diff options
| -rw-r--r-- | docs/_static/images/boot-options.png | bin | 0 -> 30582 bytes | |||
| -rw-r--r-- | docs/_static/images/sticky-connections.jpg | bin | 0 -> 22252 bytes | |||
| -rw-r--r-- | docs/interfaces/ethernet.rst | 38 | ||||
| -rw-r--r-- | docs/interfaces/pppoe.rst | 28 | ||||
| -rw-r--r-- | docs/load-balancing.rst | 6 | ||||
| -rw-r--r-- | docs/services/conntrack.rst | 11 | ||||
| -rw-r--r-- | docs/system/advanced-index.rst | 1 | ||||
| -rw-r--r-- | docs/system/boot-options.rst | 57 | ||||
| -rw-r--r-- | docs/troubleshooting.rst | 2 |
9 files changed, 128 insertions, 15 deletions
diff --git a/docs/_static/images/boot-options.png b/docs/_static/images/boot-options.png Binary files differnew file mode 100644 index 00000000..b00350bc --- /dev/null +++ b/docs/_static/images/boot-options.png diff --git a/docs/_static/images/sticky-connections.jpg b/docs/_static/images/sticky-connections.jpg Binary files differnew file mode 100644 index 00000000..25fd72a9 --- /dev/null +++ b/docs/_static/images/sticky-connections.jpg diff --git a/docs/interfaces/ethernet.rst b/docs/interfaces/ethernet.rst index 0633ad2c..95aef851 100644 --- a/docs/interfaces/ethernet.rst +++ b/docs/interfaces/ethernet.rst @@ -95,6 +95,44 @@ Link Administration Configure :abbr:`MTU (Maximum Transmission Unit)` on given `<interface>`. It is the size (in bytes) of the largest ethernet frame sent on this link. +Prefix Delegation (DHCPv6-PD) +----------------------------- + +VyOS 1.3 (equuleus) supports DHCPv6-PD. DHCPv6 Prefix Delegation is supported +by most ISPs who provide native IPv6 for consumers on fixed networks. + +.. cfgcmd:: set interfaces ethernet <interface> dhcpv6-option pd <id> length <length> + + Some ISPs by default only delegate a /64 prefix. To request for a specific + prefix size use this option to request for a bigger delegation for this pd + `<id>`. This value + is in the range from 32 - 64 so you could request up to /32 down to a /64 + delegation. + + Default value is 64. + +.. cfgcmd:: set interfaces ethernet <interface> dhcpv6-option pd <id> interface <delegatee> address <address> + + Specify the interface address used locally on the interfcae where the prefix + has been delegated to. ID must be a decimal integer. + + It will be combined with the delegated prefix and the sla-id to form a complete + interface address. The default is to use the EUI-64 address of the interface. + + Example: + + Using ``<id>`` value 65535 will assign IPv6 address ``<prefix>::ffff`` to the + interface. + +.. cfgcmd:: set interfaces ethernet <interface> dhcpv6-option pd <id> interface <delegatee> sla-id <id> + + Specify the identifier value of the site-level aggregator (SLA) on the + interface. ID must be a decimal number greater then 0 which fits in the length + of SLA IDs (see below). For example, if ID is 1 and the client is delegated + an IPv6 prefix 2001:db8:ffff::/48, dhcp6c will combine the two values into a + single IPv6 prefix, 2001:db8:ffff:1::/64, and will configure the prefix on + the specified interface. + Operation ========= diff --git a/docs/interfaces/pppoe.rst b/docs/interfaces/pppoe.rst index 75fe0a40..8fa35492 100644 --- a/docs/interfaces/pppoe.rst +++ b/docs/interfaces/pppoe.rst @@ -183,27 +183,27 @@ by most ISPs who provide native IPv6 for consumers on fixed networks. Default value is 64. -.. cfgcmd:: set interfaces pppoe <interface> dhcpv6-option pd <id> interface <prefix-interface> address <local-addr> +.. cfgcmd:: set interfaces pppoe <interface> dhcpv6-option pd <id> interface <delegatee> address <address> - This statement specifies the interface address used locally on the interfcae - where the prefix has been delegated to. ID must be a decimal integer. - It will be combined with the delegated prefix and the sla-id to form a - complete interface address. The default is to use the EUI-64 address of the - interface. + Specify the interface address used locally on the interfcae where the prefix + has been delegated to. ID must be a decimal integer. + + It will be combined with the delegated prefix and the sla-id to form a complete + interface address. The default is to use the EUI-64 address of the interface. Example: - Using `<id>` value 65535 will assign IPv6 address <prefix>::ffff to the + Using ``<id>`` value 65535 will assign IPv6 address ``<prefix>::ffff`` to the interface. -.. cfgcmd:: set interfaces pppoe <interface> dhcpv6-option pd <id> interface <prefix-interface> sla-id <id> +.. cfgcmd:: set interfaces pppoe <interface> dhcpv6-option pd <id> interface <delegatee> sla-id <id> - This statement specifies the identifier value of the site-level aggregator - (SLA) on the interface. ID must be a decimal number greater then 0 which - fits in the length of SLA IDs (see below). For example, if ID is 1 and the - client is delegated an IPv6 prefix 2001:db8:ffff::/48, dhcp6c will combine - the two values into a single IPv6 prefix, 2001:db8:ffff:1::/64, and will - configure the prefix on the specified interface. + Specify the identifier value of the site-level aggregator (SLA) on the + interface. ID must be a decimal number greater then 0 which fits in the length + of SLA IDs (see below). For example, if ID is 1 and the client is delegated + an IPv6 prefix 2001:db8:ffff::/48, dhcp6c will combine the two values into a + single IPv6 prefix, 2001:db8:ffff:1::/64, and will configure the prefix on + the specified interface. Operation ========= diff --git a/docs/load-balancing.rst b/docs/load-balancing.rst index 07c18217..6b0bede9 100644 --- a/docs/load-balancing.rst +++ b/docs/load-balancing.rst @@ -159,6 +159,12 @@ This works through automatically generated source NAT (SNAT) rules, these rules Sticky Connections ------------------ +Inbound connections to a WAN interface can be improperly handled when the reply is sent back to the client. + +.. image:: /_static/images/sticky-connections.jpg + :width: 80% + :align: center + Upon reception of an incoming packet, when a response is sent, it might be desired to ensure that it leaves from the same interface as the inbound one. This can be achieved by enabling sticky connections in the load balancing: diff --git a/docs/services/conntrack.rst b/docs/services/conntrack.rst index 90f062e8..c361d293 100644 --- a/docs/services/conntrack.rst +++ b/docs/services/conntrack.rst @@ -26,6 +26,12 @@ tunnels it can be their tunnel ID, but otherwise is just zero, as if it were not part of the tuple. To be able to inspect the TCP port in all cases, packets will be mandatorily defragmented. +It is possible to use either Multicast or Unicast to sync conntrack traffic. +Most examples below show Multicast, but unicast can be specified by using the +"peer" keywork after the specificed interface, as in the following example: + +set service conntrack-sync interface eth0 peer 192.168.0.250 + Configuration ^^^^^^^^^^^^^ @@ -51,9 +57,12 @@ Configuration # Interface to use for syncing conntrack entries [REQUIRED] set service conntrack-sync interface <ifname> - + # Multicast group to use for syncing conntrack entries set service conntrack-sync mcast-group <x.x.x.x> + + # Peer to send Unicast UDP conntrack sync entires to, if not using Multicast above + set service conntrack-sync interface <ifname> peer <remote IP of peer> # Queue size for syncing conntrack entries (in MB) set service conntrack-sync sync-queue-size <size> diff --git a/docs/system/advanced-index.rst b/docs/system/advanced-index.rst index 36469763..4e9c5699 100644 --- a/docs/system/advanced-index.rst +++ b/docs/system/advanced-index.rst @@ -11,6 +11,7 @@ Advanced System Tweaks flow-accounting ntp options + boot-options proxy serial-console syslog diff --git a/docs/system/boot-options.rst b/docs/system/boot-options.rst new file mode 100644 index 00000000..d054748f --- /dev/null +++ b/docs/system/boot-options.rst @@ -0,0 +1,57 @@ +.. _boot-options: + + +############ +Boot Options +############ + +.. warning:: This function may be highly disruptive. + It may cause major service interruption, so make sure you really + need it and verify your input carefully. + + + +VyOS has several kernel command line options to modify the normal boot +process. +To add an option, select the desired image in GRUB menu at load +time, press **e**, edit the first line, and press **Ctrl-x** to boot when +ready. + +.. image:: /_static/images/boot-options.png + :width: 80% + :align: center + + +Specify custom config file +========================== + +Tells the system to use specified file instead of ``/config/config.boot``. +If specified file does not exist or is not readable, fall back to +default config. No additional verification is performed, so make sure +you specify a valid config file. + +.. code-block:: none + + vyos-config=/path/to/file + +To load the *factory default* config, use: + +.. code-block:: none + + vyos-config=/opt/vyatta/etc/config.boot.default + + +Disable specific boot process steps +=================================== + +These options disable some boot steps. Make sure you understand the +:ref:`boot process <boot-steps>` well before using them! + +.. glossary:: + + no-vyos-migrate + Do not perform config migration. + + no-vyos-firewall + Do not initialize default firewall chains, renders any firewall configuration unusable. + diff --git a/docs/troubleshooting.rst b/docs/troubleshooting.rst index 23248507..2d6532d0 100644 --- a/docs/troubleshooting.rst +++ b/docs/troubleshooting.rst @@ -362,6 +362,8 @@ to clear counters on firewall rulesets or single rules System Information ****************** +.. _boot-steps: + Boot Steps ========== |
