Add Service chapter w/ DHCP

author: Christian Poessinger <christian@poessinger.com> 2018-10-03 13:32:43 +0200
committer: Christian Poessinger <christian@poessinger.com> 2018-10-03 13:32:43 +0200
commit: e6f6858b2329114f8ba33cb6225a580f8c60377d (patch)
tree: ff51e32079a1b2ef71373f962ef00f152089472b /docs
parent: 09c596b09faf4c85131cc2b44b20c21e05d3396b (diff)
download: vyos-documentation-e6f6858b2329114f8ba33cb6225a580f8c60377d.tar.gz
vyos-documentation-e6f6858b2329114f8ba33cb6225a580f8c60377d.zip
2 files changed, 417 insertions, 0 deletions
diff --git a/docs/ch11-services.rst b/docs/ch11-services.rst
new file mode 100644
index 00000000..35acb71d
--- /dev/null
+++ b/docs/ch11-services.rst
@@ -0,0 +1,415 @@
+Services
+========
+
+DHCP
+----
+
+Multiple DHCP Servers can be run from a single machine. Each DHCP service is
+identified by a `shared-network-name`.
+
+DHCP Server Example
+^^^^^^^^^^^^^^^^^^^
+
+In this example, we are offering address space in the 172.16.17.0/24 network,
+which is on eth1, and pppoe0 is our connection to the internet. We are using
+the network name `dhcpexample`.
+
+Prerequisites
+^^^^^^^^^^^^^
+
+Configuring the PPPoE interface is assumed to be done already, and appears
+on `pppoe0`
+
+Interface Configuration
+^^^^^^^^^^^^^^^^^^^^^^^
+
+.. code-block:: sh
+
+ set interface eth1 address 172.16.17.1/24
+
+Multiple ranges can be defined and can contain holes.
+
+.. code-block:: sh
+
+  set service dhcp-server shared-network-name dhcpexample authoritative
+  set service dhcp-server shared-network-name dhcpexample subnet 172.16.17.0/24 default-router 172.16.17.1
+  set service dhcp-server shared-network-name dhcpexample subnet 172.16.17.0/24 dns-server 172.16.17.1
+  set service dhcp-server shared-network-name dhcpexample subnet 172.16.17.0/24 lease 86400
+  set service dhcp-server shared-network-name dhcpexample subnet 172.16.17.0/24 range 0 start 172.16.17.100
+  set service dhcp-server shared-network-name dhcpexample subnet 172.16.17.0/24 range 0 stop 172.16.17.199
+
+Failover
+^^^^^^^^
+
+VyOS provides support for DHCP failover:
+
+.. code-block:: sh
+
+  set service dhcp-server shared-network-name 'LAN' subnet '192.168.0.0/24' failover local-address '192.168.0.1'
+  set service dhcp-server shared-network-name 'LAN' subnet '192.168.0.0/24' failover name 'foo'
+  set service dhcp-server shared-network-name 'LAN' subnet '192.168.0.0/24' failover peer-address '192.168.0.2'
+
+**NOTE:** `name` must be identical on both sides!
+
+The primary and secondary statements determines whether the server is primary or secondary
+
+.. code-block:: sh
+
+  set service dhcp-server shared-network-name 'LAN' subnet '192.168.0.0/24' failover status 'primary'
+
+or
+
+.. code-block:: sh
+
+  set service dhcp-server shared-network-name 'LAN' subnet '192.168.0.0/24' failover status 'secondary'
+
+**NOTE:** In order for the primary and the secondary DHCP server to keep their
+lease tables in sync, they must be able to reach each other on TCP port 647.
+If you have firewall rules in effect, adjust them accordingly.
+
+Static mappings MAC/IP
+^^^^^^^^^^^^^^^^^^^^^^
+
+.. code-block:: sh
+
+  set service dhcp‐server shared‐network‐name dhcpexample subnet 172.16.17.0/24 static‐mapping static-mapping-01 ip‐address 172.16.17.10
+  set service dhcp‐server shared‐network‐name dhcpexample subnet 172.16.17.0/24 static‐mapping static-mapping-01 mac‐address ff:ff:ff:ff:ff:ff
+
+Explanation
+^^^^^^^^^^^
+
+:code:`set service dhcp-server shared-network-name dhcpexample authoritative`
+This says that this device is the only DHCP server for this network. If other
+devices are trying to offer DHCP leases, this machine will send 'DHCPNAK' to
+any device trying to request an IP address that is not valid for this network.
+
+:code:`set service dhcp-server shared-network-name dhcpexample subnet
+172.16.17.0/24 default-router 172.16.17.1` This is a configuration parameter
+for the subnet, saying that as part of the response, tell the client that I am
+the default router for this network
+
+:code:`set service dhcp-server shared-network-name dhcpexample subnet
+172.16.17.0/24 dns-server 172.16.17.1` This is a configuration parameter for
+the subnet, saying that as part of the response, tell the client that I am the
+DNS server for this network. If you do not want to run a DNS server, you could
+also provide one of the public DNS servers, such as google's. You can add
+multiple entries by repeating the line.
+
+:code:`set service dhcp-server shared-network-name dhcpexample subnet
+172.16.17.0/24 lease 86400` Assign the IP address to this machine for 24
+hours. It is unlikely you'd need to shorten this period, unless you are running
+a network with lots of devices appearing and disappearing.
+
+:code:`set service dhcp-server shared-network-name dhcpexample subnet
+172.16.17.0/24 start 172.16.17.100 stop 172.16.17.199` Make the IP Addresses
+between .100 and .199 available for clients.
+
+DHCPv6 server
+-------------
+
+VyOS provides DHCPv6 server functionality which is described in this section.
+In order to use the DHCPv6 server it has to be enabled first:
+
+.. code-block:: sh
+
+  set service dhcpv6-server
+
+To restart the DHCPv6 server (operational mode):
+
+.. code-block:: sh
+
+  restart dhcpv6 server
+
+To show the current status of the DHCPv6 server use:
+
+.. code-block:: sh
+
+  show dhcpv6 server status
+
+Show statuses of all assigned leases:
+
+.. code-block:: sh
+
+  show dhcpv6 server leases
+
+DHCPv6 server options
+^^^^^^^^^^^^^^^^^^^^^
+
+DHCPv6 server preference value
+******************************
+
+Clients receiving advertise messages from multiple servers choose the server
+with the highest preference value. The range for this value is `0...255`. Set
+a preference value for the DHCPv6 server:
+
+.. code-block:: sh
+
+  set service dhcpv6-server preference <preference value>
+
+Delete a preference:
+
+.. code-block:: sh
+
+  set service dhcpv6-server preference
+
+Show current preference:
+
+.. code-block:: sh
+
+  show service dhcpv6-server preference
+
+Specify address lease time
+**************************
+
+The default lease time for DHCPv6 leases is 24 hours. This can be changed by
+supplying a `default-time`, `maximum-time` and `minimum-time` (all values in
+seconds):
+
+.. code-block:: sh
+
+  set service dhcpv6-server shared-network-name <name> subnet <ipv6net> lease-time {default <default-time> | maximum <maximum-time> | minimum <minimum-time>}
+
+Reset the custom lease times:
+
+.. code-block:: sh
+
+  delete service dhcpv6-server shared-network-name <name> subnet <ipv6net> lease-time {default | maximum | minimum}
+
+Show the current configuration:
+
+.. code-block:: sh
+
+  show service dhcpv6-server shared-network-name <name> subnet <ipv6net> lease-time {default | maximum | minimum}
+
+Specify NIS domain
+******************
+
+A Network Information (NIS) domain can be set to be used for DHCPv6 clients:
+
+.. code-block:: sh
+
+  set service dhcpv6-server shared-network-name <name> subnet <ipv6net> nis-domain <nis-domain-name>
+
+To Delete the NIS domain:
+
+.. code-block:: sh
+
+  delete service dhcpv6-server shared-network-name <name> subnet <ipv6net> nis-domain <nis-domain-name>
+
+Show a configured NIS domain:
+
+.. code-block:: sh
+
+  show service dhcpv6-server shared-network-name <name> subnet <ipv6net> nis-domain <nis-domain-name>
+
+Specify NIS+ domain
+*******************
+
+The procedure to specify a Network Information Service Plus (NIS+) domain is
+similar to the NIS domain one:
+
+.. code-block:: sh
+
+  set service dhcpv6-server shared-network-name <name> subnet <ipv6net> nisplus-domain <nisplus-domain-name>
+
+To Delete the NIS+ domain:
+
+.. code-block:: sh
+
+  delete service dhcpv6-server shared-network-name <name> subnet <ipv6net> nisplus-domain <nisplus-domain-name>
+
+Show a configured NIS domain:
+
+ # show service dhcpv6-server shared-network-name <name> subnet <ipv6net> nisplus-domain <nisplus-domain-name>
+
+Specify NIS server address
+**************************
+
+To specify a NIS server address for DHCPv6 clients:
+
+.. code-block:: sh
+
+  set service dhcpv6-server shared-network-name <name> subnet <ipv6net> nis-server <IPv6 address>
+
+Delete a specified NIS server address:
+
+.. code-block:: sh
+
+  delete service dhcpv6-server shared-network-name <name> subnet <ipv6net> nis-server <IPv6 address>
+
+Show specified NIS server addresses:
+
+.. code-block:: sh
+
+  show service dhcpv6-server shared-network-name <name> subnet <ipv6net> nis-server
+
+Specify NIS+ server address
+***************************
+
+To specify a NIS+ server address for DHCPv6 clients:
+
+.. code-block:: sh
+
+  set service dhcpv6-server shared-network-name <name> subnet <ipv6net> nisplus-server <IPv6 address>
+
+Delete a specified NIS+ server address:
+
+.. code-block:: sh
+
+  delete service dhcpv6-server shared-network-name <name> subnet <ipv6net> nisplus-server <IPv6 address>
+
+Show specified NIS+ server addresses:
+
+.. code-block:: sh
+
+  show service dhcpv6-server shared-network-name <name> subnet <ipv6net> nisplus-server
+
+Specify a SIP server address for DHCPv6 clients
+***********************************************
+
+By IPv6 address
+###############
+
+
+A Session Initiation Protocol (SIP) server address can be specified for DHCPv6 clients:
+
+.. code-block:: sh
+
+  set service dhcpv6-server shared-network-name <name> subnet <ipv6net> sip-server-address <IPv6 address>
+
+Delete a specified SIP server address:
+
+.. code-block:: sh
+
+  delete service dhcpv6-server shared-network-name <name> subnet <ipv6net> sip-server-address <IPv6 address>
+
+Show specified SIP server addresses:
+
+.. code-block:: sh
+
+  show service dhcpv6-server shared-network-name <name> subnet <ipv6net> sip-server-address
+
+By FQDN
+#######
+
+A name for SIP server can be specified:
+
+.. code-block:: sh
+
+  set service dhcpv6-server shared-network-name <name> subnet <ipv6net> sip-server-name <sip-server-name>
+
+Delete a specified SIP server name:
+
+.. code-block:: sh
+
+  delete service dhcpv6-server shared-network-name <name> subnet <ipv6net> sip-server-name <sip-server-name>
+
+Show specified SIP server names:
+
+.. code-block:: sh
+
+  show service dhcpv6-server shared-network-name <name> subnet <ipv6net> sip-server-name
+
+Simple Network Time Protocol (SNTP) server address for DHCPv6 clients
+*********************************************************************
+
+A SNTP server address can be specified for DHCPv6 clients:
+
+.. code-block:: sh
+
+  set service dhcpv6-server shared-network-name <name> subnet <ipv6net> sntp-server-address <IPv6 address>
+
+Delete a specified SNTP server address:
+
+.. code-block:: sh
+
+  delete service dhcpv6-server shared-network-name <name> subnet <ipv6net> sntp-server-address <IPv6 address>
+
+Show specified SNTP server addresses:
+
+.. code-block:: sh
+
+  show service dhcpv6-server shared-network-name <name> subnet <ipv6net> sntp-server-address
+
+DHCPv6 address pools
+^^^^^^^^^^^^^^^^^^^^
+
+DHCPv6 address pools must be configured for the system to act as a DHCPv6
+server. The following example describes a common scenario.
+
+Example 1: DHCPv6 address pool
+******************************
+
+A shared network named `NET1` serves subnet `2001:db8:100::/64` which is
+connected to `eth1`, a DNS server at `2001:db8:111::111` is used for name
+services. The range of the address pool shall be `::100` through `::199`. The
+lease time will be left at the default value which is 24 hours.
+
+.. code-block:: sh
+
+  set service dhcpv6-server shared-network-name NET1 subnet 2001:db8:100::/64 address-range start 2001:db8:100::100 stop 2001:db8:100::199
+  set service dhcpv6-server shared-network-name NET1 subnet 2001:db8:100::/64 name-server 2001:db8:111::111
+
+Commit the changes and show the configuration:
+
+.. code-block:: sh
+
+  commit
+  show service dhcpv6-server
+      shared-network-name NET1 {
+          subnet 2001:db8:100::/64 {
+             address-range {
+                start 2001:db8:100::100 {
+                   stop 2001:db8:100::199
+                }
+             }
+             name-server 2001:db8:111::111
+          }
+      }
+
+Static mappings
+^^^^^^^^^^^^^^^
+
+In order to map specific IPv6 addresses to specific hosts static mappings can
+be created. The following example explains the process.
+
+Example 1: Static IPv6 MAC-based mapping
+****************************************
+
+IPv6 address `2001:db8:100::101` shall be statically mapped to a device with
+MAC address `00:15:c5:b7:5e:23`, this host-specific mapping shall be named
+`client1`. **NOTE:** The MAC address identifier is defined by the last 4 byte
+of the MAC address.
+
+.. code-block:: sh
+
+  set service dhcpv6-server shared-network-name NET1 subnet 2001:db8:100::/64 static-mapping client1 ipv6-address 2001:db8:100::101
+  set service dhcpv6-server shared-network-name NET1 subnet 2001:db8:100::/64 static-mapping client1 identifier c5b75e23
+
+Commit the changes and show the configuration:
+
+.. code-block:: sh
+
+  show service dhcp-server shared-network-name NET1
+     shared-network-name NET1 {
+         subnet 2001:db8:100::/64 {
+            name-server 2001:db8:111::111
+            address-range {
+                start 2001:db8:100::100 {
+                   stop 2001:db8:100::199 {
+                }
+            }
+            static-mapping client1 {
+               ipv6-address 2001:db8:100::101
+               identifier c5b75e23
+            }
+         }
+      }
+
+
+DHCP Relay
+----------
+
+
+DNS Forwarding
+--------------
diff --git a/docs/index.rst b/docs/index.rst
index 180a3a7b..f658192d 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -39,6 +39,8 @@ as a router and firewall platform for cloud deployments.
 
 .. include:: ch10-qos.rst
 
+.. include:: ch11-services.rst
+
 Indices and tables
 ==================
author	Christian Poessinger <christian@poessinger.com>	2018-10-03 13:32:43 +0200
committer	Christian Poessinger <christian@poessinger.com>	2018-10-03 13:32:43 +0200
commit	e6f6858b2329114f8ba33cb6225a580f8c60377d (patch)
tree	ff51e32079a1b2ef71373f962ef00f152089472b /docs
parent	09c596b09faf4c85131cc2b44b20c21e05d3396b (diff)
download	vyos-documentation-e6f6858b2329114f8ba33cb6225a580f8c60377d.tar.gz vyos-documentation-e6f6858b2329114f8ba33cb6225a580f8c60377d.zip