diff options
127 files changed, 1380 insertions, 116 deletions
@@ -1,2 +1,2 @@ -* @vyos/reviewers +# * @vyos/reviewers * @rebortg
\ No newline at end of file diff --git a/docs/_html_extra/robots.txt b/docs/_html_extra/robots.txt new file mode 100644 index 00000000..e5c4db82 --- /dev/null +++ b/docs/_html_extra/robots.txt @@ -0,0 +1,7 @@ +User-agent: atlassian-bot +Allow: / + +User-agent: * +Disallow: # Allow everything + +Sitemap: https://docs.vyos.io/sitemap.xml diff --git a/docs/_static/images/cloud-aws-01.png b/docs/_static/images/cloud-aws-01.png Binary files differdeleted file mode 100644 index cda6542f..00000000 --- a/docs/_static/images/cloud-aws-01.png +++ /dev/null diff --git a/docs/_static/images/cloud-aws-02.png b/docs/_static/images/cloud-aws-02.png Binary files differdeleted file mode 100644 index 639d42fa..00000000 --- a/docs/_static/images/cloud-aws-02.png +++ /dev/null diff --git a/docs/_static/images/cloud-aws-03.png b/docs/_static/images/cloud-aws-03.png Binary files differdeleted file mode 100644 index 92d3e63b..00000000 --- a/docs/_static/images/cloud-aws-03.png +++ /dev/null diff --git a/docs/_static/images/cloud-aws-04.png b/docs/_static/images/cloud-aws-04.png Binary files differdeleted file mode 100644 index 3ae4fb2a..00000000 --- a/docs/_static/images/cloud-aws-04.png +++ /dev/null diff --git a/docs/_static/images/cloud-aws-05.png b/docs/_static/images/cloud-aws-05.png Binary files differdeleted file mode 100644 index fa3521a6..00000000 --- a/docs/_static/images/cloud-aws-05.png +++ /dev/null diff --git a/docs/_static/images/cloud-aws-06.png b/docs/_static/images/cloud-aws-06.png Binary files differdeleted file mode 100644 index c8f88ded..00000000 --- a/docs/_static/images/cloud-aws-06.png +++ /dev/null diff --git a/docs/_static/images/cloud-aws-07.png b/docs/_static/images/cloud-aws-07.png Binary files differdeleted file mode 100644 index d9f934ac..00000000 --- a/docs/_static/images/cloud-aws-07.png +++ /dev/null diff --git a/docs/_static/images/cloud-aws-08.png b/docs/_static/images/cloud-aws-08.png Binary files differdeleted file mode 100644 index db3030a0..00000000 --- a/docs/_static/images/cloud-aws-08.png +++ /dev/null diff --git a/docs/_static/images/cloud-aws-eip-01.png b/docs/_static/images/cloud-aws-eip-01.png Binary files differnew file mode 100755 index 00000000..6e376d63 --- /dev/null +++ b/docs/_static/images/cloud-aws-eip-01.png diff --git a/docs/_static/images/cloud-aws-eip-02.png b/docs/_static/images/cloud-aws-eip-02.png Binary files differnew file mode 100755 index 00000000..69bd5aa5 --- /dev/null +++ b/docs/_static/images/cloud-aws-eip-02.png diff --git a/docs/_static/images/cloud-aws-eni-01.png b/docs/_static/images/cloud-aws-eni-01.png Binary files differnew file mode 100755 index 00000000..5c67f4dc --- /dev/null +++ b/docs/_static/images/cloud-aws-eni-01.png diff --git a/docs/_static/images/cloud-aws-eni-02.png b/docs/_static/images/cloud-aws-eni-02.png Binary files differnew file mode 100755 index 00000000..15b5b8aa --- /dev/null +++ b/docs/_static/images/cloud-aws-eni-02.png diff --git a/docs/_static/images/cloud-aws-igw-01.png b/docs/_static/images/cloud-aws-igw-01.png Binary files differnew file mode 100755 index 00000000..148c2d05 --- /dev/null +++ b/docs/_static/images/cloud-aws-igw-01.png diff --git a/docs/_static/images/cloud-aws-igw-02.png b/docs/_static/images/cloud-aws-igw-02.png Binary files differnew file mode 100755 index 00000000..26e6ea48 --- /dev/null +++ b/docs/_static/images/cloud-aws-igw-02.png diff --git a/docs/_static/images/cloud-aws-keypair-01.png b/docs/_static/images/cloud-aws-keypair-01.png Binary files differnew file mode 100644 index 00000000..2ebc9ac3 --- /dev/null +++ b/docs/_static/images/cloud-aws-keypair-01.png diff --git a/docs/_static/images/cloud-aws-keypair-02.png b/docs/_static/images/cloud-aws-keypair-02.png Binary files differnew file mode 100644 index 00000000..419e8168 --- /dev/null +++ b/docs/_static/images/cloud-aws-keypair-02.png diff --git a/docs/_static/images/cloud-aws-keypair-03.png b/docs/_static/images/cloud-aws-keypair-03.png Binary files differnew file mode 100644 index 00000000..cc3f0dec --- /dev/null +++ b/docs/_static/images/cloud-aws-keypair-03.png diff --git a/docs/_static/images/cloud-aws-keypair-04.png b/docs/_static/images/cloud-aws-keypair-04.png Binary files differnew file mode 100644 index 00000000..0e4b9f6d --- /dev/null +++ b/docs/_static/images/cloud-aws-keypair-04.png diff --git a/docs/_static/images/cloud-aws-route-01.png b/docs/_static/images/cloud-aws-route-01.png Binary files differnew file mode 100755 index 00000000..1563c0b4 --- /dev/null +++ b/docs/_static/images/cloud-aws-route-01.png diff --git a/docs/_static/images/cloud-aws-route-02.png b/docs/_static/images/cloud-aws-route-02.png Binary files differnew file mode 100755 index 00000000..9ba19f1e --- /dev/null +++ b/docs/_static/images/cloud-aws-route-02.png diff --git a/docs/_static/images/cloud-aws-route-03.png b/docs/_static/images/cloud-aws-route-03.png Binary files differnew file mode 100755 index 00000000..1bfef11c --- /dev/null +++ b/docs/_static/images/cloud-aws-route-03.png diff --git a/docs/_static/images/cloud-aws-route-04.png b/docs/_static/images/cloud-aws-route-04.png Binary files differnew file mode 100755 index 00000000..e3987ad3 --- /dev/null +++ b/docs/_static/images/cloud-aws-route-04.png diff --git a/docs/_static/images/cloud-aws-sg-01.png b/docs/_static/images/cloud-aws-sg-01.png Binary files differnew file mode 100755 index 00000000..77558eeb --- /dev/null +++ b/docs/_static/images/cloud-aws-sg-01.png diff --git a/docs/_static/images/cloud-aws-sg-02.png b/docs/_static/images/cloud-aws-sg-02.png Binary files differnew file mode 100755 index 00000000..22351f75 --- /dev/null +++ b/docs/_static/images/cloud-aws-sg-02.png diff --git a/docs/_static/images/cloud-aws-sg-03.png b/docs/_static/images/cloud-aws-sg-03.png Binary files differnew file mode 100755 index 00000000..7375b681 --- /dev/null +++ b/docs/_static/images/cloud-aws-sg-03.png diff --git a/docs/_static/images/cloud-aws-sg-04.png b/docs/_static/images/cloud-aws-sg-04.png Binary files differnew file mode 100755 index 00000000..874feed5 --- /dev/null +++ b/docs/_static/images/cloud-aws-sg-04.png diff --git a/docs/_static/images/cloud-aws-sg-05.png b/docs/_static/images/cloud-aws-sg-05.png Binary files differnew file mode 100755 index 00000000..43b7b5cd --- /dev/null +++ b/docs/_static/images/cloud-aws-sg-05.png diff --git a/docs/_static/images/cloud-aws-subnet-01.png b/docs/_static/images/cloud-aws-subnet-01.png Binary files differnew file mode 100755 index 00000000..05fe311c --- /dev/null +++ b/docs/_static/images/cloud-aws-subnet-01.png diff --git a/docs/_static/images/cloud-aws-subnet-02.png b/docs/_static/images/cloud-aws-subnet-02.png Binary files differnew file mode 100755 index 00000000..22ebde4c --- /dev/null +++ b/docs/_static/images/cloud-aws-subnet-02.png diff --git a/docs/_static/images/cloud-aws-subnet-03.png b/docs/_static/images/cloud-aws-subnet-03.png Binary files differnew file mode 100755 index 00000000..f9092955 --- /dev/null +++ b/docs/_static/images/cloud-aws-subnet-03.png diff --git a/docs/_static/images/cloud-aws-vpc-01.png b/docs/_static/images/cloud-aws-vpc-01.png Binary files differnew file mode 100755 index 00000000..4a41375c --- /dev/null +++ b/docs/_static/images/cloud-aws-vpc-01.png diff --git a/docs/_static/images/cloud-aws-vpc-02.png b/docs/_static/images/cloud-aws-vpc-02.png Binary files differnew file mode 100755 index 00000000..bdd04f30 --- /dev/null +++ b/docs/_static/images/cloud-aws-vpc-02.png diff --git a/docs/_static/images/cloud-aws-vpc-03.png b/docs/_static/images/cloud-aws-vpc-03.png Binary files differnew file mode 100755 index 00000000..f71fb5e5 --- /dev/null +++ b/docs/_static/images/cloud-aws-vpc-03.png diff --git a/docs/_static/images/cloud-aws-vyos-01.png b/docs/_static/images/cloud-aws-vyos-01.png Binary files differnew file mode 100755 index 00000000..b3e70835 --- /dev/null +++ b/docs/_static/images/cloud-aws-vyos-01.png diff --git a/docs/_static/images/cloud-aws-vyos-02.png b/docs/_static/images/cloud-aws-vyos-02.png Binary files differnew file mode 100755 index 00000000..40957667 --- /dev/null +++ b/docs/_static/images/cloud-aws-vyos-02.png diff --git a/docs/_static/images/cloud-aws-vyos-03.png b/docs/_static/images/cloud-aws-vyos-03.png Binary files differnew file mode 100755 index 00000000..ecd58eed --- /dev/null +++ b/docs/_static/images/cloud-aws-vyos-03.png diff --git a/docs/_static/images/cloud-aws-vyos-04.png b/docs/_static/images/cloud-aws-vyos-04.png Binary files differnew file mode 100755 index 00000000..e3db20db --- /dev/null +++ b/docs/_static/images/cloud-aws-vyos-04.png diff --git a/docs/_static/images/cloud-aws-vyos-05.png b/docs/_static/images/cloud-aws-vyos-05.png Binary files differnew file mode 100755 index 00000000..b91b5913 --- /dev/null +++ b/docs/_static/images/cloud-aws-vyos-05.png diff --git a/docs/_static/images/cloud-aws-vyos-06.png b/docs/_static/images/cloud-aws-vyos-06.png Binary files differnew file mode 100755 index 00000000..912cfed1 --- /dev/null +++ b/docs/_static/images/cloud-aws-vyos-06.png diff --git a/docs/_static/images/cloud-aws-vyos-07.png b/docs/_static/images/cloud-aws-vyos-07.png Binary files differnew file mode 100755 index 00000000..ba6ad590 --- /dev/null +++ b/docs/_static/images/cloud-aws-vyos-07.png diff --git a/docs/_static/images/cloud-aws-vyos-08.png b/docs/_static/images/cloud-aws-vyos-08.png Binary files differnew file mode 100755 index 00000000..f7d4e813 --- /dev/null +++ b/docs/_static/images/cloud-aws-vyos-08.png diff --git a/docs/_static/images/cloud-aws-vyos-09.png b/docs/_static/images/cloud-aws-vyos-09.png Binary files differnew file mode 100755 index 00000000..912cfed1 --- /dev/null +++ b/docs/_static/images/cloud-aws-vyos-09.png diff --git a/docs/_static/images/cloud-aws-vyos-10.png b/docs/_static/images/cloud-aws-vyos-10.png Binary files differnew file mode 100755 index 00000000..5912163a --- /dev/null +++ b/docs/_static/images/cloud-aws-vyos-10.png diff --git a/docs/_static/images/cloud-aws-vyos-11.png b/docs/_static/images/cloud-aws-vyos-11.png Binary files differnew file mode 100755 index 00000000..28aa3346 --- /dev/null +++ b/docs/_static/images/cloud-aws-vyos-11.png diff --git a/docs/_static/images/cloud-azure-01.png b/docs/_static/images/cloud-azure-01.png Binary files differdeleted file mode 100644 index 2c7b1adb..00000000 --- a/docs/_static/images/cloud-azure-01.png +++ /dev/null diff --git a/docs/_static/images/cloud-azure-02.png b/docs/_static/images/cloud-azure-02.png Binary files differdeleted file mode 100644 index 286b8689..00000000 --- a/docs/_static/images/cloud-azure-02.png +++ /dev/null diff --git a/docs/_static/images/cloud-azure-03.png b/docs/_static/images/cloud-azure-03.png Binary files differdeleted file mode 100644 index 4661a1fb..00000000 --- a/docs/_static/images/cloud-azure-03.png +++ /dev/null diff --git a/docs/_static/images/cloud-azure-04.png b/docs/_static/images/cloud-azure-04.png Binary files differdeleted file mode 100644 index af12d337..00000000 --- a/docs/_static/images/cloud-azure-04.png +++ /dev/null diff --git a/docs/_static/images/cloud-azure-05.png b/docs/_static/images/cloud-azure-05.png Binary files differdeleted file mode 100644 index c5a32d2e..00000000 --- a/docs/_static/images/cloud-azure-05.png +++ /dev/null diff --git a/docs/_static/images/cloud-azure-06.png b/docs/_static/images/cloud-azure-06.png Binary files differdeleted file mode 100644 index 1cc7cbf1..00000000 --- a/docs/_static/images/cloud-azure-06.png +++ /dev/null diff --git a/docs/_static/images/cloud-azure-nic-01.png b/docs/_static/images/cloud-azure-nic-01.png Binary files differnew file mode 100755 index 00000000..80109a69 --- /dev/null +++ b/docs/_static/images/cloud-azure-nic-01.png diff --git a/docs/_static/images/cloud-azure-nic-02.png b/docs/_static/images/cloud-azure-nic-02.png Binary files differnew file mode 100755 index 00000000..066f0ca1 --- /dev/null +++ b/docs/_static/images/cloud-azure-nic-02.png diff --git a/docs/_static/images/cloud-azure-nic-03.png b/docs/_static/images/cloud-azure-nic-03.png Binary files differnew file mode 100755 index 00000000..7d272620 --- /dev/null +++ b/docs/_static/images/cloud-azure-nic-03.png diff --git a/docs/_static/images/cloud-azure-nic-04.png b/docs/_static/images/cloud-azure-nic-04.png Binary files differnew file mode 100755 index 00000000..918c7e28 --- /dev/null +++ b/docs/_static/images/cloud-azure-nic-04.png diff --git a/docs/_static/images/cloud-azure-pub-ip-01.png b/docs/_static/images/cloud-azure-pub-ip-01.png Binary files differnew file mode 100755 index 00000000..721eff2c --- /dev/null +++ b/docs/_static/images/cloud-azure-pub-ip-01.png diff --git a/docs/_static/images/cloud-azure-pub-ip-02.png b/docs/_static/images/cloud-azure-pub-ip-02.png Binary files differnew file mode 100755 index 00000000..cebf1799 --- /dev/null +++ b/docs/_static/images/cloud-azure-pub-ip-02.png diff --git a/docs/_static/images/cloud-azure-pub-ip-03.png b/docs/_static/images/cloud-azure-pub-ip-03.png Binary files differnew file mode 100755 index 00000000..3a429dba --- /dev/null +++ b/docs/_static/images/cloud-azure-pub-ip-03.png diff --git a/docs/_static/images/cloud-azure-rg-01.png b/docs/_static/images/cloud-azure-rg-01.png Binary files differnew file mode 100755 index 00000000..399a156c --- /dev/null +++ b/docs/_static/images/cloud-azure-rg-01.png diff --git a/docs/_static/images/cloud-azure-rg-02.png b/docs/_static/images/cloud-azure-rg-02.png Binary files differnew file mode 100755 index 00000000..24de95f2 --- /dev/null +++ b/docs/_static/images/cloud-azure-rg-02.png diff --git a/docs/_static/images/cloud-azure-route-01.png b/docs/_static/images/cloud-azure-route-01.png Binary files differnew file mode 100755 index 00000000..1cf33838 --- /dev/null +++ b/docs/_static/images/cloud-azure-route-01.png diff --git a/docs/_static/images/cloud-azure-route-02.png b/docs/_static/images/cloud-azure-route-02.png Binary files differnew file mode 100755 index 00000000..0e4f294b --- /dev/null +++ b/docs/_static/images/cloud-azure-route-02.png diff --git a/docs/_static/images/cloud-azure-route-03.png b/docs/_static/images/cloud-azure-route-03.png Binary files differnew file mode 100755 index 00000000..09dd3ec2 --- /dev/null +++ b/docs/_static/images/cloud-azure-route-03.png diff --git a/docs/_static/images/cloud-azure-route-04.png b/docs/_static/images/cloud-azure-route-04.png Binary files differnew file mode 100755 index 00000000..4c497c1c --- /dev/null +++ b/docs/_static/images/cloud-azure-route-04.png diff --git a/docs/_static/images/cloud-azure-route-05.png b/docs/_static/images/cloud-azure-route-05.png Binary files differnew file mode 100755 index 00000000..f30d3f5b --- /dev/null +++ b/docs/_static/images/cloud-azure-route-05.png diff --git a/docs/_static/images/cloud-azure-sg-01.png b/docs/_static/images/cloud-azure-sg-01.png Binary files differnew file mode 100755 index 00000000..76f0ea95 --- /dev/null +++ b/docs/_static/images/cloud-azure-sg-01.png diff --git a/docs/_static/images/cloud-azure-sg-02.png b/docs/_static/images/cloud-azure-sg-02.png Binary files differnew file mode 100755 index 00000000..4e98a5c0 --- /dev/null +++ b/docs/_static/images/cloud-azure-sg-02.png diff --git a/docs/_static/images/cloud-azure-sg-03.png b/docs/_static/images/cloud-azure-sg-03.png Binary files differnew file mode 100755 index 00000000..4eeec886 --- /dev/null +++ b/docs/_static/images/cloud-azure-sg-03.png diff --git a/docs/_static/images/cloud-azure-sg-04.png b/docs/_static/images/cloud-azure-sg-04.png Binary files differnew file mode 100755 index 00000000..a6d6426e --- /dev/null +++ b/docs/_static/images/cloud-azure-sg-04.png diff --git a/docs/_static/images/cloud-azure-vm-01.png b/docs/_static/images/cloud-azure-vm-01.png Binary files differnew file mode 100755 index 00000000..aebf2c9e --- /dev/null +++ b/docs/_static/images/cloud-azure-vm-01.png diff --git a/docs/_static/images/cloud-azure-vm-02.png b/docs/_static/images/cloud-azure-vm-02.png Binary files differnew file mode 100755 index 00000000..5d24917f --- /dev/null +++ b/docs/_static/images/cloud-azure-vm-02.png diff --git a/docs/_static/images/cloud-azure-vm-03.png b/docs/_static/images/cloud-azure-vm-03.png Binary files differnew file mode 100755 index 00000000..63e8ef94 --- /dev/null +++ b/docs/_static/images/cloud-azure-vm-03.png diff --git a/docs/_static/images/cloud-azure-vm-04.png b/docs/_static/images/cloud-azure-vm-04.png Binary files differnew file mode 100755 index 00000000..9cfaeccf --- /dev/null +++ b/docs/_static/images/cloud-azure-vm-04.png diff --git a/docs/_static/images/cloud-azure-vm-05.png b/docs/_static/images/cloud-azure-vm-05.png Binary files differnew file mode 100755 index 00000000..6f2a0c05 --- /dev/null +++ b/docs/_static/images/cloud-azure-vm-05.png diff --git a/docs/_static/images/cloud-azure-vm-06.png b/docs/_static/images/cloud-azure-vm-06.png Binary files differnew file mode 100755 index 00000000..9a735f0e --- /dev/null +++ b/docs/_static/images/cloud-azure-vm-06.png diff --git a/docs/_static/images/cloud-azure-vm-07.png b/docs/_static/images/cloud-azure-vm-07.png Binary files differnew file mode 100755 index 00000000..ce25cb52 --- /dev/null +++ b/docs/_static/images/cloud-azure-vm-07.png diff --git a/docs/_static/images/cloud-azure-vm-08.png b/docs/_static/images/cloud-azure-vm-08.png Binary files differnew file mode 100755 index 00000000..30017934 --- /dev/null +++ b/docs/_static/images/cloud-azure-vm-08.png diff --git a/docs/_static/images/cloud-azure-vm-09.png b/docs/_static/images/cloud-azure-vm-09.png Binary files differnew file mode 100755 index 00000000..5f0daf34 --- /dev/null +++ b/docs/_static/images/cloud-azure-vm-09.png diff --git a/docs/_static/images/cloud-azure-vm-10.png b/docs/_static/images/cloud-azure-vm-10.png Binary files differnew file mode 100755 index 00000000..ea913d68 --- /dev/null +++ b/docs/_static/images/cloud-azure-vm-10.png diff --git a/docs/_static/images/cloud-azure-vm-11.png b/docs/_static/images/cloud-azure-vm-11.png Binary files differnew file mode 100755 index 00000000..a0da6ea2 --- /dev/null +++ b/docs/_static/images/cloud-azure-vm-11.png diff --git a/docs/_static/images/cloud-azure-vm-12.png b/docs/_static/images/cloud-azure-vm-12.png Binary files differnew file mode 100755 index 00000000..30cbcc52 --- /dev/null +++ b/docs/_static/images/cloud-azure-vm-12.png diff --git a/docs/_static/images/cloud-azure-vm-13.png b/docs/_static/images/cloud-azure-vm-13.png Binary files differnew file mode 100755 index 00000000..527330e1 --- /dev/null +++ b/docs/_static/images/cloud-azure-vm-13.png diff --git a/docs/_static/images/cloud-azure-vnet-01.png b/docs/_static/images/cloud-azure-vnet-01.png Binary files differnew file mode 100755 index 00000000..3577d8ab --- /dev/null +++ b/docs/_static/images/cloud-azure-vnet-01.png diff --git a/docs/_static/images/cloud-azure-vnet-02.png b/docs/_static/images/cloud-azure-vnet-02.png Binary files differnew file mode 100755 index 00000000..6da436f5 --- /dev/null +++ b/docs/_static/images/cloud-azure-vnet-02.png diff --git a/docs/_static/images/cloud-azure-vnet-03.png b/docs/_static/images/cloud-azure-vnet-03.png Binary files differnew file mode 100755 index 00000000..36a6803b --- /dev/null +++ b/docs/_static/images/cloud-azure-vnet-03.png diff --git a/docs/_static/images/cloud-azure-vnet-04.png b/docs/_static/images/cloud-azure-vnet-04.png Binary files differnew file mode 100755 index 00000000..8351e203 --- /dev/null +++ b/docs/_static/images/cloud-azure-vnet-04.png diff --git a/docs/_static/images/cloud-azure-vnet-05.png b/docs/_static/images/cloud-azure-vnet-05.png Binary files differnew file mode 100755 index 00000000..daea1900 --- /dev/null +++ b/docs/_static/images/cloud-azure-vnet-05.png diff --git a/docs/_static/images/cloud-azure-vnet-06.png b/docs/_static/images/cloud-azure-vnet-06.png Binary files differnew file mode 100755 index 00000000..b11df2c0 --- /dev/null +++ b/docs/_static/images/cloud-azure-vnet-06.png diff --git a/docs/_static/images/cloud-gcp-03.png b/docs/_static/images/cloud-gcp-03.png Binary files differdeleted file mode 100644 index 9881a5a3..00000000 --- a/docs/_static/images/cloud-gcp-03.png +++ /dev/null diff --git a/docs/_static/images/cloud-gcp-04.png b/docs/_static/images/cloud-gcp-04.png Binary files differdeleted file mode 100644 index 61ee2d5e..00000000 --- a/docs/_static/images/cloud-gcp-04.png +++ /dev/null diff --git a/docs/_static/images/cloud-gcp-05.png b/docs/_static/images/cloud-gcp-05.png Binary files differdeleted file mode 100644 index acaafc59..00000000 --- a/docs/_static/images/cloud-gcp-05.png +++ /dev/null diff --git a/docs/_static/images/cloud-gcp-market-01.png b/docs/_static/images/cloud-gcp-market-01.png Binary files differnew file mode 100755 index 00000000..2d6f69b5 --- /dev/null +++ b/docs/_static/images/cloud-gcp-market-01.png diff --git a/docs/_static/images/cloud-gcp-market-02.png b/docs/_static/images/cloud-gcp-market-02.png Binary files differnew file mode 100755 index 00000000..25e7f8a6 --- /dev/null +++ b/docs/_static/images/cloud-gcp-market-02.png diff --git a/docs/_static/images/cloud-gcp-market-03.png b/docs/_static/images/cloud-gcp-market-03.png Binary files differnew file mode 100755 index 00000000..f08de2ba --- /dev/null +++ b/docs/_static/images/cloud-gcp-market-03.png diff --git a/docs/_static/images/cloud-gcp-market-04.png b/docs/_static/images/cloud-gcp-market-04.png Binary files differnew file mode 100755 index 00000000..3735266c --- /dev/null +++ b/docs/_static/images/cloud-gcp-market-04.png diff --git a/docs/_static/images/cloud-gcp-market-05.png b/docs/_static/images/cloud-gcp-market-05.png Binary files differnew file mode 100755 index 00000000..26b8cb59 --- /dev/null +++ b/docs/_static/images/cloud-gcp-market-05.png diff --git a/docs/_static/images/cloud-gcp-proj.png b/docs/_static/images/cloud-gcp-proj.png Binary files differnew file mode 100755 index 00000000..a7a8d768 --- /dev/null +++ b/docs/_static/images/cloud-gcp-proj.png diff --git a/docs/_static/images/cloud-gcp-svc.png b/docs/_static/images/cloud-gcp-svc.png Binary files differnew file mode 100755 index 00000000..5394a26e --- /dev/null +++ b/docs/_static/images/cloud-gcp-svc.png diff --git a/docs/_static/images/cloud-gcp-vm-01.png b/docs/_static/images/cloud-gcp-vm-01.png Binary files differnew file mode 100755 index 00000000..166a45ac --- /dev/null +++ b/docs/_static/images/cloud-gcp-vm-01.png diff --git a/docs/_static/images/cloud-gcp-vm-02.png b/docs/_static/images/cloud-gcp-vm-02.png Binary files differnew file mode 100755 index 00000000..83d9a4ea --- /dev/null +++ b/docs/_static/images/cloud-gcp-vm-02.png diff --git a/docs/_static/images/cloud-gcp-vm-03.png b/docs/_static/images/cloud-gcp-vm-03.png Binary files differnew file mode 100755 index 00000000..9d152461 --- /dev/null +++ b/docs/_static/images/cloud-gcp-vm-03.png diff --git a/docs/_static/images/cloud-gcp-vm-04.png b/docs/_static/images/cloud-gcp-vm-04.png Binary files differnew file mode 100755 index 00000000..a5c4cb64 --- /dev/null +++ b/docs/_static/images/cloud-gcp-vm-04.png diff --git a/docs/_static/images/cloud-gcp-vm-06.png b/docs/_static/images/cloud-gcp-vm-06.png Binary files differnew file mode 100755 index 00000000..da5418a6 --- /dev/null +++ b/docs/_static/images/cloud-gcp-vm-06.png diff --git a/docs/_static/images/cloud-gcp-vm-07.png b/docs/_static/images/cloud-gcp-vm-07.png Binary files differnew file mode 100755 index 00000000..92a8e3d5 --- /dev/null +++ b/docs/_static/images/cloud-gcp-vm-07.png diff --git a/docs/_static/images/cloud-gcp-vm-08.png b/docs/_static/images/cloud-gcp-vm-08.png Binary files differnew file mode 100755 index 00000000..c3d6cbeb --- /dev/null +++ b/docs/_static/images/cloud-gcp-vm-08.png diff --git a/docs/_static/images/cloud-gcp-vm-09.png b/docs/_static/images/cloud-gcp-vm-09.png Binary files differnew file mode 100755 index 00000000..5ad7efaf --- /dev/null +++ b/docs/_static/images/cloud-gcp-vm-09.png diff --git a/docs/_static/images/cloud-gcp-vpc-01.png b/docs/_static/images/cloud-gcp-vpc-01.png Binary files differnew file mode 100755 index 00000000..b1967096 --- /dev/null +++ b/docs/_static/images/cloud-gcp-vpc-01.png diff --git a/docs/_static/images/cloud-gcp-vpc-02.png b/docs/_static/images/cloud-gcp-vpc-02.png Binary files differnew file mode 100755 index 00000000..3c2ca787 --- /dev/null +++ b/docs/_static/images/cloud-gcp-vpc-02.png diff --git a/docs/_static/images/cloud-gcp-vpc-03.png b/docs/_static/images/cloud-gcp-vpc-03.png Binary files differnew file mode 100755 index 00000000..6f8f282d --- /dev/null +++ b/docs/_static/images/cloud-gcp-vpc-03.png diff --git a/docs/_static/images/cloud-gcp-vpc-04.png b/docs/_static/images/cloud-gcp-vpc-04.png Binary files differnew file mode 100755 index 00000000..4aa0ba40 --- /dev/null +++ b/docs/_static/images/cloud-gcp-vpc-04.png diff --git a/docs/_static/images/cloud-gcp-vpc-05.png b/docs/_static/images/cloud-gcp-vpc-05.png Binary files differnew file mode 100755 index 00000000..0d6a94d0 --- /dev/null +++ b/docs/_static/images/cloud-gcp-vpc-05.png diff --git a/docs/_static/images/cloud-gcp-vpc-06.png b/docs/_static/images/cloud-gcp-vpc-06.png Binary files differnew file mode 100755 index 00000000..5508e4b6 --- /dev/null +++ b/docs/_static/images/cloud-gcp-vpc-06.png diff --git a/docs/_static/images/cloud-gcp-vpc-07.png b/docs/_static/images/cloud-gcp-vpc-07.png Binary files differnew file mode 100755 index 00000000..29f0ce8e --- /dev/null +++ b/docs/_static/images/cloud-gcp-vpc-07.png diff --git a/docs/conf.py b/docs/conf.py index 09e50e7e..7d933306 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -22,7 +22,7 @@ from docutils.parsers.rst.roles import set_classes # -- Project information ----------------------------------------------------- project = u'VyOS' -copyright = u'2023, VyOS maintainers and contributors' +copyright = u'2024, VyOS maintainers and contributors' author = u'VyOS maintainers and contributors' # The short X.Y version @@ -109,6 +109,8 @@ html_theme = "sphinx_rtd_theme" # so a file named "default.css" will overwrite the builtin "default.css". html_static_path = ['_static'] +html_extra_path = ['_html_extra'] + # Custom sidebar templates, must be a dictionary that maps document names # to template names. # diff --git a/docs/configuration/interfaces/macsec.rst b/docs/configuration/interfaces/macsec.rst index 0c0c052b..1ab7f361 100644 --- a/docs/configuration/interfaces/macsec.rst +++ b/docs/configuration/interfaces/macsec.rst @@ -236,4 +236,50 @@ the unencrypted but authenticated content. set interfaces macsec macsec1 security static key 'eadcc0aa9cf203f3ce651b332bd6e6c7' set interfaces macsec macsec1 security static peer R2 mac 00:11:22:33:44:01 set interfaces macsec macsec1 security static peer R2 key 'ddd6f4a7be4d8bbaf88b26f10e1c05f7' - set interfaces macsec macsec1 source-interface 'eth1'
\ No newline at end of file + set interfaces macsec macsec1 source-interface 'eth1' + +*************** +MACsec over wan +*************** + +MACsec is an interesting alternative to existing tunneling solutions that +protects layer 2 by performing integrity, origin authentication, and optionally +encryption. The typical use case is to use MACsec between hosts and access +switches, between two hosts, or between two switches. in this example below, +we use VXLAN and MACsec to secure the tunnel. + +**R1 MACsec01** + +.. code-block:: none + + set interfaces macsec macsec1 address '192.0.2.1/24' + set interfaces macsec macsec1 address '2001:db8::1/64' + set interfaces macsec macsec1 security cipher 'gcm-aes-128' + set interfaces macsec macsec1 security encrypt + set interfaces macsec macsec1 security static key 'ddd6f4a7be4d8bbaf88b26f10e1c05f7' + set interfaces macsec macsec1 security static peer SEC02 key 'eadcc0aa9cf203f3ce651b332bd6e6c7' + set interfaces macsec macsec1 security static peer SEC02 mac '00:11:22:33:44:02' + set interfaces macsec macsec1 source-interface 'vxlan1' + set interfaces vxlan vxlan1 mac '00:11:22:33:44:01' + set interfaces vxlan vxlan1 remote '10.1.3.3' + set interfaces vxlan vxlan1 source-address '172.16.100.1' + set interfaces vxlan vxlan1 vni '10' + set protocols static route 10.1.3.3/32 next-hop 172.16.100.2 + +**R2 MACsec02** + +.. code-block:: none + + set interfaces macsec macsec1 address '192.0.2.2/24' + set interfaces macsec macsec1 address '2001:db8::2/64' + set interfaces macsec macsec1 security cipher 'gcm-aes-128' + set interfaces macsec macsec1 security encrypt + set interfaces macsec macsec1 security static key 'eadcc0aa9cf203f3ce651b332bd6e6c7' + set interfaces macsec macsec1 security static peer SEC01 key 'ddd6f4a7be4d8bbaf88b26f10e1c05f7' + set interfaces macsec macsec1 security static peer SEC01 mac '00:11:22:33:44:01' + set interfaces macsec macsec1 source-interface 'vxlan1' + set interfaces vxlan vxlan1 mac '00:11:22:33:44:02' + set interfaces vxlan vxlan1 remote '10.1.2.2' + set interfaces vxlan vxlan1 source-address '172.16.100.2' + set interfaces vxlan vxlan1 vni '10' + set protocols static route 10.1.2.2/32 next-hop 172.16.100.1 diff --git a/docs/configuration/interfaces/vxlan.rst b/docs/configuration/interfaces/vxlan.rst index af00fdec..831870c5 100644 --- a/docs/configuration/interfaces/vxlan.rst +++ b/docs/configuration/interfaces/vxlan.rst @@ -31,10 +31,6 @@ If configuring VXLAN in a VyOS virtual machine, ensure that MAC spoofing (Hyper-V) or Forged Transmits (ESX) are permitted, otherwise forwarded frames may be blocked by the hypervisor. -.. note:: As VyOS is based on Linux and there was no official IANA port assigned - for VXLAN, VyOS uses a default port of 8472. You can change the port on a - per VXLAN interface basis to get it working across multiple vendors. - Configuration ============= @@ -58,11 +54,7 @@ VXLAN specific options Configure port number of remote VXLAN endpoint. - .. note:: As VyOS is Linux based the default port used is not using 4789 - as the default IANA-assigned destination UDP port number. Instead VyOS - uses the Linux default port of 8472. - -.. cfgcmd:: set interfaces vxlan <interface> source-address <interface> +.. cfgcmd:: set interfaces vxlan <interface> source-address <IP address> Source IP address used for VXLAN underlay. This is mandatory when using VXLAN via L2VPN/EVPN. @@ -331,10 +323,9 @@ multicast-address. set interfaces vxlan vxlan241 port 12345 -The destination port used for creating a VXLAN interface in Linux defaults to -its pre-standard value of 8472 to preserve backward compatibility. A -configuration directive to support a user-specified destination port to override -that behavior is available using the above command. +The destination port used for creating a VXLAN interface defaults to +4789. Aconfiguration directive to support a user-specified destination port +to override that behavior is available using the above command. Unicast VXLAN ============= @@ -354,5 +345,5 @@ set directly. Let's change the Multicast example from above: # leaf3 set interface vxlan vxlan241 remote 10.1.2.2 -The default port udp is set to 8472. +The default port udp is set to 4789. It can be changed with ``set interface vxlan <vxlanN> port <port>`` diff --git a/docs/configuration/pki/index.rst b/docs/configuration/pki/index.rst index 99bd2815..70b89d9f 100644 --- a/docs/configuration/pki/index.rst +++ b/docs/configuration/pki/index.rst @@ -255,6 +255,8 @@ ACME The VyOS PKI subsystem can also be used to automatically retrieve Certificates using the :abbr:`ACME (Automatic Certificate Management Environment)` protocol. +VyOS 1.4.1 does not store the intermediate certificates from ACME. Which makes +this functionality limited. See :vytask:`T7299`. .. cfgcmd:: set pki certificate <name> acme domain-name <name> diff --git a/docs/configuration/policy/route-map.rst b/docs/configuration/policy/route-map.rst index ccc4cef0..909f7e25 100644 --- a/docs/configuration/policy/route-map.rst +++ b/docs/configuration/policy/route-map.rst @@ -179,6 +179,10 @@ Route Map Match RPKI validation result. +.. cfgcmd:: set policy route-map <text> rule <1-65535> match source-vrf <text> + + Source VRF to match. + .. cfgcmd:: set policy route-map <text> rule <1-65535> match tag <1-65535> Route tag to match. diff --git a/docs/configuration/service/dhcp-server.rst b/docs/configuration/service/dhcp-server.rst index 45555336..a02f60d1 100644 --- a/docs/configuration/service/dhcp-server.rst +++ b/docs/configuration/service/dhcp-server.rst @@ -170,28 +170,44 @@ Individual Client Subnet Enable DHCP failover configuration for this address pool. -Failover --------- +High Availability +----------------- + +VyOS provides High Availability support for DHCP server. DHCP High +Availability can act in two different modes: + +* **Active-active**: both DHCP servers will respond to DHCP requests. If + ``mode`` is not defined, this is the default behavior. + +* **Active-passive**: only ``primary`` server will respond to DHCP requests. + If this server goes offline, then ``secondary`` server will take place. + +DHCP High Availability must be configured explicitly by the following +statements on both servers: + +.. cfgcmd:: set service dhcp-server high-availability mode [active-active + | active-passive] -VyOS provides support for DHCP failover. DHCP failover must be configured -explicitly by the following statements. + Define operation mode of High Availability feature. Default value if command + is not specified is `active-active` -.. cfgcmd:: set service dhcp-server failover source-address <address> +.. cfgcmd:: set service dhcp-server high-availability source-address <address> - Local IP `<address>` used when communicating to the failover peer. + Local IP `<address>` used when communicating to the HA peer. -.. cfgcmd:: set service dhcp-server failover remote <address> +.. cfgcmd:: set service dhcp-server high-availability remote <address> - Remote peer IP `<address>` of the second DHCP server in this failover + Remote peer IP `<address>` of the second DHCP server in this HA cluster. -.. cfgcmd:: set service dhcp-server failover name <name> +.. cfgcmd:: set service dhcp-server high-availability name <name> A generic `<name>` referencing this sync service. .. note:: `<name>` must be identical on both sides! -.. cfgcmd:: set service dhcp-server failover status <primary | secondary> +.. cfgcmd:: set service dhcp-server high-availability status <primary + | secondary> The primary and secondary statements determines whether the server is primary or secondary. @@ -200,12 +216,12 @@ explicitly by the following statements. their lease tables in sync, they must be able to reach each other on TCP port 647. If you have firewall rules in effect, adjust them accordingly. - .. hint:: The dialogue between failover partners is neither encrypted nor + .. hint:: The dialogue between HA partners is neither encrypted nor authenticated. Since most DHCP servers exist within an organisation's own secure Intranet, this would be an unnecessary overhead. However, if you - have DHCP failover peers whose communications traverse insecure networks, + have DHCP HA peers whose communications traverse insecure networks, then we recommend that you consider the use of VPN tunneling between them - to ensure that the failover partnership is immune to disruption + to ensure that the HA partnership is immune to disruption (accidental or otherwise) via third parties. Static mappings diff --git a/docs/configuration/system/flow-accounting.rst b/docs/configuration/system/flow-accounting.rst index 8d46b178..b36ddc27 100644 --- a/docs/configuration/system/flow-accounting.rst +++ b/docs/configuration/system/flow-accounting.rst @@ -42,6 +42,10 @@ exported. Configuration ============= +.. warning:: Using NetFlow on routers with high traffic levels may lead to + high CPU usage and may affect the router's performance. In such cases, + consider using sFlow instead. + In order for flow accounting information to be collected and displayed for an interface, the interface must be configured for flow accounting. diff --git a/docs/configuration/system/option.rst b/docs/configuration/system/option.rst index 02c889dd..d039315c 100644 --- a/docs/configuration/system/option.rst +++ b/docs/configuration/system/option.rst @@ -43,8 +43,6 @@ Kernel .. cfgcmd:: set system option kernel disable-power-saving - Disable CPU power saving mechanisms also known as C states. - This will add the following two options to the Kernel commandline: * ``intel_idle.max_cstate=0`` Disable intel_idle and fall back on acpi_idle @@ -52,6 +50,33 @@ Kernel .. note:: Setting will only become active with the next reboot! +.. cfgcmd:: set system option kernel amd-pstate-driver <mode> + + Enables and configures p-state driver for modern AMD Ryzen and Epyc CPUs. + + The available modes are: + + * ``active`` This is the low-level firmware control mode based on the profile + set and the system governor has no effect. + * ``passive`` The driver allows the system governor to manage CPU frequency + while providing available performance states. + * ``guided`` The driver allows to set desired performance levels and the firmware + selects a performance level in this range and fitting to the current workload. + + This will add the following two options to the Kernel commandline: + + * ``initcall_blacklist=acpi_cpufreq_init`` Disable default ACPI CPU frequency scale + * ``amd_pstate={mode}`` Sets the p-state mode + + .. note:: Setting will only become active with the next reboot! + + .. seealso:: https://docs.kernel.org/admin-guide/pm/amd-pstate.html + +.. cfgcmd:: set system option kernel quiet + + Suppress most kernel messages during boot. This is useful for systems with + embedded serial console interfaces to speed up the boot process. + *********** HTTP client *********** diff --git a/docs/configuration/vrf/index.rst b/docs/configuration/vrf/index.rst index 08f489bb..0d44e326 100644 --- a/docs/configuration/vrf/index.rst +++ b/docs/configuration/vrf/index.rst @@ -505,6 +505,12 @@ address-family. derived and should not be specified explicitly for either the source or destination VRF’s. +.. cfgcmd:: set vrf name <name> protocols bgp address-family + <ipv4-unicast|ipv6-unicast> route-map vrf import + [route-map <name>] + + Specifies an optional route-map to be applied to routes imported from VRFs. + .. cfgcmd:: set vrf name <name> protocols bgp interface <interface> mpls forwarding diff --git a/docs/installation/cloud/aws.rst b/docs/installation/cloud/aws.rst index 992e2609..3370169f 100644 --- a/docs/installation/cloud/aws.rst +++ b/docs/installation/cloud/aws.rst @@ -2,52 +2,624 @@ Amazon AWS ########## -Deploy VM ---------- -Deploy VyOS on Amazon :abbr:`AWS (Amazon Web Services)` +This manual provides detailed step-by-step instructions for deploying a VyOS instance and required resources (VPC, ENIs, Subnets, Security Groups) on AWS. -1. Click to ``Instances`` and ``Launch Instance`` +Prerequisites +======== -.. figure:: /_static/images/cloud-aws-01.png +1. AWS Account +----------- +Ensure you have an AWS account with administrative access. -2. On the marketplace search "VyOS" +2. IAM Permissions +----------- -.. figure:: /_static/images/cloud-aws-02.png +To deploy VyOS and related resources, the user must have the following permissions: -3. Choose the instance type. Minimum recommendation start from ``m3.medium`` +- ``ec2:`` for managing EC2, ENIs, and EIPs. +- ``vpc:`` for creating VPCs, subnets, and route tables. +- ``iam:`` for attaching roles. -.. figure:: /_static/images/cloud-aws-03.png +3. SSH Key Pair +----------- -4. Configure instance for your requirements. Select number of - instances / network / subnet +You can use Amazon EC2 to create your key pairs, or you can use a third-party tool to create your key pairs and then import them to Amazon EC2. +Amazon EC2 supports: -.. figure:: /_static/images/cloud-aws-04.png +- ``2048-bit SSH-2 RSA keys`` for Linux and Windows instances. +- ``ED25519 keys`` for Linux instances (not supported for Windows). -5. Additional storage. You can remove additional storage ``/dev/sdb``. First - root device will be ``/dev/xvda``. You can skip this step. +When you create a key pair using Amazon EC2: -.. figure:: /_static/images/cloud-aws-05.png +- The ``public key`` is stored in Amazon EC2. +- You store the ``private key`` securely on your local machine. -6. Configure Security Group. It's recommended that you configure ssh access - only from certain address sources. Or permit any (by default). -.. figure:: /_static/images/cloud-aws-06.png +Steps to Create a Key Pair Using Amazon EC2 +^^^^^^^^^^^^^^ -7. Select SSH key pair and click ``Launch Instances`` +- Open the Amazon EC2 console https://console.aws.amazon.com/ec2/. -.. figure:: /_static/images/cloud-aws-07.png +- In the navigation pane, under ``Network & Security``, choose ``Key Pairs``. -8. Find out your public IP address. +.. figure:: /_static/images/cloud-aws-keypair-01.png -.. figure:: /_static/images/cloud-aws-08.png +- Choose ``Create key pair`` and select ``AWS region`` at the top right corner of the windows where you plan to deploy the VyOS instance. -9. Connect to the instance by SSH key. +.. figure:: /_static/images/cloud-aws-keypair-02.png + +- Configure Key Pair: +"""""""""" + + - **Name**: Enter a descriptive name for the key pair, e.g., ``vyos-keypair``. + + .. note:: The key name can include up to 255 ASCII characters. It cannot include leading or trailing spaces. + + - **Select Key Pair Type**: + - For **Linux instances**: Choose either **RSA** or **ED25519**. + + - For **Windows instances**: Choose **RSA**. + + .. note:: ED25519 keys are not supported for Windows instances. + + - **Private Key File Format**: + - **PEM**: Choose this format if using OpenSSH or other SSH clients (e.g., on Linux/macOS). + - **PPK**: Choose this format if using PuTTY on Windows. + +- **Optional**: Add tags to the key pair. Choose **Add tag** and provide the **key** and **value** for each tag. + +- Choose **Create key pair**. + +- The private key file will automatically download to your browser. + - The file name will match the name you provided (e.g., `vyos-keypair.pem`), with the extension determined by the format you chose. + +.. figure:: /_static/images/cloud-aws-keypair-03.png + +.. figure:: /_static/images/cloud-aws-keypair-04.png + + **Important Notes** + +- **Save the private key file securely**: + This is your **only chance** to download the private key. If you lose it, you cannot connect to your instance. + +- If you are using SSH on a **macOS or Linux computer**, set the correct permissions for the private key file: + +.. code-block:: none + + chmod 400 vyos-keypair.pem + +If permissions are not set to **400**, you will encounter an **"Unprotected private key file"** error when attempting to connect to the instance. + + **Example Usage for SSH** + +.. code-block:: none + + ssh -i vyos-keypair.pem vyos@<Public/Elastic IP> + +For more information, please visit the official AWS documentation: + +https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/create-key-pairs.html#having-ec2-create-your-key-pair + + +4. VyOS Subscription +----------- +- Go to the AWS Marketplace https://aws.amazon.com/marketplace and search for **VyOS**. +- Subscribe to the VyOS AMI. + +For more information, please visit: + +https://aws.amazon.com/marketplace/seller-profile?id=7636d180-1710-48bc-acd6-d323c4a0429f + + +Create required resources +======== + +Certain resources need to be created in the AWS infrastructure before creating a VyOS instance, such as a VPC, Subnets, Elastic IPs, Route Tables, Security Groups, and others. + +Step 1: Create Virtual Private Cloud (VPC) and Subnets +----------- + +1. Create a VPC +^^^^^^^^^^^^^^ + +To create a VPC for your AWS environment: + +- Go to the **Amazon VPC Console** at https://console.aws.amazon.com/vpc/. + +- In the navigation pane, choose **Your VPCs**. + +- Choose **Create VPC**. + +.. figure:: /_static/images/cloud-aws-vpc-01.png + +- **Configure VPC Settings**: + - **Name tag - optional**: Enter a descriptive name for your VPC, e.g., ``VyOS-VPC``. + - **IPv4 CIDR Block**: Enter ``10.0.0.0/16``. + +- Choose **Create VPC**. + +.. figure:: /_static/images/cloud-aws-vpc-02.png + +.. figure:: /_static/images/cloud-aws-vpc-03.png + +For more information, please visit the AWS documentation: + +https://docs.aws.amazon.com/vpc/latest/userguide/create-vpc.html + + +2. Create Subnets +^^^^^^^^^^^^^^ + +Subnets allow you to divide your VPC into smaller IP spaces. Follow these steps to create subnets for both **public** and **private** networks: + +- Go to the **Amazon VPC Console** at https://console.aws.amazon.com/vpc/. + +- In the navigation pane, choose **Subnets**. + +- Choose **Create Subnet**. + +.. figure:: /_static/images/cloud-aws-subnet-01.png + +- Configure Subnet Settings: +"""""""""" + + - **Public Subnet**: + + - **VPC**: Select ``VyOS-VPC``. + + - **Name Tag**: ``VyOS-Public-Subnet``. + + - **IPv4 CIDR Block**: ``10.0.1.0/24``. + + - **Availability Zone**: Select an AZ, e.g., ``us-east-1a``. + + - **Private Subnet**: + + - **VPC**: Select ``VyOS-VPC``. + + - **Name Tag**: ``VyOS-Private-Subnet``. + + - **IPv4 CIDR Block**: ``10.0.2.0/24``. + + - **Availability Zone**: Select an AZ, e.g., ``us-east-1a``. + + +- Choose **Create Subnet**. + +.. figure:: /_static/images/cloud-aws-subnet-02.png + +.. figure:: /_static/images/cloud-aws-subnet-03.png + +For additional information, please visit the AWS documentation: + +https://docs.aws.amazon.com/vpc/latest/userguide/create-subnets.html + +For additional details about IP addressing for your VPC and subnets, refer to the AWS documentation: + +https://docs.aws.amazon.com/vpc/latest/userguide/vpc-ip-addressing.html + + +Step 2: Create and Configure Security Groups +----------- + +1. Create Public Security Group +^^^^^^^^^^^^^^ + +The **Public Security Group** is used for **outbound connectivity**. All external resources, systems, or networks will connect via this security group. + +- Open the **Amazon EC2 Console** at https://console.aws.amazon.com/ec2/. + +- In the navigation pane, choose **Security Groups**. + +- Choose **Create Security Group**. + +.. figure:: /_static/images/cloud-aws-sg-01.png + +- **Configure the Security Group**: + + - **Name**: ``VyOS-Public-SG``. + + - **Description**: "Public security group for outbound connectivity" + + - **VPC**: Select the VPC in which your VyOS instance resides. + +- Inbound Rules: +"""""""""" + + - **SSH**: Port ``22``, Source ``0.0.0.0/0`` (Restrict to your IP for security). + + - **ICMP**: Allow for ping testing purposes. + + - **IPSec**: Allow port ``500`` (UDP) for ISAKMP (Phase 1 negotiation). + + - **NAT Traversal**: Allow port ``4500`` (UDP) for NAT-T support in IPsec. + + - **WireGuard**: Allow port ``51820`` (UDP). + + - **OpenVPN**: Allow port ``1194`` (UDP or TCP). + +.. figure:: /_static/images/cloud-aws-sg-02.png + +- (Optional) Add tags to identify the security group: + - **Key**: `Name`, **Value**: `VyOS-Public-SG`. + +- Choose **Create Security Group**. + +.. figure:: /_static/images/cloud-aws-sg-03.png + + +2. Create Private Security Group +^^^^^^^^^^^^^^ + +The **Private Security Group** is used for **internal connectivity** from internal or VPC-based resources. + +- Open the **Amazon EC2 Console**. + +- In the navigation pane, choose **Security Groups**. + +- Choose **Create Security Group**. + +- Configure the Security Group: +"""""""""" + + - **Name**: ``VyOS-Private-SG``. + + - **Description**: "Private security group for internal connectivity" + + - **VPC**: Select the VPC in which your VyOS instance resides. + +- Inbound Rules: +"""""""""" + + - Allow **All Traffic** (``0.0.0.0/0``) for internal connectivity between resources, VPCs, and other trusted networks. + +.. figure:: /_static/images/cloud-aws-sg-04.png + +- (Optional) Add tags to identify the security group: + - **Key**: ``Name``, **Value**: ``VyOS-Private-SG``. + +- Choose **Create Security Group**. + +.. figure:: /_static/images/cloud-aws-sg-05.png + +For detailed instructions on creating a security group, refer to the official AWS documentation: + +https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/creating-security-group.html + +For more information, refer to the official AWS documentation: + +https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html + + +Step 3: Create ENIs (Elastic Network Interfaces) +----------- + +Network Interfaces (ENIs) are essential for connecting instances to subnets and managing network traffic. Follow the steps below to create **Public** and **Private** ENIs. + +- Open the **Amazon EC2 Console** at https://console.aws.amazon.com/ec2/. + +- In the navigation pane, choose **Network Interfaces**. + +- Choose **Create Network Interface**. + +- **Configure Network Interface Settings**: + +Public ENI +"""""""""" + - **Name**: ``VyOS-Public-ENI``. + + - **Description**: "Network Interface for Public Subnet." + + - **Subnet**: Select the ``VyOS-Public-Subnet`` you created earlier. + + - **Private IPv4 Address**: Choose **Auto-assign** to let AWS pick an IP address from the subnet. + + - **Security Group**: Select the ``VyOS-Public-SG``. + + - (Optional) Add tags to identify the ENIs: + **Key**: ``Name``, **Value**: ``VyOS-Public-ENI``. + + - Choose **Create Network Interface**. + + .. figure:: /_static/images/cloud-aws-eni-01.png + +Private ENI +"""""""""" + - **Name**: ``VyOS-Private-ENI``. + + - **Description**: "Network Interface for Private Subnet." + + - **Subnet**: Select the ``VyOS-Private-Subnet`` you created earlier. + + - **Private IPv4 Address**: Choose **Auto-assign** to let AWS pick an IP address from the subnet. + + - **Security Group**: Select the ``VyOS-Private-SG``. + + - (Optional) Add tags to identify the ENIs: + **Key**: ``Name``, **Value**: ``VyOS-Private-ENI``. + + - Choose **Create Network Interface**. + + .. figure:: /_static/images/cloud-aws-eni-02.png + +Step 4: Configure Internet Gateway +----------- + +An **Internet Gateway** allows communication between your VPC and the internet. Follow the steps below to create and attach an Internet Gateway to your VPC. + +1. Create an Internet Gateway +^^^^^^^^^^^^^^ + +- Open the **Amazon VPC Console** at https://console.aws.amazon.com/vpc/. + +- In the navigation pane, choose **Internet Gateways**. + +- Choose **Create Internet Gateway**. + +- **Configure Internet Gateway**: + - (Optional) **Name**: Enter a descriptive name, e.g., ``VyOS-IGW``. + +- (Optional) Add a tag to identify the Internet Gateway: + - **Key**: ``Name``, **Value**: ``VyOS-IGW``. + +- Choose **Create Internet Gateway**. + +.. figure:: /_static/images/cloud-aws-igw-01.png + + +2. Attach the Internet Gateway to Your VPC +^^^^^^^^^^^^^^ + +To enable your VPC to access the internet, attach the Internet Gateway to your VPC: + +- After creating the Internet Gateway, select it from the **Internet Gateways** list. + +- Choose **Actions > Attach to VPC**. + +- Select the VPC where you want to attach the Internet Gateway: + - Choose `VyOS-VPC` (the VPC you created earlier). + +- Choose **Attach Internet Gateway**. + +.. figure:: /_static/images/cloud-aws-igw-02.png + +For more details, refer to the official AWS documentation: + +https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html. + + +Step 5: Configure Route Tables +----------- + +Route tables define the paths for network traffic within your VPC. In this step, we will configure **Public** and **Private** route tables to control traffic flow for their respective subnets. + + +1. Create and Configure the Public Route Table +^^^^^^^^^^^^^^ + +- **Go to the Route Tables Section:** + - Open the **Amazon VPC Console** at https://console.aws.amazon.com/vpc/. + - In the left navigation pane, choose **Route Tables**. + +- **Create a New Route Table:** + + - In the **Route Tables** section, choose **Create Route Table**. + + - Configure the route table: + + - **Name**: ``Public RT``. + + - **VPC**: Select the ``VyOS-VPC``. + + - Click **Create Route Table**. + + .. figure:: /_static/images/cloud-aws-route-01.png + +- **Add a Route to the Internet Gateway:** + + - Go to the **Routes** tab and click **Edit Routes**. + + - Click **Add Route** and enter: + + - **Destination**: ``0.0.0.0/0`` (Default route to all IPs). + + - **Target**: Select the **Internet Gateway** (``VyOS-IGW``) you created earlier. + + - Click **Save Routes**. + + .. figure:: /_static/images/cloud-aws-route-02.png + +- **Associate the Public Subnet:** + + - Go to the **Subnet Associations** tab and click **Edit Subnet Associations**. + + - Select the **Public Subnet** (``VyOS-Public-Subnet``). + + - Click **Save associations**. + + .. figure:: /_static/images/cloud-aws-route-03.png + + +Step 6: Allocate and Attach Elastic IP (EIP) +----------- + +An **Elastic IP (EIP)** is a static, public IPv4 address designed for dynamic cloud computing. Elastic IP addresses can help maintain consistent connectivity to instances, even if they are stopped, rebooted, or replaced. + +- Elastic IP addresses are **public IPv4 addresses** and are reachable from the internet. +- They can be quickly remapped to different instances or network interfaces within your AWS account to mask failures. + +For more details, refer to the official AWS documentation: + +https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html. + + +Steps to Allocate and Attach Elastic IP +^^^^^^^^^^^^^^ + +1. Allocate Elastic IP +"""""""""" + +- Open the **Amazon EC2 Console** at https://console.aws.amazon.com/ec2/. + +- In the navigation pane, choose **Elastic IPs**. + +- Choose **Allocate Elastic IP address**. + +- **Elastic IP address settings**: + - For **Public IPv4 address pool**, select **Amazon's pool of IPv4 addresses**. + +- (Optional) Add a tag: + - **Key**: ``Name``, **Value**: ``VyOS-EIP``. + +- Choose **Allocate**. + +.. figure:: /_static/images/cloud-aws-eip-01.png + +2. Attach Elastic IP to Public ENI +"""""""""" + +- Go to **EC2 > Elastic IPs**. + +- Select the **Elastic IP** you just allocated. + +- Choose **Actions > Associate Elastic IP address**. + +- **Configure Association**: + + - **Resource type**: Choose **Network Interface**. + + - **Network Interface**: Select the **VyOS-Public-ENI** created earlier. + + - **Private IPv4 Address**: Ensure it is correctly selected. + +- (Optional) Select **Allow the Elastic IP address to be reassociated** if the EIP is already associated with another resource. + +- Choose **Associate**. + +.. figure:: /_static/images/cloud-aws-eip-02.png + +**Why Use Elastic IP?** + +- **Consistency**: The EIP remains static, even if the instance stops or is replaced. + +- **Failover**: If an instance fails, you can remap the EIP to a new instance to restore services quickly. + +- **DNS Integration**: You can point your domain to the Elastic IP for consistent public access. + +For additional details, refer to the AWS documentation: + +https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/working-with-eips.html + + +Launch VyOS Instance +======== + +Follow the detailed instructions below to launch a VyOS instance in your AWS environment with two ENIs (Public and Private). + +- Open the **Amazon EC2 Console** at https://console.aws.amazon.com/ec2/. + +- In the EC2 dashboard, choose **Launch Instance**. + +- **Configure Instance Details**: + + - **Name and Tags**: + + - Under **Name and tags**, enter a descriptive name for your instance, e.g., ``VyOS-Instance``. + + .. figure:: /_static/images/cloud-aws-vyos-01.png + + - **Application and OS Images (AMI)**: + + - Choose **Browse more AMIs**. + + - Go to the **AWS Marketplace** tab and search for **VyOS**. + + - Choose the VyOS AMI that matches your requirements and click **Select**. + + .. figure:: /_static/images/cloud-aws-vyos-02.png + + .. figure:: /_static/images/cloud-aws-vyos-03.png + + - **Instance Type**: + - Select the instance type that fits your workload. For example: + + - ``c5n.large`` (or larger recommended for VyOS). + + .. figure:: /_static/images/cloud-aws-vyos-04.png + + - **Key pair (login)**: + + - For **Key pair name**, select the key pair you created earlier (``vyos-keypair``). + + - If you do not have a key pair, create a new one and download the private key file. + + .. figure:: /_static/images/cloud-aws-vyos-05.png + + - **Network Settings**: + + - **VPC**: Select ``VyOS-VPC``. + + - **Subnet**: Select the **Public Subnet** (``VyOS-Public-Subnet``). + + - **Auto-assign Public IP**: **Disable**. + + - **Firewall (security groups)**: Select the **Select existing security group**. + + - **Common security groups**: Live empty (Do not select any security groups). + + .. figure:: /_static/images/cloud-aws-vyos-09.png + + - **Advanced network configuration** + + - **Network interface 1** select ``VyOS-Public-ENI`` + + .. figure:: /_static/images/cloud-aws-vyos-07.png + + - Click to the **Add network interface** button + + - **Network interface 2** select ``VyOS-Private-ENI`` + + .. figure:: /_static/images/cloud-aws-vyos-08.png + + - In **Subnet** deselect subnet + + .. figure:: /_static/images/cloud-aws-vyos-10.png + +- Review the instance configuration in the **Summary** panel and choose **Launch Instance**. + +- Wait until the instance status changes to **Running**. + +.. figure:: /_static/images/cloud-aws-vyos-11.png + + +Connect to the VyOS instance +----------- + + You can only connect to the VyOS instance via **SSH** protocol. Use the default username **vyos**, **Elastic IP** and **SSH Key Pair** to connect to the VyOS instance via SSH: + + .. code-block:: none + + ssh -i vyos-keypair.pem vyos@35.152.131.62 + + +Deployment of VyOS Instance and Required Resources via CloudFormation Template +======== + +These CloudFormation templates automate the deployment of a VyOS instance on AWS, configuring essential components such as: + +- VPC +- Public and private subnets +- Internet Gateway +- Route Tables +- Elastic IPs +- Security Groups + +You can download or clone these templates from the GitHub repository and use them in your environment: + +https://github.com/vyos/vyos-automation/tree/main/CloudFormation - .. code-block:: none - ssh -i ~/.ssh/amazon.pem vyos@203.0.113.3 - vyos@ip-192-0-2-10:~$ Amazon CloudWatch Agent Usage ----------------------------- diff --git a/docs/installation/cloud/azure.rst b/docs/installation/cloud/azure.rst index e19df986..81c05077 100644 --- a/docs/installation/cloud/azure.rst +++ b/docs/installation/cloud/azure.rst @@ -1,72 +1,433 @@ -##### -Azure -##### +########## +Microsoft Azure +########## -Deploy VM ---------- -Deploy VyOS on Azure. +This manual provides detailed step-by-step instructions for deploying a VyOS instance and required resources (Virtual Networks, Network Interfaces, Subnets, Security Groups) on Azure via the Azure Portal. -1. Go to the Azure services and Click to **Add new Virtual machine** +Prerequisites for Deploying VyOS on Azure +======== -2. Choose vm name, resource group, region and click **Browse all public and - private images** +Azure Account +----------- -.. figure:: /_static/images/cloud-azure-01.png +Ensure you have an active Azure subscription. -3. On the marketplace search ``VyOS`` and choose the appropriate subscription +Microsoft Entra ID Permissions +----------- -.. figure:: /_static/images/cloud-azure-02.png +To manage resources in **Azure Entra ID** (formerly Azure AD), you need appropriate permissions to handle **Virtual Networks**, **Public IP Addresses**, **Subnets**, and **Virtual Machines**. -4. Generate new SSH key pair or use existing. +**Reference Documentation:** -.. figure:: /_static/images/cloud-azure-03.png +https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/manage-roles-portal -5. Define network, subnet, Public IP. Or it will be created by default. +https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal -.. figure:: /_static/images/cloud-azure-04.png +https://learn.microsoft.com/en-us/azure/role-based-access-control/overview -6. Click ``Review + create``. After a few seconds your deployment will be complete +Deployment Steps +======== -.. figure:: /_static/images/cloud-azure-05.png +Step 1: Create a Resource Group +----------- -7. Click to your new vm and find out your Public IP address. +A resource group is a container that holds related resources for an Azure solution. The resource group can include all the resources for the solution, or only those resources that you want to manage as a group. -.. figure:: /_static/images/cloud-azure-06.png +Create resource groups +^^^^^^^^^^^^^^ -8. Connect to the instance by SSH key. +- Go to the Azure Portal https://portal.azure.com/. + +- Sign in with your Azure account credentials. + +- In the portal, search for and select **Resource groups**. + +- Select **Create**. + +.. figure:: /_static/images/cloud-azure-rg-01.png + +- Enter the following values: + +- **Subscription**: Select your Azure subscription. + +- **Resource group**: Enter a new resource group name, e.g., ``VyOSResourceGroup``. + +- **Region**: Select an Azure location, such as Central US. + +- Select **Review + Create** + +- Select **Create**. It takes a few seconds to create a resource group. + +.. figure:: /_static/images/cloud-azure-rg-02.png + + +Step 2: Create a Virtual Network (VNet) and Subnets +----------- + +Sign in to the Azure portal with your Azure account https://portal.azure.com/ + +- In the portal, search for and select **Virtual networks**. + +- On the **Virtual networks** page, select **+ Create**. + +- On the **Basics** tab of **Create virtual network**, enter, or select the following information: + +- **Subscription**: Select your Subscription + +- **Resource Group**: Select e.g., ``VyOSResourceGroup`` + +- **Name**: e.g., ``VyOS-VirtualNetwork`` + +- **Region**: e.g., ``West Europe``. + +.. figure:: /_static/images/cloud-azure-vnet-01.png + +**IP addresses**: + +- Address Space: ``10.1.0.0/16`` + +.. figure:: /_static/images/cloud-azure-vnet-02.png + +**Add two subnets**: + +- Name: e.g., ``VyOS-Private-Subnet`` + + Starting address: e.g., ``10.1.1.0`` + + Size: ``/24`` + +- Name: e.g., ``VyOS-Public-Subnet`` + + Starting address: e.g., ``10.1.11.0`` + + Size: ``/24`` + +.. figure:: /_static/images/cloud-azure-vnet-03.png + +.. figure:: /_static/images/cloud-azure-vnet-04.png + +.. figure:: /_static/images/cloud-azure-vnet-05.png + +- Click **Review + Create** and then **Create**. + + +Step 3: Create and configure Network Security Group (NSG) +----------- + +- In the Azure Portal, search for and select **Network Security Groups**. + +- On the **Network Security Groups** page, select **+ Create**. + +Enter the details: + +- **Subscription**: Select your Subscription + +- **Resource Group**: Select ``VyOSResourceGroup`` + +- **Name**: e.g., ``VyOS-SecurityGroup`` + +- **Region**: e.g., ``West Europe``. + +.. figure:: /_static/images/cloud-azure-sg-01.png + +- Click **Review + Create** and then **Create**. + +**Add inbound rules**: + +- Navigate to the **Network Security Groups** select **VyOS-SecurityGroup** go to **Inbound security rules** under **Settings** + +.. figure:: /_static/images/cloud-azure-sg-02.png + +**Add Rule Example:** + +- **Rule 1**: AllowSSH + + - **Port**: 22 + + - **Protocol**: TCP + + - **Source**: Any + + - **Priority**: 1001 + +**Add Additional Rules**: + +You can add inbound rules based on your specific services, such as: + + - ESP + + - OpenVPN + + - WireGuard, etc. + +.. figure:: /_static/images/cloud-azure-sg-03.png + +**Associate subnets**: + +- Navigate to the **Network Security Groups**, select **Subnets** click **+ Associate** button. Then select your virtual network and the subnet to which you want to associate the NSG. Select **OK**: + +.. figure:: /_static/images/cloud-azure-sg-04.png + + +Step 4: Create Public IP Address +----------- + +- In the Azure Portal, search for and select **Public IP Addresses**. + +- On the **Public IP Addresses** page, select **+ Create**. + +- Provide the following details: + +- **Subscription**: Select your Subscription + +- **Resource Group**: Select ``VyOSResourceGroup`` + +- **Region**: ``West Europe`` + +.. figure:: /_static/images/cloud-azure-pub-ip-01.png + +- **Name**: ``VyOS-Pub-IP`` + +- **IP Version**: ``IPv4`` + +- **SKU**: ``Standard`` + +- **Availability zone**: Select Availability Zone + +.. figure:: /_static/images/cloud-azure-pub-ip-02.png + +- **IP address assignment**: ``Static`` + +- **Idle timeout (minutes)** ``30`` (max) + +.. figure:: /_static/images/cloud-azure-pub-ip-03.png + +- Click **Review + Create**, then **Create**. + + +Step 5: Deploy the VyOS Network Virtual Machine (NVA) +----------- + +- In the Azure Portal, search for and select **Virtual Machines**. + +- On the **Virtual Machines** page, click **+ Create** and select **Azure virtual machine**. + +- Provide the following details: + +- **Subscription**: Select your Subscription + +- **Resource Group**: Select ``VyOSResourceGroup`` + +- **Virtual machine name**: e.g., ``VyOS`` + +- **Region**: e.g., ``West Europe`` + +- **Security type**: ``Standard`` + +- **Image**: ``VyOS`` (On the marketplace search ``VyOS`` and choose the appropriate subscription). + +.. figure:: /_static/images/cloud-azure-vm-01.png + +- **Size**: Select a VM size to support the workload that you want to run. The size that you choose then determines factors such as processing power, memory, and storage capacity. + +.. figure:: /_static/images/cloud-azure-vm-02.png + +- **Password/SSH Key**: Choose whether the administrator account will use username/password or SSH keys for authentication. + +- **Username**: The administrator username for the VM, e.g., ``vyos``. + +- **SSH Key**: You can use your existing SSH key pair or Azure automatically generates it for you and allows you to store it for future use. + +.. figure:: /_static/images/cloud-azure-vm-03.png + +- **Virtual network**: Select ``VyOS-VirtualNetwork``. + +- **Subnet**: Select ``VyOS-Public-Subnet``. + +- **Public IP**: Select public IP address which created before ``VyOS-Pub-IP``. + +.. figure:: /_static/images/cloud-azure-vm-04.png + +- **Configure network security group**: Select existing Security Group ``VyOS-SecurityGroup``. + +.. figure:: /_static/images/cloud-azure-vm-05.png + +- Click **Review + Create**, then **Create**. + +- Click **Download the private key and create resource** this will download private key to your computer and start creating Virtual Machine. + +.. figure:: /_static/images/cloud-azure-vm-06.png + +- Wait until deployment is complete. After the deployment complete navigate to **Virtual Machines** click new created Virtual Machine. Check **Public IP address**. + +.. figure:: /_static/images/cloud-azure-vm-07.png + + +Step 6: Access the VyOS instance +----------- + +- Access the VyOS instance using **SSH** protocol, **Public IP Address**, **Private Key**: .. code-block:: none - ssh -i ~/.ssh/vyos_azure vyos@203.0.113.3 - vyos@vyos-doc-r1:~$ + $ ssh vyos@51.124.120.235 -i vyos_key.pem + vyos@VyOS:~$ -Add interface +Step 7: Enable IP Forwarding in Network Interface +----------- + +This option allows the virtual machine on this network interface to act as a router and receive traffic addressed to other destinations. + +- On the **Virtual Machines** page, select ``VyOS`` VM, under **Networking** tab select **Network settings**, click network interface. + +.. figure:: /_static/images/cloud-azure-vm-12.png + +- Enable IP forwarding and click the **Apply** button. + +.. figure:: /_static/images/cloud-azure-vm-13.png + +Step 8: Create and attach the second network interface (optional) ------------- -If instance was deployed with one **eth0** ``WAN`` interface and want to add +Now instance has been deployed with one **eth0** ``WAN`` interface and want to add new one. To add new interface an example **eth1** ``LAN`` you need shutdown the instance. Attach the interface in the Azure portal and then start the instance. .. note:: Azure does not allow you attach interface when the instance in the **Running** state. -Absorbing Routes + +Create network interface: +^^^^^^^^^^^^^^ + +- In the Azure Portal, search for and select **Network Interfaces**. + +- On the **Network Interfaces** page, select **+ Create**. + +.. figure:: /_static/images/cloud-azure-nic-01.png + +- **Subscription**: Select your Subscription + +- **Resource Group**: Select ``VyOSResourceGroup`` + +- **Name**: ``VyOS-PRIV-NIC`` + +- **Subnet**: ``VyOS-Private-Subnet`` + +- **Private IP**: ``Dynamic`` + +- Click **Review + Create**, then **Create** + +.. figure:: /_static/images/cloud-azure-nic-02.png + +- Enable **IP Forwarding** + +- Navigate to **Network Interfaces** select ``VyOS-PRIV-NIC`` + +.. figure:: /_static/images/cloud-azure-nic-03.png + +- Go to **Settings**, select **IP configurations**. Enable IP Forwarding and select **Apply**. + +.. figure:: /_static/images/cloud-azure-nic-04.png + + +Attach reate network interface: +^^^^^^^^^^^^^^ + +- Navigate to **Virtual Machines**, click new created Virtual Machine and click the **Stop** button + +.. figure:: /_static/images/cloud-azure-vm-08.png + +- Go to **Networking** select **Network settings** and then select **Attach network interface** + +.. figure:: /_static/images/cloud-azure-vm-09.png + +- Select existing (before created) network interface ``VyOS-PRIV-NIC`` and click the **OK** button. + +.. figure:: /_static/images/cloud-azure-vm-10.png + +- Now you have attached second interface to your instance and you can start Virtual Machine. + +- Go to **Overview** and click the **Start** button. + +.. figure:: /_static/images/cloud-azure-vm-11.png + + +Setp 8: Absorbing Routes ---------------- -If using as a router, you will want your LAN interface to absorb some or all of the traffic from your VNET by using a route table applied to the subnet. +To route traffic from your Virtual Network (VNET) through the LAN interface of your VyOS Network Virtual Appliance (NVA), you need to create and configure a custom route table in Azure. + +- Step-by-Step Instructions: + +- Navigate to **Route Tables** and click **+ Create**. + +Provide the following details: + + - **Subscription**: Select your Subscription + + - **Resource Group**: Select ``VyOSResourceGroup`` + + - **Name**: ``Route-VyOS`` + + - **Region**: e.g., ``West Europe`` + +.. figure:: /_static/images/cloud-azure-route-01.png + +- Click **Review + Create**, then **Create**. -1. Create a route table and browse to **Configuration** +**Add a Route**: -2. Add one or more routes for networks you want to pass through the VyOS VM. Next hop type **Virtual Appliance** with the **Next Hop Address** of the VyOS ``LAN`` interface. +- Navigate to **Route Tables** and click the new created route (``Route-VyOS``). + +- Go to **Routes** and click **+ Add** button. + +.. figure:: /_static/images/cloud-azure-route-02.png + +Add following parameters: + +- **Name**: ``Default-Route`` + +- **Destination type**: ``IP Addresses`` + +- **Destination IP addresses/CIDR ranges**: ``0.0.0.0/0`` + +- **Next Hop Type**: ``Virtual Appliance`` + +- **Next Hop IP Address**: ``10.1.11.4`` (The private Network Interface Card IP Address) + +.. figure:: /_static/images/cloud-azure-route-03.png + +- Click the **Add** button. + +**Associate the Route Table with subnet**: + +- Navigate to **Route Tables** and click the new created route (``VyOSResourceGroup``). + +- Go to **Subnets** and click **+ Associate** button. + +.. figure:: /_static/images/cloud-azure-route-04.png + +- **Virtual network**: Select ``VyOS-VirtualNetwork``. + +- **Subnet**: Select ``VyOS-Public-Subnet``. + +.. figure:: /_static/images/cloud-azure-route-05.png .. note:: If you want to create a new default route for VMs on the subnet, use **Address Prefix** ``0.0.0.0/0`` Also note that if you want to use this as a typical edge device, you'll want masquerade NAT for the ``WAN`` interface. -Serial Console + +Deploy VyOS Instance and Required Resources Automatically (via Terraform) -------------- -Azure has a way to access the serial console of a VM, but this needs to be configured on the VyOS. It's there by default, but keep it in mind if you are replacing config.boot and rebooting: ``set system console device ttyS0 speed '9600'`` +You can deploy a VyOS instance and its associated resources in **Azure** using Terraform modules available in the GitHub repository. +All necessary parameters will be configured automatically, and you will receive **management and access information** from the outputs. + +You can also edit/change these parameters based on your requirements. + +- Download/Clone the Repository following GitHub repository: + +https://github.com/vyos/vyos-automation/tree/main/Terraform/Azure + -References ----------- -https://azure.microsoft.com diff --git a/docs/installation/cloud/gcp.rst b/docs/installation/cloud/gcp.rst index 7ae1a66e..8510f901 100644 --- a/docs/installation/cloud/gcp.rst +++ b/docs/installation/cloud/gcp.rst @@ -2,13 +2,26 @@ Google Cloud Platform ##################### -Deploy VM ---------- +This guide provides step-by-step instructions for deploying a VyOS instance with two NICs and the required resources on Google Cloud Platform (GCP). + +Prerequisites +======== + +Before proceeding, ensure the following: + +- A GCP account with billing enabled. +- Permissions to deploy Marketplace images. +- Access to enable APIs and create resources (e.g., Compute Engine Admin, Network Admin). +- An SSH key pair for VyOS instance access. +- GA Google Cloud Project. -To deploy VyOS on GCP (Google Cloud Platform) +Deployment Steps +======== -1. Generate SSH key pair type **ssh-rsa** from the host that will connect to - VyOS. +Step 1: Add SSH Key +------------------- + +1. If you don’t already have SSH keys, generate an SSH key pair of type ``ssh-rsa`` on your local machine: Example: @@ -17,42 +30,248 @@ To deploy VyOS on GCP (Google Cloud Platform) ssh-keygen -t rsa -f ~/.ssh/vyos_gcp -C "vyos@mypc" -.. note:: In name "vyos@mypc" The first value must be "**vyos**". Because - default user is vyos and google api uses this option. - +.. note:: In the comment ``vyos@mypc``, the username must start with vyos. + This is because the default user in the VyOS image is ``vyos``, and the Google Cloud API uses this value for SSH access. -2. Open GCP console and navigate to the menu **Metadata**. Choose - **SSH Keys** and click ``edit``. +2. Open GCP console and navigate to the **Compute Engine** > **Metadata** > **SSH Keys**. Choose + **SSH Keys**. .. figure:: /_static/images/cloud-gcp-01.png -Click **Add item** and paste your public ssh key. Click ``Save``. +3. Click **edit** and **Add item**. + +4. Paste your public ssh key and **Save**. .. figure:: /_static/images/cloud-gcp-02.png +For more information, please visit the official Google Cloud documentation: + +https://cloud.google.com/compute/docs/connect/add-ssh-keys + +https://cloud.google.com/compute/docs/connect/create-ssh-keys + + +Step 2: Create a Service Account (If You Don't Have One) +------------------------------- + +1. In the Google Cloud console **IAM & Admin > Service Accounts**. + +2. Select select a project. + +.. figure:: /_static/images/cloud-gcp-proj.png + +3. Click **Create Service Account**: + + - Name: e.g., ``vyos-test`` + + - Service account ID: e.g., ``vyos-test`` + + - Description: e.g., ``VyOS Test Service Account`` + +4. Click **Done**. + +.. figure:: /_static/images/cloud-gcp-svc.png + +For more information, please visit the official Google Cloud documentation: + +https://cloud.google.com/iam/docs/service-accounts-create + +https://cloud.google.com/iam/docs/service-account-overview + + +Step 3: Create VPC Networks and Subnets +------------------------------- + +1. In the Google Cloud console **VPC Network > VPC Networks** https://console.cloud.google.com/networking/networks/list + +2. Select select a project. + +.. figure:: /_static/images/cloud-gcp-proj.png + +3. Click **Create VPC Network**. + + **Public VPC**: + + - Name: e.g., ``vyos-public-vpc`` + + - Subnet creation mode: ``Custom`` + + - Subnet name: e.g., ``vyos-public-subnet`` + + - Region: e.g., ``europe-west1`` + + - IP range: e.g., ``10.0.1.0/24`` + + - Leave all other settings at default, then click **Create**. + +.. figure:: /_static/images/cloud-gcp-vpc-01.png + +.. figure:: /_static/images/cloud-gcp-vpc-02.png + + **Private VPC**: + + - Name: ``vyos-private-vpc`` + + - Subnet creation mode: ``Custom`` + + - Subnet name: ``vyos-private-subnet`` + + - Region: e.g., ``europe-west1`` + + - IP range: ``10.0.11.0/24`` + + - Leave all other settings at default, then click **Create**. + +.. figure:: /_static/images/cloud-gcp-vpc-03.png + +.. figure:: /_static/images/cloud-gcp-vpc-04.png + +4. Add firewall rules to allow specific network traffic from the Internet. By default all incoming traffic from outside a network is blocked. + +.. figure:: /_static/images/cloud-gcp-vpc-05.png + +.. figure:: /_static/images/cloud-gcp-vpc-06.png + +.. figure:: /_static/images/cloud-gcp-vpc-07.png -2. On marketplace search "VyOS" +For more information, please visit the official Google Cloud documentation: -3. Change Deployment name/Zone/Machine type and click ``Deploy`` +https://cloud.google.com/vpc/docs/create-modify-vpc-networks -.. figure:: /_static/images/cloud-gcp-03.png -4. After few seconds click to ``instance`` +Step 4: Deploy VyOS instance from Marketplace +--------- + +1. Go to the Google Cloud Marketplace page in the Google Cloud console https://console.cloud.google.com/marketplace + +2. Choose the project where you want to deploy the VyOS instance. + +.. figure:: /_static/images/cloud-gcp-proj.png + +3. In the search bar, type ``vyos`` to find the VyOS image in the Marketplace. + +.. figure:: /_static/images/cloud-gcp-market-01.png + +.. figure:: /_static/images/cloud-gcp-market-02.png + +4. On the next page, review details such as support, pricing, and other details. + +.. figure:: /_static/images/cloud-gcp-market-03.png + +5. Click the ``GET STARTED`` button to start deployment process. + +.. figure:: /_static/images/cloud-gcp-market-04.png + +.. figure:: /_static/images/cloud-gcp-market-05.png + +6. General settings. + + - Deployment name: e.g., ``vyos-test-vm`` + + - Select a Service Account: Select the service account created earlier. + + - Image: Select VyOS image for deployment. + + - Zone: e.g., ``europe-west1-b`` + + - Machine type: Choose based on performance and resource needs. + +.. figure:: /_static/images/cloud-gcp-vm-01.png + +.. figure:: /_static/images/cloud-gcp-vm-02.png + +7. Configure the network interfaces. + + **Public Network interface:** + + Edit the first (default) network interface and select following settings: + + - Network: ``vyos-public-vpc`` + + - Subnetwork: ``vyos-public-subnet`` + + - External IP: ``Ephemeral`` + + - Private Network interface: -.. figure:: /_static/images/cloud-gcp-04.png + **Private Network Interface:** + + Click **ADD A NETWORK INTERFACE** button to create a second (private) interface, and select following settings: -5. Find out your external IP address + - Network: ``vyos-private-vpc`` -.. figure:: /_static/images/cloud-gcp-05.png + - Subnetwork: ``vyos-private-subnet`` -6. Connect to the instance. SSH key was generated in the first step. + - External IP: ``None`` + +.. figure:: /_static/images/cloud-gcp-vm-03.png + +8. Deployment automation. + + - You can use ``cloud-init`` ``User Data`` to automatically inject specific configuration commands into the VyOS instance during deployment. + + - Example: + + .. code-block:: none + + #cloud-config + vyos_config_commands: + - set system host-name 'VyOS-for-GCP' + - set system login banner pre-login 'Welcome to the VyOS for on GCP' + - set interfaces ethernet eth0 description 'WAN' + - set interfaces ethernet eth1 description 'LAN' + - set interfaces ethernet eth1 address 'dhcp' + - set interfaces ethernet eth1 dhcp-options no-default-route + +For more information, please visit the official VyOS documentation: + +https://docs.vyos.io/en/stable/automation/cloud-init.html#module-vyos-userdata + +.. figure:: /_static/images/cloud-gcp-vm-09.png + +9. Click ``Deploy`` button. + +.. figure:: /_static/images/cloud-gcp-vm-06.png + +.. figure:: /_static/images/cloud-gcp-vm-07.png + + +Connect to the VyOS instance +----------- + +To connect to the VyOS instance, use the SSH key that was generated in the first step. + +To retrieve the public IP address, go to the **Google Cloud Console** and navigate to: **Compute Engine** > **VM instances** https://console.cloud.google.com/compute/instances?project=vyos-images + +.. figure:: /_static/images/cloud-gcp-vm-08.png + +Example: .. code-block:: none - ssh -i ~/.ssh/vyos_gcp vyos@203.0.113.3 - vyos@vyos-r1-vm:~$ + ssh vyos@35.233.97.132 -i .ssh/vyos_gcp + + The authenticity of host '35.233.97.132 (35.233.97.132)' can't be established. + ED25519 key fingerprint is SHA256:KCsCnwCGhwX2ba5RcPUAO3ZUSNzS4sXIkujFoScCd0g. + This key is not known by any other names + Are you sure you want to continue connecting (yes/no/[fingerprint])? yes + Warning: Permanently added '35.233.97.132' (ED25519) to the list of known hosts. + Welcome to the VyOS for on GCP + Welcome to VyOS! + + ┌── ┐ + . VyOS 1.4.2 + └ ──┘ sagitta + + * Documentation: https://docs.vyos.io/en/sagitta + * Project news: https://blog.vyos.io + * Bug reports: https://vyos.dev + + You can change this banner using "set system login banner post-login" command. + + VyOS is a free software distribution that includes multiple components, + you can check individual component licenses under /usr/share/doc/*/copyright + vyos@VyOS-for-GCP:~$ + -References ----------- -https://console.cloud.google.com/ diff --git a/docs/installation/index.rst b/docs/installation/index.rst index 435a16cd..97f7d85c 100644 --- a/docs/installation/index.rst +++ b/docs/installation/index.rst @@ -2,7 +2,16 @@ Installation and Image Management ################################# +.. note:: This is most likely only relevant for virtual installations: + When installing VyOS ensure that the MAC address selected for your NICs is + not a locally administered MAC address. Locally administered addresses are + distinguished from universally administered addresses by setting (assigning + the value of 1 to) the second-least-significant bit of the first octet of + the address: + + Example: ``02:00:00:00:00:01``, where the second-least-significant bit + (``02`` in hex) is set to ``1``. .. toctree:: :maxdepth: 2 |
