summaryrefslogtreecommitdiff
path: root/doc/bird.sgml
AgeCommit message (Collapse)Author
2022-07-24Merge branch 'master' into backportOndrej Zajicek
2022-07-12BGP: Minor improvements to BGP rolesOndrej Zajicek
Add support for bgp_otc in filters and warning for configuration inside confederations.
2022-07-11BGP: Implement BGP rolesEugene Bogomazov
Implement BGP roles as described in RFC 9234. It is a mechanism for route leak prevention and automatic route filtering based on common BGP topology relationships. It defines role capability (controlled by 'local role' option) and OTC route attribute, which is used for automatic route filtering and leak detection. Minor changes done by commiter.
2022-07-11Merge remote-tracking branch 'origin/master' into backportMaria Matejka
2022-07-10Merge version 2.0.10 into backportMaria Matejka
2022-06-27Filter: Implement for loopsOndrej Zajicek (work)
For loops allow to iterate over elements in compound data like BGP paths or community lists. The syntax is: for [ <type> ] <variable> in <expr> do <command-body>
2022-06-27Filter: Implement mixed declarations of local variablesOndrej Zajicek (work)
Allow variable declarations mixed with code, also in nested blocks with proper scoping, and with variable initializers. E.g: function fn(int a) { int b; int c = 10; if a > 20 then { b = 30; int d = c * 2; print a, b, c, d; } string s = "Hello"; }
2022-06-04Nest: Improve GC strategy for rtablesOndrej Zajicek
Use timer (configurable as 'gc period') to schedule routing table GC/pruning to ensure that prune is done on time but not too often. Randomize GC timers to avoid concentration of GC events from different tables in one loop cycle. Fix a bug that caused minimum inter-GC interval be 5 us instead of 5 s. Make default 'gc period' adaptive based on number of routing tables, from 10 s for small setups to 600 s for large ones. In marge multi-table RS setup, the patch improved time of flushing a downed peer from 20-30 min to <2 min and removed 40s latencies.
2022-05-30Merge remote-tracking branch 'origin/master' into haugesund-to-2.0Maria Matejka
2022-05-30Merge commit '692055e3df6cc9f0d428d3b0dd8cdd8e825eb6f4' into haugesund-to-2.0Maria Matejka
2022-04-22Doc: fix mating -> matching in flowspec sectionVincent Bernat
2022-04-07BFD: Add 'strict bind' optionOndrej Zajicek (work)
Add BFD protocol option 'strict bind' to use separate listening socket for each BFD interface bound to its address instead of using shared listening sockets.
2022-03-09Merge commit 'e42eedb9' into haugesundMaria Matejka
2022-02-20Small changes related to the new releaseOndrej Filip
2022-02-06Merge branch 'oz-trie-table'Ondrej Zajicek (work)
2022-02-06Doc: Describe routing table optionsOndrej Zajicek (work)
2022-02-06BGP: Implement flowspec validation procedureOndrej Zajicek (work)
Implement flowspec validation procedure as described in RFC 8955 sec. 6 and RFC 9117. The Validation procedure enforces that only routers in the forwarding path for a network can originate flowspec rules for that network. The patch adds new mechanism for tracking inter-table dependencies, which is necessary as the flowspec validation depends on IP routes, and flowspec rules must be revalidated when best IP routes change. The validation procedure is disabled by default and requires that relevant IP table uses trie, as it uses interval queries for subnets.
2022-01-17Netlink: Add option to specify netlink socket receive buffer sizeOndrej Zajicek (work)
Add option 'netlink rx buffer' to specify netlink socket receive buffer size. Uses SO_RCVBUFFORCE, so it can override rmem_max limit. Thanks to Trisha Biswas and Michal for the original patches.
2022-01-09BGP: Add option 'free bind'Ondrej Zajicek (work)
The BGP 'free bind' option applies the IP_FREEBIND/IPV6_FREEBIND socket option for the BGP listening socket. Thanks to Alexander Zubkov for the idea.
2021-12-28Doc: Document min/max operators for listsAlexander Zubkov
2021-12-28Doc: Document community components access operatorsAlexander Zubkov
2021-12-18Doc: bgp: remove "advertise ipv4"Simon Ruderich
The option was removed in d15b0b0a ("BGP redesign", 2016-12-07) but the documentation wasn't updated.
2021-10-13Dropping the RTS_DUMMY temporary route storage.Maria Matejka
Kernel route sync is done by other ways now and this code is not used currently.
2021-10-13Multipage allocationMaria Matejka
We can also quite simply allocate bigger blocks. Anyway, we need these blocks to be aligned to their size which needs one mmap() two times bigger and then two munmap()s returning the unaligned parts. The user can specify -B <N> on startup when <N> is the exponent of 2, setting the block size to 2^N. On most systems, N is 12, anyway if you know that your configuration is going to eat gigabytes of RAM, you are almost forced to raise your block size as you may easily get into memory fragmentation issues or you have to raise your maximum mapping count, e.g. "sysctl vm.max_map_count=(number)".
2021-06-09Nest: Allow both 'password' and 'key' keywords for authentication keysOndrej Zajicek (work)
2021-06-06Babel: Add MAC authentication support - updateOndrej Zajicek (work)
Some cleanups and bugfixes to the previous patch, including: - Fix rate limiting in index mismatch check - Fix missing BABEL_AUTH_INDEX_LEN in auth_tx_overhead computation - Fix missing auth_tx_overhead recalculation during reconfiguration - Fix pseudoheader construction in babel_auth_sign() (sport vs fport) - Fix typecasts for ptrdiffs in log messages - Make auth log messages similar to corresponding RIP/OSPF ones - Change auth log messages for events that happen during regular operation to debug messages - Switch meaning of babel_auth_check*() functions for consistency with corresponding RIP/OSPF ones - Remove requirement for min/max key length, only those required by given MAC code are enforced
2021-06-06Babel: Add MAC authentication supportToke Høiland-Jørgensen
This implements support for MAC authentication in the Babel protocol, as specified by RFC 8967. The implementation seeks to follow the RFC as close as possible, with the only deliberate deviation being the addition of support for all the HMAC algorithms already supported by Bird, as well as the Blake2b variant of the Blake algorithm. For description of applicability, assumptions and security properties, see RFC 8967 sections 1.1 and 1.2.
2021-06-06Nest: Allow specifying security keys as hex bytes as well as stringsToke Høiland-Jørgensen
Add support for specifying a password in hexadecimal format, The result is the same whether a password is specified as a quoted string or a hex-encoded byte string, this just makes it more convenient to input high-entropy byte strings as MAC keys.
2021-06-06Lib: Add Blake2s and Blake2b hash functionsToke Høiland-Jørgensen
The Babel MAC authentication RFC recommends implementing Blake2s as one of the supported algorithms. In order to achieve do this, add the blake2b and blake2s hash functions for MAC authentication. The hashing function implementations are the reference implementations from blake2.net. The Blake2 algorithms allow specifying an arbitrary output size, and the Babel MAC spec says to implement Blake2s with 128-bit output. To satisfy this, we add two different variants of each of the algorithms, one using the default size (256 bits for Blake2s, 512 bits for Blake2b), and one using half the default output size. Update to BIRD coding style done by committer.
2021-05-18Flowspec: Documentation updateOndrej Zajicek (work)
2021-05-18Flowspec: Do not use comma for bitmask operatorsOndrej Zajicek (work)
For numeric operators, comma is used for disjunction in expressions like "10, 20, 30..40". But for bitmask operators, comma is used for conjunction in a way that does not really make much sense. Use always explicit logical operators (&& and ||) to connect bitmask operators. Thanks to Matt Corallo for the bugreport.
2021-05-17Filter: Add MPLS label route attributeTrisha Biswas
Add support to set or read outgoing MPLS labels using filters. Currently this supports the addition of one label per route for the first next hop. Minor changes by committer.
2021-04-03Doc: Fix flowspec exampleOndrej Zajicek (work)
Thanks to Matt Corallo for the bugreport.
2021-03-15Doc: Document automatic RPKI reloadOndrej Zajicek (work)
2021-03-15Doc: Document channel debug optionsOndrej Zajicek (work)
2021-02-10BGP: Add support for BGP hostname capabilityVincent Bernat
This is an implementation of draft-walton-bgp-hostname-capability-02. It is implemented since quite some time for FRR and in datacenter, this gives a nice output to avoid using IP addresses. It is disabled by default. The hostname is retrieved from uname(2) and can be overriden with "hostname" option. The domain name is never set nor displayed. Minor changes by committer.
2021-01-07Doc: Describe per-nexthop static route optionsOndrej Zajicek (work)
Also remove description of (no longer supported) per-route 'bfd' option, and add examples of IPv6 routes with link-local nexthops.
2021-01-06BGP: Deprecate 'missing lladdr' optionOndrej Zajicek (work)
The option is not implemented since transition to 2.0 and no plan to add it. Also remove some deprecated RTS_* valus from documentation. Thanks to Sébastien Parisot for notification.
2020-12-02Filter: Add 'weight' route attributeOndrej Zajicek (work)
Add 'weight' route attribute that allows to get and set ECMP weight of nexthops. Similar to 'gw' attribute, it is limited to the first nexthop, but it is useful for handling BGP multipath, where an ECMP route is merged from multiple regular routes.
2020-11-19Static: Support for multiple routes with the same networkOndrej Zajicek (work)
Add support for proper handling of multiple routes with the same network to the static protocol. Routes are distinguished by internal index, which is assigned automatically (sequentially for routes within each network). Having different route preference or igp_metric attribute is optional.
2020-11-18Doc: Added example of static routes with BGP large communitiesNigel Kukard
2020-11-12BFD: Update documentation about per-session optionsOndrej Zajicek (work)
2020-10-11RPKI: Add 'ignore max length' optionOndrej Zajicek (work)
Add 'ignore max length' option to RPKI protocol, which ignores received max length in ROA records and instead uses max value (32 or 128). This may be useful for implementing loose RPKI check for blackholes.
2020-10-05Doc: Fix missing semicolonsOndrej Zajicek (work)
Thanks to Marco Gartmann for the bugreport.
2020-10-05Doc: Fix typoOndrej Zajicek (work)
Thanks to Sergey Kulikov for the bugreport.
2020-06-03Doc: Add 'ptp address' to OSPF doc overviewKenth Eriksson
2020-05-26OSPF: Fix handling of unnumbered PtPsOndrej Zajicek (work)
This issue has a long history. In 2012, we changed data field for unnumbered PtP links from iface id (specified by RFC) to IP address based on reports of bugs in Quagga that required it, and we used out-of-band information to distinquish unnumberred PtPs with the same local IP address. Then with OSPF graceful restart implementation, we found that we can no longer use out-of-band information, and we need to use only LSAdb info for routing table calculation, but i forgot to finish handling of this case, so multiple unnumbered PtPs with the same local IP addresses were broken. Considering that even recent Mikrotik RouterOS has broken next hop calculation that depends on IP address in PtP link data field, we cannot just switch back to the iface id for unnumbered PtP links. The patch makes two changes: First, it goes back to use out-of-band (position) info for distinguishing local interfaces in SPF when graceful restart is not enabled, while still uses LSAdb-only approach for SPF calculation when graceful restart is enabled. Second, it adds OSPF interface option 'ptp address', which controls whether IP address or iface id is used in data field. It is enabled by default except for unnumbered PtP links with enabled graceful restart. Thanks to Kenth Eriksson for the bugreport and Joakim Tjernlund for suggestions.
2020-05-19Nest: Allow key id 0Ondrej Zajicek (work)
There is nothing in RFCs specifying that id 0 is not allowed. Some implementations does not support it, while some other use key id 0 by default. We allow it but start with key id 1 by default. Thanks to Kenth Eriksson for the bugreport.
2020-05-19RIP: Triggered RIP (demand circuit) documentationOndrej Zajicek (work)
2020-05-18Nest: Implement BGP path mask loop operatorOndrej Zajicek (work)
Implement regex-like '+' operator in BGP path masks to match previous path mask item multiple times. This is useful as ASNs may appear multiple times in paths due to path prepending for traffic engineering purposes.