diff --git a/doc/user/basic.rst b/doc/user/basic.rst index a0c53aaf09..4a5056e233 100644 --- a/doc/user/basic.rst +++ b/doc/user/basic.rst @@ -42,7 +42,7 @@ Config files are generally found in |INSTALL_PREFIX_ETC|. Each of the daemons has its own config file. The daemon name plus ``.conf`` is the default config file name. For example, zebra's default config file name is :file:`zebra.conf`. You can specify a config file using the :option:`-f` or -:option:`--config-file` options when starting the daemon. +:option:`--config_file` options when starting the daemon. .. _basic-config-commands: @@ -261,27 +261,27 @@ Sample Config File Below is a sample configuration file for the zebra daemon. -:: +.. code-block:: frr - ! - ! Zebra configuration file - ! - hostname Router - password zebra - enable password zebra - ! - log stdout - ! - ! + ! + ! Zebra configuration file + ! + hostname Router + password zebra + enable password zebra + ! + log stdout + ! + ! '!' and '#' are comment characters. If the first character of the word is one of the comment characters then from the rest of the line forward will be ignored as a comment. -:: +.. code-block:: frr - password zebra!password + password zebra!password If a comment character is not the first character of the word, it's a normal character. So in the above example '!' will not be regarded as a @@ -466,32 +466,32 @@ is no VTY password, one cannot connect to the VTY interface at all. :: - % telnet localhost 2601 - Trying 127.0.0.1... - Connected to localhost. - Escape character is '^]'. + % telnet localhost 2601 + Trying 127.0.0.1... + Connected to localhost. + Escape character is '^]'. - Hello, this is |PACKAGE_NAME| (version |PACKAGE_VERSION|) - |COPYRIGHT_STR| + Hello, this is |PACKAGE_NAME| (version |PACKAGE_VERSION|) + |COPYRIGHT_STR| - User Access Verification + User Access Verification - Password: XXXXX - Router> ? - enable . . . Turn on privileged commands - exit . . . Exit current mode and down to previous mode - help . . . Description of the interactive help system - list . . . Print command list - show . . . Show system inform + Password: XXXXX + Router> ? + enable . . . Turn on privileged commands + exit . . . Exit current mode and down to previous mode + help . . . Description of the interactive help system + list . . . Print command list + show . . . Show system inform - wh. . . Display who is on a vty - Router> enable - Password: XXXXX - Router# configure terminal - Router(config)# interface eth0 - Router(config-if)# ip address 10.0.0.1/8 - Router(config-if)# ^Z - Router# + wh. . . Display who is on a vty + Router> enable + Password: XXXXX + Router# configure terminal + Router(config)# interface eth0 + Router(config-if)# ip address 10.0.0.1/8 + Router(config-if)# ^Z + Router# :kbd:`?` and the ``find`` command are very useful for looking up commands. @@ -545,22 +545,22 @@ These commands are used for moving the CLI cursor. The :kbd:`C` character means press the Control Key. :kbd:`C-f` / :kbd:`LEFT` - Move forward one character. + Move forward one character. :kbd:`C-b` / :kbd:`RIGHT` - Move backward one character. + Move backward one character. :kbd:`M-f` - Move forward one word. + Move forward one word. :kbd:`M-b` - Move backward one word. + Move backward one word. :kbd:`C-a` - Move to the beginning of the line. + Move to the beginning of the line. :kbd:`C-e` - Move to the end of the line. + Move to the end of the line. .. _cli-editing-commands: @@ -573,31 +573,31 @@ character means press the Control Key. :kbd:`C-h` / :kbd:`DEL` - Delete the character before point. + Delete the character before point. :kbd:`C-d` - Delete the character after point. + Delete the character after point. :kbd:`M-d` - Forward kill word. + Forward kill word. :kbd:`C-w` - Backward kill word. + Backward kill word. :kbd:`C-k` - Kill to the end of the line. + Kill to the end of the line. :kbd:`C-u` - Kill line from the beginning, erasing input. + Kill line from the beginning, erasing input. :kbd:`C-t` - Transpose character. + Transpose character. CLI Advanced Commands @@ -608,27 +608,27 @@ insta-help, and VTY session management. :kbd:`C-c` - Interrupt current input and moves to the next line. + Interrupt current input and moves to the next line. :kbd:`C-z` - End current configuration session and move to top node. + End current configuration session and move to top node. :kbd:`C-n` / :kbd:`DOWN` - Move down to next line in the history buffer. + Move down to next line in the history buffer. :kbd:`C-p` / :kbd:`UP` - Move up to previous line in the history buffer. + Move up to previous line in the history buffer. :kbd:`TAB` - Use command line completion by typing :kbd:`TAB`. + Use command line completion by typing :kbd:`TAB`. :kbd:`?` - You can use command line help by typing `help` at the beginning of - the line. Typing :kbd:`?` at any point in the line will show possible - completions. + You can use command line help by typing ``help`` at the beginning of the + line. Typing :kbd:`?` at any point in the line will show possible + completions. diff --git a/doc/user/bgp.rst b/doc/user/bgp.rst index 2414059503..75fdc6e535 100644 --- a/doc/user/bgp.rst +++ b/doc/user/bgp.rst @@ -470,12 +470,14 @@ BGP route .. index:: network A.B.C.D/M .. clicmd:: network A.B.C.D/M - This command adds the announcement network.:: + This command adds the announcement network. - router bgp 1 - address-family ipv4 unicast - network 10.0.0.0/8 - exit-address-family + .. code-block:: frr + + router bgp 1 + address-family ipv4 unicast + network 10.0.0.0/8 + exit-address-family This configuration example says that network 10.0.0.0/8 will be announced to all neighbors. Some vendors' routers don't advertise @@ -603,15 +605,17 @@ Defining Peer .. clicmd:: neighbor PEER remote-as ASN Creates a new neighbor whose remote-as is ASN. PEER can be an IPv4 address - or an IPv6 address or an interface to use for the connection.:: + or an IPv6 address or an interface to use for the connection. - router bgp 1 - neighbor 10.0.0.1 remote-as 2 + .. code-block:: frr + + router bgp 1 + neighbor 10.0.0.1 remote-as 2 In this case my router, in AS-1, is trying to peer with AS-2 at 10.0.0.1. This command must be the first command used when configuring a neighbor. If - the remote-as is not specified, *bgpd* will complain like this::: + the remote-as is not specified, *bgpd* will complain like this: :: can't find neighbor 10.0.0.1 @@ -711,7 +715,9 @@ required. Specify the IPv4 source address to use for the :abbr:`BGP` session to this neighbour, may be specified as either an IPv4 address directly or as an interface name (in which case the *zebra* daemon MUST be running in order - for *bgpd* to be able to retrieve interface state).:: + for *bgpd* to be able to retrieve interface state). + + .. code-block:: frr router bgp 64555 neighbor foo update-source 192.168.0.1 @@ -1187,7 +1193,10 @@ Following configuration is the most typical usage of BGP communities attribute. AS 7675 provides upstream Internet connection to AS 100. When following configuration exists in AS 7675, AS 100 networks operator can set local preference in AS 7675 network by setting BGP -communities attribute to the updates.:: +communities attribute to the updates. + + +.. code-block:: frr router bgp 7675 neighbor 192.168.0.1 remote-as 100 @@ -1218,7 +1227,9 @@ communities attribute to the updates.:: Following configuration announce 10.0.0.0/8 from AS 100 to AS 7675. The route has communities value 7675:80 so when above configuration exists in AS 7675, announced route's local preference will be set to -value 80.:: +value 80. + +.. code-block:: frr router bgp 100 network 10.0.0.0/8 @@ -1238,7 +1249,9 @@ Following configuration is an example of BGP route filtering using communities attribute. This configuration only permit BGP routes which has BGP communities value 0:80 or 0:90. Network operator can put special internal communities value at BGP border router, then -limit the BGP routes announcement into the internal network.:: +limit the BGP routes announcement into the internal network. + +.. code-block:: frr router bgp 7675 neighbor 192.168.0.1 remote-as 100 @@ -1254,7 +1267,9 @@ limit the BGP routes announcement into the internal network.:: Following exmaple filter BGP routes which has communities value 1:1. When there is no match community-list returns deny. To avoid -filtering all of routes, we need to define permit any at last.:: +filtering all of routes, we need to define permit any at last. + +.. code-block:: frr router bgp 7675 neighbor 192.168.0.1 remote-as 100 @@ -1273,7 +1288,9 @@ Communities value keyword `internet` has special meanings in standard community lists. In below example `internet` act as match any. It matches all of BGP routes even if the route does not have communities attribute at all. So community list ``INTERNET`` -is same as above example's ``FILTER``.:: +is same as above example's ``FILTER``. + +.. code-block:: frr ip community-list standard INTERNET deny 1:1 ip community-list standard INTERNET permit internet @@ -1282,7 +1299,9 @@ is same as above example's ``FILTER``.:: Following configuration is an example of communities value deletion. With this configuration communities value 100:1 and 100:2 is removed from BGP updates. For communities value deletion, only `permit` -community-list is used. `deny` community-list is ignored.:: +community-list is used. `deny` community-list is ignored. + +.. code-block:: frr router bgp 7675 neighbor 192.168.0.1 remote-as 100 @@ -1379,11 +1398,9 @@ Lists. .. clicmd:: show ip extcommunity-list NAME This command displays current extcommunity-list information. When `name` is - specified the community list's information is shown. + specified the community list's information is shown.:: -:: - - # show ip extcommunity-list + # show ip extcommunity-list .. _bgp-extended-communities-in-route-map: @@ -1930,7 +1947,9 @@ neighbor. If a user manually disables the feature, the community attribute is not sent to the neighbor. When ``bgp config-type cisco`` is specified, the community attribute is not sent to the neighbor by default. To send the community attribute user has to specify *neighbor A.B.C.D send-community* -command.:: +command. + +.. code-block:: frr ! router bgp 1 @@ -1966,17 +1985,17 @@ multiple instance feature is enabled. Make a new BGP instance. You can use an arbitrary word for the `name`. - :: + .. code-block:: frr - bgp multiple-instance - ! - router bgp 1 - neighbor 10.0.0.1 remote-as 2 - neighbor 10.0.0.2 remote-as 3 - ! - router bgp 2 - neighbor 10.0.0.3 remote-as 4 - neighbor 10.0.0.4 remote-as 5 + bgp multiple-instance + ! + router bgp 1 + neighbor 10.0.0.1 remote-as 2 + neighbor 10.0.0.2 remote-as 3 + ! + router bgp 2 + neighbor 10.0.0.3 remote-as 4 + neighbor 10.0.0.4 remote-as 5 BGP view is almost same as normal BGP process. The result of route selection @@ -1991,7 +2010,7 @@ routing information. With this command, you can setup Route Server like below. - :: + .. code-block:: frr bgp multiple-instance ! @@ -2010,7 +2029,9 @@ Routing policy -------------- You can set different routing policy for a peer. For example, you can set -different filter for a peer.:: +different filter for a peer. + +.. code-block:: frr bgp multiple-instance ! @@ -2084,10 +2105,10 @@ _ How to set up a 6-Bone connection ================================= -:: +.. code-block:: frr - bgpd configuration - ================== + ! bgpd configuration + ! ================== ! ! MP-BGP configuration ! @@ -2171,7 +2192,9 @@ Dump BGP packets and table BGP Configuration Examples ========================== -Example of a session to an upstream, advertising only one prefix to it.:: +Example of a session to an upstream, advertising only one prefix to it. + +.. code-block:: frr router bgp 64512 bgp router-id 10.236.87.1 @@ -2196,7 +2219,7 @@ feature to support selective advertising of prefixes. This example is intended as guidance only, it has NOT been tested and almost certainly containts silly mistakes, if not serious flaws. -:: +.. code-block:: frr router bgp 64512 bgp router-id 10.236.87.1 diff --git a/doc/user/eigrpd.rst b/doc/user/eigrpd.rst index 95c3a17aeb..c626faf4e2 100644 --- a/doc/user/eigrpd.rst +++ b/doc/user/eigrpd.rst @@ -99,7 +99,7 @@ EIGRP Configuration Below is very simple EIGRP configuration. Interface `eth0` and interface which address match to `10.0.0.0/8` are EIGRP enabled. - :: + .. code-block:: frr ! router eigrp 1 diff --git a/doc/user/filter.rst b/doc/user/filter.rst index 57f9fbe426..9d7361443d 100644 --- a/doc/user/filter.rst +++ b/doc/user/filter.rst @@ -18,7 +18,7 @@ IP Access List Basic filtering is done by `access-list` as shown in the following example. - :: + .. code-block:: frr access-list filter deny 10.0.0.0/9 access-list filter permit 10.0.0.0/8 diff --git a/doc/user/isisd.rst b/doc/user/isisd.rst index b6989809a7..54f82f6832 100644 --- a/doc/user/isisd.rst +++ b/doc/user/isisd.rst @@ -559,7 +559,9 @@ Debugging ISIS ISIS Configuration Examples =========================== -A simple example, with MD5 authentication enabled::: +A simple example, with MD5 authentication enabled: + +.. code-block:: frr ! interface eth0 @@ -575,7 +577,9 @@ A simple example, with MD5 authentication enabled::: A Traffic Engineering configuration, with Inter-ASv2 support. -First, the 'zebra.conf' part::: +First, the :file:`zebra.conf` part: + +.. code-block:: frr hostname HOSTNAME password PASSWORD @@ -614,7 +618,9 @@ First, the 'zebra.conf' part::: neighbor 10.1.1.2 as 65000 -Then the 'isisd.conf' itself::: +Then the :file:`isisd.conf` itself: + +.. code-block:: frr hostname HOSTNAME password PASSWORD diff --git a/doc/user/nhrpd.rst b/doc/user/nhrpd.rst index 28e78f66fb..33cdbd9591 100644 --- a/doc/user/nhrpd.rst +++ b/doc/user/nhrpd.rst @@ -52,7 +52,9 @@ hub nodes, these routes should be internally redistributed using some routing protocol (e.g. iBGP) to allow hubs to be able to relay all traffic. This can be achieved in hubs with the following bgp configuration (network -command defines the GRE subnet)::: +command defines the GRE subnet): + +.. code-block:: frr router bgp 65555 address-family ipv4 unicast @@ -82,12 +84,12 @@ using NFLOG. Typically you want to send Traffic Indications for network traffic that is routed from gre1 back to gre1 in rate limited manner. This can be achieved with the following iptables rule. -:: +.. code-block:: shell - iptables -A FORWARD -i gre1 -o gre1 \\ - -m hashlimit --hashlimit-upto 4/minute --hashlimit-burst 1 \\ - --hashlimit-mode srcip,dstip --hashlimit-srcmask 24 --hashlimit-dstmask 24 \\ - --hashlimit-name loglimit-0 -j NFLOG --nflog-group 1 --nflog-range 128 + iptables -A FORWARD -i gre1 -o gre1 \\ + -m hashlimit --hashlimit-upto 4/minute --hashlimit-burst 1 \\ + --hashlimit-mode srcip,dstip --hashlimit-srcmask 24 --hashlimit-dstmask 24 \\ + --hashlimit-name loglimit-0 -j NFLOG --nflog-group 1 --nflog-range 128 You can fine tune the src/dstmask according to the prefix lengths you @@ -95,15 +97,20 @@ announce internal, add additional IP range matches, or rate limitation if needed. However, the above should be good in most cases. This kernel NFLOG target's nflog-group is configured in global nhrp config -with::: +with: - nhrp nflog-group 1 +.. code-block:: frr + + nhrp nflog-group 1 To start sending these traffic notices out from hubs, use the nhrp -per-interface directive::: +per-interface directive: + +.. code-block:: frr + + interface gre1 + ip nhrp redirect - interface gre1 - ip nhrp redirect .. _integration-with-ike: diff --git a/doc/user/ospf6d.rst b/doc/user/ospf6d.rst index b0823f21e7..3c84135405 100644 --- a/doc/user/ospf6d.rst +++ b/doc/user/ospf6d.rst @@ -49,7 +49,9 @@ OSPF6 router will cause the holdtime to be increased by `initial-holdtime`, bounded by the `maximum-holdtime` configured with this command. If the adaptive hold-time elapses without any SPF-triggering event occuring then - the current holdtime is reset to the `initial-holdtime`.:: + the current holdtime is reset to the `initial-holdtime`. + + .. code-block:: frr router ospf6 timers throttle spf 200 400 10000 @@ -187,7 +189,7 @@ OSPF6 Configuration Examples Example of ospf6d configured on one interface and area: -:: +.. code-block:: frr interface eth0 ipv6 ospf6 instance-id 0 diff --git a/doc/user/ospf_fundamentals.rst b/doc/user/ospf_fundamentals.rst index 5a4f7095ed..c35df85ddf 100644 --- a/doc/user/ospf_fundamentals.rst +++ b/doc/user/ospf_fundamentals.rst @@ -336,61 +336,61 @@ are fully adjacent with 192.168.0.49. :: - # show ip ospf database router 192.168.0.49 + # show ip ospf database router 192.168.0.49 - OSPF Router with ID (192.168.0.53) + OSPF Router with ID (192.168.0.53) - Router Link States (Area 0.0.0.0) + Router Link States (Area 0.0.0.0) - LS age: 38 - Options: 0x2 : *|-|-|-|-|-|E|* - LS Flags: 0x6 - Flags: 0x2 : ASBR - LS Type: router-LSA - Link State ID: 192.168.0.49 - Advertising Router: 192.168.0.49 - LS Seq Number: 80000f90 - Checksum: 0x518b - Length: 60 - Number of Links: 3 + LS age: 38 + Options: 0x2 : *|-|-|-|-|-|E|* + LS Flags: 0x6 + Flags: 0x2 : ASBR + LS Type: router-LSA + Link State ID: 192.168.0.49 + Advertising Router: 192.168.0.49 + LS Seq Number: 80000f90 + Checksum: 0x518b + Length: 60 + Number of Links: 3 - Link connected to: a Transit Network - (Link ID) Designated Router address: 192.168.1.3 - (Link Data) Router Interface address: 192.168.1.3 - Number of TOS metrics: 0 - TOS 0 Metric: 10 + Link connected to: a Transit Network + (Link ID) Designated Router address: 192.168.1.3 + (Link Data) Router Interface address: 192.168.1.3 + Number of TOS metrics: 0 + TOS 0 Metric: 10 - Link connected to: a Transit Network - (Link ID) Designated Router address: 192.168.0.49 - (Link Data) Router Interface address: 192.168.0.49 - Number of TOS metrics: 0 - TOS 0 Metric: 10 + Link connected to: a Transit Network + (Link ID) Designated Router address: 192.168.0.49 + (Link Data) Router Interface address: 192.168.0.49 + Number of TOS metrics: 0 + TOS 0 Metric: 10 - Link connected to: Stub Network - (Link ID) Net: 192.168.3.190 - (Link Data) Network Mask: 255.255.255.255 - Number of TOS metrics: 0 - TOS 0 Metric: 39063 - # show ip ospf database network 192.168.0.49 + Link connected to: Stub Network + (Link ID) Net: 192.168.3.190 + (Link Data) Network Mask: 255.255.255.255 + Number of TOS metrics: 0 + TOS 0 Metric: 39063 + # show ip ospf database network 192.168.0.49 - OSPF Router with ID (192.168.0.53) + OSPF Router with ID (192.168.0.53) - Net Link States (Area 0.0.0.0) + Net Link States (Area 0.0.0.0) - LS age: 285 - Options: 0x2 : *|-|-|-|-|-|E|* - LS Flags: 0x6 - LS Type: network-LSA - Link State ID: 192.168.0.49 (address of Designated Router) - Advertising Router: 192.168.0.49 - LS Seq Number: 80000074 - Checksum: 0x0103 - Length: 40 - Network Mask: /29 - Attached Router: 192.168.0.49 - Attached Router: 192.168.0.52 - Attached Router: 192.168.0.53 - Attached Router: 192.168.0.54 + LS age: 285 + Options: 0x2 : *|-|-|-|-|-|E|* + LS Flags: 0x6 + LS Type: network-LSA + Link State ID: 192.168.0.49 (address of Designated Router) + Advertising Router: 192.168.0.49 + LS Seq Number: 80000074 + Checksum: 0x0103 + Length: 40 + Network Mask: /29 + Attached Router: 192.168.0.49 + Attached Router: 192.168.0.52 + Attached Router: 192.168.0.53 + Attached Router: 192.168.0.54 Note that from one LSA, you can find the other. E.g. Given the @@ -412,26 +412,26 @@ following partial topology: :: - ------------------------ Network: ...... - | Designated Router IP: 192.168.1.3 - | - IP: 192.168.1.3 - (transit link) - (cost: 10) - Router ID: 192.168.0.49(stub)---------- IP: 192.168.3.190/32 - (cost: 10) (cost: 39063) - (transit link) - IP: 192.168.0.49 - | - | - ------------------------------ Network: 192.168.0.48/29 - | | | Designated Router IP: 192.168.0.49 - | | | - | | Router ID: 192.168.0.54 - | | - | Router ID: 192.168.0.53 - | - Router ID: 192.168.0.52 + ------------------------ Network: ...... + | Designated Router IP: 192.168.1.3 + | + IP: 192.168.1.3 + (transit link) + (cost: 10) + Router ID: 192.168.0.49(stub)---------- IP: 192.168.3.190/32 + (cost: 10) (cost: 39063) + (transit link) + IP: 192.168.0.49 + | + | + ------------------------------ Network: 192.168.0.48/29 + | | | Designated Router IP: 192.168.0.49 + | | | + | | Router ID: 192.168.0.54 + | | + | Router ID: 192.168.0.53 + | + Router ID: 192.168.0.52 Note the Router IDs, though they look like IP addresses and often are @@ -495,22 +495,22 @@ should forward to the originating ASBR if selected. :: - # show ip ospf database external 192.168.165.0 - LS age: 995 - Options: 0x2 : *|-|-|-|-|-|E|* - LS Flags: 0x9 - LS Type: AS-external-LSA - Link State ID: 192.168.165.0 (External Network Number) - Advertising Router: 192.168.0.49 - LS Seq Number: 800001d8 - Checksum: 0xea27 - Length: 36 - Network Mask: /24 - Metric Type: 2 (Larger than any link state path) - TOS: 0 - Metric: 20 - Forward Address: 0.0.0.0 - External Route Tag: 0 + # show ip ospf database external 192.168.165.0 + LS age: 995 + Options: 0x2 : *|-|-|-|-|-|E|* + LS Flags: 0x9 + LS Type: AS-external-LSA + Link State ID: 192.168.165.0 (External Network Number) + Advertising Router: 192.168.0.49 + LS Seq Number: 800001d8 + Checksum: 0xea27 + Length: 36 + Network Mask: /24 + Metric Type: 2 (Larger than any link state path) + TOS: 0 + Metric: 20 + Forward Address: 0.0.0.0 + External Route Tag: 0 We can add this to our partial topology from above, which now looks diff --git a/doc/user/ospfd.rst b/doc/user/ospfd.rst index 59917f5262..f1b77ffe09 100644 --- a/doc/user/ospfd.rst +++ b/doc/user/ospfd.rst @@ -163,7 +163,7 @@ writing, *ospfd* does not support multiple OSPF processes. holdtime can be viewed with :clicmd:`show ip ospf`, where it is expressed as a multiplier of the `initial-holdtime`. - :: + .. code-block:: frr router ospf timers throttle spf 200 400 10000 @@ -249,11 +249,10 @@ writing, *ospfd* does not support multiple OSPF processes. on this interface so router can provide network information to the other ospf routers via this interface. -:: - - router ospf - network 192.168.1.0/24 area 0.0.0.0 + .. code-block:: frr + router ospf + network 192.168.1.0/24 area 0.0.0.0 Prefix length in interface must be equal or bigger (ie. smaller network) than prefix length in network statement. For example statement above doesn't enable @@ -288,23 +287,23 @@ OSPF area .. index:: no area (0-4294967295) range A.B.C.D/M .. clicmd:: no area (0-4294967295) range A.B.C.D/M - Summarize intra area paths from specified area into one Type-3 summary-LSA - announced to other areas. This command can be used only in ABR and ONLY - router-LSAs (Type-1) and network-LSAs (Type-2) (ie. LSAs with scope area) can - be summarized. Type-5 AS-external-LSAs can't be summarized - their scope is AS. - Summarizing Type-7 AS-external-LSAs isn't supported yet by FRR. + Summarize intra area paths from specified area into one Type-3 summary-LSA + announced to other areas. This command can be used only in ABR and ONLY + router-LSAs (Type-1) and network-LSAs (Type-2) (ie. LSAs with scope area) can + be summarized. Type-5 AS-external-LSAs can't be summarized - their scope is AS. + Summarizing Type-7 AS-external-LSAs isn't supported yet by FRR. -:: + .. code-block:: frr - router ospf - network 192.168.1.0/24 area 0.0.0.0 - network 10.0.0.0/8 area 0.0.0.10 - area 0.0.0.10 range 10.0.0.0/8 + router ospf + network 192.168.1.0/24 area 0.0.0.0 + network 10.0.0.0/8 area 0.0.0.10 + area 0.0.0.10 range 10.0.0.0/8 - With configuration above one Type-3 Summary-LSA with routing info 10.0.0.0/8 is - announced into backbone area if area 0.0.0.10 contains at least one intra-area - network (ie. described with router or network LSA) from this range. + With configuration above one Type-3 Summary-LSA with routing info 10.0.0.0/8 is + announced into backbone area if area 0.0.0.10 contains at least one intra-area + network (ie. described with router or network LSA) from this range. .. index:: area A.B.C.D range IPV4_PREFIX not-advertise .. clicmd:: area A.B.C.D range IPV4_PREFIX not-advertise @@ -324,12 +323,12 @@ OSPF area Substitute summarized prefix with another prefix. -:: + .. code-block:: frr - router ospf - network 192.168.1.0/24 area 0.0.0.0 - network 10.0.0.0/8 area 0.0.0.10 - area 0.0.0.10 range 10.0.0.0/8 substitute 11.0.0.0/8 + router ospf + network 192.168.1.0/24 area 0.0.0.0 + network 10.0.0.0/8 area 0.0.0.10 + area 0.0.0.10 range 10.0.0.0/8 substitute 11.0.0.0/8 One Type-3 summary-LSA with routing info 11.0.0.0/8 is announced into backbone area if @@ -421,16 +420,15 @@ OSPF area Filter Type-3 summary-LSAs announced to other areas originated from intra- area paths from specified area. -:: - - router ospf - network 192.168.1.0/24 area 0.0.0.0 - network 10.0.0.0/8 area 0.0.0.10 - area 0.0.0.10 export-list foo - ! - access-list foo permit 10.10.0.0/16 - access-list foo deny any + .. code-block:: frr + router ospf + network 192.168.1.0/24 area 0.0.0.0 + network 10.0.0.0/8 area 0.0.0.10 + area 0.0.0.10 export-list foo + ! + access-list foo permit 10.10.0.0/16 + access-list foo deny any With example above any intra-area paths from area 0.0.0.10 and from range 10.10.0.0/16 (for example 10.10.1.0/24 and 10.10.2.128/30) are announced into @@ -452,8 +450,8 @@ OSPF area .. index:: no area (0-4294967295) import-list NAME .. clicmd:: no area (0-4294967295) import-list NAME - Same as export-list, but it applies to paths announced into specified area as - Type-3 summary-LSAs. + Same as export-list, but it applies to paths announced into specified area + as Type-3 summary-LSAs. .. index:: area A.B.C.D filter-list prefix NAME in .. clicmd:: area A.B.C.D filter-list prefix NAME in @@ -479,8 +477,8 @@ OSPF area .. index:: no area (0-4294967295) filter-list prefix NAME out .. clicmd:: no area (0-4294967295) filter-list prefix NAME out - Filtering Type-3 summary-LSAs to/from area using prefix lists. This command - makes sense in ABR only. + Filtering Type-3 summary-LSAs to/from area using prefix lists. This command + makes sense in ABR only. .. index:: area A.B.C.D authentication .. clicmd:: area A.B.C.D authentication @@ -494,8 +492,8 @@ OSPF area .. index:: no area (0-4294967295) authentication .. clicmd:: no area (0-4294967295) authentication - Specify that simple password authentication should be used for the given - area. + Specify that simple password authentication should be used for the given + area. .. index:: area A.B.C.D authentication message-digest .. clicmd:: area A.B.C.D authentication message-digest @@ -568,12 +566,11 @@ OSPF interface Set OSPF authentication key to a cryptographic password. The cryptographic algorithm is MD5. - KEYID identifies secret key used to create the message digest. This ID - is part of the protocol and must be consistent across routers on a - link. + KEYID identifies secret key used to create the message digest. This ID is + part of the protocol and must be consistent across routers on a link. - KEY is the actual message digest key, of up to 16 chars (larger strings - will be truncated), and is associated with the given KEYID. + KEY is the actual message digest key, of up to 16 chars (larger strings will + be truncated), and is associated with the given KEYID. .. index:: ip ospf cost (1-65535) .. clicmd:: ip ospf cost (1-65535) @@ -581,8 +578,8 @@ OSPF interface .. index:: no ip ospf cost .. clicmd:: no ip ospf cost - Set link cost for the specified interface. The cost value is set to router-LSA's - metric field and used for SPF calculation. + Set link cost for the specified interface. The cost value is set to + router-LSA's metric field and used for SPF calculation. .. index:: ip ospf dead-interval (1-65535) .. clicmd:: ip ospf dead-interval (1-65535) @@ -635,10 +632,9 @@ OSPF interface .. index:: no ip ospf priority .. clicmd:: no ip ospf priority - Set RouterPriority integer value. The router with the highest priority - will be more eligible to become Designated Router. Setting the value - to 0, makes the router ineligible to become Designated Router. The - default value is 1. + Set RouterPriority integer value. The router with the highest priority will + be more eligible to become Designated Router. Setting the value to 0, makes + the router ineligible to become Designated Router. The default value is 1. .. index:: ip ospf retransmit-interval (1-65535) .. clicmd:: ip ospf retransmit-interval (1-65535) @@ -646,9 +642,9 @@ OSPF interface .. index:: no ip ospf retransmit interval .. clicmd:: no ip ospf retransmit interval - Set number of seconds for RxmtInterval timer value. This value is used - when retransmitting Database Description and Link State Request packets. - The default value is 5 seconds. + Set number of seconds for RxmtInterval timer value. This value is used when + retransmitting Database Description and Link State Request packets. The + default value is 5 seconds. .. index:: ip ospf transmit-delay .. clicmd:: ip ospf transmit-delay @@ -657,8 +653,7 @@ OSPF interface .. clicmd:: no ip ospf transmit-delay Set number of seconds for InfTransDelay value. LSAs' age should be - incremented by this value when transmitting. - The default value is 1 seconds. + incremented by this value when transmitting. The default value is 1 second. .. index:: ip ospf area (A.B.C.D|(0-4294967295)) .. clicmd:: ip ospf area (A.B.C.D|(0-4294967295)) @@ -666,7 +661,7 @@ OSPF interface .. index:: no ip ospf area .. clicmd:: no ip ospf area - Enable ospf on an interface and set associated area. + Enable ospf on an interface and set associated area. .. _redistribute-routes-to-ospf: @@ -702,16 +697,16 @@ Redistribute routes to OSPF .. _ospf-redistribute: - Redistribute routes of the specified protocol - or kind into OSPF, with the metric type and metric set if specified, - filtering the routes using the given route-map if specified. - Redistributed routes may also be filtered with distribute-lists, see + Redistribute routes of the specified protocol or kind into OSPF, with the + metric type and metric set if specified, filtering the routes using the + given route-map if specified. Redistributed routes may also be filtered + with distribute-lists, see :ref:`ospf distribute-list configuration `. - Redistributed routes are distributed as into OSPF as Type-5 External - LSAs into links to areas that accept external routes, Type-7 External LSAs - for NSSA areas and are not redistributed at all into Stub areas, where - external routes are not permitted. + Redistributed routes are distributed as into OSPF as Type-5 External LSAs + into links to areas that accept external routes, Type-7 External LSAs for + NSSA areas and are not redistributed at all into Stub areas, where external + routes are not permitted. Note that for connected routes, one may instead use the `passive-interface` configuration. @@ -747,10 +742,10 @@ Redistribute routes to OSPF .. index:: no default-information originate .. clicmd:: no default-information originate - Originate an AS-External (type-5) LSA describing a default route into - all external-routing capable areas, of the specified metric and metric - type. If the 'always' keyword is given then the default is always - advertised, even when there is no default present in the routing table. + Originate an AS-External (type-5) LSA describing a default route into all + external-routing capable areas, of the specified metric and metric type. If + the 'always' keyword is given then the default is always advertised, even + when there is no default present in the routing table. .. index:: distribute-list NAME out (kernel|connected|static|rip|ospf .. clicmd:: distribute-list NAME out (kernel|connected|static|rip|ospf @@ -760,9 +755,9 @@ Redistribute routes to OSPF .. _ospf-distribute-list: - Apply the access-list filter, NAME, to - redistributed routes of the given type before allowing the routes to - redistributed into OSPF (:ref:`ospf redistribution `). + Apply the access-list filter, NAME, to redistributed routes of the given + type before allowing the routes to redistributed into OSPF + (:ref:`ospf redistribution `). .. index:: default-metric (0-16777214) .. clicmd:: default-metric (0-16777214) @@ -850,7 +845,8 @@ Showing OSPF information .. index:: show ip ospf route .. clicmd:: show ip ospf route - Show the OSPF routing table, as determined by the most recent SPF calculation. + Show the OSPF routing table, as determined by the most recent SPF + calculation. .. _opaque-lsa: @@ -869,9 +865,9 @@ Opaque LSA .. index:: no capability opaque .. clicmd:: no capability opaque - *ospfd* support Opaque LSA (RFC2370) as fondment for MPLS Traffic Engineering - LSA. Prior to used MPLS TE, opaque-lsa must be enable in the configuration - file. Alternate command could be "mpls-te on" + *ospfd* support Opaque LSA (:rfc:`2370`) as fondment for MPLS Traffic + Engineering LSA. Prior to used MPLS TE, opaque-lsa must be enable in the + configuration file. Alternate command could be "mpls-te on" (:ref:`ospf-traffic-engineering`). .. index:: show ip ospf database (opaque-link|opaque-area|opaque-external) @@ -981,18 +977,19 @@ Router Information .. index:: no pce scope .. clicmd:: no pce scope - The commands are conform to :rfc:`5088` and allow OSPF router announce Path - Compuatation Elemenent (PCE) capabilities through the Router Information (RI) - LSA. Router Information must be enable prior to this. The command set/unset - respectively the PCE IP adress, Autonomous System (AS) numbers of controlled - domains, neighbor ASs, flag and scope. For flag and scope, please refer to - :rfc`5088` for the BITPATTERN recognition. Multiple 'pce neighbor' command - could be specified in order to specify all PCE neighbours. + The commands are conform to :rfc:`5088` and allow OSPF router announce Path + Compuatation Elemenent (PCE) capabilities through the Router Information + (RI) LSA. Router Information must be enable prior to this. The command + set/unset respectively the PCE IP adress, Autonomous System (AS) numbers of + controlled domains, neighbor ASs, flag and scope. For flag and scope, please + refer to :rfc`5088` for the BITPATTERN recognition. Multiple 'pce neighbor' + command could be specified in order to specify all PCE neighbours. .. index:: show ip ospf router-info .. clicmd:: show ip ospf router-info Show Router Capabilities flag. + .. index:: show ip ospf router-info pce .. clicmd:: show ip ospf router-info pce @@ -1028,10 +1025,10 @@ This is an EXPERIMENTAL support of Segment Routing as per draft .. index:: [no] segment-routing prefix A.B.C.D/M index (0-65535) [no-php-flag] .. clicmd:: [no] segment-routing prefix A.B.C.D/M index (0-65535) [no-php-flag] - Set the Segment Rounting index for the specifyed prefix. Note - that, only prefix with /32 corresponding to a loopback interface are - currently supported. The 'no-php-flag' means NO Penultimate Hop Popping that - allows SR node to request to its neighbor to not pop the label. + Set the Segment Rounting index for the specifyed prefix. Note that, only + prefix with /32 corresponding to a loopback interface are currently + supported. The 'no-php-flag' means NO Penultimate Hop Popping that allows SR + node to request to its neighbor to not pop the label. .. index:: show ip ospf database segment-routing [json] .. clicmd:: show ip ospf database segment-routing [json] @@ -1140,7 +1137,7 @@ OSPF Configuration Examples A simple example, with MD5 authentication enabled: -:: +.. code-block:: frr ! interface bge0 @@ -1155,7 +1152,7 @@ A simple example, with MD5 authentication enabled: An :abbr:`ABR` router, with MD5 authentication and performing summarisation of networks between the areas: -:: +.. code-block:: frr ! password ABCDEF @@ -1189,7 +1186,9 @@ of networks between the areas: A Traffic Engineering configuration, with Inter-ASv2 support. -First, the 'zebra.conf' part::: +First, the :file:`zebra.conf` part: + +.. code-block:: frr interface eth0 ip address 198.168.1.1/24 @@ -1262,7 +1261,9 @@ First, the 'zebra.conf' part::: unrsv-bw 7 1.25e+06 neighbor 192.168.2.2 as 65000 -Then the 'ospfd.conf' itself::: +Then the :file:`ospfd.conf` itself: + +.. code-block:: frr hostname HOSTNAME password PASSWORD @@ -1288,8 +1289,9 @@ Then the 'ospfd.conf' itself::: ! line vty +A router information example with PCE advsertisement: -A router information example with PCE advsertisement::: +.. code-block:: frr ! router ospf diff --git a/doc/user/overview.rst b/doc/user/overview.rst index 064dc436ea..38d55d68ad 100644 --- a/doc/user/overview.rst +++ b/doc/user/overview.rst @@ -95,17 +95,17 @@ architecture creates new possibilities for the routing system. :: - +----+ +----+ +-----+ +-----+ - |bgpd| |ripd| |ospfd| |zebra| - +----+ +----+ +-----+ +-----+ - | - +---------------------------|--+ - | v | - | UNIX Kernel routing table | - | | - +------------------------------+ + +----+ +----+ +-----+ +-----+ + |bgpd| |ripd| |ospfd| |zebra| + +----+ +----+ +-----+ +-----+ + | + +---------------------------|--+ + | v | + | UNIX Kernel routing table | + | | + +------------------------------+ - FRR System Architecture + FRR System Architecture Multi-process architecture brings extensibility, modularity and diff --git a/doc/user/pim.rst b/doc/user/pim.rst index b9945680cf..2dda88a6d1 100644 --- a/doc/user/pim.rst +++ b/doc/user/pim.rst @@ -214,8 +214,8 @@ is in a vrf, enter the interface command with the vrf keyword at the end. .. _pim-multicast-rib-insertion: -PIM Multicast RIB insertion:: -============================= +PIM Multicast RIB insertion: +============================ In order to influence Multicast RPF lookup, it is possible to insert into zebra routes for the Multicast RIB. These routes are only diff --git a/doc/user/ripd.rst b/doc/user/ripd.rst index 0609c8d616..d2686d2eae 100644 --- a/doc/user/ripd.rst +++ b/doc/user/ripd.rst @@ -146,7 +146,7 @@ RIP Configuration Below is very simple RIP configuration. Interface `eth0` and interface which address match to `10.0.0.0/8` are RIP enabled. - :: + .. code-block:: frr ! router rip @@ -354,7 +354,7 @@ RIP routes can be filtered by a distribute-list. the distribute-list command. For example, in the following configuration ``eth0`` will permit only the paths that match the route 10.0.0.0/8 - :: + .. code-block:: frr ! router rip @@ -446,11 +446,11 @@ Usage of *ripd*'s route-map support. Optional argument route-map MAP_NAME can be added to each `redistribute` statement. -:: +.. code-block:: frr - redistribute static [route-map MAP_NAME] - redistribute connected [route-map MAP_NAME] - ..... + redistribute static [route-map MAP_NAME] + redistribute connected [route-map MAP_NAME] + ..... Cisco applies route-map _before_ routes will exported to rip route table. In @@ -572,17 +572,17 @@ To prevent such unauthenticated querying of routes disable RIPv1, Specifiy Keyed MD5 chain. -:: + .. code-block:: frr - ! - key chain test - key 1 - key-string test - ! - interface eth1 - ip rip authentication mode md5 - ip rip authentication key-chain test - ! + ! + key chain test + key 1 + key-string test + ! + interface eth1 + ip rip authentication mode md5 + ip rip authentication key-chain test + ! .. _rip-timers: diff --git a/doc/user/routemap.rst b/doc/user/routemap.rst index 97094c2d6b..a0f28b5fc8 100644 --- a/doc/user/routemap.rst +++ b/doc/user/routemap.rst @@ -302,11 +302,11 @@ Route Map Examples A simple example of a route-map: -:: +.. code-block:: frr - route-map test permit 10 - match ip address 10 - set local-preference 200 + route-map test permit 10 + match ip address 10 + set local-preference 200 This means that if a route matches ip access-list number 10 it's diff --git a/doc/user/routeserver.rst b/doc/user/routeserver.rst index 890897bb62..f2c2c6d33e 100644 --- a/doc/user/routeserver.rst +++ b/doc/user/routeserver.rst @@ -246,7 +246,7 @@ against the other two routers. These peerings have In and Out route-maps configured, named like 'PEER-X-IN' or 'PEER-X-OUT'. For example the configuration file for router RA could be the following: -:: +.. code-block:: frr #Configuration for router 'RA' ! @@ -319,29 +319,29 @@ modify the configuration of routers RA, RB and RC. Now they must not peer between them, but only with the route server. For example, RA's configuration would turn into: -:: +.. code-block:: frr - # Configuration for router 'RA' - ! - hostname RA - password **** - ! - router bgp 65001 - no bgp default ipv4-unicast - neighbor 2001:0DB8::FFFF remote-as 65000 - ! - address-family ipv6 - network 2001:0DB8:AAAA:1::/64 - network 2001:0DB8:AAAA:2::/64 - network 2001:0DB8:0000:1::/64 - network 2001:0DB8:0000:2::/64 + # Configuration for router 'RA' + ! + hostname RA + password **** + ! + router bgp 65001 + no bgp default ipv4-unicast + neighbor 2001:0DB8::FFFF remote-as 65000 + ! + address-family ipv6 + network 2001:0DB8:AAAA:1::/64 + network 2001:0DB8:AAAA:2::/64 + network 2001:0DB8:0000:1::/64 + network 2001:0DB8:0000:2::/64 - neighbor 2001:0DB8::FFFF activate - neighbor 2001:0DB8::FFFF soft-reconfiguration inbound - exit-address-family - ! - line vty - ! + neighbor 2001:0DB8::FFFF activate + neighbor 2001:0DB8::FFFF soft-reconfiguration inbound + exit-address-family + ! + line vty + ! Which is logically much simpler than its initial configuration, as it now @@ -362,84 +362,84 @@ server. This is a fragment of the route server configuration (we only show the policies for client RA): -:: +.. code-block:: frr - # Configuration for Route Server ('RS') - ! - hostname RS - password ix - ! - bgp multiple-instance - ! - router bgp 65000 view RS - no bgp default ipv4-unicast - neighbor 2001:0DB8::A remote-as 65001 - neighbor 2001:0DB8::B remote-as 65002 - neighbor 2001:0DB8::C remote-as 65003 - ! - address-family ipv6 - neighbor 2001:0DB8::A activate - neighbor 2001:0DB8::A route-server-client - neighbor 2001:0DB8::A route-map RSCLIENT-A-IMPORT import - neighbor 2001:0DB8::A route-map RSCLIENT-A-EXPORT export - neighbor 2001:0DB8::A soft-reconfiguration inbound + # Configuration for Route Server ('RS') + ! + hostname RS + password ix + ! + bgp multiple-instance + ! + router bgp 65000 view RS + no bgp default ipv4-unicast + neighbor 2001:0DB8::A remote-as 65001 + neighbor 2001:0DB8::B remote-as 65002 + neighbor 2001:0DB8::C remote-as 65003 + ! + address-family ipv6 + neighbor 2001:0DB8::A activate + neighbor 2001:0DB8::A route-server-client + neighbor 2001:0DB8::A route-map RSCLIENT-A-IMPORT import + neighbor 2001:0DB8::A route-map RSCLIENT-A-EXPORT export + neighbor 2001:0DB8::A soft-reconfiguration inbound - neighbor 2001:0DB8::B activate - neighbor 2001:0DB8::B route-server-client - neighbor 2001:0DB8::B route-map RSCLIENT-B-IMPORT import - neighbor 2001:0DB8::B route-map RSCLIENT-B-EXPORT export - neighbor 2001:0DB8::B soft-reconfiguration inbound + neighbor 2001:0DB8::B activate + neighbor 2001:0DB8::B route-server-client + neighbor 2001:0DB8::B route-map RSCLIENT-B-IMPORT import + neighbor 2001:0DB8::B route-map RSCLIENT-B-EXPORT export + neighbor 2001:0DB8::B soft-reconfiguration inbound - neighbor 2001:0DB8::C activate - neighbor 2001:0DB8::C route-server-client - neighbor 2001:0DB8::C route-map RSCLIENT-C-IMPORT import - neighbor 2001:0DB8::C route-map RSCLIENT-C-EXPORT export - neighbor 2001:0DB8::C soft-reconfiguration inbound - exit-address-family - ! - ipv6 prefix-list COMMON-PREFIXES seq 5 permit 2001:0DB8:0000::/48 ge 64 le 64 - ipv6 prefix-list COMMON-PREFIXES seq 10 deny any - ! - ipv6 prefix-list PEER-A-PREFIXES seq 5 permit 2001:0DB8:AAAA::/48 ge 64 le 64 - ipv6 prefix-list PEER-A-PREFIXES seq 10 deny any - ! - ipv6 prefix-list PEER-B-PREFIXES seq 5 permit 2001:0DB8:BBBB::/48 ge 64 le 64 - ipv6 prefix-list PEER-B-PREFIXES seq 10 deny any - ! - ipv6 prefix-list PEER-C-PREFIXES seq 5 permit 2001:0DB8:CCCC::/48 ge 64 le 64 - ipv6 prefix-list PEER-C-PREFIXES seq 10 deny any - ! - route-map RSCLIENT-A-IMPORT permit 10 - match peer 2001:0DB8::B - call A-IMPORT-FROM-B - route-map RSCLIENT-A-IMPORT permit 20 - match peer 2001:0DB8::C - call A-IMPORT-FROM-C - ! - route-map A-IMPORT-FROM-B permit 10 - match ipv6 address prefix-list COMMON-PREFIXES - set metric 100 - route-map A-IMPORT-FROM-B permit 20 - match ipv6 address prefix-list PEER-B-PREFIXES - set community 65001:11111 - ! - route-map A-IMPORT-FROM-C permit 10 - match ipv6 address prefix-list COMMON-PREFIXES - set metric 200 - route-map A-IMPORT-FROM-C permit 20 - match ipv6 address prefix-list PEER-C-PREFIXES - set community 65001:22222 - ! - route-map RSCLIENT-A-EXPORT permit 10 - match peer 2001:0DB8::B - match ipv6 address prefix-list PEER-A-PREFIXES - route-map RSCLIENT-A-EXPORT permit 20 - match peer 2001:0DB8::C - match ipv6 address prefix-list PEER-A-PREFIXES - ! - ... - ... - ... + neighbor 2001:0DB8::C activate + neighbor 2001:0DB8::C route-server-client + neighbor 2001:0DB8::C route-map RSCLIENT-C-IMPORT import + neighbor 2001:0DB8::C route-map RSCLIENT-C-EXPORT export + neighbor 2001:0DB8::C soft-reconfiguration inbound + exit-address-family + ! + ipv6 prefix-list COMMON-PREFIXES seq 5 permit 2001:0DB8:0000::/48 ge 64 le 64 + ipv6 prefix-list COMMON-PREFIXES seq 10 deny any + ! + ipv6 prefix-list PEER-A-PREFIXES seq 5 permit 2001:0DB8:AAAA::/48 ge 64 le 64 + ipv6 prefix-list PEER-A-PREFIXES seq 10 deny any + ! + ipv6 prefix-list PEER-B-PREFIXES seq 5 permit 2001:0DB8:BBBB::/48 ge 64 le 64 + ipv6 prefix-list PEER-B-PREFIXES seq 10 deny any + ! + ipv6 prefix-list PEER-C-PREFIXES seq 5 permit 2001:0DB8:CCCC::/48 ge 64 le 64 + ipv6 prefix-list PEER-C-PREFIXES seq 10 deny any + ! + route-map RSCLIENT-A-IMPORT permit 10 + match peer 2001:0DB8::B + call A-IMPORT-FROM-B + route-map RSCLIENT-A-IMPORT permit 20 + match peer 2001:0DB8::C + call A-IMPORT-FROM-C + ! + route-map A-IMPORT-FROM-B permit 10 + match ipv6 address prefix-list COMMON-PREFIXES + set metric 100 + route-map A-IMPORT-FROM-B permit 20 + match ipv6 address prefix-list PEER-B-PREFIXES + set community 65001:11111 + ! + route-map A-IMPORT-FROM-C permit 10 + match ipv6 address prefix-list COMMON-PREFIXES + set metric 200 + route-map A-IMPORT-FROM-C permit 20 + match ipv6 address prefix-list PEER-C-PREFIXES + set community 65001:22222 + ! + route-map RSCLIENT-A-EXPORT permit 10 + match peer 2001:0DB8::B + match ipv6 address prefix-list PEER-A-PREFIXES + route-map RSCLIENT-A-EXPORT permit 20 + match peer 2001:0DB8::C + match ipv6 address prefix-list PEER-A-PREFIXES + ! + ... + ... + ... If you compare the initial configuration of RA with the route server @@ -487,7 +487,7 @@ any limitation, as all kinds of filters can be included in import/export route-maps. For example suppose that in the non-route-server scenario peer RA had the following filters configured for input from peer B: -:: +.. code-block:: frr neighbor 2001:0DB8::B prefix-list LIST-1 in neighbor 2001:0DB8::B filter-list LIST-2 in @@ -507,7 +507,7 @@ the three filters (the community-list, the prefix-list and the route-map). That route-map can then be used inside the Import policy in the route server. Lets see how to do it: -:: +.. code-block:: frr neighbor 2001:0DB8::A route-map RSCLIENT-A-IMPORT import ... diff --git a/doc/user/rpki.rst b/doc/user/rpki.rst index 86d88dcf9b..93a8e4396a 100644 --- a/doc/user/rpki.rst +++ b/doc/user/rpki.rst @@ -164,7 +164,7 @@ Validating BGP Updates In the following example, the router prefers valid routes over invalid prefixes because invalid routes have a lower local preference. - :: + .. code-block:: frr ! Allow for invalid routes in route selection process route bgp 60001 @@ -213,7 +213,7 @@ Displaying RPKI RPKI Configuration Example -------------------------- -:: +.. code-block:: frr hostname bgpd1 password zebra diff --git a/doc/user/snmp.rst b/doc/user/snmp.rst index 114f1f7dfc..1a24d56cb7 100644 --- a/doc/user/snmp.rst +++ b/doc/user/snmp.rst @@ -42,22 +42,23 @@ master SNMP agent (snmpd) and each of the FRR daemons must be configured. In :file:`/etc/snmp/snmpd.conf`, the ``master agentx`` directive should be added. In each of the FRR daemons, ``agentx`` command will enable AgentX support. -:: +:file:`/etc/snmp/snmpd.conf`: + # + # example access restrictions setup + # + com2sec readonly default public + group MyROGroup v1 readonly + view all included .1 80 + access MyROGroup "" any noauth exact all none none + # + # enable master agent for AgentX subagents + # + master agentx - /etc/snmp/snmpd.conf: - # - # example access restrictions setup - # - com2sec readonly default public - group MyROGroup v1 readonly - view all included .1 80 - access MyROGroup "" any noauth exact all none none - # - # enable master agent for AgentX subagents - # - master agentx +:file:`/etc/frr/ospfd.conf:` + + .. code-block:: frr - /etc/frr/ospfd.conf: ! ... the rest of ospfd.conf has been omitted for clarity ... ! agentx @@ -69,16 +70,16 @@ each FRR daemons: :: - 2012/05/25 11:39:08 ZEBRA: snmp[info]: NET-SNMP version 5.4.3 AgentX subagent connected + 2012/05/25 11:39:08 ZEBRA: snmp[info]: NET-SNMP version 5.4.3 AgentX subagent connected Then, you can use the following command to check everything works as expected: :: - # snmpwalk -c public -v1 localhost .1.3.6.1.2.1.14.1.1 - OSPF-MIB::ospfRouterId.0 = IpAddress: 192.168.42.109 - [...] + # snmpwalk -c public -v1 localhost .1.3.6.1.2.1.14.1.1 + OSPF-MIB::ospfRouterId.0 = IpAddress: 192.168.42.109 + [...] The AgentX protocol can be transported over a Unix socket or using TCP or UDP. @@ -88,10 +89,9 @@ need to configure FRR to use another transport, you can configure it through :: - /etc/snmp/frr.conf: - [snmpd] - # Use a remote master agent - agentXSocket tcp:192.168.15.12:705 + [snmpd] + # Use a remote master agent + agentXSocket tcp:192.168.15.12:705 .. _smux-configuration: @@ -112,26 +112,24 @@ In the following example the ospfd daemon will be connected to the snmpd daemon using the password "frr_ospfd". For testing it is recommending to take exactly the below snmpd.conf as wrong access restrictions can be hard to debug. -:: +:file:`/etc/snmp/snmpd.conf`: + # + # example access restrictions setup + # + com2sec readonly default public + group MyROGroup v1 readonly + view all included .1 80 + access MyROGroup "" any noauth exact all none none + # + # the following line is relevant for FRR + # + smuxpeer .1.3.6.1.4.1.3317.1.2.5 frr_ospfd - /etc/snmp/snmpd.conf: - # - # example access restrictions setup - # - com2sec readonly default public - group MyROGroup v1 readonly - view all included .1 80 - access MyROGroup "" any noauth exact all none none - # - # the following line is relevant for FRR - # - smuxpeer .1.3.6.1.4.1.3317.1.2.5 frr_ospfd - - /etc/frr/ospf: - ! ... the rest of ospfd.conf has been omitted for clarity ... - ! - smux peer .1.3.6.1.4.1.3317.1.2.5 frr_ospfd - ! +:file:`/etc/frr/ospf`: + ! ... the rest of ospfd.conf has been omitted for clarity ... + ! + smux peer .1.3.6.1.4.1.3317.1.2.5 frr_ospfd + ! After restarting snmpd and frr, a successful connection can be verified in the diff --git a/doc/user/snmptrap.rst b/doc/user/snmptrap.rst index 9e642a5d4d..4bc6d40122 100644 --- a/doc/user/snmptrap.rst +++ b/doc/user/snmptrap.rst @@ -42,7 +42,7 @@ The snmptrap_handle.sh script I personally use for handling BGP4 traps is below. You can of course do all sorts of things when handling traps, like sound a siren, have your display flash, etc., be creative ;). -:: +.. code-block:: shell #!/bin/bash diff --git a/doc/user/vnc.rst b/doc/user/vnc.rst index 8be4ff62de..ff6050ca68 100644 --- a/doc/user/vnc.rst +++ b/doc/user/vnc.rst @@ -90,7 +90,7 @@ Default values are overridden by :ref:`vnc-nve-group-configuration`. Enter VNC configuration mode for specifying VNC default behaviors. Use `exit-vnc` to leave VNC configuration mode. `vnc defaults` is optional. -:: +.. code-block:: frr vnc defaults ... various VNC defaults @@ -142,7 +142,7 @@ Defaults section. Enter VNC configuration mode for defining the NVE group `name`. Use `exit` or `exit-vnc` to exit group configuration mode. - :: + .. code-block:: frr vnc nve-group group1 ... configuration commands @@ -315,7 +315,7 @@ L2 Group Configuration. Enter VNC configuration mode for defining the L2 group `name`. Use `exit` or `exit-vnc` to exit group configuration mode. - :: + .. code-block:: frr vnc l2-group group1 ... configuration commands @@ -851,7 +851,9 @@ Tunnel Encapsulation Attribute. A three-way full mesh with three NVEs per NVA. -:file:`bgpd.conf` for ``NVA 1`` (192.168.1.100)::: +:file:`bgpd.conf` for ``NVA 1`` (192.168.1.100): + +.. code-block:: frr router bgp 64512 @@ -883,7 +885,9 @@ Tunnel Encapsulation Attribute. exit -:file:`bgpd.conf` for ``NVA 2`` (192.168.1.101)::: +:file:`bgpd.conf` for ``NVA 2`` (192.168.1.101): + +.. code-block:: frr router bgp 64512 @@ -905,7 +909,9 @@ Tunnel Encapsulation Attribute. exit-vnc exit -:file:`bgpd.conf` for ``NVA 3`` (192.168.1.102)::: +:file:`bgpd.conf` for ``NVA 3`` (192.168.1.102): + +.. code-block:: frr router bgp 64512 @@ -959,7 +965,9 @@ registrations exported this way have a next-hop address of the CE behind the connected (registering) NVE. Exporting VNC routes as IPv4 unicast is enabled with the ``vnc export`` command below. -The configuration for ``VNC-GW 1`` is shown below.:: +The configuration for ``VNC-GW 1`` is shown below. + +.. code-block:: frr router bgp 64512 bgp router-id 192.168.1.101 @@ -994,7 +1002,9 @@ have a statement disabling the IPv4 unicast address family. IPv4 unicast is on by default and this prevents the other VNC-GW and NVAs from learning unicast routes advertised by the route-reflector clients. -Configuration for ``NVA 2``::: +Configuration for ``NVA 2``: + +.. code-block:: frr router bgp 64512 bgp router-id 192.168.1.104 @@ -1077,7 +1087,9 @@ As in the example of :ref:`vnc-mesh-nva-config`, there are two NVE groups. The 7``, and ``NVE 8`` are members of the NVE group ``group1``. The NVEs ``NVE 5``, ``NVE 6``, and ``NVE 9`` are members of the NVE group ``group2``. -:file:`bgpd.conf` for ``BGP Route Reflector 1`` on 192.168.1.100::: +:file:`bgpd.conf` for ``BGP Route Reflector 1`` on 192.168.1.100: + +.. code-block:: frr router bgp 64512 @@ -1106,7 +1118,9 @@ As in the example of :ref:`vnc-mesh-nva-config`, there are two NVE groups. The exit -:file:`bgpd.conf` for ``NVA 2`` on 192.168.1.101::: +:file:`bgpd.conf` for ``NVA 2`` on 192.168.1.101: + +.. code-block:: frr router bgp 64512 @@ -1126,28 +1140,30 @@ As in the example of :ref:`vnc-mesh-nva-config`, there are two NVE groups. The exit-vnc exit -:file:`bgpd.conf` for ``NVA 2`` on 192.168.1.102::: +:file:`bgpd.conf` for ``NVA 2`` on 192.168.1.102: - router bgp 64512 +.. code-block:: frr - bgp router-id 192.168.1.102 + router bgp 64512 - neighbor 192.168.1.100 remote-as 64512 + bgp router-id 192.168.1.102 - address-family ipv4 vpn - neighbor 192.168.1.100 activate - exit-address-family + neighbor 192.168.1.100 remote-as 64512 - vnc defaults - rd 64512:1 - response-lifetime 200 - rt both 1000:1 1000:2 - exit-vnc + address-family ipv4 vpn + neighbor 192.168.1.100 activate + exit-address-family - vnc nve-group group1 - prefix vn 172.16.128.0/17 - exit-vnc - exit + vnc defaults + rd 64512:1 + response-lifetime 200 + rt both 1000:1 1000:2 + exit-vnc + + vnc nve-group group1 + prefix vn 172.16.128.0/17 + exit-vnc + exit While not shown, an NVA can also be configured as a route reflector. @@ -1218,7 +1234,9 @@ VNC-relevant configuration is provided. } } -:file:`bgpd.conf` for ``NVA 2`` on 192.168.1.101::: +:file:`bgpd.conf` for ``NVA 2`` on 192.168.1.101: + +.. code-block:: frr router bgp 64512 @@ -1238,7 +1256,9 @@ VNC-relevant configuration is provided. exit-vnc exit -:file:`bgpd.conf` for ``NVA 3`` on 192.168.1.102::: +:file:`bgpd.conf` for ``NVA 3`` on 192.168.1.102: + +.. code-block:: frr router bgp 64512 @@ -1277,7 +1297,9 @@ reflector configuration. BGP route reflectors ``BGP Route Reflector 1`` and FRR-based NVA with redundant route reflectors -:file:`bgpd.conf` for ``Bgpd Route Reflector 1`` on 192.168.1.100::: +:file:`bgpd.conf` for ``Bgpd Route Reflector 1`` on 192.168.1.100: + +.. code-block:: frr router bgp 64512 @@ -1304,29 +1326,33 @@ reflector configuration. BGP route reflectors ``BGP Route Reflector 1`` and exit-address-family exit -:file:`bgpd.conf` for ``NVA 2`` on 192.168.1.101::: +:file:`bgpd.conf` for ``NVA 2`` on 192.168.1.101: - router bgp 64512 +.. code-block:: frr - bgp router-id 192.168.1.101 + router bgp 64512 - neighbor 192.168.1.100 remote-as 64512 - neighbor 192.168.1.104 remote-as 64512 + bgp router-id 192.168.1.101 - address-family ipv4 vpn - neighbor 192.168.1.100 activate - neighbor 192.168.1.104 activate - exit-address-family + neighbor 192.168.1.100 remote-as 64512 + neighbor 192.168.1.104 remote-as 64512 - vnc nve-group group1 - prefix vn 172.16.0.0/17 - rd 64512:1 - response-lifetime 200 - rt both 1000:1 1000:2 - exit-vnc - exit + address-family ipv4 vpn + neighbor 192.168.1.100 activate + neighbor 192.168.1.104 activate + exit-address-family -:file:`bgpd.conf` for ``NVA 3`` on 192.168.1.102::: + vnc nve-group group1 + prefix vn 172.16.0.0/17 + rd 64512:1 + response-lifetime 200 + rt both 1000:1 1000:2 + exit-vnc + exit + +:file:`bgpd.conf` for ``NVA 3`` on 192.168.1.102: + +.. code-block:: frr router bgp 64512 @@ -1417,7 +1443,7 @@ reflector configuration. BGP route reflectors ``BGP Route Reflector 1`` and } } -.. [#] The nve-id is carriedin the route distinguisher. It is the second octet +.. [#] The nve-id is carried in the route distinguisher. It is the second octet of the eight-octet route distinguisher generated for Ethernet / L2 advertisements. The first octet is a constant 0xFF, and the third through eighth octets are set to the L2 diff --git a/doc/user/zebra.rst b/doc/user/zebra.rst index 9928ab0124..7c886e785e 100644 --- a/doc/user/zebra.rst +++ b/doc/user/zebra.rst @@ -240,7 +240,8 @@ defines static prefix and gateway. Some example configuration: - :: + .. code-block:: frr + ip route 10.0.0.0/8 10.0.0.2 ip route 10.0.0.0/8 ppp0 ip route 10.0.0.0/8 null0 @@ -256,7 +257,7 @@ defines static prefix and gateway. A.B.C.D format, user must define NETMASK value with A.B.C.D format. GATEWAY is same option as above command. - :: + .. code-block:: frr ip route 10.0.0.0 255.255.255.0 10.0.0.2 ip route 10.0.0.0 255.255.255.0 ppp0 @@ -270,9 +271,9 @@ defines static prefix and gateway. Installs the route with the specified distance. -Multiple nexthop static route +Multiple nexthop static route: -:: +.. code-block:: frr ip route 10.0.0.1/32 10.0.0.2 ip route 10.0.0.1/32 10.0.0.3 @@ -294,7 +295,7 @@ nexthops, if the platform supports this. * is directly connected, eth0 -:: +.. code-block:: frr ip route 10.0.0.0/8 10.0.0.2 ip route 10.0.0.0/8 10.0.0.3 @@ -373,30 +374,30 @@ unicast topology! MODE sets the method used to perform RPF lookups. Supported modes: -urib-only - Performs the lookup on the Unicast RIB. The Multicast RIB is never used. + urib-only + Performs the lookup on the Unicast RIB. The Multicast RIB is never used. -mrib-only - Performs the lookup on the Multicast RIB. The Unicast RIB is never used. + mrib-only + Performs the lookup on the Multicast RIB. The Unicast RIB is never used. -mrib-then-urib - Tries to perform the lookup on the Multicast RIB. If any route is found, - that route is used. Otherwise, the Unicast RIB is tried. + mrib-then-urib + Tries to perform the lookup on the Multicast RIB. If any route is found, + that route is used. Otherwise, the Unicast RIB is tried. -lower-distance - Performs a lookup on the Multicast RIB and Unicast RIB each. The result - with the lower administrative distance is used; if they're equal, the - Multicast RIB takes precedence. + lower-distance + Performs a lookup on the Multicast RIB and Unicast RIB each. The result + with the lower administrative distance is used; if they're equal, the + Multicast RIB takes precedence. -longer-prefix - Performs a lookup on the Multicast RIB and Unicast RIB each. The result - with the longer prefix length is used; if they're equal, the - Multicast RIB takes precedence. + longer-prefix + Performs a lookup on the Multicast RIB and Unicast RIB each. The result + with the longer prefix length is used; if they're equal, the + Multicast RIB takes precedence. - The `mrib-then-urib` setting is the default behavior if nothing is - configured. If this is the desired behavior, it should be explicitly - configured to make the configuration immune against possible changes in - what the default behavior is. + The `mrib-then-urib` setting is the default behavior if nothing is + configured. If this is the desired behavior, it should be explicitly + configured to make the configuration immune against possible changes in + what the default behavior is. .. warning:: Unreachable routes do not receive special treatment and do not cause @@ -477,7 +478,7 @@ The following creates a prefix-list that matches all addresses, a route-map that sets the preferred source address, and applies the route-map to all *rip* routes. -:: +.. code-block:: frr ip prefix-list ANY permit 0.0.0.0/0 le 32 route-map RM1 permit 10