@caption{Announcement processing inside a "normal" BGP speaker}
http://www.quagga.net is a routing software package that provides TCP/IP based routing services with routing protocols support such as RIPv1, RIPv2, RIPng, OSPFv2, OSPFv3, BGP-4, and BGP-4+ (see section 1.4 Supported RFCs). Quagga also supports special BGP Route Reflector and Route Server behavior. In addition to traditional IPv4 routing protocols, Quagga also supports IPv6 routing protocols. With SNMP daemon which supports SMUX protocol, Quagga provides routing protocol MIBs (see section 16. SNMP Support).
Quagga uses an advanced software architecture to provide you with a high quality, multi server routing engine. Quagga has an interactive user interface for each routing protocol and supports common client commands. Due to this design, you can add new protocol daemons to Quagga easily. You can use Quagga library as your program's client user interface.
Quagga is distributed under the GNU General Public License.
Today, TCP/IP networks are covering all of the world. The Internet has been deployed in many countries, companies, and to the home. When you connect to the Internet your packet will pass many routers which have TCP/IP routing functionality.
A system with Quagga installed acts as a dedicated router. With Quagga, your machine exchanges routing information with other routers using routing protocols. Quagga uses this information to update the kernel routing table so that the right data goes to the right place. You can dynamically change the configuration and you may view routing table information from the Quagga terminal interface.
Adding to routing protocol support, Quagga can setup interface's flags, interface's address, static routes and so on. If you have a small network, or a stub network, or xDSL connection, configuring the Quagga routing software is very easy. The only thing you have to do is to set up the interfaces and put a few commands about static routes and/or default routes. If the network is rather large, or if the network structure changes frequently, you will want to take advantage of Quagga's dynamic routing protocol support for protocols such as RIP, OSPF or BGP.
Traditionally, UNIX based router configuration is done by @command{ifconfig} and @command{route} commands. Status of routing table is displayed by @command{netstat} utility. Almost of these commands work only if the user has root privileges. Quagga has a different system administration method. There are two user modes in Quagga. One is normal mode, the other is enable mode. Normal mode user can only view system status, enable mode user can change system configuration. This UNIX account independent feature will be great help to the router administrator.
Currently, Quagga supports common unicast routing protocols. Multicast routing protocols such as BGMP, PIM-SM, PIM-DM may be supported in Quagga 2.0. MPLS support is going on. In the future, TCP/IP filtering control, QoS control, diffserv configuration will be added to Quagga. Quagga project's final goal is making a productive, quality, free TCP/IP routing software.
Traditional routing software is made as a one process program which provides all of the routing protocol functionalities. Quagga takes a different approach. It is made from a collection of several daemons that work together to build the routing table. There may be several protocol-specific routing daemons and zebra the kernel routing manager.
The @command{ripd} daemon handles the RIP protocol, while @command{ospfd} is a daemon which supports OSPF version 2. @command{bgpd} supports the BGP-4 protocol. For changing the kernel routing table and for redistribution of routes between different routing protocols, there is a kernel routing table manager @command{zebra} daemon. It is easy to add a new routing protocol daemons to the entire routing system without affecting any other software. You need to run only the protocol daemon associated with routing protocols in use. Thus, user may run a specific daemon and send routing reports to a central routing console.
There is no need for these daemons to be running on the same machine. You can even run several same protocol daemons on the same machine. This architecture creates new possibilities for the routing system.
+----+ +----+ +-----+ +-----+
|bgpd| |ripd| |ospfd| |zebra|
+----+ +----+ +-----+ +-----+
|
+---------------------------|--+
| v |
| UNIX Kernel routing table |
| |
+------------------------------+
Quagga System Architecture
Multi-process architecture brings extensibility, modularity and maintainability. At the same time it also brings many configuration files and terminal interfaces. Each daemon has it's own configuration file and terminal interface. When you configure a static route, it must be done in @command{zebra} configuration file. When you configure BGP network it must be done in @command{bgpd} configuration file. This can be a very annoying thing. To resolve the problem, Quagga provides integrated user interface shell called @command{vtysh}. @command{vtysh} connects to each daemon with UNIX domain socket and then works as a proxy for user input.
Quagga was planned to use multi-threaded mechanism when it runs with a kernel that supports multi-threads. But at the moment, the thread library which comes with GNU/Linux or FreeBSD has some problems with running reliable services such as routing software, so we don't use threads at all. Instead we use the @command{select(2)} system call for multiplexing the events.
Currently Quagga supports GNU/Linux, BSD and Solaris. Porting Quagga to other platforms is not too difficult as platform dependent code should most be limited to the @command{zebra} daemon. Protocol daemons are mostly platform independent. Please let us know when you find out Quagga runs on a platform which is not listed below.
The list of officially supported platforms are listed below. Note that Quagga may run correctly on other platforms, and may run with partial functionality on further platforms.
Below is the list of currently supported RFC's.
When SNMP support is enabled, below RFC is also supported.
The official Quagga web-site is located at:
and contains further information, as well as links to additional resources.
Quagga is a fork of GNU Zebra, whose web-site is located at:
There is a mailing list for discussions about Quagga. If you have any comments or suggestions to Quagga, please subscribe to:
http://lists.quagga.net/mailman/listinfo/quagga-users.
The http://www.quagga.net/ site has further information on the available mailing lists, see:
http://www.quagga.net/lists.php
If you think you have found a bug, please send a bug report to:
When you send a bug report, please be careful about the points below.
netstat -rn and ifconfig -a.
Information from zebra's VTY command show ip route will also be
helpful.
Bug reports are very important for us to improve the quality of Quagga. Quagga is still in the development stage, but please don't hesitate to send a bug report to http://bugzilla.quagga.net.
There are three steps for installing the software: configuration, compilation, and installation.
The easiest way to get Quagga running is to issue the following commands:
% configure % make % make install
Quagga has an excellent configure script which automatically detects most host configurations. There are several additional configure options you can use to turn off IPv6 support, to disable the compilation of specific daemons, and to enable SNMP support.
You may specify any combination of the above options to the configure script. By default, the executables are placed in `/usr/local/sbin' and the configuration files in `/usr/local/etc'. The `/usr/local/' installation prefix and other directories may be changed using the following options to the configuration script.
% ./configure --disable-ipv6
This command will configure zebra and the routing daemons.
Additionally, you may configure zebra to drop its elevated privileges shortly after startup and switch to another user. The configure script will automatically try to configure this support. There are three configure options to control the behaviour of Quagga daemons.
The default user and group which will be configured is 'quagga' if no user or group is specified. Note that this user or group requires write access to the local state directory (see --localstatedir) and requires at least read access, and write access if you wish to allow daemons to write out their configuration, to the configuration directory (see --sysconfdir).
On systems which have the 'libcap' capabilities manipulation library (currently only linux), the quagga system will retain only minimal capabilities required, further it will only raise these capabilities for brief periods. On systems without libcap, quagga will run as the user specified and only raise its uid back to uid 0 for brief periods.
There are several options available only to GNU/Linux systems: (1). If you use GNU/Linux, make sure that the current kernel configuration is what you want. Quagga will run with any kernel configuration but some recommendations do exist.
IPv6 support has been added in GNU/Linux kernel version 2.2. If you try to use the Quagga IPv6 feature on a GNU/Linux kernel, please make sure the following libraries have been installed. Please note that these libraries will not be needed when you uses GNU C library 2.1 or upper.
inet6-apps
inet6-apps package includes basic IPv6 related libraries such
as inet_ntop and inet_pton. Some basic IPv6 programs such
as @command{ping}, @command{ftp}, and @command{inetd} are also
included. The inet-apps can be found at
ftp://ftp.inner.net/pub/ipv6/.
net-tools
net-tools package provides an IPv6 enabled interface and
routing utility. It contains @command{ifconfig}, @command{route},
@command{netstat}, and other tools. net-tools may be found at
http://www.tazenda.demon.co.uk/phil/net-tools/.
After configuring the software, you will need to compile it for your system. Simply issue the command @command{make} in the root of the source directory and the software will be compiled. If you have *any* problems at this stage, be certain to send a bug report See section 1.7 Bug Reports.
% ./configure . . . ./configure output . . . % make
Installing the software to your system consists of copying the compiled programs and supporting files to a standard location. After the installation process has completed, these files have been copied from your work directory to `/usr/local/bin', and `/usr/local/etc'.
To install the Quagga suite, issue the following command at your shell prompt: @command{make install}.
% % make install %
Quagga daemons have their own terminal interface or VTY. After installation, you have to setup each beast's port number to connect to them. Please add the following entries to `/etc/services'.
zebrasrv 2600/tcp # zebra service zebra 2601/tcp # zebra vty ripd 2602/tcp # RIPd vty ripngd 2603/tcp # RIPngd vty ospfd 2604/tcp # OSPFd vty bgpd 2605/tcp # BGPd vty ospf6d 2606/tcp # OSPF6d vty ospfapi 2607/tcp # ospfapi isisd 2608/tcp # ISISd vty
If you use a FreeBSD newer than 2.2.8, the above entries are already added to `/etc/services' so there is no need to add it. If you specify a port number when starting the daemon, these entries may not be needed.
You may need to make changes to the config files in `/etc/quagga/*.conf'. See section 3.1 Config Commands.
There are five routing daemons in use, and there is one manager daemon. These daemons may be located on separate machines from the manager daemon. Each of these daemons will listen on a particular port for incoming VTY connections. The routing daemons are:
The following sections discuss commands common to all the routing daemons.
In a config file, you can write the debugging options, a vty's password, routing daemon configurations, a log file name, and so forth. This information forms the initial command set for a routing beast as it is starting.
Config files are generally found in:
Each of the daemons has its own config file. For example, zebra's default config file name is:
The daemon name plus `.conf' is the default config file name. You can specify a config file using the -f or --config-file options when starting the daemon.
no form of the command resets
the default level for future logging commands to debugging, but it does
not change the logging level of existing logging destinations.
log trap command) will be used.
The no form of the command disables logging to stdout.
The level argument must have one of these values:
emergencies, alerts, critical, errors, warnings, notifications, informational, or debugging. Note that the existing code logs its most important messages
with severity errors.
filename as
in this example:
log file /var/log/quagga/bgpd.log informational
If the optional second argument specifying the
logging level is not present, the default logging level (typically debugging,
but can be changed using the deprecated log trap command) will be used.
The no form of the command disables logging to a file.
Note: if you do not configure any file logging, and a daemon crashes due to a signal or an assertion failure, it will attempt to save the crash information in a file named /var/tmp/quagga.<daemon name>.crashlog. For security reasons, this will not happen if the file exists already, so it is important to delete the file after reporting the crash information.
log trap command) will be used.
The no form of the command disables logging to syslog.
terminal monitor command.
By default, monitor logging is enabled at the debugging level, but this
command (or the deprecated log trap command) can be used to change
the monitor logging level.
If the optional second argument specifying the
logging level is not present, the default logging level (typically debugging,
but can be changed using the deprecated log trap command) will be used.
The no form of the command disables logging to terminal monitors.
daemon. The no form of the command resets
the facility to the default daemon facility.
log record-priority global configuration command.
To disable this option, use the no form of the command. By default,
the severity level is not included in logged messages. Note: some
versions of syslogd (including Solaris) can be configured to include
the facility and level in the messages emitted.
no form of the command, or set the precision explicitly to 0.
log timestamp precision 3
In this example, the precision is set to provide timestamps with millisecond accuracy.
Below is a sample configuration file for the zebra daemon.
! ! Zebra configuration file ! hostname Router password zebra enable password zebra ! log stdout ! !
'!' and '#' are comment characters. If the first character of the word is one of the comment characters then from the rest of the line forward will be ignored as a comment.
password zebra!password
If a comment character is not the first character of the word, it's a normal character. So in the above example '!' will not be regarded as a comment and the password is set to 'zebra!password'.
These options apply to all Quagga daemons.
VTY -- Virtual Terminal [aka TeletYpe] Interface is a command line interface (CLI) for user interaction with the routing daemon.
VTY stands for Virtual TeletYpe interface. It means you can connect to the daemon via the telnet protocol.
To enable a VTY interface, you have to setup a VTY password. If there is no VTY password, one cannot connect to the VTY interface at all.
% telnet localhost 2601 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Hello, this is Quagga (version 0.99.7) Copyright (C) 1999-2005 Kunihiro Ishiguro, et al. User Access Verification Password: XXXXX Router> ? enable Turn on privileged commands exit Exit current mode and down to previous mode help Description of the interactive help system list Print command list show Show running system information who Display who is on a vty Router> enable Password: XXXXX Router# configure terminal Router(config)# interface eth0 Router(config-if)# ip address 10.0.0.1/8 Router(config-if)# ^Z Router#
'?' is very useful for looking up commands.
There are three basic VTY modes:
There are commands that may be restricted to specific VTY modes.
This mode is for read-only access to the CLI. One may exit the mode by
leaving the system, or by entering enable mode.
This mode is for read-write access to the CLI. One may exit the mode by leaving the system, or by escaping to view mode.
This page is for describing other modes.
Commands that you may use at the command-line are described in the following three subsubsections.
These commands are used for moving the CLI cursor. The C character means press the Control Key.
These commands are used for editing text on a line. The C character means press the Control Key.
There are several additional CLI commands for command line completions, insta-help, and VTY session management.
help at the beginning of
the line. Typing ? at any point in the line will show possible
completions.
@command{zebra} is an IP routing manager. It provides kernel routing table updates, interface lookups, and redistribution of routes between different routing protocols.
Besides the common invocation options (see section 3.3 Common Invocation Options), the @command{zebra} specific invocation options are listed below.
Static routing is a very fundamental feature of routing technology. It defines static prefix and gateway.
ip route 10.0.0.0/8 10.0.0.2 ip route 10.0.0.0/8 ppp0 ip route 10.0.0.0/8 null0
First example defines 10.0.0.0/8 static route with gateway 10.0.0.2. Second one defines the same prefix but with gateway to interface ppp0. The third install a blackhole route.
ip route 10.0.0.0 255.255.255.0 10.0.0.2 ip route 10.0.0.0 255.255.255.0 ppp0 ip route 10.0.0.0 255.255.255.0 null0
These statements are equivalent to those in the previous example.
Multiple nexthop static route
ip route 10.0.0.1/32 10.0.0.2 ip route 10.0.0.1/32 10.0.0.3 ip route 10.0.0.1/32 eth0
If there is no route to 10.0.0.2 and 10.0.0.3, and interface eth0 is reachable, then the last route is installed into the kernel.
If zebra has been compiled with multipath support, and both 10.0.0.2 and 10.0.0.3 are reachable, zebra will install a multipath route via both nexthops, if the platform supports this.
zebra> show ip route
S> 10.0.0.1/32 [1/0] via 10.0.0.2 inactive
via 10.0.0.3 inactive
* is directly connected, eth0
ip route 10.0.0.0/8 10.0.0.2 ip route 10.0.0.0/8 10.0.0.3 ip route 10.0.0.0/8 null0 255
This will install a multihop route via the specified next-hops if they are reachable, as well as a high-metric blackhole route, which can be useful to prevent traffic destined for a prefix to match less-specific routes (eg default) should the specified gateways not be reachable. Eg:
zebra> show ip route 10.0.0.0/8
Routing entry for 10.0.0.0/8
Known via "static", distance 1, metric 0
10.0.0.2 inactive
10.0.0.3 inactive
Routing entry for 10.0.0.0/8
Known via "static", distance 255, metric 0
directly connected, Null0
Router# show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
B - BGP * - FIB route.
K* 0.0.0.0/0 203.181.89.241
S 0.0.0.0/0 203.181.89.1
C* 127.0.0.0/8 lo
C* 203.181.89.240/28 eth0
RIP -- Routing Information Protocol is widely deployed interior gateway protocol. RIP was developed in the 1970s at Xerox Labs as part of the XNS routing protocol. RIP is a distance-vector protocol and is based on the Bellman-Ford algorithms. As a distance-vector protocol, RIP router send updates to its neighbors periodically, thus allowing the convergence to a known topology. In each update, the distance to any given network will be broadcasted to its neighboring router.
@command{ripd} supports RIP version 2 as described in RFC2453 and RIP version 1 as described in RFC1058.
The default configuration file name of @command{ripd}'s is `ripd.conf'. When invocation @command{ripd} searches directory /etc/quagga. If `ripd.conf' is not there next search current directory.
RIP uses UDP port 520 to send and receive RIP packets. So the user must have the capability to bind the port, generally this means that the user must have superuser privileges. RIP protocol requires interface information maintained by @command{zebra} daemon. So running @command{zebra} is mandatory to run @command{ripd}. Thus minimum sequence for running RIP is like below:
# zebra -d # ripd -d
Please note that @command{zebra} must be invoked before @command{ripd}.
To stop @command{ripd}. Please use @command{kill `cat /var/run/ripd.pid`}. Certain signals have special meaningss to @command{ripd}.
@command{ripd} invocation options. Common options that can be specified (see section 3.3 Common Invocation Options).
The netmask features of @command{ripd} support both version 1 and version 2 of RIP. Version 1 of RIP originally contained no netmask information. In RIP version 1, network classes were originally used to determine the size of the netmask. Class A networks use 8 bits of mask, Class B networks use 16 bits of masks, while Class C networks use 24 bits of mask. Today, the most widely used method of a network mask is assigned to the packet on the basis of the interface that received the packet. Version 2 of RIP supports a variable length subnet mask (VLSM). By extending the subnet mask, the mask can be divided and reused. Each subnet can be used for different purposes such as large to middle size LANs and WAN links. Quagga @command{ripd} does not support the non-sequential netmasks that are included in RIP Version 2.
In a case of similar information with the same prefix and metric, the old information will be suppressed. Ripd does not currently support equal cost multipath routing.
router rip command is necessary to enable RIP. To disable
RIP, use the no router rip command. RIP must be enabled before
carrying out any of the RIP commands.
This group of commands either enables or disables RIP interfaces between
certain numbers of a specified network address. For example, if the
network for 10.0.0.0/24 is RIP enabled, this would result in all the
addresses from 10.0.0.0 to 10.0.0.255 being enabled for RIP. The no
network command will disable RIP for the specified network.
network ifname command. The no network ifname command will disable
RIP on the specified interface.
no
neighbor a.b.c.d command will disable the RIP neighbor.
Below is very simple RIP configuration. Interface eth0 and
interface which address match to 10.0.0.0/8 are RIP enabled.
! router rip network 10.0.0.0/8 network eth0 !
Passive interface
neighbor command. The interface may be specified
as default to make ripd default to passive on all interfaces.
The default is to be passive on all interfaces.
RIP split-horizon
ip
split-horizon. If you don't perform split-horizon on the interface,
please specify no ip split-horizon.
RIP can be configured to send either Version 1 or Version 2 packets. The default is to send RIPv2 while accepting both RIPv1 and RIPv2 (and replying with packets of the appropriate version for REQUESTS / triggered updates). The version to receive and send can be specified globally, and further overriden on a per-interface basis if needs be for send and receive seperately (see below).
It is important to note that RIPv1 can not be authenticated. Further, if RIPv1 is enabled then RIP will reply to REQUEST packets, sending the state of its RIP routing table to any remote routers that ask on demand. For a more detailed discussion on the security implications of RIPv1 see section 5.9 RIP Authentication.
Disabling RIPv1 by specifying version 2 is STRONGLY encouraged, See section 5.9 RIP Authentication. This may become the default in a future release.
Default: Send Version 2, and accept either version.
This interface command overrides the global rip version setting, and selects which version of RIP to send packets with, for this interface specifically. Choice of RIP Version 1, RIP Version 2, or both versions. In the latter case, where `1 2' is specified, packets will be both broadcast and multicast.
Default: Send packets according to the global version (version 2)
This interface command overrides the global rip version setting, and selects which versions of RIP packets will be accepted on this interface. Choice of RIP Version 1, RIP Version 2, or both.
Default: Accept packets according to the global setting (both 1 and 2).
redistribute kernel redistributes routing information from
kernel route entries into the RIP tables. no redistribute kernel
disables the routes.
redistribute static redistributes routing information from
static route entries into the RIP tables. no redistribute static
disables the routes.
no
redistribute connected disables the connected routes in the RIP tables.
This command redistribute connected of the interface which RIP disabled.
The connected route on RIP enabled interface is announced by default.
redistribute ospf redistributes routing information from
ospf route entries into the RIP tables. no redistribute ospf
disables the routes.
redistribute bgp redistributes routing information from
bgp route entries into the RIP tables. no redistribute bgp
disables the routes.
If you want to specify RIP only static routes:
route command makes a static
route only inside RIP. This command should be used only by advanced
users who are particularly knowledgeable about the RIP protocol. In
most cases, we recommend creating a static route in Quagga and
redistributing it in RIP using redistribute static.
RIP routes can be filtered by a distribute-list.
distribute-list
command. access_list is the access list name. direct is
`in' or `out'. If direct is `in' the access list
is applied to input packets.
The distribute-list command can be used to filter the RIP path.
distribute-list can apply access-lists to a chosen interface.
First, one should specify the access-list. Next, the name of the
access-list is used in the distribute-list command. For example, in the
following configuration `eth0' will permit only the paths that
match the route 10.0.0.0/8
! router rip distribute-list private in eth0 ! access-list private permit 10 10.0.0.0/8 access-list private deny any !
distribute-list can be applied to both incoming and outgoing data.
distribute-list command. prefix_list is the prefix list
name. Next is the direction of `in' or `out'. If
direct is `in' the access list is applied to input packets.
RIP metric is a value for distance for the network. Usually @command{ripd} increment the metric when the network information is received. Redistributed routes' metric is set to 1.
Distance value is used in zebra daemon. Default RIP distance is 120.
Usage of @command{ripd}'s route-map support.
Optional argument route-map MAP_NAME can be added to each redistribute
statement.
redistribute static [route-map MAP_NAME] redistribute connected [route-map MAP_NAME] .....
Cisco applies route-map _before_ routes will exported to rip route table. In current Quagga's test implementation, @command{ripd} applies route-map after routes are listed in the route table and before routes will be announced to an interface (something like output filter). I think it is not so clear, but it is draft and it may be changed at future.
Route-map statement (see section 13. Route Map) is needed to use route-map functionality.
RIPv2 allows packets to be authenticated via either an insecure plain
text password, included with the packet, or via a more secure MD5 based
@acronym{HMAC, keyed-Hashing for Message AuthentiCation},
RIPv1 can not be authenticated at all, thus when authentication is
configured ripd will discard routing updates received via RIPv1
packets.
However, unless RIPv1 reception is disabled entirely,
See section 5.3 RIP Version Control, RIPv1 REQUEST packets which are received,
which query the router for routing information, will still be honoured
by ripd, and ripd WILL reply to such packets. This allows
ripd to honour such REQUESTs (which sometimes is used by old
equipment and very simple devices to bootstrap their default route),
while still providing security for route updates which are received.
In short: Enabling authentication prevents routes being updated by unauthenticated remote routers, but still can allow routes (I.e. the entire RIP routing table) to be queried remotely, potentially by anyone on the internet, via RIPv1.
To prevent such unauthenticated querying of routes disable RIPv1, See section 5.3 RIP Version Control.
! key chain test key 1 key-string test ! interface eth1 ip rip authentication mode md5 ip rip authentication key-chain test !
RIP protocol has several timers. User can configure those timers' values
by timers basic command.
The default settings for the timers are as follows:
The timers basic command allows the the default values of the timers
listed above to be changed.
no timers basic command will reset the timers to the default
settings listed above.
To display RIP routes.
The command displays all RIP routes. For routes that are received through RIP, this command will display the time the packet was sent and the tag information. This command will also display this information for routes redistributed into RIP.
ripd> show ip protocols
Routing Protocol is "rip"
Sending updates every 30 seconds with +/-50%, next due in 35 seconds
Timeout after 180 seconds, garbage collect after 120 seconds
Outgoing update filter list for all interface is not set
Incoming update filter list for all interface is not set
Default redistribution metric is 1
Redistributing: kernel connected
Default version control: send version 2, receive version 2
Interface Send Recv
Routing for Networks:
eth0
eth1
1.1.1.1
203.181.89.241
Routing Information Sources:
Gateway BadPackets BadRoutes Distance Last Update
Debug for RIP protocol.
debug rip will show RIP events. Sending and receiving
packets, timers, and changes in interfaces are events shown with @command{ripd}.
debug rip packet will display detailed information about the RIP
packets. The origin and port number of the packet as well as a packet
dump is shown.
This command will show the communication between @command{ripd} and @command{zebra}. The main information will include addition and deletion of paths to the kernel and the sending and receiving of interface information.
show debugging rip will show all information currently set for ripd
debug.
@command{ripngd} supports the RIPng protocol as described in RFC2080. It's an IPv6 reincarnation of the RIP protocol.
There are no ripngd specific invocation options. Common options
can be specified (see section 3.3 Common Invocation Options).
Currently ripngd supports the following commands:
distribute-list command. access_list is an access-list
name. direct is `in' or `out'. If direct is
`in', the access-list is applied only to incoming packets.
distribute-list local-only out sit1
@acronym{OSPF,Open Shortest Path First} version 2 is a routing protocol which is described in RFC2328, OSPF Version 2. OSPF is an @acronym{IGP,Interior Gateway Protocol}. Compared with @acronym{RIP}, @acronym{OSPF} can provide scalable network support and faster convergence times. OSPF is widely used in large networks such as @acronym{ISP,Internet Service Provider} backbone and enterprise networks.
There are no @command{ospfd} specific options. Common options can be specified (see section 3.3 Common Invocation Options) to @command{ospfd}. @command{ospfd} needs to acquire interface information from @command{zebra} in order to function. Therefore @command{zebra} must be running before invoking @command{ospfd}. Also, if @command{zebra} is restarted then @command{ospfd} must be too.
Like other daemons, @command{ospfd} configuration is done in @acronym{OSPF} specific configuration file `ospfd.conf'.
To start OSPF process you have to specify the OSPF router. As of this writing, @command{ospfd} does not support multiple OSPF processes.
The OSPF standard for ABR behaviour does not allow an ABR to consider routes through non-backbone areas when its links to the backbone are down, even when there are other ABRs in attached non-backbone areas which still can reach the backbone - this restriction exists primarily to ensure routing-loops are avoided.
With the "Cisco" or "IBM" ABR type, the default in this release of Quagga, this restriction is lifted, allowing an ABR to consider summaries learnt from other ABRs through non-backbone areas, and hence route via non-backbone areas as a last resort when, and only when, backbone links are down.
Note that areas with fully-adjacent virtual-links are considered to be "transit capable" and can always be used to route backbone traffic, and hence are unaffected by this setting (@xref{OSPF virtual-link}).
More information regarding the behaviour controlled by this command can be found in RFC 3509, Alternative Implementations of OSPF Area Border Routers, and draft-ietf-ospf-shortcut-abr-02.txt.
Quote: "Though the definition of the @acronym{ABR,Area Border Router} in the OSPF specification does not require a router with multiple attached areas to have a backbone connection, it is actually necessary to provide successful routing to the inter-area and external destinations. If this requirement is not met, all traffic destined for the areas not connected to such an ABR or out of the OSPF domain, is dropped. This document describes alternative ABR behaviors implemented in Cisco and IBM routers."
This command should NOT be set normally.
The delay specifies the minimum amount of time to delay SPF calculation (hence it affects how long SPF calculation is delayed after an event which occurs outside of the holdtime of any previous SPF calculation, and also serves as a minimum holdtime).
Consecutive SPF calculations will always be seperated by at least 'hold-time' milliseconds. The hold-time is adaptive and initially is set to the initial-holdtime configured with the above command. Events which occur within the holdtime of the previous SPF calculation will cause the holdtime to be increased by initial-holdtime, bounded by the maximum-holdtime configured with this command. If the adaptive hold-time elapses without any SPF-triggering event occuring then the current holdtime is reset to the initial-holdtime. The current holdtime can be viewed with @xref{show ip ospf}, where it is expressed as a multiplier of the initial-holdtime.
router ospf timers throttle spf 200 400 10000
In this example, the delay is set to 200ms, the initial holdtime is set to 400ms and the maximum holdtime to 10s. Hence there will always be at least 200ms between an event which requires SPF calculation and the actual SPF calculation. Further consecutive SPF calculations will always be seperated by between 400ms to 10s, the hold-time increasing by 400ms each time an SPF-triggering event occurs within the hold-time of the previous SPF calculation.
This command supercedes the @command{timers spf} command in previous Quagga releases.
This support may be enabled administratively (and indefinitely) or conditionally. Conditional enabling of max-metric router-lsas can be for a period of seconds after startup and/or for a period of seconds prior to shutdown.
Enabling this for a period after startup allows OSPF to converge fully first without affecting any existing routes used by other routers, while still allowing any connected stub links and/or redistributed routes to be reachable. Enabling this for a period of time in advance of shutdown allows the router to gracefully excuse itself from the OSPF domain.
Enabling this feature administratively allows for administrative intervention for whatever reason, for an indefinite period of time. Note that if the configuration is written to file, this administrative form of the stub-router command will also be written to file. If @command{ospfd} is restarted later, the command will then take effect until manually deconfigured.
Configured state of this feature as well as current status, such as the number of second remaining till on-startup or on-shutdown ends, can be viewed with the @xref{show ip ospf} command.
This configuration setting MUST be consistent across all routers within the OSPF domain.
router ospf network 192.168.1.0/24 area 0.0.0.0
Prefix length in interface must be equal or bigger (ie. smaller network) than prefix length in network statement. For example statement above doesn't enable ospf on interface with address 192.168.1.1/23, but it does on interface with address 192.168.1.129/25.
router ospf network 192.168.1.0/24 area 0.0.0.0 network 10.0.0.0/8 area 0.0.0.10 area 0.0.0.10 range 10.0.0.0/8
With configuration above one Type-3 Summary-LSA with routing info 10.0.0.0/8 is announced into backbone area if area 0.0.0.10 contains at least one intra-area network (ie. described with router or network LSA) from this range.
router ospf network 192.168.1.0/24 area 0.0.0.0 network 10.0.0.0/8 area 0.0.0.10 area 0.0.0.10 range 10.0.0.0/8 substitute 11.0.0.0/8
One Type-3 summary-LSA with routing info 11.0.0.0/8 is announced into backbone area if area 0.0.0.10 contains at least one intra-area network (ie. described with router-LSA or network-LSA) from range 10.0.0.0/8. This command makes sense in ABR only.
router ospf network 192.168.1.0/24 area 0.0.0.0 network 10.0.0.0/8 area 0.0.0.10 area 0.0.0.10 export-list foo ! access-list foo permit 10.10.0.0/16 access-list foo deny any
With example above any intra-area paths from area 0.0.0.10 and from range 10.10.0.0/16 (for example 10.10.1.0/24 and 10.10.2.128/30) are announced into other areas as Type-3 summary-LSA's, but any others (for example 10.11.0.0/16 or 10.128.30.16/30) aren't.
This command is only relevant if the router is an ABR for the specified area.
@anchor{area authentication message-digest}Specify that OSPF packets must be authenticated with MD5 HMACs within the given area. Keying material must also be configured on a per-interface basis (@xref{ip ospf message-digest-key}).
MD5 authentication may also be configured on a per-interface basis (@xref{ip ospf authentication message-digest}). Such per-interface settings will override any per-area authentication setting.
Simple text password authentication is insecure and deprecated in favour of MD5 HMAC authentication (@xref{ip ospf authentication message-digest}).
Note that OSPF MD5 authentication requires that time never go backwards (correct time is NOT important, only that it never goes backwards), even across resets, if ospfd is to be able to promptly reestabish adjacencies with its neighbours after restarts/reboots. The host should have system time be set at boot from an external or non-volatile source (eg battery backed clock, NTP, etc.) or else the system clock should be periodically saved to non-volative storage and restored at boot if MD5 authentication is to be expected to work reliably.
KEYID identifies secret key used to create the message digest. This ID is part of the protocol and must be consistent across routers on a link.
KEY is the actual message digest key, of up to 16 chars (larger strings will be truncated), and is associated with the given KEYID.
If 'minimal' is specified instead, then the dead-interval is set to 1 second and one must specify a hello-multiplier. The hello-multiplier specifies how many Hellos to send per second, from 2 (every 500ms) to 20 (every 50ms). Thus one can have 1s convergence time for OSPF. If this form is specified, then the hello-interval advertised in Hello packets is set to 0 and the hello-interval on received Hello packets is not checked, thus the hello-multiplier need NOT be the same across multiple routers on a common link.
This command has no effect if @xref{ip ospf dead-interval minimal} is also specified for the interface.
Redistributed routes are distributed as into OSPF as Type-5 External LSAs into links to areas that accept external routes, Type-7 External LSAs for NSSA areas and are not redistributed at all into Stub areas, where external routes are not permitted.
Note that for connected routes, one may instead use passive-interface, see @xref{OSPF passive-interface}.
A simple example, with MD5 authentication enabled:
! interface bge0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 ABCDEFGHIJK ! router ospf network 192.168.0.0/16 area 0.0.0.1 area 0.0.0.1 authentication message-digest
An @acronym{ABR} router, with MD5 authentication and performing summarisation of networks between the areas:
! password ABCDEF log file /var/log/quagga/ospfd.log service advanced-vty ! interface eth0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 ABCDEFGHIJK ! interface ppp0 ! interface br0 ip ospf authentication message-digest ip ospf message-digest-key 2 md5 XYZ12345 ! router ospf ospf router-id 192.168.0.1 redistribute connected passive interface ppp0 network 192.168.0.0/24 area 0.0.0.0 network 10.0.0.0/16 area 0.0.0.0 network 192.168.1.0/24 area 0.0.0.1 area 0.0.0.0 authentication message-digest area 0.0.0.0 range 10.0.0.0/16 area 0.0.0.0 range 192.168.0.0/24 area 0.0.0.1 authentication message-digest area 0.0.0.1 range 10.2.0.0/16 !
@command{ospf6d} is a daemon support OSPF version 3 for IPv6 network. OSPF for IPv6 is described in RFC2740.
Area support for OSPFv3 is not yet implemented.
Example of ospf6d configured on one interface and area:
interface eth0 ipv6 ospf6 instance-id 0 ! router ospf6 router-id 212.17.55.53 area 0.0.0.0 range 2001:770:105:2::/64 interface eth0 area 0.0.0.0 !
@acronym{BGP} stands for a Border Gateway Protocol. The lastest BGP version is 4. It is referred as BGP-4. BGP-4 is one of the Exterior Gateway Protocols and de-fact standard of Inter Domain routing protocol. BGP-4 is described in RFC1771, A Border Gateway Protocol 4 (BGP-4).
Many extensions have been added to RFC1771. RFC2858, Multiprotocol Extensions for BGP-4 provides multiprotocol support to BGP-4.
Default configuration file of @command{bgpd} is `bgpd.conf'. @command{bgpd} searches the current directory first then /etc/quagga/bgpd.conf. All of bgpd's command must be configured in `bgpd.conf'.
@command{bgpd} specific invocation options are described below. Common options may also be specified (see section 3.3 Common Invocation Options).
First of all you must configure BGP router with @command{router bgp} command. To configure BGP router, you need AS number. AS number is an identification of autonomous system. BGP protocol uses the AS number for detecting whether the BGP connection is internal one or external one.
BGP Commands. You can not
create different BGP process under different asn without
specifying multiple-instance (see section 9.13.1 Multiple instance).
router zebra is not enabled @command{bgpd} can't get interface information
so router-id is set to 0.0.0.0. So please set router-id by hand.
router bgp 1 network 10.0.0.0/8
This configuration example says that network 10.0.0.0/8 will be
announced to all neighbors. Some vendors' routers don't advertise
routes if they aren't present in their IGP routing tables; bgp
doesn't care about IGP routes when announcing its routes.
router bgp 1 neighbor 10.0.0.1 remote-as 2
In this case my router, in AS-1, is trying to peer with AS-2 at 10.0.0.1.
This command must be the first command used when configuring a neighbor. If the remote-as is not specified, @command{bgpd} will complain like this:
can't find neighbor 10.0.0.1
In a router bgp clause there are neighbor specific configurations
required.
no neighbor peer remote-as as-number but all
configuration of the neighbor will be deleted. When you want to
preserve the configuration, but want to drop the BGP peer, use this
syntax.
neighbor peer update-source command below.
This command is deprecated and may be removed in a future release. Its use should be avoided.
router bgp 64555 neighbor foo update-source 192.168.0.1 neighbor bar update-source lo0
in or
out.
The @acronym{AS,Autonomous System} number is one of the essential element of BGP. BGP is a distance vector routing protocol, and the AS-Path framework provides distance vector metric and loop detection to BGP. RFC1930, Guidelines for creation, selection, and registration of an Autonomous System (AS) provides some background on the concepts of an AS.
The AS number is a two octet value, ranging in value from 1 to 65535. The AS numbers 64512 through 65535 are defined as private AS numbers. Private AS numbers must not to be advertised in the global Internet.
AS path regular expression can be used for displaying BGP routes and
AS path access list. AS path regular expression is based on
POSIX 1003.2 regular expressions. Following description is
just a subset of POSIX regular expression. User can use full
POSIX regular expression. Adding to that special character '_'
is added for AS path regular expression.
.
*
+
?
^
$
_
_ has special meanings in AS path regular expression.
It matches to space and comma , and AS set delimiter { and } and AS
confederation delimiter ( and ). And it also matches to
the beginning of the line and the end of the line. So _ can be
used for AS value boundaries match. show ip bgp regexp _7675_
matches to all of BGP routes which as AS number include 7675.
To show BGP routes which has specific AS path information show
ip bgp command can be used.
AS path access list is user defined AS path.
BGP communities attribute is widely used for implementing policy routing. Network operators can manipulate BGP communities attribute based on their network policy. BGP communities attribute is defined in RFC1997, BGP Communities Attribute and RFC1998, An Application of the BGP Community Attribute in Multi-home Routing. It is an optional transitive attribute, therefore local policy can travel through different autonomous system.
Communities attribute is a set of communities values. Each communities value is 4 octet long. The following format is used to define communities value.
AS:VAL
AS is high
order 2 octet in digit format. VAL is low order 2 octet in
digit format. This format is useful to define AS oriented policy
value. For example, 7675:80 can be used when AS 7675 wants to
pass local policy value 80 to neighboring peer.
internet
internet represents well-known communities value 0.
no-export
no-export represents well-known communities value NO_EXPORTno-advertise
no-advertise represents well-known communities value
NO_ADVERTISElocal-AS
local-AS represents well-known communities value
NO_EXPORT_SUBCONFED (0xFFFFFF03). All routes carry this
value must not be advertised to external BGP peers. Even if the
neighboring router is part of confederation, it is considered as
external BGP peer, so the route will not be announced to the peer.
When BGP communities attribute is received, duplicated communities value in the communities attribute is ignored and each communities values are sorted in numerical order.
BGP community list is a user defined BGP communites attribute list. BGP community list can be used for matching or manipulating BGP communities attribute in updates.
There are two types of community list. One is standard community list and another is expanded community list. Standard community list defines communities attribute. Expanded community list defines communities attribute string with regular expression. Standard community list is compiled into binary format when user define it. Standard community list will be directly compared to BGP communities attribute in BGP updates. Therefore the comparison is faster than expanded community list.
# show ip community-list
Named Community standard list CLIST
permit 7675:80 7675:100 no-export
deny internet
Named Community expanded list EXPAND
permit :
# show ip community-list CLIST
Named Community standard list CLIST
permit 7675:80 7675:100 no-export
deny internet
When number is used for BGP community list name, the number has special meanings. Community list number in the range from 1 and 99 is standard community list. Community list number in the range from 100 to 199 is expanded community list. These community lists are called as numbered community lists. On the other hand normal community lists is called as named community lists.
In Route Map (see section 13. Route Map), we can match or set BGP communities attribute. Using this feature network operator can implement their network policy based on BGP communities attribute.
Following commands can be used in Route Map.
exact-match keyword is spcified, match happen only when BGP
updates have completely same communities value specified in the
community list.
none is specified as communities value, it removes entire
communities attribute from BGP updates. When community is not
none, specified communities value is set to BGP updates. If
BGP updates already has BGP communities value, the existing BGP
communities value is replaced with specified community value.
When additive keyword is specified, community is appended
to the existing communities value.
To show BGP routes which has specific BGP communities attribute,
show ip bgp command can be used. The community value and
community list can be used for show ip bgp command.
show ip bgp community displays BGP routes which has communities
attribute. When community is specified, BGP routes that matches
community value is displayed. For this command, internet
keyword can't be used for community value. When
exact-match is specified, it display only routes that have an
exact match.
exact-match is specified, display only routes
that have an exact match.
Following configuration is the most typical usage of BGP communities attribute. AS 7675 provides upstream Internet connection to AS 100. When following configuration exists in AS 7675, AS 100 networks operator can set local preference in AS 7675 network by setting BGP communities attribute to the updates.
router bgp 7675 neighbor 192.168.0.1 remote-as 100 neighbor 192.168.0.1 route-map RMAP in ! ip community-list 70 permit 7675:70 ip community-list 70 deny ip community-list 80 permit 7675:80 ip community-list 80 deny ip community-list 90 permit 7675:90 ip community-list 90 deny ! route-map RMAP permit 10 match community 70 set local-preference 70 ! route-map RMAP permit 20 match community 80 set local-preference 80 ! route-map RMAP permit 30 match community 90 set local-preference 90
Following configuration announce 10.0.0.0/8 from AS 100 to AS 7675. The route has communities value 7675:80 so when above configuration exists in AS 7675, announced route's local preference will be set to value 80.
router bgp 100 network 10.0.0.0/8 neighbor 192.168.0.2 remote-as 7675 neighbor 192.168.0.2 route-map RMAP out ! ip prefix-list PLIST permit 10.0.0.0/8 ! route-map RMAP permit 10 match ip address prefix-list PLIST set community 7675:80
Following configuration is an example of BGP route filtering using communities attribute. This configuration only permit BGP routes which has BGP communities value 0:80 or 0:90. Network operator can put special internal communities value at BGP border router, then limit the BGP routes announcement into the internal network.
router bgp 7675 neighbor 192.168.0.1 remote-as 100 neighbor 192.168.0.1 route-map RMAP in ! ip community-list 1 permit 0:80 0:90 ! route-map RMAP permit in match community 1
Following exmaple filter BGP routes which has communities value 1:1. When there is no match community-list returns deny. To avoid filtering all of routes, we need to define permit any at last.
router bgp 7675 neighbor 192.168.0.1 remote-as 100 neighbor 192.168.0.1 route-map RMAP in ! ip community-list standard FILTER deny 1:1 ip community-list standard FILTER permit ! route-map RMAP permit 10 match community FILTER
Communities value keyword internet has special meanings in
standard community lists. In below example internet act as
match any. It matches all of BGP routes even if the route does not
have communities attribute at all. So community list INTERNET
is same as above example's FILTER.
ip community-list standard INTERNET deny 1:1 ip community-list standard INTERNET permit internet
Following configuration is an example of communities value deletion.
With this configuration communities value 100:1 and 100:2 is removed
from BGP updates. For communities value deletion, only permit
community-list is used. deny community-list is ignored.
router bgp 7675 neighbor 192.168.0.1 remote-as 100 neighbor 192.168.0.1 route-map RMAP in ! ip community-list standard DEL permit 100:1 100:2 ! route-map RMAP permit 10 set comm-list DEL delete
BGP extended communities attribute is introduced with MPLS VPN/BGP technology. MPLS VPN/BGP expands capability of network infrastructure to provide VPN functionality. At the same time it requires a new framework for policy routing. With BGP Extended Communities Attribute we can use Route Target or Site of Origin for implementing network policy for MPLS VPN/BGP.
BGP Extended Communities Attribute is similar to BGP Communities Attribute. It is an optional transitive attribute. BGP Extended Communities Attribute can carry multiple Extended Community value. Each Extended Community value is eight octet length.
BGP Extended Communities Attribute provides an extended range compared with BGP Communities Attribute. Adding to that there is a type field in each value to provides community space structure.
There are two format to define Extended Community value. One is AS based format the other is IP address based format.
AS:VAL
AS part is 2 octets Global Administrator subfield in Extended
Community value. VAL part is 4 octets Local Administrator
subfield. 7675:100 represents AS 7675 policy value 100.
IP-Address:VAL
IP-Address part is 4 octets Global Administrator subfield.
VAL part is 2 octets Local Administrator subfield.
10.0.0.1:100 represents
Expanded Community Lists is a user defined BGP Expanded Community Lists.
# show ip extcommunity-list
BGP table version is 0, local router ID is 10.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 1.1.1.1/32 0.0.0.0 0 32768 i Total number of prefixes 1
When adding IPv6 routing information exchange feature to BGP. There were some proposals. @acronym{IETF,Internet Engineering Task Force} @acronym{IDR, Inter Domain Routing} @acronym{WG, Working group} adopted a proposal called Multiprotocol Extension for BGP. The specification is described in RFC2283. The protocol does not define new protocols. It defines new attributes to existing BGP. When it is used exchanging IPv6 routing information it is called BGP-4+. When it is used for exchanging multicast routing information it is called MBGP.
@command{bgpd} supports Multiprotocol Extension for BGP. So if remote peer supports the protocol, @command{bgpd} can exchange IPv6 and/or multicast routing information.
Traditional BGP did not have the feature to detect remote peer's capabilities, e.g. whether it can handle prefix types other than IPv4 unicast routes. This was a big problem using Multiprotocol Extension for BGP to operational network. RFC2842, Capabilities Advertisement with BGP-4 adopted a feature called Capability Negotiation. @command{bgpd} use this Capability Negotiation to detect the remote peer's capabilities. If the peer is only configured as IPv4 unicast neighbor, @command{bgpd} does not send these Capability Negotiation packets (at least not unless other optional BGP features require capability negotation).
By default, Quagga will bring up peering with minimal common capability for the both sides. For example, local router has unicast and multicast capabilitie and remote router has unicast capability. In this case, the local router will establish the connection with unicast only capability. When there are no common capabilities, Quagga sends Unsupported Capability error and then resets the connection.
If you want to completely match capabilities with remote peer. Please use @command{strict-capability-match} command.
You may want to disable sending Capability Negotiation OPEN message optional parameter to the peer when remote peer does not implement Capability Negotiation. Please use @command{dont-capability-negotiate} command to disable the feature.
When remote peer does not have capability negotiation feature, remote peer will not send any capabilities at all. In that case, bgp configures the peer with configured capabilities.
You may prefer locally configured capabilities more than the negotiated capabilities even though remote peer sends capabilities. If the peer is configured by @command{override-capability}, @command{bgpd} ignores received capabilities then override negotiated capabilities with configured values.
At an Internet Exchange point, many ISPs are connected to each other by external BGP peering. Normally these external BGP connection are done by `full mesh' method. As with internal BGP full mesh formation, this method has a scaling problem.
This scaling problem is well known. Route Server is a method to resolve the problem. Each ISP's BGP router only peers to Route Server. Route Server serves as BGP information exchange to other BGP routers. By applying this method, numbers of BGP connections is reduced from O(n*(n-1)/2) to O(n).
Unlike normal BGP router, Route Server must have several routing tables
for managing different routing policies for each BGP speaker. We call the
routing tables as different views. @command{bgpd} can work as
normal BGP router or Route Server or both at the same time.
To enable multiple view function of bgpd, you must turn on
multiple instance feature beforehand.
When you want to make configuration more Cisco like one,
When bgp config-type cisco is specified,
"no synchronization" is displayed. "no auto-summary" is desplayed.
"network" and "aggregate-address" argument is displayed as "A.B.C.D M.M.M.M"
Quagga: network 10.0.0.0/8 Cisco: network 10.0.0.0
Quagga: aggregate-address 192.168.0.0/24 Cisco: aggregate-address 192.168.0.0 255.255.255.0
Community attribute handling is also different. If there is no configuration is specified community attribute and extended community attribute are sent to neighbor. When user manually disable the feature community attribute is not sent to the neighbor. In case of @command{bgp config-type cisco} is specified, community attribute is not sent to the neighbor by default. To send community attribute user has to specify @command{neighbor A.B.C.D send-community} command.
! router bgp 1 neighbor 10.0.0.1 remote-as 1 no neighbor 10.0.0.1 send-community ! router bgp 1 neighbor 10.0.0.1 remote-as 1 neighbor 10.0.0.1 send-community !
BGP instance is a normal BGP process. The result of route selection goes to the kernel routing table. You can setup different AS at the same time when BGP multiple instance feature is enabled.
bgp multiple-instance ! router bgp 1 neighbor 10.0.0.1 remote-as 2 neighbor 10.0.0.2 remote-as 3 ! router bgp 2 neighbor 10.0.0.3 remote-as 4 neighbor 10.0.0.4 remote-as 5
BGP view is almost same as normal BGP process. The result of route selection does not go to the kernel routing table. BGP view is only for exchanging BGP routing information.
With this command, you can setup Route Server like below.
bgp multiple-instance ! router bgp 1 view 1 neighbor 10.0.0.1 remote-as 2 neighbor 10.0.0.2 remote-as 3 ! router bgp 2 view 2 neighbor 10.0.0.3 remote-as 4 neighbor 10.0.0.4 remote-as 5
You can set different routing policy for a peer. For example, you can set different filter for a peer.
bgp multiple-instance ! router bgp 1 view 1 neighbor 10.0.0.1 remote-as 2 neighbor 10.0.0.1 distribute-list 1 in ! router bgp 1 view 2 neighbor 10.0.0.1 remote-as 2 neighbor 10.0.0.1 distribute-list 2 in
This means BGP update from a peer 10.0.0.1 goes to both BGP view 1 and view 2. When the update is inserted into view 1, distribute-list 1 is applied. On the other hand, when the update is inserted into view 2, distribute-list 2 is applied.
To display routing table of BGP view, you must specify view name.
zebra configuration =================== ! ! Actually there is no need to configure zebra ! bgpd configuration ================== ! ! This means that routes go through zebra and into the kernel. ! router zebra ! ! MP-BGP configuration ! router bgp 7675 bgp router-id 10.0.0.1 neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 remote-as as-number ! address-family ipv6 network 3ffe:506::/32 neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 activate neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 route-map set-nexthop out neighbor 3ffe:1cfa:0:2:2c0:4fff:fe68:a231 remote-as as-number neighbor 3ffe:1cfa:0:2:2c0:4fff:fe68:a231 route-map set-nexthop out exit-address-family ! ipv6 access-list all permit any ! ! Set output nexthop address. ! route-map set-nexthop permit 10 match ipv6 address all set ipv6 nexthop global 3ffe:1cfa:0:2:2c0:4fff:fe68:a225 set ipv6 nexthop local fe80::2c0:4fff:fe68:a225 ! ! logfile FILENAME is obsolete. Please use log file FILENAME log file bgpd.log !
Example of a session to an upstream, advertising only one prefix to it.
router bgp 64512 bgp router-id 10.236.87.1 network 10.236.87.0/24 neighbor upstream peer-group neighbor upstream remote-as 64515 neighbor upstream capability dynamic neighbor upstream prefix-list pl-allowed-adv out neighbor 10.1.1.1 peer-group upstream neighbor 10.1.1.1 description ACME ISP ! ip prefix-list pl-allowed-adv seq 5 permit 82.195.133.0/25 ip prefix-list pl-allowed-adv seq 10 deny any
A more complex example. With upstream, peer and customer sessions. Advertising global prefixes and NO_EXPORT prefixes and providing actions for customer routes based on community values. Extensive use of route-maps and the 'call' feature to support selective advertising of prefixes. This example is intended as guidance only, it has NOT been tested and almost certainly containts silly mistakes, if not serious flaws.
router bgp 64512 bgp router-id 10.236.87.1 network 10.123.456.0/24 network 10.123.456.128/25 route-map rm-no-export neighbor upstream capability dynamic neighbor upstream route-map rm-upstream-out out neighbor cust capability dynamic neighbor cust route-map rm-cust-in in neighbor cust route-map rm-cust-out out neighbor cust send-community both neighbor peer capability dynamic neighbor peer route-map rm-peer-in in neighbor peer route-map rm-peer-out out neighbor peer send-community both neighbor 10.1.1.1 remote-as 64515 neighbor 10.1.1.1 peer-group upstream neighbor 10.2.1.1 remote-as 64516 neighbor 10.2.1.1 peer-group upstream neighbor 10.3.1.1 remote-as 64517 neighbor 10.3.1.1 peer-group cust-default neighbor 10.3.1.1 description customer1 neighbor 10.3.1.1 prefix-list pl-cust1-network in neighbor 10.4.1.1 remote-as 64518 neighbor 10.4.1.1 peer-group cust neighbor 10.4.1.1 prefix-list pl-cust2-network in neighbor 10.4.1.1 description customer2 neighbor 10.5.1.1 remote-as 64519 neighbor 10.5.1.1 peer-group peer neighbor 10.5.1.1 prefix-list pl-peer1-network in neighbor 10.5.1.1 description peer AS 1 neighbor 10.6.1.1 remote-as 64520 neighbor 10.6.1.1 peer-group peer neighbor 10.6.1.1 prefix-list pl-peer2-network in neighbor 10.6.1.1 description peer AS 2 ! ip prefix-list pl-default permit 0.0.0.0/0 ! ip prefix-list pl-upstream-peers permit 10.1.1.1/32 ip prefix-list pl-upstream-peers permit 10.2.1.1/32 ! ip prefix-list pl-cust1-network permit 10.3.1.0/24 ip prefix-list pl-cust1-network permit 10.3.2.0/24 ! ip prefix-list pl-cust2-network permit 10.4.1.0/24 ! ip prefix-list pl-peer1-network permit 10.5.1.0/24 ip prefix-list pl-peer1-network permit 10.5.2.0/24 ip prefix-list pl-peer1-network permit 192.168.0.0/24 ! ip prefix-list pl-peer2-network permit 10.6.1.0/24 ip prefix-list pl-peer2-network permit 10.6.2.0/24 ip prefix-list pl-peer2-network permit 192.168.1.0/24 ip prefix-list pl-peer2-network permit 192.168.2.0/24 ip prefix-list pl-peer2-network permit 172.16.1/24 ! ip as-path access-list asp-own-as permit ^$ ip as-path access-list asp-own-as permit _64512_ ! ! ################################################################# ! Match communities we provide actions for, on routes receives from ! customers. Communities values of <our-ASN>:X, with X, have actions: ! ! 100 - blackhole the prefix ! 200 - set no_export ! 300 - advertise only to other customers ! 400 - advertise only to upstreams ! 500 - set no_export when advertising to upstreams ! 2X00 - set local_preference to X00 ! ! blackhole the prefix of the route ip community-list standard cm-blackhole permit 64512:100 ! ! set no-export community before advertising ip community-list standard cm-set-no-export permit 64512:200 ! ! advertise only to other customers ip community-list standard cm-cust-only permit 64512:300 ! ! advertise only to upstreams ip community-list standard cm-upstream-only permit 64512:400 ! ! advertise to upstreams with no-export ip community-list standard cm-upstream-noexport permit 64512:500 ! ! set local-pref to least significant 3 digits of the community ip community-list standard cm-prefmod-100 permit 64512:2100 ip community-list standard cm-prefmod-200 permit 64512:2200 ip community-list standard cm-prefmod-300 permit 64512:2300 ip community-list standard cm-prefmod-400 permit 64512:2400 ip community-list expanded cme-prefmod-range permit 64512:2... ! ! Informational communities ! ! 3000 - learned from upstream ! 3100 - learned from customer ! 3200 - learned from peer ! ip community-list standard cm-learnt-upstream permit 64512:3000 ip community-list standard cm-learnt-cust permit 64512:3100 ip community-list standard cm-learnt-peer permit 64512:3200 ! ! ################################################################### ! Utility route-maps ! ! These utility route-maps generally should not used to permit/deny ! routes, i.e. they do not have meaning as filters, and hence probably ! should be used with 'on-match next'. These all finish with an empty ! permit entry so as not interfere with processing in the caller. ! route-map rm-no-export permit 10 set community additive no-export route-map rm-no-export permit 20 ! route-map rm-blackhole permit 10 description blackhole, up-pref and ensure it cant escape this AS set ip next-hop 127.0.0.1 set local-preference 10 set community additive no-export route-map rm-blackhole permit 20 ! ! Set local-pref as requested route-map rm-prefmod permit 10 match community cm-prefmod-100 set local-preference 100 route-map rm-prefmod permit 20 match community cm-prefmod-200 set local-preference 200 route-map rm-prefmod permit 30 match community cm-prefmod-300 set local-preference 300 route-map rm-prefmod permit 40 match community cm-prefmod-400 set local-preference 400 route-map rm-prefmod permit 50 ! ! Community actions to take on receipt of route. route-map rm-community-in permit 10 description check for blackholing, no point continuing if it matches. match community cm-blackhole call rm-blackhole route-map rm-community-in permit 20 match community cm-set-no-export call rm-no-export on-match next route-map rm-community-in permit 30 match community cme-prefmod-range call rm-prefmod route-map rm-community-in permit 40 ! ! ##################################################################### ! Community actions to take when advertising a route. ! These are filtering route-maps, ! ! Deny customer routes to upstream with cust-only set. route-map rm-community-filt-to-upstream deny 10 match community cm-learnt-cust match community cm-cust-only route-map rm-community-filt-to-upstream permit 20 ! ! Deny customer routes to other customers with upstream-only set. route-map rm-community-filt-to-cust deny 10 match community cm-learnt-cust match community cm-upstream-only route-map rm-community-filt-to-cust permit 20 ! ! ################################################################### ! The top-level route-maps applied to sessions. Further entries could ! be added obviously.. ! ! Customers route-map rm-cust-in permit 10 call rm-community-in on-match next route-map rm-cust-in permit 20 set community additive 64512:3100 route-map rm-cust-in permit 30 ! route-map rm-cust-out permit 10 call rm-community-filt-to-cust on-match next route-map rm-cust-out permit 20 ! ! Upstream transit ASes route-map rm-upstream-out permit 10 description filter customer prefixes which are marked cust-only call rm-community-filt-to-upstream on-match next route-map rm-upstream-out permit 20 description only customer routes are provided to upstreams/peers match community cm-learnt-cust ! ! Peer ASes ! outbound policy is same as for upstream route-map rm-peer-out permit 10 call rm-upstream-out ! route-map rm-peer-in permit 10 set community additive 64512:3200
The purpose of a Route Server is to centralize the peerings between BGP speakers. For example if we have an exchange point scenario with four BGP speakers, each of which maintaining a BGP peering with the other three (@xref{fig:full-mesh}), we can convert it into a centralized scenario where each of the four establishes a single BGP peering against the Route Server (@xref{fig:route-server}).
We will first describe briefly the Route Server model implemented by Quagga. We will explain the commands that have been added for configuring that model. And finally we will show a full example of Quagga configured as Route Server.
First we are going to describe the normal processing that BGP announcements suffer inside a standard BGP speaker, as shown in @xref{fig:normal-processing}, it consists of three steps:
@float Figure,fig:normal-processing
@caption{Announcement processing inside a "normal" BGP speaker}
@float Figure,fig:full-mesh
@caption{Full Mesh}
@float Figure,fig:route-server
@caption{Route Server and clients}
Of course we want that the routing tables obtained in each of the routers are the same when using the route server than when not. But as a consequence of having a single BGP peering (against the route server), the BGP speakers can no longer distinguish from/to which peer each announce comes/goes. @anchor{filter-delegation}This means that the routers connected to the route server are not able to apply by themselves the same input/output filters as in the full mesh scenario, so they have to delegate those functions to the route server.
Even more, the "best path" selection must be also performed inside the route server on behalf of its clients. The reason is that if, after applying the filters of the announcer and the (potential) receiver, the route server decides to send to some client two or more different announcements referred to the same destination, the client will only retain the last one, considering it as an implicit withdrawal of the previous announcements for the same destination. This is the expected behavior of a BGP speaker as defined in RFC1771, and even though there are some proposals of mechanisms that permit multiple paths for the same destination to be sent through a single BGP peering, none are currently supported by most existing BGP implementations.
As a consequence a route server must maintain additional information and perform additional tasks for a RS-client that those necessary for common BGP peerings. Essentially a route server must:
@anchor{Route Server tasks}
When we talk about the "appropriate" filter, both the announcer and the receiver of the route must be taken into account. Suppose that the route server receives an announcement from client A, and the route server is considering it for the Loc-RIB of client B. The filters that should be applied are the same that would be used in the full mesh scenario, i.e., first the `Out' filter of router A for announcements going to router B, and then the `In' filter of router B for announcements coming from router A.
We call "Export Policy" of a RS-client to the set of `Out' filters that the client would use if there was no route server. The same applies for the "Import Policy" of a RS-client and the set of `In' filters of the client if there was no route server.
It is also common to demand from a route server that it does not modify some BGP attributes (next-hop, as-path and MED) that are usually modified by standard BGP speakers before announcing a route.
The announcement processing model implemented by Quagga is shown in @xref{fig:rs-processing}. The figure shows a mixture of RS-clients (B, C and D) with normal BGP peers (A). There are some details that worth additional comments:
@float Figure,fig:rs-processing
@caption{Announcement processing model implemented by the Route Server}
Now we will describe the commands that have been added to quagga in order to support the route server features.
Actually this command is not new, it already existed in standard Quagga. It enables the transparent mode for the specified peer. This means that some BGP attributes (as-path, next-hop and MED) of the routes announced to that peer are not modified.
With the route server patch, this command, apart from setting the transparent mode, creates a new Loc-RIB dedicated to the specified peer (those named `Loc-RIB for X' in @xref{fig:rs-processing}.). Starting from that moment, every announcement received by the route server will be also considered for the new Loc-RIB.
The match peer statement has different semantics whether it is used inside an import or an export route-map. In the first case the statement matches if the address of the peer who sends the announce is the same that the address specified by {A.B.C.D|X:X::X:X}. For export route-maps it matches when {A.B.C.D|X:X::X:X} is the address of the RS-Client into whose Loc-RIB the announce is going to be inserted (how the same export policy is applied before different Loc-RIBs is shown in @xref{fig:rs-processing}.).
Finally we are going to show how to configure a Quagga daemon to act as a Route Server. For this purpose we are going to present a scenario without route server, and then we will show how to use the configurations of the BGP routers to generate the configuration of the route server.
All the configuration files shown in this section have been taken from scenarios which were tested using the VNUML tool VNUML.
We will suppose that our initial scenario is an exchange point with three BGP capable routers, named RA, RB and RC. Each of the BGP speakers generates some routes (with the network command), and establishes BGP peerings against the other two routers. These peerings have In and Out route-maps configured, named like "PEER-X-IN" or "PEER-X-OUT". For example the configuration file for router RA could be the following:
@exampleindent 0
#Configuration for router 'RA'
!
hostname RA
password ****
!
router bgp 65001
no bgp default ipv4-unicast
neighbor 2001:0DB8::B remote-as 65002
neighbor 2001:0DB8::C remote-as 65003
!
address-family ipv6
network 2001:0DB8:AAAA:1::/64
network 2001:0DB8:AAAA:2::/64
network 2001:0DB8:0000:1::/64
network 2001:0DB8:0000:2::/64
neighbor 2001:0DB8::B activate
neighbor 2001:0DB8::B soft-reconfiguration inbound
neighbor 2001:0DB8::B route-map PEER-B-IN in
neighbor 2001:0DB8::B route-map PEER-B-OUT out
neighbor 2001:0DB8::C activate
neighbor 2001:0DB8::C soft-reconfiguration inbound
neighbor 2001:0DB8::C route-map PEER-C-IN in
neighbor 2001:0DB8::C route-map PEER-C-OUT out
exit-address-family
!
ipv6 prefix-list COMMON-PREFIXES seq 5 permit 2001:0DB8:0000::/48 ge 64 le 64
ipv6 prefix-list COMMON-PREFIXES seq 10 deny any
!
ipv6 prefix-list PEER-A-PREFIXES seq 5 permit 2001:0DB8:AAAA::/48 ge 64 le 64
ipv6 prefix-list PEER-A-PREFIXES seq 10 deny any
!
ipv6 prefix-list PEER-B-PREFIXES seq 5 permit 2001:0DB8:BBBB::/48 ge 64 le 64
ipv6 prefix-list PEER-B-PREFIXES seq 10 deny any
!
ipv6 prefix-list PEER-C-PREFIXES seq 5 permit 2001:0DB8:CCCC::/48 ge 64 le 64
ipv6 prefix-list PEER-C-PREFIXES seq 10 deny any
!
route-map PEER-B-IN permit 10
match ipv6 address prefix-list COMMON-PREFIXES
set metric 100
route-map PEER-B-IN permit 20
match ipv6 address prefix-list PEER-B-PREFIXES
set community 65001:11111
!
route-map PEER-C-IN permit 10
match ipv6 address prefix-list COMMON-PREFIXES
set metric 200
route-map PEER-C-IN permit 20
match ipv6 address prefix-list PEER-C-PREFIXES
set community 65001:22222
!
route-map PEER-B-OUT permit 10
match ipv6 address prefix-list PEER-A-PREFIXES
!
route-map PEER-C-OUT permit 10
match ipv6 address prefix-list PEER-A-PREFIXES
!
line vty
!
To convert the initial scenario into one with route server, first we must modify the configuration of routers RA, RB and RC. Now they must not peer between them, but only with the route server. For example, RA's configuration would turn into:
# Configuration for router 'RA'
!
hostname RA
password ****
!
router bgp 65001
no bgp default ipv4-unicast
neighbor 2001:0DB8::FFFF remote-as 65000
!
address-family ipv6
network 2001:0DB8:AAAA:1::/64
network 2001:0DB8:AAAA:2::/64
network 2001:0DB8:0000:1::/64
network 2001:0DB8:0000:2::/64
neighbor 2001:0DB8::FFFF activate
neighbor 2001:0DB8::FFFF soft-reconfiguration inbound
exit-address-family
!
line vty
!
Which is logically much simpler than its initial configuration, as it now maintains only one BGP peering and all the filters (route-maps) have disappeared.
As we said when we described the functions of a route server (see section 10.1 Description of the Route Server model), it is in charge of all the route filtering. To achieve that, the In and Out filters from the RA, RB and RC configurations must be converted into Import and Export policies in the route server.
This is a fragment of the route server configuration (we only show the policies for client RA):
# Configuration for Route Server ('RS')
!
hostname RS
password ix
!
bgp multiple-instance
!
router bgp 65000 view RS
no bgp default ipv4-unicast
neighbor 2001:0DB8::A remote-as 65001
neighbor 2001:0DB8::B remote-as 65002
neighbor 2001:0DB8::C remote-as 65003
!
address-family ipv6
neighbor 2001:0DB8::A activate
neighbor 2001:0DB8::A route-server-client
neighbor 2001:0DB8::A route-map RSCLIENT-A-IMPORT import
neighbor 2001:0DB8::A route-map RSCLIENT-A-EXPORT export
neighbor 2001:0DB8::A soft-reconfiguration inbound
neighbor 2001:0DB8::B activate
neighbor 2001:0DB8::B route-server-client
neighbor 2001:0DB8::B route-map RSCLIENT-B-IMPORT import
neighbor 2001:0DB8::B route-map RSCLIENT-B-EXPORT export
neighbor 2001:0DB8::B soft-reconfiguration inbound
neighbor 2001:0DB8::C activate
neighbor 2001:0DB8::C route-server-client
neighbor 2001:0DB8::C route-map RSCLIENT-C-IMPORT import
neighbor 2001:0DB8::C route-map RSCLIENT-C-EXPORT export
neighbor 2001:0DB8::C soft-reconfiguration inbound
exit-address-family
!
ipv6 prefix-list COMMON-PREFIXES seq 5 permit 2001:0DB8:0000::/48 ge 64 le 64
ipv6 prefix-list COMMON-PREFIXES seq 10 deny any
!
ipv6 prefix-list PEER-A-PREFIXES seq 5 permit 2001:0DB8:AAAA::/48 ge 64 le 64
ipv6 prefix-list PEER-A-PREFIXES seq 10 deny any
!
ipv6 prefix-list PEER-B-PREFIXES seq 5 permit 2001:0DB8:BBBB::/48 ge 64 le 64
ipv6 prefix-list PEER-B-PREFIXES seq 10 deny any
!
ipv6 prefix-list PEER-C-PREFIXES seq 5 permit 2001:0DB8:CCCC::/48 ge 64 le 64
ipv6 prefix-list PEER-C-PREFIXES seq 10 deny any
!
route-map RSCLIENT-A-IMPORT permit 10
match peer 2001:0DB8::B
call A-IMPORT-FROM-B
route-map RSCLIENT-A-IMPORT permit 20
match peer 2001:0DB8::C
call A-IMPORT-FROM-C
!
route-map A-IMPORT-FROM-B permit 10
match ipv6 address prefix-list COMMON-PREFIXES
set metric 100
route-map A-IMPORT-FROM-B permit 20
match ipv6 address prefix-list PEER-B-PREFIXES
set community 65001:11111
!
route-map A-IMPORT-FROM-C permit 10
match ipv6 address prefix-list COMMON-PREFIXES
set metric 200
route-map A-IMPORT-FROM-C permit 20
match ipv6 address prefix-list PEER-C-PREFIXES
set community 65001:22222
!
route-map RSCLIENT-A-EXPORT permit 10
match peer 2001:0DB8::B
match ipv6 address prefix-list PEER-A-PREFIXES
route-map RSCLIENT-A-EXPORT permit 20
match peer 2001:0DB8::C
match ipv6 address prefix-list PEER-A-PREFIXES
!
...
...
...
If you compare the initial configuration of RA with the route server configuration above, you can see how easy it is to generate the Import and Export policies for RA from the In and Out route-maps of RA's original configuration.
When there was no route server, RA maintained two peerings, one with RB and another with RC. Each of this peerings had an In route-map configured. To build the Import route-map for client RA in the route server, simply add route-map entries following this scheme:
route-map <NAME> permit 10
match peer <Peer Address>
call <In Route-Map for this Peer>
route-map <NAME> permit 20
match peer <Another Peer Address>
call <In Route-Map for this Peer>
This is exactly the process that has been followed to generate the route-map RSCLIENT-A-IMPORT. The route-maps that are called inside it (A-IMPORT-FROM-B and A-IMPORT-FROM-C) are exactly the same than the In route-maps from the original configuration of RA (PEER-B-IN and PEER-C-IN), only the name is different.
The same could have been done to create the Export policy for RA (route-map RSCLIENT-A-EXPORT), but in this case the original Out route-maps where so simple that we decided not to use the call WORD commands, and we integrated all in a single route-map (RSCLIENT-A-EXPORT).
The Import and Export policies for RB and RC are not shown, but the process would be identical.
The current version of the route server patch only allows to specify a route-map for import and export policies, while in a standard BGP speaker apart from route-maps there are other tools for performing input and output filtering (access-lists, community-lists, ...). But this does not represent any limitation, as all kinds of filters can be included in import/export route-maps. For example suppose that in the non-route-server scenario peer RA had the following filters configured for input from peer B:
neighbor 2001:0DB8::B prefix-list LIST-1 in
neighbor 2001:0DB8::B filter-list LIST-2 in
neighbor 2001:0DB8::B route-map PEER-B-IN in
...
...
route-map PEER-B-IN permit 10
match ipv6 address prefix-list COMMON-PREFIXES
set local-preference 100
route-map PEER-B-IN permit 20
match ipv6 address prefix-list PEER-B-PREFIXES
set community 65001:11111
It is posible to write a single route-map which is equivalent to the three filters (the community-list, the prefix-list and the route-map). That route-map can then be used inside the Import policy in the route server. Lets see how to do it:
neighbor 2001:0DB8::A route-map RSCLIENT-A-IMPORT import
...
!
...
route-map RSCLIENT-A-IMPORT permit 10
match peer 2001:0DB8::B
call A-IMPORT-FROM-B
...
...
!
route-map A-IMPORT-FROM-B permit 1
match ipv6 address prefix-list LIST-1
match as-path LIST-2
on-match goto 10
route-map A-IMPORT-FROM-B deny 2
route-map A-IMPORT-FROM-B permit 10
match ipv6 address prefix-list COMMON-PREFIXES
set local-preference 100
route-map A-IMPORT-FROM-B permit 20
match ipv6 address prefix-list PEER-B-PREFIXES
set community 65001:11111
!
...
...
The route-map A-IMPORT-FROM-B is equivalent to the three filters (LIST-1, LIST-2 and PEER-B-IN). The first entry of route-map A-IMPORT-FROM-B (sequence number 1) matches if and only if both the prefix-list LIST-1 and the filter-list LIST-2 match. If that happens, due to the "on-match goto 10" statement the next route-map entry to be processed will be number 10, and as of that point route-map A-IMPORT-FROM-B is identical to PEER-B-IN. If the first entry does not match, `on-match goto 10" will be ignored and the next processed entry will be number 2, which will deny the route.
Thus, the result is the same that with the three original filters, i.e., if either LIST-1 or LIST-2 rejects the route, it does not reach the route-map PEER-B-IN. In case both LIST-1 and LIST-2 accept the route, it passes to PEER-B-IN, which can reject, accept or modify the route.
@command{vtysh} is integrated shell of Quagga software.
To use vtysh please specify --enable-vtysh to configure script. To use PAM for authentication use --with-libpam option to configure script.
vtysh only searches /etc/quagga path for vtysh.conf which is the vtysh configuration file. Vtysh does not search current directory for configuration file because the file includes user authentication settings.
Currently, vtysh.conf has only two commands.
With this set, user foo does not need password authentication for user vtysh. With PAM vtysh uses PAM authentication mechanism.
If vtysh is compiled without PAM authentication, every user can use vtysh without authentication. vtysh requires read/write permission to the various daemons vty sockets, this can be accomplished through use of unix groups and the --enable-vty-group configure option.
This command controls the behaviour of vtysh when it is told to write out the configuration. Per default, vtysh will instruct each daemon to write out their own config files when @command{write file} is issued. However, if @command{service integrated-vtysh-config} is set, when @command{write file} is issued, vtysh will instruct the daemons will write out a Quagga.conf with all daemons' commands integrated into it.
Vtysh per default behaves as if @command{write-conf daemon} is set. Note that both may be set at same time if one wishes to have both Quagga.conf and daemon specific files written out. Further, note that the daemons are hard-coded to first look for the integrated Quagga.conf file before looking for their own file.
We recommend you do not mix the use of the two types of files. Further, it is better not to use the integrated Quagga.conf file, as any syntax error in it can lead to /all/ of your daemons being unable to start up. Per daemon files are more robust as impact of errors in configuration are limited to the daemon in whose file the error is made.
Quagga provides many very flexible filtering features. Filtering is used for both input and output of the routing information. Once filtering is defined, it can be applied in any direction.
Basic filtering is done by access-list as shown in the
following example.
access-list filter deny 10.0.0.0/9 access-list filter permit 10.0.0.0/8
@command{ip prefix-list} provides the most powerful prefix based filtering mechanism. In addition to @command{access-list} functionality, @command{ip prefix-list} has prefix length range specification and sequential number specification. You can add or delete prefix based filters to arbitrary points of prefix-list using sequential number specification.
If no ip prefix-list is specified, it acts as permit. If @command{ip prefix-list} is defined, and no match is found, default deny is applied.
You can create @command{ip prefix-list} using above commands.
Less than or equal to prefix numbers and greater than or equal to prefix numbers can be used together. The order of the le and ge commands does not matter.
If a prefix list with a different sequential number but with the exact same rules as a previous list is created, an error will result. However, in the case that the sequential number and the rules are exactly similar, no error will result.
If a list with the same sequential number as a previous list is created, the new list will overwrite the old list.
Matching of IP Prefix is performed from the smaller sequential number to the larger. The matching will stop once any rule has been applied.
In the case of no le or ge command, the prefix length must match exactly the length specified in the prefix list.
Route maps provide a means to both filter and/or apply actions to route, hence allowing policy to be applied to routes.
Route-maps are an ordered list of route-map entries. Each entry may specify up to four distincts sets of clauses:
The default action of a route-map, if no entries match, is to deny. I.e. a route-map essentially has as its last entry an empty `deny' entry, which matches all routes. To change this behaviour, one must specify an empty `permit' entry as the last entry in the route-map.
To summarise the above:
@headitem
Configure the order'th entry in route-map-name with `Match Policy' of either permit or deny.
A simple example of a route-map:
route-map test permit 10 match ip address 10 set local-preference 200
This means that if a route matches ip access-list number 10 it's local-preference value is set to 200.
See section 9.16 BGP Configuration Examples for examples of more sophisticated useage of route-maps, including of the `call' action.
Quagga fully supports IPv6 routing. As described so far, Quagga supports
RIPng, OSPFv3 and BGP-4+. You can give IPv6 addresses to an interface
and configure static IPv6 routing information. Quagga IPv6 also provides
automatic address configuration via a feature called address
auto configuration. To do it, the router must send router advertisement
messages to the all nodes that exist on the network.
0xffffffff)).
Range: <0-4294967295> Default: 2592000
<0-4294967295> Default: 604800
Default: 600
Default: 600000
Default: 1800
3,600,000 milliseconds (1 hour).
Default: 0
Default: not set
Default: not set
Default: not set
Default: 0
Default: 0
Default: not set
interface eth0 no ipv6 nd suppress-ra ipv6 nd prefix 2001:0DB8:5009::/64
For more information see RFC2462 (IPv6 Stateless Address Autoconfiguration) , RFC2461 (Neighbor Discovery for IP Version 6 (IPv6)) and RFC3775 (Mobility Support in IPv6 (Mobile IPv6)).
There are several different methods for reading kernel routing table information, updating kernel routing tables, and for looking up interfaces.
netlink. It makes asynchronous
communication between kernel and Quagga possible, similar to a routing
socket on BSD systems.
Before you use this feature, be sure to select (in kernel configuration)
the kernel/netlink support option 'Kernel/User network link driver' and
'Routing messages'.
Today, the /dev/route special device file is obsolete. Netlink
communication is done by reading/writing over netlink socket.
After the kernel configuration, please reconfigure and rebuild Quagga.
You can use netlink as a dynamic routing update channel between Quagga
and the kernel.
@acronym{SNMP,Simple Network Managing Protocol} is a widely implemented feature for collecting network information from router and/or host. Quagga itself does not support SNMP agent (server daemon) functionality but is able to connect to a SNMP agent using the SMUX protocol (RFC1227) and make the routing protocol MIBs available through it.
There are several SNMP agent which support SMUX. We recommend to use the latest
version of net-snmp which was formerly known as ucd-snmp.
It is free and open software and available at http://www.net-snmp.org/
and as binary package for most Linux distributions.
net-snmp has to be compiled with --with-mib-modules=smux to
be able to accept connections from Quagga.
To enable SMUX protocol support, Quagga must have been build with the
--enable-snmp option.
A separate connection has then to be established between between the SNMP agent (snmpd) and each of the Quagga daemons. This connections each use different OID numbers and passwords. Be aware that this OID number is not the one that is used in queries by clients, it is solely used for the intercommunication of the daemons.
In the following example the ospfd daemon will be connected to the snmpd daemon using the password "quagga_ospfd". For testing it is recommending to take exactly the below snmpd.conf as wrong access restrictions can be hard to debug.
/etc/snmp/snmpd.conf: # # example access restrictions setup # com2sec readonly default public group MyROGroup v1 readonly view all included .1 80 access MyROGroup "" any noauth exact all none none # # the following line is relevant for Quagga # smuxpeer .1.3.6.1.4.1.3317.1.2.5 quagga_ospfd /etc/quagga/ospf: ! ... the rest of ospfd.conf has been omitted for clarity ... ! smux peer .1.3.6.1.4.1.3317.1.2.5 quagga_ospfd !
After restarting snmpd and quagga, a successful connection can be verified in the syslog and by querying the SNMP daemon:
snmpd[12300]: [smux_accept] accepted fd 12 from 127.0.0.1:36255 snmpd[12300]: accepted smux peer: \ oid GNOME-PRODUCT-ZEBRA-MIB::ospfd, quagga-0.96.5 # snmpwalk -c public -v1 localhost .1.3.6.1.2.1.14.1.1 OSPF-MIB::ospfRouterId.0 = IpAddress: 192.168.42.109
Be warned that the current version (5.1.1) of the Net-SNMP daemon writes a line
for every SNMP connect to the syslog which can lead to enormous log file sizes.
If that is a problem you should consider to patch snmpd and comment out the
troublesome snmp_log() line in the function
netsnmp_agent_check_packet() in agent/snmp_agent.c.
The following OID numbers are used for the interprocess communication of snmpd and the Quagga daemons. Sadly, SNMP has not been implemented in all daemons yet.
(OIDs below .iso.org.dod.internet.private.enterprises)
zebra .1.3.6.1.4.1.3317.1.2.1 .gnome.gnomeProducts.zebra.zserv
bgpd .1.3.6.1.4.1.3317.1.2.2 .gnome.gnomeProducts.zebra.bgpd
ripd .1.3.6.1.4.1.3317.1.2.3 .gnome.gnomeProducts.zebra.ripd
ospfd .1.3.6.1.4.1.3317.1.2.5 .gnome.gnomeProducts.zebra.ospfd
ospf6d .1.3.6.1.4.1.3317.1.2.6 .gnome.gnomeProducts.zebra.ospf6d
The following OID numbers are used for querying the SNMP daemon by a client:
zebra .1.3.6.1.2.1.4.24 .iso.org.dot.internet.mgmt.mib-2.ip.ipForward ospfd .1.3.6.1.2.1.14 .iso.org.dot.internet.mgmt.mib-2.ospf bgpd .1.3.6.1.2.1.15 .iso.org.dot.internet.mgmt.mib-2.bgp ripd .1.3.6.1.2.1.23 .iso.org.dot.internet.mgmt.mib-2.rip2 ospf6d .1.3.6.1.3.102 .iso.org.dod.internet.experimental.ospfv3
The following syntax is understood by the Quagga daemons for configuring SNMP:
To handle snmp traps make sure your snmp setup of quagga works correctly as described in the quagga documentation in See section 16. SNMP Support.
The BGP4 mib will send traps on peer up/down events. These should be visible in your snmp logs with a message similar to:
`snmpd[13733]: Got trap from peer on fd 14'
To react on these traps they should be handled by a trapsink. Configure your trapsink by adding the following lines to `/etc/snmpd/snmpd.conf':
# send traps to the snmptrapd on localhost trapsink localhost
This will send all traps to an snmptrapd running on localhost. You can of course also use a dedicated management station to catch traps. Configure the snmptrapd daemon by adding the following line to `/etc/snmpd/snmptrapd.conf':
traphandle .1.3.6.1.4.1.3317.1.2.2 /etc/snmp/snmptrap_handle.sh
This will use the bash script `/etc/snmp/snmptrap_handle.sh' to handle the BGP4 traps. To add traps for other protocol daemons, lookup their appropriate OID from their mib. (For additional information about which traps are supported by your mib, lookup the mib on http://www.oidview.com/mibs/detail.html).
Make sure snmptrapd is started.
The snmptrap_handle.sh script I personally use for handling BGP4 traps is below. You can of course do all sorts of things when handling traps, like sound a siren, have your display flash, etc., be creative ;).
@verbatim #!/bin/bash
# routers name ROUTER=`hostname -s`
#email address use to sent out notification EMAILADDR="john@doe.com" #email address used (allongside above) where warnings should be sent EMAILADDR_WARN="sms-john@doe.com"
# type of notification TYPE="Notice"
# local snmp community for getting AS belonging to peer COMMUNITY="<community>"
# if a peer address is in $WARN_PEERS a warning should be sent WARN_PEERS="192.0.2.1"
# get stdin INPUT=`cat -`
# get some vars from stdin uptime=`echo $INPUT | cut -d' ' -f5` peer=`echo $INPUT | cut -d' ' -f8 | sed -e 's/SNMPv2-SMI::mib-2.15.3.1.14.//g'` peerstate=`echo $INPUT | cut -d' ' -f13` errorcode=`echo $INPUT | cut -d' ' -f9 | sed -e 's/\"//g'` suberrorcode=`echo $INPUT | cut -d' ' -f10 | sed -e 's/\"//g'` remoteas=`snmpget -v2c -c $COMMUNITY localhost SNMPv2-SMI::mib-2.15.3.1.9.$peer | cut -d' ' -f4`
WHOISINFO=`whois -h whois.ripe.net " -r AS$remoteas" | egrep '(as-name|descr)'` asname=`echo "$WHOISINFO" | grep "^as-name:" | sed -e 's/^as-name://g' -e 's/ //g' -e 's/^ //g' | uniq` asdescr=`echo "$WHOISINFO" | grep "^descr:" | sed -e 's/^descr://g' -e 's/ //g' -e 's/^ //g' | uniq`
# if peer address is in $WARN_PEER, the email should also # be sent to $EMAILADDR_WARN for ip in $WARN_PEERS; do if [ "x$ip" == "x$peer" ]; then EMAILADDR="$EMAILADDR,$EMAILADDR_WARN" TYPE="WARNING" break fi done
# convert peer state case "$peerstate" in 1) peerstate="Idle" ;; 2) peerstate="Connect" ;; 3) peerstate="Active" ;; 4) peerstate="Opensent" ;; 5) peerstate="Openconfirm" ;; 6) peerstate="Established" ;; *) peerstate="Unknown" ;; esac
# get textual messages for errors case "$errorcode" in 00) error="No error" suberror="" ;; 01) error="Message Header Error" case "$suberrorcode" in 01) suberror="Connection Not Synchronized" ;; 02) suberror="Bad Message Length" ;; 03) suberror="Bad Message Type" ;; *) suberror="Unknown" ;; esac ;; 02) error="OPEN Message Error" case "$suberrorcode" in 01) suberror="Unsupported Version Number" ;; 02) suberror="Bad Peer AS" ;; 03) suberror="Bad BGP Identifier" ;; 04) suberror="Unsupported Optional Parameter" ;; 05) suberror="Authentication Failure" ;; 06) suberror="Unacceptable Hold Time" ;; *) suberror="Unknown" ;; esac ;; 03) error="UPDATE Message Error" case "$suberrorcode" in 01) suberror="Malformed Attribute List" ;; 02) suberror="Unrecognized Well-known Attribute" ;; 03) suberror="Missing Well-known Attribute" ;; 04) suberror="Attribute Flags Error" ;; 05) suberror="Attribute Length Error" ;; 06) suberror="Invalid ORIGIN Attribute" ;; 07) suberror="AS Routing Loop" ;; 08) suberror="Invalid NEXT_HOP Attribute" ;; 09) suberror="Optional Attribute Error" ;; 10) suberror="Invalid Network Field" ;; 11) suberror="Malformed AS_PATH" ;; *) suberror="Unknown" ;; esac ;; 04) error="Hold Timer Expired" suberror="" ;; 05) error="Finite State Machine Error" suberror="" ;; 06) error="Cease" case "$suberrorcode" in 01) suberror="Maximum Number of Prefixes Reached" ;; 02) suberror="Administratively Shutdown" ;; 03) suberror="Peer Unconfigured" ;; 04) suberror="Administratively Reset" ;; 05) suberror="Connection Rejected" ;; 06) suberror="Other Configuration Change" ;; 07) suberror="Connection collision resolution" ;; 08) suberror="Out of Resource" ;; 09) suberror="MAX" ;; *) suberror="Unknown" ;; esac ;; *) error="Unknown" suberror="" ;; esac
# create textual message from errorcodes if [ "x$suberror" == "x" ]; then NOTIFY="$errorcode ($error)" else NOTIFY="$errorcode/$suberrorcode ($error/$suberror)" fi
# form a decent subject SUBJECT="$TYPE: $ROUTER [bgp] $peer is $peerstate: $NOTIFY" # create the email body MAIL=`cat << EOF BGP notification on router $ROUTER. Peer: $peer AS: $remoteas New state: $peerstate Notification: $NOTIFY
Info: $asname $asdescr Snmpd uptime: $uptime EOF`
# mail the notification echo "$MAIL" | mail -s "$SUBJECT" $EMAILADDR
Zebra Protocol is used by protocol daemons to communicate with the zebra daemon.
Each protocol daemon may request and send information to and from the zebra daemon such as interface states, routing state, nexthop-validation, and so on. Protocol daemons may also install routes with zebra. The zebra daemon manages which route is installed into the forwarding table with the kernel.
Zebra Protocol is a streaming protocol, with a common header. Two versions of the header are in use. Version 0 is implicitely versioned. Version 1 has an explicit version field. Version 0 can be distinguished from all other versions by examining the 3rd byte of the header, which contains a marker value for all versions bar version 0. The marker byte corresponds to the command field in version 0, and the marker value is a reserved command in version 0.
We do not anticipate there will be further versions of the header for the foreseeable future, as the command field in version 1 is wide enough to allow for future extensions to done compatibly through seperate commands.
Version 0 is used by all versions of GNU Zebra as of this writing, and versions of Quagga up to and including Quagga 0.98. Version 1 will be used as of Quagga 1.0.
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-------------------------------+---------------+ | Length (2) | Command (1) | +-------------------------------+---------------+
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-------------------------------+---------------+-------------+ | Length (2) | Marker (1) | Version (1) | +-------------------------------+---------------+-------------+ | Command (2) | +-------------------------------+
@headitem Command
Quagga can dump routing protocol packet into file with a binary format (see section 9.15 Dump BGP packets and table).
It seems to be better that we share the MRT's header format for backward compatibility with MRT's dump logs. We should also define the binary format excluding the header, because we must support both IP v4 and v6 addresses as socket addresses and / or routing entries.
In the last meeting, we discussed to have a version field in the header. But Masaki told us that we can define new `type' value rather than having a `version' field, and it seems to be better because we don't need to change header format.
Here is the common header format. This is same as that of MRT.
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Time | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Subtype | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
If `type' is PROTOCOL_BGP4MP, `subtype' is BGP4MP_STATE_CHANGE, and Address Family == IP (version 4)
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source AS number | Destination AS number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Interface Index | Address Family | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source IP address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Destination IP address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Old State | New State | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Where State is the value defined in RFC1771.
If `type' is PROTOCOL_BGP4MP, `subtype' is BGP4MP_STATE_CHANGE, and Address Family == IP version 6
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source AS number | Destination AS number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Interface Index | Address Family | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source IP address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source IP address (Cont'd) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source IP address (Cont'd) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source IP address (Cont'd) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Destination IP address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Destination IP address (Cont'd) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Destination IP address (Cont'd) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Destination IP address (Cont'd) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Old State | New State | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
If `type' is PROTOCOL_BGP4MP, `subtype' is BGP4MP_MESSAGE, and Address Family == IP (version 4)
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source AS number | Destination AS number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Interface Index | Address Family | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source IP address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Destination IP address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | BGP Message Packet | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Where BGP Message Packet is the whole contents of the BGP4 message including header portion.
If `type' is PROTOCOL_BGP4MP, `subtype' is BGP4MP_MESSAGE, and Address Family == IP version 6
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source AS number | Destination AS number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Interface Index | Address Family | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source IP address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source IP address (Cont'd) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source IP address (Cont'd) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source IP address (Cont'd) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Destination IP address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Destination IP address (Cont'd) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Destination IP address (Cont'd) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Destination IP address (Cont'd) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | BGP Message Packet | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
If `type' is PROTOCOL_BGP4MP, `subtype' is BGP4MP_ENTRY, and Address Family == IP (version 4)
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | View # | Status | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Time Last Change | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Address Family | SAFI | Next-Hop-Len | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Hop Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Prefix Length | Address Prefix [variable] | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Attribute Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | BGP Attribute [variable length] | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
If `type' is PROTOCOL_BGP4MP, `subtype' is BGP4MP_ENTRY, and Address Family == IP version 6
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | View # | Status | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Time Last Change | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Address Family | SAFI | Next-Hop-Len | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Hop Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Hop Address (Cont'd) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Hop Address (Cont'd) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Hop Address (Cont'd) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Prefix Length | Address Prefix [variable] | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Address Prefix (cont'd) [variable] | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Attribute Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | BGP Attribute [variable length] | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
BGP4 Attribute must not contain MP_UNREACH_NLRI. If BGP Attribute has MP_REACH_NLRI field, it must has zero length NLRI, e.g., MP_REACH_NLRI has only Address Family, SAFI and next-hop values.
If `type' is PROTOCOL_BGP4MP and `subtype' is BGP4MP_SNAPSHOT,
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | View # | File Name [variable] | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The file specified in "File Name" contains all routing entries, which are in the format of "subtype == BGP4MP_ENTRY".
Constants: /* type value */ #define MSG_PROTOCOL_BGP4MP 16 /* subtype value */ #define BGP4MP_STATE_CHANGE 0 #define BGP4MP_MESSAGE 1 #define BGP4MP_ENTRY 2 #define BGP4MP_SNAPSHOT 3
Jump to: a - b - c - d - e - f - h - i - l - m - n - o - p - r - s - t - u - v - w
Jump to: ? - c - d - l - m - r - t - u
Jump to: a - b - c - d - e - f - g - h - i - l - m - o - q - r - s
./configure
This document was generated on 24 May 2007 using texi2html 1.56k.