vyos/vyos-documentation
1
0
Fork 0
mirror of https://github.com/vyos/vyos-documentation.git synced 2025-10-26 08:41:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/vyos/vyos-documentation

Browse Source
This commit is contained in:
srividya0208 2021-05-27 14:18:26 -04:00
commit cf33123181
15 changed files with 232 additions and 109 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/_include/vyos-1x

@ -1 +1 @@
Subproject commit 0a1e22336c2ead01b607b5b6bb52383e4840645c
Subproject commit 8f304d2e214c9123b106b2feab8d310912c6b000

3
docs/automation/command-scripting.rst
View File

@ -26,7 +26,8 @@ example, if you want to disable a BGP peer on VRRP transition to backup:
#!/bin/vbash
source /opt/vyatta/etc/functions/script-template
configure
set protocols bgp 65536 neighbor 192.168.2.1 shutdown
set protocols bgp local-as 65536
set protocols bgp neighbor 192.168.2.1 shutdown
commit
exit

35
docs/changelog/1.3.rst
View File

@ -8,6 +8,39 @@
_ext/releasenotes.py
2021-05-23
==========
* :vytask:`T3570` (default): Prevent setting of a larger MTU on child interfaces
* :vytask:`T3572` (feature): Basic Drive Diagnostic Tools
2021-05-20
==========
* :vytask:`T3554` (feature): Add area-type stub for ospfv3
2021-05-19
==========
* :vytask:`T3562` (feature): Update Accel-PPP to a newer revision
* :vytask:`T3559` (feature): Add restart op-command for OpenConnect Server
2021-05-18
==========
* :vytask:`T3525` (default): VMWare resume script syntax errors
* :vytask:`T2462` (default): LLDP op-mode exception: IndexError: list index out of range
2021-05-17
==========
* :vytask:`T3557` (bug): ddclient: FileNotFoundError in op-mode
2021-05-15
==========
@ -375,7 +408,7 @@
2021-02-16
==========
* :vytask:`T3318` (feature): Update Linux Kernel to v5.4.119 / 5.10.37
* :vytask:`T3318` (feature): Update Linux Kernel to v5.4.121 / 5.10.39
2021-02-14

48
docs/changelog/1.4.rst
View File

@ -8,6 +8,52 @@
_ext/releasenotes.py
2021-05-23
==========
* :vytask:`T3570` (default): Prevent setting of a larger MTU on child interfaces
* :vytask:`T3573` (bug): as-path-prepend Description Invalid
* :vytask:`T3572` (feature): Basic Drive Diagnostic Tools
2021-05-22
==========
* :vytask:`T3564` (default): Multiple BGP Confederation Peers Not Allowed
2021-05-21
==========
* :vytask:`T3551` (bug): QoS control failure of VLAN sub interface
2021-05-20
==========
* :vytask:`T3554` (feature): Add area-type stub for ospfv3
* :vytask:`T3565` (feature): sysctl: rewrite in XML and Python and drop from vyatta-cfg-system
2021-05-19
==========
* :vytask:`T3562` (feature): Update Accel-PPP to a newer revision
* :vytask:`T3559` (feature): Add restart op-command for OpenConnect Server
2021-05-18
==========
* :vytask:`T3525` (default): VMWare resume script syntax errors
2021-05-17
==========
* :vytask:`T3557` (bug): ddclient: FileNotFoundError in op-mode
2021-05-15
==========
@ -445,7 +491,7 @@
==========
* :vytask:`T3313` (bug): ospfv3 interface missing options
* :vytask:`T3318` (feature): Update Linux Kernel to v5.4.119 / 5.10.37
* :vytask:`T3318` (feature): Update Linux Kernel to v5.4.121 / 5.10.39
2021-02-15

11
docs/configexamples/azure-vpn-bgp.rst
View File

@ -120,13 +120,14 @@ Vyos configuration
.. code-block:: none
set protocols bgp 64499 neighbor 10.0.0.4 remote-as '65540'
set protocols bgp 64499 neighbor 10.0.0.4 address-family ipv4-unicast soft-reconfiguration 'inbound'
set protocols bgp 64499 neighbor 10.0.0.4 timers holdtime '30'
set protocols bgp 64499 neighbor 10.0.0.4 timers keepalive '10'
set protocols bgp local-as 64499
set protocols bgp neighbor 10.0.0.4 remote-as '65540'
set protocols bgp neighbor 10.0.0.4 address-family ipv4-unicast soft-reconfiguration 'inbound'
set protocols bgp neighbor 10.0.0.4 timers holdtime '30'
set protocols bgp neighbor 10.0.0.4 timers keepalive '10'
- **Important**: Disable connected check \
.. code-block:: none
set protocols bgp 64499 neighbor 10.0.0.4 disable-connected-check
set protocols bgp neighbor 10.0.0.4 disable-connected-check

21
docs/configexamples/azure-vpn-dual-bgp.rst
View File

@ -136,20 +136,21 @@ Vyos configuration
.. code-block:: none
set protocols bgp 64499 neighbor 10.0.0.4 remote-as '65540'
set protocols bgp 64499 neighbor 10.0.0.4 address-family ipv4-unicast soft-reconfiguration 'inbound'
set protocols bgp 64499 neighbor 10.0.0.4 timers holdtime '30'
set protocols bgp 64499 neighbor 10.0.0.4 timers keepalive '10'
set protocols bgp local-as 64499
set protocols bgp neighbor 10.0.0.4 remote-as '65540'
set protocols bgp neighbor 10.0.0.4 address-family ipv4-unicast soft-reconfiguration 'inbound'
set protocols bgp neighbor 10.0.0.4 timers holdtime '30'
set protocols bgp neighbor 10.0.0.4 timers keepalive '10'
set protocols bgp 64499 neighbor 10.0.0.5 remote-as '65540'
set protocols bgp 64499 neighbor 10.0.0.5 address-family ipv4-unicast soft-reconfiguration 'inbound'
set protocols bgp 64499 neighbor 10.0.0.5 timers holdtime '30'
set protocols bgp 64499 neighbor 10.0.0.5 timers keepalive '10'
set protocols bgp neighbor 10.0.0.5 remote-as '65540'
set protocols bgp neighbor 10.0.0.5 address-family ipv4-unicast soft-reconfiguration 'inbound'
set protocols bgp neighbor 10.0.0.5 timers holdtime '30'
set protocols bgp neighbor 10.0.0.5 timers keepalive '10'
- **Important**: Disable connected check, otherwise the routes learned
from Azure will not be imported into the routing table.
.. code-block:: none
set protocols bgp 64499 neighbor 10.0.0.4 disable-connected-check
set protocols bgp 64499 neighbor 10.0.0.5 disable-connected-check
set protocols bgp neighbor 10.0.0.4 disable-connected-check
set protocols bgp neighbor 10.0.0.5 disable-connected-check

58
docs/configexamples/bgp-ipv6-unnumbered.rst
View File

@ -13,39 +13,41 @@ Configuration
.. code-block:: none
set protocols bgp 64496 address-family ipv4-unicast redistribute connected
set protocols bgp 64496 address-family ipv6-unicast redistribute connected
set protocols bgp 64496 neighbor eth1 interface v6only
set protocols bgp 64496 neighbor eth1 interface v6only peer-group 'fabric'
set protocols bgp 64496 neighbor eth2 interface v6only
set protocols bgp 64496 neighbor eth2 interface v6only peer-group 'fabric'
set protocols bgp 64496 parameters bestpath as-path multipath-relax
set protocols bgp 64496 parameters bestpath compare-routerid
set protocols bgp 64496 parameters default no-ipv4-unicast
set protocols bgp 64496 parameters router-id '192.168.0.1'
set protocols bgp 64496 peer-group fabric address-family ipv4-unicast
set protocols bgp 64496 peer-group fabric address-family ipv6-unicast
set protocols bgp 64496 peer-group fabric capability extended-nexthop
set protocols bgp 64496 peer-group fabric remote-as 'external'
set protocols bgp local-as 64496
set protocols bgp address-family ipv4-unicast redistribute connected
set protocols bgp address-family ipv6-unicast redistribute connected
set protocols bgp neighbor eth1 interface v6only
set protocols bgp neighbor eth1 interface v6only peer-group 'fabric'
set protocols bgp neighbor eth2 interface v6only
set protocols bgp neighbor eth2 interface v6only peer-group 'fabric'
set protocols bgp parameters bestpath as-path multipath-relax
set protocols bgp parameters bestpath compare-routerid
set protocols bgp parameters default no-ipv4-unicast
set protocols bgp parameters router-id '192.168.0.1'
set protocols bgp peer-group fabric address-family ipv4-unicast
set protocols bgp peer-group fabric address-family ipv6-unicast
set protocols bgp peer-group fabric capability extended-nexthop
set protocols bgp peer-group fabric remote-as 'external'
- Router B:
.. code-block:: none
set protocols bgp 64499 address-family ipv4-unicast redistribute connected
set protocols bgp 64499 address-family ipv6-unicast redistribute connected
set protocols bgp 64499 neighbor eth1 interface v6only
set protocols bgp 64499 neighbor eth1 interface v6only peer-group 'fabric'
set protocols bgp 64499 neighbor eth2 interface v6only
set protocols bgp 64499 neighbor eth2 interface v6only peer-group 'fabric'
set protocols bgp 64499 parameters bestpath as-path multipath-relax
set protocols bgp 64499 parameters bestpath compare-routerid
set protocols bgp 64499 parameters default no-ipv4-unicast
set protocols bgp 64499 parameters router-id '192.168.0.2'
set protocols bgp 64499 peer-group fabric address-family ipv4-unicast
set protocols bgp 64499 peer-group fabric address-family ipv6-unicast
set protocols bgp 64499 peer-group fabric capability extended-nexthop
set protocols bgp 64499 peer-group fabric remote-as 'external'
set protocols bgp local-as 64499
set protocols bgp address-family ipv4-unicast redistribute connected
set protocols bgp address-family ipv6-unicast redistribute connected
set protocols bgp neighbor eth1 interface v6only
set protocols bgp neighbor eth1 interface v6only peer-group 'fabric'
set protocols bgp neighbor eth2 interface v6only
set protocols bgp neighbor eth2 interface v6only peer-group 'fabric'
set protocols bgp parameters bestpath as-path multipath-relax
set protocols bgp parameters bestpath compare-routerid
set protocols bgp parameters default no-ipv4-unicast
set protocols bgp parameters router-id '192.168.0.2'
set protocols bgp peer-group fabric address-family ipv4-unicast
set protocols bgp peer-group fabric address-family ipv6-unicast
set protocols bgp peer-group fabric capability extended-nexthop
set protocols bgp peer-group fabric remote-as 'external'
Results
=======

21
docs/configexamples/ha.rst
View File

@ -6,7 +6,7 @@ This document walks you through a complete HA setup of two VyOS machines. This
design is based on a VM as the primary router, and a physical machine as a
backup, using VRRP, BGP, OSPF and conntrack sharing.
The aim of this document is to walk you through setting everything up, so
The aim of this document is to walk you through setting everything up, so
at a point where you can reboot any machine and not lose more than a few
seconds worth of connectivity.
@ -555,6 +555,7 @@ it is not 203.0.113.0/24.
set policy prefix-list BGPOUT rule 100 prefix '203.0.113.0/24'
set policy prefix-list BGPOUT rule 10000 action 'deny'
set policy prefix-list BGPOUT rule 10000 prefix '0.0.0.0/0'
set policy route-map BGPOUT description 'BGP Export Filter'
set policy route-map BGPOUT rule 10 action 'permit'
set policy route-map BGPOUT rule 10 match ip address prefix-list 'BGPOUT'
@ -564,14 +565,16 @@ it is not 203.0.113.0/24.
set policy route-map BGPPREPENDOUT rule 10 set as-path-prepend '65551 65551 65551'
set policy route-map BGPPREPENDOUT rule 10 match ip address prefix-list 'BGPOUT'
set policy route-map BGPPREPENDOUT rule 10000 action 'deny'
set protocols bgp 65551 address-family ipv4-unicast network 192.0.2.0/24
set protocols bgp 65551 address-family ipv4-unicast redistribute connected metric '50'
set protocols bgp 65551 address-family ipv4-unicast redistribute ospf metric '50'
set protocols bgp 65551 neighbor 192.0.2.11 address-family ipv4-unicast route-map export 'BGPOUT'
set protocols bgp 65551 neighbor 192.0.2.11 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp 65551 neighbor 192.0.2.11 remote-as '65550'
set protocols bgp 65551 neighbor 192.0.2.11 update-source '192.0.2.21'
set protocols bgp 65551 parameters router-id '192.0.2.21'
set protocols bgp local-as 65551
set protocols bgp address-family ipv4-unicast network 192.0.2.0/24
set protocols bgp address-family ipv4-unicast redistribute connected metric '50'
set protocols bgp address-family ipv4-unicast redistribute ospf metric '50'
set protocols bgp neighbor 192.0.2.11 address-family ipv4-unicast route-map export 'BGPOUT'
set protocols bgp neighbor 192.0.2.11 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp neighbor 192.0.2.11 remote-as '65550'
set protocols bgp neighbor 192.0.2.11 update-source '192.0.2.21'
set protocols bgp parameters router-id '192.0.2.21'
**router2**

4
docs/configexamples/tunnelbroker-ipv6.rst
View File

@ -31,10 +31,10 @@ tunnel information page.
set interfaces tunnel tun0 address Client_IPv6_from_Tunnelbroker # This will be your VyOS install's public IPv6 address
set interfaces tunnel tun0 description 'HE.NET IPv6 Tunnel'
set interfaces tunnel tun0 encapsulation 'sit'
set interfaces tunnel tun0 local-ip Client_IPv4_from_Tunnelbroker # This is your public IP
set interfaces tunnel tun0 source-address Client_IPv4_from_Tunnelbroker # This is your public IP
set interfaces tunnel tun0 mtu '1472'
set interfaces tunnel tun0 multicast 'disable'
set interfaces tunnel tun0 remote-ip Server_IPv4_from_Tunnelbroker # This is the IP of the Tunnelbroker server
set interfaces tunnel tun0 remote Server_IPv4_from_Tunnelbroker # This is the IP of the Tunnelbroker server
set protocols static route6 ::/0 interface tun0 # Tell all traffic to go over this tunnel
commit

15
docs/configuration/interfaces/dummy.rst
View File

@ -11,12 +11,15 @@ you can have as many as you want.
.. note:: Dummy interfaces can be used as interfaces that always stay up (in
the same fashion to loopbacks in Cisco IOS), or for testing purposes.
.. hint:: A Dummy interface is always up, thus it could be used for
management traffic or as source/destination for and :abbr:`IGP (Interior
Gateway Protocol)` like :ref:`routing-bgp` so your internal BGP link is not
dependent on physical link states and multiple routes can be chosen to the
destination. A :ref:`dummy-interface` Interface should always be preferred
over a :ref:`loopback-interface` interface.
.. hint:: On systems with multiple redundant uplinks and routes,
it's a good idea to use a dedicated address for management and dynamic routing protocols.
However, assigning that address to a physical link is risky:
if that link goes down, that address will become inaccessible.
A common solution is to assign the management address to a loopback or a dummy interface
and advertise that address via all physical links, so that it's reachable
through any of them. Since in Linux-based systems, there can be only one loopback interface,
it's better to use a dummy interface for that purpose, since they can be added, removed,
and taken up and down independently.
*************
Configuration

5
docs/configuration/policy/index.rst
View File

@ -27,8 +27,9 @@ Example
set policy route-map setmet rule 2 set as-path-prepend '2 2 2'
# Apply policy to BGP
set protocols bgp 1 neighbor 203.0.113.2 address-family ipv4-unicast route-map import 'setmet'
set protocols bgp 1 neighbor 203.0.113.2 address-family ipv4-unicast soft-reconfiguration 'inbound'
set protocols bgp local-as 1
set protocols bgp neighbor 203.0.113.2 address-family ipv4-unicast route-map import 'setmet'
set protocols bgp neighbor 203.0.113.2 address-family ipv4-unicast soft-reconfiguration 'inbound'
Using 'soft-reconfiguration' we get the policy update without bouncing the
neighbor.

10
docs/configuration/protocols/bfd.rst
View File

@ -10,7 +10,7 @@ BFD
the following RFCs: :rfc:`5880`, :rfc:`5881` and :rfc:`5883`.
In the age of very fast networks, a second of unreachability may equal millions of lost packets.
The idea behind BFD is to detect very quickly when a peer is down and take action extremely fast.
The idea behind BFD is to detect very quickly when a peer is down and take action extremely fast.
BFD sends lots of small UDP packets very quickly to ensures that the peer is still alive.
@ -31,7 +31,7 @@ Configure BFD
Allow this BFD peer to not be directly connected
.. cfgcmd:: set protocols bfd peer <address> source
.. cfgcmd:: set protocols bfd peer <address> source
[address <address> | interface <interface>]
Bind listener to specifid interface/address, mandatory for IPv6
@ -45,7 +45,7 @@ Configure BFD
Remote transmission interval will be multiplied by this value
.. cfgcmd:: set protocols bfd peer <address> interval
.. cfgcmd:: set protocols bfd peer <address> interval
[receive | transmit] <10-60000>
Interval in milliseconds
@ -58,11 +58,11 @@ Configure BFD
Enable BFD in BGP
-----------------
.. cfgcmd:: set protocols bgp <asn> neighbor <address> bfd
.. cfgcmd:: set protocols bgp neighbor <neighbor> bfd
Enable BFD on a single BGP neighbor
.. cfgcmd:: set protocols bgp <asn> peer-group <group> bfd
.. cfgcmd:: set protocols bgp peer-group <neighbor> bfd
Enable BFD on a BGP peer group

77
docs/configuration/protocols/bgp.rst
View File

@ -897,15 +897,14 @@ between these sub-ASes we use something that looks like EBGP but behaves like
IBGP (called confederation BGP). Confederation mechanism is described in
:rfc:`5065`
.. cfgcmd:: set protocols bgp <subasn> parameters confederation identifier
.. cfgcmd:: set protocols bgp parameters confederation identifier
<asn>
This command specifies a BGP confederation identifier. <asn> is the number
of the autonomous system that internally includes multiple sub-autonomous
systems (a confederation). <subasn> is the number sub-autonomous system
inside <asn>.
systems (a confederation).
.. cfgcmd:: set protocols bgp <subasn> parameters confederation confederation
.. cfgcmd:: set protocols bgp parameters confederation confederation
peers <nsubasn>
This command sets other confederations <nsubasn> as members of autonomous
@ -1070,21 +1069,23 @@ A simple eBGP configuration:
.. code-block:: none
set protocols bgp 65534 neighbor 192.168.0.2 ebgp-multihop '2'
set protocols bgp 65534 neighbor 192.168.0.2 remote-as '65535'
set protocols bgp 65534 neighbor 192.168.0.2 update-source '192.168.0.1'
set protocols bgp 65534 address-family ipv4-unicast network '172.16.0.0/16'
set protocols bgp 65534 parameters router-id '192.168.0.1'
set protocols bgp local-as 65534
set protocols bgp neighbor 192.168.0.2 ebgp-multihop '2'
set protocols bgp neighbor 192.168.0.2 remote-as '65535'
set protocols bgp neighbor 192.168.0.2 update-source '192.168.0.1'
set protocols bgp address-family ipv4-unicast network '172.16.0.0/16'
set protocols bgp parameters router-id '192.168.0.1'
**Node 2:**
.. code-block:: none
set protocols bgp 65535 neighbor 192.168.0.1 ebgp-multihop '2'
set protocols bgp 65535 neighbor 192.168.0.1 remote-as '65534'
set protocols bgp 65535 neighbor 192.168.0.1 update-source '192.168.0.2'
set protocols bgp 65535 address-family ipv4-unicast network '172.17.0.0/16'
set protocols bgp 65535 parameters router-id '192.168.0.2'
set protocols bgp local-as 65535
set protocols bgp neighbor 192.168.0.1 ebgp-multihop '2'
set protocols bgp neighbor 192.168.0.1 remote-as '65534'
set protocols bgp neighbor 192.168.0.1 update-source '192.168.0.2'
set protocols bgp address-family ipv4-unicast network '172.17.0.0/16'
set protocols bgp parameters router-id '192.168.0.2'
Don't forget, the CIDR declared in the network statement MUST **exist in your
@ -1113,23 +1114,25 @@ A simple BGP configuration via IPv6.
.. code-block:: none
set protocols bgp 65534 neighbor 2001:db8::2 ebgp-multihop '2'
set protocols bgp 65534 neighbor 2001:db8::2 remote-as '65535'
set protocols bgp 65534 neighbor 2001:db8::2 update-source '2001:db8::1'
set protocols bgp 65534 neighbor 2001:db8::2 address-family ipv6-unicast
set protocols bgp 65534 address-family ipv6-unicast network '2001:db8:1::/48'
set protocols bgp 65534 parameters router-id '10.1.1.1'
set protocols bgp local-as 65534
set protocols bgp neighbor 2001:db8::2 ebgp-multihop '2'
set protocols bgp neighbor 2001:db8::2 remote-as '65535'
set protocols bgp neighbor 2001:db8::2 update-source '2001:db8::1'
set protocols bgp neighbor 2001:db8::2 address-family ipv6-unicast
set protocols bgp address-family ipv6-unicast network '2001:db8:1::/48'
set protocols bgp parameters router-id '10.1.1.1'
**Node 2:**
.. code-block:: none
set protocols bgp 65535 neighbor 2001:db8::1 ebgp-multihop '2'
set protocols bgp 65535 neighbor 2001:db8::1 remote-as '65534'
set protocols bgp 65535 neighbor 2001:db8::1 update-source '2001:db8::2'
set protocols bgp 65535 neighbor 2001:db8::1 address-family ipv6-unicast
set protocols bgp 65535 address-family ipv6-unicast network '2001:db8:2::/48'
set protocols bgp 65535 parameters router-id '10.1.1.2'
set protocols bgp local-as 65535
set protocols bgp neighbor 2001:db8::1 ebgp-multihop '2'
set protocols bgp neighbor 2001:db8::1 remote-as '65534'
set protocols bgp neighbor 2001:db8::1 update-source '2001:db8::2'
set protocols bgp neighbor 2001:db8::1 address-family ipv6-unicast
set protocols bgp address-family ipv6-unicast network '2001:db8:2::/48'
set protocols bgp parameters router-id '10.1.1.2'
Don't forget, the CIDR declared in the network statement **MUST exist in your
routing table (dynamic or static), the best way to make sure that is true is
@ -1164,6 +1167,7 @@ Route filter can be applied using a route-map:
set policy prefix-list6 AS65535-IN rule 10 prefix '2001:db8:2::/48'
set policy prefix-list6 AS65535-OUT rule 10 action 'deny'
set policy prefix-list6 AS65535-OUT rule 10 prefix '2001:db8:2::/48'
set policy route-map AS65535-IN rule 10 action 'permit'
set policy route-map AS65535-IN rule 10 match ip address prefix-list 'AS65535-IN'
set policy route-map AS65535-IN rule 10 match ipv6 address prefix-list 'AS65535-IN'
@ -1172,10 +1176,12 @@ Route filter can be applied using a route-map:
set policy route-map AS65535-OUT rule 10 match ip address prefix-list 'AS65535-OUT'
set policy route-map AS65535-OUT rule 10 match ipv6 address prefix-list 'AS65535-OUT'
set policy route-map AS65535-OUT rule 20 action 'permit'
set protocols bgp 65534 neighbor 2001:db8::2 address-family ipv4-unicast route-map export 'AS65535-OUT'
set protocols bgp 65534 neighbor 2001:db8::2 address-family ipv4-unicast route-map import 'AS65535-IN'
set protocols bgp 65534 neighbor 2001:db8::2 address-family ipv6-unicast route-map export 'AS65535-OUT'
set protocols bgp 65534 neighbor 2001:db8::2 address-family ipv6-unicast route-map import 'AS65535-IN'
set protocols bgp local-as 65534
set protocols bgp neighbor 2001:db8::2 address-family ipv4-unicast route-map export 'AS65535-OUT'
set protocols bgp neighbor 2001:db8::2 address-family ipv4-unicast route-map import 'AS65535-IN'
set protocols bgp neighbor 2001:db8::2 address-family ipv6-unicast route-map export 'AS65535-OUT'
set protocols bgp neighbor 2001:db8::2 address-family ipv6-unicast route-map import 'AS65535-IN'
**Node2:**
@ -1189,6 +1195,7 @@ Route filter can be applied using a route-map:
set policy prefix-list6 AS65534-IN rule 10 prefix '2001:db8:1::/48'
set policy prefix-list6 AS65534-OUT rule 10 action 'deny'
set policy prefix-list6 AS65534-OUT rule 10 prefix '2001:db8:1::/48'
set policy route-map AS65534-IN rule 10 action 'permit'
set policy route-map AS65534-IN rule 10 match ip address prefix-list 'AS65534-IN'
set policy route-map AS65534-IN rule 10 match ipv6 address prefix-list 'AS65534-IN'
@ -1197,10 +1204,12 @@ Route filter can be applied using a route-map:
set policy route-map AS65534-OUT rule 10 match ip address prefix-list 'AS65534-OUT'
set policy route-map AS65534-OUT rule 10 match ipv6 address prefix-list 'AS65534-OUT'
set policy route-map AS65534-OUT rule 20 action 'permit'
set protocols bgp 65535 neighbor 2001:db8::1 address-family ipv4-unicast route-map export 'AS65534-OUT'
set protocols bgp 65535 neighbor 2001:db8::1 address-family ipv4-unicast route-map import 'AS65534-IN'
set protocols bgp 65535 neighbor 2001:db8::1 address-family ipv6-unicast route-map export 'AS65534-OUT'
set protocols bgp 65535 neighbor 2001:db8::1 address-family ipv6-unicast route-map import 'AS65534-IN'
set protocols bgp local-as 65535
set protocols bgp neighbor 2001:db8::1 address-family ipv4-unicast route-map export 'AS65534-OUT'
set protocols bgp neighbor 2001:db8::1 address-family ipv4-unicast route-map import 'AS65534-IN'
set protocols bgp neighbor 2001:db8::1 address-family ipv6-unicast route-map export 'AS65534-OUT'
set protocols bgp neighbor 2001:db8::1 address-family ipv6-unicast route-map import 'AS65534-IN'
We could expand on this and also deny link local and multicast in the rule 20
action deny.

8
docs/configuration/protocols/rpki.rst
View File

@ -30,9 +30,9 @@ in :rfc:`8210`.
If you are new to these routing security technologies then there is an
`excellent guide to RPKI`_ by NLnet Labs which will get you up to speed
very quickly. Their documentation explains everything from what RPKI is to
deploying it in production (albeit with a focus on using NLnet Labs'
tools). It also has some `help and operational guidance`_ including
"What can I do about my route having an Invalid state?"
deploying it in production. It also has some
`help and operational guidance`_ including "What can I do about my route
having an Invalid state?"
***************
Getting started
@ -197,6 +197,6 @@ Test`_ experimental tool.
.. _RPKI analytics: https://www.nlnetlabs.nl/projects/rpki/rpki-analytics/
.. _RIPE Labs RPKI Test: https://sg-pub.ripe.net/jasper/rpki-web-test/
.. _excellent guide to RPKI: https://rpki.readthedocs.io/
.. _help and operational guidance: https://rpki.readthedocs.io/en/latest/about/help.htm
.. _help and operational guidance: https://rpki.readthedocs.io/en/latest/about/help.html
.. start_vyoslinter

23
docs/configuration/service/dhcp-server.rst
View File

@ -374,6 +374,29 @@ Raw Parameters
set service dhcp-server shared-network-name dhcpexample subnet 192.0.2.0/24 static-mapping example static-mapping-parameters "option domain-name-servers 192.0.2.11, 192.0.2.12;"
set service dhcp-server shared-network-name dhcpexample subnet 192.0.2.0/24 static-mapping example static-mapping-parameters "option pxelinux.configfile &quot;pxelinux.cfg/01-00-15-17-44-2d-aa&quot;;"
Option 43 for UniFI
-------------------
* These parameters need to be part of the DHCP global options. They stay unchanged.
.. code-block:: none
set service dhcp-server global-parameters 'option space ubnt;'
set service dhcp-server global-parameters 'option ubnt.unifi-address code 1 = ip-address;'
set service dhcp-server global-parameters 'class &quot;ubnt&quot; {'
set service dhcp-server global-parameters 'match if substring (option vendor-class-identifier, 0, 4) = &quot;ubnt&quot;;'
set service dhcp-server global-parameters 'option vendor-class-identifier &quot;ubnt&quot;;'
set service dhcp-server global-parameters 'vendor-option-space ubnt;'
set service dhcp-server global-parameters '}'
* Now we add the option to the scope, adapt to your setup
.. code-block:: none
set service dhcp-server shared-network-name example-scope subnet 10.1.1.0/24 subnet-parameters 'option ubnt.unifi-address 172.16.1.10;'
Operation Mode
==============