diff options
| -rw-r--r-- | docs/_static/images/480px-Acrosser_ANDJ190N1_Back.jpg | bin | 0 -> 11340 bytes | |||
| -rw-r--r-- | docs/_static/images/480px-Acrosser_ANDJ190N1_Front.jpg | bin | 0 -> 11138 bytes | |||
| -rw-r--r-- | docs/_static/images/600px-Partaker-i5.jpg | bin | 0 -> 31015 bytes | |||
| -rw-r--r-- | docs/appendix/vyos-on-baremetal.rst | 83 | ||||
| -rw-r--r-- | docs/configuration-overview.rst | 53 | ||||
| -rw-r--r-- | docs/routing/index.rst | 2 | ||||
| -rw-r--r-- | docs/routing/routing-policy.rst | 59 |
7 files changed, 196 insertions, 1 deletions
diff --git a/docs/_static/images/480px-Acrosser_ANDJ190N1_Back.jpg b/docs/_static/images/480px-Acrosser_ANDJ190N1_Back.jpg Binary files differnew file mode 100644 index 00000000..6441c54a --- /dev/null +++ b/docs/_static/images/480px-Acrosser_ANDJ190N1_Back.jpg diff --git a/docs/_static/images/480px-Acrosser_ANDJ190N1_Front.jpg b/docs/_static/images/480px-Acrosser_ANDJ190N1_Front.jpg Binary files differnew file mode 100644 index 00000000..5f216aa1 --- /dev/null +++ b/docs/_static/images/480px-Acrosser_ANDJ190N1_Front.jpg diff --git a/docs/_static/images/600px-Partaker-i5.jpg b/docs/_static/images/600px-Partaker-i5.jpg Binary files differnew file mode 100644 index 00000000..68196d41 --- /dev/null +++ b/docs/_static/images/600px-Partaker-i5.jpg diff --git a/docs/appendix/vyos-on-baremetal.rst b/docs/appendix/vyos-on-baremetal.rst index 16f186db..cd8779a2 100644 --- a/docs/appendix/vyos-on-baremetal.rst +++ b/docs/appendix/vyos-on-baremetal.rst @@ -212,3 +212,86 @@ Pictures .. _Rufus: https://rufus.ie/ .. _T1327: https://phabricator.vyos.net/T1327 + + +Qotom Q355G4 +************ + +The install on this Q355G4 box is pretty much plug and play. The port numbering the OS does might differ from the labels on the outside, but the UEFI firmware has a port blink test built in with MAC adresses so you can very quickly identify which is which. MAC labels are on the inside as well, and this test can be done from VyOS or plain Linux too. Default settings in the UEFI will make it boot, but depending on your installation wishes (i.e. storage type, boot type, console type) you might want to adjust them. This Qotom company seems to be the real OEM/ODM for many other relabelling companies like Protectli. + +Hardware +-------- + +There are a number of other options, but they all seem to be close to Intel reference designs, with added features like more serial ports, more network interfaces and the likes. Because they don't deviate too much from standard designs all the hardware is well-supported by mainline. It accepts one LPDDR3 SO-DIMM, but chances are that if you need more than that, you'll also want something even beefier than an i5. There are options for antenna holes, and SIM slots, so you could in theory add an LTE/Cell modem (not tested so far). + +The chassis is a U-shaped alu extrusion with removable I/O plates and removable bottom plate. Cooling is completely passive with a heatsink on the SoC with internal and external fins, a flat interface surface, thermal pad on top of that, which then directly attaches to the chassis, which has fins as well. It comes with mounting hardware and rubber feet, so you could place it like a desktop model or mount it on a VESA mount, or even wall mount it with the provided mounting plate. The closing plate doubles as internal 2.5" mounting place for an HDD or SSD, and comes supplied with a small SATA cable and SATA power cable. Power supply is a 12VDC barrel jack, and included switching power supply. (which is why SATA power regulation is on-board) Internally it has a NUC-board-style on-board 12V input header as well, the molex locking style. + +There are WDT options and auto-boot on power enable, which is great for remote setups. Firmware is reasonably secure (no backdoors found, BootGuard is enabled in enforcement mode, which is good but also means no coreboot option), yet has most options available to configure (so it's not locked out like most firmwares are). + +An external RS232 serial port is available, internally a GPIO header as well. It does have Realtek based audio on board for some reason, but you can disable that. Booting works on both USB2 and USB3 ports. Switching between serial BIOS mode and HDMI BIOS mode depends on what is connected at startup; it goes into serial mode if you disconnect HDMI and plug in serial, in all other cases it's HDMI mode. + + +Partaker i5 +*********** +.. figure:: ../_static/images/600px-Partaker-i5.jpg + +I believe this is actually the same hardware as the Protectli. I purchased it from `Amazon <https://www.amazon.com/gp/product/B073F9GHKL/>`_ in June 2018. It came pre-loaded with pfSense. `Manufacturer product page <http://www.inctel.com.cn/product/detail/338.html>`_. + +Installation +------------ +* Write the official ISO to a USB drive of some sort. +* Plug in VGA, power, USB keyboard, and USB drive. +* Press the "SW" button on the front (this is the power button; I don't know what "SW" is supposed to mean). +* Begin rapidly pressing Delete on the keyboard. The boot prompt is very quick, but with a few tries you should be able to get into the BIOS. +* Chipset > South Bridge > USB Configuration: set XHCI to Disabled and USB 2.0 (EHCI) to Enabled. Without doing this, the USB drive won't boot. +* Boot to the VyOS installer and install as usual. +Warning the interface labels on my device are backwards; the left-most "LAN4" port is eth0 and the right-most "LAN1" port is eth3. + + +Acrosser AND-J190N1 +******************* + +.. figure:: ../_static/images/480px-Acrosser_ANDJ190N1_Front.jpg + +.. figure:: ../_static/images/480px-Acrosser_ANDJ190N1_Back.jpg + +11/22/2016. This microbox network appliance was build to create OpenVPN bridges. It can saturate a 100Mbps link. + +It is a small (serial console only) PC with 6 Gb LAN http://www.acrosser.com/upload/AND-J190_J180N1-2.pdf + +You may have to add your own RAM and HDD/SSD. There is no VGA connector. But Acrosser provides a DB25 adapter for the VGA header on the motherboard (not used). + +BIOS Settings: +-------------- + +First thing you want to do is getting a more user friendly console to configure BIOS. Default VT100 brings a lot of issues. Configure VT100+ instead. + +For practical issues change speed from 115200 to 9600. 9600 is the default speed at which both linux kernel and VyOS will reconfigure the serial port when loading. + +Connect to serial (115200bps). Power on the appliance and press Del in the console when requested to enter BIOS settings. + +Advanced > Serial Port Console Redirection > Console Redirection Settings: + +* Terminal Type : VT100+ +* Bits per second : 9600 +Then save, reboot and change serial speed to 9600 on your client. + + +Some options have to be changed for VyOS to boot correctly. With XHCI enabled the installer can’t access the USB key. Enable EHCI instead. + +Reboot inside the BIOS, + +Chipset > South Bridge > USB Configuration: + +* Disable XHCI +* Enable USB 2.0 (EHCI) Support + +Install VyOS: +------------- +Create a VyOS bootable USB key. I Used the 64bits iso (VyOS 1.1.7) and live usb installer (http://www.linuxliveusb.com/) + +I'm not sure if it helps the process but I changed default option to live-serial (line “default xxxx”) on the USB key under syslinux/syslinux.cfg. + +I connected the key to one black USB port on the back and powered on. The first VyOS screen has some readability issues. Press enter to continue. + +Then VyOS should boot and you can perform the "install image" diff --git a/docs/configuration-overview.rst b/docs/configuration-overview.rst index f7a3b078..1815bd30 100644 --- a/docs/configuration-overview.rst +++ b/docs/configuration-overview.rst @@ -321,3 +321,56 @@ Command completeion and syntax help with `?` and `[tab]` wil also work. Interface IP Address S/L Description --------- ---------- --- ----------- eth0 0.0.0.0/0 u/u + + +Configuration archive +--------------------- + +VyOS has built-in config archiving and versionin that renders tools like rancid largely unnecessary. + +This feature was available in Vyatta Core since 6.3 + +Local archive and revisions +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Revisions are stored on disk, you can view them, compare them, and rollback to previous revisions if anything goes wrong. +To view existing revisions, use "show system commit" operational mode command. + +.. code-block:: sh + vyos@vyos-test-2# run show system commit + 0 2015-03-30 08:53:03 by vyos via cli + 1 2015-03-30 08:52:20 by vyos via cli + 2 2015-03-26 21:26:01 by root via boot-config-loader + 3 2015-03-26 20:43:18 by root via boot-config-loader + 4 2015-03-25 11:06:14 by root via boot-config-loader + 5 2015-03-25 01:04:28 by root via boot-config-loader + 6 2015-03-25 00:16:47 by vyos via cli + 7 2015-03-24 23:43:45 by root via boot-config-loader + +You can compare revisions with "compare X Y" command where X and Y are revision numbers. + +.. code-block:: sh + vyos@vyos-test-2# compare 0 6 + [edit interfaces] + +dummy dum1 { + + address 10.189.0.1/31 + +} + [edit interfaces ethernet eth0] + +vif 99 { + + address 10.199.0.1/31 + +} + -vif 900 { + - address 192.0.2.4/24 + -} + +You can rollback to a previous revision with "rollback X", where X is a revision number. Your system will reboot and load the config from the archive. + +Configuring the archive size +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +You can specify the number of revisions stored on disk with "set system config-management commit-revisions X", where X is a number between 0 and 65535. When the number of revisions exceeds that number, the oldest revision is removed. + +Remote archive +~~~~~~~~~~~~~~ +VyOS can copy the config to a remote location after each commit. TFTP, FTP, and SFTP servers are supported. + +You can specify the location with "set system config-management commit-archive location URL" command, e.g. "set system config-management commit-archive location tftp://10.0.0.1/vyos". diff --git a/docs/routing/index.rst b/docs/routing/index.rst index 2f183c70..7ce75602 100644 --- a/docs/routing/index.rst +++ b/docs/routing/index.rst @@ -18,4 +18,4 @@ BGP). rip static mss-clamp - + routing-policy diff --git a/docs/routing/routing-policy.rst b/docs/routing/routing-policy.rst new file mode 100644 index 00000000..253dd980 --- /dev/null +++ b/docs/routing/routing-policy.rst @@ -0,0 +1,59 @@ + +Routing-policy +-------------- + +Routing Policies could be used to tell the router (self or neighbors) what routes and their attributes needs to be put into the routing table. + +There could be a wide range of routing policies. Some examples are below: + + * Set some metric to routes learned from a particular neighbor + * Set some attributes (like AS PATH or Community value) to advertised routes to neighbors + * Prefer a specific routing protocol routes over another routing protocol running on the same router + +Routing Policy Example +~~~~~~~~~~~~~~~~~~~~~~ + +**Policy definition:** + +.. code-block:: sh + + #Create policy + set policy route-map setmet rule 2 action 'permit' + set policy route-map setmet rule 2 set as-path-prepend '2 2 2' + + #Apply policy to BGP + set protocols bgp 1 neighbor 1.1.1.2 route-map import 'setmet' + set protocols bgp 1 neighbor 1.1.1.2 soft-reconfiguration 'inbound' <<<< *** + + *** get policy update without bouncing the neighbor + +**Routes learned before routing policy applied:** + +.. code-block:: sh + + vyos@vos1:~$ show ip bgp + BGP table version is 0, local router ID is 192.168.56.101 + Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, + r RIB-failure, S Stale, R Removed + Origin codes: i - IGP, e - EGP, ? - incomplete + + Network Next Hop Metric LocPrf Weight Path + *> 22.22.22.22/32 1.1.1.2 1 0 2 i < Path + + Total number of prefixes 1 + +**Routes learned after routing policy applied:** + +.. code-block:: sh + + vyos@vos1:~$ sho ip b + BGP table version is 0, local router ID is 192.168.56.101 + Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, + r RIB-failure, S Stale, R Removed + Origin codes: i - IGP, e - EGP, ? - incomplete + + Network Next Hop Metric LocPrf Weight Path + *> 22.22.22.22/32 1.1.1.2 1 0 2 2 2 2 i < longer AS_path length + + Total number of prefixes 1 + vyos@vos1:~$ |
