1 This is quagga.info, produced by makeinfo version 6.3 from quagga.texi.
3 Copyright (C) 1999-2005 Kunihiro Ishiguro, et al.
5 Permission is granted to make and distribute verbatim copies of
6 this manual provided the copyright notice and this permission
7 notice are preserved on all copies.
9 Permission is granted to copy and distribute modified versions of
10 this manual under the conditions for verbatim copying, provided
11 that the entire resulting derived work is distributed under the
12 terms of a permission notice identical to this one.
14 Permission is granted to copy and distribute translations of this
15 manual into another language, under the above conditions for
16 modified versions, except that this permission notice may be stated
17 in a translation approved by Kunihiro Ishiguro.
18 INFO-DIR-SECTION Routing Software:
20 * Quagga: (quagga). The Quagga Software Routing Suite
23 This file documents the Quagga Software Routing Suite which manages
24 common TCP/IP routing protocols.
26 This is Edition 1.2.3, last updated 4 February 2018 of 'The Quagga
27 Manual', for Quagga Version 1.2.3.
29 Copyright (C) 1999-2005 Kunihiro Ishiguro, et al.
31 Permission is granted to make and distribute verbatim copies of
32 this manual provided the copyright notice and this permission
33 notice are preserved on all copies.
35 Permission is granted to copy and distribute modified versions of
36 this manual under the conditions for verbatim copying, provided
37 that the entire resulting derived work is distributed under the
38 terms of a permission notice identical to this one.
40 Permission is granted to copy and distribute translations of this
41 manual into another language, under the above conditions for
42 modified versions, except that this permission notice may be stated
43 in a translation approved by Kunihiro Ishiguro.
46 File: quagga.info, Node: Top, Next: Overview, Up: (dir)
51 Quagga is an advanced routing software package that provides a suite of
52 TCP/IP based routing protocols. This is the Manual for Quagga 1.2.3.
53 Quagga is a fork of GNU Zebra.
55 Copyright (C) 1999-2005 Kunihiro Ishiguro, et al.
57 Permission is granted to make and distribute verbatim copies of
58 this manual provided the copyright notice and this permission
59 notice are preserved on all copies.
61 Permission is granted to copy and distribute modified versions of
62 this manual under the conditions for verbatim copying, provided
63 that the entire resulting derived work is distributed under the
64 terms of a permission notice identical to this one.
66 Permission is granted to copy and distribute translations of this
67 manual into another language, under the above conditions for
68 modified versions, except that this permission notice may be stated
69 in a translation approved by Kunihiro Ishiguro.
84 * Configuring Quagga as a Route Server::
92 * Packet Binary Dump Format::
98 File: quagga.info, Node: Overview, Next: Installation, Prev: Top, Up: Top
103 Quagga is a routing software package that provides TCP/IP based routing
104 services with routing protocols support such as RIPv1, RIPv2, RIPng,
105 OSPFv2, OSPFv3, IS-IS, BGP-4, and BGP-4+ (*note Supported RFCs::).
106 Quagga also supports special BGP Route Reflector and Route Server
107 behavior. In addition to traditional IPv4 routing protocols, Quagga
108 also supports IPv6 routing protocols. With SNMP daemon which supports
109 SMUX and AgentX protocol, Quagga provides routing protocol MIBs (*note
112 Quagga uses an advanced software architecture to provide you with a
113 high quality, multi server routing engine. Quagga has an interactive
114 user interface for each routing protocol and supports common client
115 commands. Due to this design, you can add new protocol daemons to
116 Quagga easily. You can use Quagga library as your program's client user
119 Quagga is distributed under the GNU General Public License.
123 * About Quagga:: Basic information about Quagga
124 * System Architecture:: The Quagga system architecture
125 * Supported Platforms:: Supported platforms and future plans
126 * Supported RFCs:: Supported RFCs
127 * How to get Quagga::
128 * Mailing List:: Mailing list information
129 * Bug Reports:: Mail address for bug data
132 File: quagga.info, Node: About Quagga, Next: System Architecture, Up: Overview
137 Today, TCP/IP networks are covering all of the world. The Internet has
138 been deployed in many countries, companies, and to the home. When you
139 connect to the Internet your packet will pass many routers which have
140 TCP/IP routing functionality.
142 A system with Quagga installed acts as a dedicated router. With
143 Quagga, your machine exchanges routing information with other routers
144 using routing protocols. Quagga uses this information to update the
145 kernel routing table so that the right data goes to the right place.
146 You can dynamically change the configuration and you may view routing
147 table information from the Quagga terminal interface.
149 Adding to routing protocol support, Quagga can setup interface's
150 flags, interface's address, static routes and so on. If you have a
151 small network, or a stub network, or xDSL connection, configuring the
152 Quagga routing software is very easy. The only thing you have to do is
153 to set up the interfaces and put a few commands about static routes
154 and/or default routes. If the network is rather large, or if the
155 network structure changes frequently, you will want to take advantage of
156 Quagga's dynamic routing protocol support for protocols such as RIP,
159 Traditionally, UNIX based router configuration is done by 'ifconfig'
160 and 'route' commands. Status of routing table is displayed by 'netstat'
161 utility. Almost of these commands work only if the user has root
162 privileges. Quagga has a different system administration method. There
163 are two user modes in Quagga. One is normal mode, the other is enable
164 mode. Normal mode user can only view system status, enable mode user
165 can change system configuration. This UNIX account independent feature
166 will be great help to the router administrator.
168 Currently, Quagga supports common unicast routing protocols, that is
169 BGP, OSPF, RIP and IS-IS. Upcoming for MPLS support, an implementation
170 of LDP is currently being prepared for merging. Implementations of BFD
171 and PIM-SSM (IPv4) also exist, but are not actively being worked on.
173 The ultimate goal of the Quagga project is making a productive,
174 quality, free TCP/IP routing software package.
177 File: quagga.info, Node: System Architecture, Next: Supported Platforms, Prev: About Quagga, Up: Overview
179 1.2 System Architecture
180 =======================
182 Traditional routing software is made as a one process program which
183 provides all of the routing protocol functionalities. Quagga takes a
184 different approach. It is made from a collection of several daemons
185 that work together to build the routing table. There may be several
186 protocol-specific routing daemons and zebra the kernel routing manager.
188 The 'ripd' daemon handles the RIP protocol, while 'ospfd' is a daemon
189 which supports OSPF version 2. 'bgpd' supports the BGP-4 protocol. For
190 changing the kernel routing table and for redistribution of routes
191 between different routing protocols, there is a kernel routing table
192 manager 'zebra' daemon. It is easy to add a new routing protocol
193 daemons to the entire routing system without affecting any other
194 software. You need to run only the protocol daemon associated with
195 routing protocols in use. Thus, user may run a specific daemon and send
196 routing reports to a central routing console.
198 There is no need for these daemons to be running on the same machine.
199 You can even run several same protocol daemons on the same machine.
200 This architecture creates new possibilities for the routing system.
202 +----+ +----+ +-----+ +-----+
203 |bgpd| |ripd| |ospfd| |zebra|
204 +----+ +----+ +-----+ +-----+
206 +---------------------------|--+
208 | UNIX Kernel routing table |
210 +------------------------------+
212 Quagga System Architecture
214 Multi-process architecture brings extensibility, modularity and
215 maintainability. At the same time it also brings many configuration
216 files and terminal interfaces. Each daemon has it's own configuration
217 file and terminal interface. When you configure a static route, it must
218 be done in 'zebra' configuration file. When you configure BGP network
219 it must be done in 'bgpd' configuration file. This can be a very
220 annoying thing. To resolve the problem, Quagga provides integrated user
221 interface shell called 'vtysh'. 'vtysh' connects to each daemon with
222 UNIX domain socket and then works as a proxy for user input.
224 Quagga was planned to use multi-threaded mechanism when it runs with
225 a kernel that supports multi-threads. But at the moment, the thread
226 library which comes with GNU/Linux or FreeBSD has some problems with
227 running reliable services such as routing software, so we don't use
228 threads at all. Instead we use the 'select(2)' system call for
229 multiplexing the events.
232 File: quagga.info, Node: Supported Platforms, Next: Supported RFCs, Prev: System Architecture, Up: Overview
234 1.3 Supported Platforms
235 =======================
237 Currently Quagga supports GNU/Linux and BSD. Porting Quagga to other
238 platforms is not too difficult as platform dependent code should most be
239 limited to the 'zebra' daemon. Protocol daemons are mostly platform
240 independent. Please let us know when you find out Quagga runs on a
241 platform which is not listed below.
243 The list of officially supported platforms are listed below. Note
244 that Quagga may run correctly on other platforms, and may run with
245 partial functionality on further platforms.
253 Versions of these platforms that are older than around 2 years from
254 the point of their original release (in case of GNU/Linux, this is since
255 the kernel's release on kernel.org) may need some work. Similarly, the
256 following platforms may work with some effort:
262 Also note that, in particular regarding proprietary platforms,
263 compiler and C library choice will affect Quagga. Only recent versions
264 of the following C compilers are well-tested:
272 File: quagga.info, Node: Supported RFCs, Next: How to get Quagga, Prev: Supported Platforms, Up: Overview
277 Below is the list of currently supported RFC's.
280 'Routing Information Protocol. C.L. Hedrick. Jun-01-1988.'
283 'RIP-2 MD5 Authentication. F. Baker, R. Atkinson. January 1997.'
286 'RIP Version 2. G. Malkin. November 1998.'
289 'RIPng for IPv6. G. Malkin, R. Minnear. January 1997.'
292 'OSPF Version 2. J. Moy. April 1998.'
295 'The OSPF Opaque LSA Option R. Coltun. July 1998.'
298 'The OSPF Not-So-Stubby Area (NSSA) Option P. Murphy. January
302 'OSPF for IPv6. R. Coltun, D. Ferguson, J. Moy. December 1999.'
305 'A Border Gateway Protocol 4 (BGP-4). Y. Rekhter & T. Li. March
309 'Autonomous System Confederations for BGP. P. Traina. June 1996.'
312 'BGP Communities Attribute. R. Chandra, P. Traina & T. Li. August
316 'Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain
317 Routing. P. Marques, F. Dupont. March 1999.'
320 'BGP Route Reflection An alternative to full mesh IBGP. T. Bates &
321 R. Chandrasekeran. June 1996.'
324 'Multiprotocol Extensions for BGP-4. T. Bates, Y. Rekhter, R.
325 Chandra, D. Katz. June 2000.'
328 'Capabilities Advertisement with BGP-4. R. Chandra, J. Scudder. May
332 'OSPF Stub Router Advertisement, A. Retana, L. Nguyen, R. White, A.
333 Zinin, D. McPherson. June 2001'
335 When SNMP support is enabled, below RFC is also supported.
338 'SNMP MUX protocol and MIB. M.T. Rose. May-01-1991.'
341 'Definitions of Managed Objects for the Fourth Version of the
342 Border Gateway Protocol (BGP-4) using SMIv2. S. Willis, J. Burruss,
343 J. Chu, Editor. July 1994.'
346 'RIP Version 2 MIB Extension. G. Malkin & F. Baker. November 1994.'
349 'OSPF Version 2 Management Information Base. F. Baker, R. Coltun.
353 'Agent Extensibility (AgentX) Protocol. M. Daniele, B. Wijnen.
357 File: quagga.info, Node: How to get Quagga, Next: Mailing List, Prev: Supported RFCs, Up: Overview
359 1.5 How to get Quagga
360 =====================
362 The official Quagga web-site is located at:
364 <http://www.quagga.net/>
366 and contains further information, as well as links to additional
369 Quagga (http://www.quagga.net/) is a fork of GNU Zebra, whose
370 web-site is located at:
372 <http://www.zebra.org/>.
375 File: quagga.info, Node: Mailing List, Next: Bug Reports, Prev: How to get Quagga, Up: Overview
380 There is a mailing list for discussions about Quagga. If you have any
381 comments or suggestions to Quagga, please subscribe to:
383 <http://lists.quagga.net/mailman/listinfo/quagga-users>.
385 The Quagga site has further information on the available mailing
388 <http://www.quagga.net/lists.php>
391 File: quagga.info, Node: Bug Reports, Prev: Mailing List, Up: Overview
396 If you think you have found a bug, please send a bug report to:
398 <http://bugzilla.quagga.net>
400 When you send a bug report, please be careful about the points below.
402 * Please note what kind of OS you are using. If you use the IPv6
403 stack please note that as well.
404 * Please show us the results of 'netstat -rn' and 'ifconfig -a'.
405 Information from zebra's VTY command 'show ip route' will also be
407 * Please send your configuration file with the report. If you
408 specify arguments to the configure script please note that too.
410 Bug reports are very important for us to improve the quality of
411 Quagga. Quagga is still in the development stage, but please don't
412 hesitate to send a bug report to <http://bugzilla.quagga.net>.
415 File: quagga.info, Node: Installation, Next: Basic commands, Prev: Overview, Up: Top
420 There are three steps for installing the software: configuration,
421 compilation, and installation.
425 * Configure the Software::
426 * Build the Software::
427 * Install the Software::
429 The easiest way to get Quagga running is to issue the following
437 File: quagga.info, Node: Configure the Software, Next: Build the Software, Up: Installation
439 2.1 Configure the Software
440 ==========================
444 * The Configure script and its options::
445 * Least-Privilege support::
449 File: quagga.info, Node: The Configure script and its options, Next: Least-Privilege support, Up: Configure the Software
451 2.1.1 The Configure script and its options
452 ------------------------------------------
454 Quagga has an excellent configure script which automatically detects
455 most host configurations. There are several additional configure
456 options you can use to turn off IPv6 support, to disable the compilation
457 of specific daemons, and to enable SNMP support.
460 Turn off IPv6 related features and daemons. Quagga configure
461 script automatically detects IPv6 stack. But sometimes you might
462 want to disable IPv6 support of Quagga.
464 Do not build zebra daemon.
475 '--disable-bgp-announce'
476 Make 'bgpd' which does not make bgp announcements at all. This
477 feature is good for using 'bgpd' as a BGP announcement listener.
479 Force to enable GNU/Linux netlink interface. Quagga configure
480 script detects netlink interface by checking a header file. When
481 the header file does not match to the current running kernel,
482 configure script will not turn on netlink support.
484 Enable SNMP support. By default, SNMP support is disabled.
485 '--disable-opaque-lsa'
486 Disable support for Opaque LSAs (RFC2370) in ospfd.
488 Disable support for OSPF-API, an API to interface directly with
489 ospfd. OSPF-API is enabled if -enable-opaque-lsa is set.
490 '--disable-ospfclient'
491 Disable building of the example OSPF-API client.
493 Disable support for OSPF Traffic Engineering Extension (RFC3630)
494 this requires support for Opaque LSAs.
496 Disable support for OSPF Router Information (RFC4970 & RFC5088)
497 this requires support for Opaque LSAs and Traffic Engineering.
500 '--enable-isis-topology'
501 Enable IS-IS topology generator.
503 Enable Traffic Engineering Extension for ISIS (RFC5305)
504 '--enable-multipath=ARG'
505 Enable support for Equal Cost Multipath. ARG is the maximum number
506 of ECMP paths to allow, set to 0 to allow unlimited number of
509 Disable support IPV6 router advertisement in zebra.
510 '--enable-gcc-rdynamic'
511 Pass the '-rdynamic' option to the linker driver. This is in most
512 cases neccessary for getting usable backtraces. This option
513 defaults to on if the compiler is detected as gcc, but giving an
514 explicit enable/disable is suggested.
516 Controls backtrace support for the crash handlers. This is
517 autodetected by default. Using the switch will enforce the
518 requested behaviour, failing with an error if support is requested
519 but not available. On BSD systems, this needs libexecinfo, while
520 on glibc support for this is part of libc itself.
522 You may specify any combination of the above options to the configure
523 script. By default, the executables are placed in '/usr/local/sbin' and
524 the configuration files in '/usr/local/etc'. The '/usr/local/'
525 installation prefix and other directories may be changed using the
526 following options to the configuration script.
529 Install architecture-independent files in PREFIX [/usr/local].
531 Look for configuration files in DIR [PREFIX/etc]. Note that sample
532 configuration files will be installed here.
533 '--localstatedir=DIR'
534 Configure zebra to use DIR for local state files, such as pid files
537 % ./configure --disable-ipv6
539 This command will configure zebra and the routing daemons.
542 File: quagga.info, Node: Least-Privilege support, Next: Linux notes, Prev: The Configure script and its options, Up: Configure the Software
544 2.1.2 Least-Privilege support
545 -----------------------------
547 Additionally, you may configure zebra to drop its elevated privileges
548 shortly after startup and switch to another user. The configure script
549 will automatically try to configure this support. There are three
550 configure options to control the behaviour of Quagga daemons.
553 Switch to user ARG shortly after startup, and run as user ARG in
555 '--enable-group=GROUP'
556 Switch real and effective group to GROUP shortly after startup.
557 '--enable-vty-group=GROUP'
558 Create Unix Vty sockets (for use with vtysh) with group owndership
559 set to GROUP. This allows one to create a seperate group which is
560 restricted to accessing only the Vty sockets, hence allowing one to
561 delegate this group to individual users, or to run vtysh setgid to
564 The default user and group which will be configured is 'quagga' if no
565 user or group is specified. Note that this user or group requires write
566 access to the local state directory (see -localstatedir) and requires at
567 least read access, and write access if you wish to allow daemons to
568 write out their configuration, to the configuration directory (see
571 On systems which have the 'libcap' capabilities manipulation library
572 (currently only linux), the quagga system will retain only minimal
573 capabilities required, further it will only raise these capabilities for
574 brief periods. On systems without libcap, quagga will run as the user
575 specified and only raise its uid back to uid 0 for brief periods.
578 File: quagga.info, Node: Linux notes, Prev: Least-Privilege support, Up: Configure the Software
583 There are several options available only to GNU/Linux systems: (1). If
584 you use GNU/Linux, make sure that the current kernel configuration is
585 what you want. Quagga will run with any kernel configuration but some
586 recommendations do exist.
589 Kernel/User netlink socket. This is a brand new feature which
590 enables an advanced interface between the Linux kernel and zebra
591 (*note Kernel Interface::).
594 Routing messages. This makes it possible to receive netlink
595 routing messages. If you specify this option, 'zebra' can detect
596 routing information updates directly from the kernel (*note Kernel
600 IP: multicasting. This option should be specified when you use
601 'ripd' (*note RIP::) or 'ospfd' (*note OSPFv2::) because these
602 protocols use multicast.
604 IPv6 support has been added in GNU/Linux kernel version 2.2. If you
605 try to use the Quagga IPv6 feature on a GNU/Linux kernel, please make
606 sure the following libraries have been installed. Please note that
607 these libraries will not be needed when you uses GNU C library 2.1 or
611 The 'inet6-apps' package includes basic IPv6 related libraries such
612 as 'inet_ntop' and 'inet_pton'. Some basic IPv6 programs such as
613 'ping', 'ftp', and 'inetd' are also included. The 'inet-apps' can
614 be found at <ftp://ftp.inner.net/pub/ipv6/>.
617 The 'net-tools' package provides an IPv6 enabled interface and
618 routing utility. It contains 'ifconfig', 'route', 'netstat', and
619 other tools. 'net-tools' may be found at
620 <http://www.tazenda.demon.co.uk/phil/net-tools/>.
622 ---------- Footnotes ----------
624 (1) GNU/Linux has very flexible kernel configuration features
627 File: quagga.info, Node: Build the Software, Next: Install the Software, Prev: Configure the Software, Up: Installation
629 2.2 Build the Software
630 ======================
632 After configuring the software, you will need to compile it for your
633 system. Simply issue the command 'make' in the root of the source
634 directory and the software will be compiled. If you have *any* problems
635 at this stage, be certain to send a bug report *Note Bug Reports::.
648 File: quagga.info, Node: Install the Software, Prev: Build the Software, Up: Installation
650 2.3 Install the Software
651 ========================
653 Installing the software to your system consists of copying the compiled
654 programs and supporting files to a standard location. After the
655 installation process has completed, these files have been copied from
656 your work directory to '/usr/local/bin', and '/usr/local/etc'.
658 To install the Quagga suite, issue the following command at your
659 shell prompt: 'make install'.
665 Quagga daemons have their own terminal interface or VTY. After
666 installation, you have to setup each beast's port number to connect to
667 them. Please add the following entries to '/etc/services'.
669 zebrasrv 2600/tcp # zebra service
670 zebra 2601/tcp # zebra vty
671 ripd 2602/tcp # RIPd vty
672 ripngd 2603/tcp # RIPngd vty
673 ospfd 2604/tcp # OSPFd vty
674 bgpd 2605/tcp # BGPd vty
675 ospf6d 2606/tcp # OSPF6d vty
676 ospfapi 2607/tcp # ospfapi
677 isisd 2608/tcp # ISISd vty
678 pimd 2611/tcp # PIMd vty
679 nhrpd 2612/tcp # nhrpd vty
681 If you use a FreeBSD newer than 2.2.8, the above entries are already
682 added to '/etc/services' so there is no need to add it. If you specify
683 a port number when starting the daemon, these entries may not be needed.
685 You may need to make changes to the config files in
686 '/etc/quagga/*.conf'. *Note Config Commands::.
689 File: quagga.info, Node: Basic commands, Next: Zebra, Prev: Installation, Up: Top
694 There are five routing daemons in use, and there is one manager daemon.
695 These daemons may be located on separate machines from the manager
696 daemon. Each of these daemons will listen on a particular port for
697 incoming VTY connections. The routing daemons are:
699 * 'ripd', 'ripngd', 'ospfd', 'ospf6d', 'bgpd'
702 The following sections discuss commands common to all the routing
707 * Config Commands:: Commands used in config files
708 * Terminal Mode Commands:: Common commands used in a VTY
709 * Common Invocation Options:: Starting the daemons
710 * Virtual Terminal Interfaces:: Interacting with the daemons
713 File: quagga.info, Node: Config Commands, Next: Terminal Mode Commands, Up: Basic commands
720 * Basic Config Commands:: Some of the generic config commands
721 * Sample Config File:: An example config file
723 In a config file, you can write the debugging options, a vty's password,
724 routing daemon configurations, a log file name, and so forth. This
725 information forms the initial command set for a routing beast as it is
728 Config files are generally found in:
732 Each of the daemons has its own config file. For example, zebra's
733 default config file name is:
735 '/etc/quagga/zebra.conf'
737 The daemon name plus '.conf' is the default config file name. You
738 can specify a config file using the '-f' or '--config-file' options when
742 File: quagga.info, Node: Basic Config Commands, Next: Sample Config File, Up: Config Commands
744 3.1.1 Basic Config Commands
745 ---------------------------
747 -- Command: hostname HOSTNAME
748 Set hostname of the router.
750 -- Command: password PASSWORD
751 Set password for vty interface. If there is no password, a vty
752 won't accept connections.
754 -- Command: enable password PASSWORD
757 -- Command: log trap LEVEL
758 -- Command: no log trap
759 These commands are deprecated and are present only for historical
760 compatibility. The log trap command sets the current logging level
761 for all enabled logging destinations, and it sets the default for
762 all future logging commands that do not specify a level. The
763 normal default logging level is debugging. The 'no' form of the
764 command resets the default level for future logging commands to
765 debugging, but it does not change the logging level of existing
766 logging destinations.
768 -- Command: log stdout
769 -- Command: log stdout LEVEL
770 -- Command: no log stdout
771 Enable logging output to stdout. If the optional second argument
772 specifying the logging level is not present, the default logging
773 level (typically debugging, but can be changed using the deprecated
774 'log trap' command) will be used. The 'no' form of the command
775 disables logging to stdout. The 'level' argument must have one of
776 these values: emergencies, alerts, critical, errors, warnings,
777 notifications, informational, or debugging. Note that the existing
778 code logs its most important messages with severity 'errors'.
780 -- Command: log file FILENAME
781 -- Command: log file FILENAME LEVEL
782 -- Command: no log file
783 If you want to log into a file, please specify 'filename' as in
785 log file /var/log/quagga/bgpd.log informational
786 If the optional second argument specifying the logging level is not
787 present, the default logging level (typically debugging, but can be
788 changed using the deprecated 'log trap' command) will be used. The
789 'no' form of the command disables logging to a file.
791 Note: if you do not configure any file logging, and a daemon
792 crashes due to a signal or an assertion failure, it will attempt to
793 save the crash information in a file named /var/tmp/quagga.<daemon
794 name>.crashlog. For security reasons, this will not happen if the
795 file exists already, so it is important to delete the file after
796 reporting the crash information.
798 -- Command: log syslog
799 -- Command: log syslog LEVEL
800 -- Command: no log syslog
801 Enable logging output to syslog. If the optional second argument
802 specifying the logging level is not present, the default logging
803 level (typically debugging, but can be changed using the deprecated
804 'log trap' command) will be used. The 'no' form of the command
805 disables logging to syslog.
807 -- Command: log monitor
808 -- Command: log monitor LEVEL
809 -- Command: no log monitor
810 Enable logging output to vty terminals that have enabled logging
811 using the 'terminal monitor' command. By default, monitor logging
812 is enabled at the debugging level, but this command (or the
813 deprecated 'log trap' command) can be used to change the monitor
814 logging level. If the optional second argument specifying the
815 logging level is not present, the default logging level (typically
816 debugging, but can be changed using the deprecated 'log trap'
817 command) will be used. The 'no' form of the command disables
818 logging to terminal monitors.
820 -- Command: log facility FACILITY
821 -- Command: no log facility
822 This command changes the facility used in syslog messages. The
823 default facility is 'daemon'. The 'no' form of the command resets
824 the facility to the default 'daemon' facility.
826 -- Command: log record-priority
827 -- Command: no log record-priority
828 To include the severity in all messages logged to a file, to
829 stdout, or to a terminal monitor (i.e. anything except syslog),
830 use the 'log record-priority' global configuration command. To
831 disable this option, use the 'no' form of the command. By default,
832 the severity level is not included in logged messages. Note: some
833 versions of syslogd (including Solaris) can be configured to
834 include the facility and level in the messages emitted.
836 -- Command: log timestamp precision <0-6>
837 -- Command: no log timestamp precision
838 This command sets the precision of log message timestamps to the
839 given number of digits after the decimal point. Currently, the
840 value must be in the range 0 to 6 (i.e. the maximum precision is
841 microseconds). To restore the default behavior (1-second
842 accuracy), use the 'no' form of the command, or set the precision
845 log timestamp precision 3
847 In this example, the precision is set to provide timestamps with
848 millisecond accuracy.
850 -- Command: log commands
851 This command enables the logging of all commands typed by a user to
852 all enabled log destinations. The note that logging includes full
853 command lines, including passwords. Once set, command logging can
854 only be turned off by restarting the daemon.
856 -- Command: service password-encryption
859 -- Command: service advanced-vty
860 Enable advanced mode VTY.
862 -- Command: service terminal-length <0-512>
863 Set system wide line configuration. This configuration command
864 applies to all VTY interfaces.
867 Enter vty configuration mode.
869 -- Command: banner motd default
870 Set default motd string.
872 -- Command: no banner motd
873 No motd banner string will be printed.
875 -- Line Command: exec-timeout MINUTE
876 -- Line Command: exec-timeout MINUTE SECOND
877 Set VTY connection timeout value. When only one argument is
878 specified it is used for timeout value in minutes. Optional second
879 argument is used for timeout value in seconds. Default timeout
880 value is 10 minutes. When timeout value is zero, it means no
883 -- Line Command: no exec-timeout
884 Do not perform timeout at all. This command is as same as
887 -- Line Command: access-class ACCESS-LIST
888 Restrict vty connections with an access list.
891 File: quagga.info, Node: Sample Config File, Prev: Basic Config Commands, Up: Config Commands
893 3.1.2 Sample Config File
894 ------------------------
896 Below is a sample configuration file for the zebra daemon.
899 ! Zebra configuration file
903 enable password zebra
909 '!' and '#' are comment characters. If the first character of the
910 word is one of the comment characters then from the rest of the line
911 forward will be ignored as a comment.
913 password zebra!password
915 If a comment character is not the first character of the word, it's a
916 normal character. So in the above example '!' will not be regarded as
917 a comment and the password is set to 'zebra!password'.
920 File: quagga.info, Node: Terminal Mode Commands, Next: Common Invocation Options, Prev: Config Commands, Up: Basic commands
922 3.2 Terminal Mode Commands
923 ==========================
925 -- Command: write terminal
926 Displays the current configuration to the vty interface.
928 -- Command: write file
929 Write current configuration to configuration file.
931 -- Command: configure terminal
932 Change to configuration mode. This command is the first step to
935 -- Command: terminal length <0-512>
936 Set terminal display length to <0-512>. If length is 0, no display
937 control is performed.
940 Show a list of currently connected vty sessions.
943 List all available commands.
945 -- Command: show version
946 Show the current version of Quagga and its build host information.
948 -- Command: show logging
949 Shows the current configuration of the logging system. This
950 includes the status of all logging destinations.
952 -- Command: logmsg LEVEL MESSAGE
953 Send a message to all logging destinations that are enabled for
954 messages of the given severity.
957 File: quagga.info, Node: Common Invocation Options, Next: Virtual Terminal Interfaces, Prev: Terminal Mode Commands, Up: Basic commands
959 3.3 Common Invocation Options
960 =============================
962 These options apply to all Quagga daemons.
970 Set configuration file name.
974 Display this help and exit.
979 Upon startup the process identifier of the daemon is written to a
980 file, typically in '/var/run'. This file can be used by the init
981 system to implement commands such as '.../init.d/zebra status',
982 '.../init.d/zebra restart' or '.../init.d/zebra stop'.
984 The file name is an run-time option rather than a configure-time
985 option so that multiple routing daemons can be run simultaneously.
986 This is useful when using Quagga to implement a routing looking
987 glass. One machine can be used to collect differing routing views
988 from differing points in the network.
992 Set the VTY local address to bind to. If set, the VTY socket will
993 only be bound to this address.
997 Set the VTY TCP port number. If set to 0 then the TCP VTY sockets
1002 Set the user and group to run as.
1006 Print program version.
1009 File: quagga.info, Node: Virtual Terminal Interfaces, Prev: Common Invocation Options, Up: Basic commands
1011 3.4 Virtual Terminal Interfaces
1012 ===============================
1014 VTY - Virtual Terminal [aka TeletYpe] Interface is a command line
1015 interface (CLI) for user interaction with the routing daemon.
1019 * VTY Overview:: Basics about VTYs
1020 * VTY Modes:: View, Enable, and Other VTY modes
1021 * VTY CLI Commands:: Commands for movement, edition, and management
1024 File: quagga.info, Node: VTY Overview, Next: VTY Modes, Up: Virtual Terminal Interfaces
1029 VTY stands for Virtual TeletYpe interface. It means you can connect to
1030 the daemon via the telnet protocol.
1032 To enable a VTY interface, you have to setup a VTY password. If
1033 there is no VTY password, one cannot connect to the VTY interface at
1036 % telnet localhost 2601
1038 Connected to localhost.
1039 Escape character is '^]'.
1041 Hello, this is Quagga (version 1.2.3)
1042 Copyright (C) 1999-2005 Kunihiro Ishiguro, et al.
1044 User Access Verification
1048 enable Turn on privileged commands
1049 exit Exit current mode and down to previous mode
1050 help Description of the interactive help system
1051 list Print command list
1052 show Show running system information
1053 who Display who is on a vty
1056 Router# configure terminal
1057 Router(config)# interface eth0
1058 Router(config-if)# ip address 10.0.0.1/8
1059 Router(config-if)# ^Z
1062 '?' is very useful for looking up commands.
1065 File: quagga.info, Node: VTY Modes, Next: VTY CLI Commands, Prev: VTY Overview, Up: Virtual Terminal Interfaces
1070 There are three basic VTY modes:
1074 * VTY View Mode:: Mode for read-only interaction
1075 * VTY Enable Mode:: Mode for read-write interaction
1076 * VTY Other Modes:: Special modes (tftp, etc)
1078 There are commands that may be restricted to specific VTY modes.
1081 File: quagga.info, Node: VTY View Mode, Next: VTY Enable Mode, Up: VTY Modes
1083 3.4.2.1 VTY View Mode
1084 .....................
1086 This mode is for read-only access to the CLI. One may exit the mode by
1087 leaving the system, or by entering 'enable' mode.
1090 File: quagga.info, Node: VTY Enable Mode, Next: VTY Other Modes, Prev: VTY View Mode, Up: VTY Modes
1092 3.4.2.2 VTY Enable Mode
1093 .......................
1095 This mode is for read-write access to the CLI. One may exit the mode by
1096 leaving the system, or by escaping to view mode.
1099 File: quagga.info, Node: VTY Other Modes, Prev: VTY Enable Mode, Up: VTY Modes
1101 3.4.2.3 VTY Other Modes
1102 .......................
1104 This page is for describing other modes.
1107 File: quagga.info, Node: VTY CLI Commands, Prev: VTY Modes, Up: Virtual Terminal Interfaces
1109 3.4.3 VTY CLI Commands
1110 ----------------------
1112 Commands that you may use at the command-line are described in the
1113 following three subsubsections.
1117 * CLI Movement Commands:: Commands for moving the cursor about
1118 * CLI Editing Commands:: Commands for changing text
1119 * CLI Advanced Commands:: Other commands, session management and so on
1122 File: quagga.info, Node: CLI Movement Commands, Next: CLI Editing Commands, Up: VTY CLI Commands
1124 3.4.3.1 CLI Movement Commands
1125 .............................
1127 These commands are used for moving the CLI cursor. The <C> character
1128 means press the Control Key.
1132 Move forward one character.
1136 Move backward one character.
1139 Move forward one word.
1142 Move backward one word.
1145 Move to the beginning of the line.
1148 Move to the end of the line.
1151 File: quagga.info, Node: CLI Editing Commands, Next: CLI Advanced Commands, Prev: CLI Movement Commands, Up: VTY CLI Commands
1153 3.4.3.2 CLI Editing Commands
1154 ............................
1156 These commands are used for editing text on a line. The <C> character
1157 means press the Control Key.
1161 Delete the character before point.
1164 Delete the character after point.
1173 Kill to the end of the line.
1176 Kill line from the beginning, erasing input.
1179 Transpose character.
1182 Interpret following character literally. Do not treat it
1183 specially. This can be used to, e.g., type in a literal '?' rather
1184 than do help completion.
1187 File: quagga.info, Node: CLI Advanced Commands, Prev: CLI Editing Commands, Up: VTY CLI Commands
1189 3.4.3.3 CLI Advanced Commands
1190 .............................
1192 There are several additional CLI commands for command line completions,
1193 insta-help, and VTY session management.
1196 Interrupt current input and moves to the next line.
1199 End current configuration session and move to top node.
1203 Move down to next line in the history buffer.
1207 Move up to previous line in the history buffer.
1210 Use command line completion by typing <TAB>.
1213 You can use command line help by typing 'help' at the beginning of
1214 the line. Typing '?' at any point in the line will show possible
1217 To enter an actual '?' character rather show completions, e.g. to
1218 enter into a regexp, use '<C>-v ?'.
1221 File: quagga.info, Node: Zebra, Next: RIP, Prev: Basic commands, Up: Top
1226 'zebra' is an IP routing manager. It provides kernel routing table
1227 updates, interface lookups, and redistribution of routes between
1228 different routing protocols.
1232 * Invoking zebra:: Running the program
1233 * Interface Commands:: Commands for zebra interfaces
1234 * Static Route Commands:: Commands for adding static routes
1235 * Multicast RIB Commands:: Commands for controlling MRIB behavior
1236 * zebra Route Filtering:: Commands for zebra route filtering
1237 * zebra FIB push interface:: Interface to optional FPM component
1238 * zebra Terminal Mode Commands:: Commands for zebra's VTY
1241 File: quagga.info, Node: Invoking zebra, Next: Interface Commands, Up: Zebra
1246 Besides the common invocation options (*note Common Invocation
1247 Options::), the 'zebra' specific invocation options are listed below.
1251 Runs in batch mode. 'zebra' parses configuration file and
1252 terminates immediately.
1256 When zebra starts up, don't delete old self inserted routes.
1260 When program terminates, retain routes added by zebra.
1263 File: quagga.info, Node: Interface Commands, Next: Static Route Commands, Prev: Invoking zebra, Up: Zebra
1265 4.2 Interface Commands
1266 ======================
1270 * Standard Commands::
1271 * Link Parameters Commands::
1274 File: quagga.info, Node: Standard Commands, Next: Link Parameters Commands, Up: Interface Commands
1276 4.2.1 Standard Commands
1277 -----------------------
1279 -- Command: interface IFNAME
1281 -- Interface Command: shutdown
1282 -- Interface Command: no shutdown
1283 Up or down the current interface.
1285 -- Interface Command: ip address ADDRESS/PREFIX
1286 -- Interface Command: ipv6 address ADDRESS/PREFIX
1287 -- Interface Command: no ip address ADDRESS/PREFIX
1288 -- Interface Command: no ipv6 address ADDRESS/PREFIX
1289 Set the IPv4 or IPv6 address/prefix for the interface.
1291 -- Interface Command: ip address ADDRESS/PREFIX secondary
1292 -- Interface Command: no ip address ADDRESS/PREFIX secondary
1293 Set the secondary flag for this address. This causes ospfd to not
1294 treat the address as a distinct subnet.
1296 -- Interface Command: description DESCRIPTION ...
1297 Set description for the interface.
1299 -- Interface Command: multicast
1300 -- Interface Command: no multicast
1301 Enable or disables multicast flag for the interface.
1303 -- Interface Command: bandwidth <1-10000000>
1304 -- Interface Command: no bandwidth <1-10000000>
1305 Set bandwidth value of the interface in kilobits/sec. This is for
1306 calculating OSPF cost. This command does not affect the actual
1307 device configuration.
1309 -- Interface Command: link-detect
1310 -- Interface Command: no link-detect
1311 Enable/disable link-detect on platforms which support this.
1312 Currently only Linux and Solaris, and only where network interface
1313 drivers support reporting link-state via the IFF_RUNNING flag.
1316 File: quagga.info, Node: Link Parameters Commands, Prev: Standard Commands, Up: Interface Commands
1318 4.2.2 Link Parameters Commands
1319 ------------------------------
1321 -- Interface Command: link-params
1322 -- Interface Command: no link-param
1323 Enter into the link parameters sub node. At least 'enable' must be
1324 set to activate the link parameters, and consequently Traffic
1325 Engineering on this interface. MPLS-TE must be enable at the OSPF
1326 (*note OSPF Traffic Engineering::) or ISIS (*note ISIS Traffic
1327 Engineering::) router level in complement to this. Disable link
1328 parameters for this interface.
1330 Under link parameter statement, the following commands set the
1331 different TE values:
1333 -- link-params: enable
1334 Enable link parameters for this interface.
1336 -- link-params: metric <0-4294967295>
1337 -- link-params: max-bw BANDWIDTH
1338 -- link-params: max-rsv-bw BANDWIDTH
1339 -- link-params: unrsv-bw <0-7> BANDWIDTH
1340 -- link-params: admin-grp BANDWIDTH
1341 These commands specifies the Traffic Engineering parameters of the
1342 interface in conformity to RFC3630 (OSPF) or RFC5305 (ISIS). There
1343 are respectively the TE Metric (different from the OSPF or ISIS
1344 metric), Maximum Bandwidth (interface speed by default), Maximum
1345 Reservable Bandwidth, Unreserved Bandwidth for each 0-7 priority
1346 and Admin Group (ISIS) or Resource Class/Color (OSPF).
1348 Note that BANDWIDTH are specified in IEEE floating point format and
1349 express in Bytes/second.
1351 -- link-param: delay <0-16777215> [min <0-16777215> | max <0-16777215>]
1352 -- link-param: delay-variation <0-16777215>
1353 -- link-param: packet-loss PERCENTAGE
1354 -- link-param: res-bw BANDWIDTH
1355 -- link-param: ava-bw BANDWIDTH
1356 -- link-param: use-bw BANDWIDTH
1357 These command specifies additionnal Traffic Engineering parameters
1358 of the interface in conformity to
1359 draft-ietf-ospf-te-metrics-extension-05.txt and
1360 draft-ietf-isis-te-metrics-extension-03.txt. There are
1361 respectively the delay, jitter, loss, available bandwidth,
1362 reservable bandwidth and utilized bandwidth.
1364 Note that BANDWIDTH are specified in IEEE floating point format and
1365 express in Bytes/second. Delays and delay variation are express in
1366 micro-second (µs). Loss is specified in PERCENTAGE ranging from 0
1367 to 50.331642% by step of 0.000003.
1369 -- link-param: neighbor <A.B.C.D> as <0-65535>
1370 -- link-param: no neighbor
1371 Specifies the remote ASBR IP address and Autonomous System (AS)
1372 number for InterASv2 link in OSPF (RFC5392). Note that this option
1373 is not yet supported for ISIS (RFC5316).
1376 File: quagga.info, Node: Static Route Commands, Next: Multicast RIB Commands, Prev: Interface Commands, Up: Zebra
1378 4.3 Static Route Commands
1379 =========================
1381 Static routing is a very fundamental feature of routing technology. It
1382 defines static prefix and gateway.
1384 -- Command: ip route NETWORK GATEWAY
1385 NETWORK is destination prefix with format of A.B.C.D/M. GATEWAY is
1386 gateway for the prefix. When GATEWAY is A.B.C.D format. It is
1387 taken as a IPv4 address gateway. Otherwise it is treated as an
1388 interface name. If the interface name is NULL0 then zebra installs
1391 ip route 10.0.0.0/8 10.0.0.2
1392 ip route 10.0.0.0/8 ppp0
1393 ip route 10.0.0.0/8 null0
1395 First example defines 10.0.0.0/8 static route with gateway
1396 10.0.0.2. Second one defines the same prefix but with gateway to
1397 interface ppp0. The third install a blackhole route.
1399 -- Command: ip route NETWORK NETMASK GATEWAY
1400 This is alternate version of above command. When NETWORK is
1401 A.B.C.D format, user must define NETMASK value with A.B.C.D format.
1402 GATEWAY is same option as above command
1404 ip route 10.0.0.0 255.0.0.0 10.0.0.2
1405 ip route 10.0.0.0 255.0.0.0 ppp0
1406 ip route 10.0.0.0 255.0.0.0 null0
1408 These statements are equivalent to those in the previous example.
1410 -- Command: ip route NETWORK GATEWAY DISTANCE
1411 Installs the route with the specified distance.
1413 Multiple nexthop static route
1415 ip route 10.0.0.1/32 10.0.0.2
1416 ip route 10.0.0.1/32 10.0.0.3
1417 ip route 10.0.0.1/32 eth0
1419 If there is no route to 10.0.0.2 and 10.0.0.3, and interface eth0 is
1420 reachable, then the last route is installed into the kernel.
1422 If zebra has been compiled with multipath support, and both 10.0.0.2
1423 and 10.0.0.3 are reachable, zebra will install a multipath route via
1424 both nexthops, if the platform supports this.
1426 zebra> show ip route
1427 S> 10.0.0.1/32 [1/0] via 10.0.0.2 inactive
1428 via 10.0.0.3 inactive
1429 * is directly connected, eth0
1431 ip route 10.0.0.0/8 10.0.0.2
1432 ip route 10.0.0.0/8 10.0.0.3
1433 ip route 10.0.0.0/8 null0 255
1435 This will install a multihop route via the specified next-hops if
1436 they are reachable, as well as a high-metric blackhole route, which can
1437 be useful to prevent traffic destined for a prefix to match
1438 less-specific routes (eg default) should the specified gateways not be
1441 zebra> show ip route 10.0.0.0/8
1442 Routing entry for 10.0.0.0/8
1443 Known via "static", distance 1, metric 0
1447 Routing entry for 10.0.0.0/8
1448 Known via "static", distance 255, metric 0
1449 directly connected, Null0
1451 -- Command: ipv6 route NETWORK GATEWAY
1452 -- Command: ipv6 route NETWORK GATEWAY DISTANCE
1453 These behave similarly to their ipv4 counterparts.
1455 -- Command: table TABLENO
1456 Select the primary kernel routing table to be used. This only
1457 works for kernels supporting multiple routing tables (like
1458 GNU/Linux 2.2.x and later). After setting TABLENO with this
1459 command, static routes defined after this are added to the
1463 File: quagga.info, Node: Multicast RIB Commands, Next: zebra Route Filtering, Prev: Static Route Commands, Up: Zebra
1465 4.4 Multicast RIB Commands
1466 ==========================
1468 The Multicast RIB provides a separate table of unicast destinations
1469 which is used for Multicast Reverse Path Forwarding decisions. It is
1470 used with a multicast source's IP address, hence contains not multicast
1471 group addresses but unicast addresses.
1473 This table is fully separate from the default unicast table.
1474 However, RPF lookup can include the unicast table.
1476 WARNING: RPF lookup results are non-responsive in this version of
1477 Quagga, i.e. multicast routing does not actively react to changes in
1478 underlying unicast topology!
1480 -- Command: ip multicast rpf-lookup-mode MODE
1481 -- Command: no ip multicast rpf-lookup-mode [MODE]
1483 MODE sets the method used to perform RPF lookups. Supported modes:
1486 Performs the lookup on the Unicast RIB. The Multicast RIB is
1489 Performs the lookup on the Multicast RIB. The Unicast RIB is
1492 Tries to perform the lookup on the Multicast RIB. If any route
1493 is found, that route is used. Otherwise, the Unicast RIB is
1496 Performs a lookup on the Multicast RIB and Unicast RIB each.
1497 The result with the lower administrative distance is used; if
1498 they're equal, the Multicast RIB takes precedence.
1500 Performs a lookup on the Multicast RIB and Unicast RIB each.
1501 The result with the longer prefix length is used; if they're
1502 equal, the Multicast RIB takes precedence.
1504 The 'mrib-then-urib' setting is the default behavior if nothing is
1505 configured. If this is the desired behavior, it should be
1506 explicitly configured to make the configuration immune against
1507 possible changes in what the default behavior is.
1509 WARNING: Unreachable routes do not receive special treatment and do
1510 not cause fallback to a second lookup.
1512 -- Command: show ip rpf ADDR
1514 Performs a Multicast RPF lookup, as configured with 'ip multicast
1515 rpf-lookup-mode MODE'. ADDR specifies the multicast source address
1518 > show ip rpf 192.0.2.1
1519 Routing entry for 192.0.2.0/24 using Unicast RIB
1520 Known via "kernel", distance 0, metric 0, best
1521 * 198.51.100.1, via eth0
1523 Indicates that a multicast source lookup for 192.0.2.1 would use an
1524 Unicast RIB entry for 192.0.2.0/24 with a gateway of 198.51.100.1.
1526 -- Command: show ip rpf
1528 Prints the entire Multicast RIB. Note that this is independent of
1529 the configured RPF lookup mode, the Multicast RIB may be printed
1530 yet not used at all.
1532 -- Command: ip mroute PREFIX NEXTHOP [DISTANCE]
1533 -- Command: no ip mroute PREFIX NEXTHOP [DISTANCE]
1535 Adds a static route entry to the Multicast RIB. This performs
1536 exactly as the 'ip route' command, except that it inserts the route
1537 in the Multicast RIB instead of the Unicast RIB.
1540 File: quagga.info, Node: zebra Route Filtering, Next: zebra FIB push interface, Prev: Multicast RIB Commands, Up: Zebra
1542 4.5 zebra Route Filtering
1543 =========================
1545 Zebra supports 'prefix-list' and 'route-map' to match routes received
1546 from other quagga components. The 'permit'/'deny' facilities provided
1547 by these commands can be used to filter which routes zebra will install
1550 -- Command: ip protocol PROTOCOL route-map ROUTEMAP
1551 Apply a route-map filter to routes for the specified protocol.
1552 PROTOCOL can be any or one of system, kernel, connected, static,
1553 rip, ripng, ospf, ospf6, isis, bgp, hsls.
1555 -- Route Map: set src ADDRESS
1556 Within a route-map, set the preferred source address for matching
1557 routes when installing in the kernel.
1559 The following creates a prefix-list that matches all addresses, a
1560 route-map that sets the preferred source address, and applies the
1561 route-map to all 'rip' routes.
1563 ip prefix-list ANY permit 0.0.0.0/0 le 32
1564 route-map RM1 permit 10
1565 match ip address prefix-list ANY
1568 ip protocol rip route-map RM1
1571 File: quagga.info, Node: zebra FIB push interface, Next: zebra Terminal Mode Commands, Prev: zebra Route Filtering, Up: Zebra
1573 4.6 zebra FIB push interface
1574 ============================
1576 Zebra supports a 'FIB push' interface that allows an external component
1577 to learn the forwarding information computed by the Quagga routing
1580 In Quagga, the Routing Information Base (RIB) resides inside zebra.
1581 Routing protocols communicate their best routes to zebra, and zebra
1582 computes the best route across protocols for each prefix. This latter
1583 information makes up the Forwarding Information Base (FIB). Zebra feeds
1584 the FIB to the kernel, which allows the IP stack in the kernel to
1585 forward packets according to the routes computed by Quagga. The kernel
1586 FIB is updated in an OS-specific way. For example, the 'netlink'
1587 interface is used on Linux, and route sockets are used on FreeBSD.
1589 The FIB push interface aims to provide a cross-platform mechanism to
1590 support scenarios where the router has a forwarding path that is
1591 distinct from the kernel, commonly a hardware-based fast path. In these
1592 cases, the FIB needs to be maintained reliably in the fast path as well.
1593 We refer to the component that programs the forwarding plane (directly
1594 or indirectly) as the Forwarding Plane Manager or FPM.
1596 The FIB push interface comprises of a TCP connection between zebra
1597 and the FPM. The connection is initiated by zebra - that is, the FPM
1598 acts as the TCP server.
1600 The relevant zebra code kicks in when zebra is configured with the
1601 '--enable-fpm' flag. Zebra periodically attempts to connect to the
1602 well-known FPM port. Once the connection is up, zebra starts sending
1603 messages containing routes over the socket to the FPM. Zebra sends a
1604 complete copy of the forwarding table to the FPM, including routes that
1605 it may have picked up from the kernel. The existing interaction of
1606 zebra with the kernel remains unchanged - that is, the kernel continues
1607 to receive FIB updates as before.
1609 The encapsulation header for the messages exchanged with the FPM is
1610 defined by the file 'fpm/fpm.h' in the quagga tree. The routes
1611 themselves are encoded in netlink or protobuf format, with netlink being
1614 Protobuf is one of a number of new serialization formats wherein the
1615 message schema is expressed in a purpose-built language. Code for
1616 encoding/decoding to/from the wire format is generated from the schema.
1617 Protobuf messages can be extended easily while maintaining
1618 backward-compatibility with older code. Protobuf has the following
1619 advantages over netlink:
1621 * Code for serialization/deserialization is generated automatically.
1622 This reduces the likelihood of bugs, allows third-party programs to
1623 be integrated quickly, and makes it easy to add fields.
1624 * The message format is not tied to an OS (Linux), and can be evolved
1627 As mentioned before, zebra encodes routes sent to the FPM in netlink
1628 format by default. The format can be controlled via the '--fpm_format'
1629 command-line option to zebra, which currently takes the values 'netlink'
1632 The zebra FPM interface uses replace semantics. That is, if a 'route
1633 add' message for a prefix is followed by another 'route add' message,
1634 the information in the second message is complete by itself, and
1635 replaces the information sent in the first message.
1637 If the connection to the FPM goes down for some reason, zebra sends
1638 the FPM a complete copy of the forwarding table(s) when it reconnects.
1641 File: quagga.info, Node: zebra Terminal Mode Commands, Prev: zebra FIB push interface, Up: Zebra
1643 4.7 zebra Terminal Mode Commands
1644 ================================
1646 -- Command: show ip route
1647 Display current routes which zebra holds in its database.
1649 Router# show ip route
1650 Codes: K - kernel route, C - connected, S - static, R - RIP,
1651 B - BGP * - FIB route.
1653 K* 0.0.0.0/0 203.181.89.241
1654 S 0.0.0.0/0 203.181.89.1
1656 C* 203.181.89.240/28 eth0
1658 -- Command: show ipv6 route
1660 -- Command: show interface
1662 -- Command: show ip prefix-list [NAME]
1664 -- Command: show route-map [NAME]
1666 -- Command: show ip protocol
1668 -- Command: show ipforward
1669 Display whether the host's IP forwarding function is enabled or
1670 not. Almost any UNIX kernel can be configured with IP forwarding
1671 disabled. If so, the box can't work as a router.
1673 -- Command: show ipv6forward
1674 Display whether the host's IP v6 forwarding is enabled or not.
1676 -- Command: show zebra fpm stats
1677 Display statistics related to the zebra code that interacts with
1678 the optional Forwarding Plane Manager (FPM) component.
1680 -- Command: clear zebra fpm stats
1681 Reset statistics related to the zebra code that interacts with the
1682 optional Forwarding Plane Manager (FPM) component.
1685 File: quagga.info, Node: RIP, Next: RIPng, Prev: Zebra, Up: Top
1690 RIP - Routing Information Protocol is widely deployed interior gateway
1691 protocol. RIP was developed in the 1970s at Xerox Labs as part of the
1692 XNS routing protocol. RIP is a "distance-vector" protocol and is based
1693 on the "Bellman-Ford" algorithms. As a distance-vector protocol, RIP
1694 router send updates to its neighbors periodically, thus allowing the
1695 convergence to a known topology. In each update, the distance to any
1696 given network will be broadcasted to its neighboring router.
1698 'ripd' supports RIP version 2 as described in RFC2453 and RIP version
1699 1 as described in RFC1058.
1703 * Starting and Stopping ripd::
1704 * RIP Configuration::
1705 * RIP Version Control::
1706 * How to Announce RIP route::
1707 * Filtering RIP Routes::
1708 * RIP Metric Manipulation::
1711 * RIP Authentication::
1713 * Show RIP Information::
1714 * RIP Debug Commands::
1717 File: quagga.info, Node: Starting and Stopping ripd, Next: RIP Configuration, Up: RIP
1719 5.1 Starting and Stopping ripd
1720 ==============================
1722 The default configuration file name of 'ripd''s is 'ripd.conf'. When
1723 invocation 'ripd' searches directory /etc/quagga. If 'ripd.conf' is not
1724 there next search current directory.
1726 RIP uses UDP port 520 to send and receive RIP packets. So the user
1727 must have the capability to bind the port, generally this means that the
1728 user must have superuser privileges. RIP protocol requires interface
1729 information maintained by 'zebra' daemon. So running 'zebra' is
1730 mandatory to run 'ripd'. Thus minimum sequence for running RIP is like
1736 Please note that 'zebra' must be invoked before 'ripd'.
1738 To stop 'ripd'. Please use 'kill `cat /var/run/ripd.pid`'. Certain
1739 signals have special meaningss to 'ripd'.
1742 Reload configuration file 'ripd.conf'. All configurations are
1743 reseted. All routes learned so far are cleared and removed from
1746 Rotate 'ripd' logfile.
1749 'ripd' sweeps all installed RIP routes then terminates properly.
1751 'ripd' invocation options. Common options that can be specified
1752 (*note Common Invocation Options::).
1756 When the program terminates, retain routes added by 'ripd'.
1763 File: quagga.info, Node: RIP netmask, Up: Starting and Stopping ripd
1768 The netmask features of 'ripd' support both version 1 and version 2 of
1769 RIP. Version 1 of RIP originally contained no netmask information. In
1770 RIP version 1, network classes were originally used to determine the
1771 size of the netmask. Class A networks use 8 bits of mask, Class B
1772 networks use 16 bits of masks, while Class C networks use 24 bits of
1773 mask. Today, the most widely used method of a network mask is assigned
1774 to the packet on the basis of the interface that received the packet.
1775 Version 2 of RIP supports a variable length subnet mask (VLSM). By
1776 extending the subnet mask, the mask can be divided and reused. Each
1777 subnet can be used for different purposes such as large to middle size
1778 LANs and WAN links. Quagga 'ripd' does not support the non-sequential
1779 netmasks that are included in RIP Version 2.
1781 In a case of similar information with the same prefix and metric, the
1782 old information will be suppressed. Ripd does not currently support
1783 equal cost multipath routing.
1786 File: quagga.info, Node: RIP Configuration, Next: RIP Version Control, Prev: Starting and Stopping ripd, Up: RIP
1788 5.2 RIP Configuration
1789 =====================
1791 -- Command: router rip
1792 The 'router rip' command is necessary to enable RIP. To disable
1793 RIP, use the 'no router rip' command. RIP must be enabled before
1794 carrying out any of the RIP commands.
1796 -- Command: no router rip
1799 -- RIP Command: network NETWORK
1800 -- RIP Command: no network NETWORK
1801 Set the RIP enable interface by NETWORK. The interfaces which have
1802 addresses matching with NETWORK are enabled.
1804 This group of commands either enables or disables RIP interfaces
1805 between certain numbers of a specified network address. For
1806 example, if the network for 10.0.0.0/24 is RIP enabled, this would
1807 result in all the addresses from 10.0.0.0 to 10.0.0.255 being
1808 enabled for RIP. The 'no network' command will disable RIP for the
1811 -- RIP Command: network IFNAME
1812 -- RIP Command: no network IFNAME
1813 Set a RIP enabled interface by IFNAME. Both the sending and
1814 receiving of RIP packets will be enabled on the port specified in
1815 the 'network ifname' command. The 'no network ifname' command will
1816 disable RIP on the specified interface.
1818 -- RIP Command: neighbor A.B.C.D
1819 -- RIP Command: no neighbor A.B.C.D
1820 Specify RIP neighbor. When a neighbor doesn't understand
1821 multicast, this command is used to specify neighbors. In some
1822 cases, not all routers will be able to understand multicasting,
1823 where packets are sent to a network or a group of addresses. In a
1824 situation where a neighbor cannot process multicast packets, it is
1825 necessary to establish a direct link between routers. The neighbor
1826 command allows the network administrator to specify a router as a
1827 RIP neighbor. The 'no neighbor a.b.c.d' command will disable the
1830 Below is very simple RIP configuration. Interface 'eth0' and
1831 interface which address match to '10.0.0.0/8' are RIP enabled.
1841 -- RIP command: passive-interface (IFNAME|default)
1842 -- RIP command: no passive-interface IFNAME
1843 This command sets the specified interface to passive mode. On
1844 passive mode interface, all receiving packets are processed as
1845 normal and ripd does not send either multicast or unicast RIP
1846 packets except to RIP neighbors specified with 'neighbor' command.
1847 The interface may be specified as DEFAULT to make ripd default to
1848 passive on all interfaces.
1850 The default is to be passive on all interfaces.
1854 -- Interface command: ip split-horizon
1855 -- Interface command: no ip split-horizon
1856 Control split-horizon on the interface. Default is 'ip
1857 split-horizon'. If you don't perform split-horizon on the
1858 interface, please specify 'no ip split-horizon'.
1861 File: quagga.info, Node: RIP Version Control, Next: How to Announce RIP route, Prev: RIP Configuration, Up: RIP
1863 5.3 RIP Version Control
1864 =======================
1866 RIP can be configured to send either Version 1 or Version 2 packets.
1867 The default is to send RIPv2 while accepting both RIPv1 and RIPv2 (and
1868 replying with packets of the appropriate version for REQUESTS /
1869 triggered updates). The version to receive and send can be specified
1870 globally, and further overriden on a per-interface basis if needs be for
1871 send and receive seperately (see below).
1873 It is important to note that RIPv1 can not be authenticated.
1874 Further, if RIPv1 is enabled then RIP will reply to REQUEST packets,
1875 sending the state of its RIP routing table to any remote routers that
1876 ask on demand. For a more detailed discussion on the security
1877 implications of RIPv1 see *note RIP Authentication::.
1879 -- RIP Command: version VERSION
1880 Set RIP version to accept for reads and send. VERSION can be
1883 Disabling RIPv1 by specifying version 2 is STRONGLY encouraged,
1884 *Note RIP Authentication::. This may become the default in a
1887 Default: Send Version 2, and accept either version.
1889 -- RIP Command: no version
1890 Reset the global version setting back to the default.
1892 -- Interface command: ip rip send version VERSION
1893 VERSION can be '1', '2' or '1 2'.
1895 This interface command overrides the global rip version setting,
1896 and selects which version of RIP to send packets with, for this
1897 interface specifically. Choice of RIP Version 1, RIP Version 2, or
1898 both versions. In the latter case, where '1 2' is specified,
1899 packets will be both broadcast and multicast.
1901 Default: Send packets according to the global version (version 2)
1903 -- Interface command: ip rip receive version VERSION
1904 VERSION can be '1', '2' or '1 2'.
1906 This interface command overrides the global rip version setting,
1907 and selects which versions of RIP packets will be accepted on this
1908 interface. Choice of RIP Version 1, RIP Version 2, or both.
1910 Default: Accept packets according to the global setting (both 1 and
1914 File: quagga.info, Node: How to Announce RIP route, Next: Filtering RIP Routes, Prev: RIP Version Control, Up: RIP
1916 5.4 How to Announce RIP route
1917 =============================
1919 -- RIP command: redistribute kernel
1920 -- RIP command: redistribute kernel metric <0-16>
1921 -- RIP command: redistribute kernel route-map ROUTE-MAP
1922 -- RIP command: no redistribute kernel
1923 'redistribute kernel' redistributes routing information from kernel
1924 route entries into the RIP tables. 'no redistribute kernel'
1925 disables the routes.
1927 -- RIP command: redistribute static
1928 -- RIP command: redistribute static metric <0-16>
1929 -- RIP command: redistribute static route-map ROUTE-MAP
1930 -- RIP command: no redistribute static
1931 'redistribute static' redistributes routing information from static
1932 route entries into the RIP tables. 'no redistribute static'
1933 disables the routes.
1935 -- RIP command: redistribute connected
1936 -- RIP command: redistribute connected metric <0-16>
1937 -- RIP command: redistribute connected route-map ROUTE-MAP
1938 -- RIP command: no redistribute connected
1939 Redistribute connected routes into the RIP tables. 'no
1940 redistribute connected' disables the connected routes in the RIP
1941 tables. This command redistribute connected of the interface which
1942 RIP disabled. The connected route on RIP enabled interface is
1943 announced by default.
1945 -- RIP command: redistribute ospf
1946 -- RIP command: redistribute ospf metric <0-16>
1947 -- RIP command: redistribute ospf route-map ROUTE-MAP
1948 -- RIP command: no redistribute ospf
1949 'redistribute ospf' redistributes routing information from ospf
1950 route entries into the RIP tables. 'no redistribute ospf' disables
1953 -- RIP command: redistribute bgp
1954 -- RIP command: redistribute bgp metric <0-16>
1955 -- RIP command: redistribute bgp route-map ROUTE-MAP
1956 -- RIP command: no redistribute bgp
1957 'redistribute bgp' redistributes routing information from bgp route
1958 entries into the RIP tables. 'no redistribute bgp' disables the
1961 If you want to specify RIP only static routes:
1963 -- RIP command: default-information originate
1965 -- RIP command: route A.B.C.D/M
1966 -- RIP command: no route A.B.C.D/M
1967 This command is specific to Quagga. The 'route' command makes a
1968 static route only inside RIP. This command should be used only by
1969 advanced users who are particularly knowledgeable about the RIP
1970 protocol. In most cases, we recommend creating a static route in
1971 Quagga and redistributing it in RIP using 'redistribute static'.
1974 File: quagga.info, Node: Filtering RIP Routes, Next: RIP Metric Manipulation, Prev: How to Announce RIP route, Up: RIP
1976 5.5 Filtering RIP Routes
1977 ========================
1979 RIP routes can be filtered by a distribute-list.
1981 -- Command: distribute-list ACCESS_LIST DIRECT IFNAME
1982 You can apply access lists to the interface with a
1983 'distribute-list' command. ACCESS_LIST is the access list name.
1984 DIRECT is 'in' or 'out'. If DIRECT is 'in' the access list is
1985 applied to input packets.
1987 The 'distribute-list' command can be used to filter the RIP path.
1988 'distribute-list' can apply access-lists to a chosen interface.
1989 First, one should specify the access-list. Next, the name of the
1990 access-list is used in the distribute-list command. For example,
1991 in the following configuration 'eth0' will permit only the paths
1992 that match the route 10.0.0.0/8
1996 distribute-list private in eth0
1998 access-list private permit 10 10.0.0.0/8
1999 access-list private deny any
2002 'distribute-list' can be applied to both incoming and outgoing data.
2004 -- Command: distribute-list prefix PREFIX_LIST (in|out) IFNAME
2005 You can apply prefix lists to the interface with a
2006 'distribute-list' command. PREFIX_LIST is the prefix list name.
2007 Next is the direction of 'in' or 'out'. If DIRECT is 'in' the
2008 access list is applied to input packets.
2011 File: quagga.info, Node: RIP Metric Manipulation, Next: RIP distance, Prev: Filtering RIP Routes, Up: RIP
2013 5.6 RIP Metric Manipulation
2014 ===========================
2016 RIP metric is a value for distance for the network. Usually 'ripd'
2017 increment the metric when the network information is received.
2018 Redistributed routes' metric is set to 1.
2020 -- RIP command: default-metric <1-16>
2021 -- RIP command: no default-metric <1-16>
2022 This command modifies the default metric value for redistributed
2023 routes. The default value is 1. This command does not affect
2024 connected route even if it is redistributed by 'redistribute
2025 connected'. To modify connected route's metric value, please use
2026 'redistribute connected metric' or 'route-map'. 'offset-list' also
2027 affects connected routes.
2029 -- RIP command: offset-list ACCESS-LIST (in|out)
2030 -- RIP command: offset-list ACCESS-LIST (in|out) IFNAME
2033 File: quagga.info, Node: RIP distance, Next: RIP route-map, Prev: RIP Metric Manipulation, Up: RIP
2038 Distance value is used in zebra daemon. Default RIP distance is 120.
2040 -- RIP command: distance <1-255>
2041 -- RIP command: no distance <1-255>
2042 Set default RIP distance to specified value.
2044 -- RIP command: distance <1-255> A.B.C.D/M
2045 -- RIP command: no distance <1-255> A.B.C.D/M
2046 Set default RIP distance to specified value when the route's source
2047 IP address matches the specified prefix.
2049 -- RIP command: distance <1-255> A.B.C.D/M ACCESS-LIST
2050 -- RIP command: no distance <1-255> A.B.C.D/M ACCESS-LIST
2051 Set default RIP distance to specified value when the route's source
2052 IP address matches the specified prefix and the specified
2056 File: quagga.info, Node: RIP route-map, Next: RIP Authentication, Prev: RIP distance, Up: RIP
2061 Usage of 'ripd''s route-map support.
2063 Optional argument route-map MAP_NAME can be added to each
2064 'redistribute' statement.
2066 redistribute static [route-map MAP_NAME]
2067 redistribute connected [route-map MAP_NAME]
2070 Cisco applies route-map _before_ routes will exported to rip route
2071 table. In current Quagga's test implementation, 'ripd' applies
2072 route-map after routes are listed in the route table and before routes
2073 will be announced to an interface (something like output filter). I
2074 think it is not so clear, but it is draft and it may be changed at
2077 Route-map statement (*note Route Map::) is needed to use route-map
2080 -- Route Map: match interface WORD
2081 This command match to incoming interface. Notation of this match
2082 is different from Cisco. Cisco uses a list of interfaces - NAME1
2083 NAME2 ... NAMEN. Ripd allows only one name (maybe will change in
2084 the future). Next - Cisco means interface which includes next-hop
2085 of routes (it is somewhat similar to "ip next-hop" statement).
2086 Ripd means interface where this route will be sent. This
2087 difference is because "next-hop" of same routes which sends to
2088 different interfaces must be different. Maybe it'd be better to
2089 made new matches - say "match interface-out NAME" or something like
2092 -- Route Map: match ip address WORD
2093 -- Route Map: match ip address prefix-list WORD
2094 Match if route destination is permitted by access-list.
2096 -- Route Map: match ip next-hop WORD
2097 -- Route Map: match ip next-hop prefix-list WORD
2098 Match if route next-hop (meaning next-hop listed in the rip
2099 route-table as displayed by "show ip rip") is permitted by
2102 -- Route Map: match metric <0-4294967295>
2103 This command match to the metric value of RIP updates. For other
2104 protocol compatibility metric range is shown as <0-4294967295>.
2105 But for RIP protocol only the value range <0-16> make sense.
2107 -- Route Map: set ip next-hop A.B.C.D
2108 This command set next hop value in RIPv2 protocol. This command
2109 does not affect RIPv1 because there is no next hop field in the
2112 -- Route Map: set metric <0-4294967295>
2113 Set a metric for matched route when sending announcement. The
2114 metric value range is very large for compatibility with other
2115 protocols. For RIP, valid metric values are from 1 to 16.
2118 File: quagga.info, Node: RIP Authentication, Next: RIP Timers, Prev: RIP route-map, Up: RIP
2120 5.9 RIP Authentication
2121 ======================
2123 RIPv2 allows packets to be authenticated via either an insecure plain
2124 text password, included with the packet, or via a more secure MD5 based
2125 HMAC (keyed-Hashing for Message AuthentiCation), RIPv1 can not be
2126 authenticated at all, thus when authentication is configured 'ripd' will
2127 discard routing updates received via RIPv1 packets.
2129 However, unless RIPv1 reception is disabled entirely, *Note RIP
2130 Version Control::, RIPv1 REQUEST packets which are received, which query
2131 the router for routing information, will still be honoured by 'ripd',
2132 and 'ripd' WILL reply to such packets. This allows 'ripd' to honour
2133 such REQUESTs (which sometimes is used by old equipment and very simple
2134 devices to bootstrap their default route), while still providing
2135 security for route updates which are received.
2137 In short: Enabling authentication prevents routes being updated by
2138 unauthenticated remote routers, but still can allow routes (I.e. the
2139 entire RIP routing table) to be queried remotely, potentially by anyone
2140 on the internet, via RIPv1.
2142 To prevent such unauthenticated querying of routes disable RIPv1,
2143 *Note RIP Version Control::.
2145 -- Interface command: ip rip authentication mode md5
2146 -- Interface command: no ip rip authentication mode md5
2147 Set the interface with RIPv2 MD5 authentication.
2149 -- Interface command: ip rip authentication mode text
2150 -- Interface command: no ip rip authentication mode text
2151 Set the interface with RIPv2 simple password authentication.
2153 -- Interface command: ip rip authentication string STRING
2154 -- Interface command: no ip rip authentication string STRING
2155 RIP version 2 has simple text authentication. This command sets
2156 authentication string. The string must be shorter than 16
2159 -- Interface command: ip rip authentication key-chain KEY-CHAIN
2160 -- Interface command: no ip rip authentication key-chain KEY-CHAIN
2161 Specifiy Keyed MD5 chain.
2169 ip rip authentication mode md5
2170 ip rip authentication key-chain test
2174 File: quagga.info, Node: RIP Timers, Next: Show RIP Information, Prev: RIP Authentication, Up: RIP
2179 -- RIP command: timers basic UPDATE TIMEOUT GARBAGE
2181 RIP protocol has several timers. User can configure those timers'
2182 values by 'timers basic' command.
2184 The default settings for the timers are as follows:
2186 * The update timer is 30 seconds. Every update timer seconds,
2187 the RIP process is awakened to send an unsolicited Response
2188 message containing the complete routing table to all
2189 neighboring RIP routers.
2191 * The timeout timer is 180 seconds. Upon expiration of the
2192 timeout, the route is no longer valid; however, it is retained
2193 in the routing table for a short time so that neighbors can be
2194 notified that the route has been dropped.
2196 * The garbage collect timer is 120 seconds. Upon expiration of
2197 the garbage-collection timer, the route is finally removed
2198 from the routing table.
2200 The 'timers basic' command allows the the default values of the
2201 timers listed above to be changed.
2203 -- RIP command: no timers basic
2204 The 'no timers basic' command will reset the timers to the default
2205 settings listed above.
2208 File: quagga.info, Node: Show RIP Information, Next: RIP Debug Commands, Prev: RIP Timers, Up: RIP
2210 5.11 Show RIP Information
2211 =========================
2213 To display RIP routes.
2215 -- Command: show ip rip
2218 The command displays all RIP routes. For routes that are received
2219 through RIP, this command will display the time the packet was sent and
2220 the tag information. This command will also display this information
2221 for routes redistributed into RIP.
2223 -- Command: show ip rip status
2224 The command displays current RIP status. It includes RIP timer,
2225 filtering, version, RIP enabled interface and RIP peer inforation.
2227 ripd> show ip rip status
2228 Routing Protocol is "rip"
2229 Sending updates every 30 seconds with +/-50%, next due in 35 seconds
2230 Timeout after 180 seconds, garbage collect after 120 seconds
2231 Outgoing update filter list for all interface is not set
2232 Incoming update filter list for all interface is not set
2233 Default redistribution metric is 1
2234 Redistributing: kernel connected
2235 Default version control: send version 2, receive version 2
2237 Routing for Networks:
2242 Routing Information Sources:
2243 Gateway BadPackets BadRoutes Distance Last Update
2246 File: quagga.info, Node: RIP Debug Commands, Prev: Show RIP Information, Up: RIP
2248 5.12 RIP Debug Commands
2249 =======================
2251 Debug for RIP protocol.
2253 -- Command: debug rip events
2256 'debug rip' will show RIP events. Sending and receiving packets,
2257 timers, and changes in interfaces are events shown with 'ripd'.
2259 -- Command: debug rip packet
2262 'debug rip packet' will display detailed information about the RIP
2263 packets. The origin and port number of the packet as well as a packet
2266 -- Command: debug rip zebra
2267 Debug rip between zebra communication.
2269 This command will show the communication between 'ripd' and 'zebra'.
2270 The main information will include addition and deletion of paths to the
2271 kernel and the sending and receiving of interface information.
2273 -- Command: show debugging rip
2274 Display 'ripd''s debugging option.
2276 'show debugging rip' will show all information currently set for ripd
2280 File: quagga.info, Node: RIPng, Next: OSPFv2, Prev: RIP, Up: Top
2285 'ripngd' supports the RIPng protocol as described in RFC2080. It's an
2286 IPv6 reincarnation of the RIP protocol.
2291 * ripngd Configuration::
2292 * ripngd Terminal Mode Commands::
2293 * ripngd Filtering Commands::
2296 File: quagga.info, Node: Invoking ripngd, Next: ripngd Configuration, Up: RIPng
2301 There are no 'ripngd' specific invocation options. Common options can
2302 be specified (*note Common Invocation Options::).
2305 File: quagga.info, Node: ripngd Configuration, Next: ripngd Terminal Mode Commands, Prev: Invoking ripngd, Up: RIPng
2307 6.2 ripngd Configuration
2308 ========================
2310 Currently ripngd supports the following commands:
2312 -- Command: router ripng
2315 -- RIPng Command: flush_timer TIME
2318 -- RIPng Command: network NETWORK
2319 Set RIPng enabled interface by NETWORK
2321 -- RIPng Command: network IFNAME
2322 Set RIPng enabled interface by IFNAME
2324 -- RIPng Command: route NETWORK
2325 Set RIPng static routing announcement of NETWORK.
2327 -- Command: router zebra
2328 This command is the default and does not appear in the
2329 configuration. With this statement, RIPng routes go to the 'zebra'
2333 File: quagga.info, Node: ripngd Terminal Mode Commands, Next: ripngd Filtering Commands, Prev: ripngd Configuration, Up: RIPng
2335 6.3 ripngd Terminal Mode Commands
2336 =================================
2338 -- Command: show ip ripng
2340 -- Command: show debugging ripng
2342 -- Command: debug ripng events
2344 -- Command: debug ripng packet
2346 -- Command: debug ripng zebra
2349 File: quagga.info, Node: ripngd Filtering Commands, Prev: ripngd Terminal Mode Commands, Up: RIPng
2351 6.4 ripngd Filtering Commands
2352 =============================
2354 -- Command: distribute-list ACCESS_LIST (in|out) IFNAME
2355 You can apply an access-list to the interface using the
2356 'distribute-list' command. ACCESS_LIST is an access-list name.
2357 DIRECT is 'in' or 'out'. If DIRECT is 'in', the access-list is
2358 applied only to incoming packets.
2360 distribute-list local-only out sit1
2363 File: quagga.info, Node: OSPFv2, Next: OSPFv3, Prev: RIPng, Up: Top
2368 OSPF (Open Shortest Path First) version 2 is a routing protocol which is
2369 described in 'RFC2328, OSPF Version 2'. OSPF is an IGP (Interior
2370 Gateway Protocol). Compared with RIP, OSPF can provide scalable network
2371 support and faster convergence times. OSPF is widely used in large
2372 networks such as ISP (Internet Service Provider) backbone and enterprise
2377 * OSPF Fundamentals::
2378 * Configuring ospfd::
2382 * Redistribute routes to OSPF::
2383 * Showing OSPF information::
2385 * OSPF Traffic Engineering::
2386 * Router Information::
2388 * OSPF Configuration Examples::
2391 File: quagga.info, Node: OSPF Fundamentals, Next: Configuring ospfd, Up: OSPFv2
2393 7.1 OSPF Fundamentals
2394 =====================
2396 OSPF is, mostly, a link-state routing protocol. In contrast to
2397 "distance-vector" protocols, such as RIP or BGP, where routers describe
2398 available "paths" (i.e. routes) to each other, in "link-state"
2399 protocols routers instead describe the state of their links to their
2400 immediate neighbouring routers.
2402 Each router describes their link-state information in a message known
2403 as an LSA (Link State Advertisement), which is then propogated through
2404 to all other routers in a link-state routing domain, by a process called
2405 "flooding". Each router thus builds up an LSDB (Link State Database) of
2406 all the link-state messages. From this collection of LSAs in the LSDB,
2407 each router can then calculate the shortest path to any other router,
2408 based on some common metric, by using an algorithm such as Edgser
2409 Dijkstra (http://www.cs.utexas.edu/users/EWD/)'s SPF (Shortest Path
2412 By describing connectivity of a network in this way, in terms of
2413 routers and links rather than in terms of the paths through a network, a
2414 link-state protocol can use less bandwidth and converge more quickly
2415 than other protocols. A link-state protocol need distribute only one
2416 link-state message throughout the link-state domain when a link on any
2417 single given router changes state, in order for all routers to
2418 reconverge on the best paths through the network. In contrast, distance
2419 vector protocols can require a progression of different path update
2420 messages from a series of different routers in order to converge.
2422 The disadvantage to a link-state protocol is that the process of
2423 computing the best paths can be relatively intensive when compared to
2424 distance-vector protocols, in which near to no computation need be done
2425 other than (potentially) select between multiple routes. This overhead
2426 is mostly negligible for modern embedded CPUs, even for networks with
2427 thousands of nodes. The primary scaling overhead lies more in coping
2428 with the ever greater frequency of LSA updates as the size of a
2429 link-state area increases, in managing the LSDB and required flooding.
2431 This section aims to give a distilled, but accurate, description of
2432 the more important workings of OSPF which an administrator may need to
2433 know to be able best configure and trouble-shoot OSPF.
2435 7.1.1 OSPF Mechanisms
2436 ---------------------
2438 OSPF defines a range of mechanisms, concerned with detecting, describing
2439 and propogating state through a network. These mechanisms will nearly
2440 all be covered in greater detail further on. They may be broadly
2443 "The Hello Protocol"
2445 The OSPF Hello protocol allows OSPF to quickly detect changes in
2446 two-way reachability between routers on a link. OSPF can
2447 additionally avail of other sources of reachability information,
2448 such as link-state information provided by hardware, or through
2449 dedicated reachability protocols such as BFD (Bi-directional
2450 Forwarding Detection).
2452 OSPF also uses the Hello protocol to propagate certain state
2453 between routers sharing a link, for example:
2455 * Hello protocol configured state, such as the dead-interval.
2456 * Router priority, for DR/BDR election.
2457 * DR/BDR election results.
2458 * Any optional capabilities supported by each router.
2460 The Hello protocol is comparatively trivial and will not be
2461 explored in greater detail than here.
2465 At the heart of OSPF are LSA (Link State Advertisement) messages.
2466 Despite the name, some LSAs do not, strictly speaking, describe
2467 link-state information. Common LSAs describe information such as:
2469 * Routers, in terms of their links.
2470 * Networks, in terms of attached routers.
2471 * Routes, external to a link-state domain:
2475 Routes entirely external to OSPF. Routers originating
2476 such routes are known as ASBR (Autonomous-System Border
2481 Routes which summarise routing information relating to
2482 OSPF areas external to the OSPF link-state area at hand,
2483 originated by ABR (Area Boundary Router) routers.
2486 OSPF defines several related mechanisms, used to manage
2487 synchronisation of LSDBs between neighbours as neighbours form
2488 adjacencies and the propogation, or "flooding" of new or updated
2491 *Note OSPF Flooding::.
2494 OSPF provides for the protocol to be broken up into multiple
2495 smaller and independent link-state areas. Each area must be
2496 connected to a common backbone area by an ABR (Area Boundary
2497 Router). These ABR routers are responsible for summarising the
2498 link-state routing information of an area into "Summary LSAs",
2499 possibly in a condensed (i.e. aggregated) form, and then
2500 originating these summaries into all other areas the ABR is
2503 Note that only summaries and external routes are passed between
2504 areas. As these describe _paths_, rather than any router
2505 link-states, routing between areas hence is by "distance-vector",
2513 LSAs are the core object in OSPF. Everything else in OSPF revolves
2514 around detecting what to describe in LSAs, when to update them, how to
2515 flood them throughout a network and how to calculate routes from them.
2517 There are a variety of different LSAs, for purposes such as
2518 describing actual link-state information, describing paths (i.e.
2519 routes), describing bandwidth usage of links for TE (Traffic
2520 Engineering) purposes, and even arbitrary data by way of _Opaque_ LSAs.
2525 All LSAs share a common header with the following information:
2529 Different types of LSAs describe different things in OSPF. Types
2534 * Network Summary LSA
2535 * Router Summary LSA
2538 The specifics of the different types of LSA are examined below.
2540 * Advertising Router
2542 The Router ID of the router originating the LSA, see *note ospf
2547 The ID of the LSA, which is typically derived in some way from the
2548 information the LSA describes, e.g. a Router LSA uses the Router
2549 ID as the LSA ID, a Network LSA will have the IP address of the DR
2552 The combination of the Type, ID and Advertising Router ID must
2553 uniquely identify the LSA. There can however be multiple instances
2554 of an LSA with the same Type, LSA ID and Advertising Router ID, see
2555 *note LSA Sequence Number: OSPF LSA sequence number.
2559 A number to allow stale LSAs to, eventually, be purged by routers
2562 The value nominally is one of seconds. An age of 3600, i.e. 1
2563 hour, is called the "MaxAge". MaxAge LSAs are ignored in routing
2564 calculations. LSAs must be periodically refreshed by their
2565 Advertising Router before reaching MaxAge if they are to remain
2568 Routers may deliberately flood LSAs with the age artificially set
2569 to 3600 to indicate an LSA is no longer valid. This is called
2570 "flushing" of an LSA.
2572 It is not abnormal to see stale LSAs in the LSDB, this can occur
2573 where a router has shutdown without flushing its LSA(s), e.g.
2574 where it has become disconnected from the network. Such LSAs do
2579 A number used to distinguish newer instances of an LSA from older
2582 7.1.2.2 Link-State LSAs
2583 .......................
2585 Of all the various kinds of LSAs, just two types comprise the actual
2586 link-state part of OSPF, Router LSAs and Network LSAs. These LSA types
2587 are absolutely core to the protocol.
2589 Instances of these LSAs are specific to the link-state area in which
2590 they are originated. Routes calculated from these two LSA types are
2591 called "intra-area routes".
2595 Each OSPF Router must originate a router LSA to describe itself.
2596 In it, the router lists each of its OSPF enabled interfaces, for
2597 the given link-state area, in terms of:
2601 The output cost of that interface, scaled inversely to some
2602 commonly known reference value, *Note auto-cost
2603 reference-bandwidth: OSPF auto-cost reference-bandwidth.
2608 A link to a multi-access network, on which the router has
2609 at least one Full adjacency with another router.
2611 * PtP (Point-to-Point)
2613 A link to a single remote router, with a Full adjacency.
2614 No DR (Designated Router) is elected on such links; no
2615 network LSA is originated for such a link.
2619 A link with no adjacent neighbours, or a host route.
2623 These values depend on the Link Type:
2625 Link Type Link ID Link Data
2627 --------------------------------------------------------------
2628 Transit Link IP address of Interface IP address
2630 Point-to-PointRouter ID of the Local interface IP
2631 remote router address, or the
2633 interface index) for
2636 Stub IP address Subnet Mask
2639 Links on a router may be listed multiple times in the Router LSA,
2640 e.g. a PtP interface on which OSPF is enabled must _always_ be
2641 described by a Stub link in the Router LSA, in addition to being
2642 listed as PtP link in the Router LSA if the adjacency with the
2643 remote router is Full.
2645 Stub links may also be used as a way to describe links on which
2646 OSPF is _not_ spoken, known as "passive interfaces", see *note
2647 passive-interface: OSPF passive-interface.
2651 On multi-access links (e.g. ethernets, certain kinds of ATM and
2652 X.25 configurations), routers elect a DR. The DR is responsible
2653 for originating a Network LSA, which helps reduce the information
2654 needed to describe multi-access networks with multiple routers
2655 attached. The DR also acts as a hub for the flooding of LSAs on
2656 that link, thus reducing flooding overheads.
2658 The contents of the Network LSA describes the:
2662 As the LSA ID of a Network LSA must be the IP address of the
2663 DR, the Subnet Mask together with the LSA ID gives you the
2668 Each router fully-adjacent with the DR is listed in the LSA,
2669 by their Router-ID. This allows the corresponding Router LSAs
2670 to be easily retrieved from the LSDB.
2672 Summary of Link State LSAs:
2674 LSA Type LSA ID Describes LSA Data Describes
2676 --------------------------------------------------------------------
2677 Router LSA The Router ID The OSPF enabled links of
2678 the router, within a
2679 specific link-state area.
2681 Network LSA The IP address of the The Subnet Mask of the
2682 DR for the network network, and the Router IDs
2683 of all routers on the
2686 With an LSDB composed of just these two types of LSA, it is possible
2687 to construct a directed graph of the connectivity between all routers
2688 and networks in a given OSPF link-state area. So, not surprisingly,
2689 when OSPF routers build updated routing tables, the first stage of SPF
2690 calculation concerns itself only with these two LSA types.
2692 7.1.2.3 Link-State LSA Examples
2693 ...............................
2695 The example below (*note OSPF Link-State LSA Example::) shows two LSAs,
2696 both originated by the same router (Router ID 192.168.0.49) and with the
2697 same LSA ID (192.168.0.49), but of different LSA types.
2699 The first LSA being the router LSA describing 192.168.0.49's links: 2
2700 links to multi-access networks with fully-adjacent neighbours (i.e.
2701 Transit links) and 1 being a Stub link (no adjacent neighbours).
2703 The second LSA being a Network LSA, for which 192.168.0.49 is the DR,
2704 listing the Router IDs of 4 routers on that network which are fully
2705 adjacent with 192.168.0.49.
2707 # show ip ospf database router 192.168.0.49
2709 OSPF Router with ID (192.168.0.53)
2712 Router Link States (Area 0.0.0.0)
2715 Options: 0x2 : *|-|-|-|-|-|E|*
2719 Link State ID: 192.168.0.49
2720 Advertising Router: 192.168.0.49
2721 LS Seq Number: 80000f90
2726 Link connected to: a Transit Network
2727 (Link ID) Designated Router address: 192.168.1.3
2728 (Link Data) Router Interface address: 192.168.1.3
2729 Number of TOS metrics: 0
2732 Link connected to: a Transit Network
2733 (Link ID) Designated Router address: 192.168.0.49
2734 (Link Data) Router Interface address: 192.168.0.49
2735 Number of TOS metrics: 0
2738 Link connected to: Stub Network
2739 (Link ID) Net: 192.168.3.190
2740 (Link Data) Network Mask: 255.255.255.255
2741 Number of TOS metrics: 0
2743 # show ip ospf database network 192.168.0.49
2745 OSPF Router with ID (192.168.0.53)
2748 Net Link States (Area 0.0.0.0)
2751 Options: 0x2 : *|-|-|-|-|-|E|*
2753 LS Type: network-LSA
2754 Link State ID: 192.168.0.49 (address of Designated Router)
2755 Advertising Router: 192.168.0.49
2756 LS Seq Number: 80000074
2760 Attached Router: 192.168.0.49
2761 Attached Router: 192.168.0.52
2762 Attached Router: 192.168.0.53
2763 Attached Router: 192.168.0.54
2765 Note that from one LSA, you can find the other. E.g. Given the
2766 Network-LSA you have a list of Router IDs on that network, from which
2767 you can then look up, in the local LSDB, the matching Router LSA. From
2768 that Router-LSA you may (potentially) find links to other Transit
2769 networks and Routers IDs which can be used to lookup the corresponding
2770 Router or Network LSA. And in that fashion, one can find all the
2771 Routers and Networks reachable from that starting LSA.
2773 Given the Router LSA instead, you have the IP address of the DR of
2774 any attached transit links. Network LSAs will have that IP as their LSA
2775 ID, so you can then look up that Network LSA and from that find all the
2776 attached routers on that link, leading potentially to more links and
2777 Network and Router LSAs, etc. etc.
2779 From just the above two LSAs, one can already see the following
2783 --------------------- Network: ......
2784 | Designated Router IP: 192.168.1.3
2789 Router ID: 192.168.0.49(stub)---------- IP: 192.168.3.190/32
2790 (cost: 10) (cost: 39063)
2795 ------------------------------ Network: 192.168.0.48/29
2796 | | | Designated Router IP: 192.168.0.49
2798 | | Router ID: 192.168.0.54
2800 | Router ID: 192.168.0.53
2802 Router ID: 192.168.0.52
2804 Note the Router IDs, though they look like IP addresses and often are
2805 IP addresses, are not strictly speaking IP addresses, nor need they be
2806 reachable addresses (though, OSPF will calculate routes to Router IDs).
2808 7.1.2.4 External LSAs
2809 .....................
2811 External, or "Type 5", LSAs describe routing information which is
2812 entirely external to OSPF, and is "injected" into OSPF. Such routing
2813 information may have come from another routing protocol, such as RIP or
2814 BGP, they may represent static routes or they may represent a default
2817 An OSPF router which originates External LSAs is known as an ASBR (AS
2818 Boundary Router). Unlike the link-state LSAs, and most other LSAs,
2819 which are flooded only within the area in which they originate, External
2820 LSAs are flooded through-out the OSPF network to all areas capable of
2821 carrying External LSAs (*note OSPF Areas::).
2823 Routes internal to OSPF (intra-area or inter-area) are always
2824 preferred over external routes.
2826 The External LSA describes the following:
2830 The IP Network number of the route is described by the LSA ID
2835 The body of the External LSA describes the IP Network Mask of the
2836 route. This, together with the LSA ID, describes the prefix of the
2841 The cost of the External Route. This cost may be an OSPF cost
2842 (also known as a "Type 1" metric), i.e. equivalent to the normal
2843 OSPF costs, or an externally derived cost ("Type 2" metric) which
2844 is not comparable to OSPF costs and always considered larger than
2845 any OSPF cost. Where there are both Type 1 and 2 External routes
2846 for a route, the Type 1 is always preferred.
2848 * Forwarding Address
2850 The address of the router to forward packets to for the route.
2851 This may be, and usually is, left as 0 to specify that the ASBR
2852 originating the External LSA should be used. There must be an
2853 internal OSPF route to the forwarding address, for the forwarding
2854 address to be useable.
2858 An arbitrary 4-bytes of data, not interpreted by OSPF, which may
2859 carry whatever information about the route which OSPF speakers
2862 7.1.2.5 AS External LSA Example
2863 ...............................
2865 To illustrate, below is an example of an External LSA in the LSDB of an
2866 OSPF router. It describes a route to the IP prefix of 192.168.165.0/24,
2867 originated by the ASBR with Router-ID 192.168.0.49. The metric of 20 is
2868 external to OSPF. The forwarding address is 0, so the route should
2869 forward to the originating ASBR if selected.
2871 # show ip ospf database external 192.168.165.0
2873 Options: 0x2 : *|-|-|-|-|-|E|*
2875 LS Type: AS-external-LSA
2876 Link State ID: 192.168.165.0 (External Network Number)
2877 Advertising Router: 192.168.0.49
2878 LS Seq Number: 800001d8
2882 Metric Type: 2 (Larger than any link state path)
2885 Forward Address: 0.0.0.0
2886 External Route Tag: 0
2888 We can add this to our partial topology from above, which now looks
2890 --------------------- Network: ......
2891 | Designated Router IP: 192.168.1.3
2893 IP: 192.168.1.3 /---- External route: 192.168.165.0/24
2894 (transit link) / Cost: 20 (External metric)
2896 Router ID: 192.168.0.49(stub)---------- IP: 192.168.3.190/32
2897 (cost: 10) (cost: 39063)
2902 ------------------------------ Network: 192.168.0.48/29
2903 | | | Designated Router IP: 192.168.0.49
2905 | | Router ID: 192.168.0.54
2907 | Router ID: 192.168.0.53
2909 Router ID: 192.168.0.52
2911 7.1.2.6 Summary LSAs
2912 ....................
2914 Summary LSAs are created by ABRs to summarise the destinations available
2915 within one area to other areas. These LSAs may describe IP networks,
2916 potentially in aggregated form, or ASBR routers.
2925 File: quagga.info, Node: Configuring ospfd, Next: OSPF router, Prev: OSPF Fundamentals, Up: OSPFv2
2927 7.2 Configuring ospfd
2928 =====================
2930 There are no 'ospfd' specific options. Common options can be specified
2931 (*note Common Invocation Options::) to 'ospfd'. 'ospfd' needs to
2932 acquire interface information from 'zebra' in order to function.
2933 Therefore 'zebra' must be running before invoking 'ospfd'. Also, if
2934 'zebra' is restarted then 'ospfd' must be too.
2936 Like other daemons, 'ospfd' configuration is done in OSPF specific
2937 configuration file 'ospfd.conf'.
2940 File: quagga.info, Node: OSPF router, Next: OSPF area, Prev: Configuring ospfd, Up: OSPFv2
2945 To start OSPF process you have to specify the OSPF router. As of this
2946 writing, 'ospfd' does not support multiple OSPF processes.
2948 -- Command: router ospf
2949 -- Command: no router ospf
2950 Enable or disable the OSPF process. 'ospfd' does not yet support
2951 multiple OSPF processes. So you can not specify an OSPF process
2954 -- OSPF Command: ospf router-id A.B.C.D
2955 -- OSPF Command: no ospf router-id
2956 This sets the router-ID of the OSPF process. The router-ID may be
2957 an IP address of the router, but need not be - it can be any
2958 arbitrary 32bit number. However it MUST be unique within the
2959 entire OSPF domain to the OSPF speaker - bad things will happen if
2960 multiple OSPF speakers are configured with the same router-ID! If
2961 one is not specified then 'ospfd' will obtain a router-ID
2962 automatically from 'zebra'.
2964 -- OSPF Command: ospf abr-type TYPE
2965 -- OSPF Command: no ospf abr-type TYPE
2966 TYPE can be cisco|ibm|shortcut|standard. The "Cisco" and "IBM"
2967 types are equivalent.
2969 The OSPF standard for ABR behaviour does not allow an ABR to
2970 consider routes through non-backbone areas when its links to the
2971 backbone are down, even when there are other ABRs in attached
2972 non-backbone areas which still can reach the backbone - this
2973 restriction exists primarily to ensure routing-loops are avoided.
2975 With the "Cisco" or "IBM" ABR type, the default in this release of
2976 Quagga, this restriction is lifted, allowing an ABR to consider
2977 summaries learnt from other ABRs through non-backbone areas, and
2978 hence route via non-backbone areas as a last resort when, and only
2979 when, backbone links are down.
2981 Note that areas with fully-adjacent virtual-links are considered to
2982 be "transit capable" and can always be used to route backbone
2983 traffic, and hence are unaffected by this setting (*note OSPF
2986 More information regarding the behaviour controlled by this command
2987 can be found in 'RFC 3509, Alternative Implementations of OSPF Area
2988 Border Routers', and 'draft-ietf-ospf-shortcut-abr-02.txt'.
2990 Quote: "Though the definition of the ABR (Area Border Router) in
2991 the OSPF specification does not require a router with multiple
2992 attached areas to have a backbone connection, it is actually
2993 necessary to provide successful routing to the inter-area and
2994 external destinations. If this requirement is not met, all traffic
2995 destined for the areas not connected to such an ABR or out of the
2996 OSPF domain, is dropped. This document describes alternative ABR
2997 behaviors implemented in Cisco and IBM routers."
2999 -- OSPF Command: ospf rfc1583compatibility
3000 -- OSPF Command: no ospf rfc1583compatibility
3001 'RFC2328', the sucessor to 'RFC1583', suggests according to section
3002 G.2 (changes) in section 16.4 a change to the path preference
3003 algorithm that prevents possible routing loops that were possible
3004 in the old version of OSPFv2. More specifically it demands that
3005 inter-area paths and intra-area backbone path are now of equal
3006 preference but still both preferred to external paths.
3008 This command should NOT be set normally.
3010 -- OSPF Command: log-adjacency-changes [detail]
3011 -- OSPF Command: no log-adjacency-changes [detail]
3012 Configures ospfd to log changes in adjacency. With the optional
3013 detail argument, all changes in adjacency status are shown.
3014 Without detail, only changes to full or regressions are shown.
3016 -- OSPF Command: passive-interface INTERFACE
3017 -- OSPF Command: no passive-interface INTERFACE
3018 Do not speak OSPF interface on the given interface, but do
3019 advertise the interface as a stub link in the router-LSA (Link
3020 State Advertisement) for this router. This allows one to advertise
3021 addresses on such connected interfaces without having to originate
3022 AS-External/Type-5 LSAs (which have global flooding scope) - as
3023 would occur if connected addresses were redistributed into OSPF
3024 (*note Redistribute routes to OSPF::). This is the only way to
3025 advertise non-OSPF links into stub areas.
3027 -- OSPF Command: timers throttle spf DELAY INITIAL-HOLDTIME
3029 -- OSPF Command: no timers throttle spf
3030 This command sets the initial DELAY, the INITIAL-HOLDTIME and the
3031 MAXIMUM-HOLDTIME between when SPF is calculated and the event which
3032 triggered the calculation. The times are specified in milliseconds
3033 and must be in the range of 0 to 600000 milliseconds.
3035 The DELAY specifies the minimum amount of time to delay SPF
3036 calculation (hence it affects how long SPF calculation is delayed
3037 after an event which occurs outside of the holdtime of any previous
3038 SPF calculation, and also serves as a minimum holdtime).
3040 Consecutive SPF calculations will always be seperated by at least
3041 'hold-time' milliseconds. The hold-time is adaptive and initially
3042 is set to the INITIAL-HOLDTIME configured with the above command.
3043 Events which occur within the holdtime of the previous SPF
3044 calculation will cause the holdtime to be increased by
3045 INITIAL-HOLDTIME, bounded by the MAXIMUM-HOLDTIME configured with
3046 this command. If the adaptive hold-time elapses without any
3047 SPF-triggering event occuring then the current holdtime is reset to
3048 the INITIAL-HOLDTIME. The current holdtime can be viewed with
3049 *note show ip ospf::, where it is expressed as a multiplier of the
3053 timers throttle spf 200 400 10000
3055 In this example, the DELAY is set to 200ms, the INITIAL HOLDTIME is
3056 set to 400ms and the MAXIMUM HOLDTIME to 10s. Hence there will
3057 always be at least 200ms between an event which requires SPF
3058 calculation and the actual SPF calculation. Further consecutive
3059 SPF calculations will always be seperated by between 400ms to 10s,
3060 the hold-time increasing by 400ms each time an SPF-triggering event
3061 occurs within the hold-time of the previous SPF calculation.
3063 This command supercedes the 'timers spf' command in previous Quagga
3066 -- OSPF Command: max-metric router-lsa [on-startup|on-shutdown]
3068 -- OSPF Command: max-metric router-lsa administrative
3069 -- OSPF Command: no max-metric router-lsa
3070 [on-startup|on-shutdown|administrative]
3071 This enables 'RFC3137, OSPF Stub Router Advertisement' support,
3072 where the OSPF process describes its transit links in its
3073 router-LSA as having infinite distance so that other routers will
3074 avoid calculating transit paths through the router while still
3075 being able to reach networks through the router.
3077 This support may be enabled administratively (and indefinitely) or
3078 conditionally. Conditional enabling of max-metric router-lsas can
3079 be for a period of seconds after startup and/or for a period of
3080 seconds prior to shutdown.
3082 Enabling this for a period after startup allows OSPF to converge
3083 fully first without affecting any existing routes used by other
3084 routers, while still allowing any connected stub links and/or
3085 redistributed routes to be reachable. Enabling this for a period
3086 of time in advance of shutdown allows the router to gracefully
3087 excuse itself from the OSPF domain.
3089 Enabling this feature administratively allows for administrative
3090 intervention for whatever reason, for an indefinite period of time.
3091 Note that if the configuration is written to file, this
3092 administrative form of the stub-router command will also be written
3093 to file. If 'ospfd' is restarted later, the command will then take
3094 effect until manually deconfigured.
3096 Configured state of this feature as well as current status, such as
3097 the number of second remaining till on-startup or on-shutdown ends,
3098 can be viewed with the *note show ip ospf:: command.
3100 -- OSPF Command: auto-cost reference-bandwidth <1-4294967>
3101 -- OSPF Command: no auto-cost reference-bandwidth
3102 This sets the reference bandwidth for cost calculations, where this
3103 bandwidth is considered equivalent to an OSPF cost of 1, specified
3104 in Mbits/s. The default is 100Mbit/s (i.e. a link of bandwidth
3105 100Mbit/s or higher will have a cost of 1. Cost of lower bandwidth
3106 links will be scaled with reference to this cost).
3108 This configuration setting MUST be consistent across all routers
3109 within the OSPF domain.
3111 -- OSPF Command: network A.B.C.D/M area A.B.C.D
3112 -- OSPF Command: network A.B.C.D/M area <0-4294967295>
3113 -- OSPF Command: no network A.B.C.D/M area A.B.C.D
3114 -- OSPF Command: no network A.B.C.D/M area <0-4294967295>
3115 This command specifies the OSPF enabled interface(s). If the
3116 interface has an address from range 192.168.1.0/24 then the command
3117 below enables ospf on this interface so router can provide network
3118 information to the other ospf routers via this interface.
3121 network 192.168.1.0/24 area 0.0.0.0
3123 Prefix length in interface must be equal or bigger (ie. smaller
3124 network) than prefix length in network statement. For example
3125 statement above doesn't enable ospf on interface with address
3126 192.168.1.1/23, but it does on interface with address
3129 Note that the behavior when there is a peer address defined on an
3130 interface changed after release 0.99.7. Currently, if a peer
3131 prefix has been configured, then we test whether the prefix in the
3132 network command contains the destination prefix. Otherwise, we
3133 test whether the network command prefix contains the local address
3134 prefix of the interface.
3136 In some cases it may be more convenient to enable OSPF on a per
3137 interface/subnet basis (*note OSPF ip ospf area command::).
3140 File: quagga.info, Node: OSPF area, Next: OSPF interface, Prev: OSPF router, Up: OSPFv2
3145 -- OSPF Command: area A.B.C.D range A.B.C.D/M
3146 -- OSPF Command: area <0-4294967295> range A.B.C.D/M
3147 -- OSPF Command: no area A.B.C.D range A.B.C.D/M
3148 -- OSPF Command: no area <0-4294967295> range A.B.C.D/M
3149 Summarize intra area paths from specified area into one Type-3
3150 summary-LSA announced to other areas. This command can be used
3151 only in ABR and ONLY router-LSAs (Type-1) and network-LSAs (Type-2)
3152 (ie. LSAs with scope area) can be summarized. Type-5
3153 AS-external-LSAs can't be summarized - their scope is AS.
3154 Summarizing Type-7 AS-external-LSAs isn't supported yet by Quagga.
3157 network 192.168.1.0/24 area 0.0.0.0
3158 network 10.0.0.0/8 area 0.0.0.10
3159 area 0.0.0.10 range 10.0.0.0/8
3161 With configuration above one Type-3 Summary-LSA with routing info
3162 10.0.0.0/8 is announced into backbone area if area 0.0.0.10
3163 contains at least one intra-area network (ie. described with
3164 router or network LSA) from this range.
3166 -- OSPF Command: area A.B.C.D range IPV4_PREFIX not-advertise
3167 -- OSPF Command: no area A.B.C.D range IPV4_PREFIX not-advertise
3168 Instead of summarizing intra area paths filter them - ie. intra
3169 area paths from this range are not advertised into other areas.
3170 This command makes sense in ABR only.
3172 -- OSPF Command: area A.B.C.D range IPV4_PREFIX substitute IPV4_PREFIX
3173 -- OSPF Command: no area A.B.C.D range IPV4_PREFIX substitute
3175 Substitute summarized prefix with another prefix.
3178 network 192.168.1.0/24 area 0.0.0.0
3179 network 10.0.0.0/8 area 0.0.0.10
3180 area 0.0.0.10 range 10.0.0.0/8 substitute 11.0.0.0/8
3182 One Type-3 summary-LSA with routing info 11.0.0.0/8 is announced
3183 into backbone area if area 0.0.0.10 contains at least one
3184 intra-area network (ie. described with router-LSA or network-LSA)
3185 from range 10.0.0.0/8. This command makes sense in ABR only.
3187 -- OSPF Command: area A.B.C.D virtual-link A.B.C.D
3188 -- OSPF Command: area <0-4294967295> virtual-link A.B.C.D
3189 -- OSPF Command: no area A.B.C.D virtual-link A.B.C.D
3190 -- OSPF Command: no area <0-4294967295> virtual-link A.B.C.D
3192 -- OSPF Command: area A.B.C.D shortcut
3193 -- OSPF Command: area <0-4294967295> shortcut
3194 -- OSPF Command: no area A.B.C.D shortcut
3195 -- OSPF Command: no area <0-4294967295> shortcut
3196 Configure the area as Shortcut capable. See 'RFC3509'. This
3197 requires that the 'abr-type' be set to 'shortcut'.
3199 -- OSPF Command: area A.B.C.D stub
3200 -- OSPF Command: area <0-4294967295> stub
3201 -- OSPF Command: no area A.B.C.D stub
3202 -- OSPF Command: no area <0-4294967295> stub
3203 Configure the area to be a stub area. That is, an area where no
3204 router originates routes external to OSPF and hence an area where
3205 all external routes are via the ABR(s). Hence, ABRs for such an
3206 area do not need to pass AS-External LSAs (type-5s) or ASBR-Summary
3207 LSAs (type-4) into the area. They need only pass Network-Summary
3208 (type-3) LSAs into such an area, along with a default-route
3211 -- OSPF Command: area A.B.C.D stub no-summary
3212 -- OSPF Command: area <0-4294967295> stub no-summary
3213 -- OSPF Command: no area A.B.C.D stub no-summary
3214 -- OSPF Command: no area <0-4294967295> stub no-summary
3215 Prevents an 'ospfd' ABR from injecting inter-area summaries into
3216 the specified stub area.
3218 -- OSPF Command: area A.B.C.D default-cost <0-16777215>
3219 -- OSPF Command: no area A.B.C.D default-cost <0-16777215>
3220 Set the cost of default-summary LSAs announced to stubby areas.
3222 -- OSPF Command: area A.B.C.D export-list NAME
3223 -- OSPF Command: area <0-4294967295> export-list NAME
3224 -- OSPF Command: no area A.B.C.D export-list NAME
3225 -- OSPF Command: no area <0-4294967295> export-list NAME
3226 Filter Type-3 summary-LSAs announced to other areas originated from
3227 intra- area paths from specified area.
3230 network 192.168.1.0/24 area 0.0.0.0
3231 network 10.0.0.0/8 area 0.0.0.10
3232 area 0.0.0.10 export-list foo
3234 access-list foo permit 10.10.0.0/16
3235 access-list foo deny any
3237 With example above any intra-area paths from area 0.0.0.10 and from
3238 range 10.10.0.0/16 (for example 10.10.1.0/24 and 10.10.2.128/30)
3239 are announced into other areas as Type-3 summary-LSA's, but any
3240 others (for example 10.11.0.0/16 or 10.128.30.16/30) aren't.
3242 This command is only relevant if the router is an ABR for the
3245 -- OSPF Command: area A.B.C.D import-list NAME
3246 -- OSPF Command: area <0-4294967295> import-list NAME
3247 -- OSPF Command: no area A.B.C.D import-list NAME
3248 -- OSPF Command: no area <0-4294967295> import-list NAME
3249 Same as export-list, but it applies to paths announced into
3250 specified area as Type-3 summary-LSAs.
3252 -- OSPF Command: area A.B.C.D filter-list prefix NAME in
3253 -- OSPF Command: area A.B.C.D filter-list prefix NAME out
3254 -- OSPF Command: area <0-4294967295> filter-list prefix NAME in
3255 -- OSPF Command: area <0-4294967295> filter-list prefix NAME out
3256 -- OSPF Command: no area A.B.C.D filter-list prefix NAME in
3257 -- OSPF Command: no area A.B.C.D filter-list prefix NAME out
3258 -- OSPF Command: no area <0-4294967295> filter-list prefix NAME in
3259 -- OSPF Command: no area <0-4294967295> filter-list prefix NAME out
3260 Filtering Type-3 summary-LSAs to/from area using prefix lists.
3261 This command makes sense in ABR only.
3263 -- OSPF Command: area A.B.C.D authentication
3264 -- OSPF Command: area <0-4294967295> authentication
3265 -- OSPF Command: no area A.B.C.D authentication
3266 -- OSPF Command: no area <0-4294967295> authentication
3267 Specify that simple password authentication should be used for the
3270 -- OSPF Command: area A.B.C.D authentication message-digest
3271 -- OSPF Command: area <0-4294967295> authentication message-digest
3273 Specify that OSPF packets must be authenticated with MD5 HMACs
3274 within the given area. Keying material must also be configured on
3275 a per-interface basis (*note ip ospf message-digest-key::).
3277 MD5 authentication may also be configured on a per-interface basis
3278 (*note ip ospf authentication message-digest::). Such
3279 per-interface settings will override any per-area authentication
3283 File: quagga.info, Node: OSPF interface, Next: Redistribute routes to OSPF, Prev: OSPF area, Up: OSPFv2
3288 -- Interface Command: ip ospf area AREA [ADDR]
3289 -- Interface Command: no ip ospf area [ADDR]
3291 Enable OSPF on the interface, optionally restricted to just the IP
3292 address given by ADDR, putting it in the AREA area. Per interface
3293 area settings take precedence to network commands (*note OSPF
3296 If you have a lot of interfaces, and/or a lot of subnets, then
3297 enabling OSPF via this command may result in a slight performance
3300 -- Interface Command: ip ospf authentication-key AUTH_KEY
3301 -- Interface Command: no ip ospf authentication-key
3302 Set OSPF authentication key to a simple password. After setting
3303 AUTH_KEY, all OSPF packets are authenticated. AUTH_KEY has length
3306 Simple text password authentication is insecure and deprecated in
3307 favour of MD5 HMAC authentication (*note ip ospf authentication
3310 -- Interface Command: ip ospf authentication message-digest
3311 Specify that MD5 HMAC authentication must be used on this
3312 interface. MD5 keying material must also be configured (*note ip
3313 ospf message-digest-key::). Overrides any authentication enabled
3314 on a per-area basis (*note area authentication message-digest::).
3316 Note that OSPF MD5 authentication requires that time never go
3317 backwards (correct time is NOT important, only that it never goes
3318 backwards), even across resets, if ospfd is to be able to promptly
3319 reestabish adjacencies with its neighbours after restarts/reboots.
3320 The host should have system time be set at boot from an external or
3321 non-volatile source (eg battery backed clock, NTP, etc.) or else
3322 the system clock should be periodically saved to non-volative
3323 storage and restored at boot if MD5 authentication is to be
3324 expected to work reliably.
3326 -- Interface Command: ip ospf message-digest-key KEYID md5 KEY
3327 -- Interface Command: no ip ospf message-digest-key
3328 Set OSPF authentication key to a cryptographic password. The
3329 cryptographic algorithm is MD5.
3331 KEYID identifies secret key used to create the message digest.
3332 This ID is part of the protocol and must be consistent across
3335 KEY is the actual message digest key, of up to 16 chars (larger
3336 strings will be truncated), and is associated with the given KEYID.
3338 -- Interface Command: ip ospf cost <1-65535>
3339 -- Interface Command: no ip ospf cost
3340 Set link cost for the specified interface. The cost value is set
3341 to router-LSA's metric field and used for SPF calculation.
3343 -- Interface Command: ip ospf dead-interval <1-65535>
3344 -- Interface Command: ip ospf dead-interval minimal hello-multiplier
3346 -- Interface Command: no ip ospf dead-interval
3347 Set number of seconds for RouterDeadInterval timer value used for
3348 Wait Timer and Inactivity Timer. This value must be the same for
3349 all routers attached to a common network. The default value is 40
3352 If 'minimal' is specified instead, then the dead-interval is set to
3353 1 second and one must specify a hello-multiplier. The
3354 hello-multiplier specifies how many Hellos to send per second, from
3355 2 (every 500ms) to 20 (every 50ms). Thus one can have 1s
3356 convergence time for OSPF. If this form is specified, then the
3357 hello-interval advertised in Hello packets is set to 0 and the
3358 hello-interval on received Hello packets is not checked, thus the
3359 hello-multiplier need NOT be the same across multiple routers on a
3362 -- Interface Command: ip ospf hello-interval <1-65535>
3363 -- Interface Command: no ip ospf hello-interval
3364 Set number of seconds for HelloInterval timer value. Setting this
3365 value, Hello packet will be sent every timer value seconds on the
3366 specified interface. This value must be the same for all routers
3367 attached to a common network. The default value is 10 seconds.
3369 This command has no effect if *note ip ospf dead-interval minimal::
3370 is also specified for the interface.
3372 -- Interface Command: ip ospf network
3373 (broadcast|non-broadcast|point-to-multipoint|point-to-point)
3374 -- Interface Command: no ip ospf network
3375 Set explicitly network type for specifed interface.
3377 -- Interface Command: ip ospf priority <0-255>
3378 -- Interface Command: no ip ospf priority
3379 Set RouterPriority integer value. The router with the highest
3380 priority will be more eligible to become Designated Router.
3381 Setting the value to 0, makes the router ineligible to become
3382 Designated Router. The default value is 1.
3384 -- Interface Command: ip ospf retransmit-interval <1-65535>
3385 -- Interface Command: no ip ospf retransmit interval
3386 Set number of seconds for RxmtInterval timer value. This value is
3387 used when retransmitting Database Description and Link State
3388 Request packets. The default value is 5 seconds.
3390 -- Interface Command: ip ospf transmit-delay
3391 -- Interface Command: no ip ospf transmit-delay
3392 Set number of seconds for InfTransDelay value. LSAs' age should be
3393 incremented by this value when transmitting. The default value is
3397 File: quagga.info, Node: Redistribute routes to OSPF, Next: Showing OSPF information, Prev: OSPF interface, Up: OSPFv2
3399 7.6 Redistribute routes to OSPF
3400 ===============================
3402 -- OSPF Command: redistribute (kernel|connected|static|rip|bgp)
3403 -- OSPF Command: redistribute (kernel|connected|static|rip|bgp)
3405 -- OSPF Command: redistribute (kernel|connected|static|rip|bgp)
3407 -- OSPF Command: redistribute (kernel|connected|static|rip|bgp)
3408 metric-type (1|2) route-map WORD
3409 -- OSPF Command: redistribute (kernel|connected|static|rip|bgp) metric
3411 -- OSPF Command: redistribute (kernel|connected|static|rip|bgp) metric
3412 <0-16777214> route-map WORD
3413 -- OSPF Command: redistribute (kernel|connected|static|rip|bgp)
3414 metric-type (1|2) metric <0-16777214>
3415 -- OSPF Command: redistribute (kernel|connected|static|rip|bgp)
3416 metric-type (1|2) metric <0-16777214> route-map WORD
3417 -- OSPF Command: no redistribute (kernel|connected|static|rip|bgp)
3418 Redistribute routes of the specified protocol or kind into OSPF,
3419 with the metric type and metric set if specified, filtering the
3420 routes using the given route-map if specified. Redistributed
3421 routes may also be filtered with distribute-lists, see *note ospf
3424 Redistributed routes are distributed as into OSPF as Type-5
3425 External LSAs into links to areas that accept external routes,
3426 Type-7 External LSAs for NSSA areas and are not redistributed at
3427 all into Stub areas, where external routes are not permitted.
3429 Note that for connected routes, one may instead use
3430 "passive-interface", see *note OSPF passive-interface::.
3432 -- OSPF Command: default-information originate
3433 -- OSPF Command: default-information originate metric <0-16777214>
3434 -- OSPF Command: default-information originate metric <0-16777214>
3436 -- OSPF Command: default-information originate metric <0-16777214>
3437 metric-type (1|2) route-map WORD
3438 -- OSPF Command: default-information originate always
3439 -- OSPF Command: default-information originate always metric
3441 -- OSPF Command: default-information originate always metric
3442 <0-16777214> metric-type (1|2)
3443 -- OSPF Command: default-information originate always metric
3444 <0-16777214> metric-type (1|2) route-map WORD
3445 -- OSPF Command: no default-information originate
3446 Originate an AS-External (type-5) LSA describing a default route
3447 into all external-routing capable areas, of the specified metric
3448 and metric type. If the 'always' keyword is given then the default
3449 is always advertised, even when there is no default present in the
3452 -- OSPF Command: distribute-list NAME out
3453 (kernel|connected|static|rip|ospf
3454 -- OSPF Command: no distribute-list NAME out
3455 (kernel|connected|static|rip|ospf
3456 Apply the access-list filter, NAME, to redistributed routes of the
3457 given type before allowing the routes to redistributed into OSPF
3458 (*note OSPF redistribute::).
3460 -- OSPF Command: default-metric <0-16777214>
3461 -- OSPF Command: no default-metric
3463 -- OSPF Command: distance <1-255>
3464 -- OSPF Command: no distance <1-255>
3466 -- OSPF Command: distance ospf (intra-area|inter-area|external) <1-255>
3467 -- OSPF Command: no distance ospf
3470 File: quagga.info, Node: Showing OSPF information, Next: Opaque LSA, Prev: Redistribute routes to OSPF, Up: OSPFv2
3472 7.7 Showing OSPF information
3473 ============================
3475 -- Command: show ip ospf
3476 Show information on a variety of general OSPF and area state and
3477 configuration information.
3479 -- Command: show ip ospf interface [INTERFACE]
3480 Show state and configuration of OSPF the specified interface, or
3481 all interfaces if no interface is given.
3483 -- Command: show ip ospf neighbor
3484 -- Command: show ip ospf neighbor INTERFACE
3485 -- Command: show ip ospf neighbor detail
3486 -- Command: show ip ospf neighbor INTERFACE detail
3488 -- Command: show ip ospf database
3489 -- Command: show ip ospf database asbr-summary
3490 -- Command: show ip ospf database external
3491 -- Command: show ip ospf database network
3492 -- Command: show ip ospf database asbr-router
3493 -- Command: show ip ospf database summary
3494 -- Command: show ip ospf database ... LINK-STATE-ID
3495 -- Command: show ip ospf database ... LINK-STATE-ID adv-router
3497 -- Command: show ip ospf database ... adv-router ADV-ROUTER
3498 -- Command: show ip ospf database ... LINK-STATE-ID self-originate
3499 -- Command: show ip ospf database ... self-originate
3501 -- Command: show ip ospf database max-age
3503 -- Command: show ip ospf database self-originate
3505 -- Command: show ip ospf route
3506 Show the OSPF routing table, as determined by the most recent SPF
3510 File: quagga.info, Node: Opaque LSA, Next: OSPF Traffic Engineering, Prev: Showing OSPF information, Up: OSPFv2
3515 -- OSPF Command: ospf opaque-lsa
3516 -- OSPF Command: capability opaque
3517 -- OSPF Command: no ospf opaque-lsa
3518 -- OSPF Command: no capability opaque
3519 'ospfd' support Opaque LSA (RFC2370) as fondment for MPLS Traffic
3520 Engineering LSA. Prior to used MPLS TE, opaque-lsa must be enable
3521 in the configuration file. Alternate command could be "mpls-te on"
3522 (*note OSPF Traffic Engineering::).
3524 -- Command: show ip ospf database
3525 (opaque-link|opaque-area|opaque-external)
3526 -- Command: show ip ospf database
3527 (opaque-link|opaque-area|opaque-external) LINK-STATE-ID
3528 -- Command: show ip ospf database
3529 (opaque-link|opaque-area|opaque-external) LINK-STATE-ID
3530 adv-router ADV-ROUTER
3531 -- Command: show ip ospf database
3532 (opaque-link|opaque-area|opaque-external) adv-router
3534 -- Command: show ip ospf database
3535 (opaque-link|opaque-area|opaque-external) LINK-STATE-ID
3537 -- Command: show ip ospf database
3538 (opaque-link|opaque-area|opaque-external) self-originate
3539 Show Opaque LSA from the database.
3542 File: quagga.info, Node: OSPF Traffic Engineering, Next: Router Information, Prev: Opaque LSA, Up: OSPFv2
3544 7.9 Traffic Engineering
3545 =======================
3547 -- OSPF Command: mpls-te on
3548 -- OSPF Command: no mpls-te
3549 Enable Traffic Engineering LSA flooding.
3551 -- OSPF Command: mpls-te router-address <A.B.C.D>
3552 -- OSPF Command: no mpls-te
3553 Configure stable IP address for MPLS-TE. This IP address is then
3554 advertise in Opaque LSA Type-10 TLV=1 (TE) option 1
3557 -- OSPF Command: mpls-te inter-as area <area-id>|as
3558 -- OSPF Command: no mpls-te inter-as
3559 Enable RFC5392 suuport - Inter-AS TE v2 - to flood Traffic
3560 Engineering parameters of Inter-AS link. 2 modes are supported:
3561 AREA and AS; LSA are flood in AREA <area-id> with Opaque Type-10,
3562 respectively in AS with Opaque Type-11. In all case, Opaque-LSA
3565 -- Command: show ip ospf mpls-te interface
3566 -- Command: show ip ospf mpls-te interface INTERFACE
3567 Show MPLS Traffic Engineering parameters for all or specified
3570 -- Command: show ip ospf mpls-te router
3571 Show Traffic Engineering router parameters.
3574 File: quagga.info, Node: Router Information, Next: Debugging OSPF, Prev: OSPF Traffic Engineering, Up: OSPFv2
3576 7.10 Router Information
3577 =======================
3579 -- OSPF Command: router-info [as | area <A.B.C.D>]
3580 -- OSPF Command: no router-info
3581 Enable Router Information (RFC4970) LSA advertisement with AS scope
3582 (default) or Area scope flooding when area is specified.
3584 -- OSPF Command: pce address <A.B.C.D>
3585 -- OSPF Command: no pce address
3586 -- OSPF Command: pce domain as <0-65535>
3587 -- OSPF Command: no pce domain as <0-65535>
3588 -- OSPF Command: pce neighbor as <0-65535>
3589 -- OSPF Command: no pce neighbor as <0-65535>
3590 -- OSPF Command: pce flag BITPATTERN
3591 -- OSPF Command: no pce flag
3592 -- OSPF Command: pce scope BITPATTERN
3593 -- OSPF Command: no pce scope
3594 The commands are conform to RFC 5088 and allow OSPF router announce
3595 Path Compuatation Elemenent (PCE) capabilities through the Router
3596 Information (RI) LSA. Router Information must be enable prior to
3597 this. The command set/unset respectively the PCE IP adress,
3598 Autonomous System (AS) numbers of controlled domains, neighbor ASs,
3599 flag and scope. For flag and scope, please refer to RFC5088 for
3600 the BITPATTERN recognition. Multiple 'pce neighbor' command could
3601 be specified in order to specify all PCE neighbours.
3603 -- Command: show ip ospf router-info
3604 Show Router Capabilities flag.
3605 -- Command: show ip ospf router-info pce
3606 Show Router Capabilities PCE parameters.
3609 File: quagga.info, Node: Debugging OSPF, Next: OSPF Configuration Examples, Prev: Router Information, Up: OSPFv2
3614 -- Command: debug ospf packet
3615 (hello|dd|ls-request|ls-update|ls-ack|all) (send|recv)
3617 -- Command: no debug ospf packet
3618 (hello|dd|ls-request|ls-update|ls-ack|all) (send|recv)
3620 Dump Packet for debugging
3622 -- Command: debug ospf ism
3623 -- Command: debug ospf ism (status|events|timers)
3624 -- Command: no debug ospf ism
3625 -- Command: no debug ospf ism (status|events|timers)
3626 Show debug information of Interface State Machine
3628 -- Command: debug ospf nsm
3629 -- Command: debug ospf nsm (status|events|timers)
3630 -- Command: no debug ospf nsm
3631 -- Command: no debug ospf nsm (status|events|timers)
3632 Show debug information of Network State Machine
3634 -- Command: debug ospf event
3635 -- Command: no debug ospf event
3636 Show debug information of OSPF event
3638 -- Command: debug ospf nssa
3639 -- Command: no debug ospf nssa
3640 Show debug information about Not So Stub Area
3642 -- Command: debug ospf lsa
3643 -- Command: debug ospf lsa (generate|flooding|refresh)
3644 -- Command: no debug ospf lsa
3645 -- Command: no debug ospf lsa (generate|flooding|refresh)
3646 Show debug detail of Link State messages
3648 -- Command: debug ospf te
3649 -- Command: no debug ospf te
3650 Show debug information about Traffic Engineering LSA
3652 -- Command: debug ospf zebra
3653 -- Command: debug ospf zebra (interface|redistribute)
3654 -- Command: no debug ospf zebra
3655 -- Command: no debug ospf zebra (interface|redistribute)
3656 Show debug information of ZEBRA API
3658 -- Command: show debugging ospf
3661 File: quagga.info, Node: OSPF Configuration Examples, Prev: Debugging OSPF, Up: OSPFv2
3663 7.12 OSPF Configuration Examples
3664 ================================
3666 A simple example, with MD5 authentication enabled:
3670 ip ospf authentication message-digest
3671 ip ospf message-digest-key 1 md5 ABCDEFGHIJK
3674 network 192.168.0.0/16 area 0.0.0.1
3675 area 0.0.0.1 authentication message-digest
3677 An ABR router, with MD5 authentication and performing summarisation
3678 of networks between the areas:
3682 log file /var/log/quagga/ospfd.log
3683 service advanced-vty
3686 ip ospf authentication message-digest
3687 ip ospf message-digest-key 1 md5 ABCDEFGHIJK
3692 ip ospf authentication message-digest
3693 ip ospf message-digest-key 2 md5 XYZ12345
3696 ospf router-id 192.168.0.1
3697 redistribute connected
3698 passive interface ppp0
3699 network 192.168.0.0/24 area 0.0.0.0
3700 network 10.0.0.0/16 area 0.0.0.0
3701 network 192.168.1.0/24 area 0.0.0.1
3702 area 0.0.0.0 authentication message-digest
3703 area 0.0.0.0 range 10.0.0.0/16
3704 area 0.0.0.0 range 192.168.0.0/24
3705 area 0.0.0.1 authentication message-digest
3706 area 0.0.0.1 range 10.2.0.0/16
3709 A Traffic Engineering configuration, with Inter-ASv2 support.
3711 - First, the 'zebra.conf' part:
3715 log file /var/log/zebra.log
3718 ip address 198.168.1.1/24
3720 mpls-te link metric 10
3721 mpls-te link max-bw 1.25e+06
3722 mpls-te link max-rsv-bw 1.25e+06
3723 mpls-te link unrsv-bw 0 1.25e+06
3724 mpls-te link unrsv-bw 1 1.25e+06
3725 mpls-te link unrsv-bw 2 1.25e+06
3726 mpls-te link unrsv-bw 3 1.25e+06
3727 mpls-te link unrsv-bw 4 1.25e+06
3728 mpls-te link unrsv-bw 5 1.25e+06
3729 mpls-te link unrsv-bw 6 1.25e+06
3730 mpls-te link unrsv-bw 7 1.25e+06
3731 mpls-te link rsc-clsclr 0xab
3734 ip address 192.168.2.1/24
3736 mpls-te link metric 10
3737 mpls-te link max-bw 1.25e+06
3738 mpls-te link max-rsv-bw 1.25e+06
3739 mpls-te link unrsv-bw 0 1.25e+06
3740 mpls-te link unrsv-bw 1 1.25e+06
3741 mpls-te link unrsv-bw 2 1.25e+06
3742 mpls-te link unrsv-bw 3 1.25e+06
3743 mpls-te link unrsv-bw 4 1.25e+06
3744 mpls-te link unrsv-bw 5 1.25e+06
3745 mpls-te link unrsv-bw 6 1.25e+06
3746 mpls-te link unrsv-bw 7 1.25e+06
3747 mpls-te link rsc-clsclr 0xab
3748 mpls-te neighbor 192.168.2.2 as 65000
3750 - Then the 'ospfd.conf' itself:
3754 log file /var/log/ospfd.log
3758 ip ospf hello-interval 60
3759 ip ospf dead-interval 240
3762 ip ospf hello-interval 60
3763 ip ospf dead-interval 240
3767 ospf router-id 192.168.1.1
3768 network 192.168.0.0/16 area 1
3771 mpls-te router-address 192.168.1.1
3772 mpls-te inter-as area 1
3776 A router information example with PCE advsertisement:
3780 ospf router-id 192.168.1.1
3781 network 192.168.0.0/16 area 1
3784 mpls-te router-address 192.168.1.1
3785 router-info area 0.0.0.1
3786 pce address 192.168.1.1
3789 pce neighbor as 65500
3790 pce neighbor as 65200
3795 File: quagga.info, Node: OSPFv3, Next: ISIS, Prev: OSPFv2, Up: Top
3800 'ospf6d' is a daemon support OSPF version 3 for IPv6 network. OSPF for
3801 IPv6 is described in RFC2740.
3808 * Redistribute routes to OSPF6::
3809 * Showing OSPF6 information::
3810 * OSPF6 Configuration Examples::
3813 File: quagga.info, Node: OSPF6 router, Next: OSPF6 area, Up: OSPFv3
3818 -- Command: router ospf6
3820 -- OSPF6 Command: router-id A.B.C.D
3821 Set router's Router-ID.
3823 -- OSPF6 Command: interface IFNAME area AREA
3824 Bind interface to specified area, and start sending OSPF packets.
3825 AREA can be specified as 0.
3827 -- OSPF6 Command: timers throttle spf DELAY INITIAL-HOLDTIME
3829 -- OSPF6 Command: no timers throttle spf
3830 This command sets the initial DELAY, the INITIAL-HOLDTIME and the
3831 MAXIMUM-HOLDTIME between when SPF is calculated and the event which
3832 triggered the calculation. The times are specified in milliseconds
3833 and must be in the range of 0 to 600000 milliseconds.
3835 The DELAY specifies the minimum amount of time to delay SPF
3836 calculation (hence it affects how long SPF calculation is delayed
3837 after an event which occurs outside of the holdtime of any previous
3838 SPF calculation, and also serves as a minimum holdtime).
3840 Consecutive SPF calculations will always be seperated by at least
3841 'hold-time' milliseconds. The hold-time is adaptive and initially
3842 is set to the INITIAL-HOLDTIME configured with the above command.
3843 Events which occur within the holdtime of the previous SPF
3844 calculation will cause the holdtime to be increased by
3845 INITIAL-HOLDTIME, bounded by the MAXIMUM-HOLDTIME configured with
3846 this command. If the adaptive hold-time elapses without any
3847 SPF-triggering event occuring then the current holdtime is reset to
3848 the INITIAL-HOLDTIME.
3851 timers throttle spf 200 400 10000
3853 In this example, the DELAY is set to 200ms, the INITIAL HOLDTIME is
3854 set to 400ms and the MAXIMUM HOLDTIME to 10s. Hence there will
3855 always be at least 200ms between an event which requires SPF
3856 calculation and the actual SPF calculation. Further consecutive
3857 SPF calculations will always be seperated by between 400ms to 10s,
3858 the hold-time increasing by 400ms each time an SPF-triggering event
3859 occurs within the hold-time of the previous SPF calculation.
3861 -- OSPF6 Command: auto-cost reference-bandwidth COST
3862 -- OSPF6 Command: no auto-cost reference-bandwidth
3863 This sets the reference bandwidth for cost calculations, where this
3864 bandwidth is considered equivalent to an OSPF cost of 1, specified
3865 in Mbits/s. The default is 100Mbit/s (i.e. a link of bandwidth
3866 100Mbit/s or higher will have a cost of 1. Cost of lower bandwidth
3867 links will be scaled with reference to this cost).
3869 This configuration setting MUST be consistent across all routers
3870 within the OSPF domain.
3873 File: quagga.info, Node: OSPF6 area, Next: OSPF6 interface, Prev: OSPF6 router, Up: OSPFv3
3878 Area support for OSPFv3 is not yet implemented.
3881 File: quagga.info, Node: OSPF6 interface, Next: Redistribute routes to OSPF6, Prev: OSPF6 area, Up: OSPFv3
3886 -- Interface Command: ipv6 ospf6 cost COST
3887 Sets interface's output cost. Default value depends on the
3888 interface bandwidth and on the auto-cost reference bandwidth.
3890 -- Interface Command: ipv6 ospf6 hello-interval HELLOINTERVAL
3891 Sets interface's Hello Interval. Default 40
3893 -- Interface Command: ipv6 ospf6 dead-interval DEADINTERVAL
3894 Sets interface's Router Dead Interval. Default value is 40.
3896 -- Interface Command: ipv6 ospf6 retransmit-interval RETRANSMITINTERVAL
3897 Sets interface's Rxmt Interval. Default value is 5.
3899 -- Interface Command: ipv6 ospf6 priority PRIORITY
3900 Sets interface's Router Priority. Default value is 1.
3902 -- Interface Command: ipv6 ospf6 transmit-delay TRANSMITDELAY
3903 Sets interface's Inf-Trans-Delay. Default value is 1.
3905 -- Interface Command: ipv6 ospf6 network (broadcast|point-to-point)
3906 Set explicitly network type for specifed interface.
3909 File: quagga.info, Node: Redistribute routes to OSPF6, Next: Showing OSPF6 information, Prev: OSPF6 interface, Up: OSPFv3
3911 8.4 Redistribute routes to OSPF6
3912 ================================
3914 -- OSPF6 Command: redistribute static
3915 -- OSPF6 Command: redistribute connected
3916 -- OSPF6 Command: redistribute ripng
3919 File: quagga.info, Node: Showing OSPF6 information, Next: OSPF6 Configuration Examples, Prev: Redistribute routes to OSPF6, Up: OSPFv3
3921 8.5 Showing OSPF6 information
3922 =============================
3924 -- Command: show ipv6 ospf6 [INSTANCE_ID]
3925 INSTANCE_ID is an optional OSPF instance ID. To see router ID and
3926 OSPF instance ID, simply type "show ipv6 ospf6 <cr>".
3928 -- Command: show ipv6 ospf6 database
3929 This command shows LSA database summary. You can specify the type
3932 -- Command: show ipv6 ospf6 interface
3933 To see OSPF interface configuration like costs.
3935 -- Command: show ipv6 ospf6 neighbor
3936 Shows state and chosen (Backup) DR of neighbor.
3938 -- Command: show ipv6 ospf6 request-list A.B.C.D
3939 Shows requestlist of neighbor.
3941 -- Command: show ipv6 route ospf6
3942 This command shows internal routing table.
3945 File: quagga.info, Node: OSPF6 Configuration Examples, Prev: Showing OSPF6 information, Up: OSPFv3
3947 8.6 OSPF6 Configuration Examples
3948 ================================
3950 Example of ospf6d configured on one interface and area:
3953 ipv6 ospf6 instance-id 0
3956 router-id 212.17.55.53
3957 area 0.0.0.0 range 2001:770:105:2::/64
3958 interface eth0 area 0.0.0.0
3962 File: quagga.info, Node: ISIS, Next: NHRP, Prev: OSPFv3, Up: Top
3967 ISIS (Intermediate System to Intermediate System) is a routing protocol
3968 which is described in 'ISO10589, RFC1195, RFC5308'. ISIS is an IGP
3969 (Interior Gateway Protocol). Compared with RIP, ISIS can provide
3970 scalable network support and faster convergence times like OSPF. ISIS
3971 is widely used in large networks such as ISP (Internet Service Provider)
3972 and carrier backbone networks.
3976 * Configuring isisd::
3981 * Showing ISIS information::
3982 * ISIS Traffic Engineering::
3984 * ISIS Configuration Examples::
3987 File: quagga.info, Node: Configuring isisd, Next: ISIS router, Up: ISIS
3989 9.1 Configuring isisd
3990 =====================
3992 There are no 'isisd' specific options. Common options can be specified
3993 (*note Common Invocation Options::) to 'isisd'. 'isisd' needs to
3994 acquire interface information from 'zebra' in order to function.
3995 Therefore 'zebra' must be running before invoking 'isisd'. Also, if
3996 'zebra' is restarted then 'isisd' must be too.
3998 Like other daemons, 'isisd' configuration is done in ISIS specific
3999 configuration file 'isisd.conf'.
4002 File: quagga.info, Node: ISIS router, Next: ISIS Timer, Prev: Configuring isisd, Up: ISIS
4007 To start ISIS process you have to specify the ISIS router. As of this
4008 writing, 'isisd' does not support multiple ISIS processes.
4010 -- Command: router isis WORD
4011 -- Command: no router isis WORD
4012 Enable or disable the ISIS process by specifying the ISIS domain
4013 with 'WORD'. 'isisd' does not yet support multiple ISIS processes
4014 but you must specify the name of ISIS process. The ISIS process
4015 name 'WORD' is then used for interface (see command *note ip router
4018 -- ISIS Command: net XX.XXXX. ... .XXX.XX
4019 -- ISIS Command: no net XX.XXXX. ... .XXX.XX
4020 Set/Unset network entity title (NET) provided in ISO format.
4022 -- ISIS Command: hostname dynamic
4023 -- ISIS Command: no hostname dynamic
4024 Enable support for dynamic hostname.
4026 -- ISIS Command: area-password [clear | md5] <password>
4027 -- ISIS Command: domain-password [clear | md5] <password>
4028 -- ISIS Command: no area-password
4029 -- ISIS Command: no domain-password
4030 Configure the authentication password for an area, respectively a
4031 domain, as clear text or md5 one.
4033 -- ISIS Command: log-adjacency-changes
4034 -- ISIS Command: no log-adjacency-changes
4035 Log changes in adjacency state.
4037 -- ISIS Command: metric-style [narrow | transition | wide]
4038 -- ISIS Command: no metric-style
4039 Set old-style (ISO 10589) or new-style packet formats: - narrow Use
4040 old style of TLVs with narrow metric - transition Send and accept
4041 both styles of TLVs during transition - wide Use new style of TLVs
4042 to carry wider metric
4044 -- ISIS Command: set-overload-bit
4045 -- ISIS Command: no set-overload-bit
4046 Set overload bit to avoid any transit traffic.
4049 File: quagga.info, Node: ISIS Timer, Next: ISIS region, Prev: ISIS router, Up: ISIS
4054 -- ISIS Command: lsp-gen-interval <1-120>
4055 -- ISIS Command: lsp-gen-interval [level-1 | level-2] <1-120>
4056 -- ISIS Command: no lsp-gen-interval
4057 -- ISIS Command: no lsp-gen-interval [level-1 | level-2]
4058 Set minimum interval in seconds between regenerating same LSP,
4059 globally, for an area (level-1) or a domain (level-2).
4061 -- ISIS Command: lsp-refresh-interval <1-65235>
4062 -- ISIS Command: lsp-refresh-interval [level-1 | level-2] <1-65235>
4063 -- ISIS Command: no lsp-refresh-interval
4064 -- ISIS Command: no lsp-refresh-interval [level-1 | level-2]
4065 Set LSP refresh interval in seconds, globally, for an area
4066 (level-1) or a domain (level-2).
4068 -- ISIS Command: lsp-refresh-interval <1-65235>
4069 -- ISIS Command: lsp-refresh-interval [level-1 | level-2] <1-65235>
4070 -- ISIS Command: no lsp-refresh-interval
4071 -- ISIS Command: no lsp-refresh-interval [level-1 | level-2]
4072 Set LSP refresh interval in seconds, globally, for an area
4073 (level-1) or a domain (level-2).
4075 -- ISIS Command: max-lsp-lifetime <360-65535>
4076 -- ISIS Command: max-lsp-lifetime [level-1 | level-2] <360-65535>
4077 -- ISIS Command: no max-lsp-lifetime
4078 -- ISIS Command: no max-lsp-lifetime [level-1 | level-2]
4079 Set LSP maximum LSP lifetime in seconds, globally, for an area
4080 (level-1) or a domain (level-2).
4082 -- ISIS Command: spf-interval <1-120>
4083 -- ISIS Command: spf-interval [level-1 | level-2] <1-120>
4084 -- ISIS Command: no spf-interval
4085 -- ISIS Command: no spf-interval [level-1 | level-2]
4086 Set minimum interval between consecutive SPF calculations in
4090 File: quagga.info, Node: ISIS region, Next: ISIS interface, Prev: ISIS Timer, Up: ISIS
4095 -- ISIS Command: is-type [level-1 | level-1-2 | level-2-only]
4096 -- ISIS Command: no is-type
4097 Define the ISIS router behavior: - level-1 Act as a station router
4098 only - level-1-2 Act as both a station router and an area router -
4099 level-2-only Act as an area router only
4102 File: quagga.info, Node: ISIS interface, Next: Showing ISIS information, Prev: ISIS region, Up: ISIS
4107 -- Interface Command: ip router isis WORD
4108 -- Interface Command: no ip router isis WORD
4109 Activate ISIS adjacency on this interface. Note that the name of
4110 ISIS instance must be the same as the one used to configure the
4111 ISIS process (see command *note router isis WORD::).
4113 -- Interface Command: isis circuit-type [level-1 | level-1-2 | level-2]
4114 -- Interface Command: no isis circuit-type
4115 Configure circuit type for interface: - level-1 Level-1 only
4116 adjacencies are formed - level-1-2 Level-1-2 adjacencies are formed
4117 - level-2-only Level-2 only adjacencies are formed
4119 -- Interface Command: isis csnp-interval <1-600>
4120 -- Interface Command: isis csnp-interval <1-600> [level-1 | level-2]
4121 -- Interface Command: no isis csnp-interval
4122 -- Interface Command: no isis csnp-interval [level-1 | level-2]
4123 Set CSNP interval in seconds globally, for an area (level-1) or a
4126 -- Interface Command: isis hello padding
4127 Add padding to IS-IS hello packets.
4129 -- Interface Command: isis hello-interval <1-600>
4130 -- Interface Command: isis hello-interval <1-600> [level-1 | level-2]
4131 -- Interface Command: no isis hello-interval
4132 -- Interface Command: no isis hello-interval [level-1 | level-2]
4133 Set Hello interval in seconds globally, for an area (level-1) or a
4136 -- Interface Command: isis hello-multiplier <2-100>
4137 -- Interface Command: isis hello-multiplier <2-100> [level-1 | level-2]
4138 -- Interface Command: no isis hello-multiplier
4139 -- Interface Command: no isis hello-multiplier [level-1 | level-2]
4140 Set multiplier for Hello holding time globally, for an area
4141 (level-1) or a domain (level-2).
4143 -- Interface Command: isis metric [<0-255> | <0-16777215>]
4144 -- Interface Command: isis metric [<0-255> | <0-16777215>] [level-1 |
4146 -- Interface Command: no isis metric
4147 -- Interface Command: no isis metric [level-1 | level-2]
4148 Set default metric value globally, for an area (level-1) or a
4149 domain (level-2). Max value depend if metric support narrow or
4150 wide value (see command *note metric-style::).
4152 -- Interface Command: isis network point-to-point
4153 -- Interface Command: no isis network point-to-point
4154 Set network type to 'Point-to-Point' (broadcast by default).
4156 -- Interface Command: isis passive
4157 -- Interface Command: no isis passive
4158 Configure the passive mode for this interface.
4160 -- Interface Command: isis password [clear | md5] <password>
4161 -- Interface Command: no isis password
4162 Configure the authentication password (clear or encoded text) for
4165 -- Interface Command: isis priority <0-127>
4166 -- Interface Command: isis priority <0-127> [level-1 | level-2]
4167 -- Interface Command: no isis priority
4168 -- Interface Command: no isis priority [level-1 | level-2]
4169 Set priority for Designated Router election, globally, for the area
4170 (level-1) or the domain (level-2).
4172 -- Interface Command: isis psnp-interval <1-120>
4173 -- Interface Command: isis psnp-interval <1-120> [level-1 | level-2]
4174 -- Interface Command: no isis psnp-interval
4175 -- Interface Command: no isis psnp-interval [level-1 | level-2]
4176 Set PSNP interval in seconds globally, for an area (level-1) or a
4180 File: quagga.info, Node: Showing ISIS information, Next: ISIS Traffic Engineering, Prev: ISIS interface, Up: ISIS
4182 9.6 Showing ISIS information
4183 ============================
4185 -- Command: show isis summary
4186 Show summary information about ISIS.
4188 -- Command: show isis hostname
4189 Show information about ISIS node.
4191 -- Command: show isis interface
4192 -- Command: show isis interface detail
4193 -- Command: show isis interface <interface name>
4194 Show state and configuration of ISIS specified interface, or all
4195 interfaces if no interface is given with or without details.
4197 -- Command: show isis neighbor
4198 -- Command: show isis neighbor <System Id>
4199 -- Command: show isis neighbor detail
4200 Show state and information of ISIS specified neighbor, or all
4201 neighbors if no system id is given with or without details.
4203 -- Command: show isis database
4204 -- Command: show isis database [detail]
4205 -- Command: show isis database <LSP id> [detail]
4206 -- Command: show isis database detail <LSP id>
4207 Show the ISIS database globally, for a specific LSP id without or
4210 -- Command: show isis topology
4211 -- Command: show isis topology [level-1|level-2]
4212 Show topology IS-IS paths to Intermediate Systems, globally, in
4213 area (level-1) or domain (level-2).
4215 -- Command: show ip route isis
4216 Show the ISIS routing table, as determined by the most recent SPF
4220 File: quagga.info, Node: ISIS Traffic Engineering, Next: Debugging ISIS, Prev: Showing ISIS information, Up: ISIS
4222 9.7 Traffic Engineering
4223 =======================
4225 -- ISIS Command: mpls-te on
4226 -- ISIS Command: no mpls-te
4227 Enable Traffic Engineering LSP flooding.
4229 -- ISIS Command: mpls-te router-address <A.B.C.D>
4230 -- ISIS Command: no mpls-te router-address
4231 Configure stable IP address for MPLS-TE.
4233 -- Command: show isis mpls-te interface
4234 -- Command: show isis mpls-te interface INTERFACE
4235 Show MPLS Traffic Engineering parameters for all or specified
4238 -- Command: show isis mpls-te router
4239 Show Traffic Engineering router parameters.
4242 File: quagga.info, Node: Debugging ISIS, Next: ISIS Configuration Examples, Prev: ISIS Traffic Engineering, Up: ISIS
4247 -- Command: debug isis adj-packets
4248 -- Command: no debug isis adj-packets
4249 IS-IS Adjacency related packets.
4251 -- Command: debug isis checksum-errors
4252 -- Command: no debug isis checksum-errors
4253 IS-IS LSP checksum errors.
4255 -- Command: debug isis events
4256 -- Command: no debug isis events
4259 -- Command: debug isis local-updates
4260 -- Command: no debug isis local-updates
4261 IS-IS local update packets.
4263 -- Command: debug isis packet-dump
4264 -- Command: no debug isis packet-dump
4267 -- Command: debug isis protocol-errors
4268 -- Command: no debug isis protocol-errors
4269 IS-IS LSP protocol errors.
4271 -- Command: debug isis route-events
4272 -- Command: no debug isis route-events
4273 IS-IS Route related events.
4275 -- Command: debug isis snp-packets
4276 -- Command: no debug isis snp-packets
4277 IS-IS CSNP/PSNP packets.
4279 -- Command: debug isis spf-events
4280 -- Command: debug isis spf-statistics
4281 -- Command: debug isis spf-triggers
4282 -- Command: no debug isis spf-events
4283 -- Command: no debug isis spf-statistics
4284 -- Command: no debug isis spf-triggers
4285 IS-IS Shortest Path First Events, Timing and Statistic Data and
4288 -- Command: debug isis update-packets
4289 -- Command: no debug isis update-packets
4290 Update related packets.
4292 -- Command: show debugging isis
4293 Print which ISIS debug level is activate.
4296 File: quagga.info, Node: ISIS Configuration Examples, Prev: Debugging ISIS, Up: ISIS
4298 9.9 ISIS Configuration Examples
4299 ===============================
4301 A simple example, with MD5 authentication enabled:
4306 isis network point-to-point
4307 isis circuit-type level-2-only
4310 net 47.0023.0000.0000.0000.0000.0000.0000.1900.0004.00
4312 is-type level-2-only
4314 A Traffic Engineering configuration, with Inter-ASv2 support.
4316 - First, the 'zebra.conf' part:
4320 log file /var/log/zebra.log
4323 ip address 10.2.2.2/24
4325 mpls-te link metric 10
4326 mpls-te link max-bw 1.25e+06
4327 mpls-te link max-rsv-bw 1.25e+06
4328 mpls-te link unrsv-bw 0 1.25e+06
4329 mpls-te link unrsv-bw 1 1.25e+06
4330 mpls-te link unrsv-bw 2 1.25e+06
4331 mpls-te link unrsv-bw 3 1.25e+06
4332 mpls-te link unrsv-bw 4 1.25e+06
4333 mpls-te link unrsv-bw 5 1.25e+06
4334 mpls-te link unrsv-bw 6 1.25e+06
4335 mpls-te link unrsv-bw 7 1.25e+06
4336 mpls-te link rsc-clsclr 0xab
4339 ip address 10.1.1.1/24
4341 mpls-te link metric 10
4342 mpls-te link max-bw 1.25e+06
4343 mpls-te link max-rsv-bw 1.25e+06
4344 mpls-te link unrsv-bw 0 1.25e+06
4345 mpls-te link unrsv-bw 1 1.25e+06
4346 mpls-te link unrsv-bw 2 1.25e+06
4347 mpls-te link unrsv-bw 3 1.25e+06
4348 mpls-te link unrsv-bw 4 1.25e+06
4349 mpls-te link unrsv-bw 5 1.25e+06
4350 mpls-te link unrsv-bw 6 1.25e+06
4351 mpls-te link unrsv-bw 7 1.25e+06
4352 mpls-te link rsc-clsclr 0xab
4353 mpls-te neighbor 10.1.1.2 as 65000
4355 - Then the 'isisd.conf' itself:
4359 log file /var/log/isisd.log
4370 isis net 47.0023.0000.0000.0000.0000.0000.0000.1900.0004.00
4372 mpls-te router-address 10.1.1.1
4377 File: quagga.info, Node: NHRP, Next: BGP, Prev: ISIS, Up: Top
4382 'nhrpd' is a daemon to support Next Hop Routing Protocol (NHRP). NHRP is
4383 described in RFC2332.
4385 NHRP is used to improve the efficiency of routing computer network
4386 traffic over Non-Broadcast, Multiple Access (NBMA) Networks. NHRP
4387 provides an ARP-like solution that allows a system to dynamically learn
4388 the NBMA address of the other systems that are part of that network,
4389 allowing these systems to directly communicate without requiring traffic
4390 to use an intermediate hop.
4392 Cisco Dynamic Multipoint VPN (DMVPN) is based on NHRP, and Quagga
4393 nrhpd implements this scenario.
4398 * Configuring NHRP::
4399 * Hub Functionality::
4400 * Integration with IKE::
4402 * Configuration Example::
4405 File: quagga.info, Node: Routing Design, Next: Configuring NHRP, Up: NHRP
4410 nhrpd never handles routing of prefixes itself. You need to run some
4411 real routing protocol (e.g. BGP) to advertise routes over the tunnels.
4412 What nhrpd does it establishes 'shortcut routes' that optimizes the
4413 routing protocol to avoid going through extra nodes in NBMA GRE mesh.
4415 nhrpd does route NHRP domain addresses individually using per-host
4416 prefixes. This is similar to Cisco FlexVPN; but in contrast to opennhrp
4417 which uses a generic subnet route.
4419 To create NBMA GRE tunnel you might use the following (linux terminal
4421 ip tunnel add gre1 mode gre key 42 ttl 64
4422 ip addr add 10.255.255.2/32 dev gre1
4425 Note that the IP-address is assigned as host prefix to gre1. nhrpd
4426 will automatically create additional host routes pointing to gre1 when a
4427 connection with these hosts is established.
4429 The gre1 subnet prefix should be announced by routing protocol from
4430 the hub nodes (e.g. BGP 'network' announce). This allows the routing
4431 protocol to decide which is the closest hub and determine the relay hub
4432 on prefix basis when direct tunnel is not established.
4434 nhrpd will redistribute directly connected neighbors to zebra.
4435 Within hub nodes, these routes should be internally redistributed using
4436 some routing protocol (e.g. iBGP) to allow hubs to be able to relay all
4439 This can be achieved in hubs with the following bgp configuration
4440 (network command defines the GRE subnet):
4442 network 172.16.0.0/16
4446 File: quagga.info, Node: Configuring NHRP, Next: Hub Functionality, Prev: Routing Design, Up: NHRP
4448 10.2 Configuring NHRP
4449 =====================
4454 File: quagga.info, Node: Hub Functionality, Next: Integration with IKE, Prev: Configuring NHRP, Up: NHRP
4456 10.3 Hub Functionality
4457 ======================
4459 In addition to routing nhrp redistributed host prefixes, the hub nodes
4460 are also responsible to send NHRP Traffic Indication messages that
4461 trigger creation of the shortcut tunnels.
4463 nhrpd sends Traffic Indication messages based on network traffic
4464 captured using NFLOG. Typically you want to send Traffic Indications for
4465 network traffic that is routed from gre1 back to gre1 in rate limited
4466 manner. This can be achieved with the following iptables rule.
4468 iptables -A FORWARD -i gre1 -o gre1 \
4469 -m hashlimit --hashlimit-upto 4/minute --hashlimit-burst 1 \
4470 --hashlimit-mode srcip,dstip --hashlimit-srcmask 24 \
4471 --hashlimit-dstmask 24 --hashlimit-name loglimit-0 \
4472 -j NFLOG --nflog-group 1 --nflog-range 128
4474 You can fine tune the src/dstmask according to the prefix lengths you
4475 announce internal, add additional IP range matches, or rate limitation
4476 if needed. However, the above should be good in most cases.
4478 This kernel NFLOG target's nflog-group is configured in global nhrp
4482 To start sending these traffic notices out from hubs, use the nhrp
4483 per-interface directive:
4488 File: quagga.info, Node: Integration with IKE, Next: NHRP Events, Prev: Hub Functionality, Up: NHRP
4490 10.4 Integration with IKE
4491 =========================
4493 nhrpd needs tight integration with IKE daemon for various reasons.
4494 Currently only strongSwan is supported as IKE daemon.
4496 nhrpd connects to strongSwan using VICI protocol based on UNIX socket
4497 (hardcoded now as /var/run/charon.vici).
4499 strongSwan currently needs few patches applied. Please check out the
4501 (http://git.alpinelinux.org/cgit/user/tteras/strongswan/log/?h=tteras-release)
4503 (http://git.alpinelinux.org/cgit/user/tteras/strongswan/log/?h=tteras)
4504 git repositories for the patches.
4507 File: quagga.info, Node: NHRP Events, Next: Configuration Example, Prev: Integration with IKE, Up: NHRP
4515 File: quagga.info, Node: Configuration Example, Prev: NHRP Events, Up: NHRP
4517 10.6 Configuration Example
4518 ==========================
4523 File: quagga.info, Node: BGP, Next: Configuring Quagga as a Route Server, Prev: NHRP, Up: Top
4528 BGP stands for a Border Gateway Protocol. The lastest BGP version is 4.
4529 It is referred as BGP-4. BGP-4 is one of the Exterior Gateway Protocols
4530 and de-fact standard of Inter Domain routing protocol. BGP-4 is
4531 described in 'RFC1771, A Border Gateway Protocol 4 (BGP-4)'.
4533 Many extensions have been added to 'RFC1771'. 'RFC2858,
4534 Multiprotocol Extensions for BGP-4' provides multiprotocol support to
4545 * BGP Address Family::
4546 * Autonomous System::
4547 * BGP Communities Attribute::
4548 * BGP Extended Communities Attribute::
4549 * Displaying BGP routes::
4550 * Capability Negotiation::
4553 * How to set up a 6-Bone connection::
4554 * Dump BGP packets and table::
4555 * BGP Configuration Examples::
4558 File: quagga.info, Node: Starting BGP, Next: BGP router, Up: BGP
4563 Default configuration file of 'bgpd' is 'bgpd.conf'. 'bgpd' searches
4564 the current directory first then /etc/quagga/bgpd.conf. All of bgpd's
4565 command must be configured in 'bgpd.conf'.
4567 'bgpd' specific invocation options are described below. Common
4568 options may also be specified (*note Common Invocation Options::).
4572 Set the bgp protocol's port number.
4576 When program terminates, retain BGP routes added by zebra.
4580 Specify a specific IP address for bgpd to listen on, rather than
4581 its default of INADDR_ANY / IN6ADDR_ANY. This can be useful to
4582 constrain bgpd to an internal address, or to run multiple bgpd
4583 processes on one host.
4586 File: quagga.info, Node: BGP router, Next: BGP MED, Prev: Starting BGP, Up: BGP
4591 First of all you must configure BGP router with 'router bgp' command.
4592 To configure BGP router, you need AS number. AS number is an
4593 identification of autonomous system. BGP protocol uses the AS number
4594 for detecting whether the BGP connection is internal one or external
4597 -- Command: router bgp ASN
4598 Enable a BGP protocol process with the specified ASN. After this
4599 statement you can input any 'BGP Commands'. You can not create
4600 different BGP process under different ASN without specifying
4601 'multiple-instance' (*note Multiple instance::).
4603 -- Command: no router bgp ASN
4604 Destroy a BGP protocol process with the specified ASN.
4606 -- BGP: bgp router-id A.B.C.D
4607 This command specifies the router-ID. If 'bgpd' connects to 'zebra'
4608 it gets interface and address information. In that case default
4609 router ID value is selected as the largest IP Address of the
4610 interfaces. When 'router zebra' is not enabled 'bgpd' can't get
4611 interface information so 'router-id' is set to 0.0.0.0. So please
4612 set router-id by hand.
4617 * BGP decision process::
4618 * BGP route flap dampening::
4621 File: quagga.info, Node: BGP distance, Next: BGP decision process, Up: BGP router
4626 -- BGP: distance bgp <1-255> <1-255> <1-255>
4627 This command change distance value of BGP. Each argument is
4628 distance value for external routes, internal routes and local
4631 To have this command applied to existing routes requires a hard
4634 -- BGP: distance <1-255> A.B.C.D/M
4635 -- BGP: distance <1-255> A.B.C.D/M WORD
4636 This command set distance value to
4639 File: quagga.info, Node: BGP decision process, Next: BGP route flap dampening, Prev: BGP distance, Up: BGP router
4641 11.2.2 BGP decision process
4642 ---------------------------
4644 The decision process Quagga BGP uses to select routes is as follows:
4647 prefer higher local weight routes to lower routes.
4649 2. Local preference check
4650 prefer higher local preference routes to lower.
4652 3. Local route check
4653 Prefer local routes (statics, aggregates, redistributed) to
4656 4. AS path length check
4657 Prefer shortest hop-count AS_PATHs.
4660 Prefer the lowest origin type route. That is, prefer IGP origin
4661 routes to EGP, to Incomplete routes.
4664 Where routes with a MED were received from the same AS, prefer the
4665 route with the lowest MED. *Note BGP MED::.
4668 Prefer the route received from an external, eBGP peer over routes
4669 received from other types of peers.
4672 Prefer the route with the lower IGP cost.
4675 If multi-pathing is enabled, then check whether the routes not yet
4676 distinguished in preference may be considered equal. If *note bgp
4677 bestpath as-path multipath-relax:: is set, all such routes are
4678 considered equal, otherwise routes received via iBGP with identical
4679 AS_PATHs or routes received from eBGP neighbours in the same AS are
4682 10 Already-selected external check
4684 Where both routes were received from eBGP peers, then prefer the
4685 route which is already selected. Note that this check is not
4686 applied if *note bgp bestpath compare-routerid:: is configured.
4687 This check can prevent some cases of oscillation.
4690 Prefer the route with the lowest router-ID. If the route has an
4691 ORIGINATOR_ID attribute, through iBGP reflection, then that router
4692 ID is used, otherwise the router-ID of the peer the route was
4693 received from is used.
4695 12. Cluster-List length check
4696 The route with the shortest cluster-list length is used. The
4697 cluster-list reflects the iBGP reflection path the route has taken.
4700 Prefer the route received from the peer with the higher transport
4701 layer address, as a last-resort tie-breaker.
4703 -- BGP: bgp bestpath as-path confed
4704 This command specifies that the length of confederation path sets
4705 and sequences should should be taken into account during the BGP
4706 best path decision process.
4708 -- BGP: bgp bestpath as-path multipath-relax
4709 This command specifies that BGP decision process should consider
4710 paths of equal AS_PATH length candidates for multipath computation.
4711 Without the knob, the entire AS_PATH must match for multipath
4714 -- BGP: bgp bestpath compare-routerid
4716 Ensure that when comparing routes where both are equal on most
4717 metrics, including local-pref, AS_PATH length, IGP cost, MED, that
4718 the tie is broken based on router-ID.
4720 If this option is enabled, then the already-selected check, where
4721 already selected eBGP routes are preferred, is skipped.
4723 If a route has an ORIGINATOR_ID attribute because it has been
4724 reflected, that ORIGINATOR_ID will be used. Otherwise, the
4725 router-ID of the peer the route was received from will be used.
4727 The advantage of this is that the route-selection (at this point)
4728 will be more deterministic. The disadvantage is that a few or even
4729 one lowest-ID router may attract all trafic to otherwise-equal
4730 paths because of this check. It may increase the possibility of
4731 MED or IGP oscillation, unless other measures were taken to avoid
4732 these. The exact behaviour will be sensitive to the iBGP and
4733 reflection topology.
4736 File: quagga.info, Node: BGP route flap dampening, Prev: BGP decision process, Up: BGP router
4738 11.2.3 BGP route flap dampening
4739 -------------------------------
4741 -- BGP: bgp dampening <1-45> <1-20000> <1-20000> <1-255>
4742 This command enables BGP route-flap dampening and specifies
4743 dampening parameters.
4746 Half-life time for the penalty
4748 Value to start reusing a route
4750 Value to start suppressing a route
4752 Maximum duration to suppress a stable route
4754 The route-flap damping algorithm is compatible with 'RFC2439'. The
4755 use of this command is not recommended nowadays, see RIPE-378.
4758 File: quagga.info, Node: BGP MED, Next: BGP network, Prev: BGP router, Up: BGP
4763 The BGP MED (Multi_Exit_Discriminator) attribute has properties which
4764 can cause subtle convergence problems in BGP. These properties and
4765 problems have proven to be hard to understand, at least historically,
4766 and may still not be widely understood. The following attempts to
4767 collect together and present what is known about MED, to help operators
4768 and Quagga users in designing and configuring their networks.
4770 The BGP MED (Multi_Exit_Discriminator) attribute is intended to allow
4771 one AS to indicate its preferences for its ingress points to another AS.
4772 The MED attribute will not be propagated on to another AS by the
4773 receiving AS - it is 'non-transitive' in the BGP sense.
4775 E.g., if AS X and AS Y have 2 different BGP peering points, then AS X
4776 might set a MED of 100 on routes advertised at one and a MED of 200 at
4777 the other. When AS Y selects between otherwise equal routes to or via
4778 AS X, AS Y should prefer to take the path via the lower MED peering of
4779 100 with AS X. Setting the MED allows an AS to influence the routing
4780 taken to it within another, neighbouring AS.
4782 In this use of MED it is not really meaningful to compare the MED
4783 value on routes where the next AS on the paths differs. E.g., if AS Y
4784 also had a route for some destination via AS Z in addition to the routes
4785 from AS X, and AS Z had also set a MED, it wouldn't make sense for AS Y
4786 to compare AS Z's MED values to those of AS X. The MED values have been
4787 set by different administrators, with different frames of reference.
4789 The default behaviour of BGP therefore is to not compare MED values
4790 across routes received from different neighbouring ASes. In Quagga this
4791 is done by comparing the neighbouring, left-most AS in the received
4792 AS_PATHs of the routes and only comparing MED if those are the same.
4794 Unfortunately, this behaviour of MED, of sometimes being compared
4795 across routes and sometimes not, depending on the properties of those
4796 other routes, means MED can cause the order of preference over all the
4797 routes to be undefined. That is, given routes A, B, and C, if A is
4798 preferred to B, and B is preferred to C, then a well-defined order
4799 should mean the preference is transitive (in the sense of orders (1))
4800 and that A would be preferred to C.
4802 However, when MED is involved this need not be the case. With MED it
4803 is possible that C is actually preferred over A. So A is preferred to B,
4804 B is preferred to C, but C is preferred to A. This can be true even
4805 where BGP defines a deterministic "most preferred" route out of the full
4806 set of A,B,C. With MED, for any given set of routes there may be a
4807 deterministically preferred route, but there need not be any way to
4808 arrange them into any order of preference. With unmodified MED, the
4809 order of preference of routes literally becomes undefined.
4811 That MED can induce non-transitive preferences over routes can cause
4812 issues. Firstly, it may be perceived to cause routing table churn
4813 locally at speakers; secondly, and more seriously, it may cause routing
4814 instability in iBGP topologies, where sets of speakers continually
4815 oscillate between different paths.
4817 The first issue arises from how speakers often implement routing
4818 decisions. Though BGP defines a selection process that will
4819 deterministically select the same route as best at any given speaker,
4820 even with MED, that process requires evaluating all routes together.
4821 For performance and ease of implementation reasons, many implementations
4822 evaluate route preferences in a pair-wise fashion instead. Given there
4823 is no well-defined order when MED is involved, the best route that will
4824 be chosen becomes subject to implementation details, such as the order
4825 the routes are stored in. That may be (locally) non-deterministic, e.g.
4826 it may be the order the routes were received in.
4828 This indeterminism may be considered undesirable, though it need not
4829 cause problems. It may mean additional routing churn is perceived, as
4830 sometimes more updates may be produced than at other times in reaction
4833 This first issue can be fixed with a more deterministic route
4834 selection that ensures routes are ordered by the neighbouring AS during
4835 selection. *Note bgp deterministic-med::. This may reduce the number
4836 of updates as routes are received, and may in some cases reduce routing
4837 churn. Though, it could equally deterministically produce the largest
4838 possible set of updates in response to the most common sequence of
4841 A deterministic order of evaluation tends to imply an additional
4842 overhead of sorting over any set of n routes to a destination. The
4843 implementation of deterministic MED in Quagga scales significantly worse
4844 than most sorting algorithms at present, with the number of paths to a
4845 given destination. That number is often low enough to not cause any
4846 issues, but where there are many paths, the deterministic comparison may
4847 quickly become increasingly expensive in terms of CPU.
4849 Deterministic local evaluation can _not_ fix the second, more major,
4850 issue of MED however. Which is that the non-transitive preference of
4851 routes MED can cause may lead to routing instability or oscillation
4852 across multiple speakers in iBGP topologies. This can occur with
4853 full-mesh iBGP, but is particularly problematic in non-full-mesh iBGP
4854 topologies that further reduce the routing information known to each
4855 speaker. This has primarily been documented with iBGP route-reflection
4856 topologies. However, any route-hiding technologies potentially could
4857 also exacerbate oscillation with MED.
4859 This second issue occurs where speakers each have only a subset of
4860 routes, and there are cycles in the preferences between different
4861 combinations of routes - as the undefined order of preference of MED
4862 allows - and the routes are distributed in a way that causes the BGP
4863 speakers to 'chase' those cycles. This can occur even if all speakers
4864 use a deterministic order of evaluation in route selection.
4866 E.g., speaker 4 in AS A might receive a route from speaker 2 in AS X,
4867 and from speaker 3 in AS Y; while speaker 5 in AS A might receive that
4868 route from speaker 1 in AS Y. AS Y might set a MED of 200 at speaker 1,
4869 and 100 at speaker 3. I.e, using ASN:ID:MED to label the speakers:
4873 X:2------|--A:4-------A:5--|-Y:1:200
4878 Assuming all other metrics are equal (AS_PATH, ORIGIN, 0 IGP costs),
4879 then based on the RFC4271 decision process speaker 4 will choose X:2
4880 over Y:3:100, based on the lower ID of 2. Speaker 4 advertises X:2 to
4881 speaker 5. Speaker 5 will continue to prefer Y:1:200 based on the ID,
4882 and advertise this to speaker 4. Speaker 4 will now have the full set
4883 of routes, and the Y:1:200 it receives from 5 will beat X:2, but when
4884 speaker 4 compares Y:1:200 to Y:3:100 the MED check now becomes active
4885 as the ASes match, and now Y:3:100 is preferred. Speaker 4 therefore
4886 now advertises Y:3:100 to 5, which will also agrees that Y:3:100 is
4887 preferred to Y:1:200, and so withdraws the latter route from 4. Speaker
4888 4 now has only X:2 and Y:3:100, and X:2 beats Y:3:100, and so speaker 4
4889 implicitly updates its route to speaker 5 to X:2. Speaker 5 sees that
4890 Y:1:200 beats X:2 based on the ID, and advertises Y:1:200 to speaker 4,
4891 and the cycle continues.
4893 The root cause is the lack of a clear order of preference caused by
4894 how MED sometimes is and sometimes is not compared, leading to this
4895 cycle in the preferences between the routes:
4898 /---> X:2 ---beats---> Y:3:100 --\
4901 \---beats--- Y:1:200 <---beats---/
4904 This particular type of oscillation in full-mesh iBGP topologies can
4905 be avoided by speakers preferring already selected, external routes
4906 rather than choosing to update to new a route based on a post-MED metric
4907 (e.g. router-ID), at the cost of a non-deterministic selection process.
4908 Quagga implements this, as do many other implementations, so long as it
4909 is not overridden by setting *note bgp bestpath compare-routerid::, and
4910 see also *note BGP decision process::, .
4912 However, more complex and insidious cycles of oscillation are
4913 possible with iBGP route-reflection, which are not so easily avoided.
4914 These have been documented in various places. See, e.g., 'McPherson, D.
4915 and Gill, V. and Walton, D., "Border Gateway Protocol (BGP) Persistent
4916 Route Oscillation Condition", IETF RFC3345', and 'Flavel, A. and M.
4917 Roughan, "Stable and flexible iBGP", ACM SIGCOMM 2009', and 'Griffin, T.
4918 and G. Wilfong, "On the correctness of IBGP configuration", ACM SIGCOMM
4919 2002' for concrete examples and further references.
4921 There is as of this writing _no_ known way to use MED for its
4922 original purpose; _and_ reduce routing information in iBGP topologies;
4923 _and_ be sure to avoid the instability problems of MED due the
4924 non-transitive routing preferences it can induce; in general on
4927 There may be iBGP topology specific ways to reduce the instability
4928 risks, even while using MED, e.g. by constraining the reflection
4929 topology and by tuning IGP costs between route-reflector clusters, see
4930 RFC3345 for details. In the near future, the Add-Path extension to BGP
4931 may also solve MED oscillation while still allowing MED to be used as
4932 intended, by distributing "best-paths per neighbour AS". This would be
4933 at the cost of distributing at least as many routes to all speakers as a
4934 full-mesh iBGP would, if not more, while also imposing similar CPU
4935 overheads as the "Deterministic MED" feature at each Add-Path reflector.
4937 More generally, the instability problems that MED can introduce on
4938 more complex, non-full-mesh, iBGP topologies may be avoided either by:
4940 * Setting *note bgp always-compare-med::, however this allows MED to
4941 be compared across values set by different neighbour ASes, which
4942 may not produce coherent desirable results, of itself.
4944 * Effectively ignoring MED by setting MED to the same value (e.g. 0)
4945 using *note routemap set metric:: on all received routes, in
4946 combination with setting *note bgp always-compare-med:: on all
4947 speakers. This is the simplest and most performant way to avoid
4948 MED oscillation issues, where an AS is happy not to allow
4949 neighbours to inject this problematic metric.
4951 As MED is evaluated after the AS_PATH length check, another possible
4952 use for MED is for intra-AS steering of routes with equal AS_PATH
4953 length, as an extension of the last case above. As MED is evaluated
4954 before IGP metric, this can allow cold-potato routing to be implemented
4955 to send traffic to preferred hand-offs with neighbours, rather than the
4956 closest hand-off according to the IGP metric.
4958 Note that even if action is taken to address the MED non-transitivity
4959 issues, other oscillations may still be possible. E.g., on IGP cost if
4960 iBGP and IGP topologies are at cross-purposes with each other - see the
4961 Flavel and Roughan paper above for an example. Hence the guideline that
4962 the iBGP topology should follow the IGP topology.
4964 -- BGP: bgp deterministic-med
4966 Carry out route-selection in way that produces deterministic
4967 answers locally, even in the face of MED and the lack of a
4968 well-defined order of preference it can induce on routes. Without
4969 this option the preferred route with MED may be determined largely
4970 by the order that routes were received in.
4972 Setting this option will have a performance cost that may be
4973 noticeable when there are many routes for each destination.
4974 Currently in Quagga it is implemented in a way that scales poorly
4975 as the number of routes per destination increases.
4977 The default is that this option is not set.
4979 Note that there are other sources of indeterminism in the route
4980 selection process, specifically, the preference for older and already
4981 selected routes from eBGP peers, *Note BGP decision process::.
4983 -- BGP: bgp always-compare-med
4985 Always compare the MED on routes, even when they were received from
4986 different neighbouring ASes. Setting this option makes the order
4987 of preference of routes more defined, and should eliminate MED
4988 induced oscillations.
4990 If using this option, it may also be desirable to use *note
4991 routemap set metric:: to set MED to 0 on routes received from
4992 external neighbours.
4994 This option can be used, together with *note routemap set metric::
4995 to use MED as an intra-AS metric to steer equal-length AS_PATH
4996 routes to, e.g., desired exit points.
4998 ---------- Footnotes ----------
5000 (1) For some set of objects to have an order, there _must_ be some
5001 binary ordering relation that is defined for _every_ combination of
5002 those objects, and that relation _must_ be transitive. I.e., if the
5003 relation operator is ≺, and if a ≺ b and b ≺ c then that relation
5004 must carry over and it _must_ be that a ≺ c for the objects to have an
5005 order. The ordering relation may allow for equality, i.e. a ≺ b and
5006 b ≺ a may both be true amd imply that a and b are equal in the order
5007 and not distinguished by it, in which case the set has a partial order.
5008 Otherwise, if there is an order, all the objects have a distinct place
5009 in the order and the set has a total order.
5012 File: quagga.info, Node: BGP network, Next: BGP Peer, Prev: BGP MED, Up: BGP
5020 * Route Aggregation::
5021 * Redistribute to BGP::
5024 File: quagga.info, Node: BGP route, Next: Route Aggregation, Up: BGP network
5029 -- BGP: network A.B.C.D/M
5030 This command adds the announcement network.
5033 This configuration example says that network 10.0.0.0/8 will be
5034 announced to all neighbors. Some vendors' routers don't advertise
5035 routes if they aren't present in their IGP routing tables; 'bgpd'
5036 doesn't care about IGP routes when announcing its routes.
5038 -- BGP: no network A.B.C.D/M
5041 File: quagga.info, Node: Route Aggregation, Next: Redistribute to BGP, Prev: BGP route, Up: BGP network
5043 11.4.2 Route Aggregation
5044 ------------------------
5046 -- BGP: aggregate-address A.B.C.D/M
5047 This command specifies an aggregate address.
5049 -- BGP: aggregate-address A.B.C.D/M as-set
5050 This command specifies an aggregate address. Resulting routes
5053 -- BGP: aggregate-address A.B.C.D/M summary-only
5054 This command specifies an aggregate address. Aggreated routes will
5057 -- BGP: no aggregate-address A.B.C.D/M
5060 File: quagga.info, Node: Redistribute to BGP, Prev: Route Aggregation, Up: BGP network
5062 11.4.3 Redistribute to BGP
5063 --------------------------
5065 -- BGP: redistribute kernel
5066 Redistribute kernel route to BGP process.
5068 -- BGP: redistribute static
5069 Redistribute static route to BGP process.
5071 -- BGP: redistribute connected
5072 Redistribute connected route to BGP process.
5074 -- BGP: redistribute rip
5075 Redistribute RIP route to BGP process.
5077 -- BGP: redistribute ospf
5078 Redistribute OSPF route to BGP process.
5081 File: quagga.info, Node: BGP Peer, Next: BGP Peer Group, Prev: BGP network, Up: BGP
5089 * BGP Peer commands::
5093 File: quagga.info, Node: Defining Peer, Next: BGP Peer commands, Up: BGP Peer
5095 11.5.1 Defining Peer
5096 --------------------
5098 -- BGP: neighbor PEER remote-as ASN
5099 Creates a new neighbor whose remote-as is ASN. PEER can be an IPv4
5100 address or an IPv6 address.
5102 neighbor 10.0.0.1 remote-as 2
5103 In this case my router, in AS-1, is trying to peer with AS-2 at
5106 This command must be the first command used when configuring a
5107 neighbor. If the remote-as is not specified, 'bgpd' will complain
5109 can't find neighbor 10.0.0.1
5112 File: quagga.info, Node: BGP Peer commands, Next: Peer filtering, Prev: Defining Peer, Up: BGP Peer
5114 11.5.2 BGP Peer commands
5115 ------------------------
5117 In a 'router bgp' clause there are neighbor specific configurations
5120 -- BGP: neighbor PEER shutdown
5121 -- BGP: no neighbor PEER shutdown
5122 Shutdown the peer. We can delete the neighbor's configuration by
5123 'no neighbor PEER remote-as AS-NUMBER' but all configuration of the
5124 neighbor will be deleted. When you want to preserve the
5125 configuration, but want to drop the BGP peer, use this syntax.
5127 -- BGP: neighbor PEER ebgp-multihop
5128 -- BGP: no neighbor PEER ebgp-multihop
5130 -- BGP: neighbor PEER description ...
5131 -- BGP: no neighbor PEER description ...
5132 Set description of the peer.
5134 -- BGP: neighbor PEER version VERSION
5135 Set up the neighbor's BGP version. VERSION can be 4, 4+ or 4-.
5136 BGP version 4 is the default value used for BGP peering. BGP
5137 version 4+ means that the neighbor supports Multiprotocol
5138 Extensions for BGP-4. BGP version 4- is similar but the neighbor
5139 speaks the old Internet-Draft revision 00's Multiprotocol
5140 Extensions for BGP-4. Some routing software is still using this
5143 -- BGP: neighbor PEER interface IFNAME
5144 -- BGP: no neighbor PEER interface IFNAME
5145 When you connect to a BGP peer over an IPv6 link-local address, you
5146 have to specify the IFNAME of the interface used for the
5147 connection. To specify IPv4 session addresses, see the 'neighbor
5148 PEER update-source' command below.
5150 This command is deprecated and may be removed in a future release.
5151 Its use should be avoided.
5153 -- BGP: neighbor PEER next-hop-self [all]
5154 -- BGP: no neighbor PEER next-hop-self [all]
5155 This command specifies an announced route's nexthop as being
5156 equivalent to the address of the bgp router if it is learned via
5157 eBGP. If the optional keyword 'all' is specified the modifiation is
5158 done also for routes learned via iBGP.
5160 -- BGP: neighbor PEER update-source <IFNAME|ADDRESS>
5161 -- BGP: no neighbor PEER update-source
5162 Specify the IPv4 source address to use for the BGP session to this
5163 neighbour, may be specified as either an IPv4 address directly or
5164 as an interface name (in which case the 'zebra' daemon MUST be
5165 running in order for 'bgpd' to be able to retrieve interface
5168 neighbor foo update-source 192.168.0.1
5169 neighbor bar update-source lo0
5171 -- BGP: neighbor PEER default-originate
5172 -- BGP: no neighbor PEER default-originate
5173 'bgpd''s default is to not announce the default route (0.0.0.0/0)
5174 even it is in routing table. When you want to announce default
5175 routes to the peer, use this command.
5177 -- BGP: neighbor PEER port PORT
5178 -- BGP: neighbor PEER port PORT
5180 -- BGP: neighbor PEER send-community
5181 -- BGP: neighbor PEER send-community
5183 -- BGP: neighbor PEER weight WEIGHT
5184 -- BGP: no neighbor PEER weight WEIGHT
5185 This command specifies a default WEIGHT value for the neighbor's
5188 -- BGP: neighbor PEER maximum-prefix NUMBER
5189 -- BGP: no neighbor PEER maximum-prefix NUMBER
5191 -- BGP: neighbor PEER local-as AS-NUMBER
5192 -- BGP: neighbor PEER local-as AS-NUMBER no-prepend
5193 -- BGP: neighbor PEER local-as AS-NUMBER no-prepend replace-as
5194 -- BGP: no neighbor PEER local-as
5195 Specify an alternate AS for this BGP process when interacting with
5196 the specified peer. With no modifiers, the specified local-as is
5197 prepended to the received AS_PATH when receiving routing updates
5198 from the peer, and prepended to the outgoing AS_PATH (after the
5199 process local AS) when transmitting local routes to the peer.
5201 If the no-prepend attribute is specified, then the supplied
5202 local-as is not prepended to the received AS_PATH.
5204 If the replace-as attribute is specified, then only the supplied
5205 local-as is prepended to the AS_PATH when transmitting local-route
5206 updates to this peer.
5208 Note that replace-as can only be specified if no-prepend is.
5210 This command is only allowed for eBGP peers.
5212 -- BGP: neighbor PEER ttl-security hops NUMBER
5213 -- BGP: no neighbor PEER ttl-security hops NUMBER
5214 This command enforces Generalized TTL Security Mechanism (GTSM), as
5215 specified in RFC 5082. With this command, only neighbors that are
5216 the specified number of hops away will be allowed to become
5217 neighbors. This command is mututally exclusive with
5221 File: quagga.info, Node: Peer filtering, Prev: BGP Peer commands, Up: BGP Peer
5223 11.5.3 Peer filtering
5224 ---------------------
5226 -- BGP: neighbor PEER distribute-list NAME [in|out]
5227 This command specifies a distribute-list for the peer. DIRECT is
5230 -- BGP command: neighbor PEER prefix-list NAME [in|out]
5232 -- BGP command: neighbor PEER filter-list NAME [in|out]
5234 -- BGP: neighbor PEER route-map NAME [in|out]
5235 Apply a route-map on the neighbor. DIRECT must be 'in' or 'out'.
5237 -- BGP: bgp route-reflector allow-outbound-policy
5238 By default, attribute modification via route-map policy out is not
5239 reflected on reflected routes. This option allows the
5240 modifications to be reflected as well. Once enabled, it affects
5241 all reflected routes.
5244 File: quagga.info, Node: BGP Peer Group, Next: BGP Address Family, Prev: BGP Peer, Up: BGP
5249 -- BGP: neighbor WORD peer-group
5250 This command defines a new peer group.
5252 -- BGP: neighbor PEER peer-group WORD
5253 This command bind specific peer to peer group WORD.
5256 File: quagga.info, Node: BGP Address Family, Next: Autonomous System, Prev: BGP Peer Group, Up: BGP
5258 11.7 BGP Address Family
5259 =======================
5261 Multiprotocol BGP enables BGP to carry routing information for multiple
5262 Network Layer protocols. BGP supports multiple Address Family
5263 Identifier (AFI), namely IPv4 and IPv6. Support is also provided for
5264 multiple sets of per-AFI information via Subsequent Address Family
5265 Identifiers (SAFI). In addition to unicast information, VPN information
5266 'RFC4364' and 'RFC4659', and Encapsulation information 'RFC5512' is
5269 -- Command: show ip bgp vpnv4 all
5270 -- Command: show ipv6 bgp vpn all
5271 Print active IPV4 or IPV6 routes advertised via the VPN SAFI.
5273 -- Command: show ip bgp encap all
5274 -- Command: show ipv6 bgp encap all
5275 Print active IPV4 or IPV6 routes advertised via the Encapsulation
5278 -- Command: show bgp ipv4 encap summary
5279 -- Command: show bgp ipv4 vpn summary
5280 -- Command: show bgp ipv6 encap summary
5281 -- Command: show bgp ipv6 vpn summary
5282 Print a summary of neighbor connections for the specified AFI/SAFI
5286 File: quagga.info, Node: Autonomous System, Next: BGP Communities Attribute, Prev: BGP Address Family, Up: BGP
5288 11.8 Autonomous System
5289 ======================
5291 The AS (Autonomous System) number is one of the essential element of
5292 BGP. BGP is a distance vector routing protocol, and the AS-Path
5293 framework provides distance vector metric and loop detection to BGP.
5294 'RFC1930, Guidelines for creation, selection, and registration of an
5295 Autonomous System (AS)' provides some background on the concepts of an
5298 The AS number is a two octet value, ranging in value from 1 to 65535.
5299 The AS numbers 64512 through 65535 are defined as private AS numbers.
5300 Private AS numbers must not to be advertised in the global Internet.
5304 * AS Path Regular Expression::
5305 * Display BGP Routes by AS Path::
5306 * AS Path Access List::
5307 * Using AS Path in Route Map::
5308 * Private AS Numbers::
5311 File: quagga.info, Node: AS Path Regular Expression, Next: Display BGP Routes by AS Path, Up: Autonomous System
5313 11.8.1 AS Path Regular Expression
5314 ---------------------------------
5316 AS path regular expression can be used for displaying BGP routes and AS
5317 path access list. AS path regular expression is based on 'POSIX 1003.2'
5318 regular expressions. Following description is just a subset of 'POSIX'
5319 regular expression. User can use full 'POSIX' regular expression.
5320 Adding to that special character '_' is added for AS path regular
5324 Matches any single character.
5326 Matches 0 or more occurrences of pattern.
5328 Matches 1 or more occurrences of pattern.
5330 Match 0 or 1 occurrences of pattern.
5332 Matches the beginning of the line.
5334 Matches the end of the line.
5336 Character '_' has special meanings in AS path regular expression.
5337 It matches to space and comma , and AS set delimiter { and } and AS
5338 confederation delimiter '(' and ')'. And it also matches to the
5339 beginning of the line and the end of the line. So '_' can be used
5340 for AS value boundaries match. 'show ip bgp regexp _7675_' matches
5341 to all of BGP routes which as AS number include 7675.
5344 File: quagga.info, Node: Display BGP Routes by AS Path, Next: AS Path Access List, Prev: AS Path Regular Expression, Up: Autonomous System
5346 11.8.2 Display BGP Routes by AS Path
5347 ------------------------------------
5349 To show BGP routes which has specific AS path information 'show ip bgp'
5350 command can be used.
5352 -- Command: show ip bgp regexp LINE
5353 This commands display BGP routes that matches AS path regular
5357 File: quagga.info, Node: AS Path Access List, Next: Using AS Path in Route Map, Prev: Display BGP Routes by AS Path, Up: Autonomous System
5359 11.8.3 AS Path Access List
5360 --------------------------
5362 AS path access list is user defined AS path.
5364 -- Command: ip as-path access-list WORD {permit|deny} LINE
5365 This command defines a new AS path access list.
5367 -- Command: no ip as-path access-list WORD
5368 -- Command: no ip as-path access-list WORD {permit|deny} LINE
5371 File: quagga.info, Node: Using AS Path in Route Map, Next: Private AS Numbers, Prev: AS Path Access List, Up: Autonomous System
5373 11.8.4 Using AS Path in Route Map
5374 ---------------------------------
5376 -- Route Map: match as-path WORD
5378 -- Route Map: set as-path prepend AS-PATH
5379 Prepend the given string of AS numbers to the AS_PATH.
5381 -- Route Map: set as-path prepend last-as NUM
5382 Prepend the existing last AS number (the leftmost ASN) to the
5386 File: quagga.info, Node: Private AS Numbers, Prev: Using AS Path in Route Map, Up: Autonomous System
5388 11.8.5 Private AS Numbers
5389 -------------------------
5392 File: quagga.info, Node: BGP Communities Attribute, Next: BGP Extended Communities Attribute, Prev: Autonomous System, Up: BGP
5394 11.9 BGP Communities Attribute
5395 ==============================
5397 BGP communities attribute is widely used for implementing policy
5398 routing. Network operators can manipulate BGP communities attribute
5399 based on their network policy. BGP communities attribute is defined in
5400 'RFC1997, BGP Communities Attribute' and 'RFC1998, An Application of the
5401 BGP Community Attribute in Multi-home Routing'. It is an optional
5402 transitive attribute, therefore local policy can travel through
5403 different autonomous system.
5405 Communities attribute is a set of communities values. Each
5406 communities value is 4 octet long. The following format is used to
5407 define communities value.
5410 This format represents 4 octet communities value. 'AS' is high
5411 order 2 octet in digit format. 'VAL' is low order 2 octet in digit
5412 format. This format is useful to define AS oriented policy value.
5413 For example, '7675:80' can be used when AS 7675 wants to pass local
5414 policy value 80 to neighboring peer.
5416 'internet' represents well-known communities value 0.
5418 'no-export' represents well-known communities value 'NO_EXPORT'
5419 (0xFFFFFF01). All routes carry this value must not be advertised
5420 to outside a BGP confederation boundary. If neighboring BGP peer
5421 is part of BGP confederation, the peer is considered as inside a
5422 BGP confederation boundary, so the route will be announced to the
5425 'no-advertise' represents well-known communities value
5427 (0xFFFFFF02). All routes carry this value must not be advertise to
5430 'local-AS' represents well-known communities value
5431 'NO_EXPORT_SUBCONFED' (0xFFFFFF03). All routes carry this value
5432 must not be advertised to external BGP peers. Even if the
5433 neighboring router is part of confederation, it is considered as
5434 external BGP peer, so the route will not be announced to the peer.
5436 When BGP communities attribute is received, duplicated communities
5437 value in the communities attribute is ignored and each communities
5438 values are sorted in numerical order.
5442 * BGP Community Lists::
5443 * Numbered BGP Community Lists::
5444 * BGP Community in Route Map::
5445 * Display BGP Routes by Community::
5446 * Using BGP Communities Attribute::
5449 File: quagga.info, Node: BGP Community Lists, Next: Numbered BGP Community Lists, Up: BGP Communities Attribute
5451 11.9.1 BGP Community Lists
5452 --------------------------
5454 BGP community list is a user defined BGP communites attribute list. BGP
5455 community list can be used for matching or manipulating BGP communities
5456 attribute in updates.
5458 There are two types of community list. One is standard community
5459 list and another is expanded community list. Standard community list
5460 defines communities attribute. Expanded community list defines
5461 communities attribute string with regular expression. Standard
5462 community list is compiled into binary format when user define it.
5463 Standard community list will be directly compared to BGP communities
5464 attribute in BGP updates. Therefore the comparison is faster than
5465 expanded community list.
5467 -- Command: ip community-list standard NAME {permit|deny} COMMUNITY
5468 This command defines a new standard community list. COMMUNITY is
5469 communities value. The COMMUNITY is compiled into community
5470 structure. We can define multiple community list under same name.
5471 In that case match will happen user defined order. Once the
5472 community list matches to communities attribute in BGP updates it
5473 return permit or deny by the community list definition. When there
5474 is no matched entry, deny will be returned. When COMMUNITY is
5475 empty it matches to any routes.
5477 -- Command: ip community-list expanded NAME {permit|deny} LINE
5478 This command defines a new expanded community list. LINE is a
5479 string expression of communities attribute. LINE can include
5480 regular expression to match communities attribute in BGP updates.
5482 -- Command: no ip community-list NAME
5483 -- Command: no ip community-list standard NAME
5484 -- Command: no ip community-list expanded NAME
5485 These commands delete community lists specified by NAME. All of
5486 community lists shares a single name space. So community lists can
5487 be removed simpley specifying community lists name.
5489 -- Command: show ip community-list
5490 -- Command: show ip community-list NAME
5491 This command display current community list information. When NAME
5492 is specified the specified community list's information is shown.
5494 # show ip community-list
5495 Named Community standard list CLIST
5496 permit 7675:80 7675:100 no-export
5498 Named Community expanded list EXPAND
5501 # show ip community-list CLIST
5502 Named Community standard list CLIST
5503 permit 7675:80 7675:100 no-export
5507 File: quagga.info, Node: Numbered BGP Community Lists, Next: BGP Community in Route Map, Prev: BGP Community Lists, Up: BGP Communities Attribute
5509 11.9.2 Numbered BGP Community Lists
5510 -----------------------------------
5512 When number is used for BGP community list name, the number has special
5513 meanings. Community list number in the range from 1 and 99 is standard
5514 community list. Community list number in the range from 100 to 199 is
5515 expanded community list. These community lists are called as numbered
5516 community lists. On the other hand normal community lists is called as
5517 named community lists.
5519 -- Command: ip community-list <1-99> {permit|deny} COMMUNITY
5520 This command defines a new community list. <1-99> is standard
5521 community list number. Community list name within this range
5522 defines standard community list. When COMMUNITY is empty it
5523 matches to any routes.
5525 -- Command: ip community-list <100-199> {permit|deny} COMMUNITY
5526 This command defines a new community list. <100-199> is expanded
5527 community list number. Community list name within this range
5528 defines expanded community list.
5530 -- Command: ip community-list NAME {permit|deny} COMMUNITY
5531 When community list type is not specifed, the community list type
5532 is automatically detected. If COMMUNITY can be compiled into
5533 communities attribute, the community list is defined as a standard
5534 community list. Otherwise it is defined as an expanded community
5535 list. This feature is left for backward compability. Use of this
5536 feature is not recommended.
5539 File: quagga.info, Node: BGP Community in Route Map, Next: Display BGP Routes by Community, Prev: Numbered BGP Community Lists, Up: BGP Communities Attribute
5541 11.9.3 BGP Community in Route Map
5542 ---------------------------------
5544 In Route Map (*note Route Map::), we can match or set BGP communities
5545 attribute. Using this feature network operator can implement their
5546 network policy based on BGP communities attribute.
5548 Following commands can be used in Route Map.
5550 -- Route Map: match community WORD
5551 -- Route Map: match community WORD exact-match
5552 This command perform match to BGP updates using community list
5553 WORD. When the one of BGP communities value match to the one of
5554 communities value in community list, it is match. When
5555 'exact-match' keyword is spcified, match happen only when BGP
5556 updates have completely same communities value specified in the
5559 -- Route Map: set community none
5560 -- Route Map: set community COMMUNITY
5561 -- Route Map: set community COMMUNITY additive
5562 This command manipulate communities value in BGP updates. When
5563 'none' is specified as communities value, it removes entire
5564 communities attribute from BGP updates. When COMMUNITY is not
5565 'none', specified communities value is set to BGP updates. If BGP
5566 updates already has BGP communities value, the existing BGP
5567 communities value is replaced with specified COMMUNITY value. When
5568 'additive' keyword is specified, COMMUNITY is appended to the
5569 existing communities value.
5571 -- Route Map: set comm-list WORD delete
5572 This command remove communities value from BGP communities
5573 attribute. The WORD is community list name. When BGP route's
5574 communities value matches to the community list WORD, the
5575 communities value is removed. When all of communities value is
5576 removed eventually, the BGP update's communities attribute is
5580 File: quagga.info, Node: Display BGP Routes by Community, Next: Using BGP Communities Attribute, Prev: BGP Community in Route Map, Up: BGP Communities Attribute
5582 11.9.4 Display BGP Routes by Community
5583 --------------------------------------
5585 To show BGP routes which has specific BGP communities attribute, 'show
5586 ip bgp' command can be used. The COMMUNITY value and community list can
5587 be used for 'show ip bgp' command.
5589 -- Command: show ip bgp community
5590 -- Command: show ip bgp community COMMUNITY
5591 -- Command: show ip bgp community COMMUNITY exact-match
5592 'show ip bgp community' displays BGP routes which has communities
5593 attribute. When COMMUNITY is specified, BGP routes that matches
5594 COMMUNITY value is displayed. For this command, 'internet' keyword
5595 can't be used for COMMUNITY value. When 'exact-match' is
5596 specified, it display only routes that have an exact match.
5598 -- Command: show ip bgp community-list WORD
5599 -- Command: show ip bgp community-list WORD exact-match
5600 This commands display BGP routes that matches community list WORD.
5601 When 'exact-match' is specified, display only routes that have an
5605 File: quagga.info, Node: Using BGP Communities Attribute, Prev: Display BGP Routes by Community, Up: BGP Communities Attribute
5607 11.9.5 Using BGP Communities Attribute
5608 --------------------------------------
5610 Following configuration is the most typical usage of BGP communities
5611 attribute. AS 7675 provides upstream Internet connection to AS 100.
5612 When following configuration exists in AS 7675, AS 100 networks operator
5613 can set local preference in AS 7675 network by setting BGP communities
5614 attribute to the updates.
5617 neighbor 192.168.0.1 remote-as 100
5618 neighbor 192.168.0.1 route-map RMAP in
5620 ip community-list 70 permit 7675:70
5621 ip community-list 70 deny
5622 ip community-list 80 permit 7675:80
5623 ip community-list 80 deny
5624 ip community-list 90 permit 7675:90
5625 ip community-list 90 deny
5627 route-map RMAP permit 10
5629 set local-preference 70
5631 route-map RMAP permit 20
5633 set local-preference 80
5635 route-map RMAP permit 30
5637 set local-preference 90
5639 Following configuration announce 10.0.0.0/8 from AS 100 to AS 7675.
5640 The route has communities value 7675:80 so when above configuration
5641 exists in AS 7675, announced route's local preference will be set to
5646 neighbor 192.168.0.2 remote-as 7675
5647 neighbor 192.168.0.2 route-map RMAP out
5649 ip prefix-list PLIST permit 10.0.0.0/8
5651 route-map RMAP permit 10
5652 match ip address prefix-list PLIST
5653 set community 7675:80
5655 Following configuration is an example of BGP route filtering using
5656 communities attribute. This configuration only permit BGP routes which
5657 has BGP communities value 0:80 and 0:90. Network operator can put
5658 special internal communities value at BGP border router, then limit the
5659 BGP routes announcement into the internal network.
5662 neighbor 192.168.0.1 remote-as 100
5663 neighbor 192.168.0.1 route-map RMAP in
5665 ip community-list 1 permit 0:80 0:90
5667 route-map RMAP permit in
5670 Following exmaple filter BGP routes which has communities value 1:1.
5671 When there is no match community-list returns deny. To avoid filtering
5672 all of routes, we need to define permit any at last.
5675 neighbor 192.168.0.1 remote-as 100
5676 neighbor 192.168.0.1 route-map RMAP in
5678 ip community-list standard FILTER deny 1:1
5679 ip community-list standard FILTER permit
5681 route-map RMAP permit 10
5682 match community FILTER
5684 Communities value keyword 'internet' has special meanings in standard
5685 community lists. In below example 'internet' act as match any. It
5686 matches all of BGP routes even if the route does not have communities
5687 attribute at all. So community list 'INTERNET' is same as above
5690 ip community-list standard INTERNET deny 1:1
5691 ip community-list standard INTERNET permit internet
5693 Following configuration is an example of communities value deletion.
5694 With this configuration communities value 100:1 and 100:2 is removed
5695 from BGP updates. For communities value deletion, only 'permit'
5696 community-list is used. 'deny' community-list is ignored.
5699 neighbor 192.168.0.1 remote-as 100
5700 neighbor 192.168.0.1 route-map RMAP in
5702 ip community-list standard DEL permit 100:1 100:2
5704 route-map RMAP permit 10
5705 set comm-list DEL delete
5708 File: quagga.info, Node: BGP Extended Communities Attribute, Next: Displaying BGP routes, Prev: BGP Communities Attribute, Up: BGP
5710 11.10 BGP Extended Communities Attribute
5711 ========================================
5713 BGP extended communities attribute is introduced with MPLS VPN/BGP
5714 technology. MPLS VPN/BGP expands capability of network infrastructure
5715 to provide VPN functionality. At the same time it requires a new
5716 framework for policy routing. With BGP Extended Communities Attribute
5717 we can use Route Target or Site of Origin for implementing network
5718 policy for MPLS VPN/BGP.
5720 BGP Extended Communities Attribute is similar to BGP Communities
5721 Attribute. It is an optional transitive attribute. BGP Extended
5722 Communities Attribute can carry multiple Extended Community value. Each
5723 Extended Community value is eight octet length.
5725 BGP Extended Communities Attribute provides an extended range
5726 compared with BGP Communities Attribute. Adding to that there is a type
5727 field in each value to provides community space structure.
5729 There are two format to define Extended Community value. One is AS
5730 based format the other is IP address based format.
5733 This is a format to define AS based Extended Community value. 'AS'
5734 part is 2 octets Global Administrator subfield in Extended
5735 Community value. 'VAL' part is 4 octets Local Administrator
5736 subfield. '7675:100' represents AS 7675 policy value 100.
5738 This is a format to define IP address based Extended Community
5739 value. 'IP-Address' part is 4 octets Global Administrator
5740 subfield. 'VAL' part is 2 octets Local Administrator subfield.
5741 '10.0.0.1:100' represents
5745 * BGP Extended Community Lists::
5746 * BGP Extended Communities in Route Map::
5749 File: quagga.info, Node: BGP Extended Community Lists, Next: BGP Extended Communities in Route Map, Up: BGP Extended Communities Attribute
5751 11.10.1 BGP Extended Community Lists
5752 ------------------------------------
5754 Expanded Community Lists is a user defined BGP Expanded Community Lists.
5756 -- Command: ip extcommunity-list standard NAME {permit|deny}
5758 This command defines a new standard extcommunity-list.
5759 EXTCOMMUNITY is extended communities value. The EXTCOMMUNITY is
5760 compiled into extended community structure. We can define multiple
5761 extcommunity-list under same name. In that case match will happen
5762 user defined order. Once the extcommunity-list matches to extended
5763 communities attribute in BGP updates it return permit or deny based
5764 upon the extcommunity-list definition. When there is no matched
5765 entry, deny will be returned. When EXTCOMMUNITY is empty it
5766 matches to any routes.
5768 -- Command: ip extcommunity-list expanded NAME {permit|deny} LINE
5769 This command defines a new expanded extcommunity-list. LINE is a
5770 string expression of extended communities attribute. LINE can
5771 include regular expression to match extended communities attribute
5774 -- Command: no ip extcommunity-list NAME
5775 -- Command: no ip extcommunity-list standard NAME
5776 -- Command: no ip extcommunity-list expanded NAME
5777 These commands delete extended community lists specified by NAME.
5778 All of extended community lists shares a single name space. So
5779 extended community lists can be removed simpley specifying the
5782 -- Command: show ip extcommunity-list
5783 -- Command: show ip extcommunity-list NAME
5784 This command display current extcommunity-list information. When
5785 NAME is specified the community list's information is shown.
5787 # show ip extcommunity-list
5790 File: quagga.info, Node: BGP Extended Communities in Route Map, Prev: BGP Extended Community Lists, Up: BGP Extended Communities Attribute
5792 11.10.2 BGP Extended Communities in Route Map
5793 ---------------------------------------------
5795 -- Route Map: match extcommunity WORD
5797 -- Route Map: set extcommunity rt EXTCOMMUNITY
5798 This command set Route Target value.
5800 -- Route Map: set extcommunity soo EXTCOMMUNITY
5801 This command set Site of Origin value.
5804 File: quagga.info, Node: Displaying BGP routes, Next: Capability Negotiation, Prev: BGP Extended Communities Attribute, Up: BGP
5806 11.11 Displaying BGP Routes
5807 ===========================
5812 * More Show IP BGP::
5815 File: quagga.info, Node: Show IP BGP, Next: More Show IP BGP, Up: Displaying BGP routes
5820 -- Command: show ip bgp
5821 -- Command: show ip bgp A.B.C.D
5822 -- Command: show ip bgp X:X::X:X
5823 This command displays BGP routes. When no route is specified it
5824 display all of IPv4 BGP routes.
5826 BGP table version is 0, local router ID is 10.1.1.1
5827 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
5828 Origin codes: i - IGP, e - EGP, ? - incomplete
5830 Network Next Hop Metric LocPrf Weight Path
5831 *> 1.1.1.1/32 0.0.0.0 0 32768 i
5833 Total number of prefixes 1
5836 File: quagga.info, Node: More Show IP BGP, Prev: Show IP BGP, Up: Displaying BGP routes
5838 11.11.2 More Show IP BGP
5839 ------------------------
5841 -- Command: show ip bgp regexp LINE
5842 This command display BGP routes using AS path regular expression
5843 (*note Display BGP Routes by AS Path::).
5845 -- Command: show ip bgp community COMMUNITY
5846 -- Command: show ip bgp community COMMUNITY exact-match
5847 This command display BGP routes using COMMUNITY (*note Display BGP
5848 Routes by Community::).
5850 -- Command: show ip bgp community-list WORD
5851 -- Command: show ip bgp community-list WORD exact-match
5852 This command display BGP routes using community list (*note Display
5853 BGP Routes by Community::).
5855 -- Command: show ip bgp summary
5857 -- Command: show ip bgp neighbor [PEER]
5859 -- Command: clear ip bgp PEER
5860 Clear peers which have addresses of X.X.X.X
5862 -- Command: clear ip bgp PEER soft in
5863 Clear peer using soft reconfiguration.
5865 -- Command: show ip bgp dampened-paths
5866 Display paths suppressed due to dampening
5868 -- Command: show ip bgp flap-statistics
5869 Display flap statistics of routes
5871 -- Command: show debug
5873 -- Command: debug event
5875 -- Command: debug update
5877 -- Command: debug keepalive
5879 -- Command: no debug event
5881 -- Command: no debug update
5883 -- Command: no debug keepalive
5886 File: quagga.info, Node: Capability Negotiation, Next: Route Reflector, Prev: Displaying BGP routes, Up: BGP
5888 11.12 Capability Negotiation
5889 ============================
5891 When adding IPv6 routing information exchange feature to BGP. There were
5892 some proposals. IETF (Internet Engineering Task Force) IDR (Inter
5893 Domain Routing) WG (Working group) adopted a proposal called
5894 Multiprotocol Extension for BGP. The specification is described in
5895 'RFC2283'. The protocol does not define new protocols. It defines new
5896 attributes to existing BGP. When it is used exchanging IPv6 routing
5897 information it is called BGP-4+. When it is used for exchanging
5898 multicast routing information it is called MBGP.
5900 'bgpd' supports Multiprotocol Extension for BGP. So if remote peer
5901 supports the protocol, 'bgpd' can exchange IPv6 and/or multicast routing
5904 Traditional BGP did not have the feature to detect remote peer's
5905 capabilities, e.g. whether it can handle prefix types other than IPv4
5906 unicast routes. This was a big problem using Multiprotocol Extension
5907 for BGP to operational network. 'RFC2842, Capabilities Advertisement
5908 with BGP-4' adopted a feature called Capability Negotiation. 'bgpd' use
5909 this Capability Negotiation to detect the remote peer's capabilities.
5910 If the peer is only configured as IPv4 unicast neighbor, 'bgpd' does not
5911 send these Capability Negotiation packets (at least not unless other
5912 optional BGP features require capability negotation).
5914 By default, Quagga will bring up peering with minimal common
5915 capability for the both sides. For example, local router has unicast
5916 and multicast capabilitie and remote router has unicast capability. In
5917 this case, the local router will establish the connection with unicast
5918 only capability. When there are no common capabilities, Quagga sends
5919 Unsupported Capability error and then resets the connection.
5921 If you want to completely match capabilities with remote peer.
5922 Please use 'strict-capability-match' command.
5924 -- BGP: neighbor PEER strict-capability-match
5925 -- BGP: no neighbor PEER strict-capability-match
5926 Strictly compares remote capabilities and local capabilities. If
5927 capabilities are different, send Unsupported Capability error then
5930 You may want to disable sending Capability Negotiation OPEN message
5931 optional parameter to the peer when remote peer does not implement
5932 Capability Negotiation. Please use 'dont-capability-negotiate' command
5933 to disable the feature.
5935 -- BGP: neighbor PEER dont-capability-negotiate
5936 -- BGP: no neighbor PEER dont-capability-negotiate
5937 Suppress sending Capability Negotiation as OPEN message optional
5938 parameter to the peer. This command only affects the peer is
5939 configured other than IPv4 unicast configuration.
5941 When remote peer does not have capability negotiation feature, remote
5942 peer will not send any capabilities at all. In that case, bgp
5943 configures the peer with configured capabilities.
5945 You may prefer locally configured capabilities more than the
5946 negotiated capabilities even though remote peer sends capabilities. If
5947 the peer is configured by 'override-capability', 'bgpd' ignores received
5948 capabilities then override negotiated capabilities with configured
5951 -- BGP: neighbor PEER override-capability
5952 -- BGP: no neighbor PEER override-capability
5953 Override the result of Capability Negotiation with local
5954 configuration. Ignore remote peer's capability value.
5957 File: quagga.info, Node: Route Reflector, Next: Route Server, Prev: Capability Negotiation, Up: BGP
5959 11.13 Route Reflector
5960 =====================
5962 -- BGP: bgp cluster-id A.B.C.D
5964 -- BGP: neighbor PEER route-reflector-client
5965 -- BGP: no neighbor PEER route-reflector-client
5968 File: quagga.info, Node: Route Server, Next: How to set up a 6-Bone connection, Prev: Route Reflector, Up: BGP
5973 At an Internet Exchange point, many ISPs are connected to each other by
5974 external BGP peering. Normally these external BGP connection are done
5975 by 'full mesh' method. As with internal BGP full mesh formation, this
5976 method has a scaling problem.
5978 This scaling problem is well known. Route Server is a method to
5979 resolve the problem. Each ISP's BGP router only peers to Route Server.
5980 Route Server serves as BGP information exchange to other BGP routers.
5981 By applying this method, numbers of BGP connections is reduced from
5982 O(n*(n-1)/2) to O(n).
5984 Unlike normal BGP router, Route Server must have several routing
5985 tables for managing different routing policies for each BGP speaker. We
5986 call the routing tables as different 'view's. 'bgpd' can work as normal
5987 BGP router or Route Server or both at the same time.
5991 * Multiple instance::
5992 * BGP instance and view::
5994 * Viewing the view::
5997 File: quagga.info, Node: Multiple instance, Next: BGP instance and view, Up: Route Server
5999 11.14.1 Multiple instance
6000 -------------------------
6002 To enable multiple view function of 'bgpd', you must turn on multiple
6003 instance feature beforehand.
6005 -- Command: bgp multiple-instance
6006 Enable BGP multiple instance feature. After this feature is
6007 enabled, you can make multiple BGP instances or multiple BGP views.
6009 -- Command: no bgp multiple-instance
6010 Disable BGP multiple instance feature. You can not disable this
6011 feature when BGP multiple instances or views exist.
6013 When you want to make configuration more Cisco like one,
6015 -- Command: bgp config-type cisco
6016 Cisco compatible BGP configuration output.
6018 When bgp config-type cisco is specified,
6020 "no synchronization" is displayed. "no auto-summary" is displayed.
6022 "network" and "aggregate-address" argument is displayed as "A.B.C.D
6025 Quagga: network 10.0.0.0/8 Cisco: network 10.0.0.0
6027 Quagga: aggregate-address 192.168.0.0/24 Cisco: aggregate-address
6028 192.168.0.0 255.255.255.0
6030 Community attribute handling is also different. If there is no
6031 configuration is specified community attribute and extended community
6032 attribute are sent to neighbor. When user manually disable the feature
6033 community attribute is not sent to the neighbor. In case of 'bgp
6034 config-type cisco' is specified, community attribute is not sent to the
6035 neighbor by default. To send community attribute user has to specify
6036 'neighbor A.B.C.D send-community' command.
6040 neighbor 10.0.0.1 remote-as 1
6041 no neighbor 10.0.0.1 send-community
6044 neighbor 10.0.0.1 remote-as 1
6045 neighbor 10.0.0.1 send-community
6048 -- Command: bgp config-type zebra
6049 Quagga style BGP configuration. This is default.
6052 File: quagga.info, Node: BGP instance and view, Next: Routing policy, Prev: Multiple instance, Up: Route Server
6054 11.14.2 BGP instance and view
6055 -----------------------------
6057 BGP instance is a normal BGP process. The result of route selection
6058 goes to the kernel routing table. You can setup different AS at the
6059 same time when BGP multiple instance feature is enabled.
6061 -- Command: router bgp AS-NUMBER
6062 Make a new BGP instance. You can use arbitrary word for the NAME.
6064 bgp multiple-instance
6067 neighbor 10.0.0.1 remote-as 2
6068 neighbor 10.0.0.2 remote-as 3
6071 neighbor 10.0.0.3 remote-as 4
6072 neighbor 10.0.0.4 remote-as 5
6074 BGP view is almost same as normal BGP process. The result of route
6075 selection does not go to the kernel routing table. BGP view is only for
6076 exchanging BGP routing information.
6078 -- Command: router bgp AS-NUMBER view NAME
6079 Make a new BGP view. You can use arbitrary word for the NAME.
6080 This view's route selection result does not go to the kernel
6083 With this command, you can setup Route Server like below.
6085 bgp multiple-instance
6088 neighbor 10.0.0.1 remote-as 2
6089 neighbor 10.0.0.2 remote-as 3
6092 neighbor 10.0.0.3 remote-as 4
6093 neighbor 10.0.0.4 remote-as 5
6096 File: quagga.info, Node: Routing policy, Next: Viewing the view, Prev: BGP instance and view, Up: Route Server
6098 11.14.3 Routing policy
6099 ----------------------
6101 You can set different routing policy for a peer. For example, you can
6102 set different filter for a peer.
6104 bgp multiple-instance
6107 neighbor 10.0.0.1 remote-as 2
6108 neighbor 10.0.0.1 distribute-list 1 in
6111 neighbor 10.0.0.1 remote-as 2
6112 neighbor 10.0.0.1 distribute-list 2 in
6114 This means BGP update from a peer 10.0.0.1 goes to both BGP view 1
6115 and view 2. When the update is inserted into view 1, distribute-list 1
6116 is applied. On the other hand, when the update is inserted into view 2,
6117 distribute-list 2 is applied.
6120 File: quagga.info, Node: Viewing the view, Prev: Routing policy, Up: Route Server
6122 11.14.4 Viewing the view
6123 ------------------------
6125 To display routing table of BGP view, you must specify view name.
6127 -- Command: show ip bgp view NAME
6128 Display routing table of BGP view NAME.
6131 File: quagga.info, Node: How to set up a 6-Bone connection, Next: Dump BGP packets and table, Prev: Route Server, Up: BGP
6133 11.15 How to set up a 6-Bone connection
6134 =======================================
6139 ! Actually there is no need to configure zebra
6145 ! This means that routes go through zebra and into the kernel.
6149 ! MP-BGP configuration
6152 bgp router-id 10.0.0.1
6153 neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 remote-as AS-NUMBER
6156 network 3ffe:506::/32
6157 neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 activate
6158 neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 route-map set-nexthop out
6159 neighbor 3ffe:1cfa:0:2:2c0:4fff:fe68:a231 remote-as AS-NUMBER
6160 neighbor 3ffe:1cfa:0:2:2c0:4fff:fe68:a231 route-map set-nexthop out
6163 ipv6 access-list all permit any
6165 ! Set output nexthop address.
6167 route-map set-nexthop permit 10
6168 match ipv6 address all
6169 set ipv6 nexthop global 3ffe:1cfa:0:2:2c0:4fff:fe68:a225
6170 set ipv6 nexthop local fe80::2c0:4fff:fe68:a225
6172 ! logfile FILENAME is obsolete. Please use log file FILENAME
6178 File: quagga.info, Node: Dump BGP packets and table, Next: BGP Configuration Examples, Prev: How to set up a 6-Bone connection, Up: BGP
6180 11.16 Dump BGP packets and table
6181 ================================
6183 -- Command: dump bgp all PATH [INTERVAL]
6184 -- Command: dump bgp all-et PATH [INTERVAL]
6185 -- Command: no dump bgp all [PATH] [INTERVAL]
6186 Dump all BGP packet and events to PATH file. If INTERVAL is set, a
6187 new file will be created for echo INTERVAL of seconds. The path
6188 PATH can be set with date and time formatting (strftime). The type
6189 ‘all-et’ enables support for Extended Timestamp Header (*note
6190 Packet Binary Dump Format::). (*note Packet Binary Dump Format::)
6192 -- Command: dump bgp updates PATH [INTERVAL]
6193 -- Command: dump bgp updates-et PATH [INTERVAL]
6194 -- Command: no dump bgp updates [PATH] [INTERVAL]
6195 Dump only BGP updates messages to PATH file. If INTERVAL is set, a
6196 new file will be created for echo INTERVAL of seconds. The path
6197 PATH can be set with date and time formatting (strftime). The type
6198 ‘updates-et’ enables support for Extended Timestamp Header
6199 (*note Packet Binary Dump Format::).
6201 -- Command: dump bgp routes-mrt PATH
6202 -- Command: dump bgp routes-mrt PATH INTERVAL
6203 -- Command: no dump bgp route-mrt [PATH] [INTERVAL]
6204 Dump whole BGP routing table to PATH. This is heavy process. The
6205 path PATH can be set with date and time formatting (strftime). If
6206 INTERVAL is set, a new file will be created for echo INTERVAL of
6209 Note: the interval variable can also be set using hours and minutes:
6213 File: quagga.info, Node: BGP Configuration Examples, Prev: Dump BGP packets and table, Up: BGP
6215 11.17 BGP Configuration Examples
6216 ================================
6218 Example of a session to an upstream, advertising only one prefix to it.
6221 bgp router-id 10.236.87.1
6222 network 10.236.87.0/24
6223 neighbor upstream peer-group
6224 neighbor upstream remote-as 64515
6225 neighbor upstream capability dynamic
6226 neighbor upstream prefix-list pl-allowed-adv out
6227 neighbor 10.1.1.1 peer-group upstream
6228 neighbor 10.1.1.1 description ACME ISP
6230 ip prefix-list pl-allowed-adv seq 5 permit 82.195.133.0/25
6231 ip prefix-list pl-allowed-adv seq 10 deny any
6234 A more complex example. With upstream, peer and customer sessions.
6235 Advertising global prefixes and NO_EXPORT prefixes and providing actions
6236 for customer routes based on community values. Extensive use of
6237 route-maps and the 'call' feature to support selective advertising of
6238 prefixes. This example is intended as guidance only, it has NOT been
6239 tested and almost certainly containts silly mistakes, if not serious
6243 bgp router-id 10.236.87.1
6244 network 10.123.456.0/24
6245 network 10.123.456.128/25 route-map rm-no-export
6246 neighbor upstream capability dynamic
6247 neighbor upstream route-map rm-upstream-out out
6248 neighbor cust capability dynamic
6249 neighbor cust route-map rm-cust-in in
6250 neighbor cust route-map rm-cust-out out
6251 neighbor cust send-community both
6252 neighbor peer capability dynamic
6253 neighbor peer route-map rm-peer-in in
6254 neighbor peer route-map rm-peer-out out
6255 neighbor peer send-community both
6256 neighbor 10.1.1.1 remote-as 64515
6257 neighbor 10.1.1.1 peer-group upstream
6258 neighbor 10.2.1.1 remote-as 64516
6259 neighbor 10.2.1.1 peer-group upstream
6260 neighbor 10.3.1.1 remote-as 64517
6261 neighbor 10.3.1.1 peer-group cust-default
6262 neighbor 10.3.1.1 description customer1
6263 neighbor 10.3.1.1 prefix-list pl-cust1-network in
6264 neighbor 10.4.1.1 remote-as 64518
6265 neighbor 10.4.1.1 peer-group cust
6266 neighbor 10.4.1.1 prefix-list pl-cust2-network in
6267 neighbor 10.4.1.1 description customer2
6268 neighbor 10.5.1.1 remote-as 64519
6269 neighbor 10.5.1.1 peer-group peer
6270 neighbor 10.5.1.1 prefix-list pl-peer1-network in
6271 neighbor 10.5.1.1 description peer AS 1
6272 neighbor 10.6.1.1 remote-as 64520
6273 neighbor 10.6.1.1 peer-group peer
6274 neighbor 10.6.1.1 prefix-list pl-peer2-network in
6275 neighbor 10.6.1.1 description peer AS 2
6277 ip prefix-list pl-default permit 0.0.0.0/0
6279 ip prefix-list pl-upstream-peers permit 10.1.1.1/32
6280 ip prefix-list pl-upstream-peers permit 10.2.1.1/32
6282 ip prefix-list pl-cust1-network permit 10.3.1.0/24
6283 ip prefix-list pl-cust1-network permit 10.3.2.0/24
6285 ip prefix-list pl-cust2-network permit 10.4.1.0/24
6287 ip prefix-list pl-peer1-network permit 10.5.1.0/24
6288 ip prefix-list pl-peer1-network permit 10.5.2.0/24
6289 ip prefix-list pl-peer1-network permit 192.168.0.0/24
6291 ip prefix-list pl-peer2-network permit 10.6.1.0/24
6292 ip prefix-list pl-peer2-network permit 10.6.2.0/24
6293 ip prefix-list pl-peer2-network permit 192.168.1.0/24
6294 ip prefix-list pl-peer2-network permit 192.168.2.0/24
6295 ip prefix-list pl-peer2-network permit 172.16.1/24
6297 ip as-path access-list asp-own-as permit ^$
6298 ip as-path access-list asp-own-as permit _64512_
6300 ! #################################################################
6301 ! Match communities we provide actions for, on routes receives from
6302 ! customers. Communities values of <our-ASN>:X, with X, have actions:
6304 ! 100 - blackhole the prefix
6305 ! 200 - set no_export
6306 ! 300 - advertise only to other customers
6307 ! 400 - advertise only to upstreams
6308 ! 500 - set no_export when advertising to upstreams
6309 ! 2X00 - set local_preference to X00
6311 ! blackhole the prefix of the route
6312 ip community-list standard cm-blackhole permit 64512:100
6314 ! set no-export community before advertising
6315 ip community-list standard cm-set-no-export permit 64512:200
6317 ! advertise only to other customers
6318 ip community-list standard cm-cust-only permit 64512:300
6320 ! advertise only to upstreams
6321 ip community-list standard cm-upstream-only permit 64512:400
6323 ! advertise to upstreams with no-export
6324 ip community-list standard cm-upstream-noexport permit 64512:500
6326 ! set local-pref to least significant 3 digits of the community
6327 ip community-list standard cm-prefmod-100 permit 64512:2100
6328 ip community-list standard cm-prefmod-200 permit 64512:2200
6329 ip community-list standard cm-prefmod-300 permit 64512:2300
6330 ip community-list standard cm-prefmod-400 permit 64512:2400
6331 ip community-list expanded cme-prefmod-range permit 64512:2...
6333 ! Informational communities
6335 ! 3000 - learned from upstream
6336 ! 3100 - learned from customer
6337 ! 3200 - learned from peer
6339 ip community-list standard cm-learnt-upstream permit 64512:3000
6340 ip community-list standard cm-learnt-cust permit 64512:3100
6341 ip community-list standard cm-learnt-peer permit 64512:3200
6343 ! ###################################################################
6344 ! Utility route-maps
6346 ! These utility route-maps generally should not used to permit/deny
6347 ! routes, i.e. they do not have meaning as filters, and hence probably
6348 ! should be used with 'on-match next'. These all finish with an empty
6349 ! permit entry so as not interfere with processing in the caller.
6351 route-map rm-no-export permit 10
6352 set community additive no-export
6353 route-map rm-no-export permit 20
6355 route-map rm-blackhole permit 10
6356 description blackhole, up-pref and ensure it cant escape this AS
6357 set ip next-hop 127.0.0.1
6358 set local-preference 10
6359 set community additive no-export
6360 route-map rm-blackhole permit 20
6362 ! Set local-pref as requested
6363 route-map rm-prefmod permit 10
6364 match community cm-prefmod-100
6365 set local-preference 100
6366 route-map rm-prefmod permit 20
6367 match community cm-prefmod-200
6368 set local-preference 200
6369 route-map rm-prefmod permit 30
6370 match community cm-prefmod-300
6371 set local-preference 300
6372 route-map rm-prefmod permit 40
6373 match community cm-prefmod-400
6374 set local-preference 400
6375 route-map rm-prefmod permit 50
6377 ! Community actions to take on receipt of route.
6378 route-map rm-community-in permit 10
6379 description check for blackholing, no point continuing if it matches.
6380 match community cm-blackhole
6382 route-map rm-community-in permit 20
6383 match community cm-set-no-export
6386 route-map rm-community-in permit 30
6387 match community cme-prefmod-range
6389 route-map rm-community-in permit 40
6391 ! #####################################################################
6392 ! Community actions to take when advertising a route.
6393 ! These are filtering route-maps,
6395 ! Deny customer routes to upstream with cust-only set.
6396 route-map rm-community-filt-to-upstream deny 10
6397 match community cm-learnt-cust
6398 match community cm-cust-only
6399 route-map rm-community-filt-to-upstream permit 20
6401 ! Deny customer routes to other customers with upstream-only set.
6402 route-map rm-community-filt-to-cust deny 10
6403 match community cm-learnt-cust
6404 match community cm-upstream-only
6405 route-map rm-community-filt-to-cust permit 20
6407 ! ###################################################################
6408 ! The top-level route-maps applied to sessions. Further entries could
6409 ! be added obviously..
6412 route-map rm-cust-in permit 10
6413 call rm-community-in
6415 route-map rm-cust-in permit 20
6416 set community additive 64512:3100
6417 route-map rm-cust-in permit 30
6419 route-map rm-cust-out permit 10
6420 call rm-community-filt-to-cust
6422 route-map rm-cust-out permit 20
6424 ! Upstream transit ASes
6425 route-map rm-upstream-out permit 10
6426 description filter customer prefixes which are marked cust-only
6427 call rm-community-filt-to-upstream
6429 route-map rm-upstream-out permit 20
6430 description only customer routes are provided to upstreams/peers
6431 match community cm-learnt-cust
6434 ! outbound policy is same as for upstream
6435 route-map rm-peer-out permit 10
6436 call rm-upstream-out
6438 route-map rm-peer-in permit 10
6439 set community additive 64512:3200
6442 File: quagga.info, Node: Configuring Quagga as a Route Server, Next: VTY shell, Prev: BGP, Up: Top
6444 12 Configuring Quagga as a Route Server
6445 ***************************************
6447 The purpose of a Route Server is to centralize the peerings between BGP
6448 speakers. For example if we have an exchange point scenario with four
6449 BGP speakers, each of which maintaining a BGP peering with the other
6450 three we can convert it into a centralized scenario where each of the
6451 four establishes a single BGP peering against the Route Server.
6453 We will first describe briefly the Route Server model implemented by
6454 Quagga. We will explain the commands that have been added for
6455 configuring that model. And finally we will show a full example of
6456 Quagga configured as Route Server.
6460 * Description of the Route Server model::
6461 * Commands for configuring a Route Server::
6462 * Example of Route Server Configuration::
6465 File: quagga.info, Node: Description of the Route Server model, Next: Commands for configuring a Route Server, Up: Configuring Quagga as a Route Server
6467 12.1 Description of the Route Server model
6468 ==========================================
6470 First we are going to describe the normal processing that BGP
6471 announcements suffer inside a standard BGP speaker, as shown in *note
6472 Figure 12.1: fig:normal-processing, it consists of three steps:
6474 * When an announcement is received from some peer, the 'In' filters
6475 configured for that peer are applied to the announcement. These
6476 filters can reject the announcement, accept it unmodified, or
6477 accept it with some of its attributes modified.
6479 * The announcements that pass the 'In' filters go into the Best Path
6480 Selection process, where they are compared to other announcements
6481 referred to the same destination that have been received from
6482 different peers (in case such other announcements exist). For each
6483 different destination, the announcement which is selected as the
6484 best is inserted into the BGP speaker's Loc-RIB.
6486 * The routes which are inserted in the Loc-RIB are considered for
6487 announcement to all the peers (except the one from which the route
6488 came). This is done by passing the routes in the Loc-RIB through
6489 the 'Out' filters corresponding to each peer. These filters can
6490 reject the route, accept it unmodified, or accept it with some of
6491 its attributes modified. Those routes which are accepted by the
6492 'Out' filters of a peer are announced to that peer.
6494 \0\b[image src="fig-normal-processing.png" alt="Normal announcement processing" text="
6495 _______________________________
6496 / _________ _________ \\
6497 From Peer A --->|(A)-|Best | | |-[A]|--->To Peer A
6498 From Peer B --->|(B)-|Path |-->|Local-RIB|-[B]|--->To Peer B
6499 From Peer C --->|(C)-|Selection| | |-[C]|--->To Peer C
6500 From Peer D --->|(D)-|_________| |_________|-[D]|--->To Peer D
6501 \\_______________________________/
6503 Key: (X) - 'In' Filter applied to Peer X's announcements
6504 [X] - 'Out' Filter applied to announcements to Peer X"
\0\b]
6506 Figure 12.1: Announcement processing inside a "normal" BGP speaker
6508 Of course we want that the routing tables obtained in each of the
6509 routers are the same when using the route server than when not. But as
6510 a consequence of having a single BGP peering (against the route server),
6511 the BGP speakers can no longer distinguish from/to which peer each
6512 announce comes/goes. This means that the routers connected to the route
6513 server are not able to apply by themselves the same input/output filters
6514 as in the full mesh scenario, so they have to delegate those functions
6515 to the route server.
6517 Even more, the "best path" selection must be also performed inside
6518 the route server on behalf of its clients. The reason is that if, after
6519 applying the filters of the announcer and the (potential) receiver, the
6520 route server decides to send to some client two or more different
6521 announcements referred to the same destination, the client will only
6522 retain the last one, considering it as an implicit withdrawal of the
6523 previous announcements for the same destination. This is the expected
6524 behavior of a BGP speaker as defined in 'RFC1771', and even though there
6525 are some proposals of mechanisms that permit multiple paths for the same
6526 destination to be sent through a single BGP peering, none are currently
6527 supported by most existing BGP implementations.
6529 As a consequence a route server must maintain additional information
6530 and perform additional tasks for a RS-client that those necessary for
6531 common BGP peerings. Essentially a route server must:
6533 * Maintain a separated Routing Information Base (Loc-RIB) for each
6534 peer configured as RS-client, containing the routes selected as a
6535 result of the "Best Path Selection" process that is performed on
6536 behalf of that RS-client.
6538 * Whenever it receives an announcement from a RS-client, it must
6539 consider it for the Loc-RIBs of the other RS-clients.
6541 * This means that for each of them the route server must pass
6542 the announcement through the appropriate 'Out' filter of the
6545 * Then through the appropriate 'In' filter of the potential
6548 * Only if the announcement is accepted by both filters it will
6549 be passed to the "Best Path Selection" process.
6551 * Finally, it might go into the Loc-RIB of the receiver.
6553 When we talk about the "appropriate" filter, both the announcer and
6554 the receiver of the route must be taken into account. Suppose that the
6555 route server receives an announcement from client A, and the route
6556 server is considering it for the Loc-RIB of client B. The filters that
6557 should be applied are the same that would be used in the full mesh
6558 scenario, i.e., first the 'Out' filter of router A for announcements
6559 going to router B, and then the 'In' filter of router B for
6560 announcements coming from router A.
6562 We call "Export Policy" of a RS-client to the set of 'Out' filters
6563 that the client would use if there was no route server. The same
6564 applies for the "Import Policy" of a RS-client and the set of 'In'
6565 filters of the client if there was no route server.
6567 It is also common to demand from a route server that it does not
6568 modify some BGP attributes (next-hop, as-path and MED) that are usually
6569 modified by standard BGP speakers before announcing a route.
6571 The announcement processing model implemented by Quagga is shown in
6572 *note Figure 12.2: fig:rs-processing. The figure shows a mixture of
6573 RS-clients (B, C and D) with normal BGP peers (A). There are some
6574 details that worth additional comments:
6576 * Announcements coming from a normal BGP peer are also considered for
6577 the Loc-RIBs of all the RS-clients. But logically they do not pass
6578 through any export policy.
6580 * Those peers that are configured as RS-clients do not receive any
6581 announce from the 'Main' Loc-RIB.
6583 * Apart from import and export policies, 'In' and 'Out' filters can
6584 also be set for RS-clients. 'In' filters might be useful when the
6585 route server has also normal BGP peers. On the other hand, 'Out'
6586 filters for RS-clients are probably unnecessary, but we decided not
6587 to remove them as they do not hurt anybody (they can always be left
6590 \0\b[image src="fig-rs-processing.png" alt="Route Server Processing Model" text="From Peer A
6592 | | From RS-Client C
6593 | | | From RS-Client D
6595 | | | | Main / Normal RIB
6596 | | | | ________________________________
6597 | | | | / _________ _________ \\
6598 | | | +--->|(D)-|Best | | Main | |
6599 | | +--|--->|(C)-|Path |-->|Local-RIB|->[A]|--->To Peer A
6600 | +--|--|--->|(B)-|Selection| | | |
6601 +--|--|--|--->|(A)-|_________| |_________| |
6602 | | | | \\________________________________/
6604 | | | | ________________________________
6605 | | | | / _________ _________ \\
6606 | | | +--->*D*->|{B}-|Best | |RS-Client| |
6607 | | +--|--->*C*->|{B}-|Path |-->|Local-RIB|->[B]|--->To RS-Client B
6608 | | | | | |Selection| | for B | |
6609 +--|--|--|-------->|{B}-|_________| |_________| |
6610 | | | | \\________________________________/
6612 | | | | ________________________________
6613 | | | | / _________ _________ \\
6614 | | | +--->*D*->|{C}-|Best | |RS-Client| |
6615 | | | | | |Path |-->|Local-RIB|->[C]|--->To RS-Client C
6616 | +--|--|--->*B*->|{C}-|Selection| | for C | |
6617 +--|--|--|-------->|{C}-|_________| |_________| |
6618 | | | \\________________________________/
6620 | | | ________________________________
6621 | | | / _________ _________ \\
6622 | | | | |Best | |RS-Client| |
6623 | | +------>*C*->|{D}-|Path |-->|Local-RIB|->[D]|--->To RS-Client D
6624 | +--------->*B*->|{D}-|Selection| | for D | |
6625 +----------------->|{D}-|_________| |_________| |
6626 \\________________________________/
6629 Key: (X) - 'In' Filter applied to Peer X's announcements before
6630 considering announcement for the normal main Local-RIB
6631 [X] - 'Out' Filter applied to announcements to Peer X
6632 *X* - 'Export' Filter of RS-Client X, to apply X's policies
6633 before its routes may be considered for other RS-Clients
6635 {X} - 'Import' Filter of RS-Client X, to apply X's policies
6636 on routes before allowing them into X's RIB."
\0\b]
6638 Figure 12.2: Announcement processing model implemented by the Route
6642 File: quagga.info, Node: Commands for configuring a Route Server, Next: Example of Route Server Configuration, Prev: Description of the Route Server model, Up: Configuring Quagga as a Route Server
6644 12.2 Commands for configuring a Route Server
6645 ============================================
6647 Now we will describe the commands that have been added to quagga in
6648 order to support the route server features.
6650 -- Route-Server: neighbor PEER-GROUP route-server-client
6651 -- Route-Server: neighbor A.B.C.D route-server-client
6652 -- Route-Server: neighbor X:X::X:X route-server-client
6653 This command configures the peer given by PEER, A.B.C.D or X:X::X:X
6656 Actually this command is not new, it already existed in standard
6657 Quagga. It enables the transparent mode for the specified peer.
6658 This means that some BGP attributes (as-path, next-hop and MED) of
6659 the routes announced to that peer are not modified.
6661 With the route server patch, this command, apart from setting the
6662 transparent mode, creates a new Loc-RIB dedicated to the specified
6663 peer (those named 'Loc-RIB for X' in *note Figure 12.2:
6664 fig:rs-processing.). Starting from that moment, every announcement
6665 received by the route server will be also considered for the new
6668 -- Route-Server: neigbor {A.B.C.D|X.X::X.X|peer-group} route-map WORD
6670 This set of commands can be used to specify the route-map that
6671 represents the Import or Export policy of a peer which is
6672 configured as a RS-client (with the previous command).
6674 -- Route-Server: match peer {A.B.C.D|X:X::X:X}
6675 This is a new _match_ statement for use in route-maps, enabling
6676 them to describe import/export policies. As we said before, an
6677 import/export policy represents a set of input/output filters of
6678 the RS-client. This statement makes possible that a single
6679 route-map represents the full set of filters that a BGP speaker
6680 would use for its different peers in a non-RS scenario.
6682 The _match peer_ statement has different semantics whether it is
6683 used inside an import or an export route-map. In the first case
6684 the statement matches if the address of the peer who sends the
6685 announce is the same that the address specified by
6686 {A.B.C.D|X:X::X:X}. For export route-maps it matches when
6687 {A.B.C.D|X:X::X:X} is the address of the RS-Client into whose
6688 Loc-RIB the announce is going to be inserted (how the same export
6689 policy is applied before different Loc-RIBs is shown in *note
6690 Figure 12.2: fig:rs-processing.).
6692 -- Route-map Command: call WORD
6693 This command (also used inside a route-map) jumps into a different
6694 route-map, whose name is specified by WORD. When the called
6695 route-map finishes, depending on its result the original route-map
6696 continues or not. Apart from being useful for making import/export
6697 route-maps easier to write, this command can also be used inside
6698 any normal (in or out) route-map.
6701 File: quagga.info, Node: Example of Route Server Configuration, Prev: Commands for configuring a Route Server, Up: Configuring Quagga as a Route Server
6703 12.3 Example of Route Server Configuration
6704 ==========================================
6706 Finally we are going to show how to configure a Quagga daemon to act as
6707 a Route Server. For this purpose we are going to present a scenario
6708 without route server, and then we will show how to use the
6709 configurations of the BGP routers to generate the configuration of the
6712 All the configuration files shown in this section have been taken
6713 from scenarios which were tested using the VNUML tool VNUML
6714 (http://www.dit.upm.es/vnuml).
6718 * Configuration of the BGP routers without Route Server::
6719 * Configuration of the BGP routers with Route Server::
6720 * Configuration of the Route Server itself::
6721 * Further considerations about Import and Export route-maps::
6724 File: quagga.info, Node: Configuration of the BGP routers without Route Server, Next: Configuration of the BGP routers with Route Server, Up: Example of Route Server Configuration
6726 12.3.1 Configuration of the BGP routers without Route Server
6727 ------------------------------------------------------------
6729 We will suppose that our initial scenario is an exchange point with
6730 three BGP capable routers, named RA, RB and RC. Each of the BGP speakers
6731 generates some routes (with the NETWORK command), and establishes BGP
6732 peerings against the other two routers. These peerings have In and Out
6733 route-maps configured, named like "PEER-X-IN" or "PEER-X-OUT". For
6734 example the configuration file for router RA could be the following:
6736 #Configuration for router 'RA'
6742 no bgp default ipv4-unicast
6743 neighbor 2001:0DB8::B remote-as 65002
6744 neighbor 2001:0DB8::C remote-as 65003
6747 network 2001:0DB8:AAAA:1::/64
6748 network 2001:0DB8:AAAA:2::/64
6749 network 2001:0DB8:0000:1::/64
6750 network 2001:0DB8:0000:2::/64
6752 neighbor 2001:0DB8::B activate
6753 neighbor 2001:0DB8::B soft-reconfiguration inbound
6754 neighbor 2001:0DB8::B route-map PEER-B-IN in
6755 neighbor 2001:0DB8::B route-map PEER-B-OUT out
6757 neighbor 2001:0DB8::C activate
6758 neighbor 2001:0DB8::C soft-reconfiguration inbound
6759 neighbor 2001:0DB8::C route-map PEER-C-IN in
6760 neighbor 2001:0DB8::C route-map PEER-C-OUT out
6763 ipv6 prefix-list COMMON-PREFIXES seq 5 permit 2001:0DB8:0000::/48 ge 64 le 64
6764 ipv6 prefix-list COMMON-PREFIXES seq 10 deny any
6766 ipv6 prefix-list PEER-A-PREFIXES seq 5 permit 2001:0DB8:AAAA::/48 ge 64 le 64
6767 ipv6 prefix-list PEER-A-PREFIXES seq 10 deny any
6769 ipv6 prefix-list PEER-B-PREFIXES seq 5 permit 2001:0DB8:BBBB::/48 ge 64 le 64
6770 ipv6 prefix-list PEER-B-PREFIXES seq 10 deny any
6772 ipv6 prefix-list PEER-C-PREFIXES seq 5 permit 2001:0DB8:CCCC::/48 ge 64 le 64
6773 ipv6 prefix-list PEER-C-PREFIXES seq 10 deny any
6775 route-map PEER-B-IN permit 10
6776 match ipv6 address prefix-list COMMON-PREFIXES
6778 route-map PEER-B-IN permit 20
6779 match ipv6 address prefix-list PEER-B-PREFIXES
6780 set community 65001:11111
6782 route-map PEER-C-IN permit 10
6783 match ipv6 address prefix-list COMMON-PREFIXES
6785 route-map PEER-C-IN permit 20
6786 match ipv6 address prefix-list PEER-C-PREFIXES
6787 set community 65001:22222
6789 route-map PEER-B-OUT permit 10
6790 match ipv6 address prefix-list PEER-A-PREFIXES
6792 route-map PEER-C-OUT permit 10
6793 match ipv6 address prefix-list PEER-A-PREFIXES
6799 File: quagga.info, Node: Configuration of the BGP routers with Route Server, Next: Configuration of the Route Server itself, Prev: Configuration of the BGP routers without Route Server, Up: Example of Route Server Configuration
6801 12.3.2 Configuration of the BGP routers with Route Server
6802 ---------------------------------------------------------
6804 To convert the initial scenario into one with route server, first we
6805 must modify the configuration of routers RA, RB and RC. Now they must
6806 not peer between them, but only with the route server. For example,
6807 RA's configuration would turn into:
6809 # Configuration for router 'RA'
6815 no bgp default ipv4-unicast
6816 neighbor 2001:0DB8::FFFF remote-as 65000
6819 network 2001:0DB8:AAAA:1::/64
6820 network 2001:0DB8:AAAA:2::/64
6821 network 2001:0DB8:0000:1::/64
6822 network 2001:0DB8:0000:2::/64
6824 neighbor 2001:0DB8::FFFF activate
6825 neighbor 2001:0DB8::FFFF soft-reconfiguration inbound
6831 Which is logically much simpler than its initial configuration, as it
6832 now maintains only one BGP peering and all the filters (route-maps) have
6836 File: quagga.info, Node: Configuration of the Route Server itself, Next: Further considerations about Import and Export route-maps, Prev: Configuration of the BGP routers with Route Server, Up: Example of Route Server Configuration
6838 12.3.3 Configuration of the Route Server itself
6839 -----------------------------------------------
6841 As we said when we described the functions of a route server (*note
6842 Description of the Route Server model::), it is in charge of all the
6843 route filtering. To achieve that, the In and Out filters from the RA,
6844 RB and RC configurations must be converted into Import and Export
6845 policies in the route server.
6847 This is a fragment of the route server configuration (we only show
6848 the policies for client RA):
6850 # Configuration for Route Server ('RS')
6855 bgp multiple-instance
6857 router bgp 65000 view RS
6858 no bgp default ipv4-unicast
6859 neighbor 2001:0DB8::A remote-as 65001
6860 neighbor 2001:0DB8::B remote-as 65002
6861 neighbor 2001:0DB8::C remote-as 65003
6864 neighbor 2001:0DB8::A activate
6865 neighbor 2001:0DB8::A route-server-client
6866 neighbor 2001:0DB8::A route-map RSCLIENT-A-IMPORT import
6867 neighbor 2001:0DB8::A route-map RSCLIENT-A-EXPORT export
6868 neighbor 2001:0DB8::A soft-reconfiguration inbound
6870 neighbor 2001:0DB8::B activate
6871 neighbor 2001:0DB8::B route-server-client
6872 neighbor 2001:0DB8::B route-map RSCLIENT-B-IMPORT import
6873 neighbor 2001:0DB8::B route-map RSCLIENT-B-EXPORT export
6874 neighbor 2001:0DB8::B soft-reconfiguration inbound
6876 neighbor 2001:0DB8::C activate
6877 neighbor 2001:0DB8::C route-server-client
6878 neighbor 2001:0DB8::C route-map RSCLIENT-C-IMPORT import
6879 neighbor 2001:0DB8::C route-map RSCLIENT-C-EXPORT export
6880 neighbor 2001:0DB8::C soft-reconfiguration inbound
6883 ipv6 prefix-list COMMON-PREFIXES seq 5 permit 2001:0DB8:0000::/48 ge 64 le 64
6884 ipv6 prefix-list COMMON-PREFIXES seq 10 deny any
6886 ipv6 prefix-list PEER-A-PREFIXES seq 5 permit 2001:0DB8:AAAA::/48 ge 64 le 64
6887 ipv6 prefix-list PEER-A-PREFIXES seq 10 deny any
6889 ipv6 prefix-list PEER-B-PREFIXES seq 5 permit 2001:0DB8:BBBB::/48 ge 64 le 64
6890 ipv6 prefix-list PEER-B-PREFIXES seq 10 deny any
6892 ipv6 prefix-list PEER-C-PREFIXES seq 5 permit 2001:0DB8:CCCC::/48 ge 64 le 64
6893 ipv6 prefix-list PEER-C-PREFIXES seq 10 deny any
6895 route-map RSCLIENT-A-IMPORT permit 10
6896 match peer 2001:0DB8::B
6897 call A-IMPORT-FROM-B
6898 route-map RSCLIENT-A-IMPORT permit 20
6899 match peer 2001:0DB8::C
6900 call A-IMPORT-FROM-C
6902 route-map A-IMPORT-FROM-B permit 10
6903 match ipv6 address prefix-list COMMON-PREFIXES
6905 route-map A-IMPORT-FROM-B permit 20
6906 match ipv6 address prefix-list PEER-B-PREFIXES
6907 set community 65001:11111
6909 route-map A-IMPORT-FROM-C permit 10
6910 match ipv6 address prefix-list COMMON-PREFIXES
6912 route-map A-IMPORT-FROM-C permit 20
6913 match ipv6 address prefix-list PEER-C-PREFIXES
6914 set community 65001:22222
6916 route-map RSCLIENT-A-EXPORT permit 10
6917 match peer 2001:0DB8::B
6918 match ipv6 address prefix-list PEER-A-PREFIXES
6919 route-map RSCLIENT-A-EXPORT permit 20
6920 match peer 2001:0DB8::C
6921 match ipv6 address prefix-list PEER-A-PREFIXES
6927 If you compare the initial configuration of RA with the route server
6928 configuration above, you can see how easy it is to generate the Import
6929 and Export policies for RA from the In and Out route-maps of RA's
6930 original configuration.
6932 When there was no route server, RA maintained two peerings, one with
6933 RB and another with RC. Each of this peerings had an In route-map
6934 configured. To build the Import route-map for client RA in the route
6935 server, simply add route-map entries following this scheme:
6937 route-map <NAME> permit 10
6938 match peer <Peer Address>
6939 call <In Route-Map for this Peer>
6940 route-map <NAME> permit 20
6941 match peer <Another Peer Address>
6942 call <In Route-Map for this Peer>
6944 This is exactly the process that has been followed to generate the
6945 route-map RSCLIENT-A-IMPORT. The route-maps that are called inside it
6946 (A-IMPORT-FROM-B and A-IMPORT-FROM-C) are exactly the same than the In
6947 route-maps from the original configuration of RA (PEER-B-IN and
6948 PEER-C-IN), only the name is different.
6950 The same could have been done to create the Export policy for RA
6951 (route-map RSCLIENT-A-EXPORT), but in this case the original Out
6952 route-maps where so simple that we decided not to use the CALL WORD
6953 commands, and we integrated all in a single route-map
6954 (RSCLIENT-A-EXPORT).
6956 The Import and Export policies for RB and RC are not shown, but the
6957 process would be identical.
6960 File: quagga.info, Node: Further considerations about Import and Export route-maps, Prev: Configuration of the Route Server itself, Up: Example of Route Server Configuration
6962 12.3.4 Further considerations about Import and Export route-maps
6963 ----------------------------------------------------------------
6965 The current version of the route server patch only allows to specify a
6966 route-map for import and export policies, while in a standard BGP
6967 speaker apart from route-maps there are other tools for performing input
6968 and output filtering (access-lists, community-lists, ...). But this
6969 does not represent any limitation, as all kinds of filters can be
6970 included in import/export route-maps. For example suppose that in the
6971 non-route-server scenario peer RA had the following filters configured
6972 for input from peer B:
6974 neighbor 2001:0DB8::B prefix-list LIST-1 in
6975 neighbor 2001:0DB8::B filter-list LIST-2 in
6976 neighbor 2001:0DB8::B route-map PEER-B-IN in
6979 route-map PEER-B-IN permit 10
6980 match ipv6 address prefix-list COMMON-PREFIXES
6981 set local-preference 100
6982 route-map PEER-B-IN permit 20
6983 match ipv6 address prefix-list PEER-B-PREFIXES
6984 set community 65001:11111
6986 It is posible to write a single route-map which is equivalent to the
6987 three filters (the community-list, the prefix-list and the route-map).
6988 That route-map can then be used inside the Import policy in the route
6989 server. Lets see how to do it:
6991 neighbor 2001:0DB8::A route-map RSCLIENT-A-IMPORT import
6995 route-map RSCLIENT-A-IMPORT permit 10
6996 match peer 2001:0DB8::B
6997 call A-IMPORT-FROM-B
7001 route-map A-IMPORT-FROM-B permit 1
7002 match ipv6 address prefix-list LIST-1
7003 match as-path LIST-2
7005 route-map A-IMPORT-FROM-B deny 2
7006 route-map A-IMPORT-FROM-B permit 10
7007 match ipv6 address prefix-list COMMON-PREFIXES
7008 set local-preference 100
7009 route-map A-IMPORT-FROM-B permit 20
7010 match ipv6 address prefix-list PEER-B-PREFIXES
7011 set community 65001:11111
7016 The route-map A-IMPORT-FROM-B is equivalent to the three filters
7017 (LIST-1, LIST-2 and PEER-B-IN). The first entry of route-map
7018 A-IMPORT-FROM-B (sequence number 1) matches if and only if both the
7019 prefix-list LIST-1 and the filter-list LIST-2 match. If that happens,
7020 due to the "on-match goto 10" statement the next route-map entry to be
7021 processed will be number 10, and as of that point route-map
7022 A-IMPORT-FROM-B is identical to PEER-B-IN. If the first entry does not
7023 match, 'on-match goto 10" will be ignored and the next processed entry
7024 will be number 2, which will deny the route.
7026 Thus, the result is the same that with the three original filters,
7027 i.e., if either LIST-1 or LIST-2 rejects the route, it does not reach
7028 the route-map PEER-B-IN. In case both LIST-1 and LIST-2 accept the
7029 route, it passes to PEER-B-IN, which can reject, accept or modify the
7033 File: quagga.info, Node: VTY shell, Next: Filtering, Prev: Configuring Quagga as a Route Server, Up: Top
7038 'vtysh' is integrated shell of Quagga software.
7040 To use vtysh please specify --enable-vtysh to configure script. To
7041 use PAM for authentication use --with-libpam option to configure script.
7043 vtysh only searches /etc/quagga path for vtysh.conf which is the
7044 vtysh configuration file. Vtysh does not search current directory for
7045 configuration file because the file includes user authentication
7048 Currently, vtysh.conf has only two commands.
7052 * VTY shell username::
7053 * VTY shell integrated configuration::
7056 File: quagga.info, Node: VTY shell username, Next: VTY shell integrated configuration, Up: VTY shell
7058 13.1 VTY shell username
7059 =======================
7061 -- Command: username USERNAME nopassword
7063 With this set, user foo does not need password authentication for
7064 user vtysh. With PAM vtysh uses PAM authentication mechanism.
7066 If vtysh is compiled without PAM authentication, every user can use
7067 vtysh without authentication. vtysh requires read/write permission
7068 to the various daemons vty sockets, this can be accomplished
7069 through use of unix groups and the -enable-vty-group configure
7073 File: quagga.info, Node: VTY shell integrated configuration, Prev: VTY shell username, Up: VTY shell
7075 13.2 VTY shell integrated configuration
7076 =======================================
7078 -- Command: service integrated-vtysh-config
7079 Write out integrated Quagga.conf file when 'write file' is issued.
7081 This command controls the behaviour of vtysh when it is told to
7082 write out the configuration. Per default, vtysh will instruct each
7083 daemon to write out their own config files when 'write file' is
7084 issued. However, if 'service integrated-vtysh-config' is set, when
7085 'write file' is issued, vtysh will instruct the daemons will write
7086 out a Quagga.conf with all daemons' commands integrated into it.
7088 Vtysh per default behaves as if 'write-conf daemon' is set. Note
7089 that both may be set at same time if one wishes to have both
7090 Quagga.conf and daemon specific files written out. Further, note
7091 that the daemons are hard-coded to first look for the integrated
7092 Quagga.conf file before looking for their own file.
7094 We recommend you do not mix the use of the two types of files.
7095 Further, it is better not to use the integrated Quagga.conf file,
7096 as any syntax error in it can lead to /all/ of your daemons being
7097 unable to start up. Per daemon files are more robust as impact of
7098 errors in configuration are limited to the daemon in whose file the
7102 File: quagga.info, Node: Filtering, Next: Route Map, Prev: VTY shell, Up: Top
7107 Quagga provides many very flexible filtering features. Filtering is
7108 used for both input and output of the routing information. Once
7109 filtering is defined, it can be applied in any direction.
7117 File: quagga.info, Node: IP Access List, Next: IP Prefix List, Up: Filtering
7122 -- Command: access-list NAME permit IPV4-NETWORK
7123 -- Command: access-list NAME deny IPV4-NETWORK
7125 Basic filtering is done by 'access-list' as shown in the following
7128 access-list filter deny 10.0.0.0/9
7129 access-list filter permit 10.0.0.0/8
7132 File: quagga.info, Node: IP Prefix List, Prev: IP Access List, Up: Filtering
7137 'ip prefix-list' provides the most powerful prefix based filtering
7138 mechanism. In addition to 'access-list' functionality, 'ip prefix-list'
7139 has prefix length range specification and sequential number
7140 specification. You can add or delete prefix based filters to arbitrary
7141 points of prefix-list using sequential number specification.
7143 If no ip prefix-list is specified, it acts as permit. If 'ip
7144 prefix-list' is defined, and no match is found, default deny is applied.
7146 -- Command: ip prefix-list NAME (permit|deny) PREFIX [le LEN] [ge LEN]
7147 -- Command: ip prefix-list NAME seq NUMBER (permit|deny) PREFIX [le
7150 You can create 'ip prefix-list' using above commands.
7153 seq NUMBER can be set either automatically or manually. In
7154 the case that sequential numbers are set manually, the user
7155 may pick any number less than 4294967295. In the case that
7156 sequential number are set automatically, the sequential number
7157 will increase by a unit of five (5) per list. If a list with
7158 no specified sequential number is created after a list with a
7159 specified sequential number, the list will automatically pick
7160 the next multiple of five (5) as the list number. For
7161 example, if a list with number 2 already exists and a new list
7162 with no specified number is created, the next list will be
7163 numbered 5. If lists 2 and 7 already exist and a new list
7164 with no specified number is created, the new list will be
7168 'le' command specifies prefix length. The prefix list will be
7169 applied if the prefix length is less than or equal to the le
7173 'ge' command specifies prefix length. The prefix list will be
7174 applied if the prefix length is greater than or equal to the
7177 Less than or equal to prefix numbers and greater than or equal to
7178 prefix numbers can be used together. The order of the le and ge
7179 commands does not matter.
7181 If a prefix list with a different sequential number but with the
7182 exact same rules as a previous list is created, an error will result.
7183 However, in the case that the sequential number and the rules are
7184 exactly similar, no error will result.
7186 If a list with the same sequential number as a previous list is
7187 created, the new list will overwrite the old list.
7189 Matching of IP Prefix is performed from the smaller sequential number
7190 to the larger. The matching will stop once any rule has been applied.
7192 In the case of no le or ge command, the prefix length must match
7193 exactly the length specified in the prefix list.
7195 -- Command: no ip prefix-list NAME
7199 * ip prefix-list description::
7200 * ip prefix-list sequential number control::
7201 * Showing ip prefix-list::
7202 * Clear counter of ip prefix-list::
7205 File: quagga.info, Node: ip prefix-list description, Next: ip prefix-list sequential number control, Up: IP Prefix List
7207 14.2.1 ip prefix-list description
7208 ---------------------------------
7210 -- Command: ip prefix-list NAME description DESC
7211 Descriptions may be added to prefix lists. This command adds a
7212 description to the prefix list.
7214 -- Command: no ip prefix-list NAME description [DESC]
7215 Deletes the description from a prefix list. It is possible to use
7216 the command without the full description.
7219 File: quagga.info, Node: ip prefix-list sequential number control, Next: Showing ip prefix-list, Prev: ip prefix-list description, Up: IP Prefix List
7221 14.2.2 ip prefix-list sequential number control
7222 -----------------------------------------------
7224 -- Command: ip prefix-list sequence-number
7225 With this command, the IP prefix list sequential number is
7226 displayed. This is the default behavior.
7228 -- Command: no ip prefix-list sequence-number
7229 With this command, the IP prefix list sequential number is not
7233 File: quagga.info, Node: Showing ip prefix-list, Next: Clear counter of ip prefix-list, Prev: ip prefix-list sequential number control, Up: IP Prefix List
7235 14.2.3 Showing ip prefix-list
7236 -----------------------------
7238 -- Command: show ip prefix-list
7239 Display all IP prefix lists.
7241 -- Command: show ip prefix-list NAME
7242 Show IP prefix list can be used with a prefix list name.
7244 -- Command: show ip prefix-list NAME seq NUM
7245 Show IP prefix list can be used with a prefix list name and
7248 -- Command: show ip prefix-list NAME A.B.C.D/M
7249 If the command longer is used, all prefix lists with prefix lengths
7250 equal to or longer than the specified length will be displayed. If
7251 the command first match is used, the first prefix length match will
7254 -- Command: show ip prefix-list NAME A.B.C.D/M longer
7256 -- Command: show ip prefix-list NAME A.B.C.D/M first-match
7258 -- Command: show ip prefix-list summary
7259 -- Command: show ip prefix-list summary NAME
7261 -- Command: show ip prefix-list detail
7262 -- Command: show ip prefix-list detail NAME
7265 File: quagga.info, Node: Clear counter of ip prefix-list, Prev: Showing ip prefix-list, Up: IP Prefix List
7267 14.2.4 Clear counter of ip prefix-list
7268 --------------------------------------
7270 -- Command: clear ip prefix-list
7271 Clears the counters of all IP prefix lists. Clear IP Prefix List
7272 can be used with a specified name and prefix.
7274 -- Command: clear ip prefix-list NAME
7276 -- Command: clear ip prefix-list NAME A.B.C.D/M
7279 File: quagga.info, Node: Route Map, Next: IPv6 Support, Prev: Filtering, Up: Top
7284 Route maps provide a means to both filter and/or apply actions to route,
7285 hence allowing policy to be applied to routes.
7289 * Route Map Command::
7290 * Route Map Match Command::
7291 * Route Map Set Command::
7292 * Route Map Call Command::
7293 * Route Map Exit Action Command::
7294 * Route Map Examples::
7296 Route-maps are an ordered list of route-map entries. Each entry may
7297 specify up to four distincts sets of clauses:
7301 This specifies the policy implied if the 'Matching Conditions' are
7302 met or not met, and which actions of the route-map are to be taken,
7303 if any. The two possibilities are:
7305 - 'permit': If the entry matches, then carry out the 'Set
7306 Actions'. Then finish processing the route-map, permitting
7307 the route, unless an 'Exit Action' indicates otherwise.
7309 - 'deny': If the entry matches, then finish processing the
7310 route-map and deny the route (return 'deny').
7312 The 'Matching Policy' is specified as part of the command which
7313 defines the ordered entry in the route-map. See below.
7315 'Matching Conditions'
7317 A route-map entry may, optionally, specify one or more conditions
7318 which must be matched if the entry is to be considered further, as
7319 governed by the Match Policy. If a route-map entry does not
7320 explicitely specify any matching conditions, then it always
7325 A route-map entry may, optionally, specify one or more 'Set
7326 Actions' to set or modify attributes of the route.
7330 Call to another route-map, after any 'Set Actions' have been
7331 carried out. If the route-map called returns 'deny' then
7332 processing of the route-map finishes and the route is denied,
7333 regardless of the 'Matching Policy' or the 'Exit Policy'. If the
7334 called route-map returns 'permit', then 'Matching Policy' and 'Exit
7335 Policy' govern further behaviour, as normal.
7339 An entry may, optionally, specify an alternative 'Exit Policy' to
7340 take if the entry matched, rather than the normal policy of exiting
7341 the route-map and permitting the route. The two possibilities are:
7343 - 'next': Continue on with processing of the route-map entries.
7345 - 'goto N': Jump ahead to the first route-map entry whose order
7346 in the route-map is >= N. Jumping to a previous entry is not
7349 The default action of a route-map, if no entries match, is to deny.
7350 I.e. a route-map essentially has as its last entry an empty 'deny'
7351 entry, which matches all routes. To change this behaviour, one must
7352 specify an empty 'permit' entry as the last entry in the route-map.
7354 To summarise the above:
7357 -----------------------------
7358 _Permit_ action cont
7362 - Apply _set_ statements
7364 - If _call_ is present, call given route-map. If that returns a
7365 'deny', finish processing and return 'deny'.
7367 - If 'Exit Policy' is _next_, goto next route-map entry
7369 - If 'Exit Policy' is _goto_, goto first entry whose order in
7370 the list is >= the given order.
7372 - Finish processing the route-map and permit the route.
7375 - The route is denied by the route-map (return 'deny').
7378 - goto next route-map entry
7381 File: quagga.info, Node: Route Map Command, Next: Route Map Match Command, Up: Route Map
7383 15.1 Route Map Command
7384 ======================
7386 -- Command: route-map ROUTE-MAP-NAME (permit|deny) ORDER
7388 Configure the ORDER'th entry in ROUTE-MAP-NAME with 'Match Policy'
7389 of either _permit_ or _deny_.
7392 File: quagga.info, Node: Route Map Match Command, Next: Route Map Set Command, Prev: Route Map Command, Up: Route Map
7394 15.2 Route Map Match Command
7395 ============================
7397 -- Route-map Command: match ip address ACCESS_LIST
7398 Matches the specified ACCESS_LIST
7400 -- Route-map Command: match ip next-hop IPV4_ADDR
7401 Matches the specified IPV4_ADDR.
7403 -- Route-map Command: match as-path AS_PATH
7404 Matches the specified AS_PATH.
7406 -- Route-map Command: match metric METRIC
7407 Matches the specified METRIC.
7409 -- Route-map Command: match local-preference METRIC
7410 Matches the specified LOCAL-PREFERENCE.
7412 -- Route-map Command: match community COMMUNITY_LIST
7413 Matches the specified COMMUNITY_LIST
7416 File: quagga.info, Node: Route Map Set Command, Next: Route Map Call Command, Prev: Route Map Match Command, Up: Route Map
7418 15.3 Route Map Set Command
7419 ==========================
7421 -- Route-map Command: set ip next-hop IPV4_ADDRESS
7422 Set the BGP nexthop address.
7424 -- Route-map Command: set local-preference LOCAL_PREF
7425 Set the BGP local preference.
7427 -- Route-map Command: set weight WEIGHT
7428 Set the route's weight.
7430 -- Route-map Command: set metric METRIC
7431 Set the BGP attribute MED.
7433 -- Route-map Command: set as-path prepend AS_PATH
7434 Set the BGP AS path to prepend.
7436 -- Route-map Command: set community COMMUNITY
7437 Set the BGP community attribute.
7439 -- Route-map Command: set ipv6 next-hop global IPV6_ADDRESS
7440 Set the BGP-4+ global IPv6 nexthop address.
7442 -- Route-map Command: set ipv6 next-hop local IPV6_ADDRESS
7443 Set the BGP-4+ link local IPv6 nexthop address.
7446 File: quagga.info, Node: Route Map Call Command, Next: Route Map Exit Action Command, Prev: Route Map Set Command, Up: Route Map
7448 15.4 Route Map Call Command
7449 ===========================
7451 -- Route-map Command: call NAME
7452 Call route-map NAME. If it returns deny, deny the route and finish
7453 processing the route-map.
7456 File: quagga.info, Node: Route Map Exit Action Command, Next: Route Map Examples, Prev: Route Map Call Command, Up: Route Map
7458 15.5 Route Map Exit Action Command
7459 ==================================
7461 -- Route-map Command: on-match next
7462 -- Route-map Command: continue
7463 Proceed on to the next entry in the route-map.
7465 -- Route-map Command: on-match goto N
7466 -- Route-map Command: continue N
7467 Proceed processing the route-map at the first entry whose order is
7471 File: quagga.info, Node: Route Map Examples, Prev: Route Map Exit Action Command, Up: Route Map
7473 15.6 Route Map Examples
7474 =======================
7476 A simple example of a route-map:
7478 route-map test permit 10
7480 set local-preference 200
7482 This means that if a route matches ip access-list number 10 it's
7483 local-preference value is set to 200.
7485 See *note BGP Configuration Examples:: for examples of more
7486 sophisticated useage of route-maps, including of the 'call' action.
7489 File: quagga.info, Node: IPv6 Support, Next: Kernel Interface, Prev: Route Map, Up: Top
7494 Quagga fully supports IPv6 routing. As described so far, Quagga
7495 supports RIPng, OSPFv3, and BGP-4+. You can give IPv6 addresses to an
7496 interface and configure static IPv6 routing information. Quagga IPv6
7497 also provides automatic address configuration via a feature called
7498 'address auto configuration'. To do it, the router must send router
7499 advertisement messages to the all nodes that exist on the network.
7503 * Router Advertisement::
7506 File: quagga.info, Node: Router Advertisement, Up: IPv6 Support
7508 16.1 Router Advertisement
7509 =========================
7511 -- Interface Command: no ipv6 nd suppress-ra
7512 Send router advertisment messages.
7514 -- Interface Command: ipv6 nd suppress-ra
7515 Don't send router advertisment messages.
7517 -- Interface Command: ipv6 nd prefix IPV6PREFIX [VALID-LIFETIME]
7518 [PREFERRED-LIFETIME] [off-link] [no-autoconfig]
7520 Configuring the IPv6 prefix to include in router advertisements.
7521 Several prefix specific optional parameters and flags may follow:
7522 * VALID-LIFETIME - the length of time in seconds during what the
7523 prefix is valid for the purpose of on-link determination.
7524 Value INFINITE represents infinity (i.e. a value of all one
7525 bits ('0xffffffff')).
7527 Range: '<0-4294967295>' Default: '2592000'
7529 * PREFERRED-LIFETIME - the length of time in seconds during what
7530 addresses generated from the prefix remain preferred. Value
7531 INFINITE represents infinity.
7533 Range: '<0-4294967295>' Default: '604800'
7535 * OFF-LINK - indicates that advertisement makes no statement
7536 about on-link or off-link properties of the prefix.
7538 Default: not set, i.e. this prefix can be used for on-link
7541 * NO-AUTOCONFIG - indicates to hosts on the local link that the
7542 specified prefix cannot be used for IPv6 autoconfiguration.
7544 Default: not set, i.e. prefix can be used for
7547 * ROUTER-ADDRESS - indicates to hosts on the local link that the
7548 specified prefix contains a complete IP address by setting R
7551 Default: not set, i.e. hosts do not assume a complete IP
7554 -- Interface Command: ipv6 nd ra-interval <1-1800>
7555 -- Interface Command: no ipv6 nd ra-interval [<1-1800>]
7556 The maximum time allowed between sending unsolicited multicast
7557 router advertisements from the interface, in seconds.
7561 -- Interface Command: ipv6 nd ra-interval msec <70-1800000>
7562 -- Interface Command: no ipv6 nd ra-interval [msec <70-1800000>]
7563 The maximum time allowed between sending unsolicited multicast
7564 router advertisements from the interface, in milliseconds.
7568 -- Interface Command: ipv6 nd ra-lifetime <0-9000>
7569 -- Interface Command: no ipv6 nd ra-lifetime [<0-9000>]
7570 The value to be placed in the Router Lifetime field of router
7571 advertisements sent from the interface, in seconds. Indicates the
7572 usefulness of the router as a default router on this interface.
7573 Setting the value to zero indicates that the router should not be
7574 considered a default router on this interface. Must be either zero
7575 or between value specified with IPV6 ND RA-INTERVAL (or default)
7580 -- Interface Command: ipv6 nd reachable-time <1-3600000>
7581 -- Interface Command: no ipv6 nd reachable-time [<1-3600000>]
7582 The value to be placed in the Reachable Time field in the Router
7583 Advertisement messages sent by the router, in milliseconds. The
7584 configured time enables the router to detect unavailable neighbors.
7585 The value zero means unspecified (by this router).
7589 -- Interface Command: ipv6 nd managed-config-flag
7590 -- Interface Command: no ipv6 nd managed-config-flag
7591 Set/unset flag in IPv6 router advertisements which indicates to
7592 hosts that they should use managed (stateful) protocol for
7593 addresses autoconfiguration in addition to any addresses
7594 autoconfigured using stateless address autoconfiguration.
7598 -- Interface Command: ipv6 nd other-config-flag
7599 -- Interface Command: no ipv6 nd other-config-flag
7600 Set/unset flag in IPv6 router advertisements which indicates to
7601 hosts that they should use administered (stateful) protocol to
7602 obtain autoconfiguration information other than addresses.
7606 -- Interface Command: ipv6 nd home-agent-config-flag
7607 -- Interface Command: no ipv6 nd home-agent-config-flag
7608 Set/unset flag in IPv6 router advertisements which indicates to
7609 hosts that the router acts as a Home Agent and includes a Home
7614 -- Interface Command: ipv6 nd home-agent-preference <0-65535>
7615 -- Interface Command: no ipv6 nd home-agent-preference [<0-65535>]
7616 The value to be placed in Home Agent Option, when Home Agent config
7617 flag is set, which indicates to hosts Home Agent preference. The
7618 default value of 0 stands for the lowest preference possible.
7622 -- Interface Command: ipv6 nd home-agent-lifetime <0-65520>
7623 -- Interface Command: no ipv6 nd home-agent-lifetime [<0-65520>]
7624 The value to be placed in Home Agent Option, when Home Agent config
7625 flag is set, which indicates to hosts Home Agent Lifetime. The
7626 default value of 0 means to place the current Router Lifetime
7631 -- Interface Command: ipv6 nd adv-interval-option
7632 -- Interface Command: no ipv6 nd adv-interval-option
7633 Include an Advertisement Interval option which indicates to hosts
7634 the maximum time, in milliseconds, between successive unsolicited
7635 Router Advertisements.
7639 -- Interface Command: ipv6 nd router-preference (high|medium|low)
7640 -- Interface Command: no ipv6 nd router-preference [(high|medium|low)]
7641 Set default router preference in IPv6 router advertisements per
7646 -- Interface Command: ipv6 nd mtu <1-65535>
7647 -- Interface Command: no ipv6 nd mtu [<1-65535>]
7648 Include an MTU (type 5) option in each RA packet to assist the
7649 attached hosts in proper interface configuration. The announced
7650 value is not verified to be consistent with router interface MTU.
7652 Default: don't advertise any MTU option
7655 no ipv6 nd suppress-ra
7656 ipv6 nd prefix 2001:0DB8:5009::/64
7658 For more information see 'RFC2462 (IPv6 Stateless Address
7659 Autoconfiguration)' , 'RFC4861 (Neighbor Discovery for IP Version 6
7660 (IPv6))' , 'RFC6275 (Mobility Support in IPv6)' and 'RFC4191 (Default
7661 Router Preferences and More-Specific Routes)'.
7664 File: quagga.info, Node: Kernel Interface, Next: SNMP Support, Prev: IPv6 Support, Up: Top
7669 There are several different methods for reading kernel routing table
7670 information, updating kernel routing tables, and for looking up
7674 The 'ioctl' method is a very traditional way for reading or writing
7675 kernel information. 'ioctl' can be used for looking up interfaces
7676 and for modifying interface addresses, flags, mtu settings and
7677 other types of information. Also, 'ioctl' can insert and delete
7678 kernel routing table entries. It will soon be available on almost
7679 any platform which zebra supports, but it is a little bit ugly thus
7680 far, so if a better method is supported by the kernel, zebra will
7684 'sysctl' can lookup kernel information using MIB (Management
7685 Information Base) syntax. Normally, it only provides a way of
7686 getting information from the kernel. So one would usually want to
7687 change kernel information using another method such as 'ioctl'.
7690 'proc filesystem' provides an easy way of getting kernel
7696 On recent Linux kernels (2.0.x and 2.2.x), there is a kernel/user
7697 communication support called 'netlink'. It makes asynchronous
7698 communication between kernel and Quagga possible, similar to a
7699 routing socket on BSD systems.
7701 Before you use this feature, be sure to select (in kernel
7702 configuration) the kernel/netlink support option 'Kernel/User
7703 network link driver' and 'Routing messages'.
7705 Today, the /dev/route special device file is obsolete. Netlink
7706 communication is done by reading/writing over netlink socket.
7708 After the kernel configuration, please reconfigure and rebuild
7709 Quagga. You can use netlink as a dynamic routing update channel
7710 between Quagga and the kernel.
7713 File: quagga.info, Node: SNMP Support, Next: Zebra Protocol, Prev: Kernel Interface, Up: Top
7718 SNMP (Simple Network Managing Protocol) is a widely implemented feature
7719 for collecting network information from router and/or host. Quagga
7720 itself does not support SNMP agent (server daemon) functionality but is
7721 able to connect to a SNMP agent using the SMUX protocol ('RFC1227') or
7722 the AgentX protocol ('RFC2741') and make the routing protocol MIBs
7723 available through it.
7727 * Getting and installing an SNMP agent::
7728 * AgentX configuration::
7729 * SMUX configuration::
7730 * MIB and command reference::
7731 * Handling SNMP Traps::
7734 File: quagga.info, Node: Getting and installing an SNMP agent, Next: AgentX configuration, Up: SNMP Support
7736 18.1 Getting and installing an SNMP agent
7737 =========================================
7739 There are several SNMP agent which support SMUX or AgentX. We recommend
7740 to use the latest version of 'net-snmp' which was formerly known as
7741 'ucd-snmp'. It is free and open software and available at
7742 <http://www.net-snmp.org/> and as binary package for most Linux
7743 distributions. 'net-snmp' has to be compiled with
7744 '--with-mib-modules=agentx' to be able to accept connections from Quagga
7745 using AgentX protocol or with '--with-mib-modules=smux' to use SMUX
7748 Nowadays, SMUX is a legacy protocol. The AgentX protocol should be
7749 preferred for any new deployment. Both protocols have the same
7753 File: quagga.info, Node: AgentX configuration, Next: SMUX configuration, Prev: Getting and installing an SNMP agent, Up: SNMP Support
7755 18.2 AgentX configuration
7756 =========================
7758 To enable AgentX protocol support, Quagga must have been build with the
7759 '--enable-snmp' or '--enable-snmp=agentx' option. Both the master SNMP
7760 agent (snmpd) and each of the Quagga daemons must be configured. In
7761 '/etc/snmp/snmpd.conf', 'master agentx' directive should be added. In
7762 each of the Quagga daemons, 'agentx' command will enable AgentX support.
7764 /etc/snmp/snmpd.conf:
7766 # example access restrictions setup
7768 com2sec readonly default public
7769 group MyROGroup v1 readonly
7770 view all included .1 80
7771 access MyROGroup "" any noauth exact all none none
7773 # enable master agent for AgentX subagents
7777 /etc/quagga/ospfd.conf:
7778 ! ... the rest of ospfd.conf has been omitted for clarity ...
7783 Upon successful connection, you should get something like this in the
7784 log of each Quagga daemons:
7786 2012/05/25 11:39:08 ZEBRA: snmp[info]: NET-SNMP version 5.4.3 AgentX subagent connected
7788 Then, you can use the following command to check everything works as
7791 # snmpwalk -c public -v1 localhost .1.3.6.1.2.1.14.1.1
7792 OSPF-MIB::ospfRouterId.0 = IpAddress: 192.168.42.109
7795 The AgentX protocol can be transported over a Unix socket or using
7796 TCP or UDP. It usually defaults to a Unix socket and depends on how
7797 NetSNMP was built. If need to configure Quagga to use another
7798 transport, you can configure it through '/etc/snmp/quagga.conf':
7800 /etc/snmp/quagga.conf:
7802 # Use a remote master agent
7803 agentXSocket tcp:192.168.15.12:705
7806 File: quagga.info, Node: SMUX configuration, Next: MIB and command reference, Prev: AgentX configuration, Up: SNMP Support
7808 18.3 SMUX configuration
7809 =======================
7811 To enable SMUX protocol support, Quagga must have been build with the
7812 '--enable-snmp=smux' option.
7814 A separate connection has then to be established between the SNMP
7815 agent (snmpd) and each of the Quagga daemons. This connections each use
7816 different OID numbers and passwords. Be aware that this OID number is
7817 not the one that is used in queries by clients, it is solely used for
7818 the intercommunication of the daemons.
7820 In the following example the ospfd daemon will be connected to the
7821 snmpd daemon using the password "quagga_ospfd". For testing it is
7822 recommending to take exactly the below snmpd.conf as wrong access
7823 restrictions can be hard to debug.
7825 /etc/snmp/snmpd.conf:
7827 # example access restrictions setup
7829 com2sec readonly default public
7830 group MyROGroup v1 readonly
7831 view all included .1 80
7832 access MyROGroup "" any noauth exact all none none
7834 # the following line is relevant for Quagga
7836 smuxpeer .1.3.6.1.4.1.3317.1.2.5 quagga_ospfd
7839 ! ... the rest of ospfd.conf has been omitted for clarity ...
7841 smux peer .1.3.6.1.4.1.3317.1.2.5 quagga_ospfd
7844 After restarting snmpd and quagga, a successful connection can be
7845 verified in the syslog and by querying the SNMP daemon:
7847 snmpd[12300]: [smux_accept] accepted fd 12 from 127.0.0.1:36255
7848 snmpd[12300]: accepted smux peer: \
7849 oid GNOME-PRODUCT-ZEBRA-MIB::ospfd, quagga-0.96.5
7851 # snmpwalk -c public -v1 localhost .1.3.6.1.2.1.14.1.1
7852 OSPF-MIB::ospfRouterId.0 = IpAddress: 192.168.42.109
7854 Be warned that the current version (5.1.1) of the Net-SNMP daemon
7855 writes a line for every SNMP connect to the syslog which can lead to
7856 enormous log file sizes. If that is a problem you should consider to
7857 patch snmpd and comment out the troublesome 'snmp_log()' line in the
7858 function 'netsnmp_agent_check_packet()' in 'agent/snmp_agent.c'.