 20 74 68 65 20	ied.listen-address..Specify.the.
cde60	73 79 73 74 65 6d 73 20 60 3c 74 69 6d 65 7a 6f 6e 65 3e 60 20 61 73 20 74 68 65 20 52 65 67 69	systems.`<timezone>`.as.the.Regi
cde80	6f 6e 2f 4c 6f 63 61 74 69 6f 6e 20 74 68 61 74 20 62 65 73 74 20 64 65 66 69 6e 65 73 20 79 6f	on/Location.that.best.defines.yo
cdea0	75 72 20 6c 6f 63 61 74 69 6f 6e 2e 20 46 6f 72 20 65 78 61 6d 70 6c 65 2c 20 73 70 65 63 69 66	ur.location..For.example,.specif
cdec0	79 69 6e 67 20 55 53 2f 50 61 63 69 66 69 63 20 73 65 74 73 20 74 68 65 20 74 69 6d 65 20 7a 6f	ying.US/Pacific.sets.the.time.zo
cdee0	6e 65 20 74 6f 20 55 53 20 50 61 63 69 66 69 63 20 74 69 6d 65 2e 00 53 70 65 63 69 66 79 20 74	ne.to.US.Pacific.time..Specify.t
cdf00	68 65 20 74 69 6d 65 20 69 6e 74 65 72 76 61 6c 20 77 68 65 6e 20 60 3c 74 61 73 6b 3e 60 20 73	he.time.interval.when.`<task>`.s
cdf20	68 6f 75 6c 64 20 62 65 20 65 78 65 63 75 74 65 64 2e 20 54 68 65 20 69 6e 74 65 72 76 61 6c 20	hould.be.executed..The.interval.
cdf40	69 73 20 73 70 65 63 69 66 69 65 64 20 61 73 20 6e 75 6d 62 65 72 20 77 69 74 68 20 6f 6e 65 20	is.specified.as.number.with.one.
cdf60	6f 66 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 73 75 66 66 69 78 65 73 3a 00 53 70 65 63 69	of.the.following.suffixes:.Speci
cdf80	66 79 20 74 69 6d 65 6f 75 74 20 2f 20 75 70 64 61 74 65 20 69 6e 74 65 72 76 61 6c 20 74 6f 20	fy.timeout./.update.interval.to.
cdfa0	63 68 65 63 6b 20 69 66 20 49 50 20 61 64 64 72 65 73 73 20 63 68 61 6e 67 65 64 2e 00 53 70 65	check.if.IP.address.changed..Spe
cdfc0	63 69 66 79 20 74 69 6d 65 6f 75 74 20 69 6e 74 65 72 76 61 6c 20 66 6f 72 20 6b 65 65 70 61 6c	cify.timeout.interval.for.keepal
cdfe0	69 76 65 20 6d 65 73 73 61 67 65 20 69 6e 20 73 65 63 6f 6e 64 73 2e 00 53 70 69 6e 65 31 20 69	ive.message.in.seconds..Spine1.i
ce000	73 20 61 20 43 69 73 63 6f 20 49 4f 53 20 72 6f 75 74 65 72 20 72 75 6e 6e 69 6e 67 20 76 65 72	s.a.Cisco.IOS.router.running.ver
ce020	73 69 6f 6e 20 31 35 2e 34 2c 20 4c 65 61 66 32 20 61 6e 64 20 4c 65 61 66 33 20 69 73 20 65 61	sion.15.4,.Leaf2.and.Leaf3.is.ea
ce040	63 68 20 61 20 56 79 4f 53 20 72 6f 75 74 65 72 20 72 75 6e 6e 69 6e 67 20 31 2e 32 2e 00 53 70	ch.a.VyOS.router.running.1.2..Sp
ce060	6c 75 6e 6b 00 53 70 6f 6b 65 00 53 71 75 69 64 5f 20 69 73 20 61 20 63 61 63 68 69 6e 67 20 61	lunk.Spoke.Squid_.is.a.caching.a
ce080	6e 64 20 66 6f 72 77 61 72 64 69 6e 67 20 48 54 54 50 20 77 65 62 20 70 72 6f 78 79 2e 20 49 74	nd.forwarding.HTTP.web.proxy..It
ce0a0	20 68 61 73 20 61 20 77 69 64 65 20 76 61 72 69 65 74 79 20 6f 66 20 75 73 65 73 2c 20 69 6e 63	.has.a.wide.variety.of.uses,.inc
ce0c0	6c 75 64 69 6e 67 20 73 70 65 65 64 69 6e 67 20 75 70 20 61 20 77 65 62 20 73 65 72 76 65 72 20	luding.speeding.up.a.web.server.
ce0e0	62 79 20 63 61 63 68 69 6e 67 20 72 65 70 65 61 74 65 64 20 72 65 71 75 65 73 74 73 2c 20 63 61	by.caching.repeated.requests,.ca
ce100	63 68 69 6e 67 20 77 65 62 2c 20 44 4e 53 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6d 70 75 74 65	ching.web,.DNS.and.other.compute
ce120	72 20 6e 65 74 77 6f 72 6b 20 6c 6f 6f 6b 75 70 73 20 66 6f 72 20 61 20 67 72 6f 75 70 20 6f 66	r.network.lookups.for.a.group.of
ce140	20 70 65 6f 70 6c 65 20 73 68 61 72 69 6e 67 20 6e 65 74 77 6f 72 6b 20 72 65 73 6f 75 72 63 65	.people.sharing.network.resource
ce160	73 2c 20 61 6e 64 20 61 69 64 69 6e 67 20 73 65 63 75 72 69 74 79 20 62 79 20 66 69 6c 74 65 72	s,.and.aiding.security.by.filter
ce180	69 6e 67 20 74 72 61 66 66 69 63 2e 20 41 6c 74 68 6f 75 67 68 20 70 72 69 6d 61 72 69 6c 79 20	ing.traffic..Although.primarily.
ce1a0	75 73 65 64 20 66 6f 72 20 48 54 54 50 20 61 6e 64 20 46 54 50 2c 20 53 71 75 69 64 20 69 6e 63	used.for.HTTP.and.FTP,.Squid.inc
ce1c0	6c 75 64 65 73 20 6c 69 6d 69 74 65 64 20 73 75 70 70 6f 72 74 20 66 6f 72 20 73 65 76 65 72 61	ludes.limited.support.for.severa
ce1e0	6c 20 6f 74 68 65 72 20 70 72 6f 74 6f 63 6f 6c 73 20 69 6e 63 6c 75 64 69 6e 67 20 49 6e 74 65	l.other.protocols.including.Inte
ce200	72 6e 65 74 20 47 6f 70 68 65 72 2c 20 53 53 4c 2c 5b 36 5d 20 54 4c 53 20 61 6e 64 20 48 54 54	rnet.Gopher,.SSL,[6].TLS.and.HTT
ce220	50 53 2e 20 53 71 75 69 64 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 74 68 65 20 53	PS..Squid.does.not.support.the.S
ce240	4f 43 4b 53 20 70 72 6f 74 6f 63 6f 6c 2e 00 53 74 61 72 74 20 62 79 20 63 68 65 63 6b 69 6e 67	OCKS.protocol..Start.by.checking
ce260	20 66 6f 72 20 49 50 53 65 63 20 53 41 73 20 28 53 65 63 75 72 69 74 79 20 41 73 73 6f 63 69 61	.for.IPSec.SAs.(Security.Associa
ce280	74 69 6f 6e 73 29 20 77 69 74 68 3a 00 53 74 61 72 74 69 6e 67 20 66 72 6f 6d 20 56 79 4f 53 20	tions).with:.Starting.from.VyOS.
ce2a0	31 2e 34 2d 72 6f 6c 6c 69 6e 67 2d 32 30 32 33 30 38 30 34 30 35 35 37 2c 20 61 20 6e 65 77 20	1.4-rolling-202308040557,.a.new.
ce2c0	66 69 72 65 77 61 6c 6c 20 73 74 72 75 63 74 75 72 65 20 63 61 6e 20 62 65 20 66 6f 75 6e 64 20	firewall.structure.can.be.found.
ce2e0	6f 6e 20 61 6c 6c 20 76 79 6f 73 20 69 6e 73 74 61 6c 6c 61 74 69 6f 6e 73 2e 20 44 6f 63 75 6d	on.all.vyos.installations..Docum
ce300	65 6e 74 61 74 69 6f 6e 20 66 6f 72 20 6d 6f 73 74 20 6e 65 77 20 66 69 72 65 77 61 6c 6c 20 63	entation.for.most.new.firewall.c
ce320	6c 69 20 63 61 6e 20 62 65 20 66 6f 75 6e 64 20 68 65 72 65 3a 00 53 74 61 72 74 69 6e 67 20 6f	li.can.be.found.here:.Starting.o
ce340	66 20 77 69 74 68 20 56 79 4f 53 20 31 2e 33 20 28 65 71 75 75 6c 65 75 73 29 20 77 65 20 61 64	f.with.VyOS.1.3.(equuleus).we.ad
ce360	64 65 64 20 73 75 70 70 6f 72 74 20 66 6f 72 20 72 75 6e 6e 69 6e 67 20 56 79 4f 53 20 61 73 20	ded.support.for.running.VyOS.as.
ce380	61 6e 20 4f 75 74 2d 6f 66 2d 42 61 6e 64 20 4d 61 6e 61 67 65 6d 65 6e 74 20 64 65 76 69 63 65	an.Out-of-Band.Management.device
ce3a0	20 77 68 69 63 68 20 70 72 6f 76 69 64 65 73 20 72 65 6d 6f 74 65 20 61 63 63 65 73 73 20 62 79	.which.provides.remote.access.by
ce3c0	20 6d 65 61 6e 73 20 6f 66 20 53 53 48 20 74 6f 20 64 69 72 65 63 74 6c 79 20 61 74 74 61 63 68	.means.of.SSH.to.directly.attach
ce3e0	65 64 20 73 65 72 69 61 6c 20 69 6e 74 65 72 66 61 63 65 73 2e 00 53 74 61 72 74 69 6e 67 20 77	ed.serial.interfaces..Starting.w
ce400	69 74 68 20 56 79 4f 53 20 31 2e 32 20 61 20 3a 61 62 62 72 3a 60 6d 44 4e 53 20 28 4d 75 6c 74	ith.VyOS.1.2.a.:abbr:`mDNS.(Mult
ce420	69 63 61 73 74 20 44 4e 53 29 60 20 72 65 70 65 61 74 65 72 20 66 75 6e 63 74 69 6f 6e 61 6c 69	icast.DNS)`.repeater.functionali
ce440	74 79 20 69 73 20 70 72 6f 76 69 64 65 64 2e 20 41 64 64 69 74 69 6f 6e 61 6c 20 69 6e 66 6f 72	ty.is.provided..Additional.infor
ce460	6d 61 74 69 6f 6e 20 63 61 6e 20 62 65 20 6f 62 74 61 69 6e 65 64 20 66 72 6f 6d 20 68 74 74 70	mation.can.be.obtained.from.http
ce480	73 3a 2f 2f 65 6e 2e 77 69 6b 69 70 65 64 69 61 2e 6f 72 67 2f 77 69 6b 69 2f 4d 75 6c 74 69 63	s://en.wikipedia.org/wiki/Multic
ce4a0	61 73 74 5f 44 4e 53 2e 00 53 74 61 74 69 63 00 53 74 61 74 69 63 20 3a 61 62 62 72 3a 60 53 41	ast_DNS..Static.Static.:abbr:`SA
ce4c0	4b 20 28 53 65 63 75 72 65 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 4b 65 79 29 60 20 6d	K.(Secure.Authentication.Key)`.m
ce4e0	6f 64 65 20 63 61 6e 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 6d 61 6e 75 61 6c 6c 79 20 6f	ode.can.be.configured.manually.o
ce500	6e 20 65 61 63 68 20 64 65 76 69 63 65 20 77 69 73 68 69 6e 67 20 74 6f 20 75 73 65 20 4d 41 43	n.each.device.wishing.to.use.MAC
ce520	73 65 63 2e 20 4b 65 79 73 20 6d 75 73 74 20 62 65 20 73 65 74 20 73 74 61 74 69 63 61 6c 6c 79	sec..Keys.must.be.set.statically
ce540	20 6f 6e 20 61 6c 6c 20 64 65 76 69 63 65 73 20 66 6f 72 20 74 72 61 66 66 69 63 20 74 6f 20 66	.on.all.devices.for.traffic.to.f
ce560	6c 6f 77 20 70 72 6f 70 65 72 6c 79 2e 20 4b 65 79 20 72 6f 74 61 74 69 6f 6e 20 69 73 20 64 65	low.properly..Key.rotation.is.de
ce580	70 65 6e 64 65 6e 74 20 6f 6e 20 74 68 65 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 75 70 64	pendent.on.the.administrator.upd
ce5a0	61 74 69 6e 67 20 61 6c 6c 20 6b 65 79 73 20 6d 61 6e 75 61 6c 6c 79 20 61 63 72 6f 73 73 20 63	ating.all.keys.manually.across.c
ce5c0	6f 6e 6e 65 63 74 65 64 20 64 65 76 69 63 65 73 2e 20 53 74 61 74 69 63 20 53 41 4b 20 6d 6f 64	onnected.devices..Static.SAK.mod
ce5e0	65 20 63 61 6e 20 6e 6f 74 20 62 65 20 75 73 65 64 20 77 69 74 68 20 4d 4b 41 2e 00 53 74 61 74	e.can.not.be.used.with.MKA..Stat
ce600	69 63 20 44 48 43 50 20 49 50 20 61 64 64 72 65 73 73 20 61 73 73 69 67 6e 20 74 6f 20 68 6f 73	ic.DHCP.IP.address.assign.to.hos
ce620	74 20 69 64 65 6e 74 69 66 69 65 64 20 62 79 20 60 3c 64 65 73 63 72 69 70 74 69 6f 6e 3e 60 2e	t.identified.by.`<description>`.
ce640	20 49 50 20 61 64 64 72 65 73 73 20 6d 75 73 74 20 62 65 20 69 6e 73 69 64 65 20 74 68 65 20 60	.IP.address.must.be.inside.the.`
ce660	3c 73 75 62 6e 65 74 3e 60 20 77 68 69 63 68 20 69 73 20 64 65 66 69 6e 65 64 20 62 75 74 20 63	<subnet>`.which.is.defined.but.c
ce680	61 6e 20 62 65 20 6f 75 74 73 69 64 65 20 74 68 65 20 64 79 6e 61 6d 69 63 20 72 61 6e 67 65 20	an.be.outside.the.dynamic.range.
ce6a0	63 72 65 61 74 65 64 20 77 69 74 68 20 3a 63 66 67 63 6d 64 3a 60 73 65 74 20 73 65 72 76 69 63	created.with.:cfgcmd:`set.servic
ce6c0	65 20 64 68 63 70 2d 73 65 72 76 65 72 20 73 68 61 72 65 64 2d 6e 65 74 77 6f 72 6b 2d 6e 61 6d	e.dhcp-server.shared-network-nam
ce6e0	65 20 3c 6e 61 6d 65 3e 20 73 75 62 6e 65 74 20 3c 73 75 62 6e 65 74 3e 20 72 61 6e 67 65 20 3c	e.<name>.subnet.<subnet>.range.<
ce700	6e 3e 60 2e 20 49 66 20 6e 6f 20 69 70 2d 61 64 64 72 65 73 73 20 69 73 20 73 70 65 63 69 66 69	n>`..If.no.ip-address.is.specifi
ce720	65 64 2c 20 61 6e 20 49 50 20 66 72 6f 6d 20 74 68 65 20 64 79 6e 61 6d 69 63 20 70 6f 6f 6c 20	ed,.an.IP.from.the.dynamic.pool.
ce740	69 73 20 75 73 65 64 2e 00 53 74 61 74 69 63 20 48 6f 73 74 6e 61 6d 65 20 4d 61 70 70 69 6e 67	is.used..Static.Hostname.Mapping
ce760	00 53 74 61 74 69 63 20 4b 65 79 73 00 53 74 61 74 69 63 20 52 6f 75 74 65 73 00 53 74 61 74 69	.Static.Keys.Static.Routes.Stati
ce780	63 20 52 6f 75 74 69 6e 67 20 6f 72 20 6f 74 68 65 72 20 64 79 6e 61 6d 69 63 20 72 6f 75 74 69	c.Routing.or.other.dynamic.routi
ce7a0	6e 67 20 70 72 6f 74 6f 63 6f 6c 73 20 63 61 6e 20 62 65 20 75 73 65 64 20 6f 76 65 72 20 74 68	ng.protocols.can.be.used.over.th
ce7c0	65 20 76 74 75 6e 20 69 6e 74 65 72 66 61 63 65 00 53 74 61 74 69 63 20 52 6f 75 74 69 6e 67 3a	e.vtun.interface.Static.Routing:
ce7e0	00 53 74 61 74 69 63 20 6d 61 70 70 69 6e 67 73 00 53 74 61 74 69 63 20 6d 61 70 70 69 6e 67 73	.Static.mappings.Static.mappings
ce800	20 61 72 65 6e 27 74 20 73 68 6f 77 6e 2e 20 54 6f 20 73 68 6f 77 20 61 6c 6c 20 73 74 61 74 65	.aren't.shown..To.show.all.state
ce820	73 2c 20 75 73 65 20 60 60 73 68 6f 77 20 64 68 63 70 20 73 65 72 76 65 72 20 6c 65 61 73 65 73	s,.use.``show.dhcp.server.leases
ce840	20 73 74 61 74 65 20 61 6c 6c 60 60 2e 00 53 74 61 74 69 63 20 72 6f 75 74 65 73 20 61 72 65 20	.state.all``..Static.routes.are.
ce860	6d 61 6e 75 61 6c 6c 79 20 63 6f 6e 66 69 67 75 72 65 64 20 72 6f 75 74 65 73 2c 20 77 68 69 63	manually.configured.routes,.whic
ce880	68 2c 20 69 6e 20 67 65 6e 65 72 61 6c 2c 20 63 61 6e 6e 6f 74 20 62 65 20 75 70 64 61 74 65 64	h,.in.general,.cannot.be.updated
ce8a0	20 64 79 6e 61 6d 69 63 61 6c 6c 79 20 66 72 6f 6d 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 56 79	.dynamically.from.information.Vy
ce8c0	4f 53 20 6c 65 61 72 6e 73 20 61 62 6f 75 74 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 74 6f 70 6f	OS.learns.about.the.network.topo
ce8e0	6c 6f 67 79 20 66 72 6f 6d 20 6f 74 68 65 72 20 72 6f 75 74 69 6e 67 20 70 72 6f 74 6f 63 6f 6c	logy.from.other.routing.protocol
ce900	73 2e 20 48 6f 77 65 76 65 72 2c 20 69 66 20 61 20 6c 69 6e 6b 20 66 61 69 6c 73 2c 20 74 68 65	s..However,.if.a.link.fails,.the
ce920	20 72 6f 75 74 65 72 20 77 69 6c 6c 20 72 65 6d 6f 76 65 20 72 6f 75 74 65 73 2c 20 69 6e 63 6c	.router.will.remove.routes,.incl
ce940	75 64 69 6e 67 20 73 74 61 74 69 63 20 72 6f 75 74 65 73 2c 20 66 72 6f 6d 20 74 68 65 20 3a 61	uding.static.routes,.from.the.:a
ce960	62 62 72 3a 60 52 49 50 42 20 28 52 6f 75 74 69 6e 67 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 20 42	bbr:`RIPB.(Routing.Information.B
ce980	61 73 65 29 60 20 74 68 61 74 20 75 73 65 64 20 74 68 69 73 20 69 6e 74 65 72 66 61 63 65 20 74	ase)`.that.used.this.interface.t
ce9a0	6f 20 72 65 61 63 68 20 74 68 65 20 6e 65 78 74 20 68 6f 70 2e 20 49 6e 20 67 65 6e 65 72 61 6c	o.reach.the.next.hop..In.general
ce9c0	2c 20 73 74 61 74 69 63 20 72 6f 75 74 65 73 20 73 68 6f 75 6c 64 20 6f 6e 6c 79 20 62 65 20 75	,.static.routes.should.only.be.u
ce9e0	73 65 64 20 66 6f 72 20 76 65 72 79 20 73 69 6d 70 6c 65 20 6e 65 74 77 6f 72 6b 20 74 6f 70 6f	sed.for.very.simple.network.topo
cea00	6c 6f 67 69 65 73 2c 20 6f 72 20 74 6f 20 6f 76 65 72 72 69 64 65 20 74 68 65 20 62 65 68 61 76	logies,.or.to.override.the.behav
cea20	69 6f 72 20 6f 66 20 61 20 64 79 6e 61 6d 69 63 20 72 6f 75 74 69 6e 67 20 70 72 6f 74 6f 63 6f	ior.of.a.dynamic.routing.protoco
cea40	6c 20 66 6f 72 20 61 20 73 6d 61 6c 6c 20 6e 75 6d 62 65 72 20 6f 66 20 72 6f 75 74 65 73 2e 20	l.for.a.small.number.of.routes..
cea60	54 68 65 20 63 6f 6c 6c 65 63 74 69 6f 6e 20 6f 66 20 61 6c 6c 20 72 6f 75 74 65 73 20 74 68 65	The.collection.of.all.routes.the
cea80	20 72 6f 75 74 65 72 20 68 61 73 20 6c 65 61 72 6e 65 64 20 66 72 6f 6d 20 69 74 73 20 63 6f 6e	.router.has.learned.from.its.con
ceaa0	66 69 67 75 72 61 74 69 6f 6e 20 6f 72 20 66 72 6f 6d 20 69 74 73 20 64 79 6e 61 6d 69 63 20 72	figuration.or.from.its.dynamic.r
ceac0	6f 75 74 69 6e 67 20 70 72 6f 74 6f 63 6f 6c 73 20 69 73 20 73 74 6f 72 65 64 20 69 6e 20 74 68	outing.protocols.is.stored.in.th
ceae0	65 20 52 49 42 2e 20 55 6e 69 63 61 73 74 20 72 6f 75 74 65 73 20 61 72 65 20 64 69 72 65 63 74	e.RIB..Unicast.routes.are.direct
ceb00	6c 79 20 75 73 65 64 20 74 6f 20 64 65 74 65 72 6d 69 6e 65 20 74 68 65 20 66 6f 72 77 61 72 64	ly.used.to.determine.the.forward
ceb20	69 6e 67 20 74 61 62 6c 65 20 75 73 65 64 20 66 6f 72 20 75 6e 69 63 61 73 74 20 70 61 63 6b 65	ing.table.used.for.unicast.packe
ceb40	74 20 66 6f 72 77 61 72 64 69 6e 67 2e 00 53 74 61 74 69 63 20 72 6f 75 74 65 73 20 63 61 6e 20	t.forwarding..Static.routes.can.
ceb60	62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 72 65 66 65 72 65 6e 63 69 6e 67 20 74 68 65 20 74 75	be.configured.referencing.the.tu
ceb80	6e 6e 65 6c 20 69 6e 74 65 72 66 61 63 65 3b 20 66 6f 72 20 65 78 61 6d 70 6c 65 2c 20 74 68 65	nnel.interface;.for.example,.the
ceba0	20 6c 6f 63 61 6c 20 72 6f 75 74 65 72 20 77 69 6c 6c 20 75 73 65 20 61 20 6e 65 74 77 6f 72 6b	.local.router.will.use.a.network
cebc0	20 6f 66 20 31 30 2e 30 2e 30 2e 30 2f 31 36 2c 20 77 68 69 6c 65 20 74 68 65 20 72 65 6d 6f 74	.of.10.0.0.0/16,.while.the.remot
cebe0	65 20 68 61 73 20 61 20 6e 65 74 77 6f 72 6b 20 6f 66 20 31 30 2e 31 2e 30 2e 30 2f 31 36 3a 00	e.has.a.network.of.10.1.0.0/16:.
cec00	53 74 61 74 69 6f 6e 20 73 75 70 70 6f 72 74 73 20 72 65 63 65 69 76 69 6e 67 20 56 48 54 20 76	Station.supports.receiving.VHT.v
cec20	61 72 69 61 6e 74 20 48 54 20 43 6f 6e 74 72 6f 6c 20 66 69 65 6c 64 00 53 74 61 74 75 73 00 53	ariant.HT.Control.field.Status.S
cec40	74 69 63 6b 79 20 43 6f 6e 6e 65 63 74 69 6f 6e 73 00 53 74 6f 72 61 67 65 20 6f 66 20 72 6f 75	ticky.Connections.Storage.of.rou
cec60	74 65 20 75 70 64 61 74 65 73 20 75 73 65 73 20 6d 65 6d 6f 72 79 2e 20 49 66 20 79 6f 75 20 65	te.updates.uses.memory..If.you.e
cec80	6e 61 62 6c 65 20 73 6f 66 74 20 72 65 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 69 6e 62 6f 75	nable.soft.reconfiguration.inbou
ceca0	6e 64 20 66 6f 72 20 6d 75 6c 74 69 70 6c 65 20 6e 65 69 67 68 62 6f 72 73 2c 20 74 68 65 20 61	nd.for.multiple.neighbors,.the.a
cecc0	6d 6f 75 6e 74 20 6f 66 20 6d 65 6d 6f 72 79 20 75 73 65 64 20 63 61 6e 20 62 65 63 6f 6d 65 20	mount.of.memory.used.can.become.
cece0	73 69 67 6e 69 66 69 63 61 6e 74 2e 00 53 75 66 66 69 78 65 73 00 53 75 6d 6d 61 72 69 73 61 74	significant..Suffixes.Summarisat
ced00	69 6f 6e 20 73 74 61 72 74 73 20 6f 6e 6c 79 20 61 66 74 65 72 20 74 68 69 73 20 64 65 6c 61 79	ion.starts.only.after.this.delay
ced20	20 74 69 6d 65 72 20 65 78 70 69 72 79 2e 00 53 75 70 70 6f 72 74 65 64 20 4d 6f 64 75 6c 65 73	.timer.expiry..Supported.Modules
ced40	00 53 75 70 70 6f 72 74 65 64 20 63 68 61 6e 6e 65 6c 20 77 69 64 74 68 20 73 65 74 2e 00 53 75	.Supported.channel.width.set..Su
ced60	70 70 6f 72 74 65 64 20 69 6e 74 65 72 66 61 63 65 20 74 79 70 65 73 3a 00 53 75 70 70 6f 72 74	pported.interface.types:.Support
ced80	65 64 20 72 65 6d 6f 74 65 20 70 72 6f 74 6f 63 6f 6c 73 20 61 72 65 20 46 54 50 2c 20 46 54 50	ed.remote.protocols.are.FTP,.FTP
ceda0	53 2c 20 48 54 54 50 2c 20 48 54 54 50 53 2c 20 53 43 50 2f 53 46 54 50 20 61 6e 64 20 54 46 54	S,.HTTP,.HTTPS,.SCP/SFTP.and.TFT
cedc0	50 2e 00 53 75 70 70 6f 72 74 65 64 20 76 65 72 73 69 6f 6e 73 20 6f 66 20 52 49 50 20 61 72 65	P..Supported.versions.of.RIP.are
cede0	3a 00 53 75 70 70 6f 72 74 73 20 61 73 20 48 45 4c 50 45 52 20 66 6f 72 20 63 6f 6e 66 69 67 75	:.Supports.as.HELPER.for.configu
cee00	72 65 64 20 67 72 61 63 65 20 70 65 72 69 6f 64 2e 00 53 75 70 70 6f 73 65 20 74 68 65 20 4c 45	red.grace.period..Suppose.the.LE
cee20	46 54 20 72 6f 75 74 65 72 20 68 61 73 20 65 78 74 65 72 6e 61 6c 20 61 64 64 72 65 73 73 20 31	FT.router.has.external.address.1
cee40	39 32 2e 30 2e 32 2e 31 30 20 6f 6e 20 69 74 73 20 65 74 68 30 20 69 6e 74 65 72 66 61 63 65 2c	92.0.2.10.on.its.eth0.interface,
cee60	20 61 6e 64 20 74 68 65 20 52 49 47 48 54 20 72 6f 75 74 65 72 20 69 73 20 32 30 33 2e 30 2e 31	.and.the.RIGHT.router.is.203.0.1
cee80	31 33 2e 34 35 00 53 75 70 70 6f 73 65 20 79 6f 75 20 77 61 6e 74 20 74 6f 20 75 73 65 20 31 30	13.45.Suppose.you.want.to.use.10
ceea0	2e 32 33 2e 31 2e 30 2f 32 34 20 6e 65 74 77 6f 72 6b 20 66 6f 72 20 63 6c 69 65 6e 74 20 74 75	.23.1.0/24.network.for.client.tu
ceec0	6e 6e 65 6c 20 65 6e 64 70 6f 69 6e 74 73 20 61 6e 64 20 61 6c 6c 20 63 6c 69 65 6e 74 20 73 75	nnel.endpoints.and.all.client.su
ceee0	62 6e 65 74 73 20 62 65 6c 6f 6e 67 20 74 6f 20 31 30 2e 32 33 2e 30 2e 30 2f 32 30 2e 20 41 6c	bnets.belong.to.10.23.0.0/20..Al
cef00	6c 20 63 6c 69 65 6e 74 73 20 6e 65 65 64 20 61 63 63 65 73 73 20 74 6f 20 74 68 65 20 31 39 32	l.clients.need.access.to.the.192
cef20	2e 31 36 38 2e 30 2e 30 2f 31 36 20 6e 65 74 77 6f 72 6b 2e 00 53 75 70 70 72 65 73 73 20 73 65	.168.0.0/16.network..Suppress.se
cef40	6e 64 69 6e 67 20 43 61 70 61 62 69 6c 69 74 79 20 4e 65 67 6f 74 69 61 74 69 6f 6e 20 61 73 20	nding.Capability.Negotiation.as.
cef60	4f 50 45 4e 20 6d 65 73 73 61 67 65 20 6f 70 74 69 6f 6e 61 6c 20 70 61 72 61 6d 65 74 65 72 20	OPEN.message.optional.parameter.
cef80	74 6f 20 74 68 65 20 70 65 65 72 2e 20 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 6f 6e 6c 79 20 61	to.the.peer..This.command.only.a
cefa0	66 66 65 63 74 73 20 74 68 65 20 70 65 65 72 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 6f 74	ffects.the.peer.is.configured.ot
cefc0	68 65 72 20 74 68 61 6e 20 49 50 76 34 20 75 6e 69 63 61 73 74 20 63 6f 6e 66 69 67 75 72 61 74	her.than.IPv4.unicast.configurat
cefe0	69 6f 6e 2e 00 53 79 6e 61 6d 69 63 20 69 6e 73 74 72 75 63 74 73 20 74 6f 20 66 6f 72 77 61 72	ion..Synamic.instructs.to.forwar
cf000	64 20 74 6f 20 61 6c 6c 20 70 65 65 72 73 20 77 68 69 63 68 20 77 65 20 68 61 76 65 20 61 20 64	d.to.all.peers.which.we.have.a.d
cf020	69 72 65 63 74 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 77 69 74 68 2e 20 41 6c 74 65 72 6e 61 74 69	irect.connection.with..Alternati
cf040	76 65 6c 79 2c 20 79 6f 75 20 63 61 6e 20 73 70 65 63 69 66 79 20 74 68 65 20 64 69 72 65 63 74	vely,.you.can.specify.the.direct
cf060	69 76 65 20 6d 75 6c 74 69 70 6c 65 20 74 69 6d 65 73 20 66 6f 72 20 65 61 63 68 20 70 72 6f 74	ive.multiple.times.for.each.prot
cf080	6f 63 6f 6c 2d 61 64 64 72 65 73 73 20 74 68 65 20 6d 75 6c 74 69 63 61 73 74 20 74 72 61 66 66	ocol-address.the.multicast.traff
cf0a0	69 63 20 73 68 6f 75 6c 64 20 62 65 20 73 65 6e 74 20 74 6f 2e 00 53 79 6e 63 20 67 72 6f 75 70	ic.should.be.sent.to..Sync.group
cf0c0	73 00 53 79 6e 74 61 78 20 68 61 73 20 63 68 61 6e 67 65 64 20 66 72 6f 6d 20 56 79 4f 53 20 31	s.Syntax.has.changed.from.VyOS.1
cf0e0	2e 32 20 28 63 72 75 78 29 20 61 6e 64 20 69 74 20 77 69 6c 6c 20 62 65 20 61 75 74 6f 6d 61 74	.2.(crux).and.it.will.be.automat
cf100	69 63 61 6c 6c 79 20 6d 69 67 72 61 74 65 64 20 64 75 72 69 6e 67 20 61 6e 20 75 70 67 72 61 64	ically.migrated.during.an.upgrad
cf120	65 2e 00 53 79 73 63 74 6c 00 53 79 73 6c 6f 67 00 53 79 73 6c 6f 67 20 73 75 70 70 6f 72 74 73	e..Sysctl.Syslog.Syslog.supports
cf140	20 6c 6f 67 67 69 6e 67 20 74 6f 20 6d 75 6c 74 69 70 6c 65 20 74 61 72 67 65 74 73 2c 20 74 68	.logging.to.multiple.targets,.th
cf160	6f 73 65 20 74 61 72 67 65 74 73 20 63 6f 75 6c 64 20 62 65 20 61 20 70 6c 61 69 6e 20 66 69 6c	ose.targets.could.be.a.plain.fil
cf180	65 20 6f 6e 20 79 6f 75 72 20 56 79 4f 53 20 69 6e 73 74 61 6c 6c 61 74 69 6f 6e 20 69 74 73 65	e.on.your.VyOS.installation.itse
cf1a0	6c 66 2c 20 61 20 73 65 72 69 61 6c 20 63 6f 6e 73 6f 6c 65 20 6f 72 20 61 20 72 65 6d 6f 74 65	lf,.a.serial.console.or.a.remote
cf1c0	20 73 79 73 6c 6f 67 20 73 65 72 76 65 72 20 77 68 69 63 68 20 69 73 20 72 65 61 63 68 65 64 20	.syslog.server.which.is.reached.
cf1e0	76 69 61 20 3a 61 62 62 72 3a 60 49 50 20 28 49 6e 74 65 72 6e 65 74 20 50 72 6f 74 6f 63 6f 6c	via.:abbr:`IP.(Internet.Protocol
cf200	29 60 20 55 44 50 2f 54 43 50 2e 00 53 79 73 6c 6f 67 20 75 73 65 73 20 6c 6f 67 72 6f 74 61 74	)`.UDP/TCP..Syslog.uses.logrotat
cf220	65 20 74 6f 20 72 6f 74 61 74 65 20 6c 6f 67 69 6c 65 73 20 61 66 74 65 72 20 61 20 6e 75 6d 62	e.to.rotate.logiles.after.a.numb
cf240	65 72 20 6f 66 20 67 69 76 65 73 20 62 79 74 65 73 2e 20 57 65 20 6b 65 65 70 20 61 73 20 6d 61	er.of.gives.bytes..We.keep.as.ma
cf260	6e 79 20 61 73 20 60 3c 6e 75 6d 62 65 72 3e 60 20 72 6f 74 61 74 65 64 20 66 69 6c 65 20 62 65	ny.as.`<number>`.rotated.file.be
cf280	66 6f 72 65 20 74 68 65 79 20 61 72 65 20 64 65 6c 65 74 65 64 20 6f 6e 20 74 68 65 20 73 79 73	fore.they.are.deleted.on.the.sys
cf2a0	74 65 6d 2e 00 53 79 73 6c 6f 67 20 77 69 6c 6c 20 77 72 69 74 65 20 60 3c 73 69 7a 65 3e 60 20	tem..Syslog.will.write.`<size>`.
cf2c0	6b 69 6c 6f 62 79 74 65 73 20 69 6e 74 6f 20 74 68 65 20 66 69 6c 65 20 73 70 65 63 69 66 69 65	kilobytes.into.the.file.specifie
cf2e0	64 20 62 79 20 60 3c 66 69 6c 65 6e 61 6d 65 3e 60 2e 20 41 66 74 65 72 20 74 68 69 73 20 6c 69	d.by.`<filename>`..After.this.li
cf300	6d 69 74 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2c 20 74 68 65 20 63 75 73 74 6f 6d	mit.has.been.reached,.the.custom
cf320	20 66 69 6c 65 20 69 73 20 22 72 6f 74 61 74 65 64 22 20 62 79 20 6c 6f 67 72 6f 74 61 74 65 20	.file.is."rotated".by.logrotate.
cf340	61 6e 64 20 61 20 6e 65 77 20 63 75 73 74 6f 6d 20 66 69 6c 65 20 69 73 20 63 72 65 61 74 65 64	and.a.new.custom.file.is.created
cf360	2e 00 53 79 73 74 65 6d 00 53 79 73 74 65 6d 20 44 4e 53 00 53 79 73 74 65 6d 20 44 69 73 70 6c	..System.System.DNS.System.Displ
cf380	61 79 20 28 4c 43 44 29 00 53 79 73 74 65 6d 20 4e 61 6d 65 20 61 6e 64 20 44 65 73 63 72 69 70	ay.(LCD).System.Name.and.Descrip
cf3a0	74 69 6f 6e 00 53 79 73 74 65 6d 20 50 72 6f 78 79 00 53 79 73 74 65 6d 20 63 61 70 61 62 69 6c	tion.System.Proxy.System.capabil
cf3c0	69 74 69 65 73 20 28 73 77 69 74 63 68 69 6e 67 2c 20 72 6f 75 74 69 6e 67 2c 20 65 74 63 2e 29	ities.(switching,.routing,.etc.)
cf3e0	00 53 79 73 74 65 6d 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 63 6f 6d 6d 61 6e 64 73 00 53	.System.configuration.commands.S
cf400	79 73 74 65 6d 20 64 61 65 6d 6f 6e 73 00 53 79 73 74 65 6d 20 69 64 65 6e 74 69 66 69 65 72 3a	ystem.daemons.System.identifier:
cf420	20 60 60 31 39 32 31 2e 36 38 30 30 2e 31 30 30 32 60 60 20 2d 20 66 6f 72 20 73 79 73 74 65 6d	.``1921.6800.1002``.-.for.system
cf440	20 69 64 65 74 69 66 69 65 72 73 20 77 65 20 72 65 63 6f 6d 6d 65 6e 64 20 74 6f 20 75 73 65 20	.idetifiers.we.recommend.to.use.
cf460	49 50 20 61 64 64 72 65 73 73 20 6f 72 20 4d 41 43 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65	IP.address.or.MAC.address.of.the
cf480	20 72 6f 75 74 65 72 20 69 74 73 65 6c 66 2e 20 54 68 65 20 77 61 79 20 74 6f 20 63 6f 6e 73 74	.router.itself..The.way.to.const
cf4a0	72 75 63 74 20 74 68 69 73 20 69 73 20 74 6f 20 6b 65 65 70 20 61 6c 6c 20 6f 66 20 74 68 65 20	ruct.this.is.to.keep.all.of.the.
cf4c0	7a 65 72 6f 65 73 20 6f 66 20 74 68 65 20 72 6f 75 74 65 72 20 49 50 20 61 64 64 72 65 73 73 2c	zeroes.of.the.router.IP.address,
cf4e0	20 61 6e 64 20 74 68 65 6e 20 63 68 61 6e 67 65 20 74 68 65 20 70 65 72 69 6f 64 73 20 66 72 6f	.and.then.change.the.periods.fro
cf500	6d 20 62 65 69 6e 67 20 65 76 65 72 79 20 74 68 72 65 65 20 6e 75 6d 62 65 72 73 20 74 6f 20 65	m.being.every.three.numbers.to.e
cf520	76 65 72 79 20 66 6f 75 72 20 6e 75 6d 62 65 72 73 2e 20 54 68 65 20 61 64 64 72 65 73 73 20 74	very.four.numbers..The.address.t
cf540	68 61 74 20 69 73 20 6c 69 73 74 65 64 20 68 65 72 65 20 69 73 20 60 60 31 39 32 2e 31 36 38 2e	hat.is.listed.here.is.``192.168.
cf560	31 2e 32 60 60 2c 20 77 68 69 63 68 20 69 66 20 65 78 70 61 6e 64 65 64 20 77 69 6c 6c 20 74 75	1.2``,.which.if.expanded.will.tu
cf580	72 6e 20 69 6e 74 6f 20 60 60 31 39 32 2e 31 36 38 2e 30 30 31 2e 30 30 32 60 60 2e 20 54 68 65	rn.into.``192.168.001.002``..The
cf5a0	6e 20 61 6c 6c 20 6f 6e 65 20 68 61 73 20 74 6f 20 64 6f 20 69 73 20 6d 6f 76 65 20 74 68 65 20	n.all.one.has.to.do.is.move.the.
cf5c0	64 6f 74 73 20 74 6f 20 68 61 76 65 20 66 6f 75 72 20 6e 75 6d 62 65 72 73 20 69 6e 73 74 65 61	dots.to.have.four.numbers.instea
cf5e0	64 20 6f 66 20 74 68 72 65 65 2e 20 54 68 69 73 20 67 69 76 65 73 20 75 73 20 60 60 31 39 32 31	d.of.three..This.gives.us.``1921
cf600	2e 36 38 30 30 2e 31 30 30 32 60 60 2e 00 53 79 73 74 65 6d 20 69 73 20 75 6e 75 73 61 62 6c 65	.6800.1002``..System.is.unusable
cf620	20 2d 20 61 20 70 61 6e 69 63 20 63 6f 6e 64 69 74 69 6f 6e 00 54 41 43 41 43 53 20 45 78 61 6d	.-.a.panic.condition.TACACS.Exam
cf640	70 6c 65 00 54 41 43 41 43 53 20 69 73 20 64 65 66 69 6e 65 64 20 69 6e 20 3a 72 66 63 3a 60 38	ple.TACACS.is.defined.in.:rfc:`8
cf660	39 30 37 60 2e 00 54 41 43 41 43 53 20 73 65 72 76 65 72 73 20 63 6f 75 6c 64 20 62 65 20 68 61	907`..TACACS.servers.could.be.ha
cf680	72 64 65 6e 65 64 20 62 79 20 6f 6e 6c 79 20 61 6c 6c 6f 77 69 6e 67 20 63 65 72 74 61 69 6e 20	rdened.by.only.allowing.certain.
cf6a0	49 50 20 61 64 64 72 65 73 73 65 73 20 74 6f 20 63 6f 6e 6e 65 63 74 2e 20 41 73 20 6f 66 20 74	IP.addresses.to.connect..As.of.t
cf6c0	68 69 73 20 74 68 65 20 73 6f 75 72 63 65 20 61 64 64 72 65 73 73 20 6f 66 20 65 61 63 68 20 54	his.the.source.address.of.each.T
cf6e0	41 43 41 43 53 20 71 75 65 72 79 20 63 61 6e 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 2e 00 54	ACACS.query.can.be.configured..T
cf700	41 43 41 43 53 2b 00 54 42 44 00 54 43 50 20 26 20 55 44 50 20 73 65 72 76 69 63 65 73 20 72 75	ACACS+.TBD.TCP.&.UDP.services.ru
cf720	6e 6e 69 6e 67 20 69 6e 20 74 68 65 20 64 65 66 61 75 6c 74 20 56 52 46 20 63 6f 6e 74 65 78 74	nning.in.the.default.VRF.context
cf740	20 28 69 65 2e 2c 20 6e 6f 74 20 62 6f 75 6e 64 20 74 6f 20 61 6e 79 20 56 52 46 20 64 65 76 69	.(ie.,.not.bound.to.any.VRF.devi
cf760	63 65 29 20 63 61 6e 20 77 6f 72 6b 20 61 63 72 6f 73 73 20 61 6c 6c 20 56 52 46 20 64 6f 6d 61	ce).can.work.across.all.VRF.doma
cf780	69 6e 73 20 62 79 20 65 6e 61 62 6c 69 6e 67 20 74 68 69 73 20 6f 70 74 69 6f 6e 2e 00 54 46 54	ins.by.enabling.this.option..TFT
cf7a0	50 20 53 65 72 76 65 72 00 54 61 67 20 69 73 20 74 68 65 20 6f 70 74 69 6f 6e 61 6c 20 70 61 72	P.Server.Tag.is.the.optional.par
cf7c0	61 6d 65 74 65 72 2e 20 49 66 20 74 61 67 20 63 6f 6e 66 69 67 75 72 65 64 20 53 75 6d 6d 61 72	ameter..If.tag.configured.Summar
cf7e0	79 20 72 6f 75 74 65 20 77 69 6c 6c 20 62 65 20 6f 72 69 67 69 6e 61 74 65 64 20 77 69 74 68 20	y.route.will.be.originated.with.
cf800	74 68 65 20 63 6f 6e 66 69 67 75 72 65 64 20 74 61 67 2e 00 54 61 73 6b 20 53 63 68 65 64 75 6c	the.configured.tag..Task.Schedul
cf820	65 72 00 54 65 6c 65 67 72 61 66 00 54 65 6c 65 67 72 61 66 20 6f 75 74 70 75 74 20 70 6c 75 67	er.Telegraf.Telegraf.output.plug
cf840	69 6e 20 61 7a 75 72 65 2d 64 61 74 61 2d 65 78 70 6c 6f 72 65 72 5f 00 54 65 6c 65 67 72 61 66	in.azure-data-explorer_.Telegraf
cf860	20 6f 75 74 70 75 74 20 70 6c 75 67 69 6e 20 70 72 6f 6d 65 74 68 65 75 73 2d 63 6c 69 65 6e 74	.output.plugin.prometheus-client
cf880	5f 00 54 65 6c 65 67 72 61 66 20 6f 75 74 70 75 74 20 70 6c 75 67 69 6e 20 73 70 6c 75 6e 6b 5f	_.Telegraf.output.plugin.splunk_
cf8a0	2e 20 48 54 54 50 20 45 76 65 6e 74 20 43 6f 6c 6c 65 63 74 6f 72 2e 00 54 65 6c 6c 20 68 6f 73	..HTTP.Event.Collector..Tell.hos
cf8c0	74 73 20 74 6f 20 75 73 65 20 74 68 65 20 61 64 6d 69 6e 69 73 74 65 72 65 64 20 28 73 74 61 74	ts.to.use.the.administered.(stat
cf8e0	65 66 75 6c 29 20 70 72 6f 74 6f 63 6f 6c 20 28 69 2e 65 2e 20 44 48 43 50 29 20 66 6f 72 20 61	eful).protocol.(i.e..DHCP).for.a
cf900	75 74 6f 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 66 20 6f 74 68 65 72 20 28 6e 6f 6e 2d 61	utoconfiguration.of.other.(non-a
cf920	64 64 72 65 73 73 29 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 00 54 65 6c 6c 20 68 6f 73 74 73 20 74	ddress).information.Tell.hosts.t
cf940	6f 20 75 73 65 20 74 68 65 20 61 64 6d 69 6e 69 73 74 65 72 65 64 20 73 74 61 74 65 66 75 6c 20	o.use.the.administered.stateful.
cf960	70 72 6f 74 6f 63 6f 6c 20 28 69 2e 65 2e 20 44 48 43 50 29 20 66 6f 72 20 61 75 74 6f 63 6f 6e	protocol.(i.e..DHCP).for.autocon
cf980	66 69 67 75 72 61 74 69 6f 6e 00 54 65 6d 70 6f 72 61 72 79 20 64 69 73 61 62 6c 65 20 74 68 69	figuration.Temporary.disable.thi
cf9a0	73 20 52 41 44 49 55 53 20 73 65 72 76 65 72 2e 00 54 65 6d 70 6f 72 61 72 79 20 64 69 73 61 62	s.RADIUS.server..Temporary.disab
cf9c0	6c 65 20 74 68 69 73 20 52 41 44 49 55 53 20 73 65 72 76 65 72 2e 20 49 74 20 77 6f 6e 27 74 20	le.this.RADIUS.server..It.won't.
cf9e0	62 65 20 71 75 65 72 69 65 64 2e 00 54 65 6d 70 6f 72 61 72 79 20 64 69 73 61 62 6c 65 20 74 68	be.queried..Temporary.disable.th
cfa00	69 73 20 54 41 43 41 43 53 20 73 65 72 76 65 72 2e 20 49 74 20 77 6f 6e 27 74 20 62 65 20 71 75	is.TACACS.server..It.won't.be.qu
cfa20	65 72 69 65 64 2e 00 54 65 72 6d 69 6e 61 74 65 20 53 53 4c 00 54 65 73 74 20 63 6f 6e 6e 65 63	eried..Terminate.SSL.Test.connec
cfa40	74 69 6e 67 20 67 69 76 65 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 2d 6f 72 69 65 6e 74 65 64 20 69	ting.given.connection-oriented.i
cfa60	6e 74 65 72 66 61 63 65 2e 20 60 3c 69 6e 74 65 72 66 61 63 65 3e 60 20 63 61 6e 20 62 65 20 60	nterface..`<interface>`.can.be.`
cfa80	60 70 70 70 6f 65 30 60 60 20 61 73 20 74 68 65 20 65 78 61 6d 70 6c 65 2e 00 54 65 73 74 20 63	`pppoe0``.as.the.example..Test.c
cfaa0	6f 6e 6e 65 63 74 69 6e 67 20 67 69 76 65 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 2d 6f 72 69 65 6e	onnecting.given.connection-orien
cfac0	74 65 64 20 69 6e 74 65 72 66 61 63 65 2e 20 60 3c 69 6e 74 65 72 66 61 63 65 3e 60 20 63 61 6e	ted.interface..`<interface>`.can
cfae0	20 62 65 20 60 60 73 73 74 70 63 30 60 60 20 61 73 20 74 68 65 20 65 78 61 6d 70 6c 65 2e 00 54	.be.``sstpc0``.as.the.example..T
cfb00	65 73 74 20 64 69 73 63 6f 6e 6e 65 63 74 69 6e 67 20 67 69 76 65 6e 20 63 6f 6e 6e 65 63 74 69	est.disconnecting.given.connecti
cfb20	6f 6e 2d 6f 72 69 65 6e 74 65 64 20 69 6e 74 65 72 66 61 63 65 2e 20 60 3c 69 6e 74 65 72 66 61	on-oriented.interface..`<interfa
cfb40	63 65 3e 60 20 63 61 6e 20 62 65 20 60 60 70 70 70 6f 65 30 60 60 20 61 73 20 74 68 65 20 65 78	ce>`.can.be.``pppoe0``.as.the.ex
cfb60	61 6d 70 6c 65 2e 00 54 65 73 74 20 64 69 73 63 6f 6e 6e 65 63 74 69 6e 67 20 67 69 76 65 6e 20	ample..Test.disconnecting.given.
cfb80	63 6f 6e 6e 65 63 74 69 6f 6e 2d 6f 72 69 65 6e 74 65 64 20 69 6e 74 65 72 66 61 63 65 2e 20 60	connection-oriented.interface..`
cfba0	3c 69 6e 74 65 72 66 61 63 65 3e 60 20 63 61 6e 20 62 65 20 60 60 73 73 74 70 63 30 60 60 20 61	<interface>`.can.be.``sstpc0``.a
cfbc0	73 20 74 68 65 20 65 78 61 6d 70 6c 65 2e 00 54 65 73 74 69 6e 67 20 53 53 54 50 00 54 65 73 74	s.the.example..Testing.SSTP.Test
cfbe0	69 6e 67 20 61 6e 64 20 56 61 6c 69 64 61 74 69 6f 6e 00 54 68 61 6e 6b 73 20 74 6f 20 74 68 69	ing.and.Validation.Thanks.to.thi
cfc00	73 20 64 69 73 63 6f 76 65 72 79 2c 20 61 6e 79 20 73 75 62 73 65 71 75 65 6e 74 20 74 72 61 66	s.discovery,.any.subsequent.traf
cfc20	66 69 63 20 62 65 74 77 65 65 6e 20 50 43 34 20 61 6e 64 20 50 43 35 20 77 69 6c 6c 20 6e 6f 74	fic.between.PC4.and.PC5.will.not
cfc40	20 62 65 20 75 73 69 6e 67 20 74 68 65 20 6d 75 6c 74 69 63 61 73 74 2d 61 64 64 72 65 73 73 20	.be.using.the.multicast-address.
cfc60	62 65 74 77 65 65 6e 20 74 68 65 20 6c 65 61 76 65 73 20 61 73 20 74 68 65 79 20 62 6f 74 68 20	between.the.leaves.as.they.both.
cfc80	6b 6e 6f 77 20 62 65 68 69 6e 64 20 77 68 69 63 68 20 4c 65 61 66 20 74 68 65 20 50 43 73 20 61	know.behind.which.Leaf.the.PCs.a
cfca0	72 65 20 63 6f 6e 6e 65 63 74 65 64 2e 20 54 68 69 73 20 73 61 76 65 73 20 74 72 61 66 66 69 63	re.connected..This.saves.traffic
cfcc0	20 61 73 20 6c 65 73 73 20 6d 75 6c 74 69 63 61 73 74 20 70 61 63 6b 65 74 73 20 73 65 6e 74 20	.as.less.multicast.packets.sent.
cfce0	72 65 64 75 63 65 73 20 74 68 65 20 6c 6f 61 64 20 6f 6e 20 74 68 65 20 6e 65 74 77 6f 72 6b 2c	reduces.the.load.on.the.network,
cfd00	20 77 68 69 63 68 20 69 6d 70 72 6f 76 65 73 20 73 63 61 6c 61 62 69 6c 69 74 79 20 77 68 65 6e	.which.improves.scalability.when
cfd20	20 6d 6f 72 65 20 6c 65 61 76 65 73 20 61 72 65 20 61 64 64 65 64 2e 00 54 68 61 74 20 69 73 20	.more.leaves.are.added..That.is.
cfd40	68 6f 77 20 69 74 20 69 73 20 70 6f 73 73 69 62 6c 65 20 74 6f 20 64 6f 20 74 68 65 20 73 6f 2d	how.it.is.possible.to.do.the.so-
cfd60	63 61 6c 6c 65 64 20 22 69 6e 67 72 65 73 73 20 73 68 61 70 69 6e 67 22 2e 00 54 68 61 74 20 6c	called."ingress.shaping"..That.l
cfd80	6f 6f 6b 73 20 67 6f 6f 64 20 2d 20 77 65 20 64 65 66 69 6e 65 64 20 32 20 74 75 6e 6e 65 6c 73	ooks.good.-.we.defined.2.tunnels
cfda0	20 61 6e 64 20 74 68 65 79 27 72 65 20 62 6f 74 68 20 75 70 20 61 6e 64 20 72 75 6e 6e 69 6e 67	.and.they're.both.up.and.running
cfdc0	2e 00 54 68 65 20 3a 61 62 62 72 3a 60 41 53 4e 20 28 41 75 74 6f 6e 6f 6d 6f 75 73 20 53 79 73	..The.:abbr:`ASN.(Autonomous.Sys
cfde0	74 65 6d 20 4e 75 6d 62 65 72 29 60 20 69 73 20 6f 6e 65 20 6f 66 20 74 68 65 20 65 73 73 65 6e	tem.Number)`.is.one.of.the.essen
cfe00	74 69 61 6c 20 65 6c 65 6d 65 6e 74 73 20 6f 66 20 42 47 50 2e 20 42 47 50 20 69 73 20 61 20 64	tial.elements.of.BGP..BGP.is.a.d
cfe20	69 73 74 61 6e 63 65 20 76 65 63 74 6f 72 20 72 6f 75 74 69 6e 67 20 70 72 6f 74 6f 63 6f 6c 2c	istance.vector.routing.protocol,
cfe40	20 61 6e 64 20 74 68 65 20 41 53 2d 50 61 74 68 20 66 72 61 6d 65 77 6f 72 6b 20 70 72 6f 76 69	.and.the.AS-Path.framework.provi
cfe60	64 65 73 20 64 69 73 74 61 6e 63 65 20 76 65 63 74 6f 72 20 6d 65 74 72 69 63 20 61 6e 64 20 6c	des.distance.vector.metric.and.l
cfe80	6f 6f 70 20 64 65 74 65 63 74 69 6f 6e 20 74 6f 20 42 47 50 2e 00 54 68 65 20 3a 61 62 62 72 3a	oop.detection.to.BGP..The.:abbr:
cfea0	60 44 4e 50 54 76 36 20 28 44 65 73 74 69 6e 61 74 69 6f 6e 20 49 50 76 36 2d 74 6f 2d 49 50 76	`DNPTv6.(Destination.IPv6-to-IPv
cfec0	36 20 4e 65 74 77 6f 72 6b 20 50 72 65 66 69 78 20 54 72 61 6e 73 6c 61 74 69 6f 6e 29 60 20 64	6.Network.Prefix.Translation)`.d
cfee0	65 73 74 69 6e 61 74 69 6f 6e 20 61 64 64 72 65 73 73 20 74 72 61 6e 73 6c 61 74 69 6f 6e 20 66	estination.address.translation.f
cff00	75 6e 63 74 69 6f 6e 20 69 73 20 75 73 65 64 20 69 6e 20 73 63 65 6e 61 72 69 6f 73 20 77 68 65	unction.is.used.in.scenarios.whe
cff20	72 65 20 74 68 65 20 73 65 72 76 65 72 20 69 6e 20 74 68 65 20 69 6e 74 65 72 6e 61 6c 20 6e 65	re.the.server.in.the.internal.ne
cff40	74 77 6f 72 6b 20 70 72 6f 76 69 64 65 73 20 73 65 72 76 69 63 65 73 20 74 6f 20 74 68 65 20 65	twork.provides.services.to.the.e
cff60	78 74 65 72 6e 61 6c 20 6e 65 74 77 6f 72 6b 2c 20 73 75 63 68 20 61 73 20 70 72 6f 76 69 64 69	xternal.network,.such.as.providi
cff80	6e 67 20 57 65 62 20 73 65 72 76 69 63 65 73 20 6f 72 20 46 54 50 20 73 65 72 76 69 63 65 73 20	ng.Web.services.or.FTP.services.
cffa0	74 6f 20 74 68 65 20 65 78 74 65 72 6e 61 6c 20 6e 65 74 77 6f 72 6b 2e 20 42 79 20 63 6f 6e 66	to.the.external.network..By.conf
cffc0	69 67 75 72 69 6e 67 20 74 68 65 20 6d 61 70 70 69 6e 67 20 72 65 6c 61 74 69 6f 6e 73 68 69 70	iguring.the.mapping.relationship
cffe0	20 62 65 74 77 65 65 6e 20 74 68 65 20 69 6e 74 65 72 6e 61 6c 20 73 65 72 76 65 72 20 61 64 64	.between.the.internal.server.add
d0000	72 65 73 73 20 61 6e 64 20 74 68 65 20 65 78 74 65 72 6e 61 6c 20 6e 65 74 77 6f 72 6b 20 61 64	ress.and.the.external.network.ad
d0020	64 72 65 73 73 20 6f 6e 20 74 68 65 20 65 78 74 65 72 6e 61 6c 20 6e 65 74 77 6f 72 6b 20 73 69	dress.on.the.external.network.si
d0040	64 65 20 69 6e 74 65 72 66 61 63 65 20 6f 66 20 74 68 65 20 4e 41 54 36 36 20 64 65 76 69 63 65	de.interface.of.the.NAT66.device
d0060	2c 20 65 78 74 65 72 6e 61 6c 20 6e 65 74 77 6f 72 6b 20 75 73 65 72 73 20 63 61 6e 20 61 63 63	,.external.network.users.can.acc
d0080	65 73 73 20 74 68 65 20 69 6e 74 65 72 6e 61 6c 20 6e 65 74 77 6f 72 6b 20 73 65 72 76 65 72 20	ess.the.internal.network.server.
d00a0	74 68 72 6f 75 67 68 20 74 68 65 20 64 65 73 69 67 6e 61 74 65 64 20 65 78 74 65 72 6e 61 6c 20	through.the.designated.external.
d00c0	6e 65 74 77 6f 72 6b 20 61 64 64 72 65 73 73 2e 00 54 68 65 20 3a 61 62 62 72 3a 60 4d 50 4c 53	network.address..The.:abbr:`MPLS
d00e0	20 28 4d 75 6c 74 69 2d 50 72 6f 74 6f 63 6f 6c 20 4c 61 62 65 6c 20 53 77 69 74 63 68 69 6e 67	.(Multi-Protocol.Label.Switching
d0100	29 60 20 61 72 63 68 69 74 65 63 74 75 72 65 20 64 6f 65 73 20 6e 6f 74 20 61 73 73 75 6d 65 20	)`.architecture.does.not.assume.
d0120	61 20 73 69 6e 67 6c 65 20 70 72 6f 74 6f 63 6f 6c 20 74 6f 20 63 72 65 61 74 65 20 4d 50 4c 53	a.single.protocol.to.create.MPLS
d0140	20 70 61 74 68 73 2e 20 56 79 4f 53 20 73 75 70 70 6f 72 74 73 20 74 68 65 20 4c 61 62 65 6c 20	.paths..VyOS.supports.the.Label.
d0160	44 69 73 74 72 69 62 75 74 69 6f 6e 20 50 72 6f 74 6f 63 6f 6c 20 28 4c 44 50 29 20 61 73 20 69	Distribution.Protocol.(LDP).as.i
d0180	6d 70 6c 65 6d 65 6e 74 65 64 20 62 79 20 46 52 52 2c 20 62 61 73 65 64 20 6f 6e 20 3a 72 66 63	mplemented.by.FRR,.based.on.:rfc
d01a0	3a 60 35 30 33 36 60 2e 00 54 68 65 20 3a 72 65 66 3a 60 73 6f 75 72 63 65 2d 6e 61 74 36 36 60	:`5036`..The.:ref:`source-nat66`
d01c0	20 72 75 6c 65 20 72 65 70 6c 61 63 65 73 20 74 68 65 20 73 6f 75 72 63 65 20 61 64 64 72 65 73	.rule.replaces.the.source.addres
d01e0	73 20 6f 66 20 74 68 65 20 70 61 63 6b 65 74 20 61 6e 64 20 63 61 6c 63 75 6c 61 74 65 73 20 74	s.of.the.packet.and.calculates.t
d0200	68 65 20 63 6f 6e 76 65 72 74 65 64 20 61 64 64 72 65 73 73 20 75 73 69 6e 67 20 74 68 65 20 70	he.converted.address.using.the.p
d0220	72 65 66 69 78 20 73 70 65 63 69 66 69 65 64 20 69 6e 20 74 68 65 20 72 75 6c 65 2e 00 54 68 65	refix.specified.in.the.rule..The
d0240	20 41 52 50 20 6d 6f 6e 69 74 6f 72 20 77 6f 72 6b 73 20 62 79 20 70 65 72 69 6f 64 69 63 61 6c	.ARP.monitor.works.by.periodical
d0260	6c 79 20 63 68 65 63 6b 69 6e 67 20 74 68 65 20 73 6c 61 76 65 20 64 65 76 69 63 65 73 20 74 6f	ly.checking.the.slave.devices.to
d0280	20 64 65 74 65 72 6d 69 6e 65 20 77 68 65 74 68 65 72 20 74 68 65 79 20 68 61 76 65 20 73 65 6e	.determine.whether.they.have.sen
d02a0	74 20 6f 72 20 72 65 63 65 69 76 65 64 20 74 72 61 66 66 69 63 20 72 65 63 65 6e 74 6c 79 20 28	t.or.received.traffic.recently.(
d02c0	74 68 65 20 70 72 65 63 69 73 65 20 63 72 69 74 65 72 69 61 20 64 65 70 65 6e 64 73 20 75 70 6f	the.precise.criteria.depends.upo
d02e0	6e 20 74 68 65 20 62 6f 6e 64 69 6e 67 20 6d 6f 64 65 2c 20 61 6e 64 20 74 68 65 20 73 74 61 74	n.the.bonding.mode,.and.the.stat
d0300	65 20 6f 66 20 74 68 65 20 73 6c 61 76 65 29 2e 20 52 65 67 75 6c 61 72 20 74 72 61 66 66 69 63	e.of.the.slave)..Regular.traffic
d0320	20 69 73 20 67 65 6e 65 72 61 74 65 64 20 76 69 61 20 41 52 50 20 70 72 6f 62 65 73 20 69 73 73	.is.generated.via.ARP.probes.iss
d0340	75 65 64 20 66 6f 72 20 74 68 65 20 61 64 64 72 65 73 73 65 73 20 73 70 65 63 69 66 69 65 64 20	ued.for.the.addresses.specified.
d0360	62 79 20 74 68 65 20 3a 63 66 67 63 6d 64 3a 60 61 72 70 2d 6d 6f 6e 69 74 6f 72 20 74 61 72 67	by.the.:cfgcmd:`arp-monitor.targ
d0380	65 74 60 20 6f 70 74 69 6f 6e 2e 00 54 68 65 20 41 53 50 20 68 61 73 20 64 6f 63 75 6d 65 6e 74	et`.option..The.ASP.has.document
d03a0	65 64 20 74 68 65 69 72 20 49 50 53 65 63 20 72 65 71 75 69 72 65 6d 65 6e 74 73 3a 00 54 68 65	ed.their.IPSec.requirements:.The
d03c0	20 42 47 50 20 72 6f 75 74 65 72 20 63 61 6e 20 63 6f 6e 6e 65 63 74 20 74 6f 20 6f 6e 65 20 6f	.BGP.router.can.connect.to.one.o
d03e0	72 20 6d 6f 72 65 20 52 50 4b 49 20 63 61 63 68 65 20 73 65 72 76 65 72 73 20 74 6f 20 72 65 63	r.more.RPKI.cache.servers.to.rec
d0400	65 69 76 65 20 76 61 6c 69 64 61 74 65 64 20 70 72 65 66 69 78 20 74 6f 20 6f 72 69 67 69 6e 20	eive.validated.prefix.to.origin.
d0420	41 53 20 6d 61 70 70 69 6e 67 73 2e 20 41 64 76 61 6e 63 65 64 20 66 61 69 6c 6f 76 65 72 20 63	AS.mappings..Advanced.failover.c
d0440	61 6e 20 62 65 20 69 6d 70 6c 65 6d 65 6e 74 65 64 20 62 79 20 73 65 72 76 65 72 20 73 6f 63 6b	an.be.implemented.by.server.sock
d0460	65 74 73 20 77 69 74 68 20 64 69 66 66 65 72 65 6e 74 20 70 72 65 66 65 72 65 6e 63 65 20 76 61	ets.with.different.preference.va
d0480	6c 75 65 73 2e 00 54 68 65 20 43 4c 49 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 69 73 20 73	lues..The.CLI.configuration.is.s
d04a0	61 6d 65 20 61 73 20 6d 65 6e 74 69 6f 6e 65 64 20 69 6e 20 61 62 6f 76 65 20 61 72 74 69 63 6c	ame.as.mentioned.in.above.articl
d04c0	65 73 2e 20 54 68 65 20 6f 6e 6c 79 20 64 69 66 66 65 72 65 6e 63 65 20 69 73 2c 20 74 68 61 74	es..The.only.difference.is,.that
d04e0	20 65 61 63 68 20 72 6f 75 74 69 6e 67 20 70 72 6f 74 6f 63 6f 6c 20 75 73 65 64 2c 20 6d 75 73	.each.routing.protocol.used,.mus
d0500	74 20 62 65 20 70 72 65 66 69 78 65 64 20 77 69 74 68 20 74 68 65 20 60 76 72 66 20 6e 61 6d 65	t.be.prefixed.with.the.`vrf.name
d0520	20 3c 6e 61 6d 65 3e 60 20 63 6f 6d 6d 61 6e 64 2e 00 54 68 65 20 43 4c 4e 53 20 61 64 64 72 65	.<name>`.command..The.CLNS.addre
d0540	73 73 20 63 6f 6e 73 69 73 74 73 20 6f 66 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 70 61 72	ss.consists.of.the.following.par
d0560	74 73 3a 00 54 68 65 20 44 48 43 50 20 75 6e 69 71 75 65 20 69 64 65 6e 74 69 66 69 65 72 20 28	ts:.The.DHCP.unique.identifier.(
d0580	44 55 49 44 29 20 69 73 20 75 73 65 64 20 62 79 20 61 20 63 6c 69 65 6e 74 20 74 6f 20 67 65 74	DUID).is.used.by.a.client.to.get
d05a0	20 61 6e 20 49 50 20 61 64 64 72 65 73 73 20 66 72 6f 6d 20 61 20 44 48 43 50 76 36 20 73 65 72	.an.IP.address.from.a.DHCPv6.ser
d05c0	76 65 72 2e 20 49 74 20 68 61 73 20 61 20 32 2d 62 79 74 65 20 44 55 49 44 20 74 79 70 65 20 66	ver..It.has.a.2-byte.DUID.type.f
d05e0	69 65 6c 64 2c 20 61 6e 64 20 61 20 76 61 72 69 61 62 6c 65 2d 6c 65 6e 67 74 68 20 69 64 65 6e	ield,.and.a.variable-length.iden
d0600	74 69 66 69 65 72 20 66 69 65 6c 64 20 75 70 20 74 6f 20 31 32 38 20 62 79 74 65 73 2e 20 49 74	tifier.field.up.to.128.bytes..It
d0620	73 20 61 63 74 75 61 6c 20 6c 65 6e 67 74 68 20 64 65 70 65 6e 64 73 20 6f 6e 20 69 74 73 20 74	s.actual.length.depends.on.its.t
d0640	79 70 65 2e 20 54 68 65 20 73 65 72 76 65 72 20 63 6f 6d 70 61 72 65 73 20 74 68 65 20 44 55 49	ype..The.server.compares.the.DUI
d0660	44 20 77 69 74 68 20 69 74 73 20 64 61 74 61 62 61 73 65 20 61 6e 64 20 64 65 6c 69 76 65 72 73	D.with.its.database.and.delivers
d0680	20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 64 61 74 61 20 28 61 64 64 72 65 73 73 2c 20 6c 65	.configuration.data.(address,.le
d06a0	61 73 65 20 74 69 6d 65 73 2c 20 44 4e 53 20 73 65 72 76 65 72 73 2c 20 65 74 63 2e 29 20 74 6f	ase.times,.DNS.servers,.etc.).to
d06c0	20 74 68 65 20 63 6c 69 65 6e 74 2e 00 54 68 65 20 44 4e 20 61 6e 64 20 70 61 73 73 77 6f 72 64	.the.client..The.DN.and.password
d06e0	20 74 6f 20 62 69 6e 64 20 61 73 20 77 68 69 6c 65 20 70 65 72 66 6f 72 6d 69 6e 67 20 73 65 61	.to.bind.as.while.performing.sea
d0700	72 63 68 65 73 2e 00 54 68 65 20 44 4e 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 74 6f 20 62 69	rches..The.DN.and.password.to.bi
d0720	6e 64 20 61 73 20 77 68 69 6c 65 20 70 65 72 66 6f 72 6d 69 6e 67 20 73 65 61 72 63 68 65 73 2e	nd.as.while.performing.searches.
d0740	20 41 73 20 74 68 65 20 70 61 73 73 77 6f 72 64 20 6e 65 65 64 73 20 74 6f 20 62 65 20 70 72 69	.As.the.password.needs.to.be.pri
d0760	6e 74 65 64 20 69 6e 20 70 6c 61 69 6e 20 74 65 78 74 20 69 6e 20 79 6f 75 72 20 53 71 75 69 64	nted.in.plain.text.in.your.Squid
d0780	20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 69 74 20 69 73 20 73 74 72 6f 6e 67 6c 79 20 72 65	.configuration.it.is.strongly.re
d07a0	63 6f 6d 6d 65 6e 64 65 64 20 74 6f 20 75 73 65 20 61 20 61 63 63 6f 75 6e 74 20 77 69 74 68 20	commended.to.use.a.account.with.
d07c0	6d 69 6e 69 6d 61 6c 20 61 73 73 6f 63 69 61 74 65 64 20 70 72 69 76 69 6c 65 67 65 73 2e 20 54	minimal.associated.privileges..T
d07e0	68 69 73 20 74 6f 20 6c 69 6d 69 74 20 74 68 65 20 64 61 6d 61 67 65 20 69 6e 20 63 61 73 65 20	his.to.limit.the.damage.in.case.
d0800	73 6f 6d 65 6f 6e 65 20 63 6f 75 6c 64 20 67 65 74 20 68 6f 6c 64 20 6f 66 20 61 20 63 6f 70 79	someone.could.get.hold.of.a.copy
d0820	20 6f 66 20 79 6f 75 72 20 53 71 75 69 64 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 66 69 6c	.of.your.Squid.configuration.fil
d0840	65 2e 00 54 68 65 20 46 51 2d 43 6f 44 65 6c 20 70 6f 6c 69 63 79 20 64 69 73 74 72 69 62 75 74	e..The.FQ-CoDel.policy.distribut
d0860	65 73 20 74 68 65 20 74 72 61 66 66 69 63 20 69 6e 74 6f 20 31 30 32 34 20 46 49 46 4f 20 71 75	es.the.traffic.into.1024.FIFO.qu
d0880	65 75 65 73 20 61 6e 64 20 74 72 69 65 73 20 74 6f 20 70 72 6f 76 69 64 65 20 67 6f 6f 64 20 73	eues.and.tries.to.provide.good.s
d08a0	65 72 76 69 63 65 20 62 65 74 77 65 65 6e 20 61 6c 6c 20 6f 66 20 74 68 65 6d 2e 20 49 74 20 61	ervice.between.all.of.them..It.a
d08c0	6c 73 6f 20 74 72 69 65 73 20 74 6f 20 6b 65 65 70 20 74 68 65 20 6c 65 6e 67 74 68 20 6f 66 20	lso.tries.to.keep.the.length.of.
d08e0	61 6c 6c 20 74 68 65 20 71 75 65 75 65 73 20 73 68 6f 72 74 2e 00 54 68 65 20 48 54 54 50 20 73	all.the.queues.short..The.HTTP.s
d0900	65 72 76 69 63 65 20 6c 69 73 74 65 6e 20 6f 6e 20 54 43 50 20 70 6f 72 74 20 38 30 2e 00 54 68	ervice.listen.on.TCP.port.80..Th
d0920	65 20 49 50 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 69 6e 74 65 72 6e 61 6c 20 73 79 73	e.IP.address.of.the.internal.sys
d0940	74 65 6d 20 77 65 20 77 69 73 68 20 74 6f 20 66 6f 72 77 61 72 64 20 74 72 61 66 66 69 63 20 74	tem.we.wish.to.forward.traffic.t
d0960	6f 2e 00 54 68 65 20 49 6e 74 65 6c 20 41 58 32 30 30 20 63 61 72 64 20 64 6f 65 73 20 6e 6f 74	o..The.Intel.AX200.card.does.not
d0980	20 77 6f 72 6b 20 6f 75 74 20 6f 66 20 74 68 65 20 62 6f 78 20 69 6e 20 41 50 20 6d 6f 64 65 2c	.work.out.of.the.box.in.AP.mode,
d09a0	20 73 65 65 20 68 74 74 70 73 3a 2f 2f 75 6e 69 78 2e 73 74 61 63 6b 65 78 63 68 61 6e 67 65 2e	.see.https://unix.stackexchange.
d09c0	63 6f 6d 2f 71 75 65 73 74 69 6f 6e 73 2f 35 39 38 32 37 35 2f 69 6e 74 65 6c 2d 61 78 32 30 30	com/questions/598275/intel-ax200
d09e0	2d 61 70 2d 6d 6f 64 65 2e 20 59 6f 75 20 63 61 6e 20 73 74 69 6c 6c 20 70 75 74 20 74 68 69 73	-ap-mode..You.can.still.put.this
d0a00	20 63 61 72 64 20 69 6e 74 6f 20 41 50 20 6d 6f 64 65 20 75 73 69 6e 67 20 74 68 65 20 66 6f 6c	.card.into.AP.mode.using.the.fol
d0a20	6c 6f 77 69 6e 67 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3a 00 54 68 65 20 4f 49 44 20 60 60	lowing.configuration:.The.OID.``
d0a40	2e 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e 38 30 37 32 2e 31 2e 33 2e 32 2e 33 2e 31 2e 31 2e 34 2e	.1.3.6.1.4.1.8072.1.3.2.3.1.1.4.
d0a60	31 31 36 2e 31 30 31 2e 31 31 35 2e 31 31 36 60 60 2c 20 6f 6e 63 65 20 63 61 6c 6c 65 64 2c 20	116.101.115.116``,.once.called,.
d0a80	77 69 6c 6c 20 63 6f 6e 74 61 69 6e 20 74 68 65 20 6f 75 74 70 75 74 20 6f 66 20 74 68 65 20 65	will.contain.the.output.of.the.e
d0aa0	78 74 65 6e 73 69 6f 6e 2e 00 54 68 65 20 50 6f 69 6e 74 2d 74 6f 2d 50 6f 69 6e 74 20 54 75 6e	xtension..The.Point-to-Point.Tun
d0ac0	6e 65 6c 69 6e 67 20 50 72 6f 74 6f 63 6f 6c 20 28 50 50 54 50 5f 29 20 68 61 73 20 62 65 65 6e	neling.Protocol.(PPTP_).has.been
d0ae0	20 69 6d 70 6c 65 6d 65 6e 74 65 64 20 69 6e 20 56 79 4f 53 20 6f 6e 6c 79 20 66 6f 72 20 62 61	.implemented.in.VyOS.only.for.ba
d0b00	63 6b 77 61 72 64 73 20 63 6f 6d 70 61 74 69 62 69 6c 69 74 79 2e 20 50 50 54 50 20 68 61 73 20	ckwards.compatibility..PPTP.has.
d0b20	6d 61 6e 79 20 77 65 6c 6c 20 6b 6e 6f 77 6e 20 73 65 63 75 72 69 74 79 20 69 73 73 75 65 73 20	many.well.known.security.issues.
d0b40	61 6e 64 20 79 6f 75 20 73 68 6f 75 6c 64 20 75 73 65 20 6f 6e 65 20 6f 66 20 74 68 65 20 6d 61	and.you.should.use.one.of.the.ma
d0b60	6e 79 20 6f 74 68 65 72 20 6e 65 77 20 56 50 4e 20 69 6d 70 6c 65 6d 65 6e 74 61 74 69 6f 6e 73	ny.other.new.VPN.implementations
d0b80	2e 00 54 68 65 20 50 6f 77 65 72 44 4e 53 20 72 65 63 75 72 73 6f 72 20 68 61 73 20 35 20 64 69	..The.PowerDNS.recursor.has.5.di
d0ba0	66 66 65 72 65 6e 74 20 6c 65 76 65 6c 73 20 6f 66 20 44 4e 53 53 45 43 20 70 72 6f 63 65 73 73	fferent.levels.of.DNSSEC.process
d0bc0	69 6e 67 2c 20 77 68 69 63 68 20 63 61 6e 20 62 65 20 73 65 74 20 77 69 74 68 20 74 68 65 20 64	ing,.which.can.be.set.with.the.d
d0be0	6e 73 73 65 63 20 73 65 74 74 69 6e 67 2e 20 49 6e 20 6f 72 64 65 72 20 66 72 6f 6d 20 6c 65 61	nssec.setting..In.order.from.lea
d0c00	73 74 20 74 6f 20 6d 6f 73 74 20 70 72 6f 63 65 73 73 69 6e 67 2c 20 74 68 65 73 65 20 61 72 65	st.to.most.processing,.these.are
d0c20	3a 00 54 68 65 20 50 72 69 6f 72 69 74 79 20 51 75 65 75 65 20 69 73 20 61 20 63 6c 61 73 73 66	:.The.Priority.Queue.is.a.classf
d0c40	75 6c 20 73 63 68 65 64 75 6c 69 6e 67 20 70 6f 6c 69 63 79 2e 20 49 74 20 64 6f 65 73 20 6e 6f	ul.scheduling.policy..It.does.no
d0c60	74 20 64 65 6c 61 79 20 70 61 63 6b 65 74 73 20 28 50 72 69 6f 72 69 74 79 20 51 75 65 75 65 20	t.delay.packets.(Priority.Queue.
d0c80	69 73 20 6e 6f 74 20 61 20 73 68 61 70 69 6e 67 20 70 6f 6c 69 63 79 29 2c 20 69 74 20 73 69 6d	is.not.a.shaping.policy),.it.sim
d0ca0	70 6c 79 20 64 65 71 75 65 75 65 73 20 70 61 63 6b 65 74 73 20 61 63 63 6f 72 64 69 6e 67 20 74	ply.dequeues.packets.according.t
d0cc0	6f 20 74 68 65 69 72 20 70 72 69 6f 72 69 74 79 2e 00 54 68 65 20 52 41 44 49 55 53 20 61 63 63	o.their.priority..The.RADIUS.acc
d0ce0	6f 75 6e 74 69 6e 67 20 66 65 61 74 75 72 65 20 6d 75 73 74 20 62 65 20 75 73 65 64 20 77 69 74	ounting.feature.must.be.used.wit
d0d00	68 20 74 68 65 20 4f 70 65 6e 43 6f 6e 6e 65 63 74 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e	h.the.OpenConnect.authentication
d0d20	20 6d 6f 64 65 20 52 41 44 49 55 53 2e 20 49 74 20 63 61 6e 6e 6f 74 20 62 65 20 75 73 65 64 20	.mode.RADIUS..It.cannot.be.used.
d0d40	77 69 74 68 20 6c 6f 63 61 6c 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 2e 20 59 6f 75 20 6d	with.local.authentication..You.m
d0d60	75 73 74 20 63 6f 6e 66 69 67 75 72 65 20 74 68 65 20 4f 70 65 6e 43 6f 6e 6e 65 63 74 20 61 75	ust.configure.the.OpenConnect.au
d0d80	74 68 65 6e 74 69 63 61 74 69 6f 6e 20 6d 6f 64 65 20 74 6f 20 22 72 61 64 69 75 73 22 2e 00 54	thentication.mode.to."radius"..T
d0da0	68 65 20 52 41 44 49 55 53 20 64 69 63 74 69 6f 6e 61 72 69 65 73 20 69 6e 20 56 79 4f 53 20 61	he.RADIUS.dictionaries.in.VyOS.a
d0dc0	72 65 20 6c 6f 63 61 74 65 64 20 61 74 20 60 60 2f 75 73 72 2f 73 68 61 72 65 2f 61 63 63 65 6c	re.located.at.``/usr/share/accel
d0de0	2d 70 70 70 2f 72 61 64 69 75 73 2f 60 60 00 54 68 65 20 53 52 20 73 65 67 6d 65 6e 74 73 20 61	-ppp/radius/``.The.SR.segments.a
d0e00	72 65 20 70 6f 72 74 69 6f 6e 73 20 6f 66 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 61 74 68 20	re.portions.of.the.network.path.
d0e20	74 61 6b 65 6e 20 62 79 20 74 68 65 20 70 61 63 6b 65 74 2c 20 61 6e 64 20 61 72 65 20 63 61 6c	taken.by.the.packet,.and.are.cal
d0e40	6c 65 64 20 53 49 44 73 2e 20 41 74 20 65 61 63 68 20 6e 6f 64 65 2c 20 74 68 65 20 66 69 72 73	led.SIDs..At.each.node,.the.firs
d0e60	74 20 53 49 44 20 6f 66 20 74 68 65 20 6c 69 73 74 20 69 73 20 72 65 61 64 2c 20 65 78 65 63 75	t.SID.of.the.list.is.read,.execu
d0e80	74 65 64 20 61 73 20 61 20 66 6f 72 77 61 72 64 69 6e 67 20 66 75 6e 63 74 69 6f 6e 2c 20 61 6e	ted.as.a.forwarding.function,.an
d0ea0	64 20 6d 61 79 20 62 65 20 70 6f 70 70 65 64 20 74 6f 20 6c 65 74 20 74 68 65 20 6e 65 78 74 20	d.may.be.popped.to.let.the.next.
d0ec0	6e 6f 64 65 20 72 65 61 64 20 74 68 65 20 6e 65 78 74 20 53 49 44 20 6f 66 20 74 68 65 20 6c 69	node.read.the.next.SID.of.the.li
d0ee0	73 74 2e 20 54 68 65 20 53 49 44 20 6c 69 73 74 20 63 6f 6d 70 6c 65 74 65 6c 79 20 64 65 74 65	st..The.SID.list.completely.dete
d0f00	72 6d 69 6e 65 73 20 74 68 65 20 70 61 74 68 20 77 68 65 72 65 20 74 68 65 20 70 61 63 6b 65 74	rmines.the.path.where.the.packet
d0f20	20 69 73 20 66 6f 72 77 61 72 64 65 64 2e 00 54 68 65 20 53 68 61 70 65 72 20 70 6f 6c 69 63 79	.is.forwarded..The.Shaper.policy
d0f40	20 64 6f 65 73 20 6e 6f 74 20 67 75 61 72 61 6e 74 65 65 20 61 20 6c 6f 77 20 64 65 6c 61 79 2c	.does.not.guarantee.a.low.delay,
d0f60	20 62 75 74 20 69 74 20 64 6f 65 73 20 67 75 61 72 61 6e 74 65 65 20 62 61 6e 64 77 69 64 74 68	.but.it.does.guarantee.bandwidth
d0f80	20 74 6f 20 64 69 66 66 65 72 65 6e 74 20 74 72 61 66 66 69 63 20 63 6c 61 73 73 65 73 20 61 6e	.to.different.traffic.classes.an
d0fa0	64 20 61 6c 73 6f 20 6c 65 74 73 20 79 6f 75 20 64 65 63 69 64 65 20 68 6f 77 20 74 6f 20 61 6c	d.also.lets.you.decide.how.to.al
d0fc0	6c 6f 63 61 74 65 20 6d 6f 72 65 20 74 72 61 66 66 69 63 20 6f 6e 63 65 20 74 68 65 20 67 75 61	locate.more.traffic.once.the.gua
d0fe0	72 61 6e 74 65 65 73 20 61 72 65 20 6d 65 74 2e 00 54 68 65 20 55 44 50 20 70 6f 72 74 20 6e 75	rantees.are.met..The.UDP.port.nu
d1000	6d 62 65 72 20 75 73 65 64 20 62 79 20 79 6f 75 72 20 61 70 6c 6c 69 63 61 74 69 6f 6e 2e 20 49	mber.used.by.your.apllication..I
d1020	74 20 69 73 20 6d 61 6e 64 61 74 6f 72 79 20 66 6f 72 20 74 68 69 73 20 6b 69 6e 64 20 6f 66 20	t.is.mandatory.for.this.kind.of.
d1040	6f 70 65 72 61 74 69 6f 6e 2e 00 54 68 65 20 56 58 4c 41 4e 20 73 70 65 63 69 66 69 63 61 74 69	operation..The.VXLAN.specificati
d1060	6f 6e 20 77 61 73 20 6f 72 69 67 69 6e 61 6c 6c 79 20 63 72 65 61 74 65 64 20 62 79 20 56 4d 77	on.was.originally.created.by.VMw
d1080	61 72 65 2c 20 41 72 69 73 74 61 20 4e 65 74 77 6f 72 6b 73 20 61 6e 64 20 43 69 73 63 6f 2e 20	are,.Arista.Networks.and.Cisco..
d10a0	4f 74 68 65 72 20 62 61 63 6b 65 72 73 20 6f 66 20 74 68 65 20 56 58 4c 41 4e 20 74 65 63 68 6e	Other.backers.of.the.VXLAN.techn
d10c0	6f 6c 6f 67 79 20 69 6e 63 6c 75 64 65 20 48 75 61 77 65 69 2c 20 42 72 6f 61 64 63 6f 6d 2c 20	ology.include.Huawei,.Broadcom,.
d10e0	43 69 74 72 69 78 2c 20 50 69 63 61 38 2c 20 42 69 67 20 53 77 69 74 63 68 20 4e 65 74 77 6f 72	Citrix,.Pica8,.Big.Switch.Networ
d1100	6b 73 2c 20 43 75 6d 75 6c 75 73 20 4e 65 74 77 6f 72 6b 73 2c 20 44 65 6c 6c 20 45 4d 43 2c 20	ks,.Cumulus.Networks,.Dell.EMC,.
d1120	45 72 69 63 73 73 6f 6e 2c 20 4d 65 6c 6c 61 6e 6f 78 2c 20 46 72 65 65 42 53 44 2c 20 4f 70 65	Ericsson,.Mellanox,.FreeBSD,.Ope
d1140	6e 42 53 44 2c 20 52 65 64 20 48 61 74 2c 20 4a 6f 79 65 6e 74 2c 20 61 6e 64 20 4a 75 6e 69 70	nBSD,.Red.Hat,.Joyent,.and.Junip
d1160	65 72 20 4e 65 74 77 6f 72 6b 73 2e 00 54 68 65 20 56 79 4f 53 20 44 4e 53 20 66 6f 72 77 61 72	er.Networks..The.VyOS.DNS.forwar
d1180	64 65 72 20 64 6f 65 73 20 6e 6f 74 20 72 65 71 75 69 72 65 20 61 6e 20 75 70 73 74 72 65 61 6d	der.does.not.require.an.upstream
d11a0	20 44 4e 53 20 73 65 72 76 65 72 2e 20 49 74 20 63 61 6e 20 73 65 72 76 65 20 61 73 20 61 20 66	.DNS.server..It.can.serve.as.a.f
d11c0	75 6c 6c 20 72 65 63 75 72 73 69 76 65 20 44 4e 53 20 73 65 72 76 65 72 20 2d 20 62 75 74 20 69	ull.recursive.DNS.server.-.but.i
d11e0	74 20 63 61 6e 20 61 6c 73 6f 20 66 6f 72 77 61 72 64 20 71 75 65 72 69 65 73 20 74 6f 20 63 6f	t.can.also.forward.queries.to.co
d1200	6e 66 69 67 75 72 61 62 6c 65 20 75 70 73 74 72 65 61 6d 20 44 4e 53 20 73 65 72 76 65 72 73 2e	nfigurable.upstream.DNS.servers.
d1220	20 42 79 20 6e 6f 74 20 63 6f 6e 66 69 67 75 72 69 6e 67 20 61 6e 79 20 75 70 73 74 72 65 61 6d	.By.not.configuring.any.upstream
d1240	20 44 4e 53 20 73 65 72 76 65 72 73 20 79 6f 75 20 61 6c 73 6f 20 61 76 6f 69 64 20 62 65 69 6e	.DNS.servers.you.also.avoid.bein
d1260	67 20 74 72 61 63 6b 65 64 20 62 79 20 74 68 65 20 70 72 6f 76 69 64 65 72 20 6f 66 20 79 6f 75	g.tracked.by.the.provider.of.you
d1280	72 20 75 70 73 74 72 65 61 6d 20 44 4e 53 20 73 65 72 76 65 72 2e 00 54 68 65 20 56 79 4f 53 20	r.upstream.DNS.server..The.VyOS.
d12a0	44 4e 53 20 66 6f 72 77 61 72 64 65 72 20 77 69 6c 6c 20 6f 6e 6c 79 20 61 63 63 65 70 74 20 6c	DNS.forwarder.will.only.accept.l
d12c0	6f 6f 6b 75 70 20 72 65 71 75 65 73 74 73 20 66 72 6f 6d 20 74 68 65 20 4c 41 4e 20 73 75 62 6e	ookup.requests.from.the.LAN.subn
d12e0	65 74 73 20 2d 20 31 39 32 2e 31 36 38 2e 31 2e 30 2f 32 34 20 61 6e 64 20 32 30 30 31 3a 64 62	ets.-.192.168.1.0/24.and.2001:db
d1300	38 3a 3a 2f 36 34 00 54 68 65 20 56 79 4f 53 20 44 4e 53 20 66 6f 72 77 61 72 64 65 72 20 77 69	8::/64.The.VyOS.DNS.forwarder.wi
d1320	6c 6c 20 6f 6e 6c 79 20 6c 69 73 74 65 6e 20 66 6f 72 20 72 65 71 75 65 73 74 73 20 6f 6e 20 74	ll.only.listen.for.requests.on.t
d1340	68 65 20 65 74 68 31 20 28 4c 41 4e 29 20 69 6e 74 65 72 66 61 63 65 20 61 64 64 72 65 73 73 65	he.eth1.(LAN).interface.addresse
d1360	73 20 2d 20 31 39 32 2e 31 36 38 2e 31 2e 32 35 34 20 66 6f 72 20 49 50 76 34 20 61 6e 64 20 32	s.-.192.168.1.254.for.IPv4.and.2
d1380	30 30 31 3a 64 62 38 3a 3a 66 66 66 66 20 66 6f 72 20 49 50 76 36 00 54 68 65 20 56 79 4f 53 20	001:db8::ffff.for.IPv6.The.VyOS.
d13a0	44 4e 53 20 66 6f 72 77 61 72 64 65 72 20 77 69 6c 6c 20 70 61 73 73 20 72 65 76 65 72 73 65 20	DNS.forwarder.will.pass.reverse.
d13c0	6c 6f 6f 6b 75 70 73 20 66 6f 72 20 20 31 30 2e 69 6e 2d 61 64 64 72 2e 61 72 70 61 2c 20 31 36	lookups.for..10.in-addr.arpa,.16
d13e0	38 2e 31 39 32 2e 69 6e 2d 61 64 64 72 2e 61 72 70 61 2c 20 31 36 2d 33 31 2e 31 37 32 2e 69 6e	8.192.in-addr.arpa,.16-31.172.in
d1400	2d 61 64 64 72 2e 61 72 70 61 20 7a 6f 6e 65 73 20 74 6f 20 75 70 73 74 72 65 61 6d 20 73 65 72	-addr.arpa.zones.to.upstream.ser
d1420	76 65 72 2e 00 54 68 65 20 56 79 4f 53 20 63 6f 6e 74 61 69 6e 65 72 20 69 6d 70 6c 65 6d 65 6e	ver..The.VyOS.container.implemen
d1440	74 61 74 69 6f 6e 20 69 73 20 62 61 73 65 64 20 6f 6e 20 60 50 6f 64 6d 61 6e 3c 68 74 74 70 73	tation.is.based.on.`Podman<https
d1460	3a 2f 2f 70 6f 64 6d 61 6e 2e 69 6f 2f 3e 60 20 61 73 20 61 20 64 65 61 6d 6f 6e 6c 65 73 73 20	://podman.io/>`.as.a.deamonless.
d1480	63 6f 6e 74 61 69 6e 65 72 20 65 6e 67 69 6e 65 2e 00 54 68 65 20 57 41 50 20 69 6e 20 74 68 69	container.engine..The.WAP.in.thi
d14a0	73 20 65 78 61 6d 70 6c 65 20 68 61 73 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 63 68 61 72	s.example.has.the.following.char
d14c0	61 63 74 65 72 69 73 74 69 63 73 3a 00 54 68 65 20 57 69 72 65 6c 65 73 73 20 57 69 64 65 2d 41	acteristics:.The.Wireless.Wide-A
d14e0	72 65 61 2d 4e 65 74 77 6f 72 6b 20 69 6e 74 65 72 66 61 63 65 20 70 72 6f 76 69 64 65 73 20 61	rea-Network.interface.provides.a
d1500	63 63 65 73 73 20 28 74 68 72 6f 75 67 68 20 61 20 77 69 72 65 6c 65 73 73 20 6d 6f 64 65 6d 2f	ccess.(through.a.wireless.modem/
d1520	77 77 61 6e 29 20 74 6f 20 77 69 72 65 6c 65 73 73 20 6e 65 74 77 6f 72 6b 73 20 70 72 6f 76 69	wwan).to.wireless.networks.provi
d1540	64 65 64 20 62 79 20 76 61 72 69 6f 75 73 20 63 65 6c 6c 75 6c 61 72 20 70 72 6f 76 69 64 65 72	ded.by.various.cellular.provider
d1560	73 2e 00 54 68 65 20 60 60 43 44 60 60 2d 62 69 74 20 69 73 20 68 6f 6e 6f 72 65 64 20 63 6f 72	s..The.``CD``-bit.is.honored.cor
d1580	72 65 63 74 6c 79 20 66 6f 72 20 70 72 6f 63 65 73 73 20 61 6e 64 20 76 61 6c 69 64 61 74 65 2e	rectly.for.process.and.validate.
d15a0	20 46 6f 72 20 6c 6f 67 2d 66 61 69 6c 2c 20 66 61 69 6c 75 72 65 73 20 77 69 6c 6c 20 62 65 20	.For.log-fail,.failures.will.be.
d15c0	6c 6f 67 67 65 64 20 74 6f 6f 2e 00 54 68 65 20 60 60 61 64 64 72 65 73 73 60 60 20 63 61 6e 20	logged.too..The.``address``.can.
d15e0	62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 65 69 74 68 65 72 20 6f 6e 20 74 68 65 20 56 52 52 50	be.configured.either.on.the.VRRP
d1600	20 69 6e 74 65 72 66 61 63 65 20 6f 72 20 6f 6e 20 6e 6f 74 20 56 52 52 50 20 69 6e 74 65 72 66	.interface.or.on.not.VRRP.interf
d1620	61 63 65 2e 00 54 68 65 20 60 60 61 64 64 72 65 73 73 60 60 20 70 61 72 61 6d 65 74 65 72 20 63	ace..The.``address``.parameter.c
d1640	61 6e 20 62 65 20 65 69 74 68 65 72 20 61 6e 20 49 50 76 34 20 6f 72 20 49 50 76 36 20 61 64 64	an.be.either.an.IPv4.or.IPv6.add
d1660	72 65 73 73 2c 20 62 75 74 20 79 6f 75 20 63 61 6e 20 6e 6f 74 20 6d 69 78 20 49 50 76 34 20 61	ress,.but.you.can.not.mix.IPv4.a
d1680	6e 64 20 49 50 76 36 20 69 6e 20 74 68 65 20 73 61 6d 65 20 67 72 6f 75 70 2c 20 61 6e 64 20 77	nd.IPv6.in.the.same.group,.and.w
d16a0	69 6c 6c 20 6e 65 65 64 20 74 6f 20 63 72 65 61 74 65 20 67 72 6f 75 70 73 20 77 69 74 68 20 64	ill.need.to.create.groups.with.d
d16c0	69 66 66 65 72 65 6e 74 20 56 52 49 44 73 20 73 70 65 63 69 61 6c 6c 79 20 66 6f 72 20 49 50 76	ifferent.VRIDs.specially.for.IPv
d16e0	34 20 61 6e 64 20 49 50 76 36 2e 20 49 66 20 79 6f 75 20 77 61 6e 74 20 74 6f 20 75 73 65 20 49	4.and.IPv6..If.you.want.to.use.I
d1700	50 76 34 20 2b 20 49 50 76 36 20 61 64 64 72 65 73 73 20 79 6f 75 20 63 61 6e 20 75 73 65 20 6f	Pv4.+.IPv6.address.you.can.use.o
d1720	70 74 69 6f 6e 20 60 60 65 78 63 6c 75 64 65 64 2d 61 64 64 72 65 73 73 60 60 00 54 68 65 20 60	ption.``excluded-address``.The.`
d1740	60 68 74 74 70 60 60 20 73 65 72 76 69 63 65 20 69 73 20 6c 65 73 74 65 6e 73 20 6f 6e 20 70 6f	`http``.service.is.lestens.on.po
d1760	72 74 20 38 30 20 61 6e 64 20 66 6f 72 63 65 20 72 65 64 69 72 65 63 74 73 20 66 72 6f 6d 20 48	rt.80.and.force.redirects.from.H
d1780	54 54 50 20 74 6f 20 48 54 54 50 53 2e 00 54 68 65 20 60 60 68 74 74 70 73 60 60 20 73 65 72 76	TTP.to.HTTPS..The.``https``.serv
d17a0	69 63 65 20 6c 69 73 74 65 6e 73 20 6f 6e 20 70 6f 72 74 20 34 34 33 20 77 69 74 68 20 62 61 63	ice.listens.on.port.443.with.bac
d17c0	6b 65 6e 64 20 60 62 6b 2d 64 65 66 61 75 6c 74 60 20 74 6f 20 68 61 6e 64 6c 65 20 48 54 54 50	kend.`bk-default`.to.handle.HTTP
d17e0	53 20 74 72 61 66 66 69 63 2e 20 49 74 20 75 73 65 73 20 63 65 72 74 69 66 69 63 61 74 65 20 6e	S.traffic..It.uses.certificate.n
d1800	61 6d 65 64 20 60 60 63 65 72 74 60 60 20 66 6f 72 20 53 53 4c 20 74 65 72 6d 69 6e 61 74 69 6f	amed.``cert``.for.SSL.terminatio
d1820	6e 2e 00 54 68 65 20 60 60 70 65 72 73 69 73 74 65 6e 74 2d 74 75 6e 6e 65 6c 60 60 20 64 69 72	n..The.``persistent-tunnel``.dir
d1840	65 63 74 69 76 65 20 77 69 6c 6c 20 61 6c 6c 6f 77 20 75 73 20 74 6f 20 63 6f 6e 66 69 67 75 72	ective.will.allow.us.to.configur
d1860	65 20 74 75 6e 6e 65 6c 2d 72 65 6c 61 74 65 64 20 61 74 74 72 69 62 75 74 65 73 2c 20 73 75 63	e.tunnel-related.attributes,.suc
d1880	68 20 61 73 20 66 69 72 65 77 61 6c 6c 20 70 6f 6c 69 63 79 20 61 73 20 77 65 20 77 6f 75 6c 64	h.as.firewall.policy.as.we.would
d18a0	20 6f 6e 20 61 6e 79 20 6e 6f 72 6d 61 6c 20 6e 65 74 77 6f 72 6b 20 69 6e 74 65 72 66 61 63 65	.on.any.normal.network.interface
d18c0	2e 00 54 68 65 20 60 60 73 6f 75 72 63 65 2d 61 64 64 72 65 73 73 60 60 20 6d 75 73 74 20 62 65	..The.``source-address``.must.be
d18e0	20 63 6f 6e 66 69 67 75 72 65 64 20 6f 6e 20 6f 6e 65 20 6f 66 20 56 79 4f 53 20 69 6e 74 65 72	.configured.on.one.of.VyOS.inter
d1900	66 61 63 65 2e 20 42 65 73 74 20 70 72 61 63 74 69 63 65 20 77 6f 75 6c 64 20 62 65 20 61 20 6c	face..Best.practice.would.be.a.l
d1920	6f 6f 70 62 61 63 6b 20 6f 72 20 64 75 6d 6d 79 20 69 6e 74 65 72 66 61 63 65 2e 00 54 68 65 20	oopback.or.dummy.interface..The.
d1940	60 73 68 6f 77 20 62 72 69 64 67 65 60 20 6f 70 65 72 61 74 69 6f 6e 61 6c 20 63 6f 6d 6d 61 6e	`show.bridge`.operational.comman
d1960	64 20 63 61 6e 20 62 65 20 75 73 65 64 20 74 6f 20 64 69 73 70 6c 61 79 20 63 6f 6e 66 69 67 75	d.can.be.used.to.display.configu
d1980	72 65 64 20 62 72 69 64 67 65 73 3a 00 54 68 65 20 61 62 6f 76 65 20 64 69 72 65 63 74 6f 72 79	red.bridges:.The.above.directory
d19a0	20 61 6e 64 20 64 65 66 61 75 6c 74 2d 63 6f 6e 66 69 67 20 6d 75 73 74 20 62 65 20 61 20 63 68	.and.default-config.must.be.a.ch
d19c0	69 6c 64 20 64 69 72 65 63 74 6f 72 79 20 6f 66 20 2f 63 6f 6e 66 69 67 2f 61 75 74 68 2c 20 73	ild.directory.of./config/auth,.s
d19e0	69 6e 63 65 20 66 69 6c 65 73 20 6f 75 74 73 69 64 65 20 74 68 69 73 20 64 69 72 65 63 74 6f 72	ince.files.outside.this.director
d1a00	79 20 61 72 65 20 6e 6f 74 20 70 65 72 73 69 73 74 65 64 20 61 66 74 65 72 20 61 6e 20 69 6d 61	y.are.not.persisted.after.an.ima
d1a20	67 65 20 75 70 67 72 61 64 65 2e 00 54 68 65 20 61 63 74 69 6f 6e 20 63 61 6e 20 62 65 20 3a 00	ge.upgrade..The.action.can.be.:.
d1a40	54 68 65 20 61 64 76 61 6e 74 61 67 65 20 6f 66 20 74 68 69 73 20 69 73 20 74 68 61 74 20 74 68	The.advantage.of.this.is.that.th
d1a60	65 20 72 6f 75 74 65 2d 73 65 6c 65 63 74 69 6f 6e 20 28 61 74 20 74 68 69 73 20 70 6f 69 6e 74	e.route-selection.(at.this.point
d1a80	29 20 77 69 6c 6c 20 62 65 20 6d 6f 72 65 20 64 65 74 65 72 6d 69 6e 69 73 74 69 63 2e 20 54 68	).will.be.more.deterministic..Th
d1aa0	65 20 64 69 73 61 64 76 61 6e 74 61 67 65 20 69 73 20 74 68 61 74 20 61 20 66 65 77 20 6f 72 20	e.disadvantage.is.that.a.few.or.
d1ac0	65 76 65 6e 20 6f 6e 65 20 6c 6f 77 65 73 74 2d 49 44 20 72 6f 75 74 65 72 20 6d 61 79 20 61 74	even.one.lowest-ID.router.may.at
d1ae0	74 72 61 63 74 20 61 6c 6c 20 74 72 61 66 66 69 63 20 74 6f 20 6f 74 68 65 72 77 69 73 65 2d 65	tract.all.traffic.to.otherwise-e
d1b00	71 75 61 6c 20 70 61 74 68 73 20 62 65 63 61 75 73 65 20 6f 66 20 74 68 69 73 20 63 68 65 63 6b	qual.paths.because.of.this.check
d1b20	2e 20 49 74 20 6d 61 79 20 69 6e 63 72 65 61 73 65 20 74 68 65 20 70 6f 73 73 69 62 69 6c 69 74	..It.may.increase.the.possibilit
d1b40	79 20 6f 66 20 4d 45 44 20 6f 72 20 49 47 50 20 6f 73 63 69 6c 6c 61 74 69 6f 6e 2c 20 75 6e 6c	y.of.MED.or.IGP.oscillation,.unl
d1b60	65 73 73 20 6f 74 68 65 72 20 6d 65 61 73 75 72 65 73 20 77 65 72 65 20 74 61 6b 65 6e 20 74 6f	ess.other.measures.were.taken.to
d1b80	20 61 76 6f 69 64 20 74 68 65 73 65 2e 20 54 68 65 20 65 78 61 63 74 20 62 65 68 61 76 69 6f 75	.avoid.these..The.exact.behaviou
d1ba0	72 20 77 69 6c 6c 20 62 65 20 73 65 6e 73 69 74 69 76 65 20 74 6f 20 74 68 65 20 69 42 47 50 20	r.will.be.sensitive.to.the.iBGP.
d1bc0	61 6e 64 20 72 65 66 6c 65 63 74 69 6f 6e 20 74 6f 70 6f 6c 6f 67 79 2e 00 54 68 65 20 61 6c 6c	and.reflection.topology..The.all
d1be0	6f 63 61 74 65 64 20 61 64 64 72 65 73 73 20 62 6c 6f 63 6b 20 69 73 20 31 30 30 2e 36 34 2e 30	ocated.address.block.is.100.64.0
d1c00	2e 30 2f 31 30 2e 00 54 68 65 20 61 6d 6f 75 6e 74 20 6f 66 20 44 75 70 6c 69 63 61 74 65 20 41	.0/10..The.amount.of.Duplicate.A
d1c20	64 64 72 65 73 73 20 44 65 74 65 63 74 69 6f 6e 20 70 72 6f 62 65 73 20 74 6f 20 73 65 6e 64 2e	ddress.Detection.probes.to.send.
d1c40	00 54 68 65 20 61 74 74 72 69 62 75 74 65 73 20 3a 63 66 67 63 6d 64 3a 60 70 72 65 66 69 78 2d	.The.attributes.:cfgcmd:`prefix-
d1c60	6c 69 73 74 60 20 61 6e 64 20 3a 63 66 67 63 6d 64 3a 60 64 69 73 74 72 69 62 75 74 65 2d 6c 69	list`.and.:cfgcmd:`distribute-li
d1c80	73 74 60 20 61 72 65 20 6d 75 74 75 61 6c 6c 79 20 65 78 63 6c 75 73 69 76 65 2c 20 61 6e 64 20	st`.are.mutually.exclusive,.and.
d1ca0	6f 6e 6c 79 20 6f 6e 65 20 63 6f 6d 6d 61 6e 64 20 28 64 69 73 74 72 69 62 75 74 65 2d 6c 69 73	only.one.command.(distribute-lis
d1cc0	74 20 6f 72 20 70 72 65 66 69 78 2d 6c 69 73 74 29 20 63 61 6e 20 62 65 20 61 70 70 6c 69 65 64	t.or.prefix-list).can.be.applied
d1ce0	20 74 6f 20 65 61 63 68 20 69 6e 62 6f 75 6e 64 20 6f 72 20 6f 75 74 62 6f 75 6e 64 20 64 69 72	.to.each.inbound.or.outbound.dir
d1d00	65 63 74 69 6f 6e 20 66 6f 72 20 61 20 70 61 72 74 69 63 75 6c 61 72 20 6e 65 69 67 68 62 6f 72	ection.for.a.particular.neighbor
d1d20	2e 00 54 68 65 20 61 76 61 69 6c 61 62 6c 65 20 6f 70 74 69 6f 6e 73 20 66 6f 72 20 3c 6d 61 74	..The.available.options.for.<mat
d1d40	63 68 3e 20 61 72 65 3a 00 54 68 65 20 62 65 6c 6f 77 20 72 65 66 65 72 65 6e 63 65 64 20 49 50	ch>.are:.The.below.referenced.IP
d1d60	20 61 64 64 72 65 73 73 20 60 31 39 32 2e 30 2e 32 2e 31 60 20 69 73 20 75 73 65 64 20 61 73 20	.address.`192.0.2.1`.is.used.as.
d1d80	65 78 61 6d 70 6c 65 20 61 64 64 72 65 73 73 20 72 65 70 72 65 73 65 6e 74 69 6e 67 20 61 20 67	example.address.representing.a.g
d1da0	6c 6f 62 61 6c 20 75 6e 69 63 61 73 74 20 61 64 64 72 65 73 73 20 75 6e 64 65 72 20 77 68 69 63	lobal.unicast.address.under.whic
d1dc0	68 20 74 68 65 20 48 55 42 20 63 61 6e 20 62 65 20 63 6f 6e 74 61 63 74 65 64 20 62 79 20 65 61	h.the.HUB.can.be.contacted.by.ea
d1de0	63 68 20 61 6e 64 20 65 76 65 72 79 20 69 6e 64 69 76 69 64 75 61 6c 20 73 70 6f 6b 65 2e 00 54	ch.and.every.individual.spoke..T
d1e00	68 65 20 62 6f 6e 64 69 6e 67 20 69 6e 74 65 72 66 61 63 65 20 70 72 6f 76 69 64 65 73 20 61 20	he.bonding.interface.provides.a.
d1e20	6d 65 74 68 6f 64 20 66 6f 72 20 61 67 67 72 65 67 61 74 69 6e 67 20 6d 75 6c 74 69 70 6c 65 20	method.for.aggregating.multiple.
d1e40	6e 65 74 77 6f 72 6b 20 69 6e 74 65 72 66 61 63 65 73 20 69 6e 74 6f 20 61 20 73 69 6e 67 6c 65	network.interfaces.into.a.single
d1e60	20 6c 6f 67 69 63 61 6c 20 22 62 6f 6e 64 65 64 22 20 69 6e 74 65 72 66 61 63 65 2c 20 6f 72 20	.logical."bonded".interface,.or.
d1e80	4c 41 47 2c 20 6f 72 20 65 74 68 65 72 2d 63 68 61 6e 6e 65 6c 2c 20 6f 72 20 70 6f 72 74 2d 63	LAG,.or.ether-channel,.or.port-c
d1ea0	68 61 6e 6e 65 6c 2e 20 54 68 65 20 62 65 68 61 76 69 6f 72 20 6f 66 20 74 68 65 20 62 6f 6e 64	hannel..The.behavior.of.the.bond
d1ec0	65 64 20 69 6e 74 65 72 66 61 63 65 73 20 64 65 70 65 6e 64 73 20 75 70 6f 6e 20 74 68 65 20 6d	ed.interfaces.depends.upon.the.m
d1ee0	6f 64 65 3b 20 67 65 6e 65 72 61 6c 6c 79 20 73 70 65 61 6b 69 6e 67 2c 20 6d 6f 64 65 73 20 70	ode;.generally.speaking,.modes.p
d1f00	72 6f 76 69 64 65 20 65 69 74 68 65 72 20 68 6f 74 20 73 74 61 6e 64 62 79 20 6f 72 20 6c 6f 61	rovide.either.hot.standby.or.loa
d1f20	64 20 62 61 6c 61 6e 63 69 6e 67 20 73 65 72 76 69 63 65 73 2e 20 41 64 64 69 74 69 6f 6e 61 6c	d.balancing.services..Additional
d1f40	6c 79 2c 20 6c 69 6e 6b 20 69 6e 74 65 67 72 69 74 79 20 6d 6f 6e 69 74 6f 72 69 6e 67 20 6d 61	ly,.link.integrity.monitoring.ma
d1f60	79 20 62 65 20 70 65 72 66 6f 72 6d 65 64 2e 00 54 68 65 20 63 61 73 65 20 6f 66 20 69 6e 67 72	y.be.performed..The.case.of.ingr
d1f80	65 73 73 20 73 68 61 70 69 6e 67 00 54 68 65 20 63 6c 69 65 6e 74 2c 20 6f 6e 63 65 20 73 75 63	ess.shaping.The.client,.once.suc
d1fa0	63 65 73 73 66 75 6c 6c 79 20 61 75 74 68 65 6e 74 69 63 61 74 65 64 2c 20 77 69 6c 6c 20 72 65	cessfully.authenticated,.will.re
d1fc0	63 65 69 76 65 20 61 6e 20 49 50 76 34 20 61 6e 64 20 61 6e 20 49 50 76 36 20 2f 36 34 20 61 64	ceive.an.IPv4.and.an.IPv6./64.ad
d1fe0	64 72 65 73 73 20 74 6f 20 74 65 72 6d 69 6e 61 74 65 20 74 68 65 20 70 70 70 6f 65 20 65 6e 64	dress.to.terminate.the.pppoe.end
d2000	70 6f 69 6e 74 20 6f 6e 20 74 68 65 20 63 6c 69 65 6e 74 20 73 69 64 65 20 61 6e 64 20 61 20 2f	point.on.the.client.side.and.a./
d2020	35 36 20 73 75 62 6e 65 74 20 66 6f 72 20 74 68 65 20 63 6c 69 65 6e 74 73 20 69 6e 74 65 72 6e	56.subnet.for.the.clients.intern
d2040	61 6c 20 75 73 65 2e 00 54 68 65 20 63 6c 69 65 6e 74 73 20 3a 61 62 62 72 3a 60 43 50 45 20 28	al.use..The.clients.:abbr:`CPE.(
d2060	43 75 73 74 6f 6d 65 72 20 50 72 65 6d 69 73 65 73 20 45 71 75 69 70 6d 65 6e 74 29 60 20 63 61	Customer.Premises.Equipment)`.ca
d2080	6e 20 6e 6f 77 20 63 6f 6d 6d 75 6e 69 63 61 74 65 20 76 69 61 20 49 50 76 34 20 6f 72 20 49 50	n.now.communicate.via.IPv4.or.IP
d20a0	76 36 2e 20 41 6c 6c 20 64 65 76 69 63 65 73 20 62 65 68 69 6e 64 20 60 60 32 30 30 31 3a 64 62	v6..All.devices.behind.``2001:db
d20c0	38 3a 3a 61 30 30 3a 32 37 66 66 3a 66 65 32 66 3a 64 38 30 36 2f 36 34 60 60 20 63 61 6e 20 75	8::a00:27ff:fe2f:d806/64``.can.u
d20e0	73 65 20 61 64 64 72 65 73 73 65 73 20 66 72 6f 6d 20 60 60 32 30 30 31 3a 64 62 38 3a 31 3a 3a	se.addresses.from.``2001:db8:1::
d2100	2f 35 36 60 60 20 61 6e 64 20 63 61 6e 20 67 6c 6f 62 61 6c 6c 79 20 63 6f 6d 6d 75 6e 69 63 61	/56``.and.can.globally.communica
d2120	74 65 20 77 69 74 68 6f 75 74 20 74 68 65 20 6e 65 65 64 20 6f 66 20 61 6e 79 20 4e 41 54 20 72	te.without.the.need.of.any.NAT.r
d2140	75 6c 65 73 2e 00 54 68 65 20 63 6f 6d 6d 61 6e 64 20 3a 6f 70 63 6d 64 3a 60 73 68 6f 77 20 69	ules..The.command.:opcmd:`show.i
d2160	6e 74 65 72 66 61 63 65 73 20 77 69 72 65 67 75 61 72 64 20 77 67 30 31 20 70 75 62 6c 69 63 2d	nterfaces.wireguard.wg01.public-
d2180	6b 65 79 60 20 77 69 6c 6c 20 74 68 65 6e 20 73 68 6f 77 20 74 68 65 20 70 75 62 6c 69 63 20 6b	key`.will.then.show.the.public.k
d21a0	65 79 2c 20 77 68 69 63 68 20 6e 65 65 64 73 20 74 6f 20 62 65 20 73 68 61 72 65 64 20 77 69 74	ey,.which.needs.to.be.shared.wit
d21c0	68 20 74 68 65 20 70 65 65 72 2e 00 54 68 65 20 63 6f 6d 6d 61 6e 64 20 61 6c 73 6f 20 67 65 6e	h.the.peer..The.command.also.gen
d21e0	65 72 61 74 65 73 20 61 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 73 6e 69 70 70 65 64 20 77	erates.a.configuration.snipped.w
d2200	68 69 63 68 20 63 61 6e 20 62 65 20 63 6f 70 79 2f 70 61 73 74 65 64 20 69 6e 74 6f 20 74 68 65	hich.can.be.copy/pasted.into.the
d2220	20 56 79 4f 53 20 43 4c 49 20 69 66 20 6e 65 65 64 65 64 2e 20 54 68 65 20 73 75 70 70 6c 69 65	.VyOS.CLI.if.needed..The.supplie
d2240	64 20 60 60 3c 6e 61 6d 65 3e 60 60 20 6f 6e 20 74 68 65 20 43 4c 49 20 77 69 6c 6c 20 62 65 63	d.``<name>``.on.the.CLI.will.bec
d2260	6f 6d 65 20 74 68 65 20 70 65 65 72 20 6e 61 6d 65 20 69 6e 20 74 68 65 20 73 6e 69 70 70 65 74	ome.the.peer.name.in.the.snippet
d2280	2e 00 54 68 65 20 63 6f 6d 6d 61 6e 64 20 62 65 6c 6f 77 20 65 6e 61 62 6c 65 73 20 69 74 2c 20	..The.command.below.enables.it,.
d22a0	61 73 73 75 6d 69 6e 67 20 74 68 65 20 52 41 44 49 55 53 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 68	assuming.the.RADIUS.connection.h
d22c0	61 73 20 62 65 65 6e 20 73 65 74 75 70 20 61 6e 64 20 69 73 20 77 6f 72 6b 69 6e 67 2e 00 54 68	as.been.setup.and.is.working..Th
d22e0	65 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 63 75 72 72 65 6e 74 20 52 49 50 20 73	e.command.displays.current.RIP.s
d2300	74 61 74 75 73 2e 20 49 74 20 69 6e 63 6c 75 64 65 73 20 52 49 50 20 74 69 6d 65 72 2c 20 66 69	tatus..It.includes.RIP.timer,.fi
d2320	6c 74 65 72 69 6e 67 2c 20 76 65 72 73 69 6f 6e 2c 20 52 49 50 20 65 6e 61 62 6c 65 64 20 69 6e	ltering,.version,.RIP.enabled.in
d2340	74 65 72 66 61 63 65 20 61 6e 64 20 52 49 50 20 70 65 65 72 20 69 6e 66 6f 72 6d 61 74 69 6f 6e	terface.and.RIP.peer.information
d2360	2e 00 54 68 65 20 63 6f 6d 6d 61 6e 64 20 70 6f 6e 20 54 45 53 54 55 4e 4e 45 4c 20 65 73 74 61	..The.command.pon.TESTUNNEL.esta
d2380	62 6c 69 73 68 65 73 20 74 68 65 20 50 50 54 50 20 74 75 6e 6e 65 6c 20 74 6f 20 74 68 65 20 72	blishes.the.PPTP.tunnel.to.the.r
d23a0	65 6d 6f 74 65 20 73 79 73 74 65 6d 2e 00 54 68 65 20 63 6f 6d 70 75 74 65 72 73 20 6f 6e 20 61	emote.system..The.computers.on.a
d23c0	6e 20 69 6e 74 65 72 6e 61 6c 20 6e 65 74 77 6f 72 6b 20 63 61 6e 20 75 73 65 20 61 6e 79 20 6f	n.internal.network.can.use.any.o
d23e0	66 20 74 68 65 20 61 64 64 72 65 73 73 65 73 20 73 65 74 20 61 73 69 64 65 20 62 79 20 74 68 65	f.the.addresses.set.aside.by.the
d2400	20 3a 61 62 62 72 3a 60 49 41 4e 41 20 28 49 6e 74 65 72 6e 65 74 20 41 73 73 69 67 6e 65 64 20	.:abbr:`IANA.(Internet.Assigned.
d2420	4e 75 6d 62 65 72 73 20 41 75 74 68 6f 72 69 74 79 29 60 20 66 6f 72 20 70 72 69 76 61 74 65 20	Numbers.Authority)`.for.private.
d2440	61 64 64 72 65 73 73 69 6e 67 20 28 73 65 65 20 3a 72 66 63 3a 60 31 39 31 38 60 29 2e 20 54 68	addressing.(see.:rfc:`1918`)..Th
d2460	65 73 65 20 72 65 73 65 72 76 65 64 20 49 50 20 61 64 64 72 65 73 73 65 73 20 61 72 65 20 6e 6f	ese.reserved.IP.addresses.are.no
d2480	74 20 69 6e 20 75 73 65 20 6f 6e 20 74 68 65 20 49 6e 74 65 72 6e 65 74 2c 20 73 6f 20 61 6e 20	t.in.use.on.the.Internet,.so.an.
d24a0	65 78 74 65 72 6e 61 6c 20 6d 61 63 68 69 6e 65 20 77 69 6c 6c 20 6e 6f 74 20 64 69 72 65 63 74	external.machine.will.not.direct
d24c0	6c 79 20 72 6f 75 74 65 20 74 6f 20 74 68 65 6d 2e 20 54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20	ly.route.to.them..The.following.
d24e0	61 64 64 72 65 73 73 65 73 20 61 72 65 20 72 65 73 65 72 76 65 64 20 66 6f 72 20 70 72 69 76 61	addresses.are.reserved.for.priva
d2500	74 65 20 75 73 65 3a 00 54 68 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 77 69 6c 6c 20 6c	te.use:.The.configuration.will.l
d2520	6f 6f 6b 20 61 73 20 66 6f 6c 6c 6f 77 73 3a 00 54 68 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f	ook.as.follows:.The.configuratio
d2540	6e 73 20 61 62 6f 76 65 20 77 69 6c 6c 20 64 65 66 61 75 6c 74 20 74 6f 20 75 73 69 6e 67 20 32	ns.above.will.default.to.using.2
d2560	35 36 2d 62 69 74 20 41 45 53 20 69 6e 20 47 43 4d 20 6d 6f 64 65 20 66 6f 72 20 65 6e 63 72 79	56-bit.AES.in.GCM.mode.for.encry
d2580	70 74 69 6f 6e 20 28 69 66 20 62 6f 74 68 20 73 69 64 65 73 20 73 75 70 70 6f 72 74 20 4e 43 50	ption.(if.both.sides.support.NCP
d25a0	29 20 61 6e 64 20 53 48 41 2d 31 20 66 6f 72 20 48 4d 41 43 20 61 75 74 68 65 6e 74 69 63 61 74	).and.SHA-1.for.HMAC.authenticat
d25c0	69 6f 6e 2e 20 53 48 41 2d 31 20 69 73 20 63 6f 6e 73 69 64 65 72 65 64 20 77 65 61 6b 2c 20 62	ion..SHA-1.is.considered.weak,.b
d25e0	75 74 20 6f 74 68 65 72 20 68 61 73 68 69 6e 67 20 61 6c 67 6f 72 69 74 68 6d 73 20 61 72 65 20	ut.other.hashing.algorithms.are.
d2600	61 76 61 69 6c 61 62 6c 65 2c 20 61 73 20 61 72 65 20 65 6e 63 72 79 70 74 69 6f 6e 20 61 6c 67	available,.as.are.encryption.alg
d2620	6f 72 69 74 68 6d 73 3a 00 54 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 73 74 61 74 65 20 68 6f	orithms:.The.connection.state.ho
d2640	77 65 76 65 72 20 69 73 20 63 6f 6d 70 6c 65 74 65 6c 79 20 69 6e 64 65 70 65 6e 64 65 6e 74 20	wever.is.completely.independent.
d2660	6f 66 20 61 6e 79 20 75 70 70 65 72 2d 6c 65 76 65 6c 20 73 74 61 74 65 2c 20 73 75 63 68 20 61	of.any.upper-level.state,.such.a
d2680	73 20 54 43 50 27 73 20 6f 72 20 53 43 54 50 27 73 20 73 74 61 74 65 2e 20 50 61 72 74 20 6f 66	s.TCP's.or.SCTP's.state..Part.of
d26a0	20 74 68 65 20 72 65 61 73 6f 6e 20 66 6f 72 20 74 68 69 73 20 69 73 20 74 68 61 74 20 77 68 65	.the.reason.for.this.is.that.whe
d26c0	6e 20 6d 65 72 65 6c 79 20 66 6f 72 77 61 72 64 69 6e 67 20 70 61 63 6b 65 74 73 2c 20 69 2e 65	n.merely.forwarding.packets,.i.e
d26e0	2e 20 6e 6f 20 6c 6f 63 61 6c 20 64 65 6c 69 76 65 72 79 2c 20 74 68 65 20 54 43 50 20 65 6e 67	..no.local.delivery,.the.TCP.eng
d2700	69 6e 65 20 6d 61 79 20 6e 6f 74 20 6e 65 63 65 73 73 61 72 69 6c 79 20 62 65 20 69 6e 76 6f 6b	ine.may.not.necessarily.be.invok
d2720	65 64 20 61 74 20 61 6c 6c 2e 20 45 76 65 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 6c 65 73 73 2d 6d	ed.at.all..Even.connectionless-m
d2740	6f 64 65 20 74 72 61 6e 73 6d 69 73 73 69 6f 6e 73 20 73 75 63 68 20 61 73 20 55 44 50 2c 20 49	ode.transmissions.such.as.UDP,.I
d2760	50 73 65 63 20 28 41 48 2f 45 53 50 29 2c 20 47 52 45 20 61 6e 64 20 6f 74 68 65 72 20 74 75 6e	Psec.(AH/ESP),.GRE.and.other.tun
d2780	6e 65 6c 69 6e 67 20 70 72 6f 74 6f 63 6f 6c 73 20 68 61 76 65 2c 20 61 74 20 6c 65 61 73 74 2c	neling.protocols.have,.at.least,
d27a0	20 61 20 70 73 65 75 64 6f 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 73 74 61 74 65 2e 20 54 68 65 20	.a.pseudo.connection.state..The.
d27c0	68 65 75 72 69 73 74 69 63 20 66 6f 72 20 73 75 63 68 20 70 72 6f 74 6f 63 6f 6c 73 20 69 73 20	heuristic.for.such.protocols.is.
d27e0	6f 66 74 65 6e 20 62 61 73 65 64 20 75 70 6f 6e 20 61 20 70 72 65 73 65 74 20 74 69 6d 65 6f 75	often.based.upon.a.preset.timeou
d2800	74 20 76 61 6c 75 65 20 66 6f 72 20 69 6e 61 63 74 69 76 69 74 79 2c 20 61 66 74 65 72 20 77 68	t.value.for.inactivity,.after.wh
d2820	6f 73 65 20 65 78 70 69 72 61 74 69 6f 6e 20 61 20 4e 65 74 66 69 6c 74 65 72 20 63 6f 6e 6e 65	ose.expiration.a.Netfilter.conne
d2840	63 74 69 6f 6e 20 69 73 20 64 72 6f 70 70 65 64 2e 00 54 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e	ction.is.dropped..The.connection
d2860	20 74 72 61 63 6b 69 6e 67 20 65 78 70 65 63 74 20 74 61 62 6c 65 20 63 6f 6e 74 61 69 6e 73 20	.tracking.expect.table.contains.
d2880	6f 6e 65 20 65 6e 74 72 79 20 66 6f 72 20 65 61 63 68 20 65 78 70 65 63 74 65 64 20 63 6f 6e 6e	one.entry.for.each.expected.conn
d28a0	65 63 74 69 6f 6e 20 72 65 6c 61 74 65 64 20 74 6f 20 61 6e 20 65 78 69 73 74 69 6e 67 20 63 6f	ection.related.to.an.existing.co
d28c0	6e 6e 65 63 74 69 6f 6e 2e 20 54 68 65 73 65 20 61 72 65 20 67 65 6e 65 72 61 6c 6c 79 20 75 73	nnection..These.are.generally.us
d28e0	65 64 20 62 79 20 e2 80 9c 63 6f 6e 6e 65 63 74 69 6f 6e 20 74 72 61 63 6b 69 6e 67 20 68 65 6c	ed.by....connection.tracking.hel
d2900	70 65 72 e2 80 9d 20 6d 6f 64 75 6c 65 73 20 73 75 63 68 20 61 73 20 46 54 50 2e 20 54 68 65 20	per....modules.such.as.FTP..The.
d2920	64 65 66 61 75 6c 74 20 73 69 7a 65 20 6f 66 20 74 68 65 20 65 78 70 65 63 74 20 74 61 62 6c 65	default.size.of.the.expect.table
d2940	20 69 73 20 32 30 34 38 20 65 6e 74 72 69 65 73 2e 00 54 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e	.is.2048.entries..The.connection
d2960	20 74 72 61 63 6b 69 6e 67 20 74 61 62 6c 65 20 63 6f 6e 74 61 69 6e 73 20 6f 6e 65 20 65 6e 74	.tracking.table.contains.one.ent
d2980	72 79 20 66 6f 72 20 65 61 63 68 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 62 65 69 6e 67 20 74 72 61	ry.for.each.connection.being.tra
d29a0	63 6b 65 64 20 62 79 20 74 68 65 20 73 79 73 74 65 6d 2e 00 54 68 65 20 63 75 72 72 65 6e 74 20	cked.by.the.system..The.current.
d29c0	61 74 74 72 69 62 75 74 65 20 27 46 69 6c 74 65 72 2d 49 64 27 20 69 73 20 62 65 69 6e 67 20 75	attribute.'Filter-Id'.is.being.u
d29e0	73 65 64 20 61 73 20 64 65 66 61 75 6c 74 20 61 6e 64 20 63 61 6e 20 62 65 20 73 65 74 75 70 20	sed.as.default.and.can.be.setup.
d2a00	77 69 74 68 69 6e 20 52 41 44 49 55 53 3a 00 54 68 65 20 63 75 72 72 65 6e 74 20 70 72 6f 74 6f	within.RADIUS:.The.current.proto
d2a20	63 6f 6c 20 69 73 20 76 65 72 73 69 6f 6e 20 34 20 28 4e 54 50 76 34 29 2c 20 77 68 69 63 68 20	col.is.version.4.(NTPv4),.which.
d2a40	69 73 20 61 20 70 72 6f 70 6f 73 65 64 20 73 74 61 6e 64 61 72 64 20 61 73 20 64 6f 63 75 6d 65	is.a.proposed.standard.as.docume
d2a60	6e 74 65 64 20 69 6e 20 3a 72 66 63 3a 60 35 39 30 35 60 2e 20 49 74 20 69 73 20 62 61 63 6b 77	nted.in.:rfc:`5905`..It.is.backw
d2a80	61 72 64 20 63 6f 6d 70 61 74 69 62 6c 65 20 77 69 74 68 20 76 65 72 73 69 6f 6e 20 33 2c 20 73	ard.compatible.with.version.3,.s
d2aa0	70 65 63 69 66 69 65 64 20 69 6e 20 3a 72 66 63 3a 60 31 33 30 35 60 2e 00 54 68 65 20 64 61 65	pecified.in.:rfc:`1305`..The.dae
d2ac0	6d 6f 6e 20 64 6f 75 62 6c 65 73 20 74 68 65 20 73 69 7a 65 20 6f 66 20 74 68 65 20 6e 65 74 6c	mon.doubles.the.size.of.the.netl
d2ae0	69 6e 6b 20 65 76 65 6e 74 20 73 6f 63 6b 65 74 20 62 75 66 66 65 72 20 73 69 7a 65 20 69 66 20	ink.event.socket.buffer.size.if.
d2b00	69 74 20 64 65 74 65 63 74 73 20 6e 65 74 6c 69 6e 6b 20 65 76 65 6e 74 20 6d 65 73 73 61 67 65	it.detects.netlink.event.message
d2b20	20 64 72 6f 70 70 69 6e 67 2e 20 54 68 69 73 20 63 6c 61 75 73 65 20 73 65 74 73 20 74 68 65 20	.dropping..This.clause.sets.the.
d2b40	6d 61 78 69 6d 75 6d 20 62 75 66 66 65 72 20 73 69 7a 65 20 67 72 6f 77 74 68 20 74 68 61 74 20	maximum.buffer.size.growth.that.
d2b60	63 61 6e 20 62 65 20 72 65 61 63 68 65 64 2e 00 54 68 65 20 64 65 66 61 75 6c 74 20 52 41 44 49	can.be.reached..The.default.RADI
d2b80	55 53 20 61 74 74 72 69 62 75 74 65 20 66 6f 72 20 72 61 74 65 20 6c 69 6d 69 74 69 6e 67 20 69	US.attribute.for.rate.limiting.i
d2ba0	73 20 60 60 46 69 6c 74 65 72 2d 49 64 60 60 2c 20 62 75 74 20 79 6f 75 20 6d 61 79 20 61 6c 73	s.``Filter-Id``,.but.you.may.als
d2bc0	6f 20 72 65 64 65 66 69 6e 65 20 69 74 2e 00 54 68 65 20 64 65 66 61 75 6c 74 20 56 79 4f 53 20	o.redefine.it..The.default.VyOS.
d2be0	75 73 65 72 20 61 63 63 6f 75 6e 74 20 28 60 76 79 6f 73 60 29 2c 20 61 73 20 77 65 6c 6c 20 61	user.account.(`vyos`),.as.well.a
d2c00	73 20 6e 65 77 6c 79 20 63 72 65 61 74 65 64 20 75 73 65 72 20 61 63 63 6f 75 6e 74 73 2c 20 68	s.newly.created.user.accounts,.h
d2c20	61 76 65 20 61 6c 6c 20 63 61 70 61 62 69 6c 69 74 69 65 73 20 74 6f 20 63 6f 6e 66 69 67 75 72	ave.all.capabilities.to.configur
d2c40	65 20 74 68 65 20 73 79 73 74 65 6d 2e 20 41 6c 6c 20 61 63 63 6f 75 6e 74 73 20 68 61 76 65 20	e.the.system..All.accounts.have.
d2c60	73 75 64 6f 20 63 61 70 61 62 69 6c 69 74 69 65 73 20 61 6e 64 20 74 68 65 72 65 66 6f 72 65 20	sudo.capabilities.and.therefore.
d2c80	63 61 6e 20 6f 70 65 72 61 74 65 20 61 73 20 72 6f 6f 74 20 6f 6e 20 74 68 65 20 73 79 73 74 65	can.operate.as.root.on.the.syste
d2ca0	6d 2e 00 54 68 65 20 64 65 66 61 75 6c 74 20 68 6f 73 74 6e 61 6d 65 20 75 73 65 64 20 69 73 20	m..The.default.hostname.used.is.
d2cc0	60 76 79 6f 73 60 2e 00 54 68 65 20 64 65 66 61 75 6c 74 20 6c 65 61 73 65 20 74 69 6d 65 20 66	`vyos`..The.default.lease.time.f
d2ce0	6f 72 20 44 48 43 50 76 36 20 6c 65 61 73 65 73 20 69 73 20 32 34 20 68 6f 75 72 73 2e 20 54 68	or.DHCPv6.leases.is.24.hours..Th
d2d00	69 73 20 63 61 6e 20 62 65 20 63 68 61 6e 67 65 64 20 62 79 20 73 75 70 70 6c 79 69 6e 67 20 61	is.can.be.changed.by.supplying.a
d2d20	20 60 60 64 65 66 61 75 6c 74 2d 74 69 6d 65 60 60 2c 20 60 60 6d 61 78 69 6d 75 6d 2d 74 69 6d	.``default-time``,.``maximum-tim
d2d40	65 60 60 20 61 6e 64 20 60 60 6d 69 6e 69 6d 75 6d 2d 74 69 6d 65 60 60 2e 20 41 6c 6c 20 76 61	e``.and.``minimum-time``..All.va
d2d60	6c 75 65 73 20 6e 65 65 64 20 74 6f 20 62 65 20 73 75 70 70 6c 69 65 64 20 69 6e 20 73 65 63 6f	lues.need.to.be.supplied.in.seco
d2d80	6e 64 73 2e 00 54 68 65 20 64 65 66 61 75 6c 74 20 70 6f 72 74 20 75 64 70 20 69 73 20 73 65 74	nds..The.default.port.udp.is.set
d2da0	20 74 6f 20 38 34 37 32 2e 20 49 74 20 63 61 6e 20 62 65 20 63 68 61 6e 67 65 64 20 77 69 74 68	.to.8472..It.can.be.changed.with
d2dc0	20 60 60 73 65 74 20 69 6e 74 65 72 66 61 63 65 20 76 78 6c 61 6e 20 3c 76 78 6c 61 6e 4e 3e 20	.``set.interface.vxlan.<vxlanN>.
d2de0	70 6f 72 74 20 3c 70 6f 72 74 3e 60 60 00 54 68 65 20 64 65 66 61 75 6c 74 20 76 61 6c 75 65 20	port.<port>``.The.default.value.
d2e00	63 6f 72 72 65 73 70 6f 6e 64 73 20 74 6f 20 36 34 2e 00 54 68 65 20 64 65 66 61 75 6c 74 20 76	corresponds.to.64..The.default.v
d2e20	61 6c 75 65 20 69 73 20 30 2e 20 54 68 69 73 20 77 69 6c 6c 20 63 61 75 73 65 20 74 68 65 20 63	alue.is.0..This.will.cause.the.c
d2e40	61 72 72 69 65 72 20 74 6f 20 62 65 20 61 73 73 65 72 74 65 64 20 28 66 6f 72 20 38 30 32 2e 33	arrier.to.be.asserted.(for.802.3
d2e60	61 64 20 6d 6f 64 65 29 20 77 68 65 6e 65 76 65 72 20 74 68 65 72 65 20 69 73 20 61 6e 20 61 63	ad.mode).whenever.there.is.an.ac
d2e80	74 69 76 65 20 61 67 67 72 65 67 61 74 6f 72 2c 20 72 65 67 61 72 64 6c 65 73 73 20 6f 66 20 74	tive.aggregator,.regardless.of.t
d2ea0	68 65 20 6e 75 6d 62 65 72 20 6f 66 20 61 76 61 69 6c 61 62 6c 65 20 6c 69 6e 6b 73 20 69 6e 20	he.number.of.available.links.in.
d2ec0	74 68 61 74 20 61 67 67 72 65 67 61 74 6f 72 2e 00 54 68 65 20 64 65 66 61 75 6c 74 20 76 61 6c	that.aggregator..The.default.val
d2ee0	75 65 20 69 73 20 33 30 30 20 73 65 63 6f 6e 64 73 2e 00 54 68 65 20 64 65 66 61 75 6c 74 20 76	ue.is.300.seconds..The.default.v
d2f00	61 6c 75 65 20 69 73 20 38 36 34 30 30 20 73 65 63 6f 6e 64 73 20 77 68 69 63 68 20 63 6f 72 72	alue.is.86400.seconds.which.corr
d2f20	65 73 70 6f 6e 64 73 20 74 6f 20 6f 6e 65 20 64 61 79 2e 00 54 68 65 20 64 65 66 61 75 6c 74 20	esponds.to.one.day..The.default.
d2f40	76 61 6c 75 65 20 69 73 20 73 6c 6f 77 2e 00 54 68 65 20 64 65 66 61 75 6c 74 20 76 61 6c 75 65	value.is.slow..The.default.value
d2f60	73 20 66 6f 72 20 74 68 65 20 6d 69 6e 69 6d 75 6d 2d 74 68 72 65 73 68 6f 6c 64 20 64 65 70 65	s.for.the.minimum-threshold.depe
d2f80	6e 64 20 6f 6e 20 49 50 20 70 72 65 63 65 64 65 6e 63 65 3a 00 54 68 65 20 64 65 73 74 69 6e 61	nd.on.IP.precedence:.The.destina
d2fa0	74 69 6f 6e 20 70 6f 72 74 20 75 73 65 64 20 66 6f 72 20 63 72 65 61 74 69 6e 67 20 61 20 56 58	tion.port.used.for.creating.a.VX
d2fc0	4c 41 4e 20 69 6e 74 65 72 66 61 63 65 20 69 6e 20 4c 69 6e 75 78 20 64 65 66 61 75 6c 74 73 20	LAN.interface.in.Linux.defaults.
d2fe0	74 6f 20 69 74 73 20 70 72 65 2d 73 74 61 6e 64 61 72 64 20 76 61 6c 75 65 20 6f 66 20 38 34 37	to.its.pre-standard.value.of.847
d3000	32 20 74 6f 20 70 72 65 73 65 72 76 65 20 62 61 63 6b 77 61 72 64 20 63 6f 6d 70 61 74 69 62 69	2.to.preserve.backward.compatibi
d3020	6c 69 74 79 2e 20 41 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 64 69 72 65 63 74 69 76 65 20	lity..A.configuration.directive.
d3040	74 6f 20 73 75 70 70 6f 72 74 20 61 20 75 73 65 72 2d 73 70 65 63 69 66 69 65 64 20 64 65 73 74	to.support.a.user-specified.dest
d3060	69 6e 61 74 69 6f 6e 20 70 6f 72 74 20 74 6f 20 6f 76 65 72 72 69 64 65 20 74 68 61 74 20 62 65	ination.port.to.override.that.be
d3080	68 61 76 69 6f 72 20 69 73 20 61 76 61 69 6c 61 62 6c 65 20 75 73 69 6e 67 20 74 68 65 20 61 62	havior.is.available.using.the.ab
d30a0	6f 76 65 20 63 6f 6d 6d 61 6e 64 2e 00 54 68 65 20 64 69 61 6c 6f 67 75 65 20 62 65 74 77 65 65	ove.command..The.dialogue.betwee
d30c0	6e 20 66 61 69 6c 6f 76 65 72 20 70 61 72 74 6e 65 72 73 20 69 73 20 6e 65 69 74 68 65 72 20 65	n.failover.partners.is.neither.e
d30e0	6e 63 72 79 70 74 65 64 20 6e 6f 72 20 61 75 74 68 65 6e 74 69 63 61 74 65 64 2e 20 53 69 6e 63	ncrypted.nor.authenticated..Sinc
d3100	65 20 6d 6f 73 74 20 44 48 43 50 20 73 65 72 76 65 72 73 20 65 78 69 73 74 20 77 69 74 68 69 6e	e.most.DHCP.servers.exist.within
d3120	20 61 6e 20 6f 72 67 61 6e 69 73 61 74 69 6f 6e 27 73 20 6f 77 6e 20 73 65 63 75 72 65 20 49 6e	.an.organisation's.own.secure.In
d3140	74 72 61 6e 65 74 2c 20 74 68 69 73 20 77 6f 75 6c 64 20 62 65 20 61 6e 20 75 6e 6e 65 63 65 73	tranet,.this.would.be.an.unneces
d3160	73 61 72 79 20 6f 76 65 72 68 65 61 64 2e 20 48 6f 77 65 76 65 72 2c 20 69 66 20 79 6f 75 20 68	sary.overhead..However,.if.you.h
d3180	61 76 65 20 44 48 43 50 20 66 61 69 6c 6f 76 65 72 20 70 65 65 72 73 20 77 68 6f 73 65 20 63 6f	ave.DHCP.failover.peers.whose.co
d31a0	6d 6d 75 6e 69 63 61 74 69 6f 6e 73 20 74 72 61 76 65 72 73 65 20 69 6e 73 65 63 75 72 65 20 6e	mmunications.traverse.insecure.n
d31c0	65 74 77 6f 72 6b 73 2c 20 74 68 65 6e 20 77 65 20 72 65 63 6f 6d 6d 65 6e 64 20 74 68 61 74 20	etworks,.then.we.recommend.that.
d31e0	79 6f 75 20 63 6f 6e 73 69 64 65 72 20 74 68 65 20 75 73 65 20 6f 66 20 56 50 4e 20 74 75 6e 6e	you.consider.the.use.of.VPN.tunn
d3200	65 6c 69 6e 67 20 62 65 74 77 65 65 6e 20 74 68 65 6d 20 74 6f 20 65 6e 73 75 72 65 20 74 68 61	eling.between.them.to.ensure.tha
d3220	74 20 74 68 65 20 66 61 69 6c 6f 76 65 72 20 70 61 72 74 6e 65 72 73 68 69 70 20 69 73 20 69 6d	t.the.failover.partnership.is.im
d3240	6d 75 6e 65 20 74 6f 20 64 69 73 72 75 70 74 69 6f 6e 20 28 61 63 63 69 64 65 6e 74 61 6c 20 6f	mune.to.disruption.(accidental.o
d3260	72 20 6f 74 68 65 72 77 69 73 65 29 20 76 69 61 20 74 68 69 72 64 20 70 61 72 74 69 65 73 2e 00	r.otherwise).via.third.parties..
d3280	54 68 65 20 64 6f 6d 61 69 6e 2d 6e 61 6d 65 20 70 61 72 61 6d 65 74 65 72 20 73 68 6f 75 6c 64	The.domain-name.parameter.should
d32a0	20 62 65 20 74 68 65 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 20 74 68 61 74 20 77 69 6c 6c 20 62 65	.be.the.domain.name.that.will.be
d32c0	20 61 70 70 65 6e 64 65 64 20 74 6f 20 74 68 65 20 63 6c 69 65 6e 74 27 73 20 68 6f 73 74 6e 61	.appended.to.the.client's.hostna
d32e0	6d 65 20 74 6f 20 66 6f 72 6d 20 61 20 66 75 6c 6c 79 2d 71 75 61 6c 69 66 69 65 64 20 64 6f 6d	me.to.form.a.fully-qualified.dom
d3300	61 69 6e 2d 6e 61 6d 65 20 28 46 51 44 4e 29 20 28 44 48 43 50 20 4f 70 74 69 6f 6e 20 30 31 35	ain-name.(FQDN).(DHCP.Option.015
d3320	29 2e 00 54 68 65 20 64 6f 6d 61 69 6e 2d 6e 61 6d 65 20 70 61 72 61 6d 65 74 65 72 20 73 68 6f	)..The.domain-name.parameter.sho
d3340	75 6c 64 20 62 65 20 74 68 65 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 20 75 73 65 64 20 77 68 65 6e	uld.be.the.domain.name.used.when
d3360	20 63 6f 6d 70 6c 65 74 69 6e 67 20 44 4e 53 20 72 65 71 75 65 73 74 20 77 68 65 72 65 20 6e 6f	.completing.DNS.request.where.no
d3380	20 66 75 6c 6c 20 46 51 44 4e 20 69 73 20 70 61 73 73 65 64 2e 20 54 68 69 73 20 6f 70 74 69 6f	.full.FQDN.is.passed..This.optio
d33a0	6e 20 63 61 6e 20 62 65 20 67 69 76 65 6e 20 6d 75 6c 74 69 70 6c 65 20 74 69 6d 65 73 20 69 66	n.can.be.given.multiple.times.if
d33c0	20 79 6f 75 20 6e 65 65 64 20 6d 75 6c 74 69 70 6c 65 20 73 65 61 72 63 68 20 64 6f 6d 61 69 6e	.you.need.multiple.search.domain
d33e0	73 20 28 44 48 43 50 20 4f 70 74 69 6f 6e 20 31 31 39 29 2e 00 54 68 65 20 64 75 6d 6d 79 20 69	s.(DHCP.Option.119)..The.dummy.i
d3400	6e 74 65 72 66 61 63 65 20 61 6c 6c 6f 77 73 20 75 73 20 74 6f 20 68 61 76 65 20 61 6e 20 65 71	nterface.allows.us.to.have.an.eq
d3420	75 69 76 61 6c 65 6e 74 20 6f 66 20 74 68 65 20 43 69 73 63 6f 20 49 4f 53 20 4c 6f 6f 70 62 61	uivalent.of.the.Cisco.IOS.Loopba
d3440	63 6b 20 69 6e 74 65 72 66 61 63 65 20 2d 20 61 20 72 6f 75 74 65 72 2d 69 6e 74 65 72 6e 61 6c	ck.interface.-.a.router-internal
d3460	20 69 6e 74 65 72 66 61 63 65 20 77 65 20 63 61 6e 20 75 73 65 20 66 6f 72 20 49 50 20 61 64 64	.interface.we.can.use.for.IP.add
d3480	72 65 73 73 65 73 20 74 68 65 20 72 6f 75 74 65 72 20 6d 75 73 74 20 6b 6e 6f 77 20 61 62 6f 75	resses.the.router.must.know.abou
d34a0	74 2c 20 62 75 74 20 77 68 69 63 68 20 61 72 65 20 6e 6f 74 20 61 63 74 75 61 6c 6c 79 20 61 73	t,.but.which.are.not.actually.as
d34c0	73 69 67 6e 65 64 20 74 6f 20 61 20 72 65 61 6c 20 6e 65 74 77 6f 72 6b 2e 00 54 68 65 20 64 75	signed.to.a.real.network..The.du
d34e0	6d 6d 79 20 69 6e 74 65 72 66 61 63 65 20 69 73 20 72 65 61 6c 6c 79 20 61 20 6c 69 74 74 6c 65	mmy.interface.is.really.a.little
d3500	20 65 78 6f 74 69 63 2c 20 62 75 74 20 72 61 74 68 65 72 20 75 73 65 66 75 6c 20 6e 65 76 65 72	.exotic,.but.rather.useful.never
d3520	74 68 65 6c 65 73 73 2e 20 44 75 6d 6d 79 20 69 6e 74 65 72 66 61 63 65 73 20 61 72 65 20 6d 75	theless..Dummy.interfaces.are.mu
d3540	63 68 20 6c 69 6b 65 20 74 68 65 20 3a 72 65 66 3a 60 6c 6f 6f 70 62 61 63 6b 2d 69 6e 74 65 72	ch.like.the.:ref:`loopback-inter
d3560	66 61 63 65 60 20 69 6e 74 65 72 66 61 63 65 2c 20 65 78 63 65 70 74 20 79 6f 75 20 63 61 6e 20	face`.interface,.except.you.can.
d3580	68 61 76 65 20 61 73 20 6d 61 6e 79 20 61 73 20 79 6f 75 20 77 61 6e 74 2e 00 54 68 65 20 65 6d	have.as.many.as.you.want..The.em
d35a0	62 65 64 64 65 64 20 53 71 75 69 64 20 70 72 6f 78 79 20 63 61 6e 20 75 73 65 20 4c 44 41 50 20	bedded.Squid.proxy.can.use.LDAP.
d35c0	74 6f 20 61 75 74 68 65 6e 74 69 63 61 74 65 20 75 73 65 72 73 20 61 67 61 69 6e 73 74 20 61 20	to.authenticate.users.against.a.
d35e0	63 6f 6d 70 61 6e 79 20 77 69 64 65 20 64 69 72 65 63 74 6f 72 79 2e 20 54 68 65 20 66 6f 6c 6c	company.wide.directory..The.foll
d3600	6f 77 69 6e 67 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 69 73 20 61 6e 20 65 78 61 6d 70 6c	owing.configuration.is.an.exampl
d3620	65 20 6f 66 20 68 6f 77 20 74 6f 20 75 73 65 20 41 63 74 69 76 65 20 44 69 72 65 63 74 6f 72 79	e.of.how.to.use.Active.Directory
d3640	20 61 73 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 62 61 63 6b 65 6e 64 2e 20 51 75 65 72	.as.authentication.backend..Quer
d3660	69 65 73 20 61 72 65 20 64 6f 6e 65 20 76 69 61 20 4c 44 41 50 2e 00 54 68 65 20 65 78 61 6d 70	ies.are.done.via.LDAP..The.examp
d3680	6c 65 20 61 62 6f 76 65 20 75 73 65 73 20 31 39 32 2e 30 2e 32 2e 32 20 61 73 20 65 78 74 65 72	le.above.uses.192.0.2.2.as.exter
d36a0	6e 61 6c 20 49 50 20 61 64 64 72 65 73 73 2e 20 41 20 4c 41 43 20 6e 6f 72 6d 61 6c 6c 79 20 72	nal.IP.address..A.LAC.normally.r
d36c0	65 71 75 69 72 65 73 20 61 6e 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 70 61 73 73 77 6f	equires.an.authentication.passwo
d36e0	72 64 2c 20 77 68 69 63 68 20 69 73 20 73 65 74 20 69 6e 20 74 68 65 20 65 78 61 6d 70 6c 65 20	rd,.which.is.set.in.the.example.
d3700	63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 74 6f 20 60 60 6c 6e 73 20 73 68 61 72 65 64 2d 73 65	configuration.to.``lns.shared-se
d3720	63 72 65 74 20 27 73 65 63 72 65 74 27 60 60 2e 20 54 68 69 73 20 73 65 74 75 70 20 72 65 71 75	cret.'secret'``..This.setup.requ
d3740	69 72 65 73 20 74 68 65 20 43 6f 6d 70 72 65 73 73 69 6f 6e 20 43 6f 6e 74 72 6f 6c 20 50 72 6f	ires.the.Compression.Control.Pro
d3760	74 6f 63 6f 6c 20 28 43 43 50 29 20 62 65 69 6e 67 20 64 69 73 61 62 6c 65 64 2c 20 74 68 65 20	tocol.(CCP).being.disabled,.the.
d3780	63 6f 6d 6d 61 6e 64 20 60 60 73 65 74 20 76 70 6e 20 6c 32 74 70 20 72 65 6d 6f 74 65 2d 61 63	command.``set.vpn.l2tp.remote-ac
d37a0	63 65 73 73 20 63 63 70 2d 64 69 73 61 62 6c 65 60 60 20 61 63 63 6f 6d 70 6c 69 73 68 65 73 20	cess.ccp-disable``.accomplishes.
d37c0	74 68 61 74 2e 00 54 68 65 20 65 78 61 6d 70 6c 65 20 62 65 6c 6f 77 20 63 6f 76 65 72 73 20 61	that..The.example.below.covers.a
d37e0	20 64 75 61 6c 2d 73 74 61 63 6b 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 76 69 61 20 70 70	.dual-stack.configuration.via.pp
d3800	70 6f 65 2d 73 65 72 76 65 72 2e 00 54 68 65 20 65 78 61 6d 70 6c 65 20 62 65 6c 6f 77 20 75 73	poe-server..The.example.below.us
d3820	65 73 20 41 43 4e 20 61 73 20 61 63 63 65 73 73 2d 63 6f 6e 63 65 6e 74 72 61 74 6f 72 20 6e 61	es.ACN.as.access-concentrator.na
d3840	6d 65 2c 20 61 73 73 69 67 6e 73 20 61 6e 20 61 64 64 72 65 73 73 20 66 72 6f 6d 20 74 68 65 20	me,.assigns.an.address.from.the.
d3860	70 6f 6f 6c 20 31 30 2e 31 2e 31 2e 31 30 30 2d 31 31 31 2c 20 74 65 72 6d 69 6e 61 74 65 73 20	pool.10.1.1.100-111,.terminates.
d3880	61 74 20 74 68 65 20 6c 6f 63 61 6c 20 65 6e 64 70 6f 69 6e 74 20 31 30 2e 31 2e 31 2e 31 20 61	at.the.local.endpoint.10.1.1.1.a
d38a0	6e 64 20 73 65 72 76 65 73 20 72 65 71 75 65 73 74 73 20 6f 6e 6c 79 20 6f 6e 20 65 74 68 31 2e	nd.serves.requests.only.on.eth1.
d38c0	00 54 68 65 20 65 78 61 6d 70 6c 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 62 65 6c 6f 77	.The.example.configuration.below
d38e0	20 77 69 6c 6c 20 61 73 73 69 67 6e 20 61 6e 20 49 50 20 74 6f 20 74 68 65 20 63 6c 69 65 6e 74	.will.assign.an.IP.to.the.client
d3900	20 6f 6e 20 74 68 65 20 69 6e 63 6f 6d 69 6e 67 20 69 6e 74 65 72 66 61 63 65 20 65 74 68 32 20	.on.the.incoming.interface.eth2.
d3920	77 69 74 68 20 74 68 65 20 63 6c 69 65 6e 74 20 6d 61 63 20 61 64 64 72 65 73 73 20 30 38 3a 30	with.the.client.mac.address.08:0
d3940	30 3a 32 37 3a 32 66 3a 64 38 3a 30 36 2e 20 4f 74 68 65 72 20 44 48 43 50 20 64 69 73 63 6f 76	0:27:2f:d8:06..Other.DHCP.discov
d3960	65 72 79 20 72 65 71 75 65 73 74 73 20 77 69 6c 6c 20 62 65 20 69 67 6e 6f 72 65 64 2c 20 75 6e	ery.requests.will.be.ignored,.un
d3980	6c 65 73 73 20 74 68 65 20 63 6c 69 65 6e 74 20 6d 61 63 20 68 61 73 20 62 65 65 6e 20 65 6e 61	less.the.client.mac.has.been.ena
d39a0	62 6c 65 64 20 69 6e 20 74 68 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2e 00 54 68 65 20 65	bled.in.the.configuration..The.e
d39c0	78 61 6d 70 6c 65 20 63 72 65 61 74 65 73 20 61 20 77 69 72 65 6c 65 73 73 20 73 74 61 74 69 6f	xample.creates.a.wireless.statio
d39e0	6e 20 28 63 6f 6d 6d 6f 6e 6c 79 20 72 65 66 65 72 72 65 64 20 74 6f 20 61 73 20 57 69 2d 46 69	n.(commonly.referred.to.as.Wi-Fi
d3a00	20 63 6c 69 65 6e 74 29 20 74 68 61 74 20 61 63 63 65 73 73 65 73 20 74 68 65 20 6e 65 74 77 6f	.client).that.accesses.the.netwo
d3a20	72 6b 20 74 68 72 6f 75 67 68 20 74 68 65 20 57 41 50 20 64 65 66 69 6e 65 64 20 69 6e 20 74 68	rk.through.the.WAP.defined.in.th
d3a40	65 20 61 62 6f 76 65 20 65 78 61 6d 70 6c 65 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 70 68 79	e.above.example..The.default.phy
d3a60	73 69 63 61 6c 20 64 65 76 69 63 65 20 28 60 60 70 68 79 30 60 60 29 20 69 73 20 75 73 65 64 2e	sical.device.(``phy0``).is.used.
d3a80	00 54 68 65 20 65 78 74 65 72 6e 61 6c 20 49 50 20 61 64 64 72 65 73 73 20 74 6f 20 74 72 61 6e	.The.external.IP.address.to.tran
d3aa0	73 6c 61 74 65 20 74 6f 00 54 68 65 20 66 69 72 65 77 61 6c 6c 20 73 75 70 70 6f 72 74 73 20 74	slate.to.The.firewall.supports.t
d3ac0	68 65 20 63 72 65 61 74 69 6f 6e 20 6f 66 20 67 72 6f 75 70 73 20 66 6f 72 20 61 64 64 72 65 73	he.creation.of.groups.for.addres
d3ae0	73 65 73 2c 20 64 6f 6d 61 69 6e 73 2c 20 69 6e 74 65 72 66 61 63 65 73 2c 20 6d 61 63 2d 61 64	ses,.domains,.interfaces,.mac-ad
d3b00	64 72 65 73 73 65 73 2c 20 6e 65 74 77 6f 72 6b 73 20 61 6e 64 20 70 6f 72 74 20 67 72 6f 75 70	dresses,.networks.and.port.group
d3b20	73 2e 20 54 68 69 73 20 67 72 6f 75 70 73 20 63 61 6e 20 62 65 20 75 73 65 64 20 6c 61 74 65 72	s..This.groups.can.be.used.later
d3b40	20 69 6e 20 66 69 72 65 77 61 6c 6c 20 72 75 6c 65 73 65 74 20 61 73 20 64 65 73 69 72 65 64 2e	.in.firewall.ruleset.as.desired.
d3b60	00 54 68 65 20 66 69 72 65 77 61 6c 6c 20 73 75 70 70 6f 72 74 73 20 74 68 65 20 63 72 65 61 74	.The.firewall.supports.the.creat
d3b80	69 6f 6e 20 6f 66 20 67 72 6f 75 70 73 20 66 6f 72 20 70 6f 72 74 73 2c 20 61 64 64 72 65 73 73	ion.of.groups.for.ports,.address
d3ba0	65 73 2c 20 61 6e 64 20 6e 65 74 77 6f 72 6b 73 20 28 69 6d 70 6c 65 6d 65 6e 74 65 64 20 75 73	es,.and.networks.(implemented.us
d3bc0	69 6e 67 20 6e 65 74 66 69 6c 74 65 72 20 69 70 73 65 74 29 20 61 6e 64 20 74 68 65 20 6f 70 74	ing.netfilter.ipset).and.the.opt
d3be0	69 6f 6e 20 6f 66 20 69 6e 74 65 72 66 61 63 65 20 6f 72 20 7a 6f 6e 65 20 62 61 73 65 64 20 66	ion.of.interface.or.zone.based.f
d3c00	69 72 65 77 61 6c 6c 20 70 6f 6c 69 63 79 2e 00 54 68 65 20 66 69 72 73 74 20 49 50 20 69 6e 20	irewall.policy..The.first.IP.in.
d3c20	74 68 65 20 63 6f 6e 74 61 69 6e 65 72 20 6e 65 74 77 6f 72 6b 20 69 73 20 72 65 73 65 72 76 65	the.container.network.is.reserve
d3c40	64 20 62 79 20 74 68 65 20 65 6e 67 69 6e 65 20 61 6e 64 20 63 61 6e 6e 6f 74 20 62 65 20 75 73	d.by.the.engine.and.cannot.be.us
d3c60	65 64 00 54 68 65 20 66 69 72 73 74 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 70 61 72 61	ed.The.first.address.of.the.para
d3c80	6d 65 74 65 72 20 60 60 63 6c 69 65 6e 74 2d 73 75 62 6e 65 74 60 60 2c 20 77 69 6c 6c 20 62 65	meter.``client-subnet``,.will.be
d3ca0	20 75 73 65 64 20 61 73 20 74 68 65 20 64 65 66 61 75 6c 74 20 67 61 74 65 77 61 79 2e 20 43 6f	.used.as.the.default.gateway..Co
d3cc0	6e 6e 65 63 74 65 64 20 73 65 73 73 69 6f 6e 73 20 63 61 6e 20 62 65 20 63 68 65 63 6b 65 64 20	nnected.sessions.can.be.checked.
d3ce0	76 69 61 20 74 68 65 20 60 60 73 68 6f 77 20 69 70 6f 65 2d 73 65 72 76 65 72 20 73 65 73 73 69	via.the.``show.ipoe-server.sessi
d3d00	6f 6e 73 60 60 20 63 6f 6d 6d 61 6e 64 2e 00 54 68 65 20 66 69 72 73 74 20 61 6e 64 20 61 72 67	ons``.command..The.first.and.arg
d3d20	75 61 62 6c 79 20 63 6c 65 61 6e 65 72 20 6f 70 74 69 6f 6e 20 69 73 20 74 6f 20 6d 61 6b 65 20	uably.cleaner.option.is.to.make.
d3d40	79 6f 75 72 20 49 50 73 65 63 20 70 6f 6c 69 63 79 20 6d 61 74 63 68 20 47 52 45 20 70 61 63 6b	your.IPsec.policy.match.GRE.pack
d3d60	65 74 73 20 62 65 74 77 65 65 6e 20 65 78 74 65 72 6e 61 6c 20 61 64 64 72 65 73 73 65 73 20 6f	ets.between.external.addresses.o
d3d80	66 20 79 6f 75 72 20 72 6f 75 74 65 72 73 2e 20 54 68 69 73 20 69 73 20 74 68 65 20 62 65 73 74	f.your.routers..This.is.the.best
d3da0	20 6f 70 74 69 6f 6e 20 69 66 20 62 6f 74 68 20 72 6f 75 74 65 72 73 20 68 61 76 65 20 73 74 61	.option.if.both.routers.have.sta
d3dc0	74 69 63 20 65 78 74 65 72 6e 61 6c 20 61 64 64 72 65 73 73 65 73 2e 00 54 68 65 20 66 69 72 73	tic.external.addresses..The.firs
d3de0	74 20 66 6c 6f 77 20 63 6f 6e 74 72 6f 6c 20 6d 65 63 68 61 6e 69 73 6d 2c 20 74 68 65 20 70 61	t.flow.control.mechanism,.the.pa
d3e00	75 73 65 20 66 72 61 6d 65 2c 20 77 61 73 20 64 65 66 69 6e 65 64 20 62 79 20 74 68 65 20 49 45	use.frame,.was.defined.by.the.IE
d3e20	45 45 20 38 30 32 2e 33 78 20 73 74 61 6e 64 61 72 64 2e 00 54 68 65 20 66 69 72 73 74 20 72 65	EE.802.3x.standard..The.first.re
d3e40	67 69 73 74 72 61 74 69 6f 6e 20 72 65 71 75 65 73 74 20 69 73 20 73 65 6e 74 20 74 6f 20 74 68	gistration.request.is.sent.to.th
d3e60	65 20 70 72 6f 74 6f 63 6f 6c 20 62 72 6f 61 64 63 61 73 74 20 61 64 64 72 65 73 73 2c 20 61 6e	e.protocol.broadcast.address,.an
d3e80	64 20 74 68 65 20 73 65 72 76 65 72 27 73 20 72 65 61 6c 20 70 72 6f 74 6f 63 6f 6c 20 61 64 64	d.the.server's.real.protocol.add
d3ea0	72 65 73 73 20 69 73 20 64 79 6e 61 6d 69 63 61 6c 6c 79 20 64 65 74 65 63 74 65 64 20 66 72 6f	ress.is.dynamically.detected.fro
d3ec0	6d 20 74 68 65 20 66 69 72 73 74 20 72 65 67 69 73 74 72 61 74 69 6f 6e 20 72 65 70 6c 79 2e 00	m.the.first.registration.reply..
d3ee0	54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 50 50 50 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20	The.following.PPP.configuration.
d3f00	74 65 73 74 73 20 4d 53 43 48 41 50 2d 76 32 3a 00 54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 63	tests.MSCHAP-v2:.The.following.c
d3f20	6f 6d 6d 61 6e 64 20 63 61 6e 20 62 65 20 75 73 65 64 20 74 6f 20 67 65 6e 65 72 61 74 65 20 74	ommand.can.be.used.to.generate.t
d3f40	68 65 20 4f 54 50 20 6b 65 79 20 61 73 20 77 65 6c 6c 20 61 73 20 74 68 65 20 43 4c 49 20 63 6f	he.OTP.key.as.well.as.the.CLI.co
d3f60	6d 6d 61 6e 64 73 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 74 68 65 6d 3a 00 54 68 65 20 66 6f	mmands.to.configure.them:.The.fo
d3f80	6c 6c 6f 77 69 6e 67 20 63 6f 6d 6d 61 6e 64 73 20 6c 65 74 20 79 6f 75 20 63 68 65 63 6b 20 74	llowing.commands.let.you.check.t
d3fa0	75 6e 6e 65 6c 20 73 74 61 74 75 73 2e 00 54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 63 6f 6d 6d	unnel.status..The.following.comm
d3fc0	61 6e 64 73 20 6c 65 74 20 79 6f 75 20 72 65 73 65 74 20 4f 70 65 6e 56 50 4e 2e 00 54 68 65 20	ands.let.you.reset.OpenVPN..The.
d3fe0	66 6f 6c 6c 6f 77 69 6e 67 20 63 6f 6d 6d 61 6e 64 73 20 74 72 61 6e 73 6c 61 74 65 20 74 6f 20	following.commands.translate.to.
d4000	22 2d 2d 6e 65 74 20 68 6f 73 74 22 20 77 68 65 6e 20 74 68 65 20 63 6f 6e 74 61 69 6e 65 72 20	"--net.host".when.the.container.
d4020	69 73 20 63 72 65 61 74 65 64 00 54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 63 6f 6d 6d 61 6e 64	is.created.The.following.command
d4040	73 20 77 6f 75 6c 64 20 62 65 20 72 65 71 75 69 72 65 64 20 74 6f 20 73 65 74 20 6f 70 74 69 6f	s.would.be.required.to.set.optio
d4060	6e 73 20 66 6f 72 20 61 20 67 69 76 65 6e 20 64 79 6e 61 6d 69 63 20 72 6f 75 74 69 6e 67 20 70	ns.for.a.given.dynamic.routing.p
d4080	72 6f 74 6f 63 6f 6c 20 69 6e 73 69 64 65 20 61 20 67 69 76 65 6e 20 76 72 66 3a 00 54 68 65 20	rotocol.inside.a.given.vrf:.The.
d40a0	66 6f 6c 6c 6f 77 69 6e 67 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 64 65 6d 6f 6e 73 74 72	following.configuration.demonstr
d40c0	61 74 65 73 20 68 6f 77 20 74 6f 20 75 73 65 20 56 79 4f 53 20 74 6f 20 61 63 68 69 65 76 65 20	ates.how.to.use.VyOS.to.achieve.
d40e0	6c 6f 61 64 20 62 61 6c 61 6e 63 69 6e 67 20 62 61 73 65 64 20 6f 6e 20 74 68 65 20 64 6f 6d 61	load.balancing.based.on.the.doma
d4100	69 6e 20 6e 61 6d 65 2e 00 54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 63 6f 6e 66 69 67 75 72 61	in.name..The.following.configura
d4120	74 69 6f 6e 20 65 78 70 6c 69 63 69 74 6c 79 20 6a 6f 69 6e 73 20 6d 75 6c 74 69 63 61 73 74 20	tion.explicitly.joins.multicast.
d4140	67 72 6f 75 70 20 60 66 66 31 35 3a 3a 31 32 33 34 60 20 6f 6e 20 69 6e 74 65 72 66 61 63 65 20	group.`ff15::1234`.on.interface.
d4160	60 65 74 68 31 60 20 61 6e 64 20 73 6f 75 72 63 65 2d 73 70 65 63 69 66 69 63 20 6d 75 6c 74 69	`eth1`.and.source-specific.multi
d4180	63 61 73 74 20 67 72 6f 75 70 20 60 66 66 31 35 3a 3a 35 36 37 38 60 20 77 69 74 68 20 73 6f 75	cast.group.`ff15::5678`.with.sou
d41a0	72 63 65 20 61 64 64 72 65 73 73 20 60 32 30 30 31 3a 64 62 38 3a 3a 31 60 20 6f 6e 20 69 6e 74	rce.address.`2001:db8::1`.on.int
d41c0	65 72 66 61 63 65 20 60 65 74 68 31 60 3a 00 54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 63 6f 6e	erface.`eth1`:.The.following.con
d41e0	66 69 67 75 72 61 74 69 6f 6e 20 6f 6e 20 56 79 4f 53 20 61 70 70 6c 69 65 73 20 74 6f 20 61 6c	figuration.on.VyOS.applies.to.al
d4200	6c 20 66 6f 6c 6c 6f 77 69 6e 67 20 33 72 64 20 70 61 72 74 79 20 76 65 6e 64 6f 72 73 2e 20 49	l.following.3rd.party.vendors..I
d4220	74 20 63 72 65 61 74 65 73 20 61 20 62 6f 6e 64 20 77 69 74 68 20 74 77 6f 20 6c 69 6e 6b 73 20	t.creates.a.bond.with.two.links.
d4240	61 6e 64 20 56 4c 41 4e 20 31 30 2c 20 31 30 30 20 6f 6e 20 74 68 65 20 62 6f 6e 64 65 64 20 69	and.VLAN.10,.100.on.the.bonded.i
d4260	6e 74 65 72 66 61 63 65 73 20 77 69 74 68 20 61 20 70 65 72 20 56 49 46 20 49 50 76 34 20 61 64	nterfaces.with.a.per.VIF.IPv4.ad
d4280	64 72 65 73 73 2e 00 54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 63 6f 6e 66 69 67 75 72 61 74 69	dress..The.following.configurati
d42a0	6f 6e 20 72 65 76 65 72 73 65 2d 70 72 6f 78 79 20 74 65 72 6d 69 6e 61 74 65 20 53 53 4c 2e 00	on.reverse-proxy.terminate.SSL..
d42c0	54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 77 69 6c 6c	The.following.configuration.will
d42e0	20 61 73 73 69 67 6e 20 61 20 2f 36 34 20 70 72 65 66 69 78 20 6f 75 74 20 6f 66 20 61 20 2f 35	.assign.a./64.prefix.out.of.a./5
d4300	36 20 64 65 6c 65 67 61 74 69 6f 6e 20 74 6f 20 65 74 68 30 2e 20 54 68 65 20 49 50 76 36 20 61	6.delegation.to.eth0..The.IPv6.a
d4320	64 64 72 65 73 73 20 61 73 73 69 67 6e 65 64 20 74 6f 20 65 74 68 30 20 77 69 6c 6c 20 62 65 20	ddress.assigned.to.eth0.will.be.
d4340	3c 70 72 65 66 69 78 3e 3a 3a 66 66 66 66 2f 36 34 2e 20 49 66 20 79 6f 75 20 64 6f 20 6e 6f 74	<prefix>::ffff/64..If.you.do.not
d4360	20 6b 6e 6f 77 20 74 68 65 20 70 72 65 66 69 78 20 73 69 7a 65 20 64 65 6c 65 67 61 74 65 64 20	.know.the.prefix.size.delegated.
d4380	74 6f 20 79 6f 75 2c 20 73 74 61 72 74 20 77 69 74 68 20 73 6c 61 2d 6c 65 6e 20 30 2e 00 54 68	to.you,.start.with.sla-len.0..Th
d43a0	65 20 66 6f 6c 6c 6f 77 69 6e 67 20 65 78 61 6d 70 6c 65 20 61 6c 6c 6f 77 73 20 56 79 4f 53 20	e.following.example.allows.VyOS.
d43c0	74 6f 20 75 73 65 20 3a 61 62 62 72 3a 60 50 42 52 20 28 50 6f 6c 69 63 79 2d 42 61 73 65 64 20	to.use.:abbr:`PBR.(Policy-Based.
d43e0	52 6f 75 74 69 6e 67 29 60 20 66 6f 72 20 74 72 61 66 66 69 63 2c 20 77 68 69 63 68 20 6f 72 69	Routing)`.for.traffic,.which.ori
d4400	67 69 6e 61 74 65 64 20 66 72 6f 6d 20 74 68 65 20 72 6f 75 74 65 72 20 69 74 73 65 6c 66 2e 20	ginated.from.the.router.itself..
d4420	54 68 61 74 20 73 6f 6c 75 74 69 6f 6e 20 66 6f 72 20 6d 75 6c 74 69 70 6c 65 20 49 53 50 27 73	That.solution.for.multiple.ISP's
d4440	20 61 6e 64 20 56 79 4f 53 20 72 6f 75 74 65 72 20 77 69 6c 6c 20 72 65 73 70 6f 6e 64 20 66 72	.and.VyOS.router.will.respond.fr
d4460	6f 6d 20 74 68 65 20 73 61 6d 65 20 69 6e 74 65 72 66 61 63 65 20 74 68 61 74 20 74 68 65 20 70	om.the.same.interface.that.the.p
d4480	61 63 6b 65 74 20 77 61 73 20 72 65 63 65 69 76 65 64 2e 20 41 6c 73 6f 2c 20 69 74 20 75 73 65	acket.was.received..Also,.it.use
d44a0	64 2c 20 69 66 20 77 65 20 77 61 6e 74 20 74 68 61 74 20 6f 6e 65 20 56 50 4e 20 74 75 6e 6e 65	d,.if.we.want.that.one.VPN.tunne
d44c0	6c 20 74 6f 20 62 65 20 74 68 72 6f 75 67 68 20 6f 6e 65 20 70 72 6f 76 69 64 65 72 2c 20 61 6e	l.to.be.through.one.provider,.an
d44e0	64 20 74 68 65 20 73 65 63 6f 6e 64 20 74 68 72 6f 75 67 68 20 61 6e 6f 74 68 65 72 2e 00 54 68	d.the.second.through.another..Th
d4500	65 20 66 6f 6c 6c 6f 77 69 6e 67 20 65 78 61 6d 70 6c 65 20 63 72 65 61 74 65 73 20 61 20 57 41	e.following.example.creates.a.WA
d4520	50 2e 20 57 68 65 6e 20 63 6f 6e 66 69 67 75 72 69 6e 67 20 6d 75 6c 74 69 70 6c 65 20 57 41 50	P..When.configuring.multiple.WAP
d4540	20 69 6e 74 65 72 66 61 63 65 73 2c 20 79 6f 75 20 6d 75 73 74 20 73 70 65 63 69 66 79 20 75 6e	.interfaces,.you.must.specify.un
d4560	69 71 75 65 20 49 50 20 61 64 64 72 65 73 73 65 73 2c 20 63 68 61 6e 6e 65 6c 73 2c 20 4e 65 74	ique.IP.addresses,.channels,.Net
d4580	77 6f 72 6b 20 49 44 73 20 63 6f 6d 6d 6f 6e 6c 79 20 72 65 66 65 72 72 65 64 20 74 6f 20 61 73	work.IDs.commonly.referred.to.as
d45a0	20 3a 61 62 62 72 3a 60 53 53 49 44 20 28 53 65 72 76 69 63 65 20 53 65 74 20 49 64 65 6e 74 69	.:abbr:`SSID.(Service.Set.Identi
d45c0	66 69 65 72 29 60 2c 20 61 6e 64 20 4d 41 43 20 61 64 64 72 65 73 73 65 73 2e 00 54 68 65 20 66	fier)`,.and.MAC.addresses..The.f
d45e0	6f 6c 6c 6f 77 69 6e 67 20 65 78 61 6d 70 6c 65 20 69 73 20 62 61 73 65 64 20 6f 6e 20 61 20 53	ollowing.example.is.based.on.a.S
d4600	69 65 72 72 61 20 57 69 72 65 6c 65 73 73 20 4d 43 37 37 31 30 20 6d 69 6e 69 50 43 49 65 20 63	ierra.Wireless.MC7710.miniPCIe.c
d4620	61 72 64 20 28 6f 6e 6c 79 20 74 68 65 20 66 6f 72 6d 20 66 61 63 74 6f 72 20 69 6e 20 72 65 61	ard.(only.the.form.factor.in.rea
d4640	6c 69 74 79 20 69 74 20 72 75 6e 73 20 55 42 53 29 20 61 6e 64 20 44 65 75 74 73 63 68 65 20 54	lity.it.runs.UBS).and.Deutsche.T
d4660	65 6c 65 6b 6f 6d 20 61 73 20 49 53 50 2e 20 54 68 65 20 63 61 72 64 20 69 73 20 61 73 73 65 6d	elekom.as.ISP..The.card.is.assem
d4680	62 6c 65 64 20 69 6e 74 6f 20 61 20 3a 72 65 66 3a 60 70 63 2d 65 6e 67 69 6e 65 73 2d 61 70 75	bled.into.a.:ref:`pc-engines-apu
d46a0	34 60 2e 00 54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 65 78 61 6d 70 6c 65 20 74 6f 70 6f 6c 6f	4`..The.following.example.topolo
d46c0	67 79 20 77 61 73 20 62 75 69 6c 74 20 75 73 69 6e 67 20 45 56 45 2d 4e 47 2e 00 54 68 65 20 66	gy.was.built.using.EVE-NG..The.f
d46e0	6f 6c 6c 6f 77 69 6e 67 20 65 78 61 6d 70 6c 65 20 77 69 6c 6c 20 73 68 6f 77 20 68 6f 77 20 56	ollowing.example.will.show.how.V
d4700	79 4f 53 20 63 61 6e 20 62 65 20 75 73 65 64 20 74 6f 20 72 65 64 69 72 65 63 74 20 77 65 62 20	yOS.can.be.used.to.redirect.web.
d4720	74 72 61 66 66 69 63 20 74 6f 20 61 6e 20 65 78 74 65 72 6e 61 6c 20 74 72 61 6e 73 70 61 72 65	traffic.to.an.external.transpare
d4740	6e 74 20 70 72 6f 78 79 3a 00 54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 68 61 72 64 77 61 72 65	nt.proxy:.The.following.hardware
d4760	20 6d 6f 64 75 6c 65 73 20 68 61 76 65 20 62 65 65 6e 20 74 65 73 74 65 64 20 73 75 63 63 65 73	.modules.have.been.tested.succes
d4780	73 66 75 6c 6c 79 20 69 6e 20 61 6e 20 3a 72 65 66 3a 60 70 63 2d 65 6e 67 69 6e 65 73 2d 61 70	sfully.in.an.:ref:`pc-engines-ap
d47a0	75 34 60 20 62 6f 61 72 64 3a 00 54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 69 73 20 74 68 65 20	u4`.board:.The.following.is.the.
d47c0	63 6f 6e 66 69 67 20 66 6f 72 20 74 68 65 20 69 50 68 6f 6e 65 20 70 65 65 72 20 61 62 6f 76 65	config.for.the.iPhone.peer.above
d47e0	2e 20 49 74 27 73 20 69 6d 70 6f 72 74 61 6e 74 20 74 6f 20 6e 6f 74 65 20 74 68 61 74 20 74 68	..It's.important.to.note.that.th
d4800	65 20 60 60 41 6c 6c 6f 77 65 64 49 50 73 60 60 20 77 69 6c 64 63 61 72 64 20 73 65 74 74 69 6e	e.``AllowedIPs``.wildcard.settin
d4820	67 20 64 69 72 65 63 74 73 20 61 6c 6c 20 49 50 76 34 20 61 6e 64 20 49 50 76 36 20 74 72 61 66	g.directs.all.IPv4.and.IPv6.traf
d4840	66 69 63 20 74 68 72 6f 75 67 68 20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 2e 00 54 68 65 20	fic.through.the.connection..The.
d4860	66 6f 6c 6c 6f 77 69 6e 67 20 70 72 6f 74 6f 63 6f 6c 73 20 63 61 6e 20 62 65 20 75 73 65 64 3a	following.protocols.can.be.used:
d4880	20 61 6e 79 2c 20 62 61 62 65 6c 2c 20 62 67 70 2c 20 63 6f 6e 6e 65 63 74 65 64 2c 20 65 69 67	.any,.babel,.bgp,.connected,.eig
d48a0	72 70 2c 20 69 73 69 73 2c 20 6b 65 72 6e 65 6c 2c 20 6f 73 70 66 2c 20 72 69 70 2c 20 73 74 61	rp,.isis,.kernel,.ospf,.rip,.sta
d48c0	74 69 63 2c 20 74 61 62 6c 65 00 54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 70 72 6f 74 6f 63 6f	tic,.table.The.following.protoco
d48e0	6c 73 20 63 61 6e 20 62 65 20 75 73 65 64 3a 20 61 6e 79 2c 20 62 61 62 65 6c 2c 20 62 67 70 2c	ls.can.be.used:.any,.babel,.bgp,
d4900	20 63 6f 6e 6e 65 63 74 65 64 2c 20 69 73 69 73 2c 20 6b 65 72 6e 65 6c 2c 20 6f 73 70 66 76 33	.connected,.isis,.kernel,.ospfv3
d4920	2c 20 72 69 70 6e 67 2c 20 73 74 61 74 69 63 2c 20 74 61 62 6c 65 00 54 68 65 20 66 6f 6c 6c 6f	,.ripng,.static,.table.The.follo
d4940	77 69 6e 67 20 73 74 72 75 63 74 75 72 65 20 72 65 73 70 72 65 73 65 6e 74 20 74 68 65 20 63 6c	wing.structure.respresent.the.cl
d4960	69 20 73 74 72 75 63 74 75 72 65 2e 00 54 68 65 20 66 6f 72 6d 75 6c 61 20 66 6f 72 20 75 6e 66	i.structure..The.formula.for.unf
d4980	72 61 67 6d 65 6e 74 65 64 20 54 43 50 20 61 6e 64 20 55 44 50 20 70 61 63 6b 65 74 73 20 69 73	ragmented.TCP.and.UDP.packets.is
d49a0	00 54 68 65 20 66 6f 72 77 61 72 64 69 6e 67 20 64 65 6c 61 79 20 74 69 6d 65 20 69 73 20 74 68	.The.forwarding.delay.time.is.th
d49c0	65 20 74 69 6d 65 20 73 70 65 6e 74 20 69 6e 20 65 61 63 68 20 6f 66 20 74 68 65 20 6c 69 73 74	e.time.spent.in.each.of.the.list
d49e0	65 6e 69 6e 67 20 61 6e 64 20 6c 65 61 72 6e 69 6e 67 20 73 74 61 74 65 73 20 62 65 66 6f 72 65	ening.and.learning.states.before
d4a00	20 74 68 65 20 46 6f 72 77 61 72 64 69 6e 67 20 73 74 61 74 65 20 69 73 20 65 6e 74 65 72 65 64	.the.Forwarding.state.is.entered
d4a20	2e 20 54 68 69 73 20 64 65 6c 61 79 20 69 73 20 73 6f 20 74 68 61 74 20 77 68 65 6e 20 61 20 6e	..This.delay.is.so.that.when.a.n
d4a40	65 77 20 62 72 69 64 67 65 20 63 6f 6d 65 73 20 6f 6e 74 6f 20 61 20 62 75 73 79 20 6e 65 74 77	ew.bridge.comes.onto.a.busy.netw
d4a60	6f 72 6b 20 69 74 20 6c 6f 6f 6b 73 20 61 74 20 73 6f 6d 65 20 74 72 61 66 66 69 63 20 62 65 66	ork.it.looks.at.some.traffic.bef
d4a80	6f 72 65 20 70 61 72 74 69 63 69 70 61 74 69 6e 67 2e 00 54 68 65 20 67 65 6e 65 72 61 74 65 64	ore.participating..The.generated
d4aa0	20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 77 69 6c 6c 20 6c 6f 6f 6b 20 6c 69 6b 65 3a 00 54	.configuration.will.look.like:.T
d4ac0	68 65 20 67 65 6e 65 72 61 74 65 64 20 70 61 72 61 6d 65 74 65 72 73 20 61 72 65 20 74 68 65 6e	he.generated.parameters.are.then
d4ae0	20 6f 75 74 70 75 74 20 74 6f 20 74 68 65 20 63 6f 6e 73 6f 6c 65 2e 00 54 68 65 20 67 65 6e 65	.output.to.the.console..The.gene
d4b00	72 69 63 20 6e 61 6d 65 20 6f 66 20 51 75 61 6c 69 74 79 20 6f 66 20 53 65 72 76 69 63 65 20 6f	ric.name.of.Quality.of.Service.o
d4b20	72 20 54 72 61 66 66 69 63 20 43 6f 6e 74 72 6f 6c 20 69 6e 76 6f 6c 76 65 73 20 74 68 69 6e 67	r.Traffic.Control.involves.thing
d4b40	73 20 6c 69 6b 65 20 73 68 61 70 69 6e 67 20 74 72 61 66 66 69 63 2c 20 73 63 68 65 64 75 6c 69	s.like.shaping.traffic,.scheduli
d4b60	6e 67 20 6f 72 20 64 72 6f 70 70 69 6e 67 20 70 61 63 6b 65 74 73 2c 20 77 68 69 63 68 20 61 72	ng.or.dropping.packets,.which.ar
d4b80	65 20 74 68 65 20 6b 69 6e 64 20 6f 66 20 74 68 69 6e 67 73 20 79 6f 75 20 6d 61 79 20 77 61 6e	e.the.kind.of.things.you.may.wan
d4ba0	74 20 74 6f 20 70 6c 61 79 20 77 69 74 68 20 77 68 65 6e 20 79 6f 75 20 68 61 76 65 2c 20 66 6f	t.to.play.with.when.you.have,.fo
d4bc0	72 20 69 6e 73 74 61 6e 63 65 2c 20 61 20 62 61 6e 64 77 69 64 74 68 20 62 6f 74 74 6c 65 6e 65	r.instance,.a.bandwidth.bottlene
d4be0	63 6b 20 69 6e 20 61 20 6c 69 6e 6b 20 61 6e 64 20 79 6f 75 20 77 61 6e 74 20 74 6f 20 73 6f 6d	ck.in.a.link.and.you.want.to.som
d4c00	65 68 6f 77 20 70 72 69 6f 72 69 74 69 7a 65 20 73 6f 6d 65 20 74 79 70 65 20 6f 66 20 74 72 61	ehow.prioritize.some.type.of.tra
d4c20	66 66 69 63 20 6f 76 65 72 20 61 6e 6f 74 68 65 72 2e 00 54 68 65 20 68 61 73 68 20 74 79 70 65	ffic.over.another..The.hash.type
d4c40	20 75 73 65 64 20 77 68 65 6e 20 64 69 73 63 6f 76 65 72 69 6e 67 20 66 69 6c 65 20 6f 6e 20 6d	.used.when.discovering.file.on.m
d4c60	61 73 74 65 72 20 73 65 72 76 65 72 20 28 64 65 66 61 75 6c 74 3a 20 73 68 61 32 35 36 29 00 54	aster.server.(default:.sha256).T
d4c80	68 65 20 68 65 61 6c 74 68 20 6f 66 20 69 6e 74 65 72 66 61 63 65 73 20 61 6e 64 20 70 61 74 68	he.health.of.interfaces.and.path
d4ca0	73 20 61 73 73 69 67 6e 65 64 20 74 6f 20 74 68 65 20 6c 6f 61 64 20 62 61 6c 61 6e 63 65 72 20	s.assigned.to.the.load.balancer.
d4cc0	69 73 20 70 65 72 69 6f 64 69 63 61 6c 6c 79 20 63 68 65 63 6b 65 64 20 62 79 20 73 65 6e 64 69	is.periodically.checked.by.sendi
d4ce0	6e 67 20 49 43 4d 50 20 70 61 63 6b 65 74 73 20 28 70 69 6e 67 29 20 74 6f 20 72 65 6d 6f 74 65	ng.ICMP.packets.(ping).to.remote
d4d00	20 64 65 73 74 69 6e 61 74 69 6f 6e 73 2c 20 61 20 54 54 4c 20 74 65 73 74 20 6f 72 20 74 68 65	.destinations,.a.TTL.test.or.the
d4d20	20 65 78 65 63 75 74 69 6f 6e 20 6f 66 20 61 20 75 73 65 72 20 64 65 66 69 6e 65 64 20 73 63 72	.execution.of.a.user.defined.scr
d4d40	69 70 74 2e 20 49 66 20 61 6e 20 69 6e 74 65 72 66 61 63 65 20 66 61 69 6c 73 20 74 68 65 20 68	ipt..If.an.interface.fails.the.h
d4d60	65 61 6c 74 68 20 63 68 65 63 6b 20 69 74 20 69 73 20 72 65 6d 6f 76 65 64 20 66 72 6f 6d 20 74	ealth.check.it.is.removed.from.t
d4d80	68 65 20 6c 6f 61 64 20 62 61 6c 61 6e 63 65 72 27 73 20 70 6f 6f 6c 20 6f 66 20 69 6e 74 65 72	he.load.balancer's.pool.of.inter
d4da0	66 61 63 65 73 2e 20 54 6f 20 65 6e 61 62 6c 65 20 68 65 61 6c 74 68 20 63 68 65 63 6b 69 6e 67	faces..To.enable.health.checking
d4dc0	20 66 6f 72 20 61 6e 20 69 6e 74 65 72 66 61 63 65 3a 00 54 68 65 20 68 65 6c 6c 6f 2d 6d 75 6c	.for.an.interface:.The.hello-mul
d4de0	74 69 70 6c 69 65 72 20 73 70 65 63 69 66 69 65 73 20 68 6f 77 20 6d 61 6e 79 20 48 65 6c 6c 6f	tiplier.specifies.how.many.Hello
d4e00	73 20 74 6f 20 73 65 6e 64 20 70 65 72 20 73 65 63 6f 6e 64 2c 20 66 72 6f 6d 20 31 20 28 65 76	s.to.send.per.second,.from.1.(ev
d4e20	65 72 79 20 73 65 63 6f 6e 64 29 20 74 6f 20 31 30 20 28 65 76 65 72 79 20 31 30 30 6d 73 29 2e	ery.second).to.10.(every.100ms).
d4e40	20 54 68 75 73 20 6f 6e 65 20 63 61 6e 20 68 61 76 65 20 31 73 20 63 6f 6e 76 65 72 67 65 6e 63	.Thus.one.can.have.1s.convergenc
d4e60	65 20 74 69 6d 65 20 66 6f 72 20 4f 53 50 46 2e 20 49 66 20 74 68 69 73 20 66 6f 72 6d 20 69 73	e.time.for.OSPF..If.this.form.is
d4e80	20 73 70 65 63 69 66 69 65 64 2c 20 74 68 65 6e 20 74 68 65 20 68 65 6c 6c 6f 2d 69 6e 74 65 72	.specified,.then.the.hello-inter
d4ea0	76 61 6c 20 61 64 76 65 72 74 69 73 65 64 20 69 6e 20 48 65 6c 6c 6f 20 70 61 63 6b 65 74 73 20	val.advertised.in.Hello.packets.
d4ec0	69 73 20 73 65 74 20 74 6f 20 30 20 61 6e 64 20 74 68 65 20 68 65 6c 6c 6f 2d 69 6e 74 65 72 76	is.set.to.0.and.the.hello-interv
d4ee0	61 6c 20 6f 6e 20 72 65 63 65 69 76 65 64 20 48 65 6c 6c 6f 20 70 61 63 6b 65 74 73 20 69 73 20	al.on.received.Hello.packets.is.
d4f00	6e 6f 74 20 63 68 65 63 6b 65 64 2c 20 74 68 75 73 20 74 68 65 20 68 65 6c 6c 6f 2d 6d 75 6c 74	not.checked,.thus.the.hello-mult
d4f20	69 70 6c 69 65 72 20 6e 65 65 64 20 4e 4f 54 20 62 65 20 74 68 65 20 73 61 6d 65 20 61 63 72 6f	iplier.need.NOT.be.the.same.acro
d4f40	73 73 20 6d 75 6c 74 69 70 6c 65 20 72 6f 75 74 65 72 73 20 6f 6e 20 61 20 63 6f 6d 6d 6f 6e 20	ss.multiple.routers.on.a.common.
d4f60	6c 69 6e 6b 2e 00 54 68 65 20 68 6f 73 74 6e 61 6d 65 20 63 61 6e 20 62 65 20 75 70 20 74 6f 20	link..The.hostname.can.be.up.to.
d4f80	36 33 20 63 68 61 72 61 63 74 65 72 73 2e 20 41 20 68 6f 73 74 6e 61 6d 65 20 6d 75 73 74 20 73	63.characters..A.hostname.must.s
d4fa0	74 61 72 74 20 61 6e 64 20 65 6e 64 20 77 69 74 68 20 61 20 6c 65 74 74 65 72 20 6f 72 20 64 69	tart.and.end.with.a.letter.or.di
d4fc0	67 69 74 2c 20 61 6e 64 20 68 61 76 65 20 61 73 20 69 6e 74 65 72 69 6f 72 20 63 68 61 72 61 63	git,.and.have.as.interior.charac
d4fe0	74 65 72 73 20 6f 6e 6c 79 20 6c 65 74 74 65 72 73 2c 20 64 69 67 69 74 73 2c 20 6f 72 20 61 20	ters.only.letters,.digits,.or.a.
d5000	68 79 70 68 65 6e 2e 00 54 68 65 20 68 6f 73 74 6e 61 6d 65 20 6f 72 20 49 50 20 61 64 64 72 65	hyphen..The.hostname.or.IP.addre
d5020	73 73 20 6f 66 20 74 68 65 20 6d 61 73 74 65 72 00 54 68 65 20 69 64 65 6e 74 69 66 69 65 72 20	ss.of.the.master.The.identifier.
d5040	69 73 20 74 68 65 20 64 65 76 69 63 65 27 73 20 44 55 49 44 3a 20 63 6f 6c 6f 6e 2d 73 65 70 61	is.the.device's.DUID:.colon-sepa
d5060	72 61 74 65 64 20 68 65 78 20 6c 69 73 74 20 28 61 73 20 75 73 65 64 20 62 79 20 69 73 63 2d 64	rated.hex.list.(as.used.by.isc-d
d5080	68 63 70 20 6f 70 74 69 6f 6e 20 64 68 63 70 76 36 2e 63 6c 69 65 6e 74 2d 69 64 29 2e 20 49 66	hcp.option.dhcpv6.client-id)..If
d50a0	20 74 68 65 20 64 65 76 69 63 65 20 61 6c 72 65 61 64 79 20 68 61 73 20 61 20 64 79 6e 61 6d 69	.the.device.already.has.a.dynami
d50c0	63 20 6c 65 61 73 65 20 66 72 6f 6d 20 74 68 65 20 44 48 43 50 76 36 20 73 65 72 76 65 72 2c 20	c.lease.from.the.DHCPv6.server,.
d50e0	69 74 73 20 44 55 49 44 20 63 61 6e 20 62 65 20 66 6f 75 6e 64 20 77 69 74 68 20 60 60 73 68 6f	its.DUID.can.be.found.with.``sho
d5100	77 20 73 65 72 76 69 63 65 20 64 68 63 70 76 36 20 73 65 72 76 65 72 20 6c 65 61 73 65 73 60 60	w.service.dhcpv6.server.leases``
d5120	2e 20 54 68 65 20 44 55 49 44 20 62 65 67 69 6e 73 20 61 74 20 74 68 65 20 35 74 68 20 6f 63 74	..The.DUID.begins.at.the.5th.oct
d5140	65 74 20 28 61 66 74 65 72 20 74 68 65 20 34 74 68 20 63 6f 6c 6f 6e 29 20 6f 66 20 49 41 49 44	et.(after.the.4th.colon).of.IAID
d5160	5f 44 55 49 44 2e 00 54 68 65 20 69 6e 64 69 76 69 64 75 61 6c 20 73 70 6f 6b 65 20 63 6f 6e 66	_DUID..The.individual.spoke.conf
d5180	69 67 75 72 61 74 69 6f 6e 73 20 6f 6e 6c 79 20 64 69 66 66 65 72 20 69 6e 20 74 68 65 20 6c 6f	igurations.only.differ.in.the.lo
d51a0	63 61 6c 20 49 50 20 61 64 64 72 65 73 73 20 6f 6e 20 74 68 65 20 60 60 74 75 6e 31 30 60 60 20	cal.IP.address.on.the.``tun10``.
d51c0	69 6e 74 65 72 66 61 63 65 2e 20 53 65 65 20 74 68 65 20 61 62 6f 76 65 20 64 69 61 67 72 61 6d	interface..See.the.above.diagram
d51e0	20 66 6f 72 20 74 68 65 20 69 6e 64 69 76 69 64 75 61 6c 20 49 50 20 61 64 64 72 65 73 73 65 73	.for.the.individual.IP.addresses
d5200	2e 00 54 68 65 20 69 6e 6e 65 72 20 74 61 67 20 69 73 20 74 68 65 20 74 61 67 20 77 68 69 63 68	..The.inner.tag.is.the.tag.which
d5220	20 69 73 20 63 6c 6f 73 65 73 74 20 74 6f 20 74 68 65 20 70 61 79 6c 6f 61 64 20 70 6f 72 74 69	.is.closest.to.the.payload.porti
d5240	6f 6e 20 6f 66 20 74 68 65 20 66 72 61 6d 65 2e 20 49 74 20 69 73 20 6f 66 66 69 63 69 61 6c 6c	on.of.the.frame..It.is.officiall
d5260	79 20 63 61 6c 6c 65 64 20 43 2d 54 41 47 20 28 63 75 73 74 6f 6d 65 72 20 74 61 67 2c 20 77 69	y.called.C-TAG.(customer.tag,.wi
d5280	74 68 20 65 74 68 65 72 74 79 70 65 20 30 78 38 31 30 30 29 2e 20 54 68 65 20 6f 75 74 65 72 20	th.ethertype.0x8100)..The.outer.
d52a0	74 61 67 20 69 73 20 74 68 65 20 6f 6e 65 20 63 6c 6f 73 65 72 2f 63 6c 6f 73 65 73 74 20 74 6f	tag.is.the.one.closer/closest.to
d52c0	20 74 68 65 20 45 74 68 65 72 6e 65 74 20 68 65 61 64 65 72 2c 20 69 74 73 20 6e 61 6d 65 20 69	.the.Ethernet.header,.its.name.i
d52e0	73 20 53 2d 54 41 47 20 28 73 65 72 76 69 63 65 20 74 61 67 20 77 69 74 68 20 45 74 68 65 72 6e	s.S-TAG.(service.tag.with.Ethern
d5300	65 74 20 54 79 70 65 20 3d 20 30 78 38 38 61 38 29 2e 00 54 68 65 20 69 6e 74 65 72 66 61 63 65	et.Type.=.0x88a8)..The.interface
d5320	20 74 72 61 66 66 69 63 20 77 69 6c 6c 20 62 65 20 63 6f 6d 69 6e 67 20 69 6e 20 6f 6e 3b 00 54	.traffic.will.be.coming.in.on;.T
d5340	68 65 20 69 6e 74 65 72 66 61 63 65 20 75 73 65 64 20 74 6f 20 72 65 63 65 69 76 65 20 61 6e 64	he.interface.used.to.receive.and
d5360	20 72 65 6c 61 79 20 69 6e 64 69 76 69 64 75 61 6c 20 62 72 6f 61 64 63 61 73 74 20 70 61 63 6b	.relay.individual.broadcast.pack
d5380	65 74 73 2e 20 49 66 20 79 6f 75 20 77 61 6e 74 20 74 6f 20 72 65 63 65 69 76 65 2f 72 65 6c 61	ets..If.you.want.to.receive/rela
d53a0	79 20 70 61 63 6b 65 74 73 20 6f 6e 20 62 6f 74 68 20 60 65 74 68 31 60 20 61 6e 64 20 60 65 74	y.packets.on.both.`eth1`.and.`et
d53c0	68 32 60 20 62 6f 74 68 20 69 6e 74 65 72 66 61 63 65 73 20 6e 65 65 64 20 74 6f 20 62 65 20 61	h2`.both.interfaces.need.to.be.a
d53e0	64 64 65 64 2e 00 54 68 65 20 69 6e 74 65 72 6e 61 6c 20 49 50 20 61 64 64 72 65 73 73 65 73 20	dded..The.internal.IP.addresses.
d5400	77 65 20 77 61 6e 74 20 74 6f 20 74 72 61 6e 73 6c 61 74 65 00 54 68 65 20 69 6e 76 65 72 73 65	we.want.to.translate.The.inverse
d5420	20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 68 61 73 20 74 6f 20 62 65 20 61 70 70 6c 69 65 64	.configuration.has.to.be.applied
d5440	20 74 6f 20 74 68 65 20 72 65 6d 6f 74 65 20 73 69 64 65 2e 00 54 68 65 20 6c 61 72 67 65 73 74	.to.the.remote.side..The.largest
d5460	20 4d 54 55 20 73 69 7a 65 20 79 6f 75 20 63 61 6e 20 75 73 65 20 77 69 74 68 20 44 53 4c 20 69	.MTU.size.you.can.use.with.DSL.i
d5480	73 20 31 34 39 32 20 64 75 65 20 74 6f 20 50 50 50 6f 45 20 6f 76 65 72 68 65 61 64 2e 20 49 66	s.1492.due.to.PPPoE.overhead..If
d54a0	20 79 6f 75 20 61 72 65 20 73 77 69 74 63 68 69 6e 67 20 66 72 6f 6d 20 61 20 44 48 43 50 20 62	.you.are.switching.from.a.DHCP.b
d54c0	61 73 65 64 20 49 53 50 20 6c 69 6b 65 20 63 61 62 6c 65 20 74 68 65 6e 20 62 65 20 61 77 61 72	ased.ISP.like.cable.then.be.awar
d54e0	65 20 74 68 61 74 20 74 68 69 6e 67 73 20 6c 69 6b 65 20 56 50 4e 20 6c 69 6e 6b 73 20 6d 61 79	e.that.things.like.VPN.links.may
d5500	20 6e 65 65 64 20 74 6f 20 68 61 76 65 20 74 68 65 69 72 20 4d 54 55 20 73 69 7a 65 73 20 61 64	.need.to.have.their.MTU.sizes.ad
d5520	6a 75 73 74 65 64 20 74 6f 20 77 6f 72 6b 20 77 69 74 68 69 6e 20 74 68 69 73 20 6c 69 6d 69 74	justed.to.work.within.this.limit
d5540	2e 00 54 68 65 20 6c 61 73 74 20 73 74 65 70 20 69 73 20 74 6f 20 64 65 66 69 6e 65 20 61 6e 20	..The.last.step.is.to.define.an.
d5560	69 6e 74 65 72 66 61 63 65 20 72 6f 75 74 65 20 66 6f 72 20 31 39 32 2e 31 36 38 2e 32 2e 30 2f	interface.route.for.192.168.2.0/
d5580	32 34 20 74 6f 20 67 65 74 20 74 68 72 6f 75 67 68 20 74 68 65 20 57 69 72 65 47 75 61 72 64 20	24.to.get.through.the.WireGuard.
d55a0	69 6e 74 65 72 66 61 63 65 20 60 77 67 30 31 60 2e 20 4d 75 6c 74 69 70 6c 65 20 49 50 73 20 6f	interface.`wg01`..Multiple.IPs.o
d55c0	72 20 6e 65 74 77 6f 72 6b 73 20 63 61 6e 20 62 65 20 64 65 66 69 6e 65 64 20 61 6e 64 20 72 6f	r.networks.can.be.defined.and.ro
d55e0	75 74 65 64 2e 20 54 68 65 20 6c 61 73 74 20 63 68 65 63 6b 20 69 73 20 61 6c 6c 6f 77 65 64 2d	uted..The.last.check.is.allowed-
d5600	69 70 73 20 77 68 69 63 68 20 65 69 74 68 65 72 20 70 72 65 76 65 6e 74 73 20 6f 72 20 61 6c 6c	ips.which.either.prevents.or.all
d5620	6f 77 73 20 74 68 65 20 74 72 61 66 66 69 63 2e 00 54 68 65 20 6c 69 6d 69 74 65 72 20 70 65 72	ows.the.traffic..The.limiter.per
d5640	66 6f 72 6d 73 20 62 61 73 69 63 20 69 6e 67 72 65 73 73 20 70 6f 6c 69 63 69 6e 67 20 6f 66 20	forms.basic.ingress.policing.of.
d5660	74 72 61 66 66 69 63 20 66 6c 6f 77 73 2e 20 4d 75 6c 74 69 70 6c 65 20 63 6c 61 73 73 65 73 20	traffic.flows..Multiple.classes.
d5680	6f 66 20 74 72 61 66 66 69 63 20 63 61 6e 20 62 65 20 64 65 66 69 6e 65 64 20 61 6e 64 20 74 72	of.traffic.can.be.defined.and.tr
d56a0	61 66 66 69 63 20 6c 69 6d 69 74 73 20 63 61 6e 20 62 65 20 61 70 70 6c 69 65 64 20 74 6f 20 65	affic.limits.can.be.applied.to.e
d56c0	61 63 68 20 63 6c 61 73 73 2e 20 41 6c 74 68 6f 75 67 68 20 74 68 65 20 70 6f 6c 69 63 65 72 20	ach.class..Although.the.policer.
d56e0	75 73 65 73 20 61 20 74 6f 6b 65 6e 20 62 75 63 6b 65 74 20 6d 65 63 68 61 6e 69 73 6d 20 69 6e	uses.a.token.bucket.mechanism.in
d5700	74 65 72 6e 61 6c 6c 79 2c 20 69 74 20 64 6f 65 73 20 6e 6f 74 20 68 61 76 65 20 74 68 65 20 63	ternally,.it.does.not.have.the.c
d5720	61 70 61 62 69 6c 69 74 79 20 74 6f 20 64 65 6c 61 79 20 61 20 70 61 63 6b 65 74 20 61 73 20 61	apability.to.delay.a.packet.as.a
d5740	20 73 68 61 70 69 6e 67 20 6d 65 63 68 61 6e 69 73 6d 20 64 6f 65 73 2e 20 54 72 61 66 66 69 63	.shaping.mechanism.does..Traffic
d5760	20 65 78 63 65 65 64 69 6e 67 20 74 68 65 20 64 65 66 69 6e 65 64 20 62 61 6e 64 77 69 64 74 68	.exceeding.the.defined.bandwidth
d5780	20 6c 69 6d 69 74 73 20 69 73 20 64 69 72 65 63 74 6c 79 20 64 72 6f 70 70 65 64 2e 20 41 20 6d	.limits.is.directly.dropped..A.m
d57a0	61 78 69 6d 75 6d 20 61 6c 6c 6f 77 65 64 20 62 75 72 73 74 20 63 61 6e 20 62 65 20 63 6f 6e 66	aximum.allowed.burst.can.be.conf
d57c0	69 67 75 72 65 64 20 74 6f 6f 2e 00 54 68 65 20 6c 69 6e 6b 20 62 61 6e 64 77 69 64 74 68 20 65	igured.too..The.link.bandwidth.e
d57e0	78 74 65 6e 64 65 64 20 63 6f 6d 6d 75 6e 69 74 79 20 69 73 20 65 6e 63 6f 64 65 64 20 61 73 20	xtended.community.is.encoded.as.
d5800	6e 6f 6e 2d 74 72 61 6e 73 69 74 69 76 65 00 54 68 65 20 6c 6f 63 61 6c 20 49 50 76 34 20 6f 72	non-transitive.The.local.IPv4.or
d5820	20 49 50 76 36 20 61 64 64 72 65 73 73 65 73 20 74 6f 20 62 69 6e 64 20 74 68 65 20 44 4e 53 20	.IPv6.addresses.to.bind.the.DNS.
d5840	66 6f 72 77 61 72 64 65 72 20 74 6f 2e 20 54 68 65 20 66 6f 72 77 61 72 64 65 72 20 77 69 6c 6c	forwarder.to..The.forwarder.will
d5860	20 6c 69 73 74 65 6e 20 6f 6e 20 74 68 69 73 20 61 64 64 72 65 73 73 20 66 6f 72 20 69 6e 63 6f	.listen.on.this.address.for.inco
d5880	6d 69 6e 67 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 2e 00 54 68 65 20 6c 6f 63 61 6c 20 49 50 76 34	ming.connections..The.local.IPv4
d58a0	20 6f 72 20 49 50 76 36 20 61 64 64 72 65 73 73 65 73 20 74 6f 20 75 73 65 20 61 73 20 61 20 73	.or.IPv6.addresses.to.use.as.a.s
d58c0	6f 75 72 63 65 20 61 64 64 72 65 73 73 20 66 6f 72 20 73 65 6e 64 69 6e 67 20 71 75 65 72 69 65	ource.address.for.sending.querie
d58e0	73 2e 20 54 68 65 20 66 6f 72 77 61 72 64 65 72 20 77 69 6c 6c 20 73 65 6e 64 20 66 6f 72 77 61	s..The.forwarder.will.send.forwa
d5900	72 64 65 64 20 6f 75 74 62 6f 75 6e 64 20 44 4e 53 20 72 65 71 75 65 73 74 73 20 66 72 6f 6d 20	rded.outbound.DNS.requests.from.
d5920	74 68 69 73 20 61 64 64 72 65 73 73 2e 00 54 68 65 20 6c 6f 63 61 6c 20 73 69 74 65 20 77 69 6c	this.address..The.local.site.wil
d5940	6c 20 68 61 76 65 20 61 20 73 75 62 6e 65 74 20 6f 66 20 31 30 2e 30 2e 30 2e 30 2f 31 36 2e 00	l.have.a.subnet.of.10.0.0.0/16..
d5960	54 68 65 20 6c 6f 6f 70 62 61 63 6b 20 6e 65 74 77 6f 72 6b 69 6e 67 20 69 6e 74 65 72 66 61 63	The.loopback.networking.interfac
d5980	65 20 69 73 20 61 20 76 69 72 74 75 61 6c 20 6e 65 74 77 6f 72 6b 20 64 65 76 69 63 65 20 69 6d	e.is.a.virtual.network.device.im
d59a0	70 6c 65 6d 65 6e 74 65 64 20 65 6e 74 69 72 65 6c 79 20 69 6e 20 73 6f 66 74 77 61 72 65 2e 20	plemented.entirely.in.software..
d59c0	41 6c 6c 20 74 72 61 66 66 69 63 20 73 65 6e 74 20 74 6f 20 69 74 20 22 6c 6f 6f 70 73 20 62 61	All.traffic.sent.to.it."loops.ba
d59e0	63 6b 22 20 61 6e 64 20 6a 75 73 74 20 74 61 72 67 65 74 73 20 73 65 72 76 69 63 65 73 20 6f 6e	ck".and.just.targets.services.on
d5a00	20 79 6f 75 72 20 6c 6f 63 61 6c 20 6d 61 63 68 69 6e 65 2e 00 54 68 65 20 6d 61 78 69 6d 75 6d	.your.local.machine..The.maximum
d5a20	20 6e 75 6d 62 65 72 20 6f 66 20 74 61 72 67 65 74 73 20 74 68 61 74 20 63 61 6e 20 62 65 20 73	.number.of.targets.that.can.be.s
d5a40	70 65 63 69 66 69 65 64 20 69 73 20 31 36 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 76 61 6c 75	pecified.is.16..The.default.valu
d5a60	65 20 69 73 20 6e 6f 20 49 50 20 61 64 64 72 65 73 73 2e 00 54 68 65 20 6d 65 61 6e 69 6e 67 20	e.is.no.IP.address..The.meaning.
d5a80	6f 66 20 74 68 65 20 43 6c 61 73 73 20 49 44 20 69 73 20 6e 6f 74 20 74 68 65 20 73 61 6d 65 20	of.the.Class.ID.is.not.the.same.
d5aa0	66 6f 72 20 65 76 65 72 79 20 74 79 70 65 20 6f 66 20 70 6f 6c 69 63 79 2e 20 4e 6f 72 6d 61 6c	for.every.type.of.policy..Normal
d5ac0	6c 79 20 70 6f 6c 69 63 69 65 73 20 6a 75 73 74 20 6e 65 65 64 20 61 20 6d 65 61 6e 69 6e 67 6c	ly.policies.just.need.a.meaningl
d5ae0	65 73 73 20 6e 75 6d 62 65 72 20 74 6f 20 69 64 65 6e 74 69 66 79 20 61 20 63 6c 61 73 73 20 28	ess.number.to.identify.a.class.(
d5b00	43 6c 61 73 73 20 49 44 29 2c 20 62 75 74 20 74 68 61 74 20 64 6f 65 73 20 6e 6f 74 20 61 70 70	Class.ID),.but.that.does.not.app
d5b20	6c 79 20 74 6f 20 65 76 65 72 79 20 70 6f 6c 69 63 79 2e 20 54 68 65 20 6e 75 6d 62 65 72 20 6f	ly.to.every.policy..The.number.o
d5b40	66 20 61 20 63 6c 61 73 73 20 69 6e 20 61 20 50 72 69 6f 72 69 74 79 20 51 75 65 75 65 20 69 74	f.a.class.in.a.Priority.Queue.it
d5b60	20 64 6f 65 73 20 6e 6f 74 20 6f 6e 6c 79 20 69 64 65 6e 74 69 66 79 20 69 74 2c 20 69 74 20 61	.does.not.only.identify.it,.it.a
d5b80	6c 73 6f 20 64 65 66 69 6e 65 73 20 69 74 73 20 70 72 69 6f 72 69 74 79 2e 00 54 68 65 20 6d 65	lso.defines.its.priority..The.me
d5ba0	6d 62 65 72 20 69 6e 74 65 72 66 61 63 65 20 60 65 74 68 31 60 20 69 73 20 61 20 74 72 75 6e 6b	mber.interface.`eth1`.is.a.trunk
d5bc0	20 74 68 61 74 20 61 6c 6c 6f 77 73 20 56 4c 41 4e 20 31 30 20 74 6f 20 70 61 73 73 00 54 68 65	.that.allows.VLAN.10.to.pass.The
d5be0	20 6d 65 74 72 69 63 20 72 61 6e 67 65 20 69 73 20 31 20 74 6f 20 31 36 37 37 37 32 31 35 20 28	.metric.range.is.1.to.16777215.(
d5c00	4d 61 78 20 76 61 6c 75 65 20 64 65 70 65 6e 64 20 69 66 20 6d 65 74 72 69 63 20 73 75 70 70 6f	Max.value.depend.if.metric.suppo
d5c20	72 74 20 6e 61 72 72 6f 77 20 6f 72 20 77 69 64 65 20 76 61 6c 75 65 29 2e 00 54 68 65 20 6d 69	rt.narrow.or.wide.value)..The.mi
d5c40	6e 69 6d 61 6c 20 65 63 68 6f 20 72 65 63 65 69 76 65 20 74 72 61 6e 73 6d 69 73 73 69 6f 6e 20	nimal.echo.receive.transmission.
d5c60	69 6e 74 65 72 76 61 6c 20 74 68 61 74 20 74 68 69 73 20 73 79 73 74 65 6d 20 69 73 20 63 61 70	interval.that.this.system.is.cap
d5c80	61 62 6c 65 20 6f 66 20 68 61 6e 64 6c 69 6e 67 00 54 68 65 20 6d 6f 73 74 20 76 69 73 69 62 6c	able.of.handling.The.most.visibl
d5ca0	65 20 61 70 70 6c 69 63 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 70 72 6f 74 6f 63 6f 6c 20 69 73	e.application.of.the.protocol.is
d5cc0	20 66 6f 72 20 61 63 63 65 73 73 20 74 6f 20 73 68 65 6c 6c 20 61 63 63 6f 75 6e 74 73 20 6f 6e	.for.access.to.shell.accounts.on
d5ce0	20 55 6e 69 78 2d 6c 69 6b 65 20 6f 70 65 72 61 74 69 6e 67 20 73 79 73 74 65 6d 73 2c 20 62 75	.Unix-like.operating.systems,.bu
d5d00	74 20 69 74 20 73 65 65 73 20 73 6f 6d 65 20 6c 69 6d 69 74 65 64 20 75 73 65 20 6f 6e 20 57 69	t.it.sees.some.limited.use.on.Wi
d5d20	6e 64 6f 77 73 20 61 73 20 77 65 6c 6c 2e 20 49 6e 20 32 30 31 35 2c 20 4d 69 63 72 6f 73 6f 66	ndows.as.well..In.2015,.Microsof
d5d40	74 20 61 6e 6e 6f 75 6e 63 65 64 20 74 68 61 74 20 74 68 65 79 20 77 6f 75 6c 64 20 69 6e 63 6c	t.announced.that.they.would.incl
d5d60	75 64 65 20 6e 61 74 69 76 65 20 73 75 70 70 6f 72 74 20 66 6f 72 20 53 53 48 20 69 6e 20 61 20	ude.native.support.for.SSH.in.a.
d5d80	66 75 74 75 72 65 20 72 65 6c 65 61 73 65 2e 00 54 68 65 20 6d 75 6c 74 69 63 61 73 74 2d 67 72	future.release..The.multicast-gr
d5da0	6f 75 70 20 75 73 65 64 20 62 79 20 61 6c 6c 20 6c 65 61 76 65 73 20 66 6f 72 20 74 68 69 73 20	oup.used.by.all.leaves.for.this.
d5dc0	76 6c 61 6e 20 65 78 74 65 6e 73 69 6f 6e 2e 20 48 61 73 20 74 6f 20 62 65 20 74 68 65 20 73 61	vlan.extension..Has.to.be.the.sa
d5de0	6d 65 20 6f 6e 20 61 6c 6c 20 6c 65 61 76 65 73 20 74 68 61 74 20 68 61 73 20 74 68 69 73 20 69	me.on.all.leaves.that.has.this.i
d5e00	6e 74 65 72 66 61 63 65 2e 00 54 68 65 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 73 65 72 76 69 63	nterface..The.name.of.the.servic
d5e20	65 20 63 61 6e 20 62 65 20 64 69 66 66 65 72 65 6e 74 2c 20 69 6e 20 74 68 69 73 20 65 78 61 6d	e.can.be.different,.in.this.exam
d5e40	70 6c 65 20 69 74 20 69 73 20 6f 6e 6c 79 20 66 6f 72 20 63 6f 6e 76 65 6e 69 65 6e 63 65 2e 00	ple.it.is.only.for.convenience..
d5e60	54 68 65 20 6e 65 74 77 6f 72 6b 20 74 6f 70 6f 6c 6f 67 79 20 69 73 20 64 65 63 6c 61 72 65 64	The.network.topology.is.declared
d5e80	20 62 79 20 73 68 61 72 65 64 2d 6e 65 74 77 6f 72 6b 2d 6e 61 6d 65 20 61 6e 64 20 74 68 65 20	.by.shared-network-name.and.the.
d5ea0	73 75 62 6e 65 74 20 64 65 63 6c 61 72 61 74 69 6f 6e 73 2e 20 54 68 65 20 44 48 43 50 20 73 65	subnet.declarations..The.DHCP.se
d5ec0	72 76 69 63 65 20 63 61 6e 20 73 65 72 76 65 20 6d 75 6c 74 69 70 6c 65 20 73 68 61 72 65 64 20	rvice.can.serve.multiple.shared.
d5ee0	6e 65 74 77 6f 72 6b 73 2c 20 77 69 74 68 20 65 61 63 68 20 73 68 61 72 65 64 20 6e 65 74 77 6f	networks,.with.each.shared.netwo
d5f00	72 6b 20 68 61 76 69 6e 67 20 31 20 6f 72 20 6d 6f 72 65 20 73 75 62 6e 65 74 73 2e 20 45 61 63	rk.having.1.or.more.subnets..Eac
d5f20	68 20 73 75 62 6e 65 74 20 6d 75 73 74 20 62 65 20 70 72 65 73 65 6e 74 20 6f 6e 20 61 6e 20 69	h.subnet.must.be.present.on.an.i
d5f40	6e 74 65 72 66 61 63 65 2e 20 41 20 72 61 6e 67 65 20 63 61 6e 20 62 65 20 64 65 63 6c 61 72 65	nterface..A.range.can.be.declare
d5f60	64 20 69 6e 73 69 64 65 20 61 20 73 75 62 6e 65 74 20 74 6f 20 64 65 66 69 6e 65 20 61 20 70 6f	d.inside.a.subnet.to.define.a.po
d5f80	6f 6c 20 6f 66 20 64 79 6e 61 6d 69 63 20 61 64 64 72 65 73 73 65 73 2e 20 4d 75 6c 74 69 70 6c	ol.of.dynamic.addresses..Multipl
d5fa0	65 20 72 61 6e 67 65 73 20 63 61 6e 20 62 65 20 64 65 66 69 6e 65 64 20 61 6e 64 20 63 61 6e 20	e.ranges.can.be.defined.and.can.
d5fc0	63 6f 6e 74 61 69 6e 20 68 6f 6c 65 73 2e 20 53 74 61 74 69 63 20 6d 61 70 70 69 6e 67 73 20 63	contain.holes..Static.mappings.c
d5fe0	61 6e 20 62 65 20 73 65 74 20 74 6f 20 61 73 73 69 67 6e 20 22 73 74 61 74 69 63 22 20 61 64 64	an.be.set.to.assign."static".add
d6000	72 65 73 73 65 73 20 74 6f 20 63 6c 69 65 6e 74 73 20 62 61 73 65 64 20 6f 6e 20 74 68 65 69 72	resses.to.clients.based.on.their
d6020	20 4d 41 43 20 61 64 64 72 65 73 73 2e 00 54 68 65 20 6e 65 78 74 20 65 78 61 6d 70 6c 65 20 69	.MAC.address..The.next.example.i
d6040	73 20 61 20 73 69 6d 70 6c 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 66 20 63 6f 6e 6e	s.a.simple.configuration.of.conn
d6060	74 72 61 63 6b 2d 73 79 6e 63 2e 00 54 68 65 20 6e 65 78 74 20 73 74 65 70 20 69 73 20 74 6f 20	track-sync..The.next.step.is.to.
d6080	63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 6c 6f 63 61 6c 20 73 69 64 65 20 61 73 20 77 65 6c	configure.your.local.side.as.wel
d60a0	6c 20 61 73 20 74 68 65 20 70 6f 6c 69 63 79 20 62 61 73 65 64 20 74 72 75 73 74 65 64 20 64 65	l.as.the.policy.based.trusted.de
d60c0	73 74 69 6e 61 74 69 6f 6e 20 61 64 64 72 65 73 73 65 73 2e 20 49 66 20 79 6f 75 20 6f 6e 6c 79	stination.addresses..If.you.only
d60e0	20 69 6e 69 74 69 61 74 65 20 61 20 63 6f 6e 6e 65 63 74 69 6f 6e 2c 20 74 68 65 20 6c 69 73 74	.initiate.a.connection,.the.list
d6100	65 6e 20 70 6f 72 74 20 61 6e 64 20 61 64 64 72 65 73 73 2f 70 6f 72 74 20 69 73 20 6f 70 74 69	en.port.and.address/port.is.opti
d6120	6f 6e 61 6c 3b 20 68 6f 77 65 76 65 72 2c 20 69 66 20 79 6f 75 20 61 63 74 20 6c 69 6b 65 20 61	onal;.however,.if.you.act.like.a
d6140	20 73 65 72 76 65 72 20 61 6e 64 20 65 6e 64 70 6f 69 6e 74 73 20 69 6e 69 74 69 61 74 65 20 74	.server.and.endpoints.initiate.t
d6160	68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 74 6f 20 79 6f 75 72 20 73 79 73 74 65 6d 2c 20 79	he.connections.to.your.system,.y
d6180	6f 75 20 6e 65 65 64 20 74 6f 20 64 65 66 69 6e 65 20 61 20 70 6f 72 74 20 79 6f 75 72 20 63 6c	ou.need.to.define.a.port.your.cl
d61a0	69 65 6e 74 73 20 63 61 6e 20 63 6f 6e 6e 65 63 74 20 74 6f 2c 20 6f 74 68 65 72 77 69 73 65 20	ients.can.connect.to,.otherwise.
d61c0	74 68 65 20 70 6f 72 74 20 69 73 20 72 61 6e 64 6f 6d 6c 79 20 63 68 6f 73 65 6e 20 61 6e 64 20	the.port.is.randomly.chosen.and.
d61e0	6d 61 79 20 6d 61 6b 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 64 69 66 66 69 63 75 6c 74 20 77 69	may.make.connection.difficult.wi
d6200	74 68 20 66 69 72 65 77 61 6c 6c 20 72 75 6c 65 73 2c 20 73 69 6e 63 65 20 74 68 65 20 70 6f 72	th.firewall.rules,.since.the.por
d6220	74 20 6d 61 79 20 62 65 20 64 69 66 66 65 72 65 6e 74 20 65 61 63 68 20 74 69 6d 65 20 74 68 65	t.may.be.different.each.time.the
d6240	20 73 79 73 74 65 6d 20 69 73 20 72 65 62 6f 6f 74 65 64 2e 00 54 68 65 20 6e 6f 74 65 64 20 70	.system.is.rebooted..The.noted.p
d6260	75 62 6c 69 63 20 6b 65 79 73 20 73 68 6f 75 6c 64 20 62 65 20 65 6e 74 65 72 65 64 20 6f 6e 20	ublic.keys.should.be.entered.on.
d6280	74 68 65 20 6f 70 70 6f 73 69 74 65 20 72 6f 75 74 65 72 73 2e 00 54 68 65 20 6e 75 6d 62 65 72	the.opposite.routers..The.number
d62a0	20 6f 66 20 6d 69 6c 6c 69 73 65 63 6f 6e 64 73 20 74 6f 20 77 61 69 74 20 66 6f 72 20 61 20 72	.of.milliseconds.to.wait.for.a.r
d62c0	65 6d 6f 74 65 20 61 75 74 68 6f 72 69 74 61 74 69 76 65 20 73 65 72 76 65 72 20 74 6f 20 72 65	emote.authoritative.server.to.re
d62e0	73 70 6f 6e 64 20 62 65 66 6f 72 65 20 74 69 6d 69 6e 67 20 6f 75 74 20 61 6e 64 20 72 65 73 70	spond.before.timing.out.and.resp
d6300	6f 6e 64 69 6e 67 20 77 69 74 68 20 53 45 52 56 46 41 49 4c 2e 00 54 68 65 20 6e 75 6d 62 65 72	onding.with.SERVFAIL..The.number
d6320	20 70 61 72 61 6d 65 74 65 72 20 28 31 2d 31 30 29 20 63 6f 6e 66 69 67 75 72 65 73 20 74 68 65	.parameter.(1-10).configures.the
d6340	20 61 6d 6f 75 6e 74 20 6f 66 20 61 63 63 65 70 74 65 64 20 6f 63 63 75 72 65 6e 63 65 73 20 6f	.amount.of.accepted.occurences.o
d6360	66 20 74 68 65 20 73 79 73 74 65 6d 20 41 53 20 6e 75 6d 62 65 72 20 69 6e 20 41 53 20 70 61 74	f.the.system.AS.number.in.AS.pat
d6380	68 2e 00 54 68 65 20 6f 66 66 69 63 69 61 6c 20 70 6f 72 74 20 66 6f 72 20 4f 70 65 6e 56 50 4e	h..The.official.port.for.OpenVPN
d63a0	20 69 73 20 31 31 39 34 2c 20 77 68 69 63 68 20 77 65 20 72 65 73 65 72 76 65 20 66 6f 72 20 63	.is.1194,.which.we.reserve.for.c
d63c0	6c 69 65 6e 74 20 56 50 4e 3b 20 77 65 20 77 69 6c 6c 20 75 73 65 20 31 31 39 35 20 66 6f 72 20	lient.VPN;.we.will.use.1195.for.
d63e0	73 69 74 65 2d 74 6f 2d 73 69 74 65 20 56 50 4e 2e 00 54 68 65 20 6f 70 74 69 6f 6e 61 6c 20 60	site-to-site.VPN..The.optional.`
d6400	64 69 73 61 62 6c 65 60 20 6f 70 74 69 6f 6e 20 61 6c 6c 6f 77 73 20 74 6f 20 65 78 63 6c 75 64	disable`.option.allows.to.exclud
d6420	65 20 69 6e 74 65 72 66 61 63 65 20 66 72 6f 6d 20 70 61 73 73 69 76 65 20 73 74 61 74 65 2e 20	e.interface.from.passive.state..
d6440	54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 69 73 20 75 73 65 64 20 69 66 20 74 68 65 20 63 6f 6d 6d	This.command.is.used.if.the.comm
d6460	61 6e 64 20 3a 63 66 67 63 6d 64 3a 60 70 61 73 73 69 76 65 2d 69 6e 74 65 72 66 61 63 65 20 64	and.:cfgcmd:`passive-interface.d
d6480	65 66 61 75 6c 74 60 20 77 61 73 20 63 6f 6e 66 69 67 75 72 65 64 2e 00 54 68 65 20 6f 70 74 69	efault`.was.configured..The.opti
d64a0	6f 6e 61 6c 20 70 61 72 61 6d 65 74 65 72 20 72 65 67 69 73 74 65 72 20 73 70 65 63 69 66 69 65	onal.parameter.register.specifie
d64c0	73 20 74 68 61 74 20 52 65 67 69 73 74 72 61 74 69 6f 6e 20 52 65 71 75 65 73 74 20 73 68 6f 75	s.that.Registration.Request.shou
d64e0	6c 64 20 62 65 20 73 65 6e 74 20 74 6f 20 74 68 69 73 20 70 65 65 72 20 6f 6e 20 73 74 61 72 74	ld.be.sent.to.this.peer.on.start
d6500	75 70 2e 00 54 68 65 20 6f 72 69 67 69 6e 61 6c 20 38 30 32 2e 31 71 5f 20 73 70 65 63 69 66 69	up..The.original.802.1q_.specifi
d6520	63 61 74 69 6f 6e 20 61 6c 6c 6f 77 73 20 61 20 73 69 6e 67 6c 65 20 56 69 72 74 75 61 6c 20 4c	cation.allows.a.single.Virtual.L
d6540	6f 63 61 6c 20 41 72 65 61 20 4e 65 74 77 6f 72 6b 20 28 56 4c 41 4e 29 20 68 65 61 64 65 72 20	ocal.Area.Network.(VLAN).header.
d6560	74 6f 20 62 65 20 69 6e 73 65 72 74 65 64 20 69 6e 74 6f 20 61 6e 20 45 74 68 65 72 6e 65 74 20	to.be.inserted.into.an.Ethernet.
d6580	66 72 61 6d 65 2e 20 51 69 6e 51 20 61 6c 6c 6f 77 73 20 6d 75 6c 74 69 70 6c 65 20 56 4c 41 4e	frame..QinQ.allows.multiple.VLAN
d65a0	20 74 61 67 73 20 74 6f 20 62 65 20 69 6e 73 65 72 74 65 64 20 69 6e 74 6f 20 61 20 73 69 6e 67	.tags.to.be.inserted.into.a.sing
d65c0	6c 65 20 66 72 61 6d 65 2c 20 61 6e 20 65 73 73 65 6e 74 69 61 6c 20 63 61 70 61 62 69 6c 69 74	le.frame,.an.essential.capabilit
d65e0	79 20 66 6f 72 20 69 6d 70 6c 65 6d 65 6e 74 69 6e 67 20 4d 65 74 72 6f 20 45 74 68 65 72 6e 65	y.for.implementing.Metro.Etherne
d6600	74 20 6e 65 74 77 6f 72 6b 20 74 6f 70 6f 6c 6f 67 69 65 73 2e 20 4a 75 73 74 20 61 73 20 51 69	t.network.topologies..Just.as.Qi
d6620	6e 51 20 65 78 74 65 6e 64 73 20 38 30 32 2e 31 51 2c 20 51 69 6e 51 20 69 74 73 65 6c 66 20 69	nQ.extends.802.1Q,.QinQ.itself.i
d6640	73 20 65 78 74 65 6e 64 65 64 20 62 79 20 6f 74 68 65 72 20 4d 65 74 72 6f 20 45 74 68 65 72 6e	s.extended.by.other.Metro.Ethern
d6660	65 74 20 70 72 6f 74 6f 63 6f 6c 73 2e 00 54 68 65 20 6f 75 74 67 6f 69 6e 67 20 69 6e 74 65 72	et.protocols..The.outgoing.inter
d6680	66 61 63 65 20 74 6f 20 70 65 72 66 6f 72 6d 20 74 68 65 20 74 72 61 6e 73 6c 61 74 69 6f 6e 20	face.to.perform.the.translation.
d66a0	6f 6e 00 54 68 65 20 70 65 65 72 20 6e 61 6d 65 20 6d 75 73 74 20 62 65 20 61 6e 20 61 6c 70 68	on.The.peer.name.must.be.an.alph
d66c0	61 6e 75 6d 65 72 69 63 20 61 6e 64 20 63 61 6e 20 68 61 76 65 20 68 79 70 65 6e 20 6f 72 20 75	anumeric.and.can.have.hypen.or.u
d66e0	6e 64 65 72 73 63 6f 72 65 20 61 73 20 73 70 65 63 69 61 6c 20 63 68 61 72 61 63 74 65 72 73 2e	nderscore.as.special.characters.
d6700	20 49 74 20 69 73 20 70 75 72 65 6c 79 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 61 6c 2e 00 54 68 65	.It.is.purely.informational..The
d6720	20 70 65 65 72 20 6e 61 6d 65 73 20 52 49 47 48 54 20 61 6e 64 20 4c 45 46 54 20 61 72 65 20 75	.peer.names.RIGHT.and.LEFT.are.u
d6740	73 65 64 20 61 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 61 6c 20 74 65 78 74 2e 00 54 68 65 20 70	sed.as.informational.text..The.p
d6760	65 65 72 20 77 69 74 68 20 6c 6f 77 65 72 20 70 72 69 6f 72 69 74 79 20 77 69 6c 6c 20 62 65 63	eer.with.lower.priority.will.bec
d6780	6f 6d 65 20 74 68 65 20 6b 65 79 20 73 65 72 76 65 72 20 61 6e 64 20 73 74 61 72 74 20 64 69 73	ome.the.key.server.and.start.dis
d67a0	74 72 69 62 75 74 69 6e 67 20 53 41 4b 73 2e 00 54 68 65 20 70 69 6e 67 20 63 6f 6d 6d 61 6e 64	tributing.SAKs..The.ping.command
d67c0	20 69 73 20 75 73 65 64 20 74 6f 20 74 65 73 74 20 77 68 65 74 68 65 72 20 61 20 6e 65 74 77 6f	.is.used.to.test.whether.a.netwo
d67e0	72 6b 20 68 6f 73 74 20 69 73 20 72 65 61 63 68 61 62 6c 65 20 6f 72 20 6e 6f 74 2e 00 54 68 65	rk.host.is.reachable.or.not..The
d6800	20 70 6f 70 75 6c 61 72 20 55 6e 69 78 2f 4c 69 6e 75 78 20 60 60 64 69 67 60 60 20 74 6f 6f 6c	.popular.Unix/Linux.``dig``.tool
d6820	20 73 65 74 73 20 74 68 65 20 41 44 2d 62 69 74 20 69 6e 20 74 68 65 20 71 75 65 72 79 2e 20 54	.sets.the.AD-bit.in.the.query..T
d6840	68 69 73 20 6d 69 67 68 74 20 6c 65 61 64 20 74 6f 20 75 6e 65 78 70 65 63 74 65 64 20 71 75 65	his.might.lead.to.unexpected.que
d6860	72 79 20 72 65 73 75 6c 74 73 20 77 68 65 6e 20 74 65 73 74 69 6e 67 2e 20 53 65 74 20 60 60 2b	ry.results.when.testing..Set.``+
d6880	6e 6f 61 64 60 60 20 6f 6e 20 74 68 65 20 60 60 64 69 67 60 60 20 63 6f 6d 6d 61 6e 64 20 6c 69	noad``.on.the.``dig``.command.li
d68a0	6e 65 20 77 68 65 6e 20 74 68 69 73 20 69 73 20 74 68 65 20 63 61 73 65 2e 00 54 68 65 20 70 72	ne.when.this.is.the.case..The.pr
d68c0	65 66 69 78 20 61 6e 64 20 41 53 4e 20 74 68 61 74 20 6f 72 69 67 69 6e 61 74 65 64 20 69 74 20	efix.and.ASN.that.originated.it.
d68e0	6d 61 74 63 68 20 61 20 73 69 67 6e 65 64 20 52 4f 41 2e 20 54 68 65 73 65 20 61 72 65 20 70 72	match.a.signed.ROA..These.are.pr
d6900	6f 62 61 62 6c 79 20 74 72 75 73 74 77 6f 72 74 68 79 20 72 6f 75 74 65 20 61 6e 6e 6f 75 6e 63	obably.trustworthy.route.announc
d6920	65 6d 65 6e 74 73 2e 00 54 68 65 20 70 72 65 66 69 78 20 6f 72 20 70 72 65 66 69 78 20 6c 65 6e	ements..The.prefix.or.prefix.len
d6940	67 74 68 20 61 6e 64 20 41 53 4e 20 74 68 61 74 20 6f 72 69 67 69 6e 61 74 65 64 20 69 74 20 64	gth.and.ASN.that.originated.it.d
d6960	6f 65 73 6e 27 74 20 6d 61 74 63 68 20 61 6e 79 20 65 78 69 73 74 69 6e 67 20 52 4f 41 2e 20 54	oesn't.match.any.existing.ROA..T
d6980	68 69 73 20 63 6f 75 6c 64 20 62 65 20 74 68 65 20 72 65 73 75 6c 74 20 6f 66 20 61 20 70 72 65	his.could.be.the.result.of.a.pre
d69a0	66 69 78 20 68 69 6a 61 63 6b 2c 20 6f 72 20 6d 65 72 65 6c 79 20 61 20 6d 69 73 63 6f 6e 66 69	fix.hijack,.or.merely.a.misconfi
d69c0	67 75 72 61 74 69 6f 6e 2c 20 62 75 74 20 73 68 6f 75 6c 64 20 70 72 6f 62 61 62 6c 79 20 62 65	guration,.but.should.probably.be
d69e0	20 74 72 65 61 74 65 64 20 61 73 20 75 6e 74 72 75 73 74 77 6f 72 74 68 79 20 72 6f 75 74 65 20	.treated.as.untrustworthy.route.
d6a00	61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 73 2e 00 54 68 65 20 70 72 69 6d 61 72 79 20 44 48 43 50 20	announcements..The.primary.DHCP.
d6a20	73 65 72 76 65 72 20 75 73 65 73 20 61 64 64 72 65 73 73 20 60 31 39 32 2e 31 36 38 2e 31 38 39	server.uses.address.`192.168.189
d6a40	2e 32 35 32 60 00 54 68 65 20 70 72 69 6d 61 72 79 20 61 6e 64 20 73 65 63 6f 6e 64 61 72 79 20	.252`.The.primary.and.secondary.
d6a60	73 74 61 74 65 6d 65 6e 74 73 20 64 65 74 65 72 6d 69 6e 65 73 20 77 68 65 74 68 65 72 20 74 68	statements.determines.whether.th
d6a80	65 20 73 65 72 76 65 72 20 69 73 20 70 72 69 6d 61 72 79 20 6f 72 20 73 65 63 6f 6e 64 61 72 79	e.server.is.primary.or.secondary
d6aa0	2e 00 54 68 65 20 70 72 69 6d 61 72 79 20 6f 70 74 69 6f 6e 20 69 73 20 6f 6e 6c 79 20 76 61 6c	..The.primary.option.is.only.val
d6ac0	69 64 20 66 6f 72 20 61 63 74 69 76 65 2d 62 61 63 6b 75 70 2c 20 74 72 61 6e 73 6d 69 74 2d 6c	id.for.active-backup,.transmit-l
d6ae0	6f 61 64 2d 62 61 6c 61 6e 63 65 2c 20 61 6e 64 20 61 64 61 70 74 69 76 65 2d 6c 6f 61 64 2d 62	oad-balance,.and.adaptive-load-b
d6b00	61 6c 61 6e 63 65 20 6d 6f 64 65 2e 00 54 68 65 20 70 72 69 6f 72 69 74 79 20 6d 75 73 74 20 62	alance.mode..The.priority.must.b
d6b20	65 20 61 6e 20 69 6e 74 65 67 65 72 20 6e 75 6d 62 65 72 20 66 72 6f 6d 20 31 20 74 6f 20 32 35	e.an.integer.number.from.1.to.25
d6b40	35 2e 20 48 69 67 68 65 72 20 70 72 69 6f 72 69 74 79 20 76 61 6c 75 65 20 69 6e 63 72 65 61 73	5..Higher.priority.value.increas
d6b60	65 73 20 72 6f 75 74 65 72 27 73 20 70 72 65 63 65 64 65 6e 63 65 20 69 6e 20 74 68 65 20 6d 61	es.router's.precedence.in.the.ma
d6b80	73 74 65 72 20 65 6c 65 63 74 69 6f 6e 73 2e 00 54 68 65 20 70 72 6f 63 65 64 75 72 65 20 74 6f	ster.elections..The.procedure.to
d6ba0	20 73 70 65 63 69 66 79 20 61 20 3a 61 62 62 72 3a 60 4e 49 53 2b 20 28 4e 65 74 77 6f 72 6b 20	.specify.a.:abbr:`NIS+.(Network.
d6bc0	49 6e 66 6f 72 6d 61 74 69 6f 6e 20 53 65 72 76 69 63 65 20 50 6c 75 73 29 60 20 64 6f 6d 61 69	Information.Service.Plus)`.domai
d6be0	6e 20 69 73 20 73 69 6d 69 6c 61 72 20 74 6f 20 74 68 65 20 4e 49 53 20 64 6f 6d 61 69 6e 20 6f	n.is.similar.to.the.NIS.domain.o
d6c00	6e 65 3a 00 54 68 65 20 70 72 6f 6d 70 74 20 69 73 20 61 64 6a 75 73 74 65 64 20 74 6f 20 72 65	ne:.The.prompt.is.adjusted.to.re
d6c20	66 6c 65 63 74 20 74 68 69 73 20 63 68 61 6e 67 65 20 69 6e 20 62 6f 74 68 20 63 6f 6e 66 69 67	flect.this.change.in.both.config
d6c40	20 61 6e 64 20 6f 70 2d 6d 6f 64 65 2e 00 54 68 65 20 70 72 6f 74 6f 63 6f 6c 20 61 6e 64 20 70	.and.op-mode..The.protocol.and.p
d6c60	6f 72 74 20 77 65 20 77 69 73 68 20 74 6f 20 66 6f 72 77 61 72 64 3b 00 54 68 65 20 70 72 6f 74	ort.we.wish.to.forward;.The.prot
d6c80	6f 63 6f 6c 20 69 73 20 75 73 75 61 6c 6c 79 20 64 65 73 63 72 69 62 65 64 20 69 6e 20 74 65 72	ocol.is.usually.described.in.ter
d6ca0	6d 73 20 6f 66 20 61 20 63 6c 69 65 6e 74 2d 73 65 72 76 65 72 20 6d 6f 64 65 6c 2c 20 62 75 74	ms.of.a.client-server.model,.but
d6cc0	20 63 61 6e 20 61 73 20 65 61 73 69 6c 79 20 62 65 20 75 73 65 64 20 69 6e 20 70 65 65 72 2d 74	.can.as.easily.be.used.in.peer-t
d6ce0	6f 2d 70 65 65 72 20 72 65 6c 61 74 69 6f 6e 73 68 69 70 73 20 77 68 65 72 65 20 62 6f 74 68 20	o-peer.relationships.where.both.
d6d00	70 65 65 72 73 20 63 6f 6e 73 69 64 65 72 20 74 68 65 20 6f 74 68 65 72 20 74 6f 20 62 65 20 61	peers.consider.the.other.to.be.a
d6d20	20 70 6f 74 65 6e 74 69 61 6c 20 74 69 6d 65 20 73 6f 75 72 63 65 2e 20 49 6d 70 6c 65 6d 65 6e	.potential.time.source..Implemen
d6d40	74 61 74 69 6f 6e 73 20 73 65 6e 64 20 61 6e 64 20 72 65 63 65 69 76 65 20 74 69 6d 65 73 74 61	tations.send.and.receive.timesta
d6d60	6d 70 73 20 75 73 69 6e 67 20 3a 61 62 62 72 3a 60 55 44 50 20 28 55 73 65 72 20 44 61 74 61 67	mps.using.:abbr:`UDP.(User.Datag
d6d80	72 61 6d 20 50 72 6f 74 6f 63 6f 6c 29 60 20 6f 6e 20 70 6f 72 74 20 6e 75 6d 62 65 72 20 31 32	ram.Protocol)`.on.port.number.12
d6da0	33 2e 00 54 68 65 20 70 72 6f 74 6f 63 6f 6c 20 6f 76 65 72 68 65 61 64 20 6f 66 20 4c 32 54 50	3..The.protocol.overhead.of.L2TP
d6dc0	76 33 20 69 73 20 61 6c 73 6f 20 73 69 67 6e 69 66 69 63 61 6e 74 6c 79 20 62 69 67 67 65 72 20	v3.is.also.significantly.bigger.
d6de0	74 68 61 6e 20 4d 50 4c 53 2e 00 54 68 65 20 70 72 6f 78 79 20 73 65 72 76 69 63 65 20 69 6e 20	than.MPLS..The.proxy.service.in.
d6e00	56 79 4f 53 20 69 73 20 62 61 73 65 64 20 6f 6e 20 53 71 75 69 64 5f 20 61 6e 64 20 73 6f 6d 65	VyOS.is.based.on.Squid_.and.some
d6e20	20 72 65 6c 61 74 65 64 20 6d 6f 64 75 6c 65 73 2e 00 54 68 65 20 70 75 62 6c 69 63 20 49 50 20	.related.modules..The.public.IP.
d6e40	61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 6c 6f 63 61 6c 20 73 69 64 65 20 6f 66 20 74 68 65	address.of.the.local.side.of.the
d6e60	20 56 50 4e 20 77 69 6c 6c 20 62 65 20 31 39 38 2e 35 31 2e 31 30 30 2e 31 30 2e 00 54 68 65 20	.VPN.will.be.198.51.100.10..The.
d6e80	70 75 62 6c 69 63 20 49 50 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 72 65 6d 6f 74 65 20	public.IP.address.of.the.remote.
d6ea0	73 69 64 65 20 6f 66 20 74 68 65 20 56 50 4e 20 77 69 6c 6c 20 62 65 20 32 30 33 2e 30 2e 31 31	side.of.the.VPN.will.be.203.0.11
d6ec0	33 2e 31 31 2e 00 54 68 65 20 72 61 74 65 2d 6c 69 6d 69 74 20 69 73 20 73 65 74 20 69 6e 20 6b	3.11..The.rate-limit.is.set.in.k
d6ee0	62 69 74 2f 73 65 63 2e 00 54 68 65 20 72 65 67 75 6c 61 72 20 65 78 70 72 65 73 73 69 6f 6e 20	bit/sec..The.regular.expression.
d6f00	6d 61 74 63 68 65 73 20 69 66 20 61 6e 64 20 6f 6e 6c 79 20 69 66 20 74 68 65 20 65 6e 74 69 72	matches.if.and.only.if.the.entir
d6f20	65 20 73 74 72 69 6e 67 20 6d 61 74 63 68 65 73 20 74 68 65 20 70 61 74 74 65 72 6e 2e 00 54 68	e.string.matches.the.pattern..Th
d6f40	65 20 72 65 6d 6f 74 65 20 70 65 65 72 20 60 74 6f 2d 77 67 30 32 60 20 75 73 65 73 20 58 4d 72	e.remote.peer.`to-wg02`.uses.XMr
d6f60	6c 50 79 6b 61 78 68 64 41 41 69 53 6a 68 74 50 6c 76 69 33 30 4e 56 6b 76 4c 51 6c 69 51 75 4b	lPykaxhdAAiSjhtPlvi30NVkvLQliQuK
d6f80	50 37 41 49 37 43 79 49 3d 20 61 73 20 69 74 73 20 70 75 62 6c 69 63 20 6b 65 79 20 70 6f 72 74	P7AI7CyI=.as.its.public.key.port
d6fa0	69 6f 6e 00 54 68 65 20 72 65 6d 6f 74 65 20 73 69 74 65 20 77 69 6c 6c 20 68 61 76 65 20 61 20	ion.The.remote.site.will.have.a.
d6fc0	73 75 62 6e 65 74 20 6f 66 20 31 30 2e 31 2e 30 2e 30 2f 31 36 2e 00 54 68 65 20 72 65 6d 6f 74	subnet.of.10.1.0.0/16..The.remot
d6fe0	65 20 75 73 65 72 20 77 69 6c 6c 20 75 73 65 20 74 68 65 20 6f 70 65 6e 63 6f 6e 6e 65 63 74 20	e.user.will.use.the.openconnect.
d7000	63 6c 69 65 6e 74 20 74 6f 20 63 6f 6e 6e 65 63 74 20 74 6f 20 74 68 65 20 72 6f 75 74 65 72 20	client.to.connect.to.the.router.
d7020	61 6e 64 20 77 69 6c 6c 20 72 65 63 65 69 76 65 20 61 6e 20 49 50 20 61 64 64 72 65 73 73 20 66	and.will.receive.an.IP.address.f
d7040	72 6f 6d 20 61 20 56 50 4e 20 70 6f 6f 6c 2c 20 61 6c 6c 6f 77 69 6e 67 20 66 75 6c 6c 20 61 63	rom.a.VPN.pool,.allowing.full.ac
d7060	63 65 73 73 20 74 6f 20 74 68 65 20 6e 65 74 77 6f 72 6b 2e 00 54 68 65 20 72 65 71 75 69 72 65	cess.to.the.network..The.require
d7080	64 20 63 6f 6e 66 69 67 20 66 69 6c 65 20 6d 61 79 20 6c 6f 6f 6b 20 6c 69 6b 65 20 74 68 69 73	d.config.file.may.look.like.this
d70a0	3a 00 54 68 65 20 72 65 71 75 69 72 65 64 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 63 61 6e	:.The.required.configuration.can
d70c0	20 62 65 20 62 72 6f 6b 65 6e 20 64 6f 77 6e 20 69 6e 74 6f 20 34 20 6d 61 6a 6f 72 20 70 69 65	.be.broken.down.into.4.major.pie
d70e0	63 65 73 3a 00 54 68 65 20 72 65 73 75 6c 74 69 6e 67 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e	ces:.The.resulting.configuration
d7100	20 77 69 6c 6c 20 6c 6f 6f 6b 20 6c 69 6b 65 3a 00 54 68 65 20 72 6f 6f 74 20 63 61 75 73 65 20	.will.look.like:.The.root.cause.
d7120	6f 66 20 74 68 65 20 70 72 6f 62 6c 65 6d 20 69 73 20 74 68 61 74 20 66 6f 72 20 56 54 49 20 74	of.the.problem.is.that.for.VTI.t
d7140	75 6e 6e 65 6c 73 20 74 6f 20 77 6f 72 6b 2c 20 74 68 65 69 72 20 74 72 61 66 66 69 63 20 73 65	unnels.to.work,.their.traffic.se
d7160	6c 65 63 74 6f 72 73 20 68 61 76 65 20 74 6f 20 62 65 20 73 65 74 20 74 6f 20 30 2e 30 2e 30 2e	lectors.have.to.be.set.to.0.0.0.
d7180	30 2f 30 20 66 6f 72 20 74 72 61 66 66 69 63 20 74 6f 20 6d 61 74 63 68 20 74 68 65 20 74 75 6e	0/0.for.traffic.to.match.the.tun
d71a0	6e 65 6c 2c 20 65 76 65 6e 20 74 68 6f 75 67 68 20 61 63 74 75 61 6c 20 72 6f 75 74 69 6e 67 20	nel,.even.though.actual.routing.
d71c0	64 65 63 69 73 69 6f 6e 20 69 73 20 6d 61 64 65 20 61 63 63 6f 72 64 69 6e 67 20 74 6f 20 6e 65	decision.is.made.according.to.ne
d71e0	74 66 69 6c 74 65 72 20 6d 61 72 6b 73 2e 20 55 6e 6c 65 73 73 20 72 6f 75 74 65 20 69 6e 73 65	tfilter.marks..Unless.route.inse
d7200	72 74 69 6f 6e 20 69 73 20 64 69 73 61 62 6c 65 64 20 65 6e 74 69 72 65 6c 79 2c 20 53 74 72 6f	rtion.is.disabled.entirely,.Stro
d7220	6e 67 53 57 41 4e 20 74 68 75 73 20 6d 69 73 74 61 6b 65 6e 6c 79 20 69 6e 73 65 72 74 73 20 61	ngSWAN.thus.mistakenly.inserts.a
d7240	20 64 65 66 61 75 6c 74 20 72 6f 75 74 65 20 74 68 72 6f 75 67 68 20 74 68 65 20 56 54 49 20 70	.default.route.through.the.VTI.p
d7260	65 65 72 20 61 64 64 72 65 73 73 2c 20 77 68 69 63 68 20 6d 61 6b 65 73 20 61 6c 6c 20 74 72 61	eer.address,.which.makes.all.tra
d7280	66 66 69 63 20 72 6f 75 74 65 64 20 74 6f 20 6e 6f 77 68 65 72 65 2e 00 54 68 65 20 72 6f 75 6e	ffic.routed.to.nowhere..The.roun
d72a0	64 2d 72 6f 62 69 6e 20 70 6f 6c 69 63 79 20 69 73 20 61 20 63 6c 61 73 73 66 75 6c 20 73 63 68	d-robin.policy.is.a.classful.sch
d72c0	65 64 75 6c 65 72 20 74 68 61 74 20 64 69 76 69 64 65 73 20 74 72 61 66 66 69 63 20 69 6e 20 64	eduler.that.divides.traffic.in.d
d72e0	69 66 66 65 72 65 6e 74 20 63 6c 61 73 73 65 73 5f 20 79 6f 75 20 63 61 6e 20 63 6f 6e 66 69 67	ifferent.classes_.you.can.config
d7300	75 72 65 20 28 75 70 20 74 6f 20 34 30 39 36 29 2e 20 59 6f 75 20 63 61 6e 20 65 6d 62 65 64 5f	ure.(up.to.4096)..You.can.embed_
d7320	20 61 20 6e 65 77 20 70 6f 6c 69 63 79 20 69 6e 74 6f 20 65 61 63 68 20 6f 66 20 74 68 6f 73 65	.a.new.policy.into.each.of.those
d7340	20 63 6c 61 73 73 65 73 20 28 64 65 66 61 75 6c 74 20 69 6e 63 6c 75 64 65 64 29 2e 00 54 68 65	.classes.(default.included)..The
d7360	20 72 6f 75 74 65 20 73 65 6c 65 63 74 69 6f 6e 20 70 72 6f 63 65 73 73 20 75 73 65 64 20 62 79	.route.selection.process.used.by
d7380	20 46 52 52 27 73 20 42 47 50 20 69 6d 70 6c 65 6d 65 6e 74 61 74 69 6f 6e 20 75 73 65 73 20 74	.FRR's.BGP.implementation.uses.t
d73a0	68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 64 65 63 69 73 69 6f 6e 20 63 72 69 74 65 72 69 6f 6e 2c	he.following.decision.criterion,
d73c0	20 73 74 61 72 74 69 6e 67 20 61 74 20 74 68 65 20 74 6f 70 20 6f 66 20 74 68 65 20 6c 69 73 74	.starting.at.the.top.of.the.list
d73e0	20 61 6e 64 20 67 6f 69 6e 67 20 74 6f 77 61 72 64 73 20 74 68 65 20 62 6f 74 74 6f 6d 20 75 6e	.and.going.towards.the.bottom.un
d7400	74 69 6c 20 6f 6e 65 20 6f 66 20 74 68 65 20 66 61 63 74 6f 72 73 20 63 61 6e 20 62 65 20 75 73	til.one.of.the.factors.can.be.us
d7420	65 64 2e 00 54 68 65 20 72 6f 75 74 65 20 77 69 74 68 20 74 68 65 20 73 68 6f 72 74 65 73 74 20	ed..The.route.with.the.shortest.
d7440	63 6c 75 73 74 65 72 2d 6c 69 73 74 20 6c 65 6e 67 74 68 20 69 73 20 75 73 65 64 2e 20 54 68 65	cluster-list.length.is.used..The
d7460	20 63 6c 75 73 74 65 72 2d 6c 69 73 74 20 72 65 66 6c 65 63 74 73 20 74 68 65 20 69 42 47 50 20	.cluster-list.reflects.the.iBGP.
d7480	72 65 66 6c 65 63 74 69 6f 6e 20 70 61 74 68 20 74 68 65 20 72 6f 75 74 65 20 68 61 73 20 74 61	reflection.path.the.route.has.ta
d74a0	6b 65 6e 2e 00 54 68 65 20 72 6f 75 74 65 72 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 75 70	ken..The.router.automatically.up
d74c0	64 61 74 65 73 20 6c 69 6e 6b 2d 73 74 61 74 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 77 69 74	dates.link-state.information.wit
d74e0	68 20 69 74 73 20 6e 65 69 67 68 62 6f 72 73 2e 20 4f 6e 6c 79 20 61 6e 20 6f 62 73 6f 6c 65 74	h.its.neighbors..Only.an.obsolet
d7500	65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 69 73 20 75 70 64 61 74 65 64 20 77 68 69 63 68 20 61	e.information.is.updated.which.a
d7520	67 65 20 68 61 73 20 65 78 63 65 65 64 65 64 20 61 20 73 70 65 63 69 66 69 63 20 74 68 72 65 73	ge.has.exceeded.a.specific.thres
d7540	68 6f 6c 64 2e 20 54 68 69 73 20 70 61 72 61 6d 65 74 65 72 20 63 68 61 6e 67 65 73 20 61 20 74	hold..This.parameter.changes.a.t
d7560	68 72 65 73 68 6f 6c 64 20 76 61 6c 75 65 2c 20 77 68 69 63 68 20 62 79 20 64 65 66 61 75 6c 74	hreshold.value,.which.by.default
d7580	20 69 73 20 31 38 30 30 20 73 65 63 6f 6e 64 73 20 28 68 61 6c 66 20 61 6e 20 68 6f 75 72 29 2e	.is.1800.seconds.(half.an.hour).
d75a0	20 54 68 65 20 76 61 6c 75 65 20 69 73 20 61 70 70 6c 69 65 64 20 74 6f 20 74 68 65 20 77 68 6f	.The.value.is.applied.to.the.who
d75c0	6c 65 20 4f 53 50 46 20 72 6f 75 74 65 72 2e 20 54 68 65 20 74 69 6d 65 72 20 72 61 6e 67 65 20	le.OSPF.router..The.timer.range.
d75e0	69 73 20 31 30 20 74 6f 20 31 38 30 30 2e 00 54 68 65 20 72 6f 75 74 65 72 20 73 68 6f 75 6c 64	is.10.to.1800..The.router.should
d7600	20 64 69 73 63 61 72 64 20 44 48 43 50 20 70 61 63 6b 61 67 65 73 20 61 6c 72 65 61 64 79 20 63	.discard.DHCP.packages.already.c
d7620	6f 6e 74 61 69 6e 69 6e 67 20 72 65 6c 61 79 20 61 67 65 6e 74 20 69 6e 66 6f 72 6d 61 74 69 6f	ontaining.relay.agent.informatio
d7640	6e 20 74 6f 20 65 6e 73 75 72 65 20 74 68 61 74 20 6f 6e 6c 79 20 72 65 71 75 65 73 74 73 20 66	n.to.ensure.that.only.requests.f
d7660	72 6f 6d 20 44 48 43 50 20 63 6c 69 65 6e 74 73 20 61 72 65 20 66 6f 72 77 61 72 64 65 64 2e 00	rom.DHCP.clients.are.forwarded..
d7680	54 68 65 20 73 46 6c 6f 77 20 61 63 63 6f 75 6e 74 69 6e 67 20 62 61 73 65 64 20 6f 6e 20 68 73	The.sFlow.accounting.based.on.hs
d76a0	66 6c 6f 77 64 20 68 74 74 70 73 3a 2f 2f 73 66 6c 6f 77 2e 6e 65 74 2f 00 54 68 65 20 73 61 6d	flowd.https://sflow.net/.The.sam
d76c0	65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 73 20 61 70 70 6c 79 20 77 68	e.configuration.options.apply.wh
d76e0	65 6e 20 49 64 65 6e 74 69 74 79 20 62 61 73 65 64 20 63 6f 6e 66 69 67 20 69 73 20 63 6f 6e 66	en.Identity.based.config.is.conf
d7700	69 67 75 72 65 64 20 69 6e 20 67 72 6f 75 70 20 6d 6f 64 65 20 65 78 63 65 70 74 20 74 68 61 74	igured.in.group.mode.except.that
d7720	20 67 72 6f 75 70 20 6d 6f 64 65 20 63 61 6e 20 6f 6e 6c 79 20 62 65 20 75 73 65 64 20 77 69 74	.group.mode.can.only.be.used.wit
d7740	68 20 52 41 44 49 55 53 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 2e 00 54 68 65 20 73 63 68	h.RADIUS.authentication..The.sch
d7760	65 6d 65 20 61 62 6f 76 65 20 64 6f 65 73 6e 27 74 20 77 6f 72 6b 20 77 68 65 6e 20 6f 6e 65 20	eme.above.doesn't.work.when.one.
d7780	6f 66 20 74 68 65 20 72 6f 75 74 65 72 73 20 68 61 73 20 61 20 64 79 6e 61 6d 69 63 20 65 78 74	of.the.routers.has.a.dynamic.ext
d77a0	65 72 6e 61 6c 20 61 64 64 72 65 73 73 20 74 68 6f 75 67 68 2e 20 54 68 65 20 63 6c 61 73 73 69	ernal.address.though..The.classi
d77c0	63 20 77 6f 72 6b 61 72 6f 75 6e 64 20 66 6f 72 20 74 68 69 73 20 69 73 20 74 6f 20 73 65 74 75	c.workaround.for.this.is.to.setu
d77e0	70 20 61 6e 20 61 64 64 72 65 73 73 20 6f 6e 20 61 20 6c 6f 6f 70 62 61 63 6b 20 69 6e 74 65 72	p.an.address.on.a.loopback.inter
d7800	66 61 63 65 20 61 6e 64 20 75 73 65 20 69 74 20 61 73 20 61 20 73 6f 75 72 63 65 20 61 64 64 72	face.and.use.it.as.a.source.addr
d7820	65 73 73 20 66 6f 72 20 74 68 65 20 47 52 45 20 74 75 6e 6e 65 6c 2c 20 74 68 65 6e 20 73 65 74	ess.for.the.GRE.tunnel,.then.set
d7840	75 70 20 61 6e 20 49 50 73 65 63 20 70 6f 6c 69 63 79 20 74 6f 20 6d 61 74 63 68 20 74 68 6f 73	up.an.IPsec.policy.to.match.thos
d7860	65 20 6c 6f 6f 70 62 61 63 6b 20 61 64 64 72 65 73 73 65 73 2e 00 54 68 65 20 73 65 61 72 63 68	e.loopback.addresses..The.search
d7880	20 66 69 6c 74 65 72 20 63 61 6e 20 63 6f 6e 74 61 69 6e 20 75 70 20 74 6f 20 31 35 20 6f 63 63	.filter.can.contain.up.to.15.occ
d78a0	75 72 72 65 6e 63 65 73 20 6f 66 20 25 73 20 77 68 69 63 68 20 77 69 6c 6c 20 62 65 20 72 65 70	urrences.of.%s.which.will.be.rep
d78c0	6c 61 63 65 64 20 62 79 20 74 68 65 20 75 73 65 72 6e 61 6d 65 2c 20 61 73 20 69 6e 20 22 75 69	laced.by.the.username,.as.in."ui
d78e0	64 3d 25 73 22 20 66 6f 72 20 3a 72 66 63 3a 60 32 30 33 37 60 20 64 69 72 65 63 74 6f 72 69 65	d=%s".for.:rfc:`2037`.directorie
d7900	73 2e 20 46 6f 72 20 61 20 64 65 74 61 69 6c 65 64 20 64 65 73 63 72 69 70 74 69 6f 6e 20 6f 66	s..For.a.detailed.description.of
d7920	20 4c 44 41 50 20 73 65 61 72 63 68 20 66 69 6c 74 65 72 20 73 79 6e 74 61 78 20 73 65 65 20 3a	.LDAP.search.filter.syntax.see.:
d7940	72 66 63 3a 60 32 32 35 34 60 2e 00 54 68 65 20 73 65 63 6f 6e 64 61 72 79 20 44 48 43 50 20 73	rfc:`2254`..The.secondary.DHCP.s
d7960	65 72 76 65 72 20 75 73 65 73 20 61 64 64 72 65 73 73 20 60 31 39 32 2e 31 36 38 2e 31 38 39 2e	erver.uses.address.`192.168.189.
d7980	32 35 33 60 00 54 68 65 20 73 65 63 75 72 69 74 79 20 61 70 70 72 6f 61 63 68 20 69 6e 20 53 4e	253`.The.security.approach.in.SN
d79a0	4d 50 76 33 20 74 61 72 67 65 74 73 3a 00 54 68 65 20 73 65 71 75 65 6e 63 65 20 60 60 5e 45 63	MPv3.targets:.The.sequence.``^Ec
d79c0	3f 60 60 20 74 72 61 6e 73 6c 61 74 65 73 20 74 6f 3a 20 60 60 43 74 72 6c 2b 45 20 63 20 3f 60	?``.translates.to:.``Ctrl+E.c.?`
d79e0	60 2e 20 54 6f 20 71 75 69 74 20 74 68 65 20 73 65 73 73 69 6f 6e 20 75 73 65 3a 20 60 60 43 74	`..To.quit.the.session.use:.``Ct
d7a00	72 6c 2b 45 20 63 20 2e 60 60 00 54 68 65 20 73 65 74 75 70 20 69 73 20 74 68 69 73 3a 20 4c 65	rl+E.c..``.The.setup.is.this:.Le
d7a20	61 66 32 20 2d 20 53 70 69 6e 65 31 20 2d 20 4c 65 61 66 33 00 54 68 65 20 73 69 7a 65 20 6f 66	af2.-.Spine1.-.Leaf3.The.size.of
d7a40	20 74 68 65 20 6f 6e 2d 64 69 73 6b 20 50 72 6f 78 79 20 63 61 63 68 65 20 69 73 20 75 73 65 72	.the.on-disk.Proxy.cache.is.user
d7a60	20 63 6f 6e 66 69 67 75 72 61 62 6c 65 2e 20 54 68 65 20 50 72 6f 78 69 65 73 20 64 65 66 61 75	.configurable..The.Proxies.defau
d7a80	6c 74 20 63 61 63 68 65 2d 73 69 7a 65 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 74 6f 20 31	lt.cache-size.is.configured.to.1
d7aa0	30 30 20 4d 42 2e 00 54 68 65 20 73 70 65 65 64 20 28 62 61 75 64 72 61 74 65 29 20 6f 66 20 74	00.MB..The.speed.(baudrate).of.t
d7ac0	68 65 20 63 6f 6e 73 6f 6c 65 20 64 65 76 69 63 65 2e 20 53 75 70 70 6f 72 74 65 64 20 76 61 6c	he.console.device..Supported.val
d7ae0	75 65 73 20 61 72 65 3a 00 54 68 65 20 73 74 61 6e 64 61 72 64 20 77 61 73 20 64 65 76 65 6c 6f	ues.are:.The.standard.was.develo
d7b00	70 65 64 20 62 79 20 49 45 45 45 20 38 30 32 2e 31 2c 20 61 20 77 6f 72 6b 69 6e 67 20 67 72 6f	ped.by.IEEE.802.1,.a.working.gro
d7b20	75 70 20 6f 66 20 74 68 65 20 49 45 45 45 20 38 30 32 20 73 74 61 6e 64 61 72 64 73 20 63 6f 6d	up.of.the.IEEE.802.standards.com
d7b40	6d 69 74 74 65 65 2c 20 61 6e 64 20 63 6f 6e 74 69 6e 75 65 73 20 74 6f 20 62 65 20 61 63 74 69	mittee,.and.continues.to.be.acti
d7b60	76 65 6c 79 20 72 65 76 69 73 65 64 2e 20 4f 6e 65 20 6f 66 20 74 68 65 20 6e 6f 74 61 62 6c 65	vely.revised..One.of.the.notable
d7b80	20 72 65 76 69 73 69 6f 6e 73 20 69 73 20 38 30 32 2e 31 51 2d 32 30 31 34 20 77 68 69 63 68 20	.revisions.is.802.1Q-2014.which.
d7ba0	69 6e 63 6f 72 70 6f 72 61 74 65 64 20 49 45 45 45 20 38 30 32 2e 31 61 71 20 28 53 68 6f 72 74	incorporated.IEEE.802.1aq.(Short
d7bc0	65 73 74 20 50 61 74 68 20 42 72 69 64 67 69 6e 67 29 20 61 6e 64 20 6d 75 63 68 20 6f 66 20 74	est.Path.Bridging).and.much.of.t
d7be0	68 65 20 49 45 45 45 20 38 30 32 2e 31 64 20 73 74 61 6e 64 61 72 64 2e 00 54 68 65 20 73 79 73	he.IEEE.802.1d.standard..The.sys
d7c00	74 65 6d 20 4c 43 44 20 3a 61 62 62 72 3a 60 4c 43 44 20 28 4c 69 71 75 69 64 2d 63 72 79 73 74	tem.LCD.:abbr:`LCD.(Liquid-cryst
d7c20	61 6c 20 64 69 73 70 6c 61 79 29 60 20 6f 70 74 69 6f 6e 20 69 73 20 66 6f 72 20 75 73 65 72 73	al.display)`.option.is.for.users
d7c40	20 72 75 6e 6e 69 6e 67 20 56 79 4f 53 20 6f 6e 20 68 61 72 64 77 61 72 65 20 74 68 61 74 20 66	.running.VyOS.on.hardware.that.f
d7c60	65 61 74 75 72 65 73 20 61 6e 20 4c 43 44 20 64 69 73 70 6c 61 79 2e 20 54 68 69 73 20 69 73 20	eatures.an.LCD.display..This.is.
d7c80	74 79 70 69 63 61 6c 6c 79 20 61 20 73 6d 61 6c 6c 20 64 69 73 70 6c 61 79 20 62 75 69 6c 74 20	typically.a.small.display.built.
d7ca0	69 6e 20 61 6e 20 31 39 20 69 6e 63 68 20 72 61 63 6b 2d 6d 6f 75 6e 74 61 62 6c 65 20 61 70 70	in.an.19.inch.rack-mountable.app
d7cc0	6c 69 61 6e 63 65 2e 20 54 68 6f 73 65 20 64 69 73 70 6c 61 79 73 20 61 72 65 20 75 73 65 64 20	liance..Those.displays.are.used.
d7ce0	74 6f 20 73 68 6f 77 20 72 75 6e 74 69 6d 65 20 64 61 74 61 2e 00 54 68 65 20 73 79 73 74 65 6d	to.show.runtime.data..The.system
d7d00	20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 74 6f 20 61 74 74 65 6d 70 74 20 64 6f 6d 61 69 6e	.is.configured.to.attempt.domain
d7d20	20 63 6f 6d 70 6c 65 74 69 6f 6e 20 69 6e 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 6f 72 64	.completion.in.the.following.ord
d7d40	65 72 3a 20 76 79 6f 73 2e 69 6f 20 28 66 69 72 73 74 29 2c 20 76 79 6f 73 2e 6e 65 74 20 28 73	er:.vyos.io.(first),.vyos.net.(s
d7d60	65 63 6f 6e 64 29 20 61 6e 64 20 76 79 6f 73 2e 6e 65 74 77 6f 72 6b 20 28 6c 61 73 74 29 3a 00	econd).and.vyos.network.(last):.
d7d80	54 68 65 20 74 61 62 6c 65 20 63 6f 6e 73 69 73 74 73 20 6f 66 20 66 6f 6c 6c 6f 77 69 6e 67 20	The.table.consists.of.following.
d7da0	64 61 74 61 3a 00 54 68 65 20 74 61 73 6b 20 73 63 68 65 64 75 6c 65 72 20 61 6c 6c 6f 77 73 20	data:.The.task.scheduler.allows.
d7dc0	79 6f 75 20 74 6f 20 65 78 65 63 75 74 65 20 74 61 73 6b 73 20 6f 6e 20 61 20 67 69 76 65 6e 20	you.to.execute.tasks.on.a.given.
d7de0	73 63 68 65 64 75 6c 65 2e 20 49 74 20 6d 61 6b 65 73 20 75 73 65 20 6f 66 20 55 4e 49 58 20 63	schedule..It.makes.use.of.UNIX.c
d7e00	72 6f 6e 5f 2e 00 54 68 65 20 74 72 61 6e 73 6c 61 74 69 6f 6e 20 61 64 64 72 65 73 73 20 6d 75	ron_..The.translation.address.mu
d7e20	73 74 20 62 65 20 73 65 74 20 74 6f 20 6f 6e 65 20 6f 66 20 74 68 65 20 61 76 61 69 6c 61 62 6c	st.be.set.to.one.of.the.availabl
d7e40	65 20 61 64 64 72 65 73 73 65 73 20 6f 6e 20 74 68 65 20 63 6f 6e 66 69 67 75 72 65 64 20 60 6f	e.addresses.on.the.configured.`o
d7e60	75 74 62 6f 75 6e 64 2d 69 6e 74 65 72 66 61 63 65 60 20 6f 72 20 69 74 20 6d 75 73 74 20 62 65	utbound-interface`.or.it.must.be
d7e80	20 73 65 74 20 74 6f 20 60 6d 61 73 71 75 65 72 61 64 65 60 20 77 68 69 63 68 20 77 69 6c 6c 20	.set.to.`masquerade`.which.will.
d7ea0	75 73 65 20 74 68 65 20 70 72 69 6d 61 72 79 20 49 50 20 61 64 64 72 65 73 73 20 6f 66 20 74 68	use.the.primary.IP.address.of.th
d7ec0	65 20 60 6f 75 74 62 6f 75 6e 64 2d 69 6e 74 65 72 66 61 63 65 60 20 61 73 20 69 74 73 20 74 72	e.`outbound-interface`.as.its.tr
d7ee0	61 6e 73 6c 61 74 69 6f 6e 20 61 64 64 72 65 73 73 2e 00 54 68 65 20 74 75 6e 6e 65 6c 20 77 69	anslation.address..The.tunnel.wi
d7f00	6c 6c 20 75 73 65 20 31 30 2e 32 35 35 2e 31 2e 31 20 66 6f 72 20 74 68 65 20 6c 6f 63 61 6c 20	ll.use.10.255.1.1.for.the.local.
d7f20	49 50 20 61 6e 64 20 31 30 2e 32 35 35 2e 31 2e 32 20 66 6f 72 20 74 68 65 20 72 65 6d 6f 74 65	IP.and.10.255.1.2.for.the.remote
d7f40	2e 00 54 68 65 20 74 79 70 65 20 63 61 6e 20 62 65 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 3a	..The.type.can.be.the.following:
d7f60	20 61 73 62 72 2d 73 75 6d 6d 61 72 79 2c 20 65 78 74 65 72 6e 61 6c 2c 20 6e 65 74 77 6f 72 6b	.asbr-summary,.external,.network
d7f80	2c 20 6e 73 73 61 2d 65 78 74 65 72 6e 61 6c 2c 20 6f 70 61 71 75 65 2d 61 72 65 61 2c 20 6f 70	,.nssa-external,.opaque-area,.op
d7fa0	61 71 75 65 2d 61 73 2c 20 6f 70 61 71 75 65 2d 6c 69 6e 6b 2c 20 72 6f 75 74 65 72 2c 20 73 75	aque-as,.opaque-link,.router,.su
d7fc0	6d 6d 61 72 79 2e 00 54 68 65 20 75 6c 74 69 6d 61 74 65 20 67 6f 61 6c 20 6f 66 20 63 6c 61 73	mmary..The.ultimate.goal.of.clas
d7fe0	73 69 66 79 69 6e 67 20 74 72 61 66 66 69 63 20 69 73 20 74 6f 20 67 69 76 65 20 65 61 63 68 20	sifying.traffic.is.to.give.each.
d8000	63 6c 61 73 73 20 61 20 64 69 66 66 65 72 65 6e 74 20 74 72 65 61 74 6d 65 6e 74 2e 00 54 68 65	class.a.different.treatment..The
d8020	20 75 73 65 20 6f 66 20 49 50 6f 45 20 61 64 64 72 65 73 73 65 73 20 74 68 65 20 64 69 73 61 64	.use.of.IPoE.addresses.the.disad
d8040	76 61 6e 74 61 67 65 20 74 68 61 74 20 50 50 50 20 69 73 20 75 6e 73 75 69 74 65 64 20 66 6f 72	vantage.that.PPP.is.unsuited.for
d8060	20 6d 75 6c 74 69 63 61 73 74 20 64 65 6c 69 76 65 72 79 20 74 6f 20 6d 75 6c 74 69 70 6c 65 20	.multicast.delivery.to.multiple.
d8080	75 73 65 72 73 2e 20 54 79 70 69 63 61 6c 6c 79 2c 20 49 50 6f 45 20 75 73 65 73 20 44 79 6e 61	users..Typically,.IPoE.uses.Dyna
d80a0	6d 69 63 20 48 6f 73 74 20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 50 72 6f 74 6f 63 6f 6c 20	mic.Host.Configuration.Protocol.
d80c0	61 6e 64 20 45 78 74 65 6e 73 69 62 6c 65 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 50 72	and.Extensible.Authentication.Pr
d80e0	6f 74 6f 63 6f 6c 20 74 6f 20 70 72 6f 76 69 64 65 20 74 68 65 20 73 61 6d 65 20 66 75 6e 63 74	otocol.to.provide.the.same.funct
d8100	69 6f 6e 61 6c 69 74 79 20 61 73 20 50 50 50 6f 45 2c 20 62 75 74 20 69 6e 20 61 20 6c 65 73 73	ionality.as.PPPoE,.but.in.a.less
d8120	20 72 6f 62 75 73 74 20 6d 61 6e 6e 65 72 2e 00 54 68 65 20 76 61 6c 75 65 20 6f 66 20 74 68 65	.robust.manner..The.value.of.the
d8140	20 61 74 74 72 69 62 75 74 65 20 60 60 4e 41 53 2d 50 6f 72 74 2d 49 64 60 60 20 6d 75 73 74 20	.attribute.``NAS-Port-Id``.must.
d8160	62 65 20 6c 65 73 73 20 74 68 61 6e 20 31 36 20 63 68 61 72 61 63 74 65 72 73 2c 20 6f 74 68 65	be.less.than.16.characters,.othe
d8180	72 77 69 73 65 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 77 6f 6e 27 74 20 62 65 20 72 65 6e	rwise.the.interface.won't.be.ren
d81a0	61 6d 65 64 2e 00 54 68 65 20 76 65 6e 64 6f 72 2d 63 6c 61 73 73 2d 69 64 20 6f 70 74 69 6f 6e	amed..The.vendor-class-id.option
d81c0	20 63 61 6e 20 62 65 20 75 73 65 64 20 74 6f 20 72 65 71 75 65 73 74 20 61 20 73 70 65 63 69 66	.can.be.used.to.request.a.specif
d81e0	69 63 20 63 6c 61 73 73 20 6f 66 20 76 65 6e 64 6f 72 20 6f 70 74 69 6f 6e 73 20 66 72 6f 6d 20	ic.class.of.vendor.options.from.
d8200	74 68 65 20 73 65 72 76 65 72 2e 00 54 68 65 20 76 65 74 68 20 64 65 76 69 63 65 73 20 61 72 65	the.server..The.veth.devices.are
d8220	20 76 69 72 74 75 61 6c 20 45 74 68 65 72 6e 65 74 20 64 65 76 69 63 65 73 2e 20 54 68 65 79 20	.virtual.Ethernet.devices..They.
d8240	63 61 6e 20 61 63 74 20 61 73 20 74 75 6e 6e 65 6c 73 20 62 65 74 77 65 65 6e 20 6e 65 74 77 6f	can.act.as.tunnels.between.netwo
d8260	72 6b 20 6e 61 6d 65 73 70 61 63 65 73 20 74 6f 20 63 72 65 61 74 65 20 61 20 62 72 69 64 67 65	rk.namespaces.to.create.a.bridge
d8280	20 74 6f 20 61 20 70 68 79 73 69 63 61 6c 20 6e 65 74 77 6f 72 6b 20 64 65 76 69 63 65 20 69 6e	.to.a.physical.network.device.in
d82a0	20 61 6e 6f 74 68 65 72 20 6e 61 6d 65 73 70 61 63 65 20 6f 72 20 56 52 46 2c 20 62 75 74 20 63	.another.namespace.or.VRF,.but.c
d82c0	61 6e 20 61 6c 73 6f 20 62 65 20 75 73 65 64 20 61 73 20 73 74 61 6e 64 61 6c 6f 6e 65 20 6e 65	an.also.be.used.as.standalone.ne
d82e0	74 77 6f 72 6b 20 64 65 76 69 63 65 73 2e 00 54 68 65 20 77 69 6e 64 6f 77 20 73 69 7a 65 20 6d	twork.devices..The.window.size.m
d8300	75 73 74 20 62 65 20 62 65 74 77 65 65 6e 20 31 20 61 6e 64 20 32 31 2e 00 54 68 65 20 77 69 72	ust.be.between.1.and.21..The.wir
d8320	65 6c 65 73 73 20 63 6c 69 65 6e 74 20 28 73 75 70 70 6c 69 63 61 6e 74 29 20 61 75 74 68 65 6e	eless.client.(supplicant).authen
d8340	74 69 63 61 74 65 73 20 61 67 61 69 6e 73 74 20 74 68 65 20 52 41 44 49 55 53 20 73 65 72 76 65	ticates.against.the.RADIUS.serve
d8360	72 20 28 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 73 65 72 76 65 72 29 20 75 73 69 6e 67 20	r.(authentication.server).using.
d8380	61 6e 20 3a 61 62 62 72 3a 60 45 41 50 20 28 45 78 74 65 6e 73 69 62 6c 65 20 41 75 74 68 65 6e	an.:abbr:`EAP.(Extensible.Authen
d83a0	74 69 63 61 74 69 6f 6e 20 50 72 6f 74 6f 63 6f 6c 29 60 20 20 6d 65 74 68 6f 64 20 63 6f 6e 66	tication.Protocol)`..method.conf
d83c0	69 67 75 72 65 64 20 6f 6e 20 74 68 65 20 52 41 44 49 55 53 20 73 65 72 76 65 72 2e 20 54 68 65	igured.on.the.RADIUS.server..The
d83e0	20 57 41 50 20 28 61 6c 73 6f 20 72 65 66 65 72 72 65 64 20 74 6f 20 61 73 20 61 75 74 68 65 6e	.WAP.(also.referred.to.as.authen
d8400	74 69 63 61 74 6f 72 29 20 72 6f 6c 65 20 69 73 20 74 6f 20 73 65 6e 64 20 61 6c 6c 20 61 75 74	ticator).role.is.to.send.all.aut
d8420	68 65 6e 74 69 63 61 74 69 6f 6e 20 6d 65 73 73 61 67 65 73 20 62 65 74 77 65 65 6e 20 74 68 65	hentication.messages.between.the
d8440	20 73 75 70 70 6c 69 63 61 6e 74 20 61 6e 64 20 74 68 65 20 63 6f 6e 66 69 67 75 72 65 64 20 61	.supplicant.and.the.configured.a
d8460	75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 73 65 72 76 65 72 2c 20 74 68 75 73 20 74 68 65 20 52	uthentication.server,.thus.the.R
d8480	41 44 49 55 53 20 73 65 72 76 65 72 20 69 73 20 72 65 73 70 6f 6e 73 69 62 6c 65 20 66 6f 72 20	ADIUS.server.is.responsible.for.
d84a0	61 75 74 68 65 6e 74 69 63 61 74 69 6e 67 20 74 68 65 20 75 73 65 72 73 2e 00 54 68 65 6e 20 61	authenticating.the.users..Then.a
d84c0	20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 53 4e 41 54 20 72 75 6c 65 20 69 73 20 63 72 65 61	.corresponding.SNAT.rule.is.crea
d84e0	74 65 64 20 74 6f 20 4e 41 54 20 6f 75 74 67 6f 69 6e 67 20 74 72 61 66 66 69 63 20 66 6f 72 20	ted.to.NAT.outgoing.traffic.for.
d8500	74 68 65 20 69 6e 74 65 72 6e 61 6c 20 49 50 20 74 6f 20 61 20 72 65 73 65 72 76 65 64 20 65 78	the.internal.IP.to.a.reserved.ex
d8520	74 65 72 6e 61 6c 20 49 50 2e 20 54 68 69 73 20 64 65 64 69 63 61 74 65 73 20 61 6e 20 65 78 74	ternal.IP..This.dedicates.an.ext
d8540	65 72 6e 61 6c 20 49 50 20 61 64 64 72 65 73 73 20 74 6f 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20	ernal.IP.address.to.an.internal.
d8560	49 50 20 61 64 64 72 65 73 73 20 61 6e 64 20 69 73 20 75 73 65 66 75 6c 20 66 6f 72 20 70 72 6f	IP.address.and.is.useful.for.pro
d8580	74 6f 63 6f 6c 73 20 77 68 69 63 68 20 64 6f 6e 27 74 20 68 61 76 65 20 74 68 65 20 6e 6f 74 69	tocols.which.don't.have.the.noti
d85a0	6f 6e 20 6f 66 20 70 6f 72 74 73 2c 20 73 75 63 68 20 61 73 20 47 52 45 2e 00 54 68 65 6e 20 77	on.of.ports,.such.as.GRE..Then.w
d85c0	65 20 6e 65 65 64 20 74 6f 20 67 65 6e 65 72 61 74 65 2c 20 61 64 64 20 61 6e 64 20 73 70 65 63	e.need.to.generate,.add.and.spec
d85e0	69 66 79 20 74 68 65 20 6e 61 6d 65 73 20 6f 66 20 74 68 65 20 63 72 79 70 74 6f 67 72 61 70 68	ify.the.names.of.the.cryptograph
d8600	69 63 20 6d 61 74 65 72 69 61 6c 73 2e 20 45 61 63 68 20 6f 66 20 74 68 65 20 69 6e 73 74 61 6c	ic.materials..Each.of.the.instal
d8620	6c 20 63 6f 6d 6d 61 6e 64 20 73 68 6f 75 6c 64 20 62 65 20 61 70 70 6c 69 65 64 20 74 6f 20 74	l.command.should.be.applied.to.t
d8640	68 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6d 6d 69 74 65 64 20 62 65	he.configuration.and.commited.be
d8660	66 6f 72 65 20 75 73 69 6e 67 20 75 6e 64 65 72 20 74 68 65 20 6f 70 65 6e 76 70 6e 20 69 6e 74	fore.using.under.the.openvpn.int
d8680	65 72 66 61 63 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2e 00 54 68 65 72 65 20 61 72 65 20	erface.configuration..There.are.
d86a0	33 20 64 65 66 61 75 6c 74 20 4e 54 50 20 73 65 72 76 65 72 20 73 65 74 2e 20 59 6f 75 20 61 72	3.default.NTP.server.set..You.ar
d86c0	65 20 61 62 6c 65 20 74 6f 20 63 68 61 6e 67 65 20 74 68 65 6d 2e 00 54 68 65 72 65 20 61 72 65	e.able.to.change.them..There.are
d86e0	20 61 20 6c 6f 74 20 6f 66 20 6d 61 74 63 68 69 6e 67 20 63 72 69 74 65 72 69 61 20 61 67 61 69	.a.lot.of.matching.criteria.agai
d8700	6e 73 74 20 77 68 69 63 68 20 74 68 65 20 70 61 63 6b 61 67 65 20 63 61 6e 20 62 65 20 74 65 73	nst.which.the.package.can.be.tes
d8720	74 65 64 2e 00 54 68 65 72 65 20 61 72 65 20 61 20 6c 6f 74 20 6f 66 20 6d 61 74 63 68 69 6e 67	ted..There.are.a.lot.of.matching
d8740	20 63 72 69 74 65 72 69 61 20 6f 70 74 69 6f 6e 73 20 61 76 61 69 6c 61 62 6c 65 2c 20 62 6f 74	.criteria.options.available,.bot
d8760	68 20 66 6f 72 20 60 60 70 6f 6c 69 63 79 20 72 6f 75 74 65 60 60 20 61 6e 64 20 60 60 70 6f 6c	h.for.``policy.route``.and.``pol
d8780	69 63 79 20 72 6f 75 74 65 36 60 60 2e 20 54 68 65 73 65 20 6f 70 74 69 6f 6e 73 20 61 72 65 20	icy.route6``..These.options.are.
d87a0	6c 69 73 74 65 64 20 69 6e 20 74 68 69 73 20 73 65 63 74 69 6f 6e 2e 00 54 68 65 72 65 20 61 72	listed.in.this.section..There.ar
d87c0	65 20 64 69 66 66 65 72 65 6e 74 20 70 61 72 61 6d 65 74 65 72 73 20 66 6f 72 20 67 65 74 74 69	e.different.parameters.for.getti
d87e0	6e 67 20 70 72 65 66 69 78 2d 6c 69 73 74 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 3a 00 54 68 65 72	ng.prefix-list.information:.Ther
d8800	65 20 61 72 65 20 6c 69 6d 69 74 73 20 6f 6e 20 77 68 69 63 68 20 63 68 61 6e 6e 65 6c 73 20 63	e.are.limits.on.which.channels.c
d8820	61 6e 20 62 65 20 75 73 65 64 20 77 69 74 68 20 48 54 34 30 2d 20 61 6e 64 20 48 54 34 30 2b 2e	an.be.used.with.HT40-.and.HT40+.
d8840	20 46 6f 6c 6c 6f 77 69 6e 67 20 74 61 62 6c 65 20 73 68 6f 77 73 20 74 68 65 20 63 68 61 6e 6e	.Following.table.shows.the.chann
d8860	65 6c 73 20 74 68 61 74 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 20 66 6f 72 20 48 54	els.that.may.be.available.for.HT
d8880	34 30 2d 20 61 6e 64 20 48 54 34 30 2b 20 75 73 65 20 70 65 72 20 49 45 45 45 20 38 30 32 2e 31	40-.and.HT40+.use.per.IEEE.802.1
d88a0	31 6e 20 41 6e 6e 65 78 20 4a 3a 00 54 68 65 72 65 20 61 72 65 20 6d 61 6e 79 20 70 61 72 61 6d	1n.Annex.J:.There.are.many.param
d88c0	65 74 65 72 73 20 79 6f 75 20 77 69 6c 6c 20 62 65 20 61 62 6c 65 20 74 6f 20 75 73 65 20 69 6e	eters.you.will.be.able.to.use.in
d88e0	20 6f 72 64 65 72 20 74 6f 20 6d 61 74 63 68 20 74 68 65 20 74 72 61 66 66 69 63 20 79 6f 75 20	.order.to.match.the.traffic.you.
d8900	77 61 6e 74 20 66 6f 72 20 61 20 63 6c 61 73 73 3a 00 54 68 65 72 65 20 61 72 65 20 6d 75 6c 74	want.for.a.class:.There.are.mult
d8920	69 70 6c 65 20 76 65 72 73 69 6f 6e 73 20 61 76 61 69 6c 61 62 6c 65 20 66 6f 72 20 74 68 65 20	iple.versions.available.for.the.
d8940	4e 65 74 46 6c 6f 77 20 64 61 74 61 2e 20 54 68 65 20 60 3c 76 65 72 73 69 6f 6e 3e 60 20 75 73	NetFlow.data..The.`<version>`.us
d8960	65 64 20 69 6e 20 74 68 65 20 65 78 70 6f 72 74 65 64 20 66 6c 6f 77 20 64 61 74 61 20 63 61 6e	ed.in.the.exported.flow.data.can
d8980	20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 68 65 72 65 2e 20 54 68 65 20 66 6f 6c 6c 6f 77 69	.be.configured.here..The.followi
d89a0	6e 67 20 76 65 72 73 69 6f 6e 73 20 61 72 65 20 73 75 70 70 6f 72 74 65 64 3a 00 54 68 65 72 65	ng.versions.are.supported:.There
d89c0	20 61 72 65 20 72 61 74 65 2d 6c 69 6d 69 74 65 64 20 61 6e 64 20 6e 6f 6e 20 72 61 74 65 2d 6c	.are.rate-limited.and.non.rate-l
d89e0	69 6d 69 74 65 64 20 75 73 65 72 73 20 28 4d 41 43 73 29 00 54 68 65 72 65 20 61 72 65 20 73 6f	imited.users.(MACs).There.are.so
d8a00	6d 65 20 73 63 65 6e 61 72 69 6f 73 20 77 68 65 72 65 20 73 65 72 69 61 6c 20 63 6f 6e 73 6f 6c	me.scenarios.where.serial.consol
d8a20	65 73 20 61 72 65 20 75 73 65 66 75 6c 2e 20 53 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61	es.are.useful..System.administra
d8a40	74 69 6f 6e 20 6f 66 20 72 65 6d 6f 74 65 20 63 6f 6d 70 75 74 65 72 73 20 69 73 20 75 73 75 61	tion.of.remote.computers.is.usua
d8a60	6c 6c 79 20 64 6f 6e 65 20 75 73 69 6e 67 20 3a 72 65 66 3a 60 73 73 68 60 2c 20 62 75 74 20 74	lly.done.using.:ref:`ssh`,.but.t
d8a80	68 65 72 65 20 61 72 65 20 74 69 6d 65 73 20 77 68 65 6e 20 61 63 63 65 73 73 20 74 6f 20 74 68	here.are.times.when.access.to.th
d8aa0	65 20 63 6f 6e 73 6f 6c 65 20 69 73 20 74 68 65 20 6f 6e 6c 79 20 77 61 79 20 74 6f 20 64 69 61	e.console.is.the.only.way.to.dia
d8ac0	67 6e 6f 73 65 20 61 6e 64 20 63 6f 72 72 65 63 74 20 73 6f 66 74 77 61 72 65 20 66 61 69 6c 75	gnose.and.correct.software.failu
d8ae0	72 65 73 2e 20 4d 61 6a 6f 72 20 75 70 67 72 61 64 65 73 20 74 6f 20 74 68 65 20 69 6e 73 74 61	res..Major.upgrades.to.the.insta
d8b00	6c 6c 65 64 20 64 69 73 74 72 69 62 75 74 69 6f 6e 20 6d 61 79 20 61 6c 73 6f 20 72 65 71 75 69	lled.distribution.may.also.requi
d8b20	72 65 20 63 6f 6e 73 6f 6c 65 20 61 63 63 65 73 73 2e 00 54 68 65 72 65 20 61 72 65 20 74 68 72	re.console.access..There.are.thr
d8b40	65 65 20 6d 6f 64 65 73 20 6f 66 20 6f 70 65 72 61 74 69 6f 6e 20 66 6f 72 20 61 20 77 69 72 65	ee.modes.of.operation.for.a.wire
d8b60	6c 65 73 73 20 69 6e 74 65 72 66 61 63 65 3a 00 54 68 65 72 65 20 61 72 65 20 74 77 6f 20 74 79	less.interface:.There.are.two.ty
d8b80	70 65 73 20 6f 66 20 4e 65 74 77 6f 72 6b 20 41 64 6d 69 6e 73 20 77 68 6f 20 64 65 61 6c 20 77	pes.of.Network.Admins.who.deal.w
d8ba0	69 74 68 20 42 47 50 2c 20 74 68 6f 73 65 20 77 68 6f 20 68 61 76 65 20 63 72 65 61 74 65 64 20	ith.BGP,.those.who.have.created.
d8bc0	61 6e 20 69 6e 74 65 72 6e 61 74 69 6f 6e 61 6c 20 69 6e 63 69 64 65 6e 74 20 61 6e 64 2f 6f 72	an.international.incident.and/or
d8be0	20 6f 75 74 61 67 65 2c 20 61 6e 64 20 74 68 6f 73 65 20 77 68 6f 20 61 72 65 20 6c 79 69 6e 67	.outage,.and.those.who.are.lying
d8c00	00 54 68 65 72 65 20 61 72 65 20 74 77 6f 20 77 61 79 73 20 74 68 61 74 20 68 65 6c 70 20 75 73	.There.are.two.ways.that.help.us
d8c20	20 74 6f 20 6d 69 74 69 67 61 74 65 20 74 68 65 20 42 47 50 73 20 66 75 6c 6c 2d 6d 65 73 68 20	.to.mitigate.the.BGPs.full-mesh.
d8c40	72 65 71 75 69 72 65 6d 65 6e 74 20 69 6e 20 61 20 6e 65 74 77 6f 72 6b 3a 00 54 68 65 72 65 20	requirement.in.a.network:.There.
d8c60	63 61 6e 20 6f 6e 6c 79 20 62 65 20 6f 6e 65 20 6c 6f 6f 70 62 61 63 6b 20 60 60 6c 6f 60 60 20	can.only.be.one.loopback.``lo``.
d8c80	69 6e 74 65 72 66 61 63 65 20 6f 6e 20 74 68 65 20 73 79 73 74 65 6d 2e 20 49 66 20 79 6f 75 20	interface.on.the.system..If.you.
d8ca0	6e 65 65 64 20 6d 75 6c 74 69 70 6c 65 20 69 6e 74 65 72 66 61 63 65 73 2c 20 70 6c 65 61 73 65	need.multiple.interfaces,.please
d8cc0	20 75 73 65 20 74 68 65 20 3a 72 65 66 3a 60 64 75 6d 6d 79 2d 69 6e 74 65 72 66 61 63 65 60 20	.use.the.:ref:`dummy-interface`.
d8ce0	69 6e 74 65 72 66 61 63 65 20 74 79 70 65 2e 00 54 68 65 72 65 20 63 6f 75 6c 64 20 62 65 20 61	interface.type..There.could.be.a
d8d00	20 77 69 64 65 20 72 61 6e 67 65 20 6f 66 20 72 6f 75 74 69 6e 67 20 70 6f 6c 69 63 69 65 73 2e	.wide.range.of.routing.policies.
d8d20	20 53 6f 6d 65 20 65 78 61 6d 70 6c 65 73 20 61 72 65 20 6c 69 73 74 65 64 20 62 65 6c 6f 77 3a	.Some.examples.are.listed.below:
d8d40	00 54 68 65 72 65 20 69 73 20 61 20 76 65 72 79 20 6e 69 63 65 20 70 69 63 74 75 72 65 2f 65 78	.There.is.a.very.nice.picture/ex
d8d60	70 6c 61 6e 61 74 69 6f 6e 20 69 6e 20 74 68 65 20 56 79 61 74 74 61 20 64 6f 63 75 6d 65 6e 74	planation.in.the.Vyatta.document
d8d80	61 74 69 6f 6e 20 77 68 69 63 68 20 73 68 6f 75 6c 64 20 62 65 20 72 65 77 72 69 74 74 65 6e 20	ation.which.should.be.rewritten.
d8da0	68 65 72 65 2e 00 54 68 65 72 65 20 69 73 20 61 6c 73 6f 20 61 20 47 52 45 20 6f 76 65 72 20 49	here..There.is.also.a.GRE.over.I
d8dc0	50 76 36 20 65 6e 63 61 70 73 75 6c 61 74 69 6f 6e 20 61 76 61 69 6c 61 62 6c 65 2c 20 69 74 20	Pv6.encapsulation.available,.it.
d8de0	69 73 20 63 61 6c 6c 65 64 3a 20 60 60 69 70 36 67 72 65 60 60 2e 00 54 68 65 72 65 20 69 73 20	is.called:.``ip6gre``..There.is.
d8e00	61 6e 20 65 6e 74 69 72 65 20 63 68 61 70 74 65 72 20 61 62 6f 75 74 20 68 6f 77 20 74 6f 20 63	an.entire.chapter.about.how.to.c
d8e20	6f 6e 66 69 67 75 72 65 20 61 20 3a 72 65 66 3a 60 76 72 66 60 2c 20 70 6c 65 61 73 65 20 63 68	onfigure.a.:ref:`vrf`,.please.ch
d8e40	65 63 6b 20 74 68 69 73 20 66 6f 72 20 61 64 64 69 74 69 6f 6e 61 6c 20 69 6e 66 6f 72 6d 61 74	eck.this.for.additional.informat
d8e60	69 6f 6e 2e 00 54 68 65 72 65 27 73 20 61 20 76 61 72 69 65 74 79 20 6f 66 20 63 6c 69 65 6e 74	ion..There's.a.variety.of.client
d8e80	20 47 55 49 20 66 72 6f 6e 74 65 6e 64 73 20 66 6f 72 20 61 6e 79 20 70 6c 61 74 66 6f 72 6d 00	.GUI.frontends.for.any.platform.
d8ea0	54 68 65 73 65 20 61 72 65 20 74 68 65 20 63 6f 6d 6d 61 6e 64 73 20 66 6f 72 20 61 20 62 61 73	These.are.the.commands.for.a.bas
d8ec0	69 63 20 73 65 74 75 70 2e 00 54 68 65 73 65 20 63 6f 6d 6d 61 6e 64 73 20 61 6c 6c 6f 77 20 74	ic.setup..These.commands.allow.t
d8ee0	68 65 20 56 4c 41 4e 31 30 20 61 6e 64 20 56 4c 41 4e 31 31 20 68 6f 73 74 73 20 74 6f 20 63 6f	he.VLAN10.and.VLAN11.hosts.to.co
d8f00	6d 6d 75 6e 69 63 61 74 65 20 77 69 74 68 20 65 61 63 68 20 6f 74 68 65 72 20 75 73 69 6e 67 20	mmunicate.with.each.other.using.
d8f20	74 68 65 20 6d 61 69 6e 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 2e 00 54 68 65 73 65 20 63 6f	the.main.routing.table..These.co
d8f40	6e 66 69 67 75 72 61 74 69 6f 6e 20 69 73 20 6e 6f 74 20 6d 61 6e 64 61 74 6f 72 79 20 61 6e 64	nfiguration.is.not.mandatory.and
d8f60	20 69 6e 20 6d 6f 73 74 20 63 61 73 65 73 20 74 68 65 72 65 27 73 20 6e 6f 20 6e 65 65 64 20 74	.in.most.cases.there's.no.need.t
d8f80	6f 20 63 6f 6e 66 69 67 75 72 65 20 69 74 2e 20 42 75 74 20 69 66 20 6e 65 63 65 73 73 61 72 79	o.configure.it..But.if.necessary
d8fa0	2c 20 47 72 61 74 75 69 74 6f 75 73 20 41 52 50 20 63 61 6e 20 62 65 20 63 6f 6e 66 69 67 75 72	,.Gratuitous.ARP.can.be.configur
d8fc0	65 64 20 69 6e 20 60 60 67 6c 6f 62 61 6c 2d 70 61 72 61 6d 65 74 65 72 73 60 60 20 61 6e 64 2f	ed.in.``global-parameters``.and/
d8fe0	6f 72 20 69 6e 20 60 60 67 72 6f 75 70 60 60 20 73 65 63 74 69 6f 6e 2e 00 54 68 65 73 65 20 70	or.in.``group``.section..These.p
d9000	61 72 61 6d 65 74 65 72 73 20 61 72 65 20 70 61 73 73 65 64 20 61 73 2d 69 73 20 74 6f 20 69 73	arameters.are.passed.as-is.to.is
d9020	63 2d 64 68 63 70 27 73 20 64 68 63 70 64 2e 63 6f 6e 66 20 75 6e 64 65 72 20 74 68 65 20 63 6f	c-dhcp's.dhcpd.conf.under.the.co
d9040	6e 66 69 67 75 72 61 74 69 6f 6e 20 6e 6f 64 65 20 74 68 65 79 20 61 72 65 20 64 65 66 69 6e 65	nfiguration.node.they.are.define
d9060	64 20 69 6e 2e 20 54 68 65 79 20 61 72 65 20 6e 6f 74 20 76 61 6c 69 64 61 74 65 64 20 73 6f 20	d.in..They.are.not.validated.so.
d9080	61 6e 20 65 72 72 6f 72 20 69 6e 20 74 68 65 20 72 61 77 20 70 61 72 61 6d 65 74 65 72 73 20 77	an.error.in.the.raw.parameters.w
d90a0	6f 6e 27 74 20 62 65 20 63 61 75 67 68 74 20 62 79 20 76 79 6f 73 27 73 20 73 63 72 69 70 74 73	on't.be.caught.by.vyos's.scripts
d90c0	20 61 6e 64 20 77 69 6c 6c 20 63 61 75 73 65 20 64 68 63 70 64 20 74 6f 20 66 61 69 6c 20 74 6f	.and.will.cause.dhcpd.to.fail.to
d90e0	20 73 74 61 72 74 2e 20 41 6c 77 61 79 73 20 76 65 72 69 66 79 20 74 68 61 74 20 74 68 65 20 70	.start..Always.verify.that.the.p
d9100	61 72 61 6d 65 74 65 72 73 20 61 72 65 20 63 6f 72 72 65 63 74 20 62 65 66 6f 72 65 20 63 6f 6d	arameters.are.correct.before.com
d9120	6d 69 74 74 69 6e 67 20 74 68 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2e 20 52 65 66 65 72	mitting.the.configuration..Refer
d9140	20 74 6f 20 69 73 63 2d 64 68 63 70 27 73 20 64 68 63 70 64 2e 63 6f 6e 66 20 6d 61 6e 75 61 6c	.to.isc-dhcp's.dhcpd.conf.manual
d9160	20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 3a 20 68 74 74 70 73 3a 2f 2f 6b	.for.more.information:.https://k
d9180	62 2e 69 73 63 2e 6f 72 67 2f 64 6f 63 73 2f 69 73 63 2d 64 68 63 70 2d 34 34 2d 6d 61 6e 75 61	b.isc.org/docs/isc-dhcp-44-manua
d91a0	6c 2d 70 61 67 65 73 2d 64 68 63 70 64 63 6f 6e 66 00 54 68 65 73 65 20 70 61 72 61 6d 65 74 65	l-pages-dhcpdconf.These.paramete
d91c0	72 73 20 6e 65 65 64 20 74 6f 20 62 65 20 70 61 72 74 20 6f 66 20 74 68 65 20 44 48 43 50 20 67	rs.need.to.be.part.of.the.DHCP.g
d91e0	6c 6f 62 61 6c 20 6f 70 74 69 6f 6e 73 2e 20 54 68 65 79 20 73 74 61 79 20 75 6e 63 68 61 6e 67	lobal.options..They.stay.unchang
d9200	65 64 2e 00 54 68 65 79 20 63 61 6e 20 62 65 20 2a 2a 64 65 63 69 6d 61 6c 2a 2a 20 70 72 65 66	ed..They.can.be.**decimal**.pref
d9220	69 78 65 73 2e 00 54 68 69 73 20 61 64 64 72 65 73 73 20 6d 75 73 74 20 62 65 20 74 68 65 20 61	ixes..This.address.must.be.the.a
d9240	64 64 72 65 73 73 20 6f 66 20 61 20 6c 6f 63 61 6c 20 69 6e 74 65 72 66 61 63 65 2e 20 49 74 20	ddress.of.a.local.interface..It.
d9260	6d 61 79 20 62 65 20 73 70 65 63 69 66 69 65 64 20 61 73 20 61 6e 20 49 50 76 34 20 61 64 64 72	may.be.specified.as.an.IPv4.addr
d9280	65 73 73 20 6f 72 20 61 6e 20 49 50 76 36 20 61 64 64 72 65 73 73 2e 00 54 68 69 73 20 61 6c 67	ess.or.an.IPv6.address..This.alg
d92a0	6f 72 69 74 68 6d 20 69 73 20 38 30 32 2e 33 61 64 20 63 6f 6d 70 6c 69 61 6e 74 2e 00 54 68 69	orithm.is.802.3ad.compliant..Thi
d92c0	73 20 61 6c 67 6f 72 69 74 68 6d 20 69 73 20 6e 6f 74 20 66 75 6c 6c 79 20 38 30 32 2e 33 61 64	s.algorithm.is.not.fully.802.3ad
d92e0	20 63 6f 6d 70 6c 69 61 6e 74 2e 20 41 20 73 69 6e 67 6c 65 20 54 43 50 20 6f 72 20 55 44 50 20	.compliant..A.single.TCP.or.UDP.
d9300	63 6f 6e 76 65 72 73 61 74 69 6f 6e 20 63 6f 6e 74 61 69 6e 69 6e 67 20 62 6f 74 68 20 66 72 61	conversation.containing.both.fra
d9320	67 6d 65 6e 74 65 64 20 61 6e 64 20 75 6e 66 72 61 67 6d 65 6e 74 65 64 20 70 61 63 6b 65 74 73	gmented.and.unfragmented.packets
d9340	20 77 69 6c 6c 20 73 65 65 20 70 61 63 6b 65 74 73 20 73 74 72 69 70 65 64 20 61 63 72 6f 73 73	.will.see.packets.striped.across
d9360	20 74 77 6f 20 69 6e 74 65 72 66 61 63 65 73 2e 20 54 68 69 73 20 6d 61 79 20 72 65 73 75 6c 74	.two.interfaces..This.may.result
d9380	20 69 6e 20 6f 75 74 20 6f 66 20 6f 72 64 65 72 20 64 65 6c 69 76 65 72 79 2e 20 4d 6f 73 74 20	.in.out.of.order.delivery..Most.
d93a0	74 72 61 66 66 69 63 20 74 79 70 65 73 20 77 69 6c 6c 20 6e 6f 74 20 6d 65 65 74 20 74 68 65 73	traffic.types.will.not.meet.thes
d93c0	65 20 63 72 69 74 65 72 69 61 2c 20 61 73 20 54 43 50 20 72 61 72 65 6c 79 20 66 72 61 67 6d 65	e.criteria,.as.TCP.rarely.fragme
d93e0	6e 74 73 20 74 72 61 66 66 69 63 2c 20 61 6e 64 20 6d 6f 73 74 20 55 44 50 20 74 72 61 66 66 69	nts.traffic,.and.most.UDP.traffi
d9400	63 20 69 73 20 6e 6f 74 20 69 6e 76 6f 6c 76 65 64 20 69 6e 20 65 78 74 65 6e 64 65 64 20 63 6f	c.is.not.involved.in.extended.co
d9420	6e 76 65 72 73 61 74 69 6f 6e 73 2e 20 4f 74 68 65 72 20 69 6d 70 6c 65 6d 65 6e 74 61 74 69 6f	nversations..Other.implementatio
d9440	6e 73 20 6f 66 20 38 30 32 2e 33 61 64 20 6d 61 79 20 6f 72 20 6d 61 79 20 6e 6f 74 20 74 6f 6c	ns.of.802.3ad.may.or.may.not.tol
d9460	65 72 61 74 65 20 74 68 69 73 20 6e 6f 6e 63 6f 6d 70 6c 69 61 6e 63 65 2e 00 54 68 69 73 20 61	erate.this.noncompliance..This.a
d9480	6c 67 6f 72 69 74 68 6d 20 77 69 6c 6c 20 70 6c 61 63 65 20 61 6c 6c 20 74 72 61 66 66 69 63 20	lgorithm.will.place.all.traffic.
d94a0	74 6f 20 61 20 70 61 72 74 69 63 75 6c 61 72 20 6e 65 74 77 6f 72 6b 20 70 65 65 72 20 6f 6e 20	to.a.particular.network.peer.on.
d94c0	74 68 65 20 73 61 6d 65 20 73 6c 61 76 65 2e 00 54 68 69 73 20 61 6c 67 6f 72 69 74 68 6d 20 77	the.same.slave..This.algorithm.w
d94e0	69 6c 6c 20 70 6c 61 63 65 20 61 6c 6c 20 74 72 61 66 66 69 63 20 74 6f 20 61 20 70 61 72 74 69	ill.place.all.traffic.to.a.parti
d9500	63 75 6c 61 72 20 6e 65 74 77 6f 72 6b 20 70 65 65 72 20 6f 6e 20 74 68 65 20 73 61 6d 65 20 73	cular.network.peer.on.the.same.s
d9520	6c 61 76 65 2e 20 46 6f 72 20 6e 6f 6e 2d 49 50 20 74 72 61 66 66 69 63 2c 20 74 68 65 20 66 6f	lave..For.non-IP.traffic,.the.fo
d9540	72 6d 75 6c 61 20 69 73 20 74 68 65 20 73 61 6d 65 20 61 73 20 66 6f 72 20 74 68 65 20 6c 61 79	rmula.is.the.same.as.for.the.lay
d9560	65 72 32 20 74 72 61 6e 73 6d 69 74 20 68 61 73 68 20 70 6f 6c 69 63 79 2e 00 54 68 69 73 20 61	er2.transmit.hash.policy..This.a
d9580	6c 6c 6f 77 73 20 61 76 6f 69 64 69 6e 67 20 74 68 65 20 74 69 6d 65 72 73 20 64 65 66 69 6e 65	llows.avoiding.the.timers.define
d95a0	64 20 69 6e 20 42 47 50 20 61 6e 64 20 4f 53 50 46 20 70 72 6f 74 6f 63 6f 6c 20 74 6f 20 65 78	d.in.BGP.and.OSPF.protocol.to.ex
d95c0	70 69 72 65 73 2e 00 54 68 69 73 20 61 6c 73 6f 20 77 6f 72 6b 73 20 66 6f 72 20 72 65 76 65 72	pires..This.also.works.for.rever
d95e0	73 65 2d 6c 6f 6f 6b 75 70 20 7a 6f 6e 65 73 20 28 60 60 31 38 2e 31 37 32 2e 69 6e 2d 61 64 64	se-lookup.zones.(``18.172.in-add
d9600	72 2e 61 72 70 61 60 60 29 2e 00 54 68 69 73 20 61 72 74 69 63 6c 65 20 74 6f 75 63 68 65 73 20	r.arpa``)..This.article.touches.
d9620	6f 6e 20 27 63 6c 61 73 73 69 63 27 20 49 50 20 74 75 6e 6e 65 6c 69 6e 67 20 70 72 6f 74 6f 63	on.'classic'.IP.tunneling.protoc
d9640	6f 6c 73 2e 00 54 68 69 73 20 62 6c 75 65 70 72 69 6e 74 20 75 73 65 73 20 56 79 4f 53 20 61 73	ols..This.blueprint.uses.VyOS.as
d9660	20 74 68 65 20 44 4d 56 50 4e 20 48 75 62 20 61 6e 64 20 43 69 73 63 6f 20 28 37 32 30 36 56 58	.the.DMVPN.Hub.and.Cisco.(7206VX
d9680	52 29 20 61 6e 64 20 56 79 4f 53 20 61 73 20 6d 75 6c 74 69 70 6c 65 20 73 70 6f 6b 65 20 73 69	R).and.VyOS.as.multiple.spoke.si
d96a0	74 65 73 2e 20 54 68 65 20 6c 61 62 20 77 61 73 20 62 75 69 6c 64 20 75 73 69 6e 67 20 3a 61 62	tes..The.lab.was.build.using.:ab
d96c0	62 72 3a 60 45 56 45 2d 4e 47 20 28 45 6d 75 6c 61 74 65 64 20 56 69 72 74 75 61 6c 20 45 6e 76	br:`EVE-NG.(Emulated.Virtual.Env
d96e0	69 72 6f 6e 6d 65 6e 74 20 4e 47 29 60 2e 00 54 68 69 73 20 63 61 6e 20 62 65 20 63 6f 6e 66 69	ironment.NG)`..This.can.be.confi
d9700	72 6d 65 64 20 75 73 69 6e 67 20 74 68 65 20 60 60 73 68 6f 77 20 69 70 20 72 6f 75 74 65 20 74	rmed.using.the.``show.ip.route.t
d9720	61 62 6c 65 20 31 30 30 60 60 20 6f 70 65 72 61 74 69 6f 6e 61 6c 20 63 6f 6d 6d 61 6e 64 2e 00	able.100``.operational.command..
d9740	54 68 69 73 20 63 61 6e 20 6f 6e 6c 79 20 62 65 20 64 6f 6e 65 20 69 66 20 61 6c 6c 20 79 6f 75	This.can.only.be.done.if.all.you
d9760	72 20 75 73 65 72 73 20 61 72 65 20 6c 6f 63 61 74 65 64 20 64 69 72 65 63 74 6c 79 20 75 6e 64	r.users.are.located.directly.und
d9780	65 72 20 74 68 65 20 73 61 6d 65 20 70 6f 73 69 74 69 6f 6e 20 69 6e 20 74 68 65 20 4c 44 41 50	er.the.same.position.in.the.LDAP
d97a0	20 74 72 65 65 20 61 6e 64 20 74 68 65 20 6c 6f 67 69 6e 20 6e 61 6d 65 20 69 73 20 75 73 65 64	.tree.and.the.login.name.is.used
d97c0	20 66 6f 72 20 6e 61 6d 69 6e 67 20 65 61 63 68 20 75 73 65 72 20 6f 62 6a 65 63 74 2e 20 49 66	.for.naming.each.user.object..If
d97e0	20 79 6f 75 72 20 4c 44 41 50 20 74 72 65 65 20 64 6f 65 73 20 6e 6f 74 20 6d 61 74 63 68 20 74	.your.LDAP.tree.does.not.match.t
d9800	68 65 73 65 20 63 72 69 74 65 72 69 61 73 20 6f 72 20 69 66 20 79 6f 75 20 77 61 6e 74 20 74 6f	hese.criterias.or.if.you.want.to
d9820	20 66 69 6c 74 65 72 20 77 68 6f 20 61 72 65 20 76 61 6c 69 64 20 75 73 65 72 73 20 74 68 65 6e	.filter.who.are.valid.users.then
d9840	20 79 6f 75 20 6e 65 65 64 20 74 6f 20 75 73 65 20 61 20 73 65 61 72 63 68 20 66 69 6c 74 65 72	.you.need.to.use.a.search.filter
d9860	20 74 6f 20 73 65 61 72 63 68 20 66 6f 72 20 79 6f 75 72 20 75 73 65 72 73 20 44 4e 20 28 60 66	.to.search.for.your.users.DN.(`f
d9880	69 6c 74 65 72 2d 65 78 70 72 65 73 73 69 6f 6e 60 29 2e 00 54 68 69 73 20 63 68 61 70 65 74 65	ilter-expression`)..This.chapete
d98a0	72 20 64 65 73 63 72 69 62 65 73 20 68 6f 77 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 6b 65 72	r.describes.how.to.configure.ker
d98c0	6e 65 6c 20 70 61 72 61 6d 65 74 65 72 73 20 61 74 20 72 75 6e 74 69 6d 65 2e 00 54 68 69 73 20	nel.parameters.at.runtime..This.
d98e0	63 68 61 70 74 65 72 20 64 65 73 63 72 69 62 65 20 74 68 65 20 70 6f 73 73 69 62 69 6c 69 74 69	chapter.describe.the.possibiliti
d9900	65 73 20 6f 66 20 61 64 76 61 6e 63 65 64 20 73 79 73 74 65 6d 20 62 65 68 61 76 69 6f 72 2e 00	es.of.advanced.system.behavior..
d9920	54 68 69 73 20 63 6f 6d 6d 61 64 20 73 65 74 73 20 6e 65 74 77 6f 72 6b 20 65 6e 74 69 74 79 20	This.commad.sets.network.entity.
d9940	74 69 74 6c 65 20 28 4e 45 54 29 20 70 72 6f 76 69 64 65 64 20 69 6e 20 49 53 4f 20 66 6f 72 6d	title.(NET).provided.in.ISO.form
d9960	61 74 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 61 63 63 65 70 74 20 69 6e 63 6f 6d 69 6e 67	at..This.command.accept.incoming
d9980	20 72 6f 75 74 65 73 20 77 69 74 68 20 41 53 20 70 61 74 68 20 63 6f 6e 74 61 69 6e 69 6e 67 20	.routes.with.AS.path.containing.
d99a0	41 53 20 6e 75 6d 62 65 72 20 77 69 74 68 20 74 68 65 20 73 61 6d 65 20 76 61 6c 75 65 20 61 73	AS.number.with.the.same.value.as
d99c0	20 74 68 65 20 63 75 72 72 65 6e 74 20 73 79 73 74 65 6d 20 41 53 2e 20 54 68 69 73 20 69 73 20	.the.current.system.AS..This.is.
d99e0	75 73 65 64 20 77 68 65 6e 20 79 6f 75 20 77 61 6e 74 20 74 6f 20 75 73 65 20 74 68 65 20 73 61	used.when.you.want.to.use.the.sa
d9a00	6d 65 20 41 53 20 6e 75 6d 62 65 72 20 69 6e 20 79 6f 75 72 20 73 69 74 65 73 2c 20 62 75 74 20	me.AS.number.in.your.sites,.but.
d9a20	79 6f 75 20 63 61 6e e2 80 99 74 20 63 6f 6e 6e 65 63 74 20 74 68 65 6d 20 64 69 72 65 63 74 6c	you.can...t.connect.them.directl
d9a40	79 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 61 6c 6c 6f 77 20 6f 76 65 72 72 69 64 65 20 74	y..This.command.allow.override.t
d9a60	68 65 20 72 65 73 75 6c 74 20 6f 66 20 43 61 70 61 62 69 6c 69 74 79 20 4e 65 67 6f 74 69 61 74	he.result.of.Capability.Negotiat
d9a80	69 6f 6e 20 77 69 74 68 20 6c 6f 63 61 6c 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2e 20 49 67	ion.with.local.configuration..Ig
d9aa0	6e 6f 72 65 20 72 65 6d 6f 74 65 20 70 65 65 72 e2 80 99 73 20 63 61 70 61 62 69 6c 69 74 79 20	nore.remote.peer...s.capability.
d9ac0	76 61 6c 75 65 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 61 6c 6c 6f 77 73 20 70 65 65 72 69	value..This.command.allows.peeri
d9ae0	6e 67 73 20 62 65 74 77 65 65 6e 20 64 69 72 65 63 74 6c 79 20 63 6f 6e 6e 65 63 74 65 64 20 65	ngs.between.directly.connected.e
d9b00	42 47 50 20 70 65 65 72 73 20 75 73 69 6e 67 20 6c 6f 6f 70 62 61 63 6b 20 61 64 64 72 65 73 73	BGP.peers.using.loopback.address
d9b20	65 73 20 77 69 74 68 6f 75 74 20 61 64 6a 75 73 74 69 6e 67 20 74 68 65 20 64 65 66 61 75 6c 74	es.without.adjusting.the.default
d9b40	20 54 54 4c 20 6f 66 20 31 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 61 6c 6c 6f 77 73 20 73	.TTL.of.1..This.command.allows.s
d9b60	65 73 73 69 6f 6e 73 20 74 6f 20 62 65 20 65 73 74 61 62 6c 69 73 68 65 64 20 77 69 74 68 20 65	essions.to.be.established.with.e
d9b80	42 47 50 20 6e 65 69 67 68 62 6f 72 73 20 77 68 65 6e 20 74 68 65 79 20 61 72 65 20 6d 75 6c 74	BGP.neighbors.when.they.are.mult
d9ba0	69 70 6c 65 20 68 6f 70 73 20 61 77 61 79 2e 20 57 68 65 6e 20 74 68 65 20 6e 65 69 67 68 62 6f	iple.hops.away..When.the.neighbo
d9bc0	72 20 69 73 20 6e 6f 74 20 64 69 72 65 63 74 6c 79 20 63 6f 6e 6e 65 63 74 65 64 20 61 6e 64 20	r.is.not.directly.connected.and.
d9be0	74 68 69 73 20 6b 6e 6f 62 20 69 73 20 6e 6f 74 20 65 6e 61 62 6c 65 64 2c 20 74 68 65 20 73 65	this.knob.is.not.enabled,.the.se
d9c00	73 73 69 6f 6e 20 77 69 6c 6c 20 6e 6f 74 20 65 73 74 61 62 6c 69 73 68 2e 20 54 68 65 20 6e 75	ssion.will.not.establish..The.nu
d9c20	6d 62 65 72 20 6f 66 20 68 6f 70 73 20 72 61 6e 67 65 20 69 73 20 31 20 74 6f 20 32 35 35 2e 20	mber.of.hops.range.is.1.to.255..
d9c40	54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 69 73 20 6d 75 74 75 61 6c 6c 79 20 65 78 63 6c 75 73 69	This.command.is.mutually.exclusi
d9c60	76 65 20 77 69 74 68 20 3a 63 66 67 63 6d 64 3a 60 74 74 6c 2d 73 65 63 75 72 69 74 79 20 68 6f	ve.with.:cfgcmd:`ttl-security.ho
d9c80	70 73 60 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 61 6c 6c 6f 77 73 20 74 68 65 20 72 6f 75	ps`..This.command.allows.the.rou
d9ca0	74 65 72 20 74 6f 20 70 72 65 66 65 72 20 72 6f 75 74 65 20 74 6f 20 73 70 65 63 69 66 69 65 64	ter.to.prefer.route.to.specified
d9cc0	20 70 72 65 66 69 78 20 6c 65 61 72 6e 65 64 20 76 69 61 20 49 47 50 20 74 68 72 6f 75 67 68 20	.prefix.learned.via.IGP.through.
d9ce0	62 61 63 6b 64 6f 6f 72 20 6c 69 6e 6b 20 69 6e 73 74 65 61 64 20 6f 66 20 61 20 72 6f 75 74 65	backdoor.link.instead.of.a.route
d9d00	20 74 6f 20 74 68 65 20 73 61 6d 65 20 70 72 65 66 69 78 20 6c 65 61 72 6e 65 64 20 76 69 61 20	.to.the.same.prefix.learned.via.
d9d20	45 42 47 50 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 61 6c 6c 6f 77 73 20 74 6f 20 6c 6f 67	EBGP..This.command.allows.to.log
d9d40	20 63 68 61 6e 67 65 73 20 69 6e 20 61 64 6a 61 63 65 6e 63 79 2e 20 57 69 74 68 20 74 68 65 20	.changes.in.adjacency..With.the.
d9d60	6f 70 74 69 6f 6e 61 6c 20 3a 63 66 67 63 6d 64 3a 60 64 65 74 61 69 6c 60 20 61 72 67 75 6d 65	optional.:cfgcmd:`detail`.argume
d9d80	6e 74 2c 20 61 6c 6c 20 63 68 61 6e 67 65 73 20 69 6e 20 61 64 6a 61 63 65 6e 63 79 20 73 74 61	nt,.all.changes.in.adjacency.sta
d9da0	74 75 73 20 61 72 65 20 73 68 6f 77 6e 2e 20 57 69 74 68 6f 75 74 20 3a 63 66 67 63 6d 64 3a 60	tus.are.shown..Without.:cfgcmd:`
d9dc0	64 65 74 61 69 6c 60 2c 20 6f 6e 6c 79 20 63 68 61 6e 67 65 73 20 74 6f 20 66 75 6c 6c 20 6f 72	detail`,.only.changes.to.full.or
d9de0	20 72 65 67 72 65 73 73 69 6f 6e 73 20 61 72 65 20 73 68 6f 77 6e 2e 00 54 68 69 73 20 63 6f 6d	.regressions.are.shown..This.com
d9e00	6d 61 6e 64 20 61 6c 6c 6f 77 73 20 74 6f 20 73 70 65 63 69 66 79 20 74 68 65 20 64 69 73 74 72	mand.allows.to.specify.the.distr
d9e20	69 62 75 74 69 6f 6e 20 74 79 70 65 20 66 6f 72 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 63 6f 6e	ibution.type.for.the.network.con
d9e40	6e 65 63 74 65 64 20 74 6f 20 74 68 69 73 20 69 6e 74 65 72 66 61 63 65 3a 00 54 68 69 73 20 63	nected.to.this.interface:.This.c
d9e60	6f 6d 6d 61 6e 64 20 61 6c 6c 6f 77 73 20 74 6f 20 75 73 65 20 72 6f 75 74 65 20 6d 61 70 20 74	ommand.allows.to.use.route.map.t
d9e80	6f 20 66 69 6c 74 65 72 20 72 65 64 69 73 74 72 69 62 75 74 65 64 20 72 6f 75 74 65 73 20 66 72	o.filter.redistributed.routes.fr
d9ea0	6f 6d 20 67 69 76 65 6e 20 72 6f 75 74 65 20 73 6f 75 72 63 65 2e 20 54 68 65 72 65 20 61 72 65	om.given.route.source..There.are
d9ec0	20 66 69 76 65 20 6d 6f 64 65 73 20 61 76 61 69 6c 61 62 6c 65 20 66 6f 72 20 72 6f 75 74 65 20	.five.modes.available.for.route.
d9ee0	73 6f 75 72 63 65 3a 20 62 67 70 2c 20 63 6f 6e 6e 65 63 74 65 64 2c 20 6b 65 72 6e 65 6c 2c 20	source:.bgp,.connected,.kernel,.
d9f00	72 69 70 6e 67 2c 20 73 74 61 74 69 63 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 61 6c 6c 6f	ripng,.static..This.command.allo
d9f20	77 73 20 74 6f 20 75 73 65 20 72 6f 75 74 65 20 6d 61 70 20 74 6f 20 66 69 6c 74 65 72 20 72 65	ws.to.use.route.map.to.filter.re
d9f40	64 69 73 74 72 69 62 75 74 65 64 20 72 6f 75 74 65 73 20 66 72 6f 6d 20 74 68 65 20 67 69 76 65	distributed.routes.from.the.give
d9f60	6e 20 72 6f 75 74 65 20 73 6f 75 72 63 65 2e 20 54 68 65 72 65 20 61 72 65 20 66 69 76 65 20 6d	n.route.source..There.are.five.m
d9f80	6f 64 65 73 20 61 76 61 69 6c 61 62 6c 65 20 66 6f 72 20 72 6f 75 74 65 20 73 6f 75 72 63 65 3a	odes.available.for.route.source:
d9fa0	20 62 67 70 2c 20 63 6f 6e 6e 65 63 74 65 64 2c 20 6b 65 72 6e 65 6c 2c 20 6f 73 70 66 2c 20 73	.bgp,.connected,.kernel,.ospf,.s
d9fc0	74 61 74 69 63 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 61 6c 6c 6f 77 73 20 74 6f 20 75 73	tatic..This.command.allows.to.us
d9fe0	65 20 72 6f 75 74 65 20 6d 61 70 20 74 6f 20 66 69 6c 74 65 72 20 72 65 64 69 73 74 72 69 62 75	e.route.map.to.filter.redistribu
da000	74 65 64 20 72 6f 75 74 65 73 20 66 72 6f 6d 20 74 68 65 20 67 69 76 65 6e 20 72 6f 75 74 65 20	ted.routes.from.the.given.route.
da020	73 6f 75 72 63 65 2e 20 54 68 65 72 65 20 61 72 65 20 66 69 76 65 20 6d 6f 64 65 73 20 61 76 61	source..There.are.five.modes.ava
da040	69 6c 61 62 6c 65 20 66 6f 72 20 72 6f 75 74 65 20 73 6f 75 72 63 65 3a 20 62 67 70 2c 20 63 6f	ilable.for.route.source:.bgp,.co
da060	6e 6e 65 63 74 65 64 2c 20 6b 65 72 6e 65 6c 2c 20 72 69 70 2c 20 73 74 61 74 69 63 2e 00 54 68	nnected,.kernel,.rip,.static..Th
da080	69 73 20 63 6f 6d 6d 61 6e 64 20 61 6c 6c 6f 77 73 20 74 6f 20 75 73 65 20 72 6f 75 74 65 20 6d	is.command.allows.to.use.route.m
da0a0	61 70 20 74 6f 20 66 69 6c 74 65 72 20 72 65 64 69 73 74 72 69 62 75 74 65 64 20 72 6f 75 74 65	ap.to.filter.redistributed.route
da0c0	73 20 66 72 6f 6d 20 74 68 65 20 67 69 76 65 6e 20 72 6f 75 74 65 20 73 6f 75 72 63 65 2e 20 54	s.from.the.given.route.source..T
da0e0	68 65 72 65 20 61 72 65 20 73 69 78 20 6d 6f 64 65 73 20 61 76 61 69 6c 61 62 6c 65 20 66 6f 72	here.are.six.modes.available.for
da100	20 72 6f 75 74 65 20 73 6f 75 72 63 65 3a 20 62 67 70 2c 20 63 6f 6e 6e 65 63 74 65 64 2c 20 6b	.route.source:.bgp,.connected,.k
da120	65 72 6e 65 6c 2c 20 6f 73 70 66 2c 20 72 69 70 2c 20 73 74 61 74 69 63 2e 00 54 68 69 73 20 63	ernel,.ospf,.rip,.static..This.c
da140	6f 6d 6d 61 6e 64 20 61 6c 6c 6f 77 73 20 74 6f 20 75 73 65 20 72 6f 75 74 65 20 6d 61 70 20 74	ommand.allows.to.use.route.map.t
da160	6f 20 66 69 6c 74 65 72 20 72 65 64 69 73 74 72 69 62 75 74 65 64 20 72 6f 75 74 65 73 2e 20 54	o.filter.redistributed.routes..T
da180	68 65 72 65 20 61 72 65 20 73 69 78 20 6d 6f 64 65 73 20 61 76 61 69 6c 61 62 6c 65 20 66 6f 72	here.are.six.modes.available.for
da1a0	20 72 6f 75 74 65 20 73 6f 75 72 63 65 3a 20 63 6f 6e 6e 65 63 74 65 64 2c 20 6b 65 72 6e 65 6c	.route.source:.connected,.kernel
da1c0	2c 20 6f 73 70 66 2c 20 72 69 70 2c 20 73 74 61 74 69 63 2c 20 74 61 62 6c 65 2e 00 54 68 69 73	,.ospf,.rip,.static,.table..This
da1e0	20 63 6f 6d 6d 61 6e 64 20 61 6c 6c 6f 77 73 20 79 6f 75 20 61 70 70 6c 79 20 61 63 63 65 73 73	.command.allows.you.apply.access
da200	20 6c 69 73 74 73 20 74 6f 20 61 20 63 68 6f 73 65 6e 20 69 6e 74 65 72 66 61 63 65 20 74 6f 20	.lists.to.a.chosen.interface.to.
da220	66 69 6c 74 65 72 20 74 68 65 20 42 61 62 65 6c 20 72 6f 75 74 65 73 2e 00 54 68 69 73 20 63 6f	filter.the.Babel.routes..This.co
da240	6d 6d 61 6e 64 20 61 6c 6c 6f 77 73 20 79 6f 75 20 61 70 70 6c 79 20 61 63 63 65 73 73 20 6c 69	mmand.allows.you.apply.access.li
da260	73 74 73 20 74 6f 20 61 20 63 68 6f 73 65 6e 20 69 6e 74 65 72 66 61 63 65 20 74 6f 20 66 69 6c	sts.to.a.chosen.interface.to.fil
da280	74 65 72 20 74 68 65 20 52 49 50 20 70 61 74 68 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 61	ter.the.RIP.path..This.command.a
da2a0	6c 6c 6f 77 73 20 79 6f 75 20 61 70 70 6c 79 20 70 72 65 66 69 78 20 6c 69 73 74 73 20 74 6f 20	llows.you.apply.prefix.lists.to.
da2c0	61 20 63 68 6f 73 65 6e 20 69 6e 74 65 72 66 61 63 65 20 74 6f 20 66 69 6c 74 65 72 20 74 68 65	a.chosen.interface.to.filter.the
da2e0	20 42 61 62 65 6c 20 72 6f 75 74 65 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 61 6c 6c 6f	.Babel.routes..This.command.allo
da300	77 73 20 79 6f 75 20 61 70 70 6c 79 20 70 72 65 66 69 78 20 6c 69 73 74 73 20 74 6f 20 61 20 63	ws.you.apply.prefix.lists.to.a.c
da320	68 6f 73 65 6e 20 69 6e 74 65 72 66 61 63 65 20 74 6f 20 66 69 6c 74 65 72 20 74 68 65 20 52 49	hosen.interface.to.filter.the.RI
da340	50 20 70 61 74 68 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 61 6c 6c 6f 77 73 20 79 6f 75 20	P.path..This.command.allows.you.
da360	74 6f 20 73 65 6c 65 63 74 20 61 20 73 70 65 63 69 66 69 63 20 61 63 63 65 73 73 20 63 6f 6e 63	to.select.a.specific.access.conc
da380	65 6e 74 72 61 74 6f 72 20 77 68 65 6e 20 79 6f 75 20 6b 6e 6f 77 20 74 68 65 20 61 63 63 65 73	entrator.when.you.know.the.acces
da3a0	73 20 63 6f 6e 63 65 6e 74 72 61 74 6f 72 73 20 60 3c 6e 61 6d 65 3e 60 2e 00 54 68 69 73 20 63	s.concentrators.`<name>`..This.c
da3c0	6f 6d 6d 61 6e 64 20 61 70 70 6c 69 65 73 20 72 6f 75 74 65 2d 6d 61 70 20 74 6f 20 73 65 6c 65	ommand.applies.route-map.to.sele
da3e0	63 74 69 76 65 6c 79 20 75 6e 73 75 70 70 72 65 73 73 20 70 72 65 66 69 78 65 73 20 73 75 70 70	ctively.unsuppress.prefixes.supp
da400	72 65 73 73 65 64 20 62 79 20 73 75 6d 6d 61 72 69 73 61 74 69 6f 6e 2e 00 54 68 69 73 20 63 6f	ressed.by.summarisation..This.co
da420	6d 6d 61 6e 64 20 61 70 70 6c 69 65 73 20 74 68 65 20 41 53 20 70 61 74 68 20 61 63 63 65 73 73	mmand.applies.the.AS.path.access
da440	20 6c 69 73 74 20 66 69 6c 74 65 72 73 20 6e 61 6d 65 64 20 69 6e 20 3c 6e 61 6d 65 3e 20 74 6f	.list.filters.named.in.<name>.to
da460	20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 42 47 50 20 6e 65 69 67 68 62 6f 72 20 74 6f 20 72	.the.specified.BGP.neighbor.to.r
da480	65 73 74 72 69 63 74 20 74 68 65 20 72 6f 75 74 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20	estrict.the.routing.information.
da4a0	74 68 61 74 20 42 47 50 20 6c 65 61 72 6e 73 20 61 6e 64 2f 6f 72 20 61 64 76 65 72 74 69 73 65	that.BGP.learns.and/or.advertise
da4c0	73 2e 20 54 68 65 20 61 72 67 75 6d 65 6e 74 73 20 3a 63 66 67 63 6d 64 3a 60 65 78 70 6f 72 74	s..The.arguments.:cfgcmd:`export
da4e0	60 20 61 6e 64 20 3a 63 66 67 63 6d 64 3a 60 69 6d 70 6f 72 74 60 20 73 70 65 63 69 66 79 20 74	`.and.:cfgcmd:`import`.specify.t
da500	68 65 20 64 69 72 65 63 74 69 6f 6e 20 69 6e 20 77 68 69 63 68 20 74 68 65 20 41 53 20 70 61 74	he.direction.in.which.the.AS.pat
da520	68 20 61 63 63 65 73 73 20 6c 69 73 74 20 61 72 65 20 61 70 70 6c 69 65 64 2e 00 54 68 69 73 20	h.access.list.are.applied..This.
da540	63 6f 6d 6d 61 6e 64 20 61 70 70 6c 69 65 73 20 74 68 65 20 61 63 63 65 73 73 20 6c 69 73 74 20	command.applies.the.access.list.
da560	66 69 6c 74 65 72 73 20 6e 61 6d 65 64 20 69 6e 20 3c 6e 75 6d 62 65 72 3e 20 74 6f 20 74 68 65	filters.named.in.<number>.to.the
da580	20 73 70 65 63 69 66 69 65 64 20 42 47 50 20 6e 65 69 67 68 62 6f 72 20 74 6f 20 72 65 73 74 72	.specified.BGP.neighbor.to.restr
da5a0	69 63 74 20 74 68 65 20 72 6f 75 74 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74 68 61 74	ict.the.routing.information.that
da5c0	20 42 47 50 20 6c 65 61 72 6e 73 20 61 6e 64 2f 6f 72 20 61 64 76 65 72 74 69 73 65 73 2e 20 54	.BGP.learns.and/or.advertises..T
da5e0	68 65 20 61 72 67 75 6d 65 6e 74 73 20 3a 63 66 67 63 6d 64 3a 60 65 78 70 6f 72 74 60 20 61 6e	he.arguments.:cfgcmd:`export`.an
da600	64 20 3a 63 66 67 63 6d 64 3a 60 69 6d 70 6f 72 74 60 20 73 70 65 63 69 66 79 20 74 68 65 20 64	d.:cfgcmd:`import`.specify.the.d
da620	69 72 65 63 74 69 6f 6e 20 69 6e 20 77 68 69 63 68 20 74 68 65 20 61 63 63 65 73 73 20 6c 69 73	irection.in.which.the.access.lis
da640	74 20 61 72 65 20 61 70 70 6c 69 65 64 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 61 70 70 6c	t.are.applied..This.command.appl
da660	69 65 73 20 74 68 65 20 70 72 66 65 66 69 78 20 6c 69 73 74 20 66 69 6c 74 65 72 73 20 6e 61 6d	ies.the.prfefix.list.filters.nam
da680	65 64 20 69 6e 20 3c 6e 61 6d 65 3e 20 74 6f 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 42 47	ed.in.<name>.to.the.specified.BG
da6a0	50 20 6e 65 69 67 68 62 6f 72 20 74 6f 20 72 65 73 74 72 69 63 74 20 74 68 65 20 72 6f 75 74 69	P.neighbor.to.restrict.the.routi
da6c0	6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74 68 61 74 20 42 47 50 20 6c 65 61 72 6e 73 20 61	ng.information.that.BGP.learns.a
da6e0	6e 64 2f 6f 72 20 61 64 76 65 72 74 69 73 65 73 2e 20 54 68 65 20 61 72 67 75 6d 65 6e 74 73 20	nd/or.advertises..The.arguments.
da700	3a 63 66 67 63 6d 64 3a 60 65 78 70 6f 72 74 60 20 61 6e 64 20 3a 63 66 67 63 6d 64 3a 60 69 6d	:cfgcmd:`export`.and.:cfgcmd:`im
da720	70 6f 72 74 60 20 73 70 65 63 69 66 79 20 74 68 65 20 64 69 72 65 63 74 69 6f 6e 20 69 6e 20 77	port`.specify.the.direction.in.w
da740	68 69 63 68 20 74 68 65 20 70 72 65 66 69 78 20 6c 69 73 74 20 61 72 65 20 61 70 70 6c 69 65 64	hich.the.prefix.list.are.applied
da760	2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 61 70 70 6c 69 65 73 20 74 68 65 20 72 6f 75 74 65	..This.command.applies.the.route
da780	20 6d 61 70 20 6e 61 6d 65 64 20 69 6e 20 3c 6e 61 6d 65 3e 20 74 6f 20 74 68 65 20 73 70 65 63	.map.named.in.<name>.to.the.spec
da7a0	69 66 69 65 64 20 42 47 50 20 6e 65 69 67 68 62 6f 72 20 74 6f 20 63 6f 6e 74 72 6f 6c 20 61 6e	ified.BGP.neighbor.to.control.an
da7c0	64 20 6d 6f 64 69 66 79 20 72 6f 75 74 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74 68 61	d.modify.routing.information.tha
da7e0	74 20 69 73 20 65 78 63 68 61 6e 67 65 64 20 62 65 74 77 65 65 6e 20 70 65 65 72 73 2e 20 54 68	t.is.exchanged.between.peers..Th
da800	65 20 61 72 67 75 6d 65 6e 74 73 20 3a 63 66 67 63 6d 64 3a 60 65 78 70 6f 72 74 60 20 61 6e 64	e.arguments.:cfgcmd:`export`.and
da820	20 3a 63 66 67 63 6d 64 3a 60 69 6d 70 6f 72 74 60 20 73 70 65 63 69 66 79 20 74 68 65 20 64 69	.:cfgcmd:`import`.specify.the.di
da840	72 65 63 74 69 6f 6e 20 69 6e 20 77 68 69 63 68 20 74 68 65 20 72 6f 75 74 65 20 6d 61 70 20 61	rection.in.which.the.route.map.a
da860	72 65 20 61 70 70 6c 69 65 64 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 62 69 6e 64 20 73 70	re.applied..This.command.bind.sp
da880	65 63 69 66 69 63 20 70 65 65 72 20 74 6f 20 70 65 65 72 20 67 72 6f 75 70 20 77 69 74 68 20 61	ecific.peer.to.peer.group.with.a
da8a0	20 67 69 76 65 6e 20 6e 61 6d 65 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 63 61 6e 20 62 65	.given.name..This.command.can.be
da8c0	20 75 73 65 64 20 74 6f 20 66 69 6c 74 65 72 20 74 68 65 20 42 61 62 65 6c 20 72 6f 75 74 65 73	.used.to.filter.the.Babel.routes
da8e0	20 75 73 69 6e 67 20 61 63 63 65 73 73 20 6c 69 73 74 73 2e 20 3a 63 66 67 63 6d 64 3a 60 69 6e	.using.access.lists..:cfgcmd:`in
da900	60 20 61 6e 64 20 3a 63 66 67 63 6d 64 3a 60 6f 75 74 60 20 74 68 69 73 20 69 73 20 74 68 65 20	`.and.:cfgcmd:`out`.this.is.the.
da920	64 69 72 65 63 74 69 6f 6e 20 69 6e 20 77 68 69 63 68 20 74 68 65 20 61 63 63 65 73 73 20 6c 69	direction.in.which.the.access.li
da940	73 74 73 20 61 72 65 20 61 70 70 6c 69 65 64 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 63 61	sts.are.applied..This.command.ca
da960	6e 20 62 65 20 75 73 65 64 20 74 6f 20 66 69 6c 74 65 72 20 74 68 65 20 42 61 62 65 6c 20 72 6f	n.be.used.to.filter.the.Babel.ro
da980	75 74 65 73 20 75 73 69 6e 67 20 70 72 65 66 69 78 20 6c 69 73 74 73 2e 20 3a 63 66 67 63 6d 64	utes.using.prefix.lists..:cfgcmd
da9a0	3a 60 69 6e 60 20 61 6e 64 20 3a 63 66 67 63 6d 64 3a 60 6f 75 74 60 20 74 68 69 73 20 69 73 20	:`in`.and.:cfgcmd:`out`.this.is.
da9c0	74 68 65 20 64 69 72 65 63 74 69 6f 6e 20 69 6e 20 77 68 69 63 68 20 74 68 65 20 70 72 65 66 69	the.direction.in.which.the.prefi
da9e0	78 20 6c 69 73 74 73 20 61 72 65 20 61 70 70 6c 69 65 64 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e	x.lists.are.applied..This.comman
daa00	64 20 63 61 6e 20 62 65 20 75 73 65 64 20 74 6f 20 66 69 6c 74 65 72 20 74 68 65 20 52 49 50 20	d.can.be.used.to.filter.the.RIP.
daa20	70 61 74 68 20 75 73 69 6e 67 20 61 63 63 65 73 73 20 6c 69 73 74 73 2e 20 3a 63 66 67 63 6d 64	path.using.access.lists..:cfgcmd
daa40	3a 60 69 6e 60 20 61 6e 64 20 3a 63 66 67 63 6d 64 3a 60 6f 75 74 60 20 74 68 69 73 20 69 73 20	:`in`.and.:cfgcmd:`out`.this.is.
daa60	74 68 65 20 64 69 72 65 63 74 69 6f 6e 20 69 6e 20 77 68 69 63 68 20 74 68 65 20 61 63 63 65 73	the.direction.in.which.the.acces
daa80	73 20 6c 69 73 74 73 20 61 72 65 20 61 70 70 6c 69 65 64 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e	s.lists.are.applied..This.comman
daaa0	64 20 63 61 6e 20 62 65 20 75 73 65 64 20 74 6f 20 66 69 6c 74 65 72 20 74 68 65 20 52 49 50 20	d.can.be.used.to.filter.the.RIP.
daac0	70 61 74 68 20 75 73 69 6e 67 20 70 72 65 66 69 78 20 6c 69 73 74 73 2e 20 3a 63 66 67 63 6d 64	path.using.prefix.lists..:cfgcmd
daae0	3a 60 69 6e 60 20 61 6e 64 20 3a 63 66 67 63 6d 64 3a 60 6f 75 74 60 20 74 68 69 73 20 69 73 20	:`in`.and.:cfgcmd:`out`.this.is.
dab00	74 68 65 20 64 69 72 65 63 74 69 6f 6e 20 69 6e 20 77 68 69 63 68 20 74 68 65 20 70 72 65 66 69	the.direction.in.which.the.prefi
dab20	78 20 6c 69 73 74 73 20 61 72 65 20 61 70 70 6c 69 65 64 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e	x.lists.are.applied..This.comman
dab40	64 20 63 61 6e 20 62 65 20 75 73 65 64 20 77 69 74 68 20 70 72 65 76 69 6f 75 73 20 63 6f 6d 6d	d.can.be.used.with.previous.comm
dab60	61 6e 64 20 74 6f 20 73 65 74 73 20 64 65 66 61 75 6c 74 20 52 49 50 20 64 69 73 74 61 6e 63 65	and.to.sets.default.RIP.distance
dab80	20 74 6f 20 73 70 65 63 69 66 69 65 64 20 76 61 6c 75 65 20 77 68 65 6e 20 74 68 65 20 72 6f 75	.to.specified.value.when.the.rou
daba0	74 65 20 73 6f 75 72 63 65 20 49 50 20 61 64 64 72 65 73 73 20 6d 61 74 63 68 65 73 20 74 68 65	te.source.IP.address.matches.the
dabc0	20 73 70 65 63 69 66 69 65 64 20 70 72 65 66 69 78 20 61 6e 64 20 74 68 65 20 73 70 65 63 69 66	.specified.prefix.and.the.specif
dabe0	69 65 64 20 61 63 63 65 73 73 2d 6c 69 73 74 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 63 68	ied.access-list..This.command.ch
dac00	61 6e 67 65 20 64 69 73 74 61 6e 63 65 20 76 61 6c 75 65 20 6f 66 20 42 47 50 2e 20 54 68 65 20	ange.distance.value.of.BGP..The.
dac20	61 72 67 75 6d 65 6e 74 73 20 61 72 65 20 74 68 65 20 64 69 73 74 61 6e 63 65 20 76 61 6c 75 65	arguments.are.the.distance.value
dac40	73 20 66 6f 72 20 65 78 74 65 72 6e 61 6c 20 72 6f 75 74 65 73 2c 20 69 6e 74 65 72 6e 61 6c 20	s.for.external.routes,.internal.
dac60	72 6f 75 74 65 73 20 61 6e 64 20 6c 6f 63 61 6c 20 72 6f 75 74 65 73 20 72 65 73 70 65 63 74 69	routes.and.local.routes.respecti
dac80	76 65 6c 79 2e 20 54 68 65 20 64 69 73 74 61 6e 63 65 20 72 61 6e 67 65 20 69 73 20 31 20 74 6f	vely..The.distance.range.is.1.to
daca0	20 32 35 35 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 63 68 61 6e 67 65 20 64 69 73 74 61 6e	.255..This.command.change.distan
dacc0	63 65 20 76 61 6c 75 65 20 6f 66 20 4f 53 50 46 20 67 6c 6f 62 61 6c 6c 79 2e 20 54 68 65 20 64	ce.value.of.OSPF.globally..The.d
dace0	69 73 74 61 6e 63 65 20 72 61 6e 67 65 20 69 73 20 31 20 74 6f 20 32 35 35 2e 00 54 68 69 73 20	istance.range.is.1.to.255..This.
dad00	63 6f 6d 6d 61 6e 64 20 63 68 61 6e 67 65 20 64 69 73 74 61 6e 63 65 20 76 61 6c 75 65 20 6f 66	command.change.distance.value.of
dad20	20 4f 53 50 46 2e 20 54 68 65 20 61 72 67 75 6d 65 6e 74 73 20 61 72 65 20 74 68 65 20 64 69 73	.OSPF..The.arguments.are.the.dis
dad40	74 61 6e 63 65 20 76 61 6c 75 65 73 20 66 6f 72 20 65 78 74 65 72 6e 61 6c 20 72 6f 75 74 65 73	tance.values.for.external.routes
dad60	2c 20 69 6e 74 65 72 2d 61 72 65 61 20 72 6f 75 74 65 73 20 61 6e 64 20 69 6e 74 72 61 2d 61 72	,.inter-area.routes.and.intra-ar
dad80	65 61 20 72 6f 75 74 65 73 20 72 65 73 70 65 63 74 69 76 65 6c 79 2e 20 54 68 65 20 64 69 73 74	ea.routes.respectively..The.dist
dada0	61 6e 63 65 20 72 61 6e 67 65 20 69 73 20 31 20 74 6f 20 32 35 35 2e 00 54 68 69 73 20 63 6f 6d	ance.range.is.1.to.255..This.com
dadc0	6d 61 6e 64 20 63 68 61 6e 67 65 20 64 69 73 74 61 6e 63 65 20 76 61 6c 75 65 20 6f 66 20 4f 53	mand.change.distance.value.of.OS
dade0	50 46 76 33 20 67 6c 6f 62 61 6c 6c 79 2e 20 54 68 65 20 64 69 73 74 61 6e 63 65 20 72 61 6e 67	PFv3.globally..The.distance.rang
dae00	65 20 69 73 20 31 20 74 6f 20 32 35 35 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 63 68 61 6e	e.is.1.to.255..This.command.chan
dae20	67 65 20 64 69 73 74 61 6e 63 65 20 76 61 6c 75 65 20 6f 66 20 4f 53 50 46 76 33 2e 20 54 68 65	ge.distance.value.of.OSPFv3..The
dae40	20 61 72 67 75 6d 65 6e 74 73 20 61 72 65 20 74 68 65 20 64 69 73 74 61 6e 63 65 20 76 61 6c 75	.arguments.are.the.distance.valu
dae60	65 73 20 66 6f 72 20 65 78 74 65 72 6e 61 6c 20 72 6f 75 74 65 73 2c 20 69 6e 74 65 72 2d 61 72	es.for.external.routes,.inter-ar
dae80	65 61 20 72 6f 75 74 65 73 20 61 6e 64 20 69 6e 74 72 61 2d 61 72 65 61 20 72 6f 75 74 65 73 20	ea.routes.and.intra-area.routes.
daea0	72 65 73 70 65 63 74 69 76 65 6c 79 2e 20 54 68 65 20 64 69 73 74 61 6e 63 65 20 72 61 6e 67 65	respectively..The.distance.range
daec0	20 69 73 20 31 20 74 6f 20 32 35 35 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 63 68 61 6e 67	.is.1.to.255..This.command.chang
daee0	65 20 74 68 65 20 64 69 73 74 61 6e 63 65 20 76 61 6c 75 65 20 6f 66 20 52 49 50 2e 20 54 68 65	e.the.distance.value.of.RIP..The
daf00	20 64 69 73 74 61 6e 63 65 20 72 61 6e 67 65 20 69 73 20 31 20 74 6f 20 32 35 35 2e 00 54 68 69	.distance.range.is.1.to.255..Thi
daf20	73 20 63 6f 6d 6d 61 6e 64 20 63 68 61 6e 67 65 73 20 74 68 65 20 65 42 47 50 20 62 65 68 61 76	s.command.changes.the.eBGP.behav
daf40	69 6f 72 20 6f 66 20 46 52 52 2e 20 42 79 20 64 65 66 61 75 6c 74 20 46 52 52 20 65 6e 61 62 6c	ior.of.FRR..By.default.FRR.enabl
daf60	65 73 20 3a 72 66 63 3a 60 38 32 31 32 60 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79 20 77 68 69	es.:rfc:`8212`.functionality.whi
daf80	63 68 20 61 66 66 65 63 74 73 20 68 6f 77 20 65 42 47 50 20 72 6f 75 74 65 73 20 61 72 65 20 61	ch.affects.how.eBGP.routes.are.a
dafa0	64 76 65 72 74 69 73 65 64 2c 20 6e 61 6d 65 6c 79 20 6e 6f 20 72 6f 75 74 65 73 20 61 72 65 20	dvertised,.namely.no.routes.are.
dafc0	61 64 76 65 72 74 69 73 65 64 20 61 63 72 6f 73 73 20 65 42 47 50 20 73 65 73 73 69 6f 6e 73 20	advertised.across.eBGP.sessions.
dafe0	77 69 74 68 6f 75 74 20 73 6f 6d 65 20 73 6f 72 74 20 6f 66 20 65 67 72 65 73 73 20 72 6f 75 74	without.some.sort.of.egress.rout
db000	65 2d 6d 61 70 2f 70 6f 6c 69 63 79 20 69 6e 20 70 6c 61 63 65 2e 20 49 6e 20 56 79 4f 53 20 68	e-map/policy.in.place..In.VyOS.h
db020	6f 77 65 76 65 72 20 77 65 20 68 61 76 65 20 74 68 69 73 20 52 46 43 20 66 75 6e 63 74 69 6f 6e	owever.we.have.this.RFC.function
db040	61 6c 69 74 79 20 64 69 73 61 62 6c 65 64 20 62 79 20 64 65 66 61 75 6c 74 20 73 6f 20 74 68 61	ality.disabled.by.default.so.tha
db060	74 20 77 65 20 63 61 6e 20 70 72 65 73 65 72 76 65 20 62 61 63 6b 77 61 72 64 73 20 63 6f 6d 70	t.we.can.preserve.backwards.comp
db080	61 74 69 62 69 6c 69 74 79 20 77 69 74 68 20 6f 6c 64 65 72 20 76 65 72 73 69 6f 6e 73 20 6f 66	atibility.with.older.versions.of
db0a0	20 56 79 4f 53 2e 20 57 69 74 68 20 74 68 69 73 20 6f 70 74 69 6f 6e 20 6f 6e 65 20 63 61 6e 20	.VyOS..With.this.option.one.can.
db0c0	65 6e 61 62 6c 65 20 3a 72 66 63 3a 60 38 32 31 32 60 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79	enable.:rfc:`8212`.functionality
db0e0	20 74 6f 20 6f 70 65 72 61 74 65 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 63 6f 6e 66 69 67	.to.operate..This.command.config
db100	75 72 65 73 20 70 61 64 64 69 6e 67 20 6f 6e 20 68 65 6c 6c 6f 20 70 61 63 6b 65 74 73 20 74 6f	ures.padding.on.hello.packets.to
db120	20 61 63 63 6f 6d 6d 6f 64 61 74 65 20 61 73 79 6d 6d 65 74 72 69 63 61 6c 20 6d 61 78 69 6d 75	.accommodate.asymmetrical.maximu
db140	6d 20 74 72 61 6e 73 66 65 72 20 75 6e 69 74 73 20 28 4d 54 55 73 29 20 66 72 6f 6d 20 64 69 66	m.transfer.units.(MTUs).from.dif
db160	66 65 72 65 6e 74 20 68 6f 73 74 73 20 61 73 20 64 65 73 63 72 69 62 65 64 20 69 6e 20 3a 72 66	ferent.hosts.as.described.in.:rf
db180	63 3a 60 33 37 31 39 60 2e 20 54 68 69 73 20 68 65 6c 70 73 20 74 6f 20 70 72 65 76 65 6e 74 20	c:`3719`..This.helps.to.prevent.
db1a0	61 20 70 72 65 6d 61 74 75 72 65 20 61 64 6a 61 63 65 6e 63 79 20 55 70 20 73 74 61 74 65 20 77	a.premature.adjacency.Up.state.w
db1c0	68 65 6e 20 6f 6e 65 20 72 6f 75 74 69 6e 67 20 64 65 76 69 63 65 73 20 4d 54 55 20 64 6f 65 73	hen.one.routing.devices.MTU.does
db1e0	20 6e 6f 74 20 6d 65 65 74 20 74 68 65 20 72 65 71 75 69 72 65 6d 65 6e 74 73 20 74 6f 20 65 73	.not.meet.the.requirements.to.es
db200	74 61 62 6c 69 73 68 20 74 68 65 20 61 64 6a 61 63 65 6e 63 79 2e 00 54 68 69 73 20 63 6f 6d 6d	tablish.the.adjacency..This.comm
db220	61 6e 64 20 63 6f 6e 66 69 67 75 72 65 73 20 74 68 65 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f	and.configures.the.authenticatio
db240	6e 20 70 61 73 73 77 6f 72 64 20 66 6f 72 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 2e 00 54 68	n.password.for.the.interface..Th
db260	69 73 20 63 6f 6d 6d 61 6e 64 20 63 6f 6e 66 69 67 75 72 65 73 20 74 68 65 20 6d 61 78 69 6d 75	is.command.configures.the.maximu
db280	6d 20 73 69 7a 65 20 6f 66 20 67 65 6e 65 72 61 74 65 64 20 3a 61 62 62 72 3a 60 4c 53 50 73 20	m.size.of.generated.:abbr:`LSPs.
db2a0	28 4c 69 6e 6b 20 53 74 61 74 65 20 50 44 55 73 29 60 2c 20 69 6e 20 62 79 74 65 73 2e 20 54 68	(Link.State.PDUs)`,.in.bytes..Th
db2c0	65 20 73 69 7a 65 20 72 61 6e 67 65 20 69 73 20 31 32 38 20 74 6f 20 34 33 35 32 2e 00 54 68 69	e.size.range.is.128.to.4352..Thi
db2e0	73 20 63 6f 6d 6d 61 6e 64 20 63 6f 6e 66 69 67 75 72 65 73 20 74 68 65 20 70 61 73 73 69 76 65	s.command.configures.the.passive
db300	20 6d 6f 64 65 20 66 6f 72 20 74 68 69 73 20 69 6e 74 65 72 66 61 63 65 2e 00 54 68 69 73 20 63	.mode.for.this.interface..This.c
db320	6f 6d 6d 61 6e 64 20 63 72 65 61 74 65 73 20 61 20 6e 65 77 20 6e 65 69 67 68 62 6f 72 20 77 68	ommand.creates.a.new.neighbor.wh
db340	6f 73 65 20 72 65 6d 6f 74 65 2d 61 73 20 69 73 20 3c 6e 61 73 6e 3e 2e 20 54 68 65 20 6e 65 69	ose.remote-as.is.<nasn>..The.nei
db360	67 68 62 6f 72 20 61 64 64 72 65 73 73 20 63 61 6e 20 62 65 20 61 6e 20 49 50 76 34 20 61 64 64	ghbor.address.can.be.an.IPv4.add
db380	72 65 73 73 20 6f 72 20 61 6e 20 49 50 76 36 20 61 64 64 72 65 73 73 20 6f 72 20 61 6e 20 69 6e	ress.or.an.IPv6.address.or.an.in
db3a0	74 65 72 66 61 63 65 20 74 6f 20 75 73 65 20 66 6f 72 20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f	terface.to.use.for.the.connectio
db3c0	6e 2e 20 54 68 65 20 63 6f 6d 6d 61 6e 64 20 69 73 20 61 70 70 6c 69 63 61 62 6c 65 20 66 6f 72	n..The.command.is.applicable.for
db3e0	20 70 65 65 72 20 61 6e 64 20 70 65 65 72 20 67 72 6f 75 70 2e 00 54 68 69 73 20 63 6f 6d 6d 61	.peer.and.peer.group..This.comma
db400	6e 64 20 63 72 65 61 74 65 73 20 61 20 6e 65 77 20 72 6f 75 74 65 2d 6d 61 70 20 70 6f 6c 69 63	nd.creates.a.new.route-map.polic
db420	79 2c 20 69 64 65 6e 74 69 66 69 65 64 20 62 79 20 3c 74 65 78 74 3e 2e 00 54 68 69 73 20 63 6f	y,.identified.by.<text>..This.co
db440	6d 6d 61 6e 64 20 63 72 65 61 74 65 73 20 61 20 6e 65 77 20 72 75 6c 65 20 69 6e 20 74 68 65 20	mmand.creates.a.new.rule.in.the.
db460	49 50 76 36 20 61 63 63 65 73 73 20 6c 69 73 74 20 61 6e 64 20 64 65 66 69 6e 65 73 20 61 6e 20	IPv6.access.list.and.defines.an.
db480	61 63 74 69 6f 6e 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 63 72 65 61 74 65 73 20 61 20 6e	action..This.command.creates.a.n
db4a0	65 77 20 72 75 6c 65 20 69 6e 20 74 68 65 20 49 50 76 36 20 70 72 65 66 69 78 2d 6c 69 73 74 20	ew.rule.in.the.IPv6.prefix-list.
db4c0	61 6e 64 20 64 65 66 69 6e 65 73 20 61 6e 20 61 63 74 69 6f 6e 2e 00 54 68 69 73 20 63 6f 6d 6d	and.defines.an.action..This.comm
db4e0	61 6e 64 20 63 72 65 61 74 65 73 20 61 20 6e 65 77 20 72 75 6c 65 20 69 6e 20 74 68 65 20 61 63	and.creates.a.new.rule.in.the.ac
db500	63 65 73 73 20 6c 69 73 74 20 61 6e 64 20 64 65 66 69 6e 65 73 20 61 6e 20 61 63 74 69 6f 6e 2e	cess.list.and.defines.an.action.
db520	00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 63 72 65 61 74 65 73 20 61 20 6e 65 77 20 72 75 6c 65	.This.command.creates.a.new.rule
db540	20 69 6e 20 74 68 65 20 70 72 65 66 69 78 2d 6c 69 73 74 20 61 6e 64 20 64 65 66 69 6e 65 73 20	.in.the.prefix-list.and.defines.
db560	61 6e 20 61 63 74 69 6f 6e 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 63 72 65 61 74 65 73 20	an.action..This.command.creates.
db580	74 68 65 20 6e 65 77 20 49 50 76 36 20 61 63 63 65 73 73 20 6c 69 73 74 2c 20 69 64 65 6e 74 69	the.new.IPv6.access.list,.identi
db5a0	66 69 65 64 20 62 79 20 3c 74 65 78 74 3e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 63 72 65 61	fied.by.<text>.This.command.crea
db5c0	74 65 73 20 74 68 65 20 6e 65 77 20 49 50 76 36 20 70 72 65 66 69 78 2d 6c 69 73 74 20 70 6f 6c	tes.the.new.IPv6.prefix-list.pol
db5e0	69 63 79 2c 20 69 64 65 6e 74 69 66 69 65 64 20 62 79 20 3c 74 65 78 74 3e 2e 00 54 68 69 73 20	icy,.identified.by.<text>..This.
db600	63 6f 6d 6d 61 6e 64 20 63 72 65 61 74 65 73 20 74 68 65 20 6e 65 77 20 61 63 63 65 73 73 20 6c	command.creates.the.new.access.l
db620	69 73 74 20 70 6f 6c 69 63 79 2c 20 77 68 65 72 65 20 3c 61 63 6c 5f 6e 75 6d 62 65 72 3e 20 6d	ist.policy,.where.<acl_number>.m
db640	75 73 74 20 62 65 20 61 20 6e 75 6d 62 65 72 20 66 72 6f 6d 20 31 20 74 6f 20 32 36 39 39 2e 00	ust.be.a.number.from.1.to.2699..
db660	54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 63 72 65 61 74 65 73 20 74 68 65 20 6e 65 77 20 70 72 65	This.command.creates.the.new.pre
db680	66 69 78 2d 6c 69 73 74 20 70 6f 6c 69 63 79 2c 20 69 64 65 6e 74 69 66 69 65 64 20 62 79 20 3c	fix-list.policy,.identified.by.<
db6a0	74 65 78 74 3e 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 65 66 69 6e 65 73 20 61 20 6e 65	text>..This.command.defines.a.ne
db6c0	77 20 70 65 65 72 20 67 72 6f 75 70 2e 20 59 6f 75 20 63 61 6e 20 73 70 65 63 69 66 79 20 74 6f	w.peer.group..You.can.specify.to
db6e0	20 74 68 65 20 67 72 6f 75 70 20 74 68 65 20 73 61 6d 65 20 70 61 72 61 6d 65 74 65 72 73 20 74	.the.group.the.same.parameters.t
db700	68 61 74 20 79 6f 75 20 63 61 6e 20 73 70 65 63 69 66 79 20 66 6f 72 20 73 70 65 63 69 66 69 63	hat.you.can.specify.for.specific
db720	20 6e 65 69 67 68 62 6f 72 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 65 66 69 6e 65 73	.neighbors..This.command.defines
db740	20 6d 61 74 63 68 69 6e 67 20 70 61 72 61 6d 65 74 65 72 73 20 66 6f 72 20 49 50 76 36 20 61 63	.matching.parameters.for.IPv6.ac
db760	63 65 73 73 20 6c 69 73 74 20 72 75 6c 65 2e 20 4d 61 74 63 68 69 6e 67 20 63 72 69 74 65 72 69	cess.list.rule..Matching.criteri
db780	61 20 63 6f 75 6c 64 20 62 65 20 61 70 70 6c 69 65 64 20 74 6f 20 73 6f 75 72 63 65 20 70 61 72	a.could.be.applied.to.source.par
db7a0	61 6d 65 74 65 72 73 3a 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 65 66 69 6e 65 73 20 6d 61	ameters:.This.command.defines.ma
db7c0	74 63 68 69 6e 67 20 70 61 72 61 6d 65 74 65 72 73 20 66 6f 72 20 61 63 63 65 73 73 20 6c 69 73	tching.parameters.for.access.lis
db7e0	74 20 72 75 6c 65 2e 20 4d 61 74 63 68 69 6e 67 20 63 72 69 74 65 72 69 61 20 63 6f 75 6c 64 20	t.rule..Matching.criteria.could.
db800	62 65 20 61 70 70 6c 69 65 64 20 74 6f 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 6f 72 20 73 6f 75	be.applied.to.destination.or.sou
db820	72 63 65 20 70 61 72 61 6d 65 74 65 72 73 3a 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 65 66	rce.parameters:.This.command.def
db840	69 6e 65 73 20 74 68 65 20 49 53 2d 49 53 20 72 6f 75 74 65 72 20 62 65 68 61 76 69 6f 72 3a 00	ines.the.IS-IS.router.behavior:.
db860	54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 65 66 69 6e 65 73 20 74 68 65 20 61 63 63 75 6d 75 6c	This.command.defines.the.accumul
db880	61 74 65 64 20 70 65 6e 61 6c 74 79 20 61 6d 6f 75 6e 74 20 61 74 20 77 68 69 63 68 20 74 68 65	ated.penalty.amount.at.which.the
db8a0	20 72 6f 75 74 65 20 69 73 20 72 65 2d 61 64 76 65 72 74 69 73 65 64 2e 20 54 68 65 20 70 65 6e	.route.is.re-advertised..The.pen
db8c0	61 6c 74 79 20 72 61 6e 67 65 20 69 73 20 31 20 74 6f 20 32 30 30 30 30 2e 00 54 68 69 73 20 63	alty.range.is.1.to.20000..This.c
db8e0	6f 6d 6d 61 6e 64 20 64 65 66 69 6e 65 73 20 74 68 65 20 61 63 63 75 6d 75 6c 61 74 65 64 20 70	ommand.defines.the.accumulated.p
db900	65 6e 61 6c 74 79 20 61 6d 6f 75 6e 74 20 61 74 20 77 68 69 63 68 20 74 68 65 20 72 6f 75 74 65	enalty.amount.at.which.the.route
db920	20 69 73 20 73 75 70 70 72 65 73 73 65 64 2e 20 54 68 65 20 70 65 6e 61 6c 74 79 20 72 61 6e 67	.is.suppressed..The.penalty.rang
db940	65 20 69 73 20 31 20 74 6f 20 32 30 30 30 30 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 65	e.is.1.to.20000..This.command.de
db960	66 69 6e 65 73 20 74 68 65 20 61 6d 6f 75 6e 74 20 6f 66 20 74 69 6d 65 20 69 6e 20 6d 69 6e 75	fines.the.amount.of.time.in.minu
db980	74 65 73 20 61 66 74 65 72 20 77 68 69 63 68 20 61 20 70 65 6e 61 6c 74 79 20 69 73 20 72 65 64	tes.after.which.a.penalty.is.red
db9a0	75 63 65 64 20 62 79 20 68 61 6c 66 2e 20 54 68 65 20 74 69 6d 65 72 20 72 61 6e 67 65 20 69 73	uced.by.half..The.timer.range.is
db9c0	20 31 30 20 74 6f 20 34 35 20 6d 69 6e 75 74 65 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20	.10.to.45.minutes..This.command.
db9e0	64 65 66 69 6e 65 73 20 74 68 65 20 6d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 70 61	defines.the.maximum.number.of.pa
dba00	72 61 6c 6c 65 6c 20 72 6f 75 74 65 73 20 74 68 61 74 20 74 68 65 20 42 47 50 20 63 61 6e 20 73	rallel.routes.that.the.BGP.can.s
dba20	75 70 70 6f 72 74 2e 20 49 6e 20 6f 72 64 65 72 20 66 6f 72 20 42 47 50 20 74 6f 20 75 73 65 20	upport..In.order.for.BGP.to.use.
dba40	74 68 65 20 73 65 63 6f 6e 64 20 70 61 74 68 2c 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 61	the.second.path,.the.following.a
dba60	74 74 72 69 62 75 74 65 73 20 68 61 76 65 20 74 6f 20 6d 61 74 63 68 3a 20 57 65 69 67 68 74 2c	ttributes.have.to.match:.Weight,
dba80	20 4c 6f 63 61 6c 20 50 72 65 66 65 72 65 6e 63 65 2c 20 41 53 20 50 61 74 68 20 28 62 6f 74 68	.Local.Preference,.AS.Path.(both
dbaa0	20 41 53 20 6e 75 6d 62 65 72 20 61 6e 64 20 41 53 20 70 61 74 68 20 6c 65 6e 67 74 68 29 2c 20	.AS.number.and.AS.path.length),.
dbac0	4f 72 69 67 69 6e 20 63 6f 64 65 2c 20 4d 45 44 2c 20 49 47 50 20 6d 65 74 72 69 63 2e 20 41 6c	Origin.code,.MED,.IGP.metric..Al
dbae0	73 6f 2c 20 74 68 65 20 6e 65 78 74 20 68 6f 70 20 61 64 64 72 65 73 73 20 66 6f 72 20 65 61 63	so,.the.next.hop.address.for.eac
dbb00	68 20 70 61 74 68 20 6d 75 73 74 20 62 65 20 64 69 66 66 65 72 65 6e 74 2e 00 54 68 69 73 20 63	h.path.must.be.different..This.c
dbb20	6f 6d 6d 61 6e 64 20 64 65 66 69 6e 65 73 20 74 68 65 20 6d 61 78 69 6d 75 6d 20 74 69 6d 65 20	ommand.defines.the.maximum.time.
dbb40	69 6e 20 6d 69 6e 75 74 65 73 20 74 68 61 74 20 61 20 72 6f 75 74 65 20 69 73 20 73 75 70 70 72	in.minutes.that.a.route.is.suppr
dbb60	65 73 73 65 64 2e 20 54 68 65 20 74 69 6d 65 72 20 72 61 6e 67 65 20 69 73 20 31 20 74 6f 20 32	essed..The.timer.range.is.1.to.2
dbb80	35 35 20 6d 69 6e 75 74 65 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 61 62 6c 65	55.minutes..This.command.disable
dbba0	20 74 68 65 20 70 65 65 72 20 6f 72 20 70 65 65 72 20 67 72 6f 75 70 2e 20 54 6f 20 72 65 65 6e	.the.peer.or.peer.group..To.reen
dbbc0	61 62 6c 65 20 74 68 65 20 70 65 65 72 20 75 73 65 20 74 68 65 20 64 65 6c 65 74 65 20 66 6f 72	able.the.peer.use.the.delete.for
dbbe0	6d 20 6f 66 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20	m.of.this.command..This.command.
dbc00	64 69 73 61 62 6c 65 73 20 49 47 50 2d 4c 44 50 20 73 79 6e 63 20 66 6f 72 20 74 68 69 73 20 73	disables.IGP-LDP.sync.for.this.s
dbc20	70 65 63 69 66 69 63 20 69 6e 74 65 72 66 61 63 65 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20	pecific.interface..This.command.
dbc40	64 69 73 61 62 6c 65 73 20 54 68 72 65 65 2d 57 61 79 20 48 61 6e 64 73 68 61 6b 65 20 66 6f 72	disables.Three-Way.Handshake.for
dbc60	20 50 32 50 20 61 64 6a 61 63 65 6e 63 69 65 73 20 77 68 69 63 68 20 64 65 73 63 72 69 62 65 64	.P2P.adjacencies.which.described
dbc80	20 69 6e 20 3a 72 66 63 3a 60 35 33 30 33 60 2e 20 54 68 72 65 65 2d 57 61 79 20 48 61 6e 64 73	.in.:rfc:`5303`..Three-Way.Hands
dbca0	68 61 6b 65 20 69 73 20 65 6e 61 62 6c 65 64 20 62 79 20 64 65 66 61 75 6c 74 2e 00 54 68 69 73	hake.is.enabled.by.default..This
dbcc0	20 63 6f 6d 6d 61 6e 64 20 64 69 73 61 62 6c 65 73 20 63 68 65 63 6b 20 6f 66 20 74 68 65 20 4d	.command.disables.check.of.the.M
dbce0	54 55 20 76 61 6c 75 65 20 69 6e 20 74 68 65 20 4f 53 50 46 20 44 42 44 20 70 61 63 6b 65 74 73	TU.value.in.the.OSPF.DBD.packets
dbd00	2e 20 54 68 75 73 2c 20 75 73 65 20 6f 66 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 61 6c 6c 6f	..Thus,.use.of.this.command.allo
dbd20	77 73 20 74 68 65 20 4f 53 50 46 20 61 64 6a 61 63 65 6e 63 79 20 74 6f 20 72 65 61 63 68 20 74	ws.the.OSPF.adjacency.to.reach.t
dbd40	68 65 20 46 55 4c 4c 20 73 74 61 74 65 20 65 76 65 6e 20 74 68 6f 75 67 68 20 74 68 65 72 65 20	he.FULL.state.even.though.there.
dbd60	69 73 20 61 6e 20 69 6e 74 65 72 66 61 63 65 20 4d 54 55 20 6d 69 73 6d 61 74 63 68 20 62 65 74	is.an.interface.MTU.mismatch.bet
dbd80	77 65 65 6e 20 74 77 6f 20 4f 53 50 46 20 72 6f 75 74 65 72 73 2e 00 54 68 69 73 20 63 6f 6d 6d	ween.two.OSPF.routers..This.comm
dbda0	61 6e 64 20 64 69 73 61 62 6c 65 73 20 69 74 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69	and.disables.it..This.command.di
dbdc0	73 61 62 6c 65 73 20 72 6f 75 74 65 20 72 65 66 6c 65 63 74 69 6f 6e 20 62 65 74 77 65 65 6e 20	sables.route.reflection.between.
dbde0	72 6f 75 74 65 20 72 65 66 6c 65 63 74 6f 72 20 63 6c 69 65 6e 74 73 2e 20 42 79 20 64 65 66 61	route.reflector.clients..By.defa
dbe00	75 6c 74 2c 20 74 68 65 20 63 6c 69 65 6e 74 73 20 6f 66 20 61 20 72 6f 75 74 65 20 72 65 66 6c	ult,.the.clients.of.a.route.refl
dbe20	65 63 74 6f 72 20 61 72 65 20 6e 6f 74 20 72 65 71 75 69 72 65 64 20 74 6f 20 62 65 20 66 75 6c	ector.are.not.required.to.be.ful
dbe40	6c 79 20 6d 65 73 68 65 64 20 61 6e 64 20 74 68 65 20 72 6f 75 74 65 73 20 66 72 6f 6d 20 61 20	ly.meshed.and.the.routes.from.a.
dbe60	63 6c 69 65 6e 74 20 61 72 65 20 72 65 66 6c 65 63 74 65 64 20 74 6f 20 6f 74 68 65 72 20 63 6c	client.are.reflected.to.other.cl
dbe80	69 65 6e 74 73 2e 20 48 6f 77 65 76 65 72 2c 20 69 66 20 74 68 65 20 63 6c 69 65 6e 74 73 20 61	ients..However,.if.the.clients.a
dbea0	72 65 20 66 75 6c 6c 79 20 6d 65 73 68 65 64 2c 20 72 6f 75 74 65 20 72 65 66 6c 65 63 74 69 6f	re.fully.meshed,.route.reflectio
dbec0	6e 20 69 73 20 6e 6f 74 20 72 65 71 75 69 72 65 64 2e 20 49 6e 20 74 68 69 73 20 63 61 73 65 2c	n.is.not.required..In.this.case,
dbee0	20 75 73 65 20 74 68 65 20 3a 63 66 67 63 6d 64 3a 60 6e 6f 2d 63 6c 69 65 6e 74 2d 74 6f 2d 63	.use.the.:cfgcmd:`no-client-to-c
dbf00	6c 69 65 6e 74 2d 72 65 66 6c 65 63 74 69 6f 6e 60 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 64 69 73	lient-reflection`.command.to.dis
dbf20	61 62 6c 65 20 63 6c 69 65 6e 74 2d 74 6f 2d 63 6c 69 65 6e 74 20 72 65 66 6c 65 63 74 69 6f 6e	able.client-to-client.reflection
dbf40	2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 61 62 6c 65 73 20 73 70 6c 69 74 2d 68 6f	..This.command.disables.split-ho
dbf60	72 69 7a 6f 6e 20 6f 6e 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 2e 20 42 79 20 64 65 66 61 75	rizon.on.the.interface..By.defau
dbf80	6c 74 2c 20 56 79 4f 53 20 64 6f 65 73 20 6e 6f 74 20 61 64 76 65 72 74 69 73 65 20 52 49 50 20	lt,.VyOS.does.not.advertise.RIP.
dbfa0	72 6f 75 74 65 73 20 6f 75 74 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 6f 76 65 72 20 77 68	routes.out.the.interface.over.wh
dbfc0	69 63 68 20 74 68 65 79 20 77 65 72 65 20 6c 65 61 72 6e 65 64 20 28 73 70 6c 69 74 20 68 6f 72	ich.they.were.learned.(split.hor
dbfe0	69 7a 6f 6e 29 2e 33 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 42 47	izon).3.This.command.displays.BG
dc000	50 20 64 61 6d 70 65 6e 65 64 20 72 6f 75 74 65 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20	P.dampened.routes..This.command.
dc020	64 69 73 70 6c 61 79 73 20 42 47 50 20 72 65 63 65 69 76 65 64 2d 72 6f 75 74 65 73 20 74 68 61	displays.BGP.received-routes.tha
dc040	74 20 61 72 65 20 61 63 63 65 70 74 65 64 20 61 66 74 65 72 20 66 69 6c 74 65 72 69 6e 67 2e 00	t.are.accepted.after.filtering..
dc060	54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 42 47 50 20 72 6f 75 74 65 73	This.command.displays.BGP.routes
dc080	20 61 64 76 65 72 74 69 73 65 64 20 74 6f 20 61 20 6e 65 69 67 68 62 6f 72 2e 00 54 68 69 73 20	.advertised.to.a.neighbor..This.
dc0a0	63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 42 47 50 20 72 6f 75 74 65 73 20 61 6c 6c 6f	command.displays.BGP.routes.allo
dc0c0	77 65 64 20 62 79 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 41 53 20 50 61 74 68 20 61 63 63	wed.by.the.specified.AS.Path.acc
dc0e0	65 73 73 20 6c 69 73 74 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20	ess.list..This.command.displays.
dc100	42 47 50 20 72 6f 75 74 65 73 20 6f 72 69 67 69 6e 61 74 69 6e 67 20 66 72 6f 6d 20 74 68 65 20	BGP.routes.originating.from.the.
dc120	73 70 65 63 69 66 69 65 64 20 42 47 50 20 6e 65 69 67 68 62 6f 72 20 62 65 66 6f 72 65 20 69 6e	specified.BGP.neighbor.before.in
dc140	62 6f 75 6e 64 20 70 6f 6c 69 63 79 20 69 73 20 61 70 70 6c 69 65 64 2e 20 54 6f 20 75 73 65 20	bound.policy.is.applied..To.use.
dc160	74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 69 6e 62 6f 75 6e 64 20 73 6f 66 74 20 72 65 63 6f 6e 66	this.command.inbound.soft.reconf
dc180	69 67 75 72 61 74 69 6f 6e 20 6d 75 73 74 20 62 65 20 65 6e 61 62 6c 65 64 2e 00 54 68 69 73 20	iguration.must.be.enabled..This.
dc1a0	63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 4c 53 41 73 20 69 6e 20 4d 61 78 41 67 65 20	command.displays.LSAs.in.MaxAge.
dc1c0	6c 69 73 74 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 52 49 50 20	list..This.command.displays.RIP.
dc1e0	72 6f 75 74 65 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 61 20	routes..This.command.displays.a.
dc200	64 61 74 61 62 61 73 65 20 63 6f 6e 74 65 6e 74 73 20 66 6f 72 20 61 20 73 70 65 63 69 66 69 63	database.contents.for.a.specific
dc220	20 6c 69 6e 6b 20 61 64 76 65 72 74 69 73 65 6d 65 6e 74 20 74 79 70 65 2e 00 54 68 69 73 20 63	.link.advertisement.type..This.c
dc240	6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 61 20 73 75 6d 6d 61 72 79 20 74 61 62 6c 65 20	ommand.displays.a.summary.table.
dc260	77 69 74 68 20 61 20 64 61 74 61 62 61 73 65 20 63 6f 6e 74 65 6e 74 73 20 28 4c 53 41 29 2e 00	with.a.database.contents.(LSA)..
dc280	54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 61 20 74 61 62 6c 65 20 6f 66	This.command.displays.a.table.of
dc2a0	20 70 61 74 68 73 20 74 6f 20 61 72 65 61 20 62 6f 75 6e 64 61 72 79 20 61 6e 64 20 61 75 74 6f	.paths.to.area.boundary.and.auto
dc2c0	6e 6f 6d 6f 75 73 20 73 79 73 74 65 6d 20 62 6f 75 6e 64 61 72 79 20 72 6f 75 74 65 72 73 2e 00	nomous.system.boundary.routers..
dc2e0	54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 61 6c 6c 20 65 6e 74 72 69 65	This.command.displays.all.entrie
dc300	73 20 69 6e 20 42 47 50 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 2e 00 54 68 69 73 20 63 6f 6d	s.in.BGP.routing.table..This.com
dc320	6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 64 61 6d 70 65 6e 65 64 20 72 6f 75 74 65 73 20 72 65	mand.displays.dampened.routes.re
dc340	63 65 69 76 65 64 20 66 72 6f 6d 20 42 47 50 20 6e 65 69 67 68 62 6f 72 2e 00 54 68 69 73 20 63	ceived.from.BGP.neighbor..This.c
dc360	6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 65 78 74 65 72 6e 61 6c 20 69 6e 66 6f 72 6d 61	ommand.displays.external.informa
dc380	74 69 6f 6e 20 72 65 64 69 73 74 72 69 62 75 74 65 64 20 69 6e 74 6f 20 4f 53 50 46 76 33 00 54	tion.redistributed.into.OSPFv3.T
dc3a0	68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e	his.command.displays.information
dc3c0	20 61 62 6f 75 74 20 42 47 50 20 72 6f 75 74 65 73 20 77 68 6f 73 65 20 41 53 20 70 61 74 68 20	.about.BGP.routes.whose.AS.path.
dc3e0	6d 61 74 63 68 65 73 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 72 65 67 75 6c 61 72 20 65 78	matches.the.specified.regular.ex
dc400	70 72 65 73 73 69 6f 6e 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20	pression..This.command.displays.
dc420	69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 66 6c 61 70 70 69 6e 67 20 42 47 50 20 72	information.about.flapping.BGP.r
dc440	6f 75 74 65 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 69 6e 66	outes..This.command.displays.inf
dc460	6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 65 20 70 61 72 74 69 63 75 6c 61 72 20 65 6e	ormation.about.the.particular.en
dc480	74 72 79 20 69 6e 20 74 68 65 20 42 47 50 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 2e 00 54 68	try.in.the.BGP.routing.table..Th
dc4a0	69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 72 6f 75 74 65 73 20 74 68 61 74 20	is.command.displays.routes.that.
dc4c0	61 72 65 20 70 65 72 6d 69 74 74 65 64 20 62 79 20 74 68 65 20 42 47 50 20 63 6f 6d 6d 75 6e 69	are.permitted.by.the.BGP.communi
dc4e0	74 79 20 6c 69 73 74 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 72	ty.list..This.command.displays.r
dc500	6f 75 74 65 73 20 74 68 61 74 20 62 65 6c 6f 6e 67 20 74 6f 20 73 70 65 63 69 66 69 65 64 20 42	outes.that.belong.to.specified.B
dc520	47 50 20 63 6f 6d 6d 75 6e 69 74 69 65 73 2e 20 56 61 6c 69 64 20 76 61 6c 75 65 20 69 73 20 61	GP.communities..Valid.value.is.a
dc540	20 63 6f 6d 6d 75 6e 69 74 79 20 6e 75 6d 62 65 72 20 69 6e 20 74 68 65 20 72 61 6e 67 65 20 66	.community.number.in.the.range.f
dc560	72 6f 6d 20 31 20 74 6f 20 34 32 39 34 39 36 37 32 30 30 2c 20 6f 72 20 41 41 3a 4e 4e 20 28 61	rom.1.to.4294967200,.or.AA:NN.(a
dc580	75 74 6f 6e 6f 6d 6f 75 73 20 73 79 73 74 65 6d 2d 63 6f 6d 6d 75 6e 69 74 79 20 6e 75 6d 62 65	utonomous.system-community.numbe
dc5a0	72 2f 32 2d 62 79 74 65 20 6e 75 6d 62 65 72 29 2c 20 6e 6f 2d 65 78 70 6f 72 74 2c 20 6c 6f 63	r/2-byte.number),.no-export,.loc
dc5c0	61 6c 2d 61 73 2c 20 6f 72 20 6e 6f 2d 61 64 76 65 72 74 69 73 65 2e 00 54 68 69 73 20 63 6f 6d	al-as,.or.no-advertise..This.com
dc5e0	6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 72 6f 75 74 65 73 20 77 69 74 68 20 63 6c 61 73 73 6c	mand.displays.routes.with.classl
dc600	65 73 73 20 69 6e 74 65 72 64 6f 6d 61 69 6e 20 72 6f 75 74 69 6e 67 20 28 43 49 44 52 29 2e 00	ess.interdomain.routing.(CIDR)..
dc620	54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 73 74 61 74 65 20 61 6e 64 20	This.command.displays.state.and.
dc640	63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 66 20 4f 53 50 46 20 74 68 65 20 73 70 65 63 69 66	configuration.of.OSPF.the.specif
dc660	69 65 64 20 69 6e 74 65 72 66 61 63 65 2c 20 6f 72 20 61 6c 6c 20 69 6e 74 65 72 66 61 63 65 73	ied.interface,.or.all.interfaces
dc680	20 69 66 20 6e 6f 20 69 6e 74 65 72 66 61 63 65 20 69 73 20 67 69 76 65 6e 2e 00 54 68 69 73 20	.if.no.interface.is.given..This.
dc6a0	63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 73 74 61 74 65 20 61 6e 64 20 63 6f 6e 66 69	command.displays.state.and.confi
dc6c0	67 75 72 61 74 69 6f 6e 20 6f 66 20 4f 53 50 46 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 69	guration.of.OSPF.the.specified.i
dc6e0	6e 74 65 72 66 61 63 65 2c 20 6f 72 20 61 6c 6c 20 69 6e 74 65 72 66 61 63 65 73 20 69 66 20 6e	nterface,.or.all.interfaces.if.n
dc700	6f 20 69 6e 74 65 72 66 61 63 65 20 69 73 20 67 69 76 65 6e 2e 20 57 68 69 74 68 20 74 68 65 20	o.interface.is.given..Whith.the.
dc720	61 72 67 75 6d 65 6e 74 20 3a 63 66 67 63 6d 64 3a 60 70 72 65 66 69 78 60 20 74 68 69 73 20 63	argument.:cfgcmd:`prefix`.this.c
dc740	6f 6d 6d 61 6e 64 20 73 68 6f 77 73 20 63 6f 6e 6e 65 63 74 65 64 20 70 72 65 66 69 78 65 73 20	ommand.shows.connected.prefixes.
dc760	74 6f 20 61 64 76 65 72 74 69 73 65 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c	to.advertise..This.command.displ
dc780	61 79 73 20 74 68 65 20 4f 53 50 46 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 2c 20 61 73 20 64	ays.the.OSPF.routing.table,.as.d
dc7a0	65 74 65 72 6d 69 6e 65 64 20 62 79 20 74 68 65 20 6d 6f 73 74 20 72 65 63 65 6e 74 20 53 50 46	etermined.by.the.most.recent.SPF
dc7c0	20 63 61 6c 63 75 6c 61 74 69 6f 6e 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c	.calculation..This.command.displ
dc7e0	61 79 73 20 74 68 65 20 4f 53 50 46 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 2c 20 61 73 20 64	ays.the.OSPF.routing.table,.as.d
dc800	65 74 65 72 6d 69 6e 65 64 20 62 79 20 74 68 65 20 6d 6f 73 74 20 72 65 63 65 6e 74 20 53 50 46	etermined.by.the.most.recent.SPF
dc820	20 63 61 6c 63 75 6c 61 74 69 6f 6e 2e 20 57 69 74 68 20 74 68 65 20 6f 70 74 69 6f 6e 61 6c 20	.calculation..With.the.optional.
dc840	3a 63 66 67 63 6d 64 3a 60 64 65 74 61 69 6c 60 20 61 72 67 75 6d 65 6e 74 2c 20 65 61 63 68 20	:cfgcmd:`detail`.argument,.each.
dc860	72 6f 75 74 65 20 69 74 65 6d 27 73 20 61 64 76 65 72 74 69 73 65 72 20 72 6f 75 74 65 72 20 61	route.item's.advertiser.router.a
dc880	6e 64 20 6e 65 74 77 6f 72 6b 20 61 74 74 72 69 62 75 74 65 20 77 69 6c 6c 20 62 65 20 73 68 6f	nd.network.attribute.will.be.sho
dc8a0	77 6e 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 74 68 65 20 6e 65	wn..This.command.displays.the.ne
dc8c0	69 67 68 62 6f 72 20 44 52 20 63 68 6f 69 63 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 00 54 68	ighbor.DR.choice.information..Th
dc8e0	69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 74 68 65 20 6e 65 69 67 68 62 6f 72	is.command.displays.the.neighbor
dc900	73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 69 6e 20 61 20 64 65 74 61 69 6c 65 64 20 66 6f 72 6d	s.information.in.a.detailed.form
dc920	20 66 6f 72 20 61 20 6e 65 69 67 68 62 6f 72 20 77 68 6f 73 65 20 49 50 20 61 64 64 72 65 73 73	.for.a.neighbor.whose.IP.address
dc940	20 69 73 20 73 70 65 63 69 66 69 65 64 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70	.is.specified..This.command.disp
dc960	6c 61 79 73 20 74 68 65 20 6e 65 69 67 68 62 6f 72 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 69	lays.the.neighbors.information.i
dc980	6e 20 61 20 64 65 74 61 69 6c 65 64 20 66 6f 72 6d 2c 20 6e 6f 74 20 6a 75 73 74 20 61 20 73 75	n.a.detailed.form,.not.just.a.su
dc9a0	6d 6d 61 72 79 20 74 61 62 6c 65 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61	mmary.table..This.command.displa
dc9c0	79 73 20 74 68 65 20 6e 65 69 67 68 62 6f 72 73 20 73 74 61 74 75 73 20 66 6f 72 20 61 20 6e 65	ys.the.neighbors.status.for.a.ne
dc9e0	69 67 68 62 6f 72 20 6f 6e 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 69 6e 74 65 72 66 61 63	ighbor.on.the.specified.interfac
dca00	65 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70 6c 61 79 73 20 74 68 65 20 6e 65 69	e..This.command.displays.the.nei
dca20	67 68 62 6f 72 73 20 73 74 61 74 75 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 64 69 73 70	ghbors.status..This.command.disp
dca40	6c 61 79 73 20 74 68 65 20 73 74 61 74 75 73 20 6f 66 20 61 6c 6c 20 42 47 50 20 63 6f 6e 6e 65	lays.the.status.of.all.BGP.conne
dca60	63 74 69 6f 6e 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 65 6e 61 62 6c 65 20 6c 6f 67 67	ctions..This.command.enable.logg
dca80	69 6e 67 20 6e 65 69 67 68 62 6f 72 20 75 70 2f 64 6f 77 6e 20 63 68 61 6e 67 65 73 20 61 6e 64	ing.neighbor.up/down.changes.and
dcaa0	20 72 65 73 65 74 20 72 65 61 73 6f 6e 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 65 6e 61 62	.reset.reason..This.command.enab
dcac0	6c 65 2f 64 69 73 61 62 6c 65 73 20 73 75 6d 6d 61 72 69 73 61 74 69 6f 6e 20 66 6f 72 20 74 68	le/disables.summarisation.for.th
dcae0	65 20 63 6f 6e 66 69 67 75 72 65 64 20 61 64 64 72 65 73 73 20 72 61 6e 67 65 2e 00 54 68 69 73	e.configured.address.range..This
dcb00	20 63 6f 6d 6d 61 6e 64 20 65 6e 61 62 6c 65 73 20 3a 61 62 62 72 3a 60 42 46 44 20 28 42 69 64	.command.enables.:abbr:`BFD.(Bid
dcb20	69 72 65 63 74 69 6f 6e 61 6c 20 46 6f 72 77 61 72 64 69 6e 67 20 44 65 74 65 63 74 69 6f 6e 29	irectional.Forwarding.Detection)
dcb40	60 20 6f 6e 20 74 68 69 73 20 4f 53 50 46 20 6c 69 6e 6b 20 69 6e 74 65 72 66 61 63 65 2e 00 54	`.on.this.OSPF.link.interface..T
dcb60	68 69 73 20 63 6f 6d 6d 61 6e 64 20 65 6e 61 62 6c 65 73 20 3a 72 66 63 3a 60 36 32 33 32 60 20	his.command.enables.:rfc:`6232`.
dcb80	70 75 72 67 65 20 6f 72 69 67 69 6e 61 74 6f 72 20 69 64 65 6e 74 69 66 69 63 61 74 69 6f 6e 2e	purge.originator.identification.
dcba0	20 45 6e 61 62 6c 65 20 70 75 72 67 65 20 6f 72 69 67 69 6e 61 74 6f 72 20 69 64 65 6e 74 69 66	.Enable.purge.originator.identif
dcbc0	69 63 61 74 69 6f 6e 20 28 50 4f 49 29 20 62 79 20 61 64 64 69 6e 67 20 74 68 65 20 74 79 70 65	ication.(POI).by.adding.the.type
dcbe0	2c 20 6c 65 6e 67 74 68 20 61 6e 64 20 76 61 6c 75 65 20 28 54 4c 56 29 20 77 69 74 68 20 74 68	,.length.and.value.(TLV).with.th
dcc00	65 20 49 6e 74 65 72 6d 65 64 69 61 74 65 20 53 79 73 74 65 6d 20 28 49 53 29 20 69 64 65 6e 74	e.Intermediate.System.(IS).ident
dcc20	69 66 69 63 61 74 69 6f 6e 20 74 6f 20 74 68 65 20 4c 53 50 73 20 74 68 61 74 20 64 6f 20 6e 6f	ification.to.the.LSPs.that.do.no
dcc40	74 20 63 6f 6e 74 61 69 6e 20 50 4f 49 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 20 49 66 20 61 6e	t.contain.POI.information..If.an
dcc60	20 49 53 20 67 65 6e 65 72 61 74 65 73 20 61 20 70 75 72 67 65 2c 20 56 79 4f 53 20 61 64 64 73	.IS.generates.a.purge,.VyOS.adds
dcc80	20 74 68 69 73 20 54 4c 56 20 77 69 74 68 20 74 68 65 20 73 79 73 74 65 6d 20 49 44 20 6f 66 20	.this.TLV.with.the.system.ID.of.
dcca0	74 68 65 20 49 53 20 74 6f 20 74 68 65 20 70 75 72 67 65 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e	the.IS.to.the.purge..This.comman
dccc0	64 20 65 6e 61 62 6c 65 73 20 49 53 2d 49 53 20 6f 6e 20 74 68 69 73 20 69 6e 74 65 72 66 61 63	d.enables.IS-IS.on.this.interfac
dcce0	65 2c 20 61 6e 64 20 61 6c 6c 6f 77 73 20 66 6f 72 20 61 64 6a 61 63 65 6e 63 79 20 74 6f 20 6f	e,.and.allows.for.adjacency.to.o
dcd00	63 63 75 72 2e 20 4e 6f 74 65 20 74 68 61 74 20 74 68 65 20 6e 61 6d 65 20 6f 66 20 49 53 2d 49	ccur..Note.that.the.name.of.IS-I
dcd20	53 20 69 6e 73 74 61 6e 63 65 20 6d 75 73 74 20 62 65 20 74 68 65 20 73 61 6d 65 20 61 73 20 74	S.instance.must.be.the.same.as.t
dcd40	68 65 20 6f 6e 65 20 75 73 65 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 74 68 65 20 49 53 2d	he.one.used.to.configure.the.IS-
dcd60	49 53 20 70 72 6f 63 65 73 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 65 6e 61 62 6c 65 73	IS.process..This.command.enables
dcd80	20 52 49 50 20 61 6e 64 20 73 65 74 73 20 74 68 65 20 52 49 50 20 65 6e 61 62 6c 65 20 69 6e 74	.RIP.and.sets.the.RIP.enable.int
dcda0	65 72 66 61 63 65 20 62 79 20 4e 45 54 57 4f 52 4b 2e 20 54 68 65 20 69 6e 74 65 72 66 61 63 65	erface.by.NETWORK..The.interface
dcdc0	73 20 77 68 69 63 68 20 68 61 76 65 20 61 64 64 72 65 73 73 65 73 20 6d 61 74 63 68 69 6e 67 20	s.which.have.addresses.matching.
dcde0	77 69 74 68 20 4e 45 54 57 4f 52 4b 20 61 72 65 20 65 6e 61 62 6c 65 64 2e 00 54 68 69 73 20 63	with.NETWORK.are.enabled..This.c
dce00	6f 6d 6d 61 6e 64 20 65 6e 61 62 6c 65 73 20 70 6f 69 73 6f 6e 2d 72 65 76 65 72 73 65 20 6f 6e	ommand.enables.poison-reverse.on
dce20	20 74 68 65 20 69 6e 74 65 72 66 61 63 65 2e 20 49 66 20 62 6f 74 68 20 70 6f 69 73 6f 6e 20 72	.the.interface..If.both.poison.r
dce40	65 76 65 72 73 65 20 61 6e 64 20 73 70 6c 69 74 20 68 6f 72 69 7a 6f 6e 20 61 72 65 20 65 6e 61	everse.and.split.horizon.are.ena
dce60	62 6c 65 64 2c 20 74 68 65 6e 20 56 79 4f 53 20 61 64 76 65 72 74 69 73 65 73 20 74 68 65 20 6c	bled,.then.VyOS.advertises.the.l
dce80	65 61 72 6e 65 64 20 72 6f 75 74 65 73 20 61 73 20 75 6e 72 65 61 63 68 61 62 6c 65 20 6f 76 65	earned.routes.as.unreachable.ove
dcea0	72 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 6f 6e 20 77 68 69 63 68 20 74 68 65 20 72 6f 75	r.the.interface.on.which.the.rou
dcec0	74 65 20 77 61 73 20 6c 65 61 72 6e 65 64 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 65 6e 61	te.was.learned..This.command.ena
dcee0	62 6c 65 73 20 72 6f 75 74 69 6e 67 20 75 73 69 6e 67 20 72 61 64 69 6f 20 66 72 65 71 75 65 6e	bles.routing.using.radio.frequen
dcf00	63 79 20 64 69 76 65 72 73 69 74 79 2e 20 54 68 69 73 20 69 73 20 68 69 67 68 6c 79 20 72 65 63	cy.diversity..This.is.highly.rec
dcf20	6f 6d 6d 65 6e 64 65 64 20 69 6e 20 6e 65 74 77 6f 72 6b 73 20 77 69 74 68 20 6d 61 6e 79 20 77	ommended.in.networks.with.many.w
dcf40	69 72 65 6c 65 73 73 20 6e 6f 64 65 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 65 6e 61 62	ireless.nodes..This.command.enab
dcf60	6c 65 73 20 73 65 6e 64 69 6e 67 20 74 69 6d 65 73 74 61 6d 70 73 20 77 69 74 68 20 65 61 63 68	les.sending.timestamps.with.each
dcf80	20 48 65 6c 6c 6f 20 61 6e 64 20 49 48 55 20 6d 65 73 73 61 67 65 20 69 6e 20 6f 72 64 65 72 20	.Hello.and.IHU.message.in.order.
dcfa0	74 6f 20 63 6f 6d 70 75 74 65 20 52 54 54 20 76 61 6c 75 65 73 2e 20 49 74 20 69 73 20 72 65 63	to.compute.RTT.values..It.is.rec
dcfc0	6f 6d 6d 65 6e 64 65 64 20 74 6f 20 65 6e 61 62 6c 65 20 74 69 6d 65 73 74 61 6d 70 73 20 6f 6e	ommended.to.enable.timestamps.on
dcfe0	20 74 75 6e 6e 65 6c 20 69 6e 74 65 72 66 61 63 65 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64	.tunnel.interfaces..This.command
dd000	20 65 6e 61 62 6c 65 73 20 73 75 70 70 6f 72 74 20 66 6f 72 20 64 79 6e 61 6d 69 63 20 68 6f 73	.enables.support.for.dynamic.hos
dd020	74 6e 61 6d 65 20 54 4c 56 2e 20 44 79 6e 61 6d 69 63 20 68 6f 73 74 6e 61 6d 65 20 6d 61 70 70	tname.TLV..Dynamic.hostname.mapp
dd040	69 6e 67 20 64 65 74 65 72 6d 69 6e 65 64 20 61 73 20 64 65 73 63 72 69 62 65 64 20 69 6e 20 3a	ing.determined.as.described.in.:
dd060	72 66 63 3a 60 32 37 36 33 60 2c 20 44 79 6e 61 6d 69 63 20 48 6f 73 74 6e 61 6d 65 20 45 78 63	rfc:`2763`,.Dynamic.Hostname.Exc
dd080	68 61 6e 67 65 20 4d 65 63 68 61 6e 69 73 6d 20 66 6f 72 20 49 53 2d 49 53 2e 00 54 68 69 73 20	hange.Mechanism.for.IS-IS..This.
dd0a0	63 6f 6d 6d 61 6e 64 20 65 6e 61 62 6c 65 73 20 74 68 65 20 4f 52 46 20 63 61 70 61 62 69 6c 69	command.enables.the.ORF.capabili
dd0c0	74 79 20 28 64 65 73 63 72 69 62 65 64 20 69 6e 20 3a 72 66 63 3a 60 35 32 39 31 60 29 20 6f 6e	ty.(described.in.:rfc:`5291`).on
dd0e0	20 74 68 65 20 6c 6f 63 61 6c 20 72 6f 75 74 65 72 2c 20 61 6e 64 20 65 6e 61 62 6c 65 73 20 4f	.the.local.router,.and.enables.O
dd100	52 46 20 63 61 70 61 62 69 6c 69 74 79 20 61 64 76 65 72 74 69 73 65 6d 65 6e 74 20 74 6f 20 74	RF.capability.advertisement.to.t
dd120	68 65 20 73 70 65 63 69 66 69 65 64 20 42 47 50 20 70 65 65 72 2e 20 54 68 65 20 3a 63 66 67 63	he.specified.BGP.peer..The.:cfgc
dd140	6d 64 3a 60 72 65 63 65 69 76 65 60 20 6b 65 79 77 6f 72 64 20 63 6f 6e 66 69 67 75 72 65 73 20	md:`receive`.keyword.configures.
dd160	61 20 72 6f 75 74 65 72 20 74 6f 20 61 64 76 65 72 74 69 73 65 20 4f 52 46 20 72 65 63 65 69 76	a.router.to.advertise.ORF.receiv
dd180	65 20 63 61 70 61 62 69 6c 69 74 69 65 73 2e 20 54 68 65 20 3a 63 66 67 63 6d 64 3a 60 73 65 6e	e.capabilities..The.:cfgcmd:`sen
dd1a0	64 60 20 6b 65 79 77 6f 72 64 20 63 6f 6e 66 69 67 75 72 65 73 20 61 20 72 6f 75 74 65 72 20 74	d`.keyword.configures.a.router.t
dd1c0	6f 20 61 64 76 65 72 74 69 73 65 20 4f 52 46 20 73 65 6e 64 20 63 61 70 61 62 69 6c 69 74 69 65	o.advertise.ORF.send.capabilitie
dd1e0	73 2e 20 54 6f 20 61 64 76 65 72 74 69 73 65 20 61 20 66 69 6c 74 65 72 20 66 72 6f 6d 20 61 20	s..To.advertise.a.filter.from.a.
dd200	73 65 6e 64 65 72 2c 20 79 6f 75 20 6d 75 73 74 20 63 72 65 61 74 65 20 61 6e 20 49 50 20 70 72	sender,.you.must.create.an.IP.pr
dd220	65 66 69 78 20 6c 69 73 74 20 66 6f 72 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 42 47 50 20	efix.list.for.the.specified.BGP.
dd240	70 65 65 72 20 61 70 70 6c 69 65 64 20 69 6e 20 69 6e 62 6f 75 6e 64 20 64 65 72 65 63 74 69 6f	peer.applied.in.inbound.derectio
dd260	6e 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 65 6e 66 6f 72 63 65 73 20 47 65 6e 65 72 61 6c	n..This.command.enforces.General
dd280	69 7a 65 64 20 54 54 4c 20 53 65 63 75 72 69 74 79 20 4d 65 63 68 61 6e 69 73 6d 20 28 47 54 53	ized.TTL.Security.Mechanism.(GTS
dd2a0	4d 29 2c 20 61 73 20 73 70 65 63 69 66 69 65 64 20 69 6e 20 3a 72 66 63 3a 60 35 30 38 32 60 2e	M),.as.specified.in.:rfc:`5082`.
dd2c0	20 57 69 74 68 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 2c 20 6f 6e 6c 79 20 6e 65 69 67 68 62 6f	.With.this.command,.only.neighbo
dd2e0	72 73 20 74 68 61 74 20 61 72 65 20 73 70 65 63 69 66 69 65 64 20 6e 75 6d 62 65 72 20 6f 66 20	rs.that.are.specified.number.of.
dd300	68 6f 70 73 20 61 77 61 79 20 77 69 6c 6c 20 62 65 20 61 6c 6c 6f 77 65 64 20 74 6f 20 62 65 63	hops.away.will.be.allowed.to.bec
dd320	6f 6d 65 20 6e 65 69 67 68 62 6f 72 73 2e 20 54 68 65 20 6e 75 6d 62 65 72 20 6f 66 20 68 6f 70	ome.neighbors..The.number.of.hop
dd340	73 20 72 61 6e 67 65 20 69 73 20 31 20 74 6f 20 32 35 34 2e 20 54 68 69 73 20 63 6f 6d 6d 61 6e	s.range.is.1.to.254..This.comman
dd360	64 20 69 73 20 6d 75 74 75 61 6c 6c 79 20 65 78 63 6c 75 73 69 76 65 20 77 69 74 68 20 3a 63 66	d.is.mutually.exclusive.with.:cf
dd380	67 63 6d 64 3a 60 65 62 67 70 2d 6d 75 6c 74 69 68 6f 70 60 2e 00 54 68 69 73 20 63 6f 6d 6d 61	gcmd:`ebgp-multihop`..This.comma
dd3a0	6e 64 20 66 6f 72 63 65 73 20 73 74 72 69 63 74 6c 79 20 63 6f 6d 70 61 72 65 20 72 65 6d 6f 74	nd.forces.strictly.compare.remot
dd3c0	65 20 63 61 70 61 62 69 6c 69 74 69 65 73 20 61 6e 64 20 6c 6f 63 61 6c 20 63 61 70 61 62 69 6c	e.capabilities.and.local.capabil
dd3e0	69 74 69 65 73 2e 20 49 66 20 63 61 70 61 62 69 6c 69 74 69 65 73 20 61 72 65 20 64 69 66 66 65	ities..If.capabilities.are.diffe
dd400	72 65 6e 74 2c 20 73 65 6e 64 20 55 6e 73 75 70 70 6f 72 74 65 64 20 43 61 70 61 62 69 6c 69 74	rent,.send.Unsupported.Capabilit
dd420	79 20 65 72 72 6f 72 20 74 68 65 6e 20 72 65 73 65 74 20 63 6f 6e 6e 65 63 74 69 6f 6e 2e 00 54	y.error.then.reset.connection..T
dd440	68 69 73 20 63 6f 6d 6d 61 6e 64 20 66 6f 72 63 65 73 20 74 68 65 20 42 47 50 20 73 70 65 61 6b	his.command.forces.the.BGP.speak
dd460	65 72 20 74 6f 20 72 65 70 6f 72 74 20 69 74 73 65 6c 66 20 61 73 20 74 68 65 20 6e 65 78 74 20	er.to.report.itself.as.the.next.
dd480	68 6f 70 20 66 6f 72 20 61 6e 20 61 64 76 65 72 74 69 73 65 64 20 72 6f 75 74 65 20 69 74 20 61	hop.for.an.advertised.route.it.a
dd4a0	64 76 65 72 74 69 73 65 64 20 74 6f 20 61 20 6e 65 69 67 68 62 6f 72 2e 00 54 68 69 73 20 63 6f	dvertised.to.a.neighbor..This.co
dd4c0	6d 6d 61 6e 64 20 67 65 6e 65 72 61 74 65 20 61 20 64 65 66 61 75 6c 74 20 72 6f 75 74 65 20 69	mmand.generate.a.default.route.i
dd4e0	6e 74 6f 20 74 68 65 20 52 49 50 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 67 69 76 65 73 20	nto.the.RIP..This.command.gives.
dd500	61 20 62 72 69 65 66 20 73 74 61 74 75 73 20 6f 76 65 72 76 69 65 77 20 6f 66 20 61 20 73 70 65	a.brief.status.overview.of.a.spe
dd520	63 69 66 69 65 64 20 77 69 72 65 6c 65 73 73 20 69 6e 74 65 72 66 61 63 65 2e 20 54 68 65 20 77	cified.wireless.interface..The.w
dd540	69 72 65 6c 65 73 73 20 69 6e 74 65 72 66 61 63 65 20 69 64 65 6e 74 69 66 69 65 72 20 63 61 6e	ireless.interface.identifier.can
dd560	20 72 61 6e 67 65 20 66 72 6f 6d 20 77 6c 61 6e 30 20 74 6f 20 77 6c 61 6e 39 39 39 2e 00 54 68	.range.from.wlan0.to.wlan999..Th
dd580	69 73 20 63 6f 6d 6d 61 6e 64 20 67 6f 65 73 20 68 61 6e 64 20 69 6e 20 68 61 6e 64 20 77 69 74	is.command.goes.hand.in.hand.wit
dd5a0	68 20 74 68 65 20 6c 69 73 74 65 6e 20 72 61 6e 67 65 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 6c 69	h.the.listen.range.command.to.li
dd5c0	6d 69 74 20 74 68 65 20 61 6d 6f 75 6e 74 20 6f 66 20 42 47 50 20 6e 65 69 67 68 62 6f 72 73 20	mit.the.amount.of.BGP.neighbors.
dd5e0	74 68 61 74 20 61 72 65 20 61 6c 6c 6f 77 65 64 20 74 6f 20 63 6f 6e 6e 65 63 74 20 74 6f 20 74	that.are.allowed.to.connect.to.t
dd600	68 65 20 6c 6f 63 61 6c 20 72 6f 75 74 65 72 2e 20 54 68 65 20 6c 69 6d 69 74 20 72 61 6e 67 65	he.local.router..The.limit.range
dd620	20 69 73 20 31 20 74 6f 20 35 30 30 30 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 67 6f 74 20	.is.1.to.5000..This.command.got.
dd640	61 64 64 65 64 20 69 6e 20 56 79 4f 53 20 31 2e 34 20 61 6e 64 20 69 6e 76 65 72 74 73 20 74 68	added.in.VyOS.1.4.and.inverts.th
dd660	65 20 6c 6f 67 69 63 20 66 72 6f 6d 20 74 68 65 20 6f 6c 64 20 60 60 64 65 66 61 75 6c 74 2d 72	e.logic.from.the.old.``default-r
dd680	6f 75 74 65 60 60 20 43 4c 49 20 6f 70 74 69 6f 6e 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20	oute``.CLI.option..This.command.
dd6a0	69 6e 73 74 65 61 64 20 6f 66 20 73 75 6d 6d 61 72 69 7a 69 6e 67 20 69 6e 74 72 61 20 61 72 65	instead.of.summarizing.intra.are
dd6c0	61 20 70 61 74 68 73 20 66 69 6c 74 65 72 20 74 68 65 6d 20 2d 20 69 2e 65 2e 20 69 6e 74 72 61	a.paths.filter.them.-.i.e..intra
dd6e0	20 61 72 65 61 20 70 61 74 68 73 20 66 72 6f 6d 20 74 68 69 73 20 72 61 6e 67 65 20 61 72 65 20	.area.paths.from.this.range.are.
dd700	6e 6f 74 20 61 64 76 65 72 74 69 73 65 64 20 69 6e 74 6f 20 6f 74 68 65 72 20 61 72 65 61 73 2e	not.advertised.into.other.areas.
dd720	20 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 6d 61 6b 65 73 20 73 65 6e 73 65 20 69 6e 20 41 42 52	.This.command.makes.sense.in.ABR
dd740	20 6f 6e 6c 79 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 69 73 20 61 6c 73 6f 20 75 73 65 64	.only..This.command.is.also.used
dd760	20 74 6f 20 65 6e 61 62 6c 65 20 74 68 65 20 4f 53 50 46 20 70 72 6f 63 65 73 73 2e 20 54 68 65	.to.enable.the.OSPF.process..The
dd780	20 61 72 65 61 20 6e 75 6d 62 65 72 20 63 61 6e 20 62 65 20 73 70 65 63 69 66 69 65 64 20 69 6e	.area.number.can.be.specified.in
dd7a0	20 64 65 63 69 6d 61 6c 20 6e 6f 74 61 74 69 6f 6e 20 69 6e 20 74 68 65 20 72 61 6e 67 65 20 66	.decimal.notation.in.the.range.f
dd7c0	72 6f 6d 20 30 20 74 6f 20 34 32 39 34 39 36 37 32 39 35 2e 20 4f 72 20 69 74 20 63 61 6e 20 62	rom.0.to.4294967295..Or.it.can.b
dd7e0	65 20 73 70 65 63 69 66 69 65 64 20 69 6e 20 64 6f 74 74 65 64 20 64 65 63 69 6d 61 6c 20 6e 6f	e.specified.in.dotted.decimal.no
dd800	74 61 74 69 6f 6e 20 73 69 6d 69 6c 61 72 20 74 6f 20 69 70 20 61 64 64 72 65 73 73 2e 00 54 68	tation.similar.to.ip.address..Th
dd820	69 73 20 63 6f 6d 6d 61 6e 64 20 69 73 20 6f 6e 6c 79 20 61 6c 6c 6f 77 65 64 20 66 6f 72 20 65	is.command.is.only.allowed.for.e
dd840	42 47 50 20 70 65 65 72 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 69 73 20 6f 6e 6c 79 20	BGP.peers..This.command.is.only.
dd860	61 6c 6c 6f 77 65 64 20 66 6f 72 20 65 42 47 50 20 70 65 65 72 73 2e 20 49 74 20 69 73 20 6e 6f	allowed.for.eBGP.peers..It.is.no
dd880	74 20 61 70 70 6c 69 63 61 62 6c 65 20 66 6f 72 20 70 65 65 72 20 67 72 6f 75 70 73 2e 00 54 68	t.applicable.for.peer.groups..Th
dd8a0	69 73 20 63 6f 6d 6d 61 6e 64 20 69 73 20 73 70 65 63 69 66 69 63 20 74 6f 20 46 52 52 20 61 6e	is.command.is.specific.to.FRR.an
dd8c0	64 20 56 79 4f 53 2e 20 54 68 65 20 72 6f 75 74 65 20 63 6f 6d 6d 61 6e 64 20 6d 61 6b 65 73 20	d.VyOS..The.route.command.makes.
dd8e0	61 20 73 74 61 74 69 63 20 72 6f 75 74 65 20 6f 6e 6c 79 20 69 6e 73 69 64 65 20 52 49 50 2e 20	a.static.route.only.inside.RIP..
dd900	54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 68 6f 75 6c 64 20 62 65 20 75 73 65 64 20 6f 6e 6c 79	This.command.should.be.used.only
dd920	20 62 79 20 61 64 76 61 6e 63 65 64 20 75 73 65 72 73 20 77 68 6f 20 61 72 65 20 70 61 72 74 69	.by.advanced.users.who.are.parti
dd940	63 75 6c 61 72 6c 79 20 6b 6e 6f 77 6c 65 64 67 65 61 62 6c 65 20 61 62 6f 75 74 20 74 68 65 20	cularly.knowledgeable.about.the.
dd960	52 49 50 20 70 72 6f 74 6f 63 6f 6c 2e 20 49 6e 20 6d 6f 73 74 20 63 61 73 65 73 2c 20 77 65 20	RIP.protocol..In.most.cases,.we.
dd980	72 65 63 6f 6d 6d 65 6e 64 20 63 72 65 61 74 69 6e 67 20 61 20 73 74 61 74 69 63 20 72 6f 75 74	recommend.creating.a.static.rout
dd9a0	65 20 69 6e 20 56 79 4f 53 20 61 6e 64 20 72 65 64 69 73 74 72 69 62 75 74 69 6e 67 20 69 74 20	e.in.VyOS.and.redistributing.it.
dd9c0	69 6e 20 52 49 50 20 75 73 69 6e 67 20 3a 63 66 67 63 6d 64 3a 60 72 65 64 69 73 74 72 69 62 75	in.RIP.using.:cfgcmd:`redistribu
dd9e0	74 65 20 73 74 61 74 69 63 60 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 69 73 20 75 73 65 64	te.static`..This.command.is.used
dda00	20 66 6f 72 20 61 64 76 65 72 74 69 73 69 6e 67 20 49 50 76 34 20 6f 72 20 49 50 76 36 20 6e 65	.for.advertising.IPv4.or.IPv6.ne
dda20	74 77 6f 72 6b 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 69 73 20 75 73 65 64 20 74 6f 20	tworks..This.command.is.used.to.
dda40	72 65 74 72 69 65 76 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 57 41 50 20 77	retrieve.information.about.WAP.w
dda60	69 74 68 69 6e 20 74 68 65 20 72 61 6e 67 65 20 6f 66 20 79 6f 75 72 20 77 69 72 65 6c 65 73 73	ithin.the.range.of.your.wireless
dda80	20 69 6e 74 65 72 66 61 63 65 2e 20 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 69 73 20 75 73 65 66	.interface..This.command.is.usef
ddaa0	75 6c 20 6f 6e 20 77 69 72 65 6c 65 73 73 20 69 6e 74 65 72 66 61 63 65 73 20 63 6f 6e 66 69 67	ul.on.wireless.interfaces.config
ddac0	75 72 65 64 20 69 6e 20 73 74 61 74 69 6f 6e 20 6d 6f 64 65 2e 00 54 68 69 73 20 63 6f 6d 6d 61	ured.in.station.mode..This.comma
ddae0	6e 64 20 69 73 20 75 73 65 66 75 6c 20 69 66 20 6f 6e 65 20 64 65 73 69 72 65 73 20 74 6f 20 6c	nd.is.useful.if.one.desires.to.l
ddb00	6f 6f 73 65 6e 20 74 68 65 20 72 65 71 75 69 72 65 6d 65 6e 74 20 66 6f 72 20 42 47 50 20 74 6f	oosen.the.requirement.for.BGP.to
ddb20	20 68 61 76 65 20 73 74 72 69 63 74 6c 79 20 64 65 66 69 6e 65 64 20 6e 65 69 67 68 62 6f 72 73	.have.strictly.defined.neighbors
ddb40	2e 20 53 70 65 63 69 66 69 63 61 6c 6c 79 20 77 68 61 74 20 69 73 20 61 6c 6c 6f 77 65 64 20 69	..Specifically.what.is.allowed.i
ddb60	73 20 66 6f 72 20 74 68 65 20 6c 6f 63 61 6c 20 72 6f 75 74 65 72 20 74 6f 20 6c 69 73 74 65 6e	s.for.the.local.router.to.listen
ddb80	20 74 6f 20 61 20 72 61 6e 67 65 20 6f 66 20 49 50 76 34 20 6f 72 20 49 50 76 36 20 61 64 64 72	.to.a.range.of.IPv4.or.IPv6.addr
ddba0	65 73 73 65 73 20 64 65 66 69 6e 65 64 20 62 79 20 61 20 70 72 65 66 69 78 20 61 6e 64 20 74 6f	esses.defined.by.a.prefix.and.to
ddbc0	20 61 63 63 65 70 74 20 42 47 50 20 6f 70 65 6e 20 6d 65 73 73 61 67 65 73 2e 20 57 68 65 6e 20	.accept.BGP.open.messages..When.
ddbe0	61 20 54 43 50 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 28 61 6e 64 20 73 75 62 73 65 71 75 65 6e 74	a.TCP.connection.(and.subsequent
ddc00	6c 79 20 61 20 42 47 50 20 6f 70 65 6e 20 6d 65 73 73 61 67 65 29 20 66 72 6f 6d 20 77 69 74 68	ly.a.BGP.open.message).from.with
ddc20	69 6e 20 74 68 69 73 20 72 61 6e 67 65 20 74 72 69 65 73 20 74 6f 20 63 6f 6e 6e 65 63 74 20 74	in.this.range.tries.to.connect.t
ddc40	68 65 20 6c 6f 63 61 6c 20 72 6f 75 74 65 72 20 74 68 65 6e 20 74 68 65 20 6c 6f 63 61 6c 20 72	he.local.router.then.the.local.r
ddc60	6f 75 74 65 72 20 77 69 6c 6c 20 72 65 73 70 6f 6e 64 20 61 6e 64 20 63 6f 6e 6e 65 63 74 20 77	outer.will.respond.and.connect.w
ddc80	69 74 68 20 74 68 65 20 70 61 72 61 6d 65 74 65 72 73 20 74 68 61 74 20 61 72 65 20 64 65 66 69	ith.the.parameters.that.are.defi
ddca0	6e 65 64 20 77 69 74 68 69 6e 20 74 68 65 20 70 65 65 72 20 67 72 6f 75 70 2e 20 4f 6e 65 20 6d	ned.within.the.peer.group..One.m
ddcc0	75 73 74 20 64 65 66 69 6e 65 20 61 20 70 65 65 72 2d 67 72 6f 75 70 20 66 6f 72 20 65 61 63 68	ust.define.a.peer-group.for.each
ddce0	20 72 61 6e 67 65 20 74 68 61 74 20 69 73 20 6c 69 73 74 65 64 2e 20 49 66 20 6e 6f 20 70 65 65	.range.that.is.listed..If.no.pee
ddd00	72 2d 67 72 6f 75 70 20 69 73 20 64 65 66 69 6e 65 64 20 74 68 65 6e 20 61 6e 20 65 72 72 6f 72	r-group.is.defined.then.an.error
ddd20	20 77 69 6c 6c 20 6b 65 65 70 20 79 6f 75 20 66 72 6f 6d 20 63 6f 6d 6d 69 74 74 69 6e 67 20 74	.will.keep.you.from.committing.t
ddd40	68 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 6d	he.configuration..This.command.m
ddd60	6f 64 69 66 69 65 73 20 74 68 65 20 64 65 66 61 75 6c 74 20 6d 65 74 72 69 63 20 28 68 6f 70 20	odifies.the.default.metric.(hop.
ddd80	63 6f 75 6e 74 29 20 76 61 6c 75 65 20 66 6f 72 20 72 65 64 69 73 74 72 69 62 75 74 65 64 20 72	count).value.for.redistributed.r
ddda0	6f 75 74 65 73 2e 20 54 68 65 20 6d 65 74 72 69 63 20 72 61 6e 67 65 20 69 73 20 31 20 74 6f 20	outes..The.metric.range.is.1.to.
dddc0	31 36 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 76 61 6c 75 65 20 69 73 20 31 2e 20 54 68 69 73	16..The.default.value.is.1..This
ddde0	20 63 6f 6d 6d 61 6e 64 20 64 6f 65 73 20 6e 6f 74 20 61 66 66 65 63 74 20 63 6f 6e 6e 65 63 74	.command.does.not.affect.connect
dde00	65 64 20 72 6f 75 74 65 20 65 76 65 6e 20 69 66 20 69 74 20 69 73 20 72 65 64 69 73 74 72 69 62	ed.route.even.if.it.is.redistrib
dde20	75 74 65 64 20 62 79 20 3a 63 66 67 63 6d 64 3a 60 72 65 64 69 73 74 72 69 62 75 74 65 20 63 6f	uted.by.:cfgcmd:`redistribute.co
dde40	6e 6e 65 63 74 65 64 60 2e 20 54 6f 20 6d 6f 64 69 66 79 20 63 6f 6e 6e 65 63 74 65 64 20 72 6f	nnected`..To.modify.connected.ro
dde60	75 74 65 73 20 6d 65 74 72 69 63 20 76 61 6c 75 65 2c 20 70 6c 65 61 73 65 20 75 73 65 20 3a 63	utes.metric.value,.please.use.:c
dde80	66 67 63 6d 64 3a 60 72 65 64 69 73 74 72 69 62 75 74 65 20 63 6f 6e 6e 65 63 74 65 64 20 6d 65	fgcmd:`redistribute.connected.me
ddea0	74 72 69 63 60 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 6f 76 65 72 72 69 64 65 20 41 53 20	tric`..This.command.override.AS.
ddec0	6e 75 6d 62 65 72 20 6f 66 20 74 68 65 20 6f 72 69 67 69 6e 61 74 69 6e 67 20 72 6f 75 74 65 72	number.of.the.originating.router
ddee0	20 77 69 74 68 20 74 68 65 20 6c 6f 63 61 6c 20 41 53 20 6e 75 6d 62 65 72 2e 00 54 68 69 73 20	.with.the.local.AS.number..This.
ddf00	63 6f 6d 6d 61 6e 64 20 70 72 65 76 65 6e 74 73 20 66 72 6f 6d 20 73 65 6e 64 69 6e 67 20 62 61	command.prevents.from.sending.ba
ddf20	63 6b 20 70 72 65 66 69 78 65 73 20 6c 65 61 72 6e 65 64 20 66 72 6f 6d 20 74 68 65 20 6e 65 69	ck.prefixes.learned.from.the.nei
ddf40	67 68 62 6f 72 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 70 72 6f 76 69 64 65 73 20 74 6f 20	ghbor..This.command.provides.to.
ddf60	63 6f 6d 70 61 72 65 20 64 69 66 66 65 72 65 6e 74 20 4d 45 44 20 76 61 6c 75 65 73 20 74 68 61	compare.different.MED.values.tha
ddf80	74 20 61 64 76 65 72 74 69 73 65 64 20 62 79 20 6e 65 69 67 68 62 6f 75 72 73 20 69 6e 20 74 68	t.advertised.by.neighbours.in.th
ddfa0	65 20 73 61 6d 65 20 41 53 20 66 6f 72 20 72 6f 75 74 65 73 20 73 65 6c 65 63 74 69 6f 6e 2e 20	e.same.AS.for.routes.selection..
ddfc0	57 68 65 6e 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 69 73 20 65 6e 61 62 6c 65 64 2c 20 72 6f	When.this.command.is.enabled,.ro
ddfe0	75 74 65 73 20 66 72 6f 6d 20 74 68 65 20 73 61 6d 65 20 61 75 74 6f 6e 6f 6d 6f 75 73 20 73 79	utes.from.the.same.autonomous.sy
de000	73 74 65 6d 20 61 72 65 20 67 72 6f 75 70 65 64 20 74 6f 67 65 74 68 65 72 2c 20 61 6e 64 20 74	stem.are.grouped.together,.and.t
de020	68 65 20 62 65 73 74 20 65 6e 74 72 69 65 73 20 6f 66 20 65 61 63 68 20 67 72 6f 75 70 20 61 72	he.best.entries.of.each.group.ar
de040	65 20 63 6f 6d 70 61 72 65 64 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 70 72 6f 76 69 64 65	e.compared..This.command.provide
de060	73 20 74 6f 20 63 6f 6d 70 61 72 65 20 74 68 65 20 4d 45 44 20 6f 6e 20 72 6f 75 74 65 73 2c 20	s.to.compare.the.MED.on.routes,.
de080	65 76 65 6e 20 77 68 65 6e 20 74 68 65 79 20 77 65 72 65 20 72 65 63 65 69 76 65 64 20 66 72 6f	even.when.they.were.received.fro
de0a0	6d 20 64 69 66 66 65 72 65 6e 74 20 6e 65 69 67 68 62 6f 75 72 69 6e 67 20 41 53 65 73 2e 20 53	m.different.neighbouring.ASes..S
de0c0	65 74 74 69 6e 67 20 74 68 69 73 20 6f 70 74 69 6f 6e 20 6d 61 6b 65 73 20 74 68 65 20 6f 72 64	etting.this.option.makes.the.ord
de0e0	65 72 20 6f 66 20 70 72 65 66 65 72 65 6e 63 65 20 6f 66 20 72 6f 75 74 65 73 20 6d 6f 72 65 20	er.of.preference.of.routes.more.
de100	64 65 66 69 6e 65 64 2c 20 61 6e 64 20 73 68 6f 75 6c 64 20 65 6c 69 6d 69 6e 61 74 65 20 4d 45	defined,.and.should.eliminate.ME
de120	44 20 69 6e 64 75 63 65 64 20 6f 73 63 69 6c 6c 61 74 69 6f 6e 73 2e 00 54 68 69 73 20 63 6f 6d	D.induced.oscillations..This.com
de140	6d 61 6e 64 20 72 65 64 69 73 74 72 69 62 75 74 65 73 20 72 6f 75 74 69 6e 67 20 69 6e 66 6f 72	mand.redistributes.routing.infor
de160	6d 61 74 69 6f 6e 20 66 72 6f 6d 20 74 68 65 20 67 69 76 65 6e 20 72 6f 75 74 65 20 73 6f 75 72	mation.from.the.given.route.sour
de180	63 65 20 69 6e 74 6f 20 74 68 65 20 49 53 49 53 20 64 61 74 61 62 61 73 65 20 61 73 20 4c 65 76	ce.into.the.ISIS.database.as.Lev
de1a0	65 6c 2d 31 2e 20 54 68 65 72 65 20 61 72 65 20 73 69 78 20 6d 6f 64 65 73 20 61 76 61 69 6c 61	el-1..There.are.six.modes.availa
de1c0	62 6c 65 20 66 6f 72 20 72 6f 75 74 65 20 73 6f 75 72 63 65 3a 20 62 67 70 2c 20 63 6f 6e 6e 65	ble.for.route.source:.bgp,.conne
de1e0	63 74 65 64 2c 20 6b 65 72 6e 65 6c 2c 20 6f 73 70 66 2c 20 72 69 70 2c 20 73 74 61 74 69 63 2e	cted,.kernel,.ospf,.rip,.static.
de200	00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 72 65 64 69 73 74 72 69 62 75 74 65 73 20 72 6f 75 74	.This.command.redistributes.rout
de220	69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 66 72 6f 6d 20 74 68 65 20 67 69 76 65 6e 20 72	ing.information.from.the.given.r
de240	6f 75 74 65 20 73 6f 75 72 63 65 20 69 6e 74 6f 20 74 68 65 20 49 53 49 53 20 64 61 74 61 62 61	oute.source.into.the.ISIS.databa
de260	73 65 20 61 73 20 4c 65 76 65 6c 2d 32 2e 20 54 68 65 72 65 20 61 72 65 20 73 69 78 20 6d 6f 64	se.as.Level-2..There.are.six.mod
de280	65 73 20 61 76 61 69 6c 61 62 6c 65 20 66 6f 72 20 72 6f 75 74 65 20 73 6f 75 72 63 65 3a 20 62	es.available.for.route.source:.b
de2a0	67 70 2c 20 63 6f 6e 6e 65 63 74 65 64 2c 20 6b 65 72 6e 65 6c 2c 20 6f 73 70 66 2c 20 72 69 70	gp,.connected,.kernel,.ospf,.rip
de2c0	2c 20 73 74 61 74 69 63 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 72 65 64 69 73 74 72 69 62	,.static..This.command.redistrib
de2e0	75 74 65 73 20 72 6f 75 74 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 66 72 6f 6d 20 74 68	utes.routing.information.from.th
de300	65 20 67 69 76 65 6e 20 72 6f 75 74 65 20 73 6f 75 72 63 65 20 69 6e 74 6f 20 74 68 65 20 52 49	e.given.route.source.into.the.RI
de320	50 20 74 61 62 6c 65 73 2e 20 54 68 65 72 65 20 61 72 65 20 66 69 76 65 20 6d 6f 64 65 73 20 61	P.tables..There.are.five.modes.a
de340	76 61 69 6c 61 62 6c 65 20 66 6f 72 20 72 6f 75 74 65 20 73 6f 75 72 63 65 3a 20 62 67 70 2c 20	vailable.for.route.source:.bgp,.
de360	63 6f 6e 6e 65 63 74 65 64 2c 20 6b 65 72 6e 65 6c 2c 20 6f 73 70 66 2c 20 73 74 61 74 69 63 2e	connected,.kernel,.ospf,.static.
de380	00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 72 65 64 69 73 74 72 69 62 75 74 65 73 20 72 6f 75 74	.This.command.redistributes.rout
de3a0	69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 66 72 6f 6d 20 74 68 65 20 67 69 76 65 6e 20 72	ing.information.from.the.given.r
de3c0	6f 75 74 65 20 73 6f 75 72 63 65 20 74 6f 20 74 68 65 20 42 47 50 20 70 72 6f 63 65 73 73 2e 20	oute.source.to.the.BGP.process..
de3e0	54 68 65 72 65 20 61 72 65 20 73 69 78 20 6d 6f 64 65 73 20 61 76 61 69 6c 61 62 6c 65 20 66 6f	There.are.six.modes.available.fo
de400	72 20 72 6f 75 74 65 20 73 6f 75 72 63 65 3a 20 63 6f 6e 6e 65 63 74 65 64 2c 20 6b 65 72 6e 65	r.route.source:.connected,.kerne
de420	6c 2c 20 6f 73 70 66 2c 20 72 69 70 2c 20 73 74 61 74 69 63 2c 20 74 61 62 6c 65 2e 00 54 68 69	l,.ospf,.rip,.static,.table..Thi
de440	73 20 63 6f 6d 6d 61 6e 64 20 72 65 64 69 73 74 72 69 62 75 74 65 73 20 72 6f 75 74 69 6e 67 20	s.command.redistributes.routing.
de460	69 6e 66 6f 72 6d 61 74 69 6f 6e 20 66 72 6f 6d 20 74 68 65 20 67 69 76 65 6e 20 72 6f 75 74 65	information.from.the.given.route
de480	20 73 6f 75 72 63 65 20 74 6f 20 74 68 65 20 42 61 62 65 6c 20 70 72 6f 63 65 73 73 2e 00 54 68	.source.to.the.Babel.process..Th
de4a0	69 73 20 63 6f 6d 6d 61 6e 64 20 72 65 64 69 73 74 72 69 62 75 74 65 73 20 72 6f 75 74 69 6e 67	is.command.redistributes.routing
de4c0	20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 66 72 6f 6d 20 74 68 65 20 67 69 76 65 6e 20 72 6f 75 74	.information.from.the.given.rout
de4e0	65 20 73 6f 75 72 63 65 20 74 6f 20 74 68 65 20 4f 53 50 46 20 70 72 6f 63 65 73 73 2e 20 54 68	e.source.to.the.OSPF.process..Th
de500	65 72 65 20 61 72 65 20 66 69 76 65 20 6d 6f 64 65 73 20 61 76 61 69 6c 61 62 6c 65 20 66 6f 72	ere.are.five.modes.available.for
de520	20 72 6f 75 74 65 20 73 6f 75 72 63 65 3a 20 62 67 70 2c 20 63 6f 6e 6e 65 63 74 65 64 2c 20 6b	.route.source:.bgp,.connected,.k
de540	65 72 6e 65 6c 2c 20 72 69 70 2c 20 73 74 61 74 69 63 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64	ernel,.rip,.static..This.command
de560	20 72 65 64 69 73 74 72 69 62 75 74 65 73 20 72 6f 75 74 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69	.redistributes.routing.informati
de580	6f 6e 20 66 72 6f 6d 20 74 68 65 20 67 69 76 65 6e 20 72 6f 75 74 65 20 73 6f 75 72 63 65 20 74	on.from.the.given.route.source.t
de5a0	6f 20 74 68 65 20 4f 53 50 46 76 33 20 70 72 6f 63 65 73 73 2e 20 54 68 65 72 65 20 61 72 65 20	o.the.OSPFv3.process..There.are.
de5c0	66 69 76 65 20 6d 6f 64 65 73 20 61 76 61 69 6c 61 62 6c 65 20 66 6f 72 20 72 6f 75 74 65 20 73	five.modes.available.for.route.s
de5e0	6f 75 72 63 65 3a 20 62 67 70 2c 20 63 6f 6e 6e 65 63 74 65 64 2c 20 6b 65 72 6e 65 6c 2c 20 72	ource:.bgp,.connected,.kernel,.r
de600	69 70 6e 67 2c 20 73 74 61 74 69 63 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 72 65 6d 6f 76	ipng,.static..This.command.remov
de620	65 73 20 74 68 65 20 70 72 69 76 61 74 65 20 41 53 4e 20 6f 66 20 72 6f 75 74 65 73 20 74 68 61	es.the.private.ASN.of.routes.tha
de640	74 20 61 72 65 20 61 64 76 65 72 74 69 73 65 64 20 74 6f 20 74 68 65 20 63 6f 6e 66 69 67 75 72	t.are.advertised.to.the.configur
de660	65 64 20 70 65 65 72 2e 20 49 74 20 72 65 6d 6f 76 65 73 20 6f 6e 6c 79 20 70 72 69 76 61 74 65	ed.peer..It.removes.only.private
de680	20 41 53 4e 73 20 6f 6e 20 72 6f 75 74 65 73 20 61 64 76 65 72 74 69 73 65 64 20 74 6f 20 45 42	.ASNs.on.routes.advertised.to.EB
de6a0	47 50 20 70 65 65 72 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 72 65 73 65 74 73 20 42 47	GP.peers..This.command.resets.BG
de6c0	50 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 74 6f 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 6e	P.connections.to.the.specified.n
de6e0	65 69 67 68 62 6f 72 20 49 50 20 61 64 64 72 65 73 73 2e 20 57 69 74 68 20 61 72 67 75 6d 65 6e	eighbor.IP.address..With.argumen
de700	74 20 3a 63 66 67 63 6d 64 3a 60 73 6f 66 74 60 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 69 6e	t.:cfgcmd:`soft`.this.command.in
de720	69 74 69 61 74 65 73 20 61 20 73 6f 66 74 20 72 65 73 65 74 2e 20 49 66 20 79 6f 75 20 64 6f 20	itiates.a.soft.reset..If.you.do.
de740	6e 6f 74 20 73 70 65 63 69 66 79 20 74 68 65 20 3a 63 66 67 63 6d 64 3a 60 69 6e 60 20 6f 72 20	not.specify.the.:cfgcmd:`in`.or.
de760	3a 63 66 67 63 6d 64 3a 60 6f 75 74 60 20 6f 70 74 69 6f 6e 73 2c 20 62 6f 74 68 20 69 6e 62 6f	:cfgcmd:`out`.options,.both.inbo
de780	75 6e 64 20 61 6e 64 20 6f 75 74 62 6f 75 6e 64 20 73 6f 66 74 20 72 65 63 6f 6e 66 69 67 75 72	und.and.outbound.soft.reconfigur
de7a0	61 74 69 6f 6e 20 61 72 65 20 74 72 69 67 67 65 72 65 64 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e	ation.are.triggered..This.comman
de7c0	64 20 72 65 73 65 74 73 20 42 47 50 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 74 6f 20 74 68 65 20	d.resets.BGP.connections.to.the.
de7e0	73 70 65 63 69 66 69 65 64 20 70 65 65 72 20 67 72 6f 75 70 2e 20 57 69 74 68 20 61 72 67 75 6d	specified.peer.group..With.argum
de800	65 6e 74 20 3a 63 66 67 63 6d 64 3a 60 73 6f 66 74 60 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20	ent.:cfgcmd:`soft`.this.command.
de820	69 6e 69 74 69 61 74 65 73 20 61 20 73 6f 66 74 20 72 65 73 65 74 2e 20 49 66 20 79 6f 75 20 64	initiates.a.soft.reset..If.you.d
de840	6f 20 6e 6f 74 20 73 70 65 63 69 66 79 20 74 68 65 20 3a 63 66 67 63 6d 64 3a 60 69 6e 60 20 6f	o.not.specify.the.:cfgcmd:`in`.o
de860	72 20 3a 63 66 67 63 6d 64 3a 60 6f 75 74 60 20 6f 70 74 69 6f 6e 73 2c 20 62 6f 74 68 20 69 6e	r.:cfgcmd:`out`.options,.both.in
de880	62 6f 75 6e 64 20 61 6e 64 20 6f 75 74 62 6f 75 6e 64 20 73 6f 66 74 20 72 65 63 6f 6e 66 69 67	bound.and.outbound.soft.reconfig
de8a0	75 72 61 74 69 6f 6e 20 61 72 65 20 74 72 69 67 67 65 72 65 64 2e 00 54 68 69 73 20 63 6f 6d 6d	uration.are.triggered..This.comm
de8c0	61 6e 64 20 72 65 73 65 74 73 20 61 6c 6c 20 42 47 50 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 6f	and.resets.all.BGP.connections.o
de8e0	66 20 67 69 76 65 6e 20 72 6f 75 74 65 72 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 72 65 73	f.given.router..This.command.res
de900	65 74 73 20 61 6c 6c 20 65 78 74 65 72 6e 61 6c 20 42 47 50 20 70 65 65 72 73 20 6f 66 20 67 69	ets.all.external.BGP.peers.of.gi
de920	76 65 6e 20 72 6f 75 74 65 72 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 65 6c 65 63 74 73	ven.router..This.command.selects
de940	20 41 42 52 20 6d 6f 64 65 6c 2e 20 4f 53 50 46 20 72 6f 75 74 65 72 20 73 75 70 70 6f 72 74 73	.ABR.model..OSPF.router.supports
de960	20 66 6f 75 72 20 41 42 52 20 6d 6f 64 65 6c 73 3a 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73	.four.ABR.models:.This.command.s
de980	65 74 20 64 65 66 61 75 6c 74 20 6d 65 74 72 69 63 20 66 6f 72 20 63 69 72 63 75 69 74 2e 00 54	et.default.metric.for.circuit..T
de9a0	68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 65 74 20 74 68 65 20 63 68 61 6e 6e 65 6c 20 6e 75 6d 62	his.command.set.the.channel.numb
de9c0	65 72 20 74 68 61 74 20 64 69 76 65 72 73 69 74 79 20 72 6f 75 74 69 6e 67 20 75 73 65 73 20 66	er.that.diversity.routing.uses.f
de9e0	6f 72 20 74 68 69 73 20 69 6e 74 65 72 66 61 63 65 20 28 73 65 65 20 64 69 76 65 72 73 69 74 79	or.this.interface.(see.diversity
dea00	20 6f 70 74 69 6f 6e 20 61 62 6f 76 65 29 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 65 74	.option.above)..This.command.set
dea20	73 20 41 54 54 20 62 69 74 20 74 6f 20 31 20 69 6e 20 4c 65 76 65 6c 31 20 4c 53 50 73 2e 20 49	s.ATT.bit.to.1.in.Level1.LSPs..I
dea40	74 20 69 73 20 64 65 73 63 72 69 62 65 64 20 69 6e 20 3a 72 66 63 3a 60 33 37 38 37 60 2e 00 54	t.is.described.in.:rfc:`3787`..T
dea60	68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 65 74 73 20 4c 53 50 20 6d 61 78 69 6d 75 6d 20 4c 53 50	his.command.sets.LSP.maximum.LSP
dea80	20 6c 69 66 65 74 69 6d 65 20 69 6e 20 73 65 63 6f 6e 64 73 2e 20 54 68 65 20 69 6e 74 65 72 76	.lifetime.in.seconds..The.interv
deaa0	61 6c 20 72 61 6e 67 65 20 69 73 20 33 35 30 20 74 6f 20 36 35 35 33 35 2e 20 4c 53 50 73 20 72	al.range.is.350.to.65535..LSPs.r
deac0	65 6d 61 69 6e 20 69 6e 20 61 20 64 61 74 61 62 61 73 65 20 66 6f 72 20 31 32 30 30 20 73 65 63	emain.in.a.database.for.1200.sec
deae0	6f 6e 64 73 20 62 79 20 64 65 66 61 75 6c 74 2e 20 49 66 20 74 68 65 79 20 61 72 65 20 6e 6f 74	onds.by.default..If.they.are.not
deb00	20 72 65 66 72 65 73 68 65 64 20 62 79 20 74 68 61 74 20 74 69 6d 65 2c 20 74 68 65 79 20 61 72	.refreshed.by.that.time,.they.ar
deb20	65 20 64 65 6c 65 74 65 64 2e 20 59 6f 75 20 63 61 6e 20 63 68 61 6e 67 65 20 74 68 65 20 4c 53	e.deleted..You.can.change.the.LS
deb40	50 20 72 65 66 72 65 73 68 20 69 6e 74 65 72 76 61 6c 20 6f 72 20 74 68 65 20 4c 53 50 20 6c 69	P.refresh.interval.or.the.LSP.li
deb60	66 65 74 69 6d 65 2e 20 54 68 65 20 4c 53 50 20 72 65 66 72 65 73 68 20 69 6e 74 65 72 76 61 6c	fetime..The.LSP.refresh.interval
deb80	20 73 68 6f 75 6c 64 20 62 65 20 6c 65 73 73 20 74 68 61 6e 20 74 68 65 20 4c 53 50 20 6c 69 66	.should.be.less.than.the.LSP.lif
deba0	65 74 69 6d 65 20 6f 72 20 65 6c 73 65 20 4c 53 50 73 20 77 69 6c 6c 20 74 69 6d 65 20 6f 75 74	etime.or.else.LSPs.will.time.out
debc0	20 62 65 66 6f 72 65 20 74 68 65 79 20 61 72 65 20 72 65 66 72 65 73 68 65 64 2e 00 54 68 69 73	.before.they.are.refreshed..This
debe0	20 63 6f 6d 6d 61 6e 64 20 73 65 74 73 20 4c 53 50 20 72 65 66 72 65 73 68 20 69 6e 74 65 72 76	.command.sets.LSP.refresh.interv
dec00	61 6c 20 69 6e 20 73 65 63 6f 6e 64 73 2e 20 49 53 2d 49 53 20 67 65 6e 65 72 61 74 65 73 20 4c	al.in.seconds..IS-IS.generates.L
dec20	53 50 73 20 77 68 65 6e 20 74 68 65 20 73 74 61 74 65 20 6f 66 20 61 20 6c 69 6e 6b 20 63 68 61	SPs.when.the.state.of.a.link.cha
dec40	6e 67 65 73 2e 20 48 6f 77 65 76 65 72 2c 20 74 6f 20 65 6e 73 75 72 65 20 74 68 61 74 20 72 6f	nges..However,.to.ensure.that.ro
dec60	75 74 69 6e 67 20 64 61 74 61 62 61 73 65 73 20 6f 6e 20 61 6c 6c 20 72 6f 75 74 65 72 73 20 72	uting.databases.on.all.routers.r
dec80	65 6d 61 69 6e 20 63 6f 6e 76 65 72 67 65 64 2c 20 4c 53 50 73 20 69 6e 20 73 74 61 62 6c 65 20	emain.converged,.LSPs.in.stable.
deca0	6e 65 74 77 6f 72 6b 73 20 61 72 65 20 67 65 6e 65 72 61 74 65 64 20 6f 6e 20 61 20 72 65 67 75	networks.are.generated.on.a.regu
decc0	6c 61 72 20 62 61 73 69 73 20 65 76 65 6e 20 74 68 6f 75 67 68 20 74 68 65 72 65 20 68 61 73 20	lar.basis.even.though.there.has.
dece0	62 65 65 6e 20 6e 6f 20 63 68 61 6e 67 65 20 74 6f 20 74 68 65 20 73 74 61 74 65 20 6f 66 20 74	been.no.change.to.the.state.of.t
ded00	68 65 20 6c 69 6e 6b 73 2e 20 54 68 65 20 69 6e 74 65 72 76 61 6c 20 72 61 6e 67 65 20 69 73 20	he.links..The.interval.range.is.
ded20	31 20 74 6f 20 36 35 32 33 35 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 76 61 6c 75 65 20 69 73	1.to.65235..The.default.value.is
ded40	20 39 30 30 20 73 65 63 6f 6e 64 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 65 74 73 20	.900.seconds..This.command.sets.
ded60	4f 53 50 46 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 6b 65 79 20 74 6f 20 61 20 73 69 6d	OSPF.authentication.key.to.a.sim
ded80	70 6c 65 20 70 61 73 73 77 6f 72 64 2e 20 41 66 74 65 72 20 73 65 74 74 69 6e 67 2c 20 61 6c 6c	ple.password..After.setting,.all
deda0	20 4f 53 50 46 20 70 61 63 6b 65 74 73 20 61 72 65 20 61 75 74 68 65 6e 74 69 63 61 74 65 64 2e	.OSPF.packets.are.authenticated.
dedc0	20 4b 65 79 20 68 61 73 20 6c 65 6e 67 74 68 20 75 70 20 74 6f 20 38 20 63 68 61 72 73 2e 00 54	.Key.has.length.up.to.8.chars..T
dede0	68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 65 74 73 20 50 53 4e 50 20 69 6e 74 65 72 76 61 6c 20 69	his.command.sets.PSNP.interval.i
dee00	6e 20 73 65 63 6f 6e 64 73 2e 20 54 68 65 20 69 6e 74 65 72 76 61 6c 20 72 61 6e 67 65 20 69 73	n.seconds..The.interval.range.is
dee20	20 30 20 74 6f 20 31 32 37 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 65 74 73 20 52 6f 75	.0.to.127..This.command.sets.Rou
dee40	74 65 72 20 50 72 69 6f 72 69 74 79 20 69 6e 74 65 67 65 72 20 76 61 6c 75 65 2e 20 54 68 65 20	ter.Priority.integer.value..The.
dee60	72 6f 75 74 65 72 20 77 69 74 68 20 74 68 65 20 68 69 67 68 65 73 74 20 70 72 69 6f 72 69 74 79	router.with.the.highest.priority
dee80	20 77 69 6c 6c 20 62 65 20 6d 6f 72 65 20 65 6c 69 67 69 62 6c 65 20 74 6f 20 62 65 63 6f 6d 65	.will.be.more.eligible.to.become
deea0	20 44 65 73 69 67 6e 61 74 65 64 20 52 6f 75 74 65 72 2e 20 53 65 74 74 69 6e 67 20 74 68 65 20	.Designated.Router..Setting.the.
deec0	76 61 6c 75 65 20 74 6f 20 30 2c 20 6d 61 6b 65 73 20 74 68 65 20 72 6f 75 74 65 72 20 69 6e 65	value.to.0,.makes.the.router.ine
deee0	6c 69 67 69 62 6c 65 20 74 6f 20 62 65 63 6f 6d 65 20 44 65 73 69 67 6e 61 74 65 64 20 52 6f 75	ligible.to.become.Designated.Rou
def00	74 65 72 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 76 61 6c 75 65 20 69 73 20 31 2e 20 54 68 65	ter..The.default.value.is.1..The
def20	20 69 6e 74 65 72 76 61 6c 20 72 61 6e 67 65 20 69 73 20 30 20 74 6f 20 32 35 35 2e 00 54 68 69	.interval.range.is.0.to.255..Thi
def40	73 20 63 6f 6d 6d 61 6e 64 20 73 65 74 73 20 64 65 66 61 75 6c 74 20 52 49 50 20 64 69 73 74 61	s.command.sets.default.RIP.dista
def60	6e 63 65 20 74 6f 20 61 20 73 70 65 63 69 66 69 65 64 20 76 61 6c 75 65 20 77 68 65 6e 20 74 68	nce.to.a.specified.value.when.th
def80	65 20 72 6f 75 74 65 73 20 73 6f 75 72 63 65 20 49 50 20 61 64 64 72 65 73 73 20 6d 61 74 63 68	e.routes.source.IP.address.match
defa0	65 73 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 70 72 65 66 69 78 2e 00 54 68 69 73 20 63 6f	es.the.specified.prefix..This.co
defc0	6d 6d 61 6e 64 20 73 65 74 73 20 68 65 6c 6c 6f 20 69 6e 74 65 72 76 61 6c 20 69 6e 20 73 65 63	mmand.sets.hello.interval.in.sec
defe0	6f 6e 64 73 20 6f 6e 20 61 20 67 69 76 65 6e 20 69 6e 74 65 72 66 61 63 65 2e 20 54 68 65 20 72	onds.on.a.given.interface..The.r
df000	61 6e 67 65 20 69 73 20 31 20 74 6f 20 36 30 30 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73	ange.is.1.to.600..This.command.s
df020	65 74 73 20 6c 69 6e 6b 20 63 6f 73 74 20 66 6f 72 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20	ets.link.cost.for.the.specified.
df040	69 6e 74 65 72 66 61 63 65 2e 20 54 68 65 20 63 6f 73 74 20 76 61 6c 75 65 20 69 73 20 73 65 74	interface..The.cost.value.is.set
df060	20 74 6f 20 72 6f 75 74 65 72 2d 4c 53 41 e2 80 99 73 20 6d 65 74 72 69 63 20 66 69 65 6c 64 20	.to.router-LSA...s.metric.field.
df080	61 6e 64 20 75 73 65 64 20 66 6f 72 20 53 50 46 20 63 61 6c 63 75 6c 61 74 69 6f 6e 2e 20 54 68	and.used.for.SPF.calculation..Th
df0a0	65 20 63 6f 73 74 20 72 61 6e 67 65 20 69 73 20 31 20 74 6f 20 36 35 35 33 35 2e 00 54 68 69 73	e.cost.range.is.1.to.65535..This
df0c0	20 63 6f 6d 6d 61 6e 64 20 73 65 74 73 20 6d 69 6e 69 6d 75 6d 20 69 6e 74 65 72 76 61 6c 20 62	.command.sets.minimum.interval.b
df0e0	65 74 77 65 65 6e 20 63 6f 6e 73 65 63 75 74 69 76 65 20 53 50 46 20 63 61 6c 63 75 6c 61 74 69	etween.consecutive.SPF.calculati
df100	6f 6e 73 20 69 6e 20 73 65 63 6f 6e 64 73 2e 54 68 65 20 69 6e 74 65 72 76 61 6c 20 72 61 6e 67	ons.in.seconds.The.interval.rang
df120	65 20 69 73 20 31 20 74 6f 20 31 32 30 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 65 74 73	e.is.1.to.120..This.command.sets
df140	20 6d 69 6e 69 6d 75 6d 20 69 6e 74 65 72 76 61 6c 20 69 6e 20 73 65 63 6f 6e 64 73 20 62 65 74	.minimum.interval.in.seconds.bet
df160	77 65 65 6e 20 72 65 67 65 6e 65 72 61 74 69 6e 67 20 73 61 6d 65 20 4c 53 50 2e 20 54 68 65 20	ween.regenerating.same.LSP..The.
df180	69 6e 74 65 72 76 61 6c 20 72 61 6e 67 65 20 69 73 20 31 20 74 6f 20 31 32 30 2e 00 54 68 69 73	interval.range.is.1.to.120..This
df1a0	20 63 6f 6d 6d 61 6e 64 20 73 65 74 73 20 6d 75 6c 74 69 70 6c 69 65 72 20 66 6f 72 20 68 65 6c	.command.sets.multiplier.for.hel
df1c0	6c 6f 20 68 6f 6c 64 69 6e 67 20 74 69 6d 65 20 6f 6e 20 61 20 67 69 76 65 6e 20 69 6e 74 65 72	lo.holding.time.on.a.given.inter
df1e0	66 61 63 65 2e 20 54 68 65 20 72 61 6e 67 65 20 69 73 20 32 20 74 6f 20 31 30 30 2e 00 54 68 69	face..The.range.is.2.to.100..Thi
df200	73 20 63 6f 6d 6d 61 6e 64 20 73 65 74 73 20 6e 75 6d 62 65 72 20 6f 66 20 73 65 63 6f 6e 64 73	s.command.sets.number.of.seconds
df220	20 66 6f 72 20 49 6e 66 54 72 61 6e 73 44 65 6c 61 79 20 76 61 6c 75 65 2e 20 49 74 20 61 6c 6c	.for.InfTransDelay.value..It.all
df240	6f 77 73 20 74 6f 20 73 65 74 20 61 6e 64 20 61 64 6a 75 73 74 20 66 6f 72 20 65 61 63 68 20 69	ows.to.set.and.adjust.for.each.i
df260	6e 74 65 72 66 61 63 65 20 74 68 65 20 64 65 6c 61 79 20 69 6e 74 65 72 76 61 6c 20 62 65 66 6f	nterface.the.delay.interval.befo
df280	72 65 20 73 74 61 72 74 69 6e 67 20 74 68 65 20 73 79 6e 63 68 72 6f 6e 69 7a 69 6e 67 20 70 72	re.starting.the.synchronizing.pr
df2a0	6f 63 65 73 73 20 6f 66 20 74 68 65 20 72 6f 75 74 65 72 27 73 20 64 61 74 61 62 61 73 65 20 77	ocess.of.the.router's.database.w
df2c0	69 74 68 20 61 6c 6c 20 6e 65 69 67 68 62 6f 72 73 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 76	ith.all.neighbors..The.default.v
df2e0	61 6c 75 65 20 69 73 20 31 20 73 65 63 6f 6e 64 73 2e 20 54 68 65 20 69 6e 74 65 72 76 61 6c 20	alue.is.1.seconds..The.interval.
df300	72 61 6e 67 65 20 69 73 20 33 20 74 6f 20 36 35 35 33 35 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e	range.is.3.to.65535..This.comman
df320	64 20 73 65 74 73 20 6e 75 6d 62 65 72 20 6f 66 20 73 65 63 6f 6e 64 73 20 66 6f 72 20 52 78 6d	d.sets.number.of.seconds.for.Rxm
df340	74 49 6e 74 65 72 76 61 6c 20 74 69 6d 65 72 20 76 61 6c 75 65 2e 20 54 68 69 73 20 76 61 6c 75	tInterval.timer.value..This.valu
df360	65 20 69 73 20 75 73 65 64 20 77 68 65 6e 20 72 65 74 72 61 6e 73 6d 69 74 74 69 6e 67 20 44 61	e.is.used.when.retransmitting.Da
df380	74 61 62 61 73 65 20 44 65 73 63 72 69 70 74 69 6f 6e 20 61 6e 64 20 4c 69 6e 6b 20 53 74 61 74	tabase.Description.and.Link.Stat
df3a0	65 20 52 65 71 75 65 73 74 20 70 61 63 6b 65 74 73 20 69 66 20 61 63 6b 6e 6f 77 6c 65 64 67 65	e.Request.packets.if.acknowledge
df3c0	20 77 61 73 20 6e 6f 74 20 72 65 63 65 69 76 65 64 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 76	.was.not.received..The.default.v
df3e0	61 6c 75 65 20 69 73 20 35 20 73 65 63 6f 6e 64 73 2e 20 54 68 65 20 69 6e 74 65 72 76 61 6c 20	alue.is.5.seconds..The.interval.
df400	72 61 6e 67 65 20 69 73 20 33 20 74 6f 20 36 35 35 33 35 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e	range.is.3.to.65535..This.comman
df420	64 20 73 65 74 73 20 6f 6c 64 2d 73 74 79 6c 65 20 28 49 53 4f 20 31 30 35 38 39 29 20 6f 72 20	d.sets.old-style.(ISO.10589).or.
df440	6e 65 77 20 73 74 79 6c 65 20 70 61 63 6b 65 74 20 66 6f 72 6d 61 74 73 3a 00 54 68 69 73 20 63	new.style.packet.formats:.This.c
df460	6f 6d 6d 61 6e 64 20 73 65 74 73 20 6f 74 68 65 72 20 63 6f 6e 66 65 64 65 72 61 74 69 6f 6e 73	ommand.sets.other.confederations
df480	20 3c 6e 73 75 62 61 73 6e 3e 20 61 73 20 6d 65 6d 62 65 72 73 20 6f 66 20 61 75 74 6f 6e 6f 6d	.<nsubasn>.as.members.of.autonom
df4a0	6f 75 73 20 73 79 73 74 65 6d 20 73 70 65 63 69 66 69 65 64 20 62 79 20 3a 63 66 67 63 6d 64 3a	ous.system.specified.by.:cfgcmd:
df4c0	60 63 6f 6e 66 65 64 65 72 61 74 69 6f 6e 20 69 64 65 6e 74 69 66 69 65 72 20 3c 61 73 6e 3e 60	`confederation.identifier.<asn>`
df4e0	2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 65 74 73 20 6f 76 65 72 6c 6f 61 64 20 62 69 74	..This.command.sets.overload.bit
df500	20 74 6f 20 61 76 6f 69 64 20 61 6e 79 20 74 72 61 6e 73 69 74 20 74 72 61 66 66 69 63 20 74 68	.to.avoid.any.transit.traffic.th
df520	72 6f 75 67 68 20 74 68 69 73 20 72 6f 75 74 65 72 2e 20 49 74 20 69 73 20 64 65 73 63 72 69 62	rough.this.router..It.is.describ
df540	65 64 20 69 6e 20 3a 72 66 63 3a 60 33 37 38 37 60 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20	ed.in.:rfc:`3787`..This.command.
df560	73 65 74 73 20 70 72 69 6f 72 69 74 79 20 66 6f 72 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20	sets.priority.for.the.interface.
df580	66 6f 72 20 3a 61 62 62 72 3a 60 44 49 53 20 28 44 65 73 69 67 6e 61 74 65 64 20 49 6e 74 65 72	for.:abbr:`DIS.(Designated.Inter
df5a0	6d 65 64 69 61 74 65 20 53 79 73 74 65 6d 29 60 20 65 6c 65 63 74 69 6f 6e 2e 20 54 68 65 20 70	mediate.System)`.election..The.p
df5c0	72 69 6f 72 69 74 79 20 72 61 6e 67 65 20 69 73 20 30 20 74 6f 20 31 32 37 2e 00 54 68 69 73 20	riority.range.is.0.to.127..This.
df5e0	63 6f 6d 6d 61 6e 64 20 73 65 74 73 20 74 68 65 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20	command.sets.the.administrative.
df600	64 69 73 74 61 6e 63 65 20 66 6f 72 20 61 20 70 61 72 74 69 63 75 6c 61 72 20 72 6f 75 74 65 2e	distance.for.a.particular.route.
df620	20 54 68 65 20 64 69 73 74 61 6e 63 65 20 72 61 6e 67 65 20 69 73 20 31 20 74 6f 20 32 35 35 2e	.The.distance.range.is.1.to.255.
df640	00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 65 74 73 20 74 68 65 20 63 6f 73 74 20 6f 66 20 64	.This.command.sets.the.cost.of.d
df660	65 66 61 75 6c 74 2d 73 75 6d 6d 61 72 79 20 4c 53 41 73 20 61 6e 6e 6f 75 6e 63 65 64 20 74 6f	efault-summary.LSAs.announced.to
df680	20 73 74 75 62 62 79 20 61 72 65 61 73 2e 20 54 68 65 20 63 6f 73 74 20 72 61 6e 67 65 20 69 73	.stubby.areas..The.cost.range.is
df6a0	20 30 20 74 6f 20 31 36 37 37 37 32 31 35 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 65 74	.0.to.16777215..This.command.set
df6c0	73 20 74 68 65 20 64 65 66 61 75 6c 74 20 63 6f 73 74 20 6f 66 20 4c 53 41 73 20 61 6e 6e 6f 75	s.the.default.cost.of.LSAs.annou
df6e0	6e 63 65 64 20 74 6f 20 4e 53 53 41 20 61 72 65 61 73 2e 20 54 68 65 20 63 6f 73 74 20 72 61 6e	nced.to.NSSA.areas..The.cost.ran
df700	67 65 20 69 73 20 30 20 74 6f 20 31 36 37 37 37 32 31 35 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e	ge.is.0.to.16777215..This.comman
df720	64 20 73 65 74 73 20 74 68 65 20 69 6e 69 74 69 61 6c 20 64 65 6c 61 79 2c 20 74 68 65 20 69 6e	d.sets.the.initial.delay,.the.in
df740	69 74 69 61 6c 2d 68 6f 6c 64 74 69 6d 65 20 61 6e 64 20 74 68 65 20 6d 61 78 69 6d 75 6d 2d 68	itial-holdtime.and.the.maximum-h
df760	6f 6c 64 74 69 6d 65 20 62 65 74 77 65 65 6e 20 77 68 65 6e 20 53 50 46 20 69 73 20 63 61 6c 63	oldtime.between.when.SPF.is.calc
df780	75 6c 61 74 65 64 20 61 6e 64 20 74 68 65 20 65 76 65 6e 74 20 77 68 69 63 68 20 74 72 69 67 67	ulated.and.the.event.which.trigg
df7a0	65 72 65 64 20 74 68 65 20 63 61 6c 63 75 6c 61 74 69 6f 6e 2e 20 54 68 65 20 74 69 6d 65 73 20	ered.the.calculation..The.times.
df7c0	61 72 65 20 73 70 65 63 69 66 69 65 64 20 69 6e 20 6d 69 6c 6c 69 73 65 63 6f 6e 64 73 20 61 6e	are.specified.in.milliseconds.an
df7e0	64 20 6d 75 73 74 20 62 65 20 69 6e 20 74 68 65 20 72 61 6e 67 65 20 6f 66 20 30 20 74 6f 20 36	d.must.be.in.the.range.of.0.to.6
df800	30 30 30 30 30 20 6d 69 6c 6c 69 73 65 63 6f 6e 64 73 2e 20 3a 63 66 67 63 6d 64 3a 60 64 65 6c	00000.milliseconds..:cfgcmd:`del
df820	61 79 60 20 73 65 74 73 20 74 68 65 20 69 6e 69 74 69 61 6c 20 53 50 46 20 73 63 68 65 64 75 6c	ay`.sets.the.initial.SPF.schedul
df840	65 20 64 65 6c 61 79 20 69 6e 20 6d 69 6c 6c 69 73 65 63 6f 6e 64 73 2e 20 54 68 65 20 64 65 66	e.delay.in.milliseconds..The.def
df860	61 75 6c 74 20 76 61 6c 75 65 20 69 73 20 32 30 30 20 6d 73 2e 20 3a 63 66 67 63 6d 64 3a 60 69	ault.value.is.200.ms..:cfgcmd:`i
df880	6e 69 74 69 61 6c 2d 68 6f 6c 64 74 69 6d 65 60 20 73 65 74 73 20 74 68 65 20 6d 69 6e 69 6d 75	nitial-holdtime`.sets.the.minimu
df8a0	6d 20 68 6f 6c 64 20 74 69 6d 65 20 62 65 74 77 65 65 6e 20 74 77 6f 20 63 6f 6e 73 65 63 75 74	m.hold.time.between.two.consecut
df8c0	69 76 65 20 53 50 46 20 63 61 6c 63 75 6c 61 74 69 6f 6e 73 2e 20 54 68 65 20 64 65 66 61 75 6c	ive.SPF.calculations..The.defaul
df8e0	74 20 76 61 6c 75 65 20 69 73 20 31 30 30 30 20 6d 73 2e 20 3a 63 66 67 63 6d 64 3a 60 6d 61 78	t.value.is.1000.ms..:cfgcmd:`max
df900	2d 68 6f 6c 64 74 69 6d 65 60 20 73 65 74 73 20 74 68 65 20 6d 61 78 69 6d 75 6d 20 77 61 69 74	-holdtime`.sets.the.maximum.wait
df920	20 74 69 6d 65 20 62 65 74 77 65 65 6e 20 74 77 6f 20 63 6f 6e 73 65 63 75 74 69 76 65 20 53 50	.time.between.two.consecutive.SP
df940	46 20 63 61 6c 63 75 6c 61 74 69 6f 6e 73 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 76 61 6c 75	F.calculations..The.default.valu
df960	65 20 69 73 20 31 30 30 30 30 20 6d 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 65 74 73	e.is.10000.ms..This.command.sets
df980	20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 62 61 6e 64 77 69 64 74 68 20 66 6f 72 20 63 6f 73	.the.interface.bandwidth.for.cos
df9a0	74 20 63 61 6c 63 75 6c 61 74 69 6f 6e 73 2c 20 77 68 65 72 65 20 62 61 6e 64 77 69 64 74 68 20	t.calculations,.where.bandwidth.
df9c0	63 61 6e 20 62 65 20 69 6e 20 72 61 6e 67 65 20 66 72 6f 6d 20 31 20 74 6f 20 31 30 30 30 30 30	can.be.in.range.from.1.to.100000
df9e0	2c 20 73 70 65 63 69 66 69 65 64 20 69 6e 20 4d 62 69 74 73 2f 73 2e 00 54 68 69 73 20 63 6f 6d	,.specified.in.Mbits/s..This.com
dfa00	6d 61 6e 64 20 73 65 74 73 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 74 79 70 65 3a 00 54 68	mand.sets.the.interface.type:.Th
dfa20	69 73 20 63 6f 6d 6d 61 6e 64 20 73 65 74 73 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 77 69	is.command.sets.the.interface.wi
dfa40	74 68 20 52 49 50 20 4d 44 35 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 2e 20 54 68 69 73 20	th.RIP.MD5.authentication..This.
dfa60	63 6f 6d 6d 61 6e 64 20 61 6c 73 6f 20 73 65 74 73 20 4d 44 35 20 4b 65 79 2e 20 54 68 65 20 6b	command.also.sets.MD5.Key..The.k
dfa80	65 79 20 6d 75 73 74 20 62 65 20 73 68 6f 72 74 65 72 20 74 68 61 6e 20 31 36 20 63 68 61 72 61	ey.must.be.shorter.than.16.chara
dfaa0	63 74 65 72 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 65 74 73 20 74 68 65 20 69 6e 74	cters..This.command.sets.the.int
dfac0	65 72 66 61 63 65 20 77 69 74 68 20 52 49 50 20 73 69 6d 70 6c 65 20 70 61 73 73 77 6f 72 64 20	erface.with.RIP.simple.password.
dfae0	61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 2e 20 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 61 6c 73	authentication..This.command.als
dfb00	6f 20 73 65 74 73 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 73 74 72 69 6e 67 2e 20 54 68	o.sets.authentication.string..Th
dfb20	65 20 73 74 72 69 6e 67 20 6d 75 73 74 20 62 65 20 73 68 6f 72 74 65 72 20 74 68 61 6e 20 31 36	e.string.must.be.shorter.than.16
dfb40	20 63 68 61 72 61 63 74 65 72 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 65 74 73 20 74	.characters..This.command.sets.t
dfb60	68 65 20 6d 75 6c 74 69 70 6c 69 63 61 74 69 76 65 20 66 61 63 74 6f 72 20 75 73 65 64 20 66 6f	he.multiplicative.factor.used.fo
dfb80	72 20 64 69 76 65 72 73 69 74 79 20 72 6f 75 74 69 6e 67 2c 20 69 6e 20 75 6e 69 74 73 20 6f 66	r.diversity.routing,.in.units.of
dfba0	20 31 2f 32 35 36 3b 20 6c 6f 77 65 72 20 76 61 6c 75 65 73 20 63 61 75 73 65 20 64 69 76 65 72	.1/256;.lower.values.cause.diver
dfbc0	73 69 74 79 20 74 6f 20 70 6c 61 79 20 61 20 6d 6f 72 65 20 69 6d 70 6f 72 74 61 6e 74 20 72 6f	sity.to.play.a.more.important.ro
dfbe0	6c 65 20 69 6e 20 72 6f 75 74 65 20 73 65 6c 65 63 74 69 6f 6e 2e 20 54 68 65 20 64 65 66 61 75	le.in.route.selection..The.defau
dfc00	6c 74 20 69 74 20 32 35 36 2c 20 77 68 69 63 68 20 6d 65 61 6e 73 20 74 68 61 74 20 64 69 76 65	lt.it.256,.which.means.that.dive
dfc20	72 73 69 74 79 20 70 6c 61 79 73 20 6e 6f 20 72 6f 6c 65 20 69 6e 20 72 6f 75 74 65 20 73 65 6c	rsity.plays.no.role.in.route.sel
dfc40	65 63 74 69 6f 6e 3b 20 79 6f 75 20 77 69 6c 6c 20 70 72 6f 62 61 62 6c 79 20 77 61 6e 74 20 74	ection;.you.will.probably.want.t
dfc60	6f 20 73 65 74 20 74 68 61 74 20 74 6f 20 31 32 38 20 6f 72 20 6c 65 73 73 20 6f 6e 20 6e 6f 64	o.set.that.to.128.or.less.on.nod
dfc80	65 73 20 77 69 74 68 20 6d 75 6c 74 69 70 6c 65 20 69 6e 64 65 70 65 6e 64 65 6e 74 20 72 61 64	es.with.multiple.independent.rad
dfca0	69 6f 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 65 74 73 20 74 68 65 20 72 65 66 65 72	ios..This.command.sets.the.refer
dfcc0	65 6e 63 65 20 62 61 6e 64 77 69 64 74 68 20 66 6f 72 20 63 6f 73 74 20 63 61 6c 63 75 6c 61 74	ence.bandwidth.for.cost.calculat
dfce0	69 6f 6e 73 2c 20 77 68 65 72 65 20 62 61 6e 64 77 69 64 74 68 20 63 61 6e 20 62 65 20 69 6e 20	ions,.where.bandwidth.can.be.in.
dfd00	72 61 6e 67 65 20 66 72 6f 6d 20 31 20 74 6f 20 34 32 39 34 39 36 37 2c 20 73 70 65 63 69 66 69	range.from.1.to.4294967,.specifi
dfd20	65 64 20 69 6e 20 4d 62 69 74 73 2f 73 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 69 73 20 31 30	ed.in.Mbits/s..The.default.is.10
dfd40	30 4d 62 69 74 2f 73 20 28 69 2e 65 2e 20 61 20 6c 69 6e 6b 20 6f 66 20 62 61 6e 64 77 69 64 74	0Mbit/s.(i.e..a.link.of.bandwidt
dfd60	68 20 31 30 30 4d 62 69 74 2f 73 20 6f 72 20 68 69 67 68 65 72 20 77 69 6c 6c 20 68 61 76 65 20	h.100Mbit/s.or.higher.will.have.
dfd80	61 20 63 6f 73 74 20 6f 66 20 31 2e 20 43 6f 73 74 20 6f 66 20 6c 6f 77 65 72 20 62 61 6e 64 77	a.cost.of.1..Cost.of.lower.bandw
dfda0	69 64 74 68 20 6c 69 6e 6b 73 20 77 69 6c 6c 20 62 65 20 73 63 61 6c 65 64 20 77 69 74 68 20 72	idth.links.will.be.scaled.with.r
dfdc0	65 66 65 72 65 6e 63 65 20 74 6f 20 74 68 69 73 20 63 6f 73 74 29 2e 00 54 68 69 73 20 63 6f 6d	eference.to.this.cost)..This.com
dfde0	6d 61 6e 64 20 73 65 74 73 20 74 68 65 20 72 6f 75 74 65 72 2d 49 44 20 6f 66 20 74 68 65 20 4f	mand.sets.the.router-ID.of.the.O
dfe00	53 50 46 20 70 72 6f 63 65 73 73 2e 20 54 68 65 20 72 6f 75 74 65 72 2d 49 44 20 6d 61 79 20 62	SPF.process..The.router-ID.may.b
dfe20	65 20 61 6e 20 49 50 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 72 6f 75 74 65 72 2c 20 62	e.an.IP.address.of.the.router,.b
dfe40	75 74 20 6e 65 65 64 20 6e 6f 74 20 62 65 20 e2 80 93 20 69 74 20 63 61 6e 20 62 65 20 61 6e 79	ut.need.not.be.....it.can.be.any
dfe60	20 61 72 62 69 74 72 61 72 79 20 33 32 62 69 74 20 6e 75 6d 62 65 72 2e 20 48 6f 77 65 76 65 72	.arbitrary.32bit.number..However
dfe80	20 69 74 20 4d 55 53 54 20 62 65 20 75 6e 69 71 75 65 20 77 69 74 68 69 6e 20 74 68 65 20 65 6e	.it.MUST.be.unique.within.the.en
dfea0	74 69 72 65 20 4f 53 50 46 20 64 6f 6d 61 69 6e 20 74 6f 20 74 68 65 20 4f 53 50 46 20 73 70 65	tire.OSPF.domain.to.the.OSPF.spe
dfec0	61 6b 65 72 20 e2 80 93 20 62 61 64 20 74 68 69 6e 67 73 20 77 69 6c 6c 20 68 61 70 70 65 6e 20	aker.....bad.things.will.happen.
dfee0	69 66 20 6d 75 6c 74 69 70 6c 65 20 4f 53 50 46 20 73 70 65 61 6b 65 72 73 20 61 72 65 20 63 6f	if.multiple.OSPF.speakers.are.co
dff00	6e 66 69 67 75 72 65 64 20 77 69 74 68 20 74 68 65 20 73 61 6d 65 20 72 6f 75 74 65 72 2d 49 44	nfigured.with.the.same.router-ID
dff20	21 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 65 74 73 20 74 68 65 20 72 6f 75 74 65 72 2d 49	!.This.command.sets.the.router-I
dff40	44 20 6f 66 20 74 68 65 20 4f 53 50 46 76 33 20 70 72 6f 63 65 73 73 2e 20 54 68 65 20 72 6f 75	D.of.the.OSPFv3.process..The.rou
dff60	74 65 72 2d 49 44 20 6d 61 79 20 62 65 20 61 6e 20 49 50 20 61 64 64 72 65 73 73 20 6f 66 20 74	ter-ID.may.be.an.IP.address.of.t
dff80	68 65 20 72 6f 75 74 65 72 2c 20 62 75 74 20 6e 65 65 64 20 6e 6f 74 20 62 65 20 e2 80 93 20 69	he.router,.but.need.not.be.....i
dffa0	74 20 63 61 6e 20 62 65 20 61 6e 79 20 61 72 62 69 74 72 61 72 79 20 33 32 62 69 74 20 6e 75 6d	t.can.be.any.arbitrary.32bit.num
dffc0	62 65 72 2e 20 48 6f 77 65 76 65 72 20 69 74 20 4d 55 53 54 20 62 65 20 75 6e 69 71 75 65 20 77	ber..However.it.MUST.be.unique.w
dffe0	69 74 68 69 6e 20 74 68 65 20 65 6e 74 69 72 65 20 4f 53 50 46 76 33 20 64 6f 6d 61 69 6e 20 74	ithin.the.entire.OSPFv3.domain.t
e0000	6f 20 74 68 65 20 4f 53 50 46 76 33 20 73 70 65 61 6b 65 72 20 e2 80 93 20 62 61 64 20 74 68 69	o.the.OSPFv3.speaker.....bad.thi
e0020	6e 67 73 20 77 69 6c 6c 20 68 61 70 70 65 6e 20 69 66 20 6d 75 6c 74 69 70 6c 65 20 4f 53 50 46	ngs.will.happen.if.multiple.OSPF
e0040	76 33 20 73 70 65 61 6b 65 72 73 20 61 72 65 20 63 6f 6e 66 69 67 75 72 65 64 20 77 69 74 68 20	v3.speakers.are.configured.with.
e0060	74 68 65 20 73 61 6d 65 20 72 6f 75 74 65 72 2d 49 44 21 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64	the.same.router-ID!.This.command
e0080	20 73 65 74 73 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 69 6e 74 65 72 66 61 63 65 20 74 6f	.sets.the.specified.interface.to
e00a0	20 70 61 73 73 69 76 65 20 6d 6f 64 65 2e 20 4f 6e 20 70 61 73 73 69 76 65 20 6d 6f 64 65 20 69	.passive.mode..On.passive.mode.i
e00c0	6e 74 65 72 66 61 63 65 2c 20 61 6c 6c 20 72 65 63 65 69 76 69 6e 67 20 70 61 63 6b 65 74 73 20	nterface,.all.receiving.packets.
e00e0	61 72 65 20 70 72 6f 63 65 73 73 65 64 20 61 73 20 6e 6f 72 6d 61 6c 20 61 6e 64 20 56 79 4f 53	are.processed.as.normal.and.VyOS
e0100	20 64 6f 65 73 20 6e 6f 74 20 73 65 6e 64 20 65 69 74 68 65 72 20 6d 75 6c 74 69 63 61 73 74 20	.does.not.send.either.multicast.
e0120	6f 72 20 75 6e 69 63 61 73 74 20 52 49 50 20 70 61 63 6b 65 74 73 20 65 78 63 65 70 74 20 74 6f	or.unicast.RIP.packets.except.to
e0140	20 52 49 50 20 6e 65 69 67 68 62 6f 72 73 20 73 70 65 63 69 66 69 65 64 20 77 69 74 68 20 6e 65	.RIP.neighbors.specified.with.ne
e0160	69 67 68 62 6f 72 20 63 6f 6d 6d 61 6e 64 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 68 6f	ighbor.command..This.command.sho
e0180	75 6c 64 20 4e 4f 54 20 62 65 20 73 65 74 20 6e 6f 72 6d 61 6c 6c 79 2e 00 54 68 69 73 20 63 6f	uld.NOT.be.set.normally..This.co
e01a0	6d 6d 61 6e 64 20 73 68 6f 77 73 20 62 6f 74 68 20 73 74 61 74 75 73 20 61 6e 64 20 73 74 61 74	mmand.shows.both.status.and.stat
e01c0	69 73 74 69 63 73 20 6f 6e 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 77 69 72 65 6c 65 73 73	istics.on.the.specified.wireless
e01e0	20 69 6e 74 65 72 66 61 63 65 2e 20 54 68 65 20 77 69 72 65 6c 65 73 73 20 69 6e 74 65 72 66 61	.interface..The.wireless.interfa
e0200	63 65 20 69 64 65 6e 74 69 66 69 65 72 20 63 61 6e 20 72 61 6e 67 65 20 66 72 6f 6d 20 77 6c 61	ce.identifier.can.range.from.wla
e0220	6e 30 20 74 6f 20 77 6c 61 6e 39 39 39 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63	n0.to.wlan999..This.command.spec
e0240	69 66 69 65 73 20 61 20 42 47 50 20 63 6f 6e 66 65 64 65 72 61 74 69 6f 6e 20 69 64 65 6e 74 69	ifies.a.BGP.confederation.identi
e0260	66 69 65 72 2e 20 3c 61 73 6e 3e 20 69 73 20 74 68 65 20 6e 75 6d 62 65 72 20 6f 66 20 74 68 65	fier..<asn>.is.the.number.of.the
e0280	20 61 75 74 6f 6e 6f 6d 6f 75 73 20 73 79 73 74 65 6d 20 74 68 61 74 20 69 6e 74 65 72 6e 61 6c	.autonomous.system.that.internal
e02a0	6c 79 20 69 6e 63 6c 75 64 65 73 20 6d 75 6c 74 69 70 6c 65 20 73 75 62 2d 61 75 74 6f 6e 6f 6d	ly.includes.multiple.sub-autonom
e02c0	6f 75 73 20 73 79 73 74 65 6d 73 20 28 61 20 63 6f 6e 66 65 64 65 72 61 74 69 6f 6e 29 2e 00 54	ous.systems.(a.confederation)..T
e02e0	68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 61 20 42 61 62 65 6c 20 65 6e	his.command.specifies.a.Babel.en
e0300	61 62 6c 65 64 20 69 6e 74 65 72 66 61 63 65 20 62 79 20 69 6e 74 65 72 66 61 63 65 20 6e 61 6d	abled.interface.by.interface.nam
e0320	65 2e 20 42 6f 74 68 20 74 68 65 20 73 65 6e 64 69 6e 67 20 61 6e 64 20 72 65 63 65 69 76 69 6e	e..Both.the.sending.and.receivin
e0340	67 20 6f 66 20 42 61 62 65 6c 20 70 61 63 6b 65 74 73 20 77 69 6c 6c 20 62 65 20 65 6e 61 62 6c	g.of.Babel.packets.will.be.enabl
e0360	65 64 20 6f 6e 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 73 70 65 63 69 66 69 65 64 20 69 6e	ed.on.the.interface.specified.in
e0380	20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63	.this.command..This.command.spec
e03a0	69 66 69 65 73 20 61 20 4d 44 35 20 70 61 73 73 77 6f 72 64 20 74 6f 20 62 65 20 75 73 65 64 20	ifies.a.MD5.password.to.be.used.
e03c0	77 69 74 68 20 74 68 65 20 74 63 70 20 73 6f 63 6b 65 74 20 74 68 61 74 20 69 73 20 62 65 69 6e	with.the.tcp.socket.that.is.bein
e03e0	67 20 75 73 65 64 20 74 6f 20 63 6f 6e 6e 65 63 74 20 74 6f 20 74 68 65 20 72 65 6d 6f 74 65 20	g.used.to.connect.to.the.remote.
e0400	70 65 65 72 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 61 20 52	peer..This.command.specifies.a.R
e0420	49 50 20 65 6e 61 62 6c 65 64 20 69 6e 74 65 72 66 61 63 65 20 62 79 20 69 6e 74 65 72 66 61 63	IP.enabled.interface.by.interfac
e0440	65 20 6e 61 6d 65 2e 20 42 6f 74 68 20 74 68 65 20 73 65 6e 64 69 6e 67 20 61 6e 64 20 72 65 63	e.name..Both.the.sending.and.rec
e0460	65 69 76 69 6e 67 20 6f 66 20 52 49 50 20 70 61 63 6b 65 74 73 20 77 69 6c 6c 20 62 65 20 65 6e	eiving.of.RIP.packets.will.be.en
e0480	61 62 6c 65 64 20 6f 6e 20 74 68 65 20 70 6f 72 74 20 73 70 65 63 69 66 69 65 64 20 69 6e 20 74	abled.on.the.port.specified.in.t
e04a0	68 69 73 20 63 6f 6d 6d 61 6e 64 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66	his.command..This.command.specif
e04c0	69 65 73 20 61 20 52 49 50 20 6e 65 69 67 68 62 6f 72 2e 20 57 68 65 6e 20 61 20 6e 65 69 67 68	ies.a.RIP.neighbor..When.a.neigh
e04e0	62 6f 72 20 64 6f 65 73 6e e2 80 99 74 20 75 6e 64 65 72 73 74 61 6e 64 20 6d 75 6c 74 69 63 61	bor.doesn...t.understand.multica
e0500	73 74 2c 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 69 73 20 75 73 65 64 20 74 6f 20 73 70 65 63	st,.this.command.is.used.to.spec
e0520	69 66 79 20 6e 65 69 67 68 62 6f 72 73 2e 20 49 6e 20 73 6f 6d 65 20 63 61 73 65 73 2c 20 6e 6f	ify.neighbors..In.some.cases,.no
e0540	74 20 61 6c 6c 20 72 6f 75 74 65 72 73 20 77 69 6c 6c 20 62 65 20 61 62 6c 65 20 74 6f 20 75 6e	t.all.routers.will.be.able.to.un
e0560	64 65 72 73 74 61 6e 64 20 6d 75 6c 74 69 63 61 73 74 69 6e 67 2c 20 77 68 65 72 65 20 70 61 63	derstand.multicasting,.where.pac
e0580	6b 65 74 73 20 61 72 65 20 73 65 6e 74 20 74 6f 20 61 20 6e 65 74 77 6f 72 6b 20 6f 72 20 61 20	kets.are.sent.to.a.network.or.a.
e05a0	67 72 6f 75 70 20 6f 66 20 61 64 64 72 65 73 73 65 73 2e 20 49 6e 20 61 20 73 69 74 75 61 74 69	group.of.addresses..In.a.situati
e05c0	6f 6e 20 77 68 65 72 65 20 61 20 6e 65 69 67 68 62 6f 72 20 63 61 6e 6e 6f 74 20 70 72 6f 63 65	on.where.a.neighbor.cannot.proce
e05e0	73 73 20 6d 75 6c 74 69 63 61 73 74 20 70 61 63 6b 65 74 73 2c 20 69 74 20 69 73 20 6e 65 63 65	ss.multicast.packets,.it.is.nece
e0600	73 73 61 72 79 20 74 6f 20 65 73 74 61 62 6c 69 73 68 20 61 20 64 69 72 65 63 74 20 6c 69 6e 6b	ssary.to.establish.a.direct.link
e0620	20 62 65 74 77 65 65 6e 20 72 6f 75 74 65 72 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73	.between.routers..This.command.s
e0640	70 65 63 69 66 69 65 73 20 61 20 64 65 66 61 75 6c 74 20 77 65 69 67 68 74 20 76 61 6c 75 65 20	pecifies.a.default.weight.value.
e0660	66 6f 72 20 74 68 65 20 6e 65 69 67 68 62 6f 72 e2 80 99 73 20 72 6f 75 74 65 73 2e 20 54 68 65	for.the.neighbor...s.routes..The
e0680	20 6e 75 6d 62 65 72 20 72 61 6e 67 65 20 69 73 20 31 20 74 6f 20 36 35 35 33 35 2e 00 54 68 69	.number.range.is.1.to.65535..Thi
e06a0	73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 61 20 6d 61 78 69 6d 75 6d 20 6e 75	s.command.specifies.a.maximum.nu
e06c0	6d 62 65 72 20 6f 66 20 70 72 65 66 69 78 65 73 20 77 65 20 63 61 6e 20 72 65 63 65 69 76 65 20	mber.of.prefixes.we.can.receive.
e06e0	66 72 6f 6d 20 61 20 67 69 76 65 6e 20 70 65 65 72 2e 20 49 66 20 74 68 69 73 20 6e 75 6d 62 65	from.a.given.peer..If.this.numbe
e0700	72 20 69 73 20 65 78 63 65 65 64 65 64 2c 20 74 68 65 20 42 47 50 20 73 65 73 73 69 6f 6e 20 77	r.is.exceeded,.the.BGP.session.w
e0720	69 6c 6c 20 62 65 20 64 65 73 74 72 6f 79 65 64 2e 20 54 68 65 20 6e 75 6d 62 65 72 20 72 61 6e	ill.be.destroyed..The.number.ran
e0740	67 65 20 69 73 20 31 20 74 6f 20 34 32 39 34 39 36 37 32 39 35 2e 00 54 68 69 73 20 63 6f 6d 6d	ge.is.1.to.4294967295..This.comm
e0760	61 6e 64 20 73 70 65 63 69 66 69 65 73 20 61 6c 6c 20 69 6e 74 65 72 66 61 63 65 73 20 61 73 20	and.specifies.all.interfaces.as.
e0780	70 61 73 73 69 76 65 20 62 79 20 64 65 66 61 75 6c 74 2e 20 42 65 63 61 75 73 65 20 74 68 69 73	passive.by.default..Because.this
e07a0	20 63 6f 6d 6d 61 6e 64 20 63 68 61 6e 67 65 73 20 74 68 65 20 63 6f 6e 66 69 67 75 72 61 74 69	.command.changes.the.configurati
e07c0	6f 6e 20 6c 6f 67 69 63 20 74 6f 20 61 20 64 65 66 61 75 6c 74 20 70 61 73 73 69 76 65 3b 20 74	on.logic.to.a.default.passive;.t
e07e0	68 65 72 65 66 6f 72 65 2c 20 69 6e 74 65 72 66 61 63 65 73 20 77 68 65 72 65 20 72 6f 75 74 65	herefore,.interfaces.where.route
e0800	72 20 61 64 6a 61 63 65 6e 63 69 65 73 20 61 72 65 20 65 78 70 65 63 74 65 64 20 6e 65 65 64 20	r.adjacencies.are.expected.need.
e0820	74 6f 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 77 69 74 68 20 74 68 65 20 3a 63 66 67 63 6d	to.be.configured.with.the.:cfgcm
e0840	64 3a 60 70 61 73 73 69 76 65 2d 69 6e 74 65 72 66 61 63 65 2d 65 78 63 6c 75 64 65 60 20 63 6f	d:`passive-interface-exclude`.co
e0860	6d 6d 61 6e 64 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 61 6c	mmand..This.command.specifies.al
e0880	6c 20 69 6e 74 65 72 66 61 63 65 73 20 74 6f 20 70 61 73 73 69 76 65 20 6d 6f 64 65 2e 00 54 68	l.interfaces.to.passive.mode..Th
e08a0	69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 61 6e 20 61 67 67 72 65 67 61 74	is.command.specifies.an.aggregat
e08c0	65 20 61 64 64 72 65 73 73 20 61 6e 64 20 70 72 6f 76 69 64 65 73 20 74 68 61 74 20 6c 6f 6e 67	e.address.and.provides.that.long
e08e0	65 72 2d 70 72 65 66 69 78 65 73 20 69 6e 73 69 64 65 20 6f 66 20 74 68 65 20 61 67 67 72 65 67	er-prefixes.inside.of.the.aggreg
e0900	61 74 65 20 61 64 64 72 65 73 73 20 61 72 65 20 73 75 70 70 72 65 73 73 65 64 20 62 65 66 6f 72	ate.address.are.suppressed.befor
e0920	65 20 73 65 6e 64 69 6e 67 20 42 47 50 20 75 70 64 61 74 65 73 20 6f 75 74 20 74 6f 20 70 65 65	e.sending.BGP.updates.out.to.pee
e0940	72 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 61 6e 20 61 67	rs..This.command.specifies.an.ag
e0960	67 72 65 67 61 74 65 20 61 64 64 72 65 73 73 20 77 69 74 68 20 61 20 6d 61 74 68 65 6d 61 74 69	gregate.address.with.a.mathemati
e0980	63 61 6c 20 73 65 74 20 6f 66 20 61 75 74 6f 6e 6f 6d 6f 75 73 20 73 79 73 74 65 6d 73 2e 20 54	cal.set.of.autonomous.systems..T
e09a0	68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 75 6d 6d 61 72 69 7a 65 73 20 74 68 65 20 41 53 5f 50 41	his.command.summarizes.the.AS_PA
e09c0	54 48 20 61 74 74 72 69 62 75 74 65 73 20 6f 66 20 61 6c 6c 20 74 68 65 20 69 6e 64 69 76 69 64	TH.attributes.of.all.the.individ
e09e0	75 61 6c 20 72 6f 75 74 65 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69	ual.routes..This.command.specifi
e0a00	65 73 20 61 6e 20 61 67 67 72 65 67 61 74 65 20 61 64 64 72 65 73 73 2e 20 54 68 65 20 72 6f 75	es.an.aggregate.address..The.rou
e0a20	74 65 72 20 77 69 6c 6c 20 61 6c 73 6f 20 61 6e 6e 6f 75 6e 63 65 20 6c 6f 6e 67 65 72 2d 70 72	ter.will.also.announce.longer-pr
e0a40	65 66 69 78 65 73 20 69 6e 73 69 64 65 20 6f 66 20 74 68 65 20 61 67 67 72 65 67 61 74 65 20 61	efixes.inside.of.the.aggregate.a
e0a60	64 64 72 65 73 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 61	ddress..This.command.specifies.a
e0a80	74 74 72 69 62 75 74 65 73 20 74 6f 20 62 65 20 6c 65 66 74 20 75 6e 63 68 61 6e 67 65 64 20 66	ttributes.to.be.left.unchanged.f
e0aa0	6f 72 20 61 64 76 65 72 74 69 73 65 6d 65 6e 74 73 20 73 65 6e 74 20 74 6f 20 61 20 70 65 65 72	or.advertisements.sent.to.a.peer
e0ac0	20 6f 72 20 70 65 65 72 20 67 72 6f 75 70 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65	.or.peer.group..This.command.spe
e0ae0	63 69 66 69 65 73 20 63 69 72 63 75 69 74 20 74 79 70 65 20 66 6f 72 20 69 6e 74 65 72 66 61 63	cifies.circuit.type.for.interfac
e0b00	65 3a 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 63 6c 75 73 74 65	e:.This.command.specifies.cluste
e0b20	72 20 49 44 20 77 68 69 63 68 20 69 64 65 6e 74 69 66 69 65 73 20 61 20 63 6f 6c 6c 65 63 74 69	r.ID.which.identifies.a.collecti
e0b40	6f 6e 20 6f 66 20 72 6f 75 74 65 20 72 65 66 6c 65 63 74 6f 72 73 20 61 6e 64 20 74 68 65 69 72	on.of.route.reflectors.and.their
e0b60	20 63 6c 69 65 6e 74 73 2c 20 61 6e 64 20 69 73 20 75 73 65 64 20 62 79 20 72 6f 75 74 65 20 72	.clients,.and.is.used.by.route.r
e0b80	65 66 6c 65 63 74 6f 72 73 20 74 6f 20 61 76 6f 69 64 20 6c 6f 6f 70 69 6e 67 2e 20 42 79 20 64	eflectors.to.avoid.looping..By.d
e0ba0	65 66 61 75 6c 74 20 63 6c 75 73 74 65 72 20 49 44 20 69 73 20 73 65 74 20 74 6f 20 74 68 65 20	efault.cluster.ID.is.set.to.the.
e0bc0	42 47 50 20 72 6f 75 74 65 72 20 69 64 20 76 61 6c 75 65 2c 20 62 75 74 20 63 61 6e 20 62 65 20	BGP.router.id.value,.but.can.be.
e0be0	73 65 74 20 74 6f 20 61 6e 20 61 72 62 69 74 72 61 72 79 20 33 32 2d 62 69 74 20 76 61 6c 75 65	set.to.an.arbitrary.32-bit.value
e0c00	2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 68 6f 6c 64 2d 74 69	..This.command.specifies.hold-ti
e0c20	6d 65 20 69 6e 20 73 65 63 6f 6e 64 73 2e 20 54 68 65 20 74 69 6d 65 72 20 72 61 6e 67 65 20 69	me.in.seconds..The.timer.range.i
e0c40	73 20 34 20 74 6f 20 36 35 35 33 35 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 76 61 6c 75 65 20	s.4.to.65535..The.default.value.
e0c60	69 73 20 31 38 30 20 73 65 63 6f 6e 64 2e 20 49 66 20 79 6f 75 20 73 65 74 20 76 61 6c 75 65 20	is.180.second..If.you.set.value.
e0c80	74 6f 20 30 20 56 79 4f 53 20 77 69 6c 6c 20 6e 6f 74 20 68 6f 6c 64 20 72 6f 75 74 65 73 2e 00	to.0.VyOS.will.not.hold.routes..
e0ca0	54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 69 6e 74 65 72 66 61 63 65	This.command.specifies.interface
e0cc0	20 61 73 20 70 61 73 73 69 76 65 2e 20 50 61 73 73 69 76 65 20 69 6e 74 65 72 66 61 63 65 20 61	.as.passive..Passive.interface.a
e0ce0	64 76 65 72 74 69 73 65 73 20 69 74 73 20 61 64 64 72 65 73 73 2c 20 62 75 74 20 64 6f 65 73 20	dvertises.its.address,.but.does.
e0d00	6e 6f 74 20 72 75 6e 20 74 68 65 20 4f 53 50 46 20 70 72 6f 74 6f 63 6f 6c 20 28 61 64 6a 61 63	not.run.the.OSPF.protocol.(adjac
e0d20	65 6e 63 69 65 73 20 61 72 65 20 6e 6f 74 20 66 6f 72 6d 65 64 20 61 6e 64 20 68 65 6c 6c 6f 20	encies.are.not.formed.and.hello.
e0d40	70 61 63 6b 65 74 73 20 61 72 65 20 6e 6f 74 20 67 65 6e 65 72 61 74 65 64 29 2e 00 54 68 69 73	packets.are.not.generated)..This
e0d60	20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 6b 65 65 70 2d 61 6c 69 76 65 20 74 69	.command.specifies.keep-alive.ti
e0d80	6d 65 20 69 6e 20 73 65 63 6f 6e 64 73 2e 20 54 68 65 20 74 69 6d 65 72 20 63 61 6e 20 72 61 6e	me.in.seconds..The.timer.can.ran
e0da0	67 65 20 66 72 6f 6d 20 34 20 74 6f 20 36 35 35 33 35 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20	ge.from.4.to.65535..The.default.
e0dc0	76 61 6c 75 65 20 69 73 20 36 30 20 73 65 63 6f 6e 64 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64	value.is.60.second..This.command
e0de0	20 73 70 65 63 69 66 69 65 73 20 6d 65 74 72 69 63 20 28 4d 45 44 29 20 66 6f 72 20 72 65 64 69	.specifies.metric.(MED).for.redi
e0e00	73 74 72 69 62 75 74 65 64 20 72 6f 75 74 65 73 2e 20 54 68 65 20 6d 65 74 72 69 63 20 72 61 6e	stributed.routes..The.metric.ran
e0e20	67 65 20 69 73 20 30 20 74 6f 20 34 32 39 34 39 36 37 32 39 35 2e 20 54 68 65 72 65 20 61 72 65	ge.is.0.to.4294967295..There.are
e0e40	20 73 69 78 20 6d 6f 64 65 73 20 61 76 61 69 6c 61 62 6c 65 20 66 6f 72 20 72 6f 75 74 65 20 73	.six.modes.available.for.route.s
e0e60	6f 75 72 63 65 3a 20 63 6f 6e 6e 65 63 74 65 64 2c 20 6b 65 72 6e 65 6c 2c 20 6f 73 70 66 2c 20	ource:.connected,.kernel,.ospf,.
e0e80	72 69 70 2c 20 73 74 61 74 69 63 2c 20 74 61 62 6c 65 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64	rip,.static,.table..This.command
e0ea0	20 73 70 65 63 69 66 69 65 73 20 6d 65 74 72 69 63 20 66 6f 72 20 72 65 64 69 73 74 72 69 62 75	.specifies.metric.for.redistribu
e0ec0	74 65 64 20 72 6f 75 74 65 73 20 66 72 6f 6d 20 74 68 65 20 67 69 76 65 6e 20 72 6f 75 74 65 20	ted.routes.from.the.given.route.
e0ee0	73 6f 75 72 63 65 2e 20 54 68 65 72 65 20 61 72 65 20 66 69 76 65 20 6d 6f 64 65 73 20 61 76 61	source..There.are.five.modes.ava
e0f00	69 6c 61 62 6c 65 20 66 6f 72 20 72 6f 75 74 65 20 73 6f 75 72 63 65 3a 20 62 67 70 2c 20 63 6f	ilable.for.route.source:.bgp,.co
e0f20	6e 6e 65 63 74 65 64 2c 20 6b 65 72 6e 65 6c 2c 20 6f 73 70 66 2c 20 73 74 61 74 69 63 2e 20 54	nnected,.kernel,.ospf,.static..T
e0f40	68 65 20 6d 65 74 72 69 63 20 72 61 6e 67 65 20 69 73 20 31 20 74 6f 20 31 36 2e 00 54 68 69 73	he.metric.range.is.1.to.16..This
e0f60	20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 6d 65 74 72 69 63 20 66 6f 72 20 72 65	.command.specifies.metric.for.re
e0f80	64 69 73 74 72 69 62 75 74 65 64 20 72 6f 75 74 65 73 20 66 72 6f 6d 20 74 68 65 20 67 69 76 65	distributed.routes.from.the.give
e0fa0	6e 20 72 6f 75 74 65 20 73 6f 75 72 63 65 2e 20 54 68 65 72 65 20 61 72 65 20 66 69 76 65 20 6d	n.route.source..There.are.five.m
e0fc0	6f 64 65 73 20 61 76 61 69 6c 61 62 6c 65 20 66 6f 72 20 72 6f 75 74 65 20 73 6f 75 72 63 65 3a	odes.available.for.route.source:
e0fe0	20 62 67 70 2c 20 63 6f 6e 6e 65 63 74 65 64 2c 20 6b 65 72 6e 65 6c 2c 20 72 69 70 2c 20 73 74	.bgp,.connected,.kernel,.rip,.st
e1000	61 74 69 63 2e 20 54 68 65 20 6d 65 74 72 69 63 20 72 61 6e 67 65 20 69 73 20 31 20 74 6f 20 31	atic..The.metric.range.is.1.to.1
e1020	36 37 37 37 32 31 34 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20	6777214..This.command.specifies.
e1040	6d 65 74 72 69 63 20 66 6f 72 20 72 65 64 69 73 74 72 69 62 75 74 65 64 20 72 6f 75 74 65 73 20	metric.for.redistributed.routes.
e1060	66 72 6f 6d 20 74 68 65 20 67 69 76 65 6e 20 72 6f 75 74 65 20 73 6f 75 72 63 65 2e 20 54 68 65	from.the.given.route.source..The
e1080	72 65 20 61 72 65 20 73 69 78 20 6d 6f 64 65 73 20 61 76 61 69 6c 61 62 6c 65 20 66 6f 72 20 72	re.are.six.modes.available.for.r
e10a0	6f 75 74 65 20 73 6f 75 72 63 65 3a 20 62 67 70 2c 20 63 6f 6e 6e 65 63 74 65 64 2c 20 6b 65 72	oute.source:.bgp,.connected,.ker
e10c0	6e 65 6c 2c 20 6f 73 70 66 2c 20 72 69 70 2c 20 73 74 61 74 69 63 2e 20 54 68 65 20 6d 65 74 72	nel,.ospf,.rip,.static..The.metr
e10e0	69 63 20 72 61 6e 67 65 20 69 73 20 31 20 74 6f 20 31 36 37 37 37 32 31 35 2e 00 54 68 69 73 20	ic.range.is.1.to.16777215..This.
e1100	63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 6d 65 74 72 69 63 20 74 79 70 65 20 66 6f	command.specifies.metric.type.fo
e1120	72 20 72 65 64 69 73 74 72 69 62 75 74 65 64 20 72 6f 75 74 65 73 2e 20 44 69 66 66 65 72 65 6e	r.redistributed.routes..Differen
e1140	63 65 20 62 65 74 77 65 65 6e 20 74 77 6f 20 6d 65 74 72 69 63 20 74 79 70 65 73 20 74 68 61 74	ce.between.two.metric.types.that
e1160	20 6d 65 74 72 69 63 20 74 79 70 65 20 31 20 69 73 20 61 20 6d 65 74 72 69 63 20 77 68 69 63 68	.metric.type.1.is.a.metric.which
e1180	20 69 73 20 22 63 6f 6d 6d 65 6e 73 75 72 61 62 6c 65 22 20 77 69 74 68 20 69 6e 6e 65 72 20 4f	.is."commensurable".with.inner.O
e11a0	53 50 46 20 6c 69 6e 6b 73 2e 20 57 68 65 6e 20 63 61 6c 63 75 6c 61 74 69 6e 67 20 61 20 6d 65	SPF.links..When.calculating.a.me
e11c0	74 72 69 63 20 74 6f 20 74 68 65 20 65 78 74 65 72 6e 61 6c 20 64 65 73 74 69 6e 61 74 69 6f 6e	tric.to.the.external.destination
e11e0	2c 20 74 68 65 20 66 75 6c 6c 20 70 61 74 68 20 6d 65 74 72 69 63 20 69 73 20 63 61 6c 63 75 6c	,.the.full.path.metric.is.calcul
e1200	61 74 65 64 20 61 73 20 61 20 6d 65 74 72 69 63 20 73 75 6d 20 70 61 74 68 20 6f 66 20 61 20 72	ated.as.a.metric.sum.path.of.a.r
e1220	6f 75 74 65 72 20 77 68 69 63 68 20 68 61 64 20 61 64 76 65 72 74 69 73 65 64 20 74 68 69 73 20	outer.which.had.advertised.this.
e1240	6c 69 6e 6b 20 70 6c 75 73 20 74 68 65 20 6c 69 6e 6b 20 6d 65 74 72 69 63 2e 20 54 68 75 73 2c	link.plus.the.link.metric..Thus,
e1260	20 61 20 72 6f 75 74 65 20 77 69 74 68 20 74 68 65 20 6c 65 61 73 74 20 73 75 6d 6d 61 72 79 20	.a.route.with.the.least.summary.
e1280	6d 65 74 72 69 63 20 77 69 6c 6c 20 62 65 20 73 65 6c 65 63 74 65 64 2e 20 49 66 20 65 78 74 65	metric.will.be.selected..If.exte
e12a0	72 6e 61 6c 20 6c 69 6e 6b 20 69 73 20 61 64 76 65 72 74 69 73 65 64 20 77 69 74 68 20 6d 65 74	rnal.link.is.advertised.with.met
e12c0	72 69 63 20 74 79 70 65 20 32 20 74 68 65 20 70 61 74 68 20 69 73 20 73 65 6c 65 63 74 65 64 20	ric.type.2.the.path.is.selected.
e12e0	77 68 69 63 68 20 6c 69 65 73 20 74 68 72 6f 75 67 68 20 74 68 65 20 72 6f 75 74 65 72 20 77 68	which.lies.through.the.router.wh
e1300	69 63 68 20 61 64 76 65 72 74 69 73 65 64 20 74 68 69 73 20 6c 69 6e 6b 20 77 69 74 68 20 74 68	ich.advertised.this.link.with.th
e1320	65 20 6c 65 61 73 74 20 6d 65 74 72 69 63 20 64 65 73 70 69 74 65 20 6f 66 20 74 68 65 20 66 61	e.least.metric.despite.of.the.fa
e1340	63 74 20 74 68 61 74 20 69 6e 74 65 72 6e 61 6c 20 70 61 74 68 20 74 6f 20 74 68 69 73 20 72 6f	ct.that.internal.path.to.this.ro
e1360	75 74 65 72 20 69 73 20 6c 6f 6e 67 65 72 20 28 77 69 74 68 20 6d 6f 72 65 20 63 6f 73 74 29 2e	uter.is.longer.(with.more.cost).
e1380	20 48 6f 77 65 76 65 72 2c 20 69 66 20 74 77 6f 20 72 6f 75 74 65 72 73 20 61 64 76 65 72 74 69	.However,.if.two.routers.adverti
e13a0	73 65 64 20 61 6e 20 65 78 74 65 72 6e 61 6c 20 6c 69 6e 6b 20 61 6e 64 20 77 69 74 68 20 6d 65	sed.an.external.link.and.with.me
e13c0	74 72 69 63 20 74 79 70 65 20 32 20 74 68 65 20 70 72 65 66 65 72 65 6e 63 65 20 69 73 20 67 69	tric.type.2.the.preference.is.gi
e13e0	76 65 6e 20 74 6f 20 74 68 65 20 70 61 74 68 20 77 68 69 63 68 20 6c 69 65 73 20 74 68 72 6f 75	ven.to.the.path.which.lies.throu
e1400	67 68 20 74 68 65 20 72 6f 75 74 65 72 20 77 69 74 68 20 61 20 73 68 6f 72 74 65 72 20 69 6e 74	gh.the.router.with.a.shorter.int
e1420	65 72 6e 61 6c 20 70 61 74 68 2e 20 49 66 20 74 77 6f 20 64 69 66 66 65 72 65 6e 74 20 72 6f 75	ernal.path..If.two.different.rou
e1440	74 65 72 73 20 61 64 76 65 72 74 69 73 65 64 20 74 77 6f 20 6c 69 6e 6b 73 20 74 6f 20 74 68 65	ters.advertised.two.links.to.the
e1460	20 73 61 6d 65 20 65 78 74 65 72 6e 61 6c 20 64 65 73 74 69 6d 61 74 69 6f 6e 20 62 75 74 20 77	.same.external.destimation.but.w
e1480	69 74 68 20 64 69 66 66 65 72 65 6e 74 20 6d 65 74 72 69 63 20 74 79 70 65 2c 20 6d 65 74 72 69	ith.different.metric.type,.metri
e14a0	63 20 74 79 70 65 20 31 20 69 73 20 70 72 65 66 65 72 72 65 64 2e 20 49 66 20 74 79 70 65 20 6f	c.type.1.is.preferred..If.type.o
e14c0	66 20 61 20 6d 65 74 72 69 63 20 6c 65 66 74 20 75 6e 64 65 66 69 6e 65 64 20 74 68 65 20 72 6f	f.a.metric.left.undefined.the.ro
e14e0	75 74 65 72 20 77 69 6c 6c 20 63 6f 6e 73 69 64 65 72 20 74 68 65 73 65 20 65 78 74 65 72 6e 61	uter.will.consider.these.externa
e1500	6c 20 6c 69 6e 6b 73 20 74 6f 20 68 61 76 65 20 61 20 64 65 66 61 75 6c 74 20 6d 65 74 72 69 63	l.links.to.have.a.default.metric
e1520	20 74 79 70 65 20 32 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20	.type.2..This.command.specifies.
e1540	6e 65 74 77 6f 72 6b 20 74 79 70 65 20 74 6f 20 50 6f 69 6e 74 2d 74 6f 2d 50 6f 69 6e 74 2e 20	network.type.to.Point-to-Point..
e1560	54 68 65 20 64 65 66 61 75 6c 74 20 6e 65 74 77 6f 72 6b 20 74 79 70 65 20 69 73 20 62 72 6f 61	The.default.network.type.is.broa
e1580	64 63 61 73 74 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 74 68	dcast..This.command.specifies.th
e15a0	61 74 20 42 47 50 20 63 6f 6e 73 69 64 65 72 73 20 74 68 65 20 4d 45 44 20 77 68 65 6e 20 63 6f	at.BGP.considers.the.MED.when.co
e15c0	6d 70 61 72 69 6e 67 20 72 6f 75 74 65 73 20 6f 72 69 67 69 6e 61 74 65 64 20 66 72 6f 6d 20 64	mparing.routes.originated.from.d
e15e0	69 66 66 65 72 65 6e 74 20 73 75 62 2d 41 53 73 20 77 69 74 68 69 6e 20 74 68 65 20 63 6f 6e 66	ifferent.sub-ASs.within.the.conf
e1600	65 64 65 72 61 74 69 6f 6e 20 74 6f 20 77 68 69 63 68 20 74 68 69 73 20 42 47 50 20 73 70 65 61	ederation.to.which.this.BGP.spea
e1620	6b 65 72 20 62 65 6c 6f 6e 67 73 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 73 74 61 74 65 2c 20	ker.belongs..The.default.state,.
e1640	77 68 65 72 65 20 74 68 65 20 4d 45 44 20 61 74 74 72 69 62 75 74 65 20 69 73 20 6e 6f 74 20 63	where.the.MED.attribute.is.not.c
e1660	6f 6e 73 69 64 65 72 65 64 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65	onsidered..This.command.specifie
e1680	73 20 74 68 61 74 20 42 47 50 20 64 65 63 69 73 69 6f 6e 20 70 72 6f 63 65 73 73 20 73 68 6f 75	s.that.BGP.decision.process.shou
e16a0	6c 64 20 63 6f 6e 73 69 64 65 72 20 70 61 74 68 73 20 6f 66 20 65 71 75 61 6c 20 41 53 5f 50 41	ld.consider.paths.of.equal.AS_PA
e16c0	54 48 20 6c 65 6e 67 74 68 20 63 61 6e 64 69 64 61 74 65 73 20 66 6f 72 20 6d 75 6c 74 69 70 61	TH.length.candidates.for.multipa
e16e0	74 68 20 63 6f 6d 70 75 74 61 74 69 6f 6e 2e 20 57 69 74 68 6f 75 74 20 74 68 65 20 6b 6e 6f 62	th.computation..Without.the.knob
e1700	2c 20 74 68 65 20 65 6e 74 69 72 65 20 41 53 5f 50 41 54 48 20 6d 75 73 74 20 6d 61 74 63 68 20	,.the.entire.AS_PATH.must.match.
e1720	66 6f 72 20 6d 75 6c 74 69 70 61 74 68 20 63 6f 6d 70 75 74 61 74 69 6f 6e 2e 00 54 68 69 73 20	for.multipath.computation..This.
e1740	63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 74 68 61 74 20 61 20 72 6f 75 74 65 20 77	command.specifies.that.a.route.w
e1760	69 74 68 20 61 20 4d 45 44 20 69 73 20 61 6c 77 61 79 73 20 63 6f 6e 73 69 64 65 72 65 64 20 74	ith.a.MED.is.always.considered.t
e1780	6f 20 62 65 20 62 65 74 74 65 72 20 74 68 61 6e 20 61 20 72 6f 75 74 65 20 77 69 74 68 6f 75 74	o.be.better.than.a.route.without
e17a0	20 61 20 4d 45 44 20 62 79 20 63 61 75 73 69 6e 67 20 74 68 65 20 6d 69 73 73 69 6e 67 20 4d 45	.a.MED.by.causing.the.missing.ME
e17c0	44 20 61 74 74 72 69 62 75 74 65 20 74 6f 20 68 61 76 65 20 61 20 76 61 6c 75 65 20 6f 66 20 69	D.attribute.to.have.a.value.of.i
e17e0	6e 66 69 6e 69 74 79 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 73 74 61 74 65 2c 20 77 68 65 72	nfinity..The.default.state,.wher
e1800	65 20 74 68 65 20 6d 69 73 73 69 6e 67 20 4d 45 44 20 61 74 74 72 69 62 75 74 65 20 69 73 20 63	e.the.missing.MED.attribute.is.c
e1820	6f 6e 73 69 64 65 72 65 64 20 74 6f 20 68 61 76 65 20 61 20 76 61 6c 75 65 20 6f 66 20 7a 65 72	onsidered.to.have.a.value.of.zer
e1840	6f 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 74 68 61 74 20 72	o..This.command.specifies.that.r
e1860	6f 75 74 65 20 75 70 64 61 74 65 73 20 72 65 63 65 69 76 65 64 20 66 72 6f 6d 20 74 68 69 73 20	oute.updates.received.from.this.
e1880	6e 65 69 67 68 62 6f 72 20 77 69 6c 6c 20 62 65 20 73 74 6f 72 65 64 20 75 6e 6d 6f 64 69 66 69	neighbor.will.be.stored.unmodifi
e18a0	65 64 2c 20 72 65 67 61 72 64 6c 65 73 73 20 6f 66 20 74 68 65 20 69 6e 62 6f 75 6e 64 20 70 6f	ed,.regardless.of.the.inbound.po
e18c0	6c 69 63 79 2e 20 57 68 65 6e 20 69 6e 62 6f 75 6e 64 20 73 6f 66 74 20 72 65 63 6f 6e 66 69 67	licy..When.inbound.soft.reconfig
e18e0	75 72 61 74 69 6f 6e 20 69 73 20 65 6e 61 62 6c 65 64 2c 20 74 68 65 20 73 74 6f 72 65 64 20 75	uration.is.enabled,.the.stored.u
e1900	70 64 61 74 65 73 20 61 72 65 20 70 72 6f 63 65 73 73 65 64 20 62 79 20 74 68 65 20 6e 65 77 20	pdates.are.processed.by.the.new.
e1920	70 6f 6c 69 63 79 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 74 6f 20 63 72 65 61 74 65 20 6e	policy.configuration.to.create.n
e1940	65 77 20 69 6e 62 6f 75 6e 64 20 75 70 64 61 74 65 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64	ew.inbound.updates..This.command
e1960	20 73 70 65 63 69 66 69 65 73 20 74 68 61 74 20 73 69 6d 70 6c 65 20 70 61 73 73 77 6f 72 64 20	.specifies.that.simple.password.
e1980	61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 73 68 6f 75 6c 64 20 62 65 20 75 73 65 64 20 66 6f	authentication.should.be.used.fo
e19a0	72 20 74 68 65 20 67 69 76 65 6e 20 61 72 65 61 2e 20 54 68 65 20 70 61 73 73 77 6f 72 64 20 6d	r.the.given.area..The.password.m
e19c0	75 73 74 20 61 6c 73 6f 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 6f 6e 20 61 20 70 65 72 2d	ust.also.be.configured.on.a.per-
e19e0	69 6e 74 65 72 66 61 63 65 20 62 61 73 69 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70	interface.basis..This.command.sp
e1a00	65 63 69 66 69 65 73 20 74 68 61 74 20 74 68 65 20 63 6f 6d 6d 75 6e 69 74 79 20 61 74 74 72 69	ecifies.that.the.community.attri
e1a20	62 75 74 65 20 73 68 6f 75 6c 64 20 6e 6f 74 20 62 65 20 73 65 6e 74 20 69 6e 20 72 6f 75 74 65	bute.should.not.be.sent.in.route
e1a40	20 75 70 64 61 74 65 73 20 74 6f 20 61 20 70 65 65 72 2e 20 42 79 20 64 65 66 61 75 6c 74 20 63	.updates.to.a.peer..By.default.c
e1a60	6f 6d 6d 75 6e 69 74 79 20 61 74 74 72 69 62 75 74 65 20 69 73 20 73 65 6e 74 2e 00 54 68 69 73	ommunity.attribute.is.sent..This
e1a80	20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 74 68 61 74 20 74 68 65 20 6c 65 6e 67	.command.specifies.that.the.leng
e1aa0	74 68 20 6f 66 20 63 6f 6e 66 65 64 65 72 61 74 69 6f 6e 20 70 61 74 68 20 73 65 74 73 20 61 6e	th.of.confederation.path.sets.an
e1ac0	64 20 73 65 71 75 65 6e 63 65 73 20 73 68 6f 75 6c 64 20 62 65 20 74 61 6b 65 6e 20 69 6e 74 6f	d.sequences.should.be.taken.into
e1ae0	20 61 63 63 6f 75 6e 74 20 64 75 72 69 6e 67 20 74 68 65 20 42 47 50 20 62 65 73 74 20 70 61 74	.account.during.the.BGP.best.pat
e1b00	68 20 64 65 63 69 73 69 6f 6e 20 70 72 6f 63 65 73 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64	h.decision.process..This.command
e1b20	20 73 70 65 63 69 66 69 65 73 20 74 68 65 20 49 50 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65	.specifies.the.IP.address.of.the
e1b40	20 6e 65 69 67 68 62 6f 72 69 6e 67 20 64 65 76 69 63 65 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e	.neighboring.device..This.comman
e1b60	64 20 73 70 65 63 69 66 69 65 73 20 74 68 65 20 4f 53 50 46 20 65 6e 61 62 6c 65 64 20 69 6e 74	d.specifies.the.OSPF.enabled.int
e1b80	65 72 66 61 63 65 28 73 29 2e 20 49 66 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 68 61 73 20	erface(s)..If.the.interface.has.
e1ba0	61 6e 20 61 64 64 72 65 73 73 20 66 72 6f 6d 20 64 65 66 69 6e 65 64 20 72 61 6e 67 65 20 74 68	an.address.from.defined.range.th
e1bc0	65 6e 20 74 68 65 20 63 6f 6d 6d 61 6e 64 20 65 6e 61 62 6c 65 73 20 4f 53 50 46 20 6f 6e 20 74	en.the.command.enables.OSPF.on.t
e1be0	68 69 73 20 69 6e 74 65 72 66 61 63 65 20 73 6f 20 72 6f 75 74 65 72 20 63 61 6e 20 70 72 6f 76	his.interface.so.router.can.prov
e1c00	69 64 65 20 6e 65 74 77 6f 72 6b 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74 6f 20 74 68 65 20 6f	ide.network.information.to.the.o
e1c20	74 68 65 72 20 6f 73 70 66 20 72 6f 75 74 65 72 73 20 76 69 61 20 74 68 69 73 20 69 6e 74 65 72	ther.ospf.routers.via.this.inter
e1c40	66 61 63 65 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 74 68 65	face..This.command.specifies.the
e1c60	20 4f 53 50 46 76 33 20 65 6e 61 62 6c 65 64 20 69 6e 74 65 72 66 61 63 65 2e 20 54 68 69 73 20	.OSPFv3.enabled.interface..This.
e1c80	63 6f 6d 6d 61 6e 64 20 69 73 20 61 6c 73 6f 20 75 73 65 64 20 74 6f 20 65 6e 61 62 6c 65 20 74	command.is.also.used.to.enable.t
e1ca0	68 65 20 4f 53 50 46 20 70 72 6f 63 65 73 73 2e 20 54 68 65 20 61 72 65 61 20 6e 75 6d 62 65 72	he.OSPF.process..The.area.number
e1cc0	20 63 61 6e 20 62 65 20 73 70 65 63 69 66 69 65 64 20 69 6e 20 64 65 63 69 6d 61 6c 20 6e 6f 74	.can.be.specified.in.decimal.not
e1ce0	61 74 69 6f 6e 20 69 6e 20 74 68 65 20 72 61 6e 67 65 20 66 72 6f 6d 20 30 20 74 6f 20 34 32 39	ation.in.the.range.from.0.to.429
e1d00	34 39 36 37 32 39 35 2e 20 4f 72 20 69 74 20 63 61 6e 20 62 65 20 73 70 65 63 69 66 69 65 64 20	4967295..Or.it.can.be.specified.
e1d20	69 6e 20 64 6f 74 74 65 64 20 64 65 63 69 6d 61 6c 20 6e 6f 74 61 74 69 6f 6e 20 73 69 6d 69 6c	in.dotted.decimal.notation.simil
e1d40	61 72 20 74 6f 20 69 70 20 61 64 64 72 65 73 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73	ar.to.ip.address..This.command.s
e1d60	70 65 63 69 66 69 65 73 20 74 68 65 20 61 72 65 61 20 74 6f 20 62 65 20 61 20 4e 53 53 41 20 54	pecifies.the.area.to.be.a.NSSA.T
e1d80	6f 74 61 6c 6c 79 20 53 74 75 62 20 41 72 65 61 2e 20 41 42 52 73 20 66 6f 72 20 73 75 63 68 20	otally.Stub.Area..ABRs.for.such.
e1da0	61 6e 20 61 72 65 61 20 64 6f 20 6e 6f 74 20 6e 65 65 64 20 74 6f 20 70 61 73 73 20 4e 65 74 77	an.area.do.not.need.to.pass.Netw
e1dc0	6f 72 6b 2d 53 75 6d 6d 61 72 79 20 28 74 79 70 65 2d 33 29 20 4c 53 41 73 20 28 65 78 63 65 70	ork-Summary.(type-3).LSAs.(excep
e1de0	74 20 74 68 65 20 64 65 66 61 75 6c 74 20 73 75 6d 6d 61 72 79 20 72 6f 75 74 65 29 2c 20 41 53	t.the.default.summary.route),.AS
e1e00	42 52 2d 53 75 6d 6d 61 72 79 20 4c 53 41 73 20 28 74 79 70 65 2d 34 29 20 61 6e 64 20 41 53 2d	BR-Summary.LSAs.(type-4).and.AS-
e1e20	45 78 74 65 72 6e 61 6c 20 4c 53 41 73 20 28 74 79 70 65 2d 35 29 20 69 6e 74 6f 20 74 68 65 20	External.LSAs.(type-5).into.the.
e1e40	61 72 65 61 2e 20 42 75 74 20 54 79 70 65 2d 37 20 4c 53 41 73 20 74 68 61 74 20 63 6f 6e 76 65	area..But.Type-7.LSAs.that.conve
e1e60	72 74 20 74 6f 20 54 79 70 65 2d 35 20 61 74 20 74 68 65 20 4e 53 53 41 20 41 42 52 20 61 72 65	rt.to.Type-5.at.the.NSSA.ABR.are
e1e80	20 61 6c 6c 6f 77 65 64 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73	.allowed..This.command.specifies
e1ea0	20 74 68 65 20 61 72 65 61 20 74 6f 20 62 65 20 61 20 4e 6f 74 20 53 6f 20 53 74 75 62 62 79 20	.the.area.to.be.a.Not.So.Stubby.
e1ec0	41 72 65 61 2e 20 45 78 74 65 72 6e 61 6c 20 72 6f 75 74 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69	Area..External.routing.informati
e1ee0	6f 6e 20 69 73 20 69 6d 70 6f 72 74 65 64 20 69 6e 74 6f 20 61 6e 20 4e 53 53 41 20 69 6e 20 54	on.is.imported.into.an.NSSA.in.T
e1f00	79 70 65 2d 37 20 4c 53 41 73 2e 20 54 79 70 65 2d 37 20 4c 53 41 73 20 61 72 65 20 73 69 6d 69	ype-7.LSAs..Type-7.LSAs.are.simi
e1f20	6c 61 72 20 74 6f 20 54 79 70 65 2d 35 20 41 53 2d 65 78 74 65 72 6e 61 6c 20 4c 53 41 73 2c 20	lar.to.Type-5.AS-external.LSAs,.
e1f40	65 78 63 65 70 74 20 74 68 61 74 20 74 68 65 79 20 63 61 6e 20 6f 6e 6c 79 20 62 65 20 66 6c 6f	except.that.they.can.only.be.flo
e1f60	6f 64 65 64 20 69 6e 74 6f 20 74 68 65 20 4e 53 53 41 2e 20 49 6e 20 6f 72 64 65 72 20 74 6f 20	oded.into.the.NSSA..In.order.to.
e1f80	66 75 72 74 68 65 72 20 70 72 6f 70 61 67 61 74 65 20 74 68 65 20 4e 53 53 41 20 65 78 74 65 72	further.propagate.the.NSSA.exter
e1fa0	6e 61 6c 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2c 20 74 68 65 20 54 79 70 65 2d 37 20 4c 53 41 20	nal.information,.the.Type-7.LSA.
e1fc0	6d 75 73 74 20 62 65 20 74 72 61 6e 73 6c 61 74 65 64 20 74 6f 20 61 20 54 79 70 65 2d 35 20 41	must.be.translated.to.a.Type-5.A
e1fe0	53 2d 65 78 74 65 72 6e 61 6c 2d 4c 53 41 20 62 79 20 74 68 65 20 4e 53 53 41 20 41 42 52 2e 00	S-external-LSA.by.the.NSSA.ABR..
e2000	54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 74 68 65 20 61 72 65 61 20	This.command.specifies.the.area.
e2020	74 6f 20 62 65 20 61 20 53 74 75 62 20 41 72 65 61 2e 20 54 68 61 74 20 69 73 2c 20 61 6e 20 61	to.be.a.Stub.Area..That.is,.an.a
e2040	72 65 61 20 77 68 65 72 65 20 6e 6f 20 72 6f 75 74 65 72 20 6f 72 69 67 69 6e 61 74 65 73 20 72	rea.where.no.router.originates.r
e2060	6f 75 74 65 73 20 65 78 74 65 72 6e 61 6c 20 74 6f 20 4f 53 50 46 20 61 6e 64 20 68 65 6e 63 65	outes.external.to.OSPF.and.hence
e2080	20 61 6e 20 61 72 65 61 20 77 68 65 72 65 20 61 6c 6c 20 65 78 74 65 72 6e 61 6c 20 72 6f 75 74	.an.area.where.all.external.rout
e20a0	65 73 20 61 72 65 20 76 69 61 20 74 68 65 20 41 42 52 28 73 29 2e 20 48 65 6e 63 65 2c 20 41 42	es.are.via.the.ABR(s)..Hence,.AB
e20c0	52 73 20 66 6f 72 20 73 75 63 68 20 61 6e 20 61 72 65 61 20 64 6f 20 6e 6f 74 20 6e 65 65 64 20	Rs.for.such.an.area.do.not.need.
e20e0	74 6f 20 70 61 73 73 20 41 53 2d 45 78 74 65 72 6e 61 6c 20 4c 53 41 73 20 28 74 79 70 65 2d 35	to.pass.AS-External.LSAs.(type-5
e2100	29 20 6f 72 20 41 53 42 52 2d 53 75 6d 6d 61 72 79 20 4c 53 41 73 20 28 74 79 70 65 2d 34 29 20	).or.ASBR-Summary.LSAs.(type-4).
e2120	69 6e 74 6f 20 74 68 65 20 61 72 65 61 2e 20 54 68 65 79 20 6e 65 65 64 20 6f 6e 6c 79 20 70 61	into.the.area..They.need.only.pa
e2140	73 73 20 4e 65 74 77 6f 72 6b 2d 53 75 6d 6d 61 72 79 20 28 74 79 70 65 2d 33 29 20 4c 53 41 73	ss.Network-Summary.(type-3).LSAs
e2160	20 69 6e 74 6f 20 73 75 63 68 20 61 6e 20 61 72 65 61 2c 20 61 6c 6f 6e 67 20 77 69 74 68 20 61	.into.such.an.area,.along.with.a
e2180	20 64 65 66 61 75 6c 74 2d 72 6f 75 74 65 20 73 75 6d 6d 61 72 79 2e 00 54 68 69 73 20 63 6f 6d	.default-route.summary..This.com
e21a0	6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 74 68 65 20 61 72 65 61 20 74 6f 20 62 65 20 61 20	mand.specifies.the.area.to.be.a.
e21c0	54 6f 74 61 6c 6c 79 20 53 74 75 62 20 41 72 65 61 2e 20 49 6e 20 61 64 64 69 74 69 6f 6e 20 74	Totally.Stub.Area..In.addition.t
e21e0	6f 20 73 74 75 62 20 61 72 65 61 20 6c 69 6d 69 74 61 74 69 6f 6e 73 20 74 68 69 73 20 61 72 65	o.stub.area.limitations.this.are
e2200	61 20 74 79 70 65 20 70 72 65 76 65 6e 74 73 20 61 6e 20 41 42 52 20 66 72 6f 6d 20 69 6e 6a 65	a.type.prevents.an.ABR.from.inje
e2220	63 74 69 6e 67 20 4e 65 74 77 6f 72 6b 2d 53 75 6d 6d 61 72 79 20 28 74 79 70 65 2d 33 29 20 4c	cting.Network-Summary.(type-3).L
e2240	53 41 73 20 69 6e 74 6f 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 73 74 75 62 20 61 72 65 61	SAs.into.the.specified.stub.area
e2260	2e 20 4f 6e 6c 79 20 64 65 66 61 75 6c 74 20 73 75 6d 6d 61 72 79 20 72 6f 75 74 65 20 69 73 20	..Only.default.summary.route.is.
e2280	61 6c 6c 6f 77 65 64 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20	allowed..This.command.specifies.
e22a0	74 68 65 20 62 61 73 65 20 72 65 63 65 69 76 65 20 63 6f 73 74 20 66 6f 72 20 74 68 69 73 20 69	the.base.receive.cost.for.this.i
e22c0	6e 74 65 72 66 61 63 65 2e 20 46 6f 72 20 77 69 72 65 6c 65 73 73 20 69 6e 74 65 72 66 61 63 65	nterface..For.wireless.interface
e22e0	73 2c 20 69 74 20 73 70 65 63 69 66 69 65 73 20 74 68 65 20 6d 75 6c 74 69 70 6c 69 65 72 20 75	s,.it.specifies.the.multiplier.u
e2300	73 65 64 20 66 6f 72 20 63 6f 6d 70 75 74 69 6e 67 20 74 68 65 20 45 54 58 20 72 65 63 65 70 74	sed.for.computing.the.ETX.recept
e2320	69 6f 6e 20 63 6f 73 74 20 28 64 65 66 61 75 6c 74 20 32 35 36 29 3b 20 66 6f 72 20 77 69 72 65	ion.cost.(default.256);.for.wire
e2340	64 20 69 6e 74 65 72 66 61 63 65 73 2c 20 69 74 20 73 70 65 63 69 66 69 65 73 20 74 68 65 20 63	d.interfaces,.it.specifies.the.c
e2360	6f 73 74 20 74 68 61 74 20 77 69 6c 6c 20 62 65 20 61 64 76 65 72 74 69 73 65 64 20 74 6f 20 6e	ost.that.will.be.advertised.to.n
e2380	65 69 67 68 62 6f 75 72 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65	eighbours..This.command.specifie
e23a0	73 20 74 68 65 20 64 65 63 61 79 20 66 61 63 74 6f 72 20 66 6f 72 20 74 68 65 20 65 78 70 6f 6e	s.the.decay.factor.for.the.expon
e23c0	65 6e 74 69 61 6c 20 6d 6f 76 69 6e 67 20 61 76 65 72 61 67 65 20 6f 66 20 52 54 54 20 73 61 6d	ential.moving.average.of.RTT.sam
e23e0	70 6c 65 73 2c 20 69 6e 20 75 6e 69 74 73 20 6f 66 20 31 2f 32 35 36 2e 20 48 69 67 68 65 72 20	ples,.in.units.of.1/256..Higher.
e2400	76 61 6c 75 65 73 20 64 69 73 63 61 72 64 20 6f 6c 64 20 73 61 6d 70 6c 65 73 20 66 61 73 74 65	values.discard.old.samples.faste
e2420	72 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 69 73 20 34 32 2e 00 54 68 69 73 20 63 6f 6d 6d 61	r..The.default.is.42..This.comma
e2440	6e 64 20 73 70 65 63 69 66 69 65 73 20 74 68 65 20 64 65 66 61 75 6c 74 20 6c 6f 63 61 6c 20 70	nd.specifies.the.default.local.p
e2460	72 65 66 65 72 65 6e 63 65 20 76 61 6c 75 65 2e 20 54 68 65 20 6c 6f 63 61 6c 20 70 72 65 66 65	reference.value..The.local.prefe
e2480	72 65 6e 63 65 20 72 61 6e 67 65 20 69 73 20 30 20 74 6f 20 34 32 39 34 39 36 37 32 39 35 2e 00	rence.range.is.0.to.4294967295..
e24a0	54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 74 68 65 20 64 65 66 61 75	This.command.specifies.the.defau
e24c0	6c 74 20 6d 65 74 72 69 63 20 76 61 6c 75 65 20 6f 66 20 72 65 64 69 73 74 72 69 62 75 74 65 64	lt.metric.value.of.redistributed
e24e0	20 72 6f 75 74 65 73 2e 20 54 68 65 20 6d 65 74 72 69 63 20 72 61 6e 67 65 20 69 73 20 30 20 74	.routes..The.metric.range.is.0.t
e2500	6f 20 31 36 37 37 37 32 31 34 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69	o.16777214..This.command.specifi
e2520	65 73 20 74 68 65 20 67 61 72 62 61 67 65 2d 63 6f 6c 6c 65 63 74 69 6f 6e 20 74 69 6d 65 72 2e	es.the.garbage-collection.timer.
e2540	20 55 70 6f 6e 20 65 78 70 69 72 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 67 61 72 62 61 67 65 2d	.Upon.expiration.of.the.garbage-
e2560	63 6f 6c 6c 65 63 74 69 6f 6e 20 74 69 6d 65 72 2c 20 74 68 65 20 72 6f 75 74 65 20 69 73 20 66	collection.timer,.the.route.is.f
e2580	69 6e 61 6c 6c 79 20 72 65 6d 6f 76 65 64 20 66 72 6f 6d 20 74 68 65 20 72 6f 75 74 69 6e 67 20	inally.removed.from.the.routing.
e25a0	74 61 62 6c 65 2e 20 54 68 65 20 74 69 6d 65 20 72 61 6e 67 65 20 69 73 20 35 20 74 6f 20 32 31	table..The.time.range.is.5.to.21
e25c0	34 37 34 38 33 36 34 37 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 76 61 6c 75 65 20 69 73 20 31	47483647..The.default.value.is.1
e25e0	32 30 20 73 65 63 6f 6e 64 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69	20.seconds..This.command.specifi
e2600	65 73 20 74 68 65 20 67 69 76 65 6e 20 6e 65 69 67 68 62 6f 72 20 61 73 20 72 6f 75 74 65 20 72	es.the.given.neighbor.as.route.r
e2620	65 66 6c 65 63 74 6f 72 20 63 6c 69 65 6e 74 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70	eflector.client..This.command.sp
e2640	65 63 69 66 69 65 73 20 74 68 65 20 6c 65 6e 67 74 68 20 6f 66 20 74 69 6d 65 2c 20 69 6e 20 73	ecifies.the.length.of.time,.in.s
e2660	65 63 6f 6e 64 73 2c 20 62 65 66 6f 72 65 20 74 68 65 20 72 6f 75 74 69 6e 67 20 64 65 76 69 63	econds,.before.the.routing.devic
e2680	65 20 73 65 6e 64 73 20 68 65 6c 6c 6f 20 70 61 63 6b 65 74 73 20 6f 75 74 20 6f 66 20 74 68 65	e.sends.hello.packets.out.of.the
e26a0	20 69 6e 74 65 72 66 61 63 65 20 62 65 66 6f 72 65 20 69 74 20 65 73 74 61 62 6c 69 73 68 65 73	.interface.before.it.establishes
e26c0	20 61 64 6a 61 63 65 6e 63 79 20 77 69 74 68 20 61 20 6e 65 69 67 68 62 6f 72 2e 20 54 68 65 20	.adjacency.with.a.neighbor..The.
e26e0	72 61 6e 67 65 20 69 73 20 31 20 74 6f 20 36 35 35 33 35 20 73 65 63 6f 6e 64 73 2e 20 54 68 65	range.is.1.to.65535.seconds..The
e2700	20 64 65 66 61 75 6c 74 20 76 61 6c 75 65 20 69 73 20 36 30 20 73 65 63 6f 6e 64 73 2e 00 54 68	.default.value.is.60.seconds..Th
e2720	69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 74 68 65 20 6d 61 78 69 6d 75 6d	is.command.specifies.the.maximum
e2740	20 52 54 54 2c 20 69 6e 20 6d 69 6c 6c 69 73 65 63 6f 6e 64 73 2c 20 61 62 6f 76 65 20 77 68 69	.RTT,.in.milliseconds,.above.whi
e2760	63 68 20 77 65 20 64 6f 6e 27 74 20 69 6e 63 72 65 61 73 65 20 74 68 65 20 63 6f 73 74 20 74 6f	ch.we.don't.increase.the.cost.to
e2780	20 61 20 6e 65 69 67 68 62 6f 75 72 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 69 73 20 31 32 30	.a.neighbour..The.default.is.120
e27a0	20 6d 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 74 68 65 20	.ms..This.command.specifies.the.
e27c0	6d 61 78 69 6d 75 6d 20 63 6f 73 74 20 61 64 64 65 64 20 74 6f 20 61 20 6e 65 69 67 68 62 6f 75	maximum.cost.added.to.a.neighbou
e27e0	72 20 62 65 63 61 75 73 65 20 6f 66 20 52 54 54 2c 20 69 2e 65 2e 20 77 68 65 6e 20 74 68 65 20	r.because.of.RTT,.i.e..when.the.
e2800	52 54 54 20 69 73 20 68 69 67 68 65 72 20 6f 72 20 65 71 75 61 6c 20 74 68 61 6e 20 72 74 74 2d	RTT.is.higher.or.equal.than.rtt-
e2820	6d 61 78 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 69 73 20 31 35 30 2e 20 53 65 74 74 69 6e 67	max..The.default.is.150..Setting
e2840	20 69 74 20 74 6f 20 30 20 65 66 66 65 63 74 69 76 65 6c 79 20 64 69 73 61 62 6c 65 73 20 74 68	.it.to.0.effectively.disables.th
e2860	65 20 75 73 65 20 6f 66 20 61 20 52 54 54 2d 62 61 73 65 64 20 63 6f 73 74 2e 00 54 68 69 73 20	e.use.of.a.RTT-based.cost..This.
e2880	63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 74 68 65 20 6d 69 6e 69 6d 75 6d 20 52 54	command.specifies.the.minimum.RT
e28a0	54 2c 20 69 6e 20 6d 69 6c 6c 69 73 65 63 6f 6e 64 73 2c 20 73 74 61 72 74 69 6e 67 20 66 72 6f	T,.in.milliseconds,.starting.fro
e28c0	6d 20 77 68 69 63 68 20 77 65 20 69 6e 63 72 65 61 73 65 20 74 68 65 20 63 6f 73 74 20 74 6f 20	m.which.we.increase.the.cost.to.
e28e0	61 20 6e 65 69 67 68 62 6f 75 72 2e 20 54 68 65 20 61 64 64 69 74 69 6f 6e 61 6c 20 63 6f 73 74	a.neighbour..The.additional.cost
e2900	20 69 73 20 6c 69 6e 65 61 72 20 69 6e 20 28 72 74 74 20 2d 20 72 74 74 2d 6d 69 6e 29 2e 20 54	.is.linear.in.(rtt.-.rtt-min)..T
e2920	68 65 20 64 65 66 61 75 6c 74 20 69 73 20 31 30 20 6d 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e	he.default.is.10.ms..This.comman
e2940	64 20 73 70 65 63 69 66 69 65 73 20 74 68 65 20 6d 69 6e 69 6d 75 6d 20 72 6f 75 74 65 20 61 64	d.specifies.the.minimum.route.ad
e2960	76 65 72 74 69 73 65 6d 65 6e 74 20 69 6e 74 65 72 76 61 6c 20 66 6f 72 20 74 68 65 20 70 65 65	vertisement.interval.for.the.pee
e2980	72 2e 20 54 68 65 20 69 6e 74 65 72 76 61 6c 20 76 61 6c 75 65 20 69 73 20 30 20 74 6f 20 36 30	r..The.interval.value.is.0.to.60
e29a0	30 20 73 65 63 6f 6e 64 73 2c 20 77 69 74 68 20 74 68 65 20 64 65 66 61 75 6c 74 20 61 64 76 65	0.seconds,.with.the.default.adve
e29c0	72 74 69 73 65 6d 65 6e 74 20 69 6e 74 65 72 76 61 6c 20 62 65 69 6e 67 20 30 2e 00 54 68 69 73	rtisement.interval.being.0..This
e29e0	20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 74 68 65 20 72 6f 75 74 65 72 20 70 72	.command.specifies.the.router.pr
e2a00	69 6f 72 69 74 79 20 76 61 6c 75 65 20 6f 66 20 74 68 65 20 6e 6f 6e 62 72 6f 61 64 63 61 73 74	iority.value.of.the.nonbroadcast
e2a20	20 6e 65 69 67 68 62 6f 72 20 61 73 73 6f 63 69 61 74 65 64 20 77 69 74 68 20 74 68 65 20 49 50	.neighbor.associated.with.the.IP
e2a40	20 61 64 64 72 65 73 73 20 73 70 65 63 69 66 69 65 64 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20	.address.specified..The.default.
e2a60	69 73 20 30 2e 20 54 68 69 73 20 6b 65 79 77 6f 72 64 20 64 6f 65 73 20 6e 6f 74 20 61 70 70 6c	is.0..This.keyword.does.not.appl
e2a80	79 20 74 6f 20 70 6f 69 6e 74 2d 74 6f 2d 6d 75 6c 74 69 70 6f 69 6e 74 20 69 6e 74 65 72 66 61	y.to.point-to-multipoint.interfa
e2aa0	63 65 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 74 68 65 20	ces..This.command.specifies.the.
e2ac0	72 6f 75 74 65 72 2d 49 44 2e 20 49 66 20 72 6f 75 74 65 72 20 49 44 20 69 73 20 6e 6f 74 20 73	router-ID..If.router.ID.is.not.s
e2ae0	70 65 63 69 66 69 65 64 20 69 74 20 77 69 6c 6c 20 75 73 65 20 74 68 65 20 68 69 67 68 65 73 74	pecified.it.will.use.the.highest
e2b00	20 69 6e 74 65 72 66 61 63 65 20 49 50 20 61 64 64 72 65 73 73 2e 00 54 68 69 73 20 63 6f 6d 6d	.interface.IP.address..This.comm
e2b20	61 6e 64 20 73 70 65 63 69 66 69 65 73 20 74 68 65 20 74 69 6d 65 20 63 6f 6e 73 74 61 6e 74 2c	and.specifies.the.time.constant,
e2b40	20 69 6e 20 73 65 63 6f 6e 64 73 2c 20 6f 66 20 74 68 65 20 73 6d 6f 6f 74 68 69 6e 67 20 61 6c	.in.seconds,.of.the.smoothing.al
e2b60	67 6f 72 69 74 68 6d 20 75 73 65 64 20 66 6f 72 20 69 6d 70 6c 65 6d 65 6e 74 69 6e 67 20 68 79	gorithm.used.for.implementing.hy
e2b80	73 74 65 72 65 73 69 73 2e 20 4c 61 72 67 65 72 20 76 61 6c 75 65 73 20 72 65 64 75 63 65 20 72	steresis..Larger.values.reduce.r
e2ba0	6f 75 74 65 20 6f 73 63 69 6c 6c 61 74 69 6f 6e 20 61 74 20 74 68 65 20 63 6f 73 74 20 6f 66 20	oute.oscillation.at.the.cost.of.
e2bc0	76 65 72 79 20 73 6c 69 67 68 74 6c 79 20 69 6e 63 72 65 61 73 69 6e 67 20 63 6f 6e 76 65 72 67	very.slightly.increasing.converg
e2be0	65 6e 63 65 20 74 69 6d 65 2e 20 54 68 65 20 76 61 6c 75 65 20 30 20 64 69 73 61 62 6c 65 73 20	ence.time..The.value.0.disables.
e2c00	68 79 73 74 65 72 65 73 69 73 2c 20 61 6e 64 20 69 73 20 73 75 69 74 61 62 6c 65 20 66 6f 72 20	hysteresis,.and.is.suitable.for.
e2c20	77 69 72 65 64 20 6e 65 74 77 6f 72 6b 73 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 69 73 20 34	wired.networks..The.default.is.4
e2c40	20 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 74 68 65 20 74	.s..This.command.specifies.the.t
e2c60	69 6d 65 20 69 6e 20 6d 69 6c 6c 69 73 65 63 6f 6e 64 73 20 61 66 74 65 72 20 77 68 69 63 68 20	ime.in.milliseconds.after.which.
e2c80	61 6e 20 27 69 6d 70 6f 72 74 61 6e 74 27 20 72 65 71 75 65 73 74 20 6f 72 20 75 70 64 61 74 65	an.'important'.request.or.update
e2ca0	20 77 69 6c 6c 20 62 65 20 72 65 73 65 6e 74 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 69 73 20	.will.be.resent..The.default.is.
e2cc0	32 30 30 30 20 6d 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20	2000.ms..This.command.specifies.
e2ce0	74 68 65 20 74 69 6d 65 20 69 6e 20 6d 69 6c 6c 69 73 65 63 6f 6e 64 73 20 62 65 74 77 65 65 6e	the.time.in.milliseconds.between
e2d00	20 74 77 6f 20 73 63 68 65 64 75 6c 65 64 20 68 65 6c 6c 6f 73 2e 20 4f 6e 20 77 69 72 65 64 20	.two.scheduled.hellos..On.wired.
e2d20	6c 69 6e 6b 73 2c 20 42 61 62 65 6c 20 6e 6f 74 69 63 65 73 20 61 20 6c 69 6e 6b 20 66 61 69 6c	links,.Babel.notices.a.link.fail
e2d40	75 72 65 20 77 69 74 68 69 6e 20 74 77 6f 20 68 65 6c 6c 6f 20 69 6e 74 65 72 76 61 6c 73 3b 20	ure.within.two.hello.intervals;.
e2d60	6f 6e 20 77 69 72 65 6c 65 73 73 20 6c 69 6e 6b 73 2c 20 74 68 65 20 6c 69 6e 6b 20 71 75 61 6c	on.wireless.links,.the.link.qual
e2d80	69 74 79 20 76 61 6c 75 65 20 69 73 20 72 65 65 73 74 69 6d 61 74 65 64 20 61 74 20 65 76 65 72	ity.value.is.reestimated.at.ever
e2da0	79 20 68 65 6c 6c 6f 20 69 6e 74 65 72 76 61 6c 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 69 73	y.hello.interval..The.default.is
e2dc0	20 34 30 30 30 20 6d 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73	.4000.ms..This.command.specifies
e2de0	20 74 68 65 20 74 69 6d 65 20 69 6e 20 6d 69 6c 6c 69 73 65 63 6f 6e 64 73 20 62 65 74 77 65 65	.the.time.in.milliseconds.betwee
e2e00	6e 20 74 77 6f 20 73 63 68 65 64 75 6c 65 64 20 75 70 64 61 74 65 73 2e 20 53 69 6e 63 65 20 42	n.two.scheduled.updates..Since.B
e2e20	61 62 65 6c 20 6d 61 6b 65 73 20 65 78 74 65 6e 73 69 76 65 20 75 73 65 20 6f 66 20 74 72 69 67	abel.makes.extensive.use.of.trig
e2e40	67 65 72 65 64 20 75 70 64 61 74 65 73 2c 20 74 68 69 73 20 63 61 6e 20 62 65 20 73 65 74 20 74	gered.updates,.this.can.be.set.t
e2e60	6f 20 66 61 69 72 6c 79 20 68 69 67 68 20 76 61 6c 75 65 73 20 6f 6e 20 6c 69 6e 6b 73 20 77 69	o.fairly.high.values.on.links.wi
e2e80	74 68 20 6c 69 74 74 6c 65 20 70 61 63 6b 65 74 20 6c 6f 73 73 2e 20 54 68 65 20 64 65 66 61 75	th.little.packet.loss..The.defau
e2ea0	6c 74 20 69 73 20 32 30 30 30 30 20 6d 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65	lt.is.20000.ms..This.command.spe
e2ec0	63 69 66 69 65 73 20 74 68 65 20 74 69 6d 65 6f 75 74 20 74 69 6d 65 72 2e 20 55 70 6f 6e 20 65	cifies.the.timeout.timer..Upon.e
e2ee0	78 70 69 72 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 74 69 6d 65 6f 75 74 2c 20 74 68 65 20 72 6f	xpiration.of.the.timeout,.the.ro
e2f00	75 74 65 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 76 61 6c 69 64 3b 20 68 6f 77 65 76 65 72 2c	ute.is.no.longer.valid;.however,
e2f20	20 69 74 20 69 73 20 72 65 74 61 69 6e 65 64 20 69 6e 20 74 68 65 20 72 6f 75 74 69 6e 67 20 74	.it.is.retained.in.the.routing.t
e2f40	61 62 6c 65 20 66 6f 72 20 61 20 73 68 6f 72 74 20 74 69 6d 65 20 73 6f 20 74 68 61 74 20 6e 65	able.for.a.short.time.so.that.ne
e2f60	69 67 68 62 6f 72 73 20 63 61 6e 20 62 65 20 6e 6f 74 69 66 69 65 64 20 74 68 61 74 20 74 68 65	ighbors.can.be.notified.that.the
e2f80	20 72 6f 75 74 65 20 68 61 73 20 62 65 65 6e 20 64 72 6f 70 70 65 64 2e 20 54 68 65 20 74 69 6d	.route.has.been.dropped..The.tim
e2fa0	65 20 72 61 6e 67 65 20 69 73 20 35 20 74 6f 20 32 31 34 37 34 38 33 36 34 37 2e 20 54 68 65 20	e.range.is.5.to.2147483647..The.
e2fc0	64 65 66 61 75 6c 74 20 76 61 6c 75 65 20 69 73 20 31 38 30 20 73 65 63 6f 6e 64 73 2e 00 54 68	default.value.is.180.seconds..Th
e2fe0	69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 69 65 73 20 74 68 65 20 75 70 64 61 74 65 20	is.command.specifies.the.update.
e3000	74 69 6d 65 72 2e 20 45 76 65 72 79 20 75 70 64 61 74 65 20 74 69 6d 65 72 20 73 65 63 6f 6e 64	timer..Every.update.timer.second
e3020	73 2c 20 74 68 65 20 52 49 50 20 70 72 6f 63 65 73 73 20 69 73 20 61 77 61 6b 65 6e 65 64 20 74	s,.the.RIP.process.is.awakened.t
e3040	6f 20 73 65 6e 64 20 61 6e 20 75 6e 73 6f 6c 69 63 69 74 65 64 20 72 65 73 70 6f 6e 73 65 20 6d	o.send.an.unsolicited.response.m
e3060	65 73 73 61 67 65 20 63 6f 6e 74 61 69 6e 69 6e 67 20 74 68 65 20 63 6f 6d 70 6c 65 74 65 20 72	essage.containing.the.complete.r
e3080	6f 75 74 69 6e 67 20 74 61 62 6c 65 20 74 6f 20 61 6c 6c 20 6e 65 69 67 68 62 6f 72 69 6e 67 20	outing.table.to.all.neighboring.
e30a0	52 49 50 20 72 6f 75 74 65 72 73 2e 20 54 68 65 20 74 69 6d 65 20 72 61 6e 67 65 20 69 73 20 35	RIP.routers..The.time.range.is.5
e30c0	20 74 6f 20 32 31 34 37 34 38 33 36 34 37 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 76 61 6c 75	.to.2147483647..The.default.valu
e30e0	65 20 69 73 20 33 30 20 73 65 63 6f 6e 64 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70	e.is.30.seconds..This.command.sp
e3100	65 63 69 66 69 65 73 20 77 68 65 74 68 65 72 20 74 6f 20 70 65 72 66 6f 72 6d 20 73 70 6c 69 74	ecifies.whether.to.perform.split
e3120	2d 68 6f 72 69 7a 6f 6e 20 6f 6e 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 2e 20 53 70 65 63 69	-horizon.on.the.interface..Speci
e3140	66 79 69 6e 67 20 6e 6f 20 62 61 62 65 6c 20 73 70 6c 69 74 2d 68 6f 72 69 7a 6f 6e 20 69 73 20	fying.no.babel.split-horizon.is.
e3160	61 6c 77 61 79 73 20 63 6f 72 72 65 63 74 2c 20 77 68 69 6c 65 20 62 61 62 65 6c 20 73 70 6c 69	always.correct,.while.babel.spli
e3180	74 2d 68 6f 72 69 7a 6f 6e 20 69 73 20 61 6e 20 6f 70 74 69 6d 69 73 61 74 69 6f 6e 20 74 68 61	t-horizon.is.an.optimisation.tha
e31a0	74 20 73 68 6f 75 6c 64 20 6f 6e 6c 79 20 62 65 20 75 73 65 64 20 6f 6e 20 73 79 6d 6d 65 74 72	t.should.only.be.used.on.symmetr
e31c0	69 63 20 61 6e 64 20 74 72 61 6e 73 69 74 69 76 65 20 28 77 69 72 65 64 29 20 6e 65 74 77 6f 72	ic.and.transitive.(wired).networ
e31e0	6b 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 79 20 74 68 61 74 20 4f 53	ks..This.command.specify.that.OS
e3200	50 46 20 70 61 63 6b 65 74 73 20 6d 75 73 74 20 62 65 20 61 75 74 68 65 6e 74 69 63 61 74 65 64	PF.packets.must.be.authenticated
e3220	20 77 69 74 68 20 4d 44 35 20 48 4d 41 43 73 20 77 69 74 68 69 6e 20 74 68 65 20 67 69 76 65 6e	.with.MD5.HMACs.within.the.given
e3240	20 61 72 65 61 2e 20 4b 65 79 69 6e 67 20 6d 61 74 65 72 69 61 6c 20 6d 75 73 74 20 61 6c 73 6f	.area..Keying.material.must.also
e3260	20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 6f 6e 20 61 20 70 65 72 2d 69 6e 74 65 72 66 61 63	.be.configured.on.a.per-interfac
e3280	65 20 62 61 73 69 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 73 70 65 63 69 66 79 73 20 74	e.basis..This.command.specifys.t
e32a0	68 61 74 20 4d 44 35 20 48 4d 41 43 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 6d 75 73 74	hat.MD5.HMAC.authentication.must
e32c0	20 62 65 20 75 73 65 64 20 6f 6e 20 74 68 69 73 20 69 6e 74 65 72 66 61 63 65 2e 20 49 74 20 73	.be.used.on.this.interface..It.s
e32e0	65 74 73 20 4f 53 50 46 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 6b 65 79 20 74 6f 20 61	ets.OSPF.authentication.key.to.a
e3300	20 63 72 79 70 74 6f 67 72 61 70 68 69 63 20 70 61 73 73 77 6f 72 64 2e 20 4b 65 79 2d 69 64 20	.cryptographic.password..Key-id.
e3320	69 64 65 6e 74 69 66 69 65 73 20 73 65 63 72 65 74 20 6b 65 79 20 75 73 65 64 20 74 6f 20 63 72	identifies.secret.key.used.to.cr
e3340	65 61 74 65 20 74 68 65 20 6d 65 73 73 61 67 65 20 64 69 67 65 73 74 2e 20 54 68 69 73 20 49 44	eate.the.message.digest..This.ID
e3360	20 69 73 20 70 61 72 74 20 6f 66 20 74 68 65 20 70 72 6f 74 6f 63 6f 6c 20 61 6e 64 20 6d 75 73	.is.part.of.the.protocol.and.mus
e3380	74 20 62 65 20 63 6f 6e 73 69 73 74 65 6e 74 20 61 63 72 6f 73 73 20 72 6f 75 74 65 72 73 20 6f	t.be.consistent.across.routers.o
e33a0	6e 20 61 20 6c 69 6e 6b 2e 20 54 68 65 20 6b 65 79 20 63 61 6e 20 62 65 20 6c 6f 6e 67 20 75 70	n.a.link..The.key.can.be.long.up
e33c0	20 74 6f 20 31 36 20 63 68 61 72 73 20 28 6c 61 72 67 65 72 20 73 74 72 69 6e 67 73 20 77 69 6c	.to.16.chars.(larger.strings.wil
e33e0	6c 20 62 65 20 74 72 75 6e 63 61 74 65 64 29 2c 20 61 6e 64 20 69 73 20 61 73 73 6f 63 69 61 74	l.be.truncated),.and.is.associat
e3400	65 64 20 77 69 74 68 20 74 68 65 20 67 69 76 65 6e 20 6b 65 79 2d 69 64 2e 00 54 68 69 73 20 63	ed.with.the.given.key-id..This.c
e3420	6f 6d 6d 61 6e 64 20 73 75 6d 6d 61 72 69 7a 65 73 20 69 6e 74 72 61 20 61 72 65 61 20 70 61 74	ommand.summarizes.intra.area.pat
e3440	68 73 20 66 72 6f 6d 20 73 70 65 63 69 66 69 65 64 20 61 72 65 61 20 69 6e 74 6f 20 6f 6e 65 20	hs.from.specified.area.into.one.
e3460	54 79 70 65 2d 33 20 49 6e 74 65 72 2d 41 72 65 61 20 50 72 65 66 69 78 20 4c 53 41 20 61 6e 6e	Type-3.Inter-Area.Prefix.LSA.ann
e3480	6f 75 6e 63 65 64 20 74 6f 20 6f 74 68 65 72 20 61 72 65 61 73 2e 20 54 68 69 73 20 63 6f 6d 6d	ounced.to.other.areas..This.comm
e34a0	61 6e 64 20 63 61 6e 20 62 65 20 75 73 65 64 20 6f 6e 6c 79 20 69 6e 20 41 42 52 2e 00 54 68 69	and.can.be.used.only.in.ABR..Thi
e34c0	73 20 63 6f 6d 6d 61 6e 64 20 73 75 6d 6d 61 72 69 7a 65 73 20 69 6e 74 72 61 20 61 72 65 61 20	s.command.summarizes.intra.area.
e34e0	70 61 74 68 73 20 66 72 6f 6d 20 73 70 65 63 69 66 69 65 64 20 61 72 65 61 20 69 6e 74 6f 20 6f	paths.from.specified.area.into.o
e3500	6e 65 20 73 75 6d 6d 61 72 79 2d 4c 53 41 20 28 54 79 70 65 2d 33 29 20 61 6e 6e 6f 75 6e 63 65	ne.summary-LSA.(Type-3).announce
e3520	64 20 74 6f 20 6f 74 68 65 72 20 61 72 65 61 73 2e 20 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 63	d.to.other.areas..This.command.c
e3540	61 6e 20 62 65 20 75 73 65 64 20 6f 6e 6c 79 20 69 6e 20 41 42 52 20 61 6e 64 20 4f 4e 4c 59 20	an.be.used.only.in.ABR.and.ONLY.
e3560	72 6f 75 74 65 72 2d 4c 53 41 73 20 28 54 79 70 65 2d 31 29 20 61 6e 64 20 6e 65 74 77 6f 72 6b	router-LSAs.(Type-1).and.network
e3580	2d 4c 53 41 73 20 28 54 79 70 65 2d 32 29 20 28 69 2e 65 2e 20 4c 53 41 73 20 77 69 74 68 20 73	-LSAs.(Type-2).(i.e..LSAs.with.s
e35a0	63 6f 70 65 20 61 72 65 61 29 20 63 61 6e 20 62 65 20 73 75 6d 6d 61 72 69 7a 65 64 2e 20 41 53	cope.area).can.be.summarized..AS
e35c0	2d 65 78 74 65 72 6e 61 6c 2d 4c 53 41 73 20 28 54 79 70 65 2d 35 29 20 63 61 6e e2 80 99 74 20	-external-LSAs.(Type-5).can...t.
e35e0	62 65 20 73 75 6d 6d 61 72 69 7a 65 64 20 2d 20 74 68 65 69 72 20 73 63 6f 70 65 20 69 73 20 41	be.summarized.-.their.scope.is.A
e3600	53 2e 20 54 68 65 20 6f 70 74 69 6f 6e 61 6c 20 61 72 67 75 6d 65 6e 74 20 3a 63 66 67 63 6d 64	S..The.optional.argument.:cfgcmd
e3620	3a 60 63 6f 73 74 60 20 73 70 65 63 69 66 69 65 73 20 74 68 65 20 61 67 67 72 65 67 61 74 65 64	:`cost`.specifies.the.aggregated
e3640	20 6c 69 6e 6b 20 6d 65 74 72 69 63 2e 20 54 68 65 20 6d 65 74 72 69 63 20 72 61 6e 67 65 20 69	.link.metric..The.metric.range.i
e3660	73 20 30 20 74 6f 20 31 36 37 37 37 32 31 35 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f	s.0.to.16777215..This.command.to
e3680	20 65 6e 73 75 72 65 20 6e 6f 74 20 61 64 76 65 72 74 69 73 65 20 74 68 65 20 73 75 6d 6d 61 72	.ensure.not.advertise.the.summar
e36a0	79 20 6c 73 61 20 66 6f 72 20 74 68 65 20 6d 61 74 63 68 65 64 20 65 78 74 65 72 6e 61 6c 20 4c	y.lsa.for.the.matched.external.L
e36c0	53 41 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 75 73 65 73 20 74 6f 20 63 6c 65 61 72 20	SAs..This.command.uses.to.clear.
e36e0	42 47 50 20 72 6f 75 74 65 20 64 61 6d 70 65 6e 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20	BGP.route.dampening.information.
e3700	61 6e 64 20 74 6f 20 75 6e 73 75 70 70 72 65 73 73 20 73 75 70 70 72 65 73 73 65 64 20 72 6f 75	and.to.unsuppress.suppressed.rou
e3720	74 65 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 77 61 73 20 69 6e 74 72 6f 64 75 63 65 64	tes..This.command.was.introduced
e3740	20 69 6e 20 56 79 4f 53 20 31 2e 34 20 2d 20 69 74 20 77 61 73 20 70 72 65 76 69 6f 75 73 6c 79	.in.VyOS.1.4.-.it.was.previously
e3760	20 63 61 6c 6c 65 64 3a 20 60 60 73 65 74 20 66 69 72 65 77 61 6c 6c 20 6f 70 74 69 6f 6e 73 20	.called:.``set.firewall.options.
e3780	69 6e 74 65 72 66 61 63 65 20 3c 6e 61 6d 65 3e 20 61 64 6a 75 73 74 2d 6d 73 73 20 3c 76 61 6c	interface.<name>.adjust-mss.<val
e37a0	75 65 3e 60 60 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 77 61 73 20 69 6e 74 72 6f 64 75 63 65	ue>``.This.command.was.introduce
e37c0	64 20 69 6e 20 56 79 4f 53 20 31 2e 34 20 2d 20 69 74 20 77 61 73 20 70 72 65 76 69 6f 75 73 6c	d.in.VyOS.1.4.-.it.was.previousl
e37e0	79 20 63 61 6c 6c 65 64 3a 20 60 60 73 65 74 20 66 69 72 65 77 61 6c 6c 20 6f 70 74 69 6f 6e 73	y.called:.``set.firewall.options
e3800	20 69 6e 74 65 72 66 61 63 65 20 3c 6e 61 6d 65 3e 20 61 64 6a 75 73 74 2d 6d 73 73 36 20 3c 76	.interface.<name>.adjust-mss6.<v
e3820	61 6c 75 65 3e 60 60 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 77 69 6c 6c 20 63 68 61 6e 67 65	alue>``.This.command.will.change
e3840	20 74 68 65 20 68 6f 6c 64 20 64 6f 77 6e 20 76 61 6c 75 65 20 66 6f 72 20 49 47 50 2d 4c 44 50	.the.hold.down.value.for.IGP-LDP
e3860	20 73 79 6e 63 68 72 6f 6e 69 7a 61 74 69 6f 6e 20 64 75 72 69 6e 67 20 63 6f 6e 76 65 72 67 65	.synchronization.during.converge
e3880	6e 63 65 2f 69 6e 74 65 72 66 61 63 65 20 66 6c 61 70 20 65 76 65 6e 74 73 2c 20 62 75 74 20 66	nce/interface.flap.events,.but.f
e38a0	6f 72 20 74 68 69 73 20 69 6e 74 65 72 66 61 63 65 20 6f 6e 6c 79 2e 00 54 68 69 73 20 63 6f 6d	or.this.interface.only..This.com
e38c0	6d 61 6e 64 20 77 69 6c 6c 20 63 68 61 6e 67 65 20 74 68 65 20 68 6f 6c 64 20 64 6f 77 6e 20 76	mand.will.change.the.hold.down.v
e38e0	61 6c 75 65 20 67 6c 6f 62 61 6c 6c 79 20 66 6f 72 20 49 47 50 2d 4c 44 50 20 73 79 6e 63 68 72	alue.globally.for.IGP-LDP.synchr
e3900	6f 6e 69 7a 61 74 69 6f 6e 20 64 75 72 69 6e 67 20 63 6f 6e 76 65 72 67 65 6e 63 65 2f 69 6e 74	onization.during.convergence/int
e3920	65 72 66 61 63 65 20 66 6c 61 70 20 65 76 65 6e 74 73 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64	erface.flap.events..This.command
e3940	20 77 69 6c 6c 20 65 6e 61 62 6c 65 20 49 47 50 2d 4c 44 50 20 73 79 6e 63 68 72 6f 6e 69 7a 61	.will.enable.IGP-LDP.synchroniza
e3960	74 69 6f 6e 20 67 6c 6f 62 61 6c 6c 79 20 66 6f 72 20 49 53 49 53 2e 20 54 68 69 73 20 72 65 71	tion.globally.for.ISIS..This.req
e3980	75 69 72 65 73 20 66 6f 72 20 4c 44 50 20 74 6f 20 62 65 20 66 75 6e 63 74 69 6f 6e 61 6c 2e 20	uires.for.LDP.to.be.functional..
e39a0	54 68 69 73 20 69 73 20 64 65 73 63 72 69 62 65 64 20 69 6e 20 3a 72 66 63 3a 60 35 34 34 33 60	This.is.described.in.:rfc:`5443`
e39c0	2e 20 42 79 20 64 65 66 61 75 6c 74 20 61 6c 6c 20 69 6e 74 65 72 66 61 63 65 73 20 6f 70 65 72	..By.default.all.interfaces.oper
e39e0	61 74 69 6f 6e 61 6c 20 69 6e 20 49 53 2d 49 53 20 61 72 65 20 65 6e 61 62 6c 65 64 20 66 6f 72	ational.in.IS-IS.are.enabled.for
e3a00	20 73 79 6e 63 68 72 6f 6e 69 7a 61 74 69 6f 6e 2e 20 4c 6f 6f 70 62 61 63 6b 73 20 61 72 65 20	.synchronization..Loopbacks.are.
e3a20	65 78 65 6d 70 74 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 77 69 6c 6c 20 65 6e 61 62 6c 65	exempt..This.command.will.enable
e3a40	20 49 47 50 2d 4c 44 50 20 73 79 6e 63 68 72 6f 6e 69 7a 61 74 69 6f 6e 20 67 6c 6f 62 61 6c 6c	.IGP-LDP.synchronization.globall
e3a60	79 20 66 6f 72 20 4f 53 50 46 2e 20 54 68 69 73 20 72 65 71 75 69 72 65 73 20 66 6f 72 20 4c 44	y.for.OSPF..This.requires.for.LD
e3a80	50 20 74 6f 20 62 65 20 66 75 6e 63 74 69 6f 6e 61 6c 2e 20 54 68 69 73 20 69 73 20 64 65 73 63	P.to.be.functional..This.is.desc
e3aa0	72 69 62 65 64 20 69 6e 20 3a 72 66 63 3a 60 35 34 34 33 60 2e 20 42 79 20 64 65 66 61 75 6c 74	ribed.in.:rfc:`5443`..By.default
e3ac0	20 61 6c 6c 20 69 6e 74 65 72 66 61 63 65 73 20 6f 70 65 72 61 74 69 6f 6e 61 6c 20 69 6e 20 4f	.all.interfaces.operational.in.O
e3ae0	53 50 46 20 61 72 65 20 65 6e 61 62 6c 65 64 20 66 6f 72 20 73 79 6e 63 68 72 6f 6e 69 7a 61 74	SPF.are.enabled.for.synchronizat
e3b00	69 6f 6e 2e 20 4c 6f 6f 70 62 61 63 6b 73 20 61 72 65 20 65 78 65 6d 70 74 2e 00 54 68 69 73 20	ion..Loopbacks.are.exempt..This.
e3b20	63 6f 6d 6d 61 6e 64 20 77 69 6c 6c 20 67 65 6e 65 72 61 74 65 20 61 20 64 65 66 61 75 6c 74 2d	command.will.generate.a.default-
e3b40	72 6f 75 74 65 20 69 6e 20 4c 31 20 64 61 74 61 62 61 73 65 2e 00 54 68 69 73 20 63 6f 6d 6d 61	route.in.L1.database..This.comma
e3b60	6e 64 20 77 69 6c 6c 20 67 65 6e 65 72 61 74 65 20 61 20 64 65 66 61 75 6c 74 2d 72 6f 75 74 65	nd.will.generate.a.default-route
e3b80	20 69 6e 20 4c 32 20 64 61 74 61 62 61 73 65 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 77 69	.in.L2.database..This.command.wi
e3ba0	6c 6c 20 67 69 76 65 20 61 6e 20 6f 76 65 72 76 69 65 77 20 6f 66 20 61 20 72 75 6c 65 20 69 6e	ll.give.an.overview.of.a.rule.in
e3bc0	20 61 20 73 69 6e 67 6c 65 20 72 75 6c 65 2d 73 65 74 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20	.a.single.rule-set.This.command.
e3be0	77 69 6c 6c 20 67 69 76 65 20 61 6e 20 6f 76 65 72 76 69 65 77 20 6f 66 20 61 20 72 75 6c 65 20	will.give.an.overview.of.a.rule.
e3c00	69 6e 20 61 20 73 69 6e 67 6c 65 20 72 75 6c 65 2d 73 65 74 2e 00 54 68 69 73 20 63 6f 6d 6d 61	in.a.single.rule-set..This.comma
e3c20	6e 64 20 77 69 6c 6c 20 67 69 76 65 20 61 6e 20 6f 76 65 72 76 69 65 77 20 6f 66 20 61 20 73 69	nd.will.give.an.overview.of.a.si
e3c40	6e 67 6c 65 20 72 75 6c 65 2d 73 65 74 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 77 6f 75 6c	ngle.rule-set..This.command.woul
e3c60	64 20 61 6c 6c 6f 77 20 74 68 65 20 64 79 6e 61 6d 69 63 20 75 70 64 61 74 65 20 6f 66 20 63 61	d.allow.the.dynamic.update.of.ca
e3c80	70 61 62 69 6c 69 74 69 65 73 20 6f 76 65 72 20 61 6e 20 65 73 74 61 62 6c 69 73 68 65 64 20 42	pabilities.over.an.established.B
e3ca0	47 50 20 73 65 73 73 69 6f 6e 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 73 20 63 72 65 61 74 65	GP.session..This.commands.create
e3cc0	73 20 61 20 62 72 69 64 67 65 20 74 68 61 74 20 69 73 20 75 73 65 64 20 74 6f 20 62 69 6e 64 20	s.a.bridge.that.is.used.to.bind.
e3ce0	74 72 61 66 66 69 63 20 6f 6e 20 65 74 68 31 20 76 6c 61 6e 20 32 34 31 20 77 69 74 68 20 74 68	traffic.on.eth1.vlan.241.with.th
e3d00	65 20 76 78 6c 61 6e 32 34 31 2d 69 6e 74 65 72 66 61 63 65 2e 20 54 68 65 20 49 50 20 61 64 64	e.vxlan241-interface..The.IP.add
e3d20	72 65 73 73 20 69 73 20 6e 6f 74 20 72 65 71 75 69 72 65 64 2e 20 49 74 20 6d 61 79 20 68 6f 77	ress.is.not.required..It.may.how
e3d40	65 76 65 72 20 62 65 20 75 73 65 64 20 61 73 20 61 20 64 65 66 61 75 6c 74 20 67 61 74 65 77 61	ever.be.used.as.a.default.gatewa
e3d60	79 20 66 6f 72 20 65 61 63 68 20 4c 65 61 66 20 77 68 69 63 68 20 61 6c 6c 6f 77 73 20 64 65 76	y.for.each.Leaf.which.allows.dev
e3d80	69 63 65 73 20 6f 6e 20 74 68 65 20 76 6c 61 6e 20 74 6f 20 72 65 61 63 68 20 6f 74 68 65 72 20	ices.on.the.vlan.to.reach.other.
e3da0	73 75 62 6e 65 74 73 2e 20 54 68 69 73 20 72 65 71 75 69 72 65 73 20 74 68 61 74 20 74 68 65 20	subnets..This.requires.that.the.
e3dc0	73 75 62 6e 65 74 73 20 61 72 65 20 72 65 64 69 73 74 72 69 62 75 74 65 64 20 62 79 20 4f 53 50	subnets.are.redistributed.by.OSP
e3de0	46 20 73 6f 20 74 68 61 74 20 74 68 65 20 53 70 69 6e 65 20 77 69 6c 6c 20 6c 65 61 72 6e 20 68	F.so.that.the.Spine.will.learn.h
e3e00	6f 77 20 74 6f 20 72 65 61 63 68 20 69 74 2e 20 54 6f 20 64 6f 20 74 68 69 73 20 79 6f 75 20 6e	ow.to.reach.it..To.do.this.you.n
e3e20	65 65 64 20 74 6f 20 63 68 61 6e 67 65 20 74 68 65 20 4f 53 50 46 20 6e 65 74 77 6f 72 6b 20 66	eed.to.change.the.OSPF.network.f
e3e40	72 6f 6d 20 27 31 30 2e 30 2e 30 2e 30 2f 38 27 20 74 6f 20 27 30 2e 30 2e 30 2e 30 2f 30 27 20	rom.'10.0.0.0/8'.to.'0.0.0.0/0'.
e3e60	74 6f 20 61 6c 6c 6f 77 20 31 37 32 2e 31 36 2f 31 32 2d 6e 65 74 77 6f 72 6b 73 20 74 6f 20 62	to.allow.172.16/12-networks.to.b
e3e80	65 20 61 64 76 65 72 74 69 73 65 64 2e 00 54 68 69 73 20 63 6f 6d 6d 61 6e 64 73 20 73 70 65 63	e.advertised..This.commands.spec
e3ea0	69 66 69 65 73 20 74 68 65 20 46 69 6e 69 74 65 20 53 74 61 74 65 20 4d 61 63 68 69 6e 65 20 28	ifies.the.Finite.State.Machine.(
e3ec0	46 53 4d 29 20 69 6e 74 65 6e 64 65 64 20 74 6f 20 63 6f 6e 74 72 6f 6c 20 74 68 65 20 74 69 6d	FSM).intended.to.control.the.tim
e3ee0	69 6e 67 20 6f 66 20 74 68 65 20 65 78 65 63 75 74 69 6f 6e 20 6f 66 20 53 50 46 20 63 61 6c 63	ing.of.the.execution.of.SPF.calc
e3f00	75 6c 61 74 69 6f 6e 73 20 69 6e 20 72 65 73 70 6f 6e 73 65 20 74 6f 20 49 47 50 20 65 76 65 6e	ulations.in.response.to.IGP.even
e3f20	74 73 2e 20 54 68 65 20 70 72 6f 63 65 73 73 20 64 65 73 63 72 69 62 65 64 20 69 6e 20 3a 72 66	ts..The.process.described.in.:rf
e3f40	63 3a 60 38 34 30 35 60 2e 00 54 68 69 73 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 65 6e 61	c:`8405`..This.configuration.ena
e3f60	62 6c 65 73 20 74 68 65 20 54 43 50 20 72 65 76 65 72 73 65 20 70 72 6f 78 79 20 66 6f 72 20 74	bles.the.TCP.reverse.proxy.for.t
e3f80	68 65 20 22 6d 79 2d 74 63 70 2d 61 70 69 22 20 73 65 72 76 69 63 65 2e 20 49 6e 63 6f 6d 69 6e	he."my-tcp-api".service..Incomin
e3fa0	67 20 54 43 50 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 6f 6e 20 70 6f 72 74 20 38 38 38 38 20 77	g.TCP.connections.on.port.8888.w
e3fc0	69 6c 6c 20 62 65 20 6c 6f 61 64 20 62 61 6c 61 6e 63 65 64 20 61 63 72 6f 73 73 20 74 68 65 20	ill.be.load.balanced.across.the.
e3fe0	62 61 63 6b 65 6e 64 20 73 65 72 76 65 72 73 20 28 73 72 76 30 31 20 61 6e 64 20 73 72 76 30 32	backend.servers.(srv01.and.srv02
e4000	29 20 75 73 69 6e 67 20 74 68 65 20 72 6f 75 6e 64 2d 72 6f 62 69 6e 20 6c 6f 61 64 2d 62 61 6c	).using.the.round-robin.load-bal
e4020	61 6e 63 69 6e 67 20 61 6c 67 6f 72 69 74 68 6d 2e 00 54 68 69 73 20 63 6f 6e 66 69 67 75 72 61	ancing.algorithm..This.configura
e4040	74 69 6f 6e 20 6c 69 73 74 65 6e 20 6f 6e 20 70 6f 72 74 20 38 30 20 61 6e 64 20 72 65 64 69 72	tion.listen.on.port.80.and.redir
e4060	65 63 74 20 69 6e 63 6f 6d 69 6e 67 20 72 65 71 75 65 73 74 73 20 74 6f 20 48 54 54 50 53 3a 00	ect.incoming.requests.to.HTTPS:.
e4080	54 68 69 73 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6d 6f 64 69 66 69 65 73 20 74 68 65 20	This.configuration.modifies.the.
e40a0	62 65 68 61 76 69 6f 72 20 6f 66 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 73 74 61 74 65 6d 65 6e	behavior.of.the.network.statemen
e40c0	74 2e 20 49 66 20 79 6f 75 20 68 61 76 65 20 74 68 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 74	t..If.you.have.this.configured.t
e40e0	68 65 20 75 6e 64 65 72 6c 79 69 6e 67 20 6e 65 74 77 6f 72 6b 20 6d 75 73 74 20 65 78 69 73 74	he.underlying.network.must.exist
e4100	20 69 6e 20 74 68 65 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 2e 00 54 68 69 73 20 63 6f 6e 66	.in.the.routing.table..This.conf
e4120	69 67 75 72 61 74 69 6f 6e 20 70 61 72 61 6d 65 74 65 72 20 6c 65 74 73 20 74 68 65 20 44 48 43	iguration.parameter.lets.the.DHC
e4140	50 20 73 65 72 76 65 72 20 74 6f 20 6c 69 73 74 65 6e 20 66 6f 72 20 44 48 43 50 20 72 65 71 75	P.server.to.listen.for.DHCP.requ
e4160	65 73 74 73 20 73 65 6e 74 20 74 6f 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 61 64 64 72 65	ests.sent.to.the.specified.addre
e4180	73 73 2c 20 69 74 20 69 73 20 6f 6e 6c 79 20 72 65 61 6c 69 73 74 69 63 61 6c 6c 79 20 75 73 65	ss,.it.is.only.realistically.use
e41a0	66 75 6c 20 66 6f 72 20 61 20 73 65 72 76 65 72 20 77 68 6f 73 65 20 6f 6e 6c 79 20 63 6c 69 65	ful.for.a.server.whose.only.clie
e41c0	6e 74 73 20 61 72 65 20 72 65 61 63 68 65 64 20 76 69 61 20 75 6e 69 63 61 73 74 73 2c 20 73 75	nts.are.reached.via.unicasts,.su
e41e0	63 68 20 61 73 20 76 69 61 20 44 48 43 50 20 72 65 6c 61 79 20 61 67 65 6e 74 73 2e 00 54 68 69	ch.as.via.DHCP.relay.agents..Thi
e4200	73 20 63 6f 75 6c 64 20 62 65 20 68 65 6c 70 66 75 6c 20 69 66 20 79 6f 75 20 77 61 6e 74 20 74	s.could.be.helpful.if.you.want.t
e4220	6f 20 74 65 73 74 20 68 6f 77 20 61 6e 20 61 70 70 6c 69 63 61 74 69 6f 6e 20 62 65 68 61 76 65	o.test.how.an.application.behave
e4240	73 20 75 6e 64 65 72 20 63 65 72 74 61 69 6e 20 6e 65 74 77 6f 72 6b 20 63 6f 6e 64 69 74 69 6f	s.under.certain.network.conditio
e4260	6e 73 2e 00 54 68 69 73 20 63 72 65 61 74 65 73 20 61 20 72 6f 75 74 65 20 70 6f 6c 69 63 79 20	ns..This.creates.a.route.policy.
e4280	63 61 6c 6c 65 64 20 46 49 4c 54 45 52 2d 57 45 42 20 77 69 74 68 20 6f 6e 65 20 72 75 6c 65 20	called.FILTER-WEB.with.one.rule.
e42a0	74 6f 20 73 65 74 20 74 68 65 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 20 66 6f 72 20 6d 61 74	to.set.the.routing.table.for.mat
e42c0	63 68 69 6e 67 20 74 72 61 66 66 69 63 20 28 54 43 50 20 70 6f 72 74 20 38 30 29 20 74 6f 20 74	ching.traffic.(TCP.port.80).to.t
e42e0	61 62 6c 65 20 49 44 20 31 30 30 20 69 6e 73 74 65 61 64 20 6f 66 20 74 68 65 20 64 65 66 61 75	able.ID.100.instead.of.the.defau
e4300	6c 74 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 2e 00 54 68 69 73 20 64 65 66 61 75 6c 74 73 20	lt.routing.table..This.defaults.
e4320	74 6f 20 31 30 30 30 30 2e 00 54 68 69 73 20 64 65 66 61 75 6c 74 73 20 74 6f 20 31 38 31 32 2e	to.10000..This.defaults.to.1812.
e4340	00 54 68 69 73 20 64 65 66 61 75 6c 74 73 20 74 6f 20 32 30 30 37 2e 00 54 68 69 73 20 64 65 66	.This.defaults.to.2007..This.def
e4360	61 75 6c 74 73 20 74 6f 20 33 30 20 73 65 63 6f 6e 64 73 2e 00 54 68 69 73 20 64 65 66 61 75 6c	aults.to.30.seconds..This.defaul
e4380	74 73 20 74 6f 20 33 30 30 20 73 65 63 6f 6e 64 73 2e 00 54 68 69 73 20 64 65 66 61 75 6c 74 73	ts.to.300.seconds..This.defaults
e43a0	20 74 6f 20 34 39 2e 00 54 68 69 73 20 64 65 66 61 75 6c 74 73 20 74 6f 20 35 2e 00 54 68 69 73	.to.49..This.defaults.to.5..This
e43c0	20 64 65 66 61 75 6c 74 73 20 74 6f 20 55 44 50 00 54 68 69 73 20 64 65 66 61 75 6c 74 73 20 74	.defaults.to.UDP.This.defaults.t
e43e0	6f 20 70 68 79 30 2e 00 54 68 69 73 20 64 65 70 65 6e 64 73 20 6f 6e 20 74 68 65 20 64 72 69 76	o.phy0..This.depends.on.the.driv
e4400	65 72 20 63 61 70 61 62 69 6c 69 74 69 65 73 20 61 6e 64 20 6d 61 79 20 6e 6f 74 20 62 65 20 61	er.capabilities.and.may.not.be.a
e4420	76 61 69 6c 61 62 6c 65 20 77 69 74 68 20 61 6c 6c 20 64 72 69 76 65 72 73 2e 00 54 68 69 73 20	vailable.with.all.drivers..This.
e4440	64 69 61 62 6c 65 20 74 68 65 20 65 78 74 65 72 6e 61 6c 20 63 61 63 68 65 20 61 6e 64 20 64 69	diable.the.external.cache.and.di
e4460	72 65 63 74 6c 79 20 69 6e 6a 65 63 74 73 20 74 68 65 20 66 6c 6f 77 2d 73 74 61 74 65 73 20 69	rectly.injects.the.flow-states.i
e4480	6e 74 6f 20 74 68 65 20 69 6e 2d 6b 65 72 6e 65 6c 20 43 6f 6e 6e 65 63 74 69 6f 6e 20 54 72 61	nto.the.in-kernel.Connection.Tra
e44a0	63 6b 69 6e 67 20 53 79 73 74 65 6d 20 6f 66 20 74 68 65 20 62 61 63 6b 75 70 20 66 69 72 65 77	cking.System.of.the.backup.firew
e44c0	61 6c 6c 2e 00 54 68 69 73 20 64 69 61 67 72 61 6d 20 63 6f 72 72 65 73 70 6f 6e 64 73 20 77 69	all..This.diagram.corresponds.wi
e44e0	74 68 20 74 68 65 20 65 78 61 6d 70 6c 65 20 73 69 74 65 20 74 6f 20 73 69 74 65 20 63 6f 6e 66	th.the.example.site.to.site.conf
e4500	69 67 75 72 61 74 69 6f 6e 20 62 65 6c 6f 77 2e 00 54 68 69 73 20 65 6e 61 62 6c 65 73 20 3a 72	iguration.below..This.enables.:r
e4520	66 63 3a 60 33 31 33 37 60 20 73 75 70 70 6f 72 74 2c 20 77 68 65 72 65 20 74 68 65 20 4f 53 50	fc:`3137`.support,.where.the.OSP
e4540	46 20 70 72 6f 63 65 73 73 20 64 65 73 63 72 69 62 65 73 20 69 74 73 20 74 72 61 6e 73 69 74 20	F.process.describes.its.transit.
e4560	6c 69 6e 6b 73 20 69 6e 20 69 74 73 20 72 6f 75 74 65 72 2d 4c 53 41 20 61 73 20 68 61 76 69 6e	links.in.its.router-LSA.as.havin
e4580	67 20 69 6e 66 69 6e 69 74 65 20 64 69 73 74 61 6e 63 65 20 73 6f 20 74 68 61 74 20 6f 74 68 65	g.infinite.distance.so.that.othe
e45a0	72 20 72 6f 75 74 65 72 73 20 77 69 6c 6c 20 61 76 6f 69 64 20 63 61 6c 63 75 6c 61 74 69 6e 67	r.routers.will.avoid.calculating
e45c0	20 74 72 61 6e 73 69 74 20 70 61 74 68 73 20 74 68 72 6f 75 67 68 20 74 68 65 20 72 6f 75 74 65	.transit.paths.through.the.route
e45e0	72 20 77 68 69 6c 65 20 73 74 69 6c 6c 20 62 65 69 6e 67 20 61 62 6c 65 20 74 6f 20 72 65 61 63	r.while.still.being.able.to.reac
e4600	68 20 6e 65 74 77 6f 72 6b 73 20 74 68 72 6f 75 67 68 20 74 68 65 20 72 6f 75 74 65 72 2e 00 54	h.networks.through.the.router..T
e4620	68 69 73 20 65 6e 61 62 6c 65 73 20 74 68 65 20 67 72 65 65 6e 66 69 65 6c 64 20 6f 70 74 69 6f	his.enables.the.greenfield.optio
e4640	6e 20 77 68 69 63 68 20 73 65 74 73 20 74 68 65 20 60 60 5b 47 46 5d 60 60 20 6f 70 74 69 6f 6e	n.which.sets.the.``[GF]``.option
e4660	00 54 68 69 73 20 65 73 74 61 62 6c 69 73 68 65 73 20 6f 75 72 20 50 6f 72 74 20 46 6f 72 77 61	.This.establishes.our.Port.Forwa
e4680	72 64 20 72 75 6c 65 2c 20 62 75 74 20 69 66 20 77 65 20 63 72 65 61 74 65 64 20 61 20 66 69 72	rd.rule,.but.if.we.created.a.fir
e46a0	65 77 61 6c 6c 20 70 6f 6c 69 63 79 20 69 74 20 77 69 6c 6c 20 6c 69 6b 65 6c 79 20 62 6c 6f 63	ewall.policy.it.will.likely.bloc
e46c0	6b 20 74 68 65 20 74 72 61 66 66 69 63 2e 00 54 68 69 73 20 65 78 61 6d 70 6c 65 20 73 68 6f 77	k.the.traffic..This.example.show
e46e0	73 20 68 6f 77 20 74 6f 20 74 61 72 67 65 74 20 61 6e 20 4d 53 53 20 63 6c 61 6d 70 20 28 69 6e	s.how.to.target.an.MSS.clamp.(in
e4700	20 6f 75 72 20 65 78 61 6d 70 6c 65 20 74 6f 20 31 33 36 30 20 62 79 74 65 73 29 20 74 6f 20 61	.our.example.to.1360.bytes).to.a
e4720	20 73 70 65 63 69 66 69 63 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 49 50 2e 00 54 68 69 73 20 66	.specific.destination.IP..This.f
e4740	65 61 74 75 72 65 20 73 75 6d 6d 61 72 69 73 65 73 20 6f 72 69 67 69 6e 61 74 65 64 20 65 78 74	eature.summarises.originated.ext
e4760	65 72 6e 61 6c 20 4c 53 41 73 20 28 54 79 70 65 2d 35 20 61 6e 64 20 54 79 70 65 2d 37 29 2e 20	ernal.LSAs.(Type-5.and.Type-7)..
e4780	53 75 6d 6d 61 72 79 20 52 6f 75 74 65 20 77 69 6c 6c 20 62 65 20 6f 72 69 67 69 6e 61 74 65 64	Summary.Route.will.be.originated
e47a0	20 6f 6e 2d 62 65 68 61 6c 66 20 6f 66 20 61 6c 6c 20 6d 61 74 63 68 65 64 20 65 78 74 65 72 6e	.on-behalf.of.all.matched.extern
e47c0	61 6c 20 4c 53 41 73 2e 00 54 68 69 73 20 66 75 6e 63 74 69 6f 6e 73 20 66 6f 72 20 62 6f 74 68	al.LSAs..This.functions.for.both
e47e0	20 69 6e 64 69 76 69 64 75 61 6c 20 61 64 64 72 65 73 73 65 73 20 61 6e 64 20 61 64 64 72 65 73	.individual.addresses.and.addres
e4800	73 20 67 72 6f 75 70 73 2e 00 54 68 69 73 20 67 69 76 65 73 20 75 73 20 49 47 50 2d 4c 44 50 20	s.groups..This.gives.us.IGP-LDP.
e4820	73 79 6e 63 68 72 6f 6e 69 7a 61 74 69 6f 6e 20 66 6f 72 20 61 6c 6c 20 6e 6f 6e 2d 6c 6f 6f 70	synchronization.for.all.non-loop
e4840	62 61 63 6b 20 69 6e 74 65 72 66 61 63 65 73 20 77 69 74 68 20 61 20 68 6f 6c 64 64 6f 77 6e 20	back.interfaces.with.a.holddown.
e4860	74 69 6d 65 72 20 6f 66 20 7a 65 72 6f 20 73 65 63 6f 6e 64 73 3a 00 54 68 69 73 20 67 69 76 65	timer.of.zero.seconds:.This.give
e4880	73 20 75 73 20 4d 50 4c 53 20 73 65 67 6d 65 6e 74 20 72 6f 75 74 69 6e 67 20 65 6e 61 62 6c 65	s.us.MPLS.segment.routing.enable
e48a0	64 20 61 6e 64 20 6c 61 62 65 6c 73 20 66 6f 72 20 66 61 72 20 65 6e 64 20 6c 6f 6f 70 62 61 63	d.and.labels.for.far.end.loopbac
e48c0	6b 73 3a 00 54 68 69 73 20 67 69 76 65 73 20 75 73 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20	ks:.This.gives.us.the.following.
e48e0	6e 65 69 67 68 62 6f 72 73 68 69 70 73 2c 20 4c 65 76 65 6c 20 31 20 61 6e 64 20 4c 65 76 65 6c	neighborships,.Level.1.and.Level
e4900	20 32 3a 00 54 68 69 73 20 69 6e 73 74 72 75 63 74 73 20 6f 70 65 6e 6e 68 72 70 20 74 6f 20 72	.2:.This.instructs.opennhrp.to.r
e4920	65 70 6c 79 20 77 69 74 68 20 61 75 74 68 6f 72 61 74 69 76 65 20 61 6e 73 77 65 72 73 20 6f 6e	eply.with.authorative.answers.on
e4940	20 4e 48 52 50 20 52 65 73 6f 6c 75 74 69 6f 6e 20 52 65 71 75 65 73 74 73 20 64 65 73 74 69 6e	.NHRP.Resolution.Requests.destin
e4960	69 65 64 20 74 6f 20 61 64 64 72 65 73 73 65 73 20 69 6e 20 74 68 69 73 20 69 6e 74 65 72 66 61	ied.to.addresses.in.this.interfa
e4980	63 65 20 28 69 6e 73 74 65 61 64 20 6f 66 20 66 6f 72 77 61 72 64 69 6e 67 20 74 68 65 20 70 61	ce.(instead.of.forwarding.the.pa
e49a0	63 6b 65 74 73 29 2e 20 54 68 69 73 20 65 66 66 65 63 74 69 76 65 6c 79 20 61 6c 6c 6f 77 73 20	ckets)..This.effectively.allows.
e49c0	74 68 65 20 63 72 65 61 74 69 6f 6e 20 6f 66 20 73 68 6f 72 74 63 75 74 20 72 6f 75 74 65 73 20	the.creation.of.shortcut.routes.
e49e0	74 6f 20 73 75 62 6e 65 74 73 20 6c 6f 63 61 74 65 64 20 6f 6e 20 74 68 65 20 69 6e 74 65 72 66	to.subnets.located.on.the.interf
e4a00	61 63 65 2e 00 54 68 69 73 20 69 73 20 61 20 63 6f 6d 6d 6f 6e 20 73 63 65 6e 61 72 69 6f 20 77	ace..This.is.a.common.scenario.w
e4a20	68 65 72 65 20 62 6f 74 68 20 3a 72 65 66 3a 60 73 6f 75 72 63 65 2d 6e 61 74 60 20 61 6e 64 20	here.both.:ref:`source-nat`.and.
e4a40	3a 72 65 66 3a 60 64 65 73 74 69 6e 61 74 69 6f 6e 2d 6e 61 74 60 20 61 72 65 20 63 6f 6e 66 69	:ref:`destination-nat`.are.confi
e4a60	67 75 72 65 64 20 61 74 20 74 68 65 20 73 61 6d 65 20 74 69 6d 65 2e 20 49 74 27 73 20 63 6f 6d	gured.at.the.same.time..It's.com
e4a80	6d 6f 6e 6c 79 20 75 73 65 64 20 77 68 65 6e 20 69 6e 74 65 72 6e 61 6c 20 28 70 72 69 76 61 74	monly.used.when.internal.(privat
e4aa0	65 29 20 68 6f 73 74 73 20 6e 65 65 64 20 74 6f 20 65 73 74 61 62 6c 69 73 68 20 61 20 63 6f 6e	e).hosts.need.to.establish.a.con
e4ac0	6e 65 63 74 69 6f 6e 20 77 69 74 68 20 65 78 74 65 72 6e 61 6c 20 72 65 73 6f 75 72 63 65 73 20	nection.with.external.resources.
e4ae0	61 6e 64 20 65 78 74 65 72 6e 61 6c 20 73 79 73 74 65 6d 73 20 6e 65 65 64 20 74 6f 20 61 63 63	and.external.systems.need.to.acc
e4b00	65 73 73 20 69 6e 74 65 72 6e 61 6c 20 28 70 72 69 76 61 74 65 29 20 72 65 73 6f 75 72 63 65 73	ess.internal.(private).resources
e4b20	2e 00 54 68 69 73 20 69 73 20 61 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 70 61 72 61 6d 65	..This.is.a.configuration.parame
e4b40	74 65 72 20 66 6f 72 20 74 68 65 20 60 3c 73 75 62 6e 65 74 3e 60 2c 20 73 61 79 69 6e 67 20 74	ter.for.the.`<subnet>`,.saying.t
e4b60	68 61 74 20 61 73 20 70 61 72 74 20 6f 66 20 74 68 65 20 72 65 73 70 6f 6e 73 65 2c 20 74 65 6c	hat.as.part.of.the.response,.tel
e4b80	6c 20 74 68 65 20 63 6c 69 65 6e 74 20 74 68 61 74 20 74 68 65 20 64 65 66 61 75 6c 74 20 67 61	l.the.client.that.the.default.ga
e4ba0	74 65 77 61 79 20 63 61 6e 20 62 65 20 72 65 61 63 68 65 64 20 61 74 20 60 3c 61 64 64 72 65 73	teway.can.be.reached.at.`<addres
e4bc0	73 3e 60 2e 00 54 68 69 73 20 69 73 20 61 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 70 61 72	s>`..This.is.a.configuration.par
e4be0	61 6d 65 74 65 72 20 66 6f 72 20 74 68 65 20 73 75 62 6e 65 74 2c 20 73 61 79 69 6e 67 20 74 68	ameter.for.the.subnet,.saying.th
e4c00	61 74 20 61 73 20 70 61 72 74 20 6f 66 20 74 68 65 20 72 65 73 70 6f 6e 73 65 2c 20 74 65 6c 6c	at.as.part.of.the.response,.tell
e4c20	20 74 68 65 20 63 6c 69 65 6e 74 20 74 68 61 74 20 74 68 65 20 44 4e 53 20 73 65 72 76 65 72 20	.the.client.that.the.DNS.server.
e4c40	63 61 6e 20 62 65 20 66 6f 75 6e 64 20 61 74 20 60 3c 61 64 64 72 65 73 73 3e 60 2e 00 54 68 69	can.be.found.at.`<address>`..Thi
e4c60	73 20 69 73 20 61 20 6d 61 6e 64 61 74 6f 72 79 20 63 6f 6d 6d 61 6e 64 2e 20 53 65 74 73 20 72	s.is.a.mandatory.command..Sets.r
e4c80	65 67 75 6c 61 72 20 65 78 70 72 65 73 73 69 6f 6e 20 74 6f 20 6d 61 74 63 68 20 61 67 61 69 6e	egular.expression.to.match.again
e4ca0	73 74 20 6c 6f 67 20 73 74 72 69 6e 67 20 6d 65 73 73 61 67 65 2e 00 54 68 69 73 20 69 73 20 61	st.log.string.message..This.is.a
e4cc0	20 6d 61 6e 64 61 74 6f 72 79 20 63 6f 6d 6d 61 6e 64 2e 20 53 65 74 73 20 74 68 65 20 66 75 6c	.mandatory.command..Sets.the.ful
e4ce0	6c 20 70 61 74 68 20 74 6f 20 74 68 65 20 73 63 72 69 70 74 2e 20 54 68 65 20 73 63 72 69 70 74	l.path.to.the.script..The.script
e4d00	20 66 69 6c 65 20 6d 75 73 74 20 62 65 20 65 78 65 63 75 74 61 62 6c 65 2e 00 54 68 69 73 20 69	.file.must.be.executable..This.i
e4d20	73 20 61 20 6d 61 6e 64 61 74 6f 72 79 20 73 65 74 74 69 6e 67 2e 00 54 68 69 73 20 69 73 20 61	s.a.mandatory.setting..This.is.a
e4d40	63 68 69 65 76 65 64 20 62 79 20 75 73 69 6e 67 20 74 68 65 20 66 69 72 73 74 20 74 68 72 65 65	chieved.by.using.the.first.three
e4d60	20 62 69 74 73 20 6f 66 20 74 68 65 20 54 6f 53 20 28 54 79 70 65 20 6f 66 20 53 65 72 76 69 63	.bits.of.the.ToS.(Type.of.Servic
e4d80	65 29 20 66 69 65 6c 64 20 74 6f 20 63 61 74 65 67 6f 72 69 7a 65 20 64 61 74 61 20 73 74 72 65	e).field.to.categorize.data.stre
e4da0	61 6d 73 20 61 6e 64 2c 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 74 68 65 20	ams.and,.in.accordance.with.the.
e4dc0	64 65 66 69 6e 65 64 20 70 72 65 63 65 64 65 6e 63 65 20 70 61 72 61 6d 65 74 65 72 73 2c 20 61	defined.precedence.parameters,.a
e4de0	20 64 65 63 69 73 69 6f 6e 20 69 73 20 6d 61 64 65 2e 00 54 68 69 73 20 69 73 20 61 6c 73 6f 20	.decision.is.made..This.is.also.
e4e00	6b 6e 6f 77 6e 20 61 73 20 74 68 65 20 48 55 42 73 20 49 50 20 61 64 64 72 65 73 73 20 6f 72 20	known.as.the.HUBs.IP.address.or.
e4e20	46 51 44 4e 2e 00 54 68 69 73 20 69 73 20 61 6e 20 6f 70 74 69 6f 6e 61 6c 20 63 6f 6d 6d 61 6e	FQDN..This.is.an.optional.comman
e4e40	64 20 62 65 63 61 75 73 65 20 74 68 65 20 65 76 65 6e 74 20 68 61 6e 64 6c 65 72 20 77 69 6c 6c	d.because.the.event.handler.will
e4e60	20 62 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 63 72 65 61 74 65 64 20 61 66 74 65 72 20	.be.automatically.created.after.
e4e80	61 6e 79 20 6f 66 20 74 68 65 20 6e 65 78 74 20 63 6f 6d 6d 61 6e 64 73 2e 00 54 68 69 73 20 69	any.of.the.next.commands..This.i
e4ea0	73 20 61 6e 20 6f 70 74 69 6f 6e 61 6c 20 63 6f 6d 6d 61 6e 64 2e 20 41 64 64 73 20 61 72 67 75	s.an.optional.command..Adds.argu
e4ec0	6d 65 6e 74 73 20 74 6f 20 74 68 65 20 73 63 72 69 70 74 2e 20 41 72 67 75 6d 65 6e 74 73 20 6d	ments.to.the.script..Arguments.m
e4ee0	75 73 74 20 62 65 20 73 65 70 61 72 61 74 65 64 20 62 79 20 73 70 61 63 65 73 2e 00 54 68 69 73	ust.be.separated.by.spaces..This
e4f00	20 69 73 20 61 6e 20 6f 70 74 69 6f 6e 61 6c 20 63 6f 6d 6d 61 6e 64 2e 20 41 64 64 73 20 65 6e	.is.an.optional.command..Adds.en
e4f20	76 69 72 6f 6e 6d 65 6e 74 20 61 6e 64 20 69 74 73 20 76 61 6c 75 65 20 74 6f 20 74 68 65 20 73	vironment.and.its.value.to.the.s
e4f40	63 72 69 70 74 2e 20 55 73 65 20 73 65 70 61 72 61 74 65 20 63 6f 6d 6d 61 6e 64 73 20 66 6f 72	cript..Use.separate.commands.for
e4f60	20 65 61 63 68 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 00 54 68 69 73 20 69 73 20 61 6e 20 6f 70	.each.environment..This.is.an.op
e4f80	74 69 6f 6e 61 6c 20 63 6f 6d 6d 61 6e 64 2e 20 46 69 6c 74 65 72 73 20 6c 6f 67 20 6d 65 73 73	tional.command..Filters.log.mess
e4fa0	61 67 65 73 20 62 79 20 73 79 73 6c 6f 67 2d 69 64 65 6e 74 69 66 69 65 72 2e 00 54 68 69 73 20	ages.by.syslog-identifier..This.
e4fc0	69 73 20 64 6f 6e 65 20 74 6f 20 73 75 70 70 6f 72 74 20 28 65 74 68 65 72 6e 65 74 29 20 73 77	is.done.to.support.(ethernet).sw
e4fe0	69 74 63 68 20 66 65 61 74 75 72 65 73 2c 20 6c 69 6b 65 20 3a 72 66 63 3a 60 33 30 36 39 60 2c	itch.features,.like.:rfc:`3069`,
e5000	20 77 68 65 72 65 20 74 68 65 20 69 6e 64 69 76 69 64 75 61 6c 20 70 6f 72 74 73 20 61 72 65 20	.where.the.individual.ports.are.
e5020	4e 4f 54 20 61 6c 6c 6f 77 65 64 20 74 6f 20 63 6f 6d 6d 75 6e 69 63 61 74 65 20 77 69 74 68 20	NOT.allowed.to.communicate.with.
e5040	65 61 63 68 20 6f 74 68 65 72 2c 20 62 75 74 20 74 68 65 79 20 61 72 65 20 61 6c 6c 6f 77 65 64	each.other,.but.they.are.allowed
e5060	20 74 6f 20 74 61 6c 6b 20 74 6f 20 74 68 65 20 75 70 73 74 72 65 61 6d 20 72 6f 75 74 65 72 2e	.to.talk.to.the.upstream.router.
e5080	20 41 73 20 64 65 73 63 72 69 62 65 64 20 69 6e 20 3a 72 66 63 3a 60 33 30 36 39 60 2c 20 69 74	.As.described.in.:rfc:`3069`,.it
e50a0	20 69 73 20 70 6f 73 73 69 62 6c 65 20 74 6f 20 61 6c 6c 6f 77 20 74 68 65 73 65 20 68 6f 73 74	.is.possible.to.allow.these.host
e50c0	73 20 74 6f 20 63 6f 6d 6d 75 6e 69 63 61 74 65 20 74 68 72 6f 75 67 68 20 74 68 65 20 75 70 73	s.to.communicate.through.the.ups
e50e0	74 72 65 61 6d 20 72 6f 75 74 65 72 20 62 79 20 70 72 6f 78 79 5f 61 72 70 27 69 6e 67 2e 00 54	tream.router.by.proxy_arp'ing..T
e5100	68 69 73 20 69 73 20 65 73 70 65 63 69 61 6c 6c 79 20 75 73 65 66 75 6c 20 66 6f 72 20 74 68 65	his.is.especially.useful.for.the
e5120	20 75 70 73 74 72 65 61 6d 20 69 6e 74 65 72 66 61 63 65 2c 20 73 69 6e 63 65 20 74 68 65 20 73	.upstream.interface,.since.the.s
e5140	6f 75 72 63 65 20 66 6f 72 20 6d 75 6c 74 69 63 61 73 74 20 74 72 61 66 66 69 63 20 69 73 20 6f	ource.for.multicast.traffic.is.o
e5160	66 74 65 6e 20 66 72 6f 6d 20 61 20 72 65 6d 6f 74 65 20 6c 6f 63 61 74 69 6f 6e 2e 00 54 68 69	ften.from.a.remote.location..Thi
e5180	73 20 69 73 20 6f 6e 65 20 6f 66 20 74 68 65 20 73 69 6d 70 6c 65 73 74 20 74 79 70 65 73 20 6f	s.is.one.of.the.simplest.types.o
e51a0	66 20 74 75 6e 6e 65 6c 73 2c 20 61 73 20 64 65 66 69 6e 65 64 20 62 79 20 3a 72 66 63 3a 60 32	f.tunnels,.as.defined.by.:rfc:`2
e51c0	30 30 33 60 2e 20 49 74 20 74 61 6b 65 73 20 61 6e 20 49 50 76 34 20 70 61 63 6b 65 74 20 61 6e	003`..It.takes.an.IPv4.packet.an
e51e0	64 20 73 65 6e 64 73 20 69 74 20 61 73 20 61 20 70 61 79 6c 6f 61 64 20 6f 66 20 61 6e 6f 74 68	d.sends.it.as.a.payload.of.anoth
e5200	65 72 20 49 50 76 34 20 70 61 63 6b 65 74 2e 20 46 6f 72 20 74 68 69 73 20 72 65 61 73 6f 6e 2c	er.IPv4.packet..For.this.reason,
e5220	20 74 68 65 72 65 20 61 72 65 20 6e 6f 20 6f 74 68 65 72 20 63 6f 6e 66 69 67 75 72 61 74 69 6f	.there.are.no.other.configuratio
e5240	6e 20 6f 70 74 69 6f 6e 73 20 66 6f 72 20 74 68 69 73 20 6b 69 6e 64 20 6f 66 20 74 75 6e 6e 65	n.options.for.this.kind.of.tunne
e5260	6c 2e 00 54 68 69 73 20 69 73 20 6f 70 74 69 6f 6e 61 6c 2e 00 54 68 69 73 20 69 73 20 73 69 6d	l..This.is.optional..This.is.sim
e5280	69 6c 61 72 20 74 6f 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 67 72 6f 75 70 73 20 70 61 72 74 2c	ilar.to.the.network.groups.part,
e52a0	20 62 75 74 20 68 65 72 65 20 79 6f 75 20 61 72 65 20 61 62 6c 65 20 74 6f 20 6e 65 67 61 74 65	.but.here.you.are.able.to.negate
e52c0	20 74 68 65 20 6d 61 74 63 68 69 6e 67 20 61 64 64 72 65 73 73 65 73 2e 00 54 68 69 73 20 69 73	.the.matching.addresses..This.is
e52e0	20 74 68 65 20 49 50 76 36 20 63 6f 75 6e 74 65 72 70 61 72 74 20 6f 66 20 49 50 49 50 2e 20 49	.the.IPv6.counterpart.of.IPIP..I
e5300	27 6d 20 6e 6f 74 20 61 77 61 72 65 20 6f 66 20 61 6e 20 52 46 43 20 74 68 61 74 20 64 65 66 69	'm.not.aware.of.an.RFC.that.defi
e5320	6e 65 73 20 74 68 69 73 20 65 6e 63 61 70 73 75 6c 61 74 69 6f 6e 20 73 70 65 63 69 66 69 63 61	nes.this.encapsulation.specifica
e5340	6c 6c 79 2c 20 62 75 74 20 69 74 27 73 20 61 20 6e 61 74 75 72 61 6c 20 73 70 65 63 69 66 69 63	lly,.but.it's.a.natural.specific
e5360	20 63 61 73 65 20 6f 66 20 49 50 76 36 20 65 6e 63 61 70 73 75 6c 61 74 69 6f 6e 20 6d 65 63 68	.case.of.IPv6.encapsulation.mech
e5380	61 6e 69 73 6d 73 20 64 65 73 63 72 69 62 65 64 20 69 6e 20 3a 72 66 63 3a 32 34 37 33 60 2e 00	anisms.described.in.:rfc:2473`..
e53a0	54 68 69 73 20 69 73 20 74 68 65 20 4c 41 4e 20 65 78 74 65 6e 73 69 6f 6e 20 75 73 65 20 63 61	This.is.the.LAN.extension.use.ca
e53c0	73 65 2e 20 54 68 65 20 65 74 68 30 20 70 6f 72 74 20 6f 66 20 74 68 65 20 64 69 73 74 61 6e 74	se..The.eth0.port.of.the.distant
e53e0	20 56 50 4e 20 70 65 65 72 73 20 77 69 6c 6c 20 62 65 20 64 69 72 65 63 74 6c 79 20 63 6f 6e 6e	.VPN.peers.will.be.directly.conn
e5400	65 63 74 65 64 20 6c 69 6b 65 20 69 66 20 74 68 65 72 65 20 77 61 73 20 61 20 73 77 69 74 63 68	ected.like.if.there.was.a.switch
e5420	20 62 65 74 77 65 65 6e 20 74 68 65 6d 2e 00 54 68 69 73 20 69 73 20 74 68 65 20 4c 43 44 20 6d	.between.them..This.is.the.LCD.m
e5440	6f 64 65 6c 20 75 73 65 64 20 69 6e 20 79 6f 75 72 20 73 79 73 74 65 6d 2e 00 54 68 69 73 20 69	odel.used.in.your.system..This.i
e5460	73 20 74 68 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 70 61 72 61 6d 65 74 65 72 20 66 6f	s.the.configuration.parameter.fo
e5480	72 20 74 68 65 20 65 6e 74 69 72 65 20 73 68 61 72 65 64 20 6e 65 74 77 6f 72 6b 20 64 65 66 69	r.the.entire.shared.network.defi
e54a0	6e 69 74 69 6f 6e 2e 20 41 6c 6c 20 73 75 62 6e 65 74 73 20 77 69 6c 6c 20 69 6e 68 65 72 69 74	nition..All.subnets.will.inherit
e54c0	20 74 68 69 73 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 69 74 65 6d 20 69 66 20 6e 6f 74 20	.this.configuration.item.if.not.
e54e0	73 70 65 63 69 66 69 65 64 20 6c 6f 63 61 6c 6c 79 2e 00 54 68 69 73 20 69 73 20 74 68 65 20 65	specified.locally..This.is.the.e
e5500	71 75 69 76 61 6c 65 6e 74 20 6f 66 20 74 68 65 20 68 6f 73 74 20 62 6c 6f 63 6b 20 69 6e 20 64	quivalent.of.the.host.block.in.d
e5520	68 63 70 64 2e 63 6f 6e 66 20 6f 66 20 69 73 63 2d 64 68 63 70 64 2e 00 54 68 69 73 20 69 73 20	hcpd.conf.of.isc-dhcpd..This.is.
e5540	74 68 65 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 70 68 79 73 69 63 61 6c 20 69 6e 74 65 72 66 61	the.name.of.the.physical.interfa
e5560	63 65 20 75 73 65 64 20 74 6f 20 63 6f 6e 6e 65 63 74 20 74 6f 20 79 6f 75 72 20 4c 43 44 20 64	ce.used.to.connect.to.your.LCD.d
e5580	69 73 70 6c 61 79 2e 20 54 61 62 20 63 6f 6d 70 6c 65 74 69 6f 6e 20 69 73 20 73 75 70 70 6f 72	isplay..Tab.completion.is.suppor
e55a0	74 65 64 20 61 6e 64 20 69 74 20 77 69 6c 6c 20 6c 69 73 74 20 79 6f 75 20 61 6c 6c 20 61 76 61	ted.and.it.will.list.you.all.ava
e55c0	69 6c 61 62 6c 65 20 73 65 72 69 61 6c 20 69 6e 74 65 72 66 61 63 65 2e 00 54 68 69 73 20 69 73	ilable.serial.interface..This.is
e55e0	20 74 68 65 20 70 6f 6c 69 63 79 20 74 68 61 74 20 72 65 71 75 69 65 72 65 73 20 74 68 65 20 6c	.the.policy.that.requieres.the.l
e5600	6f 77 65 73 74 20 72 65 73 6f 75 72 63 65 73 20 66 6f 72 20 74 68 65 20 73 61 6d 65 20 61 6d 6f	owest.resources.for.the.same.amo
e5620	75 6e 74 20 6f 66 20 74 72 61 66 66 69 63 2e 20 42 75 74 20 2a 2a 76 65 72 79 20 6c 69 6b 65 6c	unt.of.traffic..But.**very.likel
e5640	79 20 79 6f 75 20 64 6f 20 6e 6f 74 20 6e 65 65 64 20 69 74 20 61 73 20 79 6f 75 20 63 61 6e 6e	y.you.do.not.need.it.as.you.cann
e5660	6f 74 20 67 65 74 20 6d 75 63 68 20 66 72 6f 6d 20 69 74 2e 20 53 6f 6d 65 74 69 6d 65 73 20 69	ot.get.much.from.it..Sometimes.i
e5680	74 20 69 73 20 75 73 65 64 20 6a 75 73 74 20 74 6f 20 65 6e 61 62 6c 65 20 6c 6f 67 67 69 6e 67	t.is.used.just.to.enable.logging
e56a0	2e 2a 2a 00 54 68 69 73 20 69 73 20 75 73 65 66 75 6c 2c 20 66 6f 72 20 65 78 61 6d 70 6c 65 2c	.**.This.is.useful,.for.example,
e56c0	20 69 6e 20 63 6f 6d 62 69 6e 61 74 69 6f 6e 20 77 69 74 68 20 68 6f 73 74 66 69 6c 65 20 75 70	.in.combination.with.hostfile.up
e56e0	64 61 74 65 2e 00 54 68 69 73 20 69 73 20 77 68 65 72 65 20 22 55 44 50 20 62 72 6f 61 64 63 61	date..This.is.where."UDP.broadca
e5700	73 74 20 72 65 6c 61 79 22 20 63 6f 6d 65 73 20 69 6e 74 6f 20 70 6c 61 79 21 20 49 74 20 77 69	st.relay".comes.into.play!.It.wi
e5720	6c 6c 20 66 6f 72 77 61 72 64 20 72 65 63 65 69 76 65 64 20 62 72 6f 61 64 63 61 73 74 73 20 74	ll.forward.received.broadcasts.t
e5740	6f 20 6f 74 68 65 72 20 63 6f 6e 66 69 67 75 72 65 64 20 6e 65 74 77 6f 72 6b 73 2e 00 54 68 69	o.other.configured.networks..Thi
e5760	73 20 6d 61 6b 65 73 20 74 68 65 20 73 65 72 76 65 72 20 61 75 74 68 6f 72 69 74 61 74 69 76 65	s.makes.the.server.authoritative
e5780	6c 79 20 6e 6f 74 20 61 77 61 72 65 20 6f 66 3a 20 31 30 2e 69 6e 2d 61 64 64 72 2e 61 72 70 61	ly.not.aware.of:.10.in-addr.arpa
e57a0	2c 20 31 36 38 2e 31 39 32 2e 69 6e 2d 61 64 64 72 2e 61 72 70 61 2c 20 31 36 2d 33 31 2e 31 37	,.168.192.in-addr.arpa,.16-31.17
e57c0	32 2e 69 6e 2d 61 64 64 72 2e 61 72 70 61 2c 20 77 68 69 63 68 20 65 6e 61 62 6c 69 6e 67 20 75	2.in-addr.arpa,.which.enabling.u
e57e0	70 73 74 72 65 61 6d 20 44 4e 53 20 73 65 72 76 65 72 28 73 29 20 74 6f 20 62 65 20 75 73 65 64	pstream.DNS.server(s).to.be.used
e5800	20 66 6f 72 20 72 65 76 65 72 73 65 20 6c 6f 6f 6b 75 70 73 20 6f 66 20 74 68 65 73 65 20 7a 6f	.for.reverse.lookups.of.these.zo
e5820	6e 65 73 2e 00 54 68 69 73 20 6d 65 74 68 6f 64 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64	nes..This.method.automatically.d
e5840	69 73 61 62 6c 65 73 20 49 50 76 36 20 74 72 61 66 66 69 63 20 66 6f 72 77 61 72 64 69 6e 67 20	isables.IPv6.traffic.forwarding.
e5860	6f 6e 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 69 6e 20 71 75 65 73 74 69 6f 6e 2e 00 54 68	on.the.interface.in.question..Th
e5880	69 73 20 6d 6f 64 65 20 70 72 6f 76 69 64 65 73 20 66 61 75 6c 74 20 74 6f 6c 65 72 61 6e 63 65	is.mode.provides.fault.tolerance
e58a0	2e 00 54 68 69 73 20 6d 6f 64 65 20 70 72 6f 76 69 64 65 73 20 66 61 75 6c 74 20 74 6f 6c 65 72	..This.mode.provides.fault.toler
e58c0	61 6e 63 65 2e 20 54 68 65 20 3a 63 66 67 63 6d 64 3a 60 70 72 69 6d 61 72 79 60 20 6f 70 74 69	ance..The.:cfgcmd:`primary`.opti
e58e0	6f 6e 2c 20 64 6f 63 75 6d 65 6e 74 65 64 20 62 65 6c 6f 77 2c 20 61 66 66 65 63 74 73 20 74 68	on,.documented.below,.affects.th
e5900	65 20 62 65 68 61 76 69 6f 72 20 6f 66 20 74 68 69 73 20 6d 6f 64 65 2e 00 54 68 69 73 20 6d 6f	e.behavior.of.this.mode..This.mo
e5920	64 65 20 70 72 6f 76 69 64 65 73 20 6c 6f 61 64 20 62 61 6c 61 6e 63 69 6e 67 20 61 6e 64 20 66	de.provides.load.balancing.and.f
e5940	61 75 6c 74 20 74 6f 6c 65 72 61 6e 63 65 2e 00 54 68 69 73 20 6f 70 74 69 6f 6e 20 61 64 64 73	ault.tolerance..This.option.adds
e5960	20 50 6f 77 65 72 20 43 6f 6e 73 74 72 61 69 6e 74 20 65 6c 65 6d 65 6e 74 20 77 68 65 6e 20 61	.Power.Constraint.element.when.a
e5980	70 70 6c 69 63 61 62 6c 65 20 61 6e 64 20 43 6f 75 6e 74 72 79 20 65 6c 65 6d 65 6e 74 20 69 73	pplicable.and.Country.element.is
e59a0	20 61 64 64 65 64 2e 20 50 6f 77 65 72 20 43 6f 6e 73 74 72 61 69 6e 74 20 65 6c 65 6d 65 6e 74	.added..Power.Constraint.element
e59c0	20 69 73 20 72 65 71 75 69 72 65 64 20 62 79 20 54 72 61 6e 73 6d 69 74 20 50 6f 77 65 72 20 43	.is.required.by.Transmit.Power.C
e59e0	6f 6e 74 72 6f 6c 2e 00 54 68 69 73 20 6f 70 74 69 6f 6e 20 63 61 6e 20 62 65 20 73 70 65 63 69	ontrol..This.option.can.be.speci
e5a00	66 69 65 64 20 6d 75 6c 74 69 70 6c 65 20 74 69 6d 65 73 2e 00 54 68 69 73 20 6f 70 74 69 6f 6e	fied.multiple.times..This.option
e5a20	20 63 61 6e 20 62 65 20 73 75 70 70 6c 69 65 64 20 6d 75 6c 74 69 70 6c 65 20 74 69 6d 65 73 2e	.can.be.supplied.multiple.times.
e5a40	00 54 68 69 73 20 6f 70 74 69 6f 6e 20 69 73 20 6d 61 6e 64 61 74 6f 72 79 20 69 6e 20 41 63 63	.This.option.is.mandatory.in.Acc
e5a60	65 73 73 2d 50 6f 69 6e 74 20 6d 6f 64 65 2e 00 54 68 69 73 20 6f 70 74 69 6f 6e 20 69 73 20 72	ess-Point.mode..This.option.is.r
e5a80	65 71 75 69 72 65 64 20 77 68 65 6e 20 72 75 6e 6e 69 6e 67 20 61 20 44 4d 56 50 4e 20 73 70 6f	equired.when.running.a.DMVPN.spo
e5aa0	6b 65 2e 00 54 68 69 73 20 6f 70 74 69 6f 6e 20 6d 75 73 74 20 62 65 20 75 73 65 64 20 77 69 74	ke..This.option.must.be.used.wit
e5ac0	68 20 60 60 74 69 6d 65 6f 75 74 60 60 20 6f 70 74 69 6f 6e 2e 00 54 68 69 73 20 6f 70 74 69 6f	h.``timeout``.option..This.optio
e5ae0	6e 20 6f 6e 6c 79 20 61 66 66 65 63 74 73 20 38 30 32 2e 33 61 64 20 6d 6f 64 65 2e 00 54 68 69	n.only.affects.802.3ad.mode..Thi
e5b00	73 20 6f 70 74 69 6f 6e 20 73 70 65 63 69 66 69 65 73 20 61 20 64 65 6c 61 79 20 69 6e 20 73 65	s.option.specifies.a.delay.in.se
e5b20	63 6f 6e 64 73 20 62 65 66 6f 72 65 20 76 72 72 70 20 69 6e 73 74 61 6e 63 65 73 20 73 74 61 72	conds.before.vrrp.instances.star
e5b40	74 20 75 70 20 61 66 74 65 72 20 6b 65 65 70 61 6c 69 76 65 64 20 73 74 61 72 74 73 2e 00 54 68	t.up.after.keepalived.starts..Th
e5b60	69 73 20 70 61 72 61 6d 65 74 65 72 20 61 6c 6c 6f 77 73 20 74 6f 20 22 73 68 6f 72 74 63 75 74	is.parameter.allows.to."shortcut
e5b80	22 20 72 6f 75 74 65 73 20 28 6e 6f 6e 2d 62 61 63 6b 62 6f 6e 65 29 20 66 6f 72 20 69 6e 74 65	".routes.(non-backbone).for.inte
e5ba0	72 2d 61 72 65 61 20 72 6f 75 74 65 73 2e 20 54 68 65 72 65 20 61 72 65 20 74 68 72 65 65 20 6d	r-area.routes..There.are.three.m
e5bc0	6f 64 65 73 20 61 76 61 69 6c 61 62 6c 65 20 66 6f 72 20 72 6f 75 74 65 73 20 73 68 6f 72 74 63	odes.available.for.routes.shortc
e5be0	75 74 74 69 6e 67 3a 00 54 68 69 73 20 70 6f 6c 69 63 79 20 69 73 20 69 6e 74 65 6e 64 65 64 20	utting:.This.policy.is.intended.
e5c00	74 6f 20 70 72 6f 76 69 64 65 20 61 20 6d 6f 72 65 20 62 61 6c 61 6e 63 65 64 20 64 69 73 74 72	to.provide.a.more.balanced.distr
e5c20	69 62 75 74 69 6f 6e 20 6f 66 20 74 72 61 66 66 69 63 20 74 68 61 6e 20 6c 61 79 65 72 32 20 61	ibution.of.traffic.than.layer2.a
e5c40	6c 6f 6e 65 2c 20 65 73 70 65 63 69 61 6c 6c 79 20 69 6e 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 73	lone,.especially.in.environments
e5c60	20 77 68 65 72 65 20 61 20 6c 61 79 65 72 33 20 67 61 74 65 77 61 79 20 64 65 76 69 63 65 20 69	.where.a.layer3.gateway.device.i
e5c80	73 20 72 65 71 75 69 72 65 64 20 74 6f 20 72 65 61 63 68 20 6d 6f 73 74 20 64 65 73 74 69 6e 61	s.required.to.reach.most.destina
e5ca0	74 69 6f 6e 73 2e 00 54 68 69 73 20 70 72 6f 6d 70 74 65 64 20 73 6f 6d 65 20 49 53 50 73 20 74	tions..This.prompted.some.ISPs.t
e5cc0	6f 20 64 65 76 65 6c 6f 70 20 61 20 70 6f 6c 69 63 79 20 77 69 74 68 69 6e 20 74 68 65 20 3a 61	o.develop.a.policy.within.the.:a
e5ce0	62 62 72 3a 60 41 52 49 4e 20 28 41 6d 65 72 69 63 61 6e 20 52 65 67 69 73 74 72 79 20 66 6f 72	bbr:`ARIN.(American.Registry.for
e5d00	20 49 6e 74 65 72 6e 65 74 20 4e 75 6d 62 65 72 73 29 60 20 74 6f 20 61 6c 6c 6f 63 61 74 65 20	.Internet.Numbers)`.to.allocate.
e5d20	6e 65 77 20 70 72 69 76 61 74 65 20 61 64 64 72 65 73 73 20 73 70 61 63 65 20 66 6f 72 20 43 47	new.private.address.space.for.CG
e5d40	4e 73 2c 20 62 75 74 20 41 52 49 4e 20 64 65 66 65 72 72 65 64 20 74 6f 20 74 68 65 20 49 45 54	Ns,.but.ARIN.deferred.to.the.IET
e5d60	46 20 62 65 66 6f 72 65 20 69 6d 70 6c 65 6d 65 6e 74 69 6e 67 20 74 68 65 20 70 6f 6c 69 63 79	F.before.implementing.the.policy
e5d80	20 69 6e 64 69 63 61 74 69 6e 67 20 74 68 61 74 20 74 68 65 20 6d 61 74 74 65 72 20 77 61 73 20	.indicating.that.the.matter.was.
e5da0	6e 6f 74 20 61 20 74 79 70 69 63 61 6c 20 61 6c 6c 6f 63 61 74 69 6f 6e 20 69 73 73 75 65 20 62	not.a.typical.allocation.issue.b
e5dc0	75 74 20 61 20 72 65 73 65 72 76 61 74 69 6f 6e 20 6f 66 20 61 64 64 72 65 73 73 65 73 20 66 6f	ut.a.reservation.of.addresses.fo
e5de0	72 20 74 65 63 68 6e 69 63 61 6c 20 70 75 72 70 6f 73 65 73 20 28 70 65 72 20 3a 72 66 63 3a 60	r.technical.purposes.(per.:rfc:`
e5e00	32 38 36 30 60 29 2e 00 54 68 69 73 20 72 65 71 75 69 72 65 64 20 73 65 74 74 69 6e 67 20 64 65	2860`)..This.required.setting.de
e5e20	66 69 6e 65 73 20 74 68 65 20 61 63 74 69 6f 6e 20 6f 66 20 74 68 65 20 63 75 72 72 65 6e 74 20	fines.the.action.of.the.current.
e5e40	72 75 6c 65 2e 20 49 66 20 61 63 74 69 6f 6e 20 69 73 20 73 65 74 20 74 6f 20 60 60 6a 75 6d 70	rule..If.action.is.set.to.``jump
e5e60	60 60 2c 20 74 68 65 6e 20 60 60 6a 75 6d 70 2d 74 61 72 67 65 74 60 60 20 69 73 20 61 6c 73 6f	``,.then.``jump-target``.is.also
e5e80	20 6e 65 65 64 65 64 2e 00 54 68 69 73 20 72 65 71 75 69 72 65 64 20 73 65 74 74 69 6e 67 20 64	.needed..This.required.setting.d
e5ea0	65 66 69 6e 65 73 20 74 68 65 20 61 63 74 69 6f 6e 20 6f 66 20 74 68 65 20 63 75 72 72 65 6e 74	efines.the.action.of.the.current
e5ec0	20 72 75 6c 65 2e 20 49 66 20 61 63 74 69 6f 6e 20 69 73 20 73 65 74 20 74 6f 20 6a 75 6d 70 2c	.rule..If.action.is.set.to.jump,
e5ee0	20 74 68 65 6e 20 6a 75 6d 70 2d 74 61 72 67 65 74 20 69 73 20 61 6c 73 6f 20 6e 65 65 64 65 64	.then.jump-target.is.also.needed
e5f00	2e 00 54 68 69 73 20 72 65 71 75 69 72 65 73 20 74 77 6f 20 66 69 6c 65 73 2c 20 6f 6e 65 20 74	..This.requires.two.files,.one.t
e5f20	6f 20 63 72 65 61 74 65 20 74 68 65 20 64 65 76 69 63 65 20 28 58 58 58 2e 6e 65 74 64 65 76 29	o.create.the.device.(XXX.netdev)
e5f40	20 61 6e 64 20 6f 6e 65 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 74 68 65 20 6e 65 74 77 6f 72	.and.one.to.configure.the.networ
e5f60	6b 20 6f 6e 20 74 68 65 20 64 65 76 69 63 65 20 28 58 58 58 2e 6e 65 74 77 6f 72 6b 29 00 54 68	k.on.the.device.(XXX.network).Th
e5f80	69 73 20 72 65 73 75 6c 74 73 20 69 6e 20 74 68 65 20 61 63 74 69 76 65 20 63 6f 6e 66 69 67 75	is.results.in.the.active.configu
e5fa0	72 61 74 69 6f 6e 3a 00 54 68 69 73 20 73 61 79 73 20 74 68 61 74 20 74 68 69 73 20 64 65 76 69	ration:.This.says.that.this.devi
e5fc0	63 65 20 69 73 20 74 68 65 20 6f 6e 6c 79 20 44 48 43 50 20 73 65 72 76 65 72 20 66 6f 72 20 74	ce.is.the.only.DHCP.server.for.t
e5fe0	68 69 73 20 6e 65 74 77 6f 72 6b 2e 20 49 66 20 6f 74 68 65 72 20 64 65 76 69 63 65 73 20 61 72	his.network..If.other.devices.ar
e6000	65 20 74 72 79 69 6e 67 20 74 6f 20 6f 66 66 65 72 20 44 48 43 50 20 6c 65 61 73 65 73 2c 20 74	e.trying.to.offer.DHCP.leases,.t
e6020	68 69 73 20 6d 61 63 68 69 6e 65 20 77 69 6c 6c 20 73 65 6e 64 20 27 44 48 43 50 4e 41 4b 27 20	his.machine.will.send.'DHCPNAK'.
e6040	74 6f 20 61 6e 79 20 64 65 76 69 63 65 20 74 72 79 69 6e 67 20 74 6f 20 72 65 71 75 65 73 74 20	to.any.device.trying.to.request.
e6060	61 6e 20 49 50 20 61 64 64 72 65 73 73 20 74 68 61 74 20 69 73 20 6e 6f 74 20 76 61 6c 69 64 20	an.IP.address.that.is.not.valid.
e6080	66 6f 72 20 74 68 69 73 20 6e 65 74 77 6f 72 6b 2e 00 54 68 69 73 20 73 65 63 74 69 6f 6e 20 64	for.this.network..This.section.d
e60a0	65 73 63 72 69 62 65 73 20 63 6f 6e 66 69 67 75 72 69 6e 67 20 44 4e 53 20 6f 6e 20 74 68 65 20	escribes.configuring.DNS.on.the.
e60c0	73 79 73 74 65 6d 2c 20 6e 61 6d 65 6c 79 3a 00 54 68 69 73 20 73 65 63 74 69 6f 6e 20 64 65 73	system,.namely:.This.section.des
e60e0	63 72 69 62 65 73 20 74 68 65 20 73 79 73 74 65 6d 27 73 20 68 6f 73 74 20 69 6e 66 6f 72 6d 61	cribes.the.system's.host.informa
e6100	74 69 6f 6e 20 61 6e 64 20 68 6f 77 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 74 68 65 6d 2c 20	tion.and.how.to.configure.them,.
e6120	69 74 20 63 6f 76 65 72 73 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 74 6f 70 69 63 73 3a 00	it.covers.the.following.topics:.
e6140	54 68 69 73 20 73 65 63 74 69 6f 6e 20 6e 65 65 64 73 20 69 6d 70 72 6f 76 65 6d 65 6e 74 73 2c	This.section.needs.improvements,
e6160	20 65 78 61 6d 70 6c 65 73 20 61 6e 64 20 65 78 70 6c 61 6e 61 74 69 6f 6e 73 2e 00 54 68 69 73	.examples.and.explanations..This
e6180	20 73 65 74 20 74 68 65 20 64 65 66 61 75 6c 74 20 61 63 74 69 6f 6e 20 6f 66 20 74 68 65 20 72	.set.the.default.action.of.the.r
e61a0	75 6c 65 2d 73 65 74 20 69 66 20 6e 6f 20 72 75 6c 65 20 6d 61 74 63 68 65 64 20 61 20 70 61 63	ule-set.if.no.rule.matched.a.pac
e61c0	6b 65 74 20 63 72 69 74 65 72 69 61 2e 20 49 66 20 64 65 66 61 63 75 6c 74 2d 61 63 74 69 6f 6e	ket.criteria..If.defacult-action
e61e0	20 69 73 20 73 65 74 20 74 6f 20 60 60 6a 75 6d 70 60 60 2c 20 74 68 65 6e 20 60 60 64 65 66 61	.is.set.to.``jump``,.then.``defa
e6200	75 6c 74 2d 6a 75 6d 70 2d 74 61 72 67 65 74 60 60 20 69 73 20 61 6c 73 6f 20 6e 65 65 64 65 64	ult-jump-target``.is.also.needed
e6220	2e 00 54 68 69 73 20 73 65 74 20 74 68 65 20 64 65 66 61 75 6c 74 20 61 63 74 69 6f 6e 20 6f 66	..This.set.the.default.action.of
e6240	20 74 68 65 20 72 75 6c 65 2d 73 65 74 20 69 66 20 6e 6f 20 72 75 6c 65 20 6d 61 74 63 68 65 64	.the.rule-set.if.no.rule.matched
e6260	20 61 20 70 61 63 6b 65 74 20 63 72 69 74 65 72 69 61 2e 20 49 66 20 64 65 66 61 63 75 6c 74 2d	.a.packet.criteria..If.defacult-
e6280	61 63 74 69 6f 6e 20 69 73 20 73 65 74 20 74 6f 20 60 60 6a 75 6d 70 60 60 2c 20 74 68 65 6e 20	action.is.set.to.``jump``,.then.
e62a0	60 60 64 65 66 61 75 6c 74 2d 6a 75 6d 70 2d 74 61 72 67 65 74 60 60 20 69 73 20 61 6c 73 6f 20	``default-jump-target``.is.also.
e62c0	6e 65 65 64 65 64 2e 20 4e 6f 74 65 20 74 68 61 74 20 66 6f 72 20 62 61 73 65 20 63 68 61 69 6e	needed..Note.that.for.base.chain
e62e0	73 2c 20 64 65 66 61 75 6c 74 20 61 63 74 69 6f 6e 20 63 61 6e 20 6f 6e 6c 79 20 62 65 20 73 65	s,.default.action.can.only.be.se
e6300	74 20 74 6f 20 60 60 61 63 63 65 70 74 60 60 20 6f 72 20 60 60 64 72 6f 70 60 60 2c 20 77 68 69	t.to.``accept``.or.``drop``,.whi
e6320	6c 65 20 6f 6e 20 63 75 73 74 6f 6d 20 63 68 61 69 6e 2c 20 6d 6f 72 65 20 61 63 74 69 6f 6e 73	le.on.custom.chain,.more.actions
e6340	20 61 72 65 20 61 76 61 69 6c 61 62 6c 65 2e 00 54 68 69 73 20 73 65 74 73 20 74 68 65 20 61 63	.are.available..This.sets.the.ac
e6360	63 65 70 74 65 64 20 63 69 70 68 65 72 73 20 74 6f 20 75 73 65 20 77 68 65 6e 20 76 65 72 73 69	cepted.ciphers.to.use.when.versi
e6380	6f 6e 20 3d 3e 20 32 2e 34 2e 30 20 61 6e 64 20 4e 43 50 20 69 73 20 65 6e 61 62 6c 65 64 20 28	on.=>.2.4.0.and.NCP.is.enabled.(
e63a0	77 68 69 63 68 20 69 73 20 74 68 65 20 64 65 66 61 75 6c 74 29 2e 20 44 65 66 61 75 6c 74 20 4e	which.is.the.default)..Default.N
e63c0	43 50 20 63 69 70 68 65 72 20 66 6f 72 20 76 65 72 73 69 6f 6e 73 20 3e 3d 20 32 2e 34 2e 30 20	CP.cipher.for.versions.>=.2.4.0.
e63e0	69 73 20 61 65 73 32 35 36 67 63 6d 2e 20 54 68 65 20 66 69 72 73 74 20 63 69 70 68 65 72 20 69	is.aes256gcm..The.first.cipher.i
e6400	6e 20 74 68 69 73 20 6c 69 73 74 20 69 73 20 77 68 61 74 20 73 65 72 76 65 72 20 70 75 73 68 65	n.this.list.is.what.server.pushe
e6420	73 20 74 6f 20 63 6c 69 65 6e 74 73 2e 00 54 68 69 73 20 73 65 74 73 20 74 68 65 20 63 69 70 68	s.to.clients..This.sets.the.ciph
e6440	65 72 20 77 68 65 6e 20 4e 43 50 20 28 4e 65 67 6f 74 69 61 62 6c 65 20 43 72 79 70 74 6f 20 50	er.when.NCP.(Negotiable.Crypto.P
e6460	61 72 61 6d 65 74 65 72 73 29 20 69 73 20 64 69 73 61 62 6c 65 64 20 6f 72 20 4f 70 65 6e 56 50	arameters).is.disabled.or.OpenVP
e6480	4e 20 76 65 72 73 69 6f 6e 20 3c 20 32 2e 34 2e 30 2e 00 54 68 69 73 20 73 65 74 74 69 6e 67 20	N.version.<.2.4.0..This.setting.
e64a0	64 65 66 61 75 6c 74 73 20 74 6f 20 31 35 30 30 20 61 6e 64 20 69 73 20 76 61 6c 69 64 20 62 65	defaults.to.1500.and.is.valid.be
e64c0	74 77 65 65 6e 20 31 30 20 61 6e 64 20 36 30 30 30 30 2e 00 54 68 69 73 20 73 65 74 74 69 6e 67	tween.10.and.60000..This.setting
e64e0	20 65 6e 61 62 6c 65 20 6f 72 20 64 69 73 61 62 6c 65 20 74 68 65 20 72 65 73 70 6f 6e 73 65 20	.enable.or.disable.the.response.
e6500	6f 66 20 69 63 6d 70 20 62 72 6f 61 64 63 61 73 74 20 6d 65 73 73 61 67 65 73 2e 20 54 68 65 20	of.icmp.broadcast.messages..The.
e6520	66 6f 6c 6c 6f 77 69 6e 67 20 73 79 73 74 65 6d 20 70 61 72 61 6d 65 74 65 72 20 77 69 6c 6c 20	following.system.parameter.will.
e6540	62 65 20 61 6c 74 65 72 65 64 3a 00 54 68 69 73 20 73 65 74 74 69 6e 67 20 68 61 6e 64 6c 65 20	be.altered:.This.setting.handle.
e6560	69 66 20 56 79 4f 53 20 61 63 63 65 70 74 20 70 61 63 6b 65 74 73 20 77 69 74 68 20 61 20 73 6f	if.VyOS.accept.packets.with.a.so
e6580	75 72 63 65 20 72 6f 75 74 65 20 6f 70 74 69 6f 6e 2e 20 54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67	urce.route.option..The.following
e65a0	20 73 79 73 74 65 6d 20 70 61 72 61 6d 65 74 65 72 20 77 69 6c 6c 20 62 65 20 61 6c 74 65 72 65	.system.parameter.will.be.altere
e65c0	64 3a 00 54 68 69 73 20 73 65 74 74 69 6e 67 2c 20 77 68 69 63 68 20 64 65 66 61 75 6c 74 73 20	d:.This.setting,.which.defaults.
e65e0	74 6f 20 33 36 30 30 20 73 65 63 6f 6e 64 73 2c 20 70 75 74 73 20 61 20 6d 61 78 69 6d 75 6d 20	to.3600.seconds,.puts.a.maximum.
e6600	6f 6e 20 74 68 65 20 61 6d 6f 75 6e 74 20 6f 66 20 74 69 6d 65 20 6e 65 67 61 74 69 76 65 20 65	on.the.amount.of.time.negative.e
e6620	6e 74 72 69 65 73 20 61 72 65 20 63 61 63 68 65 64 2e 00 54 68 69 73 20 73 65 74 75 70 20 77 69	ntries.are.cached..This.setup.wi
e6640	6c 6c 20 6d 61 6b 65 20 74 68 65 20 56 52 52 50 20 70 72 6f 63 65 73 73 20 65 78 65 63 75 74 65	ll.make.the.VRRP.process.execute
e6660	20 74 68 65 20 60 60 2f 63 6f 6e 66 69 67 2f 73 63 72 69 70 74 73 2f 76 72 72 70 2d 63 68 65 63	.the.``/config/scripts/vrrp-chec
e6680	6b 2e 73 68 20 73 63 72 69 70 74 60 60 20 65 76 65 72 79 20 36 30 20 73 65 63 6f 6e 64 73 2c 20	k.sh.script``.every.60.seconds,.
e66a0	61 6e 64 20 74 72 61 6e 73 69 74 69 6f 6e 20 74 68 65 20 67 72 6f 75 70 20 74 6f 20 74 68 65 20	and.transition.the.group.to.the.
e66c0	66 61 75 6c 74 20 73 74 61 74 65 20 69 66 20 69 74 20 66 61 69 6c 73 20 28 69 2e 65 2e 20 65 78	fault.state.if.it.fails.(i.e..ex
e66e0	69 74 73 20 77 69 74 68 20 6e 6f 6e 2d 7a 65 72 6f 20 73 74 61 74 75 73 29 20 74 68 72 65 65 20	its.with.non-zero.status).three.
e6700	74 69 6d 65 73 3a 00 54 68 69 73 20 73 74 61 74 65 6d 65 6e 74 20 73 70 65 63 69 66 69 65 73 20	times:.This.statement.specifies.
e6720	64 68 63 70 36 63 20 74 6f 20 6f 6e 6c 79 20 65 78 63 68 61 6e 67 65 20 69 6e 66 6f 72 6d 61 74	dhcp6c.to.only.exchange.informat
e6740	69 6f 6e 61 6c 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 70 61 72 61 6d 65 74 65 72 73 20 77	ional.configuration.parameters.w
e6760	69 74 68 20 73 65 72 76 65 72 73 2e 20 41 20 6c 69 73 74 20 6f 66 20 44 4e 53 20 73 65 72 76 65	ith.servers..A.list.of.DNS.serve
e6780	72 20 61 64 64 72 65 73 73 65 73 20 69 73 20 61 6e 20 65 78 61 6d 70 6c 65 20 6f 66 20 73 75 63	r.addresses.is.an.example.of.suc
e67a0	68 20 70 61 72 61 6d 65 74 65 72 73 2e 20 54 68 69 73 20 73 74 61 74 65 6d 65 6e 74 20 69 73 20	h.parameters..This.statement.is.
e67c0	75 73 65 66 75 6c 20 77 68 65 6e 20 74 68 65 20 63 6c 69 65 6e 74 20 64 6f 65 73 20 6e 6f 74 20	useful.when.the.client.does.not.
e67e0	6e 65 65 64 20 73 74 61 74 65 66 75 6c 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 70 61 72 61	need.stateful.configuration.para
e6800	6d 65 74 65 72 73 20 73 75 63 68 20 61 73 20 49 50 76 36 20 61 64 64 72 65 73 73 65 73 20 6f 72	meters.such.as.IPv6.addresses.or
e6820	20 70 72 65 66 69 78 65 73 2e 00 54 68 69 73 20 73 75 70 70 6f 72 74 20 6d 61 79 20 62 65 20 65	.prefixes..This.support.may.be.e
e6840	6e 61 62 6c 65 64 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 6c 79 20 28 61 6e 64 20 69 6e 64	nabled.administratively.(and.ind
e6860	65 66 69 6e 69 74 65 6c 79 29 20 77 69 74 68 20 74 68 65 20 3a 63 66 67 63 6d 64 3a 60 61 64 6d	efinitely).with.the.:cfgcmd:`adm
e6880	69 6e 69 73 74 72 61 74 69 76 65 60 20 63 6f 6d 6d 61 6e 64 2e 20 49 74 20 6d 61 79 20 61 6c 73	inistrative`.command..It.may.als
e68a0	6f 20 62 65 20 65 6e 61 62 6c 65 64 20 63 6f 6e 64 69 74 69 6f 6e 61 6c 6c 79 2e 20 43 6f 6e 64	o.be.enabled.conditionally..Cond
e68c0	69 74 69 6f 6e 61 6c 20 65 6e 61 62 6c 69 6e 67 20 6f 66 20 6d 61 78 2d 6d 65 74 72 69 63 20 72	itional.enabling.of.max-metric.r
e68e0	6f 75 74 65 72 2d 6c 73 61 73 20 63 61 6e 20 62 65 20 66 6f 72 20 61 20 70 65 72 69 6f 64 20 6f	outer-lsas.can.be.for.a.period.o
e6900	66 20 73 65 63 6f 6e 64 73 20 61 66 74 65 72 20 73 74 61 72 74 75 70 20 77 69 74 68 20 74 68 65	f.seconds.after.startup.with.the
e6920	20 3a 63 66 67 63 6d 64 3a 60 6f 6e 2d 73 74 61 72 74 75 70 20 3c 73 65 63 6f 6e 64 73 3e 60 20	.:cfgcmd:`on-startup.<seconds>`.
e6940	63 6f 6d 6d 61 6e 64 20 61 6e 64 2f 6f 72 20 66 6f 72 20 61 20 70 65 72 69 6f 64 20 6f 66 20 73	command.and/or.for.a.period.of.s
e6960	65 63 6f 6e 64 73 20 70 72 69 6f 72 20 74 6f 20 73 68 75 74 64 6f 77 6e 20 77 69 74 68 20 74 68	econds.prior.to.shutdown.with.th
e6980	65 20 3a 63 66 67 63 6d 64 3a 60 6f 6e 2d 73 68 75 74 64 6f 77 6e 20 3c 73 65 63 6f 6e 64 73 3e	e.:cfgcmd:`on-shutdown.<seconds>
e69a0	60 20 63 6f 6d 6d 61 6e 64 2e 20 54 68 65 20 74 69 6d 65 20 72 61 6e 67 65 20 69 73 20 35 20 74	`.command..The.time.range.is.5.t
e69c0	6f 20 38 36 34 30 30 2e 00 54 68 69 73 20 74 65 63 68 6e 69 71 75 65 20 69 73 20 63 6f 6d 6d 6f	o.86400..This.technique.is.commo
e69e0	6e 6c 79 20 72 65 66 65 72 72 65 64 20 74 6f 20 61 73 20 4e 41 54 20 52 65 66 6c 65 63 74 69 6f	nly.referred.to.as.NAT.Reflectio
e6a00	6e 20 6f 72 20 48 61 69 72 70 69 6e 20 4e 41 54 2e 00 54 68 69 73 20 74 65 63 68 6e 6f 6c 6f 67	n.or.Hairpin.NAT..This.technolog
e6a20	79 20 69 73 20 6b 6e 6f 77 6e 20 62 79 20 64 69 66 66 65 72 65 6e 74 20 6e 61 6d 65 73 3a 00 54	y.is.known.by.different.names:.T
e6a40	68 69 73 20 74 68 65 20 73 69 6d 70 6c 65 73 74 20 71 75 65 75 65 20 70 6f 73 73 69 62 6c 65 20	his.the.simplest.queue.possible.
e6a60	79 6f 75 20 63 61 6e 20 61 70 70 6c 79 20 74 6f 20 79 6f 75 72 20 74 72 61 66 66 69 63 2e 20 54	you.can.apply.to.your.traffic..T
e6a80	72 61 66 66 69 63 20 6d 75 73 74 20 67 6f 20 74 68 72 6f 75 67 68 20 61 20 66 69 6e 69 74 65 20	raffic.must.go.through.a.finite.
e6aa0	71 75 65 75 65 20 62 65 66 6f 72 65 20 69 74 20 69 73 20 61 63 74 75 61 6c 6c 79 20 73 65 6e 74	queue.before.it.is.actually.sent
e6ac0	2e 20 59 6f 75 20 6d 75 73 74 20 64 65 66 69 6e 65 20 68 6f 77 20 6d 61 6e 79 20 70 61 63 6b 65	..You.must.define.how.many.packe
e6ae0	74 73 20 74 68 61 74 20 71 75 65 75 65 20 63 61 6e 20 63 6f 6e 74 61 69 6e 2e 00 54 68 69 73 20	ts.that.queue.can.contain..This.
e6b00	74 6f 70 6f 6c 6f 67 79 20 77 61 73 20 62 75 69 6c 74 20 75 73 69 6e 67 20 47 4e 53 33 2e 00 54	topology.was.built.using.GNS3..T
e6b20	68 69 73 20 77 69 6c 6c 20 62 65 20 74 68 65 20 6d 6f 73 74 20 77 69 64 65 6c 79 20 75 73 65 64	his.will.be.the.most.widely.used
e6b40	20 69 6e 74 65 72 66 61 63 65 20 6f 6e 20 61 20 72 6f 75 74 65 72 20 63 61 72 72 79 69 6e 67 20	.interface.on.a.router.carrying.
e6b60	74 72 61 66 66 69 63 20 74 6f 20 74 68 65 20 72 65 61 6c 20 77 6f 72 6c 64 2e 00 54 68 69 73 20	traffic.to.the.real.world..This.
e6b80	77 69 6c 6c 20 63 6f 6e 66 69 67 75 72 65 20 61 20 73 74 61 74 69 63 20 41 52 50 20 65 6e 74 72	will.configure.a.static.ARP.entr
e6ba0	79 20 61 6c 77 61 79 73 20 72 65 73 6f 6c 76 69 6e 67 20 60 3c 61 64 64 72 65 73 73 3e 60 20 74	y.always.resolving.`<address>`.t
e6bc0	6f 20 60 3c 6d 61 63 3e 60 20 66 6f 72 20 69 6e 74 65 72 66 61 63 65 20 60 3c 69 6e 74 65 72 66	o.`<mac>`.for.interface.`<interf
e6be0	61 63 65 3e 60 2e 00 54 68 69 73 20 77 69 6c 6c 20 6d 61 74 63 68 20 54 43 50 20 74 72 61 66 66	ace>`..This.will.match.TCP.traff
e6c00	69 63 20 77 69 74 68 20 73 6f 75 72 63 65 20 70 6f 72 74 20 38 30 2e 00 54 68 69 73 20 77 69 6c	ic.with.source.port.80..This.wil
e6c20	6c 20 72 65 6e 64 65 72 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 64 64 63 6c 69 65 6e 74 5f	l.render.the.following.ddclient_
e6c40	20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 65 6e 74 72 79 3a 00 54 68 69 73 20 77 69 6c 6c 20	.configuration.entry:.This.will.
e6c60	73 68 6f 77 20 79 6f 75 20 61 20 62 61 73 69 63 20 66 69 72 65 77 61 6c 6c 20 6f 76 65 72 76 69	show.you.a.basic.firewall.overvi
e6c80	65 77 00 54 68 69 73 20 77 69 6c 6c 20 73 68 6f 77 20 79 6f 75 20 61 20 72 75 6c 65 2d 73 65 74	ew.This.will.show.you.a.rule-set
e6ca0	20 73 74 61 74 69 73 74 69 63 20 73 69 6e 63 65 20 74 68 65 20 6c 61 73 74 20 62 6f 6f 74 2e 00	.statistic.since.the.last.boot..
e6cc0	54 68 69 73 20 77 69 6c 6c 20 73 68 6f 77 20 79 6f 75 20 61 20 73 74 61 74 69 73 74 69 63 20 6f	This.will.show.you.a.statistic.o
e6ce0	66 20 61 6c 6c 20 72 75 6c 65 2d 73 65 74 73 20 73 69 6e 63 65 20 74 68 65 20 6c 61 73 74 20 62	f.all.rule-sets.since.the.last.b
e6d00	6f 6f 74 2e 00 54 68 69 73 20 77 69 6c 6c 20 73 68 6f 77 20 79 6f 75 20 61 20 73 75 6d 6d 61 72	oot..This.will.show.you.a.summar
e6d20	79 20 6f 66 20 72 75 6c 65 2d 73 65 74 73 20 61 6e 64 20 67 72 6f 75 70 73 00 54 68 69 73 20 77	y.of.rule-sets.and.groups.This.w
e6d40	6f 72 6b 61 72 6f 75 6e 64 20 6c 65 74 73 20 79 6f 75 20 61 70 70 6c 79 20 61 20 73 68 61 70 69	orkaround.lets.you.apply.a.shapi
e6d60	6e 67 20 70 6f 6c 69 63 79 20 74 6f 20 74 68 65 20 69 6e 67 72 65 73 73 20 74 72 61 66 66 69 63	ng.policy.to.the.ingress.traffic
e6d80	20 62 79 20 66 69 72 73 74 20 72 65 64 69 72 65 63 74 69 6e 67 20 69 74 20 74 6f 20 61 6e 20 69	.by.first.redirecting.it.to.an.i
e6da0	6e 2d 62 65 74 77 65 65 6e 20 76 69 72 74 75 61 6c 20 69 6e 74 65 72 66 61 63 65 20 28 60 49 6e	n-between.virtual.interface.(`In
e6dc0	74 65 72 6d 65 64 69 61 74 65 20 46 75 6e 63 74 69 6f 6e 61 6c 20 42 6c 6f 63 6b 60 5f 29 2e 20	termediate.Functional.Block`_)..
e6de0	54 68 65 72 65 2c 20 69 6e 20 74 68 61 74 20 76 69 72 74 75 61 6c 20 69 6e 74 65 72 66 61 63 65	There,.in.that.virtual.interface
e6e00	2c 20 79 6f 75 20 77 69 6c 6c 20 62 65 20 61 62 6c 65 20 74 6f 20 61 70 70 6c 79 20 61 6e 79 20	,.you.will.be.able.to.apply.any.
e6e20	6f 66 20 74 68 65 20 70 6f 6c 69 63 69 65 73 20 74 68 61 74 20 77 6f 72 6b 20 66 6f 72 20 6f 75	of.the.policies.that.work.for.ou
e6e40	74 62 6f 75 6e 64 20 74 72 61 66 66 69 63 2c 20 66 6f 72 20 69 6e 73 74 61 6e 63 65 2c 20 61 20	tbound.traffic,.for.instance,.a.
e6e60	73 68 61 70 69 6e 67 20 6f 6e 65 2e 00 54 68 69 73 20 77 6f 75 6c 64 20 67 65 6e 65 72 61 74 65	shaping.one..This.would.generate
e6e80	20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3a 00 54 68	.the.following.configuration:.Th
e6ea0	72 65 65 20 73 69 67 6e 69 66 69 63 61 6e 74 20 76 65 72 73 69 6f 6e 73 20 6f 66 20 53 4e 4d 50	ree.significant.versions.of.SNMP
e6ec0	20 68 61 76 65 20 62 65 65 6e 20 64 65 76 65 6c 6f 70 65 64 20 61 6e 64 20 64 65 70 6c 6f 79 65	.have.been.developed.and.deploye
e6ee0	64 2e 20 53 4e 4d 50 76 31 20 69 73 20 74 68 65 20 6f 72 69 67 69 6e 61 6c 20 76 65 72 73 69 6f	d..SNMPv1.is.the.original.versio
e6f00	6e 20 6f 66 20 74 68 65 20 70 72 6f 74 6f 63 6f 6c 2e 20 4d 6f 72 65 20 72 65 63 65 6e 74 20 76	n.of.the.protocol..More.recent.v
e6f20	65 72 73 69 6f 6e 73 2c 20 53 4e 4d 50 76 32 63 20 61 6e 64 20 53 4e 4d 50 76 33 2c 20 66 65 61	ersions,.SNMPv2c.and.SNMPv3,.fea
e6f40	74 75 72 65 20 69 6d 70 72 6f 76 65 6d 65 6e 74 73 20 69 6e 20 70 65 72 66 6f 72 6d 61 6e 63 65	ture.improvements.in.performance
e6f60	2c 20 66 6c 65 78 69 62 69 6c 69 74 79 20 61 6e 64 20 73 65 63 75 72 69 74 79 2e 00 54 69 6d 65	,.flexibility.and.security..Time
e6f80	20 5a 6f 6e 65 00 54 69 6d 65 20 5a 6f 6e 65 20 73 65 74 74 69 6e 67 20 69 73 20 76 65 72 79 20	.Zone.Time.Zone.setting.is.very.
e6fa0	69 6d 70 6f 72 74 61 6e 74 20 61 73 20 65 2e 67 20 61 6c 6c 20 79 6f 75 72 20 6c 6f 67 66 69 6c	important.as.e.g.all.your.logfil
e6fc0	65 20 65 6e 74 72 69 65 73 20 77 69 6c 6c 20 62 65 20 62 61 73 65 64 20 6f 6e 20 74 68 65 20 63	e.entries.will.be.based.on.the.c
e6fe0	6f 6e 66 69 67 75 72 65 64 20 7a 6f 6e 65 2e 20 57 69 74 68 6f 75 74 20 70 72 6f 70 65 72 20 74	onfigured.zone..Without.proper.t
e7000	69 6d 65 20 7a 6f 6e 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 69 74 20 77 69 6c 6c 20 62	ime.zone.configuration.it.will.b
e7020	65 20 76 65 72 79 20 64 69 66 66 69 63 75 6c 74 20 74 6f 20 63 6f 6d 70 61 72 65 20 6c 6f 67 66	e.very.difficult.to.compare.logf
e7040	69 6c 65 73 20 66 72 6f 6d 20 64 69 66 66 65 72 65 6e 74 20 73 79 73 74 65 6d 73 2e 00 54 69 6d	iles.from.different.systems..Tim
e7060	65 20 69 6e 20 6d 69 6c 6c 69 73 65 63 6f 6e 64 73 20 62 65 74 77 65 65 6e 20 72 65 74 72 61 6e	e.in.milliseconds.between.retran
e7080	73 6d 69 74 74 65 64 20 4e 65 69 67 68 62 6f 72 20 53 6f 6c 69 63 69 74 61 74 69 6f 6e 20 6d 65	smitted.Neighbor.Solicitation.me
e70a0	73 73 61 67 65 73 00 54 69 6d 65 20 69 6e 20 73 65 63 6f 6e 64 73 20 74 68 61 74 20 74 68 65 20	ssages.Time.in.seconds.that.the.
e70c0	70 72 65 66 69 78 20 77 69 6c 6c 20 72 65 6d 61 69 6e 20 70 72 65 66 65 72 72 65 64 20 28 64 65	prefix.will.remain.preferred.(de
e70e0	66 61 75 6c 74 20 34 20 68 6f 75 72 73 29 00 54 69 6d 65 20 69 6e 20 73 65 63 6f 6e 64 73 20 74	fault.4.hours).Time.in.seconds.t
e7100	68 61 74 20 74 68 65 20 70 72 65 66 69 78 20 77 69 6c 6c 20 72 65 6d 61 69 6e 20 76 61 6c 69 64	hat.the.prefix.will.remain.valid
e7120	20 28 64 65 66 61 75 6c 74 3a 20 33 30 20 64 61 79 73 29 00 54 69 6d 65 20 69 73 20 69 6e 20 6d	.(default:.30.days).Time.is.in.m
e7140	69 6e 75 74 65 73 20 61 6e 64 20 64 65 66 61 75 6c 74 73 20 74 6f 20 36 30 2e 00 54 69 6d 65 20	inutes.and.defaults.to.60..Time.
e7160	74 6f 20 6d 61 74 63 68 20 74 68 65 20 64 65 66 69 6e 65 64 20 72 75 6c 65 2e 00 54 69 6d 65 2c	to.match.the.defined.rule..Time,
e7180	20 69 6e 20 6d 69 6c 6c 69 73 65 63 6f 6e 64 73 2c 20 74 68 61 74 20 61 20 6e 6f 64 65 20 61 73	.in.milliseconds,.that.a.node.as
e71a0	73 75 6d 65 73 20 61 20 6e 65 69 67 68 62 6f 72 20 69 73 20 72 65 61 63 68 61 62 6c 65 20 61 66	sumes.a.neighbor.is.reachable.af
e71c0	74 65 72 20 68 61 76 69 6e 67 20 72 65 63 65 69 76 65 64 20 61 20 72 65 61 63 68 61 62 69 6c 69	ter.having.received.a.reachabili
e71e0	74 79 20 63 6f 6e 66 69 72 6d 61 74 69 6f 6e 00 54 69 6d 65 6f 75 74 20 69 6e 20 73 65 63 6f 6e	ty.confirmation.Timeout.in.secon
e7200	64 73 20 62 65 74 77 65 65 6e 20 68 65 61 6c 74 68 20 74 61 72 67 65 74 20 63 68 65 63 6b 73 2e	ds.between.health.target.checks.
e7220	00 54 69 6d 65 6f 75 74 20 74 6f 20 77 61 69 74 20 72 65 70 6c 79 20 66 6f 72 20 49 6e 74 65 72	.Timeout.to.wait.reply.for.Inter
e7240	69 6d 2d 55 70 64 61 74 65 20 70 61 63 6b 65 74 73 2e 20 28 64 65 66 61 75 6c 74 20 33 20 73 65	im-Update.packets..(default.3.se
e7260	63 6f 6e 64 73 29 00 54 69 6d 65 6f 75 74 20 74 6f 20 77 61 69 74 20 72 65 73 70 6f 6e 73 65 20	conds).Timeout.to.wait.response.
e7280	66 72 6f 6d 20 73 65 72 76 65 72 20 28 73 65 63 6f 6e 64 73 29 00 54 69 6d 65 72 73 00 54 6f 20	from.server.(seconds).Timers.To.
e72a0	61 63 74 69 76 61 74 65 20 74 68 65 20 56 4c 41 4e 20 61 77 61 72 65 20 62 72 69 64 67 65 2c 20	activate.the.VLAN.aware.bridge,.
e72c0	79 6f 75 20 6d 75 73 74 20 61 63 74 69 76 61 74 65 20 74 68 69 73 20 73 65 74 74 69 6e 67 20 74	you.must.activate.this.setting.t
e72e0	6f 20 75 73 65 20 56 4c 41 4e 20 73 65 74 74 69 6e 67 73 20 66 6f 72 20 74 68 65 20 62 72 69 64	o.use.VLAN.settings.for.the.brid
e7300	67 65 00 54 6f 20 61 6c 6c 6f 77 20 56 50 4e 2d 63 6c 69 65 6e 74 73 20 61 63 63 65 73 73 20 76	ge.To.allow.VPN-clients.access.v
e7320	69 61 20 79 6f 75 72 20 65 78 74 65 72 6e 61 6c 20 61 64 64 72 65 73 73 2c 20 61 20 4e 41 54 20	ia.your.external.address,.a.NAT.
e7340	72 75 6c 65 20 69 73 20 72 65 71 75 69 72 65 64 3a 00 54 6f 20 61 6c 6c 6f 77 20 74 72 61 66 66	rule.is.required:.To.allow.traff
e7360	69 63 20 74 6f 20 70 61 73 73 20 74 68 72 6f 75 67 68 20 74 6f 20 63 6c 69 65 6e 74 73 2c 20 79	ic.to.pass.through.to.clients,.y
e7380	6f 75 20 6e 65 65 64 20 74 6f 20 61 64 64 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 72 75 6c	ou.need.to.add.the.following.rul
e73a0	65 73 2e 20 28 69 66 20 79 6f 75 20 75 73 65 64 20 74 68 65 20 64 65 66 61 75 6c 74 20 63 6f 6e	es..(if.you.used.the.default.con
e73c0	66 69 67 75 72 61 74 69 6f 6e 20 61 74 20 74 68 65 20 74 6f 70 20 6f 66 20 74 68 69 73 20 70 61	figuration.at.the.top.of.this.pa
e73e0	67 65 29 00 54 6f 20 61 70 70 6c 79 20 74 68 69 73 20 70 6f 6c 69 63 79 20 74 6f 20 74 68 65 20	ge).To.apply.this.policy.to.the.
e7400	63 6f 72 72 65 63 74 20 69 6e 74 65 72 66 61 63 65 2c 20 63 6f 6e 66 69 67 75 72 65 20 69 74 20	correct.interface,.configure.it.
e7420	6f 6e 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 74 68 65 20 69 6e 62 6f 75 6e 64 20 6c 6f 63	on.the.interface.the.inbound.loc
e7440	61 6c 20 68 6f 73 74 20 77 69 6c 6c 20 73 65 6e 64 20 74 68 72 6f 75 67 68 20 74 6f 20 72 65 61	al.host.will.send.through.to.rea
e7460	63 68 20 6f 75 72 20 64 65 73 74 69 6e 65 64 20 74 61 72 67 65 74 20 68 6f 73 74 20 28 69 6e 20	ch.our.destined.target.host.(in.
e7480	6f 75 72 20 65 78 61 6d 70 6c 65 20 65 74 68 31 29 2e 00 54 6f 20 61 75 74 6f 20 75 70 64 61 74	our.example.eth1)..To.auto.updat
e74a0	65 20 74 68 65 20 62 6c 61 63 6b 6c 69 73 74 20 66 69 6c 65 73 00 54 6f 20 61 75 74 6f 6d 61 74	e.the.blacklist.files.To.automat
e74c0	69 63 61 6c 6c 79 20 61 73 73 69 67 6e 20 74 68 65 20 63 6c 69 65 6e 74 20 61 6e 20 49 50 20 61	ically.assign.the.client.an.IP.a
e74e0	64 64 72 65 73 73 20 61 73 20 74 75 6e 6e 65 6c 20 65 6e 64 70 6f 69 6e 74 2c 20 61 20 63 6c 69	ddress.as.tunnel.endpoint,.a.cli
e7500	65 6e 74 20 49 50 20 70 6f 6f 6c 20 69 73 20 6e 65 65 64 65 64 2e 20 54 68 65 20 73 6f 75 72 63	ent.IP.pool.is.needed..The.sourc
e7520	65 20 63 61 6e 20 62 65 20 65 69 74 68 65 72 20 52 41 44 49 55 53 20 6f 72 20 61 20 6c 6f 63 61	e.can.be.either.RADIUS.or.a.loca
e7540	6c 20 73 75 62 6e 65 74 20 6f 72 20 49 50 20 72 61 6e 67 65 20 64 65 66 69 6e 69 74 69 6f 6e 2e	l.subnet.or.IP.range.definition.
e7560	00 54 6f 20 62 65 20 75 73 65 64 20 6f 6e 6c 79 20 77 68 65 6e 20 60 60 61 63 74 69 6f 6e 60 60	.To.be.used.only.when.``action``
e7580	20 69 73 20 73 65 74 20 74 6f 20 60 60 6a 75 6d 70 60 60 2e 20 55 73 65 20 74 68 69 73 20 63 6f	.is.set.to.``jump``..Use.this.co
e75a0	6d 6d 61 6e 64 20 74 6f 20 73 70 65 63 69 66 79 20 6a 75 6d 70 20 74 61 72 67 65 74 2e 00 54 6f	mmand.to.specify.jump.target..To
e75c0	20 62 65 20 75 73 65 64 20 6f 6e 6c 79 20 77 68 65 6e 20 60 60 64 65 66 75 6c 74 2d 61 63 74 69	.be.used.only.when.``defult-acti
e75e0	6f 6e 60 60 20 69 73 20 73 65 74 20 74 6f 20 60 60 6a 75 6d 70 60 60 2e 20 55 73 65 20 74 68 69	on``.is.set.to.``jump``..Use.thi
e7600	73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 73 70 65 63 69 66 79 20 6a 75 6d 70 20 74 61 72 67 65 74	s.command.to.specify.jump.target
e7620	20 66 6f 72 20 64 65 66 61 75 6c 74 20 72 75 6c 65 2e 00 54 6f 20 62 65 20 75 73 65 64 20 6f 6e	.for.default.rule..To.be.used.on
e7640	6c 79 20 77 68 65 6e 20 61 63 74 69 6f 6e 20 69 73 20 73 65 74 20 74 6f 20 6a 75 6d 70 2e 20 55	ly.when.action.is.set.to.jump..U
e7660	73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 73 70 65 63 69 66 79 20 6a 75 6d 70 20	se.this.command.to.specify.jump.
e7680	74 61 72 67 65 74 2e 00 54 6f 20 62 79 70 61 73 73 20 74 68 65 20 70 72 6f 78 79 20 66 6f 72 20	target..To.bypass.the.proxy.for.
e76a0	65 76 65 72 79 20 72 65 71 75 65 73 74 20 74 68 61 74 20 69 73 20 63 6f 6d 69 6e 67 20 66 72 6f	every.request.that.is.coming.fro
e76c0	6d 20 61 20 73 70 65 63 69 66 69 63 20 73 6f 75 72 63 65 3a 00 54 6f 20 62 79 70 61 73 73 20 74	m.a.specific.source:.To.bypass.t
e76e0	68 65 20 70 72 6f 78 79 20 66 6f 72 20 65 76 65 72 79 20 72 65 71 75 65 73 74 20 74 68 61 74 20	he.proxy.for.every.request.that.
e7700	69 73 20 64 69 72 65 63 74 65 64 20 74 6f 20 61 20 73 70 65 63 69 66 69 63 20 64 65 73 74 69 6e	is.directed.to.a.specific.destin
e7720	61 74 69 6f 6e 3a 00 54 6f 20 63 6f 6e 66 69 67 75 72 65 20 49 50 76 36 20 61 73 73 69 67 6e 6d	ation:.To.configure.IPv6.assignm
e7740	65 6e 74 73 20 66 6f 72 20 63 6c 69 65 6e 74 73 2c 20 74 77 6f 20 6f 70 74 69 6f 6e 73 20 6e 65	ents.for.clients,.two.options.ne
e7760	65 64 20 74 6f 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 2e 20 41 20 67 6c 6f 62 61 6c 20 70 72	ed.to.be.configured..A.global.pr
e7780	65 66 69 78 20 77 68 69 63 68 20 69 73 20 74 65 72 6d 69 6e 61 74 65 64 20 6f 6e 20 74 68 65 20	efix.which.is.terminated.on.the.
e77a0	63 6c 69 65 6e 74 73 20 63 70 65 20 61 6e 64 20 61 20 64 65 6c 65 67 61 74 65 64 20 70 72 65 66	clients.cpe.and.a.delegated.pref
e77c0	69 78 2c 20 74 68 65 20 63 6c 69 65 6e 74 20 63 61 6e 20 75 73 65 20 66 6f 72 20 64 65 76 69 63	ix,.the.client.can.use.for.devic
e77e0	65 73 20 72 6f 75 74 65 64 20 76 69 61 20 74 68 65 20 63 6c 69 65 6e 74 73 20 63 70 65 2e 00 54	es.routed.via.the.clients.cpe..T
e7800	6f 20 63 6f 6e 66 69 67 75 72 65 20 62 6c 6f 63 6b 69 6e 67 20 61 64 64 20 74 68 65 20 66 6f 6c	o.configure.blocking.add.the.fol
e7820	6c 6f 77 69 6e 67 20 74 6f 20 74 68 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 00 54 6f 20 63	lowing.to.the.configuration.To.c
e7840	6f 6e 66 69 67 75 72 65 20 73 69 74 65 2d 74 6f 2d 73 69 74 65 20 63 6f 6e 6e 65 63 74 69 6f 6e	onfigure.site-to-site.connection
e7860	20 79 6f 75 20 6e 65 65 64 20 74 6f 20 61 64 64 20 70 65 65 72 73 20 77 69 74 68 20 74 68 65 20	.you.need.to.add.peers.with.the.
e7880	60 60 73 65 74 20 76 70 6e 20 69 70 73 65 63 20 73 69 74 65 2d 74 6f 2d 73 69 74 65 20 70 65 65	``set.vpn.ipsec.site-to-site.pee
e78a0	72 20 3c 6e 61 6d 65 3e 60 60 20 63 6f 6d 6d 61 6e 64 2e 00 54 6f 20 63 6f 6e 66 69 67 75 72 65	r.<name>``.command..To.configure
e78c0	20 73 79 73 6c 6f 67 2c 20 79 6f 75 20 6e 65 65 64 20 74 6f 20 73 77 69 74 63 68 20 69 6e 74 6f	.syslog,.you.need.to.switch.into
e78e0	20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6d 6f 64 65 2e 00 54 6f 20 63 6f 6e 66 69 67 75 72	.configuration.mode..To.configur
e7900	65 20 79 6f 75 72 20 4c 43 44 20 64 69 73 70 6c 61 79 20 79 6f 75 20 6d 75 73 74 20 66 69 72 73	e.your.LCD.display.you.must.firs
e7920	74 20 69 64 65 6e 74 69 66 79 20 74 68 65 20 75 73 65 64 20 68 61 72 64 77 61 72 65 2c 20 61 6e	t.identify.the.used.hardware,.an
e7940	64 20 63 6f 6e 6e 65 63 74 69 76 69 74 79 20 6f 66 20 74 68 65 20 64 69 73 70 6c 61 79 20 74 6f	d.connectivity.of.the.display.to
e7960	20 79 6f 75 72 20 73 79 73 74 65 6d 2e 20 54 68 69 73 20 63 61 6e 20 62 65 20 61 6e 79 20 73 65	.your.system..This.can.be.any.se
e7980	72 69 61 6c 20 70 6f 72 74 20 28 60 74 74 79 53 78 78 60 29 20 6f 72 20 73 65 72 69 61 6c 20 76	rial.port.(`ttySxx`).or.serial.v
e79a0	69 61 20 55 53 42 20 6f 72 20 65 76 65 6e 20 6f 6c 64 20 70 61 72 61 6c 6c 65 6c 20 70 6f 72 74	ia.USB.or.even.old.parallel.port
e79c0	20 69 6e 74 65 72 66 61 63 65 73 2e 00 54 6f 20 63 72 65 61 74 65 20 56 4c 41 4e 73 20 70 65 72	.interfaces..To.create.VLANs.per
e79e0	20 75 73 65 72 20 64 75 72 69 6e 67 20 72 75 6e 74 69 6d 65 2c 20 74 68 65 20 66 6f 6c 6c 6f 77	.user.during.runtime,.the.follow
e7a00	69 6e 67 20 73 65 74 74 69 6e 67 73 20 61 72 65 20 72 65 71 75 69 72 65 64 20 6f 6e 20 61 20 70	ing.settings.are.required.on.a.p
e7a20	65 72 20 69 6e 74 65 72 66 61 63 65 20 62 61 73 69 73 2e 20 56 4c 41 4e 20 49 44 20 61 6e 64 20	er.interface.basis..VLAN.ID.and.
e7a40	56 4c 41 4e 20 72 61 6e 67 65 20 63 61 6e 20 62 65 20 70 72 65 73 65 6e 74 20 69 6e 20 74 68 65	VLAN.range.can.be.present.in.the
e7a60	20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 74 20 74 68 65 20 73 61 6d 65 20 74 69 6d 65 2e	.configuration.at.the.same.time.
e7a80	00 54 6f 20 63 72 65 61 74 65 20 61 20 6e 65 77 20 6c 69 6e 65 20 69 6e 20 79 6f 75 72 20 6c 6f	.To.create.a.new.line.in.your.lo
e7aa0	67 69 6e 20 6d 65 73 73 61 67 65 20 79 6f 75 20 6e 65 65 64 20 74 6f 20 65 73 63 61 70 65 20 74	gin.message.you.need.to.escape.t
e7ac0	68 65 20 6e 65 77 20 6c 69 6e 65 20 63 68 61 72 61 63 74 65 72 20 62 79 20 75 73 69 6e 67 20 60	he.new.line.character.by.using.`
e7ae0	60 5c 5c 6e 60 60 2e 00 54 6f 20 63 72 65 61 74 65 20 6d 6f 72 65 20 74 68 61 6e 20 6f 6e 65 20	`\\n``..To.create.more.than.one.
e7b00	74 75 6e 6e 65 6c 2c 20 75 73 65 20 64 69 73 74 69 6e 63 74 20 55 44 50 20 70 6f 72 74 73 2e 00	tunnel,.use.distinct.UDP.ports..
e7b20	54 6f 20 63 72 65 61 74 65 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 20 31 30 30 20 61 6e 64 20	To.create.routing.table.100.and.
e7b40	61 64 64 20 61 20 6e 65 77 20 64 65 66 61 75 6c 74 20 67 61 74 65 77 61 79 20 74 6f 20 62 65 20	add.a.new.default.gateway.to.be.
e7b60	75 73 65 64 20 62 79 20 74 72 61 66 66 69 63 20 6d 61 74 63 68 69 6e 67 20 6f 75 72 20 72 6f 75	used.by.traffic.matching.our.rou
e7b80	74 65 20 70 6f 6c 69 63 79 3a 00 54 6f 20 64 65 66 69 6e 65 20 61 20 7a 6f 6e 65 20 73 65 74 75	te.policy:.To.define.a.zone.setu
e7ba0	70 20 65 69 74 68 65 72 20 6f 6e 65 20 77 69 74 68 20 69 6e 74 65 72 66 61 63 65 73 20 6f 72 20	p.either.one.with.interfaces.or.
e7bc0	61 20 6c 6f 63 61 6c 20 7a 6f 6e 65 2e 00 54 6f 20 64 69 73 61 62 6c 65 20 61 64 76 65 72 74 69	a.local.zone..To.disable.adverti
e7be0	73 65 6d 65 6e 74 73 20 77 69 74 68 6f 75 74 20 64 65 6c 65 74 69 6e 67 20 74 68 65 20 63 6f 6e	sements.without.deleting.the.con
e7c00	66 69 67 75 72 61 74 69 6f 6e 3a 00 54 6f 20 64 69 73 70 6c 61 79 20 74 68 65 20 63 6f 6e 66 69	figuration:.To.display.the.confi
e7c20	67 75 72 65 64 20 4f 54 50 20 75 73 65 72 20 6b 65 79 2c 20 75 73 65 20 74 68 65 20 63 6f 6d 6d	gured.OTP.user.key,.use.the.comm
e7c40	61 6e 64 3a 00 54 6f 20 64 69 73 70 6c 61 79 20 74 68 65 20 63 6f 6e 66 69 67 75 72 65 64 20 4f	and:.To.display.the.configured.O
e7c60	54 50 20 75 73 65 72 20 73 65 74 74 69 6e 67 73 2c 20 75 73 65 20 74 68 65 20 63 6f 6d 6d 61 6e	TP.user.settings,.use.the.comman
e7c80	64 3a 00 54 6f 20 65 6e 61 62 6c 65 20 4d 4c 44 20 72 65 70 6f 72 74 73 20 61 6e 64 20 71 75 65	d:.To.enable.MLD.reports.and.que
e7ca0	72 79 20 6f 6e 20 69 6e 74 65 72 66 61 63 65 73 20 60 65 74 68 30 60 20 61 6e 64 20 60 65 74 68	ry.on.interfaces.`eth0`.and.`eth
e7cc0	31 60 3a 00 54 6f 20 65 6e 61 62 6c 65 20 52 41 44 49 55 53 20 62 61 73 65 64 20 61 75 74 68 65	1`:.To.enable.RADIUS.based.authe
e7ce0	6e 74 69 63 61 74 69 6f 6e 2c 20 74 68 65 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 6d 6f	ntication,.the.authentication.mo
e7d00	64 65 20 6e 65 65 64 73 20 74 6f 20 62 65 20 63 68 61 6e 67 65 64 20 77 69 74 68 69 6e 20 74 68	de.needs.to.be.changed.within.th
e7d20	65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2e 20 50 72 65 76 69 6f 75 73 20 73 65 74 74 69 6e	e.configuration..Previous.settin
e7d40	67 73 20 6c 69 6b 65 20 74 68 65 20 6c 6f 63 61 6c 20 75 73 65 72 73 2c 20 73 74 69 6c 6c 20 65	gs.like.the.local.users,.still.e
e7d60	78 69 73 74 73 20 77 69 74 68 69 6e 20 74 68 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2c 20	xists.within.the.configuration,.
e7d80	68 6f 77 65 76 65 72 20 74 68 65 79 20 61 72 65 20 6e 6f 74 20 75 73 65 64 20 69 66 20 74 68 65	however.they.are.not.used.if.the
e7da0	20 6d 6f 64 65 20 68 61 73 20 62 65 65 6e 20 63 68 61 6e 67 65 64 20 66 72 6f 6d 20 6c 6f 63 61	.mode.has.been.changed.from.loca
e7dc0	6c 20 74 6f 20 72 61 64 69 75 73 2e 20 4f 6e 63 65 20 63 68 61 6e 67 65 64 20 62 61 63 6b 20 74	l.to.radius..Once.changed.back.t
e7de0	6f 20 6c 6f 63 61 6c 2c 20 69 74 20 77 69 6c 6c 20 75 73 65 20 61 6c 6c 20 6c 6f 63 61 6c 20 61	o.local,.it.will.use.all.local.a
e7e00	63 63 6f 75 6e 74 73 20 61 67 61 69 6e 2e 00 54 6f 20 65 6e 61 62 6c 65 20 62 61 6e 64 77 69 64	ccounts.again..To.enable.bandwid
e7e20	74 68 20 73 68 61 70 69 6e 67 20 76 69 61 20 52 41 44 49 55 53 2c 20 74 68 65 20 6f 70 74 69 6f	th.shaping.via.RADIUS,.the.optio
e7e40	6e 20 72 61 74 65 2d 6c 69 6d 69 74 20 6e 65 65 64 73 20 74 6f 20 62 65 20 65 6e 61 62 6c 65 64	n.rate-limit.needs.to.be.enabled
e7e60	2e 00 54 6f 20 65 6e 61 62 6c 65 20 64 65 62 75 67 20 6d 65 73 73 61 67 65 73 2e 20 41 76 61 69	..To.enable.debug.messages..Avai
e7e80	6c 61 62 6c 65 20 76 69 61 20 3a 6f 70 63 6d 64 3a 60 73 68 6f 77 20 6c 6f 67 60 20 6f 72 20 3a	lable.via.:opcmd:`show.log`.or.:
e7ea0	6f 70 63 6d 64 3a 60 6d 6f 6e 69 74 6f 72 20 6c 6f 67 60 00 54 6f 20 65 6e 61 62 6c 65 20 6d 44	opcmd:`monitor.log`.To.enable.mD
e7ec0	4e 53 20 72 65 70 65 61 74 65 72 20 79 6f 75 20 6e 65 65 64 20 74 6f 20 63 6f 6e 66 69 67 75 72	NS.repeater.you.need.to.configur
e7ee0	65 20 61 74 20 6c 65 61 73 74 20 74 77 6f 20 69 6e 74 65 72 66 61 63 65 73 2e 20 54 6f 20 72 65	e.at.least.two.interfaces..To.re
e7f00	2d 62 72 6f 61 64 63 61 73 74 20 61 6c 6c 20 69 6e 63 6f 6d 69 6e 67 20 6d 44 4e 53 20 70 61 63	-broadcast.all.incoming.mDNS.pac
e7f20	6b 65 74 73 20 66 72 6f 6d 20 61 6e 79 20 69 6e 74 65 72 66 61 63 65 20 63 6f 6e 66 69 67 75 72	kets.from.any.interface.configur
e7f40	65 64 20 68 65 72 65 20 74 6f 20 61 6e 79 20 6f 74 68 65 72 20 69 6e 74 65 72 66 61 63 65 20 63	ed.here.to.any.other.interface.c
e7f60	6f 6e 66 69 67 75 72 65 64 20 75 6e 64 65 72 20 74 68 69 73 20 73 65 63 74 69 6f 6e 2e 00 54 6f	onfigured.under.this.section..To
e7f80	20 65 6e 61 62 6c 65 2f 64 69 73 61 62 6c 65 20 68 65 6c 70 65 72 20 73 75 70 70 6f 72 74 20 66	.enable/disable.helper.support.f
e7fa0	6f 72 20 61 20 73 70 65 63 69 66 69 63 20 6e 65 69 67 68 62 6f 75 72 2c 20 74 68 65 20 72 6f 75	or.a.specific.neighbour,.the.rou
e7fc0	74 65 72 2d 69 64 20 28 41 2e 42 2e 43 2e 44 29 20 68 61 73 20 74 6f 20 62 65 20 73 70 65 63 69	ter-id.(A.B.C.D).has.to.be.speci
e7fe0	66 69 65 64 2e 00 54 6f 20 65 78 63 6c 75 64 65 20 74 72 61 66 66 69 63 20 66 72 6f 6d 20 6c 6f	fied..To.exclude.traffic.from.lo
e8000	61 64 20 62 61 6c 61 6e 63 69 6e 67 2c 20 74 72 61 66 66 69 63 20 6d 61 74 63 68 69 6e 67 20 61	ad.balancing,.traffic.matching.a
e8020	6e 20 65 78 63 6c 75 64 65 20 72 75 6c 65 20 69 73 20 6e 6f 74 20 62 61 6c 61 6e 63 65 64 20 62	n.exclude.rule.is.not.balanced.b
e8040	75 74 20 72 6f 75 74 65 64 20 74 68 72 6f 75 67 68 20 74 68 65 20 73 79 73 74 65 6d 20 72 6f 75	ut.routed.through.the.system.rou
e8060	74 69 6e 67 20 74 61 62 6c 65 20 69 6e 73 74 65 61 64 3a 00 54 6f 20 65 78 74 65 6e 64 20 53 4e	ting.table.instead:.To.extend.SN
e8080	4d 50 20 61 67 65 6e 74 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79 2c 20 63 75 73 74 6f 6d 20 73	MP.agent.functionality,.custom.s
e80a0	63 72 69 70 74 73 20 63 61 6e 20 62 65 20 65 78 65 63 75 74 65 64 20 65 76 65 72 79 20 74 69 6d	cripts.can.be.executed.every.tim
e80c0	65 20 74 68 65 20 61 67 65 6e 74 20 69 73 20 62 65 69 6e 67 20 63 61 6c 6c 65 64 2e 20 54 68 69	e.the.agent.is.being.called..Thi
e80e0	73 20 63 61 6e 20 62 65 20 61 63 68 69 65 76 65 64 20 62 79 20 75 73 69 6e 67 20 60 60 61 72 62	s.can.be.achieved.by.using.``arb
e8100	69 74 72 61 72 79 20 65 78 74 65 6e 73 69 6f 6e 63 6f 6d 6d 61 6e 64 73 60 60 2e 20 54 68 65 20	itrary.extensioncommands``..The.
e8120	66 69 72 73 74 20 73 74 65 70 20 69 73 20 74 6f 20 63 72 65 61 74 65 20 61 20 66 75 6e 63 74 69	first.step.is.to.create.a.functi
e8140	6f 6e 61 6c 20 73 63 72 69 70 74 20 6f 66 20 63 6f 75 72 73 65 2c 20 74 68 65 6e 20 75 70 6c 6f	onal.script.of.course,.then.uplo
e8160	61 64 20 69 74 20 74 6f 20 79 6f 75 72 20 56 79 4f 53 20 69 6e 73 74 61 6e 63 65 20 76 69 61 20	ad.it.to.your.VyOS.instance.via.
e8180	74 68 65 20 63 6f 6d 6d 61 6e 64 20 60 60 73 63 70 20 79 6f 75 72 5f 73 63 72 69 70 74 2e 73 68	the.command.``scp.your_script.sh
e81a0	20 76 79 6f 73 40 79 6f 75 72 5f 72 6f 75 74 65 72 3a 2f 63 6f 6e 66 69 67 2f 75 73 65 72 2d 64	.vyos@your_router:/config/user-d
e81c0	61 74 61 60 60 2e 20 4f 6e 63 65 20 74 68 65 20 73 63 72 69 70 74 20 69 73 20 75 70 6c 6f 61 64	ata``..Once.the.script.is.upload
e81e0	65 64 2c 20 69 74 20 6e 65 65 64 73 20 74 6f 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 76 69	ed,.it.needs.to.be.configured.vi
e8200	61 20 74 68 65 20 63 6f 6d 6d 61 6e 64 20 62 65 6c 6f 77 2e 00 54 6f 20 66 6f 72 77 61 72 64 20	a.the.command.below..To.forward.
e8220	61 6c 6c 20 62 72 6f 61 64 63 61 73 74 20 70 61 63 6b 65 74 73 20 72 65 63 65 69 76 65 64 20 6f	all.broadcast.packets.received.o
e8240	6e 20 60 55 44 50 20 70 6f 72 74 20 31 39 30 30 60 20 6f 6e 20 60 65 74 68 33 60 2c 20 60 65 74	n.`UDP.port.1900`.on.`eth3`,.`et
e8260	68 34 60 20 6f 72 20 60 65 74 68 35 60 20 74 6f 20 61 6c 6c 20 6f 74 68 65 72 20 69 6e 74 65 72	h4`.or.`eth5`.to.all.other.inter
e8280	66 61 63 65 73 20 69 6e 20 74 68 69 73 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2e 00 54 6f 20	faces.in.this.configuration..To.
e82a0	67 65 6e 65 72 61 74 65 20 74 68 65 20 43 41 2c 20 74 68 65 20 73 65 72 76 65 72 20 70 72 69 76	generate.the.CA,.the.server.priv
e82c0	61 74 65 20 6b 65 79 20 61 6e 64 20 63 65 72 74 69 66 69 63 61 74 65 73 20 74 68 65 20 66 6f 6c	ate.key.and.certificates.the.fol
e82e0	6c 6f 77 69 6e 67 20 63 6f 6d 6d 61 6e 64 73 20 63 61 6e 20 62 65 20 75 73 65 64 2e 00 54 6f 20	lowing.commands.can.be.used..To.
e8300	67 65 74 20 69 74 20 74 6f 20 77 6f 72 6b 20 61 73 20 61 6e 20 61 63 63 65 73 73 20 70 6f 69 6e	get.it.to.work.as.an.access.poin
e8320	74 20 77 69 74 68 20 74 68 69 73 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 79 6f 75 20 77 69	t.with.this.configuration.you.wi
e8340	6c 6c 20 6e 65 65 64 20 74 6f 20 73 65 74 20 75 70 20 61 20 44 48 43 50 20 73 65 72 76 65 72 20	ll.need.to.set.up.a.DHCP.server.
e8360	74 6f 20 77 6f 72 6b 20 77 69 74 68 20 74 68 61 74 20 6e 65 74 77 6f 72 6b 2e 20 59 6f 75 20 63	to.work.with.that.network..You.c
e8380	61 6e 20 2d 20 6f 66 20 63 6f 75 72 73 65 20 2d 20 61 6c 73 6f 20 62 72 69 64 67 65 20 74 68 65	an.-.of.course.-.also.bridge.the
e83a0	20 57 69 72 65 6c 65 73 73 20 69 6e 74 65 72 66 61 63 65 20 77 69 74 68 20 61 6e 79 20 63 6f 6e	.Wireless.interface.with.any.con
e83c0	66 69 67 75 72 65 64 20 62 72 69 64 67 65 20 28 3a 72 65 66 3a 60 62 72 69 64 67 65 2d 69 6e 74	figured.bridge.(:ref:`bridge-int
e83e0	65 72 66 61 63 65 60 29 20 6f 6e 20 74 68 65 20 73 79 73 74 65 6d 2e 00 54 6f 20 68 61 6e 64 20	erface`).on.the.system..To.hand.
e8400	6f 75 74 20 69 6e 64 69 76 69 64 75 61 6c 20 70 72 65 66 69 78 65 73 20 74 6f 20 79 6f 75 72 20	out.individual.prefixes.to.your.
e8420	63 6c 69 65 6e 74 73 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 63 6f 6e 66 69 67 75 72 61 74	clients.the.following.configurat
e8440	69 6f 6e 20 69 73 20 75 73 65 64 3a 00 54 6f 20 6b 6e 6f 77 20 6d 6f 72 65 20 61 62 6f 75 74 20	ion.is.used:.To.know.more.about.
e8460	73 63 72 69 70 74 69 6e 67 2c 20 63 68 65 63 6b 20 74 68 65 20 3a 72 65 66 3a 60 63 6f 6d 6d 61	scripting,.check.the.:ref:`comma
e8480	6e 64 2d 73 63 72 69 70 74 69 6e 67 60 20 73 65 63 74 69 6f 6e 2e 00 54 6f 20 6c 69 73 74 65 6e	nd-scripting`.section..To.listen
e84a0	20 6f 6e 20 62 6f 74 68 20 60 65 74 68 30 60 20 61 6e 64 20 60 65 74 68 31 60 20 6d 44 4e 53 20	.on.both.`eth0`.and.`eth1`.mDNS.
e84c0	70 61 63 6b 65 74 73 20 61 6e 64 20 61 6c 73 6f 20 72 65 70 65 61 74 20 70 61 63 6b 65 74 73 20	packets.and.also.repeat.packets.
e84e0	72 65 63 65 69 76 65 64 20 6f 6e 20 60 65 74 68 30 60 20 74 6f 20 60 65 74 68 31 60 20 28 61 6e	received.on.`eth0`.to.`eth1`.(an
e8500	64 20 76 69 63 65 2d 76 65 72 73 61 29 20 75 73 65 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20	d.vice-versa).use.the.following.
e8520	63 6f 6d 6d 61 6e 64 73 3a 00 54 6f 20 6d 61 6e 69 70 75 6c 61 74 65 20 6f 72 20 64 69 73 70 6c	commands:.To.manipulate.or.displ
e8540	61 79 20 41 52 50 5f 20 74 61 62 6c 65 20 65 6e 74 72 69 65 73 2c 20 74 68 65 20 66 6f 6c 6c 6f	ay.ARP_.table.entries,.the.follo
e8560	77 69 6e 67 20 63 6f 6d 6d 61 6e 64 73 20 61 72 65 20 69 6d 70 6c 65 6d 65 6e 74 65 64 2e 00 54	wing.commands.are.implemented..T
e8580	6f 20 70 65 72 66 6f 72 6d 20 61 20 67 72 61 63 65 66 75 6c 20 73 68 75 74 64 6f 77 6e 2c 20 74	o.perform.a.graceful.shutdown,.t
e85a0	68 65 20 46 52 52 20 60 60 67 72 61 63 65 66 75 6c 2d 72 65 73 74 61 72 74 20 70 72 65 70 61 72	he.FRR.``graceful-restart.prepar
e85c0	65 20 69 70 20 6f 73 70 66 60 60 20 45 58 45 43 2d 6c 65 76 65 6c 20 63 6f 6d 6d 61 6e 64 20 6e	e.ip.ospf``.EXEC-level.command.n
e85e0	65 65 64 73 20 74 6f 20 62 65 20 69 73 73 75 65 64 20 62 65 66 6f 72 65 20 72 65 73 74 61 72 74	eeds.to.be.issued.before.restart
e8600	69 6e 67 20 74 68 65 20 6f 73 70 66 64 20 64 61 65 6d 6f 6e 2e 00 54 6f 20 72 65 71 75 65 73 74	ing.the.ospfd.daemon..To.request
e8620	20 61 20 2f 35 36 20 70 72 65 66 69 78 20 66 72 6f 6d 20 79 6f 75 72 20 49 53 50 20 75 73 65 3a	.a./56.prefix.from.your.ISP.use:
e8640	00 54 6f 20 72 65 73 74 61 72 74 20 74 68 65 20 44 48 43 50 76 36 20 73 65 72 76 65 72 00 54 6f	.To.restart.the.DHCPv6.server.To
e8660	20 73 65 74 75 70 20 53 4e 41 54 2c 20 77 65 20 6e 65 65 64 20 74 6f 20 6b 6e 6f 77 3a 00 54 6f	.setup.SNAT,.we.need.to.know:.To
e8680	20 73 65 74 75 70 20 61 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 4e 41 54 20 72 75 6c 65 20 77 65	.setup.a.destination.NAT.rule.we
e86a0	20 6e 65 65 64 20 74 6f 20 67 61 74 68 65 72 3a 00 54 6f 20 75 70 64 61 74 65 20 74 68 65 20 66	.need.to.gather:.To.update.the.f
e86c0	69 72 6d 77 61 72 65 2c 20 56 79 4f 53 20 61 6c 73 6f 20 73 68 69 70 73 20 74 68 65 20 60 71 6d	irmware,.VyOS.also.ships.the.`qm
e86e0	69 2d 66 69 72 6d 77 61 72 65 2d 75 70 64 61 74 65 60 20 62 69 6e 61 72 79 2e 20 54 6f 20 75 70	i-firmware-update`.binary..To.up
e8700	67 72 61 64 65 20 74 68 65 20 66 69 72 6d 77 61 72 65 20 6f 66 20 61 6e 20 65 2e 67 2e 20 53 69	grade.the.firmware.of.an.e.g..Si
e8720	65 72 72 61 20 57 69 72 65 6c 65 73 73 20 4d 43 37 37 31 30 20 6d 6f 64 75 6c 65 20 74 6f 20 74	erra.Wireless.MC7710.module.to.t
e8740	68 65 20 66 69 72 6d 77 61 72 65 20 70 72 6f 76 69 64 65 64 20 69 6e 20 74 68 65 20 66 69 6c 65	he.firmware.provided.in.the.file
e8760	20 60 60 39 39 39 39 39 39 39 5f 39 39 39 39 39 39 39 5f 39 32 30 30 5f 30 33 2e 30 35 2e 31 34	.``9999999_9999999_9200_03.05.14
e8780	2e 30 30 5f 30 30 5f 67 65 6e 65 72 69 63 5f 30 30 30 2e 30 30 30 5f 30 30 31 5f 53 50 4b 47 5f	.00_00_generic_000.000_001_SPKG_
e87a0	4d 43 2e 63 77 65 60 60 20 75 73 65 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 63 6f 6d 6d 61	MC.cwe``.use.the.following.comma
e87c0	6e 64 3a 00 54 6f 20 75 73 65 20 61 20 52 41 44 49 55 53 20 73 65 72 76 65 72 20 66 6f 72 20 61	nd:.To.use.a.RADIUS.server.for.a
e87e0	75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 61 6e 64 20 62 61 6e 64 77 69 64 74 68 2d 73 68 61 70	uthentication.and.bandwidth-shap
e8800	69 6e 67 2c 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 65 78 61 6d 70 6c 65 20 63 6f 6e 66 69	ing,.the.following.example.confi
e8820	67 75 72 61 74 69 6f 6e 20 63 61 6e 20 62 65 20 75 73 65 64 2e 00 54 6f 20 75 73 65 20 61 20 72	guration.can.be.used..To.use.a.r
e8840	61 64 69 75 73 20 73 65 72 76 65 72 2c 20 79 6f 75 20 6e 65 65 64 20 74 6f 20 73 77 69 74 63 68	adius.server,.you.need.to.switch
e8860	20 74 6f 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 6d 6f 64 65 20 52 41 44 49 55 53 20 61	.to.authentication.mode.RADIUS.a
e8880	6e 64 20 74 68 65 6e 20 63 6f 6e 66 69 67 75 72 65 20 69 74 2e 00 54 6f 20 75 73 65 20 73 75 63	nd.then.configure.it..To.use.suc
e88a0	68 20 61 20 73 65 72 76 69 63 65 2c 20 6f 6e 65 20 6d 75 73 74 20 64 65 66 69 6e 65 20 61 20 6c	h.a.service,.one.must.define.a.l
e88c0	6f 67 69 6e 2c 20 70 61 73 73 77 6f 72 64 2c 20 6f 6e 65 20 6f 72 20 6d 75 6c 74 69 70 6c 65 20	ogin,.password,.one.or.multiple.
e88e0	68 6f 73 74 6e 61 6d 65 73 2c 20 70 72 6f 74 6f 63 6f 6c 20 61 6e 64 20 73 65 72 76 65 72 2e 00	hostnames,.protocol.and.server..
e8900	54 6f 20 75 73 65 20 74 68 65 20 53 61 6c 74 2d 4d 69 6e 69 6f 6e 2c 20 61 20 72 75 6e 6e 69 6e	To.use.the.Salt-Minion,.a.runnin
e8920	67 20 53 61 6c 74 2d 4d 61 73 74 65 72 20 69 73 20 72 65 71 75 69 72 65 64 2e 20 59 6f 75 20 63	g.Salt-Master.is.required..You.c
e8940	61 6e 20 66 69 6e 64 20 6d 6f 72 65 20 69 6e 20 74 68 65 20 60 53 61 6c 74 20 50 6f 6a 65 63 74	an.find.more.in.the.`Salt.Poject
e8960	20 44 6f 63 75 6d 65 6e 74 61 69 6f 6e 20 3c 68 74 74 70 73 3a 2f 2f 64 6f 63 73 2e 73 61 6c 74	.Documentaion.<https://docs.salt
e8980	70 72 6f 6a 65 63 74 2e 69 6f 2f 65 6e 2f 6c 61 74 65 73 74 2f 63 6f 6e 74 65 6e 74 73 2e 68 74	project.io/en/latest/contents.ht
e89a0	6d 6c 3e 60 5f 00 54 6f 20 75 73 65 20 74 68 69 73 20 66 75 6c 6c 20 63 6f 6e 66 69 67 75 72 61	ml>`_.To.use.this.full.configura
e89c0	74 69 6f 6e 20 77 65 20 61 73 75 6d 65 20 61 20 70 75 62 6c 69 63 20 61 63 63 65 73 73 69 62 6c	tion.we.asume.a.public.accessibl
e89e0	65 20 68 6f 73 74 6e 61 6d 65 2e 00 54 6f 70 6f 6c 6f 67 79 3a 00 54 6f 70 6f 6c 6f 67 79 3a 20	e.hostname..Topology:.Topology:.
e8a00	50 43 34 20 2d 20 4c 65 61 66 32 20 2d 20 53 70 69 6e 65 31 20 2d 20 4c 65 61 66 33 20 2d 20 50	PC4.-.Leaf2.-.Spine1.-.Leaf3.-.P
e8a20	43 35 00 54 72 61 63 6b 00 54 72 61 63 6b 20 6f 70 74 69 6f 6e 20 74 6f 20 74 72 61 63 6b 20 6e	C5.Track.Track.option.to.track.n
e8a40	6f 6e 20 56 52 52 50 20 69 6e 74 65 72 66 61 63 65 20 73 74 61 74 65 73 2e 20 56 52 52 50 20 63	on.VRRP.interface.states..VRRP.c
e8a60	68 61 6e 67 65 73 20 73 74 61 74 75 73 20 74 6f 20 60 60 46 41 55 4c 54 60 60 20 69 66 20 6f 6e	hanges.status.to.``FAULT``.if.on
e8a80	65 20 6f 66 20 74 68 65 20 74 72 61 63 6b 20 69 6e 74 65 72 66 61 63 65 73 20 69 6e 20 73 74 61	e.of.the.track.interfaces.in.sta
e8aa0	74 65 20 60 60 64 6f 77 6e 60 60 2e 00 54 72 61 64 69 74 69 6f 6e 61 6c 20 42 47 50 20 64 69 64	te.``down``..Traditional.BGP.did
e8ac0	20 6e 6f 74 20 68 61 76 65 20 74 68 65 20 66 65 61 74 75 72 65 20 74 6f 20 64 65 74 65 63 74 20	.not.have.the.feature.to.detect.
e8ae0	61 20 72 65 6d 6f 74 65 20 70 65 65 72 27 73 20 63 61 70 61 62 69 6c 69 74 69 65 73 2c 20 65 2e	a.remote.peer's.capabilities,.e.
e8b00	67 2e 20 77 68 65 74 68 65 72 20 69 74 20 63 61 6e 20 68 61 6e 64 6c 65 20 70 72 65 66 69 78 20	g..whether.it.can.handle.prefix.
e8b20	74 79 70 65 73 20 6f 74 68 65 72 20 74 68 61 6e 20 49 50 76 34 20 75 6e 69 63 61 73 74 20 72 6f	types.other.than.IPv4.unicast.ro
e8b40	75 74 65 73 2e 20 54 68 69 73 20 77 61 73 20 61 20 62 69 67 20 70 72 6f 62 6c 65 6d 20 75 73 69	utes..This.was.a.big.problem.usi
e8b60	6e 67 20 4d 75 6c 74 69 70 72 6f 74 6f 63 6f 6c 20 45 78 74 65 6e 73 69 6f 6e 20 66 6f 72 20 42	ng.Multiprotocol.Extension.for.B
e8b80	47 50 20 69 6e 20 61 6e 20 6f 70 65 72 61 74 69 6f 6e 61 6c 20 6e 65 74 77 6f 72 6b 2e 20 3a 72	GP.in.an.operational.network..:r
e8ba0	66 63 3a 60 32 38 34 32 60 20 61 64 6f 70 74 65 64 20 61 20 66 65 61 74 75 72 65 20 63 61 6c 6c	fc:`2842`.adopted.a.feature.call
e8bc0	65 64 20 43 61 70 61 62 69 6c 69 74 79 20 4e 65 67 6f 74 69 61 74 69 6f 6e 2e 20 2a 62 67 70 64	ed.Capability.Negotiation..*bgpd
e8be0	2a 20 75 73 65 20 74 68 69 73 20 43 61 70 61 62 69 6c 69 74 79 20 4e 65 67 6f 74 69 61 74 69 6f	*.use.this.Capability.Negotiatio
e8c00	6e 20 74 6f 20 64 65 74 65 63 74 20 74 68 65 20 72 65 6d 6f 74 65 20 70 65 65 72 27 73 20 63 61	n.to.detect.the.remote.peer's.ca
e8c20	70 61 62 69 6c 69 74 69 65 73 2e 20 49 66 20 61 20 70 65 65 72 20 69 73 20 6f 6e 6c 79 20 63 6f	pabilities..If.a.peer.is.only.co
e8c40	6e 66 69 67 75 72 65 64 20 61 73 20 61 6e 20 49 50 76 34 20 75 6e 69 63 61 73 74 20 6e 65 69 67	nfigured.as.an.IPv4.unicast.neig
e8c60	68 62 6f 72 2c 20 2a 62 67 70 64 2a 20 64 6f 65 73 20 6e 6f 74 20 73 65 6e 64 20 74 68 65 73 65	hbor,.*bgpd*.does.not.send.these
e8c80	20 43 61 70 61 62 69 6c 69 74 79 20 4e 65 67 6f 74 69 61 74 69 6f 6e 20 70 61 63 6b 65 74 73 20	.Capability.Negotiation.packets.
e8ca0	28 61 74 20 6c 65 61 73 74 20 6e 6f 74 20 75 6e 6c 65 73 73 20 6f 74 68 65 72 20 6f 70 74 69 6f	(at.least.not.unless.other.optio
e8cc0	6e 61 6c 20 42 47 50 20 66 65 61 74 75 72 65 73 20 72 65 71 75 69 72 65 20 63 61 70 61 62 69 6c	nal.BGP.features.require.capabil
e8ce0	69 74 79 20 6e 65 67 6f 74 69 61 74 69 6f 6e 29 2e 00 54 72 61 64 69 74 69 6f 6e 61 6c 6c 79 20	ity.negotiation)..Traditionally.
e8d00	68 61 72 64 77 61 72 65 20 72 6f 75 74 65 72 73 20 69 6d 70 6c 65 6d 65 6e 74 20 49 50 73 65 63	hardware.routers.implement.IPsec
e8d20	20 65 78 63 6c 75 73 69 76 65 6c 79 20 64 75 65 20 74 6f 20 72 65 6c 61 74 69 76 65 20 65 61 73	.exclusively.due.to.relative.eas
e8d40	65 20 6f 66 20 69 6d 70 6c 65 6d 65 6e 74 69 6e 67 20 69 74 20 69 6e 20 68 61 72 64 77 61 72 65	e.of.implementing.it.in.hardware
e8d60	20 61 6e 64 20 69 6e 73 75 66 66 69 63 69 65 6e 74 20 43 50 55 20 70 6f 77 65 72 20 66 6f 72 20	.and.insufficient.CPU.power.for.
e8d80	64 6f 69 6e 67 20 65 6e 63 72 79 70 74 69 6f 6e 20 69 6e 20 73 6f 66 74 77 61 72 65 2e 20 53 69	doing.encryption.in.software..Si
e8da0	6e 63 65 20 56 79 4f 53 20 69 73 20 61 20 73 6f 66 74 77 61 72 65 20 72 6f 75 74 65 72 2c 20 74	nce.VyOS.is.a.software.router,.t
e8dc0	68 69 73 20 69 73 20 6c 65 73 73 20 6f 66 20 61 20 63 6f 6e 63 65 72 6e 2e 20 4f 70 65 6e 56 50	his.is.less.of.a.concern..OpenVP
e8de0	4e 20 68 61 73 20 62 65 65 6e 20 77 69 64 65 6c 79 20 75 73 65 64 20 6f 6e 20 55 4e 49 58 20 70	N.has.been.widely.used.on.UNIX.p
e8e00	6c 61 74 66 6f 72 6d 20 66 6f 72 20 61 20 6c 6f 6e 67 20 74 69 6d 65 20 61 6e 64 20 69 73 20 61	latform.for.a.long.time.and.is.a
e8e20	20 70 6f 70 75 6c 61 72 20 6f 70 74 69 6f 6e 20 66 6f 72 20 72 65 6d 6f 74 65 20 61 63 63 65 73	.popular.option.for.remote.acces
e8e40	73 20 56 50 4e 2c 20 74 68 6f 75 67 68 20 69 74 27 73 20 61 6c 73 6f 20 63 61 70 61 62 6c 65 20	s.VPN,.though.it's.also.capable.
e8e60	6f 66 20 73 69 74 65 2d 74 6f 2d 73 69 74 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 2e 00 54 72 61	of.site-to-site.connections..Tra
e8e80	66 66 69 63 20 46 69 6c 74 65 72 73 00 54 72 61 66 66 69 63 20 46 69 6c 74 65 72 73 20 61 72 65	ffic.Filters.Traffic.Filters.are
e8ea0	20 75 73 65 64 20 74 6f 20 63 6f 6e 74 72 6f 6c 20 77 68 69 63 68 20 70 61 63 6b 65 74 73 20 77	.used.to.control.which.packets.w
e8ec0	69 6c 6c 20 68 61 76 65 20 74 68 65 20 64 65 66 69 6e 65 64 20 4e 41 54 20 72 75 6c 65 73 20 61	ill.have.the.defined.NAT.rules.a
e8ee0	70 70 6c 69 65 64 2e 20 46 69 76 65 20 64 69 66 66 65 72 65 6e 74 20 66 69 6c 74 65 72 73 20 63	pplied..Five.different.filters.c
e8f00	61 6e 20 62 65 20 61 70 70 6c 69 65 64 20 77 69 74 68 69 6e 20 61 20 4e 41 54 20 72 75 6c 65 2e	an.be.applied.within.a.NAT.rule.
e8f20	00 54 72 61 66 66 69 63 20 50 6f 6c 69 63 79 00 54 72 61 66 66 69 63 20 63 61 6e 6e 6f 74 20 66	.Traffic.Policy.Traffic.cannot.f
e8f40	6c 6f 77 20 62 65 74 77 65 65 6e 20 7a 6f 6e 65 20 6d 65 6d 62 65 72 20 69 6e 74 65 72 66 61 63	low.between.zone.member.interfac
e8f60	65 20 61 6e 64 20 61 6e 79 20 69 6e 74 65 72 66 61 63 65 20 74 68 61 74 20 69 73 20 6e 6f 74 20	e.and.any.interface.that.is.not.
e8f80	61 20 7a 6f 6e 65 20 6d 65 6d 62 65 72 2e 00 54 72 61 66 66 69 63 20 66 72 6f 6d 20 6d 75 6c 74	a.zone.member..Traffic.from.mult
e8fa0	69 63 61 73 74 20 73 6f 75 72 63 65 73 20 77 69 6c 6c 20 67 6f 20 74 6f 20 74 68 65 20 52 65 6e	icast.sources.will.go.to.the.Ren
e8fc0	64 65 7a 76 6f 75 73 20 50 6f 69 6e 74 2c 20 61 6e 64 20 72 65 63 65 69 76 65 72 73 20 77 69 6c	dezvous.Point,.and.receivers.wil
e8fe0	6c 20 70 75 6c 6c 20 69 74 20 66 72 6f 6d 20 61 20 73 68 61 72 65 64 20 74 72 65 65 20 75 73 69	l.pull.it.from.a.shared.tree.usi
e9000	6e 67 20 49 47 4d 50 20 28 49 6e 74 65 72 6e 65 74 20 47 72 6f 75 70 20 4d 61 6e 61 67 65 6d 65	ng.IGMP.(Internet.Group.Manageme
e9020	6e 74 20 50 72 6f 74 6f 63 6f 6c 29 2e 00 54 72 61 66 66 69 63 20 66 72 6f 6d 20 6d 75 6c 74 69	nt.Protocol)..Traffic.from.multi
e9040	63 61 73 74 20 73 6f 75 72 63 65 73 20 77 69 6c 6c 20 67 6f 20 74 6f 20 74 68 65 20 52 65 6e 64	cast.sources.will.go.to.the.Rend
e9060	65 7a 76 6f 75 73 20 50 6f 69 6e 74 2c 20 61 6e 64 20 72 65 63 65 69 76 65 72 73 20 77 69 6c 6c	ezvous.Point,.and.receivers.will
e9080	20 70 75 6c 6c 20 69 74 20 66 72 6f 6d 20 61 20 73 68 61 72 65 64 20 74 72 65 65 20 75 73 69 6e	.pull.it.from.a.shared.tree.usin
e90a0	67 20 4d 4c 44 20 28 4d 75 6c 74 69 63 61 73 74 20 4c 69 73 74 65 6e 65 72 20 44 69 73 63 6f 76	g.MLD.(Multicast.Listener.Discov
e90c0	65 72 79 29 2e 00 54 72 61 6e 73 69 74 69 6f 6e 20 73 63 72 69 70 74 73 00 54 72 61 6e 73 69 74	ery)..Transition.scripts.Transit
e90e0	69 6f 6e 20 73 63 72 69 70 74 73 20 63 61 6e 20 68 65 6c 70 20 79 6f 75 20 69 6d 70 6c 65 6d 65	ion.scripts.can.help.you.impleme
e9100	6e 74 20 76 61 72 69 6f 75 73 20 66 69 78 75 70 73 2c 20 73 75 63 68 20 61 73 20 73 74 61 72 74	nt.various.fixups,.such.as.start
e9120	69 6e 67 20 61 6e 64 20 73 74 6f 70 70 69 6e 67 20 73 65 72 76 69 63 65 73 2c 20 6f 72 20 65 76	ing.and.stopping.services,.or.ev
e9140	65 6e 20 6d 6f 64 69 66 79 69 6e 67 20 74 68 65 20 56 79 4f 53 20 63 6f 6e 66 69 67 20 6f 6e 20	en.modifying.the.VyOS.config.on.
e9160	56 52 52 50 20 74 72 61 6e 73 69 74 69 6f 6e 2e 20 54 68 69 73 20 73 65 74 75 70 20 77 69 6c 6c	VRRP.transition..This.setup.will
e9180	20 6d 61 6b 65 20 74 68 65 20 56 52 52 50 20 70 72 6f 63 65 73 73 20 65 78 65 63 75 74 65 20 74	.make.the.VRRP.process.execute.t
e91a0	68 65 20 60 60 2f 63 6f 6e 66 69 67 2f 73 63 72 69 70 74 73 2f 76 72 72 70 2d 66 61 69 6c 2e 73	he.``/config/scripts/vrrp-fail.s
e91c0	68 60 60 20 77 69 74 68 20 61 72 67 75 6d 65 6e 74 20 60 60 46 6f 6f 60 60 20 77 68 65 6e 20 56	h``.with.argument.``Foo``.when.V
e91e0	52 52 50 20 66 61 69 6c 73 2c 20 61 6e 64 20 74 68 65 20 60 60 2f 63 6f 6e 66 69 67 2f 73 63 72	RRP.fails,.and.the.``/config/scr
e9200	69 70 74 73 2f 76 72 72 70 2d 6d 61 73 74 65 72 2e 73 68 60 60 20 77 68 65 6e 20 74 68 65 20 72	ipts/vrrp-master.sh``.when.the.r
e9220	6f 75 74 65 72 20 62 65 63 6f 6d 65 73 20 74 68 65 20 6d 61 73 74 65 72 3a 00 54 72 61 6e 73 70	outer.becomes.the.master:.Transp
e9240	61 72 65 6e 74 20 50 72 6f 78 79 00 54 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 00 54 75 6e 69	arent.Proxy.Troubleshooting.Tuni
e9260	6e 67 20 63 6f 6d 6d 61 6e 64 73 00 54 75 6e 6e 65 6c 00 54 75 6e 6e 65 6c 20 6b 65 79 73 00 54	ng.commands.Tunnel.Tunnel.keys.T
e9280	77 6f 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 20 76 61 72 69 61 62 6c 65 73 20 61 72 65 20 61 76 61	wo.environment.variables.are.ava
e92a0	69 6c 61 62 6c 65 3a 00 54 77 6f 20 6e 65 77 20 66 69 6c 65 73 20 60 60 2f 63 6f 6e 66 69 67 2f	ilable:.Two.new.files.``/config/
e92c0	61 75 74 68 2f 69 64 5f 72 73 61 5f 72 70 6b 69 60 60 20 61 6e 64 20 60 60 2f 63 6f 6e 66 69 67	auth/id_rsa_rpki``.and.``/config
e92e0	2f 61 75 74 68 2f 69 64 5f 72 73 61 5f 72 70 6b 69 2e 70 75 62 60 60 20 77 69 6c 6c 20 62 65 20	/auth/id_rsa_rpki.pub``.will.be.
e9300	63 72 65 61 74 65 64 2e 00 54 77 6f 20 72 6f 75 74 65 72 73 20 63 6f 6e 6e 65 63 74 65 64 20 62	created..Two.routers.connected.b
e9320	6f 74 68 20 76 69 61 20 65 74 68 31 20 74 68 72 6f 75 67 68 20 61 6e 20 75 6e 74 72 75 73 74 65	oth.via.eth1.through.an.untruste
e9340	64 20 73 77 69 74 63 68 00 54 79 70 65 20 6f 66 20 6d 65 74 72 69 63 73 20 67 72 6f 75 70 69 6e	d.switch.Type.of.metrics.groupin
e9360	67 20 77 68 65 6e 20 70 75 73 68 20 74 6f 20 41 7a 75 72 65 20 44 61 74 61 20 45 78 70 6c 6f 72	g.when.push.to.Azure.Data.Explor
e9380	65 72 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 69 73 20 60 60 74 61 62 6c 65 2d 70 65 72 2d 6d	er..The.default.is.``table-per-m
e93a0	65 74 72 69 63 60 60 2e 00 54 79 70 69 63 61 6c 6c 79 2c 20 61 20 31 2d 74 6f 2d 31 20 4e 41 54	etric``..Typically,.a.1-to-1.NAT
e93c0	20 72 75 6c 65 20 6f 6d 69 74 73 20 74 68 65 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 70 6f 72 74	.rule.omits.the.destination.port
e93e0	20 28 61 6c 6c 20 70 6f 72 74 73 29 20 61 6e 64 20 72 65 70 6c 61 63 65 73 20 74 68 65 20 70 72	.(all.ports).and.replaces.the.pr
e9400	6f 74 6f 63 6f 6c 20 77 69 74 68 20 65 69 74 68 65 72 20 2a 2a 61 6c 6c 2a 2a 20 6f 72 20 2a 2a	otocol.with.either.**all**.or.**
e9420	69 70 2a 2a 2e 00 55 44 50 20 42 72 6f 61 64 63 61 73 74 20 52 65 6c 61 79 00 55 44 50 20 6d 6f	ip**..UDP.Broadcast.Relay.UDP.mo
e9440	64 65 20 77 6f 72 6b 73 20 62 65 74 74 65 72 20 77 69 74 68 20 4e 41 54 3a 00 55 44 50 20 70 6f	de.works.better.with.NAT:.UDP.po
e9460	72 74 20 31 37 30 31 20 66 6f 72 20 49 50 73 65 63 00 55 44 50 20 70 6f 72 74 20 34 35 30 30 20	rt.1701.for.IPsec.UDP.port.4500.
e9480	28 4e 41 54 2d 54 29 00 55 44 50 20 70 6f 72 74 20 35 30 30 20 28 49 4b 45 29 00 55 52 4c 20 46	(NAT-T).UDP.port.500.(IKE).URL.F
e94a0	69 6c 74 65 72 69 6e 67 20 69 73 20 70 72 6f 76 69 64 65 64 20 62 79 20 53 71 75 69 64 47 75 61	iltering.is.provided.by.SquidGua
e94c0	72 64 5f 2e 00 55 52 4c 20 66 69 6c 74 65 72 69 6e 67 00 55 52 4c 20 77 69 74 68 20 73 69 67 6e	rd_..URL.filtering.URL.with.sign
e94e0	61 74 75 72 65 20 6f 66 20 6d 61 73 74 65 72 20 66 6f 72 20 61 75 74 68 20 72 65 70 6c 79 20 76	ature.of.master.for.auth.reply.v
e9500	65 72 69 66 69 63 61 74 69 6f 6e 00 55 53 42 20 74 6f 20 73 65 72 69 61 6c 20 63 6f 6e 76 65 72	erification.USB.to.serial.conver
e9520	74 65 72 73 20 77 69 6c 6c 20 68 61 6e 64 6c 65 20 6d 6f 73 74 20 6f 66 20 74 68 65 69 72 20 77	ters.will.handle.most.of.their.w
e9540	6f 72 6b 20 69 6e 20 73 6f 66 74 77 61 72 65 20 73 6f 20 79 6f 75 20 73 68 6f 75 6c 64 20 62 65	ork.in.software.so.you.should.be
e9560	20 63 61 72 65 66 75 6c 6c 20 77 69 74 68 20 74 68 65 20 73 65 6c 65 63 74 65 64 20 62 61 75 64	.carefull.with.the.selected.baud
e9580	72 61 74 65 20 61 73 20 73 6f 6d 65 20 74 69 6d 65 73 20 74 68 65 79 20 63 61 6e 27 74 20 63 6f	rate.as.some.times.they.can't.co
e95a0	70 65 20 77 69 74 68 20 74 68 65 20 65 78 70 65 63 74 65 64 20 73 70 65 65 64 2e 00 55 55 43 50	pe.with.the.expected.speed..UUCP
e95c0	20 73 75 62 73 79 73 74 65 6d 00 55 6e 69 63 61 73 74 00 55 6e 69 63 61 73 74 20 56 52 52 50 00	.subsystem.Unicast.Unicast.VRRP.
e95e0	55 6e 69 63 61 73 74 20 56 58 4c 41 4e 00 55 6e 69 74 20 6f 66 20 74 68 69 73 20 63 6f 6d 6d 61	Unicast.VXLAN.Unit.of.this.comma
e9600	6e 64 20 69 73 20 4d 42 2e 00 55 6e 69 74 73 00 55 70 20 74 6f 20 73 65 76 65 6e 20 71 75 65 75	nd.is.MB..Units.Up.to.seven.queu
e9620	65 73 20 2d 64 65 66 69 6e 65 64 20 61 73 20 63 6c 61 73 73 65 73 5f 20 77 69 74 68 20 64 69 66	es.-defined.as.classes_.with.dif
e9640	66 65 72 65 6e 74 20 70 72 69 6f 72 69 74 69 65 73 2d 20 63 61 6e 20 62 65 20 63 6f 6e 66 69 67	ferent.priorities-.can.be.config
e9660	75 72 65 64 2e 20 50 61 63 6b 65 74 73 20 61 72 65 20 70 6c 61 63 65 64 20 69 6e 74 6f 20 71 75	ured..Packets.are.placed.into.qu
e9680	65 75 65 73 20 62 61 73 65 64 20 6f 6e 20 61 73 73 6f 63 69 61 74 65 64 20 6d 61 74 63 68 20 63	eues.based.on.associated.match.c
e96a0	72 69 74 65 72 69 61 2e 20 50 61 63 6b 65 74 73 20 61 72 65 20 74 72 61 6e 73 6d 69 74 74 65 64	riteria..Packets.are.transmitted
e96c0	20 66 72 6f 6d 20 74 68 65 20 71 75 65 75 65 73 20 69 6e 20 70 72 69 6f 72 69 74 79 20 6f 72 64	.from.the.queues.in.priority.ord
e96e0	65 72 2e 20 49 66 20 63 6c 61 73 73 65 73 20 77 69 74 68 20 61 20 68 69 67 68 65 72 20 70 72 69	er..If.classes.with.a.higher.pri
e9700	6f 72 69 74 79 20 61 72 65 20 62 65 69 6e 67 20 66 69 6c 6c 65 64 20 77 69 74 68 20 70 61 63 6b	ority.are.being.filled.with.pack
e9720	65 74 73 20 63 6f 6e 74 69 6e 75 6f 75 73 6c 79 2c 20 70 61 63 6b 65 74 73 20 66 72 6f 6d 20 6c	ets.continuously,.packets.from.l
e9740	6f 77 65 72 20 70 72 69 6f 72 69 74 79 20 63 6c 61 73 73 65 73 20 77 69 6c 6c 20 6f 6e 6c 79 20	ower.priority.classes.will.only.
e9760	62 65 20 74 72 61 6e 73 6d 69 74 74 65 64 20 61 66 74 65 72 20 74 72 61 66 66 69 63 20 76 6f 6c	be.transmitted.after.traffic.vol
e9780	75 6d 65 20 66 72 6f 6d 20 68 69 67 68 65 72 20 70 72 69 6f 72 69 74 79 20 63 6c 61 73 73 65 73	ume.from.higher.priority.classes
e97a0	20 64 65 63 72 65 61 73 65 73 2e 00 55 70 64 61 74 65 00 55 70 64 61 74 65 20 63 6f 6e 74 61 69	.decreases..Update.Update.contai
e97c0	6e 65 72 20 69 6d 61 67 65 00 55 70 64 61 74 65 20 67 65 6f 69 70 20 64 61 74 61 62 61 73 65 00	ner.image.Update.geoip.database.
e97e0	55 70 64 61 74 65 73 20 66 72 6f 6d 20 74 68 65 20 52 50 4b 49 20 63 61 63 68 65 20 73 65 72 76	Updates.from.the.RPKI.cache.serv
e9800	65 72 73 20 61 72 65 20 64 69 72 65 63 74 6c 79 20 61 70 70 6c 69 65 64 20 61 6e 64 20 70 61 74	ers.are.directly.applied.and.pat
e9820	68 20 73 65 6c 65 63 74 69 6f 6e 20 69 73 20 75 70 64 61 74 65 64 20 61 63 63 6f 72 64 69 6e 67	h.selection.is.updated.according
e9840	6c 79 2e 20 28 53 6f 66 74 20 72 65 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6d 75 73 74 20 62	ly..(Soft.reconfiguration.must.b
e9860	65 20 65 6e 61 62 6c 65 64 20 66 6f 72 20 74 68 69 73 20 74 6f 20 77 6f 72 6b 29 2e 00 55 70 6c	e.enabled.for.this.to.work)..Upl
e9880	6f 61 64 20 62 61 6e 64 77 69 64 74 68 20 6c 69 6d 69 74 20 69 6e 20 6b 62 69 74 2f 73 20 66 6f	oad.bandwidth.limit.in.kbit/s.fo
e98a0	72 20 60 3c 75 73 65 72 3e 60 2e 00 55 70 6f 6e 20 72 65 63 65 70 74 69 6f 6e 20 6f 66 20 61 6e	r.`<user>`..Upon.reception.of.an
e98c0	20 69 6e 63 6f 6d 69 6e 67 20 70 61 63 6b 65 74 2c 20 77 68 65 6e 20 61 20 72 65 73 70 6f 6e 73	.incoming.packet,.when.a.respons
e98e0	65 20 69 73 20 73 65 6e 74 2c 20 69 74 20 6d 69 67 68 74 20 62 65 20 64 65 73 69 72 65 64 20 74	e.is.sent,.it.might.be.desired.t
e9900	6f 20 65 6e 73 75 72 65 20 74 68 61 74 20 69 74 20 6c 65 61 76 65 73 20 66 72 6f 6d 20 74 68 65	o.ensure.that.it.leaves.from.the
e9920	20 73 61 6d 65 20 69 6e 74 65 72 66 61 63 65 20 61 73 20 74 68 65 20 69 6e 62 6f 75 6e 64 20 6f	.same.interface.as.the.inbound.o
e9940	6e 65 2e 20 54 68 69 73 20 63 61 6e 20 62 65 20 61 63 68 69 65 76 65 64 20 62 79 20 65 6e 61 62	ne..This.can.be.achieved.by.enab
e9960	6c 69 6e 67 20 73 74 69 63 6b 79 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 69 6e 20 74 68 65 20 6c	ling.sticky.connections.in.the.l
e9980	6f 61 64 20 62 61 6c 61 6e 63 69 6e 67 3a 00 55 70 6f 6e 20 73 68 75 74 64 6f 77 6e 2c 20 74 68	oad.balancing:.Upon.shutdown,.th
e99a0	69 73 20 6f 70 74 69 6f 6e 20 77 69 6c 6c 20 64 65 70 72 65 63 61 74 65 20 74 68 65 20 70 72 65	is.option.will.deprecate.the.pre
e99c0	66 69 78 20 62 79 20 61 6e 6e 6f 75 6e 63 69 6e 67 20 69 74 20 69 6e 20 74 68 65 20 73 68 75 74	fix.by.announcing.it.in.the.shut
e99e0	64 6f 77 6e 20 52 41 00 55 73 65 20 38 30 32 2e 31 31 6e 20 70 72 6f 74 6f 63 6f 6c 00 55 73 65	down.RA.Use.802.11n.protocol.Use
e9a00	20 44 79 6e 44 4e 53 20 61 73 20 79 6f 75 72 20 70 72 65 66 65 72 72 65 64 20 70 72 6f 76 69 64	.DynDNS.as.your.preferred.provid
e9a20	65 72 3a 00 55 73 65 20 54 4c 53 20 62 75 74 20 73 6b 69 70 20 68 6f 73 74 20 76 61 6c 69 64 61	er:.Use.TLS.but.skip.host.valida
e9a40	74 69 6f 6e 00 55 73 65 20 54 4c 53 20 65 6e 63 72 79 70 74 69 6f 6e 2e 00 55 73 65 20 60 3c 73	tion.Use.TLS.encryption..Use.`<s
e9a60	75 62 6e 65 74 3e 60 20 61 73 20 74 68 65 20 49 50 20 70 6f 6f 6c 20 66 6f 72 20 61 6c 6c 20 63	ubnet>`.as.the.IP.pool.for.all.c
e9a80	6f 6e 6e 65 63 74 69 6e 67 20 63 6c 69 65 6e 74 73 2e 00 55 73 65 20 60 60 73 68 6f 77 20 6c 6f	onnecting.clients..Use.``show.lo
e9aa0	67 20 7c 20 73 74 72 69 70 2d 70 72 69 76 61 74 65 60 60 20 69 66 20 79 6f 75 20 77 61 6e 74 20	g.|.strip-private``.if.you.want.
e9ac0	74 6f 20 68 69 64 65 20 70 72 69 76 61 74 65 20 64 61 74 61 20 77 68 65 6e 20 73 68 61 72 69 6e	to.hide.private.data.when.sharin
e9ae0	67 20 79 6f 75 72 20 6c 6f 67 73 2e 00 55 73 65 20 60 64 65 6c 65 74 65 20 73 79 73 74 65 6d 20	g.your.logs..Use.`delete.system.
e9b00	63 6f 6e 6e 74 72 61 63 6b 20 6d 6f 64 75 6c 65 73 60 20 74 6f 20 64 65 61 63 74 69 76 65 20 61	conntrack.modules`.to.deactive.a
e9b20	6c 6c 20 6d 6f 64 75 6c 65 73 2e 00 55 73 65 20 61 20 70 65 72 73 69 73 74 65 6e 74 20 4c 44 41	ll.modules..Use.a.persistent.LDA
e9b40	50 20 63 6f 6e 6e 65 63 74 69 6f 6e 2e 20 4e 6f 72 6d 61 6c 6c 79 20 74 68 65 20 4c 44 41 50 20	P.connection..Normally.the.LDAP.
e9b60	63 6f 6e 6e 65 63 74 69 6f 6e 20 69 73 20 6f 6e 6c 79 20 6f 70 65 6e 20 77 68 69 6c 65 20 76 61	connection.is.only.open.while.va
e9b80	6c 69 64 61 74 69 6e 67 20 61 20 75 73 65 72 6e 61 6d 65 20 74 6f 20 70 72 65 73 65 72 76 65 20	lidating.a.username.to.preserve.
e9ba0	72 65 73 6f 75 72 63 65 73 20 61 74 20 74 68 65 20 4c 44 41 50 20 73 65 72 76 65 72 2e 20 54 68	resources.at.the.LDAP.server..Th
e9bc0	69 73 20 6f 70 74 69 6f 6e 20 63 61 75 73 65 73 20 74 68 65 20 4c 44 41 50 20 63 6f 6e 6e 65 63	is.option.causes.the.LDAP.connec
e9be0	74 69 6f 6e 20 74 6f 20 62 65 20 6b 65 70 74 20 6f 70 65 6e 2c 20 61 6c 6c 6f 77 69 6e 67 20 69	tion.to.be.kept.open,.allowing.i
e9c00	74 20 74 6f 20 62 65 20 72 65 75 73 65 64 20 66 6f 72 20 66 75 72 74 68 65 72 20 75 73 65 72 20	t.to.be.reused.for.further.user.
e9c20	76 61 6c 69 64 61 74 69 6f 6e 73 2e 00 55 73 65 20 61 20 73 70 65 63 69 66 69 63 20 61 64 64 72	validations..Use.a.specific.addr
e9c40	65 73 73 2d 67 72 6f 75 70 2e 20 50 72 65 70 65 6e 64 20 63 68 61 72 61 63 74 65 72 20 60 60 21	ess-group..Prepend.character.``!
e9c60	60 60 20 66 6f 72 20 69 6e 76 65 72 74 65 64 20 6d 61 74 63 68 69 6e 67 20 63 72 69 74 65 72 69	``.for.inverted.matching.criteri
e9c80	61 2e 00 55 73 65 20 61 20 73 70 65 63 69 66 69 63 20 64 6f 6d 61 69 6e 2d 67 72 6f 75 70 2e 20	a..Use.a.specific.domain-group..
e9ca0	50 72 65 70 65 6e 64 20 63 68 61 72 61 63 74 65 72 20 60 60 21 60 60 20 66 6f 72 20 69 6e 76 65	Prepend.character.``!``.for.inve
e9cc0	72 74 65 64 20 6d 61 74 63 68 69 6e 67 20 63 72 69 74 65 72 69 61 2e 00 55 73 65 20 61 20 73 70	rted.matching.criteria..Use.a.sp
e9ce0	65 63 69 66 69 63 20 6d 61 63 2d 67 72 6f 75 70 2e 20 50 72 65 70 65 6e 64 20 63 68 61 72 61 63	ecific.mac-group..Prepend.charac
e9d00	74 65 72 20 60 60 21 60 60 20 66 6f 72 20 69 6e 76 65 72 74 65 64 20 6d 61 74 63 68 69 6e 67 20	ter.``!``.for.inverted.matching.
e9d20	63 72 69 74 65 72 69 61 2e 00 55 73 65 20 61 20 73 70 65 63 69 66 69 63 20 6e 65 74 77 6f 72 6b	criteria..Use.a.specific.network
e9d40	2d 67 72 6f 75 70 2e 20 50 72 65 70 65 6e 64 20 63 68 61 72 61 63 74 65 72 20 60 60 21 60 60 20	-group..Prepend.character.``!``.
e9d60	66 6f 72 20 69 6e 76 65 72 74 65 64 20 6d 61 74 63 68 69 6e 67 20 63 72 69 74 65 72 69 61 2e 00	for.inverted.matching.criteria..
e9d80	55 73 65 20 61 20 73 70 65 63 69 66 69 63 20 70 6f 72 74 2d 67 72 6f 75 70 2e 20 50 72 65 70 65	Use.a.specific.port-group..Prepe
e9da0	6e 64 20 63 68 61 72 61 63 74 65 72 20 60 60 21 60 60 20 66 6f 72 20 69 6e 76 65 72 74 65 64 20	nd.character.``!``.for.inverted.
e9dc0	6d 61 74 63 68 69 6e 67 20 63 72 69 74 65 72 69 61 2e 00 55 73 65 20 61 64 64 72 65 73 73 20 60	matching.criteria..Use.address.`
e9de0	6d 61 73 71 75 65 72 61 64 65 60 20 28 74 68 65 20 69 6e 74 65 72 66 61 63 65 73 20 70 72 69 6d	masquerade`.(the.interfaces.prim
e9e00	61 72 79 20 61 64 64 72 65 73 73 29 20 6f 6e 20 72 75 6c 65 20 33 30 00 55 73 65 20 61 6e 20 61	ary.address).on.rule.30.Use.an.a
e9e20	75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 67 65 6e 65 72 61 74 65 64 20 73 65 6c 66 2d 73 69 67 6e	utomatically.generated.self-sign
e9e40	65 64 20 63 65 72 74 69 66 69 63 61 74 65 00 55 73 65 20 61 6e 79 20 6c 6f 63 61 6c 20 61 64 64	ed.certificate.Use.any.local.add
e9e60	72 65 73 73 2c 20 63 6f 6e 66 69 67 75 72 65 64 20 6f 6e 20 61 6e 79 20 69 6e 74 65 72 66 61 63	ress,.configured.on.any.interfac
e9e80	65 20 69 66 20 74 68 69 73 20 69 73 20 6e 6f 74 20 73 65 74 2e 00 55 73 65 20 61 75 74 68 20 6b	e.if.this.is.not.set..Use.auth.k
e9ea0	65 79 20 66 69 6c 65 20 61 74 20 60 60 2f 63 6f 6e 66 69 67 2f 61 75 74 68 2f 6d 79 2e 6b 65 79	ey.file.at.``/config/auth/my.key
e9ec0	60 60 00 55 73 65 20 63 6f 6e 66 69 67 75 72 65 64 20 60 3c 75 72 6c 3e 60 20 74 6f 20 64 65 74	``.Use.configured.`<url>`.to.det
e9ee0	65 72 6d 69 6e 65 20 79 6f 75 72 20 49 50 20 61 64 64 72 65 73 73 2e 20 64 64 63 6c 69 65 6e 74	ermine.your.IP.address..ddclient
e9f00	5f 20 77 69 6c 6c 20 6c 6f 61 64 20 60 3c 75 72 6c 3e 60 20 61 6e 64 20 74 72 69 65 73 20 74 6f	_.will.load.`<url>`.and.tries.to
e9f20	20 65 78 74 72 61 63 74 20 79 6f 75 72 20 49 50 20 61 64 64 72 65 73 73 20 66 72 6f 6d 20 74 68	.extract.your.IP.address.from.th
e9f40	65 20 72 65 73 70 6f 6e 73 65 2e 00 55 73 65 20 69 6e 76 65 72 73 65 2d 6d 61 74 63 68 20 74 6f	e.response..Use.inverse-match.to
e9f60	20 6d 61 74 63 68 20 61 6e 79 74 68 69 6e 67 20 65 78 63 65 70 74 20 74 68 65 20 67 69 76 65 6e	.match.anything.except.the.given
e9f80	20 63 6f 75 6e 74 72 79 2d 63 6f 64 65 73 2e 00 55 73 65 20 6c 6f 63 61 6c 20 73 6f 63 6b 65 74	.country-codes..Use.local.socket
e9fa0	20 66 6f 72 20 41 50 49 00 55 73 65 20 6c 6f 63 61 6c 20 75 73 65 72 20 60 66 6f 6f 60 20 77 69	.for.API.Use.local.user.`foo`.wi
e9fc0	74 68 20 70 61 73 73 77 6f 72 64 20 60 62 61 72 60 00 55 73 65 20 74 61 62 20 63 6f 6d 70 6c 65	th.password.`bar`.Use.tab.comple
e9fe0	74 69 6f 6e 20 74 6f 20 67 65 74 20 61 20 6c 69 73 74 20 6f 66 20 63 61 74 65 67 6f 72 69 65 73	tion.to.get.a.list.of.categories
ea000	2e 00 55 73 65 20 74 68 65 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 73 70 65 63 69 66 69	..Use.the.address.of.the.specifi
ea020	65 64 20 69 6e 74 65 72 66 61 63 65 20 6f 6e 20 74 68 65 20 6c 6f 63 61 6c 20 6d 61 63 68 69 6e	ed.interface.on.the.local.machin
ea040	65 20 61 73 20 74 68 65 20 73 6f 75 72 63 65 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 63	e.as.the.source.address.of.the.c
ea060	6f 6e 6e 65 63 74 69 6f 6e 2e 00 55 73 65 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 74 6f 70	onnection..Use.the.following.top
ea080	6f 6c 6f 67 79 20 74 6f 20 62 75 69 6c 64 20 61 20 6e 61 74 36 36 20 62 61 73 65 64 20 69 73 6f	ology.to.build.a.nat66.based.iso
ea0a0	6c 61 74 65 64 20 6e 65 74 77 6f 72 6b 20 62 65 74 77 65 65 6e 20 69 6e 74 65 72 6e 61 6c 20 61	lated.network.between.internal.a
ea0c0	6e 64 20 65 78 74 65 72 6e 61 6c 20 6e 65 74 77 6f 72 6b 73 20 28 64 79 6e 61 6d 69 63 20 70 72	nd.external.networks.(dynamic.pr
ea0e0	65 66 69 78 20 69 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 29 3a 00 55 73 65 20 74 68 65 20	efix.is.not.supported):.Use.the.
ea100	73 70 65 63 69 66 69 65 64 20 61 64 64 72 65 73 73 20 6f 6e 20 74 68 65 20 6c 6f 63 61 6c 20 6d	specified.address.on.the.local.m
ea120	61 63 68 69 6e 65 20 61 73 20 74 68 65 20 73 6f 75 72 63 65 20 61 64 64 72 65 73 73 20 6f 66 20	achine.as.the.source.address.of.
ea140	74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 2e 20 4f 6e 6c 79 20 75 73 65 66 75 6c 20 6f 6e 20 73	the.connection..Only.useful.on.s
ea160	79 73 74 65 6d 73 20 77 69 74 68 20 6d 6f 72 65 20 74 68 61 6e 20 6f 6e 65 20 61 64 64 72 65 73	ystems.with.more.than.one.addres
ea180	73 2e 00 55 73 65 20 74 68 65 73 65 20 63 6f 6d 6d 61 6e 64 73 20 69 66 20 79 6f 75 20 77 6f 75	s..Use.these.commands.if.you.wou
ea1a0	6c 64 20 6c 69 6b 65 20 74 6f 20 73 65 74 20 74 68 65 20 64 69 73 63 6f 76 65 72 79 20 68 65 6c	ld.like.to.set.the.discovery.hel
ea1c0	6c 6f 20 61 6e 64 20 68 6f 6c 64 20 74 69 6d 65 20 70 61 72 61 6d 65 74 65 72 73 20 66 6f 72 20	lo.and.hold.time.parameters.for.
ea1e0	74 68 65 20 74 61 72 67 65 74 65 64 20 4c 44 50 20 6e 65 69 67 68 62 6f 72 73 2e 00 55 73 65 20	the.targeted.LDP.neighbors..Use.
ea200	74 68 65 73 65 20 63 6f 6d 6d 61 6e 64 73 20 69 66 20 79 6f 75 20 77 6f 75 6c 64 20 6c 69 6b 65	these.commands.if.you.would.like
ea220	20 74 6f 20 73 65 74 20 74 68 65 20 64 69 73 63 6f 76 65 72 79 20 68 65 6c 6c 6f 20 61 6e 64 20	.to.set.the.discovery.hello.and.
ea240	68 6f 6c 64 20 74 69 6d 65 20 70 61 72 61 6d 65 74 65 72 73 2e 00 55 73 65 20 74 68 65 73 65 20	hold.time.parameters..Use.these.
ea260	63 6f 6d 6d 61 6e 64 73 20 74 6f 20 63 6f 6e 74 72 6f 6c 20 74 68 65 20 65 78 70 6f 72 74 69 6e	commands.to.control.the.exportin
ea280	67 20 6f 66 20 66 6f 72 77 61 72 64 69 6e 67 20 65 71 75 69 76 61 6c 65 6e 63 65 20 63 6c 61 73	g.of.forwarding.equivalence.clas
ea2a0	73 65 73 20 28 46 45 43 73 29 20 66 6f 72 20 4c 44 50 20 74 6f 20 6e 65 69 67 68 62 6f 72 73 2e	ses.(FECs).for.LDP.to.neighbors.
ea2c0	20 54 68 69 73 20 77 6f 75 6c 64 20 62 65 20 75 73 65 66 75 6c 20 66 6f 72 20 65 78 61 6d 70 6c	.This.would.be.useful.for.exampl
ea2e0	65 20 6f 6e 20 6f 6e 6c 79 20 61 6e 6e 6f 75 6e 63 69 6e 67 20 74 68 65 20 6c 61 62 65 6c 65 64	e.on.only.announcing.the.labeled
ea300	20 72 6f 75 74 65 73 20 74 68 61 74 20 61 72 65 20 6e 65 65 64 65 64 20 61 6e 64 20 6e 6f 74 20	.routes.that.are.needed.and.not.
ea320	6f 6e 65 73 20 74 68 61 74 20 61 72 65 20 6e 6f 74 20 6e 65 65 64 65 64 2c 20 73 75 63 68 20 61	ones.that.are.not.needed,.such.a
ea340	73 20 61 6e 6e 6f 75 6e 63 69 6e 67 20 6c 6f 6f 70 62 61 63 6b 20 69 6e 74 65 72 66 61 63 65 73	s.announcing.loopback.interfaces
ea360	20 61 6e 64 20 6e 6f 20 6f 74 68 65 72 73 2e 00 55 73 65 20 74 68 65 73 65 20 63 6f 6d 6d 61 6e	.and.no.others..Use.these.comman
ea380	64 73 20 74 6f 20 63 6f 6e 74 72 6f 6c 20 74 68 65 20 69 6d 70 6f 72 74 69 6e 67 20 6f 66 20 66	ds.to.control.the.importing.of.f
ea3a0	6f 72 77 61 72 64 69 6e 67 20 65 71 75 69 76 61 6c 65 6e 63 65 20 63 6c 61 73 73 65 73 20 28 46	orwarding.equivalence.classes.(F
ea3c0	45 43 73 29 20 66 6f 72 20 4c 44 50 20 66 72 6f 6d 20 6e 65 69 67 68 62 6f 72 73 2e 20 54 68 69	ECs).for.LDP.from.neighbors..Thi
ea3e0	73 20 77 6f 75 6c 64 20 62 65 20 75 73 65 66 75 6c 20 66 6f 72 20 65 78 61 6d 70 6c 65 20 6f 6e	s.would.be.useful.for.example.on
ea400	20 6f 6e 6c 79 20 61 63 63 65 70 74 69 6e 67 20 74 68 65 20 6c 61 62 65 6c 65 64 20 72 6f 75 74	.only.accepting.the.labeled.rout
ea420	65 73 20 74 68 61 74 20 61 72 65 20 6e 65 65 64 65 64 20 61 6e 64 20 6e 6f 74 20 6f 6e 65 73 20	es.that.are.needed.and.not.ones.
ea440	74 68 61 74 20 61 72 65 20 6e 6f 74 20 6e 65 65 64 65 64 2c 20 73 75 63 68 20 61 73 20 61 63 63	that.are.not.needed,.such.as.acc
ea460	65 70 74 69 6e 67 20 6c 6f 6f 70 62 61 63 6b 20 69 6e 74 65 72 66 61 63 65 73 20 61 6e 64 20 72	epting.loopback.interfaces.and.r
ea480	65 6a 65 63 74 69 6e 67 20 61 6c 6c 20 6f 74 68 65 72 73 2e 00 55 73 65 20 74 68 69 73 20 50 49	ejecting.all.others..Use.this.PI
ea4a0	4d 20 63 6f 6d 6d 61 6e 64 20 69 6e 20 74 68 65 20 73 65 6c 65 63 74 65 64 20 69 6e 74 65 72 66	M.command.in.the.selected.interf
ea4c0	61 63 65 20 74 6f 20 73 65 74 20 74 68 65 20 70 72 69 6f 72 69 74 79 20 28 31 2d 34 32 39 34 39	ace.to.set.the.priority.(1-42949
ea4e0	36 37 32 39 35 29 20 79 6f 75 20 77 61 6e 74 20 74 6f 20 69 6e 66 6c 75 65 6e 63 65 20 69 6e 20	67295).you.want.to.influence.in.
ea500	74 68 65 20 65 6c 65 63 74 69 6f 6e 20 6f 66 20 61 20 6e 6f 64 65 20 74 6f 20 62 65 63 6f 6d 65	the.election.of.a.node.to.become
ea520	20 74 68 65 20 44 65 73 69 67 6e 61 74 65 64 20 52 6f 75 74 65 72 20 66 6f 72 20 61 20 4c 41 4e	.the.Designated.Router.for.a.LAN
ea540	20 73 65 67 6d 65 6e 74 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 70 72 69 6f 72 69 74 79 20 69	.segment..The.default.priority.i
ea560	73 20 31 2c 20 73 65 74 20 61 20 20 68 69 67 68 65 72 20 76 61 6c 75 65 20 74 6f 20 67 69 76 65	s.1,.set.a..higher.value.to.give
ea580	20 74 68 65 20 72 6f 75 74 65 72 20 6d 6f 72 65 20 70 72 65 66 65 72 65 6e 63 65 20 69 6e 20 74	.the.router.more.preference.in.t
ea5a0	68 65 20 44 52 20 65 6c 65 63 74 69 6f 6e 20 70 72 6f 63 65 73 73 2e 00 55 73 65 20 74 68 69 73	he.DR.election.process..Use.this
ea5c0	20 50 49 4d 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 6d 6f 64 69 66 79 20 74 68 65 20 74 69 6d 65 20	.PIM.command.to.modify.the.time.
ea5e0	6f 75 74 20 76 61 6c 75 65 20 28 33 31 2d 36 30 30 30 30 20 73 65 63 6f 6e 64 73 29 20 66 6f 72	out.value.(31-60000.seconds).for
ea600	20 61 6e 20 60 28 53 2c 47 29 20 3c 68 74 74 70 73 3a 2f 2f 74 6f 6f 6c 73 2e 69 65 74 66 2e 6f	.an.`(S,G).<https://tools.ietf.o
ea620	72 67 2f 68 74 6d 6c 2f 72 66 63 37 37 36 31 23 73 65 63 74 69 6f 6e 2d 34 2e 31 3e 60 5f 20 66	rg/html/rfc7761#section-4.1>`_.f
ea640	6c 6f 77 2e 20 33 31 20 73 65 63 6f 6e 64 73 20 69 73 20 63 68 6f 73 65 6e 20 66 6f 72 20 61 20	low..31.seconds.is.chosen.for.a.
ea660	6c 6f 77 65 72 20 62 6f 75 6e 64 20 61 73 20 73 6f 6d 65 20 68 61 72 64 77 61 72 65 20 70 6c 61	lower.bound.as.some.hardware.pla
ea680	74 66 6f 72 6d 73 20 63 61 6e 6e 6f 74 20 73 65 65 20 64 61 74 61 20 66 6c 6f 77 69 6e 67 20 69	tforms.cannot.see.data.flowing.i
ea6a0	6e 20 62 65 74 74 65 72 20 74 68 61 6e 20 33 30 20 73 65 63 6f 6e 64 73 20 63 68 75 6e 6b 73 2e	n.better.than.30.seconds.chunks.
ea6c0	00 55 73 65 20 74 68 69 73 20 63 6f 6d 61 6e 64 20 74 6f 20 73 65 74 20 74 68 65 20 49 50 76 36	.Use.this.comand.to.set.the.IPv6
ea6e0	20 61 64 64 72 65 73 73 20 70 6f 6f 6c 20 66 72 6f 6d 20 77 68 69 63 68 20 61 20 50 50 50 6f 45	.address.pool.from.which.a.PPPoE
ea700	20 63 6c 69 65 6e 74 20 77 69 6c 6c 20 67 65 74 20 61 6e 20 49 50 76 36 20 70 72 65 66 69 78 20	.client.will.get.an.IPv6.prefix.
ea720	6f 66 20 79 6f 75 72 20 64 65 66 69 6e 65 64 20 6c 65 6e 67 74 68 20 28 6d 61 73 6b 29 20 74 6f	of.your.defined.length.(mask).to
ea740	20 74 65 72 6d 69 6e 61 74 65 20 74 68 65 20 50 50 50 6f 45 20 65 6e 64 70 6f 69 6e 74 20 61 74	.terminate.the.PPPoE.endpoint.at
ea760	20 74 68 65 69 72 20 73 69 64 65 2e 20 54 68 65 20 6d 61 73 6b 20 6c 65 6e 67 74 68 20 63 61 6e	.their.side..The.mask.length.can
ea780	20 62 65 20 73 65 74 20 66 72 6f 6d 20 34 38 20 74 6f 20 31 32 38 20 62 69 74 20 6c 6f 6e 67 2c	.be.set.from.48.to.128.bit.long,
ea7a0	20 74 68 65 20 64 65 66 61 75 6c 74 20 76 61 6c 75 65 20 69 73 20 36 34 2e 00 55 73 65 20 74 68	.the.default.value.is.64..Use.th
ea7c0	69 73 20 63 6f 6d 61 6e 64 20 74 6f 20 73 65 74 20 74 68 65 20 49 50 76 36 20 61 64 64 72 65 73	is.comand.to.set.the.IPv6.addres
ea7e0	73 20 70 6f 6f 6c 20 66 72 6f 6d 20 77 68 69 63 68 20 61 6e 20 53 53 54 50 20 63 6c 69 65 6e 74	s.pool.from.which.an.SSTP.client
ea800	20 77 69 6c 6c 20 67 65 74 20 61 6e 20 49 50 76 36 20 70 72 65 66 69 78 20 6f 66 20 79 6f 75 72	.will.get.an.IPv6.prefix.of.your
ea820	20 64 65 66 69 6e 65 64 20 6c 65 6e 67 74 68 20 28 6d 61 73 6b 29 20 74 6f 20 74 65 72 6d 69 6e	.defined.length.(mask).to.termin
ea840	61 74 65 20 74 68 65 20 53 53 54 50 20 65 6e 64 70 6f 69 6e 74 20 61 74 20 74 68 65 69 72 20 73	ate.the.SSTP.endpoint.at.their.s
ea860	69 64 65 2e 20 54 68 65 20 6d 61 73 6b 20 6c 65 6e 67 74 68 20 63 61 6e 20 62 65 20 73 65 74 20	ide..The.mask.length.can.be.set.
ea880	66 72 6f 6d 20 34 38 20 74 6f 20 31 32 38 20 62 69 74 20 6c 6f 6e 67 2c 20 74 68 65 20 64 65 66	from.48.to.128.bit.long,.the.def
ea8a0	61 75 6c 74 20 76 61 6c 75 65 20 69 73 20 36 34 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61	ault.value.is.64..Use.this.comma
ea8c0	6e 64 20 66 6f 72 20 65 76 65 72 79 20 70 6f 6f 6c 20 6f 66 20 63 6c 69 65 6e 74 20 49 50 20 61	nd.for.every.pool.of.client.IP.a
ea8e0	64 64 72 65 73 73 65 73 20 79 6f 75 20 77 61 6e 74 20 74 6f 20 64 65 66 69 6e 65 2e 20 54 68 65	ddresses.you.want.to.define..The
ea900	20 61 64 64 72 65 73 73 65 73 20 6f 66 20 74 68 69 73 20 70 6f 6f 6c 20 77 69 6c 6c 20 62 65 20	.addresses.of.this.pool.will.be.
ea920	67 69 76 65 6e 20 74 6f 20 50 50 50 6f 45 20 63 6c 69 65 6e 74 73 2e 20 59 6f 75 20 6d 75 73 74	given.to.PPPoE.clients..You.must
ea940	20 75 73 65 20 43 49 44 52 20 6e 6f 74 61 74 69 6f 6e 20 61 6e 64 20 69 74 20 6d 75 73 74 20 62	.use.CIDR.notation.and.it.must.b
ea960	65 20 77 69 74 68 69 6e 20 61 20 2f 32 34 20 73 75 62 6e 65 74 2e 00 55 73 65 20 74 68 69 73 20	e.within.a./24.subnet..Use.this.
ea980	63 6f 6d 6d 61 6e 64 20 66 6f 72 20 65 76 65 72 79 20 70 6f 6f 6c 20 6f 66 20 63 6c 69 65 6e 74	command.for.every.pool.of.client
ea9a0	20 49 50 20 61 64 64 72 65 73 73 65 73 20 79 6f 75 20 77 61 6e 74 20 74 6f 20 64 65 66 69 6e 65	.IP.addresses.you.want.to.define
ea9c0	2e 20 54 68 65 20 61 64 64 72 65 73 73 65 73 20 6f 66 20 74 68 69 73 20 70 6f 6f 6c 20 77 69 6c	..The.addresses.of.this.pool.wil
ea9e0	6c 20 62 65 20 67 69 76 65 6e 20 74 6f 20 50 50 50 6f 45 20 63 6c 69 65 6e 74 73 2e 20 59 6f 75	l.be.given.to.PPPoE.clients..You
eaa00	20 6d 75 73 74 20 75 73 65 20 43 49 44 52 20 6e 6f 74 61 74 69 6f 6e 2e 00 55 73 65 20 74 68 69	.must.use.CIDR.notation..Use.thi
eaa20	73 20 63 6f 6d 6d 61 6e 64 20 69 66 20 79 6f 75 20 77 6f 75 6c 64 20 6c 69 6b 65 20 66 6f 72 20	s.command.if.you.would.like.for.
eaa40	74 68 65 20 72 6f 75 74 65 72 20 74 6f 20 61 64 76 65 72 74 69 73 65 20 46 45 43 73 20 77 69 74	the.router.to.advertise.FECs.wit
eaa60	68 20 61 20 6c 61 62 65 6c 20 6f 66 20 30 20 66 6f 72 20 65 78 70 6c 69 63 69 74 20 6e 75 6c 6c	h.a.label.of.0.for.explicit.null
eaa80	20 6f 70 65 72 61 74 69 6f 6e 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 69 66	.operations..Use.this.command.if
eaaa0	20 79 6f 75 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 6f 20 63 6f 6e 74 72 6f 6c 20 74 68 65 20 6c	.you.would.like.to.control.the.l
eaac0	6f 63 61 6c 20 46 45 43 20 61 6c 6c 6f 63 61 74 69 6f 6e 73 20 66 6f 72 20 4c 44 50 2e 20 41 20	ocal.FEC.allocations.for.LDP..A.
eaae0	67 6f 6f 64 20 65 78 61 6d 70 6c 65 20 77 6f 75 6c 64 20 62 65 20 66 6f 72 20 79 6f 75 72 20 6c	good.example.would.be.for.your.l
eab00	6f 63 61 6c 20 72 6f 75 74 65 72 20 74 6f 20 6e 6f 74 20 61 6c 6c 6f 63 61 74 65 20 61 20 6c 61	ocal.router.to.not.allocate.a.la
eab20	62 65 6c 20 66 6f 72 20 65 76 65 72 79 74 68 69 6e 67 2e 20 4a 75 73 74 20 61 20 6c 61 62 65 6c	bel.for.everything..Just.a.label
eab40	20 66 6f 72 20 77 68 61 74 20 69 74 27 73 20 75 73 65 66 75 6c 2e 20 41 20 67 6f 6f 64 20 65 78	.for.what.it's.useful..A.good.ex
eab60	61 6d 70 6c 65 20 77 6f 75 6c 64 20 62 65 20 6a 75 73 74 20 61 20 6c 6f 6f 70 62 61 63 6b 20 6c	ample.would.be.just.a.loopback.l
eab80	61 62 65 6c 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 69 66 20 79 6f 75 20 77 6f	abel..Use.this.command.if.you.wo
eaba0	75 6c 64 20 6c 69 6b 65 20 74 6f 20 73 65 74 20 74 68 65 20 54 43 50 20 73 65 73 73 69 6f 6e 20	uld.like.to.set.the.TCP.session.
eabc0	68 6f 6c 64 20 74 69 6d 65 20 69 6e 74 65 72 76 61 6c 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f	hold.time.intervals..Use.this.co
eabe0	6d 6d 61 6e 64 20 74 6f 20 61 6c 6c 6f 77 20 74 68 65 20 73 65 6c 65 63 74 65 64 20 69 6e 74 65	mmand.to.allow.the.selected.inte
eac00	72 66 61 63 65 20 74 6f 20 6a 6f 69 6e 20 61 20 6d 75 6c 74 69 63 61 73 74 20 67 72 6f 75 70 20	rface.to.join.a.multicast.group.
eac20	64 65 66 69 6e 69 6e 67 20 74 68 65 20 6d 75 6c 74 69 63 61 73 74 20 61 64 64 72 65 73 73 20 79	defining.the.multicast.address.y
eac40	6f 75 20 77 61 6e 74 20 74 6f 20 6a 6f 69 6e 20 61 6e 64 20 74 68 65 20 73 6f 75 72 63 65 20 49	ou.want.to.join.and.the.source.I
eac60	50 20 61 64 64 72 65 73 73 20 74 6f 6f 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20	P.address.too..Use.this.command.
eac80	74 6f 20 61 6c 6c 6f 77 20 74 68 65 20 73 65 6c 65 63 74 65 64 20 69 6e 74 65 72 66 61 63 65 20	to.allow.the.selected.interface.
eaca0	74 6f 20 6a 6f 69 6e 20 61 20 6d 75 6c 74 69 63 61 73 74 20 67 72 6f 75 70 2e 00 55 73 65 20 74	to.join.a.multicast.group..Use.t
eacc0	68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 61 6c 6c 6f 77 20 74 68 65 20 73 65 6c 65 63 74 65	his.command.to.allow.the.selecte
eace0	64 20 69 6e 74 65 72 66 61 63 65 20 74 6f 20 6a 6f 69 6e 20 61 20 73 6f 75 72 63 65 2d 73 70 65	d.interface.to.join.a.source-spe
ead00	63 69 66 69 63 20 6d 75 6c 74 69 63 61 73 74 20 67 72 6f 75 70 2e 00 55 73 65 20 74 68 69 73 20	cific.multicast.group..Use.this.
ead20	63 6f 6d 6d 61 6e 64 20 74 6f 20 63 68 65 63 6b 20 74 68 65 20 74 75 6e 6e 65 6c 20 73 74 61 74	command.to.check.the.tunnel.stat
ead40	75 73 20 66 6f 72 20 4f 70 65 6e 56 50 4e 20 63 6c 69 65 6e 74 20 69 6e 74 65 72 66 61 63 65 73	us.for.OpenVPN.client.interfaces
ead60	2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 68 65 63 6b 20 74 68 65 20	..Use.this.command.to.check.the.
ead80	74 75 6e 6e 65 6c 20 73 74 61 74 75 73 20 66 6f 72 20 4f 70 65 6e 56 50 4e 20 73 65 72 76 65 72	tunnel.status.for.OpenVPN.server
eada0	20 69 6e 74 65 72 66 61 63 65 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f	.interfaces..Use.this.command.to
eadc0	20 63 68 65 63 6b 20 74 68 65 20 74 75 6e 6e 65 6c 20 73 74 61 74 75 73 20 66 6f 72 20 4f 70 65	.check.the.tunnel.status.for.Ope
eade0	6e 56 50 4e 20 73 69 74 65 2d 74 6f 2d 73 69 74 65 20 69 6e 74 65 72 66 61 63 65 73 2e 00 55 73	nVPN.site-to-site.interfaces..Us
eae00	65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6c 65 61 72 20 42 6f 72 64 65 72 20 47	e.this.command.to.clear.Border.G
eae20	61 74 65 77 61 79 20 50 72 6f 74 6f 63 6f 6c 20 73 74 61 74 69 73 74 69 63 73 20 6f 72 20 73 74	ateway.Protocol.statistics.or.st
eae40	61 74 75 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67	atus..Use.this.command.to.config
eae60	75 72 65 20 44 48 43 50 76 36 20 50 72 65 66 69 78 20 44 65 6c 65 67 61 74 69 6f 6e 20 28 52 46	ure.DHCPv6.Prefix.Delegation.(RF
eae80	43 33 36 33 33 29 20 6f 6e 20 53 53 54 50 2e 20 59 6f 75 20 77 69 6c 6c 20 68 61 76 65 20 74 6f	C3633).on.SSTP..You.will.have.to
eaea0	20 73 65 74 20 79 6f 75 72 20 49 50 76 36 20 70 6f 6f 6c 20 61 6e 64 20 74 68 65 20 6c 65 6e 67	.set.your.IPv6.pool.and.the.leng
eaec0	74 68 20 6f 66 20 74 68 65 20 64 65 6c 65 67 61 74 69 6f 6e 20 70 72 65 66 69 78 2e 20 46 72 6f	th.of.the.delegation.prefix..Fro
eaee0	6d 20 74 68 65 20 64 65 66 69 6e 65 64 20 49 50 76 36 20 70 6f 6f 6c 20 79 6f 75 20 77 69 6c 6c	m.the.defined.IPv6.pool.you.will
eaf00	20 62 65 20 68 61 6e 64 69 6e 67 20 6f 75 74 20 6e 65 74 77 6f 72 6b 73 20 6f 66 20 74 68 65 20	.be.handing.out.networks.of.the.
eaf20	64 65 66 69 6e 65 64 20 6c 65 6e 67 74 68 20 28 64 65 6c 65 67 61 74 69 6f 6e 2d 70 72 65 66 69	defined.length.(delegation-prefi
eaf40	78 29 2e 20 54 68 65 20 6c 65 6e 67 74 68 20 6f 66 20 74 68 65 20 64 65 6c 65 67 61 74 69 6f 6e	x)..The.length.of.the.delegation
eaf60	20 70 72 65 66 69 78 20 63 61 6e 20 62 65 20 73 65 74 20 66 72 6f 6d 20 33 32 20 74 6f 20 36 34	.prefix.can.be.set.from.32.to.64
eaf80	20 62 69 74 20 6c 6f 6e 67 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63	.bit.long..Use.this.command.to.c
eafa0	6f 6e 66 69 67 75 72 65 20 44 48 43 50 76 36 20 50 72 65 66 69 78 20 44 65 6c 65 67 61 74 69 6f	onfigure.DHCPv6.Prefix.Delegatio
eafc0	6e 20 28 52 46 43 33 36 33 33 29 2e 20 59 6f 75 20 77 69 6c 6c 20 68 61 76 65 20 74 6f 20 73 65	n.(RFC3633)..You.will.have.to.se
eafe0	74 20 79 6f 75 72 20 49 50 76 36 20 70 6f 6f 6c 20 61 6e 64 20 74 68 65 20 6c 65 6e 67 74 68 20	t.your.IPv6.pool.and.the.length.
eb000	6f 66 20 74 68 65 20 64 65 6c 65 67 61 74 69 6f 6e 20 70 72 65 66 69 78 2e 20 46 72 6f 6d 20 74	of.the.delegation.prefix..From.t
eb020	68 65 20 64 65 66 69 6e 65 64 20 49 50 76 36 20 70 6f 6f 6c 20 79 6f 75 20 77 69 6c 6c 20 62 65	he.defined.IPv6.pool.you.will.be
eb040	20 68 61 6e 64 69 6e 67 20 6f 75 74 20 6e 65 74 77 6f 72 6b 73 20 6f 66 20 74 68 65 20 64 65 66	.handing.out.networks.of.the.def
eb060	69 6e 65 64 20 6c 65 6e 67 74 68 20 28 64 65 6c 65 67 61 74 69 6f 6e 2d 70 72 65 66 69 78 29 2e	ined.length.(delegation-prefix).
eb080	20 54 68 65 20 6c 65 6e 67 74 68 20 6f 66 20 74 68 65 20 64 65 6c 65 67 61 74 69 6f 6e 20 70 72	.The.length.of.the.delegation.pr
eb0a0	65 66 69 78 20 63 61 6e 20 62 65 20 73 65 74 20 66 72 6f 6d 20 33 32 20 74 6f 20 36 34 20 62 69	efix.can.be.set.from.32.to.64.bi
eb0c0	74 20 6c 6f 6e 67 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66	t.long..Use.this.command.to.conf
eb0e0	69 67 75 72 65 20 44 79 6e 61 6d 69 63 20 41 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 45 78 74 65	igure.Dynamic.Authorization.Exte
eb100	6e 73 69 6f 6e 73 20 74 6f 20 52 41 44 49 55 53 20 73 6f 20 74 68 61 74 20 79 6f 75 20 63 61 6e	nsions.to.RADIUS.so.that.you.can
eb120	20 72 65 6d 6f 74 65 6c 79 20 64 69 73 63 6f 6e 6e 65 63 74 20 73 65 73 73 69 6f 6e 73 20 61 6e	.remotely.disconnect.sessions.an
eb140	64 20 63 68 61 6e 67 65 20 73 6f 6d 65 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 70 61 72	d.change.some.authentication.par
eb160	61 6d 65 74 65 72 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e	ameters..Use.this.command.to.con
eb180	66 69 67 75 72 65 20 61 20 22 62 6c 61 63 6b 2d 68 6f 6c 65 22 20 72 6f 75 74 65 20 6f 6e 20 74	figure.a."black-hole".route.on.t
eb1a0	68 65 20 72 6f 75 74 65 72 2e 20 41 20 62 6c 61 63 6b 2d 68 6f 6c 65 20 72 6f 75 74 65 20 69 73	he.router..A.black-hole.route.is
eb1c0	20 61 20 72 6f 75 74 65 20 66 6f 72 20 77 68 69 63 68 20 74 68 65 20 73 79 73 74 65 6d 20 73 69	.a.route.for.which.the.system.si
eb1e0	6c 65 6e 74 6c 79 20 64 69 73 63 61 72 64 20 70 61 63 6b 65 74 73 20 74 68 61 74 20 61 72 65 20	lently.discard.packets.that.are.
eb200	6d 61 74 63 68 65 64 2e 20 54 68 69 73 20 70 72 65 76 65 6e 74 73 20 6e 65 74 77 6f 72 6b 73 20	matched..This.prevents.networks.
eb220	6c 65 61 6b 69 6e 67 20 6f 75 74 20 70 75 62 6c 69 63 20 69 6e 74 65 72 66 61 63 65 73 2c 20 62	leaking.out.public.interfaces,.b
eb240	75 74 20 69 74 20 64 6f 65 73 20 6e 6f 74 20 70 72 65 76 65 6e 74 20 74 68 65 6d 20 66 72 6f 6d	ut.it.does.not.prevent.them.from
eb260	20 62 65 69 6e 67 20 75 73 65 64 20 61 73 20 61 20 6d 6f 72 65 20 73 70 65 63 69 66 69 63 20 72	.being.used.as.a.more.specific.r
eb280	6f 75 74 65 20 69 6e 73 69 64 65 20 79 6f 75 72 20 6e 65 74 77 6f 72 6b 2e 00 55 73 65 20 74 68	oute.inside.your.network..Use.th
eb2a0	69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 61 20 4e 65 74 77 6f 72	is.command.to.configure.a.Networ
eb2c0	6b 20 45 6d 75 6c 61 74 6f 72 20 70 6f 6c 69 63 79 20 64 65 66 69 6e 69 6e 67 20 69 74 73 20 6e	k.Emulator.policy.defining.its.n
eb2e0	61 6d 65 20 61 6e 64 20 74 68 65 20 66 69 78 65 64 20 61 6d 6f 75 6e 74 20 6f 66 20 74 69 6d 65	ame.and.the.fixed.amount.of.time
eb300	20 79 6f 75 20 77 61 6e 74 20 74 6f 20 61 64 64 20 74 6f 20 61 6c 6c 20 70 61 63 6b 65 74 20 67	.you.want.to.add.to.all.packet.g
eb320	6f 69 6e 67 20 6f 75 74 20 6f 66 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 2e 20 54 68 65 20 6c	oing.out.of.the.interface..The.l
eb340	61 74 65 6e 63 79 20 77 69 6c 6c 20 62 65 20 61 64 64 65 64 20 74 68 72 6f 75 67 68 20 74 68 65	atency.will.be.added.through.the
eb360	20 54 6f 6b 65 6e 20 42 75 63 6b 65 74 20 46 69 6c 74 65 72 20 71 64 69 73 63 2e 20 49 74 20 77	.Token.Bucket.Filter.qdisc..It.w
eb380	69 6c 6c 20 6f 6e 6c 79 20 74 61 6b 65 20 65 66 66 65 63 74 20 69 66 20 79 6f 75 20 68 61 76 65	ill.only.take.effect.if.you.have
eb3a0	20 63 6f 6e 66 69 67 75 72 65 64 20 69 74 73 20 62 61 6e 64 77 69 64 74 68 20 74 6f 6f 2e 20 59	.configured.its.bandwidth.too..Y
eb3c0	6f 75 20 63 61 6e 20 75 73 65 20 73 65 63 73 2c 20 6d 73 20 61 6e 64 20 75 73 2e 20 44 65 66 61	ou.can.use.secs,.ms.and.us..Defa
eb3e0	75 6c 74 3a 20 35 30 6d 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63	ult:.50ms..Use.this.command.to.c
eb400	6f 6e 66 69 67 75 72 65 20 61 20 50 72 69 6f 72 69 74 79 20 51 75 65 75 65 20 70 6f 6c 69 63 79	onfigure.a.Priority.Queue.policy
eb420	2c 20 73 65 74 20 69 74 73 20 6e 61 6d 65 2c 20 73 65 74 20 61 20 63 6c 61 73 73 20 77 69 74 68	,.set.its.name,.set.a.class.with
eb440	20 61 20 70 72 69 6f 72 69 74 79 20 66 72 6f 6d 20 31 20 74 6f 20 37 20 61 6e 64 20 64 65 66 69	.a.priority.from.1.to.7.and.defi
eb460	6e 65 20 61 20 68 61 72 64 20 6c 69 6d 69 74 20 6f 6e 20 74 68 65 20 72 65 61 6c 20 71 75 65 75	ne.a.hard.limit.on.the.real.queu
eb480	65 20 73 69 7a 65 2e 20 57 68 65 6e 20 74 68 69 73 20 6c 69 6d 69 74 20 69 73 20 72 65 61 63 68	e.size..When.this.limit.is.reach
eb4a0	65 64 2c 20 6e 65 77 20 70 61 63 6b 65 74 73 20 61 72 65 20 64 72 6f 70 70 65 64 2e 00 55 73 65	ed,.new.packets.are.dropped..Use
eb4c0	20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 61 20 52 61 6e	.this.command.to.configure.a.Ran
eb4e0	64 6f 6d 2d 44 65 74 65 63 74 20 70 6f 6c 69 63 79 20 61 6e 64 20 73 65 74 20 69 74 73 20 6e 61	dom-Detect.policy.and.set.its.na
eb500	6d 65 2c 20 74 68 65 6e 20 6e 61 6d 65 20 74 68 65 20 49 50 20 50 72 65 63 65 64 65 6e 63 65 20	me,.then.name.the.IP.Precedence.
eb520	66 6f 72 20 74 68 65 20 76 69 72 74 75 61 6c 20 71 75 65 75 65 20 79 6f 75 20 61 72 65 20 63 6f	for.the.virtual.queue.you.are.co
eb540	6e 66 69 67 75 72 69 6e 67 20 61 6e 64 20 77 68 61 74 20 74 68 65 20 6d 61 78 69 6d 75 6d 20 73	nfiguring.and.what.the.maximum.s
eb560	69 7a 65 20 6f 66 20 69 74 73 20 71 75 65 75 65 20 77 69 6c 6c 20 62 65 20 28 66 72 6f 6d 20 31	ize.of.its.queue.will.be.(from.1
eb580	20 74 6f 20 31 2d 34 32 39 34 39 36 37 32 39 35 20 70 61 63 6b 65 74 73 29 2e 20 50 61 63 6b 65	.to.1-4294967295.packets)..Packe
eb5a0	74 73 20 61 72 65 20 64 72 6f 70 70 65 64 20 77 68 65 6e 20 74 68 65 20 63 75 72 72 65 6e 74 20	ts.are.dropped.when.the.current.
eb5c0	71 75 65 75 65 20 6c 65 6e 67 74 68 20 72 65 61 63 68 65 73 20 74 68 69 73 20 76 61 6c 75 65 2e	queue.length.reaches.this.value.
eb5e0	00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 61	.Use.this.command.to.configure.a
eb600	20 52 61 6e 64 6f 6d 2d 44 65 74 65 63 74 20 70 6f 6c 69 63 79 20 61 6e 64 20 73 65 74 20 69 74	.Random-Detect.policy.and.set.it
eb620	73 20 6e 61 6d 65 2c 20 74 68 65 6e 20 73 74 61 74 65 20 74 68 65 20 49 50 20 50 72 65 63 65 64	s.name,.then.state.the.IP.Preced
eb640	65 6e 63 65 20 66 6f 72 20 74 68 65 20 76 69 72 74 75 61 6c 20 71 75 65 75 65 20 79 6f 75 20 61	ence.for.the.virtual.queue.you.a
eb660	72 65 20 63 6f 6e 66 69 67 75 72 69 6e 67 20 61 6e 64 20 77 68 61 74 20 69 74 73 20 6d 61 72 6b	re.configuring.and.what.its.mark
eb680	20 28 64 72 6f 70 29 20 70 72 6f 62 61 62 69 6c 69 74 79 20 77 69 6c 6c 20 62 65 2e 20 53 65 74	.(drop).probability.will.be..Set
eb6a0	20 74 68 65 20 70 72 6f 62 61 62 69 6c 69 74 79 20 62 79 20 67 69 76 69 6e 67 20 74 68 65 20 4e	.the.probability.by.giving.the.N
eb6c0	20 76 61 6c 75 65 20 6f 66 20 74 68 65 20 66 72 61 63 74 69 6f 6e 20 31 2f 4e 20 28 64 65 66 61	.value.of.the.fraction.1/N.(defa
eb6e0	75 6c 74 3a 20 31 30 29 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f	ult:.10)..Use.this.command.to.co
eb700	6e 66 69 67 75 72 65 20 61 20 52 61 6e 64 6f 6d 2d 44 65 74 65 63 74 20 70 6f 6c 69 63 79 20 61	nfigure.a.Random-Detect.policy.a
eb720	6e 64 20 73 65 74 20 69 74 73 20 6e 61 6d 65 2c 20 74 68 65 6e 20 73 74 61 74 65 20 74 68 65 20	nd.set.its.name,.then.state.the.
eb740	49 50 20 50 72 65 63 65 64 65 6e 63 65 20 66 6f 72 20 74 68 65 20 76 69 72 74 75 61 6c 20 71 75	IP.Precedence.for.the.virtual.qu
eb760	65 75 65 20 79 6f 75 20 61 72 65 20 63 6f 6e 66 69 67 75 72 69 6e 67 20 61 6e 64 20 77 68 61 74	eue.you.are.configuring.and.what
eb780	20 69 74 73 20 6d 61 78 69 6d 75 6d 20 74 68 72 65 73 68 6f 6c 64 20 66 6f 72 20 72 61 6e 64 6f	.its.maximum.threshold.for.rando
eb7a0	6d 20 64 65 74 65 63 74 69 6f 6e 20 77 69 6c 6c 20 62 65 20 28 66 72 6f 6d 20 30 20 74 6f 20 34	m.detection.will.be.(from.0.to.4
eb7c0	30 39 36 20 70 61 63 6b 65 74 73 2c 20 64 65 66 61 75 6c 74 3a 20 31 38 29 2e 20 41 74 20 74 68	096.packets,.default:.18)..At.th
eb7e0	69 73 20 73 69 7a 65 2c 20 74 68 65 20 6d 61 72 6b 69 6e 67 20 28 64 72 6f 70 29 20 70 72 6f 62	is.size,.the.marking.(drop).prob
eb800	61 62 69 6c 69 74 79 20 69 73 20 6d 61 78 69 6d 61 6c 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d	ability.is.maximal..Use.this.com
eb820	6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 61 20 52 61 6e 64 6f 6d 2d 44 65 74 65 63	mand.to.configure.a.Random-Detec
eb840	74 20 70 6f 6c 69 63 79 20 61 6e 64 20 73 65 74 20 69 74 73 20 6e 61 6d 65 2c 20 74 68 65 6e 20	t.policy.and.set.its.name,.then.
eb860	73 74 61 74 65 20 74 68 65 20 49 50 20 50 72 65 63 65 64 65 6e 63 65 20 66 6f 72 20 74 68 65 20	state.the.IP.Precedence.for.the.
eb880	76 69 72 74 75 61 6c 20 71 75 65 75 65 20 79 6f 75 20 61 72 65 20 63 6f 6e 66 69 67 75 72 69 6e	virtual.queue.you.are.configurin
eb8a0	67 20 61 6e 64 20 77 68 61 74 20 69 74 73 20 6d 69 6e 69 6d 75 6d 20 74 68 72 65 73 68 6f 6c 64	g.and.what.its.minimum.threshold
eb8c0	20 66 6f 72 20 72 61 6e 64 6f 6d 20 64 65 74 65 63 74 69 6f 6e 20 77 69 6c 6c 20 62 65 20 28 66	.for.random.detection.will.be.(f
eb8e0	72 6f 6d 20 30 20 74 6f 20 34 30 39 36 20 70 61 63 6b 65 74 73 29 2e 20 20 49 66 20 74 68 69 73	rom.0.to.4096.packets)...If.this
eb900	20 76 61 6c 75 65 20 69 73 20 65 78 63 65 65 64 65 64 2c 20 70 61 63 6b 65 74 73 20 73 74 61 72	.value.is.exceeded,.packets.star
eb920	74 20 62 65 69 6e 67 20 65 6c 69 67 69 62 6c 65 20 66 6f 72 20 62 65 69 6e 67 20 64 72 6f 70 70	t.being.eligible.for.being.dropp
eb940	65 64 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72	ed..Use.this.command.to.configur
eb960	65 20 61 20 52 61 6e 64 6f 6d 2d 44 65 74 65 63 74 20 70 6f 6c 69 63 79 20 61 6e 64 20 73 65 74	e.a.Random-Detect.policy.and.set
eb980	20 69 74 73 20 6e 61 6d 65 2c 20 74 68 65 6e 20 73 74 61 74 65 20 74 68 65 20 49 50 20 50 72 65	.its.name,.then.state.the.IP.Pre
eb9a0	63 65 64 65 6e 63 65 20 66 6f 72 20 74 68 65 20 76 69 72 74 75 61 6c 20 71 75 65 75 65 20 79 6f	cedence.for.the.virtual.queue.yo
eb9c0	75 20 61 72 65 20 63 6f 6e 66 69 67 75 72 69 6e 67 20 61 6e 64 20 77 68 61 74 20 74 68 65 20 73	u.are.configuring.and.what.the.s
eb9e0	69 7a 65 20 6f 66 20 69 74 73 20 61 76 65 72 61 67 65 2d 70 61 63 6b 65 74 20 73 68 6f 75 6c 64	ize.of.its.average-packet.should
eba00	20 62 65 20 28 69 6e 20 62 79 74 65 73 2c 20 64 65 66 61 75 6c 74 3a 20 31 30 32 34 29 2e 00 55	.be.(in.bytes,.default:.1024)..U
eba20	73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 61 20 52	se.this.command.to.configure.a.R
eba40	61 6e 64 6f 6d 2d 44 65 74 65 63 74 20 70 6f 6c 69 63 79 2c 20 73 65 74 20 69 74 73 20 6e 61 6d	andom-Detect.policy,.set.its.nam
eba60	65 20 61 6e 64 20 73 65 74 20 74 68 65 20 61 76 61 69 6c 61 62 6c 65 20 62 61 6e 64 77 69 64 74	e.and.set.the.available.bandwidt
eba80	68 20 66 6f 72 20 74 68 69 73 20 70 6f 6c 69 63 79 2e 20 49 74 20 69 73 20 75 73 65 64 20 66 6f	h.for.this.policy..It.is.used.fo
ebaa0	72 20 63 61 6c 63 75 6c 61 74 69 6e 67 20 74 68 65 20 61 76 65 72 61 67 65 20 71 75 65 75 65 20	r.calculating.the.average.queue.
ebac0	73 69 7a 65 20 61 66 74 65 72 20 73 6f 6d 65 20 69 64 6c 65 20 74 69 6d 65 2e 20 49 74 20 73 68	size.after.some.idle.time..It.sh
ebae0	6f 75 6c 64 20 62 65 20 73 65 74 20 74 6f 20 74 68 65 20 62 61 6e 64 77 69 64 74 68 20 6f 66 20	ould.be.set.to.the.bandwidth.of.
ebb00	79 6f 75 72 20 69 6e 74 65 72 66 61 63 65 2e 20 52 61 6e 64 6f 6d 20 44 65 74 65 63 74 20 69 73	your.interface..Random.Detect.is
ebb20	20 6e 6f 74 20 61 20 73 68 61 70 69 6e 67 20 70 6f 6c 69 63 79 2c 20 74 68 69 73 20 63 6f 6d 6d	.not.a.shaping.policy,.this.comm
ebb40	61 6e 64 20 77 69 6c 6c 20 6e 6f 74 20 73 68 61 70 65 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d	and.will.not.shape..Use.this.com
ebb60	6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 61 20 52 61 74 65 2d 43 6f 6e 74 72 6f 6c	mand.to.configure.a.Rate-Control
ebb80	20 70 6f 6c 69 63 79 2c 20 73 65 74 20 69 74 73 20 6e 61 6d 65 20 61 6e 64 20 74 68 65 20 6d 61	.policy,.set.its.name.and.the.ma
ebba0	78 69 6d 75 6d 20 61 6d 6f 75 6e 74 20 6f 66 20 74 69 6d 65 20 61 20 70 61 63 6b 65 74 20 63 61	ximum.amount.of.time.a.packet.ca
ebbc0	6e 20 62 65 20 71 75 65 75 65 64 20 28 64 65 66 61 75 6c 74 3a 20 35 30 20 6d 73 29 2e 00 55 73	n.be.queued.(default:.50.ms)..Us
ebbe0	65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 61 20 52 61	e.this.command.to.configure.a.Ra
ebc00	74 65 2d 43 6f 6e 74 72 6f 6c 20 70 6f 6c 69 63 79 2c 20 73 65 74 20 69 74 73 20 6e 61 6d 65 20	te-Control.policy,.set.its.name.
ebc20	61 6e 64 20 74 68 65 20 72 61 74 65 20 6c 69 6d 69 74 20 79 6f 75 20 77 61 6e 74 20 74 6f 20 68	and.the.rate.limit.you.want.to.h
ebc40	61 76 65 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75	ave..Use.this.command.to.configu
ebc60	72 65 20 61 20 52 61 74 65 2d 43 6f 6e 74 72 6f 6c 20 70 6f 6c 69 63 79 2c 20 73 65 74 20 69 74	re.a.Rate-Control.policy,.set.it
ebc80	73 20 6e 61 6d 65 20 61 6e 64 20 74 68 65 20 73 69 7a 65 20 6f 66 20 74 68 65 20 62 75 63 6b 65	s.name.and.the.size.of.the.bucke
ebca0	74 20 69 6e 20 62 79 74 65 73 20 77 68 69 63 68 20 77 69 6c 6c 20 62 65 20 61 76 61 69 6c 61 62	t.in.bytes.which.will.be.availab
ebcc0	6c 65 20 66 6f 72 20 62 75 72 73 74 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74	le.for.burst..Use.this.command.t
ebce0	6f 20 63 6f 6e 66 69 67 75 72 65 20 61 20 52 6f 75 6e 64 2d 52 6f 62 69 6e 20 70 6f 6c 69 63 79	o.configure.a.Round-Robin.policy
ebd00	2c 20 73 65 74 20 69 74 73 20 6e 61 6d 65 2c 20 73 65 74 20 61 20 63 6c 61 73 73 20 49 44 2c 20	,.set.its.name,.set.a.class.ID,.
ebd20	61 6e 64 20 74 68 65 20 71 75 61 6e 74 75 6d 20 66 6f 72 20 74 68 61 74 20 63 6c 61 73 73 2e 20	and.the.quantum.for.that.class..
ebd40	54 68 65 20 64 65 66 69 63 69 74 20 63 6f 75 6e 74 65 72 20 77 69 6c 6c 20 61 64 64 20 74 68 61	The.deficit.counter.will.add.tha
ebd60	74 20 76 61 6c 75 65 20 65 61 63 68 20 72 6f 75 6e 64 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d	t.value.each.round..Use.this.com
ebd80	6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 61 20 52 6f 75 6e 64 2d 52 6f 62 69 6e 20	mand.to.configure.a.Round-Robin.
ebda0	70 6f 6c 69 63 79 2c 20 73 65 74 20 69 74 73 20 6e 61 6d 65 2c 20 73 65 74 20 61 20 63 6c 61 73	policy,.set.its.name,.set.a.clas
ebdc0	73 20 49 44 2c 20 61 6e 64 20 74 68 65 20 71 75 65 75 65 20 73 69 7a 65 20 69 6e 20 70 61 63 6b	s.ID,.and.the.queue.size.in.pack
ebde0	65 74 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75	ets..Use.this.command.to.configu
ebe00	72 65 20 61 20 53 68 61 70 65 72 20 70 6f 6c 69 63 79 2c 20 73 65 74 20 69 74 73 20 6e 61 6d 65	re.a.Shaper.policy,.set.its.name
ebe20	20 61 6e 64 20 74 68 65 20 6d 61 78 69 6d 75 6d 20 62 61 6e 64 77 69 64 74 68 20 66 6f 72 20 61	.and.the.maximum.bandwidth.for.a
ebe40	6c 6c 20 63 6f 6d 62 69 6e 65 64 20 74 72 61 66 66 69 63 2e 00 55 73 65 20 74 68 69 73 20 63 6f	ll.combined.traffic..Use.this.co
ebe60	6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 61 20 53 68 61 70 65 72 20 70 6f 6c 69	mmand.to.configure.a.Shaper.poli
ebe80	63 79 2c 20 73 65 74 20 69 74 73 20 6e 61 6d 65 2c 20 64 65 66 69 6e 65 20 61 20 63 6c 61 73 73	cy,.set.its.name,.define.a.class
ebea0	20 61 6e 64 20 73 65 74 20 74 68 65 20 67 75 61 72 61 6e 74 65 65 64 20 74 72 61 66 66 69 63 20	.and.set.the.guaranteed.traffic.
ebec0	79 6f 75 20 77 61 6e 74 20 74 6f 20 61 6c 6c 6f 63 61 74 65 20 74 6f 20 74 68 61 74 20 63 6c 61	you.want.to.allocate.to.that.cla
ebee0	73 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72	ss..Use.this.command.to.configur
ebf00	65 20 61 20 53 68 61 70 65 72 20 70 6f 6c 69 63 79 2c 20 73 65 74 20 69 74 73 20 6e 61 6d 65 2c	e.a.Shaper.policy,.set.its.name,
ebf20	20 64 65 66 69 6e 65 20 61 20 63 6c 61 73 73 20 61 6e 64 20 73 65 74 20 74 68 65 20 6d 61 78 69	.define.a.class.and.set.the.maxi
ebf40	6d 75 6d 20 73 70 65 65 64 20 70 6f 73 73 69 62 6c 65 20 66 6f 72 20 74 68 69 73 20 63 6c 61 73	mum.speed.possible.for.this.clas
ebf60	73 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 63 65 69 6c 69 6e 67 20 76 61 6c 75 65 20 69 73 20	s..The.default.ceiling.value.is.
ebf80	74 68 65 20 62 61 6e 64 77 69 64 74 68 20 76 61 6c 75 65 2e 00 55 73 65 20 74 68 69 73 20 63 6f	the.bandwidth.value..Use.this.co
ebfa0	6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 61 20 53 68 61 70 65 72 20 70 6f 6c 69	mmand.to.configure.a.Shaper.poli
ebfc0	63 79 2c 20 73 65 74 20 69 74 73 20 6e 61 6d 65 2c 20 64 65 66 69 6e 65 20 61 20 63 6c 61 73 73	cy,.set.its.name,.define.a.class
ebfe0	20 61 6e 64 20 73 65 74 20 74 68 65 20 70 72 69 6f 72 69 74 79 20 66 6f 72 20 75 73 61 67 65 20	.and.set.the.priority.for.usage.
ec000	6f 66 20 61 76 61 69 6c 61 62 6c 65 20 62 61 6e 64 77 69 64 74 68 20 6f 6e 63 65 20 67 75 61 72	of.available.bandwidth.once.guar
ec020	61 6e 74 65 65 73 20 68 61 76 65 20 62 65 65 6e 20 6d 65 74 2e 20 54 68 65 20 6c 6f 77 65 72 20	antees.have.been.met..The.lower.
ec040	74 68 65 20 70 72 69 6f 72 69 74 79 20 6e 75 6d 62 65 72 2c 20 74 68 65 20 68 69 67 68 65 72 20	the.priority.number,.the.higher.
ec060	74 68 65 20 70 72 69 6f 72 69 74 79 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 70 72 69 6f 72 69	the.priority..The.default.priori
ec080	74 79 20 76 61 6c 75 65 20 69 73 20 30 2c 20 74 68 65 20 68 69 67 68 65 73 74 20 70 72 69 6f 72	ty.value.is.0,.the.highest.prior
ec0a0	69 74 79 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75	ity..Use.this.command.to.configu
ec0c0	72 65 20 61 20 53 68 61 70 65 72 20 70 6f 6c 69 63 79 2c 20 73 65 74 20 69 74 73 20 6e 61 6d 65	re.a.Shaper.policy,.set.its.name
ec0e0	2c 20 64 65 66 69 6e 65 20 61 20 63 6c 61 73 73 20 61 6e 64 20 73 65 74 20 74 68 65 20 73 69 7a	,.define.a.class.and.set.the.siz
ec100	65 20 6f 66 20 74 68 65 20 60 74 6f 63 6b 65 6e 20 62 75 63 6b 65 74 60 5f 20 69 6e 20 62 79 74	e.of.the.`tocken.bucket`_.in.byt
ec120	65 73 2c 20 77 68 69 63 68 20 77 69 6c 6c 20 62 65 20 61 76 61 69 6c 61 62 6c 65 20 74 6f 20 62	es,.which.will.be.available.to.b
ec140	65 20 73 65 6e 74 20 61 74 20 63 65 69 6c 69 6e 67 20 73 70 65 65 64 20 28 64 65 66 61 75 6c 74	e.sent.at.ceiling.speed.(default
ec160	3a 20 31 35 4b 62 29 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e	:.15Kb)..Use.this.command.to.con
ec180	66 69 67 75 72 65 20 61 20 64 61 74 61 2d 72 61 74 65 20 6c 69 6d 69 74 20 74 6f 20 50 50 50 4f	figure.a.data-rate.limit.to.PPPO
ec1a0	6f 45 20 63 6c 69 65 6e 74 73 20 66 6f 72 20 74 72 61 66 66 69 63 20 64 6f 77 6e 6c 6f 61 64 20	oE.clients.for.traffic.download.
ec1c0	6f 72 20 75 70 6c 6f 61 64 2e 20 54 68 65 20 72 61 74 65 2d 6c 69 6d 69 74 20 69 73 20 73 65 74	or.upload..The.rate-limit.is.set
ec1e0	20 69 6e 20 6b 62 69 74 2f 73 65 63 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74	.in.kbit/sec..Use.this.command.t
ec200	6f 20 63 6f 6e 66 69 67 75 72 65 20 61 20 64 72 6f 70 2d 74 61 69 6c 20 70 6f 6c 69 63 79 20 28	o.configure.a.drop-tail.policy.(
ec220	50 46 49 46 4f 29 2e 20 43 68 6f 6f 73 65 20 61 20 75 6e 69 71 75 65 20 6e 61 6d 65 20 66 6f 72	PFIFO)..Choose.a.unique.name.for
ec240	20 74 68 69 73 20 70 6f 6c 69 63 79 20 61 6e 64 20 74 68 65 20 73 69 7a 65 20 6f 66 20 74 68 65	.this.policy.and.the.size.of.the
ec260	20 71 75 65 75 65 20 62 79 20 73 65 74 74 69 6e 67 20 74 68 65 20 6e 75 6d 62 65 72 20 6f 66 20	.queue.by.setting.the.number.of.
ec280	70 61 63 6b 65 74 73 20 69 74 20 63 61 6e 20 63 6f 6e 74 61 69 6e 20 28 6d 61 78 69 6d 75 6d 20	packets.it.can.contain.(maximum.
ec2a0	34 32 39 34 39 36 37 32 39 35 29 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f	4294967295)..Use.this.command.to
ec2c0	20 63 6f 6e 66 69 67 75 72 65 20 61 20 73 70 65 63 69 66 69 63 20 73 65 73 73 69 6f 6e 20 68 6f	.configure.a.specific.session.ho
ec2e0	6c 64 20 74 69 6d 65 20 66 6f 72 20 4c 44 50 20 70 65 65 72 73 2e 20 53 65 74 20 74 68 65 20 49	ld.time.for.LDP.peers..Set.the.I
ec300	50 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 4c 44 50 20 70 65 65 72 20 61 6e 64 20 61 20	P.address.of.the.LDP.peer.and.a.
ec320	73 65 73 73 69 6f 6e 20 68 6f 6c 64 20 74 69 6d 65 20 74 68 61 74 20 73 68 6f 75 6c 64 20 62 65	session.hold.time.that.should.be
ec340	20 63 6f 6e 66 69 67 75 72 65 64 20 66 6f 72 20 69 74 2e 20 59 6f 75 20 6d 61 79 20 68 61 76 65	.configured.for.it..You.may.have
ec360	20 74 6f 20 72 65 73 65 74 20 74 68 65 20 6e 65 69 67 68 62 6f 72 20 66 6f 72 20 74 68 69 73 20	.to.reset.the.neighbor.for.this.
ec380	74 6f 20 77 6f 72 6b 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e	to.work..Use.this.command.to.con
ec3a0	66 69 67 75 72 65 20 61 6e 20 49 6e 67 72 65 73 73 20 50 6f 6c 69 63 65 72 2c 20 64 65 66 69 6e	figure.an.Ingress.Policer,.defin
ec3c0	69 6e 67 20 69 74 73 20 6e 61 6d 65 20 61 6e 64 20 74 68 65 20 62 75 72 73 74 20 73 69 7a 65 20	ing.its.name.and.the.burst.size.
ec3e0	69 6e 20 62 79 74 65 73 20 28 64 65 66 61 75 6c 74 3a 20 31 35 29 20 66 6f 72 20 69 74 73 20 64	in.bytes.(default:.15).for.its.d
ec400	65 66 61 75 6c 74 20 70 6f 6c 69 63 79 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20	efault.policy..Use.this.command.
ec420	74 6f 20 63 6f 6e 66 69 67 75 72 65 20 61 6e 20 49 6e 67 72 65 73 73 20 50 6f 6c 69 63 65 72 2c	to.configure.an.Ingress.Policer,
ec440	20 64 65 66 69 6e 69 6e 67 20 69 74 73 20 6e 61 6d 65 20 61 6e 64 20 74 68 65 20 6d 61 78 69 6d	.defining.its.name.and.the.maxim
ec460	75 6d 20 61 6c 6c 6f 77 65 64 20 62 61 6e 64 77 69 64 74 68 20 66 6f 72 20 69 74 73 20 64 65 66	um.allowed.bandwidth.for.its.def
ec480	61 75 6c 74 20 70 6f 6c 69 63 79 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f	ault.policy..Use.this.command.to
ec4a0	20 63 6f 6e 66 69 67 75 72 65 20 61 6e 20 49 6e 67 72 65 73 73 20 50 6f 6c 69 63 65 72 2c 20 64	.configure.an.Ingress.Policer,.d
ec4c0	65 66 69 6e 69 6e 67 20 69 74 73 20 6e 61 6d 65 2c 20 61 20 63 6c 61 73 73 20 69 64 65 6e 74 69	efining.its.name,.a.class.identi
ec4e0	66 69 65 72 20 28 31 2d 34 30 39 30 29 20 61 6e 64 20 74 68 65 20 62 75 72 73 74 20 73 69 7a 65	fier.(1-4090).and.the.burst.size
ec500	20 69 6e 20 62 79 74 65 73 20 66 6f 72 20 74 68 69 73 20 63 6c 61 73 73 20 28 64 65 66 61 75 6c	.in.bytes.for.this.class.(defaul
ec520	74 3a 20 31 35 29 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66	t:.15)..Use.this.command.to.conf
ec540	69 67 75 72 65 20 61 6e 20 49 6e 67 72 65 73 73 20 50 6f 6c 69 63 65 72 2c 20 64 65 66 69 6e 69	igure.an.Ingress.Policer,.defini
ec560	6e 67 20 69 74 73 20 6e 61 6d 65 2c 20 61 20 63 6c 61 73 73 20 69 64 65 6e 74 69 66 69 65 72 20	ng.its.name,.a.class.identifier.
ec580	28 31 2d 34 30 39 30 29 20 61 6e 64 20 74 68 65 20 6d 61 78 69 6d 75 6d 20 61 6c 6c 6f 77 65 64	(1-4090).and.the.maximum.allowed
ec5a0	20 62 61 6e 64 77 69 64 74 68 20 66 6f 72 20 74 68 69 73 20 63 6c 61 73 73 2e 00 55 73 65 20 74	.bandwidth.for.this.class..Use.t
ec5c0	68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 61 6e 20 49 6e 67 72	his.command.to.configure.an.Ingr
ec5e0	65 73 73 20 50 6f 6c 69 63 65 72 2c 20 64 65 66 69 6e 69 6e 67 20 69 74 73 20 6e 61 6d 65 2c 20	ess.Policer,.defining.its.name,.
ec600	61 20 63 6c 61 73 73 20 69 64 65 6e 74 69 66 69 65 72 20 28 31 2d 34 30 39 30 29 2c 20 61 20 63	a.class.identifier.(1-4090),.a.c
ec620	6c 61 73 73 20 6d 61 74 63 68 69 6e 67 20 72 75 6c 65 20 6e 61 6d 65 20 61 6e 64 20 69 74 73 20	lass.matching.rule.name.and.its.
ec640	64 65 73 63 72 69 70 74 69 6f 6e 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f	description..Use.this.command.to
ec660	20 63 6f 6e 66 69 67 75 72 65 20 61 6e 20 49 6e 67 72 65 73 73 20 50 6f 6c 69 63 65 72 2c 20 64	.configure.an.Ingress.Policer,.d
ec680	65 66 69 6e 69 6e 67 20 69 74 73 20 6e 61 6d 65 2c 20 61 20 63 6c 61 73 73 20 69 64 65 6e 74 69	efining.its.name,.a.class.identi
ec6a0	66 69 65 72 20 28 31 2d 34 30 39 30 29 2c 20 61 6e 64 20 74 68 65 20 70 72 69 6f 72 69 74 79 20	fier.(1-4090),.and.the.priority.
ec6c0	28 30 2d 32 30 2c 20 64 65 66 61 75 6c 74 20 32 30 29 20 69 6e 20 77 68 69 63 68 20 74 68 65 20	(0-20,.default.20).in.which.the.
ec6e0	72 75 6c 65 20 69 73 20 65 76 61 6c 75 61 74 65 64 20 28 74 68 65 20 6c 6f 77 65 72 20 74 68 65	rule.is.evaluated.(the.lower.the
ec700	20 6e 75 6d 62 65 72 2c 20 74 68 65 20 68 69 67 68 65 72 20 74 68 65 20 70 72 69 6f 72 69 74 79	.number,.the.higher.the.priority
ec720	29 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65	)..Use.this.command.to.configure
ec740	20 61 6e 20 66 71 2d 63 6f 64 65 6c 20 70 6f 6c 69 63 79 2c 20 73 65 74 20 69 74 73 20 6e 61 6d	.an.fq-codel.policy,.set.its.nam
ec760	65 20 61 6e 64 20 74 68 65 20 6d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 62 79 74 65	e.and.the.maximum.number.of.byte
ec780	73 20 28 64 65 66 61 75 6c 74 3a 20 31 35 31 34 29 20 74 6f 20 62 65 20 64 65 71 75 65 75 65 64	s.(default:.1514).to.be.dequeued
ec7a0	20 66 72 6f 6d 20 61 20 71 75 65 75 65 20 61 74 20 6f 6e 63 65 2e 00 55 73 65 20 74 68 69 73 20	.from.a.queue.at.once..Use.this.
ec7c0	63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 61 6e 20 66 71 2d 63 6f 64 65 6c	command.to.configure.an.fq-codel
ec7e0	20 70 6f 6c 69 63 79 2c 20 73 65 74 20 69 74 73 20 6e 61 6d 65 20 61 6e 64 20 74 68 65 20 6e 75	.policy,.set.its.name.and.the.nu
ec800	6d 62 65 72 20 6f 66 20 73 75 62 2d 71 75 65 75 65 73 20 28 64 65 66 61 75 6c 74 3a 20 31 30 32	mber.of.sub-queues.(default:.102
ec820	34 29 20 69 6e 74 6f 20 77 68 69 63 68 20 70 61 63 6b 65 74 73 20 61 72 65 20 63 6c 61 73 73 69	4).into.which.packets.are.classi
ec840	66 69 65 64 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67	fied..Use.this.command.to.config
ec860	75 72 65 20 61 6e 20 66 71 2d 63 6f 64 65 6c 20 70 6f 6c 69 63 79 2c 20 73 65 74 20 69 74 73 20	ure.an.fq-codel.policy,.set.its.
ec880	6e 61 6d 65 20 61 6e 64 20 74 68 65 20 74 69 6d 65 20 70 65 72 69 6f 64 20 75 73 65 64 20 62 79	name.and.the.time.period.used.by
ec8a0	20 74 68 65 20 63 6f 6e 74 72 6f 6c 20 6c 6f 6f 70 20 6f 66 20 43 6f 44 65 6c 20 74 6f 20 64 65	.the.control.loop.of.CoDel.to.de
ec8c0	74 65 63 74 20 77 68 65 6e 20 61 20 70 65 72 73 69 73 74 65 6e 74 20 71 75 65 75 65 20 69 73 20	tect.when.a.persistent.queue.is.
ec8e0	64 65 76 65 6c 6f 70 69 6e 67 2c 20 65 6e 73 75 72 69 6e 67 20 74 68 61 74 20 74 68 65 20 6d 65	developing,.ensuring.that.the.me
ec900	61 73 75 72 65 64 20 6d 69 6e 69 6d 75 6d 20 64 65 6c 61 79 20 64 6f 65 73 20 6e 6f 74 20 62 65	asured.minimum.delay.does.not.be
ec920	63 6f 6d 65 20 74 6f 6f 20 73 74 61 6c 65 20 28 64 65 66 61 75 6c 74 3a 20 31 30 30 6d 73 29 2e	come.too.stale.(default:.100ms).
ec940	00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 61	.Use.this.command.to.configure.a
ec960	6e 20 66 71 2d 63 6f 64 65 6c 20 70 6f 6c 69 63 79 2c 20 73 65 74 20 69 74 73 20 6e 61 6d 65 2c	n.fq-codel.policy,.set.its.name,
ec980	20 61 6e 64 20 64 65 66 69 6e 65 20 61 20 68 61 72 64 20 6c 69 6d 69 74 20 6f 6e 20 74 68 65 20	.and.define.a.hard.limit.on.the.
ec9a0	72 65 61 6c 20 71 75 65 75 65 20 73 69 7a 65 2e 20 57 68 65 6e 20 74 68 69 73 20 6c 69 6d 69 74	real.queue.size..When.this.limit
ec9c0	20 69 73 20 72 65 61 63 68 65 64 2c 20 6e 65 77 20 70 61 63 6b 65 74 73 20 61 72 65 20 64 72 6f	.is.reached,.new.packets.are.dro
ec9e0	70 70 65 64 20 28 64 65 66 61 75 6c 74 3a 20 31 30 32 34 30 20 70 61 63 6b 65 74 73 29 2e 00 55	pped.(default:.10240.packets)..U
eca00	73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 61 6e 20	se.this.command.to.configure.an.
eca20	66 71 2d 63 6f 64 65 6c 20 70 6f 6c 69 63 79 2c 20 73 65 74 20 69 74 73 20 6e 61 6d 65 2c 20 61	fq-codel.policy,.set.its.name,.a
eca40	6e 64 20 64 65 66 69 6e 65 20 74 68 65 20 61 63 63 65 70 74 61 62 6c 65 20 6d 69 6e 69 6d 75 6d	nd.define.the.acceptable.minimum
eca60	20 73 74 61 6e 64 69 6e 67 2f 70 65 72 73 69 73 74 65 6e 74 20 71 75 65 75 65 20 64 65 6c 61 79	.standing/persistent.queue.delay
eca80	2e 20 54 68 69 73 20 6d 69 6e 69 6d 75 6d 20 64 65 6c 61 79 20 69 73 20 69 64 65 6e 74 69 66 69	..This.minimum.delay.is.identifi
ecaa0	65 64 20 62 79 20 74 72 61 63 6b 69 6e 67 20 74 68 65 20 6c 6f 63 61 6c 20 6d 69 6e 69 6d 75 6d	ed.by.tracking.the.local.minimum
ecac0	20 71 75 65 75 65 20 64 65 6c 61 79 20 74 68 61 74 20 70 61 63 6b 65 74 73 20 65 78 70 65 72 69	.queue.delay.that.packets.experi
ecae0	65 6e 63 65 20 28 64 65 66 61 75 6c 74 3a 20 35 6d 73 29 2e 00 55 73 65 20 74 68 69 73 20 63 6f	ence.(default:.5ms)..Use.this.co
ecb00	6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 61 6e 20 69 6e 74 65 72 66 61 63 65 20	mmand.to.configure.an.interface.
ecb20	77 69 74 68 20 49 47 4d 50 20 73 6f 20 74 68 61 74 20 50 49 4d 20 63 61 6e 20 72 65 63 65 69 76	with.IGMP.so.that.PIM.can.receiv
ecb40	65 20 49 47 4d 50 20 72 65 70 6f 72 74 73 20 61 6e 64 20 71 75 65 72 79 20 6f 6e 20 74 68 65 20	e.IGMP.reports.and.query.on.the.
ecb60	73 65 6c 65 63 74 65 64 20 69 6e 74 65 72 66 61 63 65 2e 20 42 79 20 64 65 66 61 75 6c 74 20 49	selected.interface..By.default.I
ecb80	47 4d 50 20 76 65 72 73 69 6f 6e 20 33 20 77 69 6c 6c 20 62 65 20 75 73 65 64 2e 00 55 73 65 20	GMP.version.3.will.be.used..Use.
ecba0	74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 61 75 74 68 65 6e	this.command.to.configure.authen
ecbc0	74 69 63 61 74 69 6f 6e 20 66 6f 72 20 4c 44 50 20 70 65 65 72 73 2e 20 53 65 74 20 74 68 65 20	tication.for.LDP.peers..Set.the.
ecbe0	49 50 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 4c 44 50 20 70 65 65 72 20 61 6e 64 20 61	IP.address.of.the.LDP.peer.and.a
ecc00	20 70 61 73 73 77 6f 72 64 20 74 68 61 74 20 73 68 6f 75 6c 64 20 62 65 20 73 68 61 72 65 64 20	.password.that.should.be.shared.
ecc20	69 6e 20 6f 72 64 65 72 20 74 6f 20 62 65 63 6f 6d 65 20 6e 65 69 67 68 62 6f 72 73 2e 00 55 73	in.order.to.become.neighbors..Us
ecc40	65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 69 6e 20 74	e.this.command.to.configure.in.t
ecc60	68 65 20 73 65 6c 65 63 74 65 64 20 69 6e 74 65 72 66 61 63 65 20 74 68 65 20 49 47 4d 50 20 68	he.selected.interface.the.IGMP.h
ecc80	6f 73 74 20 71 75 65 72 79 20 69 6e 74 65 72 76 61 6c 20 28 31 2d 31 38 30 30 29 20 69 6e 20 73	ost.query.interval.(1-1800).in.s
ecca0	65 63 6f 6e 64 73 20 74 68 61 74 20 50 49 4d 20 77 69 6c 6c 20 75 73 65 2e 00 55 73 65 20 74 68	econds.that.PIM.will.use..Use.th
eccc0	69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 69 6e 20 74 68 65 20 73	is.command.to.configure.in.the.s
ecce0	65 6c 65 63 74 65 64 20 69 6e 74 65 72 66 61 63 65 20 74 68 65 20 49 47 4d 50 20 71 75 65 72 79	elected.interface.the.IGMP.query
ecd00	20 72 65 73 70 6f 6e 73 65 20 74 69 6d 65 6f 75 74 20 76 61 6c 75 65 20 28 31 30 2d 32 35 30 29	.response.timeout.value.(10-250)
ecd20	20 69 6e 20 64 65 63 69 73 65 63 6f 6e 64 73 2e 20 49 66 20 61 20 72 65 70 6f 72 74 20 69 73 20	.in.deciseconds..If.a.report.is.
ecd40	6e 6f 74 20 72 65 74 75 72 6e 65 64 20 69 6e 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 74 69	not.returned.in.the.specified.ti
ecd60	6d 65 2c 20 69 74 20 77 69 6c 6c 20 62 65 20 61 73 73 75 6d 65 64 20 74 68 65 20 60 28 53 2c 47	me,.it.will.be.assumed.the.`(S,G
ecd80	29 20 6f 72 20 28 2a 2c 47 29 20 73 74 61 74 65 20 3c 68 74 74 70 73 3a 2f 2f 74 6f 6f 6c 73 2e	).or.(*,G).state.<https://tools.
ecda0	69 65 74 66 2e 6f 72 67 2f 68 74 6d 6c 2f 72 66 63 37 37 36 31 23 73 65 63 74 69 6f 6e 2d 34 2e	ietf.org/html/rfc7761#section-4.
ecdc0	31 3e 60 5f 20 68 61 73 20 74 69 6d 65 64 20 6f 75 74 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d	1>`_.has.timed.out..Use.this.com
ecde0	6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 69 6e 20 74 68 65 20 73 65 6c 65 63 74 65	mand.to.configure.in.the.selecte
ece00	64 20 69 6e 74 65 72 66 61 63 65 20 74 68 65 20 4d 4c 44 20 68 6f 73 74 20 71 75 65 72 79 20 69	d.interface.the.MLD.host.query.i
ece20	6e 74 65 72 76 61 6c 20 28 31 2d 36 35 35 33 35 29 20 69 6e 20 73 65 63 6f 6e 64 73 20 74 68 61	nterval.(1-65535).in.seconds.tha
ece40	74 20 50 49 4d 20 77 69 6c 6c 20 75 73 65 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 76 61 6c 75	t.PIM.will.use..The.default.valu
ece60	65 20 69 73 20 31 32 35 20 73 65 63 6f 6e 64 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61	e.is.125.seconds..Use.this.comma
ece80	6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 74 68 65 20 20 73 61 6d 70 6c 69 6e 67 20 72 61	nd.to.configure.the..sampling.ra
ecea0	74 65 20 66 6f 72 20 66 6c 6f 77 20 61 63 63 6f 75 6e 74 69 6e 67 2e 20 54 68 65 20 73 79 73 74	te.for.flow.accounting..The.syst
ecec0	65 6d 20 73 61 6d 70 6c 65 73 20 6f 6e 65 20 69 6e 20 65 76 65 72 79 20 60 3c 72 61 74 65 3e 60	em.samples.one.in.every.`<rate>`
ecee0	20 70 61 63 6b 65 74 73 2c 20 77 68 65 72 65 20 60 3c 72 61 74 65 3e 60 20 69 73 20 74 68 65 20	.packets,.where.`<rate>`.is.the.
ecf00	76 61 6c 75 65 20 63 6f 6e 66 69 67 75 72 65 64 20 66 6f 72 20 74 68 65 20 73 61 6d 70 6c 69 6e	value.configured.for.the.samplin
ecf20	67 2d 72 61 74 65 20 6f 70 74 69 6f 6e 2e 20 54 68 65 20 61 64 76 61 6e 74 61 67 65 20 6f 66 20	g-rate.option..The.advantage.of.
ecf40	73 61 6d 70 6c 69 6e 67 20 65 76 65 72 79 20 6e 20 70 61 63 6b 65 74 73 2c 20 77 68 65 72 65 20	sampling.every.n.packets,.where.
ecf60	6e 20 3e 20 31 2c 20 61 6c 6c 6f 77 73 20 79 6f 75 20 74 6f 20 64 65 63 72 65 61 73 65 20 74 68	n.>.1,.allows.you.to.decrease.th
ecf80	65 20 61 6d 6f 75 6e 74 20 6f 66 20 70 72 6f 63 65 73 73 69 6e 67 20 72 65 73 6f 75 72 63 65 73	e.amount.of.processing.resources
ecfa0	20 72 65 71 75 69 72 65 64 20 66 6f 72 20 66 6c 6f 77 20 61 63 63 6f 75 6e 74 69 6e 67 2e 20 54	.required.for.flow.accounting..T
ecfc0	68 65 20 64 69 73 61 64 76 61 6e 74 61 67 65 20 6f 66 20 6e 6f 74 20 73 61 6d 70 6c 69 6e 67 20	he.disadvantage.of.not.sampling.
ecfe0	65 76 65 72 79 20 70 61 63 6b 65 74 20 69 73 20 74 68 61 74 20 74 68 65 20 73 74 61 74 69 73 74	every.packet.is.that.the.statist
ed000	69 63 73 20 70 72 6f 64 75 63 65 64 20 61 72 65 20 65 73 74 69 6d 61 74 65 73 20 6f 66 20 61 63	ics.produced.are.estimates.of.ac
ed020	74 75 61 6c 20 64 61 74 61 20 66 6c 6f 77 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e	tual.data.flows..Use.this.comman
ed040	64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 74 68 65 20 49 50 20 61 64 64 72 65 73 73 20 61 6e	d.to.configure.the.IP.address.an
ed060	64 20 74 68 65 20 73 68 61 72 65 64 20 73 65 63 72 65 74 20 6b 65 79 20 6f 66 20 79 6f 75 72 20	d.the.shared.secret.key.of.your.
ed080	52 41 44 49 55 53 20 73 65 72 76 65 72 2e 20 20 59 6f 75 20 63 61 6e 20 68 61 76 65 20 6d 75 6c	RADIUS.server...You.can.have.mul
ed0a0	74 69 70 6c 65 20 52 41 44 49 55 53 20 73 65 72 76 65 72 73 20 63 6f 6e 66 69 67 75 72 65 64 20	tiple.RADIUS.servers.configured.
ed0c0	69 66 20 79 6f 75 20 77 69 73 68 20 74 6f 20 61 63 68 69 65 76 65 20 72 65 64 75 6e 64 61 6e 63	if.you.wish.to.achieve.redundanc
ed0e0	79 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65	y..Use.this.command.to.configure
ed100	20 74 68 65 20 49 50 20 61 64 64 72 65 73 73 20 75 73 65 64 20 61 73 20 74 68 65 20 4c 44 50 20	.the.IP.address.used.as.the.LDP.
ed120	72 6f 75 74 65 72 2d 69 64 20 6f 66 20 74 68 65 20 6c 6f 63 61 6c 20 64 65 76 69 63 65 2e 00 55	router-id.of.the.local.device..U
ed140	73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 74 68 65	se.this.command.to.configure.the
ed160	20 50 49 4d 20 68 65 6c 6c 6f 20 69 6e 74 65 72 76 61 6c 20 69 6e 20 73 65 63 6f 6e 64 73 20 28	.PIM.hello.interval.in.seconds.(
ed180	31 2d 31 38 30 29 20 66 6f 72 20 74 68 65 20 73 65 6c 65 63 74 65 64 20 69 6e 74 65 72 66 61 63	1-180).for.the.selected.interfac
ed1a0	65 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65	e..Use.this.command.to.configure
ed1c0	20 74 68 65 20 62 75 72 73 74 20 73 69 7a 65 20 6f 66 20 74 68 65 20 74 72 61 66 66 69 63 20 69	.the.burst.size.of.the.traffic.i
ed1e0	6e 20 61 20 4e 65 74 77 6f 72 6b 20 45 6d 75 6c 61 74 6f 72 20 70 6f 6c 69 63 79 2e 20 44 65 66	n.a.Network.Emulator.policy..Def
ed200	69 6e 65 20 74 68 65 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 4e 65 74 77 6f 72 6b 20 45 6d 75 6c	ine.the.name.of.the.Network.Emul
ed220	61 74 6f 72 20 70 6f 6c 69 63 79 20 61 6e 64 20 69 74 73 20 74 72 61 66 66 69 63 20 62 75 72 73	ator.policy.and.its.traffic.burs
ed240	74 20 73 69 7a 65 20 28 69 74 20 77 69 6c 6c 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 74 68	t.size.(it.will.be.configured.th
ed260	72 6f 75 67 68 20 74 68 65 20 54 6f 6b 65 6e 20 42 75 63 6b 65 74 20 46 69 6c 74 65 72 20 71 64	rough.the.Token.Bucket.Filter.qd
ed280	69 73 63 29 2e 20 44 65 66 61 75 6c 74 3a 31 35 6b 62 2e 20 49 74 20 77 69 6c 6c 20 6f 6e 6c 79	isc)..Default:15kb..It.will.only
ed2a0	20 74 61 6b 65 20 65 66 66 65 63 74 20 69 66 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75	.take.effect.if.you.have.configu
ed2c0	72 65 64 20 69 74 73 20 62 61 6e 64 77 69 64 74 68 20 74 6f 6f 2e 00 55 73 65 20 74 68 69 73 20	red.its.bandwidth.too..Use.this.
ed2e0	63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 74 68 65 20 6c 6f 63 61 6c 20 67	command.to.configure.the.local.g
ed300	61 74 65 77 61 79 20 49 50 20 61 64 64 72 65 73 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d	ateway.IP.address..Use.this.comm
ed320	61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 74 68 65 20 6d 61 78 69 6d 75 6d 20 72 61 74	and.to.configure.the.maximum.rat
ed340	65 20 61 74 20 77 68 69 63 68 20 74 72 61 66 66 69 63 20 77 69 6c 6c 20 62 65 20 73 68 61 70 65	e.at.which.traffic.will.be.shape
ed360	64 20 69 6e 20 61 20 4e 65 74 77 6f 72 6b 20 45 6d 75 6c 61 74 6f 72 20 70 6f 6c 69 63 79 2e 20	d.in.a.Network.Emulator.policy..
ed380	44 65 66 69 6e 65 20 74 68 65 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 70 6f 6c 69 63 79 20 61 6e	Define.the.name.of.the.policy.an
ed3a0	64 20 74 68 65 20 72 61 74 65 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20	d.the.rate..Use.this.command.to.
ed3c0	63 6f 6e 66 69 67 75 72 65 20 74 68 65 20 73 61 6d 70 6c 69 6e 67 20 72 61 74 65 20 66 6f 72 20	configure.the.sampling.rate.for.
ed3e0	73 46 6c 6f 77 20 61 63 63 6f 75 6e 74 69 6e 67 20 28 64 65 66 61 75 6c 74 3a 20 31 30 30 30 29	sFlow.accounting.(default:.1000)
ed400	00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 74	.Use.this.command.to.configure.t
ed420	68 65 20 75 73 65 72 6e 61 6d 65 20 61 6e 64 20 74 68 65 20 70 61 73 73 77 6f 72 64 20 6f 66 20	he.username.and.the.password.of.
ed440	61 20 6c 6f 63 61 6c 6c 79 20 63 6f 6e 66 69 67 75 72 65 64 20 75 73 65 72 2e 00 55 73 65 20 74	a.locally.configured.user..Use.t
ed460	68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 6f 6e 74 72 6f 6c 20 74 68 65 20 6d 61 78 69 6d	his.command.to.control.the.maxim
ed480	75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 65 71 75 61 6c 20 63 6f 73 74 20 70 61 74 68 73 20 74 6f	um.number.of.equal.cost.paths.to
ed4a0	20 72 65 61 63 68 20 61 20 73 70 65 63 69 66 69 63 20 64 65 73 74 69 6e 61 74 69 6f 6e 2e 20 54	.reach.a.specific.destination..T
ed4c0	68 65 20 75 70 70 65 72 20 6c 69 6d 69 74 20 6d 61 79 20 64 69 66 66 65 72 20 69 66 20 79 6f 75	he.upper.limit.may.differ.if.you
ed4e0	20 63 68 61 6e 67 65 20 74 68 65 20 76 61 6c 75 65 20 6f 66 20 4d 55 4c 54 49 50 41 54 48 5f 4e	.change.the.value.of.MULTIPATH_N
ed500	55 4d 20 64 75 72 69 6e 67 20 63 6f 6d 70 69 6c 61 74 69 6f 6e 2e 20 54 68 65 20 64 65 66 61 75	UM.during.compilation..The.defau
ed520	6c 74 20 69 73 20 4d 55 4c 54 49 50 41 54 48 5f 4e 55 4d 20 28 36 34 29 2e 00 55 73 65 20 74 68	lt.is.MULTIPATH_NUM.(64)..Use.th
ed540	69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 72 65 61 74 65 20 61 20 46 61 69 72 2d 51 75 65 75	is.command.to.create.a.Fair-Queu
ed560	65 20 70 6f 6c 69 63 79 20 61 6e 64 20 67 69 76 65 20 69 74 20 61 20 6e 61 6d 65 2e 20 49 74 20	e.policy.and.give.it.a.name..It.
ed580	69 73 20 62 61 73 65 64 20 6f 6e 20 74 68 65 20 53 74 6f 63 68 61 73 74 69 63 20 46 61 69 72 6e	is.based.on.the.Stochastic.Fairn
ed5a0	65 73 73 20 51 75 65 75 65 69 6e 67 20 61 6e 64 20 63 61 6e 20 62 65 20 61 70 70 6c 69 65 64 20	ess.Queueing.and.can.be.applied.
ed5c0	74 6f 20 6f 75 74 62 6f 75 6e 64 20 74 72 61 66 66 69 63 2e 00 55 73 65 20 74 68 69 73 20 63 6f	to.outbound.traffic..Use.this.co
ed5e0	6d 6d 61 6e 64 20 74 6f 20 64 65 66 69 6e 65 20 61 20 46 61 69 72 2d 51 75 65 75 65 20 70 6f 6c	mmand.to.define.a.Fair-Queue.pol
ed600	69 63 79 2c 20 62 61 73 65 64 20 6f 6e 20 74 68 65 20 53 74 6f 63 68 61 73 74 69 63 20 46 61 69	icy,.based.on.the.Stochastic.Fai
ed620	72 6e 65 73 73 20 51 75 65 75 65 69 6e 67 2c 20 61 6e 64 20 73 65 74 20 74 68 65 20 6e 75 6d 62	rness.Queueing,.and.set.the.numb
ed640	65 72 20 6f 66 20 6d 61 78 69 6d 75 6d 20 70 61 63 6b 65 74 73 20 61 6c 6c 6f 77 65 64 20 74 6f	er.of.maximum.packets.allowed.to
ed660	20 77 61 69 74 20 69 6e 20 74 68 65 20 71 75 65 75 65 2e 20 41 6e 79 20 6f 74 68 65 72 20 70 61	.wait.in.the.queue..Any.other.pa
ed680	63 6b 65 74 20 77 69 6c 6c 20 62 65 20 64 72 6f 70 70 65 64 2e 00 55 73 65 20 74 68 69 73 20 63	cket.will.be.dropped..Use.this.c
ed6a0	6f 6d 6d 61 6e 64 20 74 6f 20 64 65 66 69 6e 65 20 61 20 46 61 69 72 2d 51 75 65 75 65 20 70 6f	ommand.to.define.a.Fair-Queue.po
ed6c0	6c 69 63 79 2c 20 62 61 73 65 64 20 6f 6e 20 74 68 65 20 53 74 6f 63 68 61 73 74 69 63 20 46 61	licy,.based.on.the.Stochastic.Fa
ed6e0	69 72 6e 65 73 73 20 51 75 65 75 65 69 6e 67 2c 20 61 6e 64 20 73 65 74 20 74 68 65 20 6e 75 6d	irness.Queueing,.and.set.the.num
ed700	62 65 72 20 6f 66 20 73 65 63 6f 6e 64 73 20 61 74 20 77 68 69 63 68 20 61 20 6e 65 77 20 71 75	ber.of.seconds.at.which.a.new.qu
ed720	65 75 65 20 61 6c 67 6f 72 69 74 68 6d 20 70 65 72 74 75 72 62 61 74 69 6f 6e 20 77 69 6c 6c 20	eue.algorithm.perturbation.will.
ed740	6f 63 63 75 72 20 28 6d 61 78 69 6d 75 6d 20 34 32 39 34 39 36 37 32 39 35 29 2e 00 55 73 65 20	occur.(maximum.4294967295)..Use.
ed760	74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 64 65 66 69 6e 65 20 64 6f 6d 61 69 6e 73 2c 20	this.command.to.define.domains,.
ed780	6f 6e 65 20 61 74 20 61 20 74 69 6d 65 2c 20 73 6f 20 74 68 61 74 20 74 68 65 20 73 79 73 74 65	one.at.a.time,.so.that.the.syste
ed7a0	6d 20 75 73 65 73 20 74 68 65 6d 20 74 6f 20 63 6f 6d 70 6c 65 74 65 20 75 6e 71 75 61 6c 69 66	m.uses.them.to.complete.unqualif
ed7c0	69 65 64 20 68 6f 73 74 20 6e 61 6d 65 73 2e 20 4d 61 78 69 6d 75 6d 3a 20 36 20 65 6e 74 72 69	ied.host.names..Maximum:.6.entri
ed7e0	65 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 64 65 66 69 6e 65 20 69	es..Use.this.command.to.define.i
ed800	6e 20 74 68 65 20 73 65 6c 65 63 74 65 64 20 69 6e 74 65 72 66 61 63 65 20 77 68 65 74 68 65 72	n.the.selected.interface.whether
ed820	20 79 6f 75 20 63 68 6f 6f 73 65 20 49 47 4d 50 20 76 65 72 73 69 6f 6e 20 32 20 6f 72 20 33 2e	.you.choose.IGMP.version.2.or.3.
ed840	20 54 68 65 20 64 65 66 61 75 6c 74 20 76 61 6c 75 65 20 69 73 20 33 2e 00 55 73 65 20 74 68 69	.The.default.value.is.3..Use.thi
ed860	73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 64 65 66 69 6e 65 20 74 68 65 20 66 69 72 73 74 20 49 50	s.command.to.define.the.first.IP
ed880	20 61 64 64 72 65 73 73 20 6f 66 20 61 20 70 6f 6f 6c 20 6f 66 20 61 64 64 72 65 73 73 65 73 20	.address.of.a.pool.of.addresses.
ed8a0	74 6f 20 62 65 20 67 69 76 65 6e 20 74 6f 20 50 50 50 6f 45 20 63 6c 69 65 6e 74 73 2e 20 49 74	to.be.given.to.PPPoE.clients..It
ed8c0	20 6d 75 73 74 20 62 65 20 77 69 74 68 69 6e 20 61 20 2f 32 34 20 73 75 62 6e 65 74 2e 00 55 73	.must.be.within.a./24.subnet..Us
ed8e0	65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 64 65 66 69 6e 65 20 74 68 65 20 69 6e 74	e.this.command.to.define.the.int
ed900	65 72 66 61 63 65 20 74 68 65 20 50 50 50 6f 45 20 73 65 72 76 65 72 20 77 69 6c 6c 20 75 73 65	erface.the.PPPoE.server.will.use
ed920	20 74 6f 20 6c 69 73 74 65 6e 20 66 6f 72 20 50 50 50 6f 45 20 63 6c 69 65 6e 74 73 2e 00 55 73	.to.listen.for.PPPoE.clients..Us
ed940	65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 64 65 66 69 6e 65 20 74 68 65 20 6c 61 73	e.this.command.to.define.the.las
ed960	74 20 49 50 20 61 64 64 72 65 73 73 20 6f 66 20 61 20 70 6f 6f 6c 20 6f 66 20 61 64 64 72 65 73	t.IP.address.of.a.pool.of.addres
ed980	73 65 73 20 74 6f 20 62 65 20 67 69 76 65 6e 20 74 6f 20 50 50 50 6f 45 20 63 6c 69 65 6e 74 73	ses.to.be.given.to.PPPoE.clients
ed9a0	2e 20 49 74 20 6d 75 73 74 20 62 65 20 77 69 74 68 69 6e 20 61 20 2f 32 34 20 73 75 62 6e 65 74	..It.must.be.within.a./24.subnet
ed9c0	2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 64 65 66 69 6e 65 20 74 68 65	..Use.this.command.to.define.the
ed9e0	20 6c 65 6e 67 74 68 20 6f 66 20 74 68 65 20 71 75 65 75 65 20 6f 66 20 79 6f 75 72 20 4e 65 74	.length.of.the.queue.of.your.Net
eda00	77 6f 72 6b 20 45 6d 75 6c 61 74 6f 72 20 70 6f 6c 69 63 79 2e 20 53 65 74 20 74 68 65 20 70 6f	work.Emulator.policy..Set.the.po
eda20	6c 69 63 79 20 6e 61 6d 65 20 61 6e 64 20 74 68 65 20 6d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72	licy.name.and.the.maximum.number
eda40	20 6f 66 20 70 61 63 6b 65 74 73 20 28 31 2d 34 32 39 34 39 36 37 32 39 35 29 20 74 68 65 20 71	.of.packets.(1-4294967295).the.q
eda60	75 65 75 65 20 6d 61 79 20 68 6f 6c 64 20 71 75 65 75 65 64 20 61 74 20 61 20 74 69 6d 65 2e 00	ueue.may.hold.queued.at.a.time..
eda80	55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 64 65 66 69 6e 65 20 74 68 65 20 6d	Use.this.command.to.define.the.m
edaa0	61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 65 6e 74 72 69 65 73 20 74 6f 20 6b 65 65 70	aximum.number.of.entries.to.keep
edac0	20 69 6e 20 74 68 65 20 41 52 50 20 63 61 63 68 65 20 28 31 30 32 34 2c 20 32 30 34 38 2c 20 34	.in.the.ARP.cache.(1024,.2048,.4
edae0	30 39 36 2c 20 38 31 39 32 2c 20 31 36 33 38 34 2c 20 33 32 37 36 38 29 2e 00 55 73 65 20 74 68	096,.8192,.16384,.32768)..Use.th
edb00	69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 64 65 66 69 6e 65 20 74 68 65 20 6d 61 78 69 6d 75 6d	is.command.to.define.the.maximum
edb20	20 6e 75 6d 62 65 72 20 6f 66 20 65 6e 74 72 69 65 73 20 74 6f 20 6b 65 65 70 20 69 6e 20 74 68	.number.of.entries.to.keep.in.th
edb40	65 20 4e 65 69 67 68 62 6f 72 20 63 61 63 68 65 20 28 31 30 32 34 2c 20 32 30 34 38 2c 20 34 30	e.Neighbor.cache.(1024,.2048,.40
edb60	39 36 2c 20 38 31 39 32 2c 20 31 36 33 38 34 2c 20 33 32 37 36 38 29 2e 00 55 73 65 20 74 68 69	96,.8192,.16384,.32768)..Use.thi
edb80	73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 64 65 66 69 6e 65 20 77 68 65 74 68 65 72 20 79 6f 75 72	s.command.to.define.whether.your
edba0	20 50 50 50 6f 45 20 63 6c 69 65 6e 74 73 20 77 69 6c 6c 20 6c 6f 63 61 6c 6c 79 20 61 75 74 68	.PPPoE.clients.will.locally.auth
edbc0	65 6e 74 69 63 61 74 65 20 69 6e 20 79 6f 75 72 20 56 79 4f 53 20 73 79 73 74 65 6d 20 6f 72 20	enticate.in.your.VyOS.system.or.
edbe0	69 6e 20 52 41 44 49 55 53 20 73 65 72 76 65 72 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61	in.RADIUS.server..Use.this.comma
edc00	6e 64 20 74 6f 20 64 69 72 65 63 74 20 61 6e 20 69 6e 74 65 72 66 61 63 65 20 74 6f 20 6e 6f 74	nd.to.direct.an.interface.to.not
edc20	20 64 65 74 65 63 74 20 61 6e 79 20 70 68 79 73 69 63 61 6c 20 73 74 61 74 65 20 63 68 61 6e 67	.detect.any.physical.state.chang
edc40	65 73 20 6f 6e 20 61 20 6c 69 6e 6b 2c 20 66 6f 72 20 65 78 61 6d 70 6c 65 2c 20 77 68 65 6e 20	es.on.a.link,.for.example,.when.
edc60	74 68 65 20 63 61 62 6c 65 20 69 73 20 75 6e 70 6c 75 67 67 65 64 2e 00 55 73 65 20 74 68 69 73	the.cable.is.unplugged..Use.this
edc80	20 63 6f 6d 6d 61 6e 64 20 74 6f 20 64 69 73 61 62 6c 65 20 49 50 76 34 20 64 69 72 65 63 74 65	.command.to.disable.IPv4.directe
edca0	64 20 62 72 6f 61 64 63 61 73 74 20 66 6f 72 77 61 72 64 69 6e 67 20 6f 6e 20 61 6c 6c 20 69 6e	d.broadcast.forwarding.on.all.in
edcc0	74 65 72 66 61 63 65 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 64 69	terfaces..Use.this.command.to.di
edce0	73 61 62 6c 65 20 49 50 76 34 20 66 6f 72 77 61 72 64 69 6e 67 20 6f 6e 20 61 6c 6c 20 69 6e 74	sable.IPv4.forwarding.on.all.int
edd00	65 72 66 61 63 65 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 64 69 73	erfaces..Use.this.command.to.dis
edd20	61 62 6c 65 20 49 50 76 36 20 66 6f 72 77 61 72 64 69 6e 67 20 6f 6e 20 61 6c 6c 20 69 6e 74 65	able.IPv6.forwarding.on.all.inte
edd40	72 66 61 63 65 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 64 69 73 61	rfaces..Use.this.command.to.disa
edd60	62 6c 65 20 49 50 76 36 20 6f 70 65 72 61 74 69 6f 6e 20 6f 6e 20 69 6e 74 65 72 66 61 63 65 20	ble.IPv6.operation.on.interface.
edd80	77 68 65 6e 20 44 75 70 6c 69 63 61 74 65 20 41 64 64 72 65 73 73 20 44 65 74 65 63 74 69 6f 6e	when.Duplicate.Address.Detection
edda0	20 66 61 69 6c 73 20 6f 6e 20 4c 69 6e 6b 2d 4c 6f 63 61 6c 20 61 64 64 72 65 73 73 2e 00 55 73	.fails.on.Link-Local.address..Us
eddc0	65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 64 69 73 61 62 6c 65 20 74 68 65 20 67 65	e.this.command.to.disable.the.ge
edde0	6e 65 72 61 74 69 6f 6e 20 6f 66 20 45 74 68 65 72 6e 65 74 20 66 6c 6f 77 20 63 6f 6e 74 72 6f	neration.of.Ethernet.flow.contro
ede00	6c 20 28 70 61 75 73 65 20 66 72 61 6d 65 73 29 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61	l.(pause.frames)..Use.this.comma
ede20	6e 64 20 74 6f 20 65 6d 75 6c 61 74 65 20 6e 6f 69 73 65 20 69 6e 20 61 20 4e 65 74 77 6f 72 6b	nd.to.emulate.noise.in.a.Network
ede40	20 45 6d 75 6c 61 74 6f 72 20 70 6f 6c 69 63 79 2e 20 53 65 74 20 74 68 65 20 70 6f 6c 69 63 79	.Emulator.policy..Set.the.policy
ede60	20 6e 61 6d 65 20 61 6e 64 20 74 68 65 20 70 65 72 63 65 6e 74 61 67 65 20 6f 66 20 63 6f 72 72	.name.and.the.percentage.of.corr
ede80	75 70 74 65 64 20 70 61 63 6b 65 74 73 20 79 6f 75 20 77 61 6e 74 2e 20 41 20 72 61 6e 64 6f 6d	upted.packets.you.want..A.random
edea0	20 65 72 72 6f 72 20 77 69 6c 6c 20 62 65 20 69 6e 74 72 6f 64 75 63 65 64 20 69 6e 20 61 20 72	.error.will.be.introduced.in.a.r
edec0	61 6e 64 6f 6d 20 70 6f 73 69 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 63 68 6f 73 65 6e 20 70 65	andom.position.for.the.chosen.pe
edee0	72 63 65 6e 74 20 6f 66 20 70 61 63 6b 65 74 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61	rcent.of.packets..Use.this.comma
edf00	6e 64 20 74 6f 20 65 6d 75 6c 61 74 65 20 70 61 63 6b 65 74 2d 6c 6f 73 73 20 63 6f 6e 64 69 74	nd.to.emulate.packet-loss.condit
edf20	69 6f 6e 73 20 69 6e 20 61 20 4e 65 74 77 6f 72 6b 20 45 6d 75 6c 61 74 6f 72 20 70 6f 6c 69 63	ions.in.a.Network.Emulator.polic
edf40	79 2e 20 53 65 74 20 74 68 65 20 70 6f 6c 69 63 79 20 6e 61 6d 65 20 61 6e 64 20 74 68 65 20 70	y..Set.the.policy.name.and.the.p
edf60	65 72 63 65 6e 74 61 67 65 20 6f 66 20 6c 6f 73 73 20 70 61 63 6b 65 74 73 20 79 6f 75 72 20 74	ercentage.of.loss.packets.your.t
edf80	72 61 66 66 69 63 20 77 69 6c 6c 20 73 75 66 66 65 72 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d	raffic.will.suffer..Use.this.com
edfa0	6d 61 6e 64 20 74 6f 20 65 6d 75 6c 61 74 65 20 70 61 63 6b 65 74 2d 72 65 6f 72 64 65 72 69 6e	mand.to.emulate.packet-reorderin
edfc0	67 20 63 6f 6e 64 69 74 69 6f 6e 73 20 69 6e 20 61 20 4e 65 74 77 6f 72 6b 20 45 6d 75 6c 61 74	g.conditions.in.a.Network.Emulat
edfe0	6f 72 20 70 6f 6c 69 63 79 2e 20 53 65 74 20 74 68 65 20 70 6f 6c 69 63 79 20 6e 61 6d 65 20 61	or.policy..Set.the.policy.name.a
ee000	6e 64 20 74 68 65 20 70 65 72 63 65 6e 74 61 67 65 20 6f 66 20 72 65 6f 72 64 65 72 65 64 20 70	nd.the.percentage.of.reordered.p
ee020	61 63 6b 65 74 73 20 79 6f 75 72 20 74 72 61 66 66 69 63 20 77 69 6c 6c 20 73 75 66 66 65 72 2e	ackets.your.traffic.will.suffer.
ee040	00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 65 6e 61 62 6c 65 20 4c 44 50 20	.Use.this.command.to.enable.LDP.
ee060	6f 6e 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 79 6f 75 20 64 65 66 69 6e 65 2e 00 55 73 65	on.the.interface.you.define..Use
ee080	20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 65 6e 61 62 6c 65 20 4d 50 4c 53 20 70 72 6f	.this.command.to.enable.MPLS.pro
ee0a0	63 65 73 73 69 6e 67 20 6f 6e 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 79 6f 75 20 64 65 66	cessing.on.the.interface.you.def
ee0c0	69 6e 65 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 65 6e 61 62 6c 65 20	ine..Use.this.command.to.enable.
ee0e0	50 49 4d 20 69 6e 20 74 68 65 20 73 65 6c 65 63 74 65 64 20 69 6e 74 65 72 66 61 63 65 20 73 6f	PIM.in.the.selected.interface.so
ee100	20 74 68 61 74 20 69 74 20 63 61 6e 20 63 6f 6d 6d 75 6e 69 63 61 74 65 20 77 69 74 68 20 50 49	.that.it.can.communicate.with.PI
ee120	4d 20 6e 65 69 67 68 62 6f 72 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f	M.neighbors..Use.this.command.to
ee140	20 65 6e 61 62 6c 65 20 50 49 4d 76 36 20 69 6e 20 74 68 65 20 73 65 6c 65 63 74 65 64 20 69 6e	.enable.PIMv6.in.the.selected.in
ee160	74 65 72 66 61 63 65 20 73 6f 20 74 68 61 74 20 69 74 20 63 61 6e 20 63 6f 6d 6d 75 6e 69 63 61	terface.so.that.it.can.communica
ee180	74 65 20 77 69 74 68 20 50 49 4d 76 36 20 6e 65 69 67 68 62 6f 72 73 2e 20 54 68 69 73 20 63 6f	te.with.PIMv6.neighbors..This.co
ee1a0	6d 6d 61 6e 64 20 61 6c 73 6f 20 65 6e 61 62 6c 65 73 20 4d 4c 44 20 72 65 70 6f 72 74 73 20 61	mmand.also.enables.MLD.reports.a
ee1c0	6e 64 20 71 75 65 72 79 20 6f 6e 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 75 6e 6c 65 73 73	nd.query.on.the.interface.unless
ee1e0	20 3a 63 66 67 63 6d 64 3a 60 6d 6c 64 20 64 69 73 61 62 6c 65 60 20 69 73 20 63 6f 6e 66 69 67	.:cfgcmd:`mld.disable`.is.config
ee200	75 72 65 64 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 65 6e 61 62 6c 65	ured..Use.this.command.to.enable
ee220	20 61 63 71 75 69 73 69 74 69 6f 6e 20 6f 66 20 49 50 76 36 20 61 64 64 72 65 73 73 20 75 73 69	.acquisition.of.IPv6.address.usi
ee240	6e 67 20 73 74 61 74 65 6c 65 73 73 20 61 75 74 6f 63 6f 6e 66 69 67 20 28 53 4c 41 41 43 29 2e	ng.stateless.autoconfig.(SLAAC).
ee260	00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 65 6e 61 62 6c 65 20 62 61 6e 64	.Use.this.command.to.enable.band
ee280	77 69 64 74 68 20 73 68 61 70 69 6e 67 20 76 69 61 20 52 41 44 49 55 53 2e 00 55 73 65 20 74 68	width.shaping.via.RADIUS..Use.th
ee2a0	69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 65 6e 61 62 6c 65 20 70 72 6f 78 79 20 41 64 64 72 65	is.command.to.enable.proxy.Addre
ee2c0	73 73 20 52 65 73 6f 6c 75 74 69 6f 6e 20 50 72 6f 74 6f 63 6f 6c 20 28 41 52 50 29 20 6f 6e 20	ss.Resolution.Protocol.(ARP).on.
ee2e0	74 68 69 73 20 69 6e 74 65 72 66 61 63 65 2e 20 50 72 6f 78 79 20 41 52 50 20 61 6c 6c 6f 77 73	this.interface..Proxy.ARP.allows
ee300	20 61 6e 20 45 74 68 65 72 6e 65 74 20 69 6e 74 65 72 66 61 63 65 20 74 6f 20 72 65 73 70 6f 6e	.an.Ethernet.interface.to.respon
ee320	64 20 77 69 74 68 20 69 74 73 20 6f 77 6e 20 3a 61 62 62 72 3a 60 4d 41 43 20 28 4d 65 64 69 61	d.with.its.own.:abbr:`MAC.(Media
ee340	20 41 63 63 65 73 73 20 43 6f 6e 74 72 6f 6c 29 60 20 61 64 64 72 65 73 73 20 74 6f 20 41 52 50	.Access.Control)`.address.to.ARP
ee360	20 72 65 71 75 65 73 74 73 20 66 6f 72 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 49 50 20 61 64 64	.requests.for.destination.IP.add
ee380	72 65 73 73 65 73 20 6f 6e 20 73 75 62 6e 65 74 73 20 61 74 74 61 63 68 65 64 20 74 6f 20 6f 74	resses.on.subnets.attached.to.ot
ee3a0	68 65 72 20 69 6e 74 65 72 66 61 63 65 73 20 6f 6e 20 74 68 65 20 73 79 73 74 65 6d 2e 20 53 75	her.interfaces.on.the.system..Su
ee3c0	62 73 65 71 75 65 6e 74 20 70 61 63 6b 65 74 73 20 73 65 6e 74 20 74 6f 20 74 68 6f 73 65 20 64	bsequent.packets.sent.to.those.d
ee3e0	65 73 74 69 6e 61 74 69 6f 6e 20 49 50 20 61 64 64 72 65 73 73 65 73 20 61 72 65 20 66 6f 72 77	estination.IP.addresses.are.forw
ee400	61 72 64 65 64 20 61 70 70 72 6f 70 72 69 61 74 65 6c 79 20 62 79 20 74 68 65 20 73 79 73 74 65	arded.appropriately.by.the.syste
ee420	6d 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 65 6e 61 62 6c 65 20 74 61	m..Use.this.command.to.enable.ta
ee440	72 67 65 74 65 64 20 4c 44 50 20 73 65 73 73 69 6f 6e 73 20 74 6f 20 74 68 65 20 6c 6f 63 61 6c	rgeted.LDP.sessions.to.the.local
ee460	20 72 6f 75 74 65 72 2e 20 54 68 65 20 72 6f 75 74 65 72 20 77 69 6c 6c 20 74 68 65 6e 20 72 65	.router..The.router.will.then.re
ee480	73 70 6f 6e 64 20 74 6f 20 61 6e 79 20 73 65 73 73 69 6f 6e 73 20 74 68 61 74 20 61 72 65 20 74	spond.to.any.sessions.that.are.t
ee4a0	72 79 69 6e 67 20 74 6f 20 63 6f 6e 6e 65 63 74 20 74 6f 20 69 74 20 74 68 61 74 20 61 72 65 20	rying.to.connect.to.it.that.are.
ee4c0	6e 6f 74 20 61 20 6c 69 6e 6b 20 6c 6f 63 61 6c 20 74 79 70 65 20 6f 66 20 54 43 50 20 63 6f 6e	not.a.link.local.type.of.TCP.con
ee4e0	6e 65 63 74 69 6f 6e 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 65 6e 61	nection..Use.this.command.to.ena
ee500	62 6c 65 20 74 68 65 20 64 65 6c 61 79 20 6f 66 20 50 41 44 4f 20 28 50 50 50 6f 45 20 41 63 74	ble.the.delay.of.PADO.(PPPoE.Act
ee520	69 76 65 20 44 69 73 63 6f 76 65 72 79 20 4f 66 66 65 72 29 20 70 61 63 6b 65 74 73 2c 20 77 68	ive.Discovery.Offer).packets,.wh
ee540	69 63 68 20 63 61 6e 20 62 65 20 75 73 65 64 20 61 73 20 61 20 73 65 73 73 69 6f 6e 20 62 61 6c	ich.can.be.used.as.a.session.bal
ee560	61 6e 63 69 6e 67 20 6d 65 63 68 61 6e 69 73 6d 20 77 69 74 68 20 6f 74 68 65 72 20 50 50 50 6f	ancing.mechanism.with.other.PPPo
ee580	45 20 73 65 72 76 65 72 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 65	E.servers..Use.this.command.to.e
ee5a0	6e 61 62 6c 65 20 74 68 65 20 6c 6f 63 61 6c 20 72 6f 75 74 65 72 20 74 6f 20 74 72 79 20 61 6e	nable.the.local.router.to.try.an
ee5c0	64 20 63 6f 6e 6e 65 63 74 20 77 69 74 68 20 61 20 74 61 72 67 65 74 65 64 20 4c 44 50 20 73 65	d.connect.with.a.targeted.LDP.se
ee5e0	73 73 69 6f 6e 20 74 6f 20 61 6e 6f 74 68 65 72 20 72 6f 75 74 65 72 2e 00 55 73 65 20 74 68 69	ssion.to.another.router..Use.thi
ee600	73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 65 6e 61 62 6c 65 20 74 68 65 20 6c 6f 67 67 69 6e 67 20	s.command.to.enable.the.logging.
ee620	6f 66 20 74 68 65 20 64 65 66 61 75 6c 74 20 61 63 74 69 6f 6e 20 6f 6e 20 63 75 73 74 6f 6d 20	of.the.default.action.on.custom.
ee640	63 68 61 69 6e 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 65 6e 61 62	chains..Use.this.command.to.enab
ee660	6c 65 20 74 68 65 20 6c 6f 67 67 69 6e 67 20 6f 66 20 74 68 65 20 64 65 66 61 75 6c 74 20 61 63	le.the.logging.of.the.default.ac
ee680	74 69 6f 6e 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 65 6e 61 62 6c 65	tion..Use.this.command.to.enable
ee6a0	2c 20 64 69 73 61 62 6c 65 2c 20 6f 72 20 73 70 65 63 69 66 79 20 68 6f 70 20 63 6f 75 6e 74 20	,.disable,.or.specify.hop.count.
ee6c0	66 6f 72 20 54 54 4c 20 73 65 63 75 72 69 74 79 20 66 6f 72 20 4c 44 50 20 70 65 65 72 73 2e 20	for.TTL.security.for.LDP.peers..
ee6e0	42 79 20 64 65 66 61 75 6c 74 20 74 68 65 20 76 61 6c 75 65 20 69 73 20 73 65 74 20 74 6f 20 32	By.default.the.value.is.set.to.2
ee700	35 35 20 28 6f 72 20 6d 61 78 20 54 54 4c 29 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e	55.(or.max.TTL)..Use.this.comman
ee720	64 20 74 6f 20 66 6c 75 73 68 20 74 68 65 20 6b 65 72 6e 65 6c 20 49 50 76 36 20 72 6f 75 74 65	d.to.flush.the.kernel.IPv6.route
ee740	20 63 61 63 68 65 2e 20 41 6e 20 61 64 64 72 65 73 73 20 63 61 6e 20 62 65 20 61 64 64 65 64 20	.cache..An.address.can.be.added.
ee760	74 6f 20 66 6c 75 73 68 20 69 74 20 6f 6e 6c 79 20 66 6f 72 20 74 68 61 74 20 72 6f 75 74 65 2e	to.flush.it.only.for.that.route.
ee780	00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 67 65 74 20 61 6e 20 6f 76 65 72	.Use.this.command.to.get.an.over
ee7a0	76 69 65 77 20 6f 66 20 61 20 7a 6f 6e 65 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64	view.of.a.zone..Use.this.command
ee7c0	20 74 6f 20 67 65 74 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 4f 53 50 46 76 33	.to.get.information.about.OSPFv3
ee7e0	2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 67 65 74 20 69 6e 66 6f 72 6d	..Use.this.command.to.get.inform
ee800	61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 65 20 52 49 50 4e 47 20 70 72 6f 74 6f 63 6f 6c 00 55	ation.about.the.RIPNG.protocol.U
ee820	73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 69 6e 73 74 72 75 63 74 20 74 68 65 20	se.this.command.to.instruct.the.
ee840	73 79 73 74 65 6d 20 74 6f 20 65 73 74 61 62 6c 69 73 68 20 61 20 50 50 50 6f 45 20 63 6f 6e 6e	system.to.establish.a.PPPoE.conn
ee860	65 63 74 69 6f 6e 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 6f 6e 63 65 20 74 72 61 66 66 69	ection.automatically.once.traffi
ee880	63 20 70 61 73 73 65 73 20 74 68 72 6f 75 67 68 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 2e 20	c.passes.through.the.interface..
ee8a0	41 20 64 69 73 61 62 6c 65 64 20 6f 6e 2d 64 65 6d 61 6e 64 20 63 6f 6e 6e 65 63 74 69 6f 6e 20	A.disabled.on-demand.connection.
ee8c0	69 73 20 65 73 74 61 62 6c 69 73 68 65 64 20 61 74 20 62 6f 6f 74 20 74 69 6d 65 20 61 6e 64 20	is.established.at.boot.time.and.
ee8e0	72 65 6d 61 69 6e 73 20 75 70 2e 20 49 66 20 74 68 65 20 6c 69 6e 6b 20 66 61 69 6c 73 20 66 6f	remains.up..If.the.link.fails.fo
ee900	72 20 61 6e 79 20 72 65 61 73 6f 6e 2c 20 74 68 65 20 6c 69 6e 6b 20 69 73 20 62 72 6f 75 67 68	r.any.reason,.the.link.is.brough
ee920	74 20 62 61 63 6b 20 75 70 20 69 6d 6d 65 64 69 61 74 65 6c 79 2e 00 55 73 65 20 74 68 69 73 20	t.back.up.immediately..Use.this.
ee940	63 6f 6d 6d 61 6e 64 20 74 6f 20 6c 69 6e 6b 20 74 68 65 20 50 50 50 6f 45 20 63 6f 6e 6e 65 63	command.to.link.the.PPPoE.connec
ee960	74 69 6f 6e 20 74 6f 20 61 20 70 68 79 73 69 63 61 6c 20 69 6e 74 65 72 66 61 63 65 2e 20 45 61	tion.to.a.physical.interface..Ea
ee980	63 68 20 50 50 50 6f 45 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 6d 75 73 74 20 62 65 20 65 73 74 61	ch.PPPoE.connection.must.be.esta
ee9a0	62 6c 69 73 68 65 64 20 6f 76 65 72 20 61 20 70 68 79 73 69 63 61 6c 20 69 6e 74 65 72 66 61 63	blished.over.a.physical.interfac
ee9c0	65 2e 20 49 6e 74 65 72 66 61 63 65 73 20 63 61 6e 20 62 65 20 72 65 67 75 6c 61 72 20 45 74 68	e..Interfaces.can.be.regular.Eth
ee9e0	65 72 6e 65 74 20 69 6e 74 65 72 66 61 63 65 73 2c 20 56 49 46 73 20 6f 72 20 62 6f 6e 64 69 6e	ernet.interfaces,.VIFs.or.bondin
eea00	67 20 69 6e 74 65 72 66 61 63 65 73 2f 56 49 46 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d	g.interfaces/VIFs..Use.this.comm
eea20	61 6e 64 20 74 6f 20 6c 6f 63 61 6c 6c 79 20 63 68 65 63 6b 20 74 68 65 20 61 63 74 69 76 65 20	and.to.locally.check.the.active.
eea40	73 65 73 73 69 6f 6e 73 20 69 6e 20 74 68 65 20 50 50 50 6f 45 20 73 65 72 76 65 72 2e 00 55 73	sessions.in.the.PPPoE.server..Us
eea60	65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 6d 61 6e 75 61 6c 6c 79 20 63 6f 6e 66 69	e.this.command.to.manually.confi
eea80	67 75 72 65 20 61 20 52 65 6e 64 65 7a 76 6f 75 73 20 50 6f 69 6e 74 20 66 6f 72 20 50 49 4d 20	gure.a.Rendezvous.Point.for.PIM.
eeaa0	73 6f 20 74 68 61 74 20 6a 6f 69 6e 20 6d 65 73 73 61 67 65 73 20 63 61 6e 20 62 65 20 73 65 6e	so.that.join.messages.can.be.sen
eeac0	74 20 74 68 65 72 65 2e 20 53 65 74 20 74 68 65 20 52 65 6e 64 65 76 6f 75 7a 20 50 6f 69 6e 74	t.there..Set.the.Rendevouz.Point
eeae0	20 61 64 64 72 65 73 73 20 61 6e 64 20 74 68 65 20 6d 61 74 63 68 69 6e 67 20 70 72 65 66 69 78	.address.and.the.matching.prefix
eeb00	20 6f 66 20 67 72 6f 75 70 20 72 61 6e 67 65 73 20 63 6f 76 65 72 65 64 2e 20 54 68 65 73 65 20	.of.group.ranges.covered..These.
eeb20	76 61 6c 75 65 73 20 6d 75 73 74 20 62 65 20 73 68 61 72 65 64 20 77 69 74 68 20 65 76 65 72 79	values.must.be.shared.with.every
eeb40	20 72 6f 75 74 65 72 20 70 61 72 74 69 63 69 70 61 74 69 6e 67 20 69 6e 20 74 68 65 20 50 49 4d	.router.participating.in.the.PIM
eeb60	20 6e 65 74 77 6f 72 6b 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 6e 6f	.network..Use.this.command.to.no
eeb80	74 20 69 6e 73 74 61 6c 6c 20 61 64 76 65 72 74 69 73 65 64 20 44 4e 53 20 6e 61 6d 65 73 65 72	t.install.advertised.DNS.nameser
eeba0	76 65 72 73 20 69 6e 74 6f 20 74 68 65 20 6c 6f 63 61 6c 20 73 79 73 74 65 6d 2e 00 55 73 65 20	vers.into.the.local.system..Use.
eebc0	74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 70 72 65 66 65 72 20 49 50 76 34 20 66 6f 72 20	this.command.to.prefer.IPv4.for.
eebe0	54 43 50 20 70 65 65 72 20 74 72 61 6e 73 70 6f 72 74 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 66 6f	TCP.peer.transport.connection.fo
eec00	72 20 4c 44 50 20 77 68 65 6e 20 62 6f 74 68 20 61 6e 20 49 50 76 34 20 61 6e 64 20 49 50 76 36	r.LDP.when.both.an.IPv4.and.IPv6
eec20	20 4c 44 50 20 61 64 64 72 65 73 73 20 61 72 65 20 63 6f 6e 66 69 67 75 72 65 64 20 6f 6e 20 74	.LDP.address.are.configured.on.t
eec40	68 65 20 73 61 6d 65 20 69 6e 74 65 72 66 61 63 65 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d	he.same.interface..Use.this.comm
eec60	61 6e 64 20 74 6f 20 72 65 73 65 74 20 49 50 76 36 20 4e 65 69 67 68 62 6f 72 20 44 69 73 63 6f	and.to.reset.IPv6.Neighbor.Disco
eec80	76 65 72 79 20 50 72 6f 74 6f 63 6f 6c 20 63 61 63 68 65 20 66 6f 72 20 61 6e 20 61 64 64 72 65	very.Protocol.cache.for.an.addre
eeca0	73 73 20 6f 72 20 69 6e 74 65 72 66 61 63 65 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e	ss.or.interface..Use.this.comman
eecc0	64 20 74 6f 20 72 65 73 65 74 20 61 6e 20 4c 44 50 20 6e 65 69 67 68 62 6f 72 2f 54 43 50 20 73	d.to.reset.an.LDP.neighbor/TCP.s
eece0	65 73 73 69 6f 6e 20 74 68 61 74 20 69 73 20 65 73 74 61 62 6c 69 73 68 65 64 00 55 73 65 20 74	ession.that.is.established.Use.t
eed00	68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 72 65 73 65 74 20 74 68 65 20 4f 70 65 6e 56 50 4e	his.command.to.reset.the.OpenVPN
eed20	20 70 72 6f 63 65 73 73 20 6f 6e 20 61 20 73 70 65 63 69 66 69 63 20 69 6e 74 65 72 66 61 63 65	.process.on.a.specific.interface
eed40	2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 72 65 73 65 74 20 74 68 65 20	..Use.this.command.to.reset.the.
eed60	73 70 65 63 69 66 69 65 64 20 4f 70 65 6e 56 50 4e 20 63 6c 69 65 6e 74 2e 00 55 73 65 20 74 68	specified.OpenVPN.client..Use.th
eed80	69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 72 65 73 74 72 69 63 74 20 74 68 65 20 50 50 50 6f 45	is.command.to.restrict.the.PPPoE
eeda0	20 73 65 73 73 69 6f 6e 20 6f 6e 20 61 20 67 69 76 65 6e 20 61 63 63 65 73 73 20 63 6f 6e 63 65	.session.on.a.given.access.conce
eedc0	6e 74 72 61 74 6f 72 2e 20 4e 6f 72 6d 61 6c 6c 79 2c 20 61 20 68 6f 73 74 20 73 65 6e 64 73 20	ntrator..Normally,.a.host.sends.
eede0	61 20 50 50 50 6f 45 20 69 6e 69 74 69 61 74 69 6f 6e 20 70 61 63 6b 65 74 20 74 6f 20 73 74 61	a.PPPoE.initiation.packet.to.sta
eee00	72 74 20 74 68 65 20 50 50 50 6f 45 20 64 69 73 63 6f 76 65 72 79 20 70 72 6f 63 65 73 73 2c 20	rt.the.PPPoE.discovery.process,.
eee20	61 20 6e 75 6d 62 65 72 20 6f 66 20 61 63 63 65 73 73 20 63 6f 6e 63 65 6e 74 72 61 74 6f 72 73	a.number.of.access.concentrators
eee40	20 72 65 73 70 6f 6e 64 20 77 69 74 68 20 6f 66 66 65 72 20 70 61 63 6b 65 74 73 20 61 6e 64 20	.respond.with.offer.packets.and.
eee60	74 68 65 20 68 6f 73 74 20 73 65 6c 65 63 74 73 20 6f 6e 65 20 6f 66 20 74 68 65 20 72 65 73 70	the.host.selects.one.of.the.resp
eee80	6f 6e 64 69 6e 67 20 61 63 63 65 73 73 20 63 6f 6e 63 65 6e 74 72 61 74 6f 72 73 20 74 6f 20 73	onding.access.concentrators.to.s
eeea0	65 72 76 65 20 74 68 69 73 20 73 65 73 73 69 6f 6e 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d	erve.this.session..Use.this.comm
eeec0	61 6e 64 20 74 6f 20 73 65 65 20 4c 44 50 20 69 6e 74 65 72 66 61 63 65 20 69 6e 66 6f 72 6d 61	and.to.see.LDP.interface.informa
eeee0	74 69 6f 6e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 73 65 65 20 4c 44 50	tion.Use.this.command.to.see.LDP
eef00	20 6e 65 69 67 68 62 6f 72 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 00 55 73 65 20 74 68 69 73 20 63	.neighbor.information.Use.this.c
eef20	6f 6d 6d 61 6e 64 20 74 6f 20 73 65 65 20 64 65 74 61 69 6c 65 64 20 4c 44 50 20 6e 65 69 67 68	ommand.to.see.detailed.LDP.neigh
eef40	62 6f 72 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64	bor.information.Use.this.command
eef60	20 74 6f 20 73 65 65 20 64 69 73 63 6f 76 65 72 79 20 68 65 6c 6c 6f 20 69 6e 66 6f 72 6d 61 74	.to.see.discovery.hello.informat
eef80	69 6f 6e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 73 65 65 20 74 68 65 20	ion.Use.this.command.to.see.the.
eefa0	4c 61 62 65 6c 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 20 42 61 73 65 2e 00 55 73 65 20 74 68 69 73	Label.Information.Base..Use.this
eefc0	20 63 6f 6d 6d 61 6e 64 20 74 6f 20 73 65 74 20 61 20 6e 61 6d 65 20 66 6f 72 20 74 68 69 73 20	.command.to.set.a.name.for.this.
eefe0	50 50 50 6f 45 2d 73 65 72 76 65 72 20 61 63 63 65 73 73 20 63 6f 6e 63 65 6e 74 72 61 74 6f 72	PPPoE-server.access.concentrator
ef000	2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 73 65 74 20 72 65 2d 64 69 61	..Use.this.command.to.set.re-dia
ef020	6c 20 64 65 6c 61 79 20 74 69 6d 65 20 74 6f 20 62 65 20 75 73 65 64 20 77 69 74 68 20 70 65 72	l.delay.time.to.be.used.with.per
ef040	73 69 73 74 20 50 50 50 6f 45 20 73 65 73 73 69 6f 6e 73 2e 20 57 68 65 6e 20 74 68 65 20 50 50	sist.PPPoE.sessions..When.the.PP
ef060	50 6f 45 20 73 65 73 73 69 6f 6e 20 69 73 20 74 65 72 6d 69 6e 61 74 65 64 20 62 79 20 70 65 65	PoE.session.is.terminated.by.pee
ef080	72 2c 20 61 6e 64 20 6f 6e 2d 64 65 6d 61 6e 64 20 6f 70 74 69 6f 6e 20 69 73 20 6e 6f 74 20 73	r,.and.on-demand.option.is.not.s
ef0a0	65 74 2c 20 74 68 65 20 72 6f 75 74 65 72 20 77 69 6c 6c 20 61 74 74 65 6d 70 74 20 74 6f 20 72	et,.the.router.will.attempt.to.r
ef0c0	65 2d 65 73 74 61 62 6c 69 73 68 20 74 68 65 20 50 50 50 6f 45 20 6c 69 6e 6b 2e 00 55 73 65 20	e-establish.the.PPPoE.link..Use.
ef0e0	74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 73 65 74 20 74 68 65 20 49 50 20 61 64 64 72 65	this.command.to.set.the.IP.addre
ef100	73 73 20 6f 66 20 74 68 65 20 6c 6f 63 61 6c 20 65 6e 64 70 6f 69 6e 74 20 6f 66 20 61 20 50 50	ss.of.the.local.endpoint.of.a.PP
ef120	50 6f 45 20 73 65 73 73 69 6f 6e 2e 20 49 66 20 69 74 20 69 73 20 6e 6f 74 20 73 65 74 20 69 74	PoE.session..If.it.is.not.set.it
ef140	20 77 69 6c 6c 20 62 65 20 6e 65 67 6f 74 69 61 74 65 64 2e 00 55 73 65 20 74 68 69 73 20 63 6f	.will.be.negotiated..Use.this.co
ef160	6d 6d 61 6e 64 20 74 6f 20 73 65 74 20 74 68 65 20 49 50 20 61 64 64 72 65 73 73 20 6f 66 20 74	mmand.to.set.the.IP.address.of.t
ef180	68 65 20 72 65 6d 6f 74 65 20 65 6e 64 70 6f 69 6e 74 20 6f 66 20 61 20 50 50 50 6f 45 20 73 65	he.remote.endpoint.of.a.PPPoE.se
ef1a0	73 73 69 6f 6e 2e 20 49 66 20 69 74 20 69 73 20 6e 6f 74 20 73 65 74 20 69 74 20 77 69 6c 6c 20	ssion..If.it.is.not.set.it.will.
ef1c0	62 65 20 6e 65 67 6f 74 69 61 74 65 64 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20	be.negotiated..Use.this.command.
ef1e0	74 6f 20 73 65 74 20 74 68 65 20 49 50 76 34 20 6f 72 20 49 50 76 36 20 61 64 64 72 65 73 73 20	to.set.the.IPv4.or.IPv6.address.
ef200	6f 66 20 65 76 65 72 79 20 44 6f 6d 61 6e 20 4e 61 6d 65 20 53 65 72 76 65 72 20 79 6f 75 20 77	of.every.Doman.Name.Server.you.w
ef220	61 6e 74 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 2e 20 54 68 65 79 20 77 69 6c 6c 20 62 65 20 70	ant.to.configure..They.will.be.p
ef240	72 6f 70 61 67 61 74 65 64 20 74 6f 20 50 50 50 6f 45 20 63 6c 69 65 6e 74 73 2e 00 55 73 65 20	ropagated.to.PPPoE.clients..Use.
ef260	74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 73 65 74 20 74 68 65 20 49 50 76 34 20 6f 72 20	this.command.to.set.the.IPv4.or.
ef280	49 50 76 36 20 74 72 61 6e 73 70 6f 72 74 2d 61 64 64 72 65 73 73 20 75 73 65 64 20 62 79 20 4c	IPv6.transport-address.used.by.L
ef2a0	44 50 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 73 65 74 20 74 68 65 20	DP..Use.this.command.to.set.the.
ef2c0	69 64 6c 65 20 74 69 6d 65 6f 75 74 20 69 6e 74 65 72 76 61 6c 20 74 6f 20 62 65 20 75 73 65 64	idle.timeout.interval.to.be.used
ef2e0	20 77 69 74 68 20 6f 6e 2d 64 65 6d 61 6e 64 20 50 50 50 6f 45 20 73 65 73 73 69 6f 6e 73 2e 20	.with.on-demand.PPPoE.sessions..
ef300	57 68 65 6e 20 61 6e 20 6f 6e 2d 64 65 6d 61 6e 64 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 69 73 20	When.an.on-demand.connection.is.
ef320	65 73 74 61 62 6c 69 73 68 65 64 2c 20 74 68 65 20 6c 69 6e 6b 20 69 73 20 62 72 6f 75 67 68 74	established,.the.link.is.brought
ef340	20 75 70 20 6f 6e 6c 79 20 77 68 65 6e 20 74 72 61 66 66 69 63 20 69 73 20 73 65 6e 74 20 61 6e	.up.only.when.traffic.is.sent.an
ef360	64 20 69 73 20 64 69 73 61 62 6c 65 64 20 77 68 65 6e 20 74 68 65 20 6c 69 6e 6b 20 69 73 20 69	d.is.disabled.when.the.link.is.i
ef380	64 6c 65 20 66 6f 72 20 74 68 65 20 69 6e 74 65 72 76 61 6c 20 73 70 65 63 69 66 69 65 64 2e 00	dle.for.the.interval.specified..
ef3a0	55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 73 65 74 20 74 68 65 20 70 61 73 73	Use.this.command.to.set.the.pass
ef3c0	77 6f 72 64 20 66 6f 72 20 61 75 74 68 65 6e 74 69 63 61 74 69 6e 67 20 77 69 74 68 20 61 20 72	word.for.authenticating.with.a.r
ef3e0	65 6d 6f 74 65 20 50 50 50 6f 45 20 65 6e 64 70 6f 69 6e 74 2e 20 41 75 74 68 65 6e 74 69 63 61	emote.PPPoE.endpoint..Authentica
ef400	74 69 6f 6e 20 69 73 20 6f 70 74 69 6f 6e 61 6c 20 66 72 6f 6d 20 74 68 65 20 73 79 73 74 65 6d	tion.is.optional.from.the.system
ef420	27 73 20 70 6f 69 6e 74 20 6f 66 20 76 69 65 77 20 62 75 74 20 6d 6f 73 74 20 73 65 72 76 69 63	's.point.of.view.but.most.servic
ef440	65 20 70 72 6f 76 69 64 65 72 73 20 72 65 71 75 69 72 65 20 69 74 2e 00 55 73 65 20 74 68 69 73	e.providers.require.it..Use.this
ef460	20 63 6f 6d 6d 61 6e 64 20 74 6f 20 73 65 74 20 74 68 65 20 74 61 72 67 65 74 20 74 6f 20 75 73	.command.to.set.the.target.to.us
ef480	65 2e 20 41 63 74 69 6f 6e 20 71 75 65 75 65 20 6d 75 73 74 20 62 65 20 64 65 66 69 6e 65 64 20	e..Action.queue.must.be.defined.
ef4a0	74 6f 20 75 73 65 20 74 68 69 73 20 73 65 74 74 69 6e 67 00 55 73 65 20 74 68 69 73 20 63 6f 6d	to.use.this.setting.Use.this.com
ef4c0	6d 61 6e 64 20 74 6f 20 73 65 74 20 74 68 65 20 75 73 65 72 6e 61 6d 65 20 66 6f 72 20 61 75 74	mand.to.set.the.username.for.aut
ef4e0	68 65 6e 74 69 63 61 74 69 6e 67 20 77 69 74 68 20 61 20 72 65 6d 6f 74 65 20 50 50 50 6f 45 20	henticating.with.a.remote.PPPoE.
ef500	65 6e 64 70 6f 69 6e 74 2e 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 69 73 20 6f 70 74 69	endpoint..Authentication.is.opti
ef520	6f 6e 61 6c 20 66 72 6f 6d 20 74 68 65 20 73 79 73 74 65 6d 27 73 20 70 6f 69 6e 74 20 6f 66 20	onal.from.the.system's.point.of.
ef540	76 69 65 77 20 62 75 74 20 6d 6f 73 74 20 73 65 72 76 69 63 65 20 70 72 6f 76 69 64 65 72 73 20	view.but.most.service.providers.
ef560	72 65 71 75 69 72 65 20 69 74 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20	require.it..Use.this.command.to.
ef580	73 68 6f 77 20 49 50 76 36 20 42 6f 72 64 65 72 20 47 61 74 65 77 61 79 20 50 72 6f 74 6f 63 6f	show.IPv6.Border.Gateway.Protoco
ef5a0	6c 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20	l.information..Use.this.command.
ef5c0	74 6f 20 73 68 6f 77 20 49 50 76 36 20 4e 65 69 67 68 62 6f 72 20 44 69 73 63 6f 76 65 72 79 20	to.show.IPv6.Neighbor.Discovery.
ef5e0	50 72 6f 74 6f 63 6f 6c 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 00 55 73 65 20 74 68 69 73 20 63	Protocol.information..Use.this.c
ef600	6f 6d 6d 61 6e 64 20 74 6f 20 73 68 6f 77 20 49 50 76 36 20 66 6f 72 77 61 72 64 69 6e 67 20 73	ommand.to.show.IPv6.forwarding.s
ef620	74 61 74 75 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 73 68 6f 77 20	tatus..Use.this.command.to.show.
ef640	49 50 76 36 20 6d 75 6c 74 69 63 61 73 74 20 67 72 6f 75 70 20 6d 65 6d 62 65 72 73 68 69 70 2e	IPv6.multicast.group.membership.
ef660	00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 73 68 6f 77 20 49 50 76 36 20 72	.Use.this.command.to.show.IPv6.r
ef680	6f 75 74 65 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 73 68 6f 77 20	outes..Use.this.command.to.show.
ef6a0	61 6c 6c 20 49 50 76 36 20 61 63 63 65 73 73 20 6c 69 73 74 73 00 55 73 65 20 74 68 69 73 20 63	all.IPv6.access.lists.Use.this.c
ef6c0	6f 6d 6d 61 6e 64 20 74 6f 20 73 68 6f 77 20 61 6c 6c 20 49 50 76 36 20 70 72 65 66 69 78 20 6c	ommand.to.show.all.IPv6.prefix.l
ef6e0	69 73 74 73 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 73 68 6f 77 20 74 68	ists.Use.this.command.to.show.th
ef700	65 20 73 74 61 74 75 73 20 6f 66 20 74 68 65 20 52 49 50 4e 47 20 70 72 6f 74 6f 63 6f 6c 00 55	e.status.of.the.RIPNG.protocol.U
ef720	73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 73 70 65 63 69 66 79 20 61 20 44 4e 53	se.this.command.to.specify.a.DNS
ef740	20 73 65 72 76 65 72 20 66 6f 72 20 74 68 65 20 73 79 73 74 65 6d 20 74 6f 20 62 65 20 75 73 65	.server.for.the.system.to.be.use
ef760	64 20 66 6f 72 20 44 4e 53 20 6c 6f 6f 6b 75 70 73 2e 20 4d 6f 72 65 20 74 68 61 6e 20 6f 6e 65	d.for.DNS.lookups..More.than.one
ef780	20 44 4e 53 20 73 65 72 76 65 72 20 63 61 6e 20 62 65 20 61 64 64 65 64 2c 20 63 6f 6e 66 69 67	.DNS.server.can.be.added,.config
ef7a0	75 72 69 6e 67 20 6f 6e 65 20 61 74 20 61 20 74 69 6d 65 2e 20 42 6f 74 68 20 49 50 76 34 20 61	uring.one.at.a.time..Both.IPv4.a
ef7c0	6e 64 20 49 50 76 36 20 61 64 64 72 65 73 73 65 73 20 61 72 65 20 73 75 70 70 6f 72 74 65 64 2e	nd.IPv6.addresses.are.supported.
ef7e0	00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 73 70 65 63 69 66 79 20 61 20 64	.Use.this.command.to.specify.a.d
ef800	6f 6d 61 69 6e 20 6e 61 6d 65 20 74 6f 20 62 65 20 61 70 70 65 6e 64 65 64 20 74 6f 20 64 6f 6d	omain.name.to.be.appended.to.dom
ef820	61 69 6e 2d 6e 61 6d 65 73 20 77 69 74 68 69 6e 20 55 52 4c 73 20 74 68 61 74 20 64 6f 20 6e 6f	ain-names.within.URLs.that.do.no
ef840	74 20 69 6e 63 6c 75 64 65 20 61 20 64 6f 74 20 60 60 2e 60 60 20 74 68 65 20 64 6f 6d 61 69 6e	t.include.a.dot.``.``.the.domain
ef860	20 69 73 20 61 70 70 65 6e 64 65 64 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74	.is.appended..Use.this.command.t
ef880	6f 20 73 70 65 63 69 66 79 20 61 20 73 65 72 76 69 63 65 20 6e 61 6d 65 20 62 79 20 77 68 69 63	o.specify.a.service.name.by.whic
ef8a0	68 20 74 68 65 20 6c 6f 63 61 6c 20 50 50 50 6f 45 20 69 6e 74 65 72 66 61 63 65 20 63 61 6e 20	h.the.local.PPPoE.interface.can.
ef8c0	73 65 6c 65 63 74 20 61 63 63 65 73 73 20 63 6f 6e 63 65 6e 74 72 61 74 6f 72 73 20 74 6f 20 63	select.access.concentrators.to.c
ef8e0	6f 6e 6e 65 63 74 20 77 69 74 68 2e 20 49 74 20 77 69 6c 6c 20 63 6f 6e 6e 65 63 74 20 74 6f 20	onnect.with..It.will.connect.to.
ef900	61 6e 79 20 61 63 63 65 73 73 20 63 6f 6e 63 65 6e 74 72 61 74 6f 72 20 69 66 20 6e 6f 74 20 73	any.access.concentrator.if.not.s
ef920	65 74 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 75 73 65 20 4c 61 79 65	et..Use.this.command.to.use.Laye
ef940	72 20 34 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 66 6f 72 20 49 50 76 34 20 45 43 4d 50 20 68 61	r.4.information.for.IPv4.ECMP.ha
ef960	73 68 69 6e 67 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 75 73 65 20 61	shing..Use.this.command.to.use.a
ef980	20 43 69 73 63 6f 20 6e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 74 20 66 6f 72 6d 61 74 20 74 6f 20 73	.Cisco.non-compliant.format.to.s
ef9a0	65 6e 64 20 61 6e 64 20 69 6e 74 65 72 70 72 65 74 20 74 68 65 20 44 75 61 6c 2d 53 74 61 63 6b	end.and.interpret.the.Dual-Stack
ef9c0	20 63 61 70 61 62 69 6c 69 74 79 20 54 4c 56 20 66 6f 72 20 49 50 76 36 20 4c 44 50 20 63 6f 6d	.capability.TLV.for.IPv6.LDP.com
ef9e0	6d 75 6e 69 63 61 74 69 6f 6e 73 2e 20 54 68 69 73 20 69 73 20 72 65 6c 61 74 65 64 20 74 6f 20	munications..This.is.related.to.
efa00	3a 72 66 63 3a 60 37 35 35 32 60 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f	:rfc:`7552`..Use.this.command.to
efa20	20 75 73 65 20 6f 72 64 65 72 65 64 20 6c 61 62 65 6c 20 64 69 73 74 72 69 62 75 74 69 6f 6e 20	.use.ordered.label.distribution.
efa40	63 6f 6e 74 72 6f 6c 20 6d 6f 64 65 2e 20 46 52 52 20 62 79 20 64 65 66 61 75 6c 74 20 75 73 65	control.mode..FRR.by.default.use
efa60	73 20 69 6e 64 65 70 65 6e 64 65 6e 74 20 6c 61 62 65 6c 20 64 69 73 74 72 69 62 75 74 69 6f 6e	s.independent.label.distribution
efa80	20 63 6f 6e 74 72 6f 6c 20 6d 6f 64 65 20 66 6f 72 20 6c 61 62 65 6c 20 64 69 73 74 72 69 62 75	.control.mode.for.label.distribu
efaa0	74 69 6f 6e 2e 20 20 54 68 69 73 20 69 73 20 72 65 6c 61 74 65 64 20 74 6f 20 3a 72 66 63 3a 60	tion...This.is.related.to.:rfc:`
efac0	35 30 33 36 60 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 75 73 65 72 20	5036`..Use.this.command.to.user.
efae0	4c 61 79 65 72 20 34 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 66 6f 72 20 45 43 4d 50 20 68 61 73	Layer.4.information.for.ECMP.has
efb00	68 69 6e 67 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 76 69 65 77 20 6f	hing..Use.this.command.to.view.o
efb20	70 65 72 61 74 69 6f 6e 61 6c 20 73 74 61 74 75 73 20 61 6e 64 20 64 65 74 61 69 6c 73 20 77 69	perational.status.and.details.wi
efb40	72 65 6c 65 73 73 2d 73 70 65 63 69 66 69 63 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75	reless-specific.information.abou
efb60	74 20 61 6c 6c 20 77 69 72 65 6c 65 73 73 20 69 6e 74 65 72 66 61 63 65 73 2e 00 55 73 65 20 74	t.all.wireless.interfaces..Use.t
efb80	68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 76 69 65 77 20 6f 70 65 72 61 74 69 6f 6e 61 6c 20	his.command.to.view.operational.
efba0	73 74 61 74 75 73 20 61 6e 64 20 77 69 72 65 6c 65 73 73 2d 73 70 65 63 69 66 69 63 20 69 6e 66	status.and.wireless-specific.inf
efbc0	6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 61 6c 6c 20 77 69 72 65 6c 65 73 73 20 69 6e 74 65	ormation.about.all.wireless.inte
efbe0	72 66 61 63 65 73 2e 00 55 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 76 69 65 77	rfaces..Use.this.command.to.view
efc00	20 77 69 72 65 6c 65 73 73 20 69 6e 74 65 72 66 61 63 65 20 71 75 65 75 65 20 69 6e 66 6f 72 6d	.wireless.interface.queue.inform
efc20	61 74 69 6f 6e 2e 20 54 68 65 20 77 69 72 65 6c 65 73 73 20 69 6e 74 65 72 66 61 63 65 20 69 64	ation..The.wireless.interface.id
efc40	65 6e 74 69 66 69 65 72 20 63 61 6e 20 72 61 6e 67 65 20 66 72 6f 6d 20 77 6c 61 6e 30 20 74 6f	entifier.can.range.from.wlan0.to
efc60	20 77 6c 61 6e 39 39 39 2e 00 55 73 65 64 20 66 6f 72 20 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69	.wlan999..Used.for.troubleshooti
efc80	6e 67 2e 00 55 73 65 64 20 74 6f 20 62 6c 6f 63 6b 20 61 20 73 70 65 63 69 66 69 63 20 6d 69 6d	ng..Used.to.block.a.specific.mim
efca0	65 2d 74 79 70 65 2e 00 55 73 65 64 20 74 6f 20 62 6c 6f 63 6b 20 73 70 65 63 69 66 69 63 20 64	e-type..Used.to.block.specific.d
efcc0	6f 6d 61 69 6e 73 20 62 79 20 74 68 65 20 50 72 6f 78 79 2e 20 53 70 65 63 69 66 79 69 6e 67 20	omains.by.the.Proxy..Specifying.
efce0	22 76 79 6f 73 2e 6e 65 74 22 20 77 69 6c 6c 20 62 6c 6f 63 6b 20 61 6c 6c 20 61 63 63 65 73 73	"vyos.net".will.block.all.access
efd00	20 74 6f 20 76 79 6f 73 2e 6e 65 74 2c 20 61 6e 64 20 73 70 65 63 69 66 79 69 6e 67 20 22 2e 78	.to.vyos.net,.and.specifying.".x
efd20	78 78 22 20 77 69 6c 6c 20 62 6c 6f 63 6b 20 61 6c 6c 20 61 63 63 65 73 73 20 74 6f 20 55 52 4c	xx".will.block.all.access.to.URL
efd40	73 20 68 61 76 69 6e 67 20 61 6e 20 55 52 4c 20 65 6e 64 69 6e 67 20 6f 6e 20 2e 78 78 78 2e 00	s.having.an.URL.ending.on..xxx..
efd60	55 73 65 72 2d 6c 65 76 65 6c 20 6d 65 73 73 61 67 65 73 00 55 73 69 6e 67 20 27 73 6f 66 74 2d	User-level.messages.Using.'soft-
efd80	72 65 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 27 20 77 65 20 67 65 74 20 74 68 65 20 70 6f 6c 69	reconfiguration'.we.get.the.poli
efda0	63 79 20 75 70 64 61 74 65 20 77 69 74 68 6f 75 74 20 62 6f 75 6e 63 69 6e 67 20 74 68 65 20 6e	cy.update.without.bouncing.the.n
efdc0	65 69 67 68 62 6f 72 2e 00 55 73 69 6e 67 20 2a 2a 6f 70 65 6e 76 70 6e 2d 6f 70 74 69 6f 6e 20	eighbor..Using.**openvpn-option.
efde0	2d 72 65 6e 65 67 2d 73 65 63 2a 2a 20 63 61 6e 20 62 65 20 74 72 69 63 6b 79 2e 20 54 68 69 73	-reneg-sec**.can.be.tricky..This
efe00	20 6f 70 74 69 6f 6e 20 69 73 20 75 73 65 64 20 74 6f 20 72 65 6e 65 67 6f 74 69 61 74 65 20 64	.option.is.used.to.renegotiate.d
efe20	61 74 61 20 63 68 61 6e 6e 65 6c 20 61 66 74 65 72 20 6e 20 73 65 63 6f 6e 64 73 2e 20 57 68 65	ata.channel.after.n.seconds..Whe
efe40	6e 20 75 73 65 64 20 61 74 20 62 6f 74 68 20 73 65 72 76 65 72 20 61 6e 64 20 63 6c 69 65 6e 74	n.used.at.both.server.and.client
efe60	2c 20 74 68 65 20 6c 6f 77 65 72 20 76 61 6c 75 65 20 77 69 6c 6c 20 74 72 69 67 67 65 72 20 74	,.the.lower.value.will.trigger.t
efe80	68 65 20 72 65 6e 65 67 6f 74 69 61 74 69 6f 6e 2e 20 49 66 20 79 6f 75 20 73 65 74 20 69 74 20	he.renegotiation..If.you.set.it.
efea0	74 6f 20 30 20 6f 6e 20 6f 6e 65 20 73 69 64 65 20 6f 66 20 74 68 65 20 63 6f 6e 6e 65 63 74 69	to.0.on.one.side.of.the.connecti
efec0	6f 6e 20 28 74 6f 20 64 69 73 61 62 6c 65 20 69 74 29 2c 20 74 68 65 20 63 68 6f 73 65 6e 20 76	on.(to.disable.it),.the.chosen.v
efee0	61 6c 75 65 20 6f 6e 20 74 68 65 20 6f 74 68 65 72 20 73 69 64 65 20 77 69 6c 6c 20 64 65 74 65	alue.on.the.other.side.will.dete
eff00	72 6d 69 6e 65 20 77 68 65 6e 20 74 68 65 20 72 65 6e 65 67 6f 74 69 61 74 69 6f 6e 20 77 69 6c	rmine.when.the.renegotiation.wil
eff20	6c 20 6f 63 63 75 72 2e 00 55 73 69 6e 67 20 42 47 50 20 63 6f 6e 66 65 64 65 72 61 74 69 6f 6e	l.occur..Using.BGP.confederation
eff40	00 55 73 69 6e 67 20 42 47 50 20 72 6f 75 74 65 2d 72 65 66 6c 65 63 74 6f 72 73 00 55 73 69 6e	.Using.BGP.route-reflectors.Usin
eff60	67 20 56 4c 41 4e 20 61 77 61 72 65 20 42 72 69 64 67 65 00 55 73 69 6e 67 20 74 68 65 20 6f 70	g.VLAN.aware.Bridge.Using.the.op
eff80	65 72 61 74 69 6f 6e 20 6d 6f 64 65 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 76 69 65 77 20 42 72 69	eration.mode.command.to.view.Bri
effa0	64 67 65 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 00 55 73 69 6e 67 20 74 68 69 73 20 63 6f 6d 6d 61	dge.Information.Using.this.comma
effc0	6e 64 2c 20 79 6f 75 20 77 69 6c 6c 20 63 72 65 61 74 65 20 61 20 6e 65 77 20 63 6c 69 65 6e 74	nd,.you.will.create.a.new.client
effe0	20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 77 68 69 63 68 20 63 61 6e 20 63 6f 6e 6e 65 63 74	.configuration.which.can.connect
f0000	20 74 6f 20 60 60 69 6e 74 65 72 66 61 63 65 60 60 20 6f 6e 20 74 68 69 73 20 72 6f 75 74 65 72	.to.``interface``.on.this.router
f0020	2e 20 54 68 65 20 70 75 62 6c 69 63 20 6b 65 79 20 66 72 6f 6d 20 74 68 65 20 73 70 65 63 69 66	..The.public.key.from.the.specif
f0040	69 65 64 20 69 6e 74 65 72 66 61 63 65 20 69 73 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 65	ied.interface.is.automatically.e
f0060	78 74 72 61 63 74 65 64 20 61 6e 64 20 65 6d 62 65 64 64 65 64 20 69 6e 74 6f 20 74 68 65 20 63	xtracted.and.embedded.into.the.c
f0080	6f 6e 66 69 67 75 72 61 74 69 6f 6e 2e 00 55 73 75 61 6c 6c 79 20 74 68 69 73 20 63 6f 6e 66 69	onfiguration..Usually.this.confi
f00a0	67 75 72 61 74 69 6f 6e 20 69 73 20 75 73 65 64 20 69 6e 20 50 45 73 20 28 50 72 6f 76 69 64 65	guration.is.used.in.PEs.(Provide
f00c0	72 20 45 64 67 65 29 20 74 6f 20 72 65 70 6c 61 63 65 20 74 68 65 20 69 6e 63 6f 6d 69 6e 67 20	r.Edge).to.replace.the.incoming.
f00e0	63 75 73 74 6f 6d 65 72 20 41 53 20 6e 75 6d 62 65 72 20 73 6f 20 74 68 65 20 63 6f 6e 6e 65 63	customer.AS.number.so.the.connec
f0100	74 65 64 20 43 45 20 28 20 43 75 73 74 6f 6d 65 72 20 45 64 67 65 29 20 63 61 6e 20 75 73 65 20	ted.CE.(.Customer.Edge).can.use.
f0120	74 68 65 20 73 61 6d 65 20 41 53 20 6e 75 6d 62 65 72 20 61 73 20 74 68 65 20 6f 74 68 65 72 20	the.same.AS.number.as.the.other.
f0140	63 75 73 74 6f 6d 65 72 20 73 69 74 65 73 2e 20 54 68 69 73 20 61 6c 6c 6f 77 73 20 63 75 73 74	customer.sites..This.allows.cust
f0160	6f 6d 65 72 73 20 6f 66 20 74 68 65 20 70 72 6f 76 69 64 65 72 20 6e 65 74 77 6f 72 6b 20 74 6f	omers.of.the.provider.network.to
f0180	20 75 73 65 20 74 68 65 20 73 61 6d 65 20 41 53 20 6e 75 6d 62 65 72 20 61 63 72 6f 73 73 20 74	.use.the.same.AS.number.across.t
f01a0	68 65 69 72 20 73 69 74 65 73 2e 00 56 48 54 20 28 56 65 72 79 20 48 69 67 68 20 54 68 72 6f 75	heir.sites..VHT.(Very.High.Throu
f01c0	67 68 70 75 74 29 20 63 61 70 61 62 69 6c 69 74 69 65 73 20 28 38 30 32 2e 31 31 61 63 29 00 56	ghput).capabilities.(802.11ac).V
f01e0	48 54 20 6c 69 6e 6b 20 61 64 61 70 74 61 74 69 6f 6e 20 63 61 70 61 62 69 6c 69 74 69 65 73 00	HT.link.adaptation.capabilities.
f0200	56 48 54 20 6f 70 65 72 61 74 69 6e 67 20 63 68 61 6e 6e 65 6c 20 63 65 6e 74 65 72 20 66 72 65	VHT.operating.channel.center.fre
f0220	71 75 65 6e 63 79 20 2d 20 63 65 6e 74 65 72 20 66 72 65 71 20 31 20 28 66 6f 72 20 75 73 65 20	quency.-.center.freq.1.(for.use.
f0240	77 69 74 68 20 38 30 2c 20 38 30 2b 38 30 20 61 6e 64 20 31 36 30 20 6d 6f 64 65 73 29 00 56 48	with.80,.80+80.and.160.modes).VH
f0260	54 20 6f 70 65 72 61 74 69 6e 67 20 63 68 61 6e 6e 65 6c 20 63 65 6e 74 65 72 20 66 72 65 71 75	T.operating.channel.center.frequ
f0280	65 6e 63 79 20 2d 20 63 65 6e 74 65 72 20 66 72 65 71 20 32 20 28 66 6f 72 20 75 73 65 20 77 69	ency.-.center.freq.2.(for.use.wi
f02a0	74 68 20 74 68 65 20 38 30 2b 38 30 20 6d 6f 64 65 29 00 56 4c 41 4e 00 56 4c 41 4e 20 31 30 20	th.the.80+80.mode).VLAN.VLAN.10.
f02c0	6f 6e 20 6d 65 6d 62 65 72 20 69 6e 74 65 72 66 61 63 65 20 60 65 74 68 32 60 20 28 41 43 43 45	on.member.interface.`eth2`.(ACCE
f02e0	53 53 20 6d 6f 64 65 29 00 56 4c 41 4e 20 45 78 61 6d 70 6c 65 00 56 4c 41 4e 20 4f 70 74 69 6f	SS.mode).VLAN.Example.VLAN.Optio
f0300	6e 73 00 56 4c 41 4e 20 6e 61 6d 65 00 56 4c 41 4e 27 73 20 63 61 6e 20 62 65 20 63 72 65 61 74	ns.VLAN.name.VLAN's.can.be.creat
f0320	65 64 20 62 79 20 41 63 63 65 6c 2d 70 70 70 20 6f 6e 20 74 68 65 20 66 6c 79 20 76 69 61 20 74	ed.by.Accel-ppp.on.the.fly.via.t
f0340	68 65 20 75 73 65 20 6f 66 20 61 20 4b 65 72 6e 65 6c 20 6d 6f 64 75 6c 65 20 6e 61 6d 65 64 20	he.use.of.a.Kernel.module.named.
f0360	60 76 6c 61 6e 5f 6d 6f 6e 60 2c 20 77 68 69 63 68 20 69 73 20 6d 6f 6e 69 74 6f 72 69 6e 67 20	`vlan_mon`,.which.is.monitoring.
f0380	69 6e 63 6f 6d 69 6e 67 20 76 6c 61 6e 73 20 61 6e 64 20 63 72 65 61 74 65 73 20 74 68 65 20 6e	incoming.vlans.and.creates.the.n
f03a0	65 63 65 73 73 61 72 79 20 56 4c 41 4e 20 69 66 20 72 65 71 75 69 72 65 64 20 61 6e 64 20 61 6c	ecessary.VLAN.if.required.and.al
f03c0	6c 6f 77 65 64 2e 20 56 79 4f 53 20 73 75 70 70 6f 72 74 73 20 74 68 65 20 75 73 65 20 6f 66 20	lowed..VyOS.supports.the.use.of.
f03e0	65 69 74 68 65 72 20 56 4c 41 4e 20 49 44 27 73 20 6f 72 20 65 6e 74 69 72 65 20 72 61 6e 67 65	either.VLAN.ID's.or.entire.range
f0400	73 2c 20 62 6f 74 68 20 76 61 6c 75 65 73 20 63 61 6e 20 62 65 20 64 65 66 69 6e 65 64 20 61 74	s,.both.values.can.be.defined.at
f0420	20 74 68 65 20 73 61 6d 65 20 74 69 6d 65 20 66 6f 72 20 61 6e 20 69 6e 74 65 72 66 61 63 65 2e	.the.same.time.for.an.interface.
f0440	00 56 4d 77 61 72 65 20 75 73 65 72 73 20 73 68 6f 75 6c 64 20 65 6e 73 75 72 65 20 74 68 61 74	.VMware.users.should.ensure.that
f0460	20 61 20 56 4d 58 4e 45 54 33 20 61 64 61 70 74 65 72 20 69 73 20 75 73 65 64 2e 20 45 31 30 30	.a.VMXNET3.adapter.is.used..E100
f0480	30 20 61 64 61 70 74 65 72 73 20 68 61 76 65 20 6b 6e 6f 77 6e 20 69 73 73 75 65 73 20 77 69 74	0.adapters.have.known.issues.wit
f04a0	68 20 47 52 45 20 70 72 6f 63 65 73 73 69 6e 67 2e 00 56 50 4e 00 56 50 4e 2d 63 6c 69 65 6e 74	h.GRE.processing..VPN.VPN-client
f04c0	73 20 77 69 6c 6c 20 72 65 71 75 65 73 74 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 70 61 72	s.will.request.configuration.par
f04e0	61 6d 65 74 65 72 73 2c 20 6f 70 74 69 6f 6e 61 6c 6c 79 20 79 6f 75 20 63 61 6e 20 44 4e 53 20	ameters,.optionally.you.can.DNS.
f0500	70 61 72 61 6d 65 74 65 72 20 74 6f 20 74 68 65 20 63 6c 69 65 6e 74 2e 00 56 52 46 00 56 52 46	parameter.to.the.client..VRF.VRF
f0520	20 52 6f 75 74 65 20 4c 65 61 6b 69 6e 67 00 56 52 46 20 62 6c 75 65 20 72 6f 75 74 69 6e 67 20	.Route.Leaking.VRF.blue.routing.
f0540	74 61 62 6c 65 00 56 52 46 20 64 65 66 61 75 6c 74 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 00	table.VRF.default.routing.table.
f0560	56 52 46 20 72 65 64 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 00 56 52 46 20 72 6f 75 74 65 20	VRF.red.routing.table.VRF.route.
f0580	6c 65 61 6b 69 6e 67 00 56 52 46 20 74 6f 70 6f 6c 6f 67 79 20 65 78 61 6d 70 6c 65 00 56 52 52	leaking.VRF.topology.example.VRR
f05a0	50 20 28 56 69 72 74 75 61 6c 20 52 6f 75 74 65 72 20 52 65 64 75 6e 64 61 6e 63 79 20 50 72 6f	P.(Virtual.Router.Redundancy.Pro
f05c0	74 6f 63 6f 6c 29 20 70 72 6f 76 69 64 65 73 20 61 63 74 69 76 65 2f 62 61 63 6b 75 70 20 72 65	tocol).provides.active/backup.re
f05e0	64 75 6e 64 61 6e 63 79 20 66 6f 72 20 72 6f 75 74 65 72 73 2e 20 45 76 65 72 79 20 56 52 52 50	dundancy.for.routers..Every.VRRP
f0600	20 72 6f 75 74 65 72 20 68 61 73 20 61 20 70 68 79 73 69 63 61 6c 20 49 50 2f 49 50 76 36 20 61	.router.has.a.physical.IP/IPv6.a
f0620	64 64 72 65 73 73 2c 20 61 6e 64 20 61 20 76 69 72 74 75 61 6c 20 61 64 64 72 65 73 73 2e 20 4f	ddress,.and.a.virtual.address..O
f0640	6e 20 73 74 61 72 74 75 70 2c 20 72 6f 75 74 65 72 73 20 65 6c 65 63 74 20 74 68 65 20 6d 61 73	n.startup,.routers.elect.the.mas
f0660	74 65 72 2c 20 61 6e 64 20 74 68 65 20 72 6f 75 74 65 72 20 77 69 74 68 20 74 68 65 20 68 69 67	ter,.and.the.router.with.the.hig
f0680	68 65 73 74 20 70 72 69 6f 72 69 74 79 20 62 65 63 6f 6d 65 73 20 74 68 65 20 6d 61 73 74 65 72	hest.priority.becomes.the.master
f06a0	20 61 6e 64 20 61 73 73 69 67 6e 73 20 74 68 65 20 76 69 72 74 75 61 6c 20 61 64 64 72 65 73 73	.and.assigns.the.virtual.address
f06c0	20 74 6f 20 69 74 73 20 69 6e 74 65 72 66 61 63 65 2e 20 41 6c 6c 20 72 6f 75 74 65 72 73 20 77	.to.its.interface..All.routers.w
f06e0	69 74 68 20 6c 6f 77 65 72 20 70 72 69 6f 72 69 74 69 65 73 20 62 65 63 6f 6d 65 20 62 61 63 6b	ith.lower.priorities.become.back
f0700	75 70 20 72 6f 75 74 65 72 73 2e 20 54 68 65 20 6d 61 73 74 65 72 20 74 68 65 6e 20 73 74 61 72	up.routers..The.master.then.star
f0720	74 73 20 73 65 6e 64 69 6e 67 20 6b 65 65 70 61 6c 69 76 65 20 70 61 63 6b 65 74 73 20 74 6f 20	ts.sending.keepalive.packets.to.
f0740	6e 6f 74 69 66 79 20 6f 74 68 65 72 20 72 6f 75 74 65 72 73 20 74 68 61 74 20 69 74 27 73 20 61	notify.other.routers.that.it's.a
f0760	76 61 69 6c 61 62 6c 65 2e 20 49 66 20 74 68 65 20 6d 61 73 74 65 72 20 66 61 69 6c 73 20 61 6e	vailable..If.the.master.fails.an
f0780	64 20 73 74 6f 70 73 20 73 65 6e 64 69 6e 67 20 6b 65 65 70 61 6c 69 76 65 20 70 61 63 6b 65 74	d.stops.sending.keepalive.packet
f07a0	73 2c 20 74 68 65 20 72 6f 75 74 65 72 20 77 69 74 68 20 74 68 65 20 6e 65 78 74 20 68 69 67 68	s,.the.router.with.the.next.high
f07c0	65 73 74 20 70 72 69 6f 72 69 74 79 20 62 65 63 6f 6d 65 73 20 74 68 65 20 6e 65 77 20 6d 61 73	est.priority.becomes.the.new.mas
f07e0	74 65 72 20 61 6e 64 20 74 61 6b 65 73 20 6f 76 65 72 20 74 68 65 20 76 69 72 74 75 61 6c 20 61	ter.and.takes.over.the.virtual.a
f0800	64 64 72 65 73 73 2e 00 56 52 52 50 20 63 61 6e 20 75 73 65 20 74 77 6f 20 6d 6f 64 65 73 3a 20	ddress..VRRP.can.use.two.modes:.
f0820	70 72 65 65 6d 70 74 69 76 65 20 61 6e 64 20 6e 6f 6e 2d 70 72 65 65 6d 70 74 69 76 65 2e 20 49	preemptive.and.non-preemptive..I
f0840	6e 20 74 68 65 20 70 72 65 65 6d 70 74 69 76 65 20 6d 6f 64 65 2c 20 69 66 20 61 20 72 6f 75 74	n.the.preemptive.mode,.if.a.rout
f0860	65 72 20 77 69 74 68 20 61 20 68 69 67 68 65 72 20 70 72 69 6f 72 69 74 79 20 66 61 69 6c 73 20	er.with.a.higher.priority.fails.
f0880	61 6e 64 20 74 68 65 6e 20 63 6f 6d 65 73 20 62 61 63 6b 2c 20 72 6f 75 74 65 72 73 20 77 69 74	and.then.comes.back,.routers.wit
f08a0	68 20 6c 6f 77 65 72 20 70 72 69 6f 72 69 74 79 20 77 69 6c 6c 20 67 69 76 65 20 75 70 20 74 68	h.lower.priority.will.give.up.th
f08c0	65 69 72 20 6d 61 73 74 65 72 20 73 74 61 74 75 73 2e 20 49 6e 20 6e 6f 6e 2d 70 72 65 65 6d 70	eir.master.status..In.non-preemp
f08e0	74 69 76 65 20 6d 6f 64 65 2c 20 74 68 65 20 6e 65 77 6c 79 20 65 6c 65 63 74 65 64 20 6d 61 73	tive.mode,.the.newly.elected.mas
f0900	74 65 72 20 77 69 6c 6c 20 6b 65 65 70 20 74 68 65 20 6d 61 73 74 65 72 20 73 74 61 74 75 73 20	ter.will.keep.the.master.status.
f0920	61 6e 64 20 74 68 65 20 76 69 72 74 75 61 6c 20 61 64 64 72 65 73 73 20 69 6e 64 65 66 69 6e 69	and.the.virtual.address.indefini
f0940	74 65 6c 79 2e 00 56 52 52 50 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79 20 63 61 6e 20 62 65 20	tely..VRRP.functionality.can.be.
f0960	65 78 74 65 6e 64 65 64 20 77 69 74 68 20 73 63 72 69 70 74 73 2e 20 56 79 4f 53 20 73 75 70 70	extended.with.scripts..VyOS.supp
f0980	6f 72 74 73 20 74 77 6f 20 6b 69 6e 64 73 20 6f 66 20 73 63 72 69 70 74 73 3a 20 68 65 61 6c 74	orts.two.kinds.of.scripts:.healt
f09a0	68 20 63 68 65 63 6b 20 73 63 72 69 70 74 73 20 61 6e 64 20 74 72 61 6e 73 69 74 69 6f 6e 20 73	h.check.scripts.and.transition.s
f09c0	63 72 69 70 74 73 2e 20 48 65 61 6c 74 68 20 63 68 65 63 6b 20 73 63 72 69 70 74 73 20 65 78 65	cripts..Health.check.scripts.exe
f09e0	63 75 74 65 20 63 75 73 74 6f 6d 20 63 68 65 63 6b 73 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74	cute.custom.checks.in.addition.t
f0a00	6f 20 74 68 65 20 6d 61 73 74 65 72 20 72 6f 75 74 65 72 20 72 65 61 63 68 61 62 69 6c 69 74 79	o.the.master.router.reachability
f0a20	2e 20 54 72 61 6e 73 69 74 69 6f 6e 20 73 63 72 69 70 74 73 20 61 72 65 20 65 78 65 63 75 74 65	..Transition.scripts.are.execute
f0a40	64 20 77 68 65 6e 20 56 52 52 50 20 73 74 61 74 65 20 63 68 61 6e 67 65 73 20 66 72 6f 6d 20 6d	d.when.VRRP.state.changes.from.m
f0a60	61 73 74 65 72 20 74 6f 20 62 61 63 6b 75 70 20 6f 72 20 66 61 75 6c 74 20 61 6e 64 20 76 69 63	aster.to.backup.or.fault.and.vic
f0a80	65 20 76 65 72 73 61 20 61 6e 64 20 63 61 6e 20 62 65 20 75 73 65 64 20 74 6f 20 65 6e 61 62 6c	e.versa.and.can.be.used.to.enabl
f0aa0	65 20 6f 72 20 64 69 73 61 62 6c 65 20 63 65 72 74 61 69 6e 20 73 65 72 76 69 63 65 73 2c 20 66	e.or.disable.certain.services,.f
f0ac0	6f 72 20 65 78 61 6d 70 6c 65 2e 00 56 52 52 50 20 67 72 6f 75 70 73 20 61 72 65 20 63 72 65 61	or.example..VRRP.groups.are.crea
f0ae0	74 65 64 20 77 69 74 68 20 74 68 65 20 60 60 73 65 74 20 68 69 67 68 2d 61 76 61 69 6c 61 62 69	ted.with.the.``set.high-availabi
f0b00	6c 69 74 79 20 76 72 72 70 20 67 72 6f 75 70 20 24 47 52 4f 55 50 5f 4e 41 4d 45 60 60 20 63 6f	lity.vrrp.group.$GROUP_NAME``.co
f0b20	6d 6d 61 6e 64 73 2e 20 54 68 65 20 72 65 71 75 69 72 65 64 20 70 61 72 61 6d 65 74 65 72 73 20	mmands..The.required.parameters.
f0b40	61 72 65 20 69 6e 74 65 72 66 61 63 65 2c 20 76 72 69 64 2c 20 61 6e 64 20 61 64 64 72 65 73 73	are.interface,.vrid,.and.address
f0b60	2e 00 56 52 52 50 20 6b 65 65 70 61 6c 69 76 65 20 70 61 63 6b 65 74 73 20 75 73 65 20 6d 75 6c	..VRRP.keepalive.packets.use.mul
f0b80	74 69 63 61 73 74 2c 20 61 6e 64 20 56 52 52 50 20 73 65 74 75 70 73 20 61 72 65 20 6c 69 6d 69	ticast,.and.VRRP.setups.are.limi
f0ba0	74 65 64 20 74 6f 20 61 20 73 69 6e 67 6c 65 20 64 61 74 61 6c 69 6e 6b 20 6c 61 79 65 72 20 73	ted.to.a.single.datalink.layer.s
f0bc0	65 67 6d 65 6e 74 2e 20 59 6f 75 20 63 61 6e 20 73 65 74 75 70 20 6d 75 6c 74 69 70 6c 65 20 56	egment..You.can.setup.multiple.V
f0be0	52 52 50 20 67 72 6f 75 70 73 20 28 61 6c 73 6f 20 63 61 6c 6c 65 64 20 76 69 72 74 75 61 6c 20	RRP.groups.(also.called.virtual.
f0c00	72 6f 75 74 65 72 73 29 2e 20 56 69 72 74 75 61 6c 20 72 6f 75 74 65 72 73 20 61 72 65 20 69 64	routers)..Virtual.routers.are.id
f0c20	65 6e 74 69 66 69 65 64 20 62 79 20 61 20 56 52 49 44 20 28 56 69 72 74 75 61 6c 20 52 6f 75 74	entified.by.a.VRID.(Virtual.Rout
f0c40	65 72 20 49 44 65 6e 74 69 66 69 65 72 29 2e 20 49 66 20 79 6f 75 20 73 65 74 75 70 20 6d 75 6c	er.IDentifier)..If.you.setup.mul
f0c60	74 69 70 6c 65 20 67 72 6f 75 70 73 20 6f 6e 20 74 68 65 20 73 61 6d 65 20 69 6e 74 65 72 66 61	tiple.groups.on.the.same.interfa
f0c80	63 65 2c 20 74 68 65 69 72 20 56 52 49 44 73 20 6d 75 73 74 20 62 65 20 75 6e 69 71 75 65 20 69	ce,.their.VRIDs.must.be.unique.i
f0ca0	66 20 74 68 65 79 20 75 73 65 20 74 68 65 20 73 61 6d 65 20 61 64 64 72 65 73 73 20 66 61 6d 69	f.they.use.the.same.address.fami
f0cc0	6c 79 2c 20 62 75 74 20 69 74 27 73 20 70 6f 73 73 69 62 6c 65 20 28 65 76 65 6e 20 69 66 20 6e	ly,.but.it's.possible.(even.if.n
f0ce0	6f 74 20 72 65 63 6f 6d 6d 65 6e 64 65 64 20 66 6f 72 20 72 65 61 64 61 62 69 6c 69 74 79 20 72	ot.recommended.for.readability.r
f0d00	65 61 73 6f 6e 73 29 20 74 6f 20 75 73 65 20 64 75 70 6c 69 63 61 74 65 20 56 52 49 44 73 20 6f	easons).to.use.duplicate.VRIDs.o
f0d20	6e 20 64 69 66 66 65 72 65 6e 74 20 69 6e 74 65 72 66 61 63 65 73 2e 00 56 52 52 50 20 70 72 69	n.different.interfaces..VRRP.pri
f0d40	6f 72 69 74 79 20 63 61 6e 20 62 65 20 73 65 74 20 77 69 74 68 20 60 60 70 72 69 6f 72 69 74 79	ority.can.be.set.with.``priority
f0d60	60 60 20 6f 70 74 69 6f 6e 3a 00 56 54 49 20 2d 20 56 69 72 74 75 61 6c 20 54 75 6e 6e 65 6c 20	``.option:.VTI.-.Virtual.Tunnel.
f0d80	49 6e 74 65 72 66 61 63 65 00 56 58 4c 41 4e 00 56 58 4c 41 4e 20 69 73 20 61 6e 20 65 76 6f 6c	Interface.VXLAN.VXLAN.is.an.evol
f0da0	75 74 69 6f 6e 20 6f 66 20 65 66 66 6f 72 74 73 20 74 6f 20 73 74 61 6e 64 61 72 64 69 7a 65 20	ution.of.efforts.to.standardize.
f0dc0	61 6e 20 6f 76 65 72 6c 61 79 20 65 6e 63 61 70 73 75 6c 61 74 69 6f 6e 20 70 72 6f 74 6f 63 6f	an.overlay.encapsulation.protoco
f0de0	6c 2e 20 49 74 20 69 6e 63 72 65 61 73 65 73 20 74 68 65 20 73 63 61 6c 61 62 69 6c 69 74 79 20	l..It.increases.the.scalability.
f0e00	75 70 20 74 6f 20 31 36 20 6d 69 6c 6c 69 6f 6e 20 6c 6f 67 69 63 61 6c 20 6e 65 74 77 6f 72 6b	up.to.16.million.logical.network
f0e20	73 20 61 6e 64 20 61 6c 6c 6f 77 73 20 66 6f 72 20 6c 61 79 65 72 20 32 20 61 64 6a 61 63 65 6e	s.and.allows.for.layer.2.adjacen
f0e40	63 79 20 61 63 72 6f 73 73 20 49 50 20 6e 65 74 77 6f 72 6b 73 2e 20 4d 75 6c 74 69 63 61 73 74	cy.across.IP.networks..Multicast
f0e60	20 6f 72 20 75 6e 69 63 61 73 74 20 77 69 74 68 20 68 65 61 64 2d 65 6e 64 20 72 65 70 6c 69 63	.or.unicast.with.head-end.replic
f0e80	61 74 69 6f 6e 20 28 48 45 52 29 20 69 73 20 75 73 65 64 20 74 6f 20 66 6c 6f 6f 64 20 62 72 6f	ation.(HER).is.used.to.flood.bro
f0ea0	61 64 63 61 73 74 2c 20 75 6e 6b 6e 6f 77 6e 20 75 6e 69 63 61 73 74 2c 20 61 6e 64 20 6d 75 6c	adcast,.unknown.unicast,.and.mul
f0ec0	74 69 63 61 73 74 20 28 42 55 4d 29 20 74 72 61 66 66 69 63 2e 00 56 58 4c 41 4e 20 73 70 65 63	ticast.(BUM).traffic..VXLAN.spec
f0ee0	69 66 69 63 20 6f 70 74 69 6f 6e 73 00 56 58 4c 41 4e 20 77 61 73 20 6f 66 66 69 63 69 61 6c 6c	ific.options.VXLAN.was.officiall
f0f00	79 20 64 6f 63 75 6d 65 6e 74 65 64 20 62 79 20 74 68 65 20 49 45 54 46 20 69 6e 20 3a 72 66 63	y.documented.by.the.IETF.in.:rfc
f0f20	3a 60 37 33 34 38 60 2e 00 56 61 6c 69 64 20 76 61 6c 75 65 73 20 61 72 65 20 30 2e 2e 32 35 35	:`7348`..Valid.values.are.0..255
f0f40	2e 00 56 61 6c 75 65 00 56 61 6c 75 65 20 74 6f 20 73 65 6e 64 20 74 6f 20 52 41 44 49 55 53 20	..Value.Value.to.send.to.RADIUS.
f0f60	73 65 72 76 65 72 20 69 6e 20 4e 41 53 2d 49 50 2d 41 64 64 72 65 73 73 20 61 74 74 72 69 62 75	server.in.NAS-IP-Address.attribu
f0f80	74 65 20 61 6e 64 20 74 6f 20 62 65 20 6d 61 74 63 68 65 64 20 69 6e 20 44 4d 2f 43 6f 41 20 72	te.and.to.be.matched.in.DM/CoA.r
f0fa0	65 71 75 65 73 74 73 2e 20 41 6c 73 6f 20 44 4d 2f 43 6f 41 20 73 65 72 76 65 72 20 77 69 6c 6c	equests..Also.DM/CoA.server.will
f0fc0	20 62 69 6e 64 20 74 6f 20 74 68 61 74 20 61 64 64 72 65 73 73 2e 00 56 61 6c 75 65 20 74 6f 20	.bind.to.that.address..Value.to.
f0fe0	73 65 6e 64 20 74 6f 20 52 41 44 49 55 53 20 73 65 72 76 65 72 20 69 6e 20 4e 41 53 2d 49 64 65	send.to.RADIUS.server.in.NAS-Ide
f1000	6e 74 69 66 69 65 72 20 61 74 74 72 69 62 75 74 65 20 61 6e 64 20 74 6f 20 62 65 20 6d 61 74 63	ntifier.attribute.and.to.be.matc
f1020	68 65 64 20 69 6e 20 44 4d 2f 43 6f 41 20 72 65 71 75 65 73 74 73 2e 00 56 65 72 69 66 69 63 61	hed.in.DM/CoA.requests..Verifica
f1040	74 69 6f 6e 00 56 65 72 73 69 6f 6e 00 56 69 72 74 75 61 6c 20 45 74 68 65 72 6e 65 74 00 56 69	tion.Version.Virtual.Ethernet.Vi
f1060	72 74 75 61 6c 20 53 65 72 76 65 72 20 61 6c 6c 6f 77 73 20 74 6f 20 4c 6f 61 64 2d 62 61 6c 61	rtual.Server.allows.to.Load-bala
f1080	6e 63 65 20 74 72 61 66 66 69 63 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 76 69 72 74 75 61 6c 2d	nce.traffic.destination.virtual-
f10a0	61 64 64 72 65 73 73 3a 70 6f 72 74 20 62 65 74 77 65 65 6e 20 73 65 76 65 72 61 6c 20 72 65 61	address:port.between.several.rea
f10c0	6c 20 73 65 72 76 65 72 73 2e 00 56 69 72 74 75 61 6c 2d 73 65 72 76 65 72 00 56 69 72 74 75 61	l.servers..Virtual-server.Virtua
f10e0	6c 2d 73 65 72 76 65 72 20 63 61 6e 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 77 69 74 68 20	l-server.can.be.configured.with.
f1100	56 52 52 50 20 76 69 72 74 75 61 6c 20 61 64 64 72 65 73 73 20 6f 72 20 77 69 74 68 6f 75 74 20	VRRP.virtual.address.or.without.
f1120	56 52 52 50 2e 00 56 6f 6c 75 6d 65 20 69 73 20 65 69 74 68 65 72 20 6d 6f 75 6e 74 65 64 20 61	VRRP..Volume.is.either.mounted.a
f1140	73 20 72 77 20 28 72 65 61 64 2d 77 72 69 74 65 20 2d 20 64 65 66 61 75 6c 74 29 20 6f 72 20 72	s.rw.(read-write.-.default).or.r
f1160	6f 20 28 72 65 61 64 2d 6f 6e 6c 79 29 00 56 79 4f 53 20 31 2e 31 20 73 75 70 70 6f 72 74 65 64	o.(read-only).VyOS.1.1.supported
f1180	20 6c 6f 67 69 6e 20 61 73 20 75 73 65 72 20 60 60 72 6f 6f 74 60 60 2e 20 54 68 69 73 20 68 61	.login.as.user.``root``..This.ha
f11a0	73 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 20 64 75 65 20 74 6f 20 74 69 67 68 74 65 72 20 73 65	s.been.removed.due.to.tighter.se
f11c0	63 75 72 69 74 79 20 69 6e 20 56 79 4f 53 20 31 2e 32 2e 00 56 79 4f 53 20 31 2e 33 20 28 65 71	curity.in.VyOS.1.2..VyOS.1.3.(eq
f11e0	75 75 6c 65 75 73 29 20 73 75 70 70 6f 72 74 73 20 44 48 43 50 76 36 2d 50 44 20 28 3a 72 66 63	uuleus).supports.DHCPv6-PD.(:rfc
f1200	3a 60 33 36 33 33 60 29 2e 20 44 48 43 50 76 36 20 50 72 65 66 69 78 20 44 65 6c 65 67 61 74 69	:`3633`)..DHCPv6.Prefix.Delegati
f1220	6f 6e 20 69 73 20 73 75 70 70 6f 72 74 65 64 20 62 79 20 6d 6f 73 74 20 49 53 50 73 20 77 68 6f	on.is.supported.by.most.ISPs.who
f1240	20 70 72 6f 76 69 64 65 20 6e 61 74 69 76 65 20 49 50 76 36 20 66 6f 72 20 63 6f 6e 73 75 6d 65	.provide.native.IPv6.for.consume
f1260	72 73 20 6f 6e 20 66 69 78 65 64 20 6e 65 74 77 6f 72 6b 73 2e 00 56 79 4f 53 20 31 2e 34 20 28	rs.on.fixed.networks..VyOS.1.4.(
f1280	73 61 67 69 74 74 61 29 20 69 6e 74 72 6f 64 75 63 65 64 20 64 79 6e 61 6d 69 63 20 72 6f 75 74	sagitta).introduced.dynamic.rout
f12a0	69 6e 67 20 73 75 70 70 6f 72 74 20 66 6f 72 20 56 52 46 73 2e 00 56 79 4f 53 20 31 2e 34 20 63	ing.support.for.VRFs..VyOS.1.4.c
f12c0	68 61 6e 67 65 64 20 74 68 65 20 77 61 79 20 69 6e 20 68 6f 77 20 65 6e 63 72 79 74 69 6f 6e 20	hanged.the.way.in.how.encrytion.
f12e0	6b 65 79 73 20 6f 72 20 63 65 72 74 69 66 69 63 61 74 65 73 20 61 72 65 20 73 74 6f 72 65 64 20	keys.or.certificates.are.stored.
f1300	6f 6e 20 74 68 65 20 73 79 73 74 65 6d 2e 20 49 6e 20 74 68 65 20 70 72 65 20 56 79 4f 53 20 31	on.the.system..In.the.pre.VyOS.1
f1320	2e 34 20 65 72 61 2c 20 63 65 72 74 69 66 69 63 61 74 65 73 20 67 6f 74 20 73 74 6f 72 65 64 20	.4.era,.certificates.got.stored.
f1340	75 6e 64 65 72 20 2f 63 6f 6e 66 69 67 20 61 6e 64 20 65 76 65 72 79 20 73 65 72 76 69 63 65 20	under./config.and.every.service.
f1360	72 65 66 65 72 65 6e 63 65 64 20 61 20 66 69 6c 65 2e 20 54 68 61 74 20 6d 61 64 65 20 63 6f 70	referenced.a.file..That.made.cop
f1380	79 69 6e 67 20 61 20 72 75 6e 6e 69 6e 67 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 66 72 6f	ying.a.running.configuration.fro
f13a0	6d 20 73 79 73 74 65 6d 20 41 20 74 6f 20 73 79 73 74 65 6d 20 42 20 61 20 62 69 74 20 68 61 72	m.system.A.to.system.B.a.bit.har
f13c0	64 65 72 2c 20 61 73 20 79 6f 75 20 68 61 64 20 74 6f 20 63 6f 70 79 20 74 68 65 20 66 69 6c 65	der,.as.you.had.to.copy.the.file
f13e0	73 20 61 6e 64 20 74 68 65 69 72 20 70 65 72 6d 69 73 73 69 6f 6e 73 20 62 79 20 68 61 6e 64 2e	s.and.their.permissions.by.hand.
f1400	00 56 79 4f 53 20 31 2e 34 20 75 73 65 73 20 63 68 72 6f 6e 79 20 69 6e 73 74 65 61 64 20 6f 66	.VyOS.1.4.uses.chrony.instead.of
f1420	20 6e 74 70 64 20 28 73 65 65 20 3a 76 79 74 61 73 6b 3a 60 54 33 30 30 38 60 29 20 77 68 69 63	.ntpd.(see.:vytask:`T3008`).whic
f1440	68 20 77 69 6c 6c 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 63 63 65 70 74 20 61 6e 6f 6e 79 6d 6f 75	h.will.no.longer.accept.anonymou
f1460	73 20 4e 54 50 20 72 65 71 75 65 73 74 73 20 61 73 20 69 6e 20 56 79 4f 53 20 31 2e 33 2e 20 41	s.NTP.requests.as.in.VyOS.1.3..A
f1480	6c 6c 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 73 20 77 69 6c 6c 20 62 65 20 6d 69 67 72 61 74	ll.configurations.will.be.migrat
f14a0	65 64 20 74 6f 20 6b 65 65 70 20 74 68 65 20 61 6e 6f 6e 79 6d 6f 75 73 20 66 75 6e 63 74 69 6f	ed.to.keep.the.anonymous.functio
f14c0	6e 61 6c 69 74 79 2e 20 46 6f 72 20 6e 65 77 20 73 65 74 75 70 73 20 69 66 20 79 6f 75 20 68 61	nality..For.new.setups.if.you.ha
f14e0	76 65 20 63 6c 69 65 6e 74 73 20 75 73 69 6e 67 20 79 6f 75 72 20 56 79 4f 53 20 69 6e 73 74 61	ve.clients.using.your.VyOS.insta
f1500	6c 6c 61 74 69 6f 6e 20 61 73 20 4e 54 50 20 73 65 72 76 65 72 2c 20 79 6f 75 20 6d 75 73 74 20	llation.as.NTP.server,.you.must.
f1520	73 70 65 63 69 66 79 20 74 68 65 20 60 61 6c 6c 6f 77 2d 63 6c 69 65 6e 74 60 20 64 69 72 65 63	specify.the.`allow-client`.direc
f1540	74 69 76 65 2e 00 56 79 4f 53 20 41 72 69 73 74 61 20 45 4f 53 20 73 65 74 75 70 00 56 79 4f 53	tive..VyOS.Arista.EOS.setup.VyOS
f1560	20 45 53 50 20 67 72 6f 75 70 20 68 61 73 20 74 68 65 20 6e 65 78 74 20 6f 70 74 69 6f 6e 73 3a	.ESP.group.has.the.next.options:
f1580	00 56 79 4f 53 20 46 69 65 6c 64 00 56 79 4f 53 20 49 4b 45 20 67 72 6f 75 70 20 68 61 73 20 74	.VyOS.Field.VyOS.IKE.group.has.t
f15a0	68 65 20 6e 65 78 74 20 6f 70 74 69 6f 6e 73 3a 00 56 79 4f 53 20 4d 49 42 73 00 56 79 4f 53 20	he.next.options:.VyOS.MIBs.VyOS.
f15c0	4e 41 54 36 36 20 53 69 6d 70 6c 65 20 43 6f 6e 66 69 67 75 72 65 00 56 79 4f 53 20 4e 65 74 77	NAT66.Simple.Configure.VyOS.Netw
f15e0	6f 72 6b 20 45 6d 75 6c 61 74 6f 72 20 70 6f 6c 69 63 79 20 65 6d 75 6c 61 74 65 73 20 74 68 65	ork.Emulator.policy.emulates.the
f1600	20 63 6f 6e 64 69 74 69 6f 6e 73 20 79 6f 75 20 63 61 6e 20 73 75 66 66 65 72 20 69 6e 20 61 20	.conditions.you.can.suffer.in.a.
f1620	72 65 61 6c 20 6e 65 74 77 6f 72 6b 2e 20 59 6f 75 20 77 69 6c 6c 20 62 65 20 61 62 6c 65 20 74	real.network..You.will.be.able.t
f1640	6f 20 63 6f 6e 66 69 67 75 72 65 20 74 68 69 6e 67 73 20 6c 69 6b 65 20 72 61 74 65 2c 20 62 75	o.configure.things.like.rate,.bu
f1660	72 73 74 2c 20 64 65 6c 61 79 2c 20 70 61 63 6b 65 74 20 6c 6f 73 73 2c 20 70 61 63 6b 65 74 20	rst,.delay,.packet.loss,.packet.
f1680	63 6f 72 72 75 70 74 69 6f 6e 20 6f 72 20 70 61 63 6b 65 74 20 72 65 6f 72 64 65 72 69 6e 67 2e	corruption.or.packet.reordering.
f16a0	00 56 79 4f 53 20 4f 70 74 69 6f 6e 00 56 79 4f 53 20 50 6f 6c 69 63 79 2d 42 61 73 65 64 20 52	.VyOS.Option.VyOS.Policy-Based.R
f16c0	6f 75 74 69 6e 67 20 28 50 42 52 29 20 77 6f 72 6b 73 20 62 79 20 6d 61 74 63 68 69 6e 67 20 73	outing.(PBR).works.by.matching.s
f16e0	6f 75 72 63 65 20 49 50 20 61 64 64 72 65 73 73 20 72 61 6e 67 65 73 20 61 6e 64 20 66 6f 72 77	ource.IP.address.ranges.and.forw
f1700	61 72 64 69 6e 67 20 74 68 65 20 74 72 61 66 66 69 63 20 75 73 69 6e 67 20 64 69 66 66 65 72 65	arding.the.traffic.using.differe
f1720	6e 74 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 73 2e 00 56 79 4f 53 20 53 4e 4d 50 20 73 75 70	nt.routing.tables..VyOS.SNMP.sup
f1740	70 6f 72 74 73 20 62 6f 74 68 20 49 50 76 34 20 61 6e 64 20 49 50 76 36 2e 00 56 79 4f 53 20 61	ports.both.IPv4.and.IPv6..VyOS.a
f1760	6c 73 6f 20 63 6f 6d 65 73 20 77 69 74 68 20 61 20 62 75 69 6c 64 20 69 6e 20 53 53 54 50 20 73	lso.comes.with.a.build.in.SSTP.s
f1780	65 72 76 65 72 2c 20 73 65 65 20 3a 72 65 66 3a 60 73 73 74 70 60 2e 00 56 79 4f 53 20 61 6c 73	erver,.see.:ref:`sstp`..VyOS.als
f17a0	6f 20 70 72 6f 76 69 64 65 73 20 44 48 43 50 76 36 20 73 65 72 76 65 72 20 66 75 6e 63 74 69 6f	o.provides.DHCPv6.server.functio
f17c0	6e 61 6c 69 74 79 20 77 68 69 63 68 20 69 73 20 64 65 73 63 72 69 62 65 64 20 69 6e 20 74 68 69	nality.which.is.described.in.thi
f17e0	73 20 73 65 63 74 69 6f 6e 2e 00 56 79 4f 53 20 63 61 6e 20 61 6c 73 6f 20 72 75 6e 20 69 6e 20	s.section..VyOS.can.also.run.in.
f1800	44 4d 56 50 4e 20 73 70 6f 6b 65 20 6d 6f 64 65 2e 00 56 79 4f 53 20 63 61 6e 20 62 65 20 63 6f	DMVPN.spoke.mode..VyOS.can.be.co
f1820	6e 66 69 67 75 72 65 64 20 74 6f 20 74 72 61 63 6b 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 75 73	nfigured.to.track.connections.us
f1840	69 6e 67 20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 74 72 61 63 6b 69 6e 67 20 73 75 62 73	ing.the.connection.tracking.subs
f1860	79 73 74 65 6d 2e 20 43 6f 6e 6e 65 63 74 69 6f 6e 20 74 72 61 63 6b 69 6e 67 20 62 65 63 6f 6d	ystem..Connection.tracking.becom
f1880	65 73 20 6f 70 65 72 61 74 69 6f 6e 61 6c 20 6f 6e 63 65 20 65 69 74 68 65 72 20 73 74 61 74 65	es.operational.once.either.state
f18a0	66 75 6c 20 66 69 72 65 77 61 6c 6c 20 6f 72 20 4e 41 54 20 69 73 20 63 6f 6e 66 69 67 75 72 65	ful.firewall.or.NAT.is.configure
f18c0	64 2e 00 56 79 4f 53 20 63 61 6e 20 6e 6f 74 20 6f 6e 6c 79 20 61 63 74 20 61 73 20 61 6e 20 4f	d..VyOS.can.not.only.act.as.an.O
f18e0	70 65 6e 56 50 4e 20 73 69 74 65 2d 74 6f 2d 73 69 74 65 20 6f 72 20 73 65 72 76 65 72 20 66 6f	penVPN.site-to-site.or.server.fo
f1900	72 20 6d 75 6c 74 69 70 6c 65 20 63 6c 69 65 6e 74 73 2e 20 59 6f 75 20 63 61 6e 20 69 6e 64 65	r.multiple.clients..You.can.inde
f1920	65 64 20 61 6c 73 6f 20 63 6f 6e 66 69 67 75 72 65 20 61 6e 79 20 56 79 4f 53 20 4f 70 65 6e 56	ed.also.configure.any.VyOS.OpenV
f1940	50 4e 20 69 6e 74 65 72 66 61 63 65 20 61 73 20 61 6e 20 4f 70 65 6e 56 50 4e 20 63 6c 69 65 6e	PN.interface.as.an.OpenVPN.clien
f1960	74 20 63 6f 6e 6e 65 63 74 69 6e 67 20 74 6f 20 61 20 56 79 4f 53 20 4f 70 65 6e 56 50 4e 20 73	t.connecting.to.a.VyOS.OpenVPN.s
f1980	65 72 76 65 72 20 6f 72 20 61 6e 79 20 6f 74 68 65 72 20 4f 70 65 6e 56 50 4e 20 73 65 72 76 65	erver.or.any.other.OpenVPN.serve
f19a0	72 2e 00 56 79 4f 53 20 64 65 66 61 75 6c 74 20 77 69 6c 6c 20 62 65 20 60 61 75 74 6f 60 2e 00	r..VyOS.default.will.be.`auto`..
f19c0	56 79 4f 53 20 64 6f 65 73 20 6e 6f 74 20 68 61 76 65 20 61 20 73 70 65 63 69 61 6c 20 63 6f 6d	VyOS.does.not.have.a.special.com
f19e0	6d 61 6e 64 20 74 6f 20 73 74 61 72 74 20 74 68 65 20 42 61 62 65 6c 20 70 72 6f 63 65 73 73 2e	mand.to.start.the.Babel.process.
f1a00	20 54 68 65 20 42 61 62 65 6c 20 70 72 6f 63 65 73 73 20 73 74 61 72 74 73 20 77 68 65 6e 20 74	.The.Babel.process.starts.when.t
f1a20	68 65 20 66 69 72 73 74 20 42 61 62 65 6c 20 65 6e 61 62 6c 65 64 20 69 6e 74 65 72 66 61 63 65	he.first.Babel.enabled.interface
f1a40	20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 2e 00 56 79 4f 53 20 64 6f 65 73 20 6e 6f 74 20 68 61	.is.configured..VyOS.does.not.ha
f1a60	76 65 20 61 20 73 70 65 63 69 61 6c 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 73 74 61 72 74 20 74 68	ve.a.special.command.to.start.th
f1a80	65 20 4f 53 50 46 20 70 72 6f 63 65 73 73 2e 20 54 68 65 20 4f 53 50 46 20 70 72 6f 63 65 73 73	e.OSPF.process..The.OSPF.process
f1aa0	20 73 74 61 72 74 73 20 77 68 65 6e 20 74 68 65 20 66 69 72 73 74 20 6f 73 70 66 20 65 6e 61 62	.starts.when.the.first.ospf.enab
f1ac0	6c 65 64 20 69 6e 74 65 72 66 61 63 65 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 2e 00 56 79 4f	led.interface.is.configured..VyO
f1ae0	53 20 64 6f 65 73 20 6e 6f 74 20 68 61 76 65 20 61 20 73 70 65 63 69 61 6c 20 63 6f 6d 6d 61 6e	S.does.not.have.a.special.comman
f1b00	64 20 74 6f 20 73 74 61 72 74 20 74 68 65 20 4f 53 50 46 76 33 20 70 72 6f 63 65 73 73 2e 20 54	d.to.start.the.OSPFv3.process..T
f1b20	68 65 20 4f 53 50 46 76 33 20 70 72 6f 63 65 73 73 20 73 74 61 72 74 73 20 77 68 65 6e 20 74 68	he.OSPFv3.process.starts.when.th
f1b40	65 20 66 69 72 73 74 20 6f 73 70 66 20 65 6e 61 62 6c 65 64 20 69 6e 74 65 72 66 61 63 65 20 69	e.first.ospf.enabled.interface.i
f1b60	73 20 63 6f 6e 66 69 67 75 72 65 64 2e 00 56 79 4f 53 20 66 61 63 69 6c 69 74 61 74 65 73 20 49	s.configured..VyOS.facilitates.I
f1b80	50 20 4d 75 6c 74 69 63 61 73 74 20 62 79 20 73 75 70 70 6f 72 74 69 6e 67 20 2a 2a 50 49 4d 20	P.Multicast.by.supporting.**PIM.
f1ba0	53 70 61 72 73 65 20 4d 6f 64 65 2a 2a 2c 20 2a 2a 49 47 4d 50 2a 2a 20 61 6e 64 20 2a 2a 49 47	Sparse.Mode**,.**IGMP**.and.**IG
f1bc0	4d 50 2d 50 72 6f 78 79 2a 2a 2e 00 56 79 4f 53 20 66 61 63 69 6c 69 74 61 74 65 73 20 49 50 76	MP-Proxy**..VyOS.facilitates.IPv
f1be0	36 20 4d 75 6c 74 69 63 61 73 74 20 62 79 20 73 75 70 70 6f 72 74 69 6e 67 20 2a 2a 50 49 4d 76	6.Multicast.by.supporting.**PIMv
f1c00	36 2a 2a 20 61 6e 64 20 2a 2a 4d 4c 44 2a 2a 2e 00 56 79 4f 53 20 69 73 20 61 62 6c 65 20 74 6f	6**.and.**MLD**..VyOS.is.able.to
f1c20	20 75 70 64 61 74 65 20 61 20 72 65 6d 6f 74 65 20 44 4e 53 20 72 65 63 6f 72 64 20 77 68 65 6e	.update.a.remote.DNS.record.when
f1c40	20 61 6e 20 69 6e 74 65 72 66 61 63 65 20 67 65 74 73 20 61 20 6e 65 77 20 49 50 20 61 64 64 72	.an.interface.gets.a.new.IP.addr
f1c60	65 73 73 2e 20 49 6e 20 6f 72 64 65 72 20 74 6f 20 64 6f 20 73 6f 2c 20 56 79 4f 53 20 69 6e 63	ess..In.order.to.do.so,.VyOS.inc
f1c80	6c 75 64 65 73 20 64 64 63 6c 69 65 6e 74 5f 2c 20 61 20 50 65 72 6c 20 73 63 72 69 70 74 20 77	ludes.ddclient_,.a.Perl.script.w
f1ca0	72 69 74 74 65 6e 20 66 6f 72 20 74 68 69 73 20 6f 6e 6c 79 20 6f 6e 65 20 70 75 72 70 6f 73 65	ritten.for.this.only.one.purpose
f1cc0	2e 00 56 79 4f 53 20 69 73 20 61 6c 73 6f 20 61 62 6c 65 20 74 6f 20 75 73 65 20 61 6e 79 20 73	..VyOS.is.also.able.to.use.any.s
f1ce0	65 72 76 69 63 65 20 72 65 6c 79 69 6e 67 20 6f 6e 20 70 72 6f 74 6f 63 6f 6c 73 20 73 75 70 70	ervice.relying.on.protocols.supp
f1d00	6f 72 74 65 64 20 62 79 20 64 64 63 6c 69 65 6e 74 2e 00 56 79 4f 53 20 69 74 73 65 6c 66 20 73	orted.by.ddclient..VyOS.itself.s
f1d20	75 70 70 6f 72 74 73 20 53 4e 4d 50 76 32 5f 20 28 76 65 72 73 69 6f 6e 20 32 29 20 61 6e 64 20	upports.SNMPv2_.(version.2).and.
f1d40	53 4e 4d 50 76 33 5f 20 28 76 65 72 73 69 6f 6e 20 33 29 20 77 68 65 72 65 20 74 68 65 20 6c 61	SNMPv3_.(version.3).where.the.la
f1d60	74 65 72 20 69 73 20 72 65 63 6f 6d 6d 65 6e 64 65 64 20 62 65 63 61 75 73 65 20 6f 66 20 69 6d	ter.is.recommended.because.of.im
f1d80	70 72 6f 76 65 64 20 73 65 63 75 72 69 74 79 20 28 6f 70 74 69 6f 6e 61 6c 20 61 75 74 68 65 6e	proved.security.(optional.authen
f1da0	74 69 63 61 74 69 6f 6e 20 61 6e 64 20 65 6e 63 72 79 70 74 69 6f 6e 29 2e 00 56 79 4f 53 20 6c	tication.and.encryption)..VyOS.l
f1dc0	65 74 73 20 79 6f 75 20 63 6f 6e 74 72 6f 6c 20 74 72 61 66 66 69 63 20 69 6e 20 6d 61 6e 79 20	ets.you.control.traffic.in.many.
f1de0	64 69 66 66 65 72 65 6e 74 20 77 61 79 73 2c 20 68 65 72 65 20 77 65 20 77 69 6c 6c 20 63 6f 76	different.ways,.here.we.will.cov
f1e00	65 72 20 65 76 65 72 79 20 70 6f 73 73 69 62 69 6c 69 74 79 2e 20 59 6f 75 20 63 61 6e 20 63 6f	er.every.possibility..You.can.co
f1e20	6e 66 69 67 75 72 65 20 61 73 20 6d 61 6e 79 20 70 6f 6c 69 63 69 65 73 20 61 73 20 79 6f 75 20	nfigure.as.many.policies.as.you.
f1e40	77 61 6e 74 2c 20 62 75 74 20 79 6f 75 20 77 69 6c 6c 20 6f 6e 6c 79 20 62 65 20 61 62 6c 65 20	want,.but.you.will.only.be.able.
f1e60	74 6f 20 61 70 70 6c 79 20 6f 6e 65 20 70 6f 6c 69 63 79 20 70 65 72 20 69 6e 74 65 72 66 61 63	to.apply.one.policy.per.interfac
f1e80	65 20 61 6e 64 20 64 69 72 65 63 74 69 6f 6e 20 28 69 6e 62 6f 75 6e 64 20 6f 72 20 6f 75 74 62	e.and.direction.(inbound.or.outb
f1ea0	6f 75 6e 64 29 2e 00 56 79 4f 53 20 6d 61 6b 65 73 20 75 73 65 20 6f 66 20 3a 61 62 62 72 3a 60	ound)..VyOS.makes.use.of.:abbr:`
f1ec0	46 52 52 20 28 46 72 65 65 20 52 61 6e 67 65 20 52 6f 75 74 69 6e 67 29 60 20 61 6e 64 20 77 65	FRR.(Free.Range.Routing)`.and.we
f1ee0	20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 6f 20 74 68 61 6e 6b 20 74 68 65 6d 20 66 6f 72 20 74 68	.would.like.to.thank.them.for.th
f1f00	65 69 72 20 65 66 66 6f 72 74 21 00 56 79 4f 53 20 6d 61 6b 65 73 20 75 73 65 20 6f 66 20 4c 69	eir.effort!.VyOS.makes.use.of.Li
f1f20	6e 75 78 20 60 6e 65 74 66 69 6c 74 65 72 20 3c 68 74 74 70 73 3a 2f 2f 6e 65 74 66 69 6c 74 65	nux.`netfilter.<https://netfilte
f1f40	72 2e 6f 72 67 2f 3e 60 5f 20 66 6f 72 20 70 61 63 6b 65 74 20 66 69 6c 74 65 72 69 6e 67 2e 00	r.org/>`_.for.packet.filtering..
f1f60	56 79 4f 53 20 6e 6f 74 20 6f 6e 6c 79 20 63 61 6e 20 6e 6f 77 20 6d 61 6e 61 67 65 20 63 65 72	VyOS.not.only.can.now.manage.cer
f1f80	74 69 66 69 63 61 74 65 73 20 69 73 73 75 65 64 20 62 79 20 33 72 64 20 70 61 72 74 79 20 43 65	tificates.issued.by.3rd.party.Ce
f1fa0	72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 69 65 73 2c 20 69 74 20 63 61 6e 20 61 6c	rtificate.Authorities,.it.can.al
f1fc0	73 6f 20 61 63 74 20 61 73 20 61 20 43 41 20 6f 6e 20 69 74 73 20 6f 77 6e 2e 20 59 6f 75 20 63	so.act.as.a.CA.on.its.own..You.c
f1fe0	61 6e 20 63 72 65 61 74 65 20 79 6f 75 72 20 6f 77 6e 20 72 6f 6f 74 20 43 41 20 61 6e 64 20 73	an.create.your.own.root.CA.and.s
f2000	69 67 6e 20 6b 65 79 73 20 77 69 74 68 20 69 74 20 62 79 20 6d 61 6b 69 6e 67 20 75 73 65 20 6f	ign.keys.with.it.by.making.use.o
f2020	66 20 73 6f 6d 65 20 73 69 6d 70 6c 65 20 6f 70 2d 6d 6f 64 65 20 63 6f 6d 6d 61 6e 64 73 2e 00	f.some.simple.op-mode.commands..
f2040	56 79 4f 53 20 6e 6f 77 20 61 6c 73 6f 20 68 61 73 20 74 68 65 20 61 62 69 6c 69 74 79 20 74 6f	VyOS.now.also.has.the.ability.to
f2060	20 63 72 65 61 74 65 20 43 41 73 2c 20 6b 65 79 73 2c 20 44 69 66 66 69 65 2d 48 65 6c 6c 6d 61	.create.CAs,.keys,.Diffie-Hellma
f2080	6e 20 61 6e 64 20 6f 74 68 65 72 20 6b 65 79 70 61 69 72 73 20 66 72 6f 6d 20 61 6e 20 65 61 73	n.and.other.keypairs.from.an.eas
f20a0	79 20 74 6f 20 61 63 63 65 73 73 20 6f 70 65 72 61 74 69 6f 6e 61 6c 20 6c 65 76 65 6c 20 63 6f	y.to.access.operational.level.co
f20c0	6d 6d 61 6e 64 2e 00 56 79 4f 53 20 6f 70 65 72 61 74 69 6f 6e 61 6c 20 6d 6f 64 65 20 63 6f 6d	mmand..VyOS.operational.mode.com
f20e0	6d 61 6e 64 73 20 61 72 65 20 6e 6f 74 20 6f 6e 6c 79 20 61 76 61 69 6c 61 62 6c 65 20 66 6f 72	mands.are.not.only.available.for
f2100	20 67 65 6e 65 72 61 74 69 6e 67 20 6b 65 79 73 20 62 75 74 20 61 6c 73 6f 20 74 6f 20 64 69 73	.generating.keys.but.also.to.dis
f2120	70 6c 61 79 20 74 68 65 6d 2e 00 56 79 4f 53 20 70 72 6f 76 69 64 65 20 61 6e 20 48 54 54 50 20	play.them..VyOS.provide.an.HTTP.
f2140	41 50 49 2e 20 59 6f 75 20 63 61 6e 20 75 73 65 20 69 74 20 74 6f 20 65 78 65 63 75 74 65 20 6f	API..You.can.use.it.to.execute.o
f2160	70 2d 6d 6f 64 65 20 63 6f 6d 6d 61 6e 64 73 2c 20 75 70 64 61 74 65 20 56 79 4f 53 2c 20 73 65	p-mode.commands,.update.VyOS,.se
f2180	74 20 6f 72 20 64 65 6c 65 74 65 20 63 6f 6e 66 69 67 2e 00 56 79 4f 53 20 70 72 6f 76 69 64 65	t.or.delete.config..VyOS.provide
f21a0	73 20 44 4e 53 20 69 6e 66 72 61 73 74 72 75 63 74 75 72 65 20 66 6f 72 20 73 6d 61 6c 6c 20 6e	s.DNS.infrastructure.for.small.n
f21c0	65 74 77 6f 72 6b 73 2e 20 49 74 20 69 73 20 64 65 73 69 67 6e 65 64 20 74 6f 20 62 65 20 6c 69	etworks..It.is.designed.to.be.li
f21e0	67 68 74 77 65 69 67 68 74 20 61 6e 64 20 68 61 76 65 20 61 20 73 6d 61 6c 6c 20 66 6f 6f 74 70	ghtweight.and.have.a.small.footp
f2200	72 69 6e 74 2c 20 73 75 69 74 61 62 6c 65 20 66 6f 72 20 72 65 73 6f 75 72 63 65 20 63 6f 6e 73	rint,.suitable.for.resource.cons
f2220	74 72 61 69 6e 65 64 20 72 6f 75 74 65 72 73 20 61 6e 64 20 66 69 72 65 77 61 6c 6c 73 2e 20 46	trained.routers.and.firewalls..F
f2240	6f 72 20 74 68 69 73 20 77 65 20 75 74 69 6c 69 7a 65 20 50 6f 77 65 72 44 4e 53 20 72 65 63 75	or.this.we.utilize.PowerDNS.recu
f2260	72 73 6f 72 2e 00 56 79 4f 53 20 70 72 6f 76 69 64 65 73 20 70 6f 6c 69 63 69 65 73 20 63 6f 6d	rsor..VyOS.provides.policies.com
f2280	6d 61 6e 64 73 20 65 78 63 6c 75 73 69 76 65 6c 79 20 66 6f 72 20 42 47 50 20 74 72 61 66 66 69	mands.exclusively.for.BGP.traffi
f22a0	63 20 66 69 6c 74 65 72 69 6e 67 20 61 6e 64 20 6d 61 6e 69 70 75 6c 61 74 69 6f 6e 3a 20 2a 2a	c.filtering.and.manipulation:.**
f22c0	61 73 2d 70 61 74 68 2d 6c 69 73 74 2a 2a 20 69 73 20 6f 6e 65 20 6f 66 20 74 68 65 6d 2e 00 56	as-path-list**.is.one.of.them..V
f22e0	79 4f 53 20 70 72 6f 76 69 64 65 73 20 70 6f 6c 69 63 69 65 73 20 63 6f 6d 6d 61 6e 64 73 20 65	yOS.provides.policies.commands.e
f2300	78 63 6c 75 73 69 76 65 6c 79 20 66 6f 72 20 42 47 50 20 74 72 61 66 66 69 63 20 66 69 6c 74 65	xclusively.for.BGP.traffic.filte
f2320	72 69 6e 67 20 61 6e 64 20 6d 61 6e 69 70 75 6c 61 74 69 6f 6e 3a 20 2a 2a 63 6f 6d 6d 75 6e 69	ring.and.manipulation:.**communi
f2340	74 79 2d 6c 69 73 74 2a 2a 20 69 73 20 6f 6e 65 20 6f 66 20 74 68 65 6d 2e 00 56 79 4f 53 20 70	ty-list**.is.one.of.them..VyOS.p
f2360	72 6f 76 69 64 65 73 20 70 6f 6c 69 63 69 65 73 20 63 6f 6d 6d 61 6e 64 73 20 65 78 63 6c 75 73	rovides.policies.commands.exclus
f2380	69 76 65 6c 79 20 66 6f 72 20 42 47 50 20 74 72 61 66 66 69 63 20 66 69 6c 74 65 72 69 6e 67 20	ively.for.BGP.traffic.filtering.
f23a0	61 6e 64 20 6d 61 6e 69 70 75 6c 61 74 69 6f 6e 3a 20 2a 2a 65 78 74 63 6f 6d 6d 75 6e 69 74 79	and.manipulation:.**extcommunity
f23c0	2d 6c 69 73 74 2a 2a 20 69 73 20 6f 6e 65 20 6f 66 20 74 68 65 6d 2e 00 56 79 4f 53 20 70 72 6f	-list**.is.one.of.them..VyOS.pro
f23e0	76 69 64 65 73 20 70 6f 6c 69 63 69 65 73 20 63 6f 6d 6d 61 6e 64 73 20 65 78 63 6c 75 73 69 76	vides.policies.commands.exclusiv
f2400	65 6c 79 20 66 6f 72 20 42 47 50 20 74 72 61 66 66 69 63 20 66 69 6c 74 65 72 69 6e 67 20 61 6e	ely.for.BGP.traffic.filtering.an
f2420	64 20 6d 61 6e 69 70 75 6c 61 74 69 6f 6e 3a 20 2a 2a 6c 61 72 67 65 2d 63 6f 6d 6d 75 6e 69 74	d.manipulation:.**large-communit
f2440	79 2d 6c 69 73 74 2a 2a 20 69 73 20 6f 6e 65 20 6f 66 20 74 68 65 6d 2e 00 56 79 4f 53 20 70 72	y-list**.is.one.of.them..VyOS.pr
f2460	6f 76 69 64 65 73 20 73 6f 6d 65 20 6f 70 65 72 61 74 69 6f 6e 61 6c 20 63 6f 6d 6d 61 6e 64 73	ovides.some.operational.commands
f2480	20 6f 6e 20 4f 70 65 6e 56 50 4e 2e 00 56 79 4f 53 20 70 72 6f 76 69 64 65 73 20 73 75 70 70 6f	.on.OpenVPN..VyOS.provides.suppo
f24a0	72 74 20 66 6f 72 20 44 48 43 50 20 66 61 69 6c 6f 76 65 72 2e 20 44 48 43 50 20 66 61 69 6c 6f	rt.for.DHCP.failover..DHCP.failo
f24c0	76 65 72 20 6d 75 73 74 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 65 78 70 6c 69 63 69 74 6c	ver.must.be.configured.explicitl
f24e0	79 20 62 79 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 73 74 61 74 65 6d 65 6e 74 73 2e 00 56	y.by.the.following.statements..V
f2500	79 4f 53 20 72 65 76 65 72 73 65 2d 70 72 6f 78 79 20 69 73 20 62 61 6c 61 6e 63 65 72 20 61 6e	yOS.reverse-proxy.is.balancer.an
f2520	64 20 70 72 6f 78 79 20 73 65 72 76 65 72 20 74 68 61 74 20 70 72 6f 76 69 64 65 73 20 68 69 67	d.proxy.server.that.provides.hig
f2540	68 2d 61 76 61 69 6c 61 62 69 6c 69 74 79 2c 20 6c 6f 61 64 20 62 61 6c 61 6e 63 69 6e 67 20 61	h-availability,.load.balancing.a
f2560	6e 64 20 70 72 6f 78 79 69 6e 67 20 66 6f 72 20 54 43 50 20 28 6c 65 76 65 6c 20 34 29 20 61 6e	nd.proxying.for.TCP.(level.4).an
f2580	64 20 48 54 54 50 2d 62 61 73 65 64 20 28 6c 65 76 65 6c 20 37 29 20 61 70 70 6c 69 63 61 74 69	d.HTTP-based.(level.7).applicati
f25a0	6f 6e 73 2e 00 56 79 4f 53 20 73 75 70 70 6f 72 74 73 20 62 6f 74 68 20 49 47 4d 50 20 76 65 72	ons..VyOS.supports.both.IGMP.ver
f25c0	73 69 6f 6e 20 32 20 61 6e 64 20 76 65 72 73 69 6f 6e 20 33 20 28 77 68 69 63 68 20 61 6c 6c 6f	sion.2.and.version.3.(which.allo
f25e0	77 73 20 73 6f 75 72 63 65 2d 73 70 65 63 69 66 69 63 20 6d 75 6c 74 69 63 61 73 74 29 2e 00 56	ws.source-specific.multicast)..V
f2600	79 4f 53 20 73 75 70 70 6f 72 74 73 20 62 6f 74 68 20 4d 4c 44 20 76 65 72 73 69 6f 6e 20 31 20	yOS.supports.both.MLD.version.1.
f2620	61 6e 64 20 76 65 72 73 69 6f 6e 20 32 20 28 77 68 69 63 68 20 61 6c 6c 6f 77 73 20 73 6f 75 72	and.version.2.(which.allows.sour
f2640	63 65 2d 73 70 65 63 69 66 69 63 20 6d 75 6c 74 69 63 61 73 74 29 2e 00 56 79 4f 53 20 73 75 70	ce-specific.multicast)..VyOS.sup
f2660	70 6f 72 74 73 20 66 6c 6f 77 2d 61 63 63 6f 75 6e 74 69 6e 67 20 66 6f 72 20 62 6f 74 68 20 49	ports.flow-accounting.for.both.I
f2680	50 76 34 20 61 6e 64 20 49 50 76 36 20 74 72 61 66 66 69 63 2e 20 54 68 65 20 73 79 73 74 65 6d	Pv4.and.IPv6.traffic..The.system
f26a0	20 61 63 74 73 20 61 73 20 61 20 66 6c 6f 77 20 65 78 70 6f 72 74 65 72 2c 20 61 6e 64 20 79 6f	.acts.as.a.flow.exporter,.and.yo
f26c0	75 20 61 72 65 20 66 72 65 65 20 74 6f 20 75 73 65 20 69 74 20 77 69 74 68 20 61 6e 79 20 63 6f	u.are.free.to.use.it.with.any.co
f26e0	6d 70 61 74 69 62 6c 65 20 63 6f 6c 6c 65 63 74 6f 72 2e 00 56 79 4f 53 20 73 75 70 70 6f 72 74	mpatible.collector..VyOS.support
f2700	73 20 73 46 6c 6f 77 20 61 63 63 6f 75 6e 74 69 6e 67 20 66 6f 72 20 62 6f 74 68 20 49 50 76 34	s.sFlow.accounting.for.both.IPv4
f2720	20 61 6e 64 20 49 50 76 36 20 74 72 61 66 66 69 63 2e 20 54 68 65 20 73 79 73 74 65 6d 20 61 63	.and.IPv6.traffic..The.system.ac
f2740	74 73 20 61 73 20 61 20 66 6c 6f 77 20 65 78 70 6f 72 74 65 72 2c 20 61 6e 64 20 79 6f 75 20 61	ts.as.a.flow.exporter,.and.you.a
f2760	72 65 20 66 72 65 65 20 74 6f 20 75 73 65 20 69 74 20 77 69 74 68 20 61 6e 79 20 63 6f 6d 70 61	re.free.to.use.it.with.any.compa
f2780	74 69 62 6c 65 20 63 6f 6c 6c 65 63 74 6f 72 2e 00 56 79 4f 53 20 73 75 70 70 6f 72 74 73 20 73	tible.collector..VyOS.supports.s
f27a0	65 74 74 69 6e 67 20 74 69 6d 65 6f 75 74 73 20 66 6f 72 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20	etting.timeouts.for.connections.
f27c0	61 63 63 6f 72 64 69 6e 67 20 74 6f 20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 74 79 70 65	according.to.the.connection.type
f27e0	2e 20 59 6f 75 20 63 61 6e 20 73 65 74 20 74 69 6d 65 6f 75 74 20 76 61 6c 75 65 73 20 66 6f 72	..You.can.set.timeout.values.for
f2800	20 67 65 6e 65 72 69 63 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 2c 20 66 6f 72 20 49 43 4d 50 20 63	.generic.connections,.for.ICMP.c
f2820	6f 6e 6e 65 63 74 69 6f 6e 73 2c 20 55 44 50 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 2c 20 6f 72 20	onnections,.UDP.connections,.or.
f2840	66 6f 72 20 54 43 50 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 69 6e 20 61 20 6e 75 6d 62 65 72 20	for.TCP.connections.in.a.number.
f2860	6f 66 20 64 69 66 66 65 72 65 6e 74 20 73 74 61 74 65 73 2e 00 56 79 4f 53 20 73 75 70 70 6f 72	of.different.states..VyOS.suppor
f2880	74 73 20 73 65 74 74 69 6e 67 20 75 70 20 50 50 50 6f 45 20 69 6e 20 74 77 6f 20 64 69 66 66 65	ts.setting.up.PPPoE.in.two.diffe
f28a0	72 65 6e 74 20 77 61 79 73 20 74 6f 20 61 20 50 50 50 6f 45 20 69 6e 74 65 72 6e 65 74 20 63 6f	rent.ways.to.a.PPPoE.internet.co
f28c0	6e 6e 65 63 74 69 6f 6e 2e 20 54 68 69 73 20 69 73 20 62 65 63 61 75 73 65 20 6d 6f 73 74 20 49	nnection..This.is.because.most.I
f28e0	53 50 73 20 70 72 6f 76 69 64 65 20 61 20 6d 6f 64 65 6d 20 74 68 61 74 20 69 73 20 61 6c 73 6f	SPs.provide.a.modem.that.is.also
f2900	20 61 20 77 69 72 65 6c 65 73 73 20 72 6f 75 74 65 72 2e 00 56 79 4f 53 20 75 73 65 73 20 49 53	.a.wireless.router..VyOS.uses.IS
f2920	43 20 44 48 43 50 20 73 65 72 76 65 72 20 66 6f 72 20 62 6f 74 68 20 49 50 76 34 20 61 6e 64 20	C.DHCP.server.for.both.IPv4.and.
f2940	49 50 76 36 20 61 64 64 72 65 73 73 20 61 73 73 69 67 6e 6d 65 6e 74 2e 00 56 79 4f 53 20 75 73	IPv6.address.assignment..VyOS.us
f2960	65 73 20 74 68 65 20 60 69 6e 74 65 72 66 61 63 65 73 20 77 77 61 6e 60 20 73 75 62 73 79 73 74	es.the.`interfaces.wwan`.subsyst
f2980	65 6d 20 66 6f 72 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2e 00 56 79 4f 53 20 75 73 65 73 20	em.for.configuration..VyOS.uses.
f29a0	74 68 65 20 60 6d 69 72 72 6f 72 60 20 6f 70 74 69 6f 6e 20 74 6f 20 63 6f 6e 66 69 67 75 72 65	the.`mirror`.option.to.configure
f29c0	20 70 6f 72 74 20 6d 69 72 72 6f 72 69 6e 67 2e 20 54 68 65 20 63 6f 6e 66 69 67 75 72 61 74 69	.port.mirroring..The.configurati
f29e0	6f 6e 20 69 73 20 64 69 76 69 64 65 64 20 69 6e 74 6f 20 32 20 64 69 66 66 65 72 65 6e 74 20 64	on.is.divided.into.2.different.d
f2a00	69 72 65 63 74 69 6f 6e 73 2e 20 44 65 73 74 69 6e 61 74 69 6f 6e 20 70 6f 72 74 73 20 73 68 6f	irections..Destination.ports.sho
f2a20	75 6c 64 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 66 6f 72 20 64 69 66 66 65 72 65 6e 74 20	uld.be.configured.for.different.
f2a40	74 72 61 66 66 69 63 20 64 69 72 65 63 74 69 6f 6e 73 2e 00 56 79 4f 53 20 75 74 69 6c 69 7a 65	traffic.directions..VyOS.utilize
f2a60	73 20 60 61 63 63 65 6c 2d 70 70 70 60 5f 20 74 6f 20 70 72 6f 76 69 64 65 20 3a 61 62 62 72 3a	s.`accel-ppp`_.to.provide.:abbr:
f2a80	60 49 50 6f 45 20 28 49 6e 74 65 72 6e 65 74 20 50 72 6f 74 6f 63 6f 6c 20 6f 76 65 72 20 45 74	`IPoE.(Internet.Protocol.over.Et
f2aa0	68 65 72 6e 65 74 29 60 20 73 65 72 76 65 72 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79 2e 20 49	hernet)`.server.functionality..I
f2ac0	74 20 63 61 6e 20 62 65 20 75 73 65 64 20 77 69 74 68 20 6c 6f 63 61 6c 20 61 75 74 68 65 6e 74	t.can.be.used.with.local.authent
f2ae0	69 63 61 74 69 6f 6e 20 28 6d 61 63 2d 61 64 64 72 65 73 73 29 20 6f 72 20 61 20 63 6f 6e 6e 65	ication.(mac-address).or.a.conne
f2b00	63 74 65 64 20 52 41 44 49 55 53 20 73 65 72 76 65 72 2e 00 56 79 4f 53 20 75 74 69 6c 69 7a 65	cted.RADIUS.server..VyOS.utilize
f2b20	73 20 60 61 63 63 65 6c 2d 70 70 70 60 5f 20 74 6f 20 70 72 6f 76 69 64 65 20 50 50 50 6f 45 20	s.`accel-ppp`_.to.provide.PPPoE.
f2b40	73 65 72 76 65 72 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79 2e 20 49 74 20 63 61 6e 20 62 65 20	server.functionality..It.can.be.
f2b60	75 73 65 64 20 77 69 74 68 20 6c 6f 63 61 6c 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 6f	used.with.local.authentication.o
f2b80	72 20 61 20 63 6f 6e 6e 65 63 74 65 64 20 52 41 44 49 55 53 20 73 65 72 76 65 72 2e 00 56 79 4f	r.a.connected.RADIUS.server..VyO
f2ba0	53 20 75 74 69 6c 69 7a 65 73 20 61 63 63 65 6c 2d 70 70 70 5f 20 74 6f 20 70 72 6f 76 69 64 65	S.utilizes.accel-ppp_.to.provide
f2bc0	20 4c 32 54 50 20 73 65 72 76 65 72 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79 2e 20 49 74 20 63	.L2TP.server.functionality..It.c
f2be0	61 6e 20 62 65 20 75 73 65 64 20 77 69 74 68 20 6c 6f 63 61 6c 20 61 75 74 68 65 6e 74 69 63 61	an.be.used.with.local.authentica
f2c00	74 69 6f 6e 20 6f 72 20 61 20 63 6f 6e 6e 65 63 74 65 64 20 52 41 44 49 55 53 20 73 65 72 76 65	tion.or.a.connected.RADIUS.serve
f2c20	72 2e 00 56 79 4f 53 20 75 74 69 6c 69 7a 65 73 20 61 63 63 65 6c 2d 70 70 70 5f 20 74 6f 20 70	r..VyOS.utilizes.accel-ppp_.to.p
f2c40	72 6f 76 69 64 65 20 53 53 54 50 20 73 65 72 76 65 72 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79	rovide.SSTP.server.functionality
f2c60	2e 20 57 65 20 73 75 70 70 6f 72 74 20 62 6f 74 68 20 6c 6f 63 61 6c 20 61 6e 64 20 52 41 44 49	..We.support.both.local.and.RADI
f2c80	55 53 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 2e 00 57 41 4e 20 4c 6f 61 64 20 42 61 6c 61	US.authentication..WAN.Load.Bala
f2ca0	63 69 6e 67 20 73 68 6f 75 6c 64 20 6e 6f 74 20 62 65 20 75 73 65 64 20 77 68 65 6e 20 64 79 6e	cing.should.not.be.used.when.dyn
f2cc0	61 6d 69 63 20 72 6f 75 74 69 6e 67 20 70 72 6f 74 6f 63 6f 6c 20 69 73 20 75 73 65 64 2f 6e 65	amic.routing.protocol.is.used/ne
f2ce0	65 64 65 64 2e 20 54 68 69 73 20 66 65 61 74 75 72 65 20 63 72 65 61 74 65 73 20 63 75 73 74 6f	eded..This.feature.creates.custo
f2d00	6d 69 7a 65 64 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 73 20 61 6e 64 20 66 69 72 65 77 61 6c	mized.routing.tables.and.firewal
f2d20	6c 20 72 75 6c 65 73 2c 20 74 68 61 74 20 6d 61 6b 65 73 20 69 74 20 69 6e 63 6f 6d 70 61 74 69	l.rules,.that.makes.it.incompati
f2d40	62 6c 65 20 74 6f 20 75 73 65 20 77 69 74 68 20 72 6f 75 74 69 6e 67 20 70 72 6f 74 6f 63 6f 6c	ble.to.use.with.routing.protocol
f2d60	73 2e 00 57 41 4e 20 69 6e 74 65 72 66 61 63 65 20 6f 6e 20 60 65 74 68 31 60 00 57 41 4e 20 6c	s..WAN.interface.on.`eth1`.WAN.l
f2d80	6f 61 64 20 62 61 6c 61 6e 63 69 6e 67 00 57 4c 41 4e 2f 57 49 46 49 20 2d 20 57 69 72 65 6c 65	oad.balancing.WLAN/WIFI.-.Wirele
f2da0	73 73 20 4c 41 4e 00 57 4d 4d 2d 50 53 20 55 6e 73 63 68 65 64 75 6c 65 64 20 41 75 74 6f 6d 61	ss.LAN.WMM-PS.Unscheduled.Automa
f2dc0	74 69 63 20 50 6f 77 65 72 20 53 61 76 65 20 44 65 6c 69 76 65 72 79 20 5b 55 2d 41 50 53 44 5d	tic.Power.Save.Delivery.[U-APSD]
f2de0	00 57 50 41 20 70 61 73 73 70 68 72 61 73 65 20 60 60 31 32 33 34 35 36 37 38 60 60 00 57 57 41	.WPA.passphrase.``12345678``.WWA
f2e00	4e 20 2d 20 57 69 72 65 6c 65 73 73 20 57 69 64 65 2d 41 72 65 61 2d 4e 65 74 77 6f 72 6b 00 57	N.-.Wireless.Wide-Area-Network.W
f2e20	61 72 6e 69 6e 67 00 57 61 72 6e 69 6e 67 20 63 6f 6e 64 69 74 69 6f 6e 73 00 57 65 20 61 73 73	arning.Warning.conditions.We.ass
f2e40	75 6d 65 20 74 68 61 74 20 74 68 65 20 4c 45 46 54 20 72 6f 75 74 65 72 20 68 61 73 20 73 74 61	ume.that.the.LEFT.router.has.sta
f2e60	74 69 63 20 31 39 32 2e 30 2e 32 2e 31 30 20 61 64 64 72 65 73 73 20 6f 6e 20 65 74 68 30 2c 20	tic.192.0.2.10.address.on.eth0,.
f2e80	61 6e 64 20 74 68 65 20 52 49 47 48 54 20 72 6f 75 74 65 72 20 68 61 73 20 61 20 64 79 6e 61 6d	and.the.RIGHT.router.has.a.dynam
f2ea0	69 63 20 61 64 64 72 65 73 73 20 6f 6e 20 65 74 68 30 2e 00 57 65 20 63 61 6e 20 61 6c 73 6f 20	ic.address.on.eth0..We.can.also.
f2ec0	63 72 65 61 74 65 20 74 68 65 20 63 65 72 74 69 66 69 63 61 74 65 73 20 75 73 69 6e 67 20 43 65	create.the.certificates.using.Ce
f2ee0	72 62 6f 72 74 20 77 68 69 63 68 20 69 73 20 61 6e 20 65 61 73 79 2d 74 6f 2d 75 73 65 20 63 6c	rbort.which.is.an.easy-to-use.cl
f2f00	69 65 6e 74 20 74 68 61 74 20 66 65 74 63 68 65 73 20 61 20 63 65 72 74 69 66 69 63 61 74 65 20	ient.that.fetches.a.certificate.
f2f20	66 72 6f 6d 20 4c 65 74 27 73 20 45 6e 63 72 79 70 74 20 61 6e 20 6f 70 65 6e 20 63 65 72 74 69	from.Let's.Encrypt.an.open.certi
f2f40	66 69 63 61 74 65 20 61 75 74 68 6f 72 69 74 79 20 6c 61 75 6e 63 68 65 64 20 62 79 20 74 68 65	ficate.authority.launched.by.the
f2f60	20 45 46 46 2c 20 4d 6f 7a 69 6c 6c 61 2c 20 61 6e 64 20 6f 74 68 65 72 73 20 61 6e 64 20 64 65	.EFF,.Mozilla,.and.others.and.de
f2f80	70 6c 6f 79 73 20 69 74 20 74 6f 20 61 20 77 65 62 20 73 65 72 76 65 72 2e 00 57 65 20 63 61 6e	ploys.it.to.a.web.server..We.can
f2fa0	20 62 75 69 6c 64 20 72 6f 75 74 65 2d 6d 61 70 73 20 66 6f 72 20 69 6d 70 6f 72 74 20 62 61 73	.build.route-maps.for.import.bas
f2fc0	65 64 20 6f 6e 20 74 68 65 73 65 20 73 74 61 74 65 73 2e 20 48 65 72 65 20 69 73 20 61 20 73 69	ed.on.these.states..Here.is.a.si
f2fe0	6d 70 6c 65 20 52 50 4b 49 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2c 20 77 68 65 72 65 20 60	mple.RPKI.configuration,.where.`
f3000	72 6f 75 74 69 6e 61 74 6f 72 60 20 69 73 20 74 68 65 20 52 50 4b 49 2d 76 61 6c 69 64 61 74 69	routinator`.is.the.RPKI-validati
f3020	6e 67 20 22 63 61 63 68 65 22 20 73 65 72 76 65 72 20 77 69 74 68 20 69 70 20 60 31 39 32 2e 30	ng."cache".server.with.ip.`192.0
f3040	2e 32 2e 31 60 3a 00 57 65 20 63 61 6e 27 74 20 73 75 70 70 6f 72 74 20 61 6c 6c 20 64 69 73 70	.2.1`:.We.can't.support.all.disp
f3060	6c 61 79 73 20 66 72 6f 6d 20 74 68 65 20 62 65 67 69 6e 6e 69 6e 67 2e 20 49 66 20 79 6f 75 72	lays.from.the.beginning..If.your
f3080	20 64 69 73 70 6c 61 79 20 74 79 70 65 20 69 73 20 6d 69 73 73 69 6e 67 2c 20 70 6c 65 61 73 65	.display.type.is.missing,.please
f30a0	20 63 72 65 61 74 65 20 61 20 66 65 61 74 75 72 65 20 72 65 71 75 65 73 74 20 76 69 61 20 50 68	.create.a.feature.request.via.Ph
f30c0	61 62 72 69 63 61 74 6f 72 5f 2e 00 57 65 20 63 6f 75 6c 64 20 65 78 70 61 6e 64 20 6f 6e 20 74	abricator_..We.could.expand.on.t
f30e0	68 69 73 20 61 6e 64 20 61 6c 73 6f 20 64 65 6e 79 20 6c 69 6e 6b 20 6c 6f 63 61 6c 20 61 6e 64	his.and.also.deny.link.local.and
f3100	20 6d 75 6c 74 69 63 61 73 74 20 69 6e 20 74 68 65 20 72 75 6c 65 20 32 30 20 61 63 74 69 6f 6e	.multicast.in.the.rule.20.action
f3120	20 64 65 6e 79 2e 00 57 65 20 64 6f 20 6e 6f 74 20 68 61 76 65 20 43 4c 49 20 6e 6f 64 65 73 20	.deny..We.do.not.have.CLI.nodes.
f3140	66 6f 72 20 65 76 65 72 79 20 73 69 6e 67 6c 65 20 4f 70 65 6e 56 50 4e 20 6f 70 74 69 6f 6e 2e	for.every.single.OpenVPN.option.
f3160	20 49 66 20 61 6e 20 6f 70 74 69 6f 6e 20 69 73 20 6d 69 73 73 69 6e 67 2c 20 61 20 66 65 61 74	.If.an.option.is.missing,.a.feat
f3180	75 72 65 20 72 65 71 75 65 73 74 20 73 68 6f 75 6c 64 20 62 65 20 6f 70 65 6e 65 64 20 61 74 20	ure.request.should.be.opened.at.
f31a0	50 68 61 62 72 69 63 61 74 6f 72 5f 20 73 6f 20 61 6c 6c 20 75 73 65 72 73 20 63 61 6e 20 62 65	Phabricator_.so.all.users.can.be
f31c0	6e 65 66 69 74 20 66 72 6f 6d 20 69 74 20 28 73 65 65 20 3a 72 65 66 3a 60 69 73 73 75 65 73 5f	nefit.from.it.(see.:ref:`issues_
f31e0	66 65 61 74 75 72 65 73 60 29 2e 00 57 65 20 64 6f 6e 27 74 20 72 65 63 6f 6d 65 6e 64 20 74 6f	features`)..We.don't.recomend.to
f3200	20 75 73 65 20 61 72 67 75 6d 65 6e 74 73 2e 20 55 73 69 6e 67 20 65 6e 76 69 72 6f 6e 6d 65 6e	.use.arguments..Using.environmen
f3220	74 73 20 69 73 20 6d 6f 72 65 20 70 72 65 66 66 65 72 65 62 6c 65 2e 00 57 65 20 6c 69 73 74 65	ts.is.more.preffereble..We.liste
f3240	6e 20 6f 6e 20 70 6f 72 74 20 35 31 38 32 30 00 57 65 20 6e 65 65 64 20 74 6f 20 67 65 6e 65 72	n.on.port.51820.We.need.to.gener
f3260	61 74 65 20 74 68 65 20 63 65 72 74 69 66 69 63 61 74 65 20 77 68 69 63 68 20 61 75 74 68 65 6e	ate.the.certificate.which.authen
f3280	74 69 63 61 74 65 73 20 75 73 65 72 73 20 77 68 6f 20 61 74 74 65 6d 70 74 20 74 6f 20 61 63 63	ticates.users.who.attempt.to.acc
f32a0	65 73 73 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 72 65 73 6f 75 72 63 65 20 74 68 72 6f 75 67 68	ess.the.network.resource.through
f32c0	20 74 68 65 20 53 53 4c 20 56 50 4e 20 74 75 6e 6e 65 6c 73 2e 20 54 68 65 20 66 6f 6c 6c 6f 77	.the.SSL.VPN.tunnels..The.follow
f32e0	69 6e 67 20 63 6f 6d 6d 61 6e 64 73 20 77 69 6c 6c 20 63 72 65 61 74 65 20 61 20 73 65 6c 66 20	ing.commands.will.create.a.self.
f3300	73 69 67 6e 65 64 20 63 65 72 74 69 66 69 63 61 74 65 73 20 61 6e 64 20 77 69 6c 6c 20 62 65 20	signed.certificates.and.will.be.
f3320	73 74 6f 72 65 64 20 69 6e 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3a 00 57 65 20 6e 6f 77 20	stored.in.configuration:.We.now.
f3340	75 74 69 6c 69 7a 65 20 60 74 75 6e 65 64 60 20 66 6f 72 20 64 79 6e 61 6d 69 63 20 72 65 73 6f	utilize.`tuned`.for.dynamic.reso
f3360	75 72 63 65 20 62 61 6c 61 6e 63 69 6e 67 20 62 61 73 65 64 20 6f 6e 20 70 72 6f 66 69 6c 65 73	urce.balancing.based.on.profiles
f3380	2e 00 57 65 20 6f 6e 6c 79 20 61 6c 6c 6f 77 20 74 68 65 20 31 39 32 2e 31 36 38 2e 32 2e 30 2f	..We.only.allow.the.192.168.2.0/
f33a0	32 34 20 73 75 62 6e 65 74 20 74 6f 20 74 72 61 76 65 6c 20 6f 76 65 72 20 74 68 65 20 74 75 6e	24.subnet.to.travel.over.the.tun
f33c0	6e 65 6c 00 57 65 20 6f 6e 6c 79 20 6e 65 65 64 20 61 20 73 69 6e 67 6c 65 20 73 74 65 70 20 66	nel.We.only.need.a.single.step.f
f33e0	6f 72 20 74 68 69 73 20 69 6e 74 65 72 66 61 63 65 3a 00 57 65 20 72 6f 75 74 65 20 61 6c 6c 20	or.this.interface:.We.route.all.
f3400	74 72 61 66 66 69 63 20 66 6f 72 20 74 68 65 20 31 39 32 2e 31 36 38 2e 32 2e 30 2f 32 34 20 6e	traffic.for.the.192.168.2.0/24.n
f3420	65 74 77 6f 72 6b 20 74 6f 20 69 6e 74 65 72 66 61 63 65 20 60 77 67 30 31 60 00 57 65 20 75 73	etwork.to.interface.`wg01`.We.us
f3440	65 20 61 20 76 6f 6e 74 61 69 6e 65 72 20 70 72 6f 76 69 64 69 6e 67 20 74 68 65 20 54 41 43 41	e.a.vontainer.providing.the.TACA
f3460	43 53 20 73 65 72 76 65 20 72 69 6e 20 74 68 69 73 20 65 78 61 6d 70 6c 65 2e 00 57 65 27 6c 6c	CS.serve.rin.this.example..We'll
f3480	20 75 73 65 20 74 68 65 20 49 4b 45 20 61 6e 64 20 45 53 50 20 67 72 6f 75 70 73 20 63 72 65 61	.use.the.IKE.and.ESP.groups.crea
f34a0	74 65 64 20 61 62 6f 76 65 20 66 6f 72 20 74 68 69 73 20 56 50 4e 2e 20 42 65 63 61 75 73 65 20	ted.above.for.this.VPN..Because.
f34c0	77 65 20 6e 65 65 64 20 61 63 63 65 73 73 20 74 6f 20 32 20 64 69 66 66 65 72 65 6e 74 20 73 75	we.need.access.to.2.different.su
f34e0	62 6e 65 74 73 20 6f 6e 20 74 68 65 20 66 61 72 20 73 69 64 65 2c 20 77 65 20 77 69 6c 6c 20 6e	bnets.on.the.far.side,.we.will.n
f3500	65 65 64 20 74 77 6f 20 64 69 66 66 65 72 65 6e 74 20 74 75 6e 6e 65 6c 73 2e 20 49 66 20 79 6f	eed.two.different.tunnels..If.yo
f3520	75 20 63 68 61 6e 67 65 64 20 74 68 65 20 6e 61 6d 65 73 20 6f 66 20 74 68 65 20 45 53 50 20 67	u.changed.the.names.of.the.ESP.g
f3540	72 6f 75 70 20 61 6e 64 20 49 4b 45 20 67 72 6f 75 70 20 69 6e 20 74 68 65 20 70 72 65 76 69 6f	roup.and.IKE.group.in.the.previo
f3560	75 73 20 73 74 65 70 2c 20 6d 61 6b 65 20 73 75 72 65 20 79 6f 75 20 75 73 65 20 74 68 65 20 63	us.step,.make.sure.you.use.the.c
f3580	6f 72 72 65 63 74 20 6e 61 6d 65 73 20 68 65 72 65 20 74 6f 6f 2e 00 57 65 62 20 50 72 6f 78 79	orrect.names.here.too..Web.Proxy
f35a0	20 41 75 74 6f 64 69 73 63 6f 76 65 72 79 20 28 57 50 41 44 29 20 55 52 4c 00 57 65 62 70 72 6f	.Autodiscovery.(WPAD).URL.Webpro
f35c0	78 79 00 57 68 65 6e 20 4c 44 50 20 69 73 20 77 6f 72 6b 69 6e 67 2c 20 79 6f 75 20 77 69 6c 6c	xy.When.LDP.is.working,.you.will
f35e0	20 62 65 20 61 62 6c 65 20 74 6f 20 73 65 65 20 6c 61 62 65 6c 20 69 6e 66 6f 72 6d 61 74 69 6f	.be.able.to.see.label.informatio
f3600	6e 20 69 6e 20 74 68 65 20 6f 75 74 63 6f 6d 65 20 6f 66 20 60 60 73 68 6f 77 20 69 70 20 72 6f	n.in.the.outcome.of.``show.ip.ro
f3620	75 74 65 60 60 2e 20 42 65 73 69 64 65 73 20 74 68 61 74 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2c	ute``..Besides.that.information,
f3640	20 74 68 65 72 65 20 61 72 65 20 61 6c 73 6f 20 73 70 65 63 69 66 69 63 20 2a 73 68 6f 77 2a 20	.there.are.also.specific.*show*.
f3660	63 6f 6d 6d 61 6e 64 73 20 66 6f 72 20 4c 44 50 3a 00 57 68 65 6e 20 56 52 46 73 20 61 72 65 20	commands.for.LDP:.When.VRFs.are.
f3680	75 73 65 64 20 69 74 20 69 73 20 6e 6f 74 20 6f 6e 6c 79 20 6d 61 6e 64 61 74 6f 72 79 20 74 6f	used.it.is.not.only.mandatory.to
f36a0	20 63 72 65 61 74 65 20 61 20 56 52 46 20 62 75 74 20 61 6c 73 6f 20 74 68 65 20 56 52 46 20 69	.create.a.VRF.but.also.the.VRF.i
f36c0	74 73 65 6c 66 20 6e 65 65 64 73 20 74 6f 20 62 65 20 61 73 73 69 67 6e 65 64 20 74 6f 20 61 6e	tself.needs.to.be.assigned.to.an
f36e0	20 69 6e 74 65 72 66 61 63 65 2e 00 57 68 65 6e 20 61 20 60 60 63 75 73 74 6f 6d 60 60 20 44 79	.interface..When.a.``custom``.Dy
f3700	6e 44 4e 53 20 70 72 6f 76 69 64 65 72 20 69 73 20 75 73 65 64 20 74 68 65 20 60 3c 73 65 72 76	nDNS.provider.is.used.the.`<serv
f3720	65 72 3e 60 20 77 68 65 72 65 20 75 70 64 61 74 65 20 72 65 71 75 65 73 74 73 20 61 72 65 20 62	er>`.where.update.requests.are.b
f3740	65 69 6e 67 20 73 65 6e 74 20 74 6f 20 6d 75 73 74 20 62 65 20 73 70 65 63 69 66 69 65 64 2e 00	eing.sent.to.must.be.specified..
f3760	57 68 65 6e 20 61 20 60 60 63 75 73 74 6f 6d 60 60 20 44 79 6e 44 4e 53 20 70 72 6f 76 69 64 65	When.a.``custom``.DynDNS.provide
f3780	72 20 69 73 20 75 73 65 64 20 74 68 65 20 70 72 6f 74 6f 63 6f 6c 20 75 73 65 64 20 66 6f 72 20	r.is.used.the.protocol.used.for.
f37a0	63 6f 6d 6d 75 6e 69 63 61 74 69 6e 67 20 74 6f 20 74 68 65 20 70 72 6f 76 69 64 65 72 20 6d 75	communicating.to.the.provider.mu
f37c0	73 74 20 62 65 20 73 70 65 63 69 66 69 65 64 20 75 6e 64 65 72 20 60 3c 70 72 6f 74 6f 63 6f 6c	st.be.specified.under.`<protocol
f37e0	3e 60 2e 20 53 65 65 20 74 68 65 20 65 6d 62 65 64 64 65 64 20 63 6f 6d 70 6c 65 74 69 6f 6e 20	>`..See.the.embedded.completion.
f3800	68 65 6c 70 65 72 20 66 6f 72 20 61 76 61 69 6c 61 62 6c 65 20 70 72 6f 74 6f 63 6f 6c 73 2e 00	helper.for.available.protocols..
f3820	57 68 65 6e 20 61 20 66 61 69 6c 6f 76 65 72 20 6f 63 63 75 72 73 20 69 6e 20 61 63 74 69 76 65	When.a.failover.occurs.in.active
f3840	2d 62 61 63 6b 75 70 20 6d 6f 64 65 2c 20 62 6f 6e 64 69 6e 67 20 77 69 6c 6c 20 69 73 73 75 65	-backup.mode,.bonding.will.issue
f3860	20 6f 6e 65 20 6f 72 20 6d 6f 72 65 20 67 72 61 74 75 69 74 6f 75 73 20 41 52 50 73 20 6f 6e 20	.one.or.more.gratuitous.ARPs.on.
f3880	74 68 65 20 6e 65 77 6c 79 20 61 63 74 69 76 65 20 73 6c 61 76 65 2e 20 4f 6e 65 20 67 72 61 74	the.newly.active.slave..One.grat
f38a0	75 69 74 6f 75 73 20 41 52 50 20 69 73 20 69 73 73 75 65 64 20 66 6f 72 20 74 68 65 20 62 6f 6e	uitous.ARP.is.issued.for.the.bon
f38c0	64 69 6e 67 20 6d 61 73 74 65 72 20 69 6e 74 65 72 66 61 63 65 20 61 6e 64 20 65 61 63 68 20 56	ding.master.interface.and.each.V
f38e0	4c 41 4e 20 69 6e 74 65 72 66 61 63 65 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 62 6f 76 65 20	LAN.interfaces.configured.above.
f3900	69 74 2c 20 70 72 6f 76 69 64 65 64 20 74 68 61 74 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20	it,.provided.that.the.interface.
f3920	68 61 73 20 61 74 20 6c 65 61 73 74 20 6f 6e 65 20 49 50 20 61 64 64 72 65 73 73 20 63 6f 6e 66	has.at.least.one.IP.address.conf
f3940	69 67 75 72 65 64 2e 20 47 72 61 74 75 69 74 6f 75 73 20 41 52 50 73 20 69 73 73 75 65 64 20 66	igured..Gratuitous.ARPs.issued.f
f3960	6f 72 20 56 4c 41 4e 20 69 6e 74 65 72 66 61 63 65 73 20 61 72 65 20 74 61 67 67 65 64 20 77 69	or.VLAN.interfaces.are.tagged.wi
f3980	74 68 20 74 68 65 20 61 70 70 72 6f 70 72 69 61 74 65 20 56 4c 41 4e 20 69 64 2e 00 57 68 65 6e	th.the.appropriate.VLAN.id..When
f39a0	20 61 20 6c 69 6e 6b 20 69 73 20 72 65 63 6f 6e 6e 65 63 74 65 64 20 6f 72 20 61 20 6e 65 77 20	.a.link.is.reconnected.or.a.new.
f39c0	73 6c 61 76 65 20 6a 6f 69 6e 73 20 74 68 65 20 62 6f 6e 64 20 74 68 65 20 72 65 63 65 69 76 65	slave.joins.the.bond.the.receive
f39e0	20 74 72 61 66 66 69 63 20 69 73 20 72 65 64 69 73 74 72 69 62 75 74 65 64 20 61 6d 6f 6e 67 20	.traffic.is.redistributed.among.
f3a00	61 6c 6c 20 61 63 74 69 76 65 20 73 6c 61 76 65 73 20 69 6e 20 74 68 65 20 62 6f 6e 64 20 62 79	all.active.slaves.in.the.bond.by
f3a20	20 69 6e 69 74 69 61 74 69 6e 67 20 41 52 50 20 52 65 70 6c 69 65 73 20 77 69 74 68 20 74 68 65	.initiating.ARP.Replies.with.the
f3a40	20 73 65 6c 65 63 74 65 64 20 4d 41 43 20 61 64 64 72 65 73 73 20 74 6f 20 65 61 63 68 20 6f 66	.selected.MAC.address.to.each.of
f3a60	20 74 68 65 20 63 6c 69 65 6e 74 73 2e 20 54 68 65 20 75 70 64 65 6c 61 79 20 70 61 72 61 6d 65	.the.clients..The.updelay.parame
f3a80	74 65 72 20 28 64 65 74 61 69 6c 65 64 20 62 65 6c 6f 77 29 20 6d 75 73 74 20 62 65 20 73 65 74	ter.(detailed.below).must.be.set
f3aa0	20 74 6f 20 61 20 76 61 6c 75 65 20 65 71 75 61 6c 20 6f 72 20 67 72 65 61 74 65 72 20 74 68 61	.to.a.value.equal.or.greater.tha
f3ac0	6e 20 74 68 65 20 73 77 69 74 63 68 27 73 20 66 6f 72 77 61 72 64 69 6e 67 20 64 65 6c 61 79 20	n.the.switch's.forwarding.delay.
f3ae0	73 6f 20 74 68 61 74 20 74 68 65 20 41 52 50 20 52 65 70 6c 69 65 73 20 73 65 6e 74 20 74 6f 20	so.that.the.ARP.Replies.sent.to.
f3b00	74 68 65 20 70 65 65 72 73 20 77 69 6c 6c 20 6e 6f 74 20 62 65 20 62 6c 6f 63 6b 65 64 20 62 79	the.peers.will.not.be.blocked.by
f3b20	20 74 68 65 20 73 77 69 74 63 68 2e 00 57 68 65 6e 20 61 20 70 61 63 6b 65 74 20 69 73 20 74 6f	.the.switch..When.a.packet.is.to
f3b40	20 62 65 20 73 65 6e 74 2c 20 69 74 20 77 69 6c 6c 20 68 61 76 65 20 74 6f 20 67 6f 20 74 68 72	.be.sent,.it.will.have.to.go.thr
f3b60	6f 75 67 68 20 74 68 61 74 20 71 75 65 75 65 2c 20 73 6f 20 74 68 65 20 70 61 63 6b 65 74 20 77	ough.that.queue,.so.the.packet.w
f3b80	69 6c 6c 20 62 65 20 70 6c 61 63 65 64 20 61 74 20 74 68 65 20 74 61 69 6c 20 6f 66 20 69 74 2e	ill.be.placed.at.the.tail.of.it.
f3ba0	20 57 68 65 6e 20 74 68 65 20 70 61 63 6b 65 74 20 63 6f 6d 70 6c 65 74 65 6c 79 20 67 6f 65 73	.When.the.packet.completely.goes
f3bc0	20 74 68 72 6f 75 67 68 20 69 74 2c 20 69 74 20 77 69 6c 6c 20 62 65 20 64 65 71 75 65 75 65 64	.through.it,.it.will.be.dequeued
f3be0	20 65 6d 70 74 79 69 6e 67 20 69 74 73 20 70 6c 61 63 65 20 69 6e 20 74 68 65 20 71 75 65 75 65	.emptying.its.place.in.the.queue
f3c00	20 61 6e 64 20 62 65 69 6e 67 20 65 76 65 6e 74 75 61 6c 6c 79 20 68 61 6e 64 65 64 20 74 6f 20	.and.being.eventually.handed.to.
f3c20	74 68 65 20 4e 49 43 20 74 6f 20 62 65 20 61 63 74 75 61 6c 6c 79 20 73 65 6e 74 20 6f 75 74 2e	the.NIC.to.be.actually.sent.out.
f3c40	00 57 68 65 6e 20 61 20 72 6f 75 74 65 20 66 61 69 6c 73 2c 20 61 20 72 6f 75 74 69 6e 67 20 75	.When.a.route.fails,.a.routing.u
f3c60	70 64 61 74 65 20 69 73 20 73 65 6e 74 20 74 6f 20 77 69 74 68 64 72 61 77 20 74 68 65 20 72 6f	pdate.is.sent.to.withdraw.the.ro
f3c80	75 74 65 20 66 72 6f 6d 20 74 68 65 20 6e 65 74 77 6f 72 6b 27 73 20 72 6f 75 74 69 6e 67 20 74	ute.from.the.network's.routing.t
f3ca0	61 62 6c 65 73 2e 20 57 68 65 6e 20 74 68 65 20 72 6f 75 74 65 20 69 73 20 72 65 2d 65 6e 61 62	ables..When.the.route.is.re-enab
f3cc0	6c 65 64 2c 20 74 68 65 20 63 68 61 6e 67 65 20 69 6e 20 61 76 61 69 6c 61 62 69 6c 69 74 79 20	led,.the.change.in.availability.
f3ce0	69 73 20 61 6c 73 6f 20 61 64 76 65 72 74 69 73 65 64 2e 20 41 20 72 6f 75 74 65 20 74 68 61 74	is.also.advertised..A.route.that
f3d00	20 63 6f 6e 74 69 6e 75 61 6c 6c 79 20 66 61 69 6c 73 20 61 6e 64 20 72 65 74 75 72 6e 73 20 72	.continually.fails.and.returns.r
f3d20	65 71 75 69 72 65 73 20 61 20 67 72 65 61 74 20 64 65 61 6c 20 6f 66 20 6e 65 74 77 6f 72 6b 20	equires.a.great.deal.of.network.
f3d40	74 72 61 66 66 69 63 20 74 6f 20 75 70 64 61 74 65 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 61 62	traffic.to.update.the.network.ab
f3d60	6f 75 74 20 74 68 65 20 72 6f 75 74 65 27 73 20 73 74 61 74 75 73 2e 00 57 68 65 6e 20 61 64 64	out.the.route's.status..When.add
f3d80	69 6e 67 20 49 50 76 36 20 72 6f 75 74 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 65 78 63	ing.IPv6.routing.information.exc
f3da0	68 61 6e 67 65 20 66 65 61 74 75 72 65 20 74 6f 20 42 47 50 2e 20 54 68 65 72 65 20 77 65 72 65	hange.feature.to.BGP..There.were
f3dc0	20 73 6f 6d 65 20 70 72 6f 70 6f 73 61 6c 73 2e 20 3a 61 62 62 72 3a 60 49 45 54 46 20 28 49 6e	.some.proposals..:abbr:`IETF.(In
f3de0	74 65 72 6e 65 74 20 45 6e 67 69 6e 65 65 72 69 6e 67 20 54 61 73 6b 20 46 6f 72 63 65 29 60 20	ternet.Engineering.Task.Force)`.
f3e00	3a 61 62 62 72 3a 60 49 44 52 20 28 49 6e 74 65 72 20 44 6f 6d 61 69 6e 20 52 6f 75 74 69 6e 67	:abbr:`IDR.(Inter.Domain.Routing
f3e20	29 60 20 61 64 6f 70 74 65 64 20 61 20 70 72 6f 70 6f 73 61 6c 20 63 61 6c 6c 65 64 20 4d 75 6c	)`.adopted.a.proposal.called.Mul
f3e40	74 69 70 72 6f 74 6f 63 6f 6c 20 45 78 74 65 6e 73 69 6f 6e 20 66 6f 72 20 42 47 50 2e 20 54 68	tiprotocol.Extension.for.BGP..Th
f3e60	65 20 73 70 65 63 69 66 69 63 61 74 69 6f 6e 20 69 73 20 64 65 73 63 72 69 62 65 64 20 69 6e 20	e.specification.is.described.in.
f3e80	3a 72 66 63 3a 60 32 32 38 33 60 2e 20 54 68 65 20 70 72 6f 74 6f 63 6f 6c 20 64 6f 65 73 20 6e	:rfc:`2283`..The.protocol.does.n
f3ea0	6f 74 20 64 65 66 69 6e 65 20 6e 65 77 20 70 72 6f 74 6f 63 6f 6c 73 2e 20 49 74 20 64 65 66 69	ot.define.new.protocols..It.defi
f3ec0	6e 65 73 20 6e 65 77 20 61 74 74 72 69 62 75 74 65 73 20 74 6f 20 65 78 69 73 74 69 6e 67 20 42	nes.new.attributes.to.existing.B
f3ee0	47 50 2e 20 57 68 65 6e 20 69 74 20 69 73 20 75 73 65 64 20 65 78 63 68 61 6e 67 69 6e 67 20 49	GP..When.it.is.used.exchanging.I
f3f00	50 76 36 20 72 6f 75 74 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 69 74 20 69 73 20 63 61	Pv6.routing.information.it.is.ca
f3f20	6c 6c 65 64 20 42 47 50 2d 34 2b 2e 20 57 68 65 6e 20 69 74 20 69 73 20 75 73 65 64 20 66 6f 72	lled.BGP-4+..When.it.is.used.for
f3f40	20 65 78 63 68 61 6e 67 69 6e 67 20 6d 75 6c 74 69 63 61 73 74 20 72 6f 75 74 69 6e 67 20 69 6e	.exchanging.multicast.routing.in
f3f60	66 6f 72 6d 61 74 69 6f 6e 20 69 74 20 69 73 20 63 61 6c 6c 65 64 20 4d 42 47 50 2e 00 57 68 65	formation.it.is.called.MBGP..Whe
f3f80	6e 20 63 6f 6e 66 69 67 75 72 65 64 2c 20 50 50 50 6f 45 20 77 69 6c 6c 20 63 72 65 61 74 65 20	n.configured,.PPPoE.will.create.
f3fa0	74 68 65 20 6e 65 63 65 73 73 61 72 79 20 56 4c 41 4e 73 20 77 68 65 6e 20 72 65 71 75 69 72 65	the.necessary.VLANs.when.require
f3fc0	64 2e 20 4f 6e 63 65 20 74 68 65 20 75 73 65 72 20 73 65 73 73 69 6f 6e 20 68 61 73 20 62 65 65	d..Once.the.user.session.has.bee
f3fe0	6e 20 63 61 6e 63 65 6c 6c 65 64 20 61 6e 64 20 74 68 65 20 56 4c 41 4e 20 69 73 20 6e 6f 74 20	n.cancelled.and.the.VLAN.is.not.
f4000	6e 65 65 64 65 64 20 61 6e 79 6d 6f 72 65 2c 20 56 79 4f 53 20 77 69 6c 6c 20 72 65 6d 6f 76 65	needed.anymore,.VyOS.will.remove
f4020	20 69 74 20 61 67 61 69 6e 2e 00 57 68 65 6e 20 63 6f 6e 66 69 67 75 72 69 6e 67 20 61 20 52 61	.it.again..When.configuring.a.Ra
f4040	6e 64 6f 6d 2d 44 65 74 65 63 74 20 70 6f 6c 69 63 79 3a 20 2a 2a 74 68 65 20 68 69 67 68 65 72	ndom-Detect.policy:.**the.higher
f4060	20 74 68 65 20 70 72 65 63 65 64 65 6e 63 65 20 6e 75 6d 62 65 72 2c 20 74 68 65 20 68 69 67 68	.the.precedence.number,.the.high
f4080	65 72 20 74 68 65 20 70 72 69 6f 72 69 74 79 2a 2a 2e 00 57 68 65 6e 20 63 6f 6e 66 69 67 75 72	er.the.priority**..When.configur
f40a0	69 6e 67 20 79 6f 75 72 20 66 69 6c 74 65 72 2c 20 79 6f 75 20 63 61 6e 20 75 73 65 20 74 68 65	ing.your.filter,.you.can.use.the
f40c0	20 60 60 54 61 62 60 60 20 6b 65 79 20 74 6f 20 73 65 65 20 74 68 65 20 6d 61 6e 79 20 64 69 66	.``Tab``.key.to.see.the.many.dif
f40e0	66 65 72 65 6e 74 20 70 61 72 61 6d 65 74 65 72 73 20 79 6f 75 20 63 61 6e 20 63 6f 6e 66 69 67	ferent.parameters.you.can.config
f4100	75 72 65 2e 00 57 68 65 6e 20 63 6f 6e 66 69 67 75 72 69 6e 67 20 79 6f 75 72 20 74 72 61 66 66	ure..When.configuring.your.traff
f4120	69 63 20 70 6f 6c 69 63 79 2c 20 79 6f 75 20 77 69 6c 6c 20 68 61 76 65 20 74 6f 20 73 65 74 20	ic.policy,.you.will.have.to.set.
f4140	64 61 74 61 20 72 61 74 65 20 76 61 6c 75 65 73 2c 20 77 61 74 63 68 20 6f 75 74 20 74 68 65 20	data.rate.values,.watch.out.the.
f4160	75 6e 69 74 73 20 79 6f 75 20 61 72 65 20 6d 61 6e 61 67 69 6e 67 2c 20 69 74 20 69 73 20 65 61	units.you.are.managing,.it.is.ea
f4180	73 79 20 74 6f 20 67 65 74 20 63 6f 6e 66 75 73 65 64 20 77 69 74 68 20 74 68 65 20 64 69 66 66	sy.to.get.confused.with.the.diff
f41a0	65 72 65 6e 74 20 70 72 65 66 69 78 65 73 20 61 6e 64 20 73 75 66 66 69 78 65 73 20 79 6f 75 20	erent.prefixes.and.suffixes.you.
f41c0	63 61 6e 20 75 73 65 2e 20 56 79 4f 53 20 77 69 6c 6c 20 61 6c 77 61 79 73 20 73 68 6f 77 20 79	can.use..VyOS.will.always.show.y
f41e0	6f 75 20 74 68 65 20 64 69 66 66 65 72 65 6e 74 20 75 6e 69 74 73 20 79 6f 75 20 63 61 6e 20 75	ou.the.different.units.you.can.u
f4200	73 65 2e 00 57 68 65 6e 20 64 65 66 69 6e 69 6e 67 20 61 20 72 75 6c 65 2c 20 69 74 20 69 73 20	se..When.defining.a.rule,.it.is.
f4220	65 6e 61 62 6c 65 20 62 79 20 64 65 66 61 75 6c 74 2e 20 49 6e 20 73 6f 6d 65 20 63 61 73 65 73	enable.by.default..In.some.cases
f4240	2c 20 69 74 20 69 73 20 75 73 65 66 75 6c 20 74 6f 20 6a 75 73 74 20 64 69 73 61 62 6c 65 20 74	,.it.is.useful.to.just.disable.t
f4260	68 65 20 72 75 6c 65 2c 20 72 61 74 68 65 72 20 74 68 61 6e 20 72 65 6d 6f 76 69 6e 67 20 69 74	he.rule,.rather.than.removing.it
f4280	2e 00 57 68 65 6e 20 64 65 66 69 6e 69 6e 67 20 74 68 65 20 74 72 61 6e 73 6c 61 74 65 64 20 61	..When.defining.the.translated.a
f42a0	64 64 72 65 73 73 2c 20 63 61 6c 6c 65 64 20 60 60 62 61 63 6b 65 6e 64 73 60 60 2c 20 61 20 60	ddress,.called.``backends``,.a.`
f42c0	60 77 65 69 67 68 74 60 60 20 6d 75 73 74 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 2e 20 54 68	`weight``.must.be.configured..Th
f42e0	69 73 20 6c 65 74 73 20 74 68 65 20 75 73 65 72 20 64 65 66 69 6e 65 20 6c 6f 61 64 20 62 61 6c	is.lets.the.user.define.load.bal
f4300	61 6e 63 65 20 64 69 73 74 72 69 62 75 74 69 6f 6e 20 61 63 63 6f 72 64 69 6e 67 20 74 6f 20 74	ance.distribution.according.to.t
f4320	68 65 69 72 20 6e 65 65 64 73 2e 20 54 68 65 6d 20 73 75 6d 20 6f 66 20 61 6c 6c 20 74 68 65 20	heir.needs..Them.sum.of.all.the.
f4340	77 65 69 67 68 74 73 20 64 65 66 69 6e 65 64 20 66 6f 72 20 74 68 65 20 62 61 63 6b 65 6e 64 73	weights.defined.for.the.backends
f4360	20 73 68 6f 75 6c 64 20 62 65 20 65 71 75 61 6c 20 74 6f 20 31 30 30 2e 20 49 6e 20 6f 64 65 72	.should.be.equal.to.100..In.oder
f4380	20 77 6f 72 64 73 2c 20 74 68 65 20 77 65 69 67 68 74 20 64 65 66 69 6e 65 64 20 66 6f 72 20 74	.words,.the.weight.defined.for.t
f43a0	68 65 20 62 61 63 6b 65 6e 64 20 69 73 20 74 68 65 20 70 65 72 63 65 6e 74 61 67 65 20 6f 66 20	he.backend.is.the.percentage.of.
f43c0	74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 74 68 61 74 20 77 69 6c 6c 20 72 65 63 65 69 76	the.connections.that.will.receiv
f43e0	65 20 73 75 63 68 20 62 61 63 6b 65 6e 64 2e 00 57 68 65 6e 20 64 65 71 75 65 75 69 6e 67 2c 20	e.such.backend..When.dequeuing,.
f4400	65 61 63 68 20 68 61 73 68 2d 62 75 63 6b 65 74 20 77 69 74 68 20 64 61 74 61 20 69 73 20 71 75	each.hash-bucket.with.data.is.qu
f4420	65 72 69 65 64 20 69 6e 20 61 20 72 6f 75 6e 64 20 72 6f 62 69 6e 20 66 61 73 68 69 6f 6e 2e 20	eried.in.a.round.robin.fashion..
f4440	59 6f 75 20 63 61 6e 20 63 6f 6e 66 69 67 75 72 65 20 74 68 65 20 6c 65 6e 67 74 68 20 6f 66 20	You.can.configure.the.length.of.
f4460	74 68 65 20 71 75 65 75 65 2e 00 57 68 65 6e 20 64 65 73 69 67 6e 69 6e 67 20 79 6f 75 72 20 4e	the.queue..When.designing.your.N
f4480	41 54 20 72 75 6c 65 73 65 74 20 6c 65 61 76 65 20 73 6f 6d 65 20 73 70 61 63 65 20 62 65 74 77	AT.ruleset.leave.some.space.betw
f44a0	65 65 6e 20 63 6f 6e 73 65 63 75 74 69 76 65 20 72 75 6c 65 73 20 66 6f 72 20 6c 61 74 65 72 20	een.consecutive.rules.for.later.
f44c0	65 78 74 65 6e 73 69 6f 6e 2e 20 59 6f 75 72 20 72 75 6c 65 73 65 74 20 63 6f 75 6c 64 20 73 74	extension..Your.ruleset.could.st
f44e0	61 72 74 20 77 69 74 68 20 6e 75 6d 62 65 72 73 20 31 30 2c 20 32 30 2c 20 33 30 2e 20 59 6f 75	art.with.numbers.10,.20,.30..You
f4500	20 74 68 75 73 20 63 61 6e 20 6c 61 74 65 72 20 65 78 74 65 6e 64 20 74 68 65 20 72 75 6c 65 73	.thus.can.later.extend.the.rules
f4520	65 74 20 61 6e 64 20 70 6c 61 63 65 20 6e 65 77 20 72 75 6c 65 73 20 62 65 74 77 65 65 6e 20 65	et.and.place.new.rules.between.e
f4540	78 69 73 74 69 6e 67 20 6f 6e 65 73 2e 00 57 68 65 6e 20 64 6f 69 6e 67 20 66 61 75 6c 74 20 69	xisting.ones..When.doing.fault.i
f4560	73 6f 6c 61 74 69 6f 6e 20 77 69 74 68 20 70 69 6e 67 2c 20 79 6f 75 20 73 68 6f 75 6c 64 20 66	solation.with.ping,.you.should.f
f4580	69 72 73 74 20 72 75 6e 20 69 74 20 6f 6e 20 74 68 65 20 6c 6f 63 61 6c 20 68 6f 73 74 2c 20 74	irst.run.it.on.the.local.host,.t
f45a0	6f 20 76 65 72 69 66 79 20 74 68 61 74 20 74 68 65 20 6c 6f 63 61 6c 20 6e 65 74 77 6f 72 6b 20	o.verify.that.the.local.network.
f45c0	69 6e 74 65 72 66 61 63 65 20 69 73 20 75 70 20 61 6e 64 20 72 75 6e 6e 69 6e 67 2e 20 54 68 65	interface.is.up.and.running..The
f45e0	6e 2c 20 63 6f 6e 74 69 6e 75 65 20 77 69 74 68 20 68 6f 73 74 73 20 61 6e 64 20 67 61 74 65 77	n,.continue.with.hosts.and.gatew
f4600	61 79 73 20 66 75 72 74 68 65 72 20 64 6f 77 6e 20 74 68 65 20 72 6f 61 64 20 74 6f 77 61 72 64	ays.further.down.the.road.toward
f4620	73 20 79 6f 75 72 20 64 65 73 74 69 6e 61 74 69 6f 6e 2e 20 52 6f 75 6e 64 2d 74 72 69 70 20 74	s.your.destination..Round-trip.t
f4640	69 6d 65 20 61 6e 64 20 70 61 63 6b 65 74 20 6c 6f 73 73 20 73 74 61 74 69 73 74 69 63 73 20 61	ime.and.packet.loss.statistics.a
f4660	72 65 20 63 6f 6d 70 75 74 65 64 2e 00 57 68 65 6e 20 6c 6f 61 64 69 6e 67 20 74 68 65 20 63 65	re.computed..When.loading.the.ce
f4680	72 74 69 66 69 63 61 74 65 20 79 6f 75 20 6e 65 65 64 20 74 6f 20 6d 61 6e 75 61 6c 6c 79 20 73	rtificate.you.need.to.manually.s
f46a0	74 72 69 70 20 74 68 65 20 60 60 2d 2d 2d 2d 2d 42 45 47 49 4e 20 43 45 52 54 49 46 49 43 41 54	trip.the.``-----BEGIN.CERTIFICAT
f46c0	45 2d 2d 2d 2d 2d 60 60 20 61 6e 64 20 60 60 2d 2d 2d 2d 2d 45 4e 44 20 43 45 52 54 49 46 49 43	E-----``.and.``-----END.CERTIFIC
f46e0	41 54 45 2d 2d 2d 2d 2d 60 60 20 74 61 67 73 2e 20 41 6c 73 6f 2c 20 74 68 65 20 63 65 72 74 69	ATE-----``.tags..Also,.the.certi
f4700	66 69 63 61 74 65 2f 6b 65 79 20 6e 65 65 64 73 20 74 6f 20 62 65 20 70 72 65 73 65 6e 74 65 64	ficate/key.needs.to.be.presented
f4720	20 69 6e 20 61 20 73 69 6e 67 6c 65 20 6c 69 6e 65 20 77 69 74 68 6f 75 74 20 6c 69 6e 65 20 62	.in.a.single.line.without.line.b
f4740	72 65 61 6b 73 20 28 60 60 5c 6e 60 60 29 2c 20 74 68 69 73 20 63 61 6e 20 62 65 20 64 6f 6e 65	reaks.(``\n``),.this.can.be.done
f4760	20 75 73 69 6e 67 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 73 68 65 6c 6c 20 63 6f 6d 6d 61	.using.the.following.shell.comma
f4780	6e 64 3a 00 57 68 65 6e 20 6c 6f 61 64 69 6e 67 20 74 68 65 20 63 65 72 74 69 66 69 63 61 74 65	nd:.When.loading.the.certificate
f47a0	20 79 6f 75 20 6e 65 65 64 20 74 6f 20 6d 61 6e 75 61 6c 6c 79 20 73 74 72 69 70 20 74 68 65 20	.you.need.to.manually.strip.the.
f47c0	60 60 2d 2d 2d 2d 2d 42 45 47 49 4e 20 4b 45 59 2d 2d 2d 2d 2d 60 60 20 61 6e 64 20 60 60 2d 2d	``-----BEGIN.KEY-----``.and.``--
f47e0	2d 2d 2d 45 4e 44 20 4b 45 59 2d 2d 2d 2d 2d 60 60 20 74 61 67 73 2e 20 41 6c 73 6f 2c 20 74 68	---END.KEY-----``.tags..Also,.th
f4800	65 20 63 65 72 74 69 66 69 63 61 74 65 2f 6b 65 79 20 6e 65 65 64 73 20 74 6f 20 62 65 20 70 72	e.certificate/key.needs.to.be.pr
f4820	65 73 65 6e 74 65 64 20 69 6e 20 61 20 73 69 6e 67 6c 65 20 6c 69 6e 65 20 77 69 74 68 6f 75 74	esented.in.a.single.line.without
f4840	20 6c 69 6e 65 20 62 72 65 61 6b 73 20 28 60 60 5c 6e 60 60 29 2c 20 74 68 69 73 20 63 61 6e 20	.line.breaks.(``\n``),.this.can.
f4860	62 65 20 64 6f 6e 65 20 75 73 69 6e 67 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 73 68 65 6c	be.done.using.the.following.shel
f4880	6c 20 63 6f 6d 6d 61 6e 64 3a 00 57 68 65 6e 20 6d 61 74 68 63 69 6e 67 20 61 6c 6c 20 70 61 74	l.command:.When.mathcing.all.pat
f48a0	74 65 72 6e 73 20 64 65 66 69 6e 65 64 20 69 6e 20 61 20 72 75 6c 65 2c 20 74 68 65 6e 20 64 69	terns.defined.in.a.rule,.then.di
f48c0	66 66 65 72 65 6e 74 20 61 63 74 69 6f 6e 73 20 63 61 6e 20 62 65 20 6d 61 64 65 2e 20 54 68 69	fferent.actions.can.be.made..Thi
f48e0	73 20 69 6e 63 6c 75 64 65 73 20 64 72 6f 70 69 6e 67 20 74 68 65 20 70 61 63 6b 65 74 2c 20 6d	s.includes.droping.the.packet,.m
f4900	6f 64 69 66 79 69 6e 67 20 63 65 72 74 61 69 6e 20 64 61 74 61 2c 20 6f 72 20 73 65 74 74 69 6e	odifying.certain.data,.or.settin
f4920	67 20 61 20 64 69 66 66 65 72 65 6e 74 20 72 6f 75 74 69 6e 67 20 74 61 62 6c 65 2e 00 57 68 65	g.a.different.routing.table..Whe
f4940	6e 20 6e 6f 20 6f 70 74 69 6f 6e 73 2f 70 61 72 61 6d 65 74 65 72 73 20 61 72 65 20 75 73 65 64	n.no.options/parameters.are.used
f4960	2c 20 74 68 65 20 63 6f 6e 74 65 6e 74 73 20 6f 66 20 74 68 65 20 6d 61 69 6e 20 73 79 73 6c 6f	,.the.contents.of.the.main.syslo
f4980	67 20 66 69 6c 65 20 61 72 65 20 64 69 73 70 6c 61 79 65 64 2e 00 57 68 65 6e 20 6e 6f 2d 72 65	g.file.are.displayed..When.no-re
f49a0	6c 65 61 73 65 20 69 73 20 73 70 65 63 69 66 69 65 64 2c 20 64 68 63 70 36 63 20 77 69 6c 6c 20	lease.is.specified,.dhcp6c.will.
f49c0	73 65 6e 64 20 61 20 72 65 6c 65 61 73 65 20 6d 65 73 73 61 67 65 20 6f 6e 20 63 6c 69 65 6e 74	send.a.release.message.on.client
f49e0	20 65 78 69 74 20 74 6f 20 70 72 65 76 65 6e 74 20 6c 6f 73 69 6e 67 20 61 6e 20 61 73 73 69 67	.exit.to.prevent.losing.an.assig
f4a00	6e 65 64 20 61 64 64 72 65 73 73 20 6f 72 20 70 72 65 66 69 78 2e 00 57 68 65 6e 20 72 61 70 69	ned.address.or.prefix..When.rapi
f4a20	64 2d 63 6f 6d 6d 69 74 20 69 73 20 73 70 65 63 69 66 69 65 64 2c 20 64 68 63 70 36 63 20 77 69	d-commit.is.specified,.dhcp6c.wi
f4a40	6c 6c 20 69 6e 63 6c 75 64 65 20 61 20 72 61 70 69 64 2d 63 6f 6d 6d 69 74 20 6f 70 74 69 6f 6e	ll.include.a.rapid-commit.option
f4a60	20 69 6e 20 73 6f 6c 69 63 69 74 20 6d 65 73 73 61 67 65 73 20 61 6e 64 20 77 61 69 74 20 66 6f	.in.solicit.messages.and.wait.fo
f4a80	72 20 61 6e 20 69 6d 6d 65 64 69 61 74 65 20 72 65 70 6c 79 20 69 6e 73 74 65 61 64 20 6f 66 20	r.an.immediate.reply.instead.of.
f4aa0	61 64 76 65 72 74 69 73 65 6d 65 6e 74 73 2e 00 57 68 65 6e 20 72 65 6d 6f 74 65 20 70 65 65 72	advertisements..When.remote.peer
f4ac0	20 64 6f 65 73 20 6e 6f 74 20 68 61 76 65 20 63 61 70 61 62 69 6c 69 74 79 20 6e 65 67 6f 74 69	.does.not.have.capability.negoti
f4ae0	61 74 69 6f 6e 20 66 65 61 74 75 72 65 2c 20 72 65 6d 6f 74 65 20 70 65 65 72 20 77 69 6c 6c 20	ation.feature,.remote.peer.will.
f4b00	6e 6f 74 20 73 65 6e 64 20 61 6e 79 20 63 61 70 61 62 69 6c 69 74 69 65 73 20 61 74 20 61 6c 6c	not.send.any.capabilities.at.all
f4b20	2e 20 49 6e 20 74 68 61 74 20 63 61 73 65 2c 20 62 67 70 20 63 6f 6e 66 69 67 75 72 65 73 20 74	..In.that.case,.bgp.configures.t
f4b40	68 65 20 70 65 65 72 20 77 69 74 68 20 63 6f 6e 66 69 67 75 72 65 64 20 63 61 70 61 62 69 6c 69	he.peer.with.configured.capabili
f4b60	74 69 65 73 2e 00 57 68 65 6e 20 72 75 6e 6e 69 6e 67 20 69 74 20 61 74 20 31 47 62 69 74 20 61	ties..When.running.it.at.1Gbit.a
f4b80	6e 64 20 6c 6f 77 65 72 2c 20 79 6f 75 20 6d 61 79 20 77 61 6e 74 20 74 6f 20 72 65 64 75 63 65	nd.lower,.you.may.want.to.reduce
f4ba0	20 74 68 65 20 60 71 75 65 75 65 2d 6c 69 6d 69 74 60 20 74 6f 20 31 30 30 30 20 70 61 63 6b 65	.the.`queue-limit`.to.1000.packe
f4bc0	74 73 20 6f 72 20 6c 65 73 73 2e 20 49 6e 20 72 61 74 65 73 20 6c 69 6b 65 20 31 30 4d 62 69 74	ts.or.less..In.rates.like.10Mbit
f4be0	2c 20 79 6f 75 20 6d 61 79 20 77 61 6e 74 20 74 6f 20 73 65 74 20 69 74 20 74 6f 20 36 30 30 20	,.you.may.want.to.set.it.to.600.
f4c00	70 61 63 6b 65 74 73 2e 00 57 68 65 6e 20 73 65 74 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20	packets..When.set.the.interface.
f4c20	69 73 20 65 6e 61 62 6c 65 64 20 66 6f 72 20 22 64 69 61 6c 2d 6f 6e 2d 64 65 6d 61 6e 64 22 2e	is.enabled.for."dial-on-demand".
f4c40	00 57 68 65 6e 20 73 70 65 63 69 66 69 65 64 2c 20 74 68 69 73 20 73 68 6f 75 6c 64 20 62 65 20	.When.specified,.this.should.be.
f4c60	74 68 65 20 6f 6e 6c 79 20 6b 65 79 77 6f 72 64 20 66 6f 72 20 74 68 65 20 69 6e 74 65 72 66 61	the.only.keyword.for.the.interfa
f4c80	63 65 2e 00 57 68 65 6e 20 73 74 61 72 74 69 6e 67 20 61 20 56 79 4f 53 20 6c 69 76 65 20 73 79	ce..When.starting.a.VyOS.live.sy
f4ca0	73 74 65 6d 20 28 74 68 65 20 69 6e 73 74 61 6c 6c 61 74 69 6f 6e 20 43 44 29 20 74 68 65 20 63	stem.(the.installation.CD).the.c
f4cc0	6f 6e 66 69 67 75 72 65 64 20 6b 65 79 62 6f 61 72 64 20 6c 61 79 6f 75 74 20 64 65 66 61 75 6c	onfigured.keyboard.layout.defaul
f4ce0	74 73 20 74 6f 20 55 53 2e 20 41 73 20 74 68 69 73 20 6d 69 67 68 74 20 6e 6f 74 20 73 75 69 74	ts.to.US..As.this.might.not.suit
f4d00	65 20 65 76 65 72 79 6f 6e 65 73 20 75 73 65 20 63 61 73 65 20 79 6f 75 20 63 61 6e 20 61 64 6a	e.everyones.use.case.you.can.adj
f4d20	75 73 74 20 74 68 65 20 75 73 65 64 20 6b 65 79 62 6f 61 72 64 20 6c 61 79 6f 75 74 20 6f 6e 20	ust.the.used.keyboard.layout.on.
f4d40	74 68 65 20 73 79 73 74 65 6d 20 63 6f 6e 73 6f 6c 65 2e 00 57 68 65 6e 20 74 68 65 20 44 48 43	the.system.console..When.the.DHC
f4d60	50 20 73 65 72 76 65 72 20 69 73 20 63 6f 6e 73 69 64 65 72 69 6e 67 20 64 79 6e 61 6d 69 63 61	P.server.is.considering.dynamica
f4d80	6c 6c 79 20 61 6c 6c 6f 63 61 74 69 6e 67 20 61 6e 20 49 50 20 61 64 64 72 65 73 73 20 74 6f 20	lly.allocating.an.IP.address.to.
f4da0	61 20 63 6c 69 65 6e 74 2c 20 69 74 20 66 69 72 73 74 20 73 65 6e 64 73 20 61 6e 20 49 43 4d 50	a.client,.it.first.sends.an.ICMP
f4dc0	20 45 63 68 6f 20 72 65 71 75 65 73 74 20 28 61 20 70 69 6e 67 29 20 74 6f 20 74 68 65 20 61 64	.Echo.request.(a.ping).to.the.ad
f4de0	64 72 65 73 73 20 62 65 69 6e 67 20 61 73 73 69 67 6e 65 64 2e 20 49 74 20 77 61 69 74 73 20 66	dress.being.assigned..It.waits.f
f4e00	6f 72 20 61 20 73 65 63 6f 6e 64 2c 20 61 6e 64 20 69 66 20 6e 6f 20 49 43 4d 50 20 45 63 68 6f	or.a.second,.and.if.no.ICMP.Echo
f4e20	20 72 65 73 70 6f 6e 73 65 20 68 61 73 20 62 65 65 6e 20 68 65 61 72 64 2c 20 69 74 20 61 73 73	.response.has.been.heard,.it.ass
f4e40	69 67 6e 73 20 74 68 65 20 61 64 64 72 65 73 73 2e 00 57 68 65 6e 20 74 68 65 20 63 6c 6f 73 65	igns.the.address..When.the.close
f4e60	2d 61 63 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 73 20 73 65 74 20 6f 6e 20 74 68 65 20 70 65 65	-action.option.is.set.on.the.pee
f4e80	72 73 2c 20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 2d 74 79 70 65 20 6f 66 20 65 61 63 68 20	rs,.the.connection-type.of.each.
f4ea0	70 65 65 72 20 68 61 73 20 74 6f 20 63 6f 6e 73 69 64 65 72 65 64 20 63 61 72 65 66 75 6c 6c 79	peer.has.to.considered.carefully
f4ec0	2e 20 46 6f 72 20 65 78 61 6d 70 6c 65 2c 20 69 66 20 74 68 65 20 6f 70 74 69 6f 6e 20 69 73 20	..For.example,.if.the.option.is.
f4ee0	73 65 74 20 6f 6e 20 62 6f 74 68 20 70 65 65 72 73 2c 20 74 68 65 6e 20 62 6f 74 68 20 77 6f 75	set.on.both.peers,.then.both.wou
f4f00	6c 64 20 61 74 74 65 6d 70 74 20 74 6f 20 69 6e 69 74 69 61 74 65 20 61 6e 64 20 68 6f 6c 64 20	ld.attempt.to.initiate.and.hold.
f4f20	6f 70 65 6e 20 6d 75 6c 74 69 70 6c 65 20 63 6f 70 69 65 73 20 6f 66 20 65 61 63 68 20 63 68 69	open.multiple.copies.of.each.chi
f4f40	6c 64 20 53 41 2e 20 54 68 69 73 20 6d 69 67 68 74 20 6c 65 61 64 20 74 6f 20 69 6e 73 74 61 62	ld.SA..This.might.lead.to.instab
f4f60	69 6c 69 74 79 20 6f 66 20 74 68 65 20 64 65 76 69 63 65 20 6f 72 20 63 70 75 2f 6d 65 6d 6f 72	ility.of.the.device.or.cpu/memor
f4f80	79 20 75 74 69 6c 69 7a 61 74 69 6f 6e 2e 00 57 68 65 6e 20 74 68 65 20 63 6f 6d 6d 61 6e 64 20	y.utilization..When.the.command.
f4fa0	61 62 6f 76 65 20 69 73 20 73 65 74 2c 20 56 79 4f 53 20 77 69 6c 6c 20 61 6e 73 77 65 72 20 65	above.is.set,.VyOS.will.answer.e
f4fc0	76 65 72 79 20 49 43 4d 50 20 65 63 68 6f 20 72 65 71 75 65 73 74 20 61 64 64 72 65 73 73 65 64	very.ICMP.echo.request.addressed
f4fe0	20 74 6f 20 69 74 73 65 6c 66 2c 20 62 75 74 20 74 68 61 74 20 77 69 6c 6c 20 6f 6e 6c 79 20 68	.to.itself,.but.that.will.only.h
f5000	61 70 70 65 6e 20 69 66 20 6e 6f 20 6f 74 68 65 72 20 72 75 6c 65 20 69 73 20 61 70 70 6c 69 65	appen.if.no.other.rule.is.applie
f5020	64 20 64 72 6f 70 70 69 6e 67 20 6f 72 20 72 65 6a 65 63 74 69 6e 67 20 6c 6f 63 61 6c 20 65 63	d.dropping.or.rejecting.local.ec
f5040	68 6f 20 72 65 71 75 65 73 74 73 2e 20 49 6e 20 63 61 73 65 20 6f 66 20 63 6f 6e 66 6c 69 63 74	ho.requests..In.case.of.conflict
f5060	2c 20 56 79 4f 53 20 77 69 6c 6c 20 6e 6f 74 20 61 6e 73 77 65 72 20 49 43 4d 50 20 65 63 68 6f	,.VyOS.will.not.answer.ICMP.echo
f5080	20 72 65 71 75 65 73 74 73 2e 00 57 68 65 6e 20 74 68 65 20 63 6f 6d 6d 61 6e 64 20 61 62 6f 76	.requests..When.the.command.abov
f50a0	65 20 69 73 20 73 65 74 2c 20 56 79 4f 53 20 77 69 6c 6c 20 61 6e 73 77 65 72 20 6e 6f 20 49 43	e.is.set,.VyOS.will.answer.no.IC
f50c0	4d 50 20 65 63 68 6f 20 72 65 71 75 65 73 74 20 61 64 64 72 65 73 73 65 64 20 74 6f 20 69 74 73	MP.echo.request.addressed.to.its
f50e0	65 6c 66 20 61 74 20 61 6c 6c 2c 20 6e 6f 20 6d 61 74 74 65 72 20 77 68 65 72 65 20 69 74 20 63	elf.at.all,.no.matter.where.it.c
f5100	6f 6d 65 73 20 66 72 6f 6d 20 6f 72 20 77 68 65 74 68 65 72 20 6d 6f 72 65 20 73 70 65 63 69 66	omes.from.or.whether.more.specif
f5120	69 63 20 72 75 6c 65 73 20 61 72 65 20 62 65 69 6e 67 20 61 70 70 6c 69 65 64 20 74 6f 20 61 63	ic.rules.are.being.applied.to.ac
f5140	63 65 70 74 20 74 68 65 6d 2e 00 57 68 65 6e 20 75 73 69 6e 67 20 44 48 43 50 20 74 6f 20 72 65	cept.them..When.using.DHCP.to.re
f5160	74 72 69 65 76 65 20 49 50 76 34 20 61 64 64 72 65 73 73 20 61 6e 64 20 69 66 20 6c 6f 63 61 6c	trieve.IPv4.address.and.if.local
f5180	20 63 75 73 74 6f 6d 69 7a 61 74 69 6f 6e 73 20 61 72 65 20 6e 65 65 64 65 64 2c 20 74 68 65 79	.customizations.are.needed,.they
f51a0	20 73 68 6f 75 6c 64 20 62 65 20 70 6f 73 73 69 62 6c 65 20 75 73 69 6e 67 20 74 68 65 20 65 6e	.should.be.possible.using.the.en
f51c0	74 65 72 20 61 6e 64 20 65 78 69 74 20 68 6f 6f 6b 73 20 70 72 6f 76 69 64 65 64 2e 20 54 68 65	ter.and.exit.hooks.provided..The
f51e0	20 68 6f 6f 6b 20 64 69 72 73 20 61 72 65 3a 00 57 68 65 6e 20 75 73 69 6e 67 20 45 56 45 2d 4e	.hook.dirs.are:.When.using.EVE-N
f5200	47 20 74 6f 20 6c 61 62 20 74 68 69 73 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 20 65 6e 73 75 72 65	G.to.lab.this.environment.ensure
f5220	20 79 6f 75 20 61 72 65 20 75 73 69 6e 67 20 65 31 30 30 30 20 61 73 20 74 68 65 20 64 65 73 69	.you.are.using.e1000.as.the.desi
f5240	72 65 64 20 64 72 69 76 65 72 20 66 6f 72 20 79 6f 75 72 20 56 79 4f 53 20 6e 65 74 77 6f 72 6b	red.driver.for.your.VyOS.network
f5260	20 69 6e 74 65 72 66 61 63 65 73 2e 20 57 68 65 6e 20 75 73 69 6e 67 20 74 68 65 20 72 65 67 75	.interfaces..When.using.the.regu
f5280	6c 61 72 20 76 69 72 74 69 6f 20 6e 65 74 77 6f 72 6b 20 64 72 69 76 65 72 20 6e 6f 20 4c 41 43	lar.virtio.network.driver.no.LAC
f52a0	50 20 50 44 55 73 20 77 69 6c 6c 20 62 65 20 73 65 6e 74 20 62 79 20 56 79 4f 53 20 74 68 75 73	P.PDUs.will.be.sent.by.VyOS.thus
f52c0	20 74 68 65 20 70 6f 72 74 2d 63 68 61 6e 6e 65 6c 20 77 69 6c 6c 20 6e 65 76 65 72 20 62 65 63	.the.port-channel.will.never.bec
f52e0	6f 6d 65 20 61 63 74 69 76 65 21 00 57 68 65 6e 20 75 73 69 6e 67 20 4e 41 54 20 66 6f 72 20 61	ome.active!.When.using.NAT.for.a
f5300	20 6c 61 72 67 65 20 6e 75 6d 62 65 72 20 6f 66 20 68 6f 73 74 20 73 79 73 74 65 6d 73 20 69 74	.large.number.of.host.systems.it
f5320	20 72 65 63 6f 6d 6d 65 6e 64 65 64 20 74 68 61 74 20 61 20 6d 69 6e 69 6d 75 6d 20 6f 66 20 31	.recommended.that.a.minimum.of.1
f5340	20 49 50 20 61 64 64 72 65 73 73 20 69 73 20 75 73 65 64 20 74 6f 20 4e 41 54 20 65 76 65 72 79	.IP.address.is.used.to.NAT.every
f5360	20 32 35 36 20 68 6f 73 74 20 73 79 73 74 65 6d 73 2e 20 54 68 69 73 20 69 73 20 64 75 65 20 74	.256.host.systems..This.is.due.t
f5380	6f 20 74 68 65 20 6c 69 6d 69 74 20 6f 66 20 36 35 2c 30 30 30 20 70 6f 72 74 20 6e 75 6d 62 65	o.the.limit.of.65,000.port.numbe
f53a0	72 73 20 61 76 61 69 6c 61 62 6c 65 20 66 6f 72 20 75 6e 69 71 75 65 20 74 72 61 6e 73 6c 61 74	rs.available.for.unique.translat
f53c0	69 6f 6e 73 20 61 6e 64 20 61 20 72 65 73 65 72 76 69 6e 67 20 61 6e 20 61 76 65 72 61 67 65 20	ions.and.a.reserving.an.average.
f53e0	6f 66 20 32 30 30 2d 33 30 30 20 73 65 73 73 69 6f 6e 73 20 70 65 72 20 68 6f 73 74 20 73 79 73	of.200-300.sessions.per.host.sys
f5400	74 65 6d 2e 00 57 68 65 6e 20 75 73 69 6e 67 20 4e 41 54 20 66 6f 72 20 61 20 6c 61 72 67 65 20	tem..When.using.NAT.for.a.large.
f5420	6e 75 6d 62 65 72 20 6f 66 20 68 6f 73 74 20 73 79 73 74 65 6d 73 20 69 74 20 72 65 63 6f 6d 6d	number.of.host.systems.it.recomm
f5440	65 6e 64 65 64 20 74 68 61 74 20 61 20 6d 69 6e 69 6d 75 6d 20 6f 66 20 31 20 49 50 20 61 64 64	ended.that.a.minimum.of.1.IP.add
f5460	72 65 73 73 20 69 73 20 75 73 65 64 20 74 6f 20 4e 41 54 20 65 76 65 72 79 20 32 35 36 20 70 72	ress.is.used.to.NAT.every.256.pr
f5480	69 76 61 74 65 20 68 6f 73 74 20 73 79 73 74 65 6d 73 2e 20 54 68 69 73 20 69 73 20 64 75 65 20	ivate.host.systems..This.is.due.
f54a0	74 6f 20 74 68 65 20 6c 69 6d 69 74 20 6f 66 20 36 35 2c 30 30 30 20 70 6f 72 74 20 6e 75 6d 62	to.the.limit.of.65,000.port.numb
f54c0	65 72 73 20 61 76 61 69 6c 61 62 6c 65 20 66 6f 72 20 75 6e 69 71 75 65 20 74 72 61 6e 73 6c 61	ers.available.for.unique.transla
f54e0	74 69 6f 6e 73 20 61 6e 64 20 61 20 72 65 73 65 72 76 69 6e 67 20 61 6e 20 61 76 65 72 61 67 65	tions.and.a.reserving.an.average
f5500	20 6f 66 20 32 30 30 2d 33 30 30 20 73 65 73 73 69 6f 6e 73 20 70 65 72 20 68 6f 73 74 20 73 79	.of.200-300.sessions.per.host.sy
f5520	73 74 65 6d 2e 00 57 68 65 6e 20 75 73 69 6e 67 20 53 53 48 2c 20 6b 6e 6f 77 6e 2d 68 6f 73 74	stem..When.using.SSH,.known-host
f5540	73 2d 66 69 6c 65 2c 20 70 72 69 76 61 74 65 2d 6b 65 79 2d 66 69 6c 65 20 61 6e 64 20 70 75 62	s-file,.private-key-file.and.pub
f5560	6c 69 63 2d 6b 65 79 2d 66 69 6c 65 20 61 72 65 20 6d 61 6e 64 61 74 6f 72 79 20 6f 70 74 69 6f	lic-key-file.are.mandatory.optio
f5580	6e 73 2e 00 57 68 65 6e 20 75 73 69 6e 67 20 54 69 6d 65 2d 62 61 73 65 64 20 6f 6e 65 2d 74 69	ns..When.using.Time-based.one-ti
f55a0	6d 65 20 70 61 73 73 77 6f 72 64 20 28 54 4f 54 50 29 20 28 4f 54 50 20 48 4f 54 50 2d 74 69 6d	me.password.(TOTP).(OTP.HOTP-tim
f55c0	65 29 2c 20 62 65 20 73 75 72 65 20 74 68 61 74 20 74 68 65 20 74 69 6d 65 20 6f 6e 20 74 68 65	e),.be.sure.that.the.time.on.the
f55e0	20 73 65 72 76 65 72 20 61 6e 64 20 74 68 65 20 4f 54 50 20 74 6f 6b 65 6e 20 67 65 6e 65 72 61	.server.and.the.OTP.token.genera
f5600	74 6f 72 20 61 72 65 20 73 79 6e 63 68 72 6f 6e 69 7a 65 64 20 62 79 20 4e 54 50 00 57 68 65 6e	tor.are.synchronized.by.NTP.When
f5620	20 75 73 69 6e 67 20 73 69 74 65 2d 74 6f 2d 73 69 74 65 20 49 50 73 65 63 20 77 69 74 68 20 56	.using.site-to-site.IPsec.with.V
f5640	54 49 20 69 6e 74 65 72 66 61 63 65 73 2c 20 62 65 20 73 75 72 65 20 74 6f 20 64 69 73 61 62 6c	TI.interfaces,.be.sure.to.disabl
f5660	65 20 72 6f 75 74 65 20 61 75 74 6f 69 6e 73 74 61 6c 6c 00 57 68 65 6e 20 75 74 69 6c 69 7a 69	e.route.autoinstall.When.utilizi
f5680	6e 67 20 56 79 4f 53 20 69 6e 20 61 6e 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 20 77 69 74 68 20 41	ng.VyOS.in.an.environment.with.A
f56a0	72 69 73 74 61 20 67 65 61 72 20 79 6f 75 20 63 61 6e 20 75 73 65 20 74 68 69 73 20 62 6c 75 65	rista.gear.you.can.use.this.blue
f56c0	20 70 72 69 6e 74 20 61 73 20 61 6e 20 69 6e 69 74 69 61 6c 20 73 65 74 75 70 20 74 6f 20 67 65	.print.as.an.initial.setup.to.ge
f56e0	74 20 61 6e 20 4c 41 43 50 20 62 6f 6e 64 20 2f 20 70 6f 72 74 2d 63 68 61 6e 6e 65 6c 20 6f 70	t.an.LACP.bond./.port-channel.op
f5700	65 72 61 74 69 6f 6e 61 6c 20 62 65 74 77 65 65 6e 20 74 68 6f 73 65 20 74 77 6f 20 64 65 76 69	erational.between.those.two.devi
f5720	63 65 73 2e 00 57 68 65 72 65 20 62 6f 74 68 20 72 6f 75 74 65 73 20 77 65 72 65 20 72 65 63 65	ces..Where.both.routes.were.rece
f5740	69 76 65 64 20 66 72 6f 6d 20 65 42 47 50 20 70 65 65 72 73 2c 20 74 68 65 6e 20 70 72 65 66 65	ived.from.eBGP.peers,.then.prefe
f5760	72 20 74 68 65 20 72 6f 75 74 65 20 77 68 69 63 68 20 69 73 20 61 6c 72 65 61 64 79 20 73 65 6c	r.the.route.which.is.already.sel
f5780	65 63 74 65 64 2e 20 4e 6f 74 65 20 74 68 61 74 20 74 68 69 73 20 63 68 65 63 6b 20 69 73 20 6e	ected..Note.that.this.check.is.n
f57a0	6f 74 20 61 70 70 6c 69 65 64 20 69 66 20 3a 63 66 67 63 6d 64 3a 60 62 67 70 20 62 65 73 74 70	ot.applied.if.:cfgcmd:`bgp.bestp
f57c0	61 74 68 20 63 6f 6d 70 61 72 65 2d 72 6f 75 74 65 72 69 64 60 20 69 73 20 63 6f 6e 66 69 67 75	ath.compare-routerid`.is.configu
f57e0	72 65 64 2e 20 54 68 69 73 20 63 68 65 63 6b 20 63 61 6e 20 70 72 65 76 65 6e 74 20 73 6f 6d 65	red..This.check.can.prevent.some
f5800	20 63 61 73 65 73 20 6f 66 20 6f 73 63 69 6c 6c 61 74 69 6f 6e 2e 00 57 68 65 72 65 20 72 6f 75	.cases.of.oscillation..Where.rou
f5820	74 65 73 20 77 69 74 68 20 61 20 4d 45 44 20 77 65 72 65 20 72 65 63 65 69 76 65 64 20 66 72 6f	tes.with.a.MED.were.received.fro
f5840	6d 20 74 68 65 20 73 61 6d 65 20 41 53 2c 20 70 72 65 66 65 72 20 74 68 65 20 72 6f 75 74 65 20	m.the.same.AS,.prefer.the.route.
f5860	77 69 74 68 20 74 68 65 20 6c 6f 77 65 73 74 20 4d 45 44 2e 00 57 68 65 72 65 2c 20 6d 61 69 6e	with.the.lowest.MED..Where,.main
f5880	20 6b 65 79 20 77 6f 72 64 73 20 61 6e 64 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 70 61 74	.key.words.and.configuration.pat
f58a0	68 73 20 74 68 61 74 20 6e 65 65 64 73 20 74 6f 20 62 65 20 75 6e 64 65 72 73 74 6f 6f 64 3a 00	hs.that.needs.to.be.understood:.
f58c0	57 68 65 74 68 65 72 20 74 6f 20 61 63 63 65 70 74 20 44 41 44 20 28 44 75 70 6c 69 63 61 74 65	Whether.to.accept.DAD.(Duplicate
f58e0	20 41 64 64 72 65 73 73 20 44 65 74 65 63 74 69 6f 6e 29 2e 00 57 68 69 63 68 20 67 65 6e 65 72	.Address.Detection)..Which.gener
f5900	61 74 65 73 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e	ates.the.following.configuration
f5920	3a 00 57 68 69 63 68 20 72 65 73 75 6c 74 73 20 69 6e 20 61 20 63 6f 6e 66 69 67 75 72 61 74 69	:.Which.results.in.a.configurati
f5940	6f 6e 20 6f 66 3a 00 57 68 69 63 68 20 77 6f 75 6c 64 20 67 65 6e 65 72 61 74 65 20 74 68 65 20	on.of:.Which.would.generate.the.
f5960	66 6f 6c 6c 6f 77 69 6e 67 20 4e 41 54 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 63 6f 6e 66 69 67	following.NAT.destination.config
f5980	75 72 61 74 69 6f 6e 3a 00 57 68 69 6c 65 20 2a 2a 6e 65 74 77 6f 72 6b 20 67 72 6f 75 70 73 2a	uration:.While.**network.groups*
f59a0	2a 20 61 63 63 65 70 74 20 49 50 20 6e 65 74 77 6f 72 6b 73 20 69 6e 20 43 49 44 52 20 6e 6f 74	*.accept.IP.networks.in.CIDR.not
f59c0	61 74 69 6f 6e 2c 20 73 70 65 63 69 66 69 63 20 49 50 20 61 64 64 72 65 73 73 65 73 20 63 61 6e	ation,.specific.IP.addresses.can
f59e0	20 62 65 20 61 64 64 65 64 20 61 73 20 61 20 33 32 2d 62 69 74 20 70 72 65 66 69 78 2e 20 49 66	.be.added.as.a.32-bit.prefix..If
f5a00	20 79 6f 75 20 66 6f 72 65 73 65 65 20 74 68 65 20 6e 65 65 64 20 74 6f 20 61 64 64 20 61 20 6d	.you.foresee.the.need.to.add.a.m
f5a20	69 78 20 6f 66 20 61 64 64 72 65 73 73 65 73 20 61 6e 64 20 6e 65 74 77 6f 72 6b 73 2c 20 74 68	ix.of.addresses.and.networks,.th
f5a40	65 20 6e 65 74 77 6f 72 6b 20 67 72 6f 75 70 20 69 73 20 72 65 63 6f 6d 6d 65 6e 64 65 64 2e 00	e.network.group.is.recommended..
f5a60	57 68 69 6c 65 20 6d 61 6e 79 20 61 72 65 20 61 77 61 72 65 20 6f 66 20 4f 70 65 6e 56 50 4e 20	While.many.are.aware.of.OpenVPN.
f5a80	61 73 20 61 20 43 6c 69 65 6e 74 20 56 50 4e 20 73 6f 6c 75 74 69 6f 6e 2c 20 69 74 20 69 73 20	as.a.Client.VPN.solution,.it.is.
f5aa0	6f 66 74 65 6e 20 6f 76 65 72 6c 6f 6f 6b 65 64 20 61 73 20 61 20 73 69 74 65 2d 74 6f 2d 73 69	often.overlooked.as.a.site-to-si
f5ac0	74 65 20 56 50 4e 20 73 6f 6c 75 74 69 6f 6e 20 64 75 65 20 74 6f 20 6c 61 63 6b 20 6f 66 20 73	te.VPN.solution.due.to.lack.of.s
f5ae0	75 70 70 6f 72 74 20 66 6f 72 20 74 68 69 73 20 6d 6f 64 65 20 69 6e 20 6d 61 6e 79 20 72 6f 75	upport.for.this.mode.in.many.rou
f5b00	74 65 72 20 70 6c 61 74 66 6f 72 6d 73 2e 00 57 68 69 6c 65 20 6e 6f 72 6d 61 6c 20 47 52 45 20	ter.platforms..While.normal.GRE.
f5b20	69 73 20 66 6f 72 20 6c 61 79 65 72 20 33 2c 20 47 52 45 54 41 50 20 69 73 20 66 6f 72 20 6c 61	is.for.layer.3,.GRETAP.is.for.la
f5b40	79 65 72 20 32 2e 20 47 52 45 54 41 50 20 63 61 6e 20 65 6e 63 61 70 73 75 6c 61 74 65 20 45 74	yer.2..GRETAP.can.encapsulate.Et
f5b60	68 65 72 6e 65 74 20 66 72 61 6d 65 73 2c 20 74 68 75 73 20 69 74 20 63 61 6e 20 62 65 20 62 72	hernet.frames,.thus.it.can.be.br
f5b80	69 64 67 65 64 20 77 69 74 68 20 6f 74 68 65 72 20 69 6e 74 65 72 66 61 63 65 73 20 74 6f 20 63	idged.with.other.interfaces.to.c
f5ba0	72 65 61 74 65 20 64 61 74 61 6c 69 6e 6b 20 6c 61 79 65 72 20 73 65 67 6d 65 6e 74 73 20 74 68	reate.datalink.layer.segments.th
f5bc0	61 74 20 73 70 61 6e 20 6d 75 6c 74 69 70 6c 65 20 72 65 6d 6f 74 65 20 73 69 74 65 73 2e 00 57	at.span.multiple.remote.sites..W
f5be0	68 69 74 65 6c 69 73 74 20 6f 66 20 61 64 64 72 65 73 73 65 73 20 61 6e 64 20 6e 65 74 77 6f 72	hitelist.of.addresses.and.networ
f5c00	6b 73 2e 20 41 6c 77 61 79 73 20 61 6c 6c 6f 77 20 69 6e 62 6f 75 6e 64 20 63 6f 6e 6e 65 63 74	ks..Always.allow.inbound.connect
f5c20	69 6f 6e 73 20 66 72 6f 6d 20 74 68 65 73 65 20 73 79 73 74 65 6d 73 2e 00 57 69 6c 6c 20 61 64	ions.from.these.systems..Will.ad
f5c40	64 20 60 60 70 65 72 73 69 73 74 65 6e 74 2d 6b 65 79 60 60 20 61 74 20 74 68 65 20 65 6e 64 20	d.``persistent-key``.at.the.end.
f5c60	6f 66 20 74 68 65 20 67 65 6e 65 72 61 74 65 64 20 4f 70 65 6e 56 50 4e 20 63 6f 6e 66 69 67 75	of.the.generated.OpenVPN.configu
f5c80	72 61 74 69 6f 6e 2e 20 50 6c 65 61 73 65 20 75 73 65 20 74 68 69 73 20 6f 6e 6c 79 20 61 73 20	ration..Please.use.this.only.as.
f5ca0	6c 61 73 74 20 72 65 73 6f 72 74 20 2d 20 74 68 69 6e 67 73 20 6d 69 67 68 74 20 62 72 65 61 6b	last.resort.-.things.might.break
f5cc0	20 61 6e 64 20 4f 70 65 6e 56 50 4e 20 77 6f 6e 27 74 20 73 74 61 72 74 20 69 66 20 79 6f 75 20	.and.OpenVPN.won't.start.if.you.
f5ce0	70 61 73 73 20 69 6e 76 61 6c 69 64 20 6f 70 74 69 6f 6e 73 2f 73 79 6e 74 61 78 2e 00 57 69 6c	pass.invalid.options/syntax..Wil
f5d00	6c 20 61 64 64 20 60 60 70 75 73 68 20 22 6b 65 65 70 61 6c 69 76 65 20 31 20 31 30 22 60 60 20	l.add.``push."keepalive.1.10"``.
f5d20	74 6f 20 74 68 65 20 67 65 6e 65 72 61 74 65 64 20 4f 70 65 6e 56 50 4e 20 63 6f 6e 66 69 67 20	to.the.generated.OpenVPN.config.
f5d40	66 69 6c 65 2e 00 57 69 6c 6c 20 62 65 20 72 65 63 6f 72 64 65 64 20 6f 6e 6c 79 20 70 61 63 6b	file..Will.be.recorded.only.pack
f5d60	65 74 73 2f 66 6c 6f 77 73 20 6f 6e 20 2a 2a 69 6e 63 6f 6d 69 6e 67 2a 2a 20 64 69 72 65 63 74	ets/flows.on.**incoming**.direct
f5d80	69 6f 6e 20 69 6e 20 63 6f 6e 66 69 67 75 72 65 64 20 69 6e 74 65 72 66 61 63 65 73 20 62 79 20	ion.in.configured.interfaces.by.
f5da0	64 65 66 61 75 6c 74 2e 00 57 69 6c 6c 20 64 72 6f 70 20 60 3c 73 68 61 72 65 64 2d 6e 65 74 77	default..Will.drop.`<shared-netw
f5dc0	6f 72 6b 2d 6e 61 6d 65 3e 5f 60 20 66 72 6f 6d 20 63 6c 69 65 6e 74 20 44 4e 53 20 72 65 63 6f	ork-name>_`.from.client.DNS.reco
f5de0	72 64 2c 20 75 73 69 6e 67 20 6f 6e 6c 79 20 74 68 65 20 68 6f 73 74 20 64 65 63 6c 61 72 61 74	rd,.using.only.the.host.declarat
f5e00	69 6f 6e 20 6e 61 6d 65 20 61 6e 64 20 64 6f 6d 61 69 6e 3a 20 60 3c 68 6f 73 74 6e 61 6d 65 3e	ion.name.and.domain:.`<hostname>
f5e20	2e 3c 64 6f 6d 61 69 6e 2d 6e 61 6d 65 3e 60 00 57 69 72 65 47 75 61 72 64 00 57 69 72 65 47 75	.<domain-name>`.WireGuard.WireGu
f5e40	61 72 64 20 43 6c 69 65 6e 74 20 51 52 20 63 6f 64 65 00 57 69 72 65 47 75 61 72 64 20 69 6e 74	ard.Client.QR.code.WireGuard.int
f5e60	65 72 66 61 63 65 20 69 74 73 65 6c 66 20 75 73 65 73 20 61 64 64 72 65 73 73 20 31 30 2e 31 2e	erface.itself.uses.address.10.1.
f5e80	30 2e 31 2f 33 30 00 57 69 72 65 47 75 61 72 64 20 69 73 20 61 6e 20 65 78 74 72 65 6d 65 6c 79	0.1/30.WireGuard.is.an.extremely
f5ea0	20 73 69 6d 70 6c 65 20 79 65 74 20 66 61 73 74 20 61 6e 64 20 6d 6f 64 65 72 6e 20 56 50 4e 20	.simple.yet.fast.and.modern.VPN.
f5ec0	74 68 61 74 20 75 74 69 6c 69 7a 65 73 20 73 74 61 74 65 2d 6f 66 2d 74 68 65 2d 61 72 74 20 63	that.utilizes.state-of-the-art.c
f5ee0	72 79 70 74 6f 67 72 61 70 68 79 2e 20 53 65 65 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 69 72	ryptography..See.https://www.wir
f5f00	65 67 75 61 72 64 2e 63 6f 6d 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e	eguard.com.for.more.information.
f5f20	00 57 69 72 65 47 75 61 72 64 20 72 65 71 75 69 72 65 73 20 74 68 65 20 67 65 6e 65 72 61 74 69	.WireGuard.requires.the.generati
f5f40	6f 6e 20 6f 66 20 61 20 6b 65 79 70 61 69 72 2c 20 77 68 69 63 68 20 69 6e 63 6c 75 64 65 73 20	on.of.a.keypair,.which.includes.
f5f60	61 20 70 72 69 76 61 74 65 20 6b 65 79 20 74 6f 20 64 65 63 72 79 70 74 20 69 6e 63 6f 6d 69 6e	a.private.key.to.decrypt.incomin
f5f80	67 20 74 72 61 66 66 69 63 2c 20 61 6e 64 20 61 20 70 75 62 6c 69 63 20 6b 65 79 20 66 6f 72 20	g.traffic,.and.a.public.key.for.
f5fa0	70 65 65 72 28 73 29 20 74 6f 20 65 6e 63 72 79 70 74 20 74 72 61 66 66 69 63 2e 00 57 69 72 65	peer(s).to.encrypt.traffic..Wire
f5fc0	6c 65 73 73 20 63 68 61 6e 6e 65 6c 20 60 60 31 60 60 00 57 69 72 65 6c 65 73 73 20 64 65 76 69	less.channel.``1``.Wireless.devi
f5fe0	63 65 20 74 79 70 65 20 66 6f 72 20 74 68 69 73 20 69 6e 74 65 72 66 61 63 65 00 57 69 72 65 6c	ce.type.for.this.interface.Wirel
f6000	65 73 73 20 68 61 72 64 77 61 72 65 20 64 65 76 69 63 65 20 75 73 65 64 20 61 73 20 75 6e 64 65	ess.hardware.device.used.as.unde
f6020	72 6c 61 79 20 72 61 64 69 6f 2e 00 57 69 72 65 6c 65 73 73 20 6f 70 74 69 6f 6e 73 00 57 69 72	rlay.radio..Wireless.options.Wir
f6040	65 6c 65 73 73 20 6f 70 74 69 6f 6e 73 20 28 53 74 61 74 69 6f 6e 2f 43 6c 69 65 6e 74 29 00 57	eless.options.(Station/Client).W
f6060	69 72 65 6c 65 73 73 4d 6f 64 65 6d 20 28 57 57 41 4e 29 20 6f 70 74 69 6f 6e 73 00 57 69 74 68	irelessModem.(WWAN).options.With
f6080	20 57 69 72 65 47 75 61 72 64 2c 20 61 20 52 6f 61 64 20 57 61 72 72 69 6f 72 20 56 50 4e 20 63	.WireGuard,.a.Road.Warrior.VPN.c
f60a0	6f 6e 66 69 67 20 69 73 20 73 69 6d 69 6c 61 72 20 74 6f 20 61 20 73 69 74 65 2d 74 6f 2d 73 69	onfig.is.similar.to.a.site-to-si
f60c0	74 65 20 56 50 4e 2e 20 49 74 20 6a 75 73 74 20 6c 61 63 6b 73 20 74 68 65 20 60 60 61 64 64 72	te.VPN..It.just.lacks.the.``addr
f60e0	65 73 73 60 60 20 61 6e 64 20 60 60 70 6f 72 74 60 60 20 73 74 61 74 65 6d 65 6e 74 73 2e 00 57	ess``.and.``port``.statements..W
f6100	69 74 68 20 74 68 65 20 60 60 6e 61 6d 65 2d 73 65 72 76 65 72 60 60 20 6f 70 74 69 6f 6e 20 73	ith.the.``name-server``.option.s
f6120	65 74 20 74 6f 20 60 60 6e 6f 6e 65 60 60 2c 20 56 79 4f 53 20 77 69 6c 6c 20 69 67 6e 6f 72 65	et.to.``none``,.VyOS.will.ignore
f6140	20 74 68 65 20 6e 61 6d 65 73 65 72 76 65 72 73 20 79 6f 75 72 20 49 53 50 20 73 65 6e 64 73 20	.the.nameservers.your.ISP.sends.
f6160	79 6f 75 20 61 6e 64 20 74 68 75 73 20 79 6f 75 20 63 61 6e 20 66 75 6c 6c 79 20 72 65 6c 79 20	you.and.thus.you.can.fully.rely.
f6180	6f 6e 20 74 68 65 20 6f 6e 65 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20	on.the.ones.you.have.configured.
f61a0	73 74 61 74 69 63 61 6c 6c 79 2e 00 57 69 74 68 20 74 68 65 20 66 69 72 65 77 61 6c 6c 20 79 6f	statically..With.the.firewall.yo
f61c0	75 20 63 61 6e 20 73 65 74 20 72 75 6c 65 73 20 74 6f 20 61 63 63 65 70 74 2c 20 64 72 6f 70 20	u.can.set.rules.to.accept,.drop.
f61e0	6f 72 20 72 65 6a 65 63 74 20 49 43 4d 50 20 69 6e 2c 20 6f 75 74 20 6f 72 20 6c 6f 63 61 6c 20	or.reject.ICMP.in,.out.or.local.
f6200	74 72 61 66 66 69 63 2e 20 59 6f 75 20 63 61 6e 20 61 6c 73 6f 20 75 73 65 20 74 68 65 20 67 65	traffic..You.can.also.use.the.ge
f6220	6e 65 72 61 6c 20 2a 2a 66 69 72 65 77 61 6c 6c 20 61 6c 6c 2d 70 69 6e 67 2a 2a 20 63 6f 6d 6d	neral.**firewall.all-ping**.comm
f6240	61 6e 64 2e 20 54 68 69 73 20 63 6f 6d 6d 61 6e 64 20 61 66 66 65 63 74 73 20 6f 6e 6c 79 20 74	and..This.command.affects.only.t
f6260	6f 20 4c 4f 43 41 4c 20 28 70 61 63 6b 65 74 73 20 64 65 73 74 69 6e 65 64 20 66 6f 72 20 79 6f	o.LOCAL.(packets.destined.for.yo
f6280	75 72 20 56 79 4f 53 20 73 79 73 74 65 6d 29 2c 20 6e 6f 74 20 74 6f 20 49 4e 20 6f 72 20 4f 55	ur.VyOS.system),.not.to.IN.or.OU
f62a0	54 20 74 72 61 66 66 69 63 2e 00 57 69 74 68 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 2c 20 79 6f	T.traffic..With.this.command,.yo
f62c0	75 20 63 61 6e 20 73 70 65 63 69 66 79 20 68 6f 77 20 74 68 65 20 55 52 4c 20 70 61 74 68 20 73	u.can.specify.how.the.URL.path.s
f62e0	68 6f 75 6c 64 20 62 65 20 6d 61 74 63 68 65 64 20 61 67 61 69 6e 73 74 20 69 6e 63 6f 6d 69 6e	hould.be.matched.against.incomin
f6300	67 20 72 65 71 75 65 73 74 73 2e 00 59 00 59 6f 75 20 61 70 70 6c 79 20 61 20 72 75 6c 65 2d 73	g.requests..Y.You.apply.a.rule-s
f6320	65 74 20 61 6c 77 61 79 73 20 74 6f 20 61 20 7a 6f 6e 65 20 66 72 6f 6d 20 61 6e 20 6f 74 68 65	et.always.to.a.zone.from.an.othe
f6340	72 20 7a 6f 6e 65 2c 20 69 74 20 69 73 20 72 65 63 6f 6d 6d 65 6e 64 65 64 20 74 6f 20 63 72 65	r.zone,.it.is.recommended.to.cre
f6360	61 74 65 20 6f 6e 65 20 72 75 6c 65 2d 73 65 74 20 66 6f 72 20 65 61 63 68 20 7a 6f 6e 65 20 70	ate.one.rule-set.for.each.zone.p
f6380	61 69 72 2e 00 59 6f 75 20 61 72 65 20 61 62 6c 65 20 74 6f 20 73 65 74 20 70 6f 73 74 2d 6c 6f	air..You.are.able.to.set.post-lo
f63a0	67 69 6e 20 6f 72 20 70 72 65 2d 6c 6f 67 69 6e 20 62 61 6e 6e 65 72 20 6d 65 73 73 61 67 65 73	gin.or.pre-login.banner.messages
f63c0	20 74 6f 20 64 69 73 70 6c 61 79 20 63 65 72 74 61 69 6e 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20	.to.display.certain.information.
f63e0	66 6f 72 20 74 68 69 73 20 73 79 73 74 65 6d 2e 00 59 6f 75 20 61 72 65 20 62 65 20 61 62 6c 65	for.this.system..You.are.be.able
f6400	20 74 6f 20 64 6f 77 6e 6c 6f 61 64 20 74 68 65 20 66 69 6c 65 73 20 75 73 69 6e 67 20 53 43 50	.to.download.the.files.using.SCP
f6420	2c 20 6f 6e 63 65 20 74 68 65 20 53 53 48 20 73 65 72 76 69 63 65 20 68 61 73 20 62 65 65 6e 20	,.once.the.SSH.service.has.been.
f6440	61 63 74 69 76 61 74 65 64 20 6c 69 6b 65 20 73 6f 00 59 6f 75 20 63 61 6e 20 61 6c 73 6f 20 63	activated.like.so.You.can.also.c
f6460	6f 6e 66 69 67 75 72 65 20 74 68 65 20 74 69 6d 65 20 69 6e 74 65 72 76 61 6c 20 66 6f 72 20 70	onfigure.the.time.interval.for.p
f6480	72 65 65 6d 70 74 69 6f 6e 20 77 69 74 68 20 74 68 65 20 22 70 72 65 65 6d 70 74 2d 64 65 6c 61	reemption.with.the."preempt-dela
f64a0	79 22 20 6f 70 74 69 6f 6e 2e 20 46 6f 72 20 65 78 61 6d 70 6c 65 2c 20 74 6f 20 73 65 74 20 74	y".option..For.example,.to.set.t
f64c0	68 65 20 68 69 67 68 65 72 20 70 72 69 6f 72 69 74 79 20 72 6f 75 74 65 72 20 74 6f 20 74 61 6b	he.higher.priority.router.to.tak
f64e0	65 20 6f 76 65 72 20 69 6e 20 31 38 30 20 73 65 63 6f 6e 64 73 2c 20 75 73 65 3a 00 59 6f 75 20	e.over.in.180.seconds,.use:.You.
f6500	63 61 6e 20 61 6c 73 6f 20 64 65 66 69 6e 65 20 63 75 73 74 6f 6d 20 74 69 6d 65 6f 75 74 20 76	can.also.define.custom.timeout.v
f6520	61 6c 75 65 73 20 74 6f 20 61 70 70 6c 79 20 74 6f 20 61 20 73 70 65 63 69 66 69 63 20 73 75 62	alues.to.apply.to.a.specific.sub
f6540	73 65 74 20 6f 66 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 2c 20 62 61 73 65 64 20 6f 6e 20 61 20 70	set.of.connections,.based.on.a.p
f6560	61 63 6b 65 74 20 61 6e 64 20 66 6c 6f 77 20 73 65 6c 65 63 74 6f 72 2e 20 54 6f 20 64 6f 20 74	acket.and.flow.selector..To.do.t
f6580	68 69 73 2c 20 79 6f 75 20 6e 65 65 64 20 74 6f 20 63 72 65 61 74 65 20 61 20 72 75 6c 65 20 64	his,.you.need.to.create.a.rule.d
f65a0	65 66 69 6e 69 6e 67 20 74 68 65 20 70 61 63 6b 65 74 20 61 6e 64 20 66 6c 6f 77 20 73 65 6c 65	efining.the.packet.and.flow.sele
f65c0	63 74 6f 72 2e 00 59 6f 75 20 63 61 6e 20 61 6c 73 6f 20 6b 65 65 70 20 64 69 66 66 65 72 65 6e	ctor..You.can.also.keep.differen
f65e0	74 20 44 4e 53 20 7a 6f 6e 65 20 75 70 64 61 74 65 64 2e 20 4a 75 73 74 20 63 72 65 61 74 65 20	t.DNS.zone.updated..Just.create.
f6600	61 20 6e 65 77 20 63 6f 6e 66 69 67 20 6e 6f 64 65 3a 20 60 60 73 65 74 20 73 65 72 76 69 63 65	a.new.config.node:.``set.service
f6620	20 64 6e 73 20 64 79 6e 61 6d 69 63 20 69 6e 74 65 72 66 61 63 65 20 3c 69 6e 74 65 72 66 61 63	.dns.dynamic.interface.<interfac
f6640	65 3e 20 72 66 63 32 31 33 36 20 3c 6f 74 68 65 72 2d 73 65 72 76 69 63 65 2d 6e 61 6d 65 3e 60	e>.rfc2136.<other-service-name>`
f6660	60 00 59 6f 75 20 63 61 6e 20 61 6c 73 6f 20 73 70 65 63 69 66 79 20 77 68 69 63 68 20 49 50 76	`.You.can.also.specify.which.IPv
f6680	36 20 61 63 63 65 73 73 2d 6c 69 73 74 20 73 68 6f 75 6c 64 20 62 65 20 73 68 6f 77 6e 3a 00 59	6.access-list.should.be.shown:.Y
f66a0	6f 75 20 63 61 6e 20 61 6c 73 6f 20 74 75 6e 65 20 6d 75 6c 74 69 63 61 73 74 20 77 69 74 68 20	ou.can.also.tune.multicast.with.
f66c0	74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 63 6f 6d 6d 61 6e 64 73 2e 00 59 6f 75 20 63 61 6e 20	the.following.commands..You.can.
f66e0	61 6c 73 6f 20 75 73 65 20 61 6e 6f 74 68 65 72 20 61 74 74 72 69 62 75 74 65 73 20 66 6f 72 20	also.use.another.attributes.for.
f6700	69 64 65 6e 74 69 66 79 20 63 6c 69 65 6e 74 20 66 6f 72 20 64 69 73 63 6f 6e 6e 65 63 74 2c 20	identify.client.for.disconnect,.
f6720	6c 69 6b 65 20 46 72 61 6d 65 64 2d 49 50 2d 41 64 64 72 65 73 73 2c 20 41 63 63 74 2d 53 65 73	like.Framed-IP-Address,.Acct-Ses
f6740	73 69 6f 6e 2d 49 64 2c 20 65 74 63 2e 20 52 65 73 75 6c 74 20 63 6f 6d 6d 61 6e 64 73 20 61 70	sion-Id,.etc..Result.commands.ap
f6760	70 65 61 72 73 20 69 6e 20 6c 6f 67 2e 00 59 6f 75 20 63 61 6e 20 61 6c 73 6f 20 77 72 69 74 65	pears.in.log..You.can.also.write
f6780	20 61 20 64 65 73 63 72 69 70 74 69 6f 6e 20 66 6f 72 20 61 20 66 69 6c 74 65 72 3a 00 59 6f 75	.a.description.for.a.filter:.You
f67a0	20 63 61 6e 20 61 73 73 69 67 6e 20 6d 75 6c 74 69 70 6c 65 20 6b 65 79 73 20 74 6f 20 74 68 65	.can.assign.multiple.keys.to.the
f67c0	20 73 61 6d 65 20 75 73 65 72 20 62 79 20 75 73 69 6e 67 20 61 20 75 6e 69 71 75 65 20 69 64 65	.same.user.by.using.a.unique.ide
f67e0	6e 74 69 66 69 65 72 20 70 65 72 20 53 53 48 20 6b 65 79 2e 00 59 6f 75 20 63 61 6e 20 61 76 6f	ntifier.per.SSH.key..You.can.avo
f6800	69 64 20 74 68 65 20 22 6c 65 61 6b 79 22 20 62 65 68 61 76 69 6f 72 20 62 79 20 75 73 69 6e 67	id.the."leaky".behavior.by.using
f6820	20 61 20 66 69 72 65 77 61 6c 6c 20 70 6f 6c 69 63 79 20 74 68 61 74 20 64 72 6f 70 73 20 22 69	.a.firewall.policy.that.drops."i
f6840	6e 76 61 6c 69 64 22 20 73 74 61 74 65 20 70 61 63 6b 65 74 73 2e 00 59 6f 75 20 63 61 6e 20 63	nvalid".state.packets..You.can.c
f6860	68 65 63 6b 20 79 6f 75 72 20 4e 49 43 20 64 72 69 76 65 72 20 62 79 20 69 73 73 75 69 6e 67 20	heck.your.NIC.driver.by.issuing.
f6880	3a 6f 70 63 6d 64 3a 60 73 68 6f 77 20 69 6e 74 65 72 66 61 63 65 73 20 65 74 68 65 72 6e 65 74	:opcmd:`show.interfaces.ethernet
f68a0	20 65 74 68 30 20 70 68 79 73 69 63 61 6c 20 7c 20 67 72 65 70 20 2d 69 20 64 72 69 76 65 72 60	.eth0.physical.|.grep.-i.driver`
f68c0	00 59 6f 75 20 63 61 6e 20 63 6f 6e 66 69 67 75 72 65 20 61 20 70 6f 6c 69 63 79 20 69 6e 74 6f	.You.can.configure.a.policy.into
f68e0	20 61 20 63 6c 61 73 73 20 74 68 72 6f 75 67 68 20 74 68 65 20 60 60 71 75 65 75 65 2d 74 79 70	.a.class.through.the.``queue-typ
f6900	65 60 60 20 73 65 74 74 69 6e 67 2e 00 59 6f 75 20 63 61 6e 20 63 6f 6e 66 69 67 75 72 65 20 63	e``.setting..You.can.configure.c
f6920	6c 61 73 73 65 73 20 28 75 70 20 74 6f 20 34 30 39 30 29 20 77 69 74 68 20 64 69 66 66 65 72 65	lasses.(up.to.4090).with.differe
f6940	6e 74 20 73 65 74 74 69 6e 67 73 20 61 6e 64 20 61 20 64 65 66 61 75 6c 74 20 70 6f 6c 69 63 79	nt.settings.and.a.default.policy
f6960	20 77 68 69 63 68 20 77 69 6c 6c 20 62 65 20 61 70 70 6c 69 65 64 20 74 6f 20 61 6e 79 20 74 72	.which.will.be.applied.to.any.tr
f6980	61 66 66 69 63 20 6e 6f 74 20 6d 61 74 63 68 69 6e 67 20 61 6e 79 20 6f 66 20 74 68 65 20 63 6f	affic.not.matching.any.of.the.co
f69a0	6e 66 69 67 75 72 65 64 20 63 6c 61 73 73 65 73 2e 00 59 6f 75 20 63 61 6e 20 63 6f 6e 66 69 67	nfigured.classes..You.can.config
f69c0	75 72 65 20 6d 75 6c 74 69 70 6c 65 20 69 6e 74 65 72 66 61 63 65 73 20 77 68 69 63 68 20 77 68	ure.multiple.interfaces.which.wh
f69e0	6f 75 6c 64 20 70 61 72 74 69 63 69 70 61 74 65 20 69 6e 20 66 6c 6f 77 20 61 63 63 6f 75 6e 74	ould.participate.in.flow.account
f6a00	69 6e 67 2e 00 59 6f 75 20 63 61 6e 20 63 6f 6e 66 69 67 75 72 65 20 6d 75 6c 74 69 70 6c 65 20	ing..You.can.configure.multiple.
f6a20	69 6e 74 65 72 66 61 63 65 73 20 77 68 69 63 68 20 77 68 6f 75 6c 64 20 70 61 72 74 69 63 69 70	interfaces.which.whould.particip
f6a40	61 74 65 20 69 6e 20 73 66 6c 6f 77 20 61 63 63 6f 75 6e 74 69 6e 67 2e 00 59 6f 75 20 63 61 6e	ate.in.sflow.accounting..You.can
f6a60	20 63 72 65 61 74 65 20 6d 75 6c 74 69 70 6c 65 20 56 4c 41 4e 20 69 6e 74 65 72 66 61 63 65 73	.create.multiple.VLAN.interfaces
f6a80	20 6f 6e 20 61 20 70 68 79 73 69 63 61 6c 20 69 6e 74 65 72 66 61 63 65 2e 20 54 68 65 20 56 4c	.on.a.physical.interface..The.VL
f6aa0	41 4e 20 49 44 20 72 61 6e 67 65 20 69 73 20 66 72 6f 6d 20 30 20 74 6f 20 34 30 39 34 2e 00 59	AN.ID.range.is.from.0.to.4094..Y
f6ac0	6f 75 20 63 61 6e 20 64 69 73 61 62 6c 65 20 61 20 56 52 52 50 20 67 72 6f 75 70 20 77 69 74 68	ou.can.disable.a.VRRP.group.with
f6ae0	20 60 60 64 69 73 61 62 6c 65 60 60 20 6f 70 74 69 6f 6e 3a 00 59 6f 75 20 63 61 6e 20 67 65 74	.``disable``.option:.You.can.get
f6b00	20 6d 6f 72 65 20 73 70 65 63 69 66 69 63 20 4f 53 50 46 76 33 20 69 6e 66 6f 72 6d 61 74 69 6f	.more.specific.OSPFv3.informatio
f6b20	6e 20 62 79 20 75 73 69 6e 67 20 74 68 65 20 70 61 72 61 6d 65 74 65 72 73 20 73 68 6f 77 6e 20	n.by.using.the.parameters.shown.
f6b40	62 65 6c 6f 77 3a 00 59 6f 75 20 63 61 6e 20 6e 6f 74 20 61 73 73 69 67 6e 20 74 68 65 20 73 61	below:.You.can.not.assign.the.sa
f6b60	6d 65 20 61 6c 6c 6f 77 65 64 2d 69 70 73 20 73 74 61 74 65 6d 65 6e 74 20 74 6f 20 6d 75 6c 74	me.allowed-ips.statement.to.mult
f6b80	69 70 6c 65 20 57 69 72 65 47 75 61 72 64 20 70 65 65 72 73 2e 20 54 68 69 73 20 61 20 64 65 73	iple.WireGuard.peers..This.a.des
f6ba0	69 67 6e 20 64 65 63 69 73 69 6f 6e 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69	ign.decision..For.more.informati
f6bc0	6f 6e 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 74 68 65 20 60 57 69 72 65 47 75 61 72 64 20 6d	on.please.check.the.`WireGuard.m
f6be0	61 69 6c 69 6e 67 20 6c 69 73 74 60 5f 2e 00 59 6f 75 20 63 61 6e 20 6e 6f 74 20 72 75 6e 20 74	ailing.list`_..You.can.not.run.t
f6c00	68 69 73 20 69 6e 20 61 20 56 52 52 50 20 73 65 74 75 70 2c 20 69 66 20 6d 75 6c 74 69 70 6c 65	his.in.a.VRRP.setup,.if.multiple
f6c20	20 6d 44 4e 53 20 72 65 70 65 61 74 65 72 73 20 61 72 65 20 6c 61 75 6e 63 68 65 64 20 69 6e 20	.mDNS.repeaters.are.launched.in.
f6c40	61 20 73 75 62 6e 65 74 20 79 6f 75 20 77 69 6c 6c 20 65 78 70 65 72 69 65 6e 63 65 20 74 68 65	a.subnet.you.will.experience.the
f6c60	20 6d 44 4e 53 20 70 61 63 6b 65 74 20 73 74 6f 72 6d 20 64 65 61 74 68 21 00 59 6f 75 20 63 61	.mDNS.packet.storm.death!.You.ca
f6c80	6e 20 6e 6f 77 20 22 64 69 61 6c 22 20 74 68 65 20 70 65 65 72 20 77 69 74 68 20 74 68 65 20 66	n.now."dial".the.peer.with.the.f
f6ca0	6f 6c 6c 77 6f 69 6e 67 20 63 6f 6d 6d 61 6e 64 3a 20 60 60 73 73 74 70 63 20 2d 2d 6c 6f 67 2d	ollwoing.command:.``sstpc.--log-
f6cc0	6c 65 76 65 6c 20 34 20 2d 2d 6c 6f 67 2d 73 74 64 65 72 72 20 2d 2d 75 73 65 72 20 76 79 6f 73	level.4.--log-stderr.--user.vyos
f6ce0	20 2d 2d 70 61 73 73 77 6f 72 64 20 76 79 6f 73 20 76 70 6e 2e 65 78 61 6d 70 6c 65 2e 63 6f 6d	.--password.vyos.vpn.example.com
f6d00	20 2d 2d 20 63 61 6c 6c 20 76 79 6f 73 60 60 2e 00 59 6f 75 20 63 61 6e 20 6e 6f 77 20 53 53 48	.--.call.vyos``..You.can.now.SSH
f6d20	20 69 6e 74 6f 20 79 6f 75 72 20 73 79 73 74 65 6d 20 75 73 69 6e 67 20 61 64 6d 69 6e 2f 61 64	.into.your.system.using.admin/ad
f6d40	6d 69 6e 20 61 73 20 61 20 64 65 66 61 75 6c 74 20 75 73 65 72 20 73 75 70 70 6c 69 65 64 20 66	min.as.a.default.user.supplied.f
f6d60	72 6f 6d 20 74 68 65 20 60 60 6c 66 6b 65 69 74 65 6c 2f 74 61 63 61 63 73 5f 70 6c 75 73 3a 6c	rom.the.``lfkeitel/tacacs_plus:l
f6d80	61 74 65 73 74 60 60 20 63 6f 6e 74 61 69 6e 65 72 2e 00 59 6f 75 20 63 61 6e 20 6f 6e 6c 79 20	atest``.container..You.can.only.
f6da0	61 70 70 6c 79 20 6f 6e 65 20 70 6f 6c 69 63 79 20 70 65 72 20 69 6e 74 65 72 66 61 63 65 20 61	apply.one.policy.per.interface.a
f6dc0	6e 64 20 64 69 72 65 63 74 69 6f 6e 2c 20 62 75 74 20 79 6f 75 20 63 6f 75 6c 64 20 72 65 75 73	nd.direction,.but.you.could.reus
f6de0	65 20 61 20 70 6f 6c 69 63 79 20 6f 6e 20 64 69 66 66 65 72 65 6e 74 20 69 6e 74 65 72 66 61 63	e.a.policy.on.different.interfac
f6e00	65 73 20 61 6e 64 20 64 69 72 65 63 74 69 6f 6e 73 3a 00 59 6f 75 20 63 61 6e 20 72 75 6e 20 74	es.and.directions:.You.can.run.t
f6e20	68 65 20 55 44 50 20 62 72 6f 61 64 63 61 73 74 20 72 65 6c 61 79 20 73 65 72 76 69 63 65 20 6f	he.UDP.broadcast.relay.service.o
f6e40	6e 20 6d 75 6c 74 69 70 6c 65 20 72 6f 75 74 65 72 73 20 63 6f 6e 6e 65 63 74 65 64 20 74 6f 20	n.multiple.routers.connected.to.
f6e60	61 20 73 75 62 6e 65 74 2e 20 54 68 65 72 65 20 69 73 20 2a 2a 4e 4f 2a 2a 20 55 44 50 20 62 72	a.subnet..There.is.**NO**.UDP.br
f6e80	6f 61 64 63 61 73 74 20 72 65 6c 61 79 20 70 61 63 6b 65 74 20 73 74 6f 72 6d 21 00 59 6f 75 20	oadcast.relay.packet.storm!.You.
f6ea0	63 61 6e 20 73 70 65 63 69 66 79 20 61 20 73 74 61 74 69 63 20 44 48 43 50 20 61 73 73 69 67 6e	can.specify.a.static.DHCP.assign
f6ec0	6d 65 6e 74 20 6f 6e 20 61 20 70 65 72 20 68 6f 73 74 20 62 61 73 69 73 2e 20 59 6f 75 20 77 69	ment.on.a.per.host.basis..You.wi
f6ee0	6c 6c 20 6e 65 65 64 20 74 68 65 20 4d 41 43 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 73	ll.need.the.MAC.address.of.the.s
f6f00	74 61 74 69 6f 6e 20 61 6e 64 20 79 6f 75 72 20 64 65 73 69 72 65 64 20 49 50 20 61 64 64 72 65	tation.and.your.desired.IP.addre
f6f20	73 73 2e 20 54 68 65 20 61 64 64 72 65 73 73 20 6d 75 73 74 20 62 65 20 69 6e 73 69 64 65 20 74	ss..The.address.must.be.inside.t
f6f40	68 65 20 73 75 62 6e 65 74 20 64 65 66 69 6e 69 74 69 6f 6e 20 62 75 74 20 63 61 6e 20 62 65 20	he.subnet.definition.but.can.be.
f6f60	6f 75 74 73 69 64 65 20 6f 66 20 74 68 65 20 72 61 6e 67 65 20 73 74 61 74 65 6d 65 6e 74 2e 00	outside.of.the.range.statement..
f6f80	59 6f 75 20 63 61 6e 20 74 65 73 74 20 74 68 65 20 53 4e 4d 50 76 33 20 66 75 6e 63 74 69 6f 6e	You.can.test.the.SNMPv3.function
f6fa0	61 6c 69 74 79 20 66 72 6f 6d 20 61 6e 79 20 6c 69 6e 75 78 20 62 61 73 65 64 20 73 79 73 74 65	ality.from.any.linux.based.syste
f6fc0	6d 2c 20 6a 75 73 74 20 72 75 6e 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 63 6f 6d 6d 61 6e	m,.just.run.the.following.comman
f6fe0	64 3a 20 60 60 73 6e 6d 70 77 61 6c 6b 20 2d 76 20 33 20 2d 75 20 76 79 6f 73 20 2d 61 20 53 48	d:.``snmpwalk.-v.3.-u.vyos.-a.SH
f7000	41 20 2d 41 20 76 79 6f 73 31 32 33 34 35 36 37 38 20 2d 78 20 41 45 53 20 2d 58 20 76 79 6f 73	A.-A.vyos12345678.-x.AES.-X.vyos
f7020	31 32 33 34 35 36 37 38 20 2d 6c 20 61 75 74 68 50 72 69 76 20 31 39 32 2e 30 2e 32 2e 31 20 2e	12345678.-l.authPriv.192.0.2.1..
f7040	31 60 60 00 59 6f 75 20 63 61 6e 20 75 73 65 20 77 69 6c 64 63 61 72 64 20 60 60 2a 60 60 20 74	1``.You.can.use.wildcard.``*``.t
f7060	6f 20 6d 61 74 63 68 20 61 20 67 72 6f 75 70 20 6f 66 20 69 6e 74 65 72 66 61 63 65 73 2e 00 59	o.match.a.group.of.interfaces..Y
f7080	6f 75 20 63 61 6e 20 76 65 72 69 66 79 20 79 6f 75 72 20 56 52 52 50 20 67 72 6f 75 70 20 73 74	ou.can.verify.your.VRRP.group.st
f70a0	61 74 75 73 20 77 69 74 68 20 74 68 65 20 6f 70 65 72 61 74 69 6f 6e 61 6c 20 6d 6f 64 65 20 60	atus.with.the.operational.mode.`
f70c0	60 72 75 6e 20 73 68 6f 77 20 76 72 72 70 60 60 20 63 6f 6d 6d 61 6e 64 3a 00 59 6f 75 20 63 61	`run.show.vrrp``.command:.You.ca
f70e0	6e 20 76 69 65 77 20 74 68 61 74 20 74 68 65 20 70 6f 6c 69 63 79 20 69 73 20 62 65 69 6e 67 20	n.view.that.the.policy.is.being.
f7100	63 6f 72 72 65 63 74 6c 79 20 28 6f 72 20 69 6e 63 6f 72 72 65 63 74 6c 79 29 20 75 74 69 6c 69	correctly.(or.incorrectly).utili
f7120	73 65 64 20 77 69 74 68 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 63 6f 6d 6d 61 6e 64 3a 00	sed.with.the.following.command:.
f7140	59 6f 75 20 63 61 6e 6e 6f 74 20 65 61 73 69 6c 79 20 72 65 64 69 73 74 72 69 62 75 74 65 20 49	You.cannot.easily.redistribute.I
f7160	50 76 36 20 72 6f 75 74 65 73 20 76 69 61 20 4f 53 50 46 76 33 20 6f 6e 20 61 20 57 69 72 65 47	Pv6.routes.via.OSPFv3.on.a.WireG
f7180	75 61 72 64 20 69 6e 74 65 72 66 61 63 65 20 6c 69 6e 6b 2e 20 54 68 69 73 20 72 65 71 75 69 72	uard.interface.link..This.requir
f71a0	65 73 20 79 6f 75 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 6c 69 6e 6b 2d 6c 6f 63 61 6c 20 61	es.you.to.configure.link-local.a
f71c0	64 64 72 65 73 73 65 73 20 6d 61 6e 75 61 6c 6c 79 20 6f 6e 20 74 68 65 20 57 69 72 65 47 75 61	ddresses.manually.on.the.WireGua
f71e0	72 64 20 69 6e 74 65 72 66 61 63 65 73 2c 20 73 65 65 20 3a 76 79 74 61 73 6b 3a 60 54 31 34 38	rd.interfaces,.see.:vytask:`T148
f7200	33 60 2e 00 59 6f 75 20 6d 61 79 20 61 6c 73 6f 20 61 64 64 69 74 69 6f 6e 61 6c 6c 79 20 63 6f	3`..You.may.also.additionally.co
f7220	6e 66 69 67 75 72 65 20 74 69 6d 65 6f 75 74 73 20 66 6f 72 20 64 69 66 66 65 72 65 6e 74 20 74	nfigure.timeouts.for.different.t
f7240	79 70 65 73 20 6f 66 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 2e 00 59 6f 75 20 6d 61 79 20 70 72 65	ypes.of.connections..You.may.pre
f7260	66 65 72 20 6c 6f 63 61 6c 6c 79 20 63 6f 6e 66 69 67 75 72 65 64 20 63 61 70 61 62 69 6c 69 74	fer.locally.configured.capabilit
f7280	69 65 73 20 6d 6f 72 65 20 74 68 61 6e 20 74 68 65 20 6e 65 67 6f 74 69 61 74 65 64 20 63 61 70	ies.more.than.the.negotiated.cap
f72a0	61 62 69 6c 69 74 69 65 73 20 65 76 65 6e 20 74 68 6f 75 67 68 20 72 65 6d 6f 74 65 20 70 65 65	abilities.even.though.remote.pee
f72c0	72 20 73 65 6e 64 73 20 63 61 70 61 62 69 6c 69 74 69 65 73 2e 20 49 66 20 74 68 65 20 70 65 65	r.sends.capabilities..If.the.pee
f72e0	72 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 62 79 20 3a 63 66 67 63 6d 64 3a 60 6f 76 65 72	r.is.configured.by.:cfgcmd:`over
f7300	72 69 64 65 2d 63 61 70 61 62 69 6c 69 74 79 60 2c 20 56 79 4f 53 20 69 67 6e 6f 72 65 73 20 72	ride-capability`,.VyOS.ignores.r
f7320	65 63 65 69 76 65 64 20 63 61 70 61 62 69 6c 69 74 69 65 73 20 74 68 65 6e 20 6f 76 65 72 72 69	eceived.capabilities.then.overri
f7340	64 65 20 6e 65 67 6f 74 69 61 74 65 64 20 63 61 70 61 62 69 6c 69 74 69 65 73 20 77 69 74 68 20	de.negotiated.capabilities.with.
f7360	63 6f 6e 66 69 67 75 72 65 64 20 76 61 6c 75 65 73 2e 00 59 6f 75 20 6d 61 79 20 77 61 6e 74 20	configured.values..You.may.want.
f7380	74 6f 20 64 69 73 61 62 6c 65 20 73 65 6e 64 69 6e 67 20 43 61 70 61 62 69 6c 69 74 79 20 4e 65	to.disable.sending.Capability.Ne
f73a0	67 6f 74 69 61 74 69 6f 6e 20 4f 50 45 4e 20 6d 65 73 73 61 67 65 20 6f 70 74 69 6f 6e 61 6c 20	gotiation.OPEN.message.optional.
f73c0	70 61 72 61 6d 65 74 65 72 20 74 6f 20 74 68 65 20 70 65 65 72 20 77 68 65 6e 20 72 65 6d 6f 74	parameter.to.the.peer.when.remot
f73e0	65 20 70 65 65 72 20 64 6f 65 73 20 6e 6f 74 20 69 6d 70 6c 65 6d 65 6e 74 20 43 61 70 61 62 69	e.peer.does.not.implement.Capabi
f7400	6c 69 74 79 20 4e 65 67 6f 74 69 61 74 69 6f 6e 2e 20 50 6c 65 61 73 65 20 75 73 65 20 3a 63 66	lity.Negotiation..Please.use.:cf
f7420	67 63 6d 64 3a 60 64 69 73 61 62 6c 65 2d 63 61 70 61 62 69 6c 69 74 79 2d 6e 65 67 6f 74 69 61	gcmd:`disable-capability-negotia
f7440	74 69 6f 6e 60 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 64 69 73 61 62 6c 65 20 74 68 65 20 66 65 61	tion`.command.to.disable.the.fea
f7460	74 75 72 65 2e 00 59 6f 75 20 6e 65 65 64 20 32 20 73 65 70 61 72 61 74 65 20 66 69 72 65 77 61	ture..You.need.2.separate.firewa
f7480	6c 6c 73 20 74 6f 20 64 65 66 69 6e 65 20 74 72 61 66 66 69 63 3a 20 6f 6e 65 20 66 6f 72 20 65	lls.to.define.traffic:.one.for.e
f74a0	61 63 68 20 64 69 72 65 63 74 69 6f 6e 2e 00 59 6f 75 20 6e 65 65 64 20 74 6f 20 64 69 73 61 62	ach.direction..You.need.to.disab
f74c0	6c 65 20 74 68 65 20 69 6e 2d 6d 65 6d 6f 72 79 20 74 61 62 6c 65 20 69 6e 20 70 72 6f 64 75 63	le.the.in-memory.table.in.produc
f74e0	74 69 6f 6e 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 73 21 20 55 73 69 6e 67 20 3a 61 62 62 72 3a 60	tion.environments!.Using.:abbr:`
f7500	49 4d 54 20 28 49 6e 2d 4d 65 6d 6f 72 79 20 54 61 62 6c 65 29 60 20 6d 61 79 20 6c 65 61 64 20	IMT.(In-Memory.Table)`.may.lead.
f7520	74 6f 20 68 65 61 76 79 20 43 50 55 20 6f 76 65 72 6c 6f 61 64 69 6e 67 20 61 6e 64 20 75 6e 73	to.heavy.CPU.overloading.and.uns
f7540	74 61 62 6c 65 20 66 6c 6f 77 2d 61 63 63 6f 75 6e 74 69 6e 67 20 62 65 68 61 76 69 6f 72 2e 00	table.flow-accounting.behavior..
f7560	59 6f 75 20 6e 65 65 64 20 79 6f 75 72 20 50 50 50 6f 45 20 63 72 65 64 65 6e 74 69 61 6c 73 20	You.need.your.PPPoE.credentials.
f7580	66 72 6f 6d 20 79 6f 75 72 20 44 53 4c 20 49 53 50 20 69 6e 20 6f 72 64 65 72 20 74 6f 20 63 6f	from.your.DSL.ISP.in.order.to.co
f75a0	6e 66 69 67 75 72 65 20 74 68 69 73 2e 20 54 68 65 20 75 73 75 61 6c 20 75 73 65 72 6e 61 6d 65	nfigure.this..The.usual.username
f75c0	20 69 73 20 69 6e 20 74 68 65 20 66 6f 72 6d 20 6f 66 20 6e 61 6d 65 40 68 6f 73 74 2e 6e 65 74	.is.in.the.form.of.name@host.net
f75e0	20 62 75 74 20 6d 61 79 20 76 61 72 79 20 64 65 70 65 6e 64 69 6e 67 20 6f 6e 20 49 53 50 2e 00	.but.may.vary.depending.on.ISP..
f7600	59 6f 75 20 6e 6f 77 20 73 65 65 20 74 68 65 20 6c 6f 6e 67 65 72 20 41 53 20 70 61 74 68 2e 00	You.now.see.the.longer.AS.path..
f7620	59 6f 75 20 73 68 6f 75 6c 64 20 61 64 64 20 61 20 66 69 72 65 77 61 6c 6c 20 74 6f 20 79 6f 75	You.should.add.a.firewall.to.you
f7640	72 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 62 6f 76 65 20 61 73 20 77 65 6c 6c 20 62 79	r.configuration.above.as.well.by
f7660	20 61 73 73 69 67 6e 69 6e 67 20 69 74 20 74 6f 20 74 68 65 20 70 70 70 6f 65 30 20 69 74 73 65	.assigning.it.to.the.pppoe0.itse
f7680	6c 66 20 61 73 20 73 68 6f 77 6e 20 68 65 72 65 3a 00 59 6f 75 20 73 68 6f 75 6c 64 20 61 6c 73	lf.as.shown.here:.You.should.als
f76a0	6f 20 65 6e 73 75 72 65 20 74 68 61 74 20 74 68 65 20 4f 55 54 49 53 44 45 5f 4c 4f 43 41 4c 20	o.ensure.that.the.OUTISDE_LOCAL.
f76c0	66 69 72 65 77 61 6c 6c 20 67 72 6f 75 70 20 69 73 20 61 70 70 6c 69 65 64 20 74 6f 20 74 68 65	firewall.group.is.applied.to.the
f76e0	20 57 41 4e 20 69 6e 74 65 72 66 61 63 65 20 61 6e 64 20 61 20 64 69 72 65 63 74 69 6f 6e 20 28	.WAN.interface.and.a.direction.(
f7700	6c 6f 63 61 6c 29 2e 00 59 6f 75 20 77 69 6c 6c 20 61 6c 73 6f 20 6e 65 65 64 20 74 68 65 20 70	local)..You.will.also.need.the.p
f7720	75 62 6c 69 63 20 6b 65 79 20 6f 66 20 79 6f 75 72 20 70 65 65 72 20 61 73 20 77 65 6c 6c 20 61	ublic.key.of.your.peer.as.well.a
f7740	73 20 74 68 65 20 6e 65 74 77 6f 72 6b 28 73 29 20 79 6f 75 20 77 61 6e 74 20 74 6f 20 74 75 6e	s.the.network(s).you.want.to.tun
f7760	6e 65 6c 20 28 61 6c 6c 6f 77 65 64 2d 69 70 73 29 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 61	nel.(allowed-ips).to.configure.a
f7780	20 57 69 72 65 47 75 61 72 64 20 74 75 6e 6e 65 6c 2e 20 54 68 65 20 70 75 62 6c 69 63 20 6b 65	.WireGuard.tunnel..The.public.ke
f77a0	79 20 62 65 6c 6f 77 20 69 73 20 61 6c 77 61 79 73 20 74 68 65 20 70 75 62 6c 69 63 20 6b 65 79	y.below.is.always.the.public.key
f77c0	20 66 72 6f 6d 20 79 6f 75 72 20 70 65 65 72 2c 20 6e 6f 74 20 79 6f 75 72 20 6c 6f 63 61 6c 20	.from.your.peer,.not.your.local.
f77e0	6f 6e 65 2e 00 59 6f 75 72 20 49 53 50 73 20 6d 6f 64 65 6d 20 69 73 20 63 6f 6e 6e 65 63 74 65	one..Your.ISPs.modem.is.connecte
f7800	64 20 74 6f 20 70 6f 72 74 20 60 60 65 74 68 30 60 60 20 6f 66 20 79 6f 75 72 20 56 79 4f 53 20	d.to.port.``eth0``.of.your.VyOS.
f7820	62 6f 78 2e 00 5a 65 62 72 61 20 73 75 70 70 6f 72 74 73 20 70 72 65 66 69 78 2d 6c 69 73 74 73	box..Zebra.supports.prefix-lists
f7840	20 61 6e 64 20 52 6f 75 74 65 20 4d 61 70 73 73 20 74 6f 20 6d 61 74 63 68 20 72 6f 75 74 65 73	.and.Route.Mapss.to.match.routes
f7860	20 72 65 63 65 69 76 65 64 20 66 72 6f 6d 20 6f 74 68 65 72 20 46 52 52 20 63 6f 6d 70 6f 6e 65	.received.from.other.FRR.compone
f7880	6e 74 73 2e 20 54 68 65 20 70 65 72 6d 69 74 2f 64 65 6e 79 20 66 61 63 69 6c 69 74 69 65 73 20	nts..The.permit/deny.facilities.
f78a0	70 72 6f 76 69 64 65 64 20 62 79 20 74 68 65 73 65 20 63 6f 6d 6d 61 6e 64 73 20 63 61 6e 20 62	provided.by.these.commands.can.b
f78c0	65 20 75 73 65 64 20 74 6f 20 66 69 6c 74 65 72 20 77 68 69 63 68 20 72 6f 75 74 65 73 20 7a 65	e.used.to.filter.which.routes.ze
f78e0	62 72 61 20 77 69 6c 6c 20 69 6e 73 74 61 6c 6c 20 69 6e 20 74 68 65 20 6b 65 72 6e 65 6c 2e 00	bra.will.install.in.the.kernel..
f7900	5a 65 62 72 61 2f 4b 65 72 6e 65 6c 20 72 6f 75 74 65 20 66 69 6c 74 65 72 69 6e 67 00 5a 6f 6e	Zebra/Kernel.route.filtering.Zon
f7920	65 20 42 61 73 65 64 20 46 69 72 65 77 61 6c 6c 00 5a 6f 6e 65 2d 50 6f 6c 69 63 79 20 4f 76 65	e.Based.Firewall.Zone-Policy.Ove
f7940	72 76 69 65 77 00 5b 41 2e 42 2e 43 2e 44 5d 20 e2 80 93 20 6c 69 6e 6b 2d 73 74 61 74 65 2d 69	rview.[A.B.C.D].....link-state-i
f7960	64 2e 20 57 69 74 68 20 74 68 69 73 20 73 70 65 63 69 66 69 65 64 20 74 68 65 20 63 6f 6d 6d 61	d..With.this.specified.the.comma
f7980	6e 64 20 64 69 73 70 6c 61 79 73 20 70 6f 72 74 69 6f 6e 20 6f 66 20 74 68 65 20 6e 65 74 77 6f	nd.displays.portion.of.the.netwo
f79a0	72 6b 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 20 74 68 61 74 20 69 73 20 62 65 69 6e 67 20 64 65 73	rk.environment.that.is.being.des
f79c0	63 72 69 62 65 64 20 62 79 20 74 68 65 20 61 64 76 65 72 74 69 73 65 6d 65 6e 74 2e 20 54 68 65	cribed.by.the.advertisement..The
f79e0	20 76 61 6c 75 65 20 65 6e 74 65 72 65 64 20 64 65 70 65 6e 64 73 20 6f 6e 20 74 68 65 20 61 64	.value.entered.depends.on.the.ad
f7a00	76 65 72 74 69 73 65 6d 65 6e 74 e2 80 99 73 20 4c 53 20 74 79 70 65 2e 20 49 74 20 6d 75 73 74	vertisement...s.LS.type..It.must
f7a20	20 62 65 20 65 6e 74 65 72 65 64 20 69 6e 20 74 68 65 20 66 6f 72 6d 20 6f 66 20 61 6e 20 49 50	.be.entered.in.the.form.of.an.IP
f7a40	20 61 64 64 72 65 73 73 2e 00 60 31 2e 20 43 72 65 61 74 65 20 61 6e 20 65 76 65 6e 74 20 68 61	.address..`1..Create.an.event.ha
f7a60	6e 64 6c 65 72 60 5f 00 60 32 2e 20 41 64 64 20 72 65 67 65 78 20 74 6f 20 74 68 65 20 73 63 72	ndler`_.`2..Add.regex.to.the.scr
f7a80	69 70 74 60 5f 00 60 33 2e 20 41 64 64 20 61 20 66 75 6c 6c 20 70 61 74 68 20 74 6f 20 74 68 65	ipt`_.`3..Add.a.full.path.to.the
f7aa0	20 73 63 72 69 70 74 60 5f 00 60 34 2e 20 41 64 64 20 6f 70 74 69 6f 6e 61 6c 20 70 61 72 61 6d	.script`_.`4..Add.optional.param
f7ac0	65 74 65 72 73 60 5f 00 60 3c 6e 61 6d 65 3e 60 20 6d 75 73 74 20 62 65 20 69 64 65 6e 74 69 63	eters`_.`<name>`.must.be.identic
f7ae0	61 6c 20 6f 6e 20 62 6f 74 68 20 73 69 64 65 73 21 00 60 60 24 20 74 61 69 6c 20 2d 6e 20 2b 32	al.on.both.sides!.``$.tail.-n.+2
f7b00	20 63 61 2e 6b 65 79 20 7c 20 68 65 61 64 20 2d 6e 20 2d 31 20 7c 20 74 72 20 2d 64 20 27 5c 6e	.ca.key.|.head.-n.-1.|.tr.-d.'\n
f7b20	27 60 60 00 60 60 24 20 74 61 69 6c 20 2d 6e 20 2b 32 20 63 61 2e 70 65 6d 20 7c 20 68 65 61 64	'``.``$.tail.-n.+2.ca.pem.|.head
f7b40	20 2d 6e 20 2d 31 20 7c 20 74 72 20 2d 64 20 27 5c 6e 27 60 60 00 60 60 24 20 74 61 69 6c 20 2d	.-n.-1.|.tr.-d.'\n'``.``$.tail.-
f7b60	6e 20 2b 32 20 63 65 72 74 2e 6b 65 79 20 7c 20 68 65 61 64 20 2d 6e 20 2d 31 20 7c 20 74 72 20	n.+2.cert.key.|.head.-n.-1.|.tr.
f7b80	2d 64 20 27 5c 6e 27 60 60 00 60 60 24 20 74 61 69 6c 20 2d 6e 20 2b 32 20 63 65 72 74 2e 70 65	-d.'\n'``.``$.tail.-n.+2.cert.pe
f7ba0	6d 20 7c 20 68 65 61 64 20 2d 6e 20 2d 31 20 7c 20 74 72 20 2d 64 20 27 5c 6e 27 60 60 00 60 60	m.|.head.-n.-1.|.tr.-d.'\n'``.``
f7bc0	2b 60 60 20 73 75 63 63 65 73 73 66 75 6c 00 60 60 2d 60 60 20 66 61 69 6c 65 64 00 60 60 2f 63	+``.successful.``-``.failed.``/c
f7be0	6f 6e 66 69 67 2f 73 63 72 69 70 74 73 2f 64 68 63 70 2d 63 6c 69 65 6e 74 2f 70 6f 73 74 2d 68	onfig/scripts/dhcp-client/post-h
f7c00	6f 6f 6b 73 2e 64 2f 60 60 00 60 60 2f 63 6f 6e 66 69 67 2f 73 63 72 69 70 74 73 2f 64 68 63 70	ooks.d/``.``/config/scripts/dhcp
f7c20	2d 63 6c 69 65 6e 74 2f 70 72 65 2d 68 6f 6f 6b 73 2e 64 2f 60 60 00 60 60 30 2e 70 6f 6f 6c 2e	-client/pre-hooks.d/``.``0.pool.
f7c40	6e 74 70 2e 6f 72 67 60 60 00 60 60 30 60 60 20 2d 20 32 30 20 6f 72 20 34 30 20 4d 48 7a 20 63	ntp.org``.``0``.-.20.or.40.MHz.c
f7c60	68 61 6e 6e 65 6c 20 77 69 64 74 68 20 28 64 65 66 61 75 6c 74 29 00 60 60 30 60 60 3a 20 4e 6f	hannel.width.(default).``0``:.No
f7c80	20 72 65 70 6c 61 79 20 77 69 6e 64 6f 77 2c 20 73 74 72 69 63 74 20 63 68 65 63 6b 00 60 60 31	.replay.window,.strict.check.``1
f7ca0	2d 34 32 39 34 39 36 37 32 39 35 60 60 3a 20 4e 75 6d 62 65 72 20 6f 66 20 70 61 63 6b 65 74 73	-4294967295``:.Number.of.packets
f7cc0	20 74 68 61 74 20 63 6f 75 6c 64 20 62 65 20 6d 69 73 6f 72 64 65 72 65 64 00 60 60 31 2e 70 6f	.that.could.be.misordered.``1.po
f7ce0	6f 6c 2e 6e 74 70 2e 6f 72 67 60 60 00 60 60 31 31 35 32 30 30 60 60 20 2d 20 31 31 35 2c 32 30	ol.ntp.org``.``115200``.-.115,20
f7d00	30 20 62 70 73 20 28 64 65 66 61 75 6c 74 20 66 6f 72 20 73 65 72 69 61 6c 20 63 6f 6e 73 6f 6c	0.bps.(default.for.serial.consol
f7d20	65 29 00 60 60 31 32 30 30 60 60 20 2d 20 31 32 30 30 20 62 70 73 00 60 60 31 39 32 2e 31 36 38	e).``1200``.-.1200.bps.``192.168
f7d40	2e 32 2e 32 35 34 60 60 20 49 50 20 61 64 64 72 65 65 73 73 20 6f 6e 20 56 79 4f 53 20 65 74 68	.2.254``.IP.addreess.on.VyOS.eth
f7d60	32 20 66 72 6f 6d 20 49 53 50 32 00 60 60 31 39 32 30 30 60 60 20 2d 20 31 39 2c 32 30 30 20 62	2.from.ISP2.``19200``.-.19,200.b
f7d80	70 73 00 60 60 31 60 60 20 2d 20 38 30 20 4d 48 7a 20 63 68 61 6e 6e 65 6c 20 77 69 64 74 68 00	ps.``1``.-.80.MHz.channel.width.
f7da0	60 60 32 2e 70 6f 6f 6c 2e 6e 74 70 2e 6f 72 67 60 60 00 60 60 32 30 33 2e 30 2e 31 31 33 2e 32	``2.pool.ntp.org``.``203.0.113.2
f7dc0	35 34 60 60 20 49 50 20 61 64 64 72 65 65 73 73 20 6f 6e 20 56 79 4f 53 20 65 74 68 31 20 66 72	54``.IP.addreess.on.VyOS.eth1.fr
f7de0	6f 6d 20 49 53 50 31 00 60 60 32 34 30 30 60 60 20 2d 20 32 34 30 30 20 62 70 73 00 60 60 32 60	om.ISP1.``2400``.-.2400.bps.``2`
f7e00	60 20 2d 20 31 36 30 20 4d 48 7a 20 63 68 61 6e 6e 65 6c 20 77 69 64 74 68 00 60 60 33 38 34 30	`.-.160.MHz.channel.width.``3840
f7e20	30 60 60 20 2d 20 33 38 2c 34 30 30 20 62 70 73 20 28 64 65 66 61 75 6c 74 20 66 6f 72 20 58 65	0``.-.38,400.bps.(default.for.Xe
f7e40	6e 20 63 6f 6e 73 6f 6c 65 29 00 60 60 33 60 60 20 2d 20 38 30 2b 38 30 20 4d 48 7a 20 63 68 61	n.console).``3``.-.80+80.MHz.cha
f7e60	6e 6e 65 6c 20 77 69 64 74 68 00 60 60 34 38 30 30 60 60 20 2d 20 34 38 30 30 20 62 70 73 00 60	nnel.width.``4800``.-.4800.bps.`
f7e80	60 35 37 36 30 30 60 60 20 2d 20 35 37 2c 36 30 30 20 62 70 73 00 60 60 38 30 32 2e 33 61 64 60	`57600``.-.57,600.bps.``802.3ad`
f7ea0	60 20 2d 20 49 45 45 45 20 38 30 32 2e 33 61 64 20 44 79 6e 61 6d 69 63 20 6c 69 6e 6b 20 61 67	`.-.IEEE.802.3ad.Dynamic.link.ag
f7ec0	67 72 65 67 61 74 69 6f 6e 2e 20 43 72 65 61 74 65 73 20 61 67 67 72 65 67 61 74 69 6f 6e 20 67	gregation..Creates.aggregation.g
f7ee0	72 6f 75 70 73 20 74 68 61 74 20 73 68 61 72 65 20 74 68 65 20 73 61 6d 65 20 73 70 65 65 64 20	roups.that.share.the.same.speed.
f7f00	61 6e 64 20 64 75 70 6c 65 78 20 73 65 74 74 69 6e 67 73 2e 20 55 74 69 6c 69 7a 65 73 20 61 6c	and.duplex.settings..Utilizes.al
f7f20	6c 20 73 6c 61 76 65 73 20 69 6e 20 74 68 65 20 61 63 74 69 76 65 20 61 67 67 72 65 67 61 74 6f	l.slaves.in.the.active.aggregato
f7f40	72 20 61 63 63 6f 72 64 69 6e 67 20 74 6f 20 74 68 65 20 38 30 32 2e 33 61 64 20 73 70 65 63 69	r.according.to.the.802.3ad.speci
f7f60	66 69 63 61 74 69 6f 6e 2e 00 60 60 39 36 30 30 60 60 20 2d 20 39 36 30 30 20 62 70 73 00 60 60	fication..``9600``.-.9600.bps.``
f7f80	3c 20 64 68 2d 67 72 6f 75 70 20 3e 60 60 20 64 65 66 69 6e 65 73 20 61 20 44 69 66 66 69 65 2d	<.dh-group.>``.defines.a.Diffie-
f7fa0	48 65 6c 6c 6d 61 6e 20 67 72 6f 75 70 20 66 6f 72 20 50 46 53 3b 00 60 60 4b 6e 6f 77 6e 20 6c	Hellman.group.for.PFS;.``Known.l
f7fc0	69 6d 69 74 61 74 69 6f 6e 73 3a 60 60 00 60 60 57 4c 42 5f 49 4e 54 45 52 46 41 43 45 5f 4e 41	imitations:``.``WLB_INTERFACE_NA
f7fe0	4d 45 3d 5b 69 6e 74 65 72 66 61 63 65 6e 61 6d 65 5d 60 60 3a 20 49 6e 74 65 72 66 61 63 65 20	ME=[interfacename]``:.Interface.
f8000	74 6f 20 62 65 20 6d 6f 6e 69 74 6f 72 65 64 00 60 60 57 4c 42 5f 49 4e 54 45 52 46 41 43 45 5f	to.be.monitored.``WLB_INTERFACE_
f8020	53 54 41 54 45 3d 5b 41 43 54 49 56 45 7c 46 41 49 4c 45 44 5d 60 60 3a 20 49 6e 74 65 72 66 61	STATE=[ACTIVE|FAILED]``:.Interfa
f8040	63 65 20 73 74 61 74 65 00 60 60 61 60 60 20 2d 20 38 30 32 2e 31 31 61 20 2d 20 35 34 20 4d 62	ce.state.``a``.-.802.11a.-.54.Mb
f8060	69 74 73 2f 73 65 63 00 60 60 61 63 60 60 20 2d 20 38 30 32 2e 31 31 61 63 20 2d 20 31 33 30 30	its/sec.``ac``.-.802.11ac.-.1300
f8080	20 4d 62 69 74 73 2f 73 65 63 00 60 60 61 63 63 65 70 74 2d 6f 77 6e 2d 6e 65 78 74 68 6f 70 60	.Mbits/sec.``accept-own-nexthop`
f80a0	60 20 2d 20 20 20 20 20 20 20 20 20 20 20 57 65 6c 6c 2d 6b 6e 6f 77 6e 20 63 6f 6d 6d 75 6e 69	`.-...........Well-known.communi
f80c0	74 69 65 73 20 76 61 6c 75 65 20 61 63 63 65 70 74 2d 6f 77 6e 2d 6e 65 78 74 68 6f 70 20 30 78	ties.value.accept-own-nexthop.0x
f80e0	46 46 46 46 30 30 30 38 00 60 60 61 63 63 65 70 74 2d 6f 77 6e 60 60 20 2d 20 20 20 20 20 20 20	FFFF0008.``accept-own``.-.......
f8100	20 20 20 20 20 20 20 20 20 20 20 20 57 65 6c 6c 2d 6b 6e 6f 77 6e 20 63 6f 6d 6d 75 6e 69 74 69	............Well-known.communiti
f8120	65 73 20 76 61 6c 75 65 20 41 43 43 45 50 54 5f 4f 57 4e 20 30 78 46 46 46 46 30 30 30 31 00 60	es.value.ACCEPT_OWN.0xFFFF0001.`
f8140	60 61 63 63 65 70 74 60 60 3a 20 61 63 63 65 70 74 20 74 68 65 20 70 61 63 6b 65 74 2e 00 60 60	`accept``:.accept.the.packet..``
f8160	61 63 63 65 73 73 2d 70 6f 69 6e 74 60 60 20 2d 20 41 63 63 65 73 73 2d 70 6f 69 6e 74 20 66 6f	access-point``.-.Access-point.fo
f8180	72 77 61 72 64 73 20 70 61 63 6b 65 74 73 20 62 65 74 77 65 65 6e 20 6f 74 68 65 72 20 6e 6f 64	rwards.packets.between.other.nod
f81a0	65 73 00 60 60 61 63 74 69 6f 6e 60 60 20 6b 65 65 70 2d 61 6c 69 76 65 20 66 61 69 6c 75 72 65	es.``action``.keep-alive.failure
f81c0	20 61 63 74 69 6f 6e 3a 00 60 60 61 63 74 69 76 65 2d 62 61 63 6b 75 70 60 60 20 2d 20 41 63 74	.action:.``active-backup``.-.Act
f81e0	69 76 65 2d 62 61 63 6b 75 70 20 70 6f 6c 69 63 79 3a 20 4f 6e 6c 79 20 6f 6e 65 20 73 6c 61 76	ive-backup.policy:.Only.one.slav
f8200	65 20 69 6e 20 74 68 65 20 62 6f 6e 64 20 69 73 20 61 63 74 69 76 65 2e 20 41 20 64 69 66 66 65	e.in.the.bond.is.active..A.diffe
f8220	72 65 6e 74 20 73 6c 61 76 65 20 62 65 63 6f 6d 65 73 20 61 63 74 69 76 65 20 69 66 2c 20 61 6e	rent.slave.becomes.active.if,.an
f8240	64 20 6f 6e 6c 79 20 69 66 2c 20 74 68 65 20 61 63 74 69 76 65 20 73 6c 61 76 65 20 66 61 69 6c	d.only.if,.the.active.slave.fail
f8260	73 2e 20 54 68 65 20 62 6f 6e 64 27 73 20 4d 41 43 20 61 64 64 72 65 73 73 20 69 73 20 65 78 74	s..The.bond's.MAC.address.is.ext
f8280	65 72 6e 61 6c 6c 79 20 76 69 73 69 62 6c 65 20 6f 6e 20 6f 6e 6c 79 20 6f 6e 65 20 70 6f 72 74	ernally.visible.on.only.one.port
f82a0	20 28 6e 65 74 77 6f 72 6b 20 61 64 61 70 74 65 72 29 20 74 6f 20 61 76 6f 69 64 20 63 6f 6e 66	.(network.adapter).to.avoid.conf
f82c0	75 73 69 6e 67 20 74 68 65 20 73 77 69 74 63 68 2e 00 60 60 61 64 61 70 74 69 76 65 2d 6c 6f 61	using.the.switch..``adaptive-loa
f82e0	64 2d 62 61 6c 61 6e 63 65 60 60 20 2d 20 41 64 61 70 74 69 76 65 20 6c 6f 61 64 20 62 61 6c 61	d-balance``.-.Adaptive.load.bala
f8300	6e 63 69 6e 67 3a 20 69 6e 63 6c 75 64 65 73 20 74 72 61 6e 73 6d 69 74 2d 6c 6f 61 64 2d 62 61	ncing:.includes.transmit-load-ba
f8320	6c 61 6e 63 65 20 70 6c 75 73 20 72 65 63 65 69 76 65 20 6c 6f 61 64 20 62 61 6c 61 6e 63 69 6e	lance.plus.receive.load.balancin
f8340	67 20 66 6f 72 20 49 50 56 34 20 74 72 61 66 66 69 63 2c 20 61 6e 64 20 64 6f 65 73 20 6e 6f 74	g.for.IPV4.traffic,.and.does.not
f8360	20 72 65 71 75 69 72 65 20 61 6e 79 20 73 70 65 63 69 61 6c 20 73 77 69 74 63 68 20 73 75 70 70	.require.any.special.switch.supp
f8380	6f 72 74 2e 20 54 68 65 20 72 65 63 65 69 76 65 20 6c 6f 61 64 20 62 61 6c 61 6e 63 69 6e 67 20	ort..The.receive.load.balancing.
f83a0	69 73 20 61 63 68 69 65 76 65 64 20 62 79 20 41 52 50 20 6e 65 67 6f 74 69 61 74 69 6f 6e 2e 20	is.achieved.by.ARP.negotiation..
f83c0	54 68 65 20 62 6f 6e 64 69 6e 67 20 64 72 69 76 65 72 20 69 6e 74 65 72 63 65 70 74 73 20 74 68	The.bonding.driver.intercepts.th
f83e0	65 20 41 52 50 20 52 65 70 6c 69 65 73 20 73 65 6e 74 20 62 79 20 74 68 65 20 6c 6f 63 61 6c 20	e.ARP.Replies.sent.by.the.local.
f8400	73 79 73 74 65 6d 20 6f 6e 20 74 68 65 69 72 20 77 61 79 20 6f 75 74 20 61 6e 64 20 6f 76 65 72	system.on.their.way.out.and.over
f8420	77 72 69 74 65 73 20 74 68 65 20 73 6f 75 72 63 65 20 68 61 72 64 77 61 72 65 20 61 64 64 72 65	writes.the.source.hardware.addre
f8440	73 73 20 77 69 74 68 20 74 68 65 20 75 6e 69 71 75 65 20 68 61 72 64 77 61 72 65 20 61 64 64 72	ss.with.the.unique.hardware.addr
f8460	65 73 73 20 6f 66 20 6f 6e 65 20 6f 66 20 74 68 65 20 73 6c 61 76 65 73 20 69 6e 20 74 68 65 20	ess.of.one.of.the.slaves.in.the.
f8480	62 6f 6e 64 20 73 75 63 68 20 74 68 61 74 20 64 69 66 66 65 72 65 6e 74 20 70 65 65 72 73 20 75	bond.such.that.different.peers.u
f84a0	73 65 20 64 69 66 66 65 72 65 6e 74 20 68 61 72 64 77 61 72 65 20 61 64 64 72 65 73 73 65 73 20	se.different.hardware.addresses.
f84c0	66 6f 72 20 74 68 65 20 73 65 72 76 65 72 2e 00 60 60 61 67 67 72 65 73 73 69 76 65 60 60 20 75	for.the.server..``aggressive``.u
f84e0	73 65 20 41 67 67 72 65 73 73 69 76 65 20 6d 6f 64 65 20 66 6f 72 20 4b 65 79 20 45 78 63 68 61	se.Aggressive.mode.for.Key.Excha
f8500	6e 67 65 73 20 69 6e 20 74 68 65 20 49 4b 45 76 31 20 70 72 6f 74 6f 63 6f 6c 20 61 67 67 72 65	nges.in.the.IKEv1.protocol.aggre
f8520	73 73 69 76 65 20 6d 6f 64 65 20 69 73 20 6d 75 63 68 20 6d 6f 72 65 20 69 6e 73 65 63 75 72 65	ssive.mode.is.much.more.insecure
f8540	20 63 6f 6d 70 61 72 65 64 20 74 6f 20 4d 61 69 6e 20 6d 6f 64 65 3b 00 60 60 61 6c 6c 2d 61 76	.compared.to.Main.mode;.``all-av
f8560	61 69 6c 61 62 6c 65 60 60 20 61 6c 6c 20 63 68 65 63 6b 69 6e 67 20 74 61 72 67 65 74 20 61 64	ailable``.all.checking.target.ad
f8580	64 72 65 73 73 65 73 20 6d 75 73 74 20 62 65 20 61 76 61 69 6c 61 62 6c 65 20 74 6f 20 70 61 73	dresses.must.be.available.to.pas
f85a0	73 20 74 68 69 73 20 63 68 65 63 6b 00 60 60 61 6e 79 2d 61 76 61 69 6c 61 62 6c 65 60 60 20 61	s.this.check.``any-available``.a
f85c0	6e 79 20 6f 66 20 74 68 65 20 63 68 65 63 6b 69 6e 67 20 74 61 72 67 65 74 20 61 64 64 72 65 73	ny.of.the.checking.target.addres
f85e0	73 65 73 20 6d 75 73 74 20 62 65 20 61 76 61 69 6c 61 62 6c 65 20 74 6f 20 70 61 73 73 20 74 68	ses.must.be.available.to.pass.th
f8600	69 73 20 63 68 65 63 6b 00 60 60 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 6c 6f 63 61 6c 2d	is.check.``authentication.local-
f8620	69 64 2f 72 65 6d 6f 74 65 2d 69 64 60 60 20 2d 20 49 4b 45 20 69 64 65 6e 74 69 66 69 63 61 74	id/remote-id``.-.IKE.identificat
f8640	69 6f 6e 20 69 73 20 75 73 65 64 20 66 6f 72 20 76 61 6c 69 64 61 74 69 6f 6e 20 6f 66 20 56 50	ion.is.used.for.validation.of.VP
f8660	4e 20 70 65 65 72 20 64 65 76 69 63 65 73 20 64 75 72 69 6e 67 20 49 4b 45 20 6e 65 67 6f 74 69	N.peer.devices.during.IKE.negoti
f8680	61 74 69 6f 6e 2e 20 49 66 20 79 6f 75 20 64 6f 20 6e 6f 74 20 63 6f 6e 66 69 67 75 72 65 20 6c	ation..If.you.do.not.configure.l
f86a0	6f 63 61 6c 2f 72 65 6d 6f 74 65 2d 69 64 65 6e 74 69 74 79 2c 20 74 68 65 20 64 65 76 69 63 65	ocal/remote-identity,.the.device
f86c0	20 75 73 65 73 20 74 68 65 20 49 50 76 34 20 6f 72 20 49 50 76 36 20 61 64 64 72 65 73 73 20 74	.uses.the.IPv4.or.IPv6.address.t
f86e0	68 61 74 20 63 6f 72 72 65 73 70 6f 6e 64 73 20 74 6f 20 74 68 65 20 6c 6f 63 61 6c 2f 72 65 6d	hat.corresponds.to.the.local/rem
f8700	6f 74 65 20 70 65 65 72 20 62 79 20 64 65 66 61 75 6c 74 2e 20 49 6e 20 63 65 72 74 61 69 6e 20	ote.peer.by.default..In.certain.
f8720	6e 65 74 77 6f 72 6b 20 73 65 74 75 70 73 20 28 6c 69 6b 65 20 69 70 73 65 63 20 69 6e 74 65 72	network.setups.(like.ipsec.inter
f8740	66 61 63 65 20 77 69 74 68 20 64 79 6e 61 6d 69 63 20 61 64 64 72 65 73 73 2c 20 6f 72 20 62 65	face.with.dynamic.address,.or.be
f8760	68 69 6e 64 20 74 68 65 20 4e 41 54 20 29 2c 20 74 68 65 20 49 4b 45 20 49 44 20 72 65 63 65 69	hind.the.NAT.),.the.IKE.ID.recei
f8780	76 65 64 20 66 72 6f 6d 20 74 68 65 20 70 65 65 72 20 64 6f 65 73 20 6e 6f 74 20 6d 61 74 63 68	ved.from.the.peer.does.not.match
f87a0	20 74 68 65 20 49 4b 45 20 67 61 74 65 77 61 79 20 63 6f 6e 66 69 67 75 72 65 64 20 6f 6e 20 74	.the.IKE.gateway.configured.on.t
f87c0	68 65 20 64 65 76 69 63 65 2e 20 54 68 69 73 20 63 61 6e 20 6c 65 61 64 20 74 6f 20 61 20 50 68	he.device..This.can.lead.to.a.Ph
f87e0	61 73 65 20 31 20 76 61 6c 69 64 61 74 69 6f 6e 20 66 61 69 6c 75 72 65 2e 20 53 6f 2c 20 6d 61	ase.1.validation.failure..So,.ma
f8800	6b 65 20 73 75 72 65 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 74 68 65 20 6c 6f 63 61 6c 2f 72	ke.sure.to.configure.the.local/r
f8820	65 6d 6f 74 65 20 69 64 20 65 78 70 6c 69 63 69 74 6c 79 20 61 6e 64 20 65 6e 73 75 72 65 20 74	emote.id.explicitly.and.ensure.t
f8840	68 61 74 20 74 68 65 20 49 4b 45 20 49 44 20 69 73 20 74 68 65 20 73 61 6d 65 20 61 73 20 74 68	hat.the.IKE.ID.is.the.same.as.th
f8860	65 20 72 65 6d 6f 74 65 2d 69 64 65 6e 74 69 74 79 20 63 6f 6e 66 69 67 75 72 65 64 20 6f 6e 20	e.remote-identity.configured.on.
f8880	74 68 65 20 70 65 65 72 20 64 65 76 69 63 65 2e 00 60 60 61 75 74 68 65 6e 74 69 63 61 74 69 6f	the.peer.device..``authenticatio
f88a0	6e 60 60 20 2d 20 63 6f 6e 66 69 67 75 72 65 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 62	n``.-.configure.authentication.b
f88c0	65 74 77 65 65 6e 20 56 79 4f 53 20 61 6e 64 20 61 20 72 65 6d 6f 74 65 20 70 65 65 72 2e 20 53	etween.VyOS.and.a.remote.peer..S
f88e0	75 62 6f 70 74 69 6f 6e 73 3a 00 60 60 62 60 60 20 2d 20 38 30 32 2e 31 31 62 20 2d 20 31 31 20	uboptions:.``b``.-.802.11b.-.11.
f8900	4d 62 69 74 73 2f 73 65 63 00 60 60 62 61 62 65 6c 60 60 20 2d 20 42 61 62 65 6c 20 72 6f 75 74	Mbits/sec.``babel``.-.Babel.rout
f8920	69 6e 67 20 70 72 6f 74 6f 63 6f 6c 20 28 42 61 62 65 6c 29 00 60 60 62 65 67 69 6e 60 60 20 4d	ing.protocol.(Babel).``begin``.M
f8940	61 74 63 68 65 73 20 74 68 65 20 62 65 67 69 6e 6e 69 6e 67 20 6f 66 20 74 68 65 20 55 52 4c 20	atches.the.beginning.of.the.URL.
f8960	70 61 74 68 00 60 60 62 67 70 60 60 20 2d 20 42 6f 72 64 65 72 20 47 61 74 65 77 61 79 20 50 72	path.``bgp``.-.Border.Gateway.Pr
f8980	6f 74 6f 63 6f 6c 20 28 42 47 50 29 00 60 60 62 69 6e 64 60 60 20 2d 20 73 65 6c 65 63 74 20 61	otocol.(BGP).``bind``.-.select.a
f89a0	20 56 54 49 20 69 6e 74 65 72 66 61 63 65 20 74 6f 20 62 69 6e 64 20 74 6f 20 74 68 69 73 20 70	.VTI.interface.to.bind.to.this.p
f89c0	65 65 72 3b 00 60 60 62 6c 61 63 6b 68 6f 6c 65 60 60 20 2d 20 20 20 20 20 20 20 20 20 20 20 20	eer;.``blackhole``.-............
f89e0	20 20 20 20 20 20 20 20 57 65 6c 6c 2d 6b 6e 6f 77 6e 20 63 6f 6d 6d 75 6e 69 74 69 65 73 20 76	........Well-known.communities.v
f8a00	61 6c 75 65 20 42 4c 41 43 4b 48 4f 4c 45 20 30 78 46 46 46 46 30 32 39 41 00 60 60 62 72 6f 61	alue.BLACKHOLE.0xFFFF029A.``broa
f8a20	64 63 61 73 74 60 60 20 2d 20 42 72 6f 61 64 63 61 73 74 20 70 6f 6c 69 63 79 3a 20 74 72 61 6e	dcast``.-.Broadcast.policy:.tran
f8a40	73 6d 69 74 73 20 65 76 65 72 79 74 68 69 6e 67 20 6f 6e 20 61 6c 6c 20 73 6c 61 76 65 20 69 6e	smits.everything.on.all.slave.in
f8a60	74 65 72 66 61 63 65 73 2e 00 60 60 62 75 72 73 74 60 60 3a 20 4e 75 6d 62 65 72 20 6f 66 20 70	terfaces..``burst``:.Number.of.p
f8a80	61 63 6b 65 74 73 20 61 6c 6c 6f 77 65 64 20 74 6f 20 6f 76 65 72 73 68 6f 6f 74 20 74 68 65 20	ackets.allowed.to.overshoot.the.
f8aa0	6c 69 6d 69 74 20 77 69 74 68 69 6e 20 60 60 70 65 72 69 6f 64 60 60 2e 20 44 65 66 61 75 6c 74	limit.within.``period``..Default
f8ac0	20 35 2e 00 60 60 63 61 2d 63 65 72 74 2d 66 69 6c 65 60 60 20 2d 20 43 41 20 63 65 72 74 69 66	.5..``ca-cert-file``.-.CA.certif
f8ae0	69 63 61 74 65 20 66 69 6c 65 2e 20 55 73 69 6e 67 20 66 6f 72 20 61 75 74 68 65 6e 74 69 63 61	icate.file..Using.for.authentica
f8b00	74 69 6e 67 20 72 65 6d 6f 74 65 20 70 65 65 72 3b 00 60 60 63 64 70 60 60 20 2d 20 4c 69 73 74	ting.remote.peer;.``cdp``.-.List
f8b20	65 6e 20 66 6f 72 20 43 44 50 20 66 6f 72 20 43 69 73 63 6f 20 72 6f 75 74 65 72 73 2f 73 77 69	en.for.CDP.for.Cisco.routers/swi
f8b40	74 63 68 65 73 00 60 60 63 65 72 74 2d 66 69 6c 65 60 60 20 2d 20 63 65 72 74 69 66 69 63 61 74	tches.``cert-file``.-.certificat
f8b60	65 20 66 69 6c 65 2c 20 77 68 69 63 68 20 77 69 6c 6c 20 62 65 20 75 73 65 64 20 66 6f 72 20 61	e.file,.which.will.be.used.for.a
f8b80	75 74 68 65 6e 74 69 63 61 74 69 6e 67 20 6c 6f 63 61 6c 20 72 6f 75 74 65 72 20 6f 6e 20 72 65	uthenticating.local.router.on.re
f8ba0	6d 6f 74 65 20 70 65 65 72 3b 00 60 60 63 6c 65 61 72 60 60 20 73 65 74 20 61 63 74 69 6f 6e 20	mote.peer;.``clear``.set.action.
f8bc0	74 6f 20 63 6c 65 61 72 3b 00 60 60 63 6c 6f 73 65 2d 61 63 74 69 6f 6e 20 3d 20 6e 6f 6e 65 20	to.clear;.``close-action.=.none.
f8be0	7c 20 63 6c 65 61 72 20 7c 20 68 6f 6c 64 20 7c 20 72 65 73 74 61 72 74 60 60 20 2d 20 64 65 66	|.clear.|.hold.|.restart``.-.def
f8c00	69 6e 65 73 20 74 68 65 20 61 63 74 69 6f 6e 20 74 6f 20 74 61 6b 65 20 69 66 20 74 68 65 20 72	ines.the.action.to.take.if.the.r
f8c20	65 6d 6f 74 65 20 70 65 65 72 20 75 6e 65 78 70 65 63 74 65 64 6c 79 20 63 6c 6f 73 65 73 20 61	emote.peer.unexpectedly.closes.a
f8c40	20 43 48 49 4c 44 5f 53 41 20 28 73 65 65 20 61 62 6f 76 65 20 66 6f 72 20 6d 65 61 6e 69 6e 67	.CHILD_SA.(see.above.for.meaning
f8c60	20 6f 66 20 76 61 6c 75 65 73 29 2e 20 41 20 63 6c 6f 73 65 61 63 74 69 6f 6e 20 73 68 6f 75 6c	.of.values)..A.closeaction.shoul
f8c80	64 20 6e 6f 74 20 62 65 20 75 73 65 64 20 69 66 20 74 68 65 20 70 65 65 72 20 75 73 65 73 20 72	d.not.be.used.if.the.peer.uses.r
f8ca0	65 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 6f 72 20 75 6e 69 71 75 65 69 64 73 2e 00 60 60	eauthentication.or.uniqueids..``
f8cc0	63 6c 6f 73 65 2d 61 63 74 69 6f 6e 60 60 20 64 65 66 69 6e 65 73 20 74 68 65 20 61 63 74 69 6f	close-action``.defines.the.actio
f8ce0	6e 20 74 6f 20 74 61 6b 65 20 69 66 20 74 68 65 20 72 65 6d 6f 74 65 20 70 65 65 72 20 75 6e 65	n.to.take.if.the.remote.peer.une
f8d00	78 70 65 63 74 65 64 6c 79 20 63 6c 6f 73 65 73 20 61 20 43 48 49 4c 44 5f 53 41 3a 00 60 60 63	xpectedly.closes.a.CHILD_SA:.``c
f8d20	6f 6d 70 72 65 73 73 69 6f 6e 60 60 20 20 45 6e 61 62 6c 65 73 20 74 68 65 20 20 49 50 43 6f 6d	ompression``..Enables.the..IPCom
f8d40	70 28 49 50 20 50 61 79 6c 6f 61 64 20 43 6f 6d 70 72 65 73 73 69 6f 6e 29 20 70 72 6f 74 6f 63	p(IP.Payload.Compression).protoc
f8d60	6f 6c 20 77 68 69 63 68 20 61 6c 6c 6f 77 73 20 63 6f 6d 70 72 65 73 73 69 6e 67 20 74 68 65 20	ol.which.allows.compressing.the.
f8d80	63 6f 6e 74 65 6e 74 20 6f 66 20 49 50 20 70 61 63 6b 65 74 73 2e 00 60 60 63 6f 6d 70 72 65 73	content.of.IP.packets..``compres
f8da0	73 69 6f 6e 60 60 20 77 68 65 74 68 65 72 20 49 50 43 6f 6d 70 20 63 6f 6d 70 72 65 73 73 69 6f	sion``.whether.IPComp.compressio
f8dc0	6e 20 6f 66 20 63 6f 6e 74 65 6e 74 20 69 73 20 70 72 6f 70 6f 73 65 64 20 6f 6e 20 74 68 65 20	n.of.content.is.proposed.on.the.
f8de0	63 6f 6e 6e 65 63 74 69 6f 6e 3a 00 60 60 63 6f 6e 6e 65 63 74 65 64 60 60 20 2d 20 43 6f 6e 6e	connection:.``connected``.-.Conn
f8e00	65 63 74 65 64 20 72 6f 75 74 65 73 20 28 64 69 72 65 63 74 6c 79 20 61 74 74 61 63 68 65 64 20	ected.routes.(directly.attached.
f8e20	73 75 62 6e 65 74 20 6f 72 20 68 6f 73 74 29 00 60 60 63 6f 6e 6e 65 63 74 69 6f 6e 2d 74 79 70	subnet.or.host).``connection-typ
f8e40	65 60 60 20 2d 20 68 6f 77 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 69 73 20 63 6f 6e 6e 65 63 74	e``.-.how.to.handle.this.connect
f8e60	69 6f 6e 20 70 72 6f 63 65 73 73 2e 20 50 6f 73 73 69 62 6c 65 20 76 61 72 69 61 6e 74 73 3a 00	ion.process..Possible.variants:.
f8e80	60 60 63 72 6c 2d 66 69 6c 65 60 60 20 2d 20 66 69 6c 65 20 77 69 74 68 20 74 68 65 20 43 65 72	``crl-file``.-.file.with.the.Cer
f8ea0	74 69 66 69 63 61 74 65 20 52 65 76 6f 63 61 74 69 6f 6e 20 4c 69 73 74 2e 20 55 73 69 6e 67 20	tificate.Revocation.List..Using.
f8ec0	74 6f 20 63 68 65 63 6b 20 69 66 20 61 20 63 65 72 74 69 66 69 63 61 74 65 20 66 6f 72 20 74 68	to.check.if.a.certificate.for.th
f8ee0	65 20 72 65 6d 6f 74 65 20 70 65 65 72 20 69 73 20 76 61 6c 69 64 20 6f 72 20 72 65 76 6f 6b 65	e.remote.peer.is.valid.or.revoke
f8f00	64 3b 00 60 60 64 60 60 20 2d 20 45 78 65 63 75 74 69 6f 6e 20 69 6e 74 65 72 76 61 6c 20 69 6e	d;.``d``.-.Execution.interval.in
f8f20	20 64 61 79 73 00 60 60 64 65 61 64 2d 70 65 65 72 2d 64 65 74 65 63 74 69 6f 6e 20 61 63 74 69	.days.``dead-peer-detection.acti
f8f40	6f 6e 20 3d 20 63 6c 65 61 72 20 7c 20 68 6f 6c 64 20 7c 20 72 65 73 74 61 72 74 60 60 20 2d 20	on.=.clear.|.hold.|.restart``.-.
f8f60	52 5f 55 5f 54 48 45 52 45 20 6e 6f 74 69 66 69 63 61 74 69 6f 6e 20 6d 65 73 73 61 67 65 73 28	R_U_THERE.notification.messages(
f8f80	49 4b 45 76 31 29 20 6f 72 20 65 6d 70 74 79 20 49 4e 46 4f 52 4d 41 54 49 4f 4e 41 4c 20 6d 65	IKEv1).or.empty.INFORMATIONAL.me
f8fa0	73 73 61 67 65 73 20 28 49 4b 45 76 32 29 20 61 72 65 20 70 65 72 69 6f 64 69 63 61 6c 6c 79 20	ssages.(IKEv2).are.periodically.
f8fc0	73 65 6e 74 20 69 6e 20 6f 72 64 65 72 20 74 6f 20 63 68 65 63 6b 20 74 68 65 20 6c 69 76 65 6c	sent.in.order.to.check.the.livel
f8fe0	69 6e 65 73 73 20 6f 66 20 74 68 65 20 49 50 73 65 63 20 70 65 65 72 2e 20 54 68 65 20 76 61 6c	iness.of.the.IPsec.peer..The.val
f9000	75 65 73 20 63 6c 65 61 72 2c 20 68 6f 6c 64 2c 20 61 6e 64 20 72 65 73 74 61 72 74 20 61 6c 6c	ues.clear,.hold,.and.restart.all
f9020	20 61 63 74 69 76 61 74 65 20 44 50 44 20 61 6e 64 20 64 65 74 65 72 6d 69 6e 65 20 74 68 65 20	.activate.DPD.and.determine.the.
f9040	61 63 74 69 6f 6e 20 74 6f 20 70 65 72 66 6f 72 6d 20 6f 6e 20 61 20 74 69 6d 65 6f 75 74 2e 20	action.to.perform.on.a.timeout..
f9060	57 69 74 68 20 60 60 63 6c 65 61 72 60 60 20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 69 73	With.``clear``.the.connection.is
f9080	20 63 6c 6f 73 65 64 20 77 69 74 68 20 6e 6f 20 66 75 72 74 68 65 72 20 61 63 74 69 6f 6e 73 20	.closed.with.no.further.actions.
f90a0	74 61 6b 65 6e 2e 20 60 60 68 6f 6c 64 60 60 20 69 6e 73 74 61 6c 6c 73 20 61 20 74 72 61 70 20	taken..``hold``.installs.a.trap.
f90c0	70 6f 6c 69 63 79 2c 20 77 68 69 63 68 20 77 69 6c 6c 20 63 61 74 63 68 20 6d 61 74 63 68 69 6e	policy,.which.will.catch.matchin
f90e0	67 20 74 72 61 66 66 69 63 20 61 6e 64 20 74 72 69 65 73 20 74 6f 20 72 65 2d 6e 65 67 6f 74 69	g.traffic.and.tries.to.re-negoti
f9100	61 74 65 20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 6f 6e 20 64 65 6d 61 6e 64 2e 20 60 60	ate.the.connection.on.demand..``
f9120	72 65 73 74 61 72 74 60 60 20 77 69 6c 6c 20 69 6d 6d 65 64 69 61 74 65 6c 79 20 74 72 69 67 67	restart``.will.immediately.trigg
f9140	65 72 20 61 6e 20 61 74 74 65 6d 70 74 20 74 6f 20 72 65 2d 6e 65 67 6f 74 69 61 74 65 20 74 68	er.an.attempt.to.re-negotiate.th
f9160	65 20 63 6f 6e 6e 65 63 74 69 6f 6e 2e 00 60 60 64 65 61 64 2d 70 65 65 72 2d 64 65 74 65 63 74	e.connection..``dead-peer-detect
f9180	69 6f 6e 60 60 20 63 6f 6e 74 72 6f 6c 73 20 74 68 65 20 75 73 65 20 6f 66 20 74 68 65 20 44 65	ion``.controls.the.use.of.the.De
f91a0	61 64 20 50 65 65 72 20 44 65 74 65 63 74 69 6f 6e 20 70 72 6f 74 6f 63 6f 6c 20 28 44 50 44 2c	ad.Peer.Detection.protocol.(DPD,
f91c0	20 52 46 43 20 33 37 30 36 29 20 77 68 65 72 65 20 52 5f 55 5f 54 48 45 52 45 20 6e 6f 74 69 66	.RFC.3706).where.R_U_THERE.notif
f91e0	69 63 61 74 69 6f 6e 20 6d 65 73 73 61 67 65 73 20 28 49 4b 45 76 31 29 20 6f 72 20 65 6d 70 74	ication.messages.(IKEv1).or.empt
f9200	79 20 49 4e 46 4f 52 4d 41 54 49 4f 4e 41 4c 20 6d 65 73 73 61 67 65 73 20 28 49 4b 45 76 32 29	y.INFORMATIONAL.messages.(IKEv2)
f9220	20 61 72 65 20 70 65 72 69 6f 64 69 63 61 6c 6c 79 20 73 65 6e 74 20 69 6e 20 6f 72 64 65 72 20	.are.periodically.sent.in.order.
f9240	74 6f 20 63 68 65 63 6b 20 74 68 65 20 6c 69 76 65 6c 69 6e 65 73 73 20 6f 66 20 74 68 65 20 49	to.check.the.liveliness.of.the.I
f9260	50 73 65 63 20 70 65 65 72 3a 00 60 60 64 65 66 61 75 6c 74 2d 65 73 70 2d 67 72 6f 75 70 60 60	Psec.peer:.``default-esp-group``
f9280	20 2d 20 45 53 50 20 67 72 6f 75 70 20 74 6f 20 75 73 65 20 62 79 20 64 65 66 61 75 6c 74 20 66	.-.ESP.group.to.use.by.default.f
f92a0	6f 72 20 74 72 61 66 66 69 63 20 65 6e 63 72 79 70 74 69 6f 6e 2e 20 4d 69 67 68 74 20 62 65 20	or.traffic.encryption..Might.be.
f92c0	6f 76 65 72 77 72 69 74 74 65 6e 20 62 79 20 69 6e 64 69 76 69 64 75 61 6c 20 73 65 74 74 69 6e	overwritten.by.individual.settin
f92e0	67 73 20 66 6f 72 20 74 75 6e 6e 65 6c 20 6f 72 20 56 54 49 20 69 6e 74 65 72 66 61 63 65 20 62	gs.for.tunnel.or.VTI.interface.b
f9300	69 6e 64 69 6e 67 3b 00 60 60 64 65 73 63 72 69 70 74 69 6f 6e 60 60 20 2d 20 64 65 73 63 72 69	inding;.``description``.-.descri
f9320	70 74 69 6f 6e 20 66 6f 72 20 74 68 69 73 20 70 65 65 72 3b 00 60 60 64 68 2d 67 72 6f 75 70 60	ption.for.this.peer;.``dh-group`
f9340	60 20 64 68 2d 67 72 6f 75 70 3b 00 60 60 64 68 63 70 2d 69 6e 74 65 72 66 61 63 65 60 60 20 2d	`.dh-group;.``dhcp-interface``.-
f9360	20 49 44 20 66 6f 72 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 67 65 6e 65 72 61 74 65 64	.ID.for.authentication.generated
f9380	20 66 72 6f 6d 20 44 48 43 50 20 61 64 64 72 65 73 73 20 64 79 6e 61 6d 69 63 61 6c 6c 79 3b 00	.from.DHCP.address.dynamically;.
f93a0	60 60 64 68 63 70 2d 69 6e 74 65 72 66 61 63 65 60 60 20 2d 20 75 73 65 20 61 6e 20 49 50 20 61	``dhcp-interface``.-.use.an.IP.a
f93c0	64 64 72 65 73 73 2c 20 72 65 63 65 69 76 65 64 20 66 72 6f 6d 20 44 48 43 50 20 66 6f 72 20 49	ddress,.received.from.DHCP.for.I
f93e0	50 53 65 63 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 77 69 74 68 20 74 68 69 73 20 70 65 65 72 2c 20	PSec.connection.with.this.peer,.
f9400	69 6e 73 74 65 61 64 20 6f 66 20 60 60 6c 6f 63 61 6c 2d 61 64 64 72 65 73 73 60 60 3b 00 60 60	instead.of.``local-address``;.``
f9420	64 69 73 61 62 6c 65 2d 6d 6f 62 69 6b 65 60 60 20 64 69 73 61 62 6c 65 73 20 4d 4f 42 49 4b 45	disable-mobike``.disables.MOBIKE
f9440	20 53 75 70 70 6f 72 74 2e 20 4d 4f 42 49 4b 45 20 69 73 20 6f 6e 6c 79 20 61 76 61 69 6c 61 62	.Support..MOBIKE.is.only.availab
f9460	6c 65 20 66 6f 72 20 49 4b 45 76 32 20 61 6e 64 20 65 6e 61 62 6c 65 64 20 62 79 20 64 65 66 61	le.for.IKEv2.and.enabled.by.defa
f9480	75 6c 74 2e 00 60 60 64 69 73 61 62 6c 65 2d 72 6f 75 74 65 2d 61 75 74 6f 69 6e 73 74 61 6c 6c	ult..``disable-route-autoinstall
f94a0	60 60 20 2d 20 54 68 69 73 20 6f 70 74 69 6f 6e 20 77 68 65 6e 20 63 6f 6e 66 69 67 75 72 65 64	``.-.This.option.when.configured
f94c0	20 64 69 73 61 62 6c 65 73 20 74 68 65 20 72 6f 75 74 65 73 20 69 6e 73 74 61 6c 6c 65 64 20 69	.disables.the.routes.installed.i
f94e0	6e 20 74 68 65 20 64 65 66 61 75 6c 74 20 74 61 62 6c 65 20 32 32 30 20 66 6f 72 20 73 69 74 65	n.the.default.table.220.for.site
f9500	2d 74 6f 2d 73 69 74 65 20 69 70 73 65 63 2e 20 49 74 20 69 73 20 6d 6f 73 74 6c 79 20 75 73 65	-to-site.ipsec..It.is.mostly.use
f9520	64 20 77 69 74 68 20 56 54 49 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2e 00 60 60 64 69 73 61	d.with.VTI.configuration..``disa
f9540	62 6c 65 2d 72 6f 75 74 65 2d 61 75 74 6f 69 6e 73 74 61 6c 6c 60 60 20 44 6f 20 6e 6f 74 20 61	ble-route-autoinstall``.Do.not.a
f9560	75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 69 6e 73 74 61 6c 6c 20 72 6f 75 74 65 73 20 74 6f 20 72	utomatically.install.routes.to.r
f9580	65 6d 6f 74 65 20 6e 65 74 77 6f 72 6b 73 3b 00 60 60 64 69 73 61 62 6c 65 60 60 20 2d 20 64 69	emote.networks;.``disable``.-.di
f95a0	73 61 62 6c 65 20 74 68 69 73 20 74 75 6e 6e 65 6c 3b 00 60 60 64 69 73 61 62 6c 65 60 60 20 44	sable.this.tunnel;.``disable``.D
f95c0	69 73 61 62 6c 65 20 50 46 53 3b 00 60 60 64 69 73 61 62 6c 65 60 60 20 64 69 73 61 62 6c 65 20	isable.PFS;.``disable``.disable.
f95e0	49 50 43 6f 6d 70 20 63 6f 6d 70 72 65 73 73 69 6f 6e 20 28 64 65 66 61 75 6c 74 29 3b 00 60 60	IPComp.compression.(default);.``
f9600	64 69 73 61 62 6c 65 60 60 20 64 69 73 61 62 6c 65 20 4d 4f 42 49 4b 45 3b 00 60 60 64 72 6f 70	disable``.disable.MOBIKE;.``drop
f9620	60 60 3a 20 64 72 6f 70 20 74 68 65 20 70 61 63 6b 65 74 2e 00 60 60 65 63 64 73 61 2d 73 68 61	``:.drop.the.packet..``ecdsa-sha
f9640	32 2d 6e 69 73 74 70 32 35 36 60 60 00 60 60 65 63 64 73 61 2d 73 68 61 32 2d 6e 69 73 74 70 33	2-nistp256``.``ecdsa-sha2-nistp3
f9660	38 34 60 60 00 60 60 65 63 64 73 61 2d 73 68 61 32 2d 6e 69 73 74 70 35 32 31 60 60 00 60 60 65	84``.``ecdsa-sha2-nistp521``.``e
f9680	64 70 60 60 20 2d 20 4c 69 73 74 65 6e 20 66 6f 72 20 45 44 50 20 66 6f 72 20 45 78 74 72 65 6d	dp``.-.Listen.for.EDP.for.Extrem
f96a0	65 20 72 6f 75 74 65 72 73 2f 73 77 69 74 63 68 65 73 00 60 60 65 6e 61 62 6c 65 60 60 20 49 6e	e.routers/switches.``enable``.In
f96c0	68 65 72 69 74 20 44 69 66 66 69 65 2d 48 65 6c 6c 6d 61 6e 20 67 72 6f 75 70 20 66 72 6f 6d 20	herit.Diffie-Hellman.group.from.
f96e0	49 4b 45 20 67 72 6f 75 70 20 28 64 65 66 61 75 6c 74 29 3b 00 60 60 65 6e 61 62 6c 65 60 60 20	IKE.group.(default);.``enable``.
f9700	65 6e 61 62 6c 65 20 49 50 43 6f 6d 70 20 63 6f 6d 70 72 65 73 73 69 6f 6e 3b 00 60 60 65 6e 61	enable.IPComp.compression;.``ena
f9720	62 6c 65 60 60 20 65 6e 61 62 6c 65 20 4d 4f 42 49 4b 45 20 28 64 65 66 61 75 6c 74 20 66 6f 72	ble``.enable.MOBIKE.(default.for
f9740	20 49 4b 45 76 32 29 3b 00 60 60 65 6e 63 72 79 70 74 69 6f 6e 60 60 20 65 6e 63 72 79 70 74 69	.IKEv2);.``encryption``.encrypti
f9760	6f 6e 20 61 6c 67 6f 72 69 74 68 6d 20 28 64 65 66 61 75 6c 74 20 31 32 38 20 62 69 74 20 41 45	on.algorithm.(default.128.bit.AE
f9780	53 2d 43 42 43 29 3b 00 60 60 65 6e 63 72 79 70 74 69 6f 6e 60 60 20 65 6e 63 72 79 70 74 69 6f	S-CBC);.``encryption``.encryptio
f97a0	6e 20 61 6c 67 6f 72 69 74 68 6d 3b 00 60 60 65 6e 64 60 60 20 4d 61 74 63 68 65 73 20 74 68 65	n.algorithm;.``end``.Matches.the
f97c0	20 65 6e 64 20 6f 66 20 74 68 65 20 55 52 4c 20 70 61 74 68 2e 00 60 60 65 73 70 2d 67 72 6f 75	.end.of.the.URL.path..``esp-grou
f97e0	70 60 60 20 2d 20 64 65 66 69 6e 65 20 45 53 50 20 67 72 6f 75 70 20 66 6f 72 20 65 6e 63 72 79	p``.-.define.ESP.group.for.encry
f9800	70 74 20 74 72 61 66 66 69 63 2c 20 64 65 66 69 6e 65 64 20 62 79 20 74 68 69 73 20 74 75 6e 6e	pt.traffic,.defined.by.this.tunn
f9820	65 6c 3b 00 60 60 65 73 70 2d 67 72 6f 75 70 60 60 20 2d 20 64 65 66 69 6e 65 20 45 53 50 20 67	el;.``esp-group``.-.define.ESP.g
f9840	72 6f 75 70 20 66 6f 72 20 65 6e 63 72 79 70 74 20 74 72 61 66 66 69 63 2c 20 70 61 73 73 65 64	roup.for.encrypt.traffic,.passed
f9860	20 74 68 69 73 20 56 54 49 20 69 6e 74 65 72 66 61 63 65 2e 00 60 60 65 78 61 63 74 60 60 20 52	.this.VTI.interface..``exact``.R
f9880	65 71 75 69 72 65 73 20 61 6e 20 65 78 61 63 74 6c 79 20 6d 61 74 63 68 20 6f 66 20 74 68 65 20	equires.an.exactly.match.of.the.
f98a0	55 52 4c 20 70 61 74 68 00 60 60 66 64 70 60 60 20 2d 20 4c 69 73 74 65 6e 20 66 6f 72 20 46 44	URL.path.``fdp``.-.Listen.for.FD
f98c0	50 20 66 6f 72 20 46 6f 75 6e 64 72 79 20 72 6f 75 74 65 72 73 2f 73 77 69 74 63 68 65 73 00 60	P.for.Foundry.routers/switches.`
f98e0	60 66 69 6c 65 60 60 20 2d 20 70 61 74 68 20 74 6f 20 74 68 65 20 6b 65 79 20 66 69 6c 65 3b 00	`file``.-.path.to.the.key.file;.
f9900	60 60 66 6c 65 78 76 70 6e 60 60 20 41 6c 6c 6f 77 20 46 6c 65 78 56 50 4e 20 76 65 6e 64 6f 72	``flexvpn``.Allow.FlexVPN.vendor
f9920	20 49 44 20 70 61 79 6c 6f 61 64 20 28 49 4b 45 76 32 20 6f 6e 6c 79 29 2e 20 53 65 6e 64 20 74	.ID.payload.(IKEv2.only)..Send.t
f9940	68 65 20 43 69 73 63 6f 20 46 6c 65 78 56 50 4e 20 76 65 6e 64 6f 72 20 49 44 20 70 61 79 6c 6f	he.Cisco.FlexVPN.vendor.ID.paylo
f9960	61 64 20 28 49 4b 45 76 32 20 6f 6e 6c 79 29 2c 20 77 68 69 63 68 20 69 73 20 72 65 71 75 69 72	ad.(IKEv2.only),.which.is.requir
f9980	65 64 20 69 6e 20 6f 72 64 65 72 20 74 6f 20 6d 61 6b 65 20 43 69 73 63 6f 20 62 72 61 6e 64 20	ed.in.order.to.make.Cisco.brand.
f99a0	64 65 76 69 63 65 73 20 61 6c 6c 6f 77 20 6e 65 67 6f 74 69 61 74 69 6e 67 20 61 20 6c 6f 63 61	devices.allow.negotiating.a.loca
f99c0	6c 20 74 72 61 66 66 69 63 20 73 65 6c 65 63 74 6f 72 20 28 66 72 6f 6d 20 73 74 72 6f 6e 67 53	l.traffic.selector.(from.strongS
f99e0	77 61 6e 27 73 20 70 6f 69 6e 74 20 6f 66 20 76 69 65 77 29 20 74 68 61 74 20 69 73 20 6e 6f 74	wan's.point.of.view).that.is.not
f9a00	20 74 68 65 20 61 73 73 69 67 6e 65 64 20 76 69 72 74 75 61 6c 20 49 50 20 61 64 64 72 65 73 73	.the.assigned.virtual.IP.address
f9a20	20 69 66 20 73 75 63 68 20 61 6e 20 61 64 64 72 65 73 73 20 69 73 20 72 65 71 75 65 73 74 65 64	.if.such.an.address.is.requested
f9a40	20 62 79 20 73 74 72 6f 6e 67 53 77 61 6e 2e 20 53 65 6e 64 69 6e 67 20 74 68 65 20 43 69 73 63	.by.strongSwan..Sending.the.Cisc
f9a60	6f 20 46 6c 65 78 56 50 4e 20 76 65 6e 64 6f 72 20 49 44 20 70 72 65 76 65 6e 74 73 20 74 68 65	o.FlexVPN.vendor.ID.prevents.the
f9a80	20 70 65 65 72 20 66 72 6f 6d 20 6e 61 72 72 6f 77 69 6e 67 20 74 68 65 20 69 6e 69 74 69 61 74	.peer.from.narrowing.the.initiat
f9aa0	6f 72 27 73 20 6c 6f 63 61 6c 20 74 72 61 66 66 69 63 20 73 65 6c 65 63 74 6f 72 20 61 6e 64 20	or's.local.traffic.selector.and.
f9ac0	61 6c 6c 6f 77 73 20 69 74 20 74 6f 20 65 2e 67 2e 20 6e 65 67 6f 74 69 61 74 65 20 61 20 54 53	allows.it.to.e.g..negotiate.a.TS
f9ae0	20 6f 66 20 30 2e 30 2e 30 2e 30 2f 30 20 3d 3d 20 30 2e 30 2e 30 2e 30 2f 30 20 69 6e 73 74 65	.of.0.0.0.0/0.==.0.0.0.0/0.inste
f9b00	61 64 2e 20 54 68 69 73 20 68 61 73 20 62 65 65 6e 20 74 65 73 74 65 64 20 77 69 74 68 20 61 20	ad..This.has.been.tested.with.a.
f9b20	22 74 75 6e 6e 65 6c 20 6d 6f 64 65 20 69 70 73 65 63 20 69 70 76 34 22 20 43 69 73 63 6f 20 74	"tunnel.mode.ipsec.ipv4".Cisco.t
f9b40	65 6d 70 6c 61 74 65 20 62 75 74 20 73 68 6f 75 6c 64 20 61 6c 73 6f 20 77 6f 72 6b 20 66 6f 72	emplate.but.should.also.work.for
f9b60	20 47 52 45 20 65 6e 63 61 70 73 75 6c 61 74 69 6f 6e 3b 00 60 60 66 6f 72 63 65 2d 75 64 70 2d	.GRE.encapsulation;.``force-udp-
f9b80	65 6e 63 61 70 73 75 6c 61 74 69 6f 6e 60 60 20 2d 20 66 6f 72 63 65 20 65 6e 63 61 70 73 75 6c	encapsulation``.-.force.encapsul
f9ba0	61 74 69 6f 6e 20 6f 66 20 45 53 50 20 69 6e 74 6f 20 55 44 50 20 64 61 74 61 67 72 61 6d 73 2e	ation.of.ESP.into.UDP.datagrams.
f9bc0	20 55 73 65 66 75 6c 20 69 6e 20 63 61 73 65 20 69 66 20 62 65 74 77 65 65 6e 20 6c 6f 63 61 6c	.Useful.in.case.if.between.local
f9be0	20 61 6e 64 20 72 65 6d 6f 74 65 20 73 69 64 65 20 69 73 20 66 69 72 65 77 61 6c 6c 20 6f 72 20	.and.remote.side.is.firewall.or.
f9c00	4e 41 54 2c 20 77 68 69 63 68 20 6e 6f 74 20 61 6c 6c 6f 77 73 20 70 61 73 73 69 6e 67 20 70 6c	NAT,.which.not.allows.passing.pl
f9c20	61 69 6e 20 45 53 50 20 70 61 63 6b 65 74 73 20 62 65 74 77 65 65 6e 20 74 68 65 6d 3b 00 60 60	ain.ESP.packets.between.them;.``
f9c40	67 60 60 20 2d 20 38 30 32 2e 31 31 67 20 2d 20 35 34 20 4d 62 69 74 73 2f 73 65 63 20 28 64 65	g``.-.802.11g.-.54.Mbits/sec.(de
f9c60	66 61 75 6c 74 29 00 60 60 67 72 61 63 65 66 75 6c 2d 73 68 75 74 64 6f 77 6e 60 60 20 2d 20 20	fault).``graceful-shutdown``.-..
f9c80	20 20 20 20 20 20 20 20 20 20 57 65 6c 6c 2d 6b 6e 6f 77 6e 20 63 6f 6d 6d 75 6e 69 74 69 65 73	..........Well-known.communities
f9ca0	20 76 61 6c 75 65 20 47 52 41 43 45 46 55 4c 5f 53 48 55 54 44 4f 57 4e 20 30 78 46 46 46 46 30	.value.GRACEFUL_SHUTDOWN.0xFFFF0
f9cc0	30 30 30 00 60 60 68 60 60 20 2d 20 45 78 65 63 75 74 69 6f 6e 20 69 6e 74 65 72 76 61 6c 20 69	000.``h``.-.Execution.interval.i
f9ce0	6e 20 68 6f 75 72 73 00 60 60 68 61 73 68 60 60 20 68 61 73 68 20 61 6c 67 6f 72 69 74 68 6d 20	n.hours.``hash``.hash.algorithm.
f9d00	28 64 65 66 61 75 6c 74 20 73 68 61 31 29 2e 00 60 60 68 61 73 68 60 60 20 68 61 73 68 20 61 6c	(default.sha1)..``hash``.hash.al
f9d20	67 6f 72 69 74 68 6d 2e 00 60 60 68 6f 6c 64 60 60 20 73 65 74 20 61 63 74 69 6f 6e 20 74 6f 20	gorithm..``hold``.set.action.to.
f9d40	68 6f 6c 64 20 28 64 65 66 61 75 6c 74 29 00 60 60 68 6f 6c 64 60 60 20 73 65 74 20 61 63 74 69	hold.(default).``hold``.set.acti
f9d60	6f 6e 20 74 6f 20 68 6f 6c 64 3b 00 60 60 68 74 34 30 2b 60 60 20 2d 20 42 6f 74 68 20 32 30 20	on.to.hold;.``ht40+``.-.Both.20.
f9d80	4d 48 7a 20 61 6e 64 20 34 30 20 4d 48 7a 20 77 69 74 68 20 73 65 63 6f 6e 64 61 72 79 20 63 68	MHz.and.40.MHz.with.secondary.ch
f9da0	61 6e 6e 65 6c 20 61 62 6f 76 65 20 74 68 65 20 70 72 69 6d 61 72 79 20 63 68 61 6e 6e 65 6c 00	annel.above.the.primary.channel.
f9dc0	60 60 68 74 34 30 2d 60 60 20 2d 20 42 6f 74 68 20 32 30 20 4d 48 7a 20 61 6e 64 20 34 30 20 4d	``ht40-``.-.Both.20.MHz.and.40.M
f9de0	48 7a 20 77 69 74 68 20 73 65 63 6f 6e 64 61 72 79 20 63 68 61 6e 6e 65 6c 20 62 65 6c 6f 77 20	Hz.with.secondary.channel.below.
f9e00	74 68 65 20 70 72 69 6d 61 72 79 20 63 68 61 6e 6e 65 6c 00 60 60 68 76 63 30 60 60 20 2d 20 58	the.primary.channel.``hvc0``.-.X
f9e20	65 6e 20 63 6f 6e 73 6f 6c 65 00 60 60 69 64 60 60 20 2d 20 73 74 61 74 69 63 20 49 44 27 73 20	en.console.``id``.-.static.ID's.
f9e40	66 6f 72 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 2e 20 49 6e 20 67 65 6e 65 72 61 6c 20 6c	for.authentication..In.general.l
f9e60	6f 63 61 6c 20 61 6e 64 20 72 65 6d 6f 74 65 20 61 64 64 72 65 73 73 20 60 60 3c 78 2e 78 2e 78	ocal.and.remote.address.``<x.x.x
f9e80	2e 78 3e 60 60 2c 20 60 60 3c 68 3a 68 3a 68 3a 68 3a 68 3a 68 3a 68 3a 68 3e 60 60 20 6f 72 20	.x>``,.``<h:h:h:h:h:h:h:h>``.or.
f9ea0	60 60 25 61 6e 79 60 60 3b 00 60 60 69 6b 65 2d 67 72 6f 75 70 60 60 20 2d 20 49 4b 45 20 67 72	``%any``;.``ike-group``.-.IKE.gr
f9ec0	6f 75 70 20 74 6f 20 75 73 65 20 66 6f 72 20 6b 65 79 20 65 78 63 68 61 6e 67 65 73 3b 00 60 60	oup.to.use.for.key.exchanges;.``
f9ee0	69 6b 65 76 31 60 60 20 75 73 65 20 49 4b 45 76 31 20 66 6f 72 20 4b 65 79 20 45 78 63 68 61 6e	ikev1``.use.IKEv1.for.Key.Exchan
f9f00	67 65 3b 00 60 60 69 6b 65 76 32 2d 72 65 61 75 74 68 60 60 20 2d 20 72 65 61 75 74 68 65 6e 74	ge;.``ikev2-reauth``.-.reauthent
f9f20	69 63 61 74 65 20 72 65 6d 6f 74 65 20 70 65 65 72 20 64 75 72 69 6e 67 20 74 68 65 20 72 65 6b	icate.remote.peer.during.the.rek
f9f40	65 79 69 6e 67 20 70 72 6f 63 65 73 73 2e 20 43 61 6e 20 62 65 20 75 73 65 64 20 6f 6e 6c 79 20	eying.process..Can.be.used.only.
f9f60	77 69 74 68 20 49 4b 45 76 32 2e 20 43 72 65 61 74 65 20 61 20 6e 65 77 20 49 4b 45 5f 53 41 20	with.IKEv2..Create.a.new.IKE_SA.
f9f80	66 72 6f 6d 20 74 68 65 20 73 63 72 61 74 63 68 20 61 6e 64 20 74 72 79 20 74 6f 20 72 65 63 72	from.the.scratch.and.try.to.recr
f9fa0	65 61 74 65 20 61 6c 6c 20 49 50 73 65 63 20 53 41 73 3b 00 60 60 69 6b 65 76 32 2d 72 65 61 75	eate.all.IPsec.SAs;.``ikev2-reau
f9fc0	74 68 60 60 20 77 68 65 74 68 65 72 20 72 65 6b 65 79 69 6e 67 20 6f 66 20 61 6e 20 49 4b 45 5f	th``.whether.rekeying.of.an.IKE_
f9fe0	53 41 20 73 68 6f 75 6c 64 20 61 6c 73 6f 20 72 65 61 75 74 68 65 6e 74 69 63 61 74 65 20 74 68	SA.should.also.reauthenticate.th
fa000	65 20 70 65 65 72 2e 20 49 6e 20 49 4b 45 76 31 2c 20 72 65 61 75 74 68 65 6e 74 69 63 61 74 69	e.peer..In.IKEv1,.reauthenticati
fa020	6f 6e 20 69 73 20 61 6c 77 61 79 73 20 64 6f 6e 65 2e 20 53 65 74 74 69 6e 67 20 74 68 69 73 20	on.is.always.done..Setting.this.
fa040	70 61 72 61 6d 65 74 65 72 20 65 6e 61 62 6c 65 73 20 72 65 6d 6f 74 65 20 68 6f 73 74 20 72 65	parameter.enables.remote.host.re
fa060	2d 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 64 75 72 69 6e 67 20 61 6e 20 49 4b 45 20 72 65	-authentication.during.an.IKE.re
fa080	6b 65 79 2e 00 60 60 69 6b 65 76 32 2d 72 65 61 75 74 68 60 60 20 77 68 65 74 68 65 72 20 72 65	key..``ikev2-reauth``.whether.re
fa0a0	6b 65 79 69 6e 67 20 6f 66 20 61 6e 20 49 4b 45 5f 53 41 20 73 68 6f 75 6c 64 20 61 6c 73 6f 20	keying.of.an.IKE_SA.should.also.
fa0c0	72 65 61 75 74 68 65 6e 74 69 63 61 74 65 20 74 68 65 20 70 65 65 72 2e 20 49 6e 20 49 4b 45 76	reauthenticate.the.peer..In.IKEv
fa0e0	31 2c 20 72 65 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 69 73 20 61 6c 77 61 79 73 20 64 6f	1,.reauthentication.is.always.do
fa100	6e 65 3a 00 60 60 69 6b 65 76 32 60 60 20 75 73 65 20 49 4b 45 76 32 20 66 6f 72 20 4b 65 79 20	ne:.``ikev2``.use.IKEv2.for.Key.
fa120	45 78 63 68 61 6e 67 65 3b 00 60 60 69 6e 60 60 3a 20 52 75 6c 65 73 65 74 20 66 6f 72 20 66 6f	Exchange;.``in``:.Ruleset.for.fo
fa140	72 77 61 72 64 65 64 20 70 61 63 6b 65 74 73 20 6f 6e 20 61 6e 20 69 6e 62 6f 75 6e 64 20 69 6e	rwarded.packets.on.an.inbound.in
fa160	74 65 72 66 61 63 65 00 60 60 69 6e 69 74 69 61 74 65 60 60 20 2d 20 64 6f 65 73 20 69 6e 69 74	terface.``initiate``.-.does.init
fa180	69 61 6c 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 74 6f 20 72 65 6d 6f 74 65 20 70 65 65 72 20 69 6d	ial.connection.to.remote.peer.im
fa1a0	6d 65 64 69 61 74 65 6c 79 20 61 66 74 65 72 20 63 6f 6e 66 69 67 75 72 69 6e 67 20 61 6e 64 20	mediately.after.configuring.and.
fa1c0	61 66 74 65 72 20 62 6f 6f 74 2e 20 49 6e 20 74 68 69 73 20 6d 6f 64 65 20 74 68 65 20 63 6f 6e	after.boot..In.this.mode.the.con
fa1e0	6e 65 63 74 69 6f 6e 20 77 69 6c 6c 20 6e 6f 74 20 62 65 20 72 65 73 74 61 72 74 65 64 20 69 6e	nection.will.not.be.restarted.in
fa200	20 63 61 73 65 20 6f 66 20 64 69 73 63 6f 6e 6e 65 63 74 69 6f 6e 2c 20 74 68 65 72 65 66 6f 72	.case.of.disconnection,.therefor
fa220	65 20 73 68 6f 75 6c 64 20 62 65 20 75 73 65 64 20 6f 6e 6c 79 20 74 6f 67 65 74 68 65 72 20 77	e.should.be.used.only.together.w
fa240	69 74 68 20 44 50 44 20 6f 72 20 61 6e 6f 74 68 65 72 20 73 65 73 73 69 6f 6e 20 74 72 61 63 6b	ith.DPD.or.another.session.track
fa260	69 6e 67 20 6d 65 74 68 6f 64 73 3b 00 60 60 69 6e 74 65 72 66 61 63 65 60 60 20 49 6e 74 65 72	ing.methods;.``interface``.Inter
fa280	66 61 63 65 20 4e 61 6d 65 20 74 6f 20 75 73 65 2e 20 54 68 65 20 6e 61 6d 65 20 6f 66 20 74 68	face.Name.to.use..The.name.of.th
fa2a0	65 20 69 6e 74 65 72 66 61 63 65 20 6f 6e 20 77 68 69 63 68 20 76 69 72 74 75 61 6c 20 49 50 20	e.interface.on.which.virtual.IP.
fa2c0	61 64 64 72 65 73 73 65 73 20 73 68 6f 75 6c 64 20 62 65 20 69 6e 73 74 61 6c 6c 65 64 2e 20 49	addresses.should.be.installed..I
fa2e0	66 20 6e 6f 74 20 73 70 65 63 69 66 69 65 64 20 74 68 65 20 61 64 64 72 65 73 73 65 73 20 77 69	f.not.specified.the.addresses.wi
fa300	6c 6c 20 62 65 20 69 6e 73 74 61 6c 6c 65 64 20 6f 6e 20 74 68 65 20 6f 75 74 62 6f 75 6e 64 20	ll.be.installed.on.the.outbound.
fa320	69 6e 74 65 72 66 61 63 65 3b 00 60 60 69 6e 74 65 72 66 61 63 65 60 60 20 69 73 20 75 73 65 64	interface;.``interface``.is.used
fa340	20 66 6f 72 20 74 68 65 20 56 79 4f 53 20 43 4c 49 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 69 64 65	.for.the.VyOS.CLI.command.to.ide
fa360	6e 74 69 66 79 20 74 68 65 20 57 69 72 65 47 75 61 72 64 20 69 6e 74 65 72 66 61 63 65 20 77 68	ntify.the.WireGuard.interface.wh
fa380	65 72 65 20 74 68 69 73 20 70 72 69 76 61 74 65 20 6b 65 79 20 69 73 20 74 6f 20 62 65 20 75 73	ere.this.private.key.is.to.be.us
fa3a0	65 64 2e 00 60 60 69 6e 74 65 72 6e 65 74 60 60 20 2d 20 20 20 20 20 20 20 20 20 20 20 20 20 20	ed..``internet``.-..............
fa3c0	20 20 20 20 20 20 20 57 65 6c 6c 2d 6b 6e 6f 77 6e 20 63 6f 6d 6d 75 6e 69 74 69 65 73 20 76 61	.......Well-known.communities.va
fa3e0	6c 75 65 20 30 00 60 60 69 6e 74 65 72 76 61 6c 60 60 20 6b 65 65 70 2d 61 6c 69 76 65 20 69 6e	lue.0.``interval``.keep-alive.in
fa400	74 65 72 76 61 6c 20 69 6e 20 73 65 63 6f 6e 64 73 20 3c 32 2d 38 36 34 30 30 3e 20 28 64 65 66	terval.in.seconds.<2-86400>.(def
fa420	61 75 6c 74 20 33 30 29 3b 00 60 60 69 73 69 73 60 60 20 2d 20 49 6e 74 65 72 6d 65 64 69 61 74	ault.30);.``isis``.-.Intermediat
fa440	65 20 53 79 73 74 65 6d 20 74 6f 20 49 6e 74 65 72 6d 65 64 69 61 74 65 20 53 79 73 74 65 6d 20	e.System.to.Intermediate.System.
fa460	28 49 53 2d 49 53 29 00 60 60 6a 75 6d 70 60 60 3a 20 6a 75 6d 70 20 74 6f 20 61 6e 6f 74 68 65	(IS-IS).``jump``:.jump.to.anothe
fa480	72 20 63 75 73 74 6f 6d 20 63 68 61 69 6e 2e 00 60 60 6b 65 72 6e 65 6c 60 60 20 2d 20 4b 65 72	r.custom.chain..``kernel``.-.Ker
fa4a0	6e 65 6c 20 72 6f 75 74 65 73 00 60 60 6b 65 79 2d 65 78 63 68 61 6e 67 65 60 60 20 77 68 69 63	nel.routes.``key-exchange``.whic
fa4c0	68 20 70 72 6f 74 6f 63 6f 6c 20 73 68 6f 75 6c 64 20 62 65 20 75 73 65 64 20 74 6f 20 69 6e 69	h.protocol.should.be.used.to.ini
fa4e0	74 69 61 6c 69 7a 65 20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 49 66 20 6e 6f 74 20 73 65	tialize.the.connection.If.not.se
fa500	74 20 62 6f 74 68 20 70 72 6f 74 6f 63 6f 6c 73 20 61 72 65 20 68 61 6e 64 6c 65 64 20 61 6e 64	t.both.protocols.are.handled.and
fa520	20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 77 69 6c 6c 20 75 73 65 20 49 4b 45 76 32 20 77 68 65 6e	.connections.will.use.IKEv2.when
fa540	20 69 6e 69 74 69 61 74 69 6e 67 2c 20 62 75 74 20 61 63 63 65 70 74 20 61 6e 79 20 70 72 6f 74	.initiating,.but.accept.any.prot
fa560	6f 63 6f 6c 20 76 65 72 73 69 6f 6e 20 77 68 65 6e 20 72 65 73 70 6f 6e 64 69 6e 67 3a 00 60 60	ocol.version.when.responding:.``
fa580	6b 65 79 60 60 20 2d 20 61 20 70 72 69 76 61 74 65 20 6b 65 79 2c 20 77 68 69 63 68 20 77 69 6c	key``.-.a.private.key,.which.wil
fa5a0	6c 20 62 65 20 75 73 65 64 20 66 6f 72 20 61 75 74 68 65 6e 74 69 63 61 74 69 6e 67 20 6c 6f 63	l.be.used.for.authenticating.loc
fa5c0	61 6c 20 72 6f 75 74 65 72 20 6f 6e 20 72 65 6d 6f 74 65 20 70 65 65 72 3a 00 60 60 6c 61 74 65	al.router.on.remote.peer:.``late
fa5e0	6e 63 79 60 60 3a 20 41 20 73 65 72 76 65 72 20 70 72 6f 66 69 6c 65 20 66 6f 63 75 73 65 64 20	ncy``:.A.server.profile.focused.
fa600	6f 6e 20 6c 6f 77 65 72 69 6e 67 20 6e 65 74 77 6f 72 6b 20 6c 61 74 65 6e 63 79 2e 20 54 68 69	on.lowering.network.latency..Thi
fa620	73 20 70 72 6f 66 69 6c 65 20 66 61 76 6f 72 73 20 70 65 72 66 6f 72 6d 61 6e 63 65 20 6f 76 65	s.profile.favors.performance.ove
fa640	72 20 70 6f 77 65 72 20 73 61 76 69 6e 67 73 20 62 79 20 73 65 74 74 69 6e 67 20 60 60 69 6e 74	r.power.savings.by.setting.``int
fa660	65 6c 5f 70 73 74 61 74 65 60 60 20 61 6e 64 20 60 60 6d 69 6e 5f 70 65 72 66 5f 70 63 74 3d 31	el_pstate``.and.``min_perf_pct=1
fa680	30 30 60 60 2e 00 60 60 6c 65 61 73 74 2d 63 6f 6e 6e 65 63 74 69 6f 6e 60 60 20 44 69 73 74 72	00``..``least-connection``.Distr
fa6a0	69 62 75 74 65 73 20 72 65 71 75 65 73 74 73 20 74 70 20 74 6a 65 20 73 65 72 76 65 72 20 77 6f	ibutes.requests.tp.tje.server.wo
fa6c0	74 6a 20 74 68 65 20 66 65 77 65 73 74 20 61 63 74 69 76 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 73	tj.the.fewest.active.connections
fa6e0	00 60 60 6c 69 66 65 2d 62 79 74 65 73 60 60 20 45 53 50 20 6c 69 66 65 20 69 6e 20 62 79 74 65	.``life-bytes``.ESP.life.in.byte
fa700	73 20 3c 31 30 32 34 2d 32 36 38 34 33 35 34 35 36 30 30 30 30 30 3e 2e 20 4e 75 6d 62 65 72 20	s.<1024-26843545600000>..Number.
fa720	6f 66 20 62 79 74 65 73 20 74 72 61 6e 73 6d 69 74 74 65 64 20 6f 76 65 72 20 61 6e 20 49 50 73	of.bytes.transmitted.over.an.IPs
fa740	65 63 20 53 41 20 62 65 66 6f 72 65 20 69 74 20 65 78 70 69 72 65 73 3b 00 60 60 6c 69 66 65 2d	ec.SA.before.it.expires;.``life-
fa760	70 61 63 6b 65 74 73 60 60 20 45 53 50 20 6c 69 66 65 20 69 6e 20 70 61 63 6b 65 74 73 20 3c 31	packets``.ESP.life.in.packets.<1
fa780	30 30 30 2d 32 36 38 34 33 35 34 35 36 30 30 30 30 30 3e 2e 20 4e 75 6d 62 65 72 20 6f 66 20 70	000-26843545600000>..Number.of.p
fa7a0	61 63 6b 65 74 73 20 74 72 61 6e 73 6d 69 74 74 65 64 20 6f 76 65 72 20 61 6e 20 49 50 73 65 63	ackets.transmitted.over.an.IPsec
fa7c0	20 53 41 20 62 65 66 6f 72 65 20 69 74 20 65 78 70 69 72 65 73 3b 00 60 60 6c 69 66 65 74 69 6d	.SA.before.it.expires;.``lifetim
fa7e0	65 60 60 20 45 53 50 20 6c 69 66 65 74 69 6d 65 20 69 6e 20 73 65 63 6f 6e 64 73 20 3c 33 30 2d	e``.ESP.lifetime.in.seconds.<30-
fa800	38 36 34 30 30 3e 20 28 64 65 66 61 75 6c 74 20 33 36 30 30 29 2e 20 48 6f 77 20 6c 6f 6e 67 20	86400>.(default.3600)..How.long.
fa820	61 20 70 61 72 74 69 63 75 6c 61 72 20 69 6e 73 74 61 6e 63 65 20 6f 66 20 61 20 63 6f 6e 6e 65	a.particular.instance.of.a.conne
fa840	63 74 69 6f 6e 20 28 61 20 73 65 74 20 6f 66 20 65 6e 63 72 79 70 74 69 6f 6e 2f 61 75 74 68 65	ction.(a.set.of.encryption/authe
fa860	6e 74 69 63 61 74 69 6f 6e 20 6b 65 79 73 20 66 6f 72 20 75 73 65 72 20 70 61 63 6b 65 74 73 29	ntication.keys.for.user.packets)
fa880	20 73 68 6f 75 6c 64 20 6c 61 73 74 2c 20 66 72 6f 6d 20 73 75 63 63 65 73 73 66 75 6c 20 6e 65	.should.last,.from.successful.ne
fa8a0	67 6f 74 69 61 74 69 6f 6e 20 74 6f 20 65 78 70 69 72 79 3b 00 60 60 6c 69 66 65 74 69 6d 65 60	gotiation.to.expiry;.``lifetime`
fa8c0	60 20 49 4b 45 20 6c 69 66 65 74 69 6d 65 20 69 6e 20 73 65 63 6f 6e 64 73 20 3c 30 2d 38 36 34	`.IKE.lifetime.in.seconds.<0-864
fa8e0	30 30 3e 20 28 64 65 66 61 75 6c 74 20 32 38 38 30 30 29 3b 00 60 60 6c 69 66 65 74 69 6d 65 60	00>.(default.28800);.``lifetime`
fa900	60 20 49 4b 45 20 6c 69 66 65 74 69 6d 65 20 69 6e 20 73 65 63 6f 6e 64 73 20 3c 33 30 2d 38 36	`.IKE.lifetime.in.seconds.<30-86
fa920	34 30 30 3e 20 28 64 65 66 61 75 6c 74 20 32 38 38 30 30 29 3b 00 60 60 6c 6c 67 72 2d 73 74 61	400>.(default.28800);.``llgr-sta
fa940	6c 65 60 60 20 2d 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 57 65 6c 6c 2d 6b 6e	le``.-...................Well-kn
fa960	6f 77 6e 20 63 6f 6d 6d 75 6e 69 74 69 65 73 20 76 61 6c 75 65 20 4c 4c 47 52 5f 53 54 41 4c 45	own.communities.value.LLGR_STALE
fa980	20 30 78 46 46 46 46 30 30 30 36 00 60 60 6c 6f 63 61 6c 2d 61 64 64 72 65 73 73 60 60 20 2d 20	.0xFFFF0006.``local-address``.-.
fa9a0	6c 6f 63 61 6c 20 49 50 20 61 64 64 72 65 73 73 20 66 6f 72 20 49 50 53 65 63 20 63 6f 6e 6e 65	local.IP.address.for.IPSec.conne
fa9c0	63 74 69 6f 6e 20 77 69 74 68 20 74 68 69 73 20 70 65 65 72 2e 20 49 66 20 64 65 66 69 6e 65 64	ction.with.this.peer..If.defined
fa9e0	20 60 60 61 6e 79 60 60 2c 20 74 68 65 6e 20 61 6e 20 49 50 20 61 64 64 72 65 73 73 20 77 68 69	.``any``,.then.an.IP.address.whi
faa00	63 68 20 63 6f 6e 66 69 67 75 72 65 64 20 6f 6e 20 69 6e 74 65 72 66 61 63 65 20 77 69 74 68 20	ch.configured.on.interface.with.
faa20	64 65 66 61 75 6c 74 20 72 6f 75 74 65 20 77 69 6c 6c 20 62 65 20 75 73 65 64 3b 00 60 60 6c 6f	default.route.will.be.used;.``lo
faa40	63 61 6c 2d 61 73 60 60 20 2d 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 57	cal-as``.-.....................W
faa60	65 6c 6c 2d 6b 6e 6f 77 6e 20 63 6f 6d 6d 75 6e 69 74 69 65 73 20 76 61 6c 75 65 20 4e 4f 5f 45	ell-known.communities.value.NO_E
faa80	58 50 4f 52 54 5f 53 55 42 43 4f 4e 46 45 44 20 30 78 46 46 46 46 46 46 30 33 00 60 60 6c 6f 63	XPORT_SUBCONFED.0xFFFFFF03.``loc
faaa0	61 6c 2d 69 64 60 60 20 2d 20 49 44 20 66 6f 72 20 74 68 65 20 6c 6f 63 61 6c 20 56 79 4f 53 20	al-id``.-.ID.for.the.local.VyOS.
faac0	72 6f 75 74 65 72 2e 20 49 66 20 64 65 66 69 6e 65 64 2c 20 64 75 72 69 6e 67 20 74 68 65 20 61	router..If.defined,.during.the.a
faae0	75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 69 74 20 77 69 6c 6c 20 62 65 20 73 65 6e 64 20 74 6f	uthentication.it.will.be.send.to
fab00	20 72 65 6d 6f 74 65 20 70 65 65 72 3b 00 60 60 6c 6f 63 61 6c 60 60 20 2d 20 64 65 66 69 6e 65	.remote.peer;.``local``.-.define
fab20	20 61 20 6c 6f 63 61 6c 20 73 6f 75 72 63 65 20 66 6f 72 20 6d 61 74 63 68 20 74 72 61 66 66 69	.a.local.source.for.match.traffi
fab40	63 2c 20 77 68 69 63 68 20 73 68 6f 75 6c 64 20 62 65 20 65 6e 63 72 79 70 74 65 64 20 61 6e 64	c,.which.should.be.encrypted.and
fab60	20 73 65 6e 64 20 74 6f 20 74 68 69 73 20 70 65 65 72 3a 00 60 60 6c 6f 63 61 6c 60 60 3a 20 52	.send.to.this.peer:.``local``:.R
fab80	75 6c 65 73 65 74 20 66 6f 72 20 70 61 63 6b 65 74 73 20 64 65 73 74 69 6e 65 64 20 66 6f 72 20	uleset.for.packets.destined.for.
faba0	74 68 69 73 20 72 6f 75 74 65 72 00 60 60 6d 60 60 20 2d 20 45 78 65 63 75 74 69 6f 6e 20 69 6e	this.router.``m``.-.Execution.in
fabc0	74 65 72 76 61 6c 20 69 6e 20 6d 69 6e 75 74 65 73 00 60 60 6d 61 69 6e 60 60 20 52 6f 75 74 69	terval.in.minutes.``main``.Routi
fabe0	6e 67 20 74 61 62 6c 65 20 75 73 65 64 20 62 79 20 56 79 4f 53 20 61 6e 64 20 6f 74 68 65 72 20	ng.table.used.by.VyOS.and.other.
fac00	69 6e 74 65 72 66 61 63 65 73 20 6e 6f 74 20 70 61 72 74 69 63 69 70 61 74 69 6e 67 20 69 6e 20	interfaces.not.participating.in.
fac20	50 42 52 00 60 60 6d 61 69 6e 60 60 20 75 73 65 20 4d 61 69 6e 20 6d 6f 64 65 20 66 6f 72 20 4b	PBR.``main``.use.Main.mode.for.K
fac40	65 79 20 45 78 63 68 61 6e 67 65 73 20 69 6e 20 74 68 65 20 49 4b 45 76 31 20 50 72 6f 74 6f 63	ey.Exchanges.in.the.IKEv1.Protoc
fac60	6f 6c 20 28 52 65 63 6f 6d 6d 65 6e 64 65 64 20 44 65 66 61 75 6c 74 29 3b 00 60 60 6d 65 73 73	ol.(Recommended.Default);.``mess
fac80	61 67 65 60 60 3a 20 46 75 6c 6c 20 6d 65 73 73 61 67 65 20 74 68 61 74 20 68 61 73 20 74 72 69	age``:.Full.message.that.has.tri
faca0	67 67 65 72 65 64 20 74 68 65 20 73 63 72 69 70 74 2e 00 60 60 6d 6f 62 69 6b 65 60 60 20 65 6e	ggered.the.script..``mobike``.en
facc0	61 62 6c 65 20 4d 4f 42 49 4b 45 20 53 75 70 70 6f 72 74 2e 20 4d 4f 42 49 4b 45 20 69 73 20 6f	able.MOBIKE.Support..MOBIKE.is.o
face0	6e 6c 79 20 61 76 61 69 6c 61 62 6c 65 20 66 6f 72 20 49 4b 45 76 32 3a 00 60 60 6d 6f 64 65 60	nly.available.for.IKEv2:.``mode`
fad00	60 20 2d 20 6d 6f 64 65 20 66 6f 72 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 62 65 74 77	`.-.mode.for.authentication.betw
fad20	65 65 6e 20 56 79 4f 53 20 61 6e 64 20 72 65 6d 6f 74 65 20 70 65 65 72 3a 00 60 60 6d 6f 64 65	een.VyOS.and.remote.peer:.``mode
fad40	60 60 20 49 4b 45 76 31 20 50 68 61 73 65 20 31 20 4d 6f 64 65 20 53 65 6c 65 63 74 69 6f 6e 3a	``.IKEv1.Phase.1.Mode.Selection:
fad60	00 60 60 6d 6f 64 65 60 60 20 74 68 65 20 74 79 70 65 20 6f 66 20 74 68 65 20 63 6f 6e 6e 65 63	.``mode``.the.type.of.the.connec
fad80	74 69 6f 6e 3a 00 60 60 6d 6f 6e 69 74 6f 72 60 60 20 2d 20 50 61 73 73 69 76 65 6c 79 20 6d 6f	tion:.``monitor``.-.Passively.mo
fada0	6e 69 74 6f 72 20 61 6c 6c 20 70 61 63 6b 65 74 73 20 6f 6e 20 74 68 65 20 66 72 65 71 75 65 6e	nitor.all.packets.on.the.frequen
fadc0	63 79 2f 63 68 61 6e 6e 65 6c 00 60 60 6d 75 6c 74 69 2d 75 73 65 72 2d 62 65 61 6d 66 6f 72 6d	cy/channel.``multi-user-beamform
fade0	65 65 60 60 20 2d 20 53 75 70 70 6f 72 74 20 66 6f 72 20 6f 70 65 72 61 74 69 6f 6e 20 61 73 20	ee``.-.Support.for.operation.as.
fae00	73 69 6e 67 6c 65 20 75 73 65 72 20 62 65 61 6d 66 6f 72 6d 65 72 00 60 60 6d 75 6c 74 69 2d 75	single.user.beamformer.``multi-u
fae20	73 65 72 2d 62 65 61 6d 66 6f 72 6d 65 72 60 60 20 2d 20 53 75 70 70 6f 72 74 20 66 6f 72 20 6f	ser-beamformer``.-.Support.for.o
fae40	70 65 72 61 74 69 6f 6e 20 61 73 20 73 69 6e 67 6c 65 20 75 73 65 72 20 62 65 61 6d 66 6f 72 6d	peration.as.single.user.beamform
fae60	65 72 00 60 60 6e 60 60 20 2d 20 38 30 32 2e 31 31 6e 20 2d 20 36 30 30 20 4d 62 69 74 73 2f 73	er.``n``.-.802.11n.-.600.Mbits/s
fae80	65 63 00 60 60 6e 61 6d 65 60 60 20 69 73 20 75 73 65 64 20 66 6f 72 20 74 68 65 20 56 79 4f 53	ec.``name``.is.used.for.the.VyOS
faea0	20 43 4c 49 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 69 64 65 6e 74 69 66 79 20 74 68 69 73 20 6b 65	.CLI.command.to.identify.this.ke
faec0	79 2e 20 54 68 69 73 20 6b 65 79 20 60 60 6e 61 6d 65 60 60 20 69 73 20 74 68 65 6e 20 75 73 65	y..This.key.``name``.is.then.use
faee0	64 20 69 6e 20 74 68 65 20 43 4c 49 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 74 6f 20 72 65	d.in.the.CLI.configuration.to.re
faf00	66 65 72 65 6e 63 65 20 74 68 65 20 6b 65 79 20 69 6e 73 74 61 6e 63 65 2e 00 60 60 6e 65 74 2e	ference.the.key.instance..``net.
faf20	69 70 76 34 2e 63 6f 6e 66 2e 61 6c 6c 2e 61 63 63 65 70 74 5f 72 65 64 69 72 65 63 74 73 60 60	ipv4.conf.all.accept_redirects``
faf40	00 60 60 6e 65 74 2e 69 70 76 34 2e 63 6f 6e 66 2e 61 6c 6c 2e 61 63 63 65 70 74 5f 73 6f 75 72	.``net.ipv4.conf.all.accept_sour
faf60	63 65 5f 72 6f 75 74 65 60 60 00 60 60 6e 65 74 2e 69 70 76 34 2e 63 6f 6e 66 2e 61 6c 6c 2e 6c	ce_route``.``net.ipv4.conf.all.l
faf80	6f 67 5f 6d 61 72 74 69 61 6e 73 60 60 00 60 60 6e 65 74 2e 69 70 76 34 2e 63 6f 6e 66 2e 61 6c	og_martians``.``net.ipv4.conf.al
fafa0	6c 2e 72 70 5f 66 69 6c 74 65 72 60 60 00 60 60 6e 65 74 2e 69 70 76 34 2e 63 6f 6e 66 2e 61 6c	l.rp_filter``.``net.ipv4.conf.al
fafc0	6c 2e 73 65 6e 64 5f 72 65 64 69 72 65 63 74 73 60 60 00 60 60 6e 65 74 2e 69 70 76 34 2e 69 63	l.send_redirects``.``net.ipv4.ic
fafe0	6d 70 5f 65 63 68 6f 5f 69 67 6e 6f 72 65 5f 62 72 6f 61 64 63 61 73 74 73 60 60 00 60 60 6e 65	mp_echo_ignore_broadcasts``.``ne
fb000	74 2e 69 70 76 34 2e 74 63 70 5f 72 66 63 31 33 33 37 60 60 00 60 60 6e 65 74 2e 69 70 76 34 2e	t.ipv4.tcp_rfc1337``.``net.ipv4.
fb020	74 63 70 5f 73 79 6e 63 6f 6f 6b 69 65 73 60 60 00 60 60 6e 65 74 2e 69 70 76 36 2e 63 6f 6e 66	tcp_syncookies``.``net.ipv6.conf
fb040	2e 61 6c 6c 2e 61 63 63 65 70 74 5f 72 65 64 69 72 65 63 74 73 60 60 00 60 60 6e 65 74 2e 69 70	.all.accept_redirects``.``net.ip
fb060	76 36 2e 63 6f 6e 66 2e 61 6c 6c 2e 61 63 63 65 70 74 5f 73 6f 75 72 63 65 5f 72 6f 75 74 65 60	v6.conf.all.accept_source_route`
fb080	60 00 60 60 6e 6f 2d 61 64 76 65 72 74 69 73 65 60 60 20 2d 20 20 20 20 20 20 20 20 20 20 20 20	`.``no-advertise``.-............
fb0a0	20 20 20 20 20 57 65 6c 6c 2d 6b 6e 6f 77 6e 20 63 6f 6d 6d 75 6e 69 74 69 65 73 20 76 61 6c 75	.....Well-known.communities.valu
fb0c0	65 20 4e 4f 5f 41 44 56 45 52 54 49 53 45 20 30 78 46 46 46 46 46 46 30 32 00 60 60 6e 6f 2d 65	e.NO_ADVERTISE.0xFFFFFF02.``no-e
fb0e0	78 70 6f 72 74 60 60 20 2d 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 57 65 6c	xport``.-....................Wel
fb100	6c 2d 6b 6e 6f 77 6e 20 63 6f 6d 6d 75 6e 69 74 69 65 73 20 76 61 6c 75 65 20 4e 4f 5f 45 58 50	l-known.communities.value.NO_EXP
fb120	4f 52 54 20 30 78 46 46 46 46 46 46 30 31 00 60 60 6e 6f 2d 6c 6c 67 72 60 60 20 2d 20 20 20 20	ORT.0xFFFFFF01.``no-llgr``.-....
fb140	20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 57 65 6c 6c 2d 6b 6e 6f 77 6e 20 63 6f 6d	..................Well-known.com
fb160	6d 75 6e 69 74 69 65 73 20 76 61 6c 75 65 20 4e 4f 5f 4c 4c 47 52 20 30 78 46 46 46 46 30 30 30	munities.value.NO_LLGR.0xFFFF000
fb180	37 00 60 60 6e 6f 2d 70 65 65 72 60 60 20 2d 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20	7.``no-peer``.-.................
fb1a0	20 20 20 20 20 57 65 6c 6c 2d 6b 6e 6f 77 6e 20 63 6f 6d 6d 75 6e 69 74 69 65 73 20 76 61 6c 75	.....Well-known.communities.valu
fb1c0	65 20 4e 4f 50 45 45 52 20 30 78 46 46 46 46 46 46 30 34 00 60 60 6e 6f 60 60 20 64 69 73 61 62	e.NOPEER.0xFFFFFF04.``no``.disab
fb1e0	6c 65 20 72 65 6d 6f 74 65 20 68 6f 73 74 20 72 65 2d 61 75 74 68 65 6e 74 69 63 61 74 6f 6e 20	le.remote.host.re-authenticaton.
fb200	64 75 72 69 6e 67 20 61 6e 20 49 4b 45 20 72 65 6b 65 79 3b 00 60 60 6e 6f 6e 65 60 60 20 2d 20	during.an.IKE.rekey;.``none``.-.
fb220	45 78 65 63 75 74 69 6f 6e 20 69 6e 74 65 72 76 61 6c 20 69 6e 20 6d 69 6e 75 74 65 73 00 60 60	Execution.interval.in.minutes.``
fb240	6e 6f 6e 65 60 60 20 2d 20 6c 6f 61 64 73 20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 6f 6e	none``.-.loads.the.connection.on
fb260	6c 79 2c 20 77 68 69 63 68 20 74 68 65 6e 20 63 61 6e 20 62 65 20 6d 61 6e 75 61 6c 6c 79 20 69	ly,.which.then.can.be.manually.i
fb280	6e 69 74 69 61 74 65 64 20 6f 72 20 75 73 65 64 20 61 73 20 61 20 72 65 73 70 6f 6e 64 65 72 20	nitiated.or.used.as.a.responder.
fb2a0	63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2e 00 60 60 6e 6f 6e 65 60 60 20 73 65 74 20 61 63 74 69	configuration..``none``.set.acti
fb2c0	6f 6e 20 74 6f 20 6e 6f 6e 65 20 28 64 65 66 61 75 6c 74 29 3b 00 60 60 6e 6f 73 65 6c 65 63 74	on.to.none.(default);.``noselect
fb2e0	60 60 20 6d 61 72 6b 73 20 74 68 65 20 73 65 72 76 65 72 20 61 73 20 75 6e 75 73 65 64 2c 20 65	``.marks.the.server.as.unused,.e
fb300	78 63 65 70 74 20 66 6f 72 20 64 69 73 70 6c 61 79 20 70 75 72 70 6f 73 65 73 2e 20 54 68 65 20	xcept.for.display.purposes..The.
fb320	73 65 72 76 65 72 20 69 73 20 64 69 73 63 61 72 64 65 64 20 62 79 20 74 68 65 20 73 65 6c 65 63	server.is.discarded.by.the.selec
fb340	74 69 6f 6e 20 61 6c 67 6f 72 69 74 68 6d 2e 00 60 60 6e 74 73 60 60 20 65 6e 61 62 6c 65 73 20	tion.algorithm..``nts``.enables.
fb360	4e 65 74 77 6f 72 6b 20 54 69 6d 65 20 53 65 63 75 72 69 74 79 20 28 4e 54 53 29 20 66 6f 72 20	Network.Time.Security.(NTS).for.
fb380	74 68 65 20 73 65 72 76 65 72 20 61 73 20 73 70 65 63 69 66 69 65 64 20 69 6e 20 3a 72 66 63 3a	the.server.as.specified.in.:rfc:
fb3a0	60 38 39 31 35 60 00 60 60 6f 70 74 69 6f 6e 73 60 60 00 60 60 6f 73 70 66 60 60 20 2d 20 4f 70	`8915`.``options``.``ospf``.-.Op
fb3c0	65 6e 20 53 68 6f 72 74 65 73 74 20 50 61 74 68 20 46 69 72 73 74 20 28 4f 53 50 46 76 32 29 00	en.Shortest.Path.First.(OSPFv2).
fb3e0	60 60 6f 73 70 66 76 33 60 60 20 2d 20 4f 70 65 6e 20 53 68 6f 72 74 65 73 74 20 50 61 74 68 20	``ospfv3``.-.Open.Shortest.Path.
fb400	46 69 72 73 74 20 28 49 50 76 36 29 20 28 4f 53 50 46 76 33 29 00 60 60 6f 75 74 60 60 3a 20 52	First.(IPv6).(OSPFv3).``out``:.R
fb420	75 6c 65 73 65 74 20 66 6f 72 20 66 6f 72 77 61 72 64 65 64 20 70 61 63 6b 65 74 73 20 6f 6e 20	uleset.for.forwarded.packets.on.
fb440	61 6e 20 6f 75 74 62 6f 75 6e 64 20 69 6e 74 65 72 66 61 63 65 00 60 60 70 61 73 73 77 6f 72 64	an.outbound.interface.``password
fb460	60 60 20 2d 20 70 61 73 73 70 68 72 61 73 65 20 70 72 69 76 61 74 65 20 6b 65 79 2c 20 69 66 20	``.-.passphrase.private.key,.if.
fb480	6e 65 65 64 65 64 2e 00 60 60 70 65 65 72 60 60 20 69 73 20 75 73 65 64 20 66 6f 72 20 74 68 65	needed..``peer``.is.used.for.the
fb4a0	20 56 79 4f 53 20 43 4c 49 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 69 64 65 6e 74 69 66 79 20 74 68	.VyOS.CLI.command.to.identify.th
fb4c0	65 20 57 69 72 65 47 75 61 72 64 20 70 65 65 72 20 77 68 65 72 65 20 74 68 69 73 20 73 65 63 72	e.WireGuard.peer.where.this.secr
fb4e0	65 64 20 69 73 20 74 6f 20 62 65 20 75 73 65 64 2e 00 60 60 70 65 72 69 6f 64 60 60 3a 20 54 69	ed.is.to.be.used..``period``:.Ti
fb500	6d 65 20 77 69 6e 64 6f 77 20 66 6f 72 20 72 61 74 65 20 63 61 6c 63 75 6c 61 74 69 6f 6e 2e 20	me.window.for.rate.calculation..
fb520	50 6f 73 73 69 62 6c 65 20 76 61 6c 75 65 73 3a 20 60 60 73 65 63 6f 6e 64 60 60 20 28 6f 6e 65	Possible.values:.``second``.(one
fb540	20 73 65 63 6f 6e 64 29 2c 20 60 60 6d 69 6e 75 74 65 60 60 20 28 6f 6e 65 20 6d 69 6e 75 74 65	.second),.``minute``.(one.minute
fb560	29 2c 20 60 60 68 6f 75 72 60 60 20 28 6f 6e 65 20 68 6f 75 72 29 2e 20 44 65 66 61 75 6c 74 20	),.``hour``.(one.hour)..Default.
fb580	69 73 20 60 60 73 65 63 6f 6e 64 60 60 2e 00 60 60 70 66 73 60 60 20 77 68 65 74 68 65 72 20 50	is.``second``..``pfs``.whether.P
fb5a0	65 72 66 65 63 74 20 46 6f 72 77 61 72 64 20 53 65 63 72 65 63 79 20 6f 66 20 6b 65 79 73 20 69	erfect.Forward.Secrecy.of.keys.i
fb5c0	73 20 64 65 73 69 72 65 64 20 6f 6e 20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 27 73 20 6b 65	s.desired.on.the.connection's.ke
fb5e0	79 69 6e 67 20 63 68 61 6e 6e 65 6c 20 61 6e 64 20 64 65 66 69 6e 65 73 20 61 20 44 69 66 66 69	ying.channel.and.defines.a.Diffi
fb600	65 2d 48 65 6c 6c 6d 61 6e 20 67 72 6f 75 70 20 66 6f 72 20 50 46 53 3a 00 60 60 70 6f 6f 6c 60	e-Hellman.group.for.PFS:.``pool`
fb620	60 20 6d 6f 62 69 6c 69 7a 65 73 20 70 65 72 73 69 73 74 65 6e 74 20 63 6c 69 65 6e 74 20 6d 6f	`.mobilizes.persistent.client.mo
fb640	64 65 20 61 73 73 6f 63 69 61 74 69 6f 6e 20 77 69 74 68 20 61 20 6e 75 6d 62 65 72 20 6f 66 20	de.association.with.a.number.of.
fb660	72 65 6d 6f 74 65 20 73 65 72 76 65 72 73 2e 00 60 60 70 6f 72 74 60 60 20 2d 20 64 65 66 69 6e	remote.servers..``port``.-.defin
fb680	65 20 70 6f 72 74 2e 20 48 61 76 65 20 65 66 66 65 63 74 20 6f 6e 6c 79 20 77 68 65 6e 20 75 73	e.port..Have.effect.only.when.us
fb6a0	65 64 20 74 6f 67 65 74 68 65 72 20 77 69 74 68 20 60 60 70 72 65 66 69 78 60 60 3b 00 60 60 70	ed.together.with.``prefix``;.``p
fb6c0	72 65 2d 73 68 61 72 65 64 2d 73 65 63 72 65 74 60 60 20 2d 20 75 73 65 20 70 72 65 64 65 66 69	re-shared-secret``.-.use.predefi
fb6e0	6e 65 64 20 73 68 61 72 65 64 20 73 65 63 72 65 74 20 70 68 72 61 73 65 3b 00 60 60 70 72 65 66	ned.shared.secret.phrase;.``pref
fb700	65 72 60 60 20 6d 61 72 6b 73 20 74 68 65 20 73 65 72 76 65 72 20 61 73 20 70 72 65 66 65 72 72	er``.marks.the.server.as.preferr
fb720	65 64 2e 20 41 6c 6c 20 6f 74 68 65 72 20 74 68 69 6e 67 73 20 62 65 69 6e 67 20 65 71 75 61 6c	ed..All.other.things.being.equal
fb740	2c 20 74 68 69 73 20 68 6f 73 74 20 77 69 6c 6c 20 62 65 20 63 68 6f 73 65 6e 20 66 6f 72 20 73	,.this.host.will.be.chosen.for.s
fb760	79 6e 63 68 72 6f 6e 69 7a 61 74 69 6f 6e 20 61 6d 6f 6e 67 20 61 20 73 65 74 20 6f 66 20 63 6f	ynchronization.among.a.set.of.co
fb780	72 72 65 63 74 6c 79 20 6f 70 65 72 61 74 69 6e 67 20 68 6f 73 74 73 2e 00 60 60 70 72 65 66 69	rrectly.operating.hosts..``prefi
fb7a0	78 60 60 20 2d 20 49 50 20 6e 65 74 77 6f 72 6b 20 61 74 20 6c 6f 63 61 6c 20 73 69 64 65 2e 00	x``.-.IP.network.at.local.side..
fb7c0	60 60 70 72 65 66 69 78 60 60 20 2d 20 49 50 20 6e 65 74 77 6f 72 6b 20 61 74 20 72 65 6d 6f 74	``prefix``.-.IP.network.at.remot
fb7e0	65 20 73 69 64 65 2e 00 60 60 70 72 66 60 60 20 70 73 65 75 64 6f 2d 72 61 6e 64 6f 6d 20 66 75	e.side..``prf``.pseudo-random.fu
fb800	6e 63 74 69 6f 6e 2e 00 60 60 70 72 6f 70 6f 73 61 6c 60 60 20 45 53 50 2d 67 72 6f 75 70 20 70	nction..``proposal``.ESP-group.p
fb820	72 6f 70 6f 73 61 6c 20 77 69 74 68 20 6e 75 6d 62 65 72 20 3c 31 2d 36 35 35 33 35 3e 3a 00 60	roposal.with.number.<1-65535>:.`
fb840	60 70 72 6f 70 6f 73 61 6c 60 60 20 74 68 65 20 6c 69 73 74 20 6f 66 20 70 72 6f 70 6f 73 61 6c	`proposal``.the.list.of.proposal
fb860	73 20 61 6e 64 20 74 68 65 69 72 20 70 61 72 61 6d 65 74 65 72 73 3a 00 60 60 70 72 6f 74 6f 63	s.and.their.parameters:.``protoc
fb880	6f 6c 60 60 20 2d 20 64 65 66 69 6e 65 20 74 68 65 20 70 72 6f 74 6f 63 6f 6c 20 66 6f 72 20 6d	ol``.-.define.the.protocol.for.m
fb8a0	61 74 63 68 20 74 72 61 66 66 69 63 2c 20 77 68 69 63 68 20 73 68 6f 75 6c 64 20 62 65 20 65 6e	atch.traffic,.which.should.be.en
fb8c0	63 72 79 70 74 65 64 20 61 6e 64 20 73 65 6e 64 20 74 6f 20 74 68 69 73 20 70 65 65 72 3b 00 60	crypted.and.send.to.this.peer;.`
fb8e0	60 70 73 6b 60 60 20 2d 20 50 72 65 73 68 61 72 65 64 20 73 65 63 72 65 74 20 6b 65 79 20 6e 61	`psk``.-.Preshared.secret.key.na
fb900	6d 65 3a 00 60 60 71 75 65 75 65 60 60 3a 20 45 6e 71 75 65 75 65 20 70 61 63 6b 65 74 20 74 6f	me:.``queue``:.Enqueue.packet.to
fb920	20 75 73 65 72 73 70 61 63 65 2e 00 60 60 72 61 74 65 60 60 3a 20 4e 75 6d 62 65 72 20 6f 66 20	.userspace..``rate``:.Number.of.
fb940	70 61 63 6b 65 74 73 2e 20 44 65 66 61 75 6c 74 20 35 2e 00 60 60 72 65 6a 65 63 74 60 60 3a 20	packets..Default.5..``reject``:.
fb960	72 65 6a 65 63 74 20 74 68 65 20 70 61 63 6b 65 74 2e 00 60 60 72 65 6d 6f 74 65 2d 61 64 64 72	reject.the.packet..``remote-addr
fb980	65 73 73 60 60 20 2d 20 72 65 6d 6f 74 65 20 49 50 20 61 64 64 72 65 73 73 20 6f 72 20 68 6f 73	ess``.-.remote.IP.address.or.hos
fb9a0	74 6e 61 6d 65 20 66 6f 72 20 49 50 53 65 63 20 63 6f 6e 6e 65 63 74 69 6f 6e 2e 20 49 50 76 34	tname.for.IPSec.connection..IPv4
fb9c0	20 6f 72 20 49 50 76 36 20 61 64 64 72 65 73 73 20 69 73 20 75 73 65 64 20 77 68 65 6e 20 61 20	.or.IPv6.address.is.used.when.a.
fb9e0	70 65 65 72 20 68 61 73 20 61 20 70 75 62 6c 69 63 20 73 74 61 74 69 63 20 49 50 20 61 64 64 72	peer.has.a.public.static.IP.addr
fba00	65 73 73 2e 20 48 6f 73 74 6e 61 6d 65 20 69 73 20 61 20 44 4e 53 20 6e 61 6d 65 20 77 68 69 63	ess..Hostname.is.a.DNS.name.whic
fba20	68 20 63 6f 75 6c 64 20 62 65 20 75 73 65 64 20 77 68 65 6e 20 61 20 70 65 65 72 20 68 61 73 20	h.could.be.used.when.a.peer.has.
fba40	61 20 70 75 62 6c 69 63 20 49 50 20 61 64 64 72 65 73 73 20 61 6e 64 20 44 4e 53 20 6e 61 6d 65	a.public.IP.address.and.DNS.name
fba60	2c 20 62 75 74 20 61 6e 20 49 50 20 61 64 64 72 65 73 73 20 63 6f 75 6c 64 20 62 65 20 63 68 61	,.but.an.IP.address.could.be.cha
fba80	6e 67 65 64 20 66 72 6f 6d 20 74 69 6d 65 20 74 6f 20 74 69 6d 65 2e 00 60 60 72 65 6d 6f 74 65	nged.from.time.to.time..``remote
fbaa0	2d 69 64 60 60 20 2d 20 64 65 66 69 6e 65 20 61 6e 20 49 44 20 66 6f 72 20 72 65 6d 6f 74 65 20	-id``.-.define.an.ID.for.remote.
fbac0	70 65 65 72 2c 20 69 6e 73 74 65 61 64 20 6f 66 20 75 73 69 6e 67 20 70 65 65 72 20 6e 61 6d 65	peer,.instead.of.using.peer.name
fbae0	20 6f 72 20 61 64 64 72 65 73 73 2e 20 55 73 65 66 75 6c 20 69 6e 20 63 61 73 65 20 69 66 20 74	.or.address..Useful.in.case.if.t
fbb00	68 65 20 72 65 6d 6f 74 65 20 70 65 65 72 20 69 73 20 62 65 68 69 6e 64 20 4e 41 54 20 6f 72 20	he.remote.peer.is.behind.NAT.or.
fbb20	69 66 20 60 60 6d 6f 64 65 20 78 35 30 39 60 60 20 69 73 20 75 73 65 64 3b 00 60 60 72 65 6d 6f	if.``mode.x509``.is.used;.``remo
fbb40	74 65 60 60 20 2d 20 64 65 66 69 6e 65 20 74 68 65 20 72 65 6d 6f 74 65 20 64 65 73 74 69 6e 61	te``.-.define.the.remote.destina
fbb60	74 69 6f 6e 20 66 6f 72 20 6d 61 74 63 68 20 74 72 61 66 66 69 63 2c 20 77 68 69 63 68 20 73 68	tion.for.match.traffic,.which.sh
fbb80	6f 75 6c 64 20 62 65 20 65 6e 63 72 79 70 74 65 64 20 61 6e 64 20 73 65 6e 64 20 74 6f 20 74 68	ould.be.encrypted.and.send.to.th
fbba0	69 73 20 70 65 65 72 3a 00 60 60 72 65 71 2d 73 73 6c 2d 73 6e 69 60 60 20 53 53 4c 20 53 65 72	is.peer:.``req-ssl-sni``.SSL.Ser
fbbc0	76 65 72 20 4e 61 6d 65 20 49 6e 64 69 63 61 74 69 6f 6e 20 28 53 4e 49 29 20 72 65 71 75 65 73	ver.Name.Indication.(SNI).reques
fbbe0	74 20 6d 61 74 63 68 00 60 60 72 65 73 70 2d 74 69 6d 65 60 60 3a 20 74 68 65 20 6d 61 78 69 6d	t.match.``resp-time``:.the.maxim
fbc00	75 6d 20 72 65 73 70 6f 6e 73 65 20 74 69 6d 65 20 66 6f 72 20 70 69 6e 67 20 69 6e 20 73 65 63	um.response.time.for.ping.in.sec
fbc20	6f 6e 64 73 2e 20 52 61 6e 67 65 20 31 2e 2e 2e 33 30 2c 20 64 65 66 61 75 6c 74 20 35 00 60 60	onds..Range.1...30,.default.5.``
fbc40	72 65 73 70 6f 6e 64 60 60 20 2d 20 64 6f 65 73 20 6e 6f 74 20 74 72 79 20 74 6f 20 69 6e 69 74	respond``.-.does.not.try.to.init
fbc60	69 61 74 65 20 61 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 74 6f 20 61 20 72 65 6d 6f 74 65 20 70 65	iate.a.connection.to.a.remote.pe
fbc80	65 72 2e 20 49 6e 20 74 68 69 73 20 6d 6f 64 65 2c 20 74 68 65 20 49 50 53 65 63 20 73 65 73 73	er..In.this.mode,.the.IPSec.sess
fbca0	69 6f 6e 20 77 69 6c 6c 20 62 65 20 65 73 74 61 62 6c 69 73 68 65 64 20 6f 6e 6c 79 20 61 66 74	ion.will.be.established.only.aft
fbcc0	65 72 20 69 6e 69 74 69 61 74 69 6f 6e 20 66 72 6f 6d 20 61 20 72 65 6d 6f 74 65 20 70 65 65 72	er.initiation.from.a.remote.peer
fbce0	2e 20 43 6f 75 6c 64 20 62 65 20 75 73 65 66 75 6c 20 77 68 65 6e 20 74 68 65 72 65 20 69 73 20	..Could.be.useful.when.there.is.
fbd00	6e 6f 20 64 69 72 65 63 74 20 63 6f 6e 6e 65 63 74 69 76 69 74 79 20 74 6f 20 74 68 65 20 70 65	no.direct.connectivity.to.the.pe
fbd20	65 72 20 64 75 65 20 74 6f 20 66 69 72 65 77 61 6c 6c 20 6f 72 20 4e 41 54 20 69 6e 20 74 68 65	er.due.to.firewall.or.NAT.in.the
fbd40	20 6d 69 64 64 6c 65 20 6f 66 20 74 68 65 20 6c 6f 63 61 6c 20 61 6e 64 20 72 65 6d 6f 74 65 20	.middle.of.the.local.and.remote.
fbd60	73 69 64 65 2e 00 60 60 72 65 73 74 61 72 74 60 60 20 73 65 74 20 61 63 74 69 6f 6e 20 74 6f 20	side..``restart``.set.action.to.
fbd80	72 65 73 74 61 72 74 3b 00 60 60 72 65 74 75 72 6e 60 60 3a 20 52 65 74 75 72 6e 20 66 72 6f 6d	restart;.``return``:.Return.from
fbda0	20 74 68 65 20 63 75 72 72 65 6e 74 20 63 68 61 69 6e 20 61 6e 64 20 63 6f 6e 74 69 6e 75 65 20	.the.current.chain.and.continue.
fbdc0	61 74 20 74 68 65 20 6e 65 78 74 20 72 75 6c 65 20 6f 66 20 74 68 65 20 6c 61 73 74 20 63 68 61	at.the.next.rule.of.the.last.cha
fbde0	69 6e 2e 00 60 60 72 69 70 60 60 20 2d 20 52 6f 75 74 69 6e 67 20 49 6e 66 6f 72 6d 61 74 69 6f	in..``rip``.-.Routing.Informatio
fbe00	6e 20 50 72 6f 74 6f 63 6f 6c 20 28 52 49 50 29 00 60 60 72 69 70 6e 67 60 60 20 2d 20 52 6f 75	n.Protocol.(RIP).``ripng``.-.Rou
fbe20	74 69 6e 67 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 20 50 72 6f 74 6f 63 6f 6c 20 6e 65 78 74 2d 67	ting.Information.Protocol.next-g
fbe40	65 6e 65 72 61 74 69 6f 6e 20 28 49 50 76 36 29 20 28 52 49 50 6e 67 29 00 60 60 72 6f 75 6e 64	eneration.(IPv6).(RIPng).``round
fbe60	2d 72 6f 62 69 6e 60 60 20 2d 20 52 6f 75 6e 64 2d 72 6f 62 69 6e 20 70 6f 6c 69 63 79 3a 20 54	-robin``.-.Round-robin.policy:.T
fbe80	72 61 6e 73 6d 69 74 20 70 61 63 6b 65 74 73 20 69 6e 20 73 65 71 75 65 6e 74 69 61 6c 20 6f 72	ransmit.packets.in.sequential.or
fbea0	64 65 72 20 66 72 6f 6d 20 74 68 65 20 66 69 72 73 74 20 61 76 61 69 6c 61 62 6c 65 20 73 6c 61	der.from.the.first.available.sla
fbec0	76 65 20 74 68 72 6f 75 67 68 20 74 68 65 20 6c 61 73 74 2e 00 60 60 72 6f 75 6e 64 2d 72 6f 62	ve.through.the.last..``round-rob
fbee0	69 6e 60 60 20 44 69 73 74 72 69 62 75 74 65 73 20 72 65 71 75 65 73 74 73 20 69 6e 20 61 20 63	in``.Distributes.requests.in.a.c
fbf00	69 72 63 75 6c 61 72 20 6d 61 6e 6e 65 72 2c 20 73 65 71 75 65 6e 74 69 61 6c 6c 79 20 73 65 6e	ircular.manner,.sequentially.sen
fbf20	64 69 6e 67 20 65 61 63 68 20 72 65 71 75 65 73 74 20 74 6f 20 74 68 65 20 6e 65 78 74 20 73 65	ding.each.request.to.the.next.se
fbf40	72 76 65 72 20 69 6e 20 6c 69 6e 65 00 60 60 72 6f 75 74 65 2d 66 69 6c 74 65 72 2d 74 72 61 6e	rver.in.line.``route-filter-tran
fbf60	73 6c 61 74 65 64 2d 76 34 60 60 20 2d 20 20 20 57 65 6c 6c 2d 6b 6e 6f 77 6e 20 63 6f 6d 6d 75	slated-v4``.-...Well-known.commu
fbf80	6e 69 74 69 65 73 20 76 61 6c 75 65 20 52 4f 55 54 45 5f 46 49 4c 54 45 52 5f 54 52 41 4e 53 4c	nities.value.ROUTE_FILTER_TRANSL
fbfa0	41 54 45 44 5f 76 34 20 30 78 46 46 46 46 30 30 30 32 00 60 60 72 6f 75 74 65 2d 66 69 6c 74 65	ATED_v4.0xFFFF0002.``route-filte
fbfc0	72 2d 74 72 61 6e 73 6c 61 74 65 64 2d 76 36 60 60 20 2d 20 20 20 57 65 6c 6c 2d 6b 6e 6f 77 6e	r-translated-v6``.-...Well-known
fbfe0	20 63 6f 6d 6d 75 6e 69 74 69 65 73 20 76 61 6c 75 65 20 52 4f 55 54 45 5f 46 49 4c 54 45 52 5f	.communities.value.ROUTE_FILTER_
fc000	54 52 41 4e 53 4c 41 54 45 44 5f 76 36 20 30 78 46 46 46 46 30 30 30 34 00 60 60 72 6f 75 74 65	TRANSLATED_v6.0xFFFF0004.``route
fc020	2d 66 69 6c 74 65 72 2d 76 34 60 60 20 2d 20 20 20 20 20 20 20 20 20 20 20 20 20 20 57 65 6c 6c	-filter-v4``.-..............Well
fc040	2d 6b 6e 6f 77 6e 20 63 6f 6d 6d 75 6e 69 74 69 65 73 20 76 61 6c 75 65 20 52 4f 55 54 45 5f 46	-known.communities.value.ROUTE_F
fc060	49 4c 54 45 52 5f 76 34 20 30 78 46 46 46 46 30 30 30 33 00 60 60 72 6f 75 74 65 2d 66 69 6c 74	ILTER_v4.0xFFFF0003.``route-filt
fc080	65 72 2d 76 36 60 60 20 2d 20 20 20 20 20 20 20 20 20 20 20 20 20 20 57 65 6c 6c 2d 6b 6e 6f 77	er-v6``.-..............Well-know
fc0a0	6e 20 63 6f 6d 6d 75 6e 69 74 69 65 73 20 76 61 6c 75 65 20 52 4f 55 54 45 5f 46 49 4c 54 45 52	n.communities.value.ROUTE_FILTER
fc0c0	5f 76 36 20 30 78 46 46 46 46 30 30 30 35 00 60 60 72 73 61 2d 6b 65 79 2d 6e 61 6d 65 60 60 20	_v6.0xFFFF0005.``rsa-key-name``.
fc0e0	2d 20 73 68 61 72 65 64 20 52 53 41 20 6b 65 79 20 66 6f 72 20 61 75 74 68 65 6e 74 69 63 61 74	-.shared.RSA.key.for.authenticat
fc100	69 6f 6e 2e 20 54 68 65 20 6b 65 79 20 6d 75 73 74 20 62 65 20 64 65 66 69 6e 65 64 20 69 6e 20	ion..The.key.must.be.defined.in.
fc120	74 68 65 20 60 60 73 65 74 20 76 70 6e 20 72 73 61 2d 6b 65 79 73 60 60 20 73 65 63 74 69 6f 6e	the.``set.vpn.rsa-keys``.section
fc140	3b 00 60 60 72 73 61 60 60 20 2d 20 75 73 65 20 73 69 6d 70 6c 65 20 73 68 61 72 65 64 20 52 53	;.``rsa``.-.use.simple.shared.RS
fc160	41 20 6b 65 79 2e 20 54 68 65 20 6b 65 79 20 6d 75 73 74 20 62 65 20 64 65 66 69 6e 65 64 20 69	A.key..The.key.must.be.defined.i
fc180	6e 20 74 68 65 20 60 60 73 65 74 20 76 70 6e 20 72 73 61 2d 6b 65 79 73 60 60 20 73 65 63 74 69	n.the.``set.vpn.rsa-keys``.secti
fc1a0	6f 6e 3b 00 60 60 73 65 63 72 65 74 60 60 20 2d 20 70 72 65 64 65 66 69 6e 65 64 20 73 68 61 72	on;.``secret``.-.predefined.shar
fc1c0	65 64 20 73 65 63 72 65 74 2e 20 55 73 65 64 20 69 66 20 63 6f 6e 66 69 67 75 72 65 64 20 6d 6f	ed.secret..Used.if.configured.mo
fc1e0	64 65 20 60 60 70 72 65 2d 73 68 61 72 65 64 2d 73 65 63 72 65 74 60 60 3b 00 60 60 73 69 6e 67	de.``pre-shared-secret``;.``sing
fc200	6c 65 2d 75 73 65 72 2d 62 65 61 6d 66 6f 72 6d 65 65 60 60 20 2d 20 53 75 70 70 6f 72 74 20 66	le-user-beamformee``.-.Support.f
fc220	6f 72 20 6f 70 65 72 61 74 69 6f 6e 20 61 73 20 73 69 6e 67 6c 65 20 75 73 65 72 20 62 65 61 6d	or.operation.as.single.user.beam
fc240	66 6f 72 6d 65 65 00 60 60 73 69 6e 67 6c 65 2d 75 73 65 72 2d 62 65 61 6d 66 6f 72 6d 65 72 60	formee.``single-user-beamformer`
fc260	60 20 2d 20 53 75 70 70 6f 72 74 20 66 6f 72 20 6f 70 65 72 61 74 69 6f 6e 20 61 73 20 73 69 6e	`.-.Support.for.operation.as.sin
fc280	67 6c 65 20 75 73 65 72 20 62 65 61 6d 66 6f 72 6d 65 72 00 60 60 73 6f 6e 6d 70 60 60 20 2d 20	gle.user.beamformer.``sonmp``.-.
fc2a0	4c 69 73 74 65 6e 20 66 6f 72 20 53 4f 4e 4d 50 20 66 6f 72 20 4e 6f 72 74 65 6c 20 72 6f 75 74	Listen.for.SONMP.for.Nortel.rout
fc2c0	65 72 73 2f 73 77 69 74 63 68 65 73 00 60 60 73 6f 75 72 63 65 2d 61 64 64 72 65 73 73 60 60 20	ers/switches.``source-address``.
fc2e0	44 69 73 74 72 69 62 75 74 65 73 20 72 65 71 75 65 73 74 73 20 62 61 73 65 64 20 6f 6e 20 74 68	Distributes.requests.based.on.th
fc300	65 20 73 6f 75 72 63 65 20 49 50 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 63 6c 69 65 6e	e.source.IP.address.of.the.clien
fc320	74 00 60 60 73 73 68 2d 64 73 73 60 60 00 60 60 73 73 68 2d 65 64 32 35 35 31 39 60 60 00 60 60	t.``ssh-dss``.``ssh-ed25519``.``
fc340	73 73 68 2d 72 73 61 20 41 41 41 41 42 33 4e 7a 61 43 31 79 63 32 45 41 41 41 41 42 41 41 2e 2e	ssh-rsa.AAAAB3NzaC1yc2EAAAABAA..
fc360	2e 56 42 44 35 6c 4b 77 45 57 42 20 75 73 65 72 6e 61 6d 65 40 68 6f 73 74 2e 65 78 61 6d 70 6c	.VBD5lKwEWB.username@host.exampl
fc380	65 2e 63 6f 6d 60 60 00 60 60 73 73 68 2d 72 73 61 60 60 00 60 60 73 73 6c 2d 66 63 2d 73 6e 69	e.com``.``ssh-rsa``.``ssl-fc-sni
fc3a0	2d 65 6e 64 60 60 20 53 53 4c 20 66 72 6f 6e 74 65 6e 64 20 6d 61 74 63 68 20 65 6e 64 20 6f 66	-end``.SSL.frontend.match.end.of
fc3c0	20 63 6f 6e 6e 65 63 74 69 6f 6e 20 53 65 72 76 65 72 20 4e 61 6d 65 00 60 60 73 73 6c 2d 66 63	.connection.Server.Name.``ssl-fc
fc3e0	2d 73 6e 69 60 60 20 53 53 4c 20 66 72 6f 6e 74 65 6e 64 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 53	-sni``.SSL.frontend.connection.S
fc400	65 72 76 65 72 20 4e 61 6d 65 20 49 6e 64 69 63 61 74 69 6f 6e 20 6d 61 74 63 68 00 60 60 73 74	erver.Name.Indication.match.``st
fc420	61 74 69 63 60 60 20 2d 20 53 74 61 74 69 63 61 6c 6c 79 20 63 6f 6e 66 69 67 75 72 65 64 20 72	atic``.-.Statically.configured.r
fc440	6f 75 74 65 73 00 60 60 73 74 61 74 69 6f 6e 60 60 20 2d 20 43 6f 6e 6e 65 63 74 73 20 74 6f 20	outes.``station``.-.Connects.to.
fc460	61 6e 6f 74 68 65 72 20 61 63 63 65 73 73 20 70 6f 69 6e 74 00 60 60 73 79 73 63 74 6c 60 60 20	another.access.point.``sysctl``.
fc480	69 73 20 75 73 65 64 20 74 6f 20 6d 6f 64 69 66 79 20 6b 65 72 6e 65 6c 20 70 61 72 61 6d 65 74	is.used.to.modify.kernel.paramet
fc4a0	65 72 73 20 61 74 20 72 75 6e 74 69 6d 65 2e 20 20 54 68 65 20 70 61 72 61 6d 65 74 65 72 73 20	ers.at.runtime...The.parameters.
fc4c0	61 76 61 69 6c 61 62 6c 65 20 61 72 65 20 74 68 6f 73 65 20 6c 69 73 74 65 64 20 75 6e 64 65 72	available.are.those.listed.under
fc4e0	20 2f 70 72 6f 63 2f 73 79 73 2f 2e 00 60 60 74 61 62 6c 65 20 31 30 60 60 20 52 6f 75 74 69 6e	./proc/sys/..``table.10``.Routin
fc500	67 20 74 61 62 6c 65 20 75 73 65 64 20 66 6f 72 20 49 53 50 31 00 60 60 74 61 62 6c 65 20 31 30	g.table.used.for.ISP1.``table.10
fc520	60 60 20 52 6f 75 74 69 6e 67 20 74 61 62 6c 65 20 75 73 65 64 20 66 6f 72 20 56 4c 41 4e 20 31	``.Routing.table.used.for.VLAN.1
fc540	30 20 28 31 39 32 2e 31 36 38 2e 31 38 38 2e 30 2f 32 34 29 00 60 60 74 61 62 6c 65 20 31 31 60	0.(192.168.188.0/24).``table.11`
fc560	60 20 52 6f 75 74 69 6e 67 20 74 61 62 6c 65 20 75 73 65 64 20 66 6f 72 20 49 53 50 32 00 60 60	`.Routing.table.used.for.ISP2.``
fc580	74 61 62 6c 65 20 31 31 60 60 20 52 6f 75 74 69 6e 67 20 74 61 62 6c 65 20 75 73 65 64 20 66 6f	table.11``.Routing.table.used.fo
fc5a0	72 20 56 4c 41 4e 20 31 31 20 28 31 39 32 2e 31 36 38 2e 31 38 39 2e 30 2f 32 34 29 00 60 60 74	r.VLAN.11.(192.168.189.0/24).``t
fc5c0	61 62 6c 65 60 60 20 2d 20 4e 6f 6e 2d 6d 61 69 6e 20 4b 65 72 6e 65 6c 20 52 6f 75 74 69 6e 67	able``.-.Non-main.Kernel.Routing
fc5e0	20 54 61 62 6c 65 00 60 60 74 61 72 67 65 74 60 60 3a 20 74 68 65 20 74 61 72 67 65 74 20 74 6f	.Table.``target``:.the.target.to
fc600	20 62 65 20 73 65 6e 74 20 49 43 4d 50 20 70 61 63 6b 65 74 73 20 74 6f 2c 20 61 64 64 72 65 73	.be.sent.ICMP.packets.to,.addres
fc620	73 20 63 61 6e 20 62 65 20 61 6e 20 49 50 76 34 20 61 64 64 72 65 73 73 20 6f 72 20 68 6f 73 74	s.can.be.an.IPv4.address.or.host
fc640	6e 61 6d 65 00 60 60 74 65 73 74 2d 73 63 72 69 70 74 60 60 3a 20 41 20 75 73 65 72 20 64 65 66	name.``test-script``:.A.user.def
fc660	69 6e 65 64 20 73 63 72 69 70 74 20 6d 75 73 74 20 72 65 74 75 72 6e 20 30 20 74 6f 20 62 65 20	ined.script.must.return.0.to.be.
fc680	63 6f 6e 73 69 64 65 72 65 64 20 73 75 63 63 65 73 73 66 75 6c 20 61 6e 64 20 6e 6f 6e 2d 7a 65	considered.successful.and.non-ze
fc6a0	72 6f 20 74 6f 20 66 61 69 6c 2e 20 53 63 72 69 70 74 73 20 61 72 65 20 6c 6f 63 61 74 65 64 20	ro.to.fail..Scripts.are.located.
fc6c0	69 6e 20 2f 63 6f 6e 66 69 67 2f 73 63 72 69 70 74 73 2c 20 66 6f 72 20 64 69 66 66 65 72 65 6e	in./config/scripts,.for.differen
fc6e0	74 20 6c 6f 63 61 74 69 6f 6e 73 20 74 68 65 20 66 75 6c 6c 20 70 61 74 68 20 6e 65 65 64 73 20	t.locations.the.full.path.needs.
fc700	74 6f 20 62 65 20 70 72 6f 76 69 64 65 64 00 60 60 74 68 72 65 73 68 6f 6c 64 60 60 3a 20 60 60	to.be.provided.``threshold``:.``
fc720	62 65 6c 6f 77 60 60 20 6f 72 20 60 60 61 62 6f 76 65 60 60 20 74 68 65 20 73 70 65 63 69 66 69	below``.or.``above``.the.specifi
fc740	65 64 20 72 61 74 65 20 6c 69 6d 69 74 2e 00 60 60 74 68 72 6f 75 67 68 70 75 74 60 60 3a 20 41	ed.rate.limit..``throughput``:.A
fc760	20 73 65 72 76 65 72 20 70 72 6f 66 69 6c 65 20 66 6f 63 75 73 65 64 20 6f 6e 20 69 6d 70 72 6f	.server.profile.focused.on.impro
fc780	76 69 6e 67 20 6e 65 74 77 6f 72 6b 20 74 68 72 6f 75 67 68 70 75 74 2e 20 54 68 69 73 20 70 72	ving.network.throughput..This.pr
fc7a0	6f 66 69 6c 65 20 66 61 76 6f 72 73 20 70 65 72 66 6f 72 6d 61 6e 63 65 20 6f 76 65 72 20 70 6f	ofile.favors.performance.over.po
fc7c0	77 65 72 20 73 61 76 69 6e 67 73 20 62 79 20 73 65 74 74 69 6e 67 20 60 60 69 6e 74 65 6c 5f 70	wer.savings.by.setting.``intel_p
fc7e0	73 74 61 74 65 60 60 20 61 6e 64 20 60 60 6d 61 78 5f 70 65 72 66 5f 70 63 74 3d 31 30 30 60 60	state``.and.``max_perf_pct=100``
fc800	20 61 6e 64 20 69 6e 63 72 65 61 73 69 6e 67 20 6b 65 72 6e 65 6c 20 6e 65 74 77 6f 72 6b 20 62	.and.increasing.kernel.network.b
fc820	75 66 66 65 72 20 73 69 7a 65 73 2e 00 60 60 74 69 6d 65 6f 75 74 60 60 20 6b 65 65 70 2d 61 6c	uffer.sizes..``timeout``.keep-al
fc840	69 76 65 20 74 69 6d 65 6f 75 74 20 69 6e 20 73 65 63 6f 6e 64 73 20 3c 32 2d 38 36 34 30 30 3e	ive.timeout.in.seconds.<2-86400>
fc860	20 28 64 65 66 61 75 6c 74 20 31 32 30 29 20 49 4b 45 76 31 20 6f 6e 6c 79 00 60 60 74 72 61 6e	.(default.120).IKEv1.only.``tran
fc880	73 6d 69 74 2d 6c 6f 61 64 2d 62 61 6c 61 6e 63 65 60 60 20 2d 20 41 64 61 70 74 69 76 65 20 74	smit-load-balance``.-.Adaptive.t
fc8a0	72 61 6e 73 6d 69 74 20 6c 6f 61 64 20 62 61 6c 61 6e 63 69 6e 67 3a 20 63 68 61 6e 6e 65 6c 20	ransmit.load.balancing:.channel.
fc8c0	62 6f 6e 64 69 6e 67 20 74 68 61 74 20 64 6f 65 73 20 6e 6f 74 20 72 65 71 75 69 72 65 20 61 6e	bonding.that.does.not.require.an
fc8e0	79 20 73 70 65 63 69 61 6c 20 73 77 69 74 63 68 20 73 75 70 70 6f 72 74 2e 00 60 60 74 72 61 6e	y.special.switch.support..``tran
fc900	73 70 6f 72 74 60 60 20 74 72 61 6e 73 70 6f 72 74 20 6d 6f 64 65 3b 00 60 60 74 74 6c 2d 6c 69	sport``.transport.mode;.``ttl-li
fc920	6d 69 74 60 60 3a 20 46 6f 72 20 74 68 65 20 55 44 50 20 54 54 4c 20 6c 69 6d 69 74 20 74 65 73	mit``:.For.the.UDP.TTL.limit.tes
fc940	74 20 74 68 65 20 68 6f 70 20 63 6f 75 6e 74 20 6c 69 6d 69 74 20 6d 75 73 74 20 62 65 20 73 70	t.the.hop.count.limit.must.be.sp
fc960	65 63 69 66 69 65 64 2e 20 54 68 65 20 6c 69 6d 69 74 20 6d 75 73 74 20 62 65 20 73 68 6f 72 74	ecified..The.limit.must.be.short
fc980	65 72 20 74 68 61 6e 20 74 68 65 20 70 61 74 68 20 6c 65 6e 67 74 68 2c 20 61 6e 20 49 43 4d 50	er.than.the.path.length,.an.ICMP
fc9a0	20 74 69 6d 65 20 65 78 70 69 72 65 64 20 6d 65 73 73 61 67 65 20 69 73 20 6e 65 65 64 65 64 20	.time.expired.message.is.needed.
fc9c0	74 6f 20 62 65 20 72 65 74 75 72 6e 65 64 20 66 6f 72 20 61 20 73 75 63 63 65 73 73 66 75 6c 20	to.be.returned.for.a.successful.
fc9e0	74 65 73 74 2e 20 64 65 66 61 75 6c 74 20 31 00 60 60 74 74 79 53 4e 60 60 20 2d 20 53 65 72 69	test..default.1.``ttySN``.-.Seri
fca00	61 6c 20 64 65 76 69 63 65 20 6e 61 6d 65 00 60 60 74 74 79 55 53 42 58 60 60 20 2d 20 55 53 42	al.device.name.``ttyUSBX``.-.USB
fca20	20 53 65 72 69 61 6c 20 64 65 76 69 63 65 20 6e 61 6d 65 00 60 60 74 75 6e 6e 65 6c 60 60 20 2d	.Serial.device.name.``tunnel``.-
fca40	20 64 65 66 69 6e 65 20 63 72 69 74 65 72 69 61 20 66 6f 72 20 74 72 61 66 66 69 63 20 74 6f 20	.define.criteria.for.traffic.to.
fca60	62 65 20 6d 61 74 63 68 65 64 20 66 6f 72 20 65 6e 63 72 79 70 74 69 6e 67 20 61 6e 64 20 73 65	be.matched.for.encrypting.and.se
fca80	6e 64 20 69 74 20 74 6f 20 61 20 70 65 65 72 3a 00 60 60 74 75 6e 6e 65 6c 60 60 20 74 75 6e 6e	nd.it.to.a.peer:.``tunnel``.tunn
fcaa0	65 6c 20 6d 6f 64 65 20 28 64 65 66 61 75 6c 74 29 3b 00 60 60 74 79 70 65 60 60 3a 20 53 70 65	el.mode.(default);.``type``:.Spe
fcac0	63 69 66 79 20 74 68 65 20 74 79 70 65 20 6f 66 20 74 65 73 74 2e 20 74 79 70 65 20 63 61 6e 20	cify.the.type.of.test..type.can.
fcae0	62 65 20 70 69 6e 67 2c 20 74 74 6c 20 6f 72 20 61 20 75 73 65 72 20 64 65 66 69 6e 65 64 20 73	be.ping,.ttl.or.a.user.defined.s
fcb00	63 72 69 70 74 00 60 60 75 73 65 2d 78 35 30 39 2d 69 64 60 60 20 2d 20 75 73 65 20 6c 6f 63 61	cript.``use-x509-id``.-.use.loca
fcb20	6c 20 49 44 20 66 72 6f 6d 20 78 35 30 39 20 63 65 72 74 69 66 69 63 61 74 65 2e 20 43 61 6e 6e	l.ID.from.x509.certificate..Cann
fcb40	6f 74 20 62 65 20 75 73 65 64 20 77 68 65 6e 20 60 60 69 64 60 60 20 69 73 20 64 65 66 69 6e 65	ot.be.used.when.``id``.is.define
fcb60	64 3b 00 60 60 76 69 72 74 75 61 6c 2d 69 70 60 60 20 41 6c 6c 6f 77 20 69 6e 73 74 61 6c 6c 20	d;.``virtual-ip``.Allow.install.
fcb80	76 69 72 74 75 61 6c 2d 69 70 20 61 64 64 72 65 73 73 65 73 2e 20 43 6f 6d 6d 61 20 73 65 70 61	virtual-ip.addresses..Comma.sepa
fcba0	72 61 74 65 64 20 6c 69 73 74 20 6f 66 20 76 69 72 74 75 61 6c 20 49 50 73 20 74 6f 20 72 65 71	rated.list.of.virtual.IPs.to.req
fcbc0	75 65 73 74 20 69 6e 20 49 4b 45 76 32 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 70 61 79 6c	uest.in.IKEv2.configuration.payl
fcbe0	6f 61 64 73 20 6f 72 20 49 4b 45 76 31 20 4d 6f 64 65 20 43 6f 6e 66 69 67 2e 20 54 68 65 20 77	oads.or.IKEv1.Mode.Config..The.w
fcc00	69 6c 64 63 61 72 64 20 61 64 64 72 65 73 73 65 73 20 30 2e 30 2e 30 2e 30 20 61 6e 64 20 3a 3a	ildcard.addresses.0.0.0.0.and.::
fcc20	20 72 65 71 75 65 73 74 20 61 6e 20 61 72 62 69 74 72 61 72 79 20 61 64 64 72 65 73 73 2c 20 73	.request.an.arbitrary.address,.s
fcc40	70 65 63 69 66 69 63 20 61 64 64 72 65 73 73 65 73 20 6d 61 79 20 62 65 20 64 65 66 69 6e 65 64	pecific.addresses.may.be.defined
fcc60	2e 20 54 68 65 20 72 65 73 70 6f 6e 64 65 72 20 6d 61 79 20 72 65 74 75 72 6e 20 61 20 64 69 66	..The.responder.may.return.a.dif
fcc80	66 65 72 65 6e 74 20 61 64 64 72 65 73 73 2c 20 74 68 6f 75 67 68 2c 20 6f 72 20 6e 6f 6e 65 20	ferent.address,.though,.or.none.
fcca0	61 74 20 61 6c 6c 2e 00 60 60 76 6e 63 60 60 20 2d 20 56 69 72 74 75 61 6c 20 4e 65 74 77 6f 72	at.all..``vnc``.-.Virtual.Networ
fccc0	6b 20 43 6f 6e 74 72 6f 6c 20 28 56 4e 43 29 00 60 60 76 74 69 60 60 20 2d 20 75 73 65 20 61 20	k.Control.(VNC).``vti``.-.use.a.
fcce0	56 54 49 20 69 6e 74 65 72 66 61 63 65 20 66 6f 72 20 74 72 61 66 66 69 63 20 65 6e 63 72 79 70	VTI.interface.for.traffic.encryp
fcd00	74 69 6f 6e 2e 20 41 6e 79 20 74 72 61 66 66 69 63 2c 20 77 68 69 63 68 20 77 69 6c 6c 20 62 65	tion..Any.traffic,.which.will.be
fcd20	20 73 65 6e 64 20 74 6f 20 56 54 49 20 69 6e 74 65 72 66 61 63 65 20 77 69 6c 6c 20 62 65 20 65	.send.to.VTI.interface.will.be.e
fcd40	6e 63 72 79 70 74 65 64 20 61 6e 64 20 73 65 6e 64 20 74 6f 20 74 68 69 73 20 70 65 65 72 2e 20	ncrypted.and.send.to.this.peer..
fcd60	55 73 69 6e 67 20 56 54 49 20 6d 61 6b 65 73 20 49 50 53 65 63 20 63 6f 6e 66 69 67 75 72 61 74	Using.VTI.makes.IPSec.configurat
fcd80	69 6f 6e 20 6d 75 63 68 20 66 6c 65 78 69 62 6c 65 20 61 6e 64 20 65 61 73 69 65 72 20 69 6e 20	ion.much.flexible.and.easier.in.
fcda0	63 6f 6d 70 6c 65 78 20 73 69 74 75 61 74 69 6f 6e 2c 20 61 6e 64 20 61 6c 6c 6f 77 73 20 74 6f	complex.situation,.and.allows.to
fcdc0	20 64 79 6e 61 6d 69 63 61 6c 6c 79 20 61 64 64 2f 64 65 6c 65 74 65 20 72 65 6d 6f 74 65 20 6e	.dynamically.add/delete.remote.n
fcde0	65 74 77 6f 72 6b 73 2c 20 72 65 61 63 68 61 62 6c 65 20 76 69 61 20 61 20 70 65 65 72 2c 20 61	etworks,.reachable.via.a.peer,.a
fce00	73 20 69 6e 20 74 68 69 73 20 6d 6f 64 65 20 72 6f 75 74 65 72 20 64 6f 6e 27 74 20 6e 65 65 64	s.in.this.mode.router.don't.need
fce20	20 74 6f 20 63 72 65 61 74 65 20 61 64 64 69 74 69 6f 6e 61 6c 20 53 41 2f 70 6f 6c 69 63 79 20	.to.create.additional.SA/policy.
fce40	66 6f 72 20 65 61 63 68 20 72 65 6d 6f 74 65 20 6e 65 74 77 6f 72 6b 3a 00 60 60 78 35 30 39 60	for.each.remote.network:.``x509`
fce60	60 20 2d 20 6f 70 74 69 6f 6e 73 20 66 6f 72 20 78 35 30 39 20 61 75 74 68 65 6e 74 69 63 61 74	`.-.options.for.x509.authenticat
fce80	69 6f 6e 20 6d 6f 64 65 3a 00 60 60 78 35 30 39 60 60 20 2d 20 75 73 65 20 63 65 72 74 69 66 69	ion.mode:.``x509``.-.use.certifi
fcea0	63 61 74 65 73 20 69 6e 66 72 61 73 74 72 75 63 74 75 72 65 20 66 6f 72 20 61 75 74 68 65 6e 74	cates.infrastructure.for.authent
fcec0	69 63 61 74 69 6f 6e 2e 00 60 60 78 6f 72 2d 68 61 73 68 60 60 20 2d 20 58 4f 52 20 70 6f 6c 69	ication..``xor-hash``.-.XOR.poli
fcee0	63 79 3a 20 54 72 61 6e 73 6d 69 74 20 62 61 73 65 64 20 6f 6e 20 74 68 65 20 73 65 6c 65 63 74	cy:.Transmit.based.on.the.select
fcf00	65 64 20 74 72 61 6e 73 6d 69 74 20 68 61 73 68 20 70 6f 6c 69 63 79 2e 20 20 54 68 65 20 64 65	ed.transmit.hash.policy...The.de
fcf20	66 61 75 6c 74 20 70 6f 6c 69 63 79 20 69 73 20 61 20 73 69 6d 70 6c 65 20 5b 28 73 6f 75 72 63	fault.policy.is.a.simple.[(sourc
fcf40	65 20 4d 41 43 20 61 64 64 72 65 73 73 20 58 4f 52 27 64 20 77 69 74 68 20 64 65 73 74 69 6e 61	e.MAC.address.XOR'd.with.destina
fcf60	74 69 6f 6e 20 4d 41 43 20 61 64 64 72 65 73 73 20 58 4f 52 20 70 61 63 6b 65 74 20 74 79 70 65	tion.MAC.address.XOR.packet.type
fcf80	20 49 44 29 20 6d 6f 64 75 6c 6f 20 73 6c 61 76 65 20 63 6f 75 6e 74 5d 2e 20 41 6c 74 65 72 6e	.ID).modulo.slave.count]..Altern
fcfa0	61 74 65 20 74 72 61 6e 73 6d 69 74 20 70 6f 6c 69 63 69 65 73 20 6d 61 79 20 62 65 20 73 65 6c	ate.transmit.policies.may.be.sel
fcfc0	65 63 74 65 64 20 76 69 61 20 74 68 65 20 3a 63 66 67 63 6d 64 3a 60 68 61 73 68 2d 70 6f 6c 69	ected.via.the.:cfgcmd:`hash-poli
fcfe0	63 79 60 20 6f 70 74 69 6f 6e 2c 20 64 65 73 63 72 69 62 65 64 20 62 65 6c 6f 77 2e 00 60 60 79	cy`.option,.described.below..``y
fd000	65 73 60 60 20 65 6e 61 62 6c 65 20 72 65 6d 6f 74 65 20 68 6f 73 74 20 72 65 2d 61 75 74 68 65	es``.enable.remote.host.re-authe
fd020	6e 74 69 63 61 74 69 6f 6e 20 64 75 72 69 6e 67 20 61 6e 20 49 4b 45 20 72 65 6b 65 79 3b 00 60	ntication.during.an.IKE.rekey;.`
fd040	73 6f 75 72 63 65 2d 61 64 64 72 65 73 73 60 20 61 6e 64 20 60 73 6f 75 72 63 65 2d 69 6e 74 65	source-address`.and.`source-inte
fd060	72 66 61 63 65 60 20 63 61 6e 20 6e 6f 74 20 62 65 20 75 73 65 64 20 61 74 20 74 68 65 20 73 61	rface`.can.not.be.used.at.the.sa
fd080	6d 65 20 74 69 6d 65 2e 00 60 74 77 65 65 74 20 62 79 20 45 76 69 6c 4d 6f 67 60 5f 2c 20 32 30	me.time..`tweet.by.EvilMog`_,.20
fd0a0	32 30 2d 30 32 2d 32 31 00 61 20 62 61 6e 64 77 69 64 74 68 20 74 65 73 74 20 6f 76 65 72 20 74	20-02-21.a.bandwidth.test.over.t
fd0c0	68 65 20 56 50 4e 20 67 6f 74 20 74 68 65 73 65 20 72 65 73 75 6c 74 73 3a 00 61 20 62 6c 61 6e	he.VPN.got.these.results:.a.blan
fd0e0	6b 20 69 6e 64 69 63 61 74 65 73 20 74 68 61 74 20 6e 6f 20 74 65 73 74 20 68 61 73 20 62 65 65	k.indicates.that.no.test.has.bee
fd100	6e 20 63 61 72 72 69 65 64 20 6f 75 74 00 61 65 73 32 35 36 20 45 6e 63 72 79 70 74 69 6f 6e 00	n.carried.out.aes256.Encryption.
fd120	61 6c 65 72 74 00 61 6c 6c 00 61 6e 20 52 44 20 2f 20 52 54 4c 49 53 54 00 61 6e 20 69 6e 74 65	alert.all.an.RD./.RTLIST.an.inte
fd140	72 66 61 63 65 20 77 69 74 68 20 61 20 6e 65 78 74 68 6f 70 00 61 6e 79 3a 20 61 6e 79 20 49 50	rface.with.a.nexthop.any:.any.IP
fd160	20 61 64 64 72 65 73 73 20 74 6f 20 6d 61 74 63 68 2e 00 61 6e 79 3a 20 61 6e 79 20 49 50 76 36	.address.to.match..any:.any.IPv6
fd180	20 61 64 64 72 65 73 73 20 74 6f 20 6d 61 74 63 68 2e 00 61 75 74 68 00 61 75 74 68 6f 72 69 7a	.address.to.match..auth.authoriz
fd1a0	61 74 69 6f 6e 00 61 75 74 6f 20 2d 20 69 6e 74 65 72 66 61 63 65 20 64 75 70 6c 65 78 20 73 65	ation.auto.-.interface.duplex.se
fd1c0	74 74 69 6e 67 20 69 73 20 61 75 74 6f 2d 6e 65 67 6f 74 69 61 74 65 64 00 61 75 74 6f 20 2d 20	tting.is.auto-negotiated.auto.-.
fd1e0	69 6e 74 65 72 66 61 63 65 20 73 70 65 65 64 20 69 73 20 61 75 74 6f 2d 6e 65 67 6f 74 69 61 74	interface.speed.is.auto-negotiat
fd200	65 64 00 62 6f 6e 64 69 6e 67 00 62 6f 6f 74 2d 73 69 7a 65 00 62 6f 6f 74 66 69 6c 65 2d 6e 61	ed.bonding.boot-size.bootfile-na
fd220	6d 65 00 62 6f 6f 74 66 69 6c 65 2d 6e 61 6d 65 2c 20 66 69 6c 65 6e 61 6d 65 00 62 6f 6f 74 66	me.bootfile-name,.filename.bootf
fd240	69 6c 65 2d 73 65 72 76 65 72 00 62 6f 6f 74 66 69 6c 65 2d 73 69 7a 65 00 62 72 69 64 67 65 00	ile-server.bootfile-size.bridge.
fd260	63 6c 69 65 6e 74 20 65 78 61 6d 70 6c 65 20 28 64 65 62 69 61 6e 20 39 29 00 63 6c 69 65 6e 74	client.example.(debian.9).client
fd280	2d 70 72 65 66 69 78 2d 6c 65 6e 67 74 68 00 63 6c 6f 63 6b 00 63 6c 6f 63 6b 20 64 61 65 6d 6f	-prefix-length.clock.clock.daemo
fd2a0	6e 20 28 6e 6f 74 65 20 32 29 00 63 72 69 74 00 63 72 6f 6e 00 64 61 65 6d 6f 6e 00 64 64 63 6c	n.(note.2).crit.cron.daemon.ddcl
fd2c0	69 65 6e 74 5f 20 68 61 73 20 61 6e 6f 74 68 65 72 20 77 61 79 20 74 6f 20 64 65 74 65 72 6d 69	ient_.has.another.way.to.determi
fd2e0	6e 65 20 74 68 65 20 57 41 4e 20 49 50 20 61 64 64 72 65 73 73 2e 20 54 68 69 73 20 69 73 20 63	ne.the.WAN.IP.address..This.is.c
fd300	6f 6e 74 72 6f 6c 6c 65 64 20 62 79 3a 00 64 64 63 6c 69 65 6e 74 5f 20 75 73 65 73 20 74 77 6f	ontrolled.by:.ddclient_.uses.two
fd320	20 6d 65 74 68 6f 64 73 20 74 6f 20 75 70 64 61 74 65 20 61 20 44 4e 53 20 72 65 63 6f 72 64 2e	.methods.to.update.a.DNS.record.
fd340	20 54 68 65 20 66 69 72 73 74 20 6f 6e 65 20 77 69 6c 6c 20 73 65 6e 64 20 75 70 64 61 74 65 73	.The.first.one.will.send.updates
fd360	20 64 69 72 65 63 74 6c 79 20 74 6f 20 74 68 65 20 44 4e 53 20 64 61 65 6d 6f 6e 2c 20 69 6e 20	.directly.to.the.DNS.daemon,.in.
fd380	63 6f 6d 70 6c 69 61 6e 63 65 20 77 69 74 68 20 3a 72 66 63 3a 60 32 31 33 36 60 2e 20 54 68 65	compliance.with.:rfc:`2136`..The
fd3a0	20 73 65 63 6f 6e 64 20 6f 6e 65 20 69 6e 76 6f 6c 76 65 73 20 61 20 74 68 69 72 64 20 70 61 72	.second.one.involves.a.third.par
fd3c0	74 79 20 73 65 72 76 69 63 65 2c 20 6c 69 6b 65 20 44 79 6e 44 4e 53 2e 63 6f 6d 20 6f 72 20 61	ty.service,.like.DynDNS.com.or.a
fd3e0	6e 79 20 6f 74 68 65 72 20 73 69 6d 69 6c 61 72 20 77 65 62 73 69 74 65 2e 20 54 68 69 73 20 6d	ny.other.similar.website..This.m
fd400	65 74 68 6f 64 20 75 73 65 73 20 48 54 54 50 20 72 65 71 75 65 73 74 73 20 74 6f 20 74 72 61 6e	ethod.uses.HTTP.requests.to.tran
fd420	73 6d 69 74 20 74 68 65 20 6e 65 77 20 49 50 20 61 64 64 72 65 73 73 2e 20 59 6f 75 20 63 61 6e	smit.the.new.IP.address..You.can
fd440	20 63 6f 6e 66 69 67 75 72 65 20 62 6f 74 68 20 69 6e 20 56 79 4f 53 2e 00 64 64 63 6c 69 65 6e	.configure.both.in.VyOS..ddclien
fd460	74 5f 20 77 69 6c 6c 20 73 6b 69 70 20 61 6e 79 20 61 64 64 72 65 73 73 20 6c 6f 63 61 74 65 64	t_.will.skip.any.address.located
fd480	20 62 65 66 6f 72 65 20 74 68 65 20 73 74 72 69 6e 67 20 73 65 74 20 69 6e 20 60 3c 70 61 74 74	.before.the.string.set.in.`<patt
fd4a0	65 72 6e 3e 60 2e 00 64 65 62 75 67 00 64 65 63 72 65 6d 65 6e 74 2d 6c 69 66 65 74 69 6d 65 00	ern>`..debug.decrement-lifetime.
fd4c0	64 65 66 61 75 6c 74 20 6d 69 6e 2d 74 68 72 65 73 68 6f 6c 64 00 64 65 66 61 75 6c 74 2d 6c 65	default.min-threshold.default-le
fd4e0	61 73 65 2d 74 69 6d 65 2c 20 6d 61 78 2d 6c 65 61 73 65 2d 74 69 6d 65 00 64 65 66 61 75 6c 74	ase-time,.max-lease-time.default
fd500	2d 6c 69 66 65 74 69 6d 65 00 64 65 66 61 75 6c 74 2d 70 72 65 66 65 72 65 6e 63 65 00 64 65 66	-lifetime.default-preference.def
fd520	61 75 6c 74 2d 72 6f 75 74 65 72 00 64 65 70 72 65 63 61 74 65 2d 70 72 65 66 69 78 00 64 65 73	ault-router.deprecate-prefix.des
fd540	74 69 6e 61 74 69 6f 6e 2d 68 61 73 68 69 6e 67 00 64 68 63 70 2d 73 65 72 76 65 72 2d 69 64 65	tination-hashing.dhcp-server-ide
fd560	6e 74 69 66 69 65 72 00 64 69 72 65 63 74 00 64 69 72 65 63 74 6f 72 79 00 64 69 73 61 62 6c 65	ntifier.direct.directory.disable
fd580	3a 20 4e 6f 20 73 6f 75 72 63 65 20 76 61 6c 69 64 61 74 69 6f 6e 00 64 6e 73 73 6c 00 64 6f 6d	:.No.source.validation.dnssl.dom
fd5a0	61 69 6e 2d 6e 61 6d 65 00 64 6f 6d 61 69 6e 2d 6e 61 6d 65 2d 73 65 72 76 65 72 73 00 64 6f 6d	ain-name.domain-name-servers.dom
fd5c0	61 69 6e 2d 73 65 61 72 63 68 00 65 6d 65 72 67 00 65 6e 61 62 6c 65 20 6f 72 20 64 69 73 61 62	ain-search.emerg.enable.or.disab
fd5e0	6c 65 20 20 49 43 4d 50 76 34 20 72 65 64 69 72 65 63 74 20 6d 65 73 73 61 67 65 73 20 73 65 6e	le..ICMPv4.redirect.messages.sen
fd600	64 20 62 79 20 56 79 4f 53 20 54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 73 79 73 74 65 6d 20 70	d.by.VyOS.The.following.system.p
fd620	61 72 61 6d 65 74 65 72 20 77 69 6c 6c 20 62 65 20 61 6c 74 65 72 65 64 3a 00 65 6e 61 62 6c 65	arameter.will.be.altered:.enable
fd640	20 6f 72 20 64 69 73 61 62 6c 65 20 49 43 4d 50 76 34 20 72 65 64 69 72 65 63 74 20 6d 65 73 73	.or.disable.ICMPv4.redirect.mess
fd660	61 67 65 73 20 73 65 6e 64 20 62 79 20 56 79 4f 53 20 54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20	ages.send.by.VyOS.The.following.
fd680	73 79 73 74 65 6d 20 70 61 72 61 6d 65 74 65 72 20 77 69 6c 6c 20 62 65 20 61 6c 74 65 72 65 64	system.parameter.will.be.altered
fd6a0	3a 00 65 6e 61 62 6c 65 20 6f 72 20 64 69 73 61 62 6c 65 20 6f 66 20 49 43 4d 50 76 34 20 6f 72	:.enable.or.disable.of.ICMPv4.or
fd6c0	20 49 43 4d 50 76 36 20 72 65 64 69 72 65 63 74 20 6d 65 73 73 61 67 65 73 20 61 63 63 65 70 74	.ICMPv6.redirect.messages.accept
fd6e0	65 64 20 62 79 20 56 79 4f 53 2e 20 54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 73 79 73 74 65 6d	ed.by.VyOS..The.following.system
fd700	20 70 61 72 61 6d 65 74 65 72 20 77 69 6c 6c 20 62 65 20 61 6c 74 65 72 65 64 3a 00 65 6e 61 62	.parameter.will.be.altered:.enab
fd720	6c 65 20 6f 72 20 64 69 73 61 62 6c 65 20 74 68 65 20 6c 6f 67 67 69 6e 67 20 6f 66 20 6d 61 72	le.or.disable.the.logging.of.mar
fd740	74 69 61 6e 20 49 50 76 34 20 70 61 63 6b 65 74 73 2e 20 54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67	tian.IPv4.packets..The.following
fd760	20 73 79 73 74 65 6d 20 70 61 72 61 6d 65 74 65 72 20 77 69 6c 6c 20 62 65 20 61 6c 74 65 72 65	.system.parameter.will.be.altere
fd780	64 3a 00 65 72 72 00 65 74 68 65 72 6e 65 74 00 65 78 61 63 74 2d 6d 61 74 63 68 3a 20 65 78 61	d:.err.ethernet.exact-match:.exa
fd7a0	63 74 20 6d 61 74 63 68 20 6f 66 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 72 65 66 69 78 65 73	ct.match.of.the.network.prefixes
fd7c0	2e 00 65 78 63 6c 75 64 65 00 66 61 69 6c 6f 76 65 72 00 66 61 73 74 3a 20 52 65 71 75 65 73 74	..exclude.failover.fast:.Request
fd7e0	20 70 61 72 74 6e 65 72 20 74 6f 20 74 72 61 6e 73 6d 69 74 20 4c 41 43 50 44 55 73 20 65 76 65	.partner.to.transmit.LACPDUs.eve
fd800	72 79 20 31 20 73 65 63 6f 6e 64 00 66 69 6c 65 20 3c 66 69 6c 65 20 6e 61 6d 65 3e 00 66 69 6c	ry.1.second.file.<file.name>.fil
fd820	74 65 72 2d 6c 69 73 74 00 66 74 70 00 66 75 6c 6c 20 2d 20 61 6c 77 61 79 73 20 75 73 65 20 66	ter-list.ftp.full.-.always.use.f
fd840	75 6c 6c 2d 64 75 70 6c 65 78 00 68 61 6c 66 20 2d 20 61 6c 77 61 79 73 20 75 73 65 20 68 61 6c	ull-duplex.half.-.always.use.hal
fd860	66 2d 64 75 70 6c 65 78 00 68 6f 70 2d 6c 69 6d 69 74 00 68 6f 73 74 3a 20 73 69 6e 67 6c 65 20	f-duplex.hop-limit.host:.single.
fd880	68 6f 73 74 20 49 50 20 61 64 64 72 65 73 73 20 74 6f 20 6d 61 74 63 68 2e 00 68 74 74 70 73 3a	host.IP.address.to.match..https:
fd8a0	2f 2f 61 63 63 65 73 73 2e 72 65 64 68 61 74 2e 63 6f 6d 2f 73 69 74 65 73 2f 64 65 66 61 75 6c	//access.redhat.com/sites/defaul
fd8c0	74 2f 66 69 6c 65 73 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 32 30 31 35 30 31 2d 70 65 72 66 2d	t/files/attachments/201501-perf-
fd8e0	62 72 69 65 66 2d 6c 6f 77 2d 6c 61 74 65 6e 63 79 2d 74 75 6e 69 6e 67 2d 72 68 65 6c 37 2d 76	brief-low-latency-tuning-rhel7-v
fd900	32 2e 31 2e 70 64 66 00 68 74 74 70 73 3a 2f 2f 63 6f 6d 6d 75 6e 69 74 79 2e 6f 70 65 6e 76 70	2.1.pdf.https://community.openvp
fd920	6e 2e 6e 65 74 2f 6f 70 65 6e 76 70 6e 2f 77 69 6b 69 2f 44 61 74 61 43 68 61 6e 6e 65 6c 4f 66	n.net/openvpn/wiki/DataChannelOf
fd940	66 6c 6f 61 64 2f 46 65 61 74 75 72 65 73 00 69 66 20 74 68 65 72 65 20 69 73 20 61 20 73 75 70	fload/Features.if.there.is.a.sup
fd960	70 6f 72 74 65 64 20 64 65 76 69 63 65 2c 20 65 6e 61 62 6c 65 20 49 6e 74 65 6c c2 ae 20 51 41	ported.device,.enable.Intel...QA
fd980	54 00 69 66 20 74 68 65 72 65 20 69 73 20 6e 6f 6e 20 64 65 76 69 63 65 20 74 68 65 20 63 6f 6d	T.if.there.is.non.device.the.com
fd9a0	6d 61 6e 64 20 77 69 6c 6c 20 73 68 6f 77 20 60 60 60 4e 6f 20 51 41 54 20 64 65 76 69 63 65 20	mand.will.show.```No.QAT.device.
fd9c0	66 6f 75 6e 64 60 60 60 00 69 6e 66 6f 00 69 6e 74 65 72 76 61 6c 00 69 6e 76 61 6c 69 64 00 69	found```.info.interval.invalid.i
fd9e0	6e 76 65 72 73 65 2d 6d 61 74 63 68 3a 20 6e 65 74 77 6f 72 6b 2f 6e 65 74 6d 61 73 6b 20 74 6f	nverse-match:.network/netmask.to
fda00	20 6d 61 74 63 68 20 28 72 65 71 75 69 72 65 73 20 6e 65 74 77 6f 72 6b 20 62 65 20 64 65 66 69	.match.(requires.network.be.defi
fda20	6e 65 64 29 2e 00 69 70 2d 66 6f 72 77 61 72 64 69 6e 67 00 69 74 20 63 61 6e 20 62 65 20 75 73	ned)..ip-forwarding.it.can.be.us
fda40	65 64 20 77 69 74 68 20 61 6e 79 20 4e 49 43 2c 00 69 74 20 64 6f 65 73 20 6e 6f 74 20 69 6e 63	ed.with.any.NIC,.it.does.not.inc
fda60	72 65 61 73 65 20 68 61 72 64 77 61 72 65 20 64 65 76 69 63 65 20 69 6e 74 65 72 72 75 70 74 20	rease.hardware.device.interrupt.
fda80	72 61 74 65 20 28 61 6c 74 68 6f 75 67 68 20 69 74 20 64 6f 65 73 20 69 6e 74 72 6f 64 75 63 65	rate.(although.it.does.introduce
fdaa0	20 69 6e 74 65 72 2d 70 72 6f 63 65 73 73 6f 72 20 69 6e 74 65 72 72 75 70 74 73 20 28 49 50 49	.inter-processor.interrupts.(IPI
fdac0	73 29 29 2e 00 6b 65 72 6e 00 6c 32 74 70 76 33 00 6c 65 61 73 65 00 6c 65 61 73 74 2d 63 6f 6e	s))..kern.l2tpv3.lease.least-con
fdae0	6e 65 63 74 69 6f 6e 00 6c 65 66 74 20 6c 6f 63 61 6c 5f 69 70 3a 20 31 39 32 2e 31 36 38 2e 30	nection.left.local_ip:.192.168.0
fdb00	2e 31 30 20 23 20 56 50 4e 20 47 61 74 65 77 61 79 2c 20 62 65 68 69 6e 64 20 4e 41 54 20 64 65	.10.#.VPN.Gateway,.behind.NAT.de
fdb20	76 69 63 65 00 6c 65 66 74 20 6c 6f 63 61 6c 5f 69 70 3a 20 60 31 39 38 2e 35 31 2e 31 30 30 2e	vice.left.local_ip:.`198.51.100.
fdb40	33 60 20 23 20 73 65 72 76 65 72 20 73 69 64 65 20 57 41 4e 20 49 50 00 6c 65 66 74 20 70 75 62	3`.#.server.side.WAN.IP.left.pub
fdb60	6c 69 63 5f 69 70 3a 31 37 32 2e 31 38 2e 32 30 31 2e 31 30 00 6c 65 66 74 20 73 75 62 6e 65 74	lic_ip:172.18.201.10.left.subnet
fdb80	3a 20 60 31 39 32 2e 31 36 38 2e 30 2e 30 2f 32 34 60 20 73 69 74 65 31 2c 20 73 65 72 76 65 72	:.`192.168.0.0/24`.site1,.server
fdba0	20 73 69 64 65 20 28 69 2e 65 2e 20 6c 6f 63 61 6c 69 74 79 2c 20 61 63 74 75 61 6c 6c 79 20 74	.side.(i.e..locality,.actually.t
fdbc0	68 65 72 65 20 69 73 20 6e 6f 20 63 6c 69 65 6e 74 20 6f 72 20 73 65 72 76 65 72 20 72 6f 6c 65	here.is.no.client.or.server.role
fdbe0	73 29 00 6c 69 6e 6b 2d 6d 74 75 00 6c 6f 63 61 6c 20 75 73 65 20 30 20 28 6c 6f 63 61 6c 30 29	s).link-mtu.local.use.0.(local0)
fdc00	00 6c 6f 63 61 6c 20 75 73 65 20 31 20 28 6c 6f 63 61 6c 31 29 00 6c 6f 63 61 6c 20 75 73 65 20	.local.use.1.(local1).local.use.
fdc20	32 20 28 6c 6f 63 61 6c 32 29 00 6c 6f 63 61 6c 20 75 73 65 20 33 20 28 6c 6f 63 61 6c 33 29 00	2.(local2).local.use.3.(local3).
fdc40	6c 6f 63 61 6c 20 75 73 65 20 34 20 28 6c 6f 63 61 6c 34 29 00 6c 6f 63 61 6c 20 75 73 65 20 35	local.use.4.(local4).local.use.5
fdc60	20 28 6c 6f 63 61 6c 35 29 00 6c 6f 63 61 6c 20 75 73 65 20 37 20 28 6c 6f 63 61 6c 37 29 00 6c	.(local5).local.use.7.(local7).l
fdc80	6f 63 61 6c 30 00 6c 6f 63 61 6c 31 00 6c 6f 63 61 6c 32 00 6c 6f 63 61 6c 33 00 6c 6f 63 61 6c	ocal0.local1.local2.local3.local
fdca0	34 00 6c 6f 63 61 6c 35 00 6c 6f 63 61 6c 36 00 6c 6f 63 61 6c 37 00 6c 6f 63 61 6c 69 74 79 2d	4.local5.local6.local7.locality-
fdcc0	62 61 73 65 64 2d 6c 65 61 73 74 2d 63 6f 6e 6e 65 63 74 69 6f 6e 00 6c 6f 67 61 6c 65 72 74 00	based-least-connection.logalert.
fdce0	6c 6f 67 61 75 64 69 74 00 6c 6f 6f 73 65 3a 20 45 61 63 68 20 69 6e 63 6f 6d 69 6e 67 20 70 61	logaudit.loose:.Each.incoming.pa
fdd00	63 6b 65 74 27 73 20 73 6f 75 72 63 65 20 61 64 64 72 65 73 73 20 69 73 20 61 6c 73 6f 20 74 65	cket's.source.address.is.also.te
fdd20	73 74 65 64 20 61 67 61 69 6e 73 74 20 74 68 65 20 46 49 42 20 61 6e 64 20 69 66 20 74 68 65 20	sted.against.the.FIB.and.if.the.
fdd40	73 6f 75 72 63 65 20 61 64 64 72 65 73 73 20 69 73 20 6e 6f 74 20 72 65 61 63 68 61 62 6c 65 20	source.address.is.not.reachable.
fdd60	76 69 61 20 61 6e 79 20 69 6e 74 65 72 66 61 63 65 20 74 68 65 20 70 61 63 6b 65 74 20 63 68 65	via.any.interface.the.packet.che
fdd80	63 6b 20 77 69 6c 6c 20 66 61 69 6c 2e 00 6c 70 72 00 6d 44 4e 53 20 52 65 70 65 61 74 65 72 00	ck.will.fail..lpr.mDNS.Repeater.
fdda0	6d 44 4e 53 20 72 65 70 65 61 74 65 72 20 63 61 6e 20 62 65 20 74 65 6d 70 6f 72 61 72 69 6c 79	mDNS.repeater.can.be.temporarily
fddc0	20 64 69 73 61 62 6c 65 64 20 77 69 74 68 6f 75 74 20 64 65 6c 65 74 69 6e 67 20 74 68 65 20 73	.disabled.without.deleting.the.s
fdde0	65 72 76 69 63 65 20 75 73 69 6e 67 00 6d 61 69 6c 00 6d 61 6e 61 67 65 64 2d 66 6c 61 67 00 6d	ervice.using.mail.managed-flag.m
fde00	61 74 63 68 2d 66 72 61 67 3a 20 53 65 63 6f 6e 64 20 61 6e 64 20 66 75 72 74 68 65 72 20 66 72	atch-frag:.Second.and.further.fr
fde20	61 67 6d 65 6e 74 73 20 6f 66 20 66 72 61 67 6d 65 6e 74 65 64 20 70 61 63 6b 65 74 73 2e 00 6d	agments.of.fragmented.packets..m
fde40	61 74 63 68 2d 69 70 73 65 63 3a 20 6d 61 74 63 68 20 69 6e 62 6f 75 6e 64 20 49 50 73 65 63 20	atch-ipsec:.match.inbound.IPsec.
fde60	70 61 63 6b 65 74 73 2e 00 6d 61 74 63 68 2d 6e 6f 6e 2d 66 72 61 67 3a 20 48 65 61 64 20 66 72	packets..match-non-frag:.Head.fr
fde80	61 67 6d 65 6e 74 73 20 6f 72 20 75 6e 66 72 61 67 6d 65 6e 74 65 64 20 70 61 63 6b 65 74 73 2e	agments.or.unfragmented.packets.
fdea0	00 6d 61 74 63 68 2d 6e 6f 6e 65 3a 20 6d 61 74 63 68 20 69 6e 62 6f 75 6e 64 20 6e 6f 6e 2d 49	.match-none:.match.inbound.non-I
fdec0	50 73 65 63 20 70 61 63 6b 65 74 73 2e 00 6d 69 6e 69 6d 61 6c 20 63 6f 6e 66 69 67 00 6d 6f 72	Psec.packets..minimal.config.mor
fdee0	65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 72 65 6c 61 74 65 64 20 49 47 50 20 20 2d 20 3a 72 65	e.information.related.IGP..-.:re
fdf00	66 3a 60 72 6f 75 74 69 6e 67 2d 69 73 69 73 60 00 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f	f:`routing-isis`.more.informatio
fdf20	6e 20 72 65 6c 61 74 65 64 20 49 47 50 20 20 2d 20 3a 72 65 66 3a 60 72 6f 75 74 69 6e 67 2d 6f	n.related.IGP..-.:ref:`routing-o
fdf40	73 70 66 60 00 6e 61 6d 65 2d 73 65 72 76 65 72 00 6e 65 74 62 69 6f 73 2d 6e 61 6d 65 2d 73 65	spf`.name-server.netbios-name-se
fdf60	72 76 65 72 73 00 6e 65 74 77 6f 72 6b 3a 20 6e 65 74 77 6f 72 6b 2f 6e 65 74 6d 61 73 6b 20 74	rvers.network:.network/netmask.t
fdf80	6f 20 6d 61 74 63 68 20 28 72 65 71 75 69 72 65 73 20 69 6e 76 65 72 73 65 2d 6d 61 74 63 68 20	o.match.(requires.inverse-match.
fdfa0	62 65 20 64 65 66 69 6e 65 64 29 20 42 55 47 2c 20 4e 4f 20 69 6e 76 65 72 74 2d 6d 61 74 63 68	be.defined).BUG,.NO.invert-match
fdfc0	20 6f 70 74 69 6f 6e 20 69 6e 20 61 63 63 65 73 73 2d 6c 69 73 74 36 00 6e 65 74 77 6f 72 6b 3a	.option.in.access-list6.network:
fdfe0	20 6e 65 74 77 6f 72 6b 2f 6e 65 74 6d 61 73 6b 20 74 6f 20 6d 61 74 63 68 20 28 72 65 71 75 69	.network/netmask.to.match.(requi
fe000	72 65 73 20 69 6e 76 65 72 73 65 2d 6d 61 74 63 68 20 62 65 20 64 65 66 69 6e 65 64 29 2e 00 6e	res.inverse-match.be.defined)..n
fe020	65 77 73 00 6e 65 78 74 2d 73 65 72 76 65 72 00 6e 6f 2d 61 75 74 6f 6e 6f 6d 6f 75 73 2d 66 6c	ews.next-server.no-autonomous-fl
fe040	61 67 00 6e 6f 2d 6f 6e 2d 6c 69 6e 6b 2d 66 6c 61 67 00 6e 6f 74 66 6f 75 6e 64 00 6e 6f 74 69	ag.no-on-link-flag.notfound.noti
fe060	63 65 00 6e 74 70 00 6e 74 70 2d 73 65 72 76 65 72 00 6e 74 70 2d 73 65 72 76 65 72 73 00 6f 6e	ce.ntp.ntp-server.ntp-servers.on
fe080	65 20 72 75 6c 65 20 77 69 74 68 20 61 20 4c 41 4e 20 28 69 6e 62 6f 75 6e 64 2d 69 6e 74 65 72	e.rule.with.a.LAN.(inbound-inter
fe0a0	66 61 63 65 29 20 61 6e 64 20 74 68 65 20 57 41 4e 20 28 69 6e 74 65 72 66 61 63 65 29 2e 00 6f	face).and.the.WAN.(interface)..o
fe0c0	70 65 6e 76 70 6e 00 6f 73 70 66 64 20 73 75 70 70 6f 72 74 73 20 4f 70 61 71 75 65 20 4c 53 41	penvpn.ospfd.supports.Opaque.LSA
fe0e0	20 3a 72 66 63 3a 60 32 33 37 30 60 20 61 73 20 70 61 72 74 69 61 6c 20 73 75 70 70 6f 72 74 20	.:rfc:`2370`.as.partial.support.
fe100	66 6f 72 20 4d 50 4c 53 20 54 72 61 66 66 69 63 20 45 6e 67 69 6e 65 65 72 69 6e 67 20 4c 53 41	for.MPLS.Traffic.Engineering.LSA
fe120	73 2e 20 54 68 65 20 6f 70 61 71 75 65 2d 6c 73 61 20 63 61 70 61 62 69 6c 69 74 79 20 6d 75 73	s..The.opaque-lsa.capability.mus
fe140	74 20 62 65 20 65 6e 61 62 6c 65 64 20 69 6e 20 74 68 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f	t.be.enabled.in.the.configuratio
fe160	6e 2e 00 6f 74 68 65 72 2d 63 6f 6e 66 69 67 2d 66 6c 61 67 00 70 61 67 65 73 20 74 6f 20 73 6f	n..other-config-flag.pages.to.so
fe180	72 74 00 70 6f 6c 69 63 79 20 61 73 2d 70 61 74 68 2d 6c 69 73 74 00 70 6f 6c 69 63 79 20 63 6f	rt.policy.as-path-list.policy.co
fe1a0	6d 6d 75 6e 69 74 79 2d 6c 69 73 74 00 70 6f 6c 69 63 79 20 65 78 74 63 6f 6d 6d 75 6e 69 74 79	mmunity-list.policy.extcommunity
fe1c0	2d 6c 69 73 74 00 70 6f 6c 69 63 79 20 6c 61 72 67 65 2d 63 6f 6d 6d 75 6e 69 74 79 2d 6c 69 73	-list.policy.large-community-lis
fe1e0	74 00 70 6f 70 2d 73 65 72 76 65 72 00 70 72 65 66 65 72 72 65 64 2d 6c 69 66 65 74 69 6d 65 00	t.pop-server.preferred-lifetime.
fe200	70 72 65 66 69 78 2d 6c 69 73 74 2c 20 64 69 73 74 72 69 62 75 74 65 2d 6c 69 73 74 00 70 73 65	prefix-list,.distribute-list.pse
fe220	75 64 6f 2d 65 74 68 65 72 6e 65 74 00 72 61 6e 67 65 00 72 65 61 63 68 61 62 6c 65 2d 74 69 6d	udo-ethernet.range.reachable-tim
fe240	65 00 72 65 73 65 74 20 63 6f 6d 6d 61 6e 64 73 00 72 65 74 72 61 6e 73 2d 74 69 6d 65 72 00 72	e.reset.commands.retrans-timer.r
fe260	66 63 33 34 34 32 2d 73 74 61 74 69 63 2d 72 6f 75 74 65 2c 20 77 69 6e 64 6f 77 73 2d 73 74 61	fc3442-static-route,.windows-sta
fe280	74 69 63 2d 72 6f 75 74 65 00 72 66 63 33 37 36 38 2d 63 6f 6d 70 61 74 69 62 69 6c 69 74 79 00	tic-route.rfc3768-compatibility.
fe2a0	72 69 67 68 74 20 6c 6f 63 61 6c 5f 69 70 3a 20 31 37 32 2e 31 38 2e 32 30 32 2e 31 30 20 23 20	right.local_ip:.172.18.202.10.#.
fe2c0	72 69 67 68 74 20 73 69 64 65 20 57 41 4e 20 49 50 00 72 69 67 68 74 20 6c 6f 63 61 6c 5f 69 70	right.side.WAN.IP.right.local_ip
fe2e0	3a 20 60 32 30 33 2e 30 2e 31 31 33 2e 32 60 20 23 20 72 65 6d 6f 74 65 20 6f 66 66 69 63 65 20	:.`203.0.113.2`.#.remote.office.
fe300	73 69 64 65 20 57 41 4e 20 49 50 00 72 69 67 68 74 20 73 75 62 6e 65 74 3a 20 60 31 30 2e 30 2e	side.WAN.IP.right.subnet:.`10.0.
fe320	30 2e 30 2f 32 34 60 20 73 69 74 65 32 2c 72 65 6d 6f 74 65 20 6f 66 66 69 63 65 20 73 69 64 65	0.0/24`.site2,remote.office.side
fe340	00 72 6f 75 6e 64 2d 72 6f 62 69 6e 00 72 6f 75 74 65 2d 6d 61 70 00 72 6f 75 74 65 72 73 00 73	.round-robin.route-map.routers.s
fe360	46 6c 6f 77 00 73 46 6c 6f 77 20 69 73 20 61 20 74 65 63 68 6e 6f 6c 6f 67 79 20 74 68 61 74 20	Flow.sFlow.is.a.technology.that.
fe380	65 6e 61 62 6c 65 73 20 6d 6f 6e 69 74 6f 72 69 6e 67 20 6f 66 20 6e 65 74 77 6f 72 6b 20 74 72	enables.monitoring.of.network.tr
fe3a0	61 66 66 69 63 20 62 79 20 73 65 6e 64 69 6e 67 20 73 61 6d 70 6c 65 64 20 70 61 63 6b 65 74 73	affic.by.sending.sampled.packets
fe3c0	20 74 6f 20 61 20 63 6f 6c 6c 65 63 74 6f 72 20 64 65 76 69 63 65 2e 00 73 65 63 75 72 69 74 79	.to.a.collector.device..security
fe3e0	00 73 65 72 76 65 72 20 65 78 61 6d 70 6c 65 00 73 65 72 76 65 72 2d 69 64 65 6e 74 69 66 69 65	.server.example.server-identifie
fe400	72 00 73 65 74 20 61 20 64 65 73 74 69 6e 61 74 69 6f 6e 20 61 6e 64 2f 6f 72 20 73 6f 75 72 63	r.set.a.destination.and/or.sourc
fe420	65 20 61 64 64 72 65 73 73 2e 20 41 63 63 65 70 74 65 64 20 69 6e 70 75 74 3a 00 73 68 61 32 35	e.address..Accepted.input:.sha25
fe440	36 20 48 61 73 68 65 73 00 73 68 6f 77 20 63 6f 6d 6d 61 6e 64 73 00 73 69 61 64 64 72 00 73 6c	6.Hashes.show.commands.siaddr.sl
fe460	6f 77 3a 20 52 65 71 75 65 73 74 20 70 61 72 74 6e 65 72 20 74 6f 20 74 72 61 6e 73 6d 69 74 20	ow:.Request.partner.to.transmit.
fe480	4c 41 43 50 44 55 73 20 65 76 65 72 79 20 33 30 20 73 65 63 6f 6e 64 73 00 73 6d 74 70 2d 73 65	LACPDUs.every.30.seconds.smtp-se
fe4a0	72 76 65 72 00 73 6f 66 74 77 61 72 65 20 66 69 6c 74 65 72 73 20 63 61 6e 20 65 61 73 69 6c 79	rver.software.filters.can.easily
fe4c0	20 62 65 20 61 64 64 65 64 20 74 6f 20 68 61 73 68 20 6f 76 65 72 20 6e 65 77 20 70 72 6f 74 6f	.be.added.to.hash.over.new.proto
fe4e0	63 6f 6c 73 2c 00 73 6f 75 72 63 65 2d 68 61 73 68 69 6e 67 00 73 70 6f 6b 65 30 31 2d 73 70 6f	cols,.source-hashing.spoke01-spo
fe500	6b 65 30 34 00 73 70 6f 6b 65 30 35 00 73 74 61 74 69 63 2d 6d 61 70 70 69 6e 67 00 73 74 61 74	ke04.spoke05.static-mapping.stat
fe520	69 63 2d 72 6f 75 74 65 00 73 74 72 69 63 74 3a 20 45 61 63 68 20 69 6e 63 6f 6d 69 6e 67 20 70	ic-route.strict:.Each.incoming.p
fe540	61 63 6b 65 74 20 69 73 20 74 65 73 74 65 64 20 61 67 61 69 6e 73 74 20 74 68 65 20 46 49 42 20	acket.is.tested.against.the.FIB.
fe560	61 6e 64 20 69 66 20 74 68 65 20 69 6e 74 65 72 66 61 63 65 20 69 73 20 6e 6f 74 20 74 68 65 20	and.if.the.interface.is.not.the.
fe580	62 65 73 74 20 72 65 76 65 72 73 65 20 70 61 74 68 20 74 68 65 20 70 61 63 6b 65 74 20 63 68 65	best.reverse.path.the.packet.che
fe5a0	63 6b 20 77 69 6c 6c 20 66 61 69 6c 2e 20 42 79 20 64 65 66 61 75 6c 74 20 66 61 69 6c 65 64 20	ck.will.fail..By.default.failed.
fe5c0	70 61 63 6b 65 74 73 20 61 72 65 20 64 69 73 63 61 72 64 65 64 2e 00 73 75 62 6e 65 74 2d 6d 61	packets.are.discarded..subnet-ma
fe5e0	73 6b 00 73 79 73 6c 6f 67 00 74 61 69 6c 00 74 63 5f 20 69 73 20 61 20 70 6f 77 65 72 66 75 6c	sk.syslog.tail.tc_.is.a.powerful
fe600	20 74 6f 6f 6c 20 66 6f 72 20 54 72 61 66 66 69 63 20 43 6f 6e 74 72 6f 6c 20 66 6f 75 6e 64 20	.tool.for.Traffic.Control.found.
fe620	61 74 20 74 68 65 20 4c 69 6e 75 78 20 6b 65 72 6e 65 6c 2e 20 48 6f 77 65 76 65 72 2c 20 69 74	at.the.Linux.kernel..However,.it
fe640	73 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 69 73 20 6f 66 74 65 6e 20 63 6f 6e 73 69 64 65	s.configuration.is.often.conside
fe660	72 65 64 20 61 20 63 75 6d 62 65 72 73 6f 6d 65 20 74 61 73 6b 2e 20 46 6f 72 74 75 6e 61 74 65	red.a.cumbersome.task..Fortunate
fe680	6c 79 2c 20 56 79 4f 53 20 65 61 73 65 73 20 74 68 65 20 6a 6f 62 20 74 68 72 6f 75 67 68 20 69	ly,.VyOS.eases.the.job.through.i
fe6a0	74 73 20 43 4c 49 2c 20 77 68 69 6c 65 20 75 73 69 6e 67 20 60 60 74 63 60 60 20 61 73 20 62 61	ts.CLI,.while.using.``tc``.as.ba
fe6c0	63 6b 65 6e 64 2e 00 74 66 74 70 2d 73 65 72 76 65 72 2d 6e 61 6d 65 00 74 68 69 73 20 6f 70 74	ckend..tftp-server-name.this.opt
fe6e0	69 6f 6e 20 61 6c 6c 6f 77 73 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 70 72 65 66 69 78 2d 73	ion.allows.to.configure.prefix-s
fe700	69 64 20 6f 6e 20 53 52 2e 20 54 68 65 20 e2 80 98 6e 6f 2d 70 68 70 2d 66 6c 61 67 e2 80 99 20	id.on.SR..The....no-php-flag....
fe720	6d 65 61 6e 73 20 4e 4f 20 50 65 6e 75 6c 74 69 6d 61 74 65 20 48 6f 70 20 50 6f 70 70 69 6e 67	means.NO.Penultimate.Hop.Popping
fe740	20 74 68 61 74 20 61 6c 6c 6f 77 73 20 53 52 20 6e 6f 64 65 20 74 6f 20 72 65 71 75 65 73 74 20	.that.allows.SR.node.to.request.
fe760	74 6f 20 69 74 73 20 6e 65 69 67 68 62 6f 72 20 74 6f 20 6e 6f 74 20 70 6f 70 20 74 68 65 20 6c	to.its.neighbor.to.not.pop.the.l
fe780	61 62 65 6c 2e 20 54 68 65 20 e2 80 98 65 78 70 6c 69 63 69 74 2d 6e 75 6c 6c e2 80 99 20 66 6c	abel..The....explicit-null....fl
fe7a0	61 67 20 61 6c 6c 6f 77 73 20 53 52 20 6e 6f 64 65 20 74 6f 20 72 65 71 75 65 73 74 20 74 6f 20	ag.allows.SR.node.to.request.to.
fe7c0	69 74 73 20 6e 65 69 67 68 62 6f 72 20 74 6f 20 73 65 6e 64 20 49 50 20 70 61 63 6b 65 74 20 77	its.neighbor.to.send.IP.packet.w
fe7e0	69 74 68 20 74 68 65 20 45 58 50 4c 49 43 49 54 2d 4e 55 4c 4c 20 6c 61 62 65 6c 2e 20 54 68 65	ith.the.EXPLICIT-NULL.label..The
fe800	20 e2 80 98 6e 2d 66 6c 61 67 2d 63 6c 65 61 72 e2 80 99 20 6f 70 74 69 6f 6e 20 63 61 6e 20 62	....n-flag-clear....option.can.b
fe820	65 20 75 73 65 64 20 74 6f 20 65 78 70 6c 69 63 69 74 6c 79 20 63 6c 65 61 72 20 74 68 65 20 4e	e.used.to.explicitly.clear.the.N
fe840	6f 64 65 20 66 6c 61 67 20 74 68 61 74 20 69 73 20 73 65 74 20 62 79 20 64 65 66 61 75 6c 74 20	ode.flag.that.is.set.by.default.
fe860	66 6f 72 20 50 72 65 66 69 78 2d 53 49 44 73 20 61 73 73 6f 63 69 61 74 65 64 20 74 6f 20 6c 6f	for.Prefix-SIDs.associated.to.lo
fe880	6f 70 62 61 63 6b 20 61 64 64 72 65 73 73 65 73 2e 20 54 68 69 73 20 6f 70 74 69 6f 6e 20 69 73	opback.addresses..This.option.is
fe8a0	20 6e 65 63 65 73 73 61 72 79 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 41 6e 79 63 61 73 74 2d	.necessary.to.configure.Anycast-
fe8c0	53 49 44 73 2e 00 74 69 6d 65 2d 6f 66 66 73 65 74 00 74 69 6d 65 2d 73 65 72 76 65 72 00 74 69	SIDs..time-offset.time-server.ti
fe8e0	6d 65 2d 73 65 72 76 65 72 73 00 74 75 6e 6e 65 6c 00 75 73 65 20 36 20 28 6c 6f 63 61 6c 36 29	me-servers.tunnel.use.6.(local6)
fe900	00 75 73 65 20 74 68 69 73 20 63 6f 6d 6d 61 6e 64 20 74 6f 20 63 68 65 63 6b 20 69 66 20 74 68	.use.this.command.to.check.if.th
fe920	65 72 65 20 69 73 20 61 6e 20 49 6e 74 65 6c c2 ae 20 51 41 54 20 73 75 70 70 6f 72 74 65 64 20	ere.is.an.Intel...QAT.supported.
fe940	50 72 6f 63 65 73 73 6f 72 20 69 6e 20 79 6f 75 72 20 73 79 73 74 65 6d 2e 00 75 73 65 72 00 75	Processor.in.your.system..user.u
fe960	75 63 70 00 76 61 6c 69 64 00 76 61 6c 69 64 2d 6c 69 66 65 74 69 6d 65 00 76 65 74 68 20 69 6e	ucp.valid.valid-lifetime.veth.in
fe980	74 65 72 66 61 63 65 73 20 6e 65 65 64 20 74 6f 20 62 65 20 63 72 65 61 74 65 64 20 69 6e 20 70	terfaces.need.to.be.created.in.p
fe9a0	61 69 72 73 20 2d 20 69 74 27 73 20 63 61 6c 6c 65 64 20 74 68 65 20 70 65 65 72 20 6e 61 6d 65	airs.-.it's.called.the.peer.name
fe9c0	00 76 78 6c 61 6e 00 77 61 72 6e 69 6e 67 00 77 65 20 64 65 73 63 72 69 62 65 64 20 74 68 65 20	.vxlan.warning.we.described.the.
fe9e0	63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 53 52 20 49 53 49 53 20 2f 20 53 52 20 4f 53 50 46 20	configuration.SR.ISIS./.SR.OSPF.
fea00	75 73 69 6e 67 20 32 20 63 6f 6e 6e 65 63 74 65 64 20 77 69 74 68 20 74 68 65 6d 20 74 6f 20 73	using.2.connected.with.them.to.s
fea20	68 61 72 65 20 6c 61 62 65 6c 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 00 77 65 69 67 68 74 65 64	hare.label.information..weighted
fea40	2d 6c 65 61 73 74 2d 63 6f 6e 6e 65 63 74 69 6f 6e 00 77 65 69 67 68 74 65 64 2d 72 6f 75 6e 64	-least-connection.weighted-round
fea60	2d 72 6f 62 69 6e 00 77 68 69 6c 65 20 61 20 2a 62 79 74 65 2a 20 69 73 20 77 72 69 74 74 65 6e	-robin.while.a.*byte*.is.written
fea80	20 61 73 20 61 20 73 69 6e 67 6c 65 20 2a 2a 62 2a 2a 2e 00 77 69 6e 73 2d 73 65 72 76 65 72 00	.as.a.single.**b**..wins-server.
feaa0	77 69 72 65 67 75 61 72 64 00 77 69 72 65 6c 65 73 73 00 77 69 74 68 20 3a 63 66 67 63 6d 64 3a	wireguard.wireless.with.:cfgcmd:
feac0	60 73 65 74 20 73 79 73 74 65 6d 20 61 63 63 65 6c 65 72 61 74 69 6f 6e 20 71 61 74 60 20 6f 6e	`set.system.acceleration.qat`.on
feae0	20 62 6f 74 68 20 73 79 73 74 65 6d 73 20 74 68 65 20 62 61 6e 64 77 69 64 74 68 20 69 6e 63 72	.both.systems.the.bandwidth.incr
feb00	65 61 73 65 73 2e 00 77 70 61 64 2d 75 72 6c 00 77 70 61 64 2d 75 72 6c 2c 20 77 70 61 64 2d 75	eases..wpad-url.wpad-url,.wpad-u
feb20	72 6c 20 63 6f 64 65 20 32 35 32 20 3d 20 74 65 78 74 00 77 77 61 6e 00	rl.code.252.=.text.wwan.