diff options
Diffstat (limited to 'docs/configuration/interfaces')
| -rw-r--r-- | docs/configuration/interfaces/bridge.rst | 47 | ||||
| -rw-r--r-- | docs/configuration/interfaces/ethernet.rst | 28 | ||||
| -rw-r--r-- | docs/configuration/interfaces/loopback.rst | 2 | ||||
| -rw-r--r-- | docs/configuration/interfaces/openvpn.rst | 2 |
4 files changed, 52 insertions, 27 deletions
diff --git a/docs/configuration/interfaces/bridge.rst b/docs/configuration/interfaces/bridge.rst index ddc293cc..e69a6e26 100644 --- a/docs/configuration/interfaces/bridge.rst +++ b/docs/configuration/interfaces/bridge.rst @@ -127,15 +127,24 @@ Enable VLAN-Aware Bridge .. cfgcmd:: set interfaces bridge <interface> enable-vlan - To activate the VLAN aware bridge, you must activate this setting to use VLAN + To activate the VLAN aware bridge, you must activate this setting to use VLAN settings for the bridge +.. cfgcmd:: set interfaces bridge <interface> protocol <802.1ad|802.1q> + + Define used ethertype of bridge interface. + + Ethertype ``0x8100`` is used for ``802.1q`` and ethertype ``0x88a8`` is used + for ``802.1ad``. + + The default is ``802.1q``. + VLAN Options ------------ .. note:: It is not valid to use the `vif 1` option for VLAN aware bridges - because VLAN aware bridges assume that all unlabeled packets belong to - the default VLAN 1 member and that the VLAN ID of the bridge's parent + because VLAN aware bridges assume that all unlabeled packets belong to + the default VLAN 1 member and that the VLAN ID of the bridge's parent interface is always 1 .. cmdinclude:: /_include/interface-vlan-8021q.txt @@ -149,9 +158,9 @@ VLAN Options VLAN tag enters the port, the data packet will be forced to add a tag of a specific vlan id. When the vlan id flag flows out, the tag of the vlan id will be stripped - + Example: Set `eth0` member port to be native VLAN 2 - + .. code-block:: none set interfaces bridge br1 member interface eth0 native-vlan 2 @@ -162,17 +171,17 @@ VLAN Options Allows specific VLAN IDs to pass through the bridge member interface. This can either be an individual VLAN id or a range of VLAN ids delimited by a hyphen. - + Example: Set `eth0` member port to be allowed VLAN 4 - + .. code-block:: none - + set interfaces bridge br1 member interface eth0 allowed-vlan 4 - + Example: Set `eth0` member port to be allowed VLAN 6-8 - + .. code-block:: none - + set interfaces bridge br1 member interface eth0 allowed-vlan 6-8 Port Mirror (SPAN) @@ -265,17 +274,17 @@ This results in the active configuration: Using the operation mode command to view Bridge Information =========================================================== -.. opcmd:: show bridge +.. opcmd:: show bridge The `show bridge` operational command can be used to display configured bridges: .. code-block:: none - vyos@vyos:~$ show bridge - 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding - priority 32 cost 100 - 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding + vyos@vyos:~$ show bridge + 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding + priority 32 cost 100 + 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100 .. opcmd:: show bridge <name> fdb @@ -304,11 +313,11 @@ Using the operation mode command to view Bridge Information 33:33:00:00:00:6a dev br0 self permanent 01:00:5e:00:00:01 dev br0 self permanent 33:33:ff:00:00:00 dev br0 self permanent - + .. opcmd:: show bridge <name> mdb - Show bridge `<name>` mdb displays the current multicast group membership - table.The table is populated by IGMP and MLD snooping in the bridge driver + Show bridge `<name>` mdb displays the current multicast group membership + table.The table is populated by IGMP and MLD snooping in the bridge driver automatically. .. code-block:: none diff --git a/docs/configuration/interfaces/ethernet.rst b/docs/configuration/interfaces/ethernet.rst index bbf52112..a1151fd4 100644 --- a/docs/configuration/interfaces/ethernet.rst +++ b/docs/configuration/interfaces/ethernet.rst @@ -61,6 +61,22 @@ Offloading Enable different types of hardware offloading on the given NIC. + :abbr:`LRO (Large Receive Offload)` is a technique designed to boost the + efficiency of how your computer's network interface card (NIC) processes + incoming network traffic. Typically, network data arrives in smaller chunks + called packets. Processing each packet individually consumes CPU (central + processing unit) resources. Lots of small packets can lead to a performance + bottleneck. Instead of handing the CPU each packet as it comes in, LRO + instructs the NIC to combine multiple incoming packets into a single, larger + packet. This larger packet is then passed to the CPU for processing. + + .. note:: Under some circumstances, LRO is known to modify the packet headers + of forwarded traffic, which breaks the end-to-end principle of computer + networking. LRO is also only able to offload TCP segments encapsulated in + IPv4 packets. Due to these limitations, it is recommended to use GRO + (Generic Receive Offload) where possible. More information on the + limitations of LRO can be found here: https://lwn.net/Articles/358910/ + :abbr:`GSO (Generic Segmentation Offload)` is a pure software offload that is meant to deal with cases where device drivers cannot perform the offloads described above. What occurs in GSO is that a given skbuff will have its data @@ -87,13 +103,13 @@ Offloading placing the packet on the desired CPU's backlog queue and waking up the CPU for processing. RPS has some advantages over RSS: - - it can be used with any NIC, - - software filters can easily be added to hash over new protocols, - - it does not increase hardware device interrupt rate (although it does - introduce inter-processor interrupts (IPIs)). + - it can be used with any NIC + - software filters can easily be added to hash over new protocols + - it does not increase hardware device interrupt rate, although it does + introduce inter-processor interrupts (IPIs) - .. note:: In order to use TSO/LRO with VMXNET3 adaters one must also enable - the SG offloading option. + .. note:: In order to use TSO/LRO with VMXNET3 adapters, the SG offloading + option must also be enabled. Authentication (EAPoL) ---------------------- diff --git a/docs/configuration/interfaces/loopback.rst b/docs/configuration/interfaces/loopback.rst index 8e983abb..b5fbdf83 100644 --- a/docs/configuration/interfaces/loopback.rst +++ b/docs/configuration/interfaces/loopback.rst @@ -14,7 +14,7 @@ services on your local machine. you need multiple interfaces, please use the :ref:`dummy-interface` interface type. -.. hint:: A lookback interface is always up, thus it could be used for +.. hint:: A loopback interface is always up, thus it could be used for management traffic or as source/destination for and :abbr:`IGP (Interior Gateway Protocol)` like :ref:`routing-bgp` so your internal BGP link is not dependent on physical link states and multiple routes can be chosen to the diff --git a/docs/configuration/interfaces/openvpn.rst b/docs/configuration/interfaces/openvpn.rst index d92ac080..8cf579de 100644 --- a/docs/configuration/interfaces/openvpn.rst +++ b/docs/configuration/interfaces/openvpn.rst @@ -547,7 +547,7 @@ example: openvpn-option "--plugin /usr/lib/openvpn/openvpn-auth-ldap.so /config/auth/ldap-auth.config" openvpn-option "--push redirect-gateway" openvpn-option --duplicate-cn - openvpn-option --client-cert-not-required + openvpn-option "--verify-client-cert none" openvpn-option --comp-lzo openvpn-option --persist-key openvpn-option --persist-tun |