summaryrefslogtreecommitdiff
path: root/doc/bird.sgml
AgeCommit message (Collapse)Author
2021-10-13Multipage allocationMaria Matejka
We can also quite simply allocate bigger blocks. Anyway, we need these blocks to be aligned to their size which needs one mmap() two times bigger and then two munmap()s returning the unaligned parts. The user can specify -B <N> on startup when <N> is the exponent of 2, setting the block size to 2^N. On most systems, N is 12, anyway if you know that your configuration is going to eat gigabytes of RAM, you are almost forced to raise your block size as you may easily get into memory fragmentation issues or you have to raise your maximum mapping count, e.g. "sysctl vm.max_map_count=(number)".
2021-06-09Nest: Allow both 'password' and 'key' keywords for authentication keysOndrej Zajicek (work)
2021-06-06Babel: Add MAC authentication support - updateOndrej Zajicek (work)
Some cleanups and bugfixes to the previous patch, including: - Fix rate limiting in index mismatch check - Fix missing BABEL_AUTH_INDEX_LEN in auth_tx_overhead computation - Fix missing auth_tx_overhead recalculation during reconfiguration - Fix pseudoheader construction in babel_auth_sign() (sport vs fport) - Fix typecasts for ptrdiffs in log messages - Make auth log messages similar to corresponding RIP/OSPF ones - Change auth log messages for events that happen during regular operation to debug messages - Switch meaning of babel_auth_check*() functions for consistency with corresponding RIP/OSPF ones - Remove requirement for min/max key length, only those required by given MAC code are enforced
2021-06-06Babel: Add MAC authentication supportToke Høiland-Jørgensen
This implements support for MAC authentication in the Babel protocol, as specified by RFC 8967. The implementation seeks to follow the RFC as close as possible, with the only deliberate deviation being the addition of support for all the HMAC algorithms already supported by Bird, as well as the Blake2b variant of the Blake algorithm. For description of applicability, assumptions and security properties, see RFC 8967 sections 1.1 and 1.2.
2021-06-06Nest: Allow specifying security keys as hex bytes as well as stringsToke Høiland-Jørgensen
Add support for specifying a password in hexadecimal format, The result is the same whether a password is specified as a quoted string or a hex-encoded byte string, this just makes it more convenient to input high-entropy byte strings as MAC keys.
2021-06-06Lib: Add Blake2s and Blake2b hash functionsToke Høiland-Jørgensen
The Babel MAC authentication RFC recommends implementing Blake2s as one of the supported algorithms. In order to achieve do this, add the blake2b and blake2s hash functions for MAC authentication. The hashing function implementations are the reference implementations from blake2.net. The Blake2 algorithms allow specifying an arbitrary output size, and the Babel MAC spec says to implement Blake2s with 128-bit output. To satisfy this, we add two different variants of each of the algorithms, one using the default size (256 bits for Blake2s, 512 bits for Blake2b), and one using half the default output size. Update to BIRD coding style done by committer.
2021-05-18Flowspec: Documentation updateOndrej Zajicek (work)
2021-05-18Flowspec: Do not use comma for bitmask operatorsOndrej Zajicek (work)
For numeric operators, comma is used for disjunction in expressions like "10, 20, 30..40". But for bitmask operators, comma is used for conjunction in a way that does not really make much sense. Use always explicit logical operators (&& and ||) to connect bitmask operators. Thanks to Matt Corallo for the bugreport.
2021-05-17Filter: Add MPLS label route attributeTrisha Biswas
Add support to set or read outgoing MPLS labels using filters. Currently this supports the addition of one label per route for the first next hop. Minor changes by committer.
2021-04-03Doc: Fix flowspec exampleOndrej Zajicek (work)
Thanks to Matt Corallo for the bugreport.
2021-03-15Doc: Document automatic RPKI reloadOndrej Zajicek (work)
2021-03-15Doc: Document channel debug optionsOndrej Zajicek (work)
2021-02-10BGP: Add support for BGP hostname capabilityVincent Bernat
This is an implementation of draft-walton-bgp-hostname-capability-02. It is implemented since quite some time for FRR and in datacenter, this gives a nice output to avoid using IP addresses. It is disabled by default. The hostname is retrieved from uname(2) and can be overriden with "hostname" option. The domain name is never set nor displayed. Minor changes by committer.
2021-01-07Doc: Describe per-nexthop static route optionsOndrej Zajicek (work)
Also remove description of (no longer supported) per-route 'bfd' option, and add examples of IPv6 routes with link-local nexthops.
2021-01-06BGP: Deprecate 'missing lladdr' optionOndrej Zajicek (work)
The option is not implemented since transition to 2.0 and no plan to add it. Also remove some deprecated RTS_* valus from documentation. Thanks to Sébastien Parisot for notification.
2020-12-02Filter: Add 'weight' route attributeOndrej Zajicek (work)
Add 'weight' route attribute that allows to get and set ECMP weight of nexthops. Similar to 'gw' attribute, it is limited to the first nexthop, but it is useful for handling BGP multipath, where an ECMP route is merged from multiple regular routes.
2020-11-19Static: Support for multiple routes with the same networkOndrej Zajicek (work)
Add support for proper handling of multiple routes with the same network to the static protocol. Routes are distinguished by internal index, which is assigned automatically (sequentially for routes within each network). Having different route preference or igp_metric attribute is optional.
2020-11-18Doc: Added example of static routes with BGP large communitiesNigel Kukard
2020-11-12BFD: Update documentation about per-session optionsOndrej Zajicek (work)
2020-10-11RPKI: Add 'ignore max length' optionOndrej Zajicek (work)
Add 'ignore max length' option to RPKI protocol, which ignores received max length in ROA records and instead uses max value (32 or 128). This may be useful for implementing loose RPKI check for blackholes.
2020-10-05Doc: Fix missing semicolonsOndrej Zajicek (work)
Thanks to Marco Gartmann for the bugreport.
2020-10-05Doc: Fix typoOndrej Zajicek (work)
Thanks to Sergey Kulikov for the bugreport.
2020-06-03Doc: Add 'ptp address' to OSPF doc overviewKenth Eriksson
2020-05-26OSPF: Fix handling of unnumbered PtPsOndrej Zajicek (work)
This issue has a long history. In 2012, we changed data field for unnumbered PtP links from iface id (specified by RFC) to IP address based on reports of bugs in Quagga that required it, and we used out-of-band information to distinquish unnumberred PtPs with the same local IP address. Then with OSPF graceful restart implementation, we found that we can no longer use out-of-band information, and we need to use only LSAdb info for routing table calculation, but i forgot to finish handling of this case, so multiple unnumbered PtPs with the same local IP addresses were broken. Considering that even recent Mikrotik RouterOS has broken next hop calculation that depends on IP address in PtP link data field, we cannot just switch back to the iface id for unnumbered PtP links. The patch makes two changes: First, it goes back to use out-of-band (position) info for distinguishing local interfaces in SPF when graceful restart is not enabled, while still uses LSAdb-only approach for SPF calculation when graceful restart is enabled. Second, it adds OSPF interface option 'ptp address', which controls whether IP address or iface id is used in data field. It is enabled by default except for unnumbered PtP links with enabled graceful restart. Thanks to Kenth Eriksson for the bugreport and Joakim Tjernlund for suggestions.
2020-05-19Nest: Allow key id 0Ondrej Zajicek (work)
There is nothing in RFCs specifying that id 0 is not allowed. Some implementations does not support it, while some other use key id 0 by default. We allow it but start with key id 1 by default. Thanks to Kenth Eriksson for the bugreport.
2020-05-19RIP: Triggered RIP (demand circuit) documentationOndrej Zajicek (work)
2020-05-18Nest: Implement BGP path mask loop operatorOndrej Zajicek (work)
Implement regex-like '+' operator in BGP path masks to match previous path mask item multiple times. This is useful as ASNs may appear multiple times in paths due to path prepending for traffic engineering purposes.
2020-05-02Filter: Remove quitbird commandOndrej Zajicek (work)
No need for this debug filter command and it can be abused from CLI.
2020-04-08Doc: Update prefix set commentOndrej Zajicek (work)
2020-01-28BFD: Option to specify which class of BFD sessions are acceptedOndrej Zajicek (work)
Allows to configure IPv4/IPv6-only or direct/multihop-only BFD protocol instances.
2019-12-16Doc: Fix documentation of BGP gateway optionOndrej Zajicek (work)
Thanks to Nico Schottelius for the bugreport.
2019-12-09Filter: Add support for src/dst accessors for Flowspec and SADROndrej Zajicek (work)
2019-11-10BGP: Add option to enforce first AS in AS_PATHOndrej Zajicek (work)
This is optional check described in RFC 4271. Although this can be also done by filters, it is widely implemented option in BGP implementations. Thanks to Eugene Bogomazov for the original patch.
2019-11-05Doc: Minor fixOndrej Zajicek (work)
2019-11-05Doc: Add documentation for BGP option 'allow as sets'Ondrej Zajicek (work)
2019-10-26BGP: RFC 8654 got releasedOndrej Zajicek (work)
2019-10-10Doc: Minor documentation fixesOndrej Zajicek (work)
Thanks to Christoph for the bugreport.
2019-10-09BGP: AIGP metric support (RFC 7311)Ondrej Zajicek (work)
2019-10-08Doc: Fix duplicated linesOndrej Zajicek
Thanks to elados93 for the patch.
2019-09-10Doc: Update BGP mask documentationOndrej Zajicek (work)
2019-08-14BGP: implement Adj-RIB-OutOndrej Zajicek (work)
The patch implements optional internal export table to a channel and hooks it to BGP so it can be used as Adj-RIB-Out. When enabled, all exported (post-filtered) routes are stored there. An export table can be examined using e.g. 'show route export table bgp1.ipv4'.
2019-08-12RAdv: Allow solicited RAs to be sent as unicastOndrej Zajicek (work)
Add option to send solicited router advertisements as unicast directly to soliciting nodes instead of as multicast to all-nodes group.
2019-07-31Change 'graceful down' command to 'graceful restart' and update docsOndrej Zajicek (work)
The command initiating planned graceful restart including bird shutdown should be called 'graceful restart' instead of 'graceful down', as the later should be reserved for graceful shutdown in style of RFC 8326.
2019-07-30Doc: Update documentation about VRFs and BFDOndrej Zajicek (work)
2019-07-09Doc: Fix typo in BGP dynamic names feature descriptionVincent Bernat
2019-06-30Doc: OSPF graceful restart optionsOndrej Zajicek (work)
2019-04-30Doc: Dynamic BGPOndrej Zajicek (work)
2019-04-24Small type in doc.Ondrej Filip
2019-04-03BGP: Promiscuous ASN modeOndrej Zajicek (work)
Allow to specify just 'internal' or 'external' for remote neighbor instead of specific ASN. In the second case that means BGP peers with any non-local ASNs are accepted.
2019-03-19Doc: Route attribute cleanupsOndrej Zajicek (work)