diff options
84 files changed, 796 insertions, 0 deletions
diff --git a/sysconf/netdevice b/sysconf/netdevice index e1447faa..71fc310d 100644 --- a/sysconf/netdevice +++ b/sysconf/netdevice @@ -13,3 +13,4 @@ wlan wireless pppoe pppoe dum dummy l2tpeth l2tpv3 +vxlan vxlan diff --git a/templates/interfaces/vxlan/node.def b/templates/interfaces/vxlan/node.def new file mode 100644 index 00000000..f5f99af7 --- /dev/null +++ b/templates/interfaces/vxlan/node.def @@ -0,0 +1,48 @@ +tag: +priority: 460 +type: txt +help: Virtual eXtensible LAN interface +val_help: <vxlanN>; VXLAN interface name +syntax:expression: pattern $VAR(@) "vxlan[0-9]+$" + +commit:expression: $VAR(./group/) != ""; \ + "Must configure vxlan group for $VAR(@)" +commit:expression: $VAR(./vni/) != ""; \ + "Must configure vxlan vni for $VAR(@)" + +begin: + [ -d /sys/module/vxlan ] || sudo modprobe vxlan + + +create: + if [ -e /sys/class/net/$VAR(@) ]; then + echo "VXLAN interface \"$VAR(@)\" already exists." + fi + + VXLAN_VNI="id $VAR(./vni/@)" + VXLAN_GROUP="group $VAR(./group/@)" + VXLAN_TTL="ttl 16" + + if [ ! $VAR(./dev/) == "" ]; then + VXLAN_DEV="dev $VAR(./dev/@)" + fi + + ip link add name $VAR(@) type vxlan \ + $VXLAN_VNI $VXLAN_GROUP $VXLAN_TTL $VXLAN_DEV + ip link set $VAR(@) up + + touch /tmp/vxlan-$VAR(@)-create + + +delete: + if [ ! -e /sys/class/net/$VAR(@) ]; then + echo "VXLAN interface \"$VAR(@)\" does not exist." + fi + + ip link del dev $VAR(@) + + +end: + if [ -e /tmp/vxlan-$VAR(@)-create ]; then + rm /tmp/vxlan-$VAR(@)-create + fi diff --git a/templates/interfaces/vxlan/node.tag/address/node.def b/templates/interfaces/vxlan/node.tag/address/node.def new file mode 100644 index 00000000..3cf32ef7 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/address/node.def @@ -0,0 +1,18 @@ +multi: +type: txt +help: IP address + +syntax:expression: exec "/opt/vyatta/sbin/valid_address $VAR(@)" + +commit:expression: exec "/opt/vyatta/sbin/vyatta-interfaces.pl --valid-addr-commit $VAR(@@) --dev $VAR(../@)" + +create: sudo /opt/vyatta/sbin/vyatta-address add $VAR(../@) $VAR(@) + +delete: sudo /opt/vyatta/sbin/vyatta-address delete $VAR(../@) $VAR(@) + +allowed: echo "dhcp dhcpv6 <>" + +val_help: ipv4net; IP address and prefix length +val_help: ipv6net; IPv6 address and prefix length +val_help: dhcp; Dynamic Host Configuration Protocol +val_help: dhcpv6; Dynamic Host Configuration Protocol for IPv6 diff --git a/templates/interfaces/vxlan/node.tag/bridge-group/bridge/node.def b/templates/interfaces/vxlan/node.tag/bridge-group/bridge/node.def new file mode 100644 index 00000000..d58e8f07 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/bridge-group/bridge/node.def @@ -0,0 +1,12 @@ +type: txt + +help: Bridge group name + +syntax:expression: pattern $VAR(@) "^br[0-9]+$" \ + ; "$VAR(@): not a valid name for a bridge" + +commit:expression: exec \ + "/opt/vyatta/sbin/vyatta-interfaces.pl --dev=$VAR(@) --check=bridge" + +allowed: /opt/vyatta/sbin/vyatta-interfaces.pl --show=bridge + diff --git a/templates/interfaces/vxlan/node.tag/bridge-group/cost/node.def b/templates/interfaces/vxlan/node.tag/bridge-group/cost/node.def new file mode 100644 index 00000000..22bac5a2 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/bridge-group/cost/node.def @@ -0,0 +1,4 @@ +type: u32 +help: Bridge port cost +syntax:expression: $VAR(@) >= 1 && $VAR(@) < 65536 ; "Bridge cost value must be between 1 and 65535" +val_help: u32:1-65535; Path cost value for Spanning Tree Protocol diff --git a/templates/interfaces/vxlan/node.tag/bridge-group/node.def b/templates/interfaces/vxlan/node.tag/bridge-group/node.def new file mode 100644 index 00000000..74ecab4d --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/bridge-group/node.def @@ -0,0 +1,3 @@ +help: Add this interface to a bridge group + +end: /opt/vyatta/sbin/vyatta-bridge.pl ${COMMIT_ACTION} $VAR(../@) diff --git a/templates/interfaces/vxlan/node.tag/bridge-group/priority/node.def b/templates/interfaces/vxlan/node.tag/bridge-group/priority/node.def new file mode 100644 index 00000000..be0ff479 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/bridge-group/priority/node.def @@ -0,0 +1,4 @@ +type: u32 +help: Bridge port priority +syntax:expression: $VAR(@) >= 0 &&$VAR(@) < 64; "Port priority must be between 0-63" +val_help: u32:0-63; Bridge port priority diff --git a/templates/interfaces/vxlan/node.tag/description/node.def b/templates/interfaces/vxlan/node.tag/description/node.def new file mode 100644 index 00000000..7d88db80 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/description/node.def @@ -0,0 +1,8 @@ +type: txt +help: Description + +syntax:expression: pattern $VAR(@) "^.{1,256}$" \ + ; "interface description is too long (limit 256 characters)" + +update: sudo sh -c "echo \"$VAR(@)\" >/sys/class/net/$VAR(../@)/ifalias" +delete: sudo sh -c "echo '' >/sys/class/net/$VAR(../@)/ifalias" diff --git a/templates/interfaces/vxlan/node.tag/dev/node.def b/templates/interfaces/vxlan/node.tag/dev/node.def new file mode 100644 index 00000000..d21c7d98 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/dev/node.def @@ -0,0 +1,10 @@ +type: txt +help: Underlay device name of this VXLAN interface +allowed: ${vyatta_sbindir}/vyatta-interfaces.pl --show all && echo default +val_help:<interface>; Interface to be used as underlay of VXLAN interface + +update: + if [ ! -e /tmp/vxlan-$VAR(../@)-create ]; then + echo "Chainging dev requires delete/create this vxlan interface" + exit 1 + fi diff --git a/templates/interfaces/vxlan/node.tag/group/node.def b/templates/interfaces/vxlan/node.tag/group/node.def new file mode 100644 index 00000000..717babd7 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/group/node.def @@ -0,0 +1,9 @@ +type: ipv4 +help: Multicast group address for this VXLAN interface [REQUIRED] +val_help: ipv4; Multicast group address for this VXLAN [REQUIRED] + +update: + if [ ! -e /tmp/vxlan-$VAR(../@)-create ]; then + echo "Chainging group requires delete/create this vxlan interface" + exit 1 + fi diff --git a/templates/interfaces/vxlan/node.tag/ip/disable-arp-filter/node.def b/templates/interfaces/vxlan/node.tag/ip/disable-arp-filter/node.def new file mode 100644 index 00000000..435998f7 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ip/disable-arp-filter/node.def @@ -0,0 +1,3 @@ +help: Disable arp-filter on this interface +create:expression: "sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/$VAR(../../@)/arp_filter\" " +delete:expression: "sudo sh -c \"echo 1 > /proc/sys/net/ipv4/conf/$VAR(../../@)/arp_filter\" " diff --git a/templates/interfaces/vxlan/node.tag/ip/enable-arp-accept/node.def b/templates/interfaces/vxlan/node.tag/ip/enable-arp-accept/node.def new file mode 100644 index 00000000..6ae32491 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ip/enable-arp-accept/node.def @@ -0,0 +1,3 @@ +help: Enable arp-accept on this interface +create:expression: "sudo sh -c \"echo 1 > /proc/sys/net/ipv4/conf/$VAR(../../@)/arp_accept\" " +delete:expression: "sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/$VAR(../../@)/arp_accept\" " diff --git a/templates/interfaces/vxlan/node.tag/ip/enable-arp-announce/node.def b/templates/interfaces/vxlan/node.tag/ip/enable-arp-announce/node.def new file mode 100644 index 00000000..7471e799 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ip/enable-arp-announce/node.def @@ -0,0 +1,3 @@ +help: Enable arp-announce on this interface +create:expression: "sudo sh -c \"echo 1 > /proc/sys/net/ipv4/conf/$VAR(../../@)/arp_announce\" " +delete:expression: "sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/$VAR(../../@)/arp_announce\" " diff --git a/templates/interfaces/vxlan/node.tag/ip/enable-arp-ignore/node.def b/templates/interfaces/vxlan/node.tag/ip/enable-arp-ignore/node.def new file mode 100644 index 00000000..b3ab0a56 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ip/enable-arp-ignore/node.def @@ -0,0 +1,3 @@ +help: Enable arp-ignore on this interface +create:expression: "sudo sh -c \"echo 1 > /proc/sys/net/ipv4/conf/$VAR(../../@)/arp_ignore\" " +delete:expression: "sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/$VAR(../../@)/arp_ignore\" " diff --git a/templates/interfaces/vxlan/node.tag/ip/enable-proxy-arp/node.def b/templates/interfaces/vxlan/node.tag/ip/enable-proxy-arp/node.def new file mode 100644 index 00000000..ae7ba09a --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ip/enable-proxy-arp/node.def @@ -0,0 +1,3 @@ +help: Enable proxy-arp on this interface +create:expression: "sudo sh -c \"echo 1 > /proc/sys/net/ipv4/conf/$VAR(../../@)/proxy_arp\" " +delete:expression: "sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/$VAR(../../@)/proxy_arp\" " diff --git a/templates/interfaces/vxlan/node.tag/ip/node.def b/templates/interfaces/vxlan/node.tag/ip/node.def new file mode 100644 index 00000000..85dfeded --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ip/node.def @@ -0,0 +1 @@ +help: IPv4 routing parameters diff --git a/templates/interfaces/vxlan/node.tag/ip/ospf/authentication/md5/key-id/node.def b/templates/interfaces/vxlan/node.tag/ip/ospf/authentication/md5/key-id/node.def new file mode 100644 index 00000000..bc47e563 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ip/ospf/authentication/md5/key-id/node.def @@ -0,0 +1,10 @@ +tag: +type: u32 +help: MD5 key id + +syntax:expression: $VAR(@) >= 1 && $VAR(@) <= 255; "ID must be between (1-255)" +val_help: u32:1-255; MD5 key id + +commit:expression: $VAR(md5-key/) != ""; \ + "Must add the md5-key for key-id $VAR(@)" + diff --git a/templates/interfaces/vxlan/node.tag/ip/ospf/authentication/md5/key-id/node.tag/md5-key/node.def b/templates/interfaces/vxlan/node.tag/ip/ospf/authentication/md5/key-id/node.tag/md5-key/node.def new file mode 100644 index 00000000..bb8bed21 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ip/ospf/authentication/md5/key-id/node.tag/md5-key/node.def @@ -0,0 +1,20 @@ +type: txt +help: MD5 key +syntax:expression: pattern $VAR(@) "^[^[:space:]]{1,16}$"; "MD5 key must be 16 characters or less" +val_help: MD5 Key (16 characters or less) + +# If this node is created +create: + vtysh -c "configure terminal" -c "interface $VAR(../../../../../../@)" \ + -c "ip ospf message-digest-key $VAR(../@) md5 $VAR(@)" + +# If the value of this node is changed +update: + vtysh -c "configure terminal" -c "interface $VAR(../../../../../../@)" \ + -c "no ip ospf message-digest-key $VAR(../@)" \ + -c "ip ospf message-digest-key $VAR(../@) md5 $VAR(@)" + +# If this node is deleted +delete: + vtysh -c "configure terminal" -c "interface $VAR(../../../../../../@)" \ + -c "no ip ospf message-digest-key $VAR(../@)" diff --git a/templates/interfaces/vxlan/node.tag/ip/ospf/authentication/md5/node.def b/templates/interfaces/vxlan/node.tag/ip/ospf/authentication/md5/node.def new file mode 100644 index 00000000..a31bd2ec --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ip/ospf/authentication/md5/node.def @@ -0,0 +1,10 @@ +help: MD5 parameters + +create: vtysh -c "configure terminal" \ + -c "interface $VAR(../../../../@)" \ + -c "no ip ospf authentication" \ + -c "ip ospf authentication message-digest" + +delete: vtysh -c "configure terminal" \ + -c "interface $VAR(../../../../@)" \ + -c "no ip ospf authentication" diff --git a/templates/interfaces/vxlan/node.tag/ip/ospf/authentication/node.def b/templates/interfaces/vxlan/node.tag/ip/ospf/authentication/node.def new file mode 100644 index 00000000..abf04eab --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ip/ospf/authentication/node.def @@ -0,0 +1,2 @@ +help: OSPF interface authentication + diff --git a/templates/interfaces/vxlan/node.tag/ip/ospf/authentication/plaintext-password/node.def b/templates/interfaces/vxlan/node.tag/ip/ospf/authentication/plaintext-password/node.def new file mode 100644 index 00000000..a2ba2f71 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ip/ospf/authentication/plaintext-password/node.def @@ -0,0 +1,10 @@ +type: txt +help: Plain text password +syntax:expression: pattern $VAR(@) "^[^[:space:]]{1,8}$" ; "Password must be 8 characters or less" +val_help: Plain text password (8 characters or less) + +update:vtysh -c "configure terminal" -c "interface $VAR(../../../../@)" \ + -c "no ip ospf authentication " -c "ip ospf authentication " \ + -c "ip ospf authentication-key $VAR(@)" +delete:vtysh -c "configure terminal" -c "interface $VAR(../../../../@)" \ + -c "no ip ospf authentication " -c "no ip ospf authentication-key" diff --git a/templates/interfaces/vxlan/node.tag/ip/ospf/bandwidth/node.def b/templates/interfaces/vxlan/node.tag/ip/ospf/bandwidth/node.def new file mode 100644 index 00000000..30a6db86 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ip/ospf/bandwidth/node.def @@ -0,0 +1,7 @@ +type: u32 +help: Bandwidth of interface (kilobits/sec) +syntax:expression: $VAR(@) >= 1 && $VAR(@) <= 10000000; "Must be between 1-10000000" +val_help: u32:1-10000000; Bandwidth in kilobits/sec (for calculating OSPF cost) + +update: vtysh -c "configure terminal" -c "interface $VAR(../../../@)" -c "bandwidth $VAR(@)" +delete: vtysh -c "configure terminal" -c "interface $VAR(../../../@)" -c "no bandwidth" diff --git a/templates/interfaces/vxlan/node.tag/ip/ospf/cost/node.def b/templates/interfaces/vxlan/node.tag/ip/ospf/cost/node.def new file mode 100644 index 00000000..9de07739 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ip/ospf/cost/node.def @@ -0,0 +1,11 @@ +type: u32 +help: Interface cost +syntax:expression: $VAR(@) >= 1 && $VAR(@) <= 65535; "Must be between 1-65535" +val_help: u32:1-65535; OSPF interface cost + +update:vtysh -c "configure terminal" \ + -c "interface $VAR(../../../@)" \ + -c "ip ospf cost $VAR(@)" +delete:vtysh -c "configure terminal" \ + -c "interface $VAR(../../../@)" \ + -c "no ip ospf cost" diff --git a/templates/interfaces/vxlan/node.tag/ip/ospf/dead-interval/node.def b/templates/interfaces/vxlan/node.tag/ip/ospf/dead-interval/node.def new file mode 100644 index 00000000..434ab8d1 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ip/ospf/dead-interval/node.def @@ -0,0 +1,8 @@ +type: u32 +help: Interval after which neighbor is dead +default: 40 +syntax:expression: $VAR(@) >= 1 && $VAR(@) <= 65535; "Must be between 1-65535" +val_help: u32:1-65535; OSPF dead interval in seconds (default 40) + +update:vtysh -c "configure terminal" -c "interface $VAR(../../../@)" -c "ip ospf dead-interval $VAR(@)" +delete:vtysh -c "configure terminal" -c "interface $VAR(../../../@)" -c "no ip ospf dead-interval" diff --git a/templates/interfaces/vxlan/node.tag/ip/ospf/hello-interval/node.def b/templates/interfaces/vxlan/node.tag/ip/ospf/hello-interval/node.def new file mode 100644 index 00000000..4178c082 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ip/ospf/hello-interval/node.def @@ -0,0 +1,8 @@ +type: u32 +help: Interval between hello packets +default: 10 +syntax:expression: $VAR(@) >= 1 && $VAR(@) <= 65535; "Must be between 1-65535" +val_help: u32:1-65535; Interval between OSPF hello packets in seconds (default 10) + +update:vtysh -c "configure terminal" -c "interface $VAR(../../../@)" -c "ip ospf hello-interval $VAR(@)" +delete:vtysh -c "configure terminal" -c "interface $VAR(../../../@)" -c "no ip ospf hello-interval" diff --git a/templates/interfaces/vxlan/node.tag/ip/ospf/mtu-ignore/node.def b/templates/interfaces/vxlan/node.tag/ip/ospf/mtu-ignore/node.def new file mode 100644 index 00000000..15518da6 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ip/ospf/mtu-ignore/node.def @@ -0,0 +1,3 @@ +help: Disable Maximum Transmission Unit (MTU) mismatch detection +create:vtysh -c "configure terminal" -c "interface $VAR(../../../@)" -c "ip ospf mtu-ignore" +delete:vtysh -c "configure terminal" -c "interface $VAR(../../../@)" -c "no ip ospf mtu-ignore" diff --git a/templates/interfaces/vxlan/node.tag/ip/ospf/network/node.def b/templates/interfaces/vxlan/node.tag/ip/ospf/network/node.def new file mode 100644 index 00000000..ce36466f --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ip/ospf/network/node.def @@ -0,0 +1,11 @@ +type: txt +help: Network type +syntax:expression: $VAR(@) in "broadcast", "non-broadcast", "point-to-multipoint", "point-to-point"; \ + "Must be (broadcast|non-broadcast|point-to-multipoint|point-to-point)" +update:vtysh -c "configure terminal" -c "interface $VAR(../../../@)" -c "ip ospf network $VAR(@)" +delete:vtysh -c "configure terminal" -c "interface $VAR(../../../@)" -c "no ip ospf network" + +val_help: broadcast; Broadcast network type +val_help: non-broadcast; Non-broadcast network type +val_help: point-to-multipoint; Point-to-multipoint network type +val_help: point-to-point; Point-to-point network type diff --git a/templates/interfaces/vxlan/node.tag/ip/ospf/node.def b/templates/interfaces/vxlan/node.tag/ip/ospf/node.def new file mode 100644 index 00000000..8eaece24 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ip/ospf/node.def @@ -0,0 +1 @@ +help: Open Shortest Path First (OSPF) parameters diff --git a/templates/interfaces/vxlan/node.tag/ip/ospf/priority/node.def b/templates/interfaces/vxlan/node.tag/ip/ospf/priority/node.def new file mode 100644 index 00000000..c4a13909 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ip/ospf/priority/node.def @@ -0,0 +1,8 @@ +type: u32 +help: Router priority +default: 1 +syntax:expression: $VAR(@) >= 0 && $VAR(@) <= 255; "Must be between 0-255" +val_help: u32:0-255; Priority (default 1) + +update:vtysh -c "configure terminal" -c "interface $VAR(../../../@)" -c "ip ospf priority $VAR(@)" +delete:vtysh -c "configure terminal" -c "interface $VAR(../../../@)" -c "no ip ospf priority" diff --git a/templates/interfaces/vxlan/node.tag/ip/ospf/retransmit-interval/node.def b/templates/interfaces/vxlan/node.tag/ip/ospf/retransmit-interval/node.def new file mode 100644 index 00000000..6df594fb --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ip/ospf/retransmit-interval/node.def @@ -0,0 +1,10 @@ +type: u32 +help: Interval between retransmitting lost link state advertisements +default: 5 +syntax:expression: $VAR(@) >= 3 && $VAR(@) <= 65535; "Must be between 3-65535" +val_help: u32: 3-65535; Retransmit interval in seconds (default 5) + +update: vtysh -c "configure terminal" -c "interface $VAR(../../../@)" \ + -c "ip ospf retransmit-interval $VAR(@)" +delete: vtysh -c "configure terminal" -c "interface $VAR(../../../@)" \ + -c "no ip ospf retransmit-interval" diff --git a/templates/interfaces/vxlan/node.tag/ip/ospf/transmit-delay/node.def b/templates/interfaces/vxlan/node.tag/ip/ospf/transmit-delay/node.def new file mode 100644 index 00000000..0785ce54 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ip/ospf/transmit-delay/node.def @@ -0,0 +1,8 @@ +type: u32 +help: Link state transmit delay +default: 1 +syntax:expression: $VAR(@) >= 1 && $VAR(@) <= 65535; "Must be between 1-65535" +val_help: u32:1-65535; Transmit delay in seconds (default 1) + +update:vtysh -c "configure terminal" -c "interface $VAR(../../../@)" -c "ip ospf transmit-delay $VAR(@)" +delete:vtysh -c "configure terminal" -c "interface $VAR(../../../@)" -c "no ip ospf transmit-delay" diff --git a/templates/interfaces/vxlan/node.tag/ip/rip/authentication/md5/node.def b/templates/interfaces/vxlan/node.tag/ip/rip/authentication/md5/node.def new file mode 100644 index 00000000..ad45eb1b --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ip/rip/authentication/md5/node.def @@ -0,0 +1,8 @@ +tag: +type: u32 +help: MD5 authentication parameters +syntax:expression: $VAR(@) >= 1 && $VAR(@) <= 255; \ + "ID must be between 1 and 255" + +commit:expression: $VAR(../plaintext-password/) == "" ; \ + "plaintext-password already set" diff --git a/templates/interfaces/vxlan/node.tag/ip/rip/authentication/md5/node.tag/password/node.def b/templates/interfaces/vxlan/node.tag/ip/rip/authentication/md5/node.tag/password/node.def new file mode 100644 index 00000000..5af81f70 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ip/rip/authentication/md5/node.tag/password/node.def @@ -0,0 +1,17 @@ +type: txt +help: Authentication password +syntax:expression: pattern $VAR(@) "^[^[:space:]]{1,16}$" ; "MD5 key must be 16 characters or less" +val_help: MD5 Key (16 characters or less) + +update:vtysh \ + -c "configure terminal" -c "interface $VAR(../../../../../@)" \ + -c "ip rip authentication mode md5" \ + -c "ip rip authentication key-chain $VAR(../../../../../@)-rip" \ + -c "key chain $VAR(../../../../../@)-rip" -c "key $VAR(../@)" \ + -c "key-string $VAR(@)" + +delete:vtysh --noerror \ + -c "configure terminal" -c "interface $VAR(../../../../../@)" \ + -c "no ip rip authentication mode md5" \ + -c "no ip rip authentication key-chain $VAR(../../../../../@)-rip" \ + -c "no key chain $VAR(../../../../../@)-rip" diff --git a/templates/interfaces/vxlan/node.tag/ip/rip/authentication/node.def b/templates/interfaces/vxlan/node.tag/ip/rip/authentication/node.def new file mode 100644 index 00000000..22039cf7 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ip/rip/authentication/node.def @@ -0,0 +1 @@ +help: Authentication method diff --git a/templates/interfaces/vxlan/node.tag/ip/rip/authentication/plaintext-password/node.def b/templates/interfaces/vxlan/node.tag/ip/rip/authentication/plaintext-password/node.def new file mode 100644 index 00000000..747da810 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ip/rip/authentication/plaintext-password/node.def @@ -0,0 +1,13 @@ +type: txt +help: Plain text password +syntax:expression: pattern $VAR(@) "^[^[:space:]]{1,16}$" ; "Password must be 16 characters or less" +commit:expression: $VAR(../md5/) == "" ; "md5 password already set" +val_help: Password (16 characters or less) + +update: vtysh -c "configure terminal" -c "interface $VAR(../../../../@)" \ + -c "ip rip authentication mode text" \ + -c "ip rip authentication string $VAR(@)" + +delete: vtysh -c "configure terminal" -c "interface $VAR(../../../../@)" \ + -c "no ip rip authentication mode" \ + -c "no ip rip authentication string $VAR(@)" diff --git a/templates/interfaces/vxlan/node.tag/ip/rip/node.def b/templates/interfaces/vxlan/node.tag/ip/rip/node.def new file mode 100644 index 00000000..d6a4eb34 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ip/rip/node.def @@ -0,0 +1 @@ +help: Routing Information Protocol (RIP) diff --git a/templates/interfaces/vxlan/node.tag/ip/rip/split-horizon/disable/node.def b/templates/interfaces/vxlan/node.tag/ip/rip/split-horizon/disable/node.def new file mode 100644 index 00000000..eb231e35 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ip/rip/split-horizon/disable/node.def @@ -0,0 +1,8 @@ +help: Disable split horizon on specified interface +create: vtysh -c "configure terminal" -c "interface $VAR(../../../../@)" \ + -c "no ip rip split-horizon" +delete: vtysh -c "configure terminal" -c "interface $VAR(../../../../@)" \ + -c "ip rip split-horizon" + +commit:expression: ($VAR(../poison-reverse/) == ""); \ + "You cannot have 'split-horizon poison-reverse' enabled with 'split-horizon' disabled for $VAR(../../../../@)" diff --git a/templates/interfaces/vxlan/node.tag/ip/rip/split-horizon/node.def b/templates/interfaces/vxlan/node.tag/ip/rip/split-horizon/node.def new file mode 100644 index 00000000..c4fb5ddc --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ip/rip/split-horizon/node.def @@ -0,0 +1 @@ +help: Split horizon parameters diff --git a/templates/interfaces/vxlan/node.tag/ip/rip/split-horizon/poison-reverse/node.def b/templates/interfaces/vxlan/node.tag/ip/rip/split-horizon/poison-reverse/node.def new file mode 100644 index 00000000..7ae46127 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ip/rip/split-horizon/poison-reverse/node.def @@ -0,0 +1,9 @@ +help: Enable poison reverse for split-horizon +create:vtysh -c "configure terminal" -c "interface $VAR(../../../../@)" \ + -c "ip rip split-horizon poisoned-reverse" + +delete:vtysh -c "configure terminal" -c "interface $VAR(../../../../@)" \ + -c "no ip rip split-horizon" -c "ip rip split-horizon " + +commit:expression: ($VAR(../disable/) == ""); \ + "You cannot have 'split-horizon poison-reverse' enabled with 'split-horizon' disabled for $VAR(../../../../@)" diff --git a/templates/interfaces/vxlan/node.tag/ip/source-validation/node.def b/templates/interfaces/vxlan/node.tag/ip/source-validation/node.def new file mode 100644 index 00000000..fdd0ef92 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ip/source-validation/node.def @@ -0,0 +1,34 @@ +# rp_filter +# default value - 0 +# conf/all/rp_filter and conf/[interface]/rp_filter both must be set to +# a value greater than 0 to do source validation on the interface + + +type: txt + +help: Policy for source validation by reversed path, as specified in RFC3704 + +val_help: strict; Enable Strict Reverse Path Forwarding as defined in RFC3704 +val_help: loose; Enable Loose Reverse Path Forwarding as defined in RFC3704 +val_help: disable; No source validation + +syntax:expression: $VAR(@) in "strict", "loose", "disable"; "source-validation must be set to 'loose', 'strict' or 'disable'" + +update: + if [ x$VAR(@) == xstrict ]; then + sudo sh -c "echo 1 > \ + /proc/sys/net/ipv4/conf/all/rp_filter" + sudo sh -c "echo 1 > \ + /proc/sys/net/ipv4/conf/$VAR(../../@)/rp_filter" + elif [ x$VAR(@) == xloose ]; then + sudo sh -c "echo 2 > \ + /proc/sys/net/ipv4/conf/all/rp_filter" + sudo sh -c "echo 2 > \ + /proc/sys/net/ipv4/conf/$VAR(../../@)/rp_filter" + else + sudo sh -c "echo 0 > \ + /proc/sys/net/ipv4/conf/all/rp_filter" + fi + +delete: + sudo sh -c "echo 0 > /proc/sys/net/ipv4/conf/$VAR(../../@)/rp_filter" diff --git a/templates/interfaces/vxlan/node.tag/ipv6/address/autoconf/node.def b/templates/interfaces/vxlan/node.tag/ipv6/address/autoconf/node.def new file mode 100644 index 00000000..9beeb3d8 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ipv6/address/autoconf/node.def @@ -0,0 +1,27 @@ +# +# This is a valueless node, hence has no type associated with it. +# + +help: Enable acquisition of IPv6 address using stateless autoconfig + +update: + if [ -e /proc/sys/net/ipv6/conf/$VAR(../../../@)/autoconf ]; then + echo "Enabling address auto-configuration for $VAR(../../../@)" + sudo sh -c "echo 1 > /proc/sys/net/ipv6/conf/$VAR(../../../@)/autoconf" + forwarding=`cat /proc/sys/net/ipv6/conf/$VAR(../../../@)/forwarding` + if [ $forwarding = 1 ]; then + echo "Warning: IPv6 forwarding is currently enabled." + echo " IPv6 address auto-configuration will not be performed" + echo " unless IPv6 forwarding is disabled." + fi + else + echo "Address auto-configuration will be enabled when interface comes up." + fi + +delete: + if [ -e /proc/sys/net/ipv6/conf/$VAR(../../../@)/autoconf ]; then + sudo sh -c "echo 0 > /proc/sys/net/ipv6/conf/$VAR(../../../@)/autoconf" + else + echo "Address auto-configuration will be disabled when interface comes up." + fi + diff --git a/templates/interfaces/vxlan/node.tag/ipv6/address/eui64/node.def b/templates/interfaces/vxlan/node.tag/ipv6/address/eui64/node.def new file mode 100644 index 00000000..c28bd55f --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ipv6/address/eui64/node.def @@ -0,0 +1,15 @@ +multi: +type: ipv6net +help: Assign IPv6 address using EUI-64 based on MAC address + +val_help: <h:h:h:h/64>; 64-bit IPv6 prefix to use with EUI-64 to make address + +create: + if [ -e /proc/sys/net/ipv6/conf/$VAR(../../../@) ]; then + sudo /opt/vyatta/sbin/vyatta-ipv6-eui64.pl --create $VAR(../../../@) $VAR(@) + else + echo "EUI-64 based address will be assigned when interface comes up." + fi + +delete: + sudo /opt/vyatta/sbin/vyatta-ipv6-eui64.pl --delete $VAR(../../../@) $VAR(@) diff --git a/templates/interfaces/vxlan/node.tag/ipv6/address/node.def b/templates/interfaces/vxlan/node.tag/ipv6/address/node.def new file mode 100644 index 00000000..26064025 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ipv6/address/node.def @@ -0,0 +1 @@ +help: IPv6 address auto-configuration modes diff --git a/templates/interfaces/vxlan/node.tag/ipv6/disable-forwarding/node.def b/templates/interfaces/vxlan/node.tag/ipv6/disable-forwarding/node.def new file mode 100644 index 00000000..cc76d2cf --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ipv6/disable-forwarding/node.def @@ -0,0 +1,31 @@ + +help: Disable IPv6 forwarding on this interface only + +create: + procfile=/proc/sys/net/ipv6/conf/$VAR(../../@)/forwarding + if [ -e $procfile ]; then + echo "Disabling IPv6 forwarding for $VAR(../../@)" + sudo sh -c "echo 0 > $procfile" + else + echo "IPv6 forwarding will be disabled when $VAR(../../@) comes up" + fi + touch /var/run/vyatta/ipv6_no_fwd.$VAR(../../@) + +delete: + procfile=/proc/sys/net/ipv6/conf/$VAR(../../@)/forwarding + if [ -e $procfile ]; then + # Only re-enable forwarding if global disable-forwarding switch + # is not set. + global=`cat /proc/sys/net/ipv6/conf/default/forwarding` + if [ "$global" = "1" ]; then + echo "Re-enabling IPv6 forwarding for $VAR(../../@)" + sudo sh -c "echo 1 > /proc/sys/net/ipv6/conf/$VAR(../../@)/forwarding" + else + echo "Not re-enabling IPv6 forwarding for $VAR(../../@) because it is still" + echo "globally disabled." + fi + else + echo "IPv6 forwarding will be re-enabled when $VAR(../../@) comes up" + fi + rm /var/run/vyatta/ipv6_no_fwd.$VAR(../../@) + diff --git a/templates/interfaces/vxlan/node.tag/ipv6/dup-addr-detect-transmits/node.def b/templates/interfaces/vxlan/node.tag/ipv6/dup-addr-detect-transmits/node.def new file mode 100644 index 00000000..fa9e57b5 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ipv6/dup-addr-detect-transmits/node.def @@ -0,0 +1,17 @@ +type: u32 +help: Number of NS messages to send while performing DAD + +val_help: <1-N>; Number of NS messages to send while performing DAD +val_help: 0; Disable Duplicate Address Dectection (DAD) + +default: 1 + +syntax:expression: ($VAR(@) >= 0) ; "Value must be >= 0" + +update: + procfile=/proc/sys/net/ipv6/conf/$VAR(../../@)/dad_transmits + if [ -e $procfile ]; then + sudo sh -c "echo $VAR(@) > $procfile" + else + echo "Will set dup_addr_detect_transmits when $VAR(../../@) comes up" + fi diff --git a/templates/interfaces/vxlan/node.tag/ipv6/node.def b/templates/interfaces/vxlan/node.tag/ipv6/node.def new file mode 100644 index 00000000..539673c9 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ipv6/node.def @@ -0,0 +1 @@ +help: IPv6 routing parameters diff --git a/templates/interfaces/vxlan/node.tag/ipv6/ospfv3/cost/node.def b/templates/interfaces/vxlan/node.tag/ipv6/ospfv3/cost/node.def new file mode 100644 index 00000000..a40e2a60 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ipv6/ospfv3/cost/node.def @@ -0,0 +1,8 @@ +type: u32 +help: Interface cost +default: 1 +syntax:expression: $VAR(@) >= 1 && $VAR(@) <= 65535; "Must be between 1-65535" +val_help: u32:1-65535; OSPFv3 cost + +update: vtysh -c "configure terminal" -c "interface $VAR(../../../@)" -c "ipv6 ospf6 cost $VAR(@)" + diff --git a/templates/interfaces/vxlan/node.tag/ipv6/ospfv3/dead-interval/node.def b/templates/interfaces/vxlan/node.tag/ipv6/ospfv3/dead-interval/node.def new file mode 100644 index 00000000..5bac9d1c --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ipv6/ospfv3/dead-interval/node.def @@ -0,0 +1,10 @@ +type: u32 +help: Interval after which neighbor is declared dead +default: 40 +syntax:expression: $VAR(@) >= 1 && $VAR(@) <= 65535; "Must be between 1-65535" +val_help: u32:1-65535; Neighbor dead interval in seconds (default 40) + +update: vtysh -c "configure terminal" -c "interface $VAR(../../../@)" \ + -c "ipv6 ospf6 dead-interval $VAR(@)" +delete: vtysh -c "configure terminal" -c "interface $VAR(../../../@)" \ + -c "ipv6 ospf6 dead-interval 40" diff --git a/templates/interfaces/vxlan/node.tag/ipv6/ospfv3/hello-interval/node.def b/templates/interfaces/vxlan/node.tag/ipv6/ospfv3/hello-interval/node.def new file mode 100644 index 00000000..165dc10b --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ipv6/ospfv3/hello-interval/node.def @@ -0,0 +1,10 @@ +type: u32 +help: Interval between hello packets +default: 10 +syntax:expression: $VAR(@) >= 1 && $VAR(@) <= 65535; "Must be between 1-65535" +val_help: u32:1-65535; Interval between OSPFv3 hello packets in seconds (default 10) + +update: vtysh -c "configure terminal" -c "interface $VAR(../../../@)" \ + -c "ipv6 ospf6 hello-interval $VAR(@)" +delete: vtysh -c "configure terminal" -c "interface $VAR(../../../@)" \ + -c "ipv6 ospf6 hello-interval 10" diff --git a/templates/interfaces/vxlan/node.tag/ipv6/ospfv3/ifmtu/node.def b/templates/interfaces/vxlan/node.tag/ipv6/ospfv3/ifmtu/node.def new file mode 100644 index 00000000..0fd15658 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ipv6/ospfv3/ifmtu/node.def @@ -0,0 +1,7 @@ +type: u32 +help: Interface MTU +syntax:expression: $VAR(@) >= 1 && $VAR(@) <= 65535; "Must be between 1-65535" +val_help: u32:1-65535; Interface MTU + +update: vtysh -c "configure terminal" -c "interface $VAR(../../../@)" -c "ipv6 ospf6 ifmtu $VAR(@)" +delete: vtysh -c "configure terminal" -c "interface $VAR(../../../@)" -c "no ipv6 ospf6 ifmtu" diff --git a/templates/interfaces/vxlan/node.tag/ipv6/ospfv3/instance-id/node.def b/templates/interfaces/vxlan/node.tag/ipv6/ospfv3/instance-id/node.def new file mode 100644 index 00000000..bdd7aa5c --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ipv6/ospfv3/instance-id/node.def @@ -0,0 +1,8 @@ +type: u32 +help: Instance-id +default: 0 +syntax:expression: $VAR(@) >= 0 && $VAR(@) <= 255; "Must be between 0-255" +val_help: u32:0-255; Instance Id (default 0) + +update: vtysh -c "configure terminal" -c "interface $VAR(../../../@)" -c "ipv6 ospf6 instance-id $VAR(@)" +delete: vtysh -c "configure terminal" -c "interface $VAR(../../../@)" -c "ipv6 ospf6 instance-id 0" diff --git a/templates/interfaces/vxlan/node.tag/ipv6/ospfv3/mtu-ignore/node.def b/templates/interfaces/vxlan/node.tag/ipv6/ospfv3/mtu-ignore/node.def new file mode 100644 index 00000000..ad1bd4f3 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ipv6/ospfv3/mtu-ignore/node.def @@ -0,0 +1,4 @@ +help: Disable Maximum Transmission Unit mismatch detection +create:vtysh -c "configure terminal" -c "interface $VAR(../../../@)" -c "ipv6 ospf6 mtu-ignore" +delete:vtysh -c "configure terminal" -c "interface $VAR(../../../@)" -c "no ipv6 ospf6 mtu-ignore" + diff --git a/templates/interfaces/vxlan/node.tag/ipv6/ospfv3/node.def b/templates/interfaces/vxlan/node.tag/ipv6/ospfv3/node.def new file mode 100644 index 00000000..43905a53 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ipv6/ospfv3/node.def @@ -0,0 +1 @@ +help: IPv6 Open Shortest Path First (OSPFv3) diff --git a/templates/interfaces/vxlan/node.tag/ipv6/ospfv3/passive/node.def b/templates/interfaces/vxlan/node.tag/ipv6/ospfv3/passive/node.def new file mode 100644 index 00000000..711ff19f --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ipv6/ospfv3/passive/node.def @@ -0,0 +1,3 @@ +help: Disable forming of adjacency +create: vtysh -c "configure terminal" -c "interface $VAR(../../../@)" -c "ipv6 ospf6 passive" +delete: vtysh -c "configure terminal" -c "interface $VAR(../../../@)" -c "no ipv6 ospf6 passive" diff --git a/templates/interfaces/vxlan/node.tag/ipv6/ospfv3/priority/node.def b/templates/interfaces/vxlan/node.tag/ipv6/ospfv3/priority/node.def new file mode 100644 index 00000000..6c5397bd --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ipv6/ospfv3/priority/node.def @@ -0,0 +1,8 @@ +type: u32 +help: Router priority +default: 1 +syntax:expression: $VAR(@) >= 0 && $VAR(@) <= 255; "Must be between 0-255" +val_help: u32:0-255; Priority (default 1) + +update: vtysh -c "configure terminal" -c "interface $VAR(../../../@)" -c "ipv6 ospf6 priority $VAR(@)" +delete: vtysh -c "configure terminal" -c "interface $VAR(../../../@)" -c "ipv6 ospf6 priority 1" diff --git a/templates/interfaces/vxlan/node.tag/ipv6/ospfv3/retransmit-interval/node.def b/templates/interfaces/vxlan/node.tag/ipv6/ospfv3/retransmit-interval/node.def new file mode 100644 index 00000000..070e8029 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ipv6/ospfv3/retransmit-interval/node.def @@ -0,0 +1,10 @@ +type: u32 +help: Interval between retransmitting lost link state advertisements +default: 5 +syntax:expression: $VAR(@) >= 3 && $VAR(@) <= 65535; "Must be between 3-65535" +val_help: u32:3-65535; Retransmit interval in seconds (default 5) + +update: vtysh -c "configure terminal" -c "interface $VAR(../../../@)" \ + -c "ipv6 ospf6 retransmit-interval $VAR(@)" +delete: vtysh -c "configure terminal" -c "interface $VAR(../../../@)" \ + -c "ipv6 ospf6 retransmit-interval 5" diff --git a/templates/interfaces/vxlan/node.tag/ipv6/ospfv3/transmit-delay/node.def b/templates/interfaces/vxlan/node.tag/ipv6/ospfv3/transmit-delay/node.def new file mode 100644 index 00000000..296ae391 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ipv6/ospfv3/transmit-delay/node.def @@ -0,0 +1,10 @@ +type: u32 +help: Link state transmit delay +default: 1 +syntax:expression: $VAR(@) >= 1 && $VAR(@) <= 65535; "Must be between 1-65535" +val_help: u32:1-65535; Link state transmit delay (default 1) + +update: vtysh -c "configure terminal" -c "interface $VAR(../../../@)" \ + -c "ipv6 ospf6 transmit-delay $VAR(@)" +delete: vtysh -c "configure terminal" -c "interface $VAR(../../../@)" \ + -c "ipv6 ospf6 transmit-delay 1" diff --git a/templates/interfaces/vxlan/node.tag/ipv6/ripng/node.def b/templates/interfaces/vxlan/node.tag/ipv6/ripng/node.def new file mode 100644 index 00000000..69d49298 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ipv6/ripng/node.def @@ -0,0 +1 @@ +help: Routing Information Protocol (RIPng) diff --git a/templates/interfaces/vxlan/node.tag/ipv6/ripng/split-horizon/disable/node.def b/templates/interfaces/vxlan/node.tag/ipv6/ripng/split-horizon/disable/node.def new file mode 100644 index 00000000..a8d39171 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ipv6/ripng/split-horizon/disable/node.def @@ -0,0 +1,6 @@ +help: Disable split horizon +create: vtysh -c "configure terminal" -c "interface $VAR(../../../../@)" -c "no ipv6 ripng split-horizon" +delete: vtysh -c "configure terminal" -c "interface $VAR(../../../../@)" -c "ipv6 ripng split-horizon" + +commit:expression: ($VAR(../poison-reverse/) == ""); \ + "You cannot have 'split-horizon poison-reverse' enabled with 'split-horizon' disabled for $VAR(../../../../@)" diff --git a/templates/interfaces/vxlan/node.tag/ipv6/ripng/split-horizon/node.def b/templates/interfaces/vxlan/node.tag/ipv6/ripng/split-horizon/node.def new file mode 100644 index 00000000..c4fb5ddc --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ipv6/ripng/split-horizon/node.def @@ -0,0 +1 @@ +help: Split horizon parameters diff --git a/templates/interfaces/vxlan/node.tag/ipv6/ripng/split-horizon/poison-reverse/node.def b/templates/interfaces/vxlan/node.tag/ipv6/ripng/split-horizon/poison-reverse/node.def new file mode 100644 index 00000000..ffd27c2e --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ipv6/ripng/split-horizon/poison-reverse/node.def @@ -0,0 +1,9 @@ +help: Enable poison reverse for split-horizon +create: vtysh -c "configure terminal" -c "interface $VAR(../../../../@)" \ + -c "ipv6 ripng split-horizon poisoned-reverse" + +delete: vtysh -c "configure terminal" -c "interface $VAR(../../../../@)" \ + -c "no ipv6 ripng split-horizon" -c "ipv6 ripng split-horizon" + +commit:expression: ($VAR(../disable/) == ""); \ + "You cannot have 'split-horizon poison-reverse' enabled with 'split-horizon' disabled for $VAR(../../../../@)" diff --git a/templates/interfaces/vxlan/node.tag/ipv6/router-advert/cur-hop-limit/node.def b/templates/interfaces/vxlan/node.tag/ipv6/router-advert/cur-hop-limit/node.def new file mode 100644 index 00000000..1ae51001 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ipv6/router-advert/cur-hop-limit/node.def @@ -0,0 +1,10 @@ +type: u32 +help: Value to be placed in the "Current Hop Limit" field in RAs + +# Default value per Assignned Numbers RFC +default: 64 + +val_help: u32:1-255; Value to place in the "Current Hop Limit" field in RAs +val_help: 0; Place 0, meaning "unspecified", in "Current Hop Limit" field + +syntax:expression: ($VAR(@) >= 0 && $VAR(@) <= 255) ; "Value must be between 0 and 255" diff --git a/templates/interfaces/vxlan/node.tag/ipv6/router-advert/default-lifetime/node.def b/templates/interfaces/vxlan/node.tag/ipv6/router-advert/default-lifetime/node.def new file mode 100644 index 00000000..205f964e --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ipv6/router-advert/default-lifetime/node.def @@ -0,0 +1,9 @@ +type: u32 +help: Value to be placed in "Router Lifetime" field in RAs + +# No default value. Value will be determined algorithmically based on +# value of MaxRtrAdvInterval if left unspecified by the user. + +val_help: u32:4-9000; Value in seconds to be placed in "Router Lifetime" field in RAs +val_help: 0; Place 0, meaning "not a default router", in Router Lifetime field +syntax:expression: ($VAR(@) == 0 || ($VAR(@) >= 4 && $VAR(@) <= 9000)) ; "Value must be 0 or between 4 and 9000" diff --git a/templates/interfaces/vxlan/node.tag/ipv6/router-advert/default-preference/node.def b/templates/interfaces/vxlan/node.tag/ipv6/router-advert/default-preference/node.def new file mode 100644 index 00000000..cc025735 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ipv6/router-advert/default-preference/node.def @@ -0,0 +1,10 @@ +type: txt +help: Default router preference + +syntax:expression: $VAR(@) in "low", "medium", "high"; \ + "Must be (low|medium|high)" + +val_help: low; Default router is low preference +val_help: medium; Default router is medium preference (Default) +val_help: high; Default router is high preference + diff --git a/templates/interfaces/vxlan/node.tag/ipv6/router-advert/link-mtu/node.def b/templates/interfaces/vxlan/node.tag/ipv6/router-advert/link-mtu/node.def new file mode 100644 index 00000000..bd32fd59 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ipv6/router-advert/link-mtu/node.def @@ -0,0 +1,10 @@ +type: u32 +help: Value of link MTU to place in RAs + +# Default value per RFC-4861. +default: 0 + +val_help: <1-MAX>; Value of link MTU to place in RAs +val_help: 0; Do not send MTU options in RAs + +syntax:expression: ($VAR(@) == 0 || $VAR(@) >= 1280) ; "Value must be 0 or 1280 or greater" diff --git a/templates/interfaces/vxlan/node.tag/ipv6/router-advert/managed-flag/node.def b/templates/interfaces/vxlan/node.tag/ipv6/router-advert/managed-flag/node.def new file mode 100644 index 00000000..b020c53d --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ipv6/router-advert/managed-flag/node.def @@ -0,0 +1,10 @@ +type: bool +help: Value for "managed address configuration" flag in RAs + +# Default value per RFC-4861. +default: false +allowed: echo -n "true false" + +val_help: true; Place "true" in "managed address configuration" flag in RAs +val_help: false; Place "false" in "managed address configuration" flag in RAs + diff --git a/templates/interfaces/vxlan/node.tag/ipv6/router-advert/max-interval/node.def b/templates/interfaces/vxlan/node.tag/ipv6/router-advert/max-interval/node.def new file mode 100644 index 00000000..1ba8e681 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ipv6/router-advert/max-interval/node.def @@ -0,0 +1,9 @@ +type: u32 +help: Maximum interval between unsolicited multicast RAs + +# Default value per RFC-4861 +default: 600 + +val_help: u32:4-1800; Maximum interval in seconds between unsolicited multicast RAs + +syntax:expression: ($VAR(@) >= 4 && $VAR(@) <= 1800) ; "Value must be between 4 and 1800" diff --git a/templates/interfaces/vxlan/node.tag/ipv6/router-advert/min-interval/node.def b/templates/interfaces/vxlan/node.tag/ipv6/router-advert/min-interval/node.def new file mode 100644 index 00000000..2ae72f7a --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ipv6/router-advert/min-interval/node.def @@ -0,0 +1,10 @@ +type: u32 +help: Minimum interval between unsolicited multicast RAs + +# No default value. Value will be determined algorithmically based +# on the value of MaxRtrAdvInterval if not set by the user. Algorithm +# is specified in RFC-4861. + +val_help: u32:3-1350; Minimum interval in seconds between unsolicited multicast RAs + +syntax:expression: ($VAR(@) >= 3 && $VAR(@) <= 1350) ; "Value must be between 3 and 1350" diff --git a/templates/interfaces/vxlan/node.tag/ipv6/router-advert/name-server/node.def b/templates/interfaces/vxlan/node.tag/ipv6/router-advert/name-server/node.def new file mode 100644 index 00000000..08899352 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ipv6/router-advert/name-server/node.def @@ -0,0 +1,6 @@ + +multi: + +type: ipv6 + +help: IPv6 address of a Recursive DNS Server diff --git a/templates/interfaces/vxlan/node.tag/ipv6/router-advert/node.def b/templates/interfaces/vxlan/node.tag/ipv6/router-advert/node.def new file mode 100644 index 00000000..63135593 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ipv6/router-advert/node.def @@ -0,0 +1,36 @@ + +priority: 999 # Run after parent interface is configured + +help: Configure parameters for sending Router Advertisements (RAs) + +end: + if [ "$COMMIT_ACTION" = "SET" -o "$COMMIT_ACTION" = "ACTIVE" ]; then + echo "Re-generating radvd config file for interface $VAR(../../@)..." + sudo /opt/vyatta/sbin/vyatta_gen_radvd.pl --generate $VAR(../../@) + if [ $? != 0 ]; then + exit 1 + fi + elif [ "$COMMIT_ACTION" = "DELETE" ]; then + echo "Deleting entry for interface $VAR(../../@) from radv config file..." + sudo /opt/vyatta/sbin/vyatta_gen_radvd.pl --delete $VAR(../../@) + if [ $? != 0 ]; then + exit 1 + fi + fi + + if [ -e /var/run/radvd/radvd.pid ]; then + if [ -s /etc/radvd.conf ]; then + echo "Re-starting radvd..." + sudo /etc/init.d/radvd restart + else + echo "Stopping radvd..." + sudo /etc/init.d/radvd stop + fi + else + if [ -s /etc/radvd.conf ]; then + echo "Starting radvd..." + sudo /etc/init.d/radvd start + else + echo "Not starting radvd." + fi + fi diff --git a/templates/interfaces/vxlan/node.tag/ipv6/router-advert/other-config-flag/node.def b/templates/interfaces/vxlan/node.tag/ipv6/router-advert/other-config-flag/node.def new file mode 100644 index 00000000..d5488d7f --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ipv6/router-advert/other-config-flag/node.def @@ -0,0 +1,9 @@ +type: bool +help: Value to be placed in the "other configuration" flag in RAs + +# Default value per RFC-4861. +default: false +allowed: echo -n "true false" + +val_help: true; Place "true" in "other configuration" flag in RAs +val_help: false; Place "false" in "other configuration" flag in RAs diff --git a/templates/interfaces/vxlan/node.tag/ipv6/router-advert/prefix/node.def b/templates/interfaces/vxlan/node.tag/ipv6/router-advert/prefix/node.def new file mode 100644 index 00000000..90242c35 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ipv6/router-advert/prefix/node.def @@ -0,0 +1,7 @@ +tag: +type: ipv6net + +help: IPv6 prefix to be advertised in Router Advertisements (RAs) + +val_help: ipv6net; IPv6 prefix to be advertized in Router Advertisements (RAs) + diff --git a/templates/interfaces/vxlan/node.tag/ipv6/router-advert/prefix/node.tag/autonomous-flag/node.def b/templates/interfaces/vxlan/node.tag/ipv6/router-advert/prefix/node.tag/autonomous-flag/node.def new file mode 100644 index 00000000..5964d23a --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ipv6/router-advert/prefix/node.tag/autonomous-flag/node.def @@ -0,0 +1,9 @@ +type: bool + +help: Whether prefix can be used for address auto-configuration + +# Default value per RFC-4861. +default: true + +val_help: true; Prefix can be used for stateless address auto-configuration +val_help: false; Prefix can not be used for stateless address auto-configuration diff --git a/templates/interfaces/vxlan/node.tag/ipv6/router-advert/prefix/node.tag/on-link-flag/node.def b/templates/interfaces/vxlan/node.tag/ipv6/router-advert/prefix/node.tag/on-link-flag/node.def new file mode 100644 index 00000000..948e3c3d --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ipv6/router-advert/prefix/node.tag/on-link-flag/node.def @@ -0,0 +1,9 @@ +type: bool +help: Flag that prefix can be used for on-link determination + +# Default value per RFC-4861. +default: true + +val_help: true; Prefix can be used for on-link determination +val_help: false; Prefix can not be used for on-link determination + diff --git a/templates/interfaces/vxlan/node.tag/ipv6/router-advert/prefix/node.tag/preferred-lifetime/node.def b/templates/interfaces/vxlan/node.tag/ipv6/router-advert/prefix/node.tag/preferred-lifetime/node.def new file mode 100644 index 00000000..1fc0620b --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ipv6/router-advert/prefix/node.tag/preferred-lifetime/node.def @@ -0,0 +1,11 @@ +type: txt +help: Time in seconds that the prefix will remain preferred + +# Default value will be set by back-end script based on value of +# AdvValidLifetime following guidelines in RFC-4861 if this value +# is left unspecified by the user. + +val_help: <0-MAX>; Time in seconds that the prefix will remain preferred +val_help: infinity; Prefix will remain preferred forever + +syntax:expression: ($VAR(@) == "infinity" || (pattern $VAR(@) "[0-9]*")) ; "Must be 'infinity' or a number" diff --git a/templates/interfaces/vxlan/node.tag/ipv6/router-advert/prefix/node.tag/valid-lifetime/node.def b/templates/interfaces/vxlan/node.tag/ipv6/router-advert/prefix/node.tag/valid-lifetime/node.def new file mode 100644 index 00000000..efcf5e19 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ipv6/router-advert/prefix/node.tag/valid-lifetime/node.def @@ -0,0 +1,10 @@ +type: txt +help: Time in seconds that the prefix will remain valid + +# Default per RFC-4861. +default: "2592000" + +val_help: <0-MAX>; Time in seconds that the prefix will remain valid +val_help: infinity; Prefix will remain valid forever + +syntax:expression: ($VAR(@) == "infinity" || (pattern $VAR(@) "[0-9]*")) ; "Must be 'infinity' or a number" diff --git a/templates/interfaces/vxlan/node.tag/ipv6/router-advert/reachable-time/node.def b/templates/interfaces/vxlan/node.tag/ipv6/router-advert/reachable-time/node.def new file mode 100644 index 00000000..903771cf --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ipv6/router-advert/reachable-time/node.def @@ -0,0 +1,9 @@ +type: u32 +help: Value to be placed in "Reachable Time" field in RAs + +default: 0 + +val_help: u32:1-3600000; Reachable Time value in RAs (in milliseconds) +val_help: 0; Reachable Time 0 (i.e., unspecified by this router) + +syntax:expression: ($VAR(@) >= 0 && $VAR(@) <= 3600000) ; "Value must be between 0 and 3,600,000 milliseconds (1 hour)" diff --git a/templates/interfaces/vxlan/node.tag/ipv6/router-advert/retrans-timer/node.def b/templates/interfaces/vxlan/node.tag/ipv6/router-advert/retrans-timer/node.def new file mode 100644 index 00000000..ab7793d9 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ipv6/router-advert/retrans-timer/node.def @@ -0,0 +1,7 @@ +type: u32 +help: Value to place in "Retrans Timer" field in RAs. + +default: 0 + +val_help: <1-MAX>; Value in milliseconds to place in "Retrans Timer" field in RAs +val_help: 0; Place 0, meaning "unspecified", in in "Retrans Timer" field in RAs diff --git a/templates/interfaces/vxlan/node.tag/ipv6/router-advert/send-advert/node.def b/templates/interfaces/vxlan/node.tag/ipv6/router-advert/send-advert/node.def new file mode 100644 index 00000000..8bcdeefb --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/ipv6/router-advert/send-advert/node.def @@ -0,0 +1,16 @@ +type: bool + +help: Enable/disable sending RAs + +# RFC-4861 default value is false, but since the router-advert tree is +# absent by default, that serves to meet the requirement that router +# adverts not be sent unless the system administrator explicitly configures +# the router to send them. So, configuring router-advert and leaving +# this value unspecified serves to enable sending route adverts. + +default: true +allowed: echo -n "true false" + +val_help: true; Enable sending RAs +val_help: false; Disable sending RAs + diff --git a/templates/interfaces/vxlan/node.tag/mtu/node.def b/templates/interfaces/vxlan/node.tag/mtu/node.def new file mode 100644 index 00000000..c9fbc76f --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/mtu/node.def @@ -0,0 +1,14 @@ +type: u32 +priority: 461 +help: Maximum Transmission Unit (MTU) +syntax:expression: $VAR(@) >= 68 && $VAR(@) <= 9000; "Must be between 68-9000" +val_help: u32:68-9000; Maximum Transmission Unit (MTU) + +update: + if [ -d /sys/class/net/$VAR(../@) ] ; then + ip link set $VAR(../@) mtu $VAR(@) + fi +delete: + if [ -d /sys/class/net/$VAR(../@) ] ; then + ip link set $VAR(../@) mtu 1500 + fi diff --git a/templates/interfaces/vxlan/node.tag/policy/ipv6-route/node.def b/templates/interfaces/vxlan/node.tag/policy/ipv6-route/node.def new file mode 100644 index 00000000..fdc9c8aa --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/policy/ipv6-route/node.def @@ -0,0 +1,17 @@ +type: txt +help: IPv6 policy route ruleset for interface +allowed: local -a params + eval "params=($(cli-shell-api listActiveNodes policy ipv6-route))" + echo -n "${params[@]}" +create: ifname=$VAR(../../@) + sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-interfaces \ + update $ifname in $VAR(@) "policy ipv6-route" + +update: ifname=$VAR(../../@) + sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-interfaces \ + update $ifname in $VAR(@) "policy ipv6-route" + + +delete: ifname=$VAR(../../@) + sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-interfaces \ + delete $ifname in $VAR(@) "policy ipv6-route" diff --git a/templates/interfaces/vxlan/node.tag/policy/node.def b/templates/interfaces/vxlan/node.tag/policy/node.def new file mode 100644 index 00000000..94c62dbe --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/policy/node.def @@ -0,0 +1 @@ +help: Policy route options diff --git a/templates/interfaces/vxlan/node.tag/policy/route/node.def b/templates/interfaces/vxlan/node.tag/policy/route/node.def new file mode 100644 index 00000000..1ce44d37 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/policy/route/node.def @@ -0,0 +1,17 @@ +type: txt +help: IPv4 policy route ruleset for interface +allowed: local -a params + eval "params=($(cli-shell-api listActiveNodes policy route))" + echo -n "${params[@]}" +create: ifname=$VAR(../../@) + sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-interfaces \ + update $ifname in $VAR(@) "policy route" + +update: ifname=$VAR(../../@) + sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-interfaces \ + update $ifname in $VAR(@) "policy route" + + +delete: ifname=$VAR(../../@) + sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-interfaces \ + delete $ifname in $VAR(@) "policy route" diff --git a/templates/interfaces/vxlan/node.tag/vni/node.def b/templates/interfaces/vxlan/node.tag/vni/node.def new file mode 100644 index 00000000..cc54b4b8 --- /dev/null +++ b/templates/interfaces/vxlan/node.tag/vni/node.def @@ -0,0 +1,10 @@ +type: u32 +help: Virtual network identifier [REQUIRED] +syntax:expression: $VAR(@) >= 0 && $VAR(@) <= 16777216; "Must be between 0-16777216" +val_help: u32: 0-16777214; Virtual network identifier of this VXLAN interface [REQUIRED] + +update: + if [ ! -e /tmp/vxlan-$VAR(../@)-create ]; then + echo "Chainging vni requires delete/create this vxlan interface" + exit 1 + fi |