diff options
-rw-r--r-- | doc/bird.conf.example | 354 |
1 files changed, 168 insertions, 186 deletions
diff --git a/doc/bird.conf.example b/doc/bird.conf.example index 62c65ce9..384270e3 100644 --- a/doc/bird.conf.example +++ b/doc/bird.conf.example @@ -1,222 +1,204 @@ -/* - * This is an example configuration file - * (for version 1.x.x, obsolete) - */ - -# Yes, even shell-like comments work... +# This is a basic configuration file, which contains boilerplate options and +# some basic examples. It allows the BIRD daemon to start but will not cause +# anything else to happen. +# +# Please refer to the BIRD User's Guide documentation, which is also available +# online at http://bird.network.cz/ in HTML format, for more information on +# configuring BIRD and adding routing protocols. # Configure logging -#log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug }; -#log stderr all; -#log "tmp" all; +log syslog all; +# log "/var/log/bird.log" { debug, trace, info, remote, warning, error, auth, fatal, bug }; -# Override router ID -#router id 198.51.100.1; +# Set router ID. It is a unique identification of your router, usually one of +# IPv4 addresses of the router. It is recommended to configure it explicitly. +# router id 198.51.100.1; -# You can define your own symbols... -#define xyzzy = (120+10); -#define '1a-a1' = (30+40); +# Turn on global debugging of all protocols (all messages or just selected classes) +# debug protocols all; +# debug protocols { events, states }; -# Define a route filter... -#filter test_filter { -# if net ~ 10.0.0.0/16 then accept; -# else reject; -#} +# Turn on internal watchdog +# watchdog warning 5 s; +# watchdog timeout 30 s; -#filter sink { reject; } -#filter okay { accept; } +# You can define your own constants +# define my_asn = 65000; +# define my_addr = 198.51.100.1; -#include "filters.conf"; +# Tables master4 and master6 are defined by default +# ipv4 table master4; +# ipv6 table master6; -# Define another routing table -#table testable; +# Define more tables, e.g. for policy routing or as MRIB +# ipv4 table mrib4; +# ipv6 table mrib6; -# Turn on global debugging of all protocols -#debug protocols all; +# The Device protocol is not a real routing protocol. It does not generate any +# routes and it only serves as a module for getting information about network +# interfaces from the kernel. It is necessary in almost any configuration. +protocol device { +} -# Turn on internal watchdog -#watchdog warning 5 s; -#watchdog timeout 30 s; - -# The direct protocol automatically generates device routes to -# all network interfaces. Can exist in as many instances as you wish -# if you want to populate multiple routing tables with device routes. -#protocol direct { -# interface "-eth*", "*"; # Restrict network interfaces it works with -#} +# The direct protocol is not a real routing protocol. It automatically generates +# direct routes to all network interfaces. Can exist in as many instances as you +# wish if you want to populate multiple routing tables with direct routes. +protocol direct { + disabled; # Disable by default + ipv4; # Connect to default IPv4 table + ipv6; # ... and to default IPv6 table +} -# This pseudo-protocol performs synchronization between BIRD's routing -# tables and the kernel. If your kernel supports multiple routing tables -# (as Linux 2.2.x does), you can run multiple instances of the kernel -# protocol and synchronize different kernel tables with different BIRD tables. +# The Kernel protocol is not a real routing protocol. Instead of communicating +# with other routers in the network, it performs synchronization of BIRD +# routing tables with the OS kernel. One instance per table. protocol kernel { -# learn; # Learn all alien routes from the kernel - persist; # Don't remove routes on bird shutdown - scan time 20; # Scan kernel routing table every 20 seconds -# import none; # Default is import all - export all; # Default is export none -# kernel table 5; # Kernel table to synchronize with (default: main) + ipv4 { # Connect protocol to IPv4 table by channel +# table master4; # Default IPv4 table is master4 +# import all; # Import to table, default is import all + export all; # Export to protocol. default is export none + }; +# learn; # Learn alien routes from the kernel +# kernel table 10; # Kernel table to synchronize with (default: main) } -# This pseudo-protocol watches all interface up/down events. -protocol device { - scan time 10; # Scan interfaces every 10 seconds +# Another instance for IPv6, skipping default options +protocol kernel { + ipv6 { export all; }; } -# Static routes (again, there can be multiple instances, so that you -# can disable/enable various groups of static routes on the fly). +# Static routes (Again, there can be multiple instances, for different address +# families and to disable/enable various groups of static routes on the fly). protocol static { -# disabled; # Disable by default -# table testable; # Connect to a non-default table -# preference 1000; # Default preference of routes -# debug { states, routes, filters, interfaces, events, packets }; -# debug all; -# route 0.0.0.0/0 via 198.51.100.13; -# route 198.51.100.0/25 unreachable; + ipv4; # Again, IPv4 channel with default options + +# route 0.0.0.0/0 via 198.51.100.10; +# route 192.0.2.0/24 blackhole; # route 10.0.0.0/8 unreachable; -# route 10.1.1.0:255.255.255.0 via 198.51.100.3; -# route 10.1.2.0:255.255.255.0 via 198.51.100.3; -# route 10.1.3.0:255.255.255.0 via 198.51.100.4; -# route 10.2.0.0/24 via "arc0"; +# route 10.2.0.0/24 via "eth0"; +# # Static routes can be defined with optional attributes +# route 10.1.1.0/24 via 198.51.100.3 { rip_metric = 3; }; +# route 10.1.2.0/24 via 198.51.100.3 { ospf_metric1 = 100; }; +# route 10.1.3.0/24 via 198.51.100.4 { ospf_metric2 = 100; }; } -# Pipe protocol connects two routing tables... Beware of loops. -#protocol pipe { -# peer table testable; -# Define what routes do we export to this protocol / import from it. -# import all; # default is all -# export all; # default is none -# import none; # If you wish to disable imports -# import filter test_filter; # Use named filter -# import where source = RTS_DEVICE; # Use explicit filter -#} - -# RIP aka Rest In Pieces... -#protocol rip MyRIP { # You can also use an explicit name -# preference xyzzy; -# debug all; -# port 1520; -# period 7; -# infinity 16; -# garbage time 60; -# interface "*" { mode broadcast; }; -# honor neighbor; # To whom do we agree to send the routing table -# honor always; -# honor never; -# passwords { -# password "nazdar"; +# Pipe protocol connects two routing tables. Beware of loops. +# protocol pipe { +# table master4; # No ipv4/ipv6 channel definition like in other protocols +# peer table mrib4; +# import all; # Direction peer table -> table +# export all; # Direction table -> peer table +# } + +# RIP example, both RIP and RIPng are supported +# protocol rip { +# ipv4 { +# # Export direct, static routes and ones from RIP itself +# import all; +# export where source ~ [ RTS_DEVICE, RTS_STATIC, RTS_RIP ]; # }; -# authentication none; -# import filter { print "importing"; accept; }; -# export filter { print "exporting"; accept; }; -#} +# interface "eth*" { +# update time 10; # Default period is 30 +# timeout time 60; # Default timeout is 180 +# authentication cryptographic; # No authentication by default +# password "hello" { algorithm hmac sha256; }; # Default is MD5 +# }; +# } -#protocol ospf MyOSPF { -# tick 2; -# rfc1583compat yes; -# area 0.0.0.0 { -# stub no; +# OSPF example, both OSPFv2 and OSPFv3 are supported +# protocol ospf v3 { +# ipv6 { +# import all; +# export where source = RTS_STATIC; +# }; +# area 0 { # interface "eth*" { -# hello 9; -# retransmit 6; -# cost 10; -# transmit delay 5; -# dead count 5; -# wait 50; -# type broadcast; -# authentication simple; -# password "pass"; +# type broadcast; # Detected by default +# cost 10; # Interface metric +# hello 5; # Default hello perid 10 is too long # }; -# interface "arc0" { -# rx buffer large; -# type nonbroadcast; -# poll 14; -# dead 75; -# neighbors { -# 10.1.1.2 eligible; -# 10.1.1.4; -# }; -# strict nonbroadcast yes; +# interface "tun*" { +# type ptp; # PtP mode, avoids DR selection +# cost 100; # Interface metric +# hello 5; # Default hello perid 10 is too long # }; -# interface "xxx0" { -# passwords { -# password "abc" { -# id 1; -# generate to "22-04-2003 11:00:06"; -# accept to "17-01-2004 12:01:05"; -# }; -# password "def" { -# id 2; -# generate from "22-04-2003 11:00:07"; -# accept from "17-01-2003 12:01:05"; -# }; -# }; -# authentication cryptographic; -# }; -# }; -# area 20 { -# stub 1; -# interface "ppp1" { -# hello 8; -# authentication none; +# interface "dummy0" { +# stub; # Stub interface, just propagate it # }; -# interface "fr*"; -# virtual link 192.168.0.1 { -# password "sdsdffsdfg"; -# authentication cryptographic; -# }; # }; #} - -#protocol bgp { -# disabled; +# Define simple filter as an example for BGP import filter +# See https://gitlab.labs.nic.cz/labs/bird/wikis/BGP_filtering for more examples +# filter rt_import +# { +# if bgp_path.first != 64496 then accept; +# if bgp_path.len > 64 then accept; +# if bgp_next_hop != from then accept; +# reject; +# } + +# BGP example, explicit name 'uplink1' is used instead of default 'bgp1' +# protocol bgp uplink1 { # description "My BGP uplink"; -# local as 65000; -# neighbor 198.51.100.130 as 64496; -# multihop; -# hold time 240; -# startup hold time 240; -# connect retry time 120; -# keepalive time 80; # defaults to hold time / 3 -# start delay time 5; # How long do we wait before initial connect -# error wait time 60, 300;# Minimum and maximum time we wait after an error (when consecutive -# # errors occur, we increase the delay exponentially ... -# error forget time 300; # ... until this timeout expires) -# disable after error; # Disable the protocol automatically when an error occurs -# next hop self; # Disable next hop processing and always advertise our local address as nexthop -# path metric 1; # Prefer routes with shorter paths (like Cisco does) -# default bgp_med 0; # MED value we use for comparison when none is defined -# default bgp_local_pref 0; # The same for local preference -# source address 198.51.100.14; # What local address we use for the TCP connection +# local 198.51.100.1 as 65000; +# neighbor 198.51.100.10 as 64496; +# hold time 90; # Default is 240 # password "secret"; # Password used for MD5 authentication -# rr client; # I am a route reflector and the neighor is my client -# rr cluster id 1.0.0.1; # Use this value for cluster id instead of my router id -# export where source=RTS_STATIC; -# export filter { -# if source = RTS_STATIC then { -# bgp_community = -empty-; bgp_community = add(bgp_community,(65000,5678)); -# bgp_origin = 0; -# bgp_community = -empty-; bgp_community.add((65000,5678)); -# if (65000,64501) ~ bgp_community then -# bgp_community.add((0, 1)); -# if bgp_path ~ [= 65000 =] then -# bgp_path.prepend(65000); -# accept; -# } -# reject; +# +# ipv4 { # regular IPv4 unicast (1/1) +# import filter rt_import; +# export where source ~ [ RTS_STATIC, RTS_BGP ]; +# }; +# +# ipv6 { # regular IPv6 unicast (2/1) +# import filter rt_import; +# export filter { # The same as 'where' expression above +# if source ~ [ RTS_STATIC, RTS_BGP ] +# then accept; +# else reject; +# }; +# }; +# +# ipv4 multicast { # IPv4 multicast topology (1/2) +# table mrib4; # explicit IPv4 table +# import filter rt_import; +# export all; # }; -#} # -# Template usage example -#template bgp rr_client { -# disabled; -# local as 65000; -# multihop; +# ipv6 multicast { # IPv6 multicast topology (2/2) +# table mrib6; # explicit IPv6 table +# import filter rt_import; +# export all; +# }; +#} + +# Template example. Using templates to define IBGP route reflector clients. +# template bgp rr_clients { +# local 10.0.0.1 as 65000; +# neighbor as 65000; # rr client; # rr cluster id 1.0.0.1; -#} # -#protocol bgp rr_abcd from rr_client { -# neighbor 10.1.4.7 as 65000; -#} +# ipv4 { +# import all; +# export where source = RTS_BGP; +# }; +# +# ipv6 { +# import all; +# export where source = RTS_BGP; +# }; +# } +# +# protocol bgp client1 from rr_clients { +# neighbor 10.0.1.1; +# } +# +# protocol bgp client2 from rr_clients { +# neighbor 10.0.2.1; +# } +# +# protocol bgp client3 from rr_clients { +# neighbor 10.0.3.1; +# } |