summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--usr.sbin/bgpctl/bgpctl.8104
-rw-r--r--usr.sbin/bgpd/bgpd.conf.5222
2 files changed, 167 insertions, 159 deletions
diff --git a/usr.sbin/bgpctl/bgpctl.8 b/usr.sbin/bgpctl/bgpctl.8
index 96bac64311f..8663011b6c7 100644
--- a/usr.sbin/bgpctl/bgpctl.8
+++ b/usr.sbin/bgpctl/bgpctl.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: bgpctl.8,v 1.18 2004/05/21 16:01:57 claudio Exp $
+.\" $OpenBSD: bgpctl.8,v 1.19 2004/05/23 23:05:30 jmc Exp $
.\"
.\" Copyright (c) 2003 Henning Brauer <henning@openbsd.org>
.\"
@@ -29,11 +29,54 @@ The
program controls the
.Xr bgpd 8
daemon.
+Commands to switch between displays may be abbreviated to the
+minimum unambiguous prefix; for example,
+.Dq s s
+for
+.Dq show summary .
+.Pp
The commands are as follows:
.Bl -tag -width xxxxxx
-.It Li show summary
-Show a list of all neighbors, including information about the session state
-and message counters.
+.It Li fib couple
+Insert the learned routes into the Forward Information Base aka the kernel
+routing table.
+.It Li fib decouple
+Remove the learned routes from the Forward Information Base aka the kernel
+routing table.
+.It Li neighbor Ar address up
+Take the bgp session to the specified neighbor up.
+.It Li neighbor Ar address down
+Take the bgp session to the specified neighbor down.
+.It Li network add Ar prefix
+Add the specified prefix to the list of announced networks.
+.It Li network delete Ar prefix
+Remove the specified prefix from the list of announced networks.
+.It Li network flush
+Remove all dynamically added prefixes from the list of announced networks.
+.It Li network flush
+Show all announced networks.
+.It Li reload
+Reload the configuration file.
+.It Li show fib Ar filter
+Show routes from bgpd's view of the Forward Information Base.
+.Ar filter
+can be an IP address, in which case the route to this address is shown,
+or a flag:
+.Pp
+.Bl -tag -width connected -compact
+.It Li connected
+Show only connected routes.
+.It Li static
+Show only static routes.
+.It Li bgp
+Show only routes originating from
+.Xr bgpd 8
+itself.
+.It Li nexthop
+Show only routes required to reach a BGP nexthop.
+.El
+.It Li show interface
+Show the interface states.
.It Li show neighbor Ar address Ar modifier
Show detailed information about the neighbor identified by
.Ar address ,
@@ -46,6 +89,8 @@ Show statistics about sent and received BGP messages.
.It Li timers
Show the BGP timers.
.El
+.It Li show nexthop
+Show the list of BGP Nexthops and the result of their validity check.
.It Li show rib Ar filter
Show routes from the bgpd Routing Information Base.
.Ar filter
@@ -65,55 +110,10 @@ Show all entries with <as> as rightmost AS.
.It Li transit-as <as>
Show all entries with <as> anywhere but rightmost.
.El
-.It Li show fib Ar filter
-Show routes from bgpd's view of the Forward Information Base.
-.Ar filter
-can be an IP address, in which case the route to this address is shown,
-or a flag:
-.Pp
-.Bl -tag -width connected -compact
-.It Li connected
-Show only connected routes.
-.It Li static
-Show only static routes.
-.It Li bgp
-Show only routes originating from
-.Xr bgpd 8
-itself.
-.It Li nexthop
-Show only routes required to reach a BGP nexthop.
-.El
-.It Li show nexthop
-Show the list of BGP Nexthops and the result of their validity check.
-.It Li show interface
-Show the interface states.
-.It Li reload
-Reload the configuration file.
-.It Li fib couple
-Insert the learned routes into the Forward Information Base aka the kernel
-routing table.
-.It Li fib decouple
-Remove the learned routes from the Forward Information Base aka the kernel
-routing table.
-.It Li neighbor Ar address up
-Take the bgp session to the specified neighbor up.
-.It Li neighbor Ar address down
-Take the bgp session to the specified neighbor down.
-.It Li network add Ar prefix
-Add the specified prefix to the list of announced networks.
-.It Li network delete Ar prefix
-Remove the specified prefix from the list of announced networks.
-.It Li network flush
-Remove all dynamicaly added prefixes form the list of announced networks.
-.It Li network flush
-Show all announced networks.
+.It Li show summary
+Show a list of all neighbors, including information about the session state
+and message counters.
.El
-.Pp
-Commands to switch between displays may be abbreviated to the
-minimum unambiguous prefix; for example,
-.Dq s s
-for
-.Dq show summary .
.Sh FILES
.Bl -tag -width "/etc/bgpd.conf" -compact
.It Pa /etc/bgpd.conf
diff --git a/usr.sbin/bgpd/bgpd.conf.5 b/usr.sbin/bgpd/bgpd.conf.5
index ea43798b163..f5503cf918c 100644
--- a/usr.sbin/bgpd/bgpd.conf.5
+++ b/usr.sbin/bgpd/bgpd.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: bgpd.conf.5,v 1.26 2004/05/21 15:36:40 claudio Exp $
+.\" $OpenBSD: bgpd.conf.5,v 1.27 2004/05/23 23:05:31 jmc Exp $
.\"
.\" Copyright (c) 2004 Claudio Jeker <claudio@openbsd.org>
.\" Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -82,6 +82,7 @@ daemon globally.
.It Ar AS
Set the local Autonomous System number.
The AS numbers are assigned by local RIRs, such as
+.Pp
.Bl -tag -width xxxxx -compact
.It Ar RIPE
for Europe,
@@ -335,52 +336,6 @@ Inherited from the global configuration if not given.
.It Ar holdtime min
Set the minimal acceptable holdtime.
Inherited from the global configuration if not given.
-.It Ar local-address
-When
-.Ar bgpd
-initiates the TCP connection to the neighbor system, it normally does not
-bind to a specific IP address.
-If a local-address is given it binds
-to this address before.
-.It Ar max-prefix
-Limit amount of prefixes received.
-No such limit is imposed by default.
-.It Ar multihop
-Neighbors not in the same AS as the local
-.Ar bgpd
-normally have to be directly connected to the local machine.
-If this is not the case, the
-.Ar multihop
-statement defines the maximum hops the neighbor may be away.
-.It Ar passive
-Do not attempt to actively open a TCP connection to the neighbor system.
-.It Ar remote-as
-Set the AS number of the remote system.
-.It Ar route-reflector
-Act as a RFC 2796 route-reflector for this neighbor.
-An optional cluster id can be specified else the own bgp id will be used.
-.It Ar set
-Set the
-.Em AS path attributes
-to some default per
-.Ar neighbor
-or
-.Ar group
-statement:
-.Bd -literal -offset indent
-set localpref 300
-.Ed
-.Pp
-See also the
-.Sx ATTRIBUTE SET
-section.
-.It Ar tcp md5sig
-Enable TCP MD5 signatures per RFC 2385.
-The shared secret can either be given as a password or hexadecimal key.
-.Bd -literal -offset indent
-tcp md5sig password mekmidasdigoat
-tcp md5sig key deadbeef
-.Ed
.It Ar ipsec (ah|esp) (in|out) spi <number> <authspec> [<encspec>]
Enable IPsec with static keying.
There have to be at least two "ipsec" statements per peer with manual
@@ -420,14 +375,15 @@ is responsible for the session keys.
With
.Xr isakmpd 8 ,
it is sufficient to copy the peer's public key, found in
-.Pa /etc/isakmpd/private/local.pub
-to the local machine. It has to be stored in a file
+.Pa /etc/isakmpd/private/local.pub ,
+to the local machine.
+It has to be stored in a file
named after the peer's IP address and has to be stored in
.Pa /etc/isakmpd/pubkeys/ipv4/ .
The local public key has to be copied to the peer in the same way.
A simple
.Pa /etc/isakmpd/isakmpd.policy
-file is needed as well, it can be as simple as
+file is needed as well; it can be as simple as
.Bd -literal -offset indent
Authorizer: "POLICY"
Comment: This bare-bones assertion accepts everything
@@ -438,6 +394,52 @@ After starting the
and
.Ar bgpd
daemons on both sides the session should be established.
+.It Ar local-address
+When
+.Ar bgpd
+initiates the TCP connection to the neighbor system, it normally does not
+bind to a specific IP address.
+If a local-address is given it binds
+to this address before.
+.It Ar max-prefix
+Limit amount of prefixes received.
+No such limit is imposed by default.
+.It Ar multihop
+Neighbors not in the same AS as the local
+.Ar bgpd
+normally have to be directly connected to the local machine.
+If this is not the case, the
+.Ar multihop
+statement defines the maximum hops the neighbor may be away.
+.It Ar passive
+Do not attempt to actively open a TCP connection to the neighbor system.
+.It Ar remote-as
+Set the AS number of the remote system.
+.It Ar route-reflector
+Act as an RFC 2796 route-reflector for this neighbor.
+An optional cluster id can be specified; otherwise the bgp id will be used.
+.It Ar set
+Set the
+.Em AS path attributes
+to some default per
+.Ar neighbor
+or
+.Ar group
+statement:
+.Bd -literal -offset indent
+set localpref 300
+.Ed
+.Pp
+See also the
+.Sx ATTRIBUTE SET
+section.
+.It Ar tcp md5sig
+Enable TCP MD5 signatures per RFC 2385.
+The shared secret can either be given as a password or hexadecimal key.
+.Bd -literal -offset indent
+tcp md5sig password mekmidasdigoat
+tcp md5sig key deadbeef
+.Ed
.El
.Sh FILTER
.Ar bgpd
@@ -466,14 +468,14 @@ rule decides what action is taken.
.Pp
The following actions can be used in the filter:
.Bl -tag -width xxxxxxxx
-.It Ar deny
-The
-.Em UPDATE
-is blocked.
.It Ar allow
The
.Em UPDATE
is passed.
+.It Ar deny
+The
+.Em UPDATE
+is blocked.
.It Ar match
Apply the filter attribute set without influencing the filter decision.
.El
@@ -487,18 +489,8 @@ always comes from, or goes to, one neighbor.
Most parameters are optional.
If a parameter is specified, the rule only applies to packets with
matching attributes.
-.Bl -tag -width xxxxxxxx
-.It Ar quick
-If an
-.Em UPDATE
-matches a rule which has the
-.Ar quick
-option set, this rule is considered the last matching rule, and evaluation
-of subsequent rules is skipped.
-.It Ar from No or Ar to
-This rule applies to incoming or outgoing
-.Em UPDATES .
-Either one or the other must be specified.
+.Pp
+.Bl -tag -width xxxxxxxx -compact
.It Ar any
.It Ar <address>
.It Ar group <descr>
@@ -509,10 +501,50 @@ Neighbors can be matched against their address, the group description,
or the token
.Ar any
can be used to match any neighbor.
+.Pp
+.It Ar <astype> <asnum>
+This rule applies only to
+.Em UPDATES
+where the
+.Em AS path
+matches.
+The
+.Ar <asnum>
+is matched against a part of the
+.Em AS path
+specified by the
+.Ar <astype> .
+.Ar <astype>
+is one of the following operators:
+.Bd -literal -offset indent
+AS (any part)
+source-AS (rightmost AS number)
+transit-AS (all but the rightmost AS number)
+.Ed
+.Pp
+.It Ar community <as>:<num>
+This rule applies only to
+.Em UPDATES
+where the community path attribute is present and matches.
+Both
+.Ar <as>
+and
+.Ar <num>
+may be set to
+.Sq *
+to do an
+.Dq anymatch .
+.Pp
+.It Ar from No or Ar to
+This rule applies to incoming or outgoing
+.Em UPDATES .
+Either one or the other must be specified.
+.Pp
.It Ar prefix <address>/<len>
This rule applies only to
.Em UPDATES
for the specified prefix.
+.Pp
.It Ar prefixlen <desc>
This rule applies only to
.Em UPDATES
@@ -553,38 +585,14 @@ than 16:
prefix 10.0.0.0/8 prefixlen > 16
.Ed
.Pp
-.It Ar <astype> <asnum>
-This rule applies only to
-.Em UPDATES
-where the
-.Em AS path
-matches.
-The
-.Ar <asnum>
-is matched against a part of the
-.Em AS path
-specified by the
-.Ar <astype> .
-.Ar <astype>
-is one of the following operators:
-.Bd -literal -offset indent
-AS (any part)
-source-AS (rightmost AS number)
-transit-AS (all but the rightmost AS number)
-.Ed
+.It Ar quick
+If an
+.Em UPDATE
+matches a rule which has the
+.Ar quick
+option set, this rule is considered the last matching rule, and evaluation
+of subsequent rules is skipped.
.Pp
-.It Ar community <as>:<num>
-This rule applies only to
-.Em UPDATES
-where the community path attribute is present and matches.
-Both
-.Ar <as>
-and
-.Ar <num>
-may be set to
-.Sq *
-to do an
-.Dq anymatch .
.It Ar set
All matching rules can set the
.Em AS path attributes
@@ -610,34 +618,34 @@ Attribute sets can be expressed as list.
.Pp
The following attributes can be modified:
.Bl -tag -width xxxxxxxx
-.It Ar localpref
-Set the
-.Em LOCAL_PREF
-.Em AS path attribute .
.It Ar community
Set the
.Em COMMUNITIES
-.Em AS path attribute .
-Communities are specified as
+AS path attribute.
+Communities are specified as
.Ar asnum:local ,
where
.Ar asnum
is an AS number and
.Ar local
is a locally-significant number between zero and 0xffff.
-Alternately, well-known communities may be specified by name:
+Alternately, well-known communities may be specified by name:
.Em NO_EXPORT ,
.Em NO_ADVERTISE ,
-or
+or
.Em NO_EXPORT_SUBCONFED .
+.It Ar localpref
+Set the
+.Em LOCAL_PREF
+AS path attribute.
.It Ar med
Set the
.Em MULTI_EXIT_DISC
-.Em AS path attribute .
+AS path attribute.
.It Ar nexthop
Set the
.Em NEXTHOP
-.Em AS path attribute
+AS path attribute
to a different nexthop address.
.It Ar pftable
Adds the prefix in the update to the specified
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-29 05:25:55 +0000