TOC PREV NEXT INDEX

GNU Zebra User's Guide


Additional Features

Zebra Filtering

Zebra provides several flexible filtering features. Filtering is used for both input and output of the routing information. Once filtering is defined, it can be applied in any direction.

ip access-list Commands

ip access-list Commands
Command
Description
access-list NAME permit IPV4-NETWORK
access-list NAME deny IPV4-NETWORK
Basic filtering is created with an access-list as shown in the following example.
access-list filter deny 10.0.0.0/9
access-list filter permit 10.0.0.0/8
The following table describes commands used in configuring IP access lists:

ip prefix-list Commands

ip prefix-list provides a powerful prefix-based filtering mechanism. Adding to access-list functionality, ip prefix-list has a prefix length range specification and sequential number specification. Users can add or delete a prefix-based filter to an arbitrary point of prefix-list using sequential numbers.

If no ip prefix-list is specified, it acts as a permit. Once the ip prefix-list is defined, then no match is performed and the default deny is applied.

ip prefix-list Commands
Command
Description
ip prefix-list NAME (permit|deny) PREFIX [le LEN] [ge LEN]

ip prefix-list NAME seq NUMBER (permit|deny) [le LEN] [ge LEN]
ip prefix-list are created with these commands.

ip prefix-list Command Descriptions
seq
seq NUMBER can be set either automatically or manually. In the case that sequential numbers are set manually, the user may pick any number less than 4294967295. In the case that sequential numbers are set automatically, the sequential numbers increase by a factor of five (5) per list. If a list with no specified sequential number is created after a list with a specified sequential number, the list automatically picks the next multiple of five (5) as the list number. For example, if a list with number 2 already exists and a new list with no specified number is created, the next list will be numbered 5. If lists 2 and 7 already exist and a new list with no specified number is created, the new list will be numbered 10.
le
The le option specifies a "lesser than" prefix length. Used in conjunction with ge, le is used to determine a range of values. The prefix list is applied if the prefix length is less than or equal to the le prefix length.
ge
The ge command specifies a "greater than" prefix length. Used in conjunction with le, ge is used to determine a range of values. The prefix list is applied if the prefix length is greater than or equal to the ge prefix length.

Lesser than or equal to prefix numbers and greater than or equal to prefix numbers can be used together. The order of the le and ge commands does not matter.

If a prefix list is created with a different sequential number, but with the exact same rules as a previous list, an error results. However, no error results if sequential number and the rules are exactly the same.

If a list with the same sequential number as a previous list is created, the new list overwrites the old.

Matching of ip prefix is performed from the smaller sequential number to the larger. The matching stops once any rule is applied.

In the case of no le or ge command, the prefix length must exactly match the length specified in the prefix-list.

no ip prefix-list Command
Command
no ip prefix-list NAME

ip prefix-list Description Commands

The following table describes the commands used in setting ip prefix-list descriptions:

ip prefix-list Description Commands
Command
Description
ip prefix-list NAME description DESC
This command adds a description to the prefix list.
no ip prefix-list NAME description DESC
Deletes the description from a prefix list. It is possible to use the command without a description.

ip prefix-list Sequential Number Control Commands

The following table describes commands used in setting ip prefix-list sequential number control:

ip prefix-list Sequential Number Control Commands
Command
Description
ip prefix-list sequence-number
With this command, the ip prefix list sequential number is displayed. This is the default behavior.
no ip prefix-list sequence-number
With this command, the ip prefix list sequential number is not displayed.

ip prefix-list Display Commands

The following table describes commands used to display the ip prefix-lists:

ip prefix-list Display Commands
Command
Description
show ip prefix-list
Display all ip prefix-lists.
show ip prefix-list NAME
Show ip prefix-list, can be used with a prefix list name.

show ip prefix-list NAME seq NUM
Show ip prefix-list, can be used with a prefix list name and sequential number.
show ip prefix-list NAME A.B.C.D/M
If the command longer is used, all prefix lists with prefix lengths equal to or longer than the specified length are displayed. If the command first match is used, the first prefix length match is displayed.
show ip prefix-list NAME A.B.C.D/M longer
Display all ip prefix-list entries more specific than NAME.
show ip prefix-list NAME A.B.C.D/M fisrt-match
Display first ip prefix-list entry matching NAME.
show ip prefix-list summary
Display summary of ip prefix-list.
show ip prefix-list summary NAME
Display summary of ip prefix-list NAME.
show ip prefix-list detail
Display detailed ip prefix-list.
show ip prefix-list detail NAME
Display detailed ip prefix-list entry for NAME.

clear ip prefix-list Counter Commands

The following table describes commands used in clearing ip prefix-list counters:

clear ip prefix-list Counter Commands
Command
Description
clear ip prefix-list
Clears the counters of all ip prefix-list. clear ip prefix-list can be used with a specified name and prefix.
clear ip prefix-list NAME
Clears the counter of the NAME prefix-list
clear ip prefix-list NAME A.B.C.D/M
Clears the counter of the NAME in a specific prefix-list and IP address

ip community-list Command

The following table describes the command used in setting ip community list:

ip community list Command
Command
ip community-list NAME TYPE COMMUNITY

as-path access-list Command

The following table shows the command used in setting as-path access-list:

as-path access-list Command
Command
ip as-path access-list NAME TYPE AS_PATH

route-map

route-map is a useful function in Zebra. There is a match and set statement used to define route-map.

route-map test permit 10
match ip address 10
set local-preference 200

In this example, the route match ip access-list number is defined as 10 and the local-preference value is set to 200.

route-map Command

The following table shows the command used in setting route-map commands:

route-map Command
Command
route-map ROUTE-MAP-NAME permit PRIORITY

route-map match Command

route-map match Command
Command
Description
match ip address ACCESS_LIST
Match the specified ACCESS_LIST
match ip next-hop IPV4_ADDR
Match the specified IPV4_ADDR
match aspath AS_PATH
Match the specified AS_PATH
match metric METRIC
Match the specified METRIC
match community COMMUNITY_LIST
Match the specified COMMUNITY_LIST
The following table describes commands used in matching route maps:

route-map set Command

route-map set Command  
Command
Description
set ip next-hop IPV4_ADDRESS
Set the BGP next-hop address
set local-preference LOCAL_PREF
Set the BGP local-preference.
set weight WEIGHT
Set the route's WEIGHT
set metric METRIC
Set the BGP attribute METRIC
set aspath prepend AS_PATH
Set the BGP AS_PATH to prepend
set community COMMUNITY
Set the BGP COMMUNITY attribute
set ipv6 next-hop global IPV6_ADDRESS
Set the BGP-4+ global IPv6 nexthop address.
set ipv6 next-hop local IPV6_ADDRESS
Set the BGP-4+ link local IPv6 nexthop address.
The following table describes commands used in setting route-map:

Kernel Interface

There are two different methods for reading kernel routing table information:

Several methods are available for obtaining kernel information:

The ioctl method is a traditional way for reading or writing kernel information. ioctl can be used to look up interfaces and for modify interface addresses, flags, mtu settings and other types of information. Also, ioctl can insert and delete kernel routing table entries.

sysctl can lookup kernel information using MIB (Management Information Base) syntax. Normally, it only provides a way of getting information from the kernel. So, it is preferred to change kernel information using another method, such as ioctl.

proc filesystem provides an easy way of obtaining kernel information.

LynxOS uses this method by default.

SNMP Support

SNMP (Simple Network Managing Protocol) is a widely implemented feature for collecting network information from routers and hosts. Zebra itself does not support SNMP functionality. However, in conjunction with an SNMP agent, Zebra provides routing protocol for MIBs.

Zebra uses the SMUX protocol (RFC1227) to communicate with the SNMP agent. There are several SNMP agents which support SMUX. It is recommended to use the latest net-SNMP software. Zebra is tested with ucd-snmp-4.1.pre1.tar.gz.

After installing net-snmp, smuxpeer must be configured. Refer to the following sample configuration file:


/usr/local/share/snmp/snmpd.conf
================================
smuxpeer 1.3.6.1.6.3.1 test

SMUX Commands

The following describes commands used to configure smux.

SMUX commands
Command
Description
smux peer OID
no smux peer OID
Sets SMUX peer OID (Object ID)
smux peer OID PASSWORD

no smux peer OID PASSWORD
!
smux peer .1.3.6.1.6.3.1 test
!


LynuxWorks, Inc.
855 Branham Lane East
San Jose, CA 95138
http://www.lynuxworks.com
1.800.255.5969
TOC PREV NEXT INDEX