summaryrefslogtreecommitdiff
path: root/docs/configuration/protocols
diff options
context:
space:
mode:
Diffstat (limited to 'docs/configuration/protocols')
-rw-r--r--docs/configuration/protocols/babel.rst4
-rw-r--r--docs/configuration/protocols/bfd.rst57
-rw-r--r--docs/configuration/protocols/bgp.rst27
-rw-r--r--docs/configuration/protocols/failover.rst15
-rw-r--r--docs/configuration/protocols/igmp-proxy.rst77
-rw-r--r--docs/configuration/protocols/igmp.rst249
-rw-r--r--docs/configuration/protocols/index.rst5
-rw-r--r--docs/configuration/protocols/isis.rst87
-rw-r--r--docs/configuration/protocols/ospf.rst204
-rw-r--r--docs/configuration/protocols/pim.disable2
-rw-r--r--docs/configuration/protocols/pim.rst266
-rw-r--r--docs/configuration/protocols/pim6.rst94
-rw-r--r--docs/configuration/protocols/rpki.rst4
13 files changed, 804 insertions, 287 deletions
diff --git a/docs/configuration/protocols/babel.rst b/docs/configuration/protocols/babel.rst
index 58436178..07d1bc86 100644
--- a/docs/configuration/protocols/babel.rst
+++ b/docs/configuration/protocols/babel.rst
@@ -1,8 +1,8 @@
.. _babel:
-####
+#####
Babel
-####
+#####
Babel is a modern routing protocol designed to be robust and efficient
both in ordinary wired networks and in wireless mesh networks.
diff --git a/docs/configuration/protocols/bfd.rst b/docs/configuration/protocols/bfd.rst
index faec71bc..496c0cf9 100644
--- a/docs/configuration/protocols/bfd.rst
+++ b/docs/configuration/protocols/bfd.rst
@@ -132,4 +132,61 @@ Operational Commands
Transmission interval: 300ms
Echo transmission interval: 0ms
+BFD Static Route Monitoring
+===========================
+A monitored static route conditions the installation to the RIB on the BFD
+session running state: when BFD session is up the route is installed to RIB,
+but when the BFD session is down it is removed from the RIB.
+
+Configuration
+-------------
+
+.. cfgcmd:: set protocols static route <subnet> next-hop <address>
+ bfd profile <profile>
+
+ Configure a static route for <subnet> using gateway <address>
+ and use the gateway address as BFD peer destination address.
+
+.. cfgcmd:: set protocols static route <subnet> next-hop <address>
+ bfd multi-hop source <address> profile <profile>
+
+ Configure a static route for <subnet> using gateway <address>
+ , use source address to indentify the peer when is multi-hop session
+ and the gateway address as BFD peer destination address.
+
+.. cfgcmd:: set protocols static route6 <subnet> next-hop <address>
+ bfd profile <profile>
+
+ Configure a static route for <subnet> using gateway <address>
+ and use the gateway address as BFD peer destination address.
+
+.. cfgcmd:: set protocols static route6 <subnet> next-hop <address>
+ bfd multi-hop source <address> profile <profile>
+
+ Configure a static route for <subnet> using gateway <address>
+ , use source address to indentify the peer when is multi-hop session
+ and the gateway address as BFD peer destination address.
+
+
+.. _BFD Operational Commands:
+
+Operational Commands
+====================
+
+.. opcmd:: show bfd static routes
+
+ Showing BFD monitored static routes
+
+ .. code-block:: none
+
+ Showing BFD monitored static routes:
+
+ Next hops:
+ VRF default IPv4 Unicast:
+ 10.10.13.3/32 peer 192.168.2.3 (status: installed)
+ 172.16.10.3/32 peer 192.168.10.1 (status: uninstalled)
+
+ VRF default IPv4 Multicast:
+
+ VRF default IPv6 Unicast:
diff --git a/docs/configuration/protocols/bgp.rst b/docs/configuration/protocols/bgp.rst
index 737e98fa..8fc69111 100644
--- a/docs/configuration/protocols/bgp.rst
+++ b/docs/configuration/protocols/bgp.rst
@@ -952,7 +952,7 @@ Operational Mode Commands
Show
====
-.. opcmd:: show <ip|ipv6> bgp
+.. opcmd:: show bgp <ipv4|ipv6>
This command displays all entries in BGP routing table.
@@ -964,6 +964,7 @@ Show
i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes: i - IGP, e - EGP, ? - incomplete
+ RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 198.51.100.0/24 10.0.34.4 0 0 65004 i
@@ -971,7 +972,7 @@ Show
Displayed 2 routes and 2 total paths
-.. opcmd:: show <ip|ipv6> bgp <address|prefix>
+.. opcmd:: show bgp <ipv4|ipv6> <address|prefix>
This command displays information about the particular entry in the BGP
routing table.
@@ -991,55 +992,55 @@ Show
This command displays routes with classless interdomain routing (CIDR).
-.. opcmd:: show <ip|ipv6> bgp community <value>
+.. opcmd:: show bgp <ipv4|ipv6> community <value>
This command displays routes that belong to specified BGP communities.
Valid value is a community number in the range from 1 to 4294967200,
or AA:NN (autonomous system-community number/2-byte number), no-export,
local-as, or no-advertise.
-.. opcmd:: show <ip|ipv6> bgp community-list <name>
+.. opcmd:: show bgp <ipv4|ipv6> community-list <name>
This command displays routes that are permitted by the BGP
community list.
-.. opcmd:: show ip bgp dampened-paths
+.. opcmd:: show bgp <ipv4|ipv6> dampening dampened-paths
This command displays BGP dampened routes.
-.. opcmd:: show ip bgp flap-statistics
+.. opcmd:: show bgp <ipv4|ipv6> dampening flap-statistics
This command displays information about flapping BGP routes.
-.. opcmd:: show ip bgp filter-list <name>
+.. opcmd:: show bgp <ipv4|ipv6> filter-list <name>
This command displays BGP routes allowed by the specified AS Path
access list.
-.. opcmd:: show <ip|ipv6> bgp neighbors <address> advertised-routes
+.. opcmd:: show bgp <ipv4|ipv6> neighbors <address> advertised-routes
This command displays BGP routes advertised to a neighbor.
-.. opcmd:: show <ip|ipv6> bgp neighbors <address> received-routes
+.. opcmd:: show bgp <ipv4|ipv6> neighbors <address> received-routes
This command displays BGP routes originating from the specified BGP
neighbor before inbound policy is applied. To use this command inbound
soft reconfiguration must be enabled.
-.. opcmd:: show <ip|ipv6> bgp neighbors <address> routes
+.. opcmd:: show bgp <ipv4|ipv6> neighbors <address> routes
This command displays BGP received-routes that are accepted after filtering.
-.. opcmd:: show <ip|ipv6> bgp neighbors <address> dampened-routes
+.. opcmd:: show bgp <ipv4|ipv6> neighbors <address> dampened-routes
This command displays dampened routes received from BGP neighbor.
-.. opcmd:: show <ip|ipv6> bgp regexp <text>
+.. opcmd:: show bgp <ipv4|ipv6> regexp <text>
This command displays information about BGP routes whose AS path
matches the specified regular expression.
-.. opcmd:: show <ip|ipv6> bgp summary
+.. opcmd:: show bgp <ipv4|ipv6> summary
This command displays the status of all BGP connections.
diff --git a/docs/configuration/protocols/failover.rst b/docs/configuration/protocols/failover.rst
index 72201ade..daeb65f4 100644
--- a/docs/configuration/protocols/failover.rst
+++ b/docs/configuration/protocols/failover.rst
@@ -1,5 +1,3 @@
-.. _routing-static:
-
########
Failover
########
@@ -34,6 +32,19 @@ Failover Routes
Default is ``icmp``.
+.. cfgcmd:: set protocols failover route <subnet> next-hop <address> check
+ policy <policy>
+
+ Policy for checking targets
+
+* ``all-available`` all checking target addresses must be available to pass
+ this check
+
+* ``any-available`` any of the checking target addresses must be available
+ to pass this check
+
+ Default is ``any-available``.
+
.. cfgcmd:: set protocols failover route <subnet> next-hop <address>
interface <interface>
diff --git a/docs/configuration/protocols/igmp-proxy.rst b/docs/configuration/protocols/igmp-proxy.rst
new file mode 100644
index 00000000..f62a289e
--- /dev/null
+++ b/docs/configuration/protocols/igmp-proxy.rst
@@ -0,0 +1,77 @@
+:lastproofread: 2023-11-13
+
+.. _igmp_proxy:
+
+##########
+IGMP Proxy
+##########
+
+:abbr:`IGMP (Internet Group Management Protocol)` proxy sends IGMP host messages
+on behalf of a connected client. The configuration must define one, and only one
+upstream interface, and one or more downstream interfaces.
+
+Configuration
+=============
+
+.. cfgcmd:: set protocols igmp-proxy interface <interface> role
+ <upstream | downstream>
+
+ * **upstream:** The upstream network interface is the outgoing interface
+ which is responsible for communicating to available multicast data sources.
+ There can only be one upstream interface.
+
+ * **downstream:** Downstream network interfaces are the distribution
+ interfaces to the destination networks, where multicast clients can join
+ groups and receive multicast data. One or more downstream interfaces must
+ be configured.
+
+.. cfgcmd:: set protocols igmp-proxy interface <interface> alt-subnet <network>
+
+ Defines alternate sources for multicasting and IGMP data. The network address
+ must be on the following format 'a.b.c.d/n'. By default, the router will
+ accept data from sources on the same network as configured on an interface.
+ If the multicast source lies on a remote network, one must define from where
+ traffic should be accepted.
+
+ This is especially useful for the upstream interface, since the source for
+ multicast traffic is often from a remote location.
+
+ This option can be supplied multiple times.
+
+.. cfgcmd:: set protocols igmp-proxy disable-quickleave
+
+ Disables quickleave mode. In this mode the daemon will not send a Leave IGMP
+ message upstream as soon as it receives a Leave message for any downstream
+ interface. The daemon will not ask for Membership reports on the downstream
+ interfaces, and if a report is received the group is not joined again the
+ upstream.
+
+ If it's vital that the daemon should act exactly like a real multicast client
+ on the upstream interface, this function should be enabled.
+
+ Enabling this function increases the risk of bandwidth saturation.
+
+.. cfgcmd:: set protocols igmp-proxy disable
+
+ Disable this service.
+
+.. _igmp:proxy_example:
+
+Example
+-------
+
+Interface `eth1` LAN is behind NAT. In order to subscribe `10.0.0.0/23` subnet
+multicast which is in `eth0` WAN we need to configure igmp-proxy.
+
+.. code-block:: none
+
+ set protocols igmp-proxy interface eth0 role upstream
+ set protocols igmp-proxy interface eth0 alt-subnet 10.0.0.0/23
+ set protocols igmp-proxy interface eth1 role downstream
+
+Operation
+=========
+
+.. opcmd:: restart igmp-proxy
+
+ Restart the IGMP proxy process.
diff --git a/docs/configuration/protocols/igmp.rst b/docs/configuration/protocols/igmp.rst
deleted file mode 100644
index d3492632..00000000
--- a/docs/configuration/protocols/igmp.rst
+++ /dev/null
@@ -1,249 +0,0 @@
-:lastproofread: 2023-01-27
-
-.. _multicast:
-
-#########
-Multicast
-#########
-
-VyOS facilitates IP Multicast by supporting **PIM Sparse Mode**,
-**IGMP** and **IGMP-Proxy**.
-
-************
-PIM and IGMP
-************
-
-PIM (Protocol Independent Multicast) must be configured in every
-interface of every participating router. Every router must also have the
-location of the Rendevouz Point manually configured. Then,
-unidirectional shared trees rooted at the Rendevouz Point will
-automatically be built for multicast distribution.
-
-Traffic from multicast sources will go to the Rendezvous Point, and
-receivers will pull it from a shared tree using IGMP (Internet Group
-Management Protocol).
-
-Multicast receivers will talk IGMP to their local router, so, besides
-having PIM configured in every router, IGMP must also be configured in
-any router where there could be a multicast receiver locally connected.
-
-VyOS supports both IGMP version 2 and version 3 (which allows
-source-specific multicast).
-
-
-Example
-=======
-
-In the following example we can see a basic multicast setup:
-
-.. image:: /_static/images/multicast-basic.png
- :width: 90%
- :align: center
- :alt: Network Topology Diagram
-
-
-
-**Router 1**
-
-.. code-block:: none
-
- set interfaces ethernet eth2 address '172.16.0.2/24'
- set interfaces ethernet eth1 address '100.64.0.1/24'
- set protocols ospf area 0 network '172.16.0.0/24'
- set protocols ospf area 0 network '100.64.0.0/24'
- set protocols igmp interface eth1
- set protocols pim interface eth1
- set protocols pim interface eth2
- set protocols pim rp address 172.16.255.1 group '224.0.0.0/4'
-
-**Router 3**
-
-.. code-block:: none
-
- set interfaces dummy dum0 address '172.16.255.1/24'
- set interfaces ethernet eth0 address '172.16.0.1/24'
- set interfaces ethernet eth1 address '172.16.1.1/24'
- set protocols ospf area 0 network '172.16.0.0/24'
- set protocols ospf area 0 network '172.16.255.0/24'
- set protocols ospf area 0 network '172.16.1.0/24'
- set protocols pim interface dum0
- set protocols pim interface eth0
- set protocols pim interface eth1
- set protocols pim rp address 172.16.255.1 group '224.0.0.0/4'
-
-**Router 2**
-
-.. code-block:: none
-
- set interfaces ethernet eth1 address '10.0.0.1/24'
- set interfaces ethernet eth2 address '172.16.1.2/24'
- set protocols ospf area 0 network '10.0.0.0/24'
- set protocols ospf area 0 network '172.16.1.0/24'
- set protocols pim interface eth1
- set protocols pim interface eth2
- set protocols pim rp address 172.16.255.1 group '224.0.0.0/4'
-
-
-
-
-
-Basic commands
-==============
-
-These are the commands for a basic setup.
-
-.. cfgcmd:: set protocols pim interface <interface-name>
-
- Use this command to enable PIM in the selected interface so that it
- can communicate with PIM neighbors.
-
-
-.. cfgcmd:: set protocols pim rp address <address> group
- <multicast-address/mask-bits>
-
- Use this command to manually configure a Rendezvous Point for PIM so
- that join messages can be sent there. Set the Rendevouz Point address
- and the matching prefix of group ranges covered. These values must
- be shared with every router participating in the PIM network.
-
-
-.. cfgcmd:: set protocols igmp interface eth1
-
- Use this command to configure an interface with IGMP so that PIM can
- receive IGMP reports and query on the selected interface. By default
- IGMP version 3 will be used.
-
-
-
-Tuning commands
-===============
-
-You can also tune multicast with the following commands.
-
-.. cfgcmd:: set protocols pim interface <interface> dr-priority <value>
-
- Use this PIM command in the selected interface to set the priority
- (1-4294967295) you want to influence in the election of a node to
- become the Designated Router for a LAN segment. The default priority
- is 1, set a higher value to give the router more preference in the
- DR election process.
-
-
-.. cfgcmd:: set protocols pim int <interface> hello <seconds>
-
- Use this command to configure the PIM hello interval in seconds
- (1-180) for the selected interface.
-
-
-.. cfgcmd:: set protocols pim rp keep-alive-timer <seconds>
-
- Use this PIM command to modify the time out value (31-60000
- seconds) for an `(S,G) <https://tools.ietf.org/html/rfc7761#section-4.1>`_
- flow. 31 seconds is chosen for a lower bound as some hardware
- platforms cannot see data flowing in better than 30 seconds chunks.
-
-
-.. cfgcmd:: set protocols igmp interface <interface> join <multicast-address>
- source <IP-address>
-
- Use this command to allow the selected interface to join a multicast
- group defining the multicast address you want to join and the source
- IP address too.
-
-
-.. cfgcmd:: set protocols igmp interface <interface> query-interval <seconds>
-
- Use this command to configure in the selected interface the IGMP
- host query interval (1-1800) in seconds that PIM will use.
-
-
-.. cfgcmd:: set protocols igmp interface <interface> query-max-response-time
- <deciseconds>
-
- Use this command to configure in the selected interface the IGMP
- query response timeout value (10-250) in deciseconds. If a report is
- not returned in the specified time, it will be assumed the `(S,G) or
- (*,G) state <https://tools.ietf.org/html/rfc7761#section-4.1>`_ has
- timed out.
-
-
-.. cfgcmd:: set protocols igmp interface <interface> version <version-number>
-
- Use this command to define in the selected interface whether you
- choose IGMP version 2 or 3. The default value is 3.
-
-
-
-**********
-IGMP Proxy
-**********
-
-:abbr:`IGMP (Internet Group Management Protocol)` proxy sends IGMP host messages
-on behalf of a connected client. The configuration must define one, and only one
-upstream interface, and one or more downstream interfaces.
-
-Configuration
-=============
-
-.. cfgcmd:: set protocols igmp-proxy interface <interface> role
- <upstream | downstream>
-
- * **upstream:** The upstream network interface is the outgoing interface
- which is responsible for communicating to available multicast data sources.
- There can only be one upstream interface.
-
- * **downstream:** Downstream network interfaces are the distribution
- interfaces to the destination networks, where multicast clients can join
- groups and receive multicast data. One or more downstream interfaces must
- be configured.
-
-.. cfgcmd:: set protocols igmp-proxy interface <interface> alt-subnet <network>
-
- Defines alternate sources for multicasting and IGMP data. The network address
- must be on the following format 'a.b.c.d/n'. By default, the router will
- accept data from sources on the same network as configured on an interface.
- If the multicast source lies on a remote network, one must define from where
- traffic should be accepted.
-
- This is especially useful for the upstream interface, since the source for
- multicast traffic is often from a remote location.
-
- This option can be supplied multiple times.
-
-.. cfgcmd:: set protocols igmp-proxy disable-quickleave
-
- Disables quickleave mode. In this mode the daemon will not send a Leave IGMP
- message upstream as soon as it receives a Leave message for any downstream
- interface. The daemon will not ask for Membership reports on the downstream
- interfaces, and if a report is received the group is not joined again the
- upstream.
-
- If it's vital that the daemon should act exactly like a real multicast client
- on the upstream interface, this function should be enabled.
-
- Enabling this function increases the risk of bandwidth saturation.
-
-.. cfgcmd:: set protocols igmp-proxy disable
-
- Disable this service.
-
-.. _igmp:proxy_example:
-
-Example
--------
-
-Interface `eth1` LAN is behind NAT. In order to subscribe `10.0.0.0/23` subnet
-multicast which is in `eth0` WAN we need to configure igmp-proxy.
-
-.. code-block:: none
-
- set protocols igmp-proxy interface eth0 role upstream
- set protocols igmp-proxy interface eth0 alt-subnet 10.0.0.0/23
- set protocols igmp-proxy interface eth1 role downstream
-
-Operation
-=========
-
-.. opcmd:: restart igmp-proxy
-
- Restart the IGMP proxy process.
diff --git a/docs/configuration/protocols/index.rst b/docs/configuration/protocols/index.rst
index 29dc230f..ea217d3c 100644
--- a/docs/configuration/protocols/index.rst
+++ b/docs/configuration/protocols/index.rst
@@ -2,7 +2,6 @@
Protocols
#########
-
.. toctree::
:maxdepth: 1
:includehidden:
@@ -11,11 +10,13 @@ Protocols
bfd
bgp
failover
- igmp
+ igmp-proxy
isis
mpls
segment-routing
ospf
+ pim
+ pim6
rip
rpki
static
diff --git a/docs/configuration/protocols/isis.rst b/docs/configuration/protocols/isis.rst
index ef9cc960..1f779d0a 100644
--- a/docs/configuration/protocols/isis.rst
+++ b/docs/configuration/protocols/isis.rst
@@ -127,6 +127,19 @@ IS-IS Global Configuration
level-2
This command will generate a default-route in L2 database.
+
+
+.. cfgcmd:: set protocols isis ldp-sync
+
+ This command will enable IGP-LDP synchronization globally for ISIS. This
+ requires for LDP to be functional. This is described in :rfc:`5443`. By
+ default all interfaces operational in IS-IS are enabled for synchronization.
+ Loopbacks are exempt.
+
+.. cfgcmd:: set protocols isis ldp-sync holddown <seconds>
+
+ This command will change the hold down value globally for IGP-LDP
+ synchronization during convergence/interface flap events.
Interface Configuration
@@ -200,6 +213,15 @@ Interface Configuration
This command disables Three-Way Handshake for P2P adjacencies which
described in :rfc:`5303`. Three-Way Handshake is enabled by default.
+.. cfgcmd:: set protocols isis interface <interface> ldp-sync disable
+
+ This command disables IGP-LDP sync for this specific interface.
+
+.. cfgcmd:: set protocols isis interface <interface> ldp-sync holddown
+ <seconds>
+
+ This command will change the hold down value for IGP-LDP synchronization
+ during convergence/interface flap events, but for this interface only.
Route Redistribution
--------------------
@@ -280,6 +302,34 @@ Timers
control the timing of the execution of SPF calculations in response
to IGP events. The process described in :rfc:`8405`.
+Loop Free Alternate (LFA)
+-------------------------
+
+.. cfgcmd:: set protocols isis fast-reroute lfa remote prefix-list <name>
+ <level-1|level-2>
+
+ This command enables IP fast re-routing that is part of :rfc:`5286`.
+ Specifically this is a prefix list which references a prefix in which
+ will select eligible PQ nodes for remote LFA backups.
+
+.. cfgcmd:: set protocols isis fast-reroute lfa local load-sharing disable
+ <level-1|level-2>
+
+ This command disables the load sharing across multiple LFA backups.
+
+.. cfgcmd:: set protocols isis fast-reroute lfa local tiebreaker
+ <downstream|lowest-backup-metric|node-protecting> index <number>
+ <level-1|level-2>
+
+ This command will configure a tie-breaker for multiple local LFA backups.
+ The lower index numbers will be processed first.
+
+.. cfgcmd:: set protocols isis fast-reroute lfa local priority-limit
+ <medium|high|critical> <level-1|level-2>
+
+ This command will limit LFA backup computation up to the specified
+ prefix priority.
+
********
Examples
@@ -401,7 +451,42 @@ Routes on Node 2:
I 203.0.113.0/24 [115/10] via 192.0.2.1, eth1, 00:03:42
-
+Enable IS-IS and IGP-LDP synchronization
+========================================
+
+**Node 1:**
+
+.. code-block:: none
+
+ set interfaces loopback lo address 192.168.255.255/32
+ set interfaces ethernet eth0 address 192.0.2.1/24
+
+ set protocols isis interface eth0
+ set protocols isis interface lo passive
+ set protocols isis ldp-sync
+ set protocols isis net 49.0001.1921.6825.5255.00
+
+ set protocols mpls interface eth0
+ set protocols mpls ldp discovery transport-ipv4-address 192.168.255.255
+ set protocols mpls ldp interface lo
+ set protocols mpls ldp interface eth0
+ set protocols mpls ldp parameters transport-prefer-ipv4
+ set protocols mpls ldp router-id 192.168.255.255
+
+
+This gives us IGP-LDP synchronization for all non-loopback interfaces with
+a holddown timer of zero seconds:
+
+
+.. code-block:: none
+
+ Node-1@vyos:~$ show isis mpls ldp-sync
+ eth0
+ LDP-IGP Synchronization enabled: yes
+ holddown timer in seconds: 0
+ State: Sync achieved
+
+
Enable IS-IS with Segment Routing (Experimental)
diff --git a/docs/configuration/protocols/ospf.rst b/docs/configuration/protocols/ospf.rst
index 60f9c149..9891c77d 100644
--- a/docs/configuration/protocols/ospf.rst
+++ b/docs/configuration/protocols/ospf.rst
@@ -38,12 +38,12 @@ starts when the first ospf enabled interface is configured.
specified in decimal notation in the range from 0 to 4294967295. Or it
can be specified in dotted decimal notation similar to ip address.
- Prefix length in interface must be equal or bigger (i.e. smaller network)
+ Prefix length in interface must be equal or bigger (i.e. smaller network)
than prefix length in network statement. For example statement above doesn't
- enable ospf on interface with address 192.168.1.1/23, but it does on
+ enable ospf on interface with address 192.168.1.1/23, but it does on
interface with address 192.168.1.129/25.
- In some cases it may be more convenient to enable OSPF on a per
+ In some cases it may be more convenient to enable OSPF on a per
interface/subnet
basis :cfgcmd:`set protocols ospf interface <interface> area <x.x.x.x | x>`
@@ -190,6 +190,29 @@ Optional
:cfgcmd:`max-holdtime` sets the maximum wait time between two
consecutive SPF calculations. The default value is 10000 ms.
+.. cfgcmd:: set protocols ospf ldp-sync
+
+ This command will enable IGP-LDP synchronization globally for OSPF. This
+ requires for LDP to be functional. This is described in :rfc:`5443`. By
+ default all interfaces operational in OSPF are enabled for synchronization.
+ Loopbacks are exempt.
+
+.. cfgcmd:: set protocols ospf ldp-sync holddown <seconds>
+
+ This command will change the hold down value globally for IGP-LDP
+ synchronization during convergence/interface flap events.
+
+.. cfgcmd:: set protocols ospf capability opaque
+
+ ospfd supports Opaque LSA :rfc:`2370` as partial support for MPLS Traffic
+ Engineering LSAs. The opaque-lsa capability must be enabled in the
+ configuration.
+
+ An alternate command could be "mpls-te on" (Traffic Engineering)
+
+ .. note:: FRR offers only partial support for some of the routing
+ protocol extensions that are used with MPLS-TE; it does not
+ support a complete RSVP-TE solution.
Area Configuration
------------------
@@ -278,15 +301,15 @@ Area Configuration
intra area paths from this range are not advertised into other areas.
This command makes sense in ABR only.
-.. cfgcmd:: set protocols ospf area <number> export-list <acl_number>
+.. cfgcmd:: set protocols ospf area <number> export-list <acl_number>
- Filter Type-3 summary-LSAs announced to other areas originated from
+ Filter Type-3 summary-LSAs announced to other areas originated from
intra- area paths from specified area.
This command makes sense in ABR only.
-.. cfgcmd:: set protocols ospf area <number> import-list <acl_number>
+.. cfgcmd:: set protocols ospf area <number> import-list <acl_number>
- Same as export-list, but it applies to paths announced into specified
+ Same as export-list, but it applies to paths announced into specified
area as Type-3 summary-LSAs.
This command makes sense in ABR only.
@@ -437,6 +460,78 @@ Interface Configuration
synchronizing process of the router's database with all neighbors. The
default value is 1 seconds. The interval range is 3 to 65535.
+.. cfgcmd:: set protocols ospf interface <interface> ldp-sync disable
+
+ This command disables IGP-LDP sync for this specific interface.
+
+.. cfgcmd:: set protocols ospf interface <interface> ldp-sync holddown
+ <seconds>
+
+ This command will change the hold down value for IGP-LDP synchronization
+ during convergence/interface flap events, but for this interface only.
+
+External Route Summarisation
+----------------------------
+
+This feature summarises originated external LSAs (Type-5 and Type-7). Summary
+Route will be originated on-behalf of all matched external LSAs.
+
+.. cfgcmd:: set protocols ospf aggregation timer <seconds>
+
+ Configure aggregation delay timer interval.
+
+ Summarisation starts only after this delay timer expiry.
+
+.. cfgcmd:: set protocols ospf summary-address x.x.x.x/y [tag (1-4294967295)]
+
+ This command enable/disables summarisation for the configured address range.
+
+ Tag is the optional parameter. If tag configured Summary route will be
+ originated with the configured tag.
+
+.. cfgcmd:: set protocols ospf summary-address x.x.x.x/y no-advertise
+
+ This command to ensure not advertise the summary lsa for the matched
+ external LSAs.
+
+Graceful Restart
+----------------
+
+.. cfgcmd:: set protocols ospf graceful-restart [grace-period (1-1800)]
+
+ Configure Graceful Restart :rfc:`3623` restarting support. When enabled,
+ the default grace period is 120 seconds.
+
+ To perform a graceful shutdown, the FRR ``graceful-restart prepare ip
+ ospf`` EXEC-level command needs to be issued before restarting the
+ ospfd daemon.
+
+.. cfgcmd:: set protocols ospf graceful-restart helper enable [router-id A.B.C.D]
+
+ Configure Graceful Restart :rfc:`3623` helper support. By default, helper support
+ is disabled for all neighbours. This config enables/disables helper support
+ on this router for all neighbours.
+
+ To enable/disable helper support for a specific neighbour, the router-id
+ (A.B.C.D) has to be specified.
+
+.. cfgcmd:: set protocols ospf graceful-restart helper no-strict-lsa-checking
+
+ By default `strict-lsa-checking` is configured then the helper will abort
+ the Graceful Restart when a LSA change occurs which affects the restarting
+ router.
+
+ This command disables it.
+
+.. cfgcmd:: set protocols ospf graceful-restart helper supported-grace-time
+
+ Supports as HELPER for configured grace period.
+
+.. cfgcmd:: set protocols ospf graceful-restart helper planned-only
+
+ It helps to support as HELPER only for planned restarts.
+
+ By default, it supports both planned and unplanned outages.
Manual Neighbor Configuration
-----------------------------
@@ -603,10 +698,11 @@ Operational Mode Commands
Hello due in 4.563s
Neighbor Count is 1, Adjacent neighbor count is 1
-.. opcmd:: show ip ospf route
+.. opcmd:: show ip ospf route [detail]
This command displays the OSPF routing table, as determined by the most
- recent SPF calculation.
+ recent SPF calculation. With the optional :cfgcmd:`detail` argument,
+ each route item's advertiser router and network attribute will be shown.
.. code-block:: none
@@ -846,6 +942,43 @@ Enable OSPF with route redistribution of the loopback and default originate:
set policy route-map CONNECT rule 10 match interface lo
+Enable OSPF and IGP-LDP synchronization:
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+**Node 1:**
+
+.. code-block:: none
+
+ set interfaces loopback lo address 10.1.1.1/32
+ set interfaces ethernet eth0 address 192.168.0.1/24
+
+ set protocols ospf area 0 network '192.168.0.0/24'
+ set protocols ospf area 0 network '10.1.1.1/32'
+ set protocols ospf parameters router-id '10.1.1.1'
+ set protocols ospf ldp-sync
+
+ set protocols mpls interface eth0
+ set protocols mpls ldp discovery transport-ipv4-address 10.1.1.1
+ set protocols mpls ldp interface lo
+ set protocols mpls ldp interface eth0
+ set protocols mpls ldp parameters transport-prefer-ipv4
+ set protocols mpls ldp router-id 10.1.1.1
+
+
+This gives us IGP-LDP synchronization for all non-loopback interfaces with
+a holddown timer of zero seconds:
+
+
+.. code-block:: none
+
+ Node-1@vyos:~$ show ip ospf mpls ldp-sync
+ eth0
+ LDP-IGP Synchronization enabled: yes
+ Holddown timer in seconds: 0
+ State: Sync achieved
+
+
+
Enable OSPF with Segment Routing (Experimental):
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -855,6 +988,7 @@ Enable OSPF with Segment Routing (Experimental):
set interfaces loopback lo address 10.1.1.1/32
set interfaces ethernet eth0 address 192.168.0.1/24
+
set protocols ospf area 0 network '192.168.0.0/24'
set protocols ospf area 0 network '10.1.1.1/32'
set protocols ospf parameters opaque-lsa
@@ -870,6 +1004,7 @@ Enable OSPF with Segment Routing (Experimental):
set interfaces loopback lo address 10.1.1.2/32
set interfaces ethernet eth0 address 192.168.0.2/24
+
set protocols ospf area 0 network '192.168.0.0/24'
set protocols ospf area 0 network '10.1.1.2/32'
set protocols ospf parameters opaque-lsa
@@ -948,7 +1083,7 @@ General
VyOS does not have a special command to start the OSPFv3 process. The OSPFv3
process starts when the first ospf enabled interface is configured.
-.. cfgcmd:: set protocols ospfv3 interface <interface> area <number>
+.. cfgcmd:: set protocols ospfv3 interface <interface> area <number>
This command specifies the OSPFv3 enabled interface. This command is also
used to enable the OSPF process. The area number can be specified in
@@ -1069,6 +1204,47 @@ Interface Configuration
synchronizing process of the router's database with all neighbors. The
default value is 1 seconds. The interval range is 3 to 65535.
+.. _ospf:v3_graceful_restart:
+
+Graceful Restart
+----------------
+
+.. cfgcmd:: set protocols ospfv3 graceful-restart [grace-period (1-1800)]
+
+ Configure Graceful Restart :rfc:`3623` restarting support. When enabled,
+ the default grace period is 120 seconds.
+
+ To perform a graceful shutdown, the FRR ``graceful-restart prepare ip
+ ospf`` EXEC-level command needs to be issued before restarting the
+ ospfd daemon.
+
+.. cfgcmd:: set protocols ospfv3 graceful-restart helper enable [router-id A.B.C.D]
+
+ Configure Graceful Restart :rfc:`3623` helper support. By default, helper support
+ is disabled for all neighbours. This config enables/disables helper support
+ on this router for all neighbours.
+
+ To enable/disable helper support for a specific neighbour, the router-id
+ (A.B.C.D) has to be specified.
+
+.. cfgcmd:: set protocols ospfv3 graceful-restart helper lsa-check-disable
+
+ By default `strict-lsa-checking` is configured then the helper will abort
+ the Graceful Restart when a LSA change occurs which affects the restarting
+ router.
+
+ This command disables it.
+
+.. cfgcmd:: set protocols ospfv3 graceful-restart helper supported-grace-time
+
+ Supports as HELPER for configured grace period.
+
+.. cfgcmd:: set protocols ospfv3 graceful-restart helper planned-only
+
+ It helps to support as HELPER only for planned restarts.
+
+ By default, it supports both planned and unplanned outages.
+
.. _ospf:v3_redistribution_config:
Redistribution Configuration
@@ -1145,7 +1321,7 @@ A typical configuration using 2 nodes.
.. code-block:: none
- set protocols ospfv3 interface eth1 area 0.0.0.0
+ set protocols ospfv3 interface eth1 area 0.0.0.0
set protocols ospfv3 area 0.0.0.0 range 2001:db8:1::/64
set protocols ospfv3 parameters router-id 192.168.1.1
set protocols ospfv3 redistribute connected
@@ -1154,7 +1330,7 @@ A typical configuration using 2 nodes.
.. code-block:: none
- set protocols ospfv3 interface eth1 area 0.0.0.0
+ set protocols ospfv3 interface eth1 area 0.0.0.0
set protocols ospfv3 area 0.0.0.0 range 2001:db8:2::/64
set protocols ospfv3 parameters router-id 192.168.2.1
set protocols ospfv3 redistribute connected
@@ -1183,7 +1359,7 @@ Example configuration for WireGuard interfaces:
set interfaces wireguard wg01 peer ospf02 pubkey 'ie3...='
set interfaces wireguard wg01 port '12345'
set protocols ospfv3 parameters router-id 192.168.1.1
- set protocols ospfv3 interface 'wg01' area 0.0.0.0
+ set protocols ospfv3 interface 'wg01' area 0.0.0.0
set protocols ospfv3 interface 'lo' area 0.0.0.0
**Node 2**
@@ -1198,7 +1374,7 @@ Example configuration for WireGuard interfaces:
set interfaces wireguard wg01 peer ospf01 pubkey 'NHI...='
set interfaces wireguard wg01 port '12345'
set protocols ospfv3 parameters router-id 192.168.1.2
- set protocols ospfv3 interface 'wg01' area 0.0.0.0
+ set protocols ospfv3 interface 'wg01' area 0.0.0.0
set protocols ospfv3 interface 'lo' area 0.0.0.0
**Status**
diff --git a/docs/configuration/protocols/pim.disable b/docs/configuration/protocols/pim.disable
deleted file mode 100644
index 1dd373d8..00000000
--- a/docs/configuration/protocols/pim.disable
+++ /dev/null
@@ -1,2 +0,0 @@
-PIM
-### \ No newline at end of file
diff --git a/docs/configuration/protocols/pim.rst b/docs/configuration/protocols/pim.rst
new file mode 100644
index 00000000..2e881943
--- /dev/null
+++ b/docs/configuration/protocols/pim.rst
@@ -0,0 +1,266 @@
+:lastproofread: 2023-11-13
+
+.. _pim:
+
+####################################
+PIM – Protocol Independent Multicast
+####################################
+
+VyOS supports :abbr:`PIM-SM (PIM Sparse Mode)` as well as
+:abbr:`IGMP (Internet Group Management Protocol)` v2 and v3
+
+:abbr:`PIM (Protocol Independent Multicast)` must be configured in every
+interface of every participating router. Every router must also have the
+location of the Rendevouz Point manually configured. Then, unidirectional
+shared trees rooted at the Rendevouz Point will automatically be built
+for multicast distribution.
+
+Traffic from multicast sources will go to the Rendezvous Point, and
+receivers will pull it from a shared tree using :abbr:`IGMP (Internet
+Group Management Protocol)`.
+
+Multicast receivers will talk IGMP to their local router, so, besides
+having PIM configured in every router, IGMP must also be configured in
+any router where there could be a multicast receiver locally connected.
+
+VyOS supports both IGMP version 2 and version 3 (which allows
+source-specific multicast).
+
+************************
+PIM-SM - PIM Sparse Mode
+************************
+
+.. cfgcmd:: set protocols pim ecmp
+
+ If PIM has the a choice of ECMP nexthops for a particular
+ :abbr:`RPF (Reverse Path Forwarding)`, PIM will cause S,G flows to be
+ spread out amongst the nexthops. If this command is not specified then
+ the first nexthop found will be used.
+
+.. cfgcmd:: set protocols pim ecmp rebalance
+
+ If PIM is using ECMP and an interface goes down, cause PIM to rebalance all
+ S,G flows across the remaining nexthops. If this command is not configured
+ PIM only modifies those S,G flows that were using the interface that went
+ down.
+
+.. cfgcmd:: set protocols pim join-prune-interval <n>
+
+ Modify the join/prune interval that PIM uses to the new value. Time is
+ specified in seconds.
+
+ The default time is 60 seconds.
+
+ If you enter a value smaller than 60 seconds be aware that this can and
+ will affect convergence at scale.
+
+.. cfgcmd:: set protocols pim keep-alive-timer <n>
+
+ Modify the time out value for a S,G flow from 1-65535 seconds. If choosing
+ a value below 31 seconds be aware that some hardware platforms cannot see
+ data flowing in better than 30 second chunks.
+
+.. cfgcmd:: set protocols pim packets <n>
+
+ When processing packets from a neighbor process the number of packets
+ incoming at one time before moving on to the next task.
+
+ The default value is 3 packets.
+
+ This command is only useful at scale when you can possibly have a large
+ number of PIM control packets flowing.
+
+.. cfgcmd:: set protocols pim register-accept-list <prefix-list>
+
+ When PIM receives a register packet the source of the packet will be compared
+ to the prefix-list specified, and if a permit is received normal processing
+ continues. If a deny is returned for the source address of the register packet
+ a register stop message is sent to the source.
+
+.. cfgcmd:: set protocols pim register-suppress-time <n>
+
+ Modify the time that pim will register suppress a FHR will send register
+ notifications to the kernel.
+
+.. cfgcmd:: set protocols pim rp <address> group <group>
+
+ In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)`
+ for join messages to be sent to. Currently the only methodology to do this is
+ via static rendezvous point commands.
+
+ All routers in the PIM network must agree on these values.
+
+ The first ip address is the RP's address and the second value is the matching
+ prefix of group ranges covered.
+
+.. cfgcmd:: set protocols pim rp keep-alive-timer <n>
+
+ Modify the time out value for a S,G flow from 1-65535 seconds at
+ :abbr:`RP (Rendezvous Point)`. The normal keepalive period for the KAT(S,G)
+ defaults to 210 seconds. However, at the :abbr:`RP (Rendezvous Point)`, the
+ keepalive period must be at least the Register_Suppression_Time, or the RP
+ may time out the (S,G) state before the next Null-Register arrives.
+ Thus, the KAT(S,G) is set to max(Keepalive_Period, RP_Keepalive_Period)
+ when a Register-Stop is sent.
+
+ If choosing a value below 31 seconds be aware that some hardware platforms
+ cannot see data flowing in better than 30 second chunks.
+
+ See :rfc:`7761#section-4.1` for details.
+
+.. cfgcmd:: set protocols pim no-v6-secondary
+
+ When sending PIM hello packets tell PIM to not send any v6 secondary
+ addresses on the interface. This information is used to allow PIM to use v6
+ nexthops in it's decision for :abbr:`RPF (Reverse Path Forwarding)` lookup
+ if this option is not set (default).
+
+.. cfgcmd:: set protocols pim spt-switchover infinity-and-beyond [prefix-list <list>]
+
+ On the last hop router if it is desired to not switch over to the SPT tree
+ configure this command.
+
+ Optional parameter prefix-list can be use to control which groups to switch or
+ not switch. If a group is PERMIT as per the prefix-list, then the SPT switchover
+ does not happen for it and if it is DENY, then the SPT switchover happens.
+
+.. cfgcmd:: set protocols pim ssm prefix-list <list>
+
+ Specify a range of group addresses via a prefix-list that forces PIM to never
+ do :abbr:`SSM (Source-Specific Multicast)` over.
+
+Interface specific commands
+===========================
+
+.. cfgcmd:: set protocols pim interface <interface> bfd [profile <name>]
+
+ Automatically create BFD session for each RIP peer discovered in this
+ interface. When the BFD session monitor signalize that the link is down
+ the RIP peer is removed and all the learned routes associated with that
+ peer are removed.
+
+ If optional profile parameter is used, select a BFD profile for the BFD
+ sessions created via this interface.
+
+.. cfgcmd:: set protocols pim interface <interface> dr-priority <n>
+
+ Set the :abbr:`DR (Designated Router)` Priority for the interface.
+ This command is useful to allow the user to influence what node becomes
+ the DR for a LAN segment.
+
+.. cfgcmd:: set protocols pim interface <interface> hello <n>
+
+ Set the PIM hello and hold interval for a interface.
+
+.. cfgcmd:: set protocols pim interface <interface> no-bsm
+
+ Tell PIM that we would not like to use this interface to process
+ bootstrap messages.
+
+.. cfgcmd:: set protocols pim interface <interface> no-unicast-bsm
+
+ Tell PIM that we would not like to use this interface to process
+ unicast bootstrap messages.
+
+.. cfgcmd:: set protocols pim interface <interface> passive
+
+ Disable sending and receiving PIM control packets on the interface.
+
+ .. cfgcmd:: set protocols pim interface <interface> source-address <ip-address>
+
+ If you have multiple addresses configured on a particular interface and would
+ like PIM to use a specific source address associated with that interface.
+
+******************************************
+IGMP - Internet Group Management Protocol)
+******************************************
+
+.. cfgcmd:: set protocols pim igmp watermark-warning <n>
+
+ Configure watermark warning generation for an IGMP group limit. Generates
+ warning once the configured group limit is reached while adding new groups.
+
+.. _pim:igmp_interface_commands:
+
+Interface specific commands
+===========================
+
+.. cfgcmd:: set protocols pim interface <interface> igmp
+ join <multicast-address> source-address <IP-address>
+
+ Use this command to allow the selected interface to join a multicast
+ group defining the multicast address you want to join and the source
+ IP address too.
+
+.. cfgcmd:: set protocols pim interface <interface> igmp
+ query-interval <seconds>
+
+ Use this command to configure in the selected interface the IGMP
+ host query interval (1-1800) in seconds that PIM will use.
+
+.. cfgcmd:: set protocols pim interface <interface> igmp
+ query-max-response-time <n>
+
+ Use this command to configure in the selected interface the IGMP
+ query response timeout value (10-250) in deciseconds. If a report is
+ not returned in the specified time, it will be assumed the (S,G) or
+ (\*,G) state :rfc:`7761#section-4.1` has timed out.
+
+.. cfgcmd:: set protocols pim interface <interface> igmp version <version-number>
+
+ Use this command to define in the selected interface whether you
+ choose IGMP version 2 or 3.
+
+ The default value is 3.
+
+Example
+-------
+
+In the following example we can see a basic multicast setup:
+
+.. image:: /_static/images/multicast-basic.png
+ :width: 90%
+ :align: center
+ :alt: Network Topology Diagram
+
+
+
+**Router 1**
+
+.. code-block:: none
+
+ set interfaces ethernet eth2 address '172.16.0.2/24'
+ set interfaces ethernet eth1 address '100.64.0.1/24'
+ set protocols ospf area 0 network '172.16.0.0/24'
+ set protocols ospf area 0 network '100.64.0.0/24'
+ set protocols igmp interface eth1
+ set protocols pim interface eth1
+ set protocols pim interface eth2
+ set protocols pim rp address 172.16.255.1 group '224.0.0.0/4'
+
+**Router 3**
+
+.. code-block:: none
+
+ set interfaces dummy dum0 address '172.16.255.1/24'
+ set interfaces ethernet eth0 address '172.16.0.1/24'
+ set interfaces ethernet eth1 address '172.16.1.1/24'
+ set protocols ospf area 0 network '172.16.0.0/24'
+ set protocols ospf area 0 network '172.16.255.0/24'
+ set protocols ospf area 0 network '172.16.1.0/24'
+ set protocols pim interface dum0
+ set protocols pim interface eth0
+ set protocols pim interface eth1
+ set protocols pim rp address 172.16.255.1 group '224.0.0.0/4'
+
+**Router 2**
+
+.. code-block:: none
+
+ set interfaces ethernet eth1 address '10.0.0.1/24'
+ set interfaces ethernet eth2 address '172.16.1.2/24'
+ set protocols ospf area 0 network '10.0.0.0/24'
+ set protocols ospf area 0 network '172.16.1.0/24'
+ set protocols pim interface eth1
+ set protocols pim interface eth2
+ set protocols pim rp address 172.16.255.1 group '224.0.0.0/4'
diff --git a/docs/configuration/protocols/pim6.rst b/docs/configuration/protocols/pim6.rst
new file mode 100644
index 00000000..2b2276a7
--- /dev/null
+++ b/docs/configuration/protocols/pim6.rst
@@ -0,0 +1,94 @@
+.. _pim6:
+
+##############################################
+PIM6 - Protocol Independent Multicast for IPv6
+##############################################
+
+VyOS facilitates IPv6 Multicast by supporting **PIMv6** and **MLD**.
+
+PIMv6 (Protocol Independent Multicast for IPv6) must be configured in every
+interface of every participating router. Every router must also have the
+location of the Rendevouz Point manually configured.
+Then, unidirectional shared trees rooted at the Rendevouz Point will
+automatically be built for multicast distribution.
+
+Traffic from multicast sources will go to the Rendezvous Point, and receivers
+will pull it from a shared tree using MLD (Multicast Listener Discovery).
+
+Multicast receivers will talk MLD to their local router, so, besides having
+PIMv6 configured in every router, MLD must also be configured in any router
+where there could be a multicast receiver locally connected.
+
+VyOS supports both MLD version 1 and version 2
+(which allows source-specific multicast).
+
+Basic commands
+==============
+These are the commands for a basic setup.
+
+.. cfgcmd:: set protocols pim6 interface <interface-name>
+
+ Use this command to enable PIMv6 in the selected interface so that it
+ can communicate with PIMv6 neighbors. This command also enables MLD reports
+ and query on the interface unless :cfgcmd:`mld disable` is configured.
+
+.. cfgcmd:: set protocols pim6 interface <interface-name> mld disable
+
+ Disable MLD reports and query on the interface.
+
+
+Tuning commands
+===============
+You can also tune multicast with the following commands.
+
+
+.. cfgcmd:: set protocols pim6 interface <interface-name> mld interval <seconds>
+
+ Use this command to configure in the selected interface the MLD
+ host query interval (1-65535) in seconds that PIM will use.
+ The default value is 125 seconds.
+
+.. cfgcmd:: set protocols pim6 interface <interface-name> mld join <multicast-address>
+
+ Use this command to allow the selected interface to join a multicast group.
+
+.. cfgcmd:: set protocols pim6 interface <interface-name> mld join <multicast-address> source <source-address>
+
+ Use this command to allow the selected interface to join a source-specific multicast
+ group.
+
+.. cfgcmd:: set protocols pim6 interface <interface-name> mld last-member-query-count <count>
+
+ Set the MLD last member query count. The default value is 2.
+
+.. cfgcmd:: set protocols pim6 interface <interface-name> mld last-member-query-interval <milliseconds>
+
+ Set the MLD last member query interval in milliseconds (100-6553500). The default value is 1000 milliseconds.
+
+.. cfgcmd:: set protocols pim6 interface <interface-name> mld max-response-time <milliseconds>
+
+ Set the MLD query response timeout in milliseconds (100-6553500). The default value is 10000 milliseconds.
+
+.. cfgcmd:: set protocols pim6 interface <interface-name> mld version <version-number>
+
+ Set the MLD version used on this interface. The default value is 2.
+
+*********************
+Configuration Example
+*********************
+
+To enable MLD reports and query on interfaces `eth0` and `eth1`:
+
+.. code-block:: none
+
+ set protocols pim6 interface eth0
+ set protocols pim6 interface eth1
+
+The following configuration explicitly joins multicast group `ff15::1234` on interface `eth1`
+and source-specific multicast group `ff15::5678` with source address `2001:db8::1` on interface
+`eth1`:
+
+.. code-block:: none
+
+ set protocols pim6 interface eth0 mld join ff15::1234
+ set protocols pim6 interface eth1 mld join ff15::5678 source 2001:db8::1
diff --git a/docs/configuration/protocols/rpki.rst b/docs/configuration/protocols/rpki.rst
index 294a91f8..827bfe1a 100644
--- a/docs/configuration/protocols/rpki.rst
+++ b/docs/configuration/protocols/rpki.rst
@@ -127,8 +127,8 @@ SSH
===
Connections to the RPKI caching server can not only be established by HTTP/TLS
-but you can also rely on a secure SSH session to the server. To enable SSH you
-first need to create yoursels an SSH client keypair using ``generate ssh
+but you can also rely on a secure SSH session to the server. To enable SSH,
+first you need to create an SSH client keypair using ``generate ssh
client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup
the connection.
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-27 16:37:26 +0000