diff options
Diffstat (limited to 'doc')
39 files changed, 1445 insertions, 99 deletions
diff --git a/doc/Building_FRR_on_CentOS6.md b/doc/Building_FRR_on_CentOS6.md index c0c8efafd..9f40418ff 100644 --- a/doc/Building_FRR_on_CentOS6.md +++ b/doc/Building_FRR_on_CentOS6.md @@ -18,7 +18,7 @@ Add packages: sudo yum install git autoconf automake libtool make gawk readline-devel \ texinfo net-snmp-devel groff pkgconfig json-c-devel pam-devel \ - flex pytest + flex c-ares-devel epel-release rpm-build libcap-devel texi2html Install newer version of bison (CentOS 6 package source is too old) from CentOS 7 @@ -48,16 +48,16 @@ Install newer version of autoconf and automake (Package versions are too old) Install `Python 2.7` in parallel to default 2.6 (needed for `make check` to run unittests). -Pick correct EPEL based on CentOS version used. Then install current `pytest` +Make sure you've install EPEL (`epel-release` as above). Then install current +`python2.7` and `pytest` - rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm rpm -ivh https://centos6.iuscommunity.org/ius-release.rpm - yum install python27 python27-pip + yum install python27 python27-devel python27-pip pip2.7 install pytest Please note that `CentOS 6` needs to keep python pointing to version 2.6 for `yum` to keep working, so don't create a symlink for python2.7 to python - + Get FRR, compile it and install it (from Git) --------------------------------------------- @@ -80,7 +80,6 @@ them if you are not building on a x86_64 architecture git clone https://github.com/frrouting/frr.git frr cd frr - git checkout stable/2.0 ./bootstrap.sh ./configure \ --sysconfdir=/etc/frr \ diff --git a/doc/Building_FRR_on_CentOS7.md b/doc/Building_FRR_on_CentOS7.md index 570d14dee..0ab5c0ff5 100644 --- a/doc/Building_FRR_on_CentOS7.md +++ b/doc/Building_FRR_on_CentOS7.md @@ -10,12 +10,16 @@ CentOS 7 restrictions: Install required packages ------------------------- - + Add packages: sudo yum install git autoconf automake libtool make gawk readline-devel \ texinfo net-snmp-devel groff pkgconfig json-c-devel pam-devel \ - bison flex pytest + bison flex pytest c-ares-devel python-devel rpm-build + +To build from git (in difference to building from distribution tar.gz as created by `make dist`), the python development libraries are needed. (Make sure you've installed EPEL libraries as shown above for this to work) + + yum install python34-devel Get FRR, compile it and install it (from Git) --------------------------------------------- @@ -39,7 +43,6 @@ them if you are not building on a x86_64 architecture git clone https://github.com/frrouting/frr.git frr cd frr - git checkout stable/2.0 ./bootstrap.sh ./configure \ --sysconfdir=/etc/frr \ diff --git a/doc/Building_FRR_on_Debian8.md b/doc/Building_FRR_on_Debian8.md index a60783d31..1a961f752 100644 --- a/doc/Building_FRR_on_Debian8.md +++ b/doc/Building_FRR_on_Debian8.md @@ -15,7 +15,7 @@ Add packages: sudo apt-get install git autoconf automake libtool make gawk \ libreadline-dev texinfo libjson-c-dev pkg-config bison flex \ - python-pip + python-pip libc-ares-dev python3-dev Install newer pytest (>3.0) from pip @@ -41,7 +41,6 @@ an example.) git clone https://github.com/frrouting/frr.git frr cd frr - git checkout stable/2.0 ./bootstrap.sh ./configure \ --enable-exampledir=/usr/share/doc/frr/examples/ \ @@ -83,6 +82,7 @@ an example.) sudo install -m 640 -o frr -g frr /dev/null /etc/frr/ripngd.conf sudo install -m 640 -o frr -g frr /dev/null /etc/frr/pimd.conf sudo install -m 640 -o frr -g frr /dev/null /etc/frr/ldpd.conf + sudo install -m 640 -o frr -g frr /dev/null /etc/frr/nhrpd.conf sudo install -m 640 -o frr -g frrvty /dev/null /etc/frr/vtysh.conf ### Enable IP & IPv6 forwarding diff --git a/doc/Building_FRR_on_Fedora24.md b/doc/Building_FRR_on_Fedora24.md index 6c5b78b1e..1f5f12b9c 100644 --- a/doc/Building_FRR_on_Fedora24.md +++ b/doc/Building_FRR_on_Fedora24.md @@ -8,7 +8,8 @@ Add packages: sudo dnf install git autoconf automake libtool make gawk \ readline-devel texinfo net-snmp-devel groff pkgconfig \ - json-c-devel pam-devel perl-XML-LibXML pytest + json-c-devel pam-devel perl-XML-LibXML c-ares-devel \ + python3-devel Get FRR, compile it and install it (from Git) --------------------------------------------- @@ -32,7 +33,6 @@ them if you are not building on a x86_64 architecture git clone https://github.com/frrouting/frr.git frr cd frr - git checkout stable/2.0 ./bootstrap.sh ./configure \ --sysconfdir=/etc/frr \ @@ -70,6 +70,7 @@ them if you are not building on a x86_64 architecture sudo touch /etc/frr/ripngd.conf sudo touch /etc/frr/pimd.conf sudo touch /etc/frr/ldpd.conf + sudo touch /etc/frr/nhrpd.conf sudo chown -R frr:frr /etc/frr/ sudo touch /etc/frr/vtysh.conf sudo chown frr:frrvt /etc/frr/vtysh.conf @@ -111,7 +112,7 @@ Create a new file `/etc/modules-load.d/mpls.conf` with the following content: install -p -m 644 redhat/ospf6d.service /usr/lib/systemd/system/ospf6d.service install -p -m 644 redhat/ripngd.service /usr/lib/systemd/system/ripngd.service install -p -m 644 redhat/pimd.service /usr/lib/systemd/system/pimd.service - install -p -m 644 redhat/pimd.service /usr/lib/systemd/system/ldpd.service + install -p -m 644 redhat/ldpd.service /usr/lib/systemd/system/ldpd.service install -p -m 644 redhat/frr.sysconfig /etc/sysconfig/frr install -p -m 644 redhat/frr.logrotate /etc/logrotate.d/frr diff --git a/doc/Building_FRR_on_FreeBSD10.md b/doc/Building_FRR_on_FreeBSD10.md index 8b5c919b6..36ef573bb 100644 --- a/doc/Building_FRR_on_FreeBSD10.md +++ b/doc/Building_FRR_on_FreeBSD10.md @@ -16,7 +16,7 @@ Add packages: install and asked) pkg install git autoconf automake libtool gmake gawk json-c pkgconf \ - bison flex py27-pytest + bison flex py27-pytest c-ares python3 Make sure there is no /usr/bin/flex preinstalled (and use the newly installed in /usr/local/bin): @@ -43,7 +43,6 @@ an example) git clone https://github.com/frrouting/frr.git frr cd frr - git checkout stable/2.0 ./bootstrap.sh export MAKE=gmake export LDFLAGS="-L/usr/local/lib" diff --git a/doc/Building_FRR_on_FreeBSD11.md b/doc/Building_FRR_on_FreeBSD11.md index 4c8704c6a..d6affd688 100644 --- a/doc/Building_FRR_on_FreeBSD11.md +++ b/doc/Building_FRR_on_FreeBSD11.md @@ -16,7 +16,7 @@ Add packages: install and asked) pkg install git autoconf automake libtool gmake gawk json-c pkgconf \ - bison flex py27-pytest + bison flex py27-pytest c-ares python3 Make sure there is no /usr/bin/flex preinstalled (and use the newly installed in /usr/local/bin): @@ -43,7 +43,6 @@ an example) git clone https://github.com/frrouting/frr.git frr cd frr - git checkout stable/2.0 ./bootstrap.sh export MAKE=gmake export LDFLAGS="-L/usr/local/lib" diff --git a/doc/Building_FRR_on_FreeBSD9.md b/doc/Building_FRR_on_FreeBSD9.md index 0a866acf9..41d3148ad 100644 --- a/doc/Building_FRR_on_FreeBSD9.md +++ b/doc/Building_FRR_on_FreeBSD9.md @@ -16,7 +16,8 @@ Add packages: install and asked) pkg install -y git autoconf automake libtool gmake gawk \ - pkgconf texinfo json-c bison flex py27-pytest + pkgconf texinfo json-c bison flex py27-pytest c-ares \ + python3 Make sure there is no /usr/bin/flex preinstalled (and use the newly installed in /usr/local/bin): @@ -25,6 +26,13 @@ takes preference in path) rm -f /usr/bin/flex +For building with clang (instead of gcc), upgrade clang from 3.4 default to 3.6 *This is needed to build FreeBSD packages as well - for packages clang is default* (Clang 3.4 as shipped with FreeBSD 9 crashes during compile) + + pkg install clang36 + pkg delete clang34 + mv /usr/bin/clang /usr/bin/clang34 + ln -s /usr/local/bin/clang36 /usr/bin/clang + Get FRR, compile it and install it (from Git) --------------------------------------------- @@ -43,7 +51,6 @@ an example) git clone https://github.com/frrouting/frr.git frr cd frr - git checkout stable/2.0 ./bootstrap.sh export MAKE=gmake export LDFLAGS="-L/usr/local/lib" diff --git a/doc/Building_FRR_on_NetBSD6.md b/doc/Building_FRR_on_NetBSD6.md index dfc1f2c29..542a7f489 100644 --- a/doc/Building_FRR_on_NetBSD6.md +++ b/doc/Building_FRR_on_NetBSD6.md @@ -18,7 +18,7 @@ Configure Package location: Add packages: sudo pkg_add git autoconf automake libtool gmake gawk openssl \ - pkg-config json-c p5-XML-LibXML python27 py27-test + pkg-config json-c p5-XML-LibXML python27 py27-test python35 Install SSL Root Certificates (for git https access): @@ -47,7 +47,6 @@ an example) git clone https://github.com/frrouting/frr.git frr cd frr - git checkout stable/2.0 ./bootstrap.sh MAKE=gmake export LDFLAGS="-L/usr/pkg/lib -R/usr/pkg/lib" diff --git a/doc/Building_FRR_on_NetBSD7.md b/doc/Building_FRR_on_NetBSD7.md index 99230e385..821a6109f 100644 --- a/doc/Building_FRR_on_NetBSD7.md +++ b/doc/Building_FRR_on_NetBSD7.md @@ -12,7 +12,7 @@ Install required packages ------------------------- sudo pkgin install git autoconf automake libtool gmake gawk openssl \ - pkg-config json-c p5-XML-LibXML python27 py27-test + pkg-config json-c p5-XML-LibXML python27 py27-test python35 Install SSL Root Certificates (for git https access): @@ -41,7 +41,6 @@ an example) git clone https://github.com/frrouting/frr.git frr cd frr - git checkout stable/2.0 ./bootstrap.sh MAKE=gmake export LDFLAGS="-L/usr/pkg/lib -R/usr/pkg/lib" diff --git a/doc/Building_FRR_on_OmniOS.md b/doc/Building_FRR_on_OmniOS.md index 7ed22aaae..2e9871467 100644 --- a/doc/Building_FRR_on_OmniOS.md +++ b/doc/Building_FRR_on_OmniOS.md @@ -41,7 +41,7 @@ Add additional Solaris packages: /opt/csw/bin/pkgutil -y -i texinfo /opt/csw/bin/pkgutil -y -i perl /opt/csw/bin/pkgutil -y -i libjson_c_dev - /opt/csw/bin/pkgutil -y -i python27 py_pip + /opt/csw/bin/pkgutil -y -i python27 py_pip python27_dev Add libjson to Solaris equivalent of ld.so.conf @@ -61,7 +61,7 @@ Select Python 2.7 as default (required for pytest) rm -f /usr/bin/python ln -s /opt/csw/bin/python2.7 /usr/bin/python - + Fix PATH for all users and non-interactive sessions. Edit `/etc/default/login` and add the following default PATH: @@ -89,11 +89,11 @@ an example) git clone https://github.com/frrouting/frr.git frr cd frr - git checkout stable/2.0 ./bootstrap.sh export MAKE=gmake export LDFLAGS="-L/opt/csw/lib" export CPPFLAGS="-I/opt/csw/include" + export PKG_CONFIG_PATH=/opt/csw/lib/pkgconfig ./configure \ --sysconfdir=/etc/frr \ --enable-exampledir=/usr/share/doc/frr/examples/ \ diff --git a/doc/Building_FRR_on_OpenBSD6.md b/doc/Building_FRR_on_OpenBSD6.md index 40bf982a4..c1b583664 100644 --- a/doc/Building_FRR_on_OpenBSD6.md +++ b/doc/Building_FRR_on_OpenBSD6.md @@ -1,12 +1,6 @@ Building FRR on OpenBSD 6 from Git Source ========================================= -OpenBSD restrictions: ---------------------- - -- MPLS is not tested on `OpenBSD`. It may work as it shares the - sources with the LDPd on OpenBSD. Bug reports and fixes are welcome - Install required packages ------------------------- @@ -42,7 +36,6 @@ an example) git clone https://github.com/frrouting/frr.git frr cd frr - git checkout stable/2.0 ./bootstrap.sh export LDFLAGS="-L/usr/local/lib" export CPPFLAGS="-I/usr/local/include" @@ -61,7 +54,6 @@ an example) --enable-rtadv \ --enable-tcp-zebra \ --enable-fpm \ - --enable-ldpd \ --with-pkg-git-version \ --with-pkg-extra-version=-MyOwnFRRVersion gmake @@ -83,6 +75,7 @@ an example) sudo touch /etc/frr/ripngd.conf sudo touch /etc/frr/pimd.conf sudo touch /etc/frr/ldpd.conf + sudo touch /etc/frr/nhrpd.conf sudo chown -R _frr:_frr /etc/frr sudo touch /etc/frr/vtysh.conf sudo chown -R _frr:_frrvty /etc/frr/vtysh.conf @@ -99,6 +92,18 @@ Add the following lines to the end of `/etc/rc.conf`: **Reboot** to apply the config to the system +### Enable MPLS Forwarding + +To enable MPLS forwarding on a given interface, use the following command: + + sudo ifconfig em0 mpls + +Alternatively, to make MPLS forwarding persistent across reboots, add the "mpls" +keyword in the hostname.* files of the desired interfaces. Example: + + cat /etc/hostname.em0 + inet 10.0.1.1 255.255.255.0 mpls + ### Install rc.d init files (create them in /etc/rc.d - no example are included at this time with FRR source) diff --git a/doc/Building_FRR_on_Ubuntu1204.md b/doc/Building_FRR_on_Ubuntu1204.md index f13052a1b..033e05bcd 100644 --- a/doc/Building_FRR_on_Ubuntu1204.md +++ b/doc/Building_FRR_on_Ubuntu1204.md @@ -12,8 +12,8 @@ Install required packages Add packages: apt-get install git autoconf automake libtool make gawk libreadline-dev \ - texinfo libpam0g-dev dejagnu libjson0 pkg-config libpam0g-dev \ - libjson0-dev flex python-pip + texinfo libpam0g-dev dejagnu libjson0-dev pkg-config libpam0g-dev \ + libjson0-dev flex python-pip libc-ares-dev python3-dev Install newer bison from 14.04 package source (Ubuntu 12.04 package source is too old) @@ -75,7 +75,6 @@ an example.) git clone https://github.com/frrouting/frr.git frr cd frr - git checkout stable/2.0 ./bootstrap.sh ./configure \ --prefix=/usr \ @@ -96,7 +95,6 @@ an example.) --enable-rtadv \ --enable-tcp-zebra \ --enable-fpm \ - --enable-ldpd \ --with-pkg-git-version \ --with-pkg-extra-version=-MyOwnFRRVersion make @@ -116,6 +114,7 @@ an example.) sudo install -m 640 -o frr -g frr /dev/null /etc/frr/ripngd.conf sudo install -m 640 -o frr -g frr /dev/null /etc/frr/pimd.conf sudo install -m 640 -o frr -g frr /dev/null /etc/frr/ldpd.conf + sudo install -m 640 -o frr -g frr /dev/null /etc/frr/nhrpd.conf sudo install -m 640 -o frr -g frrvty /dev/null /etc/frr/vtysh.conf ### Enable IP & IPv6 forwarding @@ -137,7 +136,7 @@ other settings) sudo install -m 755 tools/frr /etc/init.d/frr sudo install -m 644 cumulus/etc/frr/daemons /etc/frr/daemons - sudo install -m 644 cumulus/etc/frr/debian.conf /etc/frr/debian.conf + sudo install -m 644 cumulus/etc/frr/daemons.conf /etc/frr/daemons.conf sudo install -m 644 -o frr -g frr cumulus/etc/frr/vtysh.conf /etc/frr/vtysh.conf ### Enable daemons diff --git a/doc/Building_FRR_on_Ubuntu1404.md b/doc/Building_FRR_on_Ubuntu1404.md index 7e21df861..11daecf19 100644 --- a/doc/Building_FRR_on_Ubuntu1404.md +++ b/doc/Building_FRR_on_Ubuntu1404.md @@ -8,12 +8,12 @@ Building FRR on Ubuntu 14.04LTS from Git Source Install required packages ------------------------- - + Add packages: apt-get install git autoconf automake libtool make gawk libreadline-dev \ texinfo dejagnu pkg-config libpam0g-dev libjson-c-dev bison flex \ - python-pytest + python-pytest libc-ares-dev python3-dev Get FRR, compile it and install it (from Git) --------------------------------------------- @@ -35,7 +35,6 @@ an example.) git clone https://github.com/frrouting/frr.git frr cd frr - git checkout stable/2.0 ./bootstrap.sh ./configure \ --prefix=/usr \ @@ -76,6 +75,7 @@ an example.) sudo install -m 640 -o frr -g frr /dev/null /etc/frr/ripngd.conf sudo install -m 640 -o frr -g frr /dev/null /etc/frr/pimd.conf sudo install -m 640 -o frr -g frr /dev/null /etc/frr/ldpd.conf + sudo install -m 640 -o frr -g frr /dev/null /etc/frr/nhrpd.conf sudo install -m 640 -o frr -g frrvty /dev/null /etc/frr/vtysh.conf ### Enable IP & IPv6 forwarding @@ -96,7 +96,7 @@ other settings) sudo install -m 755 tools/frr /etc/init.d/frr sudo install -m 644 cumulus/etc/frr/daemons /etc/frr/daemons - sudo install -m 644 cumulus/etc/frr/debian.conf /etc/frr/debian.conf + sudo install -m 644 cumulus/etc/frr/daemons.conf /etc/frr/daemons.conf sudo install -m 644 -o frr -g frr cumulus/etc/frr/vtysh.conf /etc/frr/vtysh.conf diff --git a/doc/Building_FRR_on_Ubuntu1604.md b/doc/Building_FRR_on_Ubuntu1604.md index 2d5b57ed5..9aa3206fe 100644 --- a/doc/Building_FRR_on_Ubuntu1604.md +++ b/doc/Building_FRR_on_Ubuntu1604.md @@ -14,7 +14,7 @@ Add packages: apt-get install git autoconf automake libtool make gawk libreadline-dev \ texinfo dejagnu pkg-config libpam0g-dev libjson-c-dev bison flex \ - python-pytest + python-pytest libc-ares-dev python3-dev libsystemd-dev Get FRR, compile it and install it (from Git) --------------------------------------------- @@ -36,7 +36,6 @@ an example.) git clone https://github.com/frrouting/frr.git frr cd frr - git checkout stable/2.0 ./bootstrap.sh ./configure \ --prefix=/usr \ @@ -57,7 +56,7 @@ an example.) --enable-rtadv \ --enable-tcp-zebra \ --enable-fpm \ - --enable-ldpd \ + --enable-systemd=yes \ --with-pkg-git-version \ --with-pkg-extra-version=-MyOwnFRRVersion make @@ -77,6 +76,7 @@ an example.) sudo install -m 640 -o frr -g frr /dev/null /etc/frr/ripngd.conf sudo install -m 640 -o frr -g frr /dev/null /etc/frr/pimd.conf sudo install -m 640 -o frr -g frr /dev/null /etc/frr/ldpd.conf + sudo install -m 640 -o frr -g frr /dev/null /etc/frr/nhrpd.conf sudo install -m 640 -o frr -g frrvty /dev/null /etc/frr/vtysh.conf ### Enable IP & IPv6 forwarding @@ -119,8 +119,8 @@ Add the following lines to `/etc/modules-load.d/modules.conf`: sudo install -m 644 tools/frr.service /etc/systemd/system/frr.service sudo install -m 644 cumulus/etc/default/frr /etc/default/frr sudo install -m 644 cumulus/etc/frr/daemons /etc/frr/daemons - sudo install -m 644 cumulus/etc/frr/debian.conf /etc/frr/debian.conf - sudo install -m 644 cumulus/etc/frr/frr.conf /etc/frr/frr.conf + sudo install -m 644 tools/etc/frr/daemons.conf /etc/frr/daemons.conf + sudo install -m 644 tools/etc/frr/frr.conf /etc/frr/frr.conf sudo install -m 644 -o frr -g frr cumulus/etc/frr/vtysh.conf /etc/frr/vtysh.conf ### Enable daemons @@ -137,13 +137,8 @@ For example. isisd=yes ### Enable the systemd serivce -Edit `/etc/systemd/system/frr.service` and remove the line **OnFailure=heartbeat-failed@%n.service** -For example. + - systemctl enable frr - [Unit] - Description=Cumulus Linux FRR - After=syslog.target networking.service - ### Start the systemd service - systemctl start frr - use `systemctl status frr` to check its status. diff --git a/doc/Makefile.am b/doc/Makefile.am index 04389c63a..318179e25 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -59,7 +59,10 @@ frr.pdf: $(info_TEXINFOS) $(figures_pdf) $(frr_TEXINFOS) frr_TEXINFOS = appendix.texi basic.texi bgpd.texi isisd.texi filter.texi \ vnc.texi \ - install.texi ipv6.texi kernel.texi main.texi ospf6d.texi ospfd.texi \ + install.texi ipv6.texi kernel.texi main.texi \ + nhrpd.texi \ + eigrpd.texi \ + ospf6d.texi ospfd.texi \ overview.texi protocol.texi ripd.texi ripngd.texi routemap.texi \ snmp.texi vtysh.texi routeserver.texi defines.texi $(figures_png) \ snmptrap.texi ospf_fundamentals.texi isisd.texi $(figures_txt) @@ -111,6 +114,10 @@ if RIPNGD man_MANS += ripngd.8 endif +if NHRPD +man_MANS += nhrpd.8 +endif + if VTYSH man_MANS += vtysh.1 endif @@ -123,6 +130,10 @@ if ZEBRA man_MANS += zebra.8 endif +if EIGRPD +man_MANS += eigrpd.8 +endif + EXTRA_DIST = BGP-TypeCode draft-zebra-00.ms draft-zebra-00.txt \ \ bgpd.8.in \ @@ -134,10 +145,12 @@ EXTRA_DIST = BGP-TypeCode draft-zebra-00.ms draft-zebra-00.txt \ ripd.8.in \ ripngd.8.in \ pimd.8.in \ + nhrpd.8.in \ vtysh.1.in \ watchfrr.8.in \ zebra.8.in \ frr.1.in \ + eigrpd.8.in \ \ mpls/ChangeLog.opaque.txt mpls/cli_summary.txt \ mpls/opaque_lsa.txt mpls/ospfd.conf \ diff --git a/doc/basic.texi b/doc/basic.texi index cea33eaa8..05d72bc80 100644 --- a/doc/basic.texi +++ b/doc/basic.texi @@ -18,6 +18,7 @@ daemons. * Config Commands:: Commands used in config files * Terminal Mode Commands:: Common commands used in a VTY * Common Invocation Options:: Starting the daemons +* Loadable Module Support:: Using extension modules * Virtual Terminal Interfaces:: Interacting with the daemons @end menu @@ -372,6 +373,51 @@ Print program version. @end table +@node Loadable Module Support +@section Loadable Module Support + +FRR supports loading extension modules at startup. Loading, reloading or +unloading modules at runtime is not supported (yet). To load a module, use +the following command line option at daemon startup: + +@table @samp +@item -M @var{module:options} +@itemx --module @var{module:options} + +Load the specified module, optionally passing options to it. If the module +name contains a slash (/), it is assumed to be a full pathname to a file to +be loaded. If it does not contain a slash, the +@code{@value{INSTALL_PREFIX_MODULES}} directory is searched for a module of +the given name; first with the daemon name prepended (e.g. @code{zebra_mod} +for @code{mod}), then without the daemon name prepended. + +This option is available on all daemons, though some daemons may not have +any modules available to be loaded. +@end table + + +@subsection The SNMP Module + +If SNMP is enabled during compile-time and installed as part of the package, +the @code{snmp} module can be loaded for the @command{zebra}, +@command{bgpd}, @command{ospfd}, @command{ospf6d} and @command{ripd} daemons. + +The module ignores any options passed to it. Refer to @ref{SNMP Support} +for information on its usage. + + +@subsection The FPM Module + +If FPM is enabled during compile-time and installed as part of the package, +the @code{fpm} module can be loaded for the @command{zebra} daemon. This +provides the Forwarding Plane Manager ("FPM") API. + +The module expects its argument to be either @code{netlink} or +@code{protobuf}, specifying the encapsulation to use. @code{netlink} is the +default, and @code{protobuf} may not be available if the module was built +without protobuf support. Refer to @ref{zebra FIB push interface} for more +information. + @node Virtual Terminal Interfaces @section Virtual Terminal Interfaces diff --git a/doc/bgpd.8.in b/doc/bgpd.8.in index 704774463..0df1b1dce 100644 --- a/doc/bgpd.8.in +++ b/doc/bgpd.8.in @@ -27,6 +27,9 @@ bgpd \- a BGPv4, BGPv4\+, BGPv4\- routing engine for use with @PACKAGE_FULLNAME@ ] [ .B \-g .I group +] [ +.B \-M +.I module:options ] .SH DESCRIPTION .B bgpd @@ -76,6 +79,11 @@ When the program terminates, retain routes added by \fBbgpd\fR. \fB\-S\fR, \fB\-\-skip_runas\fR Skip setting the process effective user and group. .TP +\fB\-M\fR, \fB\-\-module \fR\fImodule:options\fR +Load a module at startup. May be specified more than once. +The \fBsnmp\fR module may be available for +\fBbgpd\fR, if the package was built with SNMP support. +.TP \fB\-v\fR, \fB\-\-version\fR Print the version and exit. .SH FILES @@ -108,6 +116,7 @@ debugging options, see the Info file, or the source for details. .BR ospfd (8), .BR ospf6d (8), .BR isisd (8), +.BR nhrpd (8), .BR zebra (8), .BR vtysh (1) .SH BUGS diff --git a/doc/bgpd.texi b/doc/bgpd.texi index 08cd4149a..8e0da1294 100644 --- a/doc/bgpd.texi +++ b/doc/bgpd.texi @@ -526,7 +526,9 @@ This command adds the announcement network. @example @group router bgp 1 - network 10.0.0.0/8 + address-family ipv4 unicast + network 10.0.0.0/8 + exit-address-family @end group @end example This configuration example says that network 10.0.0.0/8 will be @@ -1160,7 +1162,9 @@ communities attribute to the updates. @example router bgp 7675 neighbor 192.168.0.1 remote-as 100 - neighbor 192.168.0.1 route-map RMAP in + address-family ipv4 unicast + neighbor 192.168.0.1 route-map RMAP in + exit-address-family ! ip community-list 70 permit 7675:70 ip community-list 70 deny @@ -1191,7 +1195,9 @@ value 80. router bgp 100 network 10.0.0.0/8 neighbor 192.168.0.2 remote-as 7675 - neighbor 192.168.0.2 route-map RMAP out + address-family ipv4 unicast + neighbor 192.168.0.2 route-map RMAP out + exit-address-family ! ip prefix-list PLIST permit 10.0.0.0/8 ! @@ -1209,7 +1215,9 @@ limit the BGP routes announcement into the internal network. @example router bgp 7675 neighbor 192.168.0.1 remote-as 100 - neighbor 192.168.0.1 route-map RMAP in + address-family ipv4 unicast + neighbor 192.168.0.1 route-map RMAP in + exit-address-family ! ip community-list 1 permit 0:80 0:90 ! @@ -1224,7 +1232,9 @@ filtering all of routes, we need to define permit any at last. @example router bgp 7675 neighbor 192.168.0.1 remote-as 100 - neighbor 192.168.0.1 route-map RMAP in + address-family ipv4 unicast + neighbor 192.168.0.1 route-map RMAP in + exit-address-family ! ip community-list standard FILTER deny 1:1 ip community-list standard FILTER permit @@ -1252,7 +1262,9 @@ community-list is used. @code{deny} community-list is ignored. @example router bgp 7675 neighbor 192.168.0.1 remote-as 100 - neighbor 192.168.0.1 route-map RMAP in + address-family ipv4 unicast + neighbor 192.168.0.1 route-map RMAP in + exit-address-family ! ip community-list standard DEL permit 100:1 100:2 ! @@ -1606,11 +1618,15 @@ to specify @command{neighbor A.B.C.D send-community} command. ! router bgp 1 neighbor 10.0.0.1 remote-as 1 - no neighbor 10.0.0.1 send-community + address-family ipv4 unicast + no neighbor 10.0.0.1 send-community + exit-address-family ! router bgp 1 neighbor 10.0.0.1 remote-as 1 - neighbor 10.0.0.1 send-community + address-family ipv4 unicast + neighbor 10.0.0.1 send-community + exit-address-family ! @end example @@ -1680,11 +1696,15 @@ bgp multiple-instance ! router bgp 1 view 1 neighbor 10.0.0.1 remote-as 2 - neighbor 10.0.0.1 distribute-list 1 in + address-family ipv4 unicast + neighbor 10.0.0.1 distribute-list 1 in + exit-address-family ! router bgp 1 view 2 neighbor 10.0.0.1 remote-as 2 - neighbor 10.0.0.1 distribute-list 2 in + address-family ipv4 unicast + neighbor 10.0.0.1 distribute-list 2 in + exit-address-family @end group @end example @@ -1792,13 +1812,16 @@ Example of a session to an upstream, advertising only one prefix to it. @example router bgp 64512 bgp router-id 10.236.87.1 - network 10.236.87.0/24 neighbor upstream peer-group neighbor upstream remote-as 64515 neighbor upstream capability dynamic - neighbor upstream prefix-list pl-allowed-adv out neighbor 10.1.1.1 peer-group upstream neighbor 10.1.1.1 description ACME ISP + + address-family ipv4 unicast + network 10.236.87.0/24 + neighbor upstream prefix-list pl-allowed-adv out + exit-address-family ! ip prefix-list pl-allowed-adv seq 5 permit 82.195.133.0/25 ip prefix-list pl-allowed-adv seq 10 deny any @@ -1816,18 +1839,9 @@ flaws. @example router bgp 64512 bgp router-id 10.236.87.1 - network 10.123.456.0/24 - network 10.123.456.128/25 route-map rm-no-export neighbor upstream capability dynamic - neighbor upstream route-map rm-upstream-out out neighbor cust capability dynamic - neighbor cust route-map rm-cust-in in - neighbor cust route-map rm-cust-out out - neighbor cust send-community both neighbor peer capability dynamic - neighbor peer route-map rm-peer-in in - neighbor peer route-map rm-peer-out out - neighbor peer send-community both neighbor 10.1.1.1 remote-as 64515 neighbor 10.1.1.1 peer-group upstream neighbor 10.2.1.1 remote-as 64516 @@ -1835,19 +1849,31 @@ router bgp 64512 neighbor 10.3.1.1 remote-as 64517 neighbor 10.3.1.1 peer-group cust-default neighbor 10.3.1.1 description customer1 - neighbor 10.3.1.1 prefix-list pl-cust1-network in neighbor 10.4.1.1 remote-as 64518 neighbor 10.4.1.1 peer-group cust - neighbor 10.4.1.1 prefix-list pl-cust2-network in neighbor 10.4.1.1 description customer2 neighbor 10.5.1.1 remote-as 64519 neighbor 10.5.1.1 peer-group peer - neighbor 10.5.1.1 prefix-list pl-peer1-network in neighbor 10.5.1.1 description peer AS 1 neighbor 10.6.1.1 remote-as 64520 neighbor 10.6.1.1 peer-group peer - neighbor 10.6.1.1 prefix-list pl-peer2-network in neighbor 10.6.1.1 description peer AS 2 + + address-family ipv4 unicast + network 10.123.456.0/24 + network 10.123.456.128/25 route-map rm-no-export + neighbor upstream route-map rm-upstream-out out + neighbor cust route-map rm-cust-in in + neighbor cust route-map rm-cust-out out + neighbor cust send-community both + neighbor peer route-map rm-peer-in in + neighbor peer route-map rm-peer-out out + neighbor peer send-community both + neighbor 10.3.1.1 prefix-list pl-cust1-network in + neighbor 10.4.1.1 prefix-list pl-cust2-network in + neighbor 10.5.1.1 prefix-list pl-peer1-network in + neighbor 10.6.1.1 prefix-list pl-peer2-network in + exit-address-family ! ip prefix-list pl-default permit 0.0.0.0/0 ! diff --git a/doc/cli.md b/doc/cli.md new file mode 100644 index 000000000..ffd34dd30 --- /dev/null +++ b/doc/cli.md @@ -0,0 +1,431 @@ +FRR Command Line Interface +========================== + +Definition Grammar +------------------ + +This is a reference for the syntax used when defining new CLI commands. An +example definition is: + +``` +DEFUN (command_name, + command_name_cmd, +--> "example <command|line [interface]> DEFINITION...", + <..doc strings..>) +``` + +The arrowed part is the definition string. + +Explicit syntax rules in Flex and Bison may be found in lib/command_lex.l and +lib/command_parse.y, respectively. If you can read BNF and regex those will be +more useful than this document. + +If the parser is throwing syntax or other errors and you can't figure out why, +it's unlikely to be a bug in the parser. If the error message is not useful, +please file a bug for a better error message. If all else fails, read the token +definitions in the lexer source and the Bison BNF in the parser source. + +Characters allowed in each token type: + +Tokens +------ +* `WORD` -- A token that begins with +, -, or a lowercase letter. It is + an unchanging part of the command and will only match itself. + Example: "show ip bgp", every token is a WORD. +* `IPV4` -- 'A.B.C.D', matches an IPv4 address. +* `IPV6` -- 'X:X::X:X', matches an IPv6 address. +* `IPV4_PREFIX` -- 'A.B.C.D/M', matches an IPv4 prefix in CIDR notation. +* `IPV6_PREFIX` -- 'X:X::X:X/M', matches an IPv6 prefix in CIDR notation. +* `VARIABLE` -- Begins with a capital letter. Matches any input. +* `RANGE` -- Numeric range delimited by parentheses, e.g. (-100 - 100) or + (10-20). Will only match numbers in the range. + +Rules +----- +* `<angle|brackets>` -- Contain sequences of tokens separated by pipes and + provide mutual exclusion. Sequences may contain + `<mutual|exclusion>` but not as the first token. + Disallowed: `"example <<a|b> c|d>"` + Allowed: `"example <a c|b c|d>"` +* `[square brackets]` -- Contains sequences of tokens that are optional (can be + omitted). `[<a|b>]` can be shortened to `[a|b]`. +* `{curly|braces}` -- similar to angle brackets, but instead of mutual + exclusion, curly braces indicate that one or more of the + pipe-separated sequences may be provided in any order. +* `VARIADICS...` -- Any token which accepts input (so anything except WORD) + and that occurs as the last token of a line may be + followed by an ellipsis, which indicates that input + matching the token may be repeated an unlimited number + of times. +* `$name` -- Specify a variable name for the preceding token. See + "Variable Names" below. + +Some general notes: + +* Options are allowed at the beginning of the command. The developer is + entreated to use these extremely sparingly. They are most useful for + implementing the 'no' form of configuration commands. Please think carefully + before using them for anything else. There is usually a better solution, even + if it is just separating out the command definition into separate ones. + +* The developer should judiciously apply separation of concerns when defining + CLI. CLI definitions for two unrelated or vaguely related commands or + configuration items should be defined in separate commands. Clarity is + preferred over LOC (within reason). + +Variable Names +-------------- +The parser tries to fill the "varname" field on each token. This can happen +either manually or automatically. Manual specifications work by appending +`"$name"` after the input specifier: + +``` +foo bar$cmd WORD$name A.B.C.D$ip +``` + +Note that you can also assign variable names to fixed input tokens, this can +be useful if multiple commands share code. You can also use "$name" after a +multiple-choice option: + +``` +foo bar <A.B.C.D|X:X::X:X>$addr [optionA|optionB]$mode +``` + +The variable name is in this case assigned to the last token in each of the +branches. + +Automatic assignment of variable names works by applying the following rules: + +- manual names always have priority +- a "[no]" at the beginning receives "no" as varname on the "no" token +- VARIABLE tokens whose text is not "WORD" or "NAME" receive a cleaned lowercase + version of the token text as varname, e.g. "ROUTE-MAP" becomes "route_map". +- other variable tokens (i.e. everything except "fixed") receive the text of + the preceding fixed token as varname, if one can be found. E.g.: + "ip route A.B.C.D/M INTERFACE" assigns "route" to the "A.B.C.D/M" token. + +These rules should make it possible to avoid manual varname assignment in 90% +of the cases. + +Doc Strings +----------- +Each token in a command definition should be documented with a brief doc +string that informs a user of the meaning and/or purpose of the subsequent +command tree. These strings are provided as the last parameter to DEFUN macros, +concatenated together and separated by an escaped newline ('\n'). These are +best explained by example. + +``` +DEFUN (config_terminal, + config_terminal_cmd, + "configure terminal", + "Configuration from vty interface\n" + "Configuration terminal\n") +``` + +The last parameter is split into two lines for readability. Two newline +delimited doc strings are present, one for each token in the command. The +second string documents the functionality of the 'terminal' command in the +'configure' tree. + +Note that the first string, for 'configure' does not contain documentation for +'terminal'. This is because the CLI is best envisioned as a tree, with tokens +defining branches. An imaginary 'start' token is the root of every command in a +CLI node. Each subsequent written token descends into a subtree, so the +documentation for that token ideally summarizes all the functionality contained +in the subtree. + +A consequence of this structure is that the developer must be careful to use +the same doc strings when defining multiple commands that are part of the same +tree. Commands which share prefixes must share the same doc strings for those +prefixes. On startup the parser will generate warnings if it notices +inconsistent doc strings. Behavior is undefined; the same token may show up +twice in completions, with different doc strings, or it may show up once with a +random doc string. Parser warnings should be heeded and fixed to avoid +confusing users. + +The number of doc strings provided must be equal to the amount of tokens +present in the command definition, read left to right, ignoring any special +constructs. + +In the examples below, each arrowed token needs a doc string. + +``` + "show ip bgp" + ^ ^ ^ + + "command <foo|bar> [example]" + ^ ^ ^ ^ +``` + +Data Structures +--------------- +On startup, the CLI parser sequentially parses each command string definition +and constructs a directed graph with each token forming a node. This graph is +the basis of the entire CLI system. It is used to match user input in order to +generate command completions and match commands to functions. + +There is one graph per CLI node (not the same as a graph node in the CLI +graph). The CLI node struct keeps a reference to its graph (see lib/command.h). + +While most of the graph maintains the form of a tree, special constructs +outlined in the Rules section introduce some quirks. <>, [] and {} form +self-contained 'subgraphs'. Each subgraph is a tree except that all of the +'leaves' actually share a child node. This helps with minimizing graph size and +debugging. + +As an example, the subgraph generated by <foo|bar> looks like this: + + . + . + | + +----+---+ + +--- -+ FORK +----+ + | +--------+ | + +--v---+ +--v---+ + | foo | | bar | + +--+---+ +--+---+ + | +------+ | + +------> JOIN <-----+ + +---+--+ + | + . + . + +FORK and JOIN nodes are plumbing nodes that don't correspond to user input. +They're necessary in order to deduplicate these constructs where applicable. + +Options follow the same form, except that there is an edge from the FORK node +to the JOIN node. + +Keywords follow the same form, except that there is an edge from JOIN to FORK. +Because of this the CLI graph cannot be called acyclic. There is special logic +in the input matching code that keeps a stack of paths already taken through +the node in order to disallow following the same path more than once. + +Variadics are a bit special; they have an edge back to themselves, which allows +repeating the same input indefinitely. + +The leaves of the graph are nodes that have no out edges. These nodes are +special; their data section does not contain a token, as most nodes do, or +NULL, as in FORK/JOIN nodes, but instead has a pointer to a cmd_element. All +paths through the graph that terminate on a leaf are guaranteed to be defined +by that command. When a user enters a complete command, the command matcher +tokenizes the input and executes a DFS on the CLI graph. If it is +simultaneously able to exhaust all input (one input token per graph node), and +then find exactly one leaf connected to the last node it reaches, then the +input has matched the corresponding command and the command is executed. If it +finds more than one node, then the command is ambiguous (more on this in +deduplication). If it cannot exhaust all input, the command is unknown. If it +exhausts all input but does not find an edge node, the command is incomplete. + +The parser uses an incremental strategy to build the CLI graph for a node. Each +command is parsed into its own graph, and then this graph is merged into the +overall graph. During this merge step, the parser makes a best-effort attempt +to remove duplicate nodes. If it finds a node in the overall graph that is +equal to a node in the corresponding position in the command graph, it will +intelligently merge the properties from the node in the command graph into the +already-existing node. Subgraphs are also checked for isomorphism and merged +where possible. The definition of whether two nodes are 'equal' is based on the +equality of some set of token properties; read the parser source for the most +up-to-date definition of equality. + +When the parser is unable to deduplicate some complicated constructs, this +can result in two identical paths through separate parts of the graph. If +this occurs and the user enters input that matches these paths, they will +receive an 'ambiguous command' error and will be unable to execute the command. +Most of the time the parser can detect and warn about duplicate commands, but +it will not always be able to do this. Hence care should be taken before +defining a new command to ensure it is not defined elsewhere. + + +Command handlers +---------------- +The block that follows a CLI definition is executed when a user enters input +that matches the definition. Its function signature looks like this: + +int (*func) (const struct cmd_element *, struct vty *, int, struct cmd_token *[]); + +The first argument is the command definition struct. The last argument is an +ordered array of tokens that correspond to the path taken through the graph, +and the argument just prior to that is the length of the array. + +The arrangement of the token array has changed from the prior incarnation of +the CLI system. In the old system, missing arguments were padded with NULLs so +that the same parts of a command would show up at the same indices regardless +of what was entered. The new system does not perform such padding and therefore +it is generally _incorrect_ to assume consistent indices in this array. As a +simple example: + +Command definition: +``` + command [foo] <bar|baz> +``` + +User enters: +``` + command foo bar +``` + +Array: +``` + [0] -> command + [1] -> foo + [2] -> bar +``` + +User enters: +``` + command baz +``` + +Array: +``` + [0] -> command + [1] -> baz +``` + + + +Command abbreviation & matching priority +---------------------------------------- +As in the prior implementation, it is possible for users to elide parts of +tokens when the CLI matcher does not need them to make an unambiguous match. +This is best explained by example. + +Command definitions: +``` + command dog cow + command dog crow +``` + +User input: +``` + c d c -> ambiguous command + c d co -> match "command dog cow" +``` + +In the new implementation, this functionality has improved. Where previously +the parser would stop at the first ambiguous token, it will now look ahead and +attempt to disambiguate based on tokens later on in the input string. + +Command definitions: +``` + show ip bgp A.B.C.D + show ipv6 bgp X:X::X:X +``` + +User enters: +``` + s i b 4.3.2.1 -> match "show ip bgp A.B.C.D" + s i b ::e0 -> match "show ipv6 bgp X:X::X:X" +``` + +Previously both of these commands would be ambiguous since 'i' does not +explicitly select either 'ip' or 'ipv6'. However, since the user later provides +a token that matches only one of the commands (an IPv4 or IPv6 address) the +parser is able to look ahead and select the appropriate command. This has some +implications for parsing the argv*[] that is passed to the command handler. + +Now consider a command definition such as: +``` + command <foo|VAR> +``` + +'foo' only matches the string 'foo', but 'VAR' matches any input, including +'foo'. Who wins? In situations like this the matcher will always choose the +'better' match, so 'foo' will win. + +Consider also: +``` + show <ip|ipv6> foo +``` + +User input: +``` + show ip foo +``` + +'ip' partially matches 'ipv6' but exactly matches 'ip', so 'ip' will win. + + +struct cmd_token +---------------- + +``` +/* Command token struct. */ +struct cmd_token +{ + enum cmd_token_type type; // token type + u_char attr; // token attributes + bool allowrepeat; // matcher allowed to match token repetitively? + + char *text; // token text + char *desc; // token description + long long min, max; // for ranges + char *arg; // user input that matches this token + char *varname; // variable name +}; +``` + +This struct is used in the CLI graph to match input against. It is also used to +pass user input to command handler functions, as it is frequently useful for +handlers to have access to that information. When a command is matched, the +sequence of cmd_tokens that form the matching path are duplicated and placed in +order into argv*[]. Before this happens the ->arg field is set to point at the +snippet of user input that matched it. + +For most nontrivial commands the handler function will need to determine which +of the possible matching inputs was entered. Previously this was done by +looking at the first few characters of input. This is now considered an +anti-pattern and should be avoided. Instead, the ->type or ->text fields for +this logic. The ->type field can be used when the possible inputs differ in +type. When the possible types are the same, use the ->text field. This field +has the full text of the corresponding token in the definition string and using +it makes for much more readable code. An example is helpful. + +Command definition: +``` + command <(1-10)|foo|BAR> +``` + +In this example, the user may enter any one of: + * an integer between 1 and 10 + * "foo" + * anything at all + +If the user enters "command f", then: + +``` +argv[1]->type == WORD_TKN +argv[1]->arg == "f" +argv[1]->text == "foo" +``` + +Range tokens have some special treatment; a token with ->type == RANGE_TKN will +have the ->min and ->max fields set to the bounding values of the range. + + +Permutations +------------ +Finally, it is sometimes useful to check all the possible combinations of input +that would match an arbitrary definition string. There is a tool in tools/ +called 'permutations' that reads CLI definition strings on stdin and prints out +all matching input permutations. It also dumps a text representation of the +graph, which is more useful for debugging than anything else. It looks like +this: + +``` +$ ./permutations "show [ip] bgp [<view|vrf> WORD]" + +show ip bgp view WORD +show ip bgp vrf WORD +show ip bgp +show bgp view WORD +show bgp vrf WORD +show bgp +``` + +This functionality is also built into VTY/VTYSH; the 'list permutations' +command will list all possible matching input permutations in the current CLI +node. diff --git a/doc/defines.texi.in b/doc/defines.texi.in index 43d744293..0fadba964 100644 --- a/doc/defines.texi.in +++ b/doc/defines.texi.in @@ -13,6 +13,7 @@ @set INSTALL_PREFIX_ETC @CFG_SYSCONF@ @set INSTALL_PREFIX_SBIN @CFG_SBIN@ @set INSTALL_PREFIX_STATE @CFG_STATE@ +@set INSTALL_PREFIX_MODULES @CFG_MODULE@ @set INSTALL_USER @enable_user@ @set INSTALL_GROUP @enable_group@ @set INSTALL_VTY_GROUP @enable_vty_group@ diff --git a/doc/dev-modules.md b/doc/dev-modules.md new file mode 100644 index 000000000..87bc96318 --- /dev/null +++ b/doc/dev-modules.md @@ -0,0 +1,119 @@ +# Module and Hook support (developer docs) + +## What it does + +It uses `dlopen()` to load DSOs at startup. + + +## Limitations + +* can't load, unload, or reload during runtime. This just needs some work + and can probably be done in the future. +* doesn't fix any of the "things need to be changed in the code in the library" + issues. Most prominently, you can't add a CLI node because CLI nodes are + listed in the library... +* if your module crashes, the daemon crashes. Should be obvious. +* **does not provide a stable API or ABI**. Your module must match a version + of FRR and you may have to update it frequently to match changes. +* **does not create a license boundary**. Your module will need to link + libzebra and include header files from the daemons, meaning it will be + GPL-encumbered. + + +## Installation + +Look for `moduledir` in `configure.ac`, default is normally +`/usr/lib64/frr/modules` but depends on `--libdir` / `--prefix`. + +The daemon's name is prepended when looking for a module, e.g. "snmp" tries +to find "zebra_snmp" first when used in zebra. This is just to make it nicer +for the user, with the snmp module having the same name everywhere. + +Modules can be packaged separately from FRR. The SNMP and FPM modules are +good candidates for this because they have dependencies (net-snmp / protobuf) +that are not FRR dependencies. However, any distro packages should have an +"exact-match" dependency onto the FRR package. Using a module from a +different FRR version will probably blow up nicely. + +For snapcraft (and during development), modules can be loaded with full path +(e.g. -M `$SNAP/lib/frr/modules/zebra_snmp.so`). Note that libtool puts output +files in the .libs directory, so during development you have to use +`./zebra -M .libs/zebra_snmp.so`. + + +## Creating a module + +... best to look at the existing SNMP or FPM modules. + +Basic boilerplate: + +``` +#include "hook.h" +#include "module.h" + +static int +module_init (void) +{ + hook_register(frr_late_init, module_late_init); + return 0; +} + +FRR_MODULE_SETUP( + .name = "my module", + .version = "0.0", + .description = "my module", + .init = module_init, +) +``` + +The `frr_late_init` hook will be called after the daemon has finished its +other startup and is about to enter the main event loop; this is the best +place for most initialisation. + + +## Compiler & Linker magic + +There's a `THIS_MODULE` (like in the Linux kernel), which uses `visibility` +attributes to restrict it to the current module. If you get a linker error +with `_frrmod_this_module`, there is some linker SNAFU. This shouldn't be +possible, though one way to get it would be to not include libzebra (which +provides a fallback definition for the symbol). + +libzebra and the daemons each have their own `THIS_MODULE`, as do all loadable +modules. In any other libraries (e.g. `libfrrsnmp`), `THIS_MODULE` will use +the definition in libzebra; same applies if the main executable doesn't use +`FRR_DAEMON_INFO` (e.g. all testcases). + +The deciding factor here is "what dynamic linker unit are you using the symbol +from." If you're in a library function and want to know who called you, you +can't use `THIS_MODULE` (because that'll just tell you you're in the library). +Put a macro around your function that adds `THIS_MODULE` in the *caller's +code calling your function*. + +The idea is to use this in the future for module unloading. Hooks already +remember which module they were installed by, as groundwork for a function +that removes all of a module's installed hooks. + +There's also the `frr_module` symbol in modules, pretty much a standard entry +point for loadable modules. + + +## Hooks + +Hooks are just points in the code where you can register your callback to +be called. The parameter list is specific to the hook point. Since there is +no stable API, the hook code has some extra type safety checks making sure +you get a compiler warning when the hook parameter list doesn't match your +callback. Don't ignore these warnings. + + +## Relation to MTYPE macros + +The MTYPE macros, while primarily designed to decouple MTYPEs from the library +and beautify the code, also work very nicely with loadable modules -- both +constructors and destructors are executed when loading/unloading modules. + +This means there is absolutely no change required to MTYPEs, you can just use +them in a module and they will even clean up themselves when we implement +module unloading and an unload happens. In fact, it's impossible to create +a bug where unloading fails to de-register a MTYPE. diff --git a/doc/eigrpd.8.in b/doc/eigrpd.8.in new file mode 100644 index 000000000..ecac972bc --- /dev/null +++ b/doc/eigrpd.8.in @@ -0,0 +1,122 @@ +.TH EIGRPD 8 "6 May 2017" "@PACKAGE_FULLNAME@ EIGRP daemon" "Version @PACKAGE_VERSION@" +.SH NAME +eigrpd \- a EIGRP routing engine for use with @PACKAGE_FULLNAME@. +.SH SYNOPSIS +.B eigrpd +[ +.B \-dhrv +] [ +.B \-f +.I config-file +] [ +.B \-i +.I pid-file +] [ +.B \-P +.I port-number +] [ +.B \-A +.I vty-address +] [ +.B \-u +.I user +] [ +.B \-g +.I group +] [ +.B \-M +.I module:options +] +.SH DESCRIPTION +.B eigrpd +is a routing component that works with the +.B @PACKAGE_FULLNAME@ +routing engine. +.SH OPTIONS +Options available for the +.B eigrpd +command: +.SH OPTIONS +.TP +\fB\-d\fR, \fB\-\-daemon\fR +Runs in daemon mode, forking and exiting from tty. +.TP +\fB\-f\fR, \fB\-\-config-file \fR\fIconfig-file\fR +Specifies the config file to use for startup. If not specified this +option will default to \fB\fI@CFG_SYSCONF@/eigrpd.conf\fR. +.TP +\fB\-g\fR, \fB\-\-group \fR\fIgroup\fR +Specify the group to run as. Default is \fI@enable_group@\fR. +.TP +\fB\-h\fR, \fB\-\-help\fR +A brief message. +.TP +\fB\-i\fR, \fB\-\-pid_file \fR\fIpid-file\fR +When eigrpd starts its process identifier is written to +\fB\fIpid-file\fR. The init system uses the recorded PID to stop or +restart eigrpd. The default is \fB\fI@CFG_STATE@/eigrpd.pid\fR. +.TP +\fB\-P\fR, \fB\-\-vty_port \fR\fIport-number\fR +Specify the port that the eigrpd VTY will listen on. This defaults to +2602, as specified in \fB\fI/etc/services\fR. +.TP +\fB\-A\fR, \fB\-\-vty_addr \fR\fIvty-address\fR +Specify the address that the eigrpd VTY will listen on. Default is all +interfaces. +.TP +\fB\-u\fR, \fB\-\-user \fR\fIuser\fR +Specify the user to run as. Default is \fI@enable_user@\fR. +.TP +\fB\-r\fR, \fB\-\-retain\fR +When the program terminates, retain routes added by \fBeigrpd\fR. +.TP +\fB\-M\fR, \fB\-\-module \fR\fImodule:options\fR +Load a module at startup. May be specified more than once. +The \fBsnmp\fR module may be available for +\fBeigrpd\fR, if the package was built with SNMP support. +.TP +\fB\-v\fR, \fB\-\-version\fR +Print the version and exit. +.SH FILES +.TP +.BI @CFG_SBIN@/eigrpd +The default location of the +.B eigrpd +binary. +.TP +.BI @CFG_SYSCONF@/eigrpd.conf +The default location of the +.B eigrpd +config file. +.TP +.BI $(PWD)/eigrpd.log +If the +.B eigrpd +process is config'd to output logs to a file, then you will find this +file in the directory where you started \fBeigrpd\fR. +.SH WARNING +This man page is intended to be a quick reference for command line +options. The definitive document is the Info file \fB@PACKAGE_NAME@\fR. +.SH DIAGNOSTICS +The eigrpd process may log to standard output, to a VTY, to a log +file, or through syslog to the system logs. \fBeigrpd\fR supports many +debugging options, see the Info file, or the source for details. +.SH "SEE ALSO" +.BR bgpd (8), +.BR ripd (8), +.BR ripngd (8), +.BR ospfd (8), +.BR ospf6d (8), +.BR isisd (8), +.BR zebra (8), +.BR vtysh (1) +.SH BUGS +.B eigrpd +eats bugs for breakfast. If you have food for the maintainers try +.BI @PACKAGE_BUGREPORT@ +.SH AUTHORS +See +.BI http://www.zebra.org +and +.BI @PACKAGE_URL@ +or the Info file for an accurate list of authors. diff --git a/doc/eigrpd.texi b/doc/eigrpd.texi new file mode 100644 index 000000000..a3a82bbef --- /dev/null +++ b/doc/eigrpd.texi @@ -0,0 +1,216 @@ +@c -*-texinfo-*- +@c This is part of the Frr Manual. +@c @value{COPYRIGHT_STR} +@c See file frr.texi for copying conditions. +@node EIGRP +@chapter EIGRP + +EIGRP -- Routing Information Protocol is widely deployed interior gateway +routing protocol. EIGRP was developed in the 1990's. EIGRP is a +@dfn{distance-vector} protocol and is based on the @dfn{dual} algorithms. +As a distance-vector protocol, the EIGRP router send updates to its +neighbors as networks change, thus allowing the convergence to a +known topology. + +@command{eigrpd} supports EIGRP as described in RFC7868 + +@menu +* Starting and Stopping eigrpd:: +* EIGRP Configuration:: +* How to Announce EIGRP routes:: +* Show EIGRP Information:: +* EIGRP Debug Commands:: +@end menu + +@node Starting and Stopping eigrpd +@section Starting and Stopping eigrpd + +The default configuration file name of @command{eigrpd}'s is +@file{eigrpd.conf}. When invocation @command{eigrpd} searches directory +@value{INSTALL_PREFIX_ETC}. If @file{eigrpd.conf} is not there next +search current directory. If an integrated config is specified +configuration is written into frr.conf + +The EIGRP protocol requires interface information +maintained by @command{zebra} daemon. So running @command{zebra} +is mandatory to run @command{eigrpd}. Thus minimum sequence for running +EIGRP is like below: + +@example +@group +# zebra -d +# eigrpd -d +@end group +@end example + +Please note that @command{zebra} must be invoked before @command{eigrpd}. + +To stop @command{eigrpd}. Please use @command{kill `cat +/var/run/eigrpd.pid`}. Certain signals have special meanings to @command{eigrpd}. + +@table @samp +@item SIGHUP +@item SIGUSR1 +Rotate @command{eigrpd} Rotate the logfile. +@item SIGINT +@itemx SIGTERM +@command{eigrpd} sweeps all installed EIGRP routes then terminates properly. +@end table + +@command{eigrpd} invocation options. Common options that can be specified +(@pxref{Common Invocation Options}). + +@table @samp +@item -r +@itemx --retain +When the program terminates, retain routes added by @command{eigrpd}. +@end table + +@node EIGRP Configuration +@section EIGRP Configuration + +@deffn Command {router eigrp (1-65535)} {} +The @code{router eigrp} command is necessary to enable EIGRP. To disable +EIGRP, use the @code{no router eigrp (1-65535)} command. EIGRP must be enabled before carrying out any of the EIGRP commands. +@end deffn + +@deffn Command {no router eigrp (1-65535)} {} +Disable EIGRP. +@end deffn + +@deffn {EIGRP Command} {network @var{network}} {} +@deffnx {EIGRP Command} {no network @var{network}} {} +Set the EIGRP enable interface by @var{network}. The interfaces which +have addresses matching with @var{network} are enabled. + +This group of commands either enables or disables EIGRP interfaces between +certain numbers of a specified network address. For example, if the +network for 10.0.0.0/24 is EIGRP enabled, this would result in all the +addresses from 10.0.0.0 to 10.0.0.255 being enabled for EIGRP. The @code{no +network} command will disable EIGRP for the specified network. +@end deffn + +Below is very simple EIGRP configuration. Interface @code{eth0} and +interface which address match to @code{10.0.0.0/8} are EIGRP enabled. + +@example +@group +! +router eigrp 1 + network 10.0.0.0/8 +! +@end group +@end example + +Passive interface + +@deffn {EIGRP command} {passive-interface (@var{IFNAME}|default)} {} +@deffnx {EIGRP command} {no passive-interface @var{IFNAME}} {} +This command sets the specified interface to passive mode. On passive mode +interface, all receiving packets are ignored and eigrpd does +not send either multicast or unicast EIGRP packets except to EIGRP neighbors +specified with @code{neighbor} command. The interface may be specified +as @var{default} to make eigrpd default to passive on all interfaces. + +The default is to be passive on all interfaces. +@end deffn + +@node How to Announce EIGRP route +@section How to Announce EIGRP route + +@deffn {EIGRP command} {redistribute kernel} {} +@deffnx {EIGRP command} {redistribute kernel metric (1-4294967295) (0-4294967295) (0-255) (1-255) (1-65535)} {} +@deffnx {EIGRP command} {no redistribute kernel} {} +@code{redistribute kernel} redistributes routing information from +kernel route entries into the EIGRP tables. @code{no redistribute kernel} +disables the routes. +@end deffn + +@deffn {EIGRP command} {redistribute static} {} +@deffnx {EIGRP command} {redistribute static metric (1-4294967295) (0-4294967295) (0-255) (1-255) (1-65535)} {} +@deffnx {EIGRP command} {no redistribute static} {} +@code{redistribute static} redistributes routing information from +static route entries into the EIGRP tables. @code{no redistribute static} +disables the routes. +@end deffn + +@deffn {EIGRP command} {redistribute connected} {} +@deffnx {EIGRP command} {redistribute connected metric (1-4294967295) (0-4294967295) (0-255) (1-255) (1-65535)} {} +@deffnx {EIGRP command} {no redistribute connected} {} +Redistribute connected routes into the EIGRP tables. @code{no +redistribute connected} disables the connected routes in the EIGRP tables. +This command redistribute connected of the interface which EIGRP disabled. +The connected route on EIGRP enabled interface is announced by default. +@end deffn + +@deffn {EIGRP command} {redistribute ospf} {} +@deffnx {EIGRP command} {redistribute ospf metric (1-4294967295) (0-4294967295) (0-255) (1-255) (1-65535)} {} +@deffnx {EIGRP command} {no redistribute ospf} {} +@code{redistribute ospf} redistributes routing information from +ospf route entries into the EIGRP tables. @code{no redistribute ospf} +disables the routes. +@end deffn + +@deffn {EIGRP command} {redistribute bgp} {} +@deffnx {EIGRP command} {redistribute bgp metric (1-4294967295) (0-4294967295) (0-255) (1-255) (1-65535)} {} +@deffnx {EIGRP command} {no redistribute bgp} {} +@code{redistribute bgp} redistributes routing information from +bgp route entries into the EIGRP tables. @code{no redistribute bgp} +disables the routes. +@end deffn + +@node Show EIGRP Information +@section Show EIGRP Information + +To display EIGRP routes. + +@deffn Command {show ip eigrp topology} {} +Show EIGRP routes. +@end deffn + +The command displays all EIGRP routes. + +@c Exmaple here. + +@deffn Command {show ip eigrp topology} {} +The command displays current EIGRP status +@end deffn + +@example +@group +eigrpd> @b{show ip eigrp topology} +# show ip eigrp topo + +EIGRP Topology Table for AS(4)/ID(0.0.0.0) + +Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply + r - reply Status, s - sia Status + +P 10.0.2.0/24, 1 successors, FD is 256256, serno: 0 + via Connected, enp0s3 +@end group +@end example + +@node EIGRP Debug Commands +@section EIGRP Debug Commands + +Debug for EIGRP protocol. + +@deffn Command {debug eigrp packets} {} +Debug eigrp packets +@end deffn + +@code{debug eigrp} will show EIGRP packets that are sent and recevied. + +@deffn Command {debug eigrp transmit} {} +Debug eigrp transmit events +@end deffn + +@code{debug eigrp transmit} will display detailed information about the EIGRP transmit events. + +@deffn Command {show debugging eigrp} {} +Display @command{eigrpd}'s debugging option. +@end deffn + +@code{show debugging eigrp} will show all information currently set for eigrpd +debug. diff --git a/doc/frr.texi b/doc/frr.texi index 0478ec592..b08bb6fd0 100644 --- a/doc/frr.texi +++ b/doc/frr.texi @@ -90,6 +90,7 @@ for @value{PACKAGE_STRING}. @uref{http://www.frrouting.org,,Frr} is a fork of * OSPFv2:: * OSPFv3:: * ISIS:: +* NHRP:: * BGP:: * Configuring Frr as a Route Server:: * VNC and VNC-GW:: @@ -116,6 +117,7 @@ for @value{PACKAGE_STRING}. @uref{http://www.frrouting.org,,Frr} is a fork of @include ospfd.texi @include ospf6d.texi @include isisd.texi +@include nhrpd.texi @include bgpd.texi @include routeserver.texi @include vnc.texi diff --git a/doc/install.texi b/doc/install.texi index 595898277..9a98f4673 100644 --- a/doc/install.texi +++ b/doc/install.texi @@ -63,6 +63,9 @@ Do not build bgpd. @item --disable-bgp-announce Make @command{bgpd} which does not make bgp announcements at all. This feature is good for using @command{bgpd} as a BGP announcement listener. +@item --enable-datacenter +Enable system defaults to work as if in a Data Center. See defaults.h +for what is changed by this configure option. @item --enable-snmp Enable SNMP support. By default, SNMP support is disabled. @item --disable-ospfapi @@ -263,6 +266,7 @@ bgpd 2605/tcp # BGPd vty ospf6d 2606/tcp # OSPF6d vty ospfapi 2607/tcp # ospfapi isisd 2608/tcp # ISISd vty +nhrpd 2610/tcp # nhrpd vty pimd 2611/tcp # PIMd vty @end example diff --git a/doc/isisd.8.in b/doc/isisd.8.in index 9ffcbc618..542c28993 100644 --- a/doc/isisd.8.in +++ b/doc/isisd.8.in @@ -23,6 +23,9 @@ isisd \- an IS-IS routing engine for use with @PACKAGE_FULLNAME@. ] [ .B \-g .I group +] [ +.B \-M +.I module:options ] .SH DESCRIPTION .B isisd @@ -63,6 +66,11 @@ interfaces. \fB\-u\fR, \fB\-\-user \fR\fIuser\fR Specify the user to run as. Default is \fI@enable_user@\fR. .TP +\fB\-M\fR, \fB\-\-module \fR\fImodule:options\fR +Load a module at startup. May be specified more than once. +There are currently no such modules for +\fBisisd\fR in the base package. +.TP \fB\-v\fR, \fB\-\-version\fR Print the version and exit. .SH FILES diff --git a/doc/ldpd.8.in b/doc/ldpd.8.in index 1683de46c..2d68a31a5 100644 --- a/doc/ldpd.8.in +++ b/doc/ldpd.8.in @@ -23,6 +23,9 @@ ldpd \- an LDP engine for use with @PACKAGE_FULLNAME@. ] [ .B \-g .I group +] [ +.B \-M +.I module:options ] .SH DESCRIPTION .B ldpd @@ -63,6 +66,11 @@ interfaces. \fB\-u\fR, \fB\-\-user \fR\fIuser\fR Specify the user to run as. Default is \fI@enable_user@\fR. .TP +\fB\-M\fR, \fB\-\-module \fR\fImodule:options\fR +Load a module at startup. May be specified more than once. +There are currently no such modules for +\fBldpd\fR in the base package. +.TP \fB\-v\fR, \fB\-\-version\fR Print the version and exit. .SH FILES diff --git a/doc/main.texi b/doc/main.texi index 2e5045762..706baa25f 100644 --- a/doc/main.texi +++ b/doc/main.texi @@ -239,6 +239,16 @@ Routing entry for 10.0.0.0/8 These behave similarly to their ipv4 counterparts. @end deffn +@deffn Command {ipv6 route @var{network} from @var{srcprefix} @var{gateway}} {} +@deffnx Command {ipv6 route @var{network} from @var{srcprefix} @var{gateway} @var{distance}} {} +Install a static source-specific route. These routes are currently supported +on Linux operating systems only, and perform AND matching on packet's +destination and source addresses in the kernel's forwarding path. Note that +destination longest-prefix match is "more important" than source LPM, e.g. +@command{"2001:db8:1::/64 from 2001:db8::/48"} will win over +@command{"2001:db8::/48 from 2001:db8:1::/64"} if both match. +@end deffn + @deffn Command {table @var{tableno}} {} Select the primary kernel routing table to be used. This only works @@ -375,7 +385,8 @@ ip protocol rip route-map RM1 Zebra supports a 'FIB push' interface that allows an external component to learn the forwarding information computed by the Frr -routing suite. +routing suite. This is a loadable module that needs to be enabled +at startup as described in @ref{Loadable Module Support}. In Frr, the Routing Information Base (RIB) resides inside zebra. Routing protocols communicate their best routes to zebra, and @@ -430,9 +441,9 @@ independently. @end itemize As mentioned before, zebra encodes routes sent to the FPM in netlink -format by default. The format can be controlled via the -@code{--fpm_format} command-line option to zebra, which currently -takes the values @code{netlink} and @code{protobuf}. +format by default. The format can be controlled via the FPM module's +load-time option to zebra, which currently takes the values @code{netlink} +and @code{protobuf}. The zebra FPM interface uses replace semantics. That is, if a 'route add' message for a prefix is followed by another 'route add' message, diff --git a/doc/nhrpd.8.in b/doc/nhrpd.8.in new file mode 100644 index 000000000..09b662ae7 --- /dev/null +++ b/doc/nhrpd.8.in @@ -0,0 +1,113 @@ +.TH NHRP 8 "24 January 2017" "@PACKAGE_FULLNAME@ NHRP daemon" "Version @PACKAGE_VERSION@" +.SH NAME +nhrpd \- a Next Hop Routing Protocol routing engine for use with @PACKAGE_FULLNAME@. +.SH SYNOPSIS +.B nhrpd +[ +.B \-dhv +] [ +.B \-f +.I config-file +] [ +.B \-i +.I pid-file +] [ +.B \-P +.I port-number +] [ +.B \-A +.I vty-address +] [ +.B \-u +.I user +] [ +.B \-g +.I group +] [ +.B \-M +.I module:options +] +.SH DESCRIPTION +.B nhrpd +is a routing component that works with the +.B @PACKAGE_FULLNAME@ +routing engine. +.SH OPTIONS +Options available for the +.B nhrpd +command: +.TP +\fB\-d\fR, \fB\-\-daemon\fR +Runs in daemon mode, forking and exiting from tty. +.TP +\fB\-f\fR, \fB\-\-config-file \fR\fIconfig-file\fR +Specifies the config file to use for startup. If not specified this +option will likely default to \fB\fI@CFG_SYSCONF@/nhrpd.conf\fR. +.TP +\fB\-g\fR, \fB\-\-group \fR\fIgroup\fR +Specify the group to run as. Default is \fI@enable_group@\fR. +.TP +\fB\-h\fR, \fB\-\-help\fR +A brief message. +.TP +\fB\-i\fR, \fB\-\-pid_file \fR\fIpid-file\fR +When nhrpd starts its process identifier is written to +\fB\fIpid-file\fR. The init system uses the recorded PID to stop or +restart nhrpd. The likely default is \fB\fI@CFG_STATE@/nhrpd.pid\fR. +.TP +\fB\-P\fR, \fB\-\-vty_port \fR\fIport-number\fR +Specify the port that the nhrpd VTY will listen on. This defaults to +2610, as specified in \fB\fI/etc/services\fR. +.TP +\fB\-A\fR, \fB\-\-vty_addr \fR\fIvty-address\fR +Specify the address that the nhrpd VTY will listen on. Default is all +interfaces. +.TP +\fB\-u\fR, \fB\-\-user \fR\fIuser\fR +Specify the user to run as. Default is \fI@enable_user@\fR. +.TP +\fB\-M\fR, \fB\-\-module \fR\fImodule:options\fR +Load a module at startup. May be specified more than once. +There are currently no such modules for +\fBnhrpd\fR in the base package. +.TP +\fB\-v\fR, \fB\-\-version\fR +Print the version and exit. +.SH FILES +.TP +.BI @CFG_SBIN@/nhrpd +The default location of the +.B nhrpd +binary. +.TP +.BI @CFG_SYSCONF@/nhrpd.conf +The default location of the +.B nhrpd +config file. +.TP +.BI $(PWD)/nhrpd.log +If the +.B nhrpd +process is config'd to output logs to a file, then you will find this +file in the directory where you started \fBnhrpd\fR. +.SH WARNING +This man page is intended to be a quick reference for command line +options. The definitive document is the Info file \fB@PACKAGE_NAME@\fR. +.SH DIAGNOSTICS +The nhrpd process may log to standard output, to a VTY, to a log +file, or through syslog to the system logs. \fBnhrpd\fR supports many +debugging options, see the Info file, or the source for details. +.SH "SEE ALSO" +.BR bgpd (8), +.BR ripd (8), +.BR ripngd (8), +.BR ospfd (8), +.BR ospf6d (8), +.BR zebra (8), +.BR vtysh (1) + +.B nhrpd +eats bugs for breakfast. If you have food for the maintainers try +.BI @PACKAGE_BUGREPORT@ +.SH AUTHORS +Timo Teräs <timo.teras@iki.fi> diff --git a/doc/nhrpd.texi b/doc/nhrpd.texi new file mode 100644 index 000000000..069b46495 --- /dev/null +++ b/doc/nhrpd.texi @@ -0,0 +1,145 @@ +@cindex NHRP +@node NHRP +@chapter NHRP + +@command{nhrpd} is a daemon to support Next Hop Routing Protocol (NHRP). +NHRP is described in RFC2332. + +NHRP is used to improve the efficiency of routing computer network +traffic over Non-Broadcast, Multiple Access (NBMA) Networks. NHRP provides +an ARP-like solution that allows a system to dynamically learn the NBMA +address of the other systems that are part of that network, allowing +these systems to directly communicate without requiring traffic to use +an intermediate hop. + +Cisco Dynamic Multipoint VPN (DMVPN) is based on NHRP, and +@value{PACKAGE_NAME} nhrpd implements this scenario. + +@menu +* Routing Design:: +* Configuring NHRP:: +* Hub Functionality:: +* Integration with IKE:: +* NHRP Events:: +* Configuration Example:: +@end menu + +@node Routing Design +@section Routing Design + +nhrpd never handles routing of prefixes itself. You need to run some +real routing protocol (e.g. BGP) to advertise routes over the tunnels. +What nhrpd does it establishes 'shortcut routes' that optimizes the +routing protocol to avoid going through extra nodes in NBMA GRE mesh. + +nhrpd does route NHRP domain addresses individually using per-host prefixes. +This is similar to Cisco FlexVPN; but in contrast to opennhrp which uses +a generic subnet route. + +To create NBMA GRE tunnel you might use the following (linux terminal +commands): +@example +@group + ip tunnel add gre1 mode gre key 42 ttl 64 + ip addr add 10.255.255.2/32 dev gre1 + ip link set gre1 up +@end group +@end example + +Note that the IP-address is assigned as host prefix to gre1. nhrpd will +automatically create additional host routes pointing to gre1 when +a connection with these hosts is established. + +The gre1 subnet prefix should be announced by routing protocol from the +hub nodes (e.g. BGP 'network' announce). This allows the routing protocol +to decide which is the closest hub and determine the relay hub on prefix +basis when direct tunnel is not established. + +nhrpd will redistribute directly connected neighbors to zebra. Within +hub nodes, these routes should be internally redistributed using some +routing protocol (e.g. iBGP) to allow hubs to be able to relay all traffic. + +This can be achieved in hubs with the following bgp configuration (network +command defines the GRE subnet): +@example +@group +router bgp 65555 + address-family ipv4 unicast + network 172.16.0.0/16 + redistribute nhrp + exit-address-family +@end group +@end example + + +@node Configuring NHRP +@section Configuring NHRP + +FIXME + +@node Hub Functionality +@section Hub Functionality + +In addition to routing nhrp redistributed host prefixes, the hub nodes +are also responsible to send NHRP Traffic Indication messages that +trigger creation of the shortcut tunnels. + +nhrpd sends Traffic Indication messages based on network traffic captured +using NFLOG. Typically you want to send Traffic Indications for network +traffic that is routed from gre1 back to gre1 in rate limited manner. +This can be achieved with the following iptables rule. + +@example +@group +iptables -A FORWARD -i gre1 -o gre1 \ + -m hashlimit --hashlimit-upto 4/minute --hashlimit-burst 1 \ + --hashlimit-mode srcip,dstip --hashlimit-srcmask 24 --hashlimit-dstmask 24 \ + --hashlimit-name loglimit-0 -j NFLOG --nflog-group 1 --nflog-range 128 +@end group +@end example + +You can fine tune the src/dstmask according to the prefix lengths you +announce internal, add additional IP range matches, or rate limitation +if needed. However, the above should be good in most cases. + +This kernel NFLOG target's nflog-group is configured in global nhrp config +with: +@example +@group +nhrp nflog-group 1 +@end group +@end example + +To start sending these traffic notices out from hubs, use the nhrp +per-interface directive: +@example +@group +interface gre1 + ip nhrp redirect +@end group +@end example + +@node Integration with IKE +@section Integration with IKE + +nhrpd needs tight integration with IKE daemon for various reasons. +Currently only strongSwan is supported as IKE daemon. + +nhrpd connects to strongSwan using VICI protocol based on UNIX socket +(hardcoded now as /var/run/charon.vici). + +strongSwan currently needs few patches applied. Please check out the +@uref{http://git.alpinelinux.org/cgit/user/tteras/strongswan/log/?h=tteras-release,release} +and +@uref{http://git.alpinelinux.org/cgit/user/tteras/strongswan/log/?h=tteras,working tree} +git repositories for the patches. + +@node NHRP Events +@section NHRP Events + +FIXME + +@node Configuration Example +@section Configuration Example + +FIXME diff --git a/doc/ospf6d.8.in b/doc/ospf6d.8.in index 7f94782be..02d9d8083 100644 --- a/doc/ospf6d.8.in +++ b/doc/ospf6d.8.in @@ -23,6 +23,9 @@ ospf6d \- an OSPFv3 routing engine for use with @PACKAGE_FULLNAME@. ] [ .B \-g .I group +] [ +.B \-M +.I module:options ] .SH DESCRIPTION .B ospf6d @@ -64,6 +67,11 @@ interfaces. \fB\-u\fR, \fB\-\-user \fR\fIuser\fR Specify the user to run as. Default is \fI@enable_user@\fR. .TP +\fB\-M\fR, \fB\-\-module \fR\fImodule:options\fR +Load a module at startup. May be specified more than once. +The \fBsnmp\fR module may be available for +\fBospf6d\fR, if the package was built with SNMP support. +.TP \fB\-v\fR, \fB\-\-version\fR Print the version and exit. .SH FILES diff --git a/doc/ospfd.8.in b/doc/ospfd.8.in index 1b86551ca..6bad77771 100644 --- a/doc/ospfd.8.in +++ b/doc/ospfd.8.in @@ -23,6 +23,9 @@ ospfd \- an OSPFv2 routing engine for use with @PACKAGE_FULLNAME@. ] [ .B \-g .I group +] [ +.B \-M +.I module:options ] .SH DESCRIPTION .B ospfd @@ -66,6 +69,11 @@ Specify the user to run as. Default is \fI@enable_user@\fR. \fB\-a\fR, \fB\-\-apiserver \fR Enable OSPF apiserver. Default is disabled. .TP +\fB\-M\fR, \fB\-\-module \fR\fImodule:options\fR +Load a module at startup. May be specified more than once. +The \fBsnmp\fR module may be available for +\fBospfd\fR, if the package was built with SNMP support. +.TP \fB\-v\fR, \fB\-\-version\fR Print the version and exit. .SH FILES diff --git a/doc/pimd.8.in b/doc/pimd.8.in index 60b844b1e..3fb060e56 100644 --- a/doc/pimd.8.in +++ b/doc/pimd.8.in @@ -26,6 +26,9 @@ pimd \- a PIM routing for use with @PACKAGE_FULLNAME@. ] [ .B \-g .I group +] [ +.B \-M +.I module:options ] .SH DESCRIPTION .B pimd @@ -70,6 +73,11 @@ interfaces. \fB\-u\fR, \fB\-\-user \fR\fIuser\fR Specify the user to run as. Default is \fI@enable_user@\fR. .TP +\fB\-M\fR, \fB\-\-module \fR\fImodule:options\fR +Load a module at startup. May be specified more than once. +There are currently no such modules for +\fBpimd\fR in the base package. +.TP \fB\-v\fR, \fB\-\-version\fR Print the version and exit. .TP diff --git a/doc/ripd.8.in b/doc/ripd.8.in index 6db5ac364..a84668e6d 100644 --- a/doc/ripd.8.in +++ b/doc/ripd.8.in @@ -23,6 +23,9 @@ ripd \- a RIP routing engine for use with @PACKAGE_FULLNAME@. ] [ .B \-g .I group +] [ +.B \-M +.I module:options ] .SH DESCRIPTION .B ripd @@ -67,6 +70,11 @@ Specify the user to run as. Default is \fI@enable_user@\fR. \fB\-r\fR, \fB\-\-retain\fR When the program terminates, retain routes added by \fBripd\fR. .TP +\fB\-M\fR, \fB\-\-module \fR\fImodule:options\fR +Load a module at startup. May be specified more than once. +The \fBsnmp\fR module may be available for +\fBripd\fR, if the package was built with SNMP support. +.TP \fB\-v\fR, \fB\-\-version\fR Print the version and exit. .SH FILES diff --git a/doc/ripngd.8.in b/doc/ripngd.8.in index 4c5f2bb11..98039219a 100644 --- a/doc/ripngd.8.in +++ b/doc/ripngd.8.in @@ -23,6 +23,9 @@ ripngd \- a RIPNG routing engine for use with @PACKAGE_FULLNAME@. ] [ .B \-g .I group +] [ +.B \-M +.I module:options ] .SH DESCRIPTION .B ripngd @@ -67,6 +70,11 @@ Specify the user to run as. Default is \fI@enable_user@\fR. \fB\-r\fR, \fB\-\-retain\fR When the program terminates, retain routes added by \fBripd\fR. .TP +\fB\-M\fR, \fB\-\-module \fR\fImodule:options\fR +Load a module at startup. May be specified more than once. +There are currently no such modules for +\fBripngd\fR in the base package. +.TP \fB\-v\fR, \fB\-\-version\fR Print the version and exit. .SH FILES diff --git a/doc/snmp.texi b/doc/snmp.texi index c2c889de7..d9656941d 100644 --- a/doc/snmp.texi +++ b/doc/snmp.texi @@ -8,6 +8,10 @@ but is able to connect to a SNMP agent using the SMUX protocol (@cite{RFC1227}) or the AgentX protocol (@cite{RFC2741}) and make the routing protocol MIBs available through it. +Note that SNMP Support needs to be enabled at compile-time and loaded as +module on daemon startup. Refer to @ref{Loadable Module Support} on +the latter. + @menu * Getting and installing an SNMP agent:: * AgentX configuration:: diff --git a/doc/vnc.texi b/doc/vnc.texi index f375d3a7d..b14899421 100644 --- a/doc/vnc.texi +++ b/doc/vnc.texi @@ -1115,18 +1115,21 @@ The configuration for @code{VNC-GW 1} is shown below. router bgp 64512 bgp router-id 192.168.1.101 bgp cluster-id 1.2.3.4 - redistribute vnc-direct neighbor 192.168.1.102 remote-as 64512 - no neighbor 192.168.1.102 activate neighbor 192.168.1.103 remote-as 64512 - no neighbor 192.168.1.103 activate neighbor 192.168.1.104 remote-as 64512 - no neighbor 192.168.1.104 activate neighbor 172.16.1.2 remote-as 64512 - neighbor 172.16.1.2 route-reflector-client neighbor 172.16.2.2 remote-as 64512 - neighbor 172.16.2.2 route-reflector-client -! + ! + address-family ipv4 unicast + redistribute vnc-direct + no neighbor 192.168.1.102 activate + no neighbor 192.168.1.103 activate + no neighbor 192.168.1.104 activate + neighbor 172.16.1.2 route-reflector-client + neighbor 172.16.2.2 route-reflector-client + exit-address-family + ! address-family vpnv4 unicast neighbor 192.168.1.102 activate neighbor 192.168.1.103 activate @@ -1148,16 +1151,21 @@ Configuration for @code{NVA 2}: router bgp 64512 bgp router-id 192.168.1.104 neighbor 192.168.1.101 remote-as 64512 - no neighbor 192.168.1.101 activate neighbor 192.168.1.102 remote-as 64512 - no neighbor 192.168.1.102 activate neighbor 192.168.1.103 remote-as 64512 - no neighbor 192.168.1.103 activate + ! + address-family ipv4 unicast + no neighbor 192.168.1.101 activate + no neighbor 192.168.1.102 activate + no neighbor 192.168.1.103 activate + exit-address-family + ! address-family vpnv4 unicast neighbor 192.168.1.101 activate neighbor 192.168.1.102 activate neighbor 192.168.1.103 activate exit-address-family + ! vnc defaults response-lifetime 3600 exit-vnc @@ -1231,12 +1239,15 @@ router bgp 64512 neighbor 192.168.1.101 remote-as 64512 neighbor 192.168.1.101 port 7179 neighbor 192.168.1.101 description iBGP-client-192-168-1-101 - neighbor 192.168.1.101 route-reflector-client neighbor 192.168.1.102 remote-as 64512 neighbor 192.168.1.102 port 7179 neighbor 192.168.1.102 description iBGP-client-192-168-1-102 - neighbor 192.168.1.102 route-reflector-client + + address-family ipv4 unicast + neighbor 192.168.1.101 route-reflector-client + neighbor 192.168.1.102 route-reflector-client + exit-address-family address-family vpnv4 neighbor 192.168.1.101 activate diff --git a/doc/watchfrr.8.in b/doc/watchfrr.8.in index 813f87abd..82098e1b0 100644 --- a/doc/watchfrr.8.in +++ b/doc/watchfrr.8.in @@ -108,13 +108,13 @@ Set the logging (LOG_DEBUG), but higher number can be supplied if extra debugging messages are required. .TP -.BI \-m " number" "\fR, \fB\-\-min\-restart\-interval " number +.BI \-\-min\-restart\-interval " number Set the minimum .I number of seconds to wait between invocations of the daemon restart commands (the default value is "60"). .TP -.BI \-M " number" "\fR, \fB\-\-max\-restart\-interval " number +.BI \-\-max\-restart\-interval " number Set the maximum .I number of seconds to wait between invocations of the daemon restart commands (the diff --git a/doc/zebra.8.in b/doc/zebra.8.in index e7d00e10a..f5b8bd4d8 100644 --- a/doc/zebra.8.in +++ b/doc/zebra.8.in @@ -23,6 +23,9 @@ zebra \- a routing manager for use with associated @PACKAGE_FULLNAME@ components ] [ .B \-g .I group +] [ +.B \-M +.I module:options ] .SH DESCRIPTION .B zebra @@ -86,6 +89,14 @@ maximum before starting zebra. Note that this affects Linux only. .TP +\fB\-M\fR, \fB\-\-module \fR\fImodule:options\fR +Load a module at startup. May be specified more than once. +The \fBsnmp\fR and \fBfpm\fR modules may be +available for \fBzebra\fR, if the package was built with SNMP and FPM support +respectively. The \fBfpm\fR module takes an additional colon-separated +argument specifying the encapsulation, either \fBnetlink\fR or \fBprotobuf\fR. +It should thus be loaded with \fB-M fpm:netlink\fR or \fB-M fpm:protobuf\fR. +.TP \fB\-v\fR, \fB\-\-version\fR Print the version and exit. .SH FILES @@ -119,6 +130,7 @@ debugging options, see the Info file, or the source for details. .BR ospfd (8), .BR ospf6d (8), .BR isisd (8), +.BR nhrpd (8), .BR vtysh (1) .SH BUGS .B zebra |