1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
|
.. _basic-commands:
**************
Basic Commands
**************
The following sections discuss commands common to all the routing daemons.
.. _config-commands:
Config Commands
===============
.. index:: Configuration files for running the software
.. index:: Files for running configurations
.. index:: Modifying the herd's behavior
.. index:: Getting the herd running
In a config file, you can write the debugging options, a vty's password,
routing daemon configurations, a log file name, and so forth. This information
forms the initial command set for a routing beast as it is starting.
Config files are generally found in |INSTALL_PREFIX_ETC|.
Each of the daemons has its own config file. The daemon name plus ``.conf`` is
the default config file name. For example, zebra's default config file name is
:file:`zebra.conf`. You can specify a config file using the :option:`-f` or
:option:`--config_file` options when starting the daemon.
.. _basic-config-commands:
Basic Config Commands
---------------------
.. index:: hostname HOSTNAME
.. clicmd:: hostname HOSTNAME
Set hostname of the router.
.. index::
single: no password PASSWORD
single: password PASSWORD
.. clicmd:: [no] password PASSWORD
Set password for vty interface. The ``no`` form of the command deletes the
password. If there is no password, a vty won't accept connections.
.. index::
single: no enable password PASSWORD
single: enable password PASSWORD
.. clicmd:: [no] enable password PASSWORD
Set enable password. The ``no`` form of the command deletes the enable
password.
.. index::
single: no log trap [LEVEL]
single: log trap LEVEL
.. clicmd:: [no] log trap LEVEL
These commands are deprecated and are present only for historical
compatibility. The log trap command sets the current logging level for all
enabled logging destinations, and it sets the default for all future logging
commands that do not specify a level. The normal default logging level is
debugging. The ``no`` form of the command resets the default level for
future logging commands to debugging, but it does not change the logging
level of existing logging destinations.
.. index::
single: no log stdout [LEVEL]
single: log stdout [LEVEL]
.. clicmd:: [no] log stdout LEVEL
Enable logging output to stdout. If the optional second argument specifying
the logging level is not present, the default logging level (typically
debugging) will be used. The ``no`` form of the command disables logging to
stdout. The ``LEVEL`` argument must have one of these values: emergencies,
alerts, critical, errors, warnings, notifications, informational, or
debugging. Note that the existing code logs its most important messages with
severity ``errors``.
.. index::
single: no log file [FILENAME [LEVEL]]
single: log file FILENAME [LEVEL]
.. clicmd:: [no] log file [FILENAME [LEVEL]]
If you want to log into a file, please specify ``filename`` as
in this example:
::
log file /var/log/frr/bgpd.log informational
If the optional second argument specifying the logging level is not present,
the default logging level (typically debugging, but can be changed using the
deprecated ``log trap`` command) will be used. The ``no`` form of the command
disables logging to a file.
.. note::
If you do not configure any file logging, and a daemon crashes due to a
signal or an assertion failure, it will attempt to save the crash
information in a file named :file:`/var/tmp/frr.<daemon name>.crashlog`.
For security reasons, this will not happen if the file exists already, so
it is important to delete the file after reporting the crash information.
.. index::
single: no log syslog [LEVEL]
single: log syslog [LEVEL]
.. clicmd:: [no] log syslog [LEVEL]
Enable logging output to syslog. If the optional second argument specifying
the logging level is not present, the default logging level (typically
debugging, but can be changed using the deprecated ``log trap`` command) will
be used. The ``no`` form of the command disables logging to syslog.
.. index::
single: no log monitor [LEVEL]
single: log monitor [LEVEL]
.. clicmd:: [no] log monitor [LEVEL]
Enable logging output to vty terminals that have enabled logging using the
``terminal monitor`` command. By default, monitor logging is enabled at the
debugging level, but this command (or the deprecated ``log trap`` command)
can be used to change the monitor logging level. If the optional second
argument specifying the logging level is not present, the default logging
level (typically debugging) will be used. The ``no`` form of the command
disables logging to terminal monitors.
.. index::
single: no log facility [FACILITY]
single: log facility [FACILITY]
.. clicmd:: [no] log facility [FACILITY]
This command changes the facility used in syslog messages. The default
facility is ``daemon``. The ``no`` form of the command resets the facility
to the default ``daemon`` facility.
.. index::
single: no log record-priority
single: log record-priority
.. clicmd:: [no] log record-priority
To include the severity in all messages logged to a file, to stdout, or to
a terminal monitor (i.e. anything except syslog),
use the ``log record-priority`` global configuration command.
To disable this option, use the ``no`` form of the command. By default,
the severity level is not included in logged messages. Note: some
versions of syslogd (including Solaris) can be configured to include
the facility and level in the messages emitted.
.. index::
single: log timestamp precision (0-6)
single: [no] log timestamp precision (0-6)
.. clicmd:: [no] log timestamp precision [(0-6)]
This command sets the precision of log message timestamps to the given
number of digits after the decimal point. Currently, the value must be in
the range 0 to 6 (i.e. the maximum precision is microseconds). To restore
the default behavior (1-second accuracy), use the ``no`` form of the
command, or set the precision explicitly to 0.
::
log timestamp precision 3
In this example, the precision is set to provide timestamps with
millisecond accuracy.
.. index:: log commands
.. clicmd:: log commands
This command enables the logging of all commands typed by a user to all
enabled log destinations. The note that logging includes full command lines,
including passwords. Once set, command logging can only be turned off by
restarting the daemon.
.. index:: service password-encryption
.. clicmd:: service password-encryption
Encrypt password.
.. index:: service advanced-vty
.. clicmd:: service advanced-vty
Enable advanced mode VTY.
.. index:: service terminal-length (0-512)
.. clicmd:: service terminal-length (0-512)
Set system wide line configuration. This configuration command applies to
all VTY interfaces.
.. index:: line vty
.. clicmd:: line vty
Enter vty configuration mode.
.. index:: banner motd default
.. clicmd:: banner motd default
Set default motd string.
.. index:: no banner motd
.. clicmd:: no banner motd
No motd banner string will be printed.
.. index:: exec-timeout MINUTE [SECOND]
.. clicmd:: exec-timeout MINUTE [SECOND]
Set VTY connection timeout value. When only one argument is specified
it is used for timeout value in minutes. Optional second argument is
used for timeout value in seconds. Default timeout value is 10 minutes.
When timeout value is zero, it means no timeout.
.. index:: no exec-timeout
.. clicmd:: no exec-timeout
Do not perform timeout at all. This command is as same as
``exec-timeout 0 0``.
.. index:: access-class ACCESS-LIST
.. clicmd:: access-class ACCESS-LIST
Restrict vty connections with an access list.
.. _sample-config-file:
Sample Config File
------------------
Below is a sample configuration file for the zebra daemon.
.. code-block:: frr
!
! Zebra configuration file
!
hostname Router
password zebra
enable password zebra
!
log stdout
!
!
``!`` and ``#`` are comment characters. If the first character of the word is
one of the comment characters then from the rest of the line forward will be
ignored as a comment.
.. code-block:: frr
password zebra!password
If a comment character is not the first character of the word, it's a normal
character. So in the above example ``!`` will not be regarded as a comment and
the password is set to ``zebra!password``.
.. _terminal-mode-commands:
Terminal Mode Commands
======================
.. index:: write terminal
.. clicmd:: write terminal
Displays the current configuration to the vty interface.
.. index:: write file
.. clicmd:: write file
Write current configuration to configuration file.
.. index:: configure [terminal]
.. clicmd:: configure [terminal]
Change to configuration mode. This command is the first step to
configuration.
.. index:: terminal length (0-512)
.. clicmd:: terminal length (0-512)
Set terminal display length to ``(0-512)``. If length is 0, no display
control is performed.
.. index:: who
.. clicmd:: who
Show a list of currently connected vty sessions.
.. index:: list
.. clicmd:: list
List all available commands.
.. index:: show version
.. clicmd:: show version
Show the current version of |PACKAGE_NAME| and its build host information.
.. index:: show logging
.. clicmd:: show logging
Shows the current configuration of the logging system. This includes the
status of all logging destinations.
.. index:: show memory
.. clicmd:: show memory
Show information on how much memory is used for which specific things in
|PACKAGE_NAME|. Output may vary depending on system capabilities but will
generally look something like this:
::
frr# show memory
System allocator statistics:
Total heap allocated: 1584 KiB
Holding block headers: 0 bytes
Used small blocks: 0 bytes
Used ordinary blocks: 1484 KiB
Free small blocks: 2096 bytes
Free ordinary blocks: 100 KiB
Ordinary blocks: 2
Small blocks: 60
Holding blocks: 0
(see system documentation for 'mallinfo' for meaning)
--- qmem libfrr ---
Buffer : 3 24 72
Buffer data : 1 4120 4120
Host config : 3 (variably sized) 72
Command Tokens : 3427 72 247160
Command Token Text : 2555 (variably sized) 83720
Command Token Help : 2555 (variably sized) 61720
Command Argument : 2 (variably sized) 48
Command Argument Name : 641 (variably sized) 15672
[...]
--- qmem Label Manager ---
--- qmem zebra ---
ZEBRA VRF : 1 912 920
Route Entry : 11 80 968
Static route : 1 192 200
RIB destination : 8 48 448
RIB table info : 4 16 96
Nexthop tracking object : 1 200 200
Zebra Name Space : 1 312 312
--- qmem Table Manager ---
To understand system allocator statistics, refer to your system's
:manpage:`mallinfo(3)` man page.
Below these statistics, statistics on individual memory allocation types
in |PACKAGE_NAME| (so-called `MTYPEs`) is printed:
* the first column of numbers is the current count of allocations made for
the type (the number decreases when items are freed.)
* the second column is the size of each item. This is only available if
allocations on a type are always made with the same size.
* the third column is the total amount of memory allocated for the
particular type, including padding applied by malloc. This means that
the number may be larger than the first column multiplied by the second.
Overhead incurred by malloc's bookkeeping is not included in this, and
the column may be missing if system support is not available.
When executing this command from ``vtysh``, each of the daemons' memory
usage is printed sequentially.
.. index:: logmsg LEVEL MESSAGE
.. clicmd:: logmsg LEVEL MESSAGE
Send a message to all logging destinations that are enabled for messages of
the given severity.
.. index:: find COMMAND...
.. clicmd:: find COMMAND...
This command performs a simple substring search across all defined commands
in all modes. As an example, suppose you're in enable mode and can't
remember where the command to turn OSPF segment routing on is:
::
frr# find segment-routing on
(ospf) segment-routing on
The CLI mode is displayed next to each command. In this example,
:clicmd:`segment-routing on` is under the `router ospf` mode.
Similarly, suppose you want a listing of all commands that contain "l2vpn":
::
frr# find l2vpn
(view) show [ip] bgp l2vpn evpn [json]
(view) show [ip] bgp l2vpn evpn all <A.B.C.D|A.B.C.D/M> [json]
(view) show [ip] bgp l2vpn evpn all neighbors A.B.C.D advertised-routes [json]
(view) show [ip] bgp l2vpn evpn all neighbors A.B.C.D routes [json]
(view) show [ip] bgp l2vpn evpn all overlay
...
.. _common-invocation-options:
Common Invocation Options
=========================
These options apply to all |PACKAGE_NAME| daemons.
.. option:: -d, --daemon
Run in daemon mode.
.. option:: -f, --config_file <file>
Set configuration file name.
.. option:: -h, --help
Display this help and exit.
.. option:: -i, --pid_file <file>
Upon startup the process identifier of the daemon is written to a file,
typically in :file:`/var/run`. This file can be used by the init system
to implement commands such as ``.../init.d/zebra status``,
``.../init.d/zebra restart`` or ``.../init.d/zebra stop``.
The file name is an run-time option rather than a configure-time option so
that multiple routing daemons can be run simultaneously. This is useful when
using |PACKAGE_NAME| to implement a routing looking glass. One machine can
be used to collect differing routing views from differing points in the
network.
.. option:: -A, --vty_addr <address>
Set the VTY local address to bind to. If set, the VTY socket will only be
bound to this address.
.. option:: -P, --vty_port <port>
Set the VTY TCP port number. If set to 0 then the TCP VTY sockets will not
be opened.
.. option:: -u <user>
Set the user and group to run as.
.. option:: -v, --version
Print program version.
.. option:: --log <stdout|syslog|file:/path/to/log/file>
When initializing the daemon, setup the log to go to either stdout,
syslog or to a file. These values will be displayed as part of
a show run. Additionally they can be overridden at runtime if
desired via the normal log commands.
.. option:: --log-level <emergencies|alerts|critical|errors|warnings|notifications|informational|debugging>
When initializing the daemon, allow the specification of a default
log level at startup from one of the specified levels.
.. option:: --tcli
Enable the transactional CLI mode.
.. _loadable-module-support:
Loadable Module Support
=======================
FRR supports loading extension modules at startup. Loading, reloading or
unloading modules at runtime is not supported (yet). To load a module, use
the following command line option at daemon startup:
.. option:: -M, --module <module:options>
Load the specified module, optionally passing options to it. If the module
name contains a slash (/), it is assumed to be a full pathname to a file to
be loaded. If it does not contain a slash, the |INSTALL_PREFIX_MODULES|
directory is searched for a module of the given name; first with the daemon
name prepended (e.g. ``zebra_mod`` for ``mod``), then without the daemon
name prepended.
This option is available on all daemons, though some daemons may not have
any modules available to be loaded.
The SNMP Module
---------------
If SNMP is enabled during compile-time and installed as part of the package,
the ``snmp`` module can be loaded for the *Zebra*, *bgpd*, *ospfd*, *ospf6d*
and *ripd* daemons.
The module ignores any options passed to it. Refer to :ref:`snmp-support` for
information on its usage.
The FPM Module
--------------
If FPM is enabled during compile-time and installed as part of the package, the
``fpm`` module can be loaded for the *zebra* daemon. This provides the
Forwarding Plane Manager ("FPM") API.
The module expects its argument to be either ``Netlink`` or ``protobuf``,
specifying the encapsulation to use. ``Netlink`` is the default, and
``protobuf`` may not be available if the module was built without protobuf
support. Refer to :ref:`zebra-fib-push-interface` for more information.
.. _virtual-terminal-interfaces:
Virtual Terminal Interfaces
===========================
VTY -- Virtual Terminal [aka TeletYpe] Interface is a command line
interface (CLI) for user interaction with the routing daemon.
.. _vty-overview:
VTY Overview
------------
VTY stands for Virtual TeletYpe interface. It means you can connect to
the daemon via the telnet protocol.
To enable a VTY interface, you have to setup a VTY password. If there
is no VTY password, one cannot connect to the VTY interface at all.
::
% telnet localhost 2601
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Hello, this is |PACKAGE_NAME| (version |PACKAGE_VERSION|)
|COPYRIGHT_STR|
User Access Verification
Password: XXXXX
Router> ?
enable . . . Turn on privileged commands
exit . . . Exit current mode and down to previous mode
help . . . Description of the interactive help system
list . . . Print command list
show . . . Show system inform
wh. . . Display who is on a vty
Router> enable
Password: XXXXX
Router# configure terminal
Router(config)# interface eth0
Router(config-if)# ip address 10.0.0.1/8
Router(config-if)# ^Z
Router#
.. _vty-modes:
VTY Modes
---------
There are three basic VTY modes:
There are commands that may be restricted to specific VTY modes.
.. _vty-view-mode:
VTY View Mode
^^^^^^^^^^^^^
This mode is for read-only access to the CLI. One may exit the mode by
leaving the system, or by entering `enable` mode.
.. _vty-enable-mode:
VTY Enable Mode
^^^^^^^^^^^^^^^
This mode is for read-write access to the CLI. One may exit the mode by
leaving the system, or by escaping to view mode.
.. _vty-other-modes:
VTY Other Modes
^^^^^^^^^^^^^^^
This page is for describing other modes.
.. _vty-cli-commands:
VTY CLI Commands
----------------
Commands that you may use at the command-line are described in the following
three subsubsections.
.. _cli-movement-commands:
CLI Movement Commands
^^^^^^^^^^^^^^^^^^^^^
These commands are used for moving the CLI cursor. The :kbd:`C` character
means press the Control Key.
:kbd:`C-f` / :kbd:`LEFT`
Move forward one character.
:kbd:`C-b` / :kbd:`RIGHT`
Move backward one character.
:kbd:`M-f`
Move forward one word.
:kbd:`M-b`
Move backward one word.
:kbd:`C-a`
Move to the beginning of the line.
:kbd:`C-e`
Move to the end of the line.
.. _cli-editing-commands:
CLI Editing Commands
^^^^^^^^^^^^^^^^^^^^
These commands are used for editing text on a line. The :kbd:`C`
character means press the Control Key.
:kbd:`C-h` / :kbd:`DEL`
Delete the character before point.
:kbd:`C-d`
Delete the character after point.
:kbd:`M-d`
Forward kill word.
:kbd:`C-w`
Backward kill word.
:kbd:`C-k`
Kill to the end of the line.
:kbd:`C-u`
Kill line from the beginning, erasing input.
:kbd:`C-t`
Transpose character.
CLI Advanced Commands
^^^^^^^^^^^^^^^^^^^^^
There are several additional CLI commands for command line completions,
insta-help, and VTY session management.
:kbd:`C-c`
Interrupt current input and moves to the next line.
:kbd:`C-z`
End current configuration session and move to top node.
:kbd:`C-n` / :kbd:`DOWN`
Move down to next line in the history buffer.
:kbd:`C-p` / :kbd:`UP`
Move up to previous line in the history buffer.
:kbd:`TAB`
Use command line completion by typing :kbd:`TAB`.
:kbd:`?`
You can use command line help by typing ``help`` at the beginning of the
line. Typing :kbd:`?` at any point in the line will show possible
completions.
Pipe Actions
^^^^^^^^^^^^
VTY supports optional modifiers at the end of commands that perform
postprocessing on command output or modify the action of commands. These do not
show up in the :kbd:`?` or :kbd:`TAB` suggestion lists.
``... | include REGEX``
Filters the output of the preceding command, including only lines which
match the POSIX Extended Regular Expression ``REGEX``. Do not put the regex
in quotes.
Examples:
::
frr# show ip bgp sum json | include remoteAs
"remoteAs":0,
"remoteAs":455,
"remoteAs":99,
::
frr# show run | include neigh.*[0-9]{2}\.0\.[2-4]\.[0-9]*
neighbor 10.0.2.106 remote-as 99
neighbor 10.0.2.107 remote-as 99
neighbor 10.0.2.108 remote-as 99
neighbor 10.0.2.109 remote-as 99
neighbor 10.0.2.110 remote-as 99
neighbor 10.0.3.111 remote-as 111
|