diff options
Diffstat (limited to 'net/openbgpd/files/patch-bgpd_bgpd.conf.5')
| -rw-r--r-- | net/openbgpd/files/patch-bgpd_bgpd.conf.5 | 746 |
1 files changed, 0 insertions, 746 deletions
diff --git a/net/openbgpd/files/patch-bgpd_bgpd.conf.5 b/net/openbgpd/files/patch-bgpd_bgpd.conf.5 deleted file mode 100644 index 32f4439fc0ab..000000000000 --- a/net/openbgpd/files/patch-bgpd_bgpd.conf.5 +++ /dev/null @@ -1,746 +0,0 @@ -Index: bgpd/bgpd.conf.5 -=================================================================== -RCS file: /home/cvs/private/hrs/openbgpd/bgpd/bgpd.conf.5,v -retrieving revision 1.1.1.7 -retrieving revision 1.10 -diff -u -p -r1.1.1.7 -r1.10 ---- bgpd/bgpd.conf.5 14 Feb 2010 20:19:57 -0000 1.1.1.7 -+++ bgpd/bgpd.conf.5 8 Dec 2012 20:17:59 -0000 1.10 -@@ -1,4 +1,4 @@ --.\" $OpenBSD: bgpd.conf.5,v 1.94 2009/06/07 00:31:22 claudio Exp $ -+.\" $OpenBSD: bgpd.conf.5,v 1.122 2012/11/13 09:47:20 claudio Exp $ - .\" - .\" Copyright (c) 2004 Claudio Jeker <claudio@openbsd.org> - .\" Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> -@@ -16,7 +16,7 @@ - .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - .\" --.Dd $Mdocdate: June 7 2009 $ -+.Dd $Mdocdate: November 13 2012 $ - .Dt BGPD.CONF 5 - .Os - .Sh NAME -@@ -26,11 +26,11 @@ - The - .Xr bgpd 8 - daemon implements the Border Gateway Protocol version 4 as described --in RFC 1771. -+in RFC 4271. - .Sh SECTIONS - The - .Nm --config file is divided into four main sections. -+config file is divided into five main sections. - .Bl -tag -width xxxx - .It Sy Macros - User-defined variables may be defined and used later, simplifying the -@@ -38,6 +38,8 @@ configuration file. - .It Sy Global Configuration - Global settings for - .Xr bgpd 8 . -+.It Sy Routing Domain Configuration -+The definition and properties for BGP MPLS VPNs are set in this section. - .It Sy Neighbors and Groups - .Xr bgpd 8 - establishes sessions with -@@ -54,9 +56,16 @@ the sections should be grouped and appea - .Nm - in the order shown above. - .Pp -+The current line can be extended over multiple lines using a backslash -+.Pq Sq \e . - Comments can be put anywhere in the file using a hash mark - .Pq Sq # , - and extend to the end of the current line. -+Care should be taken when commenting out multi-line text: -+the comment is effective until the end of the entire block. -+.Pp -+Argument names not beginning with a letter, digit, or underscore -+must be quoted. - .Pp - Additional configuration files can be included with the - .Ic include -@@ -66,8 +75,8 @@ include "/etc/bgpd/bgpd-10.0.0.1.filter" - .Ed - .Sh MACROS - Macros can be defined that will later be expanded in context. --Macro names must start with a letter, and may contain letters, digits --and underscores. -+Macro names must start with a letter, digit, or underscore, -+and may contain any of those characters. - Macro names may not be reserved words (for example, - .Ic AS , - .Ic neighbor , -@@ -93,7 +102,7 @@ Set the local - .Em autonomous system - number to - .Ar as-number . --If the first AS number is a 4-byte AS it is possible to specifiy a secondary -+If the first AS number is a 4-byte AS it is possible to specify a secondary - 2-byte AS number which is used for neighbors which do not support 4-byte AS - numbers. - The default for the secondary AS is 23456. -@@ -143,29 +152,33 @@ The default is 120 seconds. - .It Xo - .Ic dump - .Op Ic rib Ar name --.Pq Ic table Ns \&| Ns Ic table-mp -+.Pq Ic table Ns | Ns Ic table-mp Ns | Ns Ic table-v2 - .Ar file Op Ar timeout - .Xc - .It Xo - .Ic dump --.Pq Ic all Ns \&| Ns Ic updates --.Pq Ic in Ns \&| Ns Ic out -+.Pq Ic all Ns | Ns Ic updates -+.Pq Ic in Ns | Ns Ic out - .Ar file Op Ar timeout - .Xc - Dump the RIB, a.k.a. the - .Em routing information base , - and all BGP messages in Multi-threaded Routing Toolkit (MRT) format. --Dumping the RIB is normally an expensive operation, --but it should not influence the session handling. - It is possible to dump alternate RIB with the use of - .Ar name . - .Pp - For example, the following will dump the entire table to the - .Xr strftime 3 Ns -expanded - filename. --The -+Only the -+.Ic table-v2 -+format is able to dump a multi-protocol RIB correctly. -+Both -+.Ic table -+and - .Ic table-mp --format is multi-protocol capable but often not supported by 3rd-party tools. -+formats are more or less limited when handling multi-protocol entries and -+are only left around to support 3rd party tools not handling the new format. - The timeout is optional: - .Bd -literal -offset indent - dump table "/tmp/rib-dump-%H%M" 300 -@@ -195,7 +208,7 @@ dump updates out "/tmp/updates-out-%H%M" - .Pp - .It Xo - .Ic fib-update --.Pq Ic yes Ns \&| Ns Ic no -+.Pq Ic yes Ns | Ns Ic no - .Xc - If set to - .Ic no , -@@ -242,12 +255,12 @@ Log received and sent updates. - .Xc - .It Xo - .Ic network --.Pq Ic inet Ns \&| Ns Ic inet6 -+.Pq Ic inet Ns | Ns Ic inet6 - .Ic static Op Ic set ...\& - .Xc - .It Xo - .Ic network --.Pq Ic inet Ns \&| Ns Ic inet6 -+.Pq Ic inet Ns | Ns Ic inet6 - .Ic connected Op Ic set ...\& - .Xc - Announce the specified network as belonging to our AS. -@@ -278,7 +291,7 @@ section. - .Ic nexthop - .Ic qualify - .Ic via --.Pq Ic bgp Ns \&| Ns Ic default -+.Pq Ic bgp Ns | Ns Ic default - .Xc - If set to - .Ic bgp , -@@ -295,38 +308,47 @@ daemons like - .Ic rde - .Ic med - .Ic compare --.Pq Ic always Ns \&| Ns Ic strict -+.Pq Ic always Ns | Ns Ic strict - .Xc - If set to - .Ic always , - the --.Em MED -+.Em MULTI_EXIT_DISC - attributes will always be compared. - The default is - .Ic strict , --where the --.Em MED --is only compared between peers belonging to the same AS. -+where the metric is only compared between peers belonging to the same AS. - .Pp - .It Xo - .Ic rde - .Ic rib Ar name - .Op Ic no Ic evaluate - .Xc --Creat an additional RIB named -+.It Xo -+.Ic rde -+.Ic rib Ar name -+.Op Ic rtable Ar number -+.Xc -+Create an additional RIB named - .Ar name . - It is possible to disable the decision process per RIB with the - .Ic no Ic evaluate - flag. -+If a -+.Ic rtable -+is specified, routes will be exported to the given kernel routing table. -+Currently the routing table must belong to the default routing domain and -+nexthop verification happens on table 0. -+Routes in the specified table will not be considered for nexthop verification. - .Ic Adj-RIB-In - and - .Ic Loc-RIB --are created automaticaly and used as default. -+are created automatically and used as default. - .Pp - .It Xo - .Ic rde - .Ic route-age --.Pq Ic ignore Ns \&| Ns Ic evaluate -+.Pq Ic ignore Ns | Ns Ic evaluate - .Xc - If set to - .Ic evaluate , -@@ -339,7 +361,7 @@ The default is - .Pp - .It Xo - .Ic route-collector --.Pq Ic yes Ns \&| Ns Ic no -+.Pq Ic yes Ns | Ns Ic no - .Xc - If set to - .Ic yes , -@@ -361,13 +383,24 @@ to the local machine. - Work with the given kernel routing table - instead of the default table, - .Ar 0 . --Note that this table is used for nexthop verification as well. --Directly connected networks are always taken into account, even though --their routes live in table 0. -+Note that table 0 is used for nexthop verification. -+Routes in the specified table will not be considered for nexthop verification. -+This is the same as using the following syntax: -+.Bd -literal -offset indent -+rde rib Loc-RIB rtable number -+.Ed -+.Pp -+.It Ic socket Qo Ar path Qc Op Ic restricted -+Set the control socket location to -+.Ar path . -+If -+.Ic restricted -+is specified a restricted control socket will be created. -+By default /var/run/bgpd.sock is used and no restricted socket is created. - .Pp - .It Xo - .Ic transparent-as --.Pq Ic yes Ns \&| Ns Ic no -+.Pq Ic yes Ns | Ns Ic no - .Xc - If set to - .Ic yes , -@@ -376,6 +409,110 @@ to EBGP neighbors are not prepended with - The default is - .Ic no . - .El -+.Sh ROUTING DOMAIN CONFIGURATION -+.Xr bgpd 8 -+supports the setup and distribution of Virtual Private Networks. -+It is possible to import and export prefixes between routing domains. -+Each routing domain is specified by an -+.Ic rdomain -+section, which allows properties to be set specifically for that rdomain: -+.Bd -literal -offset indent -+rdomain 1 { -+ descr "a rdomain" -+ rd 65002:1 -+ import-target rt 65002:42 -+ export-target rt 65002:42 -+ network 192.168.1/24 -+ depend on mpe0 -+} -+.Ed -+.Pp -+There are several routing domain properties: -+.Pp -+.Bl -tag -width Ds -compact -+.It Ic depend on Ar interface -+Routes added to the rdomain will use this interface as the outgoing interface. -+Normally this will be an MPLS Provider Edge, -+.Xr mpe 4 , -+interface that is part of the rdomain. -+Local networks will be announced with the MPLS label specified on the interface. -+.Pp -+.It Ic descr Ar description -+Add a description. -+The description is used when logging but has no further meaning to -+.Xr bgpd 8 . -+.Pp -+.It Ic export-target Ar subtype Ar as-number Ns Li : Ns Ar local -+.It Ic export-target Ar subtype Ar IP Ns Li : Ns Ar local -+Specify an extended community which will be attached to announced networks. -+More than one -+.Ic export-target -+can be specified. -+See also the -+.Sx ATTRIBUTE SET -+section for further information about the encoding. -+The -+.Ar subtype -+should be set to -+.Ar rt -+for best compatibility with other implementations. -+.Pp -+.It Xo -+.Ic fib-update -+.Pq Ic yes Ns | Ns Ic no -+.Xc -+If set to -+.Ic no , -+do not update the Forwarding Information Base, a.k.a. the kernel -+routing table. -+The default is -+.Ic yes . -+.Pp -+.It Ic import-target Ar subtype Ar as-number Ns Li : Ns Ar local -+.It Ic import-target Ar subtype Ar IP Ns Li : Ns Ar local -+Only prefixes matching one of the specified -+.Ic import-targets -+will be imported into the rdomain. -+More than one -+.Ic import-target -+can be specified. -+See also the -+.Sx ATTRIBUTE SET -+section for further information about the encoding of extended communities. -+The -+.Ar subtype -+should be set to -+.Ar rt -+for best compatibility with other implementations. -+.Pp -+.It Ic network Ar arguments ... -+Define which networks should be exported into this VPN. -+See also the -+.Ic nexthop -+section in -+.Sx GLOBAL CONFIGURATION -+for further information about the arguments. -+.Pp -+.It Ic rd Ar as-number Ns Li : Ns Ar local -+.It Ic rd Ar IP Ns Li : Ns Ar local -+The sole purpose of the Route Distinguisher -+.Ic rd -+is to ensure that possible common prefixes are destinct between VPNs. -+The -+.Ic rd -+is neither used to identify the origin of the prefix nor to control into -+which VPNs the prefix is distributed to. -+The -+.Ar as-number -+or -+.Ar IP -+of a -+.Ic rd -+should be set to a number or IP that was assigned by an appropriate authority. -+Whereas -+.Ar local -+can be chosen by the local operator. -+.El - .Sh NEIGHBORS AND GROUPS - .Xr bgpd 8 - establishes TCP connections to other BGP speakers called -@@ -470,21 +607,35 @@ The default for IBGP peers is - .Pp - .It Xo - .Ic announce --.Pq Ic IPv4 Ns \&| Ns Ic IPv6 --.Pq Ic none Ns \&| Ns Ic unicast -+.Pq Ic IPv4 Ns | Ns Ic IPv6 -+.Pq Ic none Ns | Ns Ic unicast Ns | Ns Ic vpn - .Xc - For the given address family, control which subsequent address families - (at the moment, only - .Em none , --which disables the announcement of that address family, and --.Em unicast --are supported) are announced during the capabilities negotiation. -+which disables the announcement of that address family, -+.Em unicast , -+and -+.Em vpn , -+which allows the distribution of BGP MPLS VPNs, are supported) are announced -+during the capabilities negotiation. - Only routes for that address family and subsequent address family will be - announced and processed. - .Pp - .It Xo -+.Ic announce as-4byte -+.Pq Ic yes Ns | Ns Ic no -+.Xc -+If set to -+.Ic no , -+the 4-byte AS capability is not announced and so native 4-byte AS support is -+disabled. -+The default is -+.Ic yes . -+.Pp -+.It Xo - .Ic announce capabilities --.Pq Ic yes Ns \&| Ns Ic no -+.Pq Ic yes Ns | Ns Ic no - .Xc - If set to - .Ic no , -@@ -493,6 +644,29 @@ This can be helpful to connect to old or - The default is - .Ic yes . - .Pp -+.It Xo -+.Ic announce refresh -+.Pq Ic yes Ns | Ns Ic no -+.Xc -+If set to -+.Ic no , -+the route refresh capability is not announced. -+The default is -+.Ic yes . -+.Pp -+.It Xo -+.Ic announce restart -+.Pq Ic yes Ns | Ns Ic no -+.Xc -+If set to -+.Ic yes , -+the graceful restart capability is announced. -+Currently only the End-of-RIB marker is supported and announced by the -+.Ic restart -+capability. -+The default is -+.Ic no . -+.Pp - .It Ic demote Ar group - Increase the - .Xr carp 4 -@@ -504,7 +678,7 @@ The demotion counter will be increased a - .Xr bgpd 8 - starts and decreased - 60 seconds after the session went to state --.Em ESTABLISHED. -+.Em ESTABLISHED . - For neighbors added at runtime, the demotion counter is only increased after - the session has been - .Em ESTABLISHED -@@ -548,8 +722,8 @@ Do not start the session when bgpd comes - .Pp - .It Xo - .Ic dump --.Pq Ic all Ns \&| Ns Ic updates --.Pq Ic in Ns \&| Ns Ic out -+.Pq Ic all Ns | Ns Ic updates -+.Pq Ic in Ns | Ns Ic out - .Ar file Op Ar timeout - .Xc - Do a peer specific MRT dump. -@@ -564,7 +738,7 @@ section in - .Pp - .It Xo - .Ic enforce neighbor-as --.Pq Ic yes Ns \&| Ns Ic no -+.Pq Ic yes Ns | Ns Ic no - .Xc - If set to - .Ic yes , -@@ -589,10 +763,16 @@ Inherited from the global configuration - Set the minimal acceptable holdtime. - Inherited from the global configuration if not given. - .Pp -+.It Ic interface Ar interface -+Set an interface used for a nexthop with a link-local IPv6 address. -+Note that if this is not specified and a link-local IPv6 address is -+received as nexthop of the peer, it will be marked as invalid and -+ignored. -+.Pp - .It Xo - .Ic ipsec --.Pq Ic ah Ns \&| Ns Ic esp --.Pq Ic in Ns \&| Ns Ic out -+.Pq Ic ah Ns | Ns Ic esp -+.Pq Ic in Ns | Ns Ic out - .Ic spi Ar spi-number authspec Op Ar encspec - .Xc - Enable IPsec with static keying. -@@ -627,7 +807,7 @@ Keys must be given in hexadecimal format - .Pp - .It Xo - .Ic ipsec --.Pq Ic ah Ns \&| Ns Ic esp -+.Pq Ic ah Ns | Ns Ic esp - .Ic ike - .Xc - Enable IPsec with dynamic keying. -@@ -639,11 +819,11 @@ is responsible for managing the session - With - .Xr isakmpd 8 , - it is sufficient to copy the peer's public key, found in --.Pa /etc/isakmpd/local.pub , -+.Pa %%PREFIX%%/etc/isakmpd/private/local.pub , - to the local machine. - It must be stored in a file - named after the peer's IP address and must be stored in --.Pa /etc/isakmpd/pubkeys/ipv4/ . -+.Pa %%PREFIX%%/etc/isakmpd/pubkeys/ipv4/ . - The local public key must be copied to the peer in the same way. - As - .Xr bgpd 8 -@@ -698,11 +878,11 @@ Do not attempt to actively open a TCP co - .It Ic remote-as Ar as-number - Set the AS number of the remote system. - .Pp --.It rib .Ar name -+.It Ic rib Ar name - Bind the neighbor to the specified RIB. - .Pp - .It Ic route-reflector Op Ar address --Act as an RFC 2796 -+Act as an RFC 4456 - .Em route-reflector - for this neighbor. - An optional cluster ID can be specified; otherwise the BGP ID will be used. -@@ -732,8 +912,8 @@ These sets are rewritten into filter rul - .Pp - .It Xo - .Ic softreconfig --.Pq Ic in Ns \&| Ns Ic out --.Pq Ic yes Ns \&| Ns Ic no -+.Pq Ic in Ns | Ns Ic out -+.Pq Ic yes Ns | Ns Ic no - .Xc - Turn soft reconfiguration on or off for the specified direction. - If soft reconfiguration is turned on, filter changes will be applied on -@@ -760,7 +940,7 @@ tcp md5sig key deadbeef - .Pp - .It Xo - .Ic transparent-as --.Pq Ic yes Ns \&| Ns Ic no -+.Pq Ic yes Ns | Ns Ic no - .Xc - If set to - .Ic yes , -@@ -772,7 +952,7 @@ setting. - .Pp - .It Xo - .Ic ttl-security --.Pq Ic yes Ns \&| Ns Ic no -+.Pq Ic yes Ns | Ns Ic no - .Xc - Enable or disable ttl-security. - When enabled, -@@ -849,6 +1029,10 @@ is matched against a part of the - .Em AS path - specified by the - .Ar as-type . -+.Ar as-number -+may be set to -+.Ic neighbor-as , -+which is expanded to the current neighbor remote AS number. - .Ar as-type - is one of the following operators: - .Pp -@@ -917,7 +1101,32 @@ may be set to - which is expanded to the current neighbor remote AS number. - .Pp - .It Xo --.Pq Ic from Ns \&| Ns Ic to -+.Ic ext-community -+.Ar subtype Ar as-number Ns Li : Ns Ar local -+.Xc -+.It Xo -+.Ic ext-community -+.Ar subtype Ar IP Ns Li : Ns Ar local -+.Xc -+.It Xo -+.Ic ext-community -+.Ar subtype Ar numvalue -+.Xc -+This rule applies only to -+.Em UPDATES -+where the -+.Em extended community -+path attribute is present and matches. -+Extended Communities are specified by a -+.Ar subtype -+and normally two values, a globally unique part (e.g. the AS number) and a -+local part. -+See also the -+.Sx ATTRIBUTE SET -+section for further information about the encoding. -+.Pp -+.It Xo -+.Pq Ic from Ns | Ns Ic to - .Ar peer - .Xc - This rule applies only to -@@ -945,7 +1154,7 @@ if enclosed in curly brackets: - deny from { 128.251.16.1, 251.128.16.2, group hojo } - .Ed - .Pp --.It Pq Ic inet Ns \&| Ns Ic inet6 -+.It Pq Ic inet Ns | Ns Ic inet6 - This rule applies only to routes matching the stated address family. - The address family needs to be set only in rules that use - .Ic prefixlen -@@ -953,6 +1162,37 @@ without specifying a - .Ic prefix - beforehand. - .Pp -+.It Ic max-as-len Ar len -+This rule applies only to -+.Em UPDATES -+where the -+.Em AS path -+has more than -+.Ar len -+elements. -+.Pp -+.It Ic max-as-seq Ar len -+This rule applies only to -+.Em UPDATES -+where a single -+.Em AS number -+is repeated more than -+.Ar len -+times. -+.Pp -+.It Ic nexthop Ar address -+This rule applies only to -+.Em UPDATES -+where the nexthop is equal to -+.Ar address . -+The -+.Ar address -+can be set to -+.Em neighbor -+in which case the nexthop is compared against the address of the neighbor. -+Nexthop filtering is not supported on locally announced networks and one must -+take into consideration previous rules overwriting nexthops. -+.Pp - .It Xo - .Ic prefix - .Ar address Ns Li / Ns Ar len -@@ -1028,6 +1268,12 @@ matches a rule which has the - option set, this rule is considered the last matching rule, and evaluation - of subsequent rules is skipped. - .Pp -+.It Ic rib Ar name -+Apply rule only to the specified RIB. -+This only applies for received updates, so not for rules using the -+.Ar to peer -+parameter. -+.Pp - .It Ic set Ar attribute ... - All matching rules can set the - .Em AS path attributes -@@ -1079,6 +1325,48 @@ Alternately, well-known communities may - or - .Ic NO_PEER . - .Pp -+.It Xo -+.Ic ext-community Op Ar delete -+.Ar subtype Ar as-number Ns Li : Ns Ar local -+.Xc -+.It Xo -+.Ic ext-community Op Ar delete -+.Ar subtype Ar IP Ns Li : Ns Ar local -+.Xc -+.It Xo -+.Ic ext-community Op Ar delete -+.Ar subtype Ar numvalue -+.Xc -+Set or delete the -+.Em Extended Community -+AS path attribute. -+Extended Communities are specified by a -+.Ar subtype -+and normally two values, a globally unique part (e.g. the AS number) and a -+local part. -+The type is selected depending on the encoding of the global part. -+Two-octet AS Specific Extended Communities and Four-octet AS Specific Extended -+Communities are encoded as -+.Ar as-number Ns Li : Ns Ar local . -+Four-octet encoding is used if the -+.Ar as-number -+is bigger then 65535 or if the AS_DOT encoding is used. -+IPv4 Address Specific Extended Communities are encoded as -+.Ar IP Ns Li : Ns Ar local . -+Opaque Extended Communities are encoded with a single numeric value. -+Currently the following subtypes are supported: -+.Bd -literal -offset indent -+rt Route Target -+soo Source of Origin -+odi OSPF Domain Identifier -+ort OSPF Route Type -+ori OSPF Router ID -+bdc BGP Data Collection -+.Ed -+.Pp -+Not all type and subtype value pairs are allowed by IANA and the parser -+will ensure that no invalid combination is created. -+.Pp - .It Ic localpref Ar number - Set the - .Em LOCAL_PREF -@@ -1108,6 +1396,20 @@ otherwise it will be set to - .Ar number . - .Pp - .It Xo -+.Ic origin -+.Sm off -+.Po Ic igp \*(Ba -+.Ic egp \*(Ba -+.Ic incomplete Pc -+.Sm on -+.Xc -+Set the -+.Em ORIGIN -+AS path attribute to mark the source of this -+route as being injected from an igp protocol, an egp protocol -+or being an aggregated route. -+.Pp -+.It Xo - .Ic nexthop - .Sm off - .Po Ar address \*(Ba -@@ -1157,9 +1459,8 @@ times to the - .Em AS path . - .Pp - .It Ic rtlabel Ar label --Add the prefix with the specified --.Ar label --to the kernel routing table. -+Add the prefix to the kernel routing table with the specified -+.Ar label . - .Pp - .It Ic weight Ar number - The -@@ -1181,8 +1482,8 @@ For prefixes with equally long paths, th - is selected. - .El - .Sh FILES --.Bl -tag -width "/etc/bgpd.conf" -compact --.It Pa /etc/bgpd.conf -+.Bl -tag -width "%%PREFIX%%/etc/bgpd.conf" -compact -+.It Pa %%PREFIX%%/etc/bgpd.conf - .Xr bgpd 8 - configuration file - .El |