From 7f209a2a456ea27a3d7b13b05e78401c48670131 Mon Sep 17 00:00:00 2001 From: kroy Date: Thu, 27 Aug 2020 23:42:57 -0500 Subject: bgp: fix missing ` termination --- docs/routing/bgp.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs/routing') diff --git a/docs/routing/bgp.rst b/docs/routing/bgp.rst index 2c5e7089..c576d836 100644 --- a/docs/routing/bgp.rst +++ b/docs/routing/bgp.rst @@ -4,7 +4,7 @@ BGP ### -:abbr:`BGP (Border Gateway Protocol) is one of the Exterior Gateway Protocols +:abbr:`BGP (Border Gateway Protocol)` is one of the Exterior Gateway Protocols and the de facto standard interdomain routing protocol. The latest BGP version is 4. BGP-4 is described in :rfc:`1771` and updated by :rfc:`4271`. :rfc:`2858` adds multiprotocol support to BGP. -- cgit v1.2.3 From 96f91545fa05efedd7bfdc7a4dfceffb69362ff7 Mon Sep 17 00:00:00 2001 From: currite Date: Thu, 17 Sep 2020 13:32:10 +0200 Subject: mss-clamping: remove unnecessary disable commnad, add directives and explanations --- docs/routing/mss-clamp.rst | 47 +++++++++++++++++++++++++++++++++------------- 1 file changed, 34 insertions(+), 13 deletions(-) (limited to 'docs/routing') diff --git a/docs/routing/mss-clamp.rst b/docs/routing/mss-clamp.rst index 923b1338..a4edf1c6 100644 --- a/docs/routing/mss-clamp.rst +++ b/docs/routing/mss-clamp.rst @@ -1,24 +1,36 @@ -.. include:: ../_include/need_improvement.txt - .. _routing-mss-clamp: TCP-MSS Clamping ---------------- -As Internet wide PMTU discovery rarely works we sometimes need to clamp our TCP -MSS value to a specific value. Starting with VyOS 1.2 there is a firewall option -to clamp your TCP MSS value for IPv4 and IPv6. +As Internet wide PMTU discovery rarely works, we sometimes need to clamp +our TCP MSS value to a specific value. This is a field in the TCP +Options part of a SYN packet. By setting the MSS value, you are telling +the remote side unequivocally 'do not try to send me packets bigger than +this value'. -Clamping can be disabled per interface using the `disable` keyword: +Starting with VyOS 1.2 there is a firewall option to clamp your TCP MSS +value for IPv4 and IPv6. -.. code-block:: none - set firewall options interface pppoe0 disable +.. note:: MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting + in 1452 bytes on a 1492 byte MTU. + IPv4 ^^^^ -Clamp outgoing MSS value in a TCP SYN packet to `1452` for `pppoe0` and `1372` +.. cfgcmd:: set firewall options interface adjust-mss + + Use this command to set the maximum segment size for IPv4 transit + packets on a specific interface (500-1460 bytes). + + +Example +""""""" + +Clamp outgoing MSS value in a TCP SYN packet to `1452` for `pppoe0` and +`1372` for your WireGuard `wg02` tunnel. .. code-block:: none @@ -29,15 +41,24 @@ for your WireGuard `wg02` tunnel. IPv6 ^^^^^ +.. cfgcmd:: set firewall options interface adjust-mss6 + + Use this command to set the maximum segment size for IPv6 transit + packets on a specific interface (1280-1492 bytes). + + +Example +""""""" + Clamp outgoing MSS value in a TCP SYN packet to `1280` for both `pppoe0` and `wg02` interface. -To achieve the same for IPv6 please use: - .. code-block:: none set firewall options interface pppoe0 adjust-mss6 '1280' set firewall options interface wg02 adjust-mss6 '1280' -.. note:: MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting in 1452 - bytes on a 1492 byte MTU. + + +.. hint:: When doing your byte calculations, you might find useful this + `Visual packet size calculator `_. -- cgit v1.2.3 From ad28f19e2c0765b76b024c40cca7ba29f5edc065 Mon Sep 17 00:00:00 2001 From: Cheeze-It Date: Mon, 19 Oct 2020 04:40:58 -0600 Subject: MPLS: extend documentation with new functionality --- docs/routing/mpls.rst | 160 ++++++++++++++++++++++++++++++++++---------------- 1 file changed, 109 insertions(+), 51 deletions(-) (limited to 'docs/routing') diff --git a/docs/routing/mpls.rst b/docs/routing/mpls.rst index c6d9d0fe..9f0d1a18 100644 --- a/docs/routing/mpls.rst +++ b/docs/routing/mpls.rst @@ -4,104 +4,162 @@ MPLS **** +**Multi-Protocol Label Switching** (initialized as MPLS) is a packet forwarding paradigm +which differs from regular IP forwarding. Instead of IP addresses being used to make the +decision on finding the exit interface, a router will instead use an exact match on a +32 bit/4 byte header called the MPLS label. This label is inserted between the ethernet +(layer 2) header and the IP (layer 3) header. One can statically or dynamically assign +label allocations, but we will focus on dynamic allocation of labels using some sort of +label distribution protocol (such as the aptly named Label Distribution Protocol / LDP, +Resource Reservation Protocol / RSVP, or Segment Routing through OSPF/ISIS). These +protocols allow for the creation of a unidirectional/unicast path called a labeled switched path +(initialized as LSP) throughout the network that operates very much like a tunnel through +the network. An easy way of thinking about how an MPLS LSP actually forwards traffic +throughout a network is to think of a GRE tunnel. They are not the same in how they +operate, but they are the same in how they handle the tunneled packet. It would be +good to think of MPLS as a tunneling technology that can be used to transport many +different types of packets, to aid in traffic engineering by allowing one to specify +paths throughout the network (using RSVP or SR), and to generally allow for easier +intra/inter network transport of data packets. For more information on how MPLS +label switching works, please go `here `__. + + +.. note:: MPLS support in VyOS is not finished yet, and therefore its functionality is limited. Currently there is no support for MPLS enabled VPN services such as L3VPNs, L2VPNs, and mVPNs. RSVP support is also not present as the underlying routing stack (FRR) does not implement it. Currently VyOS can be configured as a label switched router (MPLS P router), in both penultimate and ultimate hop popping operations. + + Label Distribution Protocol =========================== +The **Multi-Protocol Label Switching** (MPLS) architecture does not +assume a single protocol to create MPLS paths. VyOS supports the Label +Distribution Protocol (LDP) as implemented by FRR, based on `RFC 5036 `__. + +LDP is a TCP based MPLS signaling protocol that distributes +labels creating MPLS label switched paths in a dynamic manner. +LDP is not a routing protocol, as it relies on other routing +protocols for forwarding decisions. LDP cannot bootstrap itself, +and therefore relies on said routing protocols for communication +with other routers that use LDP. -.. note:: VyOS' MPLS support is not finished yet, its funcitionality is - limited. Currently it can only be configured as a P router, that is, - an LSR in the core of an MPLS network. +In order to allow for LDP on the local router to exchange label advertisements +with other routers, a TCP session will be established between automatically +discovered and statically assigned routers. LDP will try to establish a TCP +session to the **transport address** of other routers. Therefore for LDP to +function properly please make sure the transport address is shown in the +routing table and reachable to traffic at all times. +It is highly recommended to use the same address for both the LDP router-id and the +discovery transport address, but for VyOS MPLS LDP to work both parameters must +be explicitly set in the configuration. -The **Multi-Protocol Label Switching** (MPLS) architecture does not -assume a single protocol to create MPLS paths. VyOS supports the Label -Distribution Protocol (LDP) as implemented by FRR, based on `RFC 5036 `__. -LDT it is an MPLS signaling protocol that distributes labels creating -MPLS paths in a dynamic manner. LDT is not exactly a routing protocol, -as it relies on other routing protocols for forwarding decisions. +Configuration Options +--------------------- -.. cfgcmd:: set protocols mpls ldp interface +Use this command to enable LDP, and enable MPLS processing on the interface you define. + + .. cfgcmd:: set protocols mpls ldp interface - Use this command to enable LDP in the interface you define. +Use this command to configure the IP address used as the LDP +router-id of the local device. + .. cfgcmd:: set protocols mpls ldp router-id
-.. cfgcmd:: set protocols mpls ldp router-id
+Use this command to set the IPv4 or IPv6 transport-address used by +LDP. - Use this command to configure the IP address used as the LDP - router-id of the local device + .. cfgcmd:: set protocols mpls ldp discovery transport-ipv4-address + .. cfgcmd:: set protocols mpls ldp discovery transport-ipv6-address +Use this command to configure authentication for LDP peers. Set the +IP address of the LDP peer and a password that should be shared in +order to become neighbors. -In order to allow the exchange of label advertisements required for LDP, -a TCP session should be established between routers. Routers will need -to learn each other's **transport address** in order to establish the -TCP session. + .. cfgcmd:: set protocols mpls ldp neighbor password -You may want to use the same address for both the LDP router-id and the -discovery transport address, but for VyOS MPLS LDP to work both -parameters must be explicitely set in the configuration. +Use this command if you would like to set the discovery +hello and hold time parameters. + .. cfgcmd:: set protocols mpls ldp discovery hello-interval + .. cfgcmd:: set protocols mpls ldp discovery hello-holdtime -.. cfgcmd:: set protocols mpls ldp discovery transport-ipv4-address | transport-ipv6-address
+Use this command if you would like to set the TCP session hold time +intervals. + + .. cfgcmd:: set protocols mpls ldp discovery session-ipv4-holdtime + .. cfgcmd:: set protocols mpls ldp discovery session-ipv6-holdtime - Use this command to set the IPv4 or IPv6 transport-address used by - LDP. +Use this command if you would like for the router to advertise FECs with +a label of 0 for explicit null operations. + + .. cfgcmd:: set protocols mpls ldp export ipv4 explicit-null + .. cfgcmd:: set protocols mpls ldp export ipv6 explicit-null -.. cfgcmd:: set protocols mpls ldp neighbor
password - Use this command to configure authentication for LDP peers. Set the - IP address of the LDP peer and a password that should be shared in - order to become neighbors. +Sample configuration to setup LDP on VyOS +--------------------------------------------- -Example -------- + .. code-block:: none -.. code-block:: none + set protocols ospf area 0 network '192.168.255.252/32' <--- Routing for loopback + set protocols ospf area 0 network '192.168.0.5/32' <--- Routing for an interface connecting to the network + set protocols ospf parameters router-id '192.168.255.252' <--- Router ID setting for OSPF + set protocols mpls ldp discovery transport-ipv4-address '192.168.255.252' <--- Transport address for LDP for TCP sessions to connect to + set protocols mpls ldp interface 'eth1' <--- Enable MPLS and LDP for an interface connecting to network + set protocols mpls ldp interface 'lo' <--- Enable MPLS and LDP on loopback for future services connectivity + set protocols mpls ldp router-id '192.168.255.252' <--- Router ID setting for LDP + set interfaces ethernet eth1 address '192.168.0.5/31' <--- Interface IP for connecting to network + set interfaces loopback lo address '192.168.255.252/32' <--- Interface loopback IP for router ID and other uses - set interfaces dummy dum0 address '2.2.2.2/32' - set interfaces ethernet eth1 address '10.0.0.2/24' - set interfaces ethernet eth2 address '10.0.255.1/24' - set protocols mpls ldp discovery transport-ipv4-address '2.2.2.2' - set protocols mpls ldp interface 'eth1' - set protocols mpls ldp interface 'eth2' - set protocols mpls ldp router-id '2.2.2.2' - set protocols ospf area 0 network '0.0.0.0/0' - set protocols ospf parameters router-id '2.2.2.2' -show commands +Show Commands ------------- When LDP is working, you will be able to see label information in the outcome of ``show ip route``. Besides that information, there are also specific *show* commands for LDP: +Use this command to see the Label Information Base. + + .. opcmd:: show mpls ldp binding + + + + +Use this command to see discovery hello information + + .. opcmd:: show mpls ldp discovery + + + -.. opcmd:: show mpls ldp binding +Use this command to see LDP interface information - Use this command to see the Label Information Base. + .. opcmd:: show mpls ldp interface -.. opcmd:: show mpls ldp discovery - Use this command to see Discovery Hello information +Use this command to see LDP neighbor information -.. opcmd:: show mpls ldp interface + .. opcmd:: show mpls ldp neighbor - Use this command to see LDP interface information -.. opcmd:: show mpls ldp neighbor - Uset this command to see LDP neighbor information +Use this command to see detailed LDP neighbor information + .. opcmd:: show mpls ldp neighbor detail -.. opcmd:: show mpls ldp neighbor detail - Uset this command to see detailed LDP neighbor information +Reset Commands +-------------- +Use this command to reset an LDP neighbor/TCP session that is established + + .. opcmd:: reset mpls ldp neighbor -- cgit v1.2.3 From 46d1c9810560c6d3ce6f0646522df841923e811b Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Mon, 19 Oct 2020 12:54:36 +0200 Subject: MPLS: fix op-mode definitions and line breaks --- docs/routing/mpls.rst | 214 ++++++++++++++++++++++++-------------------------- 1 file changed, 103 insertions(+), 111 deletions(-) (limited to 'docs/routing') diff --git a/docs/routing/mpls.rst b/docs/routing/mpls.rst index 9f0d1a18..0ae6094c 100644 --- a/docs/routing/mpls.rst +++ b/docs/routing/mpls.rst @@ -1,46 +1,51 @@ .. _mpls: -**** -MPLS -**** - -**Multi-Protocol Label Switching** (initialized as MPLS) is a packet forwarding paradigm -which differs from regular IP forwarding. Instead of IP addresses being used to make the -decision on finding the exit interface, a router will instead use an exact match on a -32 bit/4 byte header called the MPLS label. This label is inserted between the ethernet -(layer 2) header and the IP (layer 3) header. One can statically or dynamically assign -label allocations, but we will focus on dynamic allocation of labels using some sort of -label distribution protocol (such as the aptly named Label Distribution Protocol / LDP, -Resource Reservation Protocol / RSVP, or Segment Routing through OSPF/ISIS). These -protocols allow for the creation of a unidirectional/unicast path called a labeled switched path -(initialized as LSP) throughout the network that operates very much like a tunnel through -the network. An easy way of thinking about how an MPLS LSP actually forwards traffic -throughout a network is to think of a GRE tunnel. They are not the same in how they -operate, but they are the same in how they handle the tunneled packet. It would be -good to think of MPLS as a tunneling technology that can be used to transport many -different types of packets, to aid in traffic engineering by allowing one to specify -paths throughout the network (using RSVP or SR), and to generally allow for easier -intra/inter network transport of data packets. For more information on how MPLS -label switching works, please go `here `__. - - -.. note:: MPLS support in VyOS is not finished yet, and therefore its functionality is limited. Currently there is no support for MPLS enabled VPN services such as L3VPNs, L2VPNs, and mVPNs. RSVP support is also not present as the underlying routing stack (FRR) does not implement it. Currently VyOS can be configured as a label switched router (MPLS P router), in both penultimate and ultimate hop popping operations. - - +#### +MPLS +#### + +:abbr:`MPLS (Multi-Protocol Label Switching)` is a packet forwarding paradigm +which differs from regular IP forwarding. Instead of IP addresses being used to +make the decision on finding the exit interface, a router will instead use an +exact match on a 32 bit/4 byte header called the MPLS label. This label is +inserted between the ethernet (layer 2) header and the IP (layer 3) header. +One can statically or dynamically assign label allocations, but we will focus +on dynamic allocation of labels using some sort of label distribution protocol +(such as the aptly named Label Distribution Protocol / LDP, Resource Reservation +Protocol / RSVP, or Segment Routing through OSPF/ISIS). These protocols allow +for the creation of a unidirectional/unicast path called a labeled switched +path (initialized as LSP) throughout the network that operates very much like +a tunnel through the network. An easy way of thinking about how an MPLS LSP +actually forwards traffic throughout a network is to think of a GRE tunnel. +They are not the same in how they operate, but they are the same in how they +handle the tunneled packet. It would be good to think of MPLS as a tunneling +technology that can be used to transport many different types of packets, to +aid in traffic engineering by allowing one to specify paths throughout the +network (using RSVP or SR), and to generally allow for easier intra/inter +network transport of data packets. + +For more information on how MPLS label switching works, please go visit +`Wikipedia (MPLS)`_. + +.. note:: MPLS support in VyOS is not finished yet, and therefore its + functionality is limited. Currently there is no support for MPLS enabled VPN + services such as L3VPNs, L2VPNs, and mVPNs. RSVP support is also not present + as the underlying routing stack (FRR) does not implement it. Currently VyOS + can be configured as a label switched router (MPLS P router), in both + penultimate and ultimate hop popping operations. Label Distribution Protocol =========================== -The **Multi-Protocol Label Switching** (MPLS) architecture does not -assume a single protocol to create MPLS paths. VyOS supports the Label -Distribution Protocol (LDP) as implemented by FRR, based on `RFC 5036 `__. +The :abbr: `MPLS (Multi-Protocol Label Switching)` architecture does not assume +a single protocol to create MPLS paths. VyOS supports the Label Distribution +Protocol (LDP) as implemented by FRR, based on :rfc:`5036`. -LDP is a TCP based MPLS signaling protocol that distributes -labels creating MPLS label switched paths in a dynamic manner. -LDP is not a routing protocol, as it relies on other routing -protocols for forwarding decisions. LDP cannot bootstrap itself, -and therefore relies on said routing protocols for communication -with other routers that use LDP. +:abbr:`LDP (Label Distribution Protocol)` is a TCP based MPLS signaling protocol +that distributes labels creating MPLS label switched paths in a dynamic manner. +LDP is not a routing protocol, as it relies on other routing protocols for +forwarding decisions. LDP cannot bootstrap itself, and therefore relies on said +routing protocols for communication with other routers that use LDP. In order to allow for LDP on the local router to exchange label advertisements with other routers, a TCP session will be established between automatically @@ -49,117 +54,104 @@ session to the **transport address** of other routers. Therefore for LDP to function properly please make sure the transport address is shown in the routing table and reachable to traffic at all times. -It is highly recommended to use the same address for both the LDP router-id and the -discovery transport address, but for VyOS MPLS LDP to work both parameters must -be explicitly set in the configuration. - +It is highly recommended to use the same address for both the LDP router-id and +the discovery transport address, but for VyOS MPLS LDP to work both parameters +must be explicitly set in the configuration. Configuration Options ---------------------- - - -Use this command to enable LDP, and enable MPLS processing on the interface you define. - - .. cfgcmd:: set protocols mpls ldp interface - -Use this command to configure the IP address used as the LDP -router-id of the local device. - - .. cfgcmd:: set protocols mpls ldp router-id
+===================== -Use this command to set the IPv4 or IPv6 transport-address used by -LDP. +Use this command to enable LDP, and enable MPLS processing on the interface you +define. - .. cfgcmd:: set protocols mpls ldp discovery transport-ipv4-address - .. cfgcmd:: set protocols mpls ldp discovery transport-ipv6-address +.. cfgcmd:: set protocols mpls ldp interface -Use this command to configure authentication for LDP peers. Set the -IP address of the LDP peer and a password that should be shared in -order to become neighbors. + Use this command to configure the IP address used as the LDP router-id of the + local device. - .. cfgcmd:: set protocols mpls ldp neighbor password +.. cfgcmd:: set protocols mpls ldp router-id
-Use this command if you would like to set the discovery -hello and hold time parameters. + Use this command to set the IPv4 or IPv6 transport-address used by LDP. - .. cfgcmd:: set protocols mpls ldp discovery hello-interval - .. cfgcmd:: set protocols mpls ldp discovery hello-holdtime +.. cfgcmd:: set protocols mpls ldp discovery transport-ipv4-address +.. cfgcmd:: set protocols mpls ldp discovery transport-ipv6-address -Use this command if you would like to set the TCP session hold time -intervals. - - .. cfgcmd:: set protocols mpls ldp discovery session-ipv4-holdtime - .. cfgcmd:: set protocols mpls ldp discovery session-ipv6-holdtime + Use this command to configure authentication for LDP peers. Set the + IP address of the LDP peer and a password that should be shared in + order to become neighbors. -Use this command if you would like for the router to advertise FECs with -a label of 0 for explicit null operations. - - .. cfgcmd:: set protocols mpls ldp export ipv4 explicit-null - .. cfgcmd:: set protocols mpls ldp export ipv6 explicit-null +.. cfgcmd:: set protocols mpls ldp neighbor password + Use this command if you would like to set the discovery hello and hold time + parameters. +.. cfgcmd:: set protocols mpls ldp discovery hello-interval +.. cfgcmd:: set protocols mpls ldp discovery hello-holdtime -Sample configuration to setup LDP on VyOS ---------------------------------------------- - - .. code-block:: none - - set protocols ospf area 0 network '192.168.255.252/32' <--- Routing for loopback - set protocols ospf area 0 network '192.168.0.5/32' <--- Routing for an interface connecting to the network - set protocols ospf parameters router-id '192.168.255.252' <--- Router ID setting for OSPF - set protocols mpls ldp discovery transport-ipv4-address '192.168.255.252' <--- Transport address for LDP for TCP sessions to connect to - set protocols mpls ldp interface 'eth1' <--- Enable MPLS and LDP for an interface connecting to network - set protocols mpls ldp interface 'lo' <--- Enable MPLS and LDP on loopback for future services connectivity - set protocols mpls ldp router-id '192.168.255.252' <--- Router ID setting for LDP - set interfaces ethernet eth1 address '192.168.0.5/31' <--- Interface IP for connecting to network - set interfaces loopback lo address '192.168.255.252/32' <--- Interface loopback IP for router ID and other uses - +Use this command if you would like to set the TCP session hold time intervals. +.. cfgcmd:: set protocols mpls ldp discovery session-ipv4-holdtime +.. cfgcmd:: set protocols mpls ldp discovery session-ipv6-holdtime -Show Commands -------------- - -When LDP is working, you will be able to see label information in the -outcome of ``show ip route``. Besides that information, there are also -specific *show* commands for LDP: - -Use this command to see the Label Information Base. - - .. opcmd:: show mpls ldp binding +Use this command if you would like for the router to advertise FECs with a label +of 0 for explicit null operations. +.. cfgcmd:: set protocols mpls ldp export ipv4 explicit-null +.. cfgcmd:: set protocols mpls ldp export ipv6 explicit-null +Sample configuration to setup LDP on VyOS +----------------------------------------- -Use this command to see discovery hello information +.. code-block:: none - .. opcmd:: show mpls ldp discovery + set protocols ospf area 0 network '192.168.255.252/32' <--- Routing for loopback + set protocols ospf area 0 network '192.168.0.5/32' <--- Routing for an interface connecting to the network + set protocols ospf parameters router-id '192.168.255.252' <--- Router ID setting for OSPF + set protocols mpls ldp discovery transport-ipv4-address '192.168.255.252' <--- Transport address for LDP for TCP sessions to connect to + set protocols mpls ldp interface 'eth1' <--- Enable MPLS and LDP for an interface connecting to network + set protocols mpls ldp interface 'lo' <--- Enable MPLS and LDP on loopback for future services connectivity + set protocols mpls ldp router-id '192.168.255.252' <--- Router ID setting for LDP + set interfaces ethernet eth1 address '192.168.0.5/31' <--- Interface IP for connecting to network + set interfaces loopback lo address '192.168.255.252/32' <--- Interface loopback IP for router ID and other uses +Operational Mode Commands +========================= +When LDP is working, you will be able to see label information in the outcome +of ``show ip route``. Besides that information, there are also specific *show* +commands for LDP: -Use this command to see LDP interface information +Show +---- - .. opcmd:: show mpls ldp interface +.. opcmd:: show mpls ldp binding + Use this command to see the Label Information Base. +.. opcmd:: show mpls ldp discovery + Use this command to see discovery hello information -Use this command to see LDP neighbor information +.. opcmd:: show mpls ldp interface - .. opcmd:: show mpls ldp neighbor + Use this command to see LDP interface information +.. opcmd:: show mpls ldp neighbor + Use this command to see LDP neighbor information +.. opcmd:: show mpls ldp neighbor detail -Use this command to see detailed LDP neighbor information + Use this command to see detailed LDP neighbor information - .. opcmd:: show mpls ldp neighbor detail +Reset +----- +.. opcmd:: reset mpls ldp neighbor + Use this command to reset an LDP neighbor/TCP session that is established -Reset Commands --------------- -Use this command to reset an LDP neighbor/TCP session that is established - - .. opcmd:: reset mpls ldp neighbor +.. _`Wikipedia (MPLS)`: https://en.wikipedia.org/wiki/Multiprotocol_Label_Switching -- cgit v1.2.3 From c44aa8aeac5b3b279d2aca60e3d2bbe74565c2fe Mon Sep 17 00:00:00 2001 From: Cheeze_It Date: Mon, 19 Oct 2020 19:42:40 -0600 Subject: MPLS: fix conf-mode definitions and line breaks Moved the configuration mode commands and descriptions to fit VyOS template. --- docs/routing/mpls.rst | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) (limited to 'docs/routing') diff --git a/docs/routing/mpls.rst b/docs/routing/mpls.rst index 0ae6094c..86221104 100644 --- a/docs/routing/mpls.rst +++ b/docs/routing/mpls.rst @@ -37,7 +37,7 @@ For more information on how MPLS label switching works, please go visit Label Distribution Protocol =========================== -The :abbr: `MPLS (Multi-Protocol Label Switching)` architecture does not assume +The :abbr:`MPLS (Multi-Protocol Label Switching)` architecture does not assume a single protocol to create MPLS paths. VyOS supports the Label Distribution Protocol (LDP) as implemented by FRR, based on :rfc:`5036`. @@ -61,44 +61,44 @@ must be explicitly set in the configuration. Configuration Options ===================== -Use this command to enable LDP, and enable MPLS processing on the interface you -define. - .. cfgcmd:: set protocols mpls ldp interface - Use this command to configure the IP address used as the LDP router-id of the - local device. + Use this command to enable LDP, and enable MPLS processing on the interface you + define. .. cfgcmd:: set protocols mpls ldp router-id
- Use this command to set the IPv4 or IPv6 transport-address used by LDP. + Use this command to configure the IP address used as the LDP router-id of the + local device. .. cfgcmd:: set protocols mpls ldp discovery transport-ipv4-address .. cfgcmd:: set protocols mpls ldp discovery transport-ipv6-address - Use this command to configure authentication for LDP peers. Set the - IP address of the LDP peer and a password that should be shared in - order to become neighbors. + Use this command to set the IPv4 or IPv6 transport-address used by LDP. .. cfgcmd:: set protocols mpls ldp neighbor password - Use this command if you would like to set the discovery hello and hold time - parameters. + Use this command to configure authentication for LDP peers. Set the + IP address of the LDP peer and a password that should be shared in + order to become neighbors. .. cfgcmd:: set protocols mpls ldp discovery hello-interval .. cfgcmd:: set protocols mpls ldp discovery hello-holdtime -Use this command if you would like to set the TCP session hold time intervals. + Use this command if you would like to set the discovery hello and hold time + parameters. .. cfgcmd:: set protocols mpls ldp discovery session-ipv4-holdtime .. cfgcmd:: set protocols mpls ldp discovery session-ipv6-holdtime -Use this command if you would like for the router to advertise FECs with a label -of 0 for explicit null operations. + Use this command if you would like to set the TCP session hold time intervals. .. cfgcmd:: set protocols mpls ldp export ipv4 explicit-null .. cfgcmd:: set protocols mpls ldp export ipv6 explicit-null + Use this command if you would like for the router to advertise FECs with a label + of 0 for explicit null operations. + Sample configuration to setup LDP on VyOS ----------------------------------------- -- cgit v1.2.3 From 5b2cde1eaa46968a32e1c84bc9dd4b239b0020b6 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Wed, 28 Oct 2020 20:06:06 +0100 Subject: routing: adjust chapter headers --- docs/routing/index.rst | 2 +- docs/routing/mss-clamp.rst | 13 ++++----- docs/routing/multicast.rst | 15 +++++----- docs/routing/ospf.rst | 7 +++-- docs/routing/pbr.rst | 7 +++-- docs/routing/policy.rst | 65 +++++++++++++++++++++++++++++++++++++++++ docs/routing/rip.rst | 3 +- docs/routing/routing-policy.rst | 60 ------------------------------------- 8 files changed, 89 insertions(+), 83 deletions(-) create mode 100644 docs/routing/policy.rst delete mode 100644 docs/routing/routing-policy.rst (limited to 'docs/routing') diff --git a/docs/routing/index.rst b/docs/routing/index.rst index a34bbfac..7988b230 100644 --- a/docs/routing/index.rst +++ b/docs/routing/index.rst @@ -16,6 +16,6 @@ Routing ospf pbr rip - routing-policy + policy rpki static diff --git a/docs/routing/mss-clamp.rst b/docs/routing/mss-clamp.rst index a4edf1c6..3fdd1153 100644 --- a/docs/routing/mss-clamp.rst +++ b/docs/routing/mss-clamp.rst @@ -1,7 +1,8 @@ .. _routing-mss-clamp: +################ TCP-MSS Clamping ----------------- +################ As Internet wide PMTU discovery rarely works, we sometimes need to clamp our TCP MSS value to a specific value. This is a field in the TCP @@ -18,16 +19,15 @@ value for IPv4 and IPv6. IPv4 -^^^^ +==== .. cfgcmd:: set firewall options interface adjust-mss Use this command to set the maximum segment size for IPv4 transit packets on a specific interface (500-1460 bytes). - Example -""""""" +------- Clamp outgoing MSS value in a TCP SYN packet to `1452` for `pppoe0` and `1372` @@ -39,16 +39,15 @@ for your WireGuard `wg02` tunnel. set firewall options interface wg02 adjust-mss '1372' IPv6 -^^^^^ +==== .. cfgcmd:: set firewall options interface adjust-mss6 Use this command to set the maximum segment size for IPv6 transit packets on a specific interface (1280-1492 bytes). - Example -""""""" +------- Clamp outgoing MSS value in a TCP SYN packet to `1280` for both `pppoe0` and `wg02` interface. diff --git a/docs/routing/multicast.rst b/docs/routing/multicast.rst index d20d8e31..9104b0c9 100644 --- a/docs/routing/multicast.rst +++ b/docs/routing/multicast.rst @@ -7,7 +7,6 @@ Multicast VyOS facilitates IP Multicast by supporting **PIM Sparse Mode**, **IGMP** and **IGMP-Proxy**. - ************ PIM and IGMP ************ @@ -16,7 +15,7 @@ PIM (Protocol Independent Multicast) must be configured in every interface of every participating router. Every router must also have the location of the Rendevouz Point manually configured. Then, unidirectional shared trees rooted at the Rendevouz Point will -automatically be built for multicast distribution. +automatically be built for multicast distribution. Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using IGMP (Internet Group @@ -24,7 +23,7 @@ Management Protocol). Multicast receivers will talk IGMP to their local router, so, besides having PIM configured in every router, IGMP must also be configured in -any router where there could be a multicast receiver locally connected. +any router where there could be a multicast receiver locally connected. VyOS supports both IGMP version 2 and version 3 (which allows source-specific multicast). @@ -54,7 +53,7 @@ In the following example we can see a basic multicast setup: set protocols pim interface eth1 set protocols pim interface eth2 set protocols pim rp address 172.16.255.1 group '224.0.0.0/4' - + **Router 3** .. code-block:: none @@ -69,7 +68,7 @@ In the following example we can see a basic multicast setup: set protocols pim interface eth0 set protocols pim interface eth1 set protocols pim rp address 172.16.255.1 group '224.0.0.0/4' - + **Router 2** .. code-block:: none @@ -81,7 +80,7 @@ In the following example we can see a basic multicast setup: set protocols pim interface eth1 set protocols pim interface eth2 set protocols pim rp address 172.16.255.1 group '224.0.0.0/4' - + @@ -103,7 +102,7 @@ These are the commands for a basic setup. that join messages can be sent there. Set the Rendevouz Point address and the matching prefix of group ranges covered. These values must be shared with every router participating in the PIM network. - + .. cfgcmd:: set protocols igmp interface eth1 @@ -163,7 +162,7 @@ You can also tune multicast with the following commands. timed out. -.. cfgcmd:: set protocols igmp interface version +.. cfgcmd:: set protocols igmp interface version Use this command to define in the selected interface whether you choose IGMP version 2 or 3. The default value is 3. diff --git a/docs/routing/ospf.rst b/docs/routing/ospf.rst index fbe8984f..fe05178b 100644 --- a/docs/routing/ospf.rst +++ b/docs/routing/ospf.rst @@ -2,8 +2,9 @@ .. _routing-ospf: +#### OSPF ----- +#### :abbr:`OSPF (Open Shortest Path First)` is a routing protocol for Internet Protocol (IP) networks. It uses a link state routing (LSR) algorithm and falls @@ -16,7 +17,7 @@ addressing model. OSPF is a widely used IGP in large enterprise networks. OSPFv2 (IPv4) -^^^^^^^^^^^^^ +############# In order to have a VyOS system exchanging routes with OSPF neighbors, you will at least need to configure an OSPF area and some network. @@ -68,7 +69,7 @@ address and the node 1 sending the default route: set policy route-map CONNECT rule 10 match interface lo OSPFv3 (IPv6) -^^^^^^^^^^^^^ +############# A typical configuration using 2 nodes. diff --git a/docs/routing/pbr.rst b/docs/routing/pbr.rst index 797f79e3..2a1a56bc 100644 --- a/docs/routing/pbr.rst +++ b/docs/routing/pbr.rst @@ -2,8 +2,9 @@ .. _routing-pbr: +### PBR ---- +### :abbr:`PBR (Policy-Based Routing)` allowing traffic to be assigned to different routing tables. Traffic can be matched using standard 5-tuple @@ -11,7 +12,7 @@ matching (source address, destination address, protocol, source port, destination port). Transparent Proxy -^^^^^^^^^^^^^^^^^ +================= The following example will show how VyOS can be used to redirect web traffic to an external transparent proxy: @@ -45,7 +46,7 @@ interface, we use: Multiple Uplinks -^^^^^^^^^^^^^^^^ +================ VyOS Policy-Based Routing (PBR) works by matching source IP address ranges and forwarding the traffic using different routing tables. diff --git a/docs/routing/policy.rst b/docs/routing/policy.rst new file mode 100644 index 00000000..4eeb40d6 --- /dev/null +++ b/docs/routing/policy.rst @@ -0,0 +1,65 @@ +.. include:: ../_include/need_improvement.txt + +###### +Policy +###### + +Routing Policies could be used to tell the router (self or neighbors) what +routes and their attributes needs to be put into the routing table. + +There could be a wide range of routing policies. Some examples are below: + +* Set some metric to routes learned from a particular neighbor +* Set some attributes (like AS PATH or Community value) to advertised routes to neighbors +* Prefer a specific routing protocol routes over another routing protocol running on the same router + +Example +======= + +**Policy definition:** + +.. code-block:: none + + # Create policy + set policy route-map setmet rule 2 action 'permit' + set policy route-map setmet rule 2 set as-path-prepend '2 2 2' + + # Apply policy to BGP + set protocols bgp 1 neighbor 203.0.113.2 address-family ipv4-unicast route-map import 'setmet' + set protocols bgp 1 neighbor 203.0.113.2 address-family ipv4-unicast soft-reconfiguration 'inbound' + +Using 'soft-reconfiguration' we get the policy update without bouncing the +neighbor. + +**Routes learned before routing policy applied:** + +.. code-block:: none + + vyos@vos1:~$ show ip bgp + BGP table version is 0, local router ID is 192.168.56.101 + Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, + r RIB-failure, S Stale, R Removed + Origin codes: i - IGP, e - EGP, ? - incomplete + + Network Next Hop Metric LocPrf Weight Path + *> 198.51.100.3/32 203.0.113.2 1 0 2 i < Path + + Total number of prefixes 1 + +**Routes learned after routing policy applied:** + +.. code-block:: none + + vyos@vos1:~$ sho ip b + BGP table version is 0, local router ID is 192.168.56.101 + Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, + r RIB-failure, S Stale, R Removed + Origin codes: i - IGP, e - EGP, ? - incomplete + + Network Next Hop Metric LocPrf Weight Path + *> 198.51.100.3/32 203.0.113.2 1 0 2 2 2 2 i + + Total number of prefixes 1 + vyos@vos1:~$ + +You now see the longer AS path. diff --git a/docs/routing/rip.rst b/docs/routing/rip.rst index 9cf4f289..68868e37 100644 --- a/docs/routing/rip.rst +++ b/docs/routing/rip.rst @@ -2,8 +2,9 @@ .. _rip: +### RIP ---- +### :abbr:`RIP (Routing Information Protocol)` is a widely deployed interior gateway protocol. RIP was developed in the 1970s at Xerox Labs as part of the XNS diff --git a/docs/routing/routing-policy.rst b/docs/routing/routing-policy.rst deleted file mode 100644 index 461e42d8..00000000 --- a/docs/routing/routing-policy.rst +++ /dev/null @@ -1,60 +0,0 @@ -.. include:: ../_include/need_improvement.txt - -Routing-policy --------------- - -Routing Policies could be used to tell the router (self or neighbors) what routes and their attributes needs to be put into the routing table. - -There could be a wide range of routing policies. Some examples are below: - - * Set some metric to routes learned from a particular neighbor - * Set some attributes (like AS PATH or Community value) to advertised routes to neighbors - * Prefer a specific routing protocol routes over another routing protocol running on the same router - -Routing Policy Example -~~~~~~~~~~~~~~~~~~~~~~ - -**Policy definition:** - -.. code-block:: none - - #Create policy - set policy route-map setmet rule 2 action 'permit' - set policy route-map setmet rule 2 set as-path-prepend '2 2 2' - - #Apply policy to BGP - set protocols bgp 1 neighbor 203.0.113.2 address-family ipv4-unicast route-map import 'setmet' - set protocols bgp 1 neighbor 203.0.113.2 address-family ipv4-unicast soft-reconfiguration 'inbound' <<<< *** - - *** get policy update without bouncing the neighbor - -**Routes learned before routing policy applied:** - -.. code-block:: none - - vyos@vos1:~$ show ip bgp - BGP table version is 0, local router ID is 192.168.56.101 - Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, - r RIB-failure, S Stale, R Removed - Origin codes: i - IGP, e - EGP, ? - incomplete - - Network Next Hop Metric LocPrf Weight Path - *> 198.51.100.3/32 203.0.113.2 1 0 2 i < Path - - Total number of prefixes 1 - -**Routes learned after routing policy applied:** - -.. code-block:: none - - vyos@vos1:~$ sho ip b - BGP table version is 0, local router ID is 192.168.56.101 - Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, - r RIB-failure, S Stale, R Removed - Origin codes: i - IGP, e - EGP, ? - incomplete - - Network Next Hop Metric LocPrf Weight Path - *> 198.51.100.3/32 203.0.113.2 1 0 2 2 2 2 i < longer AS_path length - - Total number of prefixes 1 - vyos@vos1:~$ -- cgit v1.2.3 From ed86dcfe5f14169f98b78d74e81220ce30e8b8de Mon Sep 17 00:00:00 2001 From: currite Date: Mon, 2 Nov 2020 13:37:53 +0100 Subject: routing/ip-commands: add a collection of IPv4 and IPv6 commands missing in the manual. --- docs/routing/index.rst | 1 + docs/routing/ip-commands.rst | 277 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 278 insertions(+) create mode 100644 docs/routing/ip-commands.rst (limited to 'docs/routing') diff --git a/docs/routing/index.rst b/docs/routing/index.rst index a34bbfac..53a8a6ce 100644 --- a/docs/routing/index.rst +++ b/docs/routing/index.rst @@ -13,6 +13,7 @@ Routing mpls mss-clamp multicast + ip-commands ospf pbr rip diff --git a/docs/routing/ip-commands.rst b/docs/routing/ip-commands.rst new file mode 100644 index 00000000..fbfe2d24 --- /dev/null +++ b/docs/routing/ip-commands.rst @@ -0,0 +1,277 @@ +.. _ip-commands: + +*********** +IP commands +*********** + + +IPv4 +==== + +System configuration commands +----------------------------- + + +.. cfgcmd:: set system ip disable-forwarding + + Use this command to disable IPv4 forwarding on all interfaces. + + +.. cfgcmd:: set system ip arp table-size + + Use this command to define the maximum number of entries to keep in + the ARP cache (1024, 2048, 4096, 8192, 16384, 32768). + + +.. cfgcmd:: set system ip multipath layer4-hashing + + Use this command to use Layer 4 information for IPv4 ECMP hashing. + + +Operational commands +-------------------- + + +show commands +^^^^^^^^^^^^^ + +See below the different parameters available for the IPv4 **show** command: + +.. code-block:: + + vyos@vyos:~$ show ip + Possible completions: + access-list Show all IP access-lists + as-path-access-list + Show all as-path-access-lists + bgp Show Border Gateway Protocol (BGP) information + community-list + Show IP community-lists + extcommunity-list + Show extended IP community-lists + forwarding Show IP forwarding status + groups Show IP multicast group membership + igmp Show IGMP (Internet Group Management Protocol) information + large-community-list + Show IP large-community-lists + multicast Show IP multicast + ospf Show IPv4 Open Shortest Path First (OSPF) routing information + pim Show PIM (Protocol Independent Multicast) information + ports Show IP ports in use by various system services + prefix-list Show all IP prefix-lists + protocol Show IP route-maps per protocol + rip Show Routing Information Protocol (RIP) information + route Show IP routes + + +reset commands +^^^^^^^^^^^^^^ + +And the different IPv4 **reset** commands available: + +.. code-block:: + + vyos@vyos:~$ reset ip + Possible completions: + arp Reset Address Resolution Protocol (ARP) cache + bgp Clear Border Gateway Protocol (BGP) statistics or status + igmp IGMP clear commands + multicast IP multicast routing table + route Reset IP route + + +IPv6 +==== + +System configuration commands +----------------------------- + +.. cfgcmd:: set system ipv6 disable + + Use this command to disable assignment of IPv6 addresses on all + interfaces. + + +.. cfgcmd:: set system ipv6 disable-forwarding + + Use this command to disable IPv6 forwarding on all interfaces. + + +.. cfgcmd:: set system ipv6 neighbor table-size + + Use this command to define the maximum number of entries to keep in + the Neighbor cache (1024, 2048, 4096, 8192, 16384, 32768). + + +.. cfgcmd:: set system ipv6 strict-dad + + Use this command to disable IPv6 operation on interface when + Duplicate Address Detection fails on Link-Local address. + + +.. cfgcmd:: set system ipv6 multipath layer4-hashing + + Use this command to user Layer 4 information for ECMP hashing. + + + +Operational commands +-------------------- + +Show commands +^^^^^^^^^^^^^ + + +.. opcmd:: show ipv6 neighbors + + Use this command to show IPv6 Neighbor Discovery Protocol information. + + +.. opcmd:: show ipv6 groups + + Use this command to show IPv6 multicast group membership. + + +.. opcmd:: show ipv6 forwarding + + Use this command to show IPv6 forwarding status. + +.. opcmd:: show ipv6 route + + Use this command to show IPv6 routes. + + + Check the many parameters available for the `show ipv6 route` command: + + .. code-block:: none + + vyos@vyos:~$ show ipv6 route + Possible completions: + Execute the current command + Show IPv6 routes of given address or prefix + + bgp Show IPv6 BGP routes + cache Show kernel IPv6 route cache + connected Show IPv6 connected routes + forward Show kernel IPv6 route table + isis Show IPv6 ISIS routes + kernel Show IPv6 kernel routes + ospfv3 Show IPv6 OSPF6 routes + ripng Show IPv6 RIPNG routes + static Show IPv6 static routes + summary Show IPv6 routes summary + table Show IP routes in policy table + vrf Show IPv6 routes in VRF + + +.. opcmd:: show ipv6 prefix-list + + Use this command to show all IPv6 prefix lists + + There are different parameters for getting prefix-list information: + + .. code-block:: none + + vyos@vyos:~$ show ipv6 prefix-list + Possible completions: + Execute the current command + Show specified IPv6 prefix-list + detail Show detail of IPv6 prefix-lists + summary Show summary of IPv6 prefix-lists + +.. opcmd:: show ipv6 access-list + + Use this command to show all IPv6 access lists + + You can also specify which IPv6 access-list should be shown: + + .. code-block:: none + + vyos@vyos:~$ show ipv6 access-list + Possible completions: + Execute the current command + Show specified IPv6 access-list + + + +.. opcmd:: show ipv6 bgp + + Use this command to show IPv6 Border Gateway Protocol information. + + + In addition, you can specify many other parameters to get BGP + information: + + .. code-block:: none + + vyos@vyos:~$ show ipv6 bgp + Possible completions: + Execute the current command + Show BGP information for given address or prefix + + community Show routes matching the communities + community-list + Show routes matching the community-list + filter-list Show routes conforming to the filter-list + large-community + Show routes matching the large-community-list + large-community-list + neighbors Show detailed information on TCP and BGP neighbor connections + prefix-list Show routes matching the prefix-list + regexp Show routes matching the AS path regular expression + route-map Show BGP routes matching the specified route map + summary Show summary of BGP neighbor status + + +.. opcmd:: show ipv6 ospfv3 + + Use this command to get information about OSPFv3. + + You can get more specific OSPFv3 information by using the parameters + shown below: + + .. code-block:: + + vyos@vyos:~$ show ipv6 ospfv3 + Possible completions: + Execute the current command + area Show OSPFv3 spf-tree information + border-routers + Show OSPFv3 border-router (ABR and ASBR) information + database Show OSPFv3 Link state database information + interface Show OSPFv3 interface information + linkstate Show OSPFv3 linkstate routing information + neighbor Show OSPFv3 neighbor information + redistribute Show OSPFv3 redistribute External information + route Show OSPFv3 routing table information + +.. opcmd:: show ipv6 ripng + + Use this command to get information about the RIPNG protocol + +.. opcmd:: show ipv6 ripng status + + Use this command to show the status of the RIPNG protocol + + + +Reset commands +^^^^^^^^^^^^^^ + +.. opcmd:: reset ipv6 bgp
+ + Use this command to clear Border Gateway Protocol statistics or + status. + + +.. opcmd:: reset ipv6 neighbors
+ + Use this command to reset IPv6 Neighbor Discovery Protocol cache for + an address or interface. + +.. opcmd:: reset ipv6 route cache + + Use this command to flush the kernel IPv6 route cache. + An address can be added to flush it only for that route. + + -- cgit v1.2.3 From 168247e76ad1b03e4d1dab2631ee970afeb74549 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Tue, 3 Nov 2020 17:04:57 +0100 Subject: ip-commands: add "none" on code-block directives --- docs/routing/ip-commands.rst | 63 ++++++++++++++++---------------------------- 1 file changed, 22 insertions(+), 41 deletions(-) (limited to 'docs/routing') diff --git a/docs/routing/ip-commands.rst b/docs/routing/ip-commands.rst index fbfe2d24..eba4fd90 100644 --- a/docs/routing/ip-commands.rst +++ b/docs/routing/ip-commands.rst @@ -1,9 +1,8 @@ .. _ip-commands: -*********** +########### IP commands -*********** - +########### IPv4 ==== @@ -11,18 +10,15 @@ IPv4 System configuration commands ----------------------------- - .. cfgcmd:: set system ip disable-forwarding Use this command to disable IPv4 forwarding on all interfaces. - .. cfgcmd:: set system ip arp table-size Use this command to define the maximum number of entries to keep in the ARP cache (1024, 2048, 4096, 8192, 16384, 32768). - .. cfgcmd:: set system ip multipath layer4-hashing Use this command to use Layer 4 information for IPv4 ECMP hashing. @@ -31,13 +27,12 @@ System configuration commands Operational commands -------------------- - show commands ^^^^^^^^^^^^^ See below the different parameters available for the IPv4 **show** command: -.. code-block:: +.. code-block:: none vyos@vyos:~$ show ip Possible completions: @@ -62,23 +57,22 @@ See below the different parameters available for the IPv4 **show** command: protocol Show IP route-maps per protocol rip Show Routing Information Protocol (RIP) information route Show IP routes - + reset commands ^^^^^^^^^^^^^^ And the different IPv4 **reset** commands available: -.. code-block:: +.. code-block:: none - vyos@vyos:~$ reset ip + vyos@vyos:~$ reset ip Possible completions: arp Reset Address Resolution Protocol (ARP) cache bgp Clear Border Gateway Protocol (BGP) statistics or status igmp IGMP clear commands multicast IP multicast routing table route Reset IP route - IPv6 ==== @@ -91,61 +85,52 @@ System configuration commands Use this command to disable assignment of IPv6 addresses on all interfaces. - .. cfgcmd:: set system ipv6 disable-forwarding Use this command to disable IPv6 forwarding on all interfaces. - .. cfgcmd:: set system ipv6 neighbor table-size Use this command to define the maximum number of entries to keep in the Neighbor cache (1024, 2048, 4096, 8192, 16384, 32768). - .. cfgcmd:: set system ipv6 strict-dad Use this command to disable IPv6 operation on interface when Duplicate Address Detection fails on Link-Local address. - .. cfgcmd:: set system ipv6 multipath layer4-hashing Use this command to user Layer 4 information for ECMP hashing. - Operational commands -------------------- Show commands ^^^^^^^^^^^^^ - .. opcmd:: show ipv6 neighbors Use this command to show IPv6 Neighbor Discovery Protocol information. - .. opcmd:: show ipv6 groups Use this command to show IPv6 multicast group membership. - .. opcmd:: show ipv6 forwarding - + Use this command to show IPv6 forwarding status. .. opcmd:: show ipv6 route Use this command to show IPv6 routes. - Check the many parameters available for the `show ipv6 route` command: .. code-block:: none - vyos@vyos:~$ show ipv6 route + vyos@vyos:~$ show ipv6 route Possible completions: Execute the current command Show IPv6 routes of given address or prefix @@ -162,7 +147,7 @@ Show commands summary Show IPv6 routes summary table Show IP routes in policy table vrf Show IPv6 routes in VRF - + .. opcmd:: show ipv6 prefix-list @@ -172,13 +157,13 @@ Show commands .. code-block:: none - vyos@vyos:~$ show ipv6 prefix-list + vyos@vyos:~$ show ipv6 prefix-list Possible completions: Execute the current command Show specified IPv6 prefix-list detail Show detail of IPv6 prefix-lists summary Show summary of IPv6 prefix-lists - + .. opcmd:: show ipv6 access-list Use this command to show all IPv6 access lists @@ -187,12 +172,10 @@ Show commands .. code-block:: none - vyos@vyos:~$ show ipv6 access-list + vyos@vyos:~$ show ipv6 access-list Possible completions: Execute the current command Show specified IPv6 access-list - - .. opcmd:: show ipv6 bgp @@ -203,8 +186,8 @@ Show commands information: .. code-block:: none - - vyos@vyos:~$ show ipv6 bgp + + vyos@vyos:~$ show ipv6 bgp Possible completions: Execute the current command Show BGP information for given address or prefix @@ -221,7 +204,7 @@ Show commands regexp Show routes matching the AS path regular expression route-map Show BGP routes matching the specified route map summary Show summary of BGP neighbor status - + .. opcmd:: show ipv6 ospfv3 @@ -229,10 +212,10 @@ Show commands You can get more specific OSPFv3 information by using the parameters shown below: - - .. code-block:: - - vyos@vyos:~$ show ipv6 ospfv3 + + .. code-block:: none + + vyos@vyos:~$ show ipv6 ospfv3 Possible completions: Execute the current command area Show OSPFv3 spf-tree information @@ -244,7 +227,7 @@ Show commands neighbor Show OSPFv3 neighbor information redistribute Show OSPFv3 redistribute External information route Show OSPFv3 routing table information - + .. opcmd:: show ipv6 ripng Use this command to get information about the RIPNG protocol @@ -254,7 +237,6 @@ Show commands Use this command to show the status of the RIPNG protocol - Reset commands ^^^^^^^^^^^^^^ @@ -266,12 +248,11 @@ Reset commands .. opcmd:: reset ipv6 neighbors
- Use this command to reset IPv6 Neighbor Discovery Protocol cache for + Use this command to reset IPv6 Neighbor Discovery Protocol cache for an address or interface. .. opcmd:: reset ipv6 route cache Use this command to flush the kernel IPv6 route cache. - An address can be added to flush it only for that route. - + An address can be added to flush it only for that route. -- cgit v1.2.3 From d20c299b9dff3226e886a10a0e7223704fac32a0 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 13 Nov 2020 14:46:04 +0100 Subject: interfaces: use common toc and chapter style --- docs/interfaces/advanced-index.rst | 7 ++-- docs/interfaces/bond.rst | 41 +++++++++++--------- docs/interfaces/bridge.rst | 52 ++++++++++++------------- docs/interfaces/dummy.rst | 9 +++-- docs/interfaces/ethernet.rst | 22 +++++------ docs/interfaces/geneve.rst | 9 +++-- docs/interfaces/l2tpv3.rst | 75 +++++++++++++++++++++++++++++++++---- docs/interfaces/loopback.rst | 8 ++-- docs/interfaces/macsec.rst | 19 ++++++---- docs/interfaces/pppoe.rst | 24 +++++++----- docs/interfaces/pseudo-ethernet.rst | 9 +++-- docs/interfaces/wirelessmodem.rst | 57 +++++++++++++++------------- docs/routing/mpls.rst | 6 +-- 13 files changed, 210 insertions(+), 128 deletions(-) (limited to 'docs/routing') diff --git a/docs/interfaces/advanced-index.rst b/docs/interfaces/advanced-index.rst index f955c6b1..6e35dac2 100644 --- a/docs/interfaces/advanced-index.rst +++ b/docs/interfaces/advanced-index.rst @@ -1,8 +1,8 @@ .. _advanced_network-interfaces: -########################### -Advanced Network Interfaces -########################### +################## +Network Interfaces +################## .. toctree:: :maxdepth: 1 @@ -15,6 +15,7 @@ Advanced Network Interfaces loopback l2tpv3 macsec + pppoe pseudo-ethernet qinq tunnel diff --git a/docs/interfaces/bond.rst b/docs/interfaces/bond.rst index 859c25c3..21088c02 100644 --- a/docs/interfaces/bond.rst +++ b/docs/interfaces/bond.rst @@ -10,32 +10,35 @@ or port-channel. The behavior of the bonded interfaces depends upon the mode; generally speaking, modes provide either hot standby or load balancing services. Additionally, link integrity monitoring may be performed. +************* Configuration -############# +************* Common interface configuration ------------------------------- +============================== .. cmdinclude:: ../_include/interface-common-with-dhcp.txt :var0: bond :var1: bond0 Member Interfaces ------------------ +================= .. cfgcmd:: set interfaces bonding member interface Enslave `` interface to bond ``. Bond options ------------- +============ -.. cfgcmd:: set interfaces bonding mode +.. cfgcmd:: set interfaces bonding mode <802.3ad | active-backup | + broadcast | round-robin | transmit-load-balance | adaptive-load-balance | + xor-hash> Specifies one of the bonding policies. The default is 802.3ad. Possible values are: - * **802.3ad** - IEEE 802.3ad Dynamic link aggregation. Creates aggregation + * ``802.3ad`` - IEEE 802.3ad Dynamic link aggregation. Creates aggregation groups that share the same speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification. @@ -47,7 +50,7 @@ Bond options in regards to the packet mis-ordering requirements of section 43.2.4 of the 802.3ad standard. - * **active-backup** - Active-backup policy: Only one slave in the bond is + * ``active-backup`` - Active-backup policy: Only one slave in the bond is active. A different slave becomes active if, and only if, the active slave fails. The bond's MAC address is externally visible on only one port (network adapter) to avoid confusing the switch. @@ -62,24 +65,24 @@ Bond options This mode provides fault tolerance. The :cfgcmd:`primary` option, documented below, affects the behavior of this mode. - * **broadcast** - Broadcast policy: transmits everything on all slave + * ``broadcast`` - Broadcast policy: transmits everything on all slave interfaces. This mode provides fault tolerance. - * **round-robin** - Round-robin policy: Transmit packets in sequential + * ``round-robin`` - Round-robin policy: Transmit packets in sequential order from the first available slave through the last. This mode provides load balancing and fault tolerance. - * **transmit-load-balance** - Adaptive transmit load balancing: channel + * ``transmit-load-balance`` - Adaptive transmit load balancing: channel bonding that does not require any special switch support. Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed receiving slave. - * **adaptive-load-balance** - Adaptive load balancing: includes + * ``adaptive-load-balance`` - Adaptive load balancing: includes transmit-load-balance plus receive load balancing for IPV4 traffic, and does not require any special switch support. The receive load balancing is achieved by ARP negotiation. The bonding driver intercepts the ARP @@ -111,7 +114,7 @@ Bond options than the switch's forwarding delay so that the ARP Replies sent to the peers will not be blocked by the switch. - * **xor-hash** - XOR policy: Transmit based on the selected transmit + * ``xor-hash`` - XOR policy: Transmit based on the selected transmit hash policy. The default policy is a simple [(source MAC address XOR'd with destination MAC address XOR packet type ID) modulo slave count]. Alternate transmit policies may be selected via the :cfgcmd:`hash-policy` @@ -253,8 +256,9 @@ Bond options The maximum number of targets that can be specified is 16. The default value is no IP addresses. +******* Example -------- +******* The following configuration on VyOS applies to all following 3rd party vendors. It creates a bond with two links and VLAN 10, 100 on the bonded interfaces with @@ -275,7 +279,7 @@ a per VIF IPv4 address. set interfaces bonding bond0 member interface eth2 Cisco Catalyst -^^^^^^^^^^^^^^ +============== Assign member interfaces to PortChannel @@ -305,7 +309,7 @@ allowed VLAN interfaces, STP will happen here. Juniper EX Switch -^^^^^^^^^^^^^^^^^ +================= For a headstart you can use the below example on how to build a bond with two interfaces from VyOS to a Juniper EX Switch system. @@ -334,7 +338,7 @@ interfaces from VyOS to a Juniper EX Switch system. set interfaces xe-1/1/0 ether-options 802.3ad ae0 Aruba/HP -^^^^^^^^ +======== For a headstart you can use the below example on how to build a bond,port-channel with two interfaces from VyOS to a Aruba/HP 2510G switch. @@ -349,7 +353,7 @@ with two interfaces from VyOS to a Aruba/HP 2510G switch. vlan 100 tagged Trk1 Arista EOS -^^^^^^^^^^ +========== When utilizing VyOS in an environment with Arista gear you can use this blue print as an initial setup to get an LACP bond / port-channel operational between @@ -463,8 +467,9 @@ Lets assume the following topology: virtio network driver no LACP PDUs will be sent by VyOS thus the port-channel will never become active! +********* Operation -######### +********* .. opcmd:: show interfaces bonding diff --git a/docs/interfaces/bridge.rst b/docs/interfaces/bridge.rst index 144e5f6d..ba6d70fb 100644 --- a/docs/interfaces/bridge.rst +++ b/docs/interfaces/bridge.rst @@ -14,18 +14,19 @@ standard. .. note:: Spanning Tree Protocol is not enabled by default in VyOS. :ref:`stp` can be easily enabled if needed. +************* Configuration -############# +************* Common interface configuration ------------------------------- +============================== .. cmdinclude:: ../_include/interface-common-with-dhcp.txt :var0: bridge :var1: br0 Member Interfaces ------------------ +================= .. cfgcmd:: set interfaces bridge member interface @@ -59,6 +60,24 @@ Member Interfaces deciding which link to use. Faster interfaces should have lower costs. +Bridge Options +============== + +.. cfgcmd:: set interfaces bridge aging