<item>multiple routing tables
<item>the Border Gateway Protocol (BGPv4)
<item>the Routing Information Protocol (RIPv2)
- <item>the Open Shortest Path First protocol (OSPFv2)
+ <item>the Open Shortest Path First protocol (OSPFv2, OSPFv3)
<item>a virtual protocol for exchange of routes between different routing tables on a single host
<item>a command-line interface allowing on-line control and inspection
of status of the daemon
Public License.
<p>BIRD has been designed to work on all UNIX-like systems. It has been developed and
-tested under Linux 2.0 to 2.4, and then ported to FreeBSD and NetBSD, porting to other
+tested under Linux 2.0 to 2.6, and then ported to FreeBSD, NetBSD and OpenBSD, porting to other
systems (even non-UNIX ones) should be relatively easy due to its highly modular architecture.
<sect>Installing BIRD
<sect>Global options
<p><descrip>
- <tag>log "<m/filename/"|syslog|stderr all|{ <m/list of classes/ }</tag>
+ <tag>log "<m/filename/"|syslog [name <m/name/]|stderr all|{ <m/list of classes/ }</tag>
Set logging of messages having the given class (either <cf/all/ or <cf/{
- error, trace }/ etc.) into selected destination. Classes are:
+ error, trace }/ etc.) into selected destination (a file specified as a filename string,
+ syslog with optional name argument, or the stderr output). Classes are:
<cf/info/, <cf/warning/, <cf/error/ and <cf/fatal/ for messages about local problems,
<cf/debug/ for debugging messages,
<cf/trace/ when you want to know what happens in the network,
logging of connects and disconnects, 2 and higher for logging of
all client commands). Default: 0.
+ <tag>mrtdump "<m/filename/"</tag>
+ Set MRTdump file name. This option must be specified to allow MRTdump feature.
+ Default: no dump file.
+
+ <tag>mrtdump protocols all|off|{ states, messages }</tag>
+ Set global defaults of MRTdump options. See <cf/mrtdump/ in the following section.
+ Default: off.
+
<tag>filter <m/name local variables/{ <m/commands/ }</tag> Define a filter. You can learn more about filters
in the following chapter.
listen to IPv6 connections only. This is needed if you want to
run both bird and bird6 on the same port.
+ <tag>timeformat route|protocol|base|log "<m/format1/" [<m/limit> "<m/format2/"]</tag>
+ This option allows to specify a format of date/time used by
+ BIRD. The first argument specifies for which purpose such
+ format is used. <cf/route/ is a format used in 'show route'
+ command output, <cf/protocol/ is used in 'show protocols'
+ command output, <cf/base/ is used for other commands and
+ <cf/log/ is used in a log file.
+
+ "<m/format1/" is a format string using <i/strftime(3)/
+ notation (see <i/man strftime/ for details). <m/limit> and
+ "<m/format2/" allow to specify the second format string for
+ times in past deeper than <m/limit/ seconds. There are two
+ shorthands: <cf/iso long/ is a ISO 8601 date/time format
+ (YYYY-MM-DD hh:mm:ss) that can be also specified using <cf/"%F
+ %T"/. <cf/iso short/ is a variant of ISO 8601 that uses just
+ the time format (hh:mm:ss) for near times (up to 20 hours in
+ the past) and the date format (YYYY-MM-DD) for far times. This
+ is a shorthand for <cf/"%T" 72000 "%F"/.
+
+ By default, BIRD uses an short, ad-hoc format for <cf/route/
+ and <cf/protocol/ times, and a <cf/iso long/ similar format
+ (DD-MM-YYYY hh:mm:ss) for <cf/base/ and <cf/log/. These
+ defaults are here for a compatibility with older versions
+ and might change in the future.
+
<tag>table <m/name/</tag> Create a new routing table. The default
routing table is created implicitly, other routing tables have
to be added by this command.
<cf/events/ for events internal to the protocol and
<cf/packets/ for packets sent and received by the protocol. Default: off.
- <tag>router id <m/IPv4 address/</tag> This option can be used to override global
- router id for a given protocol. This option is not yet implemented for OSPF
- protocol. Default: uses global router id.
+ <tag>mrtdump all|off|{ states, messages }</tag>
+
+ Set protocol MRTdump flags. MRTdump is a standard binary
+ format for logging information from routing protocols and
+ daemons. These flags control what kind of information is
+ logged from the protocol to the MRTdump file (which must be
+ specified by global <cf/mrtdump/ option, see the previous
+ section). Although these flags are similar to flags of
+ <cf/debug/ option, their meaning is different and
+ protocol-specific. For BGP protocol, <cf/states/ logs BGP
+ state changes and <cf/messages/ logs received BGP messages.
+ Other protocols does not support MRTdump yet.
+
+ <tag>router id <m/IPv4 address/</tag> This option can be used
+ to override global router id for a given protocol. Default:
+ uses global router id.
<tag>import all | none | filter <m/name/ | filter { <m/filter commands/ } | where <m/filter expression/</tag>
Specify a filter to be used for filtering routes coming from the protocol to the routing table. <cf/all/ is shorthand for <cf/where true/ and <cf/none/ is shorthand for <cf/where false/. Default: <cf/all/.
Specifies a set of interfaces on which the protocol is activated with
given interface-specific options. A set of interfaces specified by one
interface option is described using an interface pattern. The
- interface pattern consists of a sequence of clauses (separted by
+ interface pattern consists of a sequence of clauses (separated by
commas), each clause may contain a mask, a prefix, or both of them. An
interface matches the clause if its name matches the mask (if
specified) and its address matches the prefix (if specified). Mask is
<chapt>Remote control
<p>You can use the command-line client <file>birdc</file> to talk with
-a running BIRD. Communication is done using a <file/bird.ctl/ UNIX domain
-socket (unless changed with the <tt/-s/ option given to both the server and
-the client). The commands can perform simple actions such as enabling/disabling
-of protocols, telling BIRD to show various information, telling it to
-show routing table filtered by filter, or asking BIRD to
-reconfigure. Press <tt/?/ at any time to get online help. Option
+a running BIRD. Communication is done using a <file/bird.ctl/ UNIX
+domain socket (unless changed with the <tt/-s/ option given to both
+the server and the client). The commands can perform simple actions
+such as enabling/disabling of protocols, telling BIRD to show various
+information, telling it to show routing table filtered by filter, or
+asking BIRD to reconfigure. Press <tt/?/ at any time to get online
+help. Option <tt/-r/ can be used to enable a restricted mode of BIRD
+client, which allows just read-only commands (<cf/show .../). Option
<tt/-v/ can be passed to the client, to make it dump numeric return
-codes along with the messages. You do not necessarily need to use <file/birdc/ to talk to BIRD, your
-own applications could do that, too -- the format of communication between
-BIRD and <file/birdc/ is stable (see the programmer's documentation).
+codes along with the messages. You do not necessarily need to use
+<file/birdc/ to talk to BIRD, your own applications could do that, too
+-- the format of communication between BIRD and <file/birdc/ is stable
+(see the programmer's documentation).
Many commands have the <m/name/ of the protocol instance as an argument.
This argument can be omitted if there exists only a single instance.
Reload configuration from a given file. BIRD will smoothly
switch itself to the new configuration, protocols are
reconfigured if possible, restarted otherwise. Changes in
- filters usualy lead to restart of affected protocols. If
+ filters usually lead to restart of affected protocols. If
<cf/soft/ option is used, changes in filters does not cause
BIRD to restart affected protocols, therefore already accepted
routes (according to old filters) would be still propagated,
<tag>enable|disable|restart <m/name/|"<m/pattern/"|all</tag>
Enable, disable or restart a given protocol instance, instances matching the <cf><m/pattern/</cf> or <cf/all/ instances.
+ <tag>reload [in|out] <m/name/|"<m/pattern/"|all</tag>
+
+ Reload a given protocol instance, that means re-import routes
+ from the protocol instance and re-export preferred routes to
+ the instance. If <cf/in/ or <cf/out/ options are used, the
+ command is restricted to one direction (re-import or
+ re-export).
+
+ This command is useful if appropriate filters have changed but
+ the protocol instance was not restarted (or reloaded),
+ therefore it still propagates the old set of routes. For example
+ when <cf/configure soft/ command was used to change filters.
+
+ Re-export always succeeds, but re-import is protocol-dependent
+ and might fail (for example, if BGP neighbor does not support
+ route-refresh extension). In that case, re-export is also
+ skipped. Note that for the pipe protocol, both directions are
+ always reloaded together (<cf/in/ or <cf/out/ options are
+ ignored in that case).
+
<tag/down/
Shut BIRD down.
65535. Literals of this type are written as <cf/(1234,5678)/. The same syntax can also be
used to construct a pair from two arbitrary integer expressions (for example <cf/(1+2,a)/).
+ <tag/quad/ This is a dotted quad of numbers used to represent
+ router IDs (and others). Each component can have a value
+ from 0 to 255. Literals of this type are written like IPv4
+ addresses.
+
<tag/string/ This is a string of characters. There are no ways to modify strings in
filters. You can pass them between functions, assign them to variables of type <cf/string/, print
such variables, but you can't concatenate two strings. String literals
<cf/.ip/ which extracts the IP address from the pair, and <cf/.len/, which separates prefix
length from the pair. So <cf>1.2.0.0/16.pxlen = 16</cf> is true.
- <tag/int|ip|prefix|pair|enum set/
+ <tag/int|pair|quad|ip|prefix|enum set/
Filters recognize four types of sets. Sets are similar to strings: you can pass them around
- but you can't modify them. Literals of type <cf>set int</cf> look like <cf>
+ but you can't modify them. Literals of type <cf>int set</cf> look like <cf>
[ 1, 2, 5..7 ]</cf>. As you can see, both simple values and ranges are permitted in
sets.
and integer variables, for example <tt>[= * 4 (1+2) a =]</tt>.
There is also old syntax that uses / .. / instead of [= .. =] and ? instead of *.
- <tag/clist/
- Community list is similar to set of pairs,
- except that unlike other sets, it can be modified.
- There exist no literals of this type.
- There are two special operators on clists:
+ <tag/clist/
+ Clist is similar to a set, except that unlike other sets, it
+ can be modified. The type is used for community list (a set
+ of pairs) and for cluster list (a set of quads). There exist
+ no literals of this type. There are two special operators on
+ clists:
- <cf>add(<m/C/,<m/P/)</cf> adds pair <m/P/ to clist <m/C/ and returns the result.
+ <cf>add(<m/C/,<m/P/)</cf> adds pair (or quad) <m/P/ to clist <m/C/ and returns the result.
- <cf>delete(<m/C/,<m/P/)</cf> deletes pair <m/P/ from clist <m/C/ and returns the result.
+ <cf>delete(<m/C/,<m/P/)</cf> deletes pair (or quad) <m/P/ from clist <m/C/ and returns the result.
Statement <cf><m/C/ = add(<m/C/, <m/P/);</cf> can be shortened to
<cf><m/C/.add(<m/P/);</cf> if <m/C/ is appropriate route attribute
Special operators include <cf/˜/ for "is element of a set" operation - it can be
used on element and set of elements of the same type (returning true if element is contained in the given set), or
on two strings (returning true if first string matches a shell-like pattern stored in second string) or on IP and prefix (returning true if IP is within the range defined by that prefix), or on
-prefix and prefix (returning true if first prefix is more specific than second one) or on bgppath and bgpmask (returning true if the path matches the mask) or on pair and clist (returning true if the community is element of the community list).
+prefix and prefix (returning true if first prefix is more specific than second one) or on bgppath and bgpmask (returning true if the path matches the mask) or on pair and clist (returning true if the pair (or quad) is element of the clist).
<sect>Control structures
attributes just like it accesses variables. Attempts to access undefined
attribute result in a runtime error; you can check if an attribute is
defined by using the <cf>defined( <m>attribute</m> )</cf> operator.
+One notable exception to this rule are attributes of clist type, where
+undefined value is regarded as empty clist for most purposes.
<descrip>
<tag><m/prefix/ net</tag>
Network the route is talking about. Read-only. (See the chapter about routing tables.)
<tag><m/enum/ scope</tag>
- Address scope of the network (<cf/SCOPE_HOST/ for addresses local to this host, <cf/SCOPE_LINK/ for those specific for a physical link, <cf/SCOPE_SITE/ and <cf/SCOPE_ORGANIZATION/ for private addresses, <cf/SCOPE_UNIVERSE/ for globally visible addresses).
+ The scope of the route. Possible values: <cf/SCOPE_HOST/ for
+ routes local to this host, <cf/SCOPE_LINK/ for those specific
+ for a physical link, <cf/SCOPE_SITE/ and
+ <cf/SCOPE_ORGANIZATION/ for private routes and
+ <cf/SCOPE_UNIVERSE/ for globally visible routes. This
+ attribute is not interpreted by BIRD and can be used to mark
+ routes in filters. The default value for new routes is
+ <cf/SCOPE_UNIVERSE/.
<tag><m/int/ preference</tag>
Preference of the route. Valid values are 0-65535. (See the chapter about routing tables.)
what protocol has told me about this route. Possible values: <cf/RTS_DUMMY/, <cf/RTS_STATIC/, <cf/RTS_INHERIT/, <cf/RTS_DEVICE/, <cf/RTS_STATIC_DEVICE/, <cf/RTS_REDIRECT/, <cf/RTS_RIP/, <cf/RTS_OSPF/, <cf/RTS_OSPF_IA/, <cf/RTS_OSPF_EXT/, <cf/RTS_BGP/, <cf/RTS_PIPE/.
<tag><m/enum/ cast</tag>
- Route type (<cf/RTC_UNICAST/ for normal routes, <cf/RTC_BROADCAST/, <cf/RTC_MULTICAST/, <cf/RTC_ANYCAST/ for broadcast, multicast and anycast routes). Read-only.
+
+ Route type (Currently <cf/RTC_UNICAST/ for normal routes,
+ <cf/RTC_BROADCAST/, <cf/RTC_MULTICAST/, <cf/RTC_ANYCAST/ will
+ be used in the future for broadcast, multicast and anycast
+ routes). Read-only.
<tag><m/enum/ dest</tag>
- Type of destination the packets should be sent to (<cf/RTD_ROUTER/ for forwarding to a neighboring router, <cf/RTD_NETWORK/ for routing to a directly-connected network, <cf/RTD_BLACKHOLE/ for packets to be silently discarded, <cf/RTD_UNREACHABLE/, <cf/RTD_PROHIBIT/ for packets that should be returned with ICMP host unreachable / ICMP administratively prohibited messages). Read-only.
+ Type of destination the packets should be sent to (<cf/RTD_ROUTER/ for forwarding to a neighboring router, <cf/RTD_DEVICE/ for routing to a directly-connected network, <cf/RTD_BLACKHOLE/ for packets to be silently discarded, <cf/RTD_UNREACHABLE/, <cf/RTD_PROHIBIT/ for packets that should be returned with ICMP host unreachable / ICMP administratively prohibited messages). Read-only.
</descrip>
<p>There also exist some protocol-specific attributes which are described in the corresponding protocol sections.
received from its neighbor against the new filter. As these
routes might not be available, there is a BGP protocol
extension Route Refresh (specified in RFC 2918) that allows
- BGP speaker to request re-advertisment of all routes from its
+ BGP speaker to request re-advertisement of all routes from its
neighbor. This option specifies whether BIRD advertises this
capability and accepts such requests. Even when disabled, BIRD
can send route refresh requests. Default: on.
+ <tag>interpret communities <m/switch/</tag> RFC 1997 demands
+ that BGP speaker should process well-known communities like
+ no-export (65535, 65281) or no-advertise (65535, 65282). For
+ example, received route carrying a no-adverise community
+ should not be advertised to any of its neighbors. If this
+ option is enabled (which is by default), BIRD has such
+ behavior automatically (it is evaluated when a route is
+ exported to the BGP protocol just before the export filter).
+ Otherwise, this integrated processing of well-known
+ communities is disabled. In that case, similar behavior can be
+ implemented in the export filter. Default: on.
+
<tag>enable as4 <m/switch/</tag> BGP protocol was designed to use 2B AS numbers
and was extended later to allow 4B AS number. BIRD supports 4B AS extension,
but by disabling this option it can be persuaded not to advertise it and
Discriminator to be used during route selection when the MED attribute
is missing. Default: 0.
- <tag>default bgp_local_pref <m/number/</tag> Value of the Local Preference
- to be used during route selection when the Local Preference attribute
- is missing. Default: 0.
+ <tag>default bgp_local_pref <m/number/</tag> A default value
+ for the Local Preference attribute. It is used when a new
+ Local Preference attribute is attached to a route by the BGP
+ protocol itself (for example, if a route is received through
+ eBGP and therefore does not have such attribute). Default: 100
+ (0 in pre-1.2.0 versions of BIRD).
</descrip>
<sect1>Attributes
policy information like "don't export to USA peers". As each AS can define
its own routing policy, it also has a complete freedom about which community
attributes it defines and what will their semantics be.
+
+ <tag>quad <cf/bgp_originator_id/ [O]</tag> This attribute is created by the
+ route reflector when reflecting the route and contains the router ID of the
+ originator of the route in the local AS.
+
+ <tag>clist <cf/bgp_cluster_list/ [O]</tag> This attribute contains a list
+ of cluster IDs of route reflectors. Each route reflector prepends its
+ cluster ID when reflecting the route.
</descrip>
<sect1>Example
directly connected networks according to the list of interfaces provided
by the kernel via the Device protocol.
-<p>It's highly recommended to include this protocol in your configuration
-unless you want to use BIRD as a route server or a route reflector, that is
-on a machine which doesn't forward packets itself and only participates in
-distribution of routing information.
+<p>The question is whether it is a good idea to have such device
+routes in BIRD routing table. OS kernel usually handles device routes
+for directly connected networks by itself so we don't need (and don't
+want) to export these routes to the kernel protocol. OSPF protocol
+creates device routes for its interfaces itself and BGP protocol is
+usually used for exporting aggregate routes. Although there are some
+use cases that use the direct protocol (like abusing eBGP as an IGP
+routing protocol), in most cases it is not needed to have these device
+routes in BIRD routing table and to use the direct protocol.
<p>The only configurable thing about direct is what interfaces it watches:
<sect>Kernel
<p>The Kernel protocol is not a real routing protocol. Instead of communicating
-the with other routers in the network, it performs synchronization of BIRD's routing
+with other routers in the network, it performs synchronization of BIRD's routing
tables with the OS kernel. Basically, it sends all routing table updates to the kernel
and from time to time it scans the kernel tables to see whether some routes have
disappeared (for example due to unnoticed up/down transition of an interface)
or whether an `alien' route has been added by someone else (depending on the
-<cf/learn/ switch, such routes are either deleted or accepted to our
+<cf/learn/ switch, such routes are either ignored or accepted to our
table).
+<p>Unfortunately, there is one thing that makes the routing table
+synchronization a bit more complicated. In the kernel routing table
+there are also device routes for directly connected networks. These
+routes are usually managed by OS itself (as a part of IP address
+configuration) and we don't want to touch that. They are completely
+ignored during the scan of the kernel tables and also the export of
+device routes from BIRD tables to kernel routing tables is restricted
+to prevent accidental interference. This restriction can be disabled using
+<cf/device routes/ switch.
+
<p>If your OS supports only a single routing table, you can configure only one
instance of the Kernel protocol. If it supports multiple tables (in order to
allow policy routing; such an OS is for example Linux 2.2), you can run as many instances as you want, but each of
routing tables by other routing daemons or by the system administrator.
This is possible only on systems which support identification of route
authorship.
+
+ <tag>device routes <m/switch/</tag> Enable export of device
+ routes to the kernel routing table. By default, such routes
+ are rejected (with the exception of explicitly configured
+ device routes from the static protocol) regardless of the
+ export filter to protect device routes in kernel routing table
+ (managed by OS itself) from accidental overwriting or erasing.
+
<tag>kernel table <m/number/</tag> Select which kernel table should
this particular instance of the Kernel protocol work with. Available
only on systems supporting multiple routing tables.
<sect1>Introduction
<p>Open Shortest Path First (OSPF) is a quite complex interior gateway
-protocol. The current IPv4 version (OSPFv2) is defined
-in RFC 2328<htmlurl url="ftp://ftp.rfc-editor.org/in-notes/rfc2328.txt">. It's a link
-state (a.k.a. shortest path first) protocol -- each router maintains a database
-describing the autonomous system's topology. Each participating router
-has an identical copy of the database and all routers run the same algorithm
-calculating a shortest path tree with themselves as a root.
-OSPF chooses the least cost path as the best path.
-(OSPFv3 - OSPF for IPv6 is not supported yet.)
+protocol. The current IPv4 version (OSPFv2) is defined in RFC
+2328<htmlurl url="ftp://ftp.rfc-editor.org/in-notes/rfc2328.txt"> and
+the current IPv6 version (OSPFv3) is defined in RFC 5340<htmlurl
+url="ftp://ftp.rfc-editor.org/in-notes/rfc5340.txt"> It's a link state
+(a.k.a. shortest path first) protocol -- each router maintains a
+database describing the autonomous system's topology. Each participating
+router has an identical copy of the database and all routers run the
+same algorithm calculating a shortest path tree with themselves as a
+root. OSPF chooses the least cost path as the best path.
<p>In OSPF, the autonomous system can be split to several areas in order
to reduce the amount of resources consumed for exchanging the routing
rx buffer [normal|large|<num>];
type [broadcast|nonbroadcast|pointopoint];
strict nonbroadcast <switch>;
- authentication [none|simple|cryptographics];
+ authentication [none|simple|cryptographic];
password "<text>";
password "<text>" {
id <num>;
wait <num>;
dead count <num>;
dead <num>;
- authentication [none|simple];
+ authentication [none|simple|cryptographic];
password "<text>";
};
};
at periodical intervals of <m/num/ seconds. The default value is 1.
<tag>networks { <m/set/ }</tag>
- Definition of area IP ranges. This is used in summary lsa origination.
+ Definition of area IP ranges. This is used in summary LSA origination.
Hidden networks are not propagated into other areas.
<tag>stubnet <m/prefix/ { <m/options/ }</tag>
<tag>strict nonbroadcast <M>switch</M></tag>
If set, don't send hello to any undefined neighbor. This switch
- is ignored on on any non-NBMA network. Default is No.
+ is ignored on any non-NBMA network. Default is No.
<tag>authentication none</tag>
No passwords are sent in OSPF packets. This is the default value.
<tag>authentication cryptographic</tag>
16-byte long MD5 digest is appended to every packet. For the digest
generation 16-byte long passwords are used. Those passwords are
- not sent via network, so this mechanismus is quite secure.
+ not sent via network, so this mechanism is quite secure.
Packets can still be read by an attacker.
<tag>password "<M>text</M>"</tag>
<sect1>Attributes
-<p>OSPF defines three route attributes. Each internal route has a <cf/metric/
+<p>OSPF defines four route attributes. Each internal route has a <cf/metric/.
Metric is ranging from 1 to infinity (65535).
External routes use <cf/metric type 1/ or <cf/metric type 2/.
A <cf/metric of type 1/ is comparable with internal <cf/metric/, a
<cf/metric of type 2/ is always longer
than any <cf/metric of type 1/ or any <cf/internal metric/.
+<cf/Internal metric/ or <cf/metric of type 1/ is stored in attribute
+<cf/ospf_metric1/, <cf/metric type 2/ is stored in attribute <cf/ospf_metric2/.
If you specify both metrics only metric1 is used.
-Each external route can also carry a <cf/tag/ which is a 32-bit
-integer which is used when exporting routes to other protocols;
+
+Each external route can also carry attribute <cf/ospf_tag/ which is a
+32-bit integer which is used when exporting routes to other protocols;
otherwise, it doesn't affect routing inside the OSPF domain at all.
-Default is <cf/metric of type 2 = 10000/ and <cf/tag = 0/.
+The fourth attribute <cf/ospf_router_id/ is a router ID of the router
+advertising that route/network. This attribute is read-only. Default
+is <cf/ospf_metric2 = 10000/ and <cf/ospf_tag = 0/.
<sect1>Example
<code>
protocol ospf MyOSPF {
- rfc1583compatibility yes;
+ rfc1583compat yes;
tick 2;
export filter {
if source = RTS_BGP then {
<p>RIP is a very simple protocol, and it has a lot of shortcomings. Slow
convergence, big network load and inability to handle larger networks
-makes it pretty much obsolete in IPv4 world. (It is still usable on
-very small networks.) It is widely used in IPv6 networks,
-because there are no good implementations of OSPFv3.
+makes it pretty much obsolete. (It is still usable on very small networks.)
<sect1>Configuration
implemented in future versions of BIRD:
<itemize>
-<item>OSPF for IPv6 networks
<item>OSPF NSSA areas and opaque LSA's
<item>Route aggregation and flap dampening
<item>Generation of IPv6 router advertisements
projects / thirdparty / bird.git / blobdiff