arrange services and protocols

author: rebortg <github@ghlr.de> 2020-11-30 20:53:36 +0100
committer: rebortg <github@ghlr.de> 2020-11-30 20:53:36 +0100
commit: 8943fc9f877cbee3301a8261ddd27b4b1f15f174 (patch)
tree: bb09c5f41a7683dc361517c2bde346eea36cda24
parent: e33e1268f944be445b5a771df0e97e913487512f (diff)
download: vyos-documentation-8943fc9f877cbee3301a8261ddd27b4b1f15f174.tar.gz
vyos-documentation-8943fc9f877cbee3301a8261ddd27b4b1f15f174.zip
43 files changed, 443 insertions, 404 deletions
diff --git a/docs/configuration/firewall/index.rst b/docs/configuration/firewall/index.rst
index d9a3ebe3..2615774f 100644
--- a/docs/configuration/firewall/index.rst
+++ b/docs/configuration/firewall/index.rst
@@ -766,3 +766,68 @@ Example Partial Config
          }
      }
   }
+
+
+.. _routing-mss-clamp:
+
+################
+TCP-MSS Clamping
+################
+
+As Internet wide PMTU discovery rarely works, we sometimes need to clamp
+our TCP MSS value to a specific value. This is a field in the TCP
+Options part of a SYN packet. By setting the MSS value, you are telling
+the remote side unequivocally 'do not try to send me packets bigger than
+this value'.
+
+Starting with VyOS 1.2 there is a firewall option to clamp your TCP MSS
+value for IPv4 and IPv6.
+
+
+.. note:: MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting
+   in 1452 bytes on a 1492 byte MTU.
+
+
+IPv4
+====
+
+.. cfgcmd:: set firewall options interface <interface> adjust-mss <number-of-bytes>
+
+   Use this command to set the maximum segment size for IPv4 transit
+   packets on a specific interface (500-1460 bytes).
+
+Example
+-------
+
+Clamp outgoing MSS value in a TCP SYN packet to `1452` for `pppoe0` and
+`1372`
+for your WireGuard `wg02` tunnel.
+
+.. code-block:: none
+
+  set firewall options interface pppoe0 adjust-mss '1452'
+  set firewall options interface wg02 adjust-mss '1372'
+
+IPv6
+====
+
+.. cfgcmd:: set firewall options interface <interface> adjust-mss6 <number-of-bytes>
+
+   Use this command to set the maximum segment size for IPv6 transit
+   packets on a specific interface (1280-1492 bytes).
+
+Example
+-------
+
+Clamp outgoing MSS value in a TCP SYN packet to `1280` for both `pppoe0` and
+`wg02` interface.
+
+.. code-block:: none
+
+  set firewall options interface pppoe0 adjust-mss6 '1280'
+  set firewall options interface wg02 adjust-mss6 '1280'
+
+
+
+.. hint:: When doing your byte calculations, you might find useful this
+   `Visual packet size calculator <https://baturin.org/tools/encapcalc/>`_.
diff --git a/docs/routing/bfd.rst b/docs/configuration/protocols/bfd.rst
index b8fdf489..b8fdf489 100644
--- a/docs/routing/bfd.rst
+++ b/docs/configuration/protocols/bfd.rst
diff --git a/docs/routing/bgp.rst b/docs/configuration/protocols/bgp.rst
index c576d836..c576d836 100644
--- a/docs/routing/bgp.rst
+++ b/docs/configuration/protocols/bgp.rst
diff --git a/docs/configuration/protocols/igmp-proxy.rst b/docs/configuration/protocols/igmp-proxy.rst
new file mode 100644
index 00000000..cce5f948
--- /dev/null
+++ b/docs/configuration/protocols/igmp-proxy.rst
@@ -0,0 +1,2 @@
+igmp-proxy
+##########
+\ No newline at end of file
diff --git a/docs/routing/multicast.rst b/docs/configuration/protocols/igmp.rst
index 9104b0c9..9104b0c9 100644
--- a/docs/routing/multicast.rst
+++ b/docs/configuration/protocols/igmp.rst
diff --git a/docs/configuration/protocols/index.rst b/docs/configuration/protocols/index.rst
new file mode 100644
index 00000000..271b6056
--- /dev/null
+++ b/docs/configuration/protocols/index.rst
@@ -0,0 +1,22 @@
+#########
+Protocols
+#########
+
+
+.. toctree::
+   :maxdepth: 1
+   :includehidden:
+
+   bfd
+   bgp
+   igmp
+   igmp-proxy
+   mpls
+   ospf
+   ospfv3
+   pim
+   rip
+   ripng
+   rpki
+   static
+   vrf
diff --git a/docs/routing/mpls.rst b/docs/configuration/protocols/mpls.rst
index 82e99a17..82e99a17 100644
--- a/docs/routing/mpls.rst
+++ b/docs/configuration/protocols/mpls.rst
diff --git a/docs/configuration/protocols/ospf.rst b/docs/configuration/protocols/ospf.rst
new file mode 100644
index 00000000..ff7c5e64
--- /dev/null
+++ b/docs/configuration/protocols/ospf.rst
@@ -0,0 +1,70 @@
+.. include:: /_include/need_improvement.txt
+
+.. _routing-ospf:
+
+####
+OSPF
+####
+
+:abbr:`OSPF (Open Shortest Path First)` is a routing protocol for Internet
+Protocol (IP) networks. It uses a link state routing (LSR) algorithm and falls
+into the group of interior gateway protocols (IGPs), operating within a single
+autonomous system (AS). It is defined as OSPF Version 2 in :rfc:`2328` (1998)
+for IPv4. Updates for IPv6 are specified as OSPF Version 3 in :rfc:`5340`
+(2008). OSPF supports the :abbr:`CIDR (Classless Inter-Domain Routing)`
+addressing model.
+
+OSPF is a widely used IGP in large enterprise networks.
+
+OSPFv2 (IPv4)
+#############
+
+In order to have a VyOS system exchanging routes with OSPF neighbors, you will
+at least need to configure an OSPF area and some network.
+
+.. code-block:: none
+
+  set protocols ospf area 0 network 192.168.0.0/24
+
+That is the minimum configuration you will need.
+It is a good practice to define the router ID too.
+
+.. code-block:: none
+
+  set protocols ospf parameters router-id 10.1.1.1
+
+
+Below you can see a typical configuration using 2 nodes, redistribute loopback
+address and the node 1 sending the default route:
+
+**Node 1**
+
+.. code-block:: none
+
+  set interfaces loopback lo address 10.1.1.1/32
+  set protocols ospf area 0 network 192.168.0.0/24
+  set protocols ospf default-information originate always
+  set protocols ospf default-information originate metric 10
+  set protocols ospf default-information originate metric-type 2
+  set protocols ospf log-adjacency-changes
+  set protocols ospf parameters router-id 10.1.1.1
+  set protocols ospf redistribute connected metric-type 2
+  set protocols ospf redistribute connected route-map CONNECT
+
+  set policy route-map CONNECT rule 10 action permit
+  set policy route-map CONNECT rule 10 match interface lo
+
+**Node 2**
+
+.. code-block:: none
+
+  set interfaces loopback lo address 10.2.2.2/32
+  set protocols ospf area 0 network 192.168.0.0/24
+  set protocols ospf log-adjacency-changes
+  set protocols ospf parameters router-id 10.2.2.2
+  set protocols ospf redistribute connected metric-type 2
+  set protocols ospf redistribute connected route-map CONNECT
+
+  set policy route-map CONNECT rule 10 action permit
+  set policy route-map CONNECT rule 10 match interface lo
+
diff --git a/docs/routing/ospf.rst b/docs/configuration/protocols/ospfv3.rst
index 19787b11..f0e28983 100644
--- a/docs/routing/ospf.rst
+++ b/docs/configuration/protocols/ospfv3.rst
@@ -1,73 +1,3 @@
-.. include:: /_include/need_improvement.txt
-
-.. _routing-ospf:
-
-####
-OSPF
-####
-
-:abbr:`OSPF (Open Shortest Path First)` is a routing protocol for Internet
-Protocol (IP) networks. It uses a link state routing (LSR) algorithm and falls
-into the group of interior gateway protocols (IGPs), operating within a single
-autonomous system (AS). It is defined as OSPF Version 2 in :rfc:`2328` (1998)
-for IPv4. Updates for IPv6 are specified as OSPF Version 3 in :rfc:`5340`
-(2008). OSPF supports the :abbr:`CIDR (Classless Inter-Domain Routing)`
-addressing model.
-
-OSPF is a widely used IGP in large enterprise networks.
-
-OSPFv2 (IPv4)
-#############
-
-In order to have a VyOS system exchanging routes with OSPF neighbors, you will
-at least need to configure an OSPF area and some network.
-
-.. code-block:: none
-
-  set protocols ospf area 0 network 192.168.0.0/24
-
-That is the minimum configuration you will need.
-It is a good practice to define the router ID too.
-
-.. code-block:: none
-
-  set protocols ospf parameters router-id 10.1.1.1
-
-
-Below you can see a typical configuration using 2 nodes, redistribute loopback
-address and the node 1 sending the default route:
-
-**Node 1**
-
-.. code-block:: none
-
-  set interfaces loopback lo address 10.1.1.1/32
-  set protocols ospf area 0 network 192.168.0.0/24
-  set protocols ospf default-information originate always
-  set protocols ospf default-information originate metric 10
-  set protocols ospf default-information originate metric-type 2
-  set protocols ospf log-adjacency-changes
-  set protocols ospf parameters router-id 10.1.1.1
-  set protocols ospf redistribute connected metric-type 2
-  set protocols ospf redistribute connected route-map CONNECT
-
-  set policy route-map CONNECT rule 10 action permit
-  set policy route-map CONNECT rule 10 match interface lo
-
-**Node 2**
-
-.. code-block:: none
-
-  set interfaces loopback lo address 10.2.2.2/32
-  set protocols ospf area 0 network 192.168.0.0/24
-  set protocols ospf log-adjacency-changes
-  set protocols ospf parameters router-id 10.2.2.2
-  set protocols ospf redistribute connected metric-type 2
-  set protocols ospf redistribute connected route-map CONNECT
-
-  set policy route-map CONNECT rule 10 action permit
-  set policy route-map CONNECT rule 10 match interface lo
-
 OSPFv3 (IPv6)
 #############
 
diff --git a/docs/configuration/protocols/pim.rst b/docs/configuration/protocols/pim.rst
new file mode 100644
index 00000000..1dd373d8
--- /dev/null
+++ b/docs/configuration/protocols/pim.rst
@@ -0,0 +1,2 @@
+PIM
+###
+\ No newline at end of file
diff --git a/docs/routing/rip.rst b/docs/configuration/protocols/rip.rst
index 0d73ad34..0d73ad34 100644
--- a/docs/routing/rip.rst
+++ b/docs/configuration/protocols/rip.rst
diff --git a/docs/configuration/protocols/ripng.rst b/docs/configuration/protocols/ripng.rst
new file mode 100644
index 00000000..dec6bddf
--- /dev/null
+++ b/docs/configuration/protocols/ripng.rst
@@ -0,0 +1,3 @@
+#####
+RIPng
+#####
+\ No newline at end of file
diff --git a/docs/routing/rpki.rst b/docs/configuration/protocols/rpki.rst
index 9813b1b6..9813b1b6 100644
--- a/docs/routing/rpki.rst
+++ b/docs/configuration/protocols/rpki.rst
diff --git a/docs/routing/static.rst b/docs/configuration/protocols/static.rst
index 523627fa..fbde8228 100644
--- a/docs/routing/static.rst
+++ b/docs/configuration/protocols/static.rst
@@ -132,3 +132,64 @@ TBD
 
 Alternate routing tables are used with policy based routing of by utilizing
 :ref:`vrf`.
+
+
+.. _routing-arp:
+
+###
+ARP
+###
+
+:abbr:`ARP (Address Resolution Protocol)` is a communication protocol used for
+discovering the link layer address, such as a MAC address, associated with a
+given internet layer address, typically an IPv4 address. This mapping is a
+critical function in the Internet protocol suite. ARP was defined in 1982 by
+:rfc:`826` which is Internet Standard STD 37.
+
+In Internet Protocol Version 6 (IPv6) networks, the functionality of ARP is
+provided by the Neighbor Discovery Protocol (NDP).
+
+To manipulate or display ARP_ table entries, the following commands are
+implemented.
+
+Configure
+=========
+
+.. cfgcmd:: set protocols static arp <address> hwaddr <mac>
+
+   This will configure a static ARP entry always resolving `<address>` to
+   `<mac>`.
+
+   Example:
+
+   .. code-block:: none
+
+     set protocols static arp 192.0.2.100 hwaddr 00:53:27:de:23:aa
+
+Operation
+=========
+
+.. opcmd:: show protocols static arp
+
+   Display all known ARP table entries spanning across all interfaces
+
+.. code-block:: none
+
+  vyos@vyos:~$ show protocols static arp
+  Address                  HWtype  HWaddress           Flags Mask     Iface
+  10.1.1.1                 ether   00:53:00:de:23:2e   C              eth1
+  10.1.1.100               ether   00:53:00:de:23:aa   CM             eth1
+
+
+.. opcmd:: show protocols static arp interface eth1
+
+   Display all known ARP table entries on a given interface only (`eth1`):
+
+.. code-block:: none
+
+  vyos@vyos:~$ show protocols static arp interface eth1
+  Address                  HWtype  HWaddress           Flags Mask     Iface
+  10.1.1.1                 ether   00:53:00:de:23:2e   C              eth1
+  10.1.1.100               ether   00:53:00:de:23:aa   CM             eth1
+
+.. _ARP: https://en.wikipedia.org/wiki/Address_Resolution_Protocol
diff --git a/docs/configuration/protocols/vrf.rst b/docs/configuration/protocols/vrf.rst
new file mode 100644
index 00000000..e7609a77
--- /dev/null
+++ b/docs/configuration/protocols/vrf.rst
@@ -0,0 +1,3 @@
+#############
+Protocols VRF
+#############
diff --git a/docs/services/udp-broadcast-relay.rst b/docs/configuration/service/broadcast-relay.rst
index df48bfd6..df48bfd6 100644
--- a/docs/services/udp-broadcast-relay.rst
+++ b/docs/configuration/service/broadcast-relay.rst
diff --git a/docs/services/conntrack.rst b/docs/configuration/service/conntrack-sync.rst
index 55cd088e..55cd088e 100644
--- a/docs/services/conntrack.rst
+++ b/docs/configuration/service/conntrack-sync.rst
diff --git a/docs/services/console-server.rst b/docs/configuration/service/console-server.rst
index cf222544..cf222544 100644
--- a/docs/services/console-server.rst
+++ b/docs/configuration/service/console-server.rst
diff --git a/docs/configuration/service/dhcp-relay.rst b/docs/configuration/service/dhcp-relay.rst
new file mode 100644
index 00000000..445519b3
--- /dev/null
+++ b/docs/configuration/service/dhcp-relay.rst
@@ -0,0 +1,2 @@
+dhcp-relay
+##########
+\ No newline at end of file
diff --git a/docs/services/dhcp.rst b/docs/configuration/service/dhcp-server.rst
index 56316793..56316793 100644
--- a/docs/services/dhcp.rst
+++ b/docs/configuration/service/dhcp-server.rst
diff --git a/docs/configuration/service/dhcpv6-relay.rst b/docs/configuration/service/dhcpv6-relay.rst
new file mode 100644
index 00000000..2d105fdf
--- /dev/null
+++ b/docs/configuration/service/dhcpv6-relay.rst
@@ -0,0 +1,2 @@
+dhcpv6-relay
+############
+\ No newline at end of file
diff --git a/docs/configuration/service/dhcpv6-server.rst b/docs/configuration/service/dhcpv6-server.rst
new file mode 100644
index 00000000..64e523a0
--- /dev/null
+++ b/docs/configuration/service/dhcpv6-server.rst
@@ -0,0 +1,2 @@
+dhcpv6-server
+#############
+\ No newline at end of file
diff --git a/docs/services/dns-forwarding.rst b/docs/configuration/service/dns.rst
index 5c154fdf..f332c55c 100644
--- a/docs/services/dns-forwarding.rst
+++ b/docs/configuration/service/dns.rst
@@ -145,3 +145,169 @@ Operation
 .. opcmd:: restart dns forwarding
 
    Restarts the DNS recursor process. This also invalidates the local DNS forwarding cache.
+
+
+.. _dynamic-dns:
+
+###########
+Dynamic DNS
+###########
+
+VyOS is able to update a remote DNS record when an interface gets a new IP
+address. In order to do so, VyOS includes ddclient_, a Perl script written for
+this only one purpose.
+
+ddclient_ uses two methods to update a DNS record. The first one will send
+updates directly to the DNS daemon, in compliance with :rfc:`2136`. The second
+one involves a third party service, like DynDNS.com or any other similar
+website. This method uses HTTP requests to transmit the new IP address. You
+can configure both in VyOS.
+
+Configuration
+=============
+
+:rfc:`2136` Based
+-----------------
+
+.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name>
+
+   Create new :rfc:`2136` DNS update configuration which will update the IP
+   address assigned to `<interface>` on the service you configured under
+   `<service-name>`.
+
+.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name> key <keyfile>
+
+   File identified by `<keyfile>` containing the secret RNDC key shared with
+   remote DNS server.
+
+.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name> server <server>
+
+   Configure the DNS `<server>` IP/FQDN used when updating this dynamic
+   assignment.
+
+.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name> zone <zone>
+
+   Configure DNS `<zone>` to be updated.
+
+.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name> record <record>
+
+   Configure DNS `<record>` which should be updated. This can be set multiple
+   times.
+
+.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name> ttl <ttl>
+
+   Configure optional TTL value on the given resource record. This defualts to
+   600 seconds.
+
+Example
+^^^^^^^
+
+* Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``
+* Use auth key file at ``/config/auth/my.key``
+* Set TTL to 300 seconds
+
+.. code-block:: none
+
+  vyos@vyos# show service dns dynamic
+   interface eth0.7 {
+       rfc2136 VyOS-DNS {
+           key /config/auth/my.key
+           record example.vyos.io
+           server ns1.vyos.io
+           ttl 300
+           zone vyos.io
+       }
+   }
+
+This will render the following ddclient_ configuration entry:
+
+.. code-block:: none
+
+  #
+  # ddclient configuration for interface "eth0.7":
+  #
+  use=if, if=eth0.7
+
+  # RFC2136 dynamic DNS configuration for example.vyos.io.vyos.io
+  server=ns1.vyos.io
+  protocol=nsupdate
+  password=/config/auth/my.key
+  ttl=300
+  zone=vyos.io
+  example.vyos.io
+
+.. note:: You can also keep different DNS zone updated. Just create a new
+   config node: ``set service dns dynamic interface <interface> rfc2136
+   <other-service-name>``
+
+HTTP based services
+-------------------
+
+VyOS is also able to use any service relying on protocols supported by ddclient.
+
+To use such a service, one must define a login, password, one or multiple
+hostnames, protocol and server.
+
+.. cfgcmd:: set service dns dynamic interface <interface> service <service> host-name <hostname>
+
+   Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS
+   provider identified by `<service>` when the IP address on interface
+   `<interface>` changes.
+
+.. cfgcmd:: set service dns dynamic interface <interface> service <service> login <username>
+
+   Configure `<username>` used when authenticating the update request for
+   DynDNS service identified by `<service>`.
+   For Namecheap, set the <domain> you wish to update.
+
+.. cfgcmd:: set service dns dynamic interface <interface> service <service> password <password>
+
+   Configure `<password>` used when authenticating the update request for
+   DynDNS service identified by `<service>`.
+
+.. cfgcmd:: set service dns dynamic interface <interface> service <service> protocol <protocol>
+
+   When a ``custom`` DynDNS provider is used the protocol used for communicating
+   to the provider must be specified under `<protocol>`. See the embedded
+   completion helper for available protocols.
+
+.. cfgcmd:: set service dns dynamic interface <interface> service <service> server <server>
+
+   When a ``custom`` DynDNS provider is used the `<server>` where update
+   requests are being sent to must be specified.
+
+Example:
+^^^^^^^^
+
+Use DynDNS as your preferred provider:
+
+.. code-block:: none
+
+  set service dns dynamic interface eth0 service dyndns
+  set service dns dynamic interface eth0 service dyndns login my-login
+  set service dns dynamic interface eth0 service dyndns password my-password
+  set service dns dynamic interface eth0 service dyndns host-name my-dyndns-hostname
+
+.. note:: Multiple services can be used per interface. Just specify as many
+   serives per interface as you like!
+
+Running Behind NAT
+------------------
+
+By default, ddclient_ will update a dynamic dns record using the IP address
+directly attached to the interface. If your VyOS instance is behind NAT, your
+record will be updated to point to your internal IP.
+
+ddclient_ has another way to determine the WAN IP address. This is controlled
+by:
+
+.. cfgcmd:: set service dns dynamic interface <interface> use-web url <url>
+
+   Use configured `<url>` to determine your IP address. ddclient_ will load
+   `<url>` and tries to extract your IP address from the response.
+
+.. cfgcmd:: set service dns dynamic interface <interface> use-web skip <pattern>
+
+   ddclient_ will skip any address located before the string set in `<pattern>`.
+
+.. _ddclient: https://github.com/ddclient/ddclient
diff --git a/docs/automation/http-api.rst b/docs/configuration/service/https.rst
index 49f2dbd9..49f2dbd9 100644
--- a/docs/automation/http-api.rst
+++ b/docs/configuration/service/https.rst
diff --git a/docs/configuration/service/index.rst b/docs/configuration/service/index.rst
new file mode 100644
index 00000000..0ef2bbd3
--- /dev/null
+++ b/docs/configuration/service/index.rst
@@ -0,0 +1,29 @@
+#######
+Service
+#######
+
+
+.. toctree::
+   :maxdepth: 1
+   :includehidden:
+
+   broadcast-relay
+   conntrack-sync
+   console-server
+   dhcp-relay
+   dhcp-server
+   dhcpv6-relay
+   dhcpv6-server
+   dns
+   https
+   ipoe-server
+   lldp
+   mdns
+   pppoe-advert
+   pppoe-server
+   router-advert
+   salt-minion
+   snmp
+   ssh
+   tftp-server
+   webproxy
diff --git a/docs/services/ipoe-server.rst b/docs/configuration/service/ipoe-server.rst
index 279f0c6d..279f0c6d 100644
--- a/docs/services/ipoe-server.rst
+++ b/docs/configuration/service/ipoe-server.rst
diff --git a/docs/services/lldp.rst b/docs/configuration/service/lldp.rst
index 4b1743e6..4b1743e6 100644
--- a/docs/services/lldp.rst
+++ b/docs/configuration/service/lldp.rst
diff --git a/docs/services/mdns-repeater.rst b/docs/configuration/service/mdns.rst
index 9d6a292a..9d6a292a 100644
--- a/docs/services/mdns-repeater.rst
+++ b/docs/configuration/service/mdns.rst
diff --git a/docs/configuration/service/pppoe-advert.rst b/docs/configuration/service/pppoe-advert.rst
new file mode 100644
index 00000000..bbb82202
--- /dev/null
+++ b/docs/configuration/service/pppoe-advert.rst
@@ -0,0 +1,2 @@
+pppoe-advert
+############
+\ No newline at end of file
diff --git a/docs/services/pppoe-server.rst b/docs/configuration/service/pppoe-server.rst
index 4deb6c7e..4deb6c7e 100644
--- a/docs/services/pppoe-server.rst
+++ b/docs/configuration/service/pppoe-server.rst
diff --git a/docs/services/router-advert.rst b/docs/configuration/service/router-advert.rst
index bc92f315..bc92f315 100644
--- a/docs/services/router-advert.rst
+++ b/docs/configuration/service/router-advert.rst
diff --git a/docs/configuration/service/salt-minion.rst b/docs/configuration/service/salt-minion.rst
new file mode 100644
index 00000000..63df57a4
--- /dev/null
+++ b/docs/configuration/service/salt-minion.rst
@@ -0,0 +1,2 @@
+salt-minion
+###########
+\ No newline at end of file
diff --git a/docs/services/snmp.rst b/docs/configuration/service/snmp.rst
index 3f445ea8..3f445ea8 100644
--- a/docs/services/snmp.rst
+++ b/docs/configuration/service/snmp.rst
diff --git a/docs/services/ssh.rst b/docs/configuration/service/ssh.rst
index 6da8560f..6da8560f 100644
--- a/docs/services/ssh.rst
+++ b/docs/configuration/service/ssh.rst
diff --git a/docs/services/tftp.rst b/docs/configuration/service/tftp-server.rst
index 276ce5fb..276ce5fb 100644
--- a/docs/services/tftp.rst
+++ b/docs/configuration/service/tftp-server.rst
diff --git a/docs/services/webproxy.rst b/docs/configuration/service/webproxy.rst
index 654e73f2..654e73f2 100644
--- a/docs/services/webproxy.rst
+++ b/docs/configuration/service/webproxy.rst
diff --git a/docs/operation/index.rst b/docs/operation/index.rst
new file mode 100644
index 00000000..b40f769d
--- /dev/null
+++ b/docs/operation/index.rst
@@ -0,0 +1,10 @@
+##############
+Operation Mode
+##############
+
+.. toctree::
+   :maxdepth: 1
+   :includehidden:
+
+   information
+   ip-command
+\ No newline at end of file
diff --git a/docs/routing/ip-commands.rst b/docs/operation/ip-commands.rst
index eba4fd90..eba4fd90 100644
--- a/docs/routing/ip-commands.rst
+++ b/docs/operation/ip-commands.rst
diff --git a/docs/routing/arp.rst b/docs/routing/arp.rst
deleted file mode 100644
index 5f3115ab..00000000
--- a/docs/routing/arp.rst
+++ /dev/null
@@ -1,59 +0,0 @@
-.. _routing-arp:
-
-###
-ARP
-###
-
-:abbr:`ARP (Address Resolution Protocol)` is a communication protocol used for
-discovering the link layer address, such as a MAC address, associated with a
-given internet layer address, typically an IPv4 address. This mapping is a
-critical function in the Internet protocol suite. ARP was defined in 1982 by
-:rfc:`826` which is Internet Standard STD 37.
-
-In Internet Protocol Version 6 (IPv6) networks, the functionality of ARP is
-provided by the Neighbor Discovery Protocol (NDP).
-
-To manipulate or display ARP_ table entries, the following commands are
-implemented.
-
-Configure
-=========
-
-.. cfgcmd:: set protocols static arp <address> hwaddr <mac>
-
-   This will configure a static ARP entry always resolving `<address>` to
-   `<mac>`.
-
-   Example:
-
-   .. code-block:: none
-
-     set protocols static arp 192.0.2.100 hwaddr 00:53:27:de:23:aa
-
-Operation
-=========
-
-.. opcmd:: show protocols static arp
-
-   Display all known ARP table entries spanning across all interfaces
-
-.. code-block:: none
-
-  vyos@vyos:~$ show protocols static arp
-  Address                  HWtype  HWaddress           Flags Mask     Iface
-  10.1.1.1                 ether   00:53:00:de:23:2e   C              eth1
-  10.1.1.100               ether   00:53:00:de:23:aa   CM             eth1
-
-
-.. opcmd:: show protocols static arp interface eth1
-
-   Display all known ARP table entries on a given interface only (`eth1`):
-
-.. code-block:: none
-
-  vyos@vyos:~$ show protocols static arp interface eth1
-  Address                  HWtype  HWaddress           Flags Mask     Iface
-  10.1.1.1                 ether   00:53:00:de:23:2e   C              eth1
-  10.1.1.100               ether   00:53:00:de:23:aa   CM             eth1
-
-.. _ARP: https://en.wikipedia.org/wiki/Address_Resolution_Protocol
diff --git a/docs/routing/index.rst b/docs/routing/index.rst
deleted file mode 100644
index 63d7c7d8..00000000
--- a/docs/routing/index.rst
+++ /dev/null
@@ -1,22 +0,0 @@
-.. _routing:
-
-#######
-Routing
-#######
-
-.. toctree::
-   :maxdepth: 1
-
-   arp
-   bfd
-   bgp
-   mpls
-   mss-clamp
-   multicast
-   ip-commands
-   ospf
-   pbr
-   rip
-   policy
-   rpki
-   static
diff --git a/docs/routing/mss-clamp.rst b/docs/routing/mss-clamp.rst
deleted file mode 100644
index 3fdd1153..00000000
--- a/docs/routing/mss-clamp.rst
+++ /dev/null
@@ -1,63 +0,0 @@
-.. _routing-mss-clamp:
-
-################
-TCP-MSS Clamping
-################
-
-As Internet wide PMTU discovery rarely works, we sometimes need to clamp
-our TCP MSS value to a specific value. This is a field in the TCP
-Options part of a SYN packet. By setting the MSS value, you are telling
-the remote side unequivocally 'do not try to send me packets bigger than
-this value'.
-
-Starting with VyOS 1.2 there is a firewall option to clamp your TCP MSS
-value for IPv4 and IPv6.
-
-
-.. note:: MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting
-   in 1452 bytes on a 1492 byte MTU.
-
-
-IPv4
-====
-
-.. cfgcmd:: set firewall options interface <interface> adjust-mss <number-of-bytes>
-
-   Use this command to set the maximum segment size for IPv4 transit
-   packets on a specific interface (500-1460 bytes).
-
-Example
--------
-
-Clamp outgoing MSS value in a TCP SYN packet to `1452` for `pppoe0` and
-`1372`
-for your WireGuard `wg02` tunnel.
-
-.. code-block:: none
-
-  set firewall options interface pppoe0 adjust-mss '1452'
-  set firewall options interface wg02 adjust-mss '1372'
-
-IPv6
-====
-
-.. cfgcmd:: set firewall options interface <interface> adjust-mss6 <number-of-bytes>
-
-   Use this command to set the maximum segment size for IPv6 transit
-   packets on a specific interface (1280-1492 bytes).
-
-Example
--------
-
-Clamp outgoing MSS value in a TCP SYN packet to `1280` for both `pppoe0` and
-`wg02` interface.
-
-.. code-block:: none
-
-  set firewall options interface pppoe0 adjust-mss6 '1280'
-  set firewall options interface wg02 adjust-mss6 '1280'
-
-
-
-.. hint:: When doing your byte calculations, you might find useful this
-   `Visual packet size calculator <https://baturin.org/tools/encapcalc/>`_.
diff --git a/docs/services/dynamic-dns.rst b/docs/services/dynamic-dns.rst
deleted file mode 100644
index 3d802d29..00000000
--- a/docs/services/dynamic-dns.rst
+++ /dev/null
@@ -1,164 +0,0 @@
-.. _dynamic-dns:
-
-###########
-Dynamic DNS
-###########
-
-VyOS is able to update a remote DNS record when an interface gets a new IP
-address. In order to do so, VyOS includes ddclient_, a Perl script written for
-this only one purpose.
-
-ddclient_ uses two methods to update a DNS record. The first one will send
-updates directly to the DNS daemon, in compliance with :rfc:`2136`. The second
-one involves a third party service, like DynDNS.com or any other similar
-website. This method uses HTTP requests to transmit the new IP address. You
-can configure both in VyOS.
-
-Configuration
-=============
-
-:rfc:`2136` Based
------------------
-
-.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name>
-
-   Create new :rfc:`2136` DNS update configuration which will update the IP
-   address assigned to `<interface>` on the service you configured under
-   `<service-name>`.
-
-.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name> key <keyfile>
-
-   File identified by `<keyfile>` containing the secret RNDC key shared with
-   remote DNS server.
-
-.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name> server <server>
-
-   Configure the DNS `<server>` IP/FQDN used when updating this dynamic
-   assignment.
-
-.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name> zone <zone>
-
-   Configure DNS `<zone>` to be updated.
-
-.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name> record <record>
-
-   Configure DNS `<record>` which should be updated. This can be set multiple
-   times.
-
-.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name> ttl <ttl>
-
-   Configure optional TTL value on the given resource record. This defualts to
-   600 seconds.
-
-Example
-^^^^^^^
-
-* Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``
-* Use auth key file at ``/config/auth/my.key``
-* Set TTL to 300 seconds
-
-.. code-block:: none
-
-  vyos@vyos# show service dns dynamic
-   interface eth0.7 {
-       rfc2136 VyOS-DNS {
-           key /config/auth/my.key
-           record example.vyos.io
-           server ns1.vyos.io
-           ttl 300
-           zone vyos.io
-       }
-   }
-
-This will render the following ddclient_ configuration entry:
-
-.. code-block:: none
-
-  #
-  # ddclient configuration for interface "eth0.7":
-  #
-  use=if, if=eth0.7
-
-  # RFC2136 dynamic DNS configuration for example.vyos.io.vyos.io
-  server=ns1.vyos.io
-  protocol=nsupdate
-  password=/config/auth/my.key
-  ttl=300
-  zone=vyos.io
-  example.vyos.io
-
-.. note:: You can also keep different DNS zone updated. Just create a new
-   config node: ``set service dns dynamic interface <interface> rfc2136
-   <other-service-name>``
-
-HTTP based services
--------------------
-
-VyOS is also able to use any service relying on protocols supported by ddclient.
-
-To use such a service, one must define a login, password, one or multiple
-hostnames, protocol and server.
-
-.. cfgcmd:: set service dns dynamic interface <interface> service <service> host-name <hostname>
-
-   Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS
-   provider identified by `<service>` when the IP address on interface
-   `<interface>` changes.
-
-.. cfgcmd:: set service dns dynamic interface <interface> service <service> login <username>
-
-   Configure `<username>` used when authenticating the update request for
-   DynDNS service identified by `<service>`.
-   For Namecheap, set the <domain> you wish to update.
-
-.. cfgcmd:: set service dns dynamic interface <interface> service <service> password <password>
-
-   Configure `<password>` used when authenticating the update request for
-   DynDNS service identified by `<service>`.
-
-.. cfgcmd:: set service dns dynamic interface <interface> service <service> protocol <protocol>
-
-   When a ``custom`` DynDNS provider is used the protocol used for communicating
-   to the provider must be specified under `<protocol>`. See the embedded
-   completion helper for available protocols.
-
-.. cfgcmd:: set service dns dynamic interface <interface> service <service> server <server>
-
-   When a ``custom`` DynDNS provider is used the `<server>` where update
-   requests are being sent to must be specified.
-
-Example:
-^^^^^^^^
-
-Use DynDNS as your preferred provider:
-
-.. code-block:: none
-
-  set service dns dynamic interface eth0 service dyndns
-  set service dns dynamic interface eth0 service dyndns login my-login
-  set service dns dynamic interface eth0 service dyndns password my-password
-  set service dns dynamic interface eth0 service dyndns host-name my-dyndns-hostname
-
-.. note:: Multiple services can be used per interface. Just specify as many
-   serives per interface as you like!
-
-Running Behind NAT
-------------------
-
-By default, ddclient_ will update a dynamic dns record using the IP address
-directly attached to the interface. If your VyOS instance is behind NAT, your
-record will be updated to point to your internal IP.
-
-ddclient_ has another way to determine the WAN IP address. This is controlled
-by:
-
-.. cfgcmd:: set service dns dynamic interface <interface> use-web url <url>
-
-   Use configured `<url>` to determine your IP address. ddclient_ will load
-   `<url>` and tries to extract your IP address from the response.
-
-.. cfgcmd:: set service dns dynamic interface <interface> use-web skip <pattern>
-
-   ddclient_ will skip any address located before the string set in `<pattern>`.
-
-.. _ddclient: https://github.com/ddclient/ddclient
diff --git a/docs/services/index.rst b/docs/services/index.rst
deleted file mode 100644
index 76520b52..00000000
--- a/docs/services/index.rst
+++ /dev/null
@@ -1,26 +0,0 @@
-.. _services:
-
-########
-Services
-########
-
-This chapter describes the available system/network services provided by VyOS.
-
-.. toctree::
-   :maxdepth: 1
-
-   conntrack
-   console-server
-   dhcp
-   dns-forwarding
-   dynamic-dns
-   lldp
-   mdns-repeater
-   ipoe-server
-   pppoe-server
-   udp-broadcast-relay
-   router-advert
-   snmp
-   ssh
-   tftp
-   webproxy
author	rebortg <github@ghlr.de>	2020-11-30 20:53:36 +0100
committer	rebortg <github@ghlr.de>	2020-11-30 20:53:36 +0100
commit	8943fc9f877cbee3301a8261ddd27b4b1f15f174 (patch)
tree	bb09c5f41a7683dc361517c2bde346eea36cda24
parent	e33e1268f944be445b5a771df0e97e913487512f (diff)
download	vyos-documentation-8943fc9f877cbee3301a8261ddd27b4b1f15f174.tar.gz vyos-documentation-8943fc9f877cbee3301a8261ddd27b4b1f15f174.zip