diff options
Diffstat (limited to 'docs/appendix/examples')
| -rw-r--r-- | docs/appendix/examples/ha.rst | 10 | ||||
| -rw-r--r-- | docs/appendix/examples/ospf-unnumbered.rst | 36 | ||||
| -rw-r--r-- | docs/appendix/examples/tunnelbroker-ipv6.rst | 14 |
3 files changed, 30 insertions, 30 deletions
diff --git a/docs/appendix/examples/ha.rst b/docs/appendix/examples/ha.rst index cd60f8e4..1c37463c 100644 --- a/docs/appendix/examples/ha.rst +++ b/docs/appendix/examples/ha.rst @@ -81,7 +81,7 @@ Our implementation uses VMware's Distributed Port Groups, which allows VMware to Basic Setup (via console) ------------------------- -Create your router1 VM so it is able to withstand a VM Host failing, or a network link failing. Using VMware, this is achieved by enabling vSphere DRS, vSphere Availability, and creating a Distributed Port Group that uses LACP. +Create your router1 VM so it is able to withstand a VM Host failing, or a network link failing. Using VMware, this is achieved by enabling vSphere DRS, vSphere Availability, and creating a Distributed Port Group that uses LACP. Many other Hypervisors do this, and I'm hoping that this document will be expanded to document how to do this for others. @@ -224,7 +224,7 @@ router2 Create vrrp sync-group ^^^^^^^^^^^^^^^^^^^^^^ -The sync group is used to replicate connection tracking. It needs to be assigned to a random VRRP group, and we are creating a sync group called ``sync`` using the vrrp group ``int``. +The sync group is used to replicate connection tracking. It needs to be assigned to a random VRRP group, and we are creating a sync group called ``sync`` using the vrrp group ``int``. .. code-block:: console @@ -251,7 +251,7 @@ You should be able to ping to and from all the IPs you have allocated. NAT and conntrack-sync ---------------------- -Masquerade Traffic originating from 10.200.201.0/24 that is heading out the public interface. +Masquerade Traffic originating from 10.200.201.0/24 that is heading out the public interface. Note we explicitly exclude the primary upstream network so that BGP or OSPF traffic doesn't accidentally get NAT'ed. .. code-block:: console @@ -265,7 +265,7 @@ Note we explicitly exclude the primary upstream network so that BGP or OSPF traf Configure conntrack-sync and disable helpers ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Most conntrack modules cause more problems than they're worth, especially in a complex network. Turn them off by default, and if you need to turn them on later, you can do so. +Most conntrack modules cause more problems than they're worth, especially in a complex network. Turn them off by default, and if you need to turn them on later, you can do so. .. code-block:: console @@ -413,7 +413,7 @@ Enable OSPF ^^^^^^^^^^^ Every router **must** have a unique router-id. -The 'reference-bandwidth' is used because when OSPF was originally designed, the idea of a link faster than 1gbit was unheard of, and it does not scale correctly. +The 'reference-bandwidth' is used because when OSPF was originally designed, the idea of a link faster than 1gbit was unheard of, and it does not scale correctly. .. code-block:: console diff --git a/docs/appendix/examples/ospf-unnumbered.rst b/docs/appendix/examples/ospf-unnumbered.rst index 13e5f961..ac29988e 100644 --- a/docs/appendix/examples/ospf-unnumbered.rst +++ b/docs/appendix/examples/ospf-unnumbered.rst @@ -50,28 +50,28 @@ Results .. code-block:: console - vyos@vyos:~$ show interfaces + vyos@vyos:~$ show interfaces Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address S/L Description --------- ---------- --- ----------- - eth0 10.0.0.1/24 u/u - eth1 192.168.0.1/32 u/u - eth2 192.168.0.1/32 u/u - lo 127.0.0.1/8 u/u + eth0 10.0.0.1/24 u/u + eth1 192.168.0.1/32 u/u + eth2 192.168.0.1/32 u/u + lo 127.0.0.1/8 u/u 192.168.0.1/32 ::1/128 - vyos@vyos:~$ + vyos@vyos:~$ .. code-block:: console - vyos@vyos:~$ show ip route + vyos@vyos:~$ show ip route Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR, f - OpenFabric, > - selected route, * - FIB route, q - queued route, r - rejected route - + S>* 0.0.0.0/0 [210/0] via 10.0.0.254, eth0, 00:57:34 O 10.0.0.0/24 [110/20] via 192.168.0.2, eth1 onlink, 00:13:21 via 192.168.0.2, eth2 onlink, 00:13:21 @@ -82,35 +82,35 @@ Results C>* 192.168.0.1/32 is directly connected, lo, 00:57:36 O>* 192.168.0.2/32 [110/1] via 192.168.0.2, eth1 onlink, 00:29:03 * via 192.168.0.2, eth2 onlink, 00:29:03 - vyos@vyos:~$ + vyos@vyos:~$ - Router B: .. code-block:: console - vyos@vyos:~$ show interfaces + vyos@vyos:~$ show interfaces Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address S/L Description --------- ---------- --- ----------- - eth0 10.0.0.2/24 u/u - eth1 192.168.0.2/32 u/u - eth2 192.168.0.2/32 u/u - lo 127.0.0.1/8 u/u + eth0 10.0.0.2/24 u/u + eth1 192.168.0.2/32 u/u + eth2 192.168.0.2/32 u/u + lo 127.0.0.1/8 u/u 192.168.0.2/32 ::1/128 - vyos@vyos:~$ + vyos@vyos:~$ .. code-block:: console - vyos@vyos:~$ show ip route + vyos@vyos:~$ show ip route Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR, f - OpenFabric, > - selected route, * - FIB route, q - queued route, r - rejected route - + S>* 0.0.0.0/0 [210/0] via 10.0.0.254, eth0, 00:57:34 O 10.0.0.0/24 [110/20] via 192.168.0.1, eth1 onlink, 00:13:21 via 192.168.0.1, eth2 onlink, 00:13:21 @@ -121,5 +121,5 @@ Results C>* 192.168.0.2/32 is directly connected, lo, 00:57:36 O>* 192.168.0.1/32 [110/1] via 192.168.0.1, eth1 onlink, 00:29:03 * via 192.168.0.1, eth2 onlink, 00:29:03 - vyos@vyos:~$ + vyos@vyos:~$ diff --git a/docs/appendix/examples/tunnelbroker-ipv6.rst b/docs/appendix/examples/tunnelbroker-ipv6.rst index 234d9cf1..e8fc9a8b 100644 --- a/docs/appendix/examples/tunnelbroker-ipv6.rst +++ b/docs/appendix/examples/tunnelbroker-ipv6.rst @@ -3,7 +3,7 @@ VyOS Tunnelbroker.net IPv6 -------------------------- -This guides walks through the setup of `Tunnelbroker.net <https://www.tunnelbroker.net/>`_ for an IPv6 Tunnel. +This guides walks through the setup of `Tunnelbroker.net <https://www.tunnelbroker.net/>`_ for an IPv6 Tunnel. Prerequisites ^^^^^^^^^^^^^ @@ -78,9 +78,9 @@ At this point your VyOS install should have full IPv6, but now your LAN devices With Tunnelbroker.net, you have two options: - Routed /64. This is the default assignment. In IPv6-land, it's good for a single "LAN", and is somewhat equivalent to a /24. Example: `2001:470:xxxx:xxxx::/64` -- Routed /48. This is something you can request by clicking the "Assign /48" link in the Tunnelbroker.net tunnel config. It allows you to have up to 65k LANs. Example: `2001:470:xxxx::/48` +- Routed /48. This is something you can request by clicking the "Assign /48" link in the Tunnelbroker.net tunnel config. It allows you to have up to 65k LANs. Example: `2001:470:xxxx::/48` -Unlike IPv4, IPv6 is really not designed to be broken up smaller than /64. So if you ever want to have multiple LANs, VLANs, DMZ, etc, you'll want to ignore the assigned /64, and request the /48 and use that. +Unlike IPv4, IPv6 is really not designed to be broken up smaller than /64. So if you ever want to have multiple LANs, VLANs, DMZ, etc, you'll want to ignore the assigned /64, and request the /48 and use that. Single LAN Setup ^^^^^^^^^^^^^^^^ @@ -89,7 +89,7 @@ Single LAN setup where eth1 is your LAN interface. Use the /64 (all the xxxx sh .. code-block:: console - set interfaces ethernet eth1 address '2001:470:xxxx:xxxx::1/64' + set interfaces ethernet eth1 address '2001:470:xxxx:xxxx::1/64' set interfaces ethernet eth1 ipv6 router-advert name-server '2001:4860:4860::8888' set interfaces ethernet eth1 ipv6 router-advert name-server '2001:4860:4860::8844' set interfaces ethernet eth1 ipv6 router-advert prefix 2001:470:xxxx:xxxx::/64 autonomous-flag 'true' @@ -100,7 +100,7 @@ Single LAN setup where eth1 is your LAN interface. Use the /64 (all the xxxx sh - This accomplishes a few things: - Sets your LAN interface's IP address - - Enables router advertisements. This is an IPv6 alternative for DHCP (though DHCPv6 can still be used). With RAs, Your devices will automatically find the information they need for routing and DNS. + - Enables router advertisements. This is an IPv6 alternative for DHCP (though DHCPv6 can still be used). With RAs, Your devices will automatically find the information they need for routing and DNS. Multiple LAN/DMZ Setup ^^^^^^^^^^^^^^^^^^^^^^ @@ -114,7 +114,7 @@ The format of these addresses: - `2001:470:xxxx:2::/64`: Another subnet - `2001:470:xxxx:ffff:/64`: The last usable /64 subnet. -In the above examples, 1,2,ffff are all chosen by you. You can use 1-ffff (1-65535). +In the above examples, 1,2,ffff are all chosen by you. You can use 1-ffff (1-65535). So, when your LAN is eth1, your DMZ is eth2, your cameras live on eth3, etc: @@ -144,7 +144,7 @@ So, when your LAN is eth1, your DMZ is eth2, your cameras live on eth3, etc: Firewall ^^^^^^^^ -Finally, don't forget the :ref:`firewall`. The usage is identical, except for instead of `set firewall name NAME`, you would use `set firewall ipv6-name NAME`. +Finally, don't forget the :ref:`firewall`. The usage is identical, except for instead of `set firewall name NAME`, you would use `set firewall ipv6-name NAME`. Similarly, to attach the firewall, you would use `set interfaces ethernet eth0 firewall in ipv6-name` or `set zone-policy zone LOCAL from WAN firewall ipv6-name` |