proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-08-12 09:52:27 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

doc: manually finish conversion

Browse Source 
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
This commit is contained in:
Quentin Young 2018-01-29 16:38:07 -05:00
parent d1a242fdbf
commit c1a54c054d
No known key found for this signature in database
GPG Key ID: DAF48E0F57E0834F
20 changed files with 4615 additions and 4984 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
doc/user/appendix.rst
View File

@ -1,11 +1,12 @@
.. _packet-binary-dump-format:
Packet Binary Dump Format
=========================
Packet Binary Dump Format
-------------------------
FRR can dump routing protocol packet into file with a binary format
(@pxref{Dump BGP packets and table}).
FRR can dump routing protocol packet into file with a binary format.
It seems to be better that we share the MRT's header format for
backward compatibility with MRT's dump logs. We should also define the

1276
doc/user/bgp.rst
View File

File diff suppressed because it is too large Load Diff

109
doc/user/eigrpd.rst
View File

@ -18,16 +18,14 @@ known topology.
Starting and Stopping eigrpd
============================
The default configuration file name of *eigrpd*'s is
:file:`eigrpd.conf`. When invocation *eigrpd* searches directory
|INSTALL_PREFIX_ETC|. If :file:`eigrpd.conf` is not there next
search current directory. If an integrated config is specified
configuration is written into frr.conf
The default configuration file name of *eigrpd*'s is :file:`eigrpd.conf`. When
invocation *eigrpd* searches directory |INSTALL_PREFIX_ETC|. If
:file:`eigrpd.conf` is not there next search current directory. If an
integrated config is specified configuration is written into :file:`frr.conf`.
The EIGRP protocol requires interface information
maintained by *zebra* daemon. So running *zebra*
is mandatory to run *eigrpd*. Thus minimum sequence for running
EIGRP is like below:
The EIGRP protocol requires interface information maintained by *zebra* daemon.
So running *zebra* is mandatory to run *eigrpd*. Thus minimum sequence for
running EIGRP is:
::
@ -37,8 +35,10 @@ EIGRP is like below:
Please note that *zebra* must be invoked before *eigrpd*.
To stop *eigrpd*. Please use @command{kill `cat
/var/run/eigrpd.pid`}. Certain signals have special meanings to *eigrpd*.
To stop *eigrpd*, please use ::
kill `cat /var/run/eigrpd.pid`
Certain signals have special meanings to *eigrpd*.
+------------------+-----------------------------------------------------------+
| Signal | Meaning |
@ -65,23 +65,23 @@ EIGRP Configuration
===================
.. index:: router eigrp (1-65535)
.. clicmd:: router eigrp (1-65535)
The `router eigrp` command is necessary to enable EIGRP. To disable EIGRP,
use the `no router eigrp (1-65535)` command. EIGRP must be enabled before
carrying out any of the EIGRP commands.
.. index:: no router eigrp (1-65535)
.. clicmd:: no router eigrp (1-65535)
Disable EIGRP.
.. index:: network NETWORK
.. clicmd:: network NETWORK
.. index:: no network NETWORK
.. index:: no network NETWORK
.. clicmd:: no network NETWORK
Set the EIGRP enable interface by `network`. The interfaces which
have addresses matching with `network` are enabled.
@ -102,19 +102,17 @@ EIGRP Configuration
!
Passive interface
.. index:: passive-interface (IFNAME|default)
.. clicmd:: passive-interface (IFNAME|default)
.. index:: no passive-interface IFNAME
.. index:: no passive-interface IFNAME
.. clicmd:: no passive-interface IFNAME
This command sets the specified interface to passive mode. On passive mode
interface, all receiving packets are ignored and eigrpd does
not send either multicast or unicast EIGRP packets except to EIGRP neighbors
specified with `neighbor` command. The interface may be specified
as `default` to make eigrpd default to passive on all interfaces.
interface, all receiving packets are ignored and eigrpd does not send either
multicast or unicast EIGRP packets except to EIGRP neighbors specified with
`neighbor` command. The interface may be specified as `default` to make
eigrpd default to passive on all interfaces.
The default is to be passive on all interfaces.
@ -124,70 +122,66 @@ How to Announce EIGRP route
===========================
.. index:: redistribute kernel
.. clicmd:: redistribute kernel
.. index:: redistribute kernel metric (1-4294967295) (0-4294967295) (0-255) (1-255) (1-65535)
.. clicmd:: redistribute kernel metric (1-4294967295) (0-4294967295) (0-255) (1-255) (1-65535)
.. index:: no redistribute kernel
.. index:: no redistribute kernel
.. clicmd:: no redistribute kernel
`redistribute kernel` redistributes routing information from
kernel route entries into the EIGRP tables. `no redistribute kernel`
disables the routes.
`redistribute kernel` redistributes routing information from kernel route
entries into the EIGRP tables. `no redistribute kernel` disables the routes.
.. index:: redistribute static
.. clicmd:: redistribute static
.. index:: redistribute static metric (1-4294967295) (0-4294967295) (0-255) (1-255) (1-65535)
.. clicmd:: redistribute static metric (1-4294967295) (0-4294967295) (0-255) (1-255) (1-65535)
.. index:: no redistribute static
.. index:: no redistribute static
.. clicmd:: no redistribute static
`redistribute static` redistributes routing information from
static route entries into the EIGRP tables. `no redistribute static`
disables the routes.
`redistribute static` redistributes routing information from static route
entries into the EIGRP tables. `no redistribute static` disables the routes.
.. index:: redistribute connected
.. clicmd:: redistribute connected
.. index:: redistribute connected metric (1-4294967295) (0-4294967295) (0-255) (1-255) (1-65535)
.. clicmd:: redistribute connected metric (1-4294967295) (0-4294967295) (0-255) (1-255) (1-65535)
.. index:: no redistribute connected
.. index:: no redistribute connected
.. clicmd:: no redistribute connected
Redistribute connected routes into the EIGRP tables. `no redistribute
connected` disables the connected routes in the EIGRP tables. This command
redistribute connected of the interface which EIGRP disabled. The connected
route on EIGRP enabled interface is announced by default.
.. index:: redistribute ospf
.. clicmd:: redistribute ospf
.. index:: redistribute ospf metric (1-4294967295) (0-4294967295) (0-255) (1-255) (1-65535)
.. clicmd:: redistribute ospf metric (1-4294967295) (0-4294967295) (0-255) (1-255) (1-65535)
.. index:: no redistribute ospf
.. index:: no redistribute ospf
.. clicmd:: no redistribute ospf
`redistribute ospf` redistributes routing information from ospf route
entries into the EIGRP tables. `no redistribute ospf` disables the
routes.
entries into the EIGRP tables. `no redistribute ospf` disables the routes.
.. index:: redistribute bgp
.. clicmd:: redistribute bgp
.. index:: redistribute bgp metric (1-4294967295) (0-4294967295) (0-255) (1-255) (1-65535)
.. clicmd:: redistribute bgp metric (1-4294967295) (0-4294967295) (0-255) (1-255) (1-65535)
.. index:: no redistribute bgp
.. index:: no redistribute bgp
.. clicmd:: no redistribute bgp
`redistribute bgp` redistributes routing information from
bgp route entries into the EIGRP tables. `no redistribute bgp`
disables the routes.
`redistribute bgp` redistributes routing information from bgp route entries
into the EIGRP tables. `no redistribute bgp` disables the routes.
.. _Show_EIGRP_Information:
@ -197,15 +191,15 @@ Show EIGRP Information
To display EIGRP routes.
.. index:: show ip eigrp topology
.. clicmd:: show ip eigrp topology
Show EIGRP routes.
The command displays all EIGRP routes.
.. index:: show ip eigrp topology
.. clicmd:: show ip eigrp topology
The command displays current EIGRP status
::
@ -228,24 +222,25 @@ EIGRP Debug Commands
Debug for EIGRP protocol.
.. index:: debug eigrp packets
.. clicmd:: debug eigrp packets
Debug eigrp packets
`debug eigrp` will show EIGRP packets that are sent and recevied.
``debug eigrp`` will show EIGRP packets that are sent and recevied.
.. index:: debug eigrp transmit
.. clicmd:: debug eigrp transmit
Debug eigrp transmit events
`debug eigrp transmit` will display detailed information about the EIGRP transmit events.
``debug eigrp transmit`` will display detailed information about the EIGRP
transmit events.
.. index:: show debugging eigrp
.. clicmd:: show debugging eigrp
Display *eigrpd*'s debugging option.
`show debugging eigrp` will show all information currently set for eigrpd
``show debugging eigrp`` will show all information currently set for eigrpd
debug.

129
doc/user/filter.rst
View File

@ -6,17 +6,14 @@ FRR provides many very flexible filtering features. Filtering is used
for both input and output of the routing information. Once filtering is
defined, it can be applied in any direction.
@comment node-name, next, previous, up
IP Access List
==============
.. index:: {Command} {access-list `name` permit `ipv4-network`} {}
.. index:: access-list NAME permit IPV4-NETWORK
.. clicmd:: access-list NAME permit IPV4-NETWORK
{Command} {access-list `name` permit `ipv4-network`} {}
.. index:: {Command} {access-list `name` deny `ipv4-network`} {}
{Command} {access-list `name` deny `ipv4-network`} {}
.. index:: access-list NAME deny IPV4-NETWORK
.. clicmd:: access-list NAME deny IPV4-NETWORK
Basic filtering is done by `access-list` as shown in the
following example.
@ -27,8 +24,6 @@ IP Access List
access-list filter permit 10.0.0.0/8
@comment node-name, next, previous, up
IP Prefix List
==============
@ -41,17 +36,15 @@ filters to arbitrary points of prefix-list using sequential number specification
If no ip prefix-list is specified, it acts as permit. If *ip prefix-list*
is defined, and no match is found, default deny is applied.
.. index:: {Command} {ip prefix-list `name` (permit|deny) `prefix` [le `len`] [ge `len`]} {}
.. index:: ip prefix-list NAME (permit|deny) PREFIX [le LEN] [ge LEN]
.. clicmd:: ip prefix-list NAME (permit|deny) PREFIX [le LEN] [ge LEN]
{Command} {ip prefix-list `name` (permit|deny) `prefix` [le `len`] [ge `len`]} {}
.. index:: {Command} {ip prefix-list `name` seq `number` (permit|deny) `prefix` [le `len`] [ge `len`]} {}
.. index:: ip prefix-list NAME seq NUMBER (permit|deny) PREFIX [le LEN] [ge LEN]
.. clicmd:: ip prefix-list NAME seq NUMBER (permit|deny) PREFIX [le LEN] [ge LEN]
{Command} {ip prefix-list `name` seq `number` (permit|deny) `prefix` [le `len`] [ge `len`]} {}
You can create *ip prefix-list* using above commands.
*@asis{seq}*
seq
seq `number` can be set either automatically or manually. In the
case that sequential numbers are set manually, the user may pick any
number less than 4294967295. In the case that sequential number are set
@ -64,15 +57,13 @@ is defined, and no match is found, default deny is applied.
lists 2 and 7 already exist and a new list with no specified number is
created, the new list will be numbered 10.
le
Specifies prefix length. The prefix list will be applied if the prefix
length is less than or equal to the le prefix length.
*@asis{le}*
*le* command specifies prefix length. The prefix list will be
applied if the prefix length is less than or equal to the le prefix length.
*@asis{ge}*
*ge* command specifies prefix length. The prefix list will be
applied if the prefix length is greater than or equal to the ge prefix length.
ge
Specifies prefix length. The prefix list will be applied if the prefix
length is greater than or equal to the ge prefix length.
Less than or equal to prefix numbers and greater than or equal to
@ -93,24 +84,23 @@ is defined, and no match is found, default deny is applied.
In the case of no le or ge command, the prefix length must match exactly the
length specified in the prefix list.
.. index:: {Command} {no ip prefix-list `name`} {}
{Command} {no ip prefix-list `name`} {}
.. index:: no ip prefix-list NAME
.. clicmd:: no ip prefix-list NAME
.. _ip_prefix-list_description:
ip prefix-list description
--------------------------
.. index:: {Command} {ip prefix-list `name` description `desc`} {}
.. index:: ip prefix-list NAME description DESC
.. clicmd:: ip prefix-list NAME description DESC
{Command} {ip prefix-list `name` description `desc`} {}
Descriptions may be added to prefix lists. This command adds a
description to the prefix list.
.. index:: {Command} {no ip prefix-list `name` description [`desc`]} {}
.. index:: no ip prefix-list NAME description [DESC]
.. clicmd:: no ip prefix-list NAME description [DESC]
{Command} {no ip prefix-list `name` description [`desc`]} {}
Deletes the description from a prefix list. It is possible to use the
command without the full description.
@ -119,15 +109,15 @@ ip prefix-list description
ip prefix-list sequential number control
----------------------------------------
.. index:: {Command} {ip prefix-list sequence-number} {}
.. index:: ip prefix-list sequence-number
.. clicmd:: ip prefix-list sequence-number
{Command} {ip prefix-list sequence-number} {}
With this command, the IP prefix list sequential number is displayed.
This is the default behavior.
.. index:: {Command} {no ip prefix-list sequence-number} {}
.. index:: no ip prefix-list sequence-number
.. clicmd:: no ip prefix-list sequence-number
{Command} {no ip prefix-list sequence-number} {}
With this command, the IP prefix list sequential number is not
displayed.
@ -136,62 +126,53 @@ ip prefix-list sequential number control
Showing ip prefix-list
----------------------
.. index:: {Command} {show ip prefix-list} {}
.. index:: show ip prefix-list
.. clicmd:: show ip prefix-list
{Command} {show ip prefix-list} {}
Display all IP prefix lists.
.. index:: {Command} {show ip prefix-list `name`} {}
.. index:: show ip prefix-list NAME
.. clicmd:: show ip prefix-list NAME
{Command} {show ip prefix-list `name`} {}
Show IP prefix list can be used with a prefix list name.
.. index:: {Command} {show ip prefix-list `name` seq `num`} {}
.. index:: show ip prefix-list NAME seq NUM
.. clicmd:: show ip prefix-list NAME seq NUM
{Command} {show ip prefix-list `name` seq `num`} {}
Show IP prefix list can be used with a prefix list name and sequential
number.
.. index:: {Command} {show ip prefix-list `name` `a.b.c.d/m`} {}
.. index:: show ip prefix-list NAME A.B.C.D/M
.. clicmd:: show ip prefix-list NAME A.B.C.D/M
{Command} {show ip prefix-list `name` `a.b.c.d/m`} {}
If the command longer is used, all prefix lists with prefix lengths equal to
or longer than the specified length will be displayed.
If the command first match is used, the first prefix length match will be
displayed.
or longer than the specified length will be displayed. If the command first
match is used, the first prefix length match will be displayed.
.. index:: {Command} {show ip prefix-list `name` `a.b.c.d/m` longer} {}
{Command} {show ip prefix-list `name` `a.b.c.d/m` longer} {}
.. index:: {Command} {show ip prefix-list `name` `a.b.c.d/m` first-match} {}
{Command} {show ip prefix-list `name` `a.b.c.d/m` first-match} {}
.. index:: {Command} {show ip prefix-list summary} {}
{Command} {show ip prefix-list summary} {}
.. index:: {Command} {show ip prefix-list summary `name`} {}
{Command} {show ip prefix-list summary `name`} {}
.. index:: {Command} {show ip prefix-list detail} {}
{Command} {show ip prefix-list detail} {}
.. index:: {Command} {show ip prefix-list detail `name`} {}
{Command} {show ip prefix-list detail `name`} {}
.. index:: show ip prefix-list NAME A.B.C.D/M longer
.. clicmd:: show ip prefix-list NAME A.B.C.D/M longer
.. index:: show ip prefix-list NAME A.B.C.D/M first-match
.. clicmd:: show ip prefix-list NAME A.B.C.D/M first-match
.. index:: show ip prefix-list summary
.. clicmd:: show ip prefix-list summary
.. index:: show ip prefix-list summary NAME
.. clicmd:: show ip prefix-list summary NAME
.. index:: show ip prefix-list detail
.. clicmd:: show ip prefix-list detail
.. index:: show ip prefix-list detail NAME
.. clicmd:: show ip prefix-list detail NAME
Clear counter of ip prefix-list
-------------------------------
.. index:: {Command} {clear ip prefix-list} {}
.. index:: clear ip prefix-list
.. clicmd:: clear ip prefix-list
{Command} {clear ip prefix-list} {}
Clears the counters of all IP prefix lists. Clear IP Prefix List can be
used with a specified name and prefix.
Clears the counters of all IP prefix lists. Clear IP Prefix List can be used
with a specified name and prefix.
.. index:: {Command} {clear ip prefix-list `name`} {}
{Command} {clear ip prefix-list `name`} {}
.. index:: {Command} {clear ip prefix-list `name` `a.b.c.d/m`} {}
{Command} {clear ip prefix-list `name` `a.b.c.d/m`} {}
.. index:: clear ip prefix-list NAME
.. clicmd:: clear ip prefix-list NAME
.. index:: clear ip prefix-list NAME A.B.C.D/M
.. clicmd:: clear ip prefix-list NAME A.B.C.D/M

3
doc/user/installation.rst
View File

@ -156,6 +156,9 @@ customize the build to include or exclude specific features and dependencies.
Build without SNMP support.
.. option:: --disable-vtysh
Build without VTYSH.
You may specify any combination of the above options to the configure
script. By default, the executables are placed in :file:`/usr/local/sbin`

80
doc/user/ipv6.rst
View File

@ -4,11 +4,12 @@
IPv6 Support
************
FRR fully supports IPv6 routing. As described so far, Frr supports
RIPng, OSPFv3, and BGP-4+. You can give IPv6 addresses to an interface
and configure static IPv6 routing information. FRR IPv6 also provides
automatic address configuration via a feature called ``address auto configuration``. To do it, the router must send router advertisement
messages to the all nodes that exist on the network.
FRR fully supports IPv6 routing. As described so far, Frr supports RIPng,
OSPFv3, and BGP-4+. You can give IPv6 addresses to an interface and configure
static IPv6 routing information. FRR IPv6 also provides automatic address
configuration via a feature called ``address auto configuration``. To do it,
the router must send router advertisement messages to the all nodes that exist
on the network.
Previous versions of FRR could be built without IPv6 support. This is
no longer possible.
@ -17,18 +18,18 @@ Router Advertisement
====================
.. index:: no ipv6 nd suppress-ra
.. clicmd:: no ipv6 nd suppress-ra
Send router advertisment messages.
.. index:: ipv6 nd suppress-ra
.. clicmd:: ipv6 nd suppress-ra
Don't send router advertisment messages.
.. index:: ipv6 nd prefix ipv6prefix [valid-lifetime] [preferred-lifetime] [off-link] [no-autoconfig] [router-address]
.. clicmd:: ipv6 nd prefix ipv6prefix [valid-lifetime] [preferred-lifetime] [off-link] [no-autoconfig] [router-address]
Configuring the IPv6 prefix to include in router advertisements. Several prefix
specific optional parameters and flags may follow:
@ -59,20 +60,18 @@ Router Advertisement
.. index::
single: no ipv6 nd ra-interval [(1-1800)]
single: no ipv6 nd ra-interval [(1-1800)]
.. clicmd:: [no] ipv6 nd ra-interval [(1-1800)]
The maximum time allowed between sending unsolicited multicast router
advertisements from the interface, in seconds.
Default: ``600``
.. index:: ipv6 nd ra-interval msec (70-1800000)
.. index::
single: no ipv6 nd ra-interval [msec (70-1800000)]
single: ipv6 nd ra-interval msec (70-1800000)
.. clicmd:: [no] ipv6 nd ra-interval [msec (70-1800000)]
The maximum time allowed between sending unsolicited multicast router
advertisements from the interface, in milliseconds.
Default: ``600000``
@ -80,8 +79,8 @@ Router Advertisement
.. index::
single: ipv6 nd ra-lifetime (0-9000)
single: no ipv6 nd ra-lifetime [(0-9000)]
.. clicmd:: [no] ipv6 nd ra-lifetime [(0-9000)]
The value to be placed in the Router Lifetime field of router advertisements
sent from the interface, in seconds. Indicates the usefulness of the router
as a default router on this interface. Setting the value to zero indicates
@ -93,30 +92,30 @@ Router Advertisement
.. index::
single: no ipv6 nd reachable-time [(1-3600000)]
single: ipv6 nd reachable-time (1-3600000)
.. clicmd:: [no] ipv6 nd reachable-time [(1-3600000)]
The value to be placed in the Reachable Time field in the Router Advertisement
messages sent by the router, in milliseconds. The configured time enables the
router to detect unavailable neighbors. The value zero means unspecified (by
this router).
The value to be placed in the Reachable Time field in the Router
Advertisement messages sent by the router, in milliseconds. The configured
time enables the router to detect unavailable neighbors. The value zero
means unspecified (by this router).
Default: ``0``
.. index::
single: ipv6 nd managed-config-flag
single: no ipv6 nd managed-config-flag
.. clicmd:: [no] ipv6 nd managed-config-flag
Set/unset flag in IPv6 router advertisements which indicates to hosts that they
should use managed (stateful) protocol for addresses autoconfiguration in
addition to any addresses autoconfigured using stateless address
Set/unset flag in IPv6 router advertisements which indicates to hosts that
they should use managed (stateful) protocol for addresses autoconfiguration
in addition to any addresses autoconfigured using stateless address
autoconfiguration.
Default: not set
.. index::
single: ipv6 nd other-config-flag
single: no ipv6 nd other-config-flag
.. clicmd:: [no] ipv6 nd other-config-flag
Set/unset flag in IPv6 router advertisements which indicates to hosts that
they should use administered (stateful) protocol to obtain autoconfiguration
information other than addresses.
@ -125,8 +124,8 @@ Router Advertisement
.. index::
single: ipv6 nd home-agent-config-flag
single: no ipv6 nd home-agent-config-flag
.. clicmd:: [no] ipv6 nd home-agent-config-flag
Set/unset flag in IPv6 router advertisements which indicates to hosts that
the router acts as a Home Agent and includes a Home Agent Option.
Default: not set
@ -136,18 +135,18 @@ Router Advertisement
.. index::
single: no ipv6 nd home-agent-preference [(0-65535)]
single: ipv6 nd home-agent-preference (0-65535)
.. clicmd:: [no] ipv6 nd home-agent-preference [(0-65535)]
The value to be placed in Home Agent Option, when Home Agent config flag is set,
which indicates to hosts Home Agent preference. The default value of 0 stands
for the lowest preference possible.
The value to be placed in Home Agent Option, when Home Agent config flag is
set, which indicates to hosts Home Agent preference. The default value of 0
stands for the lowest preference possible.
Default: ``0``
.. index::
single: ipv6 nd home-agent-lifetime (0-65520)
single: no ipv6 nd home-agent-lifetime (0-65520)
.. clicmd:: [no] ipv6 nd home-agent-lifetime [(0-65520)]
The value to be placed in Home Agent Option, when Home Agent config flag is set,
which indicates to hosts Home Agent Lifetime. The default value of 0 means to
place the current Router Lifetime value.
@ -157,8 +156,8 @@ Router Advertisement
.. index::
single: ipv6 nd adv-interval-option
single: no ipv6 nd adv-interval-option
.. clicmd:: [no] ipv6 nd adv-interval-option
Include an Advertisement Interval option which indicates to hosts the maximum time,
in milliseconds, between successive unsolicited Router Advertisements.
Default: not set
@ -166,19 +165,19 @@ Router Advertisement
.. index::
single: ipv6 nd router-preference (high|medium|low)
single: no ipv6 nd router-preference (high|medium|low)
.. clicmd:: [no] ipv6 nd router-preference [(high|medium|low)]
Set default router preference in IPv6 router advertisements per RFC4191.
Default: medium
.. index::
single: ipv6 nd mtu (1-65535)
single: no ipv6 nd mtu [(1-65535)]
.. clicmd:: [no] ipv6 nd mtu [(1-65535)]
Include an MTU (type 5) option in each RA packet to assist the attached hosts
in proper interface configuration. The announced value is not verified to be
consistent with router interface MTU.
Include an MTU (type 5) option in each RA packet to assist the attached
hosts in proper interface configuration. The announced value is not verified
to be consistent with router interface MTU.
Default: don't advertise any MTU option.::
interface eth0
@ -186,8 +185,9 @@ Router Advertisement
ipv6 nd prefix 2001:0DB8:5009::/64
For more information see
:t:`RFC2462 (IPv6 Stateless Address Autoconfiguration)`,
:t:`RFC4861 (Neighbor Discovery for IP Version 6 (IPv6))`,
:t:`RFC6275 (Mobility Support in IPv6)` and
:t:`RFC4191 (Default Router Preferences and More-Specific Routes)`.
.. seealso::
- :rfc:`2462` (IPv6 Stateless Address Autoconfiguration)
- :rfc:`4861` (Neighbor Discovery for IP Version 6 (IPv6))
- :rfc:`6275` (Mobility Support in IPv6)
- :rfc:`4191` (Default Router Preferences and More-Specific Routes)

601
doc/user/isisd.rst
View File

@ -16,15 +16,14 @@ like :abbr:`OSPF`. ISIS is widely used in large networks such as :abbr:`ISP
Configuring isisd
=================
There are no *isisd* specific options. Common options can be
specified (:ref:`Common_Invocation_Options`) to *isisd*.
*isisd* needs to acquire interface information from
*zebra* in order to function. Therefore *zebra* must be
running before invoking *isisd*. Also, if *zebra* is
restarted then *isisd* must be too.
There are no *isisd* specific options. Common options can be specified
(:ref:`Common_Invocation_Options`) to *isisd*. *isisd* needs to acquire
interface information from *zebra* in order to function. Therefore *zebra* must
be running before invoking *isisd*. Also, if *zebra* is restarted then *isisd*
must be too.
Like other daemons, *isisd* configuration is done in :abbr:`ISIS`
specific configuration file :file:`isisd.conf`.
Like other daemons, *isisd* configuration is done in :abbr:`ISIS` specific
configuration file :file:`isisd.conf`.
.. _ISIS_router:
@ -34,77 +33,81 @@ ISIS router
To start ISIS process you have to specify the ISIS router. As of this
writing, *isisd* does not support multiple ISIS processes.
.. index:: Command {router isis WORD} {}
.. index:: router isis WORD
.. clicmd:: router isis WORD
Command {router isis WORD} {}
.. index:: Command {no router isis WORD} {}
.. index:: no router isis WORD
.. clicmd:: no router isis WORD
Command {no router isis WORD} {}
.. _router_isis_WORD:
Enable or disable the ISIS process by specifying the ISIS domain with 'WORD'.
*isisd* does not yet support multiple ISIS processes but you must specify
the name of ISIS process. The ISIS process name 'WORD' is then used for interface
(see command :ref:`ip_router_isis_WORD`).
Enable or disable the ISIS process by specifying the ISIS domain with
'WORD'. *isisd* does not yet support multiple ISIS processes but you must
specify the name of ISIS process. The ISIS process name 'WORD' is then used
for interface (see command :ref:`ip_router_isis_WORD`).
.. index:: {ISIS Command} {net XX.XXXX. ... .XXX.XX} {}
.. index:: net XX.XXXX. ... .XXX.XX
.. clicmd:: net XX.XXXX. ... .XXX.XX
{ISIS Command} {net XX.XXXX. ... .XXX.XX} {}
.. index:: {ISIS Command} {no net XX.XXXX. ... .XXX.XX} {}
.. index:: no net XX.XXXX. ... .XXX.XX
.. clicmd:: no net XX.XXXX. ... .XXX.XX
{ISIS Command} {no net XX.XXXX. ... .XXX.XX} {}
Set/Unset network entity title (NET) provided in ISO format.
.. index:: {ISIS Command} {hostname dynamic} {}
.. index:: hostname dynamic
.. clicmd:: hostname dynamic
{ISIS Command} {hostname dynamic} {}
.. index:: {ISIS Command} {no hostname dynamic} {}
.. index:: no hostname dynamic
.. clicmd:: no hostname dynamic
{ISIS Command} {no hostname dynamic} {}
Enable support for dynamic hostname.
.. index:: {ISIS Command} {area-password [clear | md5] <password>} {}
.. index:: area-password [clear | md5] <password>
.. clicmd:: area-password [clear | md5] <password>
{ISIS Command} {area-password [clear | md5] <password>} {}
.. index:: {ISIS Command} {domain-password [clear | md5] <password>} {}
.. index:: domain-password [clear | md5] <password>
.. clicmd:: domain-password [clear | md5] <password>
{ISIS Command} {domain-password [clear | md5] <password>} {}
.. index:: {ISIS Command} {no area-password} {}
.. index:: no area-password
.. clicmd:: no area-password
{ISIS Command} {no area-password} {}
.. index:: {ISIS Command} {no domain-password} {}
.. index:: no domain-password
.. clicmd:: no domain-password
{ISIS Command} {no domain-password} {}
Configure the authentication password for an area, respectively a domain,
as clear text or md5 one.
Configure the authentication password for an area, respectively a domain, as
clear text or md5 one.
.. index:: {ISIS Command} {log-adjacency-changes} {}
.. index:: log-adjacency-changes
.. clicmd:: log-adjacency-changes
{ISIS Command} {log-adjacency-changes} {}
.. index:: {ISIS Command} {no log-adjacency-changes} {}
.. index:: no log-adjacency-changes
.. clicmd:: no log-adjacency-changes
{ISIS Command} {no log-adjacency-changes} {}
Log changes in adjacency state.
.. index:: {ISIS Command} {metric-style [narrow | transition | wide]} {}
.. index:: metric-style [narrow | transition | wide]
.. clicmd:: metric-style [narrow | transition | wide]
{ISIS Command} {metric-style [narrow | transition | wide]} {}
.. index:: {ISIS Command} {no metric-style} {}
.. index:: no metric-style
.. clicmd:: no metric-style
{ISIS Command} {no metric-style} {}
.. _metric-style:
Set old-style (ISO 10589) or new-style packet formats:
- narrow Use old style of TLVs with narrow metric
- transition Send and accept both styles of TLVs during transition
- wide Use new style of TLVs to carry wider metric
.. index:: {ISIS Command} {set-overload-bit} {}
- narrow
Use old style of TLVs with narrow metric
- transition
Send and accept both styles of TLVs during transition
- wide
Use new style of TLVs to carry wider metric
{ISIS Command} {set-overload-bit} {}
.. index:: {ISIS Command} {no set-overload-bit} {}
.. index:: set-overload-bit
.. clicmd:: set-overload-bit
.. index:: no set-overload-bit
.. clicmd:: no set-overload-bit
{ISIS Command} {no set-overload-bit} {}
Set overload bit to avoid any transit traffic.
.. _ISIS_Timer:
@ -112,75 +115,57 @@ Command {no router isis WORD} {}
ISIS Timer
==========
.. index:: {ISIS Command} {lsp-gen-interval (1-120)} {}
.. index:: lsp-gen-interval (1-120)
.. clicmd:: lsp-gen-interval (1-120)
{ISIS Command} {lsp-gen-interval (1-120)} {}
.. index:: {ISIS Command} {lsp-gen-interval [level-1 | level-2] (1-120)} {}
.. index:: lsp-gen-interval [level-1 | level-2] (1-120)
.. clicmd:: lsp-gen-interval [level-1 | level-2] (1-120)
{ISIS Command} {lsp-gen-interval [level-1 | level-2] (1-120)} {}
.. index:: {ISIS Command} {no lsp-gen-interval} {}
.. index:: no lsp-gen-interval
.. clicmd:: no lsp-gen-interval
{ISIS Command} {no lsp-gen-interval} {}
.. index:: {ISIS Command} {no lsp-gen-interval [level-1 | level-2]} {}
.. index:: no lsp-gen-interval [level-1 | level-2]
.. clicmd:: no lsp-gen-interval [level-1 | level-2]
{ISIS Command} {no lsp-gen-interval [level-1 | level-2]} {}
Set minimum interval in seconds between regenerating same LSP,
globally, for an area (level-1) or a domain (level-2).
.. index:: {ISIS Command} {lsp-refresh-interval (1-65235)} {}
.. index:: lsp-refresh-interval [level-1 | level-2] (1-65235)
.. clicmd:: lsp-refresh-interval [level-1 | level-2] (1-65235)
{ISIS Command} {lsp-refresh-interval (1-65235)} {}
.. index:: {ISIS Command} {lsp-refresh-interval [level-1 | level-2] (1-65235)} {}
.. index:: no lsp-refresh-interval [level-1 | level-2]
.. clicmd:: no lsp-refresh-interval [level-1 | level-2]
{ISIS Command} {lsp-refresh-interval [level-1 | level-2] (1-65235)} {}
.. index:: {ISIS Command} {no lsp-refresh-interval} {}
Set LSP refresh interval in seconds, globally, for an area (level-1) or a
domain (level-2).
{ISIS Command} {no lsp-refresh-interval} {}
.. index:: {ISIS Command} {no lsp-refresh-interval [level-1 | level-2]} {}
.. index:: max-lsp-lifetime (360-65535)
.. clicmd:: max-lsp-lifetime (360-65535)
{ISIS Command} {no lsp-refresh-interval [level-1 | level-2]} {}
Set LSP refresh interval in seconds, globally, for an area (level-1) or a domain (level-2).
.. index:: max-lsp-lifetime [level-1 | level-2] (360-65535)
.. clicmd:: max-lsp-lifetime [level-1 | level-2] (360-65535)
.. index:: {ISIS Command} {lsp-refresh-interval (1-65235)} {}
.. index:: no max-lsp-lifetime
.. clicmd:: no max-lsp-lifetime
{ISIS Command} {lsp-refresh-interval (1-65235)} {}
.. index:: {ISIS Command} {lsp-refresh-interval [level-1 | level-2] (1-65235)} {}
.. index:: no max-lsp-lifetime [level-1 | level-2]
.. clicmd:: no max-lsp-lifetime [level-1 | level-2]
{ISIS Command} {lsp-refresh-interval [level-1 | level-2] (1-65235)} {}
.. index:: {ISIS Command} {no lsp-refresh-interval} {}
Set LSP maximum LSP lifetime in seconds, globally, for an area (level-1) or
a domain (level-2).
{ISIS Command} {no lsp-refresh-interval} {}
.. index:: {ISIS Command} {no lsp-refresh-interval [level-1 | level-2]} {}
.. index:: spf-interval (1-120)
.. clicmd:: spf-interval (1-120)
{ISIS Command} {no lsp-refresh-interval [level-1 | level-2]} {}
Set LSP refresh interval in seconds, globally, for an area (level-1) or a domain (level-2).
.. index:: spf-interval [level-1 | level-2] (1-120)
.. clicmd:: spf-interval [level-1 | level-2] (1-120)
.. index:: {ISIS Command} {max-lsp-lifetime (360-65535)} {}
.. index:: no spf-interval
.. clicmd:: no spf-interval
{ISIS Command} {max-lsp-lifetime (360-65535)} {}
.. index:: {ISIS Command} {max-lsp-lifetime [level-1 | level-2] (360-65535)} {}
.. index:: no spf-interval [level-1 | level-2]
.. clicmd:: no spf-interval [level-1 | level-2]
{ISIS Command} {max-lsp-lifetime [level-1 | level-2] (360-65535)} {}
.. index:: {ISIS Command} {no max-lsp-lifetime} {}
{ISIS Command} {no max-lsp-lifetime} {}
.. index:: {ISIS Command} {no max-lsp-lifetime [level-1 | level-2]} {}
{ISIS Command} {no max-lsp-lifetime [level-1 | level-2]} {}
Set LSP maximum LSP lifetime in seconds, globally, for an area (level-1) or a domain (level-2).
.. index:: {ISIS Command} {spf-interval (1-120)} {}
{ISIS Command} {spf-interval (1-120)} {}
.. index:: {ISIS Command} {spf-interval [level-1 | level-2] (1-120)} {}
{ISIS Command} {spf-interval [level-1 | level-2] (1-120)} {}
.. index:: {ISIS Command} {no spf-interval} {}
{ISIS Command} {no spf-interval} {}
.. index:: {ISIS Command} {no spf-interval [level-1 | level-2]} {}
{ISIS Command} {no spf-interval [level-1 | level-2]} {}
Set minimum interval between consecutive SPF calculations in seconds.
.. _ISIS_region:
@ -188,259 +173,275 @@ ISIS Timer
ISIS region
===========
.. index:: {ISIS Command} {is-type [level-1 | level-1-2 | level-2-only]} {}
.. index:: is-type [level-1 | level-1-2 | level-2-only]
.. clicmd:: is-type [level-1 | level-1-2 | level-2-only]
{ISIS Command} {is-type [level-1 | level-1-2 | level-2-only]} {}
.. index:: {ISIS Command} {no is-type} {}
.. index:: no is-type
.. clicmd:: no is-type
{ISIS Command} {no is-type} {}
Define the ISIS router behavior:
- level-1 Act as a station router only
- level-1-2 Act as both a station router and an area router
- level-2-only Act as an area router only
- level-1
Act as a station router only
- level-1-2
Act as both a station router and an area router
- level-2-only
Act as an area router only
.. _ISIS_interface:
ISIS interface
==============
.. index:: {Interface Command} {ip router isis WORD} {}
.. index:: ip router isis WORD
.. clicmd:: ip router isis WORD
{Interface Command} {ip router isis WORD} {}
.. index:: {Interface Command} {no ip router isis WORD} {}
.. index:: no ip router isis WORD
.. clicmd:: no ip router isis WORD
{Interface Command} {no ip router isis WORD} {}
.. _ip_router_isis_WORD:
Activate ISIS adjacency on this interface. Note that the name
of ISIS instance must be the same as the one used to configure the ISIS process
(see command :ref:`router_isis_WORD`).
.. index:: {Interface Command} {isis circuit-type [level-1 | level-1-2 | level-2]} {}
.. index:: isis circuit-type [level-1 | level-1-2 | level-2]
.. clicmd:: isis circuit-type [level-1 | level-1-2 | level-2]
{Interface Command} {isis circuit-type [level-1 | level-1-2 | level-2]} {}
.. index:: {Interface Command} {no isis circuit-type} {}
.. index:: no isis circuit-type
.. clicmd:: no isis circuit-type
{Interface Command} {no isis circuit-type} {}
Configure circuit type for interface:
- level-1 Level-1 only adjacencies are formed
- level-1-2 Level-1-2 adjacencies are formed
- level-2-only Level-2 only adjacencies are formed
.. index:: {Interface Command} {isis csnp-interval (1-600)} {}
- level-1
Level-1 only adjacencies are formed
- level-1-2
Level-1-2 adjacencies are formed
- level-2-only
Level-2 only adjacencies are formed
{Interface Command} {isis csnp-interval (1-600)} {}
.. index:: {Interface Command} {isis csnp-interval (1-600) [level-1 | level-2]} {}
.. index:: isis csnp-interval (1-600)
.. clicmd:: isis csnp-interval (1-600)
{Interface Command} {isis csnp-interval (1-600) [level-1 | level-2]} {}
.. index:: {Interface Command} {no isis csnp-interval} {}
.. index:: isis csnp-interval (1-600) [level-1 | level-2]
.. clicmd:: isis csnp-interval (1-600) [level-1 | level-2]
{Interface Command} {no isis csnp-interval} {}
.. index:: {Interface Command} {no isis csnp-interval [level-1 | level-2]} {}
.. index:: no isis csnp-interval
.. clicmd:: no isis csnp-interval
{Interface Command} {no isis csnp-interval [level-1 | level-2]} {}
Set CSNP interval in seconds globally, for an area (level-1) or a domain (level-2).
.. index:: no isis csnp-interval [level-1 | level-2]
.. clicmd:: no isis csnp-interval [level-1 | level-2]
.. index:: {Interface Command} {isis hello padding} {}
Set CSNP interval in seconds globally, for an area (level-1) or a domain
(level-2).
.. index:: isis hello padding
.. clicmd:: isis hello padding
{Interface Command} {isis hello padding} {}
Add padding to IS-IS hello packets.
.. index:: {Interface Command} {isis hello-interval (1-600)} {}
.. index:: isis hello-interval (1-600)
.. clicmd:: isis hello-interval (1-600)
{Interface Command} {isis hello-interval (1-600)} {}
.. index:: {Interface Command} {isis hello-interval (1-600) [level-1 | level-2]} {}
.. index:: isis hello-interval (1-600) [level-1 | level-2]
.. clicmd:: isis hello-interval (1-600) [level-1 | level-2]
{Interface Command} {isis hello-interval (1-600) [level-1 | level-2]} {}
.. index:: {Interface Command} {no isis hello-interval} {}
.. index:: no isis hello-interval
.. clicmd:: no isis hello-interval
{Interface Command} {no isis hello-interval} {}
.. index:: {Interface Command} {no isis hello-interval [level-1 | level-2]} {}
.. index:: no isis hello-interval [level-1 | level-2]
.. clicmd:: no isis hello-interval [level-1 | level-2]
{Interface Command} {no isis hello-interval [level-1 | level-2]} {}
Set Hello interval in seconds globally, for an area (level-1) or a domain (level-2).
Set Hello interval in seconds globally, for an area (level-1) or a domain
(level-2).
.. index:: {Interface Command} {isis hello-multiplier (2-100)} {}
.. index:: isis hello-multiplier (2-100)
.. clicmd:: isis hello-multiplier (2-100)
{Interface Command} {isis hello-multiplier (2-100)} {}
.. index:: {Interface Command} {isis hello-multiplier (2-100) [level-1 | level-2]} {}
.. index:: isis hello-multiplier (2-100) [level-1 | level-2]
.. clicmd:: isis hello-multiplier (2-100) [level-1 | level-2]
{Interface Command} {isis hello-multiplier (2-100) [level-1 | level-2]} {}
.. index:: {Interface Command} {no isis hello-multiplier} {}
.. index:: no isis hello-multiplier
.. clicmd:: no isis hello-multiplier
{Interface Command} {no isis hello-multiplier} {}
.. index:: {Interface Command} {no isis hello-multiplier [level-1 | level-2]} {}
.. index:: no isis hello-multiplier [level-1 | level-2]
.. clicmd:: no isis hello-multiplier [level-1 | level-2]
{Interface Command} {no isis hello-multiplier [level-1 | level-2]} {}
Set multiplier for Hello holding time globally, for an area (level-1) or a domain (level-2).
Set multiplier for Hello holding time globally, for an area (level-1) or a
domain (level-2).
.. index:: {Interface Command} {isis metric [(0-255) | (0-16777215)]} {}
.. index:: isis metric [(0-255) | (0-16777215)]
.. clicmd:: isis metric [(0-255) | (0-16777215)]
{Interface Command} {isis metric [(0-255) | (0-16777215)]} {}
.. index:: {Interface Command} {isis metric [(0-255) | (0-16777215)] [level-1 | level-2]} {}
.. index:: isis metric [(0-255) | (0-16777215)] [level-1 | level-2]
.. clicmd:: isis metric [(0-255) | (0-16777215)] [level-1 | level-2]
{Interface Command} {isis metric [(0-255) | (0-16777215)] [level-1 | level-2]} {}
.. index:: {Interface Command} {no isis metric} {}
.. index:: no isis metric
.. clicmd:: no isis metric
{Interface Command} {no isis metric} {}
.. index:: {Interface Command} {no isis metric [level-1 | level-2]} {}
.. index:: no isis metric [level-1 | level-2]
.. clicmd:: no isis metric [level-1 | level-2]
{Interface Command} {no isis metric [level-1 | level-2]} {}
Set default metric value globally, for an area (level-1) or a domain (level-2).
Max value depend if metric support narrow or wide value (see command :ref:`metric-style`).
Set default metric value globally, for an area (level-1) or a domain
(level-2). Max value depend if metric support narrow or wide value (see
command :ref:`metric-style`).
.. index:: {Interface Command} {isis network point-to-point} {}
.. index:: isis network point-to-point
.. clicmd:: isis network point-to-point
{Interface Command} {isis network point-to-point} {}
.. index:: {Interface Command} {no isis network point-to-point} {}
.. index:: no isis network point-to-point
.. clicmd:: no isis network point-to-point
{Interface Command} {no isis network point-to-point} {}
Set network type to 'Point-to-Point' (broadcast by default).
.. index:: {Interface Command} {isis passive} {}
.. index:: isis passive
.. clicmd:: isis passive
{Interface Command} {isis passive} {}
.. index:: {Interface Command} {no isis passive} {}
.. index:: no isis passive
.. clicmd:: no isis passive
{Interface Command} {no isis passive} {}
Configure the passive mode for this interface.
.. index:: {Interface Command} {isis password [clear | md5] <password>} {}
.. index:: isis password [clear | md5] <password>
.. clicmd:: isis password [clear | md5] <password>
{Interface Command} {isis password [clear | md5] <password>} {}
.. index:: {Interface Command} {no isis password} {}
.. index:: no isis password
.. clicmd:: no isis password
{Interface Command} {no isis password} {}
Configure the authentication password (clear or encoded text) for the interface.
Configure the authentication password (clear or encoded text) for the
interface.
.. index:: {Interface Command} {isis priority (0-127)} {}
.. index:: isis priority (0-127)
.. clicmd:: isis priority (0-127)
{Interface Command} {isis priority (0-127)} {}
.. index:: {Interface Command} {isis priority (0-127) [level-1 | level-2]} {}
.. index:: isis priority (0-127) [level-1 | level-2]
.. clicmd:: isis priority (0-127) [level-1 | level-2]
{Interface Command} {isis priority (0-127) [level-1 | level-2]} {}
.. index:: {Interface Command} {no isis priority} {}
.. index:: no isis priority
.. clicmd:: no isis priority
{Interface Command} {no isis priority} {}
.. index:: {Interface Command} {no isis priority [level-1 | level-2]} {}
.. index:: no isis priority [level-1 | level-2]
.. clicmd:: no isis priority [level-1 | level-2]
{Interface Command} {no isis priority [level-1 | level-2]} {}
Set priority for Designated Router election, globally, for the area (level-1)
or the domain (level-2).
Set priority for Designated Router election, globally, for the area
(level-1) or the domain (level-2).
.. index:: {Interface Command} {isis psnp-interval (1-120)} {}
.. index:: isis psnp-interval (1-120)
.. clicmd:: isis psnp-interval (1-120)
{Interface Command} {isis psnp-interval (1-120)} {}
.. index:: {Interface Command} {isis psnp-interval (1-120) [level-1 | level-2]} {}
.. index:: isis psnp-interval (1-120) [level-1 | level-2]
.. clicmd:: isis psnp-interval (1-120) [level-1 | level-2]
{Interface Command} {isis psnp-interval (1-120) [level-1 | level-2]} {}
.. index:: {Interface Command} {no isis psnp-interval} {}
.. index:: no isis psnp-interval
.. clicmd:: no isis psnp-interval
{Interface Command} {no isis psnp-interval} {}
.. index:: {Interface Command} {no isis psnp-interval [level-1 | level-2]} {}
.. index:: no isis psnp-interval [level-1 | level-2]
.. clicmd:: no isis psnp-interval [level-1 | level-2]
{Interface Command} {no isis psnp-interval [level-1 | level-2]} {}
Set PSNP interval in seconds globally, for an area (level-1) or a domain (level-2).
Set PSNP interval in seconds globally, for an area (level-1) or a domain
(level-2).
.. _Showing_ISIS_information:
Showing ISIS information
========================
.. index:: {Command} {show isis summary} {}
.. index:: show isis summary
.. clicmd:: show isis summary
{Command} {show isis summary} {}
Show summary information about ISIS.
.. index:: {Command} {show isis hostname} {}
.. index:: show isis hostname
.. clicmd:: show isis hostname
{Command} {show isis hostname} {}
Show information about ISIS node.
.. index:: {Command} {show isis interface} {}
.. index:: show isis interface
.. clicmd:: show isis interface
{Command} {show isis interface} {}
.. index:: {Command} {show isis interface detail} {}
.. index:: show isis interface detail
.. clicmd:: show isis interface detail
{Command} {show isis interface detail} {}
.. index:: {Command} {show isis interface <interface name>} {}
.. index:: show isis interface <interface name>
.. clicmd:: show isis interface <interface name>
{Command} {show isis interface <interface name>} {}
Show state and configuration of ISIS specified interface, or all
interfaces if no interface is given with or without details.
Show state and configuration of ISIS specified interface, or all interfaces
if no interface is given with or without details.
.. index:: {Command} {show isis neighbor} {}
.. index:: show isis neighbor
.. clicmd:: show isis neighbor
{Command} {show isis neighbor} {}
.. index:: {Command} {show isis neighbor <System Id>} {}
.. index:: show isis neighbor <System Id>
.. clicmd:: show isis neighbor <System Id>
{Command} {show isis neighbor <System Id>} {}
.. index:: {Command} {show isis neighbor detail} {}
.. index:: show isis neighbor detail
.. clicmd:: show isis neighbor detail
{Command} {show isis neighbor detail} {}
Show state and information of ISIS specified neighbor, or all
neighbors if no system id is given with or without details.
Show state and information of ISIS specified neighbor, or all neighbors if
no system id is given with or without details.
.. index:: {Command} {show isis database} {}
.. index:: show isis database
.. clicmd:: show isis database
{Command} {show isis database} {}
.. index:: {Command} {show isis database [detail]} {}
.. index:: show isis database [detail]
.. clicmd:: show isis database [detail]
{Command} {show isis database [detail]} {}
.. index:: {Command} {show isis database <LSP id> [detail]} {}
.. index:: show isis database <LSP id> [detail]
.. clicmd:: show isis database <LSP id> [detail]
{Command} {show isis database <LSP id> [detail]} {}
.. index:: {Command} {show isis database detail <LSP id>} {}
.. index:: show isis database detail <LSP id>
.. clicmd:: show isis database detail <LSP id>
{Command} {show isis database detail <LSP id>} {}
Show the ISIS database globally, for a specific LSP id without or with details.
Show the ISIS database globally, for a specific LSP id without or with
details.
.. index:: {Command} {show isis topology} {}
.. index:: show isis topology
.. clicmd:: show isis topology
{Command} {show isis topology} {}
.. index:: {Command} {show isis topology [level-1|level-2]} {}
.. index:: show isis topology [level-1|level-2]
.. clicmd:: show isis topology [level-1|level-2]
{Command} {show isis topology [level-1|level-2]} {}
Show topology IS-IS paths to Intermediate Systems, globally,
in area (level-1) or domain (level-2).
Show topology IS-IS paths to Intermediate Systems, globally, in area
(level-1) or domain (level-2).
.. index:: {Command} {show ip route isis} {}
.. index:: show ip route isis
.. clicmd:: show ip route isis
{Command} {show ip route isis} {}
Show the ISIS routing table, as determined by the most recent SPF calculation.
Show the ISIS routing table, as determined by the most recent SPF
calculation.
.. _Traffic_Engineering:
.. _ospf-traffic-engineering:
Traffic Engineering
===================
.. index:: {ISIS Command} {mpls-te on} {}
.. index:: mpls-te on
.. clicmd:: mpls-te on
{ISIS Command} {mpls-te on} {}
.. index:: {ISIS Command} {no mpls-te} {}
.. index:: no mpls-te
.. clicmd:: no mpls-te
{ISIS Command} {no mpls-te} {}
Enable Traffic Engineering LSP flooding.
.. index:: {ISIS Command} {mpls-te router-address <A.B.C.D>} {}
.. index:: mpls-te router-address <A.B.C.D>
.. clicmd:: mpls-te router-address <A.B.C.D>
{ISIS Command} {mpls-te router-address <A.B.C.D>} {}
.. index:: {ISIS Command} {no mpls-te router-address} {}
.. index:: no mpls-te router-address
.. clicmd:: no mpls-te router-address
{ISIS Command} {no mpls-te router-address} {}
Configure stable IP address for MPLS-TE.
.. index:: {Command} {show isis mpls-te interface} {}
.. index:: show isis mpls-te interface
.. clicmd:: show isis mpls-te interface
{Command} {show isis mpls-te interface} {}
.. index:: {Command} {show isis mpls-te interface `interface`} {}
.. index:: show isis mpls-te interface INTERFACE
.. clicmd:: show isis mpls-te interface INTERFACE
{Command} {show isis mpls-te interface `interface`} {}
Show MPLS Traffic Engineering parameters for all or specified interface.
.. index:: {Command} {show isis mpls-te router} {}
.. index:: show isis mpls-te router
.. clicmd:: show isis mpls-te router
{Command} {show isis mpls-te router} {}
Show Traffic Engineering router parameters.
.. _Debugging_ISIS:
@ -448,110 +449,108 @@ Traffic Engineering
Debugging ISIS
==============
.. index:: {Command} {debug isis adj-packets} {}
.. index:: debug isis adj-packets
.. clicmd:: debug isis adj-packets
{Command} {debug isis adj-packets} {}
.. index:: {Command} {no debug isis adj-packets} {}
.. index:: no debug isis adj-packets
.. clicmd:: no debug isis adj-packets
{Command} {no debug isis adj-packets} {}
IS-IS Adjacency related packets.
.. index:: {Command} {debug isis checksum-errors} {}
.. index:: debug isis checksum-errors
.. clicmd:: debug isis checksum-errors
{Command} {debug isis checksum-errors} {}
.. index:: {Command} {no debug isis checksum-errors} {}
.. index:: no debug isis checksum-errors
.. clicmd:: no debug isis checksum-errors
{Command} {no debug isis checksum-errors} {}
IS-IS LSP checksum errors.
.. index:: {Command} {debug isis events} {}
.. index:: debug isis events
.. clicmd:: debug isis events
{Command} {debug isis events} {}
.. index:: {Command} {no debug isis events} {}
.. index:: no debug isis events
.. clicmd:: no debug isis events
{Command} {no debug isis events} {}
IS-IS Events.
.. index:: {Command} {debug isis local-updates} {}
.. index:: debug isis local-updates
.. clicmd:: debug isis local-updates
{Command} {debug isis local-updates} {}
.. index:: {Command} {no debug isis local-updates} {}
.. index:: no debug isis local-updates
.. clicmd:: no debug isis local-updates
{Command} {no debug isis local-updates} {}
IS-IS local update packets.
.. index:: {Command} {debug isis packet-dump} {}
.. index:: debug isis packet-dump
.. clicmd:: debug isis packet-dump
{Command} {debug isis packet-dump} {}
.. index:: {Command} {no debug isis packet-dump} {}
.. index:: no debug isis packet-dump
.. clicmd:: no debug isis packet-dump
{Command} {no debug isis packet-dump} {}
IS-IS packet dump.
.. index:: {Command} {debug isis protocol-errors} {}
.. index:: debug isis protocol-errors
.. clicmd:: debug isis protocol-errors
{Command} {debug isis protocol-errors} {}
.. index:: {Command} {no debug isis protocol-errors} {}
.. index:: no debug isis protocol-errors
.. clicmd:: no debug isis protocol-errors
{Command} {no debug isis protocol-errors} {}
IS-IS LSP protocol errors.
.. index:: {Command} {debug isis route-events} {}
.. index:: debug isis route-events
.. clicmd:: debug isis route-events
{Command} {debug isis route-events} {}
.. index:: {Command} {no debug isis route-events} {}
.. index:: no debug isis route-events
.. clicmd:: no debug isis route-events
{Command} {no debug isis route-events} {}
IS-IS Route related events.
.. index:: {Command} {debug isis snp-packets} {}
.. index:: debug isis snp-packets
.. clicmd:: debug isis snp-packets
{Command} {debug isis snp-packets} {}
.. index:: {Command} {no debug isis snp-packets} {}
.. index:: no debug isis snp-packets
.. clicmd:: no debug isis snp-packets
{Command} {no debug isis snp-packets} {}
IS-IS CSNP/PSNP packets.
.. index:: {Command} {debug isis spf-events} {}
.. index:: debug isis spf-events
.. clicmd:: debug isis spf-events
{Command} {debug isis spf-events} {}
.. index:: {Command} {debug isis spf-statistics} {}
.. index:: debug isis spf-statistics
.. clicmd:: debug isis spf-statistics
{Command} {debug isis spf-statistics} {}
.. index:: {Command} {debug isis spf-triggers} {}
.. index:: debug isis spf-triggers
.. clicmd:: debug isis spf-triggers
{Command} {debug isis spf-triggers} {}
.. index:: {Command} {no debug isis spf-events} {}
.. index:: no debug isis spf-events
.. clicmd:: no debug isis spf-events
{Command} {no debug isis spf-events} {}
.. index:: {Command} {no debug isis spf-statistics} {}
.. index:: no debug isis spf-statistics
.. clicmd:: no debug isis spf-statistics
{Command} {no debug isis spf-statistics} {}
.. index:: {Command} {no debug isis spf-triggers} {}
.. index:: no debug isis spf-triggers
.. clicmd:: no debug isis spf-triggers
{Command} {no debug isis spf-triggers} {}
IS-IS Shortest Path First Events, Timing and Statistic Data
and triggering events.
IS-IS Shortest Path First Events, Timing and Statistic Data and triggering
events.
.. index:: {Command} {debug isis update-packets} {}
.. index:: debug isis update-packets
.. clicmd:: debug isis update-packets
{Command} {debug isis update-packets} {}
.. index:: {Command} {no debug isis update-packets} {}
.. index:: no debug isis update-packets
.. clicmd:: no debug isis update-packets
{Command} {no debug isis update-packets} {}
Update related packets.
.. index:: {Command} {show debugging isis} {}
.. index:: show debugging isis
.. clicmd:: show debugging isis
{Command} {show debugging isis} {}
Print which ISIS debug level is activate.
ISIS Configuration Examples
===========================
A simple example, with MD5 authentication enabled:
::
A simple example, with MD5 authentication enabled:::
!
interface eth0
@ -567,9 +566,7 @@ A simple example, with MD5 authentication enabled:
A Traffic Engineering configuration, with Inter-ASv2 support.
- First, the 'zebra.conf' part:
::
First, the 'zebra.conf' part:::
hostname HOSTNAME
password PASSWORD
@ -609,9 +606,7 @@ A Traffic Engineering configuration, with Inter-ASv2 support.
mpls-te neighbor 10.1.1.2 as 65000
- Then the 'isisd.conf' itself:
::
Then the 'isisd.conf' itself:::
hostname HOSTNAME
password PASSWORD
@ -631,5 +626,3 @@ A Traffic Engineering configuration, with Inter-ASv2 support.
mpls-te router-address 10.1.1.1
!
line vty

35
doc/user/nhrpd.rst
View File

@ -4,18 +4,17 @@
NHRP
****
*nhrpd* is a daemon to support Next Hop Routing Protocol (NHRP).
NHRP is described in RFC2332.
*nhrpd* is an implementation of the :abbr:NHRP `(Next Hop Routing Protocol)`.
NHRP is described in :rfc`2332`.
NHRP is used to improve the efficiency of routing computer network
traffic over Non-Broadcast, Multiple Access (NBMA) Networks. NHRP provides
an ARP-like solution that allows a system to dynamically learn the NBMA
address of the other systems that are part of that network, allowing
these systems to directly communicate without requiring traffic to use
an intermediate hop.
NHRP is used to improve the efficiency of routing computer network traffic over
:abbr:`NBMA (Non-Broadcast, Multiple Access)` networks. NHRP provides an
ARP-like solution that allows a system to dynamically learn the NBMA address of
the other systems that are part of that network, allowing these systems to
directly communicate without requiring traffic to use an intermediate hop.
Cisco Dynamic Multipoint VPN (DMVPN) is based on NHRP, and
|PACKAGE_NAME| nhrpd implements this scenario.
Cisco Dynamic Multipoint VPN (DMVPN) is based on NHRP, and |PACKAGE_NAME| nhrpd
implements this scenario.
.. _Routing_Design:
@ -31,9 +30,8 @@ nhrpd does route NHRP domain addresses individually using per-host prefixes.
This is similar to Cisco FlexVPN; but in contrast to opennhrp which uses
a generic subnet route.
To create NBMA GRE tunnel you might use the following (linux terminal
commands):
::
To create NBMA GRE tunnel you might use the following (Linux terminal
commands):::
ip tunnel add gre1 mode gre key 42 ttl 64
ip addr add 10.255.255.2/32 dev gre1
@ -54,8 +52,7 @@ hub nodes, these routes should be internally redistributed using some
routing protocol (e.g. iBGP) to allow hubs to be able to relay all traffic.
This can be achieved in hubs with the following bgp configuration (network
command defines the GRE subnet):
::
command defines the GRE subnet):::
router bgp 65555
address-family ipv4 unicast
@ -98,20 +95,16 @@ announce internal, add additional IP range matches, or rate limitation
if needed. However, the above should be good in most cases.
This kernel NFLOG target's nflog-group is configured in global nhrp config
with:
::
with:::
nhrp nflog-group 1
To start sending these traffic notices out from hubs, use the nhrp
per-interface directive:
::
per-interface directive:::
interface gre1
ip nhrp redirect
.. _Integration_with_IKE:
Integration with IKE

121
doc/user/ospf6d.rst
View File

@ -4,35 +4,34 @@
OSPFv3
******
*ospf6d* is a daemon support OSPF version 3 for IPv6 network.
OSPF for IPv6 is described in RFC2740.
*ospf6d* is a daemon support OSPF version 3 for IPv6 network. OSPF for IPv6 is
described in :rfc:`2740`.
.. _OSPF6_router:
OSPF6 router
============
.. index:: {Command} {router ospf6} {}
.. index:: router ospf6
.. clicmd:: router ospf6
{Command} {router ospf6} {}
.. index:: router-id A.B.C.D
.. clicmd:: router-id A.B.C.D
.. index:: {OSPF6 Command} {router-id `a.b.c.d`} {}
{OSPF6 Command} {router-id `a.b.c.d`} {}
Set router's Router-ID.
.. index:: {OSPF6 Command} {interface `ifname` area `area`} {}
.. index:: interface IFNAME area AREA
.. clicmd:: interface IFNAME area AREA
{OSPF6 Command} {interface `ifname` area `area`} {}
Bind interface to specified area, and start sending OSPF packets. `area` can
be specified as 0.
.. index:: {OSPF6 Command} {timers throttle spf `delay` `initial-holdtime` `max-holdtime`} {}
.. index:: timers throttle spf DELAY INITIAL-HOLDTIME MAX-HOLDTIME
.. clicmd:: timers throttle spf DELAY INITIAL-HOLDTIME MAX-HOLDTIME
{OSPF6 Command} {timers throttle spf `delay` `initial-holdtime` `max-holdtime`} {}
.. index:: {OSPF6 Command} {no timers throttle spf} {}
.. index:: no timers throttle spf
.. clicmd:: no timers throttle spf
{OSPF6 Command} {no timers throttle spf} {}
This command sets the initial `delay`, the `initial-holdtime`
and the `maximum-holdtime` between when SPF is calculated and the
event which triggered the calculation. The times are specified in
@ -50,28 +49,26 @@ OSPF6 router
will cause the holdtime to be increased by `initial-holdtime`, bounded
by the `maximum-holdtime` configured with this command. If the adaptive
hold-time elapses without any SPF-triggering event occuring then
the current holdtime is reset to the `initial-holdtime`.
::
the current holdtime is reset to the `initial-holdtime`.::
router ospf6
timers throttle spf 200 400 10000
In this example, the `delay` is set to 200ms, the @var{initial
holdtime} is set to 400ms and the `maximum holdtime` to 10s. Hence
there will always be at least 200ms between an event which requires SPF
calculation and the actual SPF calculation. Further consecutive SPF
calculations will always be seperated by between 400ms to 10s, the
hold-time increasing by 400ms each time an SPF-triggering event occurs
within the hold-time of the previous SPF calculation.
In this example, the `delay` is set to 200ms, the initial holdtime is set
to 400ms and the `maximum holdtime` to 10s. Hence there will always be at
least 200ms between an event which requires SPF calculation and the actual
SPF calculation. Further consecutive SPF calculations will always be
seperated by between 400ms to 10s, the hold-time increasing by 400ms each
time an SPF-triggering event occurs within the hold-time of the previous
SPF calculation.
.. index:: {OSPF6 Command} {auto-cost reference-bandwidth `cost`} {}
.. index:: auto-cost reference-bandwidth COST
.. clicmd:: auto-cost reference-bandwidth COST
{OSPF6 Command} {auto-cost reference-bandwidth `cost`} {}
.. index:: {OSPF6 Command} {no auto-cost reference-bandwidth} {}
.. index:: no auto-cost reference-bandwidth
.. clicmd:: no auto-cost reference-bandwidth
{OSPF6 Command} {no auto-cost reference-bandwidth} {}
This sets the reference bandwidth for cost calculations, where this
bandwidth is considered equivalent to an OSPF cost of 1, specified in
Mbits/s. The default is 100Mbit/s (i.e. a link of bandwidth 100Mbit/s
@ -93,40 +90,40 @@ Area support for OSPFv3 is not yet implemented.
OSPF6 interface
===============
.. index:: {Interface Command} {ipv6 ospf6 cost COST} {}
.. index:: ipv6 ospf6 cost COST
.. clicmd:: ipv6 ospf6 cost COST
{Interface Command} {ipv6 ospf6 cost COST} {}
Sets interface's output cost. Default value depends on the interface
bandwidth and on the auto-cost reference bandwidth.
.. index:: {Interface Command} {ipv6 ospf6 hello-interval HELLOINTERVAL} {}
.. index:: ipv6 ospf6 hello-interval HELLOINTERVAL
.. clicmd:: ipv6 ospf6 hello-interval HELLOINTERVAL
{Interface Command} {ipv6 ospf6 hello-interval HELLOINTERVAL} {}
Sets interface's Hello Interval. Default 40
.. index:: {Interface Command} {ipv6 ospf6 dead-interval DEADINTERVAL} {}
.. index:: ipv6 ospf6 dead-interval DEADINTERVAL
.. clicmd:: ipv6 ospf6 dead-interval DEADINTERVAL
{Interface Command} {ipv6 ospf6 dead-interval DEADINTERVAL} {}
Sets interface's Router Dead Interval. Default value is 40.
.. index:: {Interface Command} {ipv6 ospf6 retransmit-interval RETRANSMITINTERVAL} {}
.. index:: ipv6 ospf6 retransmit-interval RETRANSMITINTERVAL
.. clicmd:: ipv6 ospf6 retransmit-interval RETRANSMITINTERVAL
{Interface Command} {ipv6 ospf6 retransmit-interval RETRANSMITINTERVAL} {}
Sets interface's Rxmt Interval. Default value is 5.
.. index:: {Interface Command} {ipv6 ospf6 priority PRIORITY} {}
.. index:: ipv6 ospf6 priority PRIORITY
.. clicmd:: ipv6 ospf6 priority PRIORITY
{Interface Command} {ipv6 ospf6 priority PRIORITY} {}
Sets interface's Router Priority. Default value is 1.
.. index:: {Interface Command} {ipv6 ospf6 transmit-delay TRANSMITDELAY} {}
.. index:: ipv6 ospf6 transmit-delay TRANSMITDELAY
.. clicmd:: ipv6 ospf6 transmit-delay TRANSMITDELAY
{Interface Command} {ipv6 ospf6 transmit-delay TRANSMITDELAY} {}
Sets interface's Inf-Trans-Delay. Default value is 1.
.. index:: {Interface Command} {ipv6 ospf6 network (broadcast|point-to-point)} {}
.. index:: ipv6 ospf6 network (broadcast|point-to-point)
.. clicmd:: ipv6 ospf6 network (broadcast|point-to-point)
{Interface Command} {ipv6 ospf6 network (broadcast|point-to-point)} {}
Set explicitly network type for specifed interface.
.. _Redistribute_routes_to_OSPF6:
@ -134,55 +131,55 @@ OSPF6 interface
Redistribute routes to OSPF6
============================
.. index:: {OSPF6 Command} {redistribute static} {}
.. index:: redistribute static
.. clicmd:: redistribute static
{OSPF6 Command} {redistribute static} {}
.. index:: {OSPF6 Command} {redistribute connected} {}
.. index:: redistribute connected
.. clicmd:: redistribute connected
{OSPF6 Command} {redistribute connected} {}
.. index:: {OSPF6 Command} {redistribute ripng} {}
.. index:: redistribute ripng
.. clicmd:: redistribute ripng
{OSPF6 Command} {redistribute ripng} {}
.. _Showing_OSPF6_information:
Showing OSPF6 information
=========================
.. index:: {Command} {show ipv6 ospf6 [INSTANCE_ID]} {}
.. index:: show ipv6 ospf6 [INSTANCE_ID]
.. clicmd:: show ipv6 ospf6 [INSTANCE_ID]
{Command} {show ipv6 ospf6 [INSTANCE_ID]} {}
INSTANCE_ID is an optional OSPF instance ID. To see router ID and OSPF
instance ID, simply type "show ipv6 ospf6 <cr>".
.. index:: {Command} {show ipv6 ospf6 database} {}
.. index:: show ipv6 ospf6 database
.. clicmd:: show ipv6 ospf6 database
{Command} {show ipv6 ospf6 database} {}
This command shows LSA database summary. You can specify the type of LSA.
.. index:: {Command} {show ipv6 ospf6 interface} {}
.. index:: show ipv6 ospf6 interface
.. clicmd:: show ipv6 ospf6 interface
{Command} {show ipv6 ospf6 interface} {}
To see OSPF interface configuration like costs.
.. index:: {Command} {show ipv6 ospf6 neighbor} {}
.. index:: show ipv6 ospf6 neighbor
.. clicmd:: show ipv6 ospf6 neighbor
{Command} {show ipv6 ospf6 neighbor} {}
Shows state and chosen (Backup) DR of neighbor.
.. index:: {Command} {show ipv6 ospf6 request-list A.B.C.D} {}
.. index:: show ipv6 ospf6 request-list A.B.C.D
.. clicmd:: show ipv6 ospf6 request-list A.B.C.D
{Command} {show ipv6 ospf6 request-list A.B.C.D} {}
Shows requestlist of neighbor.
.. index:: {Command} {show ipv6 route ospf6} {}
.. index:: show ipv6 route ospf6
.. clicmd:: show ipv6 route ospf6
{Command} {show ipv6 route ospf6} {}
This command shows internal routing table.
.. index:: {Command} {show ipv6 ospf6 zebra} {}
.. index:: show ipv6 ospf6 zebra
.. clicmd:: show ipv6 ospf6 zebra
{Command} {show ipv6 ospf6 zebra} {}
Shows state about what is being redistributed between zebra and OSPF6
OSPF6 Configuration Examples
@ -200,5 +197,3 @@ Example of ospf6d configured on one interface and area:
area 0.0.0.0 range 2001:770:105:2::/64
interface eth0 area 0.0.0.0
!

260
doc/user/ospf_fundamentals.rst
View File

@ -4,7 +4,6 @@ OSPF Fundamentals
=================
.. index:: Link-state routing protocol
.. index:: Distance-vector routing protocol
:abbr:`OSPF` is, mostly, a link-state routing protocol. In contrast
@ -15,12 +14,9 @@ describe the state of their links to their immediate neighbouring
routers.
.. index:: Link State Announcement
.. index:: Link State Advertisement
.. index:: LSA flooding
.. index:: Link State DataBase
.. index:: Link State Database
Each router describes their link-state information in a message known
as an :abbr:`LSA (Link State Advertisement)`, which is then propogated
@ -69,128 +65,118 @@ will nearly all be covered in greater detail further on. They may be
broadly classed as:
.. index:: OSPF Hello Protocol overview
*The Hello Protocol*
.. index:: OSPF Hello Protocol
The OSPF Hello protocol allows OSPF to quickly detect changes in
two-way reachability between routers on a link. OSPF can additionally
avail of other sources of reachability information, such as link-state
information provided by hardware, or through dedicated reachability
protocols such as :abbr:`BFD (Bi-directional Forwarding Detection)`.
The Hello Protocol
^^^^^^^^^^^^^^^^^^
OSPF also uses the Hello protocol to propagate certain state between
routers sharing a link, for example:
The OSPF Hello protocol allows OSPF to quickly detect changes in two-way
reachability between routers on a link. OSPF can additionally avail of other
sources of reachability information, such as link-state information provided by
hardware, or through dedicated reachability protocols such as :abbr:`BFD
(Bidirectional Forwarding Detection)`.
OSPF also uses the Hello protocol to propagate certain state between routers
sharing a link, for example:
*Hello protocol configured state, such as the dead-interval.*
- Hello protocol configured state, such as the dead-interval.
- Router priority, for DR/BDR election.
- DR/BDR election results.
- Any optional capabilities supported by each router.
*Router priority, for DR/BDR election.*
*DR/BDR election results.*
*Any optional capabilities supported by each router.*
The Hello protocol is comparatively trivial and will not be explored in
greater detail than here.
The Hello protocol is comparatively trivial and will not be explored in greater
detail than here.
.. index:: OSPF LSA overview
.. _ospf-lsas:
LSAs
^^^^
*LSAs*
At the heart of :abbr:`OSPF` are :abbr:`LSA (Link State Advertisement)`
messages. Despite the name, some :abbr:`LSA` s do not, strictly speaking,
describe link-state information. Common :abbr:`LSA` s describe information
such as:
- Routers, in terms of their links.
- Networks, in terms of attached routers.
- Routes, external to a link-state domain:
**
Routers, in terms of their links.
**
Networks, in terms of attached routers.
**
Routes, external to a link-state domain:
*External Routes*
External Routes
Routes entirely external to :abbr:`OSPF`. Routers originating such
routes are known as :abbr:`ASBR (Autonomous-System Border Router)`
routers.
*Summary Routes*
Summary Routes
Routes which summarise routing information relating to OSPF areas
external to the OSPF link-state area at hand, originated by
:abbr:`ABR (Area Boundary Router)` routers.
.. _ospf-lsa-flooding:
LSA Flooding
""""""""""""
*LSA Flooding*
OSPF defines several related mechanisms, used to manage synchronisation of
:abbr:`LSDB`s between neighbours as neighbours form adjacencies and
the propogation, or :term:`flooding` of new or updated :abbr:`LSA`s.
:abbr:`LSDB`s between neighbours as neighbours form adjacencies and the
propogation, or :term:`flooding` of new or updated :abbr:`LSA` s.
:ref:`OSPF_Flooding`.
.. index:: OSPF Areas overview
.. _ospf-areas:
Areas
^^^^^
*Areas*
OSPF provides for the protocol to be broken up into multiple smaller
and independent link-state areas. Each area must be connected to a
common backbone area by an :abbr:`ABR (Area Boundary Router)`. These
:abbr:`ABR` routers are responsible for summarising the link-state
routing information of an area into :term:`Summary LSAs`, possibly in a
condensed (i.e. aggregated) form, and then originating these summaries
into all other areas the :abbr:`ABR` is connected to.
OSPF provides for the protocol to be broken up into multiple smaller and
independent link-state areas. Each area must be connected to a common backbone
area by an :abbr:`ABR (Area Boundary Router)`. These :abbr:`ABR` routers are
responsible for summarising the link-state routing information of an area into
:term:`Summary LSAs`, possibly in a condensed (i.e. aggregated) form, and then
originating these summaries into all other areas the :abbr:`ABR` is connected
to.
Note that only summaries and external routes are passed between areas.
As these describe *paths*, rather than any router link-states,
routing between areas hence is by :term:`distance-vector`, **not**
link-state.
:ref:`OSPF_Areas`.
Note that only summaries and external routes are passed between areas. As
these describe *paths*, rather than any router link-states, routing between
areas hence is by :term:`distance-vector`, **not** link-state.
OSPF LSAs
---------
:abbr:`LSA`s are the core object in OSPF. Everything else in OSPF
revolves around detecting what to describe in LSAs, when to update
them, how to flood them throughout a network and how to calculate
routes from them.
The core objects in OSPF are :abbr:`LSA` s. Everything else in OSPF revolves
around detecting what to describe in LSAs, when to update them, how to flood
them throughout a network and how to calculate routes from them.
There are a variety of different :abbr:`LSA`s, for purposes such
as describing actual link-state information, describing paths (i.e.
routes), describing bandwidth usage of links for
:abbr:`TE (Traffic Engineering)` purposes, and even arbitrary data
by way of *Opaque* :abbr:`LSA`s.
There are a variety of different :abbr:`LSA` s, for purposes such as describing
actual link-state information, describing paths (i.e. routes), describing
bandwidth usage of links for :abbr:`TE (Traffic Engineering)` purposes, and
even arbitrary data by way of *Opaque* :abbr:`LSA` s.
LSA Header
^^^^^^^^^^
All LSAs share a common header with the following information:
* Type
- Type
Different types of :abbr:`LSA` s describe different things in
:abbr:`OSPF`. Types include:
* Router LSA
* Network LSA
* Network Summary LSA
* Router Summary LSA
* AS-External LSA
- Router LSA
- Network LSA
- Network Summary LSA
- Router Summary LSA
- AS-External LSA
The specifics of the different types of LSA are examined below.
* Advertising Router
- Advertising Router
The Router ID of the router originating the LSA, see :ref:`ospf_router-id`.
* LSA ID
- LSA ID
The ID of the LSA, which is typically derived in some way from the
information the LSA describes, e.g. a Router LSA uses the Router ID as
@ -202,7 +188,7 @@ All LSAs share a common header with the following information:
an LSA with the same Type, LSA ID and Advertising Router ID, see
:ref:`OSPF_LSA_sequence_number,,LSA_Sequence_Number`.
* Age
- Age
A number to allow stale :abbr:`LSA` s to, eventually, be purged by routers
from their :abbr:`LSDB`s.
@ -222,7 +208,7 @@ All LSAs share a common header with the following information:
.. _OSPF_LSA_sequence_number:
* Sequence Number
- Sequence Number
A number used to distinguish newer instances of an LSA from older instances.
@ -238,35 +224,31 @@ Instances of these LSAs are specific to the link-state area in which
they are originated. Routes calculated from these two LSA types are
called :term:`intra-area routes`.
* Router LSA
- Router LSA
Each OSPF Router must originate a router :abbr:`LSA` to describe
itself. In it, the router lists each of its :abbr:`OSPF` enabled
interfaces, for the given link-state area, in terms of:
* Cost
Cost
The output cost of that interface, scaled inversely to some commonly known
reference value, :ref:`OSPF_auto-cost_reference-bandwidth,,auto-cost_reference-bandwidth`.
* Link Type
* Transit Network
Link Type
Transit Network
A link to a multi-access network, on which the router has at least one
Full adjacency with another router.
* :abbr:`PtP (Point-to-Point)`
:abbr:`PtP (Point-to-Point)`
A link to a single remote router, with a Full adjacency. No
:abbr:`DR (Designated Router)` is elected on such links; no network
LSA is originated for such a link.
* Stub
Stub
A link with no adjacent neighbours, or a host route.
* Link ID and Data
- Link ID and Data
These values depend on the Link Type:
@ -282,16 +264,17 @@ called :term:`intra-area routes`.
| Stub | IP address | Subnet Mask |
+----------------+-----------------------------------+------------------------------------------+
Links on a router may be listed multiple times in the Router LSA, e.g.
a :abbr:`PtP` interface on which OSPF is enabled must *always*
be described by a Stub link in the Router :abbr:`LSA`, in addition to
being listed as PtP link in the Router :abbr:`LSA` if the adjacency
with the remote router is Full.
Links on a router may be listed multiple times in the Router LSA, e.g. a
:abbr:`PtP` interface on which OSPF is enabled must *always* be described
by a Stub link in the Router :abbr:`LSA`, in addition to being listed as
PtP link in the Router :abbr:`LSA` if the adjacency with the remote router
is Full.
Stub links may also be used as a way to describe links on which OSPF is
*not* spoken, known as :term:`passive interfaces`, see :ref:`OSPF_passive-interface,,passive-interface`.
*not* spoken, known as :term:`passive interfaces`, see
:ref:`OSPF_passive-interface,,passive-interface`.
* Network LSA
- Network LSA
On multi-access links (e.g. ethernets, certain kinds of ATM and X.25
configurations), routers elect a :abbr:`DR`. The :abbr:`DR` is
@ -302,13 +285,13 @@ called :term:`intra-area routes`.
The contents of the Network LSA describes the:
* Subnet Mask
- Subnet Mask
As the :abbr:`LSA` ID of a Network LSA must be the IP address of the
:abbr:`DR`, the Subnet Mask together with the :abbr:`LSA` ID gives
you the network address.
* Attached Routers
- Attached Routers
Each router fully-adjacent with the :abbr:`DR` is listed in the LSA,
by their Router-ID. This allows the corresponding Router :abbr:`LSA` s to be
@ -333,13 +316,14 @@ surprisingly, when OSPF routers build updated routing tables, the first
stage of :abbr:`SPF` calculation concerns itself only with these two
LSA types.
.. _ospf-link-state-lsa-examples:
Link-State LSA Examples
^^^^^^^^^^^^^^^^^^^^^^^
The example below (:ref:`OSPF_Link-State_LSA_Example`) shows two
:abbr:`LSA`s, both originated by the same router (Router ID
192.168.0.49) and with the same :abbr:`LSA` ID (192.168.0.49), but of
different LSA types.
The example below shows two :abbr:`LSA` s, both originated by the same router
(Router ID 192.168.0.49) and with the same :abbr:`LSA` ID (192.168.0.49), but
of different LSA types.
The first LSA being the router LSA describing 192.168.0.49's links: 2 links
to multi-access networks with fully-adjacent neighbours (i.e. Transit
@ -349,8 +333,6 @@ The second LSA being a Network LSA, for which 192.168.0.49 is the
:abbr:`DR`, listing the Router IDs of 4 routers on that network which
are fully adjacent with 192.168.0.49.
.. _OSPF_Link-State_LSA_Example:
::
# show ip ospf database router 192.168.0.49
@ -476,48 +458,39 @@ over external routes.
The External :abbr:`LSA` describes the following:
* IP Network number
IP Network number
The IP Network number of the route is described by the :abbr:`LSA` ID field.
The IP Network number of the route is described by the :abbr:`LSA` ID
field.
IP Network Mask
The body of the External LSA describes the IP Network Mask of the route.
This, together with the :abbr:`LSA` ID, describes the prefix of the IP route
concerned.
* IP Network Mask
Metric
The cost of the External Route. This cost may be an OSPF cost (also known as
a "Type 1" metric), i.e. equivalent to the normal OSPF costs, or an
externally derived cost ("Type 2" metric) which is not comparable to OSPF
costs and always considered larger than any OSPF cost. Where there are both
Type 1 and 2 External routes for a route, the Type 1 is always preferred.
The body of the External LSA describes the IP Network Mask of the
route. This, together with the :abbr:`LSA` ID, describes the prefix
of the IP route concerned.
Forwarding Address
The address of the router to forward packets to for the route. This may be,
and usually is, left as 0 to specify that the ASBR originating the External
:abbr:`LSA` should be used. There must be an internal OSPF route to the
forwarding address, for the forwarding address to be useable.
* Metric
The cost of the External Route. This cost may be an OSPF cost (also
known as a "Type 1" metric), i.e. equivalent to the normal OSPF costs,
or an externally derived cost ("Type 2" metric) which is not comparable
to OSPF costs and always considered larger than any OSPF cost. Where
there are both Type 1 and 2 External routes for a route, the Type 1 is
always preferred.
* Forwarding Address
The address of the router to forward packets to for the route. This may
be, and usually is, left as 0 to specify that the ASBR originating the
External :abbr:`LSA` should be used. There must be an internal OSPF
route to the forwarding address, for the forwarding address to be
useable.
* Tag
An arbitrary 4-bytes of data, not interpreted by OSPF, which may
carry whatever information about the route which OSPF speakers desire.
Tag
An arbitrary 4-bytes of data, not interpreted by OSPF, which may carry
whatever information about the route which OSPF speakers desire.
AS External LSA Example
^^^^^^^^^^^^^^^^^^^^^^^
To illustrate, below is an example of an External :abbr:`LSA` in the
:abbr:`LSDB` of an OSPF router. It describes a route to the IP prefix
of 192.168.165.0/24, originated by the ASBR with Router-ID
192.168.0.49. The metric of 20 is external to OSPF. The forwarding
address is 0, so the route should forward to the originating ASBR if
selected.
:abbr:`LSDB` of an OSPF router. It describes a route to the IP prefix of
192.168.165.0/24, originated by the ASBR with Router-ID 192.168.0.49. The
metric of 20 is external to OSPF. The forwarding address is 0, so the route
should forward to the originating ASBR if selected.
::
@ -540,8 +513,7 @@ selected.
We can add this to our partial topology from above, which now looks
like:
::
like:::
--------------------- Network: ......
| Designated Router IP: 192.168.1.3
@ -568,16 +540,6 @@ like:
Summary LSAs
^^^^^^^^^^^^
Summary LSAs are created by :abbr:`ABR`s to summarise the destinations available within one area to other areas. These LSAs may describe IP networks, potentially in aggregated form, or :abbr:`ASBR` routers.
.. _OSPF_Flooding:
OSPF Flooding
-------------
.. _OSPF_Areas:
OSPF Areas
----------
Summary LSAs are created by :abbr:`ABR`s to summarise the destinations
available within one area to other areas. These LSAs may describe IP networks,
potentially in aggregated form, or :abbr:`ASBR` routers.

927
doc/user/ospfd.rst
View File

File diff suppressed because it is too large Load Diff

142
doc/user/protocol.rst
View File

@ -7,34 +7,30 @@ Zebra Protocol
Overview of the Zebra Protocol
==============================
Zebra Protocol is used by protocol daemons to communicate with the
zebra daemon.
Zebra Protocol is used by protocol daemons to communicate with the zebra
daemon.
Each protocol daemon may request and send information to and from the
zebra daemon such as interface states, routing state,
nexthop-validation, and so on. Protocol daemons may also install routes
with zebra. The zebra daemon manages which route is installed into the
forwarding table with the kernel.
Each protocol daemon may request and send information to and from the zebra
daemon such as interface states, routing state, nexthop-validation, and so on.
Protocol daemons may also install routes with zebra. The zebra daemon manages
which route is installed into the forwarding table with the kernel.
Zebra Protocol is a streaming protocol, with a common header. Two
versions of the header are in use. Version 0 is implicitely versioned.
Version 1 has an explicit version field. Version 0 can be distinguished
from all other versions by examining the 3rd byte of the header, which
contains a marker value for all versions bar version 0. The marker byte
corresponds to the command field in version 0, and the marker value is
a reserved command in version 0.
Zebra Protocol is a streaming protocol, with a common header. Two versions of
the header are in use. Version 0 is implicitely versioned. Version 1 has an
explicit version field. Version 0 can be distinguished from all other versions
by examining the 3rd byte of the header, which contains a marker value for all
versions bar version 0. The marker byte corresponds to the command field in
version 0, and the marker value is a reserved command in version 0.
We do not anticipate there will be further versions of the header for
the foreseeable future, as the command field in version 1 is wide
enough to allow for future extensions to done compatibly through
seperate commands.
We do not anticipate there will be further versions of the header for the
foreseeable future, as the command field in version 1 is wide enough to allow
for future extensions to done compatibly through seperate commands.
Version 0 is used by all versions of GNU Zebra as of this writing, and
versions of Quagga up to and including Quagga 0.98. Version 2 was created
for 0.99.21 of Quagga. Version 3 designates VRF compatibility and was
released in 1.0. Version 4 will be used as of FRR 2.0 to indicate that
we are a different Routing Suite now and to hopefully prevent accidental
Quagga <-> FRR issues.
Version 0 is used by all versions of GNU Zebra as of this writing, and versions
of Quagga up to and including Quagga 0.98. Version 2 was created for 0.99.21 of
Quagga. Version 3 designates VRF compatibility and was released in 1.0.
Version 4 will be used as of FRR 2.0 to indicate that we are a different
Routing Suite now and to hopefully prevent accidental Quagga <-> FRR issues.
Zebra Protocol Definition
=========================
@ -68,61 +64,59 @@ Zebra Protocol Common Header (version 1)
Zebra Protocol Header Field Definitions
---------------------------------------
@table @samp
@item Length
Total packet length including this header. The minimum length is 3
bytes for version 0 messages and 6 bytes for version 1 messages.
Length
Total packet length including this header. The minimum length is 3 bytes for
version 0 messages and 6 bytes for version 1 messages.
@item Marker
Static marker with a value of 255 always. This is to allow version 0
Zserv headers (which do not include version explicitely) to be
distinguished from versioned headers. Not present in version 0
messages.
Marker
Static marker with a value of 255 always. This is to allow version 0 Zserv
headers (which do not include version explicitly) to be distinguished from
versioned headers. Not present in version 0 messages.
@item Version
Version number of the Zserv message. Clients should not continue
processing messages past the version field for versions they do not
recognise. Not present in version 0 messages.
Version
Version number of the Zserv message. Clients should not continue processing
messages past the version field for versions they do not recognise. Not
present in version 0 messages.
@item Command
Command
The Zebra Protocol command.
@end table
Zebra Protocol Commands
-----------------------
@multitable {ZEBRA_REDISTRIBUTE_DEFAULT_DELETE_WHATEVER} {99999}
@headitem Command @tab Value
@item ZEBRA_INTERFACE_ADD
@tab 1
@item ZEBRA_INTERFACE_DELETE
@tab 2
@item ZEBRA_INTERFACE_ADDRESS_ADD
@tab 3
@item ZEBRA_INTERFACE_ADDRESS_DELETE
@tab 4
@item ZEBRA_INTERFACE_UP
@tab 5
@item ZEBRA_INTERFACE_DOWN
@tab 6
@item ZEBRA_IPV4_ROUTE_ADD
@tab 7
@item ZEBRA_IPV4_ROUTE_DELETE
@tab 8
@item ZEBRA_IPV6_ROUTE_ADD
@tab 9
@item ZEBRA_IPV6_ROUTE_DELETE
@tab 10
@item ZEBRA_REDISTRIBUTE_ADD
@tab 11
@item ZEBRA_REDISTRIBUTE_DELETE
@tab 12
@item ZEBRA_REDISTRIBUTE_DEFAULT_ADD
@tab 13
@item ZEBRA_REDISTRIBUTE_DEFAULT_DELETE
@tab 14
@item ZEBRA_IPV4_NEXTHOP_LOOKUP
@tab 15
@item ZEBRA_IPV6_NEXTHOP_LOOKUP
@tab 16
@end multitable
+-----------------------------------+-------+
| Command | Value |
+===================================+=======+
| ZEBRA_INTERFACE_ADD | 1 |
+-----------------------------------+-------+
| ZEBRA_INTERFACE_DELETE | 2 |
+-----------------------------------+-------+
| ZEBRA_INTERFACE_ADDRESS_ADD | 3 |
+-----------------------------------+-------+
| ZEBRA_INTERFACE_ADDRESS_DELETE | 4 |
+-----------------------------------+-------+
| ZEBRA_INTERFACE_UP | 5 |
+-----------------------------------+-------+
| ZEBRA_INTERFACE_DOWN | 6 |
+-----------------------------------+-------+
| ZEBRA_IPV4_ROUTE_ADD | 7 |
+-----------------------------------+-------+
| ZEBRA_IPV4_ROUTE_DELETE | 8 |
+-----------------------------------+-------+
| ZEBRA_IPV6_ROUTE_ADD | 9 |
+-----------------------------------+-------+
| ZEBRA_IPV6_ROUTE_DELETE | 10 |
+-----------------------------------+-------+
| ZEBRA_REDISTRIBUTE_ADD | 11 |
+-----------------------------------+-------+
| ZEBRA_REDISTRIBUTE_DELETE | 12 |
+-----------------------------------+-------+
| ZEBRA_REDISTRIBUTE_DEFAULT_ADD | 13 |
+-----------------------------------+-------+
| ZEBRA_REDISTRIBUTE_DEFAULT_DELETE | 14 |
+-----------------------------------+-------+
| ZEBRA_IPV4_NEXTHOP_LOOKUP | 15 |
+-----------------------------------+-------+
| ZEBRA_IPV6_NEXTHOP_LOOKUP | 16 |
+-----------------------------------+-------+

617
doc/user/ripd.rst
View File

@ -21,17 +21,15 @@ version 1 as described in RFC1058.
Starting and Stopping ripd
==========================
The default configuration file name of *ripd*'s is
:file:`ripd.conf`. When invocation *ripd* searches directory
|INSTALL_PREFIX_ETC|. If :file:`ripd.conf` is not there next
search current directory.
The default configuration file name of *ripd*'s is :file:`ripd.conf`. When
invocation *ripd* searches directory |INSTALL_PREFIX_ETC|. If :file:`ripd.conf`
is not there next search current directory.
RIP uses UDP port 520 to send and receive RIP packets. So the user must have
the capability to bind the port, generally this means that the user must
have superuser privileges. RIP protocol requires interface information
maintained by *zebra* daemon. So running *zebra*
is mandatory to run *ripd*. Thus minimum sequence for running
RIP is like below:
the capability to bind the port, generally this means that the user must have
superuser privileges. RIP protocol requires interface information maintained by
*zebra* daemon. So running *zebra* is mandatory to run *ripd*. Thus minimum
sequence for running RIP is like below:
::
@ -41,8 +39,10 @@ RIP is like below:
Please note that *zebra* must be invoked before *ripd*.
To stop *ripd*. Please use @command{kill `cat
/var/run/ripd.pid`}. Certain signals have special meaningss to *ripd*.
To stop *ripd*. Please use::
kill `cat /var/run/ripd.pid`
Certain signals have special meaningss to *ripd*.
+-------------+------------------------------------------------------+
| Signal | Action |
@ -70,81 +70,82 @@ To stop *ripd*. Please use @command{kill `cat
RIP netmask
-----------
The netmask features of *ripd* support both version 1 and version 2 of
RIP. Version 1 of RIP originally contained no netmask information. In
RIP version 1, network classes were originally used to determine the
size of the netmask. Class A networks use 8 bits of mask, Class B
networks use 16 bits of masks, while Class C networks use 24 bits of
mask. Today, the most widely used method of a network mask is assigned
to the packet on the basis of the interface that received the packet.
Version 2 of RIP supports a variable length subnet mask (VLSM). By
extending the subnet mask, the mask can be divided and reused. Each
subnet can be used for different purposes such as large to middle size
LANs and WAN links. FRR *ripd* does not support the non-sequential
netmasks that are included in RIP Version 2.
The netmask features of *ripd* support both version 1 and version 2 of RIP.
Version 1 of RIP originally contained no netmask information. In RIP version 1,
network classes were originally used to determine the size of the netmask.
Class A networks use 8 bits of mask, Class B networks use 16 bits of masks,
while Class C networks use 24 bits of mask. Today, the most widely used method
of a network mask is assigned to the packet on the basis of the interface that
received the packet. Version 2 of RIP supports a variable length subnet mask
(VLSM). By extending the subnet mask, the mask can be divided and reused. Each
subnet can be used for different purposes such as large to middle size LANs and
WAN links. FRR *ripd* does not support the non-sequential netmasks that are
included in RIP Version 2.
In a case of similar information with the same prefix and metric, the
old information will be suppressed. Ripd does not currently support
equal cost multipath routing.
In a case of similar information with the same prefix and metric, the old
information will be suppressed. Ripd does not currently support equal cost
multipath routing.
.. _RIP_Configuration:
RIP Configuration
=================
.. index:: Command {router rip} {}
.. index:: router rip
.. clicmd:: router rip
Command {router rip} {}
The `router rip` command is necessary to enable RIP. To disable
RIP, use the `no router rip` command. RIP must be enabled before
carrying out any of the RIP commands.
The `router rip` command is necessary to enable RIP. To disable RIP, use the
`no router rip` command. RIP must be enabled before carrying out any of the
RIP commands.
.. index:: Command {no router rip} {}
.. index:: no router rip
.. clicmd:: no router rip
Command {no router rip} {}
Disable RIP.
.. index:: {RIP Command} {network `network`} {}
.. index:: network NETWORK
.. clicmd:: network NETWORK
{RIP Command} {network `network`} {}
.. index:: {RIP Command} {no network `network`} {}
.. index:: no network NETWORK
.. clicmd:: no network NETWORK
{RIP Command} {no network `network`} {}
Set the RIP enable interface by `network`. The interfaces which
have addresses matching with `network` are enabled.
Set the RIP enable interface by NETWORK. The interfaces which have addresses
matching with NETWORK are enabled.
This group of commands either enables or disables RIP interfaces between
certain numbers of a specified network address. For example, if the
network for 10.0.0.0/24 is RIP enabled, this would result in all the
addresses from 10.0.0.0 to 10.0.0.255 being enabled for RIP. The `no network` command will disable RIP for the specified network.
certain numbers of a specified network address. For example, if the network
for 10.0.0.0/24 is RIP enabled, this would result in all the addresses from
10.0.0.0 to 10.0.0.255 being enabled for RIP. The `no network` command will
disable RIP for the specified network.
.. index:: {RIP Command} {network `ifname`} {}
.. index:: network IFNAME
.. clicmd:: network IFNAME
{RIP Command} {network `ifname`} {}
.. index:: {RIP Command} {no network `ifname`} {}
.. index:: no network IFNAME
.. clicmd:: no network IFNAME
{RIP Command} {no network `ifname`} {}
Set a RIP enabled interface by `ifname`. Both the sending and
Set a RIP enabled interface by IFNAME. Both the sending and
receiving of RIP packets will be enabled on the port specified in the
`network ifname` command. The `no network ifname` command will disable
RIP on the specified interface.
.. index:: {RIP Command} {neighbor `a.b.c.d`} {}
.. index:: neighbor A.B.C.D
.. clicmd:: neighbor A.B.C.D
{RIP Command} {neighbor `a.b.c.d`} {}
.. index:: {RIP Command} {no neighbor `a.b.c.d`} {}
.. index:: no neighbor A.B.C.D
.. clicmd:: no neighbor A.B.C.D
{RIP Command} {no neighbor `a.b.c.d`} {}
Specify RIP neighbor. When a neighbor doesn't understand multicast,
this command is used to specify neighbors. In some cases, not all
routers will be able to understand multicasting, where packets are sent
to a network or a group of addresses. In a situation where a neighbor
cannot process multicast packets, it is necessary to establish a direct
link between routers. The neighbor command allows the network
administrator to specify a router as a RIP neighbor. The `no neighbor a.b.c.d` command will disable the RIP neighbor.
Specify RIP neighbor. When a neighbor doesn't understand multicast, this
command is used to specify neighbors. In some cases, not all routers will be
able to understand multicasting, where packets are sent to a network or a
group of addresses. In a situation where a neighbor cannot process multicast
packets, it is necessary to establish a direct link between routers. The
neighbor command allows the network administrator to specify a router as a
RIP neighbor. The `no neighbor a.b.c.d` command will disable the RIP
neighbor.
Below is very simple RIP configuration. Interface `eth0` and
interface which address match to `10.0.0.0/8` are RIP enabled.
Below is very simple RIP configuration. Interface `eth0` and interface which
address match to `10.0.0.0/8` are RIP enabled.
::
@ -155,89 +156,83 @@ Command {no router rip} {}
!
Passive interface
.. index:: passive-interface (IFNAME|default)
.. clicmd:: passive-interface (IFNAME|default)
.. index:: {RIP command} {passive-interface (`IFNAME`|default)} {}
.. index:: no passive-interface IFNAME
.. clicmd:: no passive-interface IFNAME
{RIP command} {passive-interface (`IFNAME`|default)} {}
.. index:: {RIP command} {no passive-interface `IFNAME`} {}
{RIP command} {no passive-interface `IFNAME`} {}
This command sets the specified interface to passive mode. On passive mode
interface, all receiving packets are processed as normal and ripd does
not send either multicast or unicast RIP packets except to RIP neighbors
specified with `neighbor` command. The interface may be specified
as `default` to make ripd default to passive on all interfaces.
interface, all receiving packets are processed as normal and ripd does not
send either multicast or unicast RIP packets except to RIP neighbors
specified with `neighbor` command. The interface may be specified as
`default` to make ripd default to passive on all interfaces.
The default is to be passive on all interfaces.
RIP split-horizon
.. index:: ip split-horizon
.. clicmd:: ip split-horizon
.. index:: {Interface command} {ip split-horizon} {}
.. index:: no ip split-horizon
.. clicmd:: no ip split-horizon
{Interface command} {ip split-horizon} {}
.. index:: {Interface command} {no ip split-horizon} {}
{Interface command} {no ip split-horizon} {}
Control split-horizon on the interface. Default is `ip split-horizon`. If you don't perform split-horizon on the interface,
please specify `no ip split-horizon`.
Control split-horizon on the interface. Default is `ip split-horizon`. If
you don't perform split-horizon on the interface, please specify `no ip
split-horizon`.
.. _RIP_Version_Control:
RIP Version Control
===================
RIP can be configured to send either Version 1 or Version 2 packets.
The default is to send RIPv2 while accepting both RIPv1 and RIPv2 (and
replying with packets of the appropriate version for REQUESTS /
triggered updates). The version to receive and send can be specified
globally, and further overriden on a per-interface basis if needs be
for send and receive seperately (see below).
RIP can be configured to send either Version 1 or Version 2 packets. The
default is to send RIPv2 while accepting both RIPv1 and RIPv2 (and replying
with packets of the appropriate version for REQUESTS / triggered updates). The
version to receive and send can be specified globally, and further overriden on
a per-interface basis if needs be for send and receive seperately (see below).
It is important to note that RIPv1 can not be authenticated. Further,
if RIPv1 is enabled then RIP will reply to REQUEST packets, sending the
state of its RIP routing table to any remote routers that ask on
demand. For a more detailed discussion on the security implications of
RIPv1 see :ref:`RIP_Authentication`.
It is important to note that RIPv1 cannot be authenticated. Further, if RIPv1
is enabled then RIP will reply to REQUEST packets, sending the state of its RIP
routing table to any remote routers that ask on demand. For a more detailed
discussion on the security implications of RIPv1 see :ref:`RIP_Authentication`.
.. index:: {RIP Command} {version `version`} {}
.. index:: version VERSION
.. clicmd:: version VERSION
{RIP Command} {version `version`} {}
Set RIP version to accept for reads and send. `version`
can be either `1'' or `2''.
Set RIP version to accept for reads and send. ``VERSION`` can be either 1 or
1.
Disabling RIPv1 by specifying version 2 is STRONGLY encouraged,
:ref:`RIP_Authentication`. This may become the default in a future
release.
:ref:`RIP_Authentication`. This may become the default in a future release.
Default: Send Version 2, and accept either version.
.. index:: {RIP Command} {no version} {}
.. index:: no version
.. clicmd:: no version
{RIP Command} {no version} {}
Reset the global version setting back to the default.
.. index:: {Interface command} {ip rip send version `version`} {}
.. index:: ip rip send version VERSION
.. clicmd:: ip rip send version VERSION
{Interface command} {ip rip send version `version`} {}
`version` can be `1', `2' or `1 2'.
VERSION can be ``1``, ``2``, or ``1 2``.
This interface command overrides the global rip version setting, and
selects which version of RIP to send packets with, for this interface
specifically. Choice of RIP Version 1, RIP Version 2, or both versions.
In the latter case, where `1 2' is specified, packets will be both
broadcast and multicast.
This interface command overrides the global rip version setting, and selects
which version of RIP to send packets with, for this interface specifically.
Choice of RIP Version 1, RIP Version 2, or both versions. In the latter
case, where ``1 2`` is specified, packets will be both broadcast and
multicast.
Default: Send packets according to the global version (version 2)
.. index:: {Interface command} {ip rip receive version `version`} {}
.. index:: ip rip receive version VERSION
.. clicmd:: ip rip receive version VERSION
{Interface command} {ip rip receive version `version`} {}
`version` can be `1', `2' or `1 2'.
VERSION can be ``1``, ``2``, or ``1 2``.
This interface command overrides the global rip version setting, and
selects which versions of RIP packets will be accepted on this
interface. Choice of RIP Version 1, RIP Version 2, or both.
This interface command overrides the global rip version setting, and selects
which versions of RIP packets will be accepted on this interface. Choice of
RIP Version 1, RIP Version 2, or both.
Default: Accept packets according to the global setting (both 1 and 2).
@ -246,102 +241,99 @@ RIPv1 see :ref:`RIP_Authentication`.
How to Announce RIP route
=========================
.. index:: {RIP command} {redistribute kernel} {}
.. index:: redistribute kernel
.. clicmd:: redistribute kernel
{RIP command} {redistribute kernel} {}
.. index:: {RIP command} {redistribute kernel metric (0-16)} {}
.. index:: redistribute kernel metric (0-16)
.. clicmd:: redistribute kernel metric (0-16)
{RIP command} {redistribute kernel metric (0-16)} {}
.. index:: {RIP command} {redistribute kernel route-map `route-map`} {}
.. index:: redistribute kernel route-map ROUTE-MAP
.. clicmd:: redistribute kernel route-map ROUTE-MAP
{RIP command} {redistribute kernel route-map `route-map`} {}
.. index:: {RIP command} {no redistribute kernel} {}
.. index:: no redistribute kernel
.. clicmd:: no redistribute kernel
{RIP command} {no redistribute kernel} {}
`redistribute kernel` redistributes routing information from
kernel route entries into the RIP tables. `no redistribute kernel`
disables the routes.
`redistribute kernel` redistributes routing information from kernel route
entries into the RIP tables. `no redistribute kernel` disables the routes.
.. index:: {RIP command} {redistribute static} {}
.. index:: redistribute static
.. clicmd:: redistribute static
{RIP command} {redistribute static} {}
.. index:: {RIP command} {redistribute static metric (0-16)} {}
.. index:: redistribute static metric (0-16)
.. clicmd:: redistribute static metric (0-16)
{RIP command} {redistribute static metric (0-16)} {}
.. index:: {RIP command} {redistribute static route-map `route-map`} {}
.. index:: redistribute static route-map ROUTE-MAP
.. clicmd:: redistribute static route-map ROUTE-MAP
{RIP command} {redistribute static route-map `route-map`} {}
.. index:: {RIP command} {no redistribute static} {}
.. index:: no redistribute static
.. clicmd:: no redistribute static
{RIP command} {no redistribute static} {}
`redistribute static` redistributes routing information from
static route entries into the RIP tables. `no redistribute static`
disables the routes.
`redistribute static` redistributes routing information from static route
entries into the RIP tables. `no redistribute static` disables the routes.
.. index:: {RIP command} {redistribute connected} {}
.. index:: redistribute connected
.. clicmd:: redistribute connected
{RIP command} {redistribute connected} {}
.. index:: {RIP command} {redistribute connected metric (0-16)} {}
.. index:: redistribute connected metric (0-16)
.. clicmd:: redistribute connected metric (0-16)
{RIP command} {redistribute connected metric (0-16)} {}
.. index:: {RIP command} {redistribute connected route-map `route-map`} {}
.. index:: redistribute connected route-map ROUTE-MAP
.. clicmd:: redistribute connected route-map ROUTE-MAP
{RIP command} {redistribute connected route-map `route-map`} {}
.. index:: {RIP command} {no redistribute connected} {}
.. index:: no redistribute connected
.. clicmd:: no redistribute connected
{RIP command} {no redistribute connected} {}
Redistribute connected routes into the RIP tables. `no redistribute connected` disables the connected routes in the RIP tables.
This command redistribute connected of the interface which RIP disabled.
The connected route on RIP enabled interface is announced by default.
Redistribute connected routes into the RIP tables. `no redistribute
connected` disables the connected routes in the RIP tables. This command
redistribute connected of the interface which RIP disabled. The connected
route on RIP enabled interface is announced by default.
.. index:: {RIP command} {redistribute ospf} {}
.. index:: redistribute ospf
.. clicmd:: redistribute ospf
{RIP command} {redistribute ospf} {}
.. index:: {RIP command} {redistribute ospf metric (0-16)} {}
.. index:: redistribute ospf metric (0-16)
.. clicmd:: redistribute ospf metric (0-16)
{RIP command} {redistribute ospf metric (0-16)} {}
.. index:: {RIP command} {redistribute ospf route-map `route-map`} {}
.. index:: redistribute ospf route-map ROUTE-MAP
.. clicmd:: redistribute ospf route-map ROUTE-MAP
{RIP command} {redistribute ospf route-map `route-map`} {}
.. index:: {RIP command} {no redistribute ospf} {}
.. index:: no redistribute ospf
.. clicmd:: no redistribute ospf
{RIP command} {no redistribute ospf} {}
`redistribute ospf` redistributes routing information from
ospf route entries into the RIP tables. `no redistribute ospf`
disables the routes.
`redistribute ospf` redistributes routing information from ospf route
entries into the RIP tables. `no redistribute ospf` disables the routes.
.. index:: {RIP command} {redistribute bgp} {}
.. index:: redistribute bgp
.. clicmd:: redistribute bgp
{RIP command} {redistribute bgp} {}
.. index:: {RIP command} {redistribute bgp metric (0-16)} {}
.. index:: redistribute bgp metric (0-16)
.. clicmd:: redistribute bgp metric (0-16)
{RIP command} {redistribute bgp metric (0-16)} {}
.. index:: {RIP command} {redistribute bgp route-map `route-map`} {}
.. index:: redistribute bgp route-map ROUTE-MAP
.. clicmd:: redistribute bgp route-map ROUTE-MAP
{RIP command} {redistribute bgp route-map `route-map`} {}
.. index:: {RIP command} {no redistribute bgp} {}
.. index:: no redistribute bgp
.. clicmd:: no redistribute bgp
{RIP command} {no redistribute bgp} {}
`redistribute bgp` redistributes routing information from
bgp route entries into the RIP tables. `no redistribute bgp`
disables the routes.
`redistribute bgp` redistributes routing information from bgp route entries
into the RIP tables. `no redistribute bgp` disables the routes.
If you want to specify RIP only static routes:
.. index:: {RIP command} {default-information originate} {}
.. index:: default-information originate
.. clicmd:: default-information originate
{RIP command} {default-information originate} {}
.. index:: {RIP command} {route `a.b.c.d/m`} {}
.. index:: route A.B.C.D/M
.. clicmd:: route A.B.C.D/M
{RIP command} {route `a.b.c.d/m`} {}
.. index:: {RIP command} {no route `a.b.c.d/m`} {}
.. index:: no route A.B.C.D/M
.. clicmd:: no route A.B.C.D/M
{RIP command} {no route `a.b.c.d/m`} {}
This command is specific to FRR. The `route` command makes a static
route only inside RIP. This command should be used only by advanced
users who are particularly knowledgeable about the RIP protocol. In
most cases, we recommend creating a static route in FRR and
redistributing it in RIP using `redistribute static`.
This command is specific to FRR. The `route` command makes a static route
only inside RIP. This command should be used only by advanced users who are
particularly knowledgeable about the RIP protocol. In most cases, we
recommend creating a static route in FRR and redistributing it in RIP using
`redistribute static`.
.. _Filtering_RIP_Routes:
@ -350,20 +342,18 @@ Filtering RIP Routes
RIP routes can be filtered by a distribute-list.
.. index:: Command {distribute-list `access_list` `direct` `ifname`} {}
.. index:: distribute-list ACCESS_LIST DIRECT IFNAME
.. clicmd:: distribute-list ACCESS_LIST DIRECT IFNAME
Command {distribute-list `access_list` `direct` `ifname`} {}
You can apply access lists to the interface with a `distribute-list`
command. `access_list` is the access list name. `direct` is
``in`` or ``out``. If `direct` is ``in`` the access list
is applied to input packets.
You can apply access lists to the interface with a `distribute-list` command.
ACCESS_LIST is the access list name. DIRECT is ``in`` or ``out``. If DIRECT
is ``in`` the access list is applied to input packets.
The `distribute-list` command can be used to filter the RIP path.
`distribute-list` can apply access-lists to a chosen interface.
First, one should specify the access-list. Next, the name of the
access-list is used in the distribute-list command. For example, in the
following configuration ``eth0`` will permit only the paths that
match the route 10.0.0.0/8
`distribute-list` can apply access-lists to a chosen interface. First, one
should specify the access-list. Next, the name of the access-list is used in
the distribute-list command. For example, in the following configuration
``eth0`` will permit only the paths that match the route 10.0.0.0/8
::
@ -378,13 +368,13 @@ Command {distribute-list `access_list` `direct` `ifname`} {}
`distribute-list` can be applied to both incoming and outgoing data.
.. index:: Command {distribute-list prefix `prefix_list` (in|out) `ifname`} {}
.. index:: distribute-list prefix PREFIX_LIST (in|out) IFNAME
.. clicmd:: distribute-list prefix PREFIX_LIST (in|out) IFNAME
Command {distribute-list prefix `prefix_list` (in|out) `ifname`} {}
You can apply prefix lists to the interface with a
`distribute-list` command. `prefix_list` is the prefix list
name. Next is the direction of ``in`` or ``out``. If
`direct` is ``in`` the access list is applied to input packets.
You can apply prefix lists to the interface with a `distribute-list`
command. PREFIX_LIST is the prefix list name. Next is the direction of
``in`` or ``out``. If DIRECT is ``in`` the access list is applied to input
packets.
.. _RIP_Metric_Manipulation:
@ -395,25 +385,24 @@ RIP metric is a value for distance for the network. Usually
*ripd* increment the metric when the network information is
received. Redistributed routes' metric is set to 1.
.. index:: {RIP command} {default-metric (1-16)} {}
.. index:: default-metric (1-16)
.. clicmd:: default-metric (1-16)
{RIP command} {default-metric (1-16)} {}
.. index:: {RIP command} {no default-metric (1-16)} {}
.. index:: no default-metric (1-16)
.. clicmd:: no default-metric (1-16)
{RIP command} {no default-metric (1-16)} {}
This command modifies the default metric value for redistributed routes. The
default value is 1. This command does not affect connected route
even if it is redistributed by *redistribute connected*. To modify
connected route's metric value, please use @command{redistribute
connected metric} or *route-map*. *offset-list* also
affects connected routes.
This command modifies the default metric value for redistributed routes.
The default value is 1. This command does not affect connected route even if
it is redistributed by *redistribute connected*. To modify connected route's
metric value, please use ``redistribute connected metric`` or *route-map*.
*offset-list* also affects connected routes.
.. index:: {RIP command} {offset-list `access-list` (in|out)} {}
.. index:: offset-list ACCESS-LIST (in|out)
.. clicmd:: offset-list ACCESS-LIST (in|out)
{RIP command} {offset-list `access-list` (in|out)} {}
.. index:: {RIP command} {offset-list `access-list` (in|out) `ifname`} {}
.. index:: offset-list ACCESS-LIST (in|out) IFNAME
.. clicmd:: offset-list ACCESS-LIST (in|out) IFNAME
{RIP command} {offset-list `access-list` (in|out) `ifname`} {}
.. _RIP_distance:
@ -422,29 +411,29 @@ RIP distance
Distance value is used in zebra daemon. Default RIP distance is 120.
.. index:: {RIP command} {distance (1-255)} {}
.. index:: distance (1-255)
.. clicmd:: distance (1-255)
{RIP command} {distance (1-255)} {}
.. index:: {RIP command} {no distance (1-255)} {}
.. index:: no distance (1-255)
.. clicmd:: no distance (1-255)
{RIP command} {no distance (1-255)} {}
Set default RIP distance to specified value.
.. index:: {RIP command} {distance (1-255) `A.B.C.D/M`} {}
.. index:: distance (1-255) A.B.C.D/M
.. clicmd:: distance (1-255) A.B.C.D/M
{RIP command} {distance (1-255) `A.B.C.D/M`} {}
.. index:: {RIP command} {no distance (1-255) `A.B.C.D/M`} {}
.. index:: no distance (1-255) A.B.C.D/M
.. clicmd:: no distance (1-255) A.B.C.D/M
{RIP command} {no distance (1-255) `A.B.C.D/M`} {}
Set default RIP distance to specified value when the route's source IP
address matches the specified prefix.
.. index:: {RIP command} {distance (1-255) `A.B.C.D/M` `access-list`} {}
.. index:: distance (1-255) A.B.C.D/M ACCESS-LIST
.. clicmd:: distance (1-255) A.B.C.D/M ACCESS-LIST
{RIP command} {distance (1-255) `A.B.C.D/M` `access-list`} {}
.. index:: {RIP command} {no distance (1-255) `A.B.C.D/M` `access-list`} {}
.. index:: no distance (1-255) A.B.C.D/M ACCESS-LIST
.. clicmd:: no distance (1-255) A.B.C.D/M ACCESS-LIST
{RIP command} {no distance (1-255) `A.B.C.D/M` `access-list`} {}
Set default RIP distance to specified value when the route's source IP
address matches the specified prefix and the specified access-list.
@ -465,64 +454,63 @@ statement.
.....
Cisco applies route-map _before_ routes will exported to rip route table.
In current FRR's test implementation, *ripd* applies route-map
after routes are listed in the route table and before routes will be
announced to an interface (something like output filter). I think it is not
so clear, but it is draft and it may be changed at future.
Cisco applies route-map _before_ routes will exported to rip route table. In
current FRR's test implementation, *ripd* applies route-map after routes are
listed in the route table and before routes will be announced to an interface
(something like output filter). I think it is not so clear, but it is draft and
it may be changed at future.
Route-map statement (:ref:`Route_Map`) is needed to use route-map
functionality.
.. index:: {Route Map} {match interface `word`} {}
.. index:: match interface WORD
.. clicmd:: match interface WORD
{Route Map} {match interface `word`} {}
This command match to incoming interface. Notation of this match is
different from Cisco. Cisco uses a list of interfaces - NAME1 NAME2
... NAMEN. Ripd allows only one name (maybe will change in the
future). Next - Cisco means interface which includes next-hop of
routes (it is somewhat similar to "ip next-hop" statement). Ripd
means interface where this route will be sent. This difference is
because "next-hop" of same routes which sends to different interfaces
must be different. Maybe it'd be better to made new matches - say
"match interface-out NAME" or something like that.
different from Cisco. Cisco uses a list of interfaces - NAME1 NAME2 ...
NAMEN. Ripd allows only one name (maybe will change in the future). Next -
Cisco means interface which includes next-hop of routes (it is somewhat
similar to "ip next-hop" statement). Ripd means interface where this route
will be sent. This difference is because "next-hop" of same routes which
sends to different interfaces must be different. Maybe it'd be better to
made new matches - say "match interface-out NAME" or something like that.
.. index:: {Route Map} {match ip address `word`} {}
.. index:: match ip address WORD
.. clicmd:: match ip address WORD
{Route Map} {match ip address `word`} {}
.. index:: {Route Map} {match ip address prefix-list `word`} {}
.. index:: match ip address prefix-list WORD
.. clicmd:: match ip address prefix-list WORD
{Route Map} {match ip address prefix-list `word`} {}
Match if route destination is permitted by access-list.
.. index:: {Route Map} {match ip next-hop `word`} {}
.. index:: match ip next-hop WORD
.. clicmd:: match ip next-hop WORD
{Route Map} {match ip next-hop `word`} {}
.. index:: {Route Map} {match ip next-hop prefix-list `word`} {}
.. index:: match ip next-hop prefix-list WORD
.. clicmd:: match ip next-hop prefix-list WORD
{Route Map} {match ip next-hop prefix-list `word`} {}
Match if route next-hop (meaning next-hop listed in the rip route-table
as displayed by "show ip rip") is permitted by access-list.
Match if route next-hop (meaning next-hop listed in the rip route-table as
displayed by "show ip rip") is permitted by access-list.
.. index:: {Route Map} {match metric (0-4294967295)} {}
.. index:: match metric (0-4294967295)
.. clicmd:: match metric (0-4294967295)
{Route Map} {match metric (0-4294967295)} {}
This command match to the metric value of RIP updates. For other
protocol compatibility metric range is shown as (0-4294967295). But
for RIP protocol only the value range (0-16) make sense.
This command match to the metric value of RIP updates. For other protocol
compatibility metric range is shown as (0-4294967295). But for RIP protocol
only the value range (0-16) make sense.
.. index:: {Route Map} {set ip next-hop A.B.C.D} {}
.. index:: set ip next-hop A.B.C.D
.. clicmd:: set ip next-hop A.B.C.D
{Route Map} {set ip next-hop A.B.C.D} {}
This command set next hop value in RIPv2 protocol. This command does
not affect RIPv1 because there is no next hop field in the packet.
This command set next hop value in RIPv2 protocol. This command does not
affect RIPv1 because there is no next hop field in the packet.
.. index:: {Route Map} {set metric (0-4294967295)} {}
.. index:: set metric (0-4294967295)
.. clicmd:: set metric (0-4294967295)
{Route Map} {set metric (0-4294967295)} {}
Set a metric for matched route when sending announcement. The metric
value range is very large for compatibility with other protocols. For
RIP, valid metric values are from 1 to 16.
Set a metric for matched route when sending announcement. The metric value
range is very large for compatibility with other protocols. For RIP, valid
metric values are from 1 to 16.
.. _RIP_Authentication:
@ -552,37 +540,37 @@ on the internet, via RIPv1.
To prevent such unauthenticated querying of routes disable RIPv1,
:ref:`RIP_Version_Control`.
.. index:: {Interface command} {ip rip authentication mode md5} {}
.. index:: ip rip authentication mode md5
.. clicmd:: ip rip authentication mode md5
{Interface command} {ip rip authentication mode md5} {}
.. index:: {Interface command} {no ip rip authentication mode md5} {}
.. index:: no ip rip authentication mode md5
.. clicmd:: no ip rip authentication mode md5
{Interface command} {no ip rip authentication mode md5} {}
Set the interface with RIPv2 MD5 authentication.
.. index:: {Interface command} {ip rip authentication mode text} {}
.. index:: ip rip authentication mode text
.. clicmd:: ip rip authentication mode text
{Interface command} {ip rip authentication mode text} {}
.. index:: {Interface command} {no ip rip authentication mode text} {}
.. index:: no ip rip authentication mode text
.. clicmd:: no ip rip authentication mode text
{Interface command} {no ip rip authentication mode text} {}
Set the interface with RIPv2 simple password authentication.
.. index:: {Interface command} {ip rip authentication string `string`} {}
.. index:: ip rip authentication string STRING
.. clicmd:: ip rip authentication string STRING
{Interface command} {ip rip authentication string `string`} {}
.. index:: {Interface command} {no ip rip authentication string `string`} {}
.. index:: no ip rip authentication string STRING
.. clicmd:: no ip rip authentication string STRING
{Interface command} {no ip rip authentication string `string`} {}
RIP version 2 has simple text authentication. This command sets
authentication string. The string must be shorter than 16 characters.
.. index:: {Interface command} {ip rip authentication key-chain `key-chain`} {}
.. index:: ip rip authentication key-chain KEY-CHAIN
.. clicmd:: ip rip authentication key-chain KEY-CHAIN
{Interface command} {ip rip authentication key-chain `key-chain`} {}
.. index:: {Interface command} {no ip rip authentication key-chain `key-chain`} {}
.. index:: no ip rip authentication key-chain KEY-CHAIN
.. clicmd:: no ip rip authentication key-chain KEY-CHAIN
{Interface command} {no ip rip authentication key-chain `key-chain`} {}
Specifiy Keyed MD5 chain.
::
@ -603,43 +591,34 @@ To prevent such unauthenticated querying of routes disable RIPv1,
RIP Timers
==========
.. index:: {RIP command} {timers basic `update` `timeout` `garbage`} {}
.. index:: timers basic UPDATE TIMEOUT GARBAGE
.. clicmd:: timers basic UPDATE TIMEOUT GARBAGE
{RIP command} {timers basic `update` `timeout` `garbage`} {}
RIP protocol has several timers. User can configure those timers' values
by `timers basic` command.
The default settings for the timers are as follows:
``
The update timer is 30 seconds. Every update timer seconds, the RIP
- The update timer is 30 seconds. Every update timer seconds, the RIP
process is awakened to send an unsolicited Response message containing
the complete routing table to all neighboring RIP routers.
``
The timeout timer is 180 seconds. Upon expiration of the timeout, the
- The timeout timer is 180 seconds. Upon expiration of the timeout, the
route is no longer valid; however, it is retained in the routing table
for a short time so that neighbors can be notified that the route has
been dropped.
``
The garbage collect timer is 120 seconds. Upon expiration of the
- The garbage collect timer is 120 seconds. Upon expiration of the
garbage-collection timer, the route is finally removed from the routing
table.
The `timers basic` command allows the the default values of the timers
The ``timers basic`` command allows the the default values of the timers
listed above to be changed.
.. index:: {RIP command} {no timers basic} {}
.. index:: no timers basic
.. clicmd:: no timers basic
{RIP command} {no timers basic} {}
The `no timers basic` command will reset the timers to the default
settings listed above.
The `no timers basic` command will reset the timers to the default settings
listed above.
.. _Show_RIP_Information:
@ -648,9 +627,9 @@ Show RIP Information
To display RIP routes.
.. index:: Command {show ip rip} {}
.. index:: show ip rip
.. clicmd:: show ip rip
Command {show ip rip} {}
Show RIP routes.
The command displays all RIP routes. For routes that are received
@ -658,9 +637,9 @@ through RIP, this command will display the time the packet was sent and
the tag information. This command will also display this information
for routes redistributed into RIP.
.. index:: Command {show ip rip status} {}
.. index:: show ip rip status
.. clicmd:: show ip rip status
Command {show ip rip status} {}
The command displays current RIP status. It includes RIP timer,
filtering, version, RIP enabled interface and RIP peer inforation.
@ -690,37 +669,27 @@ RIP Debug Commands
Debug for RIP protocol.
.. index:: Command {debug rip events} {}
.. index:: debug rip events
.. clicmd:: debug rip events
Command {debug rip events} {}
Debug rip events.
Shows RIP events. Sending and receiving packets, timers, and changes in
interfaces are events shown with *ripd*.
`debug rip` will show RIP events. Sending and receiving
packets, timers, and changes in interfaces are events shown with *ripd*.
.. index:: debug rip packet
.. clicmd:: debug rip packet
.. index:: Command {debug rip packet} {}
Shows display detailed information about the RIP packets. The origin and
port number of the packet as well as a packet dump is shown.
Command {debug rip packet} {}
Debug rip packet.
.. index:: debug rip zebra
.. clicmd:: debug rip zebra
`debug rip packet` will display detailed information about the RIP
packets. The origin and port number of the packet as well as a packet
dump is shown.
This command will show the communication between *ripd* and *zebra*. The
main information will include addition and deletion of paths to the kernel
and the sending and receiving of interface information.
.. index:: Command {debug rip zebra} {}
.. index:: show debugging rip
.. clicmd:: show debugging rip
Command {debug rip zebra} {}
Debug rip between zebra communication.
This command will show the communication between *ripd* and
*zebra*. The main information will include addition and deletion of
paths to the kernel and the sending and receiving of interface information.
.. index:: Command {show debugging rip} {}
Command {show debugging rip} {}
Display *ripd*'s debugging option.
`show debugging rip` will show all information currently set for ripd
debug.
Shows all information currently set for ripd debug.

78
doc/user/ripngd.rst
View File

@ -4,16 +4,16 @@
RIPng
*****
*ripngd* supports the RIPng protocol as described in RFC2080. It's an
IPv6 reincarnation of the RIP protocol.
*ripngd* supports the RIPng protocol as described in :rfc:`2080`. It's an IPv6
reincarnation of the RIP protocol.
.. _Invoking_ripngd:
Invoking ripngd
===============
There are no `ripngd` specific invocation options. Common options
can be specified (:ref:`Common_Invocation_Options`).
There are no `ripngd` specific invocation options. Common options can be
specified (:ref:`Common_Invocation_Options`).
.. _ripngd_Configuration:
@ -22,72 +22,68 @@ ripngd Configuration
Currently ripngd supports the following commands:
.. index:: Command {router ripng} {}
.. index:: router ripng
.. clicmd:: router ripng
Command {router ripng} {}
Enable RIPng.
.. index:: {RIPng Command} {flush_timer `time`} {}
.. index:: flush_timer TIME
.. clicmd:: flush_timer TIME
{RIPng Command} {flush_timer `time`} {}
Set flush timer.
.. index:: {RIPng Command} {network `network`} {}
.. index:: network NETWORK
.. clicmd:: network NETWORK
{RIPng Command} {network `network`} {}
Set RIPng enabled interface by `network`
Set RIPng enabled interface by NETWORK.
.. index:: {RIPng Command} {network `ifname`} {}
.. index:: network IFNAME
.. clicmd:: network IFNAME
{RIPng Command} {network `ifname`} {}
Set RIPng enabled interface by `ifname`
Set RIPng enabled interface by IFNAME.
.. index:: {RIPng Command} {route `network`} {}
.. index:: route NETWORK
.. clicmd:: route NETWORK
{RIPng Command} {route `network`} {}
Set RIPng static routing announcement of `network`.
Set RIPng static routing announcement of NETWORK.
.. index:: Command {router zebra} {}
.. index:: router zebra
.. clicmd:: router zebra
Command {router zebra} {}
This command is the default and does not appear in the configuration.
With this statement, RIPng routes go to the *zebra* daemon.
This command is the default and does not appear in the configuration. With
this statement, RIPng routes go to the *zebra* daemon.
.. _ripngd_Terminal_Mode_Commands:
ripngd Terminal Mode Commands
=============================
.. index:: Command {show ip ripng} {}
.. index:: show ip ripng
.. clicmd:: show ip ripng
Command {show ip ripng} {}
.. index:: show debugging ripng
.. clicmd:: show debugging ripng
.. index:: Command {show debugging ripng} {}
.. index:: debug ripng events
.. clicmd:: debug ripng events
Command {show debugging ripng} {}
.. index:: Command {debug ripng events} {}
.. index:: debug ripng packet
.. clicmd:: debug ripng packet
Command {debug ripng events} {}
.. index:: Command {debug ripng packet} {}
.. index:: debug ripng zebra
.. clicmd:: debug ripng zebra
Command {debug ripng packet} {}
.. index:: Command {debug ripng zebra} {}
Command {debug ripng zebra} {}
ripngd Filtering Commands
=========================
.. index:: Command {distribute-list `access_list` (in|out) `ifname`} {}
.. index:: distribute-list ACCESS_LIST (in|out) IFNAME
.. clicmd:: distribute-list ACCESS_LIST (in|out) IFNAME
Command {distribute-list `access_list` (in|out) `ifname`} {}
You can apply an access-list to the interface using the
`distribute-list` command. `access_list` is an access-list
name. `direct` is ``in`` or ``out``. If `direct` is
``in``, the access-list is applied only to incoming packets.
::
You can apply an access-list to the interface using the `distribute-list`
command. ACCESS_LIST is an access-list name. `direct` is ``in`` or
``out``. If `direct` is ``in``, the access-list is applied only to incoming
packets.::
distribute-list local-only out sit1

2
doc/user/routemap.rst
View File

@ -269,6 +269,6 @@ A simple example of a route-map:
This means that if a route matches ip access-list number 10 it's
local-preference value is set to 200.
See :ref:`BGP_Configuration_Examples` for examples of more sophisticated
See :ref:`bgp-configuration-examples` for examples of more sophisticated
useage of route-maps, including of the ``call`` action.

185
doc/user/rpki.rst
View File

@ -3,33 +3,26 @@
Prefix Origin Validation Using RPKI
===================================
Prefix Origin Validation allows BGP routers to verify if the origin AS of
an IP prefix is legitimate to announce this IP prefix. The required
attestation objects are stored in the Resource Public Key Infrastructure
(:abbr:`RPKI`). However, RPKI-enabled routers do not store cryptographic
data itself but only validation information. The validation of the
cryptographic data (so called Route Origin Authorization, or short
:abbr:`ROA`, objects) will be performed by trusted cache servers. The
RPKI/RTR protocol defines a standard mechanism to maintain the exchange of
the prefix/origin AS mapping between the cache server and routers.
In combination with a BGP Prefix Origin Validation scheme a router is able
to verify received BGP updates without suffering from cryptographic
complexity.
Prefix Origin Validation allows BGP routers to verify if the origin AS of an IP
prefix is legitimate to announce this IP prefix. The required attestation
objects are stored in the Resource Public Key Infrastructure (:abbr:`RPKI`).
However, RPKI-enabled routers do not store cryptographic data itself but only
validation information. The validation of the cryptographic data (so called
Route Origin Authorization, or short :abbr:`ROA`, objects) will be performed by
trusted cache servers. The RPKI/RTR protocol defines a standard mechanism to
maintain the exchange of the prefix/origin AS mapping between the cache server
and routers. In combination with a BGP Prefix Origin Validation scheme a
router is able to verify received BGP updates without suffering from
cryptographic complexity.
The RPKI/RTR protocol is defined in :rfc:`6810` and the validation scheme in
:rfc:`6811`. The current version of Prefix Origin Validation in FRR implements
both RFCs.
For a more detailed but still easy-to-read background, we suggest the
following two articles:
For a more detailed but still easy-to-read background, we suggest:
* @cite{Geoff Huston, Randy Bush: Securing BGP, In: The Internet
Protocol Journal, Volume 14, No. 2, 2011.}
`http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_14-2/142_bgp.html <http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_14-2/142_bgp.html>`_
* @cite{Geoff Huston: Resource Certification, In: The Internet Protocol
Journal, Volume 12, No.1, 2009.}
`http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_12-1/121_resource.html <http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_12-1/121_resource.html>`_
- [Securing-BGP]_
- [Resource-Certification]_
.. _Features_of_the_Current_Implementation:
@ -38,24 +31,19 @@ Features of the Current Implementation
In a nutshell, the current implementation provides the following features
* The BGP router can connect to one or more RPKI cache servers to
receive validated prefix to origin AS mappings.
Advanced failover can be implemented by server sockets with different
preference values.
* If no connection to an RPKI cache server can be established after a
- The BGP router can connect to one or more RPKI cache servers to receive
validated prefix to origin AS mappings. Advanced failover can be implemented
by server sockets with different preference values.
- If no connection to an RPKI cache server can be established after a
pre-defined timeout, the router will process routes without prefix origin
validation. It still will try to establish a connection to an RPKI cache
server in the background.
* By default, enabling RPKI does not change best path selection. In
particular, invalid prefixes will still be considered during best path
selection. However, the router can be configured to ignore all invalid
prefixes.
* Route maps can be configured to match a specific RPKI validation
state. This allows the creation of local policies, which handle BGP routes
based on the outcome of the Prefix Origin Validation.
- By default, enabling RPKI does not change best path selection. In particular,
invalid prefixes will still be considered during best path selection.
However, the router can be configured to ignore all invalid prefixes.
- Route maps can be configured to match a specific RPKI validation state. This
allows the creation of local policies, which handle BGP routes based on the
outcome of the Prefix Origin Validation.
.. _Enabling_RPKI:
@ -63,100 +51,95 @@ In a nutshell, the current implementation provides the following features
Enabling RPKI
-------------
.. index:: {Command} {rpki} {}
.. index:: rpki
.. clicmd:: rpki
{Command} {rpki} {}
This command enables the RPKI configuration mode. Most commands that start
with *rpki* can only be used in this mode.
When it is used in a telnet session, leaving of this mode cause rpki to be initialized.
Executing this command alone does not activate prefix
validation. You need to configure at least one reachable cache server. See section
:ref:`Configuring_RPKI/RTR_Cache_Servers` for configuring a cache server.
Executing this command alone does not activate prefix validation. You need
to configure at least one reachable cache server. See section
:ref:`configuring-rpki-rtr-cache-servers` for configuring a cache server.
.. _Configuring_RPKI/RTR_Cache_Servers:
.. _configuring-rpki-rtr-cache-servers:
Configuring RPKI/RTR Cache Servers
----------------------------------
The following commands are independent of a specific cache server.
.. index:: {RPKI Command} {rpki polling_period (1-3600)} {}
.. index:: rpki polling_period (1-3600)
.. clicmd:: rpki polling_period (1-3600)
{RPKI Command} {rpki polling_period (1-3600)} {}
.. index:: {RPKI Command} {no rpki polling_period} {}
.. index:: no rpki polling_period
.. clicmd:: no rpki polling_period
{RPKI Command} {no rpki polling_period} {}
Set the number of seconds the router waits until the router asks the cache again
for updated data.
Set the number of seconds the router waits until the router asks the cache
again for updated data.
The default value is 300 seconds.
.. index:: {RPKI Command} {rpki timeout <1-4,294,967,296>} {}
.. index:: rpki timeout <1-4,294,967,296>
.. clicmd:: rpki timeout <1-4,294,967,296>
{RPKI Command} {rpki timeout <1-4,294,967,296>} {}
.. index:: {RPKI Command} {no rpki timeout} {}
.. index:: no rpki timeout
.. clicmd:: no rpki timeout
{RPKI Command} {no rpki timeout} {}
Set the number of seconds the router waits for the cache reply. If the
cache server is not replying within this time period, the router deletes
all received prefix records from the prefix table.
Set the number of seconds the router waits for the cache reply. If the cache
server is not replying within this time period, the router deletes all
received prefix records from the prefix table.
The default value is 600 seconds.
.. index:: {RPKI Command} {rpki initial-synchronisation-timeout <1-4,294,967,296>} {}
.. index:: rpki initial-synchronisation-timeout <1-4,294,967,296>
.. clicmd:: rpki initial-synchronisation-timeout <1-4,294,967,296>
{RPKI Command} {rpki initial-synchronisation-timeout <1-4,294,967,296>} {}
.. index:: {RPKI Command} {no rpki initial-synchronisation-timeout} {}
.. index:: no rpki initial-synchronisation-timeout
.. clicmd:: no rpki initial-synchronisation-timeout
{RPKI Command} {no rpki initial-synchronisation-timeout} {}
Set the number of seconds until the first synchronization with the cache
server needs to be completed. If the timeout expires, BGP routing is
started without RPKI. The router will try to establish the cache server
connection in the background.
server needs to be completed. If the timeout expires, BGP routing is started
without RPKI. The router will try to establish the cache server connection in
the background.
The default value is 30 seconds.
The following commands configure one or multiple cache servers.
.. index:: {RPKI Socket Command} {rpki cache (`A.B.C.D`|`WORD`) `PORT` [`SSH_USERNAME`] [`SSH_PRIVKEY_PATH`] [`SSH_PUBKEY_PATH`] [`KNOWN_HOSTS_PATH`] `PREFERENCE`} {}
.. index:: rpki cache (A.B.C.D|WORD) PORT [SSH_USERNAME] [SSH_PRIVKEY_PATH] [SSH_PUBKEY_PATH] [KNOWN_HOSTS_PATH] PREFERENCE
.. clicmd:: rpki cache (A.B.C.D|WORD) PORT [SSH_USERNAME] [SSH_PRIVKEY_PATH] [SSH_PUBKEY_PATH] [KNOWN_HOSTS_PATH] PREFERENCE
{RPKI Socket Command} {rpki cache (`A.B.C.D`|`WORD`) `PORT` [`SSH_USERNAME`] [`SSH_PRIVKEY_PATH`] [`SSH_PUBKEY_PATH`] [`KNOWN_HOSTS_PATH`] `PREFERENCE`} {}
.. index:: {RPKI Socket Command} {no rpki cache (`A.B.C.D`|`WORD`) [`PORT`] `PREFERENCE`} {}
.. index:: no rpki cache (A.B.C.D|WORD) [PORT] PREFERENCE
.. clicmd:: no rpki cache (A.B.C.D|WORD) [PORT] PREFERENCE
{RPKI Socket Command} {no rpki cache (`A.B.C.D`|`WORD`) [`PORT`] `PREFERENCE`} {}
Add a cache server to the socket. By default, the connection between
router and cache server is based on plain TCP. Protecting the connection
between router and cache server by SSH is optional.
Deleting a socket removes the associated cache server and
terminates the existing connection.
Add a cache server to the socket. By default, the connection between router
and cache server is based on plain TCP. Protecting the connection between
router and cache server by SSH is optional. Deleting a socket removes the
associated cache server and terminates the existing connection.
*`A.B.C.D`|`WORD`*
A.B.C.D|WORD
Address of the cache server.
*`PORT`*
PORT
Port number to connect to the cache server
*`SSH_USERNAME`*
SSH_USERNAME
SSH username to establish an SSH connection to the cache server.
*`SSH_PRIVKEY_PATH`*
SSH_PRIVKEY_PATH
Local path that includes the private key file of the router.
*`SSH_PUBKEY_PATH`*
SSH_PUBKEY_PATH
Local path that includes the public key file of the router.
*`KNOWN_HOSTS_PATH`*
Local path that includes the known hosts file. The default value depends on the
configuration of the operating system environment, usually
KNOWN_HOSTS_PATH
Local path that includes the known hosts file. The default value depends
on the configuration of the operating system environment, usually
:file:`~/.ssh/known_hosts`.
@ -165,20 +148,22 @@ The following commands are independent of a specific cache server.
Validating BGP Updates
----------------------
.. index:: {Route Map Command} {match rpki {notfound|invalid|valid}} {}
.. index:: match rpki notfound|invalid|valid
.. clicmd:: match rpki notfound|invalid|valid
{Route Map Command} {match rpki {notfound|invalid|valid}} {}
.. index:: {Route Map Command} {no match rpki {notfound|invalid|valid}} {}
.. index:: no match rpki notfound|invalid|valid
.. clicmd:: no match rpki notfound|invalid|valid
{Route Map Command} {no match rpki {notfound|invalid|valid}} {}
Create a clause for a route map to match prefixes with the specified RPKI state.
Create a clause for a route map to match prefixes with the specified RPKI
state.
**Note** that the matching of invalid prefixes requires that invalid
prefixes are considered for best path selection, i.e., @command{bgp
bestpath prefix-validate disallow-invalid} is not enabled.
prefixes are considered for best path selection, i.e.,
``bgp bestpath prefix-validate disallow-invalid`` is not enabled.
In the following example, the router prefers valid routes over invalid
prefixes because invalid routes have a lower local preference.
::
! Allow for invalid routes in route selection process
@ -195,18 +180,17 @@ Validating BGP Updates
set local-preference 500
.. _Debugging:
Debugging
---------
.. index:: {Command} {debug rpki} {}
.. index:: debug rpki
.. clicmd:: debug rpki
{Command} {debug rpki} {}
.. index:: {Command} {no debug rpki} {}
.. index:: no debug rpki
.. clicmd:: no debug rpki
{Command} {no debug rpki} {}
Enable or disable debugging output for RPKI.
.. _Displaying_RPKI:
@ -214,16 +198,16 @@ Debugging
Displaying RPKI
---------------
.. index:: {Command} {show rpki prefix-table} {}
.. index:: show rpki prefix-table
.. clicmd:: show rpki prefix-table
{Command} {show rpki prefix-table} {}
Display all validated prefix to origin AS mappings/records which have been
received from the cache servers and stored in the router. Based on this data,
the router validates BGP Updates.
.. index:: {Command} {show rpki cache-connection} {}
.. index:: show rpki cache-connection
.. clicmd:: show rpki cache-connection
{Command} {show rpki cache-connection} {}
Display all configured cache servers, whether active or not.
RPKI Configuration Example
@ -273,4 +257,5 @@ RPKI Configuration Example
route-map rpki permit 40
!
.. [Securing-BGP] `Geoff Huston, Randy Bush: Securing BGP, In: The Internet Protocol Journal, Volume 14, No. 2, 2011. <http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_14-2/142_bgp.html>`_
.. [Resource-Certification] `Geoff Huston: Resource Certification, In: The Internet Protocol Journal, Volume 12, No.1, 2009. <http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_12-1/121_resource.html>`_

122
doc/user/snmp.rst
View File

@ -4,44 +4,43 @@
SNMP Support
************
:abbr:`SNMP (Simple Network Managing Protocol)` is a widely implemented
feature for collecting network information from router and/or host.
FRR itself does not support SNMP agent (server daemon) functionality
but is able to connect to a SNMP agent using the SMUX protocol
(:rfc:`1227`) or the AgentX protocol (:rfc:`2741`) and make the
routing protocol MIBs available through it.
:abbr:`SNMP (Simple Network Managing Protocol)` is a widely implemented feature
for collecting network information from router and/or host. FRR itself does
not support SNMP agent (server daemon) functionality but is able to connect to
a SNMP agent using the SMUX protocol (:rfc:`1227`) or the AgentX protocol
(:rfc:`2741`) and make the routing protocol MIBs available through it.
Note that SNMP Support needs to be enabled at compile-time and loaded as
module on daemon startup. Refer to :ref:`Loadable_Module_Support` on
the latter.
Note that SNMP Support needs to be enabled at compile-time and loaded as module
on daemon startup. Refer to :ref:`Loadable_Module_Support` on the latter.
.. _Getting_and_installing_an_SNMP_agent:
Getting and installing an SNMP agent
====================================
There are several SNMP agent which support SMUX or AgentX. We recommend to use the latest
version of `net-snmp` which was formerly known as `ucd-snmp`.
It is free and open software and available at `http://www.net-snmp.org/ <http://www.net-snmp.org/>`_
and as binary package for most Linux distributions.
`net-snmp` has to be compiled with `--with-mib-modules=agentx` to
be able to accept connections from FRR using AgentX protocol or with
`--with-mib-modules=smux` to use SMUX protocol.
There are several SNMP agent which support SMUX or AgentX. We recommend to use
the latest version of `net-snmp` which was formerly known as `ucd-snmp`. It is
free and open software and available at `http://www.net-snmp.org/ <http://www.net-snmp.org/>`_
and as binary package for most Linux distributions. `net-snmp` has to be
compiled with `--with-mib-modules=agentx` to be able to accept connections from
FRR using AgentX protocol or with `--with-mib-modules=smux` to use SMUX
protocol.
Nowadays, SMUX is a legacy protocol. The AgentX protocol should be
preferred for any new deployment. Both protocols have the same coverage.
Nowadays, SMUX is a legacy protocol. The AgentX protocol should be preferred
for any new deployment. Both protocols have the same coverage.
.. _AgentX_configuration:
AgentX configuration
====================
.. program:: configure
To enable AgentX protocol support, FRR must have been build with the
`--enable-snmp` or `--enable-snmp=agentx` option. Both the
master SNMP agent (snmpd) and each of the FRR daemons must be
configured. In `/etc/snmp/snmpd.conf`, `master agentx`
directive should be added. In each of the FRR daemons, `agentx`
command will enable AgentX support.
:option:`--enable-snmp` or `--enable-snmp=agentx` option. Both the
master SNMP agent (snmpd) and each of the FRR daemons must be configured. In
:file:`/etc/snmp/snmpd.conf`, the ``master agentx`` directive should be added.
In each of the FRR daemons, ``agentx`` command will enable AgentX support.
::
@ -65,8 +64,8 @@ command will enable AgentX support.
!
Upon successful connection, you should get something like this in the
log of each FRR daemons:
Upon successful connection, you should get something like this in the log of
each FRR daemons:
::
@ -82,10 +81,10 @@ Then, you can use the following command to check everything works as expected:
[...]
The AgentX protocol can be transported over a Unix socket or using TCP
or UDP. It usually defaults to a Unix socket and depends on how NetSNMP
was built. If need to configure FRR to use another transport, you can
configure it through `/etc/snmp/frr.conf`:
The AgentX protocol can be transported over a Unix socket or using TCP or UDP.
It usually defaults to a Unix socket and depends on how NetSNMP was built. If
need to configure FRR to use another transport, you can configure it through
:file:`/etc/snmp/frr.conf`:
::
@ -101,18 +100,17 @@ SMUX configuration
==================
To enable SMUX protocol support, FRR must have been build with the
`--enable-snmp=smux` option.
:option:`--enable-snmp` option.
A separate connection has then to be established between the
SNMP agent (snmpd) and each of the FRR daemons. This connections
each use different OID numbers and passwords. Be aware that this OID
number is not the one that is used in queries by clients, it is solely
used for the intercommunication of the daemons.
A separate connection has then to be established between the SNMP agent (snmpd)
and each of the FRR daemons. This connections each use different OID numbers
and passwords. Be aware that this OID number is not the one that is used in
queries by clients, it is solely used for the intercommunication of the
daemons.
In the following example the ospfd daemon will be connected to the
snmpd daemon using the password "frr_ospfd". For testing it is
recommending to take exactly the below snmpd.conf as wrong access
restrictions can be hard to debug.
In the following example the ospfd daemon will be connected to the snmpd daemon
using the password "frr_ospfd". For testing it is recommending to take exactly
the below snmpd.conf as wrong access restrictions can be hard to debug.
::
@ -136,8 +134,8 @@ restrictions can be hard to debug.
!
After restarting snmpd and frr, a successful connection can be verified in
the syslog and by querying the SNMP daemon:
After restarting snmpd and frr, a successful connection can be verified in the
syslog and by querying the SNMP daemon:
::
@ -152,17 +150,16 @@ the syslog and by querying the SNMP daemon:
Be warned that the current version (5.1.1) of the Net-SNMP daemon writes a line
for every SNMP connect to the syslog which can lead to enormous log file sizes.
If that is a problem you should consider to patch snmpd and comment out the
troublesome `snmp_log()` line in the function
`netsnmp_agent_check_packet()` in `agent/snmp_agent.c`.
troublesome `snmp_log()` line in the function `netsnmp_agent_check_packet()` in
`agent/snmp_agent.c`.
MIB and command reference
=========================
The following OID numbers are used for the interprocess communication of snmpd and
the FRR daemons with SMUX only.
::
the FRR daemons with SMUX only.::
(OIDs below .iso.org.dod.internet.private.enterprises)
. (OIDs below .iso.org.dod.internet.private.enterprises)
zebra .1.3.6.1.4.1.3317.1.2.1 .gnome.gnomeProducts.zebra.zserv
bgpd .1.3.6.1.4.1.3317.1.2.2 .gnome.gnomeProducts.zebra.bgpd
ripd .1.3.6.1.4.1.3317.1.2.3 .gnome.gnomeProducts.zebra.ripd
@ -171,8 +168,7 @@ the FRR daemons with SMUX only.
Sadly, SNMP has not been implemented in all daemons yet. The following
OID numbers are used for querying the SNMP daemon by a client:
::
OID numbers are used for querying the SNMP daemon by a client:::
zebra .1.3.6.1.2.1.4.24 .iso.org.dot.internet.mgmt.mib-2.ip.ipForward
ospfd .1.3.6.1.2.1.14 .iso.org.dot.internet.mgmt.mib-2.ospf
@ -181,26 +177,24 @@ OID numbers are used for querying the SNMP daemon by a client:
ospf6d .1.3.6.1.3.102 .iso.org.dod.internet.experimental.ospfv3
The following syntax is understood by the FRR daemons for configuring SNMP using SMUX:
.. index:: {Command} {smux peer `oid`} {}
The following syntax is understood by the FRR daemons for configuring SNMP
using SMUX:
{Command} {smux peer `oid`} {}
.. index:: {Command} {no smux peer `oid`} {}
.. index:: smux peer OID
.. clicmd:: smux peer OID
.. index:: no smux peer OID
.. clicmd:: no smux peer OID
.. index:: smux peer OID PASSWORD
.. clicmd:: smux peer OID PASSWORD
.. index:: no smux peer OID PASSWORD
.. clicmd:: no smux peer OID PASSWORD
{Command} {no smux peer `oid`} {}
.. index:: {Command} {smux peer `oid` `password`} {}
{Command} {smux peer `oid` `password`} {}
.. index:: {Command} {no smux peer `oid` `password`} {}
{Command} {no smux peer `oid` `password`} {}
Here is the syntax for using AgentX:
.. index:: {Command} {agentx} {}
{Command} {agentx} {}
.. index:: {Command} {no agentx} {}
.. index:: agentx
.. clicmd:: agentx
.. index:: no agentx
.. clicmd:: no agentx
{Command} {no agentx} {}
.. include:: snmptrap.rst

30
doc/user/snmptrap.rst
View File

@ -1,18 +1,18 @@
Handling SNMP Traps
===================
To handle snmp traps make sure your snmp setup of frr works
correctly as described in the frr documentation in :ref:`SNMP_Support`.
To handle snmp traps make sure your snmp setup of frr works correctly as
described in the frr documentation in :ref:`SNMP_Support`.
The BGP4 mib will send traps on peer up/down events. These should be
visible in your snmp logs with a message similar to:
The BGP4 mib will send traps on peer up/down events. These should be visible in
your snmp logs with a message similar to:
::
snmpd[13733]: Got trap from peer on fd 14
To react on these traps they should be handled by a trapsink. Configure
your trapsink by adding the following lines to :file:`/etc/snmpd/snmpd.conf`:
To react on these traps they should be handled by a trapsink. Configure your
trapsink by adding the following lines to :file:`/etc/snmpd/snmpd.conf`:
::
@ -20,9 +20,9 @@ your trapsink by adding the following lines to :file:`/etc/snmpd/snmpd.conf`:
trapsink localhost
This will send all traps to an snmptrapd running on localhost. You can
of course also use a dedicated management station to catch traps.
Configure the snmptrapd daemon by adding the following line to
This will send all traps to an snmptrapd running on localhost. You can of
course also use a dedicated management station to catch traps. Configure the
snmptrapd daemon by adding the following line to
:file:`/etc/snmpd/snmptrapd.conf`:
::
@ -32,15 +32,15 @@ Configure the snmptrapd daemon by adding the following line to
This will use the bash script :file:`/etc/snmp/snmptrap_handle.sh` to handle
the BGP4 traps. To add traps for other protocol daemons, lookup their
appropriate OID from their mib. (For additional information about which
traps are supported by your mib, lookup the mib on
appropriate OID from their mib. (For additional information about which traps
are supported by your mib, lookup the mib on
`http://www.oidview.com/mibs/detail.html <http://www.oidview.com/mibs/detail.html>`_).
Make sure snmptrapd is started.
Make sure *snmptrapd* is started.
The snmptrap_handle.sh script I personally use for handling BGP4 traps
is below. You can of course do all sorts of things when handling traps,
like sound a siren, have your display flash, etc., be creative ;).
The snmptrap_handle.sh script I personally use for handling BGP4 traps is
below. You can of course do all sorts of things when handling traps, like sound
a siren, have your display flash, etc., be creative ;).
::

1117
doc/user/vnc.rst
View File

File diff suppressed because it is too large Load Diff

170
doc/user/vtysh.rst
View File

@ -4,54 +4,56 @@
VTY shell
*********
*vtysh* provides a combined frontend to all FRR daemons in a
single combined session. It is enabled by default at build time, but can
be disabled through the *--disable-vtysh* option to
*./configure*.
.. program:: configure
*vtysh* has a configuration file, :file:`vtysh.conf`. The location
of that file cannot be changed from :file:`|INSTALL_PREFIX_ETC|` since
it contains options controlling authentication behavior. This file will
also not be written by configuration-save commands, it is intended to be
updated manually by an administrator with an external editor.
*vtysh* provides a combined frontend to all FRR daemons in a single combined
session. It is enabled by default at build time, but can be disabled through
the :option:`--disable-vtysh` option to the configure script.
*vtysh* has a configuration file, :file:`vtysh.conf`. The location of that
file cannot be changed from |INSTALL_PREFIX_ETC| since it contains options
controlling authentication behavior. This file will also not be written by
configuration-save commands, it is intended to be updated manually by an
administrator with an external editor.
.. warning::
This also means the ``hostname`` and ``banner motd`` commands (which both do
have effect for vtysh) need to be manually updated in :file:`vtysh.conf`.
@quotation Warning
This also means the *hostname* and *banner motd* commands
(which both do have effect for vtysh) need to be manually updated in
:file:`vtysh.conf`.
@end quotation
Permissions and setup requirements
==================================
*vtysh* connects to running daemons through Unix sockets located in
:file:`|INSTALL_PREFIX_STATE|`. Running vtysh thus requires access to
that directory, plus membership in the *|INSTALL_VTY_GROUP|*
group (which is the group that the daemons will change ownership of their
sockets to).
|INSTALL_PREFIX_STATE|. Running vtysh thus requires access to that directory,
plus membership in the |INSTALL_VTY_GROUP| group (which is the group that the
daemons will change ownership of their sockets to).
To restrict access to FRR configuration, make sure no unauthorized users
are members of the *|INSTALL_VTY_GROUP|* group.
To restrict access to FRR configuration, make sure no unauthorized users are
members of the |INSTALL_VTY_GROUP| group.
PAM support (experimental)
--------------------------
vtysh has working (but rather useless) PAM support. It will perform
an "authenticate" PAM call using *|PACKAGE_NAME|* as service
name. No other (accounting, session, password change) calls will be
performed by vtysh.
vtysh has working (but rather useless) PAM support. It will perform an
"authenticate" PAM call using |PACKAGE_NAME| as service name. No other
(accounting, session, password change) calls will be performed by vtysh.
Users using vtysh still need to have appropriate access to the daemons'
VTY sockets, usually by being member of the *|INSTALL_VTY_GROUP|*
group. If they have this membership, PAM support is useless since they can
connect to daemons and issue commands using some other tool. Alternatively,
the *vtysh* binary could be made SGID (set group ID) to the
*|INSTALL_VTY_GROUP|* group. @strong{No security guarantees are
made for this configuration}.
Users using vtysh still need to have appropriate access to the daemons' VTY
sockets, usually by being member of the |INSTALL_VTY_GROUP| group. If they
have this membership, PAM support is useless since they can connect to daemons
and issue commands using some other tool. Alternatively, the *vtysh* binary
could be made SGID (set group ID) to the |INSTALL_VTY_GROUP| group.
.. index:: {Command} {username `username` nopassword} {}
.. warning::
No security guarantees are made for this configuration.
.. index:: username USERNAME nopassword
.. clicmd:: username USERNAME nopassword
{Command} {username `username` nopassword} {}
If PAM support is enabled at build-time, this command allows disabling the
use of PAM on a per-user basis. If vtysh finds that an user is trying to
use vtysh and a "nopassword" entry is found, no calls to PAM will be made
@ -67,56 +69,56 @@ Integrated configuration mode uses a single configuration file,
:file:`frr.conf`, for all daemons. This replaces the individual files like
:file:`zebra.conf` or :file:`bgpd.conf`.
:file:`frr.conf` is located in :file:`|INSTALL_PREFIX_ETC|`. All
daemons check for the existence of this file at startup, and if it exists
will not load their individual configuration files. Instead,
*vtysh -b* must be invoked to process :file:`frr.conf` and apply
its settings to the individual daemons.
:file:`frr.conf` is located in |INSTALL_PREFIX_ETC|. All daemons check for the
existence of this file at startup, and if it exists will not load their
individual configuration files. Instead, ``vtysh -b`` must be invoked to
process :file:`frr.conf` and apply its settings to the individual daemons.
.. warning::
@quotation Warning
*vtysh -b* must also be executed after restarting any daemon.
@end quotation
Configuration saving, file ownership and permissions
----------------------------------------------------
The :file:`frr.conf` file is not written by any of the daemons; instead
*vtysh* contains the neccessary logic to collect configuration from
all of the daemons, combine it and write it out.
The :file:`frr.conf` file is not written by any of the daemons; instead *vtysh*
contains the neccessary logic to collect configuration from all of the daemons,
combine it and write it out.
.. warning::
@quotation Warning
Daemons must be running for *vtysh* to be able to collect their
configuration. Any configuration from non-running daemons is permanently
lost after doing a configuration save.
@end quotation
Since the *vtysh* command may be running as ordinary user on the
system, configuration writes will be tried through *watchfrr*,
using the *write integrated* command internally. Since
*watchfrr* is running as superuser, *vtysh* is able to
ensure correct ownership and permissions on :file:`frr.conf`.
Since the *vtysh* command may be running as ordinary user on the system,
configuration writes will be tried through *watchfrr*, using the ``write
integrated`` command internally. Since *watchfrr* is running as superuser,
*vtysh* is able to ensure correct ownership and permissions on
:file:`frr.conf`.
If *watchfrr* is not running or the configuration write fails,
*vtysh* will attempt to directly write to the file. This is likely
to fail if running as unprivileged user; alternatively it may leave the
file with incorrect owner or permissions.
If *watchfrr* is not running or the configuration write fails, *vtysh* will
attempt to directly write to the file. This is likely to fail if running as
unprivileged user; alternatively it may leave the file with incorrect owner or
permissions.
Writing the configuration can be triggered directly by invoking
*vtysh -w*. This may be useful for scripting. Note this command
should be run as either the superuser or the FRR user.
Writing the configuration can be triggered directly by invoking *vtysh -w*.
This may be useful for scripting. Note this command should be run as either the
superuser or the FRR user.
We recommend you do not mix the use of the two types of files. Further, it
is better not to use the integrated frr.conf file, as any syntax error in
it can lead to /all/ of your daemons being unable to start up. Per daemon
files are more robust as impact of errors in configuration are limited to
the daemon in whose file the error is made.
We recommend you do not mix the use of the two types of files. Further, it is
better not to use the integrated :file:`frr.conf` file, as any syntax error in
it can lead to /all/ of your daemons being unable to start up. Per daemon files
are more robust as impact of errors in configuration are limited to the daemon
in whose file the error is made.
.. index:: {Command} {service integrated-vtysh-config} {}
.. index:: service integrated-vtysh-config
.. clicmd:: service integrated-vtysh-config
{Command} {service integrated-vtysh-config} {}
.. index:: {Command} {no service integrated-vtysh-config} {}
.. index:: no service integrated-vtysh-config
.. clicmd:: no service integrated-vtysh-config
{Command} {no service integrated-vtysh-config} {}
Control whether integrated :file:`frr.conf` file is written when
'write file' is issued.
@ -127,22 +129,15 @@ the daemon in whose file the error is made.
This command has 3 states:
``
*service integrated-vtysh-config*
service integrated-vtysh-config
*vtysh* will always write :file:`frr.conf`.
``
*no service integrated-vtysh-config*
no service integrated-vtysh-config
*vtysh* will never write :file:`frr.conf`; instead it will ask
daemons to write their individual configuration files.
``
Neither option present (default)
*vtysh* will check whether :file:`frr.conf` exists. If it does,
configuration writes will update that file. Otherwise, writes are performed
through the individual daemons.
@ -151,21 +146,18 @@ the daemon in whose file the error is made.
preset one of the two operating modes and ensure consistent operation across
installations.
.. index:: {Command} {write integrated} {}
.. index:: write integrated
.. clicmd:: write integrated
{Command} {write integrated} {}
Unconditionally (regardless of *service integrated-vtysh-config*
setting) write out integrated :file:`frr.conf` file through
*watchfrr*. If *watchfrr* is not running, this command
is unavailable.
Unconditionally (regardless of ``service integrated-vtysh-config`` setting)
write out integrated :file:`frr.conf` file through *watchfrr*. If *watchfrr*
is not running, this command is unavailable.
.. warning::
Caveats
=======
Configuration changes made while some daemon is not running will be invisible
to that daemon. The daemon will start up with its saved configuration
(either in its individual configuration file, or in :file:`frr.conf`).
This is particularly troublesome for route-maps and prefix lists, which would
otherwise be synchronized between daemons.
Configuration changes made while some daemon is not running will be
invisible to that daemon. The daemon will start up with its saved
configuration (either in its individual configuration file, or in
:file:`frr.conf`). This is particularly troublesome for route-maps and
prefix lists, which would otherwise be synchronized between daemons.