Merge branch 'master' into sr-mpls-correction

docs/_include/vyos-1x

@@ -1 +1 @@
-Subproject commit c820be57b6c77cdb0a5055d0c3a77dc8d550e2d7
+Subproject commit b65296a0ff39e66d87e916971477cce351f6d5a5

docs/changelog/1.3.rst

@@ -8,6 +8,37 @@
    _ext/releasenotes.py
 
 
+2023-04-01
+==========
+
+* :vytask:`T5047` (bug): Recreate only a specific container
+
+
+2023-03-31
+==========
+
+* :vytask:`T5111` (bug): pppd-dns.service startup failed
+
+
+2023-03-29
+==========
+
+* :vytask:`T5033` (bug): generate-public-key command fails for address with multiple public keys like GitHub
+* :vytask:`T5097` (bug):  the operational command "show interfaces ethernet ethx" doesn't reflect a call to 'clear counters'
+
+
+2023-03-27
+==========
+
+* :vytask:`T4737` (bug): FRRouting/zebra 7.5.1 does not redistribute routes to other protocols
+
+
+2023-03-21
+==========
+
+* :vytask:`T5098` (feature): PPPoE client holdoff configuration
+
+
 2023-03-19
 ==========
 

docs/changelog/1.4.rst

@@ -8,6 +8,97 @@
    _ext/releasenotes.py
 
 
+2023-04-02
+==========
+
+* :vytask:`T5134` (feature): Try if netavark networks can be moved to a VRF instance
+
+
+2023-04-01
+==========
+
+* :vytask:`T5082` (feature): container: switch to netavark network stack
+* :vytask:`T5047` (bug): Recreate only a specific container
+* :vytask:`T5132` (default): Operational command "show isis vrf  XXX route | neighbord" aren't working 
+
+
+2023-03-31
+==========
+
+* :vytask:`T5129` (feature): Add AWS build flavour
+* :vytask:`T5126` (feature): http-api: add 'allow-client' to restrict IP address of client connections
+
+
+2023-03-30
+==========
+
+* :vytask:`T5130` (bug): op-mode: drop remaining reference to obsoleted 'show_interfaces.py'
+* :vytask:`T4866` (feature): Rewrite show_interfaces to standardized form
+* :vytask:`T366` (bug): SNMP Query for BGP Tunnels Returns IPv4 Tunnels Only
+
+
+2023-03-29
+==========
+
+* :vytask:`T5100` (feature): Update FRR to 8.5
+* :vytask:`T5094` (bug): FRR systemd logs unknow key LimitNOFILESoft
+* :vytask:`T5085` (bug): ospfv3 route-map not applied in FRR configuration
+* :vytask:`T5056` (bug): IPoE server vlan-mon is not working 
+* :vytask:`T5033` (bug): generate-public-key command fails for address with multiple public keys like GitHub
+* :vytask:`T4876` (bug): mpls - LSP broken on FRR 8.4.1
+* :vytask:`T5097` (bug):  the operational command "show interfaces ethernet ethx" doesn't reflect a call to 'clear counters'
+* :vytask:`T5089` (enhancment): Add unit test of config_diff
+* :vytask:`T5088` (enhancment): Add lexicographical-numeric compare function for vytree/configtree
+* :vytask:`T5087` (enhancment): Add support for lexical ordering of nodes in config_tree
+* :vytask:`T4885` (feature): Rewrite 'clear interfaces counters' from Perl to Python
+* :vytask:`T4846` (bug): L3VPN- network command doesn't install direct connected  prefix
+
+
+2023-03-28
+==========
+
+* :vytask:`T5043` (feature): Need to create reset command for IKEv2 remote-access vpn connections
+
+
+2023-03-27
+==========
+
+* :vytask:`T5099` (feature): IPoE server add option 'next-pool' for named ip pools
+* :vytask:`T5106` (feature): Extend generation of API client requests to configsession native functions and composite requests
+* :vytask:`T5104` (bug): DHCP default route issues with static routes in VRFs
+* :vytask:`T5079` (feature): xml: schema extension to support defaultValues on tagNodes
+* :vytask:`T5114` (feature): bgp: implement new CLI commands introduced in FRR 8.5
+
+
+2023-03-23
+==========
+
+* :vytask:`T5108` (feature): Get rate limit for L2TP/PPTP/SSTP/IPoE in raw format
+* :vytask:`T5086` (feature): Integrate hsflowd for sflow accounting
+* :vytask:`T5107` (bug): Raise error in op-mode dns.py instead of calling exit
+
+
+2023-03-22
+==========
+
+* :vytask:`T5068` (feature): Generate op-mode API client requests along with schema generation
+
+
+2023-03-21
+==========
+
+* :vytask:`T5098` (feature): PPPoE client holdoff configuration
+* :vytask:`T3694` (bug): Static routes not installed into kernel nor frr
+* :vytask:`T5102` (feature): ospf: "redistribute babel" is always set
+
+
+2023-03-20
+==========
+
+* :vytask:`T5057` (bug): IPoE server incorrect interface regex
+* :vytask:`T5095` (feature): Return list instead of dict for 'raw' output of op-mode openvpn
+
+
 2023-03-19
 ==========
 
@@ -1840,12 +1931,6 @@
 * :vytask:`T4181` (bug): Firewall ipv6-network-group - incorrect description on helper 
 
 
-2022-01-22
-==========
-
-* :vytask:`T4173` (bug): Wan Load Balancing - Error on firewall NAT rules
-
-
 2022-01-21
 ==========
 
@@ -2226,7 +2311,6 @@
 
 * :vytask:`T3612` (bug): IPoE Server address pool issues. 
 * :vytask:`T3995` (feature): OpenVPN: do not stop/start service on configuration change
-* :vytask:`T3680` (bug): Static routes with dhcp-interface are flaky
 * :vytask:`T4008` (feature): dhcp: change client retry interval form 300 -> 60 seconds
 * :vytask:`T3795` (bug): WWAN: issues with non connected interface / no signal
 * :vytask:`T3510` (bug): RADIUS usersname is not shown on CLI

docs/configexamples/index.rst

@@ -21,6 +21,7 @@ This chapter contains various configuration examples:
    openvpn-ldap
    qos
    segment-routing-isis
+   nmp
 
 
 Configuration Blueprints (autotest)

docs/configexamples/nmp.rst

@@ -0,0 +1,66 @@
+:lastproofread: 2023-03-26
+
+.. _examples-nmp:
+
+###########
+NMP example
+###########
+
+Consider how to quickly set up NMP and VyOS for monitoring.
+NMP is multi-vendor network monitoring from 'SolarWinds' built to scale and expand with the needs of your network. 
+
+Configuration 'VyOS'
+====================
+
+First prepare our VyOS router for connection to NMP. We have to set up the SNMP protocol and connectivity between the router and NMP.
+
+.. code-block:: none
+
+	set interfaces ethernet eth0 address 'dhcp'
+	set system name-server '8.8.8.8'
+	set service snmp community router authorization 'test'
+	set service snmp community router network '0.0.0.0/0'
+
+
+Configuration 'NMP'
+====================
+
+Next, you just  should follow the pictures:
+
+.. image:: /_static/images/nmp1.png
+   :width: 80%
+   :align: center
+   :alt: Network Topology Diagram
+   
+.. image:: /_static/images/nmp2.png
+   :width: 80%
+   :align: center
+   :alt: Network Topology Diagram
+   
+.. image:: /_static/images/nmp3.png
+   :width: 80%
+   :align: center
+   :alt: Network Topology Diagram
+   
+.. image:: /_static/images/nmp4.png
+   :width: 80%
+   :align: center
+   :alt: Network Topology Diagram
+
+.. image:: /_static/images/nmp5.png
+   :width: 80%
+   :align: center
+   :alt: Network Topology Diagram
+
+.. image:: /_static/images/nmp6.png
+   :width: 80%
+   :align: center
+   :alt: Network Topology Diagram
+
+.. image:: /_static/images/nmp7.png
+   :width: 80%
+   :align: center
+   :alt: Network Topology Diagram
+   
+  
+In the end, you'll get a powerful instrument for monitoring the VyOS systems.

docs/configuration/service/dns.rst

@@ -25,10 +25,11 @@ avoid being tracked by the provider of your upstream DNS server.
 
    Interfaces whose DHCP client nameservers to forward requests to.
 
-.. cfgcmd:: set service dns forwarding name-server <address>
+.. cfgcmd:: set service dns forwarding name-server <address> port <port>
 
-   Send all DNS queries to the IPv4/IPv6 DNS server specified under `<address>`.
+   Send all DNS queries to the IPv4/IPv6 DNS server specified under `<address>`
-   You can configure multiple nameservers here.
+   on optional port specified under `<port>`. The port defaults to 53. You can
+   configure multiple nameservers here.
 
 .. cfgcmd:: set service dns forwarding domain <domain-name> server <address>
 
@@ -167,8 +168,10 @@ In this scenario:
   set service dns forwarding domain example.com server 2001:db8:cafe::1
   set service dns forwarding name-server 192.0.2.1
   set service dns forwarding name-server 192.0.2.2
+  set service dns forwarding name-server 192.0.2.3 port 853
   set service dns forwarding name-server 2001:db8::1:ffff
   set service dns forwarding name-server 2001:db8::2:ffff
+  set service dns forwarding name-server 2001:db8::3:ffff port 8053
   set service dns forwarding listen-address 192.168.1.254
   set service dns forwarding listen-address 2001:db8::ffff
   set service dns forwarding allow-from 192.168.1.0/24

docs/configuration/service/ntp.rst

@@ -50,13 +50,16 @@ Configuration
    * ``1.pool.ntp.org``
    * ``2.pool.ntp.org``
 
-.. cfgcmd:: set service ntp server <address> <noselect | pool | prefer>
+.. cfgcmd:: set service ntp server <address> <noselect | nts | pool | prefer>
 
    Configure one or more attributes to the given NTP server.
 
    * ``noselect`` marks the server as unused, except for display purposes. The
      server is discarded by the selection algorithm.
 
+   * ``nts`` enables Network Time Security (NTS) for the server as specified 
+     in :rfc:`8915`
+
    * ``pool`` mobilizes persistent client mode association with a number of
      remote servers.
 

docs/configuration/system/index.rst

@@ -19,6 +19,7 @@ System
    name-server
    option
    proxy
+   sflow
    syslog
    sysctl
    task-scheduler

docs/configuration/system/sflow.rst

@@ -0,0 +1,63 @@
+.. _ntp:
+
+#####
+sFlow
+#####
+
+VyOS supports sFlow accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector.
+
+sFlow is a technology that enables monitoring of network traffic by sending sampled packets to a collector device.
+
+The sFlow accounting based on hsflowd https://sflow.net/
+
+Configuration
+=============
+
+.. cfgcmd:: set system sflow agent-address <address>
+
+   Configure sFlow agent IPv4 or IPv6 address
+
+
+.. cfgcmd:: set system sflow agent-interface <interface>
+
+   Configure agent IP address associated with this interface.
+
+
+.. cfgcmd:: set system sflow drop-monitor-limit <limit>
+
+   Dropped packets reported on DROPMON Netlink channel by Linux kernel are exported via the standard sFlow v5 extension for reporting dropped packets
+
+.. cfgcmd:: set system sflow interface <interface>
+
+   Configure and enable collection of flow information for the interface identified by <interface>.
+
+   You can configure multiple interfaces which whould participate in sflow accounting.
+
+
+.. cfgcmd:: set system sflow polling <sec>
+
+   Configure schedule counter-polling in seconds (default: 30)
+
+.. cfgcmd:: set system sflow sampling-rate <rate>
+
+   Use this command to configure the sampling rate for sFlow accounting (default: 1000)
+
+.. cfgcmd:: set system sflow server <address> port <port>
+
+   Configure address of sFlow collector. sFlow server at <address> can be both listening on an IPv4 or IPv6 address.
+
+
+Example
+=======
+
+.. code-block:: none
+
+  set system sflow agent-address '192.0.2.14'
+  set system sflow agent-interface 'eth0'
+  set system sflow drop-monitor-limit '50'
+  set system sflow interface 'eth0'
+  set system sflow interface 'eth1'
+  set system sflow polling '30'
+  set system sflow sampling-rate '1000'
+  set system sflow server 192.0.2.1 port '6343'
+  set system sflow server 203.0.113.23 port '6343'