diff options
| m--------- | docs/_include/vyos-1x | 0 | ||||
| -rw-r--r-- | docs/automation/cloud-init.rst | 2 | ||||
| -rw-r--r-- | docs/automation/command-scripting.rst | 8 | ||||
| -rw-r--r-- | docs/changelog/1.3.rst | 6 | ||||
| -rw-r--r-- | docs/changelog/1.4.rst | 29 | ||||
| -rw-r--r-- | docs/configuration/interfaces/wireless.rst | 21 | ||||
| -rw-r--r-- | docs/configuration/system/acceleration.rst | 146 | ||||
| -rw-r--r-- | docs/configuration/system/index.rst | 1 | ||||
| -rw-r--r-- | docs/configuration/system/ipv6.rst | 2 | ||||
| -rw-r--r-- | docs/installation/vyos-on-baremetal.rst | 2 | 
10 files changed, 211 insertions, 6 deletions
| diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x -Subproject f75da014ae295e6cdf352754bfd998a453e8174 +Subproject 3d0cae6c7636d82f0089562fb8bd84beefedc27 diff --git a/docs/automation/cloud-init.rst b/docs/automation/cloud-init.rst index ccfb6275..2fa102b1 100644 --- a/docs/automation/cloud-init.rst +++ b/docs/automation/cloud-init.rst @@ -267,7 +267,7 @@ Most important keys that needs to be considered:  Generate qcow image  ------------------- -A VyOS qcow image with cloud-init options is needed. This can be obteined +A VyOS qcow image with cloud-init options is needed. This can be obtained  using `vyos-vm-images`_ repo. After clonning the repo, edit the file  **qemu.yml** and comment the **download-iso** role. diff --git a/docs/automation/command-scripting.rst b/docs/automation/command-scripting.rst index 7cf31232..db4724cd 100644 --- a/docs/automation/command-scripting.rst +++ b/docs/automation/command-scripting.rst @@ -83,10 +83,10 @@ Here is a simple example:  .. code-block:: python -  #!/usr/bin/env python -  print "delete firewall group address-group somehosts" -  print "set firewall group address-group somehosts address '192.0.2.3'" -  print "set firewall group address-group somehosts address '203.0.113.55'" +  #!/usr/bin/env python3 +  print("delete firewall group address-group somehosts") +  print("set firewall group address-group somehosts address '192.0.2.3'") +  print("set firewall group address-group somehosts address '203.0.113.55'")  .. code-block:: none diff --git a/docs/changelog/1.3.rst b/docs/changelog/1.3.rst index b71b630d..a80e1873 100644 --- a/docs/changelog/1.3.rst +++ b/docs/changelog/1.3.rst @@ -8,6 +8,12 @@     _ext/releasenotes.py +2022-07-01 +========== + +* :vytask:`T4489` (bug): MPLS sysctl not persistent for tunnel interfaces + +  2022-06-20  ========== diff --git a/docs/changelog/1.4.rst b/docs/changelog/1.4.rst index 1ef142fe..3c98b823 100644 --- a/docs/changelog/1.4.rst +++ b/docs/changelog/1.4.rst @@ -8,6 +8,35 @@     _ext/releasenotes.py +2022-07-01 +========== + +* :vytask:`T2455` (bug): No support for the IPv6 VTI +* :vytask:`T4490` (feature): BGP- warning message that AFI/SAFI is needed to establish the neighborship +* :vytask:`T4489` (bug): MPLS sysctl not persistent for tunnel interfaces + + +2022-06-29 +========== + +* :vytask:`T4477` (feature): router-advert: support RDNSS lifetime option + + +2022-06-28 +========== + +* :vytask:`T4486` (bug): Container can't be deleted +* :vytask:`T4473` (bug): Use container network without network declaration error +* :vytask:`T4458` (feature): Firewall - add support for matching ip ttl in firewall rules +* :vytask:`T3907` (feature): Firewall - Set log levels + + +2022-06-27 +========== + +* :vytask:`T4484` (default): Firewall op-mode summary doesn't correctly handle address group containing ranges + +  2022-06-25  ========== diff --git a/docs/configuration/interfaces/wireless.rst b/docs/configuration/interfaces/wireless.rst index b775011f..231652a0 100644 --- a/docs/configuration/interfaces/wireless.rst +++ b/docs/configuration/interfaces/wireless.rst @@ -590,3 +590,24 @@ To get it to work as an access point with this configuration you will need  to set up a DHCP server to work with that network. You can - of course - also  bridge the Wireless interface with any configured bridge  (:ref:`bridge-interface`) on the system. + +.. _wireless-interface-intel-ax200: + +Intel AX200 +=========== + +The Intel AX200 card does not work out of the box in AP mode, see +https://unix.stackexchange.com/questions/598275/intel-ax200-ap-mode. You can +still put this card into AP mode using the following configuration: + +.. stop_vyoslinter +.. code-block:: none + +  set interfaces wireless wlan0 channel '1' +  set interfaces wireless wlan0 country-code 'us' +  set interfaces wireless wlan0 mode 'n' +  set interfaces wireless wlan0 physical-device 'phy0' +  set interfaces wireless wlan0 ssid 'VyOS' +  set interfaces wireless wlan0 type 'access-point' + +.. start_vyoslinter diff --git a/docs/configuration/system/acceleration.rst b/docs/configuration/system/acceleration.rst new file mode 100644 index 00000000..4c595022 --- /dev/null +++ b/docs/configuration/system/acceleration.rst @@ -0,0 +1,146 @@ +.. _acceleration: + +############ +Acceleration +############ + +In this command tree, all hardware acceleration options will be handled. +At the moment only `Intel® QAT`_ is supported + +********** +Intel® QAT +********** + +.. opcmd:: show system acceleration qat + +    use this command to check if there is an Intel® QAT supported Processor in +    your system. + +    .. code-block:: + +        vyos@vyos:~$ show system acceleration qat +        01:00.0 Co-processor [0b40]: Intel Corporation Atom Processor C3000 Series QuickAssist Technology [8086:19e2] (rev 11) + +    if there is non device the command will show ```No QAT device found``` + +.. cfgcmd:: set system acceleration qat + +    if there is a supported device, enable Intel® QAT + +.. opcmd:: show system acceleration qat status + +    Check if the Intel® QAT device is up and ready to do the job. + +    .. code-block:: + +        vyos@vyos:~$ show system acceleration qat status +        Checking status of all devices. +        There is 1 QAT acceleration device(s) in the system: +        qat_dev0 - type: c3xxx,  inst_id: 0,  node_id: 0,  bsf: 0000:01:00.0,  #accel: 3 #engines: 6 state: up +     +Operation Mode +============== + +.. opcmd:: show system acceleration qat device <device> config + +    Show the full config uploaded to the QAT device. + +.. opcmd:: show system acceleration qat device <device> flows + +    Get an overview over the encryption counters. + +.. opcmd:: show system acceleration qat interrupts + +    Show binded qat device interrupts to certain core. + + +Example +======= + +Let's build a simple VPN between 2 Intel® QAT ready devices. + +Side A: + +.. code-block:: + +    set interfaces vti vti1 address '192.168.1.2/24' +    set vpn ipsec esp-group MyESPGroup proposal 1 encryption 'aes256' +    set vpn ipsec esp-group MyESPGroup proposal 1 hash 'sha256' +    set vpn ipsec ike-group MyIKEGroup proposal 1 dh-group '14' +    set vpn ipsec ike-group MyIKEGroup proposal 1 encryption 'aes256' +    set vpn ipsec ike-group MyIKEGroup proposal 1 hash 'sha256' +    set vpn ipsec ipsec-interfaces interface 'eth0' +    set vpn ipsec site-to-site peer 10.10.10.1 authentication mode 'pre-shared-secret' +    set vpn ipsec site-to-site peer 10.10.10.1 authentication pre-shared-secret 'Qwerty123' +    set vpn ipsec site-to-site peer 10.10.10.1 connection-type 'initiate' +    set vpn ipsec site-to-site peer 10.10.10.1 default-esp-group 'MyESPGroup' +    set vpn ipsec site-to-site peer 10.10.10.1 ike-group 'MyIKEGroup' +    set vpn ipsec site-to-site peer 10.10.10.1 local-address '10.10.10.2' +    set vpn ipsec site-to-site peer 10.10.10.1 vti bind 'vti1' + +Side B: + +.. code-block:: + +    set interfaces vti vti1 address '192.168.1.1/24' +    set vpn ipsec esp-group MyESPGroup proposal 1 encryption 'aes256' +    set vpn ipsec esp-group MyESPGroup proposal 1 hash 'sha256' +    set vpn ipsec ike-group MyIKEGroup proposal 1 dh-group '14' +    set vpn ipsec ike-group MyIKEGroup proposal 1 encryption 'aes256' +    set vpn ipsec ike-group MyIKEGroup proposal 1 hash 'sha256' +    set vpn ipsec ipsec-interfaces interface 'eth0' +    set vpn ipsec site-to-site peer 10.10.10.2 authentication mode 'pre-shared-secret' +    set vpn ipsec site-to-site peer 10.10.10.2 authentication pre-shared-secret 'Qwerty123' +    set vpn ipsec site-to-site peer 10.10.10.2 connection-type 'initiate' +    set vpn ipsec site-to-site peer 10.10.10.2 default-esp-group 'MyESPGroup' +    set vpn ipsec site-to-site peer 10.10.10.2 ike-group 'MyIKEGroup' +    set vpn ipsec site-to-site peer 10.10.10.2 local-address '10.10.10.1' +    set vpn ipsec site-to-site peer 10.10.10.2 vti bind 'vti1' + +a bandwidth test over the VPN got these results: + +.. code-block:: + +    Connecting to host 192.168.1.2, port 5201 +    [  9] local 192.168.1.1 port 51344 connected to 192.168.1.2 port 5201 +    [ ID] Interval           Transfer     Bitrate         Retr  Cwnd +    [  9]   0.00-1.01   sec  32.3 MBytes   268 Mbits/sec    0    196 KBytes +    [  9]   1.01-2.03   sec  32.5 MBytes   268 Mbits/sec    0    208 KBytes +    [  9]   2.03-3.03   sec  32.5 MBytes   271 Mbits/sec    0    208 KBytes +    [  9]   3.03-4.04   sec  32.5 MBytes   272 Mbits/sec    0    208 KBytes +    [  9]   4.04-5.00   sec  31.2 MBytes   272 Mbits/sec    0    208 KBytes +    [  9]   5.00-6.01   sec  32.5 MBytes   272 Mbits/sec    0    234 KBytes +    [  9]   6.01-7.04   sec  32.5 MBytes   265 Mbits/sec    0    234 KBytes +    [  9]   7.04-8.04   sec  32.5 MBytes   272 Mbits/sec    0    234 KBytes +    [  9]   8.04-9.04   sec  32.5 MBytes   273 Mbits/sec    0    336 KBytes +    [  9]   9.04-10.00  sec  31.2 MBytes   272 Mbits/sec    0    336 KBytes +    - - - - - - - - - - - - - - - - - - - - - - - - - +    [ ID] Interval           Transfer     Bitrate         Retr +    [  9]   0.00-10.00  sec   322 MBytes   270 Mbits/sec    0           sender +    [  9]   0.00-10.00  sec   322 MBytes   270 Mbits/sec                receiver + +with :cfgcmd:`set system acceleration qat` on both systems the bandwidth +increases. + +.. code-block:: + +    Connecting to host 192.168.1.2, port 5201 +    [  9] local 192.168.1.1 port 51340 connected to 192.168.1.2 port 5201 +    [ ID] Interval           Transfer     Bitrate         Retr  Cwnd +    [  9]   0.00-1.00   sec  97.3 MBytes   817 Mbits/sec    0   1000 KBytes +    [  9]   1.00-2.00   sec  92.5 MBytes   776 Mbits/sec    0   1.07 MBytes +    [  9]   2.00-3.00   sec  92.5 MBytes   776 Mbits/sec    0    820 KBytes +    [  9]   3.00-4.00   sec  92.5 MBytes   776 Mbits/sec    0    899 KBytes +    [  9]   4.00-5.00   sec  91.2 MBytes   765 Mbits/sec    0    972 KBytes +    [  9]   5.00-6.00   sec  92.5 MBytes   776 Mbits/sec    0   1.02 MBytes +    [  9]   6.00-7.00   sec  92.5 MBytes   776 Mbits/sec    0   1.08 MBytes +    [  9]   7.00-8.00   sec  92.5 MBytes   776 Mbits/sec    0   1.14 MBytes +    [  9]   8.00-9.00   sec  91.2 MBytes   765 Mbits/sec    0    915 KBytes +    [  9]   9.00-10.00  sec  92.5 MBytes   776 Mbits/sec    0   1000 KBytes +    - - - - - - - - - - - - - - - - - - - - - - - - - +    [ ID] Interval           Transfer     Bitrate         Retr +    [  9]   0.00-10.00  sec   927 MBytes   778 Mbits/sec    0             sender +    [  9]   0.00-10.01  sec   925 MBytes   775 Mbits/sec                  receiver + + +.. _`Intel® QAT`: https://www.intel.com/content/www/us/en/architecture-and-technology/intel-quick-assist-technology-overview.html
\ No newline at end of file diff --git a/docs/configuration/system/index.rst b/docs/configuration/system/index.rst index 5a6cb7b1..5bf781af 100644 --- a/docs/configuration/system/index.rst +++ b/docs/configuration/system/index.rst @@ -7,6 +7,7 @@ System     :maxdepth: 1     :includehidden: +   acceleration     conntrack     console     flow-accounting diff --git a/docs/configuration/system/ipv6.rst b/docs/configuration/system/ipv6.rst index 19016e7b..0b9f9cc8 100644 --- a/docs/configuration/system/ipv6.rst +++ b/docs/configuration/system/ipv6.rst @@ -160,7 +160,7 @@ Show commands  Reset commands  ^^^^^^^^^^^^^^ -.. opcmd:: reset ipv6 bgp <address> +.. opcmd:: reset bgp ipv6 <address>     Use this command to clear Border Gateway Protocol statistics or     status. diff --git a/docs/installation/vyos-on-baremetal.rst b/docs/installation/vyos-on-baremetal.rst index 738f5e07..367e6df1 100644 --- a/docs/installation/vyos-on-baremetal.rst +++ b/docs/installation/vyos-on-baremetal.rst @@ -115,6 +115,8 @@ Refer to :ref:`wireless-interface` for additional information, below listed  modules have been tested successfully on this Hardware platform:  * Compex WLE900VX mini-PCIe WiFi module, only supported in mPCIe slot 1. +* Intel Corporation AX200 mini-PCIe WiFi module, only supported in mPCIe slot 1. +  (see :ref:`wireless-interface-intel-ax200`)  WWAN  """" | 
