1 <!doctype birddoc system>
6 This documentation can have 4 forms: sgml (this is master copy), html, ASCII
7 text and dvi/postscript (generated from sgml using sgmltools). You should always
10 This is a slightly modified linuxdoc dtd. Anything in <descrip> tags is
11 considered definition of configuration primitives, <cf> is fragment of
12 configuration within normal text, <m> is "meta" information within fragment of
13 configuration - something in config which is not keyword.
17 Copyright 1999,2000 Pavel Machek <pavel@ucw.cz>, distribute under GPL version 2 or later.
23 <title>BIRD 2.0 User's Guide
25 Ondrej Filip <it/<feela@network.cz>/,
26 Pavel Machek <it/<pavel@ucw.cz>/,
27 Martin Mares <it/<mj@ucw.cz>/,
28 Maria Matejka <it/<mq@jmq.cz>/,
29 Ondrej Zajicek <it/<santiago@crfreenet.org>/
33 This document contains user documentation for the BIRD Internet Routing Daemon project.
36 <!-- Table of contents -->
39 <!-- Begin the document -->
46 <label id="what-is-bird">
48 <p>The name `BIRD' is actually an acronym standing for `BIRD Internet Routing
49 Daemon'. Let's take a closer look at the meaning of the name:
51 <p><em/BIRD/: Well, we think we have already explained that. It's an acronym
52 standing for `BIRD Internet Routing Daemon', you remember, don't you? :-)
54 <p><em/Internet Routing/: It's a program (well, a daemon, as you are going to
55 discover in a moment) which works as a dynamic router in an Internet type
56 network (that is, in a network running either the IPv4 or the IPv6 protocol).
57 Routers are devices which forward packets between interconnected networks in
58 order to allow hosts not connected directly to the same local area network to
59 communicate with each other. They also communicate with the other routers in the
60 Internet to discover the topology of the network which allows them to find
61 optimal (in terms of some metric) rules for forwarding of packets (which are
62 called routing tables) and to adapt themselves to the changing conditions such
63 as outages of network links, building of new connections and so on. Most of
64 these routers are costly dedicated devices running obscure firmware which is
65 hard to configure and not open to any changes (on the other hand, their special
66 hardware design allows them to keep up with lots of high-speed network
67 interfaces, better than general-purpose computer does). Fortunately, most
68 operating systems of the UNIX family allow an ordinary computer to act as a
69 router and forward packets belonging to the other hosts, but only according to a
70 statically configured table.
72 <p>A <em/Routing Daemon/ is in UNIX terminology a non-interactive program
73 running on background which does the dynamic part of Internet routing, that is
74 it communicates with the other routers, calculates routing tables and sends them
75 to the OS kernel which does the actual packet forwarding. There already exist
76 other such routing daemons: routed (RIP only), GateD (non-free),
77 <HTMLURL URL="http://www.zebra.org" name="Zebra"> and
78 <HTMLURL URL="http://sourceforge.net/projects/mrt" name="MRTD">,
79 but their capabilities are limited and they are relatively hard to configure
82 <p>BIRD is an Internet Routing Daemon designed to avoid all of these shortcomings,
83 to support all the routing technology used in the today's Internet or planned to
84 be used in near future and to have a clean extensible architecture allowing new
85 routing protocols to be incorporated easily. Among other features, BIRD
89 <item>both IPv4 and IPv6 protocols
90 <item>multiple routing tables
91 <item>the Border Gateway Protocol (BGPv4)
92 <item>the Routing Information Protocol (RIPv2, RIPng)
93 <item>the Open Shortest Path First protocol (OSPFv2, OSPFv3)
94 <item>the Babel Routing Protocol
95 <item>the Router Advertisements for IPv6 hosts
96 <item>a virtual protocol for exchange of routes between different
97 routing tables on a single host
98 <item>a command-line interface allowing on-line control and inspection
99 of status of the daemon
100 <item>soft reconfiguration (no need to use complex online commands to
101 change the configuration, just edit the configuration file and
102 notify BIRD to re-read it and it will smoothly switch itself to
103 the new configuration, not disturbing routing protocols unless
104 they are affected by the configuration changes)
105 <item>a powerful language for route filtering
108 <p>BIRD has been developed at the Faculty of Math and Physics, Charles
109 University, Prague, Czech Republic as a student project. It can be freely
110 distributed under the terms of the GNU General Public License.
112 <p>BIRD has been designed to work on all UNIX-like systems. It has been
113 developed and tested under Linux 2.0 to 2.6, and then ported to FreeBSD, NetBSD
114 and OpenBSD, porting to other systems (even non-UNIX ones) should be relatively
115 easy due to its highly modular architecture.
117 <p>BIRD 1.x supported either IPv4 or IPv6 protocol, but had to be compiled separately
118 for each one. BIRD~2 supports both of them with a possibility of further extension.
119 BIRD~2 supports Linux at least 3.16, FreeBSD 10, NetBSD 7.0, and OpenBSD 5.8.
120 Anyway, it will probably work well also on older systems.
122 <sect>Installing BIRD
125 <p>On a recent UNIX system with GNU development tools (GCC, binutils, m4, make)
126 and Perl, installing BIRD should be as easy as:
132 vi /usr/local/etc/bird.conf
136 <p>You can use <tt>./configure --help</tt> to get a list of configure
137 options. The most important ones are: <tt/--with-protocols=/ to produce a slightly smaller
138 BIRD executable by configuring out routing protocols you don't use, and
139 <tt/--prefix=/ to install BIRD to a place different from <file>/usr/local</file>.
145 <p>You can pass several command-line options to bird:
148 <tag><label id="argv-config">-c <m/config name/</tag>
149 use given configuration file instead of <it/prefix/<file>/etc/bird.conf</file>.
151 <tag><label id="argv-debug">-d</tag>
152 enable debug messages to stderr, and run bird in foreground.
154 <tag><label id="argv-debug-file">-D <m/filename of debug log/</tag>
155 enable debug messages to given file.
157 <tag><label id="argv-foreground">-f</tag>
158 run bird in foreground.
160 <tag><label id="argv-group">-g <m/group/</tag>
161 use that group ID, see the next section for details.
163 <tag><label id="argv-help">-h, --help</tag>
164 display command-line options to bird.
166 <tag><label id="argv-local">-l</tag>
167 look for a configuration file and a communication socket in the current
168 working directory instead of in default system locations. However, paths
169 specified by options <cf/-c/, <cf/-s/ have higher priority.
171 <tag><label id="argv-parse">-p</tag>
172 just parse the config file and exit. Return value is zero if the config
173 file is valid, nonzero if there are some errors.
175 <tag><label id="argv-pid">-P <m/name of PID file/</tag>
176 create a PID file with given filename.
178 <tag><label id="argv-recovery">-R</tag>
179 apply graceful restart recovery after start.
181 <tag><label id="argv-socket">-s <m/name of communication socket/</tag>
182 use given filename for a socket for communications with the client,
183 default is <it/prefix/<file>/var/run/bird.ctl</file>.
185 <tag><label id="argv-user">-u <m/user/</tag>
186 drop privileges and use that user ID, see the next section for details.
188 <tag><label id="argv-version">--version</tag>
189 display bird version.
192 <p>BIRD writes messages about its work to log files or syslog (according to config).
196 <label id="privileges">
198 <p>BIRD, as a routing daemon, uses several privileged operations (like setting
199 routing table and using raw sockets). Traditionally, BIRD is executed and runs
200 with root privileges, which may be prone to security problems. The recommended
201 way is to use a privilege restriction (options <cf/-u/, <cf/-g/). In that case
202 BIRD is executed with root privileges, but it changes its user and group ID to
203 an unprivileged ones, while using Linux capabilities to retain just required
204 privileges (capabilities CAP_NET_*). Note that the control socket is created
205 before the privileges are dropped, but the config file is read after that. The
206 privilege restriction is not implemented in BSD port of BIRD.
208 <p>An unprivileged user (as an argument to <cf/-u/ options) may be the user
209 <cf/nobody/, but it is suggested to use a new dedicated user account (like
210 <cf/bird/). The similar considerations apply for the group option, but there is
211 one more condition -- the users in the same group can use <file/birdc/ to
214 <p>Finally, there is a possibility to use external tools to run BIRD in an
215 environment with restricted privileges. This may need some configuration, but it
216 is generally easy -- BIRD needs just the standard library, privileges to read
217 the config file and create the control socket and the CAP_NET_* capabilities.
221 <label id="architecture">
224 <label id="routing-tables">
226 <p>The heart of BIRD is a routing table. BIRD has several independent routing tables;
227 each of them contains routes of exactly one <m/nettype/ (see below). There are two
228 default tables -- <cf/master4/ for IPv4 routes and <cf/master6/ for IPv6 routes.
229 Other tables must be explicitly configured.
232 These routing tables are not kernel forwarding tables. No forwarding is done by
233 BIRD. If you want to forward packets using the routes in BIRD tables, you may
234 use the Kernel protocol (see below) to synchronize them with kernel FIBs.
237 Every nettype defines a (kind of) primary key on routes. Every route source can
238 supply one route for every possible primary key; new route announcement replaces
239 the old route from the same source, keeping other routes intact. BIRD always
240 chooses the best route for each primary key among the known routes and keeps the
241 others as suboptimal. When the best route is retracted, BIRD re-runs the best
242 route selection algorithm to find the current best route.
245 The global best route selection algorithm is (roughly) as follows:
248 <item>Preferences of the routes are compared.
249 <item>Source protocol instance preferences are compared.
250 <item>If source protocols are the same (e.g. BGP vs. BGP), the protocol's route selection algorithm is invoked.
251 <item>If source protocols are different (e.g. BGP vs. OSPF), result of the algorithm is undefined.
254 <p><label id="dsc-table-sorted">Usually, a routing table just chooses a selected
255 route from a list of entries for one network. But if the <cf/sorted/ option is
256 activated, these lists of entries are kept completely sorted (according to
257 preference or some protocol-dependent metric). This is needed for some features
258 of some protocols (e.g. <cf/secondary/ option of BGP protocol, which allows to
259 accept not just a selected route, but the first route (in the sorted list) that
260 is accepted by filters), but it is incompatible with some other features (e.g.
261 <cf/deterministic med/ option of BGP protocol, which activates a way of choosing
262 selected route that cannot be described using comparison and ordering). Minor
263 advantage is that routes are shown sorted in <cf/show route/, minor disadvantage
264 is that it is slightly more computationally expensive.
266 <sect>Routes and network types
269 <p>BIRD works with several types of routes. Some of them are typical IP routes,
270 others are better described as forwarding rules. We call them all routes,
271 regardless of this difference.
273 <p>Every route consists of several attributes (read more about them in the
274 <ref id="route-attributes" name="Route attributes"> section); the common for all
278 <item>IP address of router which told us about this route
279 <item>Source protocol instance
280 <item>Route preference
281 <item>Optional attributes defined by protocols
284 <p>Other attributes depend on nettypes. Some of them are part of the primary key, these are marked (PK).
286 <sect1>IPv4 and IPv6 routes
287 <label id="ip-routes">
289 <p>The traditional routes. Configuration keywords are <cf/ipv4/ and <cf/ipv6/.
292 <item>(PK) Route destination (IP prefix together with its length)
293 <item>Route next hops (see below)
296 <sect1>IPv6 source-specific routes
297 <label id="ip-sadr-routes">
299 <p>The IPv6 routes containing both destination and source prefix. They are used
300 for source-specific routing (SSR), also called source-address dependent routing
301 (SADR), see <rfc id="8043">. Currently limited mostly to the Babel protocol.
302 Configuration keyword is <cf/ipv6 sadr/.
305 <item>(PK) Route destination (IP prefix together with its length)
306 <item>(PK) Route source (IP prefix together with its length)
307 <item>Route next hops (see below)
310 <sect1>VPN IPv4 and IPv6 routes
311 <label id="vpn-routes">
313 <p>Routes for IPv4 and IPv6 with VPN Route Distinguisher (<rfc id="4364">).
314 Configuration keywords are <cf/vpn4/ and <cf/vpn6/.
317 <item>(PK) Route destination (IP prefix together with its length)
318 <item>(PK) Route distinguisher (according to <rfc id="4364">)
319 <item>Route next hops
322 <sect1>Route Origin Authorization for IPv4 and IPv6
323 <label id="roa-routes">
325 <p>These entries can be used to validate route origination of BGP routes.
326 A ROA entry specifies prefixes which could be originated by an AS number.
327 Their keywords are <cf/roa4/ and <cf/roa6/.
330 <item>(PK) IP prefix together with its length
331 <item>(PK) Matching prefix maximal length
335 <sect1>Flowspec for IPv4 and IPv6
336 <label id="flow-routes">
338 <p>Flowspec rules are a form of firewall and traffic flow control rules
339 distributed mostly via BGP. These rules may help the operators stop various
340 network attacks in the beginning before eating up the whole bandwidth.
341 Configuration keywords are <cf/flow4/ and <cf/flow6/.
344 <item>(PK) IP prefix together with its length
345 <item>(PK) Flow definition data
346 <item>Flow action (encoded internally as BGP communities according to <rfc id="5575">)
349 <sect1>MPLS switching rules
350 <label id="mpls-routes">
352 <p>This nettype is currently a stub before implementing more support of <rfc id="3031">.
353 BIRD currently does not support any label distribution protocol nor any label assignment method.
354 Only the Kernel, Pipe and Static protocols can use MPLS tables.
355 Configuration keyword is <cf/mpls/.
358 <item>(PK) MPLS label
359 <item>Route next hops
362 <sect1>Route next hops
363 <label id="route-next-hop">
365 <p>This is not a nettype. The route next hop is a complex attribute common for many
366 nettypes as you can see before. Every next hop has its assigned device
367 (either assumed from its IP address or set explicitly). It may have also
368 an IP address and an MPLS stack (one or both independently).
369 Maximal MPLS stack depth is set (in compile time) to 8 labels.
371 <p>Every route (when eligible to have a next hop) can have more than one next hop.
372 In that case, every next hop has also its weight.
374 <sect>Protocols and channels
375 <label id="protocols-concept">
377 <p>BIRD protocol is an abstract class of producers and consumers of the routes.
378 Each protocol may run in multiple instances and bind on one side to route
379 tables via channels, on the other side to specified listen sockets (BGP),
380 interfaces (Babel, OSPF, RIP), APIs (Kernel, Direct), or nothing (Static, Pipe).
382 <p>There are also two protocols that do not have any channels -- BFD and Device.
383 Both of them are kind of service for other protocols.
385 <p>Each protocol is connected to a routing table through a channel. Some protocols
386 support only one channel (OSPF, RIP), some protocols support more channels (BGP, Direct).
387 Each channel has two filters which can accept, reject and modify the routes.
388 An <it/export/ filter is applied to routes passed from the routing table to the protocol,
389 an <it/import/ filter is applied to routes in the opposite direction.
391 <sect>Graceful restart
392 <label id="graceful-restart">
394 <p>When BIRD is started after restart or crash, it repopulates routing tables in
395 an uncoordinated manner, like after clean start. This may be impractical in some
396 cases, because if the forwarding plane (i.e. kernel routing tables) remains
397 intact, then its synchronization with BIRD would temporarily disrupt packet
398 forwarding until protocols converge. Graceful restart is a mechanism that could
399 help with this issue. Generally, it works by starting protocols and letting them
400 repopulate routing tables while deferring route propagation until protocols
401 acknowledge their convergence. Note that graceful restart behavior have to be
402 configured for all relevant protocols and requires protocol-specific support
403 (currently implemented for Kernel and BGP protocols), it is activated for
404 particular boot by option <cf/-R/.
406 <p>Some protocols (e.g. BGP) could be restarted gracefully after both
407 intentional outage and crash, while others (e.g. OSPF) after intentional outage
408 only. For planned graceful restart, BIRD must be shut down by
409 <ref id="cli-graceful-restart" name="graceful restart"> command instead of
410 regular <ref id="cli-down" name="down"> command. In this way routing neighbors
411 are notified about planned graceful restart and routes are kept in kernel table
419 <label id="config-intro">
421 <p>BIRD is configured using a text configuration file. Upon startup, BIRD reads
422 <it/prefix/<file>/etc/bird.conf</file> (unless the <tt/-c/ command line option
423 is given). Configuration may be changed at user's request: if you modify the
424 config file and then signal BIRD with <tt/SIGHUP/, it will adjust to the new
425 config. Then there's the client which allows you to talk with BIRD in an
428 <p>In the config, everything on a line after <cf/#/ or inside <cf>/* */</cf> is
429 a comment, whitespace characters are treated as a single space. If there's a
430 variable number of options, they are grouped using the <cf/{ }/ brackets. Each
431 option is terminated by a <cf/;/. Configuration is case sensitive. There are two
432 ways how to name symbols (like protocol names, filter names, constants etc.).
433 You can either use a simple string starting with a letter followed by any
434 combination of letters and numbers (e.g. <cf/R123/, <cf/myfilter/, <cf/bgp5/) or
435 you can enclose the name into apostrophes (<cf/'/) and than you can use any
436 combination of numbers, letters. hyphens, dots and colons (e.g.
437 <cf/'1:strange-name'/, <cf/'-NAME-'/, <cf/'cool::name'/).
439 <p>Here is an example of a simple config file. It enables synchronization of
440 routing tables with OS kernel, learns network interfaces and runs RIP on all
441 network interfaces found.
446 export all; # Default is export none
448 persist; # Don't remove routes on BIRD shutdown
465 <label id="global-opts">
468 <tag><label id="opt-include">include "<m/filename/";</tag>
469 This statement causes inclusion of a new file. The <m/filename/ could
470 also be a wildcard, in that case matching files are included in
471 alphabetic order. The maximal depth is 8. Note that this statement can
472 be used anywhere in the config file, even inside other options, but
473 always on the beginning of line. In the following example, the first
474 semicolon belongs to the <cf/include/, the second to <cf/ipv6 table/.
475 If the <file/tablename.conf/ contains exactly one token (the name of the
476 table), this construction is correct:
479 include "tablename.conf";;
482 <tag><label id="opt-log">log "<m/filename/" [<m/limit/ "<m/backup/"] | syslog [name <m/name/] | stderr all|{ <m/list of classes/ }</tag>
483 Set logging of messages having the given class (either <cf/all/ or <cf>{
484 error|trace [, <m/.../] }</cf> etc.) into selected destination - a file
485 specified as a filename string (with optional log rotation information),
486 syslog (with optional name argument), or the stderr output.
489 <cf/info/, <cf/warning/, <cf/error/ and <cf/fatal/ for messages about local problems,
490 <cf/debug/ for debugging messages,
491 <cf/trace/ when you want to know what happens in the network,
492 <cf/remote/ for messages about misbehavior of remote machines,
493 <cf/auth/ about authentication failures,
494 <cf/bug/ for internal BIRD bugs.
496 Logging directly to file supports basic log rotation -- there is an
497 optional log file limit and a backup filename, when log file reaches the
498 limit, the current log file is renamed to the backup filename and a new
501 You may specify more than one <cf/log/ line to establish logging to
502 multiple destinations. Default: log everything to the system log, or
503 to the debug output if debugging is enabled by <cf/-d//<cf/-D/
506 <tag><label id="opt-debug-protocols">debug protocols all|off|{ states|routes|filters|interfaces|events|packets [, <m/.../] }</tag>
507 Set global defaults of protocol debugging options. See <cf/debug/ in the
508 following section. Default: off.
510 <tag><label id="opt-debug-commands">debug commands <m/number/</tag>
511 Control logging of client connections (0 for no logging, 1 for logging
512 of connects and disconnects, 2 and higher for logging of all client
513 commands). Default: 0.
515 <tag><label id="opt-debug-latency">debug latency <m/switch/</tag>
516 Activate tracking of elapsed time for internal events. Recent events
517 could be examined using <cf/dump events/ command. Default: off.
519 <tag><label id="opt-debug-latency-limit">debug latency limit <m/time/</tag>
520 If <cf/debug latency/ is enabled, this option allows to specify a limit
521 for elapsed time. Events exceeding the limit are logged. Default: 1 s.
523 <tag><label id="opt-watchdog-warn">watchdog warning <m/time/</tag>
524 Set time limit for I/O loop cycle. If one iteration took more time to
525 complete, a warning is logged. Default: 5 s.
527 <tag><label id="opt-watchdog-timeout">watchdog timeout <m/time/</tag>
528 Set time limit for I/O loop cycle. If the limit is breached, BIRD is
529 killed by abort signal. The timeout has effective granularity of
530 seconds, zero means disabled. Default: disabled (0).
532 <tag><label id="opt-mrtdump">mrtdump "<m/filename/"</tag>
533 Set MRTdump file name. This option must be specified to allow MRTdump
534 feature. Default: no dump file.
536 <tag><label id="opt-mrtdump-protocols">mrtdump protocols all|off|{ states|messages [, <m/.../] }</tag>
537 Set global defaults of MRTdump options. See <cf/mrtdump/ in the
538 following section. Default: off.
540 <tag><label id="opt-filter">filter <m/name local variables/{ <m/commands/ }</tag>
541 Define a filter. You can learn more about filters in the following
544 <tag><label id="opt-function">function <m/name/ (<m/parameters/) <m/local variables/ { <m/commands/ }</tag>
545 Define a function. You can learn more about functions in the following chapter.
547 <tag><label id="opt-protocol">protocol rip|ospf|bgp|<m/.../ [<m/name/ [from <m/name2/]] { <m>protocol options</m> }</tag>
548 Define a protocol instance called <cf><m/name/</cf> (or with a name like
549 "rip5" generated automatically if you don't specify any
550 <cf><m/name/</cf>). You can learn more about configuring protocols in
551 their own chapters. When <cf>from <m/name2/</cf> expression is used,
552 initial protocol options are taken from protocol or template
553 <cf><m/name2/</cf> You can run more than one instance of most protocols
554 (like RIP or BGP). By default, no instances are configured.
556 <tag><label id="opt-template">template rip|ospf|bgp|<m/.../ [<m/name/ [from <m/name2/]] { <m>protocol options</m> }</tag>
557 Define a protocol template instance called <m/name/ (or with a name like
558 "bgp1" generated automatically if you don't specify any <m/name/).
559 Protocol templates can be used to group common options when many
560 similarly configured protocol instances are to be defined. Protocol
561 instances (and other templates) can use templates by using <cf/from/
562 expression and the name of the template. At the moment templates (and
563 <cf/from/ expression) are not implemented for OSPF protocol.
565 <tag><label id="opt-define">define <m/constant/ = <m/expression/</tag>
566 Define a constant. You can use it later in every place you could use a
567 value of the same type. Besides, there are some predefined numeric
568 constants based on /etc/iproute2/rt_* files. A list of defined constants
569 can be seen (together with other symbols) using 'show symbols' command.
571 <tag><label id="opt-attribute">attribute <m/type/ <m/name/</tag>
572 Declare a custom route attribute. You can set and get it in filters like
573 any other route atribute. This feature is intended for marking routes
574 in import filters for export filtering purposes instead of locally
575 assigned BGP communities which have to be deleted in export filters.
577 <tag><label id="opt-router-id">router id <m/IPv4 address/</tag>
578 Set BIRD's router ID. It's a world-wide unique identification of your
579 router, usually one of router's IPv4 addresses. Default: the lowest
580 IPv4 address of a non-loopback interface.
582 <tag><label id="opt-router-id-from">router id from [-] [ "<m/mask/" ] [ <m/prefix/ ] [, <m/.../]</tag>
583 Set BIRD's router ID based on an IPv4 address of an interface specified by
584 an interface pattern.
585 See <ref id="proto-iface" name="interface"> section for detailed
586 description of interface patterns with extended clauses.
588 <tag><label id="opt-graceful-restart">graceful restart wait <m/number/</tag>
589 During graceful restart recovery, BIRD waits for convergence of routing
590 protocols. This option allows to specify a timeout for the recovery to
591 prevent waiting indefinitely if some protocols cannot converge. Default:
594 <tag><label id="opt-timeformat">timeformat route|protocol|base|log "<m/format1/" [<m/limit/ "<m/format2/"]</tag>
595 This option allows to specify a format of date/time used by BIRD. The
596 first argument specifies for which purpose such format is used.
597 <cf/route/ is a format used in 'show route' command output,
598 <cf/protocol/ is used in 'show protocols' command output, <cf/base/ is
599 used for other commands and <cf/log/ is used in a log file.
601 "<m/format1/" is a format string using <it/strftime(3)/ notation (see
602 <it/man strftime/ for details). It is extended to support sub-second
603 time part with variable precision (up to microseconds) using "%f"
604 conversion code (e.g., "%T.%3f" is hh:mm:ss.sss time). <m/limit/ and
605 "<m/format2/" allow to specify the second format string for times in
606 past deeper than <m/limit/ seconds.
608 There are several shorthands: <cf/iso long/ is a ISO 8601 date/time
609 format (YYYY-MM-DD hh:mm:ss) that can be also specified using <cf/"%F
610 %T"/. Similarly, <cf/iso long ms/ and <cf/iso long us/ are ISO 8601
611 date/time formats with millisecond or microsecond precision.
612 <cf/iso short/ is a variant of ISO 8601 that uses just the time format
613 (hh:mm:ss) for near times (up to 20 hours in the past) and the date
614 format (YYYY-MM-DD) for far times. This is a shorthand for <cf/"%T"
615 72000 "%F"/. And there are also <cf/iso short ms/ and <cf/iso short us/
616 high-precision variants of that.
618 By default, BIRD uses the <cf/iso short ms/ format for <cf/route/ and
619 <cf/protocol/ times, and the <cf/iso long ms/ format for <cf/base/ and
622 <tag><label id="opt-table"><m/nettype/ table <m/name/ [sorted]</tag>
623 Create a new routing table. The default routing tables <cf/master4/ and
624 <cf/master6/ are created implicitly, other routing tables have to be
625 added by this command. Option <cf/sorted/ can be used to enable sorting
626 of routes, see <ref id="dsc-table-sorted" name="sorted table">
627 description for details.
629 <tag><label id="opt-eval">eval <m/expr/</tag>
630 Evaluates given filter expression. It is used by the developers for testing of filters.
634 <sect>Protocol options
635 <label id="protocol-opts">
637 <p>For each protocol instance, you can configure a bunch of options. Some of
638 them (those described in this section) are generic, some are specific to the
639 protocol (see sections talking about the protocols).
641 <p>Several options use a <m/switch/ argument. It can be either <cf/on/,
642 <cf/yes/ or a numeric expression with a non-zero value for the option to be
643 enabled or <cf/off/, <cf/no/ or a numeric expression evaluating to zero to
644 disable it. An empty <m/switch/ is equivalent to <cf/on/ ("silence means
648 <tag><label id="proto-disabled">disabled <m/switch/</tag>
649 Disables the protocol. You can change the disable/enable status from the
650 command line interface without needing to touch the configuration.
651 Disabled protocols are not activated. Default: protocol is enabled.
653 <tag><label id="proto-debug">debug all|off|{ states|routes|filters|interfaces|events|packets [, <m/.../] }</tag>
654 Set protocol debugging options. If asked, each protocol is capable of
655 writing trace messages about its work to the log (with category
656 <cf/trace/). You can either request printing of <cf/all/ trace messages
657 or only of the types selected: <cf/states/ for protocol state changes
658 (protocol going up, down, starting, stopping etc.), <cf/routes/ for
659 routes exchanged with the routing table, <cf/filters/ for details on
660 route filtering, <cf/interfaces/ for interface change events sent to the
661 protocol, <cf/events/ for events internal to the protocol and <cf/packets/
662 for packets sent and received by the protocol. Default: off.
664 <tag><label id="proto-mrtdump">mrtdump all|off|{ states|messages [, <m/.../] }</tag>
665 Set protocol MRTdump flags. MRTdump is a standard binary format for
666 logging information from routing protocols and daemons. These flags
667 control what kind of information is logged from the protocol to the
668 MRTdump file (which must be specified by global <cf/mrtdump/ option, see
669 the previous section). Although these flags are similar to flags of
670 <cf/debug/ option, their meaning is different and protocol-specific. For
671 BGP protocol, <cf/states/ logs BGP state changes and <cf/messages/ logs
672 received BGP messages. Other protocols does not support MRTdump yet.
674 <tag><label id="proto-router-id">router id <m/IPv4 address/</tag>
675 This option can be used to override global router id for a given
676 protocol. Default: uses global router id.
678 <tag><label id="proto-description">description "<m/text/"</tag>
679 This is an optional description of the protocol. It is displayed as a
680 part of the output of 'show protocols all' command.
682 <tag><label id="proto-vrf">vrf "<m/text/"|default</tag>
683 Associate the protocol with specific VRF. The protocol will be
684 restricted to interfaces assigned to the VRF and will use sockets bound
685 to the VRF. A corresponding VRF interface must exist on OS level. For
686 kernel protocol, an appropriate table still must be explicitly selected
687 by <cf/table/ option.
689 By selecting <cf/default/, the protocol is associated with the default
690 VRF; i.e., it will be restricted to interfaces not assigned to any
691 regular VRF. That is different from not specifying <cf/vrf/ at all, in
692 which case the protocol may use any interface regardless of its VRF
695 Note that for proper VRF support it is necessary to use Linux kernel
696 version at least 4.14, older versions have limited VRF implementation.
697 Before Linux kernel 5.0, a socket bound to a port in default VRF collide
698 with others in regular VRFs. In BGP, this can be avoided by using
699 <ref id="bgp-strict-bind" name="strict bind"> option.
701 <tag><label id="proto-channel"><m/channel name/ [{<m/channel config/}]</tag>
702 Every channel must be explicitly stated. See the protocol-specific
703 configuration for the list of supported channel names. See the
704 <ref id="channel-opts" name="channel configuration section"> for channel
708 <p>There are several options that give sense only with certain protocols:
711 <tag><label id="proto-iface">interface [-] [ "<m/mask/" ] [ <m/prefix/ ] [, <m/.../] [ { <m/option/; [<m/.../] } ]</tag>
712 Specifies a set of interfaces on which the protocol is activated with
713 given interface-specific options. A set of interfaces specified by one
714 interface option is described using an interface pattern. The interface
715 pattern consists of a sequence of clauses (separated by commas), each
716 clause is a mask specified as a shell-like pattern. Interfaces are
717 matched by their name.
719 An interface matches the pattern if it matches any of its clauses. If
720 the clause begins with <cf/-/, matching interfaces are excluded. Patterns
721 are processed left-to-right, thus <cf/interface "eth0", -"eth*", "*";/
722 means eth0 and all non-ethernets.
724 Some protocols (namely OSPFv2 and Direct) support extended clauses that
725 may contain a mask, a prefix, or both of them. An interface matches such
726 clause if its name matches the mask (if specified) and its address
727 matches the prefix (if specified). Extended clauses are used when the
728 protocol handles multiple addresses on an interface independently.
730 An interface option can be used more times with different interface-specific
731 options, in that case for given interface the first matching interface
734 This option is allowed in Babel, BFD, Device, Direct, OSPF, RAdv and RIP
735 protocols. In OSPF protocol it is used in the <cf/area/ subsection.
741 <cf>interface "*" { type broadcast; };</cf> - start the protocol on all
742 interfaces with <cf>type broadcast</cf> option.
744 <cf>interface "eth1", "eth4", "eth5" { type ptp; };</cf> - start the
745 protocol on enumerated interfaces with <cf>type ptp</cf> option.
747 <cf>interface -192.168.1.0/24, 192.168.0.0/16;</cf> - start the protocol
748 on all interfaces that have address from 192.168.0.0/16, but not from
751 <cf>interface -192.168.1.0/24, 192.168.0.0/16;</cf> - start the protocol
752 on all interfaces that have address from 192.168.0.0/16, but not from
755 <cf>interface "eth*" 192.168.1.0/24;</cf> - start the protocol on all
756 ethernet interfaces that have address from 192.168.1.0/24.
758 <tag><label id="proto-tx-class">tx class|dscp <m/num/</tag>
759 This option specifies the value of ToS/DS/Class field in IP headers of
760 the outgoing protocol packets. This may affect how the protocol packets
761 are processed by the network relative to the other network traffic. With
762 <cf/class/ keyword, the value (0-255) is used for the whole ToS/Class
763 octet (but two bits reserved for ECN are ignored). With <cf/dscp/
764 keyword, the value (0-63) is used just for the DS field in the octet.
765 Default value is 0xc0 (DSCP 0x30 - CS6).
767 <tag><label id="proto-tx-priority">tx priority <m/num/</tag>
768 This option specifies the local packet priority. This may affect how the
769 protocol packets are processed in the local TX queues. This option is
770 Linux specific. Default value is 7 (highest priority, privileged traffic).
772 <tag><label id="proto-pass">password "<m/password/" [ { <m>password options</m> } ]</tag>
773 Specifies a password that can be used by the protocol as a shared secret
774 key. Password option can be used more times to specify more passwords.
775 If more passwords are specified, it is a protocol-dependent decision
776 which one is really used. Specifying passwords does not mean that
777 authentication is enabled, authentication can be enabled by separate,
778 protocol-dependent <cf/authentication/ option.
780 This option is allowed in BFD, OSPF and RIP protocols. BGP has also
781 <cf/password/ option, but it is slightly different and described
786 <p>Password option can contain section with some (not necessary all) password sub-options:
789 <tag><label id="proto-pass-id">id <M>num</M></tag>
790 ID of the password, (1-255). If it is not used, BIRD will choose ID based
791 on an order of the password item in the interface. For example, second
792 password item in one interface will have default ID 2. ID is used by
793 some routing protocols to identify which password was used to
794 authenticate protocol packets.
796 <tag><label id="proto-pass-gen-from">generate from "<m/time/"</tag>
797 The start time of the usage of the password for packet signing.
798 The format of <cf><m/time/</cf> is <tt>dd-mm-yyyy HH:MM:SS</tt>.
800 <tag><label id="proto-pass-gen-to">generate to "<m/time/"</tag>
801 The last time of the usage of the password for packet signing.
803 <tag><label id="proto-pass-accept-from">accept from "<m/time/"</tag>
804 The start time of the usage of the password for packet verification.
806 <tag><label id="proto-pass-accept-to">accept to "<m/time/"</tag>
807 The last time of the usage of the password for packet verification.
809 <tag><label id="proto-pass-from">from "<m/time/"</tag>
810 Shorthand for setting both <cf/generate from/ and <cf/accept from/.
812 <tag><label id="proto-pass-to">to "<m/time/"</tag>
813 Shorthand for setting both <cf/generate to/ and <cf/accept to/.
815 <tag><label id="proto-pass-algorithm">algorithm ( keyed md5 | keyed sha1 | hmac sha1 | hmac sha256 | hmac sha384 | hmac sha512 )</tag>
816 The message authentication algorithm for the password when cryptographic
817 authentication is enabled. The default value depends on the protocol.
818 For RIP and OSPFv2 it is Keyed-MD5 (for compatibility), for OSPFv3
819 protocol it is HMAC-SHA-256.
824 <sect>Channel options
825 <label id="channel-opts">
827 <p>Every channel belongs to a protocol and is configured inside its block. The
828 minimal channel config is empty, then it uses default values. The name of the
829 channel implies its nettype. Channel definitions can be inherited from protocol
830 templates. Multiple definitions of the same channel are forbidden, but channels
831 inherited from templates can be updated by new definitions.
834 <tag><label id="proto-table">table <m/name/</tag>
835 Specify a table to which the channel is connected. Default: the first
836 table of given nettype.
838 <tag><label id="proto-preference">preference <m/expr/</tag>
839 Sets the preference of routes generated by the protocol and imported
840 through this channel. Default: protocol dependent.
842 <tag><label id="proto-import">import all | none | filter <m/name/ | filter { <m/filter commands/ } | where <m/boolean filter expression/</tag>
843 Specify a filter to be used for filtering routes coming from the
844 protocol to the routing table. <cf/all/ is for keeping all routes,
845 <cf/none/ is for dropping all routes. Default: <cf/all/ (except for
848 <tag><label id="proto-export">export <m/filter/</tag>
849 This is similar to the <cf>import</cf> keyword, except that it works in
850 the direction from the routing table to the protocol. Default: <cf/none/
853 <tag><label id="proto-import-keep-filtered">import keep filtered <m/switch/</tag>
854 Usually, if an import filter rejects a route, the route is forgotten.
855 When this option is active, these routes are kept in the routing table,
856 but they are hidden and not propagated to other protocols. But it is
857 possible to show them using <cf/show route filtered/. Note that this
858 option does not work for the pipe protocol. Default: off.
860 <tag><label id="proto-import-limit">import limit [<m/number/ | off ] [action warn | block | restart | disable]</tag>
861 Specify an import route limit (a maximum number of routes imported from
862 the protocol) and optionally the action to be taken when the limit is
863 hit. Warn action just prints warning log message. Block action discards
864 new routes coming from the protocol. Restart and disable actions shut
865 the protocol down like appropriate commands. Disable is the default
866 action if an action is not explicitly specified. Note that limits are
867 reset during protocol reconfigure, reload or restart. Default: <cf/off/.
869 <tag><label id="proto-receive-limit">receive limit [<m/number/ | off ] [action warn | block | restart | disable]</tag>
870 Specify an receive route limit (a maximum number of routes received from
871 the protocol and remembered). It works almost identically to <cf>import
872 limit</cf> option, the only difference is that if <cf/import keep
873 filtered/ option is active, filtered routes are counted towards the
874 limit and blocked routes are forgotten, as the main purpose of the
875 receive limit is to protect routing tables from overflow. Import limit,
876 on the contrary, counts accepted routes only and routes blocked by the
877 limit are handled like filtered routes. Default: <cf/off/.
879 <tag><label id="proto-export-limit">export limit [ <m/number/ | off ] [action warn | block | restart | disable]</tag>
880 Specify an export route limit, works similarly to the <cf>import
881 limit</cf> option, but for the routes exported to the protocol. This
882 option is experimental, there are some problems in details of its
883 behavior -- the number of exported routes can temporarily exceed the
884 limit without triggering it during protocol reload, exported routes
885 counter ignores route blocking and block action also blocks route
886 updates of already accepted routes -- and these details will probably
887 change in the future. Default: <cf/off/.
890 <p>This is a trivial example of RIP configured for IPv6 on all interfaces:
898 <p>This is a non-trivial example.
903 import filter { ... };
904 export filter { ... };
911 <p>And this is even more complicated example using templates.
914 local 198.51.100.14 as 65000;
918 import filter { ... };
923 import filter { ... };
929 neighbor 198.51.100.130 as 64496;
931 # IPv4 channel is inherited as-is, while IPv6
932 # channel is adjusted by export filter option
934 export filter { ... };
940 <chapt>Remote control
941 <label id="remote-control">
943 <p>You can use the command-line client <file>birdc</file> to talk with a running
944 BIRD. Communication is done using a <file/bird.ctl/ UNIX domain socket (unless
945 changed with the <tt/-s/ option given to both the server and the client). The
946 commands can perform simple actions such as enabling/disabling of protocols,
947 telling BIRD to show various information, telling it to show routing table
948 filtered by filter, or asking BIRD to reconfigure. Press <tt/?/ at any time to
949 get online help. Option <tt/-r/ can be used to enable a restricted mode of BIRD
950 client, which allows just read-only commands (<cf/show .../). Option <tt/-v/ can
951 be passed to the client, to make it dump numeric return codes along with the
952 messages. You do not necessarily need to use <file/birdc/ to talk to BIRD, your
953 own applications could do that, too -- the format of communication between BIRD
954 and <file/birdc/ is stable (see the programmer's documentation).
956 <p>There is also lightweight variant of BIRD client called <file/birdcl/, which
957 does not support command line editing and history and has minimal dependencies.
958 This is useful for running BIRD in resource constrained environments, where
959 Readline library (required for regular BIRD client) is not available.
961 <p>Many commands have the <m/name/ of the protocol instance as an argument.
962 This argument can be omitted if there exists only a single instance.
964 <p>Here is a brief list of supported functions:
967 <tag><label id="cli-show-status">show status</tag>
968 Show router status, that is BIRD version, uptime and time from last
971 <tag><label id="cli-show-interfaces">show interfaces [summary]</tag>
972 Show the list of interfaces. For each interface, print its type, state,
973 MTU and addresses assigned.
975 <tag><label id="cli-show-protocols">show protocols [all]</tag>
976 Show list of protocol instances along with tables they are connected to
977 and protocol status, possibly giving verbose information, if <cf/all/ is
980 <!-- TODO: Move these protocol-specific remote control commands to the protocol sections -->
981 <tag><label id="cli-show-ospf-iface">show ospf interface [<m/name/] ["<m/interface/"]</tag>
982 Show detailed information about OSPF interfaces.
984 <tag><label id="cli-show-ospf-neighbors">show ospf neighbors [<m/name/] ["<m/interface/"]</tag>
985 Show a list of OSPF neighbors and a state of adjacency to them.
987 <tag><label id="cli-show-ospf-state">show ospf state [all] [<m/name/]</tag>
988 Show detailed information about OSPF areas based on a content of the
989 link-state database. It shows network topology, stub networks,
990 aggregated networks and routers from other areas and external routes.
991 The command shows information about reachable network nodes, use option
992 <cf/all/ to show information about all network nodes in the link-state
995 <tag><label id="cli-show-ospf-topology">show ospf topology [all] [<m/name/]</tag>
996 Show a topology of OSPF areas based on a content of the link-state
997 database. It is just a stripped-down version of 'show ospf state'.
999 <tag><label id="cli-show-ospf-lsadb">show ospf lsadb [global | area <m/id/ | link] [type <m/num/] [lsid <m/id/] [self | router <m/id/] [<m/name/] </tag>
1000 Show contents of an OSPF LSA database. Options could be used to filter
1003 <tag><label id="cli-show-rip-interfaces">show rip interfaces [<m/name/] ["<m/interface/"]</tag>
1004 Show detailed information about RIP interfaces.
1006 <tag><label id="cli-show-rip-neighbors">show rip neighbors [<m/name/] ["<m/interface/"]</tag>
1007 Show a list of RIP neighbors and associated state.
1009 <tag><label id="cli-show-static">show static [<m/name/]</tag>
1010 Show detailed information about static routes.
1012 <tag><label id="cli-show-bfd-sessions">show bfd sessions [<m/name/]</tag>
1013 Show information about BFD sessions.
1015 <tag><label id="cli-show-symbols">show symbols [table|filter|function|protocol|template|roa|<m/symbol/]</tag>
1016 Show the list of symbols defined in the configuration (names of
1017 protocols, routing tables etc.).
1019 <tag><label id="cli-show-route">show route [[for] <m/prefix/|<m/IP/] [table (<m/t/ | all)] [filter <m/f/|where <m/c/] [(export|preexport|noexport) <m/p/] [protocol <m/p/] [(stats|count)] [<m/options/]</tag>
1020 Show contents of specified routing tables, that is routes, their metrics
1021 and (in case the <cf/all/ switch is given) all their attributes.
1023 <p>You can specify a <m/prefix/ if you want to print routes for a
1024 specific network. If you use <cf>for <m/prefix or IP/</cf>, you'll get
1025 the entry which will be used for forwarding of packets to the given
1026 destination. By default, all routes for each network are printed with
1027 the selected one at the top, unless <cf/primary/ is given in which case
1028 only the selected route is shown.
1030 <p>The <cf/show route/ command can process one or multiple routing
1031 tables. The set of selected tables is determined on three levels: First,
1032 tables can be explicitly selected by <cf/table/ switch, which could be
1033 used multiple times, all tables are specified by <cf/table all/. Second,
1034 tables can be implicitly selected by channels or protocols that are
1035 arguments of several other switches (e.g., <cf/export/, <cf/protocol/).
1036 Last, the set of default tables is used: <cf/master4/, <cf/master6/ and
1037 each first table of any other network type.
1039 <p>You can also ask for printing only routes processed and accepted by
1040 a given filter (<cf>filter <m/name/</cf> or <cf>filter { <m/filter/ }
1041 </cf> or matching a given condition (<cf>where <m/condition/</cf>).
1043 The <cf/export/, <cf/preexport/ and <cf/noexport/ switches ask for
1044 printing of routes that are exported to the specified protocol or
1045 channel. With <cf/preexport/, the export filter of the channel is
1046 skipped. With <cf/noexport/, routes rejected by the export filter are
1047 printed instead. Note that routes not exported for other reasons
1048 (e.g. secondary routes or routes imported from that protocol) are not
1049 printed even with <cf/noexport/. These switches also imply that
1050 associated routing tables are selected instead of default ones.
1052 <p>You can also select just routes added by a specific protocol.
1053 <cf>protocol <m/p/</cf>. This switch also implies that associated
1054 routing tables are selected instead of default ones.
1056 <p>If BIRD is configured to keep filtered routes (see <cf/import keep
1057 filtered/ option), you can show them instead of routes by using
1058 <cf/filtered/ switch.
1060 <p>The <cf/stats/ switch requests showing of route statistics (the
1061 number of networks, number of routes before and after filtering). If
1062 you use <cf/count/ instead, only the statistics will be printed.
1064 <tag><label id="cli-mrt-dump">mrt dump table <m/name/|"<m/pattern/" to "<m/filename/" [filter <m/f/|where <m/c/]</tag>
1065 Dump content of a routing table to a specified file in MRT table dump
1066 format. See <ref id="mrt" name="MRT protocol"> for details.
1068 <tag><label id="cli-configure">configure [soft] ["<m/config file/"] [timeout [<m/num/]]</tag>
1069 Reload configuration from a given file. BIRD will smoothly switch itself
1070 to the new configuration, protocols are reconfigured if possible,
1071 restarted otherwise. Changes in filters usually lead to restart of
1074 If <cf/soft/ option is used, changes in filters does not cause BIRD to
1075 restart affected protocols, therefore already accepted routes (according
1076 to old filters) would be still propagated, but new routes would be
1077 processed according to the new filters.
1079 If <cf/timeout/ option is used, config timer is activated. The new
1080 configuration could be either confirmed using <cf/configure confirm/
1081 command, or it will be reverted to the old one when the config timer
1082 expires. This is useful for cases when reconfiguration breaks current
1083 routing and a router becomes inaccessible for an administrator. The
1084 config timeout expiration is equivalent to <cf/configure undo/
1085 command. The timeout duration could be specified, default is 300 s.
1087 <tag><label id="cli-configure-confirm">configure confirm</tag>
1088 Deactivate the config undo timer and therefore confirm the current
1091 <tag><label id="cli-configure-undo">configure undo</tag>
1092 Undo the last configuration change and smoothly switch back to the
1093 previous (stored) configuration. If the last configuration change was
1094 soft, the undo change is also soft. There is only one level of undo, but
1095 in some specific cases when several reconfiguration requests are given
1096 immediately in a row and the intermediate ones are skipped then the undo
1097 also skips them back.
1099 <tag><label id="cli-configure-check">configure check ["<m/config file/"]</tag>
1100 Read and parse given config file, but do not use it. useful for checking
1101 syntactic and some semantic validity of an config file.
1103 <tag><label id="cli-enable-disable-restart">enable|disable|restart <m/name/|"<m/pattern/"|all</tag>
1104 Enable, disable or restart a given protocol instance, instances matching
1105 the <cf><m/pattern/</cf> or <cf/all/ instances.
1107 <tag><label id="cli-reload">reload [in|out] <m/name/|"<m/pattern/"|all</tag>
1108 Reload a given protocol instance, that means re-import routes from the
1109 protocol instance and re-export preferred routes to the instance. If
1110 <cf/in/ or <cf/out/ options are used, the command is restricted to one
1111 direction (re-import or re-export).
1113 This command is useful if appropriate filters have changed but the
1114 protocol instance was not restarted (or reloaded), therefore it still
1115 propagates the old set of routes. For example when <cf/configure soft/
1116 command was used to change filters.
1118 Re-export always succeeds, but re-import is protocol-dependent and might
1119 fail (for example, if BGP neighbor does not support route-refresh
1120 extension). In that case, re-export is also skipped. Note that for the
1121 pipe protocol, both directions are always reloaded together (<cf/in/ or
1122 <cf/out/ options are ignored in that case).
1124 <tag><label id="cli-down">down</tag>
1127 <tag><label id="cli-graceful-restart">graceful restart</tag>
1128 Shut BIRD down for graceful restart. See <ref id="graceful-restart"
1129 name="graceful restart"> section for details.
1131 <tag><label id="cli-debug">debug <m/protocol/|<m/pattern/|all all|off|{ states|routes|filters|events|packets [, <m/.../] }</tag>
1132 Control protocol debugging.
1134 <tag><label id="cli-dump">dump resources|sockets|interfaces|neighbors|attributes|routes|protocols</tag>
1135 Dump contents of internal data structures to the debugging output.
1137 <tag><label id="cli-echo">echo all|off|{ <m/list of log classes/ } [ <m/buffer-size/ ]</tag>
1138 Control echoing of log messages to the command-line output.
1139 See <ref id="opt-log" name="log option"> for a list of log classes.
1141 <tag><label id="cli-eval">eval <m/expr/</tag>
1142 Evaluate given expression.
1147 <label id="filters">
1150 <label id="filters-intro">
1152 <p>BIRD contains a simple programming language. (No, it can't yet read mail :-).
1153 There are two objects in this language: filters and functions. Filters are
1154 interpreted by BIRD core when a route is being passed between protocols and
1155 routing tables. The filter language contains control structures such as if's and
1156 switches, but it allows no loops. An example of a filter using many features can
1157 be found in <file>filter/test.conf</file>.
1159 <p>Filter gets the route, looks at its attributes and modifies some of them if
1160 it wishes. At the end, it decides whether to pass the changed route through
1161 (using <cf/accept/) or whether to <cf/reject/ it. A simple filter looks like
1168 if defined( rip_metric ) then
1174 if rip_metric > 10 then
1175 reject "RIP metric is too big";
1181 <p>As you can see, a filter has a header, a list of local variables, and a body.
1182 The header consists of the <cf/filter/ keyword followed by a (unique) name of
1183 filter. The list of local variables consists of <cf><M>type name</M>;</cf>
1184 pairs where each pair declares one local variable. The body consists of <cf>
1185 { <M>statements</M> }</cf>. Each <m/statement/ is terminated by a <cf/;/. You
1186 can group several statements to a single compound statement by using braces
1187 (<cf>{ <M>statements</M> }</cf>) which is useful if you want to make a bigger
1188 block of code conditional.
1190 <p>BIRD supports functions, so that you don't have to repeat the same blocks of
1191 code over and over. Functions can have zero or more parameters and they can have
1192 local variables. Recursion is not allowed. Function definitions look like this:
1201 function with_parameters (int parameter)
1207 <p>Unlike in C, variables are declared after the <cf/function/ line, but before
1208 the first <cf/{/. You can't declare variables in nested blocks. Functions are
1209 called like in C: <cf>name(); with_parameters(5);</cf>. Function may return
1210 values using the <cf>return <m/[expr]/</cf> command. Returning a value exits
1211 from current function (this is similar to C).
1213 <p>Filters are defined in a way similar to functions except they can't have
1214 explicit parameters. They get a route table entry as an implicit parameter, it
1215 is also passed automatically to any functions called. The filter must terminate
1216 with either <cf/accept/ or <cf/reject/ statement. If there's a runtime error in
1217 filter, the route is rejected.
1219 <p>A nice trick to debug filters is to use <cf>show route filter <m/name/</cf>
1220 from the command line client. An example session might look like:
1223 pavel@bug:~/bird$ ./birdc -s bird.ctl
1226 10.0.0.0/8 dev eth0 [direct1 23:21] (240)
1227 195.113.30.2/32 dev tunl1 [direct1 23:21] (240)
1228 127.0.0.0/8 dev lo [direct1 23:21] (240)
1230 show route [<prefix>] [table <t>] [filter <f>] [all] [primary]...
1231 bird> show route filter { if 127.0.0.5 ˜ net then accept; }
1232 127.0.0.0/8 dev lo [direct1 23:21] (240)
1238 <label id="data-types">
1240 <p>Each variable and each value has certain type. Booleans, integers and enums
1241 are incompatible with each other (that is to prevent you from shooting in the
1245 <tag><label id="type-bool">bool</tag>
1246 This is a boolean type, it can have only two values, <cf/true/ and
1247 <cf/false/. Boolean is the only type you can use in <cf/if/ statements.
1249 <tag><label id="type-int">int</tag>
1250 This is a general integer type. It is an unsigned 32bit type; i.e., you
1251 can expect it to store values from 0 to 4294967295. Overflows are not
1252 checked. You can use <cf/0x1234/ syntax to write hexadecimal values.
1254 <tag><label id="type-pair">pair</tag>
1255 This is a pair of two short integers. Each component can have values
1256 from 0 to 65535. Literals of this type are written as <cf/(1234,5678)/.
1257 The same syntax can also be used to construct a pair from two arbitrary
1258 integer expressions (for example <cf/(1+2,a)/).
1260 <tag><label id="type-quad">quad</tag>
1261 This is a dotted quad of numbers used to represent router IDs (and
1262 others). Each component can have a value from 0 to 255. Literals of
1263 this type are written like IPv4 addresses.
1265 <tag><label id="type-string">string</tag>
1266 This is a string of characters. There are no ways to modify strings in
1267 filters. You can pass them between functions, assign them to variables
1268 of type <cf/string/, print such variables, use standard string
1269 comparison operations (e.g. <cf/=, !=, <, >, <=, >=/), but
1270 you can't concatenate two strings. String literals are written as
1271 <cf/"This is a string constant"/. Additionally matching (<cf/˜,
1272 !˜/) operators could be used to match a string value against
1273 a shell pattern (represented also as a string).
1275 <tag><label id="type-ip">ip</tag>
1276 This type can hold a single IP address. The IPv4 addresses are stored as
1277 IPv4-Mapped IPv6 addresses so one data type for both of them is used.
1278 Whether the address is IPv4 or not may be checked by <cf>.is_ip4</cf>
1279 which returns <cf/bool/. IP addresses are written in the standard
1280 notation (<cf/10.20.30.40/ or <cf/fec0:3:4::1/). You can apply special
1281 operator <cf>.mask(<M>num</M>)</cf> on values of type ip. It masks out
1282 all but first <cf><M>num</M></cf> bits from the IP address. So
1283 <cf/1.2.3.4.mask(8) = 1.0.0.0/ is true.
1285 <tag><label id="type-prefix">prefix</tag>
1286 This type can hold a network prefix consisting of IP address, prefix
1287 length and several other values. This is the key in route tables.
1289 Prefixes may be of several types, which can be determined by the special
1290 operator <cf/.type/. The type may be:
1292 <cf/NET_IP4/ and <cf/NET_IP6/ prefixes hold an IP prefix. The literals
1293 are written as <cf><m/ipaddress//<m/pxlen/</cf>. There are two special
1294 operators on these: <cf/.ip/ which extracts the IP address from the
1295 pair, and <cf/.len/, which separates prefix length from the pair.
1296 So <cf>1.2.0.0/16.len = 16</cf> is true.
1298 <cf/NET_IP6_SADR/ nettype holds both destination and source IPv6
1299 prefix. The literals are written as <cf><m/ipaddress//<m/pxlen/ from
1300 <m/ipaddress//<m/pxlen/</cf>, where the first part is the destination
1301 prefix and the second art is the source prefix. They support the same
1302 operators as IP prefixes, but just for the destination part.
1304 <cf/NET_VPN4/ and <cf/NET_VPN6/ prefixes hold an IP prefix with VPN
1305 Route Distinguisher (<rfc id="4364">). They support the same special
1306 operators as IP prefixes, and also <cf/.rd/ which extracts the Route
1307 Distinguisher. Their literals are written
1308 as <cf><m/vpnrd/ <m/ipprefix/</cf>
1310 <cf/NET_ROA4/ and <cf/NET_ROA6/ prefixes hold an IP prefix range
1311 together with an ASN. They support the same special operators as IP
1312 prefixes, and also <cf/.maxlen/ which extracts maximal prefix length,
1313 and <cf/.asn/ which extracts the ASN.
1315 <cf/NET_FLOW4/ and <cf/NET_FLOW6/ hold an IP prefix together with a
1316 flowspec rule. Filters currently don't support flowspec parsing.
1318 <cf/NET_MPLS/ holds a single MPLS label and its handling is currently
1321 <tag><label id="type-vpnrd">vpnrd</tag>
1322 This is a route distinguisher according to <rfc id="4364">. There are
1323 three kinds of RD's: <cf><m/asn/:<m/32bit int/</cf>, <cf><m/asn4/:<m/16bit int/</cf>
1324 and <cf><m/IPv4 address/:<m/32bit int/</cf>
1326 <tag><label id="type-ec">ec</tag>
1327 This is a specialized type used to represent BGP extended community
1328 values. It is essentially a 64bit value, literals of this type are
1329 usually written as <cf>(<m/kind/, <m/key/, <m/value/)</cf>, where
1330 <cf/kind/ is a kind of extended community (e.g. <cf/rt/ / <cf/ro/ for a
1331 route target / route origin communities), the format and possible values
1332 of <cf/key/ and <cf/value/ are usually integers, but it depends on the
1333 used kind. Similarly to pairs, ECs can be constructed using expressions
1334 for <cf/key/ and <cf/value/ parts, (e.g. <cf/(ro, myas, 3*10)/, where
1335 <cf/myas/ is an integer variable).
1337 <tag><label id="type-lc">lc</tag>
1338 This is a specialized type used to represent BGP large community
1339 values. It is essentially a triplet of 32bit values, where the first
1340 value is reserved for the AS number of the issuer, while meaning of
1341 remaining parts is defined by the issuer. Literals of this type are
1342 written as <cf/(123, 456, 789)/, with any integer values. Similarly to
1343 pairs, LCs can be constructed using expressions for its parts, (e.g.
1344 <cf/(myas, 10+20, 3*10)/, where <cf/myas/ is an integer variable).
1346 <tag><label id="type-set">int|pair|quad|ip|prefix|ec|lc|enum set</tag>
1347 Filters recognize four types of sets. Sets are similar to strings: you
1348 can pass them around but you can't modify them. Literals of type <cf>int
1349 set</cf> look like <cf> [ 1, 2, 5..7 ]</cf>. As you can see, both simple
1350 values and ranges are permitted in sets.
1352 For pair sets, expressions like <cf/(123,*)/ can be used to denote
1353 ranges (in that case <cf/(123,0)..(123,65535)/). You can also use
1354 <cf/(123,5..100)/ for range <cf/(123,5)..(123,100)/. You can also use
1355 <cf/*/ and <cf/a..b/ expressions in the first part of a pair, note that
1356 such expressions are translated to a set of intervals, which may be
1357 memory intensive. E.g. <cf/(*,4..20)/ is translated to <cf/(0,4..20),
1358 (1,4..20), (2,4..20), ... (65535, 4..20)/.
1360 EC sets use similar expressions like pair sets, e.g. <cf/(rt, 123,
1361 10..20)/ or <cf/(ro, 123, *)/. Expressions requiring the translation
1362 (like <cf/(rt, *, 3)/) are not allowed (as they usually have 4B range
1365 Also LC sets use similar expressions like pair sets. You can use ranges
1366 and wildcards, but if one field uses that, more specific (later) fields
1367 must be wildcards. E.g., <cf/(10, 20..30, *)/ or <cf/(10, 20, 30..40)/
1368 is valid, while <cf/(10, *, 20..30)/ or <cf/(10, 20..30, 40)/ is not
1371 You can also use expressions for int, pair, EC and LC set values.
1372 However, it must be possible to evaluate these expressions before daemon
1373 boots. So you can use only constants inside them. E.g.
1382 odds = [ one, 2+1, 6-one, 2*2*2-1, 9, 11 ];
1383 ps = [ (1,one+one), (3,4)..(4,8), (5,*), (6,3..6), (7..9,*) ];
1384 es = [ (rt, myas, 3*10), (rt, myas+one, 0..16*16*16-1), (ro, myas+2, *) ];
1387 Sets of prefixes are special: their literals does not allow ranges, but
1388 allows prefix patterns that are written
1389 as <cf><M>ipaddress</M>/<M>pxlen</M>{<M>low</M>,<M>high</M>}</cf>.
1390 Prefix <cf><m>ip1</m>/<m>len1</m></cf> matches prefix
1391 pattern <cf><m>ip2</m>/<m>len2</m>{<m>l</m>,<m>h</m>}</cf> if the
1392 first <cf>min(len1, len2)</cf> bits of <cf/ip1/ and <cf/ip2/ are
1393 identical and <cf>len1 <= ip1 <= len2</cf>. A valid prefix pattern
1394 has to satisfy <cf>low <= high</cf>, but <cf/pxlen/ is not
1395 constrained by <cf/low/ or <cf/high/. Obviously, a prefix matches a
1396 prefix set literal if it matches any prefix pattern in the prefix set
1399 There are also two shorthands for prefix patterns: <cf><m/address//<m/len/+</cf>
1400 is a shorthand for <cf><m/address//<m/len/{<m/len/,<m/maxlen/}</cf>
1401 (where <cf><m/maxlen/</cf> is 32 for IPv4 and 128 for IPv6), that means
1402 network prefix <cf><m/address//<m/len/</cf> and all its subnets.
1403 <cf><m/address//<m/len/-</cf> is a shorthand for
1404 <cf><m/address//<m/len/{0,<m/len/}</cf>, that means network prefix
1405 <cf><m/address//<m/len/</cf> and all its supernets (network prefixes
1408 For example, <cf>[ 1.0.0.0/8, 2.0.0.0/8+, 3.0.0.0/8-, 4.0.0.0/8{16,24}
1409 ]</cf> matches prefix <cf>1.0.0.0/8</cf>, all subprefixes of
1410 <cf>2.0.0.0/8</cf>, all superprefixes of <cf>3.0.0.0/8</cf> and prefixes
1411 <cf/4.X.X.X/ whose prefix length is 16 to 24. <cf>[ 0.0.0.0/0{20,24} ]</cf>
1412 matches all prefixes (regardless of IP address) whose prefix length is
1413 20 to 24, <cf>[ 1.2.3.4/32- ]</cf> matches any prefix that contains IP
1414 address <cf>1.2.3.4</cf>. <cf>1.2.0.0/16 ˜ [ 1.0.0.0/8{15,17} ]</cf>
1415 is true, but <cf>1.0.0.0/16 ˜ [ 1.0.0.0/8- ]</cf> is false.
1417 Cisco-style patterns like <cf>10.0.0.0/8 ge 16 le 24</cf> can be expressed
1418 in BIRD as <cf>10.0.0.0/8{16,24}</cf>, <cf>192.168.0.0/16 le 24</cf> as
1419 <cf>192.168.0.0/16{16,24}</cf> and <cf>192.168.0.0/16 ge 24</cf> as
1420 <cf>192.168.0.0/16{24,32}</cf>.
1422 It is possible to mix IPv4 and IPv6 prefixes/addresses in a prefix/ip set
1423 but its behavior may change between versions without any warning; don't do
1424 it unless you are more than sure what you are doing. (Really, don't do it.)
1426 <tag><label id="type-enum">enum</tag>
1427 Enumeration types are fixed sets of possibilities. You can't define your
1428 own variables of such type, but some route attributes are of enumeration
1429 type. Enumeration types are incompatible with each other.
1431 <tag><label id="type-bgppath">bgppath</tag>
1432 BGP path is a list of autonomous system numbers. You can't write
1433 literals of this type. There are several special operators on bgppaths:
1435 <cf><m/P/.first</cf> returns the first ASN (the neighbor ASN) in path <m/P/.
1437 <cf><m/P/.last</cf> returns the last ASN (the source ASN) in path <m/P/.
1439 <cf><m/P/.last_nonaggregated</cf> returns the last ASN in the non-aggregated part of the path <m/P/.
1441 Both <cf/first/ and <cf/last/ return zero if there is no appropriate
1442 ASN, for example if the path contains an AS set element as the first (or
1443 the last) part. If the path ends with an AS set, <cf/last_nonaggregated/
1444 may be used to get last ASN before any AS set.
1446 <cf><m/P/.len</cf> returns the length of path <m/P/.
1448 <cf><m/P/.empty</cf> makes the path <m/P/ empty.
1450 <cf>prepend(<m/P/,<m/A/)</cf> prepends ASN <m/A/ to path <m/P/ and
1453 <cf>delete(<m/P/,<m/A/)</cf> deletes all instances of ASN <m/A/ from
1454 from path <m/P/ and returns the result. <m/A/ may also be an integer
1455 set, in that case the operator deletes all ASNs from path <m/P/ that are
1456 also members of set <m/A/.
1458 <cf>filter(<m/P/,<m/A/)</cf> deletes all ASNs from path <m/P/ that are
1459 not members of integer set <m/A/. I.e., <cf/filter/ do the same as
1460 <cf/delete/ with inverted set <m/A/.
1462 Statement <cf><m/P/ = prepend(<m/P/, <m/A/);</cf> can be shortened to
1463 <cf><m/P/.prepend(<m/A/);</cf> if <m/P/ is appropriate route attribute
1464 (for example <cf/bgp_path/). Similarly for <cf/delete/ and <cf/filter/.
1466 <tag><label id="type-bgpmask">bgpmask</tag>
1467 BGP masks are patterns used for BGP path matching (using <cf>path
1468 ˜ [= 2 3 5 * =]</cf> syntax). The masks resemble wildcard patterns
1469 as used by UNIX shells. Autonomous system numbers match themselves,
1470 <cf/*/ matches any (even empty) sequence of arbitrary AS numbers and
1471 <cf/?/ matches one arbitrary AS number. For example, if <cf>bgp_path</cf>
1472 is 4 3 2 1, then: <tt>bgp_path ˜ [= * 4 3 * =]</tt> is true,
1473 but <tt>bgp_path ˜ [= * 4 5 * =]</tt> is false. BGP mask
1474 expressions can also contain integer expressions enclosed in parenthesis
1475 and integer variables, for example <tt>[= * 4 (1+2) a =]</tt>. You can
1476 also use ranges, for example <tt>[= * 3..5 2 100..200 * =]</tt>.
1478 <tag><label id="type-clist">clist</tag>
1479 Clist is similar to a set, except that unlike other sets, it can be
1480 modified. The type is used for community list (a set of pairs) and for
1481 cluster list (a set of quads). There exist no literals of this type.
1482 There are three special operators on clists:
1484 <cf><m/C/.len</cf> returns the length of clist <m/C/.
1486 <cf><m/C/.empty</cf> makes the list <m/C/ empty.
1488 <cf>add(<m/C/,<m/P/)</cf> adds pair (or quad) <m/P/ to clist <m/C/ and
1489 returns the result. If item <m/P/ is already in clist <m/C/, it does
1490 nothing. <m/P/ may also be a clist, in that case all its members are
1491 added; i.e., it works as clist union.
1493 <cf>delete(<m/C/,<m/P/)</cf> deletes pair (or quad) <m/P/ from clist
1494 <m/C/ and returns the result. If clist <m/C/ does not contain item
1495 <m/P/, it does nothing. <m/P/ may also be a pair (or quad) set, in that
1496 case the operator deletes all items from clist <m/C/ that are also
1497 members of set <m/P/. Moreover, <m/P/ may also be a clist, which works
1498 analogously; i.e., it works as clist difference.
1500 <cf>filter(<m/C/,<m/P/)</cf> deletes all items from clist <m/C/ that are
1501 not members of pair (or quad) set <m/P/. I.e., <cf/filter/ do the same
1502 as <cf/delete/ with inverted set <m/P/. <m/P/ may also be a clist, which
1503 works analogously; i.e., it works as clist intersection.
1505 Statement <cf><m/C/ = add(<m/C/, <m/P/);</cf> can be shortened to
1506 <cf><m/C/.add(<m/P/);</cf> if <m/C/ is appropriate route attribute (for
1507 example <cf/bgp_community/). Similarly for <cf/delete/ and <cf/filter/.
1509 <tag><label id="type-eclist">eclist</tag>
1510 Eclist is a data type used for BGP extended community lists. Eclists
1511 are very similar to clists, but they are sets of ECs instead of pairs.
1512 The same operations (like <cf/add/, <cf/delete/ or <cf/˜/ and
1513 <cf/!˜/ membership operators) can be used to modify or test
1514 eclists, with ECs instead of pairs as arguments.
1516 <tag><label id="type-lclist">lclist/</tag>
1517 Lclist is a data type used for BGP large community lists. Like eclists,
1518 lclists are very similar to clists, but they are sets of LCs instead of
1519 pairs. The same operations (like <cf/add/, <cf/delete/ or <cf/˜/
1520 and <cf/!˜/ membership operators) can be used to modify or test
1521 lclists, with LCs instead of pairs as arguments.
1526 <label id="operators">
1528 <p>The filter language supports common integer operators <cf>(+,-,*,/)</cf>,
1529 parentheses <cf/(a*(b+c))/, comparison <cf/(a=b, a!=b, a<b, a>=b)/.
1530 Logical operations include unary not (<cf/!/), and (<cf/&&/), and or
1531 (<cf/||/). Special operators include (<cf/˜/,
1532 <cf/!˜/) for "is (not) element of a set" operation - it can be used on
1533 element and set of elements of the same type (returning true if element is
1534 contained in the given set), or on two strings (returning true if first string
1535 matches a shell-like pattern stored in second string) or on IP and prefix
1536 (returning true if IP is within the range defined by that prefix), or on prefix
1537 and prefix (returning true if first prefix is more specific than second one) or
1538 on bgppath and bgpmask (returning true if the path matches the mask) or on
1539 number and bgppath (returning true if the number is in the path) or on bgppath
1540 and int (number) set (returning true if any ASN from the path is in the set) or
1541 on pair/quad and clist (returning true if the pair/quad is element of the
1542 clist) or on clist and pair/quad set (returning true if there is an element of
1543 the clist that is also a member of the pair/quad set).
1545 <p>There is one operator related to ROA infrastructure - <cf/roa_check()/. It
1546 examines a ROA table and does <rfc id="6483"> route origin validation for a
1547 given network prefix. The basic usage is <cf>roa_check(<m/table/)</cf>, which
1548 checks current route (which should be from BGP to have AS_PATH argument) in the
1549 specified ROA table and returns ROA_UNKNOWN if there is no relevant ROA,
1550 ROA_VALID if there is a matching ROA, or ROA_INVALID if there are some relevant
1551 ROAs but none of them match. There is also an extended variant
1552 <cf>roa_check(<m/table/, <m/prefix/, <m/asn/)</cf>, which allows to specify a
1553 prefix and an ASN as arguments.
1556 <sect>Control structures
1557 <label id="control-structures">
1559 <p>Filters support two control structures: conditions and case switches.
1561 <p>Syntax of a condition is: <cf>if <M>boolean expression</M> then <m/commandT/;
1562 else <m/commandF/;</cf> and you can use <cf>{ <m/command1/; <m/command2/;
1563 <M>...</M> }</cf> instead of either command. The <cf>else</cf> clause may be
1564 omitted. If the <cf><m>boolean expression</m></cf> is true, <m/commandT/ is
1565 executed, otherwise <m/commandF/ is executed.
1567 <p>The <cf>case</cf> is similar to case from Pascal. Syntax is <cf>case
1568 <m/expr/ { else: | <m/num_or_prefix [ .. num_or_prefix]/: <m/statement/ ; [
1569 ... ] }</cf>. The expression after <cf>case</cf> can be of any type which can be
1570 on the left side of the ˜ operator and anything that could be a member of
1571 a set is allowed before <cf/:/. Multiple commands are allowed without <cf/{}/
1572 grouping. If <cf><m/expr/</cf> matches one of the <cf/:/ clauses, statements
1573 between it and next <cf/:/ statement are executed. If <cf><m/expr/</cf> matches
1574 neither of the <cf/:/ clauses, the statements after <cf/else:/ are executed.
1576 <p>Here is example that uses <cf/if/ and <cf/case/ structures:
1580 2: print "two"; print "I can do more commands without {}";
1581 3 .. 5: print "three to five";
1582 else: print "something else";
1585 if 1234 = i then printn "."; else {
1587 print "You need {} around multiple commands";
1592 <sect>Route attributes
1593 <label id="route-attributes">
1595 <p>A filter is implicitly passed a route, and it can access its attributes just
1596 like it accesses variables. There are common route attributes, protocol-specific
1597 route attributes and custom route attributes. Most common attributes are
1598 mandatory (always defined), while remaining are optional. Attempts to access
1599 undefined attribute result in a runtime error; you can check if an attribute is
1600 defined by using the <cf>defined( <m>attribute</m> )</cf> operator. One notable
1601 exception to this rule are attributes of bgppath and *clist types, where
1602 undefined value is regarded as empty bgppath/*clist for most purposes.
1604 Attributes can be defined by just setting them in filters. Custom attributes
1605 have to be first declared by <ref id="opt-attribute" name="attribute"> global
1606 option. You can also undefine optional attribute back to non-existence by using
1607 the <cf>unset( <m/attribute/ )</cf> operator.
1609 Common route attributes are:
1612 <tag><label id="rta-net"><m/prefix/ net</tag>
1613 The network prefix or anything else the route is talking about. The
1614 primary key of the routing table. Read-only. (See the <ref id="routes"
1615 name="chapter about routes">.)
1617 <tag><label id="rta-scope"><m/enum/ scope</tag>
1618 The scope of the route. Possible values: <cf/SCOPE_HOST/ for routes
1619 local to this host, <cf/SCOPE_LINK/ for those specific for a physical
1620 link, <cf/SCOPE_SITE/ and <cf/SCOPE_ORGANIZATION/ for private routes and
1621 <cf/SCOPE_UNIVERSE/ for globally visible routes. This attribute is not
1622 interpreted by BIRD and can be used to mark routes in filters. The
1623 default value for new routes is <cf/SCOPE_UNIVERSE/.
1625 <tag><label id="rta-preference"><m/int/ preference</tag>
1626 Preference of the route. Valid values are 0-65535. (See the chapter
1627 about routing tables.)
1629 <tag><label id="rta-from"><m/ip/ from</tag>
1630 The router which the route has originated from.
1632 <tag><label id="rta-gw"><m/ip/ gw</tag>
1633 Next hop packets routed using this route should be forwarded to.
1635 <tag><label id="rta-proto"><m/string/ proto</tag>
1636 The name of the protocol which the route has been imported from.
1639 <tag><label id="rta-source"><m/enum/ source</tag>
1640 what protocol has told me about this route. Possible values:
1641 <cf/RTS_DUMMY/, <cf/RTS_STATIC/, <cf/RTS_INHERIT/, <cf/RTS_DEVICE/,
1642 <cf/RTS_STATIC_DEVICE/, <cf/RTS_REDIRECT/, <cf/RTS_RIP/, <cf/RTS_OSPF/,
1643 <cf/RTS_OSPF_IA/, <cf/RTS_OSPF_EXT1/, <cf/RTS_OSPF_EXT2/, <cf/RTS_BGP/,
1644 <cf/RTS_PIPE/, <cf/RTS_BABEL/.
1646 <tag><label id="rta-dest"><m/enum/ dest</tag>
1647 Type of destination the packets should be sent to
1648 (<cf/RTD_ROUTER/ for forwarding to a neighboring router,
1649 <cf/RTD_DEVICE/ for routing to a directly-connected network,
1650 <cf/RTD_MULTIPATH/ for multipath destinations,
1651 <cf/RTD_BLACKHOLE/ for packets to be silently discarded,
1652 <cf/RTD_UNREACHABLE/, <cf/RTD_PROHIBIT/ for packets that should be
1653 returned with ICMP host unreachable / ICMP administratively prohibited
1654 messages). Can be changed, but only to <cf/RTD_BLACKHOLE/,
1655 <cf/RTD_UNREACHABLE/ or <cf/RTD_PROHIBIT/.
1657 <tag><label id="rta-ifname"><m/string/ ifname</tag>
1658 Name of the outgoing interface. Sink routes (like blackhole, unreachable
1659 or prohibit) and multipath routes have no interface associated with
1660 them, so <cf/ifname/ returns an empty string for such routes. Setting it
1661 would also change route to a direct one (remove gateway).
1663 <tag><label id="rta-ifindex"><m/int/ ifindex</tag>
1664 Index of the outgoing interface. System wide index of the interface. May
1665 be used for interface matching, however indexes might change on interface
1666 creation/removal. Zero is returned for routes with undefined outgoing
1667 interfaces. Read-only.
1669 <tag><label id="rta-igp-metric"><m/int/ igp_metric</tag>
1670 The optional attribute that can be used to specify a distance to the
1671 network for routes that do not have a native protocol metric attribute
1672 (like <cf/ospf_metric1/ for OSPF routes). It is used mainly by BGP to
1673 compare internal distances to boundary routers (see below).
1676 <p>Protocol-specific route attributes are described in the corresponding
1680 <sect>Other statements
1681 <label id="other-statements">
1683 <p>The following statements are available:
1686 <tag><label id="assignment"><m/variable/ = <m/expr/</tag>
1687 Set variable (or route attribute) to a given value.
1689 <tag><label id="filter-accept-reject">accept|reject [ <m/expr/ ]</tag>
1690 Accept or reject the route, possibly printing <cf><m>expr</m></cf>.
1692 <tag><label id="return">return <m/expr/</tag>
1693 Return <cf><m>expr</m></cf> from the current function, the function ends
1696 <tag><label id="print">print|printn <m/expr/ [<m/, expr.../]</tag>
1697 Prints given expressions; useful mainly while debugging filters. The
1698 <cf/printn/ variant does not terminate the line.
1700 <tag><label id="quitbird">quitbird</tag>
1701 Terminates BIRD. Useful when debugging the filter interpreter.
1706 <label id="protocols">
1712 <label id="babel-intro">
1714 <p>The Babel protocol
1715 (<rfc id="6126">) is a loop-avoiding distance-vector routing protocol that is
1716 robust and efficient both in ordinary wired networks and in wireless mesh
1717 networks. Babel is conceptually very simple in its operation and "just works"
1718 in its default configuration, though some configuration is possible and in some
1721 <p>The Babel protocol is dual stack; i.e., it can carry both IPv4 and IPv6
1722 routes over the same IPv6 transport. For sending and receiving Babel packets,
1723 only a link-local IPv6 address is needed.
1725 <p>BIRD implements an extension for IPv6 source-specific routing (SSR or SADR),
1726 but must be configured accordingly to use it. SADR-enabled Babel router can
1727 interoperate with non-SADR Babel router, but the later would ignore routes
1728 with specific (non-zero) source prefix.
1730 <sect1>Configuration
1731 <label id="babel-config">
1733 <p>The Babel protocol support both IPv4 and IPv6 channels; both can be
1734 configured simultaneously. It can also be configured with <ref
1735 id="ip-sadr-routes" name="IPv6 SADR"> channel instead of regular IPv6
1736 channel, in such case SADR support is enabled. Babel supports no global
1737 configuration options apart from those common to all other protocols, but
1738 supports the following per-interface configuration options:
1741 protocol babel [<name>] {
1742 ipv4 { <channel config> };
1743 ipv6 [sadr] { <channel config> };
1744 randomize router id <switch>;
1745 interface <interface pattern> {
1746 type <wired|wireless>;
1749 hello interval <time>;
1750 update interval <time>;
1752 tx class|dscp <number>;
1753 tx priority <number>;
1756 check link <switch>;
1757 next hop ipv4 <address>;
1758 next hop ipv6 <address>;
1764 <tag><label id="babel-channel">ipv4 | ipv6 [sadr] <m/channel config/</tag>
1765 The supported channels are IPv4, IPv6, and IPv6 SADR.
1767 <tag><label id="babel-random-router-id">randomize router id <m/switch/</tag>
1768 If enabled, Bird will randomize the top 32 bits of its router ID whenever
1769 the protocol instance starts up. If a Babel node restarts, it loses its
1770 sequence number, which can cause its routes to be rejected by peers until
1771 the state is cleared out by other nodes in the network (which can take on
1772 the order of minutes). Enabling this option causes Bird to pick a random
1773 router ID every time it starts up, which avoids this problem at the cost
1774 of not having stable router IDs in the network. Default: no.
1776 <tag><label id="babel-type">type wired|wireless </tag>
1777 This option specifies the interface type: Wired or wireless. On wired
1778 interfaces a neighbor is considered unreachable after a small number of
1779 Hello packets are lost, as described by <cf/limit/ option. On wireless
1780 interfaces the ETX link quality estimation technique is used to compute
1781 the metrics of routes discovered over this interface. This technique will
1782 gradually degrade the metric of routes when packets are lost rather than
1783 the more binary up/down mechanism of wired type links. Default:
1786 <tag><label id="babel-rxcost">rxcost <m/num/</tag>
1787 This option specifies the nominal RX cost of the interface. The effective
1788 neighbor costs for route metrics will be computed from this value with a
1789 mechanism determined by the interface <cf/type/. Note that in contrast to
1790 other routing protocols like RIP or OSPF, the <cf/rxcost/ specifies the
1791 cost of RX instead of TX, so it affects primarily neighbors' route
1792 selection and not local route selection. Default: 96 for wired interfaces,
1795 <tag><label id="babel-limit">limit <m/num/</tag>
1796 BIRD keeps track of received Hello messages from each neighbor to
1797 establish neighbor reachability. For wired type interfaces, this option
1798 specifies how many of last 16 hellos have to be correctly received in
1799 order to neighbor is assumed to be up. The option is ignored on wireless
1800 type interfaces, where gradual cost degradation is used instead of sharp
1803 <tag><label id="babel-hello">hello interval <m/time/ s|ms</tag>
1804 Interval at which periodic Hello messages are sent on this interface,
1805 with time units. Default: 4 seconds.
1807 <tag><label id="babel-update">update interval <m/time/ s|ms</tag>
1808 Interval at which periodic (full) updates are sent, with time
1809 units. Default: 4 times the hello interval.
1811 <tag><label id="babel-port">port <m/number/</tag>
1812 This option selects an UDP port to operate on. The default is to operate
1813 on port 6696 as specified in the Babel RFC.
1815 <tag><label id="babel-tx-class">tx class|dscp|priority <m/number/</tag>
1816 These options specify the ToS/DiffServ/Traffic class/Priority of the
1817 outgoing Babel packets. See <ref id="proto-tx-class" name="tx class"> common
1818 option for detailed description.
1820 <tag><label id="babel-rx-buffer">rx buffer <m/number/</tag>
1821 This option specifies the size of buffers used for packet processing.
1822 The buffer size should be bigger than maximal size of received packets.
1823 The default value is the interface MTU, and the value will be clamped to a
1824 minimum of 512 bytes + IP packet overhead.
1826 <tag><label id="babel-tx-length">tx length <m/number/</tag>
1827 This option specifies the maximum length of generated Babel packets. To
1828 avoid IP fragmentation, it should not exceed the interface MTU value.
1829 The default value is the interface MTU value, and the value will be
1830 clamped to a minimum of 512 bytes + IP packet overhead.
1832 <tag><label id="babel-check-link">check link <m/switch/</tag>
1833 If set, the hardware link state (as reported by OS) is taken into
1834 consideration. When the link disappears (e.g. an ethernet cable is
1835 unplugged), neighbors are immediately considered unreachable and all
1836 routes received from them are withdrawn. It is possible that some
1837 hardware drivers or platforms do not implement this feature. Default:
1840 <tag><label id="babel-next-hop-ipv4">next hop ipv4 <m/address/</tag>
1841 Set the next hop address advertised for IPv4 routes advertised on this
1842 interface. Default: the preferred IPv4 address of the interface.
1844 <tag><label id="babel-next-hop-ipv6">next hop ipv6 <m/address/</tag>
1845 Set the next hop address advertised for IPv6 routes advertised on this
1846 interface. If not set, the same link-local address that is used as the
1847 source for Babel packets will be used. In normal operation, it should not
1848 be necessary to set this option.
1852 <label id="babel-attr">
1854 <p>Babel defines just one attribute: the internal babel metric of the route. It
1855 is exposed as the <cf/babel_metric/ attribute and has range from 1 to infinity
1859 <label id="babel-exam">
1866 interface "wlan0", "wlan1" {
1873 # This matches the default of babeld: redistribute all addresses
1874 # configured on local interfaces, plus re-distribute all routes received
1875 # from other babel peers.
1878 export where (source = RTS_DEVICE) || (source = RTS_BABEL);
1881 export where (source = RTS_DEVICE) || (source = RTS_BABEL);
1887 <label id="babel-issues">
1889 <p>When retracting a route, Babel generates an unreachable route for a little
1890 while (according to RFC). The interaction of this behavior with other protocols
1891 is not well tested and strange things may happen.
1898 <label id="bfd-intro">
1900 <p>Bidirectional Forwarding Detection (BFD) is not a routing protocol itself, it
1901 is an independent tool providing liveness and failure detection. Routing
1902 protocols like OSPF and BGP use integrated periodic "hello" messages to monitor
1903 liveness of neighbors, but detection times of these mechanisms are high (e.g. 40
1904 seconds by default in OSPF, could be set down to several seconds). BFD offers
1905 universal, fast and low-overhead mechanism for failure detection, which could be
1906 attached to any routing protocol in an advisory role.
1908 <p>BFD consists of mostly independent BFD sessions. Each session monitors an
1909 unicast bidirectional path between two BFD-enabled routers. This is done by
1910 periodically sending control packets in both directions. BFD does not handle
1911 neighbor discovery, BFD sessions are created on demand by request of other
1912 protocols (like OSPF or BGP), which supply appropriate information like IP
1913 addresses and associated interfaces. When a session changes its state, these
1914 protocols are notified and act accordingly (e.g. break an OSPF adjacency when
1915 the BFD session went down).
1917 <p>BIRD implements basic BFD behavior as defined in <rfc id="5880"> (some
1918 advanced features like the echo mode or authentication are not implemented), IP
1919 transport for BFD as defined in <rfc id="5881"> and <rfc id="5883"> and
1920 interaction with client protocols as defined in <rfc id="5882">.
1922 <p>BFD packets are sent with a dynamic source port number. Linux systems use by
1923 default a bit different dynamic port range than the IANA approved one
1924 (49152-65535). If you experience problems with compatibility, please adjust
1925 <cf>/proc/sys/net/ipv4/ip_local_port_range</cf>.
1927 <sect1>Configuration
1928 <label id="bfd-config">
1930 <p>BFD configuration consists mainly of multiple definitions of interfaces.
1931 Most BFD config options are session specific. When a new session is requested
1932 and dynamically created, it is configured from one of these definitions. For
1933 sessions to directly connected neighbors, <cf/interface/ definitions are chosen
1934 based on the interface associated with the session, while <cf/multihop/
1935 definition is used for multihop sessions. If no definition is relevant, the
1936 session is just created with the default configuration. Therefore, an empty BFD
1937 configuration is often sufficient.
1939 <p>Note that to use BFD for other protocols like OSPF or BGP, these protocols
1940 also have to be configured to request BFD sessions, usually by <cf/bfd/ option.
1942 <p>A BFD instance not associated with any VRF handles session requests from all
1943 other protocols, even ones associated with a VRF. Such setup would work for
1944 single-hop BFD sessions if <cf/net.ipv4.udp_l3mdev_accept/ sysctl is enabled,
1945 but does not currently work for multihop sessions. Another approach is to
1946 configure multiple BFD instances, one for each VRF (including the default VRF).
1947 Each BFD instance associated with a VRF (regular or default) only handles
1948 session requests from protocols in the same VRF.
1950 <p>Some of BFD session options require <m/time/ value, which has to be specified
1951 with the appropriate unit: <m/num/ <cf/s/|<cf/ms/|<cf/us/. Although microseconds
1952 are allowed as units, practical minimum values are usually in order of tens of
1956 protocol bfd [<name>] {
1957 interface <interface pattern> {
1958 interval <time>;
1959 min rx interval <time>;
1960 min tx interval <time>;
1961 idle tx interval <time>;
1962 multiplier <num>;
1963 passive <switch>;
1964 authentication none;
1965 authentication simple;
1966 authentication [meticulous] keyed md5|sha1;
1967 password "<text>";
1968 password "<text>" {
1970 generate from "<date>";
1971 generate to "<date>";
1972 accept from "<date>";
1973 accept to "<date>";
1974 from "<date>";
1979 interval <time>;
1980 min rx interval <time>;
1981 min tx interval <time>;
1982 idle tx interval <time>;
1983 multiplier <num>;
1984 passive <switch>;
1986 neighbor <ip> [dev "<interface>"] [local <ip>] [multihop <switch>];
1991 <tag><label id="bfd-iface">interface <m/pattern/ [, <m/.../] { <m/options/ }</tag>
1992 Interface definitions allow to specify options for sessions associated
1993 with such interfaces and also may contain interface specific options.
1994 See <ref id="proto-iface" name="interface"> common option for a detailed
1995 description of interface patterns. Note that contrary to the behavior of
1996 <cf/interface/ definitions of other protocols, BFD protocol would accept
1997 sessions (in default configuration) even on interfaces not covered by
2000 <tag><label id="bfd-multihop">multihop { <m/options/ }</tag>
2001 Multihop definitions allow to specify options for multihop BFD sessions,
2002 in the same manner as <cf/interface/ definitions are used for directly
2003 connected sessions. Currently only one such definition (for all multihop
2004 sessions) could be used.
2006 <tag><label id="bfd-neighbor">neighbor <m/ip/ [dev "<m/interface/"] [local <m/ip/] [multihop <m/switch/]</tag>
2007 BFD sessions are usually created on demand as requested by other
2008 protocols (like OSPF or BGP). This option allows to explicitly add
2009 a BFD session to the specified neighbor regardless of such requests.
2011 The session is identified by the IP address of the neighbor, with
2012 optional specification of used interface and local IP. By default
2013 the neighbor must be directly connected, unless the session is
2014 configured as multihop. Note that local IP must be specified for
2018 <p>Session specific options (part of <cf/interface/ and <cf/multihop/ definitions):
2021 <tag><label id="bfd-interval">interval <m/time/</tag>
2022 BFD ensures availability of the forwarding path associated with the
2023 session by periodically sending BFD control packets in both
2024 directions. The rate of such packets is controlled by two options,
2025 <cf/min rx interval/ and <cf/min tx interval/ (see below). This option
2026 is just a shorthand to set both of these options together.
2028 <tag><label id="bfd-min-rx-interval">min rx interval <m/time/</tag>
2029 This option specifies the minimum RX interval, which is announced to the
2030 neighbor and used there to limit the neighbor's rate of generated BFD
2031 control packets. Default: 10 ms.
2033 <tag><label id="bfd-min-tx-interval">min tx interval <m/time/</tag>
2034 This option specifies the desired TX interval, which controls the rate
2035 of generated BFD control packets (together with <cf/min rx interval/
2036 announced by the neighbor). Note that this value is used only if the BFD
2037 session is up, otherwise the value of <cf/idle tx interval/ is used
2038 instead. Default: 100 ms.
2040 <tag><label id="bfd-idle-tx-interval">idle tx interval <m/time/</tag>
2041 In order to limit unnecessary traffic in cases where a neighbor is not
2042 available or not running BFD, the rate of generated BFD control packets
2043 is lower when the BFD session is not up. This option specifies the
2044 desired TX interval in such cases instead of <cf/min tx interval/.
2047 <tag><label id="bfd-multiplier">multiplier <m/num/</tag>
2048 Failure detection time for BFD sessions is based on established rate of
2049 BFD control packets (<cf>min rx/tx interval</cf>) multiplied by this
2050 multiplier, which is essentially (ignoring jitter) a number of missed
2051 packets after which the session is declared down. Note that rates and
2052 multipliers could be different in each direction of a BFD session.
2055 <tag><label id="bfd-passive">passive <m/switch/</tag>
2056 Generally, both BFD session endpoints try to establish the session by
2057 sending control packets to the other side. This option allows to enable
2058 passive mode, which means that the router does not send BFD packets
2059 until it has received one from the other side. Default: disabled.
2061 <tag>authentication none</tag>
2062 No passwords are sent in BFD packets. This is the default value.
2064 <tag>authentication simple</tag>
2065 Every packet carries 16 bytes of password. Received packets lacking this
2066 password are ignored. This authentication mechanism is very weak.
2068 <tag>authentication [meticulous] keyed md5|sha1</tag>
2069 An authentication code is appended to each packet. The cryptographic
2070 algorithm is keyed MD5 or keyed SHA-1. Note that the algorithm is common
2071 for all keys (on one interface), in contrast to OSPF or RIP, where it
2072 is a per-key option. Passwords (keys) are not sent open via network.
2074 The <cf/meticulous/ variant means that cryptographic sequence numbers
2075 are increased for each sent packet, while in the basic variant they are
2076 increased about once per second. Generally, the <cf/meticulous/ variant
2077 offers better resistance to replay attacks but may require more
2080 <tag>password "<M>text</M>"</tag>
2081 Specifies a password used for authentication. See <ref id="proto-pass"
2082 name="password"> common option for detailed description. Note that
2083 password option <cf/algorithm/ is not available in BFD protocol. The
2084 algorithm is selected by <cf/authentication/ option for all passwords.
2089 <label id="bfd-exam">
2094 min rx interval 20 ms;
2095 min tx interval 50 ms;
2096 idle tx interval 300 ms;
2108 neighbor 192.168.1.10;
2109 neighbor 192.168.2.2 dev "eth2";
2110 neighbor 192.168.10.1 local 192.168.1.1 multihop;
2118 <p>The Border Gateway Protocol is the routing protocol used for backbone level
2119 routing in the today's Internet. Contrary to other protocols, its convergence
2120 does not rely on all routers following the same rules for route selection,
2121 making it possible to implement any routing policy at any router in the network,
2122 the only restriction being that if a router advertises a route, it must accept
2123 and forward packets according to it.
2125 <p>BGP works in terms of autonomous systems (often abbreviated as AS). Each AS
2126 is a part of the network with common management and common routing policy. It is
2127 identified by a unique 16-bit number (ASN). Routers within each AS usually
2128 exchange AS-internal routing information with each other using an interior
2129 gateway protocol (IGP, such as OSPF or RIP). Boundary routers at the border of
2130 the AS communicate global (inter-AS) network reachability information with their
2131 neighbors in the neighboring AS'es via exterior BGP (eBGP) and redistribute
2132 received information to other routers in the AS via interior BGP (iBGP).
2134 <p>Each BGP router sends to its neighbors updates of the parts of its routing
2135 table it wishes to export along with complete path information (a list of AS'es
2136 the packet will travel through if it uses the particular route) in order to
2137 avoid routing loops.
2139 <sect1>Supported standards
2140 <label id="bgp-standards">
2144 <item> <rfc id="4271"> - Border Gateway Protocol 4 (BGP)
2145 <item> <rfc id="1997"> - BGP Communities Attribute
2146 <item> <rfc id="2385"> - Protection of BGP Sessions via TCP MD5 Signature
2147 <item> <rfc id="2545"> - Use of BGP Multiprotocol Extensions for IPv6
2148 <item> <rfc id="2918"> - Route Refresh Capability
2149 <item> <rfc id="3107"> - Carrying Label Information in BGP
2150 <item> <rfc id="4360"> - BGP Extended Communities Attribute
2151 <item> <rfc id="4364"> - BGP/MPLS IPv4 Virtual Private Networks
2152 <item> <rfc id="4456"> - BGP Route Reflection
2153 <item> <rfc id="4486"> - Subcodes for BGP Cease Notification Message
2154 <item> <rfc id="4659"> - BGP/MPLS IPv6 Virtual Private Networks
2155 <item> <rfc id="4724"> - Graceful Restart Mechanism for BGP
2156 <item> <rfc id="4760"> - Multiprotocol extensions for BGP
2157 <item> <rfc id="4798"> - Connecting IPv6 Islands over IPv4 MPLS
2158 <item> <rfc id="5065"> - AS confederations for BGP
2159 <item> <rfc id="5082"> - Generalized TTL Security Mechanism
2160 <item> <rfc id="5492"> - Capabilities Advertisement with BGP
2161 <item> <rfc id="5549"> - Advertising IPv4 NLRI with an IPv6 Next Hop
2162 <item> <rfc id="5575"> - Dissemination of Flow Specification Rules
2163 <item> <rfc id="5668"> - 4-Octet AS Specific BGP Extended Community
2164 <item> <rfc id="6286"> - AS-Wide Unique BGP Identifier
2165 <item> <rfc id="6608"> - Subcodes for BGP Finite State Machine Error
2166 <item> <rfc id="6793"> - BGP Support for 4-Octet AS Numbers
2167 <item> <rfc id="7313"> - Enhanced Route Refresh Capability for BGP
2168 <item> <rfc id="7606"> - Revised Error Handling for BGP UPDATE Messages
2169 <item> <rfc id="7911"> - Advertisement of Multiple Paths in BGP
2170 <item> <rfc id="7947"> - Internet Exchange BGP Route Server
2171 <item> <rfc id="8092"> - BGP Large Communities Attribute
2172 <item> <rfc id="8203"> - BGP Administrative Shutdown Communication
2173 <item> <rfc id="8212"> - Default EBGP Route Propagation Behavior without Policies
2176 <sect1>Route selection rules
2177 <label id="bgp-route-select-rules">
2179 <p>BGP doesn't have any simple metric, so the rules for selection of an optimal
2180 route among multiple BGP routes with the same preference are a bit more complex
2181 and they are implemented according to the following algorithm. It starts the
2182 first rule, if there are more "best" routes, then it uses the second rule to
2183 choose among them and so on.
2186 <item>Prefer route with the highest Local Preference attribute.
2187 <item>Prefer route with the shortest AS path.
2188 <item>Prefer IGP origin over EGP and EGP origin over incomplete.
2189 <item>Prefer the lowest value of the Multiple Exit Discriminator.
2190 <item>Prefer routes received via eBGP over ones received via iBGP.
2191 <item>Prefer routes with lower internal distance to a boundary router.
2192 <item>Prefer the route with the lowest value of router ID of the
2196 <sect1>IGP routing table
2197 <label id="bgp-igp-routing-table">
2199 <p>BGP is mainly concerned with global network reachability and with routes to
2200 other autonomous systems. When such routes are redistributed to routers in the
2201 AS via BGP, they contain IP addresses of a boundary routers (in route attribute
2202 NEXT_HOP). BGP depends on existing IGP routing table with AS-internal routes to
2203 determine immediate next hops for routes and to know their internal distances to
2204 boundary routers for the purpose of BGP route selection. In BIRD, there is
2205 usually one routing table used for both IGP routes and BGP routes.
2207 <sect1>Protocol configuration
2208 <label id="bgp-proto-config">
2210 <p>Each instance of the BGP corresponds to one neighboring router. This allows
2211 to set routing policy and all the other parameters differently for each neighbor
2212 using the following configuration parameters:
2215 <tag><label id="bgp-local">local [<m/ip/] [port <m/number/] [as <m/number/]</tag>
2216 Define which AS we are part of. (Note that contrary to other IP routers,
2217 BIRD is able to act as a router located in multiple AS'es simultaneously,
2218 but in such cases you need to tweak the BGP paths manually in the filters
2219 to get consistent behavior.) Optional <cf/ip/ argument specifies a source
2220 address, equivalent to the <cf/source address/ option (see below).
2221 Optional <cf/port/ argument specifies the local BGP port instead of
2222 standard port 179. The parameter may be used multiple times with
2223 different sub-options (e.g., both <cf/local 10.0.0.1 as 65000;/ and
2224 <cf/local 10.0.0.1; local as 65000;/ are valid). This parameter is
2227 <tag><label id="bgp-neighbor">neighbor [<m/ip/ | range <m/prefix/] [port <m/number/] [as <m/number/] [internal|external]</tag>
2228 Define neighboring router this instance will be talking to and what AS
2229 it is located in. In case the neighbor is in the same AS as we are, we
2230 automatically switch to IBGP. Alternatively, it is possible to specify
2231 just <cf/internal/ or <cf/external/ instead of AS number, in that case
2232 either local AS number, or any external AS number is accepted.
2233 Optionally, the remote port may also be specified. Like <cf/local/
2234 parameter, this parameter may also be used multiple times with different
2235 sub-options. This parameter is mandatory.
2237 It is possible to specify network prefix (with <cf/range/ keyword)
2238 instead of explicit neighbor IP address. This enables dynamic BGP
2239 behavior, where the BGP instance listens on BGP port, but new BGP
2240 instances are spawned for incoming BGP connections (if source address
2241 matches the network prefix). It is possible to mix regular BGP instances
2242 with dynamic BGP instances and have multiple dynamic BGP instances with
2245 <tag><label id="bgp-iface">interface <m/string/</tag>
2246 Define interface we should use for link-local BGP IPv6 sessions.
2247 Interface can also be specified as a part of <cf/neighbor address/
2248 (e.g., <cf/neighbor fe80::1234%eth0 as 65000;/). The option may also be
2249 used for non link-local sessions when it is necessary to explicitly
2250 specify an interface, but only for direct (not multihop) sessions.
2252 <tag><label id="bgp-direct">direct</tag>
2253 Specify that the neighbor is directly connected. The IP address of the
2254 neighbor must be from a directly reachable IP range (i.e. associated
2255 with one of your router's interfaces), otherwise the BGP session
2256 wouldn't start but it would wait for such interface to appear. The
2257 alternative is the <cf/multihop/ option. Default: enabled for eBGP.
2259 <tag><label id="bgp-multihop">multihop [<m/number/]</tag>
2260 Configure multihop BGP session to a neighbor that isn't directly
2261 connected. Accurately, this option should be used if the configured
2262 neighbor IP address does not match with any local network subnets. Such
2263 IP address have to be reachable through system routing table. The
2264 alternative is the <cf/direct/ option. For multihop BGP it is
2265 recommended to explicitly configure the source address to have it
2266 stable. Optional <cf/number/ argument can be used to specify the number
2267 of hops (used for TTL). Note that the number of networks (edges) in a
2268 path is counted; i.e., if two BGP speakers are separated by one router,
2269 the number of hops is 2. Default: enabled for iBGP.
2271 <tag><label id="bgp-source-address">source address <m/ip/</tag>
2272 Define local address we should use as a source address for the BGP
2273 session. Default: the address of the local end of the interface our
2274 neighbor is connected to.
2276 <tag><label id="bgp-dynamic-name">dynamic name "<m/text/"</tag>
2277 Define common prefix of names used for new BGP instances spawned when
2278 dynamic BGP behavior is active. Actual names also contain numeric
2279 index to distinguish individual instances. Default: "dynbgp".
2281 <tag><label id="bgp-dynamic-name-digits">dynamic name digits <m/number/</tag>
2282 Define minimum number of digits for index in names of spawned dynamic
2283 BGP instances. E.g., if set to 2, then the first name would be
2284 "dynbgp01". Default: 0.
2286 <tag><label id="bgp-strict-bind">strict bind <m/switch/</tag>
2287 Specify whether BGP listening socket should be bound to a specific local
2288 address (the same as the <cf/source address/) and associated interface,
2289 or to all addresses. Binding to a specific address could be useful in
2290 cases like running multiple BIRD instances on a machine, each using its
2291 IP address. Note that listening sockets bound to a specific address and
2292 to all addresses collide, therefore either all BGP protocols (of the
2293 same address family and using the same local port) should have set
2294 <cf/strict bind/, or none of them. Default: disabled.
2296 <tag><label id="bgp-check-link">check link <M>switch</M></tag>
2297 BGP could use hardware link state into consideration. If enabled,
2298 BIRD tracks the link state of the associated interface and when link
2299 disappears (e.g. an ethernet cable is unplugged), the BGP session is
2300 immediately shut down. Note that this option cannot be used with
2301 multihop BGP. Default: enabled for direct BGP, disabled otherwise.
2303 <tag><label id="bgp-bfd">bfd <M>switch</M>|graceful</tag>
2304 BGP could use BFD protocol as an advisory mechanism for neighbor
2305 liveness and failure detection. If enabled, BIRD setups a BFD session
2306 for the BGP neighbor and tracks its liveness by it. This has an
2307 advantage of an order of magnitude lower detection times in case of
2308 failure. When a neighbor failure is detected, the BGP session is
2309 restarted. Optionally, it can be configured (by <cf/graceful/ argument)
2310 to trigger graceful restart instead of regular restart. Note that BFD
2311 protocol also has to be configured, see <ref id="bfd" name="BFD">
2312 section for details. Default: disabled.
2314 <tag><label id="bgp-ttl-security">ttl security <m/switch/</tag>
2315 Use GTSM (<rfc id="5082"> - the generalized TTL security mechanism). GTSM
2316 protects against spoofed packets by ignoring received packets with a
2317 smaller than expected TTL. To work properly, GTSM have to be enabled on
2318 both sides of a BGP session. If both <cf/ttl security/ and
2319 <cf/multihop/ options are enabled, <cf/multihop/ option should specify
2320 proper hop value to compute expected TTL. Kernel support required:
2321 Linux: 2.6.34+ (IPv4), 2.6.35+ (IPv6), BSD: since long ago, IPv4 only.
2322 Note that full (ICMP protection, for example) <rfc id="5082"> support is
2323 provided by Linux only. Default: disabled.
2325 <tag><label id="bgp-password">password <m/string/</tag>
2326 Use this password for MD5 authentication of BGP sessions (<rfc id="2385">). When
2327 used on BSD systems, see also <cf/setkey/ option below. Default: no
2330 <tag><label id="bgp-setkey">setkey <m/switch/</tag>
2331 On BSD systems, keys for TCP MD5 authentication are stored in the global
2332 SA/SP database, which can be accessed by external utilities (e.g.
2333 setkey(8)). BIRD configures security associations in the SA/SP database
2334 automatically based on <cf/password/ options (see above), this option
2335 allows to disable automatic updates by BIRD when manual configuration by
2336 external utilities is preferred. Note that automatic SA/SP database
2337 updates are currently implemented only for FreeBSD. Passwords have to be
2338 set manually by an external utility on NetBSD and OpenBSD. Default:
2339 enabled (ignored on non-FreeBSD).
2341 <tag><label id="bgp-passive">passive <m/switch/</tag>
2342 Standard BGP behavior is both initiating outgoing connections and
2343 accepting incoming connections. In passive mode, outgoing connections
2344 are not initiated. Default: off.
2346 <tag><label id="bgp-confederation">confederation <m/number/</tag>
2347 BGP confederations (<rfc id="5065">) are collections of autonomous
2348 systems that act as one entity to external systems, represented by one
2349 confederation identifier (instead of AS numbers). This option allows to
2350 enable BGP confederation behavior and to specify the local confederation
2351 identifier. When BGP confederations are used, all BGP speakers that are
2352 members of the BGP confederation should have the same confederation
2353 identifier configured. Default: 0 (no confederation).
2355 <tag><label id="bgp-confederation-member">confederation member <m/switch/</tag>
2356 When BGP confederations are used, this option allows to specify whether
2357 the BGP neighbor is a member of the same confederation as the local BGP
2358 speaker. The option is unnecessary (and ignored) for IBGP sessions, as
2359 the same AS number implies the same confederation. Default: no.
2361 <tag><label id="bgp-rr-client">rr client</tag>
2362 Be a route reflector and treat the neighbor as a route reflection
2363 client. Default: disabled.
2365 <tag><label id="bgp-rr-cluster-id">rr cluster id <m/IPv4 address/</tag>
2366 Route reflectors use cluster id to avoid route reflection loops. When
2367 there is one route reflector in a cluster it usually uses its router id
2368 as a cluster id, but when there are more route reflectors in a cluster,
2369 these need to be configured (using this option) to use a common cluster
2370 id. Clients in a cluster need not know their cluster id and this option
2371 is not allowed for them. Default: the same as router id.
2373 <tag><label id="bgp-rs-client">rs client</tag>
2374 Be a route server and treat the neighbor as a route server client.
2375 A route server is used as a replacement for full mesh EBGP routing in
2376 Internet exchange points in a similar way to route reflectors used in
2377 IBGP routing. BIRD does not implement obsoleted <rfc id="1863">, but
2378 uses ad-hoc implementation, which behaves like plain EBGP but reduces
2379 modifications to advertised route attributes to be transparent (for
2380 example does not prepend its AS number to AS PATH attribute and
2381 keeps MED attribute). Default: disabled.
2383 <tag><label id="bgp-allow-local-pref">allow bgp_local_pref <m/switch/</tag>
2384 A standard BGP implementation do not send the Local Preference attribute
2385 to eBGP neighbors and ignore this attribute if received from eBGP
2386 neighbors, as per <rfc id="4271">. When this option is enabled on an
2387 eBGP session, this attribute will be sent to and accepted from the peer,
2388 which is useful for example if you have a setup like in <rfc id="7938">.
2389 The option does not affect iBGP sessions. Default: off.
2391 <tag><label id="bgp-allow-local-as">allow local as [<m/number/]</tag>
2392 BGP prevents routing loops by rejecting received routes with the local
2393 AS number in the AS path. This option allows to loose or disable the
2394 check. Optional <cf/number/ argument can be used to specify the maximum
2395 number of local ASNs in the AS path that is allowed for received
2396 routes. When the option is used without the argument, the check is
2397 completely disabled and you should ensure loop-free behavior by some
2398 other means. Default: 0 (no local AS number allowed).
2400 <tag><label id="bgp-enable-route-refresh">enable route refresh <m/switch/</tag>
2401 After the initial route exchange, BGP protocol uses incremental updates
2402 to keep BGP speakers synchronized. Sometimes (e.g., if BGP speaker
2403 changes its import filter, or if there is suspicion of inconsistency) it
2404 is necessary to do a new complete route exchange. BGP protocol extension
2405 Route Refresh (<rfc id="2918">) allows BGP speaker to request
2406 re-advertisement of all routes from its neighbor. BGP protocol
2407 extension Enhanced Route Refresh (<rfc id="7313">) specifies explicit
2408 begin and end for such exchanges, therefore the receiver can remove
2409 stale routes that were not advertised during the exchange. This option
2410 specifies whether BIRD advertises these capabilities and supports
2411 related procedures. Note that even when disabled, BIRD can send route
2412 refresh requests. Default: on.
2414 <tag><label id="bgp-graceful-restart">graceful restart <m/switch/|aware</tag>
2415 When a BGP speaker restarts or crashes, neighbors will discard all
2416 received paths from the speaker, which disrupts packet forwarding even
2417 when the forwarding plane of the speaker remains intact. <rfc id="4724">
2418 specifies an optional graceful restart mechanism to alleviate this
2419 issue. This option controls the mechanism. It has three states:
2420 Disabled, when no support is provided. Aware, when the graceful restart
2421 support is announced and the support for restarting neighbors is
2422 provided, but no local graceful restart is allowed (i.e. receiving-only
2423 role). Enabled, when the full graceful restart support is provided
2424 (i.e. both restarting and receiving role). Restarting role could be also
2425 configured per-channel. Note that proper support for local graceful
2426 restart requires also configuration of other protocols. Default: aware.
2428 <tag><label id="bgp-graceful-restart-time">graceful restart time <m/number/</tag>
2429 The restart time is announced in the BGP graceful restart capability
2430 and specifies how long the neighbor would wait for the BGP session to
2431 re-establish after a restart before deleting stale routes. Default:
2434 <tag><label id="bgp-long-lived-graceful-restart">long lived graceful restart <m/switch/|aware</tag>
2435 The long-lived graceful restart is an extension of the traditional
2436 <ref id="bgp-graceful-restart" name="BGP graceful restart">, where stale
2437 routes are kept even after the <ref id="bgp-graceful-restart-time"
2438 name="restart time"> expires for additional long-lived stale time, but
2439 they are marked with the LLGR_STALE community, depreferenced, and
2440 withdrawn from routers not supporting LLGR. Like traditional BGP
2441 graceful restart, it has three states: disabled, aware (receiving-only),
2442 and enabled. Note that long-lived graceful restart requires at least
2443 aware level of traditional BGP graceful restart. Default: aware, unless
2444 graceful restart is disabled.
2446 <tag><label id="bgp-long-lived-stale-time">long lived stale time <m/number/</tag>
2447 The long-lived stale time is announced in the BGP long-lived graceful
2448 restart capability and specifies how long the neighbor would keep stale
2449 routes depreferenced during long-lived graceful restart until either the
2450 session is re-stablished and synchronized or the stale time expires and
2451 routes are removed. Default: 3600 seconds.
2453 <tag><label id="bgp-interpret-communities">interpret communities <m/switch/</tag>
2454 <rfc id="1997"> demands that BGP speaker should process well-known
2455 communities like no-export (65535, 65281) or no-advertise (65535,
2456 65282). For example, received route carrying a no-adverise community
2457 should not be advertised to any of its neighbors. If this option is
2458 enabled (which is by default), BIRD has such behavior automatically (it
2459 is evaluated when a route is exported to the BGP protocol just before
2460 the export filter). Otherwise, this integrated processing of
2461 well-known communities is disabled. In that case, similar behavior can
2462 be implemented in the export filter. Default: on.
2464 <tag><label id="bgp-enable-as4">enable as4 <m/switch/</tag>
2465 BGP protocol was designed to use 2B AS numbers and was extended later to
2466 allow 4B AS number. BIRD supports 4B AS extension, but by disabling this
2467 option it can be persuaded not to advertise it and to maintain old-style
2468 sessions with its neighbors. This might be useful for circumventing bugs
2469 in neighbor's implementation of 4B AS extension. Even when disabled
2470 (off), BIRD behaves internally as AS4-aware BGP router. Default: on.
2472 <tag><label id="bgp-enable-extended-messages">enable extended messages <m/switch/</tag>
2473 The BGP protocol uses maximum message length of 4096 bytes. This option
2474 provides an extension to allow extended messages with length up
2475 to 65535 bytes. Default: off.
2477 <tag><label id="bgp-capabilities">capabilities <m/switch/</tag>
2478 Use capability advertisement to advertise optional capabilities. This is
2479 standard behavior for newer BGP implementations, but there might be some
2480 older BGP implementations that reject such connection attempts. When
2481 disabled (off), features that request it (4B AS support) are also
2482 disabled. Default: on, with automatic fallback to off when received
2483 capability-related error.
2485 <tag><label id="bgp-advertise-ipv4">advertise ipv4 <m/switch/</tag>
2486 Advertise IPv4 multiprotocol capability. This is not a correct behavior
2487 according to the strict interpretation of <rfc id="4760">, but it is
2488 widespread and required by some BGP implementations (Cisco and Quagga).
2489 This option is relevant to IPv4 mode with enabled capability
2490 advertisement only. Default: on.
2492 <tag><label id="bgp-disable-after-error">disable after error <m/switch/</tag>
2493 When an error is encountered (either locally or by the other side),
2494 disable the instance automatically and wait for an administrator to fix
2495 the problem manually. Default: off.
2497 <tag><label id="bgp-disable-after-cease">disable after cease <m/switch/|<m/set-of-flags/</tag>
2498 When a Cease notification is received, disable the instance
2499 automatically and wait for an administrator to fix the problem manually.
2500 When used with <m/switch/ argument, it means handle every Cease subtype
2501 with the exception of <cf/connection collision/. Default: off.
2503 The <m/set-of-flags/ allows to narrow down relevant Cease subtypes. The
2504 syntax is <cf>{<m/flag/ [, <m/.../] }</cf>, where flags are: <cf/cease/,
2505 <cf/prefix limit hit/, <cf/administrative shutdown/,
2506 <cf/peer deconfigured/, <cf/administrative reset/,
2507 <cf/connection rejected/, <cf/configuration change/,
2508 <cf/connection collision/, <cf/out of resources/.
2510 <tag><label id="bgp-hold-time">hold time <m/number/</tag>
2511 Time in seconds to wait for a Keepalive message from the other side
2512 before considering the connection stale. Default: depends on agreement
2513 with the neighboring router, we prefer 240 seconds if the other side is
2514 willing to accept it.
2516 <tag><label id="bgp-startup-hold-time">startup hold time <m/number/</tag>
2517 Value of the hold timer used before the routers have a chance to exchange
2518 open messages and agree on the real value. Default: 240 seconds.
2520 <tag><label id="bgp-keepalive-time">keepalive time <m/number/</tag>
2521 Delay in seconds between sending of two consecutive Keepalive messages.
2522 Default: One third of the hold time.
2524 <tag><label id="bgp-connect-delay-time">connect delay time <m/number/</tag>
2525 Delay in seconds between protocol startup and the first attempt to
2526 connect. Default: 5 seconds.
2528 <tag><label id="bgp-connect-retry-time">connect retry time <m/number/</tag>
2529 Time in seconds to wait before retrying a failed attempt to connect.
2530 Default: 120 seconds.
2532 <tag><label id="bgp-error-wait-time">error wait time <m/number/,<m/number/</tag>
2533 Minimum and maximum delay in seconds between a protocol failure (either
2534 local or reported by the peer) and automatic restart. Doesn't apply
2535 when <cf/disable after error/ is configured. If consecutive errors
2536 happen, the delay is increased exponentially until it reaches the
2537 maximum. Default: 60, 300.
2539 <tag><label id="bgp-error-forget-time">error forget time <m/number/</tag>
2540 Maximum time in seconds between two protocol failures to treat them as a
2541 error sequence which makes <cf/error wait time/ increase exponentially.
2542 Default: 300 seconds.
2544 <tag><label id="bgp-path-metric">path metric <m/switch/</tag>
2545 Enable comparison of path lengths when deciding which BGP route is the
2546 best one. Default: on.
2548 <tag><label id="bgp-med-metric">med metric <m/switch/</tag>
2549 Enable comparison of MED attributes (during best route selection) even
2550 between routes received from different ASes. This may be useful if all
2551 MED attributes contain some consistent metric, perhaps enforced in
2552 import filters of AS boundary routers. If this option is disabled, MED
2553 attributes are compared only if routes are received from the same AS
2554 (which is the standard behavior). Default: off.
2556 <tag><label id="bgp-deterministic-med">deterministic med <m/switch/</tag>
2557 BGP route selection algorithm is often viewed as a comparison between
2558 individual routes (e.g. if a new route appears and is better than the
2559 current best one, it is chosen as the new best one). But the proper
2560 route selection, as specified by <rfc id="4271">, cannot be fully
2561 implemented in that way. The problem is mainly in handling the MED
2562 attribute. BIRD, by default, uses an simplification based on individual
2563 route comparison, which in some cases may lead to temporally dependent
2564 behavior (i.e. the selection is dependent on the order in which routes
2565 appeared). This option enables a different (and slower) algorithm
2566 implementing proper <rfc id="4271"> route selection, which is
2567 deterministic. Alternative way how to get deterministic behavior is to
2568 use <cf/med metric/ option. This option is incompatible with <ref
2569 id="dsc-table-sorted" name="sorted tables">. Default: off.
2571 <tag><label id="bgp-igp-metric">igp metric <m/switch/</tag>
2572 Enable comparison of internal distances to boundary routers during best
2573 route selection. Default: on.
2575 <tag><label id="bgp-prefer-older">prefer older <m/switch/</tag>
2576 Standard route selection algorithm breaks ties by comparing router IDs.
2577 This changes the behavior to prefer older routes (when both are external
2578 and from different peer). For details, see <rfc id="5004">. Default: off.
2580 <tag><label id="bgp-default-med">default bgp_med <m/number/</tag>
2581 Value of the Multiple Exit Discriminator to be used during route
2582 selection when the MED attribute is missing. Default: 0.
2584 <tag><label id="bgp-default-local-pref">default bgp_local_pref <m/number/</tag>
2585 A default value for the Local Preference attribute. It is used when
2586 a new Local Preference attribute is attached to a route by the BGP
2587 protocol itself (for example, if a route is received through eBGP and
2588 therefore does not have such attribute). Default: 100 (0 in pre-1.2.0
2592 <sect1>Channel configuration
2593 <label id="bgp-channel-config">
2595 <p>BGP supports several AFIs and SAFIs over one connection. Every AFI/SAFI
2596 announced to the peer corresponds to one channel. The table of supported AFI/SAFIs
2597 together with their appropriate channels follows.
2600 <tabular ca="l|l|l|r|r">
2601 <bf/Channel name/ | <bf/Table nettype/ | <bf/IGP table allowed/ | <bf/AFI/ | <bf/SAFI/
2603 <cf/ipv4/ | <cf/ipv4/ | <cf/ipv4/ and <cf/ipv6/ | 1 | 1
2604 @ <cf/ipv6/ | <cf/ipv6/ | <cf/ipv4/ and <cf/ipv6/ | 2 | 1
2605 @ <cf/ipv4 multicast/ | <cf/ipv4/ | <cf/ipv4/ and <cf/ipv6/ | 1 | 2
2606 @ <cf/ipv6 multicast/ | <cf/ipv6/ | <cf/ipv4/ and <cf/ipv6/ | 2 | 2
2607 @ <cf/ipv4 mpls/ | <cf/ipv4/ | <cf/ipv4/ and <cf/ipv6/ | 1 | 4
2608 @ <cf/ipv6 mpls/ | <cf/ipv6/ | <cf/ipv4/ and <cf/ipv6/ | 2 | 4
2609 @ <cf/vpn4 mpls/ | <cf/vpn4/ | <cf/ipv4/ and <cf/ipv6/ | 1 | 128
2610 @ <cf/vpn6 mpls/ | <cf/vpn6/ | <cf/ipv4/ and <cf/ipv6/ | 2 | 128
2611 @ <cf/vpn4 multicast/ | <cf/vpn4/ | <cf/ipv4/ and <cf/ipv6/ | 1 | 129
2612 @ <cf/vpn6 multicast/ | <cf/vpn6/ | <cf/ipv4/ and <cf/ipv6/ | 2 | 129
2613 @ <cf/flow4/ | <cf/flow4/ | --- | 1 | 133
2614 @ <cf/flow6/ | <cf/flow6/ | --- | 2 | 133
2618 <p>Due to <rfc id="8212">, external BGP protocol requires explicit configuration
2619 of import and export policies (in contrast to other protocols, where default
2620 policies of <cf/import all/ and <cf/export none/ are used in absence of explicit
2621 configuration). Note that blanket policies like <cf/all/ or <cf/none/ can still
2622 be used in explicit configuration.
2624 <p>BGP channels have additional config options (together with the common ones):
2627 <tag><label id="bgp-mandatory">mandatory <m/switch/</tag>
2628 When local and neighbor sets of configured AFI/SAFI pairs differ,
2629 capability negotiation ensures that a common subset is used. For
2630 mandatory channels their associated AFI/SAFI must be negotiated
2631 (i.e., also announced by the neighbor), otherwise BGP session
2632 negotiation fails with <it/'Required capability missing'/ error.
2633 Regardless, at least one AFI/SAFI must be negotiated in order to BGP
2634 session be successfully established. Default: off.
2636 <tag><label id="bgp-next-hop-keep">next hop keep <m/switch/|ibgp|ebgp</tag>
2637 Do not modify the Next Hop attribute and advertise the current one
2638 unchanged even in cases where our own local address should be used
2639 instead. This is necessary when the BGP speaker does not forward network
2640 traffic (route servers and some route reflectors) and also can be useful
2641 in some other cases (e.g. multihop EBGP sessions). Can be enabled for
2642 all routes, or just for routes received from IBGP / EBGP neighbors.
2643 Default: disabled for regular BGP, enabled for route servers,
2644 <cf/ibgp/ for route reflectors.
2646 <tag><label id="bgp-next-hop-self">next hop self <m/switch/|ibgp|ebgp</tag>
2647 Always advertise our own local address as a next hop, even in cases
2648 where the current Next Hop attribute should be used unchanged. This is
2649 sometimes used for routes propagated from EBGP to IBGP when IGP routing
2650 does not cover inter-AS links, therefore IP addreses of EBGP neighbors
2651 are not resolvable through IGP. Can be enabled for all routes, or just
2652 for routes received from IBGP / EBGP neighbors. Default: disabled.
2654 <tag><label id="bgp-next-hop-address">next hop address <m/ip/</tag>
2655 Specify which address to use when our own local address should be
2656 announced in the Next Hop attribute. Default: the source address of the
2657 BGP session (if acceptable), or the preferred address of an associated
2660 <tag><label id="bgp-missing-lladdr">missing lladdr self|drop|ignore</tag>
2661 Next Hop attribute in BGP-IPv6 sometimes contains just the global IPv6
2662 address, but sometimes it has to contain both global and link-local IPv6
2663 addresses. This option specifies what to do if BIRD have to send both
2664 addresses but does not know link-local address. This situation might
2665 happen when routes from other protocols are exported to BGP, or when
2666 improper updates are received from BGP peers. <cf/self/ means that BIRD
2667 advertises its own local address instead. <cf/drop/ means that BIRD
2668 skips that prefixes and logs error. <cf/ignore/ means that BIRD ignores
2669 the problem and sends just the global address (and therefore forms
2670 improper BGP update). Default: <cf/self/, unless BIRD is configured as a
2671 route server (option <cf/rs client/), in that case default is <cf/ignore/,
2672 because route servers usually do not forward packets themselves.
2674 <tag><label id="bgp-gateway">gateway direct|recursive</tag>
2675 For received routes, their <cf/gw/ (immediate next hop) attribute is
2676 computed from received <cf/bgp_next_hop/ attribute. This option
2677 specifies how it is computed. Direct mode means that the IP address from
2678 <cf/bgp_next_hop/ is used if it is directly reachable, otherwise the
2679 neighbor IP address is used. Recursive mode means that the gateway is
2680 computed by an IGP routing table lookup for the IP address from
2681 <cf/bgp_next_hop/. Note that there is just one level of indirection in
2682 recursive mode - the route obtained by the lookup must not be recursive
2683 itself, to prevent mutually recursive routes.
2685 Recursive mode is the behavior specified by the BGP
2686 standard. Direct mode is simpler, does not require any routes in a
2687 routing table, and was used in older versions of BIRD, but does not
2688 handle well nontrivial iBGP setups and multihop. Recursive mode is
2689 incompatible with <ref id="dsc-table-sorted" name="sorted tables">. Default:
2690 <cf/direct/ for direct sessions, <cf/recursive/ for multihop sessions.
2692 <tag><label id="bgp-igp-table">igp table <m/name/</tag>
2693 Specifies a table that is used as an IGP routing table. The type of this
2694 table must be as allowed in the table above. This option is allowed once
2695 for every allowed table type. Default: the same as the main table
2696 the channel is connected to (if eligible).
2698 <tag><label id="bgp-import-table">import table <m/switch/</tag>
2699 A BGP import table contains all received routes from given BGP neighbor,
2700 before application of import filters. It is also called <em/Adj-RIB-In/
2701 in BGP terminology. BIRD BGP by default operates without import tables,
2702 in which case received routes are just processed by import filters,
2703 accepted ones are stored in the master table, and the rest is forgotten.
2704 Enabling <cf/import table/ allows to store unprocessed routes, which can
2705 be examined later by <cf/show route/, and can be used to reconfigure
2706 import filters without full route refresh. Default: off.
2708 <tag><label id="bgp-secondary">secondary <m/switch/</tag>
2709 Usually, if an export filter rejects a selected route, no other route is
2710 propagated for that network. This option allows to try the next route in
2711 order until one that is accepted is found or all routes for that network
2712 are rejected. This can be used for route servers that need to propagate
2713 different tables to each client but do not want to have these tables
2714 explicitly (to conserve memory). This option requires that the connected
2715 routing table is <ref id="dsc-table-sorted" name="sorted">. Default: off.
2717 <tag><label id="bgp-extended-next-hop">extended next hop <m/switch/</tag>
2718 BGP expects that announced next hops have the same address family as
2719 associated network prefixes. This option provides an extension to use
2720 IPv4 next hops with IPv6 prefixes and vice versa. For IPv4 / VPNv4
2721 channels, the behavior is controlled by the Extended Next Hop Encoding
2722 capability, as described in <rfc id="5549">. For IPv6 / VPNv6 channels,
2723 just IPv4-mapped IPv6 addresses are used, as described in
2724 <rfc id="4798"> and <rfc id="4659">. Default: off.
2726 <tag><label id="bgp-add-paths">add paths <m/switch/|rx|tx</tag>
2727 Standard BGP can propagate only one path (route) per destination network
2728 (usually the selected one). This option controls the add-path protocol
2729 extension, which allows to advertise any number of paths to a
2730 destination. Note that to be active, add-path has to be enabled on both
2731 sides of the BGP session, but it could be enabled separately for RX and
2732 TX direction. When active, all available routes accepted by the export
2733 filter are advertised to the neighbor. Default: off.
2735 <tag><label id="bgp-graceful-restart-c">graceful restart <m/switch/</tag>
2736 Although BGP graceful restart is configured mainly by protocol-wide
2737 <ref id="bgp-graceful-restart" name="options">, it is possible to
2738 configure restarting role per AFI/SAFI pair by this channel option.
2739 The option is ignored if graceful restart is disabled by protocol-wide
2740 option. Default: off in aware mode, on in full mode.
2742 <tag><label id="bgp-long-lived-graceful-restart-c">long lived graceful restart <m/switch/</tag>
2743 BGP long-lived graceful restart is configured mainly by protocol-wide
2744 <ref id="bgp-long-lived-graceful-restart" name="options">, but the
2745 restarting role can be set per AFI/SAFI pair by this channel option.
2746 The option is ignored if long-lived graceful restart is disabled by
2747 protocol-wide option. Default: off in aware mode, on in full mode.
2749 <tag><label id="bgp-long-lived-stale-time-c">long lived stale time <m/number/</tag>
2750 Like previous graceful restart channel options, this option allows to
2751 set <ref id="bgp-long-lived-stale-time" name="long lived stale time">
2752 per AFI/SAFI pair instead of per protocol. Default: set by protocol-wide
2757 <label id="bgp-attr">
2759 <p>BGP defines several route attributes. Some of them (those marked with
2760 `<tt/I/' in the table below) are available on internal BGP connections only,
2761 some of them (marked with `<tt/O/') are optional.
2764 <tag><label id="rta-bgp-path">bgppath bgp_path</tag>
2765 Sequence of AS numbers describing the AS path the packet will travel
2766 through when forwarded according to the particular route. In case of
2767 internal BGP it doesn't contain the number of the local AS.
2769 <tag><label id="rta-bgp-local-pref">int bgp_local_pref [I]</tag>
2770 Local preference value used for selection among multiple BGP routes (see
2771 the selection rules above). It's used as an additional metric which is
2772 propagated through the whole local AS.
2774 <tag><label id="rta-bgp-med">int bgp_med [O]</tag>
2775 The Multiple Exit Discriminator of the route is an optional attribute
2776 which is used on external (inter-AS) links to convey to an adjacent AS
2777 the optimal entry point into the local AS. The received attribute is
2778 also propagated over internal BGP links. The attribute value is zeroed
2779 when a route is exported to an external BGP instance to ensure that the
2780 attribute received from a neighboring AS is not propagated to other
2781 neighboring ASes. A new value might be set in the export filter of an
2782 external BGP instance. See <rfc id="4451"> for further discussion of
2785 <tag><label id="rta-bgp-origin">enum bgp_origin</tag>
2786 Origin of the route: either <cf/ORIGIN_IGP/ if the route has originated
2787 in an interior routing protocol or <cf/ORIGIN_EGP/ if it's been imported
2788 from the <tt>EGP</tt> protocol (nowadays it seems to be obsolete) or
2789 <cf/ORIGIN_INCOMPLETE/ if the origin is unknown.
2791 <tag><label id="rta-bgp-next-hop">ip bgp_next_hop</tag>
2792 Next hop to be used for forwarding of packets to this destination. On
2793 internal BGP connections, it's an address of the originating router if
2794 it's inside the local AS or a boundary router the packet will leave the
2795 AS through if it's an exterior route, so each BGP speaker within the AS
2796 has a chance to use the shortest interior path possible to this point.
2798 <tag><label id="rta-bgp-atomic-aggr">void bgp_atomic_aggr [O]</tag>
2799 This is an optional attribute which carries no value, but the sole
2800 presence of which indicates that the route has been aggregated from
2801 multiple routes by some router on the path from the originator.
2803 <!-- we don't handle aggregators right since they are of a very obscure type
2804 <tag>bgp_aggregator</tag>
2806 <tag><label id="rta-bgp-community">clist bgp_community [O]</tag>
2807 List of community values associated with the route. Each such value is a
2808 pair (represented as a <cf/pair/ data type inside the filters) of 16-bit
2809 integers, the first of them containing the number of the AS which
2810 defines the community and the second one being a per-AS identifier.
2811 There are lots of uses of the community mechanism, but generally they
2812 are used to carry policy information like "don't export to USA peers".
2813 As each AS can define its own routing policy, it also has a complete
2814 freedom about which community attributes it defines and what will their
2817 <tag><label id="rta-bgp-ext-community">eclist bgp_ext_community [O]</tag>
2818 List of extended community values associated with the route. Extended
2819 communities have similar usage as plain communities, but they have an
2820 extended range (to allow 4B ASNs) and a nontrivial structure with a type
2821 field. Individual community values are represented using an <cf/ec/ data
2822 type inside the filters.
2824 <tag><label id="rta-bgp-large-community">lclist bgp_large_community [O]</tag>
2825 List of large community values associated with the route. Large BGP
2826 communities is another variant of communities, but contrary to extended
2827 communities they behave very much the same way as regular communities,
2828 just larger -- they are uniform untyped triplets of 32bit numbers.
2829 Individual community values are represented using an <cf/lc/ data type
2832 <tag><label id="rta-bgp-originator-id">quad bgp_originator_id [I, O]</tag>
2833 This attribute is created by the route reflector when reflecting the
2834 route and contains the router ID of the originator of the route in the
2837 <tag><label id="rta-bgp-cluster-list">clist bgp_cluster_list [I, O]</tag>
2838 This attribute contains a list of cluster IDs of route reflectors. Each
2839 route reflector prepends its cluster ID when reflecting the route.
2843 <label id="bgp-exam">
2847 local 198.51.100.14 as 65000; # Use a private AS number
2848 neighbor 198.51.100.130 as 64496; # Our neighbor ...
2849 multihop; # ... which is connected indirectly
2851 export filter { # We use non-trivial export rules
2852 if source = RTS_STATIC then { # Export only static routes
2853 # Assign our community
2854 bgp_community.add((65000,64501));
2855 # Artificially increase path length
2856 # by advertising local AS number twice
2857 if bgp_path ~ [= 65000 =] then
2858 bgp_path.prepend(65000);
2864 next hop self; # advertise this router as next hop
2865 igp table myigptable4; # IGP table for routes with IPv4 nexthops
2866 igp table myigptable6; # IGP table for routes with IPv6 nexthops
2869 export filter mylargefilter; # We use a named filter
2871 missing lladdr self;
2872 igp table myigptable4; # IGP table for routes with IPv4 nexthops
2873 igp table myigptable6; # IGP table for routes with IPv6 nexthops
2877 export filter someotherfilter;
2878 table mymulticasttable4; # Another IPv4 table, dedicated for multicast
2879 igp table myigptable4;
2888 <p>The Device protocol is not a real routing protocol. It doesn't generate any
2889 routes and it only serves as a module for getting information about network
2890 interfaces from the kernel. This protocol supports no channel.
2892 <p>Except for very unusual circumstances, you probably should include this
2893 protocol in the configuration since almost all other protocols require network
2894 interfaces to be defined for them to work with.
2896 <sect1>Configuration
2897 <label id="device-config">
2900 <tag><label id="device-scan-time">scan time <m/number/</tag>
2901 Time in seconds between two scans of the network interface list. On
2902 systems where we are notified about interface status changes
2903 asynchronously (such as newer versions of Linux), we need to scan the
2904 list only in order to avoid confusion by lost notification messages,
2905 so the default time is set to a large value.
2907 <tag><label id="device-iface">interface <m/pattern/ [, <m/.../]</tag>
2908 By default, the Device protocol handles all interfaces without any
2909 configuration. Interface definitions allow to specify optional
2910 parameters for specific interfaces. See <ref id="proto-iface"
2911 name="interface"> common option for detailed description. Currently only
2912 one interface option is available:
2914 <tag><label id="device-preferred">preferred <m/ip/</tag>
2915 If a network interface has more than one IP address, BIRD chooses one of
2916 them as a preferred one. Preferred IP address is used as source address
2917 for packets or announced next hop by routing protocols. Precisely, BIRD
2918 chooses one preferred IPv4 address, one preferred IPv6 address and one
2919 preferred link-local IPv6 address. By default, BIRD chooses the first
2920 found IP address as the preferred one.
2922 This option allows to specify which IP address should be preferred. May
2923 be used multiple times for different address classes (IPv4, IPv6, IPv6
2924 link-local). In all cases, an address marked by operating system as
2925 secondary cannot be chosen as the primary one.
2928 <p>As the Device protocol doesn't generate any routes, it cannot have
2929 any attributes. Example configuration looks like this:
2933 scan time 10; # Scan the interfaces often
2935 preferred 192.168.1.1;
2936 preferred 2001:db8:1:10::1;
2945 <p>The Direct protocol is a simple generator of device routes for all the
2946 directly connected networks according to the list of interfaces provided by the
2947 kernel via the Device protocol. The Direct protocol supports both IPv4 and IPv6
2948 channels; both can be configured simultaneously. It can also be configured with
2949 <ref id="ip-sadr-routes" name="IPv6 SADR"> channel instead of regular IPv6
2950 channel in order to be used together with SADR-enabled Babel protocol.
2952 <p>The question is whether it is a good idea to have such device routes in BIRD
2953 routing table. OS kernel usually handles device routes for directly connected
2954 networks by itself so we don't need (and don't want) to export these routes to
2955 the kernel protocol. OSPF protocol creates device routes for its interfaces
2956 itself and BGP protocol is usually used for exporting aggregate routes. But the
2957 Direct protocol is necessary for distance-vector protocols like RIP or Babel to
2958 announce local networks.
2960 <p>There are just few configuration options for the Direct protocol:
2963 <tag><label id="direct-iface">interface <m/pattern/ [, <m/.../]</tag>
2964 By default, the Direct protocol will generate device routes for all the
2965 interfaces available. If you want to restrict it to some subset of
2966 interfaces or addresses (e.g. if you're using multiple routing tables
2967 for policy routing and some of the policy domains don't contain all
2968 interfaces), just use this clause. See <ref id="proto-iface" name="interface">
2969 common option for detailed description. The Direct protocol uses
2970 extended interface clauses.
2972 <tag><label id="direct-check-link">check link <m/switch/</tag>
2973 If enabled, a hardware link state (reported by OS) is taken into
2974 consideration. Routes for directly connected networks are generated only
2975 if link up is reported and they are withdrawn when link disappears
2976 (e.g., an ethernet cable is unplugged). Default value is no.
2979 <p>Direct device routes don't contain any specific attributes.
2981 <p>Example config might look like this:
2987 interface "-arc*", "*"; # Exclude the ARCnets
2995 <p>The Kernel protocol is not a real routing protocol. Instead of communicating
2996 with other routers in the network, it performs synchronization of BIRD's routing
2997 tables with the OS kernel. Basically, it sends all routing table updates to the
2998 kernel and from time to time it scans the kernel tables to see whether some
2999 routes have disappeared (for example due to unnoticed up/down transition of an
3000 interface) or whether an `alien' route has been added by someone else (depending
3001 on the <cf/learn/ switch, such routes are either ignored or accepted to our
3004 <p>Note that routes created by OS kernel itself, namely direct routes
3005 representing IP subnets of associated interfaces, are not imported even with
3006 <cf/learn/ enabled. You can use <ref id="direct" name="Direct protocol"> to
3007 generate these direct routes.
3009 <p>If your OS supports only a single routing table, you can configure only one
3010 instance of the Kernel protocol. If it supports multiple tables (in order to
3011 allow policy routing; such an OS is for example Linux), you can run as many
3012 instances as you want, but each of them must be connected to a different BIRD
3013 routing table and to a different kernel table.
3015 <p>Because the kernel protocol is partially integrated with the connected
3016 routing table, there are two limitations - it is not possible to connect more
3017 kernel protocols to the same routing table and changing route destination
3018 (gateway) in an export filter of a kernel protocol does not work. Both
3019 limitations can be overcome using another routing table and the pipe protocol.
3021 <p>The Kernel protocol supports both IPv4 and IPv6 channels; only one channel
3022 can be configured in each protocol instance. On Linux, it also supports <ref
3023 id="ip-sadr-routes" name="IPv6 SADR"> and <ref id="mpls-routes" name="MPLS">
3026 <sect1>Configuration
3027 <label id="krt-config">
3030 <tag><label id="krt-persist">persist <m/switch/</tag>
3031 Tell BIRD to leave all its routes in the routing tables when it exits
3032 (instead of cleaning them up).
3034 <tag><label id="krt-scan-time">scan time <m/number/</tag>
3035 Time in seconds between two consecutive scans of the kernel routing
3038 <tag><label id="krt-learn">learn <m/switch/</tag>
3039 Enable learning of routes added to the kernel routing tables by other
3040 routing daemons or by the system administrator. This is possible only on
3041 systems which support identification of route authorship.
3043 <tag><label id="krt-kernel-table">kernel table <m/number/</tag>
3044 Select which kernel table should this particular instance of the Kernel
3045 protocol work with. Available only on systems supporting multiple
3048 <tag><label id="krt-metric">metric <m/number/</tag> (Linux)
3049 Use specified value as a kernel metric (priority) for all routes sent to
3050 the kernel. When multiple routes for the same network are in the kernel
3051 routing table, the Linux kernel chooses one with lower metric. Also,
3052 routes with different metrics do not clash with each other, therefore
3053 using dedicated metric value is a reliable way to avoid overwriting
3054 routes from other sources (e.g. kernel device routes). Metric 0 has a
3055 special meaning of undefined metric, in which either OS default is used,
3056 or per-route metric can be set using <cf/krt_metric/ attribute. Default:
3059 <tag><label id="krt-graceful-restart">graceful restart <m/switch/</tag>
3060 Participate in graceful restart recovery. If this option is enabled and
3061 a graceful restart recovery is active, the Kernel protocol will defer
3062 synchronization of routing tables until the end of the recovery. Note
3063 that import of kernel routes to BIRD is not affected.
3065 <tag><label id="krt-merge-paths">merge paths <M>switch</M> [limit <M>number</M>]</tag>
3066 Usually, only best routes are exported to the kernel protocol. With path
3067 merging enabled, both best routes and equivalent non-best routes are
3068 merged during export to generate one ECMP (equal-cost multipath) route
3069 for each network. This is useful e.g. for BGP multipath. Note that best
3070 routes are still pivotal for route export (responsible for most
3071 properties of resulting ECMP routes), while exported non-best routes are
3072 responsible just for additional multipath next hops. This option also
3073 allows to specify a limit on maximal number of nexthops in one route. By
3074 default, multipath merging is disabled. If enabled, default value of the
3079 <label id="krt-attr">
3081 <p>The Kernel protocol defines several attributes. These attributes are
3082 translated to appropriate system (and OS-specific) route attributes. We support
3086 <tag><label id="rta-krt-source">int krt_source</tag>
3087 The original source of the imported kernel route. The value is
3088 system-dependent. On Linux, it is a value of the protocol field of the
3089 route. See /etc/iproute2/rt_protos for common values. On BSD, it is
3090 based on STATIC and PROTOx flags. The attribute is read-only.
3092 <tag><label id="rta-krt-metric">int krt_metric</tag> (Linux)
3093 The kernel metric of the route. When multiple same routes are in a
3094 kernel routing table, the Linux kernel chooses one with lower metric.
3095 Note that preferred way to set kernel metric is to use protocol option
3096 <cf/metric/, unless per-route metric values are needed.
3098 <tag><label id="rta-krt-prefsrc">ip krt_prefsrc</tag> (Linux)
3099 The preferred source address. Used in source address selection for
3100 outgoing packets. Has to be one of the IP addresses of the router.
3102 <tag><label id="rta-krt-realm">int krt_realm</tag> (Linux)
3103 The realm of the route. Can be used for traffic classification.
3105 <tag><label id="rta-krt-scope">int krt_scope</tag> (Linux IPv4)
3106 The scope of the route. Valid values are 0-254, although Linux kernel
3107 may reject some values depending on route type and nexthop. It is
3108 supposed to represent `indirectness' of the route, where nexthops of
3109 routes are resolved through routes with a higher scope, but in current
3110 kernels anything below <it/link/ (253) is treated as <it/global/ (0).
3111 When not present, global scope is implied for all routes except device
3112 routes, where link scope is used by default.
3115 <p>In Linux, there is also a plenty of obscure route attributes mostly focused
3116 on tuning TCP performance of local connections. BIRD supports most of these
3117 attributes, see Linux or iproute2 documentation for their meaning. Attributes
3118 <cf/krt_lock_*/ and <cf/krt_feature_*/ have type bool, others have type int.
3119 Supported attributes are:
3121 <cf/krt_mtu/, <cf/krt_lock_mtu/, <cf/krt_window/, <cf/krt_lock_window/,
3122 <cf/krt_rtt/, <cf/krt_lock_rtt/, <cf/krt_rttvar/, <cf/krt_lock_rttvar/,
3123 <cf/krt_sstresh/, <cf/krt_lock_sstresh/, <cf/krt_cwnd/, <cf/krt_lock_cwnd/,
3124 <cf/krt_advmss/, <cf/krt_lock_advmss/, <cf/krt_reordering/, <cf/krt_lock_reordering/,
3125 <cf/krt_hoplimit/, <cf/krt_lock_hoplimit/, <cf/krt_rto_min/, <cf/krt_lock_rto_min/,
3126 <cf/krt_initcwnd/, <cf/krt_initrwnd/, <cf/krt_quickack/,
3127 <cf/krt_feature_ecn/, <cf/krt_feature_allfrag/
3130 <label id="krt-exam">
3132 <p>A simple configuration can look this way:
3140 <p>Or for a system with two routing tables:
3143 protocol kernel { # Primary routing table
3144 learn; # Learn alien routes from the kernel
3145 persist; # Don't remove routes on bird shutdown
3146 scan time 10; # Scan kernel routing table every 10 seconds
3153 protocol kernel { # Secondary routing table
3167 <label id="mrt-intro">
3169 <p>The MRT protocol is a component responsible for handling the Multi-Threaded
3170 Routing Toolkit (MRT) routing information export format, which is mainly used
3171 for collecting and analyzing of routing information from BGP routers. The MRT
3172 protocol can be configured to do periodic dumps of routing tables, created MRT
3173 files can be analyzed later by other tools. Independent MRT table dumps can also
3174 be requested from BIRD client. There is also a feature to save incoming BGP
3175 messages in MRT files, but it is controlled by <ref id="proto-mrtdump"
3176 name="mrtdump"> options independently of MRT protocol, although that might
3177 change in the future.
3179 BIRD implements the main MRT format specification as defined in <rfc id="6396">
3180 and the ADD_PATH extension (<rfc id="8050">).
3182 <sect1>Configuration
3183 <label id="mrt-config">
3185 <p>MRT configuration consists of several statements describing routing table
3186 dumps. Multiple independent periodic dumps can be done as multiple MRT protocol
3187 instances. The MRT protocol does not use channels. There are two mandatory
3188 statements: <cf/filename/ and <cf/period/.
3190 The behavior can be modified by following configuration parameters:
3193 <tag><label id="mrt-table">table <m/name/ | "<m/pattern/"</tag>
3194 Specify a routing table (or a set of routing tables described by a
3195 wildcard pattern) that are to be dumped by the MRT protocol instance.
3196 Default: the master table.
3198 <tag><label id="mrt-filter">filter { <m/filter commands/ }</tag>
3199 The MRT protocol allows to specify a filter that is applied to routes as
3200 they are dumped. Rejected routes are ignored and not saved to the MRT
3201 dump file. Default: no filter.
3203 <tag><label id="mrt-where">where <m/filter expression/</tag>
3204 An alternative way to specify a filter for the MRT protocol.
3206 <tag><label id="mrt-filename">filename "<m/filename/"</tag>
3207 Specify a filename for MRT dump files. The filename may contain time
3208 format sequences with <it/strftime(3)/ notation (see <it/man strftime/
3209 for details), there is also a sequence "%N" that is expanded to the name
3210 of dumped table. Therefore, each periodic dump of each table can be
3211 saved to a different file. Mandatory, see example below.
3213 <tag><label id="mrt-period">period <m/number/</tag>
3214 Specify the time interval (in seconds) between periodic dumps.
3217 <tag><label id="mrt-always-add-path">always add path <m/switch/</tag>
3218 The MRT format uses special records (specified in <rfc id="8050">) for
3219 routes received using BGP ADD_PATH extension to keep Path ID, while
3220 other routes use regular records. This has advantage of better
3221 compatibility with tools that do not know special records, but it loses
3222 information about which route is the best route. When this option is
3223 enabled, both ADD_PATH and non-ADD_PATH routes are stored in ADD_PATH
3224 records and order of routes for network is preserved. Default: disabled.
3228 <label id="mrt-exam">
3233 where source = RTS_BGP;
3234 filename "/var/log/bird/%N_%F_%T.mrt";
3244 <label id="ospf-intro">
3246 <p>Open Shortest Path First (OSPF) is a quite complex interior gateway
3247 protocol. The current IPv4 version (OSPFv2) is defined in <rfc id="2328"> and
3248 the current IPv6 version (OSPFv3) is defined in <rfc id="5340"> It's a link
3249 state (a.k.a. shortest path first) protocol -- each router maintains a database
3250 describing the autonomous system's topology. Each participating router has an
3251 identical copy of the database and all routers run the same algorithm
3252 calculating a shortest path tree with themselves as a root. OSPF chooses the
3253 least cost path as the best path.
3255 <p>In OSPF, the autonomous system can be split to several areas in order to
3256 reduce the amount of resources consumed for exchanging the routing information
3257 and to protect the other areas from incorrect routing data. Topology of the area
3258 is hidden to the rest of the autonomous system.
3260 <p>Another very important feature of OSPF is that it can keep routing information
3261 from other protocols (like Static or BGP) in its link state database as external
3262 routes. Each external route can be tagged by the advertising router, making it
3263 possible to pass additional information between routers on the boundary of the
3266 <p>OSPF quickly detects topological changes in the autonomous system (such as
3267 router interface failures) and calculates new loop-free routes after a short
3268 period of convergence. Only a minimal amount of routing traffic is involved.
3270 <p>Each router participating in OSPF routing periodically sends Hello messages
3271 to all its interfaces. This allows neighbors to be discovered dynamically. Then
3272 the neighbors exchange theirs parts of the link state database and keep it
3273 identical by flooding updates. The flooding process is reliable and ensures that
3274 each router detects all changes.
3276 <sect1>Configuration
3277 <label id="ospf-config">
3279 <p>First, the desired OSPF version can be specified by using <cf/ospf v2/ or
3280 <cf/ospf v3/ as a protocol type. By default, OSPFv2 is used. In the main part of
3281 configuration, there can be multiple definitions of OSPF areas, each with a
3282 different id. These definitions includes many other switches and multiple
3283 definitions of interfaces. Definition of interface may contain many switches and
3284 constant definitions and list of neighbors on nonbroadcast networks.
3286 <p>OSPFv2 needs one IPv4 channel. OSPFv3 needs either one IPv6 channel, or one
3287 IPv4 channel (<rfc id="5838">). Therefore, it is possible to use OSPFv3 for both
3288 IPv4 and Pv6 routing, but it is necessary to have two protocol instances anyway.
3289 If no channel is configured, appropriate channel is defined with default
3293 protocol ospf [v2|v3] <name> {
3294 rfc1583compat <switch>;
3295 rfc5838 <switch>;
3296 instance id <num>;
3297 stub router <switch>;
3299 ecmp <switch> [limit <num>];
3300 merge external <switch>;
3301 graceful restart <switch>|aware;
3302 graceful restart time <num>;
3306 summary <switch>;
3307 default nssa <switch>;
3308 default cost <num>;
3309 default cost2 <num>;
3310 translator <switch>;
3311 translator stability <num>;
3315 <prefix> hidden;
3319 <prefix> hidden;
3320 <prefix> tag <num>;
3322 stubnet <prefix>;
3323 stubnet <prefix> {
3324 hidden <switch>;
3325 summary <switch>;
3328 interface <interface pattern> [instance <num>] {
3330 stub <switch>;
3333 retransmit <num>;
3334 priority <num>;
3336 dead count <num>;
3338 secondary <switch>;
3339 rx buffer [normal|large|<num>];
3340 tx length <num>;
3341 type [broadcast|bcast|pointopoint|ptp|
3342 nonbroadcast|nbma|pointomultipoint|ptmp];
3343 link lsa suppression <switch>;
3344 strict nonbroadcast <switch>;
3345 real broadcast <switch>;
3346 ptp netmask <switch>;
3347 check link <switch>;
3349 ecmp weight <num>;
3350 ttl security [<switch>; | tx only]
3351 tx class|dscp <num>;
3352 tx priority <num>;
3353 authentication none|simple|cryptographic;
3354 password "<text>";
3355 password "<text>" {
3357 generate from "<date>";
3358 generate to "<date>";
3359 accept from "<date>";
3360 accept to "<date>";
3361 from "<date>";
3363 algorithm ( keyed md5 | keyed sha1 | hmac sha1 | hmac sha256 | hmac sha384 | hmac sha512 );
3367 <ip> eligible;
3370 virtual link <id> [instance <num>] {
3372 retransmit <num>;
3374 dead count <num>;
3376 authentication none|simple|cryptographic;
3377 password "<text>";
3378 password "<text>" {
3380 generate from "<date>";
3381 generate to "<date>";
3382 accept from "<date>";
3383 accept to "<date>";
3384 from "<date>";
3386 algorithm ( keyed md5 | keyed sha1 | hmac sha1 | hmac sha256 | hmac sha384 | hmac sha512 );
3394 <tag><label id="ospf-rfc1583compat">rfc1583compat <M>switch</M></tag>
3395 This option controls compatibility of routing table calculation with
3396 <rfc id="1583">. Default value is no.
3398 <tag><label id="ospf-rfc5838">rfc5838 <m/switch/</tag>
3399 Basic OSPFv3 is limited to IPv6 unicast routing. The <rfc id="5838">
3400 extension defines support for more address families (IPv4, IPv6, both
3401 unicast and multicast). The extension is enabled by default, but can be
3402 disabled if necessary, as it restricts the range of available instance
3403 IDs. Default value is yes.
3405 <tag><label id="ospf-instance-id">instance id <m/num/</tag>
3406 When multiple OSPF protocol instances are active on the same links, they
3407 should use different instance IDs to distinguish their packets. Although
3408 it could be done on per-interface basis, it is often preferred to set
3409 one instance ID to whole OSPF domain/topology (e.g., when multiple
3410 instances are used to represent separate logical topologies on the same
3411 physical network). This option specifies the instance ID for all
3412 interfaces of the OSPF instance, but can be overridden by
3413 <cf/interface/ option. Default value is 0 unless OSPFv3-AF extended
3414 address families are used, see <rfc id="5838"> for that case.
3416 <tag><label id="ospf-stub-router">stub router <M>switch</M></tag>
3417 This option configures the router to be a stub router, i.e., a router
3418 that participates in the OSPF topology but does not allow transit
3419 traffic. In OSPFv2, this is implemented by advertising maximum metric
3420 for outgoing links. In OSPFv3, the stub router behavior is announced by
3421 clearing the R-bit in the router LSA. See <rfc id="6987"> for details.
3422 Default value is no.
3424 <tag><label id="ospf-tick">tick <M>num</M></tag>
3425 The routing table calculation and clean-up of areas' databases is not
3426 performed when a single link state change arrives. To lower the CPU
3427 utilization, it's processed later at periodical intervals of <m/num/
3428 seconds. The default value is 1.
3430 <tag><label id="ospf-ecmp">ecmp <M>switch</M> [limit <M>number</M>]</tag>
3431 This option specifies whether OSPF is allowed to generate ECMP
3432 (equal-cost multipath) routes. Such routes are used when there are
3433 several directions to the destination, each with the same (computed)
3434 cost. This option also allows to specify a limit on maximum number of
3435 nexthops in one route. By default, ECMP is enabled if supported by
3436 Kernel. Default value of the limit is 16.
3438 <tag><label id="ospf-merge-external">merge external <M>switch</M></tag>
3439 This option specifies whether OSPF should merge external routes from
3440 different routers/LSAs for the same destination. When enabled together
3441 with <cf/ecmp/, equal-cost external routes will be combined to multipath
3442 routes in the same way as regular routes. When disabled, external routes
3443 from different LSAs are treated as separate even if they represents the
3444 same destination. Default value is no.
3446 <tag><label id="ospf-graceful-restart">graceful restart <m/switch/|aware</tag>
3447 When an OSPF instance is restarted, neighbors break adjacencies and
3448 recalculate their routing tables, which disrupts packet forwarding even
3449 when the forwarding plane of the restarting router remains intact.
3450 <rfc id="3623"> specifies a graceful restart mechanism to alleviate this
3451 issue. For OSPF graceful restart, restarting router originates
3452 Grace-LSAs, announcing intent to do graceful restart. Neighbors
3453 receiving these LSAs enter helper mode, in which they ignore breakdown
3454 of adjacencies, behave as if nothing is happening and keep old routes.
3455 When adjacencies are reestablished, the restarting router flushes
3456 Grace-LSAs and graceful restart is ended.
3458 This option controls the graceful restart mechanism. It has three
3459 states: Disabled, when no support is provided. Aware, when graceful
3460 restart helper mode is supported, but no local graceful restart is
3461 allowed (i.e. helper-only role). Enabled, when the full graceful restart
3462 support is provided (i.e. both restarting and helper role). Note that
3463 proper support for local graceful restart requires also configuration of
3464 other protocols. Default: aware.
3466 <tag><label id="ospf-graceful-restart-time">graceful restart time <m/num/</tag>
3467 The restart time is announced in the Grace-LSA and specifies how long
3468 neighbors should wait for proper end of the graceful restart before
3469 exiting helper mode prematurely. Default: 120 seconds.
3471 <tag><label id="ospf-area">area <M>id</M></tag>
3472 This defines an OSPF area with given area ID (an integer or an IPv4
3473 address, similarly to a router ID). The most important area is the
3474 backbone (ID 0) to which every other area must be connected.
3476 <tag><label id="ospf-stub">stub</tag>
3477 This option configures the area to be a stub area. External routes are
3478 not flooded into stub areas. Also summary LSAs can be limited in stub
3479 areas (see option <cf/summary/). By default, the area is not a stub
3482 <tag><label id="ospf-nssa">nssa</tag>
3483 This option configures the area to be a NSSA (Not-So-Stubby Area). NSSA
3484 is a variant of a stub area which allows a limited way of external route
3485 propagation. Global external routes are not propagated into a NSSA, but
3486 an external route can be imported into NSSA as a (area-wide) NSSA-LSA
3487 (and possibly translated and/or aggregated on area boundary). By
3488 default, the area is not NSSA.
3490 <tag><label id="ospf-summary">summary <M>switch</M></tag>
3491 This option controls propagation of summary LSAs into stub or NSSA
3492 areas. If enabled, summary LSAs are propagated as usual, otherwise just
3493 the default summary route (0.0.0.0/0) is propagated (this is sometimes
3494 called totally stubby area). If a stub area has more area boundary
3495 routers, propagating summary LSAs could lead to more efficient routing
3496 at the cost of larger link state database. Default value is no.
3498 <tag><label id="ospf-default-nssa">default nssa <M>switch</M></tag>
3499 When <cf/summary/ option is enabled, default summary route is no longer
3500 propagated to the NSSA. In that case, this option allows to originate
3501 default route as NSSA-LSA to the NSSA. Default value is no.
3503 <tag><label id="ospf-default-cost">default cost <M>num</M></tag>
3504 This option controls the cost of a default route propagated to stub and
3505 NSSA areas. Default value is 1000.
3507 <tag><label id="ospf-default-cost2">default cost2 <M>num</M></tag>
3508 When a default route is originated as NSSA-LSA, its cost can use either
3509 type 1 or type 2 metric. This option allows to specify the cost of a
3510 default route in type 2 metric. By default, type 1 metric (option
3511 <cf/default cost/) is used.
3513 <tag><label id="ospf-translator">translator <M>switch</M></tag>
3514 This option controls translation of NSSA-LSAs into external LSAs. By
3515 default, one translator per NSSA is automatically elected from area
3516 boundary routers. If enabled, this area boundary router would
3517 unconditionally translate all NSSA-LSAs regardless of translator
3518 election. Default value is no.
3520 <tag><label id="ospf-translator-stability">translator stability <M>num</M></tag>
3521 This option controls the translator stability interval (in seconds).
3522 When the new translator is elected, the old one keeps translating until
3523 the interval is over. Default value is 40.
3525 <tag><label id="ospf-networks">networks { <m/set/ }</tag>
3526 Definition of area IP ranges. This is used in summary LSA origination.
3527 Hidden networks are not propagated into other areas.
3529 <tag><label id="ospf-external">external { <m/set/ }</tag>
3530 Definition of external area IP ranges for NSSAs. This is used for
3531 NSSA-LSA translation. Hidden networks are not translated into external
3532 LSAs. Networks can have configured route tag.
3534 <tag><label id="ospf-stubnet">stubnet <m/prefix/ { <m/options/ }</tag>
3535 Stub networks are networks that are not transit networks between OSPF
3536 routers. They are also propagated through an OSPF area as a part of a
3537 link state database. By default, BIRD generates a stub network record
3538 for each primary network address on each OSPF interface that does not
3539 have any OSPF neighbors, and also for each non-primary network address
3540 on each OSPF interface. This option allows to alter a set of stub
3541 networks propagated by this router.
3543 Each instance of this option adds a stub network with given network
3544 prefix to the set of propagated stub network, unless option <cf/hidden/
3545 is used. It also suppresses default stub networks for given network
3546 prefix. When option <cf/summary/ is used, also default stub networks
3547 that are subnetworks of given stub network are suppressed. This might be
3548 used, for example, to aggregate generated stub networks.
3550 <tag><label id="ospf-iface">interface <M>pattern</M> [instance <m/num/]</tag>
3551 Defines that the specified interfaces belong to the area being defined.
3552 See <ref id="proto-iface" name="interface"> common option for detailed
3553 description. In OSPFv2, extended interface clauses are used, because
3554 each network prefix is handled as a separate virtual interface.
3556 You can specify alternative instance ID for the interface definition,
3557 therefore it is possible to have several instances of that interface
3558 with different options or even in different areas. For OSPFv2, instance
3559 ID support is an extension (<rfc id="6549">) and is supposed to be set
3560 per-protocol. For OSPFv3, it is an integral feature.
3562 <tag><label id="ospf-virtual-link">virtual link <M>id</M> [instance <m/num/]</tag>
3563 Virtual link to router with the router id. Virtual link acts as a
3564 point-to-point interface belonging to backbone. The actual area is used
3565 as a transport area. This item cannot be in the backbone. Like with
3566 <cf/interface/ option, you could also use several virtual links to one
3567 destination with different instance IDs.
3569 <tag><label id="ospf-cost">cost <M>num</M></tag>
3570 Specifies output cost (metric) of an interface. Default value is 10.
3572 <tag><label id="ospf-stub-iface">stub <M>switch</M></tag>
3573 If set to interface it does not listen to any packet and does not send
3574 any hello. Default value is no.
3576 <tag><label id="ospf-hello">hello <M>num</M></tag>
3577 Specifies interval in seconds between sending of Hello messages. Beware,
3578 all routers on the same network need to have the same hello interval.
3579 Default value is 10.
3581 <tag><label id="ospf-poll">poll <M>num</M></tag>
3582 Specifies interval in seconds between sending of Hello messages for some
3583 neighbors on NBMA network. Default value is 20.
3585 <tag><label id="ospf-retransmit">retransmit <M>num</M></tag>
3586 Specifies interval in seconds between retransmissions of unacknowledged
3587 updates. Default value is 5.
3589 <tag><label id="ospf-transmit-delay">transmit delay <M>num</M></tag>
3590 Specifies estimated transmission delay of link state updates send over
3591 the interface. The value is added to LSA age of LSAs propagated through
3592 it. Default value is 1.
3594 <tag><label id="ospf-priority">priority <M>num</M></tag>
3595 On every multiple access network (e.g., the Ethernet) Designated Router
3596 and Backup Designated router are elected. These routers have some special
3597 functions in the flooding process. Higher priority increases preferences
3598 in this election. Routers with priority 0 are not eligible. Default
3601 <tag><label id="ospf-wait">wait <M>num</M></tag>
3602 After start, router waits for the specified number of seconds between
3603 starting election and building adjacency. Default value is 4*<m/hello/.
3605 <tag><label id="ospf-dead-count">dead count <M>num</M></tag>
3606 When the router does not receive any messages from a neighbor in
3607 <m/dead count/*<m/hello/ seconds, it will consider the neighbor down.
3609 <tag><label id="ospf-dead">dead <M>num</M></tag>
3610 When the router does not receive any messages from a neighbor in
3611 <m/dead/ seconds, it will consider the neighbor down. If both directives
3612 <cf/dead count/ and <cf/dead/ are used, <cf/dead/ has precedence.
3614 <tag><label id="ospf-rx-buffer">rx buffer <M>num</M></tag>
3615 This option allows to specify the size of buffers used for packet
3616 processing. The buffer size should be bigger than maximal size of any
3617 packets. By default, buffers are dynamically resized as needed, but a
3618 fixed value could be specified. Value <cf/large/ means maximal allowed
3619 packet size - 65535.
3621 <tag><label id="ospf-tx-length">tx length <M>num</M></tag>
3622 Transmitted OSPF messages that contain large amount of information are
3623 segmented to separate OSPF packets to avoid IP fragmentation. This
3624 option specifies the soft ceiling for the length of generated OSPF
3625 packets. Default value is the MTU of the network interface. Note that
3626 larger OSPF packets may still be generated if underlying OSPF messages
3627 cannot be splitted (e.g. when one large LSA is propagated).
3629 <tag><label id="ospf-type-bcast">type broadcast|bcast</tag>
3630 BIRD detects a type of a connected network automatically, but sometimes
3631 it's convenient to force use of a different type manually. On broadcast
3632 networks (like ethernet), flooding and Hello messages are sent using
3633 multicasts (a single packet for all the neighbors). A designated router
3634 is elected and it is responsible for synchronizing the link-state
3635 databases and originating network LSAs. This network type cannot be used
3636 on physically NBMA networks and on unnumbered networks (networks without
3639 <tag><label id="ospf-type-ptp">type pointopoint|ptp</tag>
3640 Point-to-point networks connect just 2 routers together. No election is
3641 performed and no network LSA is originated, which makes it simpler and
3642 faster to establish. This network type is useful not only for physically
3643 PtP ifaces (like PPP or tunnels), but also for broadcast networks used
3644 as PtP links. This network type cannot be used on physically NBMA
3647 <tag><label id="ospf-type-nbma">type nonbroadcast|nbma</tag>
3648 On NBMA networks, the packets are sent to each neighbor separately
3649 because of lack of multicast capabilities. Like on broadcast networks,
3650 a designated router is elected, which plays a central role in propagation
3651 of LSAs. This network type cannot be used on unnumbered networks.
3653 <tag><label id="ospf-type-ptmp">type pointomultipoint|ptmp</tag>
3654 This is another network type designed to handle NBMA networks. In this
3655 case the NBMA network is treated as a collection of PtP links. This is
3656 useful if not every pair of routers on the NBMA network has direct
3657 communication, or if the NBMA network is used as an (possibly
3658 unnumbered) PtP link.
3660 <tag><label id="ospf-link-lsa-suppression">link lsa suppression <m/switch/</tag>
3661 In OSPFv3, link LSAs are generated for each link, announcing link-local
3662 IPv6 address of the router to its local neighbors. These are useless on
3663 PtP or PtMP networks and this option allows to suppress the link LSA
3664 origination for such interfaces. The option is ignored on other than PtP
3665 or PtMP interfaces. Default value is no.
3667 <tag><label id="ospf-strict-nonbroadcast">strict nonbroadcast <m/switch/</tag>
3668 If set, don't send hello to any undefined neighbor. This switch is
3669 ignored on other than NBMA or PtMP interfaces. Default value is no.
3671 <tag><label id="ospf-real-broadcast">real broadcast <m/switch/</tag>
3672 In <cf/type broadcast/ or <cf/type ptp/ network configuration, OSPF
3673 packets are sent as IP multicast packets. This option changes the
3674 behavior to using old-fashioned IP broadcast packets. This may be useful
3675 as a workaround if IP multicast for some reason does not work or does
3676 not work reliably. This is a non-standard option and probably is not
3677 interoperable with other OSPF implementations. Default value is no.
3679 <tag><label id="ospf-ptp-netmask">ptp netmask <m/switch/</tag>
3680 In <cf/type ptp/ network configurations, OSPFv2 implementations should
3681 ignore received netmask field in hello packets and should send hello
3682 packets with zero netmask field on unnumbered PtP links. But some OSPFv2
3683 implementations perform netmask checking even for PtP links. This option
3684 specifies whether real netmask will be used in hello packets on <cf/type
3685 ptp/ interfaces. You should ignore this option unless you meet some
3686 compatibility problems related to this issue. Default value is no for
3687 unnumbered PtP links, yes otherwise.
3689 <tag><label id="ospf-check-link">check link <M>switch</M></tag>
3690 If set, a hardware link state (reported by OS) is taken into consideration.
3691 When a link disappears (e.g. an ethernet cable is unplugged), neighbors
3692 are immediately considered unreachable and only the address of the iface
3693 (instead of whole network prefix) is propagated. It is possible that
3694 some hardware drivers or platforms do not implement this feature.
3695 Default value is yes.
3697 <tag><label id="ospf-bfd">bfd <M>switch</M></tag>
3698 OSPF could use BFD protocol as an advisory mechanism for neighbor
3699 liveness and failure detection. If enabled, BIRD setups a BFD session
3700 for each OSPF neighbor and tracks its liveness by it. This has an
3701 advantage of an order of magnitude lower detection times in case of
3702 failure. Note that BFD protocol also has to be configured, see
3703 <ref id="bfd" name="BFD"> section for details. Default value is no.
3705 <tag><label id="ospf-ttl-security">ttl security [<m/switch/ | tx only]</tag>
3706 TTL security is a feature that protects routing protocols from remote
3707 spoofed packets by using TTL 255 instead of TTL 1 for protocol packets
3708 destined to neighbors. Because TTL is decremented when packets are
3709 forwarded, it is non-trivial to spoof packets with TTL 255 from remote
3710 locations. Note that this option would interfere with OSPF virtual
3713 If this option is enabled, the router will send OSPF packets with TTL
3714 255 and drop received packets with TTL less than 255. If this option si
3715 set to <cf/tx only/, TTL 255 is used for sent packets, but is not
3716 checked for received packets. Default value is no.
3718 <tag><label id="ospf-tx-class">tx class|dscp|priority <m/num/</tag>
3719 These options specify the ToS/DiffServ/Traffic class/Priority of the
3720 outgoing OSPF packets. See <ref id="proto-tx-class" name="tx class"> common
3721 option for detailed description.
3723 <tag><label id="ospf-ecmp-weight">ecmp weight <M>num</M></tag>
3724 When ECMP (multipath) routes are allowed, this value specifies a
3725 relative weight used for nexthops going through the iface. Allowed
3726 values are 1-256. Default value is 1.
3728 <tag><label id="ospf-auth-none">authentication none</tag>
3729 No passwords are sent in OSPF packets. This is the default value.
3731 <tag><label id="ospf-auth-simple">authentication simple</tag>
3732 Every packet carries 8 bytes of password. Received packets lacking this
3733 password are ignored. This authentication mechanism is very weak.
3734 This option is not available in OSPFv3.
3736 <tag><label id="ospf-auth-cryptographic">authentication cryptographic</tag>
3737 An authentication code is appended to every packet. The specific
3738 cryptographic algorithm is selected by option <cf/algorithm/ for each
3739 key. The default cryptographic algorithm for OSPFv2 keys is Keyed-MD5
3740 and for OSPFv3 keys is HMAC-SHA-256. Passwords are not sent open via
3741 network, so this mechanism is quite secure. Packets can still be read by
3744 <tag><label id="ospf-pass">password "<M>text</M>"</tag>
3745 Specifies a password used for authentication. See
3746 <ref id="proto-pass" name="password"> common option for detailed
3749 <tag><label id="ospf-neighbors">neighbors { <m/set/ } </tag>
3750 A set of neighbors to which Hello messages on NBMA or PtMP networks are
3751 to be sent. For NBMA networks, some of them could be marked as eligible.
3752 In OSPFv3, link-local addresses should be used, using global ones is
3753 possible, but it is nonstandard and might be problematic. And definitely,
3754 link-local and global addresses should not be mixed.
3758 <label id="ospf-attr">
3760 <p>OSPF defines four route attributes. Each internal route has a <cf/metric/.
3762 <p>Metric is ranging from 1 to infinity (65535). External routes use
3763 <cf/metric type 1/ or <cf/metric type 2/. A <cf/metric of type 1/ is comparable
3764 with internal <cf/metric/, a <cf/metric of type 2/ is always longer than any
3765 <cf/metric of type 1/ or any <cf/internal metric/. <cf/Internal metric/ or
3766 <cf/metric of type 1/ is stored in attribute <cf/ospf_metric1/, <cf/metric type
3767 2/ is stored in attribute <cf/ospf_metric2/.
3769 When both metrics are specified then <cf/metric of type 2/ is used. This is
3770 relevant e.g. when a type 2 external route is propagated from one OSPF domain to
3771 another and <cf/ospf_metric1/ is an internal distance to the original ASBR,
3772 while <cf/ospf_metric2/ stores the type 2 metric. Note that in such cases if
3773 <cf/ospf_metric1/ is non-zero then <cf/ospf_metric2/ is increased by one to
3774 ensure monotonicity of metric, as internal distance is reset to zero when an
3775 external route is announced.
3777 <p>Each external route can also carry attribute <cf/ospf_tag/ which is a 32-bit
3778 integer which is used when exporting routes to other protocols; otherwise, it
3779 doesn't affect routing inside the OSPF domain at all. The fourth attribute
3780 <cf/ospf_router_id/ is a router ID of the router advertising that route /
3781 network. This attribute is read-only. Default is <cf/ospf_metric2 = 10000/ and
3785 <label id="ospf-exam">
3788 protocol ospf MyOSPF {
3791 if source = RTS_BGP then {
3804 authentication simple;
3809 authentication cryptographic;
3812 generate to "22-04-2003 11:00:06";
3813 accept from "17-01-2001 12:01:05";
3814 algorithm hmac sha384;
3818 generate to "22-07-2005 17:03:21";
3819 accept from "22-02-2001 11:34:06";
3820 algorithm hmac sha512;
3833 172.16.2.0/24 hidden;
3835 interface "-arc0" , "arc*" {
3837 authentication none;
3838 strict nonbroadcast yes;
3843 192.168.120.1 eligible;
3856 <label id="perf-intro">
3858 <p>The Perf protocol is a generator of fake routes together with a time measurement
3859 framework. Its purpose is to check BIRD performance and to benchmark filters.
3861 <p>Import mode of this protocol runs in several steps. In each step, it generates 2^x routes,
3862 imports them into the appropriate table and withdraws them. The exponent x is configurable.
3863 It runs the benchmark several times for the same x, then it increases x by one
3864 until it gets too high, then it stops.
3866 <p>Export mode of this protocol repeats route refresh from table and measures how long it takes.
3868 <p>Output data is logged on info level. There is a Perl script <cf>proto/perf/parse.pl</cf>
3869 which may be handy to parse the data and draw some plots.
3871 <p>Implementation of this protocol is experimental. Use with caution and do not keep
3872 any instance of Perf in production configs for long time. The config interface is also unstable
3873 and may change in future versions without warning.
3875 <sect1>Configuration
3876 <label id="perf-config">
3879 <tag><label id="perf-mode">mode import|export</tag>
3880 Set perf mode. Default: import
3882 <tag><label id="perf-repeat">repeat <m/number/</tag>
3883 Run this amount of iterations of the benchmark for every amount step. Default: 4
3885 <tag><label id="perf-from">exp from <m/number/</tag>
3886 Begin benchmarking on this exponent for number of generated routes in one step.
3889 <tag><label id="perf-to">exp to <m/number/</tag>
3890 Stop benchmarking on this exponent. Default: 20
3892 <tag><label id="perf-threshold-min">threshold min <m/time/</tag>
3893 If a run for the given exponent took less than this time for route import,
3894 increase the exponent immediately. Default: 1 ms
3896 <tag><label id="perf-threshold-max">threshold max <m/time/</tag>
3897 If every run for the given exponent took at least this time for route import,
3898 stop benchmarking. Default: 500 ms
3905 <label id="pipe-intro">
3907 <p>The Pipe protocol serves as a link between two routing tables, allowing
3908 routes to be passed from a table declared as primary (i.e., the one the pipe is
3909 connected to using the <cf/table/ configuration keyword) to the secondary one
3910 (declared using <cf/peer table/) and vice versa, depending on what's allowed by
3911 the filters. Export filters control export of routes from the primary table to
3912 the secondary one, import filters control the opposite direction. Both tables
3913 must be of the same nettype.
3915 <p>The Pipe protocol retransmits all routes from one table to the other table,
3916 retaining their original source and attributes. If import and export filters
3917 are set to accept, then both tables would have the same content.
3919 <p>The primary use of multiple routing tables and the Pipe protocol is for
3920 policy routing, where handling of a single packet doesn't depend only on its
3921 destination address, but also on its source address, source interface, protocol
3922 type and other similar parameters. In many systems (Linux being a good example),
3923 the kernel allows to enforce routing policies by defining routing rules which
3924 choose one of several routing tables to be used for a packet according to its
3925 parameters. Setting of these rules is outside the scope of BIRD's work (on
3926 Linux, you can use the <tt/ip/ command), but you can create several routing
3927 tables in BIRD, connect them to the kernel ones, use filters to control which
3928 routes appear in which tables and also you can employ the Pipe protocol for
3929 exporting a selected subset of one table to another one.
3931 <sect1>Configuration
3932 <label id="pipe-config">
3934 <p>Essentially, the Pipe protocol is just a channel connected to a table on both
3935 sides. Therefore, the configuration block for <cf/protocol pipe/ shall directly
3936 include standard channel config options; see the example below.
3939 <tag><label id="pipe-peer-table">peer table <m/table/</tag>
3940 Defines secondary routing table to connect to. The primary one is
3941 selected by the <cf/table/ keyword.
3945 <label id="pipe-attr">
3947 <p>The Pipe protocol doesn't define any route attributes.
3950 <label id="pipe-exam">
3952 <p>Let's consider a router which serves as a boundary router of two different
3953 autonomous systems, each of them connected to a subset of interfaces of the
3954 router, having its own exterior connectivity and wishing to use the other AS as
3955 a backup connectivity in case of outage of its own exterior line.
3957 <p>Probably the simplest solution to this situation is to use two routing tables
3958 (we'll call them <cf/as1/ and <cf/as2/) and set up kernel routing rules, so that
3959 packets having arrived from interfaces belonging to the first AS will be routed
3960 according to <cf/as1/ and similarly for the second AS. Thus we have split our
3961 router to two logical routers, each one acting on its own routing table, having
3962 its own routing protocols on its own interfaces. In order to use the other AS's
3963 routes for backup purposes, we can pass the routes between the tables through a
3964 Pipe protocol while decreasing their preferences and correcting their BGP paths
3965 to reflect the AS boundary crossing.
3968 ipv4 table as1; # Define the tables
3971 protocol kernel kern1 { # Synchronize them with the kernel
3972 ipv4 { table as1; export all; };
3976 protocol kernel kern2 {
3977 ipv4 { table as2; export all; };
3981 protocol bgp bgp1 { # The outside connections
3982 ipv4 { table as1; import all; export all; };
3984 neighbor 192.168.0.1 as 1001;
3988 ipv4 { table as2; import all; export all; };
3990 neighbor 10.0.0.1 as 1002;
3993 protocol pipe { # The Pipe
3997 if net ~ [ 1.0.0.0/8+] then { # Only AS1 networks
3998 if preference>10 then preference = preference-10;
3999 if source=RTS_BGP then bgp_path.prepend(1);
4005 if net ~ [ 2.0.0.0/8+] then { # Only AS2 networks
4006 if preference>10 then preference = preference-10;
4007 if source=RTS_BGP then bgp_path.prepend(2);
4020 <label id="radv-intro">
4022 <p>The RAdv protocol is an implementation of Router Advertisements, which are
4023 used in the IPv6 stateless autoconfiguration. IPv6 routers send (in irregular
4024 time intervals or as an answer to a request) advertisement packets to connected
4025 networks. These packets contain basic information about a local network (e.g. a
4026 list of network prefixes), which allows network hosts to autoconfigure network
4027 addresses and choose a default route. BIRD implements router behavior as defined
4028 in <rfc id="4861">, router preferences and specific routes (<rfc id="4191">),
4029 and DNS extensions (<rfc id="6106">).
4031 <p>The RAdv protocols supports just IPv6 channel.
4033 <sect1>Configuration
4034 <label id="radv-config">
4036 <p>There are several classes of definitions in RAdv configuration -- interface
4037 definitions, prefix definitions and DNS definitions:
4040 <tag><label id="radv-iface">interface <m/pattern/ [, <m/.../] { <m/options/ }</tag>
4041 Interface definitions specify a set of interfaces on which the
4042 protocol is activated and contain interface specific options.
4043 See <ref id="proto-iface" name="interface"> common options for
4044 detailed description.
4046 <tag><label id="radv-prefix">prefix <m/prefix/ { <m/options/ }</tag>
4047 Prefix definitions allow to modify a list of advertised prefixes. By
4048 default, the advertised prefixes are the same as the network prefixes
4049 assigned to the interface. For each network prefix, the matching prefix
4050 definition is found and its options are used. If no matching prefix
4051 definition is found, the prefix is used with default options.
4053 Prefix definitions can be either global or interface-specific. The
4054 second ones are part of interface options. The prefix definition
4055 matching is done in the first-match style, when interface-specific
4056 definitions are processed before global definitions. As expected, the
4057 prefix definition is matching if the network prefix is a subnet of the
4058 prefix in prefix definition.
4060 <tag><label id="radv-rdnss">rdnss { <m/options/ }</tag>
4061 RDNSS definitions allow to specify a list of advertised recursive DNS
4062 servers together with their options. As options are seldom necessary,
4063 there is also a short variant <cf>rdnss <m/address/</cf> that just
4064 specifies one DNS server. Multiple definitions are cumulative. RDNSS
4065 definitions may also be interface-specific when used inside interface
4066 options. By default, interface uses both global and interface-specific
4067 options, but that can be changed by <cf/rdnss local/ option.
4069 <tag><label id="radv-dnssl">dnssl { <m/options/ }</tag>
4070 DNSSL definitions allow to specify a list of advertised DNS search
4071 domains together with their options. Like <cf/rdnss/ above, multiple
4072 definitions are cumulative, they can be used also as interface-specific
4073 options and there is a short variant <cf>dnssl <m/domain/</cf> that just
4074 specifies one DNS search domain.
4076 <tag><label id="radv-trigger">trigger <m/prefix/</tag>
4077 RAdv protocol could be configured to change its behavior based on
4078 availability of routes. When this option is used, the protocol waits in
4079 suppressed state until a <it/trigger route/ (for the specified network)
4080 is exported to the protocol, the protocol also returns to suppressed
4081 state if the <it/trigger route/ disappears. Note that route export
4082 depends on specified export filter, as usual. This option could be used,
4083 e.g., for handling failover in multihoming scenarios.
4085 During suppressed state, router advertisements are generated, but with
4086 some fields zeroed. Exact behavior depends on which fields are zeroed,
4087 this can be configured by <cf/sensitive/ option for appropriate
4088 fields. By default, just <cf/default lifetime/ (also called <cf/router
4089 lifetime/) is zeroed, which means hosts cannot use the router as a
4090 default router. <cf/preferred lifetime/ and <cf/valid lifetime/ could
4091 also be configured as <cf/sensitive/ for a prefix, which would cause
4092 autoconfigured IPs to be deprecated or even removed.
4094 <tag><label id="radv-propagate-routes">propagate routes <m/switch/</tag>
4095 This option controls propagation of more specific routes, as defined in
4096 <rfc id="4191">. If enabled, all routes exported to the RAdv protocol,
4097 with the exception of the trigger prefix, are added to advertisments as
4098 additional options. The lifetime and preference of advertised routes can
4099 be set individually by <cf/ra_lifetime/ and <cf/ra_preference/ route
4100 attributes, or per interface by <cf/route lifetime/ and
4101 <cf/route preference/ options. Default: disabled.
4103 Note that the RFC discourages from sending more than 17 routes and
4104 recommends the routes to be configured manually.
4107 <p>Interface specific options:
4110 <tag><label id="radv-iface-max-ra-interval">max ra interval <m/expr/</tag>
4111 Unsolicited router advertisements are sent in irregular time intervals.
4112 This option specifies the maximum length of these intervals, in seconds.
4113 Valid values are 4-1800. Default: 600
4115 <tag><label id="radv-iface-min-ra-interval">min ra interval <m/expr/</tag>
4116 This option specifies the minimum length of that intervals, in seconds.
4117 Must be at least 3 and at most 3/4 * <cf/max ra interval/. Default:
4118 about 1/3 * <cf/max ra interval/.
4120 <tag><label id="radv-iface-min-delay">min delay <m/expr/</tag>
4121 The minimum delay between two consecutive router advertisements, in
4124 <tag><label id="radv-iface-managed">managed <m/switch/</tag>
4125 This option specifies whether hosts should use DHCPv6 for IP address
4126 configuration. Default: no
4128 <tag><label id="radv-iface-other-config">other config <m/switch/</tag>
4129 This option specifies whether hosts should use DHCPv6 to receive other
4130 configuration information. Default: no
4132 <tag><label id="radv-iface-link-mtu">link mtu <m/expr/</tag>
4133 This option specifies which value of MTU should be used by hosts. 0
4134 means unspecified. Default: 0
4136 <tag><label id="radv-iface-reachable-time">reachable time <m/expr/</tag>
4137 This option specifies the time (in milliseconds) how long hosts should
4138 assume a neighbor is reachable (from the last confirmation). Maximum is
4139 3600000, 0 means unspecified. Default 0.
4141 <tag><label id="radv-iface-retrans-timer">retrans timer <m/expr/</tag>
4142 This option specifies the time (in milliseconds) how long hosts should
4143 wait before retransmitting Neighbor Solicitation messages. 0 means
4144 unspecified. Default 0.
4146 <tag><label id="radv-iface-current-hop-limit">current hop limit <m/expr/</tag>
4147 This option specifies which value of Hop Limit should be used by
4148 hosts. Valid values are 0-255, 0 means unspecified. Default: 64
4150 <tag><label id="radv-iface-default-lifetime">default lifetime <m/expr/ [sensitive <m/switch/]</tag>
4151 This option specifies the time (in seconds) how long (since the receipt
4152 of RA) hosts may use the router as a default router. 0 means do not use
4153 as a default router. For <cf/sensitive/ option, see <ref id="radv-trigger" name="trigger">.
4154 Default: 3 * <cf/max ra interval/, <cf/sensitive/ yes.
4156 <tag><label id="radv-iface-default-preference">default preference low|medium|high</tag>
4157 This option specifies the Default Router Preference value to advertise
4158 to hosts. Default: medium.
4160 <tag><label id="radv-iface-route-lifetime">route lifetime <m/expr/ [sensitive <m/switch/]</tag>
4161 This option specifies the default value of advertised lifetime for
4162 specific routes; i.e., the time (in seconds) for how long (since the
4163 receipt of RA) hosts should consider these routes valid. A special value
4164 0xffffffff represents infinity. The lifetime can be overriden on a per
4165 route basis by the <ref id="rta-ra-lifetime" name="ra_lifetime"> route
4166 attribute. Default: 3 * <cf/max ra interval/, <cf/sensitive/ no.
4168 For the <cf/sensitive/ option, see <ref id="radv-trigger" name="trigger">.
4169 If <cf/sensitive/ is enabled, even the routes with the <cf/ra_lifetime/
4170 attribute become sensitive to the trigger.
4172 <tag><label id="radv-iface-route-preference">route preference low|medium|high</tag>
4173 This option specifies the default value of advertised route preference
4174 for specific routes. The value can be overriden on a per route basis by
4175 the <ref id="rta-ra-preference" name="ra_preference"> route attribute.
4178 <tag><label id="radv-prefix-linger-time">prefix linger time <m/expr/</tag>
4179 When a prefix or a route disappears, it is advertised for some time with
4180 zero lifetime, to inform clients it is no longer valid. This option
4181 specifies the time (in seconds) for how long prefixes are advertised
4182 that way. Default: 3 * <cf/max ra interval/.
4184 <tag><label id="radv-route-linger-time">route linger time <m/expr/</tag>
4185 When a prefix or a route disappears, it is advertised for some time with
4186 zero lifetime, to inform clients it is no longer valid. This option
4187 specifies the time (in seconds) for how long routes are advertised
4188 that way. Default: 3 * <cf/max ra interval/.
4190 <tag><label id="radv-iface-rdnss-local">rdnss local <m/switch/</tag>
4191 Use only local (interface-specific) RDNSS definitions for this
4192 interface. Otherwise, both global and local definitions are used. Could
4193 also be used to disable RDNSS for given interface if no local definitons
4194 are specified. Default: no.
4196 <tag><label id="radv-iface-dnssl-local">dnssl local <m/switch/</tag>
4197 Use only local DNSSL definitions for this interface. See <cf/rdnss local/
4198 option above. Default: no.
4201 <p>Prefix specific options
4204 <tag><label id="radv-prefix-skip">skip <m/switch/</tag>
4205 This option allows to specify that given prefix should not be
4206 advertised. This is useful for making exceptions from a default policy
4207 of advertising all prefixes. Note that for withdrawing an already
4208 advertised prefix it is more useful to advertise it with zero valid
4209 lifetime. Default: no
4211 <tag><label id="radv-prefix-onlink">onlink <m/switch/</tag>
4212 This option specifies whether hosts may use the advertised prefix for
4213 onlink determination. Default: yes
4215 <tag><label id="radv-prefix-autonomous">autonomous <m/switch/</tag>
4216 This option specifies whether hosts may use the advertised prefix for
4217 stateless autoconfiguration. Default: yes
4219 <tag><label id="radv-prefix-valid-lifetime">valid lifetime <m/expr/ [sensitive <m/switch/]</tag>
4220 This option specifies the time (in seconds) how long (after the
4221 receipt of RA) the prefix information is valid, i.e., autoconfigured
4222 IP addresses can be assigned and hosts with that IP addresses are
4223 considered directly reachable. 0 means the prefix is no longer
4224 valid. For <cf/sensitive/ option, see <ref id="radv-trigger" name="trigger">.
4225 Default: 86400 (1 day), <cf/sensitive/ no.
4227 <tag><label id="radv-prefix-preferred-lifetime">preferred lifetime <m/expr/ [sensitive <m/switch/]</tag>
4228 This option specifies the time (in seconds) how long (after the
4229 receipt of RA) IP addresses generated from the prefix using stateless
4230 autoconfiguration remain preferred. For <cf/sensitive/ option,
4231 see <ref id="radv-trigger" name="trigger">. Default: 14400 (4 hours),
4235 <p>RDNSS specific options:
4238 <tag><label id="radv-rdnss-ns">ns <m/address/</tag>
4239 This option specifies one recursive DNS server. Can be used multiple
4240 times for multiple servers. It is mandatory to have at least one
4241 <cf/ns/ option in <cf/rdnss/ definition.
4243 <tag><label id="radv-rdnss-lifetime">lifetime [mult] <m/expr/</tag>
4244 This option specifies the time how long the RDNSS information may be
4245 used by clients after the receipt of RA. It is expressed either in
4246 seconds or (when <cf/mult/ is used) in multiples of <cf/max ra
4247 interval/. Note that RDNSS information is also invalidated when
4248 <cf/default lifetime/ expires. 0 means these addresses are no longer
4249 valid DNS servers. Default: 3 * <cf/max ra interval/.
4252 <p>DNSSL specific options:
4255 <tag><label id="radv-dnssl-domain">domain <m/address/</tag>
4256 This option specifies one DNS search domain. Can be used multiple times
4257 for multiple domains. It is mandatory to have at least one <cf/domain/
4258 option in <cf/dnssl/ definition.
4260 <tag><label id="radv-dnssl-lifetime">lifetime [mult] <m/expr/</tag>
4261 This option specifies the time how long the DNSSL information may be
4262 used by clients after the receipt of RA. Details are the same as for
4263 RDNSS <cf/lifetime/ option above. Default: 3 * <cf/max ra interval/.
4267 <label id="radv-attr">
4269 <p>RAdv defines two route attributes:
4272 <tag><label id="rta-ra-preference">enum ra_preference</tag>
4273 The preference of the route. The value can be <it/RA_PREF_LOW/,
4274 <it/RA_PREF_MEDIUM/ or <it/RA_PREF_HIGH/. If the attribute is not set,
4275 the <ref id="radv-iface-route-preference" name="route preference">
4278 <tag><label id="rta-ra-lifetime">int ra_lifetime</tag>
4279 The advertised lifetime of the route, in seconds. The special value of
4280 0xffffffff represents infinity. If the attribute is not set, the
4281 <ref id="radv-iface-route-lifetime" name="route lifetime">
4286 <label id="radv-exam">
4289 ipv6 table radv_routes; # Manually configured routes go here
4292 ipv6 { table radv_routes; };
4294 route 2001:0DB8:4000::/48 unreachable;
4295 route 2001:0DB8:4010::/48 unreachable;
4297 route 2001:0DB8:4020::/48 unreachable {
4298 ra_preference = RA_PREF_HIGH;
4304 propagate routes yes; # Propagate the routes from the radv_routes table
4305 ipv6 { table radv_routes; export all; };
4308 max ra interval 5; # Fast failover with more routers
4309 managed yes; # Using DHCPv6 on eth2
4311 autonomous off; # So do not autoconfigure any IP
4315 interface "eth*"; # No need for any other options
4317 prefix 2001:0DB8:1234::/48 {
4318 preferred lifetime 0; # Deprecated address range
4321 prefix 2001:0DB8:2000::/48 {
4322 autonomous off; # Do not autoconfigure
4325 rdnss 2001:0DB8:1234::10; # Short form of RDNSS
4329 ns 2001:0DB8:1234::11;
4330 ns 2001:0DB8:1234::12;
4346 <label id="rip-intro">
4348 <p>The RIP protocol (also sometimes called Rest In Pieces) is a simple protocol,
4349 where each router broadcasts (to all its neighbors) distances to all networks it
4350 can reach. When a router hears distance to another network, it increments it and
4351 broadcasts it back. Broadcasts are done in regular intervals. Therefore, if some
4352 network goes unreachable, routers keep telling each other that its distance is
4353 the original distance plus 1 (actually, plus interface metric, which is usually
4354 one). After some time, the distance reaches infinity (that's 15 in RIP) and all
4355 routers know that network is unreachable. RIP tries to minimize situations where
4356 counting to infinity is necessary, because it is slow. Due to infinity being 16,
4357 you can't use RIP on networks where maximal distance is higher than 15
4360 <p>BIRD supports RIPv1 (<rfc id="1058">), RIPv2 (<rfc id="2453">), RIPng (<rfc
4361 id="2080">), and RIP cryptographic authentication (<rfc id="4822">).
4363 <p>RIP is a very simple protocol, and it has a lot of shortcomings. Slow
4364 convergence, big network load and inability to handle larger networks makes it
4365 pretty much obsolete. It is still usable on very small networks.
4367 <sect1>Configuration
4368 <label id="rip-config">
4370 <p>RIP configuration consists mainly of common protocol options and interface
4371 definitions, most RIP options are interface specific. RIPng (RIP for IPv6)
4372 protocol instance can be configured by using <cf/rip ng/ instead of just
4373 <cf/rip/ as a protocol type.
4375 <p>RIP needs one IPv4 channel. RIPng needs one IPv6 channel. If no channel is
4376 configured, appropriate channel is defined with default parameters.
4379 protocol rip [ng] [<name>] {
4380 infinity <number>;
4381 ecmp <switch> [limit <number>];
4382 interface <interface pattern> {
4383 metric <number>;
4384 mode multicast|broadcast;
4385 passive <switch>;
4387 port <number>;
4389 split horizon <switch>;
4390 poison reverse <switch>;
4391 check zero <switch>;
4392 update time <number>;
4393 timeout time <number>;
4394 garbage time <number>;
4395 ecmp weight <number>;
4396 ttl security <switch>; | tx only;
4397 tx class|dscp <number>;
4398 tx priority <number>;
4399 rx buffer <number>;
4400 tx length <number>;
4401 check link <switch>;
4402 authentication none|plaintext|cryptographic;
4403 password "<text>";
4404 password "<text>" {
4406 generate from "<date>";
4407 generate to "<date>";
4408 accept from "<date>";
4409 accept to "<date>";
4410 from "<date>";
4412 algorithm ( keyed md5 | keyed sha1 | hmac sha1 | hmac sha256 | hmac sha384 | hmac sha512 );
4419 <tag><label id="rip-infinity">infinity <M>number</M></tag>
4420 Selects the distance of infinity. Bigger values will make
4421 protocol convergence even slower. The default value is 16.
4423 <tag><label id="rip-ecmp">ecmp <M>switch</M> [limit <M>number</M>]</tag>
4424 This option specifies whether RIP is allowed to generate ECMP
4425 (equal-cost multipath) routes. Such routes are used when there are
4426 several directions to the destination, each with the same (computed)
4427 cost. This option also allows to specify a limit on maximum number of
4428 nexthops in one route. By default, ECMP is enabled if supported by
4429 Kernel. Default value of the limit is 16.
4431 <tag><label id="rip-iface">interface <m/pattern/ [, <m/.../] { <m/options/ }</tag>
4432 Interface definitions specify a set of interfaces on which the
4433 protocol is activated and contain interface specific options.
4434 See <ref id="proto-iface" name="interface"> common options for
4435 detailed description.
4438 <p>Interface specific options:
4441 <tag><label id="rip-iface-metric">metric <m/num/</tag>
4442 This option specifies the metric of the interface. When a route is
4443 received from the interface, its metric is increased by this value
4444 before further processing. Valid values are 1-255, but values higher
4445 than infinity has no further meaning. Default: 1.
4447 <tag><label id="rip-iface-mode">mode multicast|broadcast</tag>
4448 This option selects the mode for RIP to use on the interface. The
4449 default is multicast mode for RIPv2 and broadcast mode for RIPv1.
4450 RIPng always uses the multicast mode.
4452 <tag><label id="rip-iface-passive">passive <m/switch/</tag>
4453 Passive interfaces receive routing updates but do not transmit any
4454 messages. Default: no.
4456 <tag><label id="rip-iface-address">address <m/ip/</tag>
4457 This option specifies a destination address used for multicast or
4458 broadcast messages, the default is the official RIP (224.0.0.9) or RIPng
4459 (ff02::9) multicast address, or an appropriate broadcast address in the
4462 <tag><label id="rip-iface-port">port <m/number/</tag>
4463 This option selects an UDP port to operate on, the default is the
4464 official RIP (520) or RIPng (521) port.
4466 <tag><label id="rip-iface-version">version 1|2</tag>
4467 This option selects the version of RIP used on the interface. For RIPv1,
4468 automatic subnet aggregation is not implemented, only classful network
4469 routes and host routes are propagated. Note that BIRD allows RIPv1 to be
4470 configured with features that are defined for RIPv2 only, like
4471 authentication or using multicast sockets. The default is RIPv2 for IPv4
4472 RIP, the option is not supported for RIPng, as no further versions are
4475 <tag><label id="rip-iface-version-only">version only <m/switch/</tag>
4476 Regardless of RIP version configured for the interface, BIRD accepts
4477 incoming packets of any RIP version. This option restrict accepted
4478 packets to the configured version. Default: no.
4480 <tag><label id="rip-iface-split-horizon">split horizon <m/switch/</tag>
4481 Split horizon is a scheme for preventing routing loops. When split
4482 horizon is active, routes are not regularly propagated back to the
4483 interface from which they were received. They are either not propagated
4484 back at all (plain split horizon) or propagated back with an infinity
4485 metric (split horizon with poisoned reverse). Therefore, other routers
4486 on the interface will not consider the router as a part of an
4487 independent path to the destination of the route. Default: yes.
4489 <tag><label id="rip-iface-poison-reverse">poison reverse <m/switch/</tag>
4490 When split horizon is active, this option specifies whether the poisoned
4491 reverse variant (propagating routes back with an infinity metric) is
4492 used. The poisoned reverse has some advantages in faster convergence,
4493 but uses more network traffic. Default: yes.
4495 <tag><label id="rip-iface-check-zero">check zero <m/switch/</tag>
4496 Received RIPv1 packets with non-zero values in reserved fields should
4497 be discarded. This option specifies whether the check is performed or
4498 such packets are just processed as usual. Default: yes.
4500 <tag><label id="rip-iface-update-time">update time <m/number/</tag>
4501 Specifies the number of seconds between periodic updates. A lower number
4502 will mean faster convergence but bigger network load. Default: 30.
4504 <tag><label id="rip-iface-timeout-time">timeout time <m/number/</tag>
4505 Specifies the time interval (in seconds) between the last received route
4506 announcement and the route expiration. After that, the network is
4507 considered unreachable, but still is propagated with infinity distance.
4510 <tag><label id="rip-iface-garbage-time">garbage time <m/number/</tag>
4511 Specifies the time interval (in seconds) between the route expiration
4512 and the removal of the unreachable network entry. The garbage interval,
4513 when a route with infinity metric is propagated, is used for both
4514 internal (after expiration) and external (after withdrawal) routes.
4517 <tag><label id="rip-iface-ecmp-weight">ecmp weight <m/number/</tag>
4518 When ECMP (multipath) routes are allowed, this value specifies a
4519 relative weight used for nexthops going through the iface. Valid
4520 values are 1-256. Default value is 1.
4522 <tag><label id="rip-iface-auth">authentication none|plaintext|cryptographic</tag>
4523 Selects authentication method to be used. <cf/none/ means that packets
4524 are not authenticated at all, <cf/plaintext/ means that a plaintext
4525 password is embedded into each packet, and <cf/cryptographic/ means that
4526 packets are authenticated using some cryptographic hash function
4527 selected by option <cf/algorithm/ for each key. The default
4528 cryptographic algorithm for RIP keys is Keyed-MD5. If you set
4529 authentication to not-none, it is a good idea to add <cf>password</cf>
4530 section. Default: none.
4532 <tag><label id="rip-iface-pass">password "<m/text/"</tag>
4533 Specifies a password used for authentication. See <ref id="proto-pass"
4534 name="password"> common option for detailed description.
4536 <tag><label id="rip-iface-ttl-security">ttl security [<m/switch/ | tx only]</tag>
4537 TTL security is a feature that protects routing protocols from remote
4538 spoofed packets by using TTL 255 instead of TTL 1 for protocol packets
4539 destined to neighbors. Because TTL is decremented when packets are
4540 forwarded, it is non-trivial to spoof packets with TTL 255 from remote
4543 If this option is enabled, the router will send RIP packets with TTL 255
4544 and drop received packets with TTL less than 255. If this option si set
4545 to <cf/tx only/, TTL 255 is used for sent packets, but is not checked
4546 for received packets. Such setting does not offer protection, but offers
4547 compatibility with neighbors regardless of whether they use ttl
4550 For RIPng, TTL security is a standard behavior (required by <rfc
4551 id="2080">) and therefore default value is yes. For IPv4 RIP, default
4554 <tag><label id="rip-iface-tx-class">tx class|dscp|priority <m/number/</tag>
4555 These options specify the ToS/DiffServ/Traffic class/Priority of the
4556 outgoing RIP packets. See <ref id="proto-tx-class" name="tx class"> common
4557 option for detailed description.
4559 <tag><label id="rip-iface-rx-buffer">rx buffer <m/number/</tag>
4560 This option specifies the size of buffers used for packet processing.
4561 The buffer size should be bigger than maximal size of received packets.
4562 The default value is 532 for IPv4 RIP and interface MTU value for RIPng.
4564 <tag><label id="rip-iface-tx-length">tx length <m/number/</tag>
4565 This option specifies the maximum length of generated RIP packets. To
4566 avoid IP fragmentation, it should not exceed the interface MTU value.
4567 The default value is 532 for IPv4 RIP and interface MTU value for RIPng.
4569 <tag><label id="rip-iface-check-link">check link <m/switch/</tag>
4570 If set, the hardware link state (as reported by OS) is taken into
4571 consideration. When the link disappears (e.g. an ethernet cable is
4572 unplugged), neighbors are immediately considered unreachable and all
4573 routes received from them are withdrawn. It is possible that some
4574 hardware drivers or platforms do not implement this feature.
4579 <label id="rip-attr">
4581 <p>RIP defines two route attributes:
4584 <tag><label id="rta-rip-metric">int rip_metric</tag>
4585 RIP metric of the route (ranging from 0 to <cf/infinity/). When routes
4586 from different RIP instances are available and all of them have the same
4587 preference, BIRD prefers the route with lowest <cf/rip_metric/. When a
4588 non-RIP route is exported to RIP, the default metric is 1.
4590 <tag><label id="rta-rip-tag">int rip_tag</tag>
4591 RIP route tag: a 16-bit number which can be used to carry additional
4592 information with the route (for example, an originating AS number in
4593 case of external routes). When a non-RIP route is exported to RIP, the
4598 <label id="rip-exam">
4612 authentication cryptographic;
4613 password "secret" { algorithm hmac sha256; };
4624 <p>The Resource Public Key Infrastructure (RPKI) is mechanism for origin
4625 validation of BGP routes (RFC 6480). BIRD supports only so-called RPKI-based
4626 origin validation. There is implemented RPKI to Router (RPKI-RTR) protocol (RFC
4627 6810). It uses some of the RPKI data to allow a router to verify that the
4628 autonomous system announcing an IP address prefix is in fact authorized to do
4629 so. This is not crypto checked so can be violated. But it should prevent the
4630 vast majority of accidental hijackings on the Internet today, e.g. the famous
4631 Pakastani accidental announcement of YouTube's address space.
4633 <p>The RPKI-RTR protocol receives and maintains a set of ROAs from a cache
4634 server (also called validator). You can validate routes (RFC 6483) using
4635 function <cf/roa_check()/ in filter and set it as import filter at the BGP
4636 protocol. BIRD should re-validate all of affected routes after RPKI update by
4637 RFC 6811, but we don't support it yet! You can use a BIRD's client command
4638 <cf>reload in <m/bgp_protocol_name/</cf> for manual call of revalidation of all
4641 <sect1>Supported transports
4644 <item>Unprotected transport over TCP uses a port 323. The cache server
4645 and BIRD router should be on the same trusted and controlled network
4646 for security reasons.
4647 <item>SSHv2 encrypted transport connection uses the normal SSH port
4651 <sect1>Configuration
4653 <p>We currently support just one cache server per protocol. However you can
4654 define more RPKI protocols generally.
4657 protocol rpki [<name>] {
4658 roa4 { table <tab>; };
4659 roa6 { table <tab>; };
4660 remote <ip> | "<domain>" [port <num>];
4662 refresh [keep] <num>;
4663 retry [keep] <num>;
4664 expire [keep] <num>;
4667 bird private key "</path/to/id_rsa>";
4668 remote public key "</path/to/known_host>";
4669 user "<name>";
4674 <p>Alse note that you have to specify the ROA channel. If you want to import
4675 only IPv4 prefixes you have to specify only roa4 channel. Similarly with IPv6
4676 prefixes only. If you want to fetch both IPv4 and even IPv6 ROAs you have to
4677 specify both channels.
4679 <sect2>RPKI protocol options
4682 <tag>remote <m/ip/ | "<m/hostname/" [port <m/num/]</tag> Specifies
4683 a destination address of the cache server. Can be specified by an IP
4684 address or by full domain name string. Only one cache can be specified
4685 per protocol. This option is required.
4687 <tag>port <m/num/</tag> Specifies the port number. The default port
4688 number is 323 for transport without any encryption and 22 for transport
4689 with SSH encryption.
4691 <tag>refresh [keep] <m/num/</tag> Time period in seconds. Tells how
4692 long to wait before next attempting to poll the cache using a Serial
4693 Query or a Reset Query packet. Must be lower than 86400 seconds (one
4694 day). Too low value can caused a false positive detection of
4695 network connection problems. A keyword <cf/keep/ suppresses updating
4696 this value by a cache server.
4697 Default: 3600 seconds
4699 <tag>retry [keep] <m/num/</tag> Time period in seconds between a failed
4700 Serial/Reset Query and a next attempt. Maximum allowed value is 7200
4701 seconds (two hours). Too low value can caused a false positive
4702 detection of network connection problems. A keyword <cf/keep/
4703 suppresses updating this value by a cache server.
4704 Default: 600 seconds
4706 <tag>expire [keep] <m/num/</tag> Time period in seconds. Received
4707 records are deleted if the client was unable to successfully refresh
4708 data for this time period. Must be in range from 600 seconds (ten
4709 minutes) to 172800 seconds (two days). A keyword <cf/keep/
4710 suppresses updating this value by a cache server.
4711 Default: 7200 seconds
4713 <tag>transport tcp</tag> Unprotected transport over TCP. It's a default
4714 transport. Should be used only on secure private networks.
4717 <tag>transport ssh { <m/SSH transport options.../ }</tag> It enables a
4718 SSHv2 transport encryption. Cannot be combined with a TCP transport.
4722 <sect3>SSH transport options
4725 <tag>bird private key "<m>/path/to/id_rsa</m>"</tag>
4726 A path to the BIRD's private SSH key for authentication.
4727 It can be a <cf><m>id_rsa</m></cf> file.
4729 <tag>remote public key "<m>/path/to/known_host</m>"</tag>
4730 A path to the cache's public SSH key for verification identity
4731 of the cache server. It could be a path to <cf><m>known_host</m></cf> file.
4733 <tag>user "<m/name/"</tag>
4734 A SSH user name for authentication. This option is a required.
4738 <sect2>BGP origin validation
4739 <p>Policy: Don't import <cf/ROA_INVALID/ routes.
4750 # Please, do not use rpki-validator.realmv6.org in production
4751 remote "rpki-validator.realmv6.org" port 8282;
4759 if (roa_check(r4, net, bgp_path.last) = ROA_INVALID) then
4761 print "Ignore invalid ROA ", net, " for ASN ", bgp_path.last;
4770 neighbor 192.168.2.1 as 65001;
4772 import filter peer_in_v4;
4778 <sect2>SSHv2 transport encryption
4790 remote 127.0.0.1 port 2345;
4792 bird private key "/home/birdgeek/.ssh/id_rsa";
4793 remote public key "/home/birdgeek/.ssh/known_hosts";
4797 # Default interval values
4805 <p>The Static protocol doesn't communicate with other routers in the network,
4806 but instead it allows you to define routes manually. This is often used for
4807 specifying how to forward packets to parts of the network which don't use
4808 dynamic routing at all and also for defining sink routes (i.e., those telling to
4809 return packets as undeliverable if they are in your IP block, you don't have any
4810 specific destination for them and you don't want to send them out through the
4811 default route to prevent routing loops).
4813 <p>There are three classes of definitions in Static protocol configuration --
4814 global options, static route definitions, and per-route options. Usually, the
4815 definition of the protocol contains mainly a list of static routes.
4816 Static routes have no specific attributes.
4821 <tag><label id="static-check-link">check link <m/switch/</tag>
4822 If set, hardware link states of network interfaces are taken into
4823 consideration. When link disappears (e.g. ethernet cable is unplugged),
4824 static routes directing to that interface are removed. It is possible
4825 that some hardware drivers or platforms do not implement this feature.
4828 <tag><label id="static-igp-table">igp table <m/name/</tag>
4829 Specifies a table that is used for route table lookups of recursive
4830 routes. Default: the same table as the protocol is connected to.
4833 <p>Route definitions (each may also contain a block of per-route options):
4835 <sect1>Regular routes; MPLS switching rules
4837 <p>There exist several types of routes; keep in mind that <m/prefix/ syntax is
4838 <ref id="type-prefix" name="dependent on network type">.
4841 <tag>route <m/prefix/ via <m/ip/|<m/"interface"/ [mpls <m/num/[/<m/num/[/<m/num/[...]]]]</tag>
4842 Next hop routes may bear one or more <ref id="route-next-hop" name="next hops">.
4843 Every next hop is preceded by <cf/via/ and configured as shown.
4845 <tag>route <m/prefix/ recursive <m/ip/ [mpls <m/num/[/<m/num/[/<m/num/[...]]]]</tag>
4846 Recursive nexthop resolves the given IP in the configured IGP table and
4847 uses that route's next hop. The MPLS stacks are concatenated; on top is
4848 the IGP's nexthop stack and on bottom is this route's stack.
4850 <tag>route <m/prefix/ blackhole|unreachable|prohibit</tag>
4851 Special routes specifying to silently drop the packet, return it as
4852 unreachable or return it as administratively prohibited. First two
4853 targets are also known as <cf/drop/ and <cf/reject/.
4856 <p>When the particular destination is not available (the interface is down or
4857 the next hop of the route is not a neighbor at the moment), Static just
4858 uninstalls the route from the table it is connected to and adds it again as soon
4859 as the destination becomes adjacent again.
4861 <sect1>Route Origin Authorization
4863 <p>The ROA config is just <cf>route <m/prefix/ max <m/int/ as <m/int/</cf> with no nexthop.
4866 <label id="flowspec-network-type">
4868 <p>The flow specification are rules for routers and firewalls for filtering
4869 purpose. It is described by <rfc id="5575">. There are 3 types of arguments:
4870 <m/inet4/ or <m/inet6/ prefixes, bitmasks matching expressions and numbers
4871 matching expressions.
4873 Bitmasks matching is written using <m/value/<cf>/</cf><m/mask/ or
4874 <cf/!/<m/value/<cf>/</cf><m/mask/ pairs. It means that <cf/(/<m/data/ <cf/&/
4875 <m/mask/<cf/)/ is or is not equal to <m/value/.
4877 Numbers matching is a matching sequence of numbers and ranges separeted by a
4878 commas (<cf/,/) (e.g. <cf/10,20,30/). Ranges can be written using double dots
4879 <cf/../ notation (e.g. <cf/80..90,120..124/). An alternative notation are
4880 sequence of one or more pairs of relational operators and values separated by
4881 logical operators <cf/&&/ or <cf/||/. Allowed relational operators are <cf/=/,
4882 <cf/!=/, <cf/</, <cf/<=/, <cf/>/, <cf/>=/, <cf/true/ and <cf/false/.
4884 <sect2>IPv4 Flowspec
4887 <tag><label id="flow-dst">dst <m/inet4/</tag>
4888 Set a matching destination prefix (e.g. <cf>dst 192.168.0.0/16</cf>).
4889 Only this option is mandatory in IPv4 Flowspec.
4891 <tag><label id="flow-src">src <m/inet4/</tag>
4892 Set a matching source prefix (e.g. <cf>src 10.0.0.0/8</cf>).
4894 <tag><label id="flow-proto">proto <m/numbers-match/</tag>
4895 Set a matching IP protocol numbers (e.g. <cf/proto 6/).
4897 <tag><label id="flow-port">port <m/numbers-match/</tag>
4898 Set a matching source or destination TCP/UDP port numbers (e.g.
4899 <cf>port 1..1023,1194,3306</cf>).
4901 <tag><label id="flow-dport">dport <m/numbers-match/</tag>
4902 Set a mating destination port numbers (e.g. <cf>dport 49151</cf>).
4904 <tag><label id="flow-sport">sport <m/numbers-match/</tag>
4905 Set a matching source port numbers (e.g. <cf>sport = 0</cf>).
4907 <tag><label id="flow-icmp-type">icmp type <m/numbers-match/</tag>
4908 Set a matching type field number of an ICMP packet (e.g. <cf>icmp type
4911 <tag><label id="flow-icmp-code">icmp code <m/numbers-match/</tag>
4912 Set a matching code field number of an ICMP packet (e.g. <cf>icmp code
4915 <tag><label id="flow-tcp-flags">tcp flags <m/bitmask-match/</tag>
4916 Set a matching bitmask for TCP header flags (aka control bits) (e.g.
4917 <cf>tcp flags 0x03/0x0f;</cf>). The maximum length of mask is 12 bits
4920 <tag><label id="flow-length">length <m/numbers-match/</tag>
4921 Set a matching packet length (e.g. <cf>length > 1500;</cf>)
4923 <tag><label id="flow-dscp">dscp <m/numbers-match/</tag>
4924 Set a matching DiffServ Code Point number (e.g. <cf>length > 1500;</cf>).
4926 <tag><label id="flow-fragment">fragment <m/fragmentation-type/</tag>
4927 Set a matching type of packet fragmentation. Allowed fragmentation
4928 types are <cf/dont_fragment/, <cf/is_fragment/, <cf/first_fragment/,
4929 <cf/last_fragment/ (e.g. <cf>fragment is_fragment &&
4930 !dont_fragment</cf>).
4939 port > 24 && < 30 || 40..50,60..70,80 && >= 90;
4940 tcp flags 0x03/0x0f;
4943 fragment dont_fragment, is_fragment || !first_fragment;
4948 <sect2>Differences for IPv6 Flowspec
4950 <p>Flowspec IPv6 are same as Flowspec IPv4 with a few exceptions.
4952 <item>Prefixes <m/inet6/ can be specified not only with prefix length,
4953 but with prefix <cf/offset/ <m/num/ too (e.g.
4954 <cf>::1234:5678:9800:0000/101 offset 64</cf>). Offset means to don't
4955 care of <m/num/ first bits.
4956 <item>IPv6 Flowspec hasn't mandatory any flowspec component.
4957 <item>In IPv6 packets, there is a matching the last next header value
4958 for a matching IP protocol number (e.g. <cf>next header 6</cf>).
4959 <item>It is not possible to set <cf>dont_fragment</cf> as a type of
4960 packet fragmentation.
4964 <tag><label id="flow6-dst">dst <m/inet6/ [offset <m/num/]</tag>
4965 Set a matching destination IPv6 prefix (e.g. <cf>dst
4966 ::1c77:3769:27ad:a11a/128 offset 64</cf>).
4968 <tag><label id="flow6-src">src <m/inet6/ [offset <m/num/]</tag>
4969 Set a matching source IPv6 prefix (e.g. <cf>src fe80::/64</cf>).
4971 <tag><label id="flow6-next-header">next header <m/numbers-match/</tag>
4972 Set a matching IP protocol numbers (e.g. <cf>next header != 6</cf>).
4974 <tag><label id="flow6-label">label <m/bitmask-match/</tag>
4975 Set a 20-bit bitmask for matching Flow Label field in IPv6 packets
4976 (e.g. <cf>label 0x8e5/0x8e5</cf>).
4981 flow6 { table myflow6; };
4984 dst fec0:1122:3344:5566:7788:99aa:bbcc:ddee/128;
4985 src 0000:0000:0000:0001:1234:5678:9800:0000/101 offset 63;
4987 sport > 24 && < 30 || = 40 || 50,60,70..80;
4989 tcp flags 0x03/0x0f, !0/0xff || 0x33/0x33;
4990 fragment !is_fragment || !first_fragment;
4991 label 0xaaaa/0xaaaa && 0x33/0x33;
4996 <sect1>Per-route options
4999 <tag><label id="static-route-bfd">bfd <m/switch/</tag>
5000 The Static protocol could use BFD protocol for next hop liveness
5001 detection. If enabled, a BFD session to the route next hop is created
5002 and the static route is BFD-controlled -- the static route is announced
5003 only if the next hop liveness is confirmed by BFD. If the BFD session
5004 fails, the static route is removed. Note that this is a bit different
5005 compared to other protocols, which may use BFD as an advisory mechanism
5006 for fast failure detection but ignores it if a BFD session is not even
5009 This option can be used for static routes with a direct next hop, or
5010 also for for individual next hops in a static multipath route (see
5011 above). Note that BFD protocol also has to be configured, see
5012 <ref id="bfd" name="BFD"> section for details. Default value is no.
5014 <tag><label id="static-route-filter"><m/filter expression/</tag>
5015 This is a special option that allows filter expressions to be configured
5016 on per-route basis. Can be used multiple times. These expressions are
5017 evaluated when the route is originated, similarly to the import filter
5018 of the static protocol. This is especially useful for configuring route
5019 attributes, e.g., <cf/ospf_metric1 = 100;/ for a route that will be
5020 exported to the OSPF protocol.
5023 <sect1>Example static config
5027 ipv4 { table testable; }; # Connect to a non-default routing table
5028 check link; # Advertise routes only if link is up
5029 route 0.0.0.0/0 via 198.51.100.130; # Default route
5030 route 10.0.0.0/8 # Multipath route
5031 via 198.51.100.10 weight 2
5032 via 198.51.100.20 bfd # BFD-controlled next hop
5034 route 203.0.113.0/24 unreachable; # Sink route
5035 route 10.2.0.0/24 via "arc0"; # Secondary network
5036 route 192.168.10.0/24 via 198.51.100.100 {
5037 ospf_metric1 = 20; # Set extended attribute
5039 route 192.168.10.0/24 via 198.51.100.100 {
5040 ospf_metric2 = 100; # Set extended attribute
5041 ospf_tag = 2; # Set extended attribute
5042 bfd; # BFD-controlled route
5049 <label id="conclusion">
5052 <label id="future-work">
5054 <p>Although BIRD supports all the commonly used routing protocols, there are
5055 still some features which would surely deserve to be implemented in future
5060 <item>Route aggregation and flap dampening
5061 <item>Multicast routing protocols
5062 <item>Ports to other systems
5066 <sect>Getting more help
5069 <p>If you use BIRD, you're welcome to join the bird-users mailing list
5070 (<HTMLURL URL="mailto:bird-users@network.cz" name="bird-users@network.cz">)
5071 where you can share your experiences with the other users and consult
5072 your problems with the authors. To subscribe to the list, visit
5073 <HTMLURL URL="http://bird.network.cz/?m_list" name="http://bird.network.cz/?m_list">.
5074 The home page of BIRD can be found at <HTMLURL URL="http://bird.network.cz/" name="http://bird.network.cz/">.
5076 <p>BIRD is a relatively young system and it probably contains some bugs. You can
5077 report any problems to the bird-users list and the authors will be glad to solve
5078 them, but before you do so, please make sure you have read the available
5079 documentation and that you are running the latest version (available at
5080 <HTMLURL URL="ftp://bird.network.cz/pub/bird" name="bird.network.cz:/pub/bird">).
5081 (Of course, a patch which fixes the bug is always welcome as an attachment.)
5083 <p>If you want to understand what is going inside, Internet standards are a good
5084 and interesting reading. You can get them from
5085 <HTMLURL URL="ftp://ftp.rfc-editor.org/" name="ftp.rfc-editor.org"> (or a
5086 nicely sorted version from <HTMLURL URL="ftp://atrey.karlin.mff.cuni.cz/pub/rfc"
5087 name="atrey.karlin.mff.cuni.cz:/pub/rfc">).
5094 LocalWords: GPL IPv GateD BGPv RIPv OSPFv Linux sgml html dvi sgmltools Pavel
5095 LocalWords: linuxdoc dtd descrip config conf syslog stderr auth ospf bgp Mbps
5096 LocalWords: router's eval expr num birdc ctl UNIX if's enums bool int ip GCC
5097 LocalWords: len ipaddress pxlen netmask enum bgppath bgpmask clist gw md eth
5098 LocalWords: RTS printn quitbird iBGP AS'es eBGP RFC multiprotocol IGP Machek
5099 LocalWords: EGP misconfigurations keepalive pref aggr aggregator BIRD's RTC
5100 LocalWords: OS'es AS's multicast nolisten misconfigured UID blackhole MRTD MTU
5101 LocalWords: uninstalls ethernets IP binutils ANYCAST anycast dest RTD ICMP rfc
5102 LocalWords: compat multicasts nonbroadcast pointopoint loopback sym stats
5103 LocalWords: Perl SIGHUP dd mm yy HH MM SS EXT IA UNICAST multihop Discriminator txt
5104 LocalWords: proto wildcard Ondrej Filip
projects / thirdparty / bird.git / blob