 |  |
B.8. Protocol Statements
Protocol statements enable or disable protocols and set protocol options. The protocol statements occur after the definition statements and before the static statements. There are many protocol statements, and more may be added at any time. There are statements for the various interior and exterior routing protocols and for other things that are not really routing protocols.
In this section we begin with the interior protocols, move on to the exterior protocols, and finish with the special "protocols."
B.8.1. The ospf Statement
ospf yes | no | on | off [{
defaults {
preference preference ;
cost cost ;
tag [as] tag ;
type 1 | 2 ;
inherit-metric; } ;
exportlimit routes ;
exportinterval time ;
traceoptions trace_options ;
syslog [first count] [every count];
monitorauthkey key ;
backbone | area number {
authtype 0 | 1 | none | simple ;
stub [cost cost] ;
networks {
address [mask mask | masklen number] [restrict] ;
host address [restrict] ; } ;
stubhosts {
address cost cost ; } ;
interface interface_list [nonbroadcast] [cost cost] {
pollinterval time ;
routers {
address [eligible] ; } ;
interface_parameters } ;
virtuallink neighborid router_id transitarea area {
interface_parameters } ;
} ; } ] ;The ospf statement enables or disables the Open Shortest Path First (OSPF) routing protocol. By default, OSPF is disabled. It is enabled by specifying yes or on (it doesn't matter which you use) and it is disabled with no or off.
WARNING: For the sake of brevity, this text explains only the first occurrence of any gated.conf parameter if it is used the same way in subsequent commands. Only differences between commands are explained. For example, yes | no | on | off is not explained again because it is always used in the same way to enable or disable a protocol.
The ospf statement has many configuration parameters:
- defaults
-
Defines the defaults used when importing OSPF routes from an external autonomous system and announcing those routes to other OSPF routers. The link-state advertisement (LSA) used to announce these routes is called an ASE (autonomous system external) because it contains routes from external autonomous systems. See the description of OSPF in Chapter 7, "Configuring Routing ".
- preference preference
-
Defines the preference of OSPF ASE routes. The default is 150.
- cost cost
-
Defines the cost used when advertising a non-OSPF route in an ASE. The default is 1.
- tag [as] tag
-
Defines the OSPF ASE tag value. The tag is not used by the OSPF protocol but may be used by an export policy to filter routes. (See the export statement later in this appendix.) When the as keyword is specified, the tag field may contain AS path information.
- type 1 | 2
-
Defines the type of ASE used. The default is type 1. Type 1 contains routes learned from an external protocol that provides a metric directly comparable to the OSPF metric. The metric is added to the cost of reaching the border router when routes are advertised. A type 2 ASE contains routes learned from an exterior gateway protocol that does not provide a routing metric comparable to the OSPF metric. These routes are advertised with the cost of reaching the border router. See Chapter 7, "Configuring Routing ".
- inherit-metric
-
Directs gated to use the external metric for ASE routes if no metric is defined in the export statement.
- exportlimit routes
-
Defines the maximum number of ASE LSAs that will be flooded at one time. The default is 100.
- exportinterval time
-
Defines how frequently ASE link-state advertisements are flooded to the network. The default is once per second.
- traceoptions trace_options
-
Defines the tracing used to debug OSPF. In addition to the standard trace flags, OSPF supports:
- lsabuild
-
Traces construction of link-state advertisements (LSAs).
- spf
-
Traces the Shortest Path First (SPF) calculations.
- hello
-
Traces the OSPF HELLO packets.
- dd
-
Traces the OSPF Database Description packets.
- request
-
Traces the OSPF Link-State Request packets.
- lsu
-
Traces the OSPF Link-State Update packets.
- ack
-
Traces the OSPF Link-State Ack packets.
- syslog [first number] [every count]
-
Defines packet capture parameters. first specifies the number of packets captured for each type of OSPF packet. every specifies how often packets are captured after the initial group is captured. For example, if count is set to 50, every fiftieth packet of each type is captured.
- monitorauthkey password
-
Defines the password used for ospf_monitor queries. By default these queries are not authenticated. If monitorauthkey is specified, incoming queries must contain the specified password.
- backbone | area number
-
Defines the OSPF area of which this router is a member. Every router must belong to an area. If more than one area is configured, at least one must be the backbone. The backbone is defined using the backbone keyword. All other areas are defined by the area keyword and the number of the area, e.g., area 1. See Chapter 7, "Configuring Routing " for a discussion of OSPF areas. Several configuration parameters are associated with each area:
- stub [cost cost]
-
Specifies that this is a stub area. A stub area is one in which there are no ASE routes. If a cost is specified, it is used to advertise a default route into the stub area.
- networks
-
Defines the range of networks contained within this area. The specified ranges are advertised into other areas as summary network LSAs and not as inter-area routes. If restrict is specified, the summary network LSAs are not advertised. The entries in the networks list are either specified as a host address by using the host keyword before the address, or as a network address by simply specifying the address. An address mask can be defined for a network address. The mask can be defined in dotted decimal notation using the mask keyword or as a numeric prefix length using the masklen keyword. The address masks mask 255.255.0.0 and masklen 16 are equivalent. If no address mask is specified, the natural mask is used. This option can reduce the amount of routing information propagated between areas.
- stubhosts
-
Lists the directly attached hosts, and their costs, that should be advertised as reachable from this router. List point-to-point interfaces here.
- interface interface_list [nobroadcast] [cost cost]
-
Defines the interfaces used by OSPF. If the keyword nobroadcast is specified, the interface connects to a nonbroadcast multiple access (NBMA) network. If nobroadcast is not used, the interface connects to a broadcast or a point-to-point network. Specify the cost of the interface with the cost keyword, e.g., cost 5. The default cost is 1. Two options are specific to NBMA interfaces:
- pollinterval time
-
Defines the time interval at which OSPF HELLO packets are sent to neighbors.
- routers
-
Lists all neighbors by address. The eligible keyword indicates if the neighbor can become a designated router.
All interfaces -- NBMA and broadcast -- can use these parameters:
- enable | disable ;
-
Enables or disables the interface.
- retransmitinterval time ;
-
Defines the number of seconds between link-state advertisement retransmissions.
- transitdelay time ;
-
Defines the estimated number of seconds required to transmit a link-state update over this interface. It must be greater than 0.
- priority priority ;
-
Defines this system's priority for the designated router election. priority is a number from 0 to 255. The router with the highest priority becomes the designated router. A router whose priority is 0 is ineligible to become the designated router. See Chapter 7, "Configuring Routing " for a discussion of designated routers.
- hellointerval time ;
-
Defines the number of seconds between transmissions of HELLO packets.
- routerdeadinterval time ;
-
Defines the timeout before a neighbor is declared down. time is the maximum number of seconds this router will wait for a neighbor's HELLO packet.
- auth [ none | simple password | md5 key ] ;
-
Defines the type of authentication used to authenticate OSPF packets. none selects no authentication. simple selects password authentication. The password is specified as one to eight decimal digits separated by periods, a one- to eight-byte hexadecimal string preceded by 0x, or a one- to eight-character string in double quotes. md5 selects MD5 authentication. key is a valid MD5 cryptographic key.
- virtuallink neighborid router_id transitarea area
-
Defines a virtual link for the backbone area. The router_id is the router identifier of the remote router at the other end of the virtual link. The transit area must be one of the other areas configured on this system. All standard interface parameters defined above may be specified on a virtual link.
B.8.2. The rip Statement
rip yes | no | on | off [ {
broadcast ;
nobroadcast ;
nocheckzero ;
preference preference ;
defaultmetric metric ;
query authentication [none | [simple | md5 password]] ;
interface interface_list
[noripin] | [ripin]
[noripout] | [ripout]
[metricin metric]
[metricout metric]
[version 1 | 2 [multicast | broadcast]]
[[secondary] authentication [none | [simple | md5 password]] ;
trustedgateways gateway_list ;
sourcegateways gateway_list ;
traceoptions trace_options ; } ] ;The rip statement enables or disables RIP. By default RIP is enabled. The rip statement options are:
- broadcast
-
Forces gated to broadcast RIP update packets even if the system has only one network interface. By default, RIP updates are not broadcast if the system has only one network interface and are broadcast if it has more than one network interface; i.e., hosts do not broadcast updates and routers do.
- nobroadcast
-
Forces gated to not broadcast RIP update packets even if the system has more than one network interface. If a sourcegateways clause is present, routes are still unicast directly to that gateway. See sourcegateways later in this section.
- notcheckzero
-
Specifies that gated should not reject incoming version 1 RIP packets where the reserved fields are 0. Rejecting those packets is standard practice.
- preference preference ;
-
Sets the gated preference for routes learned from RIP. The default preference for these routes is 100.
- defaultmetric metric ;
-
Defines the metric used when advertising routes via RIP that were learned from other protocols. The default metric is 16, which to RIP indicates an unusable route. This means that by default, routes learned from other protocols are not advertised as valid routes by RIP. Set a lower value only if you want all routes learned from other protocols advertised at that metric.
- query authentication [none | [simple | md5 key]] ;
-
Specifies the authentication used for nonrouter query packets. The default is none. If simple is specified, the key is a 16-byte password. If md5 is specified, the key is a 16-byte value used with the packet contents to generate a Message Digest 5 cryptographic checksum.
- interface interface_list
-
Identifies the interfaces over which RIP runs and defines the configuration parameters of those interfaces. The interface_list can contain interface names, hostnames, IP addresses, or the keyword all. Possible parameters are:
- noripin
-
Tells system to ignore RIP packets received on this interface. The default is to listen to RIP packets on all nonloopback interfaces.
- ripin
-
Tells system to listen to RIP packets received on this interface. This is the default.
- noripout
-
Tells system not to send RIP packets out this interface. The default is to send RIP on all broadcast and nonbroadcast interfaces when in broadcast mode. See the nobroadcast option defined earlier in this list.
- ripout
-
Tells system to send RIP packets out this interface. This is the default.
- metricin metric
-
Specifies the RIP metric used for routes received on this interface. The default is the kernel interface metric plus 1, which is the default RIP hop count. If this metric is specified, it is used as the absolute value and is not added to the kernel metric.
- metricout
-
Specifies the RIP metric added to routes sent out this interface. The default is 0. This option can only increase the metric.
- version 1 | 2 [multicast | broadcast]
-
Identifies the version of RIP used for updates sent out this interface. Available versions are RIP 1 and RIP 2. RIP 1 is the default. If RIP 2 is specified and IP multicast is supported, full version 2 packets are sent via multicast. If multicast is not available, version 1-compatible version 2 packets are sent via broadcast. The keyword multicast, the default, specifies this behavior. The keyword broadcast specifies that RIP version 1-compatible version 2 packets should be broadcast on this interface, even if IP multicast is available. Neither keyword is used with version 1.
- [secondary] authentication [none | simple | md5 key]
-
Defines the RIP version 2 authentication used on this interface. The default authentication type is none. If simple is specified, the key is a 16-byte password. If md5 is specified, the key is a 16-byte value used with the packet contents to generate a Message Digest 5 cryptographic checksum. If secondary is specified, this defines the secondary authentication type. Packets are always sent using the primary authentication technique. The secondary authentication type is defined only for incoming packets. Inbound packets are checked against both the primary and secondary authentication methods before being discarded as invalid.
- trustedgateways gateway_list ;
-
Defines the list of gateways from which RIP accepts updates. The gateway_list is simply a list of hostnames or IP addresses. By default, all gateways on the shared network are trusted to supply routing information. But if the trustedgateways statement is used, only updates from the gateways in the list are accepted.
- sourcegateways gateway_list ;
-
Defines a list of gateways to which RIP sends packets directly. By default, RIP packets are broadcast or multicast to several systems on the shared network, but if this statement is used, RIP unicasts packets directly to the listed gateways.
- traceoptions trace_options
-
Defines tracing for RIP. RIP supports most of the standard tracing options as well as these packet-tracing options:
- packets
-
Traces all RIP packets.
- request
-
Traces the RIP information request packets, such as REQUEST, POLL, and POLLENTRY.
- response
-
Traces all RIP RESPONSE packets.
- other
-
Traces any other type of RIP packet.
B.8.3. The isis Statement
isis on | off {
[ area areaid ; ]
[ area auth simple key ; ]
[ domain auth simple key ; ]
[ domain-wide on | off ; ]
[ export-defaults ; ]
[ export-defaults level 1 | 2 ; ]
[ export-defaults metric metric | inherit ; ]
[ export-defaults metric-type internal | external ; ]
[ external preference preference ; ]
[ level 1 | 2 | 1 and 2 ; ]
[ interface name | address [ {
[ enable | disable ; ]
[ auth simple key ; ]
[ csn-interval interval [ level 1 | 2 | 1 and 2 ] ; ]
[ dis-hello-interval interval [ level 1 | 2 | 1 and 2 ] ; ]
[ encap [ iso | ip ] ; ]
[ hello-interval interval [ level 1 | 2 | 1 and 2 ] ; ]
[ hello-multiplier number [ level 1 | 2 | 1 and 2 ] ; ]
[ lsp-interval interval ; ]
[ level 1 | 2 | 1 and 2 ; ]
[ max-burst number ; ]
[ metric metric [ level 1 | 2 | 1 and 2 ] ; ]
[ passive on | off ; ]
[ priority priority [ level 1 | 2 | 1 and 2 ] ; ]
[ retransmit-interval interval ; ]
} ] ; ]
[ overload-bit on | off ; ]
[ preference preference ; ]
[ psn-interval intervalt ; ]
[ require-snp-auth on | off ; ]
[ ribs unicast | unicast multicast ; ]
[ spf-interval interval ; ]
[ inet6 on | off ; ]
[ summary-originate [ inet | inet6 ] {
[network (mask mask | masklen n ) metric cost-value ; ]
} ; ]
[ summary-filter [ inet | inet6 ] {
[network mask mask | masklen number ; ]
} ; ]
[ systemid systemid ; ]
[ traceoptions traceoptions ; ]
[ config-time seconds ; ]
[ es-config-time seconds ; ]
[ hold-time seconds ; ]
}; The isis statement enables the IS-IS protocol. By default, it is disabled. The options that may appear in the isis statement are:
- area areaid
-
Adds area addresses to those configured automatically from the circuits. IS-IS area addresses are automatically configured based on the real circuits over which IS-IS runs. Up to three areas can be added using area statements.
- area auth simple key
-
Enables authentication for level 1 routing and selects the key. The format for key is one to eight decimal digits separated by periods, a one- to eight-byte hexadecimal string preceded by 0x, or a one- to eight-character string in double quotes. The same key format is used throughout the isis statement.
- domain auth simple key
-
Enables authentication and selects the key for level 2 routing.
- export-defaults level 1 | 2
-
Sets the protocol level used for exported routes. By default, a level 1 router exports at level 1, and a level 2 router supports both level 1 and 2.
- export-defaults metric metric | inherit
-
Defines the default metric used on routes exported as IS-IS from another protocol. The default is to use the metric already contained in the route, which is indicated by the inherit keyword.
- export-defaults metric-type internal | external
-
Defines the type of the metric used on routes exported as IS-IS from another protocol. The default is internal.
- external preference preference
-
Defines the preference of external routes learned from IS-IS. The default preference is 151.
- level 1 | 2 | 1 and 2
-
Sets the protocol level for this intermediate system. A level 1 system is an intra-area router. A level 1 system cannot have any level 2 interfaces. A level 2 system is an inter-area router, and it cannot have any level 1 interfaces. A level 1 and 2 system may have level 1, level 2, and level 1 and 2 interfaces. Additionally, individual options relating to protocol settings can be specified as level 1, level 2 or level 1 and 2 depending on the specific level for which the option is being set when the system supports level 1 and 2. The default is level 1 and 2.
- interface name | address
-
Identifies the interfaces on which to run IS-IS. The default is all. The following options can be set for each interface:
- enable | disable
-
enable or disable the interface. The default is enable.
- auth simple key
-
Enables authentication and selects the authentication key for this interface.
- csn-interval interval [ level 1 | 2 | 1 and 2 ]
-
Sets the interval at which this system will multicast CSN packets if it is elected the Designated Intermediate System (DIS). The interval can be from 1 to 100 seconds.
- dis-hello-interval interval [level 1 | 2 | 1 and 2]
-
Sets the interval at which this system will send hello messages if it is elected the DIS. The interval can be from 1 to 100 seconds.
- encap [ ip | iso ]
-
Selects the type of encapsulation used. The default is ip.
- hello-interval interval [ level 1 | 2 | 1 and 2 ]
-
Defines the interval at which hello packets are sent on the interface. interval can be from 1 to 300 seconds.
- hello-multiplier number [ level 1 | 2 | 1 and 2 ]
-
Defines the number of hello packets that must be missed before a neighbor is considered "down." Thus if number is set to 3 and no hello packets are received from a neighbor in the amount of time in which three hello packets are normally received, the neighbor is considered down. number can be from 1 to 100.
- lsp-interval interval
-
Defines the interval at which LSP packets are sent on the interface.
- level 1 | 2 | 1 and 2 ;
-
Defines the protocol level used on this interface.
- max-burst number
-
Defines the maximum number of packets that can be sent in a burst.
- metric metric [ level 1 | 2 | 1 and 2 ]
-
Defines the cost associated with this interface.
- passive on | off
-
Indicates whether this interface should be treated as an active or passive interface.
- priority priority [ level 1 | 2 | 1 and 2 ]
-
Sets the priority number used for the DIS election. priority is a value from 1 to 127.
- retransmit-interval interval
-
Defines the interval at which packets are retransmitted on the interface.
- overload-bit on | off
-
Enables or disables use of the overload bit.
- preference preference
-
Sets the gated preference for IS-IS routes. The default is 11.
- psn-interval interval
-
Defines how often PSN packets are sent by this system. interval can be 1 to 20 seconds.
- ribs unicast | unicast multicast
-
Defines the routing information base format used for IS-IS routes. The default is unicast.
- spf-interval interval
-
Defines the amount of time to wait for more changes to occur before recalculating the routing table. interval can be from 1 to 60 seconds.
- inet6 on | off
-
Enables support for IPv6 routing.
- summary-originate
-
Defines how level 1 routes are summarized in this system's routing information base for level 2 routing. summary-originate is used only if this system is a level 2 router. network identifies the level 1 address received, and the network mask, defined as either a mask or a numeric mask length, aggregates the routes.
- summary-filter
-
Defines how level 1 routes are summarized when this system advertises them through level 2 routing. summary-filter is used only if this system is a level 2 router.
- systemid systemid
-
Defines the IS-IS system ID. If no system identifier is specified, the system ID portion of the first circuit's NSAP address is used.
- traceoptions traceoptions
-
Defines the trace options used for IS-IS. The default is none.
B.8.4. The bgp Statement
bgp yes | no | on | off [{
preference preference ;
defaultmetric metric ;
traceoptions trace_options ;
group type external peeras as_number
| internal peeras as_number
| igp peeras as_number proto proto
| routing peeras as_number proto proto interface interface_list
| test peeras as_number {
allow {
address mask mask | masklen number
all
host address } ;
peer address
[metricout metric]
[localas as_number]
[nogendefault]
[gateway address]
[preference preference]
[preference2 preference]
[lcladdr address]
[holdtime time]
[version number]
[passive]
[sendbuffer number]
[recvbuffer number]
[indelay time]
[outdelay time]
[keep all | none]
[showwarnings]
[noaggregatorid]
[keepalivesalways]
[v3asloopokay]
[nov4asloop]
[logupdown]
[ttl ttl]
[traceoptions trace_options] ; }
; }] ;This statement enables or disables BGP. By default, BGP is disabled. The default preference is 170. By default, BGP does not advertise a metric. Unlike the RIP metric, the BGP metric does not play a primary role in determining the best route. The BGP metric is simply an arbitrary 16-bit value that can be used as one criterion for choosing a route. The defaultmetric statement can be used to define a metric that BGP will use when advertising routes.
Trace options can be specified for all of BGP or for individual BGP peers. BGP supports most of the standard trace options as well as the following:
- packets
-
Traces all BGP packets. Traces BGP OPEN packets. Traces BGP UPDATE packets. Traces BGP KEEPALIVE packets.
BGP peers must be members of a group. The group statement declares the group, defines which peers are members of the group, and defines the group "type." Multiple group statements may be specified, but each must have a unique combination of type and autonomous system number. There are five possible group types:
- group type external peeras as_number
-
Specifies that BGP will run as a classic exterior gateway protocol. The peers listed in this group are members of an external autonomous system. Full policy checking is applied to all incoming and outgoing routes.
- group type internal peeras as_number
-
Specifies that BGP will be used to distribute routes to an internal group that has no traditional interior gateway protocol. Routes received from external BGP peers are re-advertised to this group with the received metric.
- group type igp peeras as_number proto proto
-
Specifies that BGP will be used to distribute path attributes to an internal group that runs an interior gateway protocol. BGP advertises the AS path, path origin, and transitive optional attributes if the path attributes are provided by the IGP's tag mechanism. proto is the name of the interior gateway protocol, e.g., proto ospf.
- group type routing peeras as_number proto proto interface interface_list
-
Specifies that BGP will be used internally to carry external routes, while an interior gateway protocol is used to carry only internal routes. Normally the routes learned by BGP from external autonomous systems are written in the routing table where they are picked up and distributed by an interior protocol to the local autonomous system. For this type of group, BGP distributes the external routes itself, and the interior protocol is limited to distributing only those routes that are interior to the local autonomous system. proto is the name of the interior protocol.
- group type test peeras as_number
-
Specifies that the members of this group are test peers. All routing information exchanged by test peers is discarded.
A group clause contains peer subclauses. Any number of peer subclauses may belong to a group. Peers are specified explicitly with a peer statement, or implicitly with the allow statement.
- allow
-
Any peer whose address is contained in the specified address range is a member of the group. The keyword all matches all possible addresses. The keyword host precedes an individual host address. The address and mask pairs define a range of addresses. Network masks can be defined with the keyword mask and an address mask written in dotted decimal notation, or with the keyword masklen and the prefix length written as a decimal number. All parameters for these peers must be defined in the group clause.
- peer address
-
The peer identified by address is a member of the group.
The BGP peer subclause allows the following parameters, which can also be specified on the group clause. If placed on the group clause, the parameters affect all peers in the group. The available options are:
- metricout metric
-
Defines the primary metric for routes sent to the peer. This overrides the default metric, a metric specified on the group, and any metric specified by export policy.
- localas as_number
-
Defines the local system's autonomous system number (asn). The default is to use the asn defined in the autonomoussystem statement.
- nogendefault
-
Prevents gated from generating a default route when BGP peers with this neighbor, even if gendefault is set in the options directive statement.
- gateway address
-
Identifies the next-hop gateway through which packets for this peer are routed. Use this only if the neighbor does not share a network with the local system. This option is rarely needed.
- preference preference
-
Defines the preference used for routes learned from this peer, which permits gated to prefer routes from one peer, or group of peers, over another.
- preference2 preference
-
Defines the "second" preference. In the case of a preference tie, the second preference is used to break the tie. The default value is 0.
- lcladdr address
-
Defines the address of the local interface used to communicate with this neighbor.
- holdtime time
-
Defines the number of seconds the peer should wait for a keepalive, update, or notification message before closing the connection. The value is sent to the peer in the Hold Time field of the BGP Open message. The value must be either 0 (no keepalives will be sent) or at least 3.
- version version
-
Identifies the version of the BGP protocol to use with this peer. By default, the version is negotiated when the connection is opened. Currently supported versions are 2, 3, and 4.
- passive
-
Specifies that gated should wait for the peer to issue an OPEN. By default, gated periodically sends OPEN messages until the peer responds.
- sendbufferbuffer_size
- recvbuffer buffer_size
-
Defines the size of the send and receive buffers. The default is 65535 bytes, which is the maximum. These parameters are not used on normally functioning systems.
- indelay time
- outdelay time
-
Implements "route dampening." indelay defines the number of seconds a route must be stable before it is accepted. outdelay is the number of seconds a route must be present in the gated routing database before it is exported to this peer. The default value for each is 0, meaning that these features are disabled. Use this only if the routing table is fluctuating so rapidly it is unstable.
- keep all
-
Tells the system to retain routes learned from this peer even if the routes' AS paths contain our local AS number. Normally, routes that contain the local AS number are discarded as potential routing loops.
- showwarnings
-
Tells the system to issue warning messages for events, such as duplicate routes, that are normally "silently ignored."
- noaggregatorid
-
Sets the routerid in the aggregator attribute to 0. By default, it is set to the router identifier. Use this to prevent this router from creating aggregate routes with AS paths that differ from other routers in the AS.
- keepalivesalways
-
Instructs the system to send a keepalive even when an update could have correctly substituted for one. Used for interoperability with some routers.
- v3asloopokay
-
Allows advertisement of a route with a loop in the AS path (i.e., with an AS appearing more than once in the path) to version 3 external peers.
- nov4asloop
-
Prevents a route with a loop in the AS path from being advertised to version 4 external peers. Used to avoid passing such routes to a peer that incorrectly forwards them to version 3 neighbors.
- logupdown
-
Logs every time a BGP peer enters or leaves the ESTABLISHED state.
- ttl ttl
-
Defines the IP ttl for local neighbors. By default it is set to 1. Use this option if the local neighbor discards packets sent with a ttl of 1. Not all Unix kernels allow the ttl to be specified for TCP connections.
The BGP trace options were covered previously.
B.8.5. The egp Statement
egp yes | no | on | off [{
preference preference ;
defaultmetric metric ;
packetsize maxpacketsize ;
traceoptions trace_options ;
group [peeras as_number] [localas as_number] [maxup number] {
neighbor address
[metricout metric]
[preference preference]
[preference2 preference]
[ttl ttl]
[nogendefault]
[importdefault]
[exportdefault]
[gateway address]
[lcladdr address]
[sourcenet network]
[minhello | p1 interval]
[minpoll | p2 interval]
[traceoptions trace_options] ; }
; }] ;This statement enables or disables EGP. By default, EGP is disabled. The default metric for announcing routes via EGP is 255, and the default preference for routes learned from EGP is 200.
The packetsize argument defines the size of the largest EGP packet that will be sent or accepted. maxpacketsize is the size in bytes. The default is 8192 bytes. If gated receives a packet larger than maxpacketsize, the packet is discarded, but maxpacketsize is increased to the size of the larger packet so that future packets won't have to be discarded.
The traceoptions statement defines the tracing for EGP. Tracing can be specified for the EGP protocol or for an individual EGP neighbor. The EGP trace options are:
- packets
-
Traces all EGP packets.
- hello
-
Traces EGP HELLO/I-HEARD-U packets.
- acquire
-
Traces EGP ACQUIRE/CEASE packets.
- update
-
Traces EGP POLL/UPDATE packets.
The egp statement has two clauses: the group clause and the neighbor clause. EGP neighbors must be part of a group, and all of the neighbors in a group must be members of the same autonomous system. Use the group clause to define parameters for a group of EGP neighbors. Values set in a group clause apply to all neighbor clauses in the group. There can be multiple group clauses. The following parameters are set by the group clause:
- peeras
-
Identifies the autonomous system number of the autonomous system to which the members of the group belong. If not specified, this number is learned from the neighbors.
- localas
-
Defines the local system's autonomous system number. The default is to use the asn defined in the autonomoussystem statement.
- maxup
-
Defines the number of EGP neighbors that gated is to acquire. The default is to acquire all listed neighbors.
The neighbor clause defines one EGP neighbor. The only part of the clause that is required is the address argument, which is the hostname or IP address of the neighbor. All other parameters are optional. All of these optional parameters can also be specified in the group clause if you want to apply the parameter to all neighbors. The neighbor clause parameters are:
- metricout metric
-
Used for all routes sent to this neighbor. This value overrides the defaultmetric value set in the egp statement, but only for this specific neighbor.
- preference preference
-
Defines the preference used for routes learned from this neighbor, which permits gated to prefer routes from one neighbor, or group of neighbors, over another.
- preference2 preference
-
Defines the "second" preference. In the case of a preference tie, the second preference is used to break the tie. The default value is 0.
- ttl ttl
-
Defines the IP ttl for local neighbors. By default, it is set to 1. Use this option if the local neighbor discards packets sent with a ttl of 1.
- nogendefault
-
Prevents gated from generating a default route when EGP peers with this neighbor, even if gendefault is set in the options directive statement.
- importdefault
-
Tells the system to accept the default route if it is included in this neighbor's EGP update. By default, it is ignored.
- exportdefault
-
Tells the system to send the default route in EGP updates to this EGP neighbor. Normally a default route is not included in an EGP update.
- gateway address
-
Identifies the next-hop gateway through which packets for this neighbor are routed. Use this only if the neighbor does not share a network with the local system. This option is rarely needed.
- lcladdr address
-
Defines the address of the local interface used to communicate with the neighbor.
- sourcenet network
-
Changes the network queried in EGP POLL packets. By default, this is the shared network. However, if the neighbor does not share a network with your system, the neighbor's network address should be specified here. This parameter is normally not needed. Do not use it if you share a network with the EGP neighbor.
- minhello | p1 time
-
Sets the interval between the transmission of EGP HELLO packets. The default HELLO interval is 30 seconds. If the neighbor fails to respond to three HELLO packets, the system stops trying to acquire the neighbor. Setting a larger interval gives the neighbor a better chance to respond. The interval can be defined as seconds, minutes:seconds, or hours:minutes:seconds. For example, a 3-minute interval could be specified as 180 (seconds), 3:00 (minutes), or 0:3:00 (no hours and 3 minutes). The keyword p1 can be used instead of the keyword minhello.
- minpoll | p2 time
-
Sets the time interval between sending polls to the neighbor. The default is 120 seconds. If three polls are sent without a response, the neighbor is declared "down" and all routes learned from that neighbor are removed from the routing table. If a neighbor becomes congested and can't respond to rapid polls, this can cause the routing table to become very unstable. A longer polling interval provides a more stable, but less responsive, routing table. This interval is also defined as seconds, minutes:seconds, or hours:minutes:seconds.
B.8.6. The smux Statement
smux yes | no | on | off [ {
port port ;
password string ;
traceoptions trace_options ; } ] ;This command replaces the snmp statement used in previous versions of gated. The smux command controls whether gated informs the SNMP management software of its status. SNMP is not a routing protocol and is not started by this command. You must run SNMP software independently. This statement only controls whether gated keeps the management software apprised of its status. The default is on, so gated does inform SNMP of its status.
The smux statement supports three options:
- port port
-
Changes the SNMP port used by gated. By default, the SNMP daemon listens to port 199.
- password string
-
Enables password authentication and defines the password used.
- traceoptions trace_options
-
Traces the interactions between gated and the SNMP daemon. Three options are supported: packets, send, and receive.
B.8.7. The redirect Statement
redirect yes | no | on | off [{
preference preference ;
interface interface_list [noredirects | redirects] ;
trustedgateways gateway_list ;
traceoptions trace_options ; } ] ;This statement controls whether ICMP redirects are allowed to modify the kernel routing table. It does not prevent a system from sending redirects, only from listening to them. If no or off is specified, gated attempts to remove the effects of ICMP redirects from the kernel routing table whenever the redirects are detected. Remember that ICMP is part of IP, and the redirects may be installed in the kernel table before they are seen by gated. If you disable redirects, gated actively removes the redirected routes from the routing table. By default, ICMP redirects are enabled on hosts that quietly listen to interior routing protocols, and disabled on gateways that actively participate in interior routing protocols.
The default preference of a route learned from a redirect is 30, which can be changed with the preference option. The interface statement controls how redirects are handled on an interface-by-interface basis. Redirects are ignored if noredirects is specified, and are permitted if redirects, which is the default, is specified. The trustedgateways statement enables redirects on a gateway-by-gateway basis. By default, redirects are accepted from all routers on the local network. If the trustedgateways statement is used, only redirects received from a gateway listed in the gateway_list are accepted. The gateway_list is simply a list of hostnames or addresses. The trace_options defined on the traceoptions statement are the standard gated trace options.
B.8.8. The icmp Statement
icmp {
traceoptions trace_options ; }On some systems, gated listens to all ICMP messages but only processes the ICMP redirect packets. That processing is controlled by the redirect statement. In the future, more functionality may be added. At present the icmp statement is used only to enable tracing of ICMP messages. The tracing options supported by the icmp statement are:
B.8.9. The routerdiscovery Statement
The Router Discovery Protocol informs hosts of the routers that are available on the network. It provides an alternative to static routes, routing protocols, and ICMP redirects for hosts that simply need to know the address of their default router. The Router Discovery Protocol is implemented as a server running on the router and a client running on the host. Both the server (router) software and the client (host) software are provided by gated.
First let's look at the server configuration statement:
routerdiscovery server yes | no | on | off [{
traceoptions trace_options ;
interface interface_list
[minadvinterval time]
[maxadvinterval time]
[lifetime time] ;
address interface_list
[advertise | ignore]
[broadcast | multicast]
[ineligible | preference preference] ;
} ] ;The routerdiscovery statement for both the client and server supports tracing. The state trace flag can be used to trace finite state machine transitions. Router discovery packet tracing, however, is not done here. It is enabled via the ICMP statement.
The interface clause defines the physical interfaces and the parameters that apply to them. Only physical interfaces can be defined in the interface clause. Addresses are specified in the address clauses shown below. The interface parameters are:
- maxadvinterval time
-
Defines the maximum time interval between sending router advertisements. It must be more than 4 seconds and less than 30:00 minutes. The default is 10:00 minutes (600 seconds).
- minadvinterval time
-
Defines the minimum time interval between sending router advertisements. It must be no less than 3 seconds and no greater than maxadvinterval. The default is 0.75 times the maxadvinterval.
- lifetime time
-
Defines how long clients should consider the addresses in a router advertisement valid. It must be greater than maxadvinterval and no more than 2:30:00 (two hours, thirty minutes). The default is 3 times the maxadvinterval.
The address clause defines the IP addresses used and the parameters that apply to them. The address clause parameters are:
- advertise | ignore
-
advertise specifies that the address should be included in router advertisements, which is the default. ignore specifies that the address should not be included in router advertisements.
- broadcast | multicast
-
broadcast specifies that the address should be included in a broadcast router advertisement because some systems on the network do not support multicasting. This is the default if the router does not support multicasting.
multicast specifies that the address should only be included in a multicast router advertisement. If the system does not support multicasting, the address is not advertised.
- ineligible | preference preference
-
Defines the preference of the address as a default router. preference is a 32-bit signed integer. Higher values mean the address is more preferable. Note that this is not gated preference. This is a value transmitted as part of the Router Discovery Protocol.
The keyword ineligible assigns a preference of hex 80000000, which means the address is not eligible to be the default router. Hosts use ineligible addresses to verify ICMP redirects.
For routerdiscovery to work, the hosts must have the routerdiscovery client software. It is part of gated and is configured by the routerdiscovery client statement.
B.8.9.1. The routerdiscovery client statement
routerdiscovery client yes | no | on | off [{
traceoptions trace_options ;
preference preference ;
interface interface_list
[enable | disable | multicast]
[quiet | solicit] ;
} ] ;The client uses the same trace options as the server. Other options are different, however. The full list of client options is:
- preference preference ;
-
Defines the preference of default routes learned from routerdiscovery. The default is 55. Unlike the server statement, this is gated preference.
- interface interface_list
-
Defines the interfaces used by routerdiscovery.
- enable | disable | multicast
-
Enables or disables routerdiscovery on the interface. enable is the default. multicast forces gated to use multicasting for router discovery. If multicasting is unavailable, router discovery is not attempted. Normally, gated uses multicasting or broadcasting depending on what is available for the interface.
- broadcast | multicast
-
Specifies whether router solicitations should be broadcast or multicast on the interface. By default, router solicitations are multicast if that is supported; otherwise, router solicitations are broadcast. If the multicast keyword is specified and multicast is not available, the router solicitations are not sent. Generally, if these options are not specified, gated will do the right thing.
- quiet | solicit
-
Specifies whether router solicitations are sent on this interface. solicit, which is the default, sends router solicitations. quiet listens to Router Advertisements but does not send router solicitations.
B.8.10. The kernel Statement
kernel {
options
[nochange]
[noflushatexit]
[protosync];
remnantholdtime ;
routes number ;
flash
[limit number]
[type interface | interior | all] ;
background
[limit number]
[priority flash | higher | lower] ;
traceoptions trace_options ; } ;The kernel statement defines the interactions between gated and the kernel.
- options
-
Defines three possible configuration options. These are:
- nochange
-
Limits gated to deletes and adds. Use on early versions of the routing socket code that have a malfunctioning change operation.
- noflushatexit
-
Prevents route deletions at shutdown. Normally, shutdown processing deletes routes that do not have a "retain" indication. Use to speed startup on systems with thousands of routes.
- protosync
-
Updates the kernel protocol field with the current gated protocol value.
- remnantholdtime
-
Holds routes read from the kernel forwarding table at startup for up to 3 minutes unless they are overridden.
- routes number
-
Defines the maximum number of routes gated will install in the kernel. By default, there is no limit to the number of routes in the kernel forwarding table.
- flash
-
Tunes the parameters used for flash updates. When routes change, the process of notifying the kernel is called a "flash update."
- limit number
-
Sets the maximum number of routes processed during one flash update. The default is 20. A value of -1 causes all route changes to be processed. Large updates can slow the processing of "time-critical" protocols. 20 is a good default.
- type interface | interior | all
-
Specifies the type of routes processed during a flash update. By default, only interface routes are installed during a flash update. interior specifies that interior routes are also installed, and all specifies that interior and exterior routes should be processed. Specifying flash limit -1 all causes all routes to be installed during the flash update, which mimics the behavior of previous versions of gated.
- background
-
Tunes the parameters used for background processing. Since only interface routes are normally installed during a flash update, most routes are processed in batches in the background.
- limit number
-
Sets the number of routes processed in one batch. The default is 120.
- priority flash | higher | lower
-
Sets the priority for processing batch updates. The default is lower, which means that batch updates are processed at a lower priority than flash updates. To process kernel updates at the same priority as flash updates, specify flash.
Many tracing options work for the kernel interface because, in many cases, the interface is handled as a routing protocol. The command-line trace options, symbols and iflist, provide information about the kernel. The kernel statement trace options are:
- remnants
-
Traces routes read from the kernel when gated starts.
- request
-
Traces gated kernel Add/Delete/Change operations.
The remaining trace options apply only to systems that use the routing socket to exchange routing information with the kernel.
- info
-
Traces informational messages received from the routing socket.
- routes
-
Traces routes exchanged with the kernel.
- redirect
-
Traces redirect messages received from the kernel.
- interface
-
Traces interface status messages received from the kernel.
- other
-
Traces any other messages received from the kernel.
|  | |
| B.7. Definition Statements |  | B.9. static Statements |
Copyright © 2002 O'Reilly & Associates. All rights reserved.