mirror of
https://gitlab.nic.cz/labs/bird.git
synced 2024-12-22 01:31:55 +00:00
Doc: Documentation update
This commit is contained in:
parent
6b0f5f68a8
commit
cf3e3845c2
339
doc/bird.sgml
339
doc/bird.sgml
@ -91,6 +91,7 @@ supports:
|
||||
<item>the Border Gateway Protocol (BGPv4)
|
||||
<item>the Routing Information Protocol (RIPv2, RIPng)
|
||||
<item>the Open Shortest Path First protocol (OSPFv2, OSPFv3)
|
||||
<item>the Babel Routing Protocol
|
||||
<item>the Router Advertisements for IPv6 hosts
|
||||
<item>a virtual protocol for exchange of routes between different
|
||||
routing tables on a single host
|
||||
@ -228,17 +229,17 @@ default tables -- <cf/master4/ for IPv4 routes and <cf/master6/ for IPv6 routes.
|
||||
Other tables must be explicitly configured.
|
||||
|
||||
<p>
|
||||
These routing tables are not kernel forwarding tables. No forwarding is done in BIRD.
|
||||
If you want to forward packets using the routes in BIRD's tables, you may
|
||||
use the Kernel protocol (see below) to synchronize them with kernel's FIBs.
|
||||
These routing tables are not kernel forwarding tables. No forwarding is done by
|
||||
BIRD. If you want to forward packets using the routes in BIRD tables, you may
|
||||
use the Kernel protocol (see below) to synchronize them with kernel FIBs.
|
||||
|
||||
<p>
|
||||
Every nettype defines a (kind of) primary key on routes. Every route source
|
||||
can supply one route for every possible primary key; new route announcement
|
||||
replaces the old route from the same source, keeping other routes intact.
|
||||
BIRD always chooses the best route for every primary key among the known
|
||||
routes and keeps the others as suboptimal. When the best route is retracted,
|
||||
BIRD re-runs the best route selection algorithm to find the current best route.
|
||||
Every nettype defines a (kind of) primary key on routes. Every route source can
|
||||
supply one route for every possible primary key; new route announcement replaces
|
||||
the old route from the same source, keeping other routes intact. BIRD always
|
||||
chooses the best route for each primary key among the known routes and keeps the
|
||||
others as suboptimal. When the best route is retracted, BIRD re-runs the best
|
||||
route selection algorithm to find the current best route.
|
||||
|
||||
<p>
|
||||
The global best route selection algorithm is (roughly) as follows:
|
||||
@ -246,12 +247,12 @@ The global best route selection algorithm is (roughly) as follows:
|
||||
<itemize>
|
||||
<item>Preferences of the routes are compared.
|
||||
<item>Source protocol instance preferences are compared.
|
||||
<item>If source protocols are different (e.g. BGP vs. OSPF), result of the algorithm is undefined.
|
||||
<item>If source protocols are the same (e.g. BGP vs. BGP), the protocol's route selection algorithm is invoked.
|
||||
<item>If source protocols are different (e.g. BGP vs. OSPF), result of the algorithm is undefined.
|
||||
</itemize>
|
||||
|
||||
<p><label id="dsc-table-sorted">Usually, a routing table just chooses a selected route
|
||||
from a list of entries for one network. But if the <cf/sorted/ option is
|
||||
<p><label id="dsc-table-sorted">Usually, a routing table just chooses a selected
|
||||
route from a list of entries for one network. But if the <cf/sorted/ option is
|
||||
activated, these lists of entries are kept completely sorted (according to
|
||||
preference or some protocol-dependent metric). This is needed for some features
|
||||
of some protocols (e.g. <cf/secondary/ option of BGP protocol, which allows to
|
||||
@ -267,9 +268,11 @@ is that it is slightly more computationally expensive.
|
||||
|
||||
<p>BIRD works with several types of routes. Some of them are typical IP routes,
|
||||
others are better described as forwarding rules. We call them all routes,
|
||||
regardless on this difference.
|
||||
regardless of this difference.
|
||||
|
||||
<p>Every route consists of several attributes (read more about them in the <ref id="route-attributes" name="Route attributes"> section); the common for all routes are:
|
||||
<p>Every route consists of several attributes (read more about them in the
|
||||
<ref id="route-attributes" name="Route attributes"> section); the common for all
|
||||
routes are:
|
||||
|
||||
<itemize>
|
||||
<item>IP address of router which told us about this route
|
||||
@ -281,7 +284,7 @@ regardless on this difference.
|
||||
<p>Other attributes depend on nettypes. Some of them are part of the primary key, these are marked (PK).
|
||||
|
||||
<sect1>IPv4 and IPv6 routes
|
||||
<label id="ipv4-ipv6-routes">
|
||||
<label id="ip-routes">
|
||||
|
||||
<p>The traditional routes. Configuration keywords are <cf/ipv4/ and <cf/ipv6/.
|
||||
|
||||
@ -291,7 +294,7 @@ regardless on this difference.
|
||||
</itemize>
|
||||
|
||||
<sect1>VPN IPv4 and IPv6 routes
|
||||
<label id="vpn4-vpn6-routes">
|
||||
<label id="vpn-routes">
|
||||
|
||||
<p>Routes for IPv4 and IPv6 with VPN Route Distinguisher (<rfc id="4364">).
|
||||
Configuration keywords are <cf/vpn4/ and <cf/vpn6/.
|
||||
@ -303,10 +306,10 @@ Configuration keywords are <cf/vpn4/ and <cf/vpn6/.
|
||||
</itemize>
|
||||
|
||||
<sect1>Route Origin Authorization for IPv4 and IPv6
|
||||
<label id="roa4-roa6-routes">
|
||||
<label id="roa-routes">
|
||||
|
||||
<p>These entries can be used to validate route origination of BGP routes.
|
||||
An ROA entry specifies prefixes which could be originated by an AS number.
|
||||
A ROA entry specifies prefixes which could be originated by an AS number.
|
||||
Their keywords are <cf/roa4/ and <cf/roa6/.
|
||||
|
||||
<itemize>
|
||||
@ -316,7 +319,7 @@ Their keywords are <cf/roa4/ and <cf/roa6/.
|
||||
</itemize>
|
||||
|
||||
<sect1>Flowspec for IPv4 and IPv6
|
||||
<label id="flow4-flow6-routes">
|
||||
<label id="flow-routes">
|
||||
|
||||
<p>Flowspec rules are a form of firewall and traffic flow control rules
|
||||
distributed mostly via BGP. These rules may help the operators stop various
|
||||
@ -357,12 +360,12 @@ In that case, every next hop has also its weight.
|
||||
<sect>Protocols and channels
|
||||
<label id="protocols-concept">
|
||||
|
||||
<p>BIRD's protocol is an abstract class of producers and consumers of the routes.
|
||||
<p>BIRD protocol is an abstract class of producers and consumers of the routes.
|
||||
Each protocol may run in multiple instances and bind on one side to route
|
||||
tables via channels, on the other side to specified listen sockets (BGP),
|
||||
interfaces (Babel, OSPF, RIP), APIs (Kernel, Direct), or nothing (Static, Pipe).
|
||||
|
||||
<p>There are also two protocols which do not have any channels -- BFD and Device.
|
||||
<p>There are also two protocols that do not have any channels -- BFD and Device.
|
||||
Both of them are kind of service for other protocols.
|
||||
|
||||
<p>Each protocol is connected to a routing table through a channel. Some protocols
|
||||
@ -439,12 +442,14 @@ protocol rip {
|
||||
|
||||
<p><descrip>
|
||||
<tag><label id="opt-include">include "<m/filename/";</tag>
|
||||
This statement causes inclusion of a new file. The <m/filename/ could also
|
||||
be a wildcard, in that case matching files are included in alphabetic
|
||||
order. The maximal depth is 8. Note that this statement can be used
|
||||
anywhere in the config file, even inside other options, but always on the beginning of line.
|
||||
In the following example, the first semicolon belongs to the <cf/include/, the second to <cf/ipv6 table/.
|
||||
If the <file/tablename.conf/ contains exactly one token (the name of the table), this construction is correct:
|
||||
This statement causes inclusion of a new file. The <m/filename/ could
|
||||
also be a wildcard, in that case matching files are included in
|
||||
alphabetic order. The maximal depth is 8. Note that this statement can
|
||||
be used anywhere in the config file, even inside other options, but
|
||||
always on the beginning of line. In the following example, the first
|
||||
semicolon belongs to the <cf/include/, the second to <cf/ipv6 table/.
|
||||
If the <file/tablename.conf/ contains exactly one token (the name of the
|
||||
table), this construction is correct:
|
||||
<code>
|
||||
ipv6 table
|
||||
include "tablename.conf";;
|
||||
@ -505,7 +510,7 @@ include "tablename.conf";;
|
||||
<tag><label id="opt-function">function <m/name/ (<m/parameters/) <m/local variables/ { <m/commands/ }</tag>
|
||||
Define a function. You can learn more about functions in the following chapter.
|
||||
|
||||
<tag><label id="opt-protocol">protocol rip [|ng]|ospf [v2|v3]|bgp|<m/.../ [<m/name/ [from <m/name2/]] { <m>protocol options</m> }</tag>
|
||||
<tag><label id="opt-protocol">protocol rip|ospf|bgp|<m/.../ [<m/name/ [from <m/name2/]] { <m>protocol options</m> }</tag>
|
||||
Define a protocol instance called <cf><m/name/</cf> (or with a name like
|
||||
"rip5" generated automatically if you don't specify any
|
||||
<cf><m/name/</cf>). You can learn more about configuring protocols in
|
||||
@ -514,7 +519,7 @@ include "tablename.conf";;
|
||||
<cf><m/name2/</cf> You can run more than one instance of most protocols
|
||||
(like RIP or BGP). By default, no instances are configured.
|
||||
|
||||
<tag><label id="opt-template">template rip [|ng]|ospf [v2|v3]|bgp|<m/.../ [<m/name/ [from <m/name2/]] { <m>protocol options</m> }</tag>
|
||||
<tag><label id="opt-template">template rip|ospf|bgp|<m/.../ [<m/name/ [from <m/name2/]] { <m>protocol options</m> }</tag>
|
||||
Define a protocol template instance called <m/name/ (or with a name like
|
||||
"bgp1" generated automatically if you don't specify any <m/name/).
|
||||
Protocol templates can be used to group common options when many
|
||||
@ -575,31 +580,17 @@ include "tablename.conf";;
|
||||
<cf/log/ times.
|
||||
|
||||
<tag><label id="opt-table"><m/nettype/ table <m/name/ [sorted]</tag>
|
||||
Create a new routing table. The default routing tables <cf/master4/ and <cf/master6/ are created
|
||||
implicitly, other routing tables have to be added by this command.
|
||||
Option <cf/sorted/ can be used to enable sorting of routes, see
|
||||
<ref id="dsc-table-sorted" name="sorted table"> description for details.
|
||||
|
||||
<!--
|
||||
<tag><label id="opt-roa-table">roa table <m/name/ [ { <m/roa table options .../ } ]</tag>
|
||||
Create a new ROA (Route Origin Authorization) table. ROA tables can be
|
||||
used to validate route origination of BGP routes. A ROA table contains
|
||||
ROA entries, each consist of a network prefix, a max prefix length and
|
||||
an AS number. A ROA entry specifies prefixes which could be originated
|
||||
by that AS number. ROA tables could be filled with data from RPKI (<rfc
|
||||
id="6480">) or from public databases like Whois. ROA tables are
|
||||
examined by <cf/roa_check()/ operator in filters.
|
||||
|
||||
Currently, there is just one option, <cf>roa <m/prefix/ max <m/num/ as
|
||||
<m/num/</cf>, which can be used to populate the ROA table with static
|
||||
ROA entries. The option may be used multiple times. Other entries can be
|
||||
added dynamically by <cf/add roa/ command.
|
||||
-->
|
||||
Create a new routing table. The default routing tables <cf/master4/ and
|
||||
<cf/master6/ are created implicitly, other routing tables have to be
|
||||
added by this command. Option <cf/sorted/ can be used to enable sorting
|
||||
of routes, see <ref id="dsc-table-sorted" name="sorted table">
|
||||
description for details.
|
||||
|
||||
<tag><label id="opt-eval">eval <m/expr/</tag>
|
||||
Evaluates given filter expression. It is used by the developers for testing of filters.
|
||||
</descrip>
|
||||
|
||||
|
||||
<sect>Protocol options
|
||||
<label id="protocol-opts">
|
||||
|
||||
@ -614,10 +605,6 @@ disable it. An empty <m/switch/ is equivalent to <cf/on/ ("silence means
|
||||
agreement").
|
||||
|
||||
<descrip>
|
||||
<tag><label id="proto-preference">preference <m/expr/</tag>
|
||||
Sets the preference of routes generated by this protocol. Default:
|
||||
protocol dependent.
|
||||
|
||||
<tag><label id="proto-disabled">disabled <m/switch/</tag>
|
||||
Disables the protocol. You can change the disable/enable status from the
|
||||
command line interface without needing to touch the configuration.
|
||||
@ -662,9 +649,10 @@ agreement").
|
||||
multihop BGP.
|
||||
|
||||
<tag><label id="proto-channel"><m/channel name/ [{<m/channel config/}]</tag>
|
||||
Every channel must be explicitly stated. See the protocol-specific configuration
|
||||
for the list of supported channel names.
|
||||
See the <ref id="channel-opts" name="channel configuration section"> for channel definition.
|
||||
Every channel must be explicitly stated. See the protocol-specific
|
||||
configuration for the list of supported channel names. See the
|
||||
<ref id="channel-opts" name="channel configuration section"> for channel
|
||||
definition.
|
||||
</descrip>
|
||||
|
||||
<p>There are several options that give sense only with certain protocols:
|
||||
@ -693,7 +681,7 @@ agreement").
|
||||
options, in that case for given interface the first matching interface
|
||||
option is used.
|
||||
|
||||
This option is allowed in Babel, BFD, Direct, OSPF, RAdv and RIP
|
||||
This option is allowed in Babel, BFD, Device, Direct, OSPF, RAdv and RIP
|
||||
protocols. In OSPF protocol it is used in the <cf/area/ subsection.
|
||||
|
||||
Default: none.
|
||||
@ -782,16 +770,22 @@ agreement").
|
||||
|
||||
</descrip>
|
||||
|
||||
|
||||
<sect>Channel options
|
||||
<label id="channel-opts">
|
||||
|
||||
<p>Every channel belongs to a protocol and is configured inside its block. The
|
||||
minimal channel config is empty, then it uses the default values.
|
||||
The channel's name implies its nettype.
|
||||
minimal channel config is empty, then it uses the default values. The name of
|
||||
the channel implies its nettype.
|
||||
|
||||
<descrip>
|
||||
<tag><label id="proto-table">table <m/name/</tag>
|
||||
Connect this channel to a non-default routing table. Default
|
||||
Specify a table to which the channel is connected. Default: the first
|
||||
table of given nettype.
|
||||
|
||||
<tag><label id="proto-preference">preference <m/expr/</tag>
|
||||
Sets the preference of routes generated by the protocol and imported
|
||||
through this channel. Default: protocol dependent.
|
||||
|
||||
<tag><label id="proto-import">import all | none | filter <m/name/ | filter { <m/filter commands/ } | where <m/boolean filter expression/</tag>
|
||||
Specify a filter to be used for filtering routes coming from the
|
||||
@ -1187,14 +1181,13 @@ foot).
|
||||
a shell pattern (represented also as a string).
|
||||
|
||||
<tag><label id="type-ip">ip</tag>
|
||||
This type can hold a single IP address. The IPv4 addresses are stored
|
||||
as IPv4-Mapped IPv6 addresses so one data type for both of them is used.
|
||||
Whether the address is IPv4 or not may be checked by
|
||||
<cf>.is_ip4</cf> which returns <cf/bool/.
|
||||
IP addresses are written in the standard notation
|
||||
(<cf/10.20.30.40/ or <cf/fec0:3:4::1/). You can apply special operator
|
||||
<cf>.mask(<M>num</M>)</cf> on values of type ip. It masks out all but
|
||||
first <cf><M>num</M></cf> bits from the IP address. So
|
||||
This type can hold a single IP address. The IPv4 addresses are stored as
|
||||
IPv4-Mapped IPv6 addresses so one data type for both of them is used.
|
||||
Whether the address is IPv4 or not may be checked by <cf>.is_ip4</cf>
|
||||
which returns <cf/bool/. IP addresses are written in the standard
|
||||
notation (<cf/10.20.30.40/ or <cf/fec0:3:4::1/). You can apply special
|
||||
operator <cf>.mask(<M>num</M>)</cf> on values of type ip. It masks out
|
||||
all but first <cf><M>num</M></cf> bits from the IP address. So
|
||||
<cf/1.2.3.4.mask(8) = 1.0.0.0/ is true.
|
||||
|
||||
<tag><label id="type-prefix">prefix</tag>
|
||||
@ -1207,8 +1200,8 @@ foot).
|
||||
<cf/NET_IP4/ and <cf/NET_IP6/ prefixes hold an IP prefix. The literals
|
||||
are written as <cf><m/ipaddress//<m/pxlen/</cf>,
|
||||
or <cf><m>ipaddress</m>/<m>netmask</m></cf>. There are two special
|
||||
operators on these: <cf/.ip/ which extracts the IP address from
|
||||
the pair, and <cf/.len/, which separates prefix length from the pair.
|
||||
operators on these: <cf/.ip/ which extracts the IP address from the
|
||||
pair, and <cf/.len/, which separates prefix length from the pair.
|
||||
So <cf>1.2.0.0/16.len = 16</cf> is true.
|
||||
|
||||
<cf/NET_VPN4/ and <cf/NET_VPN6/ prefixes hold an IP prefix with VPN
|
||||
@ -1225,7 +1218,8 @@ foot).
|
||||
<cf/NET_FLOW4/ and <cf/NET_FLOW6/ hold an IP prefix together with a
|
||||
flowspec rule. Filters currently don't support flowspec parsing.
|
||||
|
||||
<cf/NET_MPLS/ holds a single MPLS label and its handling is currently not implemented.
|
||||
<cf/NET_MPLS/ holds a single MPLS label and its handling is currently
|
||||
not implemented.
|
||||
|
||||
<tag><label id="type-vpnrd">vpnrd</tag>
|
||||
This is a route distinguisher according to <rfc id="4364">. There are
|
||||
@ -1328,7 +1322,7 @@ foot).
|
||||
<cf>192.168.0.0/16{16,24}</cf> and <cf>192.168.0.0/16 ge 24</cf> as
|
||||
<cf>192.168.0.0/16{24,32}</cf>.
|
||||
|
||||
It's possible to mix IPv4 and IPv6 prefixes/addresses in a prefix/ip set
|
||||
It is possible to mix IPv4 and IPv6 prefixes/addresses in a prefix/ip set
|
||||
but its behavior may change between versions without any warning; don't do
|
||||
it unless you are more than sure what you are doing. (Really, don't do it.)
|
||||
|
||||
@ -1509,8 +1503,9 @@ clist for most purposes.
|
||||
|
||||
<descrip>
|
||||
<tag><label id="rta-net"><m/prefix/ net</tag>
|
||||
The network prefix or anything else the route is talking about.
|
||||
The primary key of the table. Read-only. (See the <ref id="routes" name="chapter about routes">.)
|
||||
The network prefix or anything else the route is talking about. The
|
||||
primary key of the routing table. Read-only. (See the <ref id="routes"
|
||||
name="chapter about routes">.)
|
||||
|
||||
<tag><label id="rta-scope"><m/enum/ scope</tag>
|
||||
The scope of the route. Possible values: <cf/SCOPE_HOST/ for routes
|
||||
@ -1638,8 +1633,8 @@ protocol babel [<name>] {
|
||||
type <wired|wireless>;
|
||||
rxcost <number>;
|
||||
limit <number>;
|
||||
hello interval <number>;
|
||||
update interval <number>;
|
||||
hello interval <time>;
|
||||
update interval <time>;
|
||||
port <number>;
|
||||
tx class|dscp <number>;
|
||||
tx priority <number>;
|
||||
@ -1654,7 +1649,7 @@ protocol babel [<name>] {
|
||||
|
||||
<descrip>
|
||||
<tag><label id="babel-channel">ipv4|ipv6 <m/channel config/</tag>
|
||||
The supported channels are IPv4 and IPv6.
|
||||
The supported channels are IPv4 and IPv6.
|
||||
|
||||
<tag><label id="babel-type">type wired|wireless </tag>
|
||||
This option specifies the interface type: Wired or wireless. On wired
|
||||
@ -1683,13 +1678,13 @@ protocol babel [<name>] {
|
||||
type interfaces, where gradual cost degradation is used instead of sharp
|
||||
limit. Default: 12.
|
||||
|
||||
<tag><label id="babel-hello">hello interval <m/num/</tag>
|
||||
<tag><label id="babel-hello">hello interval <m/time/ s|ms</tag>
|
||||
Interval at which periodic Hello messages are sent on this interface,
|
||||
in seconds. Default: 4 seconds.
|
||||
with time units. Default: 4 seconds.
|
||||
|
||||
<tag><label id="babel-update">update interval <m/num/</tag>
|
||||
Interval at which periodic (full) updates are sent. Default: 4 times the
|
||||
hello interval.
|
||||
<tag><label id="babel-update">update interval <m/time/ s|ms</tag>
|
||||
Interval at which periodic (full) updates are sent, with time
|
||||
units. Default: 4 times the hello interval.
|
||||
|
||||
<tag><label id="babel-port">port <m/number/</tag>
|
||||
This option selects an UDP port to operate on. The default is to operate
|
||||
@ -1722,9 +1717,7 @@ protocol babel [<name>] {
|
||||
|
||||
<tag><label id="babel-next-hop-ipv4">next hop ipv4 <m/address/</tag>
|
||||
Set the next hop address advertised for IPv4 routes advertised on this
|
||||
interface. If not set, the first IPv4 address found on the interface will
|
||||
be used, so it should only be necessary to set this option if this
|
||||
auto-detection fails or finds the wrong address.
|
||||
interface. Default: the preferred IPv4 address of the interface.
|
||||
|
||||
<tag><label id="babel-next-hop-ipv6">next hop ipv6 <m/address/</tag>
|
||||
Set the next hop address advertised for IPv6 routes advertised on this
|
||||
@ -1771,8 +1764,10 @@ protocol babel {
|
||||
<sect1>Known issues
|
||||
<label id="babel-issues">
|
||||
|
||||
<p>When retracting a route, Babel sends instead an unreachable route for a little while (according to RFC). The
|
||||
interaction of this behavior with other protocols is not well tested and strange things may happen.
|
||||
<p>When retracting a route, Babel generates an unreachable route for a little
|
||||
while (according to RFC). The interaction of this behavior with other protocols
|
||||
is not well tested and strange things may happen.
|
||||
|
||||
|
||||
<sect>BFD
|
||||
<label id="bfd">
|
||||
@ -2149,7 +2144,7 @@ using the following configuration parameters:
|
||||
BIRD tracks the link state of the associated interface and when link
|
||||
disappears (e.g. an ethernet cable is unplugged), the BGP session is
|
||||
immediately shut down. Note that this option cannot be used with
|
||||
multihop BGP. Default: disabled.
|
||||
multihop BGP. Default: enabled for direct BGP, disabled otherwise.
|
||||
|
||||
<tag><label id="bgp-bfd">bfd <M>switch</M></tag>
|
||||
BGP could use BFD protocol as an advisory mechanism for neighbor
|
||||
@ -2386,7 +2381,7 @@ using the following configuration parameters:
|
||||
|
||||
<tag><label id="bgp-igp-metric">igp metric <m/switch/</tag>
|
||||
Enable comparison of internal distances to boundary routers during best
|
||||
route selection. Default: on.
|
||||
route selection. Default: on.
|
||||
|
||||
<tag><label id="bgp-prefer-older">prefer older <m/switch/</tag>
|
||||
Standard route selection algorithm breaks ties by comparing router IDs.
|
||||
@ -2601,10 +2596,9 @@ some of them (marked with `<tt/O/') are optional.
|
||||
|
||||
<p><code>
|
||||
protocol bgp {
|
||||
local as 65000; # Use a private AS number
|
||||
local 198.51.100.14 as 65000; # Use a private AS number
|
||||
neighbor 198.51.100.130 as 64496; # Our neighbor ...
|
||||
multihop; # ... which is connected indirectly
|
||||
source address 198.51.100.14; # Use a non-standard source address
|
||||
ipv4 {
|
||||
export filter { # We use non-trivial export rules
|
||||
if source = RTS_STATIC then { # Export only static routes
|
||||
@ -2655,7 +2649,6 @@ interfaces to be defined for them to work with.
|
||||
<label id="device-config">
|
||||
|
||||
<p><descrip>
|
||||
|
||||
<tag><label id="device-scan-time">scan time <m/number/</tag>
|
||||
Time in seconds between two scans of the network interface list. On
|
||||
systems where we are notified about interface status changes
|
||||
@ -2663,19 +2656,26 @@ interfaces to be defined for them to work with.
|
||||
list only in order to avoid confusion by lost notification messages,
|
||||
so the default time is set to a large value.
|
||||
|
||||
<tag><label id="device-primary">primary [ "<m/mask/" ] <m/prefix/</tag>
|
||||
If a network interface has more than one network address, BIRD has to
|
||||
choose one of them as a primary one. By default, BIRD chooses the
|
||||
lexicographically smallest address as the primary one.
|
||||
<tag><label id="device-iface">interface <m/pattern/ [, <m/.../]</tag>
|
||||
|
||||
This option allows to specify which network address should be chosen as
|
||||
a primary one. Network addresses that match <m/prefix/ are preferred to
|
||||
non-matching addresses. If more <cf/primary/ options are used, the first
|
||||
one has the highest preference. If "<m/mask/" is specified, then such
|
||||
<cf/primary/ option is relevant only to matching network interfaces.
|
||||
By default, the Device protocol handles all interfaces without any
|
||||
configuration. Interface definitions allow to specify optional
|
||||
parameters for specific interfaces. See <ref id="proto-iface"
|
||||
name="interface"> common option for detailed description. Currently only
|
||||
one interface option is available:
|
||||
|
||||
In all cases, an address marked by operating system as secondary cannot
|
||||
be chosen as the primary one.
|
||||
<tag><label id="device-preferred">preferred <m/ip/</tag>
|
||||
If a network interface has more than one IP address, BIRD chooses one of
|
||||
them as a preferred one. Preferred IP address is used as source address
|
||||
for packets or announced next hop by routing protocols. Precisely, BIRD
|
||||
chooses one preferred IPv4 address, one preferred IPv6 address and one
|
||||
preferred link-local IPv6 address. By default, BIRD chooses the first
|
||||
found IP address as the preferred one.
|
||||
|
||||
This option allows to specify which IP address should be preferred. May
|
||||
be used multiple times for different address classes (IPv4, IPv6, IPv6
|
||||
link-local). In all cases, an address marked by operating system as
|
||||
secondary cannot be chosen as the primary one.
|
||||
</descrip>
|
||||
|
||||
<p>As the Device protocol doesn't generate any routes, it cannot have
|
||||
@ -2684,18 +2684,21 @@ any attributes. Example configuration looks like this:
|
||||
<p><code>
|
||||
protocol device {
|
||||
scan time 10; # Scan the interfaces often
|
||||
primary "eth0" 192.168.1.1;
|
||||
primary 192.168.0.0/16;
|
||||
interface "eth0" {
|
||||
preferred 192.168.1.1;
|
||||
preferred 2001:db8:1:10::1;
|
||||
};
|
||||
}
|
||||
</code>
|
||||
|
||||
|
||||
<sect>Direct
|
||||
<label id="direct">
|
||||
|
||||
<p>The Direct protocol is a simple generator of device routes for all the
|
||||
directly connected networks according to the list of interfaces provided by the
|
||||
kernel via the Device protocol. The Direct protocol supports IPv4 and IPv6 channels
|
||||
in any count.
|
||||
kernel via the Device protocol. The Direct protocol supports both IPv4 and IPv6
|
||||
channels.
|
||||
|
||||
<p>The question is whether it is a good idea to have such device routes in BIRD
|
||||
routing table. OS kernel usually handles device routes for directly connected
|
||||
@ -2739,13 +2742,13 @@ on Linux systems BIRD cannot change non-BIRD route in the kernel routing table.
|
||||
|
||||
<p><code>
|
||||
protocol direct {
|
||||
interface "-arc*", "*"; # Exclude the ARCnets
|
||||
ipv4;
|
||||
ipv4 { table myothertable; };
|
||||
ipv6;
|
||||
interface "-arc*", "*"; # Exclude the ARCnets
|
||||
}
|
||||
</code>
|
||||
|
||||
|
||||
<sect>Kernel
|
||||
<label id="krt">
|
||||
|
||||
@ -2778,8 +2781,9 @@ routing table, there are two limitations - it is not possible to connect more
|
||||
kernel protocols to the same routing table and changing route destination
|
||||
(gateway) in an export filter of a kernel protocol does not work. Both
|
||||
limitations can be overcome using another routing table and the pipe protocol.
|
||||
The Kernel protocol obviously supports only two channels -- IPv4 and IPv6; only
|
||||
one of them can be configured in each protocol instance.
|
||||
|
||||
<p>The Kernel protocol supports both IPv4 and IPv6 channels; only one of them
|
||||
can be configured in each protocol instance.
|
||||
|
||||
<sect1>Configuration
|
||||
<label id="krt-config">
|
||||
@ -2798,13 +2802,6 @@ one of them can be configured in each protocol instance.
|
||||
routing daemons or by the system administrator. This is possible only on
|
||||
systems which support identification of route authorship.
|
||||
|
||||
<tag><label id="krt-device-routes">device routes <m/switch/</tag>
|
||||
Enable export of device routes to the kernel routing table. By default,
|
||||
such routes are rejected (with the exception of explicitly configured
|
||||
device routes from the static protocol) regardless of the export filter
|
||||
to protect device routes in kernel routing table (managed by OS itself)
|
||||
from accidental overwriting or erasing.
|
||||
|
||||
<tag><label id="krt-kernel-table">kernel table <m/number/</tag>
|
||||
Select which kernel table should this particular instance of the Kernel
|
||||
protocol work with. Available only on systems supporting multiple
|
||||
@ -2971,7 +2968,11 @@ different id. These definitions includes many other switches and multiple
|
||||
definitions of interfaces. Definition of interface may contain many switches and
|
||||
constant definitions and list of neighbors on nonbroadcast networks.
|
||||
|
||||
<p>OSPF v2 needs one IPv4 channel, OSPF v3 needs one IPv6 channel.
|
||||
<p>OSPFv2 needs one IPv4 channel. OSPFv3 needs either one IPv6 channel, or one
|
||||
IPv4 channel (<rfc id="5838">). Therefore, it is possible to use OSPFv3 for both
|
||||
IPv4 and Pv6 routing, but it is necessary to have two protocol instances anyway.
|
||||
If no channel is configured, appropriate channel is defined with default
|
||||
parameters.
|
||||
|
||||
<code>
|
||||
protocol ospf [v2|v3] <name> {
|
||||
@ -3114,8 +3115,8 @@ protocol ospf [v2|v3] <name> {
|
||||
(equal-cost multipath) routes. Such routes are used when there are
|
||||
several directions to the destination, each with the same (computed)
|
||||
cost. This option also allows to specify a limit on maximum number of
|
||||
nexthops in one route. By default, ECMP is disabled. If enabled,
|
||||
default value of the limit is 16.
|
||||
nexthops in one route. By default, ECMP is enabled if supported by
|
||||
Kernel. Default value of the limit is 16.
|
||||
|
||||
<tag><label id="ospf-merge-external">merge external <M>switch</M></tag>
|
||||
This option specifies whether OSPF should merge external routes from
|
||||
@ -3354,7 +3355,7 @@ protocol ospf [v2|v3] <name> {
|
||||
are immediately considered unreachable and only the address of the iface
|
||||
(instead of whole network prefix) is propagated. It is possible that
|
||||
some hardware drivers or platforms do not implement this feature.
|
||||
Default value is no.
|
||||
Default value is yes.
|
||||
|
||||
<tag><label id="ospf-bfd">bfd <M>switch</M></tag>
|
||||
OSPF could use BFD protocol as an advisory mechanism for neighbor
|
||||
@ -3441,8 +3442,6 @@ network. This attribute is read-only. Default is <cf/ospf_metric2 = 10000/ and
|
||||
|
||||
<p><code>
|
||||
protocol ospf MyOSPF {
|
||||
rfc1583compat yes;
|
||||
tick 2;
|
||||
ipv4 {
|
||||
export filter {
|
||||
if source = RTS_BGP then {
|
||||
@ -3549,17 +3548,14 @@ exporting a selected subset of one table to another one.
|
||||
<sect1>Configuration
|
||||
<label id="pipe-config">
|
||||
|
||||
<p>Technically, the Pipe protocol is just a channel connected to a table on both sides.
|
||||
Therefore, the configuration block for <cf/protocol pipe/ shall directly include
|
||||
standard channel config options; see the example below.
|
||||
<p>Essentially, the Pipe protocol is just a channel connected to a table on both
|
||||
sides. Therefore, the configuration block for <cf/protocol pipe/ shall directly
|
||||
include standard channel config options; see the example below.
|
||||
|
||||
<p><descrip>
|
||||
<tag><label id="pipe-peer-table">peer table <m/table/</tag>
|
||||
Defines secondary routing table to connect to. The primary one is
|
||||
selected by the <cf/table/ keyword.
|
||||
|
||||
<tag><label id="pipe-mode">mode opaque|transparent</tag>
|
||||
Specifies the mode for the pipe to work in. Default is transparent.
|
||||
</descrip>
|
||||
|
||||
<sect1>Attributes
|
||||
@ -3586,35 +3582,27 @@ Pipe protocol while decreasing their preferences and correcting their BGP paths
|
||||
to reflect the AS boundary crossing.
|
||||
|
||||
<code>
|
||||
table as1; # Define the tables
|
||||
table as2;
|
||||
ipv4 table as1; # Define the tables
|
||||
ipv4 table as2;
|
||||
|
||||
protocol kernel kern1 { # Synchronize them with the kernel
|
||||
ipv4 { table as1; };
|
||||
ipv4 { table as1; export all; };
|
||||
kernel table 1;
|
||||
}
|
||||
|
||||
protocol kernel kern2 {
|
||||
ipv4 { table as2; };
|
||||
ipv4 { table as2; export all; };
|
||||
kernel table 2;
|
||||
}
|
||||
|
||||
protocol bgp bgp1 { # The outside connections
|
||||
ipv4 {
|
||||
table as1;
|
||||
export all;
|
||||
import all;
|
||||
};
|
||||
ipv4 { table as1; export all; };
|
||||
local as 1;
|
||||
neighbor 192.168.0.1 as 1001;
|
||||
}
|
||||
|
||||
protocol bgp bgp2 {
|
||||
ipv4 {
|
||||
table as2;
|
||||
export all;
|
||||
import all;
|
||||
};
|
||||
ipv4 { table as2; export all; };
|
||||
local as 2;
|
||||
neighbor 10.0.0.1 as 1002;
|
||||
}
|
||||
@ -3657,7 +3645,7 @@ addresses and choose a default route. BIRD implements router behavior as defined
|
||||
in <rfc id="4861">, router preferences and specific routes (<rfc id="4191">),
|
||||
and DNS extensions (<rfc id="6106">).
|
||||
|
||||
<p>The RAdv protocols supports only IPv6 channels.
|
||||
<p>The RAdv protocols supports just IPv6 channel.
|
||||
|
||||
<sect1>Configuration
|
||||
<label id="radv-config">
|
||||
@ -3827,7 +3815,6 @@ definitions, prefix definitions and DNS definitions:
|
||||
option above. Default: no.
|
||||
</descrip>
|
||||
|
||||
|
||||
<p>Prefix specific options
|
||||
|
||||
<descrip>
|
||||
@ -3879,7 +3866,6 @@ definitions, prefix definitions and DNS definitions:
|
||||
valid DNS servers. Default: 3 * <cf/max ra interval/.
|
||||
</descrip>
|
||||
|
||||
|
||||
<p>DNSSL specific options:
|
||||
|
||||
<descrip>
|
||||
@ -3917,10 +3903,10 @@ definitions, prefix definitions and DNS definitions:
|
||||
<label id="radv-exam">
|
||||
|
||||
<p><code>
|
||||
table radv_routes; # Manually configured routes go here
|
||||
ipv6 table radv_routes; # Manually configured routes go here
|
||||
|
||||
protocol static {
|
||||
table radv_routes;
|
||||
ipv6 { table radv_routes; };
|
||||
|
||||
route 2001:0DB8:4000::/48 unreachable;
|
||||
route 2001:0DB8:4010::/48 unreachable;
|
||||
@ -3933,8 +3919,7 @@ protocol static {
|
||||
|
||||
protocol radv {
|
||||
propagate routes yes; # Propagate the routes from the radv_routes table
|
||||
table radv_routes;
|
||||
export all;
|
||||
ipv6 { table radv_routes; export all; };
|
||||
|
||||
interface "eth2" {
|
||||
max ra interval 5; # Fast failover with more routers
|
||||
@ -3970,6 +3955,7 @@ protocol radv {
|
||||
}
|
||||
</code>
|
||||
|
||||
|
||||
<sect>RIP
|
||||
<label id="rip">
|
||||
|
||||
@ -4003,6 +3989,9 @@ definitions, most RIP options are interface specific. RIPng (RIP for IPv6)
|
||||
protocol instance can be configured by using <cf/rip ng/ instead of just
|
||||
<cf/rip/ as a protocol type.
|
||||
|
||||
<p>RIP needs one IPv4 channel. RIPng needs one IPv6 channel. If no channel is
|
||||
configured, appropriate channel is defined with default parameters.
|
||||
|
||||
<code>
|
||||
protocol rip [ng] [<name>] {
|
||||
infinity <number>;
|
||||
@ -4053,8 +4042,8 @@ protocol rip [ng] [<name>] {
|
||||
(equal-cost multipath) routes. Such routes are used when there are
|
||||
several directions to the destination, each with the same (computed)
|
||||
cost. This option also allows to specify a limit on maximum number of
|
||||
nexthops in one route. By default, ECMP is disabled. If enabled,
|
||||
default value of the limit is 16.
|
||||
nexthops in one route. By default, ECMP is enabled if supported by
|
||||
Kernel. Default value of the limit is 16.
|
||||
|
||||
<tag><label id="rip-iface">interface <m/pattern/ [, <m/.../] { <m/options/ }</tag>
|
||||
Interface definitions specify a set of interfaces on which the
|
||||
@ -4200,7 +4189,7 @@ protocol rip [ng] [<name>] {
|
||||
unplugged), neighbors are immediately considered unreachable and all
|
||||
routes received from them are withdrawn. It is possible that some
|
||||
hardware drivers or platforms do not implement this feature.
|
||||
Default: no.
|
||||
Default: yes.
|
||||
</descrip>
|
||||
|
||||
<sect1>Attributes
|
||||
@ -4227,8 +4216,10 @@ protocol rip [ng] [<name>] {
|
||||
|
||||
<p><code>
|
||||
protocol rip {
|
||||
import all;
|
||||
export all;
|
||||
ipv4 {
|
||||
import all;
|
||||
export all;
|
||||
};
|
||||
interface "eth*" {
|
||||
metric 2;
|
||||
port 1520;
|
||||
@ -4241,6 +4232,7 @@ protocol rip {
|
||||
}
|
||||
</code>
|
||||
|
||||
|
||||
<sect>RPKI
|
||||
|
||||
<sect1>Introduction
|
||||
@ -4248,7 +4240,7 @@ protocol rip {
|
||||
<p>The Resource Public Key Infrastructure (RPKI) is mechanism for origin
|
||||
validation of BGP routes (RFC 6480). BIRD supports only so-called RPKI-based
|
||||
origin validation. There is implemented RPKI to Router (RPKI-RTR) protocol (RFC
|
||||
6810). It uses some of the RPKI data to allow a router to verify that the
|
||||
6810). It uses some of the RPKI data to allow a router to verify that the
|
||||
autonomous system announcing an IP address prefix is in fact authorized to do
|
||||
so. This is not crypto checked so can be violated. But it should prevent the
|
||||
vast majority of accidental hijackings on the Internet today, e.g. the famous
|
||||
@ -4294,10 +4286,10 @@ protocol rpki [<name>] {
|
||||
}
|
||||
</code>
|
||||
|
||||
<p>Alse note that you have to specify the ROA channel.
|
||||
If you want to import only IPv4 prefixes you have
|
||||
to specify only roa4 channel. Similarly with IPv6 prefixes only. If you want to
|
||||
fetch both IPv4 and even IPv6 ROAs you have to specify both channels.
|
||||
<p>Alse note that you have to specify the ROA channel. If you want to import
|
||||
only IPv4 prefixes you have to specify only roa4 channel. Similarly with IPv6
|
||||
prefixes only. If you want to fetch both IPv4 and even IPv6 ROAs you have to
|
||||
specify both channels.
|
||||
|
||||
<sect2>RPKI protocol options
|
||||
|
||||
@ -4365,21 +4357,20 @@ roa6 table r6;
|
||||
|
||||
protocol rpki {
|
||||
debug all;
|
||||
|
||||
|
||||
roa4 { table r4; };
|
||||
roa6 { table r6; };
|
||||
|
||||
# Please, do not use rpki-validator.realmv6.org in production
|
||||
remote "rpki-validator.realmv6.org" port 8282;
|
||||
|
||||
|
||||
retry keep 5;
|
||||
refresh keep 30;
|
||||
expire 600;
|
||||
}
|
||||
|
||||
filter peer_in {
|
||||
if (roa_check(r4, net, bgp_path.last) = ROA_INVALID ||
|
||||
roa_check(r6, net, bgp_path.last) = ROA_INVALID) then
|
||||
filter peer_in_v4 {
|
||||
if (roa_check(r4, net, bgp_path.last) = ROA_INVALID) then
|
||||
{
|
||||
print "Ignore invalid ROA ", net, " for ASN ", bgp_path.last;
|
||||
reject;
|
||||
@ -4391,7 +4382,7 @@ protocol bgp {
|
||||
debug all;
|
||||
local as 65000;
|
||||
neighbor 192.168.2.1 as 65001;
|
||||
import filter peer_in;
|
||||
ipv4 { import filter peer_in_v4; };
|
||||
}
|
||||
</code>
|
||||
|
||||
@ -4402,23 +4393,22 @@ roa6 table r6;
|
||||
|
||||
protocol rpki {
|
||||
debug all;
|
||||
|
||||
|
||||
roa4 { table r4; };
|
||||
roa6 { table r6; };
|
||||
|
||||
|
||||
remote 127.0.0.1 port 2345;
|
||||
transport ssh {
|
||||
bird private key "/home/birdgeek/.ssh/id_rsa";
|
||||
remote public key "/home/birdgeek/.ssh/known_hosts";
|
||||
user "birdgeek";
|
||||
};
|
||||
|
||||
|
||||
# Default interval values
|
||||
}
|
||||
</code>
|
||||
|
||||
|
||||
|
||||
<sect>Static
|
||||
<label id="static">
|
||||
|
||||
@ -4461,10 +4451,12 @@ There exist several types of routes; keep in mind that <m/prefix/ syntax is
|
||||
<tag>route <m/prefix/ via <m/ip/|<m/"interface"/ [mpls <m/num/[/<m/num/[/<m/num/[...]]]]</tag>
|
||||
Next hop routes may bear one or more <ref id="route-next-hop" name="next hops">.
|
||||
Every next hop is preceded by <cf/via/ and configured as shown.
|
||||
|
||||
<tag>route <m/prefix/ recursive <m/ip/ [mpls <m/num/[/<m/num/[/<m/num/[...]]]]</tag>
|
||||
Recursive nexthop resolves the given IP in the configured IGP table and
|
||||
uses that route's next hop. The MPLS stacks are concatenated; on top is
|
||||
the IGP's nexthop stack and on bottom is this route's stack.
|
||||
|
||||
<tag>route <m/prefix/ blackhole|unreachable|prohibit</tag>
|
||||
Special routes specifying to silently drop the packet, return it as
|
||||
unreachable or return it as administratively prohibited. First two
|
||||
@ -4559,7 +4551,7 @@ protocol static {
|
||||
length > 1024;
|
||||
dscp = 63;
|
||||
fragment dont_fragment, is_fragment || !first_fragment;
|
||||
} drop;
|
||||
};
|
||||
}
|
||||
</code>
|
||||
|
||||
@ -4607,7 +4599,7 @@ protocol static {
|
||||
tcp flags 0x03/0x0f, !0/0xff || 0x33/0x33;
|
||||
fragment !is_fragment || !first_fragment;
|
||||
label 0xaaaa/0xaaaa && 0x33/0x33;
|
||||
} drop;
|
||||
};
|
||||
}
|
||||
</code>
|
||||
|
||||
@ -4661,6 +4653,7 @@ protocol static {
|
||||
}
|
||||
</code>
|
||||
|
||||
|
||||
<chapt>Conclusions
|
||||
<label id="conclusion">
|
||||
|
||||
|
@ -49,7 +49,7 @@ struct krt_config {
|
||||
btime scan_time; /* How often we re-scan routes */
|
||||
int persist; /* Keep routes when we exit */
|
||||
int learn; /* Learn routes from other sources */
|
||||
int devroutes; /* Allow export of device routes */
|
||||
int devroutes; /* XXX: remove */
|
||||
int graceful_restart; /* Regard graceful restart recovery */
|
||||
};
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user