Loading NEWS +23 −0 Original line number Diff line number Diff line Version 2.0.0-pre0 (2016-12-07) o Integrated IPv4 + IPv6 design o Major BGP protocol redesign o BGP multicast support (SAFI 2) o BGP flowspec support (RFC 5575) o New RPKI-Router protocol o New build system o Unit tests Notes: Protocols and tables are now connected using explicit channels, most related protocol options (table, import, export, ...) are now channel options. See doc/bird.conf.example2 for configuration examples. Version 1.6.3 (2016-12-21) o Large BGP communities o BFD authentication (MD5, SHA1) o SHA1 and SHA2 authentication for RIP and OSPF o Improved documentation o Several bug fixes Version 1.6.2 (2016-09-29) o Fixes serious bug introduced in the previous version Loading configure.in +1 −2 Original line number Diff line number Diff line Loading @@ -186,8 +186,7 @@ fi AC_SUBST(iproutedir) # all_protocols="$proto_bfd babel bgp ospf pipe radv rip $proto_rpki static" all_protocols="$proto_bfd bgp ospf pipe radv rip $proto_rpki static " all_protocols="$proto_bfd babel bgp ospf pipe radv rip $proto_rpki static" all_protocols=`echo $all_protocols | sed 's/ /,/g'` Loading doc/bird.conf.example +2 −1 Original line number Diff line number Diff line /* * This is an example configuration file. * This is an example configuration file * (for version 1.x.x, obsolete) */ # Yes, even shell-like comments work... Loading doc/bird.conf.example2 0 → 100644 +267 −0 Original line number Diff line number Diff line /* * This is an example configuration file for MB-BGP setting */ log "bird.log" all; # debug protocols all; router id 192.168.1.1; ipv4 table master4; ipv6 table master6; ipv4 table mcast4; ipv6 table mcast6; flow4 table flowtab4; flow6 table flowtab6; protocol device { scan time 10; } protocol kernel kernel4 { scan time 20; ipv4 { export all; }; } protocol kernel kernel6 { scan time 20; ipv6 { export all; }; } protocol static static4 { ipv4; route 10.10.0.0/24 via 192.168.1.2; route 10.10.1.0/24 via 192.168.1.2 { bgp_large_community.add((10,20,30)); bgp_large_community.add((10,(20*3),10)); }; } protocol static static6 { ipv6; route 2001:db8:10:10::/64 via 2001:db8:1:1::10; route 2001:db8:10:11::/64 via 2001:db8:1:1::10; route 2001:db8:1:1::/64 via fe80::ec9b:67ff:fe60:fd5d % ve1; } # RFC 5575 flow specification protocol static flowstat4 { flow4; route flow4 { dst 10.0.0.0/8; proto = 23; dport > 24 && < 30 || 40..50,60..70,80; sport > 24 && < 30 || = 40 || 50,60..70,80; icmp type 80; icmp code 90; tcp flags 0x03/0x0f; length 2048..65535; dscp = 63; fragment dont_fragment, is_fragment || !first_fragment; } drop; route flow4 { dst 11.0.0.0/8; proto = 0x12; sport > 0x5678 && < 0x9abc || 0xdef0 || 0x1234,0x5678,0x9abc..0xdef0; dport = 50; tcp flags 0xabcd/0xbbdd; } drop; route flow4 { dst 12.0.0.0/32; tcp flags ! 0 / 0x9999; } drop; route flow4 { dst 220.0.254.0/24; tcp flags 0x99 / 0x9999; } drop; route flow4 { dst 220.0.254.192/28; tcp flags !0xffff / 0xFFFF; } drop; route flow4 { dst 15.0.0.0/8; tcp flags !0x9999/0x9999; } drop; } protocol static flowstat6 { flow6; route flow6 { dst fec0:1122:3344:5566::1/128; src 0000:0000:0000:0001:1234:5678:9800:0000/101 offset 63; next header = 23; sport 24..30, 42 || 50,60,70..80; dport = 50; tcp flags 0x03/0x0f, !0/0xff || 0x33/0x33; fragment !is_fragment || !first_fragment; label 0xaaaa/0xaaaa && 0x33/0x33; } drop; route flow6 { dst fec0:1122:3344:5566::1/128; src ::1:1234:5678:9800:0/101 offset 63; next header = 23; dport = 50; sport > 24 && < 30 || = 40 || = 50 || = 60 || >= 70 && <= 80; tcp flags 0x3/0x3 && 0x0/0xc; } drop; } protocol pipe { table master4; peer table mcast4; import none; export where source = RTS_OSPF; } protocol pipe { table master6; peer table mcast6; import none; export where source = RTS_OSPF; } protocol ospf2 ospf4 { # ecmp; ipv4 { import all; # export where source = RTS_STATIC; }; area 0 { interface "ve0" { stub; }; interface "ve1" { hello 5; type ptp; }; interface "ve2" { hello 5; type bcast; ttl security; }; interface "ve3" { hello 5; type bcast; ttl security; }; }; } protocol ospf3 ospf6 { # ecmp; ipv6 { import all; # export where source = RTS_STATIC; }; area 0 { interface "ve0" { stub; }; interface "ve1" { hello 5; type ptp; }; interface "ve2" { hello 5; type bcast; }; }; } protocol bgp { local 192.168.11.1 as 1000; neighbor 192.168.11.2 as 2000; # local 192.168.1.1 as 1000; # neighbor 192.168.2.1 as 2000; # multihop; # rr client; # strict bind; # debug all; # regular IPv4 unicast (1/1) ipv4 { # connects to master4 table by default import all; export where source ~ [ RTS_STATIC, RTS_BGP ]; }; # regular IPv6 unicast (2/1) ipv6 { # connects to master6 table by default import all; export where source ~ [ RTS_STATIC, RTS_BGP ]; # next hop address 2001:db8:1:1::1; }; # IPv4 multicast topology (1/2) ipv4 multicast { # explicit IPv4 table table mcast4; import all; export all; }; # IPv6 multicast topology (2/2) ipv6 multicast { # explicit IPv6 table table mcast6; import all; export all; # next hop address 2001:db8:1:1::1; }; # IPv4 Flowspec (1/133) flow4 { # connects to flowtab4 table by default import all; export all; }; # IPv6 Flowspec (2/133) flow6 { # connects to flowtab6 table by default import all; export all; }; } protocol bgp { local 192.168.1.1 as 1000; neighbor 192.168.3.1 as 1000; multihop; rr client; ipv4 { import all; export where source ~ [ RTS_STATIC, RTS_BGP ]; }; ipv6 { import all; export where source ~ [ RTS_STATIC, RTS_BGP ]; next hop address 2001:db8:1:1::1; }; } protocol bgp { local 2001:db8:1:1::1 as 1000; neighbor 2001:db8:4:1::1 as 1000; multihop; rr client; ipv4 { import all; export where source ~ [ RTS_STATIC, RTS_BGP ]; next hop address 192.168.4.1; }; ipv6 { import all; export where source ~ [ RTS_STATIC, RTS_BGP ]; }; } doc/bird.sgml +31 −14 Original line number Diff line number Diff line Loading @@ -1945,12 +1945,11 @@ avoid routing loops. <p>BIRD supports all requirements of the BGP4 standard as defined in <rfc id="4271"> It also supports the community attributes (<rfc id="1997">), capability negotiation (<rfc id="5492">), MD5 password authentication (<rfc id="2385">), extended communities (<rfc id="4360">), route reflectors (<rfc id="4456">), graceful restart (<rfc id="4724">), multiprotocol extensions (<rfc id="4760">), 4B AS numbers (<rfc id="4893">), and 4B AS numbers in extended communities (<rfc id="5668">). capability negotiation (<rfc id="5492">), MD5 password authentication (<rfc id="2385">), extended communities (<rfc id="4360">), route reflectors (<rfc id="4456">), AS confederations (<rfc id="5065">), graceful restart (<rfc id="4724">), multiprotocol extensions (<rfc id="4760">), 4B AS numbers (<rfc id="4893">), and 4B AS numbers in extended communities (<rfc id="5668">). For IPv6, it uses the standard multiprotocol extensions defined in <rfc id="4760"> and applied to IPv6 according to <rfc id="2545">. Loading Loading @@ -2041,6 +2040,16 @@ using the following configuration parameters: source address for the BGP session. Default: the address of the local end of the interface our neighbor is connected to. <tag><label id="bgp-strict-bind">strict bind <m/switch/</tag> Specify whether BGP listening socket should be bound to a specific local address (the same as the <cf/source address/) and associated interface, or to all addresses. Binding to a specific address could be useful in cases like running multiple BIRD instances on a machine, each using its IP address. Note that listening sockets bound to a specific address and to all addresses collide, therefore either all BGP protocols (of the same address family and using the same local port) should have set <cf/strict bind/, or none of them. Default: disabled. <tag><label id="bgp-next-hop-self">next hop self</tag> Avoid calculation of the Next Hop attribute and always advertise our own source address as a next hop. This needs to be used only occasionally to Loading Loading @@ -2113,7 +2122,7 @@ using the following configuration parameters: Note that full (ICMP protection, for example) <rfc id="5082"> support is provided by Linux only. Default: disabled. <tag><label id="bgp-pass">password <m/string/</tag> <tag><label id="bgp-password">password <m/string/</tag> Use this password for MD5 authentication of BGP sessions (<rfc id="2385">). When used on BSD systems, see also <cf/setkey/ option below. Default: no authentication. Loading @@ -2134,6 +2143,21 @@ using the following configuration parameters: accepting incoming connections. In passive mode, outgoing connections are not initiated. Default: off. <tag><label id="bgp-confederation">confederation <m/number/</tag> BGP confederations (<rfc id="5065">) are collections of autonomous systems that act as one entity to external systems, represented by one confederation identifier (instead of AS numbers). This option allows to enable BGP confederation behavior and to specify the local confederation identifier. When BGP confederations are used, all BGP speakers that are members of the BGP confederation should have the same confederation identifier configured. Default: 0 (no confederation). <tag><label id="bgp-confederation-member">confederation member <m/switch/</tag> When BGP confederations are used, this option allows to specify whether the BGP neighbor is a member of the same confederation as the local BGP speaker. The option is unnecessary (and ignored) for IBGP sessions, as the same AS number implies the same confederation. Default: no. <tag><label id="bgp-rr-client">rr client</tag> Be a route reflector and treat the neighbor as a route reflection client. Default: disabled. Loading Loading @@ -2256,13 +2280,6 @@ using the following configuration parameters: This option is relevant to IPv4 mode with enabled capability advertisement only. Default: on. <tag><label id="bgp-route-limit">route limit <m/number/</tag> The maximal number of routes that may be imported from the protocol. If the route limit is exceeded, the connection is closed with an error. Limit is currently implemented as <cf>import limit <m/number/ action restart</cf>. This option is obsolete and it is replaced by <ref id="proto-import-limit" name="import limit option">. Default: no limit. <tag><label id="bgp-disable-after-error">disable after error <m/switch/</tag> When an error is encountered (either locally or by the other side), disable the instance automatically and wait for an administrator to fix Loading Loading
NEWS +23 −0 Original line number Diff line number Diff line Version 2.0.0-pre0 (2016-12-07) o Integrated IPv4 + IPv6 design o Major BGP protocol redesign o BGP multicast support (SAFI 2) o BGP flowspec support (RFC 5575) o New RPKI-Router protocol o New build system o Unit tests Notes: Protocols and tables are now connected using explicit channels, most related protocol options (table, import, export, ...) are now channel options. See doc/bird.conf.example2 for configuration examples. Version 1.6.3 (2016-12-21) o Large BGP communities o BFD authentication (MD5, SHA1) o SHA1 and SHA2 authentication for RIP and OSPF o Improved documentation o Several bug fixes Version 1.6.2 (2016-09-29) o Fixes serious bug introduced in the previous version Loading
configure.in +1 −2 Original line number Diff line number Diff line Loading @@ -186,8 +186,7 @@ fi AC_SUBST(iproutedir) # all_protocols="$proto_bfd babel bgp ospf pipe radv rip $proto_rpki static" all_protocols="$proto_bfd bgp ospf pipe radv rip $proto_rpki static " all_protocols="$proto_bfd babel bgp ospf pipe radv rip $proto_rpki static" all_protocols=`echo $all_protocols | sed 's/ /,/g'` Loading
doc/bird.conf.example +2 −1 Original line number Diff line number Diff line /* * This is an example configuration file. * This is an example configuration file * (for version 1.x.x, obsolete) */ # Yes, even shell-like comments work... Loading
doc/bird.conf.example2 0 → 100644 +267 −0 Original line number Diff line number Diff line /* * This is an example configuration file for MB-BGP setting */ log "bird.log" all; # debug protocols all; router id 192.168.1.1; ipv4 table master4; ipv6 table master6; ipv4 table mcast4; ipv6 table mcast6; flow4 table flowtab4; flow6 table flowtab6; protocol device { scan time 10; } protocol kernel kernel4 { scan time 20; ipv4 { export all; }; } protocol kernel kernel6 { scan time 20; ipv6 { export all; }; } protocol static static4 { ipv4; route 10.10.0.0/24 via 192.168.1.2; route 10.10.1.0/24 via 192.168.1.2 { bgp_large_community.add((10,20,30)); bgp_large_community.add((10,(20*3),10)); }; } protocol static static6 { ipv6; route 2001:db8:10:10::/64 via 2001:db8:1:1::10; route 2001:db8:10:11::/64 via 2001:db8:1:1::10; route 2001:db8:1:1::/64 via fe80::ec9b:67ff:fe60:fd5d % ve1; } # RFC 5575 flow specification protocol static flowstat4 { flow4; route flow4 { dst 10.0.0.0/8; proto = 23; dport > 24 && < 30 || 40..50,60..70,80; sport > 24 && < 30 || = 40 || 50,60..70,80; icmp type 80; icmp code 90; tcp flags 0x03/0x0f; length 2048..65535; dscp = 63; fragment dont_fragment, is_fragment || !first_fragment; } drop; route flow4 { dst 11.0.0.0/8; proto = 0x12; sport > 0x5678 && < 0x9abc || 0xdef0 || 0x1234,0x5678,0x9abc..0xdef0; dport = 50; tcp flags 0xabcd/0xbbdd; } drop; route flow4 { dst 12.0.0.0/32; tcp flags ! 0 / 0x9999; } drop; route flow4 { dst 220.0.254.0/24; tcp flags 0x99 / 0x9999; } drop; route flow4 { dst 220.0.254.192/28; tcp flags !0xffff / 0xFFFF; } drop; route flow4 { dst 15.0.0.0/8; tcp flags !0x9999/0x9999; } drop; } protocol static flowstat6 { flow6; route flow6 { dst fec0:1122:3344:5566::1/128; src 0000:0000:0000:0001:1234:5678:9800:0000/101 offset 63; next header = 23; sport 24..30, 42 || 50,60,70..80; dport = 50; tcp flags 0x03/0x0f, !0/0xff || 0x33/0x33; fragment !is_fragment || !first_fragment; label 0xaaaa/0xaaaa && 0x33/0x33; } drop; route flow6 { dst fec0:1122:3344:5566::1/128; src ::1:1234:5678:9800:0/101 offset 63; next header = 23; dport = 50; sport > 24 && < 30 || = 40 || = 50 || = 60 || >= 70 && <= 80; tcp flags 0x3/0x3 && 0x0/0xc; } drop; } protocol pipe { table master4; peer table mcast4; import none; export where source = RTS_OSPF; } protocol pipe { table master6; peer table mcast6; import none; export where source = RTS_OSPF; } protocol ospf2 ospf4 { # ecmp; ipv4 { import all; # export where source = RTS_STATIC; }; area 0 { interface "ve0" { stub; }; interface "ve1" { hello 5; type ptp; }; interface "ve2" { hello 5; type bcast; ttl security; }; interface "ve3" { hello 5; type bcast; ttl security; }; }; } protocol ospf3 ospf6 { # ecmp; ipv6 { import all; # export where source = RTS_STATIC; }; area 0 { interface "ve0" { stub; }; interface "ve1" { hello 5; type ptp; }; interface "ve2" { hello 5; type bcast; }; }; } protocol bgp { local 192.168.11.1 as 1000; neighbor 192.168.11.2 as 2000; # local 192.168.1.1 as 1000; # neighbor 192.168.2.1 as 2000; # multihop; # rr client; # strict bind; # debug all; # regular IPv4 unicast (1/1) ipv4 { # connects to master4 table by default import all; export where source ~ [ RTS_STATIC, RTS_BGP ]; }; # regular IPv6 unicast (2/1) ipv6 { # connects to master6 table by default import all; export where source ~ [ RTS_STATIC, RTS_BGP ]; # next hop address 2001:db8:1:1::1; }; # IPv4 multicast topology (1/2) ipv4 multicast { # explicit IPv4 table table mcast4; import all; export all; }; # IPv6 multicast topology (2/2) ipv6 multicast { # explicit IPv6 table table mcast6; import all; export all; # next hop address 2001:db8:1:1::1; }; # IPv4 Flowspec (1/133) flow4 { # connects to flowtab4 table by default import all; export all; }; # IPv6 Flowspec (2/133) flow6 { # connects to flowtab6 table by default import all; export all; }; } protocol bgp { local 192.168.1.1 as 1000; neighbor 192.168.3.1 as 1000; multihop; rr client; ipv4 { import all; export where source ~ [ RTS_STATIC, RTS_BGP ]; }; ipv6 { import all; export where source ~ [ RTS_STATIC, RTS_BGP ]; next hop address 2001:db8:1:1::1; }; } protocol bgp { local 2001:db8:1:1::1 as 1000; neighbor 2001:db8:4:1::1 as 1000; multihop; rr client; ipv4 { import all; export where source ~ [ RTS_STATIC, RTS_BGP ]; next hop address 192.168.4.1; }; ipv6 { import all; export where source ~ [ RTS_STATIC, RTS_BGP ]; }; }
doc/bird.sgml +31 −14 Original line number Diff line number Diff line Loading @@ -1945,12 +1945,11 @@ avoid routing loops. <p>BIRD supports all requirements of the BGP4 standard as defined in <rfc id="4271"> It also supports the community attributes (<rfc id="1997">), capability negotiation (<rfc id="5492">), MD5 password authentication (<rfc id="2385">), extended communities (<rfc id="4360">), route reflectors (<rfc id="4456">), graceful restart (<rfc id="4724">), multiprotocol extensions (<rfc id="4760">), 4B AS numbers (<rfc id="4893">), and 4B AS numbers in extended communities (<rfc id="5668">). capability negotiation (<rfc id="5492">), MD5 password authentication (<rfc id="2385">), extended communities (<rfc id="4360">), route reflectors (<rfc id="4456">), AS confederations (<rfc id="5065">), graceful restart (<rfc id="4724">), multiprotocol extensions (<rfc id="4760">), 4B AS numbers (<rfc id="4893">), and 4B AS numbers in extended communities (<rfc id="5668">). For IPv6, it uses the standard multiprotocol extensions defined in <rfc id="4760"> and applied to IPv6 according to <rfc id="2545">. Loading Loading @@ -2041,6 +2040,16 @@ using the following configuration parameters: source address for the BGP session. Default: the address of the local end of the interface our neighbor is connected to. <tag><label id="bgp-strict-bind">strict bind <m/switch/</tag> Specify whether BGP listening socket should be bound to a specific local address (the same as the <cf/source address/) and associated interface, or to all addresses. Binding to a specific address could be useful in cases like running multiple BIRD instances on a machine, each using its IP address. Note that listening sockets bound to a specific address and to all addresses collide, therefore either all BGP protocols (of the same address family and using the same local port) should have set <cf/strict bind/, or none of them. Default: disabled. <tag><label id="bgp-next-hop-self">next hop self</tag> Avoid calculation of the Next Hop attribute and always advertise our own source address as a next hop. This needs to be used only occasionally to Loading Loading @@ -2113,7 +2122,7 @@ using the following configuration parameters: Note that full (ICMP protection, for example) <rfc id="5082"> support is provided by Linux only. Default: disabled. <tag><label id="bgp-pass">password <m/string/</tag> <tag><label id="bgp-password">password <m/string/</tag> Use this password for MD5 authentication of BGP sessions (<rfc id="2385">). When used on BSD systems, see also <cf/setkey/ option below. Default: no authentication. Loading @@ -2134,6 +2143,21 @@ using the following configuration parameters: accepting incoming connections. In passive mode, outgoing connections are not initiated. Default: off. <tag><label id="bgp-confederation">confederation <m/number/</tag> BGP confederations (<rfc id="5065">) are collections of autonomous systems that act as one entity to external systems, represented by one confederation identifier (instead of AS numbers). This option allows to enable BGP confederation behavior and to specify the local confederation identifier. When BGP confederations are used, all BGP speakers that are members of the BGP confederation should have the same confederation identifier configured. Default: 0 (no confederation). <tag><label id="bgp-confederation-member">confederation member <m/switch/</tag> When BGP confederations are used, this option allows to specify whether the BGP neighbor is a member of the same confederation as the local BGP speaker. The option is unnecessary (and ignored) for IBGP sessions, as the same AS number implies the same confederation. Default: no. <tag><label id="bgp-rr-client">rr client</tag> Be a route reflector and treat the neighbor as a route reflection client. Default: disabled. Loading Loading @@ -2256,13 +2280,6 @@ using the following configuration parameters: This option is relevant to IPv4 mode with enabled capability advertisement only. Default: on. <tag><label id="bgp-route-limit">route limit <m/number/</tag> The maximal number of routes that may be imported from the protocol. If the route limit is exceeded, the connection is closed with an error. Limit is currently implemented as <cf>import limit <m/number/ action restart</cf>. This option is obsolete and it is replaced by <ref id="proto-import-limit" name="import limit option">. Default: no limit. <tag><label id="bgp-disable-after-error">disable after error <m/switch/</tag> When an error is encountered (either locally or by the other side), disable the instance automatically and wait for an administrator to fix Loading
