The Zebra Suite
Zebra Daemons
Zebra uses a number of routing daemons in addition to the zebra manager daemon. The router daemons can exist on systems separate from the manager daemon, allowing for a more modular architecture. Each of these daemons listens on a particular port for incoming VTY connections. The routing daemons include:
In addition to these routing daemons, Zebra includes the routing manager daemon, zebra.
The following sections detail commands common for all of the routing daemons.
Daemon Configurations
Configuration files allow users to write debugging options, edit VTY passwords, change routing daemon configurations, and edit logfile names. This information forms the initial command set for a routing process as it starts.
Configuration files are generally located in:
Each of these daemons uses its own configuration file. For example, Zebra's default configuration file is:
/usr/zebra/etc/zebra.conf
The daemon name plus .conf is the default configuration file name for the router daemon. To specify a configuration file, use the -f or
--config-file options when starting the daemon.
Basic Configuration Commands
The following table shows the basic configuration commands:
Basic Configuration Commands
| Command |
Description |
|
|
Set hostname of the router. |
|
|
Set password for VTY interface. If there is no password, VTY refuses connections. |
|
|
Set enable password. |
|
|
Set login output to stdout. |
|
|
To log into a file, specify FILENAME as follows: log file /usr/zebra/etc/bgpd.log |
|
|
Set login output to syslog. |
|
|
Display the current configuration of the VTY interface. |
|
|
Write current configuration to the configuration file. |
|
|
Change to configuration mode. This command is the first step in configuring Zebra. |
|
|
Set terminal display length to 0-512 If length is 0, no display control is performed. |
|
|
Display user on VTY. |
|
|
List commands. |
service password-encryption
|
Encrypt password. |
|
|
Enable advanced mode VTY. |
service terminal-length
0-512
|
Set system wide line configuration. This configuration command applies to all VTY interfaces. |
|
|
Show the current version of Zebra and the build host information. |
|
|
Enter VTY configuration mode. |
|
|
Set or disable motd banner string printing. |
exec-timeout MINUTE SECOND
|
Set VTY connection timeout value. When only one argument is specified, that value is used for timeout in seconds. Default timeout value is 10 minutes. If the timeout value is set to zero, there is no timeout.
no-exec-timeout prevents connection timeout, and is the same as exec-timeout 0 0. |
|
|
Restrict VTY connections with an access list. |
Sample Configuration File
The following is a sample configuration for the zebra daemon. The ! and # are comment characters. If either of these are the first character of the line, the entire line is ignored. In the example below, the password is set to zebra.
# Zebra configuration file
Common Invocation Options
These options are common to all Zebra daemons:
Common Invocation Options
| Option |
Description |
|
|
Run in daemon mode.
|
-f FILE
--config_file=FILE
|
Set configuration file name.
|
|
|
Set the VTY port number. |
|
|
Print program version.
|
Virtual Terminal Interfaces
VTY - Virtual Terminal (aka TeletYpe) Interface is a Command Line Interface (CLI) used to change and/or view the current configuration.
VTY stands for Virtual TeletYpe interface. With VTY, users can connect to the daemon via the telnet protocol. VTY can only be accessed if there is a password set. If no password is set on the system, the VTY interface refuses connection.
Escape character is '^]'.
Hello, this is zebra (version 0.88)
Copyright 1997-2000 Kunihiro Ishiguro
User Access Verification
The key ? is used to look up commands.
enable Turn on privileged commands
exit Exit current mode and down to previous mode
help Description of the interactive help system
show Show running system information
who Display who is on a vty
Router#
configure terminal
Router(config)#
interface eth0
Router(config-if)#
ip address 10.0.0.1/8
VTY Modes
There are three basic VTY modes:
- VTY View Mode - Read-only
- VTY Enable Mode - Read-write
- VTY Other Modes - Special modes (tftp, etc)
Certain commands are restricted to specific VTY modes.
VTY View Mode
This mode is for read-only access to the Command Line Interface (CLI). Users can exit the mode by leaving the system or by entering Enable mode.
VTY Enable Mode
This mode is for read-write access to the CLI. Users can exit the mode by leaving the system or by escaping to View mode.
VTY Other Modes
This mode is used for describing other modes.
VTY CLI Commands
These commands are described in the following three subsections.
- CLI Movement Commands - Cursor movement
- CLI Editing Commands - Changing text
- CLI Advanced Commands - Other commands and session management
CLI Movement Commands
Default Emacs key combinations are used to move the CLI cursor.
Note: The Meta key varies on different systems with different keyboards. Typically, Meta is configured to the Alt key, however it can also be configured to Esc.
|
CLI Movement Commands
| Command |
Description |
| Ctrl-F
Right arrow |
Move forward (right) one character |
| Ctrl-B
Left arrow |
Move backward (left) one character
|
| Meta-F |
Move forward one word |
| Meta-B |
Move backward one word |
| Ctrl-A |
Move to the beginning of the line |
| Ctrl-E |
Move to the end of the line |
CLI Editing Commands
These commands are used for editing text on a line
Note: The Meta key varies on different systems with different keyboards. Typically, Meta is configured to the Alt key, however it can also be configured to Esc.
|
CLI Editing Commands
| Command |
Description |
| Ctrl-H Del |
Delete the character before cursor |
| Ctrl-D |
Delete the character after cursor |
| Meta-D |
Forward kill word |
| Ctrl-W |
Backward kill word |
| Ctrl-K |
Kill to the end of the line |
| Ctrl-U |
Kill line from the beginning, erasing input |
| Ctrl-T |
Transpose character |
CLI Advanced Commands
There are several additional CLI commands for command line completions: "insta-help" and VTY session management.
CLI Advanced Commands
| Command |
Description |
| Ctrl-C |
Interrupt current input and move to the next line |
| Ctrl-Z |
End current configuration session and move to top node |
| Ctrl-N
Down arrow |
Move down to next line in the history buffer |
| Ctrl-P
Up arrow |
Move up to previous line in the history buffer |
| Tab |
Use command line completion |
Users can use command line help by typing help at the beginning of the line. Typing ? at any point in the line displays possible completions of the command.
The zebra Daemon
zebra is the routing manager daemon that provides kernel routing table updates, interface lookups, and redistribution of routes between different routing protocols.
Invoking zebra
Besides the common invocation options (see "Common Invocation Options"), there are zebra-specific invocation options:
zebra Command Options
| Command |
Description |
|
|
Runs in batch mode. zebra parses the configuration file and terminates immediately. |
|
|
When zebra starts, old inserted routes are retained. |
|
|
Set verbose logging on. |
|
|
When program terminates, retain routes added by zebra. |
zebra Interface Commands
The following table details interface commands for the zebra daemon. Before using these interface commands, users must first set the interface on which to issue commands. To set the interface, use this command:
where IFNAME is the name of the interface. After the interface is set, users can issue these commands:
zebra Interface Commands
| Command |
Description |
|
|
Shutdown, or disable shutdown of current interface. |
|
|
Set IP address for the interface. |
description DESCRIPTION ...
|
Set description for the interface. |
|
|
Enable or disable multicast flags for the interface. |
|
|
Set bandwidth value for the interface. This is used in calculating OSPF cost. This command does not set actual device configurations. |
zebra Static Route Commands
The following table shows the commands used in Static Routes.
Static Route Commands
| Command |
Description |
|
|
Select the primary kernel routing table to be used. This only works for kernels supporting multiple routing tables (Linux 2.2.x, for example). |
| ip route NETWORK GATEWAY |
Sets the gateway for ip route |
ipv6 route NETWORK GATEWAY
|
Sets the gateway for an IPv6 route |
zebra Terminal Mode Commands
The following table shows terminal mode commands for zebra:
zebra Terminal Mode Commands
| Command |
Description |
| show ip route |
Display current routes in the zebra database:
Codes: K - kernel route, C - connected, S -
static, R - RIP, B - BGP * - FIB route.
K* 0.0.0.0/0 203.181.89.241
C* 203.181.89.240/28 eth0 |
| show interface |
Display current interface |
| show ipv6 route |
Display current IPv6 route |
| show ipforward |
Display whether the host IP forwarding function is enabled or not. Almost any UNIX kernel can be configured with IP forwarding disabled. If so, the system is unable to function as a router. |
| show ipv6forward |
Display whether IPv6 host forwarding is enabled or not. |
ripd
RIP - Routing Information Protocol is a widely deployed Interior Gateway Protocol (IGP). RIP was developed in the 1970s at Xerox Labs as part of the XNS routing protocol. RIP is a distance-vector protocol based on the Bellman-Ford algorithms. As a distance-vector protocol, the RIP router sends periodic updates to its neighbors, allowing the convergence of a known topology. In each update, the distance to any given network is broadcasted to its neighboring router.
ripd supports RIP v2 as described in RFC2453 and RIP v1 as described in RFC1058
Starting and Stopping ripd
The default configuration file name of ripd is ripd.conf. The ripd daemon searches the current local directory and /usr/zebra/etc for configuration files.
RIP uses port 521 to send and receive RIP packets, so the user must have the capability to bind this port. Generally, this means that the user must have superuser privileges. The RIP protocol requires interface information maintained by the zebra daemon. zebra must be running before starting ripd.
Start zebra and ripd by typing:
Stop ripd with the kill command. Find the Process ID (pid) and kill the daemon with the following commands:
Some signals can be used to configure ripd:
- SIGHUP
Reload configuration file ripd.conf. All configurations are reset. All "learned" routes are removed from the routing table.
- SIGUSR1
Rotate ripd logfile
- SIGINT
ripd sends signal interrupt
- SIGTERM
ripd sweeps all installed RIP routes from the Zebra routing table and then terminates.
In addition to the Common Invocation Options (see "Common Invocation Options"), ripd uses the following command options:
ripd Command Options
| Command |
Description |
| -r --retain |
When the program terminates, retain manually marked routes in the Zebra Routing Table that were added by ripd. |
RIP Netmask
The netmask feature of ripd supports both v1 and v2 of RIP. RIP v1 does not contain any netmask information. Rather, network classes are used to determine the size of the netmask. Class A networks are assigned an 8 bit mask, Class B networks are assigned a 16 bit mask, and Class C networks are assigned a 24 bit mask. Typically, network masks are assigned to a packet based on the interface that receives the packet.
RIP v2 supports a variable length subnet mask (VLSM). By extending the subnet mask, the mask can be divided and reused. Each subnet can be used for different purposes, such as large and mid-sized LANs and WAN links. ripd for Zebra does not support the non-sequential netmasks included in RIP v2.
In a case of similar information with the same prefix and metric, the old information is suppressed. ripd does not currently support equal cost multipath routing.
RIP Configuration
The following table details RIP configuration commands:
RIP Configuration Commands
| Command |
Description |
|
|
The router rip command is used to enable RIP. To disable RIP, use the no router rip command. RIP must be enabled before carrying out any of the RIP commands.
|
|
|
RIP can be configured to process either RIP v1 or RIP v2 packets, the default mode is RIP v2. If no version is specified, then the RIP process defaults to RIP v2. In the case that RIP is set to v1, the setting "Version 1" is displayed. However, the setting "Version 2" is not displayed when RIP v2 is set explicitly or non-explicitly. |
|
|
Set the RIP enabled interface to NETWORK. The interface with matching NETWORK addresses are enabled. These commands either enable or disable RIP interfaces between certain specified network address. For example, if the network for 10.0.0.0/24 is RIP enabled, all addresses from 10.0.0.0 to 10.0.0.255 would be enabled for RIP. The no network command disables RIP for the specified network. |
|
|
Set RIP-enabled interface to IFNAME. Both the sending and receiving of RIP packets are enabled on the specified port. The no network IFNAME command disables RIP on the specified interface. |
|
|
Specify RIP neighbor. If a neighbor doesn't support multicast, this command is used to specify neighbors. In some cases, not all routers are able to understand multicasting (where packets are sent to a network or a group of addresses). In a situation where a neighbor cannot process multicast routing, it is necessary to establish a direct link between routers. The neighbor command allows the network administrator to specify a router as a RIP neighbor. The no neighbor A.B.C.D command disables the RIP neighbor. |
Below is a simple RIP configuration. Interface eth0 and any interfaces that match 10.0.0.0/8 are RIP-enabled.
Passive Interface Commands
The following table details commands used for setting passive interfaces:
Passive Interface Commands
| Command |
Description |
no passive-interface IFNAME
|
This command sets the specified interface to passive mode. When passive mode is set, all receiving packets are processed as normal. ripd does not multicast or unicast RIP packets, except in the case where an RIP neighbor is specified. |
|
|
Set the RIP process version. VERSION can be 1 or 2 |
ip rip send version VERSION
|
VERSION can be 1, 2, 1 2. This configuration command overrides the routers RIP VERSION setting. This command enables the selected interface to send packets with RIP v1, RIP v2, or both. In the case of 1 2, packets are both broadcast and multicast. |
ip rip receive version VERSION
|
Version setting for incoming RIP packets. This command enables the selected interface to receive packets in RIP v1, RIP v2, or both. |
RIP split-horizon Command
The split-horizon command improves RIP convergence by preventing the router from advertising routes back to a neighbor that advertised the route first. The table below describes the command used in RIP split-horizon.
RIP split-horizon Command
| Command |
Description |
|
no ip split-horizon |
Control split-horizon on the interface. Default is ip split-horizon. If split-horizon is not performed on the interface, specify no ip split-horizon. |
Announcing RIP Routes Commands
The following table describes commands used in announcing RIP routes:
Announcing RIP Route Commands
| Command |
Description |
redistribute kernel metric 0-16
kernel route-map ROUTE-MAP
|
redistribute kernel redistributes routing information from a kernel route entry into the RIP tables. no redistribute kernel disables the route. |
redistribute static metric 0-16
redistribute static route-map ROUTE-MAP
|
redistributes static redistributes routing information from a static route entry into the RIP tables. no redistribute static disables the route. |
redistribute connected metric 0-16
redistribute connected route-map ROUTE-MAP
no redistribute connected
|
Redistributes a connected route into the RIP tables. This command disables connected routes in the RIP tables. The connected route on RIP enabled interface is announced in default. |
redistribute ospf metric 0-16
|
redistribute ospf redistributes routing information from an OSPF route entry into the RIP tables. no redistribute ospf disables the route. |
redistribute bgp metric 0-16
redistribute bgp route-map ROUTE-MAP
|
redistribute bgp redistributes routing information from a bgp route entry into the RIP tables. no redistribute bgp disables the route. |
RIP-only Static Route Command
The following table describes the command used to specify RIP-only static routes.
Static route Command
| Command |
Description |
|
|
This command is specific to Zebra. The route command makes a static route inside RIP only. This command should be used by advanced users who are already familiar with the RIP protocol. In most cases, it is recommended to create a static route in Zebra and redistribute it in RIP using redistribute static. |
RIP Route Filtering Commands
RIP routes can be filtered with the distribute-list command.
RIP Route Filtering Commands
| Command |
Description |
distribute-list ACCESS_LIST
DIRECT (in|out) IFNAME
|
You can apply access lists to the interface with a distribute-list command. ACCESS_LIST is the access list name. DIRECT is in or out. If DIRECT is in, the access list is applied to input packets.
The distribute-list command can be used to filter the RIP path. distribute-list can apply access lists to a chosen interface. Users should first specify the access list, then the name of the access list used in the distribute-list command. For example, in the following configuration, eth0 permits only the paths that match the route 10.0.0.0/8:
distribute-list private in eth0
access-list private permit 10 10.0.0.0/8
access-list private deny any
distribute-list can be applied to both incoming and outgoing data. |
distribute-list prefix PREFIX_LIST
DIRECT (in|out) IFNAME |
Users can apply prefix lists to the interface with a distribute-list command. PREFIX_LIST is the prefix list name. The second argument is the direction (in or out). If DIRECT is in the access list is applied to input packets. |
RIP Metric Manipulation Commands
The RIP metric is a value used to measure the distance of the network. ripd increments the metric when network information is received. The metric for redistributed routes is set to 1.
RIP Metric Manipulation Commands
| Command |
Description |
|
|
This command modifies default metric value for redistributed routes. The default value is 1. This command does not affect the connected route, even if it is redistributed by redistribute connected. To modify the connected route's metric value, use redistribute connected metric or route-map offset-list.
|
offset-list ACCESS-LIST (in|out)
|
Add a metric offset to ACCESS-LIST for incoming (in) or outgoing (out) routes. |
| offset-list ACCESS-LIST (in|out) IFNAME |
Add a metric offset to IFNAME (interface) in ACCESS-LIST for incoming (in) or outgoing (out) routes. |
RIP Distance Commands
The RIP distance value is used by the zebra daemon. The default RIP distance is set to 120. Distance is a measurement of administrative distances between hosts, which is used in selecting shorter and more reliable paths.
RIP Distance Commands
| Command |
Description |
|
|
Set default RIP distance to specified value. |
|
no distance 1-255 A.B.C.D/M |
Set default RIP distance to specified value when the route source IP address matches the specified prefix. |
distance 1-255 A.B.C.D/M ACCESS-LIST
no distance 1-255 A.B.C.D/M ACCESS-LIST |
Set default RIP distance to specified value when the route's source IP address matches the specified prefix and specified access-list. |
RIP route-map Command
The optional argument route-map MAP_NAME is added to each redistribute statement.
RIP route-map command
| Command |
Description |
redistribute static [route-map MAP_NAME]
redistribute connected [route-map MAP_NAME]
|
Controls the redistribution of routes between protocols. |
Cisco applies a route-map before routes that are exported to the RIP route table. In Zebra's current test implementation, ripd applies a route-map after routes listed in the route table and before routes are announced to the interface (through output filter).
The route-map statement is needed to use route-map functionality.
route-map Match Statement
The following tables describes route-map match statements:
route-map Match Statement
| Command |
Description |
| match metric METRIC |
Match if the route has this metric. |
match ip address ACCESS-LIST
|
Match if route destination is permitted by ACCESS-LIST. |
match ip next-hop A.B.C.D
|
Cisco uses the access-list ripd IPv4 address. Match if route has this next-hop (listed in the RIP route table). |
|
|
This match differs from the Cisco definition. Cisco uses a list of interfaces (NAME1 NAME2 ... NAMEN). ripd currently allows for only one name. The Cisco notation includes the next-hop of routes (similar to ip next-hop statement). ripd interprets interface NAME as where this route is sent. |
Route-map Set Statement
The following table describes route-map set statements:
route-map Set Statement
| Command |
Description |
|
|
Set a metric for the matched route when announcement is sent. The metric value range is large for compatibility reasons.
|
| set next-hop A.B.C.D |
Set next-hop field. |
RIP Authentication Commands
The following command describes RIP Authentication commands:
RIP Authentication Commands
| Command |
Description |
ip rip authentication mode md5
no ip rip authentication mode md5
|
Set the interface with RIPv2 md5 authentication.
|
ip rip authentication mode text
no ip rip authentication mode text |
Set the interface with RIPv2 simple password authentication.
|
ip rip authentication string STRING
no ip rip authentication string STRING |
By default, RIP v2 has simple text authentication. This command sets the authentication string. the string must be shorter than 16 characters. |
ip rip authentication key-chain KEY-CHAIN
no ip rip authentication key-chain KEY-CHAIN
|
Specify keyed md5 chain. ! key chain test key 1 key-string test ! interface eth1 ip rip authentication mode md5 ip rip authentication key-chain test ! |
RIP Timer Commands
The following table describes the commands used in setting RIP timers:
RIP Timer Commands
| Command |
Description |
| timers basic UPDATE TIMEOUT GARBAGE |
The RIP protocol has several timers. Users can configure the value of these timers with the timers basic command. The default settings for the timers are as follows:
The update timer defaults to 30 seconds. For each update, the RIP process sends an unsolicited response message containing the complete routing table to all neighboring RIP routers.
The timeout timer defaults to 180 seconds. Upon expiration of the timeout, the route is no longer valid. However, the route is retained in the routing table for a short period of time so neighbors can be notified that the route has been dropped.
The garbage collect timer defaults to 120 seconds. Upon expiration of the garbage-collection timer, the route is removed from the routing table.
The timers basic command allows the default values of the timers listed above to be changed. |
|
|
The no timers basic command resets the timers to the default settings listed above. |
RIP Display Commands
The following table describes commands used to display RIP routes and protocols:
RIP Display Commands
| Command |
Description |
|
|
This command displays all RIP routes. For routes received through RIP, this command displays the time the packet was sent and the tag information. This command also displays this information for routes redistributed into RIP. |
|
|
The command display current RIP status. It includes RIP timer, filtering, version, RIP enabled interface and RIP peer information.
ripd> show ip protocols Routing Protocol is "rip" Sending updates every 30 seconds with +/-50%, next due in 35 seconds Timeout after 180 seconds, garbage collect after 120 seconds Outgoing update filter list for all interface is not set Incoming update filter list for all interface is not set default redistribution metric is 1 Redistributing: kernel connected Default version control: send version 2, receive version 2 Interface Send Recv Routing for Networks: eth0 eth1 1.1.1.1 203.181.89.241 Routing Information Sources: Gateway BadPackets BadRoutes Distance Last Update |
RIP Debugging Commands
The following table describes RIP debug commands:
RIP Debugging Commands
| Command |
Description |
|
|
Debug RIP events.
debug rip shows RIP events, including packets sent and received, timers, and changes in interfaces. |
|
|
Debug RIP between zebra communication.
This command details the communication between ripd and zebra. This command displays the addition and deletion of paths to the kernel and the sending and receiving of interface information. |
|
|
Display RIP debugging option.
This command displays the information currently set for ripd debug.
|
ripngd
ripngd supports the RIPng protocol as described in RFC2080. It is an IPv6 incarnation of the RIP protocol.
Invoking ripngd
There are no ripngd-specific options, however, common options can be specified (see "Common Invocation Options").
ripngd Configuration
ripngd supports the following commands:
ripngd Configuration
| Command |
Description |
|
|
Enable RIPng. |
|
|
Set flush timer. |
|
|
Set RIPng enable interface by NETWORK |
|
|
SetRIPng Command: route NETWORK
Set RIPng static routing announcement of NETWORK. |
|
|
This command is the default and does not appear in the configuration. With this statement, RIPng routes go to the zebra daemon. |
ripngd Terminal Mode Commands
The following table lists the ripngd Terminal Mode Commands:
ripngd Terminal Mode Commands
| Command |
|
|
|
|
|
|
|
|
|
|
ripngd Filtering Commands
The following table describes commands used in ripngd filtering:
ripngd Filtering Commands
| Command |
Description |
distribute-list ACCESS_LIST (in|out) IFNAME
|
Users can apply an access-list to the interface using the distribute-list command. ACCESS_LIST is an access-list name. DIRECT is in or out. If DIRECT is in, the access-list is applied only to incoming packets. |
ospfd
ospfd provides an OSPF v2 routing protocol as described in RFC2178. OSPF is an IGP (Interior Gateway Protocol). Compared with RIP, OSPF can serve larger networks. In addition, its periods of convergence are shorter. OSPF is widely used in large networks, such as ISP backbones and enterprise networks.
Starting and Stopping ospfd
Start the ospfd daemon with this command:
#
ospfd -d
Note: zebra must be running before starting ospfd.
|
Stop ospfd with the kill command. Find the Process ID (pid) and kill the daemon with the following commands:
Configuring ospfd
There are no ospfd-specific options, however, common options can be specified (see "Common Invocation Options"). ospfd requires interface information from zebra. The zebra daemon must be running before invoking ospfd.
Like other daemons, ospfd is configured in the OSPF specific configuration file, ospfd.conf.
OSPF Router Commands
To start the OSPF process an OSPF router must be specified. As of this writing, ospfd does not support multiple OSPF processes.
OSPF Router Commands
| Command |
Description |
|
|
Enable or disable the OSPF process. ospfd does not yet support multiple OSPF processes, so specific process numbers cannot be specified. |
|
|
Enable or disable a fixed OSPF router IP address. |
|
|
TYPE can be: cisco ibm shortcut standard |
ospf rfc1583compatibility
no ospf rfc1583compatibility
passive interface INTERFACE
no passive interface INTERFACE
|
Enable or disable RFC1583-compatible preferences when choosing between multiple AS-external LSAs advertising the same destination. |
timers spf 0-4294967295 0-4294967295
|
Enable or disable OSPF timer. Time denoted in seconds. |
refresh group-limit 0-10000
refresh per-slice 0-10000
|
Refreshes (Link State Advertisement) LSA. Rate is in seconds. |
auto-cost reference-bandwidth 1-4294967
no auto-cost reference-bandwidth
|
Control OSPF default metrics based on reference-bandwidth. Rate is megabits per second. |
network A.B.C.D/M area A.B.C.D
network A.B.C.D/M area 0-4294967295
no network A.B.C.D/M area A.B.C.D
no network A.B.C.D/M area 0-4294967295
|
This command specifies the OSPF-enabled interface. If the interface has an address of 10.0.0.1/8, then the command below provides network information to the OSPF processes.
router ospf network 10.0.0.0/8 area 0
The network command mask length should be the same as the interface address mask. |
OSPF Area Commands
The following table describes commands used for setting OSPF area:
OSPF Area Commands
| Command |
area A.B.C.D range A.B.C.D/M
no area A.B.C.D range A.B.C.D/M
area 0-4294967295 range A.B.C.D/M
no area 0-4294967295 range A.B.C.D/M
|
area A.B.C.D range IPV4_PREFIX suppress
no area A.B.C.D range IPV4_PREFIX suppress
area A.B.C.D range IPV4_PREFIX suppress substitute IPV4_PREFIX
no area A.B.C.D range IPV4_PREFIX suppress substitute IPV4_PREFIX
|
area A.B.C.D virtual-link A.B.C.D
no area A.B.C.D virtual-link A.B.C.D
area 0-4294967295 virtual-link A.B.C.D
no area 0-4294967295 virtual-link A.B.C.D
|
area 0-4294967295 shortcut
no area 0-4294967295 shortcut
|
no area 0-4294967295 stub
|
area A.B.C.D stub no-summary
no area A.B.C.D stub no-summary
area 0-4294967295 stub no-summary
no area 0-4294967295 stub no-summary
|
area A.B.C.D default-cost 0-16777215
no area A.B.C.D default-cost 0-16777215
area 0-4294967295 default-cost 0-16777215
no area 0-4294967295 default-cost 0-16777215
|
area A.B.C.D export-list NAME
no area A.B.C.D export-list NAME
area 0-4294967295 export-list NAME
no area 0-4294967295 export-list NAME
|
area A.B.C.D import-list NAME
no area A.B.C.D import-list NAME
area 0-4294967295 import-list NAME
no area 0-4294967295 import-list NAME
|
area A.B.C.D authentication
no area A.B.C.D authentication
area 0-4294967295 authentication
no area 0-4294967295 authentication
|
area A.B.C.D authentication message-digest
area 0-4294967295 authentication message-digest
|
OSPF Interface Commands
OSPF Interface Commands
| Command |
Description |
ip ospf authentication-key AUTH_KEY
no ip ospf authentication-key
|
Set OSPF authentication key for a simple password. By setting AUTH_KEY, all OSPF packets are authenticated. AUTH_KEY can be up to 8 characters. |
ip ospf message-digest-key KEYID md5 KEY
no ip ospf message-digest-key
|
Set the OSPF authentication key for cryptographic password. The cryptographic algorithm is MD5. KEYID identifies the secret key used to create the message digest. KEY is the actual message-digest-key (up to 16 characters). |
|
|
Set link cost for specified interface. The cost value is set to router-LSA's metric field, and is used for SPF calculation. |
ip ospf dead-interval 1-65535
|
Set the number of seconds for RouterDeadInterval timer value used for the wait timer and inactivity timer. This value must be the same for all routers attached to a common network. The default value is 40 seconds. |
ip ospf hello-interval 1-65535
no ip ospf hello-intercal
|
Set number of seconds for hello-interval timer value. The value of hello-interval determines how often (in seconds) a Hello packet is sent on the specified interface. This value must be the same for all routers attached to a common network. The default value is 10 seconds. |
ip ospf network (broadcast|non-broadcast| point-to-multipoint|point-to-point)
|
Set explicit network type for specified interface. |
|
|
Set RouterPriority integer value. Setting a higher value allows the router to be eligible to become the Designated Router. Setting the value to 0 makes the router ineligible to be the Designated Router. The default value is 1. |
ip ospf retransmit-interval 1-65535
no ip ospf retransmit-interval
|
Set number of seconds for RxmtInterval timer value. This value is used when retransmitting Database Description and Link State Request packets. The default value is 5 seconds. |
no ip ospf transmit-delay
|
Set number of seconds for InfTransDelay value. The age of LSAs is incremented by this value when transmitting. The default value is 1 second. |
The following table describes OSPF interface commands:
OSPF Redistribute Route Commands
The following table describes commands used in redistributing routes to OSPF:
OSPF Redistribute Route Commands
| Command |
redistribute (kernel|connected|static|rip|bgp)
redistribute (kernel|connected|static|rip|bgp) ROUTE-MAP
redistribute (kernel|connected|static|rip|bgp) metric-type (1|2)
redistribute (kernel|connected|static|rip|bgp) metric-type (1|2) route-map WORD
redistribute (kernel|connected|static|rip|bgp) metric 0-16777214
redistribute (kernel|connected|static|rip|bgp) metric 0-16777214 route-map WORD
redistribute (kernel|connected|static|rip|bgp) metric-type (1|2) metric 0-16777214
redistribute (kernel|connected|static|rip|bgp) metric-type (1|2) metric 0-16777214 \ route-map WORD
no redistribute (kernel|connected|static|rip|bgp)
|
default-information originate
default-information originate metric 0-16777214
default-information originate metric 0-16777214 metric-type (1|2)
default-information originate metric 0-16777214 metric-type (1|2) route-map WORD
default-information originate always
default-information originate always metric 0-16777214
default-information originate always metric 0-16777214 metric-type (1|2)
default-information originate always metric 0-16777214 metric-type (1|2) route-map WORD
no default-information originate
distribute-list NAME out (kernel|connected|static|rip|ospf
no distribute-list NAME out (kernel|connected|static|rip|ospf
default-metric 0-16777214
|
distribute-list NAME out (kernel|connected|static|rip|ospf
no distribute-list NAME out (kernel|connected|static|rip|ospf
|
default-metric 0-16777214
|
|
|
distance ospf (intra-area|inter-area|external) 1-255
|
|
|
Displaying OSPF Information
The following table shows the commands used to display OPSF information.
Displaying OSPF Information
| Command |
|
|
show ip ospf interface INTERFACE
|
show ip ospf neighbor INTERFACE
show ip ospf neighbor detail
|
show ip ospf database (asbr-summary|external|network|router|summary)
|
show ip ospf database (asbr-summary|external|network|router|summary) LINK-STATE-ID
|
show ip ospf database (asbr-summary|external|network|router|summary) LINK-STATE-ID adv-router ADV-ROUTER
|
show ip ospf database (asbr-summary|external|network|router|summary) adv-router ADV-ROUTER
|
show ip ospf database (asbr-summary|external|network|router|summary) LINK-STATE-ID self-originate
|
show ip ospf database (asbr-summary|external|network|router|summary) self-originate
|
show ip ospf database max-age
|
show ip ospf database self-originate
|
|
|
|
|
OSPF Debugging Commands
The following table shows the commands used to debug OSPF:
OSPF Debugging Commands
| Command |
debug ospf packet (hello|dd|ls-request|ls-update|ls-ack|all) (send|recv) DETAIL
no debug ospf packet (hello|dd|ls-request|ls-update|ls-ack|all) (send|recv) DETAIL
|
debug ospf ism (status|events|timers)
no debug ospf ism (status|events|timers)
|
debug ospf nsm (status|events|timers)
no debug ospf nsm (status|events|timers)
|
debug ospf lsa (generate|flooding|refresh)
no debug ospf lsa (generate|flooding|refresh)
|
debug ospf zebra (interface|redistribute)
no debug ospf zebra (interface|redistribute)
|
|
|
bgpd
bgpd is a Border Gateway Protocol 4 (BGP-4) protocol daemon. BGP-4 is described in RFC1771. bgpd also supports Multiprotocol Extension for BGP-4 (sometimes known as BGP-4+ or MBGP) which is described in RFC2283.
BGP-4 is a primary EGP (Exterior Gateway Protocols) and is used for inter-domain routing.
Configuring bgpd
The default configuration file for bgpd is /usr/zebra/etc/bgpd.conf. All of the bgpd commands must be configured in bgpd.conf.
bgpd-specific invocation options are described below. Common options may also be specified (see "Common Invocation Options").
bgpd Options
| Option |
Description |
|
|
Set the BGP protocol's port number. |
|
--retain |
When program terminates, retain BGP routes added by zebra. |
BGP Router Commands
The BGP router must first be configured with the router bgp command. To configure the BGP router, an AS (Autonomous System) number is required. The AS number provides identification for an Autonomous System. The BGP protocol uses the AS number to detect whether the BGP connection is internal or external.
The AS number is a digit between 1 and 65535. Instructions on using the AS number are described in RFC1930. AS numbers 64512 through 65535 are reserved for private use. Private AS numbers must not to be advertised on the global Internet.
BGP Router Commands
| Command |
Description |
|
|
Enables a BGP protocol process with the specified AS-NUMBER. After this statement, users can input any BGP Commands. Different BGP processes cannot be created under a different AS-NUMBER without specifying multiple instances. |
|
|
Destroys a BGP protocol process with the specified AS-NUMBER |
|
|
This command specifies the router-id. If bgpd connects to zebra, it receives the interface and address information. In that case, the default router-id value is set to the largest IP Address of the interfaces. If the router zebra is disabled, bgpd can't receive interface information, so the router-id is set to 0.0.0.0. If this happens, the router-id must be set manually. |
BGP Peer Commands
The following table describes the commands used in setting BGP Peers:
BGP Peer Commands
| Command |
Description |
| neighbor PEER remote-as AS-NUMBER |
Creates a new neighbor whose remote-as is AS-NUMBER. PEER is an IPv4 address.
router bgp 1 neighbor 10.0.0.1 remote-as 2
In this case the router in AS-1 is trying to peer with AS-2 at 10.0.0.1.
This command must be the first command used when configuring a neighbor. If remote-as is not specified, bgpd responds with an error:
can't find neighbor 10.0.0.1 |
BGP Network Commands
The following table describes the commands used in setting BGP networks:
BGP Network Commands
| Command |
Description |
|
no network NETWORK |
This command adds the announcement network.
router bgp 1 network 10.0.0.0/8
This configuration example says that network 10.0.0.0/8 is announced to all neighbors. Some vendor routers do not advertise routes if they are not present in its IGP routing tables; bgpd doesn't care about IGP routes when announcing its routes. |
aggregate-address NETWORK
no aggregate-address NETWORK
|
This command specifies an aggregate address.
|
BGP Redistribute Commands
The following table describes the commands used in redistributing routes to BGP:
BGP Redistribute Commands
| Command |
Description |
| redistribute kernel |
Redistribute kernel route to BGP process. |
| redistribute static |
Redistribute static route to BGP process. |
|
|
Redistribute connected route to BGP process. |
|
|
Redistribute RIP route to BGP process. |
|
|
Redistribute OSPF route to BGP process. |
Peer Configuration Commands
The following table describes the commands used to configure BGP peers:
Peer Configuration Commands
| Command |
Description |
no neighbor PEER shutdown
|
Shutdown PEER. Users can delete a neighbor's configuration with no neighbor PEER remote-as AS-NUMBER, but all configurations of the neighbor are deleted. Use this syntax to preserve the configuration and drop the BGP peer. |
neighbor PEER ebgp-multihop
no neighbor PEER ebgp-multihop
|
Specifies PEER for ebgp multihopping.
|
neighbor PEER version VERSION
no neighbor PEER version VERSION
|
Set up the neighbor's BGP version. VERSION can be: 4 4+ 4- BGP version 4 is the default value used for BGP peering. BGP version 4+ means that the neighbor supports Multiprotocol Extensions for BGP-4. BGP version 4- is similar, but uses the old Internet-Draft revision 00's Multiprotocol Extensions for BGP-4. Some routing software is still using this version. |
neighbor PEER next-hop-self
no neighbor PEER next-hop-self
|
This command specifies an announced route's next-hop as equivalent to the address of the BGP process. |
neighbor PEER update-source
no neighbor PEER update-source
|
Sets BGP sessions to allow use of any functioning interface for TCP connections. |
neighbor PEER default-originate
no neighbor PEER default-originate
|
bgpd defaults to not announce the default route (0.0.0.0/0), even if it is in routing table. Use this command to announce default routes. |
no neighbor PEER port PORT
|
Sets a specific port for PEER. |
neighbor PEER send-community
no neighbor PEER send-community
|
Sends PEER attribute to BGP community. |
neighbor PEER weight WEIGHT
no neighbor PEER weight WEIGHT
|
This command specifies a default WEIGHT value for the neighbor's routes. |
neighbor PEER maximum-prefix NUMBER
no neighbor PEER maximum-prefix NUMBER
|
Sets the maximum number of prefixes that can be sent to a neighbor. |
neighbor PEER interface IFNAME
no neighbor PEER interface IFNAME
|
When connecting to a BGP peer over an IPv6 link-local address, users must specify the IFNAME of the interface used for the connection. |
Peer Filtering Commands
The following table describes the commands used to filter BGP Peers:
Peer Filtering Commands
| Command |
Description |
neighbor PEER distribute-list NAME DIRECT
|
This command specifies a distribute-list for the peer. DIRECT is in or out. |
neighbor PEER prefix-list NAME DIRECT
|
Distribute PEER attribute to BGP systems according to prefix-list. DIRECT is in or out. |
neighbor PEER filter-list NAME DIRECT
|
Distributes PEER attribute according to filter-list. DIRECT is in or out. |
neighbor PEER route-map NAME DIRECT
|
Apply a route-map on the neighbor. DIRECT must be in or out. |
BGP Terminal Mode Commands
The following table describes the BGP terminal commands:
BGP Terminal Mode Commands
| Command |
Description |
|
|
Lists all bgpd routes |
show ip bgp regexp AS-REGEX
|
Display routes matching AS path regular expression |
|
|
Display status of all BGP connections |
show ip bgp neighbor PEER
|
Show status of BGP neighbor |
|
|
Clear peers with addresses of X.X.X.X |
clear ip bgb PEER soft in
|
Clear peer using soft reconfiguration |
|
|
Display debugging information |
|
|
Enable or disable BGP event debugging |
|
|
Enable or disable BGP updates debugging |
|
|
Enable or disable BGP keepalives debugging |
BGP Log Format
bgpd outputs logging information to a terminal or a specified file. It includes routing updates and peer status change information. It also includes date, time, packet type, the peer IP address, and other routing information. The following is an example of the BGP log format:
1999/03/29 17:42:18 Update:[202.216.226.1]
130.58.0.0/16 med: 0 lpref: 0 nexthop: 202.216.226.1
aspath: 4691 3561 5119 3576 3782 i
Route Reflector Commands
The following table shows the commands used in reflecting routes:
Route Reflector Commands
| Commands |
| bgp cluster-id A.B.C.D |
neighbor PEER route-reflector-client
no neighbor PEER route-reflector-client
|
Route Server
Many ISPs are connected to each other by external BGP peers. Normally, these external BGP connections are created by full mesh methods. This method, however, has a scaling problem.
Route Server is a method used to resolve this problem. Each ISP's BGP router is a peer to a Route Server. The Route Server sends BGP information to other BGP routers. By applying this method, the number of BGP connections is reduced from O(n*(n-1)/2) to O(n).
Unlike a normal BGP router, a Route Server must have several routing tables for managing the different routing policies of each BGP router. The routing tables are called a BGP view. bgpd can work as normal BGP router, a Route Server, or both at the same time.
Multiple BGP Instance Commands
To enable multiple view function of bgpd, the multiple instance feature must be enabled before running the command.
Multiple BGP Instance Commands
| Command |
Description |
|
|
Enable BGP multiple instance feature. After this feature is enabled, users can make multiple BGP instances or multiple BGP views. |
|
|
Disable BGP multiple instance feature. This feature cannot be disabled when multiple BGP instances or views exist. |
BGP Instance and View Commands
BGP instance is a normal BGP process. The result of the route selection is sent to the kernel routing table. Users can setup different AS at the same time when the BGP multiple instance feature is enabled.
BGP Instance and View Commands
| Command |
Description |
|
|
Make a new BGP instance. bgp multiple-instance ! router bgp 1 neighbor 10.0.0.1 remote-as 2 neighbor 10.0.0.2 remote-as 3 ! router bgp 2 neighbor 10.0.0.3 remote-as 4 neighbor 10.0.0.4 remote-as 5
The BGP view is similar to a normal BGP process without the route selection appended to the kernel routing table. The BGP view is only for exchanging BGP routing information. |
router bgp AS-NUMBER view NAME
|
Make a new BGP view. Any arbitrary word can be used for NAME. The route selection for this view is not sent to the kernel routing table. With this command, users can setup a Route Server:
bgp multiple-instance ! router bgp 1 view 1 neighbor 10.0.0.1 remote-as 2 neighbor 10.0.0.2 remote-as 3 ! router bgp 2 view 2 neighbor 10.0.0.3 remote-as 4 neighbor 10.0.0.4 remote-as 5 |
Routing Policy
Users can set different routing policies for a peer. For example, these peers use different filters:
neighbor 10.0.0.1 remote-as 2
neighbor 10.0.0.1 distribute-list 1 in
neighbor 10.0.0.1 remote-as 2
neighbor 10.0.0.1 distribute-list 2 in
In this example, the BGP update from peer 10.0.0.1 is sent to both BGP view 1 and view 2. When the update is inserted into view 1, distribute-list 1 is applied. However, if the the update is inserted into view 2 distribute-list 2 is applied.
BGP Display Command
To display the routing table of the BGP view, the view name must be specified.
BGP Display Command
| Command |
Description |
| show ip bgp view NAME |
Display routing table of BGP view NAME |
Dump BGP Packet and Table Commands
The table below describes commands used in BGP packet and table dumping:
Dump BGP Packet and Table Commands
| Command |
Description |
dump bgp all PATH INTERVAL
|
Dump all BGP packet and events to PATH file. |
dump bgp updates PATH INTERVAL
|
Dump BGP updates to PATH file. |
|
|
Dump whole BGP routing table to PATH. This is a heavy process. |
Multiple BGP Protocol Extension Commands
BGP includes a Multiprotocol Extension which extends the BGP protocol to support IPv6 and Multicast routing. If BGP is used to exchange IPv6 routing information, it is called BGP-4+. When BGP is used to exchange multicast routing information, it is called MBGP.
bgpd supports Multiprotocol Extension for BGP. If a remote peer supports the protocol, bgpd can exchange multicast and IPv6 routing information.
Traditional BGP does not have a feature to detect the capability of the remote peer, which can make Multiprotocol Extension difficult to implement. draft-ietf-idr-bgp4-cap-neg-04.txt proposes a feature called capability negotiation. bgpd uses this capability negotiation to detect the remote peers capability. If the peer is configured as an IPv4 unicast neighbor, bgpd does not send the capability negotiation packet.
By default, zebra brings up peering with minimal common capabilities of both sides. For example, local routers have unicast and multicast capabilities, and remote routers have only unicast capabilities. In this case, the local router establishes the connection with unicast-only capability. If there is no common capability, zebra sends an unsupported capability error. and resets the connection. If capability must match a remote peer, use the strict-capability-match command.
Multiple BGP Protocol Expansion Commands
| Command |
Description |
neighbor PEER strict-capability -match
no neighbor PEER strict-capability-match
|
Strictly compare remote capability and local capability. If capability is different, send an unsupported capability error and reset the connection.
Users may want to disable sending capability negotiation OPEN message optional parameter to the peer when remote peer does not implement capability negotiation. Use the dont-capability-negotiate command to disable this feature. |
neighbor PEER dont-capability-negotiate
no neighbor PEER dont-capability-negotiate
|
Suppresses sending capability negotiation as OPEN message optional parameter to the peer. This command only affects the peer if it is configured for IPv4 unicast configuration.
If the remote peer does not have the capability negotiation feature, the remote peer does not send capability. In this case, BGP configures the peer with configured capability.
Users may prefer a locally configured capability more than negotiated capability, even if a remote peer sends capability. If the peer is configured by override-capability, bgpd ignores the received capability. It then overrides negotiate capability with the configured value. |
neighbor PEER dont-capability-negotiate
no neighbor PEER dont-capability-negotiate
|
Override the result of capability negotiate with local configuration. Ignore remote peer's capability value. |
vtysh
vtysh is an integrated command shell of the Zebra software. For information on specific vtysh commands, please see "VTY Key Index".
