proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-08-06 02:16:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

doc: use frr syntax highlighting

Browse Source 
* Use highlighter added in previous commit
* Correct indentation where I came across it

Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
This commit is contained in:
Quentin Young 2018-04-09 17:26:32 -04:00
parent d5403d4f40
commit 9eb95b3b0a
No known key found for this signature in database
GPG Key ID: DAF48E0F57E0834F
19 changed files with 597 additions and 532 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

114
doc/user/basic.rst
View File

@ -42,7 +42,7 @@ Config files are generally found in |INSTALL_PREFIX_ETC|.
Each of the daemons has its own config file. The daemon name plus ``.conf`` is
the default config file name. For example, zebra's default config file name is
:file:`zebra.conf`. You can specify a config file using the :option:`-f` or
:option:`--config-file` options when starting the daemon.
:option:`--config_file` options when starting the daemon.
.. _basic-config-commands:
@ -261,27 +261,27 @@ Sample Config File
Below is a sample configuration file for the zebra daemon.
::
.. code-block:: frr
!
! Zebra configuration file
!
hostname Router
password zebra
enable password zebra
!
log stdout
!
!
!
! Zebra configuration file
!
hostname Router
password zebra
enable password zebra
!
log stdout
!
!
'!' and '#' are comment characters. If the first character of the word
is one of the comment characters then from the rest of the line forward
will be ignored as a comment.
::
.. code-block:: frr
password zebra!password
password zebra!password
If a comment character is not the first character of the word, it's a
normal character. So in the above example '!' will not be regarded as a
@ -466,32 +466,32 @@ is no VTY password, one cannot connect to the VTY interface at all.
::
% telnet localhost 2601
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
% telnet localhost 2601
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Hello, this is |PACKAGE_NAME| (version |PACKAGE_VERSION|)
|COPYRIGHT_STR|
Hello, this is |PACKAGE_NAME| (version |PACKAGE_VERSION|)
|COPYRIGHT_STR|
User Access Verification
User Access Verification
Password: XXXXX
Router> ?
enable . . . Turn on privileged commands
exit . . . Exit current mode and down to previous mode
help . . . Description of the interactive help system
list . . . Print command list
show . . . Show system inform
Password: XXXXX
Router> ?
enable . . . Turn on privileged commands
exit . . . Exit current mode and down to previous mode
help . . . Description of the interactive help system
list . . . Print command list
show . . . Show system inform
wh. . . Display who is on a vty
Router> enable
Password: XXXXX
Router# configure terminal
Router(config)# interface eth0
Router(config-if)# ip address 10.0.0.1/8
Router(config-if)# ^Z
Router#
wh. . . Display who is on a vty
Router> enable
Password: XXXXX
Router# configure terminal
Router(config)# interface eth0
Router(config-if)# ip address 10.0.0.1/8
Router(config-if)# ^Z
Router#
:kbd:`?` and the ``find`` command are very useful for looking up commands.
@ -545,22 +545,22 @@ These commands are used for moving the CLI cursor. The :kbd:`C` character
means press the Control Key.
:kbd:`C-f` / :kbd:`LEFT`
Move forward one character.
Move forward one character.
:kbd:`C-b` / :kbd:`RIGHT`
Move backward one character.
Move backward one character.
:kbd:`M-f`
Move forward one word.
Move forward one word.
:kbd:`M-b`
Move backward one word.
Move backward one word.
:kbd:`C-a`
Move to the beginning of the line.
Move to the beginning of the line.
:kbd:`C-e`
Move to the end of the line.
Move to the end of the line.
.. _cli-editing-commands:
@ -573,31 +573,31 @@ character means press the Control Key.
:kbd:`C-h` / :kbd:`DEL`
Delete the character before point.
Delete the character before point.
:kbd:`C-d`
Delete the character after point.
Delete the character after point.
:kbd:`M-d`
Forward kill word.
Forward kill word.
:kbd:`C-w`
Backward kill word.
Backward kill word.
:kbd:`C-k`
Kill to the end of the line.
Kill to the end of the line.
:kbd:`C-u`
Kill line from the beginning, erasing input.
Kill line from the beginning, erasing input.
:kbd:`C-t`
Transpose character.
Transpose character.
CLI Advanced Commands
@ -608,27 +608,27 @@ insta-help, and VTY session management.
:kbd:`C-c`
Interrupt current input and moves to the next line.
Interrupt current input and moves to the next line.
:kbd:`C-z`
End current configuration session and move to top node.
End current configuration session and move to top node.
:kbd:`C-n` / :kbd:`DOWN`
Move down to next line in the history buffer.
Move down to next line in the history buffer.
:kbd:`C-p` / :kbd:`UP`
Move up to previous line in the history buffer.
Move up to previous line in the history buffer.
:kbd:`TAB`
Use command line completion by typing :kbd:`TAB`.
Use command line completion by typing :kbd:`TAB`.
:kbd:`?`
You can use command line help by typing `help` at the beginning of
the line. Typing :kbd:`?` at any point in the line will show possible
completions.
You can use command line help by typing ``help`` at the beginning of the
line. Typing :kbd:`?` at any point in the line will show possible
completions.

99
doc/user/bgp.rst
View File

@ -470,12 +470,14 @@ BGP route
.. index:: network A.B.C.D/M
.. clicmd:: network A.B.C.D/M
This command adds the announcement network.::
This command adds the announcement network.
router bgp 1
address-family ipv4 unicast
network 10.0.0.0/8
exit-address-family
.. code-block:: frr
router bgp 1
address-family ipv4 unicast
network 10.0.0.0/8
exit-address-family
This configuration example says that network 10.0.0.0/8 will be
announced to all neighbors. Some vendors' routers don't advertise
@ -603,15 +605,17 @@ Defining Peer
.. clicmd:: neighbor PEER remote-as ASN
Creates a new neighbor whose remote-as is ASN. PEER can be an IPv4 address
or an IPv6 address or an interface to use for the connection.::
or an IPv6 address or an interface to use for the connection.
router bgp 1
neighbor 10.0.0.1 remote-as 2
.. code-block:: frr
router bgp 1
neighbor 10.0.0.1 remote-as 2
In this case my router, in AS-1, is trying to peer with AS-2 at 10.0.0.1.
This command must be the first command used when configuring a neighbor. If
the remote-as is not specified, *bgpd* will complain like this:::
the remote-as is not specified, *bgpd* will complain like this: ::
can't find neighbor 10.0.0.1
@ -711,7 +715,9 @@ required.
Specify the IPv4 source address to use for the :abbr:`BGP` session to this
neighbour, may be specified as either an IPv4 address directly or as an
interface name (in which case the *zebra* daemon MUST be running in order
for *bgpd* to be able to retrieve interface state).::
for *bgpd* to be able to retrieve interface state).
.. code-block:: frr
router bgp 64555
neighbor foo update-source 192.168.0.1
@ -1187,7 +1193,10 @@ Following configuration is the most typical usage of BGP communities
attribute. AS 7675 provides upstream Internet connection to AS 100.
When following configuration exists in AS 7675, AS 100 networks
operator can set local preference in AS 7675 network by setting BGP
communities attribute to the updates.::
communities attribute to the updates.
.. code-block:: frr
router bgp 7675
neighbor 192.168.0.1 remote-as 100
@ -1218,7 +1227,9 @@ communities attribute to the updates.::
Following configuration announce 10.0.0.0/8 from AS 100 to AS 7675.
The route has communities value 7675:80 so when above configuration
exists in AS 7675, announced route's local preference will be set to
value 80.::
value 80.
.. code-block:: frr
router bgp 100
network 10.0.0.0/8
@ -1238,7 +1249,9 @@ Following configuration is an example of BGP route filtering using
communities attribute. This configuration only permit BGP routes
which has BGP communities value 0:80 or 0:90. Network operator can
put special internal communities value at BGP border router, then
limit the BGP routes announcement into the internal network.::
limit the BGP routes announcement into the internal network.
.. code-block:: frr
router bgp 7675
neighbor 192.168.0.1 remote-as 100
@ -1254,7 +1267,9 @@ limit the BGP routes announcement into the internal network.::
Following exmaple filter BGP routes which has communities value 1:1.
When there is no match community-list returns deny. To avoid
filtering all of routes, we need to define permit any at last.::
filtering all of routes, we need to define permit any at last.
.. code-block:: frr
router bgp 7675
neighbor 192.168.0.1 remote-as 100
@ -1273,7 +1288,9 @@ Communities value keyword `internet` has special meanings in
standard community lists. In below example `internet` act as
match any. It matches all of BGP routes even if the route does not
have communities attribute at all. So community list ``INTERNET``
is same as above example's ``FILTER``.::
is same as above example's ``FILTER``.
.. code-block:: frr
ip community-list standard INTERNET deny 1:1
ip community-list standard INTERNET permit internet
@ -1282,7 +1299,9 @@ is same as above example's ``FILTER``.::
Following configuration is an example of communities value deletion.
With this configuration communities value 100:1 and 100:2 is removed
from BGP updates. For communities value deletion, only `permit`
community-list is used. `deny` community-list is ignored.::
community-list is used. `deny` community-list is ignored.
.. code-block:: frr
router bgp 7675
neighbor 192.168.0.1 remote-as 100
@ -1379,11 +1398,9 @@ Lists.
.. clicmd:: show ip extcommunity-list NAME
This command displays current extcommunity-list information. When `name` is
specified the community list's information is shown.
specified the community list's information is shown.::
::
# show ip extcommunity-list
# show ip extcommunity-list
.. _bgp-extended-communities-in-route-map:
@ -1930,7 +1947,9 @@ neighbor. If a user manually disables the feature, the community attribute is
not sent to the neighbor. When ``bgp config-type cisco`` is specified, the
community attribute is not sent to the neighbor by default. To send the
community attribute user has to specify *neighbor A.B.C.D send-community*
command.::
command.
.. code-block:: frr
!
router bgp 1
@ -1966,17 +1985,17 @@ multiple instance feature is enabled.
Make a new BGP instance. You can use an arbitrary word for the `name`.
::
.. code-block:: frr
bgp multiple-instance
!
router bgp 1
neighbor 10.0.0.1 remote-as 2
neighbor 10.0.0.2 remote-as 3
!
router bgp 2
neighbor 10.0.0.3 remote-as 4
neighbor 10.0.0.4 remote-as 5
bgp multiple-instance
!
router bgp 1
neighbor 10.0.0.1 remote-as 2
neighbor 10.0.0.2 remote-as 3
!
router bgp 2
neighbor 10.0.0.3 remote-as 4
neighbor 10.0.0.4 remote-as 5
BGP view is almost same as normal BGP process. The result of route selection
@ -1991,7 +2010,7 @@ routing information.
With this command, you can setup Route Server like below.
::
.. code-block:: frr
bgp multiple-instance
!
@ -2010,7 +2029,9 @@ Routing policy
--------------
You can set different routing policy for a peer. For example, you can set
different filter for a peer.::
different filter for a peer.
.. code-block:: frr
bgp multiple-instance
!
@ -2084,10 +2105,10 @@ _
How to set up a 6-Bone connection
=================================
::
.. code-block:: frr
bgpd configuration
==================
! bgpd configuration
! ==================
!
! MP-BGP configuration
!
@ -2171,7 +2192,9 @@ Dump BGP packets and table
BGP Configuration Examples
==========================
Example of a session to an upstream, advertising only one prefix to it.::
Example of a session to an upstream, advertising only one prefix to it.
.. code-block:: frr
router bgp 64512
bgp router-id 10.236.87.1
@ -2196,7 +2219,7 @@ feature to support selective advertising of prefixes. This example is intended
as guidance only, it has NOT been tested and almost certainly containts silly
mistakes, if not serious flaws.
::
.. code-block:: frr
router bgp 64512
bgp router-id 10.236.87.1

2
doc/user/eigrpd.rst
View File

@ -99,7 +99,7 @@ EIGRP Configuration
Below is very simple EIGRP configuration. Interface `eth0` and
interface which address match to `10.0.0.0/8` are EIGRP enabled.
::
.. code-block:: frr
!
router eigrp 1

2
doc/user/filter.rst
View File

@ -18,7 +18,7 @@ IP Access List
Basic filtering is done by `access-list` as shown in the
following example.
::
.. code-block:: frr
access-list filter deny 10.0.0.0/9
access-list filter permit 10.0.0.0/8

12
doc/user/isisd.rst
View File

@ -559,7 +559,9 @@ Debugging ISIS
ISIS Configuration Examples
===========================
A simple example, with MD5 authentication enabled:::
A simple example, with MD5 authentication enabled:
.. code-block:: frr
!
interface eth0
@ -575,7 +577,9 @@ A simple example, with MD5 authentication enabled:::
A Traffic Engineering configuration, with Inter-ASv2 support.
First, the 'zebra.conf' part:::
First, the :file:`zebra.conf` part:
.. code-block:: frr
hostname HOSTNAME
password PASSWORD
@ -614,7 +618,9 @@ First, the 'zebra.conf' part:::
neighbor 10.1.1.2 as 65000
Then the 'isisd.conf' itself:::
Then the :file:`isisd.conf` itself:
.. code-block:: frr
hostname HOSTNAME
password PASSWORD

29
doc/user/nhrpd.rst
View File

@ -52,7 +52,9 @@ hub nodes, these routes should be internally redistributed using some
routing protocol (e.g. iBGP) to allow hubs to be able to relay all traffic.
This can be achieved in hubs with the following bgp configuration (network
command defines the GRE subnet):::
command defines the GRE subnet):
.. code-block:: frr
router bgp 65555
address-family ipv4 unicast
@ -82,12 +84,12 @@ using NFLOG. Typically you want to send Traffic Indications for network
traffic that is routed from gre1 back to gre1 in rate limited manner.
This can be achieved with the following iptables rule.
::
.. code-block:: shell
iptables -A FORWARD -i gre1 -o gre1 \\
-m hashlimit --hashlimit-upto 4/minute --hashlimit-burst 1 \\
--hashlimit-mode srcip,dstip --hashlimit-srcmask 24 --hashlimit-dstmask 24 \\
--hashlimit-name loglimit-0 -j NFLOG --nflog-group 1 --nflog-range 128
iptables -A FORWARD -i gre1 -o gre1 \\
-m hashlimit --hashlimit-upto 4/minute --hashlimit-burst 1 \\
--hashlimit-mode srcip,dstip --hashlimit-srcmask 24 --hashlimit-dstmask 24 \\
--hashlimit-name loglimit-0 -j NFLOG --nflog-group 1 --nflog-range 128
You can fine tune the src/dstmask according to the prefix lengths you
@ -95,15 +97,20 @@ announce internal, add additional IP range matches, or rate limitation
if needed. However, the above should be good in most cases.
This kernel NFLOG target's nflog-group is configured in global nhrp config
with:::
with:
nhrp nflog-group 1
.. code-block:: frr
nhrp nflog-group 1
To start sending these traffic notices out from hubs, use the nhrp
per-interface directive:::
per-interface directive:
.. code-block:: frr
interface gre1
ip nhrp redirect
interface gre1
ip nhrp redirect
.. _integration-with-ike:

6
doc/user/ospf6d.rst
View File

@ -49,7 +49,9 @@ OSPF6 router
will cause the holdtime to be increased by `initial-holdtime`, bounded
by the `maximum-holdtime` configured with this command. If the adaptive
hold-time elapses without any SPF-triggering event occuring then
the current holdtime is reset to the `initial-holdtime`.::
the current holdtime is reset to the `initial-holdtime`.
.. code-block:: frr
router ospf6
timers throttle spf 200 400 10000
@ -187,7 +189,7 @@ OSPF6 Configuration Examples
Example of ospf6d configured on one interface and area:
::
.. code-block:: frr
interface eth0
ipv6 ospf6 instance-id 0

164
doc/user/ospf_fundamentals.rst
View File

@ -336,61 +336,61 @@ are fully adjacent with 192.168.0.49.
::
# show ip ospf database router 192.168.0.49
# show ip ospf database router 192.168.0.49
OSPF Router with ID (192.168.0.53)
OSPF Router with ID (192.168.0.53)
Router Link States (Area 0.0.0.0)
Router Link States (Area 0.0.0.0)
LS age: 38
Options: 0x2 : *|-|-|-|-|-|E|*
LS Flags: 0x6
Flags: 0x2 : ASBR
LS Type: router-LSA
Link State ID: 192.168.0.49
Advertising Router: 192.168.0.49
LS Seq Number: 80000f90
Checksum: 0x518b
Length: 60
Number of Links: 3
LS age: 38
Options: 0x2 : *|-|-|-|-|-|E|*
LS Flags: 0x6
Flags: 0x2 : ASBR
LS Type: router-LSA
Link State ID: 192.168.0.49
Advertising Router: 192.168.0.49
LS Seq Number: 80000f90
Checksum: 0x518b
Length: 60
Number of Links: 3
Link connected to: a Transit Network
(Link ID) Designated Router address: 192.168.1.3
(Link Data) Router Interface address: 192.168.1.3
Number of TOS metrics: 0
TOS 0 Metric: 10
Link connected to: a Transit Network
(Link ID) Designated Router address: 192.168.1.3
(Link Data) Router Interface address: 192.168.1.3
Number of TOS metrics: 0
TOS 0 Metric: 10
Link connected to: a Transit Network
(Link ID) Designated Router address: 192.168.0.49
(Link Data) Router Interface address: 192.168.0.49
Number of TOS metrics: 0
TOS 0 Metric: 10
Link connected to: a Transit Network
(Link ID) Designated Router address: 192.168.0.49
(Link Data) Router Interface address: 192.168.0.49
Number of TOS metrics: 0
TOS 0 Metric: 10
Link connected to: Stub Network
(Link ID) Net: 192.168.3.190
(Link Data) Network Mask: 255.255.255.255
Number of TOS metrics: 0
TOS 0 Metric: 39063
# show ip ospf database network 192.168.0.49
Link connected to: Stub Network
(Link ID) Net: 192.168.3.190
(Link Data) Network Mask: 255.255.255.255
Number of TOS metrics: 0
TOS 0 Metric: 39063
# show ip ospf database network 192.168.0.49
OSPF Router with ID (192.168.0.53)
OSPF Router with ID (192.168.0.53)
Net Link States (Area 0.0.0.0)
Net Link States (Area 0.0.0.0)
LS age: 285
Options: 0x2 : *|-|-|-|-|-|E|*
LS Flags: 0x6
LS Type: network-LSA
Link State ID: 192.168.0.49 (address of Designated Router)
Advertising Router: 192.168.0.49
LS Seq Number: 80000074
Checksum: 0x0103
Length: 40
Network Mask: /29
Attached Router: 192.168.0.49
Attached Router: 192.168.0.52
Attached Router: 192.168.0.53
Attached Router: 192.168.0.54
LS age: 285
Options: 0x2 : *|-|-|-|-|-|E|*
LS Flags: 0x6
LS Type: network-LSA
Link State ID: 192.168.0.49 (address of Designated Router)
Advertising Router: 192.168.0.49
LS Seq Number: 80000074
Checksum: 0x0103
Length: 40
Network Mask: /29
Attached Router: 192.168.0.49
Attached Router: 192.168.0.52
Attached Router: 192.168.0.53
Attached Router: 192.168.0.54
Note that from one LSA, you can find the other. E.g. Given the
@ -412,26 +412,26 @@ following partial topology:
::
------------------------ Network: ......
| Designated Router IP: 192.168.1.3
|
IP: 192.168.1.3
(transit link)
(cost: 10)
Router ID: 192.168.0.49(stub)---------- IP: 192.168.3.190/32
(cost: 10) (cost: 39063)
(transit link)
IP: 192.168.0.49
|
|
------------------------------ Network: 192.168.0.48/29
| | | Designated Router IP: 192.168.0.49
| | |
| | Router ID: 192.168.0.54
| |
| Router ID: 192.168.0.53
|
Router ID: 192.168.0.52
------------------------ Network: ......
| Designated Router IP: 192.168.1.3
|
IP: 192.168.1.3
(transit link)
(cost: 10)
Router ID: 192.168.0.49(stub)---------- IP: 192.168.3.190/32
(cost: 10) (cost: 39063)
(transit link)
IP: 192.168.0.49
|
|
------------------------------ Network: 192.168.0.48/29
| | | Designated Router IP: 192.168.0.49
| | |
| | Router ID: 192.168.0.54
| |
| Router ID: 192.168.0.53
|
Router ID: 192.168.0.52
Note the Router IDs, though they look like IP addresses and often are
@ -495,22 +495,22 @@ should forward to the originating ASBR if selected.
::
# show ip ospf database external 192.168.165.0
LS age: 995
Options: 0x2 : *|-|-|-|-|-|E|*
LS Flags: 0x9
LS Type: AS-external-LSA
Link State ID: 192.168.165.0 (External Network Number)
Advertising Router: 192.168.0.49
LS Seq Number: 800001d8
Checksum: 0xea27
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 0.0.0.0
External Route Tag: 0
# show ip ospf database external 192.168.165.0
LS age: 995
Options: 0x2 : *|-|-|-|-|-|E|*
LS Flags: 0x9
LS Type: AS-external-LSA
Link State ID: 192.168.165.0 (External Network Number)
Advertising Router: 192.168.0.49
LS Seq Number: 800001d8
Checksum: 0xea27
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 0.0.0.0
External Route Tag: 0
We can add this to our partial topology from above, which now looks

182
doc/user/ospfd.rst
View File

@ -163,7 +163,7 @@ writing, *ospfd* does not support multiple OSPF processes.
holdtime can be viewed with :clicmd:`show ip ospf`, where it is expressed as
a multiplier of the `initial-holdtime`.
::
.. code-block:: frr
router ospf
timers throttle spf 200 400 10000
@ -249,11 +249,10 @@ writing, *ospfd* does not support multiple OSPF processes.
on this interface so router can provide network information to the other
ospf routers via this interface.
::
router ospf
network 192.168.1.0/24 area 0.0.0.0
.. code-block:: frr
router ospf
network 192.168.1.0/24 area 0.0.0.0
Prefix length in interface must be equal or bigger (ie. smaller network) than
prefix length in network statement. For example statement above doesn't enable
@ -288,23 +287,23 @@ OSPF area
.. index:: no area (0-4294967295) range A.B.C.D/M
.. clicmd:: no area (0-4294967295) range A.B.C.D/M
Summarize intra area paths from specified area into one Type-3 summary-LSA
announced to other areas. This command can be used only in ABR and ONLY
router-LSAs (Type-1) and network-LSAs (Type-2) (ie. LSAs with scope area) can
be summarized. Type-5 AS-external-LSAs can't be summarized - their scope is AS.
Summarizing Type-7 AS-external-LSAs isn't supported yet by FRR.
Summarize intra area paths from specified area into one Type-3 summary-LSA
announced to other areas. This command can be used only in ABR and ONLY
router-LSAs (Type-1) and network-LSAs (Type-2) (ie. LSAs with scope area) can
be summarized. Type-5 AS-external-LSAs can't be summarized - their scope is AS.
Summarizing Type-7 AS-external-LSAs isn't supported yet by FRR.
::
.. code-block:: frr
router ospf
network 192.168.1.0/24 area 0.0.0.0
network 10.0.0.0/8 area 0.0.0.10
area 0.0.0.10 range 10.0.0.0/8
router ospf
network 192.168.1.0/24 area 0.0.0.0
network 10.0.0.0/8 area 0.0.0.10
area 0.0.0.10 range 10.0.0.0/8
With configuration above one Type-3 Summary-LSA with routing info 10.0.0.0/8 is
announced into backbone area if area 0.0.0.10 contains at least one intra-area
network (ie. described with router or network LSA) from this range.
With configuration above one Type-3 Summary-LSA with routing info 10.0.0.0/8 is
announced into backbone area if area 0.0.0.10 contains at least one intra-area
network (ie. described with router or network LSA) from this range.
.. index:: area A.B.C.D range IPV4_PREFIX not-advertise
.. clicmd:: area A.B.C.D range IPV4_PREFIX not-advertise
@ -324,12 +323,12 @@ OSPF area
Substitute summarized prefix with another prefix.
::
.. code-block:: frr
router ospf
network 192.168.1.0/24 area 0.0.0.0
network 10.0.0.0/8 area 0.0.0.10
area 0.0.0.10 range 10.0.0.0/8 substitute 11.0.0.0/8
router ospf
network 192.168.1.0/24 area 0.0.0.0
network 10.0.0.0/8 area 0.0.0.10
area 0.0.0.10 range 10.0.0.0/8 substitute 11.0.0.0/8
One Type-3 summary-LSA with routing info 11.0.0.0/8 is announced into backbone area if
@ -421,16 +420,15 @@ OSPF area
Filter Type-3 summary-LSAs announced to other areas originated from intra-
area paths from specified area.
::
router ospf
network 192.168.1.0/24 area 0.0.0.0
network 10.0.0.0/8 area 0.0.0.10
area 0.0.0.10 export-list foo
!
access-list foo permit 10.10.0.0/16
access-list foo deny any
.. code-block:: frr
router ospf
network 192.168.1.0/24 area 0.0.0.0
network 10.0.0.0/8 area 0.0.0.10
area 0.0.0.10 export-list foo
!
access-list foo permit 10.10.0.0/16
access-list foo deny any
With example above any intra-area paths from area 0.0.0.10 and from range
10.10.0.0/16 (for example 10.10.1.0/24 and 10.10.2.128/30) are announced into
@ -452,8 +450,8 @@ OSPF area
.. index:: no area (0-4294967295) import-list NAME
.. clicmd:: no area (0-4294967295) import-list NAME
Same as export-list, but it applies to paths announced into specified area as
Type-3 summary-LSAs.
Same as export-list, but it applies to paths announced into specified area
as Type-3 summary-LSAs.
.. index:: area A.B.C.D filter-list prefix NAME in
.. clicmd:: area A.B.C.D filter-list prefix NAME in
@ -479,8 +477,8 @@ OSPF area
.. index:: no area (0-4294967295) filter-list prefix NAME out
.. clicmd:: no area (0-4294967295) filter-list prefix NAME out
Filtering Type-3 summary-LSAs to/from area using prefix lists. This command
makes sense in ABR only.
Filtering Type-3 summary-LSAs to/from area using prefix lists. This command
makes sense in ABR only.
.. index:: area A.B.C.D authentication
.. clicmd:: area A.B.C.D authentication
@ -494,8 +492,8 @@ OSPF area
.. index:: no area (0-4294967295) authentication
.. clicmd:: no area (0-4294967295) authentication
Specify that simple password authentication should be used for the given
area.
Specify that simple password authentication should be used for the given
area.
.. index:: area A.B.C.D authentication message-digest
.. clicmd:: area A.B.C.D authentication message-digest
@ -568,12 +566,11 @@ OSPF interface
Set OSPF authentication key to a cryptographic password. The cryptographic
algorithm is MD5.
KEYID identifies secret key used to create the message digest. This ID
is part of the protocol and must be consistent across routers on a
link.
KEYID identifies secret key used to create the message digest. This ID is
part of the protocol and must be consistent across routers on a link.
KEY is the actual message digest key, of up to 16 chars (larger strings
will be truncated), and is associated with the given KEYID.
KEY is the actual message digest key, of up to 16 chars (larger strings will
be truncated), and is associated with the given KEYID.
.. index:: ip ospf cost (1-65535)
.. clicmd:: ip ospf cost (1-65535)
@ -581,8 +578,8 @@ OSPF interface
.. index:: no ip ospf cost
.. clicmd:: no ip ospf cost
Set link cost for the specified interface. The cost value is set to router-LSA's
metric field and used for SPF calculation.
Set link cost for the specified interface. The cost value is set to
router-LSA's metric field and used for SPF calculation.
.. index:: ip ospf dead-interval (1-65535)
.. clicmd:: ip ospf dead-interval (1-65535)
@ -635,10 +632,9 @@ OSPF interface
.. index:: no ip ospf priority
.. clicmd:: no ip ospf priority
Set RouterPriority integer value. The router with the highest priority
will be more eligible to become Designated Router. Setting the value
to 0, makes the router ineligible to become Designated Router. The
default value is 1.
Set RouterPriority integer value. The router with the highest priority will
be more eligible to become Designated Router. Setting the value to 0, makes
the router ineligible to become Designated Router. The default value is 1.
.. index:: ip ospf retransmit-interval (1-65535)
.. clicmd:: ip ospf retransmit-interval (1-65535)
@ -646,9 +642,9 @@ OSPF interface
.. index:: no ip ospf retransmit interval
.. clicmd:: no ip ospf retransmit interval
Set number of seconds for RxmtInterval timer value. This value is used
when retransmitting Database Description and Link State Request packets.
The default value is 5 seconds.
Set number of seconds for RxmtInterval timer value. This value is used when
retransmitting Database Description and Link State Request packets. The
default value is 5 seconds.
.. index:: ip ospf transmit-delay
.. clicmd:: ip ospf transmit-delay
@ -657,8 +653,7 @@ OSPF interface
.. clicmd:: no ip ospf transmit-delay
Set number of seconds for InfTransDelay value. LSAs' age should be
incremented by this value when transmitting.
The default value is 1 seconds.
incremented by this value when transmitting. The default value is 1 second.
.. index:: ip ospf area (A.B.C.D|(0-4294967295))
.. clicmd:: ip ospf area (A.B.C.D|(0-4294967295))
@ -666,7 +661,7 @@ OSPF interface
.. index:: no ip ospf area
.. clicmd:: no ip ospf area
Enable ospf on an interface and set associated area.
Enable ospf on an interface and set associated area.
.. _redistribute-routes-to-ospf:
@ -702,16 +697,16 @@ Redistribute routes to OSPF
.. _ospf-redistribute:
Redistribute routes of the specified protocol
or kind into OSPF, with the metric type and metric set if specified,
filtering the routes using the given route-map if specified.
Redistributed routes may also be filtered with distribute-lists, see
Redistribute routes of the specified protocol or kind into OSPF, with the
metric type and metric set if specified, filtering the routes using the
given route-map if specified. Redistributed routes may also be filtered
with distribute-lists, see
:ref:`ospf distribute-list configuration <ospf-distribute-list>`.
Redistributed routes are distributed as into OSPF as Type-5 External
LSAs into links to areas that accept external routes, Type-7 External LSAs
for NSSA areas and are not redistributed at all into Stub areas, where
external routes are not permitted.
Redistributed routes are distributed as into OSPF as Type-5 External LSAs
into links to areas that accept external routes, Type-7 External LSAs for
NSSA areas and are not redistributed at all into Stub areas, where external
routes are not permitted.
Note that for connected routes, one may instead use the `passive-interface`
configuration.
@ -747,10 +742,10 @@ Redistribute routes to OSPF
.. index:: no default-information originate
.. clicmd:: no default-information originate
Originate an AS-External (type-5) LSA describing a default route into
all external-routing capable areas, of the specified metric and metric
type. If the 'always' keyword is given then the default is always
advertised, even when there is no default present in the routing table.
Originate an AS-External (type-5) LSA describing a default route into all
external-routing capable areas, of the specified metric and metric type. If
the 'always' keyword is given then the default is always advertised, even
when there is no default present in the routing table.
.. index:: distribute-list NAME out (kernel|connected|static|rip|ospf
.. clicmd:: distribute-list NAME out (kernel|connected|static|rip|ospf
@ -760,9 +755,9 @@ Redistribute routes to OSPF
.. _ospf-distribute-list:
Apply the access-list filter, NAME, to
redistributed routes of the given type before allowing the routes to
redistributed into OSPF (:ref:`ospf redistribution <ospf-redistribute>`).
Apply the access-list filter, NAME, to redistributed routes of the given
type before allowing the routes to redistributed into OSPF
(:ref:`ospf redistribution <ospf-redistribute>`).
.. index:: default-metric (0-16777214)
.. clicmd:: default-metric (0-16777214)
@ -850,7 +845,8 @@ Showing OSPF information
.. index:: show ip ospf route
.. clicmd:: show ip ospf route
Show the OSPF routing table, as determined by the most recent SPF calculation.
Show the OSPF routing table, as determined by the most recent SPF
calculation.
.. _opaque-lsa:
@ -869,9 +865,9 @@ Opaque LSA
.. index:: no capability opaque
.. clicmd:: no capability opaque
*ospfd* support Opaque LSA (RFC2370) as fondment for MPLS Traffic Engineering
LSA. Prior to used MPLS TE, opaque-lsa must be enable in the configuration
file. Alternate command could be "mpls-te on"
*ospfd* support Opaque LSA (:rfc:`2370`) as fondment for MPLS Traffic
Engineering LSA. Prior to used MPLS TE, opaque-lsa must be enable in the
configuration file. Alternate command could be "mpls-te on"
(:ref:`ospf-traffic-engineering`).
.. index:: show ip ospf database (opaque-link|opaque-area|opaque-external)
@ -981,18 +977,19 @@ Router Information
.. index:: no pce scope
.. clicmd:: no pce scope
The commands are conform to :rfc:`5088` and allow OSPF router announce Path
Compuatation Elemenent (PCE) capabilities through the Router Information (RI)
LSA. Router Information must be enable prior to this. The command set/unset
respectively the PCE IP adress, Autonomous System (AS) numbers of controlled
domains, neighbor ASs, flag and scope. For flag and scope, please refer to
:rfc`5088` for the BITPATTERN recognition. Multiple 'pce neighbor' command
could be specified in order to specify all PCE neighbours.
The commands are conform to :rfc:`5088` and allow OSPF router announce Path
Compuatation Elemenent (PCE) capabilities through the Router Information
(RI) LSA. Router Information must be enable prior to this. The command
set/unset respectively the PCE IP adress, Autonomous System (AS) numbers of
controlled domains, neighbor ASs, flag and scope. For flag and scope, please
refer to :rfc`5088` for the BITPATTERN recognition. Multiple 'pce neighbor'
command could be specified in order to specify all PCE neighbours.
.. index:: show ip ospf router-info
.. clicmd:: show ip ospf router-info
Show Router Capabilities flag.
.. index:: show ip ospf router-info pce
.. clicmd:: show ip ospf router-info pce
@ -1028,10 +1025,10 @@ This is an EXPERIMENTAL support of Segment Routing as per draft
.. index:: [no] segment-routing prefix A.B.C.D/M index (0-65535) [no-php-flag]
.. clicmd:: [no] segment-routing prefix A.B.C.D/M index (0-65535) [no-php-flag]
Set the Segment Rounting index for the specifyed prefix. Note
that, only prefix with /32 corresponding to a loopback interface are
currently supported. The 'no-php-flag' means NO Penultimate Hop Popping that
allows SR node to request to its neighbor to not pop the label.
Set the Segment Rounting index for the specifyed prefix. Note that, only
prefix with /32 corresponding to a loopback interface are currently
supported. The 'no-php-flag' means NO Penultimate Hop Popping that allows SR
node to request to its neighbor to not pop the label.
.. index:: show ip ospf database segment-routing <adv-router ADVROUTER|self-originate> [json]
.. clicmd:: show ip ospf database segment-routing <adv-router ADVROUTER|self-originate> [json]
@ -1140,7 +1137,7 @@ OSPF Configuration Examples
A simple example, with MD5 authentication enabled:
::
.. code-block:: frr
!
interface bge0
@ -1155,7 +1152,7 @@ A simple example, with MD5 authentication enabled:
An :abbr:`ABR` router, with MD5 authentication and performing summarisation
of networks between the areas:
::
.. code-block:: frr
!
password ABCDEF
@ -1189,7 +1186,9 @@ of networks between the areas:
A Traffic Engineering configuration, with Inter-ASv2 support.
First, the 'zebra.conf' part:::
First, the :file:`zebra.conf` part:
.. code-block:: frr
interface eth0
ip address 198.168.1.1/24
@ -1262,7 +1261,9 @@ First, the 'zebra.conf' part:::
unrsv-bw 7 1.25e+06
neighbor 192.168.2.2 as 65000
Then the 'ospfd.conf' itself:::
Then the :file:`ospfd.conf` itself:
.. code-block:: frr
hostname HOSTNAME
password PASSWORD
@ -1288,8 +1289,9 @@ Then the 'ospfd.conf' itself:::
!
line vty
A router information example with PCE advsertisement:
A router information example with PCE advsertisement:::
.. code-block:: frr
!
router ospf

20
doc/user/overview.rst
View File

@ -95,17 +95,17 @@ architecture creates new possibilities for the routing system.
::
+----+ +----+ +-----+ +-----+
|bgpd| |ripd| |ospfd| |zebra|
+----+ +----+ +-----+ +-----+
|
+---------------------------|--+
| v |
| UNIX Kernel routing table |
| |
+------------------------------+
+----+ +----+ +-----+ +-----+
|bgpd| |ripd| |ospfd| |zebra|
+----+ +----+ +-----+ +-----+
|
+---------------------------|--+
| v |
| UNIX Kernel routing table |
| |
+------------------------------+
FRR System Architecture
FRR System Architecture
Multi-process architecture brings extensibility, modularity and

4
doc/user/pim.rst
View File

@ -214,8 +214,8 @@ is in a vrf, enter the interface command with the vrf keyword at the end.
.. _pim-multicast-rib-insertion:
PIM Multicast RIB insertion::
=============================
PIM Multicast RIB insertion:
============================
In order to influence Multicast RPF lookup, it is possible to insert
into zebra routes for the Multicast RIB. These routes are only

32
doc/user/ripd.rst
View File

@ -146,7 +146,7 @@ RIP Configuration
Below is very simple RIP configuration. Interface `eth0` and interface which
address match to `10.0.0.0/8` are RIP enabled.
::
.. code-block:: frr
!
router rip
@ -354,7 +354,7 @@ RIP routes can be filtered by a distribute-list.
the distribute-list command. For example, in the following configuration
``eth0`` will permit only the paths that match the route 10.0.0.0/8
::
.. code-block:: frr
!
router rip
@ -446,11 +446,11 @@ Usage of *ripd*'s route-map support.
Optional argument route-map MAP_NAME can be added to each `redistribute`
statement.
::
.. code-block:: frr
redistribute static [route-map MAP_NAME]
redistribute connected [route-map MAP_NAME]
.....
redistribute static [route-map MAP_NAME]
redistribute connected [route-map MAP_NAME]
.....
Cisco applies route-map _before_ routes will exported to rip route table. In
@ -572,17 +572,17 @@ To prevent such unauthenticated querying of routes disable RIPv1,
Specifiy Keyed MD5 chain.
::
.. code-block:: frr
!
key chain test
key 1
key-string test
!
interface eth1
ip rip authentication mode md5
ip rip authentication key-chain test
!
!
key chain test
key 1
key-string test
!
interface eth1
ip rip authentication mode md5
ip rip authentication key-chain test
!
.. _rip-timers:

8
doc/user/routemap.rst
View File

@ -302,11 +302,11 @@ Route Map Examples
A simple example of a route-map:
::
.. code-block:: frr
route-map test permit 10
match ip address 10
set local-preference 200
route-map test permit 10
match ip address 10
set local-preference 200
This means that if a route matches ip access-list number 10 it's

198
doc/user/routeserver.rst
View File

@ -246,7 +246,7 @@ against the other two routers. These peerings have In and Out route-maps
configured, named like 'PEER-X-IN' or 'PEER-X-OUT'. For example the
configuration file for router RA could be the following:
::
.. code-block:: frr
#Configuration for router 'RA'
!
@ -319,29 +319,29 @@ modify the configuration of routers RA, RB and RC. Now they must not peer
between them, but only with the route server. For example, RA's
configuration would turn into:
::
.. code-block:: frr
# Configuration for router 'RA'
!
hostname RA
password ****
!
router bgp 65001
no bgp default ipv4-unicast
neighbor 2001:0DB8::FFFF remote-as 65000
!
address-family ipv6
network 2001:0DB8:AAAA:1::/64
network 2001:0DB8:AAAA:2::/64
network 2001:0DB8:0000:1::/64
network 2001:0DB8:0000:2::/64
# Configuration for router 'RA'
!
hostname RA
password ****
!
router bgp 65001
no bgp default ipv4-unicast
neighbor 2001:0DB8::FFFF remote-as 65000
!
address-family ipv6
network 2001:0DB8:AAAA:1::/64
network 2001:0DB8:AAAA:2::/64
network 2001:0DB8:0000:1::/64
network 2001:0DB8:0000:2::/64
neighbor 2001:0DB8::FFFF activate
neighbor 2001:0DB8::FFFF soft-reconfiguration inbound
exit-address-family
!
line vty
!
neighbor 2001:0DB8::FFFF activate
neighbor 2001:0DB8::FFFF soft-reconfiguration inbound
exit-address-family
!
line vty
!
Which is logically much simpler than its initial configuration, as it now
@ -362,84 +362,84 @@ server.
This is a fragment of the route server configuration (we only show
the policies for client RA):
::
.. code-block:: frr
# Configuration for Route Server ('RS')
!
hostname RS
password ix
!
bgp multiple-instance
!
router bgp 65000 view RS
no bgp default ipv4-unicast
neighbor 2001:0DB8::A remote-as 65001
neighbor 2001:0DB8::B remote-as 65002
neighbor 2001:0DB8::C remote-as 65003
!
address-family ipv6
neighbor 2001:0DB8::A activate
neighbor 2001:0DB8::A route-server-client
neighbor 2001:0DB8::A route-map RSCLIENT-A-IMPORT import
neighbor 2001:0DB8::A route-map RSCLIENT-A-EXPORT export
neighbor 2001:0DB8::A soft-reconfiguration inbound
# Configuration for Route Server ('RS')
!
hostname RS
password ix
!
bgp multiple-instance
!
router bgp 65000 view RS
no bgp default ipv4-unicast
neighbor 2001:0DB8::A remote-as 65001
neighbor 2001:0DB8::B remote-as 65002
neighbor 2001:0DB8::C remote-as 65003
!
address-family ipv6
neighbor 2001:0DB8::A activate
neighbor 2001:0DB8::A route-server-client
neighbor 2001:0DB8::A route-map RSCLIENT-A-IMPORT import
neighbor 2001:0DB8::A route-map RSCLIENT-A-EXPORT export
neighbor 2001:0DB8::A soft-reconfiguration inbound
neighbor 2001:0DB8::B activate
neighbor 2001:0DB8::B route-server-client
neighbor 2001:0DB8::B route-map RSCLIENT-B-IMPORT import
neighbor 2001:0DB8::B route-map RSCLIENT-B-EXPORT export
neighbor 2001:0DB8::B soft-reconfiguration inbound
neighbor 2001:0DB8::B activate
neighbor 2001:0DB8::B route-server-client
neighbor 2001:0DB8::B route-map RSCLIENT-B-IMPORT import
neighbor 2001:0DB8::B route-map RSCLIENT-B-EXPORT export
neighbor 2001:0DB8::B soft-reconfiguration inbound
neighbor 2001:0DB8::C activate
neighbor 2001:0DB8::C route-server-client
neighbor 2001:0DB8::C route-map RSCLIENT-C-IMPORT import
neighbor 2001:0DB8::C route-map RSCLIENT-C-EXPORT export
neighbor 2001:0DB8::C soft-reconfiguration inbound
exit-address-family
!
ipv6 prefix-list COMMON-PREFIXES seq 5 permit 2001:0DB8:0000::/48 ge 64 le 64
ipv6 prefix-list COMMON-PREFIXES seq 10 deny any
!
ipv6 prefix-list PEER-A-PREFIXES seq 5 permit 2001:0DB8:AAAA::/48 ge 64 le 64
ipv6 prefix-list PEER-A-PREFIXES seq 10 deny any
!
ipv6 prefix-list PEER-B-PREFIXES seq 5 permit 2001:0DB8:BBBB::/48 ge 64 le 64
ipv6 prefix-list PEER-B-PREFIXES seq 10 deny any
!
ipv6 prefix-list PEER-C-PREFIXES seq 5 permit 2001:0DB8:CCCC::/48 ge 64 le 64
ipv6 prefix-list PEER-C-PREFIXES seq 10 deny any
!
route-map RSCLIENT-A-IMPORT permit 10
match peer 2001:0DB8::B
call A-IMPORT-FROM-B
route-map RSCLIENT-A-IMPORT permit 20
match peer 2001:0DB8::C
call A-IMPORT-FROM-C
!
route-map A-IMPORT-FROM-B permit 10
match ipv6 address prefix-list COMMON-PREFIXES
set metric 100
route-map A-IMPORT-FROM-B permit 20
match ipv6 address prefix-list PEER-B-PREFIXES
set community 65001:11111
!
route-map A-IMPORT-FROM-C permit 10
match ipv6 address prefix-list COMMON-PREFIXES
set metric 200
route-map A-IMPORT-FROM-C permit 20
match ipv6 address prefix-list PEER-C-PREFIXES
set community 65001:22222
!
route-map RSCLIENT-A-EXPORT permit 10
match peer 2001:0DB8::B
match ipv6 address prefix-list PEER-A-PREFIXES
route-map RSCLIENT-A-EXPORT permit 20
match peer 2001:0DB8::C
match ipv6 address prefix-list PEER-A-PREFIXES
!
...
...
...
neighbor 2001:0DB8::C activate
neighbor 2001:0DB8::C route-server-client
neighbor 2001:0DB8::C route-map RSCLIENT-C-IMPORT import
neighbor 2001:0DB8::C route-map RSCLIENT-C-EXPORT export
neighbor 2001:0DB8::C soft-reconfiguration inbound
exit-address-family
!
ipv6 prefix-list COMMON-PREFIXES seq 5 permit 2001:0DB8:0000::/48 ge 64 le 64
ipv6 prefix-list COMMON-PREFIXES seq 10 deny any
!
ipv6 prefix-list PEER-A-PREFIXES seq 5 permit 2001:0DB8:AAAA::/48 ge 64 le 64
ipv6 prefix-list PEER-A-PREFIXES seq 10 deny any
!
ipv6 prefix-list PEER-B-PREFIXES seq 5 permit 2001:0DB8:BBBB::/48 ge 64 le 64
ipv6 prefix-list PEER-B-PREFIXES seq 10 deny any
!
ipv6 prefix-list PEER-C-PREFIXES seq 5 permit 2001:0DB8:CCCC::/48 ge 64 le 64
ipv6 prefix-list PEER-C-PREFIXES seq 10 deny any
!
route-map RSCLIENT-A-IMPORT permit 10
match peer 2001:0DB8::B
call A-IMPORT-FROM-B
route-map RSCLIENT-A-IMPORT permit 20
match peer 2001:0DB8::C
call A-IMPORT-FROM-C
!
route-map A-IMPORT-FROM-B permit 10
match ipv6 address prefix-list COMMON-PREFIXES
set metric 100
route-map A-IMPORT-FROM-B permit 20
match ipv6 address prefix-list PEER-B-PREFIXES
set community 65001:11111
!
route-map A-IMPORT-FROM-C permit 10
match ipv6 address prefix-list COMMON-PREFIXES
set metric 200
route-map A-IMPORT-FROM-C permit 20
match ipv6 address prefix-list PEER-C-PREFIXES
set community 65001:22222
!
route-map RSCLIENT-A-EXPORT permit 10
match peer 2001:0DB8::B
match ipv6 address prefix-list PEER-A-PREFIXES
route-map RSCLIENT-A-EXPORT permit 20
match peer 2001:0DB8::C
match ipv6 address prefix-list PEER-A-PREFIXES
!
...
...
...
If you compare the initial configuration of RA with the route server
@ -487,7 +487,7 @@ any limitation, as all kinds of filters can be included in import/export
route-maps. For example suppose that in the non-route-server scenario peer
RA had the following filters configured for input from peer B:
::
.. code-block:: frr
neighbor 2001:0DB8::B prefix-list LIST-1 in
neighbor 2001:0DB8::B filter-list LIST-2 in
@ -507,7 +507,7 @@ the three filters (the community-list, the prefix-list and the
route-map). That route-map can then be used inside the Import
policy in the route server. Lets see how to do it:
::
.. code-block:: frr
neighbor 2001:0DB8::A route-map RSCLIENT-A-IMPORT import
...

4
doc/user/rpki.rst
View File

@ -164,7 +164,7 @@ Validating BGP Updates
In the following example, the router prefers valid routes over invalid
prefixes because invalid routes have a lower local preference.
::
.. code-block:: frr
! Allow for invalid routes in route selection process
route bgp 60001
@ -213,7 +213,7 @@ Displaying RPKI
RPKI Configuration Example
--------------------------
::
.. code-block:: frr
hostname bgpd1
password zebra

80
doc/user/snmp.rst
View File

@ -42,22 +42,23 @@ master SNMP agent (snmpd) and each of the FRR daemons must be configured. In
:file:`/etc/snmp/snmpd.conf`, the ``master agentx`` directive should be added.
In each of the FRR daemons, ``agentx`` command will enable AgentX support.
::
:file:`/etc/snmp/snmpd.conf`:
#
# example access restrictions setup
#
com2sec readonly default public
group MyROGroup v1 readonly
view all included .1 80
access MyROGroup "" any noauth exact all none none
#
# enable master agent for AgentX subagents
#
master agentx
/etc/snmp/snmpd.conf:
#
# example access restrictions setup
#
com2sec readonly default public
group MyROGroup v1 readonly
view all included .1 80
access MyROGroup "" any noauth exact all none none
#
# enable master agent for AgentX subagents
#
master agentx
:file:`/etc/frr/ospfd.conf:`
.. code-block:: frr
/etc/frr/ospfd.conf:
! ... the rest of ospfd.conf has been omitted for clarity ...
!
agentx
@ -69,16 +70,16 @@ each FRR daemons:
::
2012/05/25 11:39:08 ZEBRA: snmp[info]: NET-SNMP version 5.4.3 AgentX subagent connected
2012/05/25 11:39:08 ZEBRA: snmp[info]: NET-SNMP version 5.4.3 AgentX subagent connected
Then, you can use the following command to check everything works as expected:
::
# snmpwalk -c public -v1 localhost .1.3.6.1.2.1.14.1.1
OSPF-MIB::ospfRouterId.0 = IpAddress: 192.168.42.109
[...]
# snmpwalk -c public -v1 localhost .1.3.6.1.2.1.14.1.1
OSPF-MIB::ospfRouterId.0 = IpAddress: 192.168.42.109
[...]
The AgentX protocol can be transported over a Unix socket or using TCP or UDP.
@ -88,10 +89,9 @@ need to configure FRR to use another transport, you can configure it through
::
/etc/snmp/frr.conf:
[snmpd]
# Use a remote master agent
agentXSocket tcp:192.168.15.12:705
[snmpd]
# Use a remote master agent
agentXSocket tcp:192.168.15.12:705
.. _smux-configuration:
@ -112,26 +112,24 @@ In the following example the ospfd daemon will be connected to the snmpd daemon
using the password "frr_ospfd". For testing it is recommending to take exactly
the below snmpd.conf as wrong access restrictions can be hard to debug.
::
:file:`/etc/snmp/snmpd.conf`:
#
# example access restrictions setup
#
com2sec readonly default public
group MyROGroup v1 readonly
view all included .1 80
access MyROGroup "" any noauth exact all none none
#
# the following line is relevant for FRR
#
smuxpeer .1.3.6.1.4.1.3317.1.2.5 frr_ospfd
/etc/snmp/snmpd.conf:
#
# example access restrictions setup
#
com2sec readonly default public
group MyROGroup v1 readonly
view all included .1 80
access MyROGroup "" any noauth exact all none none
#
# the following line is relevant for FRR
#
smuxpeer .1.3.6.1.4.1.3317.1.2.5 frr_ospfd
/etc/frr/ospf:
! ... the rest of ospfd.conf has been omitted for clarity ...
!
smux peer .1.3.6.1.4.1.3317.1.2.5 frr_ospfd
!
:file:`/etc/frr/ospf`:
! ... the rest of ospfd.conf has been omitted for clarity ...
!
smux peer .1.3.6.1.4.1.3317.1.2.5 frr_ospfd
!
After restarting snmpd and frr, a successful connection can be verified in the

2
doc/user/snmptrap.rst
View File

@ -42,7 +42,7 @@ The snmptrap_handle.sh script I personally use for handling BGP4 traps is
below. You can of course do all sorts of things when handling traps, like sound
a siren, have your display flash, etc., be creative ;).
::
.. code-block:: shell
#!/bin/bash

120
doc/user/vnc.rst
View File

@ -90,7 +90,7 @@ Default values are overridden by :ref:`vnc-nve-group-configuration`.
Enter VNC configuration mode for specifying VNC default behaviors. Use
`exit-vnc` to leave VNC configuration mode. `vnc defaults` is optional.
::
.. code-block:: frr
vnc defaults
... various VNC defaults
@ -142,7 +142,7 @@ Defaults section.
Enter VNC configuration mode for defining the NVE group `name`.
Use `exit` or `exit-vnc` to exit group configuration mode.
::
.. code-block:: frr
vnc nve-group group1
... configuration commands
@ -315,7 +315,7 @@ L2 Group Configuration.
Enter VNC configuration mode for defining the L2 group `name`.
Use `exit` or `exit-vnc` to exit group configuration mode.
::
.. code-block:: frr
vnc l2-group group1
... configuration commands
@ -851,7 +851,9 @@ Tunnel Encapsulation Attribute.
A three-way full mesh with three NVEs per NVA.
:file:`bgpd.conf` for ``NVA 1`` (192.168.1.100):::
:file:`bgpd.conf` for ``NVA 1`` (192.168.1.100):
.. code-block:: frr
router bgp 64512
@ -883,7 +885,9 @@ Tunnel Encapsulation Attribute.
exit
:file:`bgpd.conf` for ``NVA 2`` (192.168.1.101):::
:file:`bgpd.conf` for ``NVA 2`` (192.168.1.101):
.. code-block:: frr
router bgp 64512
@ -905,7 +909,9 @@ Tunnel Encapsulation Attribute.
exit-vnc
exit
:file:`bgpd.conf` for ``NVA 3`` (192.168.1.102):::
:file:`bgpd.conf` for ``NVA 3`` (192.168.1.102):
.. code-block:: frr
router bgp 64512
@ -959,7 +965,9 @@ registrations exported this way have a next-hop address of the CE behind the
connected (registering) NVE. Exporting VNC routes as IPv4 unicast is enabled
with the ``vnc export`` command below.
The configuration for ``VNC-GW 1`` is shown below.::
The configuration for ``VNC-GW 1`` is shown below.
.. code-block:: frr
router bgp 64512
bgp router-id 192.168.1.101
@ -994,7 +1002,9 @@ have a statement disabling the IPv4 unicast address family. IPv4 unicast is on
by default and this prevents the other VNC-GW and NVAs from learning unicast
routes advertised by the route-reflector clients.
Configuration for ``NVA 2``:::
Configuration for ``NVA 2``:
.. code-block:: frr
router bgp 64512
bgp router-id 192.168.1.104
@ -1077,7 +1087,9 @@ As in the example of :ref:`vnc-mesh-nva-config`, there are two NVE groups. The
7``, and ``NVE 8`` are members of the NVE group ``group1``. The NVEs ``NVE
5``, ``NVE 6``, and ``NVE 9`` are members of the NVE group ``group2``.
:file:`bgpd.conf` for ``BGP Route Reflector 1`` on 192.168.1.100:::
:file:`bgpd.conf` for ``BGP Route Reflector 1`` on 192.168.1.100:
.. code-block:: frr
router bgp 64512
@ -1106,7 +1118,9 @@ As in the example of :ref:`vnc-mesh-nva-config`, there are two NVE groups. The
exit
:file:`bgpd.conf` for ``NVA 2`` on 192.168.1.101:::
:file:`bgpd.conf` for ``NVA 2`` on 192.168.1.101:
.. code-block:: frr
router bgp 64512
@ -1126,28 +1140,30 @@ As in the example of :ref:`vnc-mesh-nva-config`, there are two NVE groups. The
exit-vnc
exit
:file:`bgpd.conf` for ``NVA 2`` on 192.168.1.102:::
:file:`bgpd.conf` for ``NVA 2`` on 192.168.1.102:
router bgp 64512
.. code-block:: frr
bgp router-id 192.168.1.102
router bgp 64512
neighbor 192.168.1.100 remote-as 64512
bgp router-id 192.168.1.102
address-family ipv4 vpn
neighbor 192.168.1.100 activate
exit-address-family
neighbor 192.168.1.100 remote-as 64512
vnc defaults
rd 64512:1
response-lifetime 200
rt both 1000:1 1000:2
exit-vnc
address-family ipv4 vpn
neighbor 192.168.1.100 activate
exit-address-family
vnc nve-group group1
prefix vn 172.16.128.0/17
exit-vnc
exit
vnc defaults
rd 64512:1
response-lifetime 200
rt both 1000:1 1000:2
exit-vnc
vnc nve-group group1
prefix vn 172.16.128.0/17
exit-vnc
exit
While not shown, an NVA can also be configured as a route reflector.
@ -1218,7 +1234,9 @@ VNC-relevant configuration is provided.
}
}
:file:`bgpd.conf` for ``NVA 2`` on 192.168.1.101:::
:file:`bgpd.conf` for ``NVA 2`` on 192.168.1.101:
.. code-block:: frr
router bgp 64512
@ -1238,7 +1256,9 @@ VNC-relevant configuration is provided.
exit-vnc
exit
:file:`bgpd.conf` for ``NVA 3`` on 192.168.1.102:::
:file:`bgpd.conf` for ``NVA 3`` on 192.168.1.102:
.. code-block:: frr
router bgp 64512
@ -1277,7 +1297,9 @@ reflector configuration. BGP route reflectors ``BGP Route Reflector 1`` and
FRR-based NVA with redundant route reflectors
:file:`bgpd.conf` for ``Bgpd Route Reflector 1`` on 192.168.1.100:::
:file:`bgpd.conf` for ``Bgpd Route Reflector 1`` on 192.168.1.100:
.. code-block:: frr
router bgp 64512
@ -1304,29 +1326,33 @@ reflector configuration. BGP route reflectors ``BGP Route Reflector 1`` and
exit-address-family
exit
:file:`bgpd.conf` for ``NVA 2`` on 192.168.1.101:::
:file:`bgpd.conf` for ``NVA 2`` on 192.168.1.101:
router bgp 64512
.. code-block:: frr
bgp router-id 192.168.1.101
router bgp 64512
neighbor 192.168.1.100 remote-as 64512
neighbor 192.168.1.104 remote-as 64512
bgp router-id 192.168.1.101
address-family ipv4 vpn
neighbor 192.168.1.100 activate
neighbor 192.168.1.104 activate
exit-address-family
neighbor 192.168.1.100 remote-as 64512
neighbor 192.168.1.104 remote-as 64512
vnc nve-group group1
prefix vn 172.16.0.0/17
rd 64512:1
response-lifetime 200
rt both 1000:1 1000:2
exit-vnc
exit
address-family ipv4 vpn
neighbor 192.168.1.100 activate
neighbor 192.168.1.104 activate
exit-address-family
:file:`bgpd.conf` for ``NVA 3`` on 192.168.1.102:::
vnc nve-group group1
prefix vn 172.16.0.0/17
rd 64512:1
response-lifetime 200
rt both 1000:1 1000:2
exit-vnc
exit
:file:`bgpd.conf` for ``NVA 3`` on 192.168.1.102:
.. code-block:: frr
router bgp 64512
@ -1417,7 +1443,7 @@ reflector configuration. BGP route reflectors ``BGP Route Reflector 1`` and
}
}
.. [#] The nve-id is carriedin the route distinguisher. It is the second octet
.. [#] The nve-id is carried in the route distinguisher. It is the second octet
of the eight-octet route distinguisher generated for Ethernet / L2
advertisements. The first octet is a constant 0xFF, and the third
through eighth octets are set to the L2

51
doc/user/zebra.rst
View File

@ -240,7 +240,8 @@ defines static prefix and gateway.
Some example configuration:
::
.. code-block:: frr
ip route 10.0.0.0/8 10.0.0.2
ip route 10.0.0.0/8 ppp0
ip route 10.0.0.0/8 null0
@ -256,7 +257,7 @@ defines static prefix and gateway.
A.B.C.D format, user must define NETMASK value with A.B.C.D
format. GATEWAY is same option as above command.
::
.. code-block:: frr
ip route 10.0.0.0 255.255.255.0 10.0.0.2
ip route 10.0.0.0 255.255.255.0 ppp0
@ -270,9 +271,9 @@ defines static prefix and gateway.
Installs the route with the specified distance.
Multiple nexthop static route
Multiple nexthop static route:
::
.. code-block:: frr
ip route 10.0.0.1/32 10.0.0.2
ip route 10.0.0.1/32 10.0.0.3
@ -294,7 +295,7 @@ nexthops, if the platform supports this.
* is directly connected, eth0
::
.. code-block:: frr
ip route 10.0.0.0/8 10.0.0.2
ip route 10.0.0.0/8 10.0.0.3
@ -373,30 +374,30 @@ unicast topology!
MODE sets the method used to perform RPF lookups. Supported modes:
urib-only
Performs the lookup on the Unicast RIB. The Multicast RIB is never used.
urib-only
Performs the lookup on the Unicast RIB. The Multicast RIB is never used.
mrib-only
Performs the lookup on the Multicast RIB. The Unicast RIB is never used.
mrib-only
Performs the lookup on the Multicast RIB. The Unicast RIB is never used.
mrib-then-urib
Tries to perform the lookup on the Multicast RIB. If any route is found,
that route is used. Otherwise, the Unicast RIB is tried.
mrib-then-urib
Tries to perform the lookup on the Multicast RIB. If any route is found,
that route is used. Otherwise, the Unicast RIB is tried.
lower-distance
Performs a lookup on the Multicast RIB and Unicast RIB each. The result
with the lower administrative distance is used; if they're equal, the
Multicast RIB takes precedence.
lower-distance
Performs a lookup on the Multicast RIB and Unicast RIB each. The result
with the lower administrative distance is used; if they're equal, the
Multicast RIB takes precedence.
longer-prefix
Performs a lookup on the Multicast RIB and Unicast RIB each. The result
with the longer prefix length is used; if they're equal, the
Multicast RIB takes precedence.
longer-prefix
Performs a lookup on the Multicast RIB and Unicast RIB each. The result
with the longer prefix length is used; if they're equal, the
Multicast RIB takes precedence.
The `mrib-then-urib` setting is the default behavior if nothing is
configured. If this is the desired behavior, it should be explicitly
configured to make the configuration immune against possible changes in
what the default behavior is.
The `mrib-then-urib` setting is the default behavior if nothing is
configured. If this is the desired behavior, it should be explicitly
configured to make the configuration immune against possible changes in
what the default behavior is.
.. warning::
Unreachable routes do not receive special treatment and do not cause
@ -477,7 +478,7 @@ The following creates a prefix-list that matches all addresses, a route-map
that sets the preferred source address, and applies the route-map to all
*rip* routes.
::
.. code-block:: frr
ip prefix-list ANY permit 0.0.0.0/0 le 32
route-map RM1 permit 10