1 <!doctype birddoc system>
6 This documentation can have 4 forms: sgml (this is master copy), html,
7 ASCII text and dvi/postscript (generated from sgml using
8 sgmltools). You should always edit master copy.
10 This is a slightly modified linuxdoc dtd. Anything in <descrip> tags is considered definition of
11 configuration primitives, <cf> is fragment of configuration within normal text, <m> is
12 "meta" information within fragment of configuration - something in config which is not keyword.
16 Copyright 1999,2000 Pavel Machek <pavel@ucw.cz>, distribute under GPL version 2 or later.
22 <title>BIRD User's Guide
24 Ondrej Filip <it/<feela@network.cz>/,
25 Pavel Machek <it/<pavel@ucw.cz>/,
26 Martin Mares <it/<mj@ucw.cz>/,
27 Ondrej Zajicek <it/<santiago@crfreenet.org>/
31 This document contains user documentation for the BIRD Internet Routing Daemon project.
34 <!-- Table of contents -->
37 <!-- Begin the document -->
44 The name `BIRD' is actually an acronym standing for `BIRD Internet Routing Daemon'.
45 Let's take a closer look at the meaning of the name:
47 <p><em/BIRD/: Well, we think we have already explained that. It's an acronym standing
48 for `BIRD Internet Routing Daemon', you remember, don't you? :-)
50 <p><em/Internet Routing/: It's a program (well, a daemon, as you are going to discover in a moment)
51 which works as a dynamic router in an Internet type network (that is, in a network running either
52 the IPv4 or the IPv6 protocol). Routers are devices which forward packets between interconnected
53 networks in order to allow hosts not connected directly to the same local area network to
54 communicate with each other. They also communicate with the other routers in the Internet to discover
55 the topology of the network which allows them to find optimal (in terms of some metric) rules for
56 forwarding of packets (which are called routing tables) and to adapt themselves to the
57 changing conditions such as outages of network links, building of new connections and so on. Most of
58 these routers are costly dedicated devices running obscure firmware which is hard to configure and
59 not open to any changes (on the other hand, their special hardware design allows them to keep up with lots of high-speed network interfaces, better than general-purpose computer does). Fortunately, most operating systems of the UNIX family allow an ordinary
60 computer to act as a router and forward packets belonging to the other hosts, but only according to
61 a statically configured table.
63 <p>A <em/Routing Daemon/ is in UNIX terminology a non-interactive program running on
64 background which does the dynamic part of Internet routing, that is it communicates
65 with the other routers, calculates routing tables and sends them to the OS kernel
66 which does the actual packet forwarding. There already exist other such routing
67 daemons: routed (RIP only), GateD (non-free), Zebra<HTMLURL URL="http://www.zebra.org">
68 and MRTD<HTMLURL URL="http://sourceforge.net/projects/mrt">, but their capabilities are
69 limited and they are relatively hard to configure and maintain.
71 <p>BIRD is an Internet Routing Daemon designed to avoid all of these shortcomings,
72 to support all the routing technology used in the today's Internet or planned to be
73 used in near future and to have a clean extensible architecture allowing new routing
74 protocols to be incorporated easily. Among other features, BIRD supports:
77 <item>both IPv4 and IPv6 protocols
78 <item>multiple routing tables
79 <item>the Border Gateway Protocol (BGPv4)
80 <item>the Routing Information Protocol (RIPv2)
81 <item>the Open Shortest Path First protocol (OSPFv2, OSPFv3)
82 <item>the Router Advertisements for IPv6 hosts
83 <item>a virtual protocol for exchange of routes between different routing tables on a single host
84 <item>a command-line interface allowing on-line control and inspection
85 of status of the daemon
86 <item>soft reconfiguration (no need to use complex online commands
87 to change the configuration, just edit the configuration file
88 and notify BIRD to re-read it and it will smoothly switch itself
89 to the new configuration, not disturbing routing protocols
90 unless they are affected by the configuration changes)
91 <item>a powerful language for route filtering
94 <p>BIRD has been developed at the Faculty of Math and Physics, Charles University, Prague,
95 Czech Republic as a student project. It can be freely distributed under the terms of the GNU General
98 <p>BIRD has been designed to work on all UNIX-like systems. It has
99 been developed and tested under Linux 2.0 to 2.6, and then ported to
100 FreeBSD, NetBSD and OpenBSD, porting to other systems (even non-UNIX
101 ones) should be relatively easy due to its highly modular
104 <p>BIRD supports either IPv4 or IPv6 protocol, but have to be compiled
105 separately for each one. Therefore, a dualstack router would run two
106 instances of BIRD (one for IPv4 and one for IPv6), with completely
107 separate setups (configuration files, tools ...).
109 <sect>Installing BIRD
111 <p>On a recent UNIX system with GNU development tools (GCC, binutils, m4, make) and Perl, installing BIRD should be as easy as:
117 vi /usr/local/etc/bird.conf
121 <p>You can use <tt>./configure --help</tt> to get a list of configure
122 options. The most important ones are:
123 <tt/--enable-ipv6/ which enables building of an IPv6 version of BIRD,
124 <tt/--with-protocols=/ to produce a slightly smaller BIRD executable by configuring out routing protocols you don't use, and
125 <tt/--prefix=/ to install BIRD to a place different from.
126 <file>/usr/local</file>.
130 <p>You can pass several command-line options to bird:
133 <tag>-c <m/config name/</tag>
134 use given configuration file instead of <it/prefix/<file>/etc/bird.conf</file>.
137 enable debug messages and run bird in foreground.
139 <tag>-D <m/filename of debug log/</tag>
140 log debugging information to given file instead of stderr.
143 just parse the config file and exit. Return value is zero if the config file is valid,
144 nonzero if there are some errors.
146 <tag>-s <m/name of communication socket/</tag>
147 use given filename for a socket for communications with the client, default is <it/prefix/<file>/var/run/bird.ctl</file>.
149 <tag>-P <m/name of PID file/</tag>
150 create a PID file with given filename</file>.
152 <tag>-u <m/user/</tag>
153 drop privileges and use that user ID, see the next section for details.
155 <tag>-g <m/group/</tag>
156 use that group ID, see the next section for details.
159 run bird in foreground.
162 <p>BIRD writes messages about its work to log files or syslog (according to config).
166 <p>BIRD, as a routing daemon, uses several privileged operations (like
167 setting routing table and using raw sockets). Traditionally, BIRD is
168 executed and runs with root privileges, which may be prone to security
169 problems. The recommended way is to use a privilege restriction
170 (options <cf/-u/, <cf/-g/). In that case BIRD is executed with root
171 privileges, but it changes its user and group ID to an unprivileged
172 ones, while using Linux capabilities to retain just required
173 privileges (capabilities CAP_NET_*). Note that the control socket is
174 created before the privileges are dropped, but the config file is read
175 after that. The privilege restriction is not implemented in BSD port
178 <p>A nonprivileged user (as an argument to <cf/-u/ options) may be the
179 user <cf/nobody/, but it is suggested to use a new dedicated user
180 account (like <cf/bird/). The similar considerations apply for
181 the group option, but there is one more condition -- the users
182 in the same group can use <file/birdc/ to control BIRD.
184 <p>Finally, there is a possibility to use external tools to run BIRD in
185 an environment with restricted privileges. This may need some
186 configuration, but it is generally easy -- BIRD needs just the
187 standard library, privileges to read the config file and create the
188 control socket and the CAP_NET_* capabilities.
190 <chapt>About routing tables
192 <p>BIRD has one or more routing tables which may or may not be
193 synchronized with OS kernel and which may or may not be synchronized with
194 each other (see the Pipe protocol). Each routing table contains a list of
195 known routes. Each route consists of:
198 <item>network prefix this route is for (network address and prefix length -- the number of bits forming the network part of the address; also known as a netmask)
199 <item>preference of this route
200 <item>IP address of router which told us about this route
201 <item>IP address of router we should forward the packets to
203 <item>other attributes common to all routes
204 <item>dynamic attributes defined by protocols which may or
205 may not be present (typically protocol metrics)
208 Routing table maintains multiple entries
209 for a network, but at most one entry for one network and one
210 protocol. The entry with the highest preference is used for routing (we
211 will call such an entry the <it/selected route/). If
212 there are more entries with the same preference and they are from the same
213 protocol, the protocol decides (typically according to metrics). If they aren't,
214 an internal ordering is used to break the tie. You can
215 get the list of route attributes in the Route attributes section.
217 <p>Each protocol is connected to a routing table through two filters
218 which can accept, reject and modify the routes. An <it/export/
219 filter checks routes passed from the routing table to the protocol,
220 an <it/import/ filter checks routes in the opposite direction.
221 When the routing table gets a route from a protocol, it recalculates
222 the selected route and broadcasts it to all protocols connected to
223 the table. The protocols typically send the update to other routers
224 in the network. Note that although most protocols are interested
225 in receiving just selected routes, some protocols (e.g. the <cf/Pipe/
226 protocol) receive and process all entries in routing tables (accepted
229 <p><label id="dsc-sorted">Usually, a routing table just chooses a
230 selected route from a list of entries for one network. But if the
231 <cf/sorted/ option is activated, these lists of entries are kept
232 completely sorted (according to preference or some protocol-dependent
235 This is needed for some features of some protocols
236 (e.g. <cf/secondary/ option of BGP protocol, which allows to accept
237 not just a selected route, but the first route (in the sorted list)
238 that is accepted by filters), but it is incompatible with some other
239 features (e.g. <cf/deterministic med/ option of BGP protocol, which
240 activates a way of choosing selected route that cannot be described
241 using comparison and ordering). Minor advantage is that routes are
242 shown sorted in <cf/show route/, minor disadvantage is that it is
243 slightly more computationally expensive.
250 <p>BIRD is configured using a text configuration file. Upon startup, BIRD reads <it/prefix/<file>/etc/bird.conf</file> (unless the
251 <tt/-c/ command line option is given). Configuration may be changed at user's request: if you modify
252 the config file and then signal BIRD with <tt/SIGHUP/, it will adjust to the new
253 config. Then there's the client
254 which allows you to talk with BIRD in an extensive way.
256 <p>In the config, everything on a line after <cf/#/ or inside <cf>/*
257 */</cf> is a comment, whitespace characters are treated as a single space. If there's a variable number of options, they are grouped using
258 the <cf/{ }/ brackets. Each option is terminated by a <cf/;/. Configuration
261 <p>Here is an example of a simple config file. It enables
262 synchronization of routing tables with OS kernel, scans for
263 new network interfaces every 10 seconds and runs RIP on all network interfaces found.
268 persist; # Don't remove routes on BIRD shutdown
269 scan time 20; # Scan kernel routing table every 20 seconds
270 export all; # Default is export none
274 scan time 10; # Scan interfaces every 10 seconds
288 <tag>include "<m/filename/"</tag>
289 This statement causes inclusion of a new file. The maximal depth is set to 5.
291 <tag><label id="dsc-log">log "<m/filename/"|syslog [name <m/name/]|stderr all|{ <m/list of classes/ }</tag>
292 Set logging of messages having the given class (either <cf/all/ or <cf/{
293 error, trace }/ etc.) into selected destination (a file specified as a filename string,
294 syslog with optional name argument, or the stderr output). Classes are:
295 <cf/info/, <cf/warning/, <cf/error/ and <cf/fatal/ for messages about local problems,
296 <cf/debug/ for debugging messages,
297 <cf/trace/ when you want to know what happens in the network,
298 <cf/remote/ for messages about misbehavior of remote machines,
299 <cf/auth/ about authentication failures,
300 <cf/bug/ for internal BIRD bugs. You may specify more than one <cf/log/ line to establish logging to multiple
301 destinations. Default: log everything to the system log.
303 <tag>debug protocols all|off|{ states, routes, filters, interfaces, events, packets }</tag>
304 Set global defaults of protocol debugging options. See <cf/debug/ in the following section. Default: off.
306 <tag>debug commands <m/number/</tag>
307 Control logging of client connections (0 for no logging, 1 for
308 logging of connects and disconnects, 2 and higher for logging of
309 all client commands). Default: 0.
311 <tag>mrtdump "<m/filename/"</tag>
312 Set MRTdump file name. This option must be specified to allow MRTdump feature.
313 Default: no dump file.
315 <tag>mrtdump protocols all|off|{ states, messages }</tag>
316 Set global defaults of MRTdump options. See <cf/mrtdump/ in the following section.
319 <tag>filter <m/name local variables/{ <m/commands/ }</tag> Define a filter. You can learn more about filters
320 in the following chapter.
322 <tag>function <m/name/ (<m/parameters/) <m/local variables/ { <m/commands/ }</tag> Define a function. You can learn more
323 about functions in the following chapter.
325 <tag>protocol rip|ospf|bgp|... [<m/name/ [from <m/name2/]] { <m>protocol options</m> }</tag>
326 Define a protocol instance called <cf><m/name/</cf> (or with a name like "rip5" generated
327 automatically if you don't specify any <cf><m/name/</cf>). You can learn more about
328 configuring protocols in their own chapters. When <cf>from <m/name2/</cf> expression is
329 used, initial protocol options are taken from protocol or template <cf><m/name2/</cf>
330 You can run more than one instance of most protocols (like RIP or BGP). By default, no
331 instances are configured.
333 <tag>template rip|bgp|... [<m/name/ [from <m/name2/]] { <m>protocol options</m> }</tag>
334 Define a protocol template instance called <cf><m/name/</cf> (or with a name like "bgp1"
335 generated automatically if you don't specify any <cf><m/name/</cf>). Protocol templates can
336 be used to group common options when many similarly configured protocol instances are to be
337 defined. Protocol instances (and other templates) can use templates by using <cf/from/
338 expression and the name of the template. At the moment templates (and <cf/from/ expression)
339 are not implemented for OSPF protocol.
341 <tag>define <m/constant/ = <m/expression/</tag>
342 Define a constant. You can use it later in every place you could use a value of the same type.
343 Besides, there are some predefined numeric constants based on /etc/iproute2/rt_* files.
344 A list of defined constants can be seen (together with other symbols) using 'show symbols' command.
346 <tag>router id <m/IPv4 address/</tag>
347 Set BIRD's router ID. It's a world-wide unique identification
348 of your router, usually one of router's IPv4 addresses.
349 Default: in IPv4 version, the lowest IP address of a
350 non-loopback interface. In IPv6 version, this option is
353 <tag>router id from [-] [ "<m/mask/" ] [ <m/prefix/ ] [, ...]</tag>
354 Set BIRD's router ID based on an IP address of an interface
355 specified by an interface pattern. The option is applicable
356 for IPv4 version only. See <ref id="dsc-iface" name="interface">
357 section for detailed description of interface patterns.
359 <tag>listen bgp [address <m/address/] [port <m/port/] [dual]</tag>
360 This option allows to specify address and port where BGP
361 protocol should listen. It is global option as listening
362 socket is common to all BGP instances. Default is to listen on
363 all addresses (0.0.0.0) and port 179. In IPv6 mode, option
364 <cf/dual/ can be used to specify that BGP socket should accept
365 both IPv4 and IPv6 connections (but even in that case, BIRD
366 would accept IPv6 routes only). Such behavior was default in
367 older versions of BIRD.
369 <tag>timeformat route|protocol|base|log "<m/format1/" [<m/limit/ "<m/format2/"]</tag>
370 This option allows to specify a format of date/time used by
371 BIRD. The first argument specifies for which purpose such
372 format is used. <cf/route/ is a format used in 'show route'
373 command output, <cf/protocol/ is used in 'show protocols'
374 command output, <cf/base/ is used for other commands and
375 <cf/log/ is used in a log file.
377 "<m/format1/" is a format string using <it/strftime(3)/
378 notation (see <it/man strftime/ for details). <m/limit> and
379 "<m/format2/" allow to specify the second format string for
380 times in past deeper than <m/limit/ seconds. There are two
381 shorthands: <cf/iso long/ is a ISO 8601 date/time format
382 (YYYY-MM-DD hh:mm:ss) that can be also specified using <cf/"%F
383 %T"/. <cf/iso short/ is a variant of ISO 8601 that uses just
384 the time format (hh:mm:ss) for near times (up to 20 hours in
385 the past) and the date format (YYYY-MM-DD) for far times. This
386 is a shorthand for <cf/"%T" 72000 "%F"/.
388 By default, BIRD uses an short, ad-hoc format for <cf/route/
389 and <cf/protocol/ times, and a <cf/iso long/ similar format
390 (DD-MM-YYYY hh:mm:ss) for <cf/base/ and <cf/log/. These
391 defaults are here for a compatibility with older versions
392 and might change in the future.
394 <tag>table <m/name/ [sorted]</tag>
395 Create a new routing table. The default routing table is
396 created implicitly, other routing tables have to be added by
397 this command. Option <cf/sorted/ can be used to enable
398 sorting of routes, see <ref id="dsc-sorted" name="sorted table">
399 description for details.
401 <tag>roa table <m/name/ [ { roa table options ... } ]</tag>
402 Create a new ROA (Route Origin Authorization) table. ROA
403 tables can be used to validate route origination of BGP
404 routes. A ROA table contains ROA entries, each consist of a
405 network prefix, a max prefix length and an AS number. A ROA
406 entry specifies prefixes which could be originated by that AS
407 number. ROA tables could be filled with data from RPKI (RFC
408 6480) or from public databases like Whois. ROA tables are
409 examined by <cf/roa_check()/ operator in filters.
411 Currently, there is just one option,
412 <cf>roa <m/prefix/ max <m/num/ as <m/num/</cf>, which
413 can be used to populate the ROA table with static ROA
414 entries. The option may be used multiple times. Other entries
415 can be added dynamically by <cf/add roa/ command.
417 <tag>eval <m/expr/</tag>
418 Evaluates given filter expression. It is used by us for testing of filters.
421 <sect>Protocol options
423 <p>For each protocol instance, you can configure a bunch of options.
424 Some of them (those described in this section) are generic, some are
425 specific to the protocol (see sections talking about the protocols).
427 <p>Several options use a <cf><m/switch/</cf> argument. It can be either
428 <cf/on/, <cf/yes/ or a numeric expression with a non-zero value for the
429 option to be enabled or <cf/off/, <cf/no/ or a numeric expression evaluating
430 to zero to disable it. An empty <cf><m/switch/</cf> is equivalent to <cf/on/
431 ("silence means agreement").
434 <tag>preference <m/expr/</tag> Sets the preference of routes generated by this protocol. Default: protocol dependent.
436 <tag>disabled <m/switch/</tag> Disables the protocol. You can change the disable/enable status from the command
437 line interface without needing to touch the configuration. Disabled protocols are not activated. Default: protocol is enabled.
439 <tag>debug all|off|{ states, routes, filters, interfaces, events, packets }</tag>
440 Set protocol debugging options. If asked, each protocol is capable of
441 writing trace messages about its work to the log (with category
442 <cf/trace/). You can either request printing of <cf/all/ trace messages
443 or only of the types selected: <cf/states/ for protocol state changes
444 (protocol going up, down, starting, stopping etc.),
445 <cf/routes/ for routes exchanged with the routing table,
446 <cf/filters/ for details on route filtering,
447 <cf/interfaces/ for interface change events sent to the protocol,
448 <cf/events/ for events internal to the protocol and
449 <cf/packets/ for packets sent and received by the protocol. Default: off.
451 <tag>mrtdump all|off|{ states, messages }</tag>
452 Set protocol MRTdump flags. MRTdump is a standard binary
453 format for logging information from routing protocols and
454 daemons. These flags control what kind of information is
455 logged from the protocol to the MRTdump file (which must be
456 specified by global <cf/mrtdump/ option, see the previous
457 section). Although these flags are similar to flags of
458 <cf/debug/ option, their meaning is different and
459 protocol-specific. For BGP protocol, <cf/states/ logs BGP
460 state changes and <cf/messages/ logs received BGP messages.
461 Other protocols does not support MRTdump yet.
463 <tag>router id <m/IPv4 address/</tag>
464 This option can be used to override global router id for a
465 given protocol. Default: uses global router id.
467 <tag>import all | none | filter <m/name/ | filter { <m/filter commands/ } | where <m/filter expression/</tag>
468 Specify a filter to be used for filtering routes coming from
469 the protocol to the routing table. <cf/all/ is shorthand for
470 <cf/where true/ and <cf/none/ is shorthand for
471 <cf/where false/. Default: <cf/all/.
473 <tag>export <m/filter/</tag>
474 This is similar to the <cf>import</cf> keyword, except that it
475 works in the direction from the routing table to the protocol.
478 <tag>import keep filtered <m/switch/</tag>
479 Usually, if an import filter rejects a route, the route is
480 forgotten. When this option is active, these routes are
481 kept in the routing table, but they are hidden and not
482 propagated to other protocols. But it is possible to show them
483 using <cf/show route filtered/. Note that this option does not
484 work for the pipe protocol. Default: off.
486 <tag><label id="import-limit">import limit [<m/number/ | off ] [action warn | block | restart | disable]</tag>
487 Specify an import route limit (a maximum number of routes
488 imported from the protocol) and optionally the action to be
489 taken when the limit is hit. Warn action just prints warning
490 log message. Block action discards new routes coming from the
491 protocol. Restart and disable actions shut the protocol down
492 like appropriate commands. Disable is the default action if an
493 action is not explicitly specified. Note that limits are reset
494 during protocol reconfigure, reload or restart. Default: <cf/off/.
496 <tag>receive limit [<m/number/ | off ] [action warn | block | restart | disable]</tag>
497 Specify an receive route limit (a maximum number of routes
498 received from the protocol and remembered). It works almost
499 identically to <cf>import limit</cf> option, the only
500 difference is that if <cf/import keep filtered/ option is
501 active, filtered routes are counted towards the limit and
502 blocked routes are forgotten, as the main purpose of the
503 receive limit is to protect routing tables from
504 overflow. Import limit, on the contrary, counts accepted
505 routes only and routes blocked by the limit are handled like
506 filtered routes. Default: <cf/off/.
508 <tag>export limit [ <m/number/ | off ] [action warn | block | restart | disable]</tag>
509 Specify an export route limit, works similarly to
510 the <cf>import limit</cf> option, but for the routes exported
511 to the protocol. This option is experimental, there are some
512 problems in details of its behavior -- the number of exported
513 routes can temporarily exceed the limit without triggering it
514 during protocol reload, exported routes counter ignores route
515 blocking and block action also blocks route updates of already
516 accepted routes -- and these details will probably change in
517 the future. Default: <cf/off/.
519 <tag>description "<m/text/"</tag>
520 This is an optional description of the protocol. It is
521 displayed as a part of the output of 'show route all' command.
523 <tag>table <m/name/</tag>
524 Connect this protocol to a non-default routing table.
527 <p>There are several options that give sense only with certain protocols:
530 <tag><label id="dsc-iface">interface [-] [ "<m/mask/" ] [ <m/prefix/ ] [, ...] [ { <m/option/ ; [...] } ]</tag>
532 Specifies a set of interfaces on which the protocol is activated with
533 given interface-specific options. A set of interfaces specified by one
534 interface option is described using an interface pattern. The
535 interface pattern consists of a sequence of clauses (separated by
536 commas), each clause may contain a mask, a prefix, or both of them. An
537 interface matches the clause if its name matches the mask (if
538 specified) and its address matches the prefix (if specified). Mask is
539 specified as shell-like pattern. For IPv6, the prefix part of a clause
540 is generally ignored and interfaces are matched just by their name.
542 An interface matches the pattern if it matches any of its
543 clauses. If the clause begins with <cf/-/, matching interfaces are
544 excluded. Patterns are parsed left-to-right, thus
545 <cf/interface "eth0", -"eth*", "*";/ means eth0 and all
548 An interface option can be used more times with different
549 interfaces-specific options, in that case for given interface
550 the first matching interface option is used.
552 This option is allowed in Direct, OSPF, RIP and RAdv protocols,
553 but in OSPF protocol it is used in <cf/area/ subsection.
559 <cf>interface "*" { type broadcast; };</cf> - start the protocol on all interfaces with
560 <cf>type broadcast</cf> option.
562 <cf>interface "eth1", "eth4", "eth5" { type ptp; };</cf> - start the protocol
563 on enumerated interfaces with <cf>type ptp</cf> option.
565 <cf>interface -192.168.1.0/24, 192.168.0.0/16;</cf> - start the protocol on all
566 interfaces that have address from 192.168.0.0/16, but not
569 <cf>interface -192.168.1.0/24, 192.168.0.0/16;</cf> - start the protocol on all
570 interfaces that have address from 192.168.0.0/16, but not
573 <cf>interface "eth*" 192.168.1.0/24;</cf> - start the protocol on all
574 ethernet interfaces that have address from 192.168.1.0/24.
576 <tag><label id="dsc-prio">tx class|dscp <m/num/</tag>
577 This option specifies the value of ToS/DS/Class field in IP
578 headers of the outgoing protocol packets. This may affect how the
579 protocol packets are processed by the network relative to the
580 other network traffic. With <cf/class/ keyword, the value
581 (0-255) is used for the whole ToS/Class octet (but two bits
582 reserved for ECN are ignored). With <cf/dscp/ keyword, the
583 value (0-63) is used just for the DS field in the
584 octet. Default value is 0xc0 (DSCP 0x30 - CS6).
586 <tag>tx priority <m/num/</tag>
587 This option specifies the local packet priority. This may
588 affect how the protocol packets are processed in the local TX
589 queues. This option is Linux specific. Default value is 7
590 (highest priority, privileged traffic).
592 <tag><label id="dsc-pass">password "<m/password/" [ { id <m/num/; generate from <m/time/; generate to <m/time/; accept from <m/time/; accept to <m/time/; } ]</tag>
593 Specifies a password that can be used by the protocol. Password option can
594 be used more times to specify more passwords. If more passwords are
595 specified, it is a protocol-dependent decision which one is really
596 used. Specifying passwords does not mean that authentication is
597 enabled, authentication can be enabled by separate, protocol-dependent
598 <cf/authentication/ option.
600 This option is allowed in OSPF and RIP protocols. BGP has also
601 <cf/password/ option, but it is slightly different and described
607 <p>Password option can contain section with some (not necessary all) password sub-options:
610 <tag>id <M>num</M></tag>
611 ID of the password, (0-255). If it's not used, BIRD will choose
612 ID based on an order of the password item in the interface. For
613 example, second password item in one interface will have default
614 ID 2. ID is used by some routing protocols to identify which
615 password was used to authenticate protocol packets.
617 <tag>generate from "<m/time/"</tag>
618 The start time of the usage of the password for packet signing.
619 The format of <cf><m/time/</cf> is <tt>dd-mm-yyyy HH:MM:SS</tt>.
621 <tag>generate to "<m/time/"</tag>
622 The last time of the usage of the password for packet signing.
624 <tag>accept from "<m/time/"</tag>
625 The start time of the usage of the password for packet verification.
627 <tag>accept to "<m/time/"</tag>
628 The last time of the usage of the password for packet verification.
631 <chapt>Remote control
633 <p>You can use the command-line client <file>birdc</file> to talk with
634 a running BIRD. Communication is done using a <file/bird.ctl/ UNIX
635 domain socket (unless changed with the <tt/-s/ option given to both
636 the server and the client). The commands can perform simple actions
637 such as enabling/disabling of protocols, telling BIRD to show various
638 information, telling it to show routing table filtered by filter, or
639 asking BIRD to reconfigure. Press <tt/?/ at any time to get online
640 help. Option <tt/-r/ can be used to enable a restricted mode of BIRD
641 client, which allows just read-only commands (<cf/show .../). Option
642 <tt/-v/ can be passed to the client, to make it dump numeric return
643 codes along with the messages. You do not necessarily need to use
644 <file/birdc/ to talk to BIRD, your own applications could do that, too
645 -- the format of communication between BIRD and <file/birdc/ is stable
646 (see the programmer's documentation).
648 <p>There is also lightweight variant of BIRD client called
649 <file/birdcl/, which does not support command line editing and history
650 and has minimal dependencies. This is useful for running BIRD in
651 resource constrained environments, where Readline library (required
652 for regular BIRD client) is not available.
654 <p>Many commands have the <m/name/ of the protocol instance as an argument.
655 This argument can be omitted if there exists only a single instance.
657 <p>Here is a brief list of supported functions:
660 <tag>show status</tag>
661 Show router status, that is BIRD version, uptime and time from last reconfiguration.
663 <tag>show protocols [all]</tag>
664 Show list of protocol instances along with tables they are connected to and protocol status, possibly giving verbose information, if <cf/all/ is specified.
666 <tag>show ospf interface [<m/name/] ["<m/interface/"]</tag>
667 Show detailed information about OSPF interfaces.
669 <tag>show ospf neighbors [<m/name/] ["<m/interface/"]</tag>
670 Show a list of OSPF neighbors and a state of adjacency to them.
672 <tag>show ospf state [all] [<m/name/]</tag>
673 Show detailed information about OSPF areas based on a content
674 of the link-state database. It shows network topology, stub
675 networks, aggregated networks and routers from other areas and
676 external routes. The command shows information about reachable
677 network nodes, use option <cf/all/ to show information about
678 all network nodes in the link-state database.
680 <tag>show ospf topology [all] [<m/name/]</tag>
681 Show a topology of OSPF areas based on a content of the
682 link-state database. It is just a stripped-down version of
685 <tag>show ospf lsadb [global | area <m/id/ | link] [type <m/num/] [lsid <m/id/] [self | router <m/id/] [<m/name/] </tag>
686 Show contents of an OSPF LSA database. Options could be used to filter entries.
688 <tag>show static [<m/name/]</tag>
689 Show detailed information about static routes.
691 <tag>show interfaces [summary]</tag>
692 Show the list of interfaces. For each interface, print its type, state, MTU and addresses assigned.
694 <tag>show symbols [table|filter|function|protocol|template|roa|<m/symbol/]</tag>
695 Show the list of symbols defined in the configuration (names of protocols, routing tables etc.).
697 <tag>show route [[for] <m/prefix/|<m/IP/] [table <m/sym/] [filter <m/f/|where <m/c/] [(export|preexport) <m/p/] [protocol <m/p/] [<m/options/]</tag>
698 Show contents of a routing table (by default of the main one or
699 the table attached to a respective protocol),
700 that is routes, their metrics and (in case the <cf/all/ switch is given)
701 all their attributes.
703 <p>You can specify a <m/prefix/ if you want to print routes for a
704 specific network. If you use <cf>for <m/prefix or IP/</cf>, you'll get
705 the entry which will be used for forwarding of packets to the given
706 destination. By default, all routes for each network are printed with
707 the selected one at the top, unless <cf/primary/ is given in which case
708 only the selected route is shown.
710 <p>You can also ask for printing only routes processed and accepted by
711 a given filter (<cf>filter <m/name/</cf> or <cf>filter { <m/filter/ }
712 </cf> or matching a given condition (<cf>where <m/condition/</cf>).
713 The <cf/export/ and <cf/preexport/ switches ask for printing of entries
714 that are exported to the specified protocol. With <cf/preexport/, the
715 export filter of the protocol is skipped.
717 <p>You can also select just routes added by a specific protocol.
718 <cf>protocol <m/p/</cf>.
720 <p>If BIRD is configured to keep filtered routes (see <cf/import keep filtered/
721 option), you can show them instead of routes by using <cf/filtered/ switch.
723 <p>The <cf/stats/ switch requests showing of route statistics (the
724 number of networks, number of routes before and after filtering). If
725 you use <cf/count/ instead, only the statistics will be printed.
727 <tag>show roa [<m/prefix/ | in <m/prefix/ | for <m/prefix/] [as <m/num/] [table <m/t/>]</tag>
728 Show contents of a ROA table (by default of the first one).
729 You can specify a <m/prefix/ to print ROA entries for a
730 specific network. If you use <cf>for <m/prefix/</cf>, you'll
731 get all entries relevant for route validation of the network
732 prefix; i.e., ROA entries whose prefixes cover the network
733 prefix. Or you can use <cf>in <m/prefix/</cf> to get ROA entries
734 covered by the network prefix. You could also use <cf/as/ option
735 to show just entries for given AS.
737 <tag>add roa <m/prefix/ max <m/num/] as <m/num/ [table <m/t/>]</tag>
738 Add a new ROA entry to a ROA table. Such entry is called
739 <it/dynamic/ compared to <it/static/ entries specified in the
740 config file. These dynamic entries survive reconfiguration.
742 <tag>delete roa <m/prefix/ max <m/num/] as <m/num/ [table <m/t/>]</tag>
743 Delete the specified ROA entry from a ROA table. Only dynamic
744 ROA entries (i.e., the ones added by <cf/add roa/ command) can
747 <tag>flush roa [table <m/t/>]</tag>
748 Remove all dynamic ROA entries from a ROA table.
750 <tag>configure [soft] ["<m/config file/"] [timeout [<m/num/]]</tag>
751 Reload configuration from a given file. BIRD will smoothly
752 switch itself to the new configuration, protocols are
753 reconfigured if possible, restarted otherwise. Changes in
754 filters usually lead to restart of affected protocols.
756 If <cf/soft/ option is used, changes in filters does not cause
757 BIRD to restart affected protocols, therefore already accepted
758 routes (according to old filters) would be still propagated,
759 but new routes would be processed according to the new
762 If <cf/timeout/ option is used, config timer is activated. The
763 new configuration could be either confirmed using
764 <cf/configure confirm/ command, or it will be reverted to the
765 old one when the config timer expires. This is useful for cases
766 when reconfiguration breaks current routing and a router becames
767 inaccessible for an administrator. The config timeout expiration is
768 equivalent to <cf/configure undo/ command. The timeout duration
769 could be specified, default is 300 s.
771 <tag>configure confirm</tag>
772 Deactivate the config undo timer and therefore confirm the current
775 <tag>configure undo</tag>
776 Undo the last configuration change and smoothly switch back to
777 the previous (stored) configuration. If the last configuration
778 change was soft, the undo change is also soft. There is only
779 one level of undo, but in some specific cases when several
780 reconfiguration requests are given immediately in a row and
781 the intermediate ones are skipped then the undo also skips them back.
783 <tag>configure check ["<m/config file/"]</tag>
784 Read and parse given config file, but do not use it. useful
785 for checking syntactic and some semantic validity of an config
788 <tag>enable|disable|restart <m/name/|"<m/pattern/"|all</tag>
789 Enable, disable or restart a given protocol instance,
790 instances matching the <cf><m/pattern/</cf> or
793 <tag>reload [in|out] <m/name/|"<m/pattern/"|all</tag>
795 Reload a given protocol instance, that means re-import routes
796 from the protocol instance and re-export preferred routes to
797 the instance. If <cf/in/ or <cf/out/ options are used, the
798 command is restricted to one direction (re-import or
801 This command is useful if appropriate filters have changed but
802 the protocol instance was not restarted (or reloaded),
803 therefore it still propagates the old set of routes. For example
804 when <cf/configure soft/ command was used to change filters.
806 Re-export always succeeds, but re-import is protocol-dependent
807 and might fail (for example, if BGP neighbor does not support
808 route-refresh extension). In that case, re-export is also
809 skipped. Note that for the pipe protocol, both directions are
810 always reloaded together (<cf/in/ or <cf/out/ options are
811 ignored in that case).
816 <tag>debug <m/protocol/|<m/pattern/|all all|off|{ states | routes | filters | events | packets }</tag>
817 Control protocol debugging.
819 <tag>dump resources|sockets|interfaces|neighbors|attributes|routes|protocols</tag>
820 Dump contents of internal data structures to the debugging output.
822 <tag>echo all|off|{ <m/list of log classes/ } [ <m/buffer-size/ ]</tag>
823 Control echoing of log messages to the command-line output.
824 See <ref id="dsc-log" name="log option"> for a list of log classes.
826 <tag>eval <m/expr/</tag>
827 Evaluate given expression.
835 <p>BIRD contains a simple programming language. (No, it can't yet read mail :-). There are
836 two objects in this language: filters and functions. Filters are interpreted by BIRD core when a route is
837 being passed between protocols and routing tables. The filter language contains control structures such
838 as if's and switches, but it allows no loops. An example of a filter using many features can be found in <file>filter/test.conf</file>.
840 <p>Filter gets the route, looks at its attributes and
841 modifies some of them if it wishes. At the end, it decides whether to
842 pass the changed route through (using <cf/accept/) or whether to <cf/reject/ it. A simple filter looks
849 if defined( rip_metric ) then
855 if rip_metric > 10 then
856 reject "RIP metric is too big";
862 <p>As you can see, a filter has a header, a list of local variables, and a body. The header consists of
863 the <cf/filter/ keyword followed by a (unique) name of filter. The list of local variables consists of
864 <cf><M>type name</M>;</cf> pairs where each pair defines one local variable. The body consists of
865 <cf> { <M>statements</M> }</cf>. Each <m/statement/ is terminated by a <cf/;/. You can group
866 several statements to a single compound statement by using braces (<cf>{ <M>statements</M> }</cf>) which is useful if
867 you want to make a bigger block of code conditional.
869 <p>BIRD supports functions, so that you don't have to repeat the same blocks of code over and
870 over. Functions can have zero or more parameters and they can have local variables. Recursion is not allowed. Function definitions
880 function with_parameters (int parameter)
886 <p>Unlike in C, variables are declared after the <cf/function/ line, but before the first <cf/{/. You can't declare
887 variables in nested blocks. Functions are called like in C: <cf>name();
888 with_parameters(5);</cf>. Function may return values using the <cf>return <m/[expr]/</cf>
889 command. Returning a value exits from current function (this is similar to C).
891 <p>Filters are declared in a way similar to functions except they can't have explicit
892 parameters. They get a route table entry as an implicit parameter, it is also passed automatically
893 to any functions called. The filter must terminate with either
894 <cf/accept/ or <cf/reject/ statement. If there's a runtime error in filter, the route
897 <p>A nice trick to debug filters is to use <cf>show route filter
898 <m/name/</cf> from the command line client. An example session might look
902 pavel@bug:~/bird$ ./birdc -s bird.ctl
905 10.0.0.0/8 dev eth0 [direct1 23:21] (240)
906 195.113.30.2/32 dev tunl1 [direct1 23:21] (240)
907 127.0.0.0/8 dev lo [direct1 23:21] (240)
909 show route [<prefix>] [table <t>] [filter <f>] [all] [primary]...
910 bird> show route filter { if 127.0.0.5 ˜ net then accept; }
911 127.0.0.0/8 dev lo [direct1 23:21] (240)
917 <p>Each variable and each value has certain type. Booleans, integers and enums are
918 incompatible with each other (that is to prevent you from shooting in the foot).
921 <tag/bool/ This is a boolean type, it can have only two values,
922 <cf/true/ and <cf/false/. Boolean is the only type you can use in
925 <tag/int/ This is a general integer type, you can expect it to store
926 signed values from -2000000000 to +2000000000. Overflows are not
927 checked. You can use <cf/0x1234/ syntax to write hexadecimal values.
929 <tag/pair/ This is a pair of two short integers. Each component can have
930 values from 0 to 65535. Literals of this type are written as
931 <cf/(1234,5678)/. The same syntax can also be used to construct a pair
932 from two arbitrary integer expressions (for example <cf/(1+2,a)/).
934 <tag/quad/ This is a dotted quad of numbers used to represent router IDs
935 (and others). Each component can have a value from 0 to 255. Literals
936 of this type are written like IPv4 addresses.
938 <tag/string/ This is a string of characters. There are no ways to modify
939 strings in filters. You can pass them between functions, assign them
940 to variables of type <cf/string/, print such variables, use standard
941 string comparison operations (e.g. <cf/=, !=, <, >, <=,
942 >=/), but you can't concatenate two strings. String literals are
943 written as <cf/"This is a string constant"/. Additionaly matching
944 <cf/˜/ operator could be used to match a string value against a
945 shell pattern (represented also as a string).
947 <tag/ip/ This type can hold a single IP address. Depending on the
948 compile-time configuration of BIRD you are using, it is either an IPv4
949 or IPv6 address. IP addresses are written in the standard notation
950 (<cf/10.20.30.40/ or <cf/fec0:3:4::1/). You can apply special
951 operator <cf>.mask(<M>num</M>)</cf> on values of type ip. It masks out
952 all but first <cf><M>num</M></cf> bits from the IP address. So
953 <cf/1.2.3.4.mask(8) = 1.0.0.0/ is true.
955 <tag/prefix/ This type can hold a network prefix consisting of IP
956 address and prefix length. Prefix literals are written
957 as <cf><M>ipaddress</M>/<M>pxlen</M></cf>, or
958 <cf><m>ipaddress</m>/<m>netmask</m></cf>. There are two special
959 operators on prefixes: <cf/.ip/ which extracts the IP address from the
960 pair, and <cf/.len/, which separates prefix length from the
961 pair. So <cf>1.2.0.0/16.pxlen = 16</cf> is true.
963 <tag/ec/ This is a specialized type used to represent BGP extended
964 community values. It is essentially a 64bit value, literals of this
965 type are usually written as <cf>(<m/kind/, <m/key/, <m/value/)</cf>,
966 where <cf/kind/ is a kind of extended community (e.g. <cf/rt/ /
967 <cf/ro/ for a route target / route origin communities), the format and
968 possible values of <cf/key/ and <cf/value/ are usually integers, but
969 it depends on the used kind. Similarly to pairs, ECs can be
970 constructed using expressions for <cf/key/ and <cf/value/ parts,
971 (e.g. <cf/(ro, myas, 3*10)/, where <cf/myas/ is an integer variable).
973 <tag/int|pair|quad|ip|prefix|ec|enum set/ Filters recognize four types
974 of sets. Sets are similar to strings: you can pass them around but you
975 can't modify them. Literals of type <cf>int set</cf> look like <cf> [
976 1, 2, 5..7 ]</cf>. As you can see, both simple values and ranges are
979 For pair sets, expressions like <cf/(123,*)/ can be used to denote ranges (in
980 that case <cf/(123,0)..(123,65535)/). You can also use <cf/(123,5..100)/ for range
981 <cf/(123,5)..(123,100)/. You can also use <cf/*/ and <cf/a..b/ expressions
982 in the first part of a pair, note that such expressions are translated to a set
983 of intervals, which may be memory intensive. E.g. <cf/(*,4..20)/ is translated to
984 <cf/(0,4..20), (1,4..20), (2,4..20), ... (65535, 4..20)/.
986 EC sets use similar expressions like pair sets, e.g. <cf/(rt, 123, 10..20)/
987 or <cf/(ro, 123, *)/. Expressions requiring the translation (like <cf/(rt, *, 3)/)
988 are not allowed (as they usually have 4B range for ASNs).
990 You can also use expressions for int, pair and EC set values. However it must
991 be possible to evaluate these expressions before daemon boots. So you can use
992 only constants inside them. E.g.
1000 odds = [ one, 2+1, 6-one, 2*2*2-1, 9, 11 ];
1001 ps = [ (1,one+one), (3,4)..(4,8), (5,*), (6,3..6), (7..9,*) ];
1002 es = [ (rt, myas, 3*10), (rt, myas+one, 0..16*16*16-1), (ro, myas+2, *) ];
1005 Sets of prefixes are special: their literals does not allow ranges, but allows
1006 prefix patterns that are written as <cf><M>ipaddress</M>/<M>pxlen</M>{<M>low</M>,<M>high</M>}</cf>.
1007 Prefix <cf><m>ip1</m>/<m>len1</m></cf> matches prefix pattern <cf><m>ip2</m>/<m>len2</m>{<m>l</m>,<m>h</m>}</cf> if
1008 the first <cf>min(len1, len2)</cf> bits of <cf/ip1/ and <cf/ip2/ are identical and <cf>len1 <= ip1 <= len2</cf>.
1009 A valid prefix pattern has to satisfy <cf>low <= high</cf>, but <cf/pxlen/ is not constrained by <cf/low/
1010 or <cf/high/. Obviously, a prefix matches a prefix set literal if it matches any prefix pattern in the
1013 There are also two shorthands for prefix patterns: <cf><m>address</m>/<m/len/+</cf> is a shorthand for
1014 <cf><m>address</m>/<m/len/{<m/len/,<m/maxlen/}</cf> (where <cf><m>maxlen</m></cf> is 32 for IPv4 and 128 for IPv6),
1015 that means network prefix <cf><m>address</m>/<m/len/</cf> and all its subnets. <cf><m>address</m>/<m/len/-</cf>
1016 is a shorthand for <cf><m>address</m>/<m/len/{0,<m/len/}</cf>, that means network prefix <cf><m>address</m>/<m/len/</cf>
1017 and all its supernets (network prefixes that contain it).
1019 For example, <cf>[ 1.0.0.0/8, 2.0.0.0/8+, 3.0.0.0/8-, 4.0.0.0/8{16,24} ]</cf> matches
1020 prefix <cf>1.0.0.0/8</cf>, all subprefixes of <cf>2.0.0.0/8</cf>, all superprefixes of <cf>3.0.0.0/8</cf> and prefixes
1021 <cf/4.X.X.X/ whose prefix length is 16 to 24. <cf>[ 0.0.0.0/0{20,24} ]</cf> matches all prefixes (regardless of
1022 IP address) whose prefix length is 20 to 24, <cf>[ 1.2.3.4/32- ]</cf> matches any prefix that contains IP address
1023 <cf>1.2.3.4</cf>. <cf>1.2.0.0/16 ˜ [ 1.0.0.0/8{15,17} ]</cf> is true,
1024 but <cf>1.0.0.0/16 ˜ [ 1.0.0.0/8- ]</cf> is false.
1026 Cisco-style patterns like <cf>10.0.0.0/8 ge 16 le 24</cf> can be expressed
1027 in BIRD as <cf>10.0.0.0/8{16,24}</cf>, <cf>192.168.0.0/16 le 24</cf> as
1028 <cf>192.168.0.0/16{16,24}</cf> and <cf>192.168.0.0/16 ge 24</cf> as
1029 <cf>192.168.0.0/16{24,32}</cf>.
1032 Enumeration types are fixed sets of possibilities. You can't define your own
1033 variables of such type, but some route attributes are of enumeration
1034 type. Enumeration types are incompatible with each other.
1037 BGP path is a list of autonomous system numbers. You can't write literals of this type.
1038 There are several special operators on bgppaths:
1040 <cf><m/P/.first</cf> returns the first ASN (the neighbor ASN) in path <m/P/.
1042 <cf><m/P/.last</cf> returns the last ASN (the source ASN) in path <m/P/.
1044 Both <cf/first/ and <cf/last/ return zero if there is no appropriate ASN,
1045 for example if the path contains an AS set element as the first (or the last) part.
1047 <cf><m/P/.len</cf> returns the length of path <m/P/.
1049 <cf>prepend(<m/P/,<m/A/)</cf> prepends ASN <m/A/ to path
1050 <m/P/ and returns the result.
1052 <cf>delete(<m/P/,<m/A/)</cf> deletes all instances of ASN
1053 <m/A/ from from path <m/P/ and returns the result.
1054 <m/A/ may also be an integer set, in that case the
1055 operator deletes all ASNs from path <m/P/ that are also
1056 members of set <m/A/.
1058 <cf>filter(<m/P/,<m/A/)</cf> deletes all ASNs from path
1059 <m/P/ that are not members of integer set <m/A/.
1060 I.e., <cf/filter/ do the same as <cf/delete/ with inverted
1063 Statement <cf><m/P/ = prepend(<m/P/, <m/A/);</cf> can be shortened to
1064 <cf><m/P/.prepend(<m/A/);</cf> if <m/P/ is appropriate route attribute
1065 (for example <cf/bgp_path/). Similarly for <cf/delete/ and <cf/filter/.
1068 BGP masks are patterns used for BGP path matching
1069 (using <cf>path ˜ [= 2 3 5 * =]</cf> syntax). The masks
1070 resemble wildcard patterns as used by UNIX shells. Autonomous
1071 system numbers match themselves, <cf/*/ matches any (even empty)
1072 sequence of arbitrary AS numbers and <cf/?/ matches one arbitrary AS number.
1073 For example, if <cf>bgp_path</cf> is 4 3 2 1, then:
1074 <tt>bgp_path ˜ [= * 4 3 * =]</tt> is true, but
1075 <tt>bgp_path ˜ [= * 4 5 * =]</tt> is false.
1076 BGP mask expressions can also contain integer expressions enclosed in parenthesis
1077 and integer variables, for example <tt>[= * 4 (1+2) a =]</tt>.
1078 There is also old syntax that uses / .. / instead of [= .. =] and ? instead of *.
1081 Clist is similar to a set, except that unlike other sets, it
1082 can be modified. The type is used for community list (a set
1083 of pairs) and for cluster list (a set of quads). There exist
1084 no literals of this type. There are three special operators on
1087 <cf><m/C/.len</cf> returns the length of clist <m/C/.
1089 <cf>add(<m/C/,<m/P/)</cf> adds pair (or quad) <m/P/ to clist
1090 <m/C/ and returns the result. If item <m/P/ is already in
1091 clist <m/C/, it does nothing. <m/P/ may also be a clist,
1092 in that case all its members are added; i.e., it works as clist union.
1094 <cf>delete(<m/C/,<m/P/)</cf> deletes pair (or quad)
1095 <m/P/ from clist <m/C/ and returns the result. If clist
1096 <m/C/ does not contain item <m/P/, it does nothing.
1097 <m/P/ may also be a pair (or quad) set, in that case the
1098 operator deletes all items from clist <m/C/ that are also
1099 members of set <m/P/. Moreover, <m/P/ may also be a clist,
1100 which works analogously; i.e., it works as clist difference.
1102 <cf>filter(<m/C/,<m/P/)</cf> deletes all items from clist
1103 <m/C/ that are not members of pair (or quad) set <m/P/.
1104 I.e., <cf/filter/ do the same as <cf/delete/ with inverted
1105 set <m/P/. <m/P/ may also be a clist, which works analogously;
1106 i.e., it works as clist intersection.
1108 Statement <cf><m/C/ = add(<m/C/, <m/P/);</cf> can be shortened to
1109 <cf><m/C/.add(<m/P/);</cf> if <m/C/ is appropriate route
1110 attribute (for example <cf/bgp_community/). Similarly for
1111 <cf/delete/ and <cf/filter/.
1114 Eclist is a data type used for BGP extended community lists.
1115 Eclists are very similar to clists, but they are sets of ECs
1116 instead of pairs. The same operations (like <cf/add/,
1117 <cf/delete/, or <cf/˜/ membership operator) can be
1118 used to modify or test eclists, with ECs instead of pairs as
1124 <p>The filter language supports common integer operators <cf>(+,-,*,/)</cf>, parentheses <cf/(a*(b+c))/, comparison
1125 <cf/(a=b, a!=b, a<b, a>=b)/. Logical operations include unary not (<cf/!/), and (<cf/&&/) and or (<cf/||/).
1126 Special operators include <cf/˜/ for "is element of a set" operation - it can be
1127 used on element and set of elements of the same type (returning true if element is contained in the given set), or
1128 on two strings (returning true if first string matches a shell-like pattern stored in second string) or on IP and prefix (returning true if IP is within the range defined by that prefix), or on
1129 prefix and prefix (returning true if first prefix is more specific than second one) or on bgppath and bgpmask (returning true if the path matches the mask) or on number and bgppath (returning true if the number is in the path) or on bgppath and int (number) set (returning true if any ASN from the path is in the set) or on pair/quad and clist (returning true if the pair/quad is element of the clist) or on clist and pair/quad set (returning true if there is an element of the clist that is also a member of the pair/quad set).
1131 <p>There is one operator related to ROA infrastructure -
1132 <cf/roa_check()/. It examines a ROA table and does RFC 6483 route
1133 origin validation for a given network prefix. The basic usage
1134 is <cf>roa_check(<m/table/)</cf>, which checks current route (which
1135 should be from BGP to have AS_PATH argument) in the specified ROA
1136 table and returns ROA_UNKNOWN if there is no relevant ROA, ROA_VALID
1137 if there is a matching ROA, or ROA_INVALID if there are some relevant
1138 ROAs but none of them match. There is also an extended variant
1139 <cf>roa_check(<m/table/, <m/prefix/, <m/asn/)</cf>, which allows to
1140 specify a prefix and an ASN as arguments.
1143 <sect>Control structures
1145 <p>Filters support two control structures: conditions and case switches.
1147 <p>Syntax of a condition is: <cf>if
1148 <M>boolean expression</M> then <M>command1</M>; else <M>command2</M>;</cf> and you can use <cf>{
1149 <M>command_1</M>; <M>command_2</M>; <M>...</M> }</cf> instead of either command. The <cf>else</cf>
1150 clause may be omitted. If the <cf><m>boolean expression</m></cf> is true, <cf><m>command1</m></cf> is executed, otherwise <cf><m>command2</m></cf> is executed.
1152 <p>The <cf>case</cf> is similar to case from Pascal. Syntax is <cf>case <m/expr/ { else: |
1153 <m/num_or_prefix [ .. num_or_prefix]/: <m/statement/ ; [ ... ] }</cf>. The expression after
1154 <cf>case</cf> can be of any type which can be on the left side of the ˜ operator and anything that could
1155 be a member of a set is allowed before <cf/:/. Multiple commands are allowed without <cf/{}/ grouping.
1156 If <cf><m/expr/</cf> matches one of the <cf/:/ clauses, statements between it and next <cf/:/ statement are executed. If <cf><m/expr/</cf> matches neither of the <cf/:/ clauses, the statements after <cf/else:/ are executed.
1158 <p>Here is example that uses <cf/if/ and <cf/case/ structures:
1162 2: print "two"; print "I can do more commands without {}";
1163 3 .. 5: print "three to five";
1164 else: print "something else";
1167 if 1234 = i then printn "."; else {
1169 print "You need {} around multiple commands";
1173 <sect>Route attributes
1175 <p>A filter is implicitly passed a route, and it can access its
1176 attributes just like it accesses variables. Attempts to access undefined
1177 attribute result in a runtime error; you can check if an attribute is
1178 defined by using the <cf>defined( <m>attribute</m> )</cf> operator.
1179 One notable exception to this rule are attributes of clist type, where
1180 undefined value is regarded as empty clist for most purposes.
1183 <tag><m/prefix/ net</tag>
1184 Network the route is talking about. Read-only. (See the chapter about routing tables.)
1186 <tag><m/enum/ scope</tag>
1187 The scope of the route. Possible values: <cf/SCOPE_HOST/ for
1188 routes local to this host, <cf/SCOPE_LINK/ for those specific
1189 for a physical link, <cf/SCOPE_SITE/ and
1190 <cf/SCOPE_ORGANIZATION/ for private routes and
1191 <cf/SCOPE_UNIVERSE/ for globally visible routes. This
1192 attribute is not interpreted by BIRD and can be used to mark
1193 routes in filters. The default value for new routes is
1194 <cf/SCOPE_UNIVERSE/.
1196 <tag><m/int/ preference</tag>
1197 Preference of the route. Valid values are 0-65535. (See the chapter about routing tables.)
1199 <tag><m/ip/ from</tag>
1200 The router which the route has originated from.
1202 <tag><m/ip/ gw</tag>
1203 Next hop packets routed using this route should be forwarded to.
1205 <tag><m/string/ proto</tag>
1206 The name of the protocol which the route has been imported from. Read-only.
1208 <tag><m/enum/ source</tag>
1209 what protocol has told me about this route. Possible values: <cf/RTS_DUMMY/, <cf/RTS_STATIC/, <cf/RTS_INHERIT/, <cf/RTS_DEVICE/, <cf/RTS_STATIC_DEVICE/, <cf/RTS_REDIRECT/, <cf/RTS_RIP/, <cf/RTS_OSPF/, <cf/RTS_OSPF_IA/, <cf/RTS_OSPF_EXT1/, <cf/RTS_OSPF_EXT2/, <cf/RTS_BGP/, <cf/RTS_PIPE/.
1211 <tag><m/enum/ cast</tag>
1212 Route type (Currently <cf/RTC_UNICAST/ for normal routes,
1213 <cf/RTC_BROADCAST/, <cf/RTC_MULTICAST/, <cf/RTC_ANYCAST/ will
1214 be used in the future for broadcast, multicast and anycast
1217 <tag><m/enum/ dest</tag>
1218 Type of destination the packets should be sent to
1219 (<cf/RTD_ROUTER/ for forwarding to a neighboring router,
1220 <cf/RTD_DEVICE/ for routing to a directly-connected network,
1221 <cf/RTD_MULTIPATH/ for multipath destinations,
1222 <cf/RTD_BLACKHOLE/ for packets to be silently discarded,
1223 <cf/RTD_UNREACHABLE/, <cf/RTD_PROHIBIT/ for packets that
1224 should be returned with ICMP host unreachable / ICMP
1225 administratively prohibited messages). Can be changed, but
1226 only to <cf/RTD_BLACKHOLE/, <cf/RTD_UNREACHABLE/ or
1229 <tag><m/string/ ifname</tag>
1230 Name of the outgoing interface. Sink routes (like blackhole,
1231 unreachable or prohibit) and multipath routes have no interface
1232 associated with them, so <cf/ifname/ returns an empty string for
1233 such routes. Read-only.
1235 <tag><m/int/ ifindex</tag>
1236 Index of the outgoing interface. System wide index of the
1237 interface. May be used for interface matching, however
1238 indexes might change on interface creation/removal. Zero is
1239 returned for routes with undefined outgoing
1240 interfaces. Read-only.
1242 <tag><m/int/ igp_metric</tag>
1243 The optional attribute that can be used to specify a distance
1244 to the network for routes that do not have a native protocol
1245 metric attribute (like <cf/ospf_metric1/ for OSPF routes). It
1246 is used mainly by BGP to compare internal distances to boundary
1247 routers (see below). It is also used when the route is exported
1248 to OSPF as a default value for OSPF type 1 metric.
1251 <p>There also exist some protocol-specific attributes which are described in the corresponding protocol sections.
1253 <sect>Other statements
1255 <p>The following statements are available:
1258 <tag><m/variable/ = <m/expr/</tag> Set variable to a given value.
1260 <tag>accept|reject [ <m/expr/ ]</tag> Accept or reject the route, possibly printing <cf><m>expr</m></cf>.
1262 <tag>return <m/expr/</tag> Return <cf><m>expr</m></cf> from the current function, the function ends at this point.
1264 <tag>print|printn <m/expr/ [<m/, expr.../]</tag>
1265 Prints given expressions; useful mainly while debugging
1266 filters. The <cf/printn/ variant does not terminate the line.
1269 Terminates BIRD. Useful when debugging the filter interpreter.
1274 <sect><label id="sect-bfd">BFD
1278 <p>Bidirectional Forwarding Detection (BFD) is not a routing protocol itself, it
1279 is an independent tool providing liveness and failure detection. Routing
1280 protocols like OSPF and BGP use integrated periodic "hello" messages to monitor
1281 liveness of neighbors, but detection times of these mechanisms are high (e.g. 40
1282 seconds by default in OSPF, could be set down to several seconds). BFD offers
1283 universal, fast and low-overhead mechanism for failure detection, which could be
1284 attached to any routing protocol in an advisory role.
1286 <p>BFD consists of mostly independent BFD sessions. Each session monitors an
1287 unicast bidirectional path between two BFD-enabled routers. This is done by
1288 periodically sending control packets in both directions. BFD does not handle
1289 neighbor discovery, BFD sessions are created on demand by request of other
1290 protocols (like OSPF or BGP), which supply appropriate information like IP
1291 addresses and associated interfaces. When a session changes its state, these
1292 protocols are notified and act accordingly (e.g. break an OSPF adjacency when
1293 the BFD session went down).
1295 <p>BIRD implements basic BFD behavior as defined in
1296 RFC 5880<htmlurl url="ftp://ftp.rfc-editor.org/in-notes/rfc5880.txt">
1297 (some advanced features like the echo mode or authentication are not implemented),
1298 IP transport for BFD as defined in
1299 RFC 5881<htmlurl url="ftp://ftp.rfc-editor.org/in-notes/rfc5881.txt"> and
1300 RFC 5883<htmlurl url="ftp://ftp.rfc-editor.org/in-notes/rfc5883.txt">
1301 and interaction with client protocols as defined in
1302 RFC 5882<htmlurl url="ftp://ftp.rfc-editor.org/in-notes/rfc5882.txt">.
1304 <p>Note that BFD implementation in BIRD is currently a new feature in
1305 development, expect some rough edges and possible UI and configuration changes
1306 in the future. Also note that we currently support at most one protocol instance.
1308 <sect1>Configuration
1310 <p>BFD configuration consists mainly of multiple definitions of interfaces.
1311 Most BFD config options are session specific. When a new session is requested
1312 and dynamically created, it is configured from one of these definitions. For
1313 sessions to directly connected neighbors, <cf/interface/ definitions are chosen
1314 based on the interface associated with the session, while <cf/multihop/
1315 definition is used for multihop sessions. If no definition is relevant, the
1316 session is just created with the default configuration. Therefore, an empty BFD
1317 configuration is often sufficient.
1319 <p>Note that to use BFD for other protocols like OSPF or BGP, these protocols
1320 also have to be configured to request BFD sessions, usually by <cf/bfd/ option.
1322 <p>Some of BFD session options require <m/time/ value, which has to be specified
1323 with the appropriate unit: <m/num/ <cf/s/|<cf/ms/|<cf/us/. Although microseconds
1324 are allowed as units, practical minimum values are usually in order of tens of
1328 protocol bfd [<name>] {
1329 interface <interface pattern> {
1330 interval <time>;
1331 min rx interval <time>;
1332 min tx interval <time>;
1333 idle tx interval <time>;
1334 multiplier <num>;
1335 passive <switch>;
1338 interval <time>;
1339 min rx interval <time>;
1340 min tx interval <time>;
1341 idle tx interval <time>;
1342 multiplier <num>;
1343 passive <switch>;
1345 neighbor <ip> [dev "<interface>"] [local <ip>] [multihop <switch>];
1350 <tag>interface <m/pattern [, ...]/ { <m/options/ }</tag>
1351 Interface definitions allow to specify options for sessions associated
1352 with such interfaces and also may contain interface specific options.
1353 See <ref id="dsc-iface" name="interface"> common option for a detailed
1354 description of interface patterns. Note that contrary to the behavior of
1355 <cf/interface/ definitions of other protocols, BFD protocol would accept
1356 sessions (in default configuration) even on interfaces not covered by
1359 <tag>multihop { <m/options/ }</tag>
1360 Multihop definitions allow to specify options for multihop BFD sessions,
1361 in the same manner as <cf/interface/ definitions are used for directly
1362 connected sessions. Currently only one such definition (for all multihop
1363 sessions) could be used.
1365 <tag>neighbor <m/ip/ [dev "<m/interface/"] [local <m/ip/] [multihop <m/switch/]</tag>
1366 BFD sessions are usually created on demand as requested by other
1367 protocols (like OSPF or BGP). This option allows to explicitly add
1368 a BFD session to the specified neighbor regardless of such requests.
1370 The session is identified by the IP address of the neighbor, with
1371 optional specification of used interface and local IP. By default
1372 the neighbor must be directly connected, unless the the session is
1373 configured as multihop. Note that local IP must be specified for
1377 <p>Session specific options (part of <cf/interface/ and <cf/multihop/ definitions):
1380 <tag>interval <m/time/</tag>
1381 BFD ensures availability of the forwarding path associated with the
1382 session by periodically sending BFD control packets in both
1383 directions. The rate of such packets is controlled by two options,
1384 <cf/min rx interval/ and <cf/min tx interval/ (see below). This option
1385 is just a shorthand to set both of these options together.
1387 <tag>min rx interval <m/time/</tag>
1388 This option specifies the minimum RX interval, which is announced to the
1389 neighbor and used there to limit the neighbor's rate of generated BFD
1390 control packets. Default: 10 ms.
1392 <tag>min tx interval <m/time/</tag>
1393 This option specifies the desired TX interval, which controls the rate
1394 of generated BFD control packets (together with <cf/min rx interval/
1395 announced by the neighbor). Note that this value is used only if the BFD
1396 session is up, otherwise the value of <cf/idle tx interval/ is used
1397 instead. Default: 100 ms.
1399 <tag>idle tx interval <m/time/</tag>
1400 In order to limit unnecessary traffic in cases where a neighbor is not
1401 available or not running BFD, the rate of generated BFD control packets
1402 is lower when the BFD session is not up. This option specifies the
1403 desired TX interval in such cases instead of <cf/min tx interval/.
1406 <tag>multiplier <m/num/</tag>
1407 Failure detection time for BFD sessions is based on established rate of
1408 BFD control packets (<cf>min rx/tx interval</cf>) multiplied by this
1409 multiplier, which is essentially (ignoring jitter) a number of missed
1410 packets after which the session is declared down. Note that rates and
1411 multipliers could be different in each direction of a BFD session.
1414 <tag>passive <m/switch/</tag>
1415 Generally, both BFD session endpoinds try to establish the session by
1416 sending control packets to the other side. This option allows to enable
1417 passive mode, which means that the router does not send BFD packets
1418 until it has received one from the other side. Default: disabled.
1426 min rx interval 20 ms;
1427 min tx interval 50 ms;
1428 idle tx interval 300 ms;
1440 neighbor 192.168.1.10;
1441 neighbor 192.168.2.2 dev "eth2";
1442 neighbor 192.168.10.1 local 192.168.1.1 multihop;
1448 <p>The Border Gateway Protocol is the routing protocol used for backbone
1449 level routing in the today's Internet. Contrary to the other protocols, its convergence
1450 doesn't rely on all routers following the same rules for route selection,
1451 making it possible to implement any routing policy at any router in the
1452 network, the only restriction being that if a router advertises a route,
1453 it must accept and forward packets according to it.
1455 <p>BGP works in terms of autonomous systems (often abbreviated as
1456 AS). Each AS is a part of the network with common management and
1457 common routing policy. It is identified by a unique 16-bit number
1458 (ASN). Routers within each AS usually exchange AS-internal routing
1459 information with each other using an interior gateway protocol (IGP,
1460 such as OSPF or RIP). Boundary routers at the border of the AS
1461 communicate global (inter-AS) network reachability information with
1462 their neighbors in the neighboring AS'es via exterior BGP (eBGP) and
1463 redistribute received information to other routers in the AS via
1464 interior BGP (iBGP).
1466 <p>Each BGP router sends to its neighbors updates of the parts of its
1467 routing table it wishes to export along with complete path information
1468 (a list of AS'es the packet will travel through if it uses the particular
1469 route) in order to avoid routing loops.
1471 <p>BIRD supports all requirements of the BGP4 standard as defined in
1472 RFC 4271<htmlurl url="ftp://ftp.rfc-editor.org/in-notes/rfc4271.txt">
1473 It also supports the community attributes
1474 (RFC 1997<htmlurl url="ftp://ftp.rfc-editor.org/in-notes/rfc1997.txt">),
1475 capability negotiation
1476 (RFC 3392<htmlurl url="ftp://ftp.rfc-editor.org/in-notes/rfc3392.txt">),
1477 MD5 password authentication
1478 (RFC 2385<htmlurl url="ftp://ftp.rfc-editor.org/in-notes/rfc2385.txt">),
1479 extended communities
1480 (RFC 4360<htmlurl url="ftp://ftp.rfc-editor.org/in-notes/rfc4360.txt">),
1482 (RFC 4456<htmlurl url="ftp://ftp.rfc-editor.org/in-notes/rfc4456.txt">),
1483 multiprotocol extensions
1484 (RFC 4760<htmlurl url="ftp://ftp.rfc-editor.org/in-notes/rfc4760.txt">),
1486 (RFC 4893<htmlurl url="ftp://ftp.rfc-editor.org/in-notes/rfc4893.txt">),
1487 and 4B AS numbers in extended communities
1488 (RFC 5668<htmlurl url="ftp://ftp.rfc-editor.org/in-notes/rfc5668.txt">).
1491 For IPv6, it uses the standard multiprotocol extensions defined in
1492 RFC 2283<htmlurl url="ftp://ftp.rfc-editor.org/in-notes/rfc2283.txt">
1493 including changes described in the
1494 latest draft<htmlurl url="ftp://ftp.rfc-editor.org/internet-drafts/draft-ietf-idr-bgp4-multiprotocol-v2-05.txt">
1495 and applied to IPv6 according to
1496 RFC 2545<htmlurl url="ftp://ftp.rfc-editor.org/in-notes/rfc2545.txt">.
1498 <sect1>Route selection rules
1500 <p>BGP doesn't have any simple metric, so the rules for selection of an optimal
1501 route among multiple BGP routes with the same preference are a bit more complex
1502 and they are implemented according to the following algorithm. It starts the first
1503 rule, if there are more "best" routes, then it uses the second rule to choose
1504 among them and so on.
1507 <item>Prefer route with the highest Local Preference attribute.
1508 <item>Prefer route with the shortest AS path.
1509 <item>Prefer IGP origin over EGP and EGP origin over incomplete.
1510 <item>Prefer the lowest value of the Multiple Exit Discriminator.
1511 <item>Prefer routes received via eBGP over ones received via iBGP.
1512 <item>Prefer routes with lower internal distance to a boundary router.
1513 <item>Prefer the route with the lowest value of router ID of the
1517 <sect1>IGP routing table
1519 <p>BGP is mainly concerned with global network reachability and with
1520 routes to other autonomous systems. When such routes are redistributed
1521 to routers in the AS via BGP, they contain IP addresses of a boundary
1522 routers (in route attribute NEXT_HOP). BGP depends on existing IGP
1523 routing table with AS-internal routes to determine immediate next hops
1524 for routes and to know their internal distances to boundary routers
1525 for the purpose of BGP route selection. In BIRD, there is usually
1526 one routing table used for both IGP routes and BGP routes.
1528 <sect1>Configuration
1530 <p>Each instance of the BGP corresponds to one neighboring router.
1531 This allows to set routing policy and all the other parameters differently
1532 for each neighbor using the following configuration parameters:
1535 <tag>local [<m/ip/] as <m/number/</tag> Define which AS we
1536 are part of. (Note that contrary to other IP routers, BIRD is
1537 able to act as a router located in multiple AS'es
1538 simultaneously, but in such cases you need to tweak the BGP
1539 paths manually in the filters to get consistent behavior.)
1540 Optional <cf/ip/ argument specifies a source address,
1541 equivalent to the <cf/source address/ option (see below).
1542 This parameter is mandatory.
1544 <tag>neighbor <m/ip/ as <m/number/</tag> Define neighboring router
1545 this instance will be talking to and what AS it's located in. Unless
1546 you use the <cf/multihop/ clause, it must be directly connected to one
1547 of your router's interfaces. In case the neighbor is in the same AS
1548 as we are, we automatically switch to iBGP. This parameter is mandatory.
1550 <tag>multihop [<m/number/]</tag> Configure multihop BGP
1551 session to a neighbor that isn't directly connected.
1552 Accurately, this option should be used if the configured
1553 neighbor IP address does not match with any local network
1554 subnets. Such IP address have to be reachable through system
1555 routing table. For multihop BGP it is recommended to
1556 explicitly configure <cf/source address/ to have it
1557 stable. Optional <cf/number/ argument can be used to specify
1558 the number of hops (used for TTL). Note that the number of
1559 networks (edges) in a path is counted, i.e. if two BGP
1560 speakers are separated by one router, the number of hops is
1561 2. Default: switched off.
1563 <tag>source address <m/ip/</tag> Define local address we
1564 should use for next hop calculation and as a source address
1565 for the BGP session. Default: the address of the local
1566 end of the interface our neighbor is connected to.
1568 <tag>next hop self</tag> Avoid calculation of the Next Hop
1569 attribute and always advertise our own source address as a
1570 next hop. This needs to be used only occasionally to
1571 circumvent misconfigurations of other routers. Default:
1574 <tag>next hop keep</tag> Forward the received Next Hop
1575 attribute even in situations where the local address should be
1576 used instead, like when the route is sent to an interface with
1577 a different subnet. Default: disabled.
1579 <tag>missing lladdr self|drop|ignore</tag>Next Hop attribute
1580 in BGP-IPv6 sometimes contains just the global IPv6 address,
1581 but sometimes it has to contain both global and link-local
1582 IPv6 addresses. This option specifies what to do if BIRD have
1583 to send both addresses but does not know link-local address.
1584 This situation might happen when routes from other protocols
1585 are exported to BGP, or when improper updates are received
1586 from BGP peers. <cf/self/ means that BIRD advertises its own
1587 local address instead. <cf/drop/ means that BIRD skips that
1588 prefixes and logs error. <cf/ignore/ means that BIRD ignores
1589 the problem and sends just the global address (and therefore
1590 forms improper BGP update). Default: <cf/self/, unless BIRD
1591 is configured as a route server (option <cf/rs client/), in
1592 that case default is <cf/ignore/, because route servers usually
1593 do not forward packets themselves.
1595 <tag>gateway direct|recursive</tag>For received routes, their
1596 <cf/gw/ (immediate next hop) attribute is computed from
1597 received <cf/bgp_next_hop/ attribute. This option specifies
1598 how it is computed. Direct mode means that the IP address from
1599 <cf/bgp_next_hop/ is used if it is directly reachable,
1600 otherwise the neighbor IP address is used. Recursive mode
1601 means that the gateway is computed by an IGP routing table
1602 lookup for the IP address from <cf/bgp_next_hop/. Recursive
1603 mode is the behavior specified by the BGP standard. Direct
1604 mode is simpler, does not require any routes in a routing
1605 table, and was used in older versions of BIRD, but does not
1606 handle well nontrivial iBGP setups and multihop. Recursive
1607 mode is incompatible with <ref id="dsc-sorted" name="sorted
1608 tables">. Default: <cf/direct/ for singlehop eBGP,
1609 <cf/recursive/ otherwise.
1611 <tag>igp table <m/name/</tag> Specifies a table that is used
1612 as an IGP routing table. Default: the same as the table BGP is
1615 <tag>bfd <M>switch</M></tag>
1616 BGP could use BFD protocol as an advisory mechanism for neighbor
1617 liveness and failure detection. If enabled, BIRD setups a BFD session
1618 for the BGP neighbor and tracks its liveness by it. This has an
1619 advantage of an order of magnitude lower detection times in case of
1620 failure. Note that BFD protocol also has to be configured, see
1621 <ref id="sect-bfd" name="BFD"> section for details. Default: disabled.
1623 <tag>ttl security <m/switch/</tag> Use GTSM (RFC 5082 - the
1624 generalized TTL security mechanism). GTSM protects against
1625 spoofed packets by ignoring received packets with a smaller
1626 than expected TTL. To work properly, GTSM have to be enabled
1627 on both sides of a BGP session. If both <cf/ttl security/ and
1628 <cf/multihop/ options are enabled, <cf/multihop/ option should
1629 specify proper hop value to compute expected TTL. Kernel
1630 support required: Linux: 2.6.34+ (IPv4), 2.6.35+ (IPv6), BSD:
1631 since long ago, IPv4 only. Note that full (ICMP protection,
1632 for example) RFC 5082 support is provided by Linux
1633 only. Default: disabled.
1635 <tag>password <m/string/</tag> Use this password for MD5 authentication
1636 of BGP sessions. Default: no authentication. Password has to be set by
1637 external utility (e.g. setkey(8)) on BSD systems.
1639 <tag>passive <m/switch/</tag> Standard BGP behavior is both
1640 initiating outgoing connections and accepting incoming
1641 connections. In passive mode, outgoing connections are not
1642 initiated. Default: off.
1644 <tag>rr client</tag> Be a route reflector and treat the neighbor as
1645 a route reflection client. Default: disabled.
1647 <tag>rr cluster id <m/IPv4 address/</tag> Route reflectors use cluster id
1648 to avoid route reflection loops. When there is one route reflector in a cluster
1649 it usually uses its router id as a cluster id, but when there are more route
1650 reflectors in a cluster, these need to be configured (using this option) to
1651 use a common cluster id. Clients in a cluster need not know their cluster
1652 id and this option is not allowed for them. Default: the same as router id.
1654 <tag>rs client</tag> Be a route server and treat the neighbor
1655 as a route server client. A route server is used as a
1656 replacement for full mesh EBGP routing in Internet exchange
1657 points in a similar way to route reflectors used in IBGP routing.
1658 BIRD does not implement obsoleted RFC 1863, but uses ad-hoc implementation,
1659 which behaves like plain EBGP but reduces modifications to advertised route
1660 attributes to be transparent (for example does not prepend its AS number to
1661 AS PATH attribute and keeps MED attribute). Default: disabled.
1663 <tag>secondary <m/switch/</tag> Usually, if an import filter
1664 rejects a selected route, no other route is propagated for
1665 that network. This option allows to try the next route in
1666 order until one that is accepted is found or all routes for
1667 that network are rejected. This can be used for route servers
1668 that need to propagate different tables to each client but do
1669 not want to have these tables explicitly (to conserve memory).
1670 This option requires that the connected routing table is
1671 <ref id="dsc-sorted" name="sorted">. Default: off.
1673 <tag>allow local as [<m/number/]</tag>
1674 BGP prevents routing loops by rejecting received routes with
1675 the local AS number in the AS path. This option allows to
1676 loose or disable the check. Optional <cf/number/ argument can
1677 be used to specify the maximum number of local ASNs in the AS
1678 path that is allowed for received routes. When the option is
1679 used without the argument, the check is completely disabled
1680 and you should ensure loop-free behavior by some other means.
1681 Default: 0 (no local AS number allowed).
1683 <tag>enable route refresh <m/switch/</tag> When BGP speaker
1684 changes its import filter, it has to re-examine all routes
1685 received from its neighbor against the new filter. As these
1686 routes might not be available, there is a BGP protocol
1687 extension Route Refresh (specified in RFC 2918) that allows
1688 BGP speaker to request re-advertisement of all routes from its
1689 neighbor. This option specifies whether BIRD advertises this
1690 capability and accepts such requests. Even when disabled, BIRD
1691 can send route refresh requests. Default: on.
1693 <tag>interpret communities <m/switch/</tag> RFC 1997 demands
1694 that BGP speaker should process well-known communities like
1695 no-export (65535, 65281) or no-advertise (65535, 65282). For
1696 example, received route carrying a no-adverise community
1697 should not be advertised to any of its neighbors. If this
1698 option is enabled (which is by default), BIRD has such
1699 behavior automatically (it is evaluated when a route is
1700 exported to the BGP protocol just before the export filter).
1701 Otherwise, this integrated processing of well-known
1702 communities is disabled. In that case, similar behavior can be
1703 implemented in the export filter. Default: on.
1705 <tag>enable as4 <m/switch/</tag> BGP protocol was designed to use 2B AS numbers
1706 and was extended later to allow 4B AS number. BIRD supports 4B AS extension,
1707 but by disabling this option it can be persuaded not to advertise it and
1708 to maintain old-style sessions with its neighbors. This might be useful for
1709 circumventing bugs in neighbor's implementation of 4B AS extension.
1710 Even when disabled (off), BIRD behaves internally as AS4-aware BGP router.
1713 <tag>capabilities <m/switch/</tag> Use capability advertisement
1714 to advertise optional capabilities. This is standard behavior
1715 for newer BGP implementations, but there might be some older
1716 BGP implementations that reject such connection attempts.
1717 When disabled (off), features that request it (4B AS support)
1718 are also disabled. Default: on, with automatic fallback to
1719 off when received capability-related error.
1721 <tag>advertise ipv4 <m/switch/</tag> Advertise IPv4 multiprotocol capability.
1722 This is not a correct behavior according to the strict interpretation
1723 of RFC 4760, but it is widespread and required by some BGP
1724 implementations (Cisco and Quagga). This option is relevant
1725 to IPv4 mode with enabled capability advertisement only. Default: on.
1727 <tag>route limit <m/number/</tag> The maximal number of routes
1728 that may be imported from the protocol. If the route limit is
1729 exceeded, the connection is closed with an error. Limit is currently implemented as
1730 <cf/import limit <m/number/ action restart/. This option is obsolete and it is
1731 replaced by <ref id="import-limit" name="import limit option">. Default: no limit.
1733 <tag>disable after error <m/switch/</tag> When an error is encountered (either
1734 locally or by the other side), disable the instance automatically
1735 and wait for an administrator to fix the problem manually. Default: off.
1737 <tag>hold time <m/number/</tag> Time in seconds to wait for a Keepalive
1738 message from the other side before considering the connection stale.
1739 Default: depends on agreement with the neighboring router, we prefer
1740 240 seconds if the other side is willing to accept it.
1742 <tag>startup hold time <m/number/</tag> Value of the hold timer used
1743 before the routers have a chance to exchange open messages and agree
1744 on the real value. Default: 240 seconds.
1746 <tag>keepalive time <m/number/</tag> Delay in seconds between sending
1747 of two consecutive Keepalive messages. Default: One third of the hold time.
1749 <tag>connect retry time <m/number/</tag> Time in seconds to wait before
1750 retrying a failed attempt to connect. Default: 120 seconds.
1752 <tag>start delay time <m/number/</tag> Delay in seconds between protocol
1753 startup and the first attempt to connect. Default: 5 seconds.
1755 <tag>error wait time <m/number/,<m/number/</tag> Minimum and maximum delay in seconds between a protocol
1756 failure (either local or reported by the peer) and automatic restart.
1757 Doesn't apply when <cf/disable after error/ is configured. If consecutive
1758 errors happen, the delay is increased exponentially until it reaches the maximum. Default: 60, 300.
1760 <tag>error forget time <m/number/</tag> Maximum time in seconds between two protocol
1761 failures to treat them as a error sequence which makes the <cf/error wait time/
1762 increase exponentially. Default: 300 seconds.
1764 <tag>path metric <m/switch/</tag> Enable comparison of path lengths
1765 when deciding which BGP route is the best one. Default: on.
1767 <tag>med metric <m/switch/</tag> Enable comparison of MED
1768 attributes (during best route selection) even between routes
1769 received from different ASes. This may be useful if all MED
1770 attributes contain some consistent metric, perhaps enforced in
1771 import filters of AS boundary routers. If this option is
1772 disabled, MED attributes are compared only if routes are
1773 received from the same AS (which is the standard behavior).
1776 <tag>deterministic med <m/switch/</tag> BGP route selection
1777 algorithm is often viewed as a comparison between individual
1778 routes (e.g. if a new route appears and is better than the
1779 current best one, it is chosen as the new best one). But the
1780 proper route selection, as specified by RFC 4271, cannot be
1781 fully implemented in that way. The problem is mainly in
1782 handling the MED attribute. BIRD, by default, uses an
1783 simplification based on individual route comparison, which in
1784 some cases may lead to temporally dependent behavior (i.e. the
1785 selection is dependent on the order in which routes appeared).
1786 This option enables a different (and slower) algorithm
1787 implementing proper RFC 4271 route selection, which is
1788 deterministic. Alternative way how to get deterministic
1789 behavior is to use <cf/med metric/ option. This option is
1790 incompatible with <ref id="dsc-sorted" name="sorted tables">.
1793 <tag>igp metric <m/switch/</tag> Enable comparison of internal
1794 distances to boundary routers during best route selection. Default: on.
1796 <tag>prefer older <m/switch/</tag> Standard route selection algorithm
1797 breaks ties by comparing router IDs. This changes the behavior
1798 to prefer older routes (when both are external and from different
1799 peer). For details, see RFC 5004. Default: off.
1801 <tag>default bgp_med <m/number/</tag> Value of the Multiple Exit
1802 Discriminator to be used during route selection when the MED attribute
1803 is missing. Default: 0.
1805 <tag>default bgp_local_pref <m/number/</tag> A default value
1806 for the Local Preference attribute. It is used when a new
1807 Local Preference attribute is attached to a route by the BGP
1808 protocol itself (for example, if a route is received through
1809 eBGP and therefore does not have such attribute). Default: 100
1810 (0 in pre-1.2.0 versions of BIRD).
1815 <p>BGP defines several route attributes. Some of them (those marked with `<tt/I/' in the
1816 table below) are available on internal BGP connections only, some of them (marked
1817 with `<tt/O/') are optional.
1820 <tag>bgppath <cf/bgp_path/</tag> Sequence of AS numbers describing the AS path
1821 the packet will travel through when forwarded according to the particular route.
1822 In case of internal BGP it doesn't contain the number of the local AS.
1824 <tag>int <cf/bgp_local_pref/ [I]</tag> Local preference value used for
1825 selection among multiple BGP routes (see the selection rules above). It's
1826 used as an additional metric which is propagated through the whole local AS.
1828 <tag>int <cf/bgp_med/ [O]</tag> The Multiple Exit Discriminator of the route
1829 is an optional attribute which is used on external (inter-AS) links to
1830 convey to an adjacent AS the optimal entry point into the local AS.
1831 The received attribute is also propagated over internal BGP links.
1832 The attribute value is zeroed when a route is exported to an external BGP
1833 instance to ensure that the attribute received from a neighboring AS is
1834 not propagated to other neighboring ASes. A new value might be set in
1835 the export filter of an external BGP instance.
1836 See RFC 4451<htmlurl url="ftp://ftp.rfc-editor.org/in-notes/rfc4451.txt">
1837 for further discussion of BGP MED attribute.
1839 <tag>enum <cf/bgp_origin/</tag> Origin of the route: either <cf/ORIGIN_IGP/
1840 if the route has originated in an interior routing protocol or
1841 <cf/ORIGIN_EGP/ if it's been imported from the <tt>EGP</tt> protocol
1842 (nowadays it seems to be obsolete) or <cf/ORIGIN_INCOMPLETE/ if the origin
1845 <tag>ip <cf/bgp_next_hop/</tag> Next hop to be used for forwarding of packets
1846 to this destination. On internal BGP connections, it's an address of the
1847 originating router if it's inside the local AS or a boundary router the
1848 packet will leave the AS through if it's an exterior route, so each BGP
1849 speaker within the AS has a chance to use the shortest interior path
1850 possible to this point.
1852 <tag>void <cf/bgp_atomic_aggr/ [O]</tag> This is an optional attribute
1853 which carries no value, but the sole presence of which indicates that the route
1854 has been aggregated from multiple routes by some router on the path from
1857 <!-- we don't handle aggregators right since they are of a very obscure type
1858 <tag>bgp_aggregator</tag>
1860 <tag>clist <cf/bgp_community/ [O]</tag> List of community values associated
1861 with the route. Each such value is a pair (represented as a <cf/pair/ data
1862 type inside the filters) of 16-bit integers, the first of them containing the number of the AS which defines
1863 the community and the second one being a per-AS identifier. There are lots
1864 of uses of the community mechanism, but generally they are used to carry
1865 policy information like "don't export to USA peers". As each AS can define
1866 its own routing policy, it also has a complete freedom about which community
1867 attributes it defines and what will their semantics be.
1869 <tag>eclist <cf/bgp_ext_community/ [O]</tag> List of extended community
1870 values associated with the route. Extended communities have similar usage
1871 as plain communities, but they have an extended range (to allow 4B ASNs)
1872 and a nontrivial structure with a type field. Individual community values are
1873 represented using an <cf/ec/ data type inside the filters.
1875 <tag>quad <cf/bgp_originator_id/ [I, O]</tag> This attribute is created by the
1876 route reflector when reflecting the route and contains the router ID of the
1877 originator of the route in the local AS.
1879 <tag>clist <cf/bgp_cluster_list/ [I, O]</tag> This attribute contains a list
1880 of cluster IDs of route reflectors. Each route reflector prepends its
1881 cluster ID when reflecting the route.
1888 local as 65000; # Use a private AS number
1889 neighbor 198.51.100.130 as 64496; # Our neighbor ...
1890 multihop; # ... which is connected indirectly
1891 export filter { # We use non-trivial export rules
1892 if source = RTS_STATIC then { # Export only static routes
1893 # Assign our community
1894 bgp_community.add((65000,64501));
1895 # Artificially increase path length
1896 # by advertising local AS number twice
1897 if bgp_path ~ [= 65000 =] then
1898 bgp_path.prepend(65000);
1904 source address 198.51.100.14; # Use a non-standard source address
1910 <p>The Device protocol is not a real routing protocol. It doesn't generate
1911 any routes and it only serves as a module for getting information about network
1912 interfaces from the kernel.
1914 <p>Except for very unusual circumstances, you probably should include
1915 this protocol in the configuration since almost all other protocols
1916 require network interfaces to be defined for them to work with.
1918 <sect1>Configuration
1921 <tag>scan time <m/number/</tag> Time in seconds between two scans
1922 of the network interface list. On systems where we are notified about
1923 interface status changes asynchronously (such as newer versions of
1924 Linux), we need to scan the list only in order to avoid confusion by lost
1925 notification messages, so the default time is set to a large value.
1927 <tag>primary [ "<m/mask/" ] <m/prefix/</tag>
1928 If a network interface has more than one network address, BIRD
1929 has to choose one of them as a primary one. By default, BIRD
1930 chooses the lexicographically smallest address as the primary
1933 This option allows to specify which network address should be
1934 chosen as a primary one. Network addresses that match
1935 <m/prefix/ are preferred to non-matching addresses. If more
1936 <cf/primary/ options are used, the first one has the highest
1937 preference. If "<m/mask/" is specified, then such
1938 <cf/primary/ option is relevant only to matching network
1941 In all cases, an address marked by operating system as
1942 secondary cannot be chosen as the primary one.
1945 <p>As the Device protocol doesn't generate any routes, it cannot have
1946 any attributes. Example configuration looks like this:
1950 scan time 10; # Scan the interfaces often
1951 primary "eth0" 192.168.1.1;
1952 primary 192.168.0.0/16;
1958 <p>The Direct protocol is a simple generator of device routes for all the
1959 directly connected networks according to the list of interfaces provided
1960 by the kernel via the Device protocol.
1962 <p>The question is whether it is a good idea to have such device
1963 routes in BIRD routing table. OS kernel usually handles device routes
1964 for directly connected networks by itself so we don't need (and don't
1965 want) to export these routes to the kernel protocol. OSPF protocol
1966 creates device routes for its interfaces itself and BGP protocol is
1967 usually used for exporting aggregate routes. Although there are some
1968 use cases that use the direct protocol (like abusing eBGP as an IGP
1969 routing protocol), in most cases it is not needed to have these device
1970 routes in BIRD routing table and to use the direct protocol.
1972 <p>There is one notable case when you definitely want to use the
1973 direct protocol -- running BIRD on BSD systems. Having high priority
1974 device routes for directly connected networks from the direct protocol
1975 protects kernel device routes from being overwritten or removed by IGP
1976 routes during some transient network conditions, because a lower
1977 priority IGP route for the same network is not exported to the kernel
1978 routing table. This is an issue on BSD systems only, as on Linux
1979 systems BIRD cannot change non-BIRD route in the kernel routing table.
1981 <p>The only configurable thing about direct is what interfaces it watches:
1984 <tag>interface <m/pattern [, ...]/</tag> By default, the Direct
1985 protocol will generate device routes for all the interfaces
1986 available. If you want to restrict it to some subset of interfaces
1987 (for example if you're using multiple routing tables for policy
1988 routing and some of the policy domains don't contain all interfaces),
1989 just use this clause.
1992 <p>Direct device routes don't contain any specific attributes.
1994 <p>Example config might look like this:
1998 interface "-arc*", "*"; # Exclude the ARCnets
2004 <p>The Kernel protocol is not a real routing protocol. Instead of communicating
2005 with other routers in the network, it performs synchronization of BIRD's routing
2006 tables with the OS kernel. Basically, it sends all routing table updates to the kernel
2007 and from time to time it scans the kernel tables to see whether some routes have
2008 disappeared (for example due to unnoticed up/down transition of an interface)
2009 or whether an `alien' route has been added by someone else (depending on the
2010 <cf/learn/ switch, such routes are either ignored or accepted to our
2013 <p>Unfortunately, there is one thing that makes the routing table
2014 synchronization a bit more complicated. In the kernel routing table
2015 there are also device routes for directly connected networks. These
2016 routes are usually managed by OS itself (as a part of IP address
2017 configuration) and we don't want to touch that. They are completely
2018 ignored during the scan of the kernel tables and also the export of
2019 device routes from BIRD tables to kernel routing tables is restricted
2020 to prevent accidental interference. This restriction can be disabled using
2021 <cf/device routes/ switch.
2023 <p>If your OS supports only a single routing table, you can configure
2024 only one instance of the Kernel protocol. If it supports multiple
2025 tables (in order to allow policy routing; such an OS is for example
2026 Linux), you can run as many instances as you want, but each of them
2027 must be connected to a different BIRD routing table and to a different
2030 <p>Because the kernel protocol is partially integrated with the
2031 connected routing table, there are two limitations - it is not
2032 possible to connect more kernel protocols to the same routing table
2033 and changing route destination/gateway in an export
2034 filter of a kernel protocol does not work. Both limitations can be
2035 overcome using another routing table and the pipe protocol.
2037 <sect1>Configuration
2040 <tag>persist <m/switch/</tag> Tell BIRD to leave all its routes in the
2041 routing tables when it exits (instead of cleaning them up).
2042 <tag>scan time <m/number/</tag> Time in seconds between two consecutive scans of the
2043 kernel routing table.
2044 <tag>learn <m/switch/</tag> Enable learning of routes added to the kernel
2045 routing tables by other routing daemons or by the system administrator.
2046 This is possible only on systems which support identification of route
2049 <tag>device routes <m/switch/</tag> Enable export of device
2050 routes to the kernel routing table. By default, such routes
2051 are rejected (with the exception of explicitly configured
2052 device routes from the static protocol) regardless of the
2053 export filter to protect device routes in kernel routing table
2054 (managed by OS itself) from accidental overwriting or erasing.
2056 <tag>kernel table <m/number/</tag> Select which kernel table should
2057 this particular instance of the Kernel protocol work with. Available
2058 only on systems supporting multiple routing tables.
2063 <p>The Kernel protocol defines several attributes. These attributes
2064 are translated to appropriate system (and OS-specific) route attributes.
2065 We support these attributes:
2068 <tag>int <cf/krt_source/</tag> The original source of the imported
2069 kernel route. The value is system-dependent. On Linux, it is
2070 a value of the protocol field of the route. See
2071 /etc/iproute2/rt_protos for common values. On BSD, it is
2072 based on STATIC and PROTOx flags. The attribute is read-only.
2074 <tag>int <cf/krt_metric/</tag> The kernel metric of
2075 the route. When multiple same routes are in a kernel routing
2076 table, the Linux kernel chooses one with lower metric.
2078 <tag>ip <cf/krt_prefsrc/</tag> (Linux) The preferred source address.
2079 Used in source address selection for outgoing packets. Have to
2080 be one of IP addresses of the router.
2082 <tag>int <cf/krt_realm/</tag> (Linux) The realm of the route. Can be
2083 used for traffic classification.
2088 <p>A simple configuration can look this way:
2096 <p>Or for a system with two routing tables:
2099 protocol kernel { # Primary routing table
2100 learn; # Learn alien routes from the kernel
2101 persist; # Don't remove routes on bird shutdown
2102 scan time 10; # Scan kernel routing table every 10 seconds
2107 protocol kernel { # Secondary routing table
2118 <p>Open Shortest Path First (OSPF) is a quite complex interior gateway
2119 protocol. The current IPv4 version (OSPFv2) is defined in RFC
2120 2328<htmlurl url="ftp://ftp.rfc-editor.org/in-notes/rfc2328.txt"> and
2121 the current IPv6 version (OSPFv3) is defined in RFC 5340<htmlurl
2122 url="ftp://ftp.rfc-editor.org/in-notes/rfc5340.txt"> It's a link state
2123 (a.k.a. shortest path first) protocol -- each router maintains a
2124 database describing the autonomous system's topology. Each participating
2125 router has an identical copy of the database and all routers run the
2126 same algorithm calculating a shortest path tree with themselves as a
2127 root. OSPF chooses the least cost path as the best path.
2129 <p>In OSPF, the autonomous system can be split to several areas in order
2130 to reduce the amount of resources consumed for exchanging the routing
2131 information and to protect the other areas from incorrect routing data.
2132 Topology of the area is hidden to the rest of the autonomous system.
2134 <p>Another very important feature of OSPF is that
2135 it can keep routing information from other protocols (like Static or BGP)
2136 in its link state database as external routes. Each external route can
2137 be tagged by the advertising router, making it possible to pass additional
2138 information between routers on the boundary of the autonomous system.
2140 <p>OSPF quickly detects topological changes in the autonomous system (such
2141 as router interface failures) and calculates new loop-free routes after a short
2142 period of convergence. Only a minimal amount of
2143 routing traffic is involved.
2145 <p>Each router participating in OSPF routing periodically sends Hello messages
2146 to all its interfaces. This allows neighbors to be discovered dynamically.
2147 Then the neighbors exchange theirs parts of the link state database and keep it
2148 identical by flooding updates. The flooding process is reliable and ensures
2149 that each router detects all changes.
2151 <sect1>Configuration
2153 <p>In the main part of configuration, there can be multiple definitions of
2154 OSPF areas, each with a different id. These definitions includes many other
2155 switches and multiple definitions of interfaces. Definition of interface
2156 may contain many switches and constant definitions and list of neighbors
2157 on nonbroadcast networks.
2160 protocol ospf <name> {
2161 rfc1583compat <switch>;
2162 stub router <switch>;
2164 ecmp <switch> [limit <num>];
2168 summary <switch>;
2169 default nssa <switch>;
2170 default cost <num>;
2171 default cost2 <num>;
2172 translator <switch>;
2173 translator stability <num>;
2177 <prefix> hidden;
2181 <prefix> hidden;
2182 <prefix> tag <num>;
2184 stubnet <prefix>;
2185 stubnet <prefix> {
2186 hidden <switch>;
2187 summary <switch>;
2190 interface <interface pattern> [instance <num>] {
2192 stub <switch>;
2195 retransmit <num>;
2196 priority <num>;
2198 dead count <num>;
2200 rx buffer [normal|large|<num>];
2201 type [broadcast|bcast|pointopoint|ptp|
2202 nonbroadcast|nbma|pointomultipoint|ptmp];
2203 strict nonbroadcast <switch>;
2204 real broadcast <switch>;
2205 ptp netmask <switch>;
2206 check link <switch>;
2208 ecmp weight <num>;
2209 ttl security [<switch>; | tx only]
2210 tx class|dscp <num>;
2211 tx priority <num>;
2212 authentication [none|simple|cryptographic];
2213 password "<text>";
2214 password "<text>" {
2216 generate from "<date>";
2217 generate to "<date>";
2218 accept from "<date>";
2219 accept to "<date>";
2223 <ip> eligible;
2226 virtual link <id> [instance <num>] {
2228 retransmit <num>;
2230 dead count <num>;
2232 authentication [none|simple|cryptographic];
2233 password "<text>";
2240 <tag>rfc1583compat <M>switch</M></tag>
2241 This option controls compatibility of routing table
2242 calculation with RFC 1583<htmlurl
2243 url="ftp://ftp.rfc-editor.org/in-notes/rfc1583.txt">. Default
2246 <tag>stub router <M>switch</M></tag>
2247 This option configures the router to be a stub router, i.e.,
2248 a router that participates in the OSPF topology but does not
2249 allow transit traffic. In OSPFv2, this is implemented by
2250 advertising maximum metric for outgoing links, as suggested
2251 by RFC 3137<htmlurl url="ftp://ftp.rfc-editor.org/in-notes/rfc3137.txt">.
2252 In OSPFv3, the stub router behavior is announced by clearing
2253 the R-bit in the router LSA. Default value is no.
2255 <tag>tick <M>num</M></tag>
2256 The routing table calculation and clean-up of areas' databases
2257 is not performed when a single link state
2258 change arrives. To lower the CPU utilization, it's processed later
2259 at periodical intervals of <m/num/ seconds. The default value is 1.
2261 <tag>ecmp <M>switch</M> [limit <M>number</M>]</tag>
2262 This option specifies whether OSPF is allowed to generate
2263 ECMP (equal-cost multipath) routes. Such routes are used when
2264 there are several directions to the destination, each with
2265 the same (computed) cost. This option also allows to specify
2266 a limit on maximal number of nexthops in one route. By
2267 default, ECMP is disabled. If enabled, default value of the
2270 <tag>area <M>id</M></tag>
2271 This defines an OSPF area with given area ID (an integer or an IPv4
2272 address, similarly to a router ID). The most important area is
2273 the backbone (ID 0) to which every other area must be connected.
2276 This option configures the area to be a stub area. External
2277 routes are not flooded into stub areas. Also summary LSAs can be
2278 limited in stub areas (see option <cf/summary/).
2279 By default, the area is not a stub area.
2282 This option configures the area to be a NSSA (Not-So-Stubby
2283 Area). NSSA is a variant of a stub area which allows a
2284 limited way of external route propagation. Global external
2285 routes are not propagated into a NSSA, but an external route
2286 can be imported into NSSA as a (area-wide) NSSA-LSA (and
2287 possibly translated and/or aggregated on area boundary).
2288 By default, the area is not NSSA.
2290 <tag>summary <M>switch</M></tag>
2291 This option controls propagation of summary LSAs into stub or
2292 NSSA areas. If enabled, summary LSAs are propagated as usual,
2293 otherwise just the default summary route (0.0.0.0/0) is
2294 propagated (this is sometimes called totally stubby area). If
2295 a stub area has more area boundary routers, propagating
2296 summary LSAs could lead to more efficient routing at the cost
2297 of larger link state database. Default value is no.
2299 <tag>default nssa <M>switch</M></tag>
2300 When <cf/summary/ option is enabled, default summary route is
2301 no longer propagated to the NSSA. In that case, this option
2302 allows to originate default route as NSSA-LSA to the NSSA.
2303 Default value is no.
2305 <tag>default cost <M>num</M></tag>
2306 This option controls the cost of a default route propagated to
2307 stub and NSSA areas. Default value is 1000.
2309 <tag>default cost2 <M>num</M></tag>
2310 When a default route is originated as NSSA-LSA, its cost
2311 can use either type 1 or type 2 metric. This option allows
2312 to specify the cost of a default route in type 2 metric.
2313 By default, type 1 metric (option <cf/default cost/) is used.
2315 <tag>translator <M>switch</M></tag>
2316 This option controls translation of NSSA-LSAs into external
2317 LSAs. By default, one translator per NSSA is automatically
2318 elected from area boundary routers. If enabled, this area
2319 boundary router would unconditionally translate all NSSA-LSAs
2320 regardless of translator election. Default value is no.
2322 <tag>translator stability <M>num</M></tag>
2323 This option controls the translator stability interval (in
2324 seconds). When the new translator is elected, the old one
2325 keeps translating until the interval is over. Default value
2328 <tag>networks { <m/set/ }</tag>
2329 Definition of area IP ranges. This is used in summary LSA origination.
2330 Hidden networks are not propagated into other areas.
2332 <tag>external { <m/set/ }</tag>
2333 Definition of external area IP ranges for NSSAs. This is used
2334 for NSSA-LSA translation. Hidden networks are not translated
2335 into external LSAs. Networks can have configured route tag.
2337 <tag>stubnet <m/prefix/ { <m/options/ }</tag>
2338 Stub networks are networks that are not transit networks
2339 between OSPF routers. They are also propagated through an
2340 OSPF area as a part of a link state database. By default,
2341 BIRD generates a stub network record for each primary network
2342 address on each OSPF interface that does not have any OSPF
2343 neighbors, and also for each non-primary network address on
2344 each OSPF interface. This option allows to alter a set of
2345 stub networks propagated by this router.
2347 Each instance of this option adds a stub network with given
2348 network prefix to the set of propagated stub network, unless
2349 option <cf/hidden/ is used. It also suppresses default stub
2350 networks for given network prefix. When option
2351 <cf/summary/ is used, also default stub networks that are
2352 subnetworks of given stub network are suppressed. This might
2353 be used, for example, to aggregate generated stub networks.
2355 <tag>interface <M>pattern</M> [instance <m/num/]</tag>
2356 Defines that the specified interfaces belong to the area being defined.
2357 See <ref id="dsc-iface" name="interface"> common option for detailed description.
2358 In OSPFv3, you can specify instance ID for that interface
2359 description, so it is possible to have several instances of
2360 that interface with different options or even in different areas.
2362 <tag>virtual link <M>id</M> [instance <m/num/]</tag>
2363 Virtual link to router with the router id. Virtual link acts
2364 as a point-to-point interface belonging to backbone. The
2365 actual area is used as transport area. This item cannot be in
2366 the backbone. In OSPFv3, you could also use several virtual
2367 links to one destination with different instance IDs.
2369 <tag>cost <M>num</M></tag>
2370 Specifies output cost (metric) of an interface. Default value is 10.
2372 <tag>stub <M>switch</M></tag>
2373 If set to interface it does not listen to any packet and does not send
2374 any hello. Default value is no.
2376 <tag>hello <M>num</M></tag>
2377 Specifies interval in seconds between sending of Hello messages. Beware, all
2378 routers on the same network need to have the same hello interval.
2379 Default value is 10.
2381 <tag>poll <M>num</M></tag>
2382 Specifies interval in seconds between sending of Hello messages for
2383 some neighbors on NBMA network. Default value is 20.
2385 <tag>retransmit <M>num</M></tag>
2386 Specifies interval in seconds between retransmissions of unacknowledged updates.
2389 <tag>priority <M>num</M></tag>
2390 On every multiple access network (e.g., the Ethernet) Designed Router
2391 and Backup Designed router are elected. These routers have some
2392 special functions in the flooding process. Higher priority increases
2393 preferences in this election. Routers with priority 0 are not
2394 eligible. Default value is 1.
2396 <tag>wait <M>num</M></tag>
2397 After start, router waits for the specified number of seconds between starting
2398 election and building adjacency. Default value is 40.
2400 <tag>dead count <M>num</M></tag>
2401 When the router does not receive any messages from a neighbor in
2402 <m/dead count/*<m/hello/ seconds, it will consider the neighbor down.
2404 <tag>dead <M>num</M></tag>
2405 When the router does not receive any messages from a neighbor in
2406 <m/dead/ seconds, it will consider the neighbor down. If both directives
2407 <m/dead count/ and <m/dead/ are used, <m/dead/ has precendence.
2409 <tag>rx buffer <M>num</M></tag>
2410 This sets the size of buffer used for receiving packets. The buffer should
2411 be bigger than maximal size of any packets. Value NORMAL (default)
2412 means 2*MTU, value LARGE means maximal allowed packet - 65535.
2414 <tag>type broadcast|bcast</tag>
2415 BIRD detects a type of a connected network automatically, but
2416 sometimes it's convenient to force use of a different type
2417 manually. On broadcast networks (like ethernet), flooding
2418 and Hello messages are sent using multicasts (a single packet
2419 for all the neighbors). A designated router is elected and it
2420 is responsible for synchronizing the link-state databases and
2421 originating network LSAs. This network type cannot be used on
2422 physically NBMA networks and on unnumbered networks (networks
2423 without proper IP prefix).
2425 <tag>type pointopoint|ptp</tag>
2426 Point-to-point networks connect just 2 routers together. No
2427 election is performed and no network LSA is originated, which
2428 makes it simpler and faster to establish. This network type
2429 is useful not only for physically PtP ifaces (like PPP or
2430 tunnels), but also for broadcast networks used as PtP links.
2431 This network type cannot be used on physically NBMA networks.
2433 <tag>type nonbroadcast|nbma</tag>
2434 On NBMA networks, the packets are sent to each neighbor
2435 separately because of lack of multicast capabilities.
2436 Like on broadcast networks, a designated router is elected,
2437 which plays a central role in propagation of LSAs.
2438 This network type cannot be used on unnumbered networks.
2440 <tag>type pointomultipoint|ptmp</tag>
2441 This is another network type designed to handle NBMA
2442 networks. In this case the NBMA network is treated as a
2443 collection of PtP links. This is useful if not every pair of
2444 routers on the NBMA network has direct communication, or if
2445 the NBMA network is used as an (possibly unnumbered) PtP
2448 <tag>strict nonbroadcast <M>switch</M></tag>
2449 If set, don't send hello to any undefined neighbor. This switch
2450 is ignored on other than NBMA or PtMP networks. Default value is no.
2452 <tag>real broadcast <m/switch/</tag>
2453 In <cf/type broadcast/ or <cf/type ptp/ network
2454 configuration, OSPF packets are sent as IP multicast
2455 packets. This option changes the behavior to using
2456 old-fashioned IP broadcast packets. This may be useful as a
2457 workaround if IP multicast for some reason does not work or
2458 does not work reliably. This is a non-standard option and
2459 probably is not interoperable with other OSPF
2460 implementations. Default value is no.
2462 <tag>ptp netmask <m/switch/</tag>
2463 In <cf/type ptp/ network configurations, OSPFv2
2464 implementations should ignore received netmask field in hello
2465 packets and should send hello packets with zero netmask field
2466 on unnumbered PtP links. But some OSPFv2 implementations
2467 perform netmask checking even for PtP links. This option
2468 specifies whether real netmask will be used in hello packets
2469 on <cf/type ptp/ interfaces. You should ignore this option
2470 unless you meet some compatibility problems related to this
2471 issue. Default value is no for unnumbered PtP links, yes
2474 <tag>check link <M>switch</M></tag>
2475 If set, a hardware link state (reported by OS) is taken into
2476 consideration. When a link disappears (e.g. an ethernet cable is
2477 unplugged), neighbors are immediately considered unreachable
2478 and only the address of the iface (instead of whole network
2479 prefix) is propagated. It is possible that some hardware
2480 drivers or platforms do not implement this feature. Default value is no.
2482 <tag>bfd <M>switch</M></tag>
2483 OSPF could use BFD protocol as an advisory mechanism for neighbor
2484 liveness and failure detection. If enabled, BIRD setups a BFD session
2485 for each OSPF neighbor and tracks its liveness by it. This has an
2486 advantage of an order of magnitude lower detection times in case of
2487 failure. Note that BFD protocol also has to be configured, see
2488 <ref id="sect-bfd" name="BFD"> section for details. Default value is no.
2490 <tag>ttl security [<m/switch/ | tx only]</tag>
2491 TTL security is a feature that protects routing protocols
2492 from remote spoofed packets by using TTL 255 instead of TTL 1
2493 for protocol packets destined to neighbors. Because TTL is
2494 decremented when packets are forwarded, it is non-trivial to
2495 spoof packets with TTL 255 from remote locations. Note that
2496 this option would interfere with OSPF virtual links.
2498 If this option is enabled, the router will send OSPF packets
2499 with TTL 255 and drop received packets with TTL less than
2500 255. If this option si set to <cf/tx only/, TTL 255 is used
2501 for sent packets, but is not checked for received
2502 packets. Default value is no.
2504 <tag>tx class|dscp|priority <m/num/</tag>
2505 These options specify the ToS/DiffServ/Traffic class/Priority
2506 of the outgoing OSPF packets. See <ref id="dsc-prio" name="tx
2507 class"> common option for detailed description.
2509 <tag>ecmp weight <M>num</M></tag>
2510 When ECMP (multipath) routes are allowed, this value specifies
2511 a relative weight used for nexthops going through the iface.
2512 Allowed values are 1-256. Default value is 1.
2514 <tag>authentication none</tag>
2515 No passwords are sent in OSPF packets. This is the default value.
2517 <tag>authentication simple</tag>
2518 Every packet carries 8 bytes of password. Received packets
2519 lacking this password are ignored. This authentication mechanism is
2522 <tag>authentication cryptographic</tag>
2523 16-byte long MD5 digest is appended to every packet. For the digest
2524 generation 16-byte long passwords are used. Those passwords are
2525 not sent via network, so this mechanism is quite secure.
2526 Packets can still be read by an attacker.
2528 <tag>password "<M>text</M>"</tag>
2529 An 8-byte or 16-byte password used for authentication.
2530 See <ref id="dsc-pass" name="password"> common option for detailed description.
2532 <tag>neighbors { <m/set/ } </tag>
2533 A set of neighbors to which Hello messages on NBMA or PtMP
2534 networks are to be sent. For NBMA networks, some of them
2535 could be marked as eligible. In OSPFv3, link-local addresses
2536 should be used, using global ones is possible, but it is
2537 nonstandard and might be problematic. And definitely,
2538 link-local and global addresses should not be mixed.
2544 <p>OSPF defines four route attributes. Each internal route has a <cf/metric/.
2545 Metric is ranging from 1 to infinity (65535).
2546 External routes use <cf/metric type 1/ or <cf/metric type 2/.
2547 A <cf/metric of type 1/ is comparable with internal <cf/metric/, a
2548 <cf/metric of type 2/ is always longer
2549 than any <cf/metric of type 1/ or any <cf/internal metric/.
2550 <cf/Internal metric/ or <cf/metric of type 1/ is stored in attribute
2551 <cf/ospf_metric1/, <cf/metric type 2/ is stored in attribute <cf/ospf_metric2/.
2552 If you specify both metrics only metric1 is used.
2554 Each external route can also carry attribute <cf/ospf_tag/ which is a
2555 32-bit integer which is used when exporting routes to other protocols;
2556 otherwise, it doesn't affect routing inside the OSPF domain at all.
2557 The fourth attribute <cf/ospf_router_id/ is a router ID of the router
2558 advertising that route/network. This attribute is read-only. Default
2559 is <cf/ospf_metric2 = 10000/ and <cf/ospf_tag = 0/.
2566 protocol ospf MyOSPF {
2570 if source = RTS_BGP then {
2582 authentication simple;
2587 authentication cryptographic;
2590 generate to "22-04-2003 11:00:06";
2591 accept from "17-01-2001 12:01:05";
2595 generate to "22-07-2005 17:03:21";
2596 accept from "22-02-2001 11:34:06";
2609 172.16.2.0/24 hidden;
2611 interface "-arc0" , "arc*" {
2613 authentication none;
2614 strict nonbroadcast yes;
2619 192.168.120.1 eligible;
2632 <p>The Pipe protocol serves as a link between two routing tables, allowing routes to be
2633 passed from a table declared as primary (i.e., the one the pipe is connected to using the
2634 <cf/table/ configuration keyword) to the secondary one (declared using <cf/peer table/)
2635 and vice versa, depending on what's allowed by the filters. Export filters control export
2636 of routes from the primary table to the secondary one, import filters control the opposite
2639 <p>The Pipe protocol may work in the transparent mode mode or in the opaque mode.
2640 In the transparent mode, the Pipe protocol retransmits all routes from
2641 one table to the other table, retaining their original source and
2642 attributes. If import and export filters are set to accept, then both
2643 tables would have the same content. The transparent mode is the default mode.
2645 <p>In the opaque mode, the Pipe protocol retransmits optimal route
2646 from one table to the other table in a similar way like other
2647 protocols send and receive routes. Retransmitted route will have the
2648 source set to the Pipe protocol, which may limit access to protocol
2649 specific route attributes. This mode is mainly for compatibility, it
2650 is not suggested for new configs. The mode can be changed by
2653 <p>The primary use of multiple routing tables and the Pipe protocol is for policy routing,
2654 where handling of a single packet doesn't depend only on its destination address, but also
2655 on its source address, source interface, protocol type and other similar parameters.
2656 In many systems (Linux being a good example), the kernel allows to enforce routing policies
2657 by defining routing rules which choose one of several routing tables to be used for a packet
2658 according to its parameters. Setting of these rules is outside the scope of BIRD's work
2659 (on Linux, you can use the <tt/ip/ command), but you can create several routing tables in BIRD,
2660 connect them to the kernel ones, use filters to control which routes appear in which tables
2661 and also you can employ the Pipe protocol for exporting a selected subset of one table to
2664 <sect1>Configuration
2667 <tag>peer table <m/table/</tag> Defines secondary routing table to connect to. The
2668 primary one is selected by the <cf/table/ keyword.
2670 <tag>mode opaque|transparent</tag> Specifies the mode for the pipe to work in. Default is transparent.
2675 <p>The Pipe protocol doesn't define any route attributes.
2679 <p>Let's consider a router which serves as a boundary router of two different autonomous
2680 systems, each of them connected to a subset of interfaces of the router, having its own
2681 exterior connectivity and wishing to use the other AS as a backup connectivity in case
2682 of outage of its own exterior line.
2684 <p>Probably the simplest solution to this situation is to use two routing tables (we'll
2685 call them <cf/as1/ and <cf/as2/) and set up kernel routing rules, so that packets having
2686 arrived from interfaces belonging to the first AS will be routed according to <cf/as1/
2687 and similarly for the second AS. Thus we have split our router to two logical routers,
2688 each one acting on its own routing table, having its own routing protocols on its own
2689 interfaces. In order to use the other AS's routes for backup purposes, we can pass
2690 the routes between the tables through a Pipe protocol while decreasing their preferences
2691 and correcting their BGP paths to reflect the AS boundary crossing.
2694 table as1; # Define the tables
2697 protocol kernel kern1 { # Synchronize them with the kernel
2702 protocol kernel kern2 {
2707 protocol bgp bgp1 { # The outside connections
2710 neighbor 192.168.0.1 as 1001;
2718 neighbor 10.0.0.1 as 1002;
2723 protocol pipe { # The Pipe
2727 if net ~ [ 1.0.0.0/8+] then { # Only AS1 networks
2728 if preference>10 then preference = preference-10;
2729 if source=RTS_BGP then bgp_path.prepend(1);
2735 if net ~ [ 2.0.0.0/8+] then { # Only AS2 networks
2736 if preference>10 then preference = preference-10;
2737 if source=RTS_BGP then bgp_path.prepend(2);
2749 <p>The RAdv protocol is an implementation of Router Advertisements,
2750 which are used in the IPv6 stateless autoconfiguration. IPv6 routers
2751 send (in irregular time intervals or as an answer to a request)
2752 advertisement packets to connected networks. These packets contain
2753 basic information about a local network (e.g. a list of network
2754 prefixes), which allows network hosts to autoconfigure network
2755 addresses and choose a default route. BIRD implements router behavior
2757 RFC 4861<htmlurl url="ftp://ftp.rfc-editor.org/in-notes/rfc4861.txt">
2758 and also the DNS extensions from
2759 RFC 6106<htmlurl url="ftp://ftp.rfc-editor.org/in-notes/rfc6106.txt">.
2761 <sect1>Configuration
2763 <p>There are several classes of definitions in RAdv configuration --
2764 interface definitions, prefix definitions and DNS definitions:
2767 <tag>interface <m/pattern [, ...]/ { <m/options/ }</tag>
2768 Interface definitions specify a set of interfaces on which the
2769 protocol is activated and contain interface specific options.
2770 See <ref id="dsc-iface" name="interface"> common options for
2771 detailed description.
2773 <tag>prefix <m/prefix/ { <m/options/ }</tag>
2774 Prefix definitions allow to modify a list of advertised
2775 prefixes. By default, the advertised prefixes are the same as
2776 the network prefixes assigned to the interface. For each
2777 network prefix, the matching prefix definition is found and
2778 its options are used. If no matching prefix definition is
2779 found, the prefix is used with default options.
2781 Prefix definitions can be either global or interface-specific.
2782 The second ones are part of interface options. The prefix
2783 definition matching is done in the first-match style, when
2784 interface-specific definitions are processed before global
2785 definitions. As expected, the prefix definition is matching if
2786 the network prefix is a subnet of the prefix in prefix
2789 <tag>rdnss { <m/options/ }</tag>
2790 RDNSS definitions allow to specify a list of advertised
2791 recursive DNS servers together with their options. As options
2792 are seldom necessary, there is also a short variant <cf>rdnss
2793 <m/address/</cf> that just specifies one DNS server. Multiple
2794 definitions are cumulative. RDNSS definitions may also be
2795 interface-specific when used inside interface options. By
2796 default, interface uses both global and interface-specific
2797 options, but that can be changed by <cf/rdnss local/ option.
2799 <tag>dnssl { <m/options/ }</tag>
2800 DNSSL definitions allow to specify a list of advertised DNS
2801 search domains together with their options. Like <cf/rdnss/
2802 above, multiple definitions are cumulative, they can be used
2803 also as interface-specific options and there is a short
2804 variant <cf>dnssl <m/domain/</cf> that just specifies one DNS
2807 <label id="dsc-trigger"> <tag>trigger <m/prefix/</tag>
2808 RAdv protocol could be configured to change its behavior based
2809 on availability of routes. When this option is used, the
2810 protocol waits in suppressed state until a <it/trigger route/
2811 (for the specified network) is exported to the protocol, the
2812 protocol also returnsd to suppressed state if the
2813 <it/trigger route/ disappears. Note that route export depends
2814 on specified export filter, as usual. This option could be
2815 used, e.g., for handling failover in multihoming scenarios.
2817 During suppressed state, router advertisements are generated,
2818 but with some fields zeroed. Exact behavior depends on which
2819 fields are zeroed, this can be configured by
2820 <cf/sensitive/ option for appropriate fields. By default, just
2821 <cf/default lifetime/ (also called <cf/router lifetime/) is
2822 zeroed, which means hosts cannot use the router as a default
2823 router. <cf/preferred lifetime/ and <cf/valid lifetime/ could
2824 also be configured as <cf/sensitive/ for a prefix, which would
2825 cause autoconfigured IPs to be deprecated or even removed.
2828 <p>Interface specific options:
2831 <tag>max ra interval <m/expr/</tag>
2832 Unsolicited router advertisements are sent in irregular time
2833 intervals. This option specifies the maximum length of these
2834 intervals, in seconds. Valid values are 4-1800. Default: 600
2836 <tag>min ra interval <m/expr/</tag>
2837 This option specifies the minimum length of that intervals, in
2838 seconds. Must be at least 3 and at most 3/4 * <cf/max ra interval/.
2839 Default: about 1/3 * <cf/max ra interval/.
2841 <tag>min delay <m/expr/</tag>
2842 The minimum delay between two consecutive router advertisements,
2843 in seconds. Default: 3
2845 <tag>managed <m/switch/</tag>
2846 This option specifies whether hosts should use DHCPv6 for
2847 IP address configuration. Default: no
2849 <tag>other config <m/switch/</tag>
2850 This option specifies whether hosts should use DHCPv6 to
2851 receive other configuration information. Default: no
2853 <tag>link mtu <m/expr/</tag>
2854 This option specifies which value of MTU should be used by
2855 hosts. 0 means unspecified. Default: 0
2857 <tag>reachable time <m/expr/</tag>
2858 This option specifies the time (in milliseconds) how long
2859 hosts should assume a neighbor is reachable (from the last
2860 confirmation). Maximum is 3600000, 0 means unspecified.
2863 <tag>retrans timer <m/expr/</tag>
2864 This option specifies the time (in milliseconds) how long
2865 hosts should wait before retransmitting Neighbor Solicitation
2866 messages. 0 means unspecified. Default 0.
2868 <tag>current hop limit <m/expr/</tag>
2869 This option specifies which value of Hop Limit should be used
2870 by hosts. Valid values are 0-255, 0 means unspecified. Default: 64
2872 <tag>default lifetime <m/expr/ [sensitive <m/switch/]</tag>
2873 This option specifies the time (in seconds) how long (after
2874 the receipt of RA) hosts may use the router as a default
2875 router. 0 means do not use as a default router. For
2876 <cf/sensitive/ option, see <ref id="dsc-trigger" name="trigger">.
2877 Default: 3 * <cf/max ra interval/, <cf/sensitive/ yes.
2879 <tag>rdnss local <m/switch/</tag>
2880 Use only local (interface-specific) RDNSS definitions for this
2881 interface. Otherwise, both global and local definitions are
2882 used. Could also be used to disable RDNSS for given interface
2883 if no local definitons are specified. Default: no.
2885 <tag>dnssl local <m/switch/</tag>
2886 Use only local DNSSL definitions for this interface. See
2887 <cf/rdnss local/ option above. Default: no.
2891 <p>Prefix specific options:
2894 <tag>skip <m/switch/</tag>
2895 This option allows to specify that given prefix should not be
2896 advertised. This is useful for making exceptions from a
2897 default policy of advertising all prefixes. Note that for
2898 withdrawing an already advertised prefix it is more useful to
2899 advertise it with zero valid lifetime. Default: no
2901 <tag>onlink <m/switch/</tag>
2902 This option specifies whether hosts may use the advertised
2903 prefix for onlink determination. Default: yes
2905 <tag>autonomous <m/switch/</tag>
2906 This option specifies whether hosts may use the advertised
2907 prefix for stateless autoconfiguration. Default: yes
2909 <tag>valid lifetime <m/expr/ [sensitive <m/switch/]</tag>
2910 This option specifies the time (in seconds) how long (after
2911 the receipt of RA) the prefix information is valid, i.e.,
2912 autoconfigured IP addresses can be assigned and hosts with
2913 that IP addresses are considered directly reachable. 0 means
2914 the prefix is no longer valid. For <cf/sensitive/ option, see
2915 <ref id="dsc-trigger" name="trigger">. Default: 86400 (1 day), <cf/sensitive/ no.
2917 <tag>preferred lifetime <m/expr/ [sensitive <m/switch/]</tag>
2918 This option specifies the time (in seconds) how long (after
2919 the receipt of RA) IP addresses generated from the prefix
2920 using stateless autoconfiguration remain preferred. For
2921 <cf/sensitive/ option, see <ref id="dsc-trigger" name="trigger">.
2922 Default: 14400 (4 hours), <cf/sensitive/ no.
2926 <p>RDNSS specific options:
2929 <tag>ns <m/address/</tag>
2930 This option specifies one recursive DNS server. Can be used
2931 multiple times for multiple servers. It is mandatory to have
2932 at least one <cf/ns/ option in <cf/rdnss/ definition.
2934 <tag>lifetime [mult] <m/expr/</tag>
2935 This option specifies the time how long the RDNSS information
2936 may be used by clients after the receipt of RA. It is
2937 expressed either in seconds or (when <cf/mult/ is used) in
2938 multiples of <cf/max ra interval/. Note that RDNSS information
2939 is also invalidated when <cf/default lifetime/ expires. 0
2940 means these addresses are no longer valid DNS servers.
2941 Default: 3 * <cf/max ra interval/.
2945 <p>DNSSL specific options:
2948 <tag>domain <m/address/</tag>
2949 This option specifies one DNS search domain. Can be used
2950 multiple times for multiple domains. It is mandatory to have
2951 at least one <cf/domain/ option in <cf/dnssl/ definition.
2953 <tag>lifetime [mult] <m/expr/</tag>
2954 This option specifies the time how long the DNSSL information
2955 may be used by clients after the receipt of RA. Details are
2956 the same as for RDNSS <cf/lifetime/ option above.
2957 Default: 3 * <cf/max ra interval/.
2966 max ra interval 5; # Fast failover with more routers
2967 managed yes; # Using DHCPv6 on eth2
2969 autonomous off; # So do not autoconfigure any IP
2973 interface "eth*"; # No need for any other options
2975 prefix 2001:0DB8:1234::/48 {
2976 preferred lifetime 0; # Deprecated address range
2979 prefix 2001:0DB8:2000::/48 {
2980 autonomous off; # Do not autoconfigure
2983 rdnss 2001:0DB8:1234::10; # Short form of RDNSS
2987 ns 2001:0DB8:1234::11;
2988 ns 2001:0DB8:1234::12;
3003 <p>The RIP protocol (also sometimes called Rest In Pieces) is a simple protocol, where each router broadcasts (to all its neighbors)
3004 distances to all networks it can reach. When a router hears distance to another network, it increments
3005 it and broadcasts it back. Broadcasts are done in regular intervals. Therefore, if some network goes
3006 unreachable, routers keep telling each other that its distance is the original distance plus 1 (actually, plus
3007 interface metric, which is usually one). After some time, the distance reaches infinity (that's 15 in
3008 RIP) and all routers know that network is unreachable. RIP tries to minimize situations where
3009 counting to infinity is necessary, because it is slow. Due to infinity being 16, you can't use
3010 RIP on networks where maximal distance is higher than 15 hosts. You can read more about RIP at <HTMLURL
3011 URL="http://www.ietf.org/html.charters/rip-charter.html" name="http://www.ietf.org/html.charters/rip-charter.html">. Both IPv4
3012 (RFC 1723<htmlurl url="ftp://ftp.rfc-editor.org/in-notes/rfc1723.txt">)
3013 and IPv6 (RFC 2080<htmlurl url="ftp://ftp.rfc-editor.org/in-notes/rfc2080.txt">) versions of RIP are supported by BIRD, historical RIPv1 (RFC 1058<htmlurl url="ftp://ftp.rfc-editor.org/in-notes/rfc1058.txt">)is
3014 not currently supported. RIPv4 MD5 authentication (RFC 2082<htmlurl url="ftp://ftp.rfc-editor.org/in-notes/rfc2082.txt">) is supported.
3016 <p>RIP is a very simple protocol, and it has a lot of shortcomings. Slow
3017 convergence, big network load and inability to handle larger networks
3018 makes it pretty much obsolete. (It is still usable on very small networks.)
3020 <sect1>Configuration
3022 <p>In addition to options common for all to other protocols, RIP supports the following ones:
3025 <tag/authentication none|plaintext|md5/ selects authentication method to be used. <cf/none/ means that
3026 packets are not authenticated at all, <cf/plaintext/ means that a plaintext password is embedded
3027 into each packet, and <cf/md5/ means that packets are authenticated using a MD5 cryptographic
3028 hash. If you set authentication to not-none, it is a good idea to add <cf>password</cf>
3029 section. Default: none.
3031 <tag>honor always|neighbor|never </tag>specifies when should requests for dumping routing table
3032 be honored. (Always, when sent from a host on a directly connected
3033 network or never.) Routing table updates are honored only from
3034 neighbors, that is not configurable. Default: never.
3037 <p>There are some options that can be specified per-interface:
3040 <tag>metric <m/num/</tag>
3041 This option specifies the metric of the interface. Valid
3043 <tag>mode multicast|broadcast|quiet|nolisten|version1</tag>
3044 This option selects the mode for RIP to work in. If nothing is
3045 specified, RIP runs in multicast mode. <cf/version1/ is
3046 currently equivalent to <cf/broadcast/, and it makes RIP talk
3047 to a broadcast address even through multicast mode is
3048 possible. <cf/quiet/ option means that RIP will not transmit
3049 any periodic messages to this interface and <cf/nolisten/
3050 means that RIP will send to this interface butnot listen to it.
3052 <tag>ttl security [<m/switch/ | tx only]</tag>
3053 TTL security is a feature that protects routing protocols
3054 from remote spoofed packets by using TTL 255 instead of TTL 1
3055 for protocol packets destined to neighbors. Because TTL is
3056 decremented when packets are forwarded, it is non-trivial to
3057 spoof packets with TTL 255 from remote locations.
3059 If this option is enabled, the router will send RIP packets
3060 with TTL 255 and drop received packets with TTL less than
3061 255. If this option si set to <cf/tx only/, TTL 255 is used
3062 for sent packets, but is not checked for received
3063 packets. Such setting does not offer protection, but offers
3064 compatibility with neighbors regardless of whether they use
3067 Note that for RIPng, TTL security is a standard behavior
3068 (required by RFC 2080), but BIRD uses <cf/tx only/ by
3069 default, for compatibility with older versions. For IPv4 RIP,
3070 default value is no.
3072 <tag>tx class|dscp|priority <m/num/</tag>
3073 These options specify the ToS/DiffServ/Traffic class/Priority
3074 of the outgoing RIP packets. See <ref id="dsc-prio" name="tx
3075 class"> common option for detailed description.
3078 <p>The following options generally override behavior specified in RFC. If you use any of these
3079 options, BIRD will no longer be RFC-compliant, which means it will not be able to talk to anything
3080 other than equally configured BIRD. I have warned you.
3083 <tag>port <M>number</M></tag>
3084 selects IP port to operate on, default 520. (This is useful when testing BIRD, if you
3085 set this to an address >1024, you will not need to run bird with UID==0).
3087 <tag>infinity <M>number</M></tag>
3088 selects the value of infinity, default is 16. Bigger values will make protocol convergence
3091 <tag>period <M>number</M>
3092 </tag>specifies the number of seconds between periodic updates. Default is 30 seconds. A lower
3093 number will mean faster convergence but bigger network
3094 load. Do not use values lower than 12.
3096 <tag>timeout time <M>number</M>
3097 </tag>specifies how old route has to be to be considered unreachable. Default is 4*<cf/period/.
3099 <tag>garbage time <M>number</M>
3100 </tag>specifies how old route has to be to be discarded. Default is 10*<cf/period/.
3105 <p>RIP defines two route attributes:
3108 <tag>int <cf/rip_metric/</tag> RIP metric of the route (ranging from 0 to <cf/infinity/).
3109 When routes from different RIP instances are available and all of them have the same
3110 preference, BIRD prefers the route with lowest <cf/rip_metric/.
3111 When importing a non-RIP route, the metric defaults to 5.
3113 <tag>int <cf/rip_tag/</tag> RIP route tag: a 16-bit number which can be used
3114 to carry additional information with the route (for example, an originating AS number
3115 in case of external routes). When importing a non-RIP route, the tag defaults to 0.
3121 protocol rip MyRIP_test {
3126 interface "eth0" { metric 3; mode multicast; };
3127 interface "eth*" { metric 2; mode broadcast; };
3129 authentication none;
3130 import filter { print "importing"; accept; };
3131 export filter { print "exporting"; accept; };
3137 <p>The Static protocol doesn't communicate with other routers in the network,
3138 but instead it allows you to define routes manually. This is often used for
3139 specifying how to forward packets to parts of the network which don't use
3140 dynamic routing at all and also for defining sink routes (i.e., those
3141 telling to return packets as undeliverable if they are in your IP block,
3142 you don't have any specific destination for them and you don't want to send
3143 them out through the default route to prevent routing loops).
3145 <p>There are five types of static routes: `classical' routes telling
3146 to forward packets to a neighboring router, multipath routes
3147 specifying several (possibly weighted) neighboring routers, device
3148 routes specifying forwarding to hosts on a directly connected network,
3149 recursive routes computing their nexthops by doing route table lookups
3150 for a given IP and special routes (sink, blackhole etc.) which specify
3151 a special action to be done instead of forwarding the packet.
3153 <p>When the particular destination is not available (the interface is down or
3154 the next hop of the route is not a neighbor at the moment), Static just
3155 uninstalls the route from the table it is connected to and adds it again as soon
3156 as the destination becomes adjacent again.
3158 <p>The Static protocol does not have many configuration options. The
3159 definition of the protocol contains mainly a list of static routes:
3162 <tag>route <m/prefix/ via <m/ip/</tag> Static route through
3163 a neighboring router.
3164 <tag>route <m/prefix/ multipath via <m/ip/ [weight <m/num/] [via ...]</tag>
3165 Static multipath route. Contains several nexthops (gateways), possibly
3167 <tag>route <m/prefix/ via <m/"interface"/</tag> Static device
3168 route through an interface to hosts on a directly connected network.
3169 <tag>route <m/prefix/ recursive <m/ip/</tag> Static recursive route,
3170 its nexthop depends on a route table lookup for given IP address.
3171 <tag>route <m/prefix/ blackhole|unreachable|prohibit</tag> Special routes
3172 specifying to silently drop the packet, return it as unreachable or return
3173 it as administratively prohibited. First two targets are also known
3174 as <cf/drop/ and <cf/reject/.
3176 <tag>check link <m/switch/</tag>
3177 If set, hardware link states of network interfaces are taken
3178 into consideration. When link disappears (e.g. ethernet cable
3179 is unplugged), static routes directing to that interface are
3180 removed. It is possible that some hardware drivers or
3181 platforms do not implement this feature. Default: off.
3183 <tag>igp table <m/name/</tag> Specifies a table that is used
3184 for route table lookups of recursive routes. Default: the
3185 same table as the protocol is connected to.
3188 <p>Static routes have no specific attributes.
3190 <p>Example static config might look like this:
3194 table testable; # Connect to a non-default routing table
3195 route 0.0.0.0/0 via 198.51.100.130; # Default route
3196 route 10.0.0.0/8 multipath # Multipath route
3197 via 198.51.100.10 weight 2
3200 route 203.0.113.0/24 unreachable; # Sink route
3201 route 10.2.0.0/24 via "arc0"; # Secondary network
3209 <p>Although BIRD supports all the commonly used routing protocols,
3210 there are still some features which would surely deserve to be
3211 implemented in future versions of BIRD:
3215 <item>Route aggregation and flap dampening
3216 <item>Multipath routes
3217 <item>Multicast routing protocols
3218 <item>Ports to other systems
3221 <sect>Getting more help
3223 <p>If you use BIRD, you're welcome to join the bird-users mailing list
3224 (<HTMLURL URL="mailto:bird-users@bird.network.cz" name="bird-users@bird.network.cz">)
3225 where you can share your experiences with the other users and consult
3226 your problems with the authors. To subscribe to the list, just send a
3227 <tt/subscribe bird-users/ command in a body of a mail to
3228 (<HTMLURL URL="mailto:majordomo@bird.network.cz" name="majordomo@bird.network.cz">).
3229 The home page of BIRD can be found at <HTMLURL URL="http://bird.network.cz/" name="http://bird.network.cz/">.
3231 <p>BIRD is a relatively young system and it probably contains some
3232 bugs. You can report any problems to the bird-users list and the authors
3233 will be glad to solve them, but before you do so,
3234 please make sure you have read the available documentation and that you are running the latest version (available at <HTMLURL
3235 URL="ftp://bird.network.cz/pub/bird" name="bird.network.cz:/pub/bird">). (Of course, a patch
3236 which fixes the bug is always welcome as an attachment.)
3238 <p>If you want to understand what is going inside, Internet standards are
3239 a good and interesting reading. You can get them from <HTMLURL URL="ftp://ftp.rfc-editor.org/" name="ftp.rfc-editor.org"> (or a nicely sorted version from <HTMLURL URL="ftp://atrey.karlin.mff.cuni.cz/pub/rfc" name="atrey.karlin.mff.cuni.cz:/pub/rfc">).
3246 LocalWords: GPL IPv GateD BGPv RIPv OSPFv Linux sgml html dvi sgmltools Pavel
3247 LocalWords: linuxdoc dtd descrip config conf syslog stderr auth ospf bgp Mbps
3248 LocalWords: router's eval expr num birdc ctl UNIX if's enums bool int ip GCC
3249 LocalWords: len ipaddress pxlen netmask enum bgppath bgpmask clist gw md eth
3250 LocalWords: RTS printn quitbird iBGP AS'es eBGP RFC multiprotocol IGP Machek
3251 LocalWords: EGP misconfigurations keepalive pref aggr aggregator BIRD's RTC
3252 LocalWords: OS'es AS's multicast nolisten misconfigured UID blackhole MRTD MTU
3253 LocalWords: uninstalls ethernets IP binutils ANYCAST anycast dest RTD ICMP rfc
3254 LocalWords: compat multicasts nonbroadcast pointopoint loopback sym stats
3255 LocalWords: Perl SIGHUP dd mm yy HH MM SS EXT IA UNICAST multihop Discriminator txt
3256 LocalWords: proto wildcard Ondrej Filip
projects / thirdparty / bird.git / blob