<tag><label id="proto-pass-gen-from">generate from "<m/time/"</tag>
The start time of the usage of the password for packet signing.
- The format of <cf><m/time/</cf> is <tt>dd-mm-yyyy HH:MM:SS</tt>.
+ The format of <cf><m/time/</cf> is <tt>YYYY-MM-DD [hh:mm:ss[.sss]]</tt>.
<tag><label id="proto-pass-gen-to">generate to "<m/time/"</tag>
The last time of the usage of the password for packet signing.
<tag><label id="cli-show-static">show static [<m/name/]</tag>
Show detailed information about static routes.
- <tag><label id="cli-show-bfd-sessions">show bfd sessions [<m/name/]</tag>
- Show information about BFD sessions.
+ <tag><label id="cli-show-bfd-sessions">show bfd sessions [<m/name/] [address (<m/IP/|<m/prefix/)] [(interface|dev) "<m/name/"] [ipv4|ipv6] [direct|multihop] [all]</tag>
+ Show information about BFD sessions. Options could be used to filter
+ entries, or in the case of the option <cf/all/ to give verbose output.
<tag><label id="cli-show-symbols">show symbols [table|filter|function|protocol|template|roa|<m/symbol/]</tag>
Show the list of symbols defined in the configuration (names of
restarted. Optionally, it can be configured (by <cf/graceful/ argument)
to trigger graceful restart instead of regular restart. It is also
possible to specify section with per-peer BFD session options instead of
- just switch argument. Most BFD session specific options are allowed here
- with the exception of authentication options. here Note that BFD
- protocol also has to be configured, see <ref id="bfd" name="BFD">
- section for details. Default: disabled.
+ just the switch argument. All BFD session-specific options are allowed
+ here. Note that BFD protocol also has to be configured, see
+ <ref id="bfd" name="BFD"> section for details. Default: disabled.
<tag><label id="bgp-ttl-security">ttl security <m/switch/</tag>
Use GTSM (<rfc id="5082"> - the generalized TTL security mechanism). GTSM
<p>In Linux, there is also a plenty of obscure route attributes mostly focused
on tuning TCP performance of local connections. BIRD supports most of these
attributes, see Linux or iproute2 documentation for their meaning. Attributes
-<cf/krt_lock_*/ and <cf/krt_feature_*/ have type bool, others have type int.
-Supported attributes are:
+<cf/krt_lock_*/ and <cf/krt_feature_*/ have type bool, <cf/krt_congctl/ has type
+string, others have type int. Supported attributes are:
<cf/krt_mtu/, <cf/krt_lock_mtu/, <cf/krt_window/, <cf/krt_lock_window/,
<cf/krt_rtt/, <cf/krt_lock_rtt/, <cf/krt_rttvar/, <cf/krt_lock_rttvar/,
-<cf/krt_sstresh/, <cf/krt_lock_sstresh/, <cf/krt_cwnd/, <cf/krt_lock_cwnd/,
+<cf/krt_ssthresh/, <cf/krt_lock_ssthresh/, <cf/krt_cwnd/, <cf/krt_lock_cwnd/,
<cf/krt_advmss/, <cf/krt_lock_advmss/, <cf/krt_reordering/, <cf/krt_lock_reordering/,
<cf/krt_hoplimit/, <cf/krt_lock_hoplimit/, <cf/krt_rto_min/, <cf/krt_lock_rto_min/,
-<cf/krt_initcwnd/, <cf/krt_initrwnd/, <cf/krt_quickack/,
+<cf/krt_initcwnd/, <cf/krt_lock_initcwnd/, <cf/krt_initrwnd/, <cf/krt_lock_initrwnd/,
+<cf/krt_quickack/, <cf/krt_lock_quickack/, <cf/krt_congctl/, <cf/krt_lock_congctl/,
+<cf/krt_fastopen_no_cookie/, <cf/krt_lock_fastopen_no_cookie/,
<cf/krt_feature_ecn/, <cf/krt_feature_allfrag/
<sect1>Example
authentication cryptographic;
password "abc" {
id 1;
- generate to "22-04-2003 11:00:06";
- accept from "17-01-2001 12:01:05";
+ generate to "2023-04-22 11:00:06";
+ accept from "2021-01-17 12:01:05";
algorithm hmac sha384;
};
password "def" {
id 2;
- generate to "22-07-2005 17:03:21";
- accept from "22-02-2001 11:34:06";
+ generate to "2025-07-22";
+ accept from "2021-02-22";
algorithm hmac sha512;
};
};
roa6 { table <tab>; };
remote <ip> | "<domain>" [port <num>];
port <num>;
+ local address <ip>;
refresh [keep] <num>;
retry [keep] <num>;
expire [keep] <num>;
number is 323 for transport without any encryption and 22 for transport
with SSH encryption.
+ <tag>local address <m/ip/</tag>
+ Define local address we should use as a source address for the RTR session.
+
<tag>refresh [keep] <m/num/</tag> Time period in seconds. Tells how
long to wait before next attempting to poll the cache using a Serial
Query or a Reset Query packet. Must be lower than 86400 seconds (one
that BFD protocol also has to be configured, see <ref id="bfd" name="BFD">
section for details. Default value is no.
+ <tag><label id="static-route-dev">dev <m/text/</tag>
+ The outgoing interface associated with the nexthop. Useful for
+ link-local nexthop addresses or when multiple interfaces use the same
+ network prefix. By default, the outgoing interface is resolved from the
+ nexthop address.
+
<tag><label id="static-route-mpls">mpls <m/num/[/<m/num/[/<m/num/[...]]]</tag>
MPLS labels that should be pushed to packets forwarded by the route.
The option could be used for both IP routes (on MPLS ingress routers)
<p>The ROA config is just <cf>route <m/prefix/ max <m/int/ as <m/int/</cf> with no nexthop.
+<sect1>Autonomous System Provider Authorization
+
+<p>The ASPA config is <cf>route aspa <m/int/ providers <m/int/ [, <m/int/ ...]</cf> with no nexthop.
+ The first ASN is client and the following are a list of providers.
+ For a transit, you can also write <cf>route aspa <m/int/ transit</cf> to get
+ the no-provider ASPA.
+
<sect1>Flowspec
<label id="flowspec-network-type">
via 198.51.100.20 bfd # BFD-controlled next hop
via 192.0.2.1;
route 203.0.113.0/24 blackhole; # Sink route
- route 10.2.0.0/24 via "arc0"; # Secondary network
+ route 10.2.0.0/24 via "arc0"; # Direct route
+ route 10.2.2.0/24 via 192.0.2.1 dev "eth0" onlink; # Route with both nexthop and iface
route 192.168.10.0/24 via 198.51.100.100 {
ospf_metric1 = 20; # Set extended attribute
};
route 2001:db8:10::/48 via 2001:db8:1::1; # Route with global nexthop
route 2001:db8:20::/48 via fe80::10%eth0; # Route with link-local nexthop
route 2001:db8:30::/48 via fe80::20%'eth1.60'; # Iface with non-alphanumeric characters
- route 2001:db8:40::/48 via "eth2"; # Direct route to eth2
+ route 2001:db8:40::/48 via fe80::30 dev "eth1"; # Another link-local nexthop
+ route 2001:db8:50::/48 via "eth2"; # Direct route to eth2
route 2001:db8::/32 unreachable; # Unreachable route
route ::/0 via 2001:db8:1::1 bfd; # BFD-controlled default route
}