Merge branch 'int-new' into nexthop-merged

3 files changed, 300 insertions, 15 deletions

diff --git a/doc/bird.conf.example b/doc/bird.conf.example
index bbfe0020..62c65ce9 100644
--- a/doc/bird.conf.example
+++ b/doc/bird.conf.example
@@ -1,5 +1,6 @@
 /*
- *	This is an example configuration file.
+ *	This is an example configuration file
+ *	(for version 1.x.x, obsolete)
  */
 
 # Yes, even shell-like comments work...
diff --git a/doc/bird.conf.example2 b/doc/bird.conf.example2
new file mode 100644
index 00000000..6e8988b9
--- /dev/null
+++ b/doc/bird.conf.example2
@@ -0,0 +1,267 @@
+/*
+ *	This is an example configuration file for MB-BGP setting
+ */
+
+
+log "bird.log" all;
+# debug protocols all;
+
+router id 192.168.1.1;
+
+ipv4 table master4;
+ipv6 table master6;
+
+ipv4 table mcast4;
+ipv6 table mcast6;
+
+flow4 table flowtab4;
+flow6 table flowtab6;
+
+
+protocol device {
+	scan time 10;
+}
+
+protocol kernel kernel4 {
+	scan time 20;
+
+	ipv4 {
+		export all;
+	};
+}
+
+protocol kernel kernel6 {
+	scan time 20;
+
+	ipv6 {
+		export all;
+	};
+}
+
+
+protocol static static4 {
+	ipv4;
+
+	route 10.10.0.0/24 via 192.168.1.2;
+	route 10.10.1.0/24 via 192.168.1.2 { bgp_large_community.add((10,20,30)); bgp_large_community.add((10,(20*3),10)); };
+}
+
+protocol static static6 {
+	ipv6;
+
+	route 2001:db8:10:10::/64 via 2001:db8:1:1::10;
+	route 2001:db8:10:11::/64 via 2001:db8:1:1::10;
+
+	route 2001:db8:1:1::/64 via fe80::ec9b:67ff:fe60:fd5d % ve1;
+}
+
+# RFC 5575 flow specification
+protocol static flowstat4 {
+	flow4;
+
+	route flow4 {
+		dst 10.0.0.0/8;
+		proto = 23;
+		dport > 24 && < 30 || 40..50,60..70,80;
+		sport > 24 && < 30 || = 40 || 50,60..70,80;
+		icmp type 80;
+		icmp code 90;
+		tcp flags 0x03/0x0f;
+		length 2048..65535;
+		dscp = 63;
+		fragment dont_fragment, is_fragment || !first_fragment;
+	} drop;
+
+	route flow4 {
+		dst 11.0.0.0/8;
+		proto = 0x12;
+		sport > 0x5678 && < 0x9abc || 0xdef0 || 0x1234,0x5678,0x9abc..0xdef0;
+		dport = 50;
+		tcp flags 0xabcd/0xbbdd;
+	} drop;
+
+	route flow4 {
+		dst 12.0.0.0/32;
+		tcp flags ! 0 / 0x9999;
+	} drop;
+
+	route flow4 {
+		dst 220.0.254.0/24;
+		tcp flags 0x99 / 0x9999;
+	} drop;
+
+	route flow4 {
+		dst 220.0.254.192/28;
+		tcp flags !0xffff / 0xFFFF;
+	} drop;
+
+	route flow4 {
+		dst 15.0.0.0/8;
+		tcp flags !0x9999/0x9999;
+	} drop;
+}
+
+protocol static flowstat6 {
+	flow6;
+
+	route flow6 {
+		dst fec0:1122:3344:5566::1/128;
+		src 0000:0000:0000:0001:1234:5678:9800:0000/101 offset 63;
+		next header = 23;
+		sport 24..30, 42 || 50,60,70..80;
+		dport = 50;
+		tcp flags 0x03/0x0f, !0/0xff || 0x33/0x33;
+		fragment !is_fragment || !first_fragment;
+		label 0xaaaa/0xaaaa && 0x33/0x33;
+	} drop;
+
+	route flow6 {
+		dst fec0:1122:3344:5566::1/128;
+		src ::1:1234:5678:9800:0/101 offset 63;
+		next header = 23;
+		dport = 50;
+		sport > 24 && < 30 || = 40 || = 50 || = 60 || >= 70 && <= 80;
+		tcp flags 0x3/0x3 && 0x0/0xc;
+	} drop;
+}
+
+
+protocol pipe {
+	table master4;
+	peer table mcast4;
+	import none;
+	export where source = RTS_OSPF;
+}
+
+protocol pipe {
+	table master6;
+	peer table mcast6;
+	import none;
+	export where source = RTS_OSPF;
+}
+
+protocol ospf2 ospf4 {
+#	ecmp;
+
+	ipv4 {
+		import all;
+#		export where source = RTS_STATIC;
+	};
+
+	area 0 {
+		interface "ve0" { stub; };
+		interface "ve1" { hello 5; type ptp; };
+		interface "ve2" { hello 5; type bcast; ttl security; };
+		interface "ve3" { hello 5; type bcast; ttl security; };
+	};
+}
+
+
+protocol ospf3 ospf6 {
+#	ecmp;
+
+	ipv6 {
+		import all;
+#		export where source = RTS_STATIC;
+	};
+
+	area 0 {
+		interface "ve0" { stub; };
+		interface "ve1" { hello 5; type ptp; };
+		interface "ve2" { hello 5; type bcast; };
+	};
+}
+
+protocol bgp {
+	local 192.168.11.1 as 1000;
+	neighbor 192.168.11.2 as 2000;
+#	local 192.168.1.1 as 1000;
+#	neighbor 192.168.2.1 as 2000;
+#	multihop;
+#	rr client;
+#	strict bind;
+#	debug all;
+
+	# regular IPv4 unicast (1/1)
+	ipv4 {
+		# connects to master4 table by default
+		import all;
+		export where source ~ [ RTS_STATIC, RTS_BGP ];
+	};
+
+	# regular IPv6 unicast (2/1)
+	ipv6 {
+		# connects to master6 table by default
+		import all;
+		export where source ~ [ RTS_STATIC, RTS_BGP ];
+#		next hop address 2001:db8:1:1::1;
+	};
+
+	# IPv4 multicast topology (1/2)
+	ipv4 multicast {
+		# explicit IPv4 table
+		table mcast4;
+		import all;
+		export all;
+	};
+
+	# IPv6 multicast topology (2/2)
+	ipv6 multicast {
+		# explicit IPv6 table
+		table mcast6;
+		import all;
+		export all;
+#		next hop address 2001:db8:1:1::1;
+	};
+
+	# IPv4 Flowspec (1/133)
+	flow4 {
+		# connects to flowtab4 table by default
+		import all;
+		export all;
+	};
+
+	# IPv6 Flowspec (2/133)
+	flow6 {
+		# connects to flowtab6 table by default
+		import all;
+		export all;
+	};
+}
+
+protocol bgp {
+	local 192.168.1.1 as 1000;
+	neighbor 192.168.3.1 as 1000;
+	multihop;
+	rr client;
+
+	ipv4 {
+		import all;
+		export where source ~ [ RTS_STATIC, RTS_BGP ];
+	};
+
+	ipv6 {
+		import all;
+		export where source ~ [ RTS_STATIC, RTS_BGP ];
+		next hop address 2001:db8:1:1::1;
+	};
+}
+
+protocol bgp {
+	local 2001:db8:1:1::1 as 1000;
+	neighbor 2001:db8:4:1::1 as 1000;
+	multihop;
+	rr client;
+
+	ipv4 {
+		import all;
+		export where source ~ [ RTS_STATIC, RTS_BGP ];
+		next hop address 192.168.4.1;
+	};
+
+	ipv6 {
+		import all;
+		export where source ~ [ RTS_STATIC, RTS_BGP ];
+	};
+}
+
diff --git a/doc/bird.sgml b/doc/bird.sgml
index c49e7e8e..2f8f18f3 100644
--- a/doc/bird.sgml
+++ b/doc/bird.sgml
@@ -1945,12 +1945,11 @@ avoid routing loops.
 
 <p>BIRD supports all requirements of the BGP4 standard as defined in
 <rfc id="4271"> It also supports the community attributes (<rfc id="1997">),
-capability negotiation (<rfc id="5492">), MD5 password authentication (<rfc
-id="2385">), extended communities (<rfc id="4360">), route reflectors (<rfc
-id="4456">), graceful restart (<rfc id="4724">), multiprotocol extensions
-(<rfc id="4760">), 4B AS numbers (<rfc id="4893">), and 4B AS numbers in
-extended communities (<rfc id="5668">).
-
+capability negotiation (<rfc id="5492">), MD5 password authentication
+(<rfc id="2385">), extended communities (<rfc id="4360">), route reflectors
+(<rfc id="4456">), AS confederations (<rfc id="5065">), graceful restart
+(<rfc id="4724">), multiprotocol extensions (<rfc id="4760">), 4B AS numbers
+(<rfc id="4893">), and 4B AS numbers in extended communities (<rfc id="5668">).
 
 For IPv6, it uses the standard multiprotocol extensions defined in
 <rfc id="4760"> and applied to IPv6 according to <rfc id="2545">.
@@ -2041,6 +2040,16 @@ using the following configuration parameters:
 	source address for the BGP session. Default: the address of the local
 	end of the interface our neighbor is connected to.
 
+	<tag><label id="bgp-strict-bind">strict bind <m/switch/</tag>
+	Specify whether BGP listening socket should be bound to a specific local
+	address (the same as the <cf/source address/) and associated interface,
+	or to all addresses. Binding to a specific address could be useful in
+	cases like running multiple BIRD instances on a machine, each using its
+	IP address. Note that listening sockets bound to a specific address and
+	to all addresses collide, therefore either all BGP protocols (of the
+	same address family and using the same local port) should have set
+	<cf/strict bind/, or none of them. Default: disabled.
+
 	<tag><label id="bgp-next-hop-self">next hop self</tag>
 	Avoid calculation of the Next Hop attribute and always advertise our own
 	source address as a next hop. This needs to be used only occasionally to
@@ -2113,7 +2122,7 @@ using the following configuration parameters:
 	Note that full (ICMP protection, for example) <rfc id="5082"> support is
 	provided by Linux only. Default: disabled.
 
-	<tag><label id="bgp-pass">password <m/string/</tag>
+	<tag><label id="bgp-password">password <m/string/</tag>
 	Use this password for MD5 authentication of BGP sessions (<rfc id="2385">). When
 	used on BSD systems, see also <cf/setkey/ option below. Default: no
 	authentication.
@@ -2134,6 +2143,21 @@ using the following configuration parameters:
 	accepting incoming connections. In passive mode, outgoing connections
 	are not initiated. Default: off.
 
+	<tag><label id="bgp-confederation">confederation <m/number/</tag>
+	BGP confederations (<rfc id="5065">) are collections of autonomous
+	systems that act as one entity to external systems, represented by one
+	confederation identifier (instead of AS numbers). This option allows to
+	enable BGP confederation behavior and to specify the local confederation
+	identifier. When BGP confederations are used, all BGP speakers that are
+	members of the BGP confederation should have the same confederation
+	identifier configured. Default: 0 (no confederation).
+
+	<tag><label id="bgp-confederation-member">confederation member <m/switch/</tag>
+	When BGP confederations are used, this option allows to specify whether
+	the BGP neighbor is a member of the same confederation as the local BGP
+	speaker. The option is unnecessary (and ignored) for IBGP sessions, as
+	the same AS number implies the same confederation. Default: no.
+
 	<tag><label id="bgp-rr-client">rr client</tag>
 	Be a route reflector and treat the neighbor as a route reflection
 	client. Default: disabled.
@@ -2256,13 +2280,6 @@ using the following configuration parameters:
 	This option is relevant to IPv4 mode with enabled capability
 	advertisement only. Default: on.
 
-	<tag><label id="bgp-route-limit">route limit <m/number/</tag>
-	The maximal number of routes that may be imported from the protocol. If
-	the route limit is exceeded, the connection is closed with an error.
-	Limit is currently implemented as <cf>import limit <m/number/ action
-	restart</cf>. This option is obsolete and it is replaced by
-	<ref id="proto-import-limit" name="import limit option">. Default: no limit.
-
 	<tag><label id="bgp-disable-after-error">disable after error <m/switch/</tag>
 	When an error is encountered (either locally or by the other side),
 	disable the instance automatically and wait for an administrator to fix