version 1.1.2.1, 2017/08/22 14:36:56
|
version 1.1.2.2, 2020/06/11 00:54:19
|
Line 1
|
Line 1
|
/* | # This is a basic configuration file, which contains boilerplate options and |
* This is an example configuration file. | # some basic examples. It allows the BIRD daemon to start but will not cause |
*/ | # anything else to happen. |
| # |
| # Please refer to the BIRD User's Guide documentation, which is also available |
| # online at http://bird.network.cz/ in HTML format, for more information on |
| # configuring BIRD and adding routing protocols. |
|
|
# Yes, even shell-like comments work... |
|
|
|
# Configure logging |
# Configure logging |
#log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug }; | log syslog all; |
#log stderr all; | # log "/var/log/bird.log" { debug, trace, info, remote, warning, error, auth, fatal, bug }; |
#log "tmp" all; | |
|
|
# Override router ID | # Set router ID. It is a unique identification of your router, usually one of |
#router id 198.51.100.1; | # IPv4 addresses of the router. It is recommended to configure it explicitly. |
| # router id 198.51.100.1; |
|
|
# You can define your own symbols... | # Turn on global debugging of all protocols (all messages or just selected classes) |
#define xyzzy = (120+10); | # debug protocols all; |
#define '1a-a1' = (30+40); | # debug protocols { events, states }; |
|
|
# Define a route filter... | # Turn on internal watchdog |
#filter test_filter { | # watchdog warning 5 s; |
# if net ~ 10.0.0.0/16 then accept; | # watchdog timeout 30 s; |
# else reject; | |
#} | |
|
|
#filter sink { reject; } | # You can define your own constants |
#filter okay { accept; } | # define my_asn = 65000; |
| # define my_addr = 198.51.100.1; |
|
|
#include "filters.conf"; | # Tables master4 and master6 are defined by default |
| # ipv4 table master4; |
| # ipv6 table master6; |
|
|
# Define another routing table | # Define more tables, e.g. for policy routing or as MRIB |
#table testable; | # ipv4 table mrib4; |
| # ipv6 table mrib6; |
|
|
# Turn on global debugging of all protocols | # The Device protocol is not a real routing protocol. It does not generate any |
#debug protocols all; | # routes and it only serves as a module for getting information about network |
| # interfaces from the kernel. It is necessary in almost any configuration. |
| protocol device { |
| } |
|
|
# Turn on internal watchdog | # The direct protocol is not a real routing protocol. It automatically generates |
#watchdog warning 5 s; | # direct routes to all network interfaces. Can exist in as many instances as you |
#watchdog timeout 30 s; | # wish if you want to populate multiple routing tables with direct routes. |
| protocol direct { |
| disabled; # Disable by default |
| ipv4; # Connect to default IPv4 table |
| ipv6; # ... and to default IPv6 table |
| } |
|
|
# The direct protocol automatically generates device routes to | # The Kernel protocol is not a real routing protocol. Instead of communicating |
# all network interfaces. Can exist in as many instances as you wish | # with other routers in the network, it performs synchronization of BIRD |
# if you want to populate multiple routing tables with device routes. | # routing tables with the OS kernel. One instance per table. |
#protocol direct { | |
# interface "-eth*", "*"; # Restrict network interfaces it works with | |
#} | |
| |
# This pseudo-protocol performs synchronization between BIRD's routing | |
# tables and the kernel. If your kernel supports multiple routing tables | |
# (as Linux 2.2.x does), you can run multiple instances of the kernel | |
# protocol and synchronize different kernel tables with different BIRD tables. | |
protocol kernel { |
protocol kernel { |
# learn; # Learn all alien routes from the kernel | ipv4 { # Connect protocol to IPv4 table by channel |
persist; # Don't remove routes on bird shutdown | # table master4; # Default IPv4 table is master4 |
scan time 20; # Scan kernel routing table every 20 seconds | # import all; # Import to table, default is import all |
# import none; # Default is import all | export all; # Export to protocol. default is export none |
export all; # Default is export none | }; |
# kernel table 5; # Kernel table to synchronize with (default: main) | # learn; # Learn alien routes from the kernel |
| # kernel table 10; # Kernel table to synchronize with (default: main) |
} |
} |
|
|
# This pseudo-protocol watches all interface up/down events. | # Another instance for IPv6, skipping default options |
protocol device { | protocol kernel { |
scan time 10; # Scan interfaces every 10 seconds | ipv6 { export all; }; |
} |
} |
|
|
# Static routes (again, there can be multiple instances, so that you | # Static routes (Again, there can be multiple instances, for different address |
# can disable/enable various groups of static routes on the fly). | # families and to disable/enable various groups of static routes on the fly). |
protocol static { |
protocol static { |
# disabled; # Disable by default | ipv4; # Again, IPv4 channel with default options |
# table testable; # Connect to a non-default table | |
# preference 1000; # Default preference of routes | # route 0.0.0.0/0 via 198.51.100.10; |
# debug { states, routes, filters, interfaces, events, packets }; | # route 192.0.2.0/24 blackhole; |
# debug all; | |
# route 0.0.0.0/0 via 198.51.100.13; | |
# route 198.51.100.0/25 unreachable; | |
# route 10.0.0.0/8 unreachable; |
# route 10.0.0.0/8 unreachable; |
# route 10.1.1.0:255.255.255.0 via 198.51.100.3; | # route 10.2.0.0/24 via "eth0"; |
# route 10.1.2.0:255.255.255.0 via 198.51.100.3; | # # Static routes can be defined with optional attributes |
# route 10.1.3.0:255.255.255.0 via 198.51.100.4; | # route 10.1.1.0/24 via 198.51.100.3 { rip_metric = 3; }; |
# route 10.2.0.0/24 via "arc0"; | # route 10.1.2.0/24 via 198.51.100.3 { ospf_metric1 = 100; }; |
| # route 10.1.3.0/24 via 198.51.100.4 { ospf_metric2 = 100; }; |
} |
} |
|
|
# Pipe protocol connects two routing tables... Beware of loops. | # Pipe protocol connects two routing tables. Beware of loops. |
#protocol pipe { | # protocol pipe { |
# peer table testable; | # table master4; # No ipv4/ipv6 channel definition like in other protocols |
# Define what routes do we export to this protocol / import from it. | # peer table mrib4; |
# import all; # default is all | # import all; # Direction peer table -> table |
# export all; # default is none | # export all; # Direction table -> peer table |
# import none; # If you wish to disable imports | # } |
# import filter test_filter; # Use named filter | |
# import where source = RTS_DEVICE; # Use explicit filter | |
#} | |
|
|
# RIP aka Rest In Pieces... | # RIP example, both RIP and RIPng are supported |
#protocol rip MyRIP { # You can also use an explicit name | # protocol rip { |
# preference xyzzy; | # ipv4 { |
# debug all; | # # Export direct, static routes and ones from RIP itself |
# port 1520; | # import all; |
# period 7; | # export where source ~ [ RTS_DEVICE, RTS_STATIC, RTS_RIP ]; |
# infinity 16; | |
# garbage time 60; | |
# interface "*" { mode broadcast; }; | |
# honor neighbor; # To whom do we agree to send the routing table | |
# honor always; | |
# honor never; | |
# passwords { | |
# password "nazdar"; | |
# }; |
# }; |
# authentication none; | # interface "eth*" { |
# import filter { print "importing"; accept; }; | # update time 10; # Default period is 30 |
# export filter { print "exporting"; accept; }; | # timeout time 60; # Default timeout is 180 |
#} | # authentication cryptographic; # No authentication by default |
| # password "hello" { algorithm hmac sha256; }; # Default is MD5 |
| # }; |
| # } |
|
|
#protocol ospf MyOSPF { | # OSPF example, both OSPFv2 and OSPFv3 are supported |
# tick 2; | # protocol ospf v3 { |
# rfc1583compat yes; | # ipv6 { |
# area 0.0.0.0 { | # import all; |
# stub no; | # export where source = RTS_STATIC; |
| # }; |
| # area 0 { |
# interface "eth*" { |
# interface "eth*" { |
# hello 9; | # type broadcast; # Detected by default |
# retransmit 6; | # cost 10; # Interface metric |
# cost 10; | # hello 5; # Default hello perid 10 is too long |
# transmit delay 5; | |
# dead count 5; | |
# wait 50; | |
# type broadcast; | |
# authentication simple; | |
# password "pass"; | |
# }; |
# }; |
# interface "arc0" { | # interface "tun*" { |
# rx buffer large; | # type ptp; # PtP mode, avoids DR selection |
# type nonbroadcast; | # cost 100; # Interface metric |
# poll 14; | # hello 5; # Default hello perid 10 is too long |
# dead 75; | |
# neighbors { | |
# 10.1.1.2 eligible; | |
# 10.1.1.4; | |
# }; | |
# strict nonbroadcast yes; | |
# }; |
# }; |
# interface "xxx0" { | # interface "dummy0" { |
# passwords { | # stub; # Stub interface, just propagate it |
# password "abc" { | |
# id 1; | |
# generate to "22-04-2003 11:00:06"; | |
# accept to "17-01-2004 12:01:05"; | |
# }; | |
# password "def" { | |
# id 2; | |
# generate from "22-04-2003 11:00:07"; | |
# accept from "17-01-2003 12:01:05"; | |
# }; | |
# }; | |
# authentication cryptographic; | |
# }; |
# }; |
# }; |
# }; |
# area 20 { |
|
# stub 1; |
|
# interface "ppp1" { |
|
# hello 8; |
|
# authentication none; |
|
# }; |
|
# interface "fr*"; |
|
# virtual link 192.168.0.1 { |
|
# password "sdsdffsdfg"; |
|
# authentication cryptographic; |
|
# }; |
|
# }; |
|
#} |
#} |
|
|
|
# Define simple filter as an example for BGP import filter |
|
# See https://gitlab.labs.nic.cz/labs/bird/wikis/BGP_filtering for more examples |
|
# filter rt_import |
|
# { |
|
# if bgp_path.first != 64496 then accept; |
|
# if bgp_path.len > 64 then accept; |
|
# if bgp_next_hop != from then accept; |
|
# reject; |
|
# } |
|
|
#protocol bgp { | # BGP example, explicit name 'uplink1' is used instead of default 'bgp1' |
# disabled; | # protocol bgp uplink1 { |
# description "My BGP uplink"; |
# description "My BGP uplink"; |
# local as 65000; | # local 198.51.100.1 as 65000; |
# neighbor 198.51.100.130 as 64496; | # neighbor 198.51.100.10 as 64496; |
# multihop; | # hold time 90; # Default is 240 |
# hold time 240; | |
# startup hold time 240; | |
# connect retry time 120; | |
# keepalive time 80; # defaults to hold time / 3 | |
# start delay time 5; # How long do we wait before initial connect | |
# error wait time 60, 300;# Minimum and maximum time we wait after an error (when consecutive | |
# # errors occur, we increase the delay exponentially ... | |
# error forget time 300; # ... until this timeout expires) | |
# disable after error; # Disable the protocol automatically when an error occurs | |
# next hop self; # Disable next hop processing and always advertise our local address as nexthop | |
# path metric 1; # Prefer routes with shorter paths (like Cisco does) | |
# default bgp_med 0; # MED value we use for comparison when none is defined | |
# default bgp_local_pref 0; # The same for local preference | |
# source address 198.51.100.14; # What local address we use for the TCP connection | |
# password "secret"; # Password used for MD5 authentication |
# password "secret"; # Password used for MD5 authentication |
# rr client; # I am a route reflector and the neighor is my client | # |
# rr cluster id 1.0.0.1; # Use this value for cluster id instead of my router id | # ipv4 { # regular IPv4 unicast (1/1) |
# export where source=RTS_STATIC; | # import filter rt_import; |
# export filter { | # export where source ~ [ RTS_STATIC, RTS_BGP ]; |
# if source = RTS_STATIC then { | |
# bgp_community = -empty-; bgp_community = add(bgp_community,(65000,5678)); | |
# bgp_origin = 0; | |
# bgp_community = -empty-; bgp_community.add((65000,5678)); | |
# if (65000,64501) ~ bgp_community then | |
# bgp_community.add((0, 1)); | |
# if bgp_path ~ [= 65000 =] then | |
# bgp_path.prepend(65000); | |
# accept; | |
# } | |
# reject; | |
# }; |
# }; |
#} |
|
# |
# |
# Template usage example | # ipv6 { # regular IPv6 unicast (2/1) |
#template bgp rr_client { | # import filter rt_import; |
# disabled; | # export filter { # The same as 'where' expression above |
# local as 65000; | # if source ~ [ RTS_STATIC, RTS_BGP ] |
# multihop; | # then accept; |
| # else reject; |
| # }; |
| # }; |
| # |
| # ipv4 multicast { # IPv4 multicast topology (1/2) |
| # table mrib4; # explicit IPv4 table |
| # import filter rt_import; |
| # export all; |
| # }; |
| # |
| # ipv6 multicast { # IPv6 multicast topology (2/2) |
| # table mrib6; # explicit IPv6 table |
| # import filter rt_import; |
| # export all; |
| # }; |
| #} |
| |
| # Template example. Using templates to define IBGP route reflector clients. |
| # template bgp rr_clients { |
| # local 10.0.0.1 as 65000; |
| # neighbor as 65000; |
# rr client; |
# rr client; |
# rr cluster id 1.0.0.1; |
# rr cluster id 1.0.0.1; |
#} |
|
# |
# |
#protocol bgp rr_abcd from rr_client { | # ipv4 { |
# neighbor 10.1.4.7 as 65000; | # import all; |
#} | # export where source = RTS_BGP; |
| # }; |
| # |
| # ipv6 { |
| # import all; |
| # export where source = RTS_BGP; |
| # }; |
| # } |
| # |
| # protocol bgp client1 from rr_clients { |
| # neighbor 10.0.1.1; |
| # } |
| # |
| # protocol bgp client2 from rr_clients { |
| # neighbor 10.0.2.1; |
| # } |
| # |
| # protocol bgp client3 from rr_clients { |
| # neighbor 10.0.3.1; |
| # } |