]>
Commit | Line | Data |
---|---|---|
04a22949 | 1 | <!doctype birddoc system> |
d37f899b PM |
2 | |
3 | <!-- | |
3e52d112 | 4 | BIRD 2.0 documentation |
d37f899b | 5 | |
dad92c30 OZ |
6 | This documentation can have 4 forms: sgml (this is master copy), html, ASCII |
7 | text and dvi/postscript (generated from sgml using sgmltools). You should always | |
8 | edit master copy. | |
02357f96 | 9 | |
dad92c30 OZ |
10 | This is a slightly modified linuxdoc dtd. Anything in <descrip> tags is |
11 | considered definition of configuration primitives, <cf> is fragment of | |
12 | configuration within normal text, <m> is "meta" information within fragment of | |
13 | configuration - something in config which is not keyword. | |
d37f899b | 14 | |
dad92c30 | 15 | (set-fill-column 80) |
d37f899b PM |
16 | |
17 | Copyright 1999,2000 Pavel Machek <pavel@ucw.cz>, distribute under GPL version 2 or later. | |
18 | ||
19 | --> | |
20 | ||
371adba6 | 21 | <book> |
d37f899b | 22 | |
3e52d112 | 23 | <title>BIRD 2.0 User's Guide |
d37f899b | 24 | <author> |
aa185265 MM |
25 | Ondrej Filip <it/<feela@network.cz>/, |
26 | Pavel Machek <it/<pavel@ucw.cz>/, | |
5516a66d | 27 | Martin Mares <it/<mj@ucw.cz>/, |
265419a3 | 28 | Maria Jan Matejka <it/<mq@jmq.cz>/, |
5516a66d | 29 | Ondrej Zajicek <it/<santiago@crfreenet.org>/ |
aa185265 | 30 | </author> |
d37f899b | 31 | |
d37f899b | 32 | <abstract> |
aa185265 | 33 | This document contains user documentation for the BIRD Internet Routing Daemon project. |
d37f899b PM |
34 | </abstract> |
35 | ||
36 | <!-- Table of contents --> | |
37 | <toc> | |
38 | ||
39 | <!-- Begin the document --> | |
40 | ||
dad92c30 | 41 | |
371adba6 | 42 | <chapt>Introduction |
b9864aa8 | 43 | <label id="intro"> |
d37f899b | 44 | |
371adba6 | 45 | <sect>What is BIRD |
b9864aa8 | 46 | <label id="what-is-bird"> |
d37f899b | 47 | |
b9864aa8 | 48 | <p>The name `BIRD' is actually an acronym standing for `BIRD Internet Routing |
dad92c30 OZ |
49 | Daemon'. Let's take a closer look at the meaning of the name: |
50 | ||
51 | <p><em/BIRD/: Well, we think we have already explained that. It's an acronym | |
52 | standing for `BIRD Internet Routing Daemon', you remember, don't you? :-) | |
53 | ||
54 | <p><em/Internet Routing/: It's a program (well, a daemon, as you are going to | |
55 | discover in a moment) which works as a dynamic router in an Internet type | |
56 | network (that is, in a network running either the IPv4 or the IPv6 protocol). | |
57 | Routers are devices which forward packets between interconnected networks in | |
58 | order to allow hosts not connected directly to the same local area network to | |
59 | communicate with each other. They also communicate with the other routers in the | |
60 | Internet to discover the topology of the network which allows them to find | |
61 | optimal (in terms of some metric) rules for forwarding of packets (which are | |
62 | called routing tables) and to adapt themselves to the changing conditions such | |
63 | as outages of network links, building of new connections and so on. Most of | |
64 | these routers are costly dedicated devices running obscure firmware which is | |
65 | hard to configure and not open to any changes (on the other hand, their special | |
66 | hardware design allows them to keep up with lots of high-speed network | |
67 | interfaces, better than general-purpose computer does). Fortunately, most | |
68 | operating systems of the UNIX family allow an ordinary computer to act as a | |
69 | router and forward packets belonging to the other hosts, but only according to a | |
70 | statically configured table. | |
71 | ||
72 | <p>A <em/Routing Daemon/ is in UNIX terminology a non-interactive program | |
73 | running on background which does the dynamic part of Internet routing, that is | |
74 | it communicates with the other routers, calculates routing tables and sends them | |
75 | to the OS kernel which does the actual packet forwarding. There already exist | |
76 | other such routing daemons: routed (RIP only), GateD (non-free), | |
7935b9d2 PT |
77 | <HTMLURL URL="http://www.zebra.org" name="Zebra"> and |
78 | <HTMLURL URL="http://sourceforge.net/projects/mrt" name="MRTD">, | |
dad92c30 OZ |
79 | but their capabilities are limited and they are relatively hard to configure |
80 | and maintain. | |
897cd7aa MM |
81 | |
82 | <p>BIRD is an Internet Routing Daemon designed to avoid all of these shortcomings, | |
dad92c30 OZ |
83 | to support all the routing technology used in the today's Internet or planned to |
84 | be used in near future and to have a clean extensible architecture allowing new | |
85 | routing protocols to be incorporated easily. Among other features, BIRD | |
86 | supports: | |
897cd7aa MM |
87 | |
88 | <itemize> | |
89 | <item>both IPv4 and IPv6 protocols | |
90 | <item>multiple routing tables | |
91 | <item>the Border Gateway Protocol (BGPv4) | |
3e52d112 | 92 | <item>the Routing Information Protocol (RIPv2, RIPng) |
0c75411b | 93 | <item>the Open Shortest Path First protocol (OSPFv2, OSPFv3) |
cf3e3845 | 94 | <item>the Babel Routing Protocol |
6bcef225 | 95 | <item>the Router Advertisements for IPv6 hosts |
dad92c30 OZ |
96 | <item>a virtual protocol for exchange of routes between different |
97 | routing tables on a single host | |
897cd7aa MM |
98 | <item>a command-line interface allowing on-line control and inspection |
99 | of status of the daemon | |
dad92c30 OZ |
100 | <item>soft reconfiguration (no need to use complex online commands to |
101 | change the configuration, just edit the configuration file and | |
102 | notify BIRD to re-read it and it will smoothly switch itself to | |
103 | the new configuration, not disturbing routing protocols unless | |
104 | they are affected by the configuration changes) | |
02357f96 | 105 | <item>a powerful language for route filtering |
897cd7aa MM |
106 | </itemize> |
107 | ||
dad92c30 OZ |
108 | <p>BIRD has been developed at the Faculty of Math and Physics, Charles |
109 | University, Prague, Czech Republic as a student project. It can be freely | |
110 | distributed under the terms of the GNU General Public License. | |
111 | ||
112 | <p>BIRD has been designed to work on all UNIX-like systems. It has been | |
113 | developed and tested under Linux 2.0 to 2.6, and then ported to FreeBSD, NetBSD | |
114 | and OpenBSD, porting to other systems (even non-UNIX ones) should be relatively | |
115 | easy due to its highly modular architecture. | |
897cd7aa | 116 | |
3e52d112 JMM |
117 | <p>BIRD 1.x supported either IPv4 or IPv6 protocol, but had to be compiled separately |
118 | for each one. BIRD~2 supports both of them with a possibility of further extension. | |
119 | BIRD~2 supports Linux at least 3.16, FreeBSD 10, NetBSD 7.0, and OpenBSD 5.8. | |
120 | Anyway, it will probably work well also on older systems. | |
d37f899b | 121 | |
371adba6 | 122 | <sect>Installing BIRD |
b9864aa8 | 123 | <label id="install"> |
440439e3 | 124 | |
dad92c30 OZ |
125 | <p>On a recent UNIX system with GNU development tools (GCC, binutils, m4, make) |
126 | and Perl, installing BIRD should be as easy as: | |
440439e3 PM |
127 | |
128 | <code> | |
dad92c30 OZ |
129 | ./configure |
130 | make | |
131 | make install | |
132 | vi /usr/local/etc/bird.conf | |
c184d9d0 | 133 | bird |
440439e3 PM |
134 | </code> |
135 | ||
02357f96 | 136 | <p>You can use <tt>./configure --help</tt> to get a list of configure |
3e52d112 | 137 | options. The most important ones are: <tt/--with-protocols=/ to produce a slightly smaller |
dad92c30 OZ |
138 | BIRD executable by configuring out routing protocols you don't use, and |
139 | <tt/--prefix=/ to install BIRD to a place different from <file>/usr/local</file>. | |
140 | ||
b093c328 | 141 | |
02357f96 | 142 | <sect>Running BIRD |
b9864aa8 | 143 | <label id="argv"> |
36032ded | 144 | |
c184d9d0 | 145 | <p>You can pass several command-line options to bird: |
d26524fa | 146 | |
c184d9d0 | 147 | <descrip> |
b9864aa8 | 148 | <tag><label id="argv-config">-c <m/config name/</tag> |
66701947 | 149 | use given configuration file instead of <it/prefix/<file>/etc/bird.conf</file>. |
c184d9d0 | 150 | |
b9864aa8 | 151 | <tag><label id="argv-debug">-d</tag> |
3fda08e4 | 152 | enable debug messages to stderr, and run bird in foreground. |
c184d9d0 | 153 | |
3fda08e4 OZ |
154 | <tag><label id="argv-debug-file">-D <m/filename of debug log/</tag> |
155 | enable debug messages to given file. | |
a4644ed6 | 156 | |
f5952c73 PT |
157 | <tag><label id="argv-foreground">-f</tag> |
158 | run bird in foreground. | |
e8b89a61 | 159 | |
b9864aa8 | 160 | <tag><label id="argv-group">-g <m/group/</tag> |
e8b89a61 | 161 | use that group ID, see the next section for details. |
1cd198cf | 162 | |
f5952c73 PT |
163 | <tag><label id="argv-help">-h, --help</tag> |
164 | display command-line options to bird. | |
6eda3f13 | 165 | |
b9864aa8 | 166 | <tag><label id="argv-local">-l</tag> |
f2ae2bad | 167 | look for a configuration file and a communication socket in the current |
43fc6bb0 | 168 | working directory instead of in default system locations. However, paths |
f2ae2bad OZ |
169 | specified by options <cf/-c/, <cf/-s/ have higher priority. |
170 | ||
f5952c73 PT |
171 | <tag><label id="argv-parse">-p</tag> |
172 | just parse the config file and exit. Return value is zero if the config | |
173 | file is valid, nonzero if there are some errors. | |
174 | ||
175 | <tag><label id="argv-pid">-P <m/name of PID file/</tag> | |
176 | create a PID file with given filename. | |
177 | ||
b9864aa8 | 178 | <tag><label id="argv-recovery">-R</tag> |
6eda3f13 | 179 | apply graceful restart recovery after start. |
22558357 | 180 | |
f5952c73 PT |
181 | <tag><label id="argv-socket">-s <m/name of communication socket/</tag> |
182 | use given filename for a socket for communications with the client, | |
183 | default is <it/prefix/<file>/var/run/bird.ctl</file>. | |
184 | ||
185 | <tag><label id="argv-user">-u <m/user/</tag> | |
186 | drop privileges and use that user ID, see the next section for details. | |
187 | ||
22558357 PT |
188 | <tag><label id="argv-version">--version</tag> |
189 | display bird version. | |
c184d9d0 | 190 | </descrip> |
d26524fa | 191 | |
02357f96 PM |
192 | <p>BIRD writes messages about its work to log files or syslog (according to config). |
193 | ||
dad92c30 | 194 | |
e8b89a61 | 195 | <sect>Privileges |
b9864aa8 | 196 | <label id="privileges"> |
e8b89a61 | 197 | |
dad92c30 OZ |
198 | <p>BIRD, as a routing daemon, uses several privileged operations (like setting |
199 | routing table and using raw sockets). Traditionally, BIRD is executed and runs | |
200 | with root privileges, which may be prone to security problems. The recommended | |
201 | way is to use a privilege restriction (options <cf/-u/, <cf/-g/). In that case | |
202 | BIRD is executed with root privileges, but it changes its user and group ID to | |
203 | an unprivileged ones, while using Linux capabilities to retain just required | |
204 | privileges (capabilities CAP_NET_*). Note that the control socket is created | |
205 | before the privileges are dropped, but the config file is read after that. The | |
206 | privilege restriction is not implemented in BSD port of BIRD. | |
207 | ||
fff7498d | 208 | <p>An unprivileged user (as an argument to <cf/-u/ options) may be the user |
dad92c30 OZ |
209 | <cf/nobody/, but it is suggested to use a new dedicated user account (like |
210 | <cf/bird/). The similar considerations apply for the group option, but there is | |
211 | one more condition -- the users in the same group can use <file/birdc/ to | |
212 | control BIRD. | |
213 | ||
214 | <p>Finally, there is a possibility to use external tools to run BIRD in an | |
215 | environment with restricted privileges. This may need some configuration, but it | |
216 | is generally easy -- BIRD needs just the standard library, privileges to read | |
217 | the config file and create the control socket and the CAP_NET_* capabilities. | |
e8b89a61 | 218 | |
6eda3f13 | 219 | |
3e52d112 JMM |
220 | <chapt>Architecture |
221 | <label id="architecture"> | |
222 | ||
223 | <sect>Routing tables | |
b9864aa8 | 224 | <label id="routing-tables"> |
a852c139 | 225 | |
3e52d112 JMM |
226 | <p>The heart of BIRD is a routing table. BIRD has several independent routing tables; |
227 | each of them contains routes of exactly one <m/nettype/ (see below). There are two | |
228 | default tables -- <cf/master4/ for IPv4 routes and <cf/master6/ for IPv6 routes. | |
229 | Other tables must be explicitly configured. | |
230 | ||
231 | <p> | |
cf3e3845 OZ |
232 | These routing tables are not kernel forwarding tables. No forwarding is done by |
233 | BIRD. If you want to forward packets using the routes in BIRD tables, you may | |
234 | use the Kernel protocol (see below) to synchronize them with kernel FIBs. | |
3e52d112 JMM |
235 | |
236 | <p> | |
cf3e3845 OZ |
237 | Every nettype defines a (kind of) primary key on routes. Every route source can |
238 | supply one route for every possible primary key; new route announcement replaces | |
239 | the old route from the same source, keeping other routes intact. BIRD always | |
240 | chooses the best route for each primary key among the known routes and keeps the | |
241 | others as suboptimal. When the best route is retracted, BIRD re-runs the best | |
242 | route selection algorithm to find the current best route. | |
3e52d112 JMM |
243 | |
244 | <p> | |
245 | The global best route selection algorithm is (roughly) as follows: | |
a852c139 PM |
246 | |
247 | <itemize> | |
3e52d112 JMM |
248 | <item>Preferences of the routes are compared. |
249 | <item>Source protocol instance preferences are compared. | |
3e52d112 | 250 | <item>If source protocols are the same (e.g. BGP vs. BGP), the protocol's route selection algorithm is invoked. |
cf3e3845 | 251 | <item>If source protocols are different (e.g. BGP vs. OSPF), result of the algorithm is undefined. |
a852c139 PM |
252 | </itemize> |
253 | ||
cf3e3845 OZ |
254 | <p><label id="dsc-table-sorted">Usually, a routing table just chooses a selected |
255 | route from a list of entries for one network. But if the <cf/sorted/ option is | |
dad92c30 OZ |
256 | activated, these lists of entries are kept completely sorted (according to |
257 | preference or some protocol-dependent metric). This is needed for some features | |
258 | of some protocols (e.g. <cf/secondary/ option of BGP protocol, which allows to | |
259 | accept not just a selected route, but the first route (in the sorted list) that | |
260 | is accepted by filters), but it is incompatible with some other features (e.g. | |
261 | <cf/deterministic med/ option of BGP protocol, which activates a way of choosing | |
262 | selected route that cannot be described using comparison and ordering). Minor | |
263 | advantage is that routes are shown sorted in <cf/show route/, minor disadvantage | |
264 | is that it is slightly more computationally expensive. | |
265 | ||
3e52d112 JMM |
266 | <sect>Routes and network types |
267 | <label id="routes"> | |
268 | ||
269 | <p>BIRD works with several types of routes. Some of them are typical IP routes, | |
270 | others are better described as forwarding rules. We call them all routes, | |
cf3e3845 | 271 | regardless of this difference. |
3e52d112 | 272 | |
cf3e3845 OZ |
273 | <p>Every route consists of several attributes (read more about them in the |
274 | <ref id="route-attributes" name="Route attributes"> section); the common for all | |
275 | routes are: | |
3e52d112 JMM |
276 | |
277 | <itemize> | |
278 | <item>IP address of router which told us about this route | |
279 | <item>Source protocol instance | |
280 | <item>Route preference | |
281 | <item>Optional attributes defined by protocols | |
282 | </itemize> | |
283 | ||
284 | <p>Other attributes depend on nettypes. Some of them are part of the primary key, these are marked (PK). | |
285 | ||
286 | <sect1>IPv4 and IPv6 routes | |
cf3e3845 | 287 | <label id="ip-routes"> |
3e52d112 JMM |
288 | |
289 | <p>The traditional routes. Configuration keywords are <cf/ipv4/ and <cf/ipv6/. | |
290 | ||
291 | <itemize> | |
292 | <item>(PK) Route destination (IP prefix together with its length) | |
293 | <item>Route next hops (see below) | |
294 | </itemize> | |
295 | ||
159d619c OZ |
296 | <sect1>IPv6 source-specific routes |
297 | <label id="ip-sadr-routes"> | |
298 | ||
299 | <p>The IPv6 routes containing both destination and source prefix. They are used | |
300 | for source-specific routing (SSR), also called source-address dependent routing | |
301 | (SADR), see <rfc id="8043">. Currently limited mostly to the Babel protocol. | |
302 | Configuration keyword is <cf/ipv6 sadr/. | |
303 | ||
304 | <itemize> | |
305 | <item>(PK) Route destination (IP prefix together with its length) | |
306 | <item>(PK) Route source (IP prefix together with its length) | |
307 | <item>Route next hops (see below) | |
308 | </itemize> | |
309 | ||
3e52d112 | 310 | <sect1>VPN IPv4 and IPv6 routes |
cf3e3845 | 311 | <label id="vpn-routes"> |
3e52d112 JMM |
312 | |
313 | <p>Routes for IPv4 and IPv6 with VPN Route Distinguisher (<rfc id="4364">). | |
314 | Configuration keywords are <cf/vpn4/ and <cf/vpn6/. | |
315 | ||
316 | <itemize> | |
317 | <item>(PK) Route destination (IP prefix together with its length) | |
318 | <item>(PK) Route distinguisher (according to <rfc id="4364">) | |
319 | <item>Route next hops | |
320 | </itemize> | |
321 | ||
322 | <sect1>Route Origin Authorization for IPv4 and IPv6 | |
cf3e3845 | 323 | <label id="roa-routes"> |
3e52d112 JMM |
324 | |
325 | <p>These entries can be used to validate route origination of BGP routes. | |
cf3e3845 | 326 | A ROA entry specifies prefixes which could be originated by an AS number. |
3e52d112 JMM |
327 | Their keywords are <cf/roa4/ and <cf/roa6/. |
328 | ||
329 | <itemize> | |
330 | <item>(PK) IP prefix together with its length | |
331 | <item>(PK) Matching prefix maximal length | |
332 | <item>(PK) AS number | |
333 | </itemize> | |
334 | ||
335 | <sect1>Flowspec for IPv4 and IPv6 | |
cf3e3845 | 336 | <label id="flow-routes"> |
3e52d112 JMM |
337 | |
338 | <p>Flowspec rules are a form of firewall and traffic flow control rules | |
339 | distributed mostly via BGP. These rules may help the operators stop various | |
340 | network attacks in the beginning before eating up the whole bandwidth. | |
341 | Configuration keywords are <cf/flow4/ and <cf/flow6/. | |
342 | ||
343 | <itemize> | |
344 | <item>(PK) IP prefix together with its length | |
345 | <item>(PK) Flow definition data | |
346 | <item>Flow action (encoded internally as BGP communities according to <rfc id="5575">) | |
347 | </itemize> | |
348 | ||
349 | <sect1>MPLS switching rules | |
350 | <label id="mpls-routes"> | |
351 | ||
352 | <p>This nettype is currently a stub before implementing more support of <rfc id="3031">. | |
353 | BIRD currently does not support any label distribution protocol nor any label assignment method. | |
354 | Only the Kernel, Pipe and Static protocols can use MPLS tables. | |
355 | Configuration keyword is <cf/mpls/. | |
356 | ||
357 | <itemize> | |
358 | <item>(PK) MPLS label | |
359 | <item>Route next hops | |
360 | </itemize> | |
361 | ||
362 | <sect1>Route next hops | |
363 | <label id="route-next-hop"> | |
364 | ||
365 | <p>This is not a nettype. The route next hop is a complex attribute common for many | |
366 | nettypes as you can see before. Every next hop has its assigned device | |
367 | (either assumed from its IP address or set explicitly). It may have also | |
368 | an IP address and an MPLS stack (one or both independently). | |
369 | Maximal MPLS stack depth is set (in compile time) to 8 labels. | |
370 | ||
371 | <p>Every route (when eligible to have a next hop) can have more than one next hop. | |
372 | In that case, every next hop has also its weight. | |
373 | ||
374 | <sect>Protocols and channels | |
375 | <label id="protocols-concept"> | |
376 | ||
cf3e3845 | 377 | <p>BIRD protocol is an abstract class of producers and consumers of the routes. |
3e52d112 JMM |
378 | Each protocol may run in multiple instances and bind on one side to route |
379 | tables via channels, on the other side to specified listen sockets (BGP), | |
380 | interfaces (Babel, OSPF, RIP), APIs (Kernel, Direct), or nothing (Static, Pipe). | |
381 | ||
cf3e3845 | 382 | <p>There are also two protocols that do not have any channels -- BFD and Device. |
3e52d112 JMM |
383 | Both of them are kind of service for other protocols. |
384 | ||
385 | <p>Each protocol is connected to a routing table through a channel. Some protocols | |
386 | support only one channel (OSPF, RIP), some protocols support more channels (BGP, Direct). | |
387 | Each channel has two filters which can accept, reject and modify the routes. | |
388 | An <it/export/ filter is applied to routes passed from the routing table to the protocol, | |
389 | an <it/import/ filter is applied to routes in the opposite direction. | |
48cf5e84 | 390 | |
6eda3f13 | 391 | <sect>Graceful restart |
b9864aa8 | 392 | <label id="graceful-restart"> |
6eda3f13 OZ |
393 | |
394 | <p>When BIRD is started after restart or crash, it repopulates routing tables in | |
395 | an uncoordinated manner, like after clean start. This may be impractical in some | |
396 | cases, because if the forwarding plane (i.e. kernel routing tables) remains | |
397 | intact, then its synchronization with BIRD would temporarily disrupt packet | |
398 | forwarding until protocols converge. Graceful restart is a mechanism that could | |
399 | help with this issue. Generally, it works by starting protocols and letting them | |
400 | repopulate routing tables while deferring route propagation until protocols | |
401 | acknowledge their convergence. Note that graceful restart behavior have to be | |
402 | configured for all relevant protocols and requires protocol-specific support | |
403 | (currently implemented for Kernel and BGP protocols), it is activated for | |
404 | particular boot by option <cf/-R/. | |
405 | ||
a852c139 | 406 | |
371adba6 | 407 | <chapt>Configuration |
b9864aa8 | 408 | <label id="config"> |
af0b25d2 | 409 | |
371adba6 | 410 | <sect>Introduction |
b9864aa8 | 411 | <label id="config-intro"> |
d37f899b | 412 | |
dad92c30 OZ |
413 | <p>BIRD is configured using a text configuration file. Upon startup, BIRD reads |
414 | <it/prefix/<file>/etc/bird.conf</file> (unless the <tt/-c/ command line option | |
415 | is given). Configuration may be changed at user's request: if you modify the | |
416 | config file and then signal BIRD with <tt/SIGHUP/, it will adjust to the new | |
417 | config. Then there's the client which allows you to talk with BIRD in an | |
418 | extensive way. | |
419 | ||
420 | <p>In the config, everything on a line after <cf/#/ or inside <cf>/* */</cf> is | |
421 | a comment, whitespace characters are treated as a single space. If there's a | |
422 | variable number of options, they are grouped using the <cf/{ }/ brackets. Each | |
423 | option is terminated by a <cf/;/. Configuration is case sensitive. There are two | |
72163bd5 OZ |
424 | ways how to name symbols (like protocol names, filter names, constants etc.). |
425 | You can either use a simple string starting with a letter followed by any | |
426 | combination of letters and numbers (e.g. <cf/R123/, <cf/myfilter/, <cf/bgp5/) or | |
427 | you can enclose the name into apostrophes (<cf/'/) and than you can use any | |
428 | combination of numbers, letters. hyphens, dots and colons (e.g. | |
429 | <cf/'1:strange-name'/, <cf/'-NAME-'/, <cf/'cool::name'/). | |
dad92c30 OZ |
430 | |
431 | <p>Here is an example of a simple config file. It enables synchronization of | |
72163bd5 OZ |
432 | routing tables with OS kernel, learns network interfaces and runs RIP on all |
433 | network interfaces found. | |
d37f899b | 434 | |
a0dd1c74 | 435 | <code> |
d37f899b | 436 | protocol kernel { |
72163bd5 OZ |
437 | ipv4 { |
438 | export all; # Default is export none | |
439 | }; | |
d150c637 | 440 | persist; # Don't remove routes on BIRD shutdown |
d37f899b PM |
441 | } |
442 | ||
443 | protocol device { | |
d37f899b PM |
444 | } |
445 | ||
446 | protocol rip { | |
72163bd5 OZ |
447 | ipv4 { |
448 | import all; | |
449 | export all; | |
450 | }; | |
f434d191 | 451 | interface "*"; |
d37f899b | 452 | } |
a0dd1c74 | 453 | </code> |
d37f899b | 454 | |
326e33f5 | 455 | |
371adba6 | 456 | <sect>Global options |
b9864aa8 | 457 | <label id="global-opts"> |
af0b25d2 | 458 | |
a0dd1c74 | 459 | <p><descrip> |
3e52d112 | 460 | <tag><label id="opt-include">include "<m/filename/";</tag> |
cf3e3845 OZ |
461 | This statement causes inclusion of a new file. The <m/filename/ could |
462 | also be a wildcard, in that case matching files are included in | |
463 | alphabetic order. The maximal depth is 8. Note that this statement can | |
464 | be used anywhere in the config file, even inside other options, but | |
465 | always on the beginning of line. In the following example, the first | |
466 | semicolon belongs to the <cf/include/, the second to <cf/ipv6 table/. | |
467 | If the <file/tablename.conf/ contains exactly one token (the name of the | |
468 | table), this construction is correct: | |
3e52d112 JMM |
469 | <code> |
470 | ipv6 table | |
471 | include "tablename.conf";; | |
472 | </code> | |
48ec367a | 473 | |
b9864aa8 | 474 | <tag><label id="opt-log">log "<m/filename/"|syslog [name <m/name/]|stderr all|{ <m/list of classes/ }</tag> |
dad92c30 | 475 | Set logging of messages having the given class (either <cf/all/ or |
9df52a98 | 476 | <cf/{ error|trace [, <m/.../] }/ etc.) into selected destination (a file specified |
dad92c30 OZ |
477 | as a filename string, syslog with optional name argument, or the stderr |
478 | output). Classes are: | |
1632f1fe | 479 | <cf/info/, <cf/warning/, <cf/error/ and <cf/fatal/ for messages about local problems, |
523f020b OZ |
480 | <cf/debug/ for debugging messages, |
481 | <cf/trace/ when you want to know what happens in the network, | |
482 | <cf/remote/ for messages about misbehavior of remote machines, | |
02357f96 | 483 | <cf/auth/ about authentication failures, |
dad92c30 OZ |
484 | <cf/bug/ for internal BIRD bugs. |
485 | You may specify more than one <cf/log/ line to establish logging to | |
3fda08e4 OZ |
486 | multiple destinations. Default: log everything to the system log, or |
487 | to the debug output if debugging is enabled by <cf/-d//<cf/-D/ | |
488 | command-line option. | |
02357f96 | 489 | |
9df52a98 | 490 | <tag><label id="opt-debug-protocols">debug protocols all|off|{ states|routes|filters|interfaces|events|packets [, <m/.../] }</tag> |
dad92c30 OZ |
491 | Set global defaults of protocol debugging options. See <cf/debug/ in the |
492 | following section. Default: off. | |
5a203dac | 493 | |
b9864aa8 | 494 | <tag><label id="opt-debug-commands">debug commands <m/number/</tag> |
dad92c30 OZ |
495 | Control logging of client connections (0 for no logging, 1 for logging |
496 | of connects and disconnects, 2 and higher for logging of all client | |
497 | commands). Default: 0. | |
249d238c | 498 | |
b9864aa8 | 499 | <tag><label id="opt-debug-latency">debug latency <m/switch/</tag> |
8bcb5fb1 OZ |
500 | Activate tracking of elapsed time for internal events. Recent events |
501 | could be examined using <cf/dump events/ command. Default: off. | |
502 | ||
b9864aa8 | 503 | <tag><label id="opt-debug-latency-limit">debug latency limit <m/time/</tag> |
8bcb5fb1 OZ |
504 | If <cf/debug latency/ is enabled, this option allows to specify a limit |
505 | for elapsed time. Events exceeding the limit are logged. Default: 1 s. | |
506 | ||
b9864aa8 | 507 | <tag><label id="opt-watchdog-warn">watchdog warning <m/time/</tag> |
8bcb5fb1 OZ |
508 | Set time limit for I/O loop cycle. If one iteration took more time to |
509 | complete, a warning is logged. Default: 5 s. | |
510 | ||
b9864aa8 | 511 | <tag><label id="opt-watchdog-timeout">watchdog timeout <m/time/</tag> |
8bcb5fb1 OZ |
512 | Set time limit for I/O loop cycle. If the limit is breached, BIRD is |
513 | killed by abort signal. The timeout has effective granularity of | |
514 | seconds, zero means disabled. Default: disabled (0). | |
515 | ||
b9864aa8 | 516 | <tag><label id="opt-mrtdump">mrtdump "<m/filename/"</tag> |
dad92c30 OZ |
517 | Set MRTdump file name. This option must be specified to allow MRTdump |
518 | feature. Default: no dump file. | |
cf31112f | 519 | |
9df52a98 | 520 | <tag><label id="opt-mrtdump-protocols">mrtdump protocols all|off|{ states|messages [, <m/.../] }</tag> |
dad92c30 OZ |
521 | Set global defaults of MRTdump options. See <cf/mrtdump/ in the |
522 | following section. Default: off. | |
cf31112f | 523 | |
b9864aa8 | 524 | <tag><label id="opt-filter">filter <m/name local variables/{ <m/commands/ }</tag> |
dad92c30 OZ |
525 | Define a filter. You can learn more about filters in the following |
526 | chapter. | |
326e33f5 | 527 | |
b9864aa8 | 528 | <tag><label id="opt-function">function <m/name/ (<m/parameters/) <m/local variables/ { <m/commands/ }</tag> |
dad92c30 | 529 | Define a function. You can learn more about functions in the following chapter. |
523f020b | 530 | |
cf3e3845 | 531 | <tag><label id="opt-protocol">protocol rip|ospf|bgp|<m/.../ [<m/name/ [from <m/name2/]] { <m>protocol options</m> }</tag> |
dad92c30 OZ |
532 | Define a protocol instance called <cf><m/name/</cf> (or with a name like |
533 | "rip5" generated automatically if you don't specify any | |
534 | <cf><m/name/</cf>). You can learn more about configuring protocols in | |
535 | their own chapters. When <cf>from <m/name2/</cf> expression is used, | |
536 | initial protocol options are taken from protocol or template | |
537 | <cf><m/name2/</cf> You can run more than one instance of most protocols | |
538 | (like RIP or BGP). By default, no instances are configured. | |
a7f23f58 | 539 | |
cf3e3845 | 540 | <tag><label id="opt-template">template rip|ospf|bgp|<m/.../ [<m/name/ [from <m/name2/]] { <m>protocol options</m> }</tag> |
dad92c30 OZ |
541 | Define a protocol template instance called <m/name/ (or with a name like |
542 | "bgp1" generated automatically if you don't specify any <m/name/). | |
543 | Protocol templates can be used to group common options when many | |
544 | similarly configured protocol instances are to be defined. Protocol | |
545 | instances (and other templates) can use templates by using <cf/from/ | |
546 | expression and the name of the template. At the moment templates (and | |
547 | <cf/from/ expression) are not implemented for OSPF protocol. | |
249d238c | 548 | |
b9864aa8 | 549 | <tag><label id="opt-define">define <m/constant/ = <m/expression/</tag> |
dad92c30 OZ |
550 | Define a constant. You can use it later in every place you could use a |
551 | value of the same type. Besides, there are some predefined numeric | |
552 | constants based on /etc/iproute2/rt_* files. A list of defined constants | |
553 | can be seen (together with other symbols) using 'show symbols' command. | |
249d238c | 554 | |
265419a3 MM |
555 | <tag><label id="opt-attribute">attribute <m/type/ <m/name/</tag> |
556 | Define a custom route attribute. You can set and get it in filters like | |
557 | any other route atribute. This feature is intended for marking routes | |
558 | in import filters for export filtering purposes instead of locally | |
559 | assigned BGP communities which have to be deleted in export filters. | |
560 | ||
b9864aa8 PT |
561 | <tag><label id="opt-router-id">router id <m/IPv4 address/</tag> |
562 | Set BIRD's router ID. It's a world-wide unique identification of your | |
3e52d112 JMM |
563 | router, usually one of router's IPv4 addresses. Default: the lowest |
564 | IPv4 address of a non-loopback interface. | |
79b4e12e | 565 | |
9df52a98 | 566 | <tag><label id="opt-router-id-from">router id from [-] [ "<m/mask/" ] [ <m/prefix/ ] [, <m/.../]</tag> |
3e52d112 JMM |
567 | Set BIRD's router ID based on an IPv4 address of an interface specified by |
568 | an interface pattern. | |
b9864aa8 | 569 | See <ref id="proto-iface" name="interface"> section for detailed |
d7c06285 | 570 | description of interface patterns with extended clauses. |
249d238c | 571 | |
b9864aa8 | 572 | <tag><label id="opt-graceful-restart">graceful restart wait <m/number/</tag> |
6eda3f13 OZ |
573 | During graceful restart recovery, BIRD waits for convergence of routing |
574 | protocols. This option allows to specify a timeout for the recovery to | |
575 | prevent waiting indefinitely if some protocols cannot converge. Default: | |
576 | 240 seconds. | |
577 | ||
b9864aa8 | 578 | <tag><label id="opt-timeformat">timeformat route|protocol|base|log "<m/format1/" [<m/limit/ "<m/format2/"]</tag> |
dad92c30 OZ |
579 | This option allows to specify a format of date/time used by BIRD. The |
580 | first argument specifies for which purpose such format is used. | |
581 | <cf/route/ is a format used in 'show route' command output, | |
582 | <cf/protocol/ is used in 'show protocols' command output, <cf/base/ is | |
583 | used for other commands and <cf/log/ is used in a log file. | |
584 | ||
585 | "<m/format1/" is a format string using <it/strftime(3)/ notation (see | |
f047271c OZ |
586 | <it/man strftime/ for details). It is extended to support sub-second |
587 | time part with variable precision (up to microseconds) using "%f" | |
588 | conversion code (e.g., "%T.%3f" is hh:mm:ss.sss time). <m/limit/ and | |
589 | "<m/format2/" allow to specify the second format string for times in | |
590 | past deeper than <m/limit/ seconds. | |
591 | ||
592 | There are several shorthands: <cf/iso long/ is a ISO 8601 date/time | |
593 | format (YYYY-MM-DD hh:mm:ss) that can be also specified using <cf/"%F | |
594 | %T"/. Similarly, <cf/iso long ms/ and <cf/iso long us/ are ISO 8601 | |
595 | date/time formats with millisecond or microsecond precision. | |
dad92c30 OZ |
596 | <cf/iso short/ is a variant of ISO 8601 that uses just the time format |
597 | (hh:mm:ss) for near times (up to 20 hours in the past) and the date | |
f047271c OZ |
598 | format (YYYY-MM-DD) for far times. This is a shorthand for <cf/"%T" |
599 | 72000 "%F"/. And there are also <cf/iso short ms/ and <cf/iso short us/ | |
600 | high-precision variants of that. | |
c37e7851 | 601 | |
f047271c OZ |
602 | By default, BIRD uses the <cf/iso short ms/ format for <cf/route/ and |
603 | <cf/protocol/ times, and the <cf/iso long ms/ format for <cf/base/ and | |
90eb5e7a OZ |
604 | <cf/log/ times. |
605 | ||
3e52d112 | 606 | <tag><label id="opt-table"><m/nettype/ table <m/name/ [sorted]</tag> |
cf3e3845 OZ |
607 | Create a new routing table. The default routing tables <cf/master4/ and |
608 | <cf/master6/ are created implicitly, other routing tables have to be | |
609 | added by this command. Option <cf/sorted/ can be used to enable sorting | |
610 | of routes, see <ref id="dsc-table-sorted" name="sorted table"> | |
611 | description for details. | |
af582c48 | 612 | |
b9864aa8 | 613 | <tag><label id="opt-eval">eval <m/expr/</tag> |
3e52d112 | 614 | Evaluates given filter expression. It is used by the developers for testing of filters. |
249d238c PM |
615 | </descrip> |
616 | ||
cf3e3845 | 617 | |
371adba6 | 618 | <sect>Protocol options |
b9864aa8 | 619 | <label id="protocol-opts"> |
bfd71178 | 620 | |
dad92c30 OZ |
621 | <p>For each protocol instance, you can configure a bunch of options. Some of |
622 | them (those described in this section) are generic, some are specific to the | |
623 | protocol (see sections talking about the protocols). | |
7581b81b | 624 | |
dad92c30 OZ |
625 | <p>Several options use a <m/switch/ argument. It can be either <cf/on/, |
626 | <cf/yes/ or a numeric expression with a non-zero value for the option to be | |
627 | enabled or <cf/off/, <cf/no/ or a numeric expression evaluating to zero to | |
628 | disable it. An empty <m/switch/ is equivalent to <cf/on/ ("silence means | |
629 | agreement"). | |
7581b81b | 630 | |
5a203dac | 631 | <descrip> |
b9864aa8 | 632 | <tag><label id="proto-disabled">disabled <m/switch/</tag> |
dad92c30 OZ |
633 | Disables the protocol. You can change the disable/enable status from the |
634 | command line interface without needing to touch the configuration. | |
635 | Disabled protocols are not activated. Default: protocol is enabled. | |
5a203dac | 636 | |
9df52a98 | 637 | <tag><label id="proto-debug">debug all|off|{ states|routes|filters|interfaces|events|packets [, <m/.../] }</tag> |
5a203dac PM |
638 | Set protocol debugging options. If asked, each protocol is capable of |
639 | writing trace messages about its work to the log (with category | |
640 | <cf/trace/). You can either request printing of <cf/all/ trace messages | |
641 | or only of the types selected: <cf/states/ for protocol state changes | |
dad92c30 OZ |
642 | (protocol going up, down, starting, stopping etc.), <cf/routes/ for |
643 | routes exchanged with the routing table, <cf/filters/ for details on | |
644 | route filtering, <cf/interfaces/ for interface change events sent to the | |
645 | protocol, <cf/events/ for events internal to the protocol and <cf/packets/ | |
646 | for packets sent and received by the protocol. Default: off. | |
5a203dac | 647 | |
9df52a98 | 648 | <tag><label id="proto-mrtdump">mrtdump all|off|{ states|messages [, <m/.../] }</tag> |
dad92c30 OZ |
649 | Set protocol MRTdump flags. MRTdump is a standard binary format for |
650 | logging information from routing protocols and daemons. These flags | |
651 | control what kind of information is logged from the protocol to the | |
652 | MRTdump file (which must be specified by global <cf/mrtdump/ option, see | |
653 | the previous section). Although these flags are similar to flags of | |
654 | <cf/debug/ option, their meaning is different and protocol-specific. For | |
655 | BGP protocol, <cf/states/ logs BGP state changes and <cf/messages/ logs | |
656 | received BGP messages. Other protocols does not support MRTdump yet. | |
cf31112f | 657 | |
b9864aa8 | 658 | <tag><label id="proto-router-id">router id <m/IPv4 address/</tag> |
dad92c30 OZ |
659 | This option can be used to override global router id for a given |
660 | protocol. Default: uses global router id. | |
4cdd0784 | 661 | |
b9864aa8 | 662 | <tag><label id="proto-description">description "<m/text/"</tag> |
dad92c30 | 663 | This is an optional description of the protocol. It is displayed as a |
a043f2d7 | 664 | part of the output of 'show protocols all' command. |
62aa96ca | 665 | |
943478b0 OZ |
666 | <tag><label id="proto-vrf">vrf "<m/text/"</tag> |
667 | Associate the protocol with specific VRF. The protocol will be | |
668 | restricted to interfaces assigned to the VRF and will use sockets bound | |
669 | to the VRF. Appropriate VRF interface must exist on OS level. For kernel | |
670 | protocol, an appropriate table still must be explicitly selected by | |
a177e4dd OZ |
671 | <cf/table/ option. Note that for proper VRF support it is necessary to |
672 | use Linux kernel version at least 4.14, older versions have limited VRF | |
673 | implementation. | |
3e52d112 JMM |
674 | |
675 | <tag><label id="proto-channel"><m/channel name/ [{<m/channel config/}]</tag> | |
cf3e3845 OZ |
676 | Every channel must be explicitly stated. See the protocol-specific |
677 | configuration for the list of supported channel names. See the | |
678 | <ref id="channel-opts" name="channel configuration section"> for channel | |
679 | definition. | |
7581b81b PM |
680 | </descrip> |
681 | ||
a7c9f7c0 | 682 | <p>There are several options that give sense only with certain protocols: |
7581b81b PM |
683 | |
684 | <descrip> | |
9df52a98 | 685 | <tag><label id="proto-iface">interface [-] [ "<m/mask/" ] [ <m/prefix/ ] [, <m/.../] [ { <m/option/; [<m/.../] } ]</tag> |
f434d191 OZ |
686 | Specifies a set of interfaces on which the protocol is activated with |
687 | given interface-specific options. A set of interfaces specified by one | |
dad92c30 OZ |
688 | interface option is described using an interface pattern. The interface |
689 | pattern consists of a sequence of clauses (separated by commas), each | |
d7c06285 OZ |
690 | clause is a mask specified as a shell-like pattern. Interfaces are |
691 | matched by their name. | |
dad92c30 OZ |
692 | |
693 | An interface matches the pattern if it matches any of its clauses. If | |
694 | the clause begins with <cf/-/, matching interfaces are excluded. Patterns | |
d7c06285 | 695 | are processed left-to-right, thus <cf/interface "eth0", -"eth*", "*";/ |
dad92c30 OZ |
696 | means eth0 and all non-ethernets. |
697 | ||
d7c06285 OZ |
698 | Some protocols (namely OSPFv2 and Direct) support extended clauses that |
699 | may contain a mask, a prefix, or both of them. An interface matches such | |
700 | clause if its name matches the mask (if specified) and its address | |
701 | matches the prefix (if specified). Extended clauses are used when the | |
702 | protocol handles multiple addresses on an interface independently. | |
703 | ||
dad92c30 OZ |
704 | An interface option can be used more times with different interface-specific |
705 | options, in that case for given interface the first matching interface | |
706 | option is used. | |
523f020b | 707 | |
cf3e3845 | 708 | This option is allowed in Babel, BFD, Device, Direct, OSPF, RAdv and RIP |
3e52d112 | 709 | protocols. In OSPF protocol it is used in the <cf/area/ subsection. |
f434d191 OZ |
710 | |
711 | Default: none. | |
712 | ||
713 | Examples: | |
714 | ||
dad92c30 OZ |
715 | <cf>interface "*" { type broadcast; };</cf> - start the protocol on all |
716 | interfaces with <cf>type broadcast</cf> option. | |
f434d191 | 717 | |
dad92c30 OZ |
718 | <cf>interface "eth1", "eth4", "eth5" { type ptp; };</cf> - start the |
719 | protocol on enumerated interfaces with <cf>type ptp</cf> option. | |
523f020b | 720 | |
dad92c30 OZ |
721 | <cf>interface -192.168.1.0/24, 192.168.0.0/16;</cf> - start the protocol |
722 | on all interfaces that have address from 192.168.0.0/16, but not from | |
723 | 192.168.1.0/24. | |
f434d191 | 724 | |
dad92c30 OZ |
725 | <cf>interface -192.168.1.0/24, 192.168.0.0/16;</cf> - start the protocol |
726 | on all interfaces that have address from 192.168.0.0/16, but not from | |
727 | 192.168.1.0/24. | |
f434d191 OZ |
728 | |
729 | <cf>interface "eth*" 192.168.1.0/24;</cf> - start the protocol on all | |
730 | ethernet interfaces that have address from 192.168.1.0/24. | |
731 | ||
b9864aa8 | 732 | <tag><label id="proto-tx-class">tx class|dscp <m/num/</tag> |
dad92c30 OZ |
733 | This option specifies the value of ToS/DS/Class field in IP headers of |
734 | the outgoing protocol packets. This may affect how the protocol packets | |
735 | are processed by the network relative to the other network traffic. With | |
736 | <cf/class/ keyword, the value (0-255) is used for the whole ToS/Class | |
737 | octet (but two bits reserved for ECN are ignored). With <cf/dscp/ | |
738 | keyword, the value (0-63) is used just for the DS field in the octet. | |
739 | Default value is 0xc0 (DSCP 0x30 - CS6). | |
ef4a50be | 740 | |
b9864aa8 | 741 | <tag><label id="proto-tx-priority">tx priority <m/num/</tag> |
dad92c30 OZ |
742 | This option specifies the local packet priority. This may affect how the |
743 | protocol packets are processed in the local TX queues. This option is | |
744 | Linux specific. Default value is 7 (highest priority, privileged traffic). | |
ef4a50be | 745 | |
64385aee PT |
746 | <tag><label id="proto-pass">password "<m/password/" [ { <m>password options</m> } ]</tag> |
747 | Specifies a password that can be used by the protocol as a shared secret | |
748 | key. Password option can be used more times to specify more passwords. | |
749 | If more passwords are specified, it is a protocol-dependent decision | |
750 | which one is really used. Specifying passwords does not mean that | |
751 | authentication is enabled, authentication can be enabled by separate, | |
752 | protocol-dependent <cf/authentication/ option. | |
523f020b | 753 | |
e03dc6a9 | 754 | This option is allowed in BFD, OSPF and RIP protocols. BGP has also |
f434d191 OZ |
755 | <cf/password/ option, but it is slightly different and described |
756 | separately. | |
f434d191 OZ |
757 | Default: none. |
758 | </descrip> | |
759 | ||
760 | <p>Password option can contain section with some (not necessary all) password sub-options: | |
761 | ||
762 | <descrip> | |
b9864aa8 | 763 | <tag><label id="proto-pass-id">id <M>num</M></tag> |
0a21c211 | 764 | ID of the password, (1-255). If it is not used, BIRD will choose ID based |
dad92c30 OZ |
765 | on an order of the password item in the interface. For example, second |
766 | password item in one interface will have default ID 2. ID is used by | |
767 | some routing protocols to identify which password was used to | |
768 | authenticate protocol packets. | |
f434d191 | 769 | |
b9864aa8 | 770 | <tag><label id="proto-pass-gen-from">generate from "<m/time/"</tag> |
dad92c30 OZ |
771 | The start time of the usage of the password for packet signing. |
772 | The format of <cf><m/time/</cf> is <tt>dd-mm-yyyy HH:MM:SS</tt>. | |
f434d191 | 773 | |
b9864aa8 | 774 | <tag><label id="proto-pass-gen-to">generate to "<m/time/"</tag> |
dad92c30 | 775 | The last time of the usage of the password for packet signing. |
f434d191 | 776 | |
b9864aa8 | 777 | <tag><label id="proto-pass-accept-from">accept from "<m/time/"</tag> |
dad92c30 | 778 | The start time of the usage of the password for packet verification. |
5a203dac | 779 | |
b9864aa8 | 780 | <tag><label id="proto-pass-accept-to">accept to "<m/time/"</tag> |
dad92c30 | 781 | The last time of the usage of the password for packet verification. |
64385aee PT |
782 | |
783 | <tag><label id="proto-pass-from">from "<m/time/"</tag> | |
784 | Shorthand for setting both <cf/generate from/ and <cf/accept from/. | |
785 | ||
786 | <tag><label id="proto-pass-to">to "<m/time/"</tag> | |
787 | Shorthand for setting both <cf/generate to/ and <cf/accept to/. | |
788 | ||
789 | <tag><label id="proto-pass-algorithm">algorithm ( keyed md5 | keyed sha1 | hmac sha1 | hmac sha256 | hmac sha384 | hmac sha512 )</tag> | |
790 | The message authentication algorithm for the password when cryptographic | |
791 | authentication is enabled. The default value depends on the protocol. | |
792 | For RIP and OSPFv2 it is Keyed-MD5 (for compatibility), for OSPFv3 | |
793 | protocol it is HMAC-SHA-256. | |
794 | ||
7581b81b | 795 | </descrip> |
d37f899b | 796 | |
cf3e3845 | 797 | |
3e52d112 JMM |
798 | <sect>Channel options |
799 | <label id="channel-opts"> | |
77234bbb | 800 | |
3e52d112 | 801 | <p>Every channel belongs to a protocol and is configured inside its block. The |
72163bd5 OZ |
802 | minimal channel config is empty, then it uses default values. The name of the |
803 | channel implies its nettype. Channel definitions can be inherited from protocol | |
804 | templates. Multiple definitions of the same channel are forbidden, but channels | |
805 | inherited from templates can be updated by new definitions. | |
77234bbb | 806 | |
3e52d112 JMM |
807 | <descrip> |
808 | <tag><label id="proto-table">table <m/name/</tag> | |
cf3e3845 OZ |
809 | Specify a table to which the channel is connected. Default: the first |
810 | table of given nettype. | |
811 | ||
812 | <tag><label id="proto-preference">preference <m/expr/</tag> | |
813 | Sets the preference of routes generated by the protocol and imported | |
814 | through this channel. Default: protocol dependent. | |
77234bbb | 815 | |
3e52d112 JMM |
816 | <tag><label id="proto-import">import all | none | filter <m/name/ | filter { <m/filter commands/ } | where <m/boolean filter expression/</tag> |
817 | Specify a filter to be used for filtering routes coming from the | |
818 | protocol to the routing table. <cf/all/ is for keeping all routes, | |
3831b619 OZ |
819 | <cf/none/ is for dropping all routes. Default: <cf/all/ (except for |
820 | EBGP). | |
77234bbb | 821 | |
3e52d112 JMM |
822 | <tag><label id="proto-export">export <m/filter/</tag> |
823 | This is similar to the <cf>import</cf> keyword, except that it works in | |
3831b619 OZ |
824 | the direction from the routing table to the protocol. Default: <cf/none/ |
825 | (except for EBGP). | |
77234bbb | 826 | |
3e52d112 JMM |
827 | <tag><label id="proto-import-keep-filtered">import keep filtered <m/switch/</tag> |
828 | Usually, if an import filter rejects a route, the route is forgotten. | |
829 | When this option is active, these routes are kept in the routing table, | |
830 | but they are hidden and not propagated to other protocols. But it is | |
831 | possible to show them using <cf/show route filtered/. Note that this | |
832 | option does not work for the pipe protocol. Default: off. | |
77234bbb | 833 | |
3e52d112 JMM |
834 | <tag><label id="proto-import-limit">import limit [<m/number/ | off ] [action warn | block | restart | disable]</tag> |
835 | Specify an import route limit (a maximum number of routes imported from | |
836 | the protocol) and optionally the action to be taken when the limit is | |
837 | hit. Warn action just prints warning log message. Block action discards | |
838 | new routes coming from the protocol. Restart and disable actions shut | |
839 | the protocol down like appropriate commands. Disable is the default | |
840 | action if an action is not explicitly specified. Note that limits are | |
841 | reset during protocol reconfigure, reload or restart. Default: <cf/off/. | |
77234bbb | 842 | |
3e52d112 JMM |
843 | <tag><label id="proto-receive-limit">receive limit [<m/number/ | off ] [action warn | block | restart | disable]</tag> |
844 | Specify an receive route limit (a maximum number of routes received from | |
845 | the protocol and remembered). It works almost identically to <cf>import | |
846 | limit</cf> option, the only difference is that if <cf/import keep | |
847 | filtered/ option is active, filtered routes are counted towards the | |
848 | limit and blocked routes are forgotten, as the main purpose of the | |
849 | receive limit is to protect routing tables from overflow. Import limit, | |
850 | on the contrary, counts accepted routes only and routes blocked by the | |
851 | limit are handled like filtered routes. Default: <cf/off/. | |
77234bbb | 852 | |
3e52d112 JMM |
853 | <tag><label id="proto-export-limit">export limit [ <m/number/ | off ] [action warn | block | restart | disable]</tag> |
854 | Specify an export route limit, works similarly to the <cf>import | |
855 | limit</cf> option, but for the routes exported to the protocol. This | |
856 | option is experimental, there are some problems in details of its | |
857 | behavior -- the number of exported routes can temporarily exceed the | |
858 | limit without triggering it during protocol reload, exported routes | |
859 | counter ignores route blocking and block action also blocks route | |
860 | updates of already accepted routes -- and these details will probably | |
861 | change in the future. Default: <cf/off/. | |
77234bbb OZ |
862 | </descrip> |
863 | ||
3e52d112 JMM |
864 | <p>This is a trivial example of RIP configured for IPv6 on all interfaces: |
865 | <code> | |
866 | protocol rip ng { | |
867 | ipv6; | |
868 | interface "*"; | |
77234bbb OZ |
869 | } |
870 | </code> | |
871 | ||
72163bd5 | 872 | <p>This is a non-trivial example. |
3e52d112 JMM |
873 | <code> |
874 | protocol rip ng { | |
875 | ipv6 { | |
876 | table mytable6; | |
877 | import filter { ... }; | |
878 | export filter { ... }; | |
879 | import limit 50; | |
880 | }; | |
881 | interface "*"; | |
77234bbb OZ |
882 | } |
883 | </code> | |
884 | ||
72163bd5 OZ |
885 | <p>And this is even more complicated example using templates. |
886 | <code> | |
887 | template bgp { | |
888 | local 198.51.100.14 as 65000; | |
889 | ||
890 | ipv4 { | |
891 | table mytable4; | |
892 | import filter { ... }; | |
3831b619 | 893 | export none; |
72163bd5 OZ |
894 | }; |
895 | ipv6 { | |
896 | table mytable6; | |
897 | import filter { ... }; | |
3831b619 | 898 | export none; |
72163bd5 OZ |
899 | }; |
900 | } | |
901 | ||
902 | protocol bgp from { | |
903 | neighbor 198.51.100.130 as 64496; | |
904 | ||
905 | # IPv4 channel is inherited as-is, while IPv6 | |
906 | # channel is adjusted by export filter option | |
907 | ipv6 { | |
908 | export filter { ... }; | |
909 | }; | |
910 | } | |
911 | </code> | |
912 | ||
913 | ||
5a203dac | 914 | <chapt>Remote control |
b9864aa8 | 915 | <label id="remote-control"> |
36032ded | 916 | |
dad92c30 OZ |
917 | <p>You can use the command-line client <file>birdc</file> to talk with a running |
918 | BIRD. Communication is done using a <file/bird.ctl/ UNIX domain socket (unless | |
919 | changed with the <tt/-s/ option given to both the server and the client). The | |
920 | commands can perform simple actions such as enabling/disabling of protocols, | |
921 | telling BIRD to show various information, telling it to show routing table | |
922 | filtered by filter, or asking BIRD to reconfigure. Press <tt/?/ at any time to | |
923 | get online help. Option <tt/-r/ can be used to enable a restricted mode of BIRD | |
924 | client, which allows just read-only commands (<cf/show .../). Option <tt/-v/ can | |
925 | be passed to the client, to make it dump numeric return codes along with the | |
926 | messages. You do not necessarily need to use <file/birdc/ to talk to BIRD, your | |
927 | own applications could do that, too -- the format of communication between BIRD | |
928 | and <file/birdc/ is stable (see the programmer's documentation). | |
929 | ||
930 | <p>There is also lightweight variant of BIRD client called <file/birdcl/, which | |
931 | does not support command line editing and history and has minimal dependencies. | |
932 | This is useful for running BIRD in resource constrained environments, where | |
933 | Readline library (required for regular BIRD client) is not available. | |
a5e9f3d2 OZ |
934 | |
935 | <p>Many commands have the <m/name/ of the protocol instance as an argument. | |
f434d191 OZ |
936 | This argument can be omitted if there exists only a single instance. |
937 | ||
5a203dac | 938 | <p>Here is a brief list of supported functions: |
64722c98 PM |
939 | |
940 | <descrip> | |
b9864aa8 | 941 | <tag><label id="cli-show-status">show status</tag> |
dad92c30 OZ |
942 | Show router status, that is BIRD version, uptime and time from last |
943 | reconfiguration. | |
5a203dac | 944 | |
b9864aa8 | 945 | <tag><label id="cli-show-interfaces">show interfaces [summary]</tag> |
43fc6bb0 OZ |
946 | Show the list of interfaces. For each interface, print its type, state, |
947 | MTU and addresses assigned. | |
948 | ||
b9864aa8 | 949 | <tag><label id="cli-show-protocols">show protocols [all]</tag> |
dad92c30 OZ |
950 | Show list of protocol instances along with tables they are connected to |
951 | and protocol status, possibly giving verbose information, if <cf/all/ is | |
952 | specified. | |
64722c98 | 953 | |
3e52d112 | 954 | <!-- TODO: Move these protocol-specific remote control commands to the protocol sections --> |
b9864aa8 | 955 | <tag><label id="cli-show-ospf-iface">show ospf interface [<m/name/] ["<m/interface/"]</tag> |
f434d191 OZ |
956 | Show detailed information about OSPF interfaces. |
957 | ||
b9864aa8 | 958 | <tag><label id="cli-show-ospf-neighbors">show ospf neighbors [<m/name/] ["<m/interface/"]</tag> |
f434d191 OZ |
959 | Show a list of OSPF neighbors and a state of adjacency to them. |
960 | ||
b9864aa8 | 961 | <tag><label id="cli-show-ospf-state">show ospf state [all] [<m/name/]</tag> |
dad92c30 OZ |
962 | Show detailed information about OSPF areas based on a content of the |
963 | link-state database. It shows network topology, stub networks, | |
964 | aggregated networks and routers from other areas and external routes. | |
965 | The command shows information about reachable network nodes, use option | |
966 | <cf/all/ to show information about all network nodes in the link-state | |
967 | database. | |
0ea8fb4a | 968 | |
b9864aa8 | 969 | <tag><label id="cli-show-ospf-topology">show ospf topology [all] [<m/name/]</tag> |
dad92c30 OZ |
970 | Show a topology of OSPF areas based on a content of the link-state |
971 | database. It is just a stripped-down version of 'show ospf state'. | |
64722c98 | 972 | |
b9864aa8 | 973 | <tag><label id="cli-show-ospf-lsadb">show ospf lsadb [global | area <m/id/ | link] [type <m/num/] [lsid <m/id/] [self | router <m/id/] [<m/name/] </tag> |
dad92c30 OZ |
974 | Show contents of an OSPF LSA database. Options could be used to filter |
975 | entries. | |
20ab192b | 976 | |
b9864aa8 | 977 | <tag><label id="cli-show-rip-interfaces">show rip interfaces [<m/name/] ["<m/interface/"]</tag> |
43fc6bb0 OZ |
978 | Show detailed information about RIP interfaces. |
979 | ||
b9864aa8 | 980 | <tag><label id="cli-show-rip-neighbors">show rip neighbors [<m/name/] ["<m/interface/"]</tag> |
43fc6bb0 OZ |
981 | Show a list of RIP neighbors and associated state. |
982 | ||
b9864aa8 | 983 | <tag><label id="cli-show-static">show static [<m/name/]</tag> |
f434d191 OZ |
984 | Show detailed information about static routes. |
985 | ||
b9864aa8 | 986 | <tag><label id="cli-show-bfd-sessions">show bfd sessions [<m/name/]</tag> |
12201fd8 OZ |
987 | Show information about BFD sessions. |
988 | ||
b9864aa8 | 989 | <tag><label id="cli-show-symbols">show symbols [table|filter|function|protocol|template|roa|<m/symbol/]</tag> |
dad92c30 OZ |
990 | Show the list of symbols defined in the configuration (names of |
991 | protocols, routing tables etc.). | |
5a203dac | 992 | |
b2949999 | 993 | <tag><label id="cli-show-route">show route [[for] <m/prefix/|<m/IP/] [table (<m/t/ | all)] [filter <m/f/|where <m/c/] [(export|preexport|noexport) <m/p/] [protocol <m/p/] [(stats|count)] [<m/options/]</tag> |
2faf519c | 994 | Show contents of specified routing tables, that is routes, their metrics |
dad92c30 | 995 | and (in case the <cf/all/ switch is given) all their attributes. |
5a203dac PM |
996 | |
997 | <p>You can specify a <m/prefix/ if you want to print routes for a | |
998 | specific network. If you use <cf>for <m/prefix or IP/</cf>, you'll get | |
999 | the entry which will be used for forwarding of packets to the given | |
1000 | destination. By default, all routes for each network are printed with | |
1001 | the selected one at the top, unless <cf/primary/ is given in which case | |
1002 | only the selected route is shown. | |
1003 | ||
b2949999 OZ |
1004 | <p>The <cf/show route/ command can process one or multiple routing |
1005 | tables. The set of selected tables is determined on three levels: First, | |
1006 | tables can be explicitly selected by <cf/table/ switch, which could be | |
1007 | used multiple times, all tables are specified by <cf/table all/. Second, | |
1008 | tables can be implicitly selected by channels or protocols that are | |
1009 | arguments of several other switches (e.g., <cf/export/, <cf/protocol/). | |
1010 | Last, the set of default tables is used: <cf/master4/, <cf/master6/ and | |
1011 | each first table of any other network type. | |
1012 | ||
5a203dac PM |
1013 | <p>You can also ask for printing only routes processed and accepted by |
1014 | a given filter (<cf>filter <m/name/</cf> or <cf>filter { <m/filter/ } | |
1015 | </cf> or matching a given condition (<cf>where <m/condition/</cf>). | |
7aa80901 OZ |
1016 | |
1017 | The <cf/export/, <cf/preexport/ and <cf/noexport/ switches ask for | |
b2949999 OZ |
1018 | printing of routes that are exported to the specified protocol or |
1019 | channel. With <cf/preexport/, the export filter of the channel is | |
1020 | skipped. With <cf/noexport/, routes rejected by the export filter are | |
1021 | printed instead. Note that routes not exported for other reasons | |
7aa80901 | 1022 | (e.g. secondary routes or routes imported from that protocol) are not |
b2949999 OZ |
1023 | printed even with <cf/noexport/. These switches also imply that |
1024 | associated routing tables are selected instead of default ones. | |
5a203dac | 1025 | |
4d176e14 | 1026 | <p>You can also select just routes added by a specific protocol. |
b2949999 OZ |
1027 | <cf>protocol <m/p/</cf>. This switch also implies that associated |
1028 | routing tables are selected instead of default ones. | |
4d176e14 | 1029 | |
dad92c30 OZ |
1030 | <p>If BIRD is configured to keep filtered routes (see <cf/import keep |
1031 | filtered/ option), you can show them instead of routes by using | |
1032 | <cf/filtered/ switch. | |
cf98be7b | 1033 | |
5a203dac PM |
1034 | <p>The <cf/stats/ switch requests showing of route statistics (the |
1035 | number of networks, number of routes before and after filtering). If | |
1036 | you use <cf/count/ instead, only the statistics will be printed. | |
af582c48 | 1037 | |
fc1b9333 OZ |
1038 | <tag><label id="cli-mrt-dump">mrt dump table <m/name/|"<m/pattern/" to "<m/filename/" [filter <m/f/|where <m/c/]</tag> |
1039 | Dump content of a routing table to a specified file in MRT table dump | |
1040 | format. See <ref id="mrt" name="MRT protocol"> for details. | |
1041 | ||
b9864aa8 | 1042 | <tag><label id="cli-configure">configure [soft] ["<m/config file/"] [timeout [<m/num/]]</tag> |
dad92c30 OZ |
1043 | Reload configuration from a given file. BIRD will smoothly switch itself |
1044 | to the new configuration, protocols are reconfigured if possible, | |
1045 | restarted otherwise. Changes in filters usually lead to restart of | |
1046 | affected protocols. | |
1047 | ||
1048 | If <cf/soft/ option is used, changes in filters does not cause BIRD to | |
1049 | restart affected protocols, therefore already accepted routes (according | |
1050 | to old filters) would be still propagated, but new routes would be | |
1051 | processed according to the new filters. | |
1052 | ||
1053 | If <cf/timeout/ option is used, config timer is activated. The new | |
1054 | configuration could be either confirmed using <cf/configure confirm/ | |
1055 | command, or it will be reverted to the old one when the config timer | |
1056 | expires. This is useful for cases when reconfiguration breaks current | |
fff7498d | 1057 | routing and a router becomes inaccessible for an administrator. The |
dad92c30 OZ |
1058 | config timeout expiration is equivalent to <cf/configure undo/ |
1059 | command. The timeout duration could be specified, default is 300 s. | |
a92cf57d | 1060 | |
b9864aa8 | 1061 | <tag><label id="cli-configure-confirm">configure confirm</tag> |
a92cf57d OZ |
1062 | Deactivate the config undo timer and therefore confirm the current |
1063 | configuration. | |
1064 | ||
b9864aa8 | 1065 | <tag><label id="cli-configure-undo">configure undo</tag> |
dad92c30 OZ |
1066 | Undo the last configuration change and smoothly switch back to the |
1067 | previous (stored) configuration. If the last configuration change was | |
1068 | soft, the undo change is also soft. There is only one level of undo, but | |
1069 | in some specific cases when several reconfiguration requests are given | |
1070 | immediately in a row and the intermediate ones are skipped then the undo | |
1071 | also skips them back. | |
a92cf57d | 1072 | |
b9864aa8 | 1073 | <tag><label id="cli-configure-check">configure check ["<m/config file/"]</tag> |
dad92c30 OZ |
1074 | Read and parse given config file, but do not use it. useful for checking |
1075 | syntactic and some semantic validity of an config file. | |
a92cf57d | 1076 | |
b9864aa8 | 1077 | <tag><label id="cli-enable-disable-restart">enable|disable|restart <m/name/|"<m/pattern/"|all</tag> |
dad92c30 OZ |
1078 | Enable, disable or restart a given protocol instance, instances matching |
1079 | the <cf><m/pattern/</cf> or <cf/all/ instances. | |
bf47fe4b | 1080 | |
b9864aa8 | 1081 | <tag><label id="cli-reload">reload [in|out] <m/name/|"<m/pattern/"|all</tag> |
dad92c30 OZ |
1082 | Reload a given protocol instance, that means re-import routes from the |
1083 | protocol instance and re-export preferred routes to the instance. If | |
1084 | <cf/in/ or <cf/out/ options are used, the command is restricted to one | |
1085 | direction (re-import or re-export). | |
1086 | ||
1087 | This command is useful if appropriate filters have changed but the | |
1088 | protocol instance was not restarted (or reloaded), therefore it still | |
1089 | propagates the old set of routes. For example when <cf/configure soft/ | |
1090 | command was used to change filters. | |
1091 | ||
1092 | Re-export always succeeds, but re-import is protocol-dependent and might | |
1093 | fail (for example, if BGP neighbor does not support route-refresh | |
1094 | extension). In that case, re-export is also skipped. Note that for the | |
1095 | pipe protocol, both directions are always reloaded together (<cf/in/ or | |
1096 | <cf/out/ options are ignored in that case). | |
8a7fb885 | 1097 | |
b9864aa8 | 1098 | <tag><label id="cli-down">down</tag> |
5a203dac | 1099 | Shut BIRD down. |
64722c98 | 1100 | |
9df52a98 | 1101 | <tag><label id="cli-debug">debug <m/protocol/|<m/pattern/|all all|off|{ states|routes|filters|events|packets [, <m/.../] }</tag> |
64722c98 | 1102 | Control protocol debugging. |
508d9360 | 1103 | |
b9864aa8 | 1104 | <tag><label id="cli-dump">dump resources|sockets|interfaces|neighbors|attributes|routes|protocols</tag> |
508d9360 OZ |
1105 | Dump contents of internal data structures to the debugging output. |
1106 | ||
b9864aa8 | 1107 | <tag><label id="cli-echo">echo all|off|{ <m/list of log classes/ } [ <m/buffer-size/ ]</tag> |
508d9360 | 1108 | Control echoing of log messages to the command-line output. |
b9864aa8 | 1109 | See <ref id="opt-log" name="log option"> for a list of log classes. |
508d9360 | 1110 | |
b9864aa8 | 1111 | <tag><label id="cli-eval">eval <m/expr/</tag> |
508d9360 | 1112 | Evaluate given expression. |
64722c98 | 1113 | </descrip> |
36032ded | 1114 | |
72163bd5 | 1115 | |
371adba6 | 1116 | <chapt>Filters |
b9864aa8 | 1117 | <label id="filters"> |
d37f899b | 1118 | |
371adba6 | 1119 | <sect>Introduction |
b9864aa8 | 1120 | <label id="filters-intro"> |
d37f899b | 1121 | |
dad92c30 OZ |
1122 | <p>BIRD contains a simple programming language. (No, it can't yet read mail :-). |
1123 | There are two objects in this language: filters and functions. Filters are | |
1124 | interpreted by BIRD core when a route is being passed between protocols and | |
1125 | routing tables. The filter language contains control structures such as if's and | |
1126 | switches, but it allows no loops. An example of a filter using many features can | |
1127 | be found in <file>filter/test.conf</file>. | |
d37f899b | 1128 | |
dad92c30 OZ |
1129 | <p>Filter gets the route, looks at its attributes and modifies some of them if |
1130 | it wishes. At the end, it decides whether to pass the changed route through | |
1131 | (using <cf/accept/) or whether to <cf/reject/ it. A simple filter looks like | |
1132 | this: | |
d37f899b | 1133 | |
a0dd1c74 | 1134 | <code> |
d37f899b PM |
1135 | filter not_too_far |
1136 | int var; | |
1137 | { | |
1138 | if defined( rip_metric ) then | |
1139 | var = rip_metric; | |
1140 | else { | |
1141 | var = 1; | |
1142 | rip_metric = 1; | |
1143 | } | |
1144 | if rip_metric > 10 then | |
1145 | reject "RIP metric is too big"; | |
1146 | else | |
1147 | accept "ok"; | |
1148 | } | |
a0dd1c74 | 1149 | </code> |
d37f899b | 1150 | |
dad92c30 OZ |
1151 | <p>As you can see, a filter has a header, a list of local variables, and a body. |
1152 | The header consists of the <cf/filter/ keyword followed by a (unique) name of | |
1153 | filter. The list of local variables consists of <cf><M>type name</M>;</cf> | |
1154 | pairs where each pair defines one local variable. The body consists of <cf> | |
1155 | { <M>statements</M> }</cf>. Each <m/statement/ is terminated by a <cf/;/. You | |
1156 | can group several statements to a single compound statement by using braces | |
1157 | (<cf>{ <M>statements</M> }</cf>) which is useful if you want to make a bigger | |
1158 | block of code conditional. | |
1632f1fe | 1159 | |
dad92c30 OZ |
1160 | <p>BIRD supports functions, so that you don't have to repeat the same blocks of |
1161 | code over and over. Functions can have zero or more parameters and they can have | |
1162 | local variables. Recursion is not allowed. Function definitions look like this: | |
0e5373fd PM |
1163 | |
1164 | <code> | |
1165 | function name () | |
1166 | int local_variable; | |
1167 | { | |
1168 | local_variable = 5; | |
1169 | } | |
1170 | ||
1171 | function with_parameters (int parameter) | |
1172 | { | |
1173 | print parameter; | |
1174 | } | |
1175 | </code> | |
1176 | ||
dad92c30 OZ |
1177 | <p>Unlike in C, variables are declared after the <cf/function/ line, but before |
1178 | the first <cf/{/. You can't declare variables in nested blocks. Functions are | |
1179 | called like in C: <cf>name(); with_parameters(5);</cf>. Function may return | |
1180 | values using the <cf>return <m/[expr]/</cf> command. Returning a value exits | |
1181 | from current function (this is similar to C). | |
0e5373fd | 1182 | |
dad92c30 OZ |
1183 | <p>Filters are declared in a way similar to functions except they can't have |
1184 | explicit parameters. They get a route table entry as an implicit parameter, it | |
1185 | is also passed automatically to any functions called. The filter must terminate | |
1186 | with either <cf/accept/ or <cf/reject/ statement. If there's a runtime error in | |
1187 | filter, the route is rejected. | |
0e5373fd | 1188 | |
dad92c30 OZ |
1189 | <p>A nice trick to debug filters is to use <cf>show route filter <m/name/</cf> |
1190 | from the command line client. An example session might look like: | |
c184d9d0 PM |
1191 | |
1192 | <code> | |
1193 | pavel@bug:~/bird$ ./birdc -s bird.ctl | |
1194 | BIRD 0.0.0 ready. | |
c184d9d0 PM |
1195 | bird> show route |
1196 | 10.0.0.0/8 dev eth0 [direct1 23:21] (240) | |
1197 | 195.113.30.2/32 dev tunl1 [direct1 23:21] (240) | |
1198 | 127.0.0.0/8 dev lo [direct1 23:21] (240) | |
1199 | bird> show route ? | |
1632f1fe | 1200 | show route [<prefix>] [table <t>] [filter <f>] [all] [primary]... |
66701947 | 1201 | bird> show route filter { if 127.0.0.5 ˜ net then accept; } |
c184d9d0 PM |
1202 | 127.0.0.0/8 dev lo [direct1 23:21] (240) |
1203 | bird> | |
1204 | </code> | |
1205 | ||
dad92c30 | 1206 | |
371adba6 | 1207 | <sect>Data types |
b9864aa8 | 1208 | <label id="data-types"> |
d37f899b | 1209 | |
dad92c30 OZ |
1210 | <p>Each variable and each value has certain type. Booleans, integers and enums |
1211 | are incompatible with each other (that is to prevent you from shooting in the | |
1212 | foot). | |
d37f899b PM |
1213 | |
1214 | <descrip> | |
b9864aa8 | 1215 | <tag><label id="type-bool">bool</tag> |
dad92c30 OZ |
1216 | This is a boolean type, it can have only two values, <cf/true/ and |
1217 | <cf/false/. Boolean is the only type you can use in <cf/if/ statements. | |
1218 | ||
b9864aa8 | 1219 | <tag><label id="type-int">int</tag> |
dad92c30 OZ |
1220 | This is a general integer type. It is an unsigned 32bit type; i.e., you |
1221 | can expect it to store values from 0 to 4294967295. Overflows are not | |
1222 | checked. You can use <cf/0x1234/ syntax to write hexadecimal values. | |
1223 | ||
b9864aa8 | 1224 | <tag><label id="type-pair">pair</tag> |
dad92c30 OZ |
1225 | This is a pair of two short integers. Each component can have values |
1226 | from 0 to 65535. Literals of this type are written as <cf/(1234,5678)/. | |
1227 | The same syntax can also be used to construct a pair from two arbitrary | |
1228 | integer expressions (for example <cf/(1+2,a)/). | |
1229 | ||
b9864aa8 | 1230 | <tag><label id="type-quad">quad</tag> |
dad92c30 OZ |
1231 | This is a dotted quad of numbers used to represent router IDs (and |
1232 | others). Each component can have a value from 0 to 255. Literals of | |
1233 | this type are written like IPv4 addresses. | |
1234 | ||
b9864aa8 | 1235 | <tag><label id="type-string">string</tag> |
dad92c30 OZ |
1236 | This is a string of characters. There are no ways to modify strings in |
1237 | filters. You can pass them between functions, assign them to variables | |
1238 | of type <cf/string/, print such variables, use standard string | |
1239 | comparison operations (e.g. <cf/=, !=, <, >, <=, >=/), but | |
1240 | you can't concatenate two strings. String literals are written as | |
768d5e10 PT |
1241 | <cf/"This is a string constant"/. Additionally matching (<cf/˜, |
1242 | !˜/) operators could be used to match a string value against | |
1243 | a shell pattern (represented also as a string). | |
dad92c30 | 1244 | |
b9864aa8 | 1245 | <tag><label id="type-ip">ip</tag> |
cf3e3845 OZ |
1246 | This type can hold a single IP address. The IPv4 addresses are stored as |
1247 | IPv4-Mapped IPv6 addresses so one data type for both of them is used. | |
1248 | Whether the address is IPv4 or not may be checked by <cf>.is_ip4</cf> | |
1249 | which returns <cf/bool/. IP addresses are written in the standard | |
1250 | notation (<cf/10.20.30.40/ or <cf/fec0:3:4::1/). You can apply special | |
1251 | operator <cf>.mask(<M>num</M>)</cf> on values of type ip. It masks out | |
1252 | all but first <cf><M>num</M></cf> bits from the IP address. So | |
dad92c30 OZ |
1253 | <cf/1.2.3.4.mask(8) = 1.0.0.0/ is true. |
1254 | ||
b9864aa8 | 1255 | <tag><label id="type-prefix">prefix</tag> |
8c9986d3 JMM |
1256 | This type can hold a network prefix consisting of IP address, prefix |
1257 | length and several other values. This is the key in route tables. | |
1258 | ||
a5d2a344 OZ |
1259 | Prefixes may be of several types, which can be determined by the special |
1260 | operator <cf/.type/. The type may be: | |
8c9986d3 | 1261 | |
a5d2a344 | 1262 | <cf/NET_IP4/ and <cf/NET_IP6/ prefixes hold an IP prefix. The literals |
0575c7db | 1263 | are written as <cf><m/ipaddress//<m/pxlen/</cf>. There are two special |
cf3e3845 OZ |
1264 | operators on these: <cf/.ip/ which extracts the IP address from the |
1265 | pair, and <cf/.len/, which separates prefix length from the pair. | |
90dc0f08 | 1266 | So <cf>1.2.0.0/16.len = 16</cf> is true. |
dad92c30 | 1267 | |
159d619c OZ |
1268 | <cf/NET_IP6_SADR/ nettype holds both destination and source IPv6 |
1269 | prefix. The literals are written as <cf><m/ipaddress//<m/pxlen/ from | |
1270 | <m/ipaddress//<m/pxlen/</cf>, where the first part is the destination | |
1271 | prefix and the second art is the source prefix. They support the same | |
1272 | operators as IP prefixes, but just for the destination part. | |
1273 | ||
a5d2a344 OZ |
1274 | <cf/NET_VPN4/ and <cf/NET_VPN6/ prefixes hold an IP prefix with VPN |
1275 | Route Distinguisher (<rfc id="4364">). They support the same special | |
1276 | operators as IP prefixes, and also <cf/.rd/ which extracts the Route | |
1277 | Distinguisher. Their literals are written | |
1278 | as <cf><m/vpnrd/ <m/ipprefix/</cf> | |
8c9986d3 | 1279 | |
a5d2a344 OZ |
1280 | <cf/NET_ROA4/ and <cf/NET_ROA6/ prefixes hold an IP prefix range |
1281 | together with an ASN. They support the same special operators as IP | |
1282 | prefixes, and also <cf/.maxlen/ which extracts maximal prefix length, | |
1283 | and <cf/.asn/ which extracts the ASN. | |
8c9986d3 | 1284 | |
a5d2a344 OZ |
1285 | <cf/NET_FLOW4/ and <cf/NET_FLOW6/ hold an IP prefix together with a |
1286 | flowspec rule. Filters currently don't support flowspec parsing. | |
8c9986d3 | 1287 | |
cf3e3845 OZ |
1288 | <cf/NET_MPLS/ holds a single MPLS label and its handling is currently |
1289 | not implemented. | |
3e52d112 JMM |
1290 | |
1291 | <tag><label id="type-vpnrd">vpnrd</tag> | |
1292 | This is a route distinguisher according to <rfc id="4364">. There are | |
1293 | three kinds of RD's: <cf><m/asn/:<m/32bit int/</cf>, <cf><m/asn4/:<m/16bit int/</cf> | |
1294 | and <cf><m/IPv4 address/:<m/32bit int/</cf> | |
1295 | ||
b9864aa8 | 1296 | <tag><label id="type-ec">ec</tag> |
dad92c30 OZ |
1297 | This is a specialized type used to represent BGP extended community |
1298 | values. It is essentially a 64bit value, literals of this type are | |
1299 | usually written as <cf>(<m/kind/, <m/key/, <m/value/)</cf>, where | |
1300 | <cf/kind/ is a kind of extended community (e.g. <cf/rt/ / <cf/ro/ for a | |
1301 | route target / route origin communities), the format and possible values | |
1302 | of <cf/key/ and <cf/value/ are usually integers, but it depends on the | |
1303 | used kind. Similarly to pairs, ECs can be constructed using expressions | |
1304 | for <cf/key/ and <cf/value/ parts, (e.g. <cf/(ro, myas, 3*10)/, where | |
1305 | <cf/myas/ is an integer variable). | |
dcde7ae5 | 1306 | |
b9864aa8 | 1307 | <tag><label id="type-lc">lc</tag> |
cec4a73c OZ |
1308 | This is a specialized type used to represent BGP large community |
1309 | values. It is essentially a triplet of 32bit values, where the first | |
1310 | value is reserved for the AS number of the issuer, while meaning of | |
1311 | remaining parts is defined by the issuer. Literals of this type are | |
1312 | written as <cf/(123, 456, 789)/, with any integer values. Similarly to | |
1313 | pairs, LCs can be constructed using expressions for its parts, (e.g. | |
1314 | <cf/(myas, 10+20, 3*10)/, where <cf/myas/ is an integer variable). | |
1315 | ||
b9864aa8 | 1316 | <tag><label id="type-set">int|pair|quad|ip|prefix|ec|lc|enum set</tag> |
dad92c30 OZ |
1317 | Filters recognize four types of sets. Sets are similar to strings: you |
1318 | can pass them around but you can't modify them. Literals of type <cf>int | |
1319 | set</cf> look like <cf> [ 1, 2, 5..7 ]</cf>. As you can see, both simple | |
1320 | values and ranges are permitted in sets. | |
1321 | ||
1322 | For pair sets, expressions like <cf/(123,*)/ can be used to denote | |
1323 | ranges (in that case <cf/(123,0)..(123,65535)/). You can also use | |
1324 | <cf/(123,5..100)/ for range <cf/(123,5)..(123,100)/. You can also use | |
1325 | <cf/*/ and <cf/a..b/ expressions in the first part of a pair, note that | |
1326 | such expressions are translated to a set of intervals, which may be | |
1327 | memory intensive. E.g. <cf/(*,4..20)/ is translated to <cf/(0,4..20), | |
1328 | (1,4..20), (2,4..20), ... (65535, 4..20)/. | |
1329 | ||
1330 | EC sets use similar expressions like pair sets, e.g. <cf/(rt, 123, | |
1331 | 10..20)/ or <cf/(ro, 123, *)/. Expressions requiring the translation | |
1332 | (like <cf/(rt, *, 3)/) are not allowed (as they usually have 4B range | |
1333 | for ASNs). | |
1334 | ||
cec4a73c OZ |
1335 | Also LC sets use similar expressions like pair sets. You can use ranges |
1336 | and wildcards, but if one field uses that, more specific (later) fields | |
1337 | must be wildcards. E.g., <cf/(10, 20..30, *)/ or <cf/(10, 20, 30..40)/ | |
1338 | is valid, while <cf/(10, *, 20..30)/ or <cf/(10, 20..30, 40)/ is not | |
1339 | valid. | |
1340 | ||
1341 | You can also use expressions for int, pair, EC and LC set values. | |
1342 | However, it must be possible to evaluate these expressions before daemon | |
1343 | boots. So you can use only constants inside them. E.g. | |
dad92c30 | 1344 | |
946dc15c OF |
1345 | <code> |
1346 | define one=1; | |
8815d846 | 1347 | define myas=64500; |
946dc15c OF |
1348 | int set odds; |
1349 | pair set ps; | |
8815d846 | 1350 | ec set es; |
946dc15c | 1351 | |
8815d846 | 1352 | odds = [ one, 2+1, 6-one, 2*2*2-1, 9, 11 ]; |
b54ad333 | 1353 | ps = [ (1,one+one), (3,4)..(4,8), (5,*), (6,3..6), (7..9,*) ]; |
8815d846 | 1354 | es = [ (rt, myas, 3*10), (rt, myas+one, 0..16*16*16-1), (ro, myas+2, *) ]; |
946dc15c | 1355 | </code> |
b1a597e0 | 1356 | |
dad92c30 OZ |
1357 | Sets of prefixes are special: their literals does not allow ranges, but |
1358 | allows prefix patterns that are written | |
1359 | as <cf><M>ipaddress</M>/<M>pxlen</M>{<M>low</M>,<M>high</M>}</cf>. | |
1360 | Prefix <cf><m>ip1</m>/<m>len1</m></cf> matches prefix | |
1361 | pattern <cf><m>ip2</m>/<m>len2</m>{<m>l</m>,<m>h</m>}</cf> if the | |
1362 | first <cf>min(len1, len2)</cf> bits of <cf/ip1/ and <cf/ip2/ are | |
1363 | identical and <cf>len1 <= ip1 <= len2</cf>. A valid prefix pattern | |
1364 | has to satisfy <cf>low <= high</cf>, but <cf/pxlen/ is not | |
1365 | constrained by <cf/low/ or <cf/high/. Obviously, a prefix matches a | |
1366 | prefix set literal if it matches any prefix pattern in the prefix set | |
1367 | literal. | |
1368 | ||
1369 | There are also two shorthands for prefix patterns: <cf><m/address//<m/len/+</cf> | |
1370 | is a shorthand for <cf><m/address//<m/len/{<m/len/,<m/maxlen/}</cf> | |
1371 | (where <cf><m/maxlen/</cf> is 32 for IPv4 and 128 for IPv6), that means | |
1372 | network prefix <cf><m/address//<m/len/</cf> and all its subnets. | |
1373 | <cf><m/address//<m/len/-</cf> is a shorthand for | |
1374 | <cf><m/address//<m/len/{0,<m/len/}</cf>, that means network prefix | |
1375 | <cf><m/address//<m/len/</cf> and all its supernets (network prefixes | |
1376 | that contain it). | |
1377 | ||
1378 | For example, <cf>[ 1.0.0.0/8, 2.0.0.0/8+, 3.0.0.0/8-, 4.0.0.0/8{16,24} | |
1379 | ]</cf> matches prefix <cf>1.0.0.0/8</cf>, all subprefixes of | |
1380 | <cf>2.0.0.0/8</cf>, all superprefixes of <cf>3.0.0.0/8</cf> and prefixes | |
1381 | <cf/4.X.X.X/ whose prefix length is 16 to 24. <cf>[ 0.0.0.0/0{20,24} ]</cf> | |
1382 | matches all prefixes (regardless of IP address) whose prefix length is | |
1383 | 20 to 24, <cf>[ 1.2.3.4/32- ]</cf> matches any prefix that contains IP | |
1384 | address <cf>1.2.3.4</cf>. <cf>1.2.0.0/16 ˜ [ 1.0.0.0/8{15,17} ]</cf> | |
1385 | is true, but <cf>1.0.0.0/16 ˜ [ 1.0.0.0/8- ]</cf> is false. | |
1386 | ||
1387 | Cisco-style patterns like <cf>10.0.0.0/8 ge 16 le 24</cf> can be expressed | |
523f020b | 1388 | in BIRD as <cf>10.0.0.0/8{16,24}</cf>, <cf>192.168.0.0/16 le 24</cf> as |
dad92c30 OZ |
1389 | <cf>192.168.0.0/16{16,24}</cf> and <cf>192.168.0.0/16 ge 24</cf> as |
1390 | <cf>192.168.0.0/16{24,32}</cf>. | |
d37f899b | 1391 | |
cf3e3845 | 1392 | It is possible to mix IPv4 and IPv6 prefixes/addresses in a prefix/ip set |
3e52d112 JMM |
1393 | but its behavior may change between versions without any warning; don't do |
1394 | it unless you are more than sure what you are doing. (Really, don't do it.) | |
1395 | ||
b9864aa8 | 1396 | <tag><label id="type-enum">enum</tag> |
dad92c30 OZ |
1397 | Enumeration types are fixed sets of possibilities. You can't define your |
1398 | own variables of such type, but some route attributes are of enumeration | |
1399 | type. Enumeration types are incompatible with each other. | |
0e5373fd | 1400 | |
b9864aa8 | 1401 | <tag><label id="type-bgppath">bgppath</tag> |
dad92c30 OZ |
1402 | BGP path is a list of autonomous system numbers. You can't write |
1403 | literals of this type. There are several special operators on bgppaths: | |
4cdd0784 | 1404 | |
dad92c30 | 1405 | <cf><m/P/.first</cf> returns the first ASN (the neighbor ASN) in path <m/P/. |
4cdd0784 | 1406 | |
dad92c30 | 1407 | <cf><m/P/.last</cf> returns the last ASN (the source ASN) in path <m/P/. |
4cdd0784 | 1408 | |
9c9cc35c OZ |
1409 | <cf><m/P/.last_nonaggregated</cf> returns the last ASN in the non-aggregated part of the path <m/P/. |
1410 | ||
dad92c30 OZ |
1411 | Both <cf/first/ and <cf/last/ return zero if there is no appropriate |
1412 | ASN, for example if the path contains an AS set element as the first (or | |
9c9cc35c OZ |
1413 | the last) part. If the path ends with an AS set, <cf/last_nonaggregated/ |
1414 | may be used to get last ASN before any AS set. | |
4cdd0784 | 1415 | |
dad92c30 | 1416 | <cf><m/P/.len</cf> returns the length of path <m/P/. |
4cdd0784 | 1417 | |
4842eeaa | 1418 | <cf><m/P/.empty</cf> makes the path <m/P/ empty. |
18ea2ea7 | 1419 | |
dad92c30 OZ |
1420 | <cf>prepend(<m/P/,<m/A/)</cf> prepends ASN <m/A/ to path <m/P/ and |
1421 | returns the result. | |
bff9ce51 | 1422 | |
dad92c30 OZ |
1423 | <cf>delete(<m/P/,<m/A/)</cf> deletes all instances of ASN <m/A/ from |
1424 | from path <m/P/ and returns the result. <m/A/ may also be an integer | |
1425 | set, in that case the operator deletes all ASNs from path <m/P/ that are | |
1426 | also members of set <m/A/. | |
bff9ce51 | 1427 | |
dad92c30 OZ |
1428 | <cf>filter(<m/P/,<m/A/)</cf> deletes all ASNs from path <m/P/ that are |
1429 | not members of integer set <m/A/. I.e., <cf/filter/ do the same as | |
1430 | <cf/delete/ with inverted set <m/A/. | |
bff9ce51 | 1431 | |
dad92c30 OZ |
1432 | Statement <cf><m/P/ = prepend(<m/P/, <m/A/);</cf> can be shortened to |
1433 | <cf><m/P/.prepend(<m/A/);</cf> if <m/P/ is appropriate route attribute | |
1434 | (for example <cf/bgp_path/). Similarly for <cf/delete/ and <cf/filter/. | |
4a5bb2bf | 1435 | |
b9864aa8 | 1436 | <tag><label id="type-bgpmask">bgpmask</tag> |
dad92c30 OZ |
1437 | BGP masks are patterns used for BGP path matching (using <cf>path |
1438 | ˜ [= 2 3 5 * =]</cf> syntax). The masks resemble wildcard patterns | |
1439 | as used by UNIX shells. Autonomous system numbers match themselves, | |
1440 | <cf/*/ matches any (even empty) sequence of arbitrary AS numbers and | |
523f020b | 1441 | <cf/?/ matches one arbitrary AS number. For example, if <cf>bgp_path</cf> |
dad92c30 OZ |
1442 | is 4 3 2 1, then: <tt>bgp_path ˜ [= * 4 3 * =]</tt> is true, |
1443 | but <tt>bgp_path ˜ [= * 4 5 * =]</tt> is false. BGP mask | |
1444 | expressions can also contain integer expressions enclosed in parenthesis | |
a0fe1944 OF |
1445 | and integer variables, for example <tt>[= * 4 (1+2) a =]</tt>. You can |
1446 | also use ranges, for example <tt>[= * 3..5 2 100..200 * =]</tt>. | |
4cdd0784 | 1447 | |
b9864aa8 | 1448 | <tag><label id="type-clist">clist</tag> |
dad92c30 OZ |
1449 | Clist is similar to a set, except that unlike other sets, it can be |
1450 | modified. The type is used for community list (a set of pairs) and for | |
1451 | cluster list (a set of quads). There exist no literals of this type. | |
1452 | There are three special operators on clists: | |
1453 | ||
1454 | <cf><m/C/.len</cf> returns the length of clist <m/C/. | |
1455 | ||
3e52d112 | 1456 | <cf><m/C/.empty</cf> makes the list <m/C/ empty. |
18ea2ea7 | 1457 | |
dad92c30 OZ |
1458 | <cf>add(<m/C/,<m/P/)</cf> adds pair (or quad) <m/P/ to clist <m/C/ and |
1459 | returns the result. If item <m/P/ is already in clist <m/C/, it does | |
1460 | nothing. <m/P/ may also be a clist, in that case all its members are | |
1461 | added; i.e., it works as clist union. | |
1462 | ||
1463 | <cf>delete(<m/C/,<m/P/)</cf> deletes pair (or quad) <m/P/ from clist | |
1464 | <m/C/ and returns the result. If clist <m/C/ does not contain item | |
1465 | <m/P/, it does nothing. <m/P/ may also be a pair (or quad) set, in that | |
1466 | case the operator deletes all items from clist <m/C/ that are also | |
1467 | members of set <m/P/. Moreover, <m/P/ may also be a clist, which works | |
1468 | analogously; i.e., it works as clist difference. | |
1469 | ||
1470 | <cf>filter(<m/C/,<m/P/)</cf> deletes all items from clist <m/C/ that are | |
1471 | not members of pair (or quad) set <m/P/. I.e., <cf/filter/ do the same | |
1472 | as <cf/delete/ with inverted set <m/P/. <m/P/ may also be a clist, which | |
1473 | works analogously; i.e., it works as clist intersection. | |
1474 | ||
1475 | Statement <cf><m/C/ = add(<m/C/, <m/P/);</cf> can be shortened to | |
1476 | <cf><m/C/.add(<m/P/);</cf> if <m/C/ is appropriate route attribute (for | |
1477 | example <cf/bgp_community/). Similarly for <cf/delete/ and <cf/filter/. | |
8815d846 | 1478 | |
b9864aa8 | 1479 | <tag><label id="type-eclist">eclist</tag> |
dad92c30 OZ |
1480 | Eclist is a data type used for BGP extended community lists. Eclists |
1481 | are very similar to clists, but they are sets of ECs instead of pairs. | |
768d5e10 PT |
1482 | The same operations (like <cf/add/, <cf/delete/ or <cf/˜/ and |
1483 | <cf/!˜/ membership operators) can be used to modify or test | |
1484 | eclists, with ECs instead of pairs as arguments. | |
cec4a73c | 1485 | |
9b0a0ba9 | 1486 | <tag><label id="type-lclist">lclist/</tag> |
cec4a73c OZ |
1487 | Lclist is a data type used for BGP large community lists. Like eclists, |
1488 | lclists are very similar to clists, but they are sets of LCs instead of | |
1489 | pairs. The same operations (like <cf/add/, <cf/delete/ or <cf/˜/ | |
1490 | and <cf/!˜/ membership operators) can be used to modify or test | |
1491 | lclists, with LCs instead of pairs as arguments. | |
d37f899b PM |
1492 | </descrip> |
1493 | ||
159d619c | 1494 | |
a7c9f7c0 | 1495 | <sect>Operators |
b9864aa8 | 1496 | <label id="operators"> |
d37f899b | 1497 | |
dad92c30 OZ |
1498 | <p>The filter language supports common integer operators <cf>(+,-,*,/)</cf>, |
1499 | parentheses <cf/(a*(b+c))/, comparison <cf/(a=b, a!=b, a<b, a>=b)/. | |
3e52d112 | 1500 | Logical operations include unary not (<cf/!/), and (<cf/&&/), and or |
768d5e10 PT |
1501 | (<cf/||/). Special operators include (<cf/˜/, |
1502 | <cf/!˜/) for "is (not) element of a set" operation - it can be used on | |
1503 | element and set of elements of the same type (returning true if element is | |
1504 | contained in the given set), or on two strings (returning true if first string | |
1505 | matches a shell-like pattern stored in second string) or on IP and prefix | |
1506 | (returning true if IP is within the range defined by that prefix), or on prefix | |
1507 | and prefix (returning true if first prefix is more specific than second one) or | |
1508 | on bgppath and bgpmask (returning true if the path matches the mask) or on | |
1509 | number and bgppath (returning true if the number is in the path) or on bgppath | |
1510 | and int (number) set (returning true if any ASN from the path is in the set) or | |
1511 | on pair/quad and clist (returning true if the pair/quad is element of the | |
1512 | clist) or on clist and pair/quad set (returning true if there is an element of | |
1513 | the clist that is also a member of the pair/quad set). | |
dad92c30 OZ |
1514 | |
1515 | <p>There is one operator related to ROA infrastructure - <cf/roa_check()/. It | |
7935b9d2 PT |
1516 | examines a ROA table and does <rfc id="6483"> route origin validation for a |
1517 | given network prefix. The basic usage is <cf>roa_check(<m/table/)</cf>, which | |
1518 | checks current route (which should be from BGP to have AS_PATH argument) in the | |
dad92c30 OZ |
1519 | specified ROA table and returns ROA_UNKNOWN if there is no relevant ROA, |
1520 | ROA_VALID if there is a matching ROA, or ROA_INVALID if there are some relevant | |
af582c48 | 1521 | ROAs but none of them match. There is also an extended variant |
dad92c30 OZ |
1522 | <cf>roa_check(<m/table/, <m/prefix/, <m/asn/)</cf>, which allows to specify a |
1523 | prefix and an ASN as arguments. | |
af582c48 | 1524 | |
d37f899b | 1525 | |
371adba6 | 1526 | <sect>Control structures |
b9864aa8 | 1527 | <label id="control-structures"> |
d37f899b | 1528 | |
523f020b | 1529 | <p>Filters support two control structures: conditions and case switches. |
a7c9f7c0 | 1530 | |
3e52d112 JMM |
1531 | <p>Syntax of a condition is: <cf>if <M>boolean expression</M> then <m/commandT/; |
1532 | else <m/commandF/;</cf> and you can use <cf>{ <m/command1/; <m/command2/; | |
dad92c30 | 1533 | <M>...</M> }</cf> instead of either command. The <cf>else</cf> clause may be |
3e52d112 JMM |
1534 | omitted. If the <cf><m>boolean expression</m></cf> is true, <m/commandT/ is |
1535 | executed, otherwise <m/commandF/ is executed. | |
dad92c30 OZ |
1536 | |
1537 | <p>The <cf>case</cf> is similar to case from Pascal. Syntax is <cf>case | |
1538 | <m/expr/ { else: | <m/num_or_prefix [ .. num_or_prefix]/: <m/statement/ ; [ | |
1539 | ... ] }</cf>. The expression after <cf>case</cf> can be of any type which can be | |
1540 | on the left side of the ˜ operator and anything that could be a member of | |
1541 | a set is allowed before <cf/:/. Multiple commands are allowed without <cf/{}/ | |
1542 | grouping. If <cf><m/expr/</cf> matches one of the <cf/:/ clauses, statements | |
1543 | between it and next <cf/:/ statement are executed. If <cf><m/expr/</cf> matches | |
1544 | neither of the <cf/:/ clauses, the statements after <cf/else:/ are executed. | |
d37f899b | 1545 | |
a7c9f7c0 | 1546 | <p>Here is example that uses <cf/if/ and <cf/case/ structures: |
af0b25d2 PM |
1547 | |
1548 | <code> | |
1549 | case arg1 { | |
1550 | 2: print "two"; print "I can do more commands without {}"; | |
1551 | 3 .. 5: print "three to five"; | |
1552 | else: print "something else"; | |
a7c9f7c0 | 1553 | } |
af0b25d2 | 1554 | |
523f020b OZ |
1555 | if 1234 = i then printn "."; else { |
1556 | print "not 1234"; | |
1557 | print "You need {} around multiple commands"; | |
8798c811 | 1558 | } |
af0b25d2 PM |
1559 | </code> |
1560 | ||
dad92c30 | 1561 | |
371adba6 | 1562 | <sect>Route attributes |
b9864aa8 | 1563 | <label id="route-attributes"> |
0e5373fd | 1564 | |
dad92c30 OZ |
1565 | <p>A filter is implicitly passed a route, and it can access its attributes just |
1566 | like it accesses variables. Attempts to access undefined attribute result in a | |
1567 | runtime error; you can check if an attribute is defined by using the | |
1568 | <cf>defined( <m>attribute</m> )</cf> operator. One notable exception to this | |
8f8671bc OZ |
1569 | rule are attributes of bgppath and *clist types, where undefined value is |
1570 | regarded as empty bgppath/*clist for most purposes. | |
a7c9f7c0 | 1571 | |
36032ded | 1572 | <descrip> |
b9864aa8 | 1573 | <tag><label id="rta-net"><m/prefix/ net</tag> |
cf3e3845 OZ |
1574 | The network prefix or anything else the route is talking about. The |
1575 | primary key of the routing table. Read-only. (See the <ref id="routes" | |
1576 | name="chapter about routes">.) | |
a7c9f7c0 | 1577 | |
b9864aa8 | 1578 | <tag><label id="rta-scope"><m/enum/ scope</tag> |
dad92c30 OZ |
1579 | The scope of the route. Possible values: <cf/SCOPE_HOST/ for routes |
1580 | local to this host, <cf/SCOPE_LINK/ for those specific for a physical | |
1581 | link, <cf/SCOPE_SITE/ and <cf/SCOPE_ORGANIZATION/ for private routes and | |
1582 | <cf/SCOPE_UNIVERSE/ for globally visible routes. This attribute is not | |
1583 | interpreted by BIRD and can be used to mark routes in filters. The | |
1584 | default value for new routes is <cf/SCOPE_UNIVERSE/. | |
0e5373fd | 1585 | |
b9864aa8 | 1586 | <tag><label id="rta-preference"><m/int/ preference</tag> |
dad92c30 OZ |
1587 | Preference of the route. Valid values are 0-65535. (See the chapter |
1588 | about routing tables.) | |
c184d9d0 | 1589 | |
b9864aa8 | 1590 | <tag><label id="rta-from"><m/ip/ from</tag> |
00192d5a | 1591 | The router which the route has originated from. |
523f020b | 1592 | |
b9864aa8 | 1593 | <tag><label id="rta-gw"><m/ip/ gw</tag> |
a7c9f7c0 | 1594 | Next hop packets routed using this route should be forwarded to. |
0e5373fd | 1595 | |
b9864aa8 | 1596 | <tag><label id="rta-proto"><m/string/ proto</tag> |
dad92c30 OZ |
1597 | The name of the protocol which the route has been imported from. |
1598 | Read-only. | |
e29fa06e | 1599 | |
b9864aa8 | 1600 | <tag><label id="rta-source"><m/enum/ source</tag> |
dad92c30 OZ |
1601 | what protocol has told me about this route. Possible values: |
1602 | <cf/RTS_DUMMY/, <cf/RTS_STATIC/, <cf/RTS_INHERIT/, <cf/RTS_DEVICE/, | |
1603 | <cf/RTS_STATIC_DEVICE/, <cf/RTS_REDIRECT/, <cf/RTS_RIP/, <cf/RTS_OSPF/, | |
1604 | <cf/RTS_OSPF_IA/, <cf/RTS_OSPF_EXT1/, <cf/RTS_OSPF_EXT2/, <cf/RTS_BGP/, | |
12640c14 | 1605 | <cf/RTS_PIPE/, <cf/RTS_BABEL/. |
c184d9d0 | 1606 | |
b9864aa8 | 1607 | <tag><label id="rta-dest"><m/enum/ dest</tag> |
182a7895 OZ |
1608 | Type of destination the packets should be sent to |
1609 | (<cf/RTD_ROUTER/ for forwarding to a neighboring router, | |
1610 | <cf/RTD_DEVICE/ for routing to a directly-connected network, | |
1611 | <cf/RTD_MULTIPATH/ for multipath destinations, | |
1612 | <cf/RTD_BLACKHOLE/ for packets to be silently discarded, | |
dad92c30 OZ |
1613 | <cf/RTD_UNREACHABLE/, <cf/RTD_PROHIBIT/ for packets that should be |
1614 | returned with ICMP host unreachable / ICMP administratively prohibited | |
1615 | messages). Can be changed, but only to <cf/RTD_BLACKHOLE/, | |
1616 | <cf/RTD_UNREACHABLE/ or <cf/RTD_PROHIBIT/. | |
b74f45f8 | 1617 | |
b9864aa8 | 1618 | <tag><label id="rta-ifname"><m/string/ ifname</tag> |
dad92c30 OZ |
1619 | Name of the outgoing interface. Sink routes (like blackhole, unreachable |
1620 | or prohibit) and multipath routes have no interface associated with | |
f2d8e680 OZ |
1621 | them, so <cf/ifname/ returns an empty string for such routes. Setting it |
1622 | would also change route to a direct one (remove gateway). | |
a5fc5958 | 1623 | |
b9864aa8 | 1624 | <tag><label id="rta-ifindex"><m/int/ ifindex</tag> |
dad92c30 OZ |
1625 | Index of the outgoing interface. System wide index of the interface. May |
1626 | be used for interface matching, however indexes might change on interface | |
1627 | creation/removal. Zero is returned for routes with undefined outgoing | |
a5fc5958 OZ |
1628 | interfaces. Read-only. |
1629 | ||
b9864aa8 | 1630 | <tag><label id="rta-igp-metric"><m/int/ igp_metric</tag> |
dad92c30 OZ |
1631 | The optional attribute that can be used to specify a distance to the |
1632 | network for routes that do not have a native protocol metric attribute | |
1633 | (like <cf/ospf_metric1/ for OSPF routes). It is used mainly by BGP to | |
feae132e | 1634 | compare internal distances to boundary routers (see below). |
ba1dda49 | 1635 | </descrip> |
0e5373fd | 1636 | |
3e52d112 | 1637 | <p>There also exist protocol-specific attributes which are described in the |
dad92c30 OZ |
1638 | corresponding protocol sections. |
1639 | ||
0e5373fd | 1640 | |
1632f1fe | 1641 | <sect>Other statements |
b9864aa8 | 1642 | <label id="other-statements"> |
69477cad | 1643 | |
a7c9f7c0 | 1644 | <p>The following statements are available: |
69477cad PM |
1645 | |
1646 | <descrip> | |
b9864aa8 | 1647 | <tag><label id="assignment"><m/variable/ = <m/expr/</tag> |
dad92c30 | 1648 | Set variable to a given value. |
326e33f5 | 1649 | |
b9864aa8 | 1650 | <tag><label id="filter-accept-reject">accept|reject [ <m/expr/ ]</tag> |
dad92c30 | 1651 | Accept or reject the route, possibly printing <cf><m>expr</m></cf>. |
326e33f5 | 1652 | |
b9864aa8 | 1653 | <tag><label id="return">return <m/expr/</tag> |
dad92c30 OZ |
1654 | Return <cf><m>expr</m></cf> from the current function, the function ends |
1655 | at this point. | |
326e33f5 | 1656 | |
b9864aa8 | 1657 | <tag><label id="print">print|printn <m/expr/ [<m/, expr.../]</tag> |
dad92c30 OZ |
1658 | Prints given expressions; useful mainly while debugging filters. The |
1659 | <cf/printn/ variant does not terminate the line. | |
69477cad | 1660 | |
b9864aa8 | 1661 | <tag><label id="quitbird">quitbird</tag> |
1632f1fe | 1662 | Terminates BIRD. Useful when debugging the filter interpreter. |
69477cad PM |
1663 | </descrip> |
1664 | ||
dad92c30 | 1665 | |
371adba6 | 1666 | <chapt>Protocols |
b9864aa8 | 1667 | <label id="protocols"> |
d37f899b | 1668 | |
937e75d8 | 1669 | <sect>Babel |
b9864aa8 | 1670 | <label id="babel"> |
937e75d8 OZ |
1671 | |
1672 | <sect1>Introduction | |
b9864aa8 | 1673 | <label id="babel-intro"> |
937e75d8 | 1674 | |
7935b9d2 PT |
1675 | <p>The Babel protocol |
1676 | (<rfc id="6126">) is a loop-avoiding distance-vector routing protocol that is | |
1677 | robust and efficient both in ordinary wired networks and in wireless mesh | |
1678 | networks. Babel is conceptually very simple in its operation and "just works" | |
1679 | in its default configuration, though some configuration is possible and in some | |
1680 | cases desirable. | |
937e75d8 | 1681 | |
300bd0eb OZ |
1682 | <p>The Babel protocol is dual stack; i.e., it can carry both IPv4 and IPv6 |
1683 | routes over the same IPv6 transport. For sending and receiving Babel packets, | |
1684 | only a link-local IPv6 address is needed. | |
937e75d8 | 1685 | |
159d619c OZ |
1686 | <p>BIRD implements an extension for IPv6 source-specific routing (SSR or SADR), |
1687 | but must be configured accordingly to use it. SADR-enabled Babel router can | |
1688 | interoperate with non-SADR Babel router, but the later would ignore routes | |
1689 | with specific (non-zero) source prefix. | |
937e75d8 OZ |
1690 | |
1691 | <sect1>Configuration | |
b9864aa8 | 1692 | <label id="babel-config"> |
937e75d8 | 1693 | |
159d619c OZ |
1694 | <p>The Babel protocol support both IPv4 and IPv6 channels; both can be |
1695 | configured simultaneously. It can also be configured with <ref | |
1696 | id="ip-sadr-routes" name="IPv6 SADR"> channel instead of regular IPv6 | |
1697 | channel, in such case SADR support is enabled. Babel supports no global | |
1698 | configuration options apart from those common to all other protocols, but | |
1699 | supports the following per-interface configuration options: | |
937e75d8 OZ |
1700 | |
1701 | <code> | |
1702 | protocol babel [<name>] { | |
3e52d112 | 1703 | ipv4 { <channel config> }; |
159d619c | 1704 | ipv6 [sadr] { <channel config> }; |
70fab178 | 1705 | randomize router id <switch>; |
937e75d8 OZ |
1706 | interface <interface pattern> { |
1707 | type <wired|wireless>; | |
1708 | rxcost <number>; | |
b47eaefe | 1709 | limit <number>; |
cf3e3845 OZ |
1710 | hello interval <time>; |
1711 | update interval <time>; | |
937e75d8 OZ |
1712 | port <number>; |
1713 | tx class|dscp <number>; | |
1714 | tx priority <number>; | |
1715 | rx buffer <number>; | |
1716 | tx length <number>; | |
1717 | check link <switch>; | |
300bd0eb OZ |
1718 | next hop ipv4 <address>; |
1719 | next hop ipv6 <address>; | |
937e75d8 OZ |
1720 | }; |
1721 | } | |
1722 | </code> | |
1723 | ||
1724 | <descrip> | |
159d619c OZ |
1725 | <tag><label id="babel-channel">ipv4 | ipv6 [sadr] <m/channel config/</tag> |
1726 | The supported channels are IPv4, IPv6, and IPv6 SADR. | |
3e52d112 | 1727 | |
70fab178 OZ |
1728 | <tag><label id="babel-random-router-id">randomize router id <m/switch/</tag> |
1729 | If enabled, Bird will randomize the top 32 bits of its router ID whenever | |
1730 | the protocol instance starts up. If a Babel node restarts, it loses its | |
1731 | sequence number, which can cause its routes to be rejected by peers until | |
1732 | the state is cleared out by other nodes in the network (which can take on | |
1733 | the order of minutes). Enabling this option causes Bird to pick a random | |
1734 | router ID every time it starts up, which avoids this problem at the cost | |
1735 | of not having stable router IDs in the network. Default: no. | |
1736 | ||
b9864aa8 | 1737 | <tag><label id="babel-type">type wired|wireless </tag> |
b47eaefe OZ |
1738 | This option specifies the interface type: Wired or wireless. On wired |
1739 | interfaces a neighbor is considered unreachable after a small number of | |
1740 | Hello packets are lost, as described by <cf/limit/ option. On wireless | |
1741 | interfaces the ETX link quality estimation technique is used to compute | |
1742 | the metrics of routes discovered over this interface. This technique will | |
1743 | gradually degrade the metric of routes when packets are lost rather than | |
1744 | the more binary up/down mechanism of wired type links. Default: | |
1745 | <cf/wired/. | |
937e75d8 | 1746 | |
b9864aa8 | 1747 | <tag><label id="babel-rxcost">rxcost <m/num/</tag> |
b47eaefe OZ |
1748 | This option specifies the nominal RX cost of the interface. The effective |
1749 | neighbor costs for route metrics will be computed from this value with a | |
1750 | mechanism determined by the interface <cf/type/. Note that in contrast to | |
1751 | other routing protocols like RIP or OSPF, the <cf/rxcost/ specifies the | |
1752 | cost of RX instead of TX, so it affects primarily neighbors' route | |
1753 | selection and not local route selection. Default: 96 for wired interfaces, | |
1754 | 256 for wireless. | |
1755 | ||
1756 | <tag><label id="babel-limit">limit <m/num/</tag> | |
1757 | BIRD keeps track of received Hello messages from each neighbor to | |
1758 | establish neighbor reachability. For wired type interfaces, this option | |
1759 | specifies how many of last 16 hellos have to be correctly received in | |
1760 | order to neighbor is assumed to be up. The option is ignored on wireless | |
1761 | type interfaces, where gradual cost degradation is used instead of sharp | |
1762 | limit. Default: 12. | |
937e75d8 | 1763 | |
cf3e3845 | 1764 | <tag><label id="babel-hello">hello interval <m/time/ s|ms</tag> |
b47eaefe | 1765 | Interval at which periodic Hello messages are sent on this interface, |
cf3e3845 | 1766 | with time units. Default: 4 seconds. |
937e75d8 | 1767 | |
cf3e3845 OZ |
1768 | <tag><label id="babel-update">update interval <m/time/ s|ms</tag> |
1769 | Interval at which periodic (full) updates are sent, with time | |
1770 | units. Default: 4 times the hello interval. | |
937e75d8 | 1771 | |
b9864aa8 | 1772 | <tag><label id="babel-port">port <m/number/</tag> |
937e75d8 OZ |
1773 | This option selects an UDP port to operate on. The default is to operate |
1774 | on port 6696 as specified in the Babel RFC. | |
1775 | ||
b9864aa8 | 1776 | <tag><label id="babel-tx-class">tx class|dscp|priority <m/number/</tag> |
937e75d8 | 1777 | These options specify the ToS/DiffServ/Traffic class/Priority of the |
b9864aa8 | 1778 | outgoing Babel packets. See <ref id="proto-tx-class" name="tx class"> common |
937e75d8 OZ |
1779 | option for detailed description. |
1780 | ||
b9864aa8 | 1781 | <tag><label id="babel-rx-buffer">rx buffer <m/number/</tag> |
937e75d8 OZ |
1782 | This option specifies the size of buffers used for packet processing. |
1783 | The buffer size should be bigger than maximal size of received packets. | |
1784 | The default value is the interface MTU, and the value will be clamped to a | |
1785 | minimum of 512 bytes + IP packet overhead. | |
1786 | ||
b9864aa8 | 1787 | <tag><label id="babel-tx-length">tx length <m/number/</tag> |
937e75d8 OZ |
1788 | This option specifies the maximum length of generated Babel packets. To |
1789 | avoid IP fragmentation, it should not exceed the interface MTU value. | |
1790 | The default value is the interface MTU value, and the value will be | |
1791 | clamped to a minimum of 512 bytes + IP packet overhead. | |
1792 | ||
b9864aa8 | 1793 | <tag><label id="babel-check-link">check link <m/switch/</tag> |
937e75d8 OZ |
1794 | If set, the hardware link state (as reported by OS) is taken into |
1795 | consideration. When the link disappears (e.g. an ethernet cable is | |
1796 | unplugged), neighbors are immediately considered unreachable and all | |
1797 | routes received from them are withdrawn. It is possible that some | |
1798 | hardware drivers or platforms do not implement this feature. Default: | |
1799 | yes. | |
300bd0eb OZ |
1800 | |
1801 | <tag><label id="babel-next-hop-ipv4">next hop ipv4 <m/address/</tag> | |
1802 | Set the next hop address advertised for IPv4 routes advertised on this | |
cf3e3845 | 1803 | interface. Default: the preferred IPv4 address of the interface. |
300bd0eb OZ |
1804 | |
1805 | <tag><label id="babel-next-hop-ipv6">next hop ipv6 <m/address/</tag> | |
1806 | Set the next hop address advertised for IPv6 routes advertised on this | |
1807 | interface. If not set, the same link-local address that is used as the | |
1808 | source for Babel packets will be used. In normal operation, it should not | |
1809 | be necessary to set this option. | |
937e75d8 OZ |
1810 | </descrip> |
1811 | ||
12640c14 | 1812 | <sect1>Attributes |
b9864aa8 | 1813 | <label id="babel-attr"> |
12640c14 OZ |
1814 | |
1815 | <p>Babel defines just one attribute: the internal babel metric of the route. It | |
1816 | is exposed as the <cf/babel_metric/ attribute and has range from 1 to infinity | |
1817 | (65535). | |
1818 | ||
1819 | <sect1>Example | |
b9864aa8 | 1820 | <label id="babel-exam"> |
12640c14 OZ |
1821 | |
1822 | <p><code> | |
1823 | protocol babel { | |
1824 | interface "eth*" { | |
1825 | type wired; | |
1826 | }; | |
1827 | interface "wlan0", "wlan1" { | |
1828 | type wireless; | |
1829 | hello interval 1; | |
1830 | rxcost 512; | |
1831 | }; | |
1832 | interface "tap0"; | |
1833 | ||
1834 | # This matches the default of babeld: redistribute all addresses | |
1835 | # configured on local interfaces, plus re-distribute all routes received | |
1836 | # from other babel peers. | |
1837 | ||
300bd0eb OZ |
1838 | ipv4 { |
1839 | export where (source = RTS_DEVICE) || (source = RTS_BABEL); | |
1840 | }; | |
1841 | ipv6 { | |
1842 | export where (source = RTS_DEVICE) || (source = RTS_BABEL); | |
1843 | }; | |
12640c14 OZ |
1844 | } |
1845 | </code> | |
1846 | ||
3e52d112 JMM |
1847 | <sect1>Known issues |
1848 | <label id="babel-issues"> | |
1849 | ||
cf3e3845 OZ |
1850 | <p>When retracting a route, Babel generates an unreachable route for a little |
1851 | while (according to RFC). The interaction of this behavior with other protocols | |
1852 | is not well tested and strange things may happen. | |
1853 | ||
937e75d8 | 1854 | |
5bf35a9a | 1855 | <sect>BFD |
b9864aa8 | 1856 | <label id="bfd"> |
1ec52253 OZ |
1857 | |
1858 | <sect1>Introduction | |
b9864aa8 | 1859 | <label id="bfd-intro"> |
1ec52253 OZ |
1860 | |
1861 | <p>Bidirectional Forwarding Detection (BFD) is not a routing protocol itself, it | |
1862 | is an independent tool providing liveness and failure detection. Routing | |
1863 | protocols like OSPF and BGP use integrated periodic "hello" messages to monitor | |
1864 | liveness of neighbors, but detection times of these mechanisms are high (e.g. 40 | |
1865 | seconds by default in OSPF, could be set down to several seconds). BFD offers | |
1866 | universal, fast and low-overhead mechanism for failure detection, which could be | |
1867 | attached to any routing protocol in an advisory role. | |
1868 | ||
1869 | <p>BFD consists of mostly independent BFD sessions. Each session monitors an | |
1870 | unicast bidirectional path between two BFD-enabled routers. This is done by | |
1871 | periodically sending control packets in both directions. BFD does not handle | |
1872 | neighbor discovery, BFD sessions are created on demand by request of other | |
1873 | protocols (like OSPF or BGP), which supply appropriate information like IP | |
1874 | addresses and associated interfaces. When a session changes its state, these | |
1875 | protocols are notified and act accordingly (e.g. break an OSPF adjacency when | |
1876 | the BFD session went down). | |
1877 | ||
7935b9d2 PT |
1878 | <p>BIRD implements basic BFD behavior as defined in <rfc id="5880"> (some |
1879 | advanced features like the echo mode or authentication are not implemented), IP | |
1880 | transport for BFD as defined in <rfc id="5881"> and <rfc id="5883"> and | |
1881 | interaction with client protocols as defined in <rfc id="5882">. | |
3e52d112 | 1882 | We currently support at most one protocol instance. |
1ec52253 | 1883 | |
d96ec7f6 OZ |
1884 | <p>BFD packets are sent with a dynamic source port number. Linux systems use by |
1885 | default a bit different dynamic port range than the IANA approved one | |
1886 | (49152-65535). If you experience problems with compatibility, please adjust | |
1887 | <cf>/proc/sys/net/ipv4/ip_local_port_range</cf> | |
1888 | ||
1ec52253 | 1889 | <sect1>Configuration |
b9864aa8 | 1890 | <label id="bfd-config"> |
1ec52253 OZ |
1891 | |
1892 | <p>BFD configuration consists mainly of multiple definitions of interfaces. | |
1893 | Most BFD config options are session specific. When a new session is requested | |
1894 | and dynamically created, it is configured from one of these definitions. For | |
1895 | sessions to directly connected neighbors, <cf/interface/ definitions are chosen | |
1896 | based on the interface associated with the session, while <cf/multihop/ | |
1897 | definition is used for multihop sessions. If no definition is relevant, the | |
1898 | session is just created with the default configuration. Therefore, an empty BFD | |
1899 | configuration is often sufficient. | |
1900 | ||
1901 | <p>Note that to use BFD for other protocols like OSPF or BGP, these protocols | |
1902 | also have to be configured to request BFD sessions, usually by <cf/bfd/ option. | |
1903 | ||
1904 | <p>Some of BFD session options require <m/time/ value, which has to be specified | |
1905 | with the appropriate unit: <m/num/ <cf/s/|<cf/ms/|<cf/us/. Although microseconds | |
1906 | are allowed as units, practical minimum values are usually in order of tens of | |
1907 | milliseconds. | |
1908 | ||
1909 | <code> | |
1910 | protocol bfd [<name>] { | |
1911 | interface <interface pattern> { | |
1912 | interval <time>; | |
1913 | min rx interval <time>; | |
1914 | min tx interval <time>; | |
1915 | idle tx interval <time>; | |
1916 | multiplier <num>; | |
1917 | passive <switch>; | |
e03dc6a9 OZ |
1918 | authentication none; |
1919 | authentication simple; | |
1920 | authentication [meticulous] keyed md5|sha1; | |
1921 | password "<text>"; | |
1922 | password "<text>" { | |
1923 | id <num>; | |
1924 | generate from "<date>"; | |
1925 | generate to "<date>"; | |
1926 | accept from "<date>"; | |
1927 | accept to "<date>"; | |
1928 | from "<date>"; | |
1929 | to "<date>"; | |
1930 | }; | |
1ec52253 OZ |
1931 | }; |
1932 | multihop { | |
1933 | interval <time>; | |
1934 | min rx interval <time>; | |
1935 | min tx interval <time>; | |
1936 | idle tx interval <time>; | |
1937 | multiplier <num>; | |
1938 | passive <switch>; | |
1939 | }; | |
1940 | neighbor <ip> [dev "<interface>"] [local <ip>] [multihop <switch>]; | |
1941 | } | |
1942 | </code> | |
1943 | ||
1944 | <descrip> | |
9df52a98 | 1945 | <tag><label id="bfd-iface">interface <m/pattern/ [, <m/.../] { <m/options/ }</tag> |
1ec52253 OZ |
1946 | Interface definitions allow to specify options for sessions associated |
1947 | with such interfaces and also may contain interface specific options. | |
b9864aa8 | 1948 | See <ref id="proto-iface" name="interface"> common option for a detailed |
1ec52253 OZ |
1949 | description of interface patterns. Note that contrary to the behavior of |
1950 | <cf/interface/ definitions of other protocols, BFD protocol would accept | |
1951 | sessions (in default configuration) even on interfaces not covered by | |
1952 | such definitions. | |
1953 | ||
b9864aa8 | 1954 | <tag><label id="bfd-multihop">multihop { <m/options/ }</tag> |
1ec52253 OZ |
1955 | Multihop definitions allow to specify options for multihop BFD sessions, |
1956 | in the same manner as <cf/interface/ definitions are used for directly | |
1957 | connected sessions. Currently only one such definition (for all multihop | |
1958 | sessions) could be used. | |
1959 | ||
b9864aa8 | 1960 | <tag><label id="bfd-neighbor">neighbor <m/ip/ [dev "<m/interface/"] [local <m/ip/] [multihop <m/switch/]</tag> |
1ec52253 OZ |
1961 | BFD sessions are usually created on demand as requested by other |
1962 | protocols (like OSPF or BGP). This option allows to explicitly add | |
1963 | a BFD session to the specified neighbor regardless of such requests. | |
523f020b | 1964 | |
1ec52253 | 1965 | The session is identified by the IP address of the neighbor, with |
dad92c30 | 1966 | optional specification of used interface and local IP. By default |
fff7498d | 1967 | the neighbor must be directly connected, unless the session is |
1ec52253 OZ |
1968 | configured as multihop. Note that local IP must be specified for |
1969 | multihop sessions. | |
1970 | </descrip> | |
1971 | ||
1972 | <p>Session specific options (part of <cf/interface/ and <cf/multihop/ definitions): | |
1973 | ||
1974 | <descrip> | |
b9864aa8 | 1975 | <tag><label id="bfd-interval">interval <m/time/</tag> |
1ec52253 OZ |
1976 | BFD ensures availability of the forwarding path associated with the |
1977 | session by periodically sending BFD control packets in both | |
1978 | directions. The rate of such packets is controlled by two options, | |
1979 | <cf/min rx interval/ and <cf/min tx interval/ (see below). This option | |
1980 | is just a shorthand to set both of these options together. | |
1981 | ||
b9864aa8 | 1982 | <tag><label id="bfd-min-rx-interval">min rx interval <m/time/</tag> |
1ec52253 OZ |
1983 | This option specifies the minimum RX interval, which is announced to the |
1984 | neighbor and used there to limit the neighbor's rate of generated BFD | |
1985 | control packets. Default: 10 ms. | |
1986 | ||
b9864aa8 | 1987 | <tag><label id="bfd-min-tx-interval">min tx interval <m/time/</tag> |
1ec52253 OZ |
1988 | This option specifies the desired TX interval, which controls the rate |
1989 | of generated BFD control packets (together with <cf/min rx interval/ | |
1990 | announced by the neighbor). Note that this value is used only if the BFD | |
1991 | session is up, otherwise the value of <cf/idle tx interval/ is used | |
1992 | instead. Default: 100 ms. | |
1993 | ||
b9864aa8 | 1994 | <tag><label id="bfd-idle-tx-interval">idle tx interval <m/time/</tag> |
1ec52253 OZ |
1995 | In order to limit unnecessary traffic in cases where a neighbor is not |
1996 | available or not running BFD, the rate of generated BFD control packets | |
1997 | is lower when the BFD session is not up. This option specifies the | |
1998 | desired TX interval in such cases instead of <cf/min tx interval/. | |
1999 | Default: 1 s. | |
2000 | ||
b9864aa8 | 2001 | <tag><label id="bfd-multiplier">multiplier <m/num/</tag> |
1ec52253 OZ |
2002 | Failure detection time for BFD sessions is based on established rate of |
2003 | BFD control packets (<cf>min rx/tx interval</cf>) multiplied by this | |
2004 | multiplier, which is essentially (ignoring jitter) a number of missed | |
2005 | packets after which the session is declared down. Note that rates and | |
2006 | multipliers could be different in each direction of a BFD session. | |
2007 | Default: 5. | |
2008 | ||
b9864aa8 | 2009 | <tag><label id="bfd-passive">passive <m/switch/</tag> |
fff7498d | 2010 | Generally, both BFD session endpoints try to establish the session by |
1ec52253 OZ |
2011 | sending control packets to the other side. This option allows to enable |
2012 | passive mode, which means that the router does not send BFD packets | |
2013 | until it has received one from the other side. Default: disabled. | |
e03dc6a9 OZ |
2014 | |
2015 | <tag>authentication none</tag> | |
2016 | No passwords are sent in BFD packets. This is the default value. | |
2017 | ||
2018 | <tag>authentication simple</tag> | |
2019 | Every packet carries 16 bytes of password. Received packets lacking this | |
2020 | password are ignored. This authentication mechanism is very weak. | |
2021 | ||
2022 | <tag>authentication [meticulous] keyed md5|sha1</tag> | |
2023 | An authentication code is appended to each packet. The cryptographic | |
2024 | algorithm is keyed MD5 or keyed SHA-1. Note that the algorithm is common | |
2025 | for all keys (on one interface), in contrast to OSPF or RIP, where it | |
2026 | is a per-key option. Passwords (keys) are not sent open via network. | |
2027 | ||
2028 | The <cf/meticulous/ variant means that cryptographic sequence numbers | |
2029 | are increased for each sent packet, while in the basic variant they are | |
2030 | increased about once per second. Generally, the <cf/meticulous/ variant | |
2031 | offers better resistance to replay attacks but may require more | |
2032 | computation. | |
2033 | ||
2034 | <tag>password "<M>text</M>"</tag> | |
7e8d6116 | 2035 | Specifies a password used for authentication. See <ref id="proto-pass" |
e03dc6a9 OZ |
2036 | name="password"> common option for detailed description. Note that |
2037 | password option <cf/algorithm/ is not available in BFD protocol. The | |
2038 | algorithm is selected by <cf/authentication/ option for all passwords. | |
2039 | ||
1ec52253 OZ |
2040 | </descrip> |
2041 | ||
2042 | <sect1>Example | |
b9864aa8 | 2043 | <label id="bfd-exam"> |
1ec52253 OZ |
2044 | |
2045 | <p><code> | |
2046 | protocol bfd { | |
2047 | interface "eth*" { | |
2048 | min rx interval 20 ms; | |
2049 | min tx interval 50 ms; | |
2050 | idle tx interval 300 ms; | |
2051 | }; | |
2052 | interface "gre*" { | |
2053 | interval 200 ms; | |
2054 | multiplier 10; | |
2055 | passive; | |
2056 | }; | |
2057 | multihop { | |
2058 | interval 200 ms; | |
2059 | multiplier 10; | |
2060 | }; | |
2061 | ||
2062 | neighbor 192.168.1.10; | |
2063 | neighbor 192.168.2.2 dev "eth2"; | |
2064 | neighbor 192.168.10.1 local 192.168.1.1 multihop; | |
2065 | } | |
2066 | </code> | |
2067 | ||
dad92c30 | 2068 | |
371adba6 | 2069 | <sect>BGP |
b9864aa8 | 2070 | <label id="bgp"> |
1b55b1a3 | 2071 | |
dad92c30 OZ |
2072 | <p>The Border Gateway Protocol is the routing protocol used for backbone level |
2073 | routing in the today's Internet. Contrary to other protocols, its convergence | |
2074 | does not rely on all routers following the same rules for route selection, | |
2075 | making it possible to implement any routing policy at any router in the network, | |
2076 | the only restriction being that if a router advertises a route, it must accept | |
2077 | and forward packets according to it. | |
2078 | ||
2079 | <p>BGP works in terms of autonomous systems (often abbreviated as AS). Each AS | |
2080 | is a part of the network with common management and common routing policy. It is | |
2081 | identified by a unique 16-bit number (ASN). Routers within each AS usually | |
2082 | exchange AS-internal routing information with each other using an interior | |
2083 | gateway protocol (IGP, such as OSPF or RIP). Boundary routers at the border of | |
2084 | the AS communicate global (inter-AS) network reachability information with their | |
2085 | neighbors in the neighboring AS'es via exterior BGP (eBGP) and redistribute | |
2086 | received information to other routers in the AS via interior BGP (iBGP). | |
2087 | ||
2088 | <p>Each BGP router sends to its neighbors updates of the parts of its routing | |
2089 | table it wishes to export along with complete path information (a list of AS'es | |
2090 | the packet will travel through if it uses the particular route) in order to | |
2091 | avoid routing loops. | |
56ab03c7 | 2092 | |
71c51aa4 | 2093 | <sect1>Supported standards |
c49e4a65 OZ |
2094 | <label id="bgp-standards"> |
2095 | ||
71c51aa4 | 2096 | <p> |
c49e4a65 OZ |
2097 | <itemize> |
2098 | <item> <rfc id="4271"> - Border Gateway Protocol 4 (BGP) | |
2099 | <item> <rfc id="1997"> - BGP Communities Attribute | |
2100 | <item> <rfc id="2385"> - Protection of BGP Sessions via TCP MD5 Signature | |
2101 | <item> <rfc id="2545"> - Use of BGP Multiprotocol Extensions for IPv6 | |
2102 | <item> <rfc id="2918"> - Route Refresh Capability | |
2103 | <item> <rfc id="3107"> - Carrying Label Information in BGP | |
2104 | <item> <rfc id="4360"> - BGP Extended Communities Attribute | |
2105 | <item> <rfc id="4364"> - BGP/MPLS IPv4 Virtual Private Networks | |
2106 | <item> <rfc id="4456"> - BGP Route Reflection | |
2107 | <item> <rfc id="4486"> - Subcodes for BGP Cease Notification Message | |
2108 | <item> <rfc id="4659"> - BGP/MPLS IPv6 Virtual Private Networks | |
2109 | <item> <rfc id="4724"> - Graceful Restart Mechanism for BGP | |
2110 | <item> <rfc id="4760"> - Multiprotocol extensions for BGP | |
2111 | <item> <rfc id="4798"> - Connecting IPv6 Islands over IPv4 MPLS | |
2112 | <item> <rfc id="5065"> - AS confederations for BGP | |
2113 | <item> <rfc id="5082"> - Generalized TTL Security Mechanism | |
2114 | <item> <rfc id="5492"> - Capabilities Advertisement with BGP | |
2115 | <item> <rfc id="5549"> - Advertising IPv4 NLRI with an IPv6 Next Hop | |
2116 | <item> <rfc id="5575"> - Dissemination of Flow Specification Rules | |
2117 | <item> <rfc id="5668"> - 4-Octet AS Specific BGP Extended Community | |
2118 | <item> <rfc id="6286"> - AS-Wide Unique BGP Identifier | |
2119 | <item> <rfc id="6608"> - Subcodes for BGP Finite State Machine Error | |
2120 | <item> <rfc id="6793"> - BGP Support for 4-Octet AS Numbers | |
2121 | <item> <rfc id="7313"> - Enhanced Route Refresh Capability for BGP | |
2122 | <item> <rfc id="7606"> - Revised Error Handling for BGP UPDATE Messages | |
2123 | <item> <rfc id="7911"> - Advertisement of Multiple Paths in BGP | |
2124 | <item> <rfc id="7947"> - Internet Exchange BGP Route Server | |
2125 | <item> <rfc id="8092"> - BGP Large Communities Attribute | |
7fc55925 | 2126 | <item> <rfc id="8203"> - BGP Administrative Shutdown Communication |
3831b619 | 2127 | <item> <rfc id="8212"> - Default EBGP Route Propagation Behavior without Policies |
c49e4a65 | 2128 | </itemize> |
5459fac6 | 2129 | |
371adba6 | 2130 | <sect1>Route selection rules |
b9864aa8 | 2131 | <label id="bgp-route-select-rules"> |
5459fac6 MM |
2132 | |
2133 | <p>BGP doesn't have any simple metric, so the rules for selection of an optimal | |
2134 | route among multiple BGP routes with the same preference are a bit more complex | |
dad92c30 OZ |
2135 | and they are implemented according to the following algorithm. It starts the |
2136 | first rule, if there are more "best" routes, then it uses the second rule to | |
2137 | choose among them and so on. | |
5459fac6 MM |
2138 | |
2139 | <itemize> | |
5a203dac | 2140 | <item>Prefer route with the highest Local Preference attribute. |
5459fac6 | 2141 | <item>Prefer route with the shortest AS path. |
b74f45f8 | 2142 | <item>Prefer IGP origin over EGP and EGP origin over incomplete. |
5459fac6 | 2143 | <item>Prefer the lowest value of the Multiple Exit Discriminator. |
b74f45f8 OZ |
2144 | <item>Prefer routes received via eBGP over ones received via iBGP. |
2145 | <item>Prefer routes with lower internal distance to a boundary router. | |
5a203dac | 2146 | <item>Prefer the route with the lowest value of router ID of the |
5459fac6 MM |
2147 | advertising router. |
2148 | </itemize> | |
56ab03c7 | 2149 | |
b74f45f8 | 2150 | <sect1>IGP routing table |
b9864aa8 | 2151 | <label id="bgp-igp-routing-table"> |
b74f45f8 | 2152 | |
dad92c30 OZ |
2153 | <p>BGP is mainly concerned with global network reachability and with routes to |
2154 | other autonomous systems. When such routes are redistributed to routers in the | |
2155 | AS via BGP, they contain IP addresses of a boundary routers (in route attribute | |
2156 | NEXT_HOP). BGP depends on existing IGP routing table with AS-internal routes to | |
2157 | determine immediate next hops for routes and to know their internal distances to | |
2158 | boundary routers for the purpose of BGP route selection. In BIRD, there is | |
2159 | usually one routing table used for both IGP routes and BGP routes. | |
b74f45f8 | 2160 | |
3e52d112 JMM |
2161 | <sect1>Protocol configuration |
2162 | <label id="bgp-proto-config"> | |
56ab03c7 | 2163 | |
dad92c30 OZ |
2164 | <p>Each instance of the BGP corresponds to one neighboring router. This allows |
2165 | to set routing policy and all the other parameters differently for each neighbor | |
2166 | using the following configuration parameters: | |
5459fac6 MM |
2167 | |
2168 | <descrip> | |
7a8ae228 | 2169 | <tag><label id="bgp-local">local [<m/ip/] [port <m/number/] [as <m/number/]</tag> |
dad92c30 OZ |
2170 | Define which AS we are part of. (Note that contrary to other IP routers, |
2171 | BIRD is able to act as a router located in multiple AS'es simultaneously, | |
2172 | but in such cases you need to tweak the BGP paths manually in the filters | |
2173 | to get consistent behavior.) Optional <cf/ip/ argument specifies a source | |
7a8ae228 | 2174 | address, equivalent to the <cf/source address/ option (see below). |
159d619c | 2175 | Optional <cf/port/ argument specifies the local BGP port instead of |
7a8ae228 OZ |
2176 | standard port 179. The parameter may be used multiple times with |
2177 | different sub-options (e.g., both <cf/local 10.0.0.1 as 65000;/ and | |
2178 | <cf/local 10.0.0.1; local as 65000;/ are valid). This parameter is | |
2179 | mandatory. | |
f3e59178 | 2180 | |
b9864aa8 | 2181 | <tag><label id="bgp-neighbor">neighbor [<m/ip/] [port <m/number/] [as <m/number/]</tag> |
dad92c30 | 2182 | Define neighboring router this instance will be talking to and what AS |
a1beb8f3 OZ |
2183 | it is located in. In case the neighbor is in the same AS as we are, we |
2184 | automatically switch to iBGP. Optionally, the remote port may also be | |
7a8ae228 OZ |
2185 | specified. Like <cf/local/ parameter, this parameter may also be used |
2186 | multiple times with different sub-options. This parameter is mandatory. | |
a1beb8f3 | 2187 | |
b9864aa8 | 2188 | <tag><label id="bgp-iface">interface <m/string/</tag> |
a1beb8f3 OZ |
2189 | Define interface we should use for link-local BGP IPv6 sessions. |
2190 | Interface can also be specified as a part of <cf/neighbor address/ | |
33b6c292 OZ |
2191 | (e.g., <cf/neighbor fe80::1234%eth0 as 65000;/). The option may also be |
2192 | used for non link-local sessions when it is necessary to explicitly | |
2193 | specify an interface, but only for direct (not multihop) sessions. | |
dad92c30 | 2194 | |
b9864aa8 | 2195 | <tag><label id="bgp-direct">direct</tag> |
dad92c30 OZ |
2196 | Specify that the neighbor is directly connected. The IP address of the |
2197 | neighbor must be from a directly reachable IP range (i.e. associated | |
2198 | with one of your router's interfaces), otherwise the BGP session | |
2199 | wouldn't start but it would wait for such interface to appear. The | |
2200 | alternative is the <cf/multihop/ option. Default: enabled for eBGP. | |
2201 | ||
b9864aa8 | 2202 | <tag><label id="bgp-multihop">multihop [<m/number/]</tag> |
dad92c30 OZ |
2203 | Configure multihop BGP session to a neighbor that isn't directly |
2204 | connected. Accurately, this option should be used if the configured | |
2205 | neighbor IP address does not match with any local network subnets. Such | |
2206 | IP address have to be reachable through system routing table. The | |
2207 | alternative is the <cf/direct/ option. For multihop BGP it is | |
2208 | recommended to explicitly configure the source address to have it | |
2209 | stable. Optional <cf/number/ argument can be used to specify the number | |
2210 | of hops (used for TTL). Note that the number of networks (edges) in a | |
2211 | path is counted; i.e., if two BGP speakers are separated by one router, | |
2212 | the number of hops is 2. Default: enabled for iBGP. | |
2213 | ||
b9864aa8 | 2214 | <tag><label id="bgp-source-address">source address <m/ip/</tag> |
dad92c30 OZ |
2215 | Define local address we should use for next hop calculation and as a |
2216 | source address for the BGP session. Default: the address of the local | |
9be9a264 OZ |
2217 | end of the interface our neighbor is connected to. |
2218 | ||
82f42ea0 OZ |
2219 | <tag><label id="bgp-strict-bind">strict bind <m/switch/</tag> |
2220 | Specify whether BGP listening socket should be bound to a specific local | |
2221 | address (the same as the <cf/source address/) and associated interface, | |
2222 | or to all addresses. Binding to a specific address could be useful in | |
2223 | cases like running multiple BIRD instances on a machine, each using its | |
2224 | IP address. Note that listening sockets bound to a specific address and | |
2225 | to all addresses collide, therefore either all BGP protocols (of the | |
2226 | same address family and using the same local port) should have set | |
2227 | <cf/strict bind/, or none of them. Default: disabled. | |
2228 | ||
b9864aa8 | 2229 | <tag><label id="bgp-check-link">check link <M>switch</M></tag> |
523f020b OZ |
2230 | BGP could use hardware link state into consideration. If enabled, |
2231 | BIRD tracks the link state of the associated interface and when link | |
2232 | disappears (e.g. an ethernet cable is unplugged), the BGP session is | |
2233 | immediately shut down. Note that this option cannot be used with | |
cf3e3845 | 2234 | multihop BGP. Default: enabled for direct BGP, disabled otherwise. |
523f020b | 2235 | |
5bd73431 | 2236 | <tag><label id="bgp-bfd">bfd <M>switch</M>|graceful</tag> |
1ec52253 OZ |
2237 | BGP could use BFD protocol as an advisory mechanism for neighbor |
2238 | liveness and failure detection. If enabled, BIRD setups a BFD session | |
2239 | for the BGP neighbor and tracks its liveness by it. This has an | |
2240 | advantage of an order of magnitude lower detection times in case of | |
5bd73431 OZ |
2241 | failure. When a neighbor failure is detected, the BGP session is |
2242 | restarted. Optionally, it can be configured (by <cf/graceful/ argument) | |
2243 | to trigger graceful restart instead of regular restart. Note that BFD | |
2244 | protocol also has to be configured, see <ref id="bfd" name="BFD"> | |
2245 | section for details. Default: disabled. | |
1ec52253 | 2246 | |
b9864aa8 | 2247 | <tag><label id="bgp-ttl-security">ttl security <m/switch/</tag> |
7935b9d2 PT |
2248 | Use GTSM (<rfc id="5082"> - the generalized TTL security mechanism). GTSM |
2249 | protects against spoofed packets by ignoring received packets with a | |
dad92c30 | 2250 | smaller than expected TTL. To work properly, GTSM have to be enabled on |
7935b9d2 PT |
2251 | both sides of a BGP session. If both <cf/ttl security/ and |
2252 | <cf/multihop/ options are enabled, <cf/multihop/ option should specify | |
2253 | proper hop value to compute expected TTL. Kernel support required: | |
2254 | Linux: 2.6.34+ (IPv4), 2.6.35+ (IPv6), BSD: since long ago, IPv4 only. | |
2255 | Note that full (ICMP protection, for example) <rfc id="5082"> support is | |
2256 | provided by Linux only. Default: disabled. | |
523f020b | 2257 | |
82f42ea0 | 2258 | <tag><label id="bgp-password">password <m/string/</tag> |
7935b9d2 PT |
2259 | Use this password for MD5 authentication of BGP sessions (<rfc id="2385">). When |
2260 | used on BSD systems, see also <cf/setkey/ option below. Default: no | |
2261 | authentication. | |
a7baa098 | 2262 | |
b9864aa8 | 2263 | <tag><label id="bgp-setkey">setkey <m/switch/</tag> |
a7baa098 OZ |
2264 | On BSD systems, keys for TCP MD5 authentication are stored in the global |
2265 | SA/SP database, which can be accessed by external utilities (e.g. | |
2266 | setkey(8)). BIRD configures security associations in the SA/SP database | |
2267 | automatically based on <cf/password/ options (see above), this option | |
2268 | allows to disable automatic updates by BIRD when manual configuration by | |
2269 | external utilities is preferred. Note that automatic SA/SP database | |
2270 | updates are currently implemented only for FreeBSD. Passwords have to be | |
2271 | set manually by an external utility on NetBSD and OpenBSD. Default: | |
2272 | enabled (ignored on non-FreeBSD). | |
dad92c30 | 2273 | |
b9864aa8 | 2274 | <tag><label id="bgp-passive">passive <m/switch/</tag> |
dad92c30 | 2275 | Standard BGP behavior is both initiating outgoing connections and |
7935b9d2 | 2276 | accepting incoming connections. In passive mode, outgoing connections |
dad92c30 OZ |
2277 | are not initiated. Default: off. |
2278 | ||
5509e17d OZ |
2279 | <tag><label id="bgp-confederation">confederation <m/number/</tag> |
2280 | BGP confederations (<rfc id="5065">) are collections of autonomous | |
2281 | systems that act as one entity to external systems, represented by one | |
2282 | confederation identifier (instead of AS numbers). This option allows to | |
2283 | enable BGP confederation behavior and to specify the local confederation | |
2284 | identifier. When BGP confederations are used, all BGP speakers that are | |
2285 | members of the BGP confederation should have the same confederation | |
2286 | identifier configured. Default: 0 (no confederation). | |
2287 | ||
2288 | <tag><label id="bgp-confederation-member">confederation member <m/switch/</tag> | |
2289 | When BGP confederations are used, this option allows to specify whether | |
2290 | the BGP neighbor is a member of the same confederation as the local BGP | |
2291 | speaker. The option is unnecessary (and ignored) for IBGP sessions, as | |
2292 | the same AS number implies the same confederation. Default: no. | |
2293 | ||
b9864aa8 | 2294 | <tag><label id="bgp-rr-client">rr client</tag> |
dad92c30 OZ |
2295 | Be a route reflector and treat the neighbor as a route reflection |
2296 | client. Default: disabled. | |
2297 | ||
b9864aa8 | 2298 | <tag><label id="bgp-rr-cluster-id">rr cluster id <m/IPv4 address/</tag> |
dad92c30 OZ |
2299 | Route reflectors use cluster id to avoid route reflection loops. When |
2300 | there is one route reflector in a cluster it usually uses its router id | |
2301 | as a cluster id, but when there are more route reflectors in a cluster, | |
2302 | these need to be configured (using this option) to use a common cluster | |
2303 | id. Clients in a cluster need not know their cluster id and this option | |
2304 | is not allowed for them. Default: the same as router id. | |
2305 | ||
b9864aa8 | 2306 | <tag><label id="bgp-rs-client">rs client</tag> |
dad92c30 OZ |
2307 | Be a route server and treat the neighbor as a route server client. |
2308 | A route server is used as a replacement for full mesh EBGP routing in | |
2309 | Internet exchange points in a similar way to route reflectors used in | |
7935b9d2 PT |
2310 | IBGP routing. BIRD does not implement obsoleted <rfc id="1863">, but |
2311 | uses ad-hoc implementation, which behaves like plain EBGP but reduces | |
dad92c30 | 2312 | modifications to advertised route attributes to be transparent (for |
7935b9d2 PT |
2313 | example does not prepend its AS number to AS PATH attribute and |
2314 | keeps MED attribute). Default: disabled. | |
dad92c30 | 2315 | |
1950a479 OZ |
2316 | <tag><label id="bgp-allow-local-pref">allow bgp_local_pref <m/switch/</tag> |
2317 | A standard BGP implementation do not send the Local Preference attribute | |
2318 | to eBGP neighbors and ignore this attribute if received from eBGP | |
2319 | neighbors, as per <rfc id="4271">. When this option is enabled on an | |
2320 | eBGP session, this attribute will be sent to and accepted from the peer, | |
2321 | which is useful for example if you have a setup like in <rfc id="7938">. | |
2322 | The option does not affect iBGP sessions. Default: off. | |
2323 | ||
b9864aa8 | 2324 | <tag><label id="bgp-allow-local-as">allow local as [<m/number/]</tag> |
dad92c30 OZ |
2325 | BGP prevents routing loops by rejecting received routes with the local |
2326 | AS number in the AS path. This option allows to loose or disable the | |
2327 | check. Optional <cf/number/ argument can be used to specify the maximum | |
2328 | number of local ASNs in the AS path that is allowed for received | |
2329 | routes. When the option is used without the argument, the check is | |
2330 | completely disabled and you should ensure loop-free behavior by some | |
2331 | other means. Default: 0 (no local AS number allowed). | |
2332 | ||
b9864aa8 | 2333 | <tag><label id="bgp-enable-route-refresh">enable route refresh <m/switch/</tag> |
9aed29e6 OZ |
2334 | After the initial route exchange, BGP protocol uses incremental updates |
2335 | to keep BGP speakers synchronized. Sometimes (e.g., if BGP speaker | |
2336 | changes its import filter, or if there is suspicion of inconsistency) it | |
2337 | is necessary to do a new complete route exchange. BGP protocol extension | |
7935b9d2 PT |
2338 | Route Refresh (<rfc id="2918">) allows BGP speaker to request |
2339 | re-advertisement of all routes from its neighbor. BGP protocol | |
2340 | extension Enhanced Route Refresh (<rfc id="7313">) specifies explicit | |
2341 | begin and end for such exchanges, therefore the receiver can remove | |
2342 | stale routes that were not advertised during the exchange. This option | |
2343 | specifies whether BIRD advertises these capabilities and supports | |
2344 | related procedures. Note that even when disabled, BIRD can send route | |
2345 | refresh requests. Default: on. | |
bf47fe4b | 2346 | |
7fc55925 OZ |
2347 | <tag><label id="bgp-graceful-restart">graceful restart <m/switch/|aware</tag> |
2348 | When a BGP speaker restarts or crashes, neighbors will discard all | |
2349 | received paths from the speaker, which disrupts packet forwarding even | |
2350 | when the forwarding plane of the speaker remains intact. <rfc id="4724"> | |
2351 | specifies an optional graceful restart mechanism to alleviate this | |
2352 | issue. This option controls the mechanism. It has three states: | |
2353 | Disabled, when no support is provided. Aware, when the graceful restart | |
2354 | support is announced and the support for restarting neighbors is | |
2355 | provided, but no local graceful restart is allowed (i.e. receiving-only | |
2356 | role). Enabled, when the full graceful restart support is provided | |
2357 | (i.e. both restarting and receiving role). Restarting role could be also | |
2358 | configured per-channel. Note that proper support for local graceful | |
2359 | restart requires also configuration of other protocols. Default: aware. | |
2360 | ||
b9864aa8 | 2361 | <tag><label id="bgp-graceful-restart-time">graceful restart time <m/number/</tag> |
6eda3f13 OZ |
2362 | The restart time is announced in the BGP graceful restart capability |
2363 | and specifies how long the neighbor would wait for the BGP session to | |
2364 | re-establish after a restart before deleting stale routes. Default: | |
2365 | 120 seconds. | |
2366 | ||
5bd73431 OZ |
2367 | <tag><label id="bgp-long-lived-graceful-restart">long lived graceful restart <m/switch/|aware</tag> |
2368 | The long-lived graceful restart is an extension of the traditional | |
2369 | <ref id="bgp-graceful-restart" name="BGP graceful restart">, where stale | |
2370 | routes are kept even after the <ref id="bgp-graceful-restart-time" | |
2371 | name="restart time"> expires for additional long-lived stale time, but | |
2372 | they are marked with the LLGR_STALE community, depreferenced, and | |
2373 | withdrawn from routers not supporting LLGR. Like traditional BGP | |
2374 | graceful restart, it has three states: disabled, aware (receiving-only), | |
2375 | and enabled. Note that long-lived graceful restart requires at least | |
2376 | aware level of traditional BGP graceful restart. Default: aware, unless | |
2377 | graceful restart is disabled. | |
2378 | ||
2379 | <tag><label id="bgp-long-lived-stale-time">long lived stale time <m/number/</tag> | |
2380 | The long-lived stale time is announced in the BGP long-lived graceful | |
2381 | restart capability and specifies how long the neighbor would keep stale | |
2382 | routes depreferenced during long-lived graceful restart until either the | |
2383 | session is re-stablished and synchronized or the stale time expires and | |
2384 | routes are removed. Default: 3600 seconds. | |
2385 | ||
b9864aa8 | 2386 | <tag><label id="bgp-interpret-communities">interpret communities <m/switch/</tag> |
7935b9d2 PT |
2387 | <rfc id="1997"> demands that BGP speaker should process well-known |
2388 | communities like no-export (65535, 65281) or no-advertise (65535, | |
2389 | 65282). For example, received route carrying a no-adverise community | |
2390 | should not be advertised to any of its neighbors. If this option is | |
2391 | enabled (which is by default), BIRD has such behavior automatically (it | |
2392 | is evaluated when a route is exported to the BGP protocol just before | |
2393 | the export filter). Otherwise, this integrated processing of | |
2394 | well-known communities is disabled. In that case, similar behavior can | |
2395 | be implemented in the export filter. Default: on. | |
dad92c30 | 2396 | |
b9864aa8 | 2397 | <tag><label id="bgp-enable-as4">enable as4 <m/switch/</tag> |
dad92c30 OZ |
2398 | BGP protocol was designed to use 2B AS numbers and was extended later to |
2399 | allow 4B AS number. BIRD supports 4B AS extension, but by disabling this | |
2400 | option it can be persuaded not to advertise it and to maintain old-style | |
2401 | sessions with its neighbors. This might be useful for circumventing bugs | |
2402 | in neighbor's implementation of 4B AS extension. Even when disabled | |
2403 | (off), BIRD behaves internally as AS4-aware BGP router. Default: on. | |
2404 | ||
b9864aa8 | 2405 | <tag><label id="bgp-enable-extended-messages">enable extended messages <m/switch/</tag> |
79a4f74a PT |
2406 | The BGP protocol uses maximum message length of 4096 bytes. This option |
2407 | provides an extension to allow extended messages with length up | |
2408 | to 65535 bytes. Default: off. | |
2409 | ||
b9864aa8 | 2410 | <tag><label id="bgp-capabilities">capabilities <m/switch/</tag> |
dad92c30 OZ |
2411 | Use capability advertisement to advertise optional capabilities. This is |
2412 | standard behavior for newer BGP implementations, but there might be some | |
2413 | older BGP implementations that reject such connection attempts. When | |
2414 | disabled (off), features that request it (4B AS support) are also | |
2415 | disabled. Default: on, with automatic fallback to off when received | |
2416 | capability-related error. | |
2417 | ||
b9864aa8 | 2418 | <tag><label id="bgp-advertise-ipv4">advertise ipv4 <m/switch/</tag> |
dad92c30 | 2419 | Advertise IPv4 multiprotocol capability. This is not a correct behavior |
7935b9d2 PT |
2420 | according to the strict interpretation of <rfc id="4760">, but it is |
2421 | widespread and required by some BGP implementations (Cisco and Quagga). | |
2422 | This option is relevant to IPv4 mode with enabled capability | |
2423 | advertisement only. Default: on. | |
dad92c30 | 2424 | |
b9864aa8 | 2425 | <tag><label id="bgp-disable-after-error">disable after error <m/switch/</tag> |
dad92c30 OZ |
2426 | When an error is encountered (either locally or by the other side), |
2427 | disable the instance automatically and wait for an administrator to fix | |
2428 | the problem manually. Default: off. | |
2429 | ||
c408d807 OZ |
2430 | <tag><label id="bgp-disable-after-cease">disable after cease <m/switch/|<m/set-of-flags/</tag> |
2431 | When a Cease notification is received, disable the instance | |
2432 | automatically and wait for an administrator to fix the problem manually. | |
2433 | When used with <m/switch/ argument, it means handle every Cease subtype | |
2434 | with the exception of <cf/connection collision/. Default: off. | |
2435 | ||
2436 | The <m/set-of-flags/ allows to narrow down relevant Cease subtypes. The | |
2437 | syntax is <cf>{<m/flag/ [, <m/.../] }</cf>, where flags are: <cf/cease/, | |
2438 | <cf/prefix limit hit/, <cf/administrative shutdown/, | |
2439 | <cf/peer deconfigured/, <cf/administrative reset/, | |
2440 | <cf/connection rejected/, <cf/configuration change/, | |
2441 | <cf/connection collision/, <cf/out of resources/. | |
2442 | ||
b9864aa8 | 2443 | <tag><label id="bgp-hold-time">hold time <m/number/</tag> |
dad92c30 OZ |
2444 | Time in seconds to wait for a Keepalive message from the other side |
2445 | before considering the connection stale. Default: depends on agreement | |
2446 | with the neighboring router, we prefer 240 seconds if the other side is | |
2447 | willing to accept it. | |
2448 | ||
b9864aa8 | 2449 | <tag><label id="bgp-startup-hold-time">startup hold time <m/number/</tag> |
dad92c30 OZ |
2450 | Value of the hold timer used before the routers have a chance to exchange |
2451 | open messages and agree on the real value. Default: 240 seconds. | |
2452 | ||
b9864aa8 | 2453 | <tag><label id="bgp-keepalive-time">keepalive time <m/number/</tag> |
dad92c30 OZ |
2454 | Delay in seconds between sending of two consecutive Keepalive messages. |
2455 | Default: One third of the hold time. | |
2456 | ||
b9864aa8 | 2457 | <tag><label id="bgp-connect-delay-time">connect delay time <m/number/</tag> |
6cf72d7a OZ |
2458 | Delay in seconds between protocol startup and the first attempt to |
2459 | connect. Default: 5 seconds. | |
2460 | ||
b9864aa8 | 2461 | <tag><label id="bgp-connect-retry-time">connect retry time <m/number/</tag> |
dad92c30 OZ |
2462 | Time in seconds to wait before retrying a failed attempt to connect. |
2463 | Default: 120 seconds. | |
2464 | ||
b9864aa8 | 2465 | <tag><label id="bgp-error-wait-time">error wait time <m/number/,<m/number/</tag> |
dad92c30 OZ |
2466 | Minimum and maximum delay in seconds between a protocol failure (either |
2467 | local or reported by the peer) and automatic restart. Doesn't apply | |
2468 | when <cf/disable after error/ is configured. If consecutive errors | |
2469 | happen, the delay is increased exponentially until it reaches the | |
2470 | maximum. Default: 60, 300. | |
2471 | ||
b9864aa8 | 2472 | <tag><label id="bgp-error-forget-time">error forget time <m/number/</tag> |
dad92c30 OZ |
2473 | Maximum time in seconds between two protocol failures to treat them as a |
2474 | error sequence which makes <cf/error wait time/ increase exponentially. | |
2475 | Default: 300 seconds. | |
2476 | ||
b9864aa8 | 2477 | <tag><label id="bgp-path-metric">path metric <m/switch/</tag> |
dad92c30 OZ |
2478 | Enable comparison of path lengths when deciding which BGP route is the |
2479 | best one. Default: on. | |
2480 | ||
b9864aa8 | 2481 | <tag><label id="bgp-med-metric">med metric <m/switch/</tag> |
dad92c30 OZ |
2482 | Enable comparison of MED attributes (during best route selection) even |
2483 | between routes received from different ASes. This may be useful if all | |
2484 | MED attributes contain some consistent metric, perhaps enforced in | |
2485 | import filters of AS boundary routers. If this option is disabled, MED | |
2486 | attributes are compared only if routes are received from the same AS | |
2487 | (which is the standard behavior). Default: off. | |
2488 | ||
3e52d112 JMM |
2489 | <tag><label id="bgp-deterministic-med">deterministic med <m/switch/</tag> |
2490 | BGP route selection algorithm is often viewed as a comparison between | |
2491 | individual routes (e.g. if a new route appears and is better than the | |
2492 | current best one, it is chosen as the new best one). But the proper | |
2493 | route selection, as specified by <rfc id="4271">, cannot be fully | |
2494 | implemented in that way. The problem is mainly in handling the MED | |
2495 | attribute. BIRD, by default, uses an simplification based on individual | |
2496 | route comparison, which in some cases may lead to temporally dependent | |
2497 | behavior (i.e. the selection is dependent on the order in which routes | |
2498 | appeared). This option enables a different (and slower) algorithm | |
2499 | implementing proper <rfc id="4271"> route selection, which is | |
2500 | deterministic. Alternative way how to get deterministic behavior is to | |
2501 | use <cf/med metric/ option. This option is incompatible with <ref | |
2502 | id="dsc-table-sorted" name="sorted tables">. Default: off. | |
2503 | ||
2504 | <tag><label id="bgp-igp-metric">igp metric <m/switch/</tag> | |
2505 | Enable comparison of internal distances to boundary routers during best | |
cf3e3845 | 2506 | route selection. Default: on. |
3e52d112 JMM |
2507 | |
2508 | <tag><label id="bgp-prefer-older">prefer older <m/switch/</tag> | |
2509 | Standard route selection algorithm breaks ties by comparing router IDs. | |
2510 | This changes the behavior to prefer older routes (when both are external | |
2511 | and from different peer). For details, see <rfc id="5004">. Default: off. | |
2512 | ||
2513 | <tag><label id="bgp-default-med">default bgp_med <m/number/</tag> | |
2514 | Value of the Multiple Exit Discriminator to be used during route | |
2515 | selection when the MED attribute is missing. Default: 0. | |
2516 | ||
2517 | <tag><label id="bgp-default-local-pref">default bgp_local_pref <m/number/</tag> | |
2518 | A default value for the Local Preference attribute. It is used when | |
2519 | a new Local Preference attribute is attached to a route by the BGP | |
2520 | protocol itself (for example, if a route is received through eBGP and | |
2521 | therefore does not have such attribute). Default: 100 (0 in pre-1.2.0 | |
2522 | versions of BIRD). | |
2523 | </descrip> | |
2524 | ||
2525 | <sect1>Channel configuration | |
2526 | <label id="bgp-channel-config"> | |
2527 | ||
2528 | <p>BGP supports several AFIs and SAFIs over one connection. Every AFI/SAFI | |
2529 | announced to the peer corresponds to one channel. The table of supported AFI/SAFIs | |
2530 | together with their appropriate channels follows. | |
2531 | ||
71c51aa4 | 2532 | <table loc="h"> |
3e52d112 JMM |
2533 | <tabular ca="l|l|l|r|r"> |
2534 | <bf/Channel name/ | <bf/Table nettype/ | <bf/IGP table allowed/ | <bf/AFI/ | <bf/SAFI/ | |
71c51aa4 | 2535 | @<hline> |
3e52d112 JMM |
2536 | <cf/ipv4/ | <cf/ipv4/ | <cf/ipv4/ and <cf/ipv6/ | 1 | 1 |
2537 | @ <cf/ipv6/ | <cf/ipv6/ | <cf/ipv4/ and <cf/ipv6/ | 2 | 1 | |
2538 | @ <cf/ipv4 multicast/ | <cf/ipv4/ | <cf/ipv4/ and <cf/ipv6/ | 1 | 2 | |
2539 | @ <cf/ipv6 multicast/ | <cf/ipv6/ | <cf/ipv4/ and <cf/ipv6/ | 2 | 2 | |
2540 | @ <cf/ipv4 mpls/ | <cf/ipv4/ | <cf/ipv4/ and <cf/ipv6/ | 1 | 4 | |
2541 | @ <cf/ipv6 mpls/ | <cf/ipv6/ | <cf/ipv4/ and <cf/ipv6/ | 2 | 4 | |
2542 | @ <cf/vpn4 mpls/ | <cf/vpn4/ | <cf/ipv4/ and <cf/ipv6/ | 1 | 128 | |
2543 | @ <cf/vpn6 mpls/ | <cf/vpn6/ | <cf/ipv4/ and <cf/ipv6/ | 2 | 128 | |
2544 | @ <cf/vpn4 multicast/ | <cf/vpn4/ | <cf/ipv4/ and <cf/ipv6/ | 1 | 129 | |
2545 | @ <cf/vpn6 multicast/ | <cf/vpn6/ | <cf/ipv4/ and <cf/ipv6/ | 2 | 129 | |
2546 | @ <cf/flow4/ | <cf/flow4/ | --- | 1 | 133 | |
2547 | @ <cf/flow6/ | <cf/flow6/ | --- | 2 | 133 | |
2548 | </tabular> | |
71c51aa4 | 2549 | </table> |
3e52d112 | 2550 | |
3831b619 OZ |
2551 | <p>Due to <rfc id="8212">, external BGP protocol requires explicit configuration |
2552 | of import and export policies (in contrast to other protocols, where default | |
2553 | policies of <cf/import all/ and <cf/export none/ are used in absence of explicit | |
2554 | configuration). Note that blanket policies like <cf/all/ or <cf/none/ can still | |
2555 | be used in explicit configuration. | |
2556 | ||
72163bd5 | 2557 | <p>BGP channels have additional config options (together with the common ones): |
3e52d112 JMM |
2558 | |
2559 | <descrip> | |
2560 | <tag><label id="bgp-next-hop-keep">next hop keep</tag> | |
2561 | Forward the received Next Hop attribute even in situations where the | |
2562 | local address should be used instead, like when the route is sent to an | |
2563 | interface with a different subnet. Default: disabled. | |
2564 | ||
2565 | <tag><label id="bgp-next-hop-self">next hop self</tag> | |
2566 | Avoid calculation of the Next Hop attribute and always advertise our own | |
2567 | source address as a next hop. This needs to be used only occasionally to | |
2568 | circumvent misconfigurations of other routers. Default: disabled. | |
2569 | ||
2570 | <tag><label id="bgp-next-hop-address">next hop address <m/ip/</tag> | |
2571 | Avoid calculation of the Next Hop attribute and always advertise this address | |
2572 | as a next hop. | |
2573 | ||
2574 | <tag><label id="bgp-missing-lladdr">missing lladdr self|drop|ignore</tag> | |
2575 | Next Hop attribute in BGP-IPv6 sometimes contains just the global IPv6 | |
2576 | address, but sometimes it has to contain both global and link-local IPv6 | |
2577 | addresses. This option specifies what to do if BIRD have to send both | |
2578 | addresses but does not know link-local address. This situation might | |
2579 | happen when routes from other protocols are exported to BGP, or when | |
2580 | improper updates are received from BGP peers. <cf/self/ means that BIRD | |
2581 | advertises its own local address instead. <cf/drop/ means that BIRD | |
2582 | skips that prefixes and logs error. <cf/ignore/ means that BIRD ignores | |
2583 | the problem and sends just the global address (and therefore forms | |
2584 | improper BGP update). Default: <cf/self/, unless BIRD is configured as a | |
2585 | route server (option <cf/rs client/), in that case default is <cf/ignore/, | |
2586 | because route servers usually do not forward packets themselves. | |
2587 | ||
2588 | <tag><label id="bgp-gateway">gateway direct|recursive</tag> | |
2589 | For received routes, their <cf/gw/ (immediate next hop) attribute is | |
2590 | computed from received <cf/bgp_next_hop/ attribute. This option | |
2591 | specifies how it is computed. Direct mode means that the IP address from | |
2592 | <cf/bgp_next_hop/ is used if it is directly reachable, otherwise the | |
2593 | neighbor IP address is used. Recursive mode means that the gateway is | |
2594 | computed by an IGP routing table lookup for the IP address from | |
2595 | <cf/bgp_next_hop/. Note that there is just one level of indirection in | |
2596 | recursive mode - the route obtained by the lookup must not be recursive | |
2597 | itself, to prevent mutually recursive routes. | |
2598 | ||
2599 | Recursive mode is the behavior specified by the BGP | |
2600 | standard. Direct mode is simpler, does not require any routes in a | |
2601 | routing table, and was used in older versions of BIRD, but does not | |
2602 | handle well nontrivial iBGP setups and multihop. Recursive mode is | |
2603 | incompatible with <ref id="dsc-table-sorted" name="sorted tables">. Default: | |
2604 | <cf/direct/ for direct sessions, <cf/recursive/ for multihop sessions. | |
be4cd99a | 2605 | |
3e52d112 JMM |
2606 | <tag><label id="bgp-igp-table">igp table <m/name/</tag> |
2607 | Specifies a table that is used as an IGP routing table. The type of this | |
2608 | table must be as allowed in the table above. This option is allowed once | |
2609 | for every allowed table type. Default: the same as the main table | |
2610 | the channel is connected to (if eligible). | |
dad92c30 | 2611 | |
9e92f357 OZ |
2612 | <tag><label id="bgp-import-table">import table <m/switch/</tag> |
2613 | A BGP import table contain all received routes from given BGP neighbor, | |
2614 | before application of import filters. It is also called <em/Adj-RIB-In/ | |
2615 | in BGP terminology. BIRD BGP by default operates without import tables, | |
2616 | in which case received routes are just processed by import filters, | |
2617 | accepted ones are stored in the master table, and the rest is forgotten. | |
2618 | Enabling <cf/import table/ allows to store unprocessed routes, which can | |
2619 | be examined later by <cf/show route/, and can be used to reconfigure | |
2620 | import filters without full route refresh. Default: off. | |
2621 | ||
3e52d112 JMM |
2622 | <tag><label id="bgp-secondary">secondary <m/switch/</tag> |
2623 | Usually, if an export filter rejects a selected route, no other route is | |
2624 | propagated for that network. This option allows to try the next route in | |
2625 | order until one that is accepted is found or all routes for that network | |
2626 | are rejected. This can be used for route servers that need to propagate | |
2627 | different tables to each client but do not want to have these tables | |
2628 | explicitly (to conserve memory). This option requires that the connected | |
2629 | routing table is <ref id="dsc-table-sorted" name="sorted">. Default: off. | |
dad92c30 | 2630 | |
a63d20aa OZ |
2631 | <tag><label id="bgp-extended-next-hop">extended next hop <m/switch/</tag> |
2632 | BGP expects that announced next hops have the same address family as | |
2633 | associated network prefixes. This option provides an extension to use | |
2634 | IPv4 next hops with IPv6 prefixes and vice versa. For IPv4 / VPNv4 | |
2635 | channels, the behavior is controlled by the Extended Next Hop Encoding | |
2636 | capability, as described in <rfc id="5549">. For IPv6 / VPNv6 channels, | |
2637 | just IPv4-mapped IPv6 addresses are used, as described in | |
2638 | <rfc id="4798"> and <rfc id="4659">. Default: off. | |
2639 | ||
3e52d112 JMM |
2640 | <tag><label id="bgp-add-paths">add paths <m/switch/|rx|tx</tag> |
2641 | Standard BGP can propagate only one path (route) per destination network | |
2642 | (usually the selected one). This option controls the add-path protocol | |
2643 | extension, which allows to advertise any number of paths to a | |
2644 | destination. Note that to be active, add-path has to be enabled on both | |
2645 | sides of the BGP session, but it could be enabled separately for RX and | |
2646 | TX direction. When active, all available routes accepted by the export | |
2647 | filter are advertised to the neighbor. Default: off. | |
dad92c30 | 2648 | |
7fc55925 OZ |
2649 | <tag><label id="bgp-graceful-restart-c">graceful restart <m/switch/</tag> |
2650 | Although BGP graceful restart is configured mainly by protocol-wide | |
2651 | <ref id="bgp-graceful-restart" name="options">, it is possible to | |
2652 | configure restarting role per AFI/SAFI pair by this channel option. | |
2653 | The option is ignored if graceful restart is disabled by protocol-wide | |
2654 | option. Default: off in aware mode, on in full mode. | |
5bd73431 OZ |
2655 | |
2656 | <tag><label id="bgp-long-lived-graceful-restart-c">long lived graceful restart <m/switch/</tag> | |
2657 | BGP long-lived graceful restart is configured mainly by protocol-wide | |
2658 | <ref id="bgp-long-lived-graceful-restart" name="options">, but the | |
2659 | restarting role can be set per AFI/SAFI pair by this channel option. | |
2660 | The option is ignored if long-lived graceful restart is disabled by | |
2661 | protocol-wide option. Default: off in aware mode, on in full mode. | |
2662 | ||
2663 | <tag><label id="bgp-long-lived-stale-time-c">long lived stale time <m/number/</tag> | |
2664 | Like previous graceful restart channel options, this option allows to | |
2665 | set <ref id="bgp-long-lived-stale-time" name="long lived stale time"> | |
2666 | per AFI/SAFI pair instead of per protocol. Default: set by protocol-wide | |
2667 | option. | |
5459fac6 MM |
2668 | </descrip> |
2669 | ||
371adba6 | 2670 | <sect1>Attributes |
b9864aa8 | 2671 | <label id="bgp-attr"> |
56ab03c7 | 2672 | |
dad92c30 OZ |
2673 | <p>BGP defines several route attributes. Some of them (those marked with |
2674 | `<tt/I/' in the table below) are available on internal BGP connections only, | |
2675 | some of them (marked with `<tt/O/') are optional. | |
5459fac6 MM |
2676 | |
2677 | <descrip> | |
157f6c2a | 2678 | <tag><label id="rta-bgp-path">bgppath bgp_path</tag> |
dad92c30 OZ |
2679 | Sequence of AS numbers describing the AS path the packet will travel |
2680 | through when forwarded according to the particular route. In case of | |
2681 | internal BGP it doesn't contain the number of the local AS. | |
2682 | ||
157f6c2a | 2683 | <tag><label id="rta-bgp-local-pref">int bgp_local_pref [I]</tag> |
dad92c30 OZ |
2684 | Local preference value used for selection among multiple BGP routes (see |
2685 | the selection rules above). It's used as an additional metric which is | |
2686 | propagated through the whole local AS. | |
2687 | ||
157f6c2a | 2688 | <tag><label id="rta-bgp-med">int bgp_med [O]</tag> |
dad92c30 OZ |
2689 | The Multiple Exit Discriminator of the route is an optional attribute |
2690 | which is used on external (inter-AS) links to convey to an adjacent AS | |
2691 | the optimal entry point into the local AS. The received attribute is | |
2692 | also propagated over internal BGP links. The attribute value is zeroed | |
2693 | when a route is exported to an external BGP instance to ensure that the | |
2694 | attribute received from a neighboring AS is not propagated to other | |
2695 | neighboring ASes. A new value might be set in the export filter of an | |
7935b9d2 PT |
2696 | external BGP instance. See <rfc id="4451"> for further discussion of |
2697 | BGP MED attribute. | |
5a203dac | 2698 | |
157f6c2a | 2699 | <tag><label id="rta-bgp-origin">enum bgp_origin</tag> |
dad92c30 OZ |
2700 | Origin of the route: either <cf/ORIGIN_IGP/ if the route has originated |
2701 | in an interior routing protocol or <cf/ORIGIN_EGP/ if it's been imported | |
2702 | from the <tt>EGP</tt> protocol (nowadays it seems to be obsolete) or | |
2703 | <cf/ORIGIN_INCOMPLETE/ if the origin is unknown. | |
5a203dac | 2704 | |
157f6c2a | 2705 | <tag><label id="rta-bgp-next-hop">ip bgp_next_hop</tag> |
dad92c30 OZ |
2706 | Next hop to be used for forwarding of packets to this destination. On |
2707 | internal BGP connections, it's an address of the originating router if | |
2708 | it's inside the local AS or a boundary router the packet will leave the | |
2709 | AS through if it's an exterior route, so each BGP speaker within the AS | |
2710 | has a chance to use the shortest interior path possible to this point. | |
5a203dac | 2711 | |
157f6c2a | 2712 | <tag><label id="rta-bgp-atomic-aggr">void bgp_atomic_aggr [O]</tag> |
dad92c30 OZ |
2713 | This is an optional attribute which carries no value, but the sole |
2714 | presence of which indicates that the route has been aggregated from | |
2715 | multiple routes by some router on the path from the originator. | |
5a203dac | 2716 | |
5459fac6 MM |
2717 | <!-- we don't handle aggregators right since they are of a very obscure type |
2718 | <tag>bgp_aggregator</tag> | |
2719 | --> | |
157f6c2a | 2720 | <tag><label id="rta-bgp-community">clist bgp_community [O]</tag> |
dad92c30 OZ |
2721 | List of community values associated with the route. Each such value is a |
2722 | pair (represented as a <cf/pair/ data type inside the filters) of 16-bit | |
2723 | integers, the first of them containing the number of the AS which | |
2724 | defines the community and the second one being a per-AS identifier. | |
2725 | There are lots of uses of the community mechanism, but generally they | |
2726 | are used to carry policy information like "don't export to USA peers". | |
2727 | As each AS can define its own routing policy, it also has a complete | |
2728 | freedom about which community attributes it defines and what will their | |
2729 | semantics be. | |
2730 | ||
157f6c2a | 2731 | <tag><label id="rta-bgp-ext-community">eclist bgp_ext_community [O]</tag> |
dad92c30 OZ |
2732 | List of extended community values associated with the route. Extended |
2733 | communities have similar usage as plain communities, but they have an | |
2734 | extended range (to allow 4B ASNs) and a nontrivial structure with a type | |
2735 | field. Individual community values are represented using an <cf/ec/ data | |
2736 | type inside the filters. | |
2737 | ||
157f6c2a | 2738 | <tag><label id="rta-bgp-large-community">lclist bgp_large_community [O]</tag> |
cec4a73c OZ |
2739 | List of large community values associated with the route. Large BGP |
2740 | communities is another variant of communities, but contrary to extended | |
2741 | communities they behave very much the same way as regular communities, | |
2742 | just larger -- they are uniform untyped triplets of 32bit numbers. | |
2743 | Individual community values are represented using an <cf/lc/ data type | |
2744 | inside the filters. | |
2745 | ||
157f6c2a | 2746 | <tag><label id="rta-bgp-originator-id">quad bgp_originator_id [I, O]</tag> |
dad92c30 OZ |
2747 | This attribute is created by the route reflector when reflecting the |
2748 | route and contains the router ID of the originator of the route in the | |
2749 | local AS. | |
2750 | ||
157f6c2a | 2751 | <tag><label id="rta-bgp-cluster-list">clist bgp_cluster_list [I, O]</tag> |
dad92c30 OZ |
2752 | This attribute contains a list of cluster IDs of route reflectors. Each |
2753 | route reflector prepends its cluster ID when reflecting the route. | |
5459fac6 MM |
2754 | </descrip> |
2755 | ||
371adba6 | 2756 | <sect1>Example |
b9864aa8 | 2757 | <label id="bgp-exam"> |
56ab03c7 | 2758 | |
5459fac6 MM |
2759 | <p><code> |
2760 | protocol bgp { | |
cf3e3845 | 2761 | local 198.51.100.14 as 65000; # Use a private AS number |
9491f9f5 | 2762 | neighbor 198.51.100.130 as 64496; # Our neighbor ... |
6bcef225 | 2763 | multihop; # ... which is connected indirectly |
3e52d112 JMM |
2764 | ipv4 { |
2765 | export filter { # We use non-trivial export rules | |
2766 | if source = RTS_STATIC then { # Export only static routes | |
2767 | # Assign our community | |
2768 | bgp_community.add((65000,64501)); | |
2769 | # Artificially increase path length | |
2770 | # by advertising local AS number twice | |
2771 | if bgp_path ~ [= 65000 =] then | |
2772 | bgp_path.prepend(65000); | |
2773 | accept; | |
2774 | } | |
2775 | reject; | |
2776 | }; | |
2777 | import all; | |
2778 | next hop self; # advertise this router as next hop | |
2779 | igp table myigptable4; # IGP table for routes with IPv4 nexthops | |
2780 | igp table myigptable6; # IGP table for routes with IPv6 nexthops | |
2781 | }; | |
2782 | ipv6 { | |
2783 | export filter mylargefilter; # We use a named filter | |
2784 | import all; | |
2785 | missing lladdr self; | |
2786 | igp table myigptable4; # IGP table for routes with IPv4 nexthops | |
2787 | igp table myigptable6; # IGP table for routes with IPv6 nexthops | |
2788 | }; | |
2789 | ipv4 multicast { | |
2790 | import all; | |
2791 | export filter someotherfilter; | |
2792 | table mymulticasttable4; # Another IPv4 table, dedicated for multicast | |
2793 | igp table myigptable4; | |
2794 | }; | |
5459fac6 MM |
2795 | } |
2796 | </code> | |
2797 | ||
dad92c30 | 2798 | |
371adba6 | 2799 | <sect>Device |
b9864aa8 | 2800 | <label id="device"> |
1b55b1a3 | 2801 | |
dad92c30 OZ |
2802 | <p>The Device protocol is not a real routing protocol. It doesn't generate any |
2803 | routes and it only serves as a module for getting information about network | |
3e52d112 | 2804 | interfaces from the kernel. This protocol supports no channel. |
79a2b697 | 2805 | |
dad92c30 OZ |
2806 | <p>Except for very unusual circumstances, you probably should include this |
2807 | protocol in the configuration since almost all other protocols require network | |
2808 | interfaces to be defined for them to work with. | |
79a2b697 | 2809 | |
6f5603ba | 2810 | <sect1>Configuration |
b9864aa8 | 2811 | <label id="device-config"> |
79a2b697 MM |
2812 | |
2813 | <p><descrip> | |
b9864aa8 | 2814 | <tag><label id="device-scan-time">scan time <m/number/</tag> |
dad92c30 OZ |
2815 | Time in seconds between two scans of the network interface list. On |
2816 | systems where we are notified about interface status changes | |
2817 | asynchronously (such as newer versions of Linux), we need to scan the | |
2818 | list only in order to avoid confusion by lost notification messages, | |
2819 | so the default time is set to a large value. | |
2820 | ||
cf3e3845 | 2821 | <tag><label id="device-iface">interface <m/pattern/ [, <m/.../]</tag> |
cf3e3845 OZ |
2822 | By default, the Device protocol handles all interfaces without any |
2823 | configuration. Interface definitions allow to specify optional | |
2824 | parameters for specific interfaces. See <ref id="proto-iface" | |
2825 | name="interface"> common option for detailed description. Currently only | |
2826 | one interface option is available: | |
2827 | ||
2828 | <tag><label id="device-preferred">preferred <m/ip/</tag> | |
2829 | If a network interface has more than one IP address, BIRD chooses one of | |
2830 | them as a preferred one. Preferred IP address is used as source address | |
2831 | for packets or announced next hop by routing protocols. Precisely, BIRD | |
2832 | chooses one preferred IPv4 address, one preferred IPv6 address and one | |
2833 | preferred link-local IPv6 address. By default, BIRD chooses the first | |
2834 | found IP address as the preferred one. | |
2835 | ||
2836 | This option allows to specify which IP address should be preferred. May | |
2837 | be used multiple times for different address classes (IPv4, IPv6, IPv6 | |
2838 | link-local). In all cases, an address marked by operating system as | |
2839 | secondary cannot be chosen as the primary one. | |
79a2b697 MM |
2840 | </descrip> |
2841 | ||
79a2b697 | 2842 | <p>As the Device protocol doesn't generate any routes, it cannot have |
6f5603ba | 2843 | any attributes. Example configuration looks like this: |
79a2b697 MM |
2844 | |
2845 | <p><code> | |
2846 | protocol device { | |
2847 | scan time 10; # Scan the interfaces often | |
cf3e3845 OZ |
2848 | interface "eth0" { |
2849 | preferred 192.168.1.1; | |
2850 | preferred 2001:db8:1:10::1; | |
2851 | }; | |
79a2b697 MM |
2852 | } |
2853 | </code> | |
2854 | ||
cf3e3845 | 2855 | |
371adba6 | 2856 | <sect>Direct |
b9864aa8 | 2857 | <label id="direct"> |
1b55b1a3 | 2858 | |
79a2b697 | 2859 | <p>The Direct protocol is a simple generator of device routes for all the |
dad92c30 | 2860 | directly connected networks according to the list of interfaces provided by the |
cf3e3845 | 2861 | kernel via the Device protocol. The Direct protocol supports both IPv4 and IPv6 |
159d619c OZ |
2862 | channels; both can be configured simultaneously. It can also be configured with |
2863 | <ref id="ip-sadr-routes" name="IPv6 SADR"> channel instead of regular IPv6 | |
2864 | channel in order to be used together with SADR-enabled Babel protocol. | |
dad92c30 OZ |
2865 | |
2866 | <p>The question is whether it is a good idea to have such device routes in BIRD | |
2867 | routing table. OS kernel usually handles device routes for directly connected | |
2868 | networks by itself so we don't need (and don't want) to export these routes to | |
2869 | the kernel protocol. OSPF protocol creates device routes for its interfaces | |
159d619c OZ |
2870 | itself and BGP protocol is usually used for exporting aggregate routes. But the |
2871 | Direct protocol is necessary for distance-vector protocols like RIP or Babel to | |
2872 | announce local networks. | |
79a2b697 | 2873 | |
e90dd656 | 2874 | <p>There are just few configuration options for the Direct protocol: |
79a2b697 MM |
2875 | |
2876 | <p><descrip> | |
9df52a98 | 2877 | <tag><label id="direct-iface">interface <m/pattern/ [, <m/.../]</tag> |
dad92c30 OZ |
2878 | By default, the Direct protocol will generate device routes for all the |
2879 | interfaces available. If you want to restrict it to some subset of | |
d7c06285 OZ |
2880 | interfaces or addresses (e.g. if you're using multiple routing tables |
2881 | for policy routing and some of the policy domains don't contain all | |
b9864aa8 | 2882 | interfaces), just use this clause. See <ref id="proto-iface" name="interface"> |
d7c06285 OZ |
2883 | common option for detailed description. The Direct protocol uses |
2884 | extended interface clauses. | |
e90dd656 | 2885 | |
b9864aa8 | 2886 | <tag><label id="direct-check-link">check link <m/switch/</tag> |
e90dd656 OZ |
2887 | If enabled, a hardware link state (reported by OS) is taken into |
2888 | consideration. Routes for directly connected networks are generated only | |
2889 | if link up is reported and they are withdrawn when link disappears | |
2890 | (e.g., an ethernet cable is unplugged). Default value is no. | |
79a2b697 MM |
2891 | </descrip> |
2892 | ||
79a2b697 MM |
2893 | <p>Direct device routes don't contain any specific attributes. |
2894 | ||
4f88ac47 | 2895 | <p>Example config might look like this: |
79a2b697 MM |
2896 | |
2897 | <p><code> | |
2898 | protocol direct { | |
3e52d112 | 2899 | ipv4; |
3e52d112 | 2900 | ipv6; |
cf3e3845 | 2901 | interface "-arc*", "*"; # Exclude the ARCnets |
79a2b697 MM |
2902 | } |
2903 | </code> | |
2904 | ||
cf3e3845 | 2905 | |
371adba6 | 2906 | <sect>Kernel |
b9864aa8 | 2907 | <label id="krt"> |
1b55b1a3 | 2908 | |
0e4789c2 | 2909 | <p>The Kernel protocol is not a real routing protocol. Instead of communicating |
c429d4a4 | 2910 | with other routers in the network, it performs synchronization of BIRD's routing |
dad92c30 OZ |
2911 | tables with the OS kernel. Basically, it sends all routing table updates to the |
2912 | kernel and from time to time it scans the kernel tables to see whether some | |
2913 | routes have disappeared (for example due to unnoticed up/down transition of an | |
2914 | interface) or whether an `alien' route has been added by someone else (depending | |
2915 | on the <cf/learn/ switch, such routes are either ignored or accepted to our | |
f8e2d916 | 2916 | table). |
0e4789c2 | 2917 | |
d33cf3f4 OZ |
2918 | <p>Note that routes created by OS kernel itself, namely direct routes |
2919 | representing IP subnets of associated interfaces, are not imported even with | |
2920 | <cf/learn/ enabled. You can use <ref id="direct" name="Direct protocol"> to | |
2921 | generate these direct routes. | |
c429d4a4 | 2922 | |
dad92c30 OZ |
2923 | <p>If your OS supports only a single routing table, you can configure only one |
2924 | instance of the Kernel protocol. If it supports multiple tables (in order to | |
2925 | allow policy routing; such an OS is for example Linux), you can run as many | |
2926 | instances as you want, but each of them must be connected to a different BIRD | |
2927 | routing table and to a different kernel table. | |
0e4789c2 | 2928 | |
dad92c30 OZ |
2929 | <p>Because the kernel protocol is partially integrated with the connected |
2930 | routing table, there are two limitations - it is not possible to connect more | |
2931 | kernel protocols to the same routing table and changing route destination | |
2932 | (gateway) in an export filter of a kernel protocol does not work. Both | |
2933 | limitations can be overcome using another routing table and the pipe protocol. | |
cf3e3845 | 2934 | |
159d619c OZ |
2935 | <p>The Kernel protocol supports both IPv4 and IPv6 channels; only one channel |
2936 | can be configured in each protocol instance. On Linux, it also supports <ref | |
2937 | id="ip-sadr-routes" name="IPv6 SADR"> and <ref id="mpls-routes" name="MPLS"> | |
2938 | channels. | |
71ca7716 | 2939 | |
371adba6 | 2940 | <sect1>Configuration |
b9864aa8 | 2941 | <label id="krt-config"> |
0e4789c2 MM |
2942 | |
2943 | <p><descrip> | |
b9864aa8 | 2944 | <tag><label id="krt-persist">persist <m/switch/</tag> |
6eda3f13 OZ |
2945 | Tell BIRD to leave all its routes in the routing tables when it exits |
2946 | (instead of cleaning them up). | |
2947 | ||
b9864aa8 | 2948 | <tag><label id="krt-scan-time">scan time <m/number/</tag> |
6eda3f13 OZ |
2949 | Time in seconds between two consecutive scans of the kernel routing |
2950 | table. | |
2951 | ||
b9864aa8 | 2952 | <tag><label id="krt-learn">learn <m/switch/</tag> |
6eda3f13 OZ |
2953 | Enable learning of routes added to the kernel routing tables by other |
2954 | routing daemons or by the system administrator. This is possible only on | |
2955 | systems which support identification of route authorship. | |
2956 | ||
b9864aa8 | 2957 | <tag><label id="krt-kernel-table">kernel table <m/number/</tag> |
6eda3f13 OZ |
2958 | Select which kernel table should this particular instance of the Kernel |
2959 | protocol work with. Available only on systems supporting multiple | |
2960 | routing tables. | |
2961 | ||
b9864aa8 | 2962 | <tag><label id="krt-metric">metric <m/number/</tag> (Linux) |
4adcb9df OZ |
2963 | Use specified value as a kernel metric (priority) for all routes sent to |
2964 | the kernel. When multiple routes for the same network are in the kernel | |
2965 | routing table, the Linux kernel chooses one with lower metric. Also, | |
2966 | routes with different metrics do not clash with each other, therefore | |
2967 | using dedicated metric value is a reliable way to avoid overwriting | |
2968 | routes from other sources (e.g. kernel device routes). Metric 0 has a | |
2969 | special meaning of undefined metric, in which either OS default is used, | |
2970 | or per-route metric can be set using <cf/krt_metric/ attribute. Default: | |
bff21441 | 2971 | 32. |
4adcb9df | 2972 | |
b9864aa8 | 2973 | <tag><label id="krt-graceful-restart">graceful restart <m/switch/</tag> |
6eda3f13 OZ |
2974 | Participate in graceful restart recovery. If this option is enabled and |
2975 | a graceful restart recovery is active, the Kernel protocol will defer | |
2976 | synchronization of routing tables until the end of the recovery. Note | |
2977 | that import of kernel routes to BIRD is not affected. | |
8d9eef17 | 2978 | |
b9864aa8 | 2979 | <tag><label id="krt-merge-paths">merge paths <M>switch</M> [limit <M>number</M>]</tag> |
8d9eef17 OZ |
2980 | Usually, only best routes are exported to the kernel protocol. With path |
2981 | merging enabled, both best routes and equivalent non-best routes are | |
2982 | merged during export to generate one ECMP (equal-cost multipath) route | |
2983 | for each network. This is useful e.g. for BGP multipath. Note that best | |
2984 | routes are still pivotal for route export (responsible for most | |
2985 | properties of resulting ECMP routes), while exported non-best routes are | |
2986 | responsible just for additional multipath next hops. This option also | |
2987 | allows to specify a limit on maximal number of nexthops in one route. By | |
2988 | default, multipath merging is disabled. If enabled, default value of the | |
2989 | limit is 16. | |
0e4789c2 MM |
2990 | </descrip> |
2991 | ||
71ca7716 | 2992 | <sect1>Attributes |
b9864aa8 | 2993 | <label id="krt-attr"> |
71ca7716 | 2994 | |
dad92c30 OZ |
2995 | <p>The Kernel protocol defines several attributes. These attributes are |
2996 | translated to appropriate system (and OS-specific) route attributes. We support | |
2997 | these attributes: | |
71ca7716 OZ |
2998 | |
2999 | <descrip> | |
157f6c2a | 3000 | <tag><label id="rta-krt-source">int krt_source</tag> |
dad92c30 OZ |
3001 | The original source of the imported kernel route. The value is |
3002 | system-dependent. On Linux, it is a value of the protocol field of the | |
3003 | route. See /etc/iproute2/rt_protos for common values. On BSD, it is | |
72aed1a0 OZ |
3004 | based on STATIC and PROTOx flags. The attribute is read-only. |
3005 | ||
157f6c2a | 3006 | <tag><label id="rta-krt-metric">int krt_metric</tag> (Linux) |
dad92c30 OZ |
3007 | The kernel metric of the route. When multiple same routes are in a |
3008 | kernel routing table, the Linux kernel chooses one with lower metric. | |
4adcb9df OZ |
3009 | Note that preferred way to set kernel metric is to use protocol option |
3010 | <cf/metric/, unless per-route metric values are needed. | |
9ba2798c | 3011 | |
157f6c2a | 3012 | <tag><label id="rta-krt-prefsrc">ip krt_prefsrc</tag> (Linux) |
dad92c30 | 3013 | The preferred source address. Used in source address selection for |
79a4f74a | 3014 | outgoing packets. Has to be one of the IP addresses of the router. |
71ca7716 | 3015 | |
157f6c2a | 3016 | <tag><label id="rta-krt-realm">int krt_realm</tag> (Linux) |
dad92c30 | 3017 | The realm of the route. Can be used for traffic classification. |
6e75d0d2 | 3018 | |
157f6c2a | 3019 | <tag><label id="rta-krt-scope">int krt_scope</tag> (Linux IPv4) |
6e75d0d2 OZ |
3020 | The scope of the route. Valid values are 0-254, although Linux kernel |
3021 | may reject some values depending on route type and nexthop. It is | |
3022 | supposed to represent `indirectness' of the route, where nexthops of | |
3023 | routes are resolved through routes with a higher scope, but in current | |
3024 | kernels anything below <it/link/ (253) is treated as <it/global/ (0). | |
3025 | When not present, global scope is implied for all routes except device | |
3026 | routes, where link scope is used by default. | |
71ca7716 OZ |
3027 | </descrip> |
3028 | ||
6683d42d OZ |
3029 | <p>In Linux, there is also a plenty of obscure route attributes mostly focused |
3030 | on tuning TCP performance of local connections. BIRD supports most of these | |
3031 | attributes, see Linux or iproute2 documentation for their meaning. Attributes | |
3032 | <cf/krt_lock_*/ and <cf/krt_feature_*/ have type bool, others have type int. | |
3033 | Supported attributes are: | |
3034 | ||
3035 | <cf/krt_mtu/, <cf/krt_lock_mtu/, <cf/krt_window/, <cf/krt_lock_window/, | |
3036 | <cf/krt_rtt/, <cf/krt_lock_rtt/, <cf/krt_rttvar/, <cf/krt_lock_rttvar/, | |
3037 | <cf/krt_sstresh/, <cf/krt_lock_sstresh/, <cf/krt_cwnd/, <cf/krt_lock_cwnd/, | |
3038 | <cf/krt_advmss/, <cf/krt_lock_advmss/, <cf/krt_reordering/, <cf/krt_lock_reordering/, | |
3039 | <cf/krt_hoplimit/, <cf/krt_lock_hoplimit/, <cf/krt_rto_min/, <cf/krt_lock_rto_min/, | |
3040 | <cf/krt_initcwnd/, <cf/krt_initrwnd/, <cf/krt_quickack/, | |
3041 | <cf/krt_feature_ecn/, <cf/krt_feature_allfrag/ | |
3042 | ||
71ca7716 | 3043 | <sect1>Example |
b9864aa8 | 3044 | <label id="krt-exam"> |
71ca7716 | 3045 | |
326e33f5 | 3046 | <p>A simple configuration can look this way: |
0e4789c2 MM |
3047 | |
3048 | <p><code> | |
3049 | protocol kernel { | |
0e4789c2 MM |
3050 | export all; |
3051 | } | |
3052 | </code> | |
3053 | ||
3054 | <p>Or for a system with two routing tables: | |
3055 | ||
3056 | <p><code> | |
3057 | protocol kernel { # Primary routing table | |
3058 | learn; # Learn alien routes from the kernel | |
3059 | persist; # Don't remove routes on bird shutdown | |
3060 | scan time 10; # Scan kernel routing table every 10 seconds | |
3e52d112 JMM |
3061 | ipv4 { |
3062 | import all; | |
3063 | export all; | |
3064 | }; | |
0e4789c2 MM |
3065 | } |
3066 | ||
3067 | protocol kernel { # Secondary routing table | |
0e4789c2 | 3068 | kernel table 100; |
3e52d112 JMM |
3069 | ipv4 { |
3070 | table auxtable; | |
3071 | export all; | |
3072 | }; | |
a2a3ced8 | 3073 | } |
0e4789c2 MM |
3074 | </code> |
3075 | ||
dad92c30 | 3076 | |
fc1b9333 OZ |
3077 | <sect>MRT |
3078 | <label id="mrt"> | |
3079 | ||
3080 | <sect1>Introduction | |
3081 | <label id="mrt-intro"> | |
3082 | ||
3083 | <p>The MRT protocol is a component responsible for handling the Multi-Threaded | |
3084 | Routing Toolkit (MRT) routing information export format, which is mainly used | |
3085 | for collecting and analyzing of routing information from BGP routers. The MRT | |
3086 | protocol can be configured to do periodic dumps of routing tables, created MRT | |
3087 | files can be analyzed later by other tools. Independent MRT table dumps can also | |
3088 | be requested from BIRD client. There is also a feature to save incoming BGP | |
3089 | messages in MRT files, but it is controlled by <ref id="proto-mrtdump" | |
3090 | name="mrtdump"> options independently of MRT protocol, although that might | |
3091 | change in the future. | |
3092 | ||
3093 | BIRD implements the main MRT format specification as defined in <rfc id="6396"> | |
3094 | and the ADD_PATH extension (<rfc id="8050">). | |
3095 | ||
3096 | <sect1>Configuration | |
3097 | <label id="mrt-config"> | |
3098 | ||
3099 | <p>MRT configuration consists of several statements describing routing table | |
3100 | dumps. Multiple independent periodic dumps can be done as multiple MRT protocol | |
3101 | instances. The MRT protocol does not use channels. There are two mandatory | |
3102 | statements: <cf/filename/ and <cf/period/. | |
3103 | ||
3104 | The behavior can be modified by following configuration parameters: | |
3105 | ||
3106 | <descrip> | |
3107 | <tag><label id="mrt-table">table <m/name/ | "<m/pattern/"</tag> | |
3108 | Specify a routing table (or a set of routing tables described by a | |
3109 | wildcard pattern) that are to be dumped by the MRT protocol instance. | |
3110 | Default: the master table. | |
3111 | ||
3112 | <tag><label id="mrt-filter">filter { <m/filter commands/ }</tag> | |
3113 | The MRT protocol allows to specify a filter that is applied to routes as | |
3114 | they are dumped. Rejected routes are ignored and not saved to the MRT | |
3115 | dump file. Default: no filter. | |
3116 | ||
3117 | <tag><label id="mrt-where">where <m/filter expression/</tag> | |
3118 | An alternative way to specify a filter for the MRT protocol. | |
3119 | ||
3120 | <tag><label id="mrt-filename">filename "<m/filename/"</tag> | |
3121 | Specify a filename for MRT dump files. The filename may contain time | |
3122 | format sequences with <it/strftime(3)/ notation (see <it/man strftime/ | |
3123 | for details), there is also a sequence "%N" that is expanded to the name | |
3124 | of dumped table. Therefore, each periodic dump of each table can be | |
3125 | saved to a different file. Mandatory, see example below. | |
3126 | ||
3127 | <tag><label id="mrt-period">period <m/number/</tag> | |
3128 | Specify the time interval (in seconds) between periodic dumps. | |
3129 | Mandatory. | |
3130 | ||
3131 | <tag><label id="mrt-always-add-path">always add path <m/switch/</tag> | |
3132 | The MRT format uses special records (specified in <rfc id="8050">) for | |
3133 | routes received using BGP ADD_PATH extension to keep Path ID, while | |
3134 | other routes use regular records. This has advantage of better | |
3135 | compatibility with tools that do not know special records, but it loses | |
3136 | information about which route is the best route. When this option is | |
3137 | enabled, both ADD_PATH and non-ADD_PATH routes are stored in ADD_PATH | |
3138 | records and order of routes for network is preserved. Default: disabled. | |
3139 | </descrip> | |
3140 | ||
3141 | <sect1>Example | |
3142 | <label id="mrt-exam"> | |
3143 | ||
3144 | <p><code> | |
3145 | protocol mrt { | |
3146 | table "tab*"; | |
3147 | where source = RTS_BGP; | |
3148 | filename "/var/log/bird/%N_%F_%T.mrt"; | |
3149 | period 300; | |
3150 | } | |
3151 | </code> | |
3152 | ||
3153 | ||
371adba6 | 3154 | <sect>OSPF |
b9864aa8 | 3155 | <label id="ospf"> |
1b55b1a3 | 3156 | |
8fd12e6b | 3157 | <sect1>Introduction |
b9864aa8 | 3158 | <label id="ospf-intro"> |
8fd12e6b | 3159 | |
3ca3e999 | 3160 | <p>Open Shortest Path First (OSPF) is a quite complex interior gateway |
7935b9d2 PT |
3161 | protocol. The current IPv4 version (OSPFv2) is defined in <rfc id="2328"> and |
3162 | the current IPv6 version (OSPFv3) is defined in <rfc id="5340"> It's a link | |
3163 | state (a.k.a. shortest path first) protocol -- each router maintains a database | |
3164 | describing the autonomous system's topology. Each participating router has an | |
3165 | identical copy of the database and all routers run the same algorithm | |
3166 | calculating a shortest path tree with themselves as a root. OSPF chooses the | |
3167 | least cost path as the best path. | |
dad92c30 OZ |
3168 | |
3169 | <p>In OSPF, the autonomous system can be split to several areas in order to | |
3170 | reduce the amount of resources consumed for exchanging the routing information | |
3171 | and to protect the other areas from incorrect routing data. Topology of the area | |
3172 | is hidden to the rest of the autonomous system. | |
3173 | ||
3174 | <p>Another very important feature of OSPF is that it can keep routing information | |
3175 | from other protocols (like Static or BGP) in its link state database as external | |
3176 | routes. Each external route can be tagged by the advertising router, making it | |
3177 | possible to pass additional information between routers on the boundary of the | |
3178 | autonomous system. | |
3179 | ||
3180 | <p>OSPF quickly detects topological changes in the autonomous system (such as | |
3181 | router interface failures) and calculates new loop-free routes after a short | |
3182 | period of convergence. Only a minimal amount of routing traffic is involved. | |
8fd12e6b | 3183 | |
3ca3e999 | 3184 | <p>Each router participating in OSPF routing periodically sends Hello messages |
dad92c30 OZ |
3185 | to all its interfaces. This allows neighbors to be discovered dynamically. Then |
3186 | the neighbors exchange theirs parts of the link state database and keep it | |
3187 | identical by flooding updates. The flooding process is reliable and ensures that | |
3188 | each router detects all changes. | |
8fd12e6b OF |
3189 | |
3190 | <sect1>Configuration | |
b9864aa8 | 3191 | <label id="ospf-config"> |
8fd12e6b | 3192 | |
da3cf9ea OZ |
3193 | <p>First, the desired OSPF version can be specified by using <cf/ospf v2/ or |
3194 | <cf/ospf v3/ as a protocol type. By default, OSPFv2 is used. In the main part of | |
3195 | configuration, there can be multiple definitions of OSPF areas, each with a | |
3196 | different id. These definitions includes many other switches and multiple | |
3197 | definitions of interfaces. Definition of interface may contain many switches and | |
3198 | constant definitions and list of neighbors on nonbroadcast networks. | |
8fd12e6b | 3199 | |
cf3e3845 OZ |
3200 | <p>OSPFv2 needs one IPv4 channel. OSPFv3 needs either one IPv6 channel, or one |
3201 | IPv4 channel (<rfc id="5838">). Therefore, it is possible to use OSPFv3 for both | |
3202 | IPv4 and Pv6 routing, but it is necessary to have two protocol instances anyway. | |
3203 | If no channel is configured, appropriate channel is defined with default | |
3204 | parameters. | |
3e52d112 | 3205 | |
8fd12e6b | 3206 | <code> |
da3cf9ea | 3207 | protocol ospf [v2|v3] <name> { |
1632f1fe | 3208 | rfc1583compat <switch>; |
2d7fb19c | 3209 | rfc5838 <switch>; |
178a197a | 3210 | instance id <num>; |
f623ab98 | 3211 | stub router <switch>; |
62eee823 | 3212 | tick <num>; |
e91f6960 | 3213 | ecmp <switch> [limit <num>]; |
145368f5 | 3214 | merge external <switch>; |
088bc8ad | 3215 | area <id> { |
2918e610 OZ |
3216 | stub; |
3217 | nssa; | |
bde872bb | 3218 | summary <switch>; |
2918e610 OZ |
3219 | default nssa <switch>; |
3220 | default cost <num>; | |
3221 | default cost2 <num>; | |
bde872bb OZ |
3222 | translator <switch>; |
3223 | translator stability <num>; | |
3224 | ||
16319aeb OF |
3225 | networks { |
3226 | <prefix>; | |
3227 | <prefix> hidden; | |
3228 | } | |
bde872bb OZ |
3229 | external { |
3230 | <prefix>; | |
3231 | <prefix> hidden; | |
3232 | <prefix> tag <num>; | |
3233 | } | |
38675202 OZ |
3234 | stubnet <prefix>; |
3235 | stubnet <prefix> { | |
3236 | hidden <switch>; | |
3237 | summary <switch>; | |
3238 | cost <num>; | |
3239 | } | |
0ec031f7 | 3240 | interface <interface pattern> [instance <num>] { |
088bc8ad | 3241 | cost <num>; |
e3bc10fd | 3242 | stub <switch>; |
088bc8ad | 3243 | hello <num>; |
a190e720 | 3244 | poll <num>; |
088bc8ad OF |
3245 | retransmit <num>; |
3246 | priority <num>; | |
3247 | wait <num>; | |
3248 | dead count <num>; | |
d8c7d9e8 | 3249 | dead <num>; |
48e5f32d | 3250 | secondary <switch>; |
94c42054 | 3251 | rx buffer [normal|large|<num>]; |
48e5f32d | 3252 | tx length <num>; |
919f5411 OZ |
3253 | type [broadcast|bcast|pointopoint|ptp| |
3254 | nonbroadcast|nbma|pointomultipoint|ptmp]; | |
70945cb6 | 3255 | link lsa suppression <switch>; |
a190e720 | 3256 | strict nonbroadcast <switch>; |
95127cbb | 3257 | real broadcast <switch>; |
8df02847 | 3258 | ptp netmask <switch>; |
e91f6960 | 3259 | check link <switch>; |
1ec52253 | 3260 | bfd <switch>; |
e91f6960 | 3261 | ecmp weight <num>; |
6ac4f87a OZ |
3262 | ttl security [<switch>; | tx only] |
3263 | tx class|dscp <num>; | |
3264 | tx priority <num>; | |
64385aee | 3265 | authentication none|simple|cryptographic; |
088bc8ad | 3266 | password "<text>"; |
b21f68b4 OZ |
3267 | password "<text>" { |
3268 | id <num>; | |
3269 | generate from "<date>"; | |
3270 | generate to "<date>"; | |
3271 | accept from "<date>"; | |
3272 | accept to "<date>"; | |
64385aee PT |
3273 | from "<date>"; |
3274 | to "<date>"; | |
3275 | algorithm ( keyed md5 | keyed sha1 | hmac sha1 | hmac sha256 | hmac sha384 | hmac sha512 ); | |
ea357b8b | 3276 | }; |
8fd12e6b | 3277 | neighbors { |
088bc8ad | 3278 | <ip>; |
a190e720 | 3279 | <ip> eligible; |
8fd12e6b OF |
3280 | }; |
3281 | }; | |
0ec031f7 | 3282 | virtual link <id> [instance <num>] { |
98ac6176 | 3283 | hello <num>; |
98ac6176 OF |
3284 | retransmit <num>; |
3285 | wait <num>; | |
3286 | dead count <num>; | |
d8c7d9e8 | 3287 | dead <num>; |
64385aee | 3288 | authentication none|simple|cryptographic; |
98ac6176 | 3289 | password "<text>"; |
64385aee PT |
3290 | password "<text>" { |
3291 | id <num>; | |
3292 | generate from "<date>"; | |
3293 | generate to "<date>"; | |
3294 | accept from "<date>"; | |
3295 | accept to "<date>"; | |
3296 | from "<date>"; | |
3297 | to "<date>"; | |
3298 | algorithm ( keyed md5 | keyed sha1 | hmac sha1 | hmac sha256 | hmac sha384 | hmac sha512 ); | |
3299 | }; | |
98ac6176 | 3300 | }; |
8fd12e6b OF |
3301 | }; |
3302 | } | |
3303 | </code> | |
3304 | ||
3305 | <descrip> | |
b9864aa8 | 3306 | <tag><label id="ospf-rfc1583compat">rfc1583compat <M>switch</M></tag> |
dad92c30 | 3307 | This option controls compatibility of routing table calculation with |
7935b9d2 | 3308 | <rfc id="1583">. Default value is no. |
e91f6960 | 3309 | |
2d7fb19c OZ |
3310 | <tag><label id="ospf-rfc5838">rfc5838 <m/switch/</tag> |
3311 | Basic OSPFv3 is limited to IPv6 unicast routing. The <rfc id="5838"> | |
3312 | extension defines support for more address families (IPv4, IPv6, both | |
3313 | unicast and multicast). The extension is enabled by default, but can be | |
3314 | disabled if necessary, as it restricts the range of available instance | |
3315 | IDs. Default value is yes. | |
3316 | ||
b9864aa8 | 3317 | <tag><label id="ospf-instance-id">instance id <m/num/</tag> |
178a197a OZ |
3318 | When multiple OSPF protocol instances are active on the same links, they |
3319 | should use different instance IDs to distinguish their packets. Although | |
3320 | it could be done on per-interface basis, it is often preferred to set | |
3321 | one instance ID to whole OSPF domain/topology (e.g., when multiple | |
3322 | instances are used to represent separate logical topologies on the same | |
2d7fb19c OZ |
3323 | physical network). This option specifies the instance ID for all |
3324 | interfaces of the OSPF instance, but can be overridden by | |
3325 | <cf/interface/ option. Default value is 0 unless OSPFv3-AF extended | |
3326 | address families are used, see <rfc id="5838"> for that case. | |
178a197a | 3327 | |
b9864aa8 | 3328 | <tag><label id="ospf-stub-router">stub router <M>switch</M></tag> |
dad92c30 OZ |
3329 | This option configures the router to be a stub router, i.e., a router |
3330 | that participates in the OSPF topology but does not allow transit | |
3331 | traffic. In OSPFv2, this is implemented by advertising maximum metric | |
178a197a | 3332 | for outgoing links. In OSPFv3, the stub router behavior is announced by |
7935b9d2 PT |
3333 | clearing the R-bit in the router LSA. See <rfc id="6987"> for details. |
3334 | Default value is no. | |
f623ab98 | 3335 | |
b9864aa8 | 3336 | <tag><label id="ospf-tick">tick <M>num</M></tag> |
dad92c30 OZ |
3337 | The routing table calculation and clean-up of areas' databases is not |
3338 | performed when a single link state change arrives. To lower the CPU | |
3339 | utilization, it's processed later at periodical intervals of <m/num/ | |
3340 | seconds. The default value is 1. | |
e91f6960 | 3341 | |
b9864aa8 | 3342 | <tag><label id="ospf-ecmp">ecmp <M>switch</M> [limit <M>number</M>]</tag> |
dad92c30 OZ |
3343 | This option specifies whether OSPF is allowed to generate ECMP |
3344 | (equal-cost multipath) routes. Such routes are used when there are | |
3345 | several directions to the destination, each with the same (computed) | |
8465dccb | 3346 | cost. This option also allows to specify a limit on maximum number of |
cf3e3845 OZ |
3347 | nexthops in one route. By default, ECMP is enabled if supported by |
3348 | Kernel. Default value of the limit is 16. | |
e91f6960 | 3349 | |
b9864aa8 | 3350 | <tag><label id="ospf-merge-external">merge external <M>switch</M></tag> |
145368f5 OZ |
3351 | This option specifies whether OSPF should merge external routes from |
3352 | different routers/LSAs for the same destination. When enabled together | |
3353 | with <cf/ecmp/, equal-cost external routes will be combined to multipath | |
3354 | routes in the same way as regular routes. When disabled, external routes | |
3355 | from different LSAs are treated as separate even if they represents the | |
3356 | same destination. Default value is no. | |
3357 | ||
b9864aa8 | 3358 | <tag><label id="ospf-area">area <M>id</M></tag> |
dad92c30 OZ |
3359 | This defines an OSPF area with given area ID (an integer or an IPv4 |
3360 | address, similarly to a router ID). The most important area is the | |
3361 | backbone (ID 0) to which every other area must be connected. | |
8fd12e6b | 3362 | |
b9864aa8 | 3363 | <tag><label id="ospf-stub">stub</tag> |
dad92c30 OZ |
3364 | This option configures the area to be a stub area. External routes are |
3365 | not flooded into stub areas. Also summary LSAs can be limited in stub | |
3366 | areas (see option <cf/summary/). By default, the area is not a stub | |
3367 | area. | |
bde872bb | 3368 | |
b9864aa8 | 3369 | <tag><label id="ospf-nssa">nssa</tag> |
dad92c30 OZ |
3370 | This option configures the area to be a NSSA (Not-So-Stubby Area). NSSA |
3371 | is a variant of a stub area which allows a limited way of external route | |
3372 | propagation. Global external routes are not propagated into a NSSA, but | |
3373 | an external route can be imported into NSSA as a (area-wide) NSSA-LSA | |
3374 | (and possibly translated and/or aggregated on area boundary). By | |
3375 | default, the area is not NSSA. | |
bde872bb | 3376 | |
b9864aa8 | 3377 | <tag><label id="ospf-summary">summary <M>switch</M></tag> |
dad92c30 OZ |
3378 | This option controls propagation of summary LSAs into stub or NSSA |
3379 | areas. If enabled, summary LSAs are propagated as usual, otherwise just | |
3380 | the default summary route (0.0.0.0/0) is propagated (this is sometimes | |
3381 | called totally stubby area). If a stub area has more area boundary | |
3382 | routers, propagating summary LSAs could lead to more efficient routing | |
3383 | at the cost of larger link state database. Default value is no. | |
bde872bb | 3384 | |
b9864aa8 | 3385 | <tag><label id="ospf-default-nssa">default nssa <M>switch</M></tag> |
dad92c30 OZ |
3386 | When <cf/summary/ option is enabled, default summary route is no longer |
3387 | propagated to the NSSA. In that case, this option allows to originate | |
3388 | default route as NSSA-LSA to the NSSA. Default value is no. | |
2918e610 | 3389 | |
b9864aa8 | 3390 | <tag><label id="ospf-default-cost">default cost <M>num</M></tag> |
dad92c30 OZ |
3391 | This option controls the cost of a default route propagated to stub and |
3392 | NSSA areas. Default value is 1000. | |
bde872bb | 3393 | |
b9864aa8 | 3394 | <tag><label id="ospf-default-cost2">default cost2 <M>num</M></tag> |
dad92c30 OZ |
3395 | When a default route is originated as NSSA-LSA, its cost can use either |
3396 | type 1 or type 2 metric. This option allows to specify the cost of a | |
3397 | default route in type 2 metric. By default, type 1 metric (option | |
3398 | <cf/default cost/) is used. | |
2918e610 | 3399 | |
b9864aa8 | 3400 | <tag><label id="ospf-translator">translator <M>switch</M></tag> |
dad92c30 OZ |
3401 | This option controls translation of NSSA-LSAs into external LSAs. By |
3402 | default, one translator per NSSA is automatically elected from area | |
3403 | boundary routers. If enabled, this area boundary router would | |
3404 | unconditionally translate all NSSA-LSAs regardless of translator | |
3405 | election. Default value is no. | |
bde872bb | 3406 | |
b9864aa8 | 3407 | <tag><label id="ospf-translator-stability">translator stability <M>num</M></tag> |
dad92c30 OZ |
3408 | This option controls the translator stability interval (in seconds). |
3409 | When the new translator is elected, the old one keeps translating until | |
3410 | the interval is over. Default value is 40. | |
8fd12e6b | 3411 | |
b9864aa8 | 3412 | <tag><label id="ospf-networks">networks { <m/set/ }</tag> |
dad92c30 OZ |
3413 | Definition of area IP ranges. This is used in summary LSA origination. |
3414 | Hidden networks are not propagated into other areas. | |
16319aeb | 3415 | |
b9864aa8 | 3416 | <tag><label id="ospf-external">external { <m/set/ }</tag> |
dad92c30 OZ |
3417 | Definition of external area IP ranges for NSSAs. This is used for |
3418 | NSSA-LSA translation. Hidden networks are not translated into external | |
3419 | LSAs. Networks can have configured route tag. | |
bde872bb | 3420 | |
b9864aa8 | 3421 | <tag><label id="ospf-stubnet">stubnet <m/prefix/ { <m/options/ }</tag> |
dad92c30 OZ |
3422 | Stub networks are networks that are not transit networks between OSPF |
3423 | routers. They are also propagated through an OSPF area as a part of a | |
3424 | link state database. By default, BIRD generates a stub network record | |
3425 | for each primary network address on each OSPF interface that does not | |
3426 | have any OSPF neighbors, and also for each non-primary network address | |
3427 | on each OSPF interface. This option allows to alter a set of stub | |
3428 | networks propagated by this router. | |
3429 | ||
3430 | Each instance of this option adds a stub network with given network | |
3431 | prefix to the set of propagated stub network, unless option <cf/hidden/ | |
3432 | is used. It also suppresses default stub networks for given network | |
3433 | prefix. When option <cf/summary/ is used, also default stub networks | |
3434 | that are subnetworks of given stub network are suppressed. This might be | |
3435 | used, for example, to aggregate generated stub networks. | |
178a197a | 3436 | |
b9864aa8 | 3437 | <tag><label id="ospf-iface">interface <M>pattern</M> [instance <m/num/]</tag> |
dad92c30 | 3438 | Defines that the specified interfaces belong to the area being defined. |
b9864aa8 | 3439 | See <ref id="proto-iface" name="interface"> common option for detailed |
d7c06285 | 3440 | description. In OSPFv2, extended interface clauses are used, because |
178a197a OZ |
3441 | each network prefix is handled as a separate virtual interface. |
3442 | ||
3443 | You can specify alternative instance ID for the interface definition, | |
3444 | therefore it is possible to have several instances of that interface | |
7935b9d2 PT |
3445 | with different options or even in different areas. For OSPFv2, instance |
3446 | ID support is an extension (<rfc id="6549">) and is supposed to be set | |
3447 | per-protocol. For OSPFv3, it is an integral feature. | |
0ec031f7 | 3448 | |
b9864aa8 | 3449 | <tag><label id="ospf-virtual-link">virtual link <M>id</M> [instance <m/num/]</tag> |
dad92c30 OZ |
3450 | Virtual link to router with the router id. Virtual link acts as a |
3451 | point-to-point interface belonging to backbone. The actual area is used | |
178a197a OZ |
3452 | as a transport area. This item cannot be in the backbone. Like with |
3453 | <cf/interface/ option, you could also use several virtual links to one | |
3454 | destination with different instance IDs. | |
98ac6176 | 3455 | |
b9864aa8 | 3456 | <tag><label id="ospf-cost">cost <M>num</M></tag> |
dad92c30 | 3457 | Specifies output cost (metric) of an interface. Default value is 10. |
8fd12e6b | 3458 | |
b9864aa8 | 3459 | <tag><label id="ospf-stub-iface">stub <M>switch</M></tag> |
dad92c30 OZ |
3460 | If set to interface it does not listen to any packet and does not send |
3461 | any hello. Default value is no. | |
e3bc10fd | 3462 | |
b9864aa8 | 3463 | <tag><label id="ospf-hello">hello <M>num</M></tag> |
dad92c30 OZ |
3464 | Specifies interval in seconds between sending of Hello messages. Beware, |
3465 | all routers on the same network need to have the same hello interval. | |
3466 | Default value is 10. | |
8fd12e6b | 3467 | |
b9864aa8 | 3468 | <tag><label id="ospf-poll">poll <M>num</M></tag> |
dad92c30 OZ |
3469 | Specifies interval in seconds between sending of Hello messages for some |
3470 | neighbors on NBMA network. Default value is 20. | |
a190e720 | 3471 | |
b9864aa8 | 3472 | <tag><label id="ospf-retransmit">retransmit <M>num</M></tag> |
dad92c30 OZ |
3473 | Specifies interval in seconds between retransmissions of unacknowledged |
3474 | updates. Default value is 5. | |
8fd12e6b | 3475 | |
b9864aa8 | 3476 | <tag><label id="ospf-priority">priority <M>num</M></tag> |
0a505706 OZ |
3477 | On every multiple access network (e.g., the Ethernet) Designated Router |
3478 | and Backup Designated router are elected. These routers have some special | |
dad92c30 OZ |
3479 | functions in the flooding process. Higher priority increases preferences |
3480 | in this election. Routers with priority 0 are not eligible. Default | |
3481 | value is 1. | |
8fd12e6b | 3482 | |
b9864aa8 | 3483 | <tag><label id="ospf-wait">wait <M>num</M></tag> |
dad92c30 | 3484 | After start, router waits for the specified number of seconds between |
178a197a OZ |
3485 | starting election and building adjacency. Default value is 4*<m/hello/. |
3486 | ||
b9864aa8 | 3487 | <tag><label id="ospf-dead-count">dead count <M>num</M></tag> |
dad92c30 OZ |
3488 | When the router does not receive any messages from a neighbor in |
3489 | <m/dead count/*<m/hello/ seconds, it will consider the neighbor down. | |
8fd12e6b | 3490 | |
b9864aa8 | 3491 | <tag><label id="ospf-dead">dead <M>num</M></tag> |
dad92c30 OZ |
3492 | When the router does not receive any messages from a neighbor in |
3493 | <m/dead/ seconds, it will consider the neighbor down. If both directives | |
fff7498d | 3494 | <cf/dead count/ and <cf/dead/ are used, <cf/dead/ has precedence. |
48e5f32d | 3495 | |
b9864aa8 | 3496 | <tag><label id="ospf-secondary">secondary <M>switch</M></tag> |
48e5f32d OZ |
3497 | On BSD systems, older versions of BIRD supported OSPFv2 only for the |
3498 | primary IP address of an interface, other IP ranges on the interface | |
3499 | were handled as stub networks. Since v1.4.1, regular operation on | |
3500 | secondary IP addresses is supported, but disabled by default for | |
3501 | compatibility. This option allows to enable it. The option is a | |
3502 | transitional measure, will be removed in the next major release as the | |
3503 | behavior will be changed. On Linux systems, the option is irrelevant, as | |
3504 | operation on non-primary addresses is already the regular behavior. | |
d8c7d9e8 | 3505 | |
b9864aa8 | 3506 | <tag><label id="ospf-rx-buffer">rx buffer <M>num</M></tag> |
48e5f32d OZ |
3507 | This option allows to specify the size of buffers used for packet |
3508 | processing. The buffer size should be bigger than maximal size of any | |
3509 | packets. By default, buffers are dynamically resized as needed, but a | |
3510 | fixed value could be specified. Value <cf/large/ means maximal allowed | |
3511 | packet size - 65535. | |
3512 | ||
b9864aa8 | 3513 | <tag><label id="ospf-tx-length">tx length <M>num</M></tag> |
48e5f32d OZ |
3514 | Transmitted OSPF messages that contain large amount of information are |
3515 | segmented to separate OSPF packets to avoid IP fragmentation. This | |
3516 | option specifies the soft ceiling for the length of generated OSPF | |
3517 | packets. Default value is the MTU of the network interface. Note that | |
3518 | larger OSPF packets may still be generated if underlying OSPF messages | |
3519 | cannot be splitted (e.g. when one large LSA is propagated). | |
94c42054 | 3520 | |
b9864aa8 | 3521 | <tag><label id="ospf-type-bcast">type broadcast|bcast</tag> |
dad92c30 OZ |
3522 | BIRD detects a type of a connected network automatically, but sometimes |
3523 | it's convenient to force use of a different type manually. On broadcast | |
3524 | networks (like ethernet), flooding and Hello messages are sent using | |
3525 | multicasts (a single packet for all the neighbors). A designated router | |
3526 | is elected and it is responsible for synchronizing the link-state | |
3527 | databases and originating network LSAs. This network type cannot be used | |
3528 | on physically NBMA networks and on unnumbered networks (networks without | |
3529 | proper IP prefix). | |
919f5411 | 3530 | |
b9864aa8 | 3531 | <tag><label id="ospf-type-ptp">type pointopoint|ptp</tag> |
dad92c30 OZ |
3532 | Point-to-point networks connect just 2 routers together. No election is |
3533 | performed and no network LSA is originated, which makes it simpler and | |
3534 | faster to establish. This network type is useful not only for physically | |
3535 | PtP ifaces (like PPP or tunnels), but also for broadcast networks used | |
3536 | as PtP links. This network type cannot be used on physically NBMA | |
3537 | networks. | |
919f5411 | 3538 | |
b9864aa8 | 3539 | <tag><label id="ospf-type-nbma">type nonbroadcast|nbma</tag> |
dad92c30 OZ |
3540 | On NBMA networks, the packets are sent to each neighbor separately |
3541 | because of lack of multicast capabilities. Like on broadcast networks, | |
3542 | a designated router is elected, which plays a central role in propagation | |
3543 | of LSAs. This network type cannot be used on unnumbered networks. | |
919f5411 | 3544 | |
b9864aa8 | 3545 | <tag><label id="ospf-type-ptmp">type pointomultipoint|ptmp</tag> |
dad92c30 OZ |
3546 | This is another network type designed to handle NBMA networks. In this |
3547 | case the NBMA network is treated as a collection of PtP links. This is | |
3548 | useful if not every pair of routers on the NBMA network has direct | |
3549 | communication, or if the NBMA network is used as an (possibly | |
3550 | unnumbered) PtP link. | |
8fd12e6b | 3551 | |
b9864aa8 | 3552 | <tag><label id="ospf-link-lsa-suppression">link lsa suppression <m/switch/</tag> |
70945cb6 OZ |
3553 | In OSPFv3, link LSAs are generated for each link, announcing link-local |
3554 | IPv6 address of the router to its local neighbors. These are useless on | |
3555 | PtP or PtMP networks and this option allows to suppress the link LSA | |
3556 | origination for such interfaces. The option is ignored on other than PtP | |
3557 | or PtMP interfaces. Default value is no. | |
3558 | ||
b9864aa8 | 3559 | <tag><label id="ospf-strict-nonbroadcast">strict nonbroadcast <m/switch/</tag> |
dad92c30 | 3560 | If set, don't send hello to any undefined neighbor. This switch is |
70945cb6 | 3561 | ignored on other than NBMA or PtMP interfaces. Default value is no. |
8fd12e6b | 3562 | |
b9864aa8 | 3563 | <tag><label id="ospf-real-broadcast">real broadcast <m/switch/</tag> |
dad92c30 OZ |
3564 | In <cf/type broadcast/ or <cf/type ptp/ network configuration, OSPF |
3565 | packets are sent as IP multicast packets. This option changes the | |
3566 | behavior to using old-fashioned IP broadcast packets. This may be useful | |
3567 | as a workaround if IP multicast for some reason does not work or does | |
3568 | not work reliably. This is a non-standard option and probably is not | |
3569 | interoperable with other OSPF implementations. Default value is no. | |
95127cbb | 3570 | |
b9864aa8 | 3571 | <tag><label id="ospf-ptp-netmask">ptp netmask <m/switch/</tag> |
dad92c30 OZ |
3572 | In <cf/type ptp/ network configurations, OSPFv2 implementations should |
3573 | ignore received netmask field in hello packets and should send hello | |
3574 | packets with zero netmask field on unnumbered PtP links. But some OSPFv2 | |
3575 | implementations perform netmask checking even for PtP links. This option | |
3576 | specifies whether real netmask will be used in hello packets on <cf/type | |
3577 | ptp/ interfaces. You should ignore this option unless you meet some | |
3578 | compatibility problems related to this issue. Default value is no for | |
3579 | unnumbered PtP links, yes otherwise. | |
8df02847 | 3580 | |
b9864aa8 | 3581 | <tag><label id="ospf-check-link">check link <M>switch</M></tag> |
dad92c30 OZ |
3582 | If set, a hardware link state (reported by OS) is taken into consideration. |
3583 | When a link disappears (e.g. an ethernet cable is unplugged), neighbors | |
3584 | are immediately considered unreachable and only the address of the iface | |
3585 | (instead of whole network prefix) is propagated. It is possible that | |
3586 | some hardware drivers or platforms do not implement this feature. | |
cf3e3845 | 3587 | Default value is yes. |
e91f6960 | 3588 | |
b9864aa8 | 3589 | <tag><label id="ospf-bfd">bfd <M>switch</M></tag> |
1ec52253 OZ |
3590 | OSPF could use BFD protocol as an advisory mechanism for neighbor |
3591 | liveness and failure detection. If enabled, BIRD setups a BFD session | |
3592 | for each OSPF neighbor and tracks its liveness by it. This has an | |
3593 | advantage of an order of magnitude lower detection times in case of | |
3594 | failure. Note that BFD protocol also has to be configured, see | |
b9864aa8 | 3595 | <ref id="bfd" name="BFD"> section for details. Default value is no. |
1ec52253 | 3596 | |
b9864aa8 | 3597 | <tag><label id="ospf-ttl-security">ttl security [<m/switch/ | tx only]</tag> |
dad92c30 OZ |
3598 | TTL security is a feature that protects routing protocols from remote |
3599 | spoofed packets by using TTL 255 instead of TTL 1 for protocol packets | |
3600 | destined to neighbors. Because TTL is decremented when packets are | |
3601 | forwarded, it is non-trivial to spoof packets with TTL 255 from remote | |
3602 | locations. Note that this option would interfere with OSPF virtual | |
3603 | links. | |
3604 | ||
3605 | If this option is enabled, the router will send OSPF packets with TTL | |
3606 | 255 and drop received packets with TTL less than 255. If this option si | |
3607 | set to <cf/tx only/, TTL 255 is used for sent packets, but is not | |
3608 | checked for received packets. Default value is no. | |
6ac4f87a | 3609 | |
b9864aa8 | 3610 | <tag><label id="ospf-tx-class">tx class|dscp|priority <m/num/</tag> |
dad92c30 | 3611 | These options specify the ToS/DiffServ/Traffic class/Priority of the |
b9864aa8 | 3612 | outgoing OSPF packets. See <ref id="proto-tx-class" name="tx class"> common |
dad92c30 | 3613 | option for detailed description. |
ef4a50be | 3614 | |
b9864aa8 | 3615 | <tag><label id="ospf-ecmp-weight">ecmp weight <M>num</M></tag> |
dad92c30 OZ |
3616 | When ECMP (multipath) routes are allowed, this value specifies a |
3617 | relative weight used for nexthops going through the iface. Allowed | |
3618 | values are 1-256. Default value is 1. | |
391931d4 | 3619 | |
b9864aa8 | 3620 | <tag><label id="ospf-auth-none">authentication none</tag> |
dad92c30 | 3621 | No passwords are sent in OSPF packets. This is the default value. |
8fd12e6b | 3622 | |
b9864aa8 | 3623 | <tag><label id="ospf-auth-simple">authentication simple</tag> |
dad92c30 OZ |
3624 | Every packet carries 8 bytes of password. Received packets lacking this |
3625 | password are ignored. This authentication mechanism is very weak. | |
64385aee | 3626 | This option is not available in OSPFv3. |
8fd12e6b | 3627 | |
b9864aa8 | 3628 | <tag><label id="ospf-auth-cryptographic">authentication cryptographic</tag> |
64385aee PT |
3629 | An authentication code is appended to every packet. The specific |
3630 | cryptographic algorithm is selected by option <cf/algorithm/ for each | |
3631 | key. The default cryptographic algorithm for OSPFv2 keys is Keyed-MD5 | |
3632 | and for OSPFv3 keys is HMAC-SHA-256. Passwords are not sent open via | |
3633 | network, so this mechanism is quite secure. Packets can still be read by | |
3634 | an attacker. | |
ea357b8b | 3635 | |
b9864aa8 | 3636 | <tag><label id="ospf-pass">password "<M>text</M>"</tag> |
64385aee | 3637 | Specifies a password used for authentication. See |
b9864aa8 | 3638 | <ref id="proto-pass" name="password"> common option for detailed |
dad92c30 | 3639 | description. |
8fd12e6b | 3640 | |
b9864aa8 | 3641 | <tag><label id="ospf-neighbors">neighbors { <m/set/ } </tag> |
dad92c30 OZ |
3642 | A set of neighbors to which Hello messages on NBMA or PtMP networks are |
3643 | to be sent. For NBMA networks, some of them could be marked as eligible. | |
3644 | In OSPFv3, link-local addresses should be used, using global ones is | |
3645 | possible, but it is nonstandard and might be problematic. And definitely, | |
3646 | link-local and global addresses should not be mixed. | |
8fd12e6b OF |
3647 | </descrip> |
3648 | ||
3649 | <sect1>Attributes | |
b9864aa8 | 3650 | <label id="ospf-attr"> |
8fd12e6b | 3651 | |
c27b2449 | 3652 | <p>OSPF defines four route attributes. Each internal route has a <cf/metric/. |
8fd12e6b | 3653 | |
dad92c30 OZ |
3654 | <p>Metric is ranging from 1 to infinity (65535). External routes use |
3655 | <cf/metric type 1/ or <cf/metric type 2/. A <cf/metric of type 1/ is comparable | |
3656 | with internal <cf/metric/, a <cf/metric of type 2/ is always longer than any | |
3657 | <cf/metric of type 1/ or any <cf/internal metric/. <cf/Internal metric/ or | |
3658 | <cf/metric of type 1/ is stored in attribute <cf/ospf_metric1/, <cf/metric type | |
feae132e OZ |
3659 | 2/ is stored in attribute <cf/ospf_metric2/. |
3660 | ||
3661 | When both metrics are specified then <cf/metric of type 2/ is used. This is | |
3662 | relevant e.g. when a type 2 external route is propagated from one OSPF domain to | |
3663 | another and <cf/ospf_metric1/ is an internal distance to the original ASBR, | |
3664 | while <cf/ospf_metric2/ stores the type 2 metric. Note that in such cases if | |
3665 | <cf/ospf_metric1/ is non-zero then <cf/ospf_metric2/ is increased by one to | |
3666 | ensure monotonicity of metric, as internal distance is reset to zero when an | |
3667 | external route is announced. | |
dad92c30 OZ |
3668 | |
3669 | <p>Each external route can also carry attribute <cf/ospf_tag/ which is a 32-bit | |
3670 | integer which is used when exporting routes to other protocols; otherwise, it | |
3671 | doesn't affect routing inside the OSPF domain at all. The fourth attribute | |
3672 | <cf/ospf_router_id/ is a router ID of the router advertising that route / | |
3673 | network. This attribute is read-only. Default is <cf/ospf_metric2 = 10000/ and | |
3674 | <cf/ospf_tag = 0/. | |
8fd12e6b | 3675 | |
dad92c30 | 3676 | <sect1>Example |
b9864aa8 | 3677 | <label id="ospf-exam"> |
8fd12e6b | 3678 | |
9637c7c0 | 3679 | <p><code> |
8fd12e6b | 3680 | protocol ospf MyOSPF { |
3e52d112 JMM |
3681 | ipv4 { |
3682 | export filter { | |
3683 | if source = RTS_BGP then { | |
3684 | ospf_metric1 = 100; | |
3685 | accept; | |
3686 | } | |
3687 | reject; | |
3688 | }; | |
f434d191 | 3689 | }; |
8fd12e6b | 3690 | area 0.0.0.0 { |
8fd12e6b OF |
3691 | interface "eth*" { |
3692 | cost 11; | |
3693 | hello 15; | |
3694 | priority 100; | |
3695 | retransmit 7; | |
3696 | authentication simple; | |
3697 | password "aaa"; | |
3698 | }; | |
3699 | interface "ppp*" { | |
3700 | cost 100; | |
3b16080c | 3701 | authentication cryptographic; |
f434d191 OZ |
3702 | password "abc" { |
3703 | id 1; | |
3704 | generate to "22-04-2003 11:00:06"; | |
3705 | accept from "17-01-2001 12:01:05"; | |
64385aee | 3706 | algorithm hmac sha384; |
f434d191 OZ |
3707 | }; |
3708 | password "def" { | |
3709 | id 2; | |
3710 | generate to "22-07-2005 17:03:21"; | |
3711 | accept from "22-02-2001 11:34:06"; | |
64385aee | 3712 | algorithm hmac sha512; |
3b16080c | 3713 | }; |
8fd12e6b | 3714 | }; |
e3bc10fd OF |
3715 | interface "arc0" { |
3716 | cost 10; | |
3717 | stub yes; | |
3718 | }; | |
3b16080c | 3719 | interface "arc1"; |
8fd12e6b OF |
3720 | }; |
3721 | area 120 { | |
3722 | stub yes; | |
98ac6176 OF |
3723 | networks { |
3724 | 172.16.1.0/24; | |
3725 | 172.16.2.0/24 hidden; | |
3726 | } | |
8fd12e6b OF |
3727 | interface "-arc0" , "arc*" { |
3728 | type nonbroadcast; | |
3729 | authentication none; | |
e3bc10fd | 3730 | strict nonbroadcast yes; |
a190e720 OF |
3731 | wait 120; |
3732 | poll 40; | |
3733 | dead count 8; | |
8fd12e6b | 3734 | neighbors { |
a190e720 | 3735 | 192.168.120.1 eligible; |
8fd12e6b OF |
3736 | 192.168.120.2; |
3737 | 192.168.120.10; | |
3738 | }; | |
3739 | }; | |
3740 | }; | |
3741 | } | |
3742 | </code> | |
3743 | ||
dad92c30 | 3744 | |
371adba6 | 3745 | <sect>Pipe |
b9864aa8 | 3746 | <label id="pipe"> |
1b55b1a3 | 3747 | |
371adba6 | 3748 | <sect1>Introduction |
b9864aa8 | 3749 | <label id="pipe-intro"> |
a2a3ced8 | 3750 | |
dad92c30 OZ |
3751 | <p>The Pipe protocol serves as a link between two routing tables, allowing |
3752 | routes to be passed from a table declared as primary (i.e., the one the pipe is | |
3753 | connected to using the <cf/table/ configuration keyword) to the secondary one | |
3754 | (declared using <cf/peer table/) and vice versa, depending on what's allowed by | |
3755 | the filters. Export filters control export of routes from the primary table to | |
3e52d112 JMM |
3756 | the secondary one, import filters control the opposite direction. Both tables |
3757 | must be of the same nettype. | |
dad92c30 | 3758 | |
765f400f OZ |
3759 | <p>The Pipe protocol retransmits all routes from one table to the other table, |
3760 | retaining their original source and attributes. If import and export filters | |
3761 | are set to accept, then both tables would have the same content. | |
f98e2915 | 3762 | |
dad92c30 OZ |
3763 | <p>The primary use of multiple routing tables and the Pipe protocol is for |
3764 | policy routing, where handling of a single packet doesn't depend only on its | |
3765 | destination address, but also on its source address, source interface, protocol | |
3766 | type and other similar parameters. In many systems (Linux being a good example), | |
3767 | the kernel allows to enforce routing policies by defining routing rules which | |
3768 | choose one of several routing tables to be used for a packet according to its | |
3769 | parameters. Setting of these rules is outside the scope of BIRD's work (on | |
3770 | Linux, you can use the <tt/ip/ command), but you can create several routing | |
3771 | tables in BIRD, connect them to the kernel ones, use filters to control which | |
3772 | routes appear in which tables and also you can employ the Pipe protocol for | |
3773 | exporting a selected subset of one table to another one. | |
a2a3ced8 | 3774 | |
371adba6 | 3775 | <sect1>Configuration |
b9864aa8 | 3776 | <label id="pipe-config"> |
a2a3ced8 | 3777 | |
cf3e3845 OZ |
3778 | <p>Essentially, the Pipe protocol is just a channel connected to a table on both |
3779 | sides. Therefore, the configuration block for <cf/protocol pipe/ shall directly | |
3780 | include standard channel config options; see the example below. | |
3e52d112 | 3781 | |
a2a3ced8 | 3782 | <p><descrip> |
b9864aa8 | 3783 | <tag><label id="pipe-peer-table">peer table <m/table/</tag> |
dad92c30 OZ |
3784 | Defines secondary routing table to connect to. The primary one is |
3785 | selected by the <cf/table/ keyword. | |
a2a3ced8 MM |
3786 | </descrip> |
3787 | ||
371adba6 | 3788 | <sect1>Attributes |
b9864aa8 | 3789 | <label id="pipe-attr"> |
a2a3ced8 MM |
3790 | |
3791 | <p>The Pipe protocol doesn't define any route attributes. | |
3792 | ||
371adba6 | 3793 | <sect1>Example |
b9864aa8 | 3794 | <label id="pipe-exam"> |
a2a3ced8 | 3795 | |
dad92c30 OZ |
3796 | <p>Let's consider a router which serves as a boundary router of two different |
3797 | autonomous systems, each of them connected to a subset of interfaces of the | |
3798 | router, having its own exterior connectivity and wishing to use the other AS as | |
3799 | a backup connectivity in case of outage of its own exterior line. | |
3800 | ||
3801 | <p>Probably the simplest solution to this situation is to use two routing tables | |
3802 | (we'll call them <cf/as1/ and <cf/as2/) and set up kernel routing rules, so that | |
3803 | packets having arrived from interfaces belonging to the first AS will be routed | |
3804 | according to <cf/as1/ and similarly for the second AS. Thus we have split our | |
3805 | router to two logical routers, each one acting on its own routing table, having | |
3806 | its own routing protocols on its own interfaces. In order to use the other AS's | |
3807 | routes for backup purposes, we can pass the routes between the tables through a | |
3808 | Pipe protocol while decreasing their preferences and correcting their BGP paths | |
3809 | to reflect the AS boundary crossing. | |
a2a3ced8 MM |
3810 | |
3811 | <code> | |
cf3e3845 OZ |
3812 | ipv4 table as1; # Define the tables |
3813 | ipv4 table as2; | |
a2a3ced8 MM |
3814 | |
3815 | protocol kernel kern1 { # Synchronize them with the kernel | |
cf3e3845 | 3816 | ipv4 { table as1; export all; }; |
a2a3ced8 MM |
3817 | kernel table 1; |
3818 | } | |
3819 | ||
3820 | protocol kernel kern2 { | |
cf3e3845 | 3821 | ipv4 { table as2; export all; }; |
a2a3ced8 MM |
3822 | kernel table 2; |
3823 | } | |
3824 | ||
3825 | protocol bgp bgp1 { # The outside connections | |
3831b619 | 3826 | ipv4 { table as1; import all; export all; }; |
a2a3ced8 MM |
3827 | local as 1; |
3828 | neighbor 192.168.0.1 as 1001; | |
a2a3ced8 MM |
3829 | } |
3830 | ||
3831 | protocol bgp bgp2 { | |
3831b619 | 3832 | ipv4 { table as2; import all; export all; }; |
a2a3ced8 MM |
3833 | local as 2; |
3834 | neighbor 10.0.0.1 as 1002; | |
a2a3ced8 MM |
3835 | } |
3836 | ||
3837 | protocol pipe { # The Pipe | |
3838 | table as1; | |
3839 | peer table as2; | |
3840 | export filter { | |
3841 | if net ~ [ 1.0.0.0/8+] then { # Only AS1 networks | |
3842 | if preference>10 then preference = preference-10; | |
3843 | if source=RTS_BGP then bgp_path.prepend(1); | |
3844 | accept; | |
3845 | } | |
3846 | reject; | |
3847 | }; | |
3848 | import filter { | |
3849 | if net ~ [ 2.0.0.0/8+] then { # Only AS2 networks | |
3850 | if preference>10 then preference = preference-10; | |
3851 | if source=RTS_BGP then bgp_path.prepend(2); | |
3852 | accept; | |
3853 | } | |
3854 | reject; | |
3855 | }; | |
3856 | } | |
3857 | </code> | |
3858 | ||
dad92c30 | 3859 | |
6bcef225 | 3860 | <sect>RAdv |
b9864aa8 | 3861 | <label id="radv"> |
6bcef225 OZ |
3862 | |
3863 | <sect1>Introduction | |
b9864aa8 | 3864 | <label id="radv-intro"> |
6bcef225 | 3865 | |
dad92c30 OZ |
3866 | <p>The RAdv protocol is an implementation of Router Advertisements, which are |
3867 | used in the IPv6 stateless autoconfiguration. IPv6 routers send (in irregular | |
3868 | time intervals or as an answer to a request) advertisement packets to connected | |
3869 | networks. These packets contain basic information about a local network (e.g. a | |
3870 | list of network prefixes), which allows network hosts to autoconfigure network | |
3871 | addresses and choose a default route. BIRD implements router behavior as defined | |
18352188 MV |
3872 | in <rfc id="4861">, router preferences and specific routes (<rfc id="4191">), |
3873 | and DNS extensions (<rfc id="6106">). | |
6bcef225 | 3874 | |
cf3e3845 | 3875 | <p>The RAdv protocols supports just IPv6 channel. |
3e52d112 | 3876 | |
6bcef225 | 3877 | <sect1>Configuration |
b9864aa8 | 3878 | <label id="radv-config"> |
6bcef225 | 3879 | |
dad92c30 OZ |
3880 | <p>There are several classes of definitions in RAdv configuration -- interface |
3881 | definitions, prefix definitions and DNS definitions: | |
6bcef225 OZ |
3882 | |
3883 | <descrip> | |
9df52a98 | 3884 | <tag><label id="radv-iface">interface <m/pattern/ [, <m/.../] { <m/options/ }</tag> |
6bcef225 OZ |
3885 | Interface definitions specify a set of interfaces on which the |
3886 | protocol is activated and contain interface specific options. | |
b9864aa8 | 3887 | See <ref id="proto-iface" name="interface"> common options for |
6bcef225 OZ |
3888 | detailed description. |
3889 | ||
b9864aa8 | 3890 | <tag><label id="radv-prefix">prefix <m/prefix/ { <m/options/ }</tag> |
dad92c30 OZ |
3891 | Prefix definitions allow to modify a list of advertised prefixes. By |
3892 | default, the advertised prefixes are the same as the network prefixes | |
3893 | assigned to the interface. For each network prefix, the matching prefix | |
3894 | definition is found and its options are used. If no matching prefix | |
3895 | definition is found, the prefix is used with default options. | |
3896 | ||
3897 | Prefix definitions can be either global or interface-specific. The | |
3898 | second ones are part of interface options. The prefix definition | |
3899 | matching is done in the first-match style, when interface-specific | |
3900 | definitions are processed before global definitions. As expected, the | |
3901 | prefix definition is matching if the network prefix is a subnet of the | |
3902 | prefix in prefix definition. | |
0e224d59 | 3903 | |
b9864aa8 | 3904 | <tag><label id="radv-rdnss">rdnss { <m/options/ }</tag> |
dad92c30 OZ |
3905 | RDNSS definitions allow to specify a list of advertised recursive DNS |
3906 | servers together with their options. As options are seldom necessary, | |
3907 | there is also a short variant <cf>rdnss <m/address/</cf> that just | |
3908 | specifies one DNS server. Multiple definitions are cumulative. RDNSS | |
3909 | definitions may also be interface-specific when used inside interface | |
3910 | options. By default, interface uses both global and interface-specific | |
0e224d59 | 3911 | options, but that can be changed by <cf/rdnss local/ option. |
18352188 | 3912 | |
b9864aa8 | 3913 | <tag><label id="radv-dnssl">dnssl { <m/options/ }</tag> |
dad92c30 OZ |
3914 | DNSSL definitions allow to specify a list of advertised DNS search |
3915 | domains together with their options. Like <cf/rdnss/ above, multiple | |
3916 | definitions are cumulative, they can be used also as interface-specific | |
3917 | options and there is a short variant <cf>dnssl <m/domain/</cf> that just | |
3918 | specifies one DNS search domain. | |
36da2857 | 3919 | |
b9864aa8 | 3920 | <tag><label id="radv-trigger">trigger <m/prefix/</tag> |
dad92c30 OZ |
3921 | RAdv protocol could be configured to change its behavior based on |
3922 | availability of routes. When this option is used, the protocol waits in | |
3923 | suppressed state until a <it/trigger route/ (for the specified network) | |
3924 | is exported to the protocol, the protocol also returnsd to suppressed | |
3925 | state if the <it/trigger route/ disappears. Note that route export | |
3926 | depends on specified export filter, as usual. This option could be used, | |
3927 | e.g., for handling failover in multihoming scenarios. | |
3928 | ||
3929 | During suppressed state, router advertisements are generated, but with | |
3930 | some fields zeroed. Exact behavior depends on which fields are zeroed, | |
3931 | this can be configured by <cf/sensitive/ option for appropriate | |
3932 | fields. By default, just <cf/default lifetime/ (also called <cf/router | |
3933 | lifetime/) is zeroed, which means hosts cannot use the router as a | |
3934 | default router. <cf/preferred lifetime/ and <cf/valid lifetime/ could | |
3935 | also be configured as <cf/sensitive/ for a prefix, which would cause | |
3936 | autoconfigured IPs to be deprecated or even removed. | |
18352188 MV |
3937 | |
3938 | <tag><label id="radv-propagate-routes">propagate routes <m/switch/</tag> | |
3939 | This option controls propagation of more specific routes, as defined in | |
3940 | <rfc id="4191">. If enabled, all routes exported to the RAdv protocol, | |
3941 | with the exception of the trigger prefix, are added to advertisments as | |
3942 | additional options. The lifetime and preference of advertised routes can | |
3943 | be set individually by <cf/ra_lifetime/ and <cf/ra_preference/ route | |
3944 | attributes, or per interface by <cf/route lifetime/ and | |
3945 | <cf/route preference/ options. Default: disabled. | |
3946 | ||
3947 | Note that the RFC discourages from sending more than 17 routes and | |
3948 | recommends the routes to be configured manually. | |
6bcef225 OZ |
3949 | </descrip> |
3950 | ||
3951 | <p>Interface specific options: | |
3952 | ||
3953 | <descrip> | |
b9864aa8 | 3954 | <tag><label id="radv-iface-max-ra-interval">max ra interval <m/expr/</tag> |
dad92c30 OZ |
3955 | Unsolicited router advertisements are sent in irregular time intervals. |
3956 | This option specifies the maximum length of these intervals, in seconds. | |
3957 | Valid values are 4-1800. Default: 600 | |
6bcef225 | 3958 | |
b9864aa8 | 3959 | <tag><label id="radv-iface-min-ra-interval">min ra interval <m/expr/</tag> |
dad92c30 OZ |
3960 | This option specifies the minimum length of that intervals, in seconds. |
3961 | Must be at least 3 and at most 3/4 * <cf/max ra interval/. Default: | |
3962 | about 1/3 * <cf/max ra interval/. | |
6bcef225 | 3963 | |
b9864aa8 | 3964 | <tag><label id="radv-iface-min-delay">min delay <m/expr/</tag> |
dad92c30 OZ |
3965 | The minimum delay between two consecutive router advertisements, in |
3966 | seconds. Default: 3 | |
6bcef225 | 3967 | |
b9864aa8 | 3968 | <tag><label id="radv-iface-managed">managed <m/switch/</tag> |
dad92c30 OZ |
3969 | This option specifies whether hosts should use DHCPv6 for IP address |
3970 | configuration. Default: no | |
6bcef225 | 3971 | |
b9864aa8 | 3972 | <tag><label id="radv-iface-other-config">other config <m/switch/</tag> |
dad92c30 OZ |
3973 | This option specifies whether hosts should use DHCPv6 to receive other |
3974 | configuration information. Default: no | |
6bcef225 | 3975 | |
b9864aa8 | 3976 | <tag><label id="radv-iface-link-mtu">link mtu <m/expr/</tag> |
dad92c30 OZ |
3977 | This option specifies which value of MTU should be used by hosts. 0 |
3978 | means unspecified. Default: 0 | |
6bcef225 | 3979 | |
b9864aa8 | 3980 | <tag><label id="radv-iface-reachable-time">reachable time <m/expr/</tag> |
dad92c30 OZ |
3981 | This option specifies the time (in milliseconds) how long hosts should |
3982 | assume a neighbor is reachable (from the last confirmation). Maximum is | |
3983 | 3600000, 0 means unspecified. Default 0. | |
6bcef225 | 3984 | |
b9864aa8 | 3985 | <tag><label id="radv-iface-retrans-timer">retrans timer <m/expr/</tag> |
dad92c30 OZ |
3986 | This option specifies the time (in milliseconds) how long hosts should |
3987 | wait before retransmitting Neighbor Solicitation messages. 0 means | |
3988 | unspecified. Default 0. | |
6bcef225 | 3989 | |
b9864aa8 | 3990 | <tag><label id="radv-iface-current-hop-limit">current hop limit <m/expr/</tag> |
dad92c30 OZ |
3991 | This option specifies which value of Hop Limit should be used by |
3992 | hosts. Valid values are 0-255, 0 means unspecified. Default: 64 | |
6bcef225 | 3993 | |
b9864aa8 | 3994 | <tag><label id="radv-iface-default-lifetime">default lifetime <m/expr/ [sensitive <m/switch/]</tag> |
18352188 | 3995 | This option specifies the time (in seconds) how long (since the receipt |
dad92c30 | 3996 | of RA) hosts may use the router as a default router. 0 means do not use |
b9864aa8 | 3997 | as a default router. For <cf/sensitive/ option, see <ref id="radv-trigger" name="trigger">. |
dad92c30 | 3998 | Default: 3 * <cf/max ra interval/, <cf/sensitive/ yes. |
0e224d59 | 3999 | |
18352188 | 4000 | <tag><label id="radv-iface-default-preference">default preference low|medium|high</tag> |
75148289 OZ |
4001 | This option specifies the Default Router Preference value to advertise |
4002 | to hosts. Default: medium. | |
4003 | ||
18352188 MV |
4004 | <tag><label id="radv-iface-route-lifetime">route lifetime <m/expr/ [sensitive <m/switch/]</tag> |
4005 | This option specifies the default value of advertised lifetime for | |
4006 | specific routes; i.e., the time (in seconds) for how long (since the | |
4007 | receipt of RA) hosts should consider these routes valid. A special value | |
4008 | 0xffffffff represents infinity. The lifetime can be overriden on a per | |
4009 | route basis by the <ref id="rta-ra-lifetime" name="ra_lifetime"> route | |
4010 | attribute. Default: 3 * <cf/max ra interval/, <cf/sensitive/ no. | |
4011 | ||
4012 | For the <cf/sensitive/ option, see <ref id="radv-trigger" name="trigger">. | |
4013 | If <cf/sensitive/ is enabled, even the routes with the <cf/ra_lifetime/ | |
4014 | attribute become sensitive to the trigger. | |
4015 | ||
4016 | <tag><label id="radv-iface-route-preference">route preference low|medium|high</tag> | |
4017 | This option specifies the default value of advertised route preference | |
4018 | for specific routes. The value can be overriden on a per route basis by | |
4019 | the <ref id="rta-ra-preference" name="ra_preference"> route attribute. | |
4020 | Default: medium. | |
4021 | ||
4022 | <tag><label id="radv-prefix-linger-time">prefix linger time <m/expr/</tag> | |
4023 | When a prefix or a route disappears, it is advertised for some time with | |
4024 | zero lifetime, to inform clients it is no longer valid. This option | |
4025 | specifies the time (in seconds) for how long prefixes are advertised | |
4026 | that way. Default: 3 * <cf/max ra interval/. | |
4027 | ||
4028 | <tag><label id="radv-route-linger-time">route linger time <m/expr/</tag> | |
4029 | When a prefix or a route disappears, it is advertised for some time with | |
4030 | zero lifetime, to inform clients it is no longer valid. This option | |
4031 | specifies the time (in seconds) for how long routes are advertised | |
4032 | that way. Default: 3 * <cf/max ra interval/. | |
4033 | ||
b9864aa8 | 4034 | <tag><label id="radv-iface-rdnss-local">rdnss local <m/switch/</tag> |
0e224d59 | 4035 | Use only local (interface-specific) RDNSS definitions for this |
dad92c30 OZ |
4036 | interface. Otherwise, both global and local definitions are used. Could |
4037 | also be used to disable RDNSS for given interface if no local definitons | |
4038 | are specified. Default: no. | |
0e224d59 | 4039 | |
b9864aa8 | 4040 | <tag><label id="radv-iface-dnssl-local">dnssl local <m/switch/</tag> |
dad92c30 OZ |
4041 | Use only local DNSSL definitions for this interface. See <cf/rdnss local/ |
4042 | option above. Default: no. | |
6bcef225 OZ |
4043 | </descrip> |
4044 | ||
b9864aa8 | 4045 | <p>Prefix specific options |
6bcef225 OZ |
4046 | |
4047 | <descrip> | |
b9864aa8 | 4048 | <tag><label id="radv-prefix-skip">skip <m/switch/</tag> |
d214ae4f | 4049 | This option allows to specify that given prefix should not be |
dad92c30 OZ |
4050 | advertised. This is useful for making exceptions from a default policy |
4051 | of advertising all prefixes. Note that for withdrawing an already | |
4052 | advertised prefix it is more useful to advertise it with zero valid | |
4053 | lifetime. Default: no | |
d214ae4f | 4054 | |
b9864aa8 | 4055 | <tag><label id="radv-prefix-onlink">onlink <m/switch/</tag> |
dad92c30 OZ |
4056 | This option specifies whether hosts may use the advertised prefix for |
4057 | onlink determination. Default: yes | |
6bcef225 | 4058 | |
b9864aa8 | 4059 | <tag><label id="radv-prefix-autonomous">autonomous <m/switch/</tag> |
dad92c30 OZ |
4060 | This option specifies whether hosts may use the advertised prefix for |
4061 | stateless autoconfiguration. Default: yes | |
6bcef225 | 4062 | |
b9864aa8 | 4063 | <tag><label id="radv-prefix-valid-lifetime">valid lifetime <m/expr/ [sensitive <m/switch/]</tag> |
dad92c30 OZ |
4064 | This option specifies the time (in seconds) how long (after the |
4065 | receipt of RA) the prefix information is valid, i.e., autoconfigured | |
4066 | IP addresses can be assigned and hosts with that IP addresses are | |
4067 | considered directly reachable. 0 means the prefix is no longer | |
b9864aa8 | 4068 | valid. For <cf/sensitive/ option, see <ref id="radv-trigger" name="trigger">. |
dad92c30 | 4069 | Default: 86400 (1 day), <cf/sensitive/ no. |
6bcef225 | 4070 | |
b9864aa8 | 4071 | <tag><label id="radv-prefix-preferred-lifetime">preferred lifetime <m/expr/ [sensitive <m/switch/]</tag> |
dad92c30 OZ |
4072 | This option specifies the time (in seconds) how long (after the |
4073 | receipt of RA) IP addresses generated from the prefix using stateless | |
4074 | autoconfiguration remain preferred. For <cf/sensitive/ option, | |
b9864aa8 | 4075 | see <ref id="radv-trigger" name="trigger">. Default: 14400 (4 hours), |
dad92c30 | 4076 | <cf/sensitive/ no. |
6bcef225 OZ |
4077 | </descrip> |
4078 | ||
0e224d59 OZ |
4079 | <p>RDNSS specific options: |
4080 | ||
4081 | <descrip> | |
b9864aa8 | 4082 | <tag><label id="radv-rdnss-ns">ns <m/address/</tag> |
dad92c30 OZ |
4083 | This option specifies one recursive DNS server. Can be used multiple |
4084 | times for multiple servers. It is mandatory to have at least one | |
4085 | <cf/ns/ option in <cf/rdnss/ definition. | |
0e224d59 | 4086 | |
b9864aa8 | 4087 | <tag><label id="radv-rdnss-lifetime">lifetime [mult] <m/expr/</tag> |
dad92c30 OZ |
4088 | This option specifies the time how long the RDNSS information may be |
4089 | used by clients after the receipt of RA. It is expressed either in | |
4090 | seconds or (when <cf/mult/ is used) in multiples of <cf/max ra | |
4091 | interval/. Note that RDNSS information is also invalidated when | |
4092 | <cf/default lifetime/ expires. 0 means these addresses are no longer | |
4093 | valid DNS servers. Default: 3 * <cf/max ra interval/. | |
0e224d59 OZ |
4094 | </descrip> |
4095 | ||
0e224d59 OZ |
4096 | <p>DNSSL specific options: |
4097 | ||
4098 | <descrip> | |
b9864aa8 | 4099 | <tag><label id="radv-dnssl-domain">domain <m/address/</tag> |
dad92c30 OZ |
4100 | This option specifies one DNS search domain. Can be used multiple times |
4101 | for multiple domains. It is mandatory to have at least one <cf/domain/ | |
4102 | option in <cf/dnssl/ definition. | |
0e224d59 | 4103 | |
b9864aa8 | 4104 | <tag><label id="radv-dnssl-lifetime">lifetime [mult] <m/expr/</tag> |
dad92c30 OZ |
4105 | This option specifies the time how long the DNSSL information may be |
4106 | used by clients after the receipt of RA. Details are the same as for | |
4107 | RDNSS <cf/lifetime/ option above. Default: 3 * <cf/max ra interval/. | |
0e224d59 OZ |
4108 | </descrip> |
4109 | ||
18352188 MV |
4110 | <sect1>Attributes |
4111 | <label id="radv-attr"> | |
4112 | ||
4113 | <p>RAdv defines two route attributes: | |
4114 | ||
4115 | <descrip> | |
157f6c2a | 4116 | <tag><label id="rta-ra-preference">enum ra_preference</tag> |
18352188 MV |
4117 | The preference of the route. The value can be <it/RA_PREF_LOW/, |
4118 | <it/RA_PREF_MEDIUM/ or <it/RA_PREF_HIGH/. If the attribute is not set, | |
4119 | the <ref id="radv-iface-route-preference" name="route preference"> | |
4120 | option is used. | |
4121 | ||
157f6c2a | 4122 | <tag><label id="rta-ra-lifetime">int ra_lifetime</tag> |
18352188 MV |
4123 | The advertised lifetime of the route, in seconds. The special value of |
4124 | 0xffffffff represents infinity. If the attribute is not set, the | |
4125 | <ref id="radv-iface-route-lifetime" name="route lifetime"> | |
4126 | option is used. | |
4127 | </descrip> | |
0e224d59 | 4128 | |
6bcef225 | 4129 | <sect1>Example |
b9864aa8 | 4130 | <label id="radv-exam"> |
6bcef225 OZ |
4131 | |
4132 | <p><code> | |
cf3e3845 | 4133 | ipv6 table radv_routes; # Manually configured routes go here |
18352188 MV |
4134 | |
4135 | protocol static { | |
cf3e3845 | 4136 | ipv6 { table radv_routes; }; |
18352188 MV |
4137 | |
4138 | route 2001:0DB8:4000::/48 unreachable; | |
4139 | route 2001:0DB8:4010::/48 unreachable; | |
4140 | ||
4141 | route 2001:0DB8:4020::/48 unreachable { | |
4142 | ra_preference = RA_PREF_HIGH; | |
4143 | ra_lifetime = 3600; | |
4144 | }; | |
4145 | } | |
4146 | ||
6bcef225 | 4147 | protocol radv { |
18352188 | 4148 | propagate routes yes; # Propagate the routes from the radv_routes table |
cf3e3845 | 4149 | ipv6 { table radv_routes; export all; }; |
18352188 | 4150 | |
6bcef225 OZ |
4151 | interface "eth2" { |
4152 | max ra interval 5; # Fast failover with more routers | |
4153 | managed yes; # Using DHCPv6 on eth2 | |
4154 | prefix ::/0 { | |
4155 | autonomous off; # So do not autoconfigure any IP | |
4156 | }; | |
4157 | }; | |
4158 | ||
4159 | interface "eth*"; # No need for any other options | |
4160 | ||
4161 | prefix 2001:0DB8:1234::/48 { | |
4162 | preferred lifetime 0; # Deprecated address range | |
4163 | }; | |
4164 | ||
4165 | prefix 2001:0DB8:2000::/48 { | |
4166 | autonomous off; # Do not autoconfigure | |
4167 | }; | |
fc06fb62 OZ |
4168 | |
4169 | rdnss 2001:0DB8:1234::10; # Short form of RDNSS | |
4170 | ||
4171 | rdnss { | |
4172 | lifetime mult 10; | |
4173 | ns 2001:0DB8:1234::11; | |
4174 | ns 2001:0DB8:1234::12; | |
4175 | }; | |
4176 | ||
4177 | dnssl { | |
4178 | lifetime 3600; | |
4179 | domain "abc.com"; | |
4180 | domain "xyz.com"; | |
4181 | }; | |
6bcef225 OZ |
4182 | } |
4183 | </code> | |
4184 | ||
cf3e3845 | 4185 | |
1532a244 | 4186 | <sect>RIP |
b9864aa8 | 4187 | <label id="rip"> |
d37f899b | 4188 | |
371adba6 | 4189 | <sect1>Introduction |
b9864aa8 | 4190 | <label id="rip-intro"> |
d37f899b | 4191 | |
dad92c30 OZ |
4192 | <p>The RIP protocol (also sometimes called Rest In Pieces) is a simple protocol, |
4193 | where each router broadcasts (to all its neighbors) distances to all networks it | |
4194 | can reach. When a router hears distance to another network, it increments it and | |
4195 | broadcasts it back. Broadcasts are done in regular intervals. Therefore, if some | |
4196 | network goes unreachable, routers keep telling each other that its distance is | |
4197 | the original distance plus 1 (actually, plus interface metric, which is usually | |
4198 | one). After some time, the distance reaches infinity (that's 15 in RIP) and all | |
4199 | routers know that network is unreachable. RIP tries to minimize situations where | |
4200 | counting to infinity is necessary, because it is slow. Due to infinity being 16, | |
4201 | you can't use RIP on networks where maximal distance is higher than 15 | |
8465dccb OZ |
4202 | hosts. |
4203 | ||
7935b9d2 | 4204 | <p>BIRD supports RIPv1 (<rfc id="1058">), RIPv2 (<rfc id="2453">), RIPng (<rfc |
64385aee | 4205 | id="2080">), and RIP cryptographic authentication (<rfc id="4822">). |
440439e3 | 4206 | |
1532a244 | 4207 | <p>RIP is a very simple protocol, and it has a lot of shortcomings. Slow |
dad92c30 OZ |
4208 | convergence, big network load and inability to handle larger networks makes it |
4209 | pretty much obsolete. It is still usable on very small networks. | |
d37f899b | 4210 | |
371adba6 | 4211 | <sect1>Configuration |
b9864aa8 | 4212 | <label id="rip-config"> |
d37f899b | 4213 | |
8465dccb | 4214 | <p>RIP configuration consists mainly of common protocol options and interface |
da3cf9ea OZ |
4215 | definitions, most RIP options are interface specific. RIPng (RIP for IPv6) |
4216 | protocol instance can be configured by using <cf/rip ng/ instead of just | |
4217 | <cf/rip/ as a protocol type. | |
8465dccb | 4218 | |
cf3e3845 OZ |
4219 | <p>RIP needs one IPv4 channel. RIPng needs one IPv6 channel. If no channel is |
4220 | configured, appropriate channel is defined with default parameters. | |
4221 | ||
8465dccb | 4222 | <code> |
da3cf9ea | 4223 | protocol rip [ng] [<name>] { |
8465dccb OZ |
4224 | infinity <number>; |
4225 | ecmp <switch> [limit <number>]; | |
4226 | interface <interface pattern> { | |
4227 | metric <number>; | |
4228 | mode multicast|broadcast; | |
4229 | passive <switch>; | |
4230 | address <ip>; | |
4231 | port <number>; | |
4232 | version 1|2; | |
4233 | split horizon <switch>; | |
4234 | poison reverse <switch>; | |
4235 | check zero <switch>; | |
4236 | update time <number>; | |
4237 | timeout time <number>; | |
4238 | garbage time <number>; | |
4239 | ecmp weight <number>; | |
4240 | ttl security <switch>; | tx only; | |
4241 | tx class|dscp <number>; | |
4242 | tx priority <number>; | |
4243 | rx buffer <number>; | |
4244 | tx length <number>; | |
4245 | check link <switch>; | |
4246 | authentication none|plaintext|cryptographic; | |
4247 | password "<text>"; | |
4248 | password "<text>" { | |
4249 | id <num>; | |
4250 | generate from "<date>"; | |
4251 | generate to "<date>"; | |
4252 | accept from "<date>"; | |
4253 | accept to "<date>"; | |
64385aee PT |
4254 | from "<date>"; |
4255 | to "<date>"; | |
4256 | algorithm ( keyed md5 | keyed sha1 | hmac sha1 | hmac sha256 | hmac sha384 | hmac sha512 ); | |
8465dccb OZ |
4257 | }; |
4258 | }; | |
4259 | } | |
4260 | </code> | |
d37f899b PM |
4261 | |
4262 | <descrip> | |
b9864aa8 | 4263 | <tag><label id="rip-infinity">infinity <M>number</M></tag> |
8465dccb OZ |
4264 | Selects the distance of infinity. Bigger values will make |
4265 | protocol convergence even slower. The default value is 16. | |
dad92c30 | 4266 | |
b9864aa8 | 4267 | <tag><label id="rip-ecmp">ecmp <M>switch</M> [limit <M>number</M>]</tag> |
8465dccb OZ |
4268 | This option specifies whether RIP is allowed to generate ECMP |
4269 | (equal-cost multipath) routes. Such routes are used when there are | |
4270 | several directions to the destination, each with the same (computed) | |
4271 | cost. This option also allows to specify a limit on maximum number of | |
cf3e3845 OZ |
4272 | nexthops in one route. By default, ECMP is enabled if supported by |
4273 | Kernel. Default value of the limit is 16. | |
8465dccb | 4274 | |
9df52a98 | 4275 | <tag><label id="rip-iface">interface <m/pattern/ [, <m/.../] { <m/options/ }</tag> |
8465dccb OZ |
4276 | Interface definitions specify a set of interfaces on which the |
4277 | protocol is activated and contain interface specific options. | |
b9864aa8 | 4278 | See <ref id="proto-iface" name="interface"> common options for |
8465dccb | 4279 | detailed description. |
d37f899b PM |
4280 | </descrip> |
4281 | ||
8465dccb | 4282 | <p>Interface specific options: |
ef4a50be OZ |
4283 | |
4284 | <descrip> | |
b9864aa8 | 4285 | <tag><label id="rip-iface-metric">metric <m/num/</tag> |
8465dccb OZ |
4286 | This option specifies the metric of the interface. When a route is |
4287 | received from the interface, its metric is increased by this value | |
4288 | before further processing. Valid values are 1-255, but values higher | |
4289 | than infinity has no further meaning. Default: 1. | |
4290 | ||
b9864aa8 | 4291 | <tag><label id="rip-iface-mode">mode multicast|broadcast</tag> |
8465dccb OZ |
4292 | This option selects the mode for RIP to use on the interface. The |
4293 | default is multicast mode for RIPv2 and broadcast mode for RIPv1. | |
4294 | RIPng always uses the multicast mode. | |
4295 | ||
b9864aa8 | 4296 | <tag><label id="rip-iface-passive">passive <m/switch/</tag> |
8465dccb OZ |
4297 | Passive interfaces receive routing updates but do not transmit any |
4298 | messages. Default: no. | |
4299 | ||
b9864aa8 | 4300 | <tag><label id="rip-iface-address">address <m/ip/</tag> |
8465dccb OZ |
4301 | This option specifies a destination address used for multicast or |
4302 | broadcast messages, the default is the official RIP (224.0.0.9) or RIPng | |
4303 | (ff02::9) multicast address, or an appropriate broadcast address in the | |
4304 | broadcast mode. | |
4305 | ||
b9864aa8 | 4306 | <tag><label id="rip-iface-port">port <m/number/</tag> |
8465dccb OZ |
4307 | This option selects an UDP port to operate on, the default is the |
4308 | official RIP (520) or RIPng (521) port. | |
4309 | ||
b9864aa8 | 4310 | <tag><label id="rip-iface-version">version 1|2</tag> |
8465dccb OZ |
4311 | This option selects the version of RIP used on the interface. For RIPv1, |
4312 | automatic subnet aggregation is not implemented, only classful network | |
4313 | routes and host routes are propagated. Note that BIRD allows RIPv1 to be | |
4314 | configured with features that are defined for RIPv2 only, like | |
4315 | authentication or using multicast sockets. The default is RIPv2 for IPv4 | |
4316 | RIP, the option is not supported for RIPng, as no further versions are | |
4317 | defined. | |
4318 | ||
b9864aa8 | 4319 | <tag><label id="rip-iface-version-only">version only <m/switch/</tag> |
43fc6bb0 OZ |
4320 | Regardless of RIP version configured for the interface, BIRD accepts |
4321 | incoming packets of any RIP version. This option restrict accepted | |
4322 | packets to the configured version. Default: no. | |
4323 | ||
b9864aa8 | 4324 | <tag><label id="rip-iface-split-horizon">split horizon <m/switch/</tag> |
8465dccb OZ |
4325 | Split horizon is a scheme for preventing routing loops. When split |
4326 | horizon is active, routes are not regularly propagated back to the | |
4327 | interface from which they were received. They are either not propagated | |
4328 | back at all (plain split horizon) or propagated back with an infinity | |
4329 | metric (split horizon with poisoned reverse). Therefore, other routers | |
4330 | on the interface will not consider the router as a part of an | |
4331 | independent path to the destination of the route. Default: yes. | |
4332 | ||
b9864aa8 | 4333 | <tag><label id="rip-iface-poison-reverse">poison reverse <m/switch/</tag> |
8465dccb OZ |
4334 | When split horizon is active, this option specifies whether the poisoned |
4335 | reverse variant (propagating routes back with an infinity metric) is | |
4336 | used. The poisoned reverse has some advantages in faster convergence, | |
4337 | but uses more network traffic. Default: yes. | |
4338 | ||
b9864aa8 | 4339 | <tag><label id="rip-iface-check-zero">check zero <m/switch/</tag> |
8465dccb OZ |
4340 | Received RIPv1 packets with non-zero values in reserved fields should |
4341 | be discarded. This option specifies whether the check is performed or | |
4342 | such packets are just processed as usual. Default: yes. | |
4343 | ||
b9864aa8 | 4344 | <tag><label id="rip-iface-update-time">update time <m/number/</tag> |
8465dccb OZ |
4345 | Specifies the number of seconds between periodic updates. A lower number |
4346 | will mean faster convergence but bigger network load. Default: 30. | |
4347 | ||
b9864aa8 | 4348 | <tag><label id="rip-iface-timeout-time">timeout time <m/number/</tag> |
8465dccb OZ |
4349 | Specifies the time interval (in seconds) between the last received route |
4350 | announcement and the route expiration. After that, the network is | |
4351 | considered unreachable, but still is propagated with infinity distance. | |
4352 | Default: 180. | |
4353 | ||
b9864aa8 | 4354 | <tag><label id="rip-iface-garbage-time">garbage time <m/number/</tag> |
8465dccb OZ |
4355 | Specifies the time interval (in seconds) between the route expiration |
4356 | and the removal of the unreachable network entry. The garbage interval, | |
4357 | when a route with infinity metric is propagated, is used for both | |
4358 | internal (after expiration) and external (after withdrawal) routes. | |
4359 | Default: 120. | |
4360 | ||
b9864aa8 | 4361 | <tag><label id="rip-iface-ecmp-weight">ecmp weight <m/number/</tag> |
8465dccb OZ |
4362 | When ECMP (multipath) routes are allowed, this value specifies a |
4363 | relative weight used for nexthops going through the iface. Valid | |
4364 | values are 1-256. Default value is 1. | |
ef4a50be | 4365 | |
b9864aa8 | 4366 | <tag><label id="rip-iface-auth">authentication none|plaintext|cryptographic</tag> |
8465dccb OZ |
4367 | Selects authentication method to be used. <cf/none/ means that packets |
4368 | are not authenticated at all, <cf/plaintext/ means that a plaintext | |
4369 | password is embedded into each packet, and <cf/cryptographic/ means that | |
64385aee PT |
4370 | packets are authenticated using some cryptographic hash function |
4371 | selected by option <cf/algorithm/ for each key. The default | |
4372 | cryptographic algorithm for RIP keys is Keyed-MD5. If you set | |
8465dccb OZ |
4373 | authentication to not-none, it is a good idea to add <cf>password</cf> |
4374 | section. Default: none. | |
4375 | ||
b9864aa8 PT |
4376 | <tag><label id="rip-iface-pass">password "<m/text/"</tag> |
4377 | Specifies a password used for authentication. See <ref id="proto-pass" | |
8465dccb | 4378 | name="password"> common option for detailed description. |
ef4a50be | 4379 | |
b9864aa8 | 4380 | <tag><label id="rip-iface-ttl-security">ttl security [<m/switch/ | tx only]</tag> |
dad92c30 OZ |
4381 | TTL security is a feature that protects routing protocols from remote |
4382 | spoofed packets by using TTL 255 instead of TTL 1 for protocol packets | |
4383 | destined to neighbors. Because TTL is decremented when packets are | |
4384 | forwarded, it is non-trivial to spoof packets with TTL 255 from remote | |
4385 | locations. | |
4386 | ||
4387 | If this option is enabled, the router will send RIP packets with TTL 255 | |
4388 | and drop received packets with TTL less than 255. If this option si set | |
4389 | to <cf/tx only/, TTL 255 is used for sent packets, but is not checked | |
4390 | for received packets. Such setting does not offer protection, but offers | |
4391 | compatibility with neighbors regardless of whether they use ttl | |
4392 | security. | |
4393 | ||
7935b9d2 PT |
4394 | For RIPng, TTL security is a standard behavior (required by <rfc |
4395 | id="2080">) and therefore default value is yes. For IPv4 RIP, default | |
4396 | value is no. | |
6ac4f87a | 4397 | |
b9864aa8 | 4398 | <tag><label id="rip-iface-tx-class">tx class|dscp|priority <m/number/</tag> |
dad92c30 | 4399 | These options specify the ToS/DiffServ/Traffic class/Priority of the |
b9864aa8 | 4400 | outgoing RIP packets. See <ref id="proto-tx-class" name="tx class"> common |
dad92c30 | 4401 | option for detailed description. |
d37f899b | 4402 | |
b9864aa8 | 4403 | <tag><label id="rip-iface-rx-buffer">rx buffer <m/number/</tag> |
8465dccb OZ |
4404 | This option specifies the size of buffers used for packet processing. |
4405 | The buffer size should be bigger than maximal size of received packets. | |
4406 | The default value is 532 for IPv4 RIP and interface MTU value for RIPng. | |
4407 | ||
b9864aa8 | 4408 | <tag><label id="rip-iface-tx-length">tx length <m/number/</tag> |
8465dccb OZ |
4409 | This option specifies the maximum length of generated RIP packets. To |
4410 | avoid IP fragmentation, it should not exceed the interface MTU value. | |
4411 | The default value is 532 for IPv4 RIP and interface MTU value for RIPng. | |
4412 | ||
b9864aa8 | 4413 | <tag><label id="rip-iface-check-link">check link <m/switch/</tag> |
8465dccb OZ |
4414 | If set, the hardware link state (as reported by OS) is taken into |
4415 | consideration. When the link disappears (e.g. an ethernet cable is | |
4416 | unplugged), neighbors are immediately considered unreachable and all | |
4417 | routes received from them are withdrawn. It is possible that some | |
64385aee | 4418 | hardware drivers or platforms do not implement this feature. |
cf3e3845 | 4419 | Default: yes. |
d37f899b PM |
4420 | </descrip> |
4421 | ||
371adba6 | 4422 | <sect1>Attributes |
b9864aa8 | 4423 | <label id="rip-attr"> |
d37f899b | 4424 | |
1b55b1a3 MM |
4425 | <p>RIP defines two route attributes: |
4426 | ||
4427 | <descrip> | |
157f6c2a | 4428 | <tag><label id="rta-rip-metric">int rip_metric</tag> |
65d2a88d | 4429 | RIP metric of the route (ranging from 0 to <cf/infinity/). When routes |
dad92c30 | 4430 | from different RIP instances are available and all of them have the same |
8465dccb OZ |
4431 | preference, BIRD prefers the route with lowest <cf/rip_metric/. When a |
4432 | non-RIP route is exported to RIP, the default metric is 1. | |
dad92c30 | 4433 | |
157f6c2a | 4434 | <tag><label id="rta-rip-tag">int rip_tag</tag> |
dad92c30 OZ |
4435 | RIP route tag: a 16-bit number which can be used to carry additional |
4436 | information with the route (for example, an originating AS number in | |
8465dccb OZ |
4437 | case of external routes). When a non-RIP route is exported to RIP, the |
4438 | default tag is 0. | |
1b55b1a3 MM |
4439 | </descrip> |
4440 | ||
371adba6 | 4441 | <sect1>Example |
b9864aa8 | 4442 | <label id="rip-exam"> |
1b55b1a3 MM |
4443 | |
4444 | <p><code> | |
8465dccb | 4445 | protocol rip { |
cf3e3845 OZ |
4446 | ipv4 { |
4447 | import all; | |
4448 | export all; | |
4449 | }; | |
9be12a7d OZ |
4450 | interface "eth*" { |
4451 | metric 2; | |
4452 | port 1520; | |
4453 | mode multicast; | |
4454 | update time 12; | |
4455 | timeout time 60; | |
4456 | authentication cryptographic; | |
4457 | password "secret" { algorithm hmac sha256; }; | |
4458 | }; | |
d37f899b | 4459 | } |
a0dd1c74 | 4460 | </code> |
d37f899b | 4461 | |
cf3e3845 | 4462 | |
65d2a88d | 4463 | <sect>RPKI |
159d619c | 4464 | <label id="rpki"> |
65d2a88d PT |
4465 | |
4466 | <sect1>Introduction | |
4467 | ||
4468 | <p>The Resource Public Key Infrastructure (RPKI) is mechanism for origin | |
4469 | validation of BGP routes (RFC 6480). BIRD supports only so-called RPKI-based | |
4470 | origin validation. There is implemented RPKI to Router (RPKI-RTR) protocol (RFC | |
cf3e3845 | 4471 | 6810). It uses some of the RPKI data to allow a router to verify that the |
65d2a88d PT |
4472 | autonomous system announcing an IP address prefix is in fact authorized to do |
4473 | so. This is not crypto checked so can be violated. But it should prevent the | |
4474 | vast majority of accidental hijackings on the Internet today, e.g. the famous | |
4475 | Pakastani accidental announcement of YouTube's address space. | |
4476 | ||
4477 | <p>The RPKI-RTR protocol receives and maintains a set of ROAs from a cache | |
4478 | server (also called validator). You can validate routes (RFC 6483) using | |
4479 | function <cf/roa_check()/ in filter and set it as import filter at the BGP | |
4480 | protocol. BIRD should re-validate all of affected routes after RPKI update by | |
4481 | RFC 6811, but we don't support it yet! You can use a BIRD's client command | |
4482 | <cf>reload in <m/bgp_protocol_name/</cf> for manual call of revalidation of all | |
4483 | routes. | |
4484 | ||
4485 | <sect1>Supported transports | |
71c51aa4 | 4486 | <p> |
65d2a88d PT |
4487 | <itemize> |
4488 | <item>Unprotected transport over TCP uses a port 323. The cache server | |
4489 | and BIRD router should be on the same trusted and controlled network | |
4490 | for security reasons. | |
4491 | <item>SSHv2 encrypted transport connection uses the normal SSH port | |
4492 | 22. | |
4493 | </itemize> | |
4494 | ||
4495 | <sect1>Configuration | |
4496 | ||
4497 | <p>We currently support just one cache server per protocol. However you can | |
4498 | define more RPKI protocols generally. | |
4499 | ||
4500 | <code> | |
4501 | protocol rpki [<name>] { | |
4502 | roa4 { table <tab>; }; | |
4503 | roa6 { table <tab>; }; | |
4504 | remote <ip> | "<domain>" [port <num>]; | |
4505 | port <num>; | |
4506 | refresh [keep] <num>; | |
4507 | retry [keep] <num>; | |
4508 | expire [keep] <num>; | |
4509 | transport tcp; | |
4510 | transport ssh { | |
4511 | bird private key "</path/to/id_rsa>"; | |
4512 | remote public key "</path/to/known_host>"; | |
4513 | user "<name>"; | |
4514 | }; | |
4515 | } | |
4516 | </code> | |
4517 | ||
cf3e3845 OZ |
4518 | <p>Alse note that you have to specify the ROA channel. If you want to import |
4519 | only IPv4 prefixes you have to specify only roa4 channel. Similarly with IPv6 | |
4520 | prefixes only. If you want to fetch both IPv4 and even IPv6 ROAs you have to | |
4521 | specify both channels. | |
65d2a88d PT |
4522 | |
4523 | <sect2>RPKI protocol options | |
71c51aa4 | 4524 | <p> |
65d2a88d PT |
4525 | <descrip> |
4526 | <tag>remote <m/ip/ | "<m/hostname/" [port <m/num/]</tag> Specifies | |
4527 | a destination address of the cache server. Can be specified by an IP | |
4528 | address or by full domain name string. Only one cache can be specified | |
4529 | per protocol. This option is required. | |
4530 | ||
4531 | <tag>port <m/num/</tag> Specifies the port number. The default port | |
4532 | number is 323 for transport without any encryption and 22 for transport | |
4533 | with SSH encryption. | |
4534 | ||
4535 | <tag>refresh [keep] <m/num/</tag> Time period in seconds. Tells how | |
4536 | long to wait before next attempting to poll the cache using a Serial | |
4537 | Query or a Reset Query packet. Must be lower than 86400 seconds (one | |
4538 | day). Too low value can caused a false positive detection of | |
4539 | network connection problems. A keyword <cf/keep/ suppresses updating | |
4540 | this value by a cache server. | |
4541 | Default: 3600 seconds | |
4542 | ||
4543 | <tag>retry [keep] <m/num/</tag> Time period in seconds between a failed | |
4544 | Serial/Reset Query and a next attempt. Maximum allowed value is 7200 | |
4545 | seconds (two hours). Too low value can caused a false positive | |
4546 | detection of network connection problems. A keyword <cf/keep/ | |
4547 | suppresses updating this value by a cache server. | |
4548 | Default: 600 seconds | |
4549 | ||
4550 | <tag>expire [keep] <m/num/</tag> Time period in seconds. Received | |
4551 | records are deleted if the client was unable to successfully refresh | |
4552 | data for this time period. Must be in range from 600 seconds (ten | |
4553 | minutes) to 172800 seconds (two days). A keyword <cf/keep/ | |
4554 | suppresses updating this value by a cache server. | |
4555 | Default: 7200 seconds | |
4556 | ||
4557 | <tag>transport tcp</tag> Unprotected transport over TCP. It's a default | |
4558 | transport. Should be used only on secure private networks. | |
4559 | Default: tcp | |
4560 | ||
4561 | <tag>transport ssh { <m/SSH transport options.../ }</tag> It enables a | |
4562 | SSHv2 transport encryption. Cannot be combined with a TCP transport. | |
4563 | Default: off | |
4564 | </descrip> | |
4565 | ||
4566 | <sect3>SSH transport options | |
71c51aa4 | 4567 | <p> |
65d2a88d PT |
4568 | <descrip> |
4569 | <tag>bird private key "<m>/path/to/id_rsa</m>"</tag> | |
4570 | A path to the BIRD's private SSH key for authentication. | |
4571 | It can be a <cf><m>id_rsa</m></cf> file. | |
4572 | ||
4573 | <tag>remote public key "<m>/path/to/known_host</m>"</tag> | |
4574 | A path to the cache's public SSH key for verification identity | |
4575 | of the cache server. It could be a path to <cf><m>known_host</m></cf> file. | |
4576 | ||
4577 | <tag>user "<m/name/"</tag> | |
4578 | A SSH user name for authentication. This option is a required. | |
4579 | </descrip> | |
4580 | ||
4581 | <sect1>Examples | |
4582 | <sect2>BGP origin validation | |
4583 | <p>Policy: Don't import <cf/ROA_INVALID/ routes. | |
4584 | <code> | |
4585 | roa4 table r4; | |
4586 | roa6 table r6; | |
4587 | ||
4588 | protocol rpki { | |
4589 | debug all; | |
cf3e3845 | 4590 | |
65d2a88d PT |
4591 | roa4 { table r4; }; |
4592 | roa6 { table r6; }; | |
4593 | ||
4594 | # Please, do not use rpki-validator.realmv6.org in production | |
4595 | remote "rpki-validator.realmv6.org" port 8282; | |
cf3e3845 | 4596 | |
65d2a88d PT |
4597 | retry keep 5; |
4598 | refresh keep 30; | |
4599 | expire 600; | |
4600 | } | |
4601 | ||
cf3e3845 OZ |
4602 | filter peer_in_v4 { |
4603 | if (roa_check(r4, net, bgp_path.last) = ROA_INVALID) then | |
65d2a88d PT |
4604 | { |
4605 | print "Ignore invalid ROA ", net, " for ASN ", bgp_path.last; | |
4606 | reject; | |
4607 | } | |
4608 | accept; | |
4609 | } | |
4610 | ||
4611 | protocol bgp { | |
4612 | debug all; | |
4613 | local as 65000; | |
4614 | neighbor 192.168.2.1 as 65001; | |
3831b619 OZ |
4615 | ipv4 { |
4616 | import filter peer_in_v4; | |
4617 | export none; | |
4618 | }; | |
65d2a88d PT |
4619 | } |
4620 | </code> | |
4621 | ||
4622 | <sect2>SSHv2 transport encryption | |
71c51aa4 | 4623 | <p> |
65d2a88d PT |
4624 | <code> |
4625 | roa4 table r4; | |
4626 | roa6 table r6; | |
4627 | ||
4628 | protocol rpki { | |
4629 | debug all; | |
cf3e3845 | 4630 | |
65d2a88d PT |
4631 | roa4 { table r4; }; |
4632 | roa6 { table r6; }; | |
cf3e3845 | 4633 | |
65d2a88d PT |
4634 | remote 127.0.0.1 port 2345; |
4635 | transport ssh { | |
4636 | bird private key "/home/birdgeek/.ssh/id_rsa"; | |
4637 | remote public key "/home/birdgeek/.ssh/known_hosts"; | |
4638 | user "birdgeek"; | |
4639 | }; | |
cf3e3845 | 4640 | |
65d2a88d PT |
4641 | # Default interval values |
4642 | } | |
4643 | </code> | |
4644 | ||
4645 | ||
371adba6 | 4646 | <sect>Static |
b9864aa8 | 4647 | <label id="static"> |
1b55b1a3 | 4648 | |
0e4789c2 | 4649 | <p>The Static protocol doesn't communicate with other routers in the network, |
f8e2d916 | 4650 | but instead it allows you to define routes manually. This is often used for |
79a2b697 | 4651 | specifying how to forward packets to parts of the network which don't use |
dad92c30 OZ |
4652 | dynamic routing at all and also for defining sink routes (i.e., those telling to |
4653 | return packets as undeliverable if they are in your IP block, you don't have any | |
4654 | specific destination for them and you don't want to send them out through the | |
4655 | default route to prevent routing loops). | |
4656 | ||
43fc6bb0 OZ |
4657 | <p>There are three classes of definitions in Static protocol configuration -- |
4658 | global options, static route definitions, and per-route options. Usually, the | |
4659 | definition of the protocol contains mainly a list of static routes. | |
3e52d112 | 4660 | Static routes have no specific attributes. |
43fc6bb0 OZ |
4661 | |
4662 | <p>Global options: | |
4663 | ||
4664 | <descrip> | |
b9864aa8 | 4665 | <tag><label id="static-check-link">check link <m/switch/</tag> |
43fc6bb0 OZ |
4666 | If set, hardware link states of network interfaces are taken into |
4667 | consideration. When link disappears (e.g. ethernet cable is unplugged), | |
4668 | static routes directing to that interface are removed. It is possible | |
4669 | that some hardware drivers or platforms do not implement this feature. | |
4670 | Default: off. | |
4671 | ||
b9864aa8 | 4672 | <tag><label id="static-igp-table">igp table <m/name/</tag> |
43fc6bb0 OZ |
4673 | Specifies a table that is used for route table lookups of recursive |
4674 | routes. Default: the same table as the protocol is connected to. | |
4675 | </descrip> | |
4676 | ||
4677 | <p>Route definitions (each may also contain a block of per-route options): | |
79a2b697 | 4678 | |
71c51aa4 | 4679 | <sect1>Regular routes; MPLS switching rules |
dad92c30 | 4680 | |
71c51aa4 | 4681 | <p>There exist several types of routes; keep in mind that <m/prefix/ syntax is |
3e52d112 | 4682 | <ref id="type-prefix" name="dependent on network type">. |
dad92c30 | 4683 | |
3e52d112 JMM |
4684 | <descrip> |
4685 | <tag>route <m/prefix/ via <m/ip/|<m/"interface"/ [mpls <m/num/[/<m/num/[/<m/num/[...]]]]</tag> | |
4686 | Next hop routes may bear one or more <ref id="route-next-hop" name="next hops">. | |
4687 | Every next hop is preceded by <cf/via/ and configured as shown. | |
cf3e3845 | 4688 | |
3e52d112 JMM |
4689 | <tag>route <m/prefix/ recursive <m/ip/ [mpls <m/num/[/<m/num/[/<m/num/[...]]]]</tag> |
4690 | Recursive nexthop resolves the given IP in the configured IGP table and | |
4691 | uses that route's next hop. The MPLS stacks are concatenated; on top is | |
4692 | the IGP's nexthop stack and on bottom is this route's stack. | |
cf3e3845 | 4693 | |
3e52d112 | 4694 | <tag>route <m/prefix/ blackhole|unreachable|prohibit</tag> |
dad92c30 OZ |
4695 | Special routes specifying to silently drop the packet, return it as |
4696 | unreachable or return it as administratively prohibited. First two | |
4697 | targets are also known as <cf/drop/ and <cf/reject/. | |
43fc6bb0 | 4698 | </descrip> |
391931d4 | 4699 | |
3e52d112 JMM |
4700 | <p>When the particular destination is not available (the interface is down or |
4701 | the next hop of the route is not a neighbor at the moment), Static just | |
4702 | uninstalls the route from the table it is connected to and adds it again as soon | |
4703 | as the destination becomes adjacent again. | |
4704 | ||
4705 | <sect1>Route Origin Authorization | |
4706 | ||
4707 | <p>The ROA config is just <cf>route <m/prefix/ max <m/int/ as <m/int/</cf> with no nexthop. | |
4708 | ||
4709 | <sect1>Flowspec | |
4710 | <label id="flowspec-network-type"> | |
4711 | ||
4712 | <p>The flow specification are rules for routers and firewalls for filtering | |
4713 | purpose. It is described by <rfc id="5575">. There are 3 types of arguments: | |
4714 | <m/inet4/ or <m/inet6/ prefixes, bitmasks matching expressions and numbers | |
4715 | matching expressions. | |
4716 | ||
4717 | Bitmasks matching is written using <m/value/<cf>/</cf><m/mask/ or | |
4718 | <cf/!/<m/value/<cf>/</cf><m/mask/ pairs. It means that <cf/(/<m/data/ <cf/&/ | |
4719 | <m/mask/<cf/)/ is or is not equal to <m/value/. | |
4720 | ||
4721 | Numbers matching is a matching sequence of numbers and ranges separeted by a | |
4722 | commas (<cf/,/) (e.g. <cf/10,20,30/). Ranges can be written using double dots | |
4723 | <cf/../ notation (e.g. <cf/80..90,120..124/). An alternative notation are | |
4724 | sequence of one or more pairs of relational operators and values separated by | |
4725 | logical operators <cf/&&/ or <cf/||/. Allowed relational operators are <cf/=/, | |
4726 | <cf/!=/, <cf/</, <cf/<=/, <cf/>/, <cf/>=/, <cf/true/ and <cf/false/. | |
4727 | ||
4728 | <sect2>IPv4 Flowspec | |
4729 | ||
4730 | <p><descrip> | |
4731 | <tag><label id="flow-dst">dst <m/inet4/</tag> | |
4732 | Set a matching destination prefix (e.g. <cf>dst 192.168.0.0/16</cf>). | |
4733 | Only this option is mandatory in IPv4 Flowspec. | |
4734 | ||
4735 | <tag><label id="flow-src">src <m/inet4/</tag> | |
4736 | Set a matching source prefix (e.g. <cf>src 10.0.0.0/8</cf>). | |
4737 | ||
4738 | <tag><label id="flow-proto">proto <m/numbers-match/</tag> | |
4739 | Set a matching IP protocol numbers (e.g. <cf/proto 6/). | |
4740 | ||
4741 | <tag><label id="flow-port">port <m/numbers-match/</tag> | |
4742 | Set a matching source or destination TCP/UDP port numbers (e.g. | |
4743 | <cf>port 1..1023,1194,3306</cf>). | |
4744 | ||
4745 | <tag><label id="flow-dport">dport <m/numbers-match/</tag> | |
4746 | Set a mating destination port numbers (e.g. <cf>dport 49151</cf>). | |
4747 | ||
4748 | <tag><label id="flow-sport">sport <m/numbers-match/</tag> | |
4749 | Set a matching source port numbers (e.g. <cf>sport = 0</cf>). | |
4750 | ||
4751 | <tag><label id="flow-icmp-type">icmp type <m/numbers-match/</tag> | |
4752 | Set a matching type field number of an ICMP packet (e.g. <cf>icmp type | |
4753 | 3</cf>) | |
4754 | ||
4755 | <tag><label id="flow-icmp-code">icmp code <m/numbers-match/</tag> | |
4756 | Set a matching code field number of an ICMP packet (e.g. <cf>icmp code | |
4757 | 1</cf>) | |
4758 | ||
4759 | <tag><label id="flow-tcp-flags">tcp flags <m/bitmask-match/</tag> | |
4760 | Set a matching bitmask for TCP header flags (aka control bits) (e.g. | |
4761 | <cf>tcp flags 0x03/0x0f;</cf>). The maximum length of mask is 12 bits | |
4762 | (0xfff). | |
4763 | ||
4764 | <tag><label id="flow-length">length <m/numbers-match/</tag> | |
4765 | Set a matching packet length (e.g. <cf>length > 1500;</cf>) | |
4766 | ||
4767 | <tag><label id="flow-dscp">dscp <m/numbers-match/</tag> | |
4768 | Set a matching DiffServ Code Point number (e.g. <cf>length > 1500;</cf>). | |
4769 | ||
4770 | <tag><label id="flow-fragment">fragment <m/fragmentation-type/</tag> | |
4771 | Set a matching type of packet fragmentation. Allowed fragmentation | |
4772 | types are <cf/dont_fragment/, <cf/is_fragment/, <cf/first_fragment/, | |
4773 | <cf/last_fragment/ (e.g. <cf>fragment is_fragment && | |
4774 | !dont_fragment</cf>). | |
4775 | </descrip> | |
4776 | ||
4777 | <p><code> | |
4778 | protocol static { | |
4779 | flow4; | |
4780 | ||
4781 | route flow4 { | |
4782 | dst 10.0.0.0/8; | |
4783 | port > 24 && < 30 || 40..50,60..70,80 && >= 90; | |
4784 | tcp flags 0x03/0x0f; | |
4785 | length > 1024; | |
4786 | dscp = 63; | |
4787 | fragment dont_fragment, is_fragment || !first_fragment; | |
cf3e3845 | 4788 | }; |
3e52d112 JMM |
4789 | } |
4790 | </code> | |
4791 | ||
4792 | <sect2>Differences for IPv6 Flowspec | |
4793 | ||
4794 | <p>Flowspec IPv6 are same as Flowspec IPv4 with a few exceptions. | |
4795 | <itemize> | |
4796 | <item>Prefixes <m/inet6/ can be specified not only with prefix length, | |
4797 | but with prefix <cf/offset/ <m/num/ too (e.g. | |
4798 | <cf>::1234:5678:9800:0000/101 offset 64</cf>). Offset means to don't | |
4799 | care of <m/num/ first bits. | |
4800 | <item>IPv6 Flowspec hasn't mandatory any flowspec component. | |
4801 | <item>In IPv6 packets, there is a matching the last next header value | |
4802 | for a matching IP protocol number (e.g. <cf>next header 6</cf>). | |
4803 | <item>It is not possible to set <cf>dont_fragment</cf> as a type of | |
4804 | packet fragmentation. | |
4805 | </itemize> | |
4806 | ||
4807 | <p><descrip> | |
4808 | <tag><label id="flow6-dst">dst <m/inet6/ [offset <m/num/]</tag> | |
4809 | Set a matching destination IPv6 prefix (e.g. <cf>dst | |
4810 | ::1c77:3769:27ad:a11a/128 offset 64</cf>). | |
4811 | ||
4812 | <tag><label id="flow6-src">src <m/inet6/ [offset <m/num/]</tag> | |
4813 | Set a matching source IPv6 prefix (e.g. <cf>src fe80::/64</cf>). | |
4814 | ||
4815 | <tag><label id="flow6-next-header">next header <m/numbers-match/</tag> | |
4816 | Set a matching IP protocol numbers (e.g. <cf>next header != 6</cf>). | |
4817 | ||
4818 | <tag><label id="flow6-label">label <m/bitmask-match/</tag> | |
4819 | Set a 20-bit bitmask for matching Flow Label field in IPv6 packets | |
4820 | (e.g. <cf>label 0x8e5/0x8e5</cf>). | |
4821 | </descrip> | |
4822 | ||
4823 | <p><code> | |
4824 | protocol static { | |
4825 | flow6 { table myflow6; }; | |
4826 | ||
4827 | route flow6 { | |
4828 | dst fec0:1122:3344:5566:7788:99aa:bbcc:ddee/128; | |
4829 | src 0000:0000:0000:0001:1234:5678:9800:0000/101 offset 63; | |
4830 | next header = 23; | |
4831 | sport > 24 && < 30 || = 40 || 50,60,70..80; | |
4832 | dport = 50; | |
4833 | tcp flags 0x03/0x0f, !0/0xff || 0x33/0x33; | |
4834 | fragment !is_fragment || !first_fragment; | |
4835 | label 0xaaaa/0xaaaa && 0x33/0x33; | |
cf3e3845 | 4836 | }; |
3e52d112 JMM |
4837 | } |
4838 | </code> | |
dad92c30 | 4839 | |
3e52d112 | 4840 | <sect1>Per-route options |
71c51aa4 | 4841 | <p> |
43fc6bb0 | 4842 | <descrip> |
b9864aa8 | 4843 | <tag><label id="static-route-bfd">bfd <m/switch/</tag> |
43fc6bb0 OZ |
4844 | The Static protocol could use BFD protocol for next hop liveness |
4845 | detection. If enabled, a BFD session to the route next hop is created | |
4846 | and the static route is BFD-controlled -- the static route is announced | |
4847 | only if the next hop liveness is confirmed by BFD. If the BFD session | |
4848 | fails, the static route is removed. Note that this is a bit different | |
4849 | compared to other protocols, which may use BFD as an advisory mechanism | |
4850 | for fast failure detection but ignores it if a BFD session is not even | |
4851 | established. | |
4852 | ||
4853 | This option can be used for static routes with a direct next hop, or | |
4854 | also for for individual next hops in a static multipath route (see | |
4855 | above). Note that BFD protocol also has to be configured, see | |
b9864aa8 | 4856 | <ref id="bfd" name="BFD"> section for details. Default value is no. |
43fc6bb0 | 4857 | |
b9864aa8 | 4858 | <tag><label id="static-route-filter"><m/filter expression/</tag> |
43fc6bb0 OZ |
4859 | This is a special option that allows filter expressions to be configured |
4860 | on per-route basis. Can be used multiple times. These expressions are | |
4861 | evaluated when the route is originated, similarly to the import filter | |
4862 | of the static protocol. This is especially useful for configuring route | |
4863 | attributes, e.g., <cf/ospf_metric1 = 100;/ for a route that will be | |
4864 | exported to the OSPF protocol. | |
79a2b697 MM |
4865 | </descrip> |
4866 | ||
3e52d112 | 4867 | <sect1>Example static config |
79a2b697 MM |
4868 | |
4869 | <p><code> | |
4870 | protocol static { | |
3e52d112 | 4871 | ipv4 { table testable; }; # Connect to a non-default routing table |
43fc6bb0 | 4872 | check link; # Advertise routes only if link is up |
9491f9f5 | 4873 | route 0.0.0.0/0 via 198.51.100.130; # Default route |
3e52d112 | 4874 | route 10.0.0.0/8 # Multipath route |
9491f9f5 | 4875 | via 198.51.100.10 weight 2 |
43fc6bb0 | 4876 | via 198.51.100.20 bfd # BFD-controlled next hop |
9491f9f5 | 4877 | via 192.0.2.1; |
80a9cadc | 4878 | route 203.0.113.0/24 unreachable; # Sink route |
43fc6bb0 OZ |
4879 | route 10.2.0.0/24 via "arc0"; # Secondary network |
4880 | route 192.168.10.0/24 via 198.51.100.100 { | |
4881 | ospf_metric1 = 20; # Set extended attribute | |
4882 | } | |
4883 | route 192.168.10.0/24 via 198.51.100.100 { | |
4884 | ospf_metric2 = 100; # Set extended attribute | |
4885 | ospf_tag = 2; # Set extended attribute | |
4886 | bfd; # BFD-controlled route | |
4887 | } | |
79a2b697 MM |
4888 | } |
4889 | </code> | |
4890 | ||
cf3e3845 | 4891 | |
96264d4d | 4892 | <chapt>Conclusions |
b9864aa8 | 4893 | <label id="conclusion"> |
96264d4d PM |
4894 | |
4895 | <sect>Future work | |
b9864aa8 | 4896 | <label id="future-work"> |
96264d4d | 4897 | |
dad92c30 OZ |
4898 | <p>Although BIRD supports all the commonly used routing protocols, there are |
4899 | still some features which would surely deserve to be implemented in future | |
4900 | versions of BIRD: | |
96264d4d PM |
4901 | |
4902 | <itemize> | |
55b58d8c | 4903 | <item>Opaque LSA's |
96264d4d | 4904 | <item>Route aggregation and flap dampening |
96264d4d PM |
4905 | <item>Multicast routing protocols |
4906 | <item>Ports to other systems | |
4907 | </itemize> | |
4908 | ||
dad92c30 | 4909 | |
96264d4d | 4910 | <sect>Getting more help |
b9864aa8 | 4911 | <label id="help"> |
96264d4d PM |
4912 | |
4913 | <p>If you use BIRD, you're welcome to join the bird-users mailing list | |
d148d0af | 4914 | (<HTMLURL URL="mailto:bird-users@network.cz" name="bird-users@network.cz">) |
96264d4d | 4915 | where you can share your experiences with the other users and consult |
d148d0af OF |
4916 | your problems with the authors. To subscribe to the list, visit |
4917 | <HTMLURL URL="http://bird.network.cz/?m_list" name="http://bird.network.cz/?m_list">. | |
96264d4d PM |
4918 | The home page of BIRD can be found at <HTMLURL URL="http://bird.network.cz/" name="http://bird.network.cz/">. |
4919 | ||
dad92c30 OZ |
4920 | <p>BIRD is a relatively young system and it probably contains some bugs. You can |
4921 | report any problems to the bird-users list and the authors will be glad to solve | |
4922 | them, but before you do so, please make sure you have read the available | |
4923 | documentation and that you are running the latest version (available at | |
4924 | <HTMLURL URL="ftp://bird.network.cz/pub/bird" name="bird.network.cz:/pub/bird">). | |
4925 | (Of course, a patch which fixes the bug is always welcome as an attachment.) | |
4926 | ||
4927 | <p>If you want to understand what is going inside, Internet standards are a good | |
4928 | and interesting reading. You can get them from | |
4929 | <HTMLURL URL="ftp://ftp.rfc-editor.org/" name="ftp.rfc-editor.org"> (or a | |
4930 | nicely sorted version from <HTMLURL URL="ftp://atrey.karlin.mff.cuni.cz/pub/rfc" | |
4931 | name="atrey.karlin.mff.cuni.cz:/pub/rfc">). | |
69477cad | 4932 | |
c184d9d0 | 4933 | <p><it/Good luck!/ |
69477cad | 4934 | |
371adba6 | 4935 | </book> |
7581b81b | 4936 | |
a0dd1c74 | 4937 | <!-- |
75317ab8 MM |
4938 | LocalWords: GPL IPv GateD BGPv RIPv OSPFv Linux sgml html dvi sgmltools Pavel |
4939 | LocalWords: linuxdoc dtd descrip config conf syslog stderr auth ospf bgp Mbps | |
5a203dac | 4940 | LocalWords: router's eval expr num birdc ctl UNIX if's enums bool int ip GCC |
75317ab8 MM |
4941 | LocalWords: len ipaddress pxlen netmask enum bgppath bgpmask clist gw md eth |
4942 | LocalWords: RTS printn quitbird iBGP AS'es eBGP RFC multiprotocol IGP Machek | |
4e8ec666 | 4943 | LocalWords: EGP misconfigurations keepalive pref aggr aggregator BIRD's RTC |
5a203dac | 4944 | LocalWords: OS'es AS's multicast nolisten misconfigured UID blackhole MRTD MTU |
4e8ec666 | 4945 | LocalWords: uninstalls ethernets IP binutils ANYCAST anycast dest RTD ICMP rfc |
5a203dac | 4946 | LocalWords: compat multicasts nonbroadcast pointopoint loopback sym stats |
64722c98 | 4947 | LocalWords: Perl SIGHUP dd mm yy HH MM SS EXT IA UNICAST multihop Discriminator txt |
5adc02a6 | 4948 | LocalWords: proto wildcard Ondrej Filip |
5a64ac70 | 4949 | --> |