BFD packets are sent with a dynamic source port number. Linux systems use by
default a bit different dynamic port range than the IANA approved one
(49152-65535). If you experience problems with compatibility, please adjust
-/proc/sys/net/ipv4/ip_local_port_range
+/proc/sys/net/ipv4/ip_local_port_range.
Note that to use BFD for other protocols like OSPF or BGP, these protocols
also have to be configured to request BFD sessions, usually by bfd option.
+
A BFD instance not associated with any VRF handles session requests from all
+other protocols, even ones associated with a VRF. Such setup would work for
+single-hop BFD sessions if net.ipv4.udp_l3mdev_accept sysctl is enabled,
+but does not currently work for multihop sessions. Another approach is to
+configure multiple BFD instances, one for each VRF (including the default VRF).
+Each BFD instance associated with a VRF (regular or default) only handles
+session requests from protocols in the same VRF.
+
Some of BFD session options require time value, which has to be specified
with the appropriate unit: num s|ms|us. Although microseconds
are allowed as units, practical minimum values are usually in order of tens of
@@ -325,7 +333,7 @@ offers better resistance to replay attacks but may req
computation.
password "text"Specifies a password used for authentication. See
-interface<@@ref>dsc-passpassword common option for detailed description. Note that
+password common option for detailed description. Note that
password option algorithm is not available in BFD protocol. The
algorithm is selected by authentication option for all passwords.
@@ -449,8 +457,9 @@ mandatory.
interface stringDefine interface we should use for link-local BGP IPv6 sessions.
Interface can also be specified as a part of neighbor address
-(e.g., neighbor fe80::1234%eth0 as 65000;). It is an error to use
-this parameter for non link-local sessions.
+(e.g., neighbor fe80::1234%eth0 as 65000;). The option may also be
+used for non link-local sessions when it is necessary to explicitly
+specify an interface, but only for direct (not multihop) sessions.
directSpecify that the neighbor is directly connected. The IP address of the @@ -530,12 +539,16 @@ immediately shut down. Note that this option cannot be multihop BGP. Default: disabled.
- bfd switchBGP could use BFD protocol as an advisory mechanism for neighbor + bfd switch|graceful
BGP could use BFD protocol as an advisory mechanism for neighbor
liveness and failure detection. If enabled, BIRD setups a BFD session
for the BGP neighbor and tracks its liveness by it. This has an
advantage of an order of magnitude lower detection times in case of
-failure. Note that BFD protocol also has to be configured, see
-BFD section for details. Default: disabled.
+failure. When a neighbor failure is detected, the BGP session is
+restarted. Optionally, it can be configured (by graceful argument)
+to trigger graceful restart instead of regular restart. Note that BFD
+protocol also has to be configured, see
+BFD
+section for details. Default: disabled.
ttl security switchUse GTSM (RFC 5082 - the generalized TTL security mechanism). GTSM @@ -611,6 +624,14 @@ TX direction. When active, all available routes accept filter are advertised to the neighbor. Default: off.
+ allow bgp_local_pref switchA standard BGP implementation do not send the Local Preference attribute +to eBGP neighbors and ignore this attribute if received from eBGP +neighbors, as per RFC 4271. When this option is enabled on an +eBGP session, this attribute will be sent to and accepted from the peer, +which is useful for example if you have a setup like in RFC 7938. +The option does not affect iBGP sessions. Default: off. +
+
allow local as [number]BGP prevents routing loops by rejecting received routes with the local
AS number in the AS path. This option allows to loose or disable the
check. Optional number argument can be used to specify the maximum
@@ -653,6 +674,25 @@ re-establish after a restart before deleting stale rou
120 seconds.
+ long lived graceful restart switch|awareThe long-lived graceful restart is an extension of the traditional +BGP graceful restart, where stale +routes are kept even after the +restart time expires for additional long-lived stale time, but +they are marked with the LLGR_STALE community, depreferenced, and +withdrawn from routers not supporting LLGR. Like traditional BGP +graceful restart, it has three states: disabled, aware (receiving-only), +and enabled. Note that long-lived graceful restart requires at least +aware level of traditional BGP graceful restart. Default: aware, unless +graceful restart is disabled. +
+
+ long lived stale time numberThe long-lived stale time is announced in the BGP long-lived graceful +restart capability and specifies how long the neighbor would keep stale +routes depreferenced during long-lived graceful restart until either the +session is re-stablished and synchronized or the stale time expires and +routes are removed. Default: 3600 seconds. +
+
interpret communities switchRFC 1997 demands that BGP speaker should process well-known communities like no-export (65535, 65281) or no-advertise (65535, 65282). For example, received route carrying a no-adverise community @@ -704,6 +744,18 @@ disable the instance automatically and wait for an adm the problem manually. Default: off.
+ disable after cease switch|set-of-flagsWhen a Cease notification is received, disable the instance
+automatically and wait for an administrator to fix the problem manually.
+When used with switch argument, it means handle every Cease subtype
+with the exception of connection collision. Default: off.
+
The set-of-flags allows to narrow down relevant Cease subtypes. The
+syntax is {flag [, ...] }, where flags are: cease,
+prefix limit hit, administrative shutdown,
+peer deconfigured, administrative reset,
+connection rejected, configuration change,
+connection collision, out of resources.
+
+
hold time numberTime in seconds to wait for a Keepalive message from the other side
before considering the connection stale. Default: depends on agreement
with the neighboring router, we prefer 240 seconds if the other side is
@@ -793,17 +845,17 @@ some of them (marked with `O') are option
- bgppath bgp_path/Sequence of AS numbers describing the AS path the packet will travel + bgppath bgp_path
Sequence of AS numbers describing the AS path the packet will travel through when forwarded according to the particular route. In case of internal BGP it doesn't contain the number of the local AS.
- int bgp_local_pref/ [I]Local preference value used for selection among multiple BGP routes (see + int bgp_local_pref [I]
Local preference value used for selection among multiple BGP routes (see the selection rules above). It's used as an additional metric which is propagated through the whole local AS.
- int bgp_med/ [O]The Multiple Exit Discriminator of the route is an optional attribute + int bgp_med [O]
The Multiple Exit Discriminator of the route is an optional attribute which is used on external (inter-AS) links to convey to an adjacent AS the optimal entry point into the local AS. The received attribute is also propagated over internal BGP links. The attribute value is zeroed @@ -814,25 +866,25 @@ external BGP instance. See enum bgp_origin/
Origin of the route: either ORIGIN_IGP if the route has originated
+ enum bgp_origin
Origin of the route: either ORIGIN_IGP if the route has originated
in an interior routing protocol or ORIGIN_EGP if it's been imported
from the EGP protocol (nowadays it seems to be obsolete) or
ORIGIN_INCOMPLETE if the origin is unknown.
- ip bgp_next_hop/Next hop to be used for forwarding of packets to this destination. On + ip bgp_next_hop
Next hop to be used for forwarding of packets to this destination. On internal BGP connections, it's an address of the originating router if it's inside the local AS or a boundary router the packet will leave the AS through if it's an exterior route, so each BGP speaker within the AS has a chance to use the shortest interior path possible to this point.
- void bgp_atomic_aggr/ [O]This is an optional attribute which carries no value, but the sole + void bgp_atomic_aggr [O]
This is an optional attribute which carries no value, but the sole presence of which indicates that the route has been aggregated from multiple routes by some router on the path from the originator.
- clist bgp_community/ [O]List of community values associated with the route. Each such value is a + clist bgp_community [O]
List of community values associated with the route. Each such value is a
pair (represented as a pair data type inside the filters) of 16-bit
integers, the first of them containing the number of the AS which
defines the community and the second one being a per-AS identifier.
@@ -843,14 +895,14 @@ freedom about which community attributes it defines an
semantics be.
- eclist bgp_ext_community/ [O]List of extended community values associated with the route. Extended + eclist bgp_ext_community [O]
List of extended community values associated with the route. Extended
communities have similar usage as plain communities, but they have an
extended range (to allow 4B ASNs) and a nontrivial structure with a type
field. Individual community values are represented using an ec data
type inside the filters.
- lclist bgp_large_community [O]List of large community values associated with the route. Large BGP + lclist bgp_large_community [O]
List of large community values associated with the route. Large BGP communities is another variant of communities, but contrary to extended communities they behave very much the same way as regular communities, just larger -- they are uniform untyped triplets of 32bit numbers. @@ -858,12 +910,12 @@ Individual community values are represented using an < inside the filters.
- quad bgp_originator_id/ [I, O]This attribute is created by the route reflector when reflecting the + quad bgp_originator_id [I, O]
This attribute is created by the route reflector when reflecting the route and contains the router ID of the originator of the route in the local AS.
- clist bgp_cluster_list/ [I, O]This attribute contains a list of cluster IDs of route reflectors. Each + clist bgp_cluster_list [I, O]
This attribute contains a list of cluster IDs of route reflectors. Each route reflector prepends its cluster ID when reflecting the route.
@@ -1106,29 +1158,29 @@ these attributes:
- int krt_source/The original source of the imported kernel route. The value is + int krt_source
The original source of the imported kernel route. The value is system-dependent. On Linux, it is a value of the protocol field of the route. See /etc/iproute2/rt_protos for common values. On BSD, it is based on STATIC and PROTOx flags. The attribute is read-only.
- int krt_metric/(Linux)
The kernel metric of the route. When multiple same routes are in a
kernel routing table, the Linux kernel chooses one with lower metric.
Note that preferred way to set kernel metric is to use protocol option
metric, unless per-route metric values are needed.
- ip krt_prefsrc/(Linux) The preferred source address. Used in source address selection for outgoing packets. Has to be one of the IP addresses of the router.
- int krt_realm/(Linux) The realm of the route. Can be used for traffic classification.
- int krt_scope/(Linux IPv4) The scope of the route. Valid values are 0-254, although Linux kernel may reject some values depending on route type and nexthop. It is supposed to represent `indirectness' of the route, where nexthops of @@ -1186,9 +1238,83 @@ protocol kernel { # Secondary routing ta
-
The MRT protocol is a component responsible for handling the Multi-Threaded +Routing Toolkit (MRT) routing information export format, which is mainly used +for collecting and analyzing of routing information from BGP routers. The MRT +protocol can be configured to do periodic dumps of routing tables, created MRT +files can be analyzed later by other tools. Independent MRT table dumps can also +be requested from BIRD client. There is also a feature to save incoming BGP +messages in MRT files, but it is controlled by +mrtdump options independently of MRT protocol, although that might +change in the future. +
BIRD implements the main MRT format specification as defined in RFC 6396 +and the ADD_PATH extension (RFC 8050). +
+
MRT configuration consists of several statements describing routing table
+dumps. Multiple independent periodic dumps can be done as multiple MRT protocol
+instances. There are two mandatory statements: filename and period.
+The behavior can be modified by following configuration parameters:
+
+
+ table name | "pattern"Specify a routing table (or a set of routing tables described by a +wildcard pattern) that are to be dumped by the MRT protocol instance. +Default: the master table. +
+
+ filter { filter commands }The MRT protocol allows to specify a filter that is applied to routes as +they are dumped. Rejected routes are ignored and not saved to the MRT +dump file. Default: no filter. +
+
+ where filter expressionAn alternative way to specify a filter for the MRT protocol. +
+
+ filename "filename"Specify a filename for MRT dump files. The filename may contain time +format sequences with strftime(3) notation (see man strftime +for details), there is also a sequence "%N" that is expanded to the name +of dumped table. Therefore, each periodic dump of each table can be +saved to a different file. Mandatory, see example below. +
+
+ period numberSpecify the time interval (in seconds) between periodic dumps. +Mandatory. +
+
+ always add path switchThe MRT format uses special records (specified in RFC 8050) for +routes received using BGP ADD_PATH extension to keep Path ID, while +other routes use regular records. This has advantage of better +compatibility with tools that do not know special records, but it loses +information about which route is the best route. When this option is +enabled, both ADD_PATH and non-ADD_PATH routes are stored in ADD_PATH +records and order of routes for network is preserved. Default: disabled. +
+
+
+protocol mrt {
+ table "tab*";
+ where source = RTS_BGP;
+ filename "/var/log/bird/%N_%F_%T.mrt";
+ period 300;
+}
+
++
+
Open Shortest Path First (OSPF) is a quite complex interior gateway @@ -1492,6 +1618,11 @@ neighbors on NBMA network. Default value is 20. updates. Default value is 5.
+ transmit delay numSpecifies estimated transmission delay of link state updates send over +the interface. The value is added to LSA age of LSAs propagated through +it. Default value is 1. +
+
priority numOn every multiple access network (e.g., the Ethernet) Designated Router and Backup Designated router are elected. These routers have some special functions in the flooding process. Higher priority increases preferences @@ -1754,7 +1885,7 @@ protocol ospf MyOSPF {
-
-
rdnss local option.
-dsc-iface
+
dnssl { options }DNSSL definitions allow to specify a list of advertised DNS search
domains together with their options. Like rdnss above, multiple
@@ -1938,7 +2070,7 @@ specifies one DNS search domain.
trigger prefix
RAdv protocol could be configured to change its behavior based on
availability of routes. When this option is used, the protocol waits in
suppressed state until a trigger route (for the specified network)
-is exported to the protocol, the protocol also returnsd to suppressed
+is exported to the protocol, the protocol also returns to suppressed
state if the trigger route disappears. Note that route export
depends on specified export filter, as usual. This option could be used,
e.g., for handling failover in multihoming scenarios.
@@ -1950,6 +2082,17 @@ lifetime) is zeroed, which means hosts cannot u
default router. preferred lifetime and valid lifetime could
also be configured as sensitive for a prefix, which would cause
autoconfigured IPs to be deprecated or even removed.
+
+
+ propagate routes switchThis option controls propagation of more specific routes, as defined in
+RFC 4191. If enabled, all routes exported to the RAdv protocol,
+with the exception of the trigger prefix, are added to advertisments as
+additional options. The lifetime and preference of advertised routes can
+be set individually by ra_lifetime and ra_preference route
+attributes, or per interface by route lifetime and
+route preference options. Default: disabled.
+
Note that the RFC discourages from sending more than 17 routes and +recommends the routes to be configured manually.
Interface specific options: @@ -1996,17 +2139,49 @@ unspecified. Default 0. hosts. Valid values are 0-255, 0 means unspecified. Default: 64
- default lifetime expr [sensitive switch]This option specifies the time (in seconds) how long (after the receipt + default lifetime expr [sensitive switch]
This option specifies the time (in seconds) how long (since the receipt
of RA) hosts may use the router as a default router. 0 means do not use
as a default router. For sensitive option, see
trigger.
Default: 3 * max ra interval, sensitive yes.
- default preference low|medium|highThis option specifies the Default Router Preference value to advertise + default preference low|medium|high
This option specifies the Default Router Preference value to advertise to hosts. Default: medium.
+ route lifetime expr [sensitive switch]This option specifies the default value of advertised lifetime for
+specific routes; i.e., the time (in seconds) for how long (since the
+receipt of RA) hosts should consider these routes valid. A special value
+0xffffffff represents infinity. The lifetime can be overriden on a per
+route basis by the
+ra_lifetime route
+attribute. Default: 3 * max ra interval, sensitive no.
+
For the sensitive option, see
+trigger.
+If sensitive is enabled, even the routes with the ra_lifetime
+attribute become sensitive to the trigger.
+
+
+ route preference low|medium|highThis option specifies the default value of advertised route preference +for specific routes. The value can be overriden on a per route basis by +the +ra_preference route attribute. +Default: medium. +
+
+ prefix linger time exprWhen a prefix or a route disappears, it is advertised for some time with
+zero lifetime, to inform clients it is no longer valid. This option
+specifies the time (in seconds) for how long prefixes are advertised
+that way. Default: 3 * max ra interval.
+
+
+ route linger time exprWhen a prefix or a route disappears, it is advertised for some time with
+zero lifetime, to inform clients it is no longer valid. This option
+specifies the time (in seconds) for how long routes are advertised
+that way. Default: 3 * max ra interval.
+
+
rdnss local switchUse only local (interface-specific) RDNSS definitions for this
interface. Otherwise, both global and local definitions are used. Could
also be used to disable RDNSS for given interface if no local definitons
@@ -2054,7 +2229,6 @@ see
sensitive no.
-
RDNSS specific options:
lifetime option above. Default: 3 * max ra interval.
+
RAdv defines two route attributes:
+
+ enum ra_preferenceThe preference of the route. The value can be RA_PREF_LOW, +RA_PREF_MEDIUM or RA_PREF_HIGH. If the attribute is not set, +the +route preference +option is used. +
+
+ int ra_lifetimeThe advertised lifetime of the route, in seconds. The special value of +0xffffffff represents infinity. If the attribute is not set, the +route lifetime +option is used. +
+table radv_routes; # Manually configured routes go here
+
+protocol static {
+ table radv_routes;
+
+ route 2001:0DB8:4000::/48 unreachable;
+ route 2001:0DB8:4010::/48 unreachable;
+
+ route 2001:0DB8:4020::/48 unreachable {
+ ra_preference = RA_PREF_HIGH;
+ ra_lifetime = 3600;
+ };
+}
+
protocol radv {
+ propagate routes yes; # Propagate the routes from the radv_routes table
+ table radv_routes;
+ export all;
+
interface "eth2" {
max ra interval 5; # Fast failover with more routers
managed yes; # Using DHCPv6 on eth2
@@ -2130,7 +2340,7 @@ protocol radv {
-
6.10 RIP
+ 6.11 RIP
Introduction
@@ -2365,13 +2575,13 @@ Default: no.
- int rip_metric/RIP metric of the route (ranging from 0 to infinity). When routes
+ int rip_metric
RIP metric of the route (ranging from 0 to infinity). When routes
from different RIP instances are available and all of them have the same
preference, BIRD prefers the route with lowest rip_metric. When a
non-RIP route is exported to RIP, the default metric is 1.
- int rip_tag/RIP route tag: a 16-bit number which can be used to carry additional + int rip_tag
RIP route tag: a 16-bit number which can be used to carry additional information with the route (for example, an originating AS number in case of external routes). When a non-RIP route is exported to RIP, the default tag is 0. @@ -2383,22 +2593,23 @@ default tag is 0.
protocol rip {
- debug all;
- port 1520;
- period 12;
- garbage time 60;
- interface "eth0" { metric 3; mode multicast; };
- interface "eth*" { metric 2; mode broadcast; };
- authentication cryptographic;
- password "secret-shared-key" { algorithm hmac sha256; };
- import filter { print "importing"; accept; };
- export filter { print "exporting"; accept; };
+ import all;
+ export all;
+ interface "eth*" {
+ metric 2;
+ port 1520;
+ mode multicast;
+ update time 12;
+ timeout time 60;
+ authentication cryptographic;
+ password "secret" { algorithm hmac sha256; };
+ };
}
-
The Static protocol doesn't communicate with other routers in the network,