Ethernet
Contents
Ethernet Interfaces
Ethernet Interfaces
Ethernet interfaces allow for the configuration of speed, duplex, and hw-id (MAC address). Below is an example configuration:
set interfaces ethernet eth1 address '192.168.0.1/24' set interfaces ethernet eth1 description 'INSIDE' set interfaces ethernet eth1 duplex 'auto' set interfaces ethernet eth1 speed 'auto'
Resulting in:
ethernet eth1 {
address 192.168.0.1/24
description INSIDE
duplex auto
hw-id 00:0c:29:44:3b:19
smp_affinity auto
speed auto
}
In addition, Ethernet interfaces provide the extended operational commands show interfaces ethernet <name> physical and show interfaces ethernet <name> statistics. Statistics available are driver dependent.
vyos@vyos:~$ show interfaces ethernet eth0 physical
Settings for eth0:
Supported ports: [ TP ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Supports auto-negotiation: Yes
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Advertised pause frame use: No
Advertised auto-negotiation: Yes
Speed: 1000Mb/s
Duplex: Full
Port: Twisted Pair
PHYAD: 0
Transceiver: internal
Auto-negotiation: on
MDI-X: Unknown
Supports Wake-on: d
Wake-on: d
Current message level: 0x00000007 (7)
Link detected: yes
driver: e1000
version: 7.3.21-k8-NAPI
firmware-version:
bus-info: 0000:02:01.0
vyos@vyos:~$
vyos@vyos:~$ show interfaces ethernet eth0 statistics
NIC statistics:
rx_packets: 3530
tx_packets: 2179
[...]
VLAN Sub-Interfaces (802.1Q)
802.1Q VLAN interfaces are represented as virtual sub-interfaces in VyOS. The term used for this is vif. Configuration of a tagged sub-interface is accomplished using the configuration command set interfaces ethernet <name> vif <vlan-id>.
set interfaces ethernet eth1 vif 100 description 'VLAN 100' set interfaces ethernet eth1 vif 100 address '192.168.100.1/24'
Resulting:
ethernet eth1 {
address 192.168.0.1/24
description INSIDE
duplex auto
hw-id 00:0c:29:44:3b:19
smp_affinity auto
speed auto
vif 100 {
address 192.168.100.1/24
description "VLAN 100"
}
}
VLAN interfaces are shown as <name>.<vlan-id>, e.g. eth1.100:
vyos@vyos:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
--------- ---------- --- -----------
eth0 172.16.51.129/24 u/u OUTSIDE
eth1 192.168.0.1/24 u/u INSIDE
eth1.100 192.168.100.1/24 u/u VLAN 100
lo 127.0.0.1/8 u/u
::1/128
vyos@vyos:~$
PPPoE Sub-Interfaces
This example is the typical case where the ISP router is replaced by VyOS for a Fibre access.
eth1 is the WAN interface. The ISP provides internet connectivity with PPPoE over VLAN 835.
set interfaces ethernet eth1 vif 835 pppoe 1 default-route 'auto' set interfaces ethernet eth1 vif 835 pppoe 1 mtu '1492' set interfaces ethernet eth1 vif 835 pppoe 1 name-server 'none' set interfaces ethernet eth1 vif 835 pppoe 1 password '***' set interfaces ethernet eth1 vif 835 pppoe 1 'policy' set interfaces ethernet eth1 vif 835 pppoe 1 user-id '***'
TCP MSS Clamping
Path MTU Discovery doesn't work well anymore. PPPoE has a limited MTU and you cannot rely on PMTU Discovery to prevent biggest packets to be dropped.
There is another way to set the maximum packet size, the Maximum Segment Size. This is a field in the TCP Options part of a SYN packet. by setting the MSS value, you are telling the remote side unequivocally 'do not try to send me packets bigger than this value'.
The TCP MSS Clamping policy have to be applied to the LAN interface (eth0). MSS have to be set to 1452, which is PPPoE MTU (1492) minus IP headers (40).
Define a policy pppoe-out with rule 100 resetting the tcp-mss field of incoming packets:
set policy route pppoe-out description 'PPPoE TCPMSS clamping' set policy route pppoe-out rule 100 protocol 'tcp' set policy route pppoe-out rule 100 set tcp-mss '1452' set policy route pppoe-out rule 100 tcp flags 'SYN'
Apply it to eth0:
set interfaces ethernet eth0 policy route 'pppoe-out'
