diff options
Diffstat (limited to 'docs/configuration/policy')
| -rw-r--r-- | docs/configuration/policy/access-list.rst | 11 | ||||
| -rw-r--r-- | docs/configuration/policy/as-path-list.rst | 33 | ||||
| -rw-r--r-- | docs/configuration/policy/bgp-policies.rst | 124 | ||||
| -rw-r--r-- | docs/configuration/policy/community-list.rst | 35 | ||||
| -rw-r--r-- | docs/configuration/policy/examples.rst | 13 | ||||
| -rw-r--r-- | docs/configuration/policy/extcommunity-list.rst | 40 | ||||
| -rw-r--r-- | docs/configuration/policy/index.rst | 5 | ||||
| -rw-r--r-- | docs/configuration/policy/large-community-list.rst | 36 | ||||
| -rw-r--r-- | docs/configuration/policy/prefix-list.rst | 7 | ||||
| -rw-r--r-- | docs/configuration/policy/route-map.rst | 6 | ||||
| -rw-r--r-- | docs/configuration/policy/route.rst | 7 |
11 files changed, 157 insertions, 160 deletions
diff --git a/docs/configuration/policy/access-list.rst b/docs/configuration/policy/access-list.rst index 41c35986..0af9b911 100644 --- a/docs/configuration/policy/access-list.rst +++ b/docs/configuration/policy/access-list.rst @@ -33,7 +33,7 @@ Access Lists <destination|source> <any|host|inverse-mask|network> This command defines matching parameters for access list rule. Matching - criteria could be applied to destinarion or source parameters: + criteria could be applied to destination or source parameters: * any: any IP address to match. * host: single host IP address to match. @@ -67,11 +67,4 @@ Basic filtering could also be applied to IPv6 traffic. * any: any IPv6 address to match. * exact-match: exact match of the network prefixes. * network: network/netmask to match (requires inverse-match be defined) BUG, - NO invert-match option in access-list6 - - -******** -Examples -******** - -Examples would be uploaded soon.
\ No newline at end of file + NO invert-match option in access-list6
\ No newline at end of file diff --git a/docs/configuration/policy/as-path-list.rst b/docs/configuration/policy/as-path-list.rst new file mode 100644 index 00000000..ceeb8e01 --- /dev/null +++ b/docs/configuration/policy/as-path-list.rst @@ -0,0 +1,33 @@ +#################### +BGP - AS Path Policy +#################### + +VyOS provides policies commands exclusively for BGP traffic filtering and +manipulation: **as-path-list** is one of them. + +************* +Configuration +************* + +policy as-path-list +=================== + +.. cfgcmd:: set policy as-path-list <text> + + Create as-path-policy identified by name <text>. + +.. cfgcmd:: set policy as-path-list <text> description <text> + + Set description for as-path-list policy. + +.. cfgcmd:: set policy as-path-list <text> rule <1-65535> action <permit|deny> + + Set action to take on entries matching this rule. + +.. cfgcmd:: set policy as-path-list <text> rule <1-65535> description <text> + + Set description for rule. + +.. cfgcmd:: set policy as-path-list <text> rule <1-65535> regex <text> + + Regular expression to match against an AS path. For example "64501 64502". diff --git a/docs/configuration/policy/bgp-policies.rst b/docs/configuration/policy/bgp-policies.rst deleted file mode 100644 index 72b612cb..00000000 --- a/docs/configuration/policy/bgp-policies.rst +++ /dev/null @@ -1,124 +0,0 @@ -#################### -BGP Related Policies -#################### - -VyOS provides policies commands exclusively for BGP traffic filtering and -manipulation. In this section, all those commands are covered. - -************* -Configuration -************* - -policy as-path-list -=================== - -.. cfgcmd:: set policy as-path-list <text> - - Create as-path-policy identified by name <text>. - -.. cfgcmd:: set policy as-path-list <text> description <text> - - Set description for as-path-list policy. - -.. cfgcmd:: set policy as-path-list <text> rule <1-65535> action <permit|deny> - - Set action to take on entries matching this rule. - -.. cfgcmd:: set policy as-path-list <text> rule <1-65535> description <text> - - Set description for rule. - -.. cfgcmd:: set policy as-path-list <text> rule <1-65535> regex <text> - - Regular expression to match against an AS path. For example "64501 64502". - - -policy community-list -===================== - -.. cfgcmd:: set policy community-list <text> - - Creat community-list policy identified by name <text>. - -.. cfgcmd:: set policy community-list <text> description <text> - - Set description for community-list policy. - -.. cfgcmd:: set policy community-list <text> rule <1-65535> action - <permit|deny> - - Set action to take on entries matching this rule. - -.. cfgcmd:: set policy community-list <text> rule <1-65535> description <text> - - Set description for rule. - -.. cfgcmd:: set policy community-list <text> rule <1-65535> regex - <aa:nn|local-AS|no-advertise|no-export|internet|additive> - - Regular expression to match against a community-list. - - -policy extcommunity-list -======================== - -.. cfgcmd:: set policy extcommunity-list <text> - - Creat extcommunity-list policy identified by name <text>. - -.. cfgcmd:: set policy extcommunity-list <text> description <text> - - Set description for extcommunity-list policy. - -.. cfgcmd:: set policy extcommunity-list <text> rule <1-65535> action - <permit|deny> - - Set action to take on entries matching this rule. - -.. cfgcmd:: set policy extcommunity-list <text> rule <1-65535> description - <text> - - Set description for rule. - -.. cfgcmd:: set policy extcommunity-list <text> rule <1-65535> regex <text> - - Regular expression to match against an extended community list, where text - could be: - - * <aa:nn:nn>: Extended community list regular expression. - * <rt aa:nn:nn>: Route Target regular expression. - * <soo aa:nn:nn>: Site of Origin regular expression. - - -policy large-community-list -=========================== - -.. cfgcmd:: set policy large-community-list <text> - - Creat large-community-list policy identified by name <text>. - -.. cfgcmd:: set policy large-community-list <text> description <text> - - Set description for large-community-list policy. - -.. cfgcmd:: set policy large-community-list <text> rule <1-65535> action - <permit|deny> - - Set action to take on entries matching this rule. - -.. cfgcmd:: set policy large-community-list <text> rule <1-65535> description - <text> - - Set description for rule. - -.. cfgcmd:: set policy large-community-list <text> rule <1-65535> regex - <aa:nn:nn> - - Regular expression to match against a large community list. - - -******** -Examples -******** - -Examples would be uploaded soon.
\ No newline at end of file diff --git a/docs/configuration/policy/community-list.rst b/docs/configuration/policy/community-list.rst new file mode 100644 index 00000000..e53abeb3 --- /dev/null +++ b/docs/configuration/policy/community-list.rst @@ -0,0 +1,35 @@ +#################### +BGP - Community List +#################### + +VyOS provides policies commands exclusively for BGP traffic filtering and +manipulation: **community-list** is one of them. + +************* +Configuration +************* + +policy community-list +===================== + +.. cfgcmd:: set policy community-list <text> + + Creat community-list policy identified by name <text>. + +.. cfgcmd:: set policy community-list <text> description <text> + + Set description for community-list policy. + +.. cfgcmd:: set policy community-list <text> rule <1-65535> action + <permit|deny> + + Set action to take on entries matching this rule. + +.. cfgcmd:: set policy community-list <text> rule <1-65535> description <text> + + Set description for rule. + +.. cfgcmd:: set policy community-list <text> rule <1-65535> regex + <aa:nn|local-AS|no-advertise|no-export|internet|additive> + + Regular expression to match against a community-list.
\ No newline at end of file diff --git a/docs/configuration/policy/examples.rst b/docs/configuration/policy/examples.rst index 88715a0a..a1d40db4 100644 --- a/docs/configuration/policy/examples.rst +++ b/docs/configuration/policy/examples.rst @@ -1,5 +1,6 @@ +########### BGP Example -=========== +########### **Policy definition:** @@ -50,9 +51,9 @@ neighbor. You now see the longer AS path. - +################# Transparent Proxy -================= +################# The following example will show how VyOS can be used to redirect web traffic to an external transparent proxy: @@ -84,9 +85,9 @@ interface, we use: set interfaces ethernet eth1 policy route FILTER-WEB - +################ Multiple Uplinks -================ +################ VyOS Policy-Based Routing (PBR) works by matching source IP address ranges and forwarding the traffic using different routing tables. @@ -146,7 +147,7 @@ These commands allow the VLAN10 and VLAN20 hosts to communicate with each other using the main routing table. Local route ------------ +=========== The following example allows VyOS to use :abbr:`PBR (Policy-Based Routing)` for traffic, which originated from the router itself. That solution for multiple diff --git a/docs/configuration/policy/extcommunity-list.rst b/docs/configuration/policy/extcommunity-list.rst new file mode 100644 index 00000000..c413b8b5 --- /dev/null +++ b/docs/configuration/policy/extcommunity-list.rst @@ -0,0 +1,40 @@ +############################# +BGP - Extended Community List +############################# + +VyOS provides policies commands exclusively for BGP traffic filtering and +manipulation: **extcommunity-list** is one of them. + +************* +Configuration +************* + +policy extcommunity-list +======================== + +.. cfgcmd:: set policy extcommunity-list <text> + + Creat extcommunity-list policy identified by name <text>. + +.. cfgcmd:: set policy extcommunity-list <text> description <text> + + Set description for extcommunity-list policy. + +.. cfgcmd:: set policy extcommunity-list <text> rule <1-65535> action + <permit|deny> + + Set action to take on entries matching this rule. + +.. cfgcmd:: set policy extcommunity-list <text> rule <1-65535> description + <text> + + Set description for rule. + +.. cfgcmd:: set policy extcommunity-list <text> rule <1-65535> regex <text> + + Regular expression to match against an extended community list, where text + could be: + + * <aa:nn:nn>: Extended community list regular expression. + * <rt aa:nn:nn>: Route Target regular expression. + * <soo aa:nn:nn>: Site of Origin regular expression. diff --git a/docs/configuration/policy/index.rst b/docs/configuration/policy/index.rst index fc1c1366..51f60479 100644 --- a/docs/configuration/policy/index.rst +++ b/docs/configuration/policy/index.rst @@ -35,8 +35,11 @@ Policy Sections prefix-list route route-map - bgp-policies local-route + as-path-list + community-list + extcommunity-list + large-community-list ******** Examples diff --git a/docs/configuration/policy/large-community-list.rst b/docs/configuration/policy/large-community-list.rst new file mode 100644 index 00000000..39da0815 --- /dev/null +++ b/docs/configuration/policy/large-community-list.rst @@ -0,0 +1,36 @@ +########################## +BGP - Large Community List +########################## + +VyOS provides policies commands exclusively for BGP traffic filtering and +manipulation: **large-community-list** is one of them. + +************* +Configuration +************* + +policy large-community-list +=========================== + +.. cfgcmd:: set policy large-community-list <text> + + Creat large-community-list policy identified by name <text>. + +.. cfgcmd:: set policy large-community-list <text> description <text> + + Set description for large-community-list policy. + +.. cfgcmd:: set policy large-community-list <text> rule <1-65535> action + <permit|deny> + + Set action to take on entries matching this rule. + +.. cfgcmd:: set policy large-community-list <text> rule <1-65535> description + <text> + + Set description for rule. + +.. cfgcmd:: set policy large-community-list <text> rule <1-65535> regex + <aa:nn:nn> + + Regular expression to match against a large community list. diff --git a/docs/configuration/policy/prefix-list.rst b/docs/configuration/policy/prefix-list.rst index ebc02ea2..63b6510e 100644 --- a/docs/configuration/policy/prefix-list.rst +++ b/docs/configuration/policy/prefix-list.rst @@ -78,10 +78,3 @@ IPv6 Prefix Lists .. cfgcmd:: set policy prefix-list6 <text> rule <1-65535> le <0-128> Netmask less than lenght - - -******** -Examples -******** - -Examples would be uploaded soon.
\ No newline at end of file diff --git a/docs/configuration/policy/route-map.rst b/docs/configuration/policy/route-map.rst index 14cace25..7c236cf7 100644 --- a/docs/configuration/policy/route-map.rst +++ b/docs/configuration/policy/route-map.rst @@ -254,9 +254,3 @@ Route Map <0-4294967295> Set BGP weight attribute - -******** -Examples -******** - -Examples would be uploaded soon.
\ No newline at end of file diff --git a/docs/configuration/policy/route.rst b/docs/configuration/policy/route.rst index 8f54a47b..ffbe85b2 100644 --- a/docs/configuration/policy/route.rst +++ b/docs/configuration/policy/route.rst @@ -419,10 +419,3 @@ IPv6 Route Weekdays to match rule on. Format for weekdays: Mon,Thu,Sat. To negate add ! at the front eg. !Mon,Thu,Sat. - - -******** -Examples -******** - -Examples would be uploaded soon.
\ No newline at end of file |