Next Previous Contents

1. Introduction

1.1 What is BIRD

The name `BIRD' is actually an acronym standing for `BIRD Internet Routing Daemon'. Let's take a closer look at the meaning of the name:

BIRD: Well, we think we have already explained that. It's an acronym standing for `BIRD Internet Routing Daemon', you remember, don't you? :-)

Internet Routing: It's a program (well, a daemon, as you are going to discover in a moment) which works as a dynamic router in an Internet type network (that is, in a network running either the IPv4 or the IPv6 protocol). Routers are devices which forward packets between interconnected networks in order to allow hosts not connected directly to the same local area network to communicate with each other. They also communicate with the other routers in the Internet to discover the topology of the network which allows them to find optimal (in terms of some metric) rules for forwarding of packets (which are called routing tables) and to adapt themselves to the changing conditions such as outages of network links, building of new connections and so on. Most of these routers are costly dedicated devices running obscure firmware which is hard to configure and not open to any changes (on the other hand, their special hardware design allows them to keep up with lots of high-speed network interfaces, better than general-purpose computer does). Fortunately, most operating systems of the UNIX family allow an ordinary computer to act as a router and forward packets belonging to the other hosts, but only according to a statically configured table.

A Routing Daemon is in UNIX terminology a non-interactive program running on background which does the dynamic part of Internet routing, that is it communicates with the other routers, calculates routing tables and sends them to the OS kernel which does the actual packet forwarding. There already exist other such routing daemons: routed (RIP only), GateD (non-free), Zebra and MRTD, but their capabilities are limited and they are relatively hard to configure and maintain.

BIRD is an Internet Routing Daemon designed to avoid all of these shortcomings, to support all the routing technology used in the today's Internet or planned to be used in near future and to have a clean extensible architecture allowing new routing protocols to be incorporated easily. Among other features, BIRD supports:

BIRD has been developed at the Faculty of Math and Physics, Charles University, Prague, Czech Republic as a student project. It can be freely distributed under the terms of the GNU General Public License.

BIRD has been designed to work on all UNIX-like systems. It has been developed and tested under Linux 2.0 to 2.6, and then ported to FreeBSD, NetBSD and OpenBSD, porting to other systems (even non-UNIX ones) should be relatively easy due to its highly modular architecture.

BIRD supports either IPv4 or IPv6 protocol, but have to be compiled separately for each one. Therefore, a dualstack router would run two instances of BIRD (one for IPv4 and one for IPv6), with completely separate setups (configuration files, tools ...).

1.2 Installing BIRD

On a recent UNIX system with GNU development tools (GCC, binutils, m4, make) and Perl, installing BIRD should be as easy as:


        ./configure
        make
        make install
        vi /usr/local/etc/bird.conf
        bird

You can use ./configure --help to get a list of configure options. The most important ones are: --enable-ipv6 which enables building of an IPv6 version of BIRD, --with-protocols= to produce a slightly smaller BIRD executable by configuring out routing protocols you don't use, and --prefix= to install BIRD to a place different from /usr/local.

1.3 Running BIRD

You can pass several command-line options to bird:

-c config name

use given configuration file instead of prefix/etc/bird.conf.

-d

enable debug messages and run bird in foreground.

-D filename of debug log

log debugging information to given file instead of stderr.

-f

run bird in foreground.

-g group

use that group ID, see the next section for details.

-h, --help

display command-line options to bird.

-l

look for a configuration file and a communication socket in the current working directory instead of in default system locations. However, paths specified by options -c, -s have higher priority.

-p

just parse the config file and exit. Return value is zero if the config file is valid, nonzero if there are some errors.

-P name of PID file

create a PID file with given filename.

-R

apply graceful restart recovery after start.

-s name of communication socket

use given filename for a socket for communications with the client, default is prefix/var/run/bird.ctl.

-u user

drop privileges and use that user ID, see the next section for details.

--version

display bird version.

BIRD writes messages about its work to log files or syslog (according to config).

1.4 Privileges

BIRD, as a routing daemon, uses several privileged operations (like setting routing table and using raw sockets). Traditionally, BIRD is executed and runs with root privileges, which may be prone to security problems. The recommended way is to use a privilege restriction (options -u, -g). In that case BIRD is executed with root privileges, but it changes its user and group ID to an unprivileged ones, while using Linux capabilities to retain just required privileges (capabilities CAP_NET_*). Note that the control socket is created before the privileges are dropped, but the config file is read after that. The privilege restriction is not implemented in BSD port of BIRD.

An unprivileged user (as an argument to -u options) may be the user nobody, but it is suggested to use a new dedicated user account (like bird). The similar considerations apply for the group option, but there is one more condition -- the users in the same group can use birdc to control BIRD.

Finally, there is a possibility to use external tools to run BIRD in an environment with restricted privileges. This may need some configuration, but it is generally easy -- BIRD needs just the standard library, privileges to read the config file and create the control socket and the CAP_NET_* capabilities.


Next Previous Contents