Protocol statements enable or disable protocols and set protocol options. The protocol statements occur after the definition statements and before the static statements. There are many protocol statements, and more may be added at any time. There are statements for the various interior and exterior routing protocols and for other things that are not really routing protocols.
In this section we begin with the interior protocols, move on to the exterior protocols, and finish with the special "protocols."
ospf yes | no | on | off [{ defaults { preference preference ; cost cost ; tag [as] tag ; type 1 | 2 ; inherit-metric; } ; exportlimit routes ; exportinterval time ; traceoptions trace_options ; syslog [first count] [every count]; monitorauthkey key ; backbone | area number { authtype 0 | 1 | none | simple ; stub [cost cost] ; networks { address [mask mask | masklen number] [restrict] ; host address [restrict] ; } ; stubhosts { address cost cost ; } ; interface interface_list [nonbroadcast] [cost cost] { pollinterval time ; routers { address [eligible] ; } ; interface_parameters } ; virtuallink neighborid router_id transitarea area { interface_parameters } ; } ; } ] ;
The ospf statement enables or disables the Open Shortest Path First (OSPF) routing protocol. By default, OSPF is disabled. It is enabled by specifying yes or on (it doesn't matter which you use) and it is disabled with no or off.
|
The ospf statement has many configuration parameters:
Defines the defaults used when importing OSPF routes from an external autonomous system and announcing those routes to other OSPF routers. The link-state advertisement (LSA) used to announce these routes is called an ASE (autonomous system external) because it contains routes from external autonomous systems. See the description of OSPF in Chapter 7.
Defines the preference of OSPF ASE routes. The default is 150.
Defines the cost used when advertising a non-OSPF route in an ASE. The default is 1.
Defines the OSPF ASE tag value. The tag is not used by the OSPF protocol but may be used by an export policy to filter routes. (See the export statement later in this appendix.) When the as keyword is specified, the tag field may contain AS path information.
Defines the type of ASE used. The default is type 1. Type 1 contains routes learned from an external protocol that provides a metric directly comparable to the OSPF metric. The metric is added to the cost of reaching the border router when routes are advertised. A type 2 ASE contains routes learned from an exterior gateway protocol that does not provide a routing metric comparable to the OSPF metric. These routes are advertised with the cost of reaching the border router. See Chapter 7.
Directs gated to use the external metric for ASE routes if no metric is defined in the export statement.
Defines the maximum number of ASE LSAs that will be flooded at one time. The default is 100.
Defines how frequently ASE link-state advertisements are flooded to the network. The default is once per second.
Defines the tracing used to debug OSPF. In addition to the standard trace flags, OSPF supports:
Traces construction of link-state advertisements (LSAs).
Traces the Shortest Path First (SPF) calculations.
Traces the OSPF HELLO packets.
Traces the OSPF Database Description packets.
Traces the OSPF Link-State Request packets.
Traces the OSPF Link-State Update packets.
Traces the OSPF Link-State Ack packets.
Defines packet capture parameters. first specifies the number of packets captured for each type of OSPF packet. every specifies how often packets are captured after the initial group is captured. For example, if count is set to 50, every fiftieth packet of each type is captured.
Defines the password used for ospf_monitor queries. By default these queries are not authenticated. If monitorauthkey is specified, incoming queries must contain the specified password.
Defines the OSPF area of which this router is a member. Every router must belong to an area. If more than one area is configured, at least one must be the backbone. The backbone is defined using the backbone keyword. All other areas are defined by the area keyword and the number of the area, e.g., area 1. See Chapter 7 for a discussion of OSPF areas. Several configuration parameters are associated with each area:
Specifies that this is a stub area. A stub area is one in which there are no ASE routes. If a cost is specified, it is used to advertise a default route into the stub area.
Defines the range of networks contained within this area. The specified ranges are advertised into other areas as summary network LSAs and not as inter-area routes. If restrict is specified, the summary network LSAs are not advertised. The entries in the networks list are either specified as a host address by using the host keyword before the address, or as a network address by simply specifying the address. An address mask can be defined for a network address. The mask can be defined in dotted decimal notation using the mask keyword or as a numeric prefix length using the masklen keyword. The address masks mask 255.255.0.0 and masklen 16 are equivalent. If no address mask is specified, the natural mask is used. This option can reduce the amount of routing information propagated between areas.
Lists the directly attached hosts, and their costs, that should be advertised as reachable from this router. List point-to-point interfaces here.
Defines the interfaces used by OSPF. If the keyword nobroadcast is specified, the interface connects to a nonbroadcast multiple access (NBMA) network. If nobroadcast is not used, the interface connects to a broadcast or a point-to-point network. Specify the cost of the interface with the cost keyword, e.g., cost 5. The default cost is 1. Two options are specific to NBMA interfaces:
Defines the time interval at which OSPF HELLO packets are sent to neighbors.
Lists all neighbors by address. The eligible keyword indicates if the neighbor can become a designated router.
All interfacesNBMA and broadcastcan use these parameters:
Enables or disables the interface.
Defines the number of seconds between link-state advertisement retransmissions.
Defines the estimated number of seconds required to transmit a link-state update over this interface. It must be greater than 0.
Defines this system's priority for the designated router election. priority is a number from 0 to 255. The router with the highest priority becomes the designated router. A router whose priority is 0 is ineligible to become the designated router. See Chapter 7 for a discussion of designated routers.
Defines the number of seconds between transmissions of HELLO packets.
Defines the timeout before a neighbor is declared down. time is the maximum number of seconds this router will wait for a neighbor's HELLO packet.
Defines the type of authentication used to authenticate OSPF packets. none selects no authentication. simple selects password authentication. The password is specified as one to eight decimal digits separated by periods, a one- to eight-byte hexadecimal string preceded by 0x, or a one- to eight-character string in double quotes. md5 selects MD5 authentication. key is a valid MD5 cryptographic key.
Defines a virtual link for the backbone area. The router_id is the router identifier of the remote router at the other end of the virtual link. The transit area must be one of the other areas configured on this system. All standard interface parameters defined above may be specified on a virtual link.
rip yes | no | on | off [ { broadcast ; nobroadcast ; nocheckzero ; preference preference ; defaultmetric metric ; query authentication [none | [simple | md5 password]] ; interface interface_list [noripin] | [ripin] [noripout] | [ripout] [metricin metric] [metricout metric] [version 1 | 2 [multicast | broadcast]] [[secondary] authentication [none | [simple | md5 password]] ; trustedgateways gateway_list ; sourcegateways gateway_list ; traceoptions trace_options ; } ] ;
The rip statement enables or disables RIP. By default RIP is enabled. The rip statement options are:
Forces gated to broadcast RIP update packets even if the system has only one network interface. By default, RIP updates are not broadcast if the system has only one network interface and are broadcast if it has more than one network interface; i.e., hosts do not broadcast updates and routers do.
Forces gated to not broadcast RIP update packets even if the system has more than one network interface. If a sourcegateways clause is present, routes are still unicast directly to that gateway. See sourcegateways later in this section.
Specifies that gated should not reject incoming version 1 RIP packets where the reserved fields are 0. Rejecting those packets is standard practice.
Sets the gated preference for routes learned from RIP. The default preference for these routes is 100.
Defines the metric used when advertising routes via RIP that were learned from other protocols. The default metric is 16, which to RIP indicates an unusable route. This means that by default, routes learned from other protocols are not advertised as valid routes by RIP. Set a lower value only if you want all routes learned from other protocols advertised at that metric.
Specifies the authentication used for nonrouter query packets. The default is none. If simple is specified, the key is a 16-byte password. If md5 is specified, the key is a 16-byte value used with the packet contents to generate a Message Digest 5 cryptographic checksum.
Identifies the interfaces over which RIP runs and defines the configuration parameters of those interfaces. The interface_list can contain interface names, hostnames, IP addresses, or the keyword all. Possible parameters are:
Tells system to ignore RIP packets received on this interface. The default is to listen to RIP packets on all nonloopback interfaces.
Tells system to listen to RIP packets received on this interface. This is the default.
Tells system not to send RIP packets out this interface. The default is to send RIP on all broadcast and nonbroadcast interfaces when in broadcast mode. See the nobroadcast option defined earlier in this list.
Tells system to send RIP packets out this interface. This is the default.
Specifies the RIP metric used for routes received on this interface. The default is the kernel interface metric plus 1, which is the default RIP hop count. If this metric is specified, it is used as the absolute value and is not added to the kernel metric.
Specifies the RIP metric added to routes sent out this interface. The default is 0. This option can only increase the metric.
Identifies the version of RIP used for updates sent out this interface. Available versions are RIP 1 and RIP 2. RIP 1 is the default. If RIP 2 is specified and IP multicast is supported, full version 2 packets are sent via multicast. If multicast is not available, version 1-compatible version 2 packets are sent via broadcast. The keyword multicast, the default, specifies this behavior. The keyword broadcast specifies that RIP version 1-compatible version 2 packets should be broadcast on this interface, even if IP multicast is available. Neither keyword is used with version 1.
Defines the RIP version 2 authentication used on this interface. The default authentication type is none. If simple is specified, the key is a 16-byte password. If md5 is specified, the key is a 16-byte value used with the packet contents to generate a Message Digest 5 cryptographic checksum. If secondary is specified, this defines the secondary authentication type. Packets are always sent using the primary authentication technique. The secondary authentication type is defined only for incoming packets. Inbound packets are checked against both the primary and secondary authentication methods before being discarded as invalid.
Defines the list of gateways from which RIP accepts updates. The gateway_list is simply a list of hostnames or IP addresses. By default, all gateways on the shared network are trusted to supply routing information. But if the trustedgateways statement is used, only updates from the gateways in the list are accepted.
Defines a list of gateways to which RIP sends packets directly. By default, RIP packets are broadcast or multicast to several systems on the shared network, but if this statement is used, RIP unicasts packets directly to the listed gateways.
Defines tracing for RIP. RIP supports most of the standard tracing options as well as these packet-tracing options:
Traces all RIP packets.
Traces the RIP information request packets, such as REQUEST, POLL, and POLLENTRY.
Traces all RIP RESPONSE packets.
Traces any other type of RIP packet.
isis on | off { [ area areaid ; ] [ area auth simple key ; ] [ domain auth simple key ; ] [ domain-wide on | off ; ] [ export-defaults ; ] [ export-defaults level 1 | 2 ; ] [ export-defaults metric metric | inherit ; ] [ export-defaults metric-type internal | external ; ] [ external preference preference ; ] [ level 1 | 2 | 1 and 2 ; ] [ interface name | address [ { [ enable | disable ; ] [ auth simple key ; ] [ csn-interval interval [ level 1 | 2 | 1 and 2 ] ; ] [ dis-hello-interval interval [ level 1 | 2 | 1 and 2 ] ; ] [ encap [ iso | ip ] ; ] [ hello-interval interval [ level 1 | 2 | 1 and 2 ] ; ] [ hello-multiplier number [ level 1 | 2 | 1 and 2 ] ; ] [ lsp-interval interval ; ] [ level 1 | 2 | 1 and 2 ; ] [ max-burst number ; ] [ metric metric [ level 1 | 2 | 1 and 2 ] ; ] [ passive on | off ; ] [ priority priority [ level 1 | 2 | 1 and 2 ] ; ] [ retransmit-interval interval ; ] } ] ; ] [ overload-bit on | off ; ] [ preference preference ; ] [ psn-interval intervalt ; ] [ require-snp-auth on | off ; ] [ ribs unicast | unicast multicast ; ] [ spf-interval interval ; ] [ inet6 on | off ; ] [ summary-originate [ inet | inet6 ] { [network (mask mask | masklen n ) metric cost-value ; ] } ; ] [ summary-filter [ inet | inet6 ] { [network mask mask | masklen number ; ] } ; ] [ systemid systemid ; ] [ traceoptions traceoptions ; ] [ config-time seconds ; ] [ es-config-time seconds ; ] [ hold-time seconds ; ] };
The isis statement enables the IS-IS protocol. By default, it is disabled. The options that may appear in the isis statement are:
Adds area addresses to those configured automatically from the circuits. IS-IS area addresses are automatically configured based on the real circuits over which IS-IS runs. Up to three areas can be added using area statements.
Enables authentication for level 1 routing and selects the key. The format for key is one to eight decimal digits separated by periods, a one- to eight-byte hexadecimal string preceded by 0x, or a one- to eight-character string in double quotes. The same key format is used throughout the isis statement.
Enables authentication and selects the key for level 2 routing.
Sets the protocol level used for exported routes. By default, a level 1 router exports at level 1, and a level 2 router supports both level 1 and 2.
Defines the default metric used on routes exported as IS-IS from another protocol. The default is to use the metric already contained in the route, which is indicated by the inherit keyword.
Defines the type of the metric used on routes exported as IS-IS from another protocol. The default is internal.
Defines the preference of external routes learned from IS-IS. The default preference is 151.
Sets the protocol level for this intermediate system. A level 1 system is an intra-area router. A level 1 system cannot have any level 2 interfaces. A level 2 system is an inter-area router, and it cannot have any level 1 interfaces. A level 1 and 2 system may have level 1, level 2, and level 1 and 2 interfaces. Additionally, individual options relating to protocol settings can be specified as level 1, level 2 or level 1 and 2 depending on the specific level for which the option is being set when the system supports level 1 and 2. The default is level 1 and 2.
Identifies the interfaces on which to run IS-IS. The default is all. The following options can be set for each interface:
enable or disable the interface. The default is enable.
Enables authentication and selects the authentication key for this interface.
Sets the interval at which this system will multicast CSN packets if it is elected the Designated Intermediate System (DIS). The interval can be from 1 to 100 seconds.
Sets the interval at which this system will send hello messages if it is elected the DIS. The interval can be from 1 to 100 seconds.
Selects the type of encapsulation used. The default is ip.
Defines the interval at which hello packets are sent on the interface. interval can be from 1 to 300 seconds.
Defines the number of hello packets that must be missed before a neighbor is considered "down." Thus if number is set to 3 and no hello packets are received from a neighbor in the amount of time in which three hello packets are normally received, the neighbor is considered down. number can be from 1 to 100.
Defines the interval at which LSP packets are sent on the interface.
Defines the protocol level used on this interface.
Defines the maximum number of packets that can be sent in a burst.
Defines the cost associated with this interface.
Indicates whether this interface should be treated as an active or passive interface.
Sets the priority number used for the DIS election. priority is a value from 1 to 127.
Defines the interval at which packets are retransmitted on the interface.
Enables or disables use of the overload bit.
Sets the gated preference for IS-IS routes. The default is 11.
Defines how often PSN packets are sent by this system. interval can be 1 to 20 seconds.
Defines the routing information base format used for IS-IS routes. The default is unicast.
Defines the amount of time to wait for more changes to occur before recalculating the routing table. interval can be from 1 to 60 seconds.
Enables support for IPv6 routing.
Defines how level 1 routes are summarized in this system's routing information base for level 2 routing. summary-originate is used only if this system is a level 2 router. network identifies the level 1 address received, and the network mask, defined as either a mask or a numeric mask length, aggregates the routes.
Defines how level 1 routes are summarized when this system advertises them through level 2 routing. summary-filter is used only if this system is a level 2 router.
Defines the IS-IS system ID. If no system identifier is specified, the system ID portion of the first circuit's NSAP address is used.
Defines the trace options used for IS-IS. The default is none.
bgp yes | no | on | off [{ preference preference ; defaultmetric metric ; traceoptions trace_options ; group type external peeras as_number | internal peeras as_number | igp peeras as_number proto proto | routing peeras as_number proto proto interface interface_list | test peeras as_number { allow { address mask mask | masklen number all host address } ; peer address [metricout metric] [localas as_number] [nogendefault] [gateway address] [preference preference] [preference2 preference] [lcladdr address] [holdtime time] [version number] [passive] [sendbuffer number] [recvbuffer number] [indelay time] [outdelay time] [keep all | none] [showwarnings] [noaggregatorid] [keepalivesalways] [v3asloopokay] [nov4asloop] [logupdown] [ttl ttl] [traceoptions trace_options] ; } ; }] ;
This statement enables or disables BGP. By default, BGP is disabled. The default preference is 170. By default, BGP does not advertise a metric. Unlike the RIP metric, the BGP metric does not play a primary role in determining the best route. The BGP metric is simply an arbitrary 16-bit value that can be used as one criterion for choosing a route. The defaultmetric statement can be used to define a metric that BGP will use when advertising routes.
Trace options can be specified for all of BGP or for individual BGP peers. BGP supports most of the standard trace options as well as the following:
Traces all BGP packets. Traces BGP OPEN packets. Traces BGP UPDATE packets. Traces BGP KEEPALIVE packets.
BGP peers must be members of a group. The group statement declares the group, defines which peers are members of the group, and defines the group "type." Multiple group statements may be specified, but each must have a unique combination of type and autonomous system number. There are five possible group types:
Specifies that BGP will run as a classic exterior gateway protocol. The peers listed in this group are members of an external autonomous system. Full policy checking is applied to all incoming and outgoing routes.
Specifies that BGP will be used to distribute routes to an internal group that has no traditional interior gateway protocol. Routes received from external BGP peers are re-advertised to this group with the received metric.
Specifies that BGP will be used to distribute path attributes to an internal group that runs an interior gateway protocol. BGP advertises the AS path, path origin, and transitive optional attributes if the path attributes are provided by the IGP's tag mechanism. proto is the name of the interior gateway protocol, e.g., proto ospf.
Specifies that BGP will be used internally to carry external routes, while an interior gateway protocol is used to carry only internal routes. Normally the routes learned by BGP from external autonomous systems are written in the routing table where they are picked up and distributed by an interior protocol to the local autonomous system. For this type of group, BGP distributes the external routes itself, and the interior protocol is limited to distributing only those routes that are interior to the local autonomous system. proto is the name of the interior protocol.
Specifies that the members of this group are test peers. All routing information exchanged by test peers is discarded.
A group clause contains peer subclauses. Any number of peer subclauses may belong to a group. Peers are specified explicitly with a peer statement, or implicitly with the allow statement.
Any peer whose address is contained in the specified address range is a member of the group. The keyword all matches all possible addresses. The keyword host precedes an individual host address. The address and mask pairs define a range of addresses. Network masks can be defined with the keyword mask and an address mask written in dotted decimal notation, or with the keyword masklen and the prefix length written as a decimal number. All parameters for these peers must be defined in the group clause.
The peer identified by address is a member of the group.
The BGP peer subclause allows the following parameters, which can also be specified on the group clause. If placed on the group clause, the parameters affect all peers in the group. The available options are:
Defines the primary metric for routes sent to the peer. This overrides the default metric, a metric specified on the group, and any metric specified by export policy.
Defines the local system's autonomous system number (asn). The default is to use the asn defined in the autonomoussystem statement.
Prevents gated from generating a default route when BGP peers with this neighbor, even if gendefault is set in the options directive statement.
Identifies the next-hop gateway through which packets for this peer are routed. Use this only if the neighbor does not share a network with the local system. This option is rarely needed.
Defines the preference used for routes learned from this peer, which permits gated to prefer routes from one peer, or group of peers, over another.
Defines the "second" preference. In the case of a preference tie, the second preference is used to break the tie. The default value is 0.
Defines the address of the local interface used to communicate with this neighbor.
Defines the number of seconds the peer should wait for a keepalive, update, or notification message before closing the connection. The value is sent to the peer in the Hold Time field of the BGP Open message. The value must be either 0 (no keepalives will be sent) or at least 3.
Identifies the version of the BGP protocol to use with this peer. By default, the version is negotiated when the connection is opened. Currently supported versions are 2, 3, and 4.
Specifies that gated should wait for the peer to issue an OPEN. By default, gated periodically sends OPEN messages until the peer responds.
Defines the size of the send and receive buffers. The default is 65535 bytes, which is the maximum. These parameters are not used on normally functioning systems.
Implements "route dampening." indelay defines the number of seconds a route must be stable before it is accepted. outdelay is the number of seconds a route must be present in the gated routing database before it is exported to this peer. The default value for each is 0, meaning that these features are disabled. Use this only if the routing table is fluctuating so rapidly it is unstable.
Tells the system to retain routes learned from this peer even if the routes' AS paths contain our local AS number. Normally, routes that contain the local AS number are discarded as potential routing loops.
Tells the system to issue warning messages for events, such as duplicate routes, that are normally "silently ignored."
Sets the routerid in the aggregator attribute to 0. By default, it is set to the router identifier. Use this to prevent this router from creating aggregate routes with AS paths that differ from other routers in the AS.
Instructs the system to send a keepalive even when an update could have correctly substituted for one. Used for interoperability with some routers.
Allows advertisement of a route with a loop in the AS path (i.e., with an AS appearing more than once in the path) to version 3 external peers.
Prevents a route with a loop in the AS path from being advertised to version 4 external peers. Used to avoid passing such routes to a peer that incorrectly forwards them to version 3 neighbors.
Logs every time a BGP peer enters or leaves the ESTABLISHED state.
Defines the IP ttl for local neighbors. By default it is set to 1. Use this option if the local neighbor discards packets sent with a ttl of 1. Not all Unix kernels allow the ttl to be specified for TCP connections.
The BGP trace options were covered previously.
egp yes | no | on | off [{ preference preference ; defaultmetric metric ; packetsize maxpacketsize ; traceoptions trace_options ; group [peeras as_number] [localas as_number] [maxup number] { neighbor address [metricout metric] [preference preference] [preference2 preference] [ttl ttl] [nogendefault] [importdefault] [exportdefault] [gateway address] [lcladdr address] [sourcenet network] [minhello | p1 interval] [minpoll | p2 interval] [traceoptions trace_options] ; } ; }] ;
This statement enables or disables EGP. By default, EGP is disabled. The default metric for announcing routes via EGP is 255, and the default preference for routes learned from EGP is 200.
The packetsize argument defines the size of the largest EGP packet that will be sent or accepted. maxpacketsize is the size in bytes. The default is 8192 bytes. If gated receives a packet larger than maxpacketsize, the packet is discarded, but maxpacketsize is increased to the size of the larger packet so that future packets won't have to be discarded.
The traceoptions statement defines the tracing for EGP. Tracing can be specified for the EGP protocol or for an individual EGP neighbor. The EGP trace options are:
Traces all EGP packets.
Traces EGP HELLO/I-HEARD-U packets.
Traces EGP ACQUIRE/CEASE packets.
Traces EGP POLL/UPDATE packets.
The egp statement has two clauses: the group clause and the neighbor clause. EGP neighbors must be part of a group, and all of the neighbors in a group must be members of the same autonomous system. Use the group clause to define parameters for a group of EGP neighbors. Values set in a group clause apply to all neighbor clauses in the group. There can be multiple group clauses. The following parameters are set by the group clause:
Identifies the autonomous system number of the autonomous system to which the members of the group belong. If not specified, this number is learned from the neighbors.
Defines the local system's autonomous system number. The default is to use the asn defined in the autonomoussystem statement.
Defines the number of EGP neighbors that gated is to acquire. The default is to acquire all listed neighbors.
The neighbor clause defines one EGP neighbor. The only part of the clause that is required is the address argument, which is the hostname or IP address of the neighbor. All other parameters are optional. All of these optional parameters can also be specified in the group clause if you want to apply the parameter to all neighbors. The neighbor clause parameters are:
Used for all routes sent to this neighbor. This value overrides the defaultmetric value set in the egp statement, but only for this specific neighbor.
Defines the preference used for routes learned from this neighbor, which permits gated to prefer routes from one neighbor, or group of neighbors, over another.
Defines the "second" preference. In the case of a preference tie, the second preference is used to break the tie. The default value is 0.
Defines the IP ttl for local neighbors. By default, it is set to 1. Use this option if the local neighbor discards packets sent with a ttl of 1.
Prevents gated from generating a default route when EGP peers with this neighbor, even if gendefault is set in the options directive statement.
Tells the system to accept the default route if it is included in this neighbor's EGP update. By default, it is ignored.
Tells the system to send the default route in EGP updates to this EGP neighbor. Normally a default route is not included in an EGP update.
Identifies the next-hop gateway through which packets for this neighbor are routed. Use this only if the neighbor does not share a network with the local system. This option is rarely needed.
Defines the address of the local interface used to communicate with the neighbor.
Changes the network queried in EGP POLL packets. By default, this is the shared network. However, if the neighbor does not share a network with your system, the neighbor's network address should be specified here. This parameter is normally not needed. Do not use it if you share a network with the EGP neighbor.
Sets the interval between the transmission of EGP HELLO packets. The default HELLO interval is 30 seconds. If the neighbor fails to respond to three HELLO packets, the system stops trying to acquire the neighbor. Setting a larger interval gives the neighbor a better chance to respond. The interval can be defined as seconds, minutes:seconds, or hours:minutes:seconds. For example, a 3-minute