embedaddon/bird/doc/bird-3.html - view

File: [ELWIX - Embedded LightWeight unIX -] / embedaddon / bird / doc / bird-3.html
Revision 1.1.1.2 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Wed Mar 17 19:50:23 2021 UTC (3 years, 4 months ago) by misho
Branches: bird, MAIN
CVS tags: v1_6_8p3, HEAD

bird 1.6.8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <HTML> <HEAD> <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 1.0.9"> <TITLE>BIRD User's Guide: Configuration</TITLE> <LINK HREF="bird-4.html" REL=next> <LINK HREF="bird-2.html" REL=previous> <LINK HREF="bird.html#toc3" REL=contents> </HEAD> <BODY> <A HREF="bird-4.html">Next</A> <A HREF="bird-2.html">Previous</A> <A HREF="bird.html#toc3">Contents</A> <HR> <H2><A NAME="config"></A> <A NAME="s3">3.</A> <A HREF="bird.html#toc3">Configuration</A></H2> <H2><A NAME="config-intro"></A> <A NAME="ss3.1">3.1</A> <A HREF="bird.html#toc3.1">Introduction</A> </H2> BIRD is configured using a text configuration file. Upon startup, BIRD reads prefix<CODE>/etc/bird.conf</CODE> (unless the <CODE>-c</CODE> command line option is given). Configuration may be changed at user's request: if you modify the config file and then signal BIRD with <CODE>SIGHUP</CODE>, it will adjust to the new config. Then there's the client which allows you to talk with BIRD in an extensive way.  In the config, everything on a line after <CODE>#</CODE> or inside <CODE>/* */</CODE> is a comment, whitespace characters are treated as a single space. If there's a variable number of options, they are grouped using the <CODE>{ }</CODE> brackets. Each option is terminated by a <CODE>;</CODE>. Configuration is case sensitive. There are two ways how to name symbols (like protocol names, filter names, constants etc.). You can either use a simple string starting with a letter followed by any combination of letters and numbers (e.g. "R123", "myfilter", "bgp5") or you can enclose the name into apostrophes (<CODE>'</CODE>) and than you can use any combination of numbers, letters. hyphens, dots and colons (e.g. "'1:strange-name'", "'-NAME-'", "'cool::name'").  Here is an example of a simple config file. It enables synchronization of routing tables with OS kernel, scans for new network interfaces every 10 seconds and runs RIP on all network interfaces found.  <HR> <PRE> protocol kernel { persist; # Don't remove routes on BIRD shutdown scan time 20; # Scan kernel routing table every 20 seconds export all; # Default is export none } protocol device { scan time 10; # Scan interfaces every 10 seconds } protocol rip { export all; import all; interface "*"; } </PRE> <HR>   <H2><A NAME="global-opts"></A> <A NAME="ss3.2">3.2</A> <A HREF="bird.html#toc3.2">Global options</A> </H2>  <DL> <DT><CODE> <A NAME="opt-include"></A> include "filename"</CODE><DD>This statement causes inclusion of a new file. Filename could also be a wildcard, in that case matching files are included in alphabetic order. The maximal depth is 8. Note that this statement could be used anywhere in the config file, not just as a top-level option.  <DT><CODE> <A NAME="opt-log"></A> log "filename"|syslog [name name]|stderr all|{ list of classes }</CODE><DD>Set logging of messages having the given class (either <CODE>all</CODE> or <CODE>{ error|trace [, ...] }</CODE> etc.) into selected destination (a file specified as a filename string, syslog with optional name argument, or the stderr output). Classes are: <CODE>info</CODE>, <CODE>warning</CODE>, <CODE>error</CODE> and <CODE>fatal</CODE> for messages about local problems, <CODE>debug</CODE> for debugging messages, <CODE>trace</CODE> when you want to know what happens in the network, <CODE>remote</CODE> for messages about misbehavior of remote machines, <CODE>auth</CODE> about authentication failures, <CODE>bug</CODE> for internal BIRD bugs. You may specify more than one <CODE>log</CODE> line to establish logging to multiple destinations. Default: log everything to the system log.  <DT><CODE> <A NAME="opt-debug-protocols"></A> debug protocols all|off|{ states|routes|filters|interfaces|events|packets [, ...] }</CODE><DD>Set global defaults of protocol debugging options. See <CODE>debug</CODE> in the following section. Default: off.  <DT><CODE> <A NAME="opt-debug-commands"></A> debug commands number</CODE><DD>Control logging of client connections (0 for no logging, 1 for logging of connects and disconnects, 2 and higher for logging of all client commands). Default: 0.  <DT><CODE> <A NAME="opt-debug-latency"></A> debug latency switch</CODE><DD>Activate tracking of elapsed time for internal events. Recent events could be examined using <CODE>dump events</CODE> command. Default: off.  <DT><CODE> <A NAME="opt-debug-latency-limit"></A> debug latency limit time</CODE><DD>If <CODE>debug latency</CODE> is enabled, this option allows to specify a limit for elapsed time. Events exceeding the limit are logged. Default: 1 s.  <DT><CODE> <A NAME="opt-watchdog-warn"></A> watchdog warning time</CODE><DD>Set time limit for I/O loop cycle. If one iteration took more time to complete, a warning is logged. Default: 5 s.  <DT><CODE> <A NAME="opt-watchdog-timeout"></A> watchdog timeout time</CODE><DD>Set time limit for I/O loop cycle. If the limit is breached, BIRD is killed by abort signal. The timeout has effective granularity of seconds, zero means disabled. Default: disabled (0).  <DT><CODE> <A NAME="opt-mrtdump"></A> mrtdump "filename"</CODE><DD>Set MRTdump file name. This option must be specified to allow MRTdump feature. Default: no dump file.  <DT><CODE> <A NAME="opt-mrtdump-protocols"></A> mrtdump protocols all|off|{ states|messages [, ...] }</CODE><DD>Set global defaults of MRTdump options. See <CODE>mrtdump</CODE> in the following section. Default: off.  <DT><CODE> <A NAME="opt-filter"></A> filter name local variables{ commands }</CODE><DD>Define a filter. You can learn more about filters in the following chapter.  <DT><CODE> <A NAME="opt-function"></A> function name (parameters) local variables { commands }</CODE><DD>Define a function. You can learn more about functions in the following chapter.  <DT><CODE> <A NAME="opt-protocol"></A> protocol rip|ospf|bgp|... [name [from name2]] { protocol options }</CODE><DD>Define a protocol instance called <CODE>name</CODE> (or with a name like "rip5" generated automatically if you don't specify any <CODE>name</CODE>). You can learn more about configuring protocols in their own chapters. When <CODE>from name2</CODE> expression is used, initial protocol options are taken from protocol or template <CODE>name2</CODE> You can run more than one instance of most protocols (like RIP or BGP). By default, no instances are configured.  <DT><CODE> <A NAME="opt-template"></A> template rip|bgp|... [name [from name2]] { protocol options }</CODE><DD>Define a protocol template instance called name (or with a name like "bgp1" generated automatically if you don't specify any name). Protocol templates can be used to group common options when many similarly configured protocol instances are to be defined. Protocol instances (and other templates) can use templates by using <CODE>from</CODE> expression and the name of the template. At the moment templates (and <CODE>from</CODE> expression) are not implemented for OSPF protocol.  <DT><CODE> <A NAME="opt-define"></A> define constant = expression</CODE><DD>Define a constant. You can use it later in every place you could use a value of the same type. Besides, there are some predefined numeric constants based on /etc/iproute2/rt_* files. A list of defined constants can be seen (together with other symbols) using 'show symbols' command.  <DT><CODE> <A NAME="opt-router-id"></A> router id IPv4 address</CODE><DD>Set BIRD's router ID. It's a world-wide unique identification of your router, usually one of router's IPv4 addresses. Default: in IPv4 version, the lowest IP address of a non-loopback interface. In IPv6 version, this option is mandatory.  <DT><CODE> <A NAME="opt-router-id-from"></A> router id from [-] [ "mask" ] [ prefix ] [, ...]</CODE><DD>Set BIRD's router ID based on an IP address of an interface specified by an interface pattern. The option is applicable for IPv4 version only. See <A HREF="#proto-iface">interface</A> section for detailed description of interface patterns with extended clauses.  <DT><CODE> <A NAME="opt-listen-bgp"></A> listen bgp [address address] [port port] [dual]</CODE><DD>This option allows to specify address and port where BGP protocol should listen. It is global option as listening socket is common to all BGP instances. Default is to listen on all addresses (0.0.0.0) and port 179. In IPv6 mode, option <CODE>dual</CODE> can be used to specify that BGP socket should accept both IPv4 and IPv6 connections (but even in that case, BIRD would accept IPv6 routes only). Such behavior was default in older versions of BIRD.  <DT><CODE> <A NAME="opt-graceful-restart"></A> graceful restart wait number</CODE><DD>During graceful restart recovery, BIRD waits for convergence of routing protocols. This option allows to specify a timeout for the recovery to prevent waiting indefinitely if some protocols cannot converge. Default: 240 seconds.  <DT><CODE> <A NAME="opt-timeformat"></A> timeformat route|protocol|base|log "format1" [limit "format2"]</CODE><DD>This option allows to specify a format of date/time used by BIRD. The first argument specifies for which purpose such format is used. <CODE>route</CODE> is a format used in 'show route' command output, <CODE>protocol</CODE> is used in 'show protocols' command output, <CODE>base</CODE> is used for other commands and <CODE>log</CODE> is used in a log file. "format1" is a format string using strftime(3) notation (see man strftime for details). limit> and "format2" allow to specify the second format string for times in past deeper than limit seconds. There are few shorthands: <CODE>iso long</CODE> is a ISO 8601 datetime format (YYYY-MM-DD hh:mm:ss) that can be also specified using <CODE>"%F %T"</CODE>. <CODE>iso short</CODE> is a variant of ISO 8601 that uses just the time format (hh:mm:ss) for near times (up to 20 hours in the past) and the date format (YYYY-MM-DD) for far times. This is a shorthand for <CODE>"%T" 72000 "%F"</CODE>. By default, BIRD uses the <CODE>iso short</CODE> format for <CODE>route</CODE> and <CODE>protocol</CODE> times, and the <CODE>iso long</CODE> format for <CODE>base</CODE> and <CODE>log</CODE> times. In pre-1.4.0 versions, BIRD used an short, ad-hoc format for <CODE>route</CODE> and <CODE>protocol</CODE> times, and a <CODE>iso long</CODE> similar format (DD-MM-YYYY hh:mm:ss) for <CODE>base</CODE> and <CODE>log</CODE>. These timeformats could be set by <CODE>old short</CODE> and <CODE>old long</CODE> compatibility shorthands.  <DT><CODE> <A NAME="opt-table"></A> table name [sorted]</CODE><DD>Create a new routing table. The default routing table is created implicitly, other routing tables have to be added by this command. Option <CODE>sorted</CODE> can be used to enable sorting of routes, see <A HREF="bird-2.html#dsc-table-sorted">sorted table</A> description for details.  <DT><CODE> <A NAME="opt-roa-table"></A> roa table name [ { roa table options ... } ]</CODE><DD>Create a new ROA (Route Origin Authorization) table. ROA tables can be used to validate route origination of BGP routes. A ROA table contains ROA entries, each consist of a network prefix, a max prefix length and an AS number. A ROA entry specifies prefixes which could be originated by that AS number. ROA tables could be filled with data from RPKI (<A HREF="http://www.rfc-editor.org/info/rfc6480">RFC 6480</A>) or from public databases like Whois. ROA tables are examined by <CODE>roa_check()</CODE> operator in filters. Currently, there is just one option, <CODE>roa prefix max num as num</CODE>, which can be used to populate the ROA table with static ROA entries. The option may be used multiple times. Other entries can be added dynamically by <CODE>add roa</CODE> command.  <DT><CODE> <A NAME="opt-eval"></A> eval expr</CODE><DD>Evaluates given filter expression. It is used by us for testing of filters. </DL>   <H2><A NAME="protocol-opts"></A> <A NAME="ss3.3">3.3</A> <A HREF="bird.html#toc3.3">Protocol options</A> </H2> For each protocol instance, you can configure a bunch of options. Some of them (those described in this section) are generic, some are specific to the protocol (see sections talking about the protocols).  Several options use a switch argument. It can be either <CODE>on</CODE>, <CODE>yes</CODE> or a numeric expression with a non-zero value for the option to be enabled or <CODE>off</CODE>, <CODE>no</CODE> or a numeric expression evaluating to zero to disable it. An empty switch is equivalent to <CODE>on</CODE> ("silence means agreement").  <DL> <DT><CODE> <A NAME="proto-preference"></A> preference expr</CODE><DD>Sets the preference of routes generated by this protocol. Default: protocol dependent.  <DT><CODE> <A NAME="proto-disabled"></A> disabled switch</CODE><DD>Disables the protocol. You can change the disable/enable status from the command line interface without needing to touch the configuration. Disabled protocols are not activated. Default: protocol is enabled.  <DT><CODE> <A NAME="proto-debug"></A> debug all|off|{ states|routes|filters|interfaces|events|packets [, ...] }</CODE><DD>Set protocol debugging options. If asked, each protocol is capable of writing trace messages about its work to the log (with category <CODE>trace</CODE>). You can either request printing of <CODE>all</CODE> trace messages or only of the types selected: <CODE>states</CODE> for protocol state changes (protocol going up, down, starting, stopping etc.), <CODE>routes</CODE> for routes exchanged with the routing table, <CODE>filters</CODE> for details on route filtering, <CODE>interfaces</CODE> for interface change events sent to the protocol, <CODE>events</CODE> for events internal to the protocol and <CODE>packets</CODE> for packets sent and received by the protocol. Default: off.  <DT><CODE> <A NAME="proto-mrtdump"></A> mrtdump all|off|{ states|messages [, ...] }</CODE><DD>Set protocol MRTdump flags. MRTdump is a standard binary format for logging information from routing protocols and daemons. These flags control what kind of information is logged from the protocol to the MRTdump file (which must be specified by global <CODE>mrtdump</CODE> option, see the previous section). Although these flags are similar to flags of <CODE>debug</CODE> option, their meaning is different and protocol-specific. For BGP protocol, <CODE>states</CODE> logs BGP state changes and <CODE>messages</CODE> logs received BGP messages. Other protocols does not support MRTdump yet.  <DT><CODE> <A NAME="proto-router-id"></A> router id IPv4 address</CODE><DD>This option can be used to override global router id for a given protocol. Default: uses global router id.  <DT><CODE> <A NAME="proto-import"></A> import all | none | filter name | filter { filter commands } | where filter expression</CODE><DD>Specify a filter to be used for filtering routes coming from the protocol to the routing table. <CODE>all</CODE> is shorthand for <CODE>where true</CODE> and <CODE>none</CODE> is shorthand for <CODE>where false</CODE>. Default: <CODE>all</CODE>.  <DT><CODE> <A NAME="proto-export"></A> export filter</CODE><DD>This is similar to the <CODE>import</CODE> keyword, except that it works in the direction from the routing table to the protocol. Default: <CODE>none</CODE>.  <DT><CODE> <A NAME="proto-import-keep-filtered"></A> import keep filtered switch</CODE><DD>Usually, if an import filter rejects a route, the route is forgotten. When this option is active, these routes are kept in the routing table, but they are hidden and not propagated to other protocols. But it is possible to show them using <CODE>show route filtered</CODE>. Note that this option does not work for the pipe protocol. Default: off.  <DT><CODE> <A NAME="proto-import-limit"></A> import limit [number | off ] [action warn | block | restart | disable]</CODE><DD>Specify an import route limit (a maximum number of routes imported from the protocol) and optionally the action to be taken when the limit is hit. Warn action just prints warning log message. Block action discards new routes coming from the protocol. Restart and disable actions shut the protocol down like appropriate commands. Disable is the default action if an action is not explicitly specified. Note that limits are reset during protocol reconfigure, reload or restart. Default: <CODE>off</CODE>.  <DT><CODE> <A NAME="proto-receive-limit"></A> receive limit [number | off ] [action warn | block | restart | disable]</CODE><DD>Specify an receive route limit (a maximum number of routes received from the protocol and remembered). It works almost identically to <CODE>import limit</CODE> option, the only difference is that if <CODE>import keep filtered</CODE> option is active, filtered routes are counted towards the limit and blocked routes are forgotten, as the main purpose of the receive limit is to protect routing tables from overflow. Import limit, on the contrary, counts accepted routes only and routes blocked by the limit are handled like filtered routes. Default: <CODE>off</CODE>.  <DT><CODE> <A NAME="proto-export-limit"></A> export limit [ number | off ] [action warn | block | restart | disable]</CODE><DD>Specify an export route limit, works similarly to the <CODE>import limit</CODE> option, but for the routes exported to the protocol. This option is experimental, there are some problems in details of its behavior -- the number of exported routes can temporarily exceed the limit without triggering it during protocol reload, exported routes counter ignores route blocking and block action also blocks route updates of already accepted routes -- and these details will probably change in the future. Default: <CODE>off</CODE>.  <DT><CODE> <A NAME="proto-description"></A> description "text"</CODE><DD>This is an optional description of the protocol. It is displayed as a part of the output of 'show protocols all' command.  <DT><CODE> <A NAME="proto-table"></A> table name</CODE><DD>Connect this protocol to a non-default routing table.  <DT><CODE> <A NAME="proto-vrf"></A> vrf "text"|default</CODE><DD>Associate the protocol with specific VRF. The protocol will be restricted to interfaces assigned to the VRF and will use sockets bound to the VRF. A corresponding VRF interface must exist on OS level. For kernel protocol, an appropriate table still must be explicitly selected by <CODE>table</CODE> option. By selecting <CODE>default</CODE>, the protocol is associated with the default VRF; i.e., it will be restricted to interfaces not assigned to any regular VRF. That is different from not specifying <CODE>vrf</CODE> at all, in which case the protocol may use any interface regardless of its VRF status. Note that for proper VRF support it is necessary to use Linux kernel version at least 4.14, older versions have limited VRF implementation. Before Linux kernel 5.0, a socket bound to a port in default VRF collide with others in regular VRFs. </DL>  There are several options that give sense only with certain protocols:  <DL> <DT><CODE> <A NAME="proto-iface"></A> interface [-] [ "mask" ] [ prefix ] [, ...] [ { option; [...] } ]</CODE><DD>Specifies a set of interfaces on which the protocol is activated with given interface-specific options. A set of interfaces specified by one interface option is described using an interface pattern. The interface pattern consists of a sequence of clauses (separated by commas), each clause is a mask specified as a shell-like pattern. Interfaces are matched by their name. An interface matches the pattern if it matches any of its clauses. If the clause begins with <CODE>-</CODE>, matching interfaces are excluded. Patterns are processed left-to-right, thus <CODE>interface "eth0", -"eth*", "*";</CODE> means eth0 and all non-ethernets. Some protocols (namely OSPFv2 and Direct) support extended clauses that may contain a mask, a prefix, or both of them. An interface matches such clause if its name matches the mask (if specified) and its address matches the prefix (if specified). Extended clauses are used when the protocol handles multiple addresses on an interface independently. An interface option can be used more times with different interface-specific options, in that case for given interface the first matching interface option is used. This option is allowed in Babel, BFD, Direct, OSPF, RAdv and RIP protocols, but in OSPF protocol it is used in the <CODE>area</CODE> subsection. Default: none. Examples: <CODE>interface "*" { type broadcast; };</CODE> - start the protocol on all interfaces with <CODE>type broadcast</CODE> option. <CODE>interface "eth1", "eth4", "eth5" { type ptp; };</CODE> - start the protocol on enumerated interfaces with <CODE>type ptp</CODE> option. <CODE>interface -192.168.1.0/24, 192.168.0.0/16;</CODE> - start the protocol on all interfaces that have address from 192.168.0.0/16, but not from 192.168.1.0/24. <CODE>interface -192.168.1.0/24, 192.168.0.0/16;</CODE> - start the protocol on all interfaces that have address from 192.168.0.0/16, but not from 192.168.1.0/24. <CODE>interface "eth*" 192.168.1.0/24;</CODE> - start the protocol on all ethernet interfaces that have address from 192.168.1.0/24.  <DT><CODE> <A NAME="proto-tx-class"></A> tx class|dscp num</CODE><DD>This option specifies the value of ToS/DS/Class field in IP headers of the outgoing protocol packets. This may affect how the protocol packets are processed by the network relative to the other network traffic. With <CODE>class</CODE> keyword, the value (0-255) is used for the whole ToS/Class octet (but two bits reserved for ECN are ignored). With <CODE>dscp</CODE> keyword, the value (0-63) is used just for the DS field in the octet. Default value is 0xc0 (DSCP 0x30 - CS6).  <DT><CODE> <A NAME="proto-tx-priority"></A> tx priority num</CODE><DD>This option specifies the local packet priority. This may affect how the protocol packets are processed in the local TX queues. This option is Linux specific. Default value is 7 (highest priority, privileged traffic).  <DT><CODE> <A NAME="proto-pass"></A> password "password" [ { password options } ]</CODE><DD>Specifies a password that can be used by the protocol as a shared secret key. Password option can be used more times to specify more passwords. If more passwords are specified, it is a protocol-dependent decision which one is really used. Specifying passwords does not mean that authentication is enabled, authentication can be enabled by separate, protocol-dependent <CODE>authentication</CODE> option. This option is allowed in BFD, OSPF and RIP protocols. BGP has also <CODE>password</CODE> option, but it is slightly different and described separately. Default: none. </DL>  Password option can contain section with some (not necessary all) password sub-options:  <DL> <DT><CODE> <A NAME="proto-pass-id"></A> id num</CODE><DD>ID of the password, (1-255). If it is not used, BIRD will choose ID based on an order of the password item in the interface. For example, second password item in one interface will have default ID 2. ID is used by some routing protocols to identify which password was used to authenticate protocol packets.  <DT><CODE> <A NAME="proto-pass-gen-from"></A> generate from "time"</CODE><DD>The start time of the usage of the password for packet signing. The format of <CODE>time</CODE> is <CODE>dd-mm-yyyy HH:MM:SS</CODE>.  <DT><CODE> <A NAME="proto-pass-gen-to"></A> generate to "time"</CODE><DD>The last time of the usage of the password for packet signing.  <DT><CODE> <A NAME="proto-pass-accept-from"></A> accept from "time"</CODE><DD>The start time of the usage of the password for packet verification.  <DT><CODE> <A NAME="proto-pass-accept-to"></A> accept to "time"</CODE><DD>The last time of the usage of the password for packet verification.  <DT><CODE> <A NAME="proto-pass-from"></A> from "time"</CODE><DD>Shorthand for setting both <CODE>generate from</CODE> and <CODE>accept from</CODE>.  <DT><CODE> <A NAME="proto-pass-to"></A> to "time"</CODE><DD>Shorthand for setting both <CODE>generate to</CODE> and <CODE>accept to</CODE>.  <DT><CODE> <A NAME="proto-pass-algorithm"></A> algorithm ( keyed md5 | keyed sha1 | hmac sha1 | hmac sha256 | hmac sha384 | hmac sha512 )</CODE><DD>The message authentication algorithm for the password when cryptographic authentication is enabled. The default value depends on the protocol. For RIP and OSPFv2 it is Keyed-MD5 (for compatibility), for OSPFv3 protocol it is HMAC-SHA-256.  </DL>  <HR> <A HREF="bird-4.html">Next</A> <A HREF="bird-2.html">Previous</A> <A HREF="bird.html#toc3">Contents</A> </BODY> </HTML>